./move.sh

author: Luke Shumaker <lukeshu@sbcglobal.net> 2016-07-23 21:55:51 -0400
committer: Luke Shumaker <lukeshu@sbcglobal.net> 2016-07-23 21:55:51 -0400
commit: 481edcbe2f0b4706ae46d3f17596d81827390b72 (patch)
tree: bae4bde0de67fc9091d9ca3cc937a748829dbac6 /src
parent: 0d1eb3d488d3df70d192a2cf595967e54138d0dc (diff)
1586 files changed, 169906 insertions, 157982 deletions
diff --git a/src/Makefile b/src/Makefile
index 9d07505194..b84e6076a0 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -1,6 +1,12 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
 #  This file is part of systemd.
 #
-#  Copyright 2010 Lennart Poettering
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
 #
 #  systemd is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU Lesser General Public License as published by
@@ -14,15 +20,8 @@
 #
 #  You should have received a copy of the GNU Lesser General Public License
 #  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
 
-# This file is a dirty trick to simplify compilation from within
-# emacs. This file is not intended to be distributed. So, don't touch
-# it, even better ignore it!
-
-all:
-	$(MAKE) -C ..
-
-clean:
-	$(MAKE) -C .. clean
 
-.PHONY: all clean
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/ac-power/Makefile b/src/ac-power/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/ac-power/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/activate/Makefile b/src/activate/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/activate/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/activate/activate.c b/src/activate/activate.c
deleted file mode 100644
index a0cfc22000..0000000000
--- a/src/activate/activate.c
+++ /dev/null
@@ -1,545 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-#include <sys/epoll.h>
-#include <sys/prctl.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "log.h"
-#include "macro.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "string-util.h"
-#include "strv.h"
-
-static char** arg_listen = NULL;
-static bool arg_accept = false;
-static int arg_socket_type = SOCK_STREAM;
-static char** arg_args = NULL;
-static char** arg_setenv = NULL;
-static char **arg_fdnames = NULL;
-static bool arg_inetd = false;
-
-static int add_epoll(int epoll_fd, int fd) {
-        struct epoll_event ev = {
-                .events = EPOLLIN
-        };
-        int r;
-
-        assert(epoll_fd >= 0);
-        assert(fd >= 0);
-
-        ev.data.fd = fd;
-        r = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &ev);
-        if (r < 0)
-                return log_error_errno(errno, "Failed to add event on epoll fd:%d for fd:%d: %m", epoll_fd, fd);
-
-        return 0;
-}
-
-static int open_sockets(int *epoll_fd, bool accept) {
-        char **address;
-        int n, fd, r;
-        int count = 0;
-
-        n = sd_listen_fds(true);
-        if (n < 0)
-                return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
-        if (n > 0) {
-                log_info("Received %i descriptors via the environment.", n);
-
-                for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
-                        r = fd_cloexec(fd, arg_accept);
-                        if (r < 0)
-                                return r;
-
-                        count++;
-                }
-        }
-
-        /* Close logging and all other descriptors */
-        if (arg_listen) {
-                int except[3 + n];
-
-                for (fd = 0; fd < SD_LISTEN_FDS_START + n; fd++)
-                        except[fd] = fd;
-
-                log_close();
-                close_all_fds(except, 3 + n);
-        }
-
-        /** Note: we leak some fd's on error here. I doesn't matter
-         *  much, since the program will exit immediately anyway, but
-         *  would be a pain to fix.
-         */
-
-        STRV_FOREACH(address, arg_listen) {
-                fd = make_socket_fd(LOG_DEBUG, *address, arg_socket_type, (arg_accept*SOCK_CLOEXEC));
-                if (fd < 0) {
-                        log_open();
-                        return log_error_errno(fd, "Failed to open '%s': %m", *address);
-                }
-
-                assert(fd == SD_LISTEN_FDS_START + count);
-                count++;
-        }
-
-        if (arg_listen)
-                log_open();
-
-        *epoll_fd = epoll_create1(EPOLL_CLOEXEC);
-        if (*epoll_fd < 0)
-                return log_error_errno(errno, "Failed to create epoll object: %m");
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + count; fd++) {
-                _cleanup_free_ char *name = NULL;
-
-                getsockname_pretty(fd, &name);
-                log_info("Listening on %s as %i.", strna(name), fd);
-
-                r = add_epoll(*epoll_fd, fd);
-                if (r < 0)
-                        return r;
-        }
-
-        return count;
-}
-
-static int exec_process(const char* name, char **argv, char **env, int start_fd, int n_fds) {
-
-        _cleanup_strv_free_ char **envp = NULL;
-        _cleanup_free_ char *joined = NULL;
-        unsigned n_env = 0, length;
-        const char *tocopy;
-        char **s;
-        int r;
-
-        if (arg_inetd && n_fds != 1) {
-                log_error("--inetd only supported for single file descriptors.");
-                return -EINVAL;
-        }
-
-        length = strv_length(arg_setenv);
-
-        /* PATH, TERM, HOME, USER, LISTEN_FDS, LISTEN_PID, LISTEN_FDNAMES, NULL */
-        envp = new0(char *, length + 8);
-        if (!envp)
-                return log_oom();
-
-        STRV_FOREACH(s, arg_setenv) {
-
-                if (strchr(*s, '=')) {
-                        char *k;
-
-                        k = strdup(*s);
-                        if (!k)
-                                return log_oom();
-
-                        envp[n_env++] = k;
-                } else {
-                        _cleanup_free_ char *p;
-                        const char *n;
-
-                        p = strappend(*s, "=");
-                        if (!p)
-                                return log_oom();
-
-                        n = strv_find_prefix(env, p);
-                        if (!n)
-                                continue;
-
-                        envp[n_env] = strdup(n);
-                        if (!envp[n_env])
-                                return log_oom();
-
-                        n_env++;
-                }
-        }
-
-        FOREACH_STRING(tocopy, "TERM=", "PATH=", "USER=", "HOME=") {
-                const char *n;
-
-                n = strv_find_prefix(env, tocopy);
-                if (!n)
-                        continue;
-
-                envp[n_env] = strdup(n);
-                if (!envp[n_env])
-                        return log_oom();
-
-                n_env++;
-        }
-
-        if (arg_inetd) {
-                assert(n_fds == 1);
-
-                r = dup2(start_fd, STDIN_FILENO);
-                if (r < 0)
-                        return log_error_errno(errno, "Failed to dup connection to stdin: %m");
-
-                r = dup2(start_fd, STDOUT_FILENO);
-                if (r < 0)
-                        return log_error_errno(errno, "Failed to dup connection to stdout: %m");
-
-                start_fd = safe_close(start_fd);
-        } else {
-                if (start_fd != SD_LISTEN_FDS_START) {
-                        assert(n_fds == 1);
-
-                        r = dup2(start_fd, SD_LISTEN_FDS_START);
-                        if (r < 0)
-                                return log_error_errno(errno, "Failed to dup connection: %m");
-
-                        safe_close(start_fd);
-                        start_fd = SD_LISTEN_FDS_START;
-                }
-
-                if (asprintf((char**)(envp + n_env++), "LISTEN_FDS=%i", n_fds) < 0)
-                        return log_oom();
-
-                if (asprintf((char**)(envp + n_env++), "LISTEN_PID=" PID_FMT, getpid()) < 0)
-                        return log_oom();
-
-                if (arg_fdnames) {
-                        _cleanup_free_ char *names = NULL;
-                        size_t len;
-                        char *e;
-                        int i;
-
-                        len = strv_length(arg_fdnames);
-                        if (len == 1)
-                                for (i = 1; i < n_fds; i++) {
-                                        r = strv_extend(&arg_fdnames, arg_fdnames[0]);
-                                        if (r < 0)
-                                                return log_error_errno(r, "Failed to extend strv: %m");
-                                }
-                        else if (len != (unsigned) n_fds)
-                                log_warning("The number of fd names is different than number of fds: %zu vs %d",
-                                            len, n_fds);
-
-                        names = strv_join(arg_fdnames, ":");
-                        if (!names)
-                                return log_oom();
-
-                        e = strappend("LISTEN_FDNAMES=", names);
-                        if (!e)
-                                return log_oom();
-
-                        envp[n_env++] = e;
-                }
-        }
-
-        joined = strv_join(argv, " ");
-        if (!joined)
-                return log_oom();
-
-        log_info("Execing %s (%s)", name, joined);
-        execvpe(name, argv, envp);
-
-        return log_error_errno(errno, "Failed to execp %s (%s): %m", name, joined);
-}
-
-static int fork_and_exec_process(const char* child, char** argv, char **env, int fd) {
-        _cleanup_free_ char *joined = NULL;
-        pid_t parent_pid, child_pid;
-
-        joined = strv_join(argv, " ");
-        if (!joined)
-                return log_oom();
-
-        parent_pid = getpid();
-
-        child_pid = fork();
-        if (child_pid < 0)
-                return log_error_errno(errno, "Failed to fork: %m");
-
-        /* In the child */
-        if (child_pid == 0) {
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-
-                /* Make sure the child goes away when the parent dies */
-                if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
-                        _exit(EXIT_FAILURE);
-
-                /* Check whether our parent died before we were able
-                 * to set the death signal */
-                if (getppid() != parent_pid)
-                        _exit(EXIT_SUCCESS);
-
-                exec_process(child, argv, env, fd, 1);
-                _exit(EXIT_FAILURE);
-        }
-
-        log_info("Spawned %s (%s) as PID %d", child, joined, child_pid);
-        return 0;
-}
-
-static int do_accept(const char* name, char **argv, char **envp, int fd) {
-        _cleanup_free_ char *local = NULL, *peer = NULL;
-        _cleanup_close_ int fd_accepted = -1;
-
-        fd_accepted = accept4(fd, NULL, NULL, 0);
-        if (fd_accepted < 0)
-                return log_error_errno(errno, "Failed to accept connection on fd:%d: %m", fd);
-
-        getsockname_pretty(fd_accepted, &local);
-        getpeername_pretty(fd_accepted, true, &peer);
-        log_info("Connection from %s to %s", strna(peer), strna(local));
-
-        return fork_and_exec_process(name, argv, envp, fd_accepted);
-}
-
-/* SIGCHLD handler. */
-static void sigchld_hdl(int sig) {
-        PROTECT_ERRNO;
-
-        for (;;) {
-                siginfo_t si;
-                int r;
-
-                si.si_pid = 0;
-                r = waitid(P_ALL, 0, &si, WEXITED|WNOHANG);
-                if (r < 0) {
-                        if (errno != ECHILD)
-                                log_error_errno(errno, "Failed to reap children: %m");
-                        return;
-                }
-                if (si.si_pid == 0)
-                        return;
-
-                log_info("Child %d died with code %d", si.si_pid, si.si_status);
-        }
-}
-
-static int install_chld_handler(void) {
-        static const struct sigaction act = {
-                .sa_flags = SA_NOCLDSTOP,
-                .sa_handler = sigchld_hdl,
-        };
-
-        int r;
-
-        r = sigaction(SIGCHLD, &act, 0);
-        if (r < 0)
-                return log_error_errno(errno, "Failed to install SIGCHLD handler: %m");
-
-        return 0;
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...]\n\n"
-               "Listen on sockets and launch child on connection.\n\n"
-               "Options:\n"
-               "  -h --help                  Show this help and exit\n"
-               "     --version               Print version string and exit\n"
-               "  -l --listen=ADDR           Listen for raw connections at ADDR\n"
-               "  -d --datagram              Listen on datagram instead of stream socket\n"
-               "     --seqpacket             Listen on SOCK_SEQPACKET instead of stream socket\n"
-               "  -a --accept                Spawn separate child for each connection\n"
-               "  -E --setenv=NAME[=VALUE]   Pass an environment variable to children\n"
-               "     --fdname=NAME[:NAME...] Specify names for file descriptors\n"
-               "     --inetd                 Enable inetd file descriptor passing protocol\n"
-               "\n"
-               "Note: file descriptors from sd_listen_fds() will be passed through.\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_FDNAME,
-                ARG_SEQPACKET,
-                ARG_INETD,
-        };
-
-        static const struct option options[] = {
-                { "help",        no_argument,       NULL, 'h'           },
-                { "version",     no_argument,       NULL, ARG_VERSION   },
-                { "datagram",    no_argument,       NULL, 'd'           },
-                { "seqpacket",   no_argument,       NULL, ARG_SEQPACKET },
-                { "listen",      required_argument, NULL, 'l'           },
-                { "accept",      no_argument,       NULL, 'a'           },
-                { "setenv",      required_argument, NULL, 'E'           },
-                { "environment", required_argument, NULL, 'E'           }, /* legacy alias */
-                { "fdname",      required_argument, NULL, ARG_FDNAME    },
-                { "inetd",       no_argument,       NULL, ARG_INETD     },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "+hl:aE:d", options, NULL)) >= 0)
-                switch(c) {
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'l':
-                        r = strv_extend(&arg_listen, optarg);
-                        if (r < 0)
-                                return log_oom();
-
-                        break;
-
-                case 'd':
-                        if (arg_socket_type == SOCK_SEQPACKET) {
-                                log_error("--datagram may not be combined with --seqpacket.");
-                                return -EINVAL;
-                        }
-
-                        arg_socket_type = SOCK_DGRAM;
-                        break;
-
-                case ARG_SEQPACKET:
-                        if (arg_socket_type == SOCK_DGRAM) {
-                                log_error("--seqpacket may not be combined with --datagram.");
-                                return -EINVAL;
-                        }
-
-                        arg_socket_type = SOCK_SEQPACKET;
-                        break;
-
-                case 'a':
-                        arg_accept = true;
-                        break;
-
-                case 'E':
-                        r = strv_extend(&arg_setenv, optarg);
-                        if (r < 0)
-                                return log_oom();
-
-                        break;
-
-                case ARG_FDNAME: {
-                        _cleanup_strv_free_ char **names;
-                        char **s;
-
-                        names = strv_split(optarg, ":");
-                        if (!names)
-                                return log_oom();
-
-                        STRV_FOREACH(s, names)
-                                if (!fdname_is_valid(*s)) {
-                                        _cleanup_free_ char *esc;
-
-                                        esc = cescape(*s);
-                                        log_warning("File descriptor name \"%s\" is not valid.", esc);
-                                }
-
-                        /* Empty optargs means one empty name */
-                        r = strv_extend_strv(&arg_fdnames,
-                                             strv_isempty(names) ? STRV_MAKE("") : names,
-                                             false);
-                        if (r < 0)
-                                return log_error_errno(r, "strv_extend_strv: %m");
-                        break;
-                }
-
-                case ARG_INETD:
-                        arg_inetd = true;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (optind == argc) {
-                log_error("%s: command to execute is missing.",
-                          program_invocation_short_name);
-                return -EINVAL;
-        }
-
-        if (arg_socket_type == SOCK_DGRAM && arg_accept) {
-                log_error("Datagram sockets do not accept connections. "
-                          "The --datagram and --accept options may not be combined.");
-                return -EINVAL;
-        }
-
-        arg_args = argv + optind;
-
-        return 1 /* work to do */;
-}
-
-int main(int argc, char **argv, char **envp) {
-        int r, n;
-        int epoll_fd = -1;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
-
-        r = install_chld_handler();
-        if (r < 0)
-                return EXIT_FAILURE;
-
-        n = open_sockets(&epoll_fd, arg_accept);
-        if (n < 0)
-                return EXIT_FAILURE;
-        if (n == 0) {
-                log_error("No sockets to listen on specified or passed in.");
-                return EXIT_FAILURE;
-        }
-
-        for (;;) {
-                struct epoll_event event;
-
-                r = epoll_wait(epoll_fd, &event, 1, -1);
-                if (r < 0) {
-                        if (errno == EINTR)
-                                continue;
-
-                        log_error_errno(errno, "epoll_wait() failed: %m");
-                        return EXIT_FAILURE;
-                }
-
-                log_info("Communication attempt on fd %i.", event.data.fd);
-                if (arg_accept) {
-                        r = do_accept(argv[optind], argv + optind, envp, event.data.fd);
-                        if (r < 0)
-                                return EXIT_FAILURE;
-                } else
-                        break;
-        }
-
-        exec_process(argv[optind], argv + optind, envp, SD_LISTEN_FDS_START, n);
-
-        return EXIT_SUCCESS;
-}
diff --git a/src/analyze/Makefile b/src/analyze/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/analyze/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
deleted file mode 100644
index 53c97f957f..0000000000
--- a/src/analyze/analyze.c
+++ /dev/null
@@ -1,1485 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010-2013 Lennart Poettering
-  Copyright 2013 Simon Peeters
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-#include <locale.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "analyze-verify.h"
-#include "bus-error.h"
-#include "bus-unit-util.h"
-#include "bus-util.h"
-#include "glob-util.h"
-#include "hashmap.h"
-#include "locale-util.h"
-#include "log.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "special.h"
-#include "strv.h"
-#include "strxcpyx.h"
-#include "terminal-util.h"
-#include "unit-name.h"
-#include "util.h"
-
-#define SCALE_X (0.1 / 1000.0)   /* pixels per us */
-#define SCALE_Y (20.0)
-
-#define compare(a, b) (((a) > (b))? 1 : (((b) > (a))? -1 : 0))
-
-#define svg(...) printf(__VA_ARGS__)
-
-#define svg_bar(class, x1, x2, y)                                       \
-        svg("  <rect class=\"%s\" x=\"%.03f\" y=\"%.03f\" width=\"%.03f\" height=\"%.03f\" />\n", \
-            (class),                                                    \
-            SCALE_X * (x1), SCALE_Y * (y),                              \
-            SCALE_X * ((x2) - (x1)), SCALE_Y - 1.0)
-
-#define svg_text(b, x, y, format, ...)                                  \
-        do {                                                            \
-                svg("  <text class=\"%s\" x=\"%.03f\" y=\"%.03f\">", (b) ? "left" : "right", SCALE_X * (x) + (b ? 5.0 : -5.0), SCALE_Y * (y) + 14.0); \
-                svg(format, ## __VA_ARGS__);                            \
-                svg("</text>\n");                                       \
-        } while (false)
-
-static enum dot {
-        DEP_ALL,
-        DEP_ORDER,
-        DEP_REQUIRE
-} arg_dot = DEP_ALL;
-static char** arg_dot_from_patterns = NULL;
-static char** arg_dot_to_patterns = NULL;
-static usec_t arg_fuzz = 0;
-static bool arg_no_pager = false;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static char *arg_host = NULL;
-static bool arg_user = false;
-static bool arg_man = true;
-
-struct boot_times {
-        usec_t firmware_time;
-        usec_t loader_time;
-        usec_t kernel_time;
-        usec_t kernel_done_time;
-        usec_t initrd_time;
-        usec_t userspace_time;
-        usec_t finish_time;
-        usec_t security_start_time;
-        usec_t security_finish_time;
-        usec_t generators_start_time;
-        usec_t generators_finish_time;
-        usec_t unitsload_start_time;
-        usec_t unitsload_finish_time;
-
-        /*
-         * If we're analyzing the user instance, all timestamps will be offset
-         * by its own start-up timestamp, which may be arbitrarily big.
-         * With "plot", this causes arbitrarily wide output SVG files which almost
-         * completely consist of empty space. Thus we cancel out this offset.
-         *
-         * This offset is subtracted from times above by acquire_boot_times(),
-         * but it still needs to be subtracted from unit-specific timestamps
-         * (so it is stored here for reference).
-         */
-        usec_t reverse_offset;
-};
-
-struct unit_times {
-        char *name;
-        usec_t activating;
-        usec_t activated;
-        usec_t deactivated;
-        usec_t deactivating;
-        usec_t time;
-};
-
-struct host_info {
-        char *hostname;
-        char *kernel_name;
-        char *kernel_release;
-        char *kernel_version;
-        char *os_pretty_name;
-        char *virtualization;
-        char *architecture;
-};
-
-static int bus_get_uint64_property(sd_bus *bus, const char *path, const char *interface, const char *property, uint64_t *val) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(property);
-        assert(val);
-
-        r = sd_bus_get_property_trivial(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        interface,
-                        property,
-                        &error,
-                        't', val);
-
-        if (r < 0) {
-                log_error("Failed to parse reply: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int bus_get_unit_property_strv(sd_bus *bus, const char *path, const char *property, char ***strv) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(property);
-        assert(strv);
-
-        r = sd_bus_get_property_strv(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        property,
-                        &error,
-                        strv);
-        if (r < 0) {
-                log_error("Failed to get unit property %s: %s", property, bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int compare_unit_time(const void *a, const void *b) {
-        return compare(((struct unit_times *)b)->time,
-                       ((struct unit_times *)a)->time);
-}
-
-static int compare_unit_start(const void *a, const void *b) {
-        return compare(((struct unit_times *)a)->activating,
-                       ((struct unit_times *)b)->activating);
-}
-
-static void free_unit_times(struct unit_times *t, unsigned n) {
-        struct unit_times *p;
-
-        for (p = t; p < t + n; p++)
-                free(p->name);
-
-        free(t);
-}
-
-static void subtract_timestamp(usec_t *a, usec_t b) {
-        assert(a);
-
-        if (*a > 0) {
-                assert(*a >= b);
-                *a -= b;
-        }
-}
-
-static int acquire_boot_times(sd_bus *bus, struct boot_times **bt) {
-        static struct boot_times times;
-        static bool cached = false;
-
-        if (cached)
-                goto finish;
-
-        assert_cc(sizeof(usec_t) == sizeof(uint64_t));
-
-        if (bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "FirmwareTimestampMonotonic",
-                                    &times.firmware_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "LoaderTimestampMonotonic",
-                                    &times.loader_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "KernelTimestamp",
-                                    &times.kernel_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "InitRDTimestampMonotonic",
-                                    &times.initrd_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "UserspaceTimestampMonotonic",
-                                    &times.userspace_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "FinishTimestampMonotonic",
-                                    &times.finish_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "SecurityStartTimestampMonotonic",
-                                    &times.security_start_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "SecurityFinishTimestampMonotonic",
-                                    &times.security_finish_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "GeneratorsStartTimestampMonotonic",
-                                    &times.generators_start_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "GeneratorsFinishTimestampMonotonic",
-                                    &times.generators_finish_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "UnitsLoadStartTimestampMonotonic",
-                                    &times.unitsload_start_time) < 0 ||
-            bus_get_uint64_property(bus,
-                                    "/org/freedesktop/systemd1",
-                                    "org.freedesktop.systemd1.Manager",
-                                    "UnitsLoadFinishTimestampMonotonic",
-                                    &times.unitsload_finish_time) < 0)
-                return -EIO;
-
-        if (times.finish_time <= 0) {
-                log_error("Bootup is not yet finished. Please try again later.");
-                return -EINPROGRESS;
-        }
-
-        if (arg_user) {
-                /*
-                 * User-instance-specific timestamps processing
-                 * (see comment to reverse_offset in struct boot_times).
-                 */
-                times.reverse_offset = times.userspace_time;
-
-                times.firmware_time = times.loader_time = times.kernel_time = times.initrd_time = times.userspace_time = 0;
-                subtract_timestamp(&times.finish_time, times.reverse_offset);
-
-                subtract_timestamp(&times.security_start_time, times.reverse_offset);
-                subtract_timestamp(&times.security_finish_time, times.reverse_offset);
-
-                subtract_timestamp(&times.generators_start_time, times.reverse_offset);
-                subtract_timestamp(&times.generators_finish_time, times.reverse_offset);
-
-                subtract_timestamp(&times.unitsload_start_time, times.reverse_offset);
-                subtract_timestamp(&times.unitsload_finish_time, times.reverse_offset);
-        } else {
-                if (times.initrd_time)
-                        times.kernel_done_time = times.initrd_time;
-                else
-                        times.kernel_done_time = times.userspace_time;
-        }
-
-        cached = true;
-
-finish:
-        *bt = &times;
-        return 0;
-}
-
-static void free_host_info(struct host_info *hi) {
-
-        if (!hi)
-                return;
-
-        free(hi->hostname);
-        free(hi->kernel_name);
-        free(hi->kernel_release);
-        free(hi->kernel_version);
-        free(hi->os_pretty_name);
-        free(hi->virtualization);
-        free(hi->architecture);
-        free(hi);
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(struct host_info*, free_host_info);
-
-static int acquire_time_data(sd_bus *bus, struct unit_times **out) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r, c = 0;
-        struct boot_times *boot_times = NULL;
-        struct unit_times *unit_times = NULL;
-        size_t size = 0;
-        UnitInfo u;
-
-        r = acquire_boot_times(bus, &boot_times);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "ListUnits",
-                        &error, &reply,
-                        NULL);
-        if (r < 0) {
-                log_error("Failed to list units: %s", bus_error_message(&error, -r));
-                goto fail;
-        }
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
-        if (r < 0) {
-                bus_log_parse_error(r);
-                goto fail;
-        }
-
-        while ((r = bus_parse_unit_info(reply, &u)) > 0) {
-                struct unit_times *t;
-
-                if (!GREEDY_REALLOC(unit_times, size, c+1)) {
-                        r = log_oom();
-                        goto fail;
-                }
-
-                t = unit_times+c;
-                t->name = NULL;
-
-                assert_cc(sizeof(usec_t) == sizeof(uint64_t));
-
-                if (bus_get_uint64_property(bus, u.unit_path,
-                                            "org.freedesktop.systemd1.Unit",
-                                            "InactiveExitTimestampMonotonic",
-                                            &t->activating) < 0 ||
-                    bus_get_uint64_property(bus, u.unit_path,
-                                            "org.freedesktop.systemd1.Unit",
-                                            "ActiveEnterTimestampMonotonic",
-                                            &t->activated) < 0 ||
-                    bus_get_uint64_property(bus, u.unit_path,
-                                            "org.freedesktop.systemd1.Unit",
-                                            "ActiveExitTimestampMonotonic",
-                                            &t->deactivating) < 0 ||
-                    bus_get_uint64_property(bus, u.unit_path,
-                                            "org.freedesktop.systemd1.Unit",
-                                            "InactiveEnterTimestampMonotonic",
-                                            &t->deactivated) < 0) {
-                        r = -EIO;
-                        goto fail;
-                }
-
-                subtract_timestamp(&t->activating, boot_times->reverse_offset);
-                subtract_timestamp(&t->activated, boot_times->reverse_offset);
-                subtract_timestamp(&t->deactivating, boot_times->reverse_offset);
-                subtract_timestamp(&t->deactivated, boot_times->reverse_offset);
-
-                if (t->activated >= t->activating)
-                        t->time = t->activated - t->activating;
-                else if (t->deactivated >= t->activating)
-                        t->time = t->deactivated - t->activating;
-                else
-                        t->time = 0;
-
-                if (t->activating == 0)
-                        continue;
-
-                t->name = strdup(u.id);
-                if (t->name == NULL) {
-                        r = log_oom();
-                        goto fail;
-                }
-                c++;
-        }
-        if (r < 0) {
-                bus_log_parse_error(r);
-                goto fail;
-        }
-
-        *out = unit_times;
-        return c;
-
-fail:
-        if (unit_times)
-                free_unit_times(unit_times, (unsigned) c);
-        return r;
-}
-
-static int acquire_host_info(sd_bus *bus, struct host_info **hi) {
-        static const struct bus_properties_map hostname_map[] = {
-                { "Hostname",                  "s", NULL, offsetof(struct host_info, hostname)       },
-                { "KernelName",                "s", NULL, offsetof(struct host_info, kernel_name)    },
-                { "KernelRelease",             "s", NULL, offsetof(struct host_info, kernel_release) },
-                { "KernelVersion",             "s", NULL, offsetof(struct host_info, kernel_version) },
-                { "OperatingSystemPrettyName", "s", NULL, offsetof(struct host_info, os_pretty_name) },
-                {}
-        };
-
-        static const struct bus_properties_map manager_map[] = {
-                { "Virtualization",            "s", NULL, offsetof(struct host_info, virtualization) },
-                { "Architecture",              "s", NULL, offsetof(struct host_info, architecture)   },
-                {}
-        };
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(free_host_infop) struct host_info *host;
-        int r;
-
-        host = new0(struct host_info, 1);
-        if (!host)
-                return log_oom();
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.hostname1",
-                                   "/org/freedesktop/hostname1",
-                                   hostname_map,
-                                   host);
-        if (r < 0)
-                log_debug_errno(r, "Failed to get host information from systemd-hostnamed: %s", bus_error_message(&error, r));
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.systemd1",
-                                   "/org/freedesktop/systemd1",
-                                   manager_map,
-                                   host);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get host information from systemd: %s", bus_error_message(&error, r));
-
-        *hi = host;
-        host = NULL;
-
-        return 0;
-}
-
-static int pretty_boot_time(sd_bus *bus, char **_buf) {
-        char ts[FORMAT_TIMESPAN_MAX];
-        struct boot_times *t;
-        static char buf[4096];
-        size_t size;
-        char *ptr;
-        int r;
-
-        r = acquire_boot_times(bus, &t);
-        if (r < 0)
-                return r;
-
-        ptr = buf;
-        size = sizeof(buf);
-
-        size = strpcpyf(&ptr, size, "Startup finished in ");
-        if (t->firmware_time)
-                size = strpcpyf(&ptr, size, "%s (firmware) + ", format_timespan(ts, sizeof(ts), t->firmware_time - t->loader_time, USEC_PER_MSEC));
-        if (t->loader_time)
-                size = strpcpyf(&ptr, size, "%s (loader) + ", format_timespan(ts, sizeof(ts), t->loader_time, USEC_PER_MSEC));
-        if (t->kernel_time)
-                size = strpcpyf(&ptr, size, "%s (kernel) + ", format_timespan(ts, sizeof(ts), t->kernel_done_time, USEC_PER_MSEC));
-        if (t->initrd_time > 0)
-                size = strpcpyf(&ptr, size, "%s (initrd) + ", format_timespan(ts, sizeof(ts), t->userspace_time - t->initrd_time, USEC_PER_MSEC));
-
-        size = strpcpyf(&ptr, size, "%s (userspace) ", format_timespan(ts, sizeof(ts), t->finish_time - t->userspace_time, USEC_PER_MSEC));
-        strpcpyf(&ptr, size, "= %s", format_timespan(ts, sizeof(ts), t->firmware_time + t->finish_time, USEC_PER_MSEC));
-
-        ptr = strdup(buf);
-        if (!ptr)
-                return log_oom();
-
-        *_buf = ptr;
-        return 0;
-}
-
-static void svg_graph_box(double height, double begin, double end) {
-        long long i;
-
-        /* outside box, fill */
-        svg("<rect class=\"box\" x=\"0\" y=\"0\" width=\"%.03f\" height=\"%.03f\" />\n",
-            SCALE_X * (end - begin), SCALE_Y * height);
-
-        for (i = ((long long) (begin / 100000)) * 100000; i <= end; i+=100000) {
-                /* lines for each second */
-                if (i % 5000000 == 0)
-                        svg("  <line class=\"sec5\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n"
-                            "  <text class=\"sec\" x=\"%.03f\" y=\"%.03f\" >%.01fs</text>\n",
-                            SCALE_X * i, SCALE_X * i, SCALE_Y * height, SCALE_X * i, -5.0, 0.000001 * i);
-                else if (i % 1000000 == 0)
-                        svg("  <line class=\"sec1\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n"
-                            "  <text class=\"sec\" x=\"%.03f\" y=\"%.03f\" >%.01fs</text>\n",
-                            SCALE_X * i, SCALE_X * i, SCALE_Y * height, SCALE_X * i, -5.0, 0.000001 * i);
-                else
-                        svg("  <line class=\"sec01\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n",
-                            SCALE_X * i, SCALE_X * i, SCALE_Y * height);
-        }
-}
-
-static int analyze_plot(sd_bus *bus) {
-        _cleanup_(free_host_infop) struct host_info *host = NULL;
-        struct unit_times *times;
-        struct boot_times *boot;
-        int n, m = 1, y=0;
-        double width;
-        _cleanup_free_ char *pretty_times = NULL;
-        struct unit_times *u;
-
-        n = acquire_boot_times(bus, &boot);
-        if (n < 0)
-                return n;
-
-        n = pretty_boot_time(bus, &pretty_times);
-        if (n < 0)
-                return n;
-
-        n = acquire_host_info(bus, &host);
-        if (n < 0)
-                return n;
-
-        n = acquire_time_data(bus, &times);
-        if (n <= 0)
-                return n;
-
-        qsort(times, n, sizeof(struct unit_times), compare_unit_start);
-
-        width = SCALE_X * (boot->firmware_time + boot->finish_time);
-        if (width < 800.0)
-                width = 800.0;
-
-        if (boot->firmware_time > boot->loader_time)
-                m++;
-        if (boot->loader_time) {
-                m++;
-                if (width < 1000.0)
-                        width = 1000.0;
-        }
-        if (boot->initrd_time)
-                m++;
-        if (boot->kernel_time)
-                m++;
-
-        for (u = times; u < times + n; u++) {
-                double text_start, text_width;
-
-                if (u->activating < boot->userspace_time ||
-                    u->activating > boot->finish_time) {
-                        u->name = mfree(u->name);
-                        continue;
-                }
-
-                /* If the text cannot fit on the left side then
-                 * increase the svg width so it fits on the right.
-                 * TODO: calculate the text width more accurately */
-                text_width = 8.0 * strlen(u->name);
-                text_start = (boot->firmware_time + u->activating) * SCALE_X;
-                if (text_width > text_start && text_width + text_start > width)
-                        width = text_width + text_start;
-
-                if (u->deactivated > u->activating && u->deactivated <= boot->finish_time
-                                && u->activated == 0 && u->deactivating == 0)
-                        u->activated = u->deactivating = u->deactivated;
-                if (u->activated < u->activating || u->activated > boot->finish_time)
-                        u->activated = boot->finish_time;
-                if (u->deactivating < u->activated || u->activated > boot->finish_time)
-                        u->deactivating = boot->finish_time;
-                if (u->deactivated < u->deactivating || u->deactivated > boot->finish_time)
-                        u->deactivated = boot->finish_time;
-                m++;
-        }
-
-        svg("<?xml version=\"1.0\" standalone=\"no\"?>\n"
-            "<!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" "
-            "\"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n");
-
-        svg("<svg width=\"%.0fpx\" height=\"%.0fpx\" version=\"1.1\" "
-            "xmlns=\"http://www.w3.org/2000/svg\">\n\n",
-                        80.0 + width, 150.0 + (m * SCALE_Y) +
-                        5 * SCALE_Y /* legend */);
-
-        /* write some basic info as a comment, including some help */
-        svg("<!-- This file is a systemd-analyze SVG file. It is best rendered in a   -->\n"
-            "<!-- browser such as Chrome, Chromium or Firefox. Other applications     -->\n"
-            "<!-- that render these files properly but much slower are ImageMagick,   -->\n"
-            "<!-- gimp, inkscape, etc. To display the files on your system, just      -->\n"
-            "<!-- point your browser to this file.                                    -->\n\n"
-            "<!-- This plot was generated by systemd-analyze version %-16.16s -->\n\n", VERSION);
-
-        /* style sheet */
-        svg("<defs>\n  <style type=\"text/css\">\n    <![CDATA[\n"
-            "      rect       { stroke-width: 1; stroke-opacity: 0; }\n"
-            "      rect.background   { fill: rgb(255,255,255); }\n"
-            "      rect.activating   { fill: rgb(255,0,0); fill-opacity: 0.7; }\n"
-            "      rect.active       { fill: rgb(200,150,150); fill-opacity: 0.7; }\n"
-            "      rect.deactivating { fill: rgb(150,100,100); fill-opacity: 0.7; }\n"
-            "      rect.kernel       { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
-            "      rect.initrd       { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
-            "      rect.firmware     { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
-            "      rect.loader       { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
-            "      rect.userspace    { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
-            "      rect.security     { fill: rgb(144,238,144); fill-opacity: 0.7; }\n"
-            "      rect.generators   { fill: rgb(102,204,255); fill-opacity: 0.7; }\n"
-            "      rect.unitsload    { fill: rgb( 82,184,255); fill-opacity: 0.7; }\n"
-            "      rect.box   { fill: rgb(240,240,240); stroke: rgb(192,192,192); }\n"
-            "      line       { stroke: rgb(64,64,64); stroke-width: 1; }\n"
-            "//    line.sec1  { }\n"
-            "      line.sec5  { stroke-width: 2; }\n"
-            "      line.sec01 { stroke: rgb(224,224,224); stroke-width: 1; }\n"
-            "      text       { font-family: Verdana, Helvetica; font-size: 14px; }\n"
-            "      text.left  { font-family: Verdana, Helvetica; font-size: 14px; text-anchor: start; }\n"
-            "      text.right { font-family: Verdana, Helvetica; font-size: 14px; text-anchor: end; }\n"
-            "      text.sec   { font-size: 10px; }\n"
-            "    ]]>\n   </style>\n</defs>\n\n");
-
-        svg("<rect class=\"background\" width=\"100%%\" height=\"100%%\" />\n");
-        svg("<text x=\"20\" y=\"50\">%s</text>", pretty_times);
-        svg("<text x=\"20\" y=\"30\">%s %s (%s %s %s) %s %s</text>",
-            isempty(host->os_pretty_name) ? "GNU/Linux" : host->os_pretty_name,
-            strempty(host->hostname),
-            strempty(host->kernel_name),
-            strempty(host->kernel_release),
-            strempty(host->kernel_version),
-            strempty(host->architecture),
-            strempty(host->virtualization));
-
-        svg("<g transform=\"translate(%.3f,100)\">\n", 20.0 + (SCALE_X * boot->firmware_time));
-        svg_graph_box(m, -(double) boot->firmware_time, boot->finish_time);
-
-        if (boot->firmware_time) {
-                svg_bar("firmware", -(double) boot->firmware_time, -(double) boot->loader_time, y);
-                svg_text(true, -(double) boot->firmware_time, y, "firmware");
-                y++;
-        }
-        if (boot->loader_time) {
-                svg_bar("loader", -(double) boot->loader_time, 0, y);
-                svg_text(true, -(double) boot->loader_time, y, "loader");
-                y++;
-        }
-        if (boot->kernel_time) {
-                svg_bar("kernel", 0, boot->kernel_done_time, y);
-                svg_text(true, 0, y, "kernel");
-                y++;
-        }
-        if (boot->initrd_time) {
-                svg_bar("initrd", boot->initrd_time, boot->userspace_time, y);
-                svg_text(true, boot->initrd_time, y, "initrd");
-                y++;
-        }
-        svg_bar("active", boot->userspace_time, boot->finish_time, y);
-        svg_bar("security", boot->security_start_time, boot->security_finish_time, y);
-        svg_bar("generators", boot->generators_start_time, boot->generators_finish_time, y);
-        svg_bar("unitsload", boot->unitsload_start_time, boot->unitsload_finish_time, y);
-        svg_text(true, boot->userspace_time, y, "systemd");
-        y++;
-
-        for (u = times; u < times + n; u++) {
-                char ts[FORMAT_TIMESPAN_MAX];
-                bool b;
-
-                if (!u->name)
-                        continue;
-
-                svg_bar("activating",   u->activating, u->activated, y);
-                svg_bar("active",       u->activated, u->deactivating, y);
-                svg_bar("deactivating", u->deactivating, u->deactivated, y);
-
-                /* place the text on the left if we have passed the half of the svg width */
-                b = u->activating * SCALE_X < width / 2;
-                if (u->time)
-                        svg_text(b, u->activating, y, "%s (%s)",
-                                 u->name, format_timespan(ts, sizeof(ts), u->time, USEC_PER_MSEC));
-                else
-                        svg_text(b, u->activating, y, "%s", u->name);
-                y++;
-        }
-
-        svg("</g>\n");
-
-        /* Legend */
-        svg("<g transform=\"translate(20,100)\">\n");
-        y++;
-        svg_bar("activating", 0, 300000, y);
-        svg_text(true, 400000, y, "Activating");
-        y++;
-        svg_bar("active", 0, 300000, y);
-        svg_text(true, 400000, y, "Active");
-        y++;
-        svg_bar("deactivating", 0, 300000, y);
-        svg_text(true, 400000, y, "Deactivating");
-        y++;
-        svg_bar("security", 0, 300000, y);
-        svg_text(true, 400000, y, "Setting up security module");
-        y++;
-        svg_bar("generators", 0, 300000, y);
-        svg_text(true, 400000, y, "Generators");
-        y++;
-        svg_bar("unitsload", 0, 300000, y);
-        svg_text(true, 400000, y, "Loading unit files");
-        y++;
-
-        svg("</g>\n\n");
-
-        svg("</svg>\n");
-
-        free_unit_times(times, (unsigned) n);
-
-        n = 0;
-        return n;
-}
-
-static int list_dependencies_print(const char *name, unsigned int level, unsigned int branches,
-                                   bool last, struct unit_times *times, struct boot_times *boot) {
-        unsigned int i;
-        char ts[FORMAT_TIMESPAN_MAX], ts2[FORMAT_TIMESPAN_MAX];
-
-        for (i = level; i != 0; i--)
-                printf("%s", special_glyph(branches & (1 << (i-1)) ? TREE_VERTICAL : TREE_SPACE));
-
-        printf("%s", special_glyph(last ? TREE_RIGHT : TREE_BRANCH));
-
-        if (times) {
-                if (times->time)
-                        printf("%s%s @%s +%s%s", ANSI_HIGHLIGHT_RED, name,
-                               format_timespan(ts, sizeof(ts), times->activating - boot->userspace_time, USEC_PER_MSEC),
-                               format_timespan(ts2, sizeof(ts2), times->time, USEC_PER_MSEC), ANSI_NORMAL);
-                else if (times->activated > boot->userspace_time)
-                        printf("%s @%s", name, format_timespan(ts, sizeof(ts), times->activated - boot->userspace_time, USEC_PER_MSEC));
-                else
-                        printf("%s", name);
-        } else
-                printf("%s", name);
-        printf("\n");
-
-        return 0;
-}
-
-static int list_dependencies_get_dependencies(sd_bus *bus, const char *name, char ***deps) {
-        _cleanup_free_ char *path = NULL;
-
-        assert(bus);
-        assert(name);
-        assert(deps);
-
-        path = unit_dbus_path_from_name(name);
-        if (path == NULL)
-                return -ENOMEM;
-
-        return bus_get_unit_property_strv(bus, path, "After", deps);
-}
-
-static Hashmap *unit_times_hashmap;
-
-static int list_dependencies_compare(const void *_a, const void *_b) {
-        const char **a = (const char**) _a, **b = (const char**) _b;
-        usec_t usa = 0, usb = 0;
-        struct unit_times *times;
-
-        times = hashmap_get(unit_times_hashmap, *a);
-        if (times)
-                usa = times->activated;
-        times = hashmap_get(unit_times_hashmap, *b);
-        if (times)
-                usb = times->activated;
-
-        return usb - usa;
-}
-
-static int list_dependencies_one(sd_bus *bus, const char *name, unsigned int level, char ***units,
-                                 unsigned int branches) {
-        _cleanup_strv_free_ char **deps = NULL;
-        char **c;
-        int r = 0;
-        usec_t service_longest = 0;
-        int to_print = 0;
-        struct unit_times *times;
-        struct boot_times *boot;
-
-        if (strv_extend(units, name))
-                return log_oom();
-
-        r = list_dependencies_get_dependencies(bus, name, &deps);
-        if (r < 0)
-                return r;
-
-        qsort_safe(deps, strv_length(deps), sizeof (char*), list_dependencies_compare);
-
-        r = acquire_boot_times(bus, &boot);
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH(c, deps) {
-                times = hashmap_get(unit_times_hashmap, *c);
-                if (times
-                    && times->activated
-                    && times->activated <= boot->finish_time
-                    && (times->activated >= service_longest
-                        || service_longest == 0)) {
-                        service_longest = times->activated;
-                        break;
-                }
-        }
-
-        if (service_longest == 0 )
-                return r;
-
-        STRV_FOREACH(c, deps) {
-                times = hashmap_get(unit_times_hashmap, *c);
-                if (times && times->activated && times->activated <= boot->finish_time && (service_longest - times->activated) <= arg_fuzz)
-                        to_print++;
-        }
-
-        if (!to_print)
-                return r;
-
-        STRV_FOREACH(c, deps) {
-                times = hashmap_get(unit_times_hashmap, *c);
-                if (!times
-                    || !times->activated
-                    || times->activated > boot->finish_time
-                    || service_longest - times->activated > arg_fuzz)
-                        continue;
-
-                to_print--;
-
-                r = list_dependencies_print(*c, level, branches, to_print == 0, times, boot);
-                if (r < 0)
-                        return r;
-
-                if (strv_contains(*units, *c)) {
-                        r = list_dependencies_print("...", level + 1, (branches << 1) | (to_print ? 1 : 0),
-                                                    true, NULL, boot);
-                        if (r < 0)
-                                return r;
-                        continue;
-                }
-
-                r = list_dependencies_one(bus, *c, level + 1, units,
-                                          (branches << 1) | (to_print ? 1 : 0));
-                if (r < 0)
-                        return r;
-
-                if (!to_print)
-                        break;
-        }
-        return 0;
-}
-
-static int list_dependencies(sd_bus *bus, const char *name) {
-        _cleanup_strv_free_ char **units = NULL;
-        char ts[FORMAT_TIMESPAN_MAX];
-        struct unit_times *times;
-        int r;
-        const char *id;
-        _cleanup_free_ char *path = NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        struct boot_times *boot;
-
-        assert(bus);
-
-        path = unit_dbus_path_from_name(name);
-        if (path == NULL)
-                return -ENOMEM;
-
-        r = sd_bus_get_property(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        "Id",
-                        &error,
-                        &reply,
-                        "s");
-        if (r < 0) {
-                log_error("Failed to get ID: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "s", &id);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        times = hashmap_get(unit_times_hashmap, id);
-
-        r = acquire_boot_times(bus, &boot);
-        if (r < 0)
-                return r;
-
-        if (times) {
-                if (times->time)
-                        printf("%s%s +%s%s\n", ANSI_HIGHLIGHT_RED, id,
-                               format_timespan(ts, sizeof(ts), times->time, USEC_PER_MSEC), ANSI_NORMAL);
-                else if (times->activated > boot->userspace_time)
-                        printf("%s @%s\n", id, format_timespan(ts, sizeof(ts), times->activated - boot->userspace_time, USEC_PER_MSEC));
-                else
-                        printf("%s\n", id);
-        }
-
-        return list_dependencies_one(bus, name, 0, &units, 0);
-}
-
-static int analyze_critical_chain(sd_bus *bus, char *names[]) {
-        struct unit_times *times;
-        unsigned int i;
-        Hashmap *h;
-        int n, r;
-
-        n = acquire_time_data(bus, &times);
-        if (n <= 0)
-                return n;
-
-        h = hashmap_new(&string_hash_ops);
-        if (!h)
-                return -ENOMEM;
-
-        for (i = 0; i < (unsigned)n; i++) {
-                r = hashmap_put(h, times[i].name, &times[i]);
-                if (r < 0)
-                        return r;
-        }
-        unit_times_hashmap = h;
-
-        pager_open(arg_no_pager, false);
-
-        puts("The time after the unit is active or started is printed after the \"@\" character.\n"
-             "The time the unit takes to start is printed after the \"+\" character.\n");
-
-        if (!strv_isempty(names)) {
-                char **name;
-                STRV_FOREACH(name, names)
-                        list_dependencies(bus, *name);
-        } else
-                list_dependencies(bus, SPECIAL_DEFAULT_TARGET);
-
-        hashmap_free(h);
-        free_unit_times(times, (unsigned) n);
-        return 0;
-}
-
-static int analyze_blame(sd_bus *bus) {
-        struct unit_times *times;
-        unsigned i;
-        int n;
-
-        n = acquire_time_data(bus, &times);
-        if (n <= 0)
-                return n;
-
-        qsort(times, n, sizeof(struct unit_times), compare_unit_time);
-
-        pager_open(arg_no_pager, false);
-
-        for (i = 0; i < (unsigned) n; i++) {
-                char ts[FORMAT_TIMESPAN_MAX];
-
-                if (times[i].time > 0)
-                        printf("%16s %s\n", format_timespan(ts, sizeof(ts), times[i].time, USEC_PER_MSEC), times[i].name);
-        }
-
-        free_unit_times(times, (unsigned) n);
-        return 0;
-}
-
-static int analyze_time(sd_bus *bus) {
-        _cleanup_free_ char *buf = NULL;
-        int r;
-
-        r = pretty_boot_time(bus, &buf);
-        if (r < 0)
-                return r;
-
-        puts(buf);
-        return 0;
-}
-
-static int graph_one_property(sd_bus *bus, const UnitInfo *u, const char* prop, const char *color, char* patterns[], char* from_patterns[], char* to_patterns[]) {
-        _cleanup_strv_free_ char **units = NULL;
-        char **unit;
-        int r;
-        bool match_patterns;
-
-        assert(u);
-        assert(prop);
-        assert(color);
-
-        match_patterns = strv_fnmatch(patterns, u->id, 0);
-
-        if (!strv_isempty(from_patterns) &&
-            !match_patterns &&
-            !strv_fnmatch(from_patterns, u->id, 0))
-                        return 0;
-
-        r = bus_get_unit_property_strv(bus, u->unit_path, prop, &units);
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH(unit, units) {
-                bool match_patterns2;
-
-                match_patterns2 = strv_fnmatch(patterns, *unit, 0);
-
-                if (!strv_isempty(to_patterns) &&
-                    !match_patterns2 &&
-                    !strv_fnmatch(to_patterns, *unit, 0))
-                        continue;
-
-                if (!strv_isempty(patterns) && !match_patterns && !match_patterns2)
-                        continue;
-
-                printf("\t\"%s\"->\"%s\" [color=\"%s\"];\n", u->id, *unit, color);
-        }
-
-        return 0;
-}
-
-static int graph_one(sd_bus *bus, const UnitInfo *u, char *patterns[], char *from_patterns[], char *to_patterns[]) {
-        int r;
-
-        assert(bus);
-        assert(u);
-
-        if (IN_SET(arg_dot, DEP_ORDER, DEP_ALL)) {
-                r = graph_one_property(bus, u, "After", "green", patterns, from_patterns, to_patterns);
-                if (r < 0)
-                        return r;
-        }
-
-        if (IN_SET(arg_dot, DEP_REQUIRE, DEP_ALL)) {
-                r = graph_one_property(bus, u, "Requires", "black", patterns, from_patterns, to_patterns);
-                if (r < 0)
-                        return r;
-                r = graph_one_property(bus, u, "Requisite", "darkblue", patterns, from_patterns, to_patterns);
-                if (r < 0)
-                        return r;
-                r = graph_one_property(bus, u, "Wants", "grey66", patterns, from_patterns, to_patterns);
-                if (r < 0)
-                        return r;
-                r = graph_one_property(bus, u, "Conflicts", "red", patterns, from_patterns, to_patterns);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int expand_patterns(sd_bus *bus, char **patterns, char ***ret) {
-        _cleanup_strv_free_ char **expanded_patterns = NULL;
-        char **pattern;
-        int r;
-
-        STRV_FOREACH(pattern, patterns) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_free_ char *unit = NULL, *unit_id = NULL;
-
-                if (strv_extend(&expanded_patterns, *pattern) < 0)
-                        return log_oom();
-
-                if (string_is_glob(*pattern))
-                        continue;
-
-                unit = unit_dbus_path_from_name(*pattern);
-                if (!unit)
-                        return log_oom();
-
-                r = sd_bus_get_property_string(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                unit,
-                                "org.freedesktop.systemd1.Unit",
-                                "Id",
-                                &error,
-                                &unit_id);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get ID: %s", bus_error_message(&error, r));
-
-                if (!streq(*pattern, unit_id)) {
-                        if (strv_extend(&expanded_patterns, unit_id) < 0)
-                                return log_oom();
-                }
-        }
-
-        *ret = expanded_patterns;
-        expanded_patterns = NULL; /* do not free */
-
-        return 0;
-}
-
-static int dot(sd_bus *bus, char* patterns[]) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_strv_free_ char **expanded_patterns = NULL;
-        _cleanup_strv_free_ char **expanded_from_patterns = NULL;
-        _cleanup_strv_free_ char **expanded_to_patterns = NULL;
-        int r;
-        UnitInfo u;
-
-        r = expand_patterns(bus, patterns, &expanded_patterns);
-        if (r < 0)
-                return r;
-
-        r = expand_patterns(bus, arg_dot_from_patterns, &expanded_from_patterns);
-        if (r < 0)
-                return r;
-
-        r = expand_patterns(bus, arg_dot_to_patterns, &expanded_to_patterns);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call_method(
-                        bus,
-                       "org.freedesktop.systemd1",
-                       "/org/freedesktop/systemd1",
-                       "org.freedesktop.systemd1.Manager",
-                       "ListUnits",
-                       &error,
-                       &reply,
-                       "");
-        if (r < 0) {
-                log_error("Failed to list units: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        printf("digraph systemd {\n");
-
-        while ((r = bus_parse_unit_info(reply, &u)) > 0) {
-
-                r = graph_one(bus, &u, expanded_patterns, expanded_from_patterns, expanded_to_patterns);
-                if (r < 0)
-                        return r;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        printf("}\n");
-
-        log_info("   Color legend: black     = Requires\n"
-                 "                 dark blue = Requisite\n"
-                 "                 dark grey = Wants\n"
-                 "                 red       = Conflicts\n"
-                 "                 green     = After\n");
-
-        if (on_tty())
-                log_notice("-- You probably want to process this output with graphviz' dot tool.\n"
-                           "-- Try a shell pipeline like 'systemd-analyze dot | dot -Tsvg > systemd.svg'!\n");
-
-        return 0;
-}
-
-static int dump(sd_bus *bus, char **args) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *text = NULL;
-        int r;
-
-        if (!strv_isempty(args)) {
-                log_error("Too many arguments.");
-                return -E2BIG;
-        }
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_bus_call_method(
-                        bus,
-                       "org.freedesktop.systemd1",
-                       "/org/freedesktop/systemd1",
-                       "org.freedesktop.systemd1.Manager",
-                       "Dump",
-                       &error,
-                       &reply,
-                       "");
-        if (r < 0)
-                return log_error_errno(r, "Failed issue method call: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_read(reply, "s", &text);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        fputs(text, stdout);
-        return 0;
-}
-
-static int set_log_level(sd_bus *bus, char **args) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(args);
-
-        if (strv_length(args) != 1) {
-                log_error("This command expects one argument only.");
-                return -E2BIG;
-        }
-
-        r = sd_bus_set_property(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "LogLevel",
-                        &error,
-                        "s",
-                        args[0]);
-        if (r < 0)
-                return log_error_errno(r, "Failed to issue method call: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int set_log_target(sd_bus *bus, char **args) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(args);
-
-        if (strv_length(args) != 1) {
-                log_error("This command expects one argument only.");
-                return -E2BIG;
-        }
-
-        r = sd_bus_set_property(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "LogTarget",
-                        &error,
-                        "s",
-                        args[0]);
-        if (r < 0)
-                return log_error_errno(r, "Failed to issue method call: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static void help(void) {
-
-        pager_open(arg_no_pager, false);
-
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Profile systemd, show unit dependencies, check unit files.\n\n"
-               "  -h --help               Show this help\n"
-               "     --version            Show package version\n"
-               "     --no-pager           Do not pipe output into a pager\n"
-               "     --system             Operate on system systemd instance\n"
-               "     --user               Operate on user systemd instance\n"
-               "  -H --host=[USER@]HOST   Operate on remote host\n"
-               "  -M --machine=CONTAINER  Operate on local container\n"
-               "     --order              Show only order in the graph\n"
-               "     --require            Show only requirement in the graph\n"
-               "     --from-pattern=GLOB  Show only origins in the graph\n"
-               "     --to-pattern=GLOB    Show only destinations in the graph\n"
-               "     --fuzz=SECONDS       Also print also services which finished SECONDS\n"
-               "                          earlier than the latest in the branch\n"
-               "     --man[=BOOL]         Do [not] check for existence of man pages\n\n"
-               "Commands:\n"
-               "  time                    Print time spent in the kernel\n"
-               "  blame                   Print list of running units ordered by time to init\n"
-               "  critical-chain          Print a tree of the time critical chain of units\n"
-               "  plot                    Output SVG graphic showing service initialization\n"
-               "  dot                     Output dependency graph in dot(1) format\n"
-               "  set-log-level LEVEL     Set logging threshold for manager\n"
-               "  set-log-target TARGET   Set logging target for manager\n"
-               "  dump                    Output state serialization of service manager\n"
-               "  verify FILE...          Check unit files for correctness\n"
-               , program_invocation_short_name);
-
-        /* When updating this list, including descriptions, apply
-         * changes to shell-completion/bash/systemd-analyze and
-         * shell-completion/zsh/_systemd-analyze too. */
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_ORDER,
-                ARG_REQUIRE,
-                ARG_USER,
-                ARG_SYSTEM,
-                ARG_DOT_FROM_PATTERN,
-                ARG_DOT_TO_PATTERN,
-                ARG_FUZZ,
-                ARG_NO_PAGER,
-                ARG_MAN,
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'                  },
-                { "version",      no_argument,       NULL, ARG_VERSION          },
-                { "order",        no_argument,       NULL, ARG_ORDER            },
-                { "require",      no_argument,       NULL, ARG_REQUIRE          },
-                { "user",         no_argument,       NULL, ARG_USER             },
-                { "system",       no_argument,       NULL, ARG_SYSTEM           },
-                { "from-pattern", required_argument, NULL, ARG_DOT_FROM_PATTERN },
-                { "to-pattern",   required_argument, NULL, ARG_DOT_TO_PATTERN   },
-                { "fuzz",         required_argument, NULL, ARG_FUZZ             },
-                { "no-pager",     no_argument,       NULL, ARG_NO_PAGER         },
-                { "man",          optional_argument, NULL, ARG_MAN              },
-                { "host",         required_argument, NULL, 'H'                  },
-                { "machine",      required_argument, NULL, 'M'                  },
-                {}
-        };
-
-        int r, c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_USER:
-                        arg_user = true;
-                        break;
-
-                case ARG_SYSTEM:
-                        arg_user = false;
-                        break;
-
-                case ARG_ORDER:
-                        arg_dot = DEP_ORDER;
-                        break;
-
-                case ARG_REQUIRE:
-                        arg_dot = DEP_REQUIRE;
-                        break;
-
-                case ARG_DOT_FROM_PATTERN:
-                        if (strv_extend(&arg_dot_from_patterns, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case ARG_DOT_TO_PATTERN:
-                        if (strv_extend(&arg_dot_to_patterns, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case ARG_FUZZ:
-                        r = parse_sec(optarg, &arg_fuzz);
-                        if (r < 0)
-                                return r;
-                        break;
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case ARG_MAN:
-                        if (optarg) {
-                                r = parse_boolean(optarg);
-                                if (r < 0) {
-                                        log_error("Failed to parse --man= argument.");
-                                        return -EINVAL;
-                                }
-
-                                arg_man = !!r;
-                        } else
-                                arg_man = true;
-
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option code.");
-                }
-
-        return 1; /* work to do */
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-
-        setlocale(LC_ALL, "");
-        setlocale(LC_NUMERIC, "C"); /* we want to format/parse floats in C style */
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        if (streq_ptr(argv[optind], "verify"))
-                r = verify_units(argv+optind+1,
-                                 arg_user ? UNIT_FILE_USER : UNIT_FILE_SYSTEM,
-                                 arg_man);
-        else {
-                _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-
-                r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to create bus connection: %m");
-                        goto finish;
-                }
-
-                if (!argv[optind] || streq(argv[optind], "time"))
-                        r = analyze_time(bus);
-                else if (streq(argv[optind], "blame"))
-                        r = analyze_blame(bus);
-                else if (streq(argv[optind], "critical-chain"))
-                        r = analyze_critical_chain(bus, argv+optind+1);
-                else if (streq(argv[optind], "plot"))
-                        r = analyze_plot(bus);
-                else if (streq(argv[optind], "dot"))
-                        r = dot(bus, argv+optind+1);
-                else if (streq(argv[optind], "dump"))
-                        r = dump(bus, argv+optind+1);
-                else if (streq(argv[optind], "set-log-level"))
-                        r = set_log_level(bus, argv+optind+1);
-                else if (streq(argv[optind], "set-log-target"))
-                        r = set_log_target(bus, argv+optind+1);
-                else
-                        log_error("Unknown operation '%s'.", argv[optind]);
-        }
-
-finish:
-        pager_close();
-
-        strv_free(arg_dot_from_patterns);
-        strv_free(arg_dot_to_patterns);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/ask-password/Makefile b/src/ask-password/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/ask-password/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/backlight/Makefile b/src/backlight/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/backlight/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/basic/Makefile b/src/basic/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/basic/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/basic/btrfs-util.h b/src/basic/btrfs-util.h
deleted file mode 100644
index 1d852d502c..0000000000
--- a/src/basic/btrfs-util.h
+++ /dev/null
@@ -1,131 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-#include <stdint.h>
-#include <sys/types.h>
-
-#include "sd-id128.h"
-
-#include "time-util.h"
-
-typedef struct BtrfsSubvolInfo {
-        uint64_t subvol_id;
-        usec_t otime;
-
-        sd_id128_t uuid;
-        sd_id128_t parent_uuid;
-
-        bool read_only;
-} BtrfsSubvolInfo;
-
-typedef struct BtrfsQuotaInfo {
-        uint64_t referenced;
-        uint64_t exclusive;
-        uint64_t referenced_max;
-        uint64_t exclusive_max;
-} BtrfsQuotaInfo;
-
-typedef enum BtrfsSnapshotFlags {
-        BTRFS_SNAPSHOT_FALLBACK_COPY = 1,
-        BTRFS_SNAPSHOT_READ_ONLY = 2,
-        BTRFS_SNAPSHOT_RECURSIVE = 4,
-        BTRFS_SNAPSHOT_QUOTA = 8,
-} BtrfsSnapshotFlags;
-
-typedef enum BtrfsRemoveFlags {
-        BTRFS_REMOVE_RECURSIVE = 1,
-        BTRFS_REMOVE_QUOTA = 2,
-} BtrfsRemoveFlags;
-
-int btrfs_is_filesystem(int fd);
-
-int btrfs_is_subvol_fd(int fd);
-int btrfs_is_subvol(const char *path);
-
-int btrfs_reflink(int infd, int outfd);
-int btrfs_clone_range(int infd, uint64_t in_offset, int ofd, uint64_t out_offset, uint64_t sz);
-
-int btrfs_get_block_device_fd(int fd, dev_t *dev);
-int btrfs_get_block_device(const char *path, dev_t *dev);
-
-int btrfs_defrag_fd(int fd);
-int btrfs_defrag(const char *p);
-
-int btrfs_quota_enable_fd(int fd, bool b);
-int btrfs_quota_enable(const char *path, bool b);
-
-int btrfs_quota_scan_start(int fd);
-int btrfs_quota_scan_wait(int fd);
-int btrfs_quota_scan_ongoing(int fd);
-
-int btrfs_resize_loopback_fd(int fd, uint64_t size, bool grow_only);
-int btrfs_resize_loopback(const char *path, uint64_t size, bool grow_only);
-
-int btrfs_subvol_make(const char *path);
-int btrfs_subvol_make_label(const char *path);
-
-int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlags flags);
-int btrfs_subvol_snapshot(const char *old_path, const char *new_path, BtrfsSnapshotFlags flags);
-
-int btrfs_subvol_remove(const char *path, BtrfsRemoveFlags flags);
-int btrfs_subvol_remove_fd(int fd, const char *subvolume, BtrfsRemoveFlags flags);
-
-int btrfs_subvol_set_read_only_fd(int fd, bool b);
-int btrfs_subvol_set_read_only(const char *path, bool b);
-int btrfs_subvol_get_read_only_fd(int fd);
-
-int btrfs_subvol_get_id(int fd, const char *subvolume, uint64_t *ret);
-int btrfs_subvol_get_id_fd(int fd, uint64_t *ret);
-int btrfs_subvol_get_parent(int fd, uint64_t subvol_id, uint64_t *ret);
-
-int btrfs_subvol_get_info_fd(int fd, uint64_t subvol_id, BtrfsSubvolInfo *info);
-
-int btrfs_subvol_find_subtree_qgroup(int fd, uint64_t subvol_id, uint64_t *ret);
-
-int btrfs_subvol_get_subtree_quota(const char *path, uint64_t subvol_id, BtrfsQuotaInfo *quota);
-int btrfs_subvol_get_subtree_quota_fd(int fd, uint64_t subvol_id, BtrfsQuotaInfo *quota);
-
-int btrfs_subvol_set_subtree_quota_limit(const char *path, uint64_t subvol_id, uint64_t referenced_max);
-int btrfs_subvol_set_subtree_quota_limit_fd(int fd, uint64_t subvol_id, uint64_t referenced_max);
-
-int btrfs_subvol_auto_qgroup_fd(int fd, uint64_t subvol_id, bool new_qgroup);
-int btrfs_subvol_auto_qgroup(const char *path, uint64_t subvol_id, bool create_intermediary_qgroup);
-
-int btrfs_qgroupid_make(uint64_t level, uint64_t id, uint64_t *ret);
-int btrfs_qgroupid_split(uint64_t qgroupid, uint64_t *level, uint64_t *id);
-
-int btrfs_qgroup_create(int fd, uint64_t qgroupid);
-int btrfs_qgroup_destroy(int fd, uint64_t qgroupid);
-int btrfs_qgroup_destroy_recursive(int fd, uint64_t qgroupid);
-
-int btrfs_qgroup_set_limit_fd(int fd, uint64_t qgroupid, uint64_t referenced_max);
-int btrfs_qgroup_set_limit(const char *path, uint64_t qgroupid, uint64_t referenced_max);
-
-int btrfs_qgroup_copy_limits(int fd, uint64_t old_qgroupid, uint64_t new_qgroupid);
-
-int btrfs_qgroup_assign(int fd, uint64_t child, uint64_t parent);
-int btrfs_qgroup_unassign(int fd, uint64_t child, uint64_t parent);
-
-int btrfs_qgroup_find_parents(int fd, uint64_t qgroupid, uint64_t **ret);
-
-int btrfs_qgroup_get_quota_fd(int fd, uint64_t qgroupid, BtrfsQuotaInfo *quota);
-int btrfs_qgroup_get_quota(const char *path, uint64_t qgroupid, BtrfsQuotaInfo *quota);
diff --git a/src/basic/fdset.c b/src/basic/fdset.c
deleted file mode 100644
index 527f27bc67..0000000000
--- a/src/basic/fdset.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <alloca.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stddef.h>
-
-#include "sd-daemon.h"
-
-#include "fd-util.h"
-#include "fdset.h"
-#include "log.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "set.h"
-
-#define MAKE_SET(s) ((Set*) s)
-#define MAKE_FDSET(s) ((FDSet*) s)
-
-FDSet *fdset_new(void) {
-        return MAKE_FDSET(set_new(NULL));
-}
-
-int fdset_new_array(FDSet **ret, const int *fds, unsigned n_fds) {
-        unsigned i;
-        FDSet *s;
-        int r;
-
-        assert(ret);
-
-        s = fdset_new();
-        if (!s)
-                return -ENOMEM;
-
-        for (i = 0; i < n_fds; i++) {
-
-                r = fdset_put(s, fds[i]);
-                if (r < 0) {
-                        set_free(MAKE_SET(s));
-                        return r;
-                }
-        }
-
-        *ret = s;
-        return 0;
-}
-
-FDSet* fdset_free(FDSet *s) {
-        void *p;
-
-        while ((p = set_steal_first(MAKE_SET(s)))) {
-                /* Valgrind's fd might have ended up in this set here,
-                 * due to fdset_new_fill(). We'll ignore all failures
-                 * here, so that the EBADFD that valgrind will return
-                 * us on close() doesn't influence us */
-
-                /* When reloading duplicates of the private bus
-                 * connection fds and suchlike are closed here, which
-                 * has no effect at all, since they are only
-                 * duplicates. So don't be surprised about these log
-                 * messages. */
-
-                log_debug("Closing left-over fd %i", PTR_TO_FD(p));
-                close_nointr(PTR_TO_FD(p));
-        }
-
-        set_free(MAKE_SET(s));
-        return NULL;
-}
-
-int fdset_put(FDSet *s, int fd) {
-        assert(s);
-        assert(fd >= 0);
-
-        return set_put(MAKE_SET(s), FD_TO_PTR(fd));
-}
-
-int fdset_put_dup(FDSet *s, int fd) {
-        int copy, r;
-
-        assert(s);
-        assert(fd >= 0);
-
-        copy = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-        if (copy < 0)
-                return -errno;
-
-        r = fdset_put(s, copy);
-        if (r < 0) {
-                safe_close(copy);
-                return r;
-        }
-
-        return copy;
-}
-
-bool fdset_contains(FDSet *s, int fd) {
-        assert(s);
-        assert(fd >= 0);
-
-        return !!set_get(MAKE_SET(s), FD_TO_PTR(fd));
-}
-
-int fdset_remove(FDSet *s, int fd) {
-        assert(s);
-        assert(fd >= 0);
-
-        return set_remove(MAKE_SET(s), FD_TO_PTR(fd)) ? fd : -ENOENT;
-}
-
-int fdset_new_fill(FDSet **_s) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r = 0;
-        FDSet *s;
-
-        assert(_s);
-
-        /* Creates an fdset and fills in all currently open file
-         * descriptors. */
-
-        d = opendir("/proc/self/fd");
-        if (!d)
-                return -errno;
-
-        s = fdset_new();
-        if (!s) {
-                r = -ENOMEM;
-                goto finish;
-        }
-
-        while ((de = readdir(d))) {
-                int fd = -1;
-
-                if (hidden_or_backup_file(de->d_name))
-                        continue;
-
-                r = safe_atoi(de->d_name, &fd);
-                if (r < 0)
-                        goto finish;
-
-                if (fd < 3)
-                        continue;
-
-                if (fd == dirfd(d))
-                        continue;
-
-                r = fdset_put(s, fd);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = 0;
-        *_s = s;
-        s = NULL;
-
-finish:
-        /* We won't close the fds here! */
-        if (s)
-                set_free(MAKE_SET(s));
-
-        return r;
-}
-
-int fdset_cloexec(FDSet *fds, bool b) {
-        Iterator i;
-        void *p;
-        int r;
-
-        assert(fds);
-
-        SET_FOREACH(p, MAKE_SET(fds), i) {
-                r = fd_cloexec(PTR_TO_FD(p), b);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-int fdset_new_listen_fds(FDSet **_s, bool unset) {
-        int n, fd, r;
-        FDSet *s;
-
-        assert(_s);
-
-        /* Creates an fdset and fills in all passed file descriptors */
-
-        s = fdset_new();
-        if (!s) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        n = sd_listen_fds(unset);
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
-                r = fdset_put(s, fd);
-                if (r < 0)
-                        goto fail;
-        }
-
-        *_s = s;
-        return 0;
-
-
-fail:
-        if (s)
-                set_free(MAKE_SET(s));
-
-        return r;
-}
-
-int fdset_close_others(FDSet *fds) {
-        void *e;
-        Iterator i;
-        int *a;
-        unsigned j, m;
-
-        j = 0, m = fdset_size(fds);
-        a = alloca(sizeof(int) * m);
-        SET_FOREACH(e, MAKE_SET(fds), i)
-                a[j++] = PTR_TO_FD(e);
-
-        assert(j == m);
-
-        return close_all_fds(a, j);
-}
-
-unsigned fdset_size(FDSet *fds) {
-        return set_size(MAKE_SET(fds));
-}
-
-bool fdset_isempty(FDSet *fds) {
-        return set_isempty(MAKE_SET(fds));
-}
-
-int fdset_iterate(FDSet *s, Iterator *i) {
-        void *p;
-
-        if (!set_iterate(MAKE_SET(s), i, &p))
-                return -ENOENT;
-
-        return PTR_TO_FD(p);
-}
-
-int fdset_steal_first(FDSet *fds) {
-        void *p;
-
-        p = set_steal_first(MAKE_SET(fds));
-        if (!p)
-                return -ENOENT;
-
-        return PTR_TO_FD(p);
-}
diff --git a/src/basic/log.c b/src/basic/log.c
deleted file mode 100644
index 3ea643b6e6..0000000000
--- a/src/basic/log.c
+++ /dev/null
@@ -1,1170 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <inttypes.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/signalfd.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <sys/uio.h>
-#include <sys/un.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "io-util.h"
-#include "log.h"
-#include "macro.h"
-#include "missing.h"
-#include "parse-util.h"
-#include "proc-cmdline.h"
-#include "process-util.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "stdio-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "syslog-util.h"
-#include "terminal-util.h"
-#include "time-util.h"
-#include "util.h"
-
-#define SNDBUF_SIZE (8*1024*1024)
-
-static LogTarget log_target = LOG_TARGET_CONSOLE;
-static int log_max_level = LOG_INFO;
-static int log_facility = LOG_DAEMON;
-
-static int console_fd = STDERR_FILENO;
-static int syslog_fd = -1;
-static int kmsg_fd = -1;
-static int journal_fd = -1;
-
-static bool syslog_is_stream = false;
-
-static bool show_color = false;
-static bool show_location = false;
-
-static bool upgrade_syslog_to_journal = false;
-
-/* Akin to glibc's __abort_msg; which is private and we hence cannot
- * use here. */
-static char *log_abort_msg = NULL;
-
-void log_close_console(void) {
-
-        if (console_fd < 0)
-                return;
-
-        if (getpid() == 1) {
-                if (console_fd >= 3)
-                        safe_close(console_fd);
-
-                console_fd = -1;
-        }
-}
-
-static int log_open_console(void) {
-
-        if (console_fd >= 0)
-                return 0;
-
-        if (getpid() == 1) {
-                console_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
-                if (console_fd < 0)
-                        return console_fd;
-        } else
-                console_fd = STDERR_FILENO;
-
-        return 0;
-}
-
-void log_close_kmsg(void) {
-        kmsg_fd = safe_close(kmsg_fd);
-}
-
-static int log_open_kmsg(void) {
-
-        if (kmsg_fd >= 0)
-                return 0;
-
-        kmsg_fd = open("/dev/kmsg", O_WRONLY|O_NOCTTY|O_CLOEXEC);
-        if (kmsg_fd < 0)
-                return -errno;
-
-        return 0;
-}
-
-void log_close_syslog(void) {
-        syslog_fd = safe_close(syslog_fd);
-}
-
-static int create_log_socket(int type) {
-        struct timeval tv;
-        int fd;
-
-        fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
-        if (fd < 0)
-                return -errno;
-
-        fd_inc_sndbuf(fd, SNDBUF_SIZE);
-
-        /* We need a blocking fd here since we'd otherwise lose
-        messages way too early. However, let's not hang forever in the
-        unlikely case of a deadlock. */
-        if (getpid() == 1)
-                timeval_store(&tv, 10 * USEC_PER_MSEC);
-        else
-                timeval_store(&tv, 10 * USEC_PER_SEC);
-        (void) setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
-
-        return fd;
-}
-
-static int log_open_syslog(void) {
-
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/dev/log",
-        };
-
-        int r;
-
-        if (syslog_fd >= 0)
-                return 0;
-
-        syslog_fd = create_log_socket(SOCK_DGRAM);
-        if (syslog_fd < 0) {
-                r = syslog_fd;
-                goto fail;
-        }
-
-        if (connect(syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
-                safe_close(syslog_fd);
-
-                /* Some legacy syslog systems still use stream
-                 * sockets. They really shouldn't. But what can we
-                 * do... */
-                syslog_fd = create_log_socket(SOCK_STREAM);
-                if (syslog_fd < 0) {
-                        r = syslog_fd;
-                        goto fail;
-                }
-
-                if (connect(syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
-                        r = -errno;
-                        goto fail;
-                }
-
-                syslog_is_stream = true;
-        } else
-                syslog_is_stream = false;
-
-        return 0;
-
-fail:
-        log_close_syslog();
-        return r;
-}
-
-void log_close_journal(void) {
-        journal_fd = safe_close(journal_fd);
-}
-
-static int log_open_journal(void) {
-
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/journal/socket",
-        };
-
-        int r;
-
-        if (journal_fd >= 0)
-                return 0;
-
-        journal_fd = create_log_socket(SOCK_DGRAM);
-        if (journal_fd < 0) {
-                r = journal_fd;
-                goto fail;
-        }
-
-        if (connect(journal_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        log_close_journal();
-        return r;
-}
-
-int log_open(void) {
-        int r;
-
-        /* If we don't use the console we close it here, to not get
-         * killed by SAK. If we don't use syslog we close it here so
-         * that we are not confused by somebody deleting the socket in
-         * the fs. If we don't use /dev/kmsg we still keep it open,
-         * because there is no reason to close it. */
-
-        if (log_target == LOG_TARGET_NULL) {
-                log_close_journal();
-                log_close_syslog();
-                log_close_console();
-                return 0;
-        }
-
-        if ((log_target != LOG_TARGET_AUTO && log_target != LOG_TARGET_SAFE) ||
-            getpid() == 1 ||
-            isatty(STDERR_FILENO) <= 0) {
-
-                if (log_target == LOG_TARGET_AUTO ||
-                    log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
-                    log_target == LOG_TARGET_JOURNAL) {
-                        r = log_open_journal();
-                        if (r >= 0) {
-                                log_close_syslog();
-                                log_close_console();
-                                return r;
-                        }
-                }
-
-                if (log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
-                    log_target == LOG_TARGET_SYSLOG) {
-                        r = log_open_syslog();
-                        if (r >= 0) {
-                                log_close_journal();
-                                log_close_console();
-                                return r;
-                        }
-                }
-
-                if (log_target == LOG_TARGET_AUTO ||
-                    log_target == LOG_TARGET_SAFE ||
-                    log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
-                    log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
-                    log_target == LOG_TARGET_KMSG) {
-                        r = log_open_kmsg();
-                        if (r >= 0) {
-                                log_close_journal();
-                                log_close_syslog();
-                                log_close_console();
-                                return r;
-                        }
-                }
-        }
-
-        log_close_journal();
-        log_close_syslog();
-
-        return log_open_console();
-}
-
-void log_set_target(LogTarget target) {
-        assert(target >= 0);
-        assert(target < _LOG_TARGET_MAX);
-
-        if (upgrade_syslog_to_journal) {
-                if (target == LOG_TARGET_SYSLOG)
-                        target = LOG_TARGET_JOURNAL;
-                else if (target == LOG_TARGET_SYSLOG_OR_KMSG)
-                        target = LOG_TARGET_JOURNAL_OR_KMSG;
-        }
-
-        log_target = target;
-}
-
-void log_close(void) {
-        log_close_journal();
-        log_close_syslog();
-        log_close_kmsg();
-        log_close_console();
-}
-
-void log_forget_fds(void) {
-        console_fd = kmsg_fd = syslog_fd = journal_fd = -1;
-}
-
-void log_set_max_level(int level) {
-        assert((level & LOG_PRIMASK) == level);
-
-        log_max_level = level;
-}
-
-void log_set_facility(int facility) {
-        log_facility = facility;
-}
-
-static int write_to_console(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *buffer) {
-
-        char location[64], prefix[1 + DECIMAL_STR_MAX(int) + 2];
-        struct iovec iovec[6] = {};
-        unsigned n = 0;
-        bool highlight;
-
-        if (console_fd < 0)
-                return 0;
-
-        if (log_target == LOG_TARGET_CONSOLE_PREFIXED) {
-                sprintf(prefix, "<%i>", level);
-                IOVEC_SET_STRING(iovec[n++], prefix);
-        }
-
-        highlight = LOG_PRI(level) <= LOG_ERR && show_color;
-
-        if (show_location) {
-                xsprintf(location, "(%s:%i) ", file, line);
-                IOVEC_SET_STRING(iovec[n++], location);
-        }
-
-        if (highlight)
-                IOVEC_SET_STRING(iovec[n++], ANSI_HIGHLIGHT_RED);
-        IOVEC_SET_STRING(iovec[n++], buffer);
-        if (highlight)
-                IOVEC_SET_STRING(iovec[n++], ANSI_NORMAL);
-        IOVEC_SET_STRING(iovec[n++], "\n");
-
-        if (writev(console_fd, iovec, n) < 0) {
-
-                if (errno == EIO && getpid() == 1) {
-
-                        /* If somebody tried to kick us from our
-                         * console tty (via vhangup() or suchlike),
-                         * try to reconnect */
-
-                        log_close_console();
-                        log_open_console();
-
-                        if (console_fd < 0)
-                                return 0;
-
-                        if (writev(console_fd, iovec, n) < 0)
-                                return -errno;
-                } else
-                        return -errno;
-        }
-
-        return 1;
-}
-
-static int write_to_syslog(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *buffer) {
-
-        char header_priority[2 + DECIMAL_STR_MAX(int) + 1],
-             header_time[64],
-             header_pid[4 + DECIMAL_STR_MAX(pid_t) + 1];
-        struct iovec iovec[5] = {};
-        struct msghdr msghdr = {
-                .msg_iov = iovec,
-                .msg_iovlen = ELEMENTSOF(iovec),
-        };
-        time_t t;
-        struct tm *tm;
-
-        if (syslog_fd < 0)
-                return 0;
-
-        xsprintf(header_priority, "<%i>", level);
-
-        t = (time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC);
-        tm = localtime(&t);
-        if (!tm)
-                return -EINVAL;
-
-        if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
-                return -EINVAL;
-
-        xsprintf(header_pid, "["PID_FMT"]: ", getpid());
-
-        IOVEC_SET_STRING(iovec[0], header_priority);
-        IOVEC_SET_STRING(iovec[1], header_time);
-        IOVEC_SET_STRING(iovec[2], program_invocation_short_name);
-        IOVEC_SET_STRING(iovec[3], header_pid);
-        IOVEC_SET_STRING(iovec[4], buffer);
-
-        /* When using syslog via SOCK_STREAM separate the messages by NUL chars */
-        if (syslog_is_stream)
-                iovec[4].iov_len++;
-
-        for (;;) {
-                ssize_t n;
-
-                n = sendmsg(syslog_fd, &msghdr, MSG_NOSIGNAL);
-                if (n < 0)
-                        return -errno;
-
-                if (!syslog_is_stream ||
-                    (size_t) n >= IOVEC_TOTAL_SIZE(iovec, ELEMENTSOF(iovec)))
-                        break;
-
-                IOVEC_INCREMENT(iovec, ELEMENTSOF(iovec), n);
-        }
-
-        return 1;
-}
-
-static int write_to_kmsg(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *buffer) {
-
-        char header_priority[2 + DECIMAL_STR_MAX(int) + 1],
-             header_pid[4 + DECIMAL_STR_MAX(pid_t) + 1];
-        struct iovec iovec[5] = {};
-
-        if (kmsg_fd < 0)
-                return 0;
-
-        xsprintf(header_priority, "<%i>", level);
-        xsprintf(header_pid, "["PID_FMT"]: ", getpid());
-
-        IOVEC_SET_STRING(iovec[0], header_priority);
-        IOVEC_SET_STRING(iovec[1], program_invocation_short_name);
-        IOVEC_SET_STRING(iovec[2], header_pid);
-        IOVEC_SET_STRING(iovec[3], buffer);
-        IOVEC_SET_STRING(iovec[4], "\n");
-
-        if (writev(kmsg_fd, iovec, ELEMENTSOF(iovec)) < 0)
-                return -errno;
-
-        return 1;
-}
-
-static int log_do_header(
-                char *header,
-                size_t size,
-                int level,
-                int error,
-                const char *file, int line, const char *func,
-                const char *object_field, const char *object) {
-
-        snprintf(header, size,
-                 "PRIORITY=%i\n"
-                 "SYSLOG_FACILITY=%i\n"
-                 "%s%s%s"
-                 "%s%.*i%s"
-                 "%s%s%s"
-                 "%s%.*i%s"
-                 "%s%s%s"
-                 "SYSLOG_IDENTIFIER=%s\n",
-                 LOG_PRI(level),
-                 LOG_FAC(level),
-                 isempty(file) ? "" : "CODE_FILE=",
-                 isempty(file) ? "" : file,
-                 isempty(file) ? "" : "\n",
-                 line ? "CODE_LINE=" : "",
-                 line ? 1 : 0, line, /* %.0d means no output too, special case for 0 */
-                 line ? "\n" : "",
-                 isempty(func) ? "" : "CODE_FUNCTION=",
-                 isempty(func) ? "" : func,
-                 isempty(func) ? "" : "\n",
-                 error ? "ERRNO=" : "",
-                 error ? 1 : 0, error,
-                 error ? "\n" : "",
-                 isempty(object) ? "" : object_field,
-                 isempty(object) ? "" : object,
-                 isempty(object) ? "" : "\n",
-                 program_invocation_short_name);
-
-        return 0;
-}
-
-static int write_to_journal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *buffer) {
-
-        char header[LINE_MAX];
-        struct iovec iovec[4] = {};
-        struct msghdr mh = {};
-
-        if (journal_fd < 0)
-                return 0;
-
-        log_do_header(header, sizeof(header), level, error, file, line, func, object_field, object);
-
-        IOVEC_SET_STRING(iovec[0], header);
-        IOVEC_SET_STRING(iovec[1], "MESSAGE=");
-        IOVEC_SET_STRING(iovec[2], buffer);
-        IOVEC_SET_STRING(iovec[3], "\n");
-
-        mh.msg_iov = iovec;
-        mh.msg_iovlen = ELEMENTSOF(iovec);
-
-        if (sendmsg(journal_fd, &mh, MSG_NOSIGNAL) < 0)
-                return -errno;
-
-        return 1;
-}
-
-static int log_dispatch(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                char *buffer) {
-
-        assert(buffer);
-
-        if (log_target == LOG_TARGET_NULL)
-                return -error;
-
-        /* Patch in LOG_DAEMON facility if necessary */
-        if ((level & LOG_FACMASK) == 0)
-                level = log_facility | LOG_PRI(level);
-
-        if (error < 0)
-                error = -error;
-
-        do {
-                char *e;
-                int k = 0;
-
-                buffer += strspn(buffer, NEWLINE);
-
-                if (buffer[0] == 0)
-                        break;
-
-                if ((e = strpbrk(buffer, NEWLINE)))
-                        *(e++) = 0;
-
-                if (log_target == LOG_TARGET_AUTO ||
-                    log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
-                    log_target == LOG_TARGET_JOURNAL) {
-
-                        k = write_to_journal(level, error, file, line, func, object_field, object, buffer);
-                        if (k < 0) {
-                                if (k != -EAGAIN)
-                                        log_close_journal();
-                                log_open_kmsg();
-                        }
-                }
-
-                if (log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
-                    log_target == LOG_TARGET_SYSLOG) {
-
-                        k = write_to_syslog(level, error, file, line, func, object_field, object, buffer);
-                        if (k < 0) {
-                                if (k != -EAGAIN)
-                                        log_close_syslog();
-                                log_open_kmsg();
-                        }
-                }
-
-                if (k <= 0 &&
-                    (log_target == LOG_TARGET_AUTO ||
-                     log_target == LOG_TARGET_SAFE ||
-                     log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
-                     log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
-                     log_target == LOG_TARGET_KMSG)) {
-
-                        k = write_to_kmsg(level, error, file, line, func, object_field, object, buffer);
-                        if (k < 0) {
-                                log_close_kmsg();
-                                log_open_console();
-                        }
-                }
-
-                if (k <= 0)
-                        (void) write_to_console(level, error, file, line, func, object_field, object, buffer);
-
-                buffer = e;
-        } while (buffer);
-
-        return -error;
-}
-
-int log_dump_internal(
-        int level,
-        int error,
-        const char *file,
-        int line,
-        const char *func,
-        char *buffer) {
-
-        PROTECT_ERRNO;
-
-        /* This modifies the buffer... */
-
-        if (error < 0)
-                error = -error;
-
-        if (_likely_(LOG_PRI(level) > log_max_level))
-                return -error;
-
-        return log_dispatch(level, error, file, line, func, NULL, NULL, buffer);
-}
-
-int log_internalv(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format,
-                va_list ap) {
-
-        PROTECT_ERRNO;
-        char buffer[LINE_MAX];
-
-        if (error < 0)
-                error = -error;
-
-        if (_likely_(LOG_PRI(level) > log_max_level))
-                return -error;
-
-        /* Make sure that %m maps to the specified error */
-        if (error != 0)
-                errno = error;
-
-        vsnprintf(buffer, sizeof(buffer), format, ap);
-
-        return log_dispatch(level, error, file, line, func, NULL, NULL, buffer);
-}
-
-int log_internal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format, ...) {
-
-        va_list ap;
-        int r;
-
-        va_start(ap, format);
-        r = log_internalv(level, error, file, line, func, format, ap);
-        va_end(ap);
-
-        return r;
-}
-
-int log_object_internalv(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *format,
-                va_list ap) {
-
-        PROTECT_ERRNO;
-        char *buffer, *b;
-        size_t l;
-
-        if (error < 0)
-                error = -error;
-
-        if (_likely_(LOG_PRI(level) > log_max_level))
-                return -error;
-
-        /* Make sure that %m maps to the specified error */
-        if (error != 0)
-                errno = error;
-
-        /* Prepend the object name before the message */
-        if (object) {
-                size_t n;
-
-                n = strlen(object);
-                l = n + 2 + LINE_MAX;
-
-                buffer = newa(char, l);
-                b = stpcpy(stpcpy(buffer, object), ": ");
-        } else {
-                l = LINE_MAX;
-                b = buffer = newa(char, l);
-        }
-
-        vsnprintf(b, l, format, ap);
-
-        return log_dispatch(level, error, file, line, func, object_field, object, buffer);
-}
-
-int log_object_internal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *format, ...) {
-
-        va_list ap;
-        int r;
-
-        va_start(ap, format);
-        r = log_object_internalv(level, error, file, line, func, object_field, object, format, ap);
-        va_end(ap);
-
-        return r;
-}
-
-static void log_assert(
-                int level,
-                const char *text,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format) {
-
-        static char buffer[LINE_MAX];
-
-        if (_likely_(LOG_PRI(level) > log_max_level))
-                return;
-
-        DISABLE_WARNING_FORMAT_NONLITERAL;
-        xsprintf(buffer, format, text, file, line, func);
-        REENABLE_WARNING;
-
-        log_abort_msg = buffer;
-
-        log_dispatch(level, 0, file, line, func, NULL, NULL, buffer);
-}
-
-noreturn void log_assert_failed(const char *text, const char *file, int line, const char *func) {
-        log_assert(LOG_CRIT, text, file, line, func, "Assertion '%s' failed at %s:%u, function %s(). Aborting.");
-        abort();
-}
-
-noreturn void log_assert_failed_unreachable(const char *text, const char *file, int line, const char *func) {
-        log_assert(LOG_CRIT, text, file, line, func, "Code should not be reached '%s' at %s:%u, function %s(). Aborting.");
-        abort();
-}
-
-void log_assert_failed_return(const char *text, const char *file, int line, const char *func) {
-        PROTECT_ERRNO;
-        log_assert(LOG_DEBUG, text, file, line, func, "Assertion '%s' failed at %s:%u, function %s(). Ignoring.");
-}
-
-int log_oom_internal(const char *file, int line, const char *func) {
-        log_internal(LOG_ERR, ENOMEM, file, line, func, "Out of memory.");
-        return -ENOMEM;
-}
-
-int log_format_iovec(
-                struct iovec *iovec,
-                unsigned iovec_len,
-                unsigned *n,
-                bool newline_separator,
-                int error,
-                const char *format,
-                va_list ap) {
-
-        static const char nl = '\n';
-
-        while (format && *n + 1 < iovec_len) {
-                va_list aq;
-                char *m;
-                int r;
-
-                /* We need to copy the va_list structure,
-                 * since vasprintf() leaves it afterwards at
-                 * an undefined location */
-
-                if (error != 0)
-                        errno = error;
-
-                va_copy(aq, ap);
-                r = vasprintf(&m, format, aq);
-                va_end(aq);
-                if (r < 0)
-                        return -EINVAL;
-
-                /* Now, jump enough ahead, so that we point to
-                 * the next format string */
-                VA_FORMAT_ADVANCE(format, ap);
-
-                IOVEC_SET_STRING(iovec[(*n)++], m);
-
-                if (newline_separator) {
-                        iovec[*n].iov_base = (char*) &nl;
-                        iovec[*n].iov_len = 1;
-                        (*n)++;
-                }
-
-                format = va_arg(ap, char *);
-        }
-        return 0;
-}
-
-int log_struct_internal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format, ...) {
-
-        char buf[LINE_MAX];
-        bool found = false;
-        PROTECT_ERRNO;
-        va_list ap;
-
-        if (error < 0)
-                error = -error;
-
-        if (_likely_(LOG_PRI(level) > log_max_level))
-                return -error;
-
-        if (log_target == LOG_TARGET_NULL)
-                return -error;
-
-        if ((level & LOG_FACMASK) == 0)
-                level = log_facility | LOG_PRI(level);
-
-        if ((log_target == LOG_TARGET_AUTO ||
-             log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
-             log_target == LOG_TARGET_JOURNAL) &&
-            journal_fd >= 0) {
-                char header[LINE_MAX];
-                struct iovec iovec[17] = {};
-                unsigned n = 0, i;
-                int r;
-                struct msghdr mh = {
-                        .msg_iov = iovec,
-                };
-                bool fallback = false;
-
-                /* If the journal is available do structured logging */
-                log_do_header(header, sizeof(header), level, error, file, line, func, NULL, NULL);
-                IOVEC_SET_STRING(iovec[n++], header);
-
-                va_start(ap, format);
-                r = log_format_iovec(iovec, ELEMENTSOF(iovec), &n, true, error, format, ap);
-                if (r < 0)
-                        fallback = true;
-                else {
-                        mh.msg_iovlen = n;
-                        (void) sendmsg(journal_fd, &mh, MSG_NOSIGNAL);
-                }
-
-                va_end(ap);
-                for (i = 1; i < n; i += 2)
-                        free(iovec[i].iov_base);
-
-                if (!fallback)
-                        return -error;
-        }
-
-        /* Fallback if journal logging is not available or didn't work. */
-
-        va_start(ap, format);
-        while (format) {
-                va_list aq;
-
-                if (error != 0)
-                        errno = error;
-
-                va_copy(aq, ap);
-                vsnprintf(buf, sizeof(buf), format, aq);
-                va_end(aq);
-
-                if (startswith(buf, "MESSAGE=")) {
-                        found = true;
-                        break;
-                }
-
-                VA_FORMAT_ADVANCE(format, ap);
-
-                format = va_arg(ap, char *);
-        }
-        va_end(ap);
-
-        if (!found)
-                return -error;
-
-        return log_dispatch(level, error, file, line, func, NULL, NULL, buf + 8);
-}
-
-int log_set_target_from_string(const char *e) {
-        LogTarget t;
-
-        t = log_target_from_string(e);
-        if (t < 0)
-                return -EINVAL;
-
-        log_set_target(t);
-        return 0;
-}
-
-int log_set_max_level_from_string(const char *e) {
-        int t;
-
-        t = log_level_from_string(e);
-        if (t < 0)
-                return -EINVAL;
-
-        log_set_max_level(t);
-        return 0;
-}
-
-static int parse_proc_cmdline_item(const char *key, const char *value) {
-
-        /*
-         * The systemd.log_xyz= settings are parsed by all tools, and
-         * so is "debug".
-         *
-         * However, "quiet" is only parsed by PID 1, and only turns of
-         * status output to /dev/console, but does not alter the log
-         * level.
-         */
-
-        if (streq(key, "debug") && !value)
-                log_set_max_level(LOG_DEBUG);
-
-        else if (streq(key, "systemd.log_target") && value) {
-
-                if (log_set_target_from_string(value) < 0)
-                        log_warning("Failed to parse log target '%s'. Ignoring.", value);
-
-        } else if (streq(key, "systemd.log_level") && value) {
-
-                if (log_set_max_level_from_string(value) < 0)
-                        log_warning("Failed to parse log level '%s'. Ignoring.", value);
-
-        } else if (streq(key, "systemd.log_color") && value) {
-
-                if (log_show_color_from_string(value) < 0)
-                        log_warning("Failed to parse log color setting '%s'. Ignoring.", value);
-
-        } else if (streq(key, "systemd.log_location") && value) {
-
-                if (log_show_location_from_string(value) < 0)
-                        log_warning("Failed to parse log location setting '%s'. Ignoring.", value);
-        }
-
-        return 0;
-}
-
-void log_parse_environment(void) {
-        const char *e;
-
-        if (get_ctty_devnr(0, NULL) < 0)
-                /* Only try to read the command line in daemons.
-                   We assume that anything that has a controlling
-                   tty is user stuff. */
-                (void) parse_proc_cmdline(parse_proc_cmdline_item);
-
-        e = secure_getenv("SYSTEMD_LOG_TARGET");
-        if (e && log_set_target_from_string(e) < 0)
-                log_warning("Failed to parse log target '%s'. Ignoring.", e);
-
-        e = secure_getenv("SYSTEMD_LOG_LEVEL");
-        if (e && log_set_max_level_from_string(e) < 0)
-                log_warning("Failed to parse log level '%s'. Ignoring.", e);
-
-        e = secure_getenv("SYSTEMD_LOG_COLOR");
-        if (e && log_show_color_from_string(e) < 0)
-                log_warning("Failed to parse bool '%s'. Ignoring.", e);
-
-        e = secure_getenv("SYSTEMD_LOG_LOCATION");
-        if (e && log_show_location_from_string(e) < 0)
-                log_warning("Failed to parse bool '%s'. Ignoring.", e);
-}
-
-LogTarget log_get_target(void) {
-        return log_target;
-}
-
-int log_get_max_level(void) {
-        return log_max_level;
-}
-
-void log_show_color(bool b) {
-        show_color = b;
-}
-
-bool log_get_show_color(void) {
-        return show_color;
-}
-
-void log_show_location(bool b) {
-        show_location = b;
-}
-
-bool log_get_show_location(void) {
-        return show_location;
-}
-
-int log_show_color_from_string(const char *e) {
-        int t;
-
-        t = parse_boolean(e);
-        if (t < 0)
-                return t;
-
-        log_show_color(t);
-        return 0;
-}
-
-int log_show_location_from_string(const char *e) {
-        int t;
-
-        t = parse_boolean(e);
-        if (t < 0)
-                return t;
-
-        log_show_location(t);
-        return 0;
-}
-
-bool log_on_console(void) {
-        if (log_target == LOG_TARGET_CONSOLE ||
-            log_target == LOG_TARGET_CONSOLE_PREFIXED)
-                return true;
-
-        return syslog_fd < 0 && kmsg_fd < 0 && journal_fd < 0;
-}
-
-static const char *const log_target_table[_LOG_TARGET_MAX] = {
-        [LOG_TARGET_CONSOLE] = "console",
-        [LOG_TARGET_CONSOLE_PREFIXED] = "console-prefixed",
-        [LOG_TARGET_KMSG] = "kmsg",
-        [LOG_TARGET_JOURNAL] = "journal",
-        [LOG_TARGET_JOURNAL_OR_KMSG] = "journal-or-kmsg",
-        [LOG_TARGET_SYSLOG] = "syslog",
-        [LOG_TARGET_SYSLOG_OR_KMSG] = "syslog-or-kmsg",
-        [LOG_TARGET_AUTO] = "auto",
-        [LOG_TARGET_SAFE] = "safe",
-        [LOG_TARGET_NULL] = "null"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(log_target, LogTarget);
-
-void log_received_signal(int level, const struct signalfd_siginfo *si) {
-        if (si->ssi_pid > 0) {
-                _cleanup_free_ char *p = NULL;
-
-                get_process_comm(si->ssi_pid, &p);
-
-                log_full(level,
-                         "Received SIG%s from PID %"PRIu32" (%s).",
-                         signal_to_string(si->ssi_signo),
-                         si->ssi_pid, strna(p));
-        } else
-                log_full(level,
-                         "Received SIG%s.",
-                         signal_to_string(si->ssi_signo));
-
-}
-
-void log_set_upgrade_syslog_to_journal(bool b) {
-        upgrade_syslog_to_journal = b;
-}
-
-int log_syntax_internal(
-                const char *unit,
-                int level,
-                const char *config_file,
-                unsigned config_line,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format, ...) {
-
-        PROTECT_ERRNO;
-        char buffer[LINE_MAX];
-        int r;
-        va_list ap;
-
-        if (error < 0)
-                error = -error;
-
-        if (_likely_(LOG_PRI(level) > log_max_level))
-                return -error;
-
-        if (log_target == LOG_TARGET_NULL)
-                return -error;
-
-        if (error != 0)
-                errno = error;
-
-        va_start(ap, format);
-        vsnprintf(buffer, sizeof(buffer), format, ap);
-        va_end(ap);
-
-        if (unit)
-                r = log_struct_internal(
-                                level, error,
-                                file, line, func,
-                                getpid() == 1 ? "UNIT=%s" : "USER_UNIT=%s", unit,
-                                LOG_MESSAGE_ID(SD_MESSAGE_INVALID_CONFIGURATION),
-                                "CONFIG_FILE=%s", config_file,
-                                "CONFIG_LINE=%u", config_line,
-                                LOG_MESSAGE("[%s:%u] %s", config_file, config_line, buffer),
-                                NULL);
-        else
-                r = log_struct_internal(
-                                level, error,
-                                file, line, func,
-                                LOG_MESSAGE_ID(SD_MESSAGE_INVALID_CONFIGURATION),
-                                "CONFIG_FILE=%s", config_file,
-                                "CONFIG_LINE=%u", config_line,
-                                LOG_MESSAGE("[%s:%u] %s", config_file, config_line, buffer),
-                                NULL);
-
-        return r;
-}
diff --git a/src/basic/log.h b/src/basic/log.h
deleted file mode 100644
index b6356228d9..0000000000
--- a/src/basic/log.h
+++ /dev/null
@@ -1,249 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <sys/signalfd.h>
-#include <sys/socket.h>
-#include <syslog.h>
-
-#include "sd-id128.h"
-
-#include "macro.h"
-
-typedef enum LogTarget{
-        LOG_TARGET_CONSOLE,
-        LOG_TARGET_CONSOLE_PREFIXED,
-        LOG_TARGET_KMSG,
-        LOG_TARGET_JOURNAL,
-        LOG_TARGET_JOURNAL_OR_KMSG,
-        LOG_TARGET_SYSLOG,
-        LOG_TARGET_SYSLOG_OR_KMSG,
-        LOG_TARGET_AUTO, /* console if stderr is tty, JOURNAL_OR_KMSG otherwise */
-        LOG_TARGET_SAFE, /* console if stderr is tty, KMSG otherwise */
-        LOG_TARGET_NULL,
-        _LOG_TARGET_MAX,
-        _LOG_TARGET_INVALID = -1
-}  LogTarget;
-
-void log_set_target(LogTarget target);
-void log_set_max_level(int level);
-void log_set_facility(int facility);
-
-int log_set_target_from_string(const char *e);
-int log_set_max_level_from_string(const char *e);
-
-void log_show_color(bool b);
-bool log_get_show_color(void) _pure_;
-void log_show_location(bool b);
-bool log_get_show_location(void) _pure_;
-
-int log_show_color_from_string(const char *e);
-int log_show_location_from_string(const char *e);
-
-LogTarget log_get_target(void) _pure_;
-int log_get_max_level(void) _pure_;
-
-int log_open(void);
-void log_close(void);
-void log_forget_fds(void);
-
-void log_close_syslog(void);
-void log_close_journal(void);
-void log_close_kmsg(void);
-void log_close_console(void);
-
-void log_parse_environment(void);
-
-int log_internal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format, ...) _printf_(6,7);
-
-int log_internalv(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format,
-                va_list ap) _printf_(6,0);
-
-int log_object_internal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *format, ...) _printf_(8,9);
-
-int log_object_internalv(
-                int level,
-                int error,
-                const char*file,
-                int line,
-                const char *func,
-                const char *object_field,
-                const char *object,
-                const char *format,
-                va_list ap) _printf_(8,0);
-
-int log_struct_internal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format, ...) _printf_(6,0) _sentinel_;
-
-int log_oom_internal(
-                const char *file,
-                int line,
-                const char *func);
-
-int log_format_iovec(
-                struct iovec *iovec,
-                unsigned iovec_len,
-                unsigned *n,
-                bool newline_separator,
-                int error,
-                const char *format,
-                va_list ap);
-
-/* This modifies the buffer passed! */
-int log_dump_internal(
-                int level,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                char *buffer);
-
-/* Logging for various assertions */
-noreturn void log_assert_failed(
-                const char *text,
-                const char *file,
-                int line,
-                const char *func);
-
-noreturn void log_assert_failed_unreachable(
-                const char *text,
-                const char *file,
-                int line,
-                const char *func);
-
-void log_assert_failed_return(
-                const char *text,
-                const char *file,
-                int line,
-                const char *func);
-
-/* Logging with level */
-#define log_full_errno(level, error, ...)                               \
-        ({                                                              \
-                int _level = (level), _e = (error);                     \
-                (log_get_max_level() >= LOG_PRI(_level))                \
-                        ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \
-                        : -abs(_e);                                     \
-        })
-
-#define log_full(level, ...) log_full_errno(level, 0, __VA_ARGS__)
-
-/* Normal logging */
-#define log_debug(...)     log_full(LOG_DEBUG,   __VA_ARGS__)
-#define log_info(...)      log_full(LOG_INFO,    __VA_ARGS__)
-#define log_notice(...)    log_full(LOG_NOTICE,  __VA_ARGS__)
-#define log_warning(...)   log_full(LOG_WARNING, __VA_ARGS__)
-#define log_error(...)     log_full(LOG_ERR,     __VA_ARGS__)
-#define log_emergency(...) log_full(getpid() == 1 ? LOG_EMERG : LOG_ERR, __VA_ARGS__)
-
-/* Logging triggered by an errno-like error */
-#define log_debug_errno(error, ...)     log_full_errno(LOG_DEBUG,   error, __VA_ARGS__)
-#define log_info_errno(error, ...)      log_full_errno(LOG_INFO,    error, __VA_ARGS__)
-#define log_notice_errno(error, ...)    log_full_errno(LOG_NOTICE,  error, __VA_ARGS__)
-#define log_warning_errno(error, ...)   log_full_errno(LOG_WARNING, error, __VA_ARGS__)
-#define log_error_errno(error, ...)     log_full_errno(LOG_ERR,     error, __VA_ARGS__)
-#define log_emergency_errno(error, ...) log_full_errno(getpid() == 1 ? LOG_EMERG : LOG_ERR, error, __VA_ARGS__)
-
-#ifdef LOG_TRACE
-#  define log_trace(...) log_debug(__VA_ARGS__)
-#else
-#  define log_trace(...) do {} while (0)
-#endif
-
-/* Structured logging */
-#define log_struct(level, ...) log_struct_internal(level, 0, __FILE__, __LINE__, __func__, __VA_ARGS__)
-#define log_struct_errno(level, error, ...) log_struct_internal(level, error, __FILE__, __LINE__, __func__, __VA_ARGS__)
-
-/* This modifies the buffer passed! */
-#define log_dump(level, buffer) log_dump_internal(level, 0, __FILE__, __LINE__, __func__, buffer)
-
-#define log_oom() log_oom_internal(__FILE__, __LINE__, __func__)
-
-bool log_on_console(void) _pure_;
-
-const char *log_target_to_string(LogTarget target) _const_;
-LogTarget log_target_from_string(const char *s) _pure_;
-
-/* Helpers to prepare various fields for structured logging */
-#define LOG_MESSAGE(fmt, ...) "MESSAGE=" fmt, ##__VA_ARGS__
-#define LOG_MESSAGE_ID(x) "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(x)
-
-void log_received_signal(int level, const struct signalfd_siginfo *si);
-
-void log_set_upgrade_syslog_to_journal(bool b);
-
-int log_syntax_internal(
-                const char *unit,
-                int level,
-                const char *config_file,
-                unsigned config_line,
-                int error,
-                const char *file,
-                int line,
-                const char *func,
-                const char *format, ...) _printf_(9, 10);
-
-#define log_syntax(unit, level, config_file, config_line, error, ...)   \
-        ({                                                              \
-                int _level = (level), _e = (error);                     \
-                (log_get_max_level() >= LOG_PRI(_level))                \
-                        ? log_syntax_internal(unit, _level, config_file, config_line, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \
-                        : -abs(_e);                                     \
-        })
-
-#define log_syntax_invalid_utf8(unit, level, config_file, config_line, rvalue) \
-        ({                                                              \
-                int _level = (level);                                   \
-                if (log_get_max_level() >= LOG_PRI(_level)) {           \
-                        _cleanup_free_ char *_p = NULL;                 \
-                        _p = utf8_escape_invalid(rvalue);               \
-                        log_syntax_internal(unit, _level, config_file, config_line, 0, __FILE__, __LINE__, __func__, \
-                                            "String is not UTF-8 clean, ignoring assignment: %s", strna(_p)); \
-                }                                                       \
-        })
diff --git a/src/binfmt/Makefile b/src/binfmt/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/binfmt/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/boot/Makefile b/src/boot/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/boot/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/busctl/Makefile b/src/busctl/Makefile
new file mode 100644
index 0000000000..e7ef92824c
--- /dev/null
+++ b/src/busctl/Makefile
@@ -0,0 +1,37 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += \
+	busctl
+
+busctl_SOURCES = \
+	src/libsystemd/sd-bus/busctl.c \
+	src/libsystemd/sd-bus/busctl-introspect.c \
+	src/libsystemd/sd-bus/busctl-introspect.h
+
+busctl_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/busctl/busctl-introspect.c b/src/busctl/busctl-introspect.c
new file mode 100644
index 0000000000..3c49ad5c57
--- /dev/null
+++ b/src/busctl/busctl-introspect.c
@@ -0,0 +1,790 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "busctl-introspect.h"
+#include "string-util.h"
+#include "util.h"
+#include "xml.h"
+
+#define NODE_DEPTH_MAX 16
+
+typedef struct Context {
+        const XMLIntrospectOps *ops;
+        void *userdata;
+
+        char *interface_name;
+        uint64_t interface_flags;
+
+        char *member_name;
+        char *member_signature;
+        char *member_result;
+        uint64_t member_flags;
+        bool member_writable;
+
+        const char *current;
+        void *xml_state;
+} Context;
+
+static void context_reset_member(Context *c) {
+        free(c->member_name);
+        free(c->member_signature);
+        free(c->member_result);
+
+        c->member_name = c->member_signature = c->member_result = NULL;
+        c->member_flags = 0;
+        c->member_writable = false;
+}
+
+static void context_reset_interface(Context *c) {
+        c->interface_name = mfree(c->interface_name);
+        c->interface_flags = 0;
+
+        context_reset_member(c);
+}
+
+static int parse_xml_annotation(Context *context, uint64_t *flags) {
+
+        enum {
+                STATE_ANNOTATION,
+                STATE_NAME,
+                STATE_VALUE
+        } state = STATE_ANNOTATION;
+
+        _cleanup_free_ char *field = NULL, *value = NULL;
+
+        assert(context);
+
+        for (;;) {
+                _cleanup_free_ char *name = NULL;
+
+                int t;
+
+                t = xml_tokenize(&context->current, &name, &context->xml_state, NULL);
+                if (t < 0) {
+                        log_error("XML parse error.");
+                        return t;
+                }
+
+                if (t == XML_END) {
+                        log_error("Premature end of XML data.");
+                        return -EBADMSG;
+                }
+
+                switch (state) {
+
+                case STATE_ANNOTATION:
+
+                        if (t == XML_ATTRIBUTE_NAME) {
+
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_NAME;
+
+                                else if (streq_ptr(name, "value"))
+                                        state = STATE_VALUE;
+
+                                else {
+                                        log_error("Unexpected <annotation> attribute %s.", name);
+                                        return -EBADMSG;
+                                }
+
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "annotation"))) {
+
+                                if (flags) {
+                                        if (streq_ptr(field, "org.freedesktop.DBus.Deprecated")) {
+
+                                                if (streq_ptr(value, "true"))
+                                                        *flags |= SD_BUS_VTABLE_DEPRECATED;
+
+                                        } else if (streq_ptr(field, "org.freedesktop.DBus.Method.NoReply")) {
+
+                                                if (streq_ptr(value, "true"))
+                                                        *flags |= SD_BUS_VTABLE_METHOD_NO_REPLY;
+
+                                        } else if (streq_ptr(field, "org.freedesktop.DBus.Property.EmitsChangedSignal")) {
+
+                                                if (streq_ptr(value, "const"))
+                                                        *flags = (*flags & ~(SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION|SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE)) | SD_BUS_VTABLE_PROPERTY_CONST;
+                                                else if (streq_ptr(value, "invalidates"))
+                                                        *flags = (*flags & ~(SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_CONST)) | SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION;
+                                                else if (streq_ptr(value, "false"))
+                                                        *flags = *flags & ~(SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION);
+                                        }
+                                }
+
+                                return 0;
+
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in <annotation>. (1)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+                                free(field);
+                                field = name;
+                                name = NULL;
+
+                                state = STATE_ANNOTATION;
+                        } else {
+                                log_error("Unexpected token in <annotation>. (2)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_VALUE:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+                                free(value);
+                                value = name;
+                                name = NULL;
+
+                                state = STATE_ANNOTATION;
+                        } else {
+                                log_error("Unexpected token in <annotation>. (3)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                default:
+                        assert_not_reached("Bad state");
+                }
+        }
+}
+
+static int parse_xml_node(Context *context, const char *prefix, unsigned n_depth) {
+
+        enum {
+                STATE_NODE,
+                STATE_NODE_NAME,
+                STATE_INTERFACE,
+                STATE_INTERFACE_NAME,
+                STATE_METHOD,
+                STATE_METHOD_NAME,
+                STATE_METHOD_ARG,
+                STATE_METHOD_ARG_NAME,
+                STATE_METHOD_ARG_TYPE,
+                STATE_METHOD_ARG_DIRECTION,
+                STATE_SIGNAL,
+                STATE_SIGNAL_NAME,
+                STATE_SIGNAL_ARG,
+                STATE_SIGNAL_ARG_NAME,
+                STATE_SIGNAL_ARG_TYPE,
+                STATE_PROPERTY,
+                STATE_PROPERTY_NAME,
+                STATE_PROPERTY_TYPE,
+                STATE_PROPERTY_ACCESS,
+        } state = STATE_NODE;
+
+        _cleanup_free_ char *node_path = NULL, *argument_type = NULL, *argument_direction = NULL;
+        const char *np = prefix;
+        int r;
+
+        assert(context);
+        assert(prefix);
+
+        if (n_depth > NODE_DEPTH_MAX) {
+                log_error("<node> depth too high.");
+                return -EINVAL;
+        }
+
+        for (;;) {
+                _cleanup_free_ char *name = NULL;
+                int t;
+
+                t = xml_tokenize(&context->current, &name, &context->xml_state, NULL);
+                if (t < 0) {
+                        log_error("XML parse error.");
+                        return t;
+                }
+
+                if (t == XML_END) {
+                        log_error("Premature end of XML data.");
+                        return -EBADMSG;
+                }
+
+                switch (state) {
+
+                case STATE_NODE:
+                        if (t == XML_ATTRIBUTE_NAME) {
+
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_NODE_NAME;
+                                else {
+                                        log_error("Unexpected <node> attribute %s.", name);
+                                        return -EBADMSG;
+                                }
+
+                        } else if (t == XML_TAG_OPEN) {
+
+                                if (streq_ptr(name, "interface"))
+                                        state = STATE_INTERFACE;
+                                else if (streq_ptr(name, "node")) {
+
+                                        r = parse_xml_node(context, np, n_depth+1);
+                                        if (r < 0)
+                                                return r;
+                                } else {
+                                        log_error("Unexpected <node> tag %s.", name);
+                                        return -EBADMSG;
+                                }
+
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "node"))) {
+
+                                if (context->ops->on_path) {
+                                        r = context->ops->on_path(node_path ? node_path : np, context->userdata);
+                                        if (r < 0)
+                                                return r;
+                                }
+
+                                return 0;
+
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in <node>. (1)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_NODE_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+
+                                free(node_path);
+
+                                if (name[0] == '/') {
+                                        node_path = name;
+                                        name = NULL;
+                                } else {
+
+                                        if (endswith(prefix, "/"))
+                                                node_path = strappend(prefix, name);
+                                        else
+                                                node_path = strjoin(prefix, "/", name, NULL);
+                                        if (!node_path)
+                                                return log_oom();
+                                }
+
+                                np = node_path;
+                                state = STATE_NODE;
+                        } else {
+                                log_error("Unexpected token in <node>. (2)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_INTERFACE:
+
+                        if (t == XML_ATTRIBUTE_NAME) {
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_INTERFACE_NAME;
+                                else {
+                                        log_error("Unexpected <interface> attribute %s.", name);
+                                        return -EBADMSG;
+                                }
+
+                        } else if (t == XML_TAG_OPEN) {
+                                if (streq_ptr(name, "method"))
+                                        state = STATE_METHOD;
+                                else if (streq_ptr(name, "signal"))
+                                        state = STATE_SIGNAL;
+                                else if (streq_ptr(name, "property")) {
+                                        context->member_flags |= SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE;
+                                        state = STATE_PROPERTY;
+                                } else if (streq_ptr(name, "annotation")) {
+                                        r = parse_xml_annotation(context, &context->interface_flags);
+                                        if (r < 0)
+                                                return r;
+                                } else {
+                                        log_error("Unexpected <interface> tag %s.", name);
+                                        return -EINVAL;
+                                }
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "interface"))) {
+
+                                if (n_depth == 0) {
+                                        if (context->ops->on_interface) {
+                                                r = context->ops->on_interface(context->interface_name, context->interface_flags, context->userdata);
+                                                if (r < 0)
+                                                        return r;
+                                        }
+
+                                        context_reset_interface(context);
+                                }
+
+                                state = STATE_NODE;
+
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in <interface>. (1)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_INTERFACE_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+                                if (n_depth == 0) {
+                                        free(context->interface_name);
+                                        context->interface_name = name;
+                                        name = NULL;
+                                }
+
+                                state = STATE_INTERFACE;
+                        } else {
+                                log_error("Unexpected token in <interface>. (2)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_METHOD:
+
+                        if (t == XML_ATTRIBUTE_NAME) {
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_METHOD_NAME;
+                                else {
+                                        log_error("Unexpected <method> attribute %s", name);
+                                        return -EBADMSG;
+                                }
+                        } else if (t == XML_TAG_OPEN) {
+                                if (streq_ptr(name, "arg"))
+                                        state = STATE_METHOD_ARG;
+                                else if (streq_ptr(name, "annotation")) {
+                                        r = parse_xml_annotation(context, &context->member_flags);
+                                        if (r < 0)
+                                                return r;
+                                } else {
+                                        log_error("Unexpected <method> tag %s.", name);
+                                        return -EINVAL;
+                                }
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "method"))) {
+
+                                if (n_depth == 0) {
+                                        if (context->ops->on_method) {
+                                                r = context->ops->on_method(context->interface_name, context->member_name, context->member_signature, context->member_result, context->member_flags, context->userdata);
+                                                if (r < 0)
+                                                        return r;
+                                        }
+
+                                        context_reset_member(context);
+                                }
+
+                                state = STATE_INTERFACE;
+
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in <method> (1).");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_METHOD_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+
+                                if (n_depth == 0) {
+                                        free(context->member_name);
+                                        context->member_name = name;
+                                        name = NULL;
+                                }
+
+                                state = STATE_METHOD;
+                        } else {
+                                log_error("Unexpected token in <method> (2).");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_METHOD_ARG:
+
+                        if (t == XML_ATTRIBUTE_NAME) {
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_METHOD_ARG_NAME;
+                                else if (streq_ptr(name, "type"))
+                                        state = STATE_METHOD_ARG_TYPE;
+                                else if (streq_ptr(name, "direction"))
+                                         state = STATE_METHOD_ARG_DIRECTION;
+                                else {
+                                        log_error("Unexpected method <arg> attribute %s.", name);
+                                        return -EBADMSG;
+                                }
+                        } else if (t == XML_TAG_OPEN) {
+                                if (streq_ptr(name, "annotation")) {
+                                        r = parse_xml_annotation(context, NULL);
+                                        if (r < 0)
+                                                return r;
+                                } else {
+                                        log_error("Unexpected method <arg> tag %s.", name);
+                                        return -EINVAL;
+                                }
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "arg"))) {
+
+                                if (n_depth == 0) {
+
+                                        if (argument_type) {
+                                                if (!argument_direction || streq(argument_direction, "in")) {
+                                                        if (!strextend(&context->member_signature, argument_type, NULL))
+                                                                return log_oom();
+                                                } else if (streq(argument_direction, "out")) {
+                                                        if (!strextend(&context->member_result, argument_type, NULL))
+                                                                return log_oom();
+                                                }
+                                        }
+
+                                        argument_type = mfree(argument_type);
+                                        argument_direction = mfree(argument_direction);
+                                }
+
+                                state = STATE_METHOD;
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in method <arg>. (1)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_METHOD_ARG_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE)
+                                state = STATE_METHOD_ARG;
+                        else {
+                                log_error("Unexpected token in method <arg>. (2)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_METHOD_ARG_TYPE:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+                                free(argument_type);
+                                argument_type = name;
+                                name = NULL;
+
+                                state = STATE_METHOD_ARG;
+                        } else {
+                                log_error("Unexpected token in method <arg>. (3)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_METHOD_ARG_DIRECTION:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+                                free(argument_direction);
+                                argument_direction = name;
+                                name = NULL;
+
+                                state = STATE_METHOD_ARG;
+                        } else {
+                                log_error("Unexpected token in method <arg>. (4)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_SIGNAL:
+
+                        if (t == XML_ATTRIBUTE_NAME) {
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_SIGNAL_NAME;
+                                else {
+                                        log_error("Unexpected <signal> attribute %s.", name);
+                                        return -EBADMSG;
+                                }
+                        } else if (t == XML_TAG_OPEN) {
+                                if (streq_ptr(name, "arg"))
+                                        state = STATE_SIGNAL_ARG;
+                                else if (streq_ptr(name, "annotation")) {
+                                        r = parse_xml_annotation(context, &context->member_flags);
+                                        if (r < 0)
+                                                return r;
+                                } else {
+                                        log_error("Unexpected <signal> tag %s.", name);
+                                        return -EINVAL;
+                                }
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "signal"))) {
+
+                                if (n_depth == 0) {
+                                        if (context->ops->on_signal) {
+                                                r = context->ops->on_signal(context->interface_name, context->member_name, context->member_signature, context->member_flags, context->userdata);
+                                                if (r < 0)
+                                                        return r;
+                                        }
+
+                                        context_reset_member(context);
+                                }
+
+                                state = STATE_INTERFACE;
+
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in <signal>. (1)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_SIGNAL_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+
+                                if (n_depth == 0) {
+                                        free(context->member_name);
+                                        context->member_name = name;
+                                        name = NULL;
+                                }
+
+                                state = STATE_SIGNAL;
+                        } else {
+                                log_error("Unexpected token in <signal>. (2)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+
+                case STATE_SIGNAL_ARG:
+
+                        if (t == XML_ATTRIBUTE_NAME) {
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_SIGNAL_ARG_NAME;
+                                else if (streq_ptr(name, "type"))
+                                        state = STATE_SIGNAL_ARG_TYPE;
+                                else {
+                                        log_error("Unexpected signal <arg> attribute %s.", name);
+                                        return -EBADMSG;
+                                }
+                        } else if (t == XML_TAG_OPEN) {
+                                if (streq_ptr(name, "annotation")) {
+                                        r = parse_xml_annotation(context, NULL);
+                                        if (r < 0)
+                                                return r;
+                                } else {
+                                        log_error("Unexpected signal <arg> tag %s.", name);
+                                        return -EINVAL;
+                                }
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "arg"))) {
+
+                                if (argument_type) {
+                                        if (!strextend(&context->member_signature, argument_type, NULL))
+                                                return log_oom();
+
+                                        argument_type = mfree(argument_type);
+                                }
+
+                                state = STATE_SIGNAL;
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in signal <arg> (1).");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_SIGNAL_ARG_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE)
+                                state = STATE_SIGNAL_ARG;
+                        else {
+                                log_error("Unexpected token in signal <arg> (2).");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_SIGNAL_ARG_TYPE:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+                                free(argument_type);
+                                argument_type = name;
+                                name = NULL;
+
+                                state = STATE_SIGNAL_ARG;
+                        } else {
+                                log_error("Unexpected token in signal <arg> (3).");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_PROPERTY:
+
+                        if (t == XML_ATTRIBUTE_NAME) {
+                                if (streq_ptr(name, "name"))
+                                        state = STATE_PROPERTY_NAME;
+                                else if (streq_ptr(name, "type"))
+                                        state  = STATE_PROPERTY_TYPE;
+                                else if (streq_ptr(name, "access"))
+                                        state  = STATE_PROPERTY_ACCESS;
+                                else {
+                                        log_error("Unexpected <property> attribute %s.", name);
+                                        return -EBADMSG;
+                                }
+                        } else if (t == XML_TAG_OPEN) {
+
+                                if (streq_ptr(name, "annotation")) {
+                                        r = parse_xml_annotation(context, &context->member_flags);
+                                        if (r < 0)
+                                                return r;
+                                } else {
+                                        log_error("Unexpected <property> tag %s.", name);
+                                        return -EINVAL;
+                                }
+
+                        } else if (t == XML_TAG_CLOSE_EMPTY ||
+                                   (t == XML_TAG_CLOSE && streq_ptr(name, "property"))) {
+
+                                if (n_depth == 0) {
+                                        if (context->ops->on_property) {
+                                                r = context->ops->on_property(context->interface_name, context->member_name, context->member_signature, context->member_writable, context->member_flags, context->userdata);
+                                                if (r < 0)
+                                                        return r;
+                                        }
+
+                                        context_reset_member(context);
+                                }
+
+                                state = STATE_INTERFACE;
+
+                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                                log_error("Unexpected token in <property>. (1)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_PROPERTY_NAME:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+
+                                if (n_depth == 0) {
+                                        free(context->member_name);
+                                        context->member_name = name;
+                                        name = NULL;
+                                }
+                                state = STATE_PROPERTY;
+                        } else {
+                                log_error("Unexpected token in <property>. (2)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_PROPERTY_TYPE:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+
+                                if (n_depth == 0) {
+                                        free(context->member_signature);
+                                        context->member_signature = name;
+                                        name = NULL;
+                                }
+
+                                state = STATE_PROPERTY;
+                        } else {
+                                log_error("Unexpected token in <property>. (3)");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case STATE_PROPERTY_ACCESS:
+
+                        if (t == XML_ATTRIBUTE_VALUE) {
+
+                                if (streq(name, "readwrite") || streq(name, "write"))
+                                        context->member_writable = true;
+
+                                state = STATE_PROPERTY;
+                        } else {
+                                log_error("Unexpected token in <property>. (4)");
+                                return -EINVAL;
+                        }
+
+                        break;
+                }
+        }
+}
+
+int parse_xml_introspect(const char *prefix, const char *xml, const XMLIntrospectOps *ops, void *userdata) {
+        Context context = {
+                .ops = ops,
+                .userdata = userdata,
+                .current = xml,
+        };
+
+        int r;
+
+        assert(prefix);
+        assert(xml);
+        assert(ops);
+
+        for (;;) {
+                _cleanup_free_ char *name = NULL;
+
+                r = xml_tokenize(&context.current, &name, &context.xml_state, NULL);
+                if (r < 0) {
+                        log_error("XML parse error");
+                        goto finish;
+                }
+
+                if (r == XML_END) {
+                        r = 0;
+                        break;
+                }
+
+                if (r == XML_TAG_OPEN) {
+
+                        if (streq(name, "node")) {
+                                r = parse_xml_node(&context, prefix, 0);
+                                if (r < 0)
+                                        goto finish;
+                        } else {
+                                log_error("Unexpected tag '%s' in introspection data.", name);
+                                r = -EBADMSG;
+                                goto finish;
+                        }
+                } else if (r != XML_TEXT || !in_charset(name, WHITESPACE)) {
+                        log_error("Unexpected token.");
+                        r = -EBADMSG;
+                        goto finish;
+                }
+        }
+
+finish:
+        context_reset_interface(&context);
+
+        return r;
+}
diff --git a/src/libsystemd/sd-bus/busctl-introspect.h b/src/busctl/busctl-introspect.h
index d922e352db..d922e352db 100644
--- a/src/libsystemd/sd-bus/busctl-introspect.h
+++ b/src/busctl/busctl-introspect.h
diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c
new file mode 100644
index 0000000000..0281409edf
--- /dev/null
+++ b/src/busctl/busctl.c
@@ -0,0 +1,2086 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-dump.h"
+#include "bus-internal.h"
+#include "bus-signature.h"
+#include "bus-type.h"
+#include "bus-util.h"
+#include "busctl-introspect.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "locale-util.h"
+#include "log.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "set.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "user-util.h"
+#include "util.h"
+
+static bool arg_no_pager = false;
+static bool arg_legend = true;
+static char *arg_address = NULL;
+static bool arg_unique = false;
+static bool arg_acquired = false;
+static bool arg_activatable = false;
+static bool arg_show_machine = false;
+static char **arg_matches = NULL;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static char *arg_host = NULL;
+static bool arg_user = false;
+static size_t arg_snaplen = 4096;
+static bool arg_list = false;
+static bool arg_quiet = false;
+static bool arg_verbose = false;
+static bool arg_expect_reply = true;
+static bool arg_auto_start = true;
+static bool arg_allow_interactive_authorization = true;
+static bool arg_augment_creds = true;
+static usec_t arg_timeout = 0;
+
+#define NAME_IS_ACQUIRED INT_TO_PTR(1)
+#define NAME_IS_ACTIVATABLE INT_TO_PTR(2)
+
+static int list_bus_names(sd_bus *bus, char **argv) {
+        _cleanup_strv_free_ char **acquired = NULL, **activatable = NULL;
+        _cleanup_free_ char **merged = NULL;
+        _cleanup_hashmap_free_ Hashmap *names = NULL;
+        char **i;
+        int r;
+        size_t max_i = 0;
+        unsigned n = 0;
+        void *v;
+        char *k;
+        Iterator iterator;
+
+        assert(bus);
+
+        if (!arg_unique && !arg_acquired && !arg_activatable)
+                arg_unique = arg_acquired = arg_activatable = true;
+
+        r = sd_bus_list_names(bus, (arg_acquired || arg_unique) ? &acquired : NULL, arg_activatable ? &activatable : NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to list names: %m");
+
+        pager_open(arg_no_pager, false);
+
+        names = hashmap_new(&string_hash_ops);
+        if (!names)
+                return log_oom();
+
+        STRV_FOREACH(i, acquired) {
+                max_i = MAX(max_i, strlen(*i));
+
+                r = hashmap_put(names, *i, NAME_IS_ACQUIRED);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add to hashmap: %m");
+        }
+
+        STRV_FOREACH(i, activatable) {
+                max_i = MAX(max_i, strlen(*i));
+
+                r = hashmap_put(names, *i, NAME_IS_ACTIVATABLE);
+                if (r < 0 && r != -EEXIST)
+                        return log_error_errno(r, "Failed to add to hashmap: %m");
+        }
+
+        merged = new(char*, hashmap_size(names) + 1);
+        HASHMAP_FOREACH_KEY(v, k, names, iterator)
+                merged[n++] = k;
+
+        merged[n] = NULL;
+        strv_sort(merged);
+
+        if (arg_legend) {
+                printf("%-*s %*s %-*s %-*s %-*s %-*s %-*s %-*s",
+                       (int) max_i, "NAME", 10, "PID", 15, "PROCESS", 16, "USER", 13, "CONNECTION", 25, "UNIT", 10, "SESSION", 19, "DESCRIPTION");
+
+                if (arg_show_machine)
+                        puts(" MACHINE");
+                else
+                        putchar('\n');
+        }
+
+        STRV_FOREACH(i, merged) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+                sd_id128_t mid;
+
+                if (hashmap_get(names, *i) == NAME_IS_ACTIVATABLE) {
+                        /* Activatable */
+
+                        printf("%-*s", (int) max_i, *i);
+                        printf("          - -               -                (activatable) -                         -         ");
+                        if (arg_show_machine)
+                                puts(" -");
+                        else
+                                putchar('\n');
+                        continue;
+
+                }
+
+                if (!arg_unique && (*i)[0] == ':')
+                        continue;
+
+                if (!arg_acquired && (*i)[0] != ':')
+                        continue;
+
+                printf("%-*s", (int) max_i, *i);
+
+                r = sd_bus_get_name_creds(
+                                bus, *i,
+                                (arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) |
+                                SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_COMM|
+                                SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_SESSION|
+                                SD_BUS_CREDS_DESCRIPTION, &creds);
+                if (r >= 0) {
+                        const char *unique, *session, *unit, *cn;
+                        pid_t pid;
+                        uid_t uid;
+
+                        r = sd_bus_creds_get_pid(creds, &pid);
+                        if (r >= 0) {
+                                const char *comm = NULL;
+
+                                sd_bus_creds_get_comm(creds, &comm);
+
+                                printf(" %10lu %-15s", (unsigned long) pid, strna(comm));
+                        } else
+                                fputs("          - -              ", stdout);
+
+                        r = sd_bus_creds_get_euid(creds, &uid);
+                        if (r >= 0) {
+                                _cleanup_free_ char *u = NULL;
+
+                                u = uid_to_name(uid);
+                                if (!u)
+                                        return log_oom();
+
+                                if (strlen(u) > 16)
+                                        u[16] = 0;
+
+                                printf(" %-16s", u);
+                        } else
+                                fputs(" -               ", stdout);
+
+                        r = sd_bus_creds_get_unique_name(creds, &unique);
+                        if (r >= 0)
+                                printf(" %-13s", unique);
+                        else
+                                fputs(" -            ", stdout);
+
+                        r = sd_bus_creds_get_unit(creds, &unit);
+                        if (r >= 0) {
+                                _cleanup_free_ char *e;
+
+                                e = ellipsize(unit, 25, 100);
+                                if (!e)
+                                        return log_oom();
+
+                                printf(" %-25s", e);
+                        } else
+                                fputs(" -                        ", stdout);
+
+                        r = sd_bus_creds_get_session(creds, &session);
+                        if (r >= 0)
+                                printf(" %-10s", session);
+                        else
+                                fputs(" -         ", stdout);
+
+                        r = sd_bus_creds_get_description(creds, &cn);
+                        if (r >= 0)
+                                printf(" %-19s", cn);
+                        else
+                                fputs(" -                  ", stdout);
+
+                } else
+                        printf("          - -               -                -             -                         -          -                  ");
+
+                if (arg_show_machine) {
+                        r = sd_bus_get_name_machine_id(bus, *i, &mid);
+                        if (r >= 0) {
+                                char m[SD_ID128_STRING_MAX];
+                                printf(" %s\n", sd_id128_to_string(mid, m));
+                        } else
+                                puts(" -");
+                } else
+                        putchar('\n');
+        }
+
+        return 0;
+}
+
+static void print_subtree(const char *prefix, const char *path, char **l) {
+        const char *vertical, *space;
+        char **n;
+
+        /* We assume the list is sorted. Let's first skip over the
+         * entry we are looking at. */
+        for (;;) {
+                if (!*l)
+                        return;
+
+                if (!streq(*l, path))
+                        break;
+
+                l++;
+        }
+
+        vertical = strjoina(prefix, special_glyph(TREE_VERTICAL));
+        space = strjoina(prefix, special_glyph(TREE_SPACE));
+
+        for (;;) {
+                bool has_more = false;
+
+                if (!*l || !path_startswith(*l, path))
+                        break;
+
+                n = l + 1;
+                for (;;) {
+                        if (!*n || !path_startswith(*n, path))
+                                break;
+
+                        if (!path_startswith(*n, *l)) {
+                                has_more = true;
+                                break;
+                        }
+
+                        n++;
+                }
+
+                printf("%s%s%s\n", prefix, special_glyph(has_more ? TREE_BRANCH : TREE_RIGHT), *l);
+
+                print_subtree(has_more ? vertical : space, *l, l);
+                l = n;
+        }
+}
+
+static void print_tree(const char *prefix, char **l) {
+
+        pager_open(arg_no_pager, false);
+
+        prefix = strempty(prefix);
+
+        if (arg_list) {
+                char **i;
+
+                STRV_FOREACH(i, l)
+                        printf("%s%s\n", prefix, *i);
+                return;
+        }
+
+        if (strv_isempty(l)) {
+                printf("No objects discovered.\n");
+                return;
+        }
+
+        if (streq(l[0], "/") && !l[1]) {
+                printf("Only root object discovered.\n");
+                return;
+        }
+
+        print_subtree(prefix, "/", l);
+}
+
+static int on_path(const char *path, void *userdata) {
+        Set *paths = userdata;
+        int r;
+
+        assert(paths);
+
+        r = set_put_strdup(paths, path);
+        if (r < 0)
+                return log_oom();
+
+        return 0;
+}
+
+static int find_nodes(sd_bus *bus, const char *service, const char *path, Set *paths, bool many) {
+        static const XMLIntrospectOps ops = {
+                .on_path = on_path,
+        };
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *xml;
+        int r;
+
+        r = sd_bus_call_method(bus, service, path, "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
+        if (r < 0) {
+                if (many)
+                        printf("Failed to introspect object %s of service %s: %s\n", path, service, bus_error_message(&error, r));
+                else
+                        log_error("Failed to introspect object %s of service %s: %s", path, service, bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "s", &xml);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return parse_xml_introspect(path, xml, &ops, paths);
+}
+
+static int tree_one(sd_bus *bus, const char *service, const char *prefix, bool many) {
+        _cleanup_set_free_free_ Set *paths = NULL, *done = NULL, *failed = NULL;
+        _cleanup_free_ char **l = NULL;
+        char *m;
+        int r;
+
+        paths = set_new(&string_hash_ops);
+        if (!paths)
+                return log_oom();
+
+        done = set_new(&string_hash_ops);
+        if (!done)
+                return log_oom();
+
+        failed = set_new(&string_hash_ops);
+        if (!failed)
+                return log_oom();
+
+        m = strdup("/");
+        if (!m)
+                return log_oom();
+
+        r = set_put(paths, m);
+        if (r < 0) {
+                free(m);
+                return log_oom();
+        }
+
+        for (;;) {
+                _cleanup_free_ char *p = NULL;
+                int q;
+
+                p = set_steal_first(paths);
+                if (!p)
+                        break;
+
+                if (set_contains(done, p) ||
+                    set_contains(failed, p))
+                        continue;
+
+                q = find_nodes(bus, service, p, paths, many);
+                if (q < 0) {
+                        if (r >= 0)
+                                r = q;
+
+                        q = set_put(failed, p);
+                } else
+                        q = set_put(done, p);
+
+                if (q < 0)
+                        return log_oom();
+
+                assert(q != 0);
+                p = NULL;
+        }
+
+        pager_open(arg_no_pager, false);
+
+        l = set_get_strv(done);
+        if (!l)
+                return log_oom();
+
+        strv_sort(l);
+        print_tree(prefix, l);
+
+        fflush(stdout);
+
+        return r;
+}
+
+static int tree(sd_bus *bus, char **argv) {
+        char **i;
+        int r = 0;
+
+        if (!arg_unique && !arg_acquired)
+                arg_acquired = true;
+
+        if (strv_length(argv) <= 1) {
+                _cleanup_strv_free_ char **names = NULL;
+                bool not_first = false;
+
+                r = sd_bus_list_names(bus, &names, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get name list: %m");
+
+                pager_open(arg_no_pager, false);
+
+                STRV_FOREACH(i, names) {
+                        int q;
+
+                        if (!arg_unique && (*i)[0] == ':')
+                                continue;
+
+                        if (!arg_acquired && (*i)[0] == ':')
+                                continue;
+
+                        if (not_first)
+                                printf("\n");
+
+                        printf("Service %s%s%s:\n", ansi_highlight(), *i, ansi_normal());
+
+                        q = tree_one(bus, *i, NULL, true);
+                        if (q < 0 && r >= 0)
+                                r = q;
+
+                        not_first = true;
+                }
+        } else {
+                STRV_FOREACH(i, argv+1) {
+                        int q;
+
+                        if (i > argv+1)
+                                printf("\n");
+
+                        if (argv[2]) {
+                                pager_open(arg_no_pager, false);
+                                printf("Service %s%s%s:\n", ansi_highlight(), *i, ansi_normal());
+                        }
+
+                        q = tree_one(bus, *i, NULL, !!argv[2]);
+                        if (q < 0 && r >= 0)
+                                r = q;
+                }
+        }
+
+        return r;
+}
+
+static int format_cmdline(sd_bus_message *m, FILE *f, bool needs_space) {
+        int r;
+
+        for (;;) {
+                const char *contents = NULL;
+                char type;
+                union {
+                        uint8_t u8;
+                        uint16_t u16;
+                        int16_t s16;
+                        uint32_t u32;
+                        int32_t s32;
+                        uint64_t u64;
+                        int64_t s64;
+                        double d64;
+                        const char *string;
+                        int i;
+                } basic;
+
+                r = sd_bus_message_peek_type(m, &type, &contents);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return needs_space;
+
+                if (bus_type_is_container(type) > 0) {
+
+                        r = sd_bus_message_enter_container(m, type, contents);
+                        if (r < 0)
+                                return r;
+
+                        if (type == SD_BUS_TYPE_ARRAY) {
+                                unsigned n = 0;
+
+                                /* count array entries */
+                                for (;;) {
+
+                                        r = sd_bus_message_skip(m, contents);
+                                        if (r < 0)
+                                                return r;
+                                        if (r == 0)
+                                                break;
+
+                                        n++;
+                                }
+
+                                r = sd_bus_message_rewind(m, false);
+                                if (r < 0)
+                                        return r;
+
+                                if (needs_space)
+                                        fputc(' ', f);
+
+                                fprintf(f, "%u", n);
+                                needs_space = true;
+
+                        } else if (type == SD_BUS_TYPE_VARIANT) {
+
+                                if (needs_space)
+                                        fputc(' ', f);
+
+                                fprintf(f, "%s", contents);
+                                needs_space = true;
+                        }
+
+                        r = format_cmdline(m, f, needs_space);
+                        if (r < 0)
+                                return r;
+
+                        needs_space = r > 0;
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return r;
+
+                        continue;
+                }
+
+                r = sd_bus_message_read_basic(m, type, &basic);
+                if (r < 0)
+                        return r;
+
+                if (needs_space)
+                        fputc(' ', f);
+
+                switch (type) {
+                case SD_BUS_TYPE_BYTE:
+                        fprintf(f, "%u", basic.u8);
+                        break;
+
+                case SD_BUS_TYPE_BOOLEAN:
+                        fputs(true_false(basic.i), f);
+                        break;
+
+                case SD_BUS_TYPE_INT16:
+                        fprintf(f, "%i", basic.s16);
+                        break;
+
+                case SD_BUS_TYPE_UINT16:
+                        fprintf(f, "%u", basic.u16);
+                        break;
+
+                case SD_BUS_TYPE_INT32:
+                        fprintf(f, "%i", basic.s32);
+                        break;
+
+                case SD_BUS_TYPE_UINT32:
+                        fprintf(f, "%u", basic.u32);
+                        break;
+
+                case SD_BUS_TYPE_INT64:
+                        fprintf(f, "%" PRIi64, basic.s64);
+                        break;
+
+                case SD_BUS_TYPE_UINT64:
+                        fprintf(f, "%" PRIu64, basic.u64);
+                        break;
+
+                case SD_BUS_TYPE_DOUBLE:
+                        fprintf(f, "%g", basic.d64);
+                        break;
+
+                case SD_BUS_TYPE_STRING:
+                case SD_BUS_TYPE_OBJECT_PATH:
+                case SD_BUS_TYPE_SIGNATURE: {
+                        _cleanup_free_ char *b = NULL;
+
+                        b = cescape(basic.string);
+                        if (!b)
+                                return -ENOMEM;
+
+                        fprintf(f, "\"%s\"", b);
+                        break;
+                }
+
+                case SD_BUS_TYPE_UNIX_FD:
+                        fprintf(f, "%i", basic.i);
+                        break;
+
+                default:
+                        assert_not_reached("Unknown basic type.");
+                }
+
+                needs_space = true;
+        }
+}
+
+typedef struct Member {
+        const char *type;
+        char *interface;
+        char *name;
+        char *signature;
+        char *result;
+        char *value;
+        bool writable;
+        uint64_t flags;
+} Member;
+
+static void member_hash_func(const void *p, struct siphash *state) {
+        const Member *m = p;
+        uint64_t arity = 1;
+
+        assert(m);
+        assert(m->type);
+
+        string_hash_func(m->type, state);
+
+        arity += !!m->name + !!m->interface;
+
+        uint64_hash_func(&arity, state);
+
+        if (m->name)
+                string_hash_func(m->name, state);
+
+        if (m->interface)
+                string_hash_func(m->interface, state);
+}
+
+static int member_compare_func(const void *a, const void *b) {
+        const Member *x = a, *y = b;
+        int d;
+
+        assert(x);
+        assert(y);
+        assert(x->type);
+        assert(y->type);
+
+        d = strcmp_ptr(x->interface, y->interface);
+        if (d != 0)
+                return d;
+
+        d = strcmp(x->type, y->type);
+        if (d != 0)
+                return d;
+
+        return strcmp_ptr(x->name, y->name);
+}
+
+static int member_compare_funcp(const void *a, const void *b) {
+        const Member *const * x = (const Member *const *) a, * const *y = (const Member *const *) b;
+
+        return member_compare_func(*x, *y);
+}
+
+static void member_free(Member *m) {
+        if (!m)
+                return;
+
+        free(m->interface);
+        free(m->name);
+        free(m->signature);
+        free(m->result);
+        free(m->value);
+        free(m);
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Member*, member_free);
+
+static void member_set_free(Set *s) {
+        Member *m;
+
+        while ((m = set_steal_first(s)))
+                member_free(m);
+
+        set_free(s);
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, member_set_free);
+
+static int on_interface(const char *interface, uint64_t flags, void *userdata) {
+        _cleanup_(member_freep) Member *m;
+        Set *members = userdata;
+        int r;
+
+        assert(interface);
+        assert(members);
+
+        m = new0(Member, 1);
+        if (!m)
+                return log_oom();
+
+        m->type = "interface";
+        m->flags = flags;
+
+        r = free_and_strdup(&m->interface, interface);
+        if (r < 0)
+                return log_oom();
+
+        r = set_put(members, m);
+        if (r <= 0) {
+                log_error("Duplicate interface");
+                return -EINVAL;
+        }
+
+        m = NULL;
+        return 0;
+}
+
+static int on_method(const char *interface, const char *name, const char *signature, const char *result, uint64_t flags, void *userdata) {
+        _cleanup_(member_freep) Member *m;
+        Set *members = userdata;
+        int r;
+
+        assert(interface);
+        assert(name);
+
+        m = new0(Member, 1);
+        if (!m)
+                return log_oom();
+
+        m->type = "method";
+        m->flags = flags;
+
+        r = free_and_strdup(&m->interface, interface);
+        if (r < 0)
+                return log_oom();
+
+        r = free_and_strdup(&m->name, name);
+        if (r < 0)
+                return log_oom();
+
+        r = free_and_strdup(&m->signature, signature);
+        if (r < 0)
+                return log_oom();
+
+        r = free_and_strdup(&m->result, result);
+        if (r < 0)
+                return log_oom();
+
+        r = set_put(members, m);
+        if (r <= 0) {
+                log_error("Duplicate method");
+                return -EINVAL;
+        }
+
+        m = NULL;
+        return 0;
+}
+
+static int on_signal(const char *interface, const char *name, const char *signature, uint64_t flags, void *userdata) {
+        _cleanup_(member_freep) Member *m;
+        Set *members = userdata;
+        int r;
+
+        assert(interface);
+        assert(name);
+
+        m = new0(Member, 1);
+        if (!m)
+                return log_oom();
+
+        m->type = "signal";
+        m->flags = flags;
+
+        r = free_and_strdup(&m->interface, interface);
+        if (r < 0)
+                return log_oom();
+
+        r = free_and_strdup(&m->name, name);
+        if (r < 0)
+                return log_oom();
+
+        r = free_and_strdup(&m->signature, signature);
+        if (r < 0)
+                return log_oom();
+
+        r = set_put(members, m);
+        if (r <= 0) {
+                log_error("Duplicate signal");
+                return -EINVAL;
+        }
+
+        m = NULL;
+        return 0;
+}
+
+static int on_property(const char *interface, const char *name, const char *signature, bool writable, uint64_t flags, void *userdata) {
+        _cleanup_(member_freep) Member *m;
+        Set *members = userdata;
+        int r;
+
+        assert(interface);
+        assert(name);
+
+        m = new0(Member, 1);
+        if (!m)
+                return log_oom();
+
+        m->type = "property";
+        m->flags = flags;
+        m->writable = writable;
+
+        r = free_and_strdup(&m->interface, interface);
+        if (r < 0)
+                return log_oom();
+
+        r = free_and_strdup(&m->name, name);
+        if (r < 0)
+                return log_oom();
+
+        r = free_and_strdup(&m->signature, signature);
+        if (r < 0)
+                return log_oom();
+
+        r = set_put(members, m);
+        if (r <= 0) {
+                log_error("Duplicate property");
+                return -EINVAL;
+        }
+
+        m = NULL;
+        return 0;
+}
+
+static const char *strdash(const char *x) {
+        return isempty(x) ? "-" : x;
+}
+
+static int introspect(sd_bus *bus, char **argv) {
+        static const struct hash_ops member_hash_ops = {
+                .hash = member_hash_func,
+                .compare = member_compare_func,
+        };
+
+        static const XMLIntrospectOps ops = {
+                .on_interface = on_interface,
+                .on_method = on_method,
+                .on_signal = on_signal,
+                .on_property = on_property,
+        };
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(member_set_freep) Set *members = NULL;
+        Iterator i;
+        Member *m;
+        const char *xml;
+        int r;
+        unsigned name_width,  type_width, signature_width, result_width;
+        Member **sorted = NULL;
+        unsigned k = 0, j, n_args;
+
+        n_args = strv_length(argv);
+        if (n_args < 3) {
+                log_error("Requires service and object path argument.");
+                return -EINVAL;
+        }
+
+        if (n_args > 4) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        members = set_new(&member_hash_ops);
+        if (!members)
+                return log_oom();
+
+        r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
+        if (r < 0) {
+                log_error("Failed to introspect object %s of service %s: %s", argv[2], argv[1], bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "s", &xml);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        /* First, get list of all properties */
+        r = parse_xml_introspect(argv[2], xml, &ops, members);
+        if (r < 0)
+                return r;
+
+        /* Second, find the current values for them */
+        SET_FOREACH(m, members, i) {
+
+                if (!streq(m->type, "property"))
+                        continue;
+
+                if (m->value)
+                        continue;
+
+                if (argv[3] && !streq(argv[3], m->interface))
+                        continue;
+
+                r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", m->interface);
+                if (r < 0) {
+                        log_error("%s", bus_error_message(&error, r));
+                        return r;
+                }
+
+                r = sd_bus_message_enter_container(reply, 'a', "{sv}");
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                for (;;) {
+                        Member *z;
+                        _cleanup_free_ char *buf = NULL;
+                        _cleanup_fclose_ FILE *mf = NULL;
+                        size_t sz = 0;
+                        const char *name;
+
+                        r = sd_bus_message_enter_container(reply, 'e', "sv");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (r == 0)
+                                break;
+
+                        r = sd_bus_message_read(reply, "s", &name);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_enter_container(reply, 'v', NULL);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        mf = open_memstream(&buf, &sz);
+                        if (!mf)
+                                return log_oom();
+
+                        r = format_cmdline(reply, mf, false);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        fclose(mf);
+                        mf = NULL;
+
+                        z = set_get(members, &((Member) {
+                                                .type = "property",
+                                                .interface = m->interface,
+                                                .name = (char*) name }));
+                        if (z) {
+                                free(z->value);
+                                z->value = buf;
+                                buf = NULL;
+                        }
+
+                        r = sd_bus_message_exit_container(reply);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(reply);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+                }
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+        }
+
+        pager_open(arg_no_pager, false);
+
+        name_width = strlen("NAME");
+        type_width = strlen("TYPE");
+        signature_width = strlen("SIGNATURE");
+        result_width = strlen("RESULT/VALUE");
+
+        sorted = newa(Member*, set_size(members));
+
+        SET_FOREACH(m, members, i) {
+
+                if (argv[3] && !streq(argv[3], m->interface))
+                        continue;
+
+                if (m->interface)
+                        name_width = MAX(name_width, strlen(m->interface));
+                if (m->name)
+                        name_width = MAX(name_width, strlen(m->name) + 1);
+                if (m->type)
+                        type_width = MAX(type_width, strlen(m->type));
+                if (m->signature)
+                        signature_width = MAX(signature_width, strlen(m->signature));
+                if (m->result)
+                        result_width = MAX(result_width, strlen(m->result));
+                if (m->value)
+                        result_width = MAX(result_width, strlen(m->value));
+
+                sorted[k++] = m;
+        }
+
+        if (result_width > 40)
+                result_width = 40;
+
+        qsort(sorted, k, sizeof(Member*), member_compare_funcp);
+
+        if (arg_legend) {
+                printf("%-*s %-*s %-*s %-*s %s\n",
+                       (int) name_width, "NAME",
+                       (int) type_width, "TYPE",
+                       (int) signature_width, "SIGNATURE",
+                       (int) result_width, "RESULT/VALUE",
+                       "FLAGS");
+        }
+
+        for (j = 0; j < k; j++) {
+                _cleanup_free_ char *ellipsized = NULL;
+                const char *rv;
+                bool is_interface;
+
+                m = sorted[j];
+
+                if (argv[3] && !streq(argv[3], m->interface))
+                        continue;
+
+                is_interface = streq(m->type, "interface");
+
+                if (argv[3] && is_interface)
+                        continue;
+
+                if (m->value) {
+                        ellipsized = ellipsize(m->value, result_width, 100);
+                        if (!ellipsized)
+                                return log_oom();
+
+                        rv = ellipsized;
+                } else
+                        rv = strdash(m->result);
+
+                printf("%s%s%-*s%s %-*s %-*s %-*s%s%s%s%s%s%s\n",
+                       is_interface ? ansi_highlight() : "",
+                       is_interface ? "" : ".",
+                       - !is_interface + (int) name_width, strdash(streq_ptr(m->type, "interface") ? m->interface : m->name),
+                       is_interface ? ansi_normal() : "",
+                       (int) type_width, strdash(m->type),
+                       (int) signature_width, strdash(m->signature),
+                       (int) result_width, rv,
+                       (m->flags & SD_BUS_VTABLE_DEPRECATED) ? " deprecated" : (m->flags || m->writable ? "" : " -"),
+                       (m->flags & SD_BUS_VTABLE_METHOD_NO_REPLY) ? " no-reply" : "",
+                       (m->flags & SD_BUS_VTABLE_PROPERTY_CONST) ? " const" : "",
+                       (m->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE) ? " emits-change" : "",
+                       (m->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION) ? " emits-invalidation" : "",
+                       m->writable ? " writable" : "");
+        }
+
+        return 0;
+}
+
+static int message_dump(sd_bus_message *m, FILE *f) {
+        return bus_message_dump(m, f, BUS_MESSAGE_DUMP_WITH_HEADER);
+}
+
+static int message_pcap(sd_bus_message *m, FILE *f) {
+        return bus_message_pcap_frame(m, arg_snaplen, f);
+}
+
+static int monitor(sd_bus *bus, char *argv[], int (*dump)(sd_bus_message *m, FILE *f)) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *message = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char **i;
+        uint32_t flags = 0;
+        int r;
+
+        /* upgrade connection; it's not used for anything else after this call */
+        r = sd_bus_message_new_method_call(bus, &message, "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus.Monitoring", "BecomeMonitor");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_open_container(message, 'a', "s");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        STRV_FOREACH(i, argv+1) {
+                _cleanup_free_ char *m = NULL;
+
+                if (!service_name_is_valid(*i)) {
+                        log_error("Invalid service name '%s'", *i);
+                        return -EINVAL;
+                }
+
+                m = strjoin("sender='", *i, "'", NULL);
+                if (!m)
+                        return log_oom();
+
+                r = sd_bus_message_append_basic(message, 's', m);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                free(m);
+                m = strjoin("destination='", *i, "'", NULL);
+                if (!m)
+                        return log_oom();
+
+                r = sd_bus_message_append_basic(message, 's', m);
+                if (r < 0)
+                        return bus_log_create_error(r);
+        }
+
+        STRV_FOREACH(i, arg_matches) {
+                r = sd_bus_message_append_basic(message, 's', *i);
+                if (r < 0)
+                        return bus_log_create_error(r);
+        }
+
+        r = sd_bus_message_close_container(message);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_basic(message, 'u', &flags);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, message, arg_timeout, &error, NULL);
+        if (r < 0) {
+                log_error("%s", bus_error_message(&error, r));
+                return r;
+        }
+
+        log_info("Monitoring bus message stream.");
+
+        for (;;) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+
+                r = sd_bus_process(bus, &m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to process bus: %m");
+
+                if (m) {
+                        dump(m, stdout);
+                        fflush(stdout);
+
+                        if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected") > 0) {
+                                log_info("Connection terminated, exiting.");
+                                return 0;
+                        }
+
+                        continue;
+                }
+
+                if (r > 0)
+                        continue;
+
+                r = sd_bus_wait(bus, (uint64_t) -1);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to wait for bus: %m");
+        }
+}
+
+static int capture(sd_bus *bus, char *argv[]) {
+        int r;
+
+        if (isatty(fileno(stdout)) > 0) {
+                log_error("Refusing to write message data to console, please redirect output to a file.");
+                return -EINVAL;
+        }
+
+        bus_pcap_header(arg_snaplen, stdout);
+
+        r = monitor(bus, argv, message_pcap);
+        if (r < 0)
+                return r;
+
+        if (ferror(stdout)) {
+                log_error("Couldn't write capture file.");
+                return -EIO;
+        }
+
+        return r;
+}
+
+static int status(sd_bus *bus, char *argv[]) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        pid_t pid;
+        int r;
+
+        assert(bus);
+
+        if (strv_length(argv) > 2) {
+                log_error("Expects no or one argument.");
+                return -EINVAL;
+        }
+
+        if (argv[1]) {
+                r = parse_pid(argv[1], &pid);
+                if (r < 0)
+                        r = sd_bus_get_name_creds(
+                                        bus,
+                                        argv[1],
+                                        (arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) | _SD_BUS_CREDS_ALL,
+                                        &creds);
+                else
+                        r = sd_bus_creds_new_from_pid(
+                                        &creds,
+                                        pid,
+                                        _SD_BUS_CREDS_ALL);
+        } else {
+                const char *scope, *address;
+                sd_id128_t bus_id;
+
+                r = sd_bus_get_address(bus, &address);
+                if (r >= 0)
+                        printf("BusAddress=%s%s%s\n", ansi_highlight(), address, ansi_normal());
+
+                r = sd_bus_get_scope(bus, &scope);
+                if (r >= 0)
+                        printf("BusScope=%s%s%s\n", ansi_highlight(), scope, ansi_normal());
+
+                r = sd_bus_get_bus_id(bus, &bus_id);
+                if (r >= 0)
+                        printf("BusID=%s" SD_ID128_FORMAT_STR "%s\n", ansi_highlight(), SD_ID128_FORMAT_VAL(bus_id), ansi_normal());
+
+                r = sd_bus_get_owner_creds(
+                                bus,
+                                (arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) | _SD_BUS_CREDS_ALL,
+                                &creds);
+        }
+
+        if (r < 0)
+                return log_error_errno(r, "Failed to get credentials: %m");
+
+        bus_creds_dump(creds, NULL, false);
+        return 0;
+}
+
+static int message_append_cmdline(sd_bus_message *m, const char *signature, char ***x) {
+        char **p;
+        int r;
+
+        assert(m);
+        assert(signature);
+        assert(x);
+
+        p = *x;
+
+        for (;;) {
+                const char *v;
+                char t;
+
+                t = *signature;
+                v = *p;
+
+                if (t == 0)
+                        break;
+                if (!v) {
+                        log_error("Too few parameters for signature.");
+                        return -EINVAL;
+                }
+
+                signature++;
+                p++;
+
+                switch (t) {
+
+                case SD_BUS_TYPE_BOOLEAN:
+
+                        r = parse_boolean(v);
+                        if (r < 0) {
+                                log_error("Failed to parse as boolean: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &r);
+                        break;
+
+                case SD_BUS_TYPE_BYTE: {
+                        uint8_t z;
+
+                        r = safe_atou8(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as byte (unsigned 8bit integer): %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+                case SD_BUS_TYPE_INT16: {
+                        int16_t z;
+
+                        r = safe_atoi16(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as signed 16bit integer: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+                case SD_BUS_TYPE_UINT16: {
+                        uint16_t z;
+
+                        r = safe_atou16(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as unsigned 16bit integer: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+                case SD_BUS_TYPE_INT32: {
+                        int32_t z;
+
+                        r = safe_atoi32(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as signed 32bit integer: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+                case SD_BUS_TYPE_UINT32: {
+                        uint32_t z;
+
+                        r = safe_atou32(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as unsigned 32bit integer: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+                case SD_BUS_TYPE_INT64: {
+                        int64_t z;
+
+                        r = safe_atoi64(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as signed 64bit integer: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+                case SD_BUS_TYPE_UINT64: {
+                        uint64_t z;
+
+                        r = safe_atou64(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as unsigned 64bit integer: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+
+                case SD_BUS_TYPE_DOUBLE: {
+                        double z;
+
+                        r = safe_atod(v, &z);
+                        if (r < 0) {
+                                log_error("Failed to parse as double precision floating point: %s", v);
+                                return r;
+                        }
+
+                        r = sd_bus_message_append_basic(m, t, &z);
+                        break;
+                }
+
+                case SD_BUS_TYPE_STRING:
+                case SD_BUS_TYPE_OBJECT_PATH:
+                case SD_BUS_TYPE_SIGNATURE:
+
+                        r = sd_bus_message_append_basic(m, t, v);
+                        break;
+
+                case SD_BUS_TYPE_ARRAY: {
+                        uint32_t n;
+                        size_t k;
+
+                        r = safe_atou32(v, &n);
+                        if (r < 0) {
+                                log_error("Failed to parse number of array entries: %s", v);
+                                return r;
+                        }
+
+                        r = signature_element_length(signature, &k);
+                        if (r < 0) {
+                                log_error("Invalid array signature.");
+                                return r;
+                        }
+
+                        {
+                                unsigned i;
+                                char s[k + 1];
+                                memcpy(s, signature, k);
+                                s[k] = 0;
+
+                                r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, s);
+                                if (r < 0)
+                                        return bus_log_create_error(r);
+
+                                for (i = 0; i < n; i++) {
+                                        r = message_append_cmdline(m, s, &p);
+                                        if (r < 0)
+                                                return r;
+                                }
+                        }
+
+                        signature += k;
+
+                        r = sd_bus_message_close_container(m);
+                        break;
+                }
+
+                case SD_BUS_TYPE_VARIANT:
+                        r = sd_bus_message_open_container(m, SD_BUS_TYPE_VARIANT, v);
+                        if (r < 0)
+                                return bus_log_create_error(r);
+
+                        r = message_append_cmdline(m, v, &p);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_close_container(m);
+                        break;
+
+                case SD_BUS_TYPE_STRUCT_BEGIN:
+                case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
+                        size_t k;
+
+                        signature--;
+                        p--;
+
+                        r = signature_element_length(signature, &k);
+                        if (r < 0) {
+                                log_error("Invalid struct/dict entry signature.");
+                                return r;
+                        }
+
+                        {
+                                char s[k-1];
+                                memcpy(s, signature + 1, k - 2);
+                                s[k - 2] = 0;
+
+                                r = sd_bus_message_open_container(m, t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
+                                if (r < 0)
+                                        return bus_log_create_error(r);
+
+                                r = message_append_cmdline(m, s, &p);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        signature += k;
+
+                        r = sd_bus_message_close_container(m);
+                        break;
+                }
+
+                case SD_BUS_TYPE_UNIX_FD:
+                        log_error("UNIX file descriptor not supported as type.");
+                        return -EINVAL;
+
+                default:
+                        log_error("Unknown signature type %c.", t);
+                        return -EINVAL;
+                }
+
+                if (r < 0)
+                        return bus_log_create_error(r);
+        }
+
+        *x = p;
+        return 0;
+}
+
+static int call(sd_bus *bus, char *argv[]) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        int r;
+
+        assert(bus);
+
+        if (strv_length(argv) < 5) {
+                log_error("Expects at least four arguments.");
+                return -EINVAL;
+        }
+
+        r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2], argv[3], argv[4]);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_set_expect_reply(m, arg_expect_reply);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_set_auto_start(m, arg_auto_start);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_set_allow_interactive_authorization(m, arg_allow_interactive_authorization);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        if (!isempty(argv[5])) {
+                char **p;
+
+                p = argv+6;
+
+                r = message_append_cmdline(m, argv[5], &p);
+                if (r < 0)
+                        return r;
+
+                if (*p) {
+                        log_error("Too many parameters for signature.");
+                        return -EINVAL;
+                }
+        }
+
+        if (!arg_expect_reply) {
+                r = sd_bus_send(bus, m, NULL);
+                if (r < 0) {
+                        log_error("Failed to send message.");
+                        return r;
+                }
+
+                return 0;
+        }
+
+        r = sd_bus_call(bus, m, arg_timeout, &error, &reply);
+        if (r < 0) {
+                log_error("%s", bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_message_is_empty(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (r == 0 && !arg_quiet) {
+
+                if (arg_verbose) {
+                        pager_open(arg_no_pager, false);
+
+                        r = bus_message_dump(reply, stdout, 0);
+                        if (r < 0)
+                                return r;
+                } else {
+
+                        fputs(sd_bus_message_get_signature(reply, true), stdout);
+                        fputc(' ', stdout);
+
+                        r = format_cmdline(reply, stdout, false);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        fputc('\n', stdout);
+                }
+        }
+
+        return 0;
+}
+
+static int get_property(sd_bus *bus, char *argv[]) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        unsigned n;
+        char **i;
+        int r;
+
+        assert(bus);
+
+        n = strv_length(argv);
+        if (n < 5) {
+                log_error("Expects at least four arguments.");
+                return -EINVAL;
+        }
+
+        STRV_FOREACH(i, argv + 4) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                const char *contents = NULL;
+                char type;
+
+                r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Get", &error, &reply, "ss", argv[3], *i);
+                if (r < 0) {
+                        log_error("%s", bus_error_message(&error, r));
+                        return r;
+                }
+
+                r = sd_bus_message_peek_type(reply, &type, &contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_enter_container(reply, 'v', contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (arg_verbose)  {
+                        pager_open(arg_no_pager, false);
+
+                        r = bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_SUBTREE_ONLY);
+                        if (r < 0)
+                                return r;
+                } else {
+                        fputs(contents, stdout);
+                        fputc(' ', stdout);
+
+                        r = format_cmdline(reply, stdout, false);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        fputc('\n', stdout);
+                }
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+        }
+
+        return 0;
+}
+
+static int set_property(sd_bus *bus, char *argv[]) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        unsigned n;
+        char **p;
+        int r;
+
+        assert(bus);
+
+        n = strv_length(argv);
+        if (n < 6) {
+                log_error("Expects at least five arguments.");
+                return -EINVAL;
+        }
+
+        r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Set");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(m, "ss", argv[3], argv[4]);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_open_container(m, 'v', argv[5]);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        p = argv+6;
+        r = message_append_cmdline(m, argv[5], &p);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        if (*p) {
+                log_error("Too many parameters for signature.");
+                return -EINVAL;
+        }
+
+        r = sd_bus_call(bus, m, arg_timeout, &error, NULL);
+        if (r < 0) {
+                log_error("%s", bus_error_message(&error, r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int help(void) {
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Introspect the bus.\n\n"
+               "  -h --help               Show this help\n"
+               "     --version            Show package version\n"
+               "     --no-pager           Do not pipe output into a pager\n"
+               "     --no-legend          Do not show the headers and footers\n"
+               "     --system             Connect to system bus\n"
+               "     --user               Connect to user bus\n"
+               "  -H --host=[USER@]HOST   Operate on remote host\n"
+               "  -M --machine=CONTAINER  Operate on local container\n"
+               "     --address=ADDRESS    Connect to bus specified by address\n"
+               "     --show-machine       Show machine ID column in list\n"
+               "     --unique             Only show unique names\n"
+               "     --acquired           Only show acquired names\n"
+               "     --activatable        Only show activatable names\n"
+               "     --match=MATCH        Only show matching messages\n"
+               "     --size=SIZE          Maximum length of captured packet\n"
+               "     --list               Don't show tree, but simple object path list\n"
+               "     --quiet              Don't show method call reply\n"
+               "     --verbose            Show result values in long format\n"
+               "     --expect-reply=BOOL  Expect a method call reply\n"
+               "     --auto-start=BOOL    Auto-start destination service\n"
+               "     --allow-interactive-authorization=BOOL\n"
+               "                          Allow interactive authorization for operation\n"
+               "     --timeout=SECS       Maximum time to wait for method call completion\n"
+               "     --augment-creds=BOOL Extend credential data with data read from /proc/$PID\n\n"
+               "Commands:\n"
+               "  list                    List bus names\n"
+               "  status [SERVICE]        Show bus service, process or bus owner credentials\n"
+               "  monitor [SERVICE...]    Show bus traffic\n"
+               "  capture [SERVICE...]    Capture bus traffic as pcap\n"
+               "  tree [SERVICE...]       Show object tree of service\n"
+               "  introspect SERVICE OBJECT [INTERFACE]\n"
+               "  call SERVICE OBJECT INTERFACE METHOD [SIGNATURE [ARGUMENT...]]\n"
+               "                          Call a method\n"
+               "  get-property SERVICE OBJECT INTERFACE PROPERTY...\n"
+               "                          Get property value\n"
+               "  set-property SERVICE OBJECT INTERFACE PROPERTY SIGNATURE ARGUMENT...\n"
+               "                          Set property value\n"
+               "  help                    Show this help\n"
+               , program_invocation_short_name);
+
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_PAGER,
+                ARG_NO_LEGEND,
+                ARG_SYSTEM,
+                ARG_USER,
+                ARG_ADDRESS,
+                ARG_MATCH,
+                ARG_SHOW_MACHINE,
+                ARG_UNIQUE,
+                ARG_ACQUIRED,
+                ARG_ACTIVATABLE,
+                ARG_SIZE,
+                ARG_LIST,
+                ARG_VERBOSE,
+                ARG_EXPECT_REPLY,
+                ARG_AUTO_START,
+                ARG_ALLOW_INTERACTIVE_AUTHORIZATION,
+                ARG_TIMEOUT,
+                ARG_AUGMENT_CREDS,
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'              },
+                { "version",      no_argument,       NULL, ARG_VERSION      },
+                { "no-pager",     no_argument,       NULL, ARG_NO_PAGER     },
+                { "no-legend",    no_argument,       NULL, ARG_NO_LEGEND    },
+                { "system",       no_argument,       NULL, ARG_SYSTEM       },
+                { "user",         no_argument,       NULL, ARG_USER         },
+                { "address",      required_argument, NULL, ARG_ADDRESS      },
+                { "show-machine", no_argument,       NULL, ARG_SHOW_MACHINE },
+                { "unique",       no_argument,       NULL, ARG_UNIQUE       },
+                { "acquired",     no_argument,       NULL, ARG_ACQUIRED     },
+                { "activatable",  no_argument,       NULL, ARG_ACTIVATABLE  },
+                { "match",        required_argument, NULL, ARG_MATCH        },
+                { "host",         required_argument, NULL, 'H'              },
+                { "machine",      required_argument, NULL, 'M'              },
+                { "size",         required_argument, NULL, ARG_SIZE         },
+                { "list",         no_argument,       NULL, ARG_LIST         },
+                { "quiet",        no_argument,       NULL, 'q'              },
+                { "verbose",      no_argument,       NULL, ARG_VERBOSE      },
+                { "expect-reply", required_argument, NULL, ARG_EXPECT_REPLY },
+                { "auto-start",   required_argument, NULL, ARG_AUTO_START   },
+                { "allow-interactive-authorization", required_argument, NULL, ARG_ALLOW_INTERACTIVE_AUTHORIZATION },
+                { "timeout",      required_argument, NULL, ARG_TIMEOUT      },
+                { "augment-creds",required_argument, NULL, ARG_AUGMENT_CREDS},
+                {},
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hH:M:q", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        return help();
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_NO_LEGEND:
+                        arg_legend = false;
+                        break;
+
+                case ARG_USER:
+                        arg_user = true;
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_user = false;
+                        break;
+
+                case ARG_ADDRESS:
+                        arg_address = optarg;
+                        break;
+
+                case ARG_SHOW_MACHINE:
+                        arg_show_machine = true;
+                        break;
+
+                case ARG_UNIQUE:
+                        arg_unique = true;
+                        break;
+
+                case ARG_ACQUIRED:
+                        arg_acquired = true;
+                        break;
+
+                case ARG_ACTIVATABLE:
+                        arg_activatable = true;
+                        break;
+
+                case ARG_MATCH:
+                        if (strv_extend(&arg_matches, optarg) < 0)
+                                return log_oom();
+                        break;
+
+                case ARG_SIZE: {
+                        uint64_t sz;
+
+                        r = parse_size(optarg, 1024, &sz);
+                        if (r < 0) {
+                                log_error("Failed to parse size: %s", optarg);
+                                return r;
+                        }
+
+                        if ((uint64_t) (size_t) sz !=  sz) {
+                                log_error("Size out of range.");
+                                return -E2BIG;
+                        }
+
+                        arg_snaplen = (size_t) sz;
+                        break;
+                }
+
+                case ARG_LIST:
+                        arg_list = true;
+                        break;
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
+                case ARG_VERBOSE:
+                        arg_verbose = true;
+                        break;
+
+                case ARG_EXPECT_REPLY:
+                        r = parse_boolean(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse --expect-reply= parameter.");
+                                return r;
+                        }
+
+                        arg_expect_reply = !!r;
+                        break;
+
+
+                case ARG_AUTO_START:
+                        r = parse_boolean(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse --auto-start= parameter.");
+                                return r;
+                        }
+
+                        arg_auto_start = !!r;
+                        break;
+
+
+                case ARG_ALLOW_INTERACTIVE_AUTHORIZATION:
+                        r = parse_boolean(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse --allow-interactive-authorization= parameter.");
+                                return r;
+                        }
+
+                        arg_allow_interactive_authorization = !!r;
+                        break;
+
+                case ARG_TIMEOUT:
+                        r = parse_sec(optarg, &arg_timeout);
+                        if (r < 0) {
+                                log_error("Failed to parse --timeout= parameter.");
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_AUGMENT_CREDS:
+                        r = parse_boolean(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse --augment-creds= parameter.");
+                                return r;
+                        }
+
+                        arg_augment_creds = !!r;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int busctl_main(sd_bus *bus, int argc, char *argv[]) {
+        assert(bus);
+
+        if (optind >= argc ||
+            streq(argv[optind], "list"))
+                return list_bus_names(bus, argv + optind);
+
+        if (streq(argv[optind], "monitor"))
+                return monitor(bus, argv + optind, message_dump);
+
+        if (streq(argv[optind], "capture"))
+                return capture(bus, argv + optind);
+
+        if (streq(argv[optind], "status"))
+                return status(bus, argv + optind);
+
+        if (streq(argv[optind], "tree"))
+                return tree(bus, argv + optind);
+
+        if (streq(argv[optind], "introspect"))
+                return introspect(bus, argv + optind);
+
+        if (streq(argv[optind], "call"))
+                return call(bus, argv + optind);
+
+        if (streq(argv[optind], "get-property"))
+                return get_property(bus, argv + optind);
+
+        if (streq(argv[optind], "set-property"))
+                return set_property(bus, argv + optind);
+
+        if (streq(argv[optind], "help"))
+                return help();
+
+        log_error("Unknown command '%s'", argv[optind]);
+        return -EINVAL;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = sd_bus_new(&bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate bus: %m");
+                goto finish;
+        }
+
+        if (streq_ptr(argv[optind], "monitor") ||
+            streq_ptr(argv[optind], "capture")) {
+
+                r = sd_bus_set_monitor(bus, true);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to set monitor mode: %m");
+                        goto finish;
+                }
+
+                r = sd_bus_negotiate_creds(bus, true, _SD_BUS_CREDS_ALL);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to enable credentials: %m");
+                        goto finish;
+                }
+
+                r = sd_bus_negotiate_timestamp(bus, true);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to enable timestamps: %m");
+                        goto finish;
+                }
+
+                r = sd_bus_negotiate_fds(bus, true);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to enable fds: %m");
+                        goto finish;
+                }
+        }
+
+        r = sd_bus_set_bus_client(bus, true);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set bus client: %m");
+                goto finish;
+        }
+
+        if (arg_address)
+                r = sd_bus_set_address(bus, arg_address);
+        else {
+                switch (arg_transport) {
+
+                case BUS_TRANSPORT_LOCAL:
+                        if (arg_user) {
+                                bus->is_user = true;
+                                r = bus_set_address_user(bus);
+                        } else {
+                                bus->is_system = true;
+                                r = bus_set_address_system(bus);
+                        }
+                        break;
+
+                case BUS_TRANSPORT_REMOTE:
+                        r = bus_set_address_system_remote(bus, arg_host);
+                        break;
+
+                case BUS_TRANSPORT_MACHINE:
+                        r = bus_set_address_system_machine(bus, arg_host);
+                        break;
+
+                default:
+                        assert_not_reached("Hmm, unknown transport type.");
+                }
+        }
+        if (r < 0) {
+                log_error_errno(r, "Failed to set address: %m");
+                goto finish;
+        }
+
+        r = sd_bus_start(bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to connect to bus: %m");
+                goto finish;
+        }
+
+        r = busctl_main(bus, argc, argv);
+
+finish:
+        pager_close();
+
+        strv_free(arg_matches);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/cgls/Makefile b/src/cgls/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/cgls/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/cgls/cgls.c b/src/cgls/cgls.c
deleted file mode 100644
index dcb5912b83..0000000000
--- a/src/cgls/cgls.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "cgroup-show.h"
-#include "cgroup-util.h"
-#include "fileio.h"
-#include "log.h"
-#include "output-mode.h"
-#include "pager.h"
-#include "path-util.h"
-#include "unit-name.h"
-#include "util.h"
-
-static bool arg_no_pager = false;
-static bool arg_kernel_threads = false;
-static bool arg_all = false;
-static int arg_full = -1;
-static char* arg_machine = NULL;
-
-static void help(void) {
-        printf("%s [OPTIONS...] [CGROUP...]\n\n"
-               "Recursively show control group contents.\n\n"
-               "  -h --help           Show this help\n"
-               "     --version        Show package version\n"
-               "     --no-pager       Do not pipe output into a pager\n"
-               "  -a --all            Show all groups, including empty\n"
-               "  -l --full           Do not ellipsize output\n"
-               "  -k                  Include kernel threads in output\n"
-               "  -M --machine=       Show container\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_NO_PAGER = 0x100,
-                ARG_VERSION,
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, 'h'          },
-                { "version",   no_argument,       NULL, ARG_VERSION  },
-                { "no-pager",  no_argument,       NULL, ARG_NO_PAGER },
-                { "all",       no_argument,       NULL, 'a'          },
-                { "full",      no_argument,       NULL, 'l'          },
-                { "machine",   required_argument, NULL, 'M'          },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 1);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hkalM:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case 'a':
-                        arg_all = true;
-                        break;
-
-                case 'l':
-                        arg_full = true;
-                        break;
-
-                case 'k':
-                        arg_kernel_threads = true;
-                        break;
-
-                case 'M':
-                        arg_machine = optarg;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int get_cgroup_root(char **ret) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_free_ char *unit = NULL, *path = NULL;
-        const char *m;
-        int r;
-
-        if (!arg_machine) {
-                r = cg_get_root_path(ret);
-                if (r == -ENOMEDIUM)
-                        return log_error_errno(r, "Failed to get root control group path: No cgroup filesystem mounted on /sys/fs/cgroup");
-                else if (r < 0)
-                        return log_error_errno(r, "Failed to get root control group path: %m");
-
-                return 0;
-        }
-
-        m = strjoina("/run/systemd/machines/", arg_machine);
-        r = parse_env_file(m, NEWLINE, "SCOPE", &unit, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to load machine data: %m");
-
-        path = unit_dbus_path_from_name(unit);
-        if (!path)
-                return log_oom();
-
-        r = bus_connect_transport_systemd(BUS_TRANSPORT_LOCAL, NULL, false, &bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create bus connection: %m");
-
-        r = sd_bus_get_property_string(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        unit_dbus_interface_from_name(unit),
-                        "ControlGroup",
-                        &error,
-                        ret);
-        if (r < 0)
-                return log_error_errno(r, "Failed to query unit control group path: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static void show_cg_info(const char *controller, const char *path) {
-
-        if (cg_unified() <= 0 && controller && !streq(controller, SYSTEMD_CGROUP_CONTROLLER))
-                printf("Controller %s; ", controller);
-
-        printf("Control group %s:\n", isempty(path) ? "/" : path);
-        fflush(stdout);
-}
-
-int main(int argc, char *argv[]) {
-        int r, output_flags;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        if (!arg_no_pager) {
-                r = pager_open(arg_no_pager, false);
-                if (r > 0 && arg_full < 0)
-                        arg_full = true;
-        }
-
-        output_flags =
-                arg_all * OUTPUT_SHOW_ALL |
-                (arg_full > 0) * OUTPUT_FULL_WIDTH |
-                arg_kernel_threads * OUTPUT_KERNEL_THREADS;
-
-        if (optind < argc) {
-                _cleanup_free_ char *root = NULL;
-                int i;
-
-                r = get_cgroup_root(&root);
-                if (r < 0)
-                        goto finish;
-
-                for (i = optind; i < argc; i++) {
-                        int q;
-
-                        if (path_startswith(argv[i], "/sys/fs/cgroup")) {
-
-                                printf("Directory %s:\n", argv[i]);
-                                fflush(stdout);
-
-                                q = show_cgroup_by_path(argv[i], NULL, 0, output_flags);
-                        } else {
-                                _cleanup_free_ char *c = NULL, *p = NULL, *j = NULL;
-                                const char *controller, *path;
-
-                                r = cg_split_spec(argv[i], &c, &p);
-                                if (r < 0) {
-                                        log_error_errno(r, "Failed to split argument %s: %m", argv[i]);
-                                        goto finish;
-                                }
-
-                                controller = c ?: SYSTEMD_CGROUP_CONTROLLER;
-                                if (p) {
-                                        j = strjoin(root, "/", p, NULL);
-                                        if (!j) {
-                                                r = log_oom();
-                                                goto finish;
-                                        }
-
-                                        path_kill_slashes(j);
-                                        path = j;
-                                } else
-                                        path = root;
-
-                                show_cg_info(controller, path);
-
-                                q = show_cgroup(controller, path, NULL, 0, output_flags);
-                        }
-
-                        if (q < 0)
-                                r = q;
-                }
-
-        } else {
-                bool done = false;
-
-                if (!arg_machine)  {
-                        _cleanup_free_ char *cwd = NULL;
-
-                        cwd = get_current_dir_name();
-                        if (!cwd) {
-                                r = log_error_errno(errno, "Cannot determine current working directory: %m");
-                                goto finish;
-                        }
-
-                        if (path_startswith(cwd, "/sys/fs/cgroup")) {
-                                printf("Working directory %s:\n", cwd);
-                                fflush(stdout);
-
-                                r = show_cgroup_by_path(cwd, NULL, 0, output_flags);
-                                done = true;
-                        }
-                }
-
-                if (!done) {
-                        _cleanup_free_ char *root = NULL;
-
-                        r = get_cgroup_root(&root);
-                        if (r < 0)
-                                goto finish;
-
-                        show_cg_info(SYSTEMD_CGROUP_CONTROLLER, root);
-
-                        printf("-.slice\n");
-                        r = show_cgroup(SYSTEMD_CGROUP_CONTROLLER, root, NULL, 0, output_flags);
-                }
-        }
-
-        if (r < 0)
-                log_error_errno(r, "Failed to list cgroup tree: %m");
-
-finish:
-        pager_close();
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/cgroups-agent/Makefile b/src/cgroups-agent/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/cgroups-agent/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/cgtop/Makefile b/src/cgtop/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/cgtop/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c
deleted file mode 100644
index e088e4b197..0000000000
--- a/src/cgtop/cgtop.c
+++ /dev/null
@@ -1,1115 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <alloca.h>
-#include <errno.h>
-#include <getopt.h>
-#include <signal.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "cgroup-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "hashmap.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "stdio-util.h"
-#include "terminal-util.h"
-#include "unit-name.h"
-#include "util.h"
-
-typedef struct Group {
-        char *path;
-
-        bool n_tasks_valid:1;
-        bool cpu_valid:1;
-        bool memory_valid:1;
-        bool io_valid:1;
-
-        uint64_t n_tasks;
-
-        unsigned cpu_iteration;
-        nsec_t cpu_usage;
-        nsec_t cpu_timestamp;
-        double cpu_fraction;
-
-        uint64_t memory;
-
-        unsigned io_iteration;
-        uint64_t io_input, io_output;
-        nsec_t io_timestamp;
-        uint64_t io_input_bps, io_output_bps;
-} Group;
-
-static unsigned arg_depth = 3;
-static unsigned arg_iterations = (unsigned) -1;
-static bool arg_batch = false;
-static bool arg_raw = false;
-static usec_t arg_delay = 1*USEC_PER_SEC;
-static char* arg_machine = NULL;
-static bool arg_recursive = true;
-
-static enum {
-        COUNT_PIDS,
-        COUNT_USERSPACE_PROCESSES,
-        COUNT_ALL_PROCESSES,
-} arg_count = COUNT_PIDS;
-
-static enum {
-        ORDER_PATH,
-        ORDER_TASKS,
-        ORDER_CPU,
-        ORDER_MEMORY,
-        ORDER_IO,
-} arg_order = ORDER_CPU;
-
-static enum {
-        CPU_PERCENT,
-        CPU_TIME,
-} arg_cpu_type = CPU_PERCENT;
-
-static void group_free(Group *g) {
-        assert(g);
-
-        free(g->path);
-        free(g);
-}
-
-static void group_hashmap_clear(Hashmap *h) {
-        Group *g;
-
-        while ((g = hashmap_steal_first(h)))
-                group_free(g);
-}
-
-static void group_hashmap_free(Hashmap *h) {
-        group_hashmap_clear(h);
-        hashmap_free(h);
-}
-
-static const char *maybe_format_bytes(char *buf, size_t l, bool is_valid, uint64_t t) {
-        if (!is_valid)
-                return "-";
-        if (arg_raw) {
-                snprintf(buf, l, "%jd", t);
-                return buf;
-        }
-        return format_bytes(buf, l, t);
-}
-
-static int process(
-                const char *controller,
-                const char *path,
-                Hashmap *a,
-                Hashmap *b,
-                unsigned iteration,
-                Group **ret) {
-
-        Group *g;
-        int r;
-
-        assert(controller);
-        assert(path);
-        assert(a);
-
-        g = hashmap_get(a, path);
-        if (!g) {
-                g = hashmap_get(b, path);
-                if (!g) {
-                        g = new0(Group, 1);
-                        if (!g)
-                                return -ENOMEM;
-
-                        g->path = strdup(path);
-                        if (!g->path) {
-                                group_free(g);
-                                return -ENOMEM;
-                        }
-
-                        r = hashmap_put(a, g->path, g);
-                        if (r < 0) {
-                                group_free(g);
-                                return r;
-                        }
-                } else {
-                        r = hashmap_move_one(a, b, path);
-                        if (r < 0)
-                                return r;
-
-                        g->cpu_valid = g->memory_valid = g->io_valid = g->n_tasks_valid = false;
-                }
-        }
-
-        if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && IN_SET(arg_count, COUNT_ALL_PROCESSES, COUNT_USERSPACE_PROCESSES)) {
-                _cleanup_fclose_ FILE *f = NULL;
-                pid_t pid;
-
-                r = cg_enumerate_processes(controller, path, &f);
-                if (r == -ENOENT)
-                        return 0;
-                if (r < 0)
-                        return r;
-
-                g->n_tasks = 0;
-                while (cg_read_pid(f, &pid) > 0) {
-
-                        if (arg_count == COUNT_USERSPACE_PROCESSES && is_kernel_thread(pid) > 0)
-                                continue;
-
-                        g->n_tasks++;
-                }
-
-                if (g->n_tasks > 0)
-                        g->n_tasks_valid = true;
-
-        } else if (streq(controller, "pids") && arg_count == COUNT_PIDS) {
-                _cleanup_free_ char *p = NULL, *v = NULL;
-
-                r = cg_get_path(controller, path, "pids.current", &p);
-                if (r < 0)
-                        return r;
-
-                r = read_one_line_file(p, &v);
-                if (r == -ENOENT)
-                        return 0;
-                if (r < 0)
-                        return r;
-
-                r = safe_atou64(v, &g->n_tasks);
-                if (r < 0)
-                        return r;
-
-                if (g->n_tasks > 0)
-                        g->n_tasks_valid = true;
-
-        } else if (streq(controller, "cpuacct") && cg_unified() <= 0) {
-                _cleanup_free_ char *p = NULL, *v = NULL;
-                uint64_t new_usage;
-                nsec_t timestamp;
-
-                r = cg_get_path(controller, path, "cpuacct.usage", &p);
-                if (r < 0)
-                        return r;
-
-                r = read_one_line_file(p, &v);
-                if (r == -ENOENT)
-                        return 0;
-                if (r < 0)
-                        return r;
-
-                r = safe_atou64(v, &new_usage);
-                if (r < 0)
-                        return r;
-
-                timestamp = now_nsec(CLOCK_MONOTONIC);
-
-                if (g->cpu_iteration == iteration - 1 &&
-                    (nsec_t) new_usage > g->cpu_usage) {
-
-                        nsec_t x, y;
-
-                        x = timestamp - g->cpu_timestamp;
-                        if (x < 1)
-                                x = 1;
-
-                        y = (nsec_t) new_usage - g->cpu_usage;
-                        g->cpu_fraction = (double) y / (double) x;
-                        g->cpu_valid = true;
-                }
-
-                g->cpu_usage = (nsec_t) new_usage;
-                g->cpu_timestamp = timestamp;
-                g->cpu_iteration = iteration;
-
-        } else if (streq(controller, "memory")) {
-                _cleanup_free_ char *p = NULL, *v = NULL;
-
-                if (cg_unified() <= 0)
-                        r = cg_get_path(controller, path, "memory.usage_in_bytes", &p);
-                else
-                        r = cg_get_path(controller, path, "memory.current", &p);
-                if (r < 0)
-                        return r;
-
-                r = read_one_line_file(p, &v);
-                if (r == -ENOENT)
-                        return 0;
-                if (r < 0)
-                        return r;
-
-                r = safe_atou64(v, &g->memory);
-                if (r < 0)
-                        return r;
-
-                if (g->memory > 0)
-                        g->memory_valid = true;
-
-        } else if ((streq(controller, "io") && cg_unified() > 0) ||
-                   (streq(controller, "blkio") && cg_unified() <= 0)) {
-                _cleanup_fclose_ FILE *f = NULL;
-                _cleanup_free_ char *p = NULL;
-                bool unified = cg_unified() > 0;
-                uint64_t wr = 0, rd = 0;
-                nsec_t timestamp;
-
-                r = cg_get_path(controller, path, unified ? "io.stat" : "blkio.io_service_bytes", &p);
-                if (r < 0)
-                        return r;
-
-                f = fopen(p, "re");
-                if (!f) {
-                        if (errno == ENOENT)
-                                return 0;
-                        return -errno;
-                }
-
-                for (;;) {
-                        char line[LINE_MAX], *l;
-                        uint64_t k, *q;
-
-                        if (!fgets(line, sizeof(line), f))
-                                break;
-
-                        /* Trim and skip the device */
-                        l = strstrip(line);
-                        l += strcspn(l, WHITESPACE);
-                        l += strspn(l, WHITESPACE);
-
-                        if (unified) {
-                                while (!isempty(l)) {
-                                        if (sscanf(l, "rbytes=%" SCNu64, &k))
-                                                rd += k;
-                                        else if (sscanf(l, "wbytes=%" SCNu64, &k))
-                                                wr += k;
-
-                                        l += strcspn(l, WHITESPACE);
-                                        l += strspn(l, WHITESPACE);
-                                }
-                        } else {
-                                if (first_word(l, "Read")) {
-                                        l += 4;
-                                        q = &rd;
-                                } else if (first_word(l, "Write")) {
-                                        l += 5;
-                                        q = &wr;
-                                } else
-                                        continue;
-
-                                l += strspn(l, WHITESPACE);
-                                r = safe_atou64(l, &k);
-                                if (r < 0)
-                                        continue;
-
-                                *q += k;
-                        }
-                }
-
-                timestamp = now_nsec(CLOCK_MONOTONIC);
-
-                if (g->io_iteration == iteration - 1) {
-                        uint64_t x, yr, yw;
-
-                        x = (uint64_t) (timestamp - g->io_timestamp);
-                        if (x < 1)
-                                x = 1;
-
-                        if (rd > g->io_input)
-                                yr = rd - g->io_input;
-                        else
-                                yr = 0;
-
-                        if (wr > g->io_output)
-                                yw = wr - g->io_output;
-                        else
-                                yw = 0;
-
-                        if (yr > 0 || yw > 0) {
-                                g->io_input_bps = (yr * 1000000000ULL) / x;
-                                g->io_output_bps = (yw * 1000000000ULL) / x;
-                                g->io_valid = true;
-                        }
-                }
-
-                g->io_input = rd;
-                g->io_output = wr;
-                g->io_timestamp = timestamp;
-                g->io_iteration = iteration;
-        }
-
-        if (ret)
-                *ret = g;
-
-        return 0;
-}
-
-static int refresh_one(
-                const char *controller,
-                const char *path,
-                Hashmap *a,
-                Hashmap *b,
-                unsigned iteration,
-                unsigned depth,
-                Group **ret) {
-
-        _cleanup_closedir_ DIR *d = NULL;
-        Group *ours = NULL;
-        int r;
-
-        assert(controller);
-        assert(path);
-        assert(a);
-
-        if (depth > arg_depth)
-                return 0;
-
-        r = process(controller, path, a, b, iteration, &ours);
-        if (r < 0)
-                return r;
-
-        r = cg_enumerate_subgroups(controller, path, &d);
-        if (r == -ENOENT)
-                return 0;
-        if (r < 0)
-                return r;
-
-        for (;;) {
-                _cleanup_free_ char *fn = NULL, *p = NULL;
-                Group *child = NULL;
-
-                r = cg_read_subgroup(d, &fn);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                p = strjoin(path, "/", fn, NULL);
-                if (!p)
-                        return -ENOMEM;
-
-                path_kill_slashes(p);
-
-                r = refresh_one(controller, p, a, b, iteration, depth + 1, &child);
-                if (r < 0)
-                        return r;
-
-                if (arg_recursive &&
-                    IN_SET(arg_count, COUNT_ALL_PROCESSES, COUNT_USERSPACE_PROCESSES) &&
-                    child &&
-                    child->n_tasks_valid &&
-                    streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
-
-                        /* Recursively sum up processes */
-
-                        if (ours->n_tasks_valid)
-                                ours->n_tasks += child->n_tasks;
-                        else {
-                                ours->n_tasks = child->n_tasks;
-                                ours->n_tasks_valid = true;
-                        }
-                }
-        }
-
-        if (ret)
-                *ret = ours;
-
-        return 1;
-}
-
-static int refresh(const char *root, Hashmap *a, Hashmap *b, unsigned iteration) {
-        int r;
-
-        assert(a);
-
-        r = refresh_one(SYSTEMD_CGROUP_CONTROLLER, root, a, b, iteration, 0, NULL);
-        if (r < 0)
-                return r;
-        r = refresh_one("cpuacct", root, a, b, iteration, 0, NULL);
-        if (r < 0)
-                return r;
-        r = refresh_one("memory", root, a, b, iteration, 0, NULL);
-        if (r < 0)
-                return r;
-        r = refresh_one("io", root, a, b, iteration, 0, NULL);
-        if (r < 0)
-                return r;
-        r = refresh_one("blkio", root, a, b, iteration, 0, NULL);
-        if (r < 0)
-                return r;
-        r = refresh_one("pids", root, a, b, iteration, 0, NULL);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int group_compare(const void*a, const void *b) {
-        const Group *x = *(Group**)a, *y = *(Group**)b;
-
-        if (arg_order != ORDER_TASKS || arg_recursive) {
-                /* Let's make sure that the parent is always before
-                 * the child. Except when ordering by tasks and
-                 * recursive summing is off, since that is actually
-                 * not accumulative for all children. */
-
-                if (path_startswith(y->path, x->path))
-                        return -1;
-                if (path_startswith(x->path, y->path))
-                        return 1;
-        }
-
-        switch (arg_order) {
-
-        case ORDER_PATH:
-                break;
-
-        case ORDER_CPU:
-                if (arg_cpu_type == CPU_PERCENT) {
-                        if (x->cpu_valid && y->cpu_valid) {
-                                if (x->cpu_fraction > y->cpu_fraction)
-                                        return -1;
-                                else if (x->cpu_fraction < y->cpu_fraction)
-                                        return 1;
-                        } else if (x->cpu_valid)
-                                return -1;
-                        else if (y->cpu_valid)
-                                return 1;
-                } else {
-                        if (x->cpu_usage > y->cpu_usage)
-                                return -1;
-                        else if (x->cpu_usage < y->cpu_usage)
-                                return 1;
-                }
-
-                break;
-
-        case ORDER_TASKS:
-                if (x->n_tasks_valid && y->n_tasks_valid) {
-                        if (x->n_tasks > y->n_tasks)
-                                return -1;
-                        else if (x->n_tasks < y->n_tasks)
-                                return 1;
-                } else if (x->n_tasks_valid)
-                        return -1;
-                else if (y->n_tasks_valid)
-                        return 1;
-
-                break;
-
-        case ORDER_MEMORY:
-                if (x->memory_valid && y->memory_valid) {
-                        if (x->memory > y->memory)
-                                return -1;
-                        else if (x->memory < y->memory)
-                                return 1;
-                } else if (x->memory_valid)
-                        return -1;
-                else if (y->memory_valid)
-                        return 1;
-
-                break;
-
-        case ORDER_IO:
-                if (x->io_valid && y->io_valid) {
-                        if (x->io_input_bps + x->io_output_bps > y->io_input_bps + y->io_output_bps)
-                                return -1;
-                        else if (x->io_input_bps + x->io_output_bps < y->io_input_bps + y->io_output_bps)
-                                return 1;
-                } else if (x->io_valid)
-                        return -1;
-                else if (y->io_valid)
-                        return 1;
-        }
-
-        return path_compare(x->path, y->path);
-}
-
-static void display(Hashmap *a) {
-        Iterator i;
-        Group *g;
-        Group **array;
-        signed path_columns;
-        unsigned rows, n = 0, j, maxtcpu = 0, maxtpath = 3; /* 3 for ellipsize() to work properly */
-        char buffer[MAX3(21, FORMAT_BYTES_MAX, FORMAT_TIMESPAN_MAX)];
-
-        assert(a);
-
-        if (on_tty())
-                fputs(ANSI_HOME_CLEAR, stdout);
-
-        array = alloca(sizeof(Group*) * hashmap_size(a));
-
-        HASHMAP_FOREACH(g, a, i)
-                if (g->n_tasks_valid || g->cpu_valid || g->memory_valid || g->io_valid)
-                        array[n++] = g;
-
-        qsort_safe(array, n, sizeof(Group*), group_compare);
-
-        /* Find the longest names in one run */
-        for (j = 0; j < n; j++) {
-                unsigned cputlen, pathtlen;
-
-                format_timespan(buffer, sizeof(buffer), (usec_t) (array[j]->cpu_usage / NSEC_PER_USEC), 0);
-                cputlen = strlen(buffer);
-                maxtcpu = MAX(maxtcpu, cputlen);
-
-                pathtlen = strlen(array[j]->path);
-                maxtpath = MAX(maxtpath, pathtlen);
-        }
-
-        if (arg_cpu_type == CPU_PERCENT)
-                xsprintf(buffer, "%6s", "%CPU");
-        else
-                xsprintf(buffer, "%*s", maxtcpu, "CPU Time");
-
-        rows = lines();
-        if (rows <= 10)
-                rows = 10;
-
-        if (on_tty()) {
-                const char *on, *off;
-
-                path_columns = columns() - 36 - strlen(buffer);
-                if (path_columns < 10)
-                        path_columns = 10;
-
-                on = ansi_highlight_underline();
-                off = ansi_underline();
-
-                printf("%s%s%-*s%s %s%7s%s %s%s%s %s%8s%s %s%8s%s %s%8s%s%s\n",
-                       ansi_underline(),
-                       arg_order == ORDER_PATH ? on : "", path_columns, "Control Group",
-                       arg_order == ORDER_PATH ? off : "",
-                       arg_order == ORDER_TASKS ? on : "", arg_count == COUNT_PIDS ? "Tasks" : arg_count == COUNT_USERSPACE_PROCESSES ? "Procs" : "Proc+",
-                       arg_order == ORDER_TASKS ? off : "",
-                       arg_order == ORDER_CPU ? on : "", buffer,
-                       arg_order == ORDER_CPU ? off : "",
-                       arg_order == ORDER_MEMORY ? on : "", "Memory",
-                       arg_order == ORDER_MEMORY ? off : "",
-                       arg_order == ORDER_IO ? on : "", "Input/s",
-                       arg_order == ORDER_IO ? off : "",
-                       arg_order == ORDER_IO ? on : "", "Output/s",
-                       arg_order == ORDER_IO ? off : "",
-                       ansi_normal());
-        } else
-                path_columns = maxtpath;
-
-        for (j = 0; j < n; j++) {
-                _cleanup_free_ char *ellipsized = NULL;
-                const char *path;
-
-                if (on_tty() && j + 6 > rows)
-                        break;
-
-                g = array[j];
-
-                path = isempty(g->path) ? "/" : g->path;
-                ellipsized = ellipsize(path, path_columns, 33);
-                printf("%-*s", path_columns, ellipsized ?: path);
-
-                if (g->n_tasks_valid)
-                        printf(" %7" PRIu64, g->n_tasks);
-                else
-                        fputs("       -", stdout);
-
-                if (arg_cpu_type == CPU_PERCENT) {
-                        if (g->cpu_valid)
-                                printf(" %6.1f", g->cpu_fraction*100);
-                        else
-                                fputs("      -", stdout);
-                } else
-                        printf(" %*s", maxtcpu, format_timespan(buffer, sizeof(buffer), (usec_t) (g->cpu_usage / NSEC_PER_USEC), 0));
-
-                printf(" %8s", maybe_format_bytes(buffer, sizeof(buffer), g->memory_valid, g->memory));
-                printf(" %8s", maybe_format_bytes(buffer, sizeof(buffer), g->io_valid, g->io_input_bps));
-                printf(" %8s", maybe_format_bytes(buffer, sizeof(buffer), g->io_valid, g->io_output_bps));
-
-                putchar('\n');
-        }
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...]\n\n"
-               "Show top control groups by their resource usage.\n\n"
-               "  -h --help           Show this help\n"
-               "     --version        Show package version\n"
-               "  -p --order=path     Order by path\n"
-               "  -t --order=tasks    Order by number of tasks/processes\n"
-               "  -c --order=cpu      Order by CPU load (default)\n"
-               "  -m --order=memory   Order by memory load\n"
-               "  -i --order=io       Order by IO load\n"
-               "  -r --raw            Provide raw (not human-readable) numbers\n"
-               "     --cpu=percentage Show CPU usage as percentage (default)\n"
-               "     --cpu=time       Show CPU usage as time\n"
-               "  -P                  Count userspace processes instead of tasks (excl. kernel)\n"
-               "  -k                  Count all processes instead of tasks (incl. kernel)\n"
-               "     --recursive=BOOL Sum up process count recursively\n"
-               "  -d --delay=DELAY    Delay between updates\n"
-               "  -n --iterations=N   Run for N iterations before exiting\n"
-               "  -b --batch          Run in batch mode, accepting no input\n"
-               "     --depth=DEPTH    Maximum traversal depth (default: %u)\n"
-               "  -M --machine=       Show container\n"
-               , program_invocation_short_name, arg_depth);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_DEPTH,
-                ARG_CPU_TYPE,
-                ARG_ORDER,
-                ARG_RECURSIVE,
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'           },
-                { "version",      no_argument,       NULL, ARG_VERSION   },
-                { "delay",        required_argument, NULL, 'd'           },
-                { "iterations",   required_argument, NULL, 'n'           },
-                { "batch",        no_argument,       NULL, 'b'           },
-                { "raw",          no_argument,       NULL, 'r'           },
-                { "depth",        required_argument, NULL, ARG_DEPTH     },
-                { "cpu",          optional_argument, NULL, ARG_CPU_TYPE  },
-                { "order",        required_argument, NULL, ARG_ORDER     },
-                { "recursive",    required_argument, NULL, ARG_RECURSIVE },
-                { "machine",      required_argument, NULL, 'M'           },
-                {}
-        };
-
-        bool recursive_unset = false;
-        int c, r;
-
-        assert(argc >= 1);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hptcmin:brd:kPM:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_CPU_TYPE:
-                        if (optarg) {
-                                if (streq(optarg, "time"))
-                                        arg_cpu_type = CPU_TIME;
-                                else if (streq(optarg, "percentage"))
-                                        arg_cpu_type = CPU_PERCENT;
-                                else {
-                                        log_error("Unknown argument to --cpu=: %s", optarg);
-                                        return -EINVAL;
-                                }
-                        } else
-                                arg_cpu_type = CPU_TIME;
-
-                        break;
-
-                case ARG_DEPTH:
-                        r = safe_atou(optarg, &arg_depth);
-                        if (r < 0) {
-                                log_error("Failed to parse depth parameter.");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case 'd':
-                        r = parse_sec(optarg, &arg_delay);
-                        if (r < 0 || arg_delay <= 0) {
-                                log_error("Failed to parse delay parameter.");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case 'n':
-                        r = safe_atou(optarg, &arg_iterations);
-                        if (r < 0) {
-                                log_error("Failed to parse iterations parameter.");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case 'b':
-                        arg_batch = true;
-                        break;
-
-                case 'r':
-                        arg_raw = true;
-                        break;
-
-                case 'p':
-                        arg_order = ORDER_PATH;
-                        break;
-
-                case 't':
-                        arg_order = ORDER_TASKS;
-                        break;
-
-                case 'c':
-                        arg_order = ORDER_CPU;
-                        break;
-
-                case 'm':
-                        arg_order = ORDER_MEMORY;
-                        break;
-
-                case 'i':
-                        arg_order = ORDER_IO;
-                        break;
-
-                case ARG_ORDER:
-                        if (streq(optarg, "path"))
-                                arg_order = ORDER_PATH;
-                        else if (streq(optarg, "tasks"))
-                                arg_order = ORDER_TASKS;
-                        else if (streq(optarg, "cpu"))
-                                arg_order = ORDER_CPU;
-                        else if (streq(optarg, "memory"))
-                                arg_order = ORDER_MEMORY;
-                        else if (streq(optarg, "io"))
-                                arg_order = ORDER_IO;
-                        else {
-                                log_error("Invalid argument to --order=: %s", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case 'k':
-                        arg_count = COUNT_ALL_PROCESSES;
-                        break;
-
-                case 'P':
-                        arg_count = COUNT_USERSPACE_PROCESSES;
-                        break;
-
-                case ARG_RECURSIVE:
-                        r = parse_boolean(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse --recursive= argument: %s", optarg);
-                                return r;
-                        }
-
-                        arg_recursive = r;
-                        recursive_unset = r == 0;
-                        break;
-
-                case 'M':
-                        arg_machine = optarg;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (optind < argc) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        if (recursive_unset && arg_count == COUNT_PIDS) {
-                log_error("Non-recursive counting is only supported when counting processes, not tasks. Use -P or -k.");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-static const char* counting_what(void) {
-        if (arg_count == COUNT_PIDS)
-                return "tasks";
-        else if (arg_count == COUNT_ALL_PROCESSES)
-                return "all processes (incl. kernel)";
-        else
-                return "userspace processes (excl. kernel)";
-}
-
-static int get_cgroup_root(char **ret) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_free_ char *unit = NULL, *path = NULL;
-        const char *m;
-        int r;
-
-        if (!arg_machine) {
-                r = cg_get_root_path(ret);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get root control group path: %m");
-
-                return 0;
-        }
-
-        m = strjoina("/run/systemd/machines/", arg_machine);
-        r = parse_env_file(m, NEWLINE, "SCOPE", &unit, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to load machine data: %m");
-
-        path = unit_dbus_path_from_name(unit);
-        if (!path)
-                return log_oom();
-
-        r = bus_connect_transport_systemd(BUS_TRANSPORT_LOCAL, NULL, false, &bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create bus connection: %m");
-
-        r = sd_bus_get_property_string(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        unit_dbus_interface_from_name(unit),
-                        "ControlGroup",
-                        &error,
-                        ret);
-        if (r < 0)
-                return log_error_errno(r, "Failed to query unit control group path: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-        Hashmap *a = NULL, *b = NULL;
-        unsigned iteration = 0;
-        usec_t last_refresh = 0;
-        bool quit = false, immediate_refresh = false;
-        _cleanup_free_ char *root = NULL;
-        CGroupMask mask;
-
-        log_parse_environment();
-        log_open();
-
-        r = cg_mask_supported(&mask);
-        if (r < 0) {
-                log_error_errno(r, "Failed to determine supported controllers: %m");
-                goto finish;
-        }
-
-        arg_count = (mask & CGROUP_MASK_PIDS) ? COUNT_PIDS : COUNT_USERSPACE_PROCESSES;
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = get_cgroup_root(&root);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get root control group path: %m");
-                goto finish;
-        }
-
-        a = hashmap_new(&string_hash_ops);
-        b = hashmap_new(&string_hash_ops);
-        if (!a || !b) {
-                r = log_oom();
-                goto finish;
-        }
-
-        signal(SIGWINCH, columns_lines_cache_reset);
-
-        if (arg_iterations == (unsigned) -1)
-                arg_iterations = on_tty() ? 0 : 1;
-
-        while (!quit) {
-                Hashmap *c;
-                usec_t t;
-                char key;
-                char h[FORMAT_TIMESPAN_MAX];
-
-                t = now(CLOCK_MONOTONIC);
-
-                if (t >= last_refresh + arg_delay || immediate_refresh) {
-
-                        r = refresh(root, a, b, iteration++);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to refresh: %m");
-                                goto finish;
-                        }
-
-                        group_hashmap_clear(b);
-
-                        c = a;
-                        a = b;
-                        b = c;
-
-                        last_refresh = t;
-                        immediate_refresh = false;
-                }
-
-                display(b);
-
-                if (arg_iterations && iteration >= arg_iterations)
-                        break;
-
-                if (!on_tty()) /* non-TTY: Empty newline as delimiter between polls */
-                        fputs("\n", stdout);
-                fflush(stdout);
-
-                if (arg_batch)
-                        (void) usleep(last_refresh + arg_delay - t);
-                else {
-                        r = read_one_char(stdin, &key, last_refresh + arg_delay - t, NULL);
-                        if (r == -ETIMEDOUT)
-                                continue;
-                        if (r < 0) {
-                                log_error_errno(r, "Couldn't read key: %m");
-                                goto finish;
-                        }
-                }
-
-                if (on_tty()) { /* TTY: Clear any user keystroke */
-                        fputs("\r \r", stdout);
-                        fflush(stdout);
-                }
-
-                if (arg_batch)
-                        continue;
-
-                switch (key) {
-
-                case ' ':
-                        immediate_refresh = true;
-                        break;
-
-                case 'q':
-                        quit = true;
-                        break;
-
-                case 'p':
-                        arg_order = ORDER_PATH;
-                        break;
-
-                case 't':
-                        arg_order = ORDER_TASKS;
-                        break;
-
-                case 'c':
-                        arg_order = ORDER_CPU;
-                        break;
-
-                case 'm':
-                        arg_order = ORDER_MEMORY;
-                        break;
-
-                case 'i':
-                        arg_order = ORDER_IO;
-                        break;
-
-                case '%':
-                        arg_cpu_type = arg_cpu_type == CPU_TIME ? CPU_PERCENT : CPU_TIME;
-                        break;
-
-                case 'k':
-                        arg_count = arg_count != COUNT_ALL_PROCESSES ? COUNT_ALL_PROCESSES : COUNT_PIDS;
-                        fprintf(stdout, "\nCounting: %s.", counting_what());
-                        fflush(stdout);
-                        sleep(1);
-                        break;
-
-                case 'P':
-                        arg_count = arg_count != COUNT_USERSPACE_PROCESSES ? COUNT_USERSPACE_PROCESSES : COUNT_PIDS;
-                        fprintf(stdout, "\nCounting: %s.", counting_what());
-                        fflush(stdout);
-                        sleep(1);
-                        break;
-
-                case 'r':
-                        if (arg_count == COUNT_PIDS)
-                                fprintf(stdout, "\n\aCannot toggle recursive counting, not available in task counting mode.");
-                        else {
-                                arg_recursive = !arg_recursive;
-                                fprintf(stdout, "\nRecursive process counting: %s", yes_no(arg_recursive));
-                        }
-                        fflush(stdout);
-                        sleep(1);
-                        break;
-
-                case '+':
-                        if (arg_delay < USEC_PER_SEC)
-                                arg_delay += USEC_PER_MSEC*250;
-                        else
-                                arg_delay += USEC_PER_SEC;
-
-                        fprintf(stdout, "\nIncreased delay to %s.", format_timespan(h, sizeof(h), arg_delay, 0));
-                        fflush(stdout);
-                        sleep(1);
-                        break;
-
-                case '-':
-                        if (arg_delay <= USEC_PER_MSEC*500)
-                                arg_delay = USEC_PER_MSEC*250;
-                        else if (arg_delay < USEC_PER_MSEC*1250)
-                                arg_delay -= USEC_PER_MSEC*250;
-                        else
-                                arg_delay -= USEC_PER_SEC;
-
-                        fprintf(stdout, "\nDecreased delay to %s.", format_timespan(h, sizeof(h), arg_delay, 0));
-                        fflush(stdout);
-                        sleep(1);
-                        break;
-
-                case '?':
-                case 'h':
-
-#define ON ANSI_HIGHLIGHT
-#define OFF ANSI_NORMAL
-
-                        fprintf(stdout,
-                                "\t<" ON "p" OFF "> By path; <" ON "t" OFF "> By tasks/procs; <" ON "c" OFF "> By CPU; <" ON "m" OFF "> By memory; <" ON "i" OFF "> By I/O\n"
-                                "\t<" ON "+" OFF "> Inc. delay; <" ON "-" OFF "> Dec. delay; <" ON "%%" OFF "> Toggle time; <" ON "SPACE" OFF "> Refresh\n"
-                                "\t<" ON "P" OFF "> Toggle count userspace processes; <" ON "k" OFF "> Toggle count all processes\n"
-                                "\t<" ON "r" OFF "> Count processes recursively; <" ON "q" OFF "> Quit");
-                        fflush(stdout);
-                        sleep(3);
-                        break;
-
-                default:
-                        if (key < ' ')
-                                fprintf(stdout, "\nUnknown key '\\x%x'. Ignoring.", key);
-                        else
-                                fprintf(stdout, "\nUnknown key '%c'. Ignoring.", key);
-                        fflush(stdout);
-                        sleep(1);
-                        break;
-                }
-        }
-
-        r = 0;
-
-finish:
-        group_hashmap_free(a);
-        group_hashmap_free(b);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/core/Makefile b/src/core/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/core/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/core/dbus-cgroup.h b/src/core/dbus-cgroup.h
deleted file mode 100644
index b2212fe44e..0000000000
--- a/src/core/dbus-cgroup.h
+++ /dev/null
@@ -1,28 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "cgroup.h"
-
-extern const sd_bus_vtable bus_cgroup_vtable[];
-
-int bus_cgroup_set_property(Unit *u, CGroupContext *c, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h
deleted file mode 100644
index d0aa8e1dd5..0000000000
--- a/src/core/dbus-execute.h
+++ /dev/null
@@ -1,45 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "execute.h"
-
-#define BUS_EXEC_STATUS_VTABLE(prefix, offset, flags)                   \
-        BUS_PROPERTY_DUAL_TIMESTAMP(prefix "StartTimestamp", (offset) + offsetof(ExecStatus, start_timestamp), flags), \
-        BUS_PROPERTY_DUAL_TIMESTAMP(prefix "ExitTimestamp", (offset) + offsetof(ExecStatus, exit_timestamp), flags), \
-        SD_BUS_PROPERTY(prefix "PID", "u", bus_property_get_pid, (offset) + offsetof(ExecStatus, pid), flags), \
-        SD_BUS_PROPERTY(prefix "Code", "i", bus_property_get_int, (offset) + offsetof(ExecStatus, code), flags), \
-        SD_BUS_PROPERTY(prefix "Status", "i", bus_property_get_int, (offset) + offsetof(ExecStatus, status), flags)
-
-#define BUS_EXEC_COMMAND_VTABLE(name, offset, flags)                    \
-        SD_BUS_PROPERTY(name, "a(sasbttttuii)", bus_property_get_exec_command, offset, flags)
-
-#define BUS_EXEC_COMMAND_LIST_VTABLE(name, offset, flags)                    \
-        SD_BUS_PROPERTY(name, "a(sasbttttuii)", bus_property_get_exec_command_list, offset, flags)
-
-extern const sd_bus_vtable bus_exec_vtable[];
-
-int bus_property_get_exec_output(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
-int bus_property_get_exec_command(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
-int bus_property_get_exec_command_list(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
-
-int bus_exec_context_set_transient_property(Unit *u, ExecContext *c, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/core/dbus-job.c b/src/core/dbus-job.c
deleted file mode 100644
index ccf7453d47..0000000000
--- a/src/core/dbus-job.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "dbus-job.h"
-#include "dbus.h"
-#include "job.h"
-#include "log.h"
-#include "selinux-access.h"
-#include "string-util.h"
-
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, job_type, JobType);
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_state, job_state, JobState);
-
-static int property_get_unit(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        _cleanup_free_ char *p = NULL;
-        Job *j = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(j);
-
-        p = unit_dbus_path(j->unit);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_message_append(reply, "(so)", j->unit->id, p);
-}
-
-int bus_job_method_cancel(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Job *j = userdata;
-        int r;
-
-        assert(message);
-        assert(j);
-
-        r = mac_selinux_unit_access_check(j->unit, message, "stop", error);
-        if (r < 0)
-                return r;
-
-        /* Access is granted to the job owner */
-        if (!sd_bus_track_contains(j->clients, sd_bus_message_get_sender(message))) {
-
-                /* And for everybody else consult PolicyKit */
-                r = bus_verify_manage_units_async(j->unit->manager, message, error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-        }
-
-        job_finish_and_invalidate(j, JOB_CANCELED, true, false);
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-const sd_bus_vtable bus_job_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_METHOD("Cancel", NULL, NULL, bus_job_method_cancel, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_PROPERTY("Id", "u", NULL, offsetof(Job, id), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Unit", "(so)", property_get_unit, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("JobType", "s", property_get_type, offsetof(Job, type), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("State", "s", property_get_state, offsetof(Job, state), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_VTABLE_END
-};
-
-static int send_new_signal(sd_bus *bus, void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *p = NULL;
-        Job *j = userdata;
-        int r;
-
-        assert(bus);
-        assert(j);
-
-        p = job_dbus_path(j);
-        if (!p)
-                return -ENOMEM;
-
-        r = sd_bus_message_new_signal(
-                        bus,
-                        &m,
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "JobNew");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "uos", j->id, p, j->unit->id);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(bus, m, NULL);
-}
-
-static int send_changed_signal(sd_bus *bus, void *userdata) {
-        _cleanup_free_ char *p = NULL;
-        Job *j = userdata;
-
-        assert(bus);
-        assert(j);
-
-        p = job_dbus_path(j);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_emit_properties_changed(bus, p, "org.freedesktop.systemd1.Job", "State", NULL);
-}
-
-void bus_job_send_change_signal(Job *j) {
-        int r;
-
-        assert(j);
-
-        if (j->in_dbus_queue) {
-                LIST_REMOVE(dbus_queue, j->manager->dbus_job_queue, j);
-                j->in_dbus_queue = false;
-        }
-
-        r = bus_foreach_bus(j->manager, j->clients, j->sent_dbus_new_signal ? send_changed_signal : send_new_signal, j);
-        if (r < 0)
-                log_debug_errno(r, "Failed to send job change signal for %u: %m", j->id);
-
-        j->sent_dbus_new_signal = true;
-}
-
-static int send_removed_signal(sd_bus *bus, void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *p = NULL;
-        Job *j = userdata;
-        int r;
-
-        assert(bus);
-        assert(j);
-
-        p = job_dbus_path(j);
-        if (!p)
-                return -ENOMEM;
-
-        r = sd_bus_message_new_signal(
-                        bus,
-                        &m,
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "JobRemoved");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "uoss", j->id, p, j->unit->id, job_result_to_string(j->result));
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(bus, m, NULL);
-}
-
-void bus_job_send_removed_signal(Job *j) {
-        int r;
-
-        assert(j);
-
-        if (!j->sent_dbus_new_signal)
-                bus_job_send_change_signal(j);
-
-        r = bus_foreach_bus(j->manager, j->clients, send_removed_signal, j);
-        if (r < 0)
-                log_debug_errno(r, "Failed to send job remove signal for %u: %m", j->id);
-}
diff --git a/src/core/dbus-job.h b/src/core/dbus-job.h
deleted file mode 100644
index 024d06719e..0000000000
--- a/src/core/dbus-job.h
+++ /dev/null
@@ -1,31 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "job.h"
-
-extern const sd_bus_vtable bus_job_vtable[];
-
-int bus_job_method_cancel(sd_bus_message *message, void *job, sd_bus_error *error);
-
-void bus_job_send_change_signal(Job *j);
-void bus_job_send_removed_signal(Job *j);
diff --git a/src/core/dbus-kill.h b/src/core/dbus-kill.h
deleted file mode 100644
index b9b18811e3..0000000000
--- a/src/core/dbus-kill.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "kill.h"
-#include "unit.h"
-
-extern const sd_bus_vtable bus_kill_vtable[];
-
-int bus_kill_context_set_transient_property(Unit *u, KillContext *c, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/core/dbus-mount.h b/src/core/dbus-mount.h
deleted file mode 100644
index ec16166d36..0000000000
--- a/src/core/dbus-mount.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_mount_vtable[];
-
-int bus_mount_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
-int bus_mount_commit_properties(Unit *u);
diff --git a/src/core/dbus-scope.h b/src/core/dbus-scope.h
deleted file mode 100644
index 270306f508..0000000000
--- a/src/core/dbus-scope.h
+++ /dev/null
@@ -1,31 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_scope_vtable[];
-
-int bus_scope_set_property(Unit *u, const char *name, sd_bus_message *i, UnitSetPropertiesMode mode, sd_bus_error *error);
-int bus_scope_commit_properties(Unit *u);
-
-int bus_scope_send_request_stop(Scope *s);
diff --git a/src/core/dbus-service.h b/src/core/dbus-service.h
deleted file mode 100644
index 769a53769e..0000000000
--- a/src/core/dbus-service.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_service_vtable[];
-
-int bus_service_set_property(Unit *u, const char *name, sd_bus_message *i, UnitSetPropertiesMode mode, sd_bus_error *error);
-int bus_service_commit_properties(Unit *u);
diff --git a/src/core/dbus-slice.h b/src/core/dbus-slice.h
deleted file mode 100644
index 52ceebb135..0000000000
--- a/src/core/dbus-slice.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_slice_vtable[];
-
-int bus_slice_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
-int bus_slice_commit_properties(Unit *u);
diff --git a/src/core/dbus-socket.h b/src/core/dbus-socket.h
deleted file mode 100644
index 7a792c7a89..0000000000
--- a/src/core/dbus-socket.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_socket_vtable[];
-
-int bus_socket_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
-int bus_socket_commit_properties(Unit *u);
diff --git a/src/core/dbus-swap.h b/src/core/dbus-swap.h
deleted file mode 100644
index 5238471f98..0000000000
--- a/src/core/dbus-swap.h
+++ /dev/null
@@ -1,30 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-  Copyright 2010 Maarten Lankhorst
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_swap_vtable[];
-
-int bus_swap_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
-int bus_swap_commit_properties(Unit *u);
diff --git a/src/core/dbus-target.h b/src/core/dbus-target.h
deleted file mode 100644
index 9be5ce06b7..0000000000
--- a/src/core/dbus-target.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-extern const sd_bus_vtable bus_target_vtable[];
diff --git a/src/core/dbus-timer.h b/src/core/dbus-timer.h
deleted file mode 100644
index 39053dc4a2..0000000000
--- a/src/core/dbus-timer.h
+++ /dev/null
@@ -1,28 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_timer_vtable[];
-
-int bus_timer_set_property(Unit *u, const char *name, sd_bus_message *i, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
deleted file mode 100644
index e912fe2192..0000000000
--- a/src/core/dbus-unit.c
+++ /dev/null
@@ -1,1423 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "cgroup-util.h"
-#include "dbus-unit.h"
-#include "dbus.h"
-#include "fd-util.h"
-#include "locale-util.h"
-#include "log.h"
-#include "process-util.h"
-#include "selinux-access.h"
-#include "signal-util.h"
-#include "special.h"
-#include "string-util.h"
-#include "strv.h"
-#include "user-util.h"
-
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_load_state, unit_load_state, UnitLoadState);
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_job_mode, job_mode, JobMode);
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_failure_action, failure_action, FailureAction);
-
-static int property_get_names(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-        Iterator i;
-        const char *t;
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        r = sd_bus_message_open_container(reply, 'a', "s");
-        if (r < 0)
-                return r;
-
-        SET_FOREACH(t, u->names, i) {
-                r = sd_bus_message_append(reply, "s", t);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_message_close_container(reply);
-}
-
-static int property_get_following(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata, *f;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        f = unit_following(u);
-        return sd_bus_message_append(reply, "s", f ? f->id : "");
-}
-
-static int property_get_dependencies(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Set *s = *(Set**) userdata;
-        Iterator j;
-        Unit *u;
-        int r;
-
-        assert(bus);
-        assert(reply);
-
-        r = sd_bus_message_open_container(reply, 'a', "s");
-        if (r < 0)
-                return r;
-
-        SET_FOREACH(u, s, j) {
-                r = sd_bus_message_append(reply, "s", u->id);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_message_close_container(reply);
-}
-
-static int property_get_obsolete_dependencies(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        assert(bus);
-        assert(reply);
-
-        /* For dependency types we don't support anymore always return an empty array */
-        return sd_bus_message_append(reply, "as", 0);
-}
-
-static int property_get_description(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "s", unit_description(u));
-}
-
-static int property_get_active_state(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "s", unit_active_state_to_string(unit_active_state(u)));
-}
-
-static int property_get_sub_state(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "s", unit_sub_state_to_string(u));
-}
-
-static int property_get_unit_file_preset(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        r = unit_get_unit_file_preset(u);
-
-        return sd_bus_message_append(reply, "s",
-                                     r < 0 ? "":
-                                     r > 0 ? "enabled" : "disabled");
-}
-
-static int property_get_unit_file_state(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "s", unit_file_state_to_string(unit_get_unit_file_state(u)));
-}
-
-static int property_get_can_start(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "b", unit_can_start(u) && !u->refuse_manual_start);
-}
-
-static int property_get_can_stop(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        /* On the lower levels we assume that every unit we can start
-         * we can also stop */
-
-        return sd_bus_message_append(reply, "b", unit_can_start(u) && !u->refuse_manual_stop);
-}
-
-static int property_get_can_reload(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "b", unit_can_reload(u));
-}
-
-static int property_get_can_isolate(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "b", unit_can_isolate(u) && !u->refuse_manual_start);
-}
-
-static int property_get_job(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        _cleanup_free_ char *p = NULL;
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        if (!u->job)
-                return sd_bus_message_append(reply, "(uo)", 0, "/");
-
-        p = job_dbus_path(u->job);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_message_append(reply, "(uo)", u->job->id, p);
-}
-
-static int property_get_need_daemon_reload(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "b", unit_need_daemon_reload(u));
-}
-
-static int property_get_conditions(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        const char *(*to_string)(ConditionType type) = NULL;
-        Condition **list = userdata, *c;
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(list);
-
-        to_string = streq(property, "Asserts") ? assert_type_to_string : condition_type_to_string;
-
-        r = sd_bus_message_open_container(reply, 'a', "(sbbsi)");
-        if (r < 0)
-                return r;
-
-        LIST_FOREACH(conditions, c, *list) {
-                int tristate;
-
-                tristate =
-                        c->result == CONDITION_UNTESTED ? 0 :
-                        c->result == CONDITION_SUCCEEDED ? 1 : -1;
-
-                r = sd_bus_message_append(reply, "(sbbsi)",
-                                          to_string(c->type),
-                                          c->trigger, c->negate,
-                                          c->parameter, tristate);
-                if (r < 0)
-                        return r;
-
-        }
-
-        return sd_bus_message_close_container(reply);
-}
-
-static int property_get_load_error(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        if (u->load_error != 0)
-                sd_bus_error_set_errno(&e, u->load_error);
-
-        return sd_bus_message_append(reply, "(ss)", e.name, e.message);
-}
-
-static int bus_verify_manage_units_async_full(
-                Unit *u,
-                const char *verb,
-                int capability,
-                const char *polkit_message,
-                sd_bus_message *call,
-                sd_bus_error *error) {
-
-        const char *details[9] = {
-                "unit", u->id,
-                "verb", verb,
-        };
-
-        if (polkit_message) {
-                details[4] = "polkit.message";
-                details[5] = polkit_message;
-                details[6] = "polkit.gettext_domain";
-                details[7] = GETTEXT_PACKAGE;
-        }
-
-        return bus_verify_polkit_async(call, capability, "org.freedesktop.systemd1.manage-units", details, false, UID_INVALID, &u->manager->polkit_registry, error);
-}
-
-int bus_unit_method_start_generic(
-                sd_bus_message *message,
-                Unit *u,
-                JobType job_type,
-                bool reload_if_possible,
-                sd_bus_error *error) {
-
-        const char *smode;
-        JobMode mode;
-        _cleanup_free_ char *verb = NULL;
-        static const char *const polkit_message_for_job[_JOB_TYPE_MAX] = {
-                [JOB_START]       = N_("Authentication is required to start '$(unit)'."),
-                [JOB_STOP]        = N_("Authentication is required to stop '$(unit)'."),
-                [JOB_RELOAD]      = N_("Authentication is required to reload '$(unit)'."),
-                [JOB_RESTART]     = N_("Authentication is required to restart '$(unit)'."),
-                [JOB_TRY_RESTART] = N_("Authentication is required to restart '$(unit)'."),
-        };
-        int r;
-
-        assert(message);
-        assert(u);
-        assert(job_type >= 0 && job_type < _JOB_TYPE_MAX);
-
-        r = mac_selinux_unit_access_check(
-                        u, message,
-                        job_type_to_access_method(job_type),
-                        error);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(message, "s", &smode);
-        if (r < 0)
-                return r;
-
-        mode = job_mode_from_string(smode);
-        if (mode < 0)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Job mode %s invalid", smode);
-
-        if (reload_if_possible)
-                verb = strjoin("reload-or-", job_type_to_string(job_type), NULL);
-        else
-                verb = strdup(job_type_to_string(job_type));
-        if (!verb)
-                return -ENOMEM;
-
-        r = bus_verify_manage_units_async_full(
-                        u,
-                        verb,
-                        CAP_SYS_ADMIN,
-                        job_type < _JOB_TYPE_MAX ? polkit_message_for_job[job_type] : NULL,
-                        message,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        return bus_unit_queue_job(message, u, job_type, mode, reload_if_possible, error);
-}
-
-static int method_start(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return bus_unit_method_start_generic(message, userdata, JOB_START, false, error);
-}
-
-static int method_stop(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return bus_unit_method_start_generic(message, userdata, JOB_STOP, false, error);
-}
-
-static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return bus_unit_method_start_generic(message, userdata, JOB_RELOAD, false, error);
-}
-
-static int method_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return bus_unit_method_start_generic(message, userdata, JOB_RESTART, false, error);
-}
-
-static int method_try_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return bus_unit_method_start_generic(message, userdata, JOB_TRY_RESTART, false, error);
-}
-
-static int method_reload_or_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return bus_unit_method_start_generic(message, userdata, JOB_RESTART, true, error);
-}
-
-static int method_reload_or_try_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return bus_unit_method_start_generic(message, userdata, JOB_TRY_RESTART, true, error);
-}
-
-int bus_unit_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Unit *u = userdata;
-        const char *swho;
-        int32_t signo;
-        KillWho who;
-        int r;
-
-        assert(message);
-        assert(u);
-
-        r = mac_selinux_unit_access_check(u, message, "stop", error);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(message, "si", &swho, &signo);
-        if (r < 0)
-                return r;
-
-        if (isempty(swho))
-                who = KILL_ALL;
-        else {
-                who = kill_who_from_string(swho);
-                if (who < 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid who argument %s", swho);
-        }
-
-        if (!SIGNAL_VALID(signo))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Signal number out of range.");
-
-        r = bus_verify_manage_units_async_full(
-                        u,
-                        "kill",
-                        CAP_KILL,
-                        N_("Authentication is required to kill '$(unit)'."),
-                        message,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        r = unit_kill(u, who, signo, error);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-int bus_unit_method_reset_failed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Unit *u = userdata;
-        int r;
-
-        assert(message);
-        assert(u);
-
-        r = mac_selinux_unit_access_check(u, message, "reload", error);
-        if (r < 0)
-                return r;
-
-        r = bus_verify_manage_units_async_full(
-                        u,
-                        "reset-failed",
-                        CAP_SYS_ADMIN,
-                        N_("Authentication is required to reset the \"failed\" state of '$(unit)'."),
-                        message,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        unit_reset_failed(u);
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-int bus_unit_method_set_properties(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Unit *u = userdata;
-        int runtime, r;
-
-        assert(message);
-        assert(u);
-
-        r = mac_selinux_unit_access_check(u, message, "start", error);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(message, "b", &runtime);
-        if (r < 0)
-                return r;
-
-        r = bus_verify_manage_units_async_full(
-                        u,
-                        "set-property",
-                        CAP_SYS_ADMIN,
-                        N_("Authentication is required to set properties on '$(unit)'."),
-                        message,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        r = bus_unit_set_properties(u, message, runtime ? UNIT_RUNTIME : UNIT_PERSISTENT, true, error);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-const sd_bus_vtable bus_unit_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-
-        SD_BUS_PROPERTY("Id", "s", NULL, offsetof(Unit, id), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Names", "as", property_get_names, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Following", "s", property_get_following, 0, 0),
-        SD_BUS_PROPERTY("Requires", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUIRES]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Requisite", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUISITE]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Wants", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_WANTS]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("BindsTo", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_BINDS_TO]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("PartOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_PART_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RequiredBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUIRED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RequisiteOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUISITE_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("WantedBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_WANTED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("BoundBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_BOUND_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("ConsistsOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_CONSISTS_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Conflicts", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_CONFLICTS]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("ConflictedBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_CONFLICTED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Before", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_BEFORE]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("After", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_AFTER]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("OnFailure", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_ON_FAILURE]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Triggers", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_TRIGGERS]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("TriggeredBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_TRIGGERED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("PropagatesReloadTo", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_PROPAGATES_RELOAD_TO]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("ReloadPropagatedFrom", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_RELOAD_PROPAGATED_FROM]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("JoinsNamespaceOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_JOINS_NAMESPACE_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RequiresOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
-        SD_BUS_PROPERTY("RequisiteOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
-        SD_BUS_PROPERTY("RequiredByOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
-        SD_BUS_PROPERTY("RequisiteOfOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
-        SD_BUS_PROPERTY("RequiresMountsFor", "as", NULL, offsetof(Unit, requires_mounts_for), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Documentation", "as", NULL, offsetof(Unit, documentation), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Description", "s", property_get_description, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("LoadState", "s", property_get_load_state, offsetof(Unit, load_state), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("ActiveState", "s", property_get_active_state, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("SubState", "s", property_get_sub_state, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("FragmentPath", "s", NULL, offsetof(Unit, fragment_path), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("SourcePath", "s", NULL, offsetof(Unit, source_path), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("DropInPaths", "as", NULL, offsetof(Unit, dropin_paths), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("UnitFileState", "s", property_get_unit_file_state, 0, 0),
-        SD_BUS_PROPERTY("UnitFilePreset", "s", property_get_unit_file_preset, 0, 0),
-        BUS_PROPERTY_DUAL_TIMESTAMP("StateChangeTimestamp", offsetof(Unit, state_change_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        BUS_PROPERTY_DUAL_TIMESTAMP("InactiveExitTimestamp", offsetof(Unit, inactive_exit_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        BUS_PROPERTY_DUAL_TIMESTAMP("ActiveEnterTimestamp", offsetof(Unit, active_enter_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        BUS_PROPERTY_DUAL_TIMESTAMP("ActiveExitTimestamp", offsetof(Unit, active_exit_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        BUS_PROPERTY_DUAL_TIMESTAMP("InactiveEnterTimestamp", offsetof(Unit, inactive_enter_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("CanStart", "b", property_get_can_start, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("CanStop", "b", property_get_can_stop, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("CanReload", "b", property_get_can_reload, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("CanIsolate", "b", property_get_can_isolate, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Job", "(uo)", property_get_job, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("StopWhenUnneeded", "b", bus_property_get_bool, offsetof(Unit, stop_when_unneeded), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RefuseManualStart", "b", bus_property_get_bool, offsetof(Unit, refuse_manual_start), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RefuseManualStop", "b", bus_property_get_bool, offsetof(Unit, refuse_manual_stop), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("AllowIsolate", "b", bus_property_get_bool, offsetof(Unit, allow_isolate), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("DefaultDependencies", "b", bus_property_get_bool, offsetof(Unit, default_dependencies), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("OnFailureJobMode", "s", property_get_job_mode, offsetof(Unit, on_failure_job_mode), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("IgnoreOnIsolate", "b", bus_property_get_bool, offsetof(Unit, ignore_on_isolate), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("NeedDaemonReload", "b", property_get_need_daemon_reload, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("JobTimeoutUSec", "t", bus_property_get_usec, offsetof(Unit, job_timeout), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("JobTimeoutAction", "s", property_get_failure_action, offsetof(Unit, job_timeout_action), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("JobTimeoutRebootArgument", "s", NULL, offsetof(Unit, job_timeout_reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("ConditionResult", "b", bus_property_get_bool, offsetof(Unit, condition_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("AssertResult", "b", bus_property_get_bool, offsetof(Unit, assert_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        BUS_PROPERTY_DUAL_TIMESTAMP("ConditionTimestamp", offsetof(Unit, condition_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        BUS_PROPERTY_DUAL_TIMESTAMP("AssertTimestamp", offsetof(Unit, assert_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("Conditions", "a(sbbsi)", property_get_conditions, offsetof(Unit, conditions), 0),
-        SD_BUS_PROPERTY("Asserts", "a(sbbsi)", property_get_conditions, offsetof(Unit, asserts), 0),
-        SD_BUS_PROPERTY("LoadError", "(ss)", property_get_load_error, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Transient", "b", bus_property_get_bool, offsetof(Unit, transient), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("StartLimitIntervalSec", "t", bus_property_get_usec, offsetof(Unit, start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("StartLimitInterval", "t", bus_property_get_usec, offsetof(Unit, start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), /* obsolete alias name */
-        SD_BUS_PROPERTY("StartLimitBurst", "u", bus_property_get_unsigned, offsetof(Unit, start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("StartLimitAction", "s", property_get_failure_action, offsetof(Unit, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RebootArgument", "s", NULL, offsetof(Unit, reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST),
-
-        SD_BUS_METHOD("Start", "s", "o", method_start, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Stop", "s", "o", method_stop, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Reload", "s", "o", method_reload, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Restart", "s", "o", method_restart, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("TryRestart", "s", "o", method_try_restart, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ReloadOrRestart", "s", "o", method_reload_or_restart, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ReloadOrTryRestart", "s", "o", method_reload_or_try_restart, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Kill", "si", NULL, bus_unit_method_kill, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ResetFailed", NULL, NULL, bus_unit_method_reset_failed, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetProperties", "ba(sv)", NULL, bus_unit_method_set_properties, SD_BUS_VTABLE_UNPRIVILEGED),
-
-        SD_BUS_VTABLE_END
-};
-
-static int property_get_slice(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        return sd_bus_message_append(reply, "s", unit_slice_name(u));
-}
-
-static int property_get_current_memory(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        uint64_t sz = (uint64_t) -1;
-        Unit *u = userdata;
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        r = unit_get_memory_current(u, &sz);
-        if (r < 0 && r != -ENODATA)
-                log_unit_warning_errno(u, r, "Failed to get memory.usage_in_bytes attribute: %m");
-
-        return sd_bus_message_append(reply, "t", sz);
-}
-
-static int property_get_current_tasks(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        uint64_t cn = (uint64_t) -1;
-        Unit *u = userdata;
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        r = unit_get_tasks_current(u, &cn);
-        if (r < 0 && r != -ENODATA)
-                log_unit_warning_errno(u, r, "Failed to get pids.current attribute: %m");
-
-        return sd_bus_message_append(reply, "t", cn);
-}
-
-static int property_get_cpu_usage(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        nsec_t ns = (nsec_t) -1;
-        Unit *u = userdata;
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        r = unit_get_cpu_usage(u, &ns);
-        if (r < 0 && r != -ENODATA)
-                log_unit_warning_errno(u, r, "Failed to get cpuacct.usage attribute: %m");
-
-        return sd_bus_message_append(reply, "t", ns);
-}
-
-static int property_get_cgroup(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Unit *u = userdata;
-        const char *t;
-
-        assert(bus);
-        assert(reply);
-        assert(u);
-
-        /* Three cases: a) u->cgroup_path is NULL, in which case the
-         * unit has no control group, which we report as the empty
-         * string. b) u->cgroup_path is the empty string, which
-         * indicates the root cgroup, which we report as "/". c) all
-         * other cases we report as-is. */
-
-        if (u->cgroup_path)
-                t = isempty(u->cgroup_path) ? "/" : u->cgroup_path;
-        else
-                t = "";
-
-        return sd_bus_message_append(reply, "s", t);
-}
-
-static int append_process(sd_bus_message *reply, const char *p, pid_t pid, Set *pids) {
-        _cleanup_free_ char *buf = NULL, *cmdline = NULL;
-        int r;
-
-        assert(reply);
-        assert(pid > 0);
-
-        r = set_put(pids, PID_TO_PTR(pid));
-        if (r == -EEXIST || r == 0)
-                return 0;
-        if (r < 0)
-                return r;
-
-        if (!p) {
-                r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &buf);
-                if (r == -ESRCH)
-                        return 0;
-                if (r < 0)
-                        return r;
-
-                p = buf;
-        }
-
-        (void) get_process_cmdline(pid, 0, true, &cmdline);
-
-        return sd_bus_message_append(reply,
-                                     "(sus)",
-                                     p,
-                                     (uint32_t) pid,
-                                     cmdline);
-}
-
-static int append_cgroup(sd_bus_message *reply, const char *p, Set *pids) {
-        _cleanup_closedir_ DIR *d = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(reply);
-        assert(p);
-
-        r = cg_enumerate_processes(SYSTEMD_CGROUP_CONTROLLER, p, &f);
-        if (r == ENOENT)
-                return 0;
-        if (r < 0)
-                return r;
-
-        for (;;) {
-                pid_t pid;
-
-                r = cg_read_pid(f, &pid);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                if (is_kernel_thread(pid) > 0)
-                        continue;
-
-                r = append_process(reply, p, pid, pids);
-                if (r < 0)
-                        return r;
-        }
-
-        r = cg_enumerate_subgroups(SYSTEMD_CGROUP_CONTROLLER, p, &d);
-        if (r == -ENOENT)
-                return 0;
-        if (r < 0)
-                return r;
-
-        for (;;) {
-                _cleanup_free_ char *g = NULL, *j = NULL;
-
-                r = cg_read_subgroup(d, &g);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                j = strjoin(p, "/", g, NULL);
-                if (!j)
-                        return -ENOMEM;
-
-                r = append_cgroup(reply, j, pids);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(set_freep) Set *pids = NULL;
-        Unit *u = userdata;
-        pid_t pid;
-        int r;
-
-        assert(message);
-
-        pids = set_new(NULL);
-        if (!pids)
-                return -ENOMEM;
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(sus)");
-        if (r < 0)
-                return r;
-
-        if (u->cgroup_path) {
-                r = append_cgroup(reply, u->cgroup_path, pids);
-                if (r < 0)
-                        return r;
-        }
-
-        /* The main and control pids might live outside of the cgroup, hence fetch them separately */
-        pid = unit_main_pid(u);
-        if (pid > 0) {
-                r = append_process(reply, NULL, pid, pids);
-                if (r < 0)
-                        return r;
-        }
-
-        pid = unit_control_pid(u);
-        if (pid > 0) {
-                r = append_process(reply, NULL, pid, pids);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-const sd_bus_vtable bus_unit_cgroup_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_PROPERTY("Slice", "s", property_get_slice, 0, 0),
-        SD_BUS_PROPERTY("ControlGroup", "s", property_get_cgroup, 0, 0),
-        SD_BUS_PROPERTY("MemoryCurrent", "t", property_get_current_memory, 0, 0),
-        SD_BUS_PROPERTY("CPUUsageNSec", "t", property_get_cpu_usage, 0, 0),
-        SD_BUS_PROPERTY("TasksCurrent", "t", property_get_current_tasks, 0, 0),
-        SD_BUS_METHOD("GetProcesses", NULL, "a(sus)", bus_unit_method_get_processes, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_VTABLE_END
-};
-
-static int send_new_signal(sd_bus *bus, void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *p = NULL;
-        Unit *u = userdata;
-        int r;
-
-        assert(bus);
-        assert(u);
-
-        p = unit_dbus_path(u);
-        if (!p)
-                return -ENOMEM;
-
-        r = sd_bus_message_new_signal(
-                        bus,
-                        &m,
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "UnitNew");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "so", u->id, p);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(bus, m, NULL);
-}
-
-static int send_changed_signal(sd_bus *bus, void *userdata) {
-        _cleanup_free_ char *p = NULL;
-        Unit *u = userdata;
-        int r;
-
-        assert(bus);
-        assert(u);
-
-        p = unit_dbus_path(u);
-        if (!p)
-                return -ENOMEM;
-
-        /* Send a properties changed signal. First for the specific
-         * type, then for the generic unit. The clients may rely on
-         * this order to get atomic behavior if needed. */
-
-        r = sd_bus_emit_properties_changed_strv(
-                        bus, p,
-                        unit_dbus_interface_from_type(u->type),
-                        NULL);
-        if (r < 0)
-                return r;
-
-        return sd_bus_emit_properties_changed_strv(
-                        bus, p,
-                        "org.freedesktop.systemd1.Unit",
-                        NULL);
-}
-
-void bus_unit_send_change_signal(Unit *u) {
-        int r;
-        assert(u);
-
-        if (u->in_dbus_queue) {
-                LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
-                u->in_dbus_queue = false;
-        }
-
-        if (!u->id)
-                return;
-
-        r = bus_foreach_bus(u->manager, NULL, u->sent_dbus_new_signal ? send_changed_signal : send_new_signal, u);
-        if (r < 0)
-                log_unit_debug_errno(u, r, "Failed to send unit change signal for %s: %m", u->id);
-
-        u->sent_dbus_new_signal = true;
-}
-
-static int send_removed_signal(sd_bus *bus, void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *p = NULL;
-        Unit *u = userdata;
-        int r;
-
-        assert(bus);
-        assert(u);
-
-        p = unit_dbus_path(u);
-        if (!p)
-                return -ENOMEM;
-
-        r = sd_bus_message_new_signal(
-                        bus,
-                        &m,
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "UnitRemoved");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "so", u->id, p);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(bus, m, NULL);
-}
-
-void bus_unit_send_removed_signal(Unit *u) {
-        int r;
-        assert(u);
-
-        if (!u->sent_dbus_new_signal)
-                bus_unit_send_change_signal(u);
-
-        if (!u->id)
-                return;
-
-        r = bus_foreach_bus(u->manager, NULL, send_removed_signal, u);
-        if (r < 0)
-                log_unit_debug_errno(u, r, "Failed to send unit remove signal for %s: %m", u->id);
-}
-
-int bus_unit_queue_job(
-                sd_bus_message *message,
-                Unit *u,
-                JobType type,
-                JobMode mode,
-                bool reload_if_possible,
-                sd_bus_error *error) {
-
-        _cleanup_free_ char *path = NULL;
-        Job *j;
-        int r;
-
-        assert(message);
-        assert(u);
-        assert(type >= 0 && type < _JOB_TYPE_MAX);
-        assert(mode >= 0 && mode < _JOB_MODE_MAX);
-
-        r = mac_selinux_unit_access_check(
-                        u, message,
-                        job_type_to_access_method(type),
-                        error);
-        if (r < 0)
-                return r;
-
-        if (reload_if_possible && unit_can_reload(u)) {
-                if (type == JOB_RESTART)
-                        type = JOB_RELOAD_OR_START;
-                else if (type == JOB_TRY_RESTART)
-                        type = JOB_TRY_RELOAD;
-        }
-
-        if (type == JOB_STOP &&
-            (u->load_state == UNIT_NOT_FOUND || u->load_state == UNIT_ERROR) &&
-            unit_active_state(u) == UNIT_INACTIVE)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not loaded.", u->id);
-
-        if ((type == JOB_START && u->refuse_manual_start) ||
-            (type == JOB_STOP && u->refuse_manual_stop) ||
-            ((type == JOB_RESTART || type == JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)) ||
-            (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))
-                return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only.", u->id);
-
-        r = manager_add_job(u->manager, type, u, mode, error, &j);
-        if (r < 0)
-                return r;
-
-        if (sd_bus_message_get_bus(message) == u->manager->api_bus) {
-                if (!j->clients) {
-                        r = sd_bus_track_new(sd_bus_message_get_bus(message), &j->clients, NULL, NULL);
-                        if (r < 0)
-                                return r;
-                }
-
-                r = sd_bus_track_add_sender(j->clients, message);
-                if (r < 0)
-                        return r;
-        }
-
-        path = job_dbus_path(j);
-        if (!path)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", path);
-}
-
-static int bus_unit_set_transient_property(
-                Unit *u,
-                const char *name,
-                sd_bus_message *message,
-                UnitSetPropertiesMode mode,
-                sd_bus_error *error) {
-
-        int r;
-
-        assert(u);
-        assert(name);
-        assert(message);
-
-        if (streq(name, "Description")) {
-                const char *d;
-
-                r = sd_bus_message_read(message, "s", &d);
-                if (r < 0)
-                        return r;
-
-                if (mode != UNIT_CHECK) {
-                        r = unit_set_description(u, d);
-                        if (r < 0)
-                                return r;
-
-                        unit_write_drop_in_format(u, mode, name, "[Unit]\nDescription=%s\n", d);
-                }
-
-                return 1;
-
-        } else if (streq(name, "DefaultDependencies")) {
-                int b;
-
-                r = sd_bus_message_read(message, "b", &b);
-                if (r < 0)
-                        return r;
-
-                if (mode != UNIT_CHECK) {
-                        u->default_dependencies = b;
-                        unit_write_drop_in_format(u, mode, name, "[Unit]\nDefaultDependencies=%s\n", yes_no(b));
-                }
-
-                return 1;
-
-        } else if (streq(name, "Slice")) {
-                Unit *slice;
-                const char *s;
-
-                if (!UNIT_HAS_CGROUP_CONTEXT(u))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "The slice property is only available for units with control groups.");
-                if (u->type == UNIT_SLICE)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Slice may not be set for slice units.");
-                if (unit_has_name(u, SPECIAL_INIT_SCOPE))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set slice for init.scope");
-
-                r = sd_bus_message_read(message, "s", &s);
-                if (r < 0)
-                        return r;
-
-                if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid unit name '%s'", s);
-
-                /* Note that we do not dispatch the load queue here yet, as we don't want our own transient unit to be
-                 * loaded while we are still setting it up. Or in other words, we use manager_load_unit_prepare()
-                 * instead of manager_load_unit() on purpose, here. */
-                r = manager_load_unit_prepare(u->manager, s, NULL, error, &slice);
-                if (r < 0)
-                        return r;
-
-                if (slice->type != UNIT_SLICE)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s);
-
-                if (mode != UNIT_CHECK) {
-                        r = unit_set_slice(u, slice);
-                        if (r < 0)
-                                return r;
-
-                        unit_write_drop_in_private_format(u, mode, name, "Slice=%s\n", s);
-                }
-
-                return 1;
-
-        } else if (STR_IN_SET(name,
-                              "Requires", "RequiresOverridable",
-                              "Requisite", "RequisiteOverridable",
-                              "Wants",
-                              "BindsTo",
-                              "Conflicts",
-                              "Before", "After",
-                              "OnFailure",
-                              "PropagatesReloadTo", "ReloadPropagatedFrom",
-                              "PartOf")) {
-
-                UnitDependency d;
-                const char *other;
-
-                if (streq(name, "RequiresOverridable"))
-                        d = UNIT_REQUIRES; /* redirect for obsolete unit dependency type */
-                else if (streq(name, "RequisiteOverridable"))
-                        d = UNIT_REQUISITE; /* same here */
-                else {
-                        d = unit_dependency_from_string(name);
-                        if (d < 0)
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid unit dependency: %s", name);
-                }
-
-                r = sd_bus_message_enter_container(message, 'a', "s");
-                if (r < 0)
-                        return r;
-
-                while ((r = sd_bus_message_read(message, "s", &other)) > 0) {
-                        if (!unit_name_is_valid(other, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid unit name %s", other);
-
-                        if (mode != UNIT_CHECK) {
-                                _cleanup_free_ char *label = NULL;
-
-                                r = unit_add_dependency_by_name(u, d, other, NULL, true);
-                                if (r < 0)
-                                        return r;
-
-                                label = strjoin(name, "-", other, NULL);
-                                if (!label)
-                                        return -ENOMEM;
-
-                                unit_write_drop_in_format(u, mode, label, "[Unit]\n%s=%s\n", name, other);
-                        }
-
-                }
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(message);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-
-        return 0;
-}
-
-int bus_unit_set_properties(
-                Unit *u,
-                sd_bus_message *message,
-                UnitSetPropertiesMode mode,
-                bool commit,
-                sd_bus_error *error) {
-
-        bool for_real = false;
-        unsigned n = 0;
-        int r;
-
-        assert(u);
-        assert(message);
-
-        /* We iterate through the array twice. First run we just check
-         * if all passed data is valid, second run actually applies
-         * it. This is to implement transaction-like behaviour without
-         * actually providing full transactions. */
-
-        r = sd_bus_message_enter_container(message, 'a', "(sv)");
-        if (r < 0)
-                return r;
-
-        for (;;) {
-                const char *name;
-
-                r = sd_bus_message_enter_container(message, 'r', "sv");
-                if (r < 0)
-                        return r;
-                if (r == 0) {
-                        if (for_real || mode == UNIT_CHECK)
-                                break;
-
-                        /* Reached EOF. Let's try again, and this time for realz... */
-                        r = sd_bus_message_rewind(message, false);
-                        if (r < 0)
-                                return r;
-
-                        for_real = true;
-                        continue;
-                }
-
-                r = sd_bus_message_read(message, "s", &name);
-                if (r < 0)
-                        return r;
-
-                if (!UNIT_VTABLE(u)->bus_set_property)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_PROPERTY_READ_ONLY, "Objects of this type do not support setting properties.");
-
-                r = sd_bus_message_enter_container(message, 'v', NULL);
-                if (r < 0)
-                        return r;
-
-                r = UNIT_VTABLE(u)->bus_set_property(u, name, message, for_real ? mode : UNIT_CHECK, error);
-                if (r == 0 && u->transient && u->load_state == UNIT_STUB)
-                        r = bus_unit_set_transient_property(u, name, message, for_real ? mode : UNIT_CHECK, error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_PROPERTY_READ_ONLY, "Cannot set property %s, or unknown property.", name);
-
-                r = sd_bus_message_exit_container(message);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(message);
-                if (r < 0)
-                        return r;
-
-                n += for_real;
-        }
-
-        r = sd_bus_message_exit_container(message);
-        if (r < 0)
-                return r;
-
-        if (commit && n > 0 && UNIT_VTABLE(u)->bus_commit_properties)
-                UNIT_VTABLE(u)->bus_commit_properties(u);
-
-        return n;
-}
-
-int bus_unit_check_load_state(Unit *u, sd_bus_error *error) {
-        assert(u);
-
-        if (u->load_state == UNIT_LOADED)
-                return 0;
-
-        /* Give a better description of the unit error when
-         * possible. Note that in the case of UNIT_MASKED, load_error
-         * is not set. */
-        if (u->load_state == UNIT_MASKED)
-                return sd_bus_error_setf(error, BUS_ERROR_UNIT_MASKED, "Unit %s is masked.", u->id);
-
-        if (u->load_state == UNIT_NOT_FOUND)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not found.", u->id);
-
-        return sd_bus_error_set_errnof(error, u->load_error, "Unit %s is not loaded properly: %m.", u->id);
-}
diff --git a/src/core/dbus-unit.h b/src/core/dbus-unit.h
deleted file mode 100644
index 4db88dbebc..0000000000
--- a/src/core/dbus-unit.h
+++ /dev/null
@@ -1,41 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "unit.h"
-
-extern const sd_bus_vtable bus_unit_vtable[];
-extern const sd_bus_vtable bus_unit_cgroup_vtable[];
-
-void bus_unit_send_change_signal(Unit *u);
-void bus_unit_send_removed_signal(Unit *u);
-
-int bus_unit_method_start_generic(sd_bus_message *message, Unit *u, JobType job_type, bool reload_if_possible, sd_bus_error *error);
-int bus_unit_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_unit_method_reset_failed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-
-int bus_unit_queue_job(sd_bus_message *message, Unit *u, JobType type, JobMode mode, bool reload_if_possible, sd_bus_error *error);
-int bus_unit_set_properties(Unit *u, sd_bus_message *message, UnitSetPropertiesMode mode, bool commit, sd_bus_error *error);
-int bus_unit_method_set_properties(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bus_error *error);
-
-int bus_unit_check_load_state(Unit *u, sd_bus_error *error);
diff --git a/src/core/dbus.c b/src/core/dbus.c
deleted file mode 100644
index 3422a02d68..0000000000
--- a/src/core/dbus.c
+++ /dev/null
@@ -1,1243 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <sys/epoll.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-internal.h"
-#include "bus-util.h"
-#include "dbus-cgroup.h"
-#include "dbus-execute.h"
-#include "dbus-job.h"
-#include "dbus-kill.h"
-#include "dbus-manager.h"
-#include "dbus-unit.h"
-#include "dbus.h"
-#include "fd-util.h"
-#include "log.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "selinux-access.h"
-#include "special.h"
-#include "string-util.h"
-#include "strv.h"
-#include "strxcpyx.h"
-#include "user-util.h"
-
-#define CONNECTIONS_MAX 4096
-
-static void destroy_bus(Manager *m, sd_bus **bus);
-
-int bus_send_queued_message(Manager *m) {
-        int r;
-
-        assert(m);
-
-        if (!m->queued_message)
-                return 0;
-
-        /* If we cannot get rid of this message we won't dispatch any
-         * D-Bus messages, so that we won't end up wanting to queue
-         * another message. */
-
-        r = sd_bus_send(NULL, m->queued_message, NULL);
-        if (r < 0)
-                log_warning_errno(r, "Failed to send queued message: %m");
-
-        m->queued_message = sd_bus_message_unref(m->queued_message);
-
-        return 0;
-}
-
-int bus_forward_agent_released(Manager *m, const char *path) {
-        int r;
-
-        assert(m);
-        assert(path);
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return 0;
-
-        if (!m->system_bus)
-                return 0;
-
-        /* If we are running a system instance we forward the agent message on the system bus, so that the user
-         * instances get notified about this, too */
-
-        r = sd_bus_emit_signal(m->system_bus,
-                               "/org/freedesktop/systemd1/agent",
-                               "org.freedesktop.systemd1.Agent",
-                               "Released",
-                               "s", path);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to propagate agent release message: %m");
-
-        return 1;
-}
-
-static int signal_agent_released(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        Manager *m = userdata;
-        const char *cgroup;
-        uid_t sender_uid;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        /* only accept org.freedesktop.systemd1.Agent from UID=0 */
-        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_creds_get_euid(creds, &sender_uid);
-        if (r < 0 || sender_uid != 0)
-                return 0;
-
-        /* parse 'cgroup-empty' notification */
-        r = sd_bus_message_read(message, "s", &cgroup);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        manager_notify_cgroup_empty(m, cgroup);
-        return 0;
-}
-
-static int signal_disconnected(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        sd_bus *bus;
-
-        assert(message);
-        assert(m);
-        assert_se(bus = sd_bus_message_get_bus(message));
-
-        if (bus == m->api_bus)
-                destroy_bus(m, &m->api_bus);
-        if (bus == m->system_bus)
-                destroy_bus(m, &m->system_bus);
-        if (set_remove(m->private_buses, bus)) {
-                log_debug("Got disconnect on private connection.");
-                destroy_bus(m, &bus);
-        }
-
-        return 0;
-}
-
-static int signal_activation_request(sd_bus_message *message, void *userdata, sd_bus_error *ret_error) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        Manager *m = userdata;
-        const char *name;
-        Unit *u;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        if (manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SERVICE) ||
-            manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SOCKET)) {
-                r = sd_bus_error_setf(&error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is shutting down.");
-                goto failed;
-        }
-
-        r = manager_load_unit(m, name, NULL, &error, &u);
-        if (r < 0)
-                goto failed;
-
-        if (u->refuse_manual_start) {
-                r = sd_bus_error_setf(&error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, %s may be requested by dependency only.", u->id);
-                goto failed;
-        }
-
-        r = manager_add_job(m, JOB_START, u, JOB_REPLACE, &error, NULL);
-        if (r < 0)
-                goto failed;
-
-        /* Successfully queued, that's it for us */
-        return 0;
-
-failed:
-        if (!sd_bus_error_is_set(&error))
-                sd_bus_error_set_errno(&error, r);
-
-        log_debug("D-Bus activation failed for %s: %s", name, bus_error_message(&error, r));
-
-        r = sd_bus_message_new_signal(sd_bus_message_get_bus(message), &reply, "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Activator", "ActivationFailure");
-        if (r < 0) {
-                bus_log_create_error(r);
-                return 0;
-        }
-
-        r = sd_bus_message_append(reply, "sss", name, error.name, error.message);
-        if (r < 0) {
-                bus_log_create_error(r);
-                return 0;
-        }
-
-        r = sd_bus_send_to(NULL, reply, "org.freedesktop.DBus", NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to respond with to bus activation request: %m");
-
-        return 0;
-}
-
-#ifdef HAVE_SELINUX
-static int mac_selinux_filter(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        const char *verb, *path;
-        Unit *u = NULL;
-        Job *j;
-        int r;
-
-        assert(message);
-
-        /* Our own method calls are all protected individually with
-         * selinux checks, but the built-in interfaces need to be
-         * protected too. */
-
-        if (sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Properties", "Set"))
-                verb = "reload";
-        else if (sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Introspectable", NULL) ||
-                 sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Properties", NULL) ||
-                 sd_bus_message_is_method_call(message, "org.freedesktop.DBus.ObjectManager", NULL) ||
-                 sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Peer", NULL))
-                verb = "status";
-        else
-                return 0;
-
-        path = sd_bus_message_get_path(message);
-
-        if (object_path_startswith("/org/freedesktop/systemd1", path)) {
-
-                r = mac_selinux_access_check(message, verb, error);
-                if (r < 0)
-                        return r;
-
-                return 0;
-        }
-
-        if (streq_ptr(path, "/org/freedesktop/systemd1/unit/self")) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-                pid_t pid;
-
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
-                if (r < 0)
-                        return 0;
-
-                r = sd_bus_creds_get_pid(creds, &pid);
-                if (r < 0)
-                        return 0;
-
-                u = manager_get_unit_by_pid(m, pid);
-        } else {
-                r = manager_get_job_from_dbus_path(m, path, &j);
-                if (r >= 0)
-                        u = j->unit;
-                else
-                        manager_load_unit_from_dbus_path(m, path, NULL, &u);
-        }
-
-        if (!u)
-                return 0;
-
-        r = mac_selinux_unit_access_check(u, message, verb, error);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-#endif
-
-static int bus_job_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-        Job *j;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        r = manager_get_job_from_dbus_path(m, path, &j);
-        if (r < 0)
-                return 0;
-
-        *found = j;
-        return 1;
-}
-
-static int find_unit(Manager *m, sd_bus *bus, const char *path, Unit **unit, sd_bus_error *error) {
-        Unit *u;
-        int r;
-
-        assert(m);
-        assert(bus);
-        assert(path);
-
-        if (streq_ptr(path, "/org/freedesktop/systemd1/unit/self")) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-                sd_bus_message *message;
-                pid_t pid;
-
-                message = sd_bus_get_current_message(bus);
-                if (!message)
-                        return 0;
-
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_creds_get_pid(creds, &pid);
-                if (r < 0)
-                        return r;
-
-                u = manager_get_unit_by_pid(m, pid);
-        } else {
-                r = manager_load_unit_from_dbus_path(m, path, error, &u);
-                if (r < 0)
-                        return 0;
-        }
-
-        if (!u)
-                return 0;
-
-        *unit = u;
-        return 1;
-}
-
-static int bus_unit_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        return find_unit(m, bus, path, (Unit**) found, error);
-}
-
-static int bus_unit_interface_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-        Unit *u;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        r = find_unit(m, bus, path, &u, error);
-        if (r <= 0)
-                return r;
-
-        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
-                return 0;
-
-        *found = u;
-        return 1;
-}
-
-static int bus_unit_cgroup_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-        Unit *u;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        r = find_unit(m, bus, path, &u, error);
-        if (r <= 0)
-                return r;
-
-        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
-                return 0;
-
-        if (!UNIT_HAS_CGROUP_CONTEXT(u))
-                return 0;
-
-        *found = u;
-        return 1;
-}
-
-static int bus_cgroup_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-        CGroupContext *c;
-        Unit *u;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        r = find_unit(m, bus, path, &u, error);
-        if (r <= 0)
-                return r;
-
-        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
-                return 0;
-
-        c = unit_get_cgroup_context(u);
-        if (!c)
-                return 0;
-
-        *found = c;
-        return 1;
-}
-
-static int bus_exec_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-        ExecContext *c;
-        Unit *u;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        r = find_unit(m, bus, path, &u, error);
-        if (r <= 0)
-                return r;
-
-        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
-                return 0;
-
-        c = unit_get_exec_context(u);
-        if (!c)
-                return 0;
-
-        *found = c;
-        return 1;
-}
-
-static int bus_kill_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-        KillContext *c;
-        Unit *u;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        r = find_unit(m, bus, path, &u, error);
-        if (r <= 0)
-                return r;
-
-        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
-                return 0;
-
-        c = unit_get_kill_context(u);
-        if (!c)
-                return 0;
-
-        *found = c;
-        return 1;
-}
-
-static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
-        _cleanup_free_ char **l = NULL;
-        Manager *m = userdata;
-        unsigned k = 0;
-        Iterator i;
-        Job *j;
-
-        l = new0(char*, hashmap_size(m->jobs)+1);
-        if (!l)
-                return -ENOMEM;
-
-        HASHMAP_FOREACH(j, m->jobs, i) {
-                l[k] = job_dbus_path(j);
-                if (!l[k])
-                        return -ENOMEM;
-
-                k++;
-        }
-
-        assert(hashmap_size(m->jobs) == k);
-
-        *nodes = l;
-        l = NULL;
-
-        return k;
-}
-
-static int bus_unit_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
-        _cleanup_free_ char **l = NULL;
-        Manager *m = userdata;
-        unsigned k = 0;
-        Iterator i;
-        Unit *u;
-
-        l = new0(char*, hashmap_size(m->units)+1);
-        if (!l)
-                return -ENOMEM;
-
-        HASHMAP_FOREACH(u, m->units, i) {
-                l[k] = unit_dbus_path(u);
-                if (!l[k])
-                        return -ENOMEM;
-
-                k++;
-        }
-
-        *nodes = l;
-        l = NULL;
-
-        return k;
-}
-
-static int bus_setup_api_vtables(Manager *m, sd_bus *bus) {
-        UnitType t;
-        int r;
-
-        assert(m);
-        assert(bus);
-
-#ifdef HAVE_SELINUX
-        r = sd_bus_add_filter(bus, NULL, mac_selinux_filter, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add SELinux access filter: %m");
-#endif
-
-        r = sd_bus_add_object_vtable(bus, NULL, "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager", bus_manager_vtable, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register Manager vtable: %m");
-
-        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/job", "org.freedesktop.systemd1.Job", bus_job_vtable, bus_job_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register Job vtable: %m");
-
-        r = sd_bus_add_node_enumerator(bus, NULL, "/org/freedesktop/systemd1/job", bus_job_enumerate, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add job enumerator: %m");
-
-        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", "org.freedesktop.systemd1.Unit", bus_unit_vtable, bus_unit_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register Unit vtable: %m");
-
-        r = sd_bus_add_node_enumerator(bus, NULL, "/org/freedesktop/systemd1/unit", bus_unit_enumerate, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add job enumerator: %m");
-
-        for (t = 0; t < _UNIT_TYPE_MAX; t++) {
-                const char *interface;
-
-                assert_se(interface = unit_dbus_interface_from_type(t));
-
-                r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, unit_vtable[t]->bus_vtable, bus_unit_interface_find, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to register type specific vtable for %s: %m", interface);
-
-                if (unit_vtable[t]->cgroup_context_offset > 0) {
-                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_unit_cgroup_vtable, bus_unit_cgroup_find, m);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to register control group unit vtable for %s: %m", interface);
-
-                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_cgroup_vtable, bus_cgroup_context_find, m);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to register control group vtable for %s: %m", interface);
-                }
-
-                if (unit_vtable[t]->exec_context_offset > 0) {
-                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_exec_vtable, bus_exec_context_find, m);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to register execute vtable for %s: %m", interface);
-                }
-
-                if (unit_vtable[t]->kill_context_offset > 0) {
-                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_kill_vtable, bus_kill_context_find, m);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to register kill vtable for %s: %m", interface);
-                }
-        }
-
-        return 0;
-}
-
-static int bus_setup_disconnected_match(Manager *m, sd_bus *bus) {
-        int r;
-
-        assert(m);
-        assert(bus);
-
-        r = sd_bus_add_match(
-                        bus,
-                        NULL,
-                        "sender='org.freedesktop.DBus.Local',"
-                        "type='signal',"
-                        "path='/org/freedesktop/DBus/Local',"
-                        "interface='org.freedesktop.DBus.Local',"
-                        "member='Disconnected'",
-                        signal_disconnected, m);
-
-        if (r < 0)
-                return log_error_errno(r, "Failed to register match for Disconnected message: %m");
-
-        return 0;
-}
-
-static int bus_on_connection(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        _cleanup_close_ int nfd = -1;
-        Manager *m = userdata;
-        sd_id128_t id;
-        int r;
-
-        assert(s);
-        assert(m);
-
-        nfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
-        if (nfd < 0) {
-                log_warning_errno(errno, "Failed to accept private connection, ignoring: %m");
-                return 0;
-        }
-
-        if (set_size(m->private_buses) >= CONNECTIONS_MAX) {
-                log_warning("Too many concurrent connections, refusing");
-                return 0;
-        }
-
-        r = set_ensure_allocated(&m->private_buses, NULL);
-        if (r < 0) {
-                log_oom();
-                return 0;
-        }
-
-        r = sd_bus_new(&bus);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to allocate new private connection bus: %m");
-                return 0;
-        }
-
-        r = sd_bus_set_fd(bus, nfd, nfd);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to set fd on new connection bus: %m");
-                return 0;
-        }
-
-        nfd = -1;
-
-        r = bus_check_peercred(bus);
-        if (r < 0) {
-                log_warning_errno(r, "Incoming private connection from unprivileged client, refusing: %m");
-                return 0;
-        }
-
-        assert_se(sd_id128_randomize(&id) >= 0);
-
-        r = sd_bus_set_server(bus, 1, id);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to enable server support for new connection bus: %m");
-                return 0;
-        }
-
-        r = sd_bus_negotiate_creds(bus, 1,
-                                   SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
-                                   SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
-                                   SD_BUS_CREDS_SELINUX_CONTEXT);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to enable credentials for new connection: %m");
-                return 0;
-        }
-
-        r = sd_bus_start(bus);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to start new connection bus: %m");
-                return 0;
-        }
-
-        r = sd_bus_attach_event(bus, m->event, SD_EVENT_PRIORITY_NORMAL);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to attach new connection bus to event loop: %m");
-                return 0;
-        }
-
-        r = bus_setup_disconnected_match(m, bus);
-        if (r < 0)
-                return 0;
-
-        r = bus_setup_api_vtables(m, bus);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to set up API vtables on new connection bus: %m");
-                return 0;
-        }
-
-        r = set_put(m->private_buses, bus);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to add new connection bus to set: %m");
-                return 0;
-        }
-
-        bus = NULL;
-
-        log_debug("Accepted new private connection.");
-
-        return 0;
-}
-
-int manager_sync_bus_names(Manager *m, sd_bus *bus) {
-        _cleanup_strv_free_ char **names = NULL;
-        const char *name;
-        Iterator i;
-        Unit *u;
-        int r;
-
-        assert(m);
-        assert(bus);
-
-        r = sd_bus_list_names(bus, &names, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get initial list of names: %m");
-
-        /* We have to synchronize the current bus names with the
-         * list of active services. To do this, walk the list of
-         * all units with bus names. */
-        HASHMAP_FOREACH_KEY(u, name, m->watch_bus, i) {
-                Service *s = SERVICE(u);
-
-                assert(s);
-
-                if (!streq_ptr(s->bus_name, name)) {
-                        log_unit_warning(u, "Bus name has changed from %s → %s, ignoring.", s->bus_name, name);
-                        continue;
-                }
-
-                /* Check if a service's bus name is in the list of currently
-                 * active names */
-                if (strv_contains(names, name)) {
-                        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-                        const char *unique;
-
-                        /* If it is, determine its current owner */
-                        r = sd_bus_get_name_creds(bus, name, SD_BUS_CREDS_UNIQUE_NAME, &creds);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to get bus name owner %s: %m", name);
-                                continue;
-                        }
-
-                        r = sd_bus_creds_get_unique_name(creds, &unique);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to get unique name for %s: %m", name);
-                                continue;
-                        }
-
-                        /* Now, let's compare that to the previous bus owner, and
-                         * if it's still the same, all is fine, so just don't
-                         * bother the service. Otherwise, the name has apparently
-                         * changed, so synthesize a name owner changed signal. */
-
-                        if (!streq_ptr(unique, s->bus_name_owner))
-                                UNIT_VTABLE(u)->bus_name_owner_change(u, name, s->bus_name_owner, unique);
-                } else {
-                        /* So, the name we're watching is not on the bus.
-                         * This either means it simply hasn't appeared yet,
-                         * or it was lost during the daemon reload.
-                         * Check if the service has a stored name owner,
-                         * and synthesize a name loss signal in this case. */
-
-                        if (s->bus_name_owner)
-                                UNIT_VTABLE(u)->bus_name_owner_change(u, name, s->bus_name_owner, NULL);
-                }
-        }
-
-        return 0;
-}
-
-static int bus_setup_api(Manager *m, sd_bus *bus) {
-        Iterator i;
-        char *name;
-        Unit *u;
-        int r;
-
-        assert(m);
-        assert(bus);
-
-        /* Let's make sure we have enough credential bits so that we can make security and selinux decisions */
-        r = sd_bus_negotiate_creds(bus, 1,
-                                   SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
-                                   SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
-                                   SD_BUS_CREDS_SELINUX_CONTEXT);
-        if (r < 0)
-                log_warning_errno(r, "Failed to enable credential passing, ignoring: %m");
-
-        r = bus_setup_api_vtables(m, bus);
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH_KEY(u, name, m->watch_bus, i) {
-                r = unit_install_bus_match(u, bus, name);
-                if (r < 0)
-                        log_error_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
-        }
-
-        r = sd_bus_add_match(
-                        bus,
-                        NULL,
-                        "type='signal',"
-                        "sender='org.freedesktop.DBus',"
-                        "path='/org/freedesktop/DBus',"
-                        "interface='org.freedesktop.systemd1.Activator',"
-                        "member='ActivationRequest'",
-                        signal_activation_request, m);
-        if (r < 0)
-                log_warning_errno(r, "Failed to subscribe to activation signal: %m");
-
-        /* Allow replacing of our name, to ease implementation of
-         * reexecution, where we keep the old connection open until
-         * after the new connection is set up and the name installed
-         * to allow clients to synchronously wait for reexecution to
-         * finish */
-        r = sd_bus_request_name(bus,"org.freedesktop.systemd1", SD_BUS_NAME_REPLACE_EXISTING|SD_BUS_NAME_ALLOW_REPLACEMENT);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register name: %m");
-
-        r = manager_sync_bus_names(m, bus);
-        if (r < 0)
-                return r;
-
-        log_debug("Successfully connected to API bus.");
-        return 0;
-}
-
-static int bus_init_api(Manager *m) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        if (m->api_bus)
-                return 0;
-
-        /* The API and system bus is the same if we are running in system mode */
-        if (MANAGER_IS_SYSTEM(m) && m->system_bus)
-                bus = sd_bus_ref(m->system_bus);
-        else {
-                if (MANAGER_IS_SYSTEM(m))
-                        r = sd_bus_open_system(&bus);
-                else
-                        r = sd_bus_open_user(&bus);
-
-                if (r < 0) {
-                        log_debug("Failed to connect to API bus, retrying later...");
-                        return 0;
-                }
-
-                r = sd_bus_attach_event(bus, m->event, SD_EVENT_PRIORITY_NORMAL);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to attach API bus to event loop: %m");
-                        return 0;
-                }
-
-                r = bus_setup_disconnected_match(m, bus);
-                if (r < 0)
-                        return 0;
-        }
-
-        r = bus_setup_api(m, bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set up API bus: %m");
-                return 0;
-        }
-
-        m->api_bus = bus;
-        bus = NULL;
-
-        return 0;
-}
-
-static int bus_setup_system(Manager *m, sd_bus *bus) {
-        int r;
-
-        assert(m);
-        assert(bus);
-
-        /* if we are a user instance we get the Released message via the system bus */
-        if (MANAGER_IS_USER(m)) {
-                r = sd_bus_add_match(
-                                bus,
-                                NULL,
-                                "type='signal',"
-                                "interface='org.freedesktop.systemd1.Agent',"
-                                "member='Released',"
-                                "path='/org/freedesktop/systemd1/agent'",
-                                signal_agent_released, m);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to register Released match on system bus: %m");
-        }
-
-        log_debug("Successfully connected to system bus.");
-        return 0;
-}
-
-static int bus_init_system(Manager *m) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        if (m->system_bus)
-                return 0;
-
-        /* The API and system bus is the same if we are running in system mode */
-        if (MANAGER_IS_SYSTEM(m) && m->api_bus) {
-                m->system_bus = sd_bus_ref(m->api_bus);
-                return 0;
-        }
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0) {
-                log_debug("Failed to connect to system bus, retrying later...");
-                return 0;
-        }
-
-        r = bus_setup_disconnected_match(m, bus);
-        if (r < 0)
-                return 0;
-
-        r = sd_bus_attach_event(bus, m->event, SD_EVENT_PRIORITY_NORMAL);
-        if (r < 0) {
-                log_error_errno(r, "Failed to attach system bus to event loop: %m");
-                return 0;
-        }
-
-        r = bus_setup_system(m, bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set up system bus: %m");
-                return 0;
-        }
-
-        m->system_bus = bus;
-        bus = NULL;
-
-        return 0;
-}
-
-static int bus_init_private(Manager *m) {
-        _cleanup_close_ int fd = -1;
-        union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX
-        };
-        sd_event_source *s;
-        socklen_t salen;
-        int r;
-
-        assert(m);
-
-        if (m->private_listen_fd >= 0)
-                return 0;
-
-        /* We don't need the private socket if we have kdbus */
-        if (m->kdbus_fd >= 0)
-                return 0;
-
-        if (MANAGER_IS_SYSTEM(m)) {
-
-                /* We want the private bus only when running as init */
-                if (getpid() != 1)
-                        return 0;
-
-                strcpy(sa.un.sun_path, "/run/systemd/private");
-                salen = SOCKADDR_UN_LEN(sa.un);
-        } else {
-                size_t left = sizeof(sa.un.sun_path);
-                char *p = sa.un.sun_path;
-                const char *e;
-
-                e = secure_getenv("XDG_RUNTIME_DIR");
-                if (!e) {
-                        log_error("Failed to determine XDG_RUNTIME_DIR");
-                        return -EHOSTDOWN;
-                }
-
-                left = strpcpy(&p, left, e);
-                left = strpcpy(&p, left, "/systemd/private");
-
-                salen = sizeof(sa.un) - left;
-        }
-
-        (void) mkdir_parents_label(sa.un.sun_path, 0755);
-        (void) unlink(sa.un.sun_path);
-
-        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-        if (fd < 0)
-                return log_error_errno(errno, "Failed to allocate private socket: %m");
-
-        r = bind(fd, &sa.sa, salen);
-        if (r < 0)
-                return log_error_errno(errno, "Failed to bind private socket: %m");
-
-        r = listen(fd, SOMAXCONN);
-        if (r < 0)
-                return log_error_errno(errno, "Failed to make private socket listening: %m");
-
-        r = sd_event_add_io(m->event, &s, fd, EPOLLIN, bus_on_connection, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event source: %m");
-
-        (void) sd_event_source_set_description(s, "bus-connection");
-
-        m->private_listen_fd = fd;
-        m->private_listen_event_source = s;
-        fd = -1;
-
-        log_debug("Successfully created private D-Bus server.");
-
-        return 0;
-}
-
-int bus_init(Manager *m, bool try_bus_connect) {
-        int r;
-
-        if (try_bus_connect) {
-                r = bus_init_system(m);
-                if (r < 0)
-                        return r;
-
-                r = bus_init_api(m);
-                if (r < 0)
-                        return r;
-        }
-
-        r = bus_init_private(m);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static void destroy_bus(Manager *m, sd_bus **bus) {
-        Iterator i;
-        Job *j;
-
-        assert(m);
-        assert(bus);
-
-        if (!*bus)
-                return;
-
-        /* Get rid of tracked clients on this bus */
-        if (m->subscribed && sd_bus_track_get_bus(m->subscribed) == *bus)
-                m->subscribed = sd_bus_track_unref(m->subscribed);
-
-        HASHMAP_FOREACH(j, m->jobs, i)
-                if (j->clients && sd_bus_track_get_bus(j->clients) == *bus)
-                        j->clients = sd_bus_track_unref(j->clients);
-
-        /* Get rid of queued message on this bus */
-        if (m->queued_message && sd_bus_message_get_bus(m->queued_message) == *bus)
-                m->queued_message = sd_bus_message_unref(m->queued_message);
-
-        /* Possibly flush unwritten data, but only if we are
-         * unprivileged, since we don't want to sync here */
-        if (!MANAGER_IS_SYSTEM(m))
-                sd_bus_flush(*bus);
-
-        /* And destroy the object */
-        sd_bus_close(*bus);
-        *bus = sd_bus_unref(*bus);
-}
-
-void bus_done(Manager *m) {
-        sd_bus *b;
-
-        assert(m);
-
-        if (m->api_bus)
-                destroy_bus(m, &m->api_bus);
-        if (m->system_bus)
-                destroy_bus(m, &m->system_bus);
-        while ((b = set_steal_first(m->private_buses)))
-                destroy_bus(m, &b);
-
-        m->private_buses = set_free(m->private_buses);
-
-        m->subscribed = sd_bus_track_unref(m->subscribed);
-        m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
-
-        if (m->private_listen_event_source)
-                m->private_listen_event_source = sd_event_source_unref(m->private_listen_event_source);
-
-        m->private_listen_fd = safe_close(m->private_listen_fd);
-
-        bus_verify_polkit_async_registry_free(m->polkit_registry);
-}
-
-int bus_fdset_add_all(Manager *m, FDSet *fds) {
-        Iterator i;
-        sd_bus *b;
-        int fd;
-
-        assert(m);
-        assert(fds);
-
-        /* When we are about to reexecute we add all D-Bus fds to the
-         * set to pass over to the newly executed systemd. They won't
-         * be used there however, except thatt they are closed at the
-         * very end of deserialization, those making it possible for
-         * clients to synchronously wait for systemd to reexec by
-         * simply waiting for disconnection */
-
-        if (m->api_bus) {
-                fd = sd_bus_get_fd(m->api_bus);
-                if (fd >= 0) {
-                        fd = fdset_put_dup(fds, fd);
-                        if (fd < 0)
-                                return fd;
-                }
-        }
-
-        SET_FOREACH(b, m->private_buses, i) {
-                fd = sd_bus_get_fd(b);
-                if (fd >= 0) {
-                        fd = fdset_put_dup(fds, fd);
-                        if (fd < 0)
-                                return fd;
-                }
-        }
-
-        /* We don't offer any APIs on the system bus (well, unless it
-         * is the same as the API bus) hence we don't bother with it
-         * here */
-
-        return 0;
-}
-
-int bus_foreach_bus(
-                Manager *m,
-                sd_bus_track *subscribed2,
-                int (*send_message)(sd_bus *bus, void *userdata),
-                void *userdata) {
-
-        Iterator i;
-        sd_bus *b;
-        int r, ret = 0;
-
-        /* Send to all direct buses, unconditionally */
-        SET_FOREACH(b, m->private_buses, i) {
-                r = send_message(b, userdata);
-                if (r < 0)
-                        ret = r;
-        }
-
-        /* Send to API bus, but only if somebody is subscribed */
-        if (sd_bus_track_count(m->subscribed) > 0 ||
-            sd_bus_track_count(subscribed2) > 0) {
-                r = send_message(m->api_bus, userdata);
-                if (r < 0)
-                        ret = r;
-        }
-
-        return ret;
-}
-
-void bus_track_serialize(sd_bus_track *t, FILE *f) {
-        const char *n;
-
-        assert(f);
-
-        for (n = sd_bus_track_first(t); n; n = sd_bus_track_next(t))
-                fprintf(f, "subscribed=%s\n", n);
-}
-
-int bus_track_deserialize_item(char ***l, const char *line) {
-        const char *e;
-        int r;
-
-        assert(l);
-        assert(line);
-
-        e = startswith(line, "subscribed=");
-        if (!e)
-                return 0;
-
-        r = strv_extend(l, e);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-int bus_track_coldplug(Manager *m, sd_bus_track **t, char ***l) {
-        int r = 0;
-
-        assert(m);
-        assert(t);
-        assert(l);
-
-        if (!strv_isempty(*l) && m->api_bus) {
-                char **i;
-
-                if (!*t) {
-                        r = sd_bus_track_new(m->api_bus, t, NULL, NULL);
-                        if (r < 0)
-                                return r;
-                }
-
-                r = 0;
-                STRV_FOREACH(i, *l) {
-                        int k;
-
-                        k = sd_bus_track_add_name(*t, *i);
-                        if (k < 0)
-                                r = k;
-                }
-        }
-
-        *l = strv_free(*l);
-
-        return r;
-}
-
-int bus_verify_manage_units_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
-        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-units", NULL, false, UID_INVALID, &m->polkit_registry, error);
-}
-
-int bus_verify_manage_unit_files_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
-        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-unit-files", NULL, false, UID_INVALID, &m->polkit_registry, error);
-}
-
-int bus_verify_reload_daemon_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
-        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.reload-daemon", NULL, false, UID_INVALID, &m->polkit_registry, error);
-}
-
-int bus_verify_set_environment_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
-        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.set-environment", NULL, false, UID_INVALID, &m->polkit_registry, error);
-}
diff --git a/src/core/execute.c b/src/core/execute.c
deleted file mode 100644
index 5eb3f13695..0000000000
--- a/src/core/execute.c
+++ /dev/null
@@ -1,3092 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <glob.h>
-#include <grp.h>
-#include <poll.h>
-#include <signal.h>
-#include <string.h>
-#include <sys/capability.h>
-#include <sys/personality.h>
-#include <sys/prctl.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <utmpx.h>
-
-#ifdef HAVE_PAM
-#include <security/pam_appl.h>
-#endif
-
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-
-#ifdef HAVE_SECCOMP
-#include <seccomp.h>
-#endif
-
-#ifdef HAVE_APPARMOR
-#include <sys/apparmor.h>
-#endif
-
-#include "sd-messages.h"
-
-#include "af-list.h"
-#include "alloc-util.h"
-#ifdef HAVE_APPARMOR
-#include "apparmor-util.h"
-#endif
-#include "async.h"
-#include "barrier.h"
-#include "cap-list.h"
-#include "capability-util.h"
-#include "def.h"
-#include "env-util.h"
-#include "errno-list.h"
-#include "execute.h"
-#include "exit-status.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "glob-util.h"
-#include "io-util.h"
-#include "ioprio.h"
-#include "log.h"
-#include "macro.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "namespace.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "rlimit-util.h"
-#include "rm-rf.h"
-#ifdef HAVE_SECCOMP
-#include "seccomp-util.h"
-#endif
-#include "securebits.h"
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "smack-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "syslog-util.h"
-#include "terminal-util.h"
-#include "unit.h"
-#include "user-util.h"
-#include "util.h"
-#include "utmp-wtmp.h"
-
-#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
-#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
-
-/* This assumes there is a 'tty' group */
-#define TTY_MODE 0620
-
-#define SNDBUF_SIZE (8*1024*1024)
-
-static int shift_fds(int fds[], unsigned n_fds) {
-        int start, restart_from;
-
-        if (n_fds <= 0)
-                return 0;
-
-        /* Modifies the fds array! (sorts it) */
-
-        assert(fds);
-
-        start = 0;
-        for (;;) {
-                int i;
-
-                restart_from = -1;
-
-                for (i = start; i < (int) n_fds; i++) {
-                        int nfd;
-
-                        /* Already at right index? */
-                        if (fds[i] == i+3)
-                                continue;
-
-                        nfd = fcntl(fds[i], F_DUPFD, i + 3);
-                        if (nfd < 0)
-                                return -errno;
-
-                        safe_close(fds[i]);
-                        fds[i] = nfd;
-
-                        /* Hmm, the fd we wanted isn't free? Then
-                         * let's remember that and try again from here */
-                        if (nfd != i+3 && restart_from < 0)
-                                restart_from = i;
-                }
-
-                if (restart_from < 0)
-                        break;
-
-                start = restart_from;
-        }
-
-        return 0;
-}
-
-static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
-        unsigned i;
-        int r;
-
-        if (n_fds <= 0)
-                return 0;
-
-        assert(fds);
-
-        /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
-
-        for (i = 0; i < n_fds; i++) {
-
-                r = fd_nonblock(fds[i], nonblock);
-                if (r < 0)
-                        return r;
-
-                /* We unconditionally drop FD_CLOEXEC from the fds,
-                 * since after all we want to pass these fds to our
-                 * children */
-
-                r = fd_cloexec(fds[i], false);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static const char *exec_context_tty_path(const ExecContext *context) {
-        assert(context);
-
-        if (context->stdio_as_fds)
-                return NULL;
-
-        if (context->tty_path)
-                return context->tty_path;
-
-        return "/dev/console";
-}
-
-static void exec_context_tty_reset(const ExecContext *context, const ExecParameters *p) {
-        const char *path;
-
-        assert(context);
-
-        path = exec_context_tty_path(context);
-
-        if (context->tty_vhangup) {
-                if (p && p->stdin_fd >= 0)
-                        (void) terminal_vhangup_fd(p->stdin_fd);
-                else if (path)
-                        (void) terminal_vhangup(path);
-        }
-
-        if (context->tty_reset) {
-                if (p && p->stdin_fd >= 0)
-                        (void) reset_terminal_fd(p->stdin_fd, true);
-                else if (path)
-                        (void) reset_terminal(path);
-        }
-
-        if (context->tty_vt_disallocate && path)
-                (void) vt_disallocate(path);
-}
-
-static bool is_terminal_output(ExecOutput o) {
-        return
-                o == EXEC_OUTPUT_TTY ||
-                o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
-                o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
-                o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
-}
-
-static int open_null_as(int flags, int nfd) {
-        int fd, r;
-
-        assert(nfd >= 0);
-
-        fd = open("/dev/null", flags|O_NOCTTY);
-        if (fd < 0)
-                return -errno;
-
-        if (fd != nfd) {
-                r = dup2(fd, nfd) < 0 ? -errno : nfd;
-                safe_close(fd);
-        } else
-                r = nfd;
-
-        return r;
-}
-
-static int connect_journal_socket(int fd, uid_t uid, gid_t gid) {
-        union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/journal/stdout",
-        };
-        uid_t olduid = UID_INVALID;
-        gid_t oldgid = GID_INVALID;
-        int r;
-
-        if (gid != GID_INVALID) {
-                oldgid = getgid();
-
-                r = setegid(gid);
-                if (r < 0)
-                        return -errno;
-        }
-
-        if (uid != UID_INVALID) {
-                olduid = getuid();
-
-                r = seteuid(uid);
-                if (r < 0) {
-                        r = -errno;
-                        goto restore_gid;
-                }
-        }
-
-        r = connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-        if (r < 0)
-                r = -errno;
-
-        /* If we fail to restore the uid or gid, things will likely
-           fail later on. This should only happen if an LSM interferes. */
-
-        if (uid != UID_INVALID)
-                (void) seteuid(olduid);
-
- restore_gid:
-        if (gid != GID_INVALID)
-                (void) setegid(oldgid);
-
-        return r;
-}
-
-static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd, uid_t uid, gid_t gid) {
-        int fd, r;
-
-        assert(context);
-        assert(output < _EXEC_OUTPUT_MAX);
-        assert(ident);
-        assert(nfd >= 0);
-
-        fd = socket(AF_UNIX, SOCK_STREAM, 0);
-        if (fd < 0)
-                return -errno;
-
-        r = connect_journal_socket(fd, uid, gid);
-        if (r < 0)
-                return r;
-
-        if (shutdown(fd, SHUT_RD) < 0) {
-                safe_close(fd);
-                return -errno;
-        }
-
-        fd_inc_sndbuf(fd, SNDBUF_SIZE);
-
-        dprintf(fd,
-                "%s\n"
-                "%s\n"
-                "%i\n"
-                "%i\n"
-                "%i\n"
-                "%i\n"
-                "%i\n",
-                context->syslog_identifier ? context->syslog_identifier : ident,
-                unit_id,
-                context->syslog_priority,
-                !!context->syslog_level_prefix,
-                output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
-                output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
-                is_terminal_output(output));
-
-        if (fd != nfd) {
-                r = dup2(fd, nfd) < 0 ? -errno : nfd;
-                safe_close(fd);
-        } else
-                r = nfd;
-
-        return r;
-}
-static int open_terminal_as(const char *path, mode_t mode, int nfd) {
-        int fd, r;
-
-        assert(path);
-        assert(nfd >= 0);
-
-        fd = open_terminal(path, mode | O_NOCTTY);
-        if (fd < 0)
-                return fd;
-
-        if (fd != nfd) {
-                r = dup2(fd, nfd) < 0 ? -errno : nfd;
-                safe_close(fd);
-        } else
-                r = nfd;
-
-        return r;
-}
-
-static bool is_terminal_input(ExecInput i) {
-        return
-                i == EXEC_INPUT_TTY ||
-                i == EXEC_INPUT_TTY_FORCE ||
-                i == EXEC_INPUT_TTY_FAIL;
-}
-
-static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
-
-        if (is_terminal_input(std_input) && !apply_tty_stdin)
-                return EXEC_INPUT_NULL;
-
-        if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
-                return EXEC_INPUT_NULL;
-
-        return std_input;
-}
-
-static int fixup_output(ExecOutput std_output, int socket_fd) {
-
-        if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
-                return EXEC_OUTPUT_INHERIT;
-
-        return std_output;
-}
-
-static int setup_input(
-                const ExecContext *context,
-                const ExecParameters *params,
-                int socket_fd) {
-
-        ExecInput i;
-
-        assert(context);
-        assert(params);
-
-        if (params->stdin_fd >= 0) {
-                if (dup2(params->stdin_fd, STDIN_FILENO) < 0)
-                        return -errno;
-
-                /* Try to make this the controlling tty, if it is a tty, and reset it */
-                (void) ioctl(STDIN_FILENO, TIOCSCTTY, context->std_input == EXEC_INPUT_TTY_FORCE);
-                (void) reset_terminal_fd(STDIN_FILENO, true);
-
-                return STDIN_FILENO;
-        }
-
-        i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
-
-        switch (i) {
-
-        case EXEC_INPUT_NULL:
-                return open_null_as(O_RDONLY, STDIN_FILENO);
-
-        case EXEC_INPUT_TTY:
-        case EXEC_INPUT_TTY_FORCE:
-        case EXEC_INPUT_TTY_FAIL: {
-                int fd, r;
-
-                fd = acquire_terminal(exec_context_tty_path(context),
-                                      i == EXEC_INPUT_TTY_FAIL,
-                                      i == EXEC_INPUT_TTY_FORCE,
-                                      false,
-                                      USEC_INFINITY);
-                if (fd < 0)
-                        return fd;
-
-                if (fd != STDIN_FILENO) {
-                        r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
-                        safe_close(fd);
-                } else
-                        r = STDIN_FILENO;
-
-                return r;
-        }
-
-        case EXEC_INPUT_SOCKET:
-                return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
-
-        default:
-                assert_not_reached("Unknown input type");
-        }
-}
-
-static int setup_output(
-                Unit *unit,
-                const ExecContext *context,
-                const ExecParameters *params,
-                int fileno,
-                int socket_fd,
-                const char *ident,
-                uid_t uid, gid_t gid) {
-
-        ExecOutput o;
-        ExecInput i;
-        int r;
-
-        assert(unit);
-        assert(context);
-        assert(params);
-        assert(ident);
-
-        if (fileno == STDOUT_FILENO && params->stdout_fd >= 0) {
-
-                if (dup2(params->stdout_fd, STDOUT_FILENO) < 0)
-                        return -errno;
-
-                return STDOUT_FILENO;
-        }
-
-        if (fileno == STDERR_FILENO && params->stderr_fd >= 0) {
-                if (dup2(params->stderr_fd, STDERR_FILENO) < 0)
-                        return -errno;
-
-                return STDERR_FILENO;
-        }
-
-        i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
-        o = fixup_output(context->std_output, socket_fd);
-
-        if (fileno == STDERR_FILENO) {
-                ExecOutput e;
-                e = fixup_output(context->std_error, socket_fd);
-
-                /* This expects the input and output are already set up */
-
-                /* Don't change the stderr file descriptor if we inherit all
-                 * the way and are not on a tty */
-                if (e == EXEC_OUTPUT_INHERIT &&
-                    o == EXEC_OUTPUT_INHERIT &&
-                    i == EXEC_INPUT_NULL &&
-                    !is_terminal_input(context->std_input) &&
-                    getppid () != 1)
-                        return fileno;
-
-                /* Duplicate from stdout if possible */
-                if (e == o || e == EXEC_OUTPUT_INHERIT)
-                        return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
-
-                o = e;
-
-        } else if (o == EXEC_OUTPUT_INHERIT) {
-                /* If input got downgraded, inherit the original value */
-                if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
-                        return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
-
-                /* If the input is connected to anything that's not a /dev/null, inherit that... */
-                if (i != EXEC_INPUT_NULL)
-                        return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
-
-                /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
-                if (getppid() != 1)
-                        return fileno;
-
-                /* We need to open /dev/null here anew, to get the right access mode. */
-                return open_null_as(O_WRONLY, fileno);
-        }
-
-        switch (o) {
-
-        case EXEC_OUTPUT_NULL:
-                return open_null_as(O_WRONLY, fileno);
-
-        case EXEC_OUTPUT_TTY:
-                if (is_terminal_input(i))
-                        return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
-
-                /* We don't reset the terminal if this is just about output */
-                return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
-
-        case EXEC_OUTPUT_SYSLOG:
-        case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
-        case EXEC_OUTPUT_KMSG:
-        case EXEC_OUTPUT_KMSG_AND_CONSOLE:
-        case EXEC_OUTPUT_JOURNAL:
-        case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
-                r = connect_logger_as(context, o, ident, unit->id, fileno, uid, gid);
-                if (r < 0) {
-                        log_unit_error_errno(unit, r, "Failed to connect %s to the journal socket, ignoring: %m", fileno == STDOUT_FILENO ? "stdout" : "stderr");
-                        r = open_null_as(O_WRONLY, fileno);
-                }
-                return r;
-
-        case EXEC_OUTPUT_SOCKET:
-                assert(socket_fd >= 0);
-                return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
-
-        default:
-                assert_not_reached("Unknown error type");
-        }
-}
-
-static int chown_terminal(int fd, uid_t uid) {
-        struct stat st;
-
-        assert(fd >= 0);
-
-        /* This might fail. What matters are the results. */
-        (void) fchown(fd, uid, -1);
-        (void) fchmod(fd, TTY_MODE);
-
-        if (fstat(fd, &st) < 0)
-                return -errno;
-
-        if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
-                return -EPERM;
-
-        return 0;
-}
-
-static int setup_confirm_stdio(int *_saved_stdin, int *_saved_stdout) {
-        _cleanup_close_ int fd = -1, saved_stdin = -1, saved_stdout = -1;
-        int r;
-
-        assert(_saved_stdin);
-        assert(_saved_stdout);
-
-        saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
-        if (saved_stdin < 0)
-                return -errno;
-
-        saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
-        if (saved_stdout < 0)
-                return -errno;
-
-        fd = acquire_terminal(
-                        "/dev/console",
-                        false,
-                        false,
-                        false,
-                        DEFAULT_CONFIRM_USEC);
-        if (fd < 0)
-                return fd;
-
-        r = chown_terminal(fd, getuid());
-        if (r < 0)
-                return r;
-
-        r = reset_terminal_fd(fd, true);
-        if (r < 0)
-                return r;
-
-        if (dup2(fd, STDIN_FILENO) < 0)
-                return -errno;
-
-        if (dup2(fd, STDOUT_FILENO) < 0)
-                return -errno;
-
-        if (fd >= 2)
-                safe_close(fd);
-        fd = -1;
-
-        *_saved_stdin = saved_stdin;
-        *_saved_stdout = saved_stdout;
-
-        saved_stdin = saved_stdout = -1;
-
-        return 0;
-}
-
-_printf_(1, 2) static int write_confirm_message(const char *format, ...) {
-        _cleanup_close_ int fd = -1;
-        va_list ap;
-
-        assert(format);
-
-        fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
-        if (fd < 0)
-                return fd;
-
-        va_start(ap, format);
-        vdprintf(fd, format, ap);
-        va_end(ap);
-
-        return 0;
-}
-
-static int restore_confirm_stdio(int *saved_stdin, int *saved_stdout) {
-        int r = 0;
-
-        assert(saved_stdin);
-        assert(saved_stdout);
-
-        release_terminal();
-
-        if (*saved_stdin >= 0)
-                if (dup2(*saved_stdin, STDIN_FILENO) < 0)
-                        r = -errno;
-
-        if (*saved_stdout >= 0)
-                if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
-                        r = -errno;
-
-        *saved_stdin = safe_close(*saved_stdin);
-        *saved_stdout = safe_close(*saved_stdout);
-
-        return r;
-}
-
-static int ask_for_confirmation(char *response, char **argv) {
-        int saved_stdout = -1, saved_stdin = -1, r;
-        _cleanup_free_ char *line = NULL;
-
-        r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
-        if (r < 0)
-                return r;
-
-        line = exec_command_line(argv);
-        if (!line)
-                return -ENOMEM;
-
-        r = ask_char(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
-
-        restore_confirm_stdio(&saved_stdin, &saved_stdout);
-
-        return r;
-}
-
-static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
-        bool keep_groups = false;
-        int r;
-
-        assert(context);
-
-        /* Lookup and set GID and supplementary group list. Here too
-         * we avoid NSS lookups for gid=0. */
-
-        if (context->group || username) {
-                /* First step, initialize groups from /etc/groups */
-                if (username && gid != 0) {
-                        if (initgroups(username, gid) < 0)
-                                return -errno;
-
-                        keep_groups = true;
-                }
-
-                /* Second step, set our gids */
-                if (setresgid(gid, gid, gid) < 0)
-                        return -errno;
-        }
-
-        if (context->supplementary_groups) {
-                int ngroups_max, k;
-                gid_t *gids;
-                char **i;
-
-                /* Final step, initialize any manually set supplementary groups */
-                assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
-
-                if (!(gids = new(gid_t, ngroups_max)))
-                        return -ENOMEM;
-
-                if (keep_groups) {
-                        k = getgroups(ngroups_max, gids);
-                        if (k < 0) {
-                                free(gids);
-                                return -errno;
-                        }
-                } else
-                        k = 0;
-
-                STRV_FOREACH(i, context->supplementary_groups) {
-                        const char *g;
-
-                        if (k >= ngroups_max) {
-                                free(gids);
-                                return -E2BIG;
-                        }
-
-                        g = *i;
-                        r = get_group_creds(&g, gids+k);
-                        if (r < 0) {
-                                free(gids);
-                                return r;
-                        }
-
-                        k++;
-                }
-
-                if (setgroups(k, gids) < 0) {
-                        free(gids);
-                        return -errno;
-                }
-
-                free(gids);
-        }
-
-        return 0;
-}
-
-static int enforce_user(const ExecContext *context, uid_t uid) {
-        assert(context);
-
-        /* Sets (but doesn't look up) the uid and make sure we keep the
-         * capabilities while doing so. */
-
-        if (context->capability_ambient_set != 0) {
-
-                /* First step: If we need to keep capabilities but
-                 * drop privileges we need to make sure we keep our
-                 * caps, while we drop privileges. */
-                if (uid != 0) {
-                        int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
-
-                        if (prctl(PR_GET_SECUREBITS) != sb)
-                                if (prctl(PR_SET_SECUREBITS, sb) < 0)
-                                        return -errno;
-                }
-        }
-
-        /* Second step: actually set the uids */
-        if (setresuid(uid, uid, uid) < 0)
-                return -errno;
-
-        /* At this point we should have all necessary capabilities but
-           are otherwise a normal user. However, the caps might got
-           corrupted due to the setresuid() so we need clean them up
-           later. This is done outside of this call. */
-
-        return 0;
-}
-
-#ifdef HAVE_PAM
-
-static int null_conv(
-                int num_msg,
-                const struct pam_message **msg,
-                struct pam_response **resp,
-                void *appdata_ptr) {
-
-        /* We don't support conversations */
-
-        return PAM_CONV_ERR;
-}
-
-static int setup_pam(
-                const char *name,
-                const char *user,
-                uid_t uid,
-                const char *tty,
-                char ***pam_env,
-                int fds[], unsigned n_fds) {
-
-        static const struct pam_conv conv = {
-                .conv = null_conv,
-                .appdata_ptr = NULL
-        };
-
-        _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
-        pam_handle_t *handle = NULL;
-        sigset_t old_ss;
-        int pam_code = PAM_SUCCESS, r;
-        char **e = NULL;
-        bool close_session = false;
-        pid_t pam_pid = 0, parent_pid;
-        int flags = 0;
-
-        assert(name);
-        assert(user);
-        assert(pam_env);
-
-        /* We set up PAM in the parent process, then fork. The child
-         * will then stay around until killed via PR_GET_PDEATHSIG or
-         * systemd via the cgroup logic. It will then remove the PAM
-         * session again. The parent process will exec() the actual
-         * daemon. We do things this way to ensure that the main PID
-         * of the daemon is the one we initially fork()ed. */
-
-        r = barrier_create(&barrier);
-        if (r < 0)
-                goto fail;
-
-        if (log_get_max_level() < LOG_DEBUG)
-                flags |= PAM_SILENT;
-
-        pam_code = pam_start(name, user, &conv, &handle);
-        if (pam_code != PAM_SUCCESS) {
-                handle = NULL;
-                goto fail;
-        }
-
-        if (tty) {
-                pam_code = pam_set_item(handle, PAM_TTY, tty);
-                if (pam_code != PAM_SUCCESS)
-                        goto fail;
-        }
-
-        pam_code = pam_acct_mgmt(handle, flags);
-        if (pam_code != PAM_SUCCESS)
-                goto fail;
-
-        pam_code = pam_open_session(handle, flags);
-        if (pam_code != PAM_SUCCESS)
-                goto fail;
-
-        close_session = true;
-
-        e = pam_getenvlist(handle);
-        if (!e) {
-                pam_code = PAM_BUF_ERR;
-                goto fail;
-        }
-
-        /* Block SIGTERM, so that we know that it won't get lost in
-         * the child */
-
-        assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0);
-
-        parent_pid = getpid();
-
-        pam_pid = fork();
-        if (pam_pid < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        if (pam_pid == 0) {
-                int sig, ret = EXIT_PAM;
-
-                /* The child's job is to reset the PAM session on
-                 * termination */
-                barrier_set_role(&barrier, BARRIER_CHILD);
-
-                /* This string must fit in 10 chars (i.e. the length
-                 * of "/sbin/init"), to look pretty in /bin/ps */
-                rename_process("(sd-pam)");
-
-                /* Make sure we don't keep open the passed fds in this
-                child. We assume that otherwise only those fds are
-                open here that have been opened by PAM. */
-                close_many(fds, n_fds);
-
-                /* Drop privileges - we don't need any to pam_close_session
-                 * and this will make PR_SET_PDEATHSIG work in most cases.
-                 * If this fails, ignore the error - but expect sd-pam threads
-                 * to fail to exit normally */
-                if (setresuid(uid, uid, uid) < 0)
-                        log_error_errno(r, "Error: Failed to setresuid() in sd-pam: %m");
-
-                (void) ignore_signals(SIGPIPE, -1);
-
-                /* Wait until our parent died. This will only work if
-                 * the above setresuid() succeeds, otherwise the kernel
-                 * will not allow unprivileged parents kill their privileged
-                 * children this way. We rely on the control groups kill logic
-                 * to do the rest for us. */
-                if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
-                        goto child_finish;
-
-                /* Tell the parent that our setup is done. This is especially
-                 * important regarding dropping privileges. Otherwise, unit
-                 * setup might race against our setresuid(2) call. */
-                barrier_place(&barrier);
-
-                /* Check if our parent process might already have
-                 * died? */
-                if (getppid() == parent_pid) {
-                        sigset_t ss;
-
-                        assert_se(sigemptyset(&ss) >= 0);
-                        assert_se(sigaddset(&ss, SIGTERM) >= 0);
-
-                        for (;;) {
-                                if (sigwait(&ss, &sig) < 0) {
-                                        if (errno == EINTR)
-                                                continue;
-
-                                        goto child_finish;
-                                }
-
-                                assert(sig == SIGTERM);
-                                break;
-                        }
-                }
-
-                /* If our parent died we'll end the session */
-                if (getppid() != parent_pid) {
-                        pam_code = pam_close_session(handle, flags);
-                        if (pam_code != PAM_SUCCESS)
-                                goto child_finish;
-                }
-
-                ret = 0;
-
-        child_finish:
-                pam_end(handle, pam_code | flags);
-                _exit(ret);
-        }
-
-        barrier_set_role(&barrier, BARRIER_PARENT);
-
-        /* If the child was forked off successfully it will do all the
-         * cleanups, so forget about the handle here. */
-        handle = NULL;
-
-        /* Unblock SIGTERM again in the parent */
-        assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0);
-
-        /* We close the log explicitly here, since the PAM modules
-         * might have opened it, but we don't want this fd around. */
-        closelog();
-
-        /* Synchronously wait for the child to initialize. We don't care for
-         * errors as we cannot recover. However, warn loudly if it happens. */
-        if (!barrier_place_and_sync(&barrier))
-                log_error("PAM initialization failed");
-
-        *pam_env = e;
-        e = NULL;
-
-        return 0;
-
-fail:
-        if (pam_code != PAM_SUCCESS) {
-                log_error("PAM failed: %s", pam_strerror(handle, pam_code));
-                r = -EPERM;  /* PAM errors do not map to errno */
-        } else
-                log_error_errno(r, "PAM failed: %m");
-
-        if (handle) {
-                if (close_session)
-                        pam_code = pam_close_session(handle, flags);
-
-                pam_end(handle, pam_code | flags);
-        }
-
-        strv_free(e);
-        closelog();
-
-        return r;
-}
-#endif
-
-static void rename_process_from_path(const char *path) {
-        char process_name[11];
-        const char *p;
-        size_t l;
-
-        /* This resulting string must fit in 10 chars (i.e. the length
-         * of "/sbin/init") to look pretty in /bin/ps */
-
-        p = basename(path);
-        if (isempty(p)) {
-                rename_process("(...)");
-                return;
-        }
-
-        l = strlen(p);
-        if (l > 8) {
-                /* The end of the process name is usually more
-                 * interesting, since the first bit might just be
-                 * "systemd-" */
-                p = p + l - 8;
-                l = 8;
-        }
-
-        process_name[0] = '(';
-        memcpy(process_name+1, p, l);
-        process_name[1+l] = ')';
-        process_name[1+l+1] = 0;
-
-        rename_process(process_name);
-}
-
-#ifdef HAVE_SECCOMP
-
-static int apply_seccomp(const ExecContext *c) {
-        uint32_t negative_action, action;
-        scmp_filter_ctx *seccomp;
-        Iterator i;
-        void *id;
-        int r;
-
-        assert(c);
-
-        negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);
-
-        seccomp = seccomp_init(c->syscall_whitelist ? negative_action : SCMP_ACT_ALLOW);
-        if (!seccomp)
-                return -ENOMEM;
-
-        if (c->syscall_archs) {
-
-                SET_FOREACH(id, c->syscall_archs, i) {
-                        r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
-                        if (r == -EEXIST)
-                                continue;
-                        if (r < 0)
-                                goto finish;
-                }
-
-        } else {
-                r = seccomp_add_secondary_archs(seccomp);
-                if (r < 0)
-                        goto finish;
-        }
-
-        action = c->syscall_whitelist ? SCMP_ACT_ALLOW : negative_action;
-        SET_FOREACH(id, c->syscall_filter, i) {
-                r = seccomp_rule_add(seccomp, action, PTR_TO_INT(id) - 1, 0);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
-        if (r < 0)
-                goto finish;
-
-        r = seccomp_load(seccomp);
-
-finish:
-        seccomp_release(seccomp);
-        return r;
-}
-
-static int apply_address_families(const ExecContext *c) {
-        scmp_filter_ctx *seccomp;
-        Iterator i;
-        int r;
-
-        assert(c);
-
-        seccomp = seccomp_init(SCMP_ACT_ALLOW);
-        if (!seccomp)
-                return -ENOMEM;
-
-        r = seccomp_add_secondary_archs(seccomp);
-        if (r < 0)
-                goto finish;
-
-        if (c->address_families_whitelist) {
-                int af, first = 0, last = 0;
-                void *afp;
-
-                /* If this is a whitelist, we first block the address
-                 * families that are out of range and then everything
-                 * that is not in the set. First, we find the lowest
-                 * and highest address family in the set. */
-
-                SET_FOREACH(afp, c->address_families, i) {
-                        af = PTR_TO_INT(afp);
-
-                        if (af <= 0 || af >= af_max())
-                                continue;
-
-                        if (first == 0 || af < first)
-                                first = af;
-
-                        if (last == 0 || af > last)
-                                last = af;
-                }
-
-                assert((first == 0) == (last == 0));
-
-                if (first == 0) {
-
-                        /* No entries in the valid range, block everything */
-                        r = seccomp_rule_add(
-                                        seccomp,
-                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
-                                        SCMP_SYS(socket),
-                                        0);
-                        if (r < 0)
-                                goto finish;
-
-                } else {
-
-                        /* Block everything below the first entry */
-                        r = seccomp_rule_add(
-                                        seccomp,
-                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
-                                        SCMP_SYS(socket),
-                                        1,
-                                        SCMP_A0(SCMP_CMP_LT, first));
-                        if (r < 0)
-                                goto finish;
-
-                        /* Block everything above the last entry */
-                        r = seccomp_rule_add(
-                                        seccomp,
-                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
-                                        SCMP_SYS(socket),
-                                        1,
-                                        SCMP_A0(SCMP_CMP_GT, last));
-                        if (r < 0)
-                                goto finish;
-
-                        /* Block everything between the first and last
-                         * entry */
-                        for (af = 1; af < af_max(); af++) {
-
-                                if (set_contains(c->address_families, INT_TO_PTR(af)))
-                                        continue;
-
-                                r = seccomp_rule_add(
-                                                seccomp,
-                                                SCMP_ACT_ERRNO(EPROTONOSUPPORT),
-                                                SCMP_SYS(socket),
-                                                1,
-                                                SCMP_A0(SCMP_CMP_EQ, af));
-                                if (r < 0)
-                                        goto finish;
-                        }
-                }
-
-        } else {
-                void *af;
-
-                /* If this is a blacklist, then generate one rule for
-                 * each address family that are then combined in OR
-                 * checks. */
-
-                SET_FOREACH(af, c->address_families, i) {
-
-                        r = seccomp_rule_add(
-                                        seccomp,
-                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
-                                        SCMP_SYS(socket),
-                                        1,
-                                        SCMP_A0(SCMP_CMP_EQ, PTR_TO_INT(af)));
-                        if (r < 0)
-                                goto finish;
-                }
-        }
-
-        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
-        if (r < 0)
-                goto finish;
-
-        r = seccomp_load(seccomp);
-
-finish:
-        seccomp_release(seccomp);
-        return r;
-}
-
-#endif
-
-static void do_idle_pipe_dance(int idle_pipe[4]) {
-        assert(idle_pipe);
-
-
-        idle_pipe[1] = safe_close(idle_pipe[1]);
-        idle_pipe[2] = safe_close(idle_pipe[2]);
-
-        if (idle_pipe[0] >= 0) {
-                int r;
-
-                r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
-
-                if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
-                        ssize_t n;
-
-                        /* Signal systemd that we are bored and want to continue. */
-                        n = write(idle_pipe[3], "x", 1);
-                        if (n > 0)
-                                /* Wait for systemd to react to the signal above. */
-                                fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
-                }
-
-                idle_pipe[0] = safe_close(idle_pipe[0]);
-
-        }
-
-        idle_pipe[3] = safe_close(idle_pipe[3]);
-}
-
-static int build_environment(
-                const ExecContext *c,
-                const ExecParameters *p,
-                unsigned n_fds,
-                const char *home,
-                const char *username,
-                const char *shell,
-                char ***ret) {
-
-        _cleanup_strv_free_ char **our_env = NULL;
-        unsigned n_env = 0;
-        char *x;
-
-        assert(c);
-        assert(ret);
-
-        our_env = new0(char*, 11);
-        if (!our_env)
-                return -ENOMEM;
-
-        if (n_fds > 0) {
-                _cleanup_free_ char *joined = NULL;
-
-                if (asprintf(&x, "LISTEN_PID="PID_FMT, getpid()) < 0)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-
-                if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-
-                joined = strv_join(p->fd_names, ":");
-                if (!joined)
-                        return -ENOMEM;
-
-                x = strjoin("LISTEN_FDNAMES=", joined, NULL);
-                if (!x)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-        }
-
-        if (p->watchdog_usec > 0) {
-                if (asprintf(&x, "WATCHDOG_PID="PID_FMT, getpid()) < 0)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-
-                if (asprintf(&x, "WATCHDOG_USEC="USEC_FMT, p->watchdog_usec) < 0)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-        }
-
-        if (home) {
-                x = strappend("HOME=", home);
-                if (!x)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-        }
-
-        if (username) {
-                x = strappend("LOGNAME=", username);
-                if (!x)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-
-                x = strappend("USER=", username);
-                if (!x)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-        }
-
-        if (shell) {
-                x = strappend("SHELL=", shell);
-                if (!x)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-        }
-
-        if (is_terminal_input(c->std_input) ||
-            c->std_output == EXEC_OUTPUT_TTY ||
-            c->std_error == EXEC_OUTPUT_TTY ||
-            c->tty_path) {
-
-                x = strdup(default_term_for_tty(exec_context_tty_path(c)));
-                if (!x)
-                        return -ENOMEM;
-                our_env[n_env++] = x;
-        }
-
-        our_env[n_env++] = NULL;
-        assert(n_env <= 11);
-
-        *ret = our_env;
-        our_env = NULL;
-
-        return 0;
-}
-
-static int build_pass_environment(const ExecContext *c, char ***ret) {
-        _cleanup_strv_free_ char **pass_env = NULL;
-        size_t n_env = 0, n_bufsize = 0;
-        char **i;
-
-        STRV_FOREACH(i, c->pass_environment) {
-                _cleanup_free_ char *x = NULL;
-                char *v;
-
-                v = getenv(*i);
-                if (!v)
-                        continue;
-                x = strjoin(*i, "=", v, NULL);
-                if (!x)
-                        return -ENOMEM;
-                if (!GREEDY_REALLOC(pass_env, n_bufsize, n_env + 2))
-                        return -ENOMEM;
-                pass_env[n_env++] = x;
-                pass_env[n_env] = NULL;
-                x = NULL;
-        }
-
-        *ret = pass_env;
-        pass_env = NULL;
-
-        return 0;
-}
-
-static bool exec_needs_mount_namespace(
-                const ExecContext *context,
-                const ExecParameters *params,
-                ExecRuntime *runtime) {
-
-        assert(context);
-        assert(params);
-
-        if (!strv_isempty(context->read_write_dirs) ||
-            !strv_isempty(context->read_only_dirs) ||
-            !strv_isempty(context->inaccessible_dirs))
-                return true;
-
-        if (context->mount_flags != 0)
-                return true;
-
-        if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
-                return true;
-
-        if (context->private_devices ||
-            context->protect_system != PROTECT_SYSTEM_NO ||
-            context->protect_home != PROTECT_HOME_NO)
-                return true;
-
-        return false;
-}
-
-static int close_remaining_fds(
-                const ExecParameters *params,
-                ExecRuntime *runtime,
-                int socket_fd,
-                int *fds, unsigned n_fds) {
-
-        unsigned n_dont_close = 0;
-        int dont_close[n_fds + 7];
-
-        assert(params);
-
-        if (params->stdin_fd >= 0)
-                dont_close[n_dont_close++] = params->stdin_fd;
-        if (params->stdout_fd >= 0)
-                dont_close[n_dont_close++] = params->stdout_fd;
-        if (params->stderr_fd >= 0)
-                dont_close[n_dont_close++] = params->stderr_fd;
-
-        if (socket_fd >= 0)
-                dont_close[n_dont_close++] = socket_fd;
-        if (n_fds > 0) {
-                memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
-                n_dont_close += n_fds;
-        }
-
-        if (runtime) {
-                if (runtime->netns_storage_socket[0] >= 0)
-                        dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
-                if (runtime->netns_storage_socket[1] >= 0)
-                        dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
-        }
-
-        return close_all_fds(dont_close, n_dont_close);
-}
-
-static int exec_child(
-                Unit *unit,
-                ExecCommand *command,
-                const ExecContext *context,
-                const ExecParameters *params,
-                ExecRuntime *runtime,
-                char **argv,
-                int socket_fd,
-                int *fds, unsigned n_fds,
-                char **files_env,
-                int *exit_status) {
-
-        _cleanup_strv_free_ char **our_env = NULL, **pass_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
-        _cleanup_free_ char *mac_selinux_context_net = NULL;
-        const char *username = NULL, *home = NULL, *shell = NULL, *wd;
-        uid_t uid = UID_INVALID;
-        gid_t gid = GID_INVALID;
-        int i, r;
-        bool needs_mount_namespace;
-
-        assert(unit);
-        assert(command);
-        assert(context);
-        assert(params);
-        assert(exit_status);
-
-        rename_process_from_path(command->path);
-
-        /* We reset exactly these signals, since they are the
-         * only ones we set to SIG_IGN in the main daemon. All
-         * others we leave untouched because we set them to
-         * SIG_DFL or a valid handler initially, both of which
-         * will be demoted to SIG_DFL. */
-        (void) default_signals(SIGNALS_CRASH_HANDLER,
-                               SIGNALS_IGNORE, -1);
-
-        if (context->ignore_sigpipe)
-                (void) ignore_signals(SIGPIPE, -1);
-
-        r = reset_signal_mask();
-        if (r < 0) {
-                *exit_status = EXIT_SIGNAL_MASK;
-                return r;
-        }
-
-        if (params->idle_pipe)
-                do_idle_pipe_dance(params->idle_pipe);
-
-        /* Close sockets very early to make sure we don't
-         * block init reexecution because it cannot bind its
-         * sockets */
-
-        log_forget_fds();
-
-        r = close_remaining_fds(params, runtime, socket_fd, fds, n_fds);
-        if (r < 0) {
-                *exit_status = EXIT_FDS;
-                return r;
-        }
-
-        if (!context->same_pgrp)
-                if (setsid() < 0) {
-                        *exit_status = EXIT_SETSID;
-                        return -errno;
-                }
-
-        exec_context_tty_reset(context, params);
-
-        if (params->confirm_spawn) {
-                char response;
-
-                r = ask_for_confirmation(&response, argv);
-                if (r == -ETIMEDOUT)
-                        write_confirm_message("Confirmation question timed out, assuming positive response.\n");
-                else if (r < 0)
-                        write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-r));
-                else if (response == 's') {
-                        write_confirm_message("Skipping execution.\n");
-                        *exit_status = EXIT_CONFIRM;
-                        return -ECANCELED;
-                } else if (response == 'n') {
-                        write_confirm_message("Failing execution.\n");
-                        *exit_status = 0;
-                        return 0;
-                }
-        }
-
-        if (context->user) {
-                username = context->user;
-                r = get_user_creds(&username, &uid, &gid, &home, &shell);
-                if (r < 0) {
-                        *exit_status = EXIT_USER;
-                        return r;
-                }
-        }
-
-        if (context->group) {
-                const char *g = context->group;
-
-                r = get_group_creds(&g, &gid);
-                if (r < 0) {
-                        *exit_status = EXIT_GROUP;
-                        return r;
-                }
-        }
-
-
-        /* If a socket is connected to STDIN/STDOUT/STDERR, we
-         * must sure to drop O_NONBLOCK */
-        if (socket_fd >= 0)
-                (void) fd_nonblock(socket_fd, false);
-
-        r = setup_input(context, params, socket_fd);
-        if (r < 0) {
-                *exit_status = EXIT_STDIN;
-                return r;
-        }
-
-        r = setup_output(unit, context, params, STDOUT_FILENO, socket_fd, basename(command->path), uid, gid);
-        if (r < 0) {
-                *exit_status = EXIT_STDOUT;
-                return r;
-        }
-
-        r = setup_output(unit, context, params, STDERR_FILENO, socket_fd, basename(command->path), uid, gid);
-        if (r < 0) {
-                *exit_status = EXIT_STDERR;
-                return r;
-        }
-
-        if (params->cgroup_path) {
-                r = cg_attach_everywhere(params->cgroup_supported, params->cgroup_path, 0, NULL, NULL);
-                if (r < 0) {
-                        *exit_status = EXIT_CGROUP;
-                        return r;
-                }
-        }
-
-        if (context->oom_score_adjust_set) {
-                char t[DECIMAL_STR_MAX(context->oom_score_adjust)];
-
-                /* When we can't make this change due to EPERM, then
-                 * let's silently skip over it. User namespaces
-                 * prohibit write access to this file, and we
-                 * shouldn't trip up over that. */
-
-                sprintf(t, "%i", context->oom_score_adjust);
-                r = write_string_file("/proc/self/oom_score_adj", t, 0);
-                if (r == -EPERM || r == -EACCES) {
-                        log_open();
-                        log_unit_debug_errno(unit, r, "Failed to adjust OOM setting, assuming containerized execution, ignoring: %m");
-                        log_close();
-                } else if (r < 0) {
-                        *exit_status = EXIT_OOM_ADJUST;
-                        return -errno;
-                }
-        }
-
-        if (context->nice_set)
-                if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
-                        *exit_status = EXIT_NICE;
-                        return -errno;
-                }
-
-        if (context->cpu_sched_set) {
-                struct sched_param param = {
-                        .sched_priority = context->cpu_sched_priority,
-                };
-
-                r = sched_setscheduler(0,
-                                       context->cpu_sched_policy |
-                                       (context->cpu_sched_reset_on_fork ?
-                                        SCHED_RESET_ON_FORK : 0),
-                                       &param);
-                if (r < 0) {
-                        *exit_status = EXIT_SETSCHEDULER;
-                        return -errno;
-                }
-        }
-
-        if (context->cpuset)
-                if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
-                        *exit_status = EXIT_CPUAFFINITY;
-                        return -errno;
-                }
-
-        if (context->ioprio_set)
-                if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
-                        *exit_status = EXIT_IOPRIO;
-                        return -errno;
-                }
-
-        if (context->timer_slack_nsec != NSEC_INFINITY)
-                if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
-                        *exit_status = EXIT_TIMERSLACK;
-                        return -errno;
-                }
-
-        if (context->personality != PERSONALITY_INVALID)
-                if (personality(context->personality) < 0) {
-                        *exit_status = EXIT_PERSONALITY;
-                        return -errno;
-                }
-
-        if (context->utmp_id)
-                utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path,
-                                      context->utmp_mode == EXEC_UTMP_INIT  ? INIT_PROCESS :
-                                      context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS :
-                                      USER_PROCESS,
-                                      username ? "root" : context->user);
-
-        if (context->user && is_terminal_input(context->std_input)) {
-                r = chown_terminal(STDIN_FILENO, uid);
-                if (r < 0) {
-                        *exit_status = EXIT_STDIN;
-                        return r;
-                }
-        }
-
-        /* If delegation is enabled we'll pass ownership of the cgroup
-         * (but only in systemd's own controller hierarchy!) to the
-         * user of the new process. */
-        if (params->cgroup_path && context->user && params->cgroup_delegate) {
-                r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid);
-                if (r < 0) {
-                        *exit_status = EXIT_CGROUP;
-                        return r;
-                }
-
-
-                r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0755, uid, gid);
-                if (r < 0) {
-                        *exit_status = EXIT_CGROUP;
-                        return r;
-                }
-        }
-
-        if (!strv_isempty(context->runtime_directory) && params->runtime_prefix) {
-                char **rt;
-
-                STRV_FOREACH(rt, context->runtime_directory) {
-                        _cleanup_free_ char *p;
-
-                        p = strjoin(params->runtime_prefix, "/", *rt, NULL);
-                        if (!p) {
-                                *exit_status = EXIT_RUNTIME_DIRECTORY;
-                                return -ENOMEM;
-                        }
-
-                        r = mkdir_p_label(p, context->runtime_directory_mode);
-                        if (r < 0) {
-                                *exit_status = EXIT_RUNTIME_DIRECTORY;
-                                return r;
-                        }
-
-                        r = chmod_and_chown(p, context->runtime_directory_mode, uid, gid);
-                        if (r < 0) {
-                                *exit_status = EXIT_RUNTIME_DIRECTORY;
-                                return r;
-                        }
-                }
-        }
-
-        umask(context->umask);
-
-        if (params->apply_permissions) {
-                r = enforce_groups(context, username, gid);
-                if (r < 0) {
-                        *exit_status = EXIT_GROUP;
-                        return r;
-                }
-#ifdef HAVE_SMACK
-                if (context->smack_process_label) {
-                        r = mac_smack_apply_pid(0, context->smack_process_label);
-                        if (r < 0) {
-                                *exit_status = EXIT_SMACK_PROCESS_LABEL;
-                                return r;
-                        }
-                }
-#ifdef SMACK_DEFAULT_PROCESS_LABEL
-                else {
-                        _cleanup_free_ char *exec_label = NULL;
-
-                        r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label);
-                        if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) {
-                                *exit_status = EXIT_SMACK_PROCESS_LABEL;
-                                return r;
-                        }
-
-                        r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL);
-                        if (r < 0) {
-                                *exit_status = EXIT_SMACK_PROCESS_LABEL;
-                                return r;
-                        }
-                }
-#endif
-#endif
-#ifdef HAVE_PAM
-                if (context->pam_name && username) {
-                        r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
-                        if (r < 0) {
-                                *exit_status = EXIT_PAM;
-                                return r;
-                        }
-                }
-#endif
-        }
-
-        if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
-                r = setup_netns(runtime->netns_storage_socket);
-                if (r < 0) {
-                        *exit_status = EXIT_NETWORK;
-                        return r;
-                }
-        }
-
-        needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
-
-        if (needs_mount_namespace) {
-                char *tmp = NULL, *var = NULL;
-
-                /* The runtime struct only contains the parent
-                 * of the private /tmp, which is
-                 * non-accessible to world users. Inside of it
-                 * there's a /tmp that is sticky, and that's
-                 * the one we want to use here. */
-
-                if (context->private_tmp && runtime) {
-                        if (runtime->tmp_dir)
-                                tmp = strjoina(runtime->tmp_dir, "/tmp");
-                        if (runtime->var_tmp_dir)
-                                var = strjoina(runtime->var_tmp_dir, "/tmp");
-                }
-
-                r = setup_namespace(
-                                params->apply_chroot ? context->root_directory : NULL,
-                                context->read_write_dirs,
-                                context->read_only_dirs,
-                                context->inaccessible_dirs,
-                                tmp,
-                                var,
-                                context->private_devices,
-                                context->protect_home,
-                                context->protect_system,
-                                context->mount_flags);
-
-                /* If we couldn't set up the namespace this is
-                 * probably due to a missing capability. In this case,
-                 * silently proceeed. */
-                if (r == -EPERM || r == -EACCES) {
-                        log_open();
-                        log_unit_debug_errno(unit, r, "Failed to set up namespace, assuming containerized execution, ignoring: %m");
-                        log_close();
-                } else if (r < 0) {
-                        *exit_status = EXIT_NAMESPACE;
-                        return r;
-                }
-        }
-
-        if (context->working_directory_home)
-                wd = home;
-        else if (context->working_directory)
-                wd = context->working_directory;
-        else
-                wd = "/";
-
-        if (params->apply_chroot) {
-                if (!needs_mount_namespace && context->root_directory)
-                        if (chroot(context->root_directory) < 0) {
-                                *exit_status = EXIT_CHROOT;
-                                return -errno;
-                        }
-
-                if (chdir(wd) < 0 &&
-                    !context->working_directory_missing_ok) {
-                        *exit_status = EXIT_CHDIR;
-                        return -errno;
-                }
-        } else {
-                const char *d;
-
-                d = strjoina(strempty(context->root_directory), "/", strempty(wd));
-                if (chdir(d) < 0 &&
-                    !context->working_directory_missing_ok) {
-                        *exit_status = EXIT_CHDIR;
-                        return -errno;
-                }
-        }
-
-#ifdef HAVE_SELINUX
-        if (params->apply_permissions && mac_selinux_use() && params->selinux_context_net && socket_fd >= 0) {
-                r = mac_selinux_get_child_mls_label(socket_fd, command->path, context->selinux_context, &mac_selinux_context_net);
-                if (r < 0) {
-                        *exit_status = EXIT_SELINUX_CONTEXT;
-                        return r;
-                }
-        }
-#endif
-
-        /* We repeat the fd closing here, to make sure that
-         * nothing is leaked from the PAM modules. Note that
-         * we are more aggressive this time since socket_fd
-         * and the netns fds we don't need anymore. The custom
-         * endpoint fd was needed to upload the policy and can
-         * now be closed as well. */
-        r = close_all_fds(fds, n_fds);
-        if (r >= 0)
-                r = shift_fds(fds, n_fds);
-        if (r >= 0)
-                r = flags_fds(fds, n_fds, context->non_blocking);
-        if (r < 0) {
-                *exit_status = EXIT_FDS;
-                return r;
-        }
-
-        if (params->apply_permissions) {
-
-                bool use_address_families = context->address_families_whitelist ||
-                        !set_isempty(context->address_families);
-                bool use_syscall_filter = context->syscall_whitelist ||
-                        !set_isempty(context->syscall_filter) ||
-                        !set_isempty(context->syscall_archs);
-                int secure_bits = context->secure_bits;
-
-                for (i = 0; i < _RLIMIT_MAX; i++) {
-                        if (!context->rlimit[i])
-                                continue;
-
-                        if (setrlimit_closest(i, context->rlimit[i]) < 0) {
-                                *exit_status = EXIT_LIMITS;
-                                return -errno;
-                        }
-                }
-
-                if (!cap_test_all(context->capability_bounding_set)) {
-                        r = capability_bounding_set_drop(context->capability_bounding_set, false);
-                        if (r < 0) {
-                                *exit_status = EXIT_CAPABILITIES;
-                                return r;
-                        }
-                }
-
-                /* This is done before enforce_user, but ambient set
-                 * does not survive over setresuid() if keep_caps is not set. */
-                if (context->capability_ambient_set != 0) {
-                        r = capability_ambient_set_apply(context->capability_ambient_set, true);
-                        if (r < 0) {
-                                *exit_status = EXIT_CAPABILITIES;
-                                return r;
-                        }
-                }
-
-                if (context->user) {
-                        r = enforce_user(context, uid);
-                        if (r < 0) {
-                                *exit_status = EXIT_USER;
-                                return r;
-                        }
-                        if (context->capability_ambient_set != 0) {
-
-                                /* Fix the ambient capabilities after user change. */
-                                r = capability_ambient_set_apply(context->capability_ambient_set, false);
-                                if (r < 0) {
-                                        *exit_status = EXIT_CAPABILITIES;
-                                        return r;
-                                }
-
-                                /* If we were asked to change user and ambient capabilities
-                                 * were requested, we had to add keep-caps to the securebits
-                                 * so that we would maintain the inherited capability set
-                                 * through the setresuid(). Make sure that the bit is added
-                                 * also to the context secure_bits so that we don't try to
-                                 * drop the bit away next. */
-
-                                secure_bits |= 1<<SECURE_KEEP_CAPS;
-                        }
-                }
-
-                /* PR_GET_SECUREBITS is not privileged, while
-                 * PR_SET_SECUREBITS is. So to suppress
-                 * potential EPERMs we'll try not to call
-                 * PR_SET_SECUREBITS unless necessary. */
-                if (prctl(PR_GET_SECUREBITS) != secure_bits)
-                        if (prctl(PR_SET_SECUREBITS, secure_bits) < 0) {
-                                *exit_status = EXIT_SECUREBITS;
-                                return -errno;
-                        }
-
-                if (context->no_new_privileges ||
-                    (!have_effective_cap(CAP_SYS_ADMIN) && (use_address_families || use_syscall_filter)))
-                        if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
-                                *exit_status = EXIT_NO_NEW_PRIVILEGES;
-                                return -errno;
-                        }
-
-#ifdef HAVE_SECCOMP
-                if (use_address_families) {
-                        r = apply_address_families(context);
-                        if (r < 0) {
-                                *exit_status = EXIT_ADDRESS_FAMILIES;
-                                return r;
-                        }
-                }
-
-                if (use_syscall_filter) {
-                        r = apply_seccomp(context);
-                        if (r < 0) {
-                                *exit_status = EXIT_SECCOMP;
-                                return r;
-                        }
-                }
-#endif
-
-#ifdef HAVE_SELINUX
-                if (mac_selinux_use()) {
-                        char *exec_context = mac_selinux_context_net ?: context->selinux_context;
-
-                        if (exec_context) {
-                                r = setexeccon(exec_context);
-                                if (r < 0) {
-                                        *exit_status = EXIT_SELINUX_CONTEXT;
-                                        return r;
-                                }
-                        }
-                }
-#endif
-
-#ifdef HAVE_APPARMOR
-                if (context->apparmor_profile && mac_apparmor_use()) {
-                        r = aa_change_onexec(context->apparmor_profile);
-                        if (r < 0 && !context->apparmor_profile_ignore) {
-                                *exit_status = EXIT_APPARMOR_PROFILE;
-                                return -errno;
-                        }
-                }
-#endif
-        }
-
-        r = build_environment(context, params, n_fds, home, username, shell, &our_env);
-        if (r < 0) {
-                *exit_status = EXIT_MEMORY;
-                return r;
-        }
-
-        r = build_pass_environment(context, &pass_env);
-        if (r < 0) {
-                *exit_status = EXIT_MEMORY;
-                return r;
-        }
-
-        final_env = strv_env_merge(6,
-                                   params->environment,
-                                   our_env,
-                                   pass_env,
-                                   context->environment,
-                                   files_env,
-                                   pam_env,
-                                   NULL);
-        if (!final_env) {
-                *exit_status = EXIT_MEMORY;
-                return -ENOMEM;
-        }
-
-        final_argv = replace_env_argv(argv, final_env);
-        if (!final_argv) {
-                *exit_status = EXIT_MEMORY;
-                return -ENOMEM;
-        }
-
-        final_env = strv_env_clean(final_env);
-
-        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
-                _cleanup_free_ char *line;
-
-                line = exec_command_line(final_argv);
-                if (line) {
-                        log_open();
-                        log_struct(LOG_DEBUG,
-                                   LOG_UNIT_ID(unit),
-                                   "EXECUTABLE=%s", command->path,
-                                   LOG_UNIT_MESSAGE(unit, "Executing: %s", line),
-                                   NULL);
-                        log_close();
-                }
-        }
-
-        execve(command->path, final_argv, final_env);
-        *exit_status = EXIT_EXEC;
-        return -errno;
-}
-
-int exec_spawn(Unit *unit,
-               ExecCommand *command,
-               const ExecContext *context,
-               const ExecParameters *params,
-               ExecRuntime *runtime,
-               pid_t *ret) {
-
-        _cleanup_strv_free_ char **files_env = NULL;
-        int *fds = NULL; unsigned n_fds = 0;
-        _cleanup_free_ char *line = NULL;
-        int socket_fd, r;
-        char **argv;
-        pid_t pid;
-
-        assert(unit);
-        assert(command);
-        assert(context);
-        assert(ret);
-        assert(params);
-        assert(params->fds || params->n_fds <= 0);
-
-        if (context->std_input == EXEC_INPUT_SOCKET ||
-            context->std_output == EXEC_OUTPUT_SOCKET ||
-            context->std_error == EXEC_OUTPUT_SOCKET) {
-
-                if (params->n_fds != 1) {
-                        log_unit_error(unit, "Got more than one socket.");
-                        return -EINVAL;
-                }
-
-                socket_fd = params->fds[0];
-        } else {
-                socket_fd = -1;
-                fds = params->fds;
-                n_fds = params->n_fds;
-        }
-
-        r = exec_context_load_environment(unit, context, &files_env);
-        if (r < 0)
-                return log_unit_error_errno(unit, r, "Failed to load environment files: %m");
-
-        argv = params->argv ?: command->argv;
-        line = exec_command_line(argv);
-        if (!line)
-                return log_oom();
-
-        log_struct(LOG_DEBUG,
-                   LOG_UNIT_ID(unit),
-                   LOG_UNIT_MESSAGE(unit, "About to execute: %s", line),
-                   "EXECUTABLE=%s", command->path,
-                   NULL);
-        pid = fork();
-        if (pid < 0)
-                return log_unit_error_errno(unit, errno, "Failed to fork: %m");
-
-        if (pid == 0) {
-                int exit_status;
-
-                r = exec_child(unit,
-                               command,
-                               context,
-                               params,
-                               runtime,
-                               argv,
-                               socket_fd,
-                               fds, n_fds,
-                               files_env,
-                               &exit_status);
-                if (r < 0) {
-                        log_open();
-                        log_struct_errno(LOG_ERR, r,
-                                         LOG_MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
-                                         LOG_UNIT_ID(unit),
-                                         LOG_UNIT_MESSAGE(unit, "Failed at step %s spawning %s: %m",
-                                                          exit_status_to_string(exit_status, EXIT_STATUS_SYSTEMD),
-                                                          command->path),
-                                         "EXECUTABLE=%s", command->path,
-                                         NULL);
-                }
-
-                _exit(exit_status);
-        }
-
-        log_unit_debug(unit, "Forked %s as "PID_FMT, command->path, pid);
-
-        /* We add the new process to the cgroup both in the child (so
-         * that we can be sure that no user code is ever executed
-         * outside of the cgroup) and in the parent (so that we can be
-         * sure that when we kill the cgroup the process will be
-         * killed too). */
-        if (params->cgroup_path)
-                (void) cg_attach(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, pid);
-
-        exec_status_start(&command->exec_status, pid);
-
-        *ret = pid;
-        return 0;
-}
-
-void exec_context_init(ExecContext *c) {
-        assert(c);
-
-        c->umask = 0022;
-        c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
-        c->cpu_sched_policy = SCHED_OTHER;
-        c->syslog_priority = LOG_DAEMON|LOG_INFO;
-        c->syslog_level_prefix = true;
-        c->ignore_sigpipe = true;
-        c->timer_slack_nsec = NSEC_INFINITY;
-        c->personality = PERSONALITY_INVALID;
-        c->runtime_directory_mode = 0755;
-        c->capability_bounding_set = CAP_ALL;
-}
-
-void exec_context_done(ExecContext *c) {
-        unsigned l;
-
-        assert(c);
-
-        c->environment = strv_free(c->environment);
-        c->environment_files = strv_free(c->environment_files);
-        c->pass_environment = strv_free(c->pass_environment);
-
-        for (l = 0; l < ELEMENTSOF(c->rlimit); l++)
-                c->rlimit[l] = mfree(c->rlimit[l]);
-
-        c->working_directory = mfree(c->working_directory);
-        c->root_directory = mfree(c->root_directory);
-        c->tty_path = mfree(c->tty_path);
-        c->syslog_identifier = mfree(c->syslog_identifier);
-        c->user = mfree(c->user);
-        c->group = mfree(c->group);
-
-        c->supplementary_groups = strv_free(c->supplementary_groups);
-
-        c->pam_name = mfree(c->pam_name);
-
-        c->read_only_dirs = strv_free(c->read_only_dirs);
-        c->read_write_dirs = strv_free(c->read_write_dirs);
-        c->inaccessible_dirs = strv_free(c->inaccessible_dirs);
-
-        if (c->cpuset)
-                CPU_FREE(c->cpuset);
-
-        c->utmp_id = mfree(c->utmp_id);
-        c->selinux_context = mfree(c->selinux_context);
-        c->apparmor_profile = mfree(c->apparmor_profile);
-
-        c->syscall_filter = set_free(c->syscall_filter);
-        c->syscall_archs = set_free(c->syscall_archs);
-        c->address_families = set_free(c->address_families);
-
-        c->runtime_directory = strv_free(c->runtime_directory);
-}
-
-int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_prefix) {
-        char **i;
-
-        assert(c);
-
-        if (!runtime_prefix)
-                return 0;
-
-        STRV_FOREACH(i, c->runtime_directory) {
-                _cleanup_free_ char *p;
-
-                p = strjoin(runtime_prefix, "/", *i, NULL);
-                if (!p)
-                        return -ENOMEM;
-
-                /* We execute this synchronously, since we need to be
-                 * sure this is gone when we start the service
-                 * next. */
-                (void) rm_rf(p, REMOVE_ROOT);
-        }
-
-        return 0;
-}
-
-void exec_command_done(ExecCommand *c) {
-        assert(c);
-
-        c->path = mfree(c->path);
-
-        c->argv = strv_free(c->argv);
-}
-
-void exec_command_done_array(ExecCommand *c, unsigned n) {
-        unsigned i;
-
-        for (i = 0; i < n; i++)
-                exec_command_done(c+i);
-}
-
-ExecCommand* exec_command_free_list(ExecCommand *c) {
-        ExecCommand *i;
-
-        while ((i = c)) {
-                LIST_REMOVE(command, c, i);
-                exec_command_done(i);
-                free(i);
-        }
-
-        return NULL;
-}
-
-void exec_command_free_array(ExecCommand **c, unsigned n) {
-        unsigned i;
-
-        for (i = 0; i < n; i++)
-                c[i] = exec_command_free_list(c[i]);
-}
-
-typedef struct InvalidEnvInfo {
-        Unit *unit;
-        const char *path;
-} InvalidEnvInfo;
-
-static void invalid_env(const char *p, void *userdata) {
-        InvalidEnvInfo *info = userdata;
-
-        log_unit_error(info->unit, "Ignoring invalid environment assignment '%s': %s", p, info->path);
-}
-
-int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l) {
-        char **i, **r = NULL;
-
-        assert(c);
-        assert(l);
-
-        STRV_FOREACH(i, c->environment_files) {
-                char *fn;
-                int k;
-                bool ignore = false;
-                char **p;
-                _cleanup_globfree_ glob_t pglob = {};
-                int count, n;
-
-                fn = *i;
-
-                if (fn[0] == '-') {
-                        ignore = true;
-                        fn++;
-                }
-
-                if (!path_is_absolute(fn)) {
-                        if (ignore)
-                                continue;
-
-                        strv_free(r);
-                        return -EINVAL;
-                }
-
-                /* Filename supports globbing, take all matching files */
-                errno = 0;
-                if (glob(fn, 0, NULL, &pglob) != 0) {
-                        if (ignore)
-                                continue;
-
-                        strv_free(r);
-                        return errno > 0 ? -errno : -EINVAL;
-                }
-                count = pglob.gl_pathc;
-                if (count == 0) {
-                        if (ignore)
-                                continue;
-
-                        strv_free(r);
-                        return -EINVAL;
-                }
-                for (n = 0; n < count; n++) {
-                        k = load_env_file(NULL, pglob.gl_pathv[n], NULL, &p);
-                        if (k < 0) {
-                                if (ignore)
-                                        continue;
-
-                                strv_free(r);
-                                return k;
-                        }
-                        /* Log invalid environment variables with filename */
-                        if (p) {
-                                InvalidEnvInfo info = {
-                                        .unit = unit,
-                                        .path = pglob.gl_pathv[n]
-                                };
-
-                                p = strv_env_clean_with_callback(p, invalid_env, &info);
-                        }
-
-                        if (r == NULL)
-                                r = p;
-                        else {
-                                char **m;
-
-                                m = strv_env_merge(2, r, p);
-                                strv_free(r);
-                                strv_free(p);
-                                if (!m)
-                                        return -ENOMEM;
-
-                                r = m;
-                        }
-                }
-        }
-
-        *l = r;
-
-        return 0;
-}
-
-static bool tty_may_match_dev_console(const char *tty) {
-        _cleanup_free_ char *active = NULL;
-        char *console;
-
-        if (!tty)
-                return true;
-
-        if (startswith(tty, "/dev/"))
-                tty += 5;
-
-        /* trivial identity? */
-        if (streq(tty, "console"))
-                return true;
-
-        console = resolve_dev_console(&active);
-        /* if we could not resolve, assume it may */
-        if (!console)
-                return true;
-
-        /* "tty0" means the active VC, so it may be the same sometimes */
-        return streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
-}
-
-bool exec_context_may_touch_console(ExecContext *ec) {
-
-        return (ec->tty_reset ||
-                ec->tty_vhangup ||
-                ec->tty_vt_disallocate ||
-                is_terminal_input(ec->std_input) ||
-                is_terminal_output(ec->std_output) ||
-                is_terminal_output(ec->std_error)) &&
-               tty_may_match_dev_console(exec_context_tty_path(ec));
-}
-
-static void strv_fprintf(FILE *f, char **l) {
-        char **g;
-
-        assert(f);
-
-        STRV_FOREACH(g, l)
-                fprintf(f, " %s", *g);
-}
-
-void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
-        char **e, **d;
-        unsigned i;
-
-        assert(c);
-        assert(f);
-
-        prefix = strempty(prefix);
-
-        fprintf(f,
-                "%sUMask: %04o\n"
-                "%sWorkingDirectory: %s\n"
-                "%sRootDirectory: %s\n"
-                "%sNonBlocking: %s\n"
-                "%sPrivateTmp: %s\n"
-                "%sPrivateNetwork: %s\n"
-                "%sPrivateDevices: %s\n"
-                "%sProtectHome: %s\n"
-                "%sProtectSystem: %s\n"
-                "%sIgnoreSIGPIPE: %s\n",
-                prefix, c->umask,
-                prefix, c->working_directory ? c->working_directory : "/",
-                prefix, c->root_directory ? c->root_directory : "/",
-                prefix, yes_no(c->non_blocking),
-                prefix, yes_no(c->private_tmp),
-                prefix, yes_no(c->private_network),
-                prefix, yes_no(c->private_devices),
-                prefix, protect_home_to_string(c->protect_home),
-                prefix, protect_system_to_string(c->protect_system),
-                prefix, yes_no(c->ignore_sigpipe));
-
-        STRV_FOREACH(e, c->environment)
-                fprintf(f, "%sEnvironment: %s\n", prefix, *e);
-
-        STRV_FOREACH(e, c->environment_files)
-                fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
-
-        STRV_FOREACH(e, c->pass_environment)
-                fprintf(f, "%sPassEnvironment: %s\n", prefix, *e);
-
-        fprintf(f, "%sRuntimeDirectoryMode: %04o\n", prefix, c->runtime_directory_mode);
-
-        STRV_FOREACH(d, c->runtime_directory)
-                fprintf(f, "%sRuntimeDirectory: %s\n", prefix, *d);
-
-        if (c->nice_set)
-                fprintf(f,
-                        "%sNice: %i\n",
-                        prefix, c->nice);
-
-        if (c->oom_score_adjust_set)
-                fprintf(f,
-                        "%sOOMScoreAdjust: %i\n",
-                        prefix, c->oom_score_adjust);
-
-        for (i = 0; i < RLIM_NLIMITS; i++)
-                if (c->rlimit[i]) {
-                        fprintf(f, "%s%s: " RLIM_FMT "\n",
-                                prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max);
-                        fprintf(f, "%s%sSoft: " RLIM_FMT "\n",
-                                prefix, rlimit_to_string(i), c->rlimit[i]->rlim_cur);
-                }
-
-        if (c->ioprio_set) {
-                _cleanup_free_ char *class_str = NULL;
-
-                ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
-                fprintf(f,
-                        "%sIOSchedulingClass: %s\n"
-                        "%sIOPriority: %i\n",
-                        prefix, strna(class_str),
-                        prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
-        }
-
-        if (c->cpu_sched_set) {
-                _cleanup_free_ char *policy_str = NULL;
-
-                sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
-                fprintf(f,
-                        "%sCPUSchedulingPolicy: %s\n"
-                        "%sCPUSchedulingPriority: %i\n"
-                        "%sCPUSchedulingResetOnFork: %s\n",
-                        prefix, strna(policy_str),
-                        prefix, c->cpu_sched_priority,
-                        prefix, yes_no(c->cpu_sched_reset_on_fork));
-        }
-
-        if (c->cpuset) {
-                fprintf(f, "%sCPUAffinity:", prefix);
-                for (i = 0; i < c->cpuset_ncpus; i++)
-                        if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
-                                fprintf(f, " %u", i);
-                fputs("\n", f);
-        }
-
-        if (c->timer_slack_nsec != NSEC_INFINITY)
-                fprintf(f, "%sTimerSlackNSec: "NSEC_FMT "\n", prefix, c->timer_slack_nsec);
-
-        fprintf(f,
-                "%sStandardInput: %s\n"
-                "%sStandardOutput: %s\n"
-                "%sStandardError: %s\n",
-                prefix, exec_input_to_string(c->std_input),
-                prefix, exec_output_to_string(c->std_output),
-                prefix, exec_output_to_string(c->std_error));
-
-        if (c->tty_path)
-                fprintf(f,
-                        "%sTTYPath: %s\n"
-                        "%sTTYReset: %s\n"
-                        "%sTTYVHangup: %s\n"
-                        "%sTTYVTDisallocate: %s\n",
-                        prefix, c->tty_path,
-                        prefix, yes_no(c->tty_reset),
-                        prefix, yes_no(c->tty_vhangup),
-                        prefix, yes_no(c->tty_vt_disallocate));
-
-        if (c->std_output == EXEC_OUTPUT_SYSLOG ||
-            c->std_output == EXEC_OUTPUT_KMSG ||
-            c->std_output == EXEC_OUTPUT_JOURNAL ||
-            c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
-            c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
-            c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
-            c->std_error == EXEC_OUTPUT_SYSLOG ||
-            c->std_error == EXEC_OUTPUT_KMSG ||
-            c->std_error == EXEC_OUTPUT_JOURNAL ||
-            c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
-            c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
-            c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
-
-                _cleanup_free_ char *fac_str = NULL, *lvl_str = NULL;
-
-                log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
-                log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
-
-                fprintf(f,
-                        "%sSyslogFacility: %s\n"
-                        "%sSyslogLevel: %s\n",
-                        prefix, strna(fac_str),
-                        prefix, strna(lvl_str));
-        }
-
-        if (c->secure_bits)
-                fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
-                        prefix,
-                        (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
-                        (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
-                        (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
-                        (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
-                        (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
-                        (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
-
-        if (c->capability_bounding_set != CAP_ALL) {
-                unsigned long l;
-                fprintf(f, "%sCapabilityBoundingSet:", prefix);
-
-                for (l = 0; l <= cap_last_cap(); l++)
-                        if (c->capability_bounding_set & (UINT64_C(1) << l))
-                                fprintf(f, " %s", strna(capability_to_name(l)));
-
-                fputs("\n", f);
-        }
-
-        if (c->capability_ambient_set != 0) {
-                unsigned long l;
-                fprintf(f, "%sAmbientCapabilities:", prefix);
-
-                for (l = 0; l <= cap_last_cap(); l++)
-                        if (c->capability_ambient_set & (UINT64_C(1) << l))
-                                fprintf(f, " %s", strna(capability_to_name(l)));
-
-                fputs("\n", f);
-        }
-
-        if (c->user)
-                fprintf(f, "%sUser: %s\n", prefix, c->user);
-        if (c->group)
-                fprintf(f, "%sGroup: %s\n", prefix, c->group);
-
-        if (strv_length(c->supplementary_groups) > 0) {
-                fprintf(f, "%sSupplementaryGroups:", prefix);
-                strv_fprintf(f, c->supplementary_groups);
-                fputs("\n", f);
-        }
-
-        if (c->pam_name)
-                fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
-
-        if (strv_length(c->read_write_dirs) > 0) {
-                fprintf(f, "%sReadWriteDirs:", prefix);
-                strv_fprintf(f, c->read_write_dirs);
-                fputs("\n", f);
-        }
-
-        if (strv_length(c->read_only_dirs) > 0) {
-                fprintf(f, "%sReadOnlyDirs:", prefix);
-                strv_fprintf(f, c->read_only_dirs);
-                fputs("\n", f);
-        }
-
-        if (strv_length(c->inaccessible_dirs) > 0) {
-                fprintf(f, "%sInaccessibleDirs:", prefix);
-                strv_fprintf(f, c->inaccessible_dirs);
-                fputs("\n", f);
-        }
-
-        if (c->utmp_id)
-                fprintf(f,
-                        "%sUtmpIdentifier: %s\n",
-                        prefix, c->utmp_id);
-
-        if (c->selinux_context)
-                fprintf(f,
-                        "%sSELinuxContext: %s%s\n",
-                        prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
-
-        if (c->personality != PERSONALITY_INVALID)
-                fprintf(f,
-                        "%sPersonality: %s\n",
-                        prefix, strna(personality_to_string(c->personality)));
-
-        if (c->syscall_filter) {
-#ifdef HAVE_SECCOMP
-                Iterator j;
-                void *id;
-                bool first = true;
-#endif
-
-                fprintf(f,
-                        "%sSystemCallFilter: ",
-                        prefix);
-
-                if (!c->syscall_whitelist)
-                        fputc('~', f);
-
-#ifdef HAVE_SECCOMP
-                SET_FOREACH(id, c->syscall_filter, j) {
-                        _cleanup_free_ char *name = NULL;
-
-                        if (first)
-                                first = false;
-                        else
-                                fputc(' ', f);
-
-                        name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1);
-                        fputs(strna(name), f);
-                }
-#endif
-
-                fputc('\n', f);
-        }
-
-        if (c->syscall_archs) {
-#ifdef HAVE_SECCOMP
-                Iterator j;
-                void *id;
-#endif
-
-                fprintf(f,
-                        "%sSystemCallArchitectures:",
-                        prefix);
-
-#ifdef HAVE_SECCOMP
-                SET_FOREACH(id, c->syscall_archs, j)
-                        fprintf(f, " %s", strna(seccomp_arch_to_string(PTR_TO_UINT32(id) - 1)));
-#endif
-                fputc('\n', f);
-        }
-
-        if (c->syscall_errno > 0)
-                fprintf(f,
-                        "%sSystemCallErrorNumber: %s\n",
-                        prefix, strna(errno_to_name(c->syscall_errno)));
-
-        if (c->apparmor_profile)
-                fprintf(f,
-                        "%sAppArmorProfile: %s%s\n",
-                        prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile);
-}
-
-bool exec_context_maintains_privileges(ExecContext *c) {
-        assert(c);
-
-        /* Returns true if the process forked off would run run under
-         * an unchanged UID or as root. */
-
-        if (!c->user)
-                return true;
-
-        if (streq(c->user, "root") || streq(c->user, "0"))
-                return true;
-
-        return false;
-}
-
-void exec_status_start(ExecStatus *s, pid_t pid) {
-        assert(s);
-
-        zero(*s);
-        s->pid = pid;
-        dual_timestamp_get(&s->start_timestamp);
-}
-
-void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
-        assert(s);
-
-        if (s->pid && s->pid != pid)
-                zero(*s);
-
-        s->pid = pid;
-        dual_timestamp_get(&s->exit_timestamp);
-
-        s->code = code;
-        s->status = status;
-
-        if (context) {
-                if (context->utmp_id)
-                        utmp_put_dead_process(context->utmp_id, pid, code, status);
-
-                exec_context_tty_reset(context, NULL);
-        }
-}
-
-void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
-        char buf[FORMAT_TIMESTAMP_MAX];
-
-        assert(s);
-        assert(f);
-
-        if (s->pid <= 0)
-                return;
-
-        prefix = strempty(prefix);
-
-        fprintf(f,
-                "%sPID: "PID_FMT"\n",
-                prefix, s->pid);
-
-        if (s->start_timestamp.realtime > 0)
-                fprintf(f,
-                        "%sStart Timestamp: %s\n",
-                        prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
-
-        if (s->exit_timestamp.realtime > 0)
-                fprintf(f,
-                        "%sExit Timestamp: %s\n"
-                        "%sExit Code: %s\n"
-                        "%sExit Status: %i\n",
-                        prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
-                        prefix, sigchld_code_to_string(s->code),
-                        prefix, s->status);
-}
-
-char *exec_command_line(char **argv) {
-        size_t k;
-        char *n, *p, **a;
-        bool first = true;
-
-        assert(argv);
-
-        k = 1;
-        STRV_FOREACH(a, argv)
-                k += strlen(*a)+3;
-
-        if (!(n = new(char, k)))
-                return NULL;
-
-        p = n;
-        STRV_FOREACH(a, argv) {
-
-                if (!first)
-                        *(p++) = ' ';
-                else
-                        first = false;
-
-                if (strpbrk(*a, WHITESPACE)) {
-                        *(p++) = '\'';
-                        p = stpcpy(p, *a);
-                        *(p++) = '\'';
-                } else
-                        p = stpcpy(p, *a);
-
-        }
-
-        *p = 0;
-
-        /* FIXME: this doesn't really handle arguments that have
-         * spaces and ticks in them */
-
-        return n;
-}
-
-void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
-        _cleanup_free_ char *cmd = NULL;
-        const char *prefix2;
-
-        assert(c);
-        assert(f);
-
-        prefix = strempty(prefix);
-        prefix2 = strjoina(prefix, "\t");
-
-        cmd = exec_command_line(c->argv);
-        fprintf(f,
-                "%sCommand Line: %s\n",
-                prefix, cmd ? cmd : strerror(ENOMEM));
-
-        exec_status_dump(&c->exec_status, f, prefix2);
-}
-
-void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
-        assert(f);
-
-        prefix = strempty(prefix);
-
-        LIST_FOREACH(command, c, c)
-                exec_command_dump(c, f, prefix);
-}
-
-void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
-        ExecCommand *end;
-
-        assert(l);
-        assert(e);
-
-        if (*l) {
-                /* It's kind of important, that we keep the order here */
-                LIST_FIND_TAIL(command, *l, end);
-                LIST_INSERT_AFTER(command, *l, end, e);
-        } else
-              *l = e;
-}
-
-int exec_command_set(ExecCommand *c, const char *path, ...) {
-        va_list ap;
-        char **l, *p;
-
-        assert(c);
-        assert(path);
-
-        va_start(ap, path);
-        l = strv_new_ap(path, ap);
-        va_end(ap);
-
-        if (!l)
-                return -ENOMEM;
-
-        p = strdup(path);
-        if (!p) {
-                strv_free(l);
-                return -ENOMEM;
-        }
-
-        free(c->path);
-        c->path = p;
-
-        strv_free(c->argv);
-        c->argv = l;
-
-        return 0;
-}
-
-int exec_command_append(ExecCommand *c, const char *path, ...) {
-        _cleanup_strv_free_ char **l = NULL;
-        va_list ap;
-        int r;
-
-        assert(c);
-        assert(path);
-
-        va_start(ap, path);
-        l = strv_new_ap(path, ap);
-        va_end(ap);
-
-        if (!l)
-                return -ENOMEM;
-
-        r = strv_extend_strv(&c->argv, l, false);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-
-static int exec_runtime_allocate(ExecRuntime **rt) {
-
-        if (*rt)
-                return 0;
-
-        *rt = new0(ExecRuntime, 1);
-        if (!*rt)
-                return -ENOMEM;
-
-        (*rt)->n_ref = 1;
-        (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
-
-        return 0;
-}
-
-int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
-        int r;
-
-        assert(rt);
-        assert(c);
-        assert(id);
-
-        if (*rt)
-                return 1;
-
-        if (!c->private_network && !c->private_tmp)
-                return 0;
-
-        r = exec_runtime_allocate(rt);
-        if (r < 0)
-                return r;
-
-        if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
-                if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
-                        return -errno;
-        }
-
-        if (c->private_tmp && !(*rt)->tmp_dir) {
-                r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
-                if (r < 0)
-                        return r;
-        }
-
-        return 1;
-}
-
-ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
-        assert(r);
-        assert(r->n_ref > 0);
-
-        r->n_ref++;
-        return r;
-}
-
-ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
-
-        if (!r)
-                return NULL;
-
-        assert(r->n_ref > 0);
-
-        r->n_ref--;
-        if (r->n_ref > 0)
-                return NULL;
-
-        free(r->tmp_dir);
-        free(r->var_tmp_dir);
-        safe_close_pair(r->netns_storage_socket);
-        free(r);
-
-        return NULL;
-}
-
-int exec_runtime_serialize(Unit *u, ExecRuntime *rt, FILE *f, FDSet *fds) {
-        assert(u);
-        assert(f);
-        assert(fds);
-
-        if (!rt)
-                return 0;
-
-        if (rt->tmp_dir)
-                unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
-
-        if (rt->var_tmp_dir)
-                unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
-
-        if (rt->netns_storage_socket[0] >= 0) {
-                int copy;
-
-                copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
-                if (copy < 0)
-                        return copy;
-
-                unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
-        }
-
-        if (rt->netns_storage_socket[1] >= 0) {
-                int copy;
-
-                copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
-                if (copy < 0)
-                        return copy;
-
-                unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
-        }
-
-        return 0;
-}
-
-int exec_runtime_deserialize_item(Unit *u, ExecRuntime **rt, const char *key, const char *value, FDSet *fds) {
-        int r;
-
-        assert(rt);
-        assert(key);
-        assert(value);
-
-        if (streq(key, "tmp-dir")) {
-                char *copy;
-
-                r = exec_runtime_allocate(rt);
-                if (r < 0)
-                        return log_oom();
-
-                copy = strdup(value);
-                if (!copy)
-                        return log_oom();
-
-                free((*rt)->tmp_dir);
-                (*rt)->tmp_dir = copy;
-
-        } else if (streq(key, "var-tmp-dir")) {
-                char *copy;
-
-                r = exec_runtime_allocate(rt);
-                if (r < 0)
-                        return log_oom();
-
-                copy = strdup(value);
-                if (!copy)
-                        return log_oom();
-
-                free((*rt)->var_tmp_dir);
-                (*rt)->var_tmp_dir = copy;
-
-        } else if (streq(key, "netns-socket-0")) {
-                int fd;
-
-                r = exec_runtime_allocate(rt);
-                if (r < 0)
-                        return log_oom();
-
-                if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
-                        log_unit_debug(u, "Failed to parse netns socket value: %s", value);
-                else {
-                        safe_close((*rt)->netns_storage_socket[0]);
-                        (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
-                }
-        } else if (streq(key, "netns-socket-1")) {
-                int fd;
-
-                r = exec_runtime_allocate(rt);
-                if (r < 0)
-                        return log_oom();
-
-                if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
-                        log_unit_debug(u, "Failed to parse netns socket value: %s", value);
-                else {
-                        safe_close((*rt)->netns_storage_socket[1]);
-                        (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
-                }
-        } else
-                return 0;
-
-        return 1;
-}
-
-static void *remove_tmpdir_thread(void *p) {
-        _cleanup_free_ char *path = p;
-
-        (void) rm_rf(path, REMOVE_ROOT|REMOVE_PHYSICAL);
-        return NULL;
-}
-
-void exec_runtime_destroy(ExecRuntime *rt) {
-        int r;
-
-        if (!rt)
-                return;
-
-        /* If there are multiple users of this, let's leave the stuff around */
-        if (rt->n_ref > 1)
-                return;
-
-        if (rt->tmp_dir) {
-                log_debug("Spawning thread to nuke %s", rt->tmp_dir);
-
-                r = asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
-                if (r < 0) {
-                        log_warning_errno(r, "Failed to nuke %s: %m", rt->tmp_dir);
-                        free(rt->tmp_dir);
-                }
-
-                rt->tmp_dir = NULL;
-        }
-
-        if (rt->var_tmp_dir) {
-                log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
-
-                r = asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
-                if (r < 0) {
-                        log_warning_errno(r, "Failed to nuke %s: %m", rt->var_tmp_dir);
-                        free(rt->var_tmp_dir);
-                }
-
-                rt->var_tmp_dir = NULL;
-        }
-
-        safe_close_pair(rt->netns_storage_socket);
-}
-
-static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
-        [EXEC_INPUT_NULL] = "null",
-        [EXEC_INPUT_TTY] = "tty",
-        [EXEC_INPUT_TTY_FORCE] = "tty-force",
-        [EXEC_INPUT_TTY_FAIL] = "tty-fail",
-        [EXEC_INPUT_SOCKET] = "socket"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
-
-static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
-        [EXEC_OUTPUT_INHERIT] = "inherit",
-        [EXEC_OUTPUT_NULL] = "null",
-        [EXEC_OUTPUT_TTY] = "tty",
-        [EXEC_OUTPUT_SYSLOG] = "syslog",
-        [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
-        [EXEC_OUTPUT_KMSG] = "kmsg",
-        [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
-        [EXEC_OUTPUT_JOURNAL] = "journal",
-        [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
-        [EXEC_OUTPUT_SOCKET] = "socket"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
-
-static const char* const exec_utmp_mode_table[_EXEC_UTMP_MODE_MAX] = {
-        [EXEC_UTMP_INIT] = "init",
-        [EXEC_UTMP_LOGIN] = "login",
-        [EXEC_UTMP_USER] = "user",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(exec_utmp_mode, ExecUtmpMode);
diff --git a/src/core/job.c b/src/core/job.c
deleted file mode 100644
index 7557874d4d..0000000000
--- a/src/core/job.c
+++ /dev/null
@@ -1,1259 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-
-#include "sd-id128.h"
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "async.h"
-#include "dbus-job.h"
-#include "dbus.h"
-#include "escape.h"
-#include "job.h"
-#include "log.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "set.h"
-#include "special.h"
-#include "stdio-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "unit.h"
-#include "virt.h"
-
-Job* job_new_raw(Unit *unit) {
-        Job *j;
-
-        /* used for deserialization */
-
-        assert(unit);
-
-        j = new0(Job, 1);
-        if (!j)
-                return NULL;
-
-        j->manager = unit->manager;
-        j->unit = unit;
-        j->type = _JOB_TYPE_INVALID;
-
-        return j;
-}
-
-Job* job_new(Unit *unit, JobType type) {
-        Job *j;
-
-        assert(type < _JOB_TYPE_MAX);
-
-        j = job_new_raw(unit);
-        if (!j)
-                return NULL;
-
-        j->id = j->manager->current_job_id++;
-        j->type = type;
-
-        /* We don't link it here, that's what job_dependency() is for */
-
-        return j;
-}
-
-void job_free(Job *j) {
-        assert(j);
-        assert(!j->installed);
-        assert(!j->transaction_prev);
-        assert(!j->transaction_next);
-        assert(!j->subject_list);
-        assert(!j->object_list);
-
-        if (j->in_run_queue)
-                LIST_REMOVE(run_queue, j->manager->run_queue, j);
-
-        if (j->in_dbus_queue)
-                LIST_REMOVE(dbus_queue, j->manager->dbus_job_queue, j);
-
-        sd_event_source_unref(j->timer_event_source);
-
-        sd_bus_track_unref(j->clients);
-        strv_free(j->deserialized_clients);
-
-        free(j);
-}
-
-static void job_set_state(Job *j, JobState state) {
-        assert(j);
-        assert(state >= 0);
-        assert(state < _JOB_STATE_MAX);
-
-        if (j->state == state)
-                return;
-
-        j->state = state;
-
-        if (!j->installed)
-                return;
-
-        if (j->state == JOB_RUNNING)
-                j->unit->manager->n_running_jobs++;
-        else {
-                assert(j->state == JOB_WAITING);
-                assert(j->unit->manager->n_running_jobs > 0);
-
-                j->unit->manager->n_running_jobs--;
-
-                if (j->unit->manager->n_running_jobs <= 0)
-                        j->unit->manager->jobs_in_progress_event_source = sd_event_source_unref(j->unit->manager->jobs_in_progress_event_source);
-        }
-}
-
-void job_uninstall(Job *j) {
-        Job **pj;
-
-        assert(j->installed);
-
-        job_set_state(j, JOB_WAITING);
-
-        pj = (j->type == JOB_NOP) ? &j->unit->nop_job : &j->unit->job;
-        assert(*pj == j);
-
-        /* Detach from next 'bigger' objects */
-
-        /* daemon-reload should be transparent to job observers */
-        if (!MANAGER_IS_RELOADING(j->manager))
-                bus_job_send_removed_signal(j);
-
-        *pj = NULL;
-
-        unit_add_to_gc_queue(j->unit);
-
-        hashmap_remove(j->manager->jobs, UINT32_TO_PTR(j->id));
-        j->installed = false;
-}
-
-static bool job_type_allows_late_merge(JobType t) {
-        /* Tells whether it is OK to merge a job of type 't' with an already
-         * running job.
-         * Reloads cannot be merged this way. Think of the sequence:
-         * 1. Reload of a daemon is in progress; the daemon has already loaded
-         *    its config file, but hasn't completed the reload operation yet.
-         * 2. Edit foo's config file.
-         * 3. Trigger another reload to have the daemon use the new config.
-         * Should the second reload job be merged into the first one, the daemon
-         * would not know about the new config.
-         * JOB_RESTART jobs on the other hand can be merged, because they get
-         * patched into JOB_START after stopping the unit. So if we see a
-         * JOB_RESTART running, it means the unit hasn't stopped yet and at
-         * this time the merge is still allowed. */
-        return t != JOB_RELOAD;
-}
-
-static void job_merge_into_installed(Job *j, Job *other) {
-        assert(j->installed);
-        assert(j->unit == other->unit);
-
-        if (j->type != JOB_NOP)
-                job_type_merge_and_collapse(&j->type, other->type, j->unit);
-        else
-                assert(other->type == JOB_NOP);
-
-        j->irreversible = j->irreversible || other->irreversible;
-        j->ignore_order = j->ignore_order || other->ignore_order;
-}
-
-Job* job_install(Job *j) {
-        Job **pj;
-        Job *uj;
-
-        assert(!j->installed);
-        assert(j->type < _JOB_TYPE_MAX_IN_TRANSACTION);
-        assert(j->state == JOB_WAITING);
-
-        pj = (j->type == JOB_NOP) ? &j->unit->nop_job : &j->unit->job;
-        uj = *pj;
-
-        if (uj) {
-                if (job_type_is_conflicting(uj->type, j->type))
-                        job_finish_and_invalidate(uj, JOB_CANCELED, false, false);
-                else {
-                        /* not conflicting, i.e. mergeable */
-
-                        if (uj->state == JOB_WAITING ||
-                            (job_type_allows_late_merge(j->type) && job_type_is_superset(uj->type, j->type))) {
-                                job_merge_into_installed(uj, j);
-                                log_unit_debug(uj->unit,
-                                               "Merged into installed job %s/%s as %u",
-                                               uj->unit->id, job_type_to_string(uj->type), (unsigned) uj->id);
-                                return uj;
-                        } else {
-                                /* already running and not safe to merge into */
-                                /* Patch uj to become a merged job and re-run it. */
-                                /* XXX It should be safer to queue j to run after uj finishes, but it is
-                                 * not currently possible to have more than one installed job per unit. */
-                                job_merge_into_installed(uj, j);
-                                log_unit_debug(uj->unit,
-                                               "Merged into running job, re-running: %s/%s as %u",
-                                               uj->unit->id, job_type_to_string(uj->type), (unsigned) uj->id);
-
-                                job_set_state(uj, JOB_WAITING);
-                                return uj;
-                        }
-                }
-        }
-
-        /* Install the job */
-        *pj = j;
-        j->installed = true;
-
-        j->manager->n_installed_jobs++;
-        log_unit_debug(j->unit,
-                       "Installed new job %s/%s as %u",
-                       j->unit->id, job_type_to_string(j->type), (unsigned) j->id);
-        return j;
-}
-
-int job_install_deserialized(Job *j) {
-        Job **pj;
-
-        assert(!j->installed);
-
-        if (j->type < 0 || j->type >= _JOB_TYPE_MAX_IN_TRANSACTION) {
-                log_debug("Invalid job type %s in deserialization.", strna(job_type_to_string(j->type)));
-                return -EINVAL;
-        }
-
-        pj = (j->type == JOB_NOP) ? &j->unit->nop_job : &j->unit->job;
-        if (*pj) {
-                log_unit_debug(j->unit, "Unit already has a job installed. Not installing deserialized job.");
-                return -EEXIST;
-        }
-
-        *pj = j;
-        j->installed = true;
-
-        if (j->state == JOB_RUNNING)
-                j->unit->manager->n_running_jobs++;
-
-        log_unit_debug(j->unit,
-                       "Reinstalled deserialized job %s/%s as %u",
-                       j->unit->id, job_type_to_string(j->type), (unsigned) j->id);
-        return 0;
-}
-
-JobDependency* job_dependency_new(Job *subject, Job *object, bool matters, bool conflicts) {
-        JobDependency *l;
-
-        assert(object);
-
-        /* Adds a new job link, which encodes that the 'subject' job
-         * needs the 'object' job in some way. If 'subject' is NULL
-         * this means the 'anchor' job (i.e. the one the user
-         * explicitly asked for) is the requester. */
-
-        if (!(l = new0(JobDependency, 1)))
-                return NULL;
-
-        l->subject = subject;
-        l->object = object;
-        l->matters = matters;
-        l->conflicts = conflicts;
-
-        if (subject)
-                LIST_PREPEND(subject, subject->subject_list, l);
-
-        LIST_PREPEND(object, object->object_list, l);
-
-        return l;
-}
-
-void job_dependency_free(JobDependency *l) {
-        assert(l);
-
-        if (l->subject)
-                LIST_REMOVE(subject, l->subject->subject_list, l);
-
-        LIST_REMOVE(object, l->object->object_list, l);
-
-        free(l);
-}
-
-void job_dump(Job *j, FILE*f, const char *prefix) {
-        assert(j);
-        assert(f);
-
-        if (!prefix)
-                prefix = "";
-
-        fprintf(f,
-                "%s-> Job %u:\n"
-                "%s\tAction: %s -> %s\n"
-                "%s\tState: %s\n"
-                "%s\tIrreversible: %s\n",
-                prefix, j->id,
-                prefix, j->unit->id, job_type_to_string(j->type),
-                prefix, job_state_to_string(j->state),
-                prefix, yes_no(j->irreversible));
-}
-
-/*
- * Merging is commutative, so imagine the matrix as symmetric. We store only
- * its lower triangle to avoid duplication. We don't store the main diagonal,
- * because A merged with A is simply A.
- *
- * If the resulting type is collapsed immediately afterwards (to get rid of
- * the JOB_RELOAD_OR_START, which lies outside the lookup function's domain),
- * the following properties hold:
- *
- * Merging is associative! A merged with B, and then merged with C is the same
- * as A merged with the result of B merged with C.
- *
- * Mergeability is transitive! If A can be merged with B and B with C then
- * A also with C.
- *
- * Also, if A merged with B cannot be merged with C, then either A or B cannot
- * be merged with C either.
- */
-static const JobType job_merging_table[] = {
-/* What \ With       *  JOB_START         JOB_VERIFY_ACTIVE  JOB_STOP JOB_RELOAD */
-/*********************************************************************************/
-/*JOB_START          */
-/*JOB_VERIFY_ACTIVE  */ JOB_START,
-/*JOB_STOP           */ -1,                  -1,
-/*JOB_RELOAD         */ JOB_RELOAD_OR_START, JOB_RELOAD,          -1,
-/*JOB_RESTART        */ JOB_RESTART,         JOB_RESTART,         -1, JOB_RESTART,
-};
-
-JobType job_type_lookup_merge(JobType a, JobType b) {
-        assert_cc(ELEMENTSOF(job_merging_table) == _JOB_TYPE_MAX_MERGING * (_JOB_TYPE_MAX_MERGING - 1) / 2);
-        assert(a >= 0 && a < _JOB_TYPE_MAX_MERGING);
-        assert(b >= 0 && b < _JOB_TYPE_MAX_MERGING);
-
-        if (a == b)
-                return a;
-
-        if (a < b) {
-                JobType tmp = a;
-                a = b;
-                b = tmp;
-        }
-
-        return job_merging_table[(a - 1) * a / 2 + b];
-}
-
-bool job_type_is_redundant(JobType a, UnitActiveState b) {
-        switch (a) {
-
-        case JOB_START:
-                return
-                        b == UNIT_ACTIVE ||
-                        b == UNIT_RELOADING;
-
-        case JOB_STOP:
-                return
-                        b == UNIT_INACTIVE ||
-                        b == UNIT_FAILED;
-
-        case JOB_VERIFY_ACTIVE:
-                return
-                        b == UNIT_ACTIVE ||
-                        b == UNIT_RELOADING;
-
-        case JOB_RELOAD:
-                return
-                        b == UNIT_RELOADING;
-
-        case JOB_RESTART:
-                return
-                        b == UNIT_ACTIVATING;
-
-        case JOB_NOP:
-                return true;
-
-        default:
-                assert_not_reached("Invalid job type");
-        }
-}
-
-JobType job_type_collapse(JobType t, Unit *u) {
-        UnitActiveState s;
-
-        switch (t) {
-
-        case JOB_TRY_RESTART:
-                s = unit_active_state(u);
-                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(s))
-                        return JOB_NOP;
-
-                return JOB_RESTART;
-
-        case JOB_TRY_RELOAD:
-                s = unit_active_state(u);
-                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(s))
-                        return JOB_NOP;
-
-                return JOB_RELOAD;
-
-        case JOB_RELOAD_OR_START:
-                s = unit_active_state(u);
-                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(s))
-                        return JOB_START;
-
-                return JOB_RELOAD;
-
-        default:
-                return t;
-        }
-}
-
-int job_type_merge_and_collapse(JobType *a, JobType b, Unit *u) {
-        JobType t;
-
-        t = job_type_lookup_merge(*a, b);
-        if (t < 0)
-                return -EEXIST;
-
-        *a = job_type_collapse(t, u);
-        return 0;
-}
-
-static bool job_is_runnable(Job *j) {
-        Iterator i;
-        Unit *other;
-
-        assert(j);
-        assert(j->installed);
-
-        /* Checks whether there is any job running for the units this
-         * job needs to be running after (in the case of a 'positive'
-         * job type) or before (in the case of a 'negative' job
-         * type. */
-
-        /* Note that unit types have a say in what is runnable,
-         * too. For example, if they return -EAGAIN from
-         * unit_start() they can indicate they are not
-         * runnable yet. */
-
-        /* First check if there is an override */
-        if (j->ignore_order)
-                return true;
-
-        if (j->type == JOB_NOP)
-                return true;
-
-        if (j->type == JOB_START ||
-            j->type == JOB_VERIFY_ACTIVE ||
-            j->type == JOB_RELOAD) {
-
-                /* Immediate result is that the job is or might be
-                 * started. In this case let's wait for the
-                 * dependencies, regardless whether they are
-                 * starting or stopping something. */
-
-                SET_FOREACH(other, j->unit->dependencies[UNIT_AFTER], i)
-                        if (other->job)
-                                return false;
-        }
-
-        /* Also, if something else is being stopped and we should
-         * change state after it, then let's wait. */
-
-        SET_FOREACH(other, j->unit->dependencies[UNIT_BEFORE], i)
-                if (other->job &&
-                    (other->job->type == JOB_STOP ||
-                     other->job->type == JOB_RESTART))
-                        return false;
-
-        /* This means that for a service a and a service b where b
-         * shall be started after a:
-         *
-         *  start a + start b → 1st step start a, 2nd step start b
-         *  start a + stop b  → 1st step stop b,  2nd step start a
-         *  stop a  + start b → 1st step stop a,  2nd step start b
-         *  stop a  + stop b  → 1st step stop b,  2nd step stop a
-         *
-         *  This has the side effect that restarts are properly
-         *  synchronized too. */
-
-        return true;
-}
-
-static void job_change_type(Job *j, JobType newtype) {
-        assert(j);
-
-        log_unit_debug(j->unit,
-                       "Converting job %s/%s -> %s/%s",
-                       j->unit->id, job_type_to_string(j->type),
-                       j->unit->id, job_type_to_string(newtype));
-
-        j->type = newtype;
-}
-
-static int job_perform_on_unit(Job **j) {
-        uint32_t id;
-        Manager *m;
-        JobType t;
-        Unit *u;
-        int r;
-
-        /* While we execute this operation the job might go away (for
-         * example: because it finishes immediately or is replaced by
-         * a new, conflicting job.) To make sure we don't access a
-         * freed job later on we store the id here, so that we can
-         * verify the job is still valid. */
-
-        assert(j);
-        assert(*j);
-
-        m = (*j)->manager;
-        u = (*j)->unit;
-        t = (*j)->type;
-        id = (*j)->id;
-
-        switch (t) {
-                case JOB_START:
-                        r = unit_start(u);
-                        break;
-
-                case JOB_RESTART:
-                        t = JOB_STOP;
-                        /* fall through */
-                case JOB_STOP:
-                        r = unit_stop(u);
-                        break;
-
-                case JOB_RELOAD:
-                        r = unit_reload(u);
-                        break;
-
-                default:
-                        assert_not_reached("Invalid job type");
-        }
-
-        /* Log if the job still exists and the start/stop/reload function
-         * actually did something. */
-        *j = manager_get_job(m, id);
-        if (*j && r > 0)
-                unit_status_emit_starting_stopping_reloading(u, t);
-
-        return r;
-}
-
-int job_run_and_invalidate(Job *j) {
-        int r;
-
-        assert(j);
-        assert(j->installed);
-        assert(j->type < _JOB_TYPE_MAX_IN_TRANSACTION);
-        assert(j->in_run_queue);
-
-        LIST_REMOVE(run_queue, j->manager->run_queue, j);
-        j->in_run_queue = false;
-
-        if (j->state != JOB_WAITING)
-                return 0;
-
-        if (!job_is_runnable(j))
-                return -EAGAIN;
-
-        job_set_state(j, JOB_RUNNING);
-        job_add_to_dbus_queue(j);
-
-
-        switch (j->type) {
-
-                case JOB_VERIFY_ACTIVE: {
-                        UnitActiveState t = unit_active_state(j->unit);
-                        if (UNIT_IS_ACTIVE_OR_RELOADING(t))
-                                r = -EALREADY;
-                        else if (t == UNIT_ACTIVATING)
-                                r = -EAGAIN;
-                        else
-                                r = -EBADR;
-                        break;
-                }
-
-                case JOB_START:
-                case JOB_STOP:
-                case JOB_RESTART:
-                        r = job_perform_on_unit(&j);
-
-                        /* If the unit type does not support starting/stopping,
-                         * then simply wait. */
-                        if (r == -EBADR)
-                                r = 0;
-                        break;
-
-                case JOB_RELOAD:
-                        r = job_perform_on_unit(&j);
-                        break;
-
-                case JOB_NOP:
-                        r = -EALREADY;
-                        break;
-
-                default:
-                        assert_not_reached("Unknown job type");
-        }
-
-        if (j) {
-                if (r == -EALREADY)
-                        r = job_finish_and_invalidate(j, JOB_DONE, true, true);
-                else if (r == -EBADR)
-                        r = job_finish_and_invalidate(j, JOB_SKIPPED, true, false);
-                else if (r == -ENOEXEC)
-                        r = job_finish_and_invalidate(j, JOB_INVALID, true, false);
-                else if (r == -EPROTO)
-                        r = job_finish_and_invalidate(j, JOB_ASSERT, true, false);
-                else if (r == -EOPNOTSUPP)
-                        r = job_finish_and_invalidate(j, JOB_UNSUPPORTED, true, false);
-                else if (r == -EAGAIN)
-                        job_set_state(j, JOB_WAITING);
-                else if (r < 0)
-                        r = job_finish_and_invalidate(j, JOB_FAILED, true, false);
-        }
-
-        return r;
-}
-
-_pure_ static const char *job_get_status_message_format(Unit *u, JobType t, JobResult result) {
-
-        static const char *const generic_finished_start_job[_JOB_RESULT_MAX] = {
-                [JOB_DONE]        = "Started %s.",
-                [JOB_TIMEOUT]     = "Timed out starting %s.",
-                [JOB_FAILED]      = "Failed to start %s.",
-                [JOB_DEPENDENCY]  = "Dependency failed for %s.",
-                [JOB_ASSERT]      = "Assertion failed for %s.",
-                [JOB_UNSUPPORTED] = "Starting of %s not supported.",
-        };
-        static const char *const generic_finished_stop_job[_JOB_RESULT_MAX] = {
-                [JOB_DONE]        = "Stopped %s.",
-                [JOB_FAILED]      = "Stopped (with error) %s.",
-                [JOB_TIMEOUT]     = "Timed out stopping %s.",
-        };
-        static const char *const generic_finished_reload_job[_JOB_RESULT_MAX] = {
-                [JOB_DONE]        = "Reloaded %s.",
-                [JOB_FAILED]      = "Reload failed for %s.",
-                [JOB_TIMEOUT]     = "Timed out reloading %s.",
-        };
-        /* When verify-active detects the unit is inactive, report it.
-         * Most likely a DEPEND warning from a requisiting unit will
-         * occur next and it's nice to see what was requisited. */
-        static const char *const generic_finished_verify_active_job[_JOB_RESULT_MAX] = {
-                [JOB_SKIPPED]     = "%s is not active.",
-        };
-
-        const UnitStatusMessageFormats *format_table;
-        const char *format;
-
-        assert(u);
-        assert(t >= 0);
-        assert(t < _JOB_TYPE_MAX);
-
-        if (IN_SET(t, JOB_START, JOB_STOP, JOB_RESTART)) {
-                format_table = &UNIT_VTABLE(u)->status_message_formats;
-                if (format_table) {
-                        format = t == JOB_START ? format_table->finished_start_job[result] :
-                                                  format_table->finished_stop_job[result];
-                        if (format)
-                                return format;
-                }
-        }
-
-        /* Return generic strings */
-        if (t == JOB_START)
-                return generic_finished_start_job[result];
-        else if (t == JOB_STOP || t == JOB_RESTART)
-                return generic_finished_stop_job[result];
-        else if (t == JOB_RELOAD)
-                return generic_finished_reload_job[result];
-        else if (t == JOB_VERIFY_ACTIVE)
-                return generic_finished_verify_active_job[result];
-
-        return NULL;
-}
-
-static void job_print_status_message(Unit *u, JobType t, JobResult result) {
-        static struct {
-                const char *color, *word;
-        } const statuses[_JOB_RESULT_MAX] = {
-                [JOB_DONE]        = {ANSI_GREEN,            "  OK  "},
-                [JOB_TIMEOUT]     = {ANSI_HIGHLIGHT_RED,    " TIME "},
-                [JOB_FAILED]      = {ANSI_HIGHLIGHT_RED,    "FAILED"},
-                [JOB_DEPENDENCY]  = {ANSI_HIGHLIGHT_YELLOW, "DEPEND"},
-                [JOB_SKIPPED]     = {ANSI_HIGHLIGHT,        " INFO "},
-                [JOB_ASSERT]      = {ANSI_HIGHLIGHT_YELLOW, "ASSERT"},
-                [JOB_UNSUPPORTED] = {ANSI_HIGHLIGHT_YELLOW, "UNSUPP"},
-        };
-
-        const char *format;
-        const char *status;
-
-        assert(u);
-        assert(t >= 0);
-        assert(t < _JOB_TYPE_MAX);
-
-        /* Reload status messages have traditionally not been printed to console. */
-        if (t == JOB_RELOAD)
-                return;
-
-        format = job_get_status_message_format(u, t, result);
-        if (!format)
-                return;
-
-        if (log_get_show_color())
-                status = strjoina(statuses[result].color, statuses[result].word, ANSI_NORMAL);
-        else
-                status = statuses[result].word;
-
-        if (result != JOB_DONE)
-                manager_flip_auto_status(u->manager, true);
-
-        DISABLE_WARNING_FORMAT_NONLITERAL;
-        unit_status_printf(u, status, format);
-        REENABLE_WARNING;
-
-        if (t == JOB_START && result == JOB_FAILED) {
-                _cleanup_free_ char *quoted;
-
-                quoted = shell_maybe_quote(u->id);
-                manager_status_printf(u->manager, STATUS_TYPE_NORMAL, NULL, "See 'systemctl status %s' for details.", strna(quoted));
-        }
-}
-
-static void job_log_status_message(Unit *u, JobType t, JobResult result) {
-        const char *format;
-        char buf[LINE_MAX];
-        sd_id128_t mid;
-        static const int job_result_log_level[_JOB_RESULT_MAX] = {
-                [JOB_DONE]        = LOG_INFO,
-                [JOB_CANCELED]    = LOG_INFO,
-                [JOB_TIMEOUT]     = LOG_ERR,
-                [JOB_FAILED]      = LOG_ERR,
-                [JOB_DEPENDENCY]  = LOG_WARNING,
-                [JOB_SKIPPED]     = LOG_NOTICE,
-                [JOB_INVALID]     = LOG_INFO,
-                [JOB_ASSERT]      = LOG_WARNING,
-                [JOB_UNSUPPORTED] = LOG_WARNING,
-        };
-
-        assert(u);
-        assert(t >= 0);
-        assert(t < _JOB_TYPE_MAX);
-
-        /* Skip this if it goes to the console. since we already print
-         * to the console anyway... */
-
-        if (log_on_console())
-                return;
-
-        format = job_get_status_message_format(u, t, result);
-        if (!format)
-                return;
-
-        DISABLE_WARNING_FORMAT_NONLITERAL;
-        xsprintf(buf, format, unit_description(u));
-        REENABLE_WARNING;
-
-        switch (t) {
-
-        case JOB_START:
-                mid = result == JOB_DONE ? SD_MESSAGE_UNIT_STARTED : SD_MESSAGE_UNIT_FAILED;
-                break;
-
-        case JOB_RELOAD:
-                mid = SD_MESSAGE_UNIT_RELOADED;
-                break;
-
-        case JOB_STOP:
-        case JOB_RESTART:
-                mid = SD_MESSAGE_UNIT_STOPPED;
-                break;
-
-        default:
-                log_struct(job_result_log_level[result],
-                           LOG_UNIT_ID(u),
-                           LOG_MESSAGE("%s", buf),
-                           "RESULT=%s", job_result_to_string(result),
-                           NULL);
-                return;
-        }
-
-        log_struct(job_result_log_level[result],
-                   LOG_MESSAGE_ID(mid),
-                   LOG_UNIT_ID(u),
-                   LOG_MESSAGE("%s", buf),
-                   "RESULT=%s", job_result_to_string(result),
-                   NULL);
-}
-
-static void job_emit_status_message(Unit *u, JobType t, JobResult result) {
-
-        /* No message if the job did not actually do anything due to failed condition. */
-        if (t == JOB_START && result == JOB_DONE && !u->condition_result)
-                return;
-
-        job_log_status_message(u, t, result);
-        job_print_status_message(u, t, result);
-}
-
-static void job_fail_dependencies(Unit *u, UnitDependency d) {
-        Unit *other;
-        Iterator i;
-
-        assert(u);
-
-        SET_FOREACH(other, u->dependencies[d], i) {
-                Job *j = other->job;
-
-                if (!j)
-                        continue;
-                if (!IN_SET(j->type, JOB_START, JOB_VERIFY_ACTIVE))
-                        continue;
-
-                job_finish_and_invalidate(j, JOB_DEPENDENCY, true, false);
-        }
-}
-
-int job_finish_and_invalidate(Job *j, JobResult result, bool recursive, bool already) {
-        Unit *u;
-        Unit *other;
-        JobType t;
-        Iterator i;
-
-        assert(j);
-        assert(j->installed);
-        assert(j->type < _JOB_TYPE_MAX_IN_TRANSACTION);
-
-        u = j->unit;
-        t = j->type;
-
-        j->result = result;
-
-        log_unit_debug(u, "Job %s/%s finished, result=%s", u->id, job_type_to_string(t), job_result_to_string(result));
-
-        /* If this job did nothing to respective unit we don't log the status message */
-        if (!already)
-                job_emit_status_message(u, t, result);
-
-        job_add_to_dbus_queue(j);
-
-        /* Patch restart jobs so that they become normal start jobs */
-        if (result == JOB_DONE && t == JOB_RESTART) {
-
-                job_change_type(j, JOB_START);
-                job_set_state(j, JOB_WAITING);
-
-                job_add_to_run_queue(j);
-
-                goto finish;
-        }
-
-        if (result == JOB_FAILED || result == JOB_INVALID)
-                j->manager->n_failed_jobs++;
-
-        job_uninstall(j);
-        job_free(j);
-
-        /* Fail depending jobs on failure */
-        if (result != JOB_DONE && recursive) {
-                if (IN_SET(t, JOB_START, JOB_VERIFY_ACTIVE)) {
-                        job_fail_dependencies(u, UNIT_REQUIRED_BY);
-                        job_fail_dependencies(u, UNIT_REQUISITE_OF);
-                        job_fail_dependencies(u, UNIT_BOUND_BY);
-                } else if (t == JOB_STOP)
-                        job_fail_dependencies(u, UNIT_CONFLICTED_BY);
-        }
-
-        /* Trigger OnFailure dependencies that are not generated by
-         * the unit itself. We don't treat JOB_CANCELED as failure in
-         * this context. And JOB_FAILURE is already handled by the
-         * unit itself. */
-        if (result == JOB_TIMEOUT || result == JOB_DEPENDENCY) {
-                log_struct(LOG_NOTICE,
-                           "JOB_TYPE=%s", job_type_to_string(t),
-                           "JOB_RESULT=%s", job_result_to_string(result),
-                           LOG_UNIT_ID(u),
-                           LOG_UNIT_MESSAGE(u, "Job %s/%s failed with result '%s'.",
-                                            u->id,
-                                            job_type_to_string(t),
-                                            job_result_to_string(result)),
-                           NULL);
-
-                unit_start_on_failure(u);
-        }
-
-        unit_trigger_notify(u);
-
-finish:
-        /* Try to start the next jobs that can be started */
-        SET_FOREACH(other, u->dependencies[UNIT_AFTER], i)
-                if (other->job)
-                        job_add_to_run_queue(other->job);
-        SET_FOREACH(other, u->dependencies[UNIT_BEFORE], i)
-                if (other->job)
-                        job_add_to_run_queue(other->job);
-
-        manager_check_finished(u->manager);
-
-        return 0;
-}
-
-static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *userdata) {
-        Job *j = userdata;
-        Unit *u;
-
-        assert(j);
-        assert(s == j->timer_event_source);
-
-        log_unit_warning(j->unit, "Job %s/%s timed out.", j->unit->id, job_type_to_string(j->type));
-
-        u = j->unit;
-        job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
-
-        failure_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg);
-
-        return 0;
-}
-
-int job_start_timer(Job *j) {
-        int r;
-
-        if (j->timer_event_source)
-                return 0;
-
-        j->begin_usec = now(CLOCK_MONOTONIC);
-
-        if (j->unit->job_timeout == USEC_INFINITY)
-                return 0;
-
-        r = sd_event_add_time(
-                        j->manager->event,
-                        &j->timer_event_source,
-                        CLOCK_MONOTONIC,
-                        usec_add(j->begin_usec, j->unit->job_timeout), 0,
-                        job_dispatch_timer, j);
-        if (r < 0)
-                return r;
-
-        (void) sd_event_source_set_description(j->timer_event_source, "job-start");
-
-        return 0;
-}
-
-void job_add_to_run_queue(Job *j) {
-        assert(j);
-        assert(j->installed);
-
-        if (j->in_run_queue)
-                return;
-
-        if (!j->manager->run_queue)
-                sd_event_source_set_enabled(j->manager->run_queue_event_source, SD_EVENT_ONESHOT);
-
-        LIST_PREPEND(run_queue, j->manager->run_queue, j);
-        j->in_run_queue = true;
-}
-
-void job_add_to_dbus_queue(Job *j) {
-        assert(j);
-        assert(j->installed);
-
-        if (j->in_dbus_queue)
-                return;
-
-        /* We don't check if anybody is subscribed here, since this
-         * job might just have been created and not yet assigned to a
-         * connection/client. */
-
-        LIST_PREPEND(dbus_queue, j->manager->dbus_job_queue, j);
-        j->in_dbus_queue = true;
-}
-
-char *job_dbus_path(Job *j) {
-        char *p;
-
-        assert(j);
-
-        if (asprintf(&p, "/org/freedesktop/systemd1/job/%"PRIu32, j->id) < 0)
-                return NULL;
-
-        return p;
-}
-
-int job_serialize(Job *j, FILE *f, FDSet *fds) {
-        fprintf(f, "job-id=%u\n", j->id);
-        fprintf(f, "job-type=%s\n", job_type_to_string(j->type));
-        fprintf(f, "job-state=%s\n", job_state_to_string(j->state));
-        fprintf(f, "job-irreversible=%s\n", yes_no(j->irreversible));
-        fprintf(f, "job-sent-dbus-new-signal=%s\n", yes_no(j->sent_dbus_new_signal));
-        fprintf(f, "job-ignore-order=%s\n", yes_no(j->ignore_order));
-
-        if (j->begin_usec > 0)
-                fprintf(f, "job-begin="USEC_FMT"\n", j->begin_usec);
-
-        bus_track_serialize(j->clients, f);
-
-        /* End marker */
-        fputc('\n', f);
-        return 0;
-}
-
-int job_deserialize(Job *j, FILE *f, FDSet *fds) {
-        assert(j);
-
-        for (;;) {
-                char line[LINE_MAX], *l, *v;
-                size_t k;
-
-                if (!fgets(line, sizeof(line), f)) {
-                        if (feof(f))
-                                return 0;
-                        return -errno;
-                }
-
-                char_array_0(line);
-                l = strstrip(line);
-
-                /* End marker */
-                if (l[0] == 0)
-                        return 0;
-
-                k = strcspn(l, "=");
-
-                if (l[k] == '=') {
-                        l[k] = 0;
-                        v = l+k+1;
-                } else
-                        v = l+k;
-
-                if (streq(l, "job-id")) {
-
-                        if (safe_atou32(v, &j->id) < 0)
-                                log_debug("Failed to parse job id value %s", v);
-
-                } else if (streq(l, "job-type")) {
-                        JobType t;
-
-                        t = job_type_from_string(v);
-                        if (t < 0)
-                                log_debug("Failed to parse job type %s", v);
-                        else if (t >= _JOB_TYPE_MAX_IN_TRANSACTION)
-                                log_debug("Cannot deserialize job of type %s", v);
-                        else
-                                j->type = t;
-
-                } else if (streq(l, "job-state")) {
-                        JobState s;
-
-                        s = job_state_from_string(v);
-                        if (s < 0)
-                                log_debug("Failed to parse job state %s", v);
-                        else
-                                job_set_state(j, s);
-
-                } else if (streq(l, "job-irreversible")) {
-                        int b;
-
-                        b = parse_boolean(v);
-                        if (b < 0)
-                                log_debug("Failed to parse job irreversible flag %s", v);
-                        else
-                                j->irreversible = j->irreversible || b;
-
-                } else if (streq(l, "job-sent-dbus-new-signal")) {
-                        int b;
-
-                        b = parse_boolean(v);
-                        if (b < 0)
-                                log_debug("Failed to parse job sent_dbus_new_signal flag %s", v);
-                        else
-                                j->sent_dbus_new_signal = j->sent_dbus_new_signal || b;
-
-                } else if (streq(l, "job-ignore-order")) {
-                        int b;
-
-                        b = parse_boolean(v);
-                        if (b < 0)
-                                log_debug("Failed to parse job ignore_order flag %s", v);
-                        else
-                                j->ignore_order = j->ignore_order || b;
-
-                } else if (streq(l, "job-begin")) {
-                        unsigned long long ull;
-
-                        if (sscanf(v, "%llu", &ull) != 1)
-                                log_debug("Failed to parse job-begin value %s", v);
-                        else
-                                j->begin_usec = ull;
-
-                } else if (streq(l, "subscribed")) {
-
-                        if (strv_extend(&j->deserialized_clients, v) < 0)
-                                return log_oom();
-                }
-        }
-}
-
-int job_coldplug(Job *j) {
-        int r;
-
-        assert(j);
-
-        /* After deserialization is complete and the bus connection
-         * set up again, let's start watching our subscribers again */
-        r = bus_track_coldplug(j->manager, &j->clients, &j->deserialized_clients);
-        if (r < 0)
-                return r;
-
-        if (j->state == JOB_WAITING)
-                job_add_to_run_queue(j);
-
-        if (j->begin_usec == 0 || j->unit->job_timeout == USEC_INFINITY)
-                return 0;
-
-        j->timer_event_source = sd_event_source_unref(j->timer_event_source);
-
-        r = sd_event_add_time(
-                        j->manager->event,
-                        &j->timer_event_source,
-                        CLOCK_MONOTONIC,
-                        usec_add(j->begin_usec, j->unit->job_timeout), 0,
-                        job_dispatch_timer, j);
-        if (r < 0)
-                log_debug_errno(r, "Failed to restart timeout for job: %m");
-
-        (void) sd_event_source_set_description(j->timer_event_source, "job-timeout");
-
-        return r;
-}
-
-void job_shutdown_magic(Job *j) {
-        assert(j);
-
-        /* The shutdown target gets some special treatment here: we
-         * tell the kernel to begin with flushing its disk caches, to
-         * optimize shutdown time a bit. Ideally we wouldn't hardcode
-         * this magic into PID 1. However all other processes aren't
-         * options either since they'd exit much sooner than PID 1 and
-         * asynchronous sync() would cause their exit to be
-         * delayed. */
-
-        if (j->type != JOB_START)
-                return;
-
-        if (!MANAGER_IS_SYSTEM(j->unit->manager))
-                return;
-
-        if (!unit_has_name(j->unit, SPECIAL_SHUTDOWN_TARGET))
-                return;
-
-        /* In case messages on console has been disabled on boot */
-        j->unit->manager->no_console_output = false;
-
-        if (detect_container() > 0)
-                return;
-
-        asynchronous_sync();
-}
-
-int job_get_timeout(Job *j, usec_t *timeout) {
-        usec_t x = USEC_INFINITY, y = USEC_INFINITY;
-        Unit *u = j->unit;
-        int r;
-
-        assert(u);
-
-        if (j->timer_event_source) {
-                r = sd_event_source_get_time(j->timer_event_source, &x);
-                if (r < 0)
-                        return r;
-        }
-
-        if (UNIT_VTABLE(u)->get_timeout) {
-                r = UNIT_VTABLE(u)->get_timeout(u, &y);
-                if (r < 0)
-                        return r;
-        }
-
-        if (x == USEC_INFINITY && y == USEC_INFINITY)
-                return 0;
-
-        *timeout = MIN(x, y);
-        return 1;
-}
-
-static const char* const job_state_table[_JOB_STATE_MAX] = {
-        [JOB_WAITING] = "waiting",
-        [JOB_RUNNING] = "running"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(job_state, JobState);
-
-static const char* const job_type_table[_JOB_TYPE_MAX] = {
-        [JOB_START] = "start",
-        [JOB_VERIFY_ACTIVE] = "verify-active",
-        [JOB_STOP] = "stop",
-        [JOB_RELOAD] = "reload",
-        [JOB_RELOAD_OR_START] = "reload-or-start",
-        [JOB_RESTART] = "restart",
-        [JOB_TRY_RESTART] = "try-restart",
-        [JOB_TRY_RELOAD] = "try-reload",
-        [JOB_NOP] = "nop",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(job_type, JobType);
-
-static const char* const job_mode_table[_JOB_MODE_MAX] = {
-        [JOB_FAIL] = "fail",
-        [JOB_REPLACE] = "replace",
-        [JOB_REPLACE_IRREVERSIBLY] = "replace-irreversibly",
-        [JOB_ISOLATE] = "isolate",
-        [JOB_FLUSH] = "flush",
-        [JOB_IGNORE_DEPENDENCIES] = "ignore-dependencies",
-        [JOB_IGNORE_REQUIREMENTS] = "ignore-requirements",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(job_mode, JobMode);
-
-static const char* const job_result_table[_JOB_RESULT_MAX] = {
-        [JOB_DONE] = "done",
-        [JOB_CANCELED] = "canceled",
-        [JOB_TIMEOUT] = "timeout",
-        [JOB_FAILED] = "failed",
-        [JOB_DEPENDENCY] = "dependency",
-        [JOB_SKIPPED] = "skipped",
-        [JOB_INVALID] = "invalid",
-        [JOB_ASSERT] = "assert",
-        [JOB_UNSUPPORTED] = "unsupported",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(job_result, JobResult);
-
-const char* job_type_to_access_method(JobType t) {
-        assert(t >= 0);
-        assert(t < _JOB_TYPE_MAX);
-
-        if (IN_SET(t, JOB_START, JOB_RESTART, JOB_TRY_RESTART))
-                return "start";
-        else if (t == JOB_STOP)
-                return "stop";
-        else
-                return "reload";
-}
diff --git a/src/core/job.h b/src/core/job.h
deleted file mode 100644
index d359e8bb3e..0000000000
--- a/src/core/job.h
+++ /dev/null
@@ -1,242 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-event.h"
-
-#include "list.h"
-#include "unit-name.h"
-
-typedef struct Job Job;
-typedef struct JobDependency JobDependency;
-typedef enum JobType JobType;
-typedef enum JobState JobState;
-typedef enum JobMode JobMode;
-typedef enum JobResult JobResult;
-
-/* Be careful when changing the job types! Adjust job_merging_table[] accordingly! */
-enum JobType {
-        JOB_START,                  /* if a unit does not support being started, we'll just wait until it becomes active */
-        JOB_VERIFY_ACTIVE,
-
-        JOB_STOP,
-
-        JOB_RELOAD,                 /* if running, reload */
-
-        /* Note that restarts are first treated like JOB_STOP, but
-         * then instead of finishing are patched to become
-         * JOB_START. */
-        JOB_RESTART,                /* If running, stop. Then start unconditionally. */
-
-        _JOB_TYPE_MAX_MERGING,
-
-        /* JOB_NOP can enter into a transaction, but as it won't pull in
-         * any dependencies and it uses the special 'nop_job' slot in Unit,
-         * it won't have to merge with anything (except possibly into another
-         * JOB_NOP, previously installed). JOB_NOP is special-cased in
-         * job_type_is_*() functions so that the transaction can be
-         * activated. */
-        JOB_NOP = _JOB_TYPE_MAX_MERGING, /* do nothing */
-
-        _JOB_TYPE_MAX_IN_TRANSACTION,
-
-        /* JOB_TRY_RESTART can never appear in a transaction, because
-         * it always collapses into JOB_RESTART or JOB_NOP before entering.
-         * Thus we never need to merge it with anything. */
-        JOB_TRY_RESTART = _JOB_TYPE_MAX_IN_TRANSACTION, /* if running, stop and then start */
-
-        /* Similar to JOB_TRY_RESTART but collapses to JOB_RELOAD or JOB_NOP */
-        JOB_TRY_RELOAD,
-
-        /* JOB_RELOAD_OR_START won't enter into a transaction and cannot result
-         * from transaction merging (there's no way for JOB_RELOAD and
-         * JOB_START to meet in one transaction). It can result from a merge
-         * during job installation, but then it will immediately collapse into
-         * one of the two simpler types. */
-        JOB_RELOAD_OR_START,        /* if running, reload, otherwise start */
-
-        _JOB_TYPE_MAX,
-        _JOB_TYPE_INVALID = -1
-};
-
-enum JobState {
-        JOB_WAITING,
-        JOB_RUNNING,
-        _JOB_STATE_MAX,
-        _JOB_STATE_INVALID = -1
-};
-
-enum JobMode {
-        JOB_FAIL,                /* Fail if a conflicting job is already queued */
-        JOB_REPLACE,             /* Replace an existing conflicting job */
-        JOB_REPLACE_IRREVERSIBLY,/* Like JOB_REPLACE + produce irreversible jobs */
-        JOB_ISOLATE,             /* Start a unit, and stop all others */
-        JOB_FLUSH,               /* Flush out all other queued jobs when queing this one */
-        JOB_IGNORE_DEPENDENCIES, /* Ignore both requirement and ordering dependencies */
-        JOB_IGNORE_REQUIREMENTS, /* Ignore requirement dependencies */
-        _JOB_MODE_MAX,
-        _JOB_MODE_INVALID = -1
-};
-
-enum JobResult {
-        JOB_DONE,                /* Job completed successfully */
-        JOB_CANCELED,            /* Job canceled by a conflicting job installation or by explicit cancel request */
-        JOB_TIMEOUT,             /* Job timeout elapsed */
-        JOB_FAILED,              /* Job failed */
-        JOB_DEPENDENCY,          /* A required dependency job did not result in JOB_DONE */
-        JOB_SKIPPED,             /* Negative result of JOB_VERIFY_ACTIVE */
-        JOB_INVALID,             /* JOB_RELOAD of inactive unit */
-        JOB_ASSERT,              /* Couldn't start a unit, because an assert didn't hold */
-        JOB_UNSUPPORTED,         /* Couldn't start a unit, because the unit type is not supported on the system */
-        _JOB_RESULT_MAX,
-        _JOB_RESULT_INVALID = -1
-};
-
-#include "unit.h"
-
-struct JobDependency {
-        /* Encodes that the 'subject' job needs the 'object' job in
-         * some way. This structure is used only while building a transaction. */
-        Job *subject;
-        Job *object;
-
-        LIST_FIELDS(JobDependency, subject);
-        LIST_FIELDS(JobDependency, object);
-
-        bool matters;
-        bool conflicts;
-};
-
-struct Job {
-        Manager *manager;
-        Unit *unit;
-
-        LIST_FIELDS(Job, transaction);
-        LIST_FIELDS(Job, run_queue);
-        LIST_FIELDS(Job, dbus_queue);
-
-        LIST_HEAD(JobDependency, subject_list);
-        LIST_HEAD(JobDependency, object_list);
-
-        /* Used for graph algs as a "I have been here" marker */
-        Job* marker;
-        unsigned generation;
-
-        uint32_t id;
-
-        JobType type;
-        JobState state;
-
-        sd_event_source *timer_event_source;
-        usec_t begin_usec;
-
-        /*
-         * This tracks where to send signals, and also which clients
-         * are allowed to call DBus methods on the job (other than
-         * root).
-         *
-         * There can be more than one client, because of job merging.
-         */
-        sd_bus_track *clients;
-        char **deserialized_clients;
-
-        JobResult result;
-
-        bool installed:1;
-        bool in_run_queue:1;
-        bool matters_to_anchor:1;
-        bool in_dbus_queue:1;
-        bool sent_dbus_new_signal:1;
-        bool ignore_order:1;
-        bool irreversible:1;
-};
-
-Job* job_new(Unit *unit, JobType type);
-Job* job_new_raw(Unit *unit);
-void job_free(Job *job);
-Job* job_install(Job *j);
-int job_install_deserialized(Job *j);
-void job_uninstall(Job *j);
-void job_dump(Job *j, FILE*f, const char *prefix);
-int job_serialize(Job *j, FILE *f, FDSet *fds);
-int job_deserialize(Job *j, FILE *f, FDSet *fds);
-int job_coldplug(Job *j);
-
-JobDependency* job_dependency_new(Job *subject, Job *object, bool matters, bool conflicts);
-void job_dependency_free(JobDependency *l);
-
-int job_merge(Job *j, Job *other);
-
-JobType job_type_lookup_merge(JobType a, JobType b) _pure_;
-
-_pure_ static inline bool job_type_is_mergeable(JobType a, JobType b) {
-        return job_type_lookup_merge(a, b) >= 0;
-}
-
-_pure_ static inline bool job_type_is_conflicting(JobType a, JobType b) {
-        return a != JOB_NOP && b != JOB_NOP && !job_type_is_mergeable(a, b);
-}
-
-_pure_ static inline bool job_type_is_superset(JobType a, JobType b) {
-        /* Checks whether operation a is a "superset" of b in its actions */
-        if (b == JOB_NOP)
-                return true;
-        if (a == JOB_NOP)
-                return false;
-        return a == job_type_lookup_merge(a, b);
-}
-
-bool job_type_is_redundant(JobType a, UnitActiveState b) _pure_;
-
-/* Collapses a state-dependent job type into a simpler type by observing
- * the state of the unit which it is going to be applied to. */
-JobType job_type_collapse(JobType t, Unit *u);
-
-int job_type_merge_and_collapse(JobType *a, JobType b, Unit *u);
-
-void job_add_to_run_queue(Job *j);
-void job_add_to_dbus_queue(Job *j);
-
-int job_start_timer(Job *j);
-
-int job_run_and_invalidate(Job *j);
-int job_finish_and_invalidate(Job *j, JobResult result, bool recursive, bool already);
-
-char *job_dbus_path(Job *j);
-
-void job_shutdown_magic(Job *j);
-
-int job_get_timeout(Job *j, usec_t *timeout) _pure_;
-
-const char* job_type_to_string(JobType t) _const_;
-JobType job_type_from_string(const char *s) _pure_;
-
-const char* job_state_to_string(JobState t) _const_;
-JobState job_state_from_string(const char *s) _pure_;
-
-const char* job_mode_to_string(JobMode t) _const_;
-JobMode job_mode_from_string(const char *s) _pure_;
-
-const char* job_result_to_string(JobResult t) _const_;
-JobResult job_result_from_string(const char *s) _pure_;
-
-const char* job_type_to_access_method(JobType t);
diff --git a/src/core/loopback-setup.c b/src/core/loopback-setup.c
deleted file mode 100644
index 04062a7910..0000000000
--- a/src/core/loopback-setup.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/if.h>
-#include <stdlib.h>
-
-#include "sd-netlink.h"
-
-#include "loopback-setup.h"
-#include "missing.h"
-#include "netlink-util.h"
-
-static int start_loopback(sd_netlink *rtnl) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
-        int r;
-
-        r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
-        if (r < 0)
-                return r;
-
-        r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(rtnl, req, 0, NULL);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static bool check_loopback(sd_netlink *rtnl) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        unsigned flags;
-        int r;
-
-        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
-        if (r < 0)
-                return false;
-
-        r = sd_netlink_call(rtnl, req, 0, &reply);
-        if (r < 0)
-                return false;
-
-        r = sd_rtnl_message_link_get_flags(reply, &flags);
-        if (r < 0)
-                return false;
-
-        return flags & IFF_UP;
-}
-
-int loopback_setup(void) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        int r;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return r;
-
-        r = start_loopback(rtnl);
-        if (r < 0) {
-
-                /* If we lack the permissions to configure the
-                 * loopback device, but we find it to be already
-                 * configured, let's exit cleanly, in order to
-                 * supported unprivileged containers. */
-                if (r == -EPERM && check_loopback(rtnl))
-                        return 0;
-
-                return log_warning_errno(r, "Failed to configure loopback device: %m");
-        }
-
-        return 0;
-}
diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
deleted file mode 100644
index 0145fe2894..0000000000
--- a/src/core/machine-id-setup.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <sched.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/mount.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hexdecoct.h"
-#include "io-util.h"
-#include "log.h"
-#include "machine-id-setup.h"
-#include "macro.h"
-#include "mkdir.h"
-#include "mount-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "stat-util.h"
-#include "string-util.h"
-#include "umask-util.h"
-#include "util.h"
-#include "virt.h"
-
-static int shorten_uuid(char destination[34], const char source[36]) {
-        unsigned i, j;
-
-        assert(destination);
-        assert(source);
-
-        /* Converts a UUID into a machine ID, by lowercasing it and
-         * removing dashes. Validates everything. */
-
-        for (i = 0, j = 0; i < 36 && j < 32; i++) {
-                int t;
-
-                t = unhexchar(source[i]);
-                if (t < 0)
-                        continue;
-
-                destination[j++] = hexchar(t);
-        }
-
-        if (i != 36 || j != 32)
-                return -EINVAL;
-
-        destination[32] = '\n';
-        destination[33] = 0;
-        return 0;
-}
-
-static int read_machine_id(int fd, char id[34]) {
-        char id_to_validate[34];
-        int r;
-
-        assert(fd >= 0);
-        assert(id);
-
-        /* Reads a machine ID from a file, validates it, and returns
-         * it. The returned ID ends in a newline. */
-
-        r = loop_read_exact(fd, id_to_validate, 33, false);
-        if (r < 0)
-                return r;
-
-        if (id_to_validate[32] != '\n')
-                return -EINVAL;
-
-        id_to_validate[32] = 0;
-
-        if (!id128_is_valid(id_to_validate))
-                return -EINVAL;
-
-        memcpy(id, id_to_validate, 32);
-        id[32] = '\n';
-        id[33] = 0;
-        return 0;
-}
-
-static int write_machine_id(int fd, const char id[34]) {
-        int r;
-
-        assert(fd >= 0);
-        assert(id);
-
-        if (lseek(fd, 0, SEEK_SET) < 0)
-                return -errno;
-
-        r = loop_write(fd, id, 33, false);
-        if (r < 0)
-                return r;
-
-        if (fsync(fd) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int generate_machine_id(char id[34], const char *root) {
-        int fd, r;
-        unsigned char *p;
-        sd_id128_t buf;
-        char  *q;
-        const char *dbus_machine_id;
-
-        assert(id);
-
-        dbus_machine_id = prefix_roota(root, "/var/lib/dbus/machine-id");
-
-        /* First, try reading the D-Bus machine id, unless it is a symlink */
-        fd = open(dbus_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
-        if (fd >= 0) {
-                r = read_machine_id(fd, id);
-                safe_close(fd);
-
-                if (r >= 0) {
-                        log_info("Initializing machine ID from D-Bus machine ID.");
-                        return 0;
-                }
-        }
-
-        if (isempty(root)) {
-                /* If that didn't work, see if we are running in a container,
-                 * and a machine ID was passed in via $container_uuid the way
-                 * libvirt/LXC does it */
-
-                if (detect_container() > 0) {
-                        _cleanup_free_ char *e = NULL;
-
-                        r = getenv_for_pid(1, "container_uuid", &e);
-                        if (r > 0) {
-                                r = shorten_uuid(id, e);
-                                if (r >= 0) {
-                                        log_info("Initializing machine ID from container UUID.");
-                                        return 0;
-                                }
-                        }
-
-                } else if (detect_vm() == VIRTUALIZATION_KVM) {
-
-                        /* If we are not running in a container, see if we are
-                         * running in qemu/kvm and a machine ID was passed in
-                         * via -uuid on the qemu/kvm command line */
-
-                        char uuid[36];
-
-                        fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
-                        if (fd >= 0) {
-                                r = loop_read_exact(fd, uuid, 36, false);
-                                safe_close(fd);
-
-                                if (r >= 0) {
-                                        r = shorten_uuid(id, uuid);
-                                        if (r >= 0) {
-                                                log_info("Initializing machine ID from KVM UUID.");
-                                                return 0;
-                                        }
-                                }
-                        }
-                }
-        }
-
-        /* If that didn't work, generate a random machine id */
-        r = sd_id128_randomize(&buf);
-        if (r < 0)
-                return log_error_errno(r, "Failed to open /dev/urandom: %m");
-
-        for (p = buf.bytes, q = id; p < buf.bytes + sizeof(buf); p++, q += 2) {
-                q[0] = hexchar(*p >> 4);
-                q[1] = hexchar(*p & 15);
-        }
-
-        id[32] = '\n';
-        id[33] = 0;
-
-        log_info("Initializing machine ID from random generator.");
-
-        return 0;
-}
-
-int machine_id_setup(const char *root, sd_id128_t machine_id) {
-        const char *etc_machine_id, *run_machine_id;
-        _cleanup_close_ int fd = -1;
-        bool writable = true;
-        char id[34]; /* 32 + \n + \0 */
-        int r;
-
-        etc_machine_id = prefix_roota(root, "/etc/machine-id");
-        run_machine_id = prefix_roota(root, "/run/machine-id");
-
-        RUN_WITH_UMASK(0000) {
-                /* We create this 0444, to indicate that this isn't really
-                 * something you should ever modify. Of course, since the file
-                 * will be owned by root it doesn't matter much, but maybe
-                 * people look. */
-
-                mkdir_parents(etc_machine_id, 0755);
-                fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
-                if (fd < 0) {
-                        int old_errno = errno;
-
-                        fd = open(etc_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                        if (fd < 0) {
-                                if (old_errno == EROFS && errno == ENOENT)
-                                        log_error_errno(errno,
-                                                  "System cannot boot: Missing /etc/machine-id and /etc is mounted read-only.\n"
-                                                  "Booting up is supported only when:\n"
-                                                  "1) /etc/machine-id exists and is populated.\n"
-                                                  "2) /etc/machine-id exists and is empty.\n"
-                                                  "3) /etc/machine-id is missing and /etc is writable.\n");
-                                else
-                                        log_error_errno(errno, "Cannot open %s: %m", etc_machine_id);
-
-                                return -errno;
-                        }
-
-                        writable = false;
-                }
-        }
-
-        /* A machine id argument overrides all other machined-ids */
-        if (!sd_id128_is_null(machine_id)) {
-                sd_id128_to_string(machine_id, id);
-                id[32] = '\n';
-                id[33] = 0;
-        } else {
-                if (read_machine_id(fd, id) >= 0)
-                        return 0;
-
-                /* Hmm, so, the id currently stored is not useful, then let's
-                 * generate one */
-
-                r = generate_machine_id(id, root);
-                if (r < 0)
-                        return r;
-        }
-
-        if (writable)
-                if (write_machine_id(fd, id) >= 0)
-                        return 0;
-
-        fd = safe_close(fd);
-
-        /* Hmm, we couldn't write it? So let's write it to
-         * /run/machine-id as a replacement */
-
-        RUN_WITH_UMASK(0022) {
-                r = write_string_file(run_machine_id, id, WRITE_STRING_FILE_CREATE);
-                if (r < 0) {
-                        (void) unlink(run_machine_id);
-                        return log_error_errno(r, "Cannot write %s: %m", run_machine_id);
-                }
-        }
-
-        /* And now, let's mount it over */
-        if (mount(run_machine_id, etc_machine_id, NULL, MS_BIND, NULL) < 0) {
-                (void) unlink_noerrno(run_machine_id);
-                return log_error_errno(errno, "Failed to mount %s: %m", etc_machine_id);
-        }
-
-        log_info("Installed transient %s file.", etc_machine_id);
-
-        /* Mark the mount read-only */
-        if (mount(NULL, etc_machine_id, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL) < 0)
-                log_warning_errno(errno, "Failed to make transient %s read-only: %m", etc_machine_id);
-
-        return 0;
-}
-
-int machine_id_commit(const char *root) {
-        _cleanup_close_ int fd = -1, initial_mntns_fd = -1;
-        const char *etc_machine_id;
-        char id[34]; /* 32 + \n + \0 */
-        int r;
-
-        etc_machine_id = prefix_roota(root, "/etc/machine-id");
-
-        r = path_is_mount_point(etc_machine_id, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine whether %s is a mount point: %m", etc_machine_id);
-        if (r == 0) {
-                log_debug("%s is is not a mount point. Nothing to do.", etc_machine_id);
-                return 0;
-        }
-
-        /* Read existing machine-id */
-        fd = open(etc_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-        if (fd < 0)
-                return log_error_errno(errno, "Cannot open %s: %m", etc_machine_id);
-
-        r = read_machine_id(fd, id);
-        if (r < 0)
-                return log_error_errno(r, "We didn't find a valid machine ID in %s.", etc_machine_id);
-
-        r = fd_is_temporary_fs(fd);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine whether %s is on a temporary file system: %m", etc_machine_id);
-        if (r == 0) {
-                log_error("%s is not on a temporary file system.", etc_machine_id);
-                return -EROFS;
-        }
-
-        fd = safe_close(fd);
-
-        /* Store current mount namespace */
-        r = namespace_open(0, NULL, &initial_mntns_fd, NULL, NULL, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Can't fetch current mount namespace: %m");
-
-        /* Switch to a new mount namespace, isolate ourself and unmount etc_machine_id in our new namespace */
-        if (unshare(CLONE_NEWNS) < 0)
-                return log_error_errno(errno, "Failed to enter new namespace: %m");
-
-        if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
-                return log_error_errno(errno, "Couldn't make-rslave / mountpoint in our private namespace: %m");
-
-        if (umount(etc_machine_id) < 0)
-                return log_error_errno(errno, "Failed to unmount transient %s file in our private namespace: %m", etc_machine_id);
-
-        /* Update a persistent version of etc_machine_id */
-        fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
-        if (fd < 0)
-                return log_error_errno(errno, "Cannot open for writing %s. This is mandatory to get a persistent machine-id: %m", etc_machine_id);
-
-        r = write_machine_id(fd, id);
-        if (r < 0)
-                return log_error_errno(r, "Cannot write %s: %m", etc_machine_id);
-
-        fd = safe_close(fd);
-
-        /* Return to initial namespace and proceed a lazy tmpfs unmount */
-        r = namespace_enter(-1, initial_mntns_fd, -1, -1, -1);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to switch back to initial mount namespace: %m.\nWe'll keep transient %s file until next reboot.", etc_machine_id);
-
-        if (umount2(etc_machine_id, MNT_DETACH) < 0)
-                return log_warning_errno(errno, "Failed to unmount transient %s file: %m.\nWe keep that mount until next reboot.", etc_machine_id);
-
-        return 0;
-}
diff --git a/src/core/main.c b/src/core/main.c
deleted file mode 100644
index 5ed8c3d3f5..0000000000
--- a/src/core/main.c
+++ /dev/null
@@ -1,2149 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/mount.h>
-#include <sys/prctl.h>
-#include <sys/reboot.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#ifdef HAVE_SECCOMP
-#include <seccomp.h>
-#endif
-#ifdef HAVE_VALGRIND_VALGRIND_H
-#include <valgrind/valgrind.h>
-#endif
-
-#include "sd-bus.h"
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "architecture.h"
-#include "build.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "capability-util.h"
-#include "clock-util.h"
-#include "conf-parser.h"
-#include "cpu-set-util.h"
-#include "dbus-manager.h"
-#include "def.h"
-#include "env-util.h"
-#include "fd-util.h"
-#include "fdset.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "hostname-setup.h"
-#include "ima-setup.h"
-#include "killall.h"
-#include "kmod-setup.h"
-#include "load-fragment.h"
-#include "log.h"
-#include "loopback-setup.h"
-#include "machine-id-setup.h"
-#include "manager.h"
-#include "missing.h"
-#include "mount-setup.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "proc-cmdline.h"
-#include "process-util.h"
-#include "rlimit-util.h"
-#include "selinux-setup.h"
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "smack-setup.h"
-#include "special.h"
-#include "stat-util.h"
-#include "stdio-util.h"
-#include "strv.h"
-#include "switch-root.h"
-#include "terminal-util.h"
-#include "umask-util.h"
-#include "user-util.h"
-#include "virt.h"
-#include "watchdog.h"
-
-static enum {
-        ACTION_RUN,
-        ACTION_HELP,
-        ACTION_VERSION,
-        ACTION_TEST,
-        ACTION_DUMP_CONFIGURATION_ITEMS,
-        ACTION_DONE
-} arg_action = ACTION_RUN;
-static char *arg_default_unit = NULL;
-static bool arg_system = false;
-static bool arg_dump_core = true;
-static int arg_crash_chvt = -1;
-static bool arg_crash_shell = false;
-static bool arg_crash_reboot = false;
-static bool arg_confirm_spawn = false;
-static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
-static bool arg_switched_root = false;
-static bool arg_no_pager = false;
-static char ***arg_join_controllers = NULL;
-static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
-static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
-static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
-static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
-static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
-static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
-static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
-static usec_t arg_runtime_watchdog = 0;
-static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
-static char **arg_default_environment = NULL;
-static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
-static uint64_t arg_capability_bounding_set = CAP_ALL;
-static nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
-static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
-static Set* arg_syscall_archs = NULL;
-static FILE* arg_serialization = NULL;
-static bool arg_default_cpu_accounting = false;
-static bool arg_default_io_accounting = false;
-static bool arg_default_blockio_accounting = false;
-static bool arg_default_memory_accounting = false;
-static bool arg_default_tasks_accounting = true;
-static uint64_t arg_default_tasks_max = UINT64_C(512);
-static sd_id128_t arg_machine_id = {};
-
-noreturn static void freeze_or_reboot(void) {
-
-        if (arg_crash_reboot) {
-                log_notice("Rebooting in 10s...");
-                (void) sleep(10);
-
-                log_notice("Rebooting now...");
-                (void) reboot(RB_AUTOBOOT);
-                log_emergency_errno(errno, "Failed to reboot: %m");
-        }
-
-        log_emergency("Freezing execution.");
-        freeze();
-}
-
-noreturn static void crash(int sig) {
-        struct sigaction sa;
-        pid_t pid;
-
-        if (getpid() != 1)
-                /* Pass this on immediately, if this is not PID 1 */
-                (void) raise(sig);
-        else if (!arg_dump_core)
-                log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
-        else {
-                sa = (struct sigaction) {
-                        .sa_handler = nop_signal_handler,
-                        .sa_flags = SA_NOCLDSTOP|SA_RESTART,
-                };
-
-                /* We want to wait for the core process, hence let's enable SIGCHLD */
-                (void) sigaction(SIGCHLD, &sa, NULL);
-
-                pid = raw_clone(SIGCHLD, NULL);
-                if (pid < 0)
-                        log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
-                else if (pid == 0) {
-                        /* Enable default signal handler for core dump */
-
-                        sa = (struct sigaction) {
-                                .sa_handler = SIG_DFL,
-                        };
-                        (void) sigaction(sig, &sa, NULL);
-
-                        /* Don't limit the coredump size */
-                        (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
-
-                        /* Just to be sure... */
-                        (void) chdir("/");
-
-                        /* Raise the signal again */
-                        pid = raw_getpid();
-                        (void) kill(pid, sig); /* raise() would kill the parent */
-
-                        assert_not_reached("We shouldn't be here...");
-                        _exit(EXIT_FAILURE);
-                } else {
-                        siginfo_t status;
-                        int r;
-
-                        /* Order things nicely. */
-                        r = wait_for_terminate(pid, &status);
-                        if (r < 0)
-                                log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
-                        else if (status.si_code != CLD_DUMPED)
-                                log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
-                                              signal_to_string(sig),
-                                              pid, sigchld_code_to_string(status.si_code),
-                                              status.si_status,
-                                              strna(status.si_code == CLD_EXITED
-                                                    ? exit_status_to_string(status.si_status, EXIT_STATUS_FULL)
-                                                    : signal_to_string(status.si_status)));
-                        else
-                                log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
-                }
-        }
-
-        if (arg_crash_chvt >= 0)
-                (void) chvt(arg_crash_chvt);
-
-        sa = (struct sigaction) {
-                .sa_handler = SIG_IGN,
-                .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
-        };
-
-        /* Let the kernel reap children for us */
-        (void) sigaction(SIGCHLD, &sa, NULL);
-
-        if (arg_crash_shell) {
-                log_notice("Executing crash shell in 10s...");
-                (void) sleep(10);
-
-                pid = raw_clone(SIGCHLD, NULL);
-                if (pid < 0)
-                        log_emergency_errno(errno, "Failed to fork off crash shell: %m");
-                else if (pid == 0) {
-                        (void) setsid();
-                        (void) make_console_stdio();
-                        (void) execle("/bin/sh", "/bin/sh", NULL, environ);
-
-                        log_emergency_errno(errno, "execle() failed: %m");
-                        _exit(EXIT_FAILURE);
-                } else {
-                        log_info("Spawned crash shell as PID "PID_FMT".", pid);
-                        (void) wait_for_terminate(pid, NULL);
-                }
-        }
-
-        freeze_or_reboot();
-}
-
-static void install_crash_handler(void) {
-        static const struct sigaction sa = {
-                .sa_handler = crash,
-                .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
-        };
-        int r;
-
-        /* We ignore the return value here, since, we don't mind if we
-         * cannot set up a crash handler */
-        r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
-        if (r < 0)
-                log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
-}
-
-static int console_setup(void) {
-        _cleanup_close_ int tty_fd = -1;
-        int r;
-
-        tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
-        if (tty_fd < 0)
-                return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
-
-        /* We don't want to force text mode.  plymouth may be showing
-         * pictures already from initrd. */
-        r = reset_terminal_fd(tty_fd, false);
-        if (r < 0)
-                return log_error_errno(r, "Failed to reset /dev/console: %m");
-
-        return 0;
-}
-
-static int parse_crash_chvt(const char *value) {
-        int b;
-
-        if (safe_atoi(value, &arg_crash_chvt) >= 0)
-                return 0;
-
-        b = parse_boolean(value);
-        if (b < 0)
-                return b;
-
-        if (b > 0)
-                arg_crash_chvt = 0; /* switch to where kmsg goes */
-        else
-                arg_crash_chvt = -1; /* turn off switching */
-
-        return 0;
-}
-
-static int set_machine_id(const char *m) {
-        assert(m);
-
-        if (sd_id128_from_string(m, &arg_machine_id) < 0)
-                return -EINVAL;
-
-        if (sd_id128_is_null(arg_machine_id))
-                return -EINVAL;
-
-        return 0;
-}
-
-static int parse_proc_cmdline_item(const char *key, const char *value) {
-
-        int r;
-
-        assert(key);
-
-        if (streq(key, "systemd.unit") && value) {
-
-                if (!in_initrd())
-                        return free_and_strdup(&arg_default_unit, value);
-
-        } else if (streq(key, "rd.systemd.unit") && value) {
-
-                if (in_initrd())
-                        return free_and_strdup(&arg_default_unit, value);
-
-        } else if (streq(key, "systemd.dump_core") && value) {
-
-                r = parse_boolean(value);
-                if (r < 0)
-                        log_warning("Failed to parse dump core switch %s. Ignoring.", value);
-                else
-                        arg_dump_core = r;
-
-        } else if (streq(key, "systemd.crash_chvt") && value) {
-
-                if (parse_crash_chvt(value) < 0)
-                        log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
-
-        } else if (streq(key, "systemd.crash_shell") && value) {
-
-                r = parse_boolean(value);
-                if (r < 0)
-                        log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
-                else
-                        arg_crash_shell = r;
-
-        } else if (streq(key, "systemd.crash_reboot") && value) {
-
-                r = parse_boolean(value);
-                if (r < 0)
-                        log_warning("Failed to parse crash reboot switch %s. Ignoring.", value);
-                else
-                        arg_crash_reboot = r;
-
-        } else if (streq(key, "systemd.confirm_spawn") && value) {
-
-                r = parse_boolean(value);
-                if (r < 0)
-                        log_warning("Failed to parse confirm spawn switch %s. Ignoring.", value);
-                else
-                        arg_confirm_spawn = r;
-
-        } else if (streq(key, "systemd.show_status") && value) {
-
-                r = parse_show_status(value, &arg_show_status);
-                if (r < 0)
-                        log_warning("Failed to parse show status switch %s. Ignoring.", value);
-
-        } else if (streq(key, "systemd.default_standard_output") && value) {
-
-                r = exec_output_from_string(value);
-                if (r < 0)
-                        log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
-                else
-                        arg_default_std_output = r;
-
-        } else if (streq(key, "systemd.default_standard_error") && value) {
-
-                r = exec_output_from_string(value);
-                if (r < 0)
-                        log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
-                else
-                        arg_default_std_error = r;
-
-        } else if (streq(key, "systemd.setenv") && value) {
-
-                if (env_assignment_is_valid(value)) {
-                        char **env;
-
-                        env = strv_env_set(arg_default_environment, value);
-                        if (env)
-                                arg_default_environment = env;
-                        else
-                                log_warning_errno(ENOMEM, "Setting environment variable '%s' failed, ignoring: %m", value);
-                } else
-                        log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
-
-        } else if (streq(key, "systemd.machine_id") && value) {
-
-               r = set_machine_id(value);
-               if (r < 0)
-                       log_warning("MachineID '%s' is not valid. Ignoring.", value);
-
-        } else if (streq(key, "quiet") && !value) {
-
-                if (arg_show_status == _SHOW_STATUS_UNSET)
-                        arg_show_status = SHOW_STATUS_AUTO;
-
-        } else if (streq(key, "debug") && !value) {
-
-                /* Note that log_parse_environment() handles 'debug'
-                 * too, and sets the log level to LOG_DEBUG. */
-
-                if (detect_container() > 0)
-                        log_set_target(LOG_TARGET_CONSOLE);
-
-        } else if (!in_initrd() && !value) {
-                const char *target;
-
-                /* SysV compatibility */
-                target = runlevel_to_target(key);
-                if (target)
-                        return free_and_strdup(&arg_default_unit, target);
-
-        } else if (streq(key, "systemd.default_timeout_start_sec") && value) {
-
-                r = parse_sec(value, &arg_default_timeout_start_usec);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to parse default start timeout: %s, ignoring.", value);
-
-                if (arg_default_timeout_start_usec <= 0)
-                        arg_default_timeout_start_usec = USEC_INFINITY;
-        }
-
-        return 0;
-}
-
-#define DEFINE_SETTER(name, func, descr)                              \
-        static int name(const char *unit,                             \
-                        const char *filename,                         \
-                        unsigned line,                                \
-                        const char *section,                          \
-                        unsigned section_line,                        \
-                        const char *lvalue,                           \
-                        int ltype,                                    \
-                        const char *rvalue,                           \
-                        void *data,                                   \
-                        void *userdata) {                             \
-                                                                      \
-                int r;                                                \
-                                                                      \
-                assert(filename);                                     \
-                assert(lvalue);                                       \
-                assert(rvalue);                                       \
-                                                                      \
-                r = func(rvalue);                                     \
-                if (r < 0)                                            \
-                        log_syntax(unit, LOG_ERR, filename, line, r,  \
-                                   "Invalid " descr "'%s': %m",       \
-                                   rvalue);                           \
-                                                                      \
-                return 0;                                             \
-        }
-
-DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
-DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
-DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
-DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
-
-static int config_parse_cpu_affinity2(
-                const char *unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        _cleanup_cpu_free_ cpu_set_t *c = NULL;
-        int ncpus;
-
-        ncpus = parse_cpu_set_and_warn(rvalue, &c, unit, filename, line, lvalue);
-        if (ncpus < 0)
-                return ncpus;
-
-        if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
-                log_warning("Failed to set CPU affinity: %m");
-
-        return 0;
-}
-
-static int config_parse_show_status(
-                const char* unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        int k;
-        ShowStatus *b = data;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-        assert(data);
-
-        k = parse_show_status(rvalue, b);
-        if (k < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
-                return 0;
-        }
-
-        return 0;
-}
-
-static int config_parse_crash_chvt(
-                const char* unit,
-                const char *filename,
-                unsigned line,
-                const char *section,
-                unsigned section_line,
-                const char *lvalue,
-                int ltype,
-                const char *rvalue,
-                void *data,
-                void *userdata) {
-
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-
-        r = parse_crash_chvt(rvalue);
-        if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
-                return 0;
-        }
-
-        return 0;
-}
-
-static int config_parse_join_controllers(const char *unit,
-                                         const char *filename,
-                                         unsigned line,
-                                         const char *section,
-                                         unsigned section_line,
-                                         const char *lvalue,
-                                         int ltype,
-                                         const char *rvalue,
-                                         void *data,
-                                         void *userdata) {
-
-        const char *whole_rvalue = rvalue;
-        unsigned n = 0;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-
-        arg_join_controllers = strv_free_free(arg_join_controllers);
-
-        for (;;) {
-                _cleanup_free_ char *word = NULL;
-                char **l;
-                int r;
-
-                r = extract_first_word(&rvalue, &word, WHITESPACE, EXTRACT_QUOTES);
-                if (r < 0) {
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Invalid value for %s: %s", lvalue, whole_rvalue);
-                        return r;
-                }
-                if (r == 0)
-                        break;
-
-                l = strv_split(word, ",");
-                if (!l)
-                        return log_oom();
-                strv_uniq(l);
-
-                if (strv_length(l) <= 1) {
-                        strv_free(l);
-                        continue;
-                }
-
-                if (!arg_join_controllers) {
-                        arg_join_controllers = new(char**, 2);
-                        if (!arg_join_controllers) {
-                                strv_free(l);
-                                return log_oom();
-                        }
-
-                        arg_join_controllers[0] = l;
-                        arg_join_controllers[1] = NULL;
-
-                        n = 1;
-                } else {
-                        char ***a;
-                        char ***t;
-
-                        t = new0(char**, n+2);
-                        if (!t) {
-                                strv_free(l);
-                                return log_oom();
-                        }
-
-                        n = 0;
-
-                        for (a = arg_join_controllers; *a; a++) {
-
-                                if (strv_overlap(*a, l)) {
-                                        if (strv_extend_strv(&l, *a, false) < 0) {
-                                                strv_free(l);
-                                                strv_free_free(t);
-                                                return log_oom();
-                                        }
-
-                                } else {
-                                        char **c;
-
-                                        c = strv_copy(*a);
-                                        if (!c) {
-                                                strv_free(l);
-                                                strv_free_free(t);
-                                                return log_oom();
-                                        }
-
-                                        t[n++] = c;
-                                }
-                        }
-
-                        t[n++] = strv_uniq(l);
-
-                        strv_free_free(arg_join_controllers);
-                        arg_join_controllers = t;
-                }
-        }
-        if (!isempty(rvalue))
-                log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
-
-        return 0;
-}
-
-static int parse_config_file(void) {
-
-        const ConfigTableItem items[] = {
-                { "Manager", "LogLevel",                  config_parse_level2,           0, NULL                                   },
-                { "Manager", "LogTarget",                 config_parse_target,           0, NULL                                   },
-                { "Manager", "LogColor",                  config_parse_color,            0, NULL                                   },
-                { "Manager", "LogLocation",               config_parse_location,         0, NULL                                   },
-                { "Manager", "DumpCore",                  config_parse_bool,             0, &arg_dump_core                         },
-                { "Manager", "CrashChVT", /* legacy */    config_parse_crash_chvt,       0, NULL                                   },
-                { "Manager", "CrashChangeVT",             config_parse_crash_chvt,       0, NULL                                   },
-                { "Manager", "CrashShell",                config_parse_bool,             0, &arg_crash_shell                       },
-                { "Manager", "CrashReboot",               config_parse_bool,             0, &arg_crash_reboot                      },
-                { "Manager", "ShowStatus",                config_parse_show_status,      0, &arg_show_status                       },
-                { "Manager", "CPUAffinity",               config_parse_cpu_affinity2,    0, NULL                                   },
-                { "Manager", "JoinControllers",           config_parse_join_controllers, 0, &arg_join_controllers                  },
-                { "Manager", "RuntimeWatchdogSec",        config_parse_sec,              0, &arg_runtime_watchdog                  },
-                { "Manager", "ShutdownWatchdogSec",       config_parse_sec,              0, &arg_shutdown_watchdog                 },
-                { "Manager", "CapabilityBoundingSet",     config_parse_capability_set,   0, &arg_capability_bounding_set           },
-#ifdef HAVE_SECCOMP
-                { "Manager", "SystemCallArchitectures",   config_parse_syscall_archs,    0, &arg_syscall_archs                     },
-#endif
-                { "Manager", "TimerSlackNSec",            config_parse_nsec,             0, &arg_timer_slack_nsec                  },
-                { "Manager", "DefaultTimerAccuracySec",   config_parse_sec,              0, &arg_default_timer_accuracy_usec       },
-                { "Manager", "DefaultStandardOutput",     config_parse_output,           0, &arg_default_std_output                },
-                { "Manager", "DefaultStandardError",      config_parse_output,           0, &arg_default_std_error                 },
-                { "Manager", "DefaultTimeoutStartSec",    config_parse_sec,              0, &arg_default_timeout_start_usec        },
-                { "Manager", "DefaultTimeoutStopSec",     config_parse_sec,              0, &arg_default_timeout_stop_usec         },
-                { "Manager", "DefaultRestartSec",         config_parse_sec,              0, &arg_default_restart_usec              },
-                { "Manager", "DefaultStartLimitInterval", config_parse_sec,              0, &arg_default_start_limit_interval      }, /* obsolete alias */
-                { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec,            0, &arg_default_start_limit_interval      },
-                { "Manager", "DefaultStartLimitBurst",    config_parse_unsigned,         0, &arg_default_start_limit_burst         },
-                { "Manager", "DefaultEnvironment",        config_parse_environ,          0, &arg_default_environment               },
-                { "Manager", "DefaultLimitCPU",           config_parse_limit,            RLIMIT_CPU, arg_default_rlimit            },
-                { "Manager", "DefaultLimitFSIZE",         config_parse_limit,            RLIMIT_FSIZE, arg_default_rlimit          },
-                { "Manager", "DefaultLimitDATA",          config_parse_limit,            RLIMIT_DATA, arg_default_rlimit           },
-                { "Manager", "DefaultLimitSTACK",         config_parse_limit,            RLIMIT_STACK, arg_default_rlimit          },
-                { "Manager", "DefaultLimitCORE",          config_parse_limit,            RLIMIT_CORE, arg_default_rlimit           },
-                { "Manager", "DefaultLimitRSS",           config_parse_limit,            RLIMIT_RSS, arg_default_rlimit            },
-                { "Manager", "DefaultLimitNOFILE",        config_parse_limit,            RLIMIT_NOFILE, arg_default_rlimit         },
-                { "Manager", "DefaultLimitAS",            config_parse_limit,            RLIMIT_AS, arg_default_rlimit             },
-                { "Manager", "DefaultLimitNPROC",         config_parse_limit,            RLIMIT_NPROC, arg_default_rlimit          },
-                { "Manager", "DefaultLimitMEMLOCK",       config_parse_limit,            RLIMIT_MEMLOCK, arg_default_rlimit        },
-                { "Manager", "DefaultLimitLOCKS",         config_parse_limit,            RLIMIT_LOCKS, arg_default_rlimit          },
-                { "Manager", "DefaultLimitSIGPENDING",    config_parse_limit,            RLIMIT_SIGPENDING, arg_default_rlimit     },
-                { "Manager", "DefaultLimitMSGQUEUE",      config_parse_limit,            RLIMIT_MSGQUEUE, arg_default_rlimit       },
-                { "Manager", "DefaultLimitNICE",          config_parse_limit,            RLIMIT_NICE, arg_default_rlimit           },
-                { "Manager", "DefaultLimitRTPRIO",        config_parse_limit,            RLIMIT_RTPRIO, arg_default_rlimit         },
-                { "Manager", "DefaultLimitRTTIME",        config_parse_limit,            RLIMIT_RTTIME, arg_default_rlimit         },
-                { "Manager", "DefaultCPUAccounting",      config_parse_bool,             0, &arg_default_cpu_accounting            },
-                { "Manager", "DefaultIOAccounting",       config_parse_bool,             0, &arg_default_io_accounting             },
-                { "Manager", "DefaultBlockIOAccounting",  config_parse_bool,             0, &arg_default_blockio_accounting        },
-                { "Manager", "DefaultMemoryAccounting",   config_parse_bool,             0, &arg_default_memory_accounting         },
-                { "Manager", "DefaultTasksAccounting",    config_parse_bool,             0, &arg_default_tasks_accounting          },
-                { "Manager", "DefaultTasksMax",           config_parse_tasks_max,        0, &arg_default_tasks_max                 },
-                {}
-        };
-
-        const char *fn, *conf_dirs_nulstr;
-
-        fn = arg_system ?
-                PKGSYSCONFDIR "/system.conf" :
-                PKGSYSCONFDIR "/user.conf";
-
-        conf_dirs_nulstr = arg_system ?
-                CONF_PATHS_NULSTR("systemd/system.conf.d") :
-                CONF_PATHS_NULSTR("systemd/user.conf.d");
-
-        config_parse_many(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, false, NULL);
-
-        /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
-         * like everywhere else. */
-        if (arg_default_timeout_start_usec <= 0)
-                arg_default_timeout_start_usec = USEC_INFINITY;
-        if (arg_default_timeout_stop_usec <= 0)
-                arg_default_timeout_stop_usec = USEC_INFINITY;
-
-        return 0;
-}
-
-static void manager_set_defaults(Manager *m) {
-
-        assert(m);
-
-        m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
-        m->default_std_output = arg_default_std_output;
-        m->default_std_error = arg_default_std_error;
-        m->default_timeout_start_usec = arg_default_timeout_start_usec;
-        m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
-        m->default_restart_usec = arg_default_restart_usec;
-        m->default_start_limit_interval = arg_default_start_limit_interval;
-        m->default_start_limit_burst = arg_default_start_limit_burst;
-        m->default_cpu_accounting = arg_default_cpu_accounting;
-        m->default_io_accounting = arg_default_io_accounting;
-        m->default_blockio_accounting = arg_default_blockio_accounting;
-        m->default_memory_accounting = arg_default_memory_accounting;
-        m->default_tasks_accounting = arg_default_tasks_accounting;
-        m->default_tasks_max = arg_default_tasks_max;
-
-        manager_set_default_rlimits(m, arg_default_rlimit);
-        manager_environment_add(m, NULL, arg_default_environment);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_LOG_LEVEL = 0x100,
-                ARG_LOG_TARGET,
-                ARG_LOG_COLOR,
-                ARG_LOG_LOCATION,
-                ARG_UNIT,
-                ARG_SYSTEM,
-                ARG_USER,
-                ARG_TEST,
-                ARG_NO_PAGER,
-                ARG_VERSION,
-                ARG_DUMP_CONFIGURATION_ITEMS,
-                ARG_DUMP_CORE,
-                ARG_CRASH_CHVT,
-                ARG_CRASH_SHELL,
-                ARG_CRASH_REBOOT,
-                ARG_CONFIRM_SPAWN,
-                ARG_SHOW_STATUS,
-                ARG_DESERIALIZE,
-                ARG_SWITCHED_ROOT,
-                ARG_DEFAULT_STD_OUTPUT,
-                ARG_DEFAULT_STD_ERROR,
-                ARG_MACHINE_ID
-        };
-
-        static const struct option options[] = {
-                { "log-level",                required_argument, NULL, ARG_LOG_LEVEL                },
-                { "log-target",               required_argument, NULL, ARG_LOG_TARGET               },
-                { "log-color",                optional_argument, NULL, ARG_LOG_COLOR                },
-                { "log-location",             optional_argument, NULL, ARG_LOG_LOCATION             },
-                { "unit",                     required_argument, NULL, ARG_UNIT                     },
-                { "system",                   no_argument,       NULL, ARG_SYSTEM                   },
-                { "user",                     no_argument,       NULL, ARG_USER                     },
-                { "test",                     no_argument,       NULL, ARG_TEST                     },
-                { "no-pager",                 no_argument,       NULL, ARG_NO_PAGER                 },
-                { "help",                     no_argument,       NULL, 'h'                          },
-                { "version",                  no_argument,       NULL, ARG_VERSION                  },
-                { "dump-configuration-items", no_argument,       NULL, ARG_DUMP_CONFIGURATION_ITEMS },
-                { "dump-core",                optional_argument, NULL, ARG_DUMP_CORE                },
-                { "crash-chvt",               required_argument, NULL, ARG_CRASH_CHVT               },
-                { "crash-shell",              optional_argument, NULL, ARG_CRASH_SHELL              },
-                { "crash-reboot",             optional_argument, NULL, ARG_CRASH_REBOOT             },
-                { "confirm-spawn",            optional_argument, NULL, ARG_CONFIRM_SPAWN            },
-                { "show-status",              optional_argument, NULL, ARG_SHOW_STATUS              },
-                { "deserialize",              required_argument, NULL, ARG_DESERIALIZE              },
-                { "switched-root",            no_argument,       NULL, ARG_SWITCHED_ROOT            },
-                { "default-standard-output",  required_argument, NULL, ARG_DEFAULT_STD_OUTPUT,      },
-                { "default-standard-error",   required_argument, NULL, ARG_DEFAULT_STD_ERROR,       },
-                { "machine-id",               required_argument, NULL, ARG_MACHINE_ID               },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 1);
-        assert(argv);
-
-        if (getpid() == 1)
-                opterr = 0;
-
-        while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case ARG_LOG_LEVEL:
-                        r = log_set_max_level_from_string(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse log level %s.", optarg);
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_LOG_TARGET:
-                        r = log_set_target_from_string(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse log target %s.", optarg);
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_LOG_COLOR:
-
-                        if (optarg) {
-                                r = log_show_color_from_string(optarg);
-                                if (r < 0) {
-                                        log_error("Failed to parse log color setting %s.", optarg);
-                                        return r;
-                                }
-                        } else
-                                log_show_color(true);
-
-                        break;
-
-                case ARG_LOG_LOCATION:
-                        if (optarg) {
-                                r = log_show_location_from_string(optarg);
-                                if (r < 0) {
-                                        log_error("Failed to parse log location setting %s.", optarg);
-                                        return r;
-                                }
-                        } else
-                                log_show_location(true);
-
-                        break;
-
-                case ARG_DEFAULT_STD_OUTPUT:
-                        r = exec_output_from_string(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse default standard output setting %s.", optarg);
-                                return r;
-                        } else
-                                arg_default_std_output = r;
-                        break;
-
-                case ARG_DEFAULT_STD_ERROR:
-                        r = exec_output_from_string(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse default standard error output setting %s.", optarg);
-                                return r;
-                        } else
-                                arg_default_std_error = r;
-                        break;
-
-                case ARG_UNIT:
-
-                        r = free_and_strdup(&arg_default_unit, optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to set default unit %s: %m", optarg);
-
-                        break;
-
-                case ARG_SYSTEM:
-                        arg_system = true;
-                        break;
-
-                case ARG_USER:
-                        arg_system = false;
-                        break;
-
-                case ARG_TEST:
-                        arg_action = ACTION_TEST;
-                        break;
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_VERSION:
-                        arg_action = ACTION_VERSION;
-                        break;
-
-                case ARG_DUMP_CONFIGURATION_ITEMS:
-                        arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
-                        break;
-
-                case ARG_DUMP_CORE:
-                        if (!optarg)
-                                arg_dump_core = true;
-                        else {
-                                r = parse_boolean(optarg);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse dump core boolean: %s", optarg);
-                                arg_dump_core = r;
-                        }
-                        break;
-
-                case ARG_CRASH_CHVT:
-                        r = parse_crash_chvt(optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse crash virtual terminal index: %s", optarg);
-                        break;
-
-                case ARG_CRASH_SHELL:
-                        if (!optarg)
-                                arg_crash_shell = true;
-                        else {
-                                r = parse_boolean(optarg);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
-                                arg_crash_shell = r;
-                        }
-                        break;
-
-                case ARG_CRASH_REBOOT:
-                        if (!optarg)
-                                arg_crash_reboot = true;
-                        else {
-                                r = parse_boolean(optarg);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
-                                arg_crash_reboot = r;
-                        }
-                        break;
-
-                case ARG_CONFIRM_SPAWN:
-                        r = optarg ? parse_boolean(optarg) : 1;
-                        if (r < 0) {
-                                log_error("Failed to parse confirm spawn boolean %s.", optarg);
-                                return r;
-                        }
-                        arg_confirm_spawn = r;
-                        break;
-
-                case ARG_SHOW_STATUS:
-                        if (optarg) {
-                                r = parse_show_status(optarg, &arg_show_status);
-                                if (r < 0) {
-                                        log_error("Failed to parse show status boolean %s.", optarg);
-                                        return r;
-                                }
-                        } else
-                                arg_show_status = SHOW_STATUS_YES;
-                        break;
-
-                case ARG_DESERIALIZE: {
-                        int fd;
-                        FILE *f;
-
-                        r = safe_atoi(optarg, &fd);
-                        if (r < 0 || fd < 0) {
-                                log_error("Failed to parse deserialize option %s.", optarg);
-                                return -EINVAL;
-                        }
-
-                        (void) fd_cloexec(fd, true);
-
-                        f = fdopen(fd, "r");
-                        if (!f)
-                                return log_error_errno(errno, "Failed to open serialization fd: %m");
-
-                        safe_fclose(arg_serialization);
-                        arg_serialization = f;
-
-                        break;
-                }
-
-                case ARG_SWITCHED_ROOT:
-                        arg_switched_root = true;
-                        break;
-
-                case ARG_MACHINE_ID:
-                        r = set_machine_id(optarg);
-                        if (r < 0) {
-                                log_error("MachineID '%s' is not valid.", optarg);
-                                return r;
-                        }
-                        break;
-
-                case 'h':
-                        arg_action = ACTION_HELP;
-                        break;
-
-                case 'D':
-                        log_set_max_level(LOG_DEBUG);
-                        break;
-
-                case 'b':
-                case 's':
-                case 'z':
-                        /* Just to eat away the sysvinit kernel
-                         * cmdline args without getopt() error
-                         * messages that we'll parse in
-                         * parse_proc_cmdline_word() or ignore. */
-
-                case '?':
-                        if (getpid() != 1)
-                                return -EINVAL;
-                        else
-                                return 0;
-
-                default:
-                        assert_not_reached("Unhandled option code.");
-                }
-
-        if (optind < argc && getpid() != 1) {
-                /* Hmm, when we aren't run as init system
-                 * let's complain about excess arguments */
-
-                log_error("Excess arguments.");
-                return -EINVAL;
-        }
-
-        return 0;
-}
-
-static int help(void) {
-
-        printf("%s [OPTIONS...]\n\n"
-               "Starts up and maintains the system or user services.\n\n"
-               "  -h --help                      Show this help\n"
-               "     --test                      Determine startup sequence, dump it and exit\n"
-               "     --no-pager                  Do not pipe output into a pager\n"
-               "     --dump-configuration-items  Dump understood unit configuration items\n"
-               "     --unit=UNIT                 Set default unit\n"
-               "     --system                    Run a system instance, even if PID != 1\n"
-               "     --user                      Run a user instance\n"
-               "     --dump-core[=BOOL]          Dump core on crash\n"
-               "     --crash-vt=NR               Change to specified VT on crash\n"
-               "     --crash-reboot[=BOOL]       Reboot on crash\n"
-               "     --crash-shell[=BOOL]        Run shell on crash\n"
-               "     --confirm-spawn[=BOOL]      Ask for confirmation when spawning processes\n"
-               "     --show-status[=BOOL]        Show status updates on the console during bootup\n"
-               "     --log-target=TARGET         Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
-               "     --log-level=LEVEL           Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
-               "     --log-color[=BOOL]          Highlight important log messages\n"
-               "     --log-location[=BOOL]       Include code location in log messages\n"
-               "     --default-standard-output=  Set default standard output for services\n"
-               "     --default-standard-error=   Set default standard error output for services\n",
-               program_invocation_short_name);
-
-        return 0;
-}
-
-static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
-        _cleanup_fdset_free_ FDSet *fds = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(m);
-        assert(_f);
-        assert(_fds);
-
-        r = manager_open_serialization(m, &f);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create serialization file: %m");
-
-        /* Make sure nothing is really destructed when we shut down */
-        m->n_reloading++;
-        bus_manager_send_reloading(m, true);
-
-        fds = fdset_new();
-        if (!fds)
-                return log_oom();
-
-        r = manager_serialize(m, f, fds, switching_root);
-        if (r < 0)
-                return log_error_errno(r, "Failed to serialize state: %m");
-
-        if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
-                return log_error_errno(errno, "Failed to rewind serialization fd: %m");
-
-        r = fd_cloexec(fileno(f), false);
-        if (r < 0)
-                return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
-
-        r = fdset_cloexec(fds, false);
-        if (r < 0)
-                return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
-
-        *_f = f;
-        *_fds = fds;
-
-        f = NULL;
-        fds = NULL;
-
-        return 0;
-}
-
-static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
-        struct rlimit nl;
-        int r;
-
-        assert(saved_rlimit);
-
-        /* Save the original RLIMIT_NOFILE so that we can reset it
-         * later when transitioning from the initrd to the main
-         * systemd or suchlike. */
-        if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0)
-                return log_error_errno(errno, "Reading RLIMIT_NOFILE failed: %m");
-
-        /* Make sure forked processes get the default kernel setting */
-        if (!arg_default_rlimit[RLIMIT_NOFILE]) {
-                struct rlimit *rl;
-
-                rl = newdup(struct rlimit, saved_rlimit, 1);
-                if (!rl)
-                        return log_oom();
-
-                arg_default_rlimit[RLIMIT_NOFILE] = rl;
-        }
-
-        /* Bump up the resource limit for ourselves substantially */
-        nl.rlim_cur = nl.rlim_max = 64*1024;
-        r = setrlimit_closest(RLIMIT_NOFILE, &nl);
-        if (r < 0)
-                return log_error_errno(r, "Setting RLIMIT_NOFILE failed: %m");
-
-        return 0;
-}
-
-static void test_usr(void) {
-
-        /* Check that /usr is not a separate fs */
-
-        if (dir_is_empty("/usr") <= 0)
-                return;
-
-        log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
-                    "Some things will probably break (sometimes even silently) in mysterious ways. "
-                    "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
-}
-
-static int initialize_join_controllers(void) {
-        /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
-         * + "net_prio". We'd like to add "cpuset" to the mix, but
-         * "cpuset" doesn't really work for groups with no initialized
-         * attributes. */
-
-        arg_join_controllers = new(char**, 3);
-        if (!arg_join_controllers)
-                return -ENOMEM;
-
-        arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
-        if (!arg_join_controllers[0])
-                goto oom;
-
-        arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
-        if (!arg_join_controllers[1])
-                goto oom;
-
-        arg_join_controllers[2] = NULL;
-        return 0;
-
-oom:
-        arg_join_controllers = strv_free_free(arg_join_controllers);
-        return -ENOMEM;
-}
-
-static int enforce_syscall_archs(Set *archs) {
-#ifdef HAVE_SECCOMP
-        scmp_filter_ctx *seccomp;
-        Iterator i;
-        void *id;
-        int r;
-
-        seccomp = seccomp_init(SCMP_ACT_ALLOW);
-        if (!seccomp)
-                return log_oom();
-
-        SET_FOREACH(id, arg_syscall_archs, i) {
-                r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
-                if (r == -EEXIST)
-                        continue;
-                if (r < 0) {
-                        log_error_errno(r, "Failed to add architecture to seccomp: %m");
-                        goto finish;
-                }
-        }
-
-        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
-        if (r < 0) {
-                log_error_errno(r, "Failed to unset NO_NEW_PRIVS: %m");
-                goto finish;
-        }
-
-        r = seccomp_load(seccomp);
-        if (r < 0)
-                log_error_errno(r, "Failed to add install architecture seccomp: %m");
-
-finish:
-        seccomp_release(seccomp);
-        return r;
-#else
-        return 0;
-#endif
-}
-
-static int status_welcome(void) {
-        _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
-        int r;
-
-        r = parse_env_file("/etc/os-release", NEWLINE,
-                           "PRETTY_NAME", &pretty_name,
-                           "ANSI_COLOR", &ansi_color,
-                           NULL);
-        if (r == -ENOENT)
-                r = parse_env_file("/usr/lib/os-release", NEWLINE,
-                                   "PRETTY_NAME", &pretty_name,
-                                   "ANSI_COLOR", &ansi_color,
-                                   NULL);
-
-        if (r < 0 && r != -ENOENT)
-                log_warning_errno(r, "Failed to read os-release file: %m");
-
-        if (log_get_show_color())
-                return status_printf(NULL, false, false,
-                                     "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
-                                     isempty(ansi_color) ? "1" : ansi_color,
-                                     isempty(pretty_name) ? "GNU/Linux" : pretty_name);
-        else
-                return status_printf(NULL, false, false,
-                                     "\nWelcome to %s!\n",
-                                     isempty(pretty_name) ? "GNU/Linux" : pretty_name);
-}
-
-static int write_container_id(void) {
-        const char *c;
-        int r;
-
-        c = getenv("container");
-        if (isempty(c))
-                return 0;
-
-        RUN_WITH_UMASK(0022)
-                r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
-
-        return 1;
-}
-
-static int bump_unix_max_dgram_qlen(void) {
-        _cleanup_free_ char *qlen = NULL;
-        unsigned long v;
-        int r;
-
-        /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
-         * default of 16 is simply too low. We set the value really
-         * really early during boot, so that it is actually applied to
-         * all our sockets, including the $NOTIFY_SOCKET one. */
-
-        r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
-
-        r = safe_atolu(qlen, &v);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
-
-        if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
-                return 0;
-
-        qlen = mfree(qlen);
-        if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0)
-                return log_oom();
-
-        r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0);
-        if (r < 0)
-                return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
-                                      "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
-
-        return 1;
-}
-
-int main(int argc, char *argv[]) {
-        Manager *m = NULL;
-        int r, retval = EXIT_FAILURE;
-        usec_t before_startup, after_startup;
-        char timespan[FORMAT_TIMESPAN_MAX];
-        FDSet *fds = NULL;
-        bool reexecute = false;
-        const char *shutdown_verb = NULL;
-        dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL;
-        dual_timestamp userspace_timestamp = DUAL_TIMESTAMP_NULL;
-        dual_timestamp kernel_timestamp = DUAL_TIMESTAMP_NULL;
-        dual_timestamp security_start_timestamp = DUAL_TIMESTAMP_NULL;
-        dual_timestamp security_finish_timestamp = DUAL_TIMESTAMP_NULL;
-        static char systemd[] = "systemd";
-        bool skip_setup = false;
-        unsigned j;
-        bool loaded_policy = false;
-        bool arm_reboot_watchdog = false;
-        bool queue_default_job = false;
-        bool empty_etc = false;
-        char *switch_root_dir = NULL, *switch_root_init = NULL;
-        struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0);
-        const char *error_message = NULL;
-
-#ifdef HAVE_SYSV_COMPAT
-        if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {
-                /* This is compatibility support for SysV, where
-                 * calling init as a user is identical to telinit. */
-
-                execv(SYSTEMCTL_BINARY_PATH, argv);
-                log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
-                return 1;
-        }
-#endif
-
-        dual_timestamp_from_monotonic(&kernel_timestamp, 0);
-        dual_timestamp_get(&userspace_timestamp);
-
-        /* Determine if this is a reexecution or normal bootup. We do
-         * the full command line parsing much later, so let's just
-         * have a quick peek here. */
-        if (strv_find(argv+1, "--deserialize"))
-                skip_setup = true;
-
-        /* If we have switched root, do all the special setup
-         * things */
-        if (strv_find(argv+1, "--switched-root"))
-                skip_setup = false;
-
-        /* If we get started via the /sbin/init symlink then we are
-           called 'init'. After a subsequent reexecution we are then
-           called 'systemd'. That is confusing, hence let's call us
-           systemd right-away. */
-        program_invocation_short_name = systemd;
-        prctl(PR_SET_NAME, systemd);
-
-        saved_argv = argv;
-        saved_argc = argc;
-
-        log_show_color(colors_enabled());
-        log_set_upgrade_syslog_to_journal(true);
-
-        /* Disable the umask logic */
-        if (getpid() == 1)
-                umask(0);
-
-        if (getpid() == 1 && detect_container() <= 0) {
-
-                /* Running outside of a container as PID 1 */
-                arg_system = true;
-                make_null_stdio();
-                log_set_target(LOG_TARGET_KMSG);
-                log_open();
-
-                if (in_initrd())
-                        initrd_timestamp = userspace_timestamp;
-
-                if (!skip_setup) {
-                        r = mount_setup_early();
-                        if (r < 0) {
-                                error_message = "Failed to early mount API filesystems";
-                                goto finish;
-                        }
-                        dual_timestamp_get(&security_start_timestamp);
-                        if (mac_selinux_setup(&loaded_policy) < 0) {
-                                error_message = "Failed to load SELinux policy";
-                                goto finish;
-                        } else if (ima_setup() < 0) {
-                                error_message = "Failed to load IMA policy";
-                                goto finish;
-                        } else if (mac_smack_setup(&loaded_policy) < 0) {
-                                error_message = "Failed to load SMACK policy";
-                                goto finish;
-                        }
-                        dual_timestamp_get(&security_finish_timestamp);
-                }
-
-                if (mac_selinux_init() < 0) {
-                        error_message = "Failed to initialize SELinux policy";
-                        goto finish;
-                }
-
-                if (!skip_setup) {
-                        if (clock_is_localtime(NULL) > 0) {
-                                int min;
-
-                                /*
-                                 * The very first call of settimeofday() also does a time warp in the kernel.
-                                 *
-                                 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on
-                                 * external tools to take care of maintaining the RTC and do all adjustments.
-                                 * This matches the behavior of Windows, which leaves the RTC alone if the
-                                 * registry tells that the RTC runs in UTC.
-                                 */
-                                r = clock_set_timezone(&min);
-                                if (r < 0)
-                                        log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
-                                else
-                                        log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
-                        } else if (!in_initrd()) {
-                                /*
-                                 * Do a dummy very first call to seal the kernel's time warp magic.
-                                 *
-                                 * Do not call this this from inside the initrd. The initrd might not
-                                 * carry /etc/adjtime with LOCAL, but the real system could be set up
-                                 * that way. In such case, we need to delay the time-warp or the sealing
-                                 * until we reach the real system.
-                                 *
-                                 * Do no set the kernel's timezone. The concept of local time cannot
-                                 * be supported reliably, the time will jump or be incorrect at every daylight
-                                 * saving time change. All kernel local time concepts will be treated
-                                 * as UTC that way.
-                                 */
-                                (void) clock_reset_timewarp();
-                        }
-
-                        r = clock_apply_epoch();
-                        if (r < 0)
-                                log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
-                        else if (r > 0)
-                                log_info("System time before build time, advancing clock.");
-                }
-
-                /* Set the default for later on, but don't actually
-                 * open the logs like this for now. Note that if we
-                 * are transitioning from the initrd there might still
-                 * be journal fd open, and we shouldn't attempt
-                 * opening that before we parsed /proc/cmdline which
-                 * might redirect output elsewhere. */
-                log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
-
-        } else if (getpid() == 1) {
-                /* Running inside a container, as PID 1 */
-                arg_system = true;
-                log_set_target(LOG_TARGET_CONSOLE);
-                log_close_console(); /* force reopen of /dev/console */
-                log_open();
-
-                /* For the later on, see above... */
-                log_set_target(LOG_TARGET_JOURNAL);
-
-                /* clear the kernel timestamp,
-                 * because we are in a container */
-                kernel_timestamp = DUAL_TIMESTAMP_NULL;
-        } else {
-                /* Running as user instance */
-                arg_system = false;
-                log_set_target(LOG_TARGET_AUTO);
-                log_open();
-
-                /* clear the kernel timestamp,
-                 * because we are not PID 1 */
-                kernel_timestamp = DUAL_TIMESTAMP_NULL;
-        }
-
-        if (getpid() == 1) {
-                /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
-                 * will process core dumps for system services by default. */
-                (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
-
-                /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
-                 * until the systemd-coredump tool is enabled via sysctl. */
-                if (!skip_setup)
-                        (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
-        }
-
-        /* Initialize default unit */
-        r = free_and_strdup(&arg_default_unit, SPECIAL_DEFAULT_TARGET);
-        if (r < 0) {
-                log_emergency_errno(r, "Failed to set default unit %s: %m", SPECIAL_DEFAULT_TARGET);
-                error_message = "Failed to set default unit";
-                goto finish;
-        }
-
-        r = initialize_join_controllers();
-        if (r < 0) {
-                error_message = "Failed to initialize cgroup controllers";
-                goto finish;
-        }
-
-        /* Mount /proc, /sys and friends, so that /proc/cmdline and
-         * /proc/$PID/fd is available. */
-        if (getpid() == 1) {
-
-                /* Load the kernel modules early, so that we kdbus.ko is loaded before kdbusfs shall be mounted */
-                if (!skip_setup)
-                        kmod_setup();
-
-                r = mount_setup(loaded_policy);
-                if (r < 0) {
-                        error_message = "Failed to mount API filesystems";
-                        goto finish;
-                }
-        }
-
-        /* Reset all signal handlers. */
-        (void) reset_all_signal_handlers();
-        (void) ignore_signals(SIGNALS_IGNORE, -1);
-
-        if (parse_config_file() < 0) {
-                error_message = "Failed to parse config file";
-                goto finish;
-        }
-
-        if (arg_system) {
-                r = parse_proc_cmdline(parse_proc_cmdline_item);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
-        }
-
-        /* Note that this also parses bits from the kernel command
-         * line, including "debug". */
-        log_parse_environment();
-
-        if (parse_argv(argc, argv) < 0) {
-                error_message = "Failed to parse commandline arguments";
-                goto finish;
-        }
-
-        if (arg_action == ACTION_TEST &&
-            geteuid() == 0) {
-                log_error("Don't run test mode as root.");
-                goto finish;
-        }
-
-        if (!arg_system &&
-            arg_action == ACTION_RUN &&
-            sd_booted() <= 0) {
-                log_error("Trying to run as user instance, but the system has not been booted with systemd.");
-                goto finish;
-        }
-
-        if (arg_system &&
-            arg_action == ACTION_RUN &&
-            running_in_chroot() > 0) {
-                log_error("Cannot be run in a chroot() environment.");
-                goto finish;
-        }
-
-        if (arg_action == ACTION_TEST)
-                skip_setup = true;
-
-        if (arg_action == ACTION_TEST || arg_action == ACTION_HELP)
-                pager_open(arg_no_pager, false);
-
-        if (arg_action == ACTION_HELP) {
-                retval = help();
-                goto finish;
-        } else if (arg_action == ACTION_VERSION) {
-                retval = version();
-                goto finish;
-        } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
-                unit_dump_config_items(stdout);
-                retval = EXIT_SUCCESS;
-                goto finish;
-        } else if (arg_action == ACTION_DONE) {
-                retval = EXIT_SUCCESS;
-                goto finish;
-        }
-
-        if (!arg_system &&
-            !getenv("XDG_RUNTIME_DIR")) {
-                log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
-                goto finish;
-        }
-
-        assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST);
-
-        /* Close logging fds, in order not to confuse fdset below */
-        log_close();
-
-        /* Remember open file descriptors for later deserialization */
-        r = fdset_new_fill(&fds);
-        if (r < 0) {
-                log_emergency_errno(r, "Failed to allocate fd set: %m");
-                error_message = "Failed to allocate fd set";
-                goto finish;
-        } else
-                fdset_cloexec(fds, true);
-
-        if (arg_serialization)
-                assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
-
-        if (arg_system)
-                /* Become a session leader if we aren't one yet. */
-                setsid();
-
-        /* Move out of the way, so that we won't block unmounts */
-        assert_se(chdir("/") == 0);
-
-        /* Reset the console, but only if this is really init and we
-         * are freshly booted */
-        if (arg_system && arg_action == ACTION_RUN) {
-
-                /* If we are init, we connect stdin/stdout/stderr to
-                 * /dev/null and make sure we don't have a controlling
-                 * tty. */
-                release_terminal();
-
-                if (getpid() == 1 && !skip_setup)
-                        console_setup();
-        }
-
-        /* Open the logging devices, if possible and necessary */
-        log_open();
-
-        if (arg_show_status == _SHOW_STATUS_UNSET)
-                arg_show_status = SHOW_STATUS_YES;
-
-        /* Make sure we leave a core dump without panicing the
-         * kernel. */
-        if (getpid() == 1) {
-                install_crash_handler();
-
-                r = mount_cgroup_controllers(arg_join_controllers);
-                if (r < 0)
-                        goto finish;
-        }
-
-        if (arg_system) {
-                int v;
-
-                log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
-                         arg_action == ACTION_TEST ? "test " : "" );
-
-                v = detect_virtualization();
-                if (v > 0)
-                        log_info("Detected virtualization %s.", virtualization_to_string(v));
-
-                write_container_id();
-
-                log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
-
-                if (in_initrd())
-                        log_info("Running in initial RAM disk.");
-
-                /* Let's check whether /etc is already populated. We
-                 * don't actually really check for that, but use
-                 * /etc/machine-id as flag file. This allows container
-                 * managers and installers to provision a couple of
-                 * files already. If the container manager wants to
-                 * provision the machine ID itself it should pass
-                 * $container_uuid to PID 1. */
-
-                empty_etc = access("/etc/machine-id", F_OK) < 0;
-                if (empty_etc)
-                        log_info("Running with unpopulated /etc.");
-        } else {
-                _cleanup_free_ char *t;
-
-                t = uid_to_name(getuid());
-                log_debug(PACKAGE_STRING " running in %suser mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")",
-                          arg_action == ACTION_TEST ? " test" : "", getuid(), t);
-        }
-
-        if (arg_system && !skip_setup) {
-                if (arg_show_status > 0)
-                        status_welcome();
-
-                hostname_setup();
-                machine_id_setup(NULL, arg_machine_id);
-                loopback_setup();
-                bump_unix_max_dgram_qlen();
-
-                test_usr();
-        }
-
-        if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
-                watchdog_set_timeout(&arg_runtime_watchdog);
-
-        if (arg_timer_slack_nsec != NSEC_INFINITY)
-                if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
-                        log_error_errno(errno, "Failed to adjust timer slack: %m");
-
-        if (!cap_test_all(arg_capability_bounding_set)) {
-                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
-                if (r < 0) {
-                        log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
-                        error_message = "Failed to drop capability bounding set of usermode helpers";
-                        goto finish;
-                }
-                r = capability_bounding_set_drop(arg_capability_bounding_set, true);
-                if (r < 0) {
-                        log_emergency_errno(r, "Failed to drop capability bounding set: %m");
-                        error_message = "Failed to drop capability bounding set";
-                        goto finish;
-                }
-        }
-
-        if (arg_syscall_archs) {
-                r = enforce_syscall_archs(arg_syscall_archs);
-                if (r < 0) {
-                        error_message = "Failed to set syscall architectures";
-                        goto finish;
-                }
-        }
-
-        if (!arg_system)
-                /* Become reaper of our children */
-                if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
-                        log_warning_errno(errno, "Failed to make us a subreaper: %m");
-
-        if (arg_system) {
-                bump_rlimit_nofile(&saved_rlimit_nofile);
-
-                if (empty_etc) {
-                        r = unit_file_preset_all(UNIT_FILE_SYSTEM, false, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, false, NULL, 0);
-                        if (r < 0)
-                                log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r, "Failed to populate /etc with preset unit settings, ignoring: %m");
-                        else
-                                log_info("Populated /etc with preset unit settings.");
-                }
-        }
-
-        r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m);
-        if (r < 0) {
-                log_emergency_errno(r, "Failed to allocate manager object: %m");
-                error_message = "Failed to allocate manager object";
-                goto finish;
-        }
-
-        m->confirm_spawn = arg_confirm_spawn;
-        m->runtime_watchdog = arg_runtime_watchdog;
-        m->shutdown_watchdog = arg_shutdown_watchdog;
-        m->userspace_timestamp = userspace_timestamp;
-        m->kernel_timestamp = kernel_timestamp;
-        m->initrd_timestamp = initrd_timestamp;
-        m->security_start_timestamp = security_start_timestamp;
-        m->security_finish_timestamp = security_finish_timestamp;
-
-        manager_set_defaults(m);
-        manager_set_show_status(m, arg_show_status);
-        manager_set_first_boot(m, empty_etc);
-
-        /* Remember whether we should queue the default job */
-        queue_default_job = !arg_serialization || arg_switched_root;
-
-        before_startup = now(CLOCK_MONOTONIC);
-
-        r = manager_startup(m, arg_serialization, fds);
-        if (r < 0)
-                log_error_errno(r, "Failed to fully start up daemon: %m");
-
-        /* This will close all file descriptors that were opened, but
-         * not claimed by any unit. */
-        fds = fdset_free(fds);
-
-        arg_serialization = safe_fclose(arg_serialization);
-
-        if (queue_default_job) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                Unit *target = NULL;
-                Job *default_unit_job;
-
-                log_debug("Activating default unit: %s", arg_default_unit);
-
-                r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
-                if (r < 0)
-                        log_error("Failed to load default target: %s", bus_error_message(&error, r));
-                else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND)
-                        log_error_errno(target->load_error, "Failed to load default target: %m");
-                else if (target->load_state == UNIT_MASKED)
-                        log_error("Default target masked.");
-
-                if (!target || target->load_state != UNIT_LOADED) {
-                        log_info("Trying to load rescue target...");
-
-                        r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
-                        if (r < 0) {
-                                log_emergency("Failed to load rescue target: %s", bus_error_message(&error, r));
-                                error_message = "Failed to load rescue target";
-                                goto finish;
-                        } else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND) {
-                                log_emergency_errno(target->load_error, "Failed to load rescue target: %m");
-                                error_message = "Failed to load rescue target";
-                                goto finish;
-                        } else if (target->load_state == UNIT_MASKED) {
-                                log_emergency("Rescue target masked.");
-                                error_message = "Rescue target masked";
-                                goto finish;
-                        }
-                }
-
-                assert(target->load_state == UNIT_LOADED);
-
-                if (arg_action == ACTION_TEST) {
-                        printf("-> By units:\n");
-                        manager_dump_units(m, stdout, "\t");
-                }
-
-                r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, &error, &default_unit_job);
-                if (r == -EPERM) {
-                        log_debug("Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
-
-                        sd_bus_error_free(&error);
-
-                        r = manager_add_job(m, JOB_START, target, JOB_REPLACE, &error, &default_unit_job);
-                        if (r < 0) {
-                                log_emergency("Failed to start default target: %s", bus_error_message(&error, r));
-                                error_message = "Failed to start default target";
-                                goto finish;
-                        }
-                } else if (r < 0) {
-                        log_emergency("Failed to isolate default target: %s", bus_error_message(&error, r));
-                        error_message = "Failed to isolate default target";
-                        goto finish;
-                }
-
-                m->default_unit_job_id = default_unit_job->id;
-
-                after_startup = now(CLOCK_MONOTONIC);
-                log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
-                         "Loaded units and determined initial transaction in %s.",
-                         format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
-
-                if (arg_action == ACTION_TEST) {
-                        printf("-> By jobs:\n");
-                        manager_dump_jobs(m, stdout, "\t");
-                        retval = EXIT_SUCCESS;
-                        goto finish;
-                }
-        }
-
-        for (;;) {
-                r = manager_loop(m);
-                if (r < 0) {
-                        log_emergency_errno(r, "Failed to run main loop: %m");
-                        error_message = "Failed to run main loop";
-                        goto finish;
-                }
-
-                switch (m->exit_code) {
-
-                case MANAGER_RELOAD:
-                        log_info("Reloading.");
-
-                        r = parse_config_file();
-                        if (r < 0)
-                                log_error("Failed to parse config file.");
-
-                        manager_set_defaults(m);
-
-                        r = manager_reload(m);
-                        if (r < 0)
-                                log_error_errno(r, "Failed to reload: %m");
-                        break;
-
-                case MANAGER_REEXECUTE:
-
-                        if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0) {
-                                error_message = "Failed to prepare for reexecution";
-                                goto finish;
-                        }
-
-                        reexecute = true;
-                        log_notice("Reexecuting.");
-                        goto finish;
-
-                case MANAGER_SWITCH_ROOT:
-                        /* Steal the switch root parameters */
-                        switch_root_dir = m->switch_root;
-                        switch_root_init = m->switch_root_init;
-                        m->switch_root = m->switch_root_init = NULL;
-
-                        if (!switch_root_init)
-                                if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0) {
-                                        error_message = "Failed to prepare for reexecution";
-                                        goto finish;
-                                }
-
-                        reexecute = true;
-                        log_notice("Switching root.");
-                        goto finish;
-
-                case MANAGER_EXIT:
-                        retval = m->return_value;
-
-                        if (MANAGER_IS_USER(m)) {
-                                log_debug("Exit.");
-                                goto finish;
-                        }
-
-                        /* fallthrough */
-                case MANAGER_REBOOT:
-                case MANAGER_POWEROFF:
-                case MANAGER_HALT:
-                case MANAGER_KEXEC: {
-                        static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
-                                [MANAGER_EXIT] = "exit",
-                                [MANAGER_REBOOT] = "reboot",
-                                [MANAGER_POWEROFF] = "poweroff",
-                                [MANAGER_HALT] = "halt",
-                                [MANAGER_KEXEC] = "kexec"
-                        };
-
-                        assert_se(shutdown_verb = table[m->exit_code]);
-                        arm_reboot_watchdog = m->exit_code == MANAGER_REBOOT;
-
-                        log_notice("Shutting down.");
-                        goto finish;
-                }
-
-                default:
-                        assert_not_reached("Unknown exit code.");
-                }
-        }
-
-finish:
-        pager_close();
-
-        if (m)
-                arg_shutdown_watchdog = m->shutdown_watchdog;
-
-        m = manager_free(m);
-
-        for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++)
-                arg_default_rlimit[j] = mfree(arg_default_rlimit[j]);
-
-        arg_default_unit = mfree(arg_default_unit);
-        arg_join_controllers = strv_free_free(arg_join_controllers);
-        arg_default_environment = strv_free(arg_default_environment);
-        arg_syscall_archs = set_free(arg_syscall_archs);
-
-        mac_selinux_finish();
-
-        if (reexecute) {
-                const char **args;
-                unsigned i, args_size;
-
-                /* Close and disarm the watchdog, so that the new
-                 * instance can reinitialize it, but doesn't get
-                 * rebooted while we do that */
-                watchdog_close(true);
-
-                /* Reset the RLIMIT_NOFILE to the kernel default, so
-                 * that the new systemd can pass the kernel default to
-                 * its child processes */
-                if (saved_rlimit_nofile.rlim_cur > 0)
-                        (void) setrlimit(RLIMIT_NOFILE, &saved_rlimit_nofile);
-
-                if (switch_root_dir) {
-                        /* Kill all remaining processes from the
-                         * initrd, but don't wait for them, so that we
-                         * can handle the SIGCHLD for them after
-                         * deserializing. */
-                        broadcast_signal(SIGTERM, false, true);
-
-                        /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
-                        r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
-                        if (r < 0)
-                                log_error_errno(r, "Failed to switch root, trying to continue: %m");
-                }
-
-                args_size = MAX(6, argc+1);
-                args = newa(const char*, args_size);
-
-                if (!switch_root_init) {
-                        char sfd[DECIMAL_STR_MAX(int) + 1];
-
-                        /* First try to spawn ourselves with the right
-                         * path, and with full serialization. We do
-                         * this only if the user didn't specify an
-                         * explicit init to spawn. */
-
-                        assert(arg_serialization);
-                        assert(fds);
-
-                        xsprintf(sfd, "%i", fileno(arg_serialization));
-
-                        i = 0;
-                        args[i++] = SYSTEMD_BINARY_PATH;
-                        if (switch_root_dir)
-                                args[i++] = "--switched-root";
-                        args[i++] = arg_system ? "--system" : "--user";
-                        args[i++] = "--deserialize";
-                        args[i++] = sfd;
-                        args[i++] = NULL;
-
-                        /* do not pass along the environment we inherit from the kernel or initrd */
-                        if (switch_root_dir)
-                                (void) clearenv();
-
-                        assert(i <= args_size);
-
-                        /*
-                         * We want valgrind to print its memory usage summary before reexecution.
-                         * Valgrind won't do this is on its own on exec(), but it will do it on exit().
-                         * Hence, to ensure we get a summary here, fork() off a child, let it exit() cleanly,
-                         * so that it prints the summary, and wait() for it in the parent, before proceeding into the exec().
-                         */
-                        valgrind_summary_hack();
-
-                        (void) execv(args[0], (char* const*) args);
-                }
-
-                /* Try the fallback, if there is any, without any
-                 * serialization. We pass the original argv[] and
-                 * envp[]. (Well, modulo the ordering changes due to
-                 * getopt() in argv[], and some cleanups in envp[],
-                 * but let's hope that doesn't matter.) */
-
-                arg_serialization = safe_fclose(arg_serialization);
-                fds = fdset_free(fds);
-
-                /* Reopen the console */
-                (void) make_console_stdio();
-
-                for (j = 1, i = 1; j < (unsigned) argc; j++)
-                        args[i++] = argv[j];
-                args[i++] = NULL;
-                assert(i <= args_size);
-
-                /* Reenable any blocked signals, especially important
-                 * if we switch from initial ramdisk to init=... */
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-
-                if (switch_root_init) {
-                        args[0] = switch_root_init;
-                        (void) execv(args[0], (char* const*) args);
-                        log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
-                }
-
-                args[0] = "/sbin/init";
-                (void) execv(args[0], (char* const*) args);
-
-                if (errno == ENOENT) {
-                        log_warning("No /sbin/init, trying fallback");
-
-                        args[0] = "/bin/sh";
-                        args[1] = NULL;
-                        (void) execv(args[0], (char* const*) args);
-                        log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
-                } else
-                        log_warning_errno(errno, "Failed to execute /sbin/init, giving up: %m");
-        }
-
-        arg_serialization = safe_fclose(arg_serialization);
-        fds = fdset_free(fds);
-
-#ifdef HAVE_VALGRIND_VALGRIND_H
-        /* If we are PID 1 and running under valgrind, then let's exit
-         * here explicitly. valgrind will only generate nice output on
-         * exit(), not on exec(), hence let's do the former not the
-         * latter here. */
-        if (getpid() == 1 && RUNNING_ON_VALGRIND)
-                return 0;
-#endif
-
-        if (shutdown_verb) {
-                char log_level[DECIMAL_STR_MAX(int) + 1];
-                char exit_code[DECIMAL_STR_MAX(uint8_t) + 1];
-                const char* command_line[11] = {
-                        SYSTEMD_SHUTDOWN_BINARY_PATH,
-                        shutdown_verb,
-                        "--log-level", log_level,
-                        "--log-target",
-                };
-                unsigned pos = 5;
-                _cleanup_strv_free_ char **env_block = NULL;
-
-                assert(command_line[pos] == NULL);
-                env_block = strv_copy(environ);
-
-                xsprintf(log_level, "%d", log_get_max_level());
-
-                switch (log_get_target()) {
-
-                case LOG_TARGET_KMSG:
-                case LOG_TARGET_JOURNAL_OR_KMSG:
-                case LOG_TARGET_SYSLOG_OR_KMSG:
-                        command_line[pos++] = "kmsg";
-                        break;
-
-                case LOG_TARGET_NULL:
-                        command_line[pos++] = "null";
-                        break;
-
-                case LOG_TARGET_CONSOLE:
-                default:
-                        command_line[pos++] = "console";
-                        break;
-                };
-
-                if (log_get_show_color())
-                        command_line[pos++] = "--log-color";
-
-                if (log_get_show_location())
-                        command_line[pos++] = "--log-location";
-
-                if (streq(shutdown_verb, "exit")) {
-                        command_line[pos++] = "--exit-code";
-                        command_line[pos++] = exit_code;
-                        xsprintf(exit_code, "%d", retval);
-                }
-
-                assert(pos < ELEMENTSOF(command_line));
-
-                if (arm_reboot_watchdog && arg_shutdown_watchdog > 0 && arg_shutdown_watchdog != USEC_INFINITY) {
-                        char *e;
-
-                        /* If we reboot let's set the shutdown
-                         * watchdog and tell the shutdown binary to
-                         * repeatedly ping it */
-                        r = watchdog_set_timeout(&arg_shutdown_watchdog);
-                        watchdog_close(r < 0);
-
-                        /* Tell the binary how often to ping, ignore failure */
-                        if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
-                                (void) strv_push(&env_block, e);
-                } else
-                        watchdog_close(true);
-
-                /* Avoid the creation of new processes forked by the
-                 * kernel; at this point, we will not listen to the
-                 * signals anyway */
-                if (detect_container() <= 0)
-                        (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
-
-                execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
-                log_error_errno(errno, "Failed to execute shutdown binary, %s: %m",
-                          getpid() == 1 ? "freezing" : "quitting");
-        }
-
-        if (getpid() == 1) {
-                if (error_message)
-                        manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
-                                              ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
-                                              "%s, freezing.", error_message);
-                freeze_or_reboot();
-        }
-
-        return retval;
-}
diff --git a/src/core/manager.c b/src/core/manager.c
deleted file mode 100644
index 7838f56fd2..0000000000
--- a/src/core/manager.c
+++ /dev/null
@@ -1,3134 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/kd.h>
-#include <signal.h>
-#include <string.h>
-#include <sys/epoll.h>
-#include <sys/inotify.h>
-#include <sys/ioctl.h>
-#include <sys/reboot.h>
-#include <sys/timerfd.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-#ifdef HAVE_AUDIT
-#include <libaudit.h>
-#endif
-
-#include "sd-daemon.h"
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "audit-fd.h"
-#include "boot-timestamps.h"
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-kernel.h"
-#include "bus-util.h"
-#include "dbus-job.h"
-#include "dbus-manager.h"
-#include "dbus-unit.h"
-#include "dbus.h"
-#include "dirent-util.h"
-#include "env-util.h"
-#include "escape.h"
-#include "exit-status.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hashmap.h"
-#include "io-util.h"
-#include "locale-setup.h"
-#include "log.h"
-#include "macro.h"
-#include "manager.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "path-lookup.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "ratelimit.h"
-#include "rm-rf.h"
-#include "signal-util.h"
-#include "special.h"
-#include "stat-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "time-util.h"
-#include "transaction.h"
-#include "umask-util.h"
-#include "unit-name.h"
-#include "util.h"
-#include "virt.h"
-#include "watchdog.h"
-
-#define NOTIFY_RCVBUF_SIZE (8*1024*1024)
-#define CGROUPS_AGENT_RCVBUF_SIZE (8*1024*1024)
-
-/* Initial delay and the interval for printing status messages about running jobs */
-#define JOBS_IN_PROGRESS_WAIT_USEC (5*USEC_PER_SEC)
-#define JOBS_IN_PROGRESS_PERIOD_USEC (USEC_PER_SEC / 3)
-#define JOBS_IN_PROGRESS_PERIOD_DIVISOR 3
-
-static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
-static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
-static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
-static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
-static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
-static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata);
-static int manager_dispatch_run_queue(sd_event_source *source, void *userdata);
-static int manager_run_generators(Manager *m);
-
-static void manager_watch_jobs_in_progress(Manager *m) {
-        usec_t next;
-        int r;
-
-        assert(m);
-
-        if (m->jobs_in_progress_event_source)
-                return;
-
-        next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC;
-        r = sd_event_add_time(
-                        m->event,
-                        &m->jobs_in_progress_event_source,
-                        CLOCK_MONOTONIC,
-                        next, 0,
-                        manager_dispatch_jobs_in_progress, m);
-        if (r < 0)
-                return;
-
-        (void) sd_event_source_set_description(m->jobs_in_progress_event_source, "manager-jobs-in-progress");
-}
-
-#define CYLON_BUFFER_EXTRA (2*(sizeof(ANSI_RED)-1) + sizeof(ANSI_HIGHLIGHT_RED)-1 + 2*(sizeof(ANSI_NORMAL)-1))
-
-static void draw_cylon(char buffer[], size_t buflen, unsigned width, unsigned pos) {
-        char *p = buffer;
-
-        assert(buflen >= CYLON_BUFFER_EXTRA + width + 1);
-        assert(pos <= width+1); /* 0 or width+1 mean that the center light is behind the corner */
-
-        if (pos > 1) {
-                if (pos > 2)
-                        p = mempset(p, ' ', pos-2);
-                p = stpcpy(p, ANSI_RED);
-                *p++ = '*';
-        }
-
-        if (pos > 0 && pos <= width) {
-                p = stpcpy(p, ANSI_HIGHLIGHT_RED);
-                *p++ = '*';
-        }
-
-        p = stpcpy(p, ANSI_NORMAL);
-
-        if (pos < width) {
-                p = stpcpy(p, ANSI_RED);
-                *p++ = '*';
-                if (pos < width-1)
-                        p = mempset(p, ' ', width-1-pos);
-                strcpy(p, ANSI_NORMAL);
-        }
-}
-
-void manager_flip_auto_status(Manager *m, bool enable) {
-        assert(m);
-
-        if (enable) {
-                if (m->show_status == SHOW_STATUS_AUTO)
-                        manager_set_show_status(m, SHOW_STATUS_TEMPORARY);
-        } else {
-                if (m->show_status == SHOW_STATUS_TEMPORARY)
-                        manager_set_show_status(m, SHOW_STATUS_AUTO);
-        }
-}
-
-static void manager_print_jobs_in_progress(Manager *m) {
-        _cleanup_free_ char *job_of_n = NULL;
-        Iterator i;
-        Job *j;
-        unsigned counter = 0, print_nr;
-        char cylon[6 + CYLON_BUFFER_EXTRA + 1];
-        unsigned cylon_pos;
-        char time[FORMAT_TIMESPAN_MAX], limit[FORMAT_TIMESPAN_MAX] = "no limit";
-        uint64_t x;
-
-        assert(m);
-        assert(m->n_running_jobs > 0);
-
-        manager_flip_auto_status(m, true);
-
-        print_nr = (m->jobs_in_progress_iteration / JOBS_IN_PROGRESS_PERIOD_DIVISOR) % m->n_running_jobs;
-
-        HASHMAP_FOREACH(j, m->jobs, i)
-                if (j->state == JOB_RUNNING && counter++ == print_nr)
-                        break;
-
-        /* m->n_running_jobs must be consistent with the contents of m->jobs,
-         * so the above loop must have succeeded in finding j. */
-        assert(counter == print_nr + 1);
-        assert(j);
-
-        cylon_pos = m->jobs_in_progress_iteration % 14;
-        if (cylon_pos >= 8)
-                cylon_pos = 14 - cylon_pos;
-        draw_cylon(cylon, sizeof(cylon), 6, cylon_pos);
-
-        m->jobs_in_progress_iteration++;
-
-        if (m->n_running_jobs > 1) {
-                if (asprintf(&job_of_n, "(%u of %u) ", counter, m->n_running_jobs) < 0)
-                        job_of_n = NULL;
-        }
-
-        format_timespan(time, sizeof(time), now(CLOCK_MONOTONIC) - j->begin_usec, 1*USEC_PER_SEC);
-        if (job_get_timeout(j, &x) > 0)
-                format_timespan(limit, sizeof(limit), x - j->begin_usec, 1*USEC_PER_SEC);
-
-        manager_status_printf(m, STATUS_TYPE_EPHEMERAL, cylon,
-                              "%sA %s job is running for %s (%s / %s)",
-                              strempty(job_of_n),
-                              job_type_to_string(j->type),
-                              unit_description(j->unit),
-                              time, limit);
-}
-
-static int have_ask_password(void) {
-        _cleanup_closedir_ DIR *dir;
-
-        dir = opendir("/run/systemd/ask-password");
-        if (!dir) {
-                if (errno == ENOENT)
-                        return false;
-                else
-                        return -errno;
-        }
-
-        for (;;) {
-                struct dirent *de;
-
-                errno = 0;
-                de = readdir(dir);
-                if (!de && errno > 0)
-                        return -errno;
-                if (!de)
-                        return false;
-
-                if (startswith(de->d_name, "ask."))
-                        return true;
-        }
-}
-
-static int manager_dispatch_ask_password_fd(sd_event_source *source,
-                                            int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-
-        assert(m);
-
-        flush_fd(fd);
-
-        m->have_ask_password = have_ask_password();
-        if (m->have_ask_password < 0)
-                /* Log error but continue. Negative have_ask_password
-                 * is treated as unknown status. */
-                log_error_errno(m->have_ask_password, "Failed to list /run/systemd/ask-password: %m");
-
-        return 0;
-}
-
-static void manager_close_ask_password(Manager *m) {
-        assert(m);
-
-        m->ask_password_event_source = sd_event_source_unref(m->ask_password_event_source);
-        m->ask_password_inotify_fd = safe_close(m->ask_password_inotify_fd);
-        m->have_ask_password = -EINVAL;
-}
-
-static int manager_check_ask_password(Manager *m) {
-        int r;
-
-        assert(m);
-
-        if (!m->ask_password_event_source) {
-                assert(m->ask_password_inotify_fd < 0);
-
-                mkdir_p_label("/run/systemd/ask-password", 0755);
-
-                m->ask_password_inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
-                if (m->ask_password_inotify_fd < 0)
-                        return log_error_errno(errno, "inotify_init1() failed: %m");
-
-                if (inotify_add_watch(m->ask_password_inotify_fd, "/run/systemd/ask-password", IN_CREATE|IN_DELETE|IN_MOVE) < 0) {
-                        log_error_errno(errno, "Failed to add watch on /run/systemd/ask-password: %m");
-                        manager_close_ask_password(m);
-                        return -errno;
-                }
-
-                r = sd_event_add_io(m->event, &m->ask_password_event_source,
-                                    m->ask_password_inotify_fd, EPOLLIN,
-                                    manager_dispatch_ask_password_fd, m);
-                if (r < 0) {
-                        log_error_errno(errno, "Failed to add event source for /run/systemd/ask-password: %m");
-                        manager_close_ask_password(m);
-                        return -errno;
-                }
-
-                (void) sd_event_source_set_description(m->ask_password_event_source, "manager-ask-password");
-
-                /* Queries might have been added meanwhile... */
-                manager_dispatch_ask_password_fd(m->ask_password_event_source,
-                                                 m->ask_password_inotify_fd, EPOLLIN, m);
-        }
-
-        return m->have_ask_password;
-}
-
-static int manager_watch_idle_pipe(Manager *m) {
-        int r;
-
-        assert(m);
-
-        if (m->idle_pipe_event_source)
-                return 0;
-
-        if (m->idle_pipe[2] < 0)
-                return 0;
-
-        r = sd_event_add_io(m->event, &m->idle_pipe_event_source, m->idle_pipe[2], EPOLLIN, manager_dispatch_idle_pipe_fd, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to watch idle pipe: %m");
-
-        (void) sd_event_source_set_description(m->idle_pipe_event_source, "manager-idle-pipe");
-
-        return 0;
-}
-
-static void manager_close_idle_pipe(Manager *m) {
-        assert(m);
-
-        m->idle_pipe_event_source = sd_event_source_unref(m->idle_pipe_event_source);
-
-        safe_close_pair(m->idle_pipe);
-        safe_close_pair(m->idle_pipe + 2);
-}
-
-static int manager_setup_time_change(Manager *m) {
-        int r;
-
-        /* We only care for the cancellation event, hence we set the
-         * timeout to the latest possible value. */
-        struct itimerspec its = {
-                .it_value.tv_sec = TIME_T_MAX,
-        };
-
-        assert(m);
-        assert_cc(sizeof(time_t) == sizeof(TIME_T_MAX));
-
-        if (m->test_run)
-                return 0;
-
-        /* Uses TFD_TIMER_CANCEL_ON_SET to get notifications whenever
-         * CLOCK_REALTIME makes a jump relative to CLOCK_MONOTONIC */
-
-        m->time_change_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
-        if (m->time_change_fd < 0)
-                return log_error_errno(errno, "Failed to create timerfd: %m");
-
-        if (timerfd_settime(m->time_change_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0) {
-                log_debug_errno(errno, "Failed to set up TFD_TIMER_CANCEL_ON_SET, ignoring: %m");
-                m->time_change_fd = safe_close(m->time_change_fd);
-                return 0;
-        }
-
-        r = sd_event_add_io(m->event, &m->time_change_event_source, m->time_change_fd, EPOLLIN, manager_dispatch_time_change_fd, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create time change event source: %m");
-
-        (void) sd_event_source_set_description(m->time_change_event_source, "manager-time-change");
-
-        log_debug("Set up TFD_TIMER_CANCEL_ON_SET timerfd.");
-
-        return 0;
-}
-
-static int enable_special_signals(Manager *m) {
-        _cleanup_close_ int fd = -1;
-
-        assert(m);
-
-        if (m->test_run)
-                return 0;
-
-        /* Enable that we get SIGINT on control-alt-del. In containers
-         * this will fail with EPERM (older) or EINVAL (newer), so
-         * ignore that. */
-        if (reboot(RB_DISABLE_CAD) < 0 && errno != EPERM && errno != EINVAL)
-                log_warning_errno(errno, "Failed to enable ctrl-alt-del handling: %m");
-
-        fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
-        if (fd < 0) {
-                /* Support systems without virtual console */
-                if (fd != -ENOENT)
-                        log_warning_errno(errno, "Failed to open /dev/tty0: %m");
-        } else {
-                /* Enable that we get SIGWINCH on kbrequest */
-                if (ioctl(fd, KDSIGACCEPT, SIGWINCH) < 0)
-                        log_warning_errno(errno, "Failed to enable kbrequest handling: %m");
-        }
-
-        return 0;
-}
-
-static int manager_setup_signals(Manager *m) {
-        struct sigaction sa = {
-                .sa_handler = SIG_DFL,
-                .sa_flags = SA_NOCLDSTOP|SA_RESTART,
-        };
-        sigset_t mask;
-        int r;
-
-        assert(m);
-
-        assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);
-
-        /* We make liberal use of realtime signals here. On
-         * Linux/glibc we have 30 of them (with the exception of Linux
-         * on hppa, see below), between SIGRTMIN+0 ... SIGRTMIN+30
-         * (aka SIGRTMAX). */
-
-        assert_se(sigemptyset(&mask) == 0);
-        sigset_add_many(&mask,
-                        SIGCHLD,     /* Child died */
-                        SIGTERM,     /* Reexecute daemon */
-                        SIGHUP,      /* Reload configuration */
-                        SIGUSR1,     /* systemd/upstart: reconnect to D-Bus */
-                        SIGUSR2,     /* systemd: dump status */
-                        SIGINT,      /* Kernel sends us this on control-alt-del */
-                        SIGWINCH,    /* Kernel sends us this on kbrequest (alt-arrowup) */
-                        SIGPWR,      /* Some kernel drivers and upsd send us this on power failure */
-
-                        SIGRTMIN+0,  /* systemd: start default.target */
-                        SIGRTMIN+1,  /* systemd: isolate rescue.target */
-                        SIGRTMIN+2,  /* systemd: isolate emergency.target */
-                        SIGRTMIN+3,  /* systemd: start halt.target */
-                        SIGRTMIN+4,  /* systemd: start poweroff.target */
-                        SIGRTMIN+5,  /* systemd: start reboot.target */
-                        SIGRTMIN+6,  /* systemd: start kexec.target */
-
-                        /* ... space for more special targets ... */
-
-                        SIGRTMIN+13, /* systemd: Immediate halt */
-                        SIGRTMIN+14, /* systemd: Immediate poweroff */
-                        SIGRTMIN+15, /* systemd: Immediate reboot */
-                        SIGRTMIN+16, /* systemd: Immediate kexec */
-
-                        /* ... space for more immediate system state changes ... */
-
-                        SIGRTMIN+20, /* systemd: enable status messages */
-                        SIGRTMIN+21, /* systemd: disable status messages */
-                        SIGRTMIN+22, /* systemd: set log level to LOG_DEBUG */
-                        SIGRTMIN+23, /* systemd: set log level to LOG_INFO */
-                        SIGRTMIN+24, /* systemd: Immediate exit (--user only) */
-
-                        /* .. one free signal here ... */
-
-#if !defined(__hppa64__) && !defined(__hppa__)
-                        /* Apparently Linux on hppa has fewer RT
-                         * signals (SIGRTMAX is SIGRTMIN+25 there),
-                         * hence let's not try to make use of them
-                         * here. Since these commands are accessible
-                         * by different means and only really a safety
-                         * net, the missing functionality on hppa
-                         * shouldn't matter. */
-
-                        SIGRTMIN+26, /* systemd: set log target to journal-or-kmsg */
-                        SIGRTMIN+27, /* systemd: set log target to console */
-                        SIGRTMIN+28, /* systemd: set log target to kmsg */
-                        SIGRTMIN+29, /* systemd: set log target to syslog-or-kmsg (obsolete) */
-
-                        /* ... one free signal here SIGRTMIN+30 ... */
-#endif
-                        -1);
-        assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
-
-        m->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
-        if (m->signal_fd < 0)
-                return -errno;
-
-        r = sd_event_add_io(m->event, &m->signal_event_source, m->signal_fd, EPOLLIN, manager_dispatch_signal_fd, m);
-        if (r < 0)
-                return r;
-
-        (void) sd_event_source_set_description(m->signal_event_source, "manager-signal");
-
-        /* Process signals a bit earlier than the rest of things, but later than notify_fd processing, so that the
-         * notify processing can still figure out to which process/service a message belongs, before we reap the
-         * process. Also, process this before handling cgroup notifications, so that we always collect child exit
-         * status information before detecting that there's no process in a cgroup. */
-        r = sd_event_source_set_priority(m->signal_event_source, SD_EVENT_PRIORITY_NORMAL-6);
-        if (r < 0)
-                return r;
-
-        if (MANAGER_IS_SYSTEM(m))
-                return enable_special_signals(m);
-
-        return 0;
-}
-
-static void manager_clean_environment(Manager *m) {
-        assert(m);
-
-        /* Let's remove some environment variables that we
-         * need ourselves to communicate with our clients */
-        strv_env_unset_many(
-                        m->environment,
-                        "NOTIFY_SOCKET",
-                        "MAINPID",
-                        "MANAGERPID",
-                        "LISTEN_PID",
-                        "LISTEN_FDS",
-                        "LISTEN_FDNAMES",
-                        "WATCHDOG_PID",
-                        "WATCHDOG_USEC",
-                        NULL);
-}
-
-static int manager_default_environment(Manager *m) {
-        assert(m);
-
-        if (MANAGER_IS_SYSTEM(m)) {
-                /* The system manager always starts with a clean
-                 * environment for its children. It does not import
-                 * the kernel or the parents exported variables.
-                 *
-                 * The initial passed environ is untouched to keep
-                 * /proc/self/environ valid; it is used for tagging
-                 * the init process inside containers. */
-                m->environment = strv_new("PATH=" DEFAULT_PATH,
-                                          NULL);
-
-                /* Import locale variables LC_*= from configuration */
-                locale_setup(&m->environment);
-        } else {
-                /* The user manager passes its own environment
-                 * along to its children. */
-                m->environment = strv_copy(environ);
-        }
-
-        if (!m->environment)
-                return -ENOMEM;
-
-        manager_clean_environment(m);
-        strv_sort(m->environment);
-
-        return 0;
-}
-
-
-int manager_new(UnitFileScope scope, bool test_run, Manager **_m) {
-        Manager *m;
-        int r;
-
-        assert(_m);
-        assert(IN_SET(scope, UNIT_FILE_SYSTEM, UNIT_FILE_USER));
-
-        m = new0(Manager, 1);
-        if (!m)
-                return -ENOMEM;
-
-        m->unit_file_scope = scope;
-        m->exit_code = _MANAGER_EXIT_CODE_INVALID;
-        m->default_timer_accuracy_usec = USEC_PER_MINUTE;
-        m->default_tasks_accounting = true;
-        m->default_tasks_max = UINT64_C(512);
-
-#ifdef ENABLE_EFI
-        if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0)
-                boot_timestamps(&m->userspace_timestamp, &m->firmware_timestamp, &m->loader_timestamp);
-#endif
-
-        /* Prepare log fields we can use for structured logging */
-        if (MANAGER_IS_SYSTEM(m)) {
-                m->unit_log_field = "UNIT=";
-                m->unit_log_format_string = "UNIT=%s";
-        } else {
-                m->unit_log_field = "USER_UNIT=";
-                m->unit_log_format_string = "USER_UNIT=%s";
-        }
-
-        m->idle_pipe[0] = m->idle_pipe[1] = m->idle_pipe[2] = m->idle_pipe[3] = -1;
-
-        m->pin_cgroupfs_fd = m->notify_fd = m->cgroups_agent_fd = m->signal_fd = m->time_change_fd =
-                m->dev_autofs_fd = m->private_listen_fd = m->kdbus_fd = m->cgroup_inotify_fd =
-                m->ask_password_inotify_fd = -1;
-
-        m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
-
-        m->have_ask_password = -EINVAL; /* we don't know */
-        m->first_boot = -1;
-
-        m->test_run = test_run;
-
-        /* Reboot immediately if the user hits C-A-D more often than 7x per 2s */
-        RATELIMIT_INIT(m->ctrl_alt_del_ratelimit, 2 * USEC_PER_SEC, 7);
-
-        r = manager_default_environment(m);
-        if (r < 0)
-                goto fail;
-
-        r = hashmap_ensure_allocated(&m->units, &string_hash_ops);
-        if (r < 0)
-                goto fail;
-
-        r = hashmap_ensure_allocated(&m->jobs, NULL);
-        if (r < 0)
-                goto fail;
-
-        r = hashmap_ensure_allocated(&m->cgroup_unit, &string_hash_ops);
-        if (r < 0)
-                goto fail;
-
-        r = hashmap_ensure_allocated(&m->watch_bus, &string_hash_ops);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_default(&m->event);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_add_defer(m->event, &m->run_queue_event_source, manager_dispatch_run_queue, m);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_priority(m->run_queue_event_source, SD_EVENT_PRIORITY_IDLE);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_enabled(m->run_queue_event_source, SD_EVENT_OFF);
-        if (r < 0)
-                goto fail;
-
-        (void) sd_event_source_set_description(m->run_queue_event_source, "manager-run-queue");
-
-        r = manager_setup_signals(m);
-        if (r < 0)
-                goto fail;
-
-        r = manager_setup_cgroup(m);
-        if (r < 0)
-                goto fail;
-
-        r = manager_setup_time_change(m);
-        if (r < 0)
-                goto fail;
-
-        m->udev = udev_new();
-        if (!m->udev) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        /* Note that we set up neither kdbus, nor the notify fd
-         * here. We do that after deserialization, since they might
-         * have gotten serialized across the reexec. */
-
-        m->taint_usr = dir_is_empty("/usr") > 0;
-
-        *_m = m;
-        return 0;
-
-fail:
-        manager_free(m);
-        return r;
-}
-
-static int manager_setup_notify(Manager *m) {
-        int r;
-
-        if (m->test_run)
-                return 0;
-
-        if (m->notify_fd < 0) {
-                _cleanup_close_ int fd = -1;
-                union sockaddr_union sa = {
-                        .sa.sa_family = AF_UNIX,
-                };
-                static const int one = 1;
-                const char *e;
-
-                /* First free all secondary fields */
-                m->notify_socket = mfree(m->notify_socket);
-                m->notify_event_source = sd_event_source_unref(m->notify_event_source);
-
-                fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-                if (fd < 0)
-                        return log_error_errno(errno, "Failed to allocate notification socket: %m");
-
-                fd_inc_rcvbuf(fd, NOTIFY_RCVBUF_SIZE);
-
-                e = manager_get_runtime_prefix(m);
-                if (!e) {
-                        log_error("Failed to determine runtime prefix.");
-                        return -EINVAL;
-                }
-
-                m->notify_socket = strappend(e, "/systemd/notify");
-                if (!m->notify_socket)
-                        return log_oom();
-
-                (void) mkdir_parents_label(m->notify_socket, 0755);
-                (void) unlink(m->notify_socket);
-
-                strncpy(sa.un.sun_path, m->notify_socket, sizeof(sa.un.sun_path)-1);
-                r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-                if (r < 0)
-                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
-
-                r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
-                if (r < 0)
-                        return log_error_errno(errno, "SO_PASSCRED failed: %m");
-
-                m->notify_fd = fd;
-                fd = -1;
-
-                log_debug("Using notification socket %s", m->notify_socket);
-        }
-
-        if (!m->notify_event_source) {
-                r = sd_event_add_io(m->event, &m->notify_event_source, m->notify_fd, EPOLLIN, manager_dispatch_notify_fd, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to allocate notify event source: %m");
-
-                /* Process notification messages a bit earlier than SIGCHLD, so that we can still identify to which
-                 * service an exit message belongs. */
-                r = sd_event_source_set_priority(m->notify_event_source, SD_EVENT_PRIORITY_NORMAL-7);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to set priority of notify event source: %m");
-
-                (void) sd_event_source_set_description(m->notify_event_source, "manager-notify");
-        }
-
-        return 0;
-}
-
-static int manager_setup_cgroups_agent(Manager *m) {
-
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/cgroups-agent",
-        };
-        int r;
-
-        /* This creates a listening socket we receive cgroups agent messages on. We do not use D-Bus for delivering
-         * these messages from the cgroups agent binary to PID 1, as the cgroups agent binary is very short-living, and
-         * each instance of it needs a new D-Bus connection. Since D-Bus connections are SOCK_STREAM/AF_UNIX, on
-         * overloaded systems the backlog of the D-Bus socket becomes relevant, as not more than the configured number
-         * of D-Bus connections may be queued until the kernel will start dropping further incoming connections,
-         * possibly resulting in lost cgroups agent messages. To avoid this, we'll use a private SOCK_DGRAM/AF_UNIX
-         * socket, where no backlog is relevant as communication may take place without an actual connect() cycle, and
-         * we thus won't lose messages.
-         *
-         * Note that PID 1 will forward the agent message to system bus, so that the user systemd instance may listen
-         * to it. The system instance hence listens on this special socket, but the user instances listen on the system
-         * bus for these messages. */
-
-        if (m->test_run)
-                return 0;
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return 0;
-
-        if (cg_unified() > 0) /* We don't need this anymore on the unified hierarchy */
-                return 0;
-
-        if (m->cgroups_agent_fd < 0) {
-                _cleanup_close_ int fd = -1;
-
-                /* First free all secondary fields */
-                m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
-
-                fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-                if (fd < 0)
-                        return log_error_errno(errno, "Failed to allocate cgroups agent socket: %m");
-
-                fd_inc_rcvbuf(fd, CGROUPS_AGENT_RCVBUF_SIZE);
-
-                (void) unlink(sa.un.sun_path);
-
-                /* Only allow root to connect to this socket */
-                RUN_WITH_UMASK(0077)
-                        r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-                if (r < 0)
-                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
-
-                m->cgroups_agent_fd = fd;
-                fd = -1;
-        }
-
-        if (!m->cgroups_agent_event_source) {
-                r = sd_event_add_io(m->event, &m->cgroups_agent_event_source, m->cgroups_agent_fd, EPOLLIN, manager_dispatch_cgroups_agent_fd, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to allocate cgroups agent event source: %m");
-
-                /* Process cgroups notifications early, but after having processed service notification messages or
-                 * SIGCHLD signals, so that a cgroup running empty is always just the last safety net of notification,
-                 * and we collected the metadata the notification and SIGCHLD stuff offers first. Also see handling of
-                 * cgroup inotify for the unified cgroup stuff. */
-                r = sd_event_source_set_priority(m->cgroups_agent_event_source, SD_EVENT_PRIORITY_NORMAL-5);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to set priority of cgroups agent event source: %m");
-
-                (void) sd_event_source_set_description(m->cgroups_agent_event_source, "manager-cgroups-agent");
-        }
-
-        return 0;
-}
-
-static int manager_setup_kdbus(Manager *m) {
-        _cleanup_free_ char *p = NULL;
-
-        assert(m);
-
-        if (m->test_run || m->kdbus_fd >= 0)
-                return 0;
-        if (!is_kdbus_available())
-                return -ESOCKTNOSUPPORT;
-
-        m->kdbus_fd = bus_kernel_create_bus(
-                        MANAGER_IS_SYSTEM(m) ? "system" : "user",
-                        MANAGER_IS_SYSTEM(m), &p);
-
-        if (m->kdbus_fd < 0)
-                return log_debug_errno(m->kdbus_fd, "Failed to set up kdbus: %m");
-
-        log_debug("Successfully set up kdbus on %s", p);
-
-        return 0;
-}
-
-static int manager_connect_bus(Manager *m, bool reexecuting) {
-        bool try_bus_connect;
-
-        assert(m);
-
-        if (m->test_run)
-                return 0;
-
-        try_bus_connect =
-                m->kdbus_fd >= 0 ||
-                reexecuting ||
-                (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS"));
-
-        /* Try to connect to the buses, if possible. */
-        return bus_init(m, try_bus_connect);
-}
-
-static unsigned manager_dispatch_cleanup_queue(Manager *m) {
-        Unit *u;
-        unsigned n = 0;
-
-        assert(m);
-
-        while ((u = m->cleanup_queue)) {
-                assert(u->in_cleanup_queue);
-
-                unit_free(u);
-                n++;
-        }
-
-        return n;
-}
-
-enum {
-        GC_OFFSET_IN_PATH,  /* This one is on the path we were traveling */
-        GC_OFFSET_UNSURE,   /* No clue */
-        GC_OFFSET_GOOD,     /* We still need this unit */
-        GC_OFFSET_BAD,      /* We don't need this unit anymore */
-        _GC_OFFSET_MAX
-};
-
-static void unit_gc_sweep(Unit *u, unsigned gc_marker) {
-        Iterator i;
-        Unit *other;
-        bool is_bad;
-
-        assert(u);
-
-        if (u->gc_marker == gc_marker + GC_OFFSET_GOOD ||
-            u->gc_marker == gc_marker + GC_OFFSET_BAD ||
-            u->gc_marker == gc_marker + GC_OFFSET_IN_PATH)
-                return;
-
-        if (u->in_cleanup_queue)
-                goto bad;
-
-        if (unit_check_gc(u))
-                goto good;
-
-        u->gc_marker = gc_marker + GC_OFFSET_IN_PATH;
-
-        is_bad = true;
-
-        SET_FOREACH(other, u->dependencies[UNIT_REFERENCED_BY], i) {
-                unit_gc_sweep(other, gc_marker);
-
-                if (other->gc_marker == gc_marker + GC_OFFSET_GOOD)
-                        goto good;
-
-                if (other->gc_marker != gc_marker + GC_OFFSET_BAD)
-                        is_bad = false;
-        }
-
-        if (is_bad)
-                goto bad;
-
-        /* We were unable to find anything out about this entry, so
-         * let's investigate it later */
-        u->gc_marker = gc_marker + GC_OFFSET_UNSURE;
-        unit_add_to_gc_queue(u);
-        return;
-
-bad:
-        /* We definitely know that this one is not useful anymore, so
-         * let's mark it for deletion */
-        u->gc_marker = gc_marker + GC_OFFSET_BAD;
-        unit_add_to_cleanup_queue(u);
-        return;
-
-good:
-        u->gc_marker = gc_marker + GC_OFFSET_GOOD;
-}
-
-static unsigned manager_dispatch_gc_queue(Manager *m) {
-        Unit *u;
-        unsigned n = 0;
-        unsigned gc_marker;
-
-        assert(m);
-
-        /* log_debug("Running GC..."); */
-
-        m->gc_marker += _GC_OFFSET_MAX;
-        if (m->gc_marker + _GC_OFFSET_MAX <= _GC_OFFSET_MAX)
-                m->gc_marker = 1;
-
-        gc_marker = m->gc_marker;
-
-        while ((u = m->gc_queue)) {
-                assert(u->in_gc_queue);
-
-                unit_gc_sweep(u, gc_marker);
-
-                LIST_REMOVE(gc_queue, m->gc_queue, u);
-                u->in_gc_queue = false;
-
-                n++;
-
-                if (u->gc_marker == gc_marker + GC_OFFSET_BAD ||
-                    u->gc_marker == gc_marker + GC_OFFSET_UNSURE) {
-                        if (u->id)
-                                log_unit_debug(u, "Collecting.");
-                        u->gc_marker = gc_marker + GC_OFFSET_BAD;
-                        unit_add_to_cleanup_queue(u);
-                }
-        }
-
-        m->n_in_gc_queue = 0;
-
-        return n;
-}
-
-static void manager_clear_jobs_and_units(Manager *m) {
-        Unit *u;
-
-        assert(m);
-
-        while ((u = hashmap_first(m->units)))
-                unit_free(u);
-
-        manager_dispatch_cleanup_queue(m);
-
-        assert(!m->load_queue);
-        assert(!m->run_queue);
-        assert(!m->dbus_unit_queue);
-        assert(!m->dbus_job_queue);
-        assert(!m->cleanup_queue);
-        assert(!m->gc_queue);
-
-        assert(hashmap_isempty(m->jobs));
-        assert(hashmap_isempty(m->units));
-
-        m->n_on_console = 0;
-        m->n_running_jobs = 0;
-}
-
-Manager* manager_free(Manager *m) {
-        UnitType c;
-        int i;
-
-        if (!m)
-                return NULL;
-
-        manager_clear_jobs_and_units(m);
-
-        for (c = 0; c < _UNIT_TYPE_MAX; c++)
-                if (unit_vtable[c]->shutdown)
-                        unit_vtable[c]->shutdown(m);
-
-        /* If we reexecute ourselves, we keep the root cgroup
-         * around */
-        manager_shutdown_cgroup(m, m->exit_code != MANAGER_REEXECUTE);
-
-        lookup_paths_flush_generator(&m->lookup_paths);
-
-        bus_done(m);
-
-        hashmap_free(m->units);
-        hashmap_free(m->jobs);
-        hashmap_free(m->watch_pids1);
-        hashmap_free(m->watch_pids2);
-        hashmap_free(m->watch_bus);
-
-        set_free(m->startup_units);
-        set_free(m->failed_units);
-
-        sd_event_source_unref(m->signal_event_source);
-        sd_event_source_unref(m->notify_event_source);
-        sd_event_source_unref(m->cgroups_agent_event_source);
-        sd_event_source_unref(m->time_change_event_source);
-        sd_event_source_unref(m->jobs_in_progress_event_source);
-        sd_event_source_unref(m->run_queue_event_source);
-
-        safe_close(m->signal_fd);
-        safe_close(m->notify_fd);
-        safe_close(m->cgroups_agent_fd);
-        safe_close(m->time_change_fd);
-        safe_close(m->kdbus_fd);
-
-        manager_close_ask_password(m);
-
-        manager_close_idle_pipe(m);
-
-        udev_unref(m->udev);
-        sd_event_unref(m->event);
-
-        free(m->notify_socket);
-
-        lookup_paths_free(&m->lookup_paths);
-        strv_free(m->environment);
-
-        hashmap_free(m->cgroup_unit);
-        set_free_free(m->unit_path_cache);
-
-        free(m->switch_root);
-        free(m->switch_root_init);
-
-        for (i = 0; i < _RLIMIT_MAX; i++)
-                m->rlimit[i] = mfree(m->rlimit[i]);
-
-        assert(hashmap_isempty(m->units_requiring_mounts_for));
-        hashmap_free(m->units_requiring_mounts_for);
-
-        free(m);
-        return NULL;
-}
-
-void manager_enumerate(Manager *m) {
-        UnitType c;
-
-        assert(m);
-
-        /* Let's ask every type to load all units from disk/kernel
-         * that it might know */
-        for (c = 0; c < _UNIT_TYPE_MAX; c++) {
-                if (!unit_type_supported(c)) {
-                        log_debug("Unit type .%s is not supported on this system.", unit_type_to_string(c));
-                        continue;
-                }
-
-                if (!unit_vtable[c]->enumerate)
-                        continue;
-
-                unit_vtable[c]->enumerate(m);
-        }
-
-        manager_dispatch_load_queue(m);
-}
-
-static void manager_coldplug(Manager *m) {
-        Iterator i;
-        Unit *u;
-        char *k;
-        int r;
-
-        assert(m);
-
-        /* Then, let's set up their initial state. */
-        HASHMAP_FOREACH_KEY(u, k, m->units, i) {
-
-                /* ignore aliases */
-                if (u->id != k)
-                        continue;
-
-                r = unit_coldplug(u);
-                if (r < 0)
-                        log_warning_errno(r, "We couldn't coldplug %s, proceeding anyway: %m", u->id);
-        }
-}
-
-static void manager_build_unit_path_cache(Manager *m) {
-        char **i;
-        int r;
-
-        assert(m);
-
-        set_free_free(m->unit_path_cache);
-
-        m->unit_path_cache = set_new(&string_hash_ops);
-        if (!m->unit_path_cache) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        /* This simply builds a list of files we know exist, so that
-         * we don't always have to go to disk */
-
-        STRV_FOREACH(i, m->lookup_paths.search_path) {
-                _cleanup_closedir_ DIR *d = NULL;
-                struct dirent *de;
-
-                d = opendir(*i);
-                if (!d) {
-                        if (errno != ENOENT)
-                                log_warning_errno(errno, "Failed to open directory %s, ignoring: %m", *i);
-                        continue;
-                }
-
-                FOREACH_DIRENT(de, d, r = -errno; goto fail) {
-                        char *p;
-
-                        p = strjoin(streq(*i, "/") ? "" : *i, "/", de->d_name, NULL);
-                        if (!p) {
-                                r = -ENOMEM;
-                                goto fail;
-                        }
-
-                        r = set_consume(m->unit_path_cache, p);
-                        if (r < 0)
-                                goto fail;
-                }
-        }
-
-        return;
-
-fail:
-        log_warning_errno(r, "Failed to build unit path cache, proceeding without: %m");
-        m->unit_path_cache = set_free_free(m->unit_path_cache);
-}
-
-static void manager_distribute_fds(Manager *m, FDSet *fds) {
-        Iterator i;
-        Unit *u;
-
-        assert(m);
-
-        HASHMAP_FOREACH(u, m->units, i) {
-
-                if (fdset_size(fds) <= 0)
-                        break;
-
-                if (!UNIT_VTABLE(u)->distribute_fds)
-                        continue;
-
-                UNIT_VTABLE(u)->distribute_fds(u, fds);
-        }
-}
-
-int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
-        int r, q;
-
-        assert(m);
-
-        r = lookup_paths_init(&m->lookup_paths, m->unit_file_scope, 0, NULL);
-        if (r < 0)
-                return r;
-
-        /* Make sure the transient directory always exists, so that it remains in the search path */
-        r = mkdir_p_label(m->lookup_paths.transient, 0755);
-        if (r < 0)
-                return r;
-
-        dual_timestamp_get(&m->generators_start_timestamp);
-        r = manager_run_generators(m);
-        dual_timestamp_get(&m->generators_finish_timestamp);
-        if (r < 0)
-                return r;
-
-        lookup_paths_reduce(&m->lookup_paths);
-        manager_build_unit_path_cache(m);
-
-        /* If we will deserialize make sure that during enumeration
-         * this is already known, so we increase the counter here
-         * already */
-        if (serialization)
-                m->n_reloading++;
-
-        /* First, enumerate what we can from all config files */
-        dual_timestamp_get(&m->units_load_start_timestamp);
-        manager_enumerate(m);
-        dual_timestamp_get(&m->units_load_finish_timestamp);
-
-        /* Second, deserialize if there is something to deserialize */
-        if (serialization)
-                r = manager_deserialize(m, serialization, fds);
-
-        /* Any fds left? Find some unit which wants them. This is
-         * useful to allow container managers to pass some file
-         * descriptors to us pre-initialized. This enables
-         * socket-based activation of entire containers. */
-        manager_distribute_fds(m, fds);
-
-        /* We might have deserialized the notify fd, but if we didn't
-         * then let's create the bus now */
-        q = manager_setup_notify(m);
-        if (q < 0 && r == 0)
-                r = q;
-
-        q = manager_setup_cgroups_agent(m);
-        if (q < 0 && r == 0)
-                r = q;
-
-        /* We might have deserialized the kdbus control fd, but if we
-         * didn't, then let's create the bus now. */
-        manager_setup_kdbus(m);
-        manager_connect_bus(m, !!serialization);
-        bus_track_coldplug(m, &m->subscribed, &m->deserialized_subscribed);
-
-        /* Third, fire things up! */
-        manager_coldplug(m);
-
-        if (serialization) {
-                assert(m->n_reloading > 0);
-                m->n_reloading--;
-
-                /* Let's wait for the UnitNew/JobNew messages being
-                 * sent, before we notify that the reload is
-                 * finished */
-                m->send_reloading_done = true;
-        }
-
-        return r;
-}
-
-int manager_add_job(Manager *m, JobType type, Unit *unit, JobMode mode, sd_bus_error *e, Job **_ret) {
-        int r;
-        Transaction *tr;
-
-        assert(m);
-        assert(type < _JOB_TYPE_MAX);
-        assert(unit);
-        assert(mode < _JOB_MODE_MAX);
-
-        if (mode == JOB_ISOLATE && type != JOB_START)
-                return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Isolate is only valid for start.");
-
-        if (mode == JOB_ISOLATE && !unit->allow_isolate)
-                return sd_bus_error_setf(e, BUS_ERROR_NO_ISOLATION, "Operation refused, unit may not be isolated.");
-
-        log_unit_debug(unit, "Trying to enqueue job %s/%s/%s", unit->id, job_type_to_string(type), job_mode_to_string(mode));
-
-        type = job_type_collapse(type, unit);
-
-        tr = transaction_new(mode == JOB_REPLACE_IRREVERSIBLY);
-        if (!tr)
-                return -ENOMEM;
-
-        r = transaction_add_job_and_dependencies(tr, type, unit, NULL, true, false,
-                                                 mode == JOB_IGNORE_DEPENDENCIES || mode == JOB_IGNORE_REQUIREMENTS,
-                                                 mode == JOB_IGNORE_DEPENDENCIES, e);
-        if (r < 0)
-                goto tr_abort;
-
-        if (mode == JOB_ISOLATE) {
-                r = transaction_add_isolate_jobs(tr, m);
-                if (r < 0)
-                        goto tr_abort;
-        }
-
-        r = transaction_activate(tr, m, mode, e);
-        if (r < 0)
-                goto tr_abort;
-
-        log_unit_debug(unit,
-                       "Enqueued job %s/%s as %u", unit->id,
-                       job_type_to_string(type), (unsigned) tr->anchor_job->id);
-
-        if (_ret)
-                *_ret = tr->anchor_job;
-
-        transaction_free(tr);
-        return 0;
-
-tr_abort:
-        transaction_abort(tr);
-        transaction_free(tr);
-        return r;
-}
-
-int manager_add_job_by_name(Manager *m, JobType type, const char *name, JobMode mode, sd_bus_error *e, Job **ret) {
-        Unit *unit;
-        int r;
-
-        assert(m);
-        assert(type < _JOB_TYPE_MAX);
-        assert(name);
-        assert(mode < _JOB_MODE_MAX);
-
-        r = manager_load_unit(m, name, NULL, NULL, &unit);
-        if (r < 0)
-                return r;
-
-        return manager_add_job(m, type, unit, mode, e, ret);
-}
-
-int manager_add_job_by_name_and_warn(Manager *m, JobType type, const char *name, JobMode mode, Job **ret) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(m);
-        assert(type < _JOB_TYPE_MAX);
-        assert(name);
-        assert(mode < _JOB_MODE_MAX);
-
-        r = manager_add_job_by_name(m, type, name, mode, &error, ret);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to enqueue %s job for %s: %s", job_mode_to_string(mode), name, bus_error_message(&error, r));
-
-        return r;
-}
-
-Job *manager_get_job(Manager *m, uint32_t id) {
-        assert(m);
-
-        return hashmap_get(m->jobs, UINT32_TO_PTR(id));
-}
-
-Unit *manager_get_unit(Manager *m, const char *name) {
-        assert(m);
-        assert(name);
-
-        return hashmap_get(m->units, name);
-}
-
-unsigned manager_dispatch_load_queue(Manager *m) {
-        Unit *u;
-        unsigned n = 0;
-
-        assert(m);
-
-        /* Make sure we are not run recursively */
-        if (m->dispatching_load_queue)
-                return 0;
-
-        m->dispatching_load_queue = true;
-
-        /* Dispatches the load queue. Takes a unit from the queue and
-         * tries to load its data until the queue is empty */
-
-        while ((u = m->load_queue)) {
-                assert(u->in_load_queue);
-
-                unit_load(u);
-                n++;
-        }
-
-        m->dispatching_load_queue = false;
-        return n;
-}
-
-int manager_load_unit_prepare(
-                Manager *m,
-                const char *name,
-                const char *path,
-                sd_bus_error *e,
-                Unit **_ret) {
-
-        Unit *ret;
-        UnitType t;
-        int r;
-
-        assert(m);
-        assert(name || path);
-
-        /* This will prepare the unit for loading, but not actually
-         * load anything from disk. */
-
-        if (path && !is_path(path))
-                return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute.", path);
-
-        if (!name)
-                name = basename(path);
-
-        t = unit_name_to_type(name);
-
-        if (t == _UNIT_TYPE_INVALID || !unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) {
-                if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE))
-                        return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is missing the instance name.", name);
-
-                return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is not valid.", name);
-        }
-
-        ret = manager_get_unit(m, name);
-        if (ret) {
-                *_ret = ret;
-                return 1;
-        }
-
-        ret = unit_new(m, unit_vtable[t]->object_size);
-        if (!ret)
-                return -ENOMEM;
-
-        if (path) {
-                ret->fragment_path = strdup(path);
-                if (!ret->fragment_path) {
-                        unit_free(ret);
-                        return -ENOMEM;
-                }
-        }
-
-        r = unit_add_name(ret, name);
-        if (r < 0) {
-                unit_free(ret);
-                return r;
-        }
-
-        unit_add_to_load_queue(ret);
-        unit_add_to_dbus_queue(ret);
-        unit_add_to_gc_queue(ret);
-
-        if (_ret)
-                *_ret = ret;
-
-        return 0;
-}
-
-int manager_load_unit(
-                Manager *m,
-                const char *name,
-                const char *path,
-                sd_bus_error *e,
-                Unit **_ret) {
-
-        int r;
-
-        assert(m);
-
-        /* This will load the service information files, but not actually
-         * start any services or anything. */
-
-        r = manager_load_unit_prepare(m, name, path, e, _ret);
-        if (r != 0)
-                return r;
-
-        manager_dispatch_load_queue(m);
-
-        if (_ret)
-                *_ret = unit_follow_merge(*_ret);
-
-        return 0;
-}
-
-void manager_dump_jobs(Manager *s, FILE *f, const char *prefix) {
-        Iterator i;
-        Job *j;
-
-        assert(s);
-        assert(f);
-
-        HASHMAP_FOREACH(j, s->jobs, i)
-                job_dump(j, f, prefix);
-}
-
-void manager_dump_units(Manager *s, FILE *f, const char *prefix) {
-        Iterator i;
-        Unit *u;
-        const char *t;
-
-        assert(s);
-        assert(f);
-
-        HASHMAP_FOREACH_KEY(u, t, s->units, i)
-                if (u->id == t)
-                        unit_dump(u, f, prefix);
-}
-
-void manager_clear_jobs(Manager *m) {
-        Job *j;
-
-        assert(m);
-
-        while ((j = hashmap_first(m->jobs)))
-                /* No need to recurse. We're cancelling all jobs. */
-                job_finish_and_invalidate(j, JOB_CANCELED, false, false);
-}
-
-static int manager_dispatch_run_queue(sd_event_source *source, void *userdata) {
-        Manager *m = userdata;
-        Job *j;
-
-        assert(source);
-        assert(m);
-
-        while ((j = m->run_queue)) {
-                assert(j->installed);
-                assert(j->in_run_queue);
-
-                job_run_and_invalidate(j);
-        }
-
-        if (m->n_running_jobs > 0)
-                manager_watch_jobs_in_progress(m);
-
-        if (m->n_on_console > 0)
-                manager_watch_idle_pipe(m);
-
-        return 1;
-}
-
-static unsigned manager_dispatch_dbus_queue(Manager *m) {
-        Job *j;
-        Unit *u;
-        unsigned n = 0;
-
-        assert(m);
-
-        if (m->dispatching_dbus_queue)
-                return 0;
-
-        m->dispatching_dbus_queue = true;
-
-        while ((u = m->dbus_unit_queue)) {
-                assert(u->in_dbus_queue);
-
-                bus_unit_send_change_signal(u);
-                n++;
-        }
-
-        while ((j = m->dbus_job_queue)) {
-                assert(j->in_dbus_queue);
-
-                bus_job_send_change_signal(j);
-                n++;
-        }
-
-        m->dispatching_dbus_queue = false;
-
-        if (m->send_reloading_done) {
-                m->send_reloading_done = false;
-
-                bus_manager_send_reloading(m, false);
-        }
-
-        if (m->queued_message)
-                bus_send_queued_message(m);
-
-        return n;
-}
-
-static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-        char buf[PATH_MAX+1];
-        ssize_t n;
-
-        n = recv(fd, buf, sizeof(buf), 0);
-        if (n < 0)
-                return log_error_errno(errno, "Failed to read cgroups agent message: %m");
-        if (n == 0) {
-                log_error("Got zero-length cgroups agent message, ignoring.");
-                return 0;
-        }
-        if ((size_t) n >= sizeof(buf)) {
-                log_error("Got overly long cgroups agent message, ignoring.");
-                return 0;
-        }
-
-        if (memchr(buf, 0, n)) {
-                log_error("Got cgroups agent message with embedded NUL byte, ignoring.");
-                return 0;
-        }
-        buf[n] = 0;
-
-        manager_notify_cgroup_empty(m, buf);
-        bus_forward_agent_released(m, buf);
-
-        return 0;
-}
-
-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
-        _cleanup_strv_free_ char **tags = NULL;
-
-        assert(m);
-        assert(u);
-        assert(buf);
-        assert(n > 0);
-
-        tags = strv_split(buf, "\n\r");
-        if (!tags) {
-                log_oom();
-                return;
-        }
-
-        if (UNIT_VTABLE(u)->notify_message)
-                UNIT_VTABLE(u)->notify_message(u, pid, tags, fds);
-        else
-                log_unit_debug(u, "Got notification message for unit. Ignoring.");
-}
-
-static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        _cleanup_fdset_free_ FDSet *fds = NULL;
-        Manager *m = userdata;
-
-        char buf[NOTIFY_BUFFER_MAX+1];
-        struct iovec iovec = {
-                .iov_base = buf,
-                .iov_len = sizeof(buf)-1,
-        };
-        union {
-                struct cmsghdr cmsghdr;
-                uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
-                            CMSG_SPACE(sizeof(int) * NOTIFY_FD_MAX)];
-        } control = {};
-        struct msghdr msghdr = {
-                .msg_iov = &iovec,
-                .msg_iovlen = 1,
-                .msg_control = &control,
-                .msg_controllen = sizeof(control),
-        };
-
-        struct cmsghdr *cmsg;
-        struct ucred *ucred = NULL;
-        bool found = false;
-        Unit *u1, *u2, *u3;
-        int r, *fd_array = NULL;
-        unsigned n_fds = 0;
-        ssize_t n;
-
-        assert(m);
-        assert(m->notify_fd == fd);
-
-        if (revents != EPOLLIN) {
-                log_warning("Got unexpected poll event for notify fd.");
-                return 0;
-        }
-
-        n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (n < 0) {
-                if (errno == EAGAIN || errno == EINTR)
-                        return 0;
-
-                return -errno;
-        }
-
-        CMSG_FOREACH(cmsg, &msghdr) {
-                if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
-
-                        fd_array = (int*) CMSG_DATA(cmsg);
-                        n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
-
-                } else if (cmsg->cmsg_level == SOL_SOCKET &&
-                           cmsg->cmsg_type == SCM_CREDENTIALS &&
-                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
-
-                        ucred = (struct ucred*) CMSG_DATA(cmsg);
-                }
-        }
-
-        if (n_fds > 0) {
-                assert(fd_array);
-
-                r = fdset_new_array(&fds, fd_array, n_fds);
-                if (r < 0) {
-                        close_many(fd_array, n_fds);
-                        return log_oom();
-                }
-        }
-
-        if (!ucred || ucred->pid <= 0) {
-                log_warning("Received notify message without valid credentials. Ignoring.");
-                return 0;
-        }
-
-        if ((size_t) n >= sizeof(buf)) {
-                log_warning("Received notify message exceeded maximum size. Ignoring.");
-                return 0;
-        }
-
-        buf[n] = 0;
-
-        /* Notify every unit that might be interested, but try
-         * to avoid notifying the same one multiple times. */
-        u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
-        if (u1) {
-                manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
-                found = true;
-        }
-
-        u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
-        if (u2 && u2 != u1) {
-                manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
-                found = true;
-        }
-
-        u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
-        if (u3 && u3 != u2 && u3 != u1) {
-                manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
-                found = true;
-        }
-
-        if (!found)
-                log_warning("Cannot find unit for notify message of PID "PID_FMT".", ucred->pid);
-
-        if (fdset_size(fds) > 0)
-                log_warning("Got auxiliary fds with notification message, closing all.");
-
-        return 0;
-}
-
-static void invoke_sigchld_event(Manager *m, Unit *u, const siginfo_t *si) {
-        assert(m);
-        assert(u);
-        assert(si);
-
-        log_unit_debug(u, "Child "PID_FMT" belongs to %s", si->si_pid, u->id);
-
-        unit_unwatch_pid(u, si->si_pid);
-
-        if (UNIT_VTABLE(u)->sigchld_event)
-                UNIT_VTABLE(u)->sigchld_event(u, si->si_pid, si->si_code, si->si_status);
-}
-
-static int manager_dispatch_sigchld(Manager *m) {
-        assert(m);
-
-        for (;;) {
-                siginfo_t si = {};
-
-                /* First we call waitd() for a PID and do not reap the
-                 * zombie. That way we can still access /proc/$PID for
-                 * it while it is a zombie. */
-                if (waitid(P_ALL, 0, &si, WEXITED|WNOHANG|WNOWAIT) < 0) {
-
-                        if (errno == ECHILD)
-                                break;
-
-                        if (errno == EINTR)
-                                continue;
-
-                        return -errno;
-                }
-
-                if (si.si_pid <= 0)
-                        break;
-
-                if (si.si_code == CLD_EXITED || si.si_code == CLD_KILLED || si.si_code == CLD_DUMPED) {
-                        _cleanup_free_ char *name = NULL;
-                        Unit *u1, *u2, *u3;
-
-                        get_process_comm(si.si_pid, &name);
-
-                        log_debug("Child "PID_FMT" (%s) died (code=%s, status=%i/%s)",
-                                  si.si_pid, strna(name),
-                                  sigchld_code_to_string(si.si_code),
-                                  si.si_status,
-                                  strna(si.si_code == CLD_EXITED
-                                        ? exit_status_to_string(si.si_status, EXIT_STATUS_FULL)
-                                        : signal_to_string(si.si_status)));
-
-                        /* And now figure out the unit this belongs
-                         * to, it might be multiple... */
-                        u1 = manager_get_unit_by_pid_cgroup(m, si.si_pid);
-                        if (u1)
-                                invoke_sigchld_event(m, u1, &si);
-                        u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(si.si_pid));
-                        if (u2 && u2 != u1)
-                                invoke_sigchld_event(m, u2, &si);
-                        u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(si.si_pid));
-                        if (u3 && u3 != u2 && u3 != u1)
-                                invoke_sigchld_event(m, u3, &si);
-                }
-
-                /* And now, we actually reap the zombie. */
-                if (waitid(P_PID, si.si_pid, &si, WEXITED) < 0) {
-                        if (errno == EINTR)
-                                continue;
-
-                        return -errno;
-                }
-        }
-
-        return 0;
-}
-
-static int manager_start_target(Manager *m, const char *name, JobMode mode) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        log_debug("Activating special unit %s", name);
-
-        r = manager_add_job_by_name(m, JOB_START, name, mode, &error, NULL);
-        if (r < 0)
-                log_error("Failed to enqueue %s job: %s", name, bus_error_message(&error, r));
-
-        return r;
-}
-
-static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-        ssize_t n;
-        struct signalfd_siginfo sfsi;
-        bool sigchld = false;
-        int r;
-
-        assert(m);
-        assert(m->signal_fd == fd);
-
-        if (revents != EPOLLIN) {
-                log_warning("Got unexpected events from signal file descriptor.");
-                return 0;
-        }
-
-        for (;;) {
-                n = read(m->signal_fd, &sfsi, sizeof(sfsi));
-                if (n != sizeof(sfsi)) {
-
-                        if (n >= 0)
-                                return -EIO;
-
-                        if (errno == EINTR || errno == EAGAIN)
-                                break;
-
-                        return -errno;
-                }
-
-                log_received_signal(sfsi.ssi_signo == SIGCHLD ||
-                                    (sfsi.ssi_signo == SIGTERM && MANAGER_IS_USER(m))
-                                    ? LOG_DEBUG : LOG_INFO,
-                                    &sfsi);
-
-                switch (sfsi.ssi_signo) {
-
-                case SIGCHLD:
-                        sigchld = true;
-                        break;
-
-                case SIGTERM:
-                        if (MANAGER_IS_SYSTEM(m)) {
-                                /* This is for compatibility with the
-                                 * original sysvinit */
-                                m->exit_code = MANAGER_REEXECUTE;
-                                break;
-                        }
-
-                        /* Fall through */
-
-                case SIGINT:
-                        if (MANAGER_IS_SYSTEM(m)) {
-
-                                /* If the user presses C-A-D more than
-                                 * 7 times within 2s, we reboot
-                                 * immediately. */
-
-                                if (ratelimit_test(&m->ctrl_alt_del_ratelimit))
-                                        manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
-                                else {
-                                        log_notice("Ctrl-Alt-Del was pressed more than 7 times within 2s, rebooting immediately.");
-                                        status_printf(NULL, true, false, "Ctrl-Alt-Del was pressed more than 7 times within 2s, rebooting immediately.");
-                                        m->exit_code = MANAGER_REBOOT;
-                                }
-
-                                break;
-                        }
-
-                        /* Run the exit target if there is one, if not, just exit. */
-                        if (manager_start_target(m, SPECIAL_EXIT_TARGET, JOB_REPLACE) < 0) {
-                                m->exit_code = MANAGER_EXIT;
-                                return 0;
-                        }
-
-                        break;
-
-                case SIGWINCH:
-                        if (MANAGER_IS_SYSTEM(m))
-                                manager_start_target(m, SPECIAL_KBREQUEST_TARGET, JOB_REPLACE);
-
-                        /* This is a nop on non-init */
-                        break;
-
-                case SIGPWR:
-                        if (MANAGER_IS_SYSTEM(m))
-                                manager_start_target(m, SPECIAL_SIGPWR_TARGET, JOB_REPLACE);
-
-                        /* This is a nop on non-init */
-                        break;
-
-                case SIGUSR1: {
-                        Unit *u;
-
-                        u = manager_get_unit(m, SPECIAL_DBUS_SERVICE);
-
-                        if (!u || UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u))) {
-                                log_info("Trying to reconnect to bus...");
-                                bus_init(m, true);
-                        }
-
-                        if (!u || !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u))) {
-                                log_info("Loading D-Bus service...");
-                                manager_start_target(m, SPECIAL_DBUS_SERVICE, JOB_REPLACE);
-                        }
-
-                        break;
-                }
-
-                case SIGUSR2: {
-                        _cleanup_free_ char *dump = NULL;
-                        _cleanup_fclose_ FILE *f = NULL;
-                        size_t size;
-
-                        f = open_memstream(&dump, &size);
-                        if (!f) {
-                                log_warning_errno(errno, "Failed to allocate memory stream: %m");
-                                break;
-                        }
-
-                        manager_dump_units(m, f, "\t");
-                        manager_dump_jobs(m, f, "\t");
-
-                        r = fflush_and_check(f);
-                        if (r < 0) {
-                                log_warning_errno(r, "Failed to write status stream: %m");
-                                break;
-                        }
-
-                        log_dump(LOG_INFO, dump);
-                        break;
-                }
-
-                case SIGHUP:
-                        m->exit_code = MANAGER_RELOAD;
-                        break;
-
-                default: {
-
-                        /* Starting SIGRTMIN+0 */
-                        static const char * const target_table[] = {
-                                [0] = SPECIAL_DEFAULT_TARGET,
-                                [1] = SPECIAL_RESCUE_TARGET,
-                                [2] = SPECIAL_EMERGENCY_TARGET,
-                                [3] = SPECIAL_HALT_TARGET,
-                                [4] = SPECIAL_POWEROFF_TARGET,
-                                [5] = SPECIAL_REBOOT_TARGET,
-                                [6] = SPECIAL_KEXEC_TARGET
-                        };
-
-                        /* Starting SIGRTMIN+13, so that target halt and system halt are 10 apart */
-                        static const ManagerExitCode code_table[] = {
-                                [0] = MANAGER_HALT,
-                                [1] = MANAGER_POWEROFF,
-                                [2] = MANAGER_REBOOT,
-                                [3] = MANAGER_KEXEC
-                        };
-
-                        if ((int) sfsi.ssi_signo >= SIGRTMIN+0 &&
-                            (int) sfsi.ssi_signo < SIGRTMIN+(int) ELEMENTSOF(target_table)) {
-                                int idx = (int) sfsi.ssi_signo - SIGRTMIN;
-                                manager_start_target(m, target_table[idx],
-                                                     (idx == 1 || idx == 2) ? JOB_ISOLATE : JOB_REPLACE);
-                                break;
-                        }
-
-                        if ((int) sfsi.ssi_signo >= SIGRTMIN+13 &&
-                            (int) sfsi.ssi_signo < SIGRTMIN+13+(int) ELEMENTSOF(code_table)) {
-                                m->exit_code = code_table[sfsi.ssi_signo - SIGRTMIN - 13];
-                                break;
-                        }
-
-                        switch (sfsi.ssi_signo - SIGRTMIN) {
-
-                        case 20:
-                                manager_set_show_status(m, SHOW_STATUS_YES);
-                                break;
-
-                        case 21:
-                                manager_set_show_status(m, SHOW_STATUS_NO);
-                                break;
-
-                        case 22:
-                                log_set_max_level(LOG_DEBUG);
-                                log_info("Setting log level to debug.");
-                                break;
-
-                        case 23:
-                                log_set_max_level(LOG_INFO);
-                                log_info("Setting log level to info.");
-                                break;
-
-                        case 24:
-                                if (MANAGER_IS_USER(m)) {
-                                        m->exit_code = MANAGER_EXIT;
-                                        return 0;
-                                }
-
-                                /* This is a nop on init */
-                                break;
-
-                        case 26:
-                        case 29: /* compatibility: used to be mapped to LOG_TARGET_SYSLOG_OR_KMSG */
-                                log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
-                                log_notice("Setting log target to journal-or-kmsg.");
-                                break;
-
-                        case 27:
-                                log_set_target(LOG_TARGET_CONSOLE);
-                                log_notice("Setting log target to console.");
-                                break;
-
-                        case 28:
-                                log_set_target(LOG_TARGET_KMSG);
-                                log_notice("Setting log target to kmsg.");
-                                break;
-
-                        default:
-                                log_warning("Got unhandled signal <%s>.", signal_to_string(sfsi.ssi_signo));
-                        }
-                }
-                }
-        }
-
-        if (sigchld)
-                manager_dispatch_sigchld(m);
-
-        return 0;
-}
-
-static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-        Iterator i;
-        Unit *u;
-
-        assert(m);
-        assert(m->time_change_fd == fd);
-
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_TIME_CHANGE),
-                   LOG_MESSAGE("Time has been changed"),
-                   NULL);
-
-        /* Restart the watch */
-        m->time_change_event_source = sd_event_source_unref(m->time_change_event_source);
-        m->time_change_fd = safe_close(m->time_change_fd);
-
-        manager_setup_time_change(m);
-
-        HASHMAP_FOREACH(u, m->units, i)
-                if (UNIT_VTABLE(u)->time_change)
-                        UNIT_VTABLE(u)->time_change(u);
-
-        return 0;
-}
-
-static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-
-        assert(m);
-        assert(m->idle_pipe[2] == fd);
-
-        m->no_console_output = m->n_on_console > 0;
-
-        manager_close_idle_pipe(m);
-
-        return 0;
-}
-
-static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata) {
-        Manager *m = userdata;
-        int r;
-        uint64_t next;
-
-        assert(m);
-        assert(source);
-
-        manager_print_jobs_in_progress(m);
-
-        next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_PERIOD_USEC;
-        r = sd_event_source_set_time(source, next);
-        if (r < 0)
-                return r;
-
-        return sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
-}
-
-int manager_loop(Manager *m) {
-        int r;
-
-        RATELIMIT_DEFINE(rl, 1*USEC_PER_SEC, 50000);
-
-        assert(m);
-        m->exit_code = MANAGER_OK;
-
-        /* Release the path cache */
-        m->unit_path_cache = set_free_free(m->unit_path_cache);
-
-        manager_check_finished(m);
-
-        /* There might still be some zombies hanging around from
-         * before we were exec()'ed. Let's reap them. */
-        r = manager_dispatch_sigchld(m);
-        if (r < 0)
-                return r;
-
-        while (m->exit_code == MANAGER_OK) {
-                usec_t wait_usec;
-
-                if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m))
-                        watchdog_ping();
-
-                if (!ratelimit_test(&rl)) {
-                        /* Yay, something is going seriously wrong, pause a little */
-                        log_warning("Looping too fast. Throttling execution a little.");
-                        sleep(1);
-                }
-
-                if (manager_dispatch_load_queue(m) > 0)
-                        continue;
-
-                if (manager_dispatch_gc_queue(m) > 0)
-                        continue;
-
-                if (manager_dispatch_cleanup_queue(m) > 0)
-                        continue;
-
-                if (manager_dispatch_cgroup_queue(m) > 0)
-                        continue;
-
-                if (manager_dispatch_dbus_queue(m) > 0)
-                        continue;
-
-                /* Sleep for half the watchdog time */
-                if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m)) {
-                        wait_usec = m->runtime_watchdog / 2;
-                        if (wait_usec <= 0)
-                                wait_usec = 1;
-                } else
-                        wait_usec = USEC_INFINITY;
-
-                r = sd_event_run(m->event, wait_usec);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to run event loop: %m");
-        }
-
-        return m->exit_code;
-}
-
-int manager_load_unit_from_dbus_path(Manager *m, const char *s, sd_bus_error *e, Unit **_u) {
-        _cleanup_free_ char *n = NULL;
-        Unit *u;
-        int r;
-
-        assert(m);
-        assert(s);
-        assert(_u);
-
-        r = unit_name_from_dbus_path(s, &n);
-        if (r < 0)
-                return r;
-
-        r = manager_load_unit(m, n, NULL, e, &u);
-        if (r < 0)
-                return r;
-
-        *_u = u;
-
-        return 0;
-}
-
-int manager_get_job_from_dbus_path(Manager *m, const char *s, Job **_j) {
-        const char *p;
-        unsigned id;
-        Job *j;
-        int r;
-
-        assert(m);
-        assert(s);
-        assert(_j);
-
-        p = startswith(s, "/org/freedesktop/systemd1/job/");
-        if (!p)
-                return -EINVAL;
-
-        r = safe_atou(p, &id);
-        if (r < 0)
-                return r;
-
-        j = manager_get_job(m, id);
-        if (!j)
-                return -ENOENT;
-
-        *_j = j;
-
-        return 0;
-}
-
-void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
-
-#ifdef HAVE_AUDIT
-        _cleanup_free_ char *p = NULL;
-        const char *msg;
-        int audit_fd, r;
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return;
-
-        audit_fd = get_audit_fd();
-        if (audit_fd < 0)
-                return;
-
-        /* Don't generate audit events if the service was already
-         * started and we're just deserializing */
-        if (MANAGER_IS_RELOADING(m))
-                return;
-
-        if (u->type != UNIT_SERVICE)
-                return;
-
-        r = unit_name_to_prefix_and_instance(u->id, &p);
-        if (r < 0) {
-                log_error_errno(r, "Failed to extract prefix and instance of unit name: %m");
-                return;
-        }
-
-        msg = strjoina("unit=", p);
-        if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
-                if (errno == EPERM)
-                        /* We aren't allowed to send audit messages?
-                         * Then let's not retry again. */
-                        close_audit_fd();
-                else
-                        log_warning_errno(errno, "Failed to send audit message: %m");
-        }
-#endif
-
-}
-
-void manager_send_unit_plymouth(Manager *m, Unit *u) {
-        static const union sockaddr_union sa = PLYMOUTH_SOCKET;
-        _cleanup_free_ char *message = NULL;
-        _cleanup_close_ int fd = -1;
-        int n = 0;
-
-        /* Don't generate plymouth events if the service was already
-         * started and we're just deserializing */
-        if (MANAGER_IS_RELOADING(m))
-                return;
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return;
-
-        if (detect_container() > 0)
-                return;
-
-        if (u->type != UNIT_SERVICE &&
-            u->type != UNIT_MOUNT &&
-            u->type != UNIT_SWAP)
-                return;
-
-        /* We set SOCK_NONBLOCK here so that we rather drop the
-         * message then wait for plymouth */
-        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-        if (fd < 0) {
-                log_error_errno(errno, "socket() failed: %m");
-                return;
-        }
-
-        if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
-
-                if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
-                        log_error_errno(errno, "connect() failed: %m");
-                return;
-        }
-
-        if (asprintf(&message, "U\002%c%s%n", (int) (strlen(u->id) + 1), u->id, &n) < 0) {
-                log_oom();
-                return;
-        }
-
-        errno = 0;
-        if (write(fd, message, n + 1) != n + 1)
-                if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
-                        log_error_errno(errno, "Failed to write Plymouth message: %m");
-}
-
-int manager_open_serialization(Manager *m, FILE **_f) {
-        const char *path;
-        int fd = -1;
-        FILE *f;
-
-        assert(_f);
-
-        path = MANAGER_IS_SYSTEM(m) ? "/run/systemd" : "/tmp";
-        fd = open_tmpfile_unlinkable(path, O_RDWR|O_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        log_debug("Serializing state to %s", path);
-
-        f = fdopen(fd, "w+");
-        if (!f) {
-                safe_close(fd);
-                return -errno;
-        }
-
-        *_f = f;
-
-        return 0;
-}
-
-int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
-        Iterator i;
-        Unit *u;
-        const char *t;
-        char **e;
-        int r;
-
-        assert(m);
-        assert(f);
-        assert(fds);
-
-        m->n_reloading++;
-
-        fprintf(f, "current-job-id=%"PRIu32"\n", m->current_job_id);
-        fprintf(f, "taint-usr=%s\n", yes_no(m->taint_usr));
-        fprintf(f, "n-installed-jobs=%u\n", m->n_installed_jobs);
-        fprintf(f, "n-failed-jobs=%u\n", m->n_failed_jobs);
-
-        dual_timestamp_serialize(f, "firmware-timestamp", &m->firmware_timestamp);
-        dual_timestamp_serialize(f, "loader-timestamp", &m->loader_timestamp);
-        dual_timestamp_serialize(f, "kernel-timestamp", &m->kernel_timestamp);
-        dual_timestamp_serialize(f, "initrd-timestamp", &m->initrd_timestamp);
-
-        if (!in_initrd()) {
-                dual_timestamp_serialize(f, "userspace-timestamp", &m->userspace_timestamp);
-                dual_timestamp_serialize(f, "finish-timestamp", &m->finish_timestamp);
-                dual_timestamp_serialize(f, "security-start-timestamp", &m->security_start_timestamp);
-                dual_timestamp_serialize(f, "security-finish-timestamp", &m->security_finish_timestamp);
-                dual_timestamp_serialize(f, "generators-start-timestamp", &m->generators_start_timestamp);
-                dual_timestamp_serialize(f, "generators-finish-timestamp", &m->generators_finish_timestamp);
-                dual_timestamp_serialize(f, "units-load-start-timestamp", &m->units_load_start_timestamp);
-                dual_timestamp_serialize(f, "units-load-finish-timestamp", &m->units_load_finish_timestamp);
-        }
-
-        if (!switching_root) {
-                STRV_FOREACH(e, m->environment) {
-                        _cleanup_free_ char *ce;
-
-                        ce = cescape(*e);
-                        if (!ce)
-                                return -ENOMEM;
-
-                        fprintf(f, "env=%s\n", *e);
-                }
-        }
-
-        if (m->notify_fd >= 0) {
-                int copy;
-
-                copy = fdset_put_dup(fds, m->notify_fd);
-                if (copy < 0)
-                        return copy;
-
-                fprintf(f, "notify-fd=%i\n", copy);
-                fprintf(f, "notify-socket=%s\n", m->notify_socket);
-        }
-
-        if (m->cgroups_agent_fd >= 0) {
-                int copy;
-
-                copy = fdset_put_dup(fds, m->cgroups_agent_fd);
-                if (copy < 0)
-                        return copy;
-
-                fprintf(f, "cgroups-agent-fd=%i\n", copy);
-        }
-
-        if (m->kdbus_fd >= 0) {
-                int copy;
-
-                copy = fdset_put_dup(fds, m->kdbus_fd);
-                if (copy < 0)
-                        return copy;
-
-                fprintf(f, "kdbus-fd=%i\n", copy);
-        }
-
-        bus_track_serialize(m->subscribed, f);
-
-        fputc('\n', f);
-
-        HASHMAP_FOREACH_KEY(u, t, m->units, i) {
-                if (u->id != t)
-                        continue;
-
-                /* Start marker */
-                fputs(u->id, f);
-                fputc('\n', f);
-
-                r = unit_serialize(u, f, fds, !switching_root);
-                if (r < 0) {
-                        m->n_reloading--;
-                        return r;
-                }
-        }
-
-        assert(m->n_reloading > 0);
-        m->n_reloading--;
-
-        if (ferror(f))
-                return -EIO;
-
-        r = bus_fdset_add_all(m, fds);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
-        int r = 0;
-
-        assert(m);
-        assert(f);
-
-        log_debug("Deserializing state...");
-
-        m->n_reloading++;
-
-        for (;;) {
-                char line[LINE_MAX], *l;
-
-                if (!fgets(line, sizeof(line), f)) {
-                        if (feof(f))
-                                r = 0;
-                        else
-                                r = -errno;
-
-                        goto finish;
-                }
-
-                char_array_0(line);
-                l = strstrip(line);
-
-                if (l[0] == 0)
-                        break;
-
-                if (startswith(l, "current-job-id=")) {
-                        uint32_t id;
-
-                        if (safe_atou32(l+15, &id) < 0)
-                                log_debug("Failed to parse current job id value %s", l+15);
-                        else
-                                m->current_job_id = MAX(m->current_job_id, id);
-
-                } else if (startswith(l, "n-installed-jobs=")) {
-                        uint32_t n;
-
-                        if (safe_atou32(l+17, &n) < 0)
-                                log_debug("Failed to parse installed jobs counter %s", l+17);
-                        else
-                                m->n_installed_jobs += n;
-
-                } else if (startswith(l, "n-failed-jobs=")) {
-                        uint32_t n;
-
-                        if (safe_atou32(l+14, &n) < 0)
-                                log_debug("Failed to parse failed jobs counter %s", l+14);
-                        else
-                                m->n_failed_jobs += n;
-
-                } else if (startswith(l, "taint-usr=")) {
-                        int b;
-
-                        b = parse_boolean(l+10);
-                        if (b < 0)
-                                log_debug("Failed to parse taint /usr flag %s", l+10);
-                        else
-                                m->taint_usr = m->taint_usr || b;
-
-                } else if (startswith(l, "firmware-timestamp="))
-                        dual_timestamp_deserialize(l+19, &m->firmware_timestamp);
-                else if (startswith(l, "loader-timestamp="))
-                        dual_timestamp_deserialize(l+17, &m->loader_timestamp);
-                else if (startswith(l, "kernel-timestamp="))
-                        dual_timestamp_deserialize(l+17, &m->kernel_timestamp);
-                else if (startswith(l, "initrd-timestamp="))
-                        dual_timestamp_deserialize(l+17, &m->initrd_timestamp);
-                else if (startswith(l, "userspace-timestamp="))
-                        dual_timestamp_deserialize(l+20, &m->userspace_timestamp);
-                else if (startswith(l, "finish-timestamp="))
-                        dual_timestamp_deserialize(l+17, &m->finish_timestamp);
-                else if (startswith(l, "security-start-timestamp="))
-                        dual_timestamp_deserialize(l+25, &m->security_start_timestamp);
-                else if (startswith(l, "security-finish-timestamp="))
-                        dual_timestamp_deserialize(l+26, &m->security_finish_timestamp);
-                else if (startswith(l, "generators-start-timestamp="))
-                        dual_timestamp_deserialize(l+27, &m->generators_start_timestamp);
-                else if (startswith(l, "generators-finish-timestamp="))
-                        dual_timestamp_deserialize(l+28, &m->generators_finish_timestamp);
-                else if (startswith(l, "units-load-start-timestamp="))
-                        dual_timestamp_deserialize(l+27, &m->units_load_start_timestamp);
-                else if (startswith(l, "units-load-finish-timestamp="))
-                        dual_timestamp_deserialize(l+28, &m->units_load_finish_timestamp);
-                else if (startswith(l, "env=")) {
-                        _cleanup_free_ char *uce = NULL;
-                        char **e;
-
-                        r = cunescape(l + 4, UNESCAPE_RELAX, &uce);
-                        if (r < 0)
-                                goto finish;
-
-                        e = strv_env_set(m->environment, uce);
-                        if (!e) {
-                                r = -ENOMEM;
-                                goto finish;
-                        }
-
-                        strv_free(m->environment);
-                        m->environment = e;
-
-                } else if (startswith(l, "notify-fd=")) {
-                        int fd;
-
-                        if (safe_atoi(l + 10, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
-                                log_debug("Failed to parse notify fd: %s", l + 10);
-                        else {
-                                m->notify_event_source = sd_event_source_unref(m->notify_event_source);
-                                safe_close(m->notify_fd);
-                                m->notify_fd = fdset_remove(fds, fd);
-                        }
-
-                } else if (startswith(l, "notify-socket=")) {
-                        char *n;
-
-                        n = strdup(l+14);
-                        if (!n) {
-                                r = -ENOMEM;
-                                goto finish;
-                        }
-
-                        free(m->notify_socket);
-                        m->notify_socket = n;
-
-                } else if (startswith(l, "cgroups-agent-fd=")) {
-                        int fd;
-
-                        if (safe_atoi(l + 17, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
-                                log_debug("Failed to parse cgroups agent fd: %s", l + 10);
-                        else {
-                                m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
-                                safe_close(m->cgroups_agent_fd);
-                                m->cgroups_agent_fd = fdset_remove(fds, fd);
-                        }
-
-                } else if (startswith(l, "kdbus-fd=")) {
-                        int fd;
-
-                        if (safe_atoi(l + 9, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
-                                log_debug("Failed to parse kdbus fd: %s", l + 9);
-                        else {
-                                safe_close(m->kdbus_fd);
-                                m->kdbus_fd = fdset_remove(fds, fd);
-                        }
-
-                } else {
-                        int k;
-
-                        k = bus_track_deserialize_item(&m->deserialized_subscribed, l);
-                        if (k < 0)
-                                log_debug_errno(k, "Failed to deserialize bus tracker object: %m");
-                        else if (k == 0)
-                                log_debug("Unknown serialization item '%s'", l);
-                }
-        }
-
-        for (;;) {
-                Unit *u;
-                char name[UNIT_NAME_MAX+2];
-
-                /* Start marker */
-                if (!fgets(name, sizeof(name), f)) {
-                        if (feof(f))
-                                r = 0;
-                        else
-                                r = -errno;
-
-                        goto finish;
-                }
-
-                char_array_0(name);
-
-                r = manager_load_unit(m, strstrip(name), NULL, NULL, &u);
-                if (r < 0)
-                        goto finish;
-
-                r = unit_deserialize(u, f, fds);
-                if (r < 0)
-                        goto finish;
-        }
-
-finish:
-        if (ferror(f))
-                r = -EIO;
-
-        assert(m->n_reloading > 0);
-        m->n_reloading--;
-
-        return r;
-}
-
-int manager_reload(Manager *m) {
-        int r, q;
-        _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_fdset_free_ FDSet *fds = NULL;
-
-        assert(m);
-
-        r = manager_open_serialization(m, &f);
-        if (r < 0)
-                return r;
-
-        m->n_reloading++;
-        bus_manager_send_reloading(m, true);
-
-        fds = fdset_new();
-        if (!fds) {
-                m->n_reloading--;
-                return -ENOMEM;
-        }
-
-        r = manager_serialize(m, f, fds, false);
-        if (r < 0) {
-                m->n_reloading--;
-                return r;
-        }
-
-        if (fseeko(f, 0, SEEK_SET) < 0) {
-                m->n_reloading--;
-                return -errno;
-        }
-
-        /* From here on there is no way back. */
-        manager_clear_jobs_and_units(m);
-        lookup_paths_flush_generator(&m->lookup_paths);
-        lookup_paths_free(&m->lookup_paths);
-
-        q = lookup_paths_init(&m->lookup_paths, m->unit_file_scope, 0, NULL);
-        if (q < 0 && r >= 0)
-                r = q;
-
-        /* Find new unit paths */
-        q = manager_run_generators(m);
-        if (q < 0 && r >= 0)
-                r = q;
-
-        lookup_paths_reduce(&m->lookup_paths);
-        manager_build_unit_path_cache(m);
-
-        /* First, enumerate what we can from all config files */
-        manager_enumerate(m);
-
-        /* Second, deserialize our stored data */
-        q = manager_deserialize(m, f, fds);
-        if (q < 0 && r >= 0)
-                r = q;
-
-        fclose(f);
-        f = NULL;
-
-        /* Re-register notify_fd as event source */
-        q = manager_setup_notify(m);
-        if (q < 0 && r >= 0)
-                r = q;
-
-        q = manager_setup_cgroups_agent(m);
-        if (q < 0 && r >= 0)
-                r = q;
-
-        /* Third, fire things up! */
-        manager_coldplug(m);
-
-        /* Sync current state of bus names with our set of listening units */
-        if (m->api_bus)
-                manager_sync_bus_names(m, m->api_bus);
-
-        assert(m->n_reloading > 0);
-        m->n_reloading--;
-
-        m->send_reloading_done = true;
-
-        return r;
-}
-
-void manager_reset_failed(Manager *m) {
-        Unit *u;
-        Iterator i;
-
-        assert(m);
-
-        HASHMAP_FOREACH(u, m->units, i)
-                unit_reset_failed(u);
-}
-
-bool manager_unit_inactive_or_pending(Manager *m, const char *name) {
-        Unit *u;
-
-        assert(m);
-        assert(name);
-
-        /* Returns true if the unit is inactive or going down */
-        u = manager_get_unit(m, name);
-        if (!u)
-                return true;
-
-        return unit_inactive_or_pending(u);
-}
-
-static void manager_notify_finished(Manager *m) {
-        char userspace[FORMAT_TIMESPAN_MAX], initrd[FORMAT_TIMESPAN_MAX], kernel[FORMAT_TIMESPAN_MAX], sum[FORMAT_TIMESPAN_MAX];
-        usec_t firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec;
-
-        if (m->test_run)
-                return;
-
-        if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0) {
-
-                /* Note that m->kernel_usec.monotonic is always at 0,
-                 * and m->firmware_usec.monotonic and
-                 * m->loader_usec.monotonic should be considered
-                 * negative values. */
-
-                firmware_usec = m->firmware_timestamp.monotonic - m->loader_timestamp.monotonic;
-                loader_usec = m->loader_timestamp.monotonic - m->kernel_timestamp.monotonic;
-                userspace_usec = m->finish_timestamp.monotonic - m->userspace_timestamp.monotonic;
-                total_usec = m->firmware_timestamp.monotonic + m->finish_timestamp.monotonic;
-
-                if (dual_timestamp_is_set(&m->initrd_timestamp)) {
-
-                        kernel_usec = m->initrd_timestamp.monotonic - m->kernel_timestamp.monotonic;
-                        initrd_usec = m->userspace_timestamp.monotonic - m->initrd_timestamp.monotonic;
-
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE_ID(SD_MESSAGE_STARTUP_FINISHED),
-                                   "KERNEL_USEC="USEC_FMT, kernel_usec,
-                                   "INITRD_USEC="USEC_FMT, initrd_usec,
-                                   "USERSPACE_USEC="USEC_FMT, userspace_usec,
-                                   LOG_MESSAGE("Startup finished in %s (kernel) + %s (initrd) + %s (userspace) = %s.",
-                                               format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
-                                               format_timespan(initrd, sizeof(initrd), initrd_usec, USEC_PER_MSEC),
-                                               format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
-                                               format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
-                                   NULL);
-                } else {
-                        kernel_usec = m->userspace_timestamp.monotonic - m->kernel_timestamp.monotonic;
-                        initrd_usec = 0;
-
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE_ID(SD_MESSAGE_STARTUP_FINISHED),
-                                   "KERNEL_USEC="USEC_FMT, kernel_usec,
-                                   "USERSPACE_USEC="USEC_FMT, userspace_usec,
-                                   LOG_MESSAGE("Startup finished in %s (kernel) + %s (userspace) = %s.",
-                                               format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
-                                               format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
-                                               format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
-                                   NULL);
-                }
-        } else {
-                firmware_usec = loader_usec = initrd_usec = kernel_usec = 0;
-                total_usec = userspace_usec = m->finish_timestamp.monotonic - m->userspace_timestamp.monotonic;
-
-                log_struct(LOG_INFO,
-                           LOG_MESSAGE_ID(SD_MESSAGE_STARTUP_FINISHED),
-                           "USERSPACE_USEC="USEC_FMT, userspace_usec,
-                           LOG_MESSAGE("Startup finished in %s.",
-                                       format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
-                           NULL);
-        }
-
-        bus_manager_send_finished(m, firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec);
-
-        sd_notifyf(false,
-                   "READY=1\n"
-                   "STATUS=Startup finished in %s.",
-                   format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC));
-}
-
-void manager_check_finished(Manager *m) {
-        assert(m);
-
-        if (MANAGER_IS_RELOADING(m))
-                return;
-
-        /* Verify that we are actually running currently. Initially
-         * the exit code is set to invalid, and during operation it is
-         * then set to MANAGER_OK */
-        if (m->exit_code != MANAGER_OK)
-                return;
-
-        if (hashmap_size(m->jobs) > 0) {
-                if (m->jobs_in_progress_event_source)
-                        /* Ignore any failure, this is only for feedback */
-                        (void) sd_event_source_set_time(m->jobs_in_progress_event_source, now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC);
-
-                return;
-        }
-
-        manager_flip_auto_status(m, false);
-
-        /* Notify Type=idle units that we are done now */
-        manager_close_idle_pipe(m);
-
-        /* Turn off confirm spawn now */
-        m->confirm_spawn = false;
-
-        /* No need to update ask password status when we're going non-interactive */
-        manager_close_ask_password(m);
-
-        /* This is no longer the first boot */
-        manager_set_first_boot(m, false);
-
-        if (dual_timestamp_is_set(&m->finish_timestamp))
-                return;
-
-        dual_timestamp_get(&m->finish_timestamp);
-
-        manager_notify_finished(m);
-
-        manager_invalidate_startup_units(m);
-}
-
-static int manager_run_generators(Manager *m) {
-        _cleanup_strv_free_ char **paths = NULL;
-        const char *argv[5];
-        char **path;
-        int r;
-
-        assert(m);
-
-        if (m->test_run)
-                return 0;
-
-        paths = generator_binary_paths(m->unit_file_scope);
-        if (!paths)
-                return log_oom();
-
-        /* Optimize by skipping the whole process by not creating output directories
-         * if no generators are found. */
-        STRV_FOREACH(path, paths) {
-                if (access(*path, F_OK) >= 0)
-                        goto found;
-                if (errno != ENOENT)
-                        log_warning_errno(errno, "Failed to open generator directory %s: %m", *path);
-        }
-
-        return 0;
-
- found:
-        r = lookup_paths_mkdir_generator(&m->lookup_paths);
-        if (r < 0)
-                goto finish;
-
-        argv[0] = NULL; /* Leave this empty, execute_directory() will fill something in */
-        argv[1] = m->lookup_paths.generator;
-        argv[2] = m->lookup_paths.generator_early;
-        argv[3] = m->lookup_paths.generator_late;
-        argv[4] = NULL;
-
-        RUN_WITH_UMASK(0022)
-                execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, (char**) argv);
-
-finish:
-        lookup_paths_trim_generator(&m->lookup_paths);
-        return r;
-}
-
-int manager_environment_add(Manager *m, char **minus, char **plus) {
-        char **a = NULL, **b = NULL, **l;
-        assert(m);
-
-        l = m->environment;
-
-        if (!strv_isempty(minus)) {
-                a = strv_env_delete(l, 1, minus);
-                if (!a)
-                        return -ENOMEM;
-
-                l = a;
-        }
-
-        if (!strv_isempty(plus)) {
-                b = strv_env_merge(2, l, plus);
-                if (!b) {
-                        strv_free(a);
-                        return -ENOMEM;
-                }
-
-                l = b;
-        }
-
-        if (m->environment != l)
-                strv_free(m->environment);
-        if (a != l)
-                strv_free(a);
-        if (b != l)
-                strv_free(b);
-
-        m->environment = l;
-        manager_clean_environment(m);
-        strv_sort(m->environment);
-
-        return 0;
-}
-
-int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit) {
-        int i;
-
-        assert(m);
-
-        for (i = 0; i < _RLIMIT_MAX; i++) {
-                m->rlimit[i] = mfree(m->rlimit[i]);
-
-                if (!default_rlimit[i])
-                        continue;
-
-                m->rlimit[i] = newdup(struct rlimit, default_rlimit[i], 1);
-                if (!m->rlimit[i])
-                        return -ENOMEM;
-        }
-
-        return 0;
-}
-
-void manager_recheck_journal(Manager *m) {
-        Unit *u;
-
-        assert(m);
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return;
-
-        u = manager_get_unit(m, SPECIAL_JOURNALD_SOCKET);
-        if (u && SOCKET(u)->state != SOCKET_RUNNING) {
-                log_close_journal();
-                return;
-        }
-
-        u = manager_get_unit(m, SPECIAL_JOURNALD_SERVICE);
-        if (u && SERVICE(u)->state != SERVICE_RUNNING) {
-                log_close_journal();
-                return;
-        }
-
-        /* Hmm, OK, so the socket is fully up and the service is up
-         * too, then let's make use of the thing. */
-        log_open();
-}
-
-void manager_set_show_status(Manager *m, ShowStatus mode) {
-        assert(m);
-        assert(IN_SET(mode, SHOW_STATUS_AUTO, SHOW_STATUS_NO, SHOW_STATUS_YES, SHOW_STATUS_TEMPORARY));
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return;
-
-        if (m->show_status != mode)
-                log_debug("%s showing of status.",
-                          mode == SHOW_STATUS_NO ? "Disabling" : "Enabling");
-        m->show_status = mode;
-
-        if (mode > 0)
-                (void) touch("/run/systemd/show-status");
-        else
-                (void) unlink("/run/systemd/show-status");
-}
-
-static bool manager_get_show_status(Manager *m, StatusType type) {
-        assert(m);
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return false;
-
-        if (m->no_console_output)
-                return false;
-
-        if (!IN_SET(manager_state(m), MANAGER_INITIALIZING, MANAGER_STARTING, MANAGER_STOPPING))
-                return false;
-
-        /* If we cannot find out the status properly, just proceed. */
-        if (type != STATUS_TYPE_EMERGENCY && manager_check_ask_password(m) > 0)
-                return false;
-
-        if (m->show_status > 0)
-                return true;
-
-        return false;
-}
-
-void manager_set_first_boot(Manager *m, bool b) {
-        assert(m);
-
-        if (!MANAGER_IS_SYSTEM(m))
-                return;
-
-        if (m->first_boot != (int) b) {
-                if (b)
-                        (void) touch("/run/systemd/first-boot");
-                else
-                        (void) unlink("/run/systemd/first-boot");
-        }
-
-        m->first_boot = b;
-}
-
-void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) {
-        va_list ap;
-
-        /* If m is NULL, assume we're after shutdown and let the messages through. */
-
-        if (m && !manager_get_show_status(m, type))
-                return;
-
-        /* XXX We should totally drop the check for ephemeral here
-         * and thus effectively make 'Type=idle' pointless. */
-        if (type == STATUS_TYPE_EPHEMERAL && m && m->n_on_console > 0)
-                return;
-
-        va_start(ap, format);
-        status_vprintf(status, true, type == STATUS_TYPE_EPHEMERAL, format, ap);
-        va_end(ap);
-}
-
-Set *manager_get_units_requiring_mounts_for(Manager *m, const char *path) {
-        char p[strlen(path)+1];
-
-        assert(m);
-        assert(path);
-
-        strcpy(p, path);
-        path_kill_slashes(p);
-
-        return hashmap_get(m->units_requiring_mounts_for, streq(p, "/") ? "" : p);
-}
-
-const char *manager_get_runtime_prefix(Manager *m) {
-        assert(m);
-
-        return MANAGER_IS_SYSTEM(m) ?
-               "/run" :
-               getenv("XDG_RUNTIME_DIR");
-}
-
-int manager_update_failed_units(Manager *m, Unit *u, bool failed) {
-        unsigned size;
-        int r;
-
-        assert(m);
-        assert(u->manager == m);
-
-        size = set_size(m->failed_units);
-
-        if (failed) {
-                r = set_ensure_allocated(&m->failed_units, NULL);
-                if (r < 0)
-                        return log_oom();
-
-                if (set_put(m->failed_units, u) < 0)
-                        return log_oom();
-        } else
-                (void) set_remove(m->failed_units, u);
-
-        if (set_size(m->failed_units) != size)
-                bus_manager_send_change_signal(m);
-
-        return 0;
-}
-
-ManagerState manager_state(Manager *m) {
-        Unit *u;
-
-        assert(m);
-
-        /* Did we ever finish booting? If not then we are still starting up */
-        if (!dual_timestamp_is_set(&m->finish_timestamp)) {
-
-                u = manager_get_unit(m, SPECIAL_BASIC_TARGET);
-                if (!u || !UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
-                        return MANAGER_INITIALIZING;
-
-                return MANAGER_STARTING;
-        }
-
-        /* Is the special shutdown target queued? If so, we are in shutdown state */
-        u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
-        if (u && u->job && IN_SET(u->job->type, JOB_START, JOB_RESTART, JOB_RELOAD_OR_START))
-                return MANAGER_STOPPING;
-
-        /* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
-        u = manager_get_unit(m, SPECIAL_RESCUE_TARGET);
-        if (u && (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)) ||
-                  (u->job && IN_SET(u->job->type, JOB_START, JOB_RESTART, JOB_RELOAD_OR_START))))
-                return MANAGER_MAINTENANCE;
-
-        u = manager_get_unit(m, SPECIAL_EMERGENCY_TARGET);
-        if (u && (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)) ||
-                  (u->job && IN_SET(u->job->type, JOB_START, JOB_RESTART, JOB_RELOAD_OR_START))))
-                return MANAGER_MAINTENANCE;
-
-        /* Are there any failed units? If so, we are in degraded mode */
-        if (set_size(m->failed_units) > 0)
-                return MANAGER_DEGRADED;
-
-        return MANAGER_RUNNING;
-}
-
-static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
-        [MANAGER_INITIALIZING] = "initializing",
-        [MANAGER_STARTING] = "starting",
-        [MANAGER_RUNNING] = "running",
-        [MANAGER_DEGRADED] = "degraded",
-        [MANAGER_MAINTENANCE] = "maintenance",
-        [MANAGER_STOPPING] = "stopping",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(manager_state, ManagerState);
diff --git a/src/core/manager.h b/src/core/manager.h
deleted file mode 100644
index 6ed15c1a41..0000000000
--- a/src/core/manager.h
+++ /dev/null
@@ -1,379 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <libmount.h>
-#include <stdbool.h>
-#include <stdio.h>
-
-#include "sd-bus.h"
-#include "sd-event.h"
-
-#include "cgroup-util.h"
-#include "fdset.h"
-#include "hashmap.h"
-#include "list.h"
-#include "ratelimit.h"
-
-/* Enforce upper limit how many names we allow */
-#define MANAGER_MAX_NAMES 131072 /* 128K */
-
-typedef struct Manager Manager;
-
-typedef enum ManagerState {
-        MANAGER_INITIALIZING,
-        MANAGER_STARTING,
-        MANAGER_RUNNING,
-        MANAGER_DEGRADED,
-        MANAGER_MAINTENANCE,
-        MANAGER_STOPPING,
-        _MANAGER_STATE_MAX,
-        _MANAGER_STATE_INVALID = -1
-} ManagerState;
-
-typedef enum ManagerExitCode {
-        MANAGER_OK,
-        MANAGER_EXIT,
-        MANAGER_RELOAD,
-        MANAGER_REEXECUTE,
-        MANAGER_REBOOT,
-        MANAGER_POWEROFF,
-        MANAGER_HALT,
-        MANAGER_KEXEC,
-        MANAGER_SWITCH_ROOT,
-        _MANAGER_EXIT_CODE_MAX,
-        _MANAGER_EXIT_CODE_INVALID = -1
-} ManagerExitCode;
-
-typedef enum StatusType {
-        STATUS_TYPE_EPHEMERAL,
-        STATUS_TYPE_NORMAL,
-        STATUS_TYPE_EMERGENCY,
-} StatusType;
-
-#include "execute.h"
-#include "job.h"
-#include "path-lookup.h"
-#include "show-status.h"
-#include "unit-name.h"
-
-struct Manager {
-        /* Note that the set of units we know of is allowed to be
-         * inconsistent. However the subset of it that is loaded may
-         * not, and the list of jobs may neither. */
-
-        /* Active jobs and units */
-        Hashmap *units;  /* name string => Unit object n:1 */
-        Hashmap *jobs;   /* job id => Job object 1:1 */
-
-        /* To make it easy to iterate through the units of a specific
-         * type we maintain a per type linked list */
-        LIST_HEAD(Unit, units_by_type[_UNIT_TYPE_MAX]);
-
-        /* Units that need to be loaded */
-        LIST_HEAD(Unit, load_queue); /* this is actually more a stack than a queue, but uh. */
-
-        /* Jobs that need to be run */
-        LIST_HEAD(Job, run_queue);   /* more a stack than a queue, too */
-
-        /* Units and jobs that have not yet been announced via
-         * D-Bus. When something about a job changes it is added here
-         * if it is not in there yet. This allows easy coalescing of
-         * D-Bus change signals. */
-        LIST_HEAD(Unit, dbus_unit_queue);
-        LIST_HEAD(Job, dbus_job_queue);
-
-        /* Units to remove */
-        LIST_HEAD(Unit, cleanup_queue);
-
-        /* Units to check when doing GC */
-        LIST_HEAD(Unit, gc_queue);
-
-        /* Units that should be realized */
-        LIST_HEAD(Unit, cgroup_queue);
-
-        sd_event *event;
-
-        /* We use two hash tables here, since the same PID might be
-         * watched by two different units: once the unit that forked
-         * it off, and possibly a different unit to which it was
-         * joined as cgroup member. Since we know that it is either
-         * one or two units for each PID we just use to hashmaps
-         * here. */
-        Hashmap *watch_pids1;  /* pid => Unit object n:1 */
-        Hashmap *watch_pids2;  /* pid => Unit object n:1 */
-
-        /* A set contains all units which cgroup should be refreshed after startup */
-        Set *startup_units;
-
-        /* A set which contains all currently failed units */
-        Set *failed_units;
-
-        sd_event_source *run_queue_event_source;
-
-        char *notify_socket;
-        int notify_fd;
-        sd_event_source *notify_event_source;
-
-        int cgroups_agent_fd;
-        sd_event_source *cgroups_agent_event_source;
-
-        int signal_fd;
-        sd_event_source *signal_event_source;
-
-        int time_change_fd;
-        sd_event_source *time_change_event_source;
-
-        sd_event_source *jobs_in_progress_event_source;
-
-        UnitFileScope unit_file_scope;
-        LookupPaths lookup_paths;
-        Set *unit_path_cache;
-
-        char **environment;
-
-        usec_t runtime_watchdog;
-        usec_t shutdown_watchdog;
-
-        dual_timestamp firmware_timestamp;
-        dual_timestamp loader_timestamp;
-        dual_timestamp kernel_timestamp;
-        dual_timestamp initrd_timestamp;
-        dual_timestamp userspace_timestamp;
-        dual_timestamp finish_timestamp;
-
-        dual_timestamp security_start_timestamp;
-        dual_timestamp security_finish_timestamp;
-        dual_timestamp generators_start_timestamp;
-        dual_timestamp generators_finish_timestamp;
-        dual_timestamp units_load_start_timestamp;
-        dual_timestamp units_load_finish_timestamp;
-
-        struct udev* udev;
-
-        /* Data specific to the device subsystem */
-        struct udev_monitor* udev_monitor;
-        sd_event_source *udev_event_source;
-        Hashmap *devices_by_sysfs;
-
-        /* Data specific to the mount subsystem */
-        struct libmnt_monitor *mount_monitor;
-        sd_event_source *mount_event_source;
-
-        /* Data specific to the swap filesystem */
-        FILE *proc_swaps;
-        sd_event_source *swap_event_source;
-        Hashmap *swaps_by_devnode;
-
-        /* Data specific to the D-Bus subsystem */
-        sd_bus *api_bus, *system_bus;
-        Set *private_buses;
-        int private_listen_fd;
-        sd_event_source *private_listen_event_source;
-
-        /* Contains all the clients that are subscribed to signals via
-        the API bus. Note that private bus connections are always
-        considered subscribes, since they last for very short only,
-        and it is much simpler that way. */
-        sd_bus_track *subscribed;
-        char **deserialized_subscribed;
-
-        /* This is used during reloading: before the reload we queue
-         * the reply message here, and afterwards we send it */
-        sd_bus_message *queued_message;
-
-        Hashmap *watch_bus;  /* D-Bus names => Unit object n:1 */
-
-        bool send_reloading_done;
-
-        uint32_t current_job_id;
-        uint32_t default_unit_job_id;
-
-        /* Data specific to the Automount subsystem */
-        int dev_autofs_fd;
-
-        /* Data specific to the cgroup subsystem */
-        Hashmap *cgroup_unit;
-        CGroupMask cgroup_supported;
-        char *cgroup_root;
-
-        /* Notifications from cgroups, when the unified hierarchy is
-         * used is done via inotify. */
-        int cgroup_inotify_fd;
-        sd_event_source *cgroup_inotify_event_source;
-        Hashmap *cgroup_inotify_wd_unit;
-
-        /* Make sure the user cannot accidentally unmount our cgroup
-         * file system */
-        int pin_cgroupfs_fd;
-
-        int gc_marker;
-        unsigned n_in_gc_queue;
-
-        /* Flags */
-        ManagerExitCode exit_code:5;
-
-        bool dispatching_load_queue:1;
-        bool dispatching_dbus_queue:1;
-
-        bool taint_usr:1;
-
-        bool test_run:1;
-
-        /* If non-zero, exit with the following value when the systemd
-         * process terminate. Useful for containers: systemd-nspawn could get
-         * the return value. */
-        uint8_t return_value;
-
-        ShowStatus show_status;
-        bool confirm_spawn;
-        bool no_console_output;
-
-        ExecOutput default_std_output, default_std_error;
-
-        usec_t default_restart_usec, default_timeout_start_usec, default_timeout_stop_usec;
-
-        usec_t default_start_limit_interval;
-        unsigned default_start_limit_burst;
-
-        bool default_cpu_accounting;
-        bool default_memory_accounting;
-        bool default_io_accounting;
-        bool default_blockio_accounting;
-        bool default_tasks_accounting;
-
-        uint64_t default_tasks_max;
-        usec_t default_timer_accuracy_usec;
-
-        struct rlimit *rlimit[_RLIMIT_MAX];
-
-        /* non-zero if we are reloading or reexecuting, */
-        int n_reloading;
-
-        unsigned n_installed_jobs;
-        unsigned n_failed_jobs;
-
-        /* Jobs in progress watching */
-        unsigned n_running_jobs;
-        unsigned n_on_console;
-        unsigned jobs_in_progress_iteration;
-
-        /* Do we have any outstanding password prompts? */
-        int have_ask_password;
-        int ask_password_inotify_fd;
-        sd_event_source *ask_password_event_source;
-
-        /* Type=idle pipes */
-        int idle_pipe[4];
-        sd_event_source *idle_pipe_event_source;
-
-        char *switch_root;
-        char *switch_root_init;
-
-        /* This maps all possible path prefixes to the units needing
-         * them. It's a hashmap with a path string as key and a Set as
-         * value where Unit objects are contained. */
-        Hashmap *units_requiring_mounts_for;
-
-        /* Reference to the kdbus bus control fd */
-        int kdbus_fd;
-
-        /* Used for processing polkit authorization responses */
-        Hashmap *polkit_registry;
-
-        /* When the user hits C-A-D more than 7 times per 2s, reboot immediately... */
-        RateLimit ctrl_alt_del_ratelimit;
-
-        const char *unit_log_field;
-        const char *unit_log_format_string;
-
-        int first_boot; /* tri-state */
-};
-
-#define MANAGER_IS_SYSTEM(m) ((m)->unit_file_scope == UNIT_FILE_SYSTEM)
-#define MANAGER_IS_USER(m) ((m)->unit_file_scope != UNIT_FILE_SYSTEM)
-
-#define MANAGER_IS_RELOADING(m) ((m)->n_reloading > 0)
-
-int manager_new(UnitFileScope scope, bool test_run, Manager **m);
-Manager* manager_free(Manager *m);
-
-void manager_enumerate(Manager *m);
-int manager_startup(Manager *m, FILE *serialization, FDSet *fds);
-
-Job *manager_get_job(Manager *m, uint32_t id);
-Unit *manager_get_unit(Manager *m, const char *name);
-
-int manager_get_job_from_dbus_path(Manager *m, const char *s, Job **_j);
-
-int manager_load_unit_prepare(Manager *m, const char *name, const char *path, sd_bus_error *e, Unit **_ret);
-int manager_load_unit(Manager *m, const char *name, const char *path, sd_bus_error *e, Unit **_ret);
-int manager_load_unit_from_dbus_path(Manager *m, const char *s, sd_bus_error *e, Unit **_u);
-
-int manager_add_job(Manager *m, JobType type, Unit *unit, JobMode mode, sd_bus_error *e, Job **_ret);
-int manager_add_job_by_name(Manager *m, JobType type, const char *name, JobMode mode, sd_bus_error *e, Job **_ret);
-int manager_add_job_by_name_and_warn(Manager *m, JobType type, const char *name, JobMode mode, Job **ret);
-
-void manager_dump_units(Manager *s, FILE *f, const char *prefix);
-void manager_dump_jobs(Manager *s, FILE *f, const char *prefix);
-
-void manager_clear_jobs(Manager *m);
-
-unsigned manager_dispatch_load_queue(Manager *m);
-
-int manager_environment_add(Manager *m, char **minus, char **plus);
-int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit);
-
-int manager_loop(Manager *m);
-
-int manager_open_serialization(Manager *m, FILE **_f);
-
-int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root);
-int manager_deserialize(Manager *m, FILE *f, FDSet *fds);
-
-int manager_reload(Manager *m);
-
-void manager_reset_failed(Manager *m);
-
-void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success);
-void manager_send_unit_plymouth(Manager *m, Unit *u);
-
-bool manager_unit_inactive_or_pending(Manager *m, const char *name);
-
-void manager_check_finished(Manager *m);
-
-void manager_recheck_journal(Manager *m);
-
-void manager_set_show_status(Manager *m, ShowStatus mode);
-void manager_set_first_boot(Manager *m, bool b);
-
-void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) _printf_(4,5);
-void manager_flip_auto_status(Manager *m, bool enable);
-
-Set *manager_get_units_requiring_mounts_for(Manager *m, const char *path);
-
-const char *manager_get_runtime_prefix(Manager *m);
-
-ManagerState manager_state(Manager *m);
-
-int manager_update_failed_units(Manager *m, Unit *u, bool failed);
-
-const char *manager_state_to_string(ManagerState m) _const_;
-ManagerState manager_state_from_string(const char *s) _pure_;
diff --git a/src/core/mount.c b/src/core/mount.c
deleted file mode 100644
index 665a60bb55..0000000000
--- a/src/core/mount.c
+++ /dev/null
@@ -1,1881 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <signal.h>
-#include <stdio.h>
-#include <sys/epoll.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "dbus-mount.h"
-#include "escape.h"
-#include "exit-status.h"
-#include "formats-util.h"
-#include "fstab-util.h"
-#include "log.h"
-#include "manager.h"
-#include "mkdir.h"
-#include "mount-setup.h"
-#include "mount-util.h"
-#include "mount.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "special.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "unit-name.h"
-#include "unit.h"
-
-#define RETRY_UMOUNT_MAX 32
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_table*, mnt_free_table);
-DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_iter*, mnt_free_iter);
-
-static const UnitActiveState state_translation_table[_MOUNT_STATE_MAX] = {
-        [MOUNT_DEAD] = UNIT_INACTIVE,
-        [MOUNT_MOUNTING] = UNIT_ACTIVATING,
-        [MOUNT_MOUNTING_DONE] = UNIT_ACTIVE,
-        [MOUNT_MOUNTED] = UNIT_ACTIVE,
-        [MOUNT_REMOUNTING] = UNIT_RELOADING,
-        [MOUNT_UNMOUNTING] = UNIT_DEACTIVATING,
-        [MOUNT_MOUNTING_SIGTERM] = UNIT_DEACTIVATING,
-        [MOUNT_MOUNTING_SIGKILL] = UNIT_DEACTIVATING,
-        [MOUNT_REMOUNTING_SIGTERM] = UNIT_RELOADING,
-        [MOUNT_REMOUNTING_SIGKILL] = UNIT_RELOADING,
-        [MOUNT_UNMOUNTING_SIGTERM] = UNIT_DEACTIVATING,
-        [MOUNT_UNMOUNTING_SIGKILL] = UNIT_DEACTIVATING,
-        [MOUNT_FAILED] = UNIT_FAILED
-};
-
-static int mount_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
-static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
-
-static bool mount_needs_network(const char *options, const char *fstype) {
-        if (fstab_test_option(options, "_netdev\0"))
-                return true;
-
-        if (fstype && fstype_is_network(fstype))
-                return true;
-
-        return false;
-}
-
-static bool mount_is_network(const MountParameters *p) {
-        assert(p);
-
-        return mount_needs_network(p->options, p->fstype);
-}
-
-static bool mount_is_loop(const MountParameters *p) {
-        assert(p);
-
-        if (fstab_test_option(p->options, "loop\0"))
-                return true;
-
-        return false;
-}
-
-static bool mount_is_bind(const MountParameters *p) {
-        assert(p);
-
-        if (fstab_test_option(p->options, "bind\0" "rbind\0"))
-                return true;
-
-        if (p->fstype && STR_IN_SET(p->fstype, "bind", "rbind"))
-                return true;
-
-        return false;
-}
-
-static bool mount_is_auto(const MountParameters *p) {
-        assert(p);
-
-        return !fstab_test_option(p->options, "noauto\0");
-}
-
-static bool mount_is_automount(const MountParameters *p) {
-        assert(p);
-
-        return fstab_test_option(p->options,
-                                 "comment=systemd.automount\0"
-                                 "x-systemd.automount\0");
-}
-
-static bool mount_state_active(MountState state) {
-        return IN_SET(state,
-                      MOUNT_MOUNTING,
-                      MOUNT_MOUNTING_DONE,
-                      MOUNT_REMOUNTING,
-                      MOUNT_UNMOUNTING,
-                      MOUNT_MOUNTING_SIGTERM,
-                      MOUNT_MOUNTING_SIGKILL,
-                      MOUNT_UNMOUNTING_SIGTERM,
-                      MOUNT_UNMOUNTING_SIGKILL,
-                      MOUNT_REMOUNTING_SIGTERM,
-                      MOUNT_REMOUNTING_SIGKILL);
-}
-
-static bool needs_quota(const MountParameters *p) {
-        assert(p);
-
-        /* Quotas are not enabled on network filesystems,
-         * but we want them, for example, on storage connected via iscsi */
-        if (p->fstype && fstype_is_network(p->fstype))
-                return false;
-
-        if (mount_is_bind(p))
-                return false;
-
-        return fstab_test_option(p->options,
-                                 "usrquota\0" "grpquota\0" "quota\0" "usrjquota\0" "grpjquota\0");
-}
-
-static void mount_init(Unit *u) {
-        Mount *m = MOUNT(u);
-
-        assert(u);
-        assert(u->load_state == UNIT_STUB);
-
-        m->timeout_usec = u->manager->default_timeout_start_usec;
-        m->directory_mode = 0755;
-
-        if (unit_has_name(u, "-.mount")) {
-                /* Don't allow start/stop for root directory */
-                u->refuse_manual_start = true;
-                u->refuse_manual_stop = true;
-        } else {
-                /* The stdio/kmsg bridge socket is on /, in order to avoid a
-                 * dep loop, don't use kmsg logging for -.mount */
-                m->exec_context.std_output = u->manager->default_std_output;
-                m->exec_context.std_error = u->manager->default_std_error;
-        }
-
-        /* We need to make sure that /usr/bin/mount is always called
-         * in the same process group as us, so that the autofs kernel
-         * side doesn't send us another mount request while we are
-         * already trying to comply its last one. */
-        m->exec_context.same_pgrp = true;
-
-        m->control_command_id = _MOUNT_EXEC_COMMAND_INVALID;
-
-        u->ignore_on_isolate = true;
-}
-
-static int mount_arm_timer(Mount *m, usec_t usec) {
-        int r;
-
-        assert(m);
-
-        if (m->timer_event_source) {
-                r = sd_event_source_set_time(m->timer_event_source, usec);
-                if (r < 0)
-                        return r;
-
-                return sd_event_source_set_enabled(m->timer_event_source, SD_EVENT_ONESHOT);
-        }
-
-        if (usec == USEC_INFINITY)
-                return 0;
-
-        r = sd_event_add_time(
-                        UNIT(m)->manager->event,
-                        &m->timer_event_source,
-                        CLOCK_MONOTONIC,
-                        usec, 0,
-                        mount_dispatch_timer, m);
-        if (r < 0)
-                return r;
-
-        (void) sd_event_source_set_description(m->timer_event_source, "mount-timer");
-
-        return 0;
-}
-
-static void mount_unwatch_control_pid(Mount *m) {
-        assert(m);
-
-        if (m->control_pid <= 0)
-                return;
-
-        unit_unwatch_pid(UNIT(m), m->control_pid);
-        m->control_pid = 0;
-}
-
-static void mount_parameters_done(MountParameters *p) {
-        assert(p);
-
-        free(p->what);
-        free(p->options);
-        free(p->fstype);
-
-        p->what = p->options = p->fstype = NULL;
-}
-
-static void mount_done(Unit *u) {
-        Mount *m = MOUNT(u);
-
-        assert(m);
-
-        m->where = mfree(m->where);
-
-        mount_parameters_done(&m->parameters_proc_self_mountinfo);
-        mount_parameters_done(&m->parameters_fragment);
-
-        m->exec_runtime = exec_runtime_unref(m->exec_runtime);
-        exec_command_done_array(m->exec_command, _MOUNT_EXEC_COMMAND_MAX);
-        m->control_command = NULL;
-
-        mount_unwatch_control_pid(m);
-
-        m->timer_event_source = sd_event_source_unref(m->timer_event_source);
-}
-
-_pure_ static MountParameters* get_mount_parameters_fragment(Mount *m) {
-        assert(m);
-
-        if (m->from_fragment)
-                return &m->parameters_fragment;
-
-        return NULL;
-}
-
-_pure_ static MountParameters* get_mount_parameters(Mount *m) {
-        assert(m);
-
-        if (m->from_proc_self_mountinfo)
-                return &m->parameters_proc_self_mountinfo;
-
-        return get_mount_parameters_fragment(m);
-}
-
-static int mount_add_mount_links(Mount *m) {
-        _cleanup_free_ char *parent = NULL;
-        MountParameters *pm;
-        Unit *other;
-        Iterator i;
-        Set *s;
-        int r;
-
-        assert(m);
-
-        if (!path_equal(m->where, "/")) {
-                /* Adds in links to other mount points that might lie further
-                 * up in the hierarchy */
-
-                parent = dirname_malloc(m->where);
-                if (!parent)
-                        return -ENOMEM;
-
-                r = unit_require_mounts_for(UNIT(m), parent);
-                if (r < 0)
-                        return r;
-        }
-
-        /* Adds in links to other mount points that might be needed
-         * for the source path (if this is a bind mount or a loop mount) to be
-         * available. */
-        pm = get_mount_parameters_fragment(m);
-        if (pm && pm->what &&
-            path_is_absolute(pm->what) &&
-            (mount_is_bind(pm) || mount_is_loop(pm) || !mount_is_network(pm))) {
-
-                r = unit_require_mounts_for(UNIT(m), pm->what);
-                if (r < 0)
-                        return r;
-        }
-
-        /* Adds in links to other units that use this path or paths
-         * further down in the hierarchy */
-        s = manager_get_units_requiring_mounts_for(UNIT(m)->manager, m->where);
-        SET_FOREACH(other, s, i) {
-
-                if (other->load_state != UNIT_LOADED)
-                        continue;
-
-                if (other == UNIT(m))
-                        continue;
-
-                r = unit_add_dependency(other, UNIT_AFTER, UNIT(m), true);
-                if (r < 0)
-                        return r;
-
-                if (UNIT(m)->fragment_path) {
-                        /* If we have fragment configuration, then make this dependency required */
-                        r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        return 0;
-}
-
-static int mount_add_device_links(Mount *m) {
-        MountParameters *p;
-        bool device_wants_mount = false;
-        int r;
-
-        assert(m);
-
-        p = get_mount_parameters(m);
-        if (!p)
-                return 0;
-
-        if (!p->what)
-                return 0;
-
-        if (mount_is_bind(p))
-                return 0;
-
-        if (!is_device_path(p->what))
-                return 0;
-
-        /* /dev/root is a really weird thing, it's not a real device,
-         * but just a path the kernel exports for the root file system
-         * specified on the kernel command line. Ignore it here. */
-        if (path_equal(p->what, "/dev/root"))
-                return 0;
-
-        if (path_equal(m->where, "/"))
-                return 0;
-
-        if (mount_is_auto(p) && !mount_is_automount(p) && MANAGER_IS_SYSTEM(UNIT(m)->manager))
-                device_wants_mount = true;
-
-        r = unit_add_node_link(UNIT(m), p->what, device_wants_mount, m->from_fragment ? UNIT_BINDS_TO : UNIT_REQUIRES);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int mount_add_quota_links(Mount *m) {
-        int r;
-        MountParameters *p;
-
-        assert(m);
-
-        if (!MANAGER_IS_SYSTEM(UNIT(m)->manager))
-                return 0;
-
-        p = get_mount_parameters_fragment(m);
-        if (!p)
-                return 0;
-
-        if (!needs_quota(p))
-                return 0;
-
-        r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_WANTS, SPECIAL_QUOTACHECK_SERVICE, NULL, true);
-        if (r < 0)
-                return r;
-
-        r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_WANTS, SPECIAL_QUOTAON_SERVICE, NULL, true);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static bool should_umount(Mount *m) {
-        MountParameters *p;
-
-        if (PATH_IN_SET(m->where, "/", "/usr") ||
-            path_startswith(m->where, "/run/initramfs"))
-                return false;
-
-        p = get_mount_parameters(m);
-        if (p && fstab_test_option(p->options, "x-initrd.mount\0") &&
-            !in_initrd())
-                return false;
-
-        return true;
-}
-
-static int mount_add_default_dependencies(Mount *m) {
-        MountParameters *p;
-        const char *after;
-        int r;
-
-        assert(m);
-
-        if (!UNIT(m)->default_dependencies)
-                return 0;
-
-        if (!MANAGER_IS_SYSTEM(UNIT(m)->manager))
-                return 0;
-
-        /* We do not add any default dependencies to /, /usr or
-         * /run/initramfs/, since they are guaranteed to stay
-         * mounted the whole time, since our system is on it.
-         * Also, don't bother with anything mounted below virtual
-         * file systems, it's also going to be virtual, and hence
-         * not worth the effort. */
-        if (PATH_IN_SET(m->where, "/", "/usr") ||
-            path_startswith(m->where, "/run/initramfs") ||
-            path_startswith(m->where, "/proc") ||
-            path_startswith(m->where, "/sys") ||
-            path_startswith(m->where, "/dev"))
-                return 0;
-
-        p = get_mount_parameters(m);
-        if (!p)
-                return 0;
-
-        if (mount_is_network(p)) {
-                /* We order ourselves after network.target. This is
-                 * primarily useful at shutdown: services that take
-                 * down the network should order themselves before
-                 * network.target, so that they are shut down only
-                 * after this mount unit is stopped. */
-
-                r = unit_add_dependency_by_name(UNIT(m), UNIT_AFTER, SPECIAL_NETWORK_TARGET, NULL, true);
-                if (r < 0)
-                        return r;
-
-                /* We pull in network-online.target, and order
-                 * ourselves after it. This is useful at start-up to
-                 * actively pull in tools that want to be started
-                 * before we start mounting network file systems, and
-                 * whose purpose it is to delay this until the network
-                 * is "up". */
-
-                r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_WANTS, UNIT_AFTER, SPECIAL_NETWORK_ONLINE_TARGET, NULL, true);
-                if (r < 0)
-                        return r;
-
-                after = SPECIAL_REMOTE_FS_PRE_TARGET;
-        } else
-                after = SPECIAL_LOCAL_FS_PRE_TARGET;
-
-        r = unit_add_dependency_by_name(UNIT(m), UNIT_AFTER, after, NULL, true);
-        if (r < 0)
-                return r;
-
-        if (should_umount(m)) {
-                r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int mount_verify(Mount *m) {
-        _cleanup_free_ char *e = NULL;
-        int r;
-
-        assert(m);
-
-        if (UNIT(m)->load_state != UNIT_LOADED)
-                return 0;
-
-        if (!m->from_fragment && !m->from_proc_self_mountinfo)
-                return -ENOENT;
-
-        r = unit_name_from_path(m->where, ".mount", &e);
-        if (r < 0)
-                return log_unit_error_errno(UNIT(m), r, "Failed to generate unit name from mount path: %m");
-
-        if (!unit_has_name(UNIT(m), e)) {
-                log_unit_error(UNIT(m), "Where= setting doesn't match unit name. Refusing.");
-                return -EINVAL;
-        }
-
-        if (mount_point_is_api(m->where) || mount_point_ignore(m->where)) {
-                log_unit_error(UNIT(m), "Cannot create mount unit for API file system %s. Refusing.", m->where);
-                return -EINVAL;
-        }
-
-        if (UNIT(m)->fragment_path && !m->parameters_fragment.what) {
-                log_unit_error(UNIT(m), "What= setting is missing. Refusing.");
-                return -EBADMSG;
-        }
-
-        if (m->exec_context.pam_name && m->kill_context.kill_mode != KILL_CONTROL_GROUP) {
-                log_unit_error(UNIT(m), "Unit has PAM enabled. Kill mode must be set to control-group'. Refusing.");
-                return -EINVAL;
-        }
-
-        return 0;
-}
-
-static int mount_add_extras(Mount *m) {
-        Unit *u = UNIT(m);
-        int r;
-
-        assert(m);
-
-        if (u->fragment_path)
-                m->from_fragment = true;
-
-        if (!m->where) {
-                r = unit_name_to_path(u->id, &m->where);
-                if (r < 0)
-                        return r;
-        }
-
-        path_kill_slashes(m->where);
-
-        if (!u->description) {
-                r = unit_set_description(u, m->where);
-                if (r < 0)
-                        return r;
-        }
-
-        r = mount_add_device_links(m);
-        if (r < 0)
-                return r;
-
-        r = mount_add_mount_links(m);
-        if (r < 0)
-                return r;
-
-        r = mount_add_quota_links(m);
-        if (r < 0)
-                return r;
-
-        r = unit_patch_contexts(u);
-        if (r < 0)
-                return r;
-
-        r = unit_add_exec_dependencies(u, &m->exec_context);
-        if (r < 0)
-                return r;
-
-        r = unit_set_default_slice(u);
-        if (r < 0)
-                return r;
-
-        r = mount_add_default_dependencies(m);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int mount_load(Unit *u) {
-        Mount *m = MOUNT(u);
-        int r;
-
-        assert(u);
-        assert(u->load_state == UNIT_STUB);
-
-        if (m->from_proc_self_mountinfo)
-                r = unit_load_fragment_and_dropin_optional(u);
-        else
-                r = unit_load_fragment_and_dropin(u);
-
-        if (r < 0)
-                return r;
-
-        /* This is a new unit? Then let's add in some extras */
-        if (u->load_state == UNIT_LOADED) {
-                r = mount_add_extras(m);
-                if (r < 0)
-                        return r;
-        }
-
-        return mount_verify(m);
-}
-
-static void mount_set_state(Mount *m, MountState state) {
-        MountState old_state;
-        assert(m);
-
-        old_state = m->state;
-        m->state = state;
-
-        if (!mount_state_active(state)) {
-                m->timer_event_source = sd_event_source_unref(m->timer_event_source);
-                mount_unwatch_control_pid(m);
-                m->control_command = NULL;
-                m->control_command_id = _MOUNT_EXEC_COMMAND_INVALID;
-        }
-
-        if (state != old_state)
-                log_unit_debug(UNIT(m), "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state));
-
-        unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state], m->reload_result == MOUNT_SUCCESS);
-        m->reload_result = MOUNT_SUCCESS;
-}
-
-static int mount_coldplug(Unit *u) {
-        Mount *m = MOUNT(u);
-        MountState new_state = MOUNT_DEAD;
-        int r;
-
-        assert(m);
-        assert(m->state == MOUNT_DEAD);
-
-        if (m->deserialized_state != m->state)
-                new_state = m->deserialized_state;
-        else if (m->from_proc_self_mountinfo)
-                new_state = MOUNT_MOUNTED;
-
-        if (new_state == m->state)
-                return 0;
-
-        if (m->control_pid > 0 &&
-            pid_is_unwaited(m->control_pid) &&
-            mount_state_active(new_state)) {
-
-                r = unit_watch_pid(UNIT(m), m->control_pid);
-                if (r < 0)
-                        return r;
-
-                r = mount_arm_timer(m, usec_add(u->state_change_timestamp.monotonic, m->timeout_usec));
-                if (r < 0)
-                        return r;
-        }
-
-        mount_set_state(m, new_state);
-        return 0;
-}
-
-static void mount_dump(Unit *u, FILE *f, const char *prefix) {
-        Mount *m = MOUNT(u);
-        MountParameters *p;
-
-        assert(m);
-        assert(f);
-
-        p = get_mount_parameters(m);
-
-        fprintf(f,
-                "%sMount State: %s\n"
-                "%sResult: %s\n"
-                "%sWhere: %s\n"
-                "%sWhat: %s\n"
-                "%sFile System Type: %s\n"
-                "%sOptions: %s\n"
-                "%sFrom /proc/self/mountinfo: %s\n"
-                "%sFrom fragment: %s\n"
-                "%sDirectoryMode: %04o\n",
-                prefix, mount_state_to_string(m->state),
-                prefix, mount_result_to_string(m->result),
-                prefix, m->where,
-                prefix, p ? strna(p->what) : "n/a",
-                prefix, p ? strna(p->fstype) : "n/a",
-                prefix, p ? strna(p->options) : "n/a",
-                prefix, yes_no(m->from_proc_self_mountinfo),
-                prefix, yes_no(m->from_fragment),
-                prefix, m->directory_mode);
-
-        if (m->control_pid > 0)
-                fprintf(f,
-                        "%sControl PID: "PID_FMT"\n",
-                        prefix, m->control_pid);
-
-        exec_context_dump(&m->exec_context, f, prefix);
-        kill_context_dump(&m->kill_context, f, prefix);
-}
-
-static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
-        pid_t pid;
-        int r;
-        ExecParameters exec_params = {
-                .apply_permissions = true,
-                .apply_chroot      = true,
-                .apply_tty_stdin   = true,
-                .stdin_fd          = -1,
-                .stdout_fd         = -1,
-                .stderr_fd         = -1,
-        };
-
-        assert(m);
-        assert(c);
-        assert(_pid);
-
-        (void) unit_realize_cgroup(UNIT(m));
-        if (m->reset_cpu_usage) {
-                (void) unit_reset_cpu_usage(UNIT(m));
-                m->reset_cpu_usage = false;
-        }
-
-        r = unit_setup_exec_runtime(UNIT(m));
-        if (r < 0)
-                return r;
-
-        r = mount_arm_timer(m, usec_add(now(CLOCK_MONOTONIC), m->timeout_usec));
-        if (r < 0)
-                return r;
-
-        exec_params.environment = UNIT(m)->manager->environment;
-        exec_params.confirm_spawn = UNIT(m)->manager->confirm_spawn;
-        exec_params.cgroup_supported = UNIT(m)->manager->cgroup_supported;
-        exec_params.cgroup_path = UNIT(m)->cgroup_path;
-        exec_params.cgroup_delegate = m->cgroup_context.delegate;
-        exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(m)->manager);
-
-        r = exec_spawn(UNIT(m),
-                       c,
-                       &m->exec_context,
-                       &exec_params,
-                       m->exec_runtime,
-                       &pid);
-        if (r < 0)
-                return r;
-
-        r = unit_watch_pid(UNIT(m), pid);
-        if (r < 0)
-                /* FIXME: we need to do something here */
-                return r;
-
-        *_pid = pid;
-
-        return 0;
-}
-
-static void mount_enter_dead(Mount *m, MountResult f) {
-        assert(m);
-
-        if (f != MOUNT_SUCCESS)
-                m->result = f;
-
-        exec_runtime_destroy(m->exec_runtime);
-        m->exec_runtime = exec_runtime_unref(m->exec_runtime);
-
-        exec_context_destroy_runtime_directory(&m->exec_context, manager_get_runtime_prefix(UNIT(m)->manager));
-
-        mount_set_state(m, m->result != MOUNT_SUCCESS ? MOUNT_FAILED : MOUNT_DEAD);
-}
-
-static void mount_enter_mounted(Mount *m, MountResult f) {
-        assert(m);
-
-        if (f != MOUNT_SUCCESS)
-                m->result = f;
-
-        mount_set_state(m, MOUNT_MOUNTED);
-}
-
-static void mount_enter_signal(Mount *m, MountState state, MountResult f) {
-        int r;
-
-        assert(m);
-
-        if (f != MOUNT_SUCCESS)
-                m->result = f;
-
-        r = unit_kill_context(
-                        UNIT(m),
-                        &m->kill_context,
-                        (state != MOUNT_MOUNTING_SIGTERM && state != MOUNT_UNMOUNTING_SIGTERM && state != MOUNT_REMOUNTING_SIGTERM) ?
-                        KILL_KILL : KILL_TERMINATE,
-                        -1,
-                        m->control_pid,
-                        false);
-        if (r < 0)
-                goto fail;
-
-        if (r > 0) {
-                r = mount_arm_timer(m, usec_add(now(CLOCK_MONOTONIC), m->timeout_usec));
-                if (r < 0)
-                        goto fail;
-
-                mount_set_state(m, state);
-        } else if (state == MOUNT_REMOUNTING_SIGTERM)
-                mount_enter_signal(m, MOUNT_REMOUNTING_SIGKILL, MOUNT_SUCCESS);
-        else if (state == MOUNT_REMOUNTING_SIGKILL)
-                mount_enter_mounted(m, MOUNT_SUCCESS);
-        else if (state == MOUNT_MOUNTING_SIGTERM)
-                mount_enter_signal(m, MOUNT_MOUNTING_SIGKILL, MOUNT_SUCCESS);
-        else if (state == MOUNT_UNMOUNTING_SIGTERM)
-                mount_enter_signal(m, MOUNT_UNMOUNTING_SIGKILL, MOUNT_SUCCESS);
-        else
-                mount_enter_dead(m, MOUNT_SUCCESS);
-
-        return;
-
-fail:
-        log_unit_warning_errno(UNIT(m), r, "Failed to kill processes: %m");
-
-        if (state == MOUNT_REMOUNTING_SIGTERM || state == MOUNT_REMOUNTING_SIGKILL)
-                mount_enter_mounted(m, MOUNT_FAILURE_RESOURCES);
-        else
-                mount_enter_dead(m, MOUNT_FAILURE_RESOURCES);
-}
-
-static void mount_enter_unmounting(Mount *m) {
-        int r;
-
-        assert(m);
-
-        /* Start counting our attempts */
-        if (!IN_SET(m->state,
-                    MOUNT_UNMOUNTING,
-                    MOUNT_UNMOUNTING_SIGTERM,
-                    MOUNT_UNMOUNTING_SIGKILL))
-                m->n_retry_umount = 0;
-
-        m->control_command_id = MOUNT_EXEC_UNMOUNT;
-        m->control_command = m->exec_command + MOUNT_EXEC_UNMOUNT;
-
-        r = exec_command_set(m->control_command, UMOUNT_PATH, m->where, NULL);
-        if (r < 0)
-                goto fail;
-
-        mount_unwatch_control_pid(m);
-
-        r = mount_spawn(m, m->control_command, &m->control_pid);
-        if (r < 0)
-                goto fail;
-
-        mount_set_state(m, MOUNT_UNMOUNTING);
-
-        return;
-
-fail:
-        log_unit_warning_errno(UNIT(m), r, "Failed to run 'umount' task: %m");
-        mount_enter_mounted(m, MOUNT_FAILURE_RESOURCES);
-}
-
-static int mount_get_opts(Mount *m, char **ret) {
-        return fstab_filter_options(m->parameters_fragment.options,
-                                    "nofail\0" "noauto\0" "auto\0", NULL, NULL, ret);
-}
-
-static void mount_enter_mounting(Mount *m) {
-        int r;
-        MountParameters *p;
-
-        assert(m);
-
-        m->control_command_id = MOUNT_EXEC_MOUNT;
-        m->control_command = m->exec_command + MOUNT_EXEC_MOUNT;
-
-        r = unit_fail_if_symlink(UNIT(m), m->where);
-        if (r < 0)
-                goto fail;
-
-        (void) mkdir_p_label(m->where, m->directory_mode);
-
-        unit_warn_if_dir_nonempty(UNIT(m), m->where);
-
-        /* Create the source directory for bind-mounts if needed */
-        p = get_mount_parameters_fragment(m);
-        if (p && mount_is_bind(p))
-                (void) mkdir_p_label(p->what, m->directory_mode);
-
-        if (m->from_fragment) {
-                _cleanup_free_ char *opts = NULL;
-
-                r = mount_get_opts(m, &opts);
-                if (r < 0)
-                        goto fail;
-
-                r = exec_command_set(m->control_command, MOUNT_PATH,
-                                     m->parameters_fragment.what, m->where, NULL);
-                if (r >= 0 && m->sloppy_options)
-                        r = exec_command_append(m->control_command, "-s", NULL);
-                if (r >= 0 && m->parameters_fragment.fstype)
-                        r = exec_command_append(m->control_command, "-t", m->parameters_fragment.fstype, NULL);
-                if (r >= 0 && !isempty(opts))
-                        r = exec_command_append(m->control_command, "-o", opts, NULL);
-        } else
-                r = -ENOENT;
-
-        if (r < 0)
-                goto fail;
-
-        mount_unwatch_control_pid(m);
-
-        r = mount_spawn(m, m->control_command, &m->control_pid);
-        if (r < 0)
-                goto fail;
-
-        mount_set_state(m, MOUNT_MOUNTING);
-
-        return;
-
-fail:
-        log_unit_warning_errno(UNIT(m), r, "Failed to run 'mount' task: %m");
-        mount_enter_dead(m, MOUNT_FAILURE_RESOURCES);
-}
-
-static void mount_enter_remounting(Mount *m) {
-        int r;
-
-        assert(m);
-
-        m->control_command_id = MOUNT_EXEC_REMOUNT;
-        m->control_command = m->exec_command + MOUNT_EXEC_REMOUNT;
-
-        if (m->from_fragment) {
-                const char *o;
-
-                if (m->parameters_fragment.options)
-                        o = strjoina("remount,", m->parameters_fragment.options);
-                else
-                        o = "remount";
-
-                r = exec_command_set(m->control_command, MOUNT_PATH,
-                                     m->parameters_fragment.what, m->where,
-                                     "-o", o, NULL);
-                if (r >= 0 && m->sloppy_options)
-                        r = exec_command_append(m->control_command, "-s", NULL);
-                if (r >= 0 && m->parameters_fragment.fstype)
-                        r = exec_command_append(m->control_command, "-t", m->parameters_fragment.fstype, NULL);
-        } else
-                r = -ENOENT;
-
-        if (r < 0)
-                goto fail;
-
-        mount_unwatch_control_pid(m);
-
-        r = mount_spawn(m, m->control_command, &m->control_pid);
-        if (r < 0)
-                goto fail;
-
-        mount_set_state(m, MOUNT_REMOUNTING);
-
-        return;
-
-fail:
-        log_unit_warning_errno(UNIT(m), r, "Failed to run 'remount' task: %m");
-        m->reload_result = MOUNT_FAILURE_RESOURCES;
-        mount_enter_mounted(m, MOUNT_SUCCESS);
-}
-
-static int mount_start(Unit *u) {
-        Mount *m = MOUNT(u);
-        int r;
-
-        assert(m);
-
-        /* We cannot fulfill this request right now, try again later
-         * please! */
-        if (m->state == MOUNT_UNMOUNTING ||
-            m->state == MOUNT_UNMOUNTING_SIGTERM ||
-            m->state == MOUNT_UNMOUNTING_SIGKILL ||
-            m->state == MOUNT_MOUNTING_SIGTERM ||
-            m->state == MOUNT_MOUNTING_SIGKILL)
-                return -EAGAIN;
-
-        /* Already on it! */
-        if (m->state == MOUNT_MOUNTING)
-                return 0;
-
-        assert(m->state == MOUNT_DEAD || m->state == MOUNT_FAILED);
-
-        r = unit_start_limit_test(u);
-        if (r < 0) {
-                mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
-                return r;
-        }
-
-        m->result = MOUNT_SUCCESS;
-        m->reload_result = MOUNT_SUCCESS;
-        m->reset_cpu_usage = true;
-
-        mount_enter_mounting(m);
-        return 1;
-}
-
-static int mount_stop(Unit *u) {
-        Mount *m = MOUNT(u);
-
-        assert(m);
-
-        /* Already on it */
-        if (m->state == MOUNT_UNMOUNTING ||
-            m->state == MOUNT_UNMOUNTING_SIGKILL ||
-            m->state == MOUNT_UNMOUNTING_SIGTERM ||
-            m->state == MOUNT_MOUNTING_SIGTERM ||
-            m->state == MOUNT_MOUNTING_SIGKILL)
-                return 0;
-
-        assert(m->state == MOUNT_MOUNTING ||
-               m->state == MOUNT_MOUNTING_DONE ||
-               m->state == MOUNT_MOUNTED ||
-               m->state == MOUNT_REMOUNTING ||
-               m->state == MOUNT_REMOUNTING_SIGTERM ||
-               m->state == MOUNT_REMOUNTING_SIGKILL);
-
-        mount_enter_unmounting(m);
-        return 1;
-}
-
-static int mount_reload(Unit *u) {
-        Mount *m = MOUNT(u);
-
-        assert(m);
-
-        if (m->state == MOUNT_MOUNTING_DONE)
-                return -EAGAIN;
-
-        assert(m->state == MOUNT_MOUNTED);
-
-        mount_enter_remounting(m);
-        return 1;
-}
-
-static int mount_serialize(Unit *u, FILE *f, FDSet *fds) {
-        Mount *m = MOUNT(u);
-
-        assert(m);
-        assert(f);
-        assert(fds);
-
-        unit_serialize_item(u, f, "state", mount_state_to_string(m->state));
-        unit_serialize_item(u, f, "result", mount_result_to_string(m->result));
-        unit_serialize_item(u, f, "reload-result", mount_result_to_string(m->reload_result));
-
-        if (m->control_pid > 0)
-                unit_serialize_item_format(u, f, "control-pid", PID_FMT, m->control_pid);
-
-        if (m->control_command_id >= 0)
-                unit_serialize_item(u, f, "control-command", mount_exec_command_to_string(m->control_command_id));
-
-        return 0;
-}
-
-static int mount_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
-        Mount *m = MOUNT(u);
-
-        assert(u);
-        assert(key);
-        assert(value);
-        assert(fds);
-
-        if (streq(key, "state")) {
-                MountState state;
-
-                if ((state = mount_state_from_string(value)) < 0)
-                        log_unit_debug(u, "Failed to parse state value: %s", value);
-                else
-                        m->deserialized_state = state;
-        } else if (streq(key, "result")) {
-                MountResult f;
-
-                f = mount_result_from_string(value);
-                if (f < 0)
-                        log_unit_debug(u, "Failed to parse result value: %s", value);
-                else if (f != MOUNT_SUCCESS)
-                        m->result = f;
-
-        } else if (streq(key, "reload-result")) {
-                MountResult f;
-
-                f = mount_result_from_string(value);
-                if (f < 0)
-                        log_unit_debug(u, "Failed to parse reload result value: %s", value);
-                else if (f != MOUNT_SUCCESS)
-                        m->reload_result = f;
-
-        } else if (streq(key, "control-pid")) {
-                pid_t pid;
-
-                if (parse_pid(value, &pid) < 0)
-                        log_unit_debug(u, "Failed to parse control-pid value: %s", value);
-                else
-                        m->control_pid = pid;
-        } else if (streq(key, "control-command")) {
-                MountExecCommand id;
-
-                id = mount_exec_command_from_string(value);
-                if (id < 0)
-                        log_unit_debug(u, "Failed to parse exec-command value: %s", value);
-                else {
-                        m->control_command_id = id;
-                        m->control_command = m->exec_command + id;
-                }
-        } else
-                log_unit_debug(u, "Unknown serialization key: %s", key);
-
-        return 0;
-}
-
-_pure_ static UnitActiveState mount_active_state(Unit *u) {
-        assert(u);
-
-        return state_translation_table[MOUNT(u)->state];
-}
-
-_pure_ static const char *mount_sub_state_to_string(Unit *u) {
-        assert(u);
-
-        return mount_state_to_string(MOUNT(u)->state);
-}
-
-_pure_ static bool mount_check_gc(Unit *u) {
-        Mount *m = MOUNT(u);
-
-        assert(m);
-
-        return m->from_proc_self_mountinfo;
-}
-
-static void mount_sigchld_event(Unit *u, pid_t pid, int code, int status) {
-        Mount *m = MOUNT(u);
-        MountResult f;
-
-        assert(m);
-        assert(pid >= 0);
-
-        if (pid != m->control_pid)
-                return;
-
-        m->control_pid = 0;
-
-        if (is_clean_exit(code, status, NULL))
-                f = MOUNT_SUCCESS;
-        else if (code == CLD_EXITED)
-                f = MOUNT_FAILURE_EXIT_CODE;
-        else if (code == CLD_KILLED)
-                f = MOUNT_FAILURE_SIGNAL;
-        else if (code == CLD_DUMPED)
-                f = MOUNT_FAILURE_CORE_DUMP;
-        else
-                assert_not_reached("Unknown code");
-
-        if (f != MOUNT_SUCCESS)
-                m->result = f;
-
-        if (m->control_command) {
-                exec_status_exit(&m->control_command->exec_status, &m->exec_context, pid, code, status);
-
-                m->control_command = NULL;
-                m->control_command_id = _MOUNT_EXEC_COMMAND_INVALID;
-        }
-
-        log_unit_full(u, f == MOUNT_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
-                      "Mount process exited, code=%s status=%i", sigchld_code_to_string(code), status);
-
-        /* Note that mount(8) returning and the kernel sending us a
-         * mount table change event might happen out-of-order. If an
-         * operation succeed we assume the kernel will follow soon too
-         * and already change into the resulting state.  If it fails
-         * we check if the kernel still knows about the mount. and
-         * change state accordingly. */
-
-        switch (m->state) {
-
-        case MOUNT_MOUNTING:
-        case MOUNT_MOUNTING_DONE:
-        case MOUNT_MOUNTING_SIGKILL:
-        case MOUNT_MOUNTING_SIGTERM:
-
-                if (f == MOUNT_SUCCESS)
-                        mount_enter_mounted(m, f);
-                else if (m->from_proc_self_mountinfo)
-                        mount_enter_mounted(m, f);
-                else
-                        mount_enter_dead(m, f);
-                break;
-
-        case MOUNT_REMOUNTING:
-        case MOUNT_REMOUNTING_SIGKILL:
-        case MOUNT_REMOUNTING_SIGTERM:
-
-                m->reload_result = f;
-                if (m->from_proc_self_mountinfo)
-                        mount_enter_mounted(m, MOUNT_SUCCESS);
-                else
-                        mount_enter_dead(m, MOUNT_SUCCESS);
-
-                break;
-
-        case MOUNT_UNMOUNTING:
-        case MOUNT_UNMOUNTING_SIGKILL:
-        case MOUNT_UNMOUNTING_SIGTERM:
-
-                if (f == MOUNT_SUCCESS) {
-
-                        if (m->from_proc_self_mountinfo) {
-
-                                /* Still a mount point? If so, let's
-                                 * try again. Most likely there were
-                                 * multiple mount points stacked on
-                                 * top of each other. Note that due to
-                                 * the io event priority logic we can
-                                 * be sure the new mountinfo is loaded
-                                 * before we process the SIGCHLD for
-                                 * the mount command. */
-
-                                if (m->n_retry_umount < RETRY_UMOUNT_MAX) {
-                                        log_unit_debug(u, "Mount still present, trying again.");
-                                        m->n_retry_umount++;
-                                        mount_enter_unmounting(m);
-                                } else {
-                                        log_unit_debug(u, "Mount still present after %u attempts to unmount, giving up.", m->n_retry_umount);
-                                        mount_enter_mounted(m, f);
-                                }
-                        } else
-                                mount_enter_dead(m, f);
-
-                } else if (m->from_proc_self_mountinfo)
-                        mount_enter_mounted(m, f);
-                else
-                        mount_enter_dead(m, f);
-                break;
-
-        default:
-                assert_not_reached("Uh, control process died at wrong time.");
-        }
-
-        /* Notify clients about changed exit status */
-        unit_add_to_dbus_queue(u);
-}
-
-static int mount_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
-        Mount *m = MOUNT(userdata);
-
-        assert(m);
-        assert(m->timer_event_source == source);
-
-        switch (m->state) {
-
-        case MOUNT_MOUNTING:
-        case MOUNT_MOUNTING_DONE:
-                log_unit_warning(UNIT(m), "Mounting timed out. Stopping.");
-                mount_enter_signal(m, MOUNT_MOUNTING_SIGTERM, MOUNT_FAILURE_TIMEOUT);
-                break;
-
-        case MOUNT_REMOUNTING:
-                log_unit_warning(UNIT(m), "Remounting timed out. Stopping.");
-                m->reload_result = MOUNT_FAILURE_TIMEOUT;
-                mount_enter_mounted(m, MOUNT_SUCCESS);
-                break;
-
-        case MOUNT_UNMOUNTING:
-                log_unit_warning(UNIT(m), "Unmounting timed out. Stopping.");
-                mount_enter_signal(m, MOUNT_UNMOUNTING_SIGTERM, MOUNT_FAILURE_TIMEOUT);
-                break;
-
-        case MOUNT_MOUNTING_SIGTERM:
-                if (m->kill_context.send_sigkill) {
-                        log_unit_warning(UNIT(m), "Mounting timed out. Killing.");
-                        mount_enter_signal(m, MOUNT_MOUNTING_SIGKILL, MOUNT_FAILURE_TIMEOUT);
-                } else {
-                        log_unit_warning(UNIT(m), "Mounting timed out. Skipping SIGKILL. Ignoring.");
-
-                        if (m->from_proc_self_mountinfo)
-                                mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
-                        else
-                                mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
-                }
-                break;
-
-        case MOUNT_REMOUNTING_SIGTERM:
-                if (m->kill_context.send_sigkill) {
-                        log_unit_warning(UNIT(m), "Remounting timed out. Killing.");
-                        mount_enter_signal(m, MOUNT_REMOUNTING_SIGKILL, MOUNT_FAILURE_TIMEOUT);
-                } else {
-                        log_unit_warning(UNIT(m), "Remounting timed out. Skipping SIGKILL. Ignoring.");
-
-                        if (m->from_proc_self_mountinfo)
-                                mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
-                        else
-                                mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
-                }
-                break;
-
-        case MOUNT_UNMOUNTING_SIGTERM:
-                if (m->kill_context.send_sigkill) {
-                        log_unit_warning(UNIT(m), "Unmounting timed out. Killing.");
-                        mount_enter_signal(m, MOUNT_UNMOUNTING_SIGKILL, MOUNT_FAILURE_TIMEOUT);
-                } else {
-                        log_unit_warning(UNIT(m), "Unmounting timed out. Skipping SIGKILL. Ignoring.");
-
-                        if (m->from_proc_self_mountinfo)
-                                mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
-                        else
-                                mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
-                }
-                break;
-
-        case MOUNT_MOUNTING_SIGKILL:
-        case MOUNT_REMOUNTING_SIGKILL:
-        case MOUNT_UNMOUNTING_SIGKILL:
-                log_unit_warning(UNIT(m),"Mount process still around after SIGKILL. Ignoring.");
-
-                if (m->from_proc_self_mountinfo)
-                        mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
-                else
-                        mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
-                break;
-
-        default:
-                assert_not_reached("Timeout at wrong time.");
-        }
-
-        return 0;
-}
-
-static int mount_setup_unit(
-                Manager *m,
-                const char *what,
-                const char *where,
-                const char *options,
-                const char *fstype,
-                bool set_flags) {
-
-        _cleanup_free_ char *e = NULL, *w = NULL, *o = NULL, *f = NULL;
-        bool load_extras = false;
-        MountParameters *p;
-        bool delete, changed = false;
-        Unit *u;
-        int r;
-
-        assert(m);
-        assert(what);
-        assert(where);
-        assert(options);
-        assert(fstype);
-
-        /* Ignore API mount points. They should never be referenced in
-         * dependencies ever. */
-        if (mount_point_is_api(where) || mount_point_ignore(where))
-                return 0;
-
-        if (streq(fstype, "autofs"))
-                return 0;
-
-        /* probably some kind of swap, ignore */
-        if (!is_path(where))
-                return 0;
-
-        r = unit_name_from_path(where, ".mount", &e);
-        if (r < 0)
-                return r;
-
-        u = manager_get_unit(m, e);
-        if (!u) {
-                delete = true;
-
-                u = unit_new(m, sizeof(Mount));
-                if (!u)
-                        return log_oom();
-
-                r = unit_add_name(u, e);
-                if (r < 0)
-                        goto fail;
-
-                MOUNT(u)->where = strdup(where);
-                if (!MOUNT(u)->where) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                u->source_path = strdup("/proc/self/mountinfo");
-                if (!u->source_path) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                if (MANAGER_IS_SYSTEM(m)) {
-                        const char* target;
-
-                        target = mount_needs_network(options, fstype) ?  SPECIAL_REMOTE_FS_TARGET : SPECIAL_LOCAL_FS_TARGET;
-                        r = unit_add_dependency_by_name(u, UNIT_BEFORE, target, NULL, true);
-                        if (r < 0)
-                                goto fail;
-
-                        if (should_umount(MOUNT(u))) {
-                                r = unit_add_dependency_by_name(u, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
-                                if (r < 0)
-                                        goto fail;
-                        }
-                }
-
-                unit_add_to_load_queue(u);
-                changed = true;
-        } else {
-                delete = false;
-
-                if (!MOUNT(u)->where) {
-                        MOUNT(u)->where = strdup(where);
-                        if (!MOUNT(u)->where) {
-                                r = -ENOMEM;
-                                goto fail;
-                        }
-                }
-
-                if (MANAGER_IS_SYSTEM(m) &&
-                    mount_needs_network(options, fstype)) {
-                        /* _netdev option may have shown up late, or on a
-                         * remount. Add remote-fs dependencies, even though
-                         * local-fs ones may already be there. */
-                        unit_add_dependency_by_name(u, UNIT_BEFORE, SPECIAL_REMOTE_FS_TARGET, NULL, true);
-                        load_extras = true;
-                }
-
-                if (u->load_state == UNIT_NOT_FOUND) {
-                        u->load_state = UNIT_LOADED;
-                        u->load_error = 0;
-
-                        /* Load in the extras later on, after we
-                         * finished initialization of the unit */
-                        load_extras = true;
-                        changed = true;
-                }
-        }
-
-        w = strdup(what);
-        o = strdup(options);
-        f = strdup(fstype);
-        if (!w || !o || !f) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        p = &MOUNT(u)->parameters_proc_self_mountinfo;
-
-        changed = changed ||
-                !streq_ptr(p->options, options) ||
-                !streq_ptr(p->what, what) ||
-                !streq_ptr(p->fstype, fstype);
-
-        if (set_flags) {
-                MOUNT(u)->is_mounted = true;
-                MOUNT(u)->just_mounted = !MOUNT(u)->from_proc_self_mountinfo;
-                MOUNT(u)->just_changed = changed;
-        }
-
-        MOUNT(u)->from_proc_self_mountinfo = true;
-
-        free(p->what);
-        p->what = w;
-        w = NULL;
-
-        free(p->options);
-        p->options = o;
-        o = NULL;
-
-        free(p->fstype);
-        p->fstype = f;
-        f = NULL;
-
-        if (load_extras) {
-                r = mount_add_extras(MOUNT(u));
-                if (r < 0)
-                        goto fail;
-        }
-
-        if (changed)
-                unit_add_to_dbus_queue(u);
-
-        return 0;
-
-fail:
-        log_warning_errno(r, "Failed to set up mount unit: %m");
-
-        if (delete && u)
-                unit_free(u);
-
-        return r;
-}
-
-static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
-        _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
-        _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
-        int r = 0;
-
-        assert(m);
-
-        t = mnt_new_table();
-        if (!t)
-                return log_oom();
-
-        i = mnt_new_iter(MNT_ITER_FORWARD);
-        if (!i)
-                return log_oom();
-
-        r = mnt_table_parse_mtab(t, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m");
-
-        r = 0;
-        for (;;) {
-                const char *device, *path, *options, *fstype;
-                _cleanup_free_ char *d = NULL, *p = NULL;
-                struct libmnt_fs *fs;
-                int k;
-
-                k = mnt_table_next_fs(t, i, &fs);
-                if (k == 1)
-                        break;
-                if (k < 0)
-                        return log_error_errno(k, "Failed to get next entry from /proc/self/mountinfo: %m");
-
-                device = mnt_fs_get_source(fs);
-                path = mnt_fs_get_target(fs);
-                options = mnt_fs_get_options(fs);
-                fstype = mnt_fs_get_fstype(fs);
-
-                if (!device || !path)
-                        continue;
-
-                if (cunescape(device, UNESCAPE_RELAX, &d) < 0)
-                        return log_oom();
-
-                if (cunescape(path, UNESCAPE_RELAX, &p) < 0)
-                        return log_oom();
-
-                (void) device_found_node(m, d, true, DEVICE_FOUND_MOUNT, set_flags);
-
-                k = mount_setup_unit(m, d, p, options, fstype, set_flags);
-                if (r == 0 && k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static void mount_shutdown(Manager *m) {
-
-        assert(m);
-
-        m->mount_event_source = sd_event_source_unref(m->mount_event_source);
-
-        mnt_unref_monitor(m->mount_monitor);
-        m->mount_monitor = NULL;
-}
-
-static int mount_get_timeout(Unit *u, usec_t *timeout) {
-        Mount *m = MOUNT(u);
-        usec_t t;
-        int r;
-
-        if (!m->timer_event_source)
-                return 0;
-
-        r = sd_event_source_get_time(m->timer_event_source, &t);
-        if (r < 0)
-                return r;
-        if (t == USEC_INFINITY)
-                return 0;
-
-        *timeout = t;
-        return 1;
-}
-
-static void mount_enumerate(Manager *m) {
-        int r;
-
-        assert(m);
-
-        mnt_init_debug(0);
-
-        if (!m->mount_monitor) {
-                int fd;
-
-                m->mount_monitor = mnt_new_monitor();
-                if (!m->mount_monitor) {
-                        log_oom();
-                        goto fail;
-                }
-
-                r = mnt_monitor_enable_kernel(m->mount_monitor, 1);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to enable watching of kernel mount events: %m");
-                        goto fail;
-                }
-
-                r = mnt_monitor_enable_userspace(m->mount_monitor, 1, NULL);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to enable watching of userspace mount events: %m");
-                        goto fail;
-                }
-
-                /* mnt_unref_monitor() will close the fd */
-                fd = r = mnt_monitor_get_fd(m->mount_monitor);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to acquire watch file descriptor: %m");
-                        goto fail;
-                }
-
-                r = sd_event_add_io(m->event, &m->mount_event_source, fd, EPOLLIN, mount_dispatch_io, m);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to watch mount file descriptor: %m");
-                        goto fail;
-                }
-
-                r = sd_event_source_set_priority(m->mount_event_source, -10);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to adjust mount watch priority: %m");
-                        goto fail;
-                }
-
-                (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch");
-        }
-
-        r = mount_load_proc_self_mountinfo(m, false);
-        if (r < 0)
-                goto fail;
-
-        return;
-
-fail:
-        mount_shutdown(m);
-}
-
-static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        _cleanup_set_free_ Set *around = NULL, *gone = NULL;
-        Manager *m = userdata;
-        const char *what;
-        Iterator i;
-        Unit *u;
-        int r;
-
-        assert(m);
-        assert(revents & EPOLLIN);
-
-        if (fd == mnt_monitor_get_fd(m->mount_monitor)) {
-                bool rescan = false;
-
-                /* Drain all events and verify that the event is valid.
-                 *
-                 * Note that libmount also monitors /run/mount mkdir if the
-                 * directory does not exist yet. The mkdir may generate event
-                 * which is irrelevant for us.
-                 *
-                 * error: r < 0; valid: r == 0, false positive: rc == 1 */
-                do {
-                        r = mnt_monitor_next_change(m->mount_monitor, NULL, NULL);
-                        if (r == 0)
-                                rescan = true;
-                        else if (r < 0)
-                                return log_error_errno(r, "Failed to drain libmount events");
-                } while (r == 0);
-
-                log_debug("libmount event [rescan: %s]", yes_no(rescan));
-                if (!rescan)
-                        return 0;
-        }
-
-        r = mount_load_proc_self_mountinfo(m, true);
-        if (r < 0) {
-                /* Reset flags, just in case, for later calls */
-                LIST_FOREACH(units_by_type, u, m->units_by_type[UNIT_MOUNT]) {
-                        Mount *mount = MOUNT(u);
-
-                        mount->is_mounted = mount->just_mounted = mount->just_changed = false;
-                }
-
-                return 0;
-        }
-
-        manager_dispatch_load_queue(m);
-
-        LIST_FOREACH(units_by_type, u, m->units_by_type[UNIT_MOUNT]) {
-                Mount *mount = MOUNT(u);
-
-                if (!mount->is_mounted) {
-
-                        /* A mount point is not around right now. It
-                         * might be gone, or might never have
-                         * existed. */
-
-                        if (mount->from_proc_self_mountinfo &&
-                            mount->parameters_proc_self_mountinfo.what) {
-
-                                /* Remember that this device might just have disappeared */
-                                if (set_ensure_allocated(&gone, &string_hash_ops) < 0 ||
-                                    set_put(gone, mount->parameters_proc_self_mountinfo.what) < 0)
-                                        log_oom(); /* we don't care too much about OOM here... */
-                        }
-
-                        mount->from_proc_self_mountinfo = false;
-
-                        switch (mount->state) {
-
-                        case MOUNT_MOUNTED:
-                                /* This has just been unmounted by
-                                 * somebody else, follow the state
-                                 * change. */
-                                mount_enter_dead(mount, MOUNT_SUCCESS);
-                                break;
-
-                        default:
-                                break;
-                        }
-
-                } else if (mount->just_mounted || mount->just_changed) {
-
-                        /* A mount point was added or changed */
-
-                        switch (mount->state) {
-
-                        case MOUNT_DEAD:
-                        case MOUNT_FAILED:
-                                /* This has just been mounted by
-                                 * somebody else, follow the state
-                                 * change. */
-                                mount_enter_mounted(mount, MOUNT_SUCCESS);
-                                break;
-
-                        case MOUNT_MOUNTING:
-                                mount_set_state(mount, MOUNT_MOUNTING_DONE);
-                                break;
-
-                        default:
-                                /* Nothing really changed, but let's
-                                 * issue an notification call
-                                 * nonetheless, in case somebody is
-                                 * waiting for this. (e.g. file system
-                                 * ro/rw remounts.) */
-                                mount_set_state(mount, mount->state);
-                                break;
-                        }
-                }
-
-                if (mount->is_mounted &&
-                    mount->from_proc_self_mountinfo &&
-                    mount->parameters_proc_self_mountinfo.what) {
-
-                        if (set_ensure_allocated(&around, &string_hash_ops) < 0 ||
-                            set_put(around, mount->parameters_proc_self_mountinfo.what) < 0)
-                                log_oom();
-                }
-
-                /* Reset the flags for later calls */
-                mount->is_mounted = mount->just_mounted = mount->just_changed = false;
-        }
-
-        SET_FOREACH(what, gone, i) {
-                if (set_contains(around, what))
-                        continue;
-
-                /* Let the device units know that the device is no longer mounted */
-                (void) device_found_node(m, what, false, DEVICE_FOUND_MOUNT, true);
-        }
-
-        return 0;
-}
-
-static void mount_reset_failed(Unit *u) {
-        Mount *m = MOUNT(u);
-
-        assert(m);
-
-        if (m->state == MOUNT_FAILED)
-                mount_set_state(m, MOUNT_DEAD);
-
-        m->result = MOUNT_SUCCESS;
-        m->reload_result = MOUNT_SUCCESS;
-}
-
-static int mount_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
-        return unit_kill_common(u, who, signo, -1, MOUNT(u)->control_pid, error);
-}
-
-static int mount_control_pid(Unit *u) {
-        Mount *m = MOUNT(u);
-
-        assert(m);
-
-        return m->control_pid;
-}
-
-static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
-        [MOUNT_EXEC_MOUNT] = "ExecMount",
-        [MOUNT_EXEC_UNMOUNT] = "ExecUnmount",
-        [MOUNT_EXEC_REMOUNT] = "ExecRemount",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(mount_exec_command, MountExecCommand);
-
-static const char* const mount_result_table[_MOUNT_RESULT_MAX] = {
-        [MOUNT_SUCCESS] = "success",
-        [MOUNT_FAILURE_RESOURCES] = "resources",
-        [MOUNT_FAILURE_TIMEOUT] = "timeout",
-        [MOUNT_FAILURE_EXIT_CODE] = "exit-code",
-        [MOUNT_FAILURE_SIGNAL] = "signal",
-        [MOUNT_FAILURE_CORE_DUMP] = "core-dump",
-        [MOUNT_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(mount_result, MountResult);
-
-const UnitVTable mount_vtable = {
-        .object_size = sizeof(Mount),
-        .exec_context_offset = offsetof(Mount, exec_context),
-        .cgroup_context_offset = offsetof(Mount, cgroup_context),
-        .kill_context_offset = offsetof(Mount, kill_context),
-        .exec_runtime_offset = offsetof(Mount, exec_runtime),
-
-        .sections =
-                "Unit\0"
-                "Mount\0"
-                "Install\0",
-        .private_section = "Mount",
-
-        .init = mount_init,
-        .load = mount_load,
-        .done = mount_done,
-
-        .coldplug = mount_coldplug,
-
-        .dump = mount_dump,
-
-        .start = mount_start,
-        .stop = mount_stop,
-        .reload = mount_reload,
-
-        .kill = mount_kill,
-
-        .serialize = mount_serialize,
-        .deserialize_item = mount_deserialize_item,
-
-        .active_state = mount_active_state,
-        .sub_state_to_string = mount_sub_state_to_string,
-
-        .check_gc = mount_check_gc,
-
-        .sigchld_event = mount_sigchld_event,
-
-        .reset_failed = mount_reset_failed,
-
-        .control_pid = mount_control_pid,
-
-        .bus_vtable = bus_mount_vtable,
-        .bus_set_property = bus_mount_set_property,
-        .bus_commit_properties = bus_mount_commit_properties,
-
-        .get_timeout = mount_get_timeout,
-
-        .can_transient = true,
-
-        .enumerate = mount_enumerate,
-        .shutdown = mount_shutdown,
-
-        .status_message_formats = {
-                .starting_stopping = {
-                        [0] = "Mounting %s...",
-                        [1] = "Unmounting %s...",
-                },
-                .finished_start_job = {
-                        [JOB_DONE]       = "Mounted %s.",
-                        [JOB_FAILED]     = "Failed to mount %s.",
-                        [JOB_TIMEOUT]    = "Timed out mounting %s.",
-                },
-                .finished_stop_job = {
-                        [JOB_DONE]       = "Unmounted %s.",
-                        [JOB_FAILED]     = "Failed unmounting %s.",
-                        [JOB_TIMEOUT]    = "Timed out unmounting %s.",
-                },
-        },
-};
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
deleted file mode 100644
index cc287d602d..0000000000
--- a/src/core/selinux-access.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Dan Walsh
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "selinux-access.h"
-
-#ifdef HAVE_SELINUX
-
-#include <errno.h>
-#include <selinux/avc.h>
-#include <selinux/selinux.h>
-#include <stdio.h>
-#ifdef HAVE_AUDIT
-#include <libaudit.h>
-#endif
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "audit-fd.h"
-#include "bus-util.h"
-#include "log.h"
-#include "path-util.h"
-#include "selinux-util.h"
-#include "stdio-util.h"
-#include "strv.h"
-#include "util.h"
-
-static bool initialized = false;
-
-struct audit_info {
-        sd_bus_creds *creds;
-        const char *path;
-        const char *cmdline;
-};
-
-/*
-   Any time an access gets denied this callback will be called
-   with the audit data.  We then need to just copy the audit data into the msgbuf.
-*/
-static int audit_callback(
-                void *auditdata,
-                security_class_t cls,
-                char *msgbuf,
-                size_t msgbufsize) {
-
-        const struct audit_info *audit = auditdata;
-        uid_t uid = 0, login_uid = 0;
-        gid_t gid = 0;
-        char login_uid_buf[DECIMAL_STR_MAX(uid_t) + 1] = "n/a";
-        char uid_buf[DECIMAL_STR_MAX(uid_t) + 1] = "n/a";
-        char gid_buf[DECIMAL_STR_MAX(gid_t) + 1] = "n/a";
-
-        if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
-                xsprintf(login_uid_buf, UID_FMT, login_uid);
-        if (sd_bus_creds_get_euid(audit->creds, &uid) >= 0)
-                xsprintf(uid_buf, UID_FMT, uid);
-        if (sd_bus_creds_get_egid(audit->creds, &gid) >= 0)
-                xsprintf(gid_buf, GID_FMT, gid);
-
-        snprintf(msgbuf, msgbufsize,
-                 "auid=%s uid=%s gid=%s%s%s%s%s%s%s",
-                 login_uid_buf, uid_buf, gid_buf,
-                 audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
-                 audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
-
-        return 0;
-}
-
-static int callback_type_to_priority(int type) {
-        switch(type) {
-
-        case SELINUX_ERROR:
-                return LOG_ERR;
-
-        case SELINUX_WARNING:
-                return LOG_WARNING;
-
-        case SELINUX_INFO:
-                return LOG_INFO;
-
-        case SELINUX_AVC:
-        default:
-                return LOG_NOTICE;
-        }
-}
-
-/*
-   libselinux uses this callback when access gets denied or other
-   events happen. If audit is turned on, messages will be reported
-   using audit netlink, otherwise they will be logged using the usual
-   channels.
-
-   Code copied from dbus and modified.
-*/
-_printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
-        va_list ap;
-        const char *fmt2;
-
-#ifdef HAVE_AUDIT
-        int fd;
-
-        fd = get_audit_fd();
-
-        if (fd >= 0) {
-                _cleanup_free_ char *buf = NULL;
-                int r;
-
-                va_start(ap, fmt);
-                r = vasprintf(&buf, fmt, ap);
-                va_end(ap);
-
-                if (r >= 0) {
-                        audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
-                        return 0;
-                }
-        }
-#endif
-
-        fmt2 = strjoina("selinux: ", fmt);
-
-        va_start(ap, fmt);
-        log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt2, ap);
-        va_end(ap);
-
-        return 0;
-}
-
-static int access_init(sd_bus_error *error) {
-
-        if (!mac_selinux_use())
-                return 0;
-
-        if (initialized)
-                return 1;
-
-        if (avc_open(NULL, 0) != 0) {
-                int enforce, saved_errno = errno;
-
-                enforce = security_getenforce();
-                log_full_errno(enforce != 0 ? LOG_ERR : LOG_WARNING, saved_errno, "Failed to open the SELinux AVC: %m");
-
-                /* If enforcement isn't on, then let's suppress this
-                 * error, and just don't do any AVC checks. The
-                 * warning we printed is hence all the admin will
-                 * see. */
-                if (enforce == 0)
-                        return 0;
-
-                /* Return an access denied error, if we couldn't load
-                 * the AVC but enforcing mode was on, or we couldn't
-                 * determine whether it is one. */
-                return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to open the SELinux AVC: %s", strerror(saved_errno));
-        }
-
-        selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) audit_callback);
-        selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) log_callback);
-
-        initialized = true;
-        return 1;
-}
-
-/*
-   This function communicates with the kernel to check whether or not it should
-   allow the access.
-   If the machine is in permissive mode it will return ok.  Audit messages will
-   still be generated if the access would be denied in enforcing mode.
-*/
-int mac_selinux_generic_access_check(
-                sd_bus_message *message,
-                const char *path,
-                const char *permission,
-                sd_bus_error *error) {
-
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        const char *tclass = NULL, *scon = NULL;
-        struct audit_info audit_info = {};
-        _cleanup_free_ char *cl = NULL;
-        security_context_t fcon = NULL;
-        char **cmdline = NULL;
-        int r = 0;
-
-        assert(message);
-        assert(permission);
-        assert(error);
-
-        r = access_init(error);
-        if (r <= 0)
-                return r;
-
-        r = sd_bus_query_sender_creds(
-                        message,
-                        SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
-                        SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
-                        SD_BUS_CREDS_SELINUX_CONTEXT|
-                        SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
-                        &creds);
-        if (r < 0)
-                goto finish;
-
-        /* The SELinux context is something we really should have
-         * gotten directly from the message or sender, and not be an
-         * augmented field. If it was augmented we cannot use it for
-         * authorization, since this is racy and vulnerable. Let's add
-         * an extra check, just in case, even though this really
-         * shouldn't be possible. */
-        assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_SELINUX_CONTEXT) == 0, -EPERM);
-
-        r = sd_bus_creds_get_selinux_context(creds, &scon);
-        if (r < 0)
-                goto finish;
-
-        if (path) {
-                /* Get the file context of the unit file */
-
-                r = getfilecon_raw(path, &fcon);
-                if (r < 0) {
-                        r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get file context on %s.", path);
-                        goto finish;
-                }
-
-                tclass = "service";
-        } else {
-                r = getcon_raw(&fcon);
-                if (r < 0) {
-                        r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get current context.");
-                        goto finish;
-                }
-
-                tclass = "system";
-        }
-
-        sd_bus_creds_get_cmdline(creds, &cmdline);
-        cl = strv_join(cmdline, " ");
-
-        audit_info.creds = creds;
-        audit_info.path = path;
-        audit_info.cmdline = cl;
-
-        r = selinux_check_access(scon, fcon, tclass, permission, &audit_info);
-        if (r < 0)
-                r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
-
-        log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, cl, r);
-
-finish:
-        freecon(fcon);
-
-        if (r < 0 && security_getenforce() != 1) {
-                sd_bus_error_free(error);
-                r = 0;
-        }
-
-        return r;
-}
-
-#else
-
-int mac_selinux_generic_access_check(
-                sd_bus_message *message,
-                const char *path,
-                const char *permission,
-                sd_bus_error *error) {
-
-        return 0;
-}
-
-#endif
diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h
deleted file mode 100644
index 8f1f058a32..0000000000
--- a/src/core/selinux-access.h
+++ /dev/null
@@ -1,45 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Dan Walsh
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "bus-util.h"
-#include "manager.h"
-
-int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
-
-#ifdef HAVE_SELINUX
-
-#define mac_selinux_access_check(message, permission, error) \
-        mac_selinux_generic_access_check((message), NULL, (permission), (error))
-
-#define mac_selinux_unit_access_check(unit, message, permission, error) \
-        ({                                                              \
-                Unit *_unit = (unit);                                   \
-                mac_selinux_generic_access_check((message), _unit->source_path ?: _unit->fragment_path, (permission), (error)); \
-        })
-
-#else
-
-#define mac_selinux_access_check(message, permission, error) 0
-#define mac_selinux_unit_access_check(unit, message, permission, error) 0
-
-#endif
diff --git a/src/core/unit.c b/src/core/unit.c
deleted file mode 100644
index 2fff3f2d8b..0000000000
--- a/src/core/unit.c
+++ /dev/null
@@ -1,3818 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "bus-util.h"
-#include "cgroup-util.h"
-#include "dbus-unit.h"
-#include "dbus.h"
-#include "dropin.h"
-#include "escape.h"
-#include "execute.h"
-#include "fileio-label.h"
-#include "formats-util.h"
-#include "load-dropin.h"
-#include "load-fragment.h"
-#include "log.h"
-#include "macro.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "set.h"
-#include "signal-util.h"
-#include "special.h"
-#include "stat-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "umask-util.h"
-#include "unit-name.h"
-#include "unit.h"
-#include "user-util.h"
-#include "virt.h"
-
-const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
-        [UNIT_SERVICE] = &service_vtable,
-        [UNIT_SOCKET] = &socket_vtable,
-        [UNIT_BUSNAME] = &busname_vtable,
-        [UNIT_TARGET] = &target_vtable,
-        [UNIT_DEVICE] = &device_vtable,
-        [UNIT_MOUNT] = &mount_vtable,
-        [UNIT_AUTOMOUNT] = &automount_vtable,
-        [UNIT_SWAP] = &swap_vtable,
-        [UNIT_TIMER] = &timer_vtable,
-        [UNIT_PATH] = &path_vtable,
-        [UNIT_SLICE] = &slice_vtable,
-        [UNIT_SCOPE] = &scope_vtable
-};
-
-static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency);
-
-Unit *unit_new(Manager *m, size_t size) {
-        Unit *u;
-
-        assert(m);
-        assert(size >= sizeof(Unit));
-
-        u = malloc0(size);
-        if (!u)
-                return NULL;
-
-        u->names = set_new(&string_hash_ops);
-        if (!u->names) {
-                free(u);
-                return NULL;
-        }
-
-        u->manager = m;
-        u->type = _UNIT_TYPE_INVALID;
-        u->default_dependencies = true;
-        u->unit_file_state = _UNIT_FILE_STATE_INVALID;
-        u->unit_file_preset = -1;
-        u->on_failure_job_mode = JOB_REPLACE;
-        u->cgroup_inotify_wd = -1;
-        u->job_timeout = USEC_INFINITY;
-
-        RATELIMIT_INIT(u->start_limit, m->default_start_limit_interval, m->default_start_limit_burst);
-        RATELIMIT_INIT(u->auto_stop_ratelimit, 10 * USEC_PER_SEC, 16);
-
-        return u;
-}
-
-bool unit_has_name(Unit *u, const char *name) {
-        assert(u);
-        assert(name);
-
-        return !!set_get(u->names, (char*) name);
-}
-
-static void unit_init(Unit *u) {
-        CGroupContext *cc;
-        ExecContext *ec;
-        KillContext *kc;
-
-        assert(u);
-        assert(u->manager);
-        assert(u->type >= 0);
-
-        cc = unit_get_cgroup_context(u);
-        if (cc) {
-                cgroup_context_init(cc);
-
-                /* Copy in the manager defaults into the cgroup
-                 * context, _before_ the rest of the settings have
-                 * been initialized */
-
-                cc->cpu_accounting = u->manager->default_cpu_accounting;
-                cc->io_accounting = u->manager->default_io_accounting;
-                cc->blockio_accounting = u->manager->default_blockio_accounting;
-                cc->memory_accounting = u->manager->default_memory_accounting;
-                cc->tasks_accounting = u->manager->default_tasks_accounting;
-
-                if (u->type != UNIT_SLICE)
-                        cc->tasks_max = u->manager->default_tasks_max;
-        }
-
-        ec = unit_get_exec_context(u);
-        if (ec)
-                exec_context_init(ec);
-
-        kc = unit_get_kill_context(u);
-        if (kc)
-                kill_context_init(kc);
-
-        if (UNIT_VTABLE(u)->init)
-                UNIT_VTABLE(u)->init(u);
-}
-
-int unit_add_name(Unit *u, const char *text) {
-        _cleanup_free_ char *s = NULL, *i = NULL;
-        UnitType t;
-        int r;
-
-        assert(u);
-        assert(text);
-
-        if (unit_name_is_valid(text, UNIT_NAME_TEMPLATE)) {
-
-                if (!u->instance)
-                        return -EINVAL;
-
-                r = unit_name_replace_instance(text, u->instance, &s);
-                if (r < 0)
-                        return r;
-        } else {
-                s = strdup(text);
-                if (!s)
-                        return -ENOMEM;
-        }
-
-        if (set_contains(u->names, s))
-                return 0;
-        if (hashmap_contains(u->manager->units, s))
-                return -EEXIST;
-
-        if (!unit_name_is_valid(s, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
-                return -EINVAL;
-
-        t = unit_name_to_type(s);
-        if (t < 0)
-                return -EINVAL;
-
-        if (u->type != _UNIT_TYPE_INVALID && t != u->type)
-                return -EINVAL;
-
-        r = unit_name_to_instance(s, &i);
-        if (r < 0)
-                return r;
-
-        if (i && !unit_type_may_template(t))
-                return -EINVAL;
-
-        /* Ensure that this unit is either instanced or not instanced,
-         * but not both. Note that we do allow names with different
-         * instance names however! */
-        if (u->type != _UNIT_TYPE_INVALID && !u->instance != !i)
-                return -EINVAL;
-
-        if (!unit_type_may_alias(t) && !set_isempty(u->names))
-                return -EEXIST;
-
-        if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES)
-                return -E2BIG;
-
-        r = set_put(u->names, s);
-        if (r < 0)
-                return r;
-        assert(r > 0);
-
-        r = hashmap_put(u->manager->units, s, u);
-        if (r < 0) {
-                (void) set_remove(u->names, s);
-                return r;
-        }
-
-        if (u->type == _UNIT_TYPE_INVALID) {
-                u->type = t;
-                u->id = s;
-                u->instance = i;
-
-                LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u);
-
-                unit_init(u);
-
-                i = NULL;
-        }
-
-        s = NULL;
-
-        unit_add_to_dbus_queue(u);
-        return 0;
-}
-
-int unit_choose_id(Unit *u, const char *name) {
-        _cleanup_free_ char *t = NULL;
-        char *s, *i;
-        int r;
-
-        assert(u);
-        assert(name);
-
-        if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
-
-                if (!u->instance)
-                        return -EINVAL;
-
-                r = unit_name_replace_instance(name, u->instance, &t);
-                if (r < 0)
-                        return r;
-
-                name = t;
-        }
-
-        /* Selects one of the names of this unit as the id */
-        s = set_get(u->names, (char*) name);
-        if (!s)
-                return -ENOENT;
-
-        /* Determine the new instance from the new id */
-        r = unit_name_to_instance(s, &i);
-        if (r < 0)
-                return r;
-
-        u->id = s;
-
-        free(u->instance);
-        u->instance = i;
-
-        unit_add_to_dbus_queue(u);
-
-        return 0;
-}
-
-int unit_set_description(Unit *u, const char *description) {
-        char *s;
-
-        assert(u);
-
-        if (isempty(description))
-                s = NULL;
-        else {
-                s = strdup(description);
-                if (!s)
-                        return -ENOMEM;
-        }
-
-        free(u->description);
-        u->description = s;
-
-        unit_add_to_dbus_queue(u);
-        return 0;
-}
-
-bool unit_check_gc(Unit *u) {
-        UnitActiveState state;
-        assert(u);
-
-        if (u->job)
-                return true;
-
-        if (u->nop_job)
-                return true;
-
-        state = unit_active_state(u);
-
-        /* If the unit is inactive and failed and no job is queued for
-         * it, then release its runtime resources */
-        if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
-            UNIT_VTABLE(u)->release_resources)
-                UNIT_VTABLE(u)->release_resources(u);
-
-        /* But we keep the unit object around for longer when it is
-         * referenced or configured to not be gc'ed */
-        if (state != UNIT_INACTIVE)
-                return true;
-
-        if (u->no_gc)
-                return true;
-
-        if (u->refs)
-                return true;
-
-        if (UNIT_VTABLE(u)->check_gc)
-                if (UNIT_VTABLE(u)->check_gc(u))
-                        return true;
-
-        return false;
-}
-
-void unit_add_to_load_queue(Unit *u) {
-        assert(u);
-        assert(u->type != _UNIT_TYPE_INVALID);
-
-        if (u->load_state != UNIT_STUB || u->in_load_queue)
-                return;
-
-        LIST_PREPEND(load_queue, u->manager->load_queue, u);
-        u->in_load_queue = true;
-}
-
-void unit_add_to_cleanup_queue(Unit *u) {
-        assert(u);
-
-        if (u->in_cleanup_queue)
-                return;
-
-        LIST_PREPEND(cleanup_queue, u->manager->cleanup_queue, u);
-        u->in_cleanup_queue = true;
-}
-
-void unit_add_to_gc_queue(Unit *u) {
-        assert(u);
-
-        if (u->in_gc_queue || u->in_cleanup_queue)
-                return;
-
-        if (unit_check_gc(u))
-                return;
-
-        LIST_PREPEND(gc_queue, u->manager->gc_queue, u);
-        u->in_gc_queue = true;
-
-        u->manager->n_in_gc_queue++;
-}
-
-void unit_add_to_dbus_queue(Unit *u) {
-        assert(u);
-        assert(u->type != _UNIT_TYPE_INVALID);
-
-        if (u->load_state == UNIT_STUB || u->in_dbus_queue)
-                return;
-
-        /* Shortcut things if nobody cares */
-        if (sd_bus_track_count(u->manager->subscribed) <= 0 &&
-            set_isempty(u->manager->private_buses)) {
-                u->sent_dbus_new_signal = true;
-                return;
-        }
-
-        LIST_PREPEND(dbus_queue, u->manager->dbus_unit_queue, u);
-        u->in_dbus_queue = true;
-}
-
-static void bidi_set_free(Unit *u, Set *s) {
-        Iterator i;
-        Unit *other;
-
-        assert(u);
-
-        /* Frees the set and makes sure we are dropped from the
-         * inverse pointers */
-
-        SET_FOREACH(other, s, i) {
-                UnitDependency d;
-
-                for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
-                        set_remove(other->dependencies[d], u);
-
-                unit_add_to_gc_queue(other);
-        }
-
-        set_free(s);
-}
-
-static void unit_remove_transient(Unit *u) {
-        char **i;
-
-        assert(u);
-
-        if (!u->transient)
-                return;
-
-        if (u->fragment_path)
-                (void) unlink(u->fragment_path);
-
-        STRV_FOREACH(i, u->dropin_paths) {
-                _cleanup_free_ char *p = NULL, *pp = NULL;
-
-                p = dirname_malloc(*i); /* Get the drop-in directory from the drop-in file */
-                if (!p)
-                        continue;
-
-                pp = dirname_malloc(p); /* Get the config directory from the drop-in directory */
-                if (!pp)
-                        continue;
-
-                /* Only drop transient drop-ins */
-                if (!path_equal(u->manager->lookup_paths.transient, pp))
-                        continue;
-
-                (void) unlink(*i);
-                (void) rmdir(p);
-        }
-}
-
-static void unit_free_requires_mounts_for(Unit *u) {
-        char **j;
-
-        STRV_FOREACH(j, u->requires_mounts_for) {
-                char s[strlen(*j) + 1];
-
-                PATH_FOREACH_PREFIX_MORE(s, *j) {
-                        char *y;
-                        Set *x;
-
-                        x = hashmap_get2(u->manager->units_requiring_mounts_for, s, (void**) &y);
-                        if (!x)
-                                continue;
-
-                        set_remove(x, u);
-
-                        if (set_isempty(x)) {
-                                hashmap_remove(u->manager->units_requiring_mounts_for, y);
-                                free(y);
-                                set_free(x);
-                        }
-                }
-        }
-
-        u->requires_mounts_for = strv_free(u->requires_mounts_for);
-}
-
-static void unit_done(Unit *u) {
-        ExecContext *ec;
-        CGroupContext *cc;
-
-        assert(u);
-
-        if (u->type < 0)
-                return;
-
-        if (UNIT_VTABLE(u)->done)
-                UNIT_VTABLE(u)->done(u);
-
-        ec = unit_get_exec_context(u);
-        if (ec)
-                exec_context_done(ec);
-
-        cc = unit_get_cgroup_context(u);
-        if (cc)
-                cgroup_context_done(cc);
-}
-
-void unit_free(Unit *u) {
-        UnitDependency d;
-        Iterator i;
-        char *t;
-
-        assert(u);
-
-        if (u->transient_file)
-                fclose(u->transient_file);
-
-        if (!MANAGER_IS_RELOADING(u->manager))
-                unit_remove_transient(u);
-
-        bus_unit_send_removed_signal(u);
-
-        unit_done(u);
-
-        sd_bus_slot_unref(u->match_bus_slot);
-
-        unit_free_requires_mounts_for(u);
-
-        SET_FOREACH(t, u->names, i)
-                hashmap_remove_value(u->manager->units, t, u);
-
-        if (u->job) {
-                Job *j = u->job;
-                job_uninstall(j);
-                job_free(j);
-        }
-
-        if (u->nop_job) {
-                Job *j = u->nop_job;
-                job_uninstall(j);
-                job_free(j);
-        }
-
-        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
-                bidi_set_free(u, u->dependencies[d]);
-
-        if (u->type != _UNIT_TYPE_INVALID)
-                LIST_REMOVE(units_by_type, u->manager->units_by_type[u->type], u);
-
-        if (u->in_load_queue)
-                LIST_REMOVE(load_queue, u->manager->load_queue, u);
-
-        if (u->in_dbus_queue)
-                LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
-
-        if (u->in_cleanup_queue)
-                LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
-
-        if (u->in_gc_queue) {
-                LIST_REMOVE(gc_queue, u->manager->gc_queue, u);
-                u->manager->n_in_gc_queue--;
-        }
-
-        if (u->in_cgroup_queue)
-                LIST_REMOVE(cgroup_queue, u->manager->cgroup_queue, u);
-
-        unit_release_cgroup(u);
-
-        (void) manager_update_failed_units(u->manager, u, false);
-        set_remove(u->manager->startup_units, u);
-
-        free(u->description);
-        strv_free(u->documentation);
-        free(u->fragment_path);
-        free(u->source_path);
-        strv_free(u->dropin_paths);
-        free(u->instance);
-
-        free(u->job_timeout_reboot_arg);
-
-        set_free_free(u->names);
-
-        unit_unwatch_all_pids(u);
-
-        condition_free_list(u->conditions);
-        condition_free_list(u->asserts);
-
-        free(u->reboot_arg);
-
-        unit_ref_unset(&u->slice);
-
-        while (u->refs)
-                unit_ref_unset(u->refs);
-
-        free(u);
-}
-
-UnitActiveState unit_active_state(Unit *u) {
-        assert(u);
-
-        if (u->load_state == UNIT_MERGED)
-                return unit_active_state(unit_follow_merge(u));
-
-        /* After a reload it might happen that a unit is not correctly
-         * loaded but still has a process around. That's why we won't
-         * shortcut failed loading to UNIT_INACTIVE_FAILED. */
-
-        return UNIT_VTABLE(u)->active_state(u);
-}
-
-const char* unit_sub_state_to_string(Unit *u) {
-        assert(u);
-
-        return UNIT_VTABLE(u)->sub_state_to_string(u);
-}
-
-static int complete_move(Set **s, Set **other) {
-        int r;
-
-        assert(s);
-        assert(other);
-
-        if (!*other)
-                return 0;
-
-        if (*s) {
-                r = set_move(*s, *other);
-                if (r < 0)
-                        return r;
-        } else {
-                *s = *other;
-                *other = NULL;
-        }
-
-        return 0;
-}
-
-static int merge_names(Unit *u, Unit *other) {
-        char *t;
-        Iterator i;
-        int r;
-
-        assert(u);
-        assert(other);
-
-        r = complete_move(&u->names, &other->names);
-        if (r < 0)
-                return r;
-
-        set_free_free(other->names);
-        other->names = NULL;
-        other->id = NULL;
-
-        SET_FOREACH(t, u->names, i)
-                assert_se(hashmap_replace(u->manager->units, t, u) == 0);
-
-        return 0;
-}
-
-static int reserve_dependencies(Unit *u, Unit *other, UnitDependency d) {
-        unsigned n_reserve;
-
-        assert(u);
-        assert(other);
-        assert(d < _UNIT_DEPENDENCY_MAX);
-
-        /*
-         * If u does not have this dependency set allocated, there is no need
-         * to reserve anything. In that case other's set will be transferred
-         * as a whole to u by complete_move().
-         */
-        if (!u->dependencies[d])
-                return 0;
-
-        /* merge_dependencies() will skip a u-on-u dependency */
-        n_reserve = set_size(other->dependencies[d]) - !!set_get(other->dependencies[d], u);
-
-        return set_reserve(u->dependencies[d], n_reserve);
-}
-
-static void merge_dependencies(Unit *u, Unit *other, const char *other_id, UnitDependency d) {
-        Iterator i;
-        Unit *back;
-        int r;
-
-        assert(u);
-        assert(other);
-        assert(d < _UNIT_DEPENDENCY_MAX);
-
-        /* Fix backwards pointers */
-        SET_FOREACH(back, other->dependencies[d], i) {
-                UnitDependency k;
-
-                for (k = 0; k < _UNIT_DEPENDENCY_MAX; k++) {
-                        /* Do not add dependencies between u and itself */
-                        if (back == u) {
-                                if (set_remove(back->dependencies[k], other))
-                                        maybe_warn_about_dependency(u, other_id, k);
-                        } else {
-                                r = set_remove_and_put(back->dependencies[k], other, u);
-                                if (r == -EEXIST)
-                                        set_remove(back->dependencies[k], other);
-                                else
-                                        assert(r >= 0 || r == -ENOENT);
-                        }
-                }
-        }
-
-        /* Also do not move dependencies on u to itself */
-        back = set_remove(other->dependencies[d], u);
-        if (back)
-                maybe_warn_about_dependency(u, other_id, d);
-
-        /* The move cannot fail. The caller must have performed a reservation. */
-        assert_se(complete_move(&u->dependencies[d], &other->dependencies[d]) == 0);
-
-        other->dependencies[d] = set_free(other->dependencies[d]);
-}
-
-int unit_merge(Unit *u, Unit *other) {
-        UnitDependency d;
-        const char *other_id = NULL;
-        int r;
-
-        assert(u);
-        assert(other);
-        assert(u->manager == other->manager);
-        assert(u->type != _UNIT_TYPE_INVALID);
-
-        other = unit_follow_merge(other);
-
-        if (other == u)
-                return 0;
-
-        if (u->type != other->type)
-                return -EINVAL;
-
-        if (!u->instance != !other->instance)
-                return -EINVAL;
-
-        if (!unit_type_may_alias(u->type)) /* Merging only applies to unit names that support aliases */
-                return -EEXIST;
-
-        if (other->load_state != UNIT_STUB &&
-            other->load_state != UNIT_NOT_FOUND)
-                return -EEXIST;
-
-        if (other->job)
-                return -EEXIST;
-
-        if (other->nop_job)
-                return -EEXIST;
-
-        if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
-                return -EEXIST;
-
-        if (other->id)
-                other_id = strdupa(other->id);
-
-        /* Make reservations to ensure merge_dependencies() won't fail */
-        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
-                r = reserve_dependencies(u, other, d);
-                /*
-                 * We don't rollback reservations if we fail. We don't have
-                 * a way to undo reservations. A reservation is not a leak.
-                 */
-                if (r < 0)
-                        return r;
-        }
-
-        /* Merge names */
-        r = merge_names(u, other);
-        if (r < 0)
-                return r;
-
-        /* Redirect all references */
-        while (other->refs)
-                unit_ref_set(other->refs, u);
-
-        /* Merge dependencies */
-        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
-                merge_dependencies(u, other, other_id, d);
-
-        other->load_state = UNIT_MERGED;
-        other->merged_into = u;
-
-        /* If there is still some data attached to the other node, we
-         * don't need it anymore, and can free it. */
-        if (other->load_state != UNIT_STUB)
-                if (UNIT_VTABLE(other)->done)
-                        UNIT_VTABLE(other)->done(other);
-
-        unit_add_to_dbus_queue(u);
-        unit_add_to_cleanup_queue(other);
-
-        return 0;
-}
-
-int unit_merge_by_name(Unit *u, const char *name) {
-        _cleanup_free_ char *s = NULL;
-        Unit *other;
-        int r;
-
-        assert(u);
-        assert(name);
-
-        if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
-                if (!u->instance)
-                        return -EINVAL;
-
-                r = unit_name_replace_instance(name, u->instance, &s);
-                if (r < 0)
-                        return r;
-
-                name = s;
-        }
-
-        other = manager_get_unit(u->manager, name);
-        if (other)
-                return unit_merge(u, other);
-
-        return unit_add_name(u, name);
-}
-
-Unit* unit_follow_merge(Unit *u) {
-        assert(u);
-
-        while (u->load_state == UNIT_MERGED)
-                assert_se(u = u->merged_into);
-
-        return u;
-}
-
-int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
-        int r;
-
-        assert(u);
-        assert(c);
-
-        if (c->working_directory) {
-                r = unit_require_mounts_for(u, c->working_directory);
-                if (r < 0)
-                        return r;
-        }
-
-        if (c->root_directory) {
-                r = unit_require_mounts_for(u, c->root_directory);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!MANAGER_IS_SYSTEM(u->manager))
-                return 0;
-
-        if (c->private_tmp) {
-                r = unit_require_mounts_for(u, "/tmp");
-                if (r < 0)
-                        return r;
-
-                r = unit_require_mounts_for(u, "/var/tmp");
-                if (r < 0)
-                        return r;
-        }
-
-        if (c->std_output != EXEC_OUTPUT_KMSG &&
-            c->std_output != EXEC_OUTPUT_SYSLOG &&
-            c->std_output != EXEC_OUTPUT_JOURNAL &&
-            c->std_output != EXEC_OUTPUT_KMSG_AND_CONSOLE &&
-            c->std_output != EXEC_OUTPUT_SYSLOG_AND_CONSOLE &&
-            c->std_output != EXEC_OUTPUT_JOURNAL_AND_CONSOLE &&
-            c->std_error != EXEC_OUTPUT_KMSG &&
-            c->std_error != EXEC_OUTPUT_SYSLOG &&
-            c->std_error != EXEC_OUTPUT_JOURNAL &&
-            c->std_error != EXEC_OUTPUT_KMSG_AND_CONSOLE &&
-            c->std_error != EXEC_OUTPUT_JOURNAL_AND_CONSOLE &&
-            c->std_error != EXEC_OUTPUT_SYSLOG_AND_CONSOLE)
-                return 0;
-
-        /* If syslog or kernel logging is requested, make sure our own
-         * logging daemon is run first. */
-
-        r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, NULL, true);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-const char *unit_description(Unit *u) {
-        assert(u);
-
-        if (u->description)
-                return u->description;
-
-        return strna(u->id);
-}
-
-void unit_dump(Unit *u, FILE *f, const char *prefix) {
-        char *t, **j;
-        UnitDependency d;
-        Iterator i;
-        const char *prefix2;
-        char
-                timestamp0[FORMAT_TIMESTAMP_MAX],
-                timestamp1[FORMAT_TIMESTAMP_MAX],
-                timestamp2[FORMAT_TIMESTAMP_MAX],
-                timestamp3[FORMAT_TIMESTAMP_MAX],
-                timestamp4[FORMAT_TIMESTAMP_MAX],
-                timespan[FORMAT_TIMESPAN_MAX];
-        Unit *following;
-        _cleanup_set_free_ Set *following_set = NULL;
-        int r;
-
-        assert(u);
-        assert(u->type >= 0);
-
-        prefix = strempty(prefix);
-        prefix2 = strjoina(prefix, "\t");
-
-        fprintf(f,
-                "%s-> Unit %s:\n"
-                "%s\tDescription: %s\n"
-                "%s\tInstance: %s\n"
-                "%s\tUnit Load State: %s\n"
-                "%s\tUnit Active State: %s\n"
-                "%s\tState Change Timestamp: %s\n"
-                "%s\tInactive Exit Timestamp: %s\n"
-                "%s\tActive Enter Timestamp: %s\n"
-                "%s\tActive Exit Timestamp: %s\n"
-                "%s\tInactive Enter Timestamp: %s\n"
-                "%s\tGC Check Good: %s\n"
-                "%s\tNeed Daemon Reload: %s\n"
-                "%s\tTransient: %s\n"
-                "%s\tSlice: %s\n"
-                "%s\tCGroup: %s\n"
-                "%s\tCGroup realized: %s\n"
-                "%s\tCGroup mask: 0x%x\n"
-                "%s\tCGroup members mask: 0x%x\n",
-                prefix, u->id,
-                prefix, unit_description(u),
-                prefix, strna(u->instance),
-                prefix, unit_load_state_to_string(u->load_state),
-                prefix, unit_active_state_to_string(unit_active_state(u)),
-                prefix, strna(format_timestamp(timestamp0, sizeof(timestamp0), u->state_change_timestamp.realtime)),
-                prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->inactive_exit_timestamp.realtime)),
-                prefix, strna(format_timestamp(timestamp2, sizeof(timestamp2), u->active_enter_timestamp.realtime)),
-                prefix, strna(format_timestamp(timestamp3, sizeof(timestamp3), u->active_exit_timestamp.realtime)),
-                prefix, strna(format_timestamp(timestamp4, sizeof(timestamp4), u->inactive_enter_timestamp.realtime)),
-                prefix, yes_no(unit_check_gc(u)),
-                prefix, yes_no(unit_need_daemon_reload(u)),
-                prefix, yes_no(u->transient),
-                prefix, strna(unit_slice_name(u)),
-                prefix, strna(u->cgroup_path),
-                prefix, yes_no(u->cgroup_realized),
-                prefix, u->cgroup_realized_mask,
-                prefix, u->cgroup_members_mask);
-
-        SET_FOREACH(t, u->names, i)
-                fprintf(f, "%s\tName: %s\n", prefix, t);
-
-        STRV_FOREACH(j, u->documentation)
-                fprintf(f, "%s\tDocumentation: %s\n", prefix, *j);
-
-        following = unit_following(u);
-        if (following)
-                fprintf(f, "%s\tFollowing: %s\n", prefix, following->id);
-
-        r = unit_following_set(u, &following_set);
-        if (r >= 0) {
-                Unit *other;
-
-                SET_FOREACH(other, following_set, i)
-                        fprintf(f, "%s\tFollowing Set Member: %s\n", prefix, other->id);
-        }
-
-        if (u->fragment_path)
-                fprintf(f, "%s\tFragment Path: %s\n", prefix, u->fragment_path);
-
-        if (u->source_path)
-                fprintf(f, "%s\tSource Path: %s\n", prefix, u->source_path);
-
-        STRV_FOREACH(j, u->dropin_paths)
-                fprintf(f, "%s\tDropIn Path: %s\n", prefix, *j);
-
-        if (u->job_timeout != USEC_INFINITY)
-                fprintf(f, "%s\tJob Timeout: %s\n", prefix, format_timespan(timespan, sizeof(timespan), u->job_timeout, 0));
-
-        if (u->job_timeout_action != FAILURE_ACTION_NONE)
-                fprintf(f, "%s\tJob Timeout Action: %s\n", prefix, failure_action_to_string(u->job_timeout_action));
-
-        if (u->job_timeout_reboot_arg)
-                fprintf(f, "%s\tJob Timeout Reboot Argument: %s\n", prefix, u->job_timeout_reboot_arg);
-
-        condition_dump_list(u->conditions, f, prefix, condition_type_to_string);
-        condition_dump_list(u->asserts, f, prefix, assert_type_to_string);
-
-        if (dual_timestamp_is_set(&u->condition_timestamp))
-                fprintf(f,
-                        "%s\tCondition Timestamp: %s\n"
-                        "%s\tCondition Result: %s\n",
-                        prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->condition_timestamp.realtime)),
-                        prefix, yes_no(u->condition_result));
-
-        if (dual_timestamp_is_set(&u->assert_timestamp))
-                fprintf(f,
-                        "%s\tAssert Timestamp: %s\n"
-                        "%s\tAssert Result: %s\n",
-                        prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->assert_timestamp.realtime)),
-                        prefix, yes_no(u->assert_result));
-
-        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
-                Unit *other;
-
-                SET_FOREACH(other, u->dependencies[d], i)
-                        fprintf(f, "%s\t%s: %s\n", prefix, unit_dependency_to_string(d), other->id);
-        }
-
-        if (!strv_isempty(u->requires_mounts_for)) {
-                fprintf(f,
-                        "%s\tRequiresMountsFor:", prefix);
-
-                STRV_FOREACH(j, u->requires_mounts_for)
-                        fprintf(f, " %s", *j);
-
-                fputs("\n", f);
-        }
-
-        if (u->load_state == UNIT_LOADED) {
-
-                fprintf(f,
-                        "%s\tStopWhenUnneeded: %s\n"
-                        "%s\tRefuseManualStart: %s\n"
-                        "%s\tRefuseManualStop: %s\n"
-                        "%s\tDefaultDependencies: %s\n"
-                        "%s\tOnFailureJobMode: %s\n"
-                        "%s\tIgnoreOnIsolate: %s\n",
-                        prefix, yes_no(u->stop_when_unneeded),
-                        prefix, yes_no(u->refuse_manual_start),
-                        prefix, yes_no(u->refuse_manual_stop),
-                        prefix, yes_no(u->default_dependencies),
-                        prefix, job_mode_to_string(u->on_failure_job_mode),
-                        prefix, yes_no(u->ignore_on_isolate));
-
-                if (UNIT_VTABLE(u)->dump)
-                        UNIT_VTABLE(u)->dump(u, f, prefix2);
-
-        } else if (u->load_state == UNIT_MERGED)
-                fprintf(f,
-                        "%s\tMerged into: %s\n",
-                        prefix, u->merged_into->id);
-        else if (u->load_state == UNIT_ERROR)
-                fprintf(f, "%s\tLoad Error Code: %s\n", prefix, strerror(-u->load_error));
-
-
-        if (u->job)
-                job_dump(u->job, f, prefix2);
-
-        if (u->nop_job)
-                job_dump(u->nop_job, f, prefix2);
-
-}
-
-/* Common implementation for multiple backends */
-int unit_load_fragment_and_dropin(Unit *u) {
-        int r;
-
-        assert(u);
-
-        /* Load a .{service,socket,...} file */
-        r = unit_load_fragment(u);
-        if (r < 0)
-                return r;
-
-        if (u->load_state == UNIT_STUB)
-                return -ENOENT;
-
-        /* Load drop-in directory data */
-        r = unit_load_dropin(unit_follow_merge(u));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-/* Common implementation for multiple backends */
-int unit_load_fragment_and_dropin_optional(Unit *u) {
-        int r;
-
-        assert(u);
-
-        /* Same as unit_load_fragment_and_dropin(), but whether
-         * something can be loaded or not doesn't matter. */
-
-        /* Load a .service file */
-        r = unit_load_fragment(u);
-        if (r < 0)
-                return r;
-
-        if (u->load_state == UNIT_STUB)
-                u->load_state = UNIT_LOADED;
-
-        /* Load drop-in directory data */
-        r = unit_load_dropin(unit_follow_merge(u));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int unit_add_default_target_dependency(Unit *u, Unit *target) {
-        assert(u);
-        assert(target);
-
-        if (target->type != UNIT_TARGET)
-                return 0;
-
-        /* Only add the dependency if both units are loaded, so that
-         * that loop check below is reliable */
-        if (u->load_state != UNIT_LOADED ||
-            target->load_state != UNIT_LOADED)
-                return 0;
-
-        /* If either side wants no automatic dependencies, then let's
-         * skip this */
-        if (!u->default_dependencies ||
-            !target->default_dependencies)
-                return 0;
-
-        /* Don't create loops */
-        if (set_get(target->dependencies[UNIT_BEFORE], u))
-                return 0;
-
-        return unit_add_dependency(target, UNIT_AFTER, u, true);
-}
-
-static int unit_add_target_dependencies(Unit *u) {
-
-        static const UnitDependency deps[] = {
-                UNIT_REQUIRED_BY,
-                UNIT_REQUISITE_OF,
-                UNIT_WANTED_BY,
-                UNIT_BOUND_BY
-        };
-
-        Unit *target;
-        Iterator i;
-        unsigned k;
-        int r = 0;
-
-        assert(u);
-
-        for (k = 0; k < ELEMENTSOF(deps); k++)
-                SET_FOREACH(target, u->dependencies[deps[k]], i) {
-                        r = unit_add_default_target_dependency(u, target);
-                        if (r < 0)
-                                return r;
-                }
-
-        return r;
-}
-
-static int unit_add_slice_dependencies(Unit *u) {
-        assert(u);
-
-        if (!UNIT_HAS_CGROUP_CONTEXT(u))
-                return 0;
-
-        if (UNIT_ISSET(u->slice))
-                return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_REQUIRES, UNIT_DEREF(u->slice), true);
-
-        if (unit_has_name(u, SPECIAL_ROOT_SLICE))
-                return 0;
-
-        return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_ROOT_SLICE, NULL, true);
-}
-
-static int unit_add_mount_dependencies(Unit *u) {
-        char **i;
-        int r;
-
-        assert(u);
-
-        STRV_FOREACH(i, u->requires_mounts_for) {
-                char prefix[strlen(*i) + 1];
-
-                PATH_FOREACH_PREFIX_MORE(prefix, *i) {
-                        _cleanup_free_ char *p = NULL;
-                        Unit *m;
-
-                        r = unit_name_from_path(prefix, ".mount", &p);
-                        if (r < 0)
-                                return r;
-
-                        m = manager_get_unit(u->manager, p);
-                        if (!m) {
-                                /* Make sure to load the mount unit if
-                                 * it exists. If so the dependencies
-                                 * on this unit will be added later
-                                 * during the loading of the mount
-                                 * unit. */
-                                (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m);
-                                continue;
-                        }
-                        if (m == u)
-                                continue;
-
-                        if (m->load_state != UNIT_LOADED)
-                                continue;
-
-                        r = unit_add_dependency(u, UNIT_AFTER, m, true);
-                        if (r < 0)
-                                return r;
-
-                        if (m->fragment_path) {
-                                r = unit_add_dependency(u, UNIT_REQUIRES, m, true);
-                                if (r < 0)
-                                        return r;
-                        }
-                }
-        }
-
-        return 0;
-}
-
-static int unit_add_startup_units(Unit *u) {
-        CGroupContext *c;
-        int r;
-
-        c = unit_get_cgroup_context(u);
-        if (!c)
-                return 0;
-
-        if (c->startup_cpu_shares == CGROUP_CPU_SHARES_INVALID &&
-            c->startup_io_weight == CGROUP_WEIGHT_INVALID &&
-            c->startup_blockio_weight == CGROUP_BLKIO_WEIGHT_INVALID)
-                return 0;
-
-        r = set_ensure_allocated(&u->manager->startup_units, NULL);
-        if (r < 0)
-                return r;
-
-        return set_put(u->manager->startup_units, u);
-}
-
-int unit_load(Unit *u) {
-        int r;
-
-        assert(u);
-
-        if (u->in_load_queue) {
-                LIST_REMOVE(load_queue, u->manager->load_queue, u);
-                u->in_load_queue = false;
-        }
-
-        if (u->type == _UNIT_TYPE_INVALID)
-                return -EINVAL;
-
-        if (u->load_state != UNIT_STUB)
-                return 0;
-
-        if (u->transient_file) {
-                r = fflush_and_check(u->transient_file);
-                if (r < 0)
-                        goto fail;
-
-                fclose(u->transient_file);
-                u->transient_file = NULL;
-
-                u->fragment_mtime = now(CLOCK_REALTIME);
-        }
-
-        if (UNIT_VTABLE(u)->load) {
-                r = UNIT_VTABLE(u)->load(u);
-                if (r < 0)
-                        goto fail;
-        }
-
-        if (u->load_state == UNIT_STUB) {
-                r = -ENOENT;
-                goto fail;
-        }
-
-        if (u->load_state == UNIT_LOADED) {
-
-                r = unit_add_target_dependencies(u);
-                if (r < 0)
-                        goto fail;
-
-                r = unit_add_slice_dependencies(u);
-                if (r < 0)
-                        goto fail;
-
-                r = unit_add_mount_dependencies(u);
-                if (r < 0)
-                        goto fail;
-
-                r = unit_add_startup_units(u);
-                if (r < 0)
-                        goto fail;
-
-                if (u->on_failure_job_mode == JOB_ISOLATE && set_size(u->dependencies[UNIT_ON_FAILURE]) > 1) {
-                        log_unit_error(u, "More than one OnFailure= dependencies specified but OnFailureJobMode=isolate set. Refusing.");
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                unit_update_cgroup_members_masks(u);
-        }
-
-        assert((u->load_state != UNIT_MERGED) == !u->merged_into);
-
-        unit_add_to_dbus_queue(unit_follow_merge(u));
-        unit_add_to_gc_queue(u);
-
-        return 0;
-
-fail:
-        u->load_state = u->load_state == UNIT_STUB ? UNIT_NOT_FOUND : UNIT_ERROR;
-        u->load_error = r;
-        unit_add_to_dbus_queue(u);
-        unit_add_to_gc_queue(u);
-
-        log_unit_debug_errno(u, r, "Failed to load configuration: %m");
-
-        return r;
-}
-
-static bool unit_condition_test_list(Unit *u, Condition *first, const char *(*to_string)(ConditionType t)) {
-        Condition *c;
-        int triggered = -1;
-
-        assert(u);
-        assert(to_string);
-
-        /* If the condition list is empty, then it is true */
-        if (!first)
-                return true;
-
-        /* Otherwise, if all of the non-trigger conditions apply and
-         * if any of the trigger conditions apply (unless there are
-         * none) we return true */
-        LIST_FOREACH(conditions, c, first) {
-                int r;
-
-                r = condition_test(c);
-                if (r < 0)
-                        log_unit_warning(u,
-                                         "Couldn't determine result for %s=%s%s%s, assuming failed: %m",
-                                         to_string(c->type),
-                                         c->trigger ? "|" : "",
-                                         c->negate ? "!" : "",
-                                         c->parameter);
-                else
-                        log_unit_debug(u,
-                                       "%s=%s%s%s %s.",
-                                       to_string(c->type),
-                                       c->trigger ? "|" : "",
-                                       c->negate ? "!" : "",
-                                       c->parameter,
-                                       condition_result_to_string(c->result));
-
-                if (!c->trigger && r <= 0)
-                        return false;
-
-                if (c->trigger && triggered <= 0)
-                        triggered = r > 0;
-        }
-
-        return triggered != 0;
-}
-
-static bool unit_condition_test(Unit *u) {
-        assert(u);
-
-        dual_timestamp_get(&u->condition_timestamp);
-        u->condition_result = unit_condition_test_list(u, u->conditions, condition_type_to_string);
-
-        return u->condition_result;
-}
-
-static bool unit_assert_test(Unit *u) {
-        assert(u);
-
-        dual_timestamp_get(&u->assert_timestamp);
-        u->assert_result = unit_condition_test_list(u, u->asserts, assert_type_to_string);
-
-        return u->assert_result;
-}
-
-void unit_status_printf(Unit *u, const char *status, const char *unit_status_msg_format) {
-        DISABLE_WARNING_FORMAT_NONLITERAL;
-        manager_status_printf(u->manager, STATUS_TYPE_NORMAL, status, unit_status_msg_format, unit_description(u));
-        REENABLE_WARNING;
-}
-
-_pure_ static const char* unit_get_status_message_format(Unit *u, JobType t) {
-        const char *format;
-        const UnitStatusMessageFormats *format_table;
-
-        assert(u);
-        assert(IN_SET(t, JOB_START, JOB_STOP, JOB_RELOAD));
-
-        if (t != JOB_RELOAD) {
-                format_table = &UNIT_VTABLE(u)->status_message_formats;
-                if (format_table) {
-                        format = format_table->starting_stopping[t == JOB_STOP];
-                        if (format)
-                                return format;
-                }
-        }
-
-        /* Return generic strings */
-        if (t == JOB_START)
-                return "Starting %s.";
-        else if (t == JOB_STOP)
-                return "Stopping %s.";
-        else
-                return "Reloading %s.";
-}
-
-static void unit_status_print_starting_stopping(Unit *u, JobType t) {
-        const char *format;
-
-        assert(u);
-
-        /* Reload status messages have traditionally not been printed to console. */
-        if (!IN_SET(t, JOB_START, JOB_STOP))
-                return;
-
-        format = unit_get_status_message_format(u, t);
-
-        DISABLE_WARNING_FORMAT_NONLITERAL;
-        unit_status_printf(u, "", format);
-        REENABLE_WARNING;
-}
-
-static void unit_status_log_starting_stopping_reloading(Unit *u, JobType t) {
-        const char *format;
-        char buf[LINE_MAX];
-        sd_id128_t mid;
-
-        assert(u);
-
-        if (!IN_SET(t, JOB_START, JOB_STOP, JOB_RELOAD))
-                return;
-
-        if (log_on_console())
-                return;
-
-        /* We log status messages for all units and all operations. */
-
-        format = unit_get_status_message_format(u, t);
-
-        DISABLE_WARNING_FORMAT_NONLITERAL;
-        xsprintf(buf, format, unit_description(u));
-        REENABLE_WARNING;
-
-        mid = t == JOB_START ? SD_MESSAGE_UNIT_STARTING :
-              t == JOB_STOP  ? SD_MESSAGE_UNIT_STOPPING :
-                               SD_MESSAGE_UNIT_RELOADING;
-
-        /* Note that we deliberately use LOG_MESSAGE() instead of
-         * LOG_UNIT_MESSAGE() here, since this is supposed to mimic
-         * closely what is written to screen using the status output,
-         * which is supposed the highest level, friendliest output
-         * possible, which means we should avoid the low-level unit
-         * name. */
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(mid),
-                   LOG_UNIT_ID(u),
-                   LOG_MESSAGE("%s", buf),
-                   NULL);
-}
-
-void unit_status_emit_starting_stopping_reloading(Unit *u, JobType t) {
-        assert(u);
-        assert(t >= 0);
-        assert(t < _JOB_TYPE_MAX);
-
-        unit_status_log_starting_stopping_reloading(u, t);
-        unit_status_print_starting_stopping(u, t);
-}
-
-int unit_start_limit_test(Unit *u) {
-        assert(u);
-
-        if (ratelimit_test(&u->start_limit)) {
-                u->start_limit_hit = false;
-                return 0;
-        }
-
-        log_unit_warning(u, "Start request repeated too quickly.");
-        u->start_limit_hit = true;
-
-        return failure_action(u->manager, u->start_limit_action, u->reboot_arg);
-}
-
-/* Errors:
- *         -EBADR:      This unit type does not support starting.
- *         -EALREADY:   Unit is already started.
- *         -EAGAIN:     An operation is already in progress. Retry later.
- *         -ECANCELED:  Too many requests for now.
- *         -EPROTO:     Assert failed
- *         -EINVAL:     Unit not loaded
- *         -EOPNOTSUPP: Unit type not supported
- */
-int unit_start(Unit *u) {
-        UnitActiveState state;
-        Unit *following;
-
-        assert(u);
-
-        /* If this is already started, then this will succeed. Note
-         * that this will even succeed if this unit is not startable
-         * by the user. This is relied on to detect when we need to
-         * wait for units and when waiting is finished. */
-        state = unit_active_state(u);
-        if (UNIT_IS_ACTIVE_OR_RELOADING(state))
-                return -EALREADY;
-
-        /* Units that aren't loaded cannot be started */
-        if (u->load_state != UNIT_LOADED)
-                return -EINVAL;
-
-        /* If the conditions failed, don't do anything at all. If we
-         * already are activating this call might still be useful to
-         * speed up activation in case there is some hold-off time,
-         * but we don't want to recheck the condition in that case. */
-        if (state != UNIT_ACTIVATING &&
-            !unit_condition_test(u)) {
-                log_unit_debug(u, "Starting requested but condition failed. Not starting unit.");
-                return -EALREADY;
-        }
-
-        /* If the asserts failed, fail the entire job */
-        if (state != UNIT_ACTIVATING &&
-            !unit_assert_test(u)) {
-                log_unit_notice(u, "Starting requested but asserts failed.");
-                return -EPROTO;
-        }
-
-        /* Units of types that aren't supported cannot be
-         * started. Note that we do this test only after the condition
-         * checks, so that we rather return condition check errors
-         * (which are usually not considered a true failure) than "not
-         * supported" errors (which are considered a failure).
-         */
-        if (!unit_supported(u))
-                return -EOPNOTSUPP;
-
-        /* Forward to the main object, if we aren't it. */
-        following = unit_following(u);
-        if (following) {
-                log_unit_debug(u, "Redirecting start request from %s to %s.", u->id, following->id);
-                return unit_start(following);
-        }
-
-        /* If it is stopped, but we cannot start it, then fail */
-        if (!UNIT_VTABLE(u)->start)
-                return -EBADR;
-
-        /* We don't suppress calls to ->start() here when we are
-         * already starting, to allow this request to be used as a
-         * "hurry up" call, for example when the unit is in some "auto
-         * restart" state where it waits for a holdoff timer to elapse
-         * before it will start again. */
-
-        unit_add_to_dbus_queue(u);
-
-        return UNIT_VTABLE(u)->start(u);
-}
-
-bool unit_can_start(Unit *u) {
-        assert(u);
-
-        if (u->load_state != UNIT_LOADED)
-                return false;
-
-        if (!unit_supported(u))
-                return false;
-
-        return !!UNIT_VTABLE(u)->start;
-}
-
-bool unit_can_isolate(Unit *u) {
-        assert(u);
-
-        return unit_can_start(u) &&
-                u->allow_isolate;
-}
-
-/* Errors:
- *         -EBADR:    This unit type does not support stopping.
- *         -EALREADY: Unit is already stopped.
- *         -EAGAIN:   An operation is already in progress. Retry later.
- */
-int unit_stop(Unit *u) {
-        UnitActiveState state;
-        Unit *following;
-
-        assert(u);
-
-        state = unit_active_state(u);
-        if (UNIT_IS_INACTIVE_OR_FAILED(state))
-                return -EALREADY;
-
-        following = unit_following(u);
-        if (following) {
-                log_unit_debug(u, "Redirecting stop request from %s to %s.", u->id, following->id);
-                return unit_stop(following);
-        }
-
-        if (!UNIT_VTABLE(u)->stop)
-                return -EBADR;
-
-        unit_add_to_dbus_queue(u);
-
-        return UNIT_VTABLE(u)->stop(u);
-}
-
-/* Errors:
- *         -EBADR:    This unit type does not support reloading.
- *         -ENOEXEC:  Unit is not started.
- *         -EAGAIN:   An operation is already in progress. Retry later.
- */
-int unit_reload(Unit *u) {
-        UnitActiveState state;
-        Unit *following;
-
-        assert(u);
-
-        if (u->load_state != UNIT_LOADED)
-                return -EINVAL;
-
-        if (!unit_can_reload(u))
-                return -EBADR;
-
-        state = unit_active_state(u);
-        if (state == UNIT_RELOADING)
-                return -EALREADY;
-
-        if (state != UNIT_ACTIVE) {
-                log_unit_warning(u, "Unit cannot be reloaded because it is inactive.");
-                return -ENOEXEC;
-        }
-
-        following = unit_following(u);
-        if (following) {
-                log_unit_debug(u, "Redirecting reload request from %s to %s.", u->id, following->id);
-                return unit_reload(following);
-        }
-
-        unit_add_to_dbus_queue(u);
-
-        return UNIT_VTABLE(u)->reload(u);
-}
-
-bool unit_can_reload(Unit *u) {
-        assert(u);
-
-        if (!UNIT_VTABLE(u)->reload)
-                return false;
-
-        if (!UNIT_VTABLE(u)->can_reload)
-                return true;
-
-        return UNIT_VTABLE(u)->can_reload(u);
-}
-
-static void unit_check_unneeded(Unit *u) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-
-        static const UnitDependency needed_dependencies[] = {
-                UNIT_REQUIRED_BY,
-                UNIT_REQUISITE_OF,
-                UNIT_WANTED_BY,
-                UNIT_BOUND_BY,
-        };
-
-        Unit *other;
-        Iterator i;
-        unsigned j;
-        int r;
-
-        assert(u);
-
-        /* If this service shall be shut down when unneeded then do
-         * so. */
-
-        if (!u->stop_when_unneeded)
-                return;
-
-        if (!UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
-                return;
-
-        for (j = 0; j < ELEMENTSOF(needed_dependencies); j++)
-                SET_FOREACH(other, u->dependencies[needed_dependencies[j]], i)
-                        if (unit_active_or_pending(other))
-                                return;
-
-        /* If stopping a unit fails continously we might enter a stop
-         * loop here, hence stop acting on the service being
-         * unnecessary after a while. */
-        if (!ratelimit_test(&u->auto_stop_ratelimit)) {
-                log_unit_warning(u, "Unit not needed anymore, but not stopping since we tried this too often recently.");
-                return;
-        }
-
-        log_unit_info(u, "Unit not needed anymore. Stopping.");
-
-        /* Ok, nobody needs us anymore. Sniff. Then let's commit suicide */
-        r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, &error, NULL);
-        if (r < 0)
-                log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
-}
-
-static void unit_check_binds_to(Unit *u) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        bool stop = false;
-        Unit *other;
-        Iterator i;
-        int r;
-
-        assert(u);
-
-        if (u->job)
-                return;
-
-        if (unit_active_state(u) != UNIT_ACTIVE)
-                return;
-
-        SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i) {
-                if (other->job)
-                        continue;
-
-                if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
-                        continue;
-
-                stop = true;
-                break;
-        }
-
-        if (!stop)
-                return;
-
-        /* If stopping a unit fails continously we might enter a stop
-         * loop here, hence stop acting on the service being
-         * unnecessary after a while. */
-        if (!ratelimit_test(&u->auto_stop_ratelimit)) {
-                log_unit_warning(u, "Unit is bound to inactive unit %s, but not stopping since we tried this too often recently.", other->id);
-                return;
-        }
-
-        assert(other);
-        log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id);
-
-        /* A unit we need to run is gone. Sniff. Let's stop this. */
-        r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, &error, NULL);
-        if (r < 0)
-                log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
-}
-
-static void retroactively_start_dependencies(Unit *u) {
-        Iterator i;
-        Unit *other;
-
-        assert(u);
-        assert(UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)));
-
-        SET_FOREACH(other, u->dependencies[UNIT_REQUIRES], i)
-                if (!set_get(u->dependencies[UNIT_AFTER], other) &&
-                    !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
-                        manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL);
-
-        SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i)
-                if (!set_get(u->dependencies[UNIT_AFTER], other) &&
-                    !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
-                        manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL);
-
-        SET_FOREACH(other, u->dependencies[UNIT_WANTS], i)
-                if (!set_get(u->dependencies[UNIT_AFTER], other) &&
-                    !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
-                        manager_add_job(u->manager, JOB_START, other, JOB_FAIL, NULL, NULL);
-
-        SET_FOREACH(other, u->dependencies[UNIT_CONFLICTS], i)
-                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
-                        manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
-
-        SET_FOREACH(other, u->dependencies[UNIT_CONFLICTED_BY], i)
-                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
-                        manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
-}
-
-static void retroactively_stop_dependencies(Unit *u) {
-        Iterator i;
-        Unit *other;
-
-        assert(u);
-        assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
-
-        /* Pull down units which are bound to us recursively if enabled */
-        SET_FOREACH(other, u->dependencies[UNIT_BOUND_BY], i)
-                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
-                        manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
-}
-
-static void check_unneeded_dependencies(Unit *u) {
-        Iterator i;
-        Unit *other;
-
-        assert(u);
-        assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
-
-        /* Garbage collect services that might not be needed anymore, if enabled */
-        SET_FOREACH(other, u->dependencies[UNIT_REQUIRES], i)
-                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
-                        unit_check_unneeded(other);
-        SET_FOREACH(other, u->dependencies[UNIT_WANTS], i)
-                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
-                        unit_check_unneeded(other);
-        SET_FOREACH(other, u->dependencies[UNIT_REQUISITE], i)
-                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
-                        unit_check_unneeded(other);
-        SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i)
-                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
-                        unit_check_unneeded(other);
-}
-
-void unit_start_on_failure(Unit *u) {
-        Unit *other;
-        Iterator i;
-
-        assert(u);
-
-        if (set_size(u->dependencies[UNIT_ON_FAILURE]) <= 0)
-                return;
-
-        log_unit_info(u, "Triggering OnFailure= dependencies.");
-
-        SET_FOREACH(other, u->dependencies[UNIT_ON_FAILURE], i) {
-                int r;
-
-                r = manager_add_job(u->manager, JOB_START, other, u->on_failure_job_mode, NULL, NULL);
-                if (r < 0)
-                        log_unit_error_errno(u, r, "Failed to enqueue OnFailure= job: %m");
-        }
-}
-
-void unit_trigger_notify(Unit *u) {
-        Unit *other;
-        Iterator i;
-
-        assert(u);
-
-        SET_FOREACH(other, u->dependencies[UNIT_TRIGGERED_BY], i)
-                if (UNIT_VTABLE(other)->trigger_notify)
-                        UNIT_VTABLE(other)->trigger_notify(other, u);
-}
-
-void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_success) {
-        Manager *m;
-        bool unexpected;
-
-        assert(u);
-        assert(os < _UNIT_ACTIVE_STATE_MAX);
-        assert(ns < _UNIT_ACTIVE_STATE_MAX);
-
-        /* Note that this is called for all low-level state changes,
-         * even if they might map to the same high-level
-         * UnitActiveState! That means that ns == os is an expected
-         * behavior here. For example: if a mount point is remounted
-         * this function will be called too! */
-
-        m = u->manager;
-
-        /* Update timestamps for state changes */
-        if (!MANAGER_IS_RELOADING(m)) {
-                dual_timestamp_get(&u->state_change_timestamp);
-
-                if (UNIT_IS_INACTIVE_OR_FAILED(os) && !UNIT_IS_INACTIVE_OR_FAILED(ns))
-                        u->inactive_exit_timestamp = u->state_change_timestamp;
-                else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_INACTIVE_OR_FAILED(ns))
-                        u->inactive_enter_timestamp = u->state_change_timestamp;
-
-                if (!UNIT_IS_ACTIVE_OR_RELOADING(os) && UNIT_IS_ACTIVE_OR_RELOADING(ns))
-                        u->active_enter_timestamp = u->state_change_timestamp;
-                else if (UNIT_IS_ACTIVE_OR_RELOADING(os) && !UNIT_IS_ACTIVE_OR_RELOADING(ns))
-                        u->active_exit_timestamp = u->state_change_timestamp;
-        }
-
-        /* Keep track of failed units */
-        (void) manager_update_failed_units(u->manager, u, ns == UNIT_FAILED);
-
-        /* Make sure the cgroup is always removed when we become inactive */
-        if (UNIT_IS_INACTIVE_OR_FAILED(ns))
-                unit_prune_cgroup(u);
-
-        /* Note that this doesn't apply to RemainAfterExit services exiting
-         * successfully, since there's no change of state in that case. Which is
-         * why it is handled in service_set_state() */
-        if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) {
-                ExecContext *ec;
-
-                ec = unit_get_exec_context(u);
-                if (ec && exec_context_may_touch_console(ec)) {
-                        if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
-                                m->n_on_console--;
-
-                                if (m->n_on_console == 0)
-                                        /* unset no_console_output flag, since the console is free */
-                                        m->no_console_output = false;
-                        } else
-                                m->n_on_console++;
-                }
-        }
-
-        if (u->job) {
-                unexpected = false;
-
-                if (u->job->state == JOB_WAITING)
-
-                        /* So we reached a different state for this
-                         * job. Let's see if we can run it now if it
-                         * failed previously due to EAGAIN. */
-                        job_add_to_run_queue(u->job);
-
-                /* Let's check whether this state change constitutes a
-                 * finished job, or maybe contradicts a running job and
-                 * hence needs to invalidate jobs. */
-
-                switch (u->job->type) {
-
-                case JOB_START:
-                case JOB_VERIFY_ACTIVE:
-
-                        if (UNIT_IS_ACTIVE_OR_RELOADING(ns))
-                                job_finish_and_invalidate(u->job, JOB_DONE, true, false);
-                        else if (u->job->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
-                                unexpected = true;
-
-                                if (UNIT_IS_INACTIVE_OR_FAILED(ns))
-                                        job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
-                        }
-
-                        break;
-
-                case JOB_RELOAD:
-                case JOB_RELOAD_OR_START:
-                case JOB_TRY_RELOAD:
-
-                        if (u->job->state == JOB_RUNNING) {
-                                if (ns == UNIT_ACTIVE)
-                                        job_finish_and_invalidate(u->job, reload_success ? JOB_DONE : JOB_FAILED, true, false);
-                                else if (ns != UNIT_ACTIVATING && ns != UNIT_RELOADING) {
-                                        unexpected = true;
-
-                                        if (UNIT_IS_INACTIVE_OR_FAILED(ns))
-                                                job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
-                                }
-                        }
-
-                        break;
-
-                case JOB_STOP:
-                case JOB_RESTART:
-                case JOB_TRY_RESTART:
-
-                        if (UNIT_IS_INACTIVE_OR_FAILED(ns))
-                                job_finish_and_invalidate(u->job, JOB_DONE, true, false);
-                        else if (u->job->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) {
-                                unexpected = true;
-                                job_finish_and_invalidate(u->job, JOB_FAILED, true, false);
-                        }
-
-                        break;
-
-                default:
-                        assert_not_reached("Job type unknown");
-                }
-
-        } else
-                unexpected = true;
-
-        if (!MANAGER_IS_RELOADING(m)) {
-
-                /* If this state change happened without being
-                 * requested by a job, then let's retroactively start
-                 * or stop dependencies. We skip that step when
-                 * deserializing, since we don't want to create any
-                 * additional jobs just because something is already
-                 * activated. */
-
-                if (unexpected) {
-                        if (UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_ACTIVE_OR_ACTIVATING(ns))
-                                retroactively_start_dependencies(u);
-                        else if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
-                                retroactively_stop_dependencies(u);
-                }
-
-                /* stop unneeded units regardless if going down was expected or not */
-                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
-                        check_unneeded_dependencies(u);
-
-                if (ns != os && ns == UNIT_FAILED) {
-                        log_unit_notice(u, "Unit entered failed state.");
-                        unit_start_on_failure(u);
-                }
-        }
-
-        /* Some names are special */
-        if (UNIT_IS_ACTIVE_OR_RELOADING(ns)) {
-
-                if (unit_has_name(u, SPECIAL_DBUS_SERVICE))
-                        /* The bus might have just become available,
-                         * hence try to connect to it, if we aren't
-                         * yet connected. */
-                        bus_init(m, true);
-
-                if (u->type == UNIT_SERVICE &&
-                    !UNIT_IS_ACTIVE_OR_RELOADING(os) &&
-                    !MANAGER_IS_RELOADING(m)) {
-                        /* Write audit record if we have just finished starting up */
-                        manager_send_unit_audit(m, u, AUDIT_SERVICE_START, true);
-                        u->in_audit = true;
-                }
-
-                if (!UNIT_IS_ACTIVE_OR_RELOADING(os))
-                        manager_send_unit_plymouth(m, u);
-
-        } else {
-
-                /* We don't care about D-Bus here, since we'll get an
-                 * asynchronous notification for it anyway. */
-
-                if (u->type == UNIT_SERVICE &&
-                    UNIT_IS_INACTIVE_OR_FAILED(ns) &&
-                    !UNIT_IS_INACTIVE_OR_FAILED(os) &&
-                    !MANAGER_IS_RELOADING(m)) {
-
-                        /* Hmm, if there was no start record written
-                         * write it now, so that we always have a nice
-                         * pair */
-                        if (!u->in_audit) {
-                                manager_send_unit_audit(m, u, AUDIT_SERVICE_START, ns == UNIT_INACTIVE);
-
-                                if (ns == UNIT_INACTIVE)
-                                        manager_send_unit_audit(m, u, AUDIT_SERVICE_STOP, true);
-                        } else
-                                /* Write audit record if we have just finished shutting down */
-                                manager_send_unit_audit(m, u, AUDIT_SERVICE_STOP, ns == UNIT_INACTIVE);
-
-                        u->in_audit = false;
-                }
-        }
-
-        manager_recheck_journal(m);
-        unit_trigger_notify(u);
-
-        if (!MANAGER_IS_RELOADING(u->manager)) {
-                /* Maybe we finished startup and are now ready for
-                 * being stopped because unneeded? */
-                unit_check_unneeded(u);
-
-                /* Maybe we finished startup, but something we needed
-                 * has vanished? Let's die then. (This happens when
-                 * something BindsTo= to a Type=oneshot unit, as these
-                 * units go directly from starting to inactive,
-                 * without ever entering started.) */
-                unit_check_binds_to(u);
-        }
-
-        unit_add_to_dbus_queue(u);
-        unit_add_to_gc_queue(u);
-}
-
-int unit_watch_pid(Unit *u, pid_t pid) {
-        int q, r;
-
-        assert(u);
-        assert(pid >= 1);
-
-        /* Watch a specific PID. We only support one or two units
-         * watching each PID for now, not more. */
-
-        r = set_ensure_allocated(&u->pids, NULL);
-        if (r < 0)
-                return r;
-
-        r = hashmap_ensure_allocated(&u->manager->watch_pids1, NULL);
-        if (r < 0)
-                return r;
-
-        r = hashmap_put(u->manager->watch_pids1, PID_TO_PTR(pid), u);
-        if (r == -EEXIST) {
-                r = hashmap_ensure_allocated(&u->manager->watch_pids2, NULL);
-                if (r < 0)
-                        return r;
-
-                r = hashmap_put(u->manager->watch_pids2, PID_TO_PTR(pid), u);
-        }
-
-        q = set_put(u->pids, PID_TO_PTR(pid));
-        if (q < 0)
-                return q;
-
-        return r;
-}
-
-void unit_unwatch_pid(Unit *u, pid_t pid) {
-        assert(u);
-        assert(pid >= 1);
-
-        (void) hashmap_remove_value(u->manager->watch_pids1, PID_TO_PTR(pid), u);
-        (void) hashmap_remove_value(u->manager->watch_pids2, PID_TO_PTR(pid), u);
-        (void) set_remove(u->pids, PID_TO_PTR(pid));
-}
-
-void unit_unwatch_all_pids(Unit *u) {
-        assert(u);
-
-        while (!set_isempty(u->pids))
-                unit_unwatch_pid(u, PTR_TO_PID(set_first(u->pids)));
-
-        u->pids = set_free(u->pids);
-}
-
-void unit_tidy_watch_pids(Unit *u, pid_t except1, pid_t except2) {
-        Iterator i;
-        void *e;
-
-        assert(u);
-
-        /* Cleans dead PIDs from our list */
-
-        SET_FOREACH(e, u->pids, i) {
-                pid_t pid = PTR_TO_PID(e);
-
-                if (pid == except1 || pid == except2)
-                        continue;
-
-                if (!pid_is_unwaited(pid))
-                        unit_unwatch_pid(u, pid);
-        }
-}
-
-bool unit_job_is_applicable(Unit *u, JobType j) {
-        assert(u);
-        assert(j >= 0 && j < _JOB_TYPE_MAX);
-
-        switch (j) {
-
-        case JOB_VERIFY_ACTIVE:
-        case JOB_START:
-        case JOB_STOP:
-        case JOB_NOP:
-                return true;
-
-        case JOB_RESTART:
-        case JOB_TRY_RESTART:
-                return unit_can_start(u);
-
-        case JOB_RELOAD:
-        case JOB_TRY_RELOAD:
-                return unit_can_reload(u);
-
-        case JOB_RELOAD_OR_START:
-                return unit_can_reload(u) && unit_can_start(u);
-
-        default:
-                assert_not_reached("Invalid job type");
-        }
-}
-
-static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency) {
-        assert(u);
-
-        /* Only warn about some unit types */
-        if (!IN_SET(dependency, UNIT_CONFLICTS, UNIT_CONFLICTED_BY, UNIT_BEFORE, UNIT_AFTER, UNIT_ON_FAILURE, UNIT_TRIGGERS, UNIT_TRIGGERED_BY))
-                return;
-
-        if (streq_ptr(u->id, other))
-                log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id);
-        else
-                log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other), u->id);
-}
-
-int unit_add_dependency(Unit *u, UnitDependency d, Unit *other, bool add_reference) {
-
-        static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = {
-                [UNIT_REQUIRES] = UNIT_REQUIRED_BY,
-                [UNIT_WANTS] = UNIT_WANTED_BY,
-                [UNIT_REQUISITE] = UNIT_REQUISITE_OF,
-                [UNIT_BINDS_TO] = UNIT_BOUND_BY,
-                [UNIT_PART_OF] = UNIT_CONSISTS_OF,
-                [UNIT_REQUIRED_BY] = UNIT_REQUIRES,
-                [UNIT_REQUISITE_OF] = UNIT_REQUISITE,
-                [UNIT_WANTED_BY] = UNIT_WANTS,
-                [UNIT_BOUND_BY] = UNIT_BINDS_TO,
-                [UNIT_CONSISTS_OF] = UNIT_PART_OF,
-                [UNIT_CONFLICTS] = UNIT_CONFLICTED_BY,
-                [UNIT_CONFLICTED_BY] = UNIT_CONFLICTS,
-                [UNIT_BEFORE] = UNIT_AFTER,
-                [UNIT_AFTER] = UNIT_BEFORE,
-                [UNIT_ON_FAILURE] = _UNIT_DEPENDENCY_INVALID,
-                [UNIT_REFERENCES] = UNIT_REFERENCED_BY,
-                [UNIT_REFERENCED_BY] = UNIT_REFERENCES,
-                [UNIT_TRIGGERS] = UNIT_TRIGGERED_BY,
-                [UNIT_TRIGGERED_BY] = UNIT_TRIGGERS,
-                [UNIT_PROPAGATES_RELOAD_TO] = UNIT_RELOAD_PROPAGATED_FROM,
-                [UNIT_RELOAD_PROPAGATED_FROM] = UNIT_PROPAGATES_RELOAD_TO,
-                [UNIT_JOINS_NAMESPACE_OF] = UNIT_JOINS_NAMESPACE_OF,
-        };
-        int r, q = 0, v = 0, w = 0;
-        Unit *orig_u = u, *orig_other = other;
-
-        assert(u);
-        assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
-        assert(other);
-
-        u = unit_follow_merge(u);
-        other = unit_follow_merge(other);
-
-        /* We won't allow dependencies on ourselves. We will not
-         * consider them an error however. */
-        if (u == other) {
-                maybe_warn_about_dependency(orig_u, orig_other->id, d);
-                return 0;
-        }
-
-        r = set_ensure_allocated(&u->dependencies[d], NULL);
-        if (r < 0)
-                return r;
-
-        if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID) {
-                r = set_ensure_allocated(&other->dependencies[inverse_table[d]], NULL);
-                if (r < 0)
-                        return r;
-        }
-
-        if (add_reference) {
-                r = set_ensure_allocated(&u->dependencies[UNIT_REFERENCES], NULL);
-                if (r < 0)
-                        return r;
-
-                r = set_ensure_allocated(&other->dependencies[UNIT_REFERENCED_BY], NULL);
-                if (r < 0)
-                        return r;
-        }
-
-        q = set_put(u->dependencies[d], other);
-        if (q < 0)
-                return q;
-
-        if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) {
-                v = set_put(other->dependencies[inverse_table[d]], u);
-                if (v < 0) {
-                        r = v;
-                        goto fail;
-                }
-        }
-
-        if (add_reference) {
-                w = set_put(u->dependencies[UNIT_REFERENCES], other);
-                if (w < 0) {
-                        r = w;
-                        goto fail;
-                }
-
-                r = set_put(other->dependencies[UNIT_REFERENCED_BY], u);
-                if (r < 0)
-                        goto fail;
-        }
-
-        unit_add_to_dbus_queue(u);
-        return 0;
-
-fail:
-        if (q > 0)
-                set_remove(u->dependencies[d], other);
-
-        if (v > 0)
-                set_remove(other->dependencies[inverse_table[d]], u);
-
-        if (w > 0)
-                set_remove(u->dependencies[UNIT_REFERENCES], other);
-
-        return r;
-}
-
-int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference) {
-        int r;
-
-        assert(u);
-
-        r = unit_add_dependency(u, d, other, add_reference);
-        if (r < 0)
-                return r;
-
-        return unit_add_dependency(u, e, other, add_reference);
-}
-
-static int resolve_template(Unit *u, const char *name, const char*path, char **buf, const char **ret) {
-        int r;
-
-        assert(u);
-        assert(name || path);
-        assert(buf);
-        assert(ret);
-
-        if (!name)
-                name = basename(path);
-
-        if (!unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
-                *buf = NULL;
-                *ret = name;
-                return 0;
-        }
-
-        if (u->instance)
-                r = unit_name_replace_instance(name, u->instance, buf);
-        else {
-                _cleanup_free_ char *i = NULL;
-
-                r = unit_name_to_prefix(u->id, &i);
-                if (r < 0)
-                        return r;
-
-                r = unit_name_replace_instance(name, i, buf);
-        }
-        if (r < 0)
-                return r;
-
-        *ret = *buf;
-        return 0;
-}
-
-int unit_add_dependency_by_name(Unit *u, UnitDependency d, const char *name, const char *path, bool add_reference) {
-        _cleanup_free_ char *buf = NULL;
-        Unit *other;
-        int r;
-
-        assert(u);
-        assert(name || path);
-
-        r = resolve_template(u, name, path, &buf, &name);
-        if (r < 0)
-                return r;
-
-        r = manager_load_unit(u->manager, name, path, NULL, &other);
-        if (r < 0)
-                return r;
-
-        return unit_add_dependency(u, d, other, add_reference);
-}
-
-int unit_add_two_dependencies_by_name(Unit *u, UnitDependency d, UnitDependency e, const char *name, const char *path, bool add_reference) {
-        _cleanup_free_ char *buf = NULL;
-        Unit *other;
-        int r;
-
-        assert(u);
-        assert(name || path);
-
-        r = resolve_template(u, name, path, &buf, &name);
-        if (r < 0)
-                return r;
-
-        r = manager_load_unit(u->manager, name, path, NULL, &other);
-        if (r < 0)
-                return r;
-
-        return unit_add_two_dependencies(u, d, e, other, add_reference);
-}
-
-int set_unit_path(const char *p) {
-        /* This is mostly for debug purposes */
-        if (setenv("SYSTEMD_UNIT_PATH", p, 1) < 0)
-                return -errno;
-
-        return 0;
-}
-
-char *unit_dbus_path(Unit *u) {
-        assert(u);
-
-        if (!u->id)
-                return NULL;
-
-        return unit_dbus_path_from_name(u->id);
-}
-
-int unit_set_slice(Unit *u, Unit *slice) {
-        assert(u);
-        assert(slice);
-
-        /* Sets the unit slice if it has not been set before. Is extra
-         * careful, to only allow this for units that actually have a
-         * cgroup context. Also, we don't allow to set this for slices
-         * (since the parent slice is derived from the name). Make
-         * sure the unit we set is actually a slice. */
-
-        if (!UNIT_HAS_CGROUP_CONTEXT(u))
-                return -EOPNOTSUPP;
-
-        if (u->type == UNIT_SLICE)
-                return -EINVAL;
-
-        if (unit_active_state(u) != UNIT_INACTIVE)
-                return -EBUSY;
-
-        if (slice->type != UNIT_SLICE)
-                return -EINVAL;
-
-        if (unit_has_name(u, SPECIAL_INIT_SCOPE) &&
-            !unit_has_name(slice, SPECIAL_ROOT_SLICE))
-                return -EPERM;
-
-        if (UNIT_DEREF(u->slice) == slice)
-                return 0;
-
-        /* Disallow slice changes if @u is already bound to cgroups */
-        if (UNIT_ISSET(u->slice) && u->cgroup_realized)
-                return -EBUSY;
-
-        unit_ref_unset(&u->slice);
-        unit_ref_set(&u->slice, slice);
-        return 1;
-}
-
-int unit_set_default_slice(Unit *u) {
-        _cleanup_free_ char *b = NULL;
-        const char *slice_name;
-        Unit *slice;
-        int r;
-
-        assert(u);
-
-        if (UNIT_ISSET(u->slice))
-                return 0;
-
-        if (u->instance) {
-                _cleanup_free_ char *prefix = NULL, *escaped = NULL;
-
-                /* Implicitly place all instantiated units in their
-                 * own per-template slice */
-
-                r = unit_name_to_prefix(u->id, &prefix);
-                if (r < 0)
-                        return r;
-
-                /* The prefix is already escaped, but it might include
-                 * "-" which has a special meaning for slice units,
-                 * hence escape it here extra. */
-                escaped = unit_name_escape(prefix);
-                if (!escaped)
-                        return -ENOMEM;
-
-                if (MANAGER_IS_SYSTEM(u->manager))
-                        b = strjoin("system-", escaped, ".slice", NULL);
-                else
-                        b = strappend(escaped, ".slice");
-                if (!b)
-                        return -ENOMEM;
-
-                slice_name = b;
-        } else
-                slice_name =
-                        MANAGER_IS_SYSTEM(u->manager) && !unit_has_name(u, SPECIAL_INIT_SCOPE)
-                        ? SPECIAL_SYSTEM_SLICE
-                        : SPECIAL_ROOT_SLICE;
-
-        r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
-        if (r < 0)
-                return r;
-
-        return unit_set_slice(u, slice);
-}
-
-const char *unit_slice_name(Unit *u) {
-        assert(u);
-
-        if (!UNIT_ISSET(u->slice))
-                return NULL;
-
-        return UNIT_DEREF(u->slice)->id;
-}
-
-int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
-        _cleanup_free_ char *t = NULL;
-        int r;
-
-        assert(u);
-        assert(type);
-        assert(_found);
-
-        r = unit_name_change_suffix(u->id, type, &t);
-        if (r < 0)
-                return r;
-        if (unit_has_name(u, t))
-                return -EINVAL;
-
-        r = manager_load_unit(u->manager, t, NULL, NULL, _found);
-        assert(r < 0 || *_found != u);
-        return r;
-}
-
-static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *name, *old_owner, *new_owner;
-        Unit *u = userdata;
-        int r;
-
-        assert(message);
-        assert(u);
-
-        r = sd_bus_message_read(message, "sss", &name, &old_owner, &new_owner);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        if (UNIT_VTABLE(u)->bus_name_owner_change)
-                UNIT_VTABLE(u)->bus_name_owner_change(u, name, old_owner, new_owner);
-
-        return 0;
-}
-
-int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
-        const char *match;
-
-        assert(u);
-        assert(bus);
-        assert(name);
-
-        if (u->match_bus_slot)
-                return -EBUSY;
-
-        match = strjoina("type='signal',"
-                         "sender='org.freedesktop.DBus',"
-                         "path='/org/freedesktop/DBus',"
-                         "interface='org.freedesktop.DBus',"
-                         "member='NameOwnerChanged',"
-                         "arg0='", name, "'");
-
-        return sd_bus_add_match(bus, &u->match_bus_slot, match, signal_name_owner_changed, u);
-}
-
-int unit_watch_bus_name(Unit *u, const char *name) {
-        int r;
-
-        assert(u);
-        assert(name);
-
-        /* Watch a specific name on the bus. We only support one unit
-         * watching each name for now. */
-
-        if (u->manager->api_bus) {
-                /* If the bus is already available, install the match directly.
-                 * Otherwise, just put the name in the list. bus_setup_api() will take care later. */
-                r = unit_install_bus_match(u, u->manager->api_bus, name);
-                if (r < 0)
-                        return log_warning_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
-        }
-
-        r = hashmap_put(u->manager->watch_bus, name, u);
-        if (r < 0) {
-                u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
-                return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
-        }
-
-        return 0;
-}
-
-void unit_unwatch_bus_name(Unit *u, const char *name) {
-        assert(u);
-        assert(name);
-
-        hashmap_remove_value(u->manager->watch_bus, name, u);
-        u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
-}
-
-bool unit_can_serialize(Unit *u) {
-        assert(u);
-
-        return UNIT_VTABLE(u)->serialize && UNIT_VTABLE(u)->deserialize_item;
-}
-
-int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
-        int r;
-
-        assert(u);
-        assert(f);
-        assert(fds);
-
-        if (unit_can_serialize(u)) {
-                ExecRuntime *rt;
-
-                r = UNIT_VTABLE(u)->serialize(u, f, fds);
-                if (r < 0)
-                        return r;
-
-                rt = unit_get_exec_runtime(u);
-                if (rt) {
-                        r = exec_runtime_serialize(u, rt, f, fds);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        dual_timestamp_serialize(f, "state-change-timestamp", &u->state_change_timestamp);
-
-        dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
-        dual_timestamp_serialize(f, "active-enter-timestamp", &u->active_enter_timestamp);
-        dual_timestamp_serialize(f, "active-exit-timestamp", &u->active_exit_timestamp);
-        dual_timestamp_serialize(f, "inactive-enter-timestamp", &u->inactive_enter_timestamp);
-
-        dual_timestamp_serialize(f, "condition-timestamp", &u->condition_timestamp);
-        dual_timestamp_serialize(f, "assert-timestamp", &u->assert_timestamp);
-
-        if (dual_timestamp_is_set(&u->condition_timestamp))
-                unit_serialize_item(u, f, "condition-result", yes_no(u->condition_result));
-
-        if (dual_timestamp_is_set(&u->assert_timestamp))
-                unit_serialize_item(u, f, "assert-result", yes_no(u->assert_result));
-
-        unit_serialize_item(u, f, "transient", yes_no(u->transient));
-        unit_serialize_item_format(u, f, "cpuacct-usage-base", "%" PRIu64, u->cpuacct_usage_base);
-
-        if (u->cgroup_path)
-                unit_serialize_item(u, f, "cgroup", u->cgroup_path);
-        unit_serialize_item(u, f, "cgroup-realized", yes_no(u->cgroup_realized));
-
-        if (serialize_jobs) {
-                if (u->job) {
-                        fprintf(f, "job\n");
-                        job_serialize(u->job, f, fds);
-                }
-
-                if (u->nop_job) {
-                        fprintf(f, "job\n");
-                        job_serialize(u->nop_job, f, fds);
-                }
-        }
-
-        /* End marker */
-        fputc('\n', f);
-        return 0;
-}
-
-int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) {
-        assert(u);
-        assert(f);
-        assert(key);
-
-        if (!value)
-                return 0;
-
-        fputs(key, f);
-        fputc('=', f);
-        fputs(value, f);
-        fputc('\n', f);
-
-        return 1;
-}
-
-int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value) {
-        _cleanup_free_ char *c = NULL;
-
-        assert(u);
-        assert(f);
-        assert(key);
-
-        if (!value)
-                return 0;
-
-        c = cescape(value);
-        if (!c)
-                return -ENOMEM;
-
-        fputs(key, f);
-        fputc('=', f);
-        fputs(c, f);
-        fputc('\n', f);
-
-        return 1;
-}
-
-int unit_serialize_item_fd(Unit *u, FILE *f, FDSet *fds, const char *key, int fd) {
-        int copy;
-
-        assert(u);
-        assert(f);
-        assert(key);
-
-        if (fd < 0)
-                return 0;
-
-        copy = fdset_put_dup(fds, fd);
-        if (copy < 0)
-                return copy;
-
-        fprintf(f, "%s=%i\n", key, copy);
-        return 1;
-}
-
-void unit_serialize_item_format(Unit *u, FILE *f, const char *key, const char *format, ...) {
-        va_list ap;
-
-        assert(u);
-        assert(f);
-        assert(key);
-        assert(format);
-
-        fputs(key, f);
-        fputc('=', f);
-
-        va_start(ap, format);
-        vfprintf(f, format, ap);
-        va_end(ap);
-
-        fputc('\n', f);
-}
-
-int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
-        ExecRuntime **rt = NULL;
-        size_t offset;
-        int r;
-
-        assert(u);
-        assert(f);
-        assert(fds);
-
-        offset = UNIT_VTABLE(u)->exec_runtime_offset;
-        if (offset > 0)
-                rt = (ExecRuntime**) ((uint8_t*) u + offset);
-
-        for (;;) {
-                char line[LINE_MAX], *l, *v;
-                size_t k;
-
-                if (!fgets(line, sizeof(line), f)) {
-                        if (feof(f))
-                                return 0;
-                        return -errno;
-                }
-
-                char_array_0(line);
-                l = strstrip(line);
-
-                /* End marker */
-                if (isempty(l))
-                        break;
-
-                k = strcspn(l, "=");
-
-                if (l[k] == '=') {
-                        l[k] = 0;
-                        v = l+k+1;
-                } else
-                        v = l+k;
-
-                if (streq(l, "job")) {
-                        if (v[0] == '\0') {
-                                /* new-style serialized job */
-                                Job *j;
-
-                                j = job_new_raw(u);
-                                if (!j)
-                                        return log_oom();
-
-                                r = job_deserialize(j, f, fds);
-                                if (r < 0) {
-                                        job_free(j);
-                                        return r;
-                                }
-
-                                r = hashmap_put(u->manager->jobs, UINT32_TO_PTR(j->id), j);
-                                if (r < 0) {
-                                        job_free(j);
-                                        return r;
-                                }
-
-                                r = job_install_deserialized(j);
-                                if (r < 0) {
-                                        hashmap_remove(u->manager->jobs, UINT32_TO_PTR(j->id));
-                                        job_free(j);
-                                        return r;
-                                }
-                        } else  /* legacy for pre-44 */
-                                log_unit_warning(u, "Update from too old systemd versions are unsupported, cannot deserialize job: %s", v);
-                        continue;
-                } else if (streq(l, "state-change-timestamp")) {
-                        dual_timestamp_deserialize(v, &u->state_change_timestamp);
-                        continue;
-                } else if (streq(l, "inactive-exit-timestamp")) {
-                        dual_timestamp_deserialize(v, &u->inactive_exit_timestamp);
-                        continue;
-                } else if (streq(l, "active-enter-timestamp")) {
-                        dual_timestamp_deserialize(v, &u->active_enter_timestamp);
-                        continue;
-                } else if (streq(l, "active-exit-timestamp")) {
-                        dual_timestamp_deserialize(v, &u->active_exit_timestamp);
-                        continue;
-                } else if (streq(l, "inactive-enter-timestamp")) {
-                        dual_timestamp_deserialize(v, &u->inactive_enter_timestamp);
-                        continue;
-                } else if (streq(l, "condition-timestamp")) {
-                        dual_timestamp_deserialize(v, &u->condition_timestamp);
-                        continue;
-                } else if (streq(l, "assert-timestamp")) {
-                        dual_timestamp_deserialize(v, &u->assert_timestamp);
-                        continue;
-                } else if (streq(l, "condition-result")) {
-
-                        r = parse_boolean(v);
-                        if (r < 0)
-                                log_unit_debug(u, "Failed to parse condition result value %s, ignoring.", v);
-                        else
-                                u->condition_result = r;
-
-                        continue;
-
-                } else if (streq(l, "assert-result")) {
-
-                        r = parse_boolean(v);
-                        if (r < 0)
-                                log_unit_debug(u, "Failed to parse assert result value %s, ignoring.", v);
-                        else
-                                u->assert_result = r;
-
-                        continue;
-
-                } else if (streq(l, "transient")) {
-
-                        r = parse_boolean(v);
-                        if (r < 0)
-                                log_unit_debug(u, "Failed to parse transient bool %s, ignoring.", v);
-                        else
-                                u->transient = r;
-
-                        continue;
-
-                } else if (streq(l, "cpuacct-usage-base")) {
-
-                        r = safe_atou64(v, &u->cpuacct_usage_base);
-                        if (r < 0)
-                                log_unit_debug(u, "Failed to parse CPU usage %s, ignoring.", v);
-
-                        continue;
-
-                } else if (streq(l, "cgroup")) {
-
-                        r = unit_set_cgroup_path(u, v);
-                        if (r < 0)
-                                log_unit_debug_errno(u, r, "Failed to set cgroup path %s, ignoring: %m", v);
-
-                        (void) unit_watch_cgroup(u);
-
-                        continue;
-                } else if (streq(l, "cgroup-realized")) {
-                        int b;
-
-                        b = parse_boolean(v);
-                        if (b < 0)
-                                log_unit_debug(u, "Failed to parse cgroup-realized bool %s, ignoring.", v);
-                        else
-                                u->cgroup_realized = b;
-
-                        continue;
-                }
-
-                if (unit_can_serialize(u)) {
-                        if (rt) {
-                                r = exec_runtime_deserialize_item(u, rt, l, v, fds);
-                                if (r < 0) {
-                                        log_unit_warning(u, "Failed to deserialize runtime parameter '%s', ignoring.", l);
-                                        continue;
-                                }
-
-                                /* Returns positive if key was handled by the call */
-                                if (r > 0)
-                                        continue;
-                        }
-
-                        r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
-                        if (r < 0)
-                                log_unit_warning(u, "Failed to deserialize unit parameter '%s', ignoring.", l);
-                }
-        }
-
-        /* Versions before 228 did not carry a state change timestamp. In this case, take the current time. This is
-         * useful, so that timeouts based on this timestamp don't trigger too early, and is in-line with the logic from
-         * before 228 where the base for timeouts was not persistent across reboots. */
-
-        if (!dual_timestamp_is_set(&u->state_change_timestamp))
-                dual_timestamp_get(&u->state_change_timestamp);
-
-        return 0;
-}
-
-int unit_add_node_link(Unit *u, const char *what, bool wants, UnitDependency dep) {
-        Unit *device;
-        _cleanup_free_ char *e = NULL;
-        int r;
-
-        assert(u);
-
-        /* Adds in links to the device node that this unit is based on */
-        if (isempty(what))
-                return 0;
-
-        if (!is_device_path(what))
-                return 0;
-
-        /* When device units aren't supported (such as in a
-         * container), don't create dependencies on them. */
-        if (!unit_type_supported(UNIT_DEVICE))
-                return 0;
-
-        r = unit_name_from_path(what, ".device", &e);
-        if (r < 0)
-                return r;
-
-        r = manager_load_unit(u->manager, e, NULL, NULL, &device);
-        if (r < 0)
-                return r;
-
-        r = unit_add_two_dependencies(u, UNIT_AFTER,
-                                      MANAGER_IS_SYSTEM(u->manager) ? dep : UNIT_WANTS,
-                                      device, true);
-        if (r < 0)
-                return r;
-
-        if (wants) {
-                r = unit_add_dependency(device, UNIT_WANTS, u, false);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-int unit_coldplug(Unit *u) {
-        int r = 0, q = 0;
-
-        assert(u);
-
-        /* Make sure we don't enter a loop, when coldplugging
-         * recursively. */
-        if (u->coldplugged)
-                return 0;
-
-        u->coldplugged = true;
-
-        if (UNIT_VTABLE(u)->coldplug)
-                r = UNIT_VTABLE(u)->coldplug(u);
-
-        if (u->job)
-                q = job_coldplug(u->job);
-
-        if (r < 0)
-                return r;
-        if (q < 0)
-                return q;
-
-        return 0;
-}
-
-static bool fragment_mtime_newer(const char *path, usec_t mtime) {
-        struct stat st;
-
-        if (!path)
-                return false;
-
-        if (stat(path, &st) < 0)
-                /* What, cannot access this anymore? */
-                return true;
-
-        if (mtime > 0)
-                /* For non-empty files check the mtime */
-                return timespec_load(&st.st_mtim) > mtime;
-        else if (!null_or_empty(&st))
-                /* For masked files check if they are still so */
-                return true;
-
-        return false;
-}
-
-bool unit_need_daemon_reload(Unit *u) {
-        _cleanup_strv_free_ char **t = NULL;
-        char **path;
-
-        assert(u);
-
-        if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime))
-                return true;
-
-        if (fragment_mtime_newer(u->source_path, u->source_mtime))
-                return true;
-
-        (void) unit_find_dropin_paths(u, &t);
-        if (!strv_equal(u->dropin_paths, t))
-                return true;
-
-        STRV_FOREACH(path, u->dropin_paths)
-                if (fragment_mtime_newer(*path, u->dropin_mtime))
-                        return true;
-
-        return false;
-}
-
-void unit_reset_failed(Unit *u) {
-        assert(u);
-
-        if (UNIT_VTABLE(u)->reset_failed)
-                UNIT_VTABLE(u)->reset_failed(u);
-
-        RATELIMIT_RESET(u->start_limit);
-        u->start_limit_hit = false;
-}
-
-Unit *unit_following(Unit *u) {
-        assert(u);
-
-        if (UNIT_VTABLE(u)->following)
-                return UNIT_VTABLE(u)->following(u);
-
-        return NULL;
-}
-
-bool unit_stop_pending(Unit *u) {
-        assert(u);
-
-        /* This call does check the current state of the unit. It's
-         * hence useful to be called from state change calls of the
-         * unit itself, where the state isn't updated yet. This is
-         * different from unit_inactive_or_pending() which checks both
-         * the current state and for a queued job. */
-
-        return u->job && u->job->type == JOB_STOP;
-}
-
-bool unit_inactive_or_pending(Unit *u) {
-        assert(u);
-
-        /* Returns true if the unit is inactive or going down */
-
-        if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)))
-                return true;
-
-        if (unit_stop_pending(u))
-                return true;
-
-        return false;
-}
-
-bool unit_active_or_pending(Unit *u) {
-        assert(u);
-
-        /* Returns true if the unit is active or going up */
-
-        if (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
-                return true;
-
-        if (u->job &&
-            (u->job->type == JOB_START ||
-             u->job->type == JOB_RELOAD_OR_START ||
-             u->job->type == JOB_RESTART))
-                return true;
-
-        return false;
-}
-
-int unit_kill(Unit *u, KillWho w, int signo, sd_bus_error *error) {
-        assert(u);
-        assert(w >= 0 && w < _KILL_WHO_MAX);
-        assert(SIGNAL_VALID(signo));
-
-        if (!UNIT_VTABLE(u)->kill)
-                return -EOPNOTSUPP;
-
-        return UNIT_VTABLE(u)->kill(u, w, signo, error);
-}
-
-static Set *unit_pid_set(pid_t main_pid, pid_t control_pid) {
-        Set *pid_set;
-        int r;
-
-        pid_set = set_new(NULL);
-        if (!pid_set)
-                return NULL;
-
-        /* Exclude the main/control pids from being killed via the cgroup */
-        if (main_pid > 0) {
-                r = set_put(pid_set, PID_TO_PTR(main_pid));
-                if (r < 0)
-                        goto fail;
-        }
-
-        if (control_pid > 0) {
-                r = set_put(pid_set, PID_TO_PTR(control_pid));
-                if (r < 0)
-                        goto fail;
-        }
-
-        return pid_set;
-
-fail:
-        set_free(pid_set);
-        return NULL;
-}
-
-int unit_kill_common(
-                Unit *u,
-                KillWho who,
-                int signo,
-                pid_t main_pid,
-                pid_t control_pid,
-                sd_bus_error *error) {
-
-        int r = 0;
-        bool killed = false;
-
-        if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL)) {
-                if (main_pid < 0)
-                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no main processes", unit_type_to_string(u->type));
-                else if (main_pid == 0)
-                        return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No main process to kill");
-        }
-
-        if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL)) {
-                if (control_pid < 0)
-                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no control processes", unit_type_to_string(u->type));
-                else if (control_pid == 0)
-                        return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
-        }
-
-        if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL, KILL_ALL, KILL_ALL_FAIL))
-                if (control_pid > 0) {
-                        if (kill(control_pid, signo) < 0)
-                                r = -errno;
-                        else
-                                killed = true;
-                }
-
-        if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL, KILL_ALL, KILL_ALL_FAIL))
-                if (main_pid > 0) {
-                        if (kill(main_pid, signo) < 0)
-                                r = -errno;
-                        else
-                                killed = true;
-                }
-
-        if (IN_SET(who, KILL_ALL, KILL_ALL_FAIL) && u->cgroup_path) {
-                _cleanup_set_free_ Set *pid_set = NULL;
-                int q;
-
-                /* Exclude the main/control pids from being killed via the cgroup */
-                pid_set = unit_pid_set(main_pid, control_pid);
-                if (!pid_set)
-                        return -ENOMEM;
-
-                q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, signo, false, false, false, pid_set);
-                if (q < 0 && q != -EAGAIN && q != -ESRCH && q != -ENOENT)
-                        r = q;
-                else
-                        killed = true;
-        }
-
-        if (r == 0 && !killed && IN_SET(who, KILL_ALL_FAIL, KILL_CONTROL_FAIL))
-                return -ESRCH;
-
-        return r;
-}
-
-int unit_following_set(Unit *u, Set **s) {
-        assert(u);
-        assert(s);
-
-        if (UNIT_VTABLE(u)->following_set)
-                return UNIT_VTABLE(u)->following_set(u, s);
-
-        *s = NULL;
-        return 0;
-}
-
-UnitFileState unit_get_unit_file_state(Unit *u) {
-        int r;
-
-        assert(u);
-
-        if (u->unit_file_state < 0 && u->fragment_path) {
-                r = unit_file_get_state(
-                                u->manager->unit_file_scope,
-                                NULL,
-                                basename(u->fragment_path),
-                                &u->unit_file_state);
-                if (r < 0)
-                        u->unit_file_state = UNIT_FILE_BAD;
-        }
-
-        return u->unit_file_state;
-}
-
-int unit_get_unit_file_preset(Unit *u) {
-        assert(u);
-
-        if (u->unit_file_preset < 0 && u->fragment_path)
-                u->unit_file_preset = unit_file_query_preset(
-                                u->manager->unit_file_scope,
-                                NULL,
-                                basename(u->fragment_path));
-
-        return u->unit_file_preset;
-}
-
-Unit* unit_ref_set(UnitRef *ref, Unit *u) {
-        assert(ref);
-        assert(u);
-
-        if (ref->unit)
-                unit_ref_unset(ref);
-
-        ref->unit = u;
-        LIST_PREPEND(refs, u->refs, ref);
-        return u;
-}
-
-void unit_ref_unset(UnitRef *ref) {
-        assert(ref);
-
-        if (!ref->unit)
-                return;
-
-        /* We are about to drop a reference to the unit, make sure the garbage collection has a look at it as it might
-         * be unreferenced now. */
-        unit_add_to_gc_queue(ref->unit);
-
-        LIST_REMOVE(refs, ref->unit->refs, ref);
-        ref->unit = NULL;
-}
-
-int unit_patch_contexts(Unit *u) {
-        CGroupContext *cc;
-        ExecContext *ec;
-        unsigned i;
-        int r;
-
-        assert(u);
-
-        /* Patch in the manager defaults into the exec and cgroup
-         * contexts, _after_ the rest of the settings have been
-         * initialized */
-
-        ec = unit_get_exec_context(u);
-        if (ec) {
-                /* This only copies in the ones that need memory */
-                for (i = 0; i < _RLIMIT_MAX; i++)
-                        if (u->manager->rlimit[i] && !ec->rlimit[i]) {
-                                ec->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1);
-                                if (!ec->rlimit[i])
-                                        return -ENOMEM;
-                        }
-
-                if (MANAGER_IS_USER(u->manager) &&
-                    !ec->working_directory) {
-
-                        r = get_home_dir(&ec->working_directory);
-                        if (r < 0)
-                                return r;
-
-                        /* Allow user services to run, even if the
-                         * home directory is missing */
-                        ec->working_directory_missing_ok = true;
-                }
-
-                if (MANAGER_IS_USER(u->manager) &&
-                    (ec->syscall_whitelist ||
-                     !set_isempty(ec->syscall_filter) ||
-                     !set_isempty(ec->syscall_archs) ||
-                     ec->address_families_whitelist ||
-                     !set_isempty(ec->address_families)))
-                        ec->no_new_privileges = true;
-
-                if (ec->private_devices)
-                        ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_MKNOD);
-        }
-
-        cc = unit_get_cgroup_context(u);
-        if (cc) {
-
-                if (ec &&
-                    ec->private_devices &&
-                    cc->device_policy == CGROUP_AUTO)
-                        cc->device_policy = CGROUP_CLOSED;
-        }
-
-        return 0;
-}
-
-ExecContext *unit_get_exec_context(Unit *u) {
-        size_t offset;
-        assert(u);
-
-        if (u->type < 0)
-                return NULL;
-
-        offset = UNIT_VTABLE(u)->exec_context_offset;
-        if (offset <= 0)
-                return NULL;
-
-        return (ExecContext*) ((uint8_t*) u + offset);
-}
-
-KillContext *unit_get_kill_context(Unit *u) {
-        size_t offset;
-        assert(u);
-
-        if (u->type < 0)
-                return NULL;
-
-        offset = UNIT_VTABLE(u)->kill_context_offset;
-        if (offset <= 0)
-                return NULL;
-
-        return (KillContext*) ((uint8_t*) u + offset);
-}
-
-CGroupContext *unit_get_cgroup_context(Unit *u) {
-        size_t offset;
-
-        if (u->type < 0)
-                return NULL;
-
-        offset = UNIT_VTABLE(u)->cgroup_context_offset;
-        if (offset <= 0)
-                return NULL;
-
-        return (CGroupContext*) ((uint8_t*) u + offset);
-}
-
-ExecRuntime *unit_get_exec_runtime(Unit *u) {
-        size_t offset;
-
-        if (u->type < 0)
-                return NULL;
-
-        offset = UNIT_VTABLE(u)->exec_runtime_offset;
-        if (offset <= 0)
-                return NULL;
-
-        return *(ExecRuntime**) ((uint8_t*) u + offset);
-}
-
-static const char* unit_drop_in_dir(Unit *u, UnitSetPropertiesMode mode) {
-        assert(u);
-
-        if (!IN_SET(mode, UNIT_RUNTIME, UNIT_PERSISTENT))
-                return NULL;
-
-        if (u->transient) /* Redirect drop-ins for transient units always into the transient directory. */
-                return u->manager->lookup_paths.transient;
-
-        if (mode == UNIT_RUNTIME)
-                return u->manager->lookup_paths.runtime_control;
-
-        if (mode == UNIT_PERSISTENT)
-                return u->manager->lookup_paths.persistent_control;
-
-        return NULL;
-}
-
-int unit_write_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *data) {
-        _cleanup_free_ char *p = NULL, *q = NULL;
-        const char *dir, *prefixed;
-        int r;
-
-        assert(u);
-
-        if (u->transient_file) {
-                /* When this is a transient unit file in creation, then let's not create a new drop-in but instead
-                 * write to the transient unit file. */
-                fputs(data, u->transient_file);
-                return 0;
-        }
-
-        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
-                return 0;
-
-        dir = unit_drop_in_dir(u, mode);
-        if (!dir)
-                return -EINVAL;
-
-        prefixed = strjoina("# This is a drop-in unit file extension, created via \"systemctl set-property\" or an equivalent operation. Do not edit.\n",
-                            data);
-
-        r = drop_in_file(dir, u->id, 50, name, &p, &q);
-        if (r < 0)
-                return r;
-
-        (void) mkdir_p(p, 0755);
-        r = write_string_file_atomic_label(q, prefixed);
-        if (r < 0)
-                return r;
-
-        r = strv_push(&u->dropin_paths, q);
-        if (r < 0)
-                return r;
-        q = NULL;
-
-        strv_uniq(u->dropin_paths);
-
-        u->dropin_mtime = now(CLOCK_REALTIME);
-
-        return 0;
-}
-
-int unit_write_drop_in_format(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *format, ...) {
-        _cleanup_free_ char *p = NULL;
-        va_list ap;
-        int r;
-
-        assert(u);
-        assert(name);
-        assert(format);
-
-        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
-                return 0;
-
-        va_start(ap, format);
-        r = vasprintf(&p, format, ap);
-        va_end(ap);
-
-        if (r < 0)
-                return -ENOMEM;
-
-        return unit_write_drop_in(u, mode, name, p);
-}
-
-int unit_write_drop_in_private(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *data) {
-        const char *ndata;
-
-        assert(u);
-        assert(name);
-        assert(data);
-
-        if (!UNIT_VTABLE(u)->private_section)
-                return -EINVAL;
-
-        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
-                return 0;
-
-        ndata = strjoina("[", UNIT_VTABLE(u)->private_section, "]\n", data);
-
-        return unit_write_drop_in(u, mode, name, ndata);
-}
-
-int unit_write_drop_in_private_format(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *format, ...) {
-        _cleanup_free_ char *p = NULL;
-        va_list ap;
-        int r;
-
-        assert(u);
-        assert(name);
-        assert(format);
-
-        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
-                return 0;
-
-        va_start(ap, format);
-        r = vasprintf(&p, format, ap);
-        va_end(ap);
-
-        if (r < 0)
-                return -ENOMEM;
-
-        return unit_write_drop_in_private(u, mode, name, p);
-}
-
-int unit_make_transient(Unit *u) {
-        FILE *f;
-        char *path;
-
-        assert(u);
-
-        if (!UNIT_VTABLE(u)->can_transient)
-                return -EOPNOTSUPP;
-
-        path = strjoin(u->manager->lookup_paths.transient, "/", u->id, NULL);
-        if (!path)
-                return -ENOMEM;
-
-        /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are
-         * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */
-
-        RUN_WITH_UMASK(0022) {
-                f = fopen(path, "we");
-                if (!f) {
-                        free(path);
-                        return -errno;
-                }
-        }
-
-        if (u->transient_file)
-                fclose(u->transient_file);
-        u->transient_file = f;
-
-        free(u->fragment_path);
-        u->fragment_path = path;
-
-        u->source_path = mfree(u->source_path);
-        u->dropin_paths = strv_free(u->dropin_paths);
-        u->fragment_mtime = u->source_mtime = u->dropin_mtime = 0;
-
-        u->load_state = UNIT_STUB;
-        u->load_error = 0;
-        u->transient = true;
-
-        unit_add_to_dbus_queue(u);
-        unit_add_to_gc_queue(u);
-        unit_add_to_load_queue(u);
-
-        fputs("# This is a transient unit file, created programmatically via the systemd API. Do not edit.\n",
-              u->transient_file);
-
-        return 0;
-}
-
-int unit_kill_context(
-                Unit *u,
-                KillContext *c,
-                KillOperation k,
-                pid_t main_pid,
-                pid_t control_pid,
-                bool main_pid_alien) {
-
-        bool wait_for_exit = false;
-        int sig, r;
-
-        assert(u);
-        assert(c);
-
-        if (c->kill_mode == KILL_NONE)
-                return 0;
-
-        switch (k) {
-        case KILL_KILL:
-                sig = SIGKILL;
-                break;
-        case KILL_ABORT:
-                sig = SIGABRT;
-                break;
-        case KILL_TERMINATE:
-                sig = c->kill_signal;
-                break;
-        default:
-                assert_not_reached("KillOperation unknown");
-        }
-
-        if (main_pid > 0) {
-                r = kill_and_sigcont(main_pid, sig);
-
-                if (r < 0 && r != -ESRCH) {
-                        _cleanup_free_ char *comm = NULL;
-                        get_process_comm(main_pid, &comm);
-
-                        log_unit_warning_errno(u, r, "Failed to kill main process " PID_FMT " (%s), ignoring: %m", main_pid, strna(comm));
-                } else {
-                        if (!main_pid_alien)
-                                wait_for_exit = true;
-
-                        if (c->send_sighup && k == KILL_TERMINATE)
-                                (void) kill(main_pid, SIGHUP);
-                }
-        }
-
-        if (control_pid > 0) {
-                r = kill_and_sigcont(control_pid, sig);
-
-                if (r < 0 && r != -ESRCH) {
-                        _cleanup_free_ char *comm = NULL;
-                        get_process_comm(control_pid, &comm);
-
-                        log_unit_warning_errno(u, r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m", control_pid, strna(comm));
-                } else {
-                        wait_for_exit = true;
-
-                        if (c->send_sighup && k == KILL_TERMINATE)
-                                (void) kill(control_pid, SIGHUP);
-                }
-        }
-
-        if (u->cgroup_path &&
-            (c->kill_mode == KILL_CONTROL_GROUP || (c->kill_mode == KILL_MIXED && k == KILL_KILL))) {
-                _cleanup_set_free_ Set *pid_set = NULL;
-
-                /* Exclude the main/control pids from being killed via the cgroup */
-                pid_set = unit_pid_set(main_pid, control_pid);
-                if (!pid_set)
-                        return -ENOMEM;
-
-                r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, sig, true, k != KILL_TERMINATE, false, pid_set);
-                if (r < 0) {
-                        if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
-                                log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path);
-
-                } else if (r > 0) {
-
-                        /* FIXME: For now, on the legacy hierarchy, we
-                         * will not wait for the cgroup members to die
-                         * if we are running in a container or if this
-                         * is a delegation unit, simply because cgroup
-                         * notification is unreliable in these
-                         * cases. It doesn't work at all in
-                         * containers, and outside of containers it
-                         * can be confused easily by left-over
-                         * directories in the cgroup — which however
-                         * should not exist in non-delegated units. On
-                         * the unified hierarchy that's different,
-                         * there we get proper events. Hence rely on
-                         * them.*/
-
-                        if  (cg_unified() > 0 ||
-                             (detect_container() == 0 && !unit_cgroup_delegate(u)))
-                                wait_for_exit = true;
-
-                        if (c->send_sighup && k != KILL_KILL) {
-                                set_free(pid_set);
-
-                                pid_set = unit_pid_set(main_pid, control_pid);
-                                if (!pid_set)
-                                        return -ENOMEM;
-
-                                cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, SIGHUP, false, true, false, pid_set);
-                        }
-                }
-        }
-
-        return wait_for_exit;
-}
-
-int unit_require_mounts_for(Unit *u, const char *path) {
-        char prefix[strlen(path) + 1], *p;
-        int r;
-
-        assert(u);
-        assert(path);
-
-        /* Registers a unit for requiring a certain path and all its
-         * prefixes. We keep a simple array of these paths in the
-         * unit, since its usually short. However, we build a prefix
-         * table for all possible prefixes so that new appearing mount
-         * units can easily determine which units to make themselves a
-         * dependency of. */
-
-        if (!path_is_absolute(path))
-                return -EINVAL;
-
-        p = strdup(path);
-        if (!p)
-                return -ENOMEM;
-
-        path_kill_slashes(p);
-
-        if (!path_is_safe(p)) {
-                free(p);
-                return -EPERM;
-        }
-
-        if (strv_contains(u->requires_mounts_for, p)) {
-                free(p);
-                return 0;
-        }
-
-        r = strv_consume(&u->requires_mounts_for, p);
-        if (r < 0)
-                return r;
-
-        PATH_FOREACH_PREFIX_MORE(prefix, p) {
-                Set *x;
-
-                x = hashmap_get(u->manager->units_requiring_mounts_for, prefix);
-                if (!x) {
-                        char *q;
-
-                        r = hashmap_ensure_allocated(&u->manager->units_requiring_mounts_for, &string_hash_ops);
-                        if (r < 0)
-                                return r;
-
-                        q = strdup(prefix);
-                        if (!q)
-                                return -ENOMEM;
-
-                        x = set_new(NULL);
-                        if (!x) {
-                                free(q);
-                                return -ENOMEM;
-                        }
-
-                        r = hashmap_put(u->manager->units_requiring_mounts_for, q, x);
-                        if (r < 0) {
-                                free(q);
-                                set_free(x);
-                                return r;
-                        }
-                }
-
-                r = set_put(x, u);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-int unit_setup_exec_runtime(Unit *u) {
-        ExecRuntime **rt;
-        size_t offset;
-        Iterator i;
-        Unit *other;
-
-        offset = UNIT_VTABLE(u)->exec_runtime_offset;
-        assert(offset > 0);
-
-        /* Check if there already is an ExecRuntime for this unit? */
-        rt = (ExecRuntime**) ((uint8_t*) u + offset);
-        if (*rt)
-                return 0;
-
-        /* Try to get it from somebody else */
-        SET_FOREACH(other, u->dependencies[UNIT_JOINS_NAMESPACE_OF], i) {
-
-                *rt = unit_get_exec_runtime(other);
-                if (*rt) {
-                        exec_runtime_ref(*rt);
-                        return 0;
-                }
-        }
-
-        return exec_runtime_make(rt, unit_get_exec_context(u), u->id);
-}
-
-bool unit_type_supported(UnitType t) {
-        if (_unlikely_(t < 0))
-                return false;
-        if (_unlikely_(t >= _UNIT_TYPE_MAX))
-                return false;
-
-        if (!unit_vtable[t]->supported)
-                return true;
-
-        return unit_vtable[t]->supported();
-}
-
-void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
-        int r;
-
-        assert(u);
-        assert(where);
-
-        r = dir_is_empty(where);
-        if (r > 0)
-                return;
-        if (r < 0) {
-                log_unit_warning_errno(u, r, "Failed to check directory %s: %m", where);
-                return;
-        }
-
-        log_struct(LOG_NOTICE,
-                   LOG_MESSAGE_ID(SD_MESSAGE_OVERMOUNTING),
-                   LOG_UNIT_ID(u),
-                   LOG_UNIT_MESSAGE(u, "Directory %s to mount over is not empty, mounting anyway.", where),
-                   "WHERE=%s", where,
-                   NULL);
-}
-
-int unit_fail_if_symlink(Unit *u, const char* where) {
-        int r;
-
-        assert(u);
-        assert(where);
-
-        r = is_symlink(where);
-        if (r < 0) {
-                log_unit_debug_errno(u, r, "Failed to check symlink %s, ignoring: %m", where);
-                return 0;
-        }
-        if (r == 0)
-                return 0;
-
-        log_struct(LOG_ERR,
-                   LOG_MESSAGE_ID(SD_MESSAGE_OVERMOUNTING),
-                   LOG_UNIT_ID(u),
-                   LOG_UNIT_MESSAGE(u, "Mount on symlink %s not allowed.", where),
-                   "WHERE=%s", where,
-                   NULL);
-
-        return -ELOOP;
-}
-
-bool unit_is_pristine(Unit *u) {
-        assert(u);
-
-        /* Check if the unit already exists or is already around,
-         * in a number of different ways. Note that to cater for unit
-         * types such as slice, we are generally fine with units that
-         * are marked UNIT_LOADED even even though nothing was
-         * actually loaded, as those unit types don't require a file
-         * on disk to validly load. */
-
-        return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) ||
-                 u->fragment_path ||
-                 u->source_path ||
-                 !strv_isempty(u->dropin_paths) ||
-                 u->job ||
-                 u->merged_into);
-}
-
-pid_t unit_control_pid(Unit *u) {
-        assert(u);
-
-        if (UNIT_VTABLE(u)->control_pid)
-                return UNIT_VTABLE(u)->control_pid(u);
-
-        return 0;
-}
-
-pid_t unit_main_pid(Unit *u) {
-        assert(u);
-
-        if (UNIT_VTABLE(u)->main_pid)
-                return UNIT_VTABLE(u)->main_pid(u);
-
-        return 0;
-}
diff --git a/src/coredump/Makefile b/src/coredump/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/coredump/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
deleted file mode 100644
index 999de63900..0000000000
--- a/src/coredump/coredump.c
+++ /dev/null
@@ -1,1149 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <stdio.h>
-#include <sys/prctl.h>
-#include <sys/xattr.h>
-#include <unistd.h>
-
-#ifdef HAVE_ELFUTILS
-#include <dwarf.h>
-#include <elfutils/libdwfl.h>
-#endif
-
-#include "sd-journal.h"
-#include "sd-login.h"
-#include "sd-daemon.h"
-
-#include "acl-util.h"
-#include "alloc-util.h"
-#include "capability-util.h"
-#include "cgroup-util.h"
-#include "compress.h"
-#include "conf-parser.h"
-#include "copy.h"
-#include "coredump-vacuum.h"
-#include "dirent-util.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "io-util.h"
-#include "journald-native.h"
-#include "log.h"
-#include "macro.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "process-util.h"
-#include "socket-util.h"
-#include "special.h"
-#include "stacktrace.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "user-util.h"
-#include "util.h"
-
-/* The maximum size up to which we process coredumps */
-#define PROCESS_SIZE_MAX ((uint64_t) (2LLU*1024LLU*1024LLU*1024LLU))
-
-/* The maximum size up to which we leave the coredump around on disk */
-#define EXTERNAL_SIZE_MAX PROCESS_SIZE_MAX
-
-/* The maximum size up to which we store the coredump in the journal */
-#define JOURNAL_SIZE_MAX ((size_t) (767LU*1024LU*1024LU))
-
-/* Make sure to not make this larger than the maximum journal entry
- * size. See DATA_SIZE_MAX in journald-native.c. */
-assert_cc(JOURNAL_SIZE_MAX <= DATA_SIZE_MAX);
-
-enum {
-        /* We use this as array indexes for a couple of special fields we use for naming coredumping files, and
-         * attaching xattrs */
-        CONTEXT_PID,
-        CONTEXT_UID,
-        CONTEXT_GID,
-        CONTEXT_SIGNAL,
-        CONTEXT_TIMESTAMP,
-        CONTEXT_RLIMIT,
-        CONTEXT_COMM,
-        CONTEXT_EXE,
-        _CONTEXT_MAX
-};
-
-typedef enum CoredumpStorage {
-        COREDUMP_STORAGE_NONE,
-        COREDUMP_STORAGE_EXTERNAL,
-        COREDUMP_STORAGE_JOURNAL,
-        COREDUMP_STORAGE_BOTH,
-        _COREDUMP_STORAGE_MAX,
-        _COREDUMP_STORAGE_INVALID = -1
-} CoredumpStorage;
-
-static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = {
-        [COREDUMP_STORAGE_NONE] = "none",
-        [COREDUMP_STORAGE_EXTERNAL] = "external",
-        [COREDUMP_STORAGE_JOURNAL] = "journal",
-        [COREDUMP_STORAGE_BOTH] = "both",
-};
-
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage);
-static DEFINE_CONFIG_PARSE_ENUM(config_parse_coredump_storage, coredump_storage, CoredumpStorage, "Failed to parse storage setting");
-
-static CoredumpStorage arg_storage = COREDUMP_STORAGE_EXTERNAL;
-static bool arg_compress = true;
-static uint64_t arg_process_size_max = PROCESS_SIZE_MAX;
-static uint64_t arg_external_size_max = EXTERNAL_SIZE_MAX;
-static size_t arg_journal_size_max = JOURNAL_SIZE_MAX;
-static uint64_t arg_keep_free = (uint64_t) -1;
-static uint64_t arg_max_use = (uint64_t) -1;
-
-static int parse_config(void) {
-        static const ConfigTableItem items[] = {
-                { "Coredump", "Storage",          config_parse_coredump_storage,  0, &arg_storage           },
-                { "Coredump", "Compress",         config_parse_bool,              0, &arg_compress          },
-                { "Coredump", "ProcessSizeMax",   config_parse_iec_uint64,        0, &arg_process_size_max  },
-                { "Coredump", "ExternalSizeMax",  config_parse_iec_uint64,        0, &arg_external_size_max },
-                { "Coredump", "JournalSizeMax",   config_parse_iec_size,          0, &arg_journal_size_max  },
-                { "Coredump", "KeepFree",         config_parse_iec_uint64,        0, &arg_keep_free         },
-                { "Coredump", "MaxUse",           config_parse_iec_uint64,        0, &arg_max_use           },
-                {}
-        };
-
-        return config_parse_many(PKGSYSCONFDIR "/coredump.conf",
-                                 CONF_PATHS_NULSTR("systemd/coredump.conf.d"),
-                                 "Coredump\0",
-                                 config_item_table_lookup, items,
-                                 false, NULL);
-}
-
-static int fix_acl(int fd, uid_t uid) {
-
-#ifdef HAVE_ACL
-        _cleanup_(acl_freep) acl_t acl = NULL;
-        acl_entry_t entry;
-        acl_permset_t permset;
-        int r;
-
-        assert(fd >= 0);
-
-        if (uid <= SYSTEM_UID_MAX)
-                return 0;
-
-        /* Make sure normal users can read (but not write or delete)
-         * their own coredumps */
-
-        acl = acl_get_fd(fd);
-        if (!acl)
-                return log_error_errno(errno, "Failed to get ACL: %m");
-
-        if (acl_create_entry(&acl, &entry) < 0 ||
-            acl_set_tag_type(entry, ACL_USER) < 0 ||
-            acl_set_qualifier(entry, &uid) < 0) {
-                log_error_errno(errno, "Failed to patch ACL: %m");
-                return -errno;
-        }
-
-        if (acl_get_permset(entry, &permset) < 0 ||
-            acl_add_perm(permset, ACL_READ) < 0)
-                return log_warning_errno(errno, "Failed to patch ACL: %m");
-
-        r = calc_acl_mask_if_needed(&acl);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to patch ACL: %m");
-
-        if (acl_set_fd(fd, acl) < 0)
-                return log_error_errno(errno, "Failed to apply ACL: %m");
-#endif
-
-        return 0;
-}
-
-static int fix_xattr(int fd, const char *context[_CONTEXT_MAX]) {
-
-        static const char * const xattrs[_CONTEXT_MAX] = {
-                [CONTEXT_PID] = "user.coredump.pid",
-                [CONTEXT_UID] = "user.coredump.uid",
-                [CONTEXT_GID] = "user.coredump.gid",
-                [CONTEXT_SIGNAL] = "user.coredump.signal",
-                [CONTEXT_TIMESTAMP] = "user.coredump.timestamp",
-                [CONTEXT_COMM] = "user.coredump.comm",
-                [CONTEXT_EXE] = "user.coredump.exe",
-        };
-
-        int r = 0;
-        unsigned i;
-
-        assert(fd >= 0);
-
-        /* Attach some metadata to coredumps via extended
-         * attributes. Just because we can. */
-
-        for (i = 0; i < _CONTEXT_MAX; i++) {
-                int k;
-
-                if (isempty(context[i]) || !xattrs[i])
-                        continue;
-
-                k = fsetxattr(fd, xattrs[i], context[i], strlen(context[i]), XATTR_CREATE);
-                if (k < 0 && r == 0)
-                        r = -errno;
-        }
-
-        return r;
-}
-
-#define filename_escape(s) xescape((s), "./ ")
-
-static inline const char *coredump_tmpfile_name(const char *s) {
-        return s ? s : "(unnamed temporary file)";
-}
-
-static int fix_permissions(
-                int fd,
-                const char *filename,
-                const char *target,
-                const char *context[_CONTEXT_MAX],
-                uid_t uid) {
-
-        int r;
-
-        assert(fd >= 0);
-        assert(target);
-        assert(context);
-
-        /* Ignore errors on these */
-        (void) fchmod(fd, 0640);
-        (void) fix_acl(fd, uid);
-        (void) fix_xattr(fd, context);
-
-        if (fsync(fd) < 0)
-                return log_error_errno(errno, "Failed to sync coredump %s: %m", coredump_tmpfile_name(filename));
-
-        r = link_tmpfile(fd, filename, target);
-        if (r < 0)
-                return log_error_errno(r, "Failed to move coredump %s into place: %m", target);
-
-        return 0;
-}
-
-static int maybe_remove_external_coredump(const char *filename, uint64_t size) {
-
-        /* Returns 1 if might remove, 0 if will not remove, < 0 on error. */
-
-        if (IN_SET(arg_storage, COREDUMP_STORAGE_EXTERNAL, COREDUMP_STORAGE_BOTH) &&
-            size <= arg_external_size_max)
-                return 0;
-
-        if (!filename)
-                return 1;
-
-        if (unlink(filename) < 0 && errno != ENOENT)
-                return log_error_errno(errno, "Failed to unlink %s: %m", filename);
-
-        return 1;
-}
-
-static int make_filename(const char *context[_CONTEXT_MAX], char **ret) {
-        _cleanup_free_ char *c = NULL, *u = NULL, *p = NULL, *t = NULL;
-        sd_id128_t boot = {};
-        int r;
-
-        assert(context);
-
-        c = filename_escape(context[CONTEXT_COMM]);
-        if (!c)
-                return -ENOMEM;
-
-        u = filename_escape(context[CONTEXT_UID]);
-        if (!u)
-                return -ENOMEM;
-
-        r = sd_id128_get_boot(&boot);
-        if (r < 0)
-                return r;
-
-        p = filename_escape(context[CONTEXT_PID]);
-        if (!p)
-                return -ENOMEM;
-
-        t = filename_escape(context[CONTEXT_TIMESTAMP]);
-        if (!t)
-                return -ENOMEM;
-
-        if (asprintf(ret,
-                     "/var/lib/systemd/coredump/core.%s.%s." SD_ID128_FORMAT_STR ".%s.%s000000",
-                     c,
-                     u,
-                     SD_ID128_FORMAT_VAL(boot),
-                     p,
-                     t) < 0)
-                return -ENOMEM;
-
-        return 0;
-}
-
-static int save_external_coredump(
-                const char *context[_CONTEXT_MAX],
-                int input_fd,
-                char **ret_filename,
-                int *ret_node_fd,
-                int *ret_data_fd,
-                uint64_t *ret_size) {
-
-        _cleanup_free_ char *fn = NULL, *tmp = NULL;
-        _cleanup_close_ int fd = -1;
-        uint64_t rlimit, max_size;
-        struct stat st;
-        uid_t uid;
-        int r;
-
-        assert(context);
-        assert(ret_filename);
-        assert(ret_node_fd);
-        assert(ret_data_fd);
-        assert(ret_size);
-
-        r = parse_uid(context[CONTEXT_UID], &uid);
-        if (r < 0)
-                return log_error_errno(r, "Failed to parse UID: %m");
-
-        r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit);
-        if (r < 0)
-                return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]);
-        if (rlimit <= 0) {
-                /* Is coredumping disabled? Then don't bother saving/processing the coredump */
-                log_info("Core Dumping has been disabled for process %s (%s).", context[CONTEXT_PID], context[CONTEXT_COMM]);
-                return -EBADSLT;
-        }
-
-        /* Never store more than the process configured, or than we actually shall keep or process */
-        max_size = MIN(rlimit, MAX(arg_process_size_max, arg_external_size_max));
-
-        r = make_filename(context, &fn);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine coredump file name: %m");
-
-        mkdir_p_label("/var/lib/systemd/coredump", 0755);
-
-        fd = open_tmpfile_linkable(fn, O_RDWR|O_CLOEXEC, &tmp);
-        if (fd < 0)
-                return log_error_errno(fd, "Failed to create temporary file for coredump %s: %m", fn);
-
-        r = copy_bytes(input_fd, fd, max_size, false);
-        if (r == -EFBIG) {
-                log_error("Coredump of %s (%s) is larger than configured processing limit, refusing.", context[CONTEXT_PID], context[CONTEXT_COMM]);
-                goto fail;
-        } else if (IN_SET(r, -EDQUOT, -ENOSPC)) {
-                log_error("Not enough disk space for coredump of %s (%s), refusing.", context[CONTEXT_PID], context[CONTEXT_COMM]);
-                goto fail;
-        } else if (r < 0) {
-                log_error_errno(r, "Failed to dump coredump to file: %m");
-                goto fail;
-        }
-
-        if (fstat(fd, &st) < 0) {
-                log_error_errno(errno, "Failed to fstat coredump %s: %m", coredump_tmpfile_name(tmp));
-                goto fail;
-        }
-
-        if (lseek(fd, 0, SEEK_SET) == (off_t) -1) {
-                log_error_errno(errno, "Failed to seek on %s: %m", coredump_tmpfile_name(tmp));
-                goto fail;
-        }
-
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-        /* If we will remove the coredump anyway, do not compress. */
-        if (maybe_remove_external_coredump(NULL, st.st_size) == 0
-            && arg_compress) {
-
-                _cleanup_free_ char *fn_compressed = NULL, *tmp_compressed = NULL;
-                _cleanup_close_ int fd_compressed = -1;
-
-                fn_compressed = strappend(fn, COMPRESSED_EXT);
-                if (!fn_compressed) {
-                        log_oom();
-                        goto uncompressed;
-                }
-
-                fd_compressed = open_tmpfile_linkable(fn_compressed, O_RDWR|O_CLOEXEC, &tmp_compressed);
-                if (fd_compressed < 0) {
-                        log_error_errno(fd_compressed, "Failed to create temporary file for coredump %s: %m", fn_compressed);
-                        goto uncompressed;
-                }
-
-                r = compress_stream(fd, fd_compressed, -1);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to compress %s: %m", coredump_tmpfile_name(tmp_compressed));
-                        goto fail_compressed;
-                }
-
-                r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid);
-                if (r < 0)
-                        goto fail_compressed;
-
-                /* OK, this worked, we can get rid of the uncompressed version now */
-                if (tmp)
-                        unlink_noerrno(tmp);
-
-                *ret_filename = fn_compressed;     /* compressed */
-                *ret_node_fd = fd_compressed;      /* compressed */
-                *ret_data_fd = fd;                 /* uncompressed */
-                *ret_size = (uint64_t) st.st_size; /* uncompressed */
-
-                fn_compressed = NULL;
-                fd = fd_compressed = -1;
-
-                return 0;
-
-        fail_compressed:
-                if (tmp_compressed)
-                        (void) unlink(tmp_compressed);
-        }
-
-uncompressed:
-#endif
-
-        r = fix_permissions(fd, tmp, fn, context, uid);
-        if (r < 0)
-                goto fail;
-
-        *ret_filename = fn;
-        *ret_data_fd = fd;
-        *ret_node_fd = -1;
-        *ret_size = (uint64_t) st.st_size;
-
-        fn = NULL;
-        fd = -1;
-
-        return 0;
-
-fail:
-        if (tmp)
-                (void) unlink(tmp);
-        return r;
-}
-
-static int allocate_journal_field(int fd, size_t size, char **ret, size_t *ret_size) {
-        _cleanup_free_ char *field = NULL;
-        ssize_t n;
-
-        assert(fd >= 0);
-        assert(ret);
-        assert(ret_size);
-
-        if (lseek(fd, 0, SEEK_SET) == (off_t) -1)
-                return log_warning_errno(errno, "Failed to seek: %m");
-
-        field = malloc(9 + size);
-        if (!field) {
-                log_warning("Failed to allocate memory for coredump, coredump will not be stored.");
-                return -ENOMEM;
-        }
-
-        memcpy(field, "COREDUMP=", 9);
-
-        n = read(fd, field + 9, size);
-        if (n < 0)
-                return log_error_errno((int) n, "Failed to read core data: %m");
-        if ((size_t) n < size) {
-                log_error("Core data too short.");
-                return -EIO;
-        }
-
-        *ret = field;
-        *ret_size = size + 9;
-
-        field = NULL;
-
-        return 0;
-}
-
-/* Joins /proc/[pid]/fd/ and /proc/[pid]/fdinfo/ into the following lines:
- * 0:/dev/pts/23
- * pos:    0
- * flags:  0100002
- *
- * 1:/dev/pts/23
- * pos:    0
- * flags:  0100002
- *
- * 2:/dev/pts/23
- * pos:    0
- * flags:  0100002
- * EOF
- */
-static int compose_open_fds(pid_t pid, char **open_fds) {
-        _cleanup_closedir_ DIR *proc_fd_dir = NULL;
-        _cleanup_close_ int proc_fdinfo_fd = -1;
-        _cleanup_free_ char *buffer = NULL;
-        _cleanup_fclose_ FILE *stream = NULL;
-        const char *fddelim = "", *path;
-        struct dirent *dent = NULL;
-        size_t size = 0;
-        int r = 0;
-
-        assert(pid >= 0);
-        assert(open_fds != NULL);
-
-        path = procfs_file_alloca(pid, "fd");
-        proc_fd_dir = opendir(path);
-        if (!proc_fd_dir)
-                return -errno;
-
-        proc_fdinfo_fd = openat(dirfd(proc_fd_dir), "../fdinfo", O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC|O_PATH);
-        if (proc_fdinfo_fd < 0)
-                return -errno;
-
-        stream = open_memstream(&buffer, &size);
-        if (!stream)
-                return -ENOMEM;
-
-        FOREACH_DIRENT(dent, proc_fd_dir, return -errno) {
-                _cleanup_fclose_ FILE *fdinfo = NULL;
-                _cleanup_free_ char *fdname = NULL;
-                char line[LINE_MAX];
-                int fd;
-
-                r = readlinkat_malloc(dirfd(proc_fd_dir), dent->d_name, &fdname);
-                if (r < 0)
-                        return r;
-
-                fprintf(stream, "%s%s:%s\n", fddelim, dent->d_name, fdname);
-                fddelim = "\n";
-
-                /* Use the directory entry from /proc/[pid]/fd with /proc/[pid]/fdinfo */
-                fd = openat(proc_fdinfo_fd, dent->d_name, O_NOFOLLOW|O_CLOEXEC|O_RDONLY);
-                if (fd < 0)
-                        continue;
-
-                fdinfo = fdopen(fd, "re");
-                if (fdinfo == NULL) {
-                        close(fd);
-                        continue;
-                }
-
-                FOREACH_LINE(line, fdinfo, break) {
-                        fputs(line, stream);
-                        if (!endswith(line, "\n"))
-                                fputc('\n', stream);
-                }
-        }
-
-        errno = 0;
-        stream = safe_fclose(stream);
-
-        if (errno > 0)
-                return -errno;
-
-        *open_fds = buffer;
-        buffer = NULL;
-
-        return 0;
-}
-
-static int change_uid_gid(const char *context[]) {
-        uid_t uid;
-        gid_t gid;
-        int r;
-
-        r = parse_uid(context[CONTEXT_UID], &uid);
-        if (r < 0)
-                return r;
-
-        if (uid <= SYSTEM_UID_MAX) {
-                const char *user = "systemd-coredump";
-
-                r = get_user_creds(&user, &uid, &gid, NULL, NULL);
-                if (r < 0) {
-                        log_warning_errno(r, "Cannot resolve %s user. Proceeding to dump core as root: %m", user);
-                        uid = gid = 0;
-                }
-        } else {
-                r = parse_gid(context[CONTEXT_GID], &gid);
-                if (r < 0)
-                        return r;
-        }
-
-        return drop_privileges(uid, gid, 0);
-}
-
-static int submit_coredump(
-                const char *context[_CONTEXT_MAX],
-                struct iovec *iovec,
-                size_t n_iovec_allocated,
-                size_t n_iovec,
-                int input_fd) {
-
-        _cleanup_close_ int coredump_fd = -1, coredump_node_fd = -1;
-        _cleanup_free_ char *core_message = NULL, *filename = NULL, *coredump_data = NULL;
-        uint64_t coredump_size;
-        int r;
-
-        assert(context);
-        assert(iovec);
-        assert(n_iovec_allocated >= n_iovec + 3);
-        assert(input_fd >= 0);
-
-        /* Vacuum before we write anything again */
-        (void) coredump_vacuum(-1, arg_keep_free, arg_max_use);
-
-        /* Always stream the coredump to disk, if that's possible */
-        r = save_external_coredump(context, input_fd, &filename, &coredump_node_fd, &coredump_fd, &coredump_size);
-        if (r < 0)
-                /* Skip whole core dumping part */
-                goto log;
-
-        /* If we don't want to keep the coredump on disk, remove it now, as later on we will lack the privileges for
-         * it. However, we keep the fd to it, so that we can still process it and log it. */
-        r = maybe_remove_external_coredump(filename, coredump_size);
-        if (r < 0)
-                return r;
-        if (r == 0) {
-                const char *coredump_filename;
-
-                coredump_filename = strjoina("COREDUMP_FILENAME=", filename);
-                IOVEC_SET_STRING(iovec[n_iovec++], coredump_filename);
-        }
-
-        /* Vacuum again, but exclude the coredump we just created */
-        (void) coredump_vacuum(coredump_node_fd >= 0 ? coredump_node_fd : coredump_fd, arg_keep_free, arg_max_use);
-
-        /* Now, let's drop privileges to become the user who owns the segfaulted process and allocate the coredump
-         * memory under the user's uid. This also ensures that the credentials journald will see are the ones of the
-         * coredumping user, thus making sure the user gets access to the core dump. Let's also get rid of all
-         * capabilities, if we run as root, we won't need them anymore. */
-        r = change_uid_gid(context);
-        if (r < 0)
-                return log_error_errno(r, "Failed to drop privileges: %m");
-
-#ifdef HAVE_ELFUTILS
-        /* Try to get a strack trace if we can */
-        if (coredump_size <= arg_process_size_max) {
-                _cleanup_free_ char *stacktrace = NULL;
-
-                r = coredump_make_stack_trace(coredump_fd, context[CONTEXT_EXE], &stacktrace);
-                if (r >= 0)
-                        core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], " (", context[CONTEXT_COMM], ") of user ", context[CONTEXT_UID], " dumped core.\n\n", stacktrace, NULL);
-                else if (r == -EINVAL)
-                        log_warning("Failed to generate stack trace: %s", dwfl_errmsg(dwfl_errno()));
-                else
-                        log_warning_errno(r, "Failed to generate stack trace: %m");
-        }
-
-        if (!core_message)
-#endif
-log:
-        core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], " (", context[CONTEXT_COMM], ") of user ", context[CONTEXT_UID], " dumped core.", NULL);
-        if (core_message)
-                IOVEC_SET_STRING(iovec[n_iovec++], core_message);
-
-        /* Optionally store the entire coredump in the journal */
-        if (IN_SET(arg_storage, COREDUMP_STORAGE_JOURNAL, COREDUMP_STORAGE_BOTH) &&
-            coredump_size <= arg_journal_size_max) {
-                size_t sz = 0;
-
-                /* Store the coredump itself in the journal */
-
-                r = allocate_journal_field(coredump_fd, (size_t) coredump_size, &coredump_data, &sz);
-                if (r >= 0) {
-                        iovec[n_iovec].iov_base = coredump_data;
-                        iovec[n_iovec].iov_len = sz;
-                        n_iovec++;
-                }
-        }
-
-        assert(n_iovec <= n_iovec_allocated);
-
-        r = sd_journal_sendv(iovec, n_iovec);
-        if (r < 0)
-                return log_error_errno(r, "Failed to log coredump: %m");
-
-        return 0;
-}
-
-static void map_context_fields(const struct iovec *iovec, const char *context[]) {
-
-        static const char * const context_field_names[_CONTEXT_MAX] = {
-                [CONTEXT_PID] = "COREDUMP_PID=",
-                [CONTEXT_UID] = "COREDUMP_UID=",
-                [CONTEXT_GID] = "COREDUMP_GID=",
-                [CONTEXT_SIGNAL] = "COREDUMP_SIGNAL=",
-                [CONTEXT_TIMESTAMP] = "COREDUMP_TIMESTAMP=",
-                [CONTEXT_COMM] = "COREDUMP_COMM=",
-                [CONTEXT_EXE] = "COREDUMP_EXE=",
-                [CONTEXT_RLIMIT] = "COREDUMP_RLIMIT=",
-        };
-
-        unsigned i;
-
-        assert(iovec);
-        assert(context);
-
-        for (i = 0; i < _CONTEXT_MAX; i++) {
-                size_t l;
-
-                l = strlen(context_field_names[i]);
-                if (iovec->iov_len < l)
-                        continue;
-
-                if (memcmp(iovec->iov_base, context_field_names[i], l) != 0)
-                        continue;
-
-                /* Note that these strings are NUL terminated, because we made sure that a trailing NUL byte is in the
-                 * buffer, though not included in the iov_len count. (see below) */
-                context[i] = (char*) iovec->iov_base + l;
-                break;
-        }
-}
-
-static int process_socket(int fd) {
-        _cleanup_close_ int coredump_fd = -1;
-        struct iovec *iovec = NULL;
-        size_t n_iovec = 0, n_iovec_allocated = 0, i;
-        const char *context[_CONTEXT_MAX] = {};
-        int r;
-
-        assert(fd >= 0);
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        for (;;) {
-                union {
-                        struct cmsghdr cmsghdr;
-                        uint8_t buf[CMSG_SPACE(sizeof(int))];
-                } control = {};
-                struct msghdr mh = {
-                        .msg_control = &control,
-                        .msg_controllen = sizeof(control),
-                        .msg_iovlen = 1,
-                };
-                ssize_t n;
-                ssize_t l;
-
-                if (!GREEDY_REALLOC(iovec, n_iovec_allocated, n_iovec + 3)) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                l = next_datagram_size_fd(fd);
-                if (l < 0) {
-                        r = log_error_errno(l, "Failed to determine datagram size to read: %m");
-                        goto finish;
-                }
-
-                assert(l >= 0);
-
-                iovec[n_iovec].iov_len = l;
-                iovec[n_iovec].iov_base = malloc(l + 1);
-
-                if (!iovec[n_iovec].iov_base) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                mh.msg_iov = iovec + n_iovec;
-
-                n = recvmsg(fd, &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
-                if (n < 0)  {
-                        free(iovec[n_iovec].iov_base);
-                        r = log_error_errno(errno, "Failed to receive datagram: %m");
-                        goto finish;
-                }
-
-                if (n == 0) {
-                        struct cmsghdr *cmsg, *found = NULL;
-                        /* The final zero-length datagram carries the file descriptor and tells us that we're done. */
-
-                        free(iovec[n_iovec].iov_base);
-
-                        CMSG_FOREACH(cmsg, &mh) {
-                                if (cmsg->cmsg_level == SOL_SOCKET &&
-                                    cmsg->cmsg_type == SCM_RIGHTS &&
-                                    cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
-                                        assert(!found);
-                                        found = cmsg;
-                                }
-                        }
-
-                        if (!found) {
-                                log_error("Coredump file descriptor missing.");
-                                r = -EBADMSG;
-                                goto finish;
-                        }
-
-                        assert(coredump_fd < 0);
-                        coredump_fd = *(int*) CMSG_DATA(found);
-                        break;
-                }
-
-                /* Add trailing NUL byte, in case these are strings */
-                ((char*) iovec[n_iovec].iov_base)[n] = 0;
-                iovec[n_iovec].iov_len = (size_t) n;
-
-                cmsg_close_all(&mh);
-                map_context_fields(iovec + n_iovec, context);
-                n_iovec++;
-        }
-
-        if (!GREEDY_REALLOC(iovec, n_iovec_allocated, n_iovec + 3)) {
-                r = log_oom();
-                goto finish;
-        }
-
-        /* Make sure we we got all data we really need */
-        assert(context[CONTEXT_PID]);
-        assert(context[CONTEXT_UID]);
-        assert(context[CONTEXT_GID]);
-        assert(context[CONTEXT_SIGNAL]);
-        assert(context[CONTEXT_TIMESTAMP]);
-        assert(context[CONTEXT_RLIMIT]);
-        assert(context[CONTEXT_COMM]);
-        assert(coredump_fd >= 0);
-
-        r = submit_coredump(context, iovec, n_iovec_allocated, n_iovec, coredump_fd);
-
-finish:
-        for (i = 0; i < n_iovec; i++)
-                free(iovec[i].iov_base);
-        free(iovec);
-
-        return r;
-}
-
-static int send_iovec(const struct iovec iovec[], size_t n_iovec, int input_fd) {
-
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/coredump",
-        };
-        _cleanup_close_ int fd = -1;
-        size_t i;
-        int r;
-
-        assert(iovec || n_iovec <= 0);
-        assert(input_fd >= 0);
-
-        fd = socket(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0);
-        if (fd < 0)
-                return log_error_errno(errno, "Failed to create coredump socket: %m");
-
-        if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
-                return log_error_errno(errno, "Failed to connect to coredump service: %m");
-
-        for (i = 0; i < n_iovec; i++) {
-                ssize_t n;
-                assert(iovec[i].iov_len > 0);
-
-                n = send(fd, iovec[i].iov_base, iovec[i].iov_len, MSG_NOSIGNAL);
-                if (n < 0)
-                        return log_error_errno(errno, "Failed to send coredump datagram: %m");
-        }
-
-        r = send_one_fd(fd, input_fd, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to send coredump fd: %m");
-
-        return 0;
-}
-
-static int process_journald_crash(const char *context[], int input_fd) {
-        _cleanup_close_ int coredump_fd = -1, coredump_node_fd = -1;
-        _cleanup_free_ char *filename = NULL;
-        uint64_t coredump_size;
-        int r;
-
-        assert(context);
-        assert(input_fd >= 0);
-
-        /* If we are journald, we cut things short, don't write to the journal, but still create a coredump. */
-
-        if (arg_storage != COREDUMP_STORAGE_NONE)
-                arg_storage = COREDUMP_STORAGE_EXTERNAL;
-
-        r = save_external_coredump(context, input_fd, &filename, &coredump_node_fd, &coredump_fd, &coredump_size);
-        if (r < 0)
-                return r;
-
-        r = maybe_remove_external_coredump(filename, coredump_size);
-        if (r < 0)
-                return r;
-
-        log_info("Detected coredump of the journal daemon itself, diverted to %s.", filename);
-        return 0;
-}
-
-static int process_kernel(int argc, char* argv[]) {
-
-        /* The small core field we allocate on the stack, to keep things simple */
-        char
-                *core_pid = NULL, *core_uid = NULL, *core_gid = NULL, *core_signal = NULL,
-                *core_session = NULL, *core_exe = NULL, *core_comm = NULL, *core_cmdline = NULL,
-                *core_cgroup = NULL, *core_cwd = NULL, *core_root = NULL, *core_unit = NULL,
-                *core_user_unit = NULL, *core_slice = NULL, *core_timestamp = NULL, *core_rlimit = NULL;
-
-        /* The larger ones we allocate on the heap */
-        _cleanup_free_ char
-                *core_owner_uid = NULL, *core_open_fds = NULL, *core_proc_status = NULL,
-                *core_proc_maps = NULL, *core_proc_limits = NULL, *core_proc_cgroup = NULL, *core_environ = NULL;
-
-        _cleanup_free_ char *exe = NULL, *comm = NULL;
-        const char *context[_CONTEXT_MAX];
-        struct iovec iovec[25];
-        size_t n_iovec = 0;
-        uid_t owner_uid;
-        const char *p;
-        pid_t pid;
-        char *t;
-        int r;
-
-        if (argc < CONTEXT_COMM + 1) {
-                log_error("Not enough arguments passed from kernel (%i, expected %i).", argc - 1, CONTEXT_COMM + 1 - 1);
-                return -EINVAL;
-        }
-
-        r = parse_pid(argv[CONTEXT_PID + 1], &pid);
-        if (r < 0)
-                return log_error_errno(r, "Failed to parse PID.");
-
-        r = get_process_comm(pid, &comm);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to get COMM, falling back to the command line: %m");
-                comm = strv_join(argv + CONTEXT_COMM + 1, " ");
-                if (!comm)
-                        return log_oom();
-        }
-
-        r = get_process_exe(pid, &exe);
-        if (r < 0)
-                log_warning_errno(r, "Failed to get EXE, ignoring: %m");
-
-        context[CONTEXT_PID] = argv[CONTEXT_PID + 1];
-        context[CONTEXT_UID] = argv[CONTEXT_UID + 1];
-        context[CONTEXT_GID] = argv[CONTEXT_GID + 1];
-        context[CONTEXT_SIGNAL] = argv[CONTEXT_SIGNAL + 1];
-        context[CONTEXT_TIMESTAMP] = argv[CONTEXT_TIMESTAMP + 1];
-        context[CONTEXT_RLIMIT] = argv[CONTEXT_RLIMIT + 1];
-        context[CONTEXT_COMM] = comm;
-        context[CONTEXT_EXE] = exe;
-
-        if (cg_pid_get_unit(pid, &t) >= 0) {
-
-                if (streq(t, SPECIAL_JOURNALD_SERVICE)) {
-                        free(t);
-                        return process_journald_crash(context, STDIN_FILENO);
-                }
-
-                core_unit = strjoina("COREDUMP_UNIT=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_unit);
-        }
-
-        /* OK, now we know it's not the journal, hence we can make use of it now. */
-        log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
-        log_open();
-
-        if (cg_pid_get_user_unit(pid, &t) >= 0) {
-                core_user_unit = strjoina("COREDUMP_USER_UNIT=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_user_unit);
-        }
-
-        core_pid = strjoina("COREDUMP_PID=", context[CONTEXT_PID]);
-        IOVEC_SET_STRING(iovec[n_iovec++], core_pid);
-
-        core_uid = strjoina("COREDUMP_UID=", context[CONTEXT_UID]);
-        IOVEC_SET_STRING(iovec[n_iovec++], core_uid);
-
-        core_gid = strjoina("COREDUMP_GID=", context[CONTEXT_GID]);
-        IOVEC_SET_STRING(iovec[n_iovec++], core_gid);
-
-        core_signal = strjoina("COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]);
-        IOVEC_SET_STRING(iovec[n_iovec++], core_signal);
-
-        core_rlimit = strjoina("COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]);
-        IOVEC_SET_STRING(iovec[n_iovec++], core_rlimit);
-
-        if (sd_pid_get_session(pid, &t) >= 0) {
-                core_session = strjoina("COREDUMP_SESSION=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_session);
-        }
-
-        if (sd_pid_get_owner_uid(pid, &owner_uid) >= 0) {
-                r = asprintf(&core_owner_uid, "COREDUMP_OWNER_UID=" UID_FMT, owner_uid);
-                if (r > 0)
-                        IOVEC_SET_STRING(iovec[n_iovec++], core_owner_uid);
-        }
-
-        if (sd_pid_get_slice(pid, &t) >= 0) {
-                core_slice = strjoina("COREDUMP_SLICE=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_slice);
-        }
-
-        if (comm) {
-                core_comm = strjoina("COREDUMP_COMM=", comm);
-                IOVEC_SET_STRING(iovec[n_iovec++], core_comm);
-        }
-
-        if (exe) {
-                core_exe = strjoina("COREDUMP_EXE=", exe);
-                IOVEC_SET_STRING(iovec[n_iovec++], core_exe);
-        }
-
-        if (get_process_cmdline(pid, 0, false, &t) >= 0) {
-                core_cmdline = strjoina("COREDUMP_CMDLINE=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_cmdline);
-        }
-
-        if (cg_pid_get_path_shifted(pid, NULL, &t) >= 0) {
-                core_cgroup = strjoina("COREDUMP_CGROUP=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_cgroup);
-        }
-
-        if (compose_open_fds(pid, &t) >= 0) {
-                core_open_fds = strappend("COREDUMP_OPEN_FDS=", t);
-                free(t);
-
-                if (core_open_fds)
-                        IOVEC_SET_STRING(iovec[n_iovec++], core_open_fds);
-        }
-
-        p = procfs_file_alloca(pid, "status");
-        if (read_full_file(p, &t, NULL) >= 0) {
-                core_proc_status = strappend("COREDUMP_PROC_STATUS=", t);
-                free(t);
-
-                if (core_proc_status)
-                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_status);
-        }
-
-        p = procfs_file_alloca(pid, "maps");
-        if (read_full_file(p, &t, NULL) >= 0) {
-                core_proc_maps = strappend("COREDUMP_PROC_MAPS=", t);
-                free(t);
-
-                if (core_proc_maps)
-                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_maps);
-        }
-
-        p = procfs_file_alloca(pid, "limits");
-        if (read_full_file(p, &t, NULL) >= 0) {
-                core_proc_limits = strappend("COREDUMP_PROC_LIMITS=", t);
-                free(t);
-
-                if (core_proc_limits)
-                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_limits);
-        }
-
-        p = procfs_file_alloca(pid, "cgroup");
-        if (read_full_file(p, &t, NULL) >=0) {
-                core_proc_cgroup = strappend("COREDUMP_PROC_CGROUP=", t);
-                free(t);
-
-                if (core_proc_cgroup)
-                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_cgroup);
-        }
-
-        if (get_process_cwd(pid, &t) >= 0) {
-                core_cwd = strjoina("COREDUMP_CWD=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_cwd);
-        }
-
-        if (get_process_root(pid, &t) >= 0) {
-                core_root = strjoina("COREDUMP_ROOT=", t);
-                free(t);
-
-                IOVEC_SET_STRING(iovec[n_iovec++], core_root);
-        }
-
-        if (get_process_environ(pid, &t) >= 0) {
-                core_environ = strappend("COREDUMP_ENVIRON=", t);
-                free(t);
-
-                if (core_environ)
-                        IOVEC_SET_STRING(iovec[n_iovec++], core_environ);
-        }
-
-        core_timestamp = strjoina("COREDUMP_TIMESTAMP=", context[CONTEXT_TIMESTAMP], "000000");
-        IOVEC_SET_STRING(iovec[n_iovec++], core_timestamp);
-
-        IOVEC_SET_STRING(iovec[n_iovec++], "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1");
-
-        assert_cc(2 == LOG_CRIT);
-        IOVEC_SET_STRING(iovec[n_iovec++], "PRIORITY=2");
-
-        assert(n_iovec <= ELEMENTSOF(iovec));
-
-        return send_iovec(iovec, n_iovec, STDIN_FILENO);
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-
-        /* First, log to a safe place, since we don't know what crashed and it might be journald which we'd rather not
-         * log to then. */
-
-        log_set_target(LOG_TARGET_KMSG);
-        log_open();
-
-        /* Make sure we never enter a loop */
-        (void) prctl(PR_SET_DUMPABLE, 0);
-
-        /* Ignore all parse errors */
-        (void) parse_config();
-
-        log_debug("Selected storage '%s'.", coredump_storage_to_string(arg_storage));
-        log_debug("Selected compression %s.", yes_no(arg_compress));
-
-        r = sd_listen_fds(false);
-        if (r < 0) {
-                log_error_errno(r, "Failed to determine number of file descriptor: %m");
-                goto finish;
-        }
-
-        /* If we got an fd passed, we are running in coredumpd mode. Otherwise we are invoked from the kernel as
-         * coredump handler */
-        if (r == 0)
-                r = process_kernel(argc, argv);
-        else if (r == 1)
-                r = process_socket(SD_LISTEN_FDS_START);
-        else {
-                log_error("Received unexpected number of file descriptors.");
-                r = -EINVAL;
-        }
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c
deleted file mode 100644
index 27b1e0fb3f..0000000000
--- a/src/coredump/coredumpctl.c
+++ /dev/null
@@ -1,878 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <getopt.h>
-#include <locale.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "compress.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "journal-internal.h"
-#include "log.h"
-#include "macro.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "set.h"
-#include "sigbus.h"
-#include "signal-util.h"
-#include "string-util.h"
-#include "terminal-util.h"
-#include "user-util.h"
-#include "util.h"
-
-static enum {
-        ACTION_NONE,
-        ACTION_INFO,
-        ACTION_LIST,
-        ACTION_DUMP,
-        ACTION_GDB,
-} arg_action = ACTION_LIST;
-static const char* arg_field = NULL;
-static const char *arg_directory = NULL;
-static bool arg_no_pager = false;
-static int arg_no_legend = false;
-static int arg_one = false;
-static FILE* arg_output = NULL;
-
-static Set *new_matches(void) {
-        Set *set;
-        char *tmp;
-        int r;
-
-        set = set_new(NULL);
-        if (!set) {
-                log_oom();
-                return NULL;
-        }
-
-        tmp = strdup("MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1");
-        if (!tmp) {
-                log_oom();
-                set_free(set);
-                return NULL;
-        }
-
-        r = set_consume(set, tmp);
-        if (r < 0) {
-                log_error_errno(r, "failed to add to set: %m");
-                set_free(set);
-                return NULL;
-        }
-
-        return set;
-}
-
-static int add_match(Set *set, const char *match) {
-        _cleanup_free_ char *p = NULL;
-        char *pattern = NULL;
-        const char* prefix;
-        pid_t pid;
-        int r;
-
-        if (strchr(match, '='))
-                prefix = "";
-        else if (strchr(match, '/')) {
-                r = path_make_absolute_cwd(match, &p);
-                if (r < 0)
-                        goto fail;
-                match = p;
-                prefix = "COREDUMP_EXE=";
-        } else if (parse_pid(match, &pid) >= 0)
-                prefix = "COREDUMP_PID=";
-        else
-                prefix = "COREDUMP_COMM=";
-
-        pattern = strjoin(prefix, match, NULL);
-        if (!pattern) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        log_debug("Adding pattern: %s", pattern);
-        r = set_consume(set, pattern);
-        if (r < 0)
-                goto fail;
-
-        return 0;
-fail:
-        return log_error_errno(r, "Failed to add match: %m");
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...]\n\n"
-               "List or retrieve coredumps from the journal.\n\n"
-               "Flags:\n"
-               "  -h --help          Show this help\n"
-               "     --version       Print version string\n"
-               "     --no-pager      Do not pipe output into a pager\n"
-               "     --no-legend     Do not print the column headers.\n"
-               "  -1                 Show information about most recent entry only\n"
-               "  -F --field=FIELD   List all values a certain field takes\n"
-               "  -o --output=FILE   Write output to FILE\n\n"
-               "  -D --directory=DIR Use journal files from directory\n\n"
-
-               "Commands:\n"
-               "  list [MATCHES...]  List available coredumps (default)\n"
-               "  info [MATCHES...]  Show detailed information about one or more coredumps\n"
-               "  dump [MATCHES...]  Print first matching coredump to stdout\n"
-               "  gdb [MATCHES...]   Start gdb for the first matching coredump\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[], Set *matches) {
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_PAGER,
-                ARG_NO_LEGEND,
-        };
-
-        int r, c;
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'           },
-                { "version" ,     no_argument,       NULL, ARG_VERSION   },
-                { "no-pager",     no_argument,       NULL, ARG_NO_PAGER  },
-                { "no-legend",    no_argument,       NULL, ARG_NO_LEGEND },
-                { "output",       required_argument, NULL, 'o'           },
-                { "field",        required_argument, NULL, 'F'           },
-                { "directory",    required_argument, NULL, 'D'           },
-                {}
-        };
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "ho:F:1D:", options, NULL)) >= 0)
-                switch(c) {
-
-                case 'h':
-                        arg_action = ACTION_NONE;
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        arg_action = ACTION_NONE;
-                        return version();
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_NO_LEGEND:
-                        arg_no_legend = true;
-                        break;
-
-                case 'o':
-                        if (arg_output) {
-                                log_error("cannot set output more than once");
-                                return -EINVAL;
-                        }
-
-                        arg_output = fopen(optarg, "we");
-                        if (!arg_output)
-                                return log_error_errno(errno, "writing to '%s': %m", optarg);
-
-                        break;
-
-                case 'F':
-                        if (arg_field) {
-                                log_error("cannot use --field/-F more than once");
-                                return -EINVAL;
-                        }
-                        arg_field = optarg;
-                        break;
-
-                case '1':
-                        arg_one = true;
-                        break;
-
-                case 'D':
-                        arg_directory = optarg;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (optind < argc) {
-                const char *cmd = argv[optind++];
-                if (streq(cmd, "list"))
-                        arg_action = ACTION_LIST;
-                else if (streq(cmd, "dump"))
-                        arg_action = ACTION_DUMP;
-                else if (streq(cmd, "gdb"))
-                        arg_action = ACTION_GDB;
-                else if (streq(cmd, "info"))
-                        arg_action = ACTION_INFO;
-                else {
-                        log_error("Unknown action '%s'", cmd);
-                        return -EINVAL;
-                }
-        }
-
-        if (arg_field && arg_action != ACTION_LIST) {
-                log_error("Option --field/-F only makes sense with list");
-                return -EINVAL;
-        }
-
-        while (optind < argc) {
-                r = add_match(matches, argv[optind]);
-                if (r != 0)
-                        return r;
-                optind++;
-        }
-
-        return 0;
-}
-
-static int retrieve(const void *data,
-                    size_t len,
-                    const char *name,
-                    char **var) {
-
-        size_t ident;
-        char *v;
-
-        ident = strlen(name) + 1; /* name + "=" */
-
-        if (len < ident)
-                return 0;
-
-        if (memcmp(data, name, ident - 1) != 0)
-                return 0;
-
-        if (((const char*) data)[ident - 1] != '=')
-                return 0;
-
-        v = strndup((const char*)data + ident, len - ident);
-        if (!v)
-                return log_oom();
-
-        free(*var);
-        *var = v;
-
-        return 0;
-}
-
-static void print_field(FILE* file, sd_journal *j) {
-        _cleanup_free_ char *value = NULL;
-        const void *d;
-        size_t l;
-
-        assert(file);
-        assert(j);
-
-        assert(arg_field);
-
-        SD_JOURNAL_FOREACH_DATA(j, d, l)
-                retrieve(d, l, arg_field, &value);
-
-        if (value)
-                fprintf(file, "%s\n", value);
-}
-
-static int print_list(FILE* file, sd_journal *j, int had_legend) {
-        _cleanup_free_ char
-                *pid = NULL, *uid = NULL, *gid = NULL,
-                *sgnl = NULL, *exe = NULL, *comm = NULL, *cmdline = NULL,
-                *filename = NULL;
-        const void *d;
-        size_t l;
-        usec_t t;
-        char buf[FORMAT_TIMESTAMP_MAX];
-        int r;
-        bool present;
-
-        assert(file);
-        assert(j);
-
-        SD_JOURNAL_FOREACH_DATA(j, d, l) {
-                retrieve(d, l, "COREDUMP_PID", &pid);
-                retrieve(d, l, "COREDUMP_UID", &uid);
-                retrieve(d, l, "COREDUMP_GID", &gid);
-                retrieve(d, l, "COREDUMP_SIGNAL", &sgnl);
-                retrieve(d, l, "COREDUMP_EXE", &exe);
-                retrieve(d, l, "COREDUMP_COMM", &comm);
-                retrieve(d, l, "COREDUMP_CMDLINE", &cmdline);
-                retrieve(d, l, "COREDUMP_FILENAME", &filename);
-        }
-
-        if (!pid && !uid && !gid && !sgnl && !exe && !comm && !cmdline && !filename) {
-                log_warning("Empty coredump log entry");
-                return -EINVAL;
-        }
-
-        r = sd_journal_get_realtime_usec(j, &t);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get realtime timestamp: %m");
-
-        format_timestamp(buf, sizeof(buf), t);
-        present = filename && access(filename, F_OK) == 0;
-
-        if (!had_legend && !arg_no_legend)
-                fprintf(file, "%-*s %*s %*s %*s %*s %*s %s\n",
-                        FORMAT_TIMESTAMP_WIDTH, "TIME",
-                        6, "PID",
-                        5, "UID",
-                        5, "GID",
-                        3, "SIG",
-                        1, "PRESENT",
-                           "EXE");
-
-        fprintf(file, "%-*s %*s %*s %*s %*s %*s %s\n",
-                FORMAT_TIMESTAMP_WIDTH, buf,
-                6, strna(pid),
-                5, strna(uid),
-                5, strna(gid),
-                3, strna(sgnl),
-                1, present ? "*" : "",
-                strna(exe ?: (comm ?: cmdline)));
-
-        return 0;
-}
-
-static int print_info(FILE *file, sd_journal *j, bool need_space) {
-        _cleanup_free_ char
-                *pid = NULL, *uid = NULL, *gid = NULL,
-                *sgnl = NULL, *exe = NULL, *comm = NULL, *cmdline = NULL,
-                *unit = NULL, *user_unit = NULL, *session = NULL,
-                *boot_id = NULL, *machine_id = NULL, *hostname = NULL,
-                *slice = NULL, *cgroup = NULL, *owner_uid = NULL,
-                *message = NULL, *timestamp = NULL, *filename = NULL;
-        const void *d;
-        size_t l;
-        int r;
-
-        assert(file);
-        assert(j);
-
-        SD_JOURNAL_FOREACH_DATA(j, d, l) {
-                retrieve(d, l, "COREDUMP_PID", &pid);
-                retrieve(d, l, "COREDUMP_UID", &uid);
-                retrieve(d, l, "COREDUMP_GID", &gid);
-                retrieve(d, l, "COREDUMP_SIGNAL", &sgnl);
-                retrieve(d, l, "COREDUMP_EXE", &exe);
-                retrieve(d, l, "COREDUMP_COMM", &comm);
-                retrieve(d, l, "COREDUMP_CMDLINE", &cmdline);
-                retrieve(d, l, "COREDUMP_UNIT", &unit);
-                retrieve(d, l, "COREDUMP_USER_UNIT", &user_unit);
-                retrieve(d, l, "COREDUMP_SESSION", &session);
-                retrieve(d, l, "COREDUMP_OWNER_UID", &owner_uid);
-                retrieve(d, l, "COREDUMP_SLICE", &slice);
-                retrieve(d, l, "COREDUMP_CGROUP", &cgroup);
-                retrieve(d, l, "COREDUMP_TIMESTAMP", &timestamp);
-                retrieve(d, l, "COREDUMP_FILENAME", &filename);
-                retrieve(d, l, "_BOOT_ID", &boot_id);
-                retrieve(d, l, "_MACHINE_ID", &machine_id);
-                retrieve(d, l, "_HOSTNAME", &hostname);
-                retrieve(d, l, "MESSAGE", &message);
-        }
-
-        if (need_space)
-                fputs("\n", file);
-
-        if (comm)
-                fprintf(file,
-                        "           PID: %s%s%s (%s)\n",
-                        ansi_highlight(), strna(pid), ansi_normal(), comm);
-        else
-                fprintf(file,
-                        "           PID: %s%s%s\n",
-                        ansi_highlight(), strna(pid), ansi_normal());
-
-        if (uid) {
-                uid_t n;
-
-                if (parse_uid(uid, &n) >= 0) {
-                        _cleanup_free_ char *u = NULL;
-
-                        u = uid_to_name(n);
-                        fprintf(file,
-                                "           UID: %s (%s)\n",
-                                uid, u);
-                } else {
-                        fprintf(file,
-                                "           UID: %s\n",
-                                uid);
-                }
-        }
-
-        if (gid) {
-                gid_t n;
-
-                if (parse_gid(gid, &n) >= 0) {
-                        _cleanup_free_ char *g = NULL;
-
-                        g = gid_to_name(n);
-                        fprintf(file,
-                                "           GID: %s (%s)\n",
-                                gid, g);
-                } else {
-                        fprintf(file,
-                                "           GID: %s\n",
-                                gid);
-                }
-        }
-
-        if (sgnl) {
-                int sig;
-
-                if (safe_atoi(sgnl, &sig) >= 0)
-                        fprintf(file, "        Signal: %s (%s)\n", sgnl, signal_to_string(sig));
-                else
-                        fprintf(file, "        Signal: %s\n", sgnl);
-        }
-
-        if (timestamp) {
-                usec_t u;
-
-                r = safe_atou64(timestamp, &u);
-                if (r >= 0) {
-                        char absolute[FORMAT_TIMESTAMP_MAX], relative[FORMAT_TIMESPAN_MAX];
-
-                        fprintf(file,
-                                "     Timestamp: %s (%s)\n",
-                                format_timestamp(absolute, sizeof(absolute), u),
-                                format_timestamp_relative(relative, sizeof(relative), u));
-
-                } else
-                        fprintf(file, "     Timestamp: %s\n", timestamp);
-        }
-
-        if (cmdline)
-                fprintf(file, "  Command Line: %s\n", cmdline);
-        if (exe)
-                fprintf(file, "    Executable: %s%s%s\n", ansi_highlight(), exe, ansi_normal());
-        if (cgroup)
-                fprintf(file, " Control Group: %s\n", cgroup);
-        if (unit)
-                fprintf(file, "          Unit: %s\n", unit);
-        if (user_unit)
-                fprintf(file, "     User Unit: %s\n", unit);
-        if (slice)
-                fprintf(file, "         Slice: %s\n", slice);
-        if (session)
-                fprintf(file, "       Session: %s\n", session);
-        if (owner_uid) {
-                uid_t n;
-
-                if (parse_uid(owner_uid, &n) >= 0) {
-                        _cleanup_free_ char *u = NULL;
-
-                        u = uid_to_name(n);
-                        fprintf(file,
-                                "     Owner UID: %s (%s)\n",
-                                owner_uid, u);
-                } else {
-                        fprintf(file,
-                                "     Owner UID: %s\n",
-                                owner_uid);
-                }
-        }
-        if (boot_id)
-                fprintf(file, "       Boot ID: %s\n", boot_id);
-        if (machine_id)
-                fprintf(file, "    Machine ID: %s\n", machine_id);
-        if (hostname)
-                fprintf(file, "      Hostname: %s\n", hostname);
-
-        if (filename && access(filename, F_OK) == 0)
-                fprintf(file, "      Coredump: %s\n", filename);
-
-        if (message) {
-                _cleanup_free_ char *m = NULL;
-
-                m = strreplace(message, "\n", "\n                ");
-
-                fprintf(file, "       Message: %s\n", strstrip(m ?: message));
-        }
-
-        return 0;
-}
-
-static int focus(sd_journal *j) {
-        int r;
-
-        r = sd_journal_seek_tail(j);
-        if (r == 0)
-                r = sd_journal_previous(j);
-        if (r < 0)
-                return log_error_errno(r, "Failed to search journal: %m");
-        if (r == 0) {
-                log_error("No match found.");
-                return -ESRCH;
-        }
-        return r;
-}
-
-static void print_entry(sd_journal *j, unsigned n_found) {
-        assert(j);
-
-        if (arg_action == ACTION_INFO)
-                print_info(stdout, j, n_found);
-        else if (arg_field)
-                print_field(stdout, j);
-        else
-                print_list(stdout, j, n_found);
-}
-
-static int dump_list(sd_journal *j) {
-        unsigned n_found = 0;
-        int r;
-
-        assert(j);
-
-        /* The coredumps are likely to compressed, and for just
-         * listing them we don't need to decompress them, so let's
-         * pick a fairly low data threshold here */
-        sd_journal_set_data_threshold(j, 4096);
-
-        if (arg_one) {
-                r = focus(j);
-                if (r < 0)
-                        return r;
-
-                print_entry(j, 0);
-        } else {
-                SD_JOURNAL_FOREACH(j)
-                        print_entry(j, n_found++);
-
-                if (!arg_field && n_found <= 0) {
-                        log_notice("No coredumps found.");
-                        return -ESRCH;
-                }
-        }
-
-        return 0;
-}
-
-static int save_core(sd_journal *j, int fd, char **path, bool *unlink_temp) {
-        const char *data;
-        _cleanup_free_ char *filename = NULL;
-        size_t len;
-        int r;
-
-        assert((fd >= 0) != !!path);
-        assert(!!path == !!unlink_temp);
-
-        /* Prefer uncompressed file to journal (probably cached) to
-         * compressed file (probably uncached). */
-        r = sd_journal_get_data(j, "COREDUMP_FILENAME", (const void**) &data, &len);
-        if (r < 0 && r != -ENOENT)
-                log_warning_errno(r, "Failed to retrieve COREDUMP_FILENAME: %m");
-        else if (r == 0)
-                retrieve(data, len, "COREDUMP_FILENAME", &filename);
-
-        if (filename && access(filename, R_OK) < 0) {
-                log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
-                         "File %s is not readable: %m", filename);
-                filename = mfree(filename);
-        }
-
-        if (filename && !endswith(filename, ".xz") && !endswith(filename, ".lz4")) {
-                if (path) {
-                        *path = filename;
-                        filename = NULL;
-                }
-
-                return 0;
-        } else {
-                _cleanup_close_ int fdt = -1;
-                char *temp = NULL;
-
-                if (fd < 0) {
-                        temp = strdup("/var/tmp/coredump-XXXXXX");
-                        if (!temp)
-                                return log_oom();
-
-                        fdt = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
-                        if (fdt < 0)
-                                return log_error_errno(fdt, "Failed to create temporary file: %m");
-                        log_debug("Created temporary file %s", temp);
-
-                        fd = fdt;
-                }
-
-                r = sd_journal_get_data(j, "COREDUMP", (const void**) &data, &len);
-                if (r == 0) {
-                        ssize_t sz;
-
-                        assert(len >= 9);
-                        data += 9;
-                        len -= 9;
-
-                        sz = write(fdt, data, len);
-                        if (sz < 0) {
-                                r = log_error_errno(errno,
-                                                    "Failed to write temporary file: %m");
-                                goto error;
-                        }
-                        if (sz != (ssize_t) len) {
-                                log_error("Short write to temporary file.");
-                                r = -EIO;
-                                goto error;
-                        }
-                } else if (filename) {
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-                        _cleanup_close_ int fdf;
-
-                        fdf = open(filename, O_RDONLY | O_CLOEXEC);
-                        if (fdf < 0) {
-                                r = log_error_errno(errno,
-                                                    "Failed to open %s: %m",
-                                                    filename);
-                                goto error;
-                        }
-
-                        r = decompress_stream(filename, fdf, fd, -1);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to decompress %s: %m", filename);
-                                goto error;
-                        }
-#else
-                        log_error("Cannot decompress file. Compiled without compression support.");
-                        r = -EOPNOTSUPP;
-                        goto error;
-#endif
-                } else {
-                        if (r == -ENOENT)
-                                log_error("Cannot retrieve coredump from journal or disk.");
-                        else
-                                log_error_errno(r, "Failed to retrieve COREDUMP field: %m");
-                        goto error;
-                }
-
-                if (temp) {
-                        *path = temp;
-                        *unlink_temp = true;
-                }
-
-                return 0;
-
-error:
-                if (temp) {
-                        unlink(temp);
-                        log_debug("Removed temporary file %s", temp);
-                }
-                return r;
-        }
-}
-
-static int dump_core(sd_journal* j) {
-        int r;
-
-        assert(j);
-
-        r = focus(j);
-        if (r < 0)
-                return r;
-
-        print_info(arg_output ? stdout : stderr, j, false);
-
-        if (on_tty() && !arg_output) {
-                log_error("Refusing to dump core to tty.");
-                return -ENOTTY;
-        }
-
-        r = save_core(j, arg_output ? fileno(arg_output) : STDOUT_FILENO, NULL, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Coredump retrieval failed: %m");
-
-        r = sd_journal_previous(j);
-        if (r >= 0)
-                log_warning("More than one entry matches, ignoring rest.");
-
-        return 0;
-}
-
-static int run_gdb(sd_journal *j) {
-        _cleanup_free_ char *exe = NULL, *path = NULL;
-        bool unlink_path = false;
-        const char *data;
-        siginfo_t st;
-        size_t len;
-        pid_t pid;
-        int r;
-
-        assert(j);
-
-        r = focus(j);
-        if (r < 0)
-                return r;
-
-        print_info(stdout, j, false);
-        fputs("\n", stdout);
-
-        r = sd_journal_get_data(j, "COREDUMP_EXE", (const void**) &data, &len);
-        if (r < 0)
-                return log_error_errno(r, "Failed to retrieve COREDUMP_EXE field: %m");
-
-        assert(len > strlen("COREDUMP_EXE="));
-        data += strlen("COREDUMP_EXE=");
-        len -= strlen("COREDUMP_EXE=");
-
-        exe = strndup(data, len);
-        if (!exe)
-                return log_oom();
-
-        if (endswith(exe, " (deleted)")) {
-                log_error("Binary already deleted.");
-                return -ENOENT;
-        }
-
-        if (!path_is_absolute(exe)) {
-                log_error("Binary is not an absolute path.");
-                return -ENOENT;
-        }
-
-        r = save_core(j, -1, &path, &unlink_path);
-        if (r < 0)
-                return log_error_errno(r, "Failed to retrieve core: %m");
-
-        pid = fork();
-        if (pid < 0) {
-                r = log_error_errno(errno, "Failed to fork(): %m");
-                goto finish;
-        }
-        if (pid == 0) {
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-
-                execlp("gdb", "gdb", exe, path, NULL);
-
-                log_error_errno(errno, "Failed to invoke gdb: %m");
-                _exit(1);
-        }
-
-        r = wait_for_terminate(pid, &st);
-        if (r < 0) {
-                log_error_errno(r, "Failed to wait for gdb: %m");
-                goto finish;
-        }
-
-        r = st.si_code == CLD_EXITED ? st.si_status : 255;
-
-finish:
-        if (unlink_path) {
-                log_debug("Removed temporary file %s", path);
-                unlink(path);
-        }
-
-        return r;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_journal_closep) sd_journal*j = NULL;
-        const char* match;
-        Iterator it;
-        int r = 0;
-        _cleanup_set_free_free_ Set *matches = NULL;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        matches = new_matches();
-        if (!matches) {
-                r = -ENOMEM;
-                goto end;
-        }
-
-        r = parse_argv(argc, argv, matches);
-        if (r < 0)
-                goto end;
-
-        if (arg_action == ACTION_NONE)
-                goto end;
-
-        sigbus_install();
-
-        if (arg_directory) {
-                r = sd_journal_open_directory(&j, arg_directory, 0);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to open journals in directory: %s: %m", arg_directory);
-                        goto end;
-                }
-        } else {
-                r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to open journal: %m");
-                        goto end;
-                }
-        }
-
-        /* We want full data, nothing truncated. */
-        sd_journal_set_data_threshold(j, 0);
-
-        SET_FOREACH(match, matches, it) {
-                r = sd_journal_add_match(j, match, strlen(match));
-                if (r != 0) {
-                        log_error_errno(r, "Failed to add match '%s': %m",
-                                        match);
-                        goto end;
-                }
-        }
-
-        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
-                _cleanup_free_ char *filter;
-
-                filter = journal_make_match_string(j);
-                log_debug("Journal filter: %s", filter);
-        }
-
-        switch(arg_action) {
-
-        case ACTION_LIST:
-        case ACTION_INFO:
-                pager_open(arg_no_pager, false);
-                r = dump_list(j);
-                break;
-
-        case ACTION_DUMP:
-                r = dump_core(j);
-                break;
-
-        case  ACTION_GDB:
-                r = run_gdb(j);
-                break;
-
-        default:
-                assert_not_reached("Shouldn't be here");
-        }
-
-end:
-        pager_close();
-
-        if (arg_output)
-                fclose(arg_output);
-
-        return r >= 0 ? r : EXIT_FAILURE;
-}
diff --git a/src/cryptsetup/Makefile b/src/cryptsetup/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/cryptsetup/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
deleted file mode 100644
index 9927621ea0..0000000000
--- a/src/cryptsetup/cryptsetup.c
+++ /dev/null
@@ -1,757 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <libcryptsetup.h>
-#include <mntent.h>
-#include <string.h>
-#include <sys/mman.h>
-
-#include "sd-device.h"
-
-#include "alloc-util.h"
-#include "ask-password-api.h"
-#include "device-util.h"
-#include "escape.h"
-#include "fileio.h"
-#include "log.h"
-#include "mount-util.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
-static char *arg_cipher = NULL;
-static unsigned arg_key_size = 0;
-static int arg_key_slot = CRYPT_ANY_SLOT;
-static unsigned arg_keyfile_size = 0;
-static unsigned arg_keyfile_offset = 0;
-static char *arg_hash = NULL;
-static char *arg_header = NULL;
-static unsigned arg_tries = 3;
-static bool arg_readonly = false;
-static bool arg_verify = false;
-static bool arg_discards = false;
-static bool arg_tcrypt_hidden = false;
-static bool arg_tcrypt_system = false;
-static char **arg_tcrypt_keyfiles = NULL;
-static uint64_t arg_offset = 0;
-static uint64_t arg_skip = 0;
-static usec_t arg_timeout = 0;
-
-/* Options Debian's crypttab knows we don't:
-
-    precheck=
-    check=
-    checkargs=
-    noearly=
-    loud=
-    keyscript=
-*/
-
-static int parse_one_option(const char *option) {
-        assert(option);
-
-        /* Handled outside of this tool */
-        if (STR_IN_SET(option, "noauto", "auto", "nofail", "fail"))
-                return 0;
-
-        if (startswith(option, "cipher=")) {
-                char *t;
-
-                t = strdup(option+7);
-                if (!t)
-                        return log_oom();
-
-                free(arg_cipher);
-                arg_cipher = t;
-
-        } else if (startswith(option, "size=")) {
-
-                if (safe_atou(option+5, &arg_key_size) < 0) {
-                        log_error("size= parse failure, ignoring.");
-                        return 0;
-                }
-
-                if (arg_key_size % 8) {
-                        log_error("size= not a multiple of 8, ignoring.");
-                        return 0;
-                }
-
-                arg_key_size /= 8;
-
-        } else if (startswith(option, "key-slot=")) {
-
-                arg_type = CRYPT_LUKS1;
-                if (safe_atoi(option+9, &arg_key_slot) < 0) {
-                        log_error("key-slot= parse failure, ignoring.");
-                        return 0;
-                }
-
-        } else if (startswith(option, "tcrypt-keyfile=")) {
-
-                arg_type = CRYPT_TCRYPT;
-                if (path_is_absolute(option+15)) {
-                        if (strv_extend(&arg_tcrypt_keyfiles, option + 15) < 0)
-                                return log_oom();
-                } else
-                        log_error("Key file path '%s' is not absolute. Ignoring.", option+15);
-
-        } else if (startswith(option, "keyfile-size=")) {
-
-                if (safe_atou(option+13, &arg_keyfile_size) < 0) {
-                        log_error("keyfile-size= parse failure, ignoring.");
-                        return 0;
-                }
-
-        } else if (startswith(option, "keyfile-offset=")) {
-
-                if (safe_atou(option+15, &arg_keyfile_offset) < 0) {
-                        log_error("keyfile-offset= parse failure, ignoring.");
-                        return 0;
-                }
-
-        } else if (startswith(option, "hash=")) {
-                char *t;
-
-                t = strdup(option+5);
-                if (!t)
-                        return log_oom();
-
-                free(arg_hash);
-                arg_hash = t;
-
-        } else if (startswith(option, "header=")) {
-                arg_type = CRYPT_LUKS1;
-
-                if (!path_is_absolute(option+7)) {
-                        log_error("Header path '%s' is not absolute, refusing.", option+7);
-                        return -EINVAL;
-                }
-
-                if (arg_header) {
-                        log_error("Duplicate header= options, refusing.");
-                        return -EINVAL;
-                }
-
-                arg_header = strdup(option+7);
-                if (!arg_header)
-                        return log_oom();
-
-        } else if (startswith(option, "tries=")) {
-
-                if (safe_atou(option+6, &arg_tries) < 0) {
-                        log_error("tries= parse failure, ignoring.");
-                        return 0;
-                }
-
-        } else if (STR_IN_SET(option, "readonly", "read-only"))
-                arg_readonly = true;
-        else if (streq(option, "verify"))
-                arg_verify = true;
-        else if (STR_IN_SET(option, "allow-discards", "discard"))
-                arg_discards = true;
-        else if (streq(option, "luks"))
-                arg_type = CRYPT_LUKS1;
-        else if (streq(option, "tcrypt"))
-                arg_type = CRYPT_TCRYPT;
-        else if (streq(option, "tcrypt-hidden")) {
-                arg_type = CRYPT_TCRYPT;
-                arg_tcrypt_hidden = true;
-        } else if (streq(option, "tcrypt-system")) {
-                arg_type = CRYPT_TCRYPT;
-                arg_tcrypt_system = true;
-        } else if (STR_IN_SET(option, "plain", "swap", "tmp"))
-                arg_type = CRYPT_PLAIN;
-        else if (startswith(option, "timeout=")) {
-
-                if (parse_sec(option+8, &arg_timeout) < 0) {
-                        log_error("timeout= parse failure, ignoring.");
-                        return 0;
-                }
-
-        } else if (startswith(option, "offset=")) {
-
-                if (safe_atou64(option+7, &arg_offset) < 0) {
-                        log_error("offset= parse failure, refusing.");
-                        return -EINVAL;
-                }
-
-        } else if (startswith(option, "skip=")) {
-
-                if (safe_atou64(option+5, &arg_skip) < 0) {
-                        log_error("skip= parse failure, refusing.");
-                        return -EINVAL;
-                }
-
-        } else if (!streq(option, "none"))
-                log_error("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
-
-        return 0;
-}
-
-static int parse_options(const char *options) {
-        const char *word, *state;
-        size_t l;
-        int r;
-
-        assert(options);
-
-        FOREACH_WORD_SEPARATOR(word, l, options, ",", state) {
-                _cleanup_free_ char *o;
-
-                o = strndup(word, l);
-                if (!o)
-                        return -ENOMEM;
-                r = parse_one_option(o);
-                if (r < 0)
-                        return r;
-        }
-
-        /* sanity-check options */
-        if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
-                if (arg_offset)
-                      log_warning("offset= ignored with type %s", arg_type);
-                if (arg_skip)
-                      log_warning("skip= ignored with type %s", arg_type);
-        }
-
-        return 0;
-}
-
-static void log_glue(int level, const char *msg, void *usrptr) {
-        log_debug("%s", msg);
-}
-
-static int disk_major_minor(const char *path, char **ret) {
-        struct stat st;
-
-        assert(path);
-
-        if (stat(path, &st) < 0)
-                return -errno;
-
-        if (!S_ISBLK(st.st_mode))
-                return -EINVAL;
-
-        if (asprintf(ret, "/dev/block/%d:%d", major(st.st_rdev), minor(st.st_rdev)) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static char* disk_description(const char *path) {
-
-        static const char name_fields[] =
-                "ID_PART_ENTRY_NAME\0"
-                "DM_NAME\0"
-                "ID_MODEL_FROM_DATABASE\0"
-                "ID_MODEL\0";
-
-        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-        struct stat st;
-        const char *i;
-        int r;
-
-        assert(path);
-
-        if (stat(path, &st) < 0)
-                return NULL;
-
-        if (!S_ISBLK(st.st_mode))
-                return NULL;
-
-        r = sd_device_new_from_devnum(&device, 'b', st.st_rdev);
-        if (r < 0)
-                return NULL;
-
-        NULSTR_FOREACH(i, name_fields) {
-                const char *name;
-
-                r = sd_device_get_property_value(device, i, &name);
-                if (r >= 0 && !isempty(name))
-                        return strdup(name);
-        }
-
-        return NULL;
-}
-
-static char *disk_mount_point(const char *label) {
-        _cleanup_free_ char *device = NULL;
-        _cleanup_endmntent_ FILE *f = NULL;
-        struct mntent *m;
-
-        /* Yeah, we don't support native systemd unit files here for now */
-
-        if (asprintf(&device, "/dev/mapper/%s", label) < 0)
-                return NULL;
-
-        f = setmntent("/etc/fstab", "r");
-        if (!f)
-                return NULL;
-
-        while ((m = getmntent(f)))
-                if (path_equal(m->mnt_fsname, device))
-                        return strdup(m->mnt_dir);
-
-        return NULL;
-}
-
-static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***ret) {
-        _cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL, *maj_min = NULL, *text = NULL, *escaped_name = NULL;
-        _cleanup_strv_free_erase_ char **passwords = NULL;
-        const char *name = NULL;
-        char **p, *id;
-        int r = 0;
-
-        assert(vol);
-        assert(src);
-        assert(ret);
-
-        description = disk_description(src);
-        mount_point = disk_mount_point(vol);
-
-        if (description && streq(vol, description))
-                /* If the description string is simply the
-                 * volume name, then let's not show this
-                 * twice */
-                description = mfree(description);
-
-        if (mount_point && description)
-                r = asprintf(&name_buffer, "%s (%s) on %s", description, vol, mount_point);
-        else if (mount_point)
-                r = asprintf(&name_buffer, "%s on %s", vol, mount_point);
-        else if (description)
-                r = asprintf(&name_buffer, "%s (%s)", description, vol);
-
-        if (r < 0)
-                return log_oom();
-
-        name = name_buffer ? name_buffer : vol;
-
-        if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
-                return log_oom();
-
-        if (src)
-                (void) disk_major_minor(src, &maj_min);
-
-        if (maj_min) {
-                escaped_name = maj_min;
-                maj_min = NULL;
-        } else
-                escaped_name = cescape(name);
-
-        if (!escaped_name)
-                return log_oom();
-
-        id = strjoina("cryptsetup:", escaped_name);
-
-        r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until,
-                              ASK_PASSWORD_PUSH_CACHE | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
-                              &passwords);
-        if (r < 0)
-                return log_error_errno(r, "Failed to query password: %m");
-
-        if (arg_verify) {
-                _cleanup_strv_free_erase_ char **passwords2 = NULL;
-
-                assert(strv_length(passwords) == 1);
-
-                if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
-                        return log_oom();
-
-                id = strjoina("cryptsetup-verification:", escaped_name);
-
-                r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE, &passwords2);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to query verification password: %m");
-
-                assert(strv_length(passwords2) == 1);
-
-                if (!streq(passwords[0], passwords2[0])) {
-                        log_warning("Passwords did not match, retrying.");
-                        return -EAGAIN;
-                }
-        }
-
-        strv_uniq(passwords);
-
-        STRV_FOREACH(p, passwords) {
-                char *c;
-
-                if (strlen(*p)+1 >= arg_key_size)
-                        continue;
-
-                /* Pad password if necessary */
-                c = new(char, arg_key_size);
-                if (!c)
-                        return log_oom();
-
-                strncpy(c, *p, arg_key_size);
-                free(*p);
-                *p = c;
-        }
-
-        *ret = passwords;
-        passwords = NULL;
-
-        return 0;
-}
-
-static int attach_tcrypt(
-                struct crypt_device *cd,
-                const char *name,
-                const char *key_file,
-                char **passwords,
-                uint32_t flags) {
-
-        int r = 0;
-        _cleanup_free_ char *passphrase = NULL;
-        struct crypt_params_tcrypt params = {
-                .flags = CRYPT_TCRYPT_LEGACY_MODES,
-                .keyfiles = (const char **)arg_tcrypt_keyfiles,
-                .keyfiles_count = strv_length(arg_tcrypt_keyfiles)
-        };
-
-        assert(cd);
-        assert(name);
-        assert(key_file || (passwords && passwords[0]));
-
-        if (arg_tcrypt_hidden)
-                params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
-
-        if (arg_tcrypt_system)
-                params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
-
-        if (key_file) {
-                r = read_one_line_file(key_file, &passphrase);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to read password file '%s': %m", key_file);
-                        return -EAGAIN;
-                }
-
-                params.passphrase = passphrase;
-        } else
-                params.passphrase = passwords[0];
-        params.passphrase_size = strlen(params.passphrase);
-
-        r = crypt_load(cd, CRYPT_TCRYPT, &params);
-        if (r < 0) {
-                if (key_file && r == -EPERM) {
-                        log_error("Failed to activate using password file '%s'.", key_file);
-                        return -EAGAIN;
-                }
-                return r;
-        }
-
-        return crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
-}
-
-static int attach_luks_or_plain(struct crypt_device *cd,
-                                const char *name,
-                                const char *key_file,
-                                const char *data_device,
-                                char **passwords,
-                                uint32_t flags) {
-        int r = 0;
-        bool pass_volume_key = false;
-
-        assert(cd);
-        assert(name);
-        assert(key_file || passwords);
-
-        if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
-                r = crypt_load(cd, CRYPT_LUKS1, NULL);
-                if (r < 0) {
-                        log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
-                        return r;
-                }
-
-                if (data_device)
-                        r = crypt_set_data_device(cd, data_device);
-        }
-
-        if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
-                struct crypt_params_plain params = {
-                        .offset = arg_offset,
-                        .skip = arg_skip,
-                };
-                const char *cipher, *cipher_mode;
-                _cleanup_free_ char *truncated_cipher = NULL;
-
-                if (arg_hash) {
-                        /* plain isn't a real hash type. it just means "use no hash" */
-                        if (!streq(arg_hash, "plain"))
-                                params.hash = arg_hash;
-                } else if (!key_file)
-                        /* for CRYPT_PLAIN, the behaviour of cryptsetup
-                         * package is to not hash when a key file is provided */
-                        params.hash = "ripemd160";
-
-                if (arg_cipher) {
-                        size_t l;
-
-                        l = strcspn(arg_cipher, "-");
-                        truncated_cipher = strndup(arg_cipher, l);
-                        if (!truncated_cipher)
-                                return log_oom();
-
-                        cipher = truncated_cipher;
-                        cipher_mode = arg_cipher[l] ? arg_cipher+l+1 : "plain";
-                } else {
-                        cipher = "aes";
-                        cipher_mode = "cbc-essiv:sha256";
-                }
-
-                /* for CRYPT_PLAIN limit reads
-                 * from keyfile to key length, and
-                 * ignore keyfile-size */
-                arg_keyfile_size = arg_key_size;
-
-                /* In contrast to what the name
-                 * crypt_setup() might suggest this
-                 * doesn't actually format anything,
-                 * it just configures encryption
-                 * parameters when used for plain
-                 * mode. */
-                r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
-
-                /* hash == NULL implies the user passed "plain" */
-                pass_volume_key = (params.hash == NULL);
-        }
-
-        if (r < 0)
-                return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
-
-        log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
-                 crypt_get_cipher(cd),
-                 crypt_get_cipher_mode(cd),
-                 crypt_get_volume_key_size(cd)*8,
-                 crypt_get_device_name(cd));
-
-        if (key_file) {
-                r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
-                        return -EAGAIN;
-                }
-        } else {
-                char **p;
-
-                STRV_FOREACH(p, passwords) {
-                        if (pass_volume_key)
-                                r = crypt_activate_by_volume_key(cd, name, *p, arg_key_size, flags);
-                        else
-                                r = crypt_activate_by_passphrase(cd, name, arg_key_slot, *p, strlen(*p), flags);
-
-                        if (r >= 0)
-                                break;
-                }
-        }
-
-        return r;
-}
-
-static int help(void) {
-
-        printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n"
-               "%s detach VOLUME\n\n"
-               "Attaches or detaches an encrypted block device.\n",
-               program_invocation_short_name,
-               program_invocation_short_name);
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        int r = EXIT_FAILURE;
-        struct crypt_device *cd = NULL;
-
-        if (argc <= 1) {
-                help();
-                return EXIT_SUCCESS;
-        }
-
-        if (argc < 3) {
-                log_error("This program requires at least two arguments.");
-                return EXIT_FAILURE;
-        }
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (streq(argv[1], "attach")) {
-                uint32_t flags = 0;
-                int k;
-                unsigned tries;
-                usec_t until;
-                crypt_status_info status;
-                const char *key_file = NULL;
-
-                /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
-
-                if (argc < 4) {
-                        log_error("attach requires at least two arguments.");
-                        goto finish;
-                }
-
-                if (argc >= 5 &&
-                    argv[4][0] &&
-                    !streq(argv[4], "-") &&
-                    !streq(argv[4], "none")) {
-
-                        if (!path_is_absolute(argv[4]))
-                                log_error("Password file path '%s' is not absolute. Ignoring.", argv[4]);
-                        else
-                                key_file = argv[4];
-                }
-
-                if (argc >= 6 && argv[5][0] && !streq(argv[5], "-")) {
-                        if (parse_options(argv[5]) < 0)
-                                goto finish;
-                }
-
-                /* A delicious drop of snake oil */
-                mlockall(MCL_FUTURE);
-
-                if (arg_header) {
-                        log_debug("LUKS header: %s", arg_header);
-                        k = crypt_init(&cd, arg_header);
-                } else
-                        k = crypt_init(&cd, argv[3]);
-                if (k) {
-                        log_error_errno(k, "crypt_init() failed: %m");
-                        goto finish;
-                }
-
-                crypt_set_log_callback(cd, log_glue, NULL);
-
-                status = crypt_status(cd, argv[2]);
-                if (status == CRYPT_ACTIVE || status == CRYPT_BUSY) {
-                        log_info("Volume %s already active.", argv[2]);
-                        r = EXIT_SUCCESS;
-                        goto finish;
-                }
-
-                if (arg_readonly)
-                        flags |= CRYPT_ACTIVATE_READONLY;
-
-                if (arg_discards)
-                        flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
-
-                if (arg_timeout > 0)
-                        until = now(CLOCK_MONOTONIC) + arg_timeout;
-                else
-                        until = 0;
-
-                arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
-
-                if (key_file) {
-                        struct stat st;
-
-                        /* Ideally we'd do this on the open fd, but since this is just a
-                         * warning it's OK to do this in two steps. */
-                        if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005))
-                                log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
-                }
-
-                for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
-                        _cleanup_strv_free_erase_ char **passwords = NULL;
-
-                        if (!key_file) {
-                                k = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
-                                if (k == -EAGAIN)
-                                        continue;
-                                else if (k < 0)
-                                        goto finish;
-                        }
-
-                        if (streq_ptr(arg_type, CRYPT_TCRYPT))
-                                k = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
-                        else
-                                k = attach_luks_or_plain(cd,
-                                                         argv[2],
-                                                         key_file,
-                                                         arg_header ? argv[3] : NULL,
-                                                         passwords,
-                                                         flags);
-                        if (k >= 0)
-                                break;
-                        else if (k == -EAGAIN) {
-                                key_file = NULL;
-                                continue;
-                        } else if (k != -EPERM) {
-                                log_error_errno(k, "Failed to activate: %m");
-                                goto finish;
-                        }
-
-                        log_warning("Invalid passphrase.");
-                }
-
-                if (arg_tries != 0 && tries >= arg_tries) {
-                        log_error("Too many attempts; giving up.");
-                        r = EXIT_FAILURE;
-                        goto finish;
-                }
-
-        } else if (streq(argv[1], "detach")) {
-                int k;
-
-                k = crypt_init_by_name(&cd, argv[2]);
-                if (k == -ENODEV) {
-                        log_info("Volume %s already inactive.", argv[2]);
-                        r = EXIT_SUCCESS;
-                        goto finish;
-                } else if (k) {
-                        log_error_errno(k, "crypt_init_by_name() failed: %m");
-                        goto finish;
-                }
-
-                crypt_set_log_callback(cd, log_glue, NULL);
-
-                k = crypt_deactivate(cd, argv[2]);
-                if (k < 0) {
-                        log_error_errno(k, "Failed to deactivate: %m");
-                        goto finish;
-                }
-
-        } else {
-                log_error("Unknown verb %s.", argv[1]);
-                goto finish;
-        }
-
-        r = EXIT_SUCCESS;
-
-finish:
-
-        if (cd)
-                crypt_free(cd);
-
-        free(arg_cipher);
-        free(arg_hash);
-        free(arg_header);
-        strv_free(arg_tcrypt_keyfiles);
-
-        return r;
-}
diff --git a/src/dbus1-generator/Makefile b/src/dbus1-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/dbus1-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/debug-generator/Makefile b/src/debug-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/debug-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/delta/Makefile b/src/delta/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/delta/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/detect-virt/Makefile b/src/detect-virt/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/detect-virt/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/escape/Makefile b/src/escape/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/escape/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/firstboot/Makefile b/src/firstboot/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/firstboot/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/fsck/Makefile b/src/fsck/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/fsck/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
deleted file mode 100644
index d32e1d923e..0000000000
--- a/src/fsck/fsck.c
+++ /dev/null
@@ -1,487 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-  Copyright 2014 Holger Hans Peter Freyther
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <sys/file.h>
-#include <sys/prctl.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-device.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "device-util.h"
-#include "fd-util.h"
-#include "fs-util.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "proc-cmdline.h"
-#include "process-util.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "special.h"
-#include "stdio-util.h"
-#include "util.h"
-
-/* exit codes as defined in fsck(8) */
-enum {
-        FSCK_SUCCESS = 0,
-        FSCK_ERROR_CORRECTED = 1,
-        FSCK_SYSTEM_SHOULD_REBOOT = 2,
-        FSCK_ERRORS_LEFT_UNCORRECTED = 4,
-        FSCK_OPERATIONAL_ERROR = 8,
-        FSCK_USAGE_OR_SYNTAX_ERROR = 16,
-        FSCK_USER_CANCELLED = 32,
-        FSCK_SHARED_LIB_ERROR = 128,
-};
-
-static bool arg_skip = false;
-static bool arg_force = false;
-static bool arg_show_progress = false;
-static const char *arg_repair = "-a";
-
-static void start_target(const char *target, const char *mode) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        assert(target);
-
-        r = bus_connect_system_systemd(&bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get D-Bus connection: %m");
-                return;
-        }
-
-        log_info("Running request %s/start/replace", target);
-
-        /* Start these units only if we can replace base.target with it */
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.systemd1",
-                               "/org/freedesktop/systemd1",
-                               "org.freedesktop.systemd1.Manager",
-                               "StartUnitReplace",
-                               &error,
-                               NULL,
-                               "sss", "basic.target", target, mode);
-
-        /* Don't print a warning if we aren't called during startup */
-        if (r < 0 && !sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_JOB))
-                log_error("Failed to start unit: %s", bus_error_message(&error, r));
-}
-
-static int parse_proc_cmdline_item(const char *key, const char *value) {
-        int r;
-
-        assert(key);
-
-        if (streq(key, "fsck.mode") && value) {
-
-                if (streq(value, "auto"))
-                        arg_force = arg_skip = false;
-                else if (streq(value, "force"))
-                        arg_force = true;
-                else if (streq(value, "skip"))
-                        arg_skip = true;
-                else
-                        log_warning("Invalid fsck.mode= parameter '%s'. Ignoring.", value);
-
-        } else if (streq(key, "fsck.repair") && value) {
-
-                if (streq(value, "preen"))
-                        arg_repair = "-a";
-                else {
-                        r = parse_boolean(value);
-                        if (r > 0)
-                                arg_repair = "-y";
-                        else if (r == 0)
-                                arg_repair = "-n";
-                        else
-                                log_warning("Invalid fsck.repair= parameter '%s'. Ignoring.", value);
-                }
-        }
-
-#ifdef HAVE_SYSV_COMPAT
-        else if (streq(key, "fastboot") && !value) {
-                log_warning("Please pass 'fsck.mode=skip' rather than 'fastboot' on the kernel command line.");
-                arg_skip = true;
-
-        } else if (streq(key, "forcefsck") && !value) {
-                log_warning("Please pass 'fsck.mode=force' rather than 'forcefsck' on the kernel command line.");
-                arg_force = true;
-        }
-#endif
-
-        return 0;
-}
-
-static void test_files(void) {
-
-#ifdef HAVE_SYSV_COMPAT
-        if (access("/fastboot", F_OK) >= 0) {
-                log_error("Please pass 'fsck.mode=skip' on the kernel command line rather than creating /fastboot on the root file system.");
-                arg_skip = true;
-        }
-
-        if (access("/forcefsck", F_OK) >= 0) {
-                log_error("Please pass 'fsck.mode=force' on the kernel command line rather than creating /forcefsck on the root file system.");
-                arg_force = true;
-        }
-#endif
-
-        arg_show_progress = access("/run/systemd/show-status", F_OK) >= 0;
-}
-
-static double percent(int pass, unsigned long cur, unsigned long max) {
-        /* Values stolen from e2fsck */
-
-        static const int pass_table[] = {
-                0, 70, 90, 92, 95, 100
-        };
-
-        if (pass <= 0)
-                return 0.0;
-
-        if ((unsigned) pass >= ELEMENTSOF(pass_table) || max == 0)
-                return 100.0;
-
-        return (double) pass_table[pass-1] +
-                ((double) pass_table[pass] - (double) pass_table[pass-1]) *
-                (double) cur / (double) max;
-}
-
-static int process_progress(int fd) {
-        _cleanup_fclose_ FILE *console = NULL, *f = NULL;
-        usec_t last = 0;
-        bool locked = false;
-        int clear = 0, r;
-
-        /* No progress pipe to process? Then we are a NOP. */
-        if (fd < 0)
-                return 0;
-
-        f = fdopen(fd, "re");
-        if (!f) {
-                safe_close(fd);
-                return -errno;
-        }
-
-        console = fopen("/dev/console", "we");
-        if (!console)
-                return -ENOMEM;
-
-        for (;;) {
-                int pass, m;
-                unsigned long cur, max;
-                _cleanup_free_ char *device = NULL;
-                double p;
-                usec_t t;
-
-                if (fscanf(f, "%i %lu %lu %ms", &pass, &cur, &max, &device) != 4) {
-
-                        if (ferror(f))
-                                r = log_warning_errno(errno, "Failed to read from progress pipe: %m");
-                        else if (feof(f))
-                                r = 0;
-                        else {
-                                log_warning("Failed to parse progress pipe data");
-                                r = -EBADMSG;
-                        }
-                        break;
-                }
-
-                /* Only show one progress counter at max */
-                if (!locked) {
-                        if (flock(fileno(console), LOCK_EX|LOCK_NB) < 0)
-                                continue;
-
-                        locked = true;
-                }
-
-                /* Only update once every 50ms */
-                t = now(CLOCK_MONOTONIC);
-                if (last + 50 * USEC_PER_MSEC > t)
-                        continue;
-
-                last = t;
-
-                p = percent(pass, cur, max);
-                fprintf(console, "\r%s: fsck %3.1f%% complete...\r%n", device, p, &m);
-                fflush(console);
-
-                if (m > clear)
-                        clear = m;
-        }
-
-        if (clear > 0) {
-                unsigned j;
-
-                fputc('\r', console);
-                for (j = 0; j < (unsigned) clear; j++)
-                        fputc(' ', console);
-                fputc('\r', console);
-                fflush(console);
-        }
-
-        return r;
-}
-
-static int fsck_progress_socket(void) {
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/fsck.progress",
-        };
-
-        int fd, r;
-
-        fd = socket(AF_UNIX, SOCK_STREAM, 0);
-        if (fd < 0)
-                return log_warning_errno(errno, "socket(): %m");
-
-        if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
-                r = log_full_errno(errno == ECONNREFUSED || errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
-                                   errno, "Failed to connect to progress socket %s, ignoring: %m", sa.un.sun_path);
-                safe_close(fd);
-                return r;
-        }
-
-        return fd;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_close_pair_ int progress_pipe[2] = { -1, -1 };
-        _cleanup_(sd_device_unrefp) sd_device *dev = NULL;
-        const char *device, *type;
-        bool root_directory;
-        siginfo_t status;
-        struct stat st;
-        int r;
-        pid_t pid;
-
-        if (argc > 2) {
-                log_error("This program expects one or no arguments.");
-                return EXIT_FAILURE;
-        }
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        r = parse_proc_cmdline(parse_proc_cmdline_item);
-        if (r < 0)
-                log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
-
-        test_files();
-
-        if (!arg_force && arg_skip) {
-                r = 0;
-                goto finish;
-        }
-
-        if (argc > 1) {
-                device = argv[1];
-
-                if (stat(device, &st) < 0) {
-                        r = log_error_errno(errno, "Failed to stat %s: %m", device);
-                        goto finish;
-                }
-
-                if (!S_ISBLK(st.st_mode)) {
-                        log_error("%s is not a block device.", device);
-                        r = -EINVAL;
-                        goto finish;
-                }
-
-                r = sd_device_new_from_devnum(&dev, 'b', st.st_rdev);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to detect device %s: %m", device);
-                        goto finish;
-                }
-
-                root_directory = false;
-        } else {
-                struct timespec times[2];
-
-                /* Find root device */
-
-                if (stat("/", &st) < 0) {
-                        r = log_error_errno(errno, "Failed to stat() the root directory: %m");
-                        goto finish;
-                }
-
-                /* Virtual root devices don't need an fsck */
-                if (major(st.st_dev) == 0) {
-                        log_debug("Root directory is virtual or btrfs, skipping check.");
-                        r = 0;
-                        goto finish;
-                }
-
-                /* check if we are already writable */
-                times[0] = st.st_atim;
-                times[1] = st.st_mtim;
-
-                if (utimensat(AT_FDCWD, "/", times, 0) == 0) {
-                        log_info("Root directory is writable, skipping check.");
-                        r = 0;
-                        goto finish;
-                }
-
-                r = sd_device_new_from_devnum(&dev, 'b', st.st_dev);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to detect root device: %m");
-                        goto finish;
-                }
-
-                r = sd_device_get_devname(dev, &device);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to detect device node of root directory: %m");
-                        goto finish;
-                }
-
-                root_directory = true;
-        }
-
-        r = sd_device_get_property_value(dev, "ID_FS_TYPE", &type);
-        if (r >= 0) {
-                r = fsck_exists(type);
-                if (r < 0)
-                        log_warning_errno(r, "Couldn't detect if fsck.%s may be used for %s, proceeding: %m", type, device);
-                else if (r == 0) {
-                        log_info("fsck.%s doesn't exist, not checking file system on %s.", type, device);
-                        goto finish;
-                }
-        }
-
-        if (arg_show_progress) {
-                if (pipe(progress_pipe) < 0) {
-                        r = log_error_errno(errno, "pipe(): %m");
-                        goto finish;
-                }
-        }
-
-        pid = fork();
-        if (pid < 0) {
-                r = log_error_errno(errno, "fork(): %m");
-                goto finish;
-        }
-        if (pid == 0) {
-                char dash_c[sizeof("-C")-1 + DECIMAL_STR_MAX(int) + 1];
-                int progress_socket = -1;
-                const char *cmdline[9];
-                int i = 0;
-
-                /* Child */
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
-
-                /* Close the reading side of the progress pipe */
-                progress_pipe[0] = safe_close(progress_pipe[0]);
-
-                /* Try to connect to a progress management daemon, if there is one */
-                progress_socket = fsck_progress_socket();
-                if (progress_socket >= 0) {
-                        /* If this worked we close the progress pipe early, and just use the socket */
-                        progress_pipe[1] = safe_close(progress_pipe[1]);
-                        xsprintf(dash_c, "-C%i", progress_socket);
-                } else if (progress_pipe[1] >= 0) {
-                        /* Otherwise if we have the progress pipe to our own local handle, we use it */
-                        xsprintf(dash_c, "-C%i", progress_pipe[1]);
-                } else
-                        dash_c[0] = 0;
-
-                cmdline[i++] = "/sbin/fsck";
-                cmdline[i++] =  arg_repair;
-                cmdline[i++] = "-T";
-
-                /*
-                 * Since util-linux v2.25 fsck uses /run/fsck/<diskname>.lock files.
-                 * The previous versions use flock for the device and conflict with
-                 * udevd, see https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
-                 */
-                cmdline[i++] = "-l";
-
-                if (!root_directory)
-                        cmdline[i++] = "-M";
-
-                if (arg_force)
-                        cmdline[i++] = "-f";
-
-                if (!isempty(dash_c))
-                        cmdline[i++] = dash_c;
-
-                cmdline[i++] = device;
-                cmdline[i++] = NULL;
-
-                execv(cmdline[0], (char**) cmdline);
-                _exit(FSCK_OPERATIONAL_ERROR);
-        }
-
-        progress_pipe[1] = safe_close(progress_pipe[1]);
-        (void) process_progress(progress_pipe[0]);
-        progress_pipe[0] = -1;
-
-        r = wait_for_terminate(pid, &status);
-        if (r < 0) {
-                log_error_errno(r, "waitid(): %m");
-                goto finish;
-        }
-
-        if (status.si_code != CLD_EXITED || (status.si_status & ~1)) {
-
-                if (status.si_code == CLD_KILLED || status.si_code == CLD_DUMPED)
-                        log_error("fsck terminated by signal %s.", signal_to_string(status.si_status));
-                else if (status.si_code == CLD_EXITED)
-                        log_error("fsck failed with error code %i.", status.si_status);
-                else
-                        log_error("fsck failed due to unknown reason.");
-
-                r = -EINVAL;
-
-                if (status.si_code == CLD_EXITED && (status.si_status & FSCK_SYSTEM_SHOULD_REBOOT) && root_directory)
-                        /* System should be rebooted. */
-                        start_target(SPECIAL_REBOOT_TARGET, "replace-irreversibly");
-                else if (status.si_code == CLD_EXITED && (status.si_status & (FSCK_SYSTEM_SHOULD_REBOOT | FSCK_ERRORS_LEFT_UNCORRECTED)))
-                        /* Some other problem */
-                        start_target(SPECIAL_EMERGENCY_TARGET, "replace");
-                else {
-                        log_warning("Ignoring error.");
-                        r = 0;
-                }
-
-        } else
-                r = 0;
-
-        if (status.si_code == CLD_EXITED && (status.si_status & FSCK_ERROR_CORRECTED))
-                (void) touch("/run/systemd/quotacheck");
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/fstab-generator/Makefile b/src/fstab-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/fstab-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/getty-generator/Makefile b/src/getty-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/getty-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/gpt-auto-generator/Makefile b/src/gpt-auto-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/gpt-auto-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
deleted file mode 100644
index a4938a7c3a..0000000000
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ /dev/null
@@ -1,1042 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <blkid/blkid.h>
-#include <stdlib.h>
-#include <sys/statfs.h>
-#include <unistd.h>
-
-#include "libudev.h"
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "blkid-util.h"
-#include "btrfs-util.h"
-#include "dirent-util.h"
-#include "efivars.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fstab-util.h"
-#include "generator.h"
-#include "gpt.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "mount-util.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "proc-cmdline.h"
-#include "special.h"
-#include "stat-util.h"
-#include "string-util.h"
-#include "udev-util.h"
-#include "unit-name.h"
-#include "util.h"
-#include "virt.h"
-
-static const char *arg_dest = "/tmp";
-static bool arg_enabled = true;
-static bool arg_root_enabled = true;
-static bool arg_root_rw = false;
-
-static int add_cryptsetup(const char *id, const char *what, bool rw, char **device) {
-        _cleanup_free_ char *e = NULL, *n = NULL, *p = NULL, *d = NULL, *to = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        char *from, *ret;
-        int r;
-
-        assert(id);
-        assert(what);
-        assert(device);
-
-        r = unit_name_from_path(what, ".device", &d);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate unit name: %m");
-
-        e = unit_name_escape(id);
-        if (!e)
-                return log_oom();
-
-        r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate unit name: %m");
-
-        p = strjoin(arg_dest, "/", n, NULL);
-        if (!p)
-                return log_oom();
-
-        f = fopen(p, "wxe");
-        if (!f)
-                return log_error_errno(errno, "Failed to create unit file %s: %m", p);
-
-        fprintf(f,
-                "# Automatically generated by systemd-gpt-auto-generator\n\n"
-                "[Unit]\n"
-                "Description=Cryptography Setup for %%I\n"
-                "Documentation=man:systemd-gpt-auto-generator(8) man:systemd-cryptsetup@.service(8)\n"
-                "DefaultDependencies=no\n"
-                "Conflicts=umount.target\n"
-                "BindsTo=dev-mapper-%%i.device %s\n"
-                "Before=umount.target cryptsetup.target\n"
-                "After=%s\n"
-                "IgnoreOnIsolate=true\n"
-                "[Service]\n"
-                "Type=oneshot\n"
-                "RemainAfterExit=yes\n"
-                "TimeoutSec=0\n" /* the binary handles timeouts anyway */
-                "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '' '%s'\n"
-                "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
-                d, d,
-                id, what, rw ? "" : "read-only",
-                id);
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write file %s: %m", p);
-
-        from = strjoina("../", n);
-
-        to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
-        if (!to)
-                return log_oom();
-
-        mkdir_parents_label(to, 0755);
-        if (symlink(from, to) < 0)
-                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
-
-        free(to);
-        to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
-        if (!to)
-                return log_oom();
-
-        mkdir_parents_label(to, 0755);
-        if (symlink(from, to) < 0)
-                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
-
-        free(to);
-        to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
-        if (!to)
-                return log_oom();
-
-        mkdir_parents_label(to, 0755);
-        if (symlink(from, to) < 0)
-                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
-
-        free(p);
-        p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
-        if (!p)
-                return log_oom();
-
-        mkdir_parents_label(p, 0755);
-        r = write_string_file(p,
-                        "# Automatically generated by systemd-gpt-auto-generator\n\n"
-                        "[Unit]\n"
-                        "JobTimeoutSec=0\n",
-                        WRITE_STRING_FILE_CREATE); /* the binary handles timeouts anyway */
-        if (r < 0)
-                return log_error_errno(r, "Failed to write device drop-in: %m");
-
-        ret = strappend("/dev/mapper/", id);
-        if (!ret)
-                return log_oom();
-
-        *device = ret;
-        return 0;
-}
-
-static int add_mount(
-                const char *id,
-                const char *what,
-                const char *where,
-                const char *fstype,
-                bool rw,
-                const char *options,
-                const char *description,
-                const char *post) {
-
-        _cleanup_free_ char *unit = NULL, *lnk = NULL, *crypto_what = NULL, *p = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(id);
-        assert(what);
-        assert(where);
-        assert(description);
-
-        log_debug("Adding %s: %s %s", where, what, strna(fstype));
-
-        if (streq_ptr(fstype, "crypto_LUKS")) {
-
-                r = add_cryptsetup(id, what, rw, &crypto_what);
-                if (r < 0)
-                        return r;
-
-                what = crypto_what;
-                fstype = NULL;
-        }
-
-        r = unit_name_from_path(where, ".mount", &unit);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate unit name: %m");
-
-        p = strjoin(arg_dest, "/", unit, NULL);
-        if (!p)
-                return log_oom();
-
-        f = fopen(p, "wxe");
-        if (!f)
-                return log_error_errno(errno, "Failed to create unit file %s: %m", unit);
-
-        fprintf(f,
-                "# Automatically generated by systemd-gpt-auto-generator\n\n"
-                "[Unit]\n"
-                "Description=%s\n"
-                "Documentation=man:systemd-gpt-auto-generator(8)\n",
-                description);
-
-        if (post)
-                fprintf(f, "Before=%s\n", post);
-
-        r = generator_write_fsck_deps(f, arg_dest, what, where, fstype);
-        if (r < 0)
-                return r;
-
-        fprintf(f,
-                "\n"
-                "[Mount]\n"
-                "What=%s\n"
-                "Where=%s\n",
-                what, where);
-
-        if (fstype)
-                fprintf(f, "Type=%s\n", fstype);
-
-        if (options)
-                fprintf(f, "Options=%s,%s\n", options, rw ? "rw" : "ro");
-        else
-                fprintf(f, "Options=%s\n", rw ? "rw" : "ro");
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write unit file %s: %m", p);
-
-        if (post) {
-                lnk = strjoin(arg_dest, "/", post, ".requires/", unit, NULL);
-                if (!lnk)
-                        return log_oom();
-
-                mkdir_parents_label(lnk, 0755);
-                if (symlink(p, lnk) < 0)
-                        return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
-        }
-
-        return 0;
-}
-
-static bool path_is_busy(const char *where) {
-        int r;
-
-        /* already a mountpoint; generators run during reload */
-        r = path_is_mount_point(where, AT_SYMLINK_FOLLOW);
-        if (r > 0)
-                return false;
-
-        /* the directory might not exist on a stateless system */
-        if (r == -ENOENT)
-                return false;
-
-        if (r < 0)
-                return true;
-
-        /* not a mountpoint but it contains files */
-        if (dir_is_empty(where) <= 0)
-                return true;
-
-        return false;
-}
-
-static int probe_and_add_mount(
-                const char *id,
-                const char *what,
-                const char *where,
-                bool rw,
-                const char *description,
-                const char *post) {
-
-        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
-        const char *fstype = NULL;
-        int r;
-
-        assert(id);
-        assert(what);
-        assert(where);
-        assert(description);
-
-        if (path_is_busy(where)) {
-                log_debug("%s already populated, ignoring.", where);
-                return 0;
-        }
-
-        /* Let's check the partition type here, so that we know
-         * whether to do LUKS magic. */
-
-        errno = 0;
-        b = blkid_new_probe_from_filename(what);
-        if (!b) {
-                if (errno == 0)
-                        return log_oom();
-                return log_error_errno(errno, "Failed to allocate prober: %m");
-        }
-
-        blkid_probe_enable_superblocks(b, 1);
-        blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
-
-        errno = 0;
-        r = blkid_do_safeprobe(b);
-        if (r == -2 || r == 1) /* no result or uncertain */
-                return 0;
-        else if (r != 0)
-                return log_error_errno(errno ?: EIO, "Failed to probe %s: %m", what);
-
-        /* add_mount is OK with fstype being NULL. */
-        (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
-
-        return add_mount(
-                        id,
-                        what,
-                        where,
-                        fstype,
-                        rw,
-                        NULL,
-                        description,
-                        post);
-}
-
-static int add_swap(const char *path) {
-        _cleanup_free_ char *name = NULL, *unit = NULL, *lnk = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(path);
-
-        log_debug("Adding swap: %s", path);
-
-        r = unit_name_from_path(path, ".swap", &name);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate unit name: %m");
-
-        unit = strjoin(arg_dest, "/", name, NULL);
-        if (!unit)
-                return log_oom();
-
-        f = fopen(unit, "wxe");
-        if (!f)
-                return log_error_errno(errno, "Failed to create unit file %s: %m", unit);
-
-        fprintf(f,
-                "# Automatically generated by systemd-gpt-auto-generator\n\n"
-                "[Unit]\n"
-                "Description=Swap Partition\n"
-                "Documentation=man:systemd-gpt-auto-generator(8)\n\n"
-                "[Swap]\n"
-                "What=%s\n",
-                path);
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write unit file %s: %m", unit);
-
-        lnk = strjoin(arg_dest, "/" SPECIAL_SWAP_TARGET ".wants/", name, NULL);
-        if (!lnk)
-                return log_oom();
-
-        mkdir_parents_label(lnk, 0755);
-        if (symlink(unit, lnk) < 0)
-                return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
-
-        return 0;
-}
-
-#ifdef ENABLE_EFI
-static int add_automount(
-                const char *id,
-                const char *what,
-                const char *where,
-                const char *fstype,
-                bool rw,
-                const char *options,
-                const char *description,
-                usec_t timeout) {
-
-        _cleanup_free_ char *unit = NULL, *lnk = NULL;
-        _cleanup_free_ char *opt, *p = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(id);
-        assert(where);
-        assert(description);
-
-        if (options)
-                opt = strjoin(options, ",noauto", NULL);
-        else
-                opt = strdup("noauto");
-        if (!opt)
-                return log_oom();
-
-        r = add_mount(id,
-                      what,
-                      where,
-                      fstype,
-                      rw,
-                      opt,
-                      description,
-                      NULL);
-        if (r < 0)
-                return r;
-
-        r = unit_name_from_path(where, ".automount", &unit);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate unit name: %m");
-
-        p = strjoin(arg_dest, "/", unit, NULL);
-        if (!p)
-                return log_oom();
-
-        f = fopen(p, "wxe");
-        if (!f)
-                return log_error_errno(errno, "Failed to create unit file %s: %m", unit);
-
-        fprintf(f,
-                "# Automatically generated by systemd-gpt-auto-generator\n\n"
-                "[Unit]\n"
-                "Description=%s\n"
-                "Documentation=man:systemd-gpt-auto-generator(8)\n"
-                "[Automount]\n"
-                "Where=%s\n"
-                "TimeoutIdleSec=%lld\n",
-                description,
-                where,
-                (unsigned long long)timeout / USEC_PER_SEC);
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write unit file %s: %m", p);
-
-        lnk = strjoin(arg_dest, "/" SPECIAL_LOCAL_FS_TARGET ".wants/", unit, NULL);
-        if (!lnk)
-                return log_oom();
-        mkdir_parents_label(lnk, 0755);
-
-        if (symlink(p, lnk) < 0)
-                return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
-
-        return 0;
-}
-
-static int add_boot(const char *what) {
-        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
-        const char *fstype = NULL, *uuid = NULL;
-        sd_id128_t id, type_id;
-        int r;
-
-        assert(what);
-
-        if (!is_efi_boot()) {
-                log_debug("Not an EFI boot, ignoring /boot.");
-                return 0;
-        }
-
-        if (in_initrd()) {
-                log_debug("In initrd, ignoring /boot.");
-                return 0;
-        }
-
-        if (detect_container() > 0) {
-                log_debug("In a container, ignoring /boot.");
-                return 0;
-        }
-
-        /* We create an .automount which is not overridden by the .mount from the fstab generator. */
-        if (fstab_is_mount_point("/boot")) {
-                log_debug("/boot specified in fstab, ignoring.");
-                return 0;
-        }
-
-        if (path_is_busy("/boot")) {
-                log_debug("/boot already populated, ignoring.");
-                return 0;
-        }
-
-        r = efi_loader_get_device_part_uuid(&id);
-        if (r == -ENOENT) {
-                log_debug("EFI loader partition unknown.");
-                return 0;
-        }
-
-        if (r < 0) {
-                log_error_errno(r, "Failed to read ESP partition UUID: %m");
-                return r;
-        }
-
-        errno = 0;
-        b = blkid_new_probe_from_filename(what);
-        if (!b) {
-                if (errno == 0)
-                        return log_oom();
-                return log_error_errno(errno, "Failed to allocate prober: %m");
-        }
-
-        blkid_probe_enable_partitions(b, 1);
-        blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
-
-        errno = 0;
-        r = blkid_do_safeprobe(b);
-        if (r == -2 || r == 1) /* no result or uncertain */
-                return 0;
-        else if (r != 0)
-                return log_error_errno(errno ?: EIO, "Failed to probe %s: %m", what);
-
-        (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
-        if (!streq_ptr(fstype, "vfat")) {
-                log_debug("Partition for /boot is not a FAT filesystem, ignoring.");
-                return 0;
-        }
-
-        errno = 0;
-        r = blkid_probe_lookup_value(b, "PART_ENTRY_UUID", &uuid, NULL);
-        if (r != 0) {
-                log_debug_errno(errno, "Partition for /boot does not have a UUID, ignoring.");
-                return 0;
-        }
-
-        if (sd_id128_from_string(uuid, &type_id) < 0) {
-                log_debug("Partition for /boot does not have a valid UUID, ignoring.");
-                return 0;
-        }
-
-        if (!sd_id128_equal(type_id, id)) {
-                log_debug("Partition for /boot does not appear to be the partition we are booted from.");
-                return 0;
-        }
-
-        r = add_automount("boot",
-                       what,
-                       "/boot",
-                       "vfat",
-                       true,
-                       "umask=0077",
-                       "EFI System Partition Automount",
-                       120 * USEC_PER_SEC);
-
-        return r;
-}
-#else
-static int add_boot(const char *what) {
-        return 0;
-}
-#endif
-
-static int enumerate_partitions(dev_t devnum) {
-
-        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        _cleanup_free_ char *boot = NULL, *home = NULL, *srv = NULL;
-        struct udev_list_entry *first, *item;
-        struct udev_device *parent = NULL;
-        const char *name, *node, *pttype, *devtype;
-        int boot_nr = -1, home_nr = -1, srv_nr = -1;
-        bool home_rw = true, srv_rw = true;
-        blkid_partlist pl;
-        int r, k;
-        dev_t pn;
-
-        udev = udev_new();
-        if (!udev)
-                return log_oom();
-
-        d = udev_device_new_from_devnum(udev, 'b', devnum);
-        if (!d)
-                return log_oom();
-
-        name = udev_device_get_devnode(d);
-        if (!name)
-                name = udev_device_get_syspath(d);
-        if (!name) {
-                log_debug("Device %u:%u does not have a name, ignoring.",
-                          major(devnum), minor(devnum));
-                return 0;
-        }
-
-        parent = udev_device_get_parent(d);
-        if (!parent) {
-                log_debug("%s: not a partitioned device, ignoring.", name);
-                return 0;
-        }
-
-        /* Does it have a devtype? */
-        devtype = udev_device_get_devtype(parent);
-        if (!devtype) {
-                log_debug("%s: parent doesn't have a device type, ignoring.", name);
-                return 0;
-        }
-
-        /* Is this a disk or a partition? We only care for disks... */
-        if (!streq(devtype, "disk")) {
-                log_debug("%s: parent isn't a raw disk, ignoring.", name);
-                return 0;
-        }
-
-        /* Does it have a device node? */
-        node = udev_device_get_devnode(parent);
-        if (!node) {
-                log_debug("%s: parent device does not have device node, ignoring.", name);
-                return 0;
-        }
-
-        log_debug("%s: root device %s.", name, node);
-
-        pn = udev_device_get_devnum(parent);
-        if (major(pn) == 0)
-                return 0;
-
-        errno = 0;
-        b = blkid_new_probe_from_filename(node);
-        if (!b) {
-                if (errno == 0)
-                        return log_oom();
-
-                return log_error_errno(errno, "%s: failed to allocate prober: %m", node);
-        }
-
-        blkid_probe_enable_partitions(b, 1);
-        blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
-
-        errno = 0;
-        r = blkid_do_safeprobe(b);
-        if (r == 1)
-                return 0; /* no results */
-        else if (r == -2) {
-                log_warning("%s: probe gave ambiguous results, ignoring.", node);
-                return 0;
-        } else if (r != 0)
-                return log_error_errno(errno ?: EIO, "%s: failed to probe: %m", node);
-
-        errno = 0;
-        r = blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
-        if (r != 0) {
-                if (errno == 0)
-                        return 0; /* No partition table found. */
-
-                return log_error_errno(errno, "%s: failed to determine partition table type: %m", node);
-        }
-
-        /* We only do this all for GPT... */
-        if (!streq_ptr(pttype, "gpt")) {
-                log_debug("%s: not a GPT partition table, ignoring.", node);
-                return 0;
-        }
-
-        errno = 0;
-        pl = blkid_probe_get_partitions(b);
-        if (!pl) {
-                if (errno == 0)
-                        return log_oom();
-
-                return log_error_errno(errno, "%s: failed to list partitions: %m", node);
-        }
-
-        e = udev_enumerate_new(udev);
-        if (!e)
-                return log_oom();
-
-        r = udev_enumerate_add_match_parent(e, parent);
-        if (r < 0)
-                return log_oom();
-
-        r = udev_enumerate_add_match_subsystem(e, "block");
-        if (r < 0)
-                return log_oom();
-
-        r = udev_enumerate_scan_devices(e);
-        if (r < 0)
-                return log_error_errno(r, "%s: failed to enumerate partitions: %m", node);
-
-        first = udev_enumerate_get_list_entry(e);
-        udev_list_entry_foreach(item, first) {
-                _cleanup_udev_device_unref_ struct udev_device *q;
-                unsigned long long flags;
-                const char *stype, *subnode;
-                sd_id128_t type_id;
-                blkid_partition pp;
-                dev_t qn;
-                int nr;
-
-                q = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
-                if (!q)
-                        continue;
-
-                qn = udev_device_get_devnum(q);
-                if (major(qn) == 0)
-                        continue;
-
-                if (qn == devnum)
-                        continue;
-
-                if (qn == pn)
-                        continue;
-
-                subnode = udev_device_get_devnode(q);
-                if (!subnode)
-                        continue;
-
-                pp = blkid_partlist_devno_to_partition(pl, qn);
-                if (!pp)
-                        continue;
-
-                nr = blkid_partition_get_partno(pp);
-                if (nr < 0)
-                        continue;
-
-                stype = blkid_partition_get_type_string(pp);
-                if (!stype)
-                        continue;
-
-                if (sd_id128_from_string(stype, &type_id) < 0)
-                        continue;
-
-                flags = blkid_partition_get_flags(pp);
-
-                if (sd_id128_equal(type_id, GPT_SWAP)) {
-
-                        if (flags & GPT_FLAG_NO_AUTO)
-                                continue;
-
-                        if (flags & GPT_FLAG_READ_ONLY) {
-                                log_debug("%s marked as read-only swap partition, which is bogus. Ignoring.", subnode);
-                                continue;
-                        }
-
-                        k = add_swap(subnode);
-                        if (k < 0)
-                                r = k;
-
-                } else if (sd_id128_equal(type_id, GPT_ESP)) {
-
-                        /* We only care for the first /boot partition */
-                        if (boot && nr >= boot_nr)
-                                continue;
-
-                        /* Note that we do not honour the "no-auto"
-                         * flag for the ESP, as it is often unset, to
-                         * hide it from Windows. */
-
-                        boot_nr = nr;
-
-                        r = free_and_strdup(&boot, subnode);
-                        if (r < 0)
-                                return log_oom();
-
-                } else if (sd_id128_equal(type_id, GPT_HOME)) {
-
-                        if (flags & GPT_FLAG_NO_AUTO)
-                                continue;
-
-                        /* We only care for the first /home partition */
-                        if (home && nr >= home_nr)
-                                continue;
-
-                        home_nr = nr;
-                        home_rw = !(flags & GPT_FLAG_READ_ONLY),
-
-                        r = free_and_strdup(&home, subnode);
-                        if (r < 0)
-                                return log_oom();
-
-                } else if (sd_id128_equal(type_id, GPT_SRV)) {
-
-                        if (flags & GPT_FLAG_NO_AUTO)
-                                continue;
-
-                        /* We only care for the first /srv partition */
-                        if (srv && nr >= srv_nr)
-                                continue;
-
-                        srv_nr = nr;
-                        srv_rw = !(flags & GPT_FLAG_READ_ONLY),
-
-                        r = free_and_strdup(&srv, subnode);
-                        if (r < 0)
-                                return log_oom();
-                }
-        }
-
-        if (boot) {
-                k = add_boot(boot);
-                if (k < 0)
-                        r = k;
-        }
-
-        if (home) {
-                k = probe_and_add_mount("home", home, "/home", home_rw, "Home Partition", SPECIAL_LOCAL_FS_TARGET);
-                if (k < 0)
-                        r = k;
-        }
-
-        if (srv) {
-                k = probe_and_add_mount("srv", srv, "/srv", srv_rw, "Server Data Partition", SPECIAL_LOCAL_FS_TARGET);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int get_block_device(const char *path, dev_t *dev) {
-        struct stat st;
-        struct statfs sfs;
-
-        assert(path);
-        assert(dev);
-
-        /* Get's the block device directly backing a file system. If
-         * the block device is encrypted, returns the device mapper
-         * block device. */
-
-        if (lstat(path, &st))
-                return -errno;
-
-        if (major(st.st_dev) != 0) {
-                *dev = st.st_dev;
-                return 1;
-        }
-
-        if (statfs(path, &sfs) < 0)
-                return -errno;
-
-        if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC))
-                return btrfs_get_block_device(path, dev);
-
-        return 0;
-}
-
-static int get_block_device_harder(const char *path, dev_t *dev) {
-        _cleanup_closedir_ DIR *d = NULL;
-        _cleanup_free_ char *p = NULL, *t = NULL;
-        struct dirent *de, *found = NULL;
-        const char *q;
-        unsigned maj, min;
-        dev_t dt;
-        int r;
-
-        assert(path);
-        assert(dev);
-
-        /* Gets the backing block device for a file system, and
-         * handles LUKS encrypted file systems, looking for its
-         * immediate parent, if there is one. */
-
-        r = get_block_device(path, &dt);
-        if (r <= 0)
-                return r;
-
-        if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0)
-                return -ENOMEM;
-
-        d = opendir(p);
-        if (!d) {
-                if (errno == ENOENT)
-                        goto fallback;
-
-                return -errno;
-        }
-
-        FOREACH_DIRENT_ALL(de, d, return -errno) {
-
-                if (STR_IN_SET(de->d_name, ".", ".."))
-                        continue;
-
-                if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
-                        continue;
-
-                if (found) /* Don't try to support multiple backing block devices */
-                        goto fallback;
-
-                found = de;
-        }
-
-        if (!found)
-                goto fallback;
-
-        q = strjoina(p, "/", found->d_name, "/dev");
-
-        r = read_one_line_file(q, &t);
-        if (r == -ENOENT)
-                goto fallback;
-        if (r < 0)
-                return r;
-
-        if (sscanf(t, "%u:%u", &maj, &min) != 2)
-                return -EINVAL;
-
-        if (maj == 0)
-                goto fallback;
-
-        *dev = makedev(maj, min);
-        return 1;
-
-fallback:
-        *dev = dt;
-        return 1;
-}
-
-static int parse_proc_cmdline_item(const char *key, const char *value) {
-        int r;
-
-        assert(key);
-
-        if (STR_IN_SET(key, "systemd.gpt_auto", "rd.systemd.gpt_auto") && value) {
-
-                r = parse_boolean(value);
-                if (r < 0)
-                        log_warning("Failed to parse gpt-auto switch \"%s\". Ignoring.", value);
-                else
-                        arg_enabled = r;
-
-        } else if (streq(key, "root") && value) {
-
-                /* Disable root disk logic if there's a root= value
-                 * specified (unless it happens to be "gpt-auto") */
-
-                arg_root_enabled = streq(value, "gpt-auto");
-
-        } else if (streq(key, "rw") && !value)
-                arg_root_rw = true;
-        else if (streq(key, "ro") && !value)
-                arg_root_rw = false;
-
-        return 0;
-}
-
-static int add_root_mount(void) {
-
-#ifdef ENABLE_EFI
-        int r;
-
-        if (!is_efi_boot()) {
-                log_debug("Not a EFI boot, not creating root mount.");
-                return 0;
-        }
-
-        r = efi_loader_get_device_part_uuid(NULL);
-        if (r == -ENOENT) {
-                log_debug("EFI loader partition unknown, exiting.");
-                return 0;
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to read ESP partition UUID: %m");
-
-        /* OK, we have an ESP partition, this is fantastic, so let's
-         * wait for a root device to show up. A udev rule will create
-         * the link for us under the right name. */
-
-        if (in_initrd()) {
-                r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root");
-                if (r < 0)
-                        return 0;
-        }
-
-        return add_mount(
-                        "root",
-                        "/dev/gpt-auto-root",
-                        in_initrd() ? "/sysroot" : "/",
-                        NULL,
-                        arg_root_rw,
-                        NULL,
-                        "Root Partition",
-                        in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
-#else
-        return 0;
-#endif
-}
-
-static int add_mounts(void) {
-        dev_t devno;
-        int r;
-
-        r = get_block_device_harder("/", &devno);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine block device of root file system: %m");
-        else if (r == 0) {
-                r = get_block_device_harder("/usr", &devno);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to determine block device of /usr file system: %m");
-                else if (r == 0) {
-                        log_debug("Neither root nor /usr file system are on a (single) block device.");
-                        return 0;
-                }
-        }
-
-        return enumerate_partitions(devno);
-}
-
-int main(int argc, char *argv[]) {
-        int r = 0;
-
-        if (argc > 1 && argc != 4) {
-                log_error("This program takes three or no arguments.");
-                return EXIT_FAILURE;
-        }
-
-        if (argc > 1)
-                arg_dest = argv[3];
-
-        log_set_target(LOG_TARGET_SAFE);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (detect_container() > 0) {
-                log_debug("In a container, exiting.");
-                return EXIT_SUCCESS;
-        }
-
-        r = parse_proc_cmdline(parse_proc_cmdline_item);
-        if (r < 0)
-                log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
-
-        if (!arg_enabled) {
-                log_debug("Disabled, exiting.");
-                return EXIT_SUCCESS;
-        }
-
-        if (arg_root_enabled)
-                r = add_root_mount();
-
-        if (!in_initrd()) {
-                int k;
-
-                k = add_mounts();
-                if (k < 0)
-                        r = k;
-        }
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/grp-boot/Makefile b/src/grp-boot/Makefile
new file mode 100644
index 0000000000..922d8a32d3
--- /dev/null
+++ b/src/grp-boot/Makefile
@@ -0,0 +1,28 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += bootctl systemd-boot
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-boot/bootctl/Makefile b/src/grp-boot/bootctl/Makefile
new file mode 100644
index 0000000000..84253d2387
--- /dev/null
+++ b/src/grp-boot/bootctl/Makefile
@@ -0,0 +1,54 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_EFI),)
+ifneq ($(HAVE_BLKID),)
+bootctl_SOURCES = \
+	src/boot/bootctl.c
+
+bootctl_CPPFLAGS = \
+	$(AM_CPPFLAGS) \
+	-DEFI_MACHINE_TYPE_NAME=\"$(EFI_MACHINE_TYPE_NAME)\" \
+	-DBOOTLIBDIR=\"$(bootlibdir)\"
+
+bootctl_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(BLKID_CFLAGS)
+
+bootctl_LDADD = \
+	libshared.la \
+	$(BLKID_LIBS)
+
+bin_PROGRAMS += \
+	bootctl
+
+dist_bashcompletion_data += \
+	shell-completion/bash/bootctl
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_bootctl
+endif # HAVE_BLKID
+endif # ENABLE_EFI
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/boot/bootctl.c b/src/grp-boot/bootctl/bootctl.c
index 4a356d25d1..4a356d25d1 100644
--- a/src/boot/bootctl.c
+++ b/src/grp-boot/bootctl/bootctl.c
diff --git a/src/boot/efi/.gitignore b/src/grp-boot/systemd-boot/.gitignore
index e193acbe12..e193acbe12 100644
--- a/src/boot/efi/.gitignore
+++ b/src/grp-boot/systemd-boot/.gitignore
diff --git a/src/grp-boot/systemd-boot/Makefile b/src/grp-boot/systemd-boot/Makefile
new file mode 100644
index 0000000000..5b53fdc7e4
--- /dev/null
+++ b/src/grp-boot/systemd-boot/Makefile
@@ -0,0 +1,194 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_EFI),)
+ifneq ($(HAVE_GNUEFI),)
+efi_cppflags = \
+	$(EFI_CPPFLAGS) \
+	-I$(top_builddir) -include config.h \
+	-I$(EFI_INC_DIR)/efi \
+	-I$(EFI_INC_DIR)/efi/$(EFI_ARCH) \
+	-DEFI_MACHINE_TYPE_NAME=\"$(EFI_MACHINE_TYPE_NAME)\"
+
+efi_cflags = \
+	$(EFI_CFLAGS) \
+	-Wall \
+	-Wextra \
+	-std=gnu90 \
+	-nostdinc \
+	-ggdb -O0 \
+	-fpic \
+	-fshort-wchar \
+	-nostdinc \
+	-ffreestanding \
+	-fno-strict-aliasing \
+	-fno-stack-protector \
+	-Wsign-compare \
+	-Wno-missing-field-initializers
+
+ifneq ($(ARCH_X86_64),)
+efi_cflags += \
+	-mno-red-zone \
+	-mno-sse \
+	-mno-mmx \
+	-DEFI_FUNCTION_WRAPPER \
+	-DGNU_EFI_USE_MS_ABI
+endif # ARCH_X86_64
+
+ifneq ($(ARCH_IA32),)
+efi_cflags += \
+	-mno-sse \
+	-mno-mmx
+endif # ARCH_IA32
+
+efi_ldflags = \
+	$(EFI_LDFLAGS) \
+	-T $(EFI_LDS_DIR)/elf_$(EFI_ARCH)_efi.lds \
+	-shared \
+	-Bsymbolic \
+	-nostdlib \
+	-znocombreloc \
+	-L $(EFI_LIB_DIR) \
+	$(EFI_LDS_DIR)/crt0-efi-$(EFI_ARCH).o
+
+# Aarch64 and ARM32 don't have an EFI capable objcopy. Use 'binary' instead,
+# and add required symbols manually.
+ifneq ($(ARCH_AARCH64),)
+efi_ldflags += --defsym=EFI_SUBSYSTEM=0xa
+EFI_FORMAT = -O binary
+else
+EFI_FORMAT = --target=efi-app-$(EFI_ARCH)
+endif # ARCH_AARCH64
+endif # HAVE_GNUEFI
+endif # ENABLE_EFI
+
+# ------------------------------------------------------------------------------
+systemd_boot_headers = \
+	src/boot/efi/util.h \
+	src/boot/efi/console.h \
+	src/boot/efi/graphics.h \
+	src/boot/efi/pefile.h \
+	src/boot/efi/measure.h \
+	src/boot/efi/disk.h
+
+systemd_boot_sources = \
+	src/boot/efi/util.c \
+	src/boot/efi/console.c \
+	src/boot/efi/graphics.c \
+	src/boot/efi/pefile.c \
+	src/boot/efi/disk.c \
+	src/boot/efi/measure.c \
+	src/boot/efi/boot.c
+
+EXTRA_DIST += $(systemd_boot_sources) $(systemd_boot_headers)
+
+systemd_boot_objects = $(addprefix $(top_builddir)/,$(systemd_boot_sources:.c=.o))
+systemd_boot_solib = $(top_builddir)/src/boot/efi/systemd_boot.so
+systemd_boot = systemd-boot$(EFI_MACHINE_TYPE_NAME).efi
+
+ifneq ($(ENABLE_EFI),)
+ifneq ($(HAVE_GNUEFI),)
+bootlib_DATA = $(systemd_boot)
+
+$(outdir)/%.o: $(top_srcdir)/src/boot/efi/%.c $(addprefix $(top_srcdir)/,$(systemd_boot_headers))
+	@$(MKDIR_P) $(top_builddir)/src/boot/efi/
+	$(AM_V_CC)$(EFI_CC) $(efi_cppflags) $(efi_cflags) -c $< -o $@
+
+$(systemd_boot_solib): $(systemd_boot_objects)
+	$(AM_V_CCLD)$(LD) $(efi_ldflags) $(systemd_boot_objects) \
+		-o $@ -lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name); \
+	nm -D -u $@ | grep ' U ' && exit 1 || :
+
+$(systemd_boot): $(systemd_boot_solib)
+	$(AM_V_GEN)$(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic \
+	  -j .dynsym -j .rel -j .rela -j .reloc $(EFI_FORMAT) $< $@
+endif # HAVE_GNUEFI
+endif # ENABLE_EFI
+
+CLEANFILES += $(systemd_boot_objects) $(systemd_boot_solib) $(systemd_boot)
+
+# ------------------------------------------------------------------------------
+stub_headers = \
+	src/boot/efi/util.h \
+	src/boot/efi/pefile.h \
+	src/boot/efi/disk.h \
+	src/boot/efi/graphics.h \
+	src/boot/efi/splash.h \
+	src/boot/efi/measure.h \
+	src/boot/efi/linux.h
+
+stub_sources = \
+	src/boot/efi/util.c \
+	src/boot/efi/pefile.c \
+	src/boot/efi/disk.c \
+	src/boot/efi/graphics.c \
+	src/boot/efi/splash.c \
+	src/boot/efi/linux.c \
+	src/boot/efi/measure.c \
+	src/boot/efi/stub.c
+
+EXTRA_DIST += \
+	$(stub_sources) \
+	$(stub_headers) \
+	test/splash.bmp
+
+stub_objects = $(addprefix $(top_builddir)/,$(stub_sources:.c=.o))
+stub_solib = $(top_builddir)/src/boot/efi/stub.so
+stub = linux$(EFI_MACHINE_TYPE_NAME).efi.stub
+
+ifneq ($(ENABLE_EFI),)
+ifneq ($(HAVE_GNUEFI),)
+bootlib_DATA += $(stub)
+
+$(outdir)/%.o: $(top_srcdir)/src/boot/efi/%.c $(addprefix $(top_srcdir)/,$(stub_headers))
+	@$(MKDIR_P) $(top_builddir)/src/boot/efi/
+	$(AM_V_CC)$(EFI_CC) $(efi_cppflags) $(efi_cflags) -c $< -o $@
+
+$(stub_solib): $(stub_objects)
+	$(AM_V_CCLD)$(LD) $(efi_ldflags) $(stub_objects) \
+		-o $@ -lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name); \
+	nm -D -u $@ | grep ' U ' && exit 1 || :
+
+$(stub): $(stub_solib)
+	$(AM_V_GEN)$(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic \
+	  -j .dynsym -j .rel -j .rela -j .reloc $(EFI_FORMAT) $< $@
+endif # HAVE_GNUEFI
+endif # ENABLE_EFI
+
+CLEANFILES += $(stub_objects) $(stub_solib) $(stub)
+
+
+# ------------------------------------------------------------------------------
+CLEANFILES += test-efi-disk.img
+
+test-efi-disk.img: $(systemd_boot) $(stub) test/test-efi-create-disk.sh
+	$(AM_V_GEN)test/test-efi-create-disk.sh
+
+test-efi: test-efi-disk.img
+	$(QEMU) -machine accel=kvm -m 1024 -bios $(QEMU_BIOS) -snapshot test-efi-disk.img
+
+EXTRA_DIST += test/test-efi-create-disk.sh
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/boot/efi/boot.c b/src/grp-boot/systemd-boot/boot.c
index 30c1ead1aa..30c1ead1aa 100644
--- a/src/boot/efi/boot.c
+++ b/src/grp-boot/systemd-boot/boot.c
diff --git a/src/boot/efi/console.c b/src/grp-boot/systemd-boot/console.c
index c436f8b476..c436f8b476 100644
--- a/src/boot/efi/console.c
+++ b/src/grp-boot/systemd-boot/console.c
diff --git a/src/boot/efi/console.h b/src/grp-boot/systemd-boot/console.h
index 3fe0ce5ec4..3fe0ce5ec4 100644
--- a/src/boot/efi/console.h
+++ b/src/grp-boot/systemd-boot/console.h
diff --git a/src/boot/efi/disk.c b/src/grp-boot/systemd-boot/disk.c
index 3e3b5b224a..3e3b5b224a 100644
--- a/src/boot/efi/disk.c
+++ b/src/grp-boot/systemd-boot/disk.c
diff --git a/src/boot/efi/disk.h b/src/grp-boot/systemd-boot/disk.h
index af91a9c674..af91a9c674 100644
--- a/src/boot/efi/disk.h
+++ b/src/grp-boot/systemd-boot/disk.h
diff --git a/src/boot/efi/graphics.c b/src/grp-boot/systemd-boot/graphics.c
index 4854baf874..4854baf874 100644
--- a/src/boot/efi/graphics.c
+++ b/src/grp-boot/systemd-boot/graphics.c
diff --git a/src/boot/efi/graphics.h b/src/grp-boot/systemd-boot/graphics.h
index cf48e647e7..cf48e647e7 100644
--- a/src/boot/efi/graphics.h
+++ b/src/grp-boot/systemd-boot/graphics.h
diff --git a/src/boot/efi/linux.c b/src/grp-boot/systemd-boot/linux.c
index 0dc99a6c53..0dc99a6c53 100644
--- a/src/boot/efi/linux.c
+++ b/src/grp-boot/systemd-boot/linux.c
diff --git a/src/boot/efi/linux.h b/src/grp-boot/systemd-boot/linux.h
index d9e6ed7955..d9e6ed7955 100644
--- a/src/boot/efi/linux.h
+++ b/src/grp-boot/systemd-boot/linux.h
diff --git a/src/boot/efi/measure.c b/src/grp-boot/systemd-boot/measure.c
index 7c016387c1..7c016387c1 100644
--- a/src/boot/efi/measure.c
+++ b/src/grp-boot/systemd-boot/measure.c
diff --git a/src/boot/efi/measure.h b/src/grp-boot/systemd-boot/measure.h
index a2cfe817d0..a2cfe817d0 100644
--- a/src/boot/efi/measure.h
+++ b/src/grp-boot/systemd-boot/measure.h
diff --git a/src/boot/efi/pefile.c b/src/grp-boot/systemd-boot/pefile.c
index 77fff77b69..77fff77b69 100644
--- a/src/boot/efi/pefile.c
+++ b/src/grp-boot/systemd-boot/pefile.c
diff --git a/src/boot/efi/pefile.h b/src/grp-boot/systemd-boot/pefile.h
index 2e445ede17..2e445ede17 100644
--- a/src/boot/efi/pefile.h
+++ b/src/grp-boot/systemd-boot/pefile.h
diff --git a/src/boot/efi/splash.c b/src/grp-boot/systemd-boot/splash.c
index c0ef7f64fe..c0ef7f64fe 100644
--- a/src/boot/efi/splash.c
+++ b/src/grp-boot/systemd-boot/splash.c
diff --git a/src/boot/efi/splash.h b/src/grp-boot/systemd-boot/splash.h
index 09b543fb47..09b543fb47 100644
--- a/src/boot/efi/splash.h
+++ b/src/grp-boot/systemd-boot/splash.h
diff --git a/src/boot/efi/stub.c b/src/grp-boot/systemd-boot/stub.c
index 1e250f34f4..1e250f34f4 100644
--- a/src/boot/efi/stub.c
+++ b/src/grp-boot/systemd-boot/stub.c
diff --git a/src/grp-boot/systemd-boot/test-efi-create-disk.sh b/src/grp-boot/systemd-boot/test-efi-create-disk.sh
new file mode 100755
index 0000000000..56dd09abd7
--- /dev/null
+++ b/src/grp-boot/systemd-boot/test-efi-create-disk.sh
@@ -0,0 +1,42 @@
+#!/bin/bash -e
+
+# create GPT table with EFI System Partition
+rm -f test-efi-disk.img
+dd if=/dev/null of=test-efi-disk.img bs=1M seek=512 count=1
+parted --script test-efi-disk.img "mklabel gpt" "mkpart ESP fat32 1MiB 511MiB" "set 1 boot on"
+
+# create FAT32 file system
+LOOP=$(losetup --show -f -P test-efi-disk.img)
+mkfs.vfat -F32 ${LOOP}p1
+mkdir -p mnt
+mount ${LOOP}p1 mnt
+
+mkdir -p mnt/EFI/{Boot,systemd}
+cp systemd-bootx64.efi mnt/EFI/Boot/bootx64.efi
+
+[ -e /boot/shellx64.efi ] && cp /boot/shellx64.efi mnt/
+
+mkdir mnt/EFI/Linux
+echo -n "foo=yes bar=no root=/dev/fakeroot debug rd.break=initqueue" > mnt/cmdline.txt
+objcopy \
+  --add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
+  --add-section .cmdline=mnt/cmdline.txt --change-section-vma .cmdline=0x30000 \
+  --add-section .splash=test/splash.bmp --change-section-vma .splash=0x40000 \
+  --add-section .linux=/boot/$(cat /etc/machine-id)/$(uname -r)/linux --change-section-vma .linux=0x2000000 \
+  --add-section .initrd=/boot/$(cat /etc/machine-id)/$(uname -r)/initrd --change-section-vma .initrd=0x3000000 \
+  linuxx64.efi.stub mnt/EFI/Linux/linux-test.efi
+
+# install entries
+mkdir -p mnt/loader/entries
+echo -e "timeout 3\n" > mnt/loader/loader.conf
+echo -e "title Test\nefi /test\n" > mnt/loader/entries/test.conf
+echo -e "title Test2\nlinux /test2\noptions option=yes word number=1000 more\n" > mnt/loader/entries/test2.conf
+echo -e "title Test3\nlinux /test3\n" > mnt/loader/entries/test3.conf
+echo -e "title Test4\nlinux /test4\n" > mnt/loader/entries/test4.conf
+echo -e "title Test5\nefi /test5\n" > mnt/loader/entries/test5.conf
+echo -e "title Test6\nlinux /test6\n" > mnt/loader/entries/test6.conf
+
+sync
+umount mnt
+rmdir mnt
+losetup -d $LOOP
diff --git a/src/boot/efi/util.c b/src/grp-boot/systemd-boot/util.c
index 98c5be74ce..98c5be74ce 100644
--- a/src/boot/efi/util.c
+++ b/src/grp-boot/systemd-boot/util.c
diff --git a/src/boot/efi/util.h b/src/grp-boot/systemd-boot/util.h
index e673cdf9a0..e673cdf9a0 100644
--- a/src/boot/efi/util.h
+++ b/src/grp-boot/systemd-boot/util.h
diff --git a/src/grp-coredump/Makefile b/src/grp-coredump/Makefile
new file mode 100644
index 0000000000..2e604d7b86
--- /dev/null
+++ b/src/grp-coredump/Makefile
@@ -0,0 +1,28 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += coredumpctl systemd-coredump
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-coredump/coredumpctl/Makefile b/src/grp-coredump/coredumpctl/Makefile
new file mode 100644
index 0000000000..47a4397fa4
--- /dev/null
+++ b/src/grp-coredump/coredumpctl/Makefile
@@ -0,0 +1,41 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+coredumpctl_SOURCES = \
+	src/coredump/coredumpctl.c
+
+coredumpctl_LDADD = \
+	libshared.la
+
+bin_PROGRAMS += \
+	coredumpctl
+
+dist_bashcompletion_data += \
+	shell-completion/bash/coredumpctl
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_coredumpctl
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-coredump/coredumpctl/coredumpctl.c b/src/grp-coredump/coredumpctl/coredumpctl.c
new file mode 100644
index 0000000000..dc95da3613
--- /dev/null
+++ b/src/grp-coredump/coredumpctl/coredumpctl.c
@@ -0,0 +1,878 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <getopt.h>
+#include <locale.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "compress.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "journal-internal.h"
+#include "log.h"
+#include "macro.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "set.h"
+#include "sigbus.h"
+#include "signal-util.h"
+#include "string-util.h"
+#include "terminal-util.h"
+#include "user-util.h"
+#include "util.h"
+
+static enum {
+        ACTION_NONE,
+        ACTION_INFO,
+        ACTION_LIST,
+        ACTION_DUMP,
+        ACTION_GDB,
+} arg_action = ACTION_LIST;
+static const char* arg_field = NULL;
+static const char *arg_directory = NULL;
+static bool arg_no_pager = false;
+static int arg_no_legend = false;
+static int arg_one = false;
+static FILE* arg_output = NULL;
+
+static Set *new_matches(void) {
+        Set *set;
+        char *tmp;
+        int r;
+
+        set = set_new(NULL);
+        if (!set) {
+                log_oom();
+                return NULL;
+        }
+
+        tmp = strdup("MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1");
+        if (!tmp) {
+                log_oom();
+                set_free(set);
+                return NULL;
+        }
+
+        r = set_consume(set, tmp);
+        if (r < 0) {
+                log_error_errno(r, "failed to add to set: %m");
+                set_free(set);
+                return NULL;
+        }
+
+        return set;
+}
+
+static int add_match(Set *set, const char *match) {
+        _cleanup_free_ char *p = NULL;
+        char *pattern = NULL;
+        const char* prefix;
+        pid_t pid;
+        int r;
+
+        if (strchr(match, '='))
+                prefix = "";
+        else if (strchr(match, '/')) {
+                r = path_make_absolute_cwd(match, &p);
+                if (r < 0)
+                        goto fail;
+                match = p;
+                prefix = "COREDUMP_EXE=";
+        } else if (parse_pid(match, &pid) >= 0)
+                prefix = "COREDUMP_PID=";
+        else
+                prefix = "COREDUMP_COMM=";
+
+        pattern = strjoin(prefix, match, NULL);
+        if (!pattern) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        log_debug("Adding pattern: %s", pattern);
+        r = set_consume(set, pattern);
+        if (r < 0)
+                goto fail;
+
+        return 0;
+fail:
+        return log_error_errno(r, "Failed to add match: %m");
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...]\n\n"
+               "List or retrieve coredumps from the journal.\n\n"
+               "Flags:\n"
+               "  -h --help          Show this help\n"
+               "     --version       Print version string\n"
+               "     --no-pager      Do not pipe output into a pager\n"
+               "     --no-legend     Do not print the column headers.\n"
+               "  -1                 Show information about most recent entry only\n"
+               "  -F --field=FIELD   List all values a certain field takes\n"
+               "  -o --output=FILE   Write output to FILE\n\n"
+               "  -D --directory=DIR Use journal files from directory\n\n"
+
+               "Commands:\n"
+               "  list [MATCHES...]  List available coredumps (default)\n"
+               "  info [MATCHES...]  Show detailed information about one or more coredumps\n"
+               "  dump [MATCHES...]  Print first matching coredump to stdout\n"
+               "  gdb [MATCHES...]   Start gdb for the first matching coredump\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[], Set *matches) {
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_PAGER,
+                ARG_NO_LEGEND,
+        };
+
+        int r, c;
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'           },
+                { "version" ,     no_argument,       NULL, ARG_VERSION   },
+                { "no-pager",     no_argument,       NULL, ARG_NO_PAGER  },
+                { "no-legend",    no_argument,       NULL, ARG_NO_LEGEND },
+                { "output",       required_argument, NULL, 'o'           },
+                { "field",        required_argument, NULL, 'F'           },
+                { "directory",    required_argument, NULL, 'D'           },
+                {}
+        };
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "ho:F:1D:", options, NULL)) >= 0)
+                switch(c) {
+
+                case 'h':
+                        arg_action = ACTION_NONE;
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        arg_action = ACTION_NONE;
+                        return version();
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_NO_LEGEND:
+                        arg_no_legend = true;
+                        break;
+
+                case 'o':
+                        if (arg_output) {
+                                log_error("cannot set output more than once");
+                                return -EINVAL;
+                        }
+
+                        arg_output = fopen(optarg, "we");
+                        if (!arg_output)
+                                return log_error_errno(errno, "writing to '%s': %m", optarg);
+
+                        break;
+
+                case 'F':
+                        if (arg_field) {
+                                log_error("cannot use --field/-F more than once");
+                                return -EINVAL;
+                        }
+                        arg_field = optarg;
+                        break;
+
+                case '1':
+                        arg_one = true;
+                        break;
+
+                case 'D':
+                        arg_directory = optarg;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (optind < argc) {
+                const char *cmd = argv[optind++];
+                if (streq(cmd, "list"))
+                        arg_action = ACTION_LIST;
+                else if (streq(cmd, "dump"))
+                        arg_action = ACTION_DUMP;
+                else if (streq(cmd, "gdb"))
+                        arg_action = ACTION_GDB;
+                else if (streq(cmd, "info"))
+                        arg_action = ACTION_INFO;
+                else {
+                        log_error("Unknown action '%s'", cmd);
+                        return -EINVAL;
+                }
+        }
+
+        if (arg_field && arg_action != ACTION_LIST) {
+                log_error("Option --field/-F only makes sense with list");
+                return -EINVAL;
+        }
+
+        while (optind < argc) {
+                r = add_match(matches, argv[optind]);
+                if (r != 0)
+                        return r;
+                optind++;
+        }
+
+        return 0;
+}
+
+static int retrieve(const void *data,
+                    size_t len,
+                    const char *name,
+                    char **var) {
+
+        size_t ident;
+        char *v;
+
+        ident = strlen(name) + 1; /* name + "=" */
+
+        if (len < ident)
+                return 0;
+
+        if (memcmp(data, name, ident - 1) != 0)
+                return 0;
+
+        if (((const char*) data)[ident - 1] != '=')
+                return 0;
+
+        v = strndup((const char*)data + ident, len - ident);
+        if (!v)
+                return log_oom();
+
+        free(*var);
+        *var = v;
+
+        return 0;
+}
+
+static void print_field(FILE* file, sd_journal *j) {
+        _cleanup_free_ char *value = NULL;
+        const void *d;
+        size_t l;
+
+        assert(file);
+        assert(j);
+
+        assert(arg_field);
+
+        SD_JOURNAL_FOREACH_DATA(j, d, l)
+                retrieve(d, l, arg_field, &value);
+
+        if (value)
+                fprintf(file, "%s\n", value);
+}
+
+static int print_list(FILE* file, sd_journal *j, int had_legend) {
+        _cleanup_free_ char
+                *pid = NULL, *uid = NULL, *gid = NULL,
+                *sgnl = NULL, *exe = NULL, *comm = NULL, *cmdline = NULL,
+                *filename = NULL;
+        const void *d;
+        size_t l;
+        usec_t t;
+        char buf[FORMAT_TIMESTAMP_MAX];
+        int r;
+        bool present;
+
+        assert(file);
+        assert(j);
+
+        SD_JOURNAL_FOREACH_DATA(j, d, l) {
+                retrieve(d, l, "COREDUMP_PID", &pid);
+                retrieve(d, l, "COREDUMP_UID", &uid);
+                retrieve(d, l, "COREDUMP_GID", &gid);
+                retrieve(d, l, "COREDUMP_SIGNAL", &sgnl);
+                retrieve(d, l, "COREDUMP_EXE", &exe);
+                retrieve(d, l, "COREDUMP_COMM", &comm);
+                retrieve(d, l, "COREDUMP_CMDLINE", &cmdline);
+                retrieve(d, l, "COREDUMP_FILENAME", &filename);
+        }
+
+        if (!pid && !uid && !gid && !sgnl && !exe && !comm && !cmdline && !filename) {
+                log_warning("Empty coredump log entry");
+                return -EINVAL;
+        }
+
+        r = sd_journal_get_realtime_usec(j, &t);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get realtime timestamp: %m");
+
+        format_timestamp(buf, sizeof(buf), t);
+        present = filename && access(filename, F_OK) == 0;
+
+        if (!had_legend && !arg_no_legend)
+                fprintf(file, "%-*s %*s %*s %*s %*s %*s %s\n",
+                        FORMAT_TIMESTAMP_WIDTH, "TIME",
+                        6, "PID",
+                        5, "UID",
+                        5, "GID",
+                        3, "SIG",
+                        1, "PRESENT",
+                           "EXE");
+
+        fprintf(file, "%-*s %*s %*s %*s %*s %*s %s\n",
+                FORMAT_TIMESTAMP_WIDTH, buf,
+                6, strna(pid),
+                5, strna(uid),
+                5, strna(gid),
+                3, strna(sgnl),
+                1, present ? "*" : "",
+                strna(exe ?: (comm ?: cmdline)));
+
+        return 0;
+}
+
+static int print_info(FILE *file, sd_journal *j, bool need_space) {
+        _cleanup_free_ char
+                *pid = NULL, *uid = NULL, *gid = NULL,
+                *sgnl = NULL, *exe = NULL, *comm = NULL, *cmdline = NULL,
+                *unit = NULL, *user_unit = NULL, *session = NULL,
+                *boot_id = NULL, *machine_id = NULL, *hostname = NULL,
+                *slice = NULL, *cgroup = NULL, *owner_uid = NULL,
+                *message = NULL, *timestamp = NULL, *filename = NULL;
+        const void *d;
+        size_t l;
+        int r;
+
+        assert(file);
+        assert(j);
+
+        SD_JOURNAL_FOREACH_DATA(j, d, l) {
+                retrieve(d, l, "COREDUMP_PID", &pid);
+                retrieve(d, l, "COREDUMP_UID", &uid);
+                retrieve(d, l, "COREDUMP_GID", &gid);
+                retrieve(d, l, "COREDUMP_SIGNAL", &sgnl);
+                retrieve(d, l, "COREDUMP_EXE", &exe);
+                retrieve(d, l, "COREDUMP_COMM", &comm);
+                retrieve(d, l, "COREDUMP_CMDLINE", &cmdline);
+                retrieve(d, l, "COREDUMP_UNIT", &unit);
+                retrieve(d, l, "COREDUMP_USER_UNIT", &user_unit);
+                retrieve(d, l, "COREDUMP_SESSION", &session);
+                retrieve(d, l, "COREDUMP_OWNER_UID", &owner_uid);
+                retrieve(d, l, "COREDUMP_SLICE", &slice);
+                retrieve(d, l, "COREDUMP_CGROUP", &cgroup);
+                retrieve(d, l, "COREDUMP_TIMESTAMP", &timestamp);
+                retrieve(d, l, "COREDUMP_FILENAME", &filename);
+                retrieve(d, l, "_BOOT_ID", &boot_id);
+                retrieve(d, l, "_MACHINE_ID", &machine_id);
+                retrieve(d, l, "_HOSTNAME", &hostname);
+                retrieve(d, l, "MESSAGE", &message);
+        }
+
+        if (need_space)
+                fputs("\n", file);
+
+        if (comm)
+                fprintf(file,
+                        "           PID: %s%s%s (%s)\n",
+                        ansi_highlight(), strna(pid), ansi_normal(), comm);
+        else
+                fprintf(file,
+                        "           PID: %s%s%s\n",
+                        ansi_highlight(), strna(pid), ansi_normal());
+
+        if (uid) {
+                uid_t n;
+
+                if (parse_uid(uid, &n) >= 0) {
+                        _cleanup_free_ char *u = NULL;
+
+                        u = uid_to_name(n);
+                        fprintf(file,
+                                "           UID: %s (%s)\n",
+                                uid, u);
+                } else {
+                        fprintf(file,
+                                "           UID: %s\n",
+                                uid);
+                }
+        }
+
+        if (gid) {
+                gid_t n;
+
+                if (parse_gid(gid, &n) >= 0) {
+                        _cleanup_free_ char *g = NULL;
+
+                        g = gid_to_name(n);
+                        fprintf(file,
+                                "           GID: %s (%s)\n",
+                                gid, g);
+                } else {
+                        fprintf(file,
+                                "           GID: %s\n",
+                                gid);
+                }
+        }
+
+        if (sgnl) {
+                int sig;
+
+                if (safe_atoi(sgnl, &sig) >= 0)
+                        fprintf(file, "        Signal: %s (%s)\n", sgnl, signal_to_string(sig));
+                else
+                        fprintf(file, "        Signal: %s\n", sgnl);
+        }
+
+        if (timestamp) {
+                usec_t u;
+
+                r = safe_atou64(timestamp, &u);
+                if (r >= 0) {
+                        char absolute[FORMAT_TIMESTAMP_MAX], relative[FORMAT_TIMESPAN_MAX];
+
+                        fprintf(file,
+                                "     Timestamp: %s (%s)\n",
+                                format_timestamp(absolute, sizeof(absolute), u),
+                                format_timestamp_relative(relative, sizeof(relative), u));
+
+                } else
+                        fprintf(file, "     Timestamp: %s\n", timestamp);
+        }
+
+        if (cmdline)
+                fprintf(file, "  Command Line: %s\n", cmdline);
+        if (exe)
+                fprintf(file, "    Executable: %s%s%s\n", ansi_highlight(), exe, ansi_normal());
+        if (cgroup)
+                fprintf(file, " Control Group: %s\n", cgroup);
+        if (unit)
+                fprintf(file, "          Unit: %s\n", unit);
+        if (user_unit)
+                fprintf(file, "     User Unit: %s\n", unit);
+        if (slice)
+                fprintf(file, "         Slice: %s\n", slice);
+        if (session)
+                fprintf(file, "       Session: %s\n", session);
+        if (owner_uid) {
+                uid_t n;
+
+                if (parse_uid(owner_uid, &n) >= 0) {
+                        _cleanup_free_ char *u = NULL;
+
+                        u = uid_to_name(n);
+                        fprintf(file,
+                                "     Owner UID: %s (%s)\n",
+                                owner_uid, u);
+                } else {
+                        fprintf(file,
+                                "     Owner UID: %s\n",
+                                owner_uid);
+                }
+        }
+        if (boot_id)
+                fprintf(file, "       Boot ID: %s\n", boot_id);
+        if (machine_id)
+                fprintf(file, "    Machine ID: %s\n", machine_id);
+        if (hostname)
+                fprintf(file, "      Hostname: %s\n", hostname);
+
+        if (filename && access(filename, F_OK) == 0)
+                fprintf(file, "      Coredump: %s\n", filename);
+
+        if (message) {
+                _cleanup_free_ char *m = NULL;
+
+                m = strreplace(message, "\n", "\n                ");
+
+                fprintf(file, "       Message: %s\n", strstrip(m ?: message));
+        }
+
+        return 0;
+}
+
+static int focus(sd_journal *j) {
+        int r;
+
+        r = sd_journal_seek_tail(j);
+        if (r == 0)
+                r = sd_journal_previous(j);
+        if (r < 0)
+                return log_error_errno(r, "Failed to search journal: %m");
+        if (r == 0) {
+                log_error("No match found.");
+                return -ESRCH;
+        }
+        return r;
+}
+
+static void print_entry(sd_journal *j, unsigned n_found) {
+        assert(j);
+
+        if (arg_action == ACTION_INFO)
+                print_info(stdout, j, n_found);
+        else if (arg_field)
+                print_field(stdout, j);
+        else
+                print_list(stdout, j, n_found);
+}
+
+static int dump_list(sd_journal *j) {
+        unsigned n_found = 0;
+        int r;
+
+        assert(j);
+
+        /* The coredumps are likely to compressed, and for just
+         * listing them we don't need to decompress them, so let's
+         * pick a fairly low data threshold here */
+        sd_journal_set_data_threshold(j, 4096);
+
+        if (arg_one) {
+                r = focus(j);
+                if (r < 0)
+                        return r;
+
+                print_entry(j, 0);
+        } else {
+                SD_JOURNAL_FOREACH(j)
+                        print_entry(j, n_found++);
+
+                if (!arg_field && n_found <= 0) {
+                        log_notice("No coredumps found.");
+                        return -ESRCH;
+                }
+        }
+
+        return 0;
+}
+
+static int save_core(sd_journal *j, int fd, char **path, bool *unlink_temp) {
+        const char *data;
+        _cleanup_free_ char *filename = NULL;
+        size_t len;
+        int r;
+
+        assert((fd >= 0) != !!path);
+        assert(!!path == !!unlink_temp);
+
+        /* Prefer uncompressed file to journal (probably cached) to
+         * compressed file (probably uncached). */
+        r = sd_journal_get_data(j, "COREDUMP_FILENAME", (const void**) &data, &len);
+        if (r < 0 && r != -ENOENT)
+                log_warning_errno(r, "Failed to retrieve COREDUMP_FILENAME: %m");
+        else if (r == 0)
+                retrieve(data, len, "COREDUMP_FILENAME", &filename);
+
+        if (filename && access(filename, R_OK) < 0) {
+                log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
+                         "File %s is not readable: %m", filename);
+                filename = mfree(filename);
+        }
+
+        if (filename && !endswith(filename, ".xz") && !endswith(filename, ".lz4")) {
+                if (path) {
+                        *path = filename;
+                        filename = NULL;
+                }
+
+                return 0;
+        } else {
+                _cleanup_close_ int fdt = -1;
+                char *temp = NULL;
+
+                if (fd < 0) {
+                        temp = strdup("/var/tmp/coredump-XXXXXX");
+                        if (!temp)
+                                return log_oom();
+
+                        fdt = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
+                        if (fdt < 0)
+                                return log_error_errno(fdt, "Failed to create temporary file: %m");
+                        log_debug("Created temporary file %s", temp);
+
+                        fd = fdt;
+                }
+
+                r = sd_journal_get_data(j, "COREDUMP", (const void**) &data, &len);
+                if (r == 0) {
+                        ssize_t sz;
+
+                        assert(len >= 9);
+                        data += 9;
+                        len -= 9;
+
+                        sz = write(fdt, data, len);
+                        if (sz < 0) {
+                                r = log_error_errno(errno,
+                                                    "Failed to write temporary file: %m");
+                                goto error;
+                        }
+                        if (sz != (ssize_t) len) {
+                                log_error("Short write to temporary file.");
+                                r = -EIO;
+                                goto error;
+                        }
+                } else if (filename) {
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+                        _cleanup_close_ int fdf;
+
+                        fdf = open(filename, O_RDONLY | O_CLOEXEC);
+                        if (fdf < 0) {
+                                r = log_error_errno(errno,
+                                                    "Failed to open %s: %m",
+                                                    filename);
+                                goto error;
+                        }
+
+                        r = decompress_stream(filename, fdf, fd, -1);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to decompress %s: %m", filename);
+                                goto error;
+                        }
+#else
+                        log_error("Cannot decompress file. Compiled without compression support.");
+                        r = -EOPNOTSUPP;
+                        goto error;
+#endif
+                } else {
+                        if (r == -ENOENT)
+                                log_error("Cannot retrieve coredump from journal or disk.");
+                        else
+                                log_error_errno(r, "Failed to retrieve COREDUMP field: %m");
+                        goto error;
+                }
+
+                if (temp) {
+                        *path = temp;
+                        *unlink_temp = true;
+                }
+
+                return 0;
+
+error:
+                if (temp) {
+                        unlink(temp);
+                        log_debug("Removed temporary file %s", temp);
+                }
+                return r;
+        }
+}
+
+static int dump_core(sd_journal* j) {
+        int r;
+
+        assert(j);
+
+        r = focus(j);
+        if (r < 0)
+                return r;
+
+        print_info(arg_output ? stdout : stderr, j, false);
+
+        if (on_tty() && !arg_output) {
+                log_error("Refusing to dump core to tty.");
+                return -ENOTTY;
+        }
+
+        r = save_core(j, arg_output ? fileno(arg_output) : STDOUT_FILENO, NULL, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Coredump retrieval failed: %m");
+
+        r = sd_journal_previous(j);
+        if (r >= 0)
+                log_warning("More than one entry matches, ignoring rest.");
+
+        return 0;
+}
+
+static int run_gdb(sd_journal *j) {
+        _cleanup_free_ char *exe = NULL, *path = NULL;
+        bool unlink_path = false;
+        const char *data;
+        siginfo_t st;
+        size_t len;
+        pid_t pid;
+        int r;
+
+        assert(j);
+
+        r = focus(j);
+        if (r < 0)
+                return r;
+
+        print_info(stdout, j, false);
+        fputs("\n", stdout);
+
+        r = sd_journal_get_data(j, "COREDUMP_EXE", (const void**) &data, &len);
+        if (r < 0)
+                return log_error_errno(r, "Failed to retrieve COREDUMP_EXE field: %m");
+
+        assert(len > strlen("COREDUMP_EXE="));
+        data += strlen("COREDUMP_EXE=");
+        len -= strlen("COREDUMP_EXE=");
+
+        exe = strndup(data, len);
+        if (!exe)
+                return log_oom();
+
+        if (endswith(exe, " (deleted)")) {
+                log_error("Binary already deleted.");
+                return -ENOENT;
+        }
+
+        if (!path_is_absolute(exe)) {
+                log_error("Binary is not an absolute path.");
+                return -ENOENT;
+        }
+
+        r = save_core(j, -1, &path, &unlink_path);
+        if (r < 0)
+                return log_error_errno(r, "Failed to retrieve core: %m");
+
+        pid = fork();
+        if (pid < 0) {
+                r = log_error_errno(errno, "Failed to fork(): %m");
+                goto finish;
+        }
+        if (pid == 0) {
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+
+                execlp("gdb", "gdb", exe, path, NULL);
+
+                log_error_errno(errno, "Failed to invoke gdb: %m");
+                _exit(1);
+        }
+
+        r = wait_for_terminate(pid, &st);
+        if (r < 0) {
+                log_error_errno(r, "Failed to wait for gdb: %m");
+                goto finish;
+        }
+
+        r = st.si_code == CLD_EXITED ? st.si_status : 255;
+
+finish:
+        if (unlink_path) {
+                log_debug("Removed temporary file %s", path);
+                unlink(path);
+        }
+
+        return r;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_journal_closep) sd_journal*j = NULL;
+        const char* match;
+        Iterator it;
+        int r = 0;
+        _cleanup_set_free_free_ Set *matches = NULL;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        matches = new_matches();
+        if (!matches) {
+                r = -ENOMEM;
+                goto end;
+        }
+
+        r = parse_argv(argc, argv, matches);
+        if (r < 0)
+                goto end;
+
+        if (arg_action == ACTION_NONE)
+                goto end;
+
+        sigbus_install();
+
+        if (arg_directory) {
+                r = sd_journal_open_directory(&j, arg_directory, 0);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to open journals in directory: %s: %m", arg_directory);
+                        goto end;
+                }
+        } else {
+                r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to open journal: %m");
+                        goto end;
+                }
+        }
+
+        /* We want full data, nothing truncated. */
+        sd_journal_set_data_threshold(j, 0);
+
+        SET_FOREACH(match, matches, it) {
+                r = sd_journal_add_match(j, match, strlen(match));
+                if (r != 0) {
+                        log_error_errno(r, "Failed to add match '%s': %m",
+                                        match);
+                        goto end;
+                }
+        }
+
+        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
+                _cleanup_free_ char *filter;
+
+                filter = journal_make_match_string(j);
+                log_debug("Journal filter: %s", filter);
+        }
+
+        switch(arg_action) {
+
+        case ACTION_LIST:
+        case ACTION_INFO:
+                pager_open(arg_no_pager, false);
+                r = dump_list(j);
+                break;
+
+        case ACTION_DUMP:
+                r = dump_core(j);
+                break;
+
+        case  ACTION_GDB:
+                r = run_gdb(j);
+                break;
+
+        default:
+                assert_not_reached("Shouldn't be here");
+        }
+
+end:
+        pager_close();
+
+        if (arg_output)
+                fclose(arg_output);
+
+        return r >= 0 ? r : EXIT_FAILURE;
+}
diff --git a/src/grp-coredump/systemd-coredump/Makefile b/src/grp-coredump/systemd-coredump/Makefile
new file mode 100644
index 0000000000..bc71db120e
--- /dev/null
+++ b/src/grp-coredump/systemd-coredump/Makefile
@@ -0,0 +1,81 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_COREDUMP),)
+systemd_coredump_SOURCES = \
+	src/coredump/coredump.c \
+	src/coredump/coredump-vacuum.c \
+	src/coredump/coredump-vacuum.h
+
+systemd_coredump_LDADD = \
+	libshared.la
+
+ifneq ($(HAVE_ELFUTILS),)
+systemd_coredump_SOURCES += \
+	src/coredump/stacktrace.c \
+	src/coredump/stacktrace.h
+
+systemd_coredump_LDADD += \
+	$(ELFUTILS_LIBS)
+endif # HAVE_ELFUTILS
+
+nodist_systemunit_DATA += \
+	units/systemd-coredump@.service
+
+dist_systemunit_DATA += \
+	units/systemd-coredump.socket
+
+SOCKETS_TARGET_WANTS += \
+	systemd-coredump.socket
+
+rootlibexec_PROGRAMS += \
+	systemd-coredump
+
+dist_pkgsysconf_DATA += \
+	src/coredump/coredump.conf
+
+manual_tests += \
+	test-coredump-vacuum
+
+test_coredump_vacuum_SOURCES = \
+	src/coredump/test-coredump-vacuum.c  \
+	src/coredump/coredump-vacuum.c \
+	src/coredump/coredump-vacuum.h
+
+test_coredump_vacuum_LDADD = \
+	libshared.la
+
+nodist_sysctl_DATA = \
+	sysctl.d/50-coredump.conf
+
+CLEANFILES += \
+	sysctl.d/50-coredump.conf
+endif # ENABLE_COREDUMP
+
+EXTRA_DIST += \
+	sysctl.d/50-coredump.conf.in \
+	units/systemd-coredump@.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/coredump/coredump-vacuum.c b/src/grp-coredump/systemd-coredump/coredump-vacuum.c
index f02b6dbd87..f02b6dbd87 100644
--- a/src/coredump/coredump-vacuum.c
+++ b/src/grp-coredump/systemd-coredump/coredump-vacuum.c
diff --git a/src/coredump/coredump-vacuum.h b/src/grp-coredump/systemd-coredump/coredump-vacuum.h
index 4b7b9f2d98..4b7b9f2d98 100644
--- a/src/coredump/coredump-vacuum.h
+++ b/src/grp-coredump/systemd-coredump/coredump-vacuum.h
diff --git a/src/grp-coredump/systemd-coredump/coredump.c b/src/grp-coredump/systemd-coredump/coredump.c
new file mode 100644
index 0000000000..bf0e0a038b
--- /dev/null
+++ b/src/grp-coredump/systemd-coredump/coredump.c
@@ -0,0 +1,1149 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <stdio.h>
+#include <sys/prctl.h>
+#include <sys/xattr.h>
+#include <unistd.h>
+
+#ifdef HAVE_ELFUTILS
+#include <dwarf.h>
+#include <elfutils/libdwfl.h>
+#endif
+
+#include <systemd/sd-journal.h>
+#include <systemd/sd-login.h>
+#include <systemd/sd-daemon.h>
+
+#include "acl-util.h"
+#include "alloc-util.h"
+#include "capability-util.h"
+#include "cgroup-util.h"
+#include "compress.h"
+#include "conf-parser.h"
+#include "copy.h"
+#include "coredump-vacuum.h"
+#include "dirent-util.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "io-util.h"
+#include "journald-native.h"
+#include "log.h"
+#include "macro.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "socket-util.h"
+#include "special.h"
+#include "stacktrace.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "user-util.h"
+#include "util.h"
+
+/* The maximum size up to which we process coredumps */
+#define PROCESS_SIZE_MAX ((uint64_t) (2LLU*1024LLU*1024LLU*1024LLU))
+
+/* The maximum size up to which we leave the coredump around on disk */
+#define EXTERNAL_SIZE_MAX PROCESS_SIZE_MAX
+
+/* The maximum size up to which we store the coredump in the journal */
+#define JOURNAL_SIZE_MAX ((size_t) (767LU*1024LU*1024LU))
+
+/* Make sure to not make this larger than the maximum journal entry
+ * size. See DATA_SIZE_MAX in journald-native.c. */
+assert_cc(JOURNAL_SIZE_MAX <= DATA_SIZE_MAX);
+
+enum {
+        /* We use this as array indexes for a couple of special fields we use for naming coredumping files, and
+         * attaching xattrs */
+        CONTEXT_PID,
+        CONTEXT_UID,
+        CONTEXT_GID,
+        CONTEXT_SIGNAL,
+        CONTEXT_TIMESTAMP,
+        CONTEXT_RLIMIT,
+        CONTEXT_COMM,
+        CONTEXT_EXE,
+        _CONTEXT_MAX
+};
+
+typedef enum CoredumpStorage {
+        COREDUMP_STORAGE_NONE,
+        COREDUMP_STORAGE_EXTERNAL,
+        COREDUMP_STORAGE_JOURNAL,
+        COREDUMP_STORAGE_BOTH,
+        _COREDUMP_STORAGE_MAX,
+        _COREDUMP_STORAGE_INVALID = -1
+} CoredumpStorage;
+
+static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = {
+        [COREDUMP_STORAGE_NONE] = "none",
+        [COREDUMP_STORAGE_EXTERNAL] = "external",
+        [COREDUMP_STORAGE_JOURNAL] = "journal",
+        [COREDUMP_STORAGE_BOTH] = "both",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage);
+static DEFINE_CONFIG_PARSE_ENUM(config_parse_coredump_storage, coredump_storage, CoredumpStorage, "Failed to parse storage setting");
+
+static CoredumpStorage arg_storage = COREDUMP_STORAGE_EXTERNAL;
+static bool arg_compress = true;
+static uint64_t arg_process_size_max = PROCESS_SIZE_MAX;
+static uint64_t arg_external_size_max = EXTERNAL_SIZE_MAX;
+static size_t arg_journal_size_max = JOURNAL_SIZE_MAX;
+static uint64_t arg_keep_free = (uint64_t) -1;
+static uint64_t arg_max_use = (uint64_t) -1;
+
+static int parse_config(void) {
+        static const ConfigTableItem items[] = {
+                { "Coredump", "Storage",          config_parse_coredump_storage,  0, &arg_storage           },
+                { "Coredump", "Compress",         config_parse_bool,              0, &arg_compress          },
+                { "Coredump", "ProcessSizeMax",   config_parse_iec_uint64,        0, &arg_process_size_max  },
+                { "Coredump", "ExternalSizeMax",  config_parse_iec_uint64,        0, &arg_external_size_max },
+                { "Coredump", "JournalSizeMax",   config_parse_iec_size,          0, &arg_journal_size_max  },
+                { "Coredump", "KeepFree",         config_parse_iec_uint64,        0, &arg_keep_free         },
+                { "Coredump", "MaxUse",           config_parse_iec_uint64,        0, &arg_max_use           },
+                {}
+        };
+
+        return config_parse_many(PKGSYSCONFDIR "/coredump.conf",
+                                 CONF_PATHS_NULSTR("systemd/coredump.conf.d"),
+                                 "Coredump\0",
+                                 config_item_table_lookup, items,
+                                 false, NULL);
+}
+
+static int fix_acl(int fd, uid_t uid) {
+
+#ifdef HAVE_ACL
+        _cleanup_(acl_freep) acl_t acl = NULL;
+        acl_entry_t entry;
+        acl_permset_t permset;
+        int r;
+
+        assert(fd >= 0);
+
+        if (uid <= SYSTEM_UID_MAX)
+                return 0;
+
+        /* Make sure normal users can read (but not write or delete)
+         * their own coredumps */
+
+        acl = acl_get_fd(fd);
+        if (!acl)
+                return log_error_errno(errno, "Failed to get ACL: %m");
+
+        if (acl_create_entry(&acl, &entry) < 0 ||
+            acl_set_tag_type(entry, ACL_USER) < 0 ||
+            acl_set_qualifier(entry, &uid) < 0) {
+                log_error_errno(errno, "Failed to patch ACL: %m");
+                return -errno;
+        }
+
+        if (acl_get_permset(entry, &permset) < 0 ||
+            acl_add_perm(permset, ACL_READ) < 0)
+                return log_warning_errno(errno, "Failed to patch ACL: %m");
+
+        r = calc_acl_mask_if_needed(&acl);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to patch ACL: %m");
+
+        if (acl_set_fd(fd, acl) < 0)
+                return log_error_errno(errno, "Failed to apply ACL: %m");
+#endif
+
+        return 0;
+}
+
+static int fix_xattr(int fd, const char *context[_CONTEXT_MAX]) {
+
+        static const char * const xattrs[_CONTEXT_MAX] = {
+                [CONTEXT_PID] = "user.coredump.pid",
+                [CONTEXT_UID] = "user.coredump.uid",
+                [CONTEXT_GID] = "user.coredump.gid",
+                [CONTEXT_SIGNAL] = "user.coredump.signal",
+                [CONTEXT_TIMESTAMP] = "user.coredump.timestamp",
+                [CONTEXT_COMM] = "user.coredump.comm",
+                [CONTEXT_EXE] = "user.coredump.exe",
+        };
+
+        int r = 0;
+        unsigned i;
+
+        assert(fd >= 0);
+
+        /* Attach some metadata to coredumps via extended
+         * attributes. Just because we can. */
+
+        for (i = 0; i < _CONTEXT_MAX; i++) {
+                int k;
+
+                if (isempty(context[i]) || !xattrs[i])
+                        continue;
+
+                k = fsetxattr(fd, xattrs[i], context[i], strlen(context[i]), XATTR_CREATE);
+                if (k < 0 && r == 0)
+                        r = -errno;
+        }
+
+        return r;
+}
+
+#define filename_escape(s) xescape((s), "./ ")
+
+static inline const char *coredump_tmpfile_name(const char *s) {
+        return s ? s : "(unnamed temporary file)";
+}
+
+static int fix_permissions(
+                int fd,
+                const char *filename,
+                const char *target,
+                const char *context[_CONTEXT_MAX],
+                uid_t uid) {
+
+        int r;
+
+        assert(fd >= 0);
+        assert(target);
+        assert(context);
+
+        /* Ignore errors on these */
+        (void) fchmod(fd, 0640);
+        (void) fix_acl(fd, uid);
+        (void) fix_xattr(fd, context);
+
+        if (fsync(fd) < 0)
+                return log_error_errno(errno, "Failed to sync coredump %s: %m", coredump_tmpfile_name(filename));
+
+        r = link_tmpfile(fd, filename, target);
+        if (r < 0)
+                return log_error_errno(r, "Failed to move coredump %s into place: %m", target);
+
+        return 0;
+}
+
+static int maybe_remove_external_coredump(const char *filename, uint64_t size) {
+
+        /* Returns 1 if might remove, 0 if will not remove, < 0 on error. */
+
+        if (IN_SET(arg_storage, COREDUMP_STORAGE_EXTERNAL, COREDUMP_STORAGE_BOTH) &&
+            size <= arg_external_size_max)
+                return 0;
+
+        if (!filename)
+                return 1;
+
+        if (unlink(filename) < 0 && errno != ENOENT)
+                return log_error_errno(errno, "Failed to unlink %s: %m", filename);
+
+        return 1;
+}
+
+static int make_filename(const char *context[_CONTEXT_MAX], char **ret) {
+        _cleanup_free_ char *c = NULL, *u = NULL, *p = NULL, *t = NULL;
+        sd_id128_t boot = {};
+        int r;
+
+        assert(context);
+
+        c = filename_escape(context[CONTEXT_COMM]);
+        if (!c)
+                return -ENOMEM;
+
+        u = filename_escape(context[CONTEXT_UID]);
+        if (!u)
+                return -ENOMEM;
+
+        r = sd_id128_get_boot(&boot);
+        if (r < 0)
+                return r;
+
+        p = filename_escape(context[CONTEXT_PID]);
+        if (!p)
+                return -ENOMEM;
+
+        t = filename_escape(context[CONTEXT_TIMESTAMP]);
+        if (!t)
+                return -ENOMEM;
+
+        if (asprintf(ret,
+                     "/var/lib/systemd/coredump/core.%s.%s." SD_ID128_FORMAT_STR ".%s.%s000000",
+                     c,
+                     u,
+                     SD_ID128_FORMAT_VAL(boot),
+                     p,
+                     t) < 0)
+                return -ENOMEM;
+
+        return 0;
+}
+
+static int save_external_coredump(
+                const char *context[_CONTEXT_MAX],
+                int input_fd,
+                char **ret_filename,
+                int *ret_node_fd,
+                int *ret_data_fd,
+                uint64_t *ret_size) {
+
+        _cleanup_free_ char *fn = NULL, *tmp = NULL;
+        _cleanup_close_ int fd = -1;
+        uint64_t rlimit, max_size;
+        struct stat st;
+        uid_t uid;
+        int r;
+
+        assert(context);
+        assert(ret_filename);
+        assert(ret_node_fd);
+        assert(ret_data_fd);
+        assert(ret_size);
+
+        r = parse_uid(context[CONTEXT_UID], &uid);
+        if (r < 0)
+                return log_error_errno(r, "Failed to parse UID: %m");
+
+        r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit);
+        if (r < 0)
+                return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]);
+        if (rlimit <= 0) {
+                /* Is coredumping disabled? Then don't bother saving/processing the coredump */
+                log_info("Core Dumping has been disabled for process %s (%s).", context[CONTEXT_PID], context[CONTEXT_COMM]);
+                return -EBADSLT;
+        }
+
+        /* Never store more than the process configured, or than we actually shall keep or process */
+        max_size = MIN(rlimit, MAX(arg_process_size_max, arg_external_size_max));
+
+        r = make_filename(context, &fn);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine coredump file name: %m");
+
+        mkdir_p_label("/var/lib/systemd/coredump", 0755);
+
+        fd = open_tmpfile_linkable(fn, O_RDWR|O_CLOEXEC, &tmp);
+        if (fd < 0)
+                return log_error_errno(fd, "Failed to create temporary file for coredump %s: %m", fn);
+
+        r = copy_bytes(input_fd, fd, max_size, false);
+        if (r == -EFBIG) {
+                log_error("Coredump of %s (%s) is larger than configured processing limit, refusing.", context[CONTEXT_PID], context[CONTEXT_COMM]);
+                goto fail;
+        } else if (IN_SET(r, -EDQUOT, -ENOSPC)) {
+                log_error("Not enough disk space for coredump of %s (%s), refusing.", context[CONTEXT_PID], context[CONTEXT_COMM]);
+                goto fail;
+        } else if (r < 0) {
+                log_error_errno(r, "Failed to dump coredump to file: %m");
+                goto fail;
+        }
+
+        if (fstat(fd, &st) < 0) {
+                log_error_errno(errno, "Failed to fstat coredump %s: %m", coredump_tmpfile_name(tmp));
+                goto fail;
+        }
+
+        if (lseek(fd, 0, SEEK_SET) == (off_t) -1) {
+                log_error_errno(errno, "Failed to seek on %s: %m", coredump_tmpfile_name(tmp));
+                goto fail;
+        }
+
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+        /* If we will remove the coredump anyway, do not compress. */
+        if (maybe_remove_external_coredump(NULL, st.st_size) == 0
+            && arg_compress) {
+
+                _cleanup_free_ char *fn_compressed = NULL, *tmp_compressed = NULL;
+                _cleanup_close_ int fd_compressed = -1;
+
+                fn_compressed = strappend(fn, COMPRESSED_EXT);
+                if (!fn_compressed) {
+                        log_oom();
+                        goto uncompressed;
+                }
+
+                fd_compressed = open_tmpfile_linkable(fn_compressed, O_RDWR|O_CLOEXEC, &tmp_compressed);
+                if (fd_compressed < 0) {
+                        log_error_errno(fd_compressed, "Failed to create temporary file for coredump %s: %m", fn_compressed);
+                        goto uncompressed;
+                }
+
+                r = compress_stream(fd, fd_compressed, -1);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to compress %s: %m", coredump_tmpfile_name(tmp_compressed));
+                        goto fail_compressed;
+                }
+
+                r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid);
+                if (r < 0)
+                        goto fail_compressed;
+
+                /* OK, this worked, we can get rid of the uncompressed version now */
+                if (tmp)
+                        unlink_noerrno(tmp);
+
+                *ret_filename = fn_compressed;     /* compressed */
+                *ret_node_fd = fd_compressed;      /* compressed */
+                *ret_data_fd = fd;                 /* uncompressed */
+                *ret_size = (uint64_t) st.st_size; /* uncompressed */
+
+                fn_compressed = NULL;
+                fd = fd_compressed = -1;
+
+                return 0;
+
+        fail_compressed:
+                if (tmp_compressed)
+                        (void) unlink(tmp_compressed);
+        }
+
+uncompressed:
+#endif
+
+        r = fix_permissions(fd, tmp, fn, context, uid);
+        if (r < 0)
+                goto fail;
+
+        *ret_filename = fn;
+        *ret_data_fd = fd;
+        *ret_node_fd = -1;
+        *ret_size = (uint64_t) st.st_size;
+
+        fn = NULL;
+        fd = -1;
+
+        return 0;
+
+fail:
+        if (tmp)
+                (void) unlink(tmp);
+        return r;
+}
+
+static int allocate_journal_field(int fd, size_t size, char **ret, size_t *ret_size) {
+        _cleanup_free_ char *field = NULL;
+        ssize_t n;
+
+        assert(fd >= 0);
+        assert(ret);
+        assert(ret_size);
+
+        if (lseek(fd, 0, SEEK_SET) == (off_t) -1)
+                return log_warning_errno(errno, "Failed to seek: %m");
+
+        field = malloc(9 + size);
+        if (!field) {
+                log_warning("Failed to allocate memory for coredump, coredump will not be stored.");
+                return -ENOMEM;
+        }
+
+        memcpy(field, "COREDUMP=", 9);
+
+        n = read(fd, field + 9, size);
+        if (n < 0)
+                return log_error_errno((int) n, "Failed to read core data: %m");
+        if ((size_t) n < size) {
+                log_error("Core data too short.");
+                return -EIO;
+        }
+
+        *ret = field;
+        *ret_size = size + 9;
+
+        field = NULL;
+
+        return 0;
+}
+
+/* Joins /proc/[pid]/fd/ and /proc/[pid]/fdinfo/ into the following lines:
+ * 0:/dev/pts/23
+ * pos:    0
+ * flags:  0100002
+ *
+ * 1:/dev/pts/23
+ * pos:    0
+ * flags:  0100002
+ *
+ * 2:/dev/pts/23
+ * pos:    0
+ * flags:  0100002
+ * EOF
+ */
+static int compose_open_fds(pid_t pid, char **open_fds) {
+        _cleanup_closedir_ DIR *proc_fd_dir = NULL;
+        _cleanup_close_ int proc_fdinfo_fd = -1;
+        _cleanup_free_ char *buffer = NULL;
+        _cleanup_fclose_ FILE *stream = NULL;
+        const char *fddelim = "", *path;
+        struct dirent *dent = NULL;
+        size_t size = 0;
+        int r = 0;
+
+        assert(pid >= 0);
+        assert(open_fds != NULL);
+
+        path = procfs_file_alloca(pid, "fd");
+        proc_fd_dir = opendir(path);
+        if (!proc_fd_dir)
+                return -errno;
+
+        proc_fdinfo_fd = openat(dirfd(proc_fd_dir), "../fdinfo", O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC|O_PATH);
+        if (proc_fdinfo_fd < 0)
+                return -errno;
+
+        stream = open_memstream(&buffer, &size);
+        if (!stream)
+                return -ENOMEM;
+
+        FOREACH_DIRENT(dent, proc_fd_dir, return -errno) {
+                _cleanup_fclose_ FILE *fdinfo = NULL;
+                _cleanup_free_ char *fdname = NULL;
+                char line[LINE_MAX];
+                int fd;
+
+                r = readlinkat_malloc(dirfd(proc_fd_dir), dent->d_name, &fdname);
+                if (r < 0)
+                        return r;
+
+                fprintf(stream, "%s%s:%s\n", fddelim, dent->d_name, fdname);
+                fddelim = "\n";
+
+                /* Use the directory entry from /proc/[pid]/fd with /proc/[pid]/fdinfo */
+                fd = openat(proc_fdinfo_fd, dent->d_name, O_NOFOLLOW|O_CLOEXEC|O_RDONLY);
+                if (fd < 0)
+                        continue;
+
+                fdinfo = fdopen(fd, "re");
+                if (fdinfo == NULL) {
+                        close(fd);
+                        continue;
+                }
+
+                FOREACH_LINE(line, fdinfo, break) {
+                        fputs(line, stream);
+                        if (!endswith(line, "\n"))
+                                fputc('\n', stream);
+                }
+        }
+
+        errno = 0;
+        stream = safe_fclose(stream);
+
+        if (errno > 0)
+                return -errno;
+
+        *open_fds = buffer;
+        buffer = NULL;
+
+        return 0;
+}
+
+static int change_uid_gid(const char *context[]) {
+        uid_t uid;
+        gid_t gid;
+        int r;
+
+        r = parse_uid(context[CONTEXT_UID], &uid);
+        if (r < 0)
+                return r;
+
+        if (uid <= SYSTEM_UID_MAX) {
+                const char *user = "systemd-coredump";
+
+                r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+                if (r < 0) {
+                        log_warning_errno(r, "Cannot resolve %s user. Proceeding to dump core as root: %m", user);
+                        uid = gid = 0;
+                }
+        } else {
+                r = parse_gid(context[CONTEXT_GID], &gid);
+                if (r < 0)
+                        return r;
+        }
+
+        return drop_privileges(uid, gid, 0);
+}
+
+static int submit_coredump(
+                const char *context[_CONTEXT_MAX],
+                struct iovec *iovec,
+                size_t n_iovec_allocated,
+                size_t n_iovec,
+                int input_fd) {
+
+        _cleanup_close_ int coredump_fd = -1, coredump_node_fd = -1;
+        _cleanup_free_ char *core_message = NULL, *filename = NULL, *coredump_data = NULL;
+        uint64_t coredump_size;
+        int r;
+
+        assert(context);
+        assert(iovec);
+        assert(n_iovec_allocated >= n_iovec + 3);
+        assert(input_fd >= 0);
+
+        /* Vacuum before we write anything again */
+        (void) coredump_vacuum(-1, arg_keep_free, arg_max_use);
+
+        /* Always stream the coredump to disk, if that's possible */
+        r = save_external_coredump(context, input_fd, &filename, &coredump_node_fd, &coredump_fd, &coredump_size);
+        if (r < 0)
+                /* Skip whole core dumping part */
+                goto log;
+
+        /* If we don't want to keep the coredump on disk, remove it now, as later on we will lack the privileges for
+         * it. However, we keep the fd to it, so that we can still process it and log it. */
+        r = maybe_remove_external_coredump(filename, coredump_size);
+        if (r < 0)
+                return r;
+        if (r == 0) {
+                const char *coredump_filename;
+
+                coredump_filename = strjoina("COREDUMP_FILENAME=", filename);
+                IOVEC_SET_STRING(iovec[n_iovec++], coredump_filename);
+        }
+
+        /* Vacuum again, but exclude the coredump we just created */
+        (void) coredump_vacuum(coredump_node_fd >= 0 ? coredump_node_fd : coredump_fd, arg_keep_free, arg_max_use);
+
+        /* Now, let's drop privileges to become the user who owns the segfaulted process and allocate the coredump
+         * memory under the user's uid. This also ensures that the credentials journald will see are the ones of the
+         * coredumping user, thus making sure the user gets access to the core dump. Let's also get rid of all
+         * capabilities, if we run as root, we won't need them anymore. */
+        r = change_uid_gid(context);
+        if (r < 0)
+                return log_error_errno(r, "Failed to drop privileges: %m");
+
+#ifdef HAVE_ELFUTILS
+        /* Try to get a strack trace if we can */
+        if (coredump_size <= arg_process_size_max) {
+                _cleanup_free_ char *stacktrace = NULL;
+
+                r = coredump_make_stack_trace(coredump_fd, context[CONTEXT_EXE], &stacktrace);
+                if (r >= 0)
+                        core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], " (", context[CONTEXT_COMM], ") of user ", context[CONTEXT_UID], " dumped core.\n\n", stacktrace, NULL);
+                else if (r == -EINVAL)
+                        log_warning("Failed to generate stack trace: %s", dwfl_errmsg(dwfl_errno()));
+                else
+                        log_warning_errno(r, "Failed to generate stack trace: %m");
+        }
+
+        if (!core_message)
+#endif
+log:
+        core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], " (", context[CONTEXT_COMM], ") of user ", context[CONTEXT_UID], " dumped core.", NULL);
+        if (core_message)
+                IOVEC_SET_STRING(iovec[n_iovec++], core_message);
+
+        /* Optionally store the entire coredump in the journal */
+        if (IN_SET(arg_storage, COREDUMP_STORAGE_JOURNAL, COREDUMP_STORAGE_BOTH) &&
+            coredump_size <= arg_journal_size_max) {
+                size_t sz = 0;
+
+                /* Store the coredump itself in the journal */
+
+                r = allocate_journal_field(coredump_fd, (size_t) coredump_size, &coredump_data, &sz);
+                if (r >= 0) {
+                        iovec[n_iovec].iov_base = coredump_data;
+                        iovec[n_iovec].iov_len = sz;
+                        n_iovec++;
+                }
+        }
+
+        assert(n_iovec <= n_iovec_allocated);
+
+        r = sd_journal_sendv(iovec, n_iovec);
+        if (r < 0)
+                return log_error_errno(r, "Failed to log coredump: %m");
+
+        return 0;
+}
+
+static void map_context_fields(const struct iovec *iovec, const char *context[]) {
+
+        static const char * const context_field_names[_CONTEXT_MAX] = {
+                [CONTEXT_PID] = "COREDUMP_PID=",
+                [CONTEXT_UID] = "COREDUMP_UID=",
+                [CONTEXT_GID] = "COREDUMP_GID=",
+                [CONTEXT_SIGNAL] = "COREDUMP_SIGNAL=",
+                [CONTEXT_TIMESTAMP] = "COREDUMP_TIMESTAMP=",
+                [CONTEXT_COMM] = "COREDUMP_COMM=",
+                [CONTEXT_EXE] = "COREDUMP_EXE=",
+                [CONTEXT_RLIMIT] = "COREDUMP_RLIMIT=",
+        };
+
+        unsigned i;
+
+        assert(iovec);
+        assert(context);
+
+        for (i = 0; i < _CONTEXT_MAX; i++) {
+                size_t l;
+
+                l = strlen(context_field_names[i]);
+                if (iovec->iov_len < l)
+                        continue;
+
+                if (memcmp(iovec->iov_base, context_field_names[i], l) != 0)
+                        continue;
+
+                /* Note that these strings are NUL terminated, because we made sure that a trailing NUL byte is in the
+                 * buffer, though not included in the iov_len count. (see below) */
+                context[i] = (char*) iovec->iov_base + l;
+                break;
+        }
+}
+
+static int process_socket(int fd) {
+        _cleanup_close_ int coredump_fd = -1;
+        struct iovec *iovec = NULL;
+        size_t n_iovec = 0, n_iovec_allocated = 0, i;
+        const char *context[_CONTEXT_MAX] = {};
+        int r;
+
+        assert(fd >= 0);
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        for (;;) {
+                union {
+                        struct cmsghdr cmsghdr;
+                        uint8_t buf[CMSG_SPACE(sizeof(int))];
+                } control = {};
+                struct msghdr mh = {
+                        .msg_control = &control,
+                        .msg_controllen = sizeof(control),
+                        .msg_iovlen = 1,
+                };
+                ssize_t n;
+                ssize_t l;
+
+                if (!GREEDY_REALLOC(iovec, n_iovec_allocated, n_iovec + 3)) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                l = next_datagram_size_fd(fd);
+                if (l < 0) {
+                        r = log_error_errno(l, "Failed to determine datagram size to read: %m");
+                        goto finish;
+                }
+
+                assert(l >= 0);
+
+                iovec[n_iovec].iov_len = l;
+                iovec[n_iovec].iov_base = malloc(l + 1);
+
+                if (!iovec[n_iovec].iov_base) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                mh.msg_iov = iovec + n_iovec;
+
+                n = recvmsg(fd, &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
+                if (n < 0)  {
+                        free(iovec[n_iovec].iov_base);
+                        r = log_error_errno(errno, "Failed to receive datagram: %m");
+                        goto finish;
+                }
+
+                if (n == 0) {
+                        struct cmsghdr *cmsg, *found = NULL;
+                        /* The final zero-length datagram carries the file descriptor and tells us that we're done. */
+
+                        free(iovec[n_iovec].iov_base);
+
+                        CMSG_FOREACH(cmsg, &mh) {
+                                if (cmsg->cmsg_level == SOL_SOCKET &&
+                                    cmsg->cmsg_type == SCM_RIGHTS &&
+                                    cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
+                                        assert(!found);
+                                        found = cmsg;
+                                }
+                        }
+
+                        if (!found) {
+                                log_error("Coredump file descriptor missing.");
+                                r = -EBADMSG;
+                                goto finish;
+                        }
+
+                        assert(coredump_fd < 0);
+                        coredump_fd = *(int*) CMSG_DATA(found);
+                        break;
+                }
+
+                /* Add trailing NUL byte, in case these are strings */
+                ((char*) iovec[n_iovec].iov_base)[n] = 0;
+                iovec[n_iovec].iov_len = (size_t) n;
+
+                cmsg_close_all(&mh);
+                map_context_fields(iovec + n_iovec, context);
+                n_iovec++;
+        }
+
+        if (!GREEDY_REALLOC(iovec, n_iovec_allocated, n_iovec + 3)) {
+                r = log_oom();
+                goto finish;
+        }
+
+        /* Make sure we we got all data we really need */
+        assert(context[CONTEXT_PID]);
+        assert(context[CONTEXT_UID]);
+        assert(context[CONTEXT_GID]);
+        assert(context[CONTEXT_SIGNAL]);
+        assert(context[CONTEXT_TIMESTAMP]);
+        assert(context[CONTEXT_RLIMIT]);
+        assert(context[CONTEXT_COMM]);
+        assert(coredump_fd >= 0);
+
+        r = submit_coredump(context, iovec, n_iovec_allocated, n_iovec, coredump_fd);
+
+finish:
+        for (i = 0; i < n_iovec; i++)
+                free(iovec[i].iov_base);
+        free(iovec);
+
+        return r;
+}
+
+static int send_iovec(const struct iovec iovec[], size_t n_iovec, int input_fd) {
+
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/coredump",
+        };
+        _cleanup_close_ int fd = -1;
+        size_t i;
+        int r;
+
+        assert(iovec || n_iovec <= 0);
+        assert(input_fd >= 0);
+
+        fd = socket(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0);
+        if (fd < 0)
+                return log_error_errno(errno, "Failed to create coredump socket: %m");
+
+        if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
+                return log_error_errno(errno, "Failed to connect to coredump service: %m");
+
+        for (i = 0; i < n_iovec; i++) {
+                ssize_t n;
+                assert(iovec[i].iov_len > 0);
+
+                n = send(fd, iovec[i].iov_base, iovec[i].iov_len, MSG_NOSIGNAL);
+                if (n < 0)
+                        return log_error_errno(errno, "Failed to send coredump datagram: %m");
+        }
+
+        r = send_one_fd(fd, input_fd, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to send coredump fd: %m");
+
+        return 0;
+}
+
+static int process_journald_crash(const char *context[], int input_fd) {
+        _cleanup_close_ int coredump_fd = -1, coredump_node_fd = -1;
+        _cleanup_free_ char *filename = NULL;
+        uint64_t coredump_size;
+        int r;
+
+        assert(context);
+        assert(input_fd >= 0);
+
+        /* If we are journald, we cut things short, don't write to the journal, but still create a coredump. */
+
+        if (arg_storage != COREDUMP_STORAGE_NONE)
+                arg_storage = COREDUMP_STORAGE_EXTERNAL;
+
+        r = save_external_coredump(context, input_fd, &filename, &coredump_node_fd, &coredump_fd, &coredump_size);
+        if (r < 0)
+                return r;
+
+        r = maybe_remove_external_coredump(filename, coredump_size);
+        if (r < 0)
+                return r;
+
+        log_info("Detected coredump of the journal daemon itself, diverted to %s.", filename);
+        return 0;
+}
+
+static int process_kernel(int argc, char* argv[]) {
+
+        /* The small core field we allocate on the stack, to keep things simple */
+        char
+                *core_pid = NULL, *core_uid = NULL, *core_gid = NULL, *core_signal = NULL,
+                *core_session = NULL, *core_exe = NULL, *core_comm = NULL, *core_cmdline = NULL,
+                *core_cgroup = NULL, *core_cwd = NULL, *core_root = NULL, *core_unit = NULL,
+                *core_user_unit = NULL, *core_slice = NULL, *core_timestamp = NULL, *core_rlimit = NULL;
+
+        /* The larger ones we allocate on the heap */
+        _cleanup_free_ char
+                *core_owner_uid = NULL, *core_open_fds = NULL, *core_proc_status = NULL,
+                *core_proc_maps = NULL, *core_proc_limits = NULL, *core_proc_cgroup = NULL, *core_environ = NULL;
+
+        _cleanup_free_ char *exe = NULL, *comm = NULL;
+        const char *context[_CONTEXT_MAX];
+        struct iovec iovec[25];
+        size_t n_iovec = 0;
+        uid_t owner_uid;
+        const char *p;
+        pid_t pid;
+        char *t;
+        int r;
+
+        if (argc < CONTEXT_COMM + 1) {
+                log_error("Not enough arguments passed from kernel (%i, expected %i).", argc - 1, CONTEXT_COMM + 1 - 1);
+                return -EINVAL;
+        }
+
+        r = parse_pid(argv[CONTEXT_PID + 1], &pid);
+        if (r < 0)
+                return log_error_errno(r, "Failed to parse PID.");
+
+        r = get_process_comm(pid, &comm);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to get COMM, falling back to the command line: %m");
+                comm = strv_join(argv + CONTEXT_COMM + 1, " ");
+                if (!comm)
+                        return log_oom();
+        }
+
+        r = get_process_exe(pid, &exe);
+        if (r < 0)
+                log_warning_errno(r, "Failed to get EXE, ignoring: %m");
+
+        context[CONTEXT_PID] = argv[CONTEXT_PID + 1];
+        context[CONTEXT_UID] = argv[CONTEXT_UID + 1];
+        context[CONTEXT_GID] = argv[CONTEXT_GID + 1];
+        context[CONTEXT_SIGNAL] = argv[CONTEXT_SIGNAL + 1];
+        context[CONTEXT_TIMESTAMP] = argv[CONTEXT_TIMESTAMP + 1];
+        context[CONTEXT_RLIMIT] = argv[CONTEXT_RLIMIT + 1];
+        context[CONTEXT_COMM] = comm;
+        context[CONTEXT_EXE] = exe;
+
+        if (cg_pid_get_unit(pid, &t) >= 0) {
+
+                if (streq(t, SPECIAL_JOURNALD_SERVICE)) {
+                        free(t);
+                        return process_journald_crash(context, STDIN_FILENO);
+                }
+
+                core_unit = strjoina("COREDUMP_UNIT=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_unit);
+        }
+
+        /* OK, now we know it's not the journal, hence we can make use of it now. */
+        log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
+        log_open();
+
+        if (cg_pid_get_user_unit(pid, &t) >= 0) {
+                core_user_unit = strjoina("COREDUMP_USER_UNIT=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_user_unit);
+        }
+
+        core_pid = strjoina("COREDUMP_PID=", context[CONTEXT_PID]);
+        IOVEC_SET_STRING(iovec[n_iovec++], core_pid);
+
+        core_uid = strjoina("COREDUMP_UID=", context[CONTEXT_UID]);
+        IOVEC_SET_STRING(iovec[n_iovec++], core_uid);
+
+        core_gid = strjoina("COREDUMP_GID=", context[CONTEXT_GID]);
+        IOVEC_SET_STRING(iovec[n_iovec++], core_gid);
+
+        core_signal = strjoina("COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]);
+        IOVEC_SET_STRING(iovec[n_iovec++], core_signal);
+
+        core_rlimit = strjoina("COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]);
+        IOVEC_SET_STRING(iovec[n_iovec++], core_rlimit);
+
+        if (sd_pid_get_session(pid, &t) >= 0) {
+                core_session = strjoina("COREDUMP_SESSION=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_session);
+        }
+
+        if (sd_pid_get_owner_uid(pid, &owner_uid) >= 0) {
+                r = asprintf(&core_owner_uid, "COREDUMP_OWNER_UID=" UID_FMT, owner_uid);
+                if (r > 0)
+                        IOVEC_SET_STRING(iovec[n_iovec++], core_owner_uid);
+        }
+
+        if (sd_pid_get_slice(pid, &t) >= 0) {
+                core_slice = strjoina("COREDUMP_SLICE=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_slice);
+        }
+
+        if (comm) {
+                core_comm = strjoina("COREDUMP_COMM=", comm);
+                IOVEC_SET_STRING(iovec[n_iovec++], core_comm);
+        }
+
+        if (exe) {
+                core_exe = strjoina("COREDUMP_EXE=", exe);
+                IOVEC_SET_STRING(iovec[n_iovec++], core_exe);
+        }
+
+        if (get_process_cmdline(pid, 0, false, &t) >= 0) {
+                core_cmdline = strjoina("COREDUMP_CMDLINE=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_cmdline);
+        }
+
+        if (cg_pid_get_path_shifted(pid, NULL, &t) >= 0) {
+                core_cgroup = strjoina("COREDUMP_CGROUP=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_cgroup);
+        }
+
+        if (compose_open_fds(pid, &t) >= 0) {
+                core_open_fds = strappend("COREDUMP_OPEN_FDS=", t);
+                free(t);
+
+                if (core_open_fds)
+                        IOVEC_SET_STRING(iovec[n_iovec++], core_open_fds);
+        }
+
+        p = procfs_file_alloca(pid, "status");
+        if (read_full_file(p, &t, NULL) >= 0) {
+                core_proc_status = strappend("COREDUMP_PROC_STATUS=", t);
+                free(t);
+
+                if (core_proc_status)
+                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_status);
+        }
+
+        p = procfs_file_alloca(pid, "maps");
+        if (read_full_file(p, &t, NULL) >= 0) {
+                core_proc_maps = strappend("COREDUMP_PROC_MAPS=", t);
+                free(t);
+
+                if (core_proc_maps)
+                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_maps);
+        }
+
+        p = procfs_file_alloca(pid, "limits");
+        if (read_full_file(p, &t, NULL) >= 0) {
+                core_proc_limits = strappend("COREDUMP_PROC_LIMITS=", t);
+                free(t);
+
+                if (core_proc_limits)
+                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_limits);
+        }
+
+        p = procfs_file_alloca(pid, "cgroup");
+        if (read_full_file(p, &t, NULL) >=0) {
+                core_proc_cgroup = strappend("COREDUMP_PROC_CGROUP=", t);
+                free(t);
+
+                if (core_proc_cgroup)
+                        IOVEC_SET_STRING(iovec[n_iovec++], core_proc_cgroup);
+        }
+
+        if (get_process_cwd(pid, &t) >= 0) {
+                core_cwd = strjoina("COREDUMP_CWD=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_cwd);
+        }
+
+        if (get_process_root(pid, &t) >= 0) {
+                core_root = strjoina("COREDUMP_ROOT=", t);
+                free(t);
+
+                IOVEC_SET_STRING(iovec[n_iovec++], core_root);
+        }
+
+        if (get_process_environ(pid, &t) >= 0) {
+                core_environ = strappend("COREDUMP_ENVIRON=", t);
+                free(t);
+
+                if (core_environ)
+                        IOVEC_SET_STRING(iovec[n_iovec++], core_environ);
+        }
+
+        core_timestamp = strjoina("COREDUMP_TIMESTAMP=", context[CONTEXT_TIMESTAMP], "000000");
+        IOVEC_SET_STRING(iovec[n_iovec++], core_timestamp);
+
+        IOVEC_SET_STRING(iovec[n_iovec++], "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1");
+
+        assert_cc(2 == LOG_CRIT);
+        IOVEC_SET_STRING(iovec[n_iovec++], "PRIORITY=2");
+
+        assert(n_iovec <= ELEMENTSOF(iovec));
+
+        return send_iovec(iovec, n_iovec, STDIN_FILENO);
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+
+        /* First, log to a safe place, since we don't know what crashed and it might be journald which we'd rather not
+         * log to then. */
+
+        log_set_target(LOG_TARGET_KMSG);
+        log_open();
+
+        /* Make sure we never enter a loop */
+        (void) prctl(PR_SET_DUMPABLE, 0);
+
+        /* Ignore all parse errors */
+        (void) parse_config();
+
+        log_debug("Selected storage '%s'.", coredump_storage_to_string(arg_storage));
+        log_debug("Selected compression %s.", yes_no(arg_compress));
+
+        r = sd_listen_fds(false);
+        if (r < 0) {
+                log_error_errno(r, "Failed to determine number of file descriptor: %m");
+                goto finish;
+        }
+
+        /* If we got an fd passed, we are running in coredumpd mode. Otherwise we are invoked from the kernel as
+         * coredump handler */
+        if (r == 0)
+                r = process_kernel(argc, argv);
+        else if (r == 1)
+                r = process_socket(SD_LISTEN_FDS_START);
+        else {
+                log_error("Received unexpected number of file descriptors.");
+                r = -EINVAL;
+        }
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/coredump/coredump.conf b/src/grp-coredump/systemd-coredump/coredump.conf
index c2f0643e03..c2f0643e03 100644
--- a/src/coredump/coredump.conf
+++ b/src/grp-coredump/systemd-coredump/coredump.conf
diff --git a/src/coredump/stacktrace.c b/src/grp-coredump/systemd-coredump/stacktrace.c
index cc4dad9465..cc4dad9465 100644
--- a/src/coredump/stacktrace.c
+++ b/src/grp-coredump/systemd-coredump/stacktrace.c
diff --git a/src/coredump/stacktrace.h b/src/grp-coredump/systemd-coredump/stacktrace.h
index 15e9c04465..15e9c04465 100644
--- a/src/coredump/stacktrace.h
+++ b/src/grp-coredump/systemd-coredump/stacktrace.h
diff --git a/src/coredump/test-coredump-vacuum.c b/src/grp-coredump/systemd-coredump/test-coredump-vacuum.c
index 70a57f183f..70a57f183f 100644
--- a/src/coredump/test-coredump-vacuum.c
+++ b/src/grp-coredump/systemd-coredump/test-coredump-vacuum.c
diff --git a/src/grp-helperunits/systemd-backlight/Makefile b/src/grp-helperunits/systemd-backlight/Makefile
new file mode 100644
index 0000000000..cf55ac4db9
--- /dev/null
+++ b/src/grp-helperunits/systemd-backlight/Makefile
@@ -0,0 +1,43 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_BACKLIGHT),)
+rootlibexec_PROGRAMS += \
+	systemd-backlight
+
+nodist_systemunit_DATA += \
+	units/systemd-backlight@.service
+
+systemd_backlight_SOURCES = \
+	src/backlight/backlight.c
+
+systemd_backlight_LDADD = \
+	libshared.la
+endif # ENABLE_BACKLIGHT
+
+EXTRA_DIST += \
+	units/systemd-backlight@.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/backlight/backlight.c b/src/grp-helperunits/systemd-backlight/backlight.c
index 45be135a23..45be135a23 100644
--- a/src/backlight/backlight.c
+++ b/src/grp-helperunits/systemd-backlight/backlight.c
diff --git a/src/grp-helperunits/systemd-binfmt/Makefile b/src/grp-helperunits/systemd-binfmt/Makefile
new file mode 100644
index 0000000000..3e5c1ac270
--- /dev/null
+++ b/src/grp-helperunits/systemd-binfmt/Makefile
@@ -0,0 +1,56 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_BINFMT),)
+systemd_binfmt_SOURCES = \
+	src/binfmt/binfmt.c
+
+systemd_binfmt_LDADD = \
+	libshared.la
+
+rootlibexec_PROGRAMS += \
+	systemd-binfmt
+
+dist_systemunit_DATA += \
+	units/proc-sys-fs-binfmt_misc.automount \
+	units/proc-sys-fs-binfmt_misc.mount
+
+nodist_systemunit_DATA += \
+	units/systemd-binfmt.service
+
+INSTALL_DIRS += \
+	$(prefix)/lib/binfmt.d \
+	$(sysconfdir)/binfmt.d
+
+SYSINIT_TARGET_WANTS += \
+	systemd-binfmt.service \
+	proc-sys-fs-binfmt_misc.automount
+
+endif # ENABLE_BINFMT
+
+EXTRA_DIST += \
+	units/systemd-binfmt.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/binfmt/binfmt.c b/src/grp-helperunits/systemd-binfmt/binfmt.c
index eeef04fb1c..eeef04fb1c 100644
--- a/src/binfmt/binfmt.c
+++ b/src/grp-helperunits/systemd-binfmt/binfmt.c
diff --git a/src/grp-helperunits/systemd-detect-virt/Makefile b/src/grp-helperunits/systemd-detect-virt/Makefile
new file mode 100644
index 0000000000..7b9b9f667b
--- /dev/null
+++ b/src/grp-helperunits/systemd-detect-virt/Makefile
@@ -0,0 +1,36 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-detect-virt
+systemd_detect_virt_SOURCES = \
+	src/detect-virt/detect-virt.c
+
+systemd_detect_virt_LDADD = \
+	libshared.la
+
+INSTALL_EXEC_HOOKS += \
+	systemd-detect-virt-install-hook
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/detect-virt/detect-virt.c b/src/grp-helperunits/systemd-detect-virt/detect-virt.c
index 5d51589a31..5d51589a31 100644
--- a/src/detect-virt/detect-virt.c
+++ b/src/grp-helperunits/systemd-detect-virt/detect-virt.c
diff --git a/src/grp-helperunits/systemd-quotacheck/Makefile b/src/grp-helperunits/systemd-quotacheck/Makefile
new file mode 100644
index 0000000000..4220946f39
--- /dev/null
+++ b/src/grp-helperunits/systemd-quotacheck/Makefile
@@ -0,0 +1,46 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_QUOTACHECK),)
+rootlibexec_PROGRAMS += \
+	systemd-quotacheck
+
+nodist_systemunit_DATA += \
+	units/systemd-quotacheck.service
+
+systemd_quotacheck_SOURCES = \
+	src/quotacheck/quotacheck.c
+
+systemd_quotacheck_LDADD = \
+	libshared.la
+endif # ENABLE_QUOTACHECK
+
+EXTRA_DIST += \
+	units/systemd-quotacheck.service.in
+
+nodist_systemunit_DATA += \
+	units/quotaon.service
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/quotacheck/quotacheck.c b/src/grp-helperunits/systemd-quotacheck/quotacheck.c
index 6d8c05f046..6d8c05f046 100644
--- a/src/quotacheck/quotacheck.c
+++ b/src/grp-helperunits/systemd-quotacheck/quotacheck.c
diff --git a/src/grp-helperunits/systemd-random-seed/Makefile b/src/grp-helperunits/systemd-random-seed/Makefile
new file mode 100644
index 0000000000..56d1af7431
--- /dev/null
+++ b/src/grp-helperunits/systemd-random-seed/Makefile
@@ -0,0 +1,47 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_RANDOMSEED),)
+rootlibexec_PROGRAMS += \
+	systemd-random-seed
+
+nodist_systemunit_DATA += \
+	units/systemd-random-seed.service
+
+systemd_random_seed_SOURCES = \
+	src/random-seed/random-seed.c
+
+systemd_random_seed_LDADD = \
+	libshared.la
+
+SYSINIT_TARGET_WANTS += \
+	systemd-random-seed.service
+
+endif # ENABLE_RANDOMSEED
+
+EXTRA_DIST += \
+	units/systemd-random-seed.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/random-seed/random-seed.c b/src/grp-helperunits/systemd-random-seed/random-seed.c
index 6748bb9dd3..6748bb9dd3 100644
--- a/src/random-seed/random-seed.c
+++ b/src/grp-helperunits/systemd-random-seed/random-seed.c
diff --git a/src/grp-helperunits/systemd-rfkill/Makefile b/src/grp-helperunits/systemd-rfkill/Makefile
new file mode 100644
index 0000000000..2b4430b712
--- /dev/null
+++ b/src/grp-helperunits/systemd-rfkill/Makefile
@@ -0,0 +1,46 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_RFKILL),)
+rootlibexec_PROGRAMS += \
+	systemd-rfkill
+
+nodist_systemunit_DATA += \
+	units/systemd-rfkill.service
+
+dist_systemunit_DATA += \
+	units/systemd-rfkill.socket
+
+systemd_rfkill_SOURCES = \
+	src/rfkill/rfkill.c
+
+systemd_rfkill_LDADD = \
+	libshared.la
+endif # ENABLE_RFKILL
+
+EXTRA_DIST += \
+	units/systemd-rfkill.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-helperunits/systemd-rfkill/rfkill.c b/src/grp-helperunits/systemd-rfkill/rfkill.c
new file mode 100644
index 0000000000..f0b0ad9275
--- /dev/null
+++ b/src/grp-helperunits/systemd-rfkill/rfkill.c
@@ -0,0 +1,426 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <linux/rfkill.h>
+#include <poll.h>
+
+#include "libudev.h"
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "io-util.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "proc-cmdline.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "udev-util.h"
+#include "util.h"
+
+#define EXIT_USEC (5 * USEC_PER_SEC)
+
+static const char* const rfkill_type_table[NUM_RFKILL_TYPES] = {
+        [RFKILL_TYPE_ALL] = "all",
+        [RFKILL_TYPE_WLAN] = "wlan",
+        [RFKILL_TYPE_BLUETOOTH] = "bluetooth",
+        [RFKILL_TYPE_UWB] = "uwb",
+        [RFKILL_TYPE_WIMAX] = "wimax",
+        [RFKILL_TYPE_WWAN] = "wwan",
+        [RFKILL_TYPE_GPS] = "gps",
+        [RFKILL_TYPE_FM] = "fm",
+        [RFKILL_TYPE_NFC] = "nfc",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(rfkill_type, int);
+
+static int find_device(
+                struct udev *udev,
+                const struct rfkill_event *event,
+                struct udev_device **ret) {
+
+        _cleanup_free_ char *sysname = NULL;
+        struct udev_device *device;
+        const char *name;
+
+        assert(udev);
+        assert(event);
+        assert(ret);
+
+        if (asprintf(&sysname, "rfkill%i", event->idx) < 0)
+                return log_oom();
+
+        device = udev_device_new_from_subsystem_sysname(udev, "rfkill", sysname);
+        if (!device)
+                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open device: %m");
+
+        name = udev_device_get_sysattr_value(device, "name");
+        if (!name) {
+                log_debug("Device has no name, ignoring.");
+                udev_device_unref(device);
+                return -ENOENT;
+        }
+
+        log_debug("Operating on rfkill device '%s'.", name);
+
+        *ret = device;
+        return 0;
+}
+
+static int wait_for_initialized(
+                struct udev *udev,
+                struct udev_device *device,
+                struct udev_device **ret) {
+
+        _cleanup_udev_monitor_unref_ struct udev_monitor *monitor = NULL;
+        struct udev_device *d;
+        const char *sysname;
+        int watch_fd, r;
+
+        assert(udev);
+        assert(device);
+        assert(ret);
+
+        if (udev_device_get_is_initialized(device) != 0) {
+                *ret = udev_device_ref(device);
+                return 0;
+        }
+
+        assert_se(sysname = udev_device_get_sysname(device));
+
+        /* Wait until the device is initialized, so that we can get
+         * access to the ID_PATH property */
+
+        monitor = udev_monitor_new_from_netlink(udev, "udev");
+        if (!monitor)
+                return log_error_errno(errno, "Failed to acquire monitor: %m");
+
+        r = udev_monitor_filter_add_match_subsystem_devtype(monitor, "rfkill", NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add rfkill udev match to monitor: %m");
+
+        r = udev_monitor_enable_receiving(monitor);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enable udev receiving: %m");
+
+        watch_fd = udev_monitor_get_fd(monitor);
+        if (watch_fd < 0)
+                return log_error_errno(watch_fd, "Failed to get watch fd: %m");
+
+        /* Check again, maybe things changed */
+        d = udev_device_new_from_subsystem_sysname(udev, "rfkill", sysname);
+        if (!d)
+                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open device: %m");
+
+        if (udev_device_get_is_initialized(d) != 0) {
+                *ret = d;
+                return 0;
+        }
+
+        for (;;) {
+                _cleanup_udev_device_unref_ struct udev_device *t = NULL;
+
+                r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
+                if (r == -EINTR)
+                        continue;
+                if (r < 0)
+                        return log_error_errno(r, "Failed to watch udev monitor: %m");
+
+                t = udev_monitor_receive_device(monitor);
+                if (!t)
+                        continue;
+
+                if (streq_ptr(udev_device_get_sysname(device), sysname)) {
+                        *ret = udev_device_ref(t);
+                        return 0;
+                }
+        }
+}
+
+static int determine_state_file(
+                struct udev *udev,
+                const struct rfkill_event *event,
+                struct udev_device *d,
+                char **ret) {
+
+        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
+        const char *path_id, *type;
+        char *state_file;
+        int r;
+
+        assert(event);
+        assert(d);
+        assert(ret);
+
+        r = wait_for_initialized(udev, d, &device);
+        if (r < 0)
+                return r;
+
+        assert_se(type = rfkill_type_to_string(event->type));
+
+        path_id = udev_device_get_property_value(device, "ID_PATH");
+        if (path_id) {
+                _cleanup_free_ char *escaped_path_id = NULL;
+
+                escaped_path_id = cescape(path_id);
+                if (!escaped_path_id)
+                        return log_oom();
+
+                state_file = strjoin("/var/lib/systemd/rfkill/", escaped_path_id, ":", type, NULL);
+        } else
+                state_file = strjoin("/var/lib/systemd/rfkill/", type, NULL);
+
+        if (!state_file)
+                return log_oom();
+
+        *ret = state_file;
+        return 0;
+}
+
+static int load_state(
+                int rfkill_fd,
+                struct udev *udev,
+                const struct rfkill_event *event) {
+
+        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
+        _cleanup_free_ char *state_file = NULL, *value = NULL;
+        struct rfkill_event we;
+        ssize_t l;
+        int b, r;
+
+        assert(rfkill_fd >= 0);
+        assert(udev);
+        assert(event);
+
+        if (shall_restore_state() == 0)
+                return 0;
+
+        r = find_device(udev, event, &device);
+        if (r < 0)
+                return r;
+
+        r = determine_state_file(udev, event, device, &state_file);
+        if (r < 0)
+                return r;
+
+        r = read_one_line_file(state_file, &value);
+        if (r == -ENOENT) {
+                /* No state file? Then save the current state */
+
+                r = write_string_file(state_file, one_zero(event->soft), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to write state file %s: %m", state_file);
+
+                log_debug("Saved state '%s' to %s.", one_zero(event->soft), state_file);
+                return 0;
+        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to read state file %s: %m", state_file);
+
+        b = parse_boolean(value);
+        if (b < 0)
+                return log_error_errno(b, "Failed to parse state file %s: %m", state_file);
+
+        we = (struct rfkill_event) {
+                .op = RFKILL_OP_CHANGE,
+                .idx = event->idx,
+                .soft = b,
+        };
+
+        l = write(rfkill_fd, &we, sizeof(we));
+        if (l < 0)
+                return log_error_errno(errno, "Failed to restore rfkill state for %i: %m", event->idx);
+        if (l != sizeof(we)) {
+                log_error("Couldn't write rfkill event structure, too short.");
+                return -EIO;
+        }
+
+        log_debug("Loaded state '%s' from %s.", one_zero(b), state_file);
+        return 0;
+}
+
+static int save_state(
+                int rfkill_fd,
+                struct udev *udev,
+                const struct rfkill_event *event) {
+
+        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
+        _cleanup_free_ char *state_file = NULL;
+        int r;
+
+        assert(rfkill_fd >= 0);
+        assert(udev);
+        assert(event);
+
+        r = find_device(udev, event, &device);
+        if (r < 0)
+                return r;
+
+        r = determine_state_file(udev, event, device, &state_file);
+        if (r < 0)
+                return r;
+
+        r = write_string_file(state_file, one_zero(event->soft), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write state file %s: %m", state_file);
+
+        log_debug("Saved state '%s' to %s.", one_zero(event->soft), state_file);
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        _cleanup_close_ int rfkill_fd = -1;
+        bool ready = false;
+        int r, n;
+
+        if (argc > 1) {
+                log_error("This program requires no arguments.");
+                return EXIT_FAILURE;
+        }
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        udev = udev_new();
+        if (!udev) {
+                r = log_oom();
+                goto finish;
+        }
+
+        r = mkdir_p("/var/lib/systemd/rfkill", 0755);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create rfkill directory: %m");
+                goto finish;
+        }
+
+        n = sd_listen_fds(false);
+        if (n < 0) {
+                r = log_error_errno(n, "Failed to determine whether we got any file descriptors passed: %m");
+                goto finish;
+        }
+        if (n > 1) {
+                log_error("Got too many file descriptors.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        if (n == 0) {
+                rfkill_fd = open("/dev/rfkill", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
+                if (rfkill_fd < 0) {
+                        if (errno == ENOENT) {
+                                log_debug_errno(errno, "Missing rfkill subsystem, or no device present, exiting.");
+                                r = 0;
+                                goto finish;
+                        }
+
+                        r = log_error_errno(errno, "Failed to open /dev/rfkill: %m");
+                        goto finish;
+                }
+        } else {
+                rfkill_fd = SD_LISTEN_FDS_START;
+
+                r = fd_nonblock(rfkill_fd, 1);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to make /dev/rfkill socket non-blocking: %m");
+                        goto finish;
+                }
+        }
+
+        for (;;) {
+                struct rfkill_event event;
+                const char *type;
+                ssize_t l;
+
+                l = read(rfkill_fd, &event, sizeof(event));
+                if (l < 0) {
+                        if (errno == EAGAIN) {
+
+                                if (!ready) {
+                                        /* Notify manager that we are
+                                         * now finished with
+                                         * processing whatever was
+                                         * queued */
+                                        (void) sd_notify(false, "READY=1");
+                                        ready = true;
+                                }
+
+                                /* Hang around for a bit, maybe there's more coming */
+
+                                r = fd_wait_for_event(rfkill_fd, POLLIN, EXIT_USEC);
+                                if (r == -EINTR)
+                                        continue;
+                                if (r < 0) {
+                                        log_error_errno(r, "Failed to poll() on device: %m");
+                                        goto finish;
+                                }
+                                if (r > 0)
+                                        continue;
+
+                                log_debug("All events read and idle, exiting.");
+                                break;
+                        }
+
+                        log_error_errno(errno, "Failed to read from /dev/rfkill: %m");
+                }
+
+                if (l != RFKILL_EVENT_SIZE_V1) {
+                        log_error("Read event structure of invalid size.");
+                        r = -EIO;
+                        goto finish;
+                }
+
+                type = rfkill_type_to_string(event.type);
+                if (!type) {
+                        log_debug("An rfkill device of unknown type %i discovered, ignoring.", event.type);
+                        continue;
+                }
+
+                switch (event.op) {
+
+                case RFKILL_OP_ADD:
+                        log_debug("A new rfkill device has been added with index %i and type %s.", event.idx, type);
+                        (void) load_state(rfkill_fd, udev, &event);
+                        break;
+
+                case RFKILL_OP_DEL:
+                        log_debug("An rfkill device has been removed with index %i and type %s", event.idx, type);
+                        break;
+
+                case RFKILL_OP_CHANGE:
+                        log_debug("An rfkill device has changed state with index %i and type %s", event.idx, type);
+                        (void) save_state(rfkill_fd, udev, &event);
+                        break;
+
+                default:
+                        log_debug("Unknown event %i from /dev/rfkill for index %i and type %s, ignoring.", event.op, event.idx, type);
+                        break;
+                }
+        }
+
+        r = 0;
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-helperunits/systemd-sleep/Makefile b/src/grp-helperunits/systemd-sleep/Makefile
new file mode 100644
index 0000000000..3c9106638f
--- /dev/null
+++ b/src/grp-helperunits/systemd-sleep/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-sleep
+systemd_sleep_SOURCES = \
+	src/sleep/sleep.c
+
+systemd_sleep_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-helperunits/systemd-sleep/sleep.c b/src/grp-helperunits/systemd-sleep/sleep.c
new file mode 100644
index 0000000000..7f8a95728d
--- /dev/null
+++ b/src/grp-helperunits/systemd-sleep/sleep.c
@@ -0,0 +1,215 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+
+#include <systemd/sd-messages.h>
+
+#include "def.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "log.h"
+#include "sleep-config.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+static char* arg_verb = NULL;
+
+static int write_mode(char **modes) {
+        int r = 0;
+        char **mode;
+
+        STRV_FOREACH(mode, modes) {
+                int k;
+
+                k = write_string_file("/sys/power/disk", *mode, 0);
+                if (k == 0)
+                        return 0;
+
+                log_debug_errno(k, "Failed to write '%s' to /sys/power/disk: %m",
+                                *mode);
+                if (r == 0)
+                        r = k;
+        }
+
+        if (r < 0)
+                log_error_errno(r, "Failed to write mode to /sys/power/disk: %m");
+
+        return r;
+}
+
+static int write_state(FILE **f, char **states) {
+        char **state;
+        int r = 0;
+
+        STRV_FOREACH(state, states) {
+                int k;
+
+                k = write_string_stream(*f, *state, true);
+                if (k == 0)
+                        return 0;
+                log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m",
+                                *state);
+                if (r == 0)
+                        r = k;
+
+                fclose(*f);
+                *f = fopen("/sys/power/state", "we");
+                if (!*f)
+                        return log_error_errno(errno, "Failed to open /sys/power/state: %m");
+        }
+
+        return r;
+}
+
+static int execute(char **modes, char **states) {
+
+        char *arguments[] = {
+                NULL,
+                (char*) "pre",
+                arg_verb,
+                NULL
+        };
+        static const char* const dirs[] = {SYSTEM_SLEEP_PATH, NULL};
+
+        int r;
+        _cleanup_fclose_ FILE *f = NULL;
+
+        /* This file is opened first, so that if we hit an error,
+         * we can abort before modifying any state. */
+        f = fopen("/sys/power/state", "we");
+        if (!f)
+                return log_error_errno(errno, "Failed to open /sys/power/state: %m");
+
+        /* Configure the hibernation mode */
+        r = write_mode(modes);
+        if (r < 0)
+                return r;
+
+        execute_directories(dirs, DEFAULT_TIMEOUT_USEC, arguments);
+
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_SLEEP_START),
+                   LOG_MESSAGE("Suspending system..."),
+                   "SLEEP=%s", arg_verb,
+                   NULL);
+
+        r = write_state(&f, states);
+        if (r < 0)
+                return r;
+
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_SLEEP_STOP),
+                   LOG_MESSAGE("System resumed."),
+                   "SLEEP=%s", arg_verb,
+                   NULL);
+
+        arguments[1] = (char*) "post";
+        execute_directories(dirs, DEFAULT_TIMEOUT_USEC, arguments);
+
+        return r;
+}
+
+static void help(void) {
+        printf("%s COMMAND\n\n"
+               "Suspend the system, hibernate the system, or both.\n\n"
+               "Commands:\n"
+               "  -h --help            Show this help and exit\n"
+               "  --version            Print version string and exit\n"
+               "  suspend              Suspend the system\n"
+               "  hibernate            Hibernate the system\n"
+               "  hybrid-sleep         Both hibernate and suspend the system\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        enum {
+                ARG_VERSION = 0x100,
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'           },
+                { "version",      no_argument,       NULL, ARG_VERSION   },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+                switch(c) {
+                case 'h':
+                        help();
+                        return 0; /* done */
+
+                case ARG_VERSION:
+                        return version();
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (argc - optind != 1) {
+                log_error("Usage: %s COMMAND",
+                          program_invocation_short_name);
+                return -EINVAL;
+        }
+
+        arg_verb = argv[optind];
+
+        if (!streq(arg_verb, "suspend") &&
+            !streq(arg_verb, "hibernate") &&
+            !streq(arg_verb, "hybrid-sleep")) {
+                log_error("Unknown command '%s'.", arg_verb);
+                return -EINVAL;
+        }
+
+        return 1 /* work to do */;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_strv_free_ char **modes = NULL, **states = NULL;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = parse_sleep_config(arg_verb, &modes, &states);
+        if (r < 0)
+                goto finish;
+
+        r = execute(modes, states);
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-helperunits/systemd-user-sessions/Makefile b/src/grp-helperunits/systemd-user-sessions/Makefile
new file mode 100644
index 0000000000..66fa3b7059
--- /dev/null
+++ b/src/grp-helperunits/systemd-user-sessions/Makefile
@@ -0,0 +1,48 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_PAM),)
+
+systemd_user_sessions_SOURCES = \
+	src/user-sessions/user-sessions.c
+
+systemd_user_sessions_LDADD = \
+	libshared.la
+
+rootlibexec_PROGRAMS += \
+	systemd-user-sessions
+
+nodist_systemunit_DATA += \
+	units/systemd-user-sessions.service
+
+MULTI_USER_TARGET_WANTS += \
+	systemd-user-sessions.service
+
+endif # HAVE_PAM
+
+EXTRA_DIST += \
+	units/systemd-user-sessions.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/user-sessions/user-sessions.c b/src/grp-helperunits/systemd-user-sessions/user-sessions.c
index 9b29b5ba1d..9b29b5ba1d 100644
--- a/src/user-sessions/user-sessions.c
+++ b/src/grp-helperunits/systemd-user-sessions/user-sessions.c
diff --git a/src/vconsole/.gitignore b/src/grp-helperunits/systemd-vconsole-setup/.gitignore
index 82741b2fb3..82741b2fb3 100644
--- a/src/vconsole/.gitignore
+++ b/src/grp-helperunits/systemd-vconsole-setup/.gitignore
diff --git a/src/vconsole/90-vconsole.rules.in b/src/grp-helperunits/systemd-vconsole-setup/90-vconsole.rules.in
index 35b9ad5151..35b9ad5151 100644
--- a/src/vconsole/90-vconsole.rules.in
+++ b/src/grp-helperunits/systemd-vconsole-setup/90-vconsole.rules.in
diff --git a/src/grp-helperunits/systemd-vconsole-setup/Makefile b/src/grp-helperunits/systemd-vconsole-setup/Makefile
new file mode 100644
index 0000000000..99b369967e
--- /dev/null
+++ b/src/grp-helperunits/systemd-vconsole-setup/Makefile
@@ -0,0 +1,50 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_VCONSOLE),)
+systemd_vconsole_setup_SOURCES = \
+	src/vconsole/vconsole-setup.c
+
+systemd_vconsole_setup_LDADD = \
+	libshared.la
+
+rootlibexec_PROGRAMS += \
+	systemd-vconsole-setup
+
+nodist_udevrules_DATA += \
+	src/vconsole/90-vconsole.rules
+
+nodist_systemunit_DATA += \
+	units/systemd-vconsole-setup.service
+
+SYSINIT_TARGET_WANTS += \
+	systemd-vconsole-setup.service
+endif # ENABLE_VCONSOLE
+
+EXTRA_DIST += \
+	src/vconsole/90-vconsole.rules.in \
+	units/systemd-vconsole-setup.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/vconsole/vconsole-setup.c b/src/grp-helperunits/systemd-vconsole-setup/vconsole-setup.c
index 1118118450..1118118450 100644
--- a/src/vconsole/vconsole-setup.c
+++ b/src/grp-helperunits/systemd-vconsole-setup/vconsole-setup.c
diff --git a/src/hostname/.gitignore b/src/grp-hostname/.gitignore
index 1ff281b231..1ff281b231 100644
--- a/src/hostname/.gitignore
+++ b/src/grp-hostname/.gitignore
diff --git a/src/grp-hostname/Makefile b/src/grp-hostname/Makefile
new file mode 100644
index 0000000000..911188454c
--- /dev/null
+++ b/src/grp-hostname/Makefile
@@ -0,0 +1,79 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_HOSTNAMED),)
+systemd_hostnamed_SOURCES = \
+	src/hostname/hostnamed.c
+
+systemd_hostnamed_LDADD = \
+	libshared.la
+
+rootlibexec_PROGRAMS += \
+	systemd-hostnamed
+
+nodist_systemunit_DATA += \
+	units/systemd-hostnamed.service
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.hostname1.busname
+
+dist_dbuspolicy_DATA += \
+	src/hostname/org.freedesktop.hostname1.conf
+
+dist_dbussystemservice_DATA += \
+	src/hostname/org.freedesktop.hostname1.service
+
+polkitpolicy_files += \
+	src/hostname/org.freedesktop.hostname1.policy
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-hostnamed.service dbus-org.freedesktop.hostname1.service
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.hostname1.busname
+
+hostnamectl_SOURCES = \
+	src/hostname/hostnamectl.c
+
+hostnamectl_LDADD = \
+	libshared.la
+
+bin_PROGRAMS += \
+	hostnamectl
+
+dist_bashcompletion_data += \
+	shell-completion/bash/hostnamectl
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_hostnamectl
+endif # ENABLE_HOSTNAMED
+
+polkitpolicy_in_files += \
+	src/hostname/org.freedesktop.hostname1.policy.in
+
+EXTRA_DIST += \
+	units/systemd-hostnamed.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-hostname/hostnamectl.c b/src/grp-hostname/hostnamectl.c
new file mode 100644
index 0000000000..aabc3b30c0
--- /dev/null
+++ b/src/grp-hostname/hostnamectl.c
@@ -0,0 +1,529 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+#include <locale.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "architecture.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "hostname-util.h"
+#include "spawn-polkit-agent.h"
+#include "util.h"
+
+static bool arg_ask_password = true;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static char *arg_host = NULL;
+static bool arg_transient = false;
+static bool arg_pretty = false;
+static bool arg_static = false;
+
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+        if (!arg_ask_password)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
+typedef struct StatusInfo {
+        char *hostname;
+        char *static_hostname;
+        char *pretty_hostname;
+        char *icon_name;
+        char *chassis;
+        char *deployment;
+        char *location;
+        char *kernel_name;
+        char *kernel_release;
+        char *os_pretty_name;
+        char *os_cpe_name;
+        char *virtualization;
+        char *architecture;
+} StatusInfo;
+
+static void print_status_info(StatusInfo *i) {
+        sd_id128_t mid = {}, bid = {};
+        int r;
+
+        assert(i);
+
+        printf("   Static hostname: %s\n", strna(i->static_hostname));
+
+        if (!isempty(i->pretty_hostname) &&
+            !streq_ptr(i->pretty_hostname, i->static_hostname))
+                printf("   Pretty hostname: %s\n", i->pretty_hostname);
+
+        if (!isempty(i->hostname) &&
+            !streq_ptr(i->hostname, i->static_hostname))
+                printf("Transient hostname: %s\n", i->hostname);
+
+        if (!isempty(i->icon_name))
+                printf("         Icon name: %s\n",
+                       strna(i->icon_name));
+
+        if (!isempty(i->chassis))
+                printf("           Chassis: %s\n",
+                       strna(i->chassis));
+
+        if (!isempty(i->deployment))
+                printf("        Deployment: %s\n", i->deployment);
+
+        if (!isempty(i->location))
+                printf("          Location: %s\n", i->location);
+
+        r = sd_id128_get_machine(&mid);
+        if (r >= 0)
+                printf("        Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(mid));
+
+        r = sd_id128_get_boot(&bid);
+        if (r >= 0)
+                printf("           Boot ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(bid));
+
+        if (!isempty(i->virtualization))
+                printf("    Virtualization: %s\n", i->virtualization);
+
+        if (!isempty(i->os_pretty_name))
+                printf("  Operating System: %s\n", i->os_pretty_name);
+
+        if (!isempty(i->os_cpe_name))
+                printf("       CPE OS Name: %s\n", i->os_cpe_name);
+
+        if (!isempty(i->kernel_name) && !isempty(i->kernel_release))
+                printf("            Kernel: %s %s\n", i->kernel_name, i->kernel_release);
+
+        if (!isempty(i->architecture))
+                printf("      Architecture: %s\n", i->architecture);
+
+}
+
+static int show_one_name(sd_bus *bus, const char* attr) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *s;
+        int r;
+
+        r = sd_bus_get_property(
+                        bus,
+                        "org.freedesktop.hostname1",
+                        "/org/freedesktop/hostname1",
+                        "org.freedesktop.hostname1",
+                        attr,
+                        &error, &reply, "s");
+        if (r < 0) {
+                log_error("Could not get property: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "s", &s);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        printf("%s\n", s);
+
+        return 0;
+}
+
+static int show_all_names(sd_bus *bus) {
+        StatusInfo info = {};
+
+        static const struct bus_properties_map hostname_map[]  = {
+                { "Hostname",                  "s", NULL, offsetof(StatusInfo, hostname)        },
+                { "StaticHostname",            "s", NULL, offsetof(StatusInfo, static_hostname) },
+                { "PrettyHostname",            "s", NULL, offsetof(StatusInfo, pretty_hostname) },
+                { "IconName",                  "s", NULL, offsetof(StatusInfo, icon_name)       },
+                { "Chassis",                   "s", NULL, offsetof(StatusInfo, chassis)         },
+                { "Deployment",                "s", NULL, offsetof(StatusInfo, deployment)      },
+                { "Location",                  "s", NULL, offsetof(StatusInfo, location)        },
+                { "KernelName",                "s", NULL, offsetof(StatusInfo, kernel_name)     },
+                { "KernelRelease",             "s", NULL, offsetof(StatusInfo, kernel_release)  },
+                { "OperatingSystemPrettyName", "s", NULL, offsetof(StatusInfo, os_pretty_name)  },
+                { "OperatingSystemCPEName",    "s", NULL, offsetof(StatusInfo, os_cpe_name)     },
+                {}
+        };
+
+        static const struct bus_properties_map manager_map[] = {
+                { "Virtualization",            "s", NULL, offsetof(StatusInfo, virtualization)  },
+                { "Architecture",              "s", NULL, offsetof(StatusInfo, architecture)    },
+                {}
+        };
+
+        int r;
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.hostname1",
+                                   "/org/freedesktop/hostname1",
+                                   hostname_map,
+                                   &info);
+        if (r < 0)
+                goto fail;
+
+        bus_map_all_properties(bus,
+                               "org.freedesktop.systemd1",
+                               "/org/freedesktop/systemd1",
+                               manager_map,
+                               &info);
+
+        print_status_info(&info);
+
+fail:
+        free(info.hostname);
+        free(info.static_hostname);
+        free(info.pretty_hostname);
+        free(info.icon_name);
+        free(info.chassis);
+        free(info.deployment);
+        free(info.location);
+        free(info.kernel_name);
+        free(info.kernel_release);
+        free(info.os_pretty_name);
+        free(info.os_cpe_name);
+        free(info.virtualization);
+        free(info.architecture);
+
+        return r;
+}
+
+static int show_status(sd_bus *bus, char **args, unsigned n) {
+        assert(args);
+
+        if (arg_pretty || arg_static || arg_transient) {
+                const char *attr;
+
+                if (!!arg_static + !!arg_pretty + !!arg_transient > 1) {
+                        log_error("Cannot query more than one name type at a time");
+                        return -EINVAL;
+                }
+
+                attr = arg_pretty ? "PrettyHostname" :
+                        arg_static ? "StaticHostname" : "Hostname";
+
+                return show_one_name(bus, attr);
+        } else
+                return show_all_names(bus);
+}
+
+static int set_simple_string(sd_bus *bus, const char *method, const char *value) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r = 0;
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.hostname1",
+                        "/org/freedesktop/hostname1",
+                        "org.freedesktop.hostname1",
+                        method,
+                        &error, NULL,
+                        "sb", value, arg_ask_password);
+        if (r < 0)
+                log_error("Could not set property: %s", bus_error_message(&error, -r));
+        return r;
+}
+
+static int set_hostname(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_free_ char *h = NULL;
+        char *hostname = args[1];
+        int r;
+
+        assert(args);
+        assert(n == 2);
+
+        if (!arg_pretty && !arg_static && !arg_transient)
+                arg_pretty = arg_static = arg_transient = true;
+
+        if (arg_pretty) {
+                const char *p;
+
+                /* If the passed hostname is already valid, then
+                 * assume the user doesn't know anything about pretty
+                 * hostnames, so let's unset the pretty hostname, and
+                 * just set the passed hostname as static/dynamic
+                 * hostname. */
+
+                if (arg_static && hostname_is_valid(hostname, true)) {
+                        p = "";
+                        /* maybe get rid of trailing dot */
+                        hostname = hostname_cleanup(hostname);
+                } else {
+                        p = h = strdup(hostname);
+                        if (!p)
+                                return log_oom();
+
+                        hostname_cleanup(hostname);
+                }
+
+                r = set_simple_string(bus, "SetPrettyHostname", p);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_static) {
+                r = set_simple_string(bus, "SetStaticHostname", hostname);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_transient) {
+                r = set_simple_string(bus, "SetHostname", hostname);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int set_icon_name(sd_bus *bus, char **args, unsigned n) {
+        assert(args);
+        assert(n == 2);
+
+        return set_simple_string(bus, "SetIconName", args[1]);
+}
+
+static int set_chassis(sd_bus *bus, char **args, unsigned n) {
+        assert(args);
+        assert(n == 2);
+
+        return set_simple_string(bus, "SetChassis", args[1]);
+}
+
+static int set_deployment(sd_bus *bus, char **args, unsigned n) {
+        assert(args);
+        assert(n == 2);
+
+        return set_simple_string(bus, "SetDeployment", args[1]);
+}
+
+static int set_location(sd_bus *bus, char **args, unsigned n) {
+        assert(args);
+        assert(n == 2);
+
+        return set_simple_string(bus, "SetLocation", args[1]);
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] COMMAND ...\n\n"
+               "Query or change system hostname.\n\n"
+               "  -h --help              Show this help\n"
+               "     --version           Show package version\n"
+               "     --no-ask-password   Do not prompt for password\n"
+               "  -H --host=[USER@]HOST  Operate on remote host\n"
+               "  -M --machine=CONTAINER Operate on local container\n"
+               "     --transient         Only set transient hostname\n"
+               "     --static            Only set static hostname\n"
+               "     --pretty            Only set pretty hostname\n\n"
+               "Commands:\n"
+               "  status                 Show current hostname settings\n"
+               "  set-hostname NAME      Set system hostname\n"
+               "  set-icon-name NAME     Set icon name for host\n"
+               "  set-chassis NAME       Set chassis type for host\n"
+               "  set-deployment NAME    Set deployment environment for host\n"
+               "  set-location NAME      Set location for host\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_ASK_PASSWORD,
+                ARG_TRANSIENT,
+                ARG_STATIC,
+                ARG_PRETTY
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'                 },
+                { "version",         no_argument,       NULL, ARG_VERSION         },
+                { "transient",       no_argument,       NULL, ARG_TRANSIENT       },
+                { "static",          no_argument,       NULL, ARG_STATIC          },
+                { "pretty",          no_argument,       NULL, ARG_PRETTY          },
+                { "host",            required_argument, NULL, 'H'                 },
+                { "machine",         required_argument, NULL, 'M'                 },
+                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case ARG_TRANSIENT:
+                        arg_transient = true;
+                        break;
+
+                case ARG_PRETTY:
+                        arg_pretty = true;
+                        break;
+
+                case ARG_STATIC:
+                        arg_static = true;
+                        break;
+
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int hostnamectl_main(sd_bus *bus, int argc, char *argv[]) {
+
+        static const struct {
+                const char* verb;
+                const enum {
+                        MORE,
+                        LESS,
+                        EQUAL
+                } argc_cmp;
+                const int argc;
+                int (* const dispatch)(sd_bus *bus, char **args, unsigned n);
+        } verbs[] = {
+                { "status",           LESS,  1, show_status    },
+                { "set-hostname",     EQUAL, 2, set_hostname   },
+                { "set-icon-name",    EQUAL, 2, set_icon_name  },
+                { "set-chassis",      EQUAL, 2, set_chassis    },
+                { "set-deployment",   EQUAL, 2, set_deployment },
+                { "set-location",     EQUAL, 2, set_location   },
+        };
+
+        int left;
+        unsigned i;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        left = argc - optind;
+
+        if (left <= 0)
+                /* Special rule: no arguments means "status" */
+                i = 0;
+        else {
+                if (streq(argv[optind], "help")) {
+                        help();
+                        return 0;
+                }
+
+                for (i = 0; i < ELEMENTSOF(verbs); i++)
+                        if (streq(argv[optind], verbs[i].verb))
+                                break;
+
+                if (i >= ELEMENTSOF(verbs)) {
+                        log_error("Unknown operation %s", argv[optind]);
+                        return -EINVAL;
+                }
+        }
+
+        switch (verbs[i].argc_cmp) {
+
+        case EQUAL:
+                if (left != verbs[i].argc) {
+                        log_error("Invalid number of arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        case MORE:
+                if (left < verbs[i].argc) {
+                        log_error("Too few arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        case LESS:
+                if (left > verbs[i].argc) {
+                        log_error("Too many arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        default:
+                assert_not_reached("Unknown comparison operator.");
+        }
+
+        return verbs[i].dispatch(bus, argv + optind, left);
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create bus connection: %m");
+                goto finish;
+        }
+
+        r = hostnamectl_main(bus, argc, argv);
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/hostname/hostnamed.c b/src/grp-hostname/hostnamed.c
index d11756e615..d11756e615 100644
--- a/src/hostname/hostnamed.c
+++ b/src/grp-hostname/hostnamed.c
diff --git a/src/hostname/org.freedesktop.hostname1.conf b/src/grp-hostname/org.freedesktop.hostname1.conf
index 46b4aadc83..46b4aadc83 100644
--- a/src/hostname/org.freedesktop.hostname1.conf
+++ b/src/grp-hostname/org.freedesktop.hostname1.conf
diff --git a/src/hostname/org.freedesktop.hostname1.policy.in b/src/grp-hostname/org.freedesktop.hostname1.policy.in
index c32c1d4fda..c32c1d4fda 100644
--- a/src/hostname/org.freedesktop.hostname1.policy.in
+++ b/src/grp-hostname/org.freedesktop.hostname1.policy.in
diff --git a/src/hostname/org.freedesktop.hostname1.service b/src/grp-hostname/org.freedesktop.hostname1.service
index 6041ed60ca..6041ed60ca 100644
--- a/src/hostname/org.freedesktop.hostname1.service
+++ b/src/grp-hostname/org.freedesktop.hostname1.service
diff --git a/src/import/.gitignore b/src/grp-import/.gitignore
index 01106e2e68..01106e2e68 100644
--- a/src/import/.gitignore
+++ b/src/grp-import/.gitignore
diff --git a/src/grp-import/Makefile b/src/grp-import/Makefile
new file mode 100644
index 0000000000..46be93c42f
--- /dev/null
+++ b/src/grp-import/Makefile
@@ -0,0 +1,89 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_IMPORTD),)
+
+ifneq ($(HAVE_LIBCURL),)
+ifneq ($(HAVE_XZ),)
+ifneq ($(HAVE_ZLIB),)
+ifneq ($(HAVE_BZIP2),)
+ifneq ($(HAVE_GCRYPT),)
+
+dist_rootlibexec_DATA = \
+	src/import/import-pubring.gpg
+
+nodist_systemunit_DATA += \
+	units/systemd-importd.service
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.import1.busname
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.import1.busname
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-importd.service dbus-org.freedesktop.import1.service
+
+dist_dbussystemservice_DATA += \
+	src/import/org.freedesktop.import1.service
+
+dist_dbuspolicy_DATA += \
+	src/import/org.freedesktop.import1.conf
+
+polkitpolicy_files += \
+	src/import/org.freedesktop.import1.policy
+
+manual_tests += \
+	test-qcow2
+
+test_qcow2_SOURCES = \
+	src/import/test-qcow2.c \
+	src/import/qcow2-util.c \
+	src/import/qcow2-util.h
+
+test_qcow2_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(ZLIB_CFLAGS)
+
+test_qcow2_LDADD = \
+	libshared.la \
+	$(ZLIB_LIBS)
+
+endif # HAVE_GCRYPT
+endif # HAVE_BZIP2
+endif # HAVE_ZLIB
+endif # HAVE_XZ
+endif # HAVE_LIBCURL
+
+endif # ENABLE_IMPORTD
+
+polkitpolicy_in_files += \
+	src/import/org.freedesktop.import1.policy.in
+
+EXTRA_DIST += \
+	units/systemd-importd.service.in
+
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/import/curl-util.c b/src/grp-import/curl-util.c
index 6990c47f48..6990c47f48 100644
--- a/src/import/curl-util.c
+++ b/src/grp-import/curl-util.c
diff --git a/src/grp-import/curl-util.h b/src/grp-import/curl-util.h
new file mode 100644
index 0000000000..2e71bd3b5d
--- /dev/null
+++ b/src/grp-import/curl-util.h
@@ -0,0 +1,56 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <curl/curl.h>
+#include <sys/types.h>
+
+#include <systemd/sd-event.h>
+
+#include "hashmap.h"
+
+typedef struct CurlGlue CurlGlue;
+
+struct CurlGlue {
+        sd_event *event;
+        CURLM *curl;
+        sd_event_source *timer;
+        Hashmap *ios;
+        Hashmap *translate_fds;
+
+        void (*on_finished)(CurlGlue *g, CURL *curl, CURLcode code);
+        void *userdata;
+};
+
+int curl_glue_new(CurlGlue **glue, sd_event *event);
+CurlGlue* curl_glue_unref(CurlGlue *glue);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(CurlGlue*, curl_glue_unref);
+
+int curl_glue_make(CURL **ret, const char *url, void *userdata);
+int curl_glue_add(CurlGlue *g, CURL *c);
+void curl_glue_remove_and_free(CurlGlue *g, CURL *c);
+
+struct curl_slist *curl_slist_new(const char *first, ...) _sentinel_;
+int curl_header_strdup(const void *contents, size_t sz, const char *field, char **value);
+int curl_parse_http_time(const char *t, usec_t *ret);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(CURL*, curl_easy_cleanup);
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct curl_slist*, curl_slist_free_all);
diff --git a/src/import/org.freedesktop.import1.conf b/src/grp-import/org.freedesktop.import1.conf
index ed2539a03b..ed2539a03b 100644
--- a/src/import/org.freedesktop.import1.conf
+++ b/src/grp-import/org.freedesktop.import1.conf
diff --git a/src/import/org.freedesktop.import1.policy.in b/src/grp-import/org.freedesktop.import1.policy.in
index 85924ed743..85924ed743 100644
--- a/src/import/org.freedesktop.import1.policy.in
+++ b/src/grp-import/org.freedesktop.import1.policy.in
diff --git a/src/import/org.freedesktop.import1.service b/src/grp-import/org.freedesktop.import1.service
index 8fc4c47881..8fc4c47881 100644
--- a/src/import/org.freedesktop.import1.service
+++ b/src/grp-import/org.freedesktop.import1.service
diff --git a/src/import/qcow2-util.c b/src/grp-import/qcow2-util.c
index ee2121cc36..ee2121cc36 100644
--- a/src/import/qcow2-util.c
+++ b/src/grp-import/qcow2-util.c
diff --git a/src/import/qcow2-util.h b/src/grp-import/qcow2-util.h
index 6dddac8cdf..6dddac8cdf 100644
--- a/src/import/qcow2-util.h
+++ b/src/grp-import/qcow2-util.h
diff --git a/src/grp-import/systemd-export/Makefile b/src/grp-import/systemd-export/Makefile
new file mode 100644
index 0000000000..d0e8781faf
--- /dev/null
+++ b/src/grp-import/systemd-export/Makefile
@@ -0,0 +1,51 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-export
+
+systemd_export_SOURCES = \
+	src/import/export.c \
+	src/import/export-tar.c \
+	src/import/export-tar.h \
+	src/import/export-raw.c \
+	src/import/export-raw.h \
+	src/import/import-common.c \
+	src/import/import-common.h \
+	src/import/import-compress.c \
+	src/import/import-compress.h
+
+systemd_export_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(XZ_CFLAGS) \
+	$(ZLIB_CFLAGS) \
+	$(BZIP2_CFLAGS)
+
+systemd_export_LDADD = \
+	libshared.la \
+	$(XZ_LIBS) \
+	$(ZLIB_LIBS) \
+	$(BZIP2_LIBS)
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-import/systemd-export/export-raw.c b/src/grp-import/systemd-export/export-raw.c
new file mode 100644
index 0000000000..658f835132
--- /dev/null
+++ b/src/grp-import/systemd-export/export-raw.c
@@ -0,0 +1,352 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/sendfile.h>
+
+/* When we include libgen.h because we need dirname() we immediately
+ * undefine basename() since libgen.h defines it as a macro to the POSIX
+ * version which is really broken. We prefer GNU basename(). */
+#include <libgen.h>
+#undef basename
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "copy.h"
+#include "export-raw.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "import-common.h"
+#include "ratelimit.h"
+#include "string-util.h"
+#include "util.h"
+
+#define COPY_BUFFER_SIZE (16*1024)
+
+struct RawExport {
+        sd_event *event;
+
+        RawExportFinished on_finished;
+        void *userdata;
+
+        char *path;
+
+        int input_fd;
+        int output_fd;
+
+        ImportCompress compress;
+
+        sd_event_source *output_event_source;
+
+        void *buffer;
+        size_t buffer_size;
+        size_t buffer_allocated;
+
+        uint64_t written_compressed;
+        uint64_t written_uncompressed;
+
+        unsigned last_percent;
+        RateLimit progress_rate_limit;
+
+        struct stat st;
+
+        bool eof;
+        bool tried_reflink;
+        bool tried_sendfile;
+};
+
+RawExport *raw_export_unref(RawExport *e) {
+        if (!e)
+                return NULL;
+
+        sd_event_source_unref(e->output_event_source);
+
+        import_compress_free(&e->compress);
+
+        sd_event_unref(e->event);
+
+        safe_close(e->input_fd);
+
+        free(e->buffer);
+        free(e->path);
+        free(e);
+
+        return NULL;
+}
+
+int raw_export_new(
+                RawExport **ret,
+                sd_event *event,
+                RawExportFinished on_finished,
+                void *userdata) {
+
+        _cleanup_(raw_export_unrefp) RawExport *e = NULL;
+        int r;
+
+        assert(ret);
+
+        e = new0(RawExport, 1);
+        if (!e)
+                return -ENOMEM;
+
+        e->output_fd = e->input_fd = -1;
+        e->on_finished = on_finished;
+        e->userdata = userdata;
+
+        RATELIMIT_INIT(e->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
+        e->last_percent = (unsigned) -1;
+
+        if (event)
+                e->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&e->event);
+                if (r < 0)
+                        return r;
+        }
+
+        *ret = e;
+        e = NULL;
+
+        return 0;
+}
+
+static void raw_export_report_progress(RawExport *e) {
+        unsigned percent;
+        assert(e);
+
+        if (e->written_uncompressed >= (uint64_t) e->st.st_size)
+                percent = 100;
+        else
+                percent = (unsigned) ((e->written_uncompressed * UINT64_C(100)) / (uint64_t) e->st.st_size);
+
+        if (percent == e->last_percent)
+                return;
+
+        if (!ratelimit_test(&e->progress_rate_limit))
+                return;
+
+        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
+        log_info("Exported %u%%.", percent);
+
+        e->last_percent = percent;
+}
+
+static int raw_export_process(RawExport *e) {
+        ssize_t l;
+        int r;
+
+        assert(e);
+
+        if (!e->tried_reflink && e->compress.type == IMPORT_COMPRESS_UNCOMPRESSED) {
+
+                /* If we shall take an uncompressed snapshot we can
+                 * reflink source to destination directly. Let's see
+                 * if this works. */
+
+                r = btrfs_reflink(e->input_fd, e->output_fd);
+                if (r >= 0) {
+                        r = 0;
+                        goto finish;
+                }
+
+                e->tried_reflink = true;
+        }
+
+        if (!e->tried_sendfile && e->compress.type == IMPORT_COMPRESS_UNCOMPRESSED) {
+
+                l = sendfile(e->output_fd, e->input_fd, NULL, COPY_BUFFER_SIZE);
+                if (l < 0) {
+                        if (errno == EAGAIN)
+                                return 0;
+
+                        e->tried_sendfile = true;
+                } else if (l == 0) {
+                        r = 0;
+                        goto finish;
+                } else {
+                        e->written_uncompressed += l;
+                        e->written_compressed += l;
+
+                        raw_export_report_progress(e);
+
+                        return 0;
+                }
+        }
+
+        while (e->buffer_size <= 0) {
+                uint8_t input[COPY_BUFFER_SIZE];
+
+                if (e->eof) {
+                        r = 0;
+                        goto finish;
+                }
+
+                l = read(e->input_fd, input, sizeof(input));
+                if (l < 0) {
+                        r = log_error_errno(errno, "Failed to read raw file: %m");
+                        goto finish;
+                }
+
+                if (l == 0) {
+                        e->eof = true;
+                        r = import_compress_finish(&e->compress, &e->buffer, &e->buffer_size, &e->buffer_allocated);
+                } else {
+                        e->written_uncompressed += l;
+                        r = import_compress(&e->compress, input, l, &e->buffer, &e->buffer_size, &e->buffer_allocated);
+                }
+                if (r < 0) {
+                        r = log_error_errno(r, "Failed to encode: %m");
+                        goto finish;
+                }
+        }
+
+        l = write(e->output_fd, e->buffer, e->buffer_size);
+        if (l < 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                r = log_error_errno(errno, "Failed to write output file: %m");
+                goto finish;
+        }
+
+        assert((size_t) l <= e->buffer_size);
+        memmove(e->buffer, (uint8_t*) e->buffer + l, e->buffer_size - l);
+        e->buffer_size -= l;
+        e->written_compressed += l;
+
+        raw_export_report_progress(e);
+
+        return 0;
+
+finish:
+        if (r >= 0) {
+                (void) copy_times(e->input_fd, e->output_fd);
+                (void) copy_xattr(e->input_fd, e->output_fd);
+        }
+
+        if (e->on_finished)
+                e->on_finished(e, r, e->userdata);
+        else
+                sd_event_exit(e->event, r);
+
+        return 0;
+}
+
+static int raw_export_on_output(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        RawExport *i = userdata;
+
+        return raw_export_process(i);
+}
+
+static int raw_export_on_defer(sd_event_source *s, void *userdata) {
+        RawExport *i = userdata;
+
+        return raw_export_process(i);
+}
+
+static int reflink_snapshot(int fd, const char *path) {
+        char *p, *d;
+        int new_fd, r;
+
+        p = strdupa(path);
+        d = dirname(p);
+
+        new_fd = open(d, O_TMPFILE|O_CLOEXEC|O_NOCTTY|O_RDWR, 0600);
+        if (new_fd < 0) {
+                _cleanup_free_ char *t = NULL;
+
+                r = tempfn_random(path, NULL, &t);
+                if (r < 0)
+                        return r;
+
+                new_fd = open(t, O_CLOEXEC|O_CREAT|O_NOCTTY|O_RDWR, 0600);
+                if (new_fd < 0)
+                        return -errno;
+
+                (void) unlink(t);
+        }
+
+        r = btrfs_reflink(fd, new_fd);
+        if (r < 0) {
+                safe_close(new_fd);
+                return r;
+        }
+
+        return new_fd;
+}
+
+int raw_export_start(RawExport *e, const char *path, int fd, ImportCompressType compress) {
+        _cleanup_close_ int sfd = -1, tfd = -1;
+        int r;
+
+        assert(e);
+        assert(path);
+        assert(fd >= 0);
+        assert(compress < _IMPORT_COMPRESS_TYPE_MAX);
+        assert(compress != IMPORT_COMPRESS_UNKNOWN);
+
+        if (e->output_fd >= 0)
+                return -EBUSY;
+
+        r = fd_nonblock(fd, true);
+        if (r < 0)
+                return r;
+
+        r = free_and_strdup(&e->path, path);
+        if (r < 0)
+                return r;
+
+        sfd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+        if (sfd < 0)
+                return -errno;
+
+        if (fstat(sfd, &e->st) < 0)
+                return -errno;
+        if (!S_ISREG(e->st.st_mode))
+                return -ENOTTY;
+
+        /* Try to take a reflink snapshot of the file, if we can t make the export atomic */
+        tfd = reflink_snapshot(sfd, path);
+        if (tfd >= 0) {
+                e->input_fd = tfd;
+                tfd = -1;
+        } else {
+                e->input_fd = sfd;
+                sfd = -1;
+        }
+
+        r = import_compress_init(&e->compress, compress);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_io(e->event, &e->output_event_source, fd, EPOLLOUT, raw_export_on_output, e);
+        if (r == -EPERM) {
+                r = sd_event_add_defer(e->event, &e->output_event_source, raw_export_on_defer, e);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_enabled(e->output_event_source, SD_EVENT_ON);
+        }
+        if (r < 0)
+                return r;
+
+        e->output_fd = fd;
+        return r;
+}
diff --git a/src/grp-import/systemd-export/export-raw.h b/src/grp-import/systemd-export/export-raw.h
new file mode 100644
index 0000000000..c7ac134603
--- /dev/null
+++ b/src/grp-import/systemd-export/export-raw.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "import-compress.h"
+#include "macro.h"
+
+typedef struct RawExport RawExport;
+
+typedef void (*RawExportFinished)(RawExport *export, int error, void *userdata);
+
+int raw_export_new(RawExport **export, sd_event *event, RawExportFinished on_finished, void *userdata);
+RawExport* raw_export_unref(RawExport *export);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(RawExport*, raw_export_unref);
+
+int raw_export_start(RawExport *export, const char *path, int fd, ImportCompressType compress);
diff --git a/src/grp-import/systemd-export/export-tar.c b/src/grp-import/systemd-export/export-tar.c
new file mode 100644
index 0000000000..9c511984c1
--- /dev/null
+++ b/src/grp-import/systemd-export/export-tar.c
@@ -0,0 +1,328 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "export-tar.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "import-common.h"
+#include "process-util.h"
+#include "ratelimit.h"
+#include "string-util.h"
+#include "util.h"
+
+#define COPY_BUFFER_SIZE (16*1024)
+
+struct TarExport {
+        sd_event *event;
+
+        TarExportFinished on_finished;
+        void *userdata;
+
+        char *path;
+        char *temp_path;
+
+        int output_fd;
+        int tar_fd;
+
+        ImportCompress compress;
+
+        sd_event_source *output_event_source;
+
+        void *buffer;
+        size_t buffer_size;
+        size_t buffer_allocated;
+
+        uint64_t written_compressed;
+        uint64_t written_uncompressed;
+
+        pid_t tar_pid;
+
+        struct stat st;
+        uint64_t quota_referenced;
+
+        unsigned last_percent;
+        RateLimit progress_rate_limit;
+
+        bool eof;
+        bool tried_splice;
+};
+
+TarExport *tar_export_unref(TarExport *e) {
+        if (!e)
+                return NULL;
+
+        sd_event_source_unref(e->output_event_source);
+
+        if (e->tar_pid > 1) {
+                (void) kill_and_sigcont(e->tar_pid, SIGKILL);
+                (void) wait_for_terminate(e->tar_pid, NULL);
+        }
+
+        if (e->temp_path) {
+                (void) btrfs_subvol_remove(e->temp_path, BTRFS_REMOVE_QUOTA);
+                free(e->temp_path);
+        }
+
+        import_compress_free(&e->compress);
+
+        sd_event_unref(e->event);
+
+        safe_close(e->tar_fd);
+
+        free(e->buffer);
+        free(e->path);
+        free(e);
+
+        return NULL;
+}
+
+int tar_export_new(
+                TarExport **ret,
+                sd_event *event,
+                TarExportFinished on_finished,
+                void *userdata) {
+
+        _cleanup_(tar_export_unrefp) TarExport *e = NULL;
+        int r;
+
+        assert(ret);
+
+        e = new0(TarExport, 1);
+        if (!e)
+                return -ENOMEM;
+
+        e->output_fd = e->tar_fd = -1;
+        e->on_finished = on_finished;
+        e->userdata = userdata;
+        e->quota_referenced = (uint64_t) -1;
+
+        RATELIMIT_INIT(e->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
+        e->last_percent = (unsigned) -1;
+
+        if (event)
+                e->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&e->event);
+                if (r < 0)
+                        return r;
+        }
+
+        *ret = e;
+        e = NULL;
+
+        return 0;
+}
+
+static void tar_export_report_progress(TarExport *e) {
+        unsigned percent;
+        assert(e);
+
+        /* Do we have any quota info? If not, we don't know anything about the progress */
+        if (e->quota_referenced == (uint64_t) -1)
+                return;
+
+        if (e->written_uncompressed >= e->quota_referenced)
+                percent = 100;
+        else
+                percent = (unsigned) ((e->written_uncompressed * UINT64_C(100)) / e->quota_referenced);
+
+        if (percent == e->last_percent)
+                return;
+
+        if (!ratelimit_test(&e->progress_rate_limit))
+                return;
+
+        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
+        log_info("Exported %u%%.", percent);
+
+        e->last_percent = percent;
+}
+
+static int tar_export_process(TarExport *e) {
+        ssize_t l;
+        int r;
+
+        assert(e);
+
+        if (!e->tried_splice && e->compress.type == IMPORT_COMPRESS_UNCOMPRESSED) {
+
+                l = splice(e->tar_fd, NULL, e->output_fd, NULL, COPY_BUFFER_SIZE, 0);
+                if (l < 0) {
+                        if (errno == EAGAIN)
+                                return 0;
+
+                        e->tried_splice = true;
+                } else if (l == 0) {
+                        r = 0;
+                        goto finish;
+                } else {
+                        e->written_uncompressed += l;
+                        e->written_compressed += l;
+
+                        tar_export_report_progress(e);
+
+                        return 0;
+                }
+        }
+
+        while (e->buffer_size <= 0) {
+                uint8_t input[COPY_BUFFER_SIZE];
+
+                if (e->eof) {
+                        r = 0;
+                        goto finish;
+                }
+
+                l = read(e->tar_fd, input, sizeof(input));
+                if (l < 0) {
+                        r = log_error_errno(errno, "Failed to read tar file: %m");
+                        goto finish;
+                }
+
+                if (l == 0) {
+                        e->eof = true;
+                        r = import_compress_finish(&e->compress, &e->buffer, &e->buffer_size, &e->buffer_allocated);
+                } else {
+                        e->written_uncompressed += l;
+                        r = import_compress(&e->compress, input, l, &e->buffer, &e->buffer_size, &e->buffer_allocated);
+                }
+                if (r < 0) {
+                        r = log_error_errno(r, "Failed to encode: %m");
+                        goto finish;
+                }
+        }
+
+        l = write(e->output_fd, e->buffer, e->buffer_size);
+        if (l < 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                r = log_error_errno(errno, "Failed to write output file: %m");
+                goto finish;
+        }
+
+        assert((size_t) l <= e->buffer_size);
+        memmove(e->buffer, (uint8_t*) e->buffer + l, e->buffer_size - l);
+        e->buffer_size -= l;
+        e->written_compressed += l;
+
+        tar_export_report_progress(e);
+
+        return 0;
+
+finish:
+        if (e->on_finished)
+                e->on_finished(e, r, e->userdata);
+        else
+                sd_event_exit(e->event, r);
+
+        return 0;
+}
+
+static int tar_export_on_output(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        TarExport *i = userdata;
+
+        return tar_export_process(i);
+}
+
+static int tar_export_on_defer(sd_event_source *s, void *userdata) {
+        TarExport *i = userdata;
+
+        return tar_export_process(i);
+}
+
+int tar_export_start(TarExport *e, const char *path, int fd, ImportCompressType compress) {
+        _cleanup_close_ int sfd = -1;
+        int r;
+
+        assert(e);
+        assert(path);
+        assert(fd >= 0);
+        assert(compress < _IMPORT_COMPRESS_TYPE_MAX);
+        assert(compress != IMPORT_COMPRESS_UNKNOWN);
+
+        if (e->output_fd >= 0)
+                return -EBUSY;
+
+        sfd = open(path, O_DIRECTORY|O_RDONLY|O_NOCTTY|O_CLOEXEC);
+        if (sfd < 0)
+                return -errno;
+
+        if (fstat(sfd, &e->st) < 0)
+                return -errno;
+
+        r = fd_nonblock(fd, true);
+        if (r < 0)
+                return r;
+
+        r = free_and_strdup(&e->path, path);
+        if (r < 0)
+                return r;
+
+        e->quota_referenced = (uint64_t) -1;
+
+        if (e->st.st_ino == 256) { /* might be a btrfs subvolume? */
+                BtrfsQuotaInfo q;
+
+                r = btrfs_subvol_get_subtree_quota_fd(sfd, 0, &q);
+                if (r >= 0)
+                        e->quota_referenced = q.referenced;
+
+                e->temp_path = mfree(e->temp_path);
+
+                r = tempfn_random(path, NULL, &e->temp_path);
+                if (r < 0)
+                        return r;
+
+                /* Let's try to make a snapshot, if we can, so that the export is atomic */
+                r = btrfs_subvol_snapshot_fd(sfd, e->temp_path, BTRFS_SNAPSHOT_READ_ONLY|BTRFS_SNAPSHOT_RECURSIVE);
+                if (r < 0) {
+                        log_debug_errno(r, "Couldn't create snapshot %s of %s, not exporting atomically: %m", e->temp_path, path);
+                        e->temp_path = mfree(e->temp_path);
+                }
+        }
+
+        r = import_compress_init(&e->compress, compress);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_io(e->event, &e->output_event_source, fd, EPOLLOUT, tar_export_on_output, e);
+        if (r == -EPERM) {
+                r = sd_event_add_defer(e->event, &e->output_event_source, tar_export_on_defer, e);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_enabled(e->output_event_source, SD_EVENT_ON);
+        }
+        if (r < 0)
+                return r;
+
+        e->tar_fd = import_fork_tar_c(e->temp_path ?: e->path, &e->tar_pid);
+        if (e->tar_fd < 0) {
+                e->output_event_source = sd_event_source_unref(e->output_event_source);
+                return e->tar_fd;
+        }
+
+        e->output_fd = fd;
+        return r;
+}
diff --git a/src/grp-import/systemd-export/export-tar.h b/src/grp-import/systemd-export/export-tar.h
new file mode 100644
index 0000000000..50206cabb3
--- /dev/null
+++ b/src/grp-import/systemd-export/export-tar.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "import-compress.h"
+#include "macro.h"
+
+typedef struct TarExport TarExport;
+
+typedef void (*TarExportFinished)(TarExport *export, int error, void *userdata);
+
+int tar_export_new(TarExport **export, sd_event *event, TarExportFinished on_finished, void *userdata);
+TarExport* tar_export_unref(TarExport *export);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(TarExport*, tar_export_unref);
+
+int tar_export_start(TarExport *export, const char *path, int fd, ImportCompressType compress);
diff --git a/src/grp-import/systemd-export/export.c b/src/grp-import/systemd-export/export.c
new file mode 100644
index 0000000000..0a5efe5476
--- /dev/null
+++ b/src/grp-import/systemd-export/export.c
@@ -0,0 +1,320 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "export-raw.h"
+#include "export-tar.h"
+#include "fd-util.h"
+#include "fs-util.h"
+#include "hostname-util.h"
+#include "import-util.h"
+#include "machine-image.h"
+#include "signal-util.h"
+#include "string-util.h"
+#include "verbs.h"
+
+static ImportCompressType arg_compress = IMPORT_COMPRESS_UNKNOWN;
+
+static void determine_compression_from_filename(const char *p) {
+
+        if (arg_compress != IMPORT_COMPRESS_UNKNOWN)
+                return;
+
+        if (!p) {
+                arg_compress = IMPORT_COMPRESS_UNCOMPRESSED;
+                return;
+        }
+
+        if (endswith(p, ".xz"))
+                arg_compress = IMPORT_COMPRESS_XZ;
+        else if (endswith(p, ".gz"))
+                arg_compress = IMPORT_COMPRESS_GZIP;
+        else if (endswith(p, ".bz2"))
+                arg_compress = IMPORT_COMPRESS_BZIP2;
+        else
+                arg_compress = IMPORT_COMPRESS_UNCOMPRESSED;
+}
+
+static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        log_notice("Transfer aborted.");
+        sd_event_exit(sd_event_source_get_event(s), EINTR);
+        return 0;
+}
+
+static void on_tar_finished(TarExport *export, int error, void *userdata) {
+        sd_event *event = userdata;
+        assert(export);
+
+        if (error == 0)
+                log_info("Operation completed successfully.");
+
+        sd_event_exit(event, abs(error));
+}
+
+static int export_tar(int argc, char *argv[], void *userdata) {
+        _cleanup_(tar_export_unrefp) TarExport *export = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        _cleanup_(image_unrefp) Image *image = NULL;
+        const char *path = NULL, *local = NULL;
+        _cleanup_close_ int open_fd = -1;
+        int r, fd;
+
+        if (machine_name_is_valid(argv[1])) {
+                r = image_find(argv[1], &image);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to look for machine %s: %m", argv[1]);
+                if (r == 0) {
+                        log_error("Machine image %s not found.", argv[1]);
+                        return -ENOENT;
+                }
+
+                local = image->path;
+        } else
+                local = argv[1];
+
+        if (argc >= 3)
+                path = argv[2];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        determine_compression_from_filename(path);
+
+        if (path) {
+                open_fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
+                if (open_fd < 0)
+                        return log_error_errno(errno, "Failed to open tar image for export: %m");
+
+                fd = open_fd;
+
+                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, path, import_compress_type_to_string(arg_compress));
+        } else {
+                _cleanup_free_ char *pretty = NULL;
+
+                fd = STDOUT_FILENO;
+
+                (void) readlink_malloc("/proc/self/fd/1", &pretty);
+                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, strna(pretty), import_compress_type_to_string(arg_compress));
+        }
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event loop: %m");
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
+        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
+
+        r = tar_export_new(&export, event, on_tar_finished, event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate exporter: %m");
+
+        r = tar_export_start(export, local, fd, arg_compress);
+        if (r < 0)
+                return log_error_errno(r, "Failed to export image: %m");
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        log_info("Exiting.");
+        return -r;
+}
+
+static void on_raw_finished(RawExport *export, int error, void *userdata) {
+        sd_event *event = userdata;
+        assert(export);
+
+        if (error == 0)
+                log_info("Operation completed successfully.");
+
+        sd_event_exit(event, abs(error));
+}
+
+static int export_raw(int argc, char *argv[], void *userdata) {
+        _cleanup_(raw_export_unrefp) RawExport *export = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        _cleanup_(image_unrefp) Image *image = NULL;
+        const char *path = NULL, *local = NULL;
+        _cleanup_close_ int open_fd = -1;
+        int r, fd;
+
+        if (machine_name_is_valid(argv[1])) {
+                r = image_find(argv[1], &image);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to look for machine %s: %m", argv[1]);
+                if (r == 0) {
+                        log_error("Machine image %s not found.", argv[1]);
+                        return -ENOENT;
+                }
+
+                local = image->path;
+        } else
+                local = argv[1];
+
+        if (argc >= 3)
+                path = argv[2];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        determine_compression_from_filename(path);
+
+        if (path) {
+                open_fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
+                if (open_fd < 0)
+                        return log_error_errno(errno, "Failed to open raw image for export: %m");
+
+                fd = open_fd;
+
+                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, path, import_compress_type_to_string(arg_compress));
+        } else {
+                _cleanup_free_ char *pretty = NULL;
+
+                fd = STDOUT_FILENO;
+
+                (void) readlink_malloc("/proc/self/fd/1", &pretty);
+                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, strna(pretty), import_compress_type_to_string(arg_compress));
+        }
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event loop: %m");
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
+        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
+
+        r = raw_export_new(&export, event, on_raw_finished, event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate exporter: %m");
+
+        r = raw_export_start(export, local, fd, arg_compress);
+        if (r < 0)
+                return log_error_errno(r, "Failed to export image: %m");
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        log_info("Exiting.");
+        return -r;
+}
+
+static int help(int argc, char *argv[], void *userdata) {
+
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Export container or virtual machine images.\n\n"
+               "  -h --help                    Show this help\n"
+               "     --version                 Show package version\n"
+               "     --format=FORMAT           Select format\n\n"
+               "Commands:\n"
+               "  tar NAME [FILE]              Export a TAR image\n"
+               "  raw NAME [FILE]              Export a RAW image\n",
+               program_invocation_short_name);
+
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_FORMAT,
+        };
+
+        static const struct option options[] = {
+                { "help",    no_argument,       NULL, 'h'         },
+                { "version", no_argument,       NULL, ARG_VERSION },
+                { "format",  required_argument, NULL, ARG_FORMAT  },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        return help(0, NULL, NULL);
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_FORMAT:
+                        if (streq(optarg, "uncompressed"))
+                                arg_compress = IMPORT_COMPRESS_UNCOMPRESSED;
+                        else if (streq(optarg, "xz"))
+                                arg_compress = IMPORT_COMPRESS_XZ;
+                        else if (streq(optarg, "gzip"))
+                                arg_compress = IMPORT_COMPRESS_GZIP;
+                        else if (streq(optarg, "bzip2"))
+                                arg_compress = IMPORT_COMPRESS_BZIP2;
+                        else {
+                                log_error("Unknown format: %s", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int export_main(int argc, char *argv[]) {
+
+        static const Verb verbs[] = {
+                { "help", VERB_ANY, VERB_ANY, 0, help       },
+                { "tar",  2,        3,        0, export_tar },
+                { "raw",  2,        3,        0, export_raw },
+                {}
+        };
+
+        return dispatch_verb(argc, argv, verbs, NULL);
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        (void) ignore_signals(SIGPIPE, -1);
+
+        r = export_main(argc, argv);
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-import/systemd-import/Makefile b/src/grp-import/systemd-import/Makefile
new file mode 100644
index 0000000000..301556ffd5
--- /dev/null
+++ b/src/grp-import/systemd-import/Makefile
@@ -0,0 +1,52 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-import
+systemd_import_SOURCES = \
+	src/import/import.c \
+	src/import/import-raw.c \
+	src/import/import-raw.h \
+	src/import/import-tar.c \
+	src/import/import-tar.h \
+	src/import/import-common.c \
+	src/import/import-common.h \
+	src/import/import-compress.c \
+	src/import/import-compress.h \
+	src/import/qcow2-util.c \
+	src/import/qcow2-util.h
+
+systemd_import_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(XZ_CFLAGS) \
+	$(ZLIB_CFLAGS) \
+	$(BZIP2_CFLAGS)
+
+systemd_import_LDADD = \
+	libshared.la \
+	$(XZ_LIBS) \
+	$(ZLIB_LIBS) \
+	$(BZIP2_LIBS)
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/import/import-common.c b/src/grp-import/systemd-import/import-common.c
index 287a3382a1..287a3382a1 100644
--- a/src/import/import-common.c
+++ b/src/grp-import/systemd-import/import-common.c
diff --git a/src/import/import-common.h b/src/grp-import/systemd-import/import-common.h
index 07d3250e71..07d3250e71 100644
--- a/src/import/import-common.h
+++ b/src/grp-import/systemd-import/import-common.h
diff --git a/src/import/import-compress.c b/src/grp-import/systemd-import/import-compress.c
index f1766bbe3b..f1766bbe3b 100644
--- a/src/import/import-compress.c
+++ b/src/grp-import/systemd-import/import-compress.c
diff --git a/src/import/import-compress.h b/src/grp-import/systemd-import/import-compress.h
index 6b59d0724b..6b59d0724b 100644
--- a/src/import/import-compress.h
+++ b/src/grp-import/systemd-import/import-compress.h
diff --git a/src/import/import-pubring.gpg b/src/grp-import/systemd-import/import-pubring.gpg
index be27776896..be27776896 100644
--- a/src/import/import-pubring.gpg
+++ b/src/grp-import/systemd-import/import-pubring.gpg
diff --git a/src/grp-import/systemd-import/import-raw.c b/src/grp-import/systemd-import/import-raw.c
new file mode 100644
index 0000000000..ce37392707
--- /dev/null
+++ b/src/grp-import/systemd-import/import-raw.c
@@ -0,0 +1,467 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <linux/fs.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "chattr-util.h"
+#include "copy.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hostname-util.h"
+#include "import-common.h"
+#include "import-compress.h"
+#include "import-raw.h"
+#include "io-util.h"
+#include "machine-pool.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "qcow2-util.h"
+#include "ratelimit.h"
+#include "rm-rf.h"
+#include "string-util.h"
+#include "util.h"
+
+struct RawImport {
+        sd_event *event;
+
+        char *image_root;
+
+        RawImportFinished on_finished;
+        void *userdata;
+
+        char *local;
+        bool force_local;
+        bool read_only;
+        bool grow_machine_directory;
+
+        char *temp_path;
+        char *final_path;
+
+        int input_fd;
+        int output_fd;
+
+        ImportCompress compress;
+
+        uint64_t written_since_last_grow;
+
+        sd_event_source *input_event_source;
+
+        uint8_t buffer[16*1024];
+        size_t buffer_size;
+
+        uint64_t written_compressed;
+        uint64_t written_uncompressed;
+
+        struct stat st;
+
+        unsigned last_percent;
+        RateLimit progress_rate_limit;
+};
+
+RawImport* raw_import_unref(RawImport *i) {
+        if (!i)
+                return NULL;
+
+        sd_event_unref(i->event);
+
+        if (i->temp_path) {
+                (void) unlink(i->temp_path);
+                free(i->temp_path);
+        }
+
+        import_compress_free(&i->compress);
+
+        sd_event_source_unref(i->input_event_source);
+
+        safe_close(i->output_fd);
+
+        free(i->final_path);
+        free(i->image_root);
+        free(i->local);
+        free(i);
+
+        return NULL;
+}
+
+int raw_import_new(
+                RawImport **ret,
+                sd_event *event,
+                const char *image_root,
+                RawImportFinished on_finished,
+                void *userdata) {
+
+        _cleanup_(raw_import_unrefp) RawImport *i = NULL;
+        int r;
+
+        assert(ret);
+
+        i = new0(RawImport, 1);
+        if (!i)
+                return -ENOMEM;
+
+        i->input_fd = i->output_fd = -1;
+        i->on_finished = on_finished;
+        i->userdata = userdata;
+
+        RATELIMIT_INIT(i->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
+        i->last_percent = (unsigned) -1;
+
+        i->image_root = strdup(image_root ?: "/var/lib/machines");
+        if (!i->image_root)
+                return -ENOMEM;
+
+        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
+
+        if (event)
+                i->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&i->event);
+                if (r < 0)
+                        return r;
+        }
+
+        *ret = i;
+        i = NULL;
+
+        return 0;
+}
+
+static void raw_import_report_progress(RawImport *i) {
+        unsigned percent;
+        assert(i);
+
+        /* We have no size information, unless the source is a regular file */
+        if (!S_ISREG(i->st.st_mode))
+                return;
+
+        if (i->written_compressed >= (uint64_t) i->st.st_size)
+                percent = 100;
+        else
+                percent = (unsigned) ((i->written_compressed * UINT64_C(100)) / (uint64_t) i->st.st_size);
+
+        if (percent == i->last_percent)
+                return;
+
+        if (!ratelimit_test(&i->progress_rate_limit))
+                return;
+
+        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
+        log_info("Imported %u%%.", percent);
+
+        i->last_percent = percent;
+}
+
+static int raw_import_maybe_convert_qcow2(RawImport *i) {
+        _cleanup_close_ int converted_fd = -1;
+        _cleanup_free_ char *t = NULL;
+        int r;
+
+        assert(i);
+
+        r = qcow2_detect(i->output_fd);
+        if (r < 0)
+                return log_error_errno(r, "Failed to detect whether this is a QCOW2 image: %m");
+        if (r == 0)
+                return 0;
+
+        /* This is a QCOW2 image, let's convert it */
+        r = tempfn_random(i->final_path, NULL, &t);
+        if (r < 0)
+                return log_oom();
+
+        converted_fd = open(t, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
+        if (converted_fd < 0)
+                return log_error_errno(errno, "Failed to create %s: %m", t);
+
+        r = chattr_fd(converted_fd, FS_NOCOW_FL, FS_NOCOW_FL);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set file attributes on %s: %m", t);
+
+        log_info("Unpacking QCOW2 file.");
+
+        r = qcow2_convert(i->output_fd, converted_fd);
+        if (r < 0) {
+                unlink(t);
+                return log_error_errno(r, "Failed to convert qcow2 image: %m");
+        }
+
+        (void) unlink(i->temp_path);
+        free(i->temp_path);
+        i->temp_path = t;
+        t = NULL;
+
+        safe_close(i->output_fd);
+        i->output_fd = converted_fd;
+        converted_fd = -1;
+
+        return 1;
+}
+
+static int raw_import_finish(RawImport *i) {
+        int r;
+
+        assert(i);
+        assert(i->output_fd >= 0);
+        assert(i->temp_path);
+        assert(i->final_path);
+
+        /* In case this was a sparse file, make sure the file system is right */
+        if (i->written_uncompressed > 0) {
+                if (ftruncate(i->output_fd, i->written_uncompressed) < 0)
+                        return log_error_errno(errno, "Failed to truncate file: %m");
+        }
+
+        r = raw_import_maybe_convert_qcow2(i);
+        if (r < 0)
+                return r;
+
+        if (S_ISREG(i->st.st_mode)) {
+                (void) copy_times(i->input_fd, i->output_fd);
+                (void) copy_xattr(i->input_fd, i->output_fd);
+        }
+
+        if (i->read_only) {
+                r = import_make_read_only_fd(i->output_fd);
+                if (r < 0)
+                        return r;
+        }
+
+        if (i->force_local)
+                (void) rm_rf(i->final_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+
+        r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
+        if (r < 0)
+                return log_error_errno(r, "Failed to move image into place: %m");
+
+        i->temp_path = mfree(i->temp_path);
+
+        return 0;
+}
+
+static int raw_import_open_disk(RawImport *i) {
+        int r;
+
+        assert(i);
+
+        assert(!i->final_path);
+        assert(!i->temp_path);
+        assert(i->output_fd < 0);
+
+        i->final_path = strjoin(i->image_root, "/", i->local, ".raw", NULL);
+        if (!i->final_path)
+                return log_oom();
+
+        r = tempfn_random(i->final_path, NULL, &i->temp_path);
+        if (r < 0)
+                return log_oom();
+
+        (void) mkdir_parents_label(i->temp_path, 0700);
+
+        i->output_fd = open(i->temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
+        if (i->output_fd < 0)
+                return log_error_errno(errno, "Failed to open destination %s: %m", i->temp_path);
+
+        r = chattr_fd(i->output_fd, FS_NOCOW_FL, FS_NOCOW_FL);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set file attributes on %s: %m", i->temp_path);
+
+        return 0;
+}
+
+static int raw_import_try_reflink(RawImport *i) {
+        off_t p;
+        int r;
+
+        assert(i);
+        assert(i->input_fd >= 0);
+        assert(i->output_fd >= 0);
+
+        if (i->compress.type != IMPORT_COMPRESS_UNCOMPRESSED)
+                return 0;
+
+        if (!S_ISREG(i->st.st_mode))
+                return 0;
+
+        p = lseek(i->input_fd, 0, SEEK_CUR);
+        if (p == (off_t) -1)
+                return log_error_errno(errno, "Failed to read file offset of input file: %m");
+
+        /* Let's only try a btrfs reflink, if we are reading from the beginning of the file */
+        if ((uint64_t) p != (uint64_t) i->buffer_size)
+                return 0;
+
+        r = btrfs_reflink(i->input_fd, i->output_fd);
+        if (r >= 0)
+                return 1;
+
+        return 0;
+}
+
+static int raw_import_write(const void *p, size_t sz, void *userdata) {
+        RawImport *i = userdata;
+        ssize_t n;
+
+        if (i->grow_machine_directory && i->written_since_last_grow >= GROW_INTERVAL_BYTES) {
+                i->written_since_last_grow = 0;
+                grow_machine_directory();
+        }
+
+        n = sparse_write(i->output_fd, p, sz, 64);
+        if (n < 0)
+                return -errno;
+        if ((size_t) n < sz)
+                return -EIO;
+
+        i->written_uncompressed += sz;
+        i->written_since_last_grow += sz;
+
+        return 0;
+}
+
+static int raw_import_process(RawImport *i) {
+        ssize_t l;
+        int r;
+
+        assert(i);
+        assert(i->buffer_size < sizeof(i->buffer));
+
+        l = read(i->input_fd, i->buffer + i->buffer_size, sizeof(i->buffer) - i->buffer_size);
+        if (l < 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                r = log_error_errno(errno, "Failed to read input file: %m");
+                goto finish;
+        }
+        if (l == 0) {
+                if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
+                        log_error("Premature end of file: %m");
+                        r = -EIO;
+                        goto finish;
+                }
+
+                r = raw_import_finish(i);
+                goto finish;
+        }
+
+        i->buffer_size += l;
+
+        if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
+                r = import_uncompress_detect(&i->compress, i->buffer, i->buffer_size);
+                if (r < 0) {
+                        log_error("Failed to detect file compression: %m");
+                        goto finish;
+                }
+                if (r == 0) /* Need more data */
+                        return 0;
+
+                r = raw_import_open_disk(i);
+                if (r < 0)
+                        goto finish;
+
+                r = raw_import_try_reflink(i);
+                if (r < 0)
+                        goto finish;
+                if (r > 0) {
+                        r = raw_import_finish(i);
+                        goto finish;
+                }
+        }
+
+        r = import_uncompress(&i->compress, i->buffer, i->buffer_size, raw_import_write, i);
+        if (r < 0) {
+                log_error_errno(r, "Failed to decode and write: %m");
+                goto finish;
+        }
+
+        i->written_compressed += i->buffer_size;
+        i->buffer_size = 0;
+
+        raw_import_report_progress(i);
+
+        return 0;
+
+finish:
+        if (i->on_finished)
+                i->on_finished(i, r, i->userdata);
+        else
+                sd_event_exit(i->event, r);
+
+        return 0;
+}
+
+static int raw_import_on_input(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        RawImport *i = userdata;
+
+        return raw_import_process(i);
+}
+
+static int raw_import_on_defer(sd_event_source *s, void *userdata) {
+        RawImport *i = userdata;
+
+        return raw_import_process(i);
+}
+
+int raw_import_start(RawImport *i, int fd, const char *local, bool force_local, bool read_only) {
+        int r;
+
+        assert(i);
+        assert(fd >= 0);
+        assert(local);
+
+        if (!machine_name_is_valid(local))
+                return -EINVAL;
+
+        if (i->input_fd >= 0)
+                return -EBUSY;
+
+        r = fd_nonblock(fd, true);
+        if (r < 0)
+                return r;
+
+        r = free_and_strdup(&i->local, local);
+        if (r < 0)
+                return r;
+        i->force_local = force_local;
+        i->read_only = read_only;
+
+        if (fstat(fd, &i->st) < 0)
+                return -errno;
+
+        r = sd_event_add_io(i->event, &i->input_event_source, fd, EPOLLIN, raw_import_on_input, i);
+        if (r == -EPERM) {
+                /* This fd does not support epoll, for example because it is a regular file. Busy read in that case */
+                r = sd_event_add_defer(i->event, &i->input_event_source, raw_import_on_defer, i);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_enabled(i->input_event_source, SD_EVENT_ON);
+        }
+        if (r < 0)
+                return r;
+
+        i->input_fd = fd;
+        return r;
+}
diff --git a/src/grp-import/systemd-import/import-raw.h b/src/grp-import/systemd-import/import-raw.h
new file mode 100644
index 0000000000..f0a315c088
--- /dev/null
+++ b/src/grp-import/systemd-import/import-raw.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "import-util.h"
+#include "macro.h"
+
+typedef struct RawImport RawImport;
+
+typedef void (*RawImportFinished)(RawImport *import, int error, void *userdata);
+
+int raw_import_new(RawImport **import, sd_event *event, const char *image_root, RawImportFinished on_finished, void *userdata);
+RawImport* raw_import_unref(RawImport *import);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(RawImport*, raw_import_unref);
+
+int raw_import_start(RawImport *i, int fd, const char *local, bool force_local, bool read_only);
diff --git a/src/grp-import/systemd-import/import-tar.c b/src/grp-import/systemd-import/import-tar.c
new file mode 100644
index 0000000000..016d05e77d
--- /dev/null
+++ b/src/grp-import/systemd-import/import-tar.c
@@ -0,0 +1,388 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <linux/fs.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "copy.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hostname-util.h"
+#include "import-common.h"
+#include "import-compress.h"
+#include "import-tar.h"
+#include "io-util.h"
+#include "machine-pool.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "qcow2-util.h"
+#include "ratelimit.h"
+#include "rm-rf.h"
+#include "string-util.h"
+#include "util.h"
+
+struct TarImport {
+        sd_event *event;
+
+        char *image_root;
+
+        TarImportFinished on_finished;
+        void *userdata;
+
+        char *local;
+        bool force_local;
+        bool read_only;
+        bool grow_machine_directory;
+
+        char *temp_path;
+        char *final_path;
+
+        int input_fd;
+        int tar_fd;
+
+        ImportCompress compress;
+
+        uint64_t written_since_last_grow;
+
+        sd_event_source *input_event_source;
+
+        uint8_t buffer[16*1024];
+        size_t buffer_size;
+
+        uint64_t written_compressed;
+        uint64_t written_uncompressed;
+
+        struct stat st;
+
+        pid_t tar_pid;
+
+        unsigned last_percent;
+        RateLimit progress_rate_limit;
+};
+
+TarImport* tar_import_unref(TarImport *i) {
+        if (!i)
+                return NULL;
+
+        sd_event_source_unref(i->input_event_source);
+
+        if (i->tar_pid > 1) {
+                (void) kill_and_sigcont(i->tar_pid, SIGKILL);
+                (void) wait_for_terminate(i->tar_pid, NULL);
+        }
+
+        if (i->temp_path) {
+                (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+                free(i->temp_path);
+        }
+
+        import_compress_free(&i->compress);
+
+        sd_event_unref(i->event);
+
+        safe_close(i->tar_fd);
+
+        free(i->final_path);
+        free(i->image_root);
+        free(i->local);
+        free(i);
+
+        return NULL;
+}
+
+int tar_import_new(
+                TarImport **ret,
+                sd_event *event,
+                const char *image_root,
+                TarImportFinished on_finished,
+                void *userdata) {
+
+        _cleanup_(tar_import_unrefp) TarImport *i = NULL;
+        int r;
+
+        assert(ret);
+
+        i = new0(TarImport, 1);
+        if (!i)
+                return -ENOMEM;
+
+        i->input_fd = i->tar_fd = -1;
+        i->on_finished = on_finished;
+        i->userdata = userdata;
+
+        RATELIMIT_INIT(i->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
+        i->last_percent = (unsigned) -1;
+
+        i->image_root = strdup(image_root ?: "/var/lib/machines");
+        if (!i->image_root)
+                return -ENOMEM;
+
+        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
+
+        if (event)
+                i->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&i->event);
+                if (r < 0)
+                        return r;
+        }
+
+        *ret = i;
+        i = NULL;
+
+        return 0;
+}
+
+static void tar_import_report_progress(TarImport *i) {
+        unsigned percent;
+        assert(i);
+
+        /* We have no size information, unless the source is a regular file */
+        if (!S_ISREG(i->st.st_mode))
+                return;
+
+        if (i->written_compressed >= (uint64_t) i->st.st_size)
+                percent = 100;
+        else
+                percent = (unsigned) ((i->written_compressed * UINT64_C(100)) / (uint64_t) i->st.st_size);
+
+        if (percent == i->last_percent)
+                return;
+
+        if (!ratelimit_test(&i->progress_rate_limit))
+                return;
+
+        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
+        log_info("Imported %u%%.", percent);
+
+        i->last_percent = percent;
+}
+
+static int tar_import_finish(TarImport *i) {
+        int r;
+
+        assert(i);
+        assert(i->tar_fd >= 0);
+        assert(i->temp_path);
+        assert(i->final_path);
+
+        i->tar_fd = safe_close(i->tar_fd);
+
+        if (i->tar_pid > 0) {
+                r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
+                i->tar_pid = 0;
+                if (r < 0)
+                        return r;
+        }
+
+        if (i->read_only) {
+                r = import_make_read_only(i->temp_path);
+                if (r < 0)
+                        return r;
+        }
+
+        if (i->force_local)
+                (void) rm_rf(i->final_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+
+        r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
+        if (r < 0)
+                return log_error_errno(r, "Failed to move image into place: %m");
+
+        i->temp_path = mfree(i->temp_path);
+
+        return 0;
+}
+
+static int tar_import_fork_tar(TarImport *i) {
+        int r;
+
+        assert(i);
+
+        assert(!i->final_path);
+        assert(!i->temp_path);
+        assert(i->tar_fd < 0);
+
+        i->final_path = strjoin(i->image_root, "/", i->local, NULL);
+        if (!i->final_path)
+                return log_oom();
+
+        r = tempfn_random(i->final_path, NULL, &i->temp_path);
+        if (r < 0)
+                return log_oom();
+
+        (void) mkdir_parents_label(i->temp_path, 0700);
+
+        r = btrfs_subvol_make(i->temp_path);
+        if (r == -ENOTTY) {
+                if (mkdir(i->temp_path, 0755) < 0)
+                        return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
+        else
+                (void) import_assign_pool_quota_and_warn(i->temp_path);
+
+        i->tar_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);
+        if (i->tar_fd < 0)
+                return i->tar_fd;
+
+        return 0;
+}
+
+static int tar_import_write(const void *p, size_t sz, void *userdata) {
+        TarImport *i = userdata;
+        int r;
+
+        if (i->grow_machine_directory && i->written_since_last_grow >= GROW_INTERVAL_BYTES) {
+                i->written_since_last_grow = 0;
+                grow_machine_directory();
+        }
+
+        r = loop_write(i->tar_fd, p, sz, false);
+        if (r < 0)
+                return r;
+
+        i->written_uncompressed += sz;
+        i->written_since_last_grow += sz;
+
+        return 0;
+}
+
+static int tar_import_process(TarImport *i) {
+        ssize_t l;
+        int r;
+
+        assert(i);
+        assert(i->buffer_size < sizeof(i->buffer));
+
+        l = read(i->input_fd, i->buffer + i->buffer_size, sizeof(i->buffer) - i->buffer_size);
+        if (l < 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                r = log_error_errno(errno, "Failed to read input file: %m");
+                goto finish;
+        }
+        if (l == 0) {
+                if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
+                        log_error("Premature end of file: %m");
+                        r = -EIO;
+                        goto finish;
+                }
+
+                r = tar_import_finish(i);
+                goto finish;
+        }
+
+        i->buffer_size += l;
+
+        if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
+                r = import_uncompress_detect(&i->compress, i->buffer, i->buffer_size);
+                if (r < 0) {
+                        log_error("Failed to detect file compression: %m");
+                        goto finish;
+                }
+                if (r == 0) /* Need more data */
+                        return 0;
+
+                r = tar_import_fork_tar(i);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = import_uncompress(&i->compress, i->buffer, i->buffer_size, tar_import_write, i);
+        if (r < 0) {
+                log_error_errno(r, "Failed to decode and write: %m");
+                goto finish;
+        }
+
+        i->written_compressed += i->buffer_size;
+        i->buffer_size = 0;
+
+        tar_import_report_progress(i);
+
+        return 0;
+
+finish:
+        if (i->on_finished)
+                i->on_finished(i, r, i->userdata);
+        else
+                sd_event_exit(i->event, r);
+
+        return 0;
+}
+
+static int tar_import_on_input(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        TarImport *i = userdata;
+
+        return tar_import_process(i);
+}
+
+static int tar_import_on_defer(sd_event_source *s, void *userdata) {
+        TarImport *i = userdata;
+
+        return tar_import_process(i);
+}
+
+int tar_import_start(TarImport *i, int fd, const char *local, bool force_local, bool read_only) {
+        int r;
+
+        assert(i);
+        assert(fd >= 0);
+        assert(local);
+
+        if (!machine_name_is_valid(local))
+                return -EINVAL;
+
+        if (i->input_fd >= 0)
+                return -EBUSY;
+
+        r = fd_nonblock(fd, true);
+        if (r < 0)
+                return r;
+
+        r = free_and_strdup(&i->local, local);
+        if (r < 0)
+                return r;
+        i->force_local = force_local;
+        i->read_only = read_only;
+
+        if (fstat(fd, &i->st) < 0)
+                return -errno;
+
+        r = sd_event_add_io(i->event, &i->input_event_source, fd, EPOLLIN, tar_import_on_input, i);
+        if (r == -EPERM) {
+                /* This fd does not support epoll, for example because it is a regular file. Busy read in that case */
+                r = sd_event_add_defer(i->event, &i->input_event_source, tar_import_on_defer, i);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_enabled(i->input_event_source, SD_EVENT_ON);
+        }
+        if (r < 0)
+                return r;
+
+        i->input_fd = fd;
+        return r;
+}
diff --git a/src/grp-import/systemd-import/import-tar.h b/src/grp-import/systemd-import/import-tar.h
new file mode 100644
index 0000000000..b66b00ddfd
--- /dev/null
+++ b/src/grp-import/systemd-import/import-tar.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "import-util.h"
+#include "macro.h"
+
+typedef struct TarImport TarImport;
+
+typedef void (*TarImportFinished)(TarImport *import, int error, void *userdata);
+
+int tar_import_new(TarImport **import, sd_event *event, const char *image_root, TarImportFinished on_finished, void *userdata);
+TarImport* tar_import_unref(TarImport *import);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(TarImport*, tar_import_unref);
+
+int tar_import_start(TarImport *import, int fd, const char *local, bool force_local, bool read_only);
diff --git a/src/grp-import/systemd-import/import.c b/src/grp-import/systemd-import/import.c
new file mode 100644
index 0000000000..338847dbc2
--- /dev/null
+++ b/src/grp-import/systemd-import/import.c
@@ -0,0 +1,337 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fs-util.h"
+#include "hostname-util.h"
+#include "import-raw.h"
+#include "import-tar.h"
+#include "import-util.h"
+#include "machine-image.h"
+#include "signal-util.h"
+#include "string-util.h"
+#include "verbs.h"
+
+static bool arg_force = false;
+static bool arg_read_only = false;
+static const char *arg_image_root = "/var/lib/machines";
+
+static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        log_notice("Transfer aborted.");
+        sd_event_exit(sd_event_source_get_event(s), EINTR);
+        return 0;
+}
+
+static void on_tar_finished(TarImport *import, int error, void *userdata) {
+        sd_event *event = userdata;
+        assert(import);
+
+        if (error == 0)
+                log_info("Operation completed successfully.");
+
+        sd_event_exit(event, abs(error));
+}
+
+static int import_tar(int argc, char *argv[], void *userdata) {
+        _cleanup_(tar_import_unrefp) TarImport *import = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        const char *path = NULL, *local = NULL;
+        _cleanup_free_ char *ll = NULL;
+        _cleanup_close_ int open_fd = -1;
+        int r, fd;
+
+        if (argc >= 2)
+                path = argv[1];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        if (argc >= 3)
+                local = argv[2];
+        else if (path)
+                local = basename(path);
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (local) {
+                r = tar_strip_suffixes(local, &ll);
+                if (r < 0)
+                        return log_oom();
+
+                local = ll;
+
+                if (!machine_name_is_valid(local)) {
+                        log_error("Local image name '%s' is not valid.", local);
+                        return -EINVAL;
+                }
+
+                if (!arg_force) {
+                        r = image_find(local, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
+                        else if (r > 0) {
+                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
+                                return -EEXIST;
+                        }
+                }
+        } else
+                local = "imported";
+
+        if (path) {
+                open_fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+                if (open_fd < 0)
+                        return log_error_errno(errno, "Failed to open tar image to import: %m");
+
+                fd = open_fd;
+
+                log_info("Importing '%s', saving as '%s'.", path, local);
+        } else {
+                _cleanup_free_ char *pretty = NULL;
+
+                fd = STDIN_FILENO;
+
+                (void) readlink_malloc("/proc/self/fd/0", &pretty);
+                log_info("Importing '%s', saving as '%s'.", strna(pretty), local);
+        }
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event loop: %m");
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
+        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
+
+        r = tar_import_new(&import, event, arg_image_root, on_tar_finished, event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate importer: %m");
+
+        r = tar_import_start(import, fd, local, arg_force, arg_read_only);
+        if (r < 0)
+                return log_error_errno(r, "Failed to import image: %m");
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        log_info("Exiting.");
+        return -r;
+}
+
+static void on_raw_finished(RawImport *import, int error, void *userdata) {
+        sd_event *event = userdata;
+        assert(import);
+
+        if (error == 0)
+                log_info("Operation completed successfully.");
+
+        sd_event_exit(event, abs(error));
+}
+
+static int import_raw(int argc, char *argv[], void *userdata) {
+        _cleanup_(raw_import_unrefp) RawImport *import = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        const char *path = NULL, *local = NULL;
+        _cleanup_free_ char *ll = NULL;
+        _cleanup_close_ int open_fd = -1;
+        int r, fd;
+
+        if (argc >= 2)
+                path = argv[1];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        if (argc >= 3)
+                local = argv[2];
+        else if (path)
+                local = basename(path);
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (local) {
+                r = raw_strip_suffixes(local, &ll);
+                if (r < 0)
+                        return log_oom();
+
+                local = ll;
+
+                if (!machine_name_is_valid(local)) {
+                        log_error("Local image name '%s' is not valid.", local);
+                        return -EINVAL;
+                }
+
+                if (!arg_force) {
+                        r = image_find(local, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
+                        else if (r > 0) {
+                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
+                                return -EEXIST;
+                        }
+                }
+        } else
+                local = "imported";
+
+        if (path) {
+                open_fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+                if (open_fd < 0)
+                        return log_error_errno(errno, "Failed to open raw image to import: %m");
+
+                fd = open_fd;
+
+                log_info("Importing '%s', saving as '%s'.", path, local);
+        } else {
+                _cleanup_free_ char *pretty = NULL;
+
+                fd = STDIN_FILENO;
+
+                (void) readlink_malloc("/proc/self/fd/0", &pretty);
+                log_info("Importing '%s', saving as '%s'.", pretty, local);
+        }
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event loop: %m");
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
+        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
+
+        r = raw_import_new(&import, event, arg_image_root, on_raw_finished, event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate importer: %m");
+
+        r = raw_import_start(import, fd, local, arg_force, arg_read_only);
+        if (r < 0)
+                return log_error_errno(r, "Failed to import image: %m");
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        log_info("Exiting.");
+        return -r;
+}
+
+static int help(int argc, char *argv[], void *userdata) {
+
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Import container or virtual machine images.\n\n"
+               "  -h --help                   Show this help\n"
+               "     --version                Show package version\n"
+               "     --force                  Force creation of image\n"
+               "     --image-root=PATH        Image root directory\n"
+               "     --read-only              Create a read-only image\n\n"
+               "Commands:\n"
+               "  tar FILE [NAME]             Import a TAR image\n"
+               "  raw FILE [NAME]             Import a RAW image\n",
+               program_invocation_short_name);
+
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_FORCE,
+                ARG_IMAGE_ROOT,
+                ARG_READ_ONLY,
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'                 },
+                { "version",         no_argument,       NULL, ARG_VERSION         },
+                { "force",           no_argument,       NULL, ARG_FORCE           },
+                { "image-root",      required_argument, NULL, ARG_IMAGE_ROOT      },
+                { "read-only",       no_argument,       NULL, ARG_READ_ONLY       },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        return help(0, NULL, NULL);
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_FORCE:
+                        arg_force = true;
+                        break;
+
+                case ARG_IMAGE_ROOT:
+                        arg_image_root = optarg;
+                        break;
+
+                case ARG_READ_ONLY:
+                        arg_read_only = true;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int import_main(int argc, char *argv[]) {
+
+        static const Verb verbs[] = {
+                { "help", VERB_ANY, VERB_ANY, 0, help       },
+                { "tar",  2,        3,        0, import_tar },
+                { "raw",  2,        3,        0, import_raw },
+                {}
+        };
+
+        return dispatch_verb(argc, argv, verbs, NULL);
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        (void) ignore_signals(SIGPIPE, -1);
+
+        r = import_main(argc, argv);
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-import/systemd-importd/Makefile b/src/grp-import/systemd-importd/Makefile
new file mode 100644
index 0000000000..7911bfce82
--- /dev/null
+++ b/src/grp-import/systemd-importd/Makefile
@@ -0,0 +1,39 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-importd
+systemd_importd_SOURCES = \
+	src/import/importd.c
+
+systemd_importd_CFLAGS = \
+	$(AM_CFLAGS) \
+	-D SYSTEMD_PULL_PATH=\"$(rootlibexecdir)/systemd-pull\" \
+	-D SYSTEMD_IMPORT_PATH=\"$(rootlibexecdir)/systemd-import\" \
+	-D SYSTEMD_EXPORT_PATH=\"$(rootlibexecdir)/systemd-export\"
+
+systemd_importd_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-import/systemd-importd/importd.c b/src/grp-import/systemd-importd/importd.c
new file mode 100644
index 0000000000..e30dfdf805
--- /dev/null
+++ b/src/grp-import/systemd-importd/importd.c
@@ -0,0 +1,1221 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/prctl.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "bus-util.h"
+#include "def.h"
+#include "fd-util.h"
+#include "hostname-util.h"
+#include "import-util.h"
+#include "machine-pool.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "string-table.h"
+#include "strv.h"
+#include "syslog-util.h"
+#include "user-util.h"
+#include "util.h"
+#include "web-util.h"
+
+typedef struct Transfer Transfer;
+typedef struct Manager Manager;
+
+typedef enum TransferType {
+        TRANSFER_IMPORT_TAR,
+        TRANSFER_IMPORT_RAW,
+        TRANSFER_EXPORT_TAR,
+        TRANSFER_EXPORT_RAW,
+        TRANSFER_PULL_TAR,
+        TRANSFER_PULL_RAW,
+        _TRANSFER_TYPE_MAX,
+        _TRANSFER_TYPE_INVALID = -1,
+} TransferType;
+
+struct Transfer {
+        Manager *manager;
+
+        uint32_t id;
+        char *object_path;
+
+        TransferType type;
+        ImportVerify verify;
+
+        char *remote;
+        char *local;
+        bool force_local;
+        bool read_only;
+
+        char *format;
+
+        pid_t pid;
+
+        int log_fd;
+
+        char log_message[LINE_MAX];
+        size_t log_message_size;
+
+        sd_event_source *pid_event_source;
+        sd_event_source *log_event_source;
+
+        unsigned n_canceled;
+        unsigned progress_percent;
+
+        int stdin_fd;
+        int stdout_fd;
+};
+
+struct Manager {
+        sd_event *event;
+        sd_bus *bus;
+
+        uint32_t current_transfer_id;
+        Hashmap *transfers;
+
+        Hashmap *polkit_registry;
+
+        int notify_fd;
+
+        sd_event_source *notify_event_source;
+};
+
+#define TRANSFERS_MAX 64
+
+static const char* const transfer_type_table[_TRANSFER_TYPE_MAX] = {
+        [TRANSFER_IMPORT_TAR] = "import-tar",
+        [TRANSFER_IMPORT_RAW] = "import-raw",
+        [TRANSFER_EXPORT_TAR] = "export-tar",
+        [TRANSFER_EXPORT_RAW] = "export-raw",
+        [TRANSFER_PULL_TAR] = "pull-tar",
+        [TRANSFER_PULL_RAW] = "pull-raw",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(transfer_type, TransferType);
+
+static Transfer *transfer_unref(Transfer *t) {
+        if (!t)
+                return NULL;
+
+        if (t->manager)
+                hashmap_remove(t->manager->transfers, UINT32_TO_PTR(t->id));
+
+        sd_event_source_unref(t->pid_event_source);
+        sd_event_source_unref(t->log_event_source);
+
+        free(t->remote);
+        free(t->local);
+        free(t->format);
+        free(t->object_path);
+
+        if (t->pid > 0) {
+                (void) kill_and_sigcont(t->pid, SIGKILL);
+                (void) wait_for_terminate(t->pid, NULL);
+        }
+
+        safe_close(t->log_fd);
+        safe_close(t->stdin_fd);
+        safe_close(t->stdout_fd);
+
+        free(t);
+        return NULL;
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Transfer*, transfer_unref);
+
+static int transfer_new(Manager *m, Transfer **ret) {
+        _cleanup_(transfer_unrefp) Transfer *t = NULL;
+        uint32_t id;
+        int r;
+
+        assert(m);
+        assert(ret);
+
+        if (hashmap_size(m->transfers) >= TRANSFERS_MAX)
+                return -E2BIG;
+
+        r = hashmap_ensure_allocated(&m->transfers, &trivial_hash_ops);
+        if (r < 0)
+                return r;
+
+        t = new0(Transfer, 1);
+        if (!t)
+                return -ENOMEM;
+
+        t->type = _TRANSFER_TYPE_INVALID;
+        t->log_fd = -1;
+        t->stdin_fd = -1;
+        t->stdout_fd = -1;
+        t->verify = _IMPORT_VERIFY_INVALID;
+
+        id = m->current_transfer_id + 1;
+
+        if (asprintf(&t->object_path, "/org/freedesktop/import1/transfer/_%" PRIu32, id) < 0)
+                return -ENOMEM;
+
+        r = hashmap_put(m->transfers, UINT32_TO_PTR(id), t);
+        if (r < 0)
+                return r;
+
+        m->current_transfer_id = id;
+
+        t->manager = m;
+        t->id = id;
+
+        *ret = t;
+        t = NULL;
+
+        return 0;
+}
+
+static void transfer_send_log_line(Transfer *t, const char *line) {
+        int r, priority = LOG_INFO;
+
+        assert(t);
+        assert(line);
+
+        syslog_parse_priority(&line, &priority, true);
+
+        log_full(priority, "(transfer%" PRIu32 ") %s", t->id, line);
+
+        r = sd_bus_emit_signal(
+                        t->manager->bus,
+                        t->object_path,
+                        "org.freedesktop.import1.Transfer",
+                        "LogMessage",
+                        "us",
+                        priority,
+                        line);
+        if (r < 0)
+                log_error_errno(r, "Cannot emit message: %m");
+ }
+
+static void transfer_send_logs(Transfer *t, bool flush) {
+        assert(t);
+
+        /* Try to send out all log messages, if we can. But if we
+         * can't we remove the messages from the buffer, but don't
+         * fail */
+
+        while (t->log_message_size > 0) {
+                _cleanup_free_ char *n = NULL;
+                char *e;
+
+                if (t->log_message_size >= sizeof(t->log_message))
+                        e = t->log_message + sizeof(t->log_message);
+                else {
+                        char *a, *b;
+
+                        a = memchr(t->log_message, 0, t->log_message_size);
+                        b = memchr(t->log_message, '\n', t->log_message_size);
+
+                        if (a && b)
+                                e = a < b ? a : b;
+                        else if (a)
+                                e = a;
+                        else
+                                e = b;
+                }
+
+                if (!e) {
+                        if (!flush)
+                                return;
+
+                        e = t->log_message + t->log_message_size;
+                }
+
+                n = strndup(t->log_message, e - t->log_message);
+
+                /* Skip over NUL and newlines */
+                while ((e < t->log_message + t->log_message_size) && (*e == 0 || *e == '\n'))
+                        e++;
+
+                memmove(t->log_message, e, t->log_message + sizeof(t->log_message) - e);
+                t->log_message_size -= e - t->log_message;
+
+                if (!n) {
+                        log_oom();
+                        continue;
+                }
+
+                if (isempty(n))
+                        continue;
+
+                transfer_send_log_line(t, n);
+        }
+}
+
+static int transfer_finalize(Transfer *t, bool success) {
+        int r;
+
+        assert(t);
+
+        transfer_send_logs(t, true);
+
+        r = sd_bus_emit_signal(
+                        t->manager->bus,
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "TransferRemoved",
+                        "uos",
+                        t->id,
+                        t->object_path,
+                        success ? "done" :
+                        t->n_canceled > 0 ? "canceled" : "failed");
+
+        if (r < 0)
+                log_error_errno(r, "Cannot emit message: %m");
+
+        transfer_unref(t);
+        return 0;
+}
+
+static int transfer_cancel(Transfer *t) {
+        int r;
+
+        assert(t);
+
+        r = kill_and_sigcont(t->pid, t->n_canceled < 3 ? SIGTERM : SIGKILL);
+        if (r < 0)
+                return r;
+
+        t->n_canceled++;
+        return 0;
+}
+
+static int transfer_on_pid(sd_event_source *s, const siginfo_t *si, void *userdata) {
+        Transfer *t = userdata;
+        bool success = false;
+
+        assert(s);
+        assert(t);
+
+        if (si->si_code == CLD_EXITED) {
+                if (si->si_status != 0)
+                        log_error("Import process failed with exit code %i.", si->si_status);
+                else {
+                        log_debug("Import process succeeded.");
+                        success = true;
+                }
+
+        } else if (si->si_code == CLD_KILLED ||
+                   si->si_code == CLD_DUMPED)
+
+                log_error("Import process terminated by signal %s.", signal_to_string(si->si_status));
+        else
+                log_error("Import process failed due to unknown reason.");
+
+        t->pid = 0;
+
+        return transfer_finalize(t, success);
+}
+
+static int transfer_on_log(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Transfer *t = userdata;
+        ssize_t l;
+
+        assert(s);
+        assert(t);
+
+        l = read(fd, t->log_message + t->log_message_size, sizeof(t->log_message) - t->log_message_size);
+        if (l <= 0) {
+                /* EOF/read error. We just close the pipe here, and
+                 * close the watch, waiting for the SIGCHLD to arrive,
+                 * before we do anything else. */
+
+                if (l < 0)
+                        log_error_errno(errno, "Failed to read log message: %m");
+
+                t->log_event_source = sd_event_source_unref(t->log_event_source);
+                return 0;
+        }
+
+        t->log_message_size += l;
+
+        transfer_send_logs(t, false);
+
+        return 0;
+}
+
+static int transfer_start(Transfer *t) {
+        _cleanup_close_pair_ int pipefd[2] = { -1, -1 };
+        int r;
+
+        assert(t);
+        assert(t->pid <= 0);
+
+        if (pipe2(pipefd, O_CLOEXEC) < 0)
+                return -errno;
+
+        t->pid = fork();
+        if (t->pid < 0)
+                return -errno;
+        if (t->pid == 0) {
+                const char *cmd[] = {
+                        NULL, /* systemd-import, systemd-export or systemd-pull */
+                        NULL, /* tar, raw  */
+                        NULL, /* --verify= */
+                        NULL, /* verify argument */
+                        NULL, /* maybe --force */
+                        NULL, /* maybe --read-only */
+                        NULL, /* if so: the actual URL */
+                        NULL, /* maybe --format= */
+                        NULL, /* if so: the actual format */
+                        NULL, /* remote */
+                        NULL, /* local */
+                        NULL
+                };
+                unsigned k = 0;
+
+                /* Child */
+
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
+
+                pipefd[0] = safe_close(pipefd[0]);
+
+                if (dup2(pipefd[1], STDERR_FILENO) != STDERR_FILENO) {
+                        log_error_errno(errno, "Failed to dup2() fd: %m");
+                        _exit(EXIT_FAILURE);
+                }
+
+                if (t->stdout_fd >= 0) {
+                        if (dup2(t->stdout_fd, STDOUT_FILENO) != STDOUT_FILENO) {
+                                log_error_errno(errno, "Failed to dup2() fd: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+
+                        if (t->stdout_fd != STDOUT_FILENO)
+                                safe_close(t->stdout_fd);
+                } else {
+                        if (dup2(pipefd[1], STDOUT_FILENO) != STDOUT_FILENO) {
+                                log_error_errno(errno, "Failed to dup2() fd: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+                }
+
+                if (pipefd[1] != STDOUT_FILENO && pipefd[1] != STDERR_FILENO)
+                        pipefd[1] = safe_close(pipefd[1]);
+
+                if (t->stdin_fd >= 0) {
+                        if (dup2(t->stdin_fd, STDIN_FILENO) != STDIN_FILENO) {
+                                log_error_errno(errno, "Failed to dup2() fd: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+
+                        if (t->stdin_fd != STDIN_FILENO)
+                                safe_close(t->stdin_fd);
+                } else {
+                        int null_fd;
+
+                        null_fd = open("/dev/null", O_RDONLY|O_NOCTTY);
+                        if (null_fd < 0) {
+                                log_error_errno(errno, "Failed to open /dev/null: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+
+                        if (dup2(null_fd, STDIN_FILENO) != STDIN_FILENO) {
+                                log_error_errno(errno, "Failed to dup2() fd: %m");
+                                _exit(EXIT_FAILURE);
+                        }
+
+                        if (null_fd != STDIN_FILENO)
+                                safe_close(null_fd);
+                }
+
+                fd_cloexec(STDIN_FILENO, false);
+                fd_cloexec(STDOUT_FILENO, false);
+                fd_cloexec(STDERR_FILENO, false);
+
+                setenv("SYSTEMD_LOG_TARGET", "console-prefixed", 1);
+                setenv("NOTIFY_SOCKET", "/run/systemd/import/notify", 1);
+
+                if (IN_SET(t->type, TRANSFER_IMPORT_TAR, TRANSFER_IMPORT_RAW))
+                        cmd[k++] = SYSTEMD_IMPORT_PATH;
+                else if (IN_SET(t->type, TRANSFER_EXPORT_TAR, TRANSFER_EXPORT_RAW))
+                        cmd[k++] = SYSTEMD_EXPORT_PATH;
+                else
+                        cmd[k++] = SYSTEMD_PULL_PATH;
+
+                if (IN_SET(t->type, TRANSFER_IMPORT_TAR, TRANSFER_EXPORT_TAR, TRANSFER_PULL_TAR))
+                        cmd[k++] = "tar";
+                else
+                        cmd[k++] = "raw";
+
+                if (t->verify != _IMPORT_VERIFY_INVALID) {
+                        cmd[k++] = "--verify";
+                        cmd[k++] = import_verify_to_string(t->verify);
+                }
+
+                if (t->force_local)
+                        cmd[k++] = "--force";
+                if (t->read_only)
+                        cmd[k++] = "--read-only";
+
+                if (t->format) {
+                        cmd[k++] = "--format";
+                        cmd[k++] = t->format;
+                }
+
+                if (!IN_SET(t->type, TRANSFER_EXPORT_TAR, TRANSFER_EXPORT_RAW)) {
+                        if (t->remote)
+                                cmd[k++] = t->remote;
+                        else
+                                cmd[k++] = "-";
+                }
+
+                if (t->local)
+                        cmd[k++] = t->local;
+                cmd[k] = NULL;
+
+                execv(cmd[0], (char * const *) cmd);
+                log_error_errno(errno, "Failed to execute %s tool: %m", cmd[0]);
+                _exit(EXIT_FAILURE);
+        }
+
+        pipefd[1] = safe_close(pipefd[1]);
+        t->log_fd = pipefd[0];
+        pipefd[0] = -1;
+
+        t->stdin_fd = safe_close(t->stdin_fd);
+
+        r = sd_event_add_child(t->manager->event, &t->pid_event_source, t->pid, WEXITED, transfer_on_pid, t);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_io(t->manager->event, &t->log_event_source, t->log_fd, EPOLLIN, transfer_on_log, t);
+        if (r < 0)
+                return r;
+
+        /* Make sure always process logging before SIGCHLD */
+        r = sd_event_source_set_priority(t->log_event_source, SD_EVENT_PRIORITY_NORMAL -5);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_emit_signal(
+                        t->manager->bus,
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "TransferNew",
+                        "uo",
+                        t->id,
+                        t->object_path);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static Manager *manager_unref(Manager *m) {
+        Transfer *t;
+
+        if (!m)
+                return NULL;
+
+        sd_event_source_unref(m->notify_event_source);
+        safe_close(m->notify_fd);
+
+        while ((t = hashmap_first(m->transfers)))
+                transfer_unref(t);
+
+        hashmap_free(m->transfers);
+
+        bus_verify_polkit_async_registry_free(m->polkit_registry);
+
+        m->bus = sd_bus_flush_close_unref(m->bus);
+        sd_event_unref(m->event);
+
+        free(m);
+        return NULL;
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_unref);
+
+static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+
+        char buf[NOTIFY_BUFFER_MAX+1];
+        struct iovec iovec = {
+                .iov_base = buf,
+                .iov_len = sizeof(buf)-1,
+        };
+        union {
+                struct cmsghdr cmsghdr;
+                uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
+                            CMSG_SPACE(sizeof(int) * NOTIFY_FD_MAX)];
+        } control = {};
+        struct msghdr msghdr = {
+                .msg_iov = &iovec,
+                .msg_iovlen = 1,
+                .msg_control = &control,
+                .msg_controllen = sizeof(control),
+        };
+        struct ucred *ucred = NULL;
+        Manager *m = userdata;
+        struct cmsghdr *cmsg;
+        unsigned percent;
+        char *p, *e;
+        Transfer *t;
+        Iterator i;
+        ssize_t n;
+        int r;
+
+        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        if (n < 0) {
+                if (errno == EAGAIN || errno == EINTR)
+                        return 0;
+
+                return -errno;
+        }
+
+        cmsg_close_all(&msghdr);
+
+        CMSG_FOREACH(cmsg, &msghdr)
+                if (cmsg->cmsg_level == SOL_SOCKET &&
+                    cmsg->cmsg_type == SCM_CREDENTIALS &&
+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
+                        ucred = (struct ucred*) CMSG_DATA(cmsg);
+
+        if (msghdr.msg_flags & MSG_TRUNC) {
+                log_warning("Got overly long notification datagram, ignoring.");
+                return 0;
+        }
+
+        if (!ucred || ucred->pid <= 0) {
+                log_warning("Got notification datagram lacking credential information, ignoring.");
+                return 0;
+        }
+
+        HASHMAP_FOREACH(t, m->transfers, i)
+                if (ucred->pid == t->pid)
+                        break;
+
+        if (!t) {
+                log_warning("Got notification datagram from unexpected peer, ignoring.");
+                return 0;
+        }
+
+        buf[n] = 0;
+
+        p = startswith(buf, "X_IMPORT_PROGRESS=");
+        if (!p) {
+                p = strstr(buf, "\nX_IMPORT_PROGRESS=");
+                if (!p)
+                        return 0;
+
+                p += 19;
+        }
+
+        e = strchrnul(p, '\n');
+        *e = 0;
+
+        r = safe_atou(p, &percent);
+        if (r < 0 || percent > 100) {
+                log_warning("Got invalid percent value, ignoring.");
+                return 0;
+        }
+
+        t->progress_percent = percent;
+
+        log_debug("Got percentage from client: %u%%", percent);
+        return 0;
+}
+
+static int manager_new(Manager **ret) {
+        _cleanup_(manager_unrefp) Manager *m = NULL;
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/import/notify",
+        };
+        static const int one = 1;
+        int r;
+
+        assert(ret);
+
+        m = new0(Manager, 1);
+        if (!m)
+                return -ENOMEM;
+
+        r = sd_event_default(&m->event);
+        if (r < 0)
+                return r;
+
+        sd_event_set_watchdog(m->event, true);
+
+        r = sd_bus_default_system(&m->bus);
+        if (r < 0)
+                return r;
+
+        m->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+        if (m->notify_fd < 0)
+                return -errno;
+
+        (void) mkdir_parents_label(sa.un.sun_path, 0755);
+        (void) unlink(sa.un.sun_path);
+
+        if (bind(m->notify_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
+                return -errno;
+
+        if (setsockopt(m->notify_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
+                return -errno;
+
+        r = sd_event_add_io(m->event, &m->notify_event_source, m->notify_fd, EPOLLIN, manager_on_notify, m);
+        if (r < 0)
+                return r;
+
+        *ret = m;
+        m = NULL;
+
+        return 0;
+}
+
+static Transfer *manager_find(Manager *m, TransferType type, const char *remote) {
+        Transfer *t;
+        Iterator i;
+
+        assert(m);
+        assert(type >= 0);
+        assert(type < _TRANSFER_TYPE_MAX);
+
+        HASHMAP_FOREACH(t, m->transfers, i) {
+
+                if (t->type == type &&
+                    streq_ptr(t->remote, remote))
+                        return t;
+        }
+
+        return NULL;
+}
+
+static int method_import_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
+        _cleanup_(transfer_unrefp) Transfer *t = NULL;
+        int fd, force, read_only, r;
+        const char *local, *object;
+        Manager *m = userdata;
+        TransferType type;
+        uint32_t id;
+
+        assert(msg);
+        assert(m);
+
+        r = bus_verify_polkit_async(
+                        msg,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.import1.import",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = sd_bus_message_read(msg, "hsbb", &fd, &local, &force, &read_only);
+        if (r < 0)
+                return r;
+
+        if (!machine_name_is_valid(local))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Local name %s is invalid", local);
+
+        r = setup_machine_directory((uint64_t) -1, error);
+        if (r < 0)
+                return r;
+
+        type = streq_ptr(sd_bus_message_get_member(msg), "ImportTar") ? TRANSFER_IMPORT_TAR : TRANSFER_IMPORT_RAW;
+
+        r = transfer_new(m, &t);
+        if (r < 0)
+                return r;
+
+        t->type = type;
+        t->force_local = force;
+        t->read_only = read_only;
+
+        t->local = strdup(local);
+        if (!t->local)
+                return -ENOMEM;
+
+        t->stdin_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+        if (t->stdin_fd < 0)
+                return -errno;
+
+        r = transfer_start(t);
+        if (r < 0)
+                return r;
+
+        object = t->object_path;
+        id = t->id;
+        t = NULL;
+
+        return sd_bus_reply_method_return(msg, "uo", id, object);
+}
+
+static int method_export_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
+        _cleanup_(transfer_unrefp) Transfer *t = NULL;
+        int fd, r;
+        const char *local, *object, *format;
+        Manager *m = userdata;
+        TransferType type;
+        uint32_t id;
+
+        assert(msg);
+        assert(m);
+
+        r = bus_verify_polkit_async(
+                        msg,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.import1.export",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = sd_bus_message_read(msg, "shs", &local, &fd, &format);
+        if (r < 0)
+                return r;
+
+        if (!machine_name_is_valid(local))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Local name %s is invalid", local);
+
+        type = streq_ptr(sd_bus_message_get_member(msg), "ExportTar") ? TRANSFER_EXPORT_TAR : TRANSFER_EXPORT_RAW;
+
+        r = transfer_new(m, &t);
+        if (r < 0)
+                return r;
+
+        t->type = type;
+
+        if (!isempty(format)) {
+                t->format = strdup(format);
+                if (!t->format)
+                        return -ENOMEM;
+        }
+
+        t->local = strdup(local);
+        if (!t->local)
+                return -ENOMEM;
+
+        t->stdout_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+        if (t->stdout_fd < 0)
+                return -errno;
+
+        r = transfer_start(t);
+        if (r < 0)
+                return r;
+
+        object = t->object_path;
+        id = t->id;
+        t = NULL;
+
+        return sd_bus_reply_method_return(msg, "uo", id, object);
+}
+
+static int method_pull_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
+        _cleanup_(transfer_unrefp) Transfer *t = NULL;
+        const char *remote, *local, *verify, *object;
+        Manager *m = userdata;
+        ImportVerify v;
+        TransferType type;
+        int force, r;
+        uint32_t id;
+
+        assert(msg);
+        assert(m);
+
+        r = bus_verify_polkit_async(
+                        msg,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.import1.pull",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = sd_bus_message_read(msg, "sssb", &remote, &local, &verify, &force);
+        if (r < 0)
+                return r;
+
+        if (!http_url_is_valid(remote))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "URL %s is invalid", remote);
+
+        if (isempty(local))
+                local = NULL;
+        else if (!machine_name_is_valid(local))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Local name %s is invalid", local);
+
+        if (isempty(verify))
+                v = IMPORT_VERIFY_SIGNATURE;
+        else
+                v = import_verify_from_string(verify);
+        if (v < 0)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown verification mode %s", verify);
+
+        r = setup_machine_directory((uint64_t) -1, error);
+        if (r < 0)
+                return r;
+
+        type = streq_ptr(sd_bus_message_get_member(msg), "PullTar") ? TRANSFER_PULL_TAR : TRANSFER_PULL_RAW;
+
+        if (manager_find(m, type, remote))
+                return sd_bus_error_setf(error, BUS_ERROR_TRANSFER_IN_PROGRESS, "Transfer for %s already in progress.", remote);
+
+        r = transfer_new(m, &t);
+        if (r < 0)
+                return r;
+
+        t->type = type;
+        t->verify = v;
+        t->force_local = force;
+
+        t->remote = strdup(remote);
+        if (!t->remote)
+                return -ENOMEM;
+
+        if (local) {
+                t->local = strdup(local);
+                if (!t->local)
+                        return -ENOMEM;
+        }
+
+        r = transfer_start(t);
+        if (r < 0)
+                return r;
+
+        object = t->object_path;
+        id = t->id;
+        t = NULL;
+
+        return sd_bus_reply_method_return(msg, "uo", id, object);
+}
+
+static int method_list_transfers(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        Manager *m = userdata;
+        Transfer *t;
+        Iterator i;
+        int r;
+
+        assert(msg);
+        assert(m);
+
+        r = sd_bus_message_new_method_return(msg, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(usssdo)");
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH(t, m->transfers, i) {
+
+                r = sd_bus_message_append(
+                                reply,
+                                "(usssdo)",
+                                t->id,
+                                transfer_type_to_string(t->type),
+                                t->remote,
+                                t->local,
+                                (double) t->progress_percent / 100.0,
+                                t->object_path);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_cancel(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
+        Transfer *t = userdata;
+        int r;
+
+        assert(msg);
+        assert(t);
+
+        r = bus_verify_polkit_async(
+                        msg,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.import1.pull",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &t->manager->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = transfer_cancel(t);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(msg, NULL);
+}
+
+static int method_cancel_transfer(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Transfer *t;
+        uint32_t id;
+        int r;
+
+        assert(msg);
+        assert(m);
+
+        r = bus_verify_polkit_async(
+                        msg,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.import1.pull",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = sd_bus_message_read(msg, "u", &id);
+        if (r < 0)
+                return r;
+        if (id <= 0)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid transfer id");
+
+        t = hashmap_get(m->transfers, UINT32_TO_PTR(id));
+        if (!t)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_TRANSFER, "No transfer by id %" PRIu32, id);
+
+        r = transfer_cancel(t);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(msg, NULL);
+}
+
+static int property_get_progress(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Transfer *t = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(t);
+
+        return sd_bus_message_append(reply, "d", (double) t->progress_percent / 100.0);
+}
+
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, transfer_type, TransferType);
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_verify, import_verify, ImportVerify);
+
+static const sd_bus_vtable transfer_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_PROPERTY("Id", "u", NULL, offsetof(Transfer, id), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Local", "s", NULL, offsetof(Transfer, local), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Remote", "s", NULL, offsetof(Transfer, remote), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Type", "s", property_get_type, offsetof(Transfer, type), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Verify", "s", property_get_verify, offsetof(Transfer, verify), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Progress", "d", property_get_progress, 0, 0),
+        SD_BUS_METHOD("Cancel", NULL, NULL, method_cancel, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_SIGNAL("LogMessage", "us", 0),
+        SD_BUS_VTABLE_END,
+};
+
+static const sd_bus_vtable manager_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_METHOD("ImportTar", "hsbb", "uo", method_import_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ImportRaw", "hsbb", "uo", method_import_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ExportTar", "shs", "uo", method_export_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ExportRaw", "shs", "uo", method_export_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("PullTar", "sssb", "uo", method_pull_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("PullRaw", "sssb", "uo", method_pull_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ListTransfers", NULL, "a(usssdo)", method_list_transfers, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CancelTransfer", "u", NULL, method_cancel_transfer, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_SIGNAL("TransferNew", "uo", 0),
+        SD_BUS_SIGNAL("TransferRemoved", "uos", 0),
+        SD_BUS_VTABLE_END,
+};
+
+static int transfer_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+        Transfer *t;
+        const char *p;
+        uint32_t id;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        p = startswith(path, "/org/freedesktop/import1/transfer/_");
+        if (!p)
+                return 0;
+
+        r = safe_atou32(p, &id);
+        if (r < 0 || id == 0)
+                return 0;
+
+        t = hashmap_get(m->transfers, UINT32_TO_PTR(id));
+        if (!t)
+                return 0;
+
+        *found = t;
+        return 1;
+}
+
+static int transfer_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
+        _cleanup_strv_free_ char **l = NULL;
+        Manager *m = userdata;
+        Transfer *t;
+        unsigned k = 0;
+        Iterator i;
+
+        l = new0(char*, hashmap_size(m->transfers) + 1);
+        if (!l)
+                return -ENOMEM;
+
+        HASHMAP_FOREACH(t, m->transfers, i) {
+
+                l[k] = strdup(t->object_path);
+                if (!l[k])
+                        return -ENOMEM;
+
+                k++;
+        }
+
+        *nodes = l;
+        l = NULL;
+
+        return 1;
+}
+
+static int manager_add_bus_objects(Manager *m) {
+        int r;
+
+        assert(m);
+
+        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/import1", "org.freedesktop.import1.Manager", manager_vtable, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register object: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/import1/transfer", "org.freedesktop.import1.Transfer", transfer_vtable, transfer_object_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register object: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/import1/transfer", transfer_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add transfer enumerator: %m");
+
+        r = sd_bus_request_name(m->bus, "org.freedesktop.import1", 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register name: %m");
+
+        r = sd_bus_attach_event(m->bus, m->event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        return 0;
+}
+
+static bool manager_check_idle(void *userdata) {
+        Manager *m = userdata;
+
+        return hashmap_isempty(m->transfers);
+}
+
+static int manager_run(Manager *m) {
+        assert(m);
+
+        return bus_event_loop_with_idle(
+                        m->event,
+                        m->bus,
+                        "org.freedesktop.import1",
+                        DEFAULT_EXIT_USEC,
+                        manager_check_idle,
+                        m);
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(manager_unrefp) Manager *m = NULL;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (argc != 1) {
+                log_error("This program takes no arguments.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, -1) >= 0);
+
+        r = manager_new(&m);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate manager object: %m");
+                goto finish;
+        }
+
+        r = manager_add_bus_objects(m);
+        if (r < 0)
+                goto finish;
+
+        r = manager_run(m);
+        if (r < 0) {
+                log_error_errno(r, "Failed to run event loop: %m");
+                goto finish;
+        }
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-import/systemd-pull/Makefile b/src/grp-import/systemd-pull/Makefile
new file mode 100644
index 0000000000..36505edb5b
--- /dev/null
+++ b/src/grp-import/systemd-pull/Makefile
@@ -0,0 +1,64 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-pull
+systemd_pull_SOURCES = \
+	src/import/pull.c \
+	src/import/pull-raw.c \
+	src/import/pull-raw.h \
+	src/import/pull-tar.c \
+	src/import/pull-tar.h \
+	src/import/pull-job.c \
+	src/import/pull-job.h \
+	src/import/pull-common.c \
+	src/import/pull-common.h \
+	src/import/import-common.c \
+	src/import/import-common.h \
+	src/import/import-compress.c \
+	src/import/import-compress.h \
+	src/import/curl-util.c \
+	src/import/curl-util.h \
+	src/import/qcow2-util.c \
+	src/import/qcow2-util.h
+
+systemd_pull_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(LIBCURL_CFLAGS) \
+	$(XZ_CFLAGS) \
+	$(ZLIB_CFLAGS) \
+	$(BZIP2_CFLAGS) \
+	$(GCRYPT_CFLAGS) \
+	-D VENDOR_KEYRING_PATH=\"$(rootlibexecdir)/import-pubring.gpg\" \
+	-D USER_KEYRING_PATH=\"$(pkgsysconfdir)/import-pubring.gpg\"
+
+systemd_pull_LDADD = \
+	libshared.la \
+	$(LIBCURL_LIBS) \
+	$(XZ_LIBS) \
+	$(ZLIB_LIBS) \
+	$(BZIP2_LIBS) \
+	$(GCRYPT_LIBS)
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/import/pull-common.c b/src/grp-import/systemd-pull/pull-common.c
index dc4e4667a9..dc4e4667a9 100644
--- a/src/import/pull-common.c
+++ b/src/grp-import/systemd-pull/pull-common.c
diff --git a/src/import/pull-common.h b/src/grp-import/systemd-pull/pull-common.h
index 929a131c88..929a131c88 100644
--- a/src/import/pull-common.h
+++ b/src/grp-import/systemd-pull/pull-common.h
diff --git a/src/import/pull-job.c b/src/grp-import/systemd-pull/pull-job.c
index 6bcf35ef4e..6bcf35ef4e 100644
--- a/src/import/pull-job.c
+++ b/src/grp-import/systemd-pull/pull-job.c
diff --git a/src/import/pull-job.h b/src/grp-import/systemd-pull/pull-job.h
index 3a152a50e3..3a152a50e3 100644
--- a/src/import/pull-job.h
+++ b/src/grp-import/systemd-pull/pull-job.h
diff --git a/src/grp-import/systemd-pull/pull-raw.c b/src/grp-import/systemd-pull/pull-raw.c
new file mode 100644
index 0000000000..19155cc53a
--- /dev/null
+++ b/src/grp-import/systemd-pull/pull-raw.c
@@ -0,0 +1,651 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <curl/curl.h>
+#include <linux/fs.h>
+#include <sys/xattr.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "chattr-util.h"
+#include "copy.h"
+#include "curl-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hostname-util.h"
+#include "import-common.h"
+#include "import-util.h"
+#include "macro.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "pull-common.h"
+#include "pull-job.h"
+#include "pull-raw.h"
+#include "qcow2-util.h"
+#include "rm-rf.h"
+#include "string-util.h"
+#include "strv.h"
+#include "utf8.h"
+#include "util.h"
+#include "web-util.h"
+
+typedef enum RawProgress {
+        RAW_DOWNLOADING,
+        RAW_VERIFYING,
+        RAW_UNPACKING,
+        RAW_FINALIZING,
+        RAW_COPYING,
+} RawProgress;
+
+struct RawPull {
+        sd_event *event;
+        CurlGlue *glue;
+
+        char *image_root;
+
+        PullJob *raw_job;
+        PullJob *settings_job;
+        PullJob *checksum_job;
+        PullJob *signature_job;
+
+        RawPullFinished on_finished;
+        void *userdata;
+
+        char *local;
+        bool force_local;
+        bool grow_machine_directory;
+        bool settings;
+
+        char *final_path;
+        char *temp_path;
+
+        char *settings_path;
+        char *settings_temp_path;
+
+        ImportVerify verify;
+};
+
+RawPull* raw_pull_unref(RawPull *i) {
+        if (!i)
+                return NULL;
+
+        pull_job_unref(i->raw_job);
+        pull_job_unref(i->settings_job);
+        pull_job_unref(i->checksum_job);
+        pull_job_unref(i->signature_job);
+
+        curl_glue_unref(i->glue);
+        sd_event_unref(i->event);
+
+        if (i->temp_path) {
+                (void) unlink(i->temp_path);
+                free(i->temp_path);
+        }
+
+        if (i->settings_temp_path) {
+                (void) unlink(i->settings_temp_path);
+                free(i->settings_temp_path);
+        }
+
+        free(i->final_path);
+        free(i->settings_path);
+        free(i->image_root);
+        free(i->local);
+        free(i);
+
+        return NULL;
+}
+
+int raw_pull_new(
+                RawPull **ret,
+                sd_event *event,
+                const char *image_root,
+                RawPullFinished on_finished,
+                void *userdata) {
+
+        _cleanup_(raw_pull_unrefp) RawPull *i = NULL;
+        int r;
+
+        assert(ret);
+
+        i = new0(RawPull, 1);
+        if (!i)
+                return -ENOMEM;
+
+        i->on_finished = on_finished;
+        i->userdata = userdata;
+
+        i->image_root = strdup(image_root ?: "/var/lib/machines");
+        if (!i->image_root)
+                return -ENOMEM;
+
+        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
+
+        if (event)
+                i->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&i->event);
+                if (r < 0)
+                        return r;
+        }
+
+        r = curl_glue_new(&i->glue, i->event);
+        if (r < 0)
+                return r;
+
+        i->glue->on_finished = pull_job_curl_on_finished;
+        i->glue->userdata = i;
+
+        *ret = i;
+        i = NULL;
+
+        return 0;
+}
+
+static void raw_pull_report_progress(RawPull *i, RawProgress p) {
+        unsigned percent;
+
+        assert(i);
+
+        switch (p) {
+
+        case RAW_DOWNLOADING: {
+                unsigned remain = 80;
+
+                percent = 0;
+
+                if (i->settings_job) {
+                        percent += i->settings_job->progress_percent * 5 / 100;
+                        remain -= 5;
+                }
+
+                if (i->checksum_job) {
+                        percent += i->checksum_job->progress_percent * 5 / 100;
+                        remain -= 5;
+                }
+
+                if (i->signature_job) {
+                        percent += i->signature_job->progress_percent * 5 / 100;
+                        remain -= 5;
+                }
+
+                if (i->raw_job)
+                        percent += i->raw_job->progress_percent * remain / 100;
+                break;
+        }
+
+        case RAW_VERIFYING:
+                percent = 80;
+                break;
+
+        case RAW_UNPACKING:
+                percent = 85;
+                break;
+
+        case RAW_FINALIZING:
+                percent = 90;
+                break;
+
+        case RAW_COPYING:
+                percent = 95;
+                break;
+
+        default:
+                assert_not_reached("Unknown progress state");
+        }
+
+        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
+        log_debug("Combined progress %u%%", percent);
+}
+
+static int raw_pull_maybe_convert_qcow2(RawPull *i) {
+        _cleanup_close_ int converted_fd = -1;
+        _cleanup_free_ char *t = NULL;
+        int r;
+
+        assert(i);
+        assert(i->raw_job);
+
+        r = qcow2_detect(i->raw_job->disk_fd);
+        if (r < 0)
+                return log_error_errno(r, "Failed to detect whether this is a QCOW2 image: %m");
+        if (r == 0)
+                return 0;
+
+        /* This is a QCOW2 image, let's convert it */
+        r = tempfn_random(i->final_path, NULL, &t);
+        if (r < 0)
+                return log_oom();
+
+        converted_fd = open(t, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
+        if (converted_fd < 0)
+                return log_error_errno(errno, "Failed to create %s: %m", t);
+
+        r = chattr_fd(converted_fd, FS_NOCOW_FL, FS_NOCOW_FL);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set file attributes on %s: %m", t);
+
+        log_info("Unpacking QCOW2 file.");
+
+        r = qcow2_convert(i->raw_job->disk_fd, converted_fd);
+        if (r < 0) {
+                unlink(t);
+                return log_error_errno(r, "Failed to convert qcow2 image: %m");
+        }
+
+        (void) unlink(i->temp_path);
+        free(i->temp_path);
+        i->temp_path = t;
+        t = NULL;
+
+        safe_close(i->raw_job->disk_fd);
+        i->raw_job->disk_fd = converted_fd;
+        converted_fd = -1;
+
+        return 1;
+}
+
+static int raw_pull_make_local_copy(RawPull *i) {
+        _cleanup_free_ char *tp = NULL;
+        _cleanup_close_ int dfd = -1;
+        const char *p;
+        int r;
+
+        assert(i);
+        assert(i->raw_job);
+
+        if (!i->local)
+                return 0;
+
+        if (!i->final_path) {
+                r = pull_make_path(i->raw_job->url, i->raw_job->etag, i->image_root, ".raw-", ".raw", &i->final_path);
+                if (r < 0)
+                        return log_oom();
+        }
+
+        if (i->raw_job->etag_exists) {
+                /* We have downloaded this one previously, reopen it */
+
+                assert(i->raw_job->disk_fd < 0);
+
+                i->raw_job->disk_fd = open(i->final_path, O_RDONLY|O_NOCTTY|O_CLOEXEC);
+                if (i->raw_job->disk_fd < 0)
+                        return log_error_errno(errno, "Failed to open vendor image: %m");
+        } else {
+                /* We freshly downloaded the image, use it */
+
+                assert(i->raw_job->disk_fd >= 0);
+
+                if (lseek(i->raw_job->disk_fd, SEEK_SET, 0) == (off_t) -1)
+                        return log_error_errno(errno, "Failed to seek to beginning of vendor image: %m");
+        }
+
+        p = strjoina(i->image_root, "/", i->local, ".raw");
+
+        if (i->force_local)
+                (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+
+        r = tempfn_random(p, NULL, &tp);
+        if (r < 0)
+                return log_oom();
+
+        dfd = open(tp, O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
+        if (dfd < 0)
+                return log_error_errno(errno, "Failed to create writable copy of image: %m");
+
+        /* Turn off COW writing. This should greatly improve
+         * performance on COW file systems like btrfs, since it
+         * reduces fragmentation caused by not allowing in-place
+         * writes. */
+        r = chattr_fd(dfd, FS_NOCOW_FL, FS_NOCOW_FL);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set file attributes on %s: %m", tp);
+
+        r = copy_bytes(i->raw_job->disk_fd, dfd, (uint64_t) -1, true);
+        if (r < 0) {
+                unlink(tp);
+                return log_error_errno(r, "Failed to make writable copy of image: %m");
+        }
+
+        (void) copy_times(i->raw_job->disk_fd, dfd);
+        (void) copy_xattr(i->raw_job->disk_fd, dfd);
+
+        dfd = safe_close(dfd);
+
+        r = rename(tp, p);
+        if (r < 0)  {
+                r = log_error_errno(errno, "Failed to move writable image into place: %m");
+                unlink(tp);
+                return r;
+        }
+
+        log_info("Created new local image '%s'.", i->local);
+
+        if (i->settings) {
+                const char *local_settings;
+                assert(i->settings_job);
+
+                if (!i->settings_path) {
+                        r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
+                        if (r < 0)
+                                return log_oom();
+                }
+
+                local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
+
+                r = copy_file_atomic(i->settings_path, local_settings, 0644, i->force_local, 0);
+                if (r == -EEXIST)
+                        log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
+                else if (r == -ENOENT)
+                        log_debug_errno(r, "Skipping creation of settings file, since none was found.");
+                else if (r < 0)
+                        log_warning_errno(r, "Failed to copy settings files %s, ignoring: %m", local_settings);
+                else
+                        log_info("Created new settings file %s.", local_settings);
+        }
+
+        return 0;
+}
+
+static bool raw_pull_is_done(RawPull *i) {
+        assert(i);
+        assert(i->raw_job);
+
+        if (!PULL_JOB_IS_COMPLETE(i->raw_job))
+                return false;
+        if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
+                return false;
+        if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
+                return false;
+        if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
+                return false;
+
+        return true;
+}
+
+static void raw_pull_job_on_finished(PullJob *j) {
+        RawPull *i;
+        int r;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+        if (j == i->settings_job) {
+                if (j->error != 0)
+                        log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
+        } else if (j->error != 0) {
+                if (j == i->checksum_job)
+                        log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
+                else if (j == i->signature_job)
+                        log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
+                else
+                        log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
+
+                r = j->error;
+                goto finish;
+        }
+
+        /* This is invoked if either the download completed
+         * successfully, or the download was skipped because we
+         * already have the etag. In this case ->etag_exists is
+         * true.
+         *
+         * We only do something when we got all three files */
+
+        if (!raw_pull_is_done(i))
+                return;
+
+        if (i->settings_job)
+                i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
+
+        if (!i->raw_job->etag_exists) {
+                /* This is a new download, verify it, and move it into place */
+                assert(i->raw_job->disk_fd >= 0);
+
+                raw_pull_report_progress(i, RAW_VERIFYING);
+
+                r = pull_verify(i->raw_job, i->settings_job, i->checksum_job, i->signature_job);
+                if (r < 0)
+                        goto finish;
+
+                raw_pull_report_progress(i, RAW_UNPACKING);
+
+                r = raw_pull_maybe_convert_qcow2(i);
+                if (r < 0)
+                        goto finish;
+
+                raw_pull_report_progress(i, RAW_FINALIZING);
+
+                r = import_make_read_only_fd(i->raw_job->disk_fd);
+                if (r < 0)
+                        goto finish;
+
+                r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to move RAW file into place: %m");
+                        goto finish;
+                }
+
+                i->temp_path = mfree(i->temp_path);
+
+                if (i->settings_job &&
+                    i->settings_job->error == 0 &&
+                    !i->settings_job->etag_exists) {
+
+                        assert(i->settings_temp_path);
+                        assert(i->settings_path);
+
+                        r = import_make_read_only(i->settings_temp_path);
+                        if (r < 0)
+                                goto finish;
+
+                        r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to rename settings file: %m");
+                                goto finish;
+                        }
+
+                        i->settings_temp_path = mfree(i->settings_temp_path);
+                }
+        }
+
+        raw_pull_report_progress(i, RAW_COPYING);
+
+        r = raw_pull_make_local_copy(i);
+        if (r < 0)
+                goto finish;
+
+        r = 0;
+
+finish:
+        if (i->on_finished)
+                i->on_finished(i, r, i->userdata);
+        else
+                sd_event_exit(i->event, r);
+}
+
+static int raw_pull_job_on_open_disk_raw(PullJob *j) {
+        RawPull *i;
+        int r;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+        assert(i->raw_job == j);
+        assert(!i->final_path);
+        assert(!i->temp_path);
+
+        r = pull_make_path(j->url, j->etag, i->image_root, ".raw-", ".raw", &i->final_path);
+        if (r < 0)
+                return log_oom();
+
+        r = tempfn_random(i->final_path, NULL, &i->temp_path);
+        if (r < 0)
+                return log_oom();
+
+        (void) mkdir_parents_label(i->temp_path, 0700);
+
+        j->disk_fd = open(i->temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
+        if (j->disk_fd < 0)
+                return log_error_errno(errno, "Failed to create %s: %m", i->temp_path);
+
+        r = chattr_fd(j->disk_fd, FS_NOCOW_FL, FS_NOCOW_FL);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set file attributes on %s: %m", i->temp_path);
+
+        return 0;
+}
+
+static int raw_pull_job_on_open_disk_settings(PullJob *j) {
+        RawPull *i;
+        int r;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+        assert(i->settings_job == j);
+        assert(!i->settings_path);
+        assert(!i->settings_temp_path);
+
+        r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
+        if (r < 0)
+                return log_oom();
+
+        r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
+        if (r < 0)
+                return log_oom();
+
+        mkdir_parents_label(i->settings_temp_path, 0700);
+
+        j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
+        if (j->disk_fd < 0)
+                return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
+
+        return 0;
+}
+
+static void raw_pull_job_on_progress(PullJob *j) {
+        RawPull *i;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+
+        raw_pull_report_progress(i, RAW_DOWNLOADING);
+}
+
+int raw_pull_start(
+                RawPull *i,
+                const char *url,
+                const char *local,
+                bool force_local,
+                ImportVerify verify,
+                bool settings) {
+
+        int r;
+
+        assert(i);
+        assert(verify < _IMPORT_VERIFY_MAX);
+        assert(verify >= 0);
+
+        if (!http_url_is_valid(url))
+                return -EINVAL;
+
+        if (local && !machine_name_is_valid(local))
+                return -EINVAL;
+
+        if (i->raw_job)
+                return -EBUSY;
+
+        r = free_and_strdup(&i->local, local);
+        if (r < 0)
+                return r;
+
+        i->force_local = force_local;
+        i->verify = verify;
+        i->settings = settings;
+
+        /* Queue job for the image itself */
+        r = pull_job_new(&i->raw_job, url, i->glue, i);
+        if (r < 0)
+                return r;
+
+        i->raw_job->on_finished = raw_pull_job_on_finished;
+        i->raw_job->on_open_disk = raw_pull_job_on_open_disk_raw;
+        i->raw_job->on_progress = raw_pull_job_on_progress;
+        i->raw_job->calc_checksum = verify != IMPORT_VERIFY_NO;
+        i->raw_job->grow_machine_directory = i->grow_machine_directory;
+
+        r = pull_find_old_etags(url, i->image_root, DT_REG, ".raw-", ".raw", &i->raw_job->old_etags);
+        if (r < 0)
+                return r;
+
+        if (settings) {
+                r = pull_make_settings_job(&i->settings_job, url, i->glue, raw_pull_job_on_finished, i);
+                if (r < 0)
+                        return r;
+
+                i->settings_job->on_open_disk = raw_pull_job_on_open_disk_settings;
+                i->settings_job->on_progress = raw_pull_job_on_progress;
+                i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
+
+                r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
+                if (r < 0)
+                        return r;
+        }
+
+        r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_pull_job_on_finished, i);
+        if (r < 0)
+                return r;
+
+        r = pull_job_begin(i->raw_job);
+        if (r < 0)
+                return r;
+
+        if (i->settings_job) {
+                r = pull_job_begin(i->settings_job);
+                if (r < 0)
+                        return r;
+        }
+
+        if (i->checksum_job) {
+                i->checksum_job->on_progress = raw_pull_job_on_progress;
+
+                r = pull_job_begin(i->checksum_job);
+                if (r < 0)
+                        return r;
+        }
+
+        if (i->signature_job) {
+                i->signature_job->on_progress = raw_pull_job_on_progress;
+
+                r = pull_job_begin(i->signature_job);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
diff --git a/src/grp-import/systemd-pull/pull-raw.h b/src/grp-import/systemd-pull/pull-raw.h
new file mode 100644
index 0000000000..6bafa6dafd
--- /dev/null
+++ b/src/grp-import/systemd-pull/pull-raw.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "import-util.h"
+#include "macro.h"
+
+typedef struct RawPull RawPull;
+
+typedef void (*RawPullFinished)(RawPull *pull, int error, void *userdata);
+
+int raw_pull_new(RawPull **pull, sd_event *event, const char *image_root, RawPullFinished on_finished, void *userdata);
+RawPull* raw_pull_unref(RawPull *pull);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(RawPull*, raw_pull_unref);
+
+int raw_pull_start(RawPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings);
diff --git a/src/grp-import/systemd-pull/pull-tar.c b/src/grp-import/systemd-pull/pull-tar.c
new file mode 100644
index 0000000000..e0205c3841
--- /dev/null
+++ b/src/grp-import/systemd-pull/pull-tar.c
@@ -0,0 +1,563 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <curl/curl.h>
+#include <sys/prctl.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "copy.h"
+#include "curl-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hostname-util.h"
+#include "import-common.h"
+#include "import-util.h"
+#include "macro.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "pull-common.h"
+#include "pull-job.h"
+#include "pull-tar.h"
+#include "rm-rf.h"
+#include "string-util.h"
+#include "strv.h"
+#include "utf8.h"
+#include "util.h"
+#include "web-util.h"
+
+typedef enum TarProgress {
+        TAR_DOWNLOADING,
+        TAR_VERIFYING,
+        TAR_FINALIZING,
+        TAR_COPYING,
+} TarProgress;
+
+struct TarPull {
+        sd_event *event;
+        CurlGlue *glue;
+
+        char *image_root;
+
+        PullJob *tar_job;
+        PullJob *settings_job;
+        PullJob *checksum_job;
+        PullJob *signature_job;
+
+        TarPullFinished on_finished;
+        void *userdata;
+
+        char *local;
+        bool force_local;
+        bool grow_machine_directory;
+        bool settings;
+
+        pid_t tar_pid;
+
+        char *final_path;
+        char *temp_path;
+
+        char *settings_path;
+        char *settings_temp_path;
+
+        ImportVerify verify;
+};
+
+TarPull* tar_pull_unref(TarPull *i) {
+        if (!i)
+                return NULL;
+
+        if (i->tar_pid > 1) {
+                (void) kill_and_sigcont(i->tar_pid, SIGKILL);
+                (void) wait_for_terminate(i->tar_pid, NULL);
+        }
+
+        pull_job_unref(i->tar_job);
+        pull_job_unref(i->settings_job);
+        pull_job_unref(i->checksum_job);
+        pull_job_unref(i->signature_job);
+
+        curl_glue_unref(i->glue);
+        sd_event_unref(i->event);
+
+        if (i->temp_path) {
+                (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+                free(i->temp_path);
+        }
+
+        if (i->settings_temp_path) {
+                (void) unlink(i->settings_temp_path);
+                free(i->settings_temp_path);
+        }
+
+        free(i->final_path);
+        free(i->settings_path);
+        free(i->image_root);
+        free(i->local);
+        free(i);
+
+        return NULL;
+}
+
+int tar_pull_new(
+                TarPull **ret,
+                sd_event *event,
+                const char *image_root,
+                TarPullFinished on_finished,
+                void *userdata) {
+
+        _cleanup_(tar_pull_unrefp) TarPull *i = NULL;
+        int r;
+
+        assert(ret);
+
+        i = new0(TarPull, 1);
+        if (!i)
+                return -ENOMEM;
+
+        i->on_finished = on_finished;
+        i->userdata = userdata;
+
+        i->image_root = strdup(image_root ?: "/var/lib/machines");
+        if (!i->image_root)
+                return -ENOMEM;
+
+        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
+
+        if (event)
+                i->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&i->event);
+                if (r < 0)
+                        return r;
+        }
+
+        r = curl_glue_new(&i->glue, i->event);
+        if (r < 0)
+                return r;
+
+        i->glue->on_finished = pull_job_curl_on_finished;
+        i->glue->userdata = i;
+
+        *ret = i;
+        i = NULL;
+
+        return 0;
+}
+
+static void tar_pull_report_progress(TarPull *i, TarProgress p) {
+        unsigned percent;
+
+        assert(i);
+
+        switch (p) {
+
+        case TAR_DOWNLOADING: {
+                unsigned remain = 85;
+
+                percent = 0;
+
+                if (i->settings_job) {
+                        percent += i->settings_job->progress_percent * 5 / 100;
+                        remain -= 5;
+                }
+
+                if (i->checksum_job) {
+                        percent += i->checksum_job->progress_percent * 5 / 100;
+                        remain -= 5;
+                }
+
+                if (i->signature_job) {
+                        percent += i->signature_job->progress_percent * 5 / 100;
+                        remain -= 5;
+                }
+
+                if (i->tar_job)
+                        percent += i->tar_job->progress_percent * remain / 100;
+                break;
+        }
+
+        case TAR_VERIFYING:
+                percent = 85;
+                break;
+
+        case TAR_FINALIZING:
+                percent = 90;
+                break;
+
+        case TAR_COPYING:
+                percent = 95;
+                break;
+
+        default:
+                assert_not_reached("Unknown progress state");
+        }
+
+        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
+        log_debug("Combined progress %u%%", percent);
+}
+
+static int tar_pull_make_local_copy(TarPull *i) {
+        int r;
+
+        assert(i);
+        assert(i->tar_job);
+
+        if (!i->local)
+                return 0;
+
+        if (!i->final_path) {
+                r = pull_make_path(i->tar_job->url, i->tar_job->etag, i->image_root, ".tar-", NULL, &i->final_path);
+                if (r < 0)
+                        return log_oom();
+        }
+
+        r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
+        if (r < 0)
+                return r;
+
+        if (i->settings) {
+                const char *local_settings;
+                assert(i->settings_job);
+
+                if (!i->settings_path) {
+                        r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
+                        if (r < 0)
+                                return log_oom();
+                }
+
+                local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
+
+                r = copy_file_atomic(i->settings_path, local_settings, 0664, i->force_local, 0);
+                if (r == -EEXIST)
+                        log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
+                else if (r == -ENOENT)
+                        log_debug_errno(r, "Skipping creation of settings file, since none was found.");
+                else if (r < 0)
+                        log_warning_errno(r, "Failed to copy settings files %s, ignoring: %m", local_settings);
+                else
+                        log_info("Created new settings file %s.", local_settings);
+        }
+
+        return 0;
+}
+
+static bool tar_pull_is_done(TarPull *i) {
+        assert(i);
+        assert(i->tar_job);
+
+        if (!PULL_JOB_IS_COMPLETE(i->tar_job))
+                return false;
+        if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
+                return false;
+        if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
+                return false;
+        if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
+                return false;
+
+        return true;
+}
+
+static void tar_pull_job_on_finished(PullJob *j) {
+        TarPull *i;
+        int r;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+
+        if (j == i->settings_job) {
+                if (j->error != 0)
+                        log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
+        } else if (j->error != 0) {
+                if (j == i->checksum_job)
+                        log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
+                else if (j == i->signature_job)
+                        log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
+                else
+                        log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
+
+                r = j->error;
+                goto finish;
+        }
+
+        /* This is invoked if either the download completed
+         * successfully, or the download was skipped because we
+         * already have the etag. */
+
+        if (!tar_pull_is_done(i))
+                return;
+
+        i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd);
+        if (i->settings_job)
+                i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
+
+        if (i->tar_pid > 0) {
+                r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
+                i->tar_pid = 0;
+                if (r < 0)
+                        goto finish;
+                if (r > 0) {
+                        r = -EIO;
+                        goto finish;
+                }
+        }
+
+        if (!i->tar_job->etag_exists) {
+                /* This is a new download, verify it, and move it into place */
+
+                tar_pull_report_progress(i, TAR_VERIFYING);
+
+                r = pull_verify(i->tar_job, i->settings_job, i->checksum_job, i->signature_job);
+                if (r < 0)
+                        goto finish;
+
+                tar_pull_report_progress(i, TAR_FINALIZING);
+
+                r = import_make_read_only(i->temp_path);
+                if (r < 0)
+                        goto finish;
+
+                r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to rename to final image name: %m");
+                        goto finish;
+                }
+
+                i->temp_path = mfree(i->temp_path);
+
+                if (i->settings_job &&
+                    i->settings_job->error == 0 &&
+                    !i->settings_job->etag_exists) {
+
+                        assert(i->settings_temp_path);
+                        assert(i->settings_path);
+
+                        /* Also move the settings file into place, if
+                         * it exist. Note that we do so only if we
+                         * also moved the tar file in place, to keep
+                         * things strictly in sync. */
+
+                        r = import_make_read_only(i->settings_temp_path);
+                        if (r < 0)
+                                goto finish;
+
+                        r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to rename settings file: %m");
+                                goto finish;
+                        }
+
+                        i->settings_temp_path = mfree(i->settings_temp_path);
+                }
+        }
+
+        tar_pull_report_progress(i, TAR_COPYING);
+
+        r = tar_pull_make_local_copy(i);
+        if (r < 0)
+                goto finish;
+
+        r = 0;
+
+finish:
+        if (i->on_finished)
+                i->on_finished(i, r, i->userdata);
+        else
+                sd_event_exit(i->event, r);
+}
+
+static int tar_pull_job_on_open_disk_tar(PullJob *j) {
+        TarPull *i;
+        int r;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+        assert(i->tar_job == j);
+        assert(!i->final_path);
+        assert(!i->temp_path);
+        assert(i->tar_pid <= 0);
+
+        r = pull_make_path(j->url, j->etag, i->image_root, ".tar-", NULL, &i->final_path);
+        if (r < 0)
+                return log_oom();
+
+        r = tempfn_random(i->final_path, NULL, &i->temp_path);
+        if (r < 0)
+                return log_oom();
+
+        mkdir_parents_label(i->temp_path, 0700);
+
+        r = btrfs_subvol_make(i->temp_path);
+        if (r == -ENOTTY) {
+                if (mkdir(i->temp_path, 0755) < 0)
+                        return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
+        else
+                (void) import_assign_pool_quota_and_warn(i->temp_path);
+
+        j->disk_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);
+        if (j->disk_fd < 0)
+                return j->disk_fd;
+
+        return 0;
+}
+
+static int tar_pull_job_on_open_disk_settings(PullJob *j) {
+        TarPull *i;
+        int r;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+        assert(i->settings_job == j);
+        assert(!i->settings_path);
+        assert(!i->settings_temp_path);
+
+        r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
+        if (r < 0)
+                return log_oom();
+
+        r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
+        if (r < 0)
+                return log_oom();
+
+        mkdir_parents_label(i->settings_temp_path, 0700);
+
+        j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
+        if (j->disk_fd < 0)
+                return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
+
+        return 0;
+}
+
+static void tar_pull_job_on_progress(PullJob *j) {
+        TarPull *i;
+
+        assert(j);
+        assert(j->userdata);
+
+        i = j->userdata;
+
+        tar_pull_report_progress(i, TAR_DOWNLOADING);
+}
+
+int tar_pull_start(
+                TarPull *i,
+                const char *url,
+                const char *local,
+                bool force_local,
+                ImportVerify verify,
+                bool settings) {
+
+        int r;
+
+        assert(i);
+        assert(verify < _IMPORT_VERIFY_MAX);
+        assert(verify >= 0);
+
+        if (!http_url_is_valid(url))
+                return -EINVAL;
+
+        if (local && !machine_name_is_valid(local))
+                return -EINVAL;
+
+        if (i->tar_job)
+                return -EBUSY;
+
+        r = free_and_strdup(&i->local, local);
+        if (r < 0)
+                return r;
+
+        i->force_local = force_local;
+        i->verify = verify;
+        i->settings = settings;
+
+        /* Set up download job for TAR file */
+        r = pull_job_new(&i->tar_job, url, i->glue, i);
+        if (r < 0)
+                return r;
+
+        i->tar_job->on_finished = tar_pull_job_on_finished;
+        i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar;
+        i->tar_job->on_progress = tar_pull_job_on_progress;
+        i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO;
+        i->tar_job->grow_machine_directory = i->grow_machine_directory;
+
+        r = pull_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags);
+        if (r < 0)
+                return r;
+
+        /* Set up download job for the settings file (.nspawn) */
+        if (settings) {
+                r = pull_make_settings_job(&i->settings_job, url, i->glue, tar_pull_job_on_finished, i);
+                if (r < 0)
+                        return r;
+
+                i->settings_job->on_open_disk = tar_pull_job_on_open_disk_settings;
+                i->settings_job->on_progress = tar_pull_job_on_progress;
+                i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
+
+                r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
+                if (r < 0)
+                        return r;
+        }
+
+        /* Set up download of checksum/signature files */
+        r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
+        if (r < 0)
+                return r;
+
+        r = pull_job_begin(i->tar_job);
+        if (r < 0)
+                return r;
+
+        if (i->settings_job) {
+                r = pull_job_begin(i->settings_job);
+                if (r < 0)
+                        return r;
+        }
+
+        if (i->checksum_job) {
+                i->checksum_job->on_progress = tar_pull_job_on_progress;
+
+                r = pull_job_begin(i->checksum_job);
+                if (r < 0)
+                        return r;
+        }
+
+        if (i->signature_job) {
+                i->signature_job->on_progress = tar_pull_job_on_progress;
+
+                r = pull_job_begin(i->signature_job);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
diff --git a/src/grp-import/systemd-pull/pull-tar.h b/src/grp-import/systemd-pull/pull-tar.h
new file mode 100644
index 0000000000..9ff5bd5953
--- /dev/null
+++ b/src/grp-import/systemd-pull/pull-tar.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "import-util.h"
+#include "macro.h"
+
+typedef struct TarPull TarPull;
+
+typedef void (*TarPullFinished)(TarPull *pull, int error, void *userdata);
+
+int tar_pull_new(TarPull **pull, sd_event *event, const char *image_root, TarPullFinished on_finished, void *userdata);
+TarPull* tar_pull_unref(TarPull *pull);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(TarPull*, tar_pull_unref);
+
+int tar_pull_start(TarPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings);
diff --git a/src/grp-import/systemd-pull/pull.c b/src/grp-import/systemd-pull/pull.c
new file mode 100644
index 0000000000..74df24f993
--- /dev/null
+++ b/src/grp-import/systemd-pull/pull.c
@@ -0,0 +1,337 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "hostname-util.h"
+#include "import-util.h"
+#include "machine-image.h"
+#include "parse-util.h"
+#include "pull-raw.h"
+#include "pull-tar.h"
+#include "signal-util.h"
+#include "string-util.h"
+#include "verbs.h"
+#include "web-util.h"
+
+static bool arg_force = false;
+static const char *arg_image_root = "/var/lib/machines";
+static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
+static bool arg_settings = true;
+
+static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        log_notice("Transfer aborted.");
+        sd_event_exit(sd_event_source_get_event(s), EINTR);
+        return 0;
+}
+
+static void on_tar_finished(TarPull *pull, int error, void *userdata) {
+        sd_event *event = userdata;
+        assert(pull);
+
+        if (error == 0)
+                log_info("Operation completed successfully.");
+
+        sd_event_exit(event, abs(error));
+}
+
+static int pull_tar(int argc, char *argv[], void *userdata) {
+        _cleanup_(tar_pull_unrefp) TarPull *pull = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        const char *url, *local;
+        _cleanup_free_ char *l = NULL, *ll = NULL;
+        int r;
+
+        url = argv[1];
+        if (!http_url_is_valid(url)) {
+                log_error("URL '%s' is not valid.", url);
+                return -EINVAL;
+        }
+
+        if (argc >= 3)
+                local = argv[2];
+        else {
+                r = import_url_last_component(url, &l);
+                if (r < 0)
+                        return log_error_errno(r, "Failed get final component of URL: %m");
+
+                local = l;
+        }
+
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (local) {
+                r = tar_strip_suffixes(local, &ll);
+                if (r < 0)
+                        return log_oom();
+
+                local = ll;
+
+                if (!machine_name_is_valid(local)) {
+                        log_error("Local image name '%s' is not valid.", local);
+                        return -EINVAL;
+                }
+
+                if (!arg_force) {
+                        r = image_find(local, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
+                        else if (r > 0) {
+                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
+                                return -EEXIST;
+                        }
+                }
+
+                log_info("Pulling '%s', saving as '%s'.", url, local);
+        } else
+                log_info("Pulling '%s'.", url);
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event loop: %m");
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
+        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
+
+        r = tar_pull_new(&pull, event, arg_image_root, on_tar_finished, event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate puller: %m");
+
+        r = tar_pull_start(pull, url, local, arg_force, arg_verify, arg_settings);
+        if (r < 0)
+                return log_error_errno(r, "Failed to pull image: %m");
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        log_info("Exiting.");
+        return -r;
+}
+
+static void on_raw_finished(RawPull *pull, int error, void *userdata) {
+        sd_event *event = userdata;
+        assert(pull);
+
+        if (error == 0)
+                log_info("Operation completed successfully.");
+
+        sd_event_exit(event, abs(error));
+}
+
+static int pull_raw(int argc, char *argv[], void *userdata) {
+        _cleanup_(raw_pull_unrefp) RawPull *pull = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        const char *url, *local;
+        _cleanup_free_ char *l = NULL, *ll = NULL;
+        int r;
+
+        url = argv[1];
+        if (!http_url_is_valid(url)) {
+                log_error("URL '%s' is not valid.", url);
+                return -EINVAL;
+        }
+
+        if (argc >= 3)
+                local = argv[2];
+        else {
+                r = import_url_last_component(url, &l);
+                if (r < 0)
+                        return log_error_errno(r, "Failed get final component of URL: %m");
+
+                local = l;
+        }
+
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (local) {
+                r = raw_strip_suffixes(local, &ll);
+                if (r < 0)
+                        return log_oom();
+
+                local = ll;
+
+                if (!machine_name_is_valid(local)) {
+                        log_error("Local image name '%s' is not valid.", local);
+                        return -EINVAL;
+                }
+
+                if (!arg_force) {
+                        r = image_find(local, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
+                        else if (r > 0) {
+                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
+                                return -EEXIST;
+                        }
+                }
+
+                log_info("Pulling '%s', saving as '%s'.", url, local);
+        } else
+                log_info("Pulling '%s'.", url);
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event loop: %m");
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
+        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
+
+        r = raw_pull_new(&pull, event, arg_image_root, on_raw_finished, event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate puller: %m");
+
+        r = raw_pull_start(pull, url, local, arg_force, arg_verify, arg_settings);
+        if (r < 0)
+                return log_error_errno(r, "Failed to pull image: %m");
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        log_info("Exiting.");
+        return -r;
+}
+
+static int help(int argc, char *argv[], void *userdata) {
+
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Download container or virtual machine images.\n\n"
+               "  -h --help                   Show this help\n"
+               "     --version                Show package version\n"
+               "     --force                  Force creation of image\n"
+               "     --verify=MODE            Verify downloaded image, one of: 'no',\n"
+               "                              'checksum', 'signature'\n"
+               "     --settings=BOOL          Download settings file with image\n"
+               "     --image-root=PATH        Image root directory\n\n"
+               "Commands:\n"
+               "  tar URL [NAME]              Download a TAR image\n"
+               "  raw URL [NAME]              Download a RAW image\n",
+               program_invocation_short_name);
+
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_FORCE,
+                ARG_IMAGE_ROOT,
+                ARG_VERIFY,
+                ARG_SETTINGS,
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'                 },
+                { "version",         no_argument,       NULL, ARG_VERSION         },
+                { "force",           no_argument,       NULL, ARG_FORCE           },
+                { "image-root",      required_argument, NULL, ARG_IMAGE_ROOT      },
+                { "verify",          required_argument, NULL, ARG_VERIFY          },
+                { "settings",        required_argument, NULL, ARG_SETTINGS        },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        return help(0, NULL, NULL);
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_FORCE:
+                        arg_force = true;
+                        break;
+
+                case ARG_IMAGE_ROOT:
+                        arg_image_root = optarg;
+                        break;
+
+                case ARG_VERIFY:
+                        arg_verify = import_verify_from_string(optarg);
+                        if (arg_verify < 0) {
+                                log_error("Invalid verification setting '%s'", optarg);
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case ARG_SETTINGS:
+                        r = parse_boolean(optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --settings= parameter '%s'", optarg);
+
+                        arg_settings = r;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int pull_main(int argc, char *argv[]) {
+
+        static const Verb verbs[] = {
+                { "help", VERB_ANY, VERB_ANY, 0, help     },
+                { "tar",  2,        3,        0, pull_tar },
+                { "raw",  2,        3,        0, pull_raw },
+                {}
+        };
+
+        return dispatch_verb(argc, argv, verbs, NULL);
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        (void) ignore_signals(SIGPIPE, -1);
+
+        r = pull_main(argc, argv);
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/import/test-qcow2.c b/src/grp-import/test-qcow2.c
index b820253d71..b820253d71 100644
--- a/src/import/test-qcow2.c
+++ b/src/grp-import/test-qcow2.c
diff --git a/src/journal-remote/.gitignore b/src/grp-journal-remote/.gitignore
index 06847b65d4..06847b65d4 100644
--- a/src/journal-remote/.gitignore
+++ b/src/grp-journal-remote/.gitignore
diff --git a/src/grp-journal-remote/Makefile b/src/grp-journal-remote/Makefile
new file mode 100644
index 0000000000..7885bea0fc
--- /dev/null
+++ b/src/grp-journal-remote/Makefile
@@ -0,0 +1,30 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += systemd-journa-gatewayd
+at.subdirs += systemd-journa-remote
+at.subdirs += systemd-journa-upload
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/journal-remote/browse.html b/src/grp-journal-remote/browse.html
index 32848c7673..32848c7673 100644
--- a/src/journal-remote/browse.html
+++ b/src/grp-journal-remote/browse.html
diff --git a/src/journal-remote/log-generator.py b/src/grp-journal-remote/log-generator.py
index fd6964e758..fd6964e758 100755
--- a/src/journal-remote/log-generator.py
+++ b/src/grp-journal-remote/log-generator.py
diff --git a/src/journal-remote/microhttpd-util.c b/src/grp-journal-remote/microhttpd-util.c
index c65c43186f..c65c43186f 100644
--- a/src/journal-remote/microhttpd-util.c
+++ b/src/grp-journal-remote/microhttpd-util.c
diff --git a/src/journal-remote/microhttpd-util.h b/src/grp-journal-remote/microhttpd-util.h
index ea160f212b..ea160f212b 100644
--- a/src/journal-remote/microhttpd-util.h
+++ b/src/grp-journal-remote/microhttpd-util.h
diff --git a/src/grp-journal-remote/systemd-journal-gatewayd/Makefile b/src/grp-journal-remote/systemd-journal-gatewayd/Makefile
new file mode 100644
index 0000000000..05df34a71d
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-gatewayd/Makefile
@@ -0,0 +1,68 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_MICROHTTPD),)
+gatewayddocumentrootdir=$(pkgdatadir)/gatewayd
+
+rootlibexec_PROGRAMS += \
+	systemd-journal-gatewayd
+
+systemd_journal_gatewayd_SOURCES = \
+	src/journal-remote/journal-gatewayd.c \
+	src/journal-remote/microhttpd-util.h \
+	src/journal-remote/microhttpd-util.c
+
+systemd_journal_gatewayd_LDADD = \
+	libshared.la \
+	$(MICROHTTPD_LIBS)
+
+ifneq ($(HAVE_GNUTLS),)
+systemd_journal_gatewayd_LDADD += \
+	$(GNUTLS_LIBS)
+endif # HAVE_GNUTLS
+
+systemd_journal_gatewayd_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(MICROHTTPD_CFLAGS)
+
+systemd_journal_gatewayd_CPPFLAGS = \
+	$(AM_CPPFLAGS) \
+	-DDOCUMENT_ROOT=\"$(gatewayddocumentrootdir)\"
+
+dist_systemunit_DATA += \
+	units/systemd-journal-gatewayd.socket
+
+nodist_systemunit_DATA += \
+	units/systemd-journal-gatewayd.service
+
+dist_gatewayddocumentroot_DATA = \
+	src/journal-remote/browse.html
+
+endif # HAVE_MICROHTTPD
+
+EXTRA_DIST += \
+	units/systemd-journal-gatewayd.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-journal-remote/systemd-journal-gatewayd/journal-gatewayd.c b/src/grp-journal-remote/systemd-journal-gatewayd/journal-gatewayd.c
new file mode 100644
index 0000000000..1cfb5e2c9c
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-gatewayd/journal-gatewayd.c
@@ -0,0 +1,1077 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <getopt.h>
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
+#include <microhttpd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "bus-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "hostname-util.h"
+#include "log.h"
+#include "logs-show.h"
+#include "microhttpd-util.h"
+#include "parse-util.h"
+#include "sigbus.h"
+#include "util.h"
+
+#define JOURNAL_WAIT_TIMEOUT (10*USEC_PER_SEC)
+
+static char *arg_key_pem = NULL;
+static char *arg_cert_pem = NULL;
+static char *arg_trust_pem = NULL;
+
+typedef struct RequestMeta {
+        sd_journal *journal;
+
+        OutputMode mode;
+
+        char *cursor;
+        int64_t n_skip;
+        uint64_t n_entries;
+        bool n_entries_set;
+
+        FILE *tmp;
+        uint64_t delta, size;
+
+        int argument_parse_error;
+
+        bool follow;
+        bool discrete;
+
+        uint64_t n_fields;
+        bool n_fields_set;
+} RequestMeta;
+
+static const char* const mime_types[_OUTPUT_MODE_MAX] = {
+        [OUTPUT_SHORT] = "text/plain",
+        [OUTPUT_JSON] = "application/json",
+        [OUTPUT_JSON_SSE] = "text/event-stream",
+        [OUTPUT_EXPORT] = "application/vnd.fdo.journal",
+};
+
+static RequestMeta *request_meta(void **connection_cls) {
+        RequestMeta *m;
+
+        assert(connection_cls);
+        if (*connection_cls)
+                return *connection_cls;
+
+        m = new0(RequestMeta, 1);
+        if (!m)
+                return NULL;
+
+        *connection_cls = m;
+        return m;
+}
+
+static void request_meta_free(
+                void *cls,
+                struct MHD_Connection *connection,
+                void **connection_cls,
+                enum MHD_RequestTerminationCode toe) {
+
+        RequestMeta *m = *connection_cls;
+
+        if (!m)
+                return;
+
+        sd_journal_close(m->journal);
+
+        safe_fclose(m->tmp);
+
+        free(m->cursor);
+        free(m);
+}
+
+static int open_journal(RequestMeta *m) {
+        assert(m);
+
+        if (m->journal)
+                return 0;
+
+        return sd_journal_open(&m->journal, SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM);
+}
+
+static int request_meta_ensure_tmp(RequestMeta *m) {
+        assert(m);
+
+        if (m->tmp)
+                rewind(m->tmp);
+        else {
+                int fd;
+
+                fd = open_tmpfile_unlinkable("/tmp", O_RDWR|O_CLOEXEC);
+                if (fd < 0)
+                        return fd;
+
+                m->tmp = fdopen(fd, "w+");
+                if (!m->tmp) {
+                        safe_close(fd);
+                        return -errno;
+                }
+        }
+
+        return 0;
+}
+
+static ssize_t request_reader_entries(
+                void *cls,
+                uint64_t pos,
+                char *buf,
+                size_t max) {
+
+        RequestMeta *m = cls;
+        int r;
+        size_t n, k;
+
+        assert(m);
+        assert(buf);
+        assert(max > 0);
+        assert(pos >= m->delta);
+
+        pos -= m->delta;
+
+        while (pos >= m->size) {
+                off_t sz;
+
+                /* End of this entry, so let's serialize the next
+                 * one */
+
+                if (m->n_entries_set &&
+                    m->n_entries <= 0)
+                        return MHD_CONTENT_READER_END_OF_STREAM;
+
+                if (m->n_skip < 0)
+                        r = sd_journal_previous_skip(m->journal, (uint64_t) -m->n_skip + 1);
+                else if (m->n_skip > 0)
+                        r = sd_journal_next_skip(m->journal, (uint64_t) m->n_skip + 1);
+                else
+                        r = sd_journal_next(m->journal);
+
+                if (r < 0) {
+                        log_error_errno(r, "Failed to advance journal pointer: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                } else if (r == 0) {
+
+                        if (m->follow) {
+                                r = sd_journal_wait(m->journal, (uint64_t) JOURNAL_WAIT_TIMEOUT);
+                                if (r < 0) {
+                                        log_error_errno(r, "Couldn't wait for journal event: %m");
+                                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                                }
+                                if (r == SD_JOURNAL_NOP)
+                                        break;
+
+                                continue;
+                        }
+
+                        return MHD_CONTENT_READER_END_OF_STREAM;
+                }
+
+                if (m->discrete) {
+                        assert(m->cursor);
+
+                        r = sd_journal_test_cursor(m->journal, m->cursor);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to test cursor: %m");
+                                return MHD_CONTENT_READER_END_WITH_ERROR;
+                        }
+
+                        if (r == 0)
+                                return MHD_CONTENT_READER_END_OF_STREAM;
+                }
+
+                pos -= m->size;
+                m->delta += m->size;
+
+                if (m->n_entries_set)
+                        m->n_entries -= 1;
+
+                m->n_skip = 0;
+
+                r = request_meta_ensure_tmp(m);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to create temporary file: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                }
+
+                r = output_journal(m->tmp, m->journal, m->mode, 0, OUTPUT_FULL_WIDTH, NULL);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to serialize item: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                }
+
+                sz = ftello(m->tmp);
+                if (sz == (off_t) -1) {
+                        log_error_errno(errno, "Failed to retrieve file position: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                }
+
+                m->size = (uint64_t) sz;
+        }
+
+        if (fseeko(m->tmp, pos, SEEK_SET) < 0) {
+                log_error_errno(errno, "Failed to seek to position: %m");
+                return MHD_CONTENT_READER_END_WITH_ERROR;
+        }
+
+        n = m->size - pos;
+        if (n < 1)
+                return 0;
+        if (n > max)
+                n = max;
+
+        errno = 0;
+        k = fread(buf, 1, n, m->tmp);
+        if (k != n) {
+                log_error("Failed to read from file: %s", errno ? strerror(errno) : "Premature EOF");
+                return MHD_CONTENT_READER_END_WITH_ERROR;
+        }
+
+        return (ssize_t) k;
+}
+
+static int request_parse_accept(
+                RequestMeta *m,
+                struct MHD_Connection *connection) {
+
+        const char *header;
+
+        assert(m);
+        assert(connection);
+
+        header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Accept");
+        if (!header)
+                return 0;
+
+        if (streq(header, mime_types[OUTPUT_JSON]))
+                m->mode = OUTPUT_JSON;
+        else if (streq(header, mime_types[OUTPUT_JSON_SSE]))
+                m->mode = OUTPUT_JSON_SSE;
+        else if (streq(header, mime_types[OUTPUT_EXPORT]))
+                m->mode = OUTPUT_EXPORT;
+        else
+                m->mode = OUTPUT_SHORT;
+
+        return 0;
+}
+
+static int request_parse_range(
+                RequestMeta *m,
+                struct MHD_Connection *connection) {
+
+        const char *range, *colon, *colon2;
+        int r;
+
+        assert(m);
+        assert(connection);
+
+        range = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Range");
+        if (!range)
+                return 0;
+
+        if (!startswith(range, "entries="))
+                return 0;
+
+        range += 8;
+        range += strspn(range, WHITESPACE);
+
+        colon = strchr(range, ':');
+        if (!colon)
+                m->cursor = strdup(range);
+        else {
+                const char *p;
+
+                colon2 = strchr(colon + 1, ':');
+                if (colon2) {
+                        _cleanup_free_ char *t;
+
+                        t = strndup(colon + 1, colon2 - colon - 1);
+                        if (!t)
+                                return -ENOMEM;
+
+                        r = safe_atoi64(t, &m->n_skip);
+                        if (r < 0)
+                                return r;
+                }
+
+                p = (colon2 ? colon2 : colon) + 1;
+                if (*p) {
+                        r = safe_atou64(p, &m->n_entries);
+                        if (r < 0)
+                                return r;
+
+                        if (m->n_entries <= 0)
+                                return -EINVAL;
+
+                        m->n_entries_set = true;
+                }
+
+                m->cursor = strndup(range, colon - range);
+        }
+
+        if (!m->cursor)
+                return -ENOMEM;
+
+        m->cursor[strcspn(m->cursor, WHITESPACE)] = 0;
+        if (isempty(m->cursor))
+                m->cursor = mfree(m->cursor);
+
+        return 0;
+}
+
+static int request_parse_arguments_iterator(
+                void *cls,
+                enum MHD_ValueKind kind,
+                const char *key,
+                const char *value) {
+
+        RequestMeta *m = cls;
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        assert(m);
+
+        if (isempty(key)) {
+                m->argument_parse_error = -EINVAL;
+                return MHD_NO;
+        }
+
+        if (streq(key, "follow")) {
+                if (isempty(value)) {
+                        m->follow = true;
+                        return MHD_YES;
+                }
+
+                r = parse_boolean(value);
+                if (r < 0) {
+                        m->argument_parse_error = r;
+                        return MHD_NO;
+                }
+
+                m->follow = r;
+                return MHD_YES;
+        }
+
+        if (streq(key, "discrete")) {
+                if (isempty(value)) {
+                        m->discrete = true;
+                        return MHD_YES;
+                }
+
+                r = parse_boolean(value);
+                if (r < 0) {
+                        m->argument_parse_error = r;
+                        return MHD_NO;
+                }
+
+                m->discrete = r;
+                return MHD_YES;
+        }
+
+        if (streq(key, "boot")) {
+                if (isempty(value))
+                        r = true;
+                else {
+                        r = parse_boolean(value);
+                        if (r < 0) {
+                                m->argument_parse_error = r;
+                                return MHD_NO;
+                        }
+                }
+
+                if (r) {
+                        char match[9 + 32 + 1] = "_BOOT_ID=";
+                        sd_id128_t bid;
+
+                        r = sd_id128_get_boot(&bid);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to get boot ID: %m");
+                                return MHD_NO;
+                        }
+
+                        sd_id128_to_string(bid, match + 9);
+                        r = sd_journal_add_match(m->journal, match, sizeof(match)-1);
+                        if (r < 0) {
+                                m->argument_parse_error = r;
+                                return MHD_NO;
+                        }
+                }
+
+                return MHD_YES;
+        }
+
+        p = strjoin(key, "=", strempty(value), NULL);
+        if (!p) {
+                m->argument_parse_error = log_oom();
+                return MHD_NO;
+        }
+
+        r = sd_journal_add_match(m->journal, p, 0);
+        if (r < 0) {
+                m->argument_parse_error = r;
+                return MHD_NO;
+        }
+
+        return MHD_YES;
+}
+
+static int request_parse_arguments(
+                RequestMeta *m,
+                struct MHD_Connection *connection) {
+
+        assert(m);
+        assert(connection);
+
+        m->argument_parse_error = 0;
+        MHD_get_connection_values(connection, MHD_GET_ARGUMENT_KIND, request_parse_arguments_iterator, m);
+
+        return m->argument_parse_error;
+}
+
+static int request_handler_entries(
+                struct MHD_Connection *connection,
+                void *connection_cls) {
+
+        struct MHD_Response *response;
+        RequestMeta *m = connection_cls;
+        int r;
+
+        assert(connection);
+        assert(m);
+
+        r = open_journal(m);
+        if (r < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to open journal: %s\n", strerror(-r));
+
+        if (request_parse_accept(m, connection) < 0)
+                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse Accept header.\n");
+
+        if (request_parse_range(m, connection) < 0)
+                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse Range header.\n");
+
+        if (request_parse_arguments(m, connection) < 0)
+                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse URL arguments.\n");
+
+        if (m->discrete) {
+                if (!m->cursor)
+                        return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Discrete seeks require a cursor specification.\n");
+
+                m->n_entries = 1;
+                m->n_entries_set = true;
+        }
+
+        if (m->cursor)
+                r = sd_journal_seek_cursor(m->journal, m->cursor);
+        else if (m->n_skip >= 0)
+                r = sd_journal_seek_head(m->journal);
+        else if (m->n_skip < 0)
+                r = sd_journal_seek_tail(m->journal);
+        if (r < 0)
+                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to seek in journal.\n");
+
+        response = MHD_create_response_from_callback(MHD_SIZE_UNKNOWN, 4*1024, request_reader_entries, m, NULL);
+        if (!response)
+                return respond_oom(connection);
+
+        MHD_add_response_header(response, "Content-Type", mime_types[m->mode]);
+
+        r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+        MHD_destroy_response(response);
+
+        return r;
+}
+
+static int output_field(FILE *f, OutputMode m, const char *d, size_t l) {
+        const char *eq;
+        size_t j;
+
+        eq = memchr(d, '=', l);
+        if (!eq)
+                return -EINVAL;
+
+        j = l - (eq - d + 1);
+
+        if (m == OUTPUT_JSON) {
+                fprintf(f, "{ \"%.*s\" : ", (int) (eq - d), d);
+                json_escape(f, eq+1, j, OUTPUT_FULL_WIDTH);
+                fputs(" }\n", f);
+        } else {
+                fwrite(eq+1, 1, j, f);
+                fputc('\n', f);
+        }
+
+        return 0;
+}
+
+static ssize_t request_reader_fields(
+                void *cls,
+                uint64_t pos,
+                char *buf,
+                size_t max) {
+
+        RequestMeta *m = cls;
+        int r;
+        size_t n, k;
+
+        assert(m);
+        assert(buf);
+        assert(max > 0);
+        assert(pos >= m->delta);
+
+        pos -= m->delta;
+
+        while (pos >= m->size) {
+                off_t sz;
+                const void *d;
+                size_t l;
+
+                /* End of this field, so let's serialize the next
+                 * one */
+
+                if (m->n_fields_set &&
+                    m->n_fields <= 0)
+                        return MHD_CONTENT_READER_END_OF_STREAM;
+
+                r = sd_journal_enumerate_unique(m->journal, &d, &l);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to advance field index: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                } else if (r == 0)
+                        return MHD_CONTENT_READER_END_OF_STREAM;
+
+                pos -= m->size;
+                m->delta += m->size;
+
+                if (m->n_fields_set)
+                        m->n_fields -= 1;
+
+                r = request_meta_ensure_tmp(m);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to create temporary file: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                }
+
+                r = output_field(m->tmp, m->mode, d, l);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to serialize item: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                }
+
+                sz = ftello(m->tmp);
+                if (sz == (off_t) -1) {
+                        log_error_errno(errno, "Failed to retrieve file position: %m");
+                        return MHD_CONTENT_READER_END_WITH_ERROR;
+                }
+
+                m->size = (uint64_t) sz;
+        }
+
+        if (fseeko(m->tmp, pos, SEEK_SET) < 0) {
+                log_error_errno(errno, "Failed to seek to position: %m");
+                return MHD_CONTENT_READER_END_WITH_ERROR;
+        }
+
+        n = m->size - pos;
+        if (n > max)
+                n = max;
+
+        errno = 0;
+        k = fread(buf, 1, n, m->tmp);
+        if (k != n) {
+                log_error("Failed to read from file: %s", errno ? strerror(errno) : "Premature EOF");
+                return MHD_CONTENT_READER_END_WITH_ERROR;
+        }
+
+        return (ssize_t) k;
+}
+
+static int request_handler_fields(
+                struct MHD_Connection *connection,
+                const char *field,
+                void *connection_cls) {
+
+        struct MHD_Response *response;
+        RequestMeta *m = connection_cls;
+        int r;
+
+        assert(connection);
+        assert(m);
+
+        r = open_journal(m);
+        if (r < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to open journal: %s\n", strerror(-r));
+
+        if (request_parse_accept(m, connection) < 0)
+                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse Accept header.\n");
+
+        r = sd_journal_query_unique(m->journal, field);
+        if (r < 0)
+                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to query unique fields.\n");
+
+        response = MHD_create_response_from_callback(MHD_SIZE_UNKNOWN, 4*1024, request_reader_fields, m, NULL);
+        if (!response)
+                return respond_oom(connection);
+
+        MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]);
+
+        r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+        MHD_destroy_response(response);
+
+        return r;
+}
+
+static int request_handler_redirect(
+                struct MHD_Connection *connection,
+                const char *target) {
+
+        char *page;
+        struct MHD_Response *response;
+        int ret;
+
+        assert(connection);
+        assert(target);
+
+        if (asprintf(&page, "<html><body>Please continue to the <a href=\"%s\">journal browser</a>.</body></html>", target) < 0)
+                return respond_oom(connection);
+
+        response = MHD_create_response_from_buffer(strlen(page), page, MHD_RESPMEM_MUST_FREE);
+        if (!response) {
+                free(page);
+                return respond_oom(connection);
+        }
+
+        MHD_add_response_header(response, "Content-Type", "text/html");
+        MHD_add_response_header(response, "Location", target);
+
+        ret = MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
+        MHD_destroy_response(response);
+
+        return ret;
+}
+
+static int request_handler_file(
+                struct MHD_Connection *connection,
+                const char *path,
+                const char *mime_type) {
+
+        struct MHD_Response *response;
+        int ret;
+        _cleanup_close_ int fd = -1;
+        struct stat st;
+
+        assert(connection);
+        assert(path);
+        assert(mime_type);
+
+        fd = open(path, O_RDONLY|O_CLOEXEC);
+        if (fd < 0)
+                return mhd_respondf(connection, MHD_HTTP_NOT_FOUND, "Failed to open file %s: %m\n", path);
+
+        if (fstat(fd, &st) < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to stat file: %m\n");
+
+        response = MHD_create_response_from_fd_at_offset64(st.st_size, fd, 0);
+        if (!response)
+                return respond_oom(connection);
+
+        fd = -1;
+
+        MHD_add_response_header(response, "Content-Type", mime_type);
+
+        ret = MHD_queue_response(connection, MHD_HTTP_OK, response);
+        MHD_destroy_response(response);
+
+        return ret;
+}
+
+static int get_virtualization(char **v) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        char *b = NULL;
+        int r;
+
+        r = sd_bus_default_system(&bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_get_property_string(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "Virtualization",
+                        NULL,
+                        &b);
+        if (r < 0)
+                return r;
+
+        if (isempty(b)) {
+                free(b);
+                *v = NULL;
+                return 0;
+        }
+
+        *v = b;
+        return 1;
+}
+
+static int request_handler_machine(
+                struct MHD_Connection *connection,
+                void *connection_cls) {
+
+        struct MHD_Response *response;
+        RequestMeta *m = connection_cls;
+        int r;
+        _cleanup_free_ char* hostname = NULL, *os_name = NULL;
+        uint64_t cutoff_from = 0, cutoff_to = 0, usage = 0;
+        char *json;
+        sd_id128_t mid, bid;
+        _cleanup_free_ char *v = NULL;
+
+        assert(connection);
+        assert(m);
+
+        r = open_journal(m);
+        if (r < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to open journal: %s\n", strerror(-r));
+
+        r = sd_id128_get_machine(&mid);
+        if (r < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine machine ID: %s\n", strerror(-r));
+
+        r = sd_id128_get_boot(&bid);
+        if (r < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine boot ID: %s\n", strerror(-r));
+
+        hostname = gethostname_malloc();
+        if (!hostname)
+                return respond_oom(connection);
+
+        r = sd_journal_get_usage(m->journal, &usage);
+        if (r < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine disk usage: %s\n", strerror(-r));
+
+        r = sd_journal_get_cutoff_realtime_usec(m->journal, &cutoff_from, &cutoff_to);
+        if (r < 0)
+                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine disk usage: %s\n", strerror(-r));
+
+        if (parse_env_file("/etc/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL) == -ENOENT)
+                (void) parse_env_file("/usr/lib/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL);
+
+        get_virtualization(&v);
+
+        r = asprintf(&json,
+                     "{ \"machine_id\" : \"" SD_ID128_FORMAT_STR "\","
+                     "\"boot_id\" : \"" SD_ID128_FORMAT_STR "\","
+                     "\"hostname\" : \"%s\","
+                     "\"os_pretty_name\" : \"%s\","
+                     "\"virtualization\" : \"%s\","
+                     "\"usage\" : \"%"PRIu64"\","
+                     "\"cutoff_from_realtime\" : \"%"PRIu64"\","
+                     "\"cutoff_to_realtime\" : \"%"PRIu64"\" }\n",
+                     SD_ID128_FORMAT_VAL(mid),
+                     SD_ID128_FORMAT_VAL(bid),
+                     hostname_cleanup(hostname),
+                     os_name ? os_name : "GNU/Linux",
+                     v ? v : "bare",
+                     usage,
+                     cutoff_from,
+                     cutoff_to);
+
+        if (r < 0)
+                return respond_oom(connection);
+
+        response = MHD_create_response_from_buffer(strlen(json), json, MHD_RESPMEM_MUST_FREE);
+        if (!response) {
+                free(json);
+                return respond_oom(connection);
+        }
+
+        MHD_add_response_header(response, "Content-Type", "application/json");
+        r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+        MHD_destroy_response(response);
+
+        return r;
+}
+
+static int request_handler(
+                void *cls,
+                struct MHD_Connection *connection,
+                const char *url,
+                const char *method,
+                const char *version,
+                const char *upload_data,
+                size_t *upload_data_size,
+                void **connection_cls) {
+        int r, code;
+
+        assert(connection);
+        assert(connection_cls);
+        assert(url);
+        assert(method);
+
+        if (!streq(method, "GET"))
+                return mhd_respond(connection, MHD_HTTP_NOT_ACCEPTABLE,
+                                   "Unsupported method.\n");
+
+
+        if (!*connection_cls) {
+                if (!request_meta(connection_cls))
+                        return respond_oom(connection);
+                return MHD_YES;
+        }
+
+        if (arg_trust_pem) {
+                r = check_permissions(connection, &code, NULL);
+                if (r < 0)
+                        return code;
+        }
+
+        if (streq(url, "/"))
+                return request_handler_redirect(connection, "/browse");
+
+        if (streq(url, "/entries"))
+                return request_handler_entries(connection, *connection_cls);
+
+        if (startswith(url, "/fields/"))
+                return request_handler_fields(connection, url + 8, *connection_cls);
+
+        if (streq(url, "/browse"))
+                return request_handler_file(connection, DOCUMENT_ROOT "/browse.html", "text/html");
+
+        if (streq(url, "/machine"))
+                return request_handler_machine(connection, *connection_cls);
+
+        return mhd_respond(connection, MHD_HTTP_NOT_FOUND, "Not found.\n");
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] ...\n\n"
+               "HTTP server for journal events.\n\n"
+               "  -h --help           Show this help\n"
+               "     --version        Show package version\n"
+               "     --cert=CERT.PEM  Server certificate in PEM format\n"
+               "     --key=KEY.PEM    Server key in PEM format\n"
+               "     --trust=CERT.PEM Certificat authority certificate in PEM format\n",
+               program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_KEY,
+                ARG_CERT,
+                ARG_TRUST,
+        };
+
+        int r, c;
+
+        static const struct option options[] = {
+                { "help",    no_argument,       NULL, 'h'         },
+                { "version", no_argument,       NULL, ARG_VERSION },
+                { "key",     required_argument, NULL, ARG_KEY     },
+                { "cert",    required_argument, NULL, ARG_CERT    },
+                { "trust",   required_argument, NULL, ARG_TRUST   },
+                {}
+        };
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
+                switch(c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_KEY:
+                        if (arg_key_pem) {
+                                log_error("Key file specified twice");
+                                return -EINVAL;
+                        }
+                        r = read_full_file(optarg, &arg_key_pem, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to read key file: %m");
+                        assert(arg_key_pem);
+                        break;
+
+                case ARG_CERT:
+                        if (arg_cert_pem) {
+                                log_error("Certificate file specified twice");
+                                return -EINVAL;
+                        }
+                        r = read_full_file(optarg, &arg_cert_pem, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to read certificate file: %m");
+                        assert(arg_cert_pem);
+                        break;
+
+                case ARG_TRUST:
+#ifdef HAVE_GNUTLS
+                        if (arg_trust_pem) {
+                                log_error("CA certificate file specified twice");
+                                return -EINVAL;
+                        }
+                        r = read_full_file(optarg, &arg_trust_pem, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to read CA certificate file: %m");
+                        assert(arg_trust_pem);
+                        break;
+#else
+                        log_error("Option --trust is not available.");
+#endif
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (optind < argc) {
+                log_error("This program does not take arguments.");
+                return -EINVAL;
+        }
+
+        if (!!arg_key_pem != !!arg_cert_pem) {
+                log_error("Certificate and key files must be specified together");
+                return -EINVAL;
+        }
+
+        if (arg_trust_pem && !arg_key_pem) {
+                log_error("CA certificate can only be used with certificate file");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        struct MHD_Daemon *d = NULL;
+        int r, n;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r < 0)
+                return EXIT_FAILURE;
+        if (r == 0)
+                return EXIT_SUCCESS;
+
+        sigbus_install();
+
+        r = setup_gnutls_logger(NULL);
+        if (r < 0)
+                return EXIT_FAILURE;
+
+        n = sd_listen_fds(1);
+        if (n < 0) {
+                log_error_errno(n, "Failed to determine passed sockets: %m");
+                goto finish;
+        } else if (n > 1) {
+                log_error("Can't listen on more than one socket.");
+                goto finish;
+        } else {
+                struct MHD_OptionItem opts[] = {
+                        { MHD_OPTION_NOTIFY_COMPLETED,
+                          (intptr_t) request_meta_free, NULL },
+                        { MHD_OPTION_EXTERNAL_LOGGER,
+                          (intptr_t) microhttpd_logger, NULL },
+                        { MHD_OPTION_END, 0, NULL },
+                        { MHD_OPTION_END, 0, NULL },
+                        { MHD_OPTION_END, 0, NULL },
+                        { MHD_OPTION_END, 0, NULL },
+                        { MHD_OPTION_END, 0, NULL }};
+                int opts_pos = 2;
+
+                /* We force MHD_USE_PIPE_FOR_SHUTDOWN here, in order
+                 * to make sure libmicrohttpd doesn't use shutdown()
+                 * on our listening socket, which would break socket
+                 * re-activation. See
+                 *
+                 * https://lists.gnu.org/archive/html/libmicrohttpd/2015-09/msg00014.html
+                 * https://github.com/systemd/systemd/pull/1286
+                 */
+
+                int flags =
+                        MHD_USE_DEBUG |
+                        MHD_USE_DUAL_STACK |
+                        MHD_USE_PIPE_FOR_SHUTDOWN |
+                        MHD_USE_POLL |
+                        MHD_USE_THREAD_PER_CONNECTION;
+
+                if (n > 0)
+                        opts[opts_pos++] = (struct MHD_OptionItem)
+                                {MHD_OPTION_LISTEN_SOCKET, SD_LISTEN_FDS_START};
+                if (arg_key_pem) {
+                        assert(arg_cert_pem);
+                        opts[opts_pos++] = (struct MHD_OptionItem)
+                                {MHD_OPTION_HTTPS_MEM_KEY, 0, arg_key_pem};
+                        opts[opts_pos++] = (struct MHD_OptionItem)
+                                {MHD_OPTION_HTTPS_MEM_CERT, 0, arg_cert_pem};
+                        flags |= MHD_USE_SSL;
+                }
+                if (arg_trust_pem) {
+                        assert(flags & MHD_USE_SSL);
+                        opts[opts_pos++] = (struct MHD_OptionItem)
+                                {MHD_OPTION_HTTPS_MEM_TRUST, 0, arg_trust_pem};
+                }
+
+                d = MHD_start_daemon(flags, 19531,
+                                     NULL, NULL,
+                                     request_handler, NULL,
+                                     MHD_OPTION_ARRAY, opts,
+                                     MHD_OPTION_END);
+        }
+
+        if (!d) {
+                log_error("Failed to start daemon!");
+                goto finish;
+        }
+
+        pause();
+
+        r = EXIT_SUCCESS;
+
+finish:
+        if (d)
+                MHD_stop_daemon(d);
+
+        return r;
+}
diff --git a/src/grp-journal-remote/systemd-journal-remote/Makefile b/src/grp-journal-remote/systemd-journal-remote/Makefile
new file mode 100644
index 0000000000..05af76afc2
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-remote/Makefile
@@ -0,0 +1,85 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_MICROHTTPD),)
+rootlibexec_PROGRAMS += \
+	systemd-journal-remote
+
+systemd_journal_remote_SOURCES = \
+	src/journal-remote/journal-remote-parse.h \
+	src/journal-remote/journal-remote-parse.c \
+	src/journal-remote/journal-remote-write.h \
+	src/journal-remote/journal-remote-write.c \
+	src/journal-remote/journal-remote.h \
+	src/journal-remote/journal-remote.c
+
+systemd_journal_remote_LDADD = \
+	libjournal-core.la
+
+systemd_journal_remote_SOURCES += \
+	src/journal-remote/microhttpd-util.h \
+	src/journal-remote/microhttpd-util.c
+
+systemd_journal_remote_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(MICROHTTPD_CFLAGS)
+
+systemd_journal_remote_LDADD += \
+	$(MICROHTTPD_LIBS)
+
+ifneq ($(ENABLE_TMPFILES),)
+dist_tmpfiles_DATA += \
+	tmpfiles.d/systemd-remote.conf
+endif # ENABLE_TMPFILES
+
+ifneq ($(HAVE_GNUTLS),)
+systemd_journal_remote_LDADD += \
+	$(GNUTLS_LIBS)
+endif # HAVE_GNUTLS
+
+# systemd-journal-remote make sense mostly with full crypto stack
+dist_systemunit_DATA += \
+	units/systemd-journal-remote.socket
+
+nodist_systemunit_DATA += \
+	units/systemd-journal-remote.service
+
+journal-remote-install-hook: journal-install-hook
+	-$(MKDIR_P) $(DESTDIR)/var/log/journal/remote
+	-chown 0:0 $(DESTDIR)/var/log/journal/remote
+	-chmod 755 $(DESTDIR)/var/log/journal/remote
+
+INSTALL_EXEC_HOOKS += journal-remote-install-hook
+
+nodist_pkgsysconf_DATA += \
+	src/journal-remote/journal-remote.conf
+
+EXTRA_DIST += \
+	units/systemd-journal-remote.service.in \
+	src/journal-remote/journal-remote.conf.in \
+	src/journal-remote/log-generator.py
+endif # HAVE_MICROHTTPD
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/journal-remote/journal-remote-parse.c b/src/grp-journal-remote/systemd-journal-remote/journal-remote-parse.c
index 9ba9ee3fc0..9ba9ee3fc0 100644
--- a/src/journal-remote/journal-remote-parse.c
+++ b/src/grp-journal-remote/systemd-journal-remote/journal-remote-parse.c
diff --git a/src/grp-journal-remote/systemd-journal-remote/journal-remote-parse.h b/src/grp-journal-remote/systemd-journal-remote/journal-remote-parse.h
new file mode 100644
index 0000000000..4f47ea89d6
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-remote/journal-remote-parse.h
@@ -0,0 +1,69 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "journal-remote-write.h"
+
+typedef enum {
+        STATE_LINE = 0,    /* waiting to read, or reading line */
+        STATE_DATA_START,  /* reading binary data header */
+        STATE_DATA,        /* reading binary data */
+        STATE_DATA_FINISH, /* expecting newline */
+        STATE_EOF,         /* done */
+} source_state;
+
+typedef struct RemoteSource {
+        char *name;
+        int fd;
+        bool passive_fd;
+
+        char *buf;
+        size_t size;       /* total size of the buffer */
+        size_t offset;     /* offset to the beginning of live data in the buffer */
+        size_t scanned;    /* number of bytes since the beginning of data without a newline */
+        size_t filled;     /* total number of bytes in the buffer */
+
+        size_t field_len;  /* used for binary fields: the field name length */
+        size_t data_size;  /* and the size of the binary data chunk being processed */
+
+        struct iovec_wrapper iovw;
+
+        source_state state;
+        dual_timestamp ts;
+
+        Writer *writer;
+
+        sd_event_source *event;
+        sd_event_source *buffer_event;
+} RemoteSource;
+
+RemoteSource* source_new(int fd, bool passive_fd, char *name, Writer *writer);
+
+static inline size_t source_non_empty(RemoteSource *source) {
+        assert(source);
+
+        return source->filled;
+}
+
+void source_free(RemoteSource *source);
+int push_data(RemoteSource *source, const char *data, size_t size);
+int process_source(RemoteSource *source, bool compress, bool seal);
diff --git a/src/journal-remote/journal-remote-write.c b/src/grp-journal-remote/systemd-journal-remote/journal-remote-write.c
index 7bba52566e..7bba52566e 100644
--- a/src/journal-remote/journal-remote-write.c
+++ b/src/grp-journal-remote/systemd-journal-remote/journal-remote-write.c
diff --git a/src/journal-remote/journal-remote-write.h b/src/grp-journal-remote/systemd-journal-remote/journal-remote-write.h
index 53ba45fc04..53ba45fc04 100644
--- a/src/journal-remote/journal-remote-write.h
+++ b/src/grp-journal-remote/systemd-journal-remote/journal-remote-write.h
diff --git a/src/grp-journal-remote/systemd-journal-remote/journal-remote.c b/src/grp-journal-remote/systemd-journal-remote/journal-remote.c
new file mode 100644
index 0000000000..9b4d12d336
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-remote/journal-remote.c
@@ -0,0 +1,1601 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/prctl.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "conf-parser.h"
+#include "def.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "journal-file.h"
+#include "journal-remote-write.h"
+#include "journal-remote.h"
+#include "journald-native.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "stat-util.h"
+#include "stdio-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+
+#define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
+
+#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
+#define CERT_FILE     CERTIFICATE_ROOT "/certs/journal-remote.pem"
+#define TRUST_FILE    CERTIFICATE_ROOT "/ca/trusted.pem"
+
+static char* arg_url = NULL;
+static char* arg_getter = NULL;
+static char* arg_listen_raw = NULL;
+static char* arg_listen_http = NULL;
+static char* arg_listen_https = NULL;
+static char** arg_files = NULL;
+static int arg_compress = true;
+static int arg_seal = false;
+static int http_socket = -1, https_socket = -1;
+static char** arg_gnutls_log = NULL;
+
+static JournalWriteSplitMode arg_split_mode = JOURNAL_WRITE_SPLIT_HOST;
+static char* arg_output = NULL;
+
+static char *arg_key = NULL;
+static char *arg_cert = NULL;
+static char *arg_trust = NULL;
+static bool arg_trust_all = false;
+
+/**********************************************************************
+ **********************************************************************
+ **********************************************************************/
+
+static int spawn_child(const char* child, char** argv) {
+        int fd[2];
+        pid_t parent_pid, child_pid;
+        int r;
+
+        if (pipe(fd) < 0)
+                return log_error_errno(errno, "Failed to create pager pipe: %m");
+
+        parent_pid = getpid();
+
+        child_pid = fork();
+        if (child_pid < 0) {
+                r = log_error_errno(errno, "Failed to fork: %m");
+                safe_close_pair(fd);
+                return r;
+        }
+
+        /* In the child */
+        if (child_pid == 0) {
+
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+
+                r = dup2(fd[1], STDOUT_FILENO);
+                if (r < 0) {
+                        log_error_errno(errno, "Failed to dup pipe to stdout: %m");
+                        _exit(EXIT_FAILURE);
+                }
+
+                safe_close_pair(fd);
+
+                /* Make sure the child goes away when the parent dies */
+                if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
+                        _exit(EXIT_FAILURE);
+
+                /* Check whether our parent died before we were able
+                 * to set the death signal */
+                if (getppid() != parent_pid)
+                        _exit(EXIT_SUCCESS);
+
+                execvp(child, argv);
+                log_error_errno(errno, "Failed to exec child %s: %m", child);
+                _exit(EXIT_FAILURE);
+        }
+
+        r = close(fd[1]);
+        if (r < 0)
+                log_warning_errno(errno, "Failed to close write end of pipe: %m");
+
+        return fd[0];
+}
+
+static int spawn_curl(const char* url) {
+        char **argv = STRV_MAKE("curl",
+                                "-HAccept: application/vnd.fdo.journal",
+                                "--silent",
+                                "--show-error",
+                                url);
+        int r;
+
+        r = spawn_child("curl", argv);
+        if (r < 0)
+                log_error_errno(r, "Failed to spawn curl: %m");
+        return r;
+}
+
+static int spawn_getter(const char *getter) {
+        int r;
+        _cleanup_strv_free_ char **words = NULL;
+
+        assert(getter);
+        r = strv_split_extract(&words, getter, WHITESPACE, EXTRACT_QUOTES);
+        if (r < 0)
+                return log_error_errno(r, "Failed to split getter option: %m");
+
+        r = spawn_child(words[0], words);
+        if (r < 0)
+                log_error_errno(r, "Failed to spawn getter %s: %m", getter);
+
+        return r;
+}
+
+#define filename_escape(s) xescape((s), "/ ")
+
+static int open_output(Writer *w, const char* host) {
+        _cleanup_free_ char *_output = NULL;
+        const char *output;
+        int r;
+
+        switch (arg_split_mode) {
+        case JOURNAL_WRITE_SPLIT_NONE:
+                output = arg_output ?: REMOTE_JOURNAL_PATH "/remote.journal";
+                break;
+
+        case JOURNAL_WRITE_SPLIT_HOST: {
+                _cleanup_free_ char *name;
+
+                assert(host);
+
+                name = filename_escape(host);
+                if (!name)
+                        return log_oom();
+
+                r = asprintf(&_output, "%s/remote-%s.journal",
+                             arg_output ?: REMOTE_JOURNAL_PATH,
+                             name);
+                if (r < 0)
+                        return log_oom();
+
+                output = _output;
+                break;
+        }
+
+        default:
+                assert_not_reached("what?");
+        }
+
+        r = journal_file_open_reliably(output,
+                                       O_RDWR|O_CREAT, 0640,
+                                       arg_compress, arg_seal,
+                                       &w->metrics,
+                                       w->mmap, NULL,
+                                       NULL, &w->journal);
+        if (r < 0)
+                log_error_errno(r, "Failed to open output journal %s: %m",
+                                output);
+        else
+                log_debug("Opened output file %s", w->journal->path);
+        return r;
+}
+
+/**********************************************************************
+ **********************************************************************
+ **********************************************************************/
+
+static int init_writer_hashmap(RemoteServer *s) {
+        static const struct hash_ops *hash_ops[] = {
+                [JOURNAL_WRITE_SPLIT_NONE] = NULL,
+                [JOURNAL_WRITE_SPLIT_HOST] = &string_hash_ops,
+        };
+
+        assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(hash_ops));
+
+        s->writers = hashmap_new(hash_ops[arg_split_mode]);
+        if (!s->writers)
+                return log_oom();
+
+        return 0;
+}
+
+static int get_writer(RemoteServer *s, const char *host,
+                      Writer **writer) {
+        const void *key;
+        _cleanup_writer_unref_ Writer *w = NULL;
+        int r;
+
+        switch(arg_split_mode) {
+        case JOURNAL_WRITE_SPLIT_NONE:
+                key = "one and only";
+                break;
+
+        case JOURNAL_WRITE_SPLIT_HOST:
+                assert(host);
+                key = host;
+                break;
+
+        default:
+                assert_not_reached("what split mode?");
+        }
+
+        w = hashmap_get(s->writers, key);
+        if (w)
+                writer_ref(w);
+        else {
+                w = writer_new(s);
+                if (!w)
+                        return log_oom();
+
+                if (arg_split_mode == JOURNAL_WRITE_SPLIT_HOST) {
+                        w->hashmap_key = strdup(key);
+                        if (!w->hashmap_key)
+                                return log_oom();
+                }
+
+                r = open_output(w, host);
+                if (r < 0)
+                        return r;
+
+                r = hashmap_put(s->writers, w->hashmap_key ?: key, w);
+                if (r < 0)
+                        return r;
+        }
+
+        *writer = w;
+        w = NULL;
+        return 0;
+}
+
+/**********************************************************************
+ **********************************************************************
+ **********************************************************************/
+
+/* This should go away as soon as µhttpd allows state to be passed around. */
+static RemoteServer *server;
+
+static int dispatch_raw_source_event(sd_event_source *event,
+                                     int fd,
+                                     uint32_t revents,
+                                     void *userdata);
+static int dispatch_raw_source_until_block(sd_event_source *event,
+                                           void *userdata);
+static int dispatch_blocking_source_event(sd_event_source *event,
+                                          void *userdata);
+static int dispatch_raw_connection_event(sd_event_source *event,
+                                         int fd,
+                                         uint32_t revents,
+                                         void *userdata);
+static int dispatch_http_event(sd_event_source *event,
+                               int fd,
+                               uint32_t revents,
+                               void *userdata);
+
+static int get_source_for_fd(RemoteServer *s,
+                             int fd, char *name, RemoteSource **source) {
+        Writer *writer;
+        int r;
+
+        /* This takes ownership of name, but only on success. */
+
+        assert(fd >= 0);
+        assert(source);
+
+        if (!GREEDY_REALLOC0(s->sources, s->sources_size, fd + 1))
+                return log_oom();
+
+        r = get_writer(s, name, &writer);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to get writer for source %s: %m",
+                                         name);
+
+        if (s->sources[fd] == NULL) {
+                s->sources[fd] = source_new(fd, false, name, writer);
+                if (!s->sources[fd]) {
+                        writer_unref(writer);
+                        return log_oom();
+                }
+
+                s->active++;
+        }
+
+        *source = s->sources[fd];
+        return 0;
+}
+
+static int remove_source(RemoteServer *s, int fd) {
+        RemoteSource *source;
+
+        assert(s);
+        assert(fd >= 0 && fd < (ssize_t) s->sources_size);
+
+        source = s->sources[fd];
+        if (source) {
+                /* this closes fd too */
+                source_free(source);
+                s->sources[fd] = NULL;
+                s->active--;
+        }
+
+        return 0;
+}
+
+static int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
+
+        RemoteSource *source = NULL;
+        int r;
+
+        /* This takes ownership of name, even on failure, if own_name is true. */
+
+        assert(s);
+        assert(fd >= 0);
+        assert(name);
+
+        if (!own_name) {
+                name = strdup(name);
+                if (!name)
+                        return log_oom();
+        }
+
+        r = get_source_for_fd(s, fd, name, &source);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create source for fd:%d (%s): %m",
+                                fd, name);
+                free(name);
+                return r;
+        }
+
+        r = sd_event_add_io(s->events, &source->event,
+                            fd, EPOLLIN|EPOLLRDHUP|EPOLLPRI,
+                            dispatch_raw_source_event, source);
+        if (r == 0) {
+                /* Add additional source for buffer processing. It will be
+                 * enabled later. */
+                r = sd_event_add_defer(s->events, &source->buffer_event,
+                                       dispatch_raw_source_until_block, source);
+                if (r == 0)
+                        sd_event_source_set_enabled(source->buffer_event, SD_EVENT_OFF);
+        } else if (r == -EPERM) {
+                log_debug("Falling back to sd_event_add_defer for fd:%d (%s)", fd, name);
+                r = sd_event_add_defer(s->events, &source->event,
+                                       dispatch_blocking_source_event, source);
+                if (r == 0)
+                        sd_event_source_set_enabled(source->event, SD_EVENT_ON);
+        }
+        if (r < 0) {
+                log_error_errno(r, "Failed to register event source for fd:%d: %m",
+                                fd);
+                goto error;
+        }
+
+        r = sd_event_source_set_description(source->event, name);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set source name for fd:%d: %m", fd);
+                goto error;
+        }
+
+        return 1; /* work to do */
+
+ error:
+        remove_source(s, fd);
+        return r;
+}
+
+static int add_raw_socket(RemoteServer *s, int fd) {
+        int r;
+        _cleanup_close_ int fd_ = fd;
+        char name[sizeof("raw-socket-")-1 + DECIMAL_STR_MAX(int) + 1];
+
+        assert(fd >= 0);
+
+        r = sd_event_add_io(s->events, &s->listen_event,
+                            fd, EPOLLIN,
+                            dispatch_raw_connection_event, s);
+        if (r < 0)
+                return r;
+
+        xsprintf(name, "raw-socket-%d", fd);
+
+        r = sd_event_source_set_description(s->listen_event, name);
+        if (r < 0)
+                return r;
+
+        fd_ = -1;
+        s->active++;
+        return 0;
+}
+
+static int setup_raw_socket(RemoteServer *s, const char *address) {
+        int fd;
+
+        fd = make_socket_fd(LOG_INFO, address, SOCK_STREAM, SOCK_CLOEXEC);
+        if (fd < 0)
+                return fd;
+
+        return add_raw_socket(s, fd);
+}
+
+/**********************************************************************
+ **********************************************************************
+ **********************************************************************/
+
+static int request_meta(void **connection_cls, int fd, char *hostname) {
+        RemoteSource *source;
+        Writer *writer;
+        int r;
+
+        assert(connection_cls);
+        if (*connection_cls)
+                return 0;
+
+        r = get_writer(server, hostname, &writer);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to get writer for source %s: %m",
+                                         hostname);
+
+        source = source_new(fd, true, hostname, writer);
+        if (!source) {
+                writer_unref(writer);
+                return log_oom();
+        }
+
+        log_debug("Added RemoteSource as connection metadata %p", source);
+
+        *connection_cls = source;
+        return 0;
+}
+
+static void request_meta_free(void *cls,
+                              struct MHD_Connection *connection,
+                              void **connection_cls,
+                              enum MHD_RequestTerminationCode toe) {
+        RemoteSource *s;
+
+        assert(connection_cls);
+        s = *connection_cls;
+
+        if (s) {
+                log_debug("Cleaning up connection metadata %p", s);
+                source_free(s);
+                *connection_cls = NULL;
+        }
+}
+
+static int process_http_upload(
+                struct MHD_Connection *connection,
+                const char *upload_data,
+                size_t *upload_data_size,
+                RemoteSource *source) {
+
+        bool finished = false;
+        size_t remaining;
+        int r;
+
+        assert(source);
+
+        log_trace("%s: connection %p, %zu bytes",
+                  __func__, connection, *upload_data_size);
+
+        if (*upload_data_size) {
+                log_trace("Received %zu bytes", *upload_data_size);
+
+                r = push_data(source, upload_data, *upload_data_size);
+                if (r < 0)
+                        return mhd_respond_oom(connection);
+
+                *upload_data_size = 0;
+        } else
+                finished = true;
+
+        for (;;) {
+                r = process_source(source, arg_compress, arg_seal);
+                if (r == -EAGAIN)
+                        break;
+                else if (r < 0) {
+                        log_warning("Failed to process data for connection %p", connection);
+                        if (r == -E2BIG)
+                                return mhd_respondf(connection,
+                                                    MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
+                                                    "Entry is too large, maximum is %u bytes.\n",
+                                                    DATA_SIZE_MAX);
+                        else
+                                return mhd_respondf(connection,
+                                                    MHD_HTTP_UNPROCESSABLE_ENTITY,
+                                                    "Processing failed: %s.", strerror(-r));
+                }
+        }
+
+        if (!finished)
+                return MHD_YES;
+
+        /* The upload is finished */
+
+        remaining = source_non_empty(source);
+        if (remaining > 0) {
+                log_warning("Premature EOFbyte. %zu bytes lost.", remaining);
+                return mhd_respondf(connection, MHD_HTTP_EXPECTATION_FAILED,
+                                    "Premature EOF. %zu bytes of trailing data not processed.",
+                                    remaining);
+        }
+
+        return mhd_respond(connection, MHD_HTTP_ACCEPTED, "OK.\n");
+};
+
+static int request_handler(
+                void *cls,
+                struct MHD_Connection *connection,
+                const char *url,
+                const char *method,
+                const char *version,
+                const char *upload_data,
+                size_t *upload_data_size,
+                void **connection_cls) {
+
+        const char *header;
+        int r, code, fd;
+        _cleanup_free_ char *hostname = NULL;
+
+        assert(connection);
+        assert(connection_cls);
+        assert(url);
+        assert(method);
+
+        log_trace("Handling a connection %s %s %s", method, url, version);
+
+        if (*connection_cls)
+                return process_http_upload(connection,
+                                           upload_data, upload_data_size,
+                                           *connection_cls);
+
+        if (!streq(method, "POST"))
+                return mhd_respond(connection, MHD_HTTP_NOT_ACCEPTABLE,
+                                   "Unsupported method.\n");
+
+        if (!streq(url, "/upload"))
+                return mhd_respond(connection, MHD_HTTP_NOT_FOUND,
+                                   "Not found.\n");
+
+        header = MHD_lookup_connection_value(connection,
+                                             MHD_HEADER_KIND, "Content-Type");
+        if (!header || !streq(header, "application/vnd.fdo.journal"))
+                return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
+                                   "Content-Type: application/vnd.fdo.journal"
+                                   " is required.\n");
+
+        {
+                const union MHD_ConnectionInfo *ci;
+
+                ci = MHD_get_connection_info(connection,
+                                             MHD_CONNECTION_INFO_CONNECTION_FD);
+                if (!ci) {
+                        log_error("MHD_get_connection_info failed: cannot get remote fd");
+                        return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           "Cannot check remote address");
+                }
+
+                fd = ci->connect_fd;
+                assert(fd >= 0);
+        }
+
+        if (server->check_trust) {
+                r = check_permissions(connection, &code, &hostname);
+                if (r < 0)
+                        return code;
+        } else {
+                r = getpeername_pretty(fd, false, &hostname);
+                if (r < 0)
+                        return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           "Cannot check remote hostname");
+        }
+
+        assert(hostname);
+
+        r = request_meta(connection_cls, fd, hostname);
+        if (r == -ENOMEM)
+                return respond_oom(connection);
+        else if (r < 0)
+                return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                   strerror(-r));
+
+        hostname = NULL;
+        return MHD_YES;
+}
+
+static int setup_microhttpd_server(RemoteServer *s,
+                                   int fd,
+                                   const char *key,
+                                   const char *cert,
+                                   const char *trust) {
+        struct MHD_OptionItem opts[] = {
+                { MHD_OPTION_NOTIFY_COMPLETED, (intptr_t) request_meta_free},
+                { MHD_OPTION_EXTERNAL_LOGGER, (intptr_t) microhttpd_logger},
+                { MHD_OPTION_LISTEN_SOCKET, fd},
+                { MHD_OPTION_CONNECTION_MEMORY_LIMIT, 128*1024},
+                { MHD_OPTION_END},
+                { MHD_OPTION_END},
+                { MHD_OPTION_END},
+                { MHD_OPTION_END}};
+        int opts_pos = 4;
+        int flags =
+                MHD_USE_DEBUG |
+                MHD_USE_DUAL_STACK |
+                MHD_USE_EPOLL_LINUX_ONLY |
+                MHD_USE_PEDANTIC_CHECKS |
+                MHD_USE_PIPE_FOR_SHUTDOWN;
+
+        const union MHD_DaemonInfo *info;
+        int r, epoll_fd;
+        MHDDaemonWrapper *d;
+
+        assert(fd >= 0);
+
+        r = fd_nonblock(fd, true);
+        if (r < 0)
+                return log_error_errno(r, "Failed to make fd:%d nonblocking: %m", fd);
+
+        if (key) {
+                assert(cert);
+
+                opts[opts_pos++] = (struct MHD_OptionItem)
+                        {MHD_OPTION_HTTPS_MEM_KEY, 0, (char*) key};
+                opts[opts_pos++] = (struct MHD_OptionItem)
+                        {MHD_OPTION_HTTPS_MEM_CERT, 0, (char*) cert};
+
+                flags |= MHD_USE_SSL;
+
+                if (trust)
+                        opts[opts_pos++] = (struct MHD_OptionItem)
+                                {MHD_OPTION_HTTPS_MEM_TRUST, 0, (char*) trust};
+        }
+
+        d = new(MHDDaemonWrapper, 1);
+        if (!d)
+                return log_oom();
+
+        d->fd = (uint64_t) fd;
+
+        d->daemon = MHD_start_daemon(flags, 0,
+                                     NULL, NULL,
+                                     request_handler, NULL,
+                                     MHD_OPTION_ARRAY, opts,
+                                     MHD_OPTION_END);
+        if (!d->daemon) {
+                log_error("Failed to start µhttp daemon");
+                r = -EINVAL;
+                goto error;
+        }
+
+        log_debug("Started MHD %s daemon on fd:%d (wrapper @ %p)",
+                  key ? "HTTPS" : "HTTP", fd, d);
+
+
+        info = MHD_get_daemon_info(d->daemon, MHD_DAEMON_INFO_EPOLL_FD_LINUX_ONLY);
+        if (!info) {
+                log_error("µhttp returned NULL daemon info");
+                r = -EOPNOTSUPP;
+                goto error;
+        }
+
+        epoll_fd = info->listen_fd;
+        if (epoll_fd < 0) {
+                log_error("µhttp epoll fd is invalid");
+                r = -EUCLEAN;
+                goto error;
+        }
+
+        r = sd_event_add_io(s->events, &d->event,
+                            epoll_fd, EPOLLIN,
+                            dispatch_http_event, d);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add event callback: %m");
+                goto error;
+        }
+
+        r = sd_event_source_set_description(d->event, "epoll-fd");
+        if (r < 0) {
+                log_error_errno(r, "Failed to set source name: %m");
+                goto error;
+        }
+
+        r = hashmap_ensure_allocated(&s->daemons, &uint64_hash_ops);
+        if (r < 0) {
+                log_oom();
+                goto error;
+        }
+
+        r = hashmap_put(s->daemons, &d->fd, d);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add daemon to hashmap: %m");
+                goto error;
+        }
+
+        s->active++;
+        return 0;
+
+error:
+        MHD_stop_daemon(d->daemon);
+        free(d->daemon);
+        free(d);
+        return r;
+}
+
+static int setup_microhttpd_socket(RemoteServer *s,
+                                   const char *address,
+                                   const char *key,
+                                   const char *cert,
+                                   const char *trust) {
+        int fd;
+
+        fd = make_socket_fd(LOG_DEBUG, address, SOCK_STREAM, SOCK_CLOEXEC);
+        if (fd < 0)
+                return fd;
+
+        return setup_microhttpd_server(s, fd, key, cert, trust);
+}
+
+static int dispatch_http_event(sd_event_source *event,
+                               int fd,
+                               uint32_t revents,
+                               void *userdata) {
+        MHDDaemonWrapper *d = userdata;
+        int r;
+
+        assert(d);
+
+        r = MHD_run(d->daemon);
+        if (r == MHD_NO) {
+                log_error("MHD_run failed!");
+                // XXX: unregister daemon
+                return -EINVAL;
+        }
+
+        return 1; /* work to do */
+}
+
+/**********************************************************************
+ **********************************************************************
+ **********************************************************************/
+
+static int setup_signals(RemoteServer *s) {
+        int r;
+
+        assert(s);
+
+        assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, -1) >= 0);
+
+        r = sd_event_add_signal(s->events, &s->sigterm_event, SIGTERM, NULL, s);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_signal(s->events, &s->sigint_event, SIGINT, NULL, s);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int negative_fd(const char *spec) {
+        /* Return a non-positive number as its inverse, -EINVAL otherwise. */
+
+        int fd, r;
+
+        r = safe_atoi(spec, &fd);
+        if (r < 0)
+                return r;
+
+        if (fd > 0)
+                return -EINVAL;
+        else
+                return -fd;
+}
+
+static int remoteserver_init(RemoteServer *s,
+                             const char* key,
+                             const char* cert,
+                             const char* trust) {
+        int r, n, fd;
+        char **file;
+
+        assert(s);
+
+        if ((arg_listen_raw || arg_listen_http) && trust) {
+                log_error("Option --trust makes all non-HTTPS connections untrusted.");
+                return -EINVAL;
+        }
+
+        r = sd_event_default(&s->events);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event loop: %m");
+
+        setup_signals(s);
+
+        assert(server == NULL);
+        server = s;
+
+        r = init_writer_hashmap(s);
+        if (r < 0)
+                return r;
+
+        n = sd_listen_fds(true);
+        if (n < 0)
+                return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
+        else
+                log_debug("Received %d descriptors", n);
+
+        if (MAX(http_socket, https_socket) >= SD_LISTEN_FDS_START + n) {
+                log_error("Received fewer sockets than expected");
+                return -EBADFD;
+        }
+
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
+                if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
+                        log_debug("Received a listening socket (fd:%d)", fd);
+
+                        if (fd == http_socket)
+                                r = setup_microhttpd_server(s, fd, NULL, NULL, NULL);
+                        else if (fd == https_socket)
+                                r = setup_microhttpd_server(s, fd, key, cert, trust);
+                        else
+                                r = add_raw_socket(s, fd);
+                } else if (sd_is_socket(fd, AF_UNSPEC, 0, false)) {
+                        char *hostname;
+
+                        r = getpeername_pretty(fd, false, &hostname);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to retrieve remote name: %m");
+
+                        log_debug("Received a connection socket (fd:%d) from %s", fd, hostname);
+
+                        r = add_source(s, fd, hostname, true);
+                } else {
+                        log_error("Unknown socket passed on fd:%d", fd);
+
+                        return -EINVAL;
+                }
+
+                if (r < 0)
+                        return log_error_errno(r, "Failed to register socket (fd:%d): %m",
+                                               fd);
+        }
+
+        if (arg_getter) {
+                log_info("Spawning getter %s...", arg_getter);
+                fd = spawn_getter(arg_getter);
+                if (fd < 0)
+                        return fd;
+
+                r = add_source(s, fd, (char*) arg_output, false);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_url) {
+                const char *url;
+                char *hostname, *p;
+
+                if (!strstr(arg_url, "/entries")) {
+                        if (endswith(arg_url, "/"))
+                                url = strjoina(arg_url, "entries");
+                        else
+                                url = strjoina(arg_url, "/entries");
+                }
+                else
+                        url = strdupa(arg_url);
+
+                log_info("Spawning curl %s...", url);
+                fd = spawn_curl(url);
+                if (fd < 0)
+                        return fd;
+
+                hostname =
+                        startswith(arg_url, "https://") ?:
+                        startswith(arg_url, "http://") ?:
+                        arg_url;
+
+                hostname = strdupa(hostname);
+                if ((p = strchr(hostname, '/')))
+                        *p = '\0';
+                if ((p = strchr(hostname, ':')))
+                        *p = '\0';
+
+                r = add_source(s, fd, hostname, false);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_listen_raw) {
+                log_debug("Listening on a socket...");
+                r = setup_raw_socket(s, arg_listen_raw);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_listen_http) {
+                r = setup_microhttpd_socket(s, arg_listen_http, NULL, NULL, NULL);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_listen_https) {
+                r = setup_microhttpd_socket(s, arg_listen_https, key, cert, trust);
+                if (r < 0)
+                        return r;
+        }
+
+        STRV_FOREACH(file, arg_files) {
+                const char *output_name;
+
+                if (streq(*file, "-")) {
+                        log_debug("Using standard input as source.");
+
+                        fd = STDIN_FILENO;
+                        output_name = "stdin";
+                } else {
+                        log_debug("Reading file %s...", *file);
+
+                        fd = open(*file, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
+                        if (fd < 0)
+                                return log_error_errno(errno, "Failed to open %s: %m", *file);
+                        output_name = *file;
+                }
+
+                r = add_source(s, fd, (char*) output_name, false);
+                if (r < 0)
+                        return r;
+        }
+
+        if (s->active == 0) {
+                log_error("Zero sources specified");
+                return -EINVAL;
+        }
+
+        if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE) {
+                /* In this case we know what the writer will be
+                   called, so we can create it and verify that we can
+                   create output as expected. */
+                r = get_writer(s, NULL, &s->_single_writer);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static void server_destroy(RemoteServer *s) {
+        size_t i;
+        MHDDaemonWrapper *d;
+
+        while ((d = hashmap_steal_first(s->daemons))) {
+                MHD_stop_daemon(d->daemon);
+                sd_event_source_unref(d->event);
+                free(d);
+        }
+
+        hashmap_free(s->daemons);
+
+        assert(s->sources_size == 0 || s->sources);
+        for (i = 0; i < s->sources_size; i++)
+                remove_source(s, i);
+        free(s->sources);
+
+        writer_unref(s->_single_writer);
+        hashmap_free(s->writers);
+
+        sd_event_source_unref(s->sigterm_event);
+        sd_event_source_unref(s->sigint_event);
+        sd_event_source_unref(s->listen_event);
+        sd_event_unref(s->events);
+
+        /* fds that we're listening on remain open... */
+}
+
+/**********************************************************************
+ **********************************************************************
+ **********************************************************************/
+
+static int handle_raw_source(sd_event_source *event,
+                             int fd,
+                             uint32_t revents,
+                             RemoteServer *s) {
+
+        RemoteSource *source;
+        int r;
+
+        /* Returns 1 if there might be more data pending,
+         * 0 if data is currently exhausted, negative on error.
+         */
+
+        assert(fd >= 0 && fd < (ssize_t) s->sources_size);
+        source = s->sources[fd];
+        assert(source->fd == fd);
+
+        r = process_source(source, arg_compress, arg_seal);
+        if (source->state == STATE_EOF) {
+                size_t remaining;
+
+                log_debug("EOF reached with source fd:%d (%s)",
+                          source->fd, source->name);
+
+                remaining = source_non_empty(source);
+                if (remaining > 0)
+                        log_notice("Premature EOF. %zu bytes lost.", remaining);
+                remove_source(s, source->fd);
+                log_debug("%zu active sources remaining", s->active);
+                return 0;
+        } else if (r == -E2BIG) {
+                log_notice_errno(E2BIG, "Entry too big, skipped");
+                return 1;
+        } else if (r == -EAGAIN) {
+                return 0;
+        } else if (r < 0) {
+                log_debug_errno(r, "Closing connection: %m");
+                remove_source(server, fd);
+                return 0;
+        } else
+                return 1;
+}
+
+static int dispatch_raw_source_until_block(sd_event_source *event,
+                                           void *userdata) {
+        RemoteSource *source = userdata;
+        int r;
+
+        /* Make sure event stays around even if source is destroyed */
+        sd_event_source_ref(event);
+
+        r = handle_raw_source(event, source->fd, EPOLLIN, server);
+        if (r != 1)
+                /* No more data for now */
+                sd_event_source_set_enabled(event, SD_EVENT_OFF);
+
+        sd_event_source_unref(event);
+
+        return r;
+}
+
+static int dispatch_raw_source_event(sd_event_source *event,
+                                     int fd,
+                                     uint32_t revents,
+                                     void *userdata) {
+        RemoteSource *source = userdata;
+        int r;
+
+        assert(source->event);
+        assert(source->buffer_event);
+
+        r = handle_raw_source(event, fd, EPOLLIN, server);
+        if (r == 1)
+                /* Might have more data. We need to rerun the handler
+                 * until we are sure the buffer is exhausted. */
+                sd_event_source_set_enabled(source->buffer_event, SD_EVENT_ON);
+
+        return r;
+}
+
+static int dispatch_blocking_source_event(sd_event_source *event,
+                                          void *userdata) {
+        RemoteSource *source = userdata;
+
+        return handle_raw_source(event, source->fd, EPOLLIN, server);
+}
+
+static int accept_connection(const char* type, int fd,
+                             SocketAddress *addr, char **hostname) {
+        int fd2, r;
+
+        log_debug("Accepting new %s connection on fd:%d", type, fd);
+        fd2 = accept4(fd, &addr->sockaddr.sa, &addr->size, SOCK_NONBLOCK|SOCK_CLOEXEC);
+        if (fd2 < 0)
+                return log_error_errno(errno, "accept() on fd:%d failed: %m", fd);
+
+        switch(socket_address_family(addr)) {
+        case AF_INET:
+        case AF_INET6: {
+                _cleanup_free_ char *a = NULL;
+                char *b;
+
+                r = socket_address_print(addr, &a);
+                if (r < 0) {
+                        log_error_errno(r, "socket_address_print(): %m");
+                        close(fd2);
+                        return r;
+                }
+
+                r = socknameinfo_pretty(&addr->sockaddr, addr->size, &b);
+                if (r < 0) {
+                        log_error_errno(r, "Resolving hostname failed: %m");
+                        close(fd2);
+                        return r;
+                }
+
+                log_debug("Accepted %s %s connection from %s",
+                          type,
+                          socket_address_family(addr) == AF_INET ? "IP" : "IPv6",
+                          a);
+
+                *hostname = b;
+
+                return fd2;
+        };
+        default:
+                log_error("Rejected %s connection with unsupported family %d",
+                          type, socket_address_family(addr));
+                close(fd2);
+
+                return -EINVAL;
+        }
+}
+
+static int dispatch_raw_connection_event(sd_event_source *event,
+                                         int fd,
+                                         uint32_t revents,
+                                         void *userdata) {
+        RemoteServer *s = userdata;
+        int fd2;
+        SocketAddress addr = {
+                .size = sizeof(union sockaddr_union),
+                .type = SOCK_STREAM,
+        };
+        char *hostname = NULL;
+
+        fd2 = accept_connection("raw", fd, &addr, &hostname);
+        if (fd2 < 0)
+                return fd2;
+
+        return add_source(s, fd2, hostname, true);
+}
+
+/**********************************************************************
+ **********************************************************************
+ **********************************************************************/
+
+static const char* const journal_write_split_mode_table[_JOURNAL_WRITE_SPLIT_MAX] = {
+        [JOURNAL_WRITE_SPLIT_NONE] = "none",
+        [JOURNAL_WRITE_SPLIT_HOST] = "host",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP(journal_write_split_mode, JournalWriteSplitMode);
+static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode,
+                                journal_write_split_mode,
+                                JournalWriteSplitMode,
+                                "Failed to parse split mode setting");
+
+static int parse_config(void) {
+        const ConfigTableItem items[] = {
+                { "Remote",  "Seal",                   config_parse_bool,             0, &arg_seal       },
+                { "Remote",  "SplitMode",              config_parse_write_split_mode, 0, &arg_split_mode },
+                { "Remote",  "ServerKeyFile",          config_parse_path,             0, &arg_key        },
+                { "Remote",  "ServerCertificateFile",  config_parse_path,             0, &arg_cert       },
+                { "Remote",  "TrustedCertificateFile", config_parse_path,             0, &arg_trust      },
+                {}};
+
+        return config_parse_many(PKGSYSCONFDIR "/journal-remote.conf",
+                                 CONF_PATHS_NULSTR("systemd/journal-remote.conf.d"),
+                                 "Remote\0", config_item_table_lookup, items,
+                                 false, NULL);
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] {FILE|-}...\n\n"
+               "Write external journal events to journal file(s).\n\n"
+               "  -h --help                 Show this help\n"
+               "     --version              Show package version\n"
+               "     --url=URL              Read events from systemd-journal-gatewayd at URL\n"
+               "     --getter=COMMAND       Read events from the output of COMMAND\n"
+               "     --listen-raw=ADDR      Listen for connections at ADDR\n"
+               "     --listen-http=ADDR     Listen for HTTP connections at ADDR\n"
+               "     --listen-https=ADDR    Listen for HTTPS connections at ADDR\n"
+               "  -o --output=FILE|DIR      Write output to FILE or DIR/external-*.journal\n"
+               "     --compress[=BOOL]      XZ-compress the output journal (default: yes)\n"
+               "     --seal[=BOOL]          Use event sealing (default: no)\n"
+               "     --key=FILENAME         SSL key in PEM format (default:\n"
+               "                            \"" PRIV_KEY_FILE "\")\n"
+               "     --cert=FILENAME        SSL certificate in PEM format (default:\n"
+               "                            \"" CERT_FILE "\")\n"
+               "     --trust=FILENAME|all   SSL CA certificate or disable checking (default:\n"
+               "                            \"" TRUST_FILE "\")\n"
+               "     --gnutls-log=CATEGORY...\n"
+               "                            Specify a list of gnutls logging categories\n"
+               "     --split-mode=none|host How many output files to create\n"
+               "\n"
+               "Note: file descriptors from sd_listen_fds() will be consumed, too.\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_URL,
+                ARG_LISTEN_RAW,
+                ARG_LISTEN_HTTP,
+                ARG_LISTEN_HTTPS,
+                ARG_GETTER,
+                ARG_SPLIT_MODE,
+                ARG_COMPRESS,
+                ARG_SEAL,
+                ARG_KEY,
+                ARG_CERT,
+                ARG_TRUST,
+                ARG_GNUTLS_LOG,
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'              },
+                { "version",      no_argument,       NULL, ARG_VERSION      },
+                { "url",          required_argument, NULL, ARG_URL          },
+                { "getter",       required_argument, NULL, ARG_GETTER       },
+                { "listen-raw",   required_argument, NULL, ARG_LISTEN_RAW   },
+                { "listen-http",  required_argument, NULL, ARG_LISTEN_HTTP  },
+                { "listen-https", required_argument, NULL, ARG_LISTEN_HTTPS },
+                { "output",       required_argument, NULL, 'o'              },
+                { "split-mode",   required_argument, NULL, ARG_SPLIT_MODE   },
+                { "compress",     optional_argument, NULL, ARG_COMPRESS     },
+                { "seal",         optional_argument, NULL, ARG_SEAL         },
+                { "key",          required_argument, NULL, ARG_KEY          },
+                { "cert",         required_argument, NULL, ARG_CERT         },
+                { "trust",        required_argument, NULL, ARG_TRUST        },
+                { "gnutls-log",   required_argument, NULL, ARG_GNUTLS_LOG   },
+                {}
+        };
+
+        int c, r;
+        bool type_a, type_b;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "ho:", options, NULL)) >= 0)
+                switch(c) {
+                case 'h':
+                        help();
+                        return 0 /* done */;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_URL:
+                        if (arg_url) {
+                                log_error("cannot currently set more than one --url");
+                                return -EINVAL;
+                        }
+
+                        arg_url = optarg;
+                        break;
+
+                case ARG_GETTER:
+                        if (arg_getter) {
+                                log_error("cannot currently use --getter more than once");
+                                return -EINVAL;
+                        }
+
+                        arg_getter = optarg;
+                        break;
+
+                case ARG_LISTEN_RAW:
+                        if (arg_listen_raw) {
+                                log_error("cannot currently use --listen-raw more than once");
+                                return -EINVAL;
+                        }
+
+                        arg_listen_raw = optarg;
+                        break;
+
+                case ARG_LISTEN_HTTP:
+                        if (arg_listen_http || http_socket >= 0) {
+                                log_error("cannot currently use --listen-http more than once");
+                                return -EINVAL;
+                        }
+
+                        r = negative_fd(optarg);
+                        if (r >= 0)
+                                http_socket = r;
+                        else
+                                arg_listen_http = optarg;
+                        break;
+
+                case ARG_LISTEN_HTTPS:
+                        if (arg_listen_https || https_socket >= 0) {
+                                log_error("cannot currently use --listen-https more than once");
+                                return -EINVAL;
+                        }
+
+                        r = negative_fd(optarg);
+                        if (r >= 0)
+                                https_socket = r;
+                        else
+                                arg_listen_https = optarg;
+
+                        break;
+
+                case ARG_KEY:
+                        if (arg_key) {
+                                log_error("Key file specified twice");
+                                return -EINVAL;
+                        }
+
+                        arg_key = strdup(optarg);
+                        if (!arg_key)
+                                return log_oom();
+
+                        break;
+
+                case ARG_CERT:
+                        if (arg_cert) {
+                                log_error("Certificate file specified twice");
+                                return -EINVAL;
+                        }
+
+                        arg_cert = strdup(optarg);
+                        if (!arg_cert)
+                                return log_oom();
+
+                        break;
+
+                case ARG_TRUST:
+                        if (arg_trust || arg_trust_all) {
+                                log_error("Confusing trusted CA configuration");
+                                return -EINVAL;
+                        }
+
+                        if (streq(optarg, "all"))
+                                arg_trust_all = true;
+                        else {
+#ifdef HAVE_GNUTLS
+                                arg_trust = strdup(optarg);
+                                if (!arg_trust)
+                                        return log_oom();
+#else
+                                log_error("Option --trust is not available.");
+                                return -EINVAL;
+#endif
+                        }
+
+                        break;
+
+                case 'o':
+                        if (arg_output) {
+                                log_error("cannot use --output/-o more than once");
+                                return -EINVAL;
+                        }
+
+                        arg_output = optarg;
+                        break;
+
+                case ARG_SPLIT_MODE:
+                        arg_split_mode = journal_write_split_mode_from_string(optarg);
+                        if (arg_split_mode == _JOURNAL_WRITE_SPLIT_INVALID) {
+                                log_error("Invalid split mode: %s", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_COMPRESS:
+                        if (optarg) {
+                                r = parse_boolean(optarg);
+                                if (r < 0) {
+                                        log_error("Failed to parse --compress= parameter.");
+                                        return -EINVAL;
+                                }
+
+                                arg_compress = !!r;
+                        } else
+                                arg_compress = true;
+
+                        break;
+
+                case ARG_SEAL:
+                        if (optarg) {
+                                r = parse_boolean(optarg);
+                                if (r < 0) {
+                                        log_error("Failed to parse --seal= parameter.");
+                                        return -EINVAL;
+                                }
+
+                                arg_seal = !!r;
+                        } else
+                                arg_seal = true;
+
+                        break;
+
+                case ARG_GNUTLS_LOG: {
+#ifdef HAVE_GNUTLS
+                        const char* p = optarg;
+                        for (;;) {
+                                _cleanup_free_ char *word = NULL;
+
+                                r = extract_first_word(&p, &word, ",", 0);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse --gnutls-log= argument: %m");
+
+                                if (r == 0)
+                                        break;
+
+                                if (strv_push(&arg_gnutls_log, word) < 0)
+                                        return log_oom();
+
+                                word = NULL;
+                        }
+                        break;
+#else
+                        log_error("Option --gnutls-log is not available.");
+                        return -EINVAL;
+#endif
+                }
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unknown option code.");
+                }
+
+        if (optind < argc)
+                arg_files = argv + optind;
+
+        type_a = arg_getter || !strv_isempty(arg_files);
+        type_b = arg_url
+                || arg_listen_raw
+                || arg_listen_http || arg_listen_https
+                || sd_listen_fds(false) > 0;
+        if (type_a && type_b) {
+                log_error("Cannot use file input or --getter with "
+                          "--arg-listen-... or socket activation.");
+                return -EINVAL;
+        }
+        if (type_a) {
+                if (!arg_output) {
+                        log_error("Option --output must be specified with file input or --getter.");
+                        return -EINVAL;
+                }
+
+                arg_split_mode = JOURNAL_WRITE_SPLIT_NONE;
+        }
+
+        if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE
+            && arg_output && is_dir(arg_output, true) > 0) {
+                log_error("For SplitMode=none, output must be a file.");
+                return -EINVAL;
+        }
+
+        if (arg_split_mode == JOURNAL_WRITE_SPLIT_HOST
+            && arg_output && is_dir(arg_output, true) <= 0) {
+                log_error("For SplitMode=host, output must be a directory.");
+                return -EINVAL;
+        }
+
+        log_debug("Full config: SplitMode=%s Key=%s Cert=%s Trust=%s",
+                  journal_write_split_mode_to_string(arg_split_mode),
+                  strna(arg_key),
+                  strna(arg_cert),
+                  strna(arg_trust));
+
+        return 1 /* work to do */;
+}
+
+static int load_certificates(char **key, char **cert, char **trust) {
+        int r;
+
+        r = read_full_file(arg_key ?: PRIV_KEY_FILE, key, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read key from file '%s': %m",
+                                       arg_key ?: PRIV_KEY_FILE);
+
+        r = read_full_file(arg_cert ?: CERT_FILE, cert, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read certificate from file '%s': %m",
+                                       arg_cert ?: CERT_FILE);
+
+        if (arg_trust_all)
+                log_info("Certificate checking disabled.");
+        else {
+                r = read_full_file(arg_trust ?: TRUST_FILE, trust, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to read CA certificate file '%s': %m",
+                                               arg_trust ?: TRUST_FILE);
+        }
+
+        return 0;
+}
+
+int main(int argc, char **argv) {
+        RemoteServer s = {};
+        int r;
+        _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
+
+        log_show_color(true);
+        log_parse_environment();
+
+        r = parse_config();
+        if (r < 0)
+                return EXIT_FAILURE;
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+
+
+        if (arg_listen_http || arg_listen_https) {
+                r = setup_gnutls_logger(arg_gnutls_log);
+                if (r < 0)
+                        return EXIT_FAILURE;
+        }
+
+        if (arg_listen_https || https_socket >= 0)
+                if (load_certificates(&key, &cert, &trust) < 0)
+                        return EXIT_FAILURE;
+
+        if (remoteserver_init(&s, key, cert, trust) < 0)
+                return EXIT_FAILURE;
+
+        r = sd_event_set_watchdog(s.events, true);
+        if (r < 0)
+                log_error_errno(r, "Failed to enable watchdog: %m");
+        else
+                log_debug("Watchdog is %s.", r > 0 ? "enabled" : "disabled");
+
+        log_debug("%s running as pid "PID_FMT,
+                  program_invocation_short_name, getpid());
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing requests...");
+
+        while (s.active) {
+                r = sd_event_get_state(s.events);
+                if (r < 0)
+                        break;
+                if (r == SD_EVENT_FINISHED)
+                        break;
+
+                r = sd_event_run(s.events, -1);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to run event loop: %m");
+                        break;
+                }
+        }
+
+        sd_notifyf(false,
+                   "STOPPING=1\n"
+                   "STATUS=Shutting down after writing %" PRIu64 " entries...", s.event_count);
+        log_info("Finishing after writing %" PRIu64 " entries", s.event_count);
+
+        server_destroy(&s);
+
+        free(arg_key);
+        free(arg_cert);
+        free(arg_trust);
+
+        return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
diff --git a/src/journal-remote/journal-remote.conf.in b/src/grp-journal-remote/systemd-journal-remote/journal-remote.conf.in
index 7122d63362..7122d63362 100644
--- a/src/journal-remote/journal-remote.conf.in
+++ b/src/grp-journal-remote/systemd-journal-remote/journal-remote.conf.in
diff --git a/src/grp-journal-remote/systemd-journal-remote/journal-remote.h b/src/grp-journal-remote/systemd-journal-remote/journal-remote.h
new file mode 100644
index 0000000000..58487e498a
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-remote/journal-remote.h
@@ -0,0 +1,52 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "hashmap.h"
+#include "journal-remote-parse.h"
+#include "journal-remote-write.h"
+#include "microhttpd-util.h"
+
+typedef struct MHDDaemonWrapper MHDDaemonWrapper;
+
+struct MHDDaemonWrapper {
+        uint64_t fd;
+        struct MHD_Daemon *daemon;
+
+        sd_event_source *event;
+};
+
+struct RemoteServer {
+        RemoteSource **sources;
+        size_t sources_size;
+        size_t active;
+
+        sd_event *events;
+        sd_event_source *sigterm_event, *sigint_event, *listen_event;
+
+        Hashmap *writers;
+        Writer *_single_writer;
+        uint64_t event_count;
+
+        bool check_trust;
+        Hashmap *daemons;
+};
diff --git a/src/grp-journal-remote/systemd-journal-upload/Makefile b/src/grp-journal-remote/systemd-journal-upload/Makefile
new file mode 100644
index 0000000000..c47fcf0128
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-upload/Makefile
@@ -0,0 +1,54 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_LIBCURL),)
+rootlibexec_PROGRAMS += \
+        systemd-journal-upload
+
+systemd_journal_upload_SOURCES = \
+        src/journal-remote/journal-upload.h \
+        src/journal-remote/journal-upload.c \
+        src/journal-remote/journal-upload-journal.c
+
+systemd_journal_upload_CFLAGS = \
+        $(AM_CFLAGS) \
+        $(LIBCURL_CFLAGS)
+
+systemd_journal_upload_LDADD = \
+        libshared.la \
+        $(LIBCURL_LIBS)
+
+nodist_systemunit_DATA += \
+        units/systemd-journal-upload.service
+
+nodist_pkgsysconf_DATA += \
+        src/journal-remote/journal-upload.conf
+endif
+
+EXTRA_DIST += \
+        units/systemd-journal-upload.service.in \
+        src/journal-remote/journal-upload.conf.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-journal-remote/systemd-journal-upload/journal-upload-journal.c b/src/grp-journal-remote/systemd-journal-upload/journal-upload-journal.c
new file mode 100644
index 0000000000..aef095c8c9
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-upload/journal-upload-journal.c
@@ -0,0 +1,422 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <curl/curl.h>
+#include <stdbool.h>
+
+#include "alloc-util.h"
+#include "journal-upload.h"
+#include "log.h"
+#include "utf8.h"
+#include "util.h"
+#include <systemd/sd-daemon.h>
+
+/**
+ * Write up to size bytes to buf. Return negative on error, and number of
+ * bytes written otherwise. The last case is a kind of an error too.
+ */
+static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
+        int r;
+        size_t pos = 0;
+
+        assert(size <= SSIZE_MAX);
+
+        for (;;) {
+
+                switch(u->entry_state) {
+                case ENTRY_CURSOR: {
+                        u->current_cursor = mfree(u->current_cursor);
+
+                        r = sd_journal_get_cursor(u->journal, &u->current_cursor);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get cursor: %m");
+
+                        r = snprintf(buf + pos, size - pos,
+                                     "__CURSOR=%s\n", u->current_cursor);
+                        if (pos + r > size)
+                                /* not enough space */
+                                return pos;
+
+                        u->entry_state++;
+
+                        if (pos + r == size) {
+                                /* exactly one character short, but we don't need it */
+                                buf[size - 1] = '\n';
+                                return size;
+                        }
+
+                        pos += r;
+                }       /* fall through */
+
+                case ENTRY_REALTIME: {
+                        usec_t realtime;
+
+                        r = sd_journal_get_realtime_usec(u->journal, &realtime);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get realtime timestamp: %m");
+
+                        r = snprintf(buf + pos, size - pos,
+                                     "__REALTIME_TIMESTAMP="USEC_FMT"\n", realtime);
+                        if (r + pos > size)
+                                /* not enough space */
+                                return pos;
+
+                        u->entry_state++;
+
+                        if (r + pos == size) {
+                                /* exactly one character short, but we don't need it */
+                                buf[size - 1] = '\n';
+                                return size;
+                        }
+
+                        pos += r;
+                }       /* fall through */
+
+                case ENTRY_MONOTONIC: {
+                        usec_t monotonic;
+                        sd_id128_t boot_id;
+
+                        r = sd_journal_get_monotonic_usec(u->journal, &monotonic, &boot_id);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
+
+                        r = snprintf(buf + pos, size - pos,
+                                     "__MONOTONIC_TIMESTAMP="USEC_FMT"\n", monotonic);
+                        if (r + pos > size)
+                                /* not enough space */
+                                return pos;
+
+                        u->entry_state++;
+
+                        if (r + pos == size) {
+                                /* exactly one character short, but we don't need it */
+                                buf[size - 1] = '\n';
+                                return size;
+                        }
+
+                        pos += r;
+                }       /* fall through */
+
+                case ENTRY_BOOT_ID: {
+                        sd_id128_t boot_id;
+                        char sid[33];
+
+                        r = sd_journal_get_monotonic_usec(u->journal, NULL, &boot_id);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
+
+                        r = snprintf(buf + pos, size - pos,
+                                     "_BOOT_ID=%s\n", sd_id128_to_string(boot_id, sid));
+                        if (r + pos > size)
+                                /* not enough space */
+                                return pos;
+
+                        u->entry_state++;
+
+                        if (r + pos == size) {
+                                /* exactly one character short, but we don't need it */
+                                buf[size - 1] = '\n';
+                                return size;
+                        }
+
+                        pos += r;
+                }       /* fall through */
+
+                case ENTRY_NEW_FIELD: {
+                        u->field_pos = 0;
+
+                        r = sd_journal_enumerate_data(u->journal,
+                                                      &u->field_data,
+                                                      &u->field_length);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to move to next field in entry: %m");
+                        else if (r == 0) {
+                                u->entry_state = ENTRY_OUTRO;
+                                continue;
+                        }
+
+                        if (!utf8_is_printable_newline(u->field_data,
+                                                       u->field_length, false)) {
+                                u->entry_state = ENTRY_BINARY_FIELD_START;
+                                continue;
+                        }
+
+                        u->entry_state++;
+                }       /* fall through */
+
+                case ENTRY_TEXT_FIELD:
+                case ENTRY_BINARY_FIELD: {
+                        bool done;
+                        size_t tocopy;
+
+                        done = size - pos > u->field_length - u->field_pos;
+                        if (done)
+                                tocopy = u->field_length - u->field_pos;
+                        else
+                                tocopy = size - pos;
+
+                        memcpy(buf + pos,
+                               (char*) u->field_data + u->field_pos,
+                               tocopy);
+
+                        if (done) {
+                                buf[pos + tocopy] = '\n';
+                                pos += tocopy + 1;
+                                u->entry_state = ENTRY_NEW_FIELD;
+                                continue;
+                        } else {
+                                u->field_pos += tocopy;
+                                return size;
+                        }
+                }
+
+                case ENTRY_BINARY_FIELD_START: {
+                        const char *c;
+                        size_t len;
+
+                        c = memchr(u->field_data, '=', u->field_length);
+                        if (!c || c == u->field_data) {
+                                log_error("Invalid field.");
+                                return -EINVAL;
+                        }
+
+                        len = c - (const char*)u->field_data;
+
+                        /* need space for label + '\n' */
+                        if (size - pos < len + 1)
+                                return pos;
+
+                        memcpy(buf + pos, u->field_data, len);
+                        buf[pos + len] = '\n';
+                        pos += len + 1;
+
+                        u->field_pos = len + 1;
+                        u->entry_state++;
+                }       /* fall through */
+
+                case ENTRY_BINARY_FIELD_SIZE: {
+                        uint64_t le64;
+
+                        /* need space for uint64_t */
+                        if (size - pos < 8)
+                                return pos;
+
+                        le64 = htole64(u->field_length - u->field_pos);
+                        memcpy(buf + pos, &le64, 8);
+                        pos += 8;
+
+                        u->entry_state++;
+                        continue;
+                }
+
+                case ENTRY_OUTRO:
+                        /* need space for '\n' */
+                        if (size - pos < 1)
+                                return pos;
+
+                        buf[pos++] = '\n';
+                        u->entry_state++;
+                        u->entries_sent++;
+
+                        return pos;
+
+                default:
+                        assert_not_reached("WTF?");
+                }
+        }
+        assert_not_reached("WTF?");
+}
+
+static inline void check_update_watchdog(Uploader *u) {
+        usec_t after;
+        usec_t elapsed_time;
+
+        if (u->watchdog_usec <= 0)
+                return;
+
+        after = now(CLOCK_MONOTONIC);
+        elapsed_time = usec_sub(after, u->watchdog_timestamp);
+        if (elapsed_time > u->watchdog_usec / 2) {
+                log_debug("Update watchdog timer");
+                sd_notify(false, "WATCHDOG=1");
+                u->watchdog_timestamp = after;
+        }
+}
+
+static size_t journal_input_callback(void *buf, size_t size, size_t nmemb, void *userp) {
+        Uploader *u = userp;
+        int r;
+        sd_journal *j;
+        size_t filled = 0;
+        ssize_t w;
+
+        assert(u);
+        assert(nmemb <= SSIZE_MAX / size);
+
+        check_update_watchdog(u);
+
+        j = u->journal;
+
+        while (j && filled < size * nmemb) {
+                if (u->entry_state == ENTRY_DONE) {
+                        r = sd_journal_next(j);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to move to next entry in journal: %m");
+                                return CURL_READFUNC_ABORT;
+                        } else if (r == 0) {
+                                if (u->input_event)
+                                        log_debug("No more entries, waiting for journal.");
+                                else {
+                                        log_info("No more entries, closing journal.");
+                                        close_journal_input(u);
+                                }
+
+                                u->uploading = false;
+
+                                break;
+                        }
+
+                        u->entry_state = ENTRY_CURSOR;
+                }
+
+                w = write_entry((char*)buf + filled, size * nmemb - filled, u);
+                if (w < 0)
+                        return CURL_READFUNC_ABORT;
+                filled += w;
+
+                if (filled == 0) {
+                        log_error("Buffer space is too small to write entry.");
+                        return CURL_READFUNC_ABORT;
+                } else if (u->entry_state != ENTRY_DONE)
+                        /* This means that all available space was used up */
+                        break;
+
+                log_debug("Entry %zu (%s) has been uploaded.",
+                          u->entries_sent, u->current_cursor);
+        }
+
+        return filled;
+}
+
+void close_journal_input(Uploader *u) {
+        assert(u);
+
+        if (u->journal) {
+                log_debug("Closing journal input.");
+
+                sd_journal_close(u->journal);
+                u->journal = NULL;
+        }
+        u->timeout = 0;
+}
+
+static int process_journal_input(Uploader *u, int skip) {
+        int r;
+
+        if (u->uploading)
+                return 0;
+
+        r = sd_journal_next_skip(u->journal, skip);
+        if (r < 0)
+                return log_error_errno(r, "Failed to skip to next entry: %m");
+        else if (r < skip)
+                return 0;
+
+        /* have data */
+        u->entry_state = ENTRY_CURSOR;
+        return start_upload(u, journal_input_callback, u);
+}
+
+int check_journal_input(Uploader *u) {
+        if (u->input_event) {
+                int r;
+
+                r = sd_journal_process(u->journal);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to process journal: %m");
+                        close_journal_input(u);
+                        return r;
+                }
+
+                if (r == SD_JOURNAL_NOP)
+                        return 0;
+        }
+
+        return process_journal_input(u, 1);
+}
+
+static int dispatch_journal_input(sd_event_source *event,
+                                  int fd,
+                                  uint32_t revents,
+                                  void *userp) {
+        Uploader *u = userp;
+
+        assert(u);
+
+        if (u->uploading)
+                return 0;
+
+        log_debug("Detected journal input, checking for new data.");
+        return check_journal_input(u);
+}
+
+int open_journal_for_upload(Uploader *u,
+                            sd_journal *j,
+                            const char *cursor,
+                            bool after_cursor,
+                            bool follow) {
+        int fd, r, events;
+
+        u->journal = j;
+
+        sd_journal_set_data_threshold(j, 0);
+
+        if (follow) {
+                fd = sd_journal_get_fd(j);
+                if (fd < 0)
+                        return log_error_errno(fd, "sd_journal_get_fd failed: %m");
+
+                events = sd_journal_get_events(j);
+
+                r = sd_journal_reliable_fd(j);
+                assert(r >= 0);
+                if (r > 0)
+                        u->timeout = -1;
+                else
+                        u->timeout = JOURNAL_UPLOAD_POLL_TIMEOUT;
+
+                r = sd_event_add_io(u->events, &u->input_event,
+                                    fd, events, dispatch_journal_input, u);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to register input event: %m");
+
+                log_debug("Listening for journal events on fd:%d, timeout %d",
+                          fd, u->timeout == (uint64_t) -1 ? -1 : (int) u->timeout);
+        } else
+                log_debug("Not listening for journal events.");
+
+        if (cursor) {
+                r = sd_journal_seek_cursor(j, cursor);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to seek to cursor %s: %m",
+                                               cursor);
+        }
+
+        return process_journal_input(u, 1 + !!after_cursor);
+}
diff --git a/src/grp-journal-remote/systemd-journal-upload/journal-upload.c b/src/grp-journal-remote/systemd-journal-upload/journal-upload.c
new file mode 100644
index 0000000000..e622f6c1e1
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-upload/journal-upload.c
@@ -0,0 +1,880 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <curl/curl.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <sys/stat.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "conf-parser.h"
+#include "def.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "glob-util.h"
+#include "journal-upload.h"
+#include "log.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "sigbus.h"
+#include "signal-util.h"
+#include "string-util.h"
+#include "util.h"
+
+#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem"
+#define CERT_FILE     CERTIFICATE_ROOT "/certs/journal-upload.pem"
+#define TRUST_FILE    CERTIFICATE_ROOT "/ca/trusted.pem"
+#define DEFAULT_PORT  19532
+
+static const char* arg_url = NULL;
+static const char *arg_key = NULL;
+static const char *arg_cert = NULL;
+static const char *arg_trust = NULL;
+static const char *arg_directory = NULL;
+static char **arg_file = NULL;
+static const char *arg_cursor = NULL;
+static bool arg_after_cursor = false;
+static int arg_journal_type = 0;
+static const char *arg_machine = NULL;
+static bool arg_merge = false;
+static int arg_follow = -1;
+static const char *arg_save_state = NULL;
+
+static void close_fd_input(Uploader *u);
+
+#define SERVER_ANSWER_KEEP 2048
+
+#define STATE_FILE "/var/lib/systemd/journal-upload/state"
+
+#define easy_setopt(curl, opt, value, level, cmd)                       \
+        do {                                                            \
+                code = curl_easy_setopt(curl, opt, value);              \
+                if (code) {                                             \
+                        log_full(level,                                 \
+                                 "curl_easy_setopt " #opt " failed: %s", \
+                                  curl_easy_strerror(code));            \
+                        cmd;                                            \
+                }                                                       \
+        } while (0)
+
+static size_t output_callback(char *buf,
+                              size_t size,
+                              size_t nmemb,
+                              void *userp) {
+        Uploader *u = userp;
+
+        assert(u);
+
+        log_debug("The server answers (%zu bytes): %.*s",
+                  size*nmemb, (int)(size*nmemb), buf);
+
+        if (nmemb && !u->answer) {
+                u->answer = strndup(buf, size*nmemb);
+                if (!u->answer)
+                        log_warning_errno(ENOMEM, "Failed to store server answer (%zu bytes): %m",
+                                          size*nmemb);
+        }
+
+        return size * nmemb;
+}
+
+static int check_cursor_updating(Uploader *u) {
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        if (!u->state_file)
+                return 0;
+
+        r = mkdir_parents(u->state_file, 0755);
+        if (r < 0)
+                return log_error_errno(r, "Cannot create parent directory of state file %s: %m",
+                                       u->state_file);
+
+        r = fopen_temporary(u->state_file, &f, &temp_path);
+        if (r < 0)
+                return log_error_errno(r, "Cannot save state to %s: %m",
+                                       u->state_file);
+        unlink(temp_path);
+
+        return 0;
+}
+
+static int update_cursor_state(Uploader *u) {
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        if (!u->state_file || !u->last_cursor)
+                return 0;
+
+        r = fopen_temporary(u->state_file, &f, &temp_path);
+        if (r < 0)
+                goto fail;
+
+        fprintf(f,
+                "# This is private data. Do not parse.\n"
+                "LAST_CURSOR=%s\n",
+                u->last_cursor);
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, u->state_file) < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        if (temp_path)
+                (void) unlink(temp_path);
+
+        (void) unlink(u->state_file);
+
+        return log_error_errno(r, "Failed to save state %s: %m", u->state_file);
+}
+
+static int load_cursor_state(Uploader *u) {
+        int r;
+
+        if (!u->state_file)
+                return 0;
+
+        r = parse_env_file(u->state_file, NEWLINE,
+                           "LAST_CURSOR",  &u->last_cursor,
+                           NULL);
+
+        if (r == -ENOENT)
+                log_debug("State file %s is not present.", u->state_file);
+        else if (r < 0)
+                return log_error_errno(r, "Failed to read state file %s: %m",
+                                       u->state_file);
+        else
+                log_debug("Last cursor was %s", u->last_cursor);
+
+        return 0;
+}
+
+
+
+int start_upload(Uploader *u,
+                 size_t (*input_callback)(void *ptr,
+                                          size_t size,
+                                          size_t nmemb,
+                                          void *userdata),
+                 void *data) {
+        CURLcode code;
+
+        assert(u);
+        assert(input_callback);
+
+        if (!u->header) {
+                struct curl_slist *h;
+
+                h = curl_slist_append(NULL, "Content-Type: application/vnd.fdo.journal");
+                if (!h)
+                        return log_oom();
+
+                h = curl_slist_append(h, "Transfer-Encoding: chunked");
+                if (!h) {
+                        curl_slist_free_all(h);
+                        return log_oom();
+                }
+
+                h = curl_slist_append(h, "Accept: text/plain");
+                if (!h) {
+                        curl_slist_free_all(h);
+                        return log_oom();
+                }
+
+                u->header = h;
+        }
+
+        if (!u->easy) {
+                CURL *curl;
+
+                curl = curl_easy_init();
+                if (!curl) {
+                        log_error("Call to curl_easy_init failed.");
+                        return -ENOSR;
+                }
+
+                /* tell it to POST to the URL */
+                easy_setopt(curl, CURLOPT_POST, 1L,
+                            LOG_ERR, return -EXFULL);
+
+                easy_setopt(curl, CURLOPT_ERRORBUFFER, u->error,
+                            LOG_ERR, return -EXFULL);
+
+                /* set where to write to */
+                easy_setopt(curl, CURLOPT_WRITEFUNCTION, output_callback,
+                            LOG_ERR, return -EXFULL);
+
+                easy_setopt(curl, CURLOPT_WRITEDATA, data,
+                            LOG_ERR, return -EXFULL);
+
+                /* set where to read from */
+                easy_setopt(curl, CURLOPT_READFUNCTION, input_callback,
+                            LOG_ERR, return -EXFULL);
+
+                easy_setopt(curl, CURLOPT_READDATA, data,
+                            LOG_ERR, return -EXFULL);
+
+                /* use our special own mime type and chunked transfer */
+                easy_setopt(curl, CURLOPT_HTTPHEADER, u->header,
+                            LOG_ERR, return -EXFULL);
+
+                if (_unlikely_(log_get_max_level() >= LOG_DEBUG))
+                        /* enable verbose for easier tracing */
+                        easy_setopt(curl, CURLOPT_VERBOSE, 1L, LOG_WARNING, );
+
+                easy_setopt(curl, CURLOPT_USERAGENT,
+                            "systemd-journal-upload " PACKAGE_STRING,
+                            LOG_WARNING, );
+
+                if (arg_key || startswith(u->url, "https://")) {
+                        easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: PRIV_KEY_FILE,
+                                    LOG_ERR, return -EXFULL);
+                        easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE,
+                                    LOG_ERR, return -EXFULL);
+                }
+
+                if (streq_ptr(arg_trust, "all"))
+                        easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0,
+                                    LOG_ERR, return -EUCLEAN);
+                else if (arg_trust || startswith(u->url, "https://"))
+                        easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE,
+                                    LOG_ERR, return -EXFULL);
+
+                if (arg_key || arg_trust)
+                        easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1,
+                                    LOG_WARNING, );
+
+                u->easy = curl;
+        } else {
+                /* truncate the potential old error message */
+                u->error[0] = '\0';
+
+                free(u->answer);
+                u->answer = 0;
+        }
+
+        /* upload to this place */
+        code = curl_easy_setopt(u->easy, CURLOPT_URL, u->url);
+        if (code) {
+                log_error("curl_easy_setopt CURLOPT_URL failed: %s",
+                          curl_easy_strerror(code));
+                return -EXFULL;
+        }
+
+        u->uploading = true;
+
+        return 0;
+}
+
+static size_t fd_input_callback(void *buf, size_t size, size_t nmemb, void *userp) {
+        Uploader *u = userp;
+
+        ssize_t r;
+
+        assert(u);
+        assert(nmemb <= SSIZE_MAX / size);
+
+        if (u->input < 0)
+                return 0;
+
+        r = read(u->input, buf, size * nmemb);
+        log_debug("%s: allowed %zu, read %zd", __func__, size*nmemb, r);
+
+        if (r > 0)
+                return r;
+
+        u->uploading = false;
+        if (r == 0) {
+                log_debug("Reached EOF");
+                close_fd_input(u);
+                return 0;
+        } else {
+                log_error_errno(errno, "Aborting transfer after read error on input: %m.");
+                return CURL_READFUNC_ABORT;
+        }
+}
+
+static void close_fd_input(Uploader *u) {
+        assert(u);
+
+        if (u->input >= 0)
+                close_nointr(u->input);
+        u->input = -1;
+        u->timeout = 0;
+}
+
+static int dispatch_fd_input(sd_event_source *event,
+                             int fd,
+                             uint32_t revents,
+                             void *userp) {
+        Uploader *u = userp;
+
+        assert(u);
+        assert(fd >= 0);
+
+        if (revents & EPOLLHUP) {
+                log_debug("Received HUP");
+                close_fd_input(u);
+                return 0;
+        }
+
+        if (!(revents & EPOLLIN)) {
+                log_warning("Unexpected poll event %"PRIu32".", revents);
+                return -EINVAL;
+        }
+
+        if (u->uploading) {
+                log_warning("dispatch_fd_input called when uploading, ignoring.");
+                return 0;
+        }
+
+        return start_upload(u, fd_input_callback, u);
+}
+
+static int open_file_for_upload(Uploader *u, const char *filename) {
+        int fd, r = 0;
+
+        if (streq(filename, "-"))
+                fd = STDIN_FILENO;
+        else {
+                fd = open(filename, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+                if (fd < 0)
+                        return log_error_errno(errno, "Failed to open %s: %m", filename);
+        }
+
+        u->input = fd;
+
+        if (arg_follow) {
+                r = sd_event_add_io(u->events, &u->input_event,
+                                    fd, EPOLLIN, dispatch_fd_input, u);
+                if (r < 0) {
+                        if (r != -EPERM || arg_follow > 0)
+                                return log_error_errno(r, "Failed to register input event: %m");
+
+                        /* Normal files should just be consumed without polling. */
+                        r = start_upload(u, fd_input_callback, u);
+                }
+        }
+
+        return r;
+}
+
+static int dispatch_sigterm(sd_event_source *event,
+                            const struct signalfd_siginfo *si,
+                            void *userdata) {
+        Uploader *u = userdata;
+
+        assert(u);
+
+        log_received_signal(LOG_INFO, si);
+
+        close_fd_input(u);
+        close_journal_input(u);
+
+        sd_event_exit(u->events, 0);
+        return 0;
+}
+
+static int setup_signals(Uploader *u) {
+        int r;
+
+        assert(u);
+
+        assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, -1) >= 0);
+
+        r = sd_event_add_signal(u->events, &u->sigterm_event, SIGTERM, dispatch_sigterm, u);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_signal(u->events, &u->sigint_event, SIGINT, dispatch_sigterm, u);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int setup_uploader(Uploader *u, const char *url, const char *state_file) {
+        int r;
+        const char *host, *proto = "";
+
+        assert(u);
+        assert(url);
+
+        memzero(u, sizeof(Uploader));
+        u->input = -1;
+
+        if (!(host = startswith(url, "http://")) && !(host = startswith(url, "https://"))) {
+                host = url;
+                proto = "https://";
+        }
+
+        if (strchr(host, ':'))
+                u->url = strjoin(proto, url, "/upload", NULL);
+        else {
+                char *t;
+                size_t x;
+
+                t = strdupa(url);
+                x = strlen(t);
+                while (x > 0 && t[x - 1] == '/')
+                        t[x - 1] = '\0';
+
+                u->url = strjoin(proto, t, ":" STRINGIFY(DEFAULT_PORT), "/upload", NULL);
+        }
+        if (!u->url)
+                return log_oom();
+
+        u->state_file = state_file;
+
+        r = sd_event_default(&u->events);
+        if (r < 0)
+                return log_error_errno(r, "sd_event_default failed: %m");
+
+        r = setup_signals(u);
+        if (r < 0)
+                return log_error_errno(r, "Failed to set up signals: %m");
+
+        (void) sd_watchdog_enabled(false, &u->watchdog_usec);
+
+        return load_cursor_state(u);
+}
+
+static void destroy_uploader(Uploader *u) {
+        assert(u);
+
+        curl_easy_cleanup(u->easy);
+        curl_slist_free_all(u->header);
+        free(u->answer);
+
+        free(u->last_cursor);
+        free(u->current_cursor);
+
+        free(u->url);
+
+        u->input_event = sd_event_source_unref(u->input_event);
+
+        close_fd_input(u);
+        close_journal_input(u);
+
+        sd_event_source_unref(u->sigterm_event);
+        sd_event_source_unref(u->sigint_event);
+        sd_event_unref(u->events);
+}
+
+static int perform_upload(Uploader *u) {
+        CURLcode code;
+        long status;
+
+        assert(u);
+
+        u->watchdog_timestamp = now(CLOCK_MONOTONIC);
+        code = curl_easy_perform(u->easy);
+        if (code) {
+                if (u->error[0])
+                        log_error("Upload to %s failed: %.*s",
+                                  u->url, (int) sizeof(u->error), u->error);
+                else
+                        log_error("Upload to %s failed: %s",
+                                  u->url, curl_easy_strerror(code));
+                return -EIO;
+        }
+
+        code = curl_easy_getinfo(u->easy, CURLINFO_RESPONSE_CODE, &status);
+        if (code) {
+                log_error("Failed to retrieve response code: %s",
+                          curl_easy_strerror(code));
+                return -EUCLEAN;
+        }
+
+        if (status >= 300) {
+                log_error("Upload to %s failed with code %ld: %s",
+                          u->url, status, strna(u->answer));
+                return -EIO;
+        } else if (status < 200) {
+                log_error("Upload to %s finished with unexpected code %ld: %s",
+                          u->url, status, strna(u->answer));
+                return -EIO;
+        } else
+                log_debug("Upload finished successfully with code %ld: %s",
+                          status, strna(u->answer));
+
+        free(u->last_cursor);
+        u->last_cursor = u->current_cursor;
+        u->current_cursor = NULL;
+
+        return update_cursor_state(u);
+}
+
+static int parse_config(void) {
+        const ConfigTableItem items[] = {
+                { "Upload",  "URL",                    config_parse_string, 0, &arg_url    },
+                { "Upload",  "ServerKeyFile",          config_parse_path,   0, &arg_key    },
+                { "Upload",  "ServerCertificateFile",  config_parse_path,   0, &arg_cert   },
+                { "Upload",  "TrustedCertificateFile", config_parse_path,   0, &arg_trust  },
+                {}};
+
+        return config_parse_many(PKGSYSCONFDIR "/journal-upload.conf",
+                                 CONF_PATHS_NULSTR("systemd/journal-upload.conf.d"),
+                                 "Upload\0", config_item_table_lookup, items,
+                                 false, NULL);
+}
+
+static void help(void) {
+        printf("%s -u URL {FILE|-}...\n\n"
+               "Upload journal events to a remote server.\n\n"
+               "  -h --help                 Show this help\n"
+               "     --version              Show package version\n"
+               "  -u --url=URL              Upload to this address (default port "
+                                            STRINGIFY(DEFAULT_PORT) ")\n"
+               "     --key=FILENAME         Specify key in PEM format (default:\n"
+               "                            \"" PRIV_KEY_FILE "\")\n"
+               "     --cert=FILENAME        Specify certificate in PEM format (default:\n"
+               "                            \"" CERT_FILE "\")\n"
+               "     --trust=FILENAME|all   Specify CA certificate or disable checking (default:\n"
+               "                            \"" TRUST_FILE "\")\n"
+               "     --system               Use the system journal\n"
+               "     --user                 Use the user journal for the current user\n"
+               "  -m --merge                Use  all available journals\n"
+               "  -M --machine=CONTAINER    Operate on local container\n"
+               "  -D --directory=PATH       Use journal files from directory\n"
+               "     --file=PATH            Use this journal file\n"
+               "     --cursor=CURSOR        Start at the specified cursor\n"
+               "     --after-cursor=CURSOR  Start after the specified cursor\n"
+               "     --follow[=BOOL]        Do [not] wait for input\n"
+               "     --save-state[=FILE]    Save uploaded cursors (default \n"
+               "                            " STATE_FILE ")\n"
+               "  -h --help                 Show this help and exit\n"
+               "     --version              Print version string and exit\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_KEY,
+                ARG_CERT,
+                ARG_TRUST,
+                ARG_USER,
+                ARG_SYSTEM,
+                ARG_FILE,
+                ARG_CURSOR,
+                ARG_AFTER_CURSOR,
+                ARG_FOLLOW,
+                ARG_SAVE_STATE,
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'                },
+                { "version",      no_argument,       NULL, ARG_VERSION        },
+                { "url",          required_argument, NULL, 'u'                },
+                { "key",          required_argument, NULL, ARG_KEY            },
+                { "cert",         required_argument, NULL, ARG_CERT           },
+                { "trust",        required_argument, NULL, ARG_TRUST          },
+                { "system",       no_argument,       NULL, ARG_SYSTEM         },
+                { "user",         no_argument,       NULL, ARG_USER           },
+                { "merge",        no_argument,       NULL, 'm'                },
+                { "machine",      required_argument, NULL, 'M'                },
+                { "directory",    required_argument, NULL, 'D'                },
+                { "file",         required_argument, NULL, ARG_FILE           },
+                { "cursor",       required_argument, NULL, ARG_CURSOR         },
+                { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR   },
+                { "follow",       optional_argument, NULL, ARG_FOLLOW         },
+                { "save-state",   optional_argument, NULL, ARG_SAVE_STATE     },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        opterr = 0;
+
+        while ((c = getopt_long(argc, argv, "hu:mM:D:", options, NULL)) >= 0)
+                switch(c) {
+                case 'h':
+                        help();
+                        return 0 /* done */;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'u':
+                        if (arg_url) {
+                                log_error("cannot use more than one --url");
+                                return -EINVAL;
+                        }
+
+                        arg_url = optarg;
+                        break;
+
+                case ARG_KEY:
+                        if (arg_key) {
+                                log_error("cannot use more than one --key");
+                                return -EINVAL;
+                        }
+
+                        arg_key = optarg;
+                        break;
+
+                case ARG_CERT:
+                        if (arg_cert) {
+                                log_error("cannot use more than one --cert");
+                                return -EINVAL;
+                        }
+
+                        arg_cert = optarg;
+                        break;
+
+                case ARG_TRUST:
+                        if (arg_trust) {
+                                log_error("cannot use more than one --trust");
+                                return -EINVAL;
+                        }
+
+                        arg_trust = optarg;
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_journal_type |= SD_JOURNAL_SYSTEM;
+                        break;
+
+                case ARG_USER:
+                        arg_journal_type |= SD_JOURNAL_CURRENT_USER;
+                        break;
+
+                case 'm':
+                        arg_merge = true;
+                        break;
+
+                case 'M':
+                        if (arg_machine) {
+                                log_error("cannot use more than one --machine/-M");
+                                return -EINVAL;
+                        }
+
+                        arg_machine = optarg;
+                        break;
+
+                case 'D':
+                        if (arg_directory) {
+                                log_error("cannot use more than one --directory/-D");
+                                return -EINVAL;
+                        }
+
+                        arg_directory = optarg;
+                        break;
+
+                case ARG_FILE:
+                        r = glob_extend(&arg_file, optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to add paths: %m");
+                        break;
+
+                case ARG_CURSOR:
+                        if (arg_cursor) {
+                                log_error("cannot use more than one --cursor/--after-cursor");
+                                return -EINVAL;
+                        }
+
+                        arg_cursor = optarg;
+                        break;
+
+                case ARG_AFTER_CURSOR:
+                        if (arg_cursor) {
+                                log_error("cannot use more than one --cursor/--after-cursor");
+                                return -EINVAL;
+                        }
+
+                        arg_cursor = optarg;
+                        arg_after_cursor = true;
+                        break;
+
+                case ARG_FOLLOW:
+                        if (optarg) {
+                                r = parse_boolean(optarg);
+                                if (r < 0) {
+                                        log_error("Failed to parse --follow= parameter.");
+                                        return -EINVAL;
+                                }
+
+                                arg_follow = !!r;
+                        } else
+                                arg_follow = true;
+
+                        break;
+
+                case ARG_SAVE_STATE:
+                        arg_save_state = optarg ?: STATE_FILE;
+                        break;
+
+                case '?':
+                        log_error("Unknown option %s.", argv[optind-1]);
+                        return -EINVAL;
+
+                case ':':
+                        log_error("Missing argument to %s.", argv[optind-1]);
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option code.");
+                }
+
+        if (!arg_url) {
+                log_error("Required --url/-u option missing.");
+                return -EINVAL;
+        }
+
+        if (!!arg_key != !!arg_cert) {
+                log_error("Options --key and --cert must be used together.");
+                return -EINVAL;
+        }
+
+        if (optind < argc && (arg_directory || arg_file || arg_machine || arg_journal_type)) {
+                log_error("Input arguments make no sense with journal input.");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+static int open_journal(sd_journal **j) {
+        int r;
+
+        if (arg_directory)
+                r = sd_journal_open_directory(j, arg_directory, arg_journal_type);
+        else if (arg_file)
+                r = sd_journal_open_files(j, (const char**) arg_file, 0);
+        else if (arg_machine)
+                r = sd_journal_open_container(j, arg_machine, 0);
+        else
+                r = sd_journal_open(j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
+        if (r < 0)
+                log_error_errno(r, "Failed to open %s: %m",
+                                arg_directory ? arg_directory : arg_file ? "files" : "journal");
+        return r;
+}
+
+int main(int argc, char **argv) {
+        Uploader u;
+        int r;
+        bool use_journal;
+
+        log_show_color(true);
+        log_parse_environment();
+
+        r = parse_config();
+        if (r < 0)
+                goto finish;
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        sigbus_install();
+
+        r = setup_uploader(&u, arg_url, arg_save_state);
+        if (r < 0)
+                goto cleanup;
+
+        sd_event_set_watchdog(u.events, true);
+
+        r = check_cursor_updating(&u);
+        if (r < 0)
+                goto cleanup;
+
+        log_debug("%s running as pid "PID_FMT,
+                  program_invocation_short_name, getpid());
+
+        use_journal = optind >= argc;
+        if (use_journal) {
+                sd_journal *j;
+                r = open_journal(&j);
+                if (r < 0)
+                        goto finish;
+                r = open_journal_for_upload(&u, j,
+                                            arg_cursor ?: u.last_cursor,
+                                            arg_cursor ? arg_after_cursor : true,
+                                            !!arg_follow);
+                if (r < 0)
+                        goto finish;
+        }
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing input...");
+
+        for (;;) {
+                r = sd_event_get_state(u.events);
+                if (r < 0)
+                        break;
+                if (r == SD_EVENT_FINISHED)
+                        break;
+
+                if (use_journal) {
+                        if (!u.journal)
+                                break;
+
+                        r = check_journal_input(&u);
+                } else if (u.input < 0 && !use_journal) {
+                        if (optind >= argc)
+                                break;
+
+                        log_debug("Using %s as input.", argv[optind]);
+                        r = open_file_for_upload(&u, argv[optind++]);
+                }
+                if (r < 0)
+                        goto cleanup;
+
+                if (u.uploading) {
+                        r = perform_upload(&u);
+                        if (r < 0)
+                                break;
+                }
+
+                r = sd_event_run(u.events, u.timeout);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to run event loop: %m");
+                        break;
+                }
+        }
+
+cleanup:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Shutting down...");
+
+        destroy_uploader(&u);
+
+finish:
+        return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
diff --git a/src/journal-remote/journal-upload.conf.in b/src/grp-journal-remote/systemd-journal-upload/journal-upload.conf.in
index c5670682e8..c5670682e8 100644
--- a/src/journal-remote/journal-upload.conf.in
+++ b/src/grp-journal-remote/systemd-journal-upload/journal-upload.conf.in
diff --git a/src/grp-journal-remote/systemd-journal-upload/journal-upload.h b/src/grp-journal-remote/systemd-journal-upload/journal-upload.h
new file mode 100644
index 0000000000..4a521bf78f
--- /dev/null
+++ b/src/grp-journal-remote/systemd-journal-upload/journal-upload.h
@@ -0,0 +1,71 @@
+#pragma once
+
+#include <inttypes.h>
+
+#include <systemd/sd-event.h>
+#include <systemd/sd-journal.h>
+#include "time-util.h"
+
+typedef enum {
+        ENTRY_CURSOR = 0,           /* Nothing actually written yet. */
+        ENTRY_REALTIME,
+        ENTRY_MONOTONIC,
+        ENTRY_BOOT_ID,
+        ENTRY_NEW_FIELD,            /* In between fields. */
+        ENTRY_TEXT_FIELD,           /* In the middle of a text field. */
+        ENTRY_BINARY_FIELD_START,   /* Writing the name of a binary field. */
+        ENTRY_BINARY_FIELD_SIZE,    /* Writing the size of a binary field. */
+        ENTRY_BINARY_FIELD,         /* In the middle of a binary field. */
+        ENTRY_OUTRO,                /* Writing '\n' */
+        ENTRY_DONE,                 /* Need to move to a new field. */
+} entry_state;
+
+typedef struct Uploader {
+        sd_event *events;
+        sd_event_source *sigint_event, *sigterm_event;
+
+        char *url;
+        CURL *easy;
+        bool uploading;
+        char error[CURL_ERROR_SIZE];
+        struct curl_slist *header;
+        char *answer;
+
+        sd_event_source *input_event;
+        uint64_t timeout;
+
+        /* fd stuff */
+        int input;
+
+        /* journal stuff */
+        sd_journal* journal;
+
+        entry_state entry_state;
+        const void *field_data;
+        size_t field_pos, field_length;
+
+        /* general metrics */
+        const char *state_file;
+
+        size_t entries_sent;
+        char *last_cursor, *current_cursor;
+        usec_t watchdog_timestamp;
+        usec_t watchdog_usec;
+} Uploader;
+
+#define JOURNAL_UPLOAD_POLL_TIMEOUT (10 * USEC_PER_SEC)
+
+int start_upload(Uploader *u,
+                 size_t (*input_callback)(void *ptr,
+                                          size_t size,
+                                          size_t nmemb,
+                                          void *userdata),
+                 void *data);
+
+int open_journal_for_upload(Uploader *u,
+                            sd_journal *j,
+                            const char *cursor,
+                            bool after_cursor,
+                            bool follow);
+void close_journal_input(Uploader *u);
+int check_journal_input(Uploader *u);
diff --git a/src/journal/.gitignore b/src/grp-journal/.gitignore
index 04d5852547..04d5852547 100644
--- a/src/journal/.gitignore
+++ b/src/grp-journal/.gitignore
diff --git a/src/grp-journal/Makefile b/src/grp-journal/Makefile
new file mode 100644
index 0000000000..fcefb81581
--- /dev/null
+++ b/src/grp-journal/Makefile
@@ -0,0 +1,170 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+test_journal_SOURCES = \
+	src/journal/test-journal.c
+
+test_journal_LDADD = \
+	libjournal-core.la
+
+test_journal_send_SOURCES = \
+	src/journal/test-journal-send.c
+
+test_journal_send_LDADD = \
+	libjournal-core.la
+
+test_journal_syslog_SOURCES = \
+	src/journal/test-journal-syslog.c
+
+test_journal_syslog_LDADD = \
+	libjournal-core.la
+
+test_journal_match_SOURCES = \
+	src/journal/test-journal-match.c
+
+test_journal_match_LDADD = \
+	libjournal-core.la
+
+test_journal_enum_SOURCES = \
+	src/journal/test-journal-enum.c
+
+test_journal_enum_LDADD = \
+	libjournal-core.la
+
+test_journal_stream_SOURCES = \
+	src/journal/test-journal-stream.c
+
+test_journal_stream_LDADD = \
+	libjournal-core.la
+
+test_journal_flush_SOURCES = \
+	src/journal/test-journal-flush.c
+
+test_journal_flush_LDADD = \
+	libjournal-core.la
+
+test_journal_init_SOURCES = \
+	src/journal/test-journal-init.c
+
+test_journal_init_LDADD = \
+	libjournal-core.la
+
+test_journal_verify_SOURCES = \
+	src/journal/test-journal-verify.c
+
+test_journal_verify_LDADD = \
+	libjournal-core.la
+
+test_journal_interleaving_SOURCES = \
+	src/journal/test-journal-interleaving.c
+
+test_journal_interleaving_LDADD = \
+	libjournal-core.la
+
+test_mmap_cache_SOURCES = \
+	src/journal/test-mmap-cache.c
+
+test_mmap_cache_LDADD = \
+	libjournal-core.la
+
+test_catalog_SOURCES = \
+	src/journal/test-catalog.c
+
+test_catalog_CPPFLAGS = \
+	$(AM_CPPFLAGS) \
+	-DCATALOG_DIR=\"$(abs_top_srcdir)/catalog\"
+
+test_catalog_LDADD = \
+	libjournal-core.la
+
+test_compress_SOURCES = \
+	src/journal/test-compress.c
+
+test_compress_LDADD = \
+	libshared.la
+
+test_compress_benchmark_SOURCES = \
+	src/journal/test-compress-benchmark.c
+
+test_compress_benchmark_LDADD = \
+	libshared.la
+
+test_audit_type_SOURCES = \
+	src/journal/test-audit-type.c
+
+test_audit_type_LDADD = \
+	libjournal-core.la
+
+journal-install-hook:
+	-$(MKDIR_P) $(DESTDIR)/var/log/journal
+	-chown 0:0 $(DESTDIR)/var/log/journal
+	-chmod 755 $(DESTDIR)/var/log/journal
+	-setfacl -nm g:adm:rx,d:g:adm:rx $(DESTDIR)/var/log/journal/
+	-setfacl -nm g:wheel:rx,d:g:wheel:rx $(DESTDIR)/var/log/journal/
+
+journal-uninstall-hook:
+	-rmdir $(DESTDIR)/var/log/journal/remote
+	-rmdir $(DESTDIR)/var/log/journal/
+
+INSTALL_EXEC_HOOKS += journal-install-hook
+UNINSTALL_EXEC_HOOKS += journal-uninstall-hook
+
+# ------------------------------------------------------------------------------
+# Update catalog on installation. Do not bother if installing
+# in DESTDIR, since this is likely for packaging purposes.
+catalog-update-hook:
+	-test -n "$(DESTDIR)" || $(rootbindir)/journalctl --update-catalog
+
+INSTALL_DATA_HOOKS += \
+	catalog-update-hook
+
+catalog-remove-hook:
+	-test -n "$(DESTDIR)" || rm -f $(catalogstatedir)/database
+
+UNINSTALL_DATA_HOOKS += \
+	catalog-remove-hook
+
+tests += \
+	test-journal \
+	test-journal-enum \
+	test-journal-send \
+	test-journal-syslog \
+	test-journal-match \
+	test-journal-stream \
+	test-journal-init \
+	test-journal-verify \
+	test-journal-interleaving \
+	test-journal-flush \
+	test-mmap-cache \
+	test-catalog \
+	test-audit-type
+
+ifneq ($(HAVE_COMPRESSION),)
+tests += \
+	test-compress \
+	test-compress-benchmark
+endif # HAVE_COMPRESSION
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-journal/catalog/systemd.be.catalog b/src/grp-journal/catalog/systemd.be.catalog
new file mode 100644
index 0000000000..051f49492f
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.be.catalog
@@ -0,0 +1,260 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2015 Viktar Vaŭčkievič
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Belarusian translation
+
+# The catalog format is documented on
+# Фармат каталога апісаны на старонцы
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Сэрвіс журналявання запусціўся
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Працэс сістэмнага журналявання запусціўся, адкрыў файлы для
+запісу і гатовы апрацоўваць запыты.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Сэрвіс журналявання спыніўся
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Працэс сістэмнага журналявання спыніўся і закрыў усе файлы.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Паведамленні з сэрвісу адкінуты
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Сэрвіс адправіў занадта штат паведамленняў за кароткі прамежак часу.
+Частка паведамленняў была адкінута.
+
+Майце на ўвазе, што былі адкінуты паведамлення толькі гэтага сэрвісу.
+Паведамленні іншых сэрвісаў засталіся.
+
+Мяжа, пасля якой паведамленні будуць адкінуты, наладжваецца з
+дапамогай RateLimitIntervalSec= і RateLimitBurst= у файле
+/etc/systemd/journald.conf. Глядзіце journald.conf(5) для дэталей.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Паведамленні страчаны
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Паведамленні ядра былі страчаны, так як сістэма журналявання не паспела
+іх апрацаваць.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Працэс @COREDUMP_PID@ (@COREDUMP_COMM@) скінуў дамп памяці
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Працэс @COREDUMP_PID@ (@COREDUMP_COMM@) разбіўся і скінуў дамп памяці.
+
+Звычайна гэта сведчыць аб памылцы ў праграмным кодзе.
+Рэкамендуецца паведаміць аб гэтым распрацоўнікам.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Новая сесія № @SESSION_ID@ створана для карыстальніка @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Новая сесія з № @SESSION_ID@ створана для карыстальніка @USER_ID@.
+
+Лідар гэтай сесіі пад № @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Сесія № @SESSION_ID@ спынена
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Сесія № @SESSION_ID@ спынена.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Даступна новае працоўнае месца № @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Новае працоўнае месца № @SEAT_ID@ наладжана і даступна для выкарыстання.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Працоўнае месца № @SEAT_ID@ выдалена
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Працоўнае месца № @SEAT_ID@ выдалена і больш не даступна.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Час зменены
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Сістэмны гадзіннік зменены на @REALTIME@ мікрасекунд ад 1 студзеня 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Часавы пояс зменены на @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Сістэмны часавы пояс зменены на @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Запуск сістэмы завяршыўся
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Усе сістэмныя сэрвісы, неабходныя для загрузкі сістэмы, паспяхова
+запусціліся. Майце на ўвазе, што гэта не значыць, што машына нічога не
+робіць. Магчыма, некаторыя сэрвісы яшчэ ініцыялізіруюцца.
+
+На запуск ядра спатрэбілася @KERNEL_USEC@ мікрасекунд.
+
+На запуск пачатковага RAM-дыска спатрэбілася @INITRD_USEC@ мікрасекунд.
+
+На запуск сістэмных сэрвісаў спатрэбілася @USERSPACE_USEC@ мікрасекунд.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Сістэма перайшла ў стан сну @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Цяпер сістэма перайшла у стан сну @SLEEP@.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Сістэма выйшла са стана сну @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Цяпер сістэма выйшла са стана сну @SLEEP@.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Сістэма завяршае работу
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Пачаўся працэс выключэння сістэмы.
+Спыняюцца ўсе сістэмныя сэрвісы і дэмантуюцца файлавыя сістэмы.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Юніт @UNIT@ запускаецца
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Пачаўся працэс запуску юніта @UNIT@.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Юніт @UNIT@ запусціўся
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Працэс запуску юніта @UNIT@ завершаны.
+
+Вынік: @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Юніт @UNIT@ спыняецца
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Пачаўся працэс спынення юніта @UNIT@.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Юніт @UNIT@ спынены
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Працэс спынення юніта @UNIT@ завершаны.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Збой юніта @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Збой юніта @UNIT@.
+
+Вынік: @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Юніт @UNIT@ перачытвае сваю канфігурацыю
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Юніт @UNIT@ пачаў перачытваць сваю канфігурацыю.
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Юніт @UNIT@ перачытаў сваю канфігурацыю
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Юніт @UNIT@ перачытаў сваю канфігурацыю.
+
+Вынік: @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Працэс @EXECUTABLE@ не можа быць выкананы
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Працэс @EXECUTABLE@ не можа быць выкананы ў выніку збою.
+
+Ён вярнуў памылку нумар @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Sibject: Адно ці больш паведамленняў не былі накіраваны ў syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Адно ці больш паведамленняў не былі накіраваны ў syslog сэрвіс, які
+выконваецца паралельна з journald. Звычайна гэта значыць, што
+рэалізацыя syslog не паспявае апрацаваць паведамленні з неабходнай
+хуткасцю.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Кропка мантавання не пустая
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Каталог @WHERE@ указаны як кропка мантавання (другое поле ў /etc/fstab
+ці Where= поле ў файле юніта systemd) і не пусты. Гэта не перашкаджае
+мантаванню, але існуючыя ў ім файлы будуць недаступны. Для доступу да
+іх, калі ласка, змантуйце гэтую файлавую сістэму ў іншае месца.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Віртуальная машына або кантэйнер запусціўся
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Віртуальная машына @NAME@ з лідарам № @LEADER@ запусцілася і
+гатова для выкарыстання.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Віртуальная машына або кантэйнер спынены
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Віртуальная машына @NAME@ з лідарам № @LEADER@ спынена.
diff --git a/src/grp-journal/catalog/systemd.be@latin.catalog b/src/grp-journal/catalog/systemd.be@latin.catalog
new file mode 100644
index 0000000000..6ab361aafb
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.be@latin.catalog
@@ -0,0 +1,260 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2015 Viktar Vaŭčkievič
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Belarusian Latin translation
+
+# The catalog format is documented on
+# Farmat kataloha apisany na staroncy
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Servis žurnaliavannia zapusciŭsia
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Praces sistemnaha žurnaliavannia zapusciŭsia, adkryŭ fajly dlia
+zapisu i hatovy apracoŭvać zapyty.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Servis žurnaliavannia spyniŭsia
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Praces sistemnaha žurnaliavannia spyniŭsia i zakryŭ usie fajly.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Paviedamlienni z servisu adkinuty
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Servis adpraviŭ zanadta štat paviedamlienniaŭ za karotki pramiežak času.
+Častka paviedamlienniaŭ byla adkinuta.
+
+Majcie na ŭvazie, što byli adkinuty paviedamliennia toĺki hetaha servisu.
+Paviedamlienni inšych servisaŭ zastalisia.
+
+Miaža, paslia jakoj paviedamlienni buduć adkinuty, naladžvajecca z
+dapamohaj RateLimitIntervalSec= i RateLimitBurst= u fajlie
+/etc/systemd/journald.conf. Hliadzicie journald.conf(5) dlia detaliej.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Paviedamlienni stračany
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Paviedamlienni jadra byli stračany, tak jak sistema žurnaliavannia nie paspiela
+ich apracavać.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Praces @COREDUMP_PID@ (@COREDUMP_COMM@) skinuŭ damp pamiaci
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Praces @COREDUMP_PID@ (@COREDUMP_COMM@) razbiŭsia i skinuŭ damp pamiaci.
+
+Zvyčajna heta sviedčyć ab pamylcy ŭ prahramnym kodzie.
+Rekamiendujecca paviedamić ab hetym raspracoŭnikam.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Novaja siesija № @SESSION_ID@ stvorana dlia karystaĺnika @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Novaja siesija z № @SESSION_ID@ stvorana dlia karystaĺnika @USER_ID@.
+
+Lidar hetaj siesii pad № @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Siesija № @SESSION_ID@ spyniena
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Siesija № @SESSION_ID@ spyniena.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Dastupna novaje pracoŭnaje miesca № @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Novaje pracoŭnaje miesca № @SEAT_ID@ naladžana i dastupna dlia vykarystannia.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Pracoŭnaje miesca № @SEAT_ID@ vydaliena
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Pracoŭnaje miesca № @SEAT_ID@ vydaliena i boĺš nie dastupna.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Čas zmienieny
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Sistemny hadzinnik zmienieny na @REALTIME@ mikrasiekund ad 1 studzienia 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Časavy pojas zmienieny na @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Sistemny časavy pojas zmienieny na @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Zapusk sistemy zaviaršyŭsia
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Usie sistemnyja servisy, nieabchodnyja dlia zahruzki sistemy, paspiachova
+zapuscilisia. Majcie na ŭvazie, što heta nie značyć, što mašyna ničoha nie
+robić. Mahčyma, niekatoryja servisy jašče inicyjalizirujucca.
+
+Na zapusk jadra spatrebilasia @KERNEL_USEC@ mikrasiekund.
+
+Na zapusk pačatkovaha RAM-dyska spatrebilasia @INITRD_USEC@ mikrasiekund.
+
+Na zapusk sistemnych servisaŭ spatrebilasia @USERSPACE_USEC@ mikrasiekund.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Sistema pierajšla ŭ stan snu @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Ciapier sistema pierajšla u stan snu @SLEEP@.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Sistema vyjšla sa stana snu @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Ciapier sistema vyjšla sa stana snu @SLEEP@.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Sistema zaviaršaje rabotu
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Pačaŭsia praces vykliučennia sistemy.
+Spyniajucca ŭsie sistemnyja servisy i demantujucca fajlavyja sistemy.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Junit @UNIT@ zapuskajecca
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Pačaŭsia praces zapusku junita @UNIT@.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Junit @UNIT@ zapusciŭsia
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Praces zapusku junita @UNIT@ zavieršany.
+
+Vynik: @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Junit @UNIT@ spyniajecca
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Pačaŭsia praces spyniennia junita @UNIT@.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Junit @UNIT@ spynieny
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Praces spyniennia junita @UNIT@ zavieršany.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Zboj junita @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Zboj junita @UNIT@.
+
+Vynik: @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Junit @UNIT@ pieračytvaje svaju kanfihuracyju
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Junit @UNIT@ pačaŭ pieračytvać svaju kanfihuracyju.
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Junit @UNIT@ pieračytaŭ svaju kanfihuracyju
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Junit @UNIT@ pieračytaŭ svaju kanfihuracyju.
+
+Vynik: @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Praces @EXECUTABLE@ nie moža być vykanany
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Praces @EXECUTABLE@ nie moža być vykanany ŭ vyniku zboju.
+
+Jon viarnuŭ pamylku numar @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Sibject: Adno ci boĺš paviedamlienniaŭ nie byli nakiravany ŭ syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Adno ci boĺš paviedamlienniaŭ nie byli nakiravany ŭ syslog servis, jaki
+vykonvajecca paralieĺna z journald. Zvyčajna heta značyć, što
+realizacyja syslog nie paspiavaje apracavać paviedamlienni z nieabchodnaj
+chutkasciu.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Kropka mantavannia nie pustaja
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Kataloh @WHERE@ ukazany jak kropka mantavannia (druhoje polie ŭ /etc/fstab
+ci Where= polie ŭ fajlie junita systemd) i nie pusty. Heta nie pieraškadžaje
+mantavanniu, alie isnujučyja ŭ im fajly buduć niedastupny. Dlia dostupu da
+ich, kali laska, zmantujcie hetuju fajlavuju sistemu ŭ inšaje miesca.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Virtuaĺnaja mašyna abo kantejnier zapusciŭsia
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Virtuaĺnaja mašyna @NAME@ z lidaram № @LEADER@ zapuscilasia i
+hatova dlia vykarystannia.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Virtuaĺnaja mašyna abo kantejnier spynieny
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Virtuaĺnaja mašyna @NAME@ z lidaram № @LEADER@ spyniena.
diff --git a/src/grp-journal/catalog/systemd.bg.catalog b/src/grp-journal/catalog/systemd.bg.catalog
new file mode 100644
index 0000000000..30246c0bbe
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.bg.catalog
@@ -0,0 +1,324 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2016 Alexander Shopov <ash@kambanaria.org>
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+
+# The catalog format is documented on
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Журналният процес е пуснат
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Журналният процес на системата е стартирал, отворил е журналните файлове
+за запис и може да приема заявки.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Журналният процес е спрян
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Журналният процес на системата е спрян, затворени са всички отворени
+журнални файлове.
+
+-- ec387f577b844b8fa948f33cad9a75e6
+Subject: Пространството върху диска заето от журналните файлове
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@JOURNAL_NAME@ (@JOURNAL_PATH@) в момента заема @CURRENT_USE_PRETTY@.
+Максималният зададен размер е @MAX_USE_PRETTY@.
+Свободни се оставят поне @DISK_KEEP_FREE_PRETTY@ (от текущо наличните @DISK_AVAILABLE_PRETTY@).
+Максималният наложен размер е @LIMIT_PRETTY@, от който @AVAILABLE_PRETTY@ са свободни.
+
+Настройките за максималния размер на журнала върху диска се
+управляват чрез директивите „SystemMaxUse=“, „SystemKeepFree=“,
+„SystemMaxFileSize=“, „RuntimeMaxUse=“, „RuntimeKeepFree=“ и
+„RuntimeMaxFileSize=“ във файла „/etc/systemd/journald.conf“.
+За повече информация прегледайте „journald.conf(5)“ от ръководството.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Съобщенията от някоя услуга не са допуснати
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Някоя услуга генерира прекалено много съобщения за кратък период.
+Част само от нейните съобщения са отхвърляни.
+
+Съобщенията от другите услуги не са засегнати.
+
+Настройките за максималния брой съобщения, които ще се обработят, се
+управляват чрез директивите „RateLimitInterval=“ и „RateLimitBurst=“ във
+файла „/etc/systemd/journald.conf“. За повече информация прегледайте
+„journald.conf(5)“ от ръководството.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Пропуснати журнални съобщения
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Някои от съобщенията на ядрото може и да са пропуснати, защото системата не
+смогваше да ги обработи достатъчно бързо.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Процес № @COREDUMP_PID@ (@COREDUMP_COMM@) запази освободената памет
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Процес № @COREDUMP_PID@ (@COREDUMP_COMM@) заби, представянето му в паметта
+бе запазено.
+
+Най-често това се дължи на грешка в забилата програма и следва да я
+докладвате на създателите на програмата.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Създадена е нова сесия № @SESSION_ID@ за потребителя „@USER_ID@“
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+За потребителя „@USER_ID@“ е създадена нова сесия № @SESSION_ID@.
+
+Водещият процес на сесията е: @LEADER@
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Сесия № @SESSION_ID@ приключи
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Сесия № @SESSION_ID@ приключи работа.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Налично е ново работно място № @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Новото работно място № @SEAT_ID@ е настроено и готово за работа.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Работното място № @SEAT_ID@ е премахнато
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Работното място № @SEAT_ID@ вече не е налично.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Смяна на системното време
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Часовникът на системата е сверен да сочи @REALTIME@ микросекунди след
+1 януари 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Смяна на часовия пояс да е „@TIMEZONE@“
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Часовият пояс на системата е сменен на „@TIMEZONE@“.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Стартирането на системата завърши
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Успешно са стартирали всички услуги, които са посочени за задействане при
+стартиране на системата. Това не означава, че системата бездейства, защото
+някои от услугите може да извършват специфични действия при стартиране.
+
+Стартирането на ядрото отне @KERNEL_USEC@ микросекунди.
+
+Стартирането на RAM диска за първоначално зареждане отне @INITRD_USEC@
+микросекунди.
+
+Стартирането на потребителските програми отне @USERSPACE_USEC@ микросекунди.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Системата е приспана на ниво „@SLEEP@“
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Системата премина в състояние на приспиване „@SLEEP@“.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Системата се събуди след приспиване на ниво„@SLEEP@“
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Системата се събуди от състояние на приспиване „@SLEEP@“.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Започна процедура на спиране на системата
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Започна процедурата на Systemd за спиране на системата. Всички процеси и
+услуги се спират, всички файлови системи се демонтират.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Модул „@UNIT@“ се стартира
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Модулът „@UNIT@“ се стартира в момента
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Модул „@UNIT@“ вече е стартиран
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Стартирането на модул „@UNIT@“ завърши.
+
+Резултатът е: @RESULT@
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Модул „@UNIT@“ се спира
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Модулът „@UNIT@“ се спира в момента.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Модул „@UNIT@“ вече е спрян
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Спирането на модул „@UNIT@“ завърши.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Модулът „@UNIT@“ не успя да стартира
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Модулът „@UNIT@“ не успя да стартира.
+
+Резултатът е: @RESULT@
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Модулът „@UNIT@“ започна презареждане на настройките си
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Модулът „@UNIT@“ започна презареждане на настройките си.
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Модулът „@UNIT@“ завърши презареждането на настройките си
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Модулът „@UNIT@“ завърши презареждането на настройките си.
+
+Резултатът e: @RESULT@
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Програмата „@EXECUTABLE@“ не успя да се стартира
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Програмата „@EXECUTABLE@“ не успя да се стартира.
+
+Върнатият номер на грешка е: @ERRNO@
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Поне едно съобщение не бе препратено към syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Поне едно съобщение не бе препратено към журналната услуга syslog, която
+работи успоредно с journald.
+
+Най-често това указва, че тази реализация на syslog не може да поеме текущия
+обем съобщения.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Точката за монтиране не е празна
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Директорията „@WHERE@“ не е празна.
+
+Тя е указана като точка за монтиране — или като второ поле във файла
+„/etc/fstab“, или чрез директивата „Where=“ в някой от файловете за
+модул на Systemd.
+
+Това не пречи на самото монтиране, но вече съществуващите там файлове и
+директории няма да се виждат повече, освен ако ръчно не монтирате тази
+непразна директория някъде другаде.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Стартирана е виртуална машина или контейнер
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Виртуалната машина „@NAME@“ с идентификатор на водещия процес @LEADER@
+е стартирана и готова за работа.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Спряна е виртуална машина или контейнер
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Виртуалната машина „@NAME@“ с идентификатор на водещия процес @LEADER@
+е спряна.
+
+-- 36db2dfa5a9045e1bd4af5f93e1cf057
+Subject: Режимът DNSSEC е изключен, защото сървърът не го поддържа
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8) resolved.conf(5)
+
+Локалната услуга за имена (systemd-resolved.service) установи, че
+настроения сървър за DNS не поддържа DNSSEC, затова този режим е изключен.
+
+Това се случва, когато директивата „DNSSEC=allow-downgrade“ е включена във
+файла „resolved.conf“ и зададеният сървър за DNS не е съвместим с DNSSEC.
+
+Внимавайте, защото това може да позволи атака, при която трета страна ви
+връща отговори, които да предизвикат понижаването на сигурността от DNSSEC
+до DNS.
+
+Такова събитие означава, че или сървърът за DNS не е съвместим с DNSSEC,
+или някой успешно ви е атакувал за понижаване на сигурността на имената.
+
+-- 1675d7f172174098b1108bf8c7dc8f5d
+Subject: Неуспешна проверка на DNSSEC
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+Заявка или запис в DNS не издържа проверка с DNSSEC.
+
+Това обикновено показва вмешателство на трета страна в канала ви за връзка.
+
+-- 4d4408cfd0d144859184d1e65d7c8a65
+Subject: Анулирана доверена котва в DNSSEC
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+Анулирана е доверена котва за DNSSEC и трябва да настроите нова.
+
+Понякога новата идва с обновяване на системата.
diff --git a/src/grp-journal/catalog/systemd.catalog b/src/grp-journal/catalog/systemd.catalog
new file mode 100644
index 0000000000..90929bca6d
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.catalog
@@ -0,0 +1,334 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+
+# The catalog format is documented on
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: The journal has been started
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The system journal process has started up, opened the journal
+files for writing and is now ready to process requests.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: The journal has been stopped
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The system journal process has shut down and closed all currently
+active journal files.
+
+-- ec387f577b844b8fa948f33cad9a75e6
+Subject: Disk space used by the journal
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@JOURNAL_NAME@ (@JOURNAL_PATH@) is currently using @CURRENT_USE_PRETTY@.
+Maximum allowed usage is set to @MAX_USE_PRETTY@.
+Leaving at least @DISK_KEEP_FREE_PRETTY@ free (of currently available @DISK_AVAILABLE_PRETTY@ of disk space).
+Enforced usage limit is thus @LIMIT_PRETTY@, of which @AVAILABLE_PRETTY@ are still available.
+
+The limits controlling how much disk space is used by the journal may
+be configured with SystemMaxUse=, SystemKeepFree=, SystemMaxFileSize=,
+RuntimeMaxUse=, RuntimeKeepFree=, RuntimeMaxFileSize= settings in
+/etc/systemd/journald.conf. See journald.conf(5) for details.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Messages from a service have been suppressed
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+A service has logged too many messages within a time period. Messages
+from the service have been dropped.
+
+Note that only messages from the service in question have been
+dropped, other services' messages are unaffected.
+
+The limits controlling when messages are dropped may be configured
+with RateLimitIntervalSec= and RateLimitBurst= in
+/etc/systemd/journald.conf. See journald.conf(5) for details.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Journal messages have been missed
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Kernel messages have been lost as the journal system has been unable
+to process them quickly enough.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Process @COREDUMP_PID@ (@COREDUMP_COMM@) dumped core
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Process @COREDUMP_PID@ (@COREDUMP_COMM@) crashed and dumped core.
+
+This usually indicates a programming error in the crashing program and
+should be reported to its vendor as a bug.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1 de
+Subject: Speicherabbild für Prozess @COREDUMP_PID@ (@COREDUMP_COMM) generiert
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Prozess @COREDUMP_PID@ (@COREDUMP_COMM@) ist abgebrochen worden und
+ein Speicherabbild wurde generiert.
+
+Üblicherweise ist dies ein Hinweis auf einen Programmfehler und sollte
+als Fehler dem jeweiligen Hersteller gemeldet werden.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: A new session @SESSION_ID@ has been created for user @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+A new session with the ID @SESSION_ID@ has been created for the user @USER_ID@.
+
+The leading process of the session is @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Session @SESSION_ID@ has been terminated
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+A session with the ID @SESSION_ID@ has been terminated.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: A new seat @SEAT_ID@ is now available
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+A new seat @SEAT_ID@ has been configured and is now available.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Seat @SEAT_ID@ has now been removed
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+A seat @SEAT_ID@ has been removed and is no longer available.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Time change
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The system clock has been changed to @REALTIME@ microseconds after January 1st, 1970.
+
+-- c7a787079b354eaaa9e77b371893cd27 de
+Subject: Zeitänderung
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Die System-Zeit wurde geändert auf @REALTIME@ Mikrosekunden nach dem 1. Januar 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Time zone change to @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The system timezone has been changed to @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: System start-up is now complete
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+All system services necessary queued for starting at boot have been
+successfully started. Note that this does not mean that the machine is
+now idle as services might still be busy with completing start-up.
+
+Kernel start-up required @KERNEL_USEC@ microseconds.
+
+Initial RAM disk start-up required @INITRD_USEC@ microseconds.
+
+Userspace start-up required @USERSPACE_USEC@ microseconds.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: System sleep state @SLEEP@ entered
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The system has now entered the @SLEEP@ sleep state.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: System sleep state @SLEEP@ left
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The system has now left the @SLEEP@ sleep state.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: System shutdown initiated
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemd shutdown has been initiated. The shutdown has now begun and
+all system services are terminated and all file systems unmounted.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Unit @UNIT@ has begun start-up
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Unit @UNIT@ has begun starting up.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Unit @UNIT@ has finished start-up
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Unit @UNIT@ has finished starting up.
+
+The start-up result is @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Unit @UNIT@ has begun shutting down
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Unit @UNIT@ has begun shutting down.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Unit @UNIT@ has finished shutting down
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Unit @UNIT@ has finished shutting down.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Unit @UNIT@ has failed
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Unit @UNIT@ has failed.
+
+The result is @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Unit @UNIT@ has begun reloading its configuration
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Unit @UNIT@ has begun reloading its configuration
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Unit @UNIT@ has finished reloading its configuration
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Unit @UNIT@ has finished reloading its configuration
+
+The result is @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Process @EXECUTABLE@ could not be executed
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The process @EXECUTABLE@ could not be executed and failed.
+
+The error number returned by this process is @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: One or more messages could not be forwarded to syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+One or more messages could not be forwarded to the syslog service
+running side-by-side with journald. This usually indicates that the
+syslog implementation has not been able to keep up with the speed of
+messages queued.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Mount point is not empty
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The directory @WHERE@ is specified as the mount point (second field in
+/etc/fstab or Where= field in systemd unit file) and is not empty.
+This does not interfere with mounting, but the pre-exisiting files in
+this directory become inaccessible. To see those over-mounted files,
+please manually mount the underlying file system to a secondary
+location.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: A virtual machine or container has been started
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The virtual machine @NAME@ with its leader PID @LEADER@ has been
+started is now ready to use.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: A virtual machine or container has been terminated
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+The virtual machine @NAME@ with its leader PID @LEADER@ has been
+shut down.
+
+-- 36db2dfa5a9045e1bd4af5f93e1cf057
+Subject: DNSSEC mode has been turned off, as server doesn't support it
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8) resolved.conf(5)
+
+The resolver service (systemd-resolved.service) has detected that the
+configured DNS server does not support DNSSEC, and DNSSEC validation has been
+turned off as result.
+
+This event will take place if DNSSEC=allow-downgrade is configured in
+resolved.conf and the configured DNS server is incompatible with DNSSEC. Note
+that using this mode permits DNSSEC downgrade attacks, as an attacker might be
+able turn off DNSSEC validation on the system by inserting DNS replies in the
+communication channel that result in a downgrade like this.
+
+This event might be indication that the DNS server is indeed incompatible with
+DNSSEC or that an attacker has successfully managed to stage such a downgrade
+attack.
+
+-- 1675d7f172174098b1108bf8c7dc8f5d
+Subject: DNSSEC validation failed
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+A DNS query or resource record set failed DNSSEC validation. This is usually
+indication that the communication channel used was tampered with.
+
+-- 4d4408cfd0d144859184d1e65d7c8a65
+Subject: A DNSSEC trust anchor has been revoked
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+A DNSSEC trust anchor has been revoked. A new trust anchor has to be
+configured, or the operating system needs to be updated, to provide an updated
+DNSSEC trust anchor.
diff --git a/src/grp-journal/catalog/systemd.da.catalog b/src/grp-journal/catalog/systemd.da.catalog
new file mode 100644
index 0000000000..093e8139da
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.da.catalog
@@ -0,0 +1,261 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Danish translation
+
+# The catalog format is documented on
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Journalen er blevet startet
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+System-journal processen har startet op, åbnet journal filerne for
+tilskrivning og er nu klar til at modtage anmodninger.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Journalen er blevet stoppet
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+System-journal processen er stoppet og har lukket alle aktive journal
+filer.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Beskeder fra en service er blevet undertrykt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+En service har logget for mange beskeder inden for en given tidsperiode.
+Beskeder fra omtalte service er blevet smidt væk.
+
+Kun beskeder fra omtalte service er smidt væk. Beskeder fra andre
+services er ikke påvirket.
+
+Grænsen for hvornår beskeder bliver smidt væk kan konfigureres
+med RateLimitIntervalSec= og RateLimitBurst= i
+/etc/systemd/journald.conf. Se journald.conf(5) for detaljer herom.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Journal beskeder er gået tabt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Kernel beskeder er gået tabt da journal systemet ikke har været i stand
+til at håndtere dem hurtigt nok.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Fejl-fil genereret for process @COREDUMP_PID@ (@COREDUMP_COMM@)
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Process @COREDUMP_PID@ (@COREDUMP_COMM@) har lukket ned og genereret en
+fejl-fil.
+
+Dette indikerer som regel en programmeringsfejl i det nedlukkede program
+og burde blive reporteret som en bug til folkene bag
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: En ny session @SESSION_ID@ er blevet lavet for bruger @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+En ny session med ID @SESSION_ID@ er blevet lavet for brugeren @USER_ID@.
+
+Den ledende process for sessionen er @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Session @SESSION_ID@ er blevet lukket ned
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+En session med ID @SESSION_ID@ er blevet lukket ned.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: En ny arbejdsstation $SEAT_ID@ er nu tilgængelig
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+En ny arbejdsstation @SEAT_ID@ er blevet konfigureret og er nu tilgængelig.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Arbejdsstation @SEAT_ID@ er nu blevet fjernet
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+En arbejdsstation @SEAT_ID@ er blevet fjernet og er ikke længere tilgængelig.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Tidsændring
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemtiden er blevet ændret til @REALTIME@ mikrosekunder efter d. 1. Januar 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Tidszoneændring til @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Tidszonen for systemet er blevet ændret til @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Opstart af systemet er nu fuldført
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Alle system services i kø til at køre ved opstart, er blevet startet
+med success. Bemærk at dette ikke betyder at maskinen er i dvale, da
+services stadig kan være i gang med at færdiggøre deres opstart.
+
+Opstart af kernel tog @KERNEL_USEC@ mikrosekunder.
+
+Opstart af initrd tog @INITRD_USEC@ mikrosekunder.
+
+Opstart af userspace tog @USERSPACE_USEC@ mikrosekunder.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: System slumretilstand @SLEEP@ trådt i kraft
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+System er nu gået i @SLEEP@ slumretilstand.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: System slumretilstand @SLEEP@ forladt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemet har nu forladt @SLEEP@ slumretilstand.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Systemnedlukning påbegyndt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemnedlukning er blevet påbegyndt. Nedlukningen er nu begyndt og
+alle system services er blevet afbrudt og alle filsystemer afmonteret.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Enhed @UNIT@ har påbegyndt opstart
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Enhed @UNIT@ er begyndt at starte op.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Enhed @UNIT har færdiggjort opstart
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Enhed @UNIT@ er færdig med at starte op.
+
+Resultat for opstart er @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Enhed @UNIT@ har påbegyndt nedlukning
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Enhed @UNIT@ har påbegyndt nedlukning.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Enhed @UNIT@ har færdiggjort nedlukning
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Enhed @UNIT@ har færdiggjort nedlukning.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Enhed @UNIT@ har fejlet
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Enhed @UNIT@ har fejlet.
+
+Resultatet er @RESULT@
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Enhed @UNIT@ har påbegyndt genindlæsning af sin konfiguration
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Enhed @UNIT@ er begyndt at genindlæse sin konfiguration
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Enhed @UNIT@ har færdiggjort genindlæsning af sin konfiguration
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Enhed @UNIT@ er færdig med at genindlæse sin konfiguration
+
+Resultatet er: @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Process @EXECUTABLE@ kunne ikke eksekveres
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Processen @EXECUTABLE@ kunne ikke eksekveres og fejlede.
+
+Processens returnerede fejlkode er @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Èn eller flere beskeder kunne ikke videresendes til syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Èn eller flere beskeder kunne ikke videresendes til syslog servicen
+der kører side-om-side med journald. Dette indikerer typisk at syslog
+implementationen ikke har kunnet følge med mængden af ventende beskeder.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Monteringspunkt er ikke tomt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Folderen @WHERE@ er specificeret som monteringspunkt (andet felt i
+/etc/fstab eller Where= feltet i systemd enhedsfil) men er ikke tom.
+Dette forstyrrer ikke monteringen, men de pre-eksisterende filer i folderen
+bliver utilgængelige. For at se de over-monterede filer; montér det
+underlæggende filsystem til en anden lokation.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: En virtuel maskine eller container er blevet startet
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Den virtuelle maskine @NAME@ med dens leder PID @LEADER@ er blevet
+startet og er klar til brug.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: En virtuel maskine eller container er blevet afbrudt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Den virtuelle maskine @NAME@ med dens leder PID @LEADER@ er blevet
+nedlukket.
diff --git a/src/grp-journal/catalog/systemd.fr.catalog b/src/grp-journal/catalog/systemd.fr.catalog
new file mode 100644
index 0000000000..0cea629c31
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.fr.catalog
@@ -0,0 +1,320 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2013-2015 Sylvain Plantefève
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# French translation
+
+# Le format du catalogue de messages est décrit (en anglais) içi :
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Le journal a été démarré
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Le processus du journal système a démarré, ouvert ses fichiers en écriture
+et est prêt à traiter les requêtes.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Le journal a été arrêté
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Le processus du journal système a été arrêté et tous ses fichiers actifs
+ont été fermés.
+
+-- ec387f577b844b8fa948f33cad9a75e6
+Subject: Espace disque utilisé par le journal
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+@JOURNAL_NAME@ (@JOURNAL_PATH@) utilise actuellement @CURRENT_USE_PRETTY@.
+Le maximum autorisé est défini à @MAX_USE_PRETTY@.
+Au moins @DISK_KEEP_FREE_PRETTY@ doivent être laissés libres
+(sur @DISK_AVAILABLE_PRETTY@ d'espace disque actuellement libre).
+La limite appliquée est donc @LIMIT_PRETTY@, dont @AVAILABLE_PRETTY@
+sont toujours disponibles.
+
+Les limites définissant la quantité d'espace disque que peut utiliser le
+journal peuvent être configurées avec les paramètres SystemMaxUse=,
+SystemKeepFree=, SystemMaxFileSize=, RuntimeMaxUse=, RuntimeKeepFree=,
+RuntimeMaxFileSize= dans le fichier /etc/systemd/journald.conf.
+Voir journald.conf(5) pour plus de détails.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Des messages d'un service ont été supprimés
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Un service a essayé d'enregistrer un trop grand nombre de messages sur un
+intervalle de temps donné. Des messages de ce service ont été évincés.
+
+Notez que seuls des messages de ce service ont été évincés, les messages des
+autres services ne sont pas affectés.
+
+Les limites définissant ce comportement peuvent être configurées avec les
+paramètres RateLimitIntervalSec= et RateLimitBurst= dans le fichier
+/etc/systemd/journald.conf. Voir journald.conf(5) pour plus de détails.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Des messages du journal ont été manqués
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Des messages du noyau ont été manqués car le journal système n'a pas été
+capable de les traiter suffisamment vite.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Le processus @COREDUMP_PID@ (@COREDUMP_COMM@) a généré un fichier « core »
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Le processus @COREDUMP_PID@ (@COREDUMP_COMM@) a planté et généré un fichier « core ».
+
+Cela indique généralement une erreur de programmation dans le programme
+incriminé, et cela devrait être notifié à son concepteur comme un défaut (bug).
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Une nouvelle session @SESSION_ID@ a été créée pour l'utilisateur @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Une nouvelle session a été créée pour l'utilisateur @USER_ID@ avec
+l'identifiant (ID) @SESSION_ID@.
+
+Le processus maître de la session est @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: La session @SESSION_ID@ s'est terminée
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+La session d'identifiant (ID) @SESSION_ID@ s'est terminée.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Un nouveau poste (seat) @SEAT_ID@ est disponible
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Un nouveau poste (seat) @SEAT_ID@ a été configuré et est maintenant
+disponible.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Le poste (seat) @SEAT_ID@ a été retiré
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Le poste (seat) @SEAT_ID@ a été retiré et n'est plus disponible.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Changement d'heure
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'horloge système a été modifiée et positionnée à @REALTIME@ microsecondes
+après le 1er janvier 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Fuseau horaire modifié en @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Le fuseau horaire du système a été modifié et positionné à @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Le démarrage du système est terminé
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Tous les services nécessaires au démarrage du système ont été lancés avec
+succès. Notez que cela ne signifie pas que le système est maintenant au
+repos, car des services peuvent encore être en train de terminer leur
+démarrage.
+
+Le chargement du noyau a nécessité @KERNEL_USEC@ microsecondes.
+
+Le chargement du « RAM disk » initial a nécessité @INITRD_USEC@ microsecondes.
+
+Le chargement de l'espace utilisateur a nécessité @USERSPACE_USEC@ microsecondes.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Le système entre dans l'état de repos (sleep state) @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Le système est maintenant à l'état de repos (sleep state) @SLEEP@.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Le système sorti de l'état de repos (sleep state) @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Le système est maintenant sorti de l'état de repos (sleep state) @SLEEP@.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Arrêt du système amorcé
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'arrêt du système a été amorcé. L'arrêt a maintenant commencé, tous les
+services du système sont terminés et tous les systèmes de fichiers sont
+démontés.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: L'unité (unit) @UNIT@ a commencé à démarrer
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unité (unit) @UNIT@ a commencé à démarrer.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: L'unité (unit) @UNIT@ a terminé son démarrage
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unité (unit) @UNIT@ a terminé son démarrage, avec le résultat @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: L'unité (unit) @UNIT@ a commencé à s'arrêter
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unité (unit) @UNIT@ a commencé à s'arrêter.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: L'unité (unit) @UNIT@ a terminé son arrêt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unité (unit) @UNIT@ a terminé son arrêt.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: L'unité (unit) @UNIT@ a échoué
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unité (unit) @UNIT@ a échoué, avec le résultat @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: L'unité (unit) @UNIT@ a commencé à recharger sa configuration
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unité (unit) @UNIT@ a commencé à recharger sa configuration.
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: L'unité (unit) @UNIT@ a terminé de recharger configuration
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unité (unit) @UNIT@ a terminé de recharger configuration,
+avec le résultat @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Le processus @EXECUTABLE@ n'a pas pu être exécuté
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Le processus @EXECUTABLE@ n'a pas pu être exécuté, et a donc échoué.
+
+Le code d'erreur renvoyé est @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Un ou plusieurs messages n'ont pas pu être transmis à syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Un ou plusieurs messages n'ont pas pu être transmis au service syslog
+s'exécutant conjointement avec journald. Cela indique généralement que
+l'implémentation de syslog utilisée n'a pas été capable de suivre
+la cadence du flux de messages.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Le point de montage n'est pas vide
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Le répertoire @WHERE@ est spécifié comme point de montage (second champ du
+fichier /etc/fstab, ou champ Where= dans une unité (unit) systemd) et n'est
+pas vide.
+Cela ne perturbe pas le montage du système de fichiers, mais les fichiers
+préalablement présents dans ce répertoire sont devenus inaccessibles.
+Pour atteindre ces fichiers, veuillez monter manuellement le système de
+fichiers sous-jacent à un autre emplacement.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Une machine virtuelle ou un conteneur (container) a été démarré
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+La machine virtuelle @NAME@ a été démarrée avec le PID maître @LEADER@,
+et est maintenant prête à l'emploi.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Une machine virtuelle ou un conteneur (container) a été arrêté
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+La machine virtuelle @NAME@ avec le PID maître @LEADER@ a été arrêtée.
+
+-- 36db2dfa5a9045e1bd4af5f93e1cf057
+Subject: Le mode DNSSEC a été désactivé, car il n'est pas supporté par le serveur
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8) resolved.conf(5)
+
+Le service de résolution (systemd-resolved.service) a détecté que le serveur
+DNS configuré ne supporte pas DNSSEC, et la validation DNSSEC a donc été
+désactivée.
+
+Cet évènement se produit si DNSSEC=allow-downgrade est configuré dans
+resolved.conf et que le serveur DNS configuré n'est pas compatible avec
+DNSSEC.
+Veuillez noter que ce mode permet des attaques de rétrogradation DNSSEC,
+car un attaquant peut être capable de désactiver la validation DNSSEC sur
+le système en injectant des réponses DNS dans le canal de communication.
+
+Cet évènement indique que le serveur DNS est effectivement incompatible avec
+DNSSEC, ou qu'un attaquant a peut-être conduit une telle attaque avec succès.
+
+-- 1675d7f172174098b1108bf8c7dc8f5d
+Subject: La validation DNSSEC a échoué
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+Une requête ou une ressource DNS n'a pas passé la validation DNSSEC.
+Ceci est généralement une indication que le canal de communication a été
+altéré.
+
+-- 4d4408cfd0d144859184d1e65d7c8a65
+Subject: Une ancre de confiance DNSSEC a été révoquée
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+Une ancre de confiance DNSSEC a été révoquée. Une nouvelle ancre de
+confiance doit être configurée, ou le système d'exploitation a besoin
+d'être mis à jour, pour fournir une version à jour de l'ancre de confiance.
diff --git a/src/grp-journal/catalog/systemd.hr.catalog b/src/grp-journal/catalog/systemd.hr.catalog
new file mode 100644
index 0000000000..350988dd87
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.hr.catalog
@@ -0,0 +1,314 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Croatian translation
+
+# Format kataloga je dokumentiran na
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# Za pojašnjenje zašto ovo radimo, posjetite https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: journal je pokrenut
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Journal proces sustava se pokrenuo, otvorio je journal
+ datoteke za upis i spreman je za obradu zahtjeva.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: journal je zaustavljen
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Journal proces sustava je isključio i zatvorio sve trenutno
+aktivne journal datoteke.
+
+-- ec387f577b844b8fa948f33cad9a75e6
+Subject: Diskovni prostor koji koristi journal
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@JOURNAL_NAME@ (@JOURNAL_PATH@) trenutno koristi @CURRENT_USE_PRETTY@.
+Najveća dopuštena upotreba je postavljena na @MAX_USE_PRETTY@.
+Ostavljam najmanje @DISK_KEEP_FREE_PRETTY@ slobodno (trenutno dostupno @DISK_AVAILABLE_PRETTY@ diskovnog prostora).
+Prisilno ograničenje upotrebe je @LIMIT_PRETTY@, od kojeg je @AVAILABLE_PRETTY@ još dostupno.
+
+Ograničenja kontroliraju koliko diskovnog prostora koristi journal mogu
+se podesiti sa SystemMaxUse=, SystemKeepFree=, SystemMaxFileSize=,
+RuntimeMaxUse=, RuntimeKeepFree=, RuntimeMaxFileSize= settings u
+/etc/systemd/journald.conf. Pogledajte journald.conf(5) za više pojedinosti.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Poruka iz usluge je potisnuta
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Usluga je prijavila previše poruka u određenom vremenskom razdoblju. Poruke
+iz usluge su odbačene.
+
+Zapamtite da samo poruke iz usluge u upitu su
+odbačene, ostale poruke usluga nisu zahvaćene.
+
+Ograničenja koja kontroliraju kada je poruka odbačena mogu se podesiti
+sa RateLimitIntervalSec= i RateLimitBurst= u
+/etc/systemd/journald.conf. Pogledajte journald.conf(5) za više pojedinosti.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Journal poruka je propuštena
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Kernel poruka je izgubljena zato jer ih journal sustav nije mogao
+dovoljno brzo obraditi.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Proces @COREDUMP_PID@ (@COREDUMP_COMM@) je izbacio jezgru
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Proces @COREDUMP_PID@ (@COREDUMP_COMM@) se srušio i izbacio jezgru.
+
+Rušenje programa je uobičajeno uzrokovano greškom u programiranju i
+trebalo bi se prijaviti razvijatelju kao greška.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Nova sesija @SESSION_ID@ je stvorena za korisnika @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Nova sesija sa ID @SESSION_ID@ je stvorena za korisnika @USER_ID@.
+
+Glavni proces sesije je @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Sesija @SESSION_ID@ je prekinuta
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Sesija sa ID @SESSION_ID@ je prekinuta.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Novo sjedište @SEAT_ID@ je sada dostupno
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Novo sjedište @SEAT_ID@ je podešeno i sada je dostupno.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Sjedište @SEAT_ID@ je sada uklonjeno
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Sjedište @SEAT_ID@ je uklonjeno i više nije dostupno.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Vrijeme promjene
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Sat sustava je promijenjen na @REALTIME@ microsekundi nakon 1. Siječnja, 1970 godine.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Vremenska zona je promijenjena u @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Vremenska zona je promijenjena u @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Pokretanje sustava je sada završeno
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Sve usluge sustava koje su zadane za pokretanje pri pokretanju sustava
+su uspješno pokrenute. Zapamtite da ovo ne znači da sada računalo
+miruje zato jer se neke usluge još uvijek mogu pokretati.
+
+Pokretanje kernela zahtijeva @KERNEL_USEC@ mikrosekundi.
+
+Pokretanje početnog RAM diska zahtijeva @INITRD_USEC@ mikrosekundi.
+
+Pokretanje prostora korisnika zahtijeva @USERSPACE_USEC@ mikrosekundi.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Pokrenuto je stanje spavanja @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Sustav je sada pokrenuo stanje spavanja @SLEEP@
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Završeno je stanje spavanja @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Sustav je sada završio stanje spavanja @SLEEP@
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Pokrenuto je isključivanje sustava
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Pokrenuto je isključivanje sustava. Isključivanje je sada pokrenuto,
+sve usluge sustava su prekinute i svi datotečni sustavi su odmontirani.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Jedinica @UNIT@ je započela pokretanje
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedinica @UNIT@ je započela pokretanje.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Jedinica @UNIT@ je završila pokretanje
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedinica @UNIT@ je završila pokretanje.
+
+Rezultat pokretanja je @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Jedinica @UNIT@ je započela isključivanje
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedinica @UNIT@ je započela isključivanje.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Jedinica @UNIT@ je završila isključivanje
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedinica @UNIT@ je završila isključivanje.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Jedinica @UNIT@ nije uspjela
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedinica @UNIT@ nije uspjela.
+
+Rezultat je @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Jedinica @UNIT@ je započela ponovno učitavati podešavanja
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedinica @UNIT@ je započela ponovno učitavati podešavanja
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Jedinica @UNIT@ je završila ponovno učitavati podešavanja
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedinica @UNIT@ je završila ponovno učitavati podešavanja
+
+Rezultat je @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Proces @EXECUTABLE@ se ne može pokrenuti
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Proces @EXECUTABLE@ se ne može pokrenuti i nije uspio.
+
+Broj greške vraćen ovim procesom je @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Jedna ili više poruka se ne mogu proslijediti u dnevnik sustava
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jedna ili više poruka se ne mogu proslijediti u dnevnik sustava, usluge
+su pokrenute istovremeno s journalom. Ovo uobičajeno označava da
+implementacija dnevnika sustava ne može slijediti brzinu
+zahtjeva poruka.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Točka montiranja nije prazna
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Direktorij @WHERE@ je određen za točku montiranja (drugi redak u
+/etc/fstab ili Where= redak u datoteci systemd jedinice) i nije prazan.
+To ne utječe na montiranje, ali postojeće datoteke u ovom direktoriju
+postaju nedostupne. Kako bi vidjeli datoteke preko kojih je montirano,
+ručno montirajte osnovni datotečni sustav na drugu lokaciju.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Virtualni stroj ili spremnik su pokrenuti
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Virtualni stroj @NAME@ sa vodećim @LEADER@ PID-om je
+pokrenut i spreman je za korištenje.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Virtualni stroj ili spremnik su isključeni
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Virtualni stroj @NAME@ sa vodećim PID-om @LEADER@ je
+isključen.
+
+-- 36db2dfa5a9045e1bd4af5f93e1cf057
+Subject: DNSSEC način je isključen, jer ga poslužitelj ne podržava
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8) resolved.conf(5)
+
+Usluga razrješavanja (systemd-resolved.service) je otkrila da
+podešeni DNS poslužitelj ne podržava DNSSEC, i DNSSEC, kao rezultat
+provjera je isključena.
+
+Ovaj događaj će zauzeti mjesto ako je DNSSEC=allow-downgrade podešen u
+resolved.conf i podešeni DNS poslužitelj je nekompatibilan s DNSSEC. Zapamtite
+da korištenje ovog načina dopušta povećanje DNSSEC napada, napadač bi mogao
+isključiti DNSSEC provjeru na sustavu umetanjem DNS odgovora u
+komunikacijski kanal što rezultira povećanjem napada poput ovog.
+
+Ovaj događaj bi mogao označavati da je DNS poslužitelj uistinu nekompatibilan s
+DNSSEC ili da je napadač uspješno izvršio takav napad.
+
+-- 1675d7f172174098b1108bf8c7dc8f5d
+Subject: DNSSEC provjera neuspješna
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+DNS zahtjev ili snimak resursa nije prošao DNSSEC provjeru. To uobičajeno
+označava da je komunikacijski kanal mijenjan.
+
+-- 4d4408cfd0d144859184d1e65d7c8a65
+Subject: DNSSEC pouzdano sidro je opozvano
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+A DNSSEC trust anchor has been revoked. A new trust anchor has to be
+configured, or the operating system needs to be updated, to provide an updated
+DNSSEC trust anchor.
diff --git a/src/grp-journal/catalog/systemd.hu.catalog b/src/grp-journal/catalog/systemd.hu.catalog
new file mode 100644
index 0000000000..68e8c2572e
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.hu.catalog
@@ -0,0 +1,262 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2016 Gabor Kelemen
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+
+# The catalog format is documented on
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: A napló elindult
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A rendszernapló folyamat elindult, megnyitotta írásra a naplófájlokat,
+és most készen áll kérések feldolgozására.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: A napló leállt
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A rendszernapló folyamat leállt, és bezárt minden jelenleg aktív naplófájlt.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Egy szolgáltatás üzenetei elnémítva
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Egy szolgáltatás túl sok üzenetet naplózott adott idő alatt. A 
+szolgáltatástól származó üzenetek eldobásra kerültek.
+
+Ne feledje, hogy csak a kérdéses szolgáltatás üzenetei kerültek eldobásra,
+ más szolgáltatások üzeneteit ez nem befolyásolja. 
+
+Az üzenetek eldobását vezérlő korlátok az /etc/systemd/journald.conf
+RateLimitIntervalSec= és RateLimitBurst= beállításaival adhatók meg.
+Részletekért lásd a journald.conf(5) man oldalt.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Naplóüzenetek vesztek el
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Kernelüzenetek vesztek el, mert a naplózó rendszer nem tudta elég gyorsan
+feldolgozni azokat.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Egy folyamat összeomlott: @COREDUMP_PID@ (@COREDUMP_COMM@)
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Ez a folyamat: @COREDUMP_PID@ (@COREDUMP_COMM@) összeomlott, és core fájlt
+ írt ki.
+
+Ez általában programozási hibát jelez az összeomló programban, és 
+a szállítója felé kell bejelenteni.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Új munkamenet (@SESSION_ID@) létrehozva, felhasználója: @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Létrejött egy új munkamenet @SESSION_ID@ azonosítóval ezen felhasználóhoz:
+@USER_ID@.
+
+A munkamenet vezető folyamata: @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Munkamenet (@SESSION_ID@) befejezve
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+A következő azonosítójú munkamenet befejeződött: @SESSION_ID@.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Elérhető egy új munkaállomás: @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Beállításra kerül és használható egy új munkaállomás: @SEAT_ID@.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: A munkaállomás eltávolítva: @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+A munkaállomás el lett távolítva, és már nem érhető el: @SEAT_ID@
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Időmódosítás
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A rendszeróra beállítva @REALTIME@ ezredmásodpercre 1970. január 1. után.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Időzóna-módosítás erre: @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A rendszer időzónája módosítva lett erre: @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: A rendszer indítása kész
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A rendszerindításkor szükséges indításhoz sorba állított összes 
+rendszerszolgáltatás elindult. Ne feledje, hogy ez nem jelenti, hogy a 
+gép üresjáratban van, mivel egyes szolgáltatások még az indítás 
+befejezésével lehetnek elfoglalva.
+
+A kernel indítása @KERNEL_USEC@ ezredmásodpercet igényelt.
+
+A kiinduló RAM lemez indítása @INITRD_USEC@ ezredmásodpercet igényelt.
+
+A felhasználói programok indítása @USERSPACE_USEC@ ezredmásodpercet igényelt.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: A rendszer „@SLEEP@” alvási állapotba lépett
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A rendszer belépett ebbe az alvási állapotba: @SLEEP@.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: A rendszer „@SLEEP@” alvási állapotból kilépett
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A rendszer kilépett ebből az alvási állapotból: @SLEEP@.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Rendszer leállítása kezdeményezve
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A systemd leállítása kezdeményezve. A leállítás megkezdődött, minden
+rendszerszolgáltatás befejeződik, minden fájlrendszer leválasztásra kerül.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: A(z) @UNIT@ egység indítása megkezdődött
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @UNIT@ egység megkezdte az indulást.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: A(z) @UNIT@ egység befejezte az indulást
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @UNIT@ egység befejezte az indulást
+
+Az indítás eredménye: @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: A(z) @UNIT@ egység megkezdte a leállást
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @UNIT@ egység megkezdte a leállást.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: A(z) @UNIT@ egység befejezte a leállást
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @UNIT@ egység befejezte a leállást.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: A(z) @UNIT@ egység hibát jelzett
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @UNIT@ egység hibát jelzett.
+
+Az eredmény: @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: A(z) @UNIT@ egység megkezdte a beállításainak újratöltését
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @UNIT@ egység megkezdte a beállításainak újratöltését.
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: A(z) @UNIT@ egység befejezte a beállításainak újratöltését
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @UNIT@ egység befejezte a beállításainak újratöltését.
+
+Az eredmény: @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: A folyamat végrehajtása sikertelen: @EXECUTABLE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A folyamat végrehajtása sikertelen volt, és hibát jelzett: @EXECUTABLE@.
+
+A folyamat által visszaadott hibaszám: @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Legalább egy üzenet nem továbbítható a rendszernaplónak
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Legalább egy üzenet nem volt továbbítható a journald-vel párhuzamosan futó
+syslog szolgáltatásnak. Ez általában azt jelenti, hogy a syslog
+megvalósítás nem volt képes lépést tartani a sorba állított
+üzenetek sebességével.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: A csatolási pont nem üres
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A csatolási pontként megadott @WHERE@ könyvtár (második mező az /etc/fstab
+fájlban, vagy a Where= sor a systemd egységfájlban) nem üres. Ez nem
+akadályozza meg a csatolást, de a könyvtárban már meglévő fájlok
+elérhetetlenné válnak. A fájlok láthatóvá tételéhez csatolja
+az azokat tartalmazó fájlrendszert egy másodlagos helyre. 
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Egy virtuális gép vagy konténer elindult
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @NAME@ nevű virtuális gép (vezető PID: @LEADER@) elindult, és 
+használatra kész.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Egy virtuális gép vagy konténer befejeződött
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A(z) @NAME@ nevű virtuális gép (vezető PID: @LEADER@) leállt.
diff --git a/src/grp-journal/catalog/systemd.it.catalog b/src/grp-journal/catalog/systemd.it.catalog
new file mode 100644
index 0000000000..b6fca48221
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.it.catalog
@@ -0,0 +1,254 @@
+#  This file is part of systemd.
+#
+#  Copyright 2013 Daniele Medri
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Il registro è stato avviato
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Il processo relativo al registro di sistema è stato avviato, ha aperto i
+file in scrittura ed è ora pronto a gestire richieste.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Il registro è stato terminato
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Il processo relativo al registro di sistema è stato terminato e ha chiuso
+tutti i file attivi.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: I messaggi di un servizio sono stati soppressi
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Un servizio ha registrato troppi messaggi in un dato periodo di tempo.
+I messaggi del servizio sono stati eliminati.
+
+Solo i messaggi del servizio indicato sono stati
+eliminati, i messaggi degli altri servizi rimangono invariati.
+
+I limiti oltre i quali i messaggi si eliminano si configurano
+con RateLimitIntervalSec= e RateLimitBurst= in
+/etc/systemd/journald.conf. Vedi journald.conf(5) per maggiori informazioni.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: I messaggi di un servizio sono stati perduti
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+I messaggi del kernel sono stati perduti perché, il registro di sistema
+non è stato in grado di gestirli abbastanza velocemente.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Il processo @COREDUMP_PID@ (@COREDUMP_COMM@) ha generato un dump.
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Il processo @COREDUMP_PID@ (@COREDUMP_COMM@) si è bloccato generando un dump.
+
+Questo di solito capita per un errore di programmazione nell'applicazione e
+dovrebbe essere segnalato al vendor come un bug.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: La nuova sessione @SESSION_ID@ è stata creata per l'utente @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Una nuova sessione con ID @SESSION_ID@ è stata creata per l'utente @USER_ID@.
+
+Il processo primario della sessione è @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: La sessione @SESSION_ID@ è terminata
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+La sessione con ID @SESSION_ID@ è terminata.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: La nuova postazione @SEAT_ID@ è ora disponibile
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+La nuova postazione @SEAT_ID@ è stata configurata ed è ora disponibile.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: La postazione @SEAT_ID@ è stata rimossa
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+La postazione @SEAT_ID@ è stata rimossa e non è più disponibile.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Cambio d'orario
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'orologio di sistema è cambiato in @REALTIME@ microsecondi dal 1 gennaio, 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Il fuso orario è cambiato in @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Il fuso orario di sistema è cambiato in @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Avvio del sistema completato.
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Tutti i servizi di sistema richiesti per la fase di avvio sono stati eseguiti
+con successo. Nota che la macchina potrebbe non essere ancora pronta in quanto
+i servizi attivati sono in fase di completamento.
+
+L'avvio del kernel ha richiesto @KERNEL_USEC@ microsecondi.
+
+L'avvio del disco RAM ha richiesto @INITRD_USEC@ microsecondi.
+
+L'avvio dello userspace ha richiesto @USERSPACE_USEC@ microsecondi.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Il sistema è entrato in fase di pausa @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Il sistema è entrato nello stato di pausa @SLEEP@.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Il sistema è uscito dalla fase di pausa @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Il sistema è uscito dallo stato di pausa @SLEEP@.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Il sistema è in fase di spegnimento
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemd è in fase di spegnimento. Tutti i servizi di sistema
+saranno terminati e tutti i file systems smontati.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: L'unità @UNIT@ inizia la fase di avvio
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unità @UNIT@ ha iniziato la fase di avvio.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: L'unità @UNIT@ termina la fase di avvio
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unità @UNIT@ ha terminato la fase di avvio.
+
+La fase di avvio è @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: L'unità @UNIT@ inizia la fase di spegnimento
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unità @UNIT@ ha iniziato la fase di spegnimento.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: L'unità @UNIT@ termina la fase di spegnimento
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unità @UNIT@ ha terminato la fase di spegnimento.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: L'unità @UNIT@ è fallita
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unità @UNIT@ è fallita.
+
+Il risultato è @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: L'unità @UNIT@ inizia a caricare la propria configurazione
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unità @UNIT@ è iniziata ricaricando la propria configurazione
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: L'unità @UNIT@ termina il caricamento della propria configurazione
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+L'unità @UNIT@ è terminata ricaricando la propria configurazione
+
+Il risultato è @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Il processo @EXECUTABLE@ non può essere eseguito
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Il processo @EXECUTABLE@ non può essere eseguito e termina.
+
+Il numero di errore restituito durante l'esecuzione del processo è @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Uno o più messaggi non possono essere inoltrati a syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Uno o più messaggi non possono essere inviati al servizio syslog
+eseguito in parallelo a journald. Questo di solito capita perché,
+l'implementazione di syslog non sta al passo con la
+velocità dei messaggi accodati.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Il punto di montaggio non è vuoto
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+La directory @WHERE@ è specificata come punto di montaggio (secondo campo
+in /etc/fstab o nel campo Where= del file unità di systemd) e non è vuoto.
+Questo non interferisce con il montaggio, ma i file pre-esistenti in questa
+directory diventano inaccessibili. Per visualizzare i file, si suggerisce
+di montare manualmente il file system indicato in una posizione secondaria.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Avviata macchina virtuale o container
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+La macchina virtuale @NAME@ con PID primario @LEADER@ è stata
+avviata ed è pronta all'uso.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Terminata macchina virtuale o container
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+La macchina virtuale @NAME@ con PID primario @LEADER@ è stata spenta.
diff --git a/src/grp-journal/catalog/systemd.ko.catalog b/src/grp-journal/catalog/systemd.ko.catalog
new file mode 100644
index 0000000000..2fc6b60b1b
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.ko.catalog
@@ -0,0 +1,264 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Korean translation
+
+# The catalog format is documented on
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+#
+# Translator :
+#     Seong-ho Cho <darkcircle.0426@gmail.com>, 2015.
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: 저널 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 저널 프로세스를 시작했고 기록목적으로 저널 파일을 열었으며,
+프로세스 요청을 기다리고 있습니다.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: 저널 멈춤
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 저널 프로세스를 껐고 현재 활성화 중인 저널 파일을 모두
+닫았습니다.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: 서비스의 메시지를 거절함
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+일정 시간동안 서비스에서 너무 많은 메시지를 기록했습니다.
+서비스에서 오는 메시지를 거절했습니다.
+
+의문점이 있는 서비스로부터 오는 메시지만 거절했음을 참고하십시오
+다른 서비스의 메시지에는 영향을 주지 않습니다.
+
+메시지 거절 제어 제한 값은 /etc/systemd/journald.conf 의
+RateLimitIntervalSec= 변수와 RateLimitBurst= 변수로 설정합니다.
+자세한 내용은 ournald.conf(5)를 살펴보십시오.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: 저널 메시지 놓침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+저널 시스템에서 커널 메시지를 충분히 빠르게 처리할 수 없어 커널
+ 메시지를 잃었습니다.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: 프로세스 @COREDUMP_PID@번 코어 덤프(@COREDUMP_COMM@) 생성함
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+프로세스 @COREDUMP_PID@번 (@COREDUMP_COMM@)이 비정상적으로 끝나
+코어 덤프를 생성했습니다.
+
+보통 비정상 종료 관리 프로그램에서 프로그래밍 오류를 나타내며,
+제작자에게 버그로 보고해야합니다.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: @USER_ID@ 사용자의 새 @SESSION_ID@ 세션 만듦
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+@USER_ID@ 사용자의 새 @SESSION_ID@ 세션을 만들었습니다.
+
+이 세션의 관리 프로세스는 @LEADER@ 입니다.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: @SESSION_ID@ 세션 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+@SESSION_ID@ 세션을 끝냈습니다.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: 새 @SEAT_ID@ 시트 사용할 수 있음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+새 @SEAT_ID@ 시트를 설정했고 사용할 수 있습니다.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: @SEAT_ID@ 시트 제거함
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+@SEAT_ID@ 시트를 제거했으며 더이상 사용할 수 없습니다.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: 시간 바꿈
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 시계를 1970년 1월 1일 이후로 @REALTIME@ 마이크로초 지난 값으로
+설정했습니다.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: @TIMEZONE@ 시간대로 시간대 바꿈
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+시스템 시간대를 @TIMEZONE@ 시간대로 바꾸었습니다.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: 시스템 시동 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+부팅 과정에 시작하려고 준비한 모든 시스템 서비스를 성공적으로
+ 시작했습니다. 머신이 서비스처럼 대기중이라는 의미는 아니며
+지동을 완전히 마칠 때까지 사용중일 수도 있는 점 참고하십시오.
+
+커널 시동에 @KERNEL_USEC@ 마이크로초가 걸립니다.
+
+초기 램 디스크 시동에 @INITRD_USEC@ 마이크로초가 걸립니다.
+
+사용자 영역 시동에 @USERSPACE_USEC@ 마이크로초가 걸립니다.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: @SLEEP@ 대기 상태 진입
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@SLEEP@ 대기 상태로 진입했습니다.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: @SLEEP@ 대기 상태 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@SLEEP@ 대기 상태를 마쳤습니다.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: 컴퓨터 끄기 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+컴퓨터 끄기 동작을 시작했습니다. 모든 시스템 동작을 멈추고
+모든 파일 시스템의 마운트를 해제합니다.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: @UNIT@ 유닛 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛을 시작했습니다.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: @UNIT@ 유닛 시동 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 시동을 마쳤습니다.
+
+시동 결과는 @RESULT@ 입니다.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: @UNIT@ 유닛 끝내기 동작 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 끝내기 동작을 시작했습니다.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: @UNIT@ 유닛 끝내기 동작 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 끝내기 동작을 마쳤습니다.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: @UNIT@ 유닛 동작 실패
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛 동작에 실패했습니다.
+
+결과는 @RESULT@ 입니다.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: @UNIT@ 유닛 설정 다시 읽기 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛의 설정 다시 읽기를 시작했습니다
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: @UNIT@ 유닛 설정 다시 읽기 완료
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 유닛의 설정 다시 읽기 동작을 끝냈습니다.
+
+결과는 @RESULT@ 입니다.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: @EXECUTABLE@ 프로세스 시작할 수 없음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@EXECUTABLE@ 프로세스를 시작할 수 없어 실행에 실패했습니다.
+
+이 프로세스에서 반환한 오류 번호는 @ERRNO@번 입니다.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: 하나 이상의 메시지를 syslog에 전달할 수 없음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+journald 서비스와 동시에 실행중인 syslog 서비스에 하나 이상의 메시지를
+전달할 수 없습니다. 보통 순차적으로 오는 메시지의 속도를 syslog 구현체가
+따라가지 못함을 의미합니다.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: 마운트 지점 비어있지 않음
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@WHERE@ 디렉터리를 마운트 지점으로 지정했으며 (/etc/fstab 파일의
+ 두번째 필드 또는 systemd 유닛 파일의 Where= 필드) 비어있지 않습니다.
+마운트 과정에 방해가 되진 않지만 이전에 이 디렉터리에 존재하는 파일에
+ 접근할 수 없게 됩니다. 중복으로 마운트한 파일을 보려면, 근본 파일
+시스템의 다음 위치에 직접 마운트하십시오.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: 가상 머신 또는 컨테이너 시작
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@LEADER@ 프로세스 ID로 동작하는 @NAME@ 가상 머신을 시작했으며,
+이제부터 사용할 수 있습니다.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: 가상 머신 또는 컨테이너 마침
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@LEADER@ 프로세스 ID로 동작하는 @NAME@ 가상 머신을 껐습니다.
diff --git a/src/grp-journal/catalog/systemd.pl.catalog b/src/grp-journal/catalog/systemd.pl.catalog
new file mode 100644
index 0000000000..d8059e93cd
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.pl.catalog
@@ -0,0 +1,315 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2014, 2015, 2016 Piotr Drąg
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Polish translation
+
+# The catalog format is documented on
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Uruchomiono dziennik
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemowy proces dziennika został uruchomiony, otworzył pliki dziennika do
+zapisu i jest gotowy do przetwarzania żądań.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Zatrzymano dziennik
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemowy proces dziennika został wyłączony i zamknął wszystkie obecnie
+aktywne pliki dziennika.
+
+-- ec387f577b844b8fa948f33cad9a75e6
+Subject: Miejsce na dysku używane przez dziennik
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@JOURNAL_NAME@ (@JOURNAL_PATH@) obecnie używa @CURRENT_USE_PRETTY@.
+Maksymalnie może używać @MAX_USE_PRETTY@.
+Zostawianie co najmniej @DISK_KEEP_FREE_PRETTY@ wolnego (z obecnie dostępnego @DISK_AVAILABLE_PRETTY@ miejsca na dysku).
+Wymuszone ograniczenie użycia wynosi więc @LIMIT_PRETTY@, z czego @AVAILABLE_PRETTY@ jest nadal dostępne.
+
+Ograniczenia kontrolujące ilość miejsca na dysku używanego przez dziennik
+można konfigurować za pomocą ustawień SystemMaxUse=, SystemKeepFree=,
+SystemMaxFileSize=, RuntimeMaxUse=, RuntimeKeepFree=, RuntimeMaxFileSize=
+w pliku /etc/systemd/journald.conf. Strona journald.conf(5) zawiera więcej
+informacji.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Ograniczono komunikaty z usługi
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Usługa zapisała za dużo komunikatów w określonym czasie. Komunikaty z usługi
+zostały pominięte.
+
+Proszę zauważyć, że tylko komunikaty z danej usługi zostały pominięte. Nie ma
+to wpływu na komunikaty innych usług.
+
+Ograniczenia kontrolujące pomijanie komunikatów mogą być konfigurowane
+za pomocą opcji RateLimitIntervalSec= i RateLimitBurst= w pliku
+/etc/systemd/journald.conf. Strona journald.conf(5) zawiera więcej informacji.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Utracono komunikaty dziennika
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Komunikaty jądra zostały utracone, ponieważ system dziennika nie mógł
+przetworzyć ich odpowiednio szybko.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Proces @COREDUMP_PID@ (@COREDUMP_COMM@) zrzucił plik core
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Proces @COREDUMP_PID@ (@COREDUMP_COMM@) uległ awarii i zrzucił plik core.
+
+Zwykle wskazuje to na błąd programistyczny w danym programie i powinno zostać
+zgłoszone jego producentowi jako błąd.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Utworzono nową sesję @SESSION_ID@ dla użytkownika @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Nowa sesja o identyfikatorze @SESSION_ID@ została utworzona dla użytkownika
+@USER_ID@.
+
+Proces prowadzący sesji: @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Zakończono sesję @SESSION_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Sesja o identyfikatorze @SESSION_ID@ została zakończona.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Dostępne jest nowe stanowisko @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Nowe stanowisko @SEAT_ID@ zostało skonfigurowane i jest teraz dostępne.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Usunięto stanowisko @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Stanowisko @SEAT_ID@ zostało usunięte i nie jest już dostępne.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Zmiana czasu
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Zegar systemowy został zmieniony na @REALTIME@ μs po 1 stycznia 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Zmiana strefy czasowej na @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemowa strefa czasowa została zmieniona na @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Ukończono uruchamianie systemu
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Wszystkie usługi systemowe obowiązkowo zakolejkowane do włączenia podczas
+uruchamiania systemu zostały pomyślnie uruchomione. Proszę zauważyć, że nie
+oznacza to, że komputer jest bezczynny, jako że usługi mogą wciąż kończyć
+proces uruchamiania.
+
+Uruchamianie jądra zajęło @KERNEL_USEC@ μs.
+
+Uruchamianie początkowego dysku RAM zajęło @INITRD_USEC@ μs.
+
+Uruchamianie przestrzeni użytkownika zajęło @USERSPACE_USEC@ μs.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Przejście do stanu uśpienia @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+System przeszedł do stanu uśpienia @SLEEP@.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Wyjście ze stanu uśpienia @SLEEP@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+System wyszedł ze stanu uśpienia @SLEEP@.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Zainicjowano wyłączenie systemu
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Zainicjowano wyłączenie systemd. Wyłączenie zostało rozpoczęte i wszystkie
+usługi systemowe zostały zakończone, a wszystkie systemy plików odmontowane.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Rozpoczęto uruchamianie jednostki @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jednostka @UNIT@ rozpoczęła uruchamianie.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Ukończono uruchamianie jednostki @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jednostka @UNIT@ ukończyła uruchamianie.
+
+Wynik uruchamiania: @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Rozpoczęto wyłączanie jednostki @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jednostka @UNIT@ rozpoczęła wyłączanie.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Ukończono wyłączanie jednostki @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jednostka @UNIT@ ukończyła wyłączanie.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Jednostka @UNIT@ się nie powiodła
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jednostka @UNIT@ się nie powiodła.
+
+Wynik: @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Rozpoczęto ponowne wczytywanie konfiguracji jednostki @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jednostka @UNIT@ rozpoczęła ponowne wczytywanie swojej konfiguracji.
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Ukończono ponowne wczytywanie konfiguracji jednostki @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jednostka @UNIT@ ukończyła ponowne wczytywanie swojej konfiguracji.
+
+Wynik: @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Nie można wykonać procesu @EXECUTABLE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Proces @EXECUTABLE@ nie mógł zostać wykonany i się nie powiódł.
+
+Numer błędu zwrócony przez ten proces: @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Nie można przekazać jednego lub więcej komunikatów do syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Jeden lub więcej komunikatów nie może zostać przekazanych do usługi syslog
+uruchomionej obok journald. Zwykle oznacza to, że implementacja syslog nie
+jest w stanie nadążyć za prędkością kolejki komunikatów.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Punkt montowania nie jest pusty
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Katalog @WHERE@ został podany jako punkt montowania (drugie pole w pliku
+/etc/fstab lub pole Where= w pliku jednostki systemd) i nie jest pusty. Nie
+wpływa to na montowanie, ale wcześniej istniejące pliki w tym katalogu stają
+się niedostępne. Aby zobaczyć te pliki, proszę ręcznie zamontować system
+plików w innym położeniu.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Uruchomiono maszynę wirtualną lub kontener
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Maszyna wirtualna @NAME@ (PID prowadzący @LEADER@) została uruchomiona i jest
+gotowa do użycia.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Zakończono maszynę wirtualną lub kontener
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Maszyna wirtualna @NAME@ (PID prowadzący @LEADER@) została wyłączona.
+
+-- 36db2dfa5a9045e1bd4af5f93e1cf057
+Subject: Wyłączono tryb DNSSEC, ponieważ serwer go nie obsługuje
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8) resolved.conf(5)
+
+Usługa resolver (systemd-resolved.service) wykryła, że skonfigurowany serwer
+DNS nie obsługuje DNSSEC, w wyniku czego walidacja DNSSEC została wyłączona.
+
+To zdarzenie będzie miało miejsce, jeśli skonfigurowano DNSSEC=allow-downgrade
+w pliku resolved.conf, a skonfigurowany serwer DNS jest niezgodny z DNSSEC.
+Proszę zauważyć, że używanie tego trybu umożliwia ataki wyłączające DNSSEC,
+ponieważ atakujący będzie mógł wyłączyć walidację DNSSEC na komputerze przez
+umieszczenie odpowiednich odpowiedzi DNS w kanale komunikacji.
+
+To zdarzenie może wskazywać, że serwer DNS jest faktycznie niezgodny z DNSSEC,
+albo że atakującemu udało się upozorować atak tego typu.
+
+-- 1675d7f172174098b1108bf8c7dc8f5d
+Subject: Walidacja DNSSEC się nie powiodła
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+Zapytanie DNS lub ustawiony wpis zasobu nie przeszedł walidacji DNSSEC.
+Zwykle wskazuje to, że ktoś manipulował używanym kanałem komunikacji.
+
+-- 4d4408cfd0d144859184d1e65d7c8a65
+Subject: Unieważniono kotwicę zaufania DNSSEC
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+Kotwica zaufania DNSSEC została unieważniona. Należy skonfigurować nową, albo
+system operacyjny musi zostać zaktualizowany, aby dostarczyć zaktualizowaną
+kotwicę zaufania DNSSEC.
diff --git a/src/grp-journal/catalog/systemd.pt_BR.catalog b/src/grp-journal/catalog/systemd.pt_BR.catalog
new file mode 100644
index 0000000000..8b856e8355
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.pt_BR.catalog
@@ -0,0 +1,264 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2015 Rafael Ferreira (translation)
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Catálogo de mensagens para as mensagens do próprio systemd
+
+# O formato do catálogo está documentado em
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# Para uma explicação do porquê de fazermos tudo isso, veja
+# https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: O jornal foi inciado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O processo jornal do sistema foi iniciado, arquivos foram abertos e está
+pronto para processar requisições.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: O jornal foi interrompido
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O processo do jornal do sistema foi desligado e todos os arquivos de jornal
+do sistema foram fechados.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Mensagens de um serviço foram suprimidas
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Um serviço registrou no log um número excessivo de mensagens dentro de um
+período de tempo. Mensagens do serviço foram descartadas.
+
+Note que apenas mensagens de um serviço em questão foram descartadas; outras
+mensagens dos serviços não foram afetadas.
+
+Os controles de limites de quando as mensagens são descartadas pode ser
+configurado com RateLimitIntervalSec= e RateLimitBurst= no
+/etc/systemd/journald.conf. Veja journald.conf(5) para detalhes.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Mensagens do jornal foram perdidas
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Mensagens do kernel foram perdidas pois o sistema do jornal não pôde
+processá-las em velocidade suficiente para a demanda.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Processo @COREDUMP_PID@ (@COREDUMP_COMM@) despejou núcleo
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Processo @COREDUMP_PID@ (@COREDUMP_COMM@) travou e despejou o núcleo.
+
+Isso normalmente indica um erro de programação no programa que travou e
+deveria ser relatado para seu fabricante como um erro.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: A nova sessão @SESSION_ID@ foi criada para usuário o @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Uma nova sessão com o ID @SESSION_ID@ foi criada para o usuário @USER_ID@.
+
+O processo originador da sessão é @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Sessão @SESSION_ID@ foi terminada
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Um sessão com o ID @SESSION_ID@ foi terminada.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Um novo seat @SEAT_ID@ está disponível
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Um novo seat @SEAT_ID@ foi configurado e está disponível.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Seat @SEAT_ID@ foi removido agora
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Um seat @SEAT_ID@ foi removido e não está mais disponível.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Time change
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O relógio do sistema foi alterado para @REALTIME@ microssegundos após 1º de
+janeiro de 1970.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Fuso horário alterado para @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O fuso horário do sistema foi alterado para @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Inicialização do sistema foi concluída
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Todos os serviços do sistema necessários que estão enfileirados para
+executar na inicialização do sistema, foram iniciados com sucesso. Note
+que isso não significa que a máquina está ociosa, pois os serviços podem
+ainda estar ocupados com a inicialização completa.
+
+Inicialização do kernel precisou @KERNEL_USEC@ microssegundos.
+
+Disco de RAM inicial precisou de @INITRD_USEC@ microssegundos.
+
+Inicialização do espaço do usuário precisou de @USERSPACE_USEC@ microssegundos.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Estado de suspensão do sistema @SLEEP@ iniciado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O sistema entrou agora no estado de suspensão @SLEEP@.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Estado de suspensão do sistema @SLEEP@ finalizado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O sistema saiu agora do estado de suspensão @SLEEP@.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Desligamento do sistema iniciado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Desligamento do sistema foi inicializado. O desligamento se iniciou e todos
+os serviços do sistema foram terminados e todos os sistemas desmontados.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Unidade @UNIT@ sendo iniciado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A unidade @UNIT@ está sendo iniciada.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Unidade @UNIT@ concluiu a inicialização
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A unidade @UNIT@ concluiu a inicialização.
+
+The start-up result is @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Unidade @UNIT@ sendo desligado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A unidade @UNIT@ está sendo desligada.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: A unidade @UNIT@ concluiu o desligamento
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A unidade @UNIT@ concluiu o desligamento.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: A unidade @UNIT@ falhou
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A unidade @UNIT@ falhou.
+
+O resultado é @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Unidade @UNIT@ iniciou recarregamento de sua configuração
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A unidade @UNIT@ iniciou o recarregamento de sua configuração.
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Unidade @UNIT@ concluiu recarregamento de sua configuração
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A unidade @UNIT@ concluiu o recarregamento de sua configuração.
+
+O resultado é @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Processo @EXECUTABLE@ não pôde ser executado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O processo @EXECUTABLE@ não pôde ser executado e falhou.
+
+O número de erro retornado por este processo é @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Uma ou mais mensagens não puderam ser encaminhadas para o syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Uma ou mais mensagens não puderam ser encaminhadas para o serviço do syslog
+em execução paralela ao journald. Isso normalmente indica que a implementação
+do syslog não foi capaz de se manter com a velocidade das mensagens
+enfileiradas.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Ponto de montagem não está vazio
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+O diretório @WHERE@ está especificado como ponto de montagem (o segundo campo
+no /etc/fstab ou campo Where= no arquivo de unidade do systemd) e não está
+vazio.  Isso não interfere com a montagem, mas os arquivos pré-existentes
+neste diretório se tornaram inacessívels. Para ver aqueles arquivos, sobre os
+quais foi realizada a montagem, por favor monte manualmente o sistema de
+arquivos subjacente para uma localização secundária.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Uma máquina virtual ou contêiner foi iniciado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A máquina virtual @NAME@ com seu PID @LEADER@ incial foi iniciada e está
+pronto para ser usad.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Uma máquina virtual ou contêiner foi terminado
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+A máquina virtual @NAME@ com seu PID @LEADER@ incial foi desligada.
diff --git a/src/grp-journal/catalog/systemd.ru.catalog b/src/grp-journal/catalog/systemd.ru.catalog
new file mode 100644
index 0000000000..e56dbe3acc
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.ru.catalog
@@ -0,0 +1,354 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2013-2016 Sergey Ptashnick
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Russian translation
+
+# Формат каталога сообщений описан по ссылке
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# Перед каждым элементом в комментарии указан Subject исходного
+# сообщения (на английском).
+
+# Subject: The Journal has been started
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Запущена служба журналирования
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Процесс, отвечающий за журналирование системных событий, успешно запустился,
+открыл для записи файлы журнала, и готов обрабатывать запросы.
+
+# Subject: The Journal has been stopped
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Служба журналирования остановлена
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Процесс, отвечающий за журналирование системных событий, завершил работу и
+закрыл все свои файлы.
+
+# Subject: Disk space used by the journal
+-- ec387f577b844b8fa948f33cad9a75e6
+Subject: Место на диске, занятое журналом
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@JOURNAL_NAME@ (@JOURNAL_PATH@) сейчас занимает @CURRENT_USE_PRETTY@.
+Максимальный разрешенный размер составляет @MAX_USE_PRETTY@.
+Оставляем свободными как минимум @DISK_KEEP_FREE_PRETTY@ (сейчас на диске 
+свободно @DISK_AVAILABLE_PRETTY@).
+Таким образом, предел использования составляет @LIMIT_PRETTY@, из которых
+@AVAILABLE_PRETTY@ пока свободно.
+
+Ограничения на размер журнала настраиваются при помощи параметров
+SystemMaxUse=, SystemKeepFree=, SystemMaxFileSize=, RuntimeMaxUse=, 
+RuntimeKeepFree=, RuntimeMaxFileSize= в файле /etc/systemd/journald.conf.
+Более подробные сведения вы можете получить на справочной странице 
+journald.conf(5).
+
+# Subject: Messages from a service have been suppressed
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Часть сообщений от службы пропущена
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Служба отправила слишком много сообщений за короткий промежуток времени.
+Часть сообщений была пропущена.
+
+Обратите внимание, что были пропущены сообщения только от этой службы,
+сообщения других служб не затронуты.
+
+Предел, после которого служба журнала начинает игнорировать сообщения,
+настраивается параметрами RateLimitIntervalSec= и RateLimitBurst= в файле
+/etc/systemd/journald.conf. Подробности смотрите на странице руководства
+journald.conf(5).
+
+# Subject: Journal messages have been missed
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Часть сообщений ядра пропущена
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Часть сообщений, поступивших от ядра, была потеряна, так как служба
+журналирования не успела их обработать.
+
+# Subject: Process @COREDUMP_PID@ (@COREDUMP_COMM@) dumped core
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Процесс @COREDUMP_PID@ (@COREDUMP_COMM@) сбросил дамп памяти
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Процесс @COREDUMP_PID@ (@COREDUMP_COMM@) завершился из-за критической ошибки.
+Записан дамп памяти.
+
+Вероятно, это произошло из-за ошибки, допущенной в коде программы.
+Рекомендуется сообщить её разработчикам о возникшей проблеме.
+
+# Subject: A new session @SESSION_ID@ has been created for user @USER_ID@
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Для пользователя @USER_ID@ создан новый сеанс @SESSION_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Для пользователя @USER_ID@ создан новый сеанс с идентификатором @SESSION_ID@.
+
+Главный процесс нового сеанса имеет индентификатор @LEADER@.
+
+# Subject: A session @SESSION_ID@ has been terminated
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Сеанс @SESSION_ID@ завершен
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Сеанс с идентификатором @SESSION_ID@ завершился.
+
+# Subject: A new seat @SEAT_ID@ is now available
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Добавлено новое рабочее место @SEAT_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Новое рабочее место (seat) @SEAT_ID@ полностью настроено и готово к
+использованию.
+
+# Subject: A seat @SEAT_ID@ has now been removed
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Рабочее место @SEAT_ID@ отключено
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Рабочее место (seat) @SEAT_ID@ было отключено.
+
+# Subject: Time change
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Переведены системные часы
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Системные часы были переведены. Сейчас они показывают @REALTIME@ микросекунд
+с момента 00:00:00 1 января 1970 года.
+
+# Subject: Time zone change to @TIMEZONE@
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Часовой пояс изменен на @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Системный часовой пояс был изменен. Новое значение: @TIMEZONE@.
+
+# Subject: System start-up is now complete
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Запуск системы завершен
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Все системные службы, запуск которых предписан настройками, были запущены.
+Впрочем, это ещё не означает, что система в данный момент ничем не занята,
+так как некоторые службы могут продолжать инициализацию даже после того, как
+отчитались о своем запуске.
+
+Запуск ядра занял @KERNEL_USEC@ микросекунд.
+
+Процессы начального RAM-диска (initrd) отработали за @INITRD_USEC@ микросекунд.
+
+Запуск системных служб занял @USERSPACE_USEC@ микросекунд.
+
+# Subject: System sleep state @SLEEP@ entered
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Система перешла в состояние сна (@SLEEP@)
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Система была переведена в состояние сна (@SLEEP@).
+
+# Subject: System sleep state @SLEEP@ left
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Система вышла из состояния сна (@SLEEP@)
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Система была выведена из состояния сна (@SLEEP@).
+
+# Subject: System shutdown initiated
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Подготовка системы к выключению
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Начат процесс подготовки к выключению компьютера. Останавливаются все системные
+службы, отмонтируются все файловые системы.
+
+# Subject: Unit @UNIT@ has begun with start-up
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Начинается запуск юнита @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Начат процесс запуска юнита @UNIT@.
+
+# Subject: Unit @UNIT@ has finished start-up
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Запуск юнита @UNIT@ завершен
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Процесс запуска юнита @UNIT@ был завершен.
+
+Результат: @RESULT@.
+
+# Subject: Unit @UNIT@ has begun shutting down
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Начинается остановка юнита @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Начат процесс остановки юнита @UNIT@.
+
+# Subject: Unit @UNIT@ has finished shutting down
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Завершена остановка юнита @UNIT@.
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Процесс остановки юнита @UNIT@ был завершен.
+
+# Subject: Unit @UNIT@ has failed
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Ошибка юнита @UNIT@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Произошел сбой юнита @UNIT@.
+
+Результат: @RESULT@.
+
+# Subject: Unit @UNIT@ has begun with reloading its configuration
+-- d34d037fff1847e6ae669a370e694725
+Subject: Юнит @UNIT@ начал перечитывать свои настройки
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Юнит @UNIT@ начал процесс перечитывания своей конфигурации.
+
+# Subject: Unit @UNIT@ has finished reloading its configuration
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Юнит @UNIT@ завершил перечитывание своих настроек
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Юнит @UNIT@ завершил процесс перечитывания своей конфигурации.
+
+Результат: @RESULT@.
+
+# Subject: Process @EXECUTABLE@ could not be executed
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Не удалось запустить процесс @EXECUTABLE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Сбой: не удалось запустить процесс @EXECUTABLE@.
+
+Код ошибки: @ERRNO@.
+
+# Subject: One or more messages could not be forwarded to syslog
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Часть сообщений не удалось передать процессу syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Не удалось передать некоторые сообщения демону системного лога (syslog),
+дублирующему работу службы системного журнала. Скорее всего, причина в том, что
+используемая реализация syslog не успевает обрабатывать сообщения с достаточной
+скоростью.
+
+# Subject: Mount point is not empty
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Каталог, являющийся точкой монтирования, не пуст
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Каталог @WHERE@, который был указан в качестве точки монтирования (во втором
+столбце файла /etc/fstab, либо в параметре Where= файла конфигурации юнита),
+не является пустым. Это никак не мешает монтированию, однако ранее находившиеся
+в нем файлы будут недоступны. Чтобы получить к ним доступ, вы можете вручную
+перемонтировать эту файловую систему в другую точку.
+
+# Subject: A virtual machine or container has been started
+-- 24d8d4452573402496068381a6312df2
+Subject: Запущена виртуальная машина/контейнер
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Виртуальная машина @NAME@ (идентификатор главного процесса: @LEADER@) запущена и
+готова к работе.
+
+# Subject: A virtual machine or container has been terminated
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Остановлена виртуальная машина/контейнер
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Виртуальная машина @NAME@ (идентификатор главного процесса: @LEADER@) выключена.
+
+# Subject: DNSSEC mode has been turned off, as server doesn't support it
+-- 36db2dfa5a9045e1bd4af5f93e1cf057
+Subject: Механизм DNSSEC был отключен, так как DNS-сервер его не поддерживает
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8) resolved.conf(5)
+
+Служба разрешения имен хостов (systemd-resolved.service) определила, что
+указанный в настойках DNS-сервер не поддерживает технологию DNSSEC, и 
+автоматически отключила DNSSEC-проверки.
+
+Данное событие возникает, если в файле resolved.conf указан параметр
+DNSSEC=allow-downgrade, и вышестоящий DNS-сервер не поддерживает DNSSEC.
+Обратите внимание, что режим allow-downgrade допускает возможность атаки
+"DNSSEC downgrade", в ходе которой атакующий хакер блокирует проверки DNSSEC
+путем отправки ложных сообщений от имени DNS-сервера.
+
+Возникновение данного события может свидетельствовать как о том, что ваш 
+DNS-сервер не поддерживает DNSSEC, так и о том, что некий хакер успешно провел
+против вас атаку, направленную на блокировку DNSSEC-проверок.
+
+# Subject: DNSSEC validation failed
+-- 1675d7f172174098b1108bf8c7dc8f5d
+Subject: Проверка DNSSEC провалена
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+DNS-запрос или отдельная ресурсная запись не прошла проверку DNSSEC.
+Как правило, это свидетельствует о постороннем вмешательстве в канал связи.
+
+# Subject: A DNSSEC trust anchor has been revoked
+-- 4d4408cfd0d144859184d1e65d7c8a65
+Subject: Открытый ключ DNSSEC был отозван
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:systemd-resolved.service(8)
+
+Открытый ключ (trust ahcnor) DNSSEC был отозван. Необходимо настроить новый 
+открытый ключ, либо обновить систему, чтобы получить обновленный открытый ключ.
diff --git a/src/grp-journal/catalog/systemd.sr.catalog b/src/grp-journal/catalog/systemd.sr.catalog
new file mode 100644
index 0000000000..cc689b7956
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.sr.catalog
@@ -0,0 +1,262 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Serbian translation
+
+# Формат каталога је документован на
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# Да бисте видели зашто ово радимо, погледајте https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: Журнал је покренут
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Системски журналски процес се покренуо, отворио журналске
+датотеке за упис и спреман је за обраду захтева.
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: Журнал је заустављен
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Системски журналски процес се зауставио и затворио све тренутно
+отворене журналске датотеке.
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: Поруке од услуге су утишане
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+Услуга је уписала сувише порука за једно време. Поруке
+од услуге су одбачене.
+
+Знајте да су само поруке од ове услуге одбачене, друге
+услуге нису захваћене овим.
+
+Ограничења која подешавају начин на који се поруке одбацују се могу подесити
+помоћу „RateLimitIntervalSec=“ и „RateLimitBurst=“ параметара унутар датотеке
+/etc/systemd/journald.conf. Погледајте journald.conf(5) за појединости.
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: Журналске поруке су изгубљене
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Поруке кернела су изгубљене јер журналски систем није могао да их
+обради довољно брзо.
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: Процес @COREDUMP_PID@ (@COREDUMP_COMM@) је избацио своје језгро
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+Процес @COREDUMP_PID@ (@COREDUMP_COMM@) је пао и избацио своје језгро.
+
+Ово обично значи да постоји грешка у програму који је пао и ова
+грешка треба да се пријави продавцу.
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: Нова сесија @SESSION_ID@ је направљена за корисника @USER_ID@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Нова сесија са ИБ-ом @SESSION_ID@ је направљена за корисника @USER_ID@.
+
+Водећи процес сесије је @LEADER@.
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: Сесија @SESSION_ID@ је окончана
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Сесија са ИБ-ом @SESSION_ID@ је окончана.
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: Ново седиште @SEAT_ID@ је сада доступно
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Ново седиште @SEAT_ID@ је исподешавано и сада је доступно.
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: Седиште @SEAT_ID@ је сада уклоњено
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+Седиште @SEAT_ID@ је сада уклоњено и више није доступно.
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: Време је промењено
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Системски сат је сада подешен на @REALTIME@ микросекунде након 1. јануара 1970. године.
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: Временска зона је промењена на @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Временска зона је промењена на @TIMEZONE@.
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: Подизање система је сада готово
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Све системске услуге које су заказане за подизање су успешно покренуте.
+Знајте да ово не значи да је машина сада беспослена јер услуге могу
+и даље бити заузете завршавањем покретања система.
+
+Подизање кернела је трајало @KERNEL_USEC@ микросекунде.
+
+Подизање почетног РАМ диска је трајало @INITRD_USEC@ микросекунде.
+
+Подизање корисничких програма је трајало @USERSPACE_USEC@ микросекунде.
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: Системско стање спавања @SLEEP@ започето
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Систем је сада ушао у @SLEEP@ стање спавања.
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: Системско стање спавања @SLEEP@ напуштено
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Систем је изашао из @SLEEP@ стања спавања.
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: Гашење система започето
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Систем-де гашење је започето. Гашење је сада почело и све
+системске услуге су окончане и сви системи датотека откачени.
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: Јединица @UNIT@ је почела са покретањем
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Јединица @UNIT@ је почела са покретањем.
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: Јединица @UNIT@ је завршила са покретањем
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Јединица @UNIT@ је завршила са покретањем.
+
+Исход покретања је @RESULT@.
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: Јединица @UNIT@ је почела са гашењем
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Јединица @UNIT@ је почела са гашењем.
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: Јединица @UNIT@ је завршила са гашењем
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Јединица @UNIT@ је завршила са гашењем.
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: Јединица @UNIT@ је пукла
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Јединица @UNIT@ је пукла.
+
+Исход је @RESULT@.
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: Јединица @UNIT@ је почела са поновним учитавањем свог подешавања
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Јединица @UNIT@ је почела са поновним учитавањем свог подешавања
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: Јединица @UNIT@ је завршила са поновним учитавањем свог подешавања
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Јединица @UNIT@ је завршила са поновним учитавањем свог подешавања
+
+Исход је @RESULT@.
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: Процес @EXECUTABLE@ није могао бити извршен
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Процес @EXECUTABLE@ није могао бити извршен и пукао је.
+
+Овај процес је вратио број грешке @ERRNO@.
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: Једна или више порука није могло бити прослеђено системском записнику
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Једна или више порука није могло бити прослеђено „syslog“ услузи
+која ради упоредно са журнал-деом. Ово обично значи да спроведена
+„syslog“ услуга није могла да издржи брзину свих надолазећих
+порука у реду.
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: Тачка качења није празна
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Директоријум @WHERE@ је наведен као тачка качења (друго поље у
+/etc/fstab датотеци или у „Where=“ пољу систем-де јединичне датотеке)
+и он није празан. Ово не утиче на качење али ће већ постојеће датотеке у
+овом директоријуму постати недоступне. Да бисте видели ове недоступне
+датотеке, ручно прикачите основни систем датотека у другу
+путању.
+
+-- 24d8d4452573402496068381a6312df2
+Subject: Виртуелна машина или контејнер је покренут(а)
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Виртуелна машина @NAME@ са водећим ПИБ-ом @LEADER@ је
+покренута и сада је спремна за коришћење.
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: Виртуелна машина или контејнер је окончан(а)
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Виртуелна машина @NAME@ са водећим ПИБ-ом @LEADER@ је
+угашена.
diff --git a/src/grp-journal/catalog/systemd.zh_CN.catalog b/src/grp-journal/catalog/systemd.zh_CN.catalog
new file mode 100644
index 0000000000..ed59fc9250
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.zh_CN.catalog
@@ -0,0 +1,253 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2015 Boyuan Yang
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Simplified Chinese translation
+
+# 本 catalog 文档格式被记载在
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# 如需了解我们为什么做这些工作，请见 https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: 日志已开始
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系统日志进程已启动，已打开供写入的日志文件并准备好处理请求。
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: 日志已停止
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系统日志进程已终止，并已关闭所有当前活动的日志文件。
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: 由某个服务而来的消息已被抑制
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+某个服务在一个时间周期内记录了太多消息。
+从该服务而来的消息已被丢弃。
+
+请注意只有由有问题的服务传来的消息被丢弃，
+其它服务的消息不受影响。
+
+可以在 /etc/systemd/journald.conf 中设定 RateLimitIntervalSec=
+以及 RateLimitBurst = 的值以控制丢弃信息的限制。
+请参见 journald.conf(5) 以了解详情。
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: 日志消息已遗失
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+因日志系统对内核消息的处理速度不够快，
+部分信息已经遗失。
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: 进程 @COREDUMP_PID@ (@COREDUMP_COMM@) 核心已转储
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+进程 @COREDUMP_PID@ (@COREDUMP_COMM@) 已崩溃并进行核心转储。
+
+这通常意味着崩溃程序中存在编程错误，并应当将此错误向其开发者报告。
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: 一个新会话 @SESSION_ID@ 已为用户 @USER_ID@ 建立
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+一个 ID 为 @SESSION_ID@ 的新会话已为用户 @USER_ID@ 建立。
+
+该会话的首进程为 @LEADER@。
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: 会话 @SESSION_ID@ 已终止
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+一个 ID 为 @SESSION_ID@ 的会话已终止。
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: 一个新的座位 @SEAT_ID@ 可用
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+一个新的座位 @SEAT_ID@ 已被配置并已可用。
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: 座位 @SEAT_ID@ 已被移除
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+座位 @SEAT_ID@ 已被移除并不再可用。
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: 时间已变更
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系统时钟已变更为1970年1月1日后 @REALTIME@ 微秒。
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: 时区变更为 @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系统时区已变更为 @TIMEZONE@。
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: 系统启动已完成
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+所有系统启动时需要的系统服务均已成功启动。
+请注意这并不代表现在机器已经空闲，因为某些服务可能仍处于完成启动的过程中。
+
+内核启动使用了 @KERNEL_USEC@ 毫秒。
+
+初始内存盘启动使用了 @INITRD_USEC@ 毫秒。
+
+用户空间启动使用了 @USERSPACE_USEC@ 毫秒。
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: 系统已进入 @SLEEP@ 睡眠状态
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-deve
+
+系统现已进入 @SLEEP@ 睡眠状态。
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: 系统已离开 @SLEEP@ 睡眠状态
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系统现已离开 @SLEEP@ 睡眠状态。
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: 系统关机已开始
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系统关机操作已初始化。
+关机已开始，所有系统服务均已结束，所有文件系统已卸载。
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: @UNIT@ 单元已开始启动
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 单元已开始启动。
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: @UNIT@ 单元已结束启动
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 单元已结束启动。
+
+启动结果为“@RESULT@”。
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: @UNIT@ 单元已开始停止操作
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 单元已开始停止操作。
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: @UNIT@ 单元已结束停止操作
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 单元已结束停止操作。
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: @UNIT@ 单元已失败
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 单元已失败。
+
+结果为“@RESULT@”。
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: @UNIT@ 单元已开始重新载入其配置
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 单元已开始重新载入其配置。
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: @UNIT@ 单元已结束配置重载入
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+@UNIT@ 单元已结束配置重载入操作。
+
+结果为“@RESULT@”。
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: 进程 @EXECUTABLE@ 无法执行
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+进程 @EXECUTABLE@ 无法被执行并已失败。
+
+该进程返回的错误代码为 @ERRNO@。
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: 一个或更多消息无法被转发至 syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+有一条或更多的消息无法被转发至与 journald 同时运行的 syslog 服务。
+这通常意味着 syslog 实现无法跟上队列中消息进入的速度。
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: 挂载点不为空
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+目录 @WHERE@ 被指定为挂载点（即 /etc/fstab 文件的第二栏，或 systemd 单元
+文件的 Where= 字段），且该目录非空。
+这并不会影响挂载行为，但该目录中先前已存在的文件将无法被访问。
+如需查看这些文件，请手动将其下的文件系统挂载到另一个位置。
+
+-- 24d8d4452573402496068381a6312df2
+Subject: 一个虚拟机或容器已启动
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+虚拟机 @NAME@，以及其首进程 PID @LEADER@，已被启动并可被使用。
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: 一个虚拟机或容器已被终止
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+虚拟机 @NAME@，以及其首进程 PID @LEADER@，已被关闭并停止。
diff --git a/src/grp-journal/catalog/systemd.zh_TW.catalog b/src/grp-journal/catalog/systemd.zh_TW.catalog
new file mode 100644
index 0000000000..aa5004db08
--- /dev/null
+++ b/src/grp-journal/catalog/systemd.zh_TW.catalog
@@ -0,0 +1,263 @@
+#  This file is part of systemd.
+#
+#  Copyright 2012 Lennart Poettering
+#  Copyright 2015 Jeff Huang
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+# Message catalog for systemd's own messages
+# Traditional Chinese translation
+
+# Catalog 的格式記錄於
+# http://www.freedesktop.org/wiki/Software/systemd/catalog
+
+# For an explanation why we do all this, see https://xkcd.com/1024/
+
+-- f77379a8490b408bbe5f6940505a777b
+Subject: 日誌已開始
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系統日誌行程已啟動，已開啟日誌
+檔案供寫入並準備好對行程的要求做出回應。
+
+-- d93fb3c9c24d451a97cea615ce59c00b
+Subject: 日誌已停止
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系統日誌行程已關閉，且關閉所有目前
+活躍的日誌檔案。
+
+-- a596d6fe7bfa4994828e72309e95d61e
+Subject: 從服務而來的訊息已被抑制
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:journald.conf(5)
+
+有一個服務在一個時間週期內記錄了太多訊息。
+從該服務而來的訊息已被丟棄。
+
+注意，只有有問題的服務之訊息被丟棄，
+其他服務的訊息則不受影響。
+
+可以在 /etc/systemd/journald.conf 中設定
+RateLimitIntervalSec= 以及 RateLimitBurst=
+來控制當訊息要開始被丟棄時的限制。參見 journald.conf(5) 以獲得更多資訊。
+
+-- e9bf28e6e834481bb6f48f548ad13606
+Subject: 日誌訊息已遺失
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+因日誌系統對核心訊息的處理不夠快速，
+部份訊息已遺失。
+
+-- fc2e22bc6ee647b6b90729ab34a250b1
+Subject: 行程 @COREDUMP_PID@ (@COREDUMP_COMM@) 核心傾印
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: man:core(5)
+
+行程 @COREDUMP_PID@ (@COREDUMP_COMM@) 當掉並核心傾印。
+
+這通常代表了在當掉的程式中的一個程式錯誤
+並需要回報錯誤給其開發者。
+
+-- 8d45620c1a4348dbb17410da57c60c66
+Subject: 新的工作階段 @SESSION_ID@ 已為使用者 @USER_ID@ 建立
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+一個新的工作階段，ID @SESSION_ID@ 已為使用者 @USER_ID@ 建立。
+
+這個工作階段的領導行程為 @LEADER@。
+
+-- 3354939424b4456d9802ca8333ed424a
+Subject: 工作階段 @SESSION_ID@ 已結束
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+一個工作階段，ID @SESSION_ID@ 已結束。
+
+-- fcbefc5da23d428093f97c82a9290f7b
+Subject: 新的座位 @SEAT_ID@ 可用
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+一個新的座位 @SEAT_ID@ 已被設定且現在可用。
+
+-- e7852bfe46784ed0accde04bc864c2d5
+Subject: 座位 @SEAT_ID@ 已被移除
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
+
+座位 @SEAT_ID@ 已被移除且不再可用。
+
+-- c7a787079b354eaaa9e77b371893cd27
+Subject: 時間變更
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系統時間已變更為1970年1月1日後 @REALTIME@ 微秒。
+
+-- 45f82f4aef7a4bbf942ce861d1f20990
+Subject: 時區變更為 @TIMEZONE@
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系統時區已變更為 @TIMEZONE@。
+
+-- b07a249cd024414a82dd00cd181378ff
+Subject: 系統啟動已完成
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+所有開機所必要的系統服務都已成功啟動。
+注意這並不代表這臺機器有空閒的時間
+可以服務，可能仍忙於完成啟動。
+
+核心啟動需要 @KERNEL_USEC@ 微秒。
+
+初始 RAM 磁碟啟動需要 @INITRD_USEC@ 微秒。
+
+使用者空間啟動需要 @USERSPACE_USEC@ 微秒。
+
+-- 6bbd95ee977941e497c48be27c254128
+Subject: 系統進入 @SLEEP@ 睡眠狀態
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系統現在已進入 @SLEEP@ 睡眠狀態。
+
+-- 8811e6df2a8e40f58a94cea26f8ebf14
+Subject: 系統離開 @SLEEP@ 睡眠狀態
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+系統現在已離開 @SLEEP@ 睡眠狀態。
+
+-- 98268866d1d54a499c4e98921d93bc40
+Subject: 系統關機開始
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+Systemd 關閉已經開始。關閉已開始且所有系統服務
+都已結束，所有的檔案系統也都已被卸載。
+
+-- 7d4958e842da4a758f6c1cdc7b36dcc5
+Subject: 單位 @UNIT@ 已開始啟動
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+單位 @UNIT@ 已開始啟動。
+
+-- 39f53479d3a045ac8e11786248231fbf
+Subject: 單位 @UNIT@ 啟動已結束
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+單位 @UNIT@ 啟動已結束。
+
+啟動結果為 @RESULT@。
+
+-- de5b426a63be47a7b6ac3eaac82e2f6f
+Subject: 單位 @UNIT@ 已開始關閉
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+單位 @UNIT@ 已開始關閉。
+
+-- 9d1aaa27d60140bd96365438aad20286
+Subject: 單位 @UNIT@ 已關閉結束
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+單位 @UNIT@ 已關閉結束。
+
+-- be02cf6855d2428ba40df7e9d022f03d
+Subject: 單位 @UNIT@ 已失敗
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+單位 @UNIT@ 已失敗。
+
+結果為 @RESULT@。
+
+-- d34d037fff1847e6ae669a370e694725
+Subject: 單位 @UNIT@ 已開始重新載入其設定
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+單位 @UNIT@ 已開始重新載入其設定
+
+-- 7b05ebc668384222baa8881179cfda54
+Subject: 單位 @UNIT@ 已結束重新載入其設定
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+單位 @UNIT@ 已結束重新載入其設定
+
+結果為 @RESULT@。
+
+-- 641257651c1b4ec9a8624d7a40a9e1e7
+Subject: 行程 @EXECUTABLE@ 無法執行
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+行程 @EXECUTABLE@ 無法執行且失敗。
+
+由該行程所回傳的錯誤碼為 @ERRNO@。
+
+-- 0027229ca0644181a76c4e92458afa2e
+Subject: 一個或更多訊息無法被轉發到 syslog
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+一個或更多訊息無法被轉發到 syslog 服務
+以及並行執行的 journald。這通常代表著
+syslog 實作並無未跟上佇列中訊息
+的速度。
+
+-- 1dee0369c7fc4736b7099b38ecb46ee7
+Subject: 掛載點不為空
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+目錄 @WHERE@ 被指定為掛載點（在 /etc/fstab 中的
+第二欄或是在 systemd 單位檔案中的 Where= 欄位）且其不為空。
+這並不會干擾掛載，但在此目錄中已存在的檔案
+會變成無法存取的狀態。要檢視這些 over-mounted 的檔案，
+請手動掛載下面的檔案系統到次要
+位置。
+
+-- 24d8d4452573402496068381a6312df2
+Subject: 虛擬機器或容器已啟動
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+虛擬機器 @NAME@ 包含它的領導 PID @LEADER@ 現在
+已經開始並已經可以使用。
+
+-- 58432bd3bace477cb514b56381b8a758
+Subject: 虛擬機器或容器已結束
+Defined-By: systemd
+Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+
+虛擬機器 @NAME@ 包含它的領導 PID @LEADER@ 已經
+關閉。
diff --git a/src/grp-journal/journalctl/Makefile b/src/grp-journal/journalctl/Makefile
new file mode 100644
index 0000000000..c3cdb6b27a
--- /dev/null
+++ b/src/grp-journal/journalctl/Makefile
@@ -0,0 +1,49 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+# using _CFLAGS = in the conditional below would suppress AM_CFLAGS
+journalctl_CFLAGS = \
+	$(AM_CFLAGS)
+
+journalctl_SOURCES = \
+	src/journal/journalctl.c
+
+journalctl_LDADD = \
+	libshared.la \
+	libudev-core.la
+
+ifneq ($(HAVE_QRENCODE),)
+journalctl_SOURCES += \
+	src/journal/journal-qrcode.c \
+	src/journal/journal-qrcode.h
+
+journalctl_CFLAGS += \
+	$(QRENCODE_CFLAGS)
+
+journalctl_LDADD += \
+	$(QRENCODE_LIBS)
+endif # HAVE_QRENCODE
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-journal/journalctl/journalctl.c b/src/grp-journal/journalctl/journalctl.c
new file mode 100644
index 0000000000..3602bd0556
--- /dev/null
+++ b/src/grp-journal/journalctl/journalctl.c
@@ -0,0 +1,2600 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <fnmatch.h>
+#include <getopt.h>
+#include <linux/fs.h>
+#include <locale.h>
+#include <poll.h>
+#include <signal.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/inotify.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-journal.h>
+
+#include "acl-util.h"
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "catalog.h"
+#include "chattr-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "fsprg.h"
+#include "glob-util.h"
+#include "hostname-util.h"
+#include "io-util.h"
+#include "journal-def.h"
+#include "journal-internal.h"
+#include "journal-qrcode.h"
+#include "journal-vacuum.h"
+#include "journal-verify.h"
+#include "locale-util.h"
+#include "log.h"
+#include "logs-show.h"
+#include "mkdir.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "rlimit-util.h"
+#include "set.h"
+#include "sigbus.h"
+#include "strv.h"
+#include "syslog-util.h"
+#include "terminal-util.h"
+#include "udev.h"
+#include "udev-util.h"
+#include "unit-name.h"
+#include "user-util.h"
+
+#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
+
+enum {
+        /* Special values for arg_lines */
+        ARG_LINES_DEFAULT = -2,
+        ARG_LINES_ALL = -1,
+};
+
+static OutputMode arg_output = OUTPUT_SHORT;
+static bool arg_utc = false;
+static bool arg_pager_end = false;
+static bool arg_follow = false;
+static bool arg_full = true;
+static bool arg_all = false;
+static bool arg_no_pager = false;
+static int arg_lines = ARG_LINES_DEFAULT;
+static bool arg_no_tail = false;
+static bool arg_quiet = false;
+static bool arg_merge = false;
+static bool arg_boot = false;
+static sd_id128_t arg_boot_id = {};
+static int arg_boot_offset = 0;
+static bool arg_dmesg = false;
+static bool arg_no_hostname = false;
+static const char *arg_cursor = NULL;
+static const char *arg_after_cursor = NULL;
+static bool arg_show_cursor = false;
+static const char *arg_directory = NULL;
+static char **arg_file = NULL;
+static bool arg_file_stdin = false;
+static int arg_priorities = 0xFF;
+static const char *arg_verify_key = NULL;
+#ifdef HAVE_GCRYPT
+static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
+static bool arg_force = false;
+#endif
+static usec_t arg_since, arg_until;
+static bool arg_since_set = false, arg_until_set = false;
+static char **arg_syslog_identifier = NULL;
+static char **arg_system_units = NULL;
+static char **arg_user_units = NULL;
+static const char *arg_field = NULL;
+static bool arg_catalog = false;
+static bool arg_reverse = false;
+static int arg_journal_type = 0;
+static char *arg_root = NULL;
+static const char *arg_machine = NULL;
+static uint64_t arg_vacuum_size = 0;
+static uint64_t arg_vacuum_n_files = 0;
+static usec_t arg_vacuum_time = 0;
+
+static enum {
+        ACTION_SHOW,
+        ACTION_NEW_ID128,
+        ACTION_PRINT_HEADER,
+        ACTION_SETUP_KEYS,
+        ACTION_VERIFY,
+        ACTION_DISK_USAGE,
+        ACTION_LIST_CATALOG,
+        ACTION_DUMP_CATALOG,
+        ACTION_UPDATE_CATALOG,
+        ACTION_LIST_BOOTS,
+        ACTION_FLUSH,
+        ACTION_SYNC,
+        ACTION_ROTATE,
+        ACTION_VACUUM,
+        ACTION_LIST_FIELDS,
+        ACTION_LIST_FIELD_NAMES,
+} arg_action = ACTION_SHOW;
+
+typedef struct BootId {
+        sd_id128_t id;
+        uint64_t first;
+        uint64_t last;
+        LIST_FIELDS(struct BootId, boot_list);
+} BootId;
+
+static int add_matches_for_device(sd_journal *j, const char *devpath) {
+        int r;
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
+        struct udev_device *d = NULL;
+        struct stat st;
+
+        assert(j);
+        assert(devpath);
+
+        if (!path_startswith(devpath, "/dev/")) {
+                log_error("Devpath does not start with /dev/");
+                return -EINVAL;
+        }
+
+        udev = udev_new();
+        if (!udev)
+                return log_oom();
+
+        r = stat(devpath, &st);
+        if (r < 0)
+                log_error_errno(errno, "Couldn't stat file: %m");
+
+        d = device = udev_device_new_from_devnum(udev, S_ISBLK(st.st_mode) ? 'b' : 'c', st.st_rdev);
+        if (!device)
+                return log_error_errno(errno, "Failed to get udev device from devnum %u:%u: %m", major(st.st_rdev), minor(st.st_rdev));
+
+        while (d) {
+                _cleanup_free_ char *match = NULL;
+                const char *subsys, *sysname, *devnode;
+
+                subsys = udev_device_get_subsystem(d);
+                if (!subsys) {
+                        d = udev_device_get_parent(d);
+                        continue;
+                }
+
+                sysname = udev_device_get_sysname(d);
+                if (!sysname) {
+                        d = udev_device_get_parent(d);
+                        continue;
+                }
+
+                match = strjoin("_KERNEL_DEVICE=+", subsys, ":", sysname, NULL);
+                if (!match)
+                        return log_oom();
+
+                r = sd_journal_add_match(j, match, 0);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add match: %m");
+
+                devnode = udev_device_get_devnode(d);
+                if (devnode) {
+                        _cleanup_free_ char *match1 = NULL;
+
+                        r = stat(devnode, &st);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to stat() device node \"%s\": %m", devnode);
+
+                        r = asprintf(&match1, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st.st_mode) ? 'b' : 'c', major(st.st_rdev), minor(st.st_rdev));
+                        if (r < 0)
+                                return log_oom();
+
+                        r = sd_journal_add_match(j, match1, 0);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to add match: %m");
+                }
+
+                d = udev_device_get_parent(d);
+        }
+
+        r = add_match_this_boot(j, arg_machine);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for the current boot: %m");
+
+        return 0;
+}
+
+static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
+
+        if (arg_utc)
+                return format_timestamp_utc(buf, l, t);
+
+        return format_timestamp(buf, l, t);
+}
+
+static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
+        sd_id128_t id = SD_ID128_NULL;
+        int off = 0, r;
+
+        if (strlen(x) >= 32) {
+                char *t;
+
+                t = strndupa(x, 32);
+                r = sd_id128_from_string(t, &id);
+                if (r >= 0)
+                        x += 32;
+
+                if (*x != '-' && *x != '+' && *x != 0)
+                        return -EINVAL;
+
+                if (*x != 0) {
+                        r = safe_atoi(x, &off);
+                        if (r < 0)
+                                return r;
+                }
+        } else {
+                r = safe_atoi(x, &off);
+                if (r < 0)
+                        return r;
+        }
+
+        if (boot_id)
+                *boot_id = id;
+
+        if (offset)
+                *offset = off;
+
+        return 0;
+}
+
+static void help(void) {
+
+        pager_open(arg_no_pager, arg_pager_end);
+
+        printf("%s [OPTIONS...] [MATCHES...]\n\n"
+               "Query the journal.\n\n"
+               "Options:\n"
+               "     --system              Show the system journal\n"
+               "     --user                Show the user journal for the current user\n"
+               "  -M --machine=CONTAINER   Operate on local container\n"
+               "  -S --since=DATE          Show entries not older than the specified date\n"
+               "  -U --until=DATE          Show entries not newer than the specified date\n"
+               "  -c --cursor=CURSOR       Show entries starting at the specified cursor\n"
+               "     --after-cursor=CURSOR Show entries after the specified cursor\n"
+               "     --show-cursor         Print the cursor after all the entries\n"
+               "  -b --boot[=ID]           Show current boot or the specified boot\n"
+               "     --list-boots          Show terse information about recorded boots\n"
+               "  -k --dmesg               Show kernel message log from the current boot\n"
+               "  -u --unit=UNIT           Show logs from the specified unit\n"
+               "     --user-unit=UNIT      Show logs from the specified user unit\n"
+               "  -t --identifier=STRING   Show entries with the specified syslog identifier\n"
+               "  -p --priority=RANGE      Show entries with the specified priority\n"
+               "  -e --pager-end           Immediately jump to the end in the pager\n"
+               "  -f --follow              Follow the journal\n"
+               "  -n --lines[=INTEGER]     Number of journal entries to show\n"
+               "     --no-tail             Show all lines, even in follow mode\n"
+               "  -r --reverse             Show the newest entries first\n"
+               "  -o --output=STRING       Change journal output mode (short, short-iso,\n"
+               "                                   short-precise, short-monotonic, verbose,\n"
+               "                                   export, json, json-pretty, json-sse, cat)\n"
+               "     --utc                 Express time in Coordinated Universal Time (UTC)\n"
+               "  -x --catalog             Add message explanations where available\n"
+               "     --no-full             Ellipsize fields\n"
+               "  -a --all                 Show all fields, including long and unprintable\n"
+               "  -q --quiet               Do not show info messages and privilege warning\n"
+               "     --no-pager            Do not pipe output into a pager\n"
+               "     --no-hostname         Suppress output of hostname field\n"
+               "  -m --merge               Show entries from all available journals\n"
+               "  -D --directory=PATH      Show journal files from directory\n"
+               "     --file=PATH           Show journal file\n"
+               "     --root=ROOT           Operate on catalog files below a root directory\n"
+#ifdef HAVE_GCRYPT
+               "     --interval=TIME       Time interval for changing the FSS sealing key\n"
+               "     --verify-key=KEY      Specify FSS verification key\n"
+               "     --force               Override of the FSS key pair with --setup-keys\n"
+#endif
+               "\nCommands:\n"
+               "  -h --help                Show this help text\n"
+               "     --version             Show package version\n"
+               "  -N --fields              List all field names currently used\n"
+               "  -F --field=FIELD         List all values that a specified field takes\n"
+               "     --disk-usage          Show total disk usage of all journal files\n"
+               "     --vacuum-size=BYTES   Reduce disk usage below specified size\n"
+               "     --vacuum-files=INT    Leave only the specified number of journal files\n"
+               "     --vacuum-time=TIME    Remove journal files older than specified time\n"
+               "     --verify              Verify journal file consistency\n"
+               "     --sync                Synchronize unwritten journal messages to disk\n"
+               "     --flush               Flush all journal data from /run into /var\n"
+               "     --rotate              Request immediate rotation of the journal files\n"
+               "     --header              Show journal header information\n"
+               "     --list-catalog        Show all message IDs in the catalog\n"
+               "     --dump-catalog        Show entries in the message catalog\n"
+               "     --update-catalog      Update the message catalog database\n"
+               "     --new-id128           Generate a new 128-bit ID\n"
+#ifdef HAVE_GCRYPT
+               "     --setup-keys          Generate a new FSS key pair\n"
+#endif
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_PAGER,
+                ARG_NO_FULL,
+                ARG_NO_TAIL,
+                ARG_NEW_ID128,
+                ARG_LIST_BOOTS,
+                ARG_USER,
+                ARG_SYSTEM,
+                ARG_ROOT,
+                ARG_HEADER,
+                ARG_SETUP_KEYS,
+                ARG_FILE,
+                ARG_INTERVAL,
+                ARG_VERIFY,
+                ARG_VERIFY_KEY,
+                ARG_DISK_USAGE,
+                ARG_AFTER_CURSOR,
+                ARG_SHOW_CURSOR,
+                ARG_USER_UNIT,
+                ARG_LIST_CATALOG,
+                ARG_DUMP_CATALOG,
+                ARG_UPDATE_CATALOG,
+                ARG_FORCE,
+                ARG_UTC,
+                ARG_SYNC,
+                ARG_FLUSH,
+                ARG_ROTATE,
+                ARG_VACUUM_SIZE,
+                ARG_VACUUM_FILES,
+                ARG_VACUUM_TIME,
+                ARG_NO_HOSTNAME,
+        };
+
+        static const struct option options[] = {
+                { "help",           no_argument,       NULL, 'h'                },
+                { "version" ,       no_argument,       NULL, ARG_VERSION        },
+                { "no-pager",       no_argument,       NULL, ARG_NO_PAGER       },
+                { "pager-end",      no_argument,       NULL, 'e'                },
+                { "follow",         no_argument,       NULL, 'f'                },
+                { "force",          no_argument,       NULL, ARG_FORCE          },
+                { "output",         required_argument, NULL, 'o'                },
+                { "all",            no_argument,       NULL, 'a'                },
+                { "full",           no_argument,       NULL, 'l'                },
+                { "no-full",        no_argument,       NULL, ARG_NO_FULL        },
+                { "lines",          optional_argument, NULL, 'n'                },
+                { "no-tail",        no_argument,       NULL, ARG_NO_TAIL        },
+                { "new-id128",      no_argument,       NULL, ARG_NEW_ID128      },
+                { "quiet",          no_argument,       NULL, 'q'                },
+                { "merge",          no_argument,       NULL, 'm'                },
+                { "boot",           optional_argument, NULL, 'b'                },
+                { "list-boots",     no_argument,       NULL, ARG_LIST_BOOTS     },
+                { "this-boot",      optional_argument, NULL, 'b'                }, /* deprecated */
+                { "dmesg",          no_argument,       NULL, 'k'                },
+                { "system",         no_argument,       NULL, ARG_SYSTEM         },
+                { "user",           no_argument,       NULL, ARG_USER           },
+                { "directory",      required_argument, NULL, 'D'                },
+                { "file",           required_argument, NULL, ARG_FILE           },
+                { "root",           required_argument, NULL, ARG_ROOT           },
+                { "header",         no_argument,       NULL, ARG_HEADER         },
+                { "identifier",     required_argument, NULL, 't'                },
+                { "priority",       required_argument, NULL, 'p'                },
+                { "setup-keys",     no_argument,       NULL, ARG_SETUP_KEYS     },
+                { "interval",       required_argument, NULL, ARG_INTERVAL       },
+                { "verify",         no_argument,       NULL, ARG_VERIFY         },
+                { "verify-key",     required_argument, NULL, ARG_VERIFY_KEY     },
+                { "disk-usage",     no_argument,       NULL, ARG_DISK_USAGE     },
+                { "cursor",         required_argument, NULL, 'c'                },
+                { "after-cursor",   required_argument, NULL, ARG_AFTER_CURSOR   },
+                { "show-cursor",    no_argument,       NULL, ARG_SHOW_CURSOR    },
+                { "since",          required_argument, NULL, 'S'                },
+                { "until",          required_argument, NULL, 'U'                },
+                { "unit",           required_argument, NULL, 'u'                },
+                { "user-unit",      required_argument, NULL, ARG_USER_UNIT      },
+                { "field",          required_argument, NULL, 'F'                },
+                { "fields",         no_argument,       NULL, 'N'                },
+                { "catalog",        no_argument,       NULL, 'x'                },
+                { "list-catalog",   no_argument,       NULL, ARG_LIST_CATALOG   },
+                { "dump-catalog",   no_argument,       NULL, ARG_DUMP_CATALOG   },
+                { "update-catalog", no_argument,       NULL, ARG_UPDATE_CATALOG },
+                { "reverse",        no_argument,       NULL, 'r'                },
+                { "machine",        required_argument, NULL, 'M'                },
+                { "utc",            no_argument,       NULL, ARG_UTC            },
+                { "flush",          no_argument,       NULL, ARG_FLUSH          },
+                { "sync",           no_argument,       NULL, ARG_SYNC           },
+                { "rotate",         no_argument,       NULL, ARG_ROTATE         },
+                { "vacuum-size",    required_argument, NULL, ARG_VACUUM_SIZE    },
+                { "vacuum-files",   required_argument, NULL, ARG_VACUUM_FILES   },
+                { "vacuum-time",    required_argument, NULL, ARG_VACUUM_TIME    },
+                { "no-hostname",    no_argument,       NULL, ARG_NO_HOSTNAME    },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:S:U:t:u:NF:xrM:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case 'e':
+                        arg_pager_end = true;
+
+                        if (arg_lines == ARG_LINES_DEFAULT)
+                                arg_lines = 1000;
+
+                        break;
+
+                case 'f':
+                        arg_follow = true;
+                        break;
+
+                case 'o':
+                        arg_output = output_mode_from_string(optarg);
+                        if (arg_output < 0) {
+                                log_error("Unknown output format '%s'.", optarg);
+                                return -EINVAL;
+                        }
+
+                        if (arg_output == OUTPUT_EXPORT ||
+                            arg_output == OUTPUT_JSON ||
+                            arg_output == OUTPUT_JSON_PRETTY ||
+                            arg_output == OUTPUT_JSON_SSE ||
+                            arg_output == OUTPUT_CAT)
+                                arg_quiet = true;
+
+                        break;
+
+                case 'l':
+                        arg_full = true;
+                        break;
+
+                case ARG_NO_FULL:
+                        arg_full = false;
+                        break;
+
+                case 'a':
+                        arg_all = true;
+                        break;
+
+                case 'n':
+                        if (optarg) {
+                                if (streq(optarg, "all"))
+                                        arg_lines = ARG_LINES_ALL;
+                                else {
+                                        r = safe_atoi(optarg, &arg_lines);
+                                        if (r < 0 || arg_lines < 0) {
+                                                log_error("Failed to parse lines '%s'", optarg);
+                                                return -EINVAL;
+                                        }
+                                }
+                        } else {
+                                arg_lines = 10;
+
+                                /* Hmm, no argument? Maybe the next
+                                 * word on the command line is
+                                 * supposed to be the argument? Let's
+                                 * see if there is one, and is
+                                 * parsable. */
+                                if (optind < argc) {
+                                        int n;
+                                        if (streq(argv[optind], "all")) {
+                                                arg_lines = ARG_LINES_ALL;
+                                                optind++;
+                                        } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
+                                                arg_lines = n;
+                                                optind++;
+                                        }
+                                }
+                        }
+
+                        break;
+
+                case ARG_NO_TAIL:
+                        arg_no_tail = true;
+                        break;
+
+                case ARG_NEW_ID128:
+                        arg_action = ACTION_NEW_ID128;
+                        break;
+
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
+                case 'm':
+                        arg_merge = true;
+                        break;
+
+                case 'b':
+                        arg_boot = true;
+
+                        if (optarg) {
+                                r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
+                                if (r < 0) {
+                                        log_error("Failed to parse boot descriptor '%s'", optarg);
+                                        return -EINVAL;
+                                }
+                        } else {
+
+                                /* Hmm, no argument? Maybe the next
+                                 * word on the command line is
+                                 * supposed to be the argument? Let's
+                                 * see if there is one and is parsable
+                                 * as a boot descriptor... */
+
+                                if (optind < argc &&
+                                    parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
+                                        optind++;
+                        }
+
+                        break;
+
+                case ARG_LIST_BOOTS:
+                        arg_action = ACTION_LIST_BOOTS;
+                        break;
+
+                case 'k':
+                        arg_boot = arg_dmesg = true;
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_journal_type |= SD_JOURNAL_SYSTEM;
+                        break;
+
+                case ARG_USER:
+                        arg_journal_type |= SD_JOURNAL_CURRENT_USER;
+                        break;
+
+                case 'M':
+                        arg_machine = optarg;
+                        break;
+
+                case 'D':
+                        arg_directory = optarg;
+                        break;
+
+                case ARG_FILE:
+                        if (streq(optarg, "-"))
+                                /* An undocumented feature: we can read journal files from STDIN. We don't document
+                                 * this though, since after all we only support this for mmap-able, seekable files, and
+                                 * not for example pipes which are probably the primary usecase for reading things from
+                                 * STDIN. To avoid confusion we hence don't document this feature. */
+                                arg_file_stdin = true;
+                        else {
+                                r = glob_extend(&arg_file, optarg);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to add paths: %m");
+                        }
+                        break;
+
+                case ARG_ROOT:
+                        r = parse_path_argument_and_warn(optarg, true, &arg_root);
+                        if (r < 0)
+                                return r;
+                        break;
+
+                case 'c':
+                        arg_cursor = optarg;
+                        break;
+
+                case ARG_AFTER_CURSOR:
+                        arg_after_cursor = optarg;
+                        break;
+
+                case ARG_SHOW_CURSOR:
+                        arg_show_cursor = true;
+                        break;
+
+                case ARG_HEADER:
+                        arg_action = ACTION_PRINT_HEADER;
+                        break;
+
+                case ARG_VERIFY:
+                        arg_action = ACTION_VERIFY;
+                        break;
+
+                case ARG_DISK_USAGE:
+                        arg_action = ACTION_DISK_USAGE;
+                        break;
+
+                case ARG_VACUUM_SIZE:
+                        r = parse_size(optarg, 1024, &arg_vacuum_size);
+                        if (r < 0) {
+                                log_error("Failed to parse vacuum size: %s", optarg);
+                                return r;
+                        }
+
+                        arg_action = ACTION_VACUUM;
+                        break;
+
+                case ARG_VACUUM_FILES:
+                        r = safe_atou64(optarg, &arg_vacuum_n_files);
+                        if (r < 0) {
+                                log_error("Failed to parse vacuum files: %s", optarg);
+                                return r;
+                        }
+
+                        arg_action = ACTION_VACUUM;
+                        break;
+
+                case ARG_VACUUM_TIME:
+                        r = parse_sec(optarg, &arg_vacuum_time);
+                        if (r < 0) {
+                                log_error("Failed to parse vacuum time: %s", optarg);
+                                return r;
+                        }
+
+                        arg_action = ACTION_VACUUM;
+                        break;
+
+#ifdef HAVE_GCRYPT
+                case ARG_FORCE:
+                        arg_force = true;
+                        break;
+
+                case ARG_SETUP_KEYS:
+                        arg_action = ACTION_SETUP_KEYS;
+                        break;
+
+
+                case ARG_VERIFY_KEY:
+                        arg_action = ACTION_VERIFY;
+                        arg_verify_key = optarg;
+                        arg_merge = false;
+                        break;
+
+                case ARG_INTERVAL:
+                        r = parse_sec(optarg, &arg_interval);
+                        if (r < 0 || arg_interval <= 0) {
+                                log_error("Failed to parse sealing key change interval: %s", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+#else
+                case ARG_SETUP_KEYS:
+                case ARG_VERIFY_KEY:
+                case ARG_INTERVAL:
+                case ARG_FORCE:
+                        log_error("Forward-secure sealing not available.");
+                        return -EOPNOTSUPP;
+#endif
+
+                case 'p': {
+                        const char *dots;
+
+                        dots = strstr(optarg, "..");
+                        if (dots) {
+                                char *a;
+                                int from, to, i;
+
+                                /* a range */
+                                a = strndup(optarg, dots - optarg);
+                                if (!a)
+                                        return log_oom();
+
+                                from = log_level_from_string(a);
+                                to = log_level_from_string(dots + 2);
+                                free(a);
+
+                                if (from < 0 || to < 0) {
+                                        log_error("Failed to parse log level range %s", optarg);
+                                        return -EINVAL;
+                                }
+
+                                arg_priorities = 0;
+
+                                if (from < to) {
+                                        for (i = from; i <= to; i++)
+                                                arg_priorities |= 1 << i;
+                                } else {
+                                        for (i = to; i <= from; i++)
+                                                arg_priorities |= 1 << i;
+                                }
+
+                        } else {
+                                int p, i;
+
+                                p = log_level_from_string(optarg);
+                                if (p < 0) {
+                                        log_error("Unknown log level %s", optarg);
+                                        return -EINVAL;
+                                }
+
+                                arg_priorities = 0;
+
+                                for (i = 0; i <= p; i++)
+                                        arg_priorities |= 1 << i;
+                        }
+
+                        break;
+                }
+
+                case 'S':
+                        r = parse_timestamp(optarg, &arg_since);
+                        if (r < 0) {
+                                log_error("Failed to parse timestamp: %s", optarg);
+                                return -EINVAL;
+                        }
+                        arg_since_set = true;
+                        break;
+
+                case 'U':
+                        r = parse_timestamp(optarg, &arg_until);
+                        if (r < 0) {
+                                log_error("Failed to parse timestamp: %s", optarg);
+                                return -EINVAL;
+                        }
+                        arg_until_set = true;
+                        break;
+
+                case 't':
+                        r = strv_extend(&arg_syslog_identifier, optarg);
+                        if (r < 0)
+                                return log_oom();
+                        break;
+
+                case 'u':
+                        r = strv_extend(&arg_system_units, optarg);
+                        if (r < 0)
+                                return log_oom();
+                        break;
+
+                case ARG_USER_UNIT:
+                        r = strv_extend(&arg_user_units, optarg);
+                        if (r < 0)
+                                return log_oom();
+                        break;
+
+                case 'F':
+                        arg_action = ACTION_LIST_FIELDS;
+                        arg_field = optarg;
+                        break;
+
+                case 'N':
+                        arg_action = ACTION_LIST_FIELD_NAMES;
+                        break;
+
+                case ARG_NO_HOSTNAME:
+                        arg_no_hostname = true;
+                        break;
+
+                case 'x':
+                        arg_catalog = true;
+                        break;
+
+                case ARG_LIST_CATALOG:
+                        arg_action = ACTION_LIST_CATALOG;
+                        break;
+
+                case ARG_DUMP_CATALOG:
+                        arg_action = ACTION_DUMP_CATALOG;
+                        break;
+
+                case ARG_UPDATE_CATALOG:
+                        arg_action = ACTION_UPDATE_CATALOG;
+                        break;
+
+                case 'r':
+                        arg_reverse = true;
+                        break;
+
+                case ARG_UTC:
+                        arg_utc = true;
+                        break;
+
+                case ARG_FLUSH:
+                        arg_action = ACTION_FLUSH;
+                        break;
+
+                case ARG_ROTATE:
+                        arg_action = ACTION_ROTATE;
+                        break;
+
+                case ARG_SYNC:
+                        arg_action = ACTION_SYNC;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
+                arg_lines = 10;
+
+        if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
+                log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
+                return -EINVAL;
+        }
+
+        if (arg_since_set && arg_until_set && arg_since > arg_until) {
+                log_error("--since= must be before --until=.");
+                return -EINVAL;
+        }
+
+        if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
+                log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
+                return -EINVAL;
+        }
+
+        if (arg_follow && arg_reverse) {
+                log_error("Please specify either --reverse= or --follow=, not both.");
+                return -EINVAL;
+        }
+
+        if (!IN_SET(arg_action, ACTION_SHOW, ACTION_DUMP_CATALOG, ACTION_LIST_CATALOG) && optind < argc) {
+                log_error("Extraneous arguments starting with '%s'", argv[optind]);
+                return -EINVAL;
+        }
+
+        if ((arg_boot || arg_action == ACTION_LIST_BOOTS) && (arg_file || arg_directory || arg_merge)) {
+                log_error("Using --boot or --list-boots with --file, --directory or --merge is not supported.");
+                return -EINVAL;
+        }
+
+        if (!strv_isempty(arg_system_units) && (arg_journal_type == SD_JOURNAL_CURRENT_USER)) {
+
+                /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
+                 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
+                 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
+                r = strv_extend_strv(&arg_user_units, arg_system_units, true);
+                if (r < 0)
+                        return -ENOMEM;
+
+                arg_system_units = strv_free(arg_system_units);
+        }
+
+        return 1;
+}
+
+static int generate_new_id128(void) {
+        sd_id128_t id;
+        int r;
+        unsigned i;
+
+        r = sd_id128_randomize(&id);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate ID: %m");
+
+        printf("As string:\n"
+               SD_ID128_FORMAT_STR "\n\n"
+               "As UUID:\n"
+               "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
+               "As macro:\n"
+               "#define MESSAGE_XYZ SD_ID128_MAKE(",
+               SD_ID128_FORMAT_VAL(id),
+               SD_ID128_FORMAT_VAL(id));
+        for (i = 0; i < 16; i++)
+                printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
+        fputs(")\n\n", stdout);
+
+        printf("As Python constant:\n"
+               ">>> import uuid\n"
+               ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
+               SD_ID128_FORMAT_VAL(id));
+
+        return 0;
+}
+
+static int add_matches(sd_journal *j, char **args) {
+        char **i;
+        bool have_term = false;
+
+        assert(j);
+
+        STRV_FOREACH(i, args) {
+                int r;
+
+                if (streq(*i, "+")) {
+                        if (!have_term)
+                                break;
+                        r = sd_journal_add_disjunction(j);
+                        have_term = false;
+
+                } else if (path_is_absolute(*i)) {
+                        _cleanup_free_ char *p, *t = NULL, *t2 = NULL, *interpreter = NULL;
+                        const char *path;
+                        struct stat st;
+
+                        p = canonicalize_file_name(*i);
+                        path = p ?: *i;
+
+                        if (lstat(path, &st) < 0)
+                                return log_error_errno(errno, "Couldn't stat file: %m");
+
+                        if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
+                                if (executable_is_script(path, &interpreter) > 0) {
+                                        _cleanup_free_ char *comm;
+
+                                        comm = strndup(basename(path), 15);
+                                        if (!comm)
+                                                return log_oom();
+
+                                        t = strappend("_COMM=", comm);
+                                        if (!t)
+                                                return log_oom();
+
+                                        /* Append _EXE only if the interpreter is not a link.
+                                           Otherwise, it might be outdated often. */
+                                        if (lstat(interpreter, &st) == 0 && !S_ISLNK(st.st_mode)) {
+                                                t2 = strappend("_EXE=", interpreter);
+                                                if (!t2)
+                                                        return log_oom();
+                                        }
+                                } else {
+                                        t = strappend("_EXE=", path);
+                                        if (!t)
+                                                return log_oom();
+                                }
+
+                                r = sd_journal_add_match(j, t, 0);
+
+                                if (r >=0 && t2)
+                                        r = sd_journal_add_match(j, t2, 0);
+
+                        } else if (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode)) {
+                                r = add_matches_for_device(j, path);
+                                if (r < 0)
+                                        return r;
+                        } else {
+                                log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
+                                return -EINVAL;
+                        }
+
+                        have_term = true;
+                } else {
+                        r = sd_journal_add_match(j, *i, 0);
+                        have_term = true;
+                }
+
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add match '%s': %m", *i);
+        }
+
+        if (!strv_isempty(args) && !have_term) {
+                log_error("\"+\" can only be used between terms");
+                return -EINVAL;
+        }
+
+        return 0;
+}
+
+static void boot_id_free_all(BootId *l) {
+
+        while (l) {
+                BootId *i = l;
+                LIST_REMOVE(boot_list, l, i);
+                free(i);
+        }
+}
+
+static int discover_next_boot(sd_journal *j,
+                sd_id128_t previous_boot_id,
+                bool advance_older,
+                BootId **ret) {
+
+        _cleanup_free_ BootId *next_boot = NULL;
+        char match[9+32+1] = "_BOOT_ID=";
+        sd_id128_t boot_id;
+        int r;
+
+        assert(j);
+        assert(ret);
+
+        /* We expect the journal to be on the last position of a boot
+         * (in relation to the direction we are going), so that the next
+         * invocation of sd_journal_next/previous will be from a different
+         * boot. We then collect any information we desire and then jump
+         * to the last location of the new boot by using a _BOOT_ID match
+         * coming from the other journal direction. */
+
+        /* Make sure we aren't restricted by any _BOOT_ID matches, so that
+         * we can actually advance to a *different* boot. */
+        sd_journal_flush_matches(j);
+
+        do {
+                if (advance_older)
+                        r = sd_journal_previous(j);
+                else
+                        r = sd_journal_next(j);
+                if (r < 0)
+                        return r;
+                else if (r == 0)
+                        return 0; /* End of journal, yay. */
+
+                r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
+                if (r < 0)
+                        return r;
+
+                /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
+                 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
+                 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
+                 * complete than the main entry array, and hence might reference an entry that's not actually the last
+                 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
+                 * speed things up, but let's not trust that it is complete, and hence, manually advance as
+                 * necessary. */
+
+        } while (sd_id128_equal(boot_id, previous_boot_id));
+
+        next_boot = new0(BootId, 1);
+        if (!next_boot)
+                return -ENOMEM;
+
+        next_boot->id = boot_id;
+
+        r = sd_journal_get_realtime_usec(j, &next_boot->first);
+        if (r < 0)
+                return r;
+
+        /* Now seek to the last occurrence of this boot ID. */
+        sd_id128_to_string(next_boot->id, match + 9);
+        r = sd_journal_add_match(j, match, sizeof(match) - 1);
+        if (r < 0)
+                return r;
+
+        if (advance_older)
+                r = sd_journal_seek_head(j);
+        else
+                r = sd_journal_seek_tail(j);
+        if (r < 0)
+                return r;
+
+        if (advance_older)
+                r = sd_journal_next(j);
+        else
+                r = sd_journal_previous(j);
+        if (r < 0)
+                return r;
+        else if (r == 0)
+                return -ENODATA; /* This shouldn't happen. We just came from this very boot ID. */
+
+        r = sd_journal_get_realtime_usec(j, &next_boot->last);
+        if (r < 0)
+                return r;
+
+        *ret = next_boot;
+        next_boot = NULL;
+
+        return 0;
+}
+
+static int get_boots(
+                sd_journal *j,
+                BootId **boots,
+                sd_id128_t *query_ref_boot,
+                int ref_boot_offset) {
+
+        bool skip_once;
+        int r, count = 0;
+        BootId *head = NULL, *tail = NULL;
+        const bool advance_older = query_ref_boot && ref_boot_offset <= 0;
+        sd_id128_t previous_boot_id;
+
+        assert(j);
+
+        /* Adjust for the asymmetry that offset 0 is
+         * the last (and current) boot, while 1 is considered the
+         * (chronological) first boot in the journal. */
+        skip_once = query_ref_boot && sd_id128_is_null(*query_ref_boot) && ref_boot_offset < 0;
+
+        /* Advance to the earliest/latest occurrence of our reference
+         * boot ID (taking our lookup direction into account), so that
+         * discover_next_boot() can do its job.
+         * If no reference is given, the journal head/tail will do,
+         * they're "virtual" boots after all. */
+        if (query_ref_boot && !sd_id128_is_null(*query_ref_boot)) {
+                char match[9+32+1] = "_BOOT_ID=";
+
+                sd_journal_flush_matches(j);
+
+                sd_id128_to_string(*query_ref_boot, match + 9);
+                r = sd_journal_add_match(j, match, sizeof(match) - 1);
+                if (r < 0)
+                        return r;
+
+                if (advance_older)
+                        r = sd_journal_seek_head(j); /* seek to oldest */
+                else
+                        r = sd_journal_seek_tail(j); /* seek to newest */
+                if (r < 0)
+                        return r;
+
+                if (advance_older)
+                        r = sd_journal_next(j);     /* read the oldest entry */
+                else
+                        r = sd_journal_previous(j); /* read the most recently added entry */
+                if (r < 0)
+                        return r;
+                else if (r == 0)
+                        goto finish;
+                else if (ref_boot_offset == 0) {
+                        count = 1;
+                        goto finish;
+                }
+
+                /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
+                 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
+                 * the following entry, which must then have an older/newer boot ID */
+        } else {
+
+                if (advance_older)
+                        r = sd_journal_seek_tail(j); /* seek to newest */
+                else
+                        r = sd_journal_seek_head(j); /* seek to oldest */
+                if (r < 0)
+                        return r;
+
+                /* No sd_journal_next()/_previous() here.
+                 *
+                 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
+                 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
+                 * entry we have. */
+        }
+
+        previous_boot_id = SD_ID128_NULL;
+        for (;;) {
+                _cleanup_free_ BootId *current = NULL;
+
+                r = discover_next_boot(j, previous_boot_id, advance_older, &current);
+                if (r < 0) {
+                        boot_id_free_all(head);
+                        return r;
+                }
+
+                if (!current)
+                        break;
+
+                previous_boot_id = current->id;
+
+                if (query_ref_boot) {
+                        if (!skip_once)
+                                ref_boot_offset += advance_older ? 1 : -1;
+                        skip_once = false;
+
+                        if (ref_boot_offset == 0) {
+                                count = 1;
+                                *query_ref_boot = current->id;
+                                break;
+                        }
+                } else {
+                        LIST_INSERT_AFTER(boot_list, head, tail, current);
+                        tail = current;
+                        current = NULL;
+                        count++;
+                }
+        }
+
+finish:
+        if (boots)
+                *boots = head;
+
+        sd_journal_flush_matches(j);
+
+        return count;
+}
+
+static int list_boots(sd_journal *j) {
+        int w, i, count;
+        BootId *id, *all_ids;
+
+        assert(j);
+
+        count = get_boots(j, &all_ids, NULL, 0);
+        if (count < 0)
+                return log_error_errno(count, "Failed to determine boots: %m");
+        if (count == 0)
+                return count;
+
+        pager_open(arg_no_pager, arg_pager_end);
+
+        /* numbers are one less, but we need an extra char for the sign */
+        w = DECIMAL_STR_WIDTH(count - 1) + 1;
+
+        i = 0;
+        LIST_FOREACH(boot_list, id, all_ids) {
+                char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
+
+                printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
+                       w, i - count + 1,
+                       SD_ID128_FORMAT_VAL(id->id),
+                       format_timestamp_maybe_utc(a, sizeof(a), id->first),
+                       format_timestamp_maybe_utc(b, sizeof(b), id->last));
+                i++;
+        }
+
+        boot_id_free_all(all_ids);
+
+        return 0;
+}
+
+static int add_boot(sd_journal *j) {
+        char match[9+32+1] = "_BOOT_ID=";
+        sd_id128_t ref_boot_id;
+        int r;
+
+        assert(j);
+
+        if (!arg_boot)
+                return 0;
+
+        if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
+                return add_match_this_boot(j, arg_machine);
+
+        ref_boot_id = arg_boot_id;
+        r = get_boots(j, NULL, &ref_boot_id, arg_boot_offset);
+        assert(r <= 1);
+        if (r <= 0) {
+                const char *reason = (r == 0) ? "No such boot ID in journal" : strerror(-r);
+
+                if (sd_id128_is_null(arg_boot_id))
+                        log_error("Data from the specified boot (%+i) is not available: %s",
+                                  arg_boot_offset, reason);
+                else
+                        log_error("Data from the specified boot ("SD_ID128_FORMAT_STR") is not available: %s",
+                                  SD_ID128_FORMAT_VAL(arg_boot_id), reason);
+
+                return r == 0 ? -ENODATA : r;
+        }
+
+        sd_id128_to_string(ref_boot_id, match + 9);
+
+        r = sd_journal_add_match(j, match, sizeof(match) - 1);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match: %m");
+
+        r = sd_journal_add_conjunction(j);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add conjunction: %m");
+
+        return 0;
+}
+
+static int add_dmesg(sd_journal *j) {
+        int r;
+        assert(j);
+
+        if (!arg_dmesg)
+                return 0;
+
+        r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match: %m");
+
+        r = sd_journal_add_conjunction(j);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add conjunction: %m");
+
+        return 0;
+}
+
+static int get_possible_units(
+                sd_journal *j,
+                const char *fields,
+                char **patterns,
+                Set **units) {
+
+        _cleanup_set_free_free_ Set *found;
+        const char *field;
+        int r;
+
+        found = set_new(&string_hash_ops);
+        if (!found)
+                return -ENOMEM;
+
+        NULSTR_FOREACH(field, fields) {
+                const void *data;
+                size_t size;
+
+                r = sd_journal_query_unique(j, field);
+                if (r < 0)
+                        return r;
+
+                SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
+                        char **pattern, *eq;
+                        size_t prefix;
+                        _cleanup_free_ char *u = NULL;
+
+                        eq = memchr(data, '=', size);
+                        if (eq)
+                                prefix = eq - (char*) data + 1;
+                        else
+                                prefix = 0;
+
+                        u = strndup((char*) data + prefix, size - prefix);
+                        if (!u)
+                                return -ENOMEM;
+
+                        STRV_FOREACH(pattern, patterns)
+                                if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
+                                        log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
+
+                                        r = set_consume(found, u);
+                                        u = NULL;
+                                        if (r < 0 && r != -EEXIST)
+                                                return r;
+
+                                        break;
+                                }
+                }
+        }
+
+        *units = found;
+        found = NULL;
+        return 0;
+}
+
+/* This list is supposed to return the superset of unit names
+ * possibly matched by rules added with add_matches_for_unit... */
+#define SYSTEM_UNITS                 \
+        "_SYSTEMD_UNIT\0"            \
+        "COREDUMP_UNIT\0"            \
+        "UNIT\0"                     \
+        "OBJECT_SYSTEMD_UNIT\0"      \
+        "_SYSTEMD_SLICE\0"
+
+/* ... and add_matches_for_user_unit */
+#define USER_UNITS                   \
+        "_SYSTEMD_USER_UNIT\0"       \
+        "USER_UNIT\0"                \
+        "COREDUMP_USER_UNIT\0"       \
+        "OBJECT_SYSTEMD_USER_UNIT\0"
+
+static int add_units(sd_journal *j) {
+        _cleanup_strv_free_ char **patterns = NULL;
+        int r, count = 0;
+        char **i;
+
+        assert(j);
+
+        STRV_FOREACH(i, arg_system_units) {
+                _cleanup_free_ char *u = NULL;
+
+                r = unit_name_mangle(*i, UNIT_NAME_GLOB, &u);
+                if (r < 0)
+                        return r;
+
+                if (string_is_glob(u)) {
+                        r = strv_push(&patterns, u);
+                        if (r < 0)
+                                return r;
+                        u = NULL;
+                } else {
+                        r = add_matches_for_unit(j, u);
+                        if (r < 0)
+                                return r;
+                        r = sd_journal_add_disjunction(j);
+                        if (r < 0)
+                                return r;
+                        count++;
+                }
+        }
+
+        if (!strv_isempty(patterns)) {
+                _cleanup_set_free_free_ Set *units = NULL;
+                Iterator it;
+                char *u;
+
+                r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
+                if (r < 0)
+                        return r;
+
+                SET_FOREACH(u, units, it) {
+                        r = add_matches_for_unit(j, u);
+                        if (r < 0)
+                                return r;
+                        r = sd_journal_add_disjunction(j);
+                        if (r < 0)
+                                return r;
+                        count++;
+                }
+        }
+
+        patterns = strv_free(patterns);
+
+        STRV_FOREACH(i, arg_user_units) {
+                _cleanup_free_ char *u = NULL;
+
+                r = unit_name_mangle(*i, UNIT_NAME_GLOB, &u);
+                if (r < 0)
+                        return r;
+
+                if (string_is_glob(u)) {
+                        r = strv_push(&patterns, u);
+                        if (r < 0)
+                                return r;
+                        u = NULL;
+                } else {
+                        r = add_matches_for_user_unit(j, u, getuid());
+                        if (r < 0)
+                                return r;
+                        r = sd_journal_add_disjunction(j);
+                        if (r < 0)
+                                return r;
+                        count++;
+                }
+        }
+
+        if (!strv_isempty(patterns)) {
+                _cleanup_set_free_free_ Set *units = NULL;
+                Iterator it;
+                char *u;
+
+                r = get_possible_units(j, USER_UNITS, patterns, &units);
+                if (r < 0)
+                        return r;
+
+                SET_FOREACH(u, units, it) {
+                        r = add_matches_for_user_unit(j, u, getuid());
+                        if (r < 0)
+                                return r;
+                        r = sd_journal_add_disjunction(j);
+                        if (r < 0)
+                                return r;
+                        count++;
+                }
+        }
+
+        /* Complain if the user request matches but nothing whatsoever was
+         * found, since otherwise everything would be matched. */
+        if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
+                return -ENODATA;
+
+        r = sd_journal_add_conjunction(j);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int add_priorities(sd_journal *j) {
+        char match[] = "PRIORITY=0";
+        int i, r;
+        assert(j);
+
+        if (arg_priorities == 0xFF)
+                return 0;
+
+        for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
+                if (arg_priorities & (1 << i)) {
+                        match[sizeof(match)-2] = '0' + i;
+
+                        r = sd_journal_add_match(j, match, strlen(match));
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to add match: %m");
+                }
+
+        r = sd_journal_add_conjunction(j);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add conjunction: %m");
+
+        return 0;
+}
+
+
+static int add_syslog_identifier(sd_journal *j) {
+        int r;
+        char **i;
+
+        assert(j);
+
+        STRV_FOREACH(i, arg_syslog_identifier) {
+                char *u;
+
+                u = strjoina("SYSLOG_IDENTIFIER=", *i);
+                r = sd_journal_add_match(j, u, 0);
+                if (r < 0)
+                        return r;
+                r = sd_journal_add_disjunction(j);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_journal_add_conjunction(j);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int setup_keys(void) {
+#ifdef HAVE_GCRYPT
+        size_t mpk_size, seed_size, state_size, i;
+        uint8_t *mpk, *seed, *state;
+        int fd = -1, r;
+        sd_id128_t machine, boot;
+        char *p = NULL, *k = NULL;
+        struct FSSHeader h;
+        uint64_t n;
+        struct stat st;
+
+        r = stat("/var/log/journal", &st);
+        if (r < 0 && errno != ENOENT && errno != ENOTDIR)
+                return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
+
+        if (r < 0 || !S_ISDIR(st.st_mode)) {
+                log_error("%s is not a directory, must be using persistent logging for FSS.",
+                          "/var/log/journal");
+                return r < 0 ? -errno : -ENOTDIR;
+        }
+
+        r = sd_id128_get_machine(&machine);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get machine ID: %m");
+
+        r = sd_id128_get_boot(&boot);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get boot ID: %m");
+
+        if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
+                     SD_ID128_FORMAT_VAL(machine)) < 0)
+                return log_oom();
+
+        if (arg_force) {
+                r = unlink(p);
+                if (r < 0 && errno != ENOENT) {
+                        r = log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
+                        goto finish;
+                }
+        } else if (access(p, F_OK) >= 0) {
+                log_error("Sealing key file %s exists already. Use --force to recreate.", p);
+                r = -EEXIST;
+                goto finish;
+        }
+
+        if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
+                     SD_ID128_FORMAT_VAL(machine)) < 0) {
+                r = log_oom();
+                goto finish;
+        }
+
+        mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
+        mpk = alloca(mpk_size);
+
+        seed_size = FSPRG_RECOMMENDED_SEEDLEN;
+        seed = alloca(seed_size);
+
+        state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
+        state = alloca(state_size);
+
+        fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
+        if (fd < 0) {
+                r = log_error_errno(errno, "Failed to open /dev/random: %m");
+                goto finish;
+        }
+
+        log_info("Generating seed...");
+        r = loop_read_exact(fd, seed, seed_size, true);
+        if (r < 0) {
+                log_error_errno(r, "Failed to read random seed: %m");
+                goto finish;
+        }
+
+        log_info("Generating key pair...");
+        FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
+
+        log_info("Generating sealing key...");
+        FSPRG_GenState0(state, mpk, seed, seed_size);
+
+        assert(arg_interval > 0);
+
+        n = now(CLOCK_REALTIME);
+        n /= arg_interval;
+
+        safe_close(fd);
+        fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
+        if (fd < 0) {
+                r = log_error_errno(fd, "Failed to open %s: %m", k);
+                goto finish;
+        }
+
+        /* Enable secure remove, exclusion from dump, synchronous
+         * writing and in-place updating */
+        r = chattr_fd(fd, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set file attributes: %m");
+
+        zero(h);
+        memcpy(h.signature, "KSHHRHLP", 8);
+        h.machine_id = machine;
+        h.boot_id = boot;
+        h.header_size = htole64(sizeof(h));
+        h.start_usec = htole64(n * arg_interval);
+        h.interval_usec = htole64(arg_interval);
+        h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
+        h.fsprg_state_size = htole64(state_size);
+
+        r = loop_write(fd, &h, sizeof(h), false);
+        if (r < 0) {
+                log_error_errno(r, "Failed to write header: %m");
+                goto finish;
+        }
+
+        r = loop_write(fd, state, state_size, false);
+        if (r < 0) {
+                log_error_errno(r, "Failed to write state: %m");
+                goto finish;
+        }
+
+        if (link(k, p) < 0) {
+                r = log_error_errno(errno, "Failed to link file: %m");
+                goto finish;
+        }
+
+        if (on_tty()) {
+                fprintf(stderr,
+                        "\n"
+                        "The new key pair has been generated. The " ANSI_HIGHLIGHT "secret sealing key" ANSI_NORMAL " has been written to\n"
+                        "the following local file. This key file is automatically updated when the\n"
+                        "sealing key is advanced. It should not be used on multiple hosts.\n"
+                        "\n"
+                        "\t%s\n"
+                        "\n"
+                        "Please write down the following " ANSI_HIGHLIGHT "secret verification key" ANSI_NORMAL ". It should be stored\n"
+                        "at a safe location and should not be saved locally on disk.\n"
+                        "\n\t" ANSI_HIGHLIGHT_RED, p);
+                fflush(stderr);
+        }
+        for (i = 0; i < seed_size; i++) {
+                if (i > 0 && i % 3 == 0)
+                        putchar('-');
+                printf("%02x", ((uint8_t*) seed)[i]);
+        }
+
+        printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
+
+        if (on_tty()) {
+                char tsb[FORMAT_TIMESPAN_MAX], *hn;
+
+                fprintf(stderr,
+                        ANSI_NORMAL "\n"
+                        "The sealing key is automatically changed every %s.\n",
+                        format_timespan(tsb, sizeof(tsb), arg_interval, 0));
+
+                hn = gethostname_malloc();
+
+                if (hn) {
+                        hostname_cleanup(hn);
+                        fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
+                } else
+                        fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
+
+#ifdef HAVE_QRENCODE
+                /* If this is not an UTF-8 system don't print any QR codes */
+                if (is_locale_utf8()) {
+                        fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
+                        print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
+                }
+#endif
+                free(hn);
+        }
+
+        r = 0;
+
+finish:
+        safe_close(fd);
+
+        if (k) {
+                unlink(k);
+                free(k);
+        }
+
+        free(p);
+
+        return r;
+#else
+        log_error("Forward-secure sealing not available.");
+        return -EOPNOTSUPP;
+#endif
+}
+
+static int verify(sd_journal *j) {
+        int r = 0;
+        Iterator i;
+        JournalFile *f;
+
+        assert(j);
+
+        log_show_color(true);
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+                int k;
+                usec_t first = 0, validated = 0, last = 0;
+
+#ifdef HAVE_GCRYPT
+                if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
+                        log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
+#endif
+
+                k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
+                if (k == -EINVAL) {
+                        /* If the key was invalid give up right-away. */
+                        return k;
+                } else if (k < 0) {
+                        log_warning_errno(k, "FAIL: %s (%m)", f->path);
+                        r = k;
+                } else {
+                        char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
+                        log_info("PASS: %s", f->path);
+
+                        if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
+                                if (validated > 0) {
+                                        log_info("=> Validated from %s to %s, final %s entries not sealed.",
+                                                 format_timestamp_maybe_utc(a, sizeof(a), first),
+                                                 format_timestamp_maybe_utc(b, sizeof(b), validated),
+                                                 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
+                                } else if (last > 0)
+                                        log_info("=> No sealing yet, %s of entries not sealed.",
+                                                 format_timespan(c, sizeof(c), last - first, 0));
+                                else
+                                        log_info("=> No sealing yet, no entries in file.");
+                        }
+                }
+        }
+
+        return r;
+}
+
+static int access_check_var_log_journal(sd_journal *j) {
+#ifdef HAVE_ACL
+        _cleanup_strv_free_ char **g = NULL;
+        const char* dir;
+#endif
+        int r;
+
+        assert(j);
+
+        if (arg_quiet)
+                return 0;
+
+        /* If we are root, we should have access, don't warn. */
+        if (getuid() == 0)
+                return 0;
+
+        /* If we are in the 'systemd-journal' group, we should have
+         * access too. */
+        r = in_group("systemd-journal");
+        if (r < 0)
+                return log_error_errno(r, "Failed to check if we are in the 'systemd-journal' group: %m");
+        if (r > 0)
+                return 0;
+
+#ifdef HAVE_ACL
+        if (laccess("/run/log/journal", F_OK) >= 0)
+                dir = "/run/log/journal";
+        else
+                dir = "/var/log/journal";
+
+        /* If we are in any of the groups listed in the journal ACLs,
+         * then all is good, too. Let's enumerate all groups from the
+         * default ACL of the directory, which generally should allow
+         * access to most journal files too. */
+        r = acl_search_groups(dir, &g);
+        if (r < 0)
+                return log_error_errno(r, "Failed to search journal ACL: %m");
+        if (r > 0)
+                return 0;
+
+        /* Print a pretty list, if there were ACLs set. */
+        if (!strv_isempty(g)) {
+                _cleanup_free_ char *s = NULL;
+
+                /* Thre are groups in the ACL, let's list them */
+                r = strv_extend(&g, "systemd-journal");
+                if (r < 0)
+                        return log_oom();
+
+                strv_sort(g);
+                strv_uniq(g);
+
+                s = strv_join(g, "', '");
+                if (!s)
+                        return log_oom();
+
+                log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
+                           "      Users in groups '%s' can see all messages.\n"
+                           "      Pass -q to turn off this notice.", s);
+                return 1;
+        }
+#endif
+
+        /* If no ACLs were found, print a short version of the message. */
+        log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
+                   "      Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
+                   "      turn off this notice.");
+
+        return 1;
+}
+
+static int access_check(sd_journal *j) {
+        Iterator it;
+        void *code;
+        char *path;
+        int r = 0;
+
+        assert(j);
+
+        if (hashmap_isempty(j->errors)) {
+                if (ordered_hashmap_isempty(j->files))
+                        log_notice("No journal files were found.");
+
+                return 0;
+        }
+
+        if (hashmap_contains(j->errors, INT_TO_PTR(-EACCES))) {
+                (void) access_check_var_log_journal(j);
+
+                if (ordered_hashmap_isempty(j->files))
+                        r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");
+        }
+
+        HASHMAP_FOREACH_KEY(path, code, j->errors, it) {
+                int err;
+
+                err = abs(PTR_TO_INT(code));
+
+                switch (err) {
+                case EACCES:
+                        continue;
+
+                case ENODATA:
+                        log_warning_errno(err, "Journal file %s is truncated, ignoring file.", path);
+                        break;
+
+                case EPROTONOSUPPORT:
+                        log_warning_errno(err, "Journal file %s uses an unsupported feature, ignoring file.", path);
+                        break;
+
+                case EBADMSG:
+                        log_warning_errno(err, "Journal file %s corrupted, ignoring file.", path);
+                        break;
+
+                default:
+                        log_warning_errno(err, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path);
+                        break;
+                }
+        }
+
+        return r;
+}
+
+static int flush_to_var(void) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_close_ int watch_fd = -1;
+        int r;
+
+        if (arg_machine) {
+                log_error("--flush is not supported in conjunction with --machine=.");
+                return -EOPNOTSUPP;
+        }
+
+        /* Quick exit */
+        if (access("/run/systemd/journal/flushed", F_OK) >= 0)
+                return 0;
+
+        /* OK, let's actually do the full logic, send SIGUSR1 to the
+         * daemon and set up inotify to wait for the flushed file to appear */
+        r = bus_connect_system_systemd(&bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get D-Bus connection: %m");
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "KillUnit",
+                        &error,
+                        NULL,
+                        "ssi", "systemd-journald.service", "main", SIGUSR1);
+        if (r < 0)
+                return log_error_errno(r, "Failed to kill journal service: %s", bus_error_message(&error, r));
+
+        mkdir_p("/run/systemd/journal", 0755);
+
+        watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
+        if (watch_fd < 0)
+                return log_error_errno(errno, "Failed to create inotify watch: %m");
+
+        r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
+        if (r < 0)
+                return log_error_errno(errno, "Failed to watch journal directory: %m");
+
+        for (;;) {
+                if (access("/run/systemd/journal/flushed", F_OK) >= 0)
+                        break;
+
+                if (errno != ENOENT)
+                        return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
+
+                r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to wait for event: %m");
+
+                r = flush_fd(watch_fd);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to flush inotify events: %m");
+        }
+
+        return 0;
+}
+
+static int send_signal_and_wait(int sig, const char *watch_path) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_close_ int watch_fd = -1;
+        usec_t start;
+        int r;
+
+        if (arg_machine) {
+                log_error("--sync and --rotate are not supported in conjunction with --machine=.");
+                return -EOPNOTSUPP;
+        }
+
+        start = now(CLOCK_MONOTONIC);
+
+        /* This call sends the specified signal to journald, and waits
+         * for acknowledgment by watching the mtime of the specified
+         * flag file. This is used to trigger syncing or rotation and
+         * then wait for the operation to complete. */
+
+        for (;;) {
+                usec_t tstamp;
+
+                /* See if a sync happened by now. */
+                r = read_timestamp_file(watch_path, &tstamp);
+                if (r < 0 && r != -ENOENT)
+                        return log_error_errno(errno, "Failed to read %s: %m", watch_path);
+                if (r >= 0 && tstamp >= start)
+                        return 0;
+
+                /* Let's ask for a sync, but only once. */
+                if (!bus) {
+                        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+
+                        r = bus_connect_system_systemd(&bus);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get D-Bus connection: %m");
+
+                        r = sd_bus_call_method(
+                                        bus,
+                                        "org.freedesktop.systemd1",
+                                        "/org/freedesktop/systemd1",
+                                        "org.freedesktop.systemd1.Manager",
+                                        "KillUnit",
+                                        &error,
+                                        NULL,
+                                        "ssi", "systemd-journald.service", "main", sig);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to kill journal service: %s", bus_error_message(&error, r));
+
+                        continue;
+                }
+
+                /* Let's install the inotify watch, if we didn't do that yet. */
+                if (watch_fd < 0) {
+
+                        mkdir_p("/run/systemd/journal", 0755);
+
+                        watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
+                        if (watch_fd < 0)
+                                return log_error_errno(errno, "Failed to create inotify watch: %m");
+
+                        r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_MOVED_TO|IN_DONT_FOLLOW|IN_ONLYDIR);
+                        if (r < 0)
+                                return log_error_errno(errno, "Failed to watch journal directory: %m");
+
+                        /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
+                        continue;
+                }
+
+                /* OK, all preparatory steps done, let's wait until
+                 * inotify reports an event. */
+
+                r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to wait for event: %m");
+
+                r = flush_fd(watch_fd);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to flush inotify events: %m");
+        }
+
+        return 0;
+}
+
+static int rotate(void) {
+        return send_signal_and_wait(SIGUSR2, "/run/systemd/journal/rotated");
+}
+
+static int sync_journal(void) {
+        return send_signal_and_wait(SIGRTMIN+1, "/run/systemd/journal/synced");
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+        _cleanup_(sd_journal_closep) sd_journal *j = NULL;
+        bool need_seek = false;
+        sd_id128_t previous_boot_id;
+        bool previous_boot_id_valid = false, first_line = true;
+        int n_shown = 0;
+        bool ellipsized = false;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        signal(SIGWINCH, columns_lines_cache_reset);
+        sigbus_install();
+
+        /* Increase max number of open files to 16K if we can, we
+         * might needs this when browsing journal files, which might
+         * be split up into many files. */
+        setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
+
+        switch (arg_action) {
+
+        case ACTION_NEW_ID128:
+                r = generate_new_id128();
+                goto finish;
+
+        case ACTION_SETUP_KEYS:
+                r = setup_keys();
+                goto finish;
+
+        case ACTION_LIST_CATALOG:
+        case ACTION_DUMP_CATALOG:
+        case ACTION_UPDATE_CATALOG: {
+                _cleanup_free_ char *database;
+
+                database = path_join(arg_root, CATALOG_DATABASE, NULL);
+                if (!database) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                if (arg_action == ACTION_UPDATE_CATALOG) {
+                        r = catalog_update(database, arg_root, catalog_file_dirs);
+                        if (r < 0)
+                                log_error_errno(r, "Failed to list catalog: %m");
+                } else {
+                        bool oneline = arg_action == ACTION_LIST_CATALOG;
+
+                        pager_open(arg_no_pager, arg_pager_end);
+
+                        if (optind < argc)
+                                r = catalog_list_items(stdout, database, oneline, argv + optind);
+                        else
+                                r = catalog_list(stdout, database, oneline);
+                        if (r < 0)
+                                log_error_errno(r, "Failed to list catalog: %m");
+                }
+
+                goto finish;
+        }
+
+        case ACTION_FLUSH:
+                r = flush_to_var();
+                goto finish;
+
+        case ACTION_SYNC:
+                r = sync_journal();
+                goto finish;
+
+        case ACTION_ROTATE:
+                r = rotate();
+                goto finish;
+
+        case ACTION_SHOW:
+        case ACTION_PRINT_HEADER:
+        case ACTION_VERIFY:
+        case ACTION_DISK_USAGE:
+        case ACTION_LIST_BOOTS:
+        case ACTION_VACUUM:
+        case ACTION_LIST_FIELDS:
+        case ACTION_LIST_FIELD_NAMES:
+                /* These ones require access to the journal files, continue below. */
+                break;
+
+        default:
+                assert_not_reached("Unknown action");
+        }
+
+        if (arg_directory)
+                r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
+        else if (arg_file_stdin) {
+                int ifd = STDIN_FILENO;
+                r = sd_journal_open_files_fd(&j, &ifd, 1, 0);
+        } else if (arg_file)
+                r = sd_journal_open_files(&j, (const char**) arg_file, 0);
+        else if (arg_machine) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+                int fd;
+
+                if (geteuid() != 0) {
+                        /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
+                         * the container, thus we need root privileges to override them. */
+                        log_error("Using the --machine= switch requires root privileges.");
+                        r = -EPERM;
+                        goto finish;
+                }
+
+                r = sd_bus_open_system(&bus);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to open system bus: %m");
+                        goto finish;
+                }
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "OpenMachineRootDirectory",
+                                &error,
+                                &reply,
+                                "s", arg_machine);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to open root directory: %s", bus_error_message(&error, r));
+                        goto finish;
+                }
+
+                r = sd_bus_message_read(reply, "h", &fd);
+                if (r < 0) {
+                        bus_log_parse_error(r);
+                        goto finish;
+                }
+
+                fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+                if (fd < 0) {
+                        r = log_error_errno(errno, "Failed to duplicate file descriptor: %m");
+                        goto finish;
+                }
+
+                r = sd_journal_open_directory_fd(&j, fd, SD_JOURNAL_OS_ROOT);
+                if (r < 0)
+                        safe_close(fd);
+        } else
+                r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
+        if (r < 0) {
+                log_error_errno(r, "Failed to open %s: %m", arg_directory ?: arg_file ? "files" : "journal");
+                goto finish;
+        }
+
+        r = access_check(j);
+        if (r < 0)
+                goto finish;
+
+        switch (arg_action) {
+
+        case ACTION_NEW_ID128:
+        case ACTION_SETUP_KEYS:
+        case ACTION_LIST_CATALOG:
+        case ACTION_DUMP_CATALOG:
+        case ACTION_UPDATE_CATALOG:
+        case ACTION_FLUSH:
+        case ACTION_SYNC:
+        case ACTION_ROTATE:
+                assert_not_reached("Unexpected action.");
+
+        case ACTION_PRINT_HEADER:
+                journal_print_header(j);
+                r = 0;
+                goto finish;
+
+        case ACTION_VERIFY:
+                r = verify(j);
+                goto finish;
+
+        case ACTION_DISK_USAGE: {
+                uint64_t bytes = 0;
+                char sbytes[FORMAT_BYTES_MAX];
+
+                r = sd_journal_get_usage(j, &bytes);
+                if (r < 0)
+                        goto finish;
+
+                printf("Archived and active journals take up %s on disk.\n",
+                       format_bytes(sbytes, sizeof(sbytes), bytes));
+                goto finish;
+        }
+
+        case ACTION_LIST_BOOTS:
+                r = list_boots(j);
+                goto finish;
+
+        case ACTION_VACUUM: {
+                Directory *d;
+                Iterator i;
+
+                HASHMAP_FOREACH(d, j->directories_by_path, i) {
+                        int q;
+
+                        if (d->is_root)
+                                continue;
+
+                        q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, true);
+                        if (q < 0) {
+                                log_error_errno(q, "Failed to vacuum %s: %m", d->path);
+                                r = q;
+                        }
+                }
+
+                goto finish;
+        }
+
+        case ACTION_LIST_FIELD_NAMES: {
+                const char *field;
+
+                SD_JOURNAL_FOREACH_FIELD(j, field) {
+                        printf("%s\n", field);
+                        n_shown++;
+                }
+
+                r = 0;
+                goto finish;
+        }
+
+        case ACTION_SHOW:
+        case ACTION_LIST_FIELDS:
+                break;
+
+        default:
+                assert_not_reached("Unknown action");
+        }
+
+        if (arg_boot_offset != 0 &&
+            sd_journal_has_runtime_files(j) > 0 &&
+            sd_journal_has_persistent_files(j) == 0) {
+                log_info("Specifying boot ID has no effect, no persistent journal was found");
+                r = 0;
+                goto finish;
+        }
+        /* add_boot() must be called first!
+         * It may need to seek the journal to find parent boot IDs. */
+        r = add_boot(j);
+        if (r < 0)
+                goto finish;
+
+        r = add_dmesg(j);
+        if (r < 0)
+                goto finish;
+
+        r = add_units(j);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add filter for units: %m");
+                goto finish;
+        }
+
+        r = add_syslog_identifier(j);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
+                goto finish;
+        }
+
+        r = add_priorities(j);
+        if (r < 0)
+                goto finish;
+
+        r = add_matches(j, argv + optind);
+        if (r < 0)
+                goto finish;
+
+        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
+                _cleanup_free_ char *filter;
+
+                filter = journal_make_match_string(j);
+                if (!filter)
+                        return log_oom();
+
+                log_debug("Journal filter: %s", filter);
+        }
+
+        if (arg_action == ACTION_LIST_FIELDS) {
+                const void *data;
+                size_t size;
+
+                assert(arg_field);
+
+                r = sd_journal_set_data_threshold(j, 0);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to unset data size threshold: %m");
+                        goto finish;
+                }
+
+                r = sd_journal_query_unique(j, arg_field);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to query unique data objects: %m");
+                        goto finish;
+                }
+
+                SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
+                        const void *eq;
+
+                        if (arg_lines >= 0 && n_shown >= arg_lines)
+                                break;
+
+                        eq = memchr(data, '=', size);
+                        if (eq)
+                                printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
+                        else
+                                printf("%.*s\n", (int) size, (const char*) data);
+
+                        n_shown++;
+                }
+
+                r = 0;
+                goto finish;
+        }
+
+        /* Opening the fd now means the first sd_journal_wait() will actually wait */
+        if (arg_follow) {
+                r = sd_journal_get_fd(j);
+                if (r == -EMEDIUMTYPE) {
+                        log_error_errno(r, "The --follow switch is not supported in conjunction with reading from STDIN.");
+                        goto finish;
+                }
+                if (r < 0) {
+                        log_error_errno(r, "Failed to get journal fd: %m");
+                        goto finish;
+                }
+        }
+
+        if (arg_cursor || arg_after_cursor) {
+                r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to seek to cursor: %m");
+                        goto finish;
+                }
+
+                if (!arg_reverse)
+                        r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
+                else
+                        r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
+
+                if (arg_after_cursor && r < 2) {
+                        /* We couldn't find the next entry after the cursor. */
+                        if (arg_follow)
+                                need_seek = true;
+                        else
+                                arg_lines = 0;
+                }
+
+        } else if (arg_since_set && !arg_reverse) {
+                r = sd_journal_seek_realtime_usec(j, arg_since);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to seek to date: %m");
+                        goto finish;
+                }
+                r = sd_journal_next(j);
+
+        } else if (arg_until_set && arg_reverse) {
+                r = sd_journal_seek_realtime_usec(j, arg_until);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to seek to date: %m");
+                        goto finish;
+                }
+                r = sd_journal_previous(j);
+
+        } else if (arg_lines >= 0) {
+                r = sd_journal_seek_tail(j);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to seek to tail: %m");
+                        goto finish;
+                }
+
+                r = sd_journal_previous_skip(j, arg_lines);
+
+        } else if (arg_reverse) {
+                r = sd_journal_seek_tail(j);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to seek to tail: %m");
+                        goto finish;
+                }
+
+                r = sd_journal_previous(j);
+
+        } else {
+                r = sd_journal_seek_head(j);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to seek to head: %m");
+                        goto finish;
+                }
+
+                r = sd_journal_next(j);
+        }
+
+        if (r < 0) {
+                log_error_errno(r, "Failed to iterate through journal: %m");
+                goto finish;
+        }
+        if (r == 0) {
+                if (arg_follow)
+                        need_seek = true;
+                else {
+                        if (!arg_quiet)
+                                printf("-- No entries --\n");
+                        goto finish;
+                }
+        }
+
+        if (!arg_follow)
+                pager_open(arg_no_pager, arg_pager_end);
+
+        if (!arg_quiet) {
+                usec_t start, end;
+                char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
+
+                r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to get cutoff: %m");
+                        goto finish;
+                }
+
+                if (r > 0) {
+                        if (arg_follow)
+                                printf("-- Logs begin at %s. --\n",
+                                       format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
+                        else
+                                printf("-- Logs begin at %s, end at %s. --\n",
+                                       format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
+                                       format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
+                }
+        }
+
+        for (;;) {
+                while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
+                        int flags;
+
+                        if (need_seek) {
+                                if (!arg_reverse)
+                                        r = sd_journal_next(j);
+                                else
+                                        r = sd_journal_previous(j);
+                                if (r < 0) {
+                                        log_error_errno(r, "Failed to iterate through journal: %m");
+                                        goto finish;
+                                }
+                                if (r == 0)
+                                        break;
+                        }
+
+                        if (arg_until_set && !arg_reverse) {
+                                usec_t usec;
+
+                                r = sd_journal_get_realtime_usec(j, &usec);
+                                if (r < 0) {
+                                        log_error_errno(r, "Failed to determine timestamp: %m");
+                                        goto finish;
+                                }
+                                if (usec > arg_until)
+                                        goto finish;
+                        }
+
+                        if (arg_since_set && arg_reverse) {
+                                usec_t usec;
+
+                                r = sd_journal_get_realtime_usec(j, &usec);
+                                if (r < 0) {
+                                        log_error_errno(r, "Failed to determine timestamp: %m");
+                                        goto finish;
+                                }
+                                if (usec < arg_since)
+                                        goto finish;
+                        }
+
+                        if (!arg_merge && !arg_quiet) {
+                                sd_id128_t boot_id;
+
+                                r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
+                                if (r >= 0) {
+                                        if (previous_boot_id_valid &&
+                                            !sd_id128_equal(boot_id, previous_boot_id))
+                                                printf("%s-- Reboot --%s\n",
+                                                       ansi_highlight(), ansi_normal());
+
+                                        previous_boot_id = boot_id;
+                                        previous_boot_id_valid = true;
+                                }
+                        }
+
+                        flags =
+                                arg_all * OUTPUT_SHOW_ALL |
+                                arg_full * OUTPUT_FULL_WIDTH |
+                                colors_enabled() * OUTPUT_COLOR |
+                                arg_catalog * OUTPUT_CATALOG |
+                                arg_utc * OUTPUT_UTC |
+                                arg_no_hostname * OUTPUT_NO_HOSTNAME;
+
+                        r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
+                        need_seek = true;
+                        if (r == -EADDRNOTAVAIL)
+                                break;
+                        else if (r < 0 || ferror(stdout))
+                                goto finish;
+
+                        n_shown++;
+                }
+
+                if (!arg_follow) {
+                        if (arg_show_cursor) {
+                                _cleanup_free_ char *cursor = NULL;
+
+                                r = sd_journal_get_cursor(j, &cursor);
+                                if (r < 0 && r != -EADDRNOTAVAIL)
+                                        log_error_errno(r, "Failed to get cursor: %m");
+                                else if (r >= 0)
+                                        printf("-- cursor: %s\n", cursor);
+                        }
+
+                        break;
+                }
+
+                r = sd_journal_wait(j, (uint64_t) -1);
+                if (r < 0) {
+                        log_error_errno(r, "Couldn't wait for journal event: %m");
+                        goto finish;
+                }
+
+                first_line = false;
+        }
+
+finish:
+        pager_close();
+
+        strv_free(arg_file);
+
+        strv_free(arg_syslog_identifier);
+        strv_free(arg_system_units);
+        strv_free(arg_user_units);
+
+        free(arg_root);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-journal/libjournal-core/Makefile b/src/grp-journal/libjournal-core/Makefile
new file mode 100644
index 0000000000..d55aebfb49
--- /dev/null
+++ b/src/grp-journal/libjournal-core/Makefile
@@ -0,0 +1,56 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+libjournal_core_la_SOURCES = \
+	src/journal/journald-kmsg.c \
+	src/journal/journald-kmsg.h \
+	src/journal/journald-syslog.c \
+	src/journal/journald-syslog.h \
+	src/journal/journald-stream.c \
+	src/journal/journald-stream.h \
+	src/journal/journald-server.c \
+	src/journal/journald-server.h \
+	src/journal/journald-console.c \
+	src/journal/journald-console.h \
+	src/journal/journald-wall.c \
+	src/journal/journald-wall.h \
+	src/journal/journald-native.c \
+	src/journal/journald-native.h \
+	src/journal/journald-audit.c \
+	src/journal/journald-audit.h \
+	src/journal/journald-rate-limit.c \
+	src/journal/journald-rate-limit.h \
+	src/journal/journal-internal.h
+
+nodist_libjournal_core_la_SOURCES = \
+	src/journal/journald-gperf.c
+
+libjournal_core_la_LIBADD = \
+	libshared.la
+
+noinst_LTLIBRARIES += \
+	libjournal-core.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-journal/libjournal-core/cat.c b/src/grp-journal/libjournal-core/cat.c
new file mode 100644
index 0000000000..93ab6e7f96
--- /dev/null
+++ b/src/grp-journal/libjournal-core/cat.c
@@ -0,0 +1,161 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <systemd/sd-journal.h>
+
+#include "fd-util.h"
+#include "parse-util.h"
+#include "string-util.h"
+#include "syslog-util.h"
+#include "util.h"
+
+static const char *arg_identifier = NULL;
+static int arg_priority = LOG_INFO;
+static bool arg_level_prefix = true;
+
+static void help(void) {
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Execute process with stdout/stderr connected to the journal.\n\n"
+               "  -h --help               Show this help\n"
+               "     --version            Show package version\n"
+               "  -t --identifier=STRING  Set syslog identifier\n"
+               "  -p --priority=PRIORITY  Set priority value (0..7)\n"
+               "     --level-prefix=BOOL  Control whether level prefix shall be parsed\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_LEVEL_PREFIX
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'              },
+                { "version",      no_argument,       NULL, ARG_VERSION      },
+                { "identifier",   required_argument, NULL, 't'              },
+                { "priority",     required_argument, NULL, 'p'              },
+                { "level-prefix", required_argument, NULL, ARG_LEVEL_PREFIX },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "+ht:p:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 't':
+                        if (isempty(optarg))
+                                arg_identifier = NULL;
+                        else
+                                arg_identifier = optarg;
+                        break;
+
+                case 'p':
+                        arg_priority = log_level_from_string(optarg);
+                        if (arg_priority < 0) {
+                                log_error("Failed to parse priority value.");
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_LEVEL_PREFIX: {
+                        int k;
+
+                        k = parse_boolean(optarg);
+                        if (k < 0)
+                                return log_error_errno(k, "Failed to parse level prefix value.");
+
+                        arg_level_prefix = k;
+                        break;
+                }
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_close_ int  fd = -1, saved_stderr = -1;
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        fd = sd_journal_stream_fd(arg_identifier, arg_priority, arg_level_prefix);
+        if (fd < 0) {
+                r = log_error_errno(fd, "Failed to create stream fd: %m");
+                goto finish;
+        }
+
+        saved_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
+
+        if (dup3(fd, STDOUT_FILENO, 0) < 0 ||
+            dup3(fd, STDERR_FILENO, 0) < 0) {
+                r = log_error_errno(errno, "Failed to duplicate fd: %m");
+                goto finish;
+        }
+
+        if (fd >= 3)
+                safe_close(fd);
+        fd = -1;
+
+        if (argc <= optind)
+                (void) execl("/bin/cat", "/bin/cat", NULL);
+        else
+                (void) execvp(argv[optind], argv + optind);
+        r = -errno;
+
+        /* Let's try to restore a working stderr, so we can print the error message */
+        if (saved_stderr >= 0)
+                (void) dup3(saved_stderr, STDERR_FILENO, 0);
+
+        log_error_errno(r, "Failed to execute process: %m");
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/journal/journal-qrcode.c b/src/grp-journal/libjournal-core/journal-qrcode.c
index e38730d65c..e38730d65c 100644
--- a/src/journal/journal-qrcode.c
+++ b/src/grp-journal/libjournal-core/journal-qrcode.c
diff --git a/src/grp-journal/libjournal-core/journal-qrcode.h b/src/grp-journal/libjournal-core/journal-qrcode.h
new file mode 100644
index 0000000000..34a779d5be
--- /dev/null
+++ b/src/grp-journal/libjournal-core/journal-qrcode.h
@@ -0,0 +1,27 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <stdio.h>
+
+#include <systemd/sd-id128.h>
+
+int print_qr_code(FILE *f, const void *seed, size_t seed_size, uint64_t start, uint64_t interval, const char *hn, sd_id128_t machine);
diff --git a/src/journal/journald-audit.c b/src/grp-journal/libjournal-core/journald-audit.c
index a433c91c54..a433c91c54 100644
--- a/src/journal/journald-audit.c
+++ b/src/grp-journal/libjournal-core/journald-audit.c
diff --git a/src/journal/journald-audit.h b/src/grp-journal/libjournal-core/journald-audit.h
index 8c7457778c..8c7457778c 100644
--- a/src/journal/journald-audit.h
+++ b/src/grp-journal/libjournal-core/journald-audit.h
diff --git a/src/journal/journald-console.c b/src/grp-journal/libjournal-core/journald-console.c
index fcc9f25814..fcc9f25814 100644
--- a/src/journal/journald-console.c
+++ b/src/grp-journal/libjournal-core/journald-console.c
diff --git a/src/journal/journald-console.h b/src/grp-journal/libjournal-core/journald-console.h
index dda07e2c28..dda07e2c28 100644
--- a/src/journal/journald-console.h
+++ b/src/grp-journal/libjournal-core/journald-console.h
diff --git a/src/journal/journald-gperf.gperf b/src/grp-journal/libjournal-core/journald-gperf.gperf
index 7fecd7a964..7fecd7a964 100644
--- a/src/journal/journald-gperf.gperf
+++ b/src/grp-journal/libjournal-core/journald-gperf.gperf
diff --git a/src/grp-journal/libjournal-core/journald-kmsg.c b/src/grp-journal/libjournal-core/journald-kmsg.c
new file mode 100644
index 0000000000..3712636de2
--- /dev/null
+++ b/src/grp-journal/libjournal-core/journald-kmsg.c
@@ -0,0 +1,473 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <sys/epoll.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include "libudev.h"
+#include <systemd/sd-messages.h>
+
+#include "escape.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "io-util.h"
+#include "journald-kmsg.h"
+#include "journald-server.h"
+#include "journald-syslog.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+
+void server_forward_kmsg(
+        Server *s,
+        int priority,
+        const char *identifier,
+        const char *message,
+        const struct ucred *ucred) {
+
+        struct iovec iovec[5];
+        char header_priority[DECIMAL_STR_MAX(priority) + 3],
+             header_pid[sizeof("[]: ")-1 + DECIMAL_STR_MAX(pid_t) + 1];
+        int n = 0;
+        char *ident_buf = NULL;
+
+        assert(s);
+        assert(priority >= 0);
+        assert(priority <= 999);
+        assert(message);
+
+        if (_unlikely_(LOG_PRI(priority) > s->max_level_kmsg))
+                return;
+
+        if (_unlikely_(s->dev_kmsg_fd < 0))
+                return;
+
+        /* Never allow messages with kernel facility to be written to
+         * kmsg, regardless where the data comes from. */
+        priority = syslog_fixup_facility(priority);
+
+        /* First: priority field */
+        xsprintf(header_priority, "<%i>", priority);
+        IOVEC_SET_STRING(iovec[n++], header_priority);
+
+        /* Second: identifier and PID */
+        if (ucred) {
+                if (!identifier) {
+                        get_process_comm(ucred->pid, &ident_buf);
+                        identifier = ident_buf;
+                }
+
+                xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);
+
+                if (identifier)
+                        IOVEC_SET_STRING(iovec[n++], identifier);
+
+                IOVEC_SET_STRING(iovec[n++], header_pid);
+        } else if (identifier) {
+                IOVEC_SET_STRING(iovec[n++], identifier);
+                IOVEC_SET_STRING(iovec[n++], ": ");
+        }
+
+        /* Fourth: message */
+        IOVEC_SET_STRING(iovec[n++], message);
+        IOVEC_SET_STRING(iovec[n++], "\n");
+
+        if (writev(s->dev_kmsg_fd, iovec, n) < 0)
+                log_debug_errno(errno, "Failed to write to /dev/kmsg for logging: %m");
+
+        free(ident_buf);
+}
+
+static bool is_us(const char *pid) {
+        pid_t t;
+
+        assert(pid);
+
+        if (parse_pid(pid, &t) < 0)
+                return false;
+
+        return t == getpid();
+}
+
+static void dev_kmsg_record(Server *s, const char *p, size_t l) {
+        struct iovec iovec[N_IOVEC_META_FIELDS + 7 + N_IOVEC_KERNEL_FIELDS + 2 + N_IOVEC_UDEV_FIELDS];
+        char *message = NULL, *syslog_priority = NULL, *syslog_pid = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *source_time = NULL;
+        int priority, r;
+        unsigned n = 0, z = 0, j;
+        unsigned long long usec;
+        char *identifier = NULL, *pid = NULL, *e, *f, *k;
+        uint64_t serial;
+        size_t pl;
+        char *kernel_device = NULL;
+
+        assert(s);
+        assert(p);
+
+        if (l <= 0)
+                return;
+
+        e = memchr(p, ',', l);
+        if (!e)
+                return;
+        *e = 0;
+
+        r = safe_atoi(p, &priority);
+        if (r < 0 || priority < 0 || priority > 999)
+                return;
+
+        if (s->forward_to_kmsg && (priority & LOG_FACMASK) != LOG_KERN)
+                return;
+
+        l -= (e - p) + 1;
+        p = e + 1;
+        e = memchr(p, ',', l);
+        if (!e)
+                return;
+        *e = 0;
+
+        r = safe_atou64(p, &serial);
+        if (r < 0)
+                return;
+
+        if (s->kernel_seqnum) {
+                /* We already read this one? */
+                if (serial < *s->kernel_seqnum)
+                        return;
+
+                /* Did we lose any? */
+                if (serial > *s->kernel_seqnum)
+                        server_driver_message(s, SD_MESSAGE_JOURNAL_MISSED,
+                                              LOG_MESSAGE("Missed %"PRIu64" kernel messages",
+                                                          serial - *s->kernel_seqnum),
+                                              NULL);
+
+                /* Make sure we never read this one again. Note that
+                 * we always store the next message serial we expect
+                 * here, simply because this makes handling the first
+                 * message with serial 0 easy. */
+                *s->kernel_seqnum = serial + 1;
+        }
+
+        l -= (e - p) + 1;
+        p = e + 1;
+        f = memchr(p, ';', l);
+        if (!f)
+                return;
+        /* Kernel 3.6 has the flags field, kernel 3.5 lacks that */
+        e = memchr(p, ',', l);
+        if (!e || f < e)
+                e = f;
+        *e = 0;
+
+        r = safe_atollu(p, &usec);
+        if (r < 0)
+                return;
+
+        l -= (f - p) + 1;
+        p = f + 1;
+        e = memchr(p, '\n', l);
+        if (!e)
+                return;
+        *e = 0;
+
+        pl = e - p;
+        l -= (e - p) + 1;
+        k = e + 1;
+
+        for (j = 0; l > 0 && j < N_IOVEC_KERNEL_FIELDS; j++) {
+                char *m;
+                /* Metadata fields attached */
+
+                if (*k != ' ')
+                        break;
+
+                k++, l--;
+
+                e = memchr(k, '\n', l);
+                if (!e)
+                        return;
+
+                *e = 0;
+
+                if (cunescape_length_with_prefix(k, e - k, "_KERNEL_", UNESCAPE_RELAX, &m) < 0)
+                        break;
+
+                if (startswith(m, "_KERNEL_DEVICE="))
+                        kernel_device = m + 15;
+
+                IOVEC_SET_STRING(iovec[n++], m);
+                z++;
+
+                l -= (e - k) + 1;
+                k = e + 1;
+        }
+
+        if (kernel_device) {
+                struct udev_device *ud;
+
+                ud = udev_device_new_from_device_id(s->udev, kernel_device);
+                if (ud) {
+                        const char *g;
+                        struct udev_list_entry *ll;
+                        char *b;
+
+                        g = udev_device_get_devnode(ud);
+                        if (g) {
+                                b = strappend("_UDEV_DEVNODE=", g);
+                                if (b) {
+                                        IOVEC_SET_STRING(iovec[n++], b);
+                                        z++;
+                                }
+                        }
+
+                        g = udev_device_get_sysname(ud);
+                        if (g) {
+                                b = strappend("_UDEV_SYSNAME=", g);
+                                if (b) {
+                                        IOVEC_SET_STRING(iovec[n++], b);
+                                        z++;
+                                }
+                        }
+
+                        j = 0;
+                        ll = udev_device_get_devlinks_list_entry(ud);
+                        udev_list_entry_foreach(ll, ll) {
+
+                                if (j > N_IOVEC_UDEV_FIELDS)
+                                        break;
+
+                                g = udev_list_entry_get_name(ll);
+                                if (g) {
+                                        b = strappend("_UDEV_DEVLINK=", g);
+                                        if (b) {
+                                                IOVEC_SET_STRING(iovec[n++], b);
+                                                z++;
+                                        }
+                                }
+
+                                j++;
+                        }
+
+                        udev_device_unref(ud);
+                }
+        }
+
+        if (asprintf(&source_time, "_SOURCE_MONOTONIC_TIMESTAMP=%llu", usec) >= 0)
+                IOVEC_SET_STRING(iovec[n++], source_time);
+
+        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=kernel");
+
+        if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
+                IOVEC_SET_STRING(iovec[n++], syslog_priority);
+
+        if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
+                IOVEC_SET_STRING(iovec[n++], syslog_facility);
+
+        if ((priority & LOG_FACMASK) == LOG_KERN)
+                IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=kernel");
+        else {
+                pl -= syslog_parse_identifier((const char**) &p, &identifier, &pid);
+
+                /* Avoid any messages we generated ourselves via
+                 * log_info() and friends. */
+                if (pid && is_us(pid))
+                        goto finish;
+
+                if (identifier) {
+                        syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
+                        if (syslog_identifier)
+                                IOVEC_SET_STRING(iovec[n++], syslog_identifier);
+                }
+
+                if (pid) {
+                        syslog_pid = strappend("SYSLOG_PID=", pid);
+                        if (syslog_pid)
+                                IOVEC_SET_STRING(iovec[n++], syslog_pid);
+                }
+        }
+
+        if (cunescape_length_with_prefix(p, pl, "MESSAGE=", UNESCAPE_RELAX, &message) >= 0)
+                IOVEC_SET_STRING(iovec[n++], message);
+
+        server_dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, NULL, 0, NULL, priority, 0);
+
+finish:
+        for (j = 0; j < z; j++)
+                free(iovec[j].iov_base);
+
+        free(message);
+        free(syslog_priority);
+        free(syslog_identifier);
+        free(syslog_pid);
+        free(syslog_facility);
+        free(source_time);
+        free(identifier);
+        free(pid);
+}
+
+static int server_read_dev_kmsg(Server *s) {
+        char buffer[8192+1]; /* the kernel-side limit per record is 8K currently */
+        ssize_t l;
+
+        assert(s);
+        assert(s->dev_kmsg_fd >= 0);
+
+        l = read(s->dev_kmsg_fd, buffer, sizeof(buffer) - 1);
+        if (l == 0)
+                return 0;
+        if (l < 0) {
+                /* Old kernels who don't allow reading from /dev/kmsg
+                 * return EINVAL when we try. So handle this cleanly,
+                 * but don' try to ever read from it again. */
+                if (errno == EINVAL) {
+                        s->dev_kmsg_event_source = sd_event_source_unref(s->dev_kmsg_event_source);
+                        return 0;
+                }
+
+                if (errno == EAGAIN || errno == EINTR || errno == EPIPE)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to read from kernel: %m");
+        }
+
+        dev_kmsg_record(s, buffer, l);
+        return 1;
+}
+
+int server_flush_dev_kmsg(Server *s) {
+        int r;
+
+        assert(s);
+
+        if (s->dev_kmsg_fd < 0)
+                return 0;
+
+        if (!s->dev_kmsg_readable)
+                return 0;
+
+        log_debug("Flushing /dev/kmsg...");
+
+        for (;;) {
+                r = server_read_dev_kmsg(s);
+                if (r < 0)
+                        return r;
+
+                if (r == 0)
+                        break;
+        }
+
+        return 0;
+}
+
+static int dispatch_dev_kmsg(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+        Server *s = userdata;
+
+        assert(es);
+        assert(fd == s->dev_kmsg_fd);
+        assert(s);
+
+        if (revents & EPOLLERR)
+                log_warning("/dev/kmsg buffer overrun, some messages lost.");
+
+        if (!(revents & EPOLLIN))
+                log_error("Got invalid event from epoll for /dev/kmsg: %"PRIx32, revents);
+
+        return server_read_dev_kmsg(s);
+}
+
+int server_open_dev_kmsg(Server *s) {
+        int r;
+
+        assert(s);
+
+        s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
+        if (s->dev_kmsg_fd < 0) {
+                log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
+                         "Failed to open /dev/kmsg, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_event_add_io(s->event, &s->dev_kmsg_event_source, s->dev_kmsg_fd, EPOLLIN, dispatch_dev_kmsg, s);
+        if (r < 0) {
+
+                /* This will fail with EPERM on older kernels where
+                 * /dev/kmsg is not readable. */
+                if (r == -EPERM) {
+                        r = 0;
+                        goto fail;
+                }
+
+                log_error_errno(r, "Failed to add /dev/kmsg fd to event loop: %m");
+                goto fail;
+        }
+
+        r = sd_event_source_set_priority(s->dev_kmsg_event_source, SD_EVENT_PRIORITY_IMPORTANT+10);
+        if (r < 0) {
+                log_error_errno(r, "Failed to adjust priority of kmsg event source: %m");
+                goto fail;
+        }
+
+        s->dev_kmsg_readable = true;
+
+        return 0;
+
+fail:
+        s->dev_kmsg_event_source = sd_event_source_unref(s->dev_kmsg_event_source);
+        s->dev_kmsg_fd = safe_close(s->dev_kmsg_fd);
+
+        return r;
+}
+
+int server_open_kernel_seqnum(Server *s) {
+        _cleanup_close_ int fd;
+        uint64_t *p;
+        int r;
+
+        assert(s);
+
+        /* We store the seqnum we last read in an mmaped file. That
+         * way we can just use it like a variable, but it is
+         * persistent and automatically flushed at reboot. */
+
+        fd = open("/run/systemd/journal/kernel-seqnum", O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+        if (fd < 0) {
+                log_error_errno(errno, "Failed to open /run/systemd/journal/kernel-seqnum, ignoring: %m");
+                return 0;
+        }
+
+        r = posix_fallocate(fd, 0, sizeof(uint64_t));
+        if (r != 0) {
+                log_error_errno(r, "Failed to allocate sequential number file, ignoring: %m");
+                return 0;
+        }
+
+        p = mmap(NULL, sizeof(uint64_t), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+        if (p == MAP_FAILED) {
+                log_error_errno(errno, "Failed to map sequential number file, ignoring: %m");
+                return 0;
+        }
+
+        s->kernel_seqnum = p;
+
+        return 0;
+}
diff --git a/src/journal/journald-kmsg.h b/src/grp-journal/libjournal-core/journald-kmsg.h
index dab49f1e8c..dab49f1e8c 100644
--- a/src/journal/journald-kmsg.h
+++ b/src/grp-journal/libjournal-core/journald-kmsg.h
diff --git a/src/journal/journald-native.c b/src/grp-journal/libjournal-core/journald-native.c
index 0a1ce205c2..0a1ce205c2 100644
--- a/src/journal/journald-native.c
+++ b/src/grp-journal/libjournal-core/journald-native.c
diff --git a/src/journal/journald-native.h b/src/grp-journal/libjournal-core/journald-native.h
index c13b80aa4f..c13b80aa4f 100644
--- a/src/journal/journald-native.h
+++ b/src/grp-journal/libjournal-core/journald-native.h
diff --git a/src/journal/journald-rate-limit.c b/src/grp-journal/libjournal-core/journald-rate-limit.c
index fce799a6ce..fce799a6ce 100644
--- a/src/journal/journald-rate-limit.c
+++ b/src/grp-journal/libjournal-core/journald-rate-limit.c
diff --git a/src/journal/journald-rate-limit.h b/src/grp-journal/libjournal-core/journald-rate-limit.h
index bb0abb7ee9..bb0abb7ee9 100644
--- a/src/journal/journald-rate-limit.h
+++ b/src/grp-journal/libjournal-core/journald-rate-limit.h
diff --git a/src/grp-journal/libjournal-core/journald-server.c b/src/grp-journal/libjournal-core/journald-server.c
new file mode 100644
index 0000000000..cc29443e66
--- /dev/null
+++ b/src/grp-journal/libjournal-core/journald-server.c
@@ -0,0 +1,2007 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/signalfd.h>
+#include <sys/statvfs.h>
+#include <linux/sockios.h>
+
+#include "libudev.h"
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-journal.h>
+#include <systemd/sd-messages.h>
+
+#include "acl-util.h"
+#include "alloc-util.h"
+#include "audit-util.h"
+#include "cgroup-util.h"
+#include "conf-parser.h"
+#include "dirent-util.h"
+#include "extract-word.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "hashmap.h"
+#include "hostname-util.h"
+#include "io-util.h"
+#include "journal-authenticate.h"
+#include "journal-file.h"
+#include "journal-internal.h"
+#include "journal-vacuum.h"
+#include "journald-audit.h"
+#include "journald-kmsg.h"
+#include "journald-native.h"
+#include "journald-rate-limit.h"
+#include "journald-server.h"
+#include "journald-stream.h"
+#include "journald-syslog.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "proc-cmdline.h"
+#include "process-util.h"
+#include "rm-rf.h"
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "stdio-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "user-util.h"
+#include "log.h"
+
+#define USER_JOURNALS_MAX 1024
+
+#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
+#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
+#define DEFAULT_RATE_LIMIT_BURST 1000
+#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
+
+#define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
+
+#define NOTIFY_SNDBUF_SIZE (8*1024*1024)
+
+/* The period to insert between posting changes for coalescing */
+#define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
+
+static int determine_space_for(
+                Server *s,
+                JournalMetrics *metrics,
+                const char *path,
+                const char *name,
+                bool verbose,
+                bool patch_min_use,
+                uint64_t *available,
+                uint64_t *limit) {
+
+        uint64_t sum = 0, ss_avail, avail;
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        struct statvfs ss;
+        const char *p;
+        usec_t ts;
+
+        assert(s);
+        assert(metrics);
+        assert(path);
+        assert(name);
+
+        ts = now(CLOCK_MONOTONIC);
+
+        if (!verbose && s->cached_space_timestamp + RECHECK_SPACE_USEC > ts) {
+
+                if (available)
+                        *available = s->cached_space_available;
+                if (limit)
+                        *limit = s->cached_space_limit;
+
+                return 0;
+        }
+
+        p = strjoina(path, SERVER_MACHINE_ID(s));
+        d = opendir(p);
+        if (!d)
+                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open %s: %m", p);
+
+        if (fstatvfs(dirfd(d), &ss) < 0)
+                return log_error_errno(errno, "Failed to fstatvfs(%s): %m", p);
+
+        FOREACH_DIRENT_ALL(de, d, break) {
+                struct stat st;
+
+                if (!endswith(de->d_name, ".journal") &&
+                    !endswith(de->d_name, ".journal~"))
+                        continue;
+
+                if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
+                        log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", p, de->d_name);
+                        continue;
+                }
+
+                if (!S_ISREG(st.st_mode))
+                        continue;
+
+                sum += (uint64_t) st.st_blocks * 512UL;
+        }
+
+        /* If requested, then let's bump the min_use limit to the
+         * current usage on disk. We do this when starting up and
+         * first opening the journal files. This way sudden spikes in
+         * disk usage will not cause journald to vacuum files without
+         * bounds. Note that this means that only a restart of
+         * journald will make it reset this value. */
+
+        if (patch_min_use)
+                metrics->min_use = MAX(metrics->min_use, sum);
+
+        ss_avail = ss.f_bsize * ss.f_bavail;
+        avail = LESS_BY(ss_avail, metrics->keep_free);
+
+        s->cached_space_limit = MIN(MAX(sum + avail, metrics->min_use), metrics->max_use);
+        s->cached_space_available = LESS_BY(s->cached_space_limit, sum);
+        s->cached_space_timestamp = ts;
+
+        if (verbose) {
+                char    fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
+                        fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX], fb6[FORMAT_BYTES_MAX];
+                format_bytes(fb1, sizeof(fb1), sum);
+                format_bytes(fb2, sizeof(fb2), metrics->max_use);
+                format_bytes(fb3, sizeof(fb3), metrics->keep_free);
+                format_bytes(fb4, sizeof(fb4), ss_avail);
+                format_bytes(fb5, sizeof(fb5), s->cached_space_limit);
+                format_bytes(fb6, sizeof(fb6), s->cached_space_available);
+
+                server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
+                                      LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
+                                                  name, path, fb1, fb5, fb6),
+                                      "JOURNAL_NAME=%s", name,
+                                      "JOURNAL_PATH=%s", path,
+                                      "CURRENT_USE=%"PRIu64, sum,
+                                      "CURRENT_USE_PRETTY=%s", fb1,
+                                      "MAX_USE=%"PRIu64, metrics->max_use,
+                                      "MAX_USE_PRETTY=%s", fb2,
+                                      "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
+                                      "DISK_KEEP_FREE_PRETTY=%s", fb3,
+                                      "DISK_AVAILABLE=%"PRIu64, ss_avail,
+                                      "DISK_AVAILABLE_PRETTY=%s", fb4,
+                                      "LIMIT=%"PRIu64, s->cached_space_limit,
+                                      "LIMIT_PRETTY=%s", fb5,
+                                      "AVAILABLE=%"PRIu64, s->cached_space_available,
+                                      "AVAILABLE_PRETTY=%s", fb6,
+                                      NULL);
+        }
+
+        if (available)
+                *available = s->cached_space_available;
+        if (limit)
+                *limit = s->cached_space_limit;
+
+        return 1;
+}
+
+static int determine_space(Server *s, bool verbose, bool patch_min_use, uint64_t *available, uint64_t *limit) {
+        JournalMetrics *metrics;
+        const char *path, *name;
+
+        assert(s);
+
+        if (s->system_journal) {
+                path = "/var/log/journal/";
+                metrics = &s->system_metrics;
+                name = "System journal";
+        } else {
+                path = "/run/log/journal/";
+                metrics = &s->runtime_metrics;
+                name = "Runtime journal";
+        }
+
+        return determine_space_for(s, metrics, path, name, verbose, patch_min_use, available, limit);
+}
+
+static void server_add_acls(JournalFile *f, uid_t uid) {
+#ifdef HAVE_ACL
+        int r;
+#endif
+        assert(f);
+
+#ifdef HAVE_ACL
+        if (uid <= SYSTEM_UID_MAX)
+                return;
+
+        r = add_acls_for_user(f->fd, uid);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set ACL on %s, ignoring: %m", f->path);
+#endif
+}
+
+static int open_journal(
+                Server *s,
+                bool reliably,
+                const char *fname,
+                int flags,
+                bool seal,
+                JournalMetrics *metrics,
+                JournalFile **ret) {
+        int r;
+        JournalFile *f;
+
+        assert(s);
+        assert(fname);
+        assert(ret);
+
+        if (reliably)
+                r = journal_file_open_reliably(fname, flags, 0640, s->compress, seal, metrics, s->mmap, s->deferred_closes, NULL, &f);
+        else
+                r = journal_file_open(-1, fname, flags, 0640, s->compress, seal, metrics, s->mmap, s->deferred_closes, NULL, &f);
+        if (r < 0)
+                return r;
+
+        r = journal_file_enable_post_change_timer(f, s->event, POST_CHANGE_TIMER_INTERVAL_USEC);
+        if (r < 0) {
+                (void) journal_file_close(f);
+                return r;
+        }
+
+        *ret = f;
+        return r;
+}
+
+static JournalFile* find_journal(Server *s, uid_t uid) {
+        _cleanup_free_ char *p = NULL;
+        int r;
+        JournalFile *f;
+        sd_id128_t machine;
+
+        assert(s);
+
+        /* We split up user logs only on /var, not on /run. If the
+         * runtime file is open, we write to it exclusively, in order
+         * to guarantee proper order as soon as we flush /run to
+         * /var and close the runtime file. */
+
+        if (s->runtime_journal)
+                return s->runtime_journal;
+
+        if (uid <= SYSTEM_UID_MAX)
+                return s->system_journal;
+
+        r = sd_id128_get_machine(&machine);
+        if (r < 0)
+                return s->system_journal;
+
+        f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
+        if (f)
+                return f;
+
+        if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
+                     SD_ID128_FORMAT_VAL(machine), uid) < 0)
+                return s->system_journal;
+
+        while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
+                /* Too many open? Then let's close one */
+                f = ordered_hashmap_steal_first(s->user_journals);
+                assert(f);
+                (void) journal_file_close(f);
+        }
+
+        r = open_journal(s, true, p, O_RDWR|O_CREAT, s->seal, &s->system_metrics, &f);
+        if (r < 0)
+                return s->system_journal;
+
+        server_add_acls(f, uid);
+
+        r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
+        if (r < 0) {
+                (void) journal_file_close(f);
+                return s->system_journal;
+        }
+
+        return f;
+}
+
+static int do_rotate(
+                Server *s,
+                JournalFile **f,
+                const char* name,
+                bool seal,
+                uint32_t uid) {
+
+        int r;
+        assert(s);
+
+        if (!*f)
+                return -EINVAL;
+
+        r = journal_file_rotate(f, s->compress, seal, s->deferred_closes);
+        if (r < 0)
+                if (*f)
+                        log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
+                else
+                        log_error_errno(r, "Failed to create new %s journal: %m", name);
+        else
+                server_add_acls(*f, uid);
+
+        return r;
+}
+
+void server_rotate(Server *s) {
+        JournalFile *f;
+        void *k;
+        Iterator i;
+        int r;
+
+        log_debug("Rotating...");
+
+        (void) do_rotate(s, &s->runtime_journal, "runtime", false, 0);
+        (void) do_rotate(s, &s->system_journal, "system", s->seal, 0);
+
+        ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
+                r = do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
+                if (r >= 0)
+                        ordered_hashmap_replace(s->user_journals, k, f);
+                else if (!f)
+                        /* Old file has been closed and deallocated */
+                        ordered_hashmap_remove(s->user_journals, k);
+        }
+
+        /* Perform any deferred closes which aren't still offlining. */
+        SET_FOREACH(f, s->deferred_closes, i)
+                if (!journal_file_is_offlining(f)) {
+                        (void) set_remove(s->deferred_closes, f);
+                        (void) journal_file_close(f);
+                }
+}
+
+void server_sync(Server *s) {
+        JournalFile *f;
+        Iterator i;
+        int r;
+
+        if (s->system_journal) {
+                r = journal_file_set_offline(s->system_journal, false);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to sync system journal, ignoring: %m");
+        }
+
+        ORDERED_HASHMAP_FOREACH(f, s->user_journals, i) {
+                r = journal_file_set_offline(f, false);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to sync user journal, ignoring: %m");
+        }
+
+        if (s->sync_event_source) {
+                r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
+                if (r < 0)
+                        log_error_errno(r, "Failed to disable sync timer source: %m");
+        }
+
+        s->sync_scheduled = false;
+}
+
+static void do_vacuum(
+                Server *s,
+                JournalFile *f,
+                JournalMetrics *metrics,
+                const char *path,
+                const char *name,
+                bool verbose,
+                bool patch_min_use) {
+
+        const char *p;
+        uint64_t limit;
+        int r;
+
+        assert(s);
+        assert(metrics);
+        assert(path);
+        assert(name);
+
+        if (!f)
+                return;
+
+        p = strjoina(path, SERVER_MACHINE_ID(s));
+
+        limit = metrics->max_use;
+        (void) determine_space_for(s, metrics, path, name, verbose, patch_min_use, NULL, &limit);
+
+        r = journal_directory_vacuum(p, limit, metrics->n_max_files, s->max_retention_usec, &s->oldest_file_usec,  verbose);
+        if (r < 0 && r != -ENOENT)
+                log_warning_errno(r, "Failed to vacuum %s, ignoring: %m", p);
+}
+
+int server_vacuum(Server *s, bool verbose, bool patch_min_use) {
+        assert(s);
+
+        log_debug("Vacuuming...");
+
+        s->oldest_file_usec = 0;
+
+        do_vacuum(s, s->system_journal, &s->system_metrics, "/var/log/journal/", "System journal", verbose, patch_min_use);
+        do_vacuum(s, s->runtime_journal, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", verbose, patch_min_use);
+
+        s->cached_space_limit = 0;
+        s->cached_space_available = 0;
+        s->cached_space_timestamp = 0;
+
+        return 0;
+}
+
+static void server_cache_machine_id(Server *s) {
+        sd_id128_t id;
+        int r;
+
+        assert(s);
+
+        r = sd_id128_get_machine(&id);
+        if (r < 0)
+                return;
+
+        sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
+}
+
+static void server_cache_boot_id(Server *s) {
+        sd_id128_t id;
+        int r;
+
+        assert(s);
+
+        r = sd_id128_get_boot(&id);
+        if (r < 0)
+                return;
+
+        sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
+}
+
+static void server_cache_hostname(Server *s) {
+        _cleanup_free_ char *t = NULL;
+        char *x;
+
+        assert(s);
+
+        t = gethostname_malloc();
+        if (!t)
+                return;
+
+        x = strappend("_HOSTNAME=", t);
+        if (!x)
+                return;
+
+        free(s->hostname_field);
+        s->hostname_field = x;
+}
+
+static bool shall_try_append_again(JournalFile *f, int r) {
+        switch(r) {
+        case -E2BIG:           /* Hit configured limit          */
+        case -EFBIG:           /* Hit fs limit                  */
+        case -EDQUOT:          /* Quota limit hit               */
+        case -ENOSPC:          /* Disk full                     */
+                log_debug("%s: Allocation limit reached, rotating.", f->path);
+                return true;
+        case -EIO:             /* I/O error of some kind (mmap) */
+                log_warning("%s: IO error, rotating.", f->path);
+                return true;
+        case -EHOSTDOWN:       /* Other machine                 */
+                log_info("%s: Journal file from other machine, rotating.", f->path);
+                return true;
+        case -EBUSY:           /* Unclean shutdown              */
+                log_info("%s: Unclean shutdown, rotating.", f->path);
+                return true;
+        case -EPROTONOSUPPORT: /* Unsupported feature           */
+                log_info("%s: Unsupported feature, rotating.", f->path);
+                return true;
+        case -EBADMSG:         /* Corrupted                     */
+        case -ENODATA:         /* Truncated                     */
+        case -ESHUTDOWN:       /* Already archived              */
+                log_warning("%s: Journal file corrupted, rotating.", f->path);
+                return true;
+        case -EIDRM:           /* Journal file has been deleted */
+                log_warning("%s: Journal file has been deleted, rotating.", f->path);
+                return true;
+        default:
+                return false;
+        }
+}
+
+static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
+        JournalFile *f;
+        bool vacuumed = false;
+        int r;
+
+        assert(s);
+        assert(iovec);
+        assert(n > 0);
+
+        f = find_journal(s, uid);
+        if (!f)
+                return;
+
+        if (journal_file_rotate_suggested(f, s->max_file_usec)) {
+                log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
+                server_rotate(s);
+                server_vacuum(s, false, false);
+                vacuumed = true;
+
+                f = find_journal(s, uid);
+                if (!f)
+                        return;
+        }
+
+        r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
+        if (r >= 0) {
+                server_schedule_sync(s, priority);
+                return;
+        }
+
+        if (vacuumed || !shall_try_append_again(f, r)) {
+                log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
+                return;
+        }
+
+        server_rotate(s);
+        server_vacuum(s, false, false);
+
+        f = find_journal(s, uid);
+        if (!f)
+                return;
+
+        log_debug("Retrying write.");
+        r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
+        if (r < 0)
+                log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
+        else
+                server_schedule_sync(s, priority);
+}
+
+static void dispatch_message_real(
+                Server *s,
+                struct iovec *iovec, unsigned n, unsigned m,
+                const struct ucred *ucred,
+                const struct timeval *tv,
+                const char *label, size_t label_len,
+                const char *unit_id,
+                int priority,
+                pid_t object_pid) {
+
+        char    pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
+                uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
+                gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
+                owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
+                source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
+                o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
+                o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
+                o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
+        uid_t object_uid;
+        gid_t object_gid;
+        char *x;
+        int r;
+        char *t, *c;
+        uid_t realuid = 0, owner = 0, journal_uid;
+        bool owner_valid = false;
+#ifdef HAVE_AUDIT
+        char    audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
+                audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
+                o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
+                o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
+
+        uint32_t audit;
+        uid_t loginuid;
+#endif
+
+        assert(s);
+        assert(iovec);
+        assert(n > 0);
+        assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
+
+        if (ucred) {
+                realuid = ucred->uid;
+
+                sprintf(pid, "_PID="PID_FMT, ucred->pid);
+                IOVEC_SET_STRING(iovec[n++], pid);
+
+                sprintf(uid, "_UID="UID_FMT, ucred->uid);
+                IOVEC_SET_STRING(iovec[n++], uid);
+
+                sprintf(gid, "_GID="GID_FMT, ucred->gid);
+                IOVEC_SET_STRING(iovec[n++], gid);
+
+                r = get_process_comm(ucred->pid, &t);
+                if (r >= 0) {
+                        x = strjoina("_COMM=", t);
+                        free(t);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+                r = get_process_exe(ucred->pid, &t);
+                if (r >= 0) {
+                        x = strjoina("_EXE=", t);
+                        free(t);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+                r = get_process_cmdline(ucred->pid, 0, false, &t);
+                if (r >= 0) {
+                        x = strjoina("_CMDLINE=", t);
+                        free(t);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+                r = get_process_capeff(ucred->pid, &t);
+                if (r >= 0) {
+                        x = strjoina("_CAP_EFFECTIVE=", t);
+                        free(t);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+#ifdef HAVE_AUDIT
+                r = audit_session_from_pid(ucred->pid, &audit);
+                if (r >= 0) {
+                        sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
+                        IOVEC_SET_STRING(iovec[n++], audit_session);
+                }
+
+                r = audit_loginuid_from_pid(ucred->pid, &loginuid);
+                if (r >= 0) {
+                        sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
+                        IOVEC_SET_STRING(iovec[n++], audit_loginuid);
+                }
+#endif
+
+                r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
+                if (r >= 0) {
+                        char *session = NULL;
+
+                        x = strjoina("_SYSTEMD_CGROUP=", c);
+                        IOVEC_SET_STRING(iovec[n++], x);
+
+                        r = cg_path_get_session(c, &t);
+                        if (r >= 0) {
+                                session = strjoina("_SYSTEMD_SESSION=", t);
+                                free(t);
+                                IOVEC_SET_STRING(iovec[n++], session);
+                        }
+
+                        if (cg_path_get_owner_uid(c, &owner) >= 0) {
+                                owner_valid = true;
+
+                                sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
+                                IOVEC_SET_STRING(iovec[n++], owner_uid);
+                        }
+
+                        if (cg_path_get_unit(c, &t) >= 0) {
+                                x = strjoina("_SYSTEMD_UNIT=", t);
+                                free(t);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        } else if (unit_id && !session) {
+                                x = strjoina("_SYSTEMD_UNIT=", unit_id);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        }
+
+                        if (cg_path_get_user_unit(c, &t) >= 0) {
+                                x = strjoina("_SYSTEMD_USER_UNIT=", t);
+                                free(t);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        } else if (unit_id && session) {
+                                x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        }
+
+                        if (cg_path_get_slice(c, &t) >= 0) {
+                                x = strjoina("_SYSTEMD_SLICE=", t);
+                                free(t);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        }
+
+                        free(c);
+                } else if (unit_id) {
+                        x = strjoina("_SYSTEMD_UNIT=", unit_id);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+#ifdef HAVE_SELINUX
+                if (mac_selinux_have()) {
+                        if (label) {
+                                x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
+
+                                *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        } else {
+                                security_context_t con;
+
+                                if (getpidcon(ucred->pid, &con) >= 0) {
+                                        x = strjoina("_SELINUX_CONTEXT=", con);
+
+                                        freecon(con);
+                                        IOVEC_SET_STRING(iovec[n++], x);
+                                }
+                        }
+                }
+#endif
+        }
+        assert(n <= m);
+
+        if (object_pid) {
+                r = get_process_uid(object_pid, &object_uid);
+                if (r >= 0) {
+                        sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
+                        IOVEC_SET_STRING(iovec[n++], o_uid);
+                }
+
+                r = get_process_gid(object_pid, &object_gid);
+                if (r >= 0) {
+                        sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
+                        IOVEC_SET_STRING(iovec[n++], o_gid);
+                }
+
+                r = get_process_comm(object_pid, &t);
+                if (r >= 0) {
+                        x = strjoina("OBJECT_COMM=", t);
+                        free(t);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+                r = get_process_exe(object_pid, &t);
+                if (r >= 0) {
+                        x = strjoina("OBJECT_EXE=", t);
+                        free(t);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+                r = get_process_cmdline(object_pid, 0, false, &t);
+                if (r >= 0) {
+                        x = strjoina("OBJECT_CMDLINE=", t);
+                        free(t);
+                        IOVEC_SET_STRING(iovec[n++], x);
+                }
+
+#ifdef HAVE_AUDIT
+                r = audit_session_from_pid(object_pid, &audit);
+                if (r >= 0) {
+                        sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
+                        IOVEC_SET_STRING(iovec[n++], o_audit_session);
+                }
+
+                r = audit_loginuid_from_pid(object_pid, &loginuid);
+                if (r >= 0) {
+                        sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
+                        IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
+                }
+#endif
+
+                r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
+                if (r >= 0) {
+                        x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
+                        IOVEC_SET_STRING(iovec[n++], x);
+
+                        r = cg_path_get_session(c, &t);
+                        if (r >= 0) {
+                                x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
+                                free(t);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        }
+
+                        if (cg_path_get_owner_uid(c, &owner) >= 0) {
+                                sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
+                                IOVEC_SET_STRING(iovec[n++], o_owner_uid);
+                        }
+
+                        if (cg_path_get_unit(c, &t) >= 0) {
+                                x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
+                                free(t);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        }
+
+                        if (cg_path_get_user_unit(c, &t) >= 0) {
+                                x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
+                                free(t);
+                                IOVEC_SET_STRING(iovec[n++], x);
+                        }
+
+                        free(c);
+                }
+        }
+        assert(n <= m);
+
+        if (tv) {
+                sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
+                IOVEC_SET_STRING(iovec[n++], source_time);
+        }
+
+        /* Note that strictly speaking storing the boot id here is
+         * redundant since the entry includes this in-line
+         * anyway. However, we need this indexed, too. */
+        if (!isempty(s->boot_id_field))
+                IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
+
+        if (!isempty(s->machine_id_field))
+                IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
+
+        if (!isempty(s->hostname_field))
+                IOVEC_SET_STRING(iovec[n++], s->hostname_field);
+
+        assert(n <= m);
+
+        if (s->split_mode == SPLIT_UID && realuid > 0)
+                /* Split up strictly by any UID */
+                journal_uid = realuid;
+        else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
+                /* Split up by login UIDs.  We do this only if the
+                 * realuid is not root, in order not to accidentally
+                 * leak privileged information to the user that is
+                 * logged by a privileged process that is part of an
+                 * unprivileged session. */
+                journal_uid = owner;
+        else
+                journal_uid = 0;
+
+        write_to_journal(s, journal_uid, iovec, n, priority);
+}
+
+void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
+        char mid[11 + 32 + 1];
+        struct iovec iovec[N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS];
+        unsigned n = 0, m;
+        int r;
+        va_list ap;
+        struct ucred ucred = {};
+
+        assert(s);
+        assert(format);
+
+        assert_cc(3 == LOG_FAC(LOG_DAEMON));
+        IOVEC_SET_STRING(iovec[n++], "SYSLOG_FACILITY=3");
+        IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=systemd-journald");
+
+        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
+        assert_cc(6 == LOG_INFO);
+        IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
+
+        if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
+                snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
+                IOVEC_SET_STRING(iovec[n++], mid);
+        }
+
+        m = n;
+
+        va_start(ap, format);
+        r = log_format_iovec(iovec, ELEMENTSOF(iovec), &n, false, 0, format, ap);
+        /* Error handling below */
+        va_end(ap);
+
+        ucred.pid = getpid();
+        ucred.uid = getuid();
+        ucred.gid = getgid();
+
+        if (r >= 0)
+                dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
+
+        while (m < n)
+                free(iovec[m++].iov_base);
+
+        if (r < 0) {
+                /* We failed to format the message. Emit a warning instead. */
+                char buf[LINE_MAX];
+
+                xsprintf(buf, "MESSAGE=Entry printing failed: %s", strerror(-r));
+
+                n = 3;
+                IOVEC_SET_STRING(iovec[n++], "PRIORITY=4");
+                IOVEC_SET_STRING(iovec[n++], buf);
+                dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
+        }
+}
+
+void server_dispatch_message(
+                Server *s,
+                struct iovec *iovec, unsigned n, unsigned m,
+                const struct ucred *ucred,
+                const struct timeval *tv,
+                const char *label, size_t label_len,
+                const char *unit_id,
+                int priority,
+                pid_t object_pid) {
+
+        int rl, r;
+        _cleanup_free_ char *path = NULL;
+        uint64_t available = 0;
+        char *c;
+
+        assert(s);
+        assert(iovec || n == 0);
+
+        if (n == 0)
+                return;
+
+        if (LOG_PRI(priority) > s->max_level_store)
+                return;
+
+        /* Stop early in case the information will not be stored
+         * in a journal. */
+        if (s->storage == STORAGE_NONE)
+                return;
+
+        if (!ucred)
+                goto finish;
+
+        r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
+        if (r < 0)
+                goto finish;
+
+        /* example: /user/lennart/3/foobar
+         *          /system/dbus.service/foobar
+         *
+         * So let's cut of everything past the third /, since that is
+         * where user directories start */
+
+        c = strchr(path, '/');
+        if (c) {
+                c = strchr(c+1, '/');
+                if (c) {
+                        c = strchr(c+1, '/');
+                        if (c)
+                                *c = 0;
+                }
+        }
+
+        (void) determine_space(s, false, false, &available, NULL);
+        rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available);
+        if (rl == 0)
+                return;
+
+        /* Write a suppression message if we suppressed something */
+        if (rl > 1)
+                server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
+                                      LOG_MESSAGE("Suppressed %u messages from %s", rl - 1, path),
+                                      NULL);
+
+finish:
+        dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
+}
+
+
+static int system_journal_open(Server *s, bool flush_requested) {
+        const char *fn;
+        int r = 0;
+
+        if (!s->system_journal &&
+            (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
+            (flush_requested
+             || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
+
+                /* If in auto mode: first try to create the machine
+                 * path, but not the prefix.
+                 *
+                 * If in persistent mode: create /var/log/journal and
+                 * the machine path */
+
+                if (s->storage == STORAGE_PERSISTENT)
+                        (void) mkdir_p("/var/log/journal/", 0755);
+
+                fn = strjoina("/var/log/journal/", SERVER_MACHINE_ID(s));
+                (void) mkdir(fn, 0755);
+
+                fn = strjoina(fn, "/system.journal");
+                r = open_journal(s, true, fn, O_RDWR|O_CREAT, s->seal, &s->system_metrics, &s->system_journal);
+                if (r >= 0) {
+                        server_add_acls(s->system_journal, 0);
+                        (void) determine_space_for(s, &s->system_metrics, "/var/log/journal/", "System journal", true, true, NULL, NULL);
+                } else if (r < 0) {
+                        if (r != -ENOENT && r != -EROFS)
+                                log_warning_errno(r, "Failed to open system journal: %m");
+
+                        r = 0;
+                }
+        }
+
+        if (!s->runtime_journal &&
+            (s->storage != STORAGE_NONE)) {
+
+                fn = strjoina("/run/log/journal/", SERVER_MACHINE_ID(s), "/system.journal");
+
+                if (s->system_journal) {
+
+                        /* Try to open the runtime journal, but only
+                         * if it already exists, so that we can flush
+                         * it into the system journal */
+
+                        r = open_journal(s, false, fn, O_RDWR, false, &s->runtime_metrics, &s->runtime_journal);
+                        if (r < 0) {
+                                if (r != -ENOENT)
+                                        log_warning_errno(r, "Failed to open runtime journal: %m");
+
+                                r = 0;
+                        }
+
+                } else {
+
+                        /* OK, we really need the runtime journal, so create
+                         * it if necessary. */
+
+                        (void) mkdir("/run/log", 0755);
+                        (void) mkdir("/run/log/journal", 0755);
+                        (void) mkdir_parents(fn, 0750);
+
+                        r = open_journal(s, true, fn, O_RDWR|O_CREAT, false, &s->runtime_metrics, &s->runtime_journal);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to open runtime journal: %m");
+                }
+
+                if (s->runtime_journal) {
+                        server_add_acls(s->runtime_journal, 0);
+                        (void) determine_space_for(s, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", true, true, NULL, NULL);
+                }
+        }
+
+        return r;
+}
+
+int server_flush_to_var(Server *s) {
+        sd_id128_t machine;
+        sd_journal *j = NULL;
+        char ts[FORMAT_TIMESPAN_MAX];
+        usec_t start;
+        unsigned n = 0;
+        int r;
+
+        assert(s);
+
+        if (s->storage != STORAGE_AUTO &&
+            s->storage != STORAGE_PERSISTENT)
+                return 0;
+
+        if (!s->runtime_journal)
+                return 0;
+
+        (void) system_journal_open(s, true);
+
+        if (!s->system_journal)
+                return 0;
+
+        log_debug("Flushing to /var...");
+
+        start = now(CLOCK_MONOTONIC);
+
+        r = sd_id128_get_machine(&machine);
+        if (r < 0)
+                return r;
+
+        r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read runtime journal: %m");
+
+        sd_journal_set_data_threshold(j, 0);
+
+        SD_JOURNAL_FOREACH(j) {
+                Object *o = NULL;
+                JournalFile *f;
+
+                f = j->current_file;
+                assert(f && f->current_offset > 0);
+
+                n++;
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
+                if (r < 0) {
+                        log_error_errno(r, "Can't read entry: %m");
+                        goto finish;
+                }
+
+                r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
+                if (r >= 0)
+                        continue;
+
+                if (!shall_try_append_again(s->system_journal, r)) {
+                        log_error_errno(r, "Can't write entry: %m");
+                        goto finish;
+                }
+
+                server_rotate(s);
+                server_vacuum(s, false, false);
+
+                if (!s->system_journal) {
+                        log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
+                        r = -EIO;
+                        goto finish;
+                }
+
+                log_debug("Retrying write.");
+                r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
+                if (r < 0) {
+                        log_error_errno(r, "Can't write entry: %m");
+                        goto finish;
+                }
+        }
+
+        r = 0;
+
+finish:
+        journal_file_post_change(s->system_journal);
+
+        s->runtime_journal = journal_file_close(s->runtime_journal);
+
+        if (r >= 0)
+                (void) rm_rf("/run/log/journal", REMOVE_ROOT);
+
+        sd_journal_close(j);
+
+        server_driver_message(s, SD_ID128_NULL,
+                              LOG_MESSAGE("Time spent on flushing to /var is %s for %u entries.",
+                                          format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0),
+                                          n),
+                              NULL);
+
+        return r;
+}
+
+int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+        Server *s = userdata;
+        struct ucred *ucred = NULL;
+        struct timeval *tv = NULL;
+        struct cmsghdr *cmsg;
+        char *label = NULL;
+        size_t label_len = 0, m;
+        struct iovec iovec;
+        ssize_t n;
+        int *fds = NULL, v = 0;
+        unsigned n_fds = 0;
+
+        union {
+                struct cmsghdr cmsghdr;
+
+                /* We use NAME_MAX space for the SELinux label
+                 * here. The kernel currently enforces no
+                 * limit, but according to suggestions from
+                 * the SELinux people this will change and it
+                 * will probably be identical to NAME_MAX. For
+                 * now we use that, but this should be updated
+                 * one day when the final limit is known. */
+                uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
+                            CMSG_SPACE(sizeof(struct timeval)) +
+                            CMSG_SPACE(sizeof(int)) + /* fd */
+                            CMSG_SPACE(NAME_MAX)]; /* selinux label */
+        } control = {};
+
+        union sockaddr_union sa = {};
+
+        struct msghdr msghdr = {
+                .msg_iov = &iovec,
+                .msg_iovlen = 1,
+                .msg_control = &control,
+                .msg_controllen = sizeof(control),
+                .msg_name = &sa,
+                .msg_namelen = sizeof(sa),
+        };
+
+        assert(s);
+        assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
+
+        if (revents != EPOLLIN) {
+                log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
+                return -EIO;
+        }
+
+        /* Try to get the right size, if we can. (Not all
+         * sockets support SIOCINQ, hence we just try, but
+         * don't rely on it. */
+        (void) ioctl(fd, SIOCINQ, &v);
+
+        /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
+        m = PAGE_ALIGN(MAX3((size_t) v + 1,
+                            (size_t) LINE_MAX,
+                            ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
+
+        if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
+                return log_oom();
+
+        iovec.iov_base = s->buffer;
+        iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
+
+        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        if (n < 0) {
+                if (errno == EINTR || errno == EAGAIN)
+                        return 0;
+
+                return log_error_errno(errno, "recvmsg() failed: %m");
+        }
+
+        CMSG_FOREACH(cmsg, &msghdr) {
+
+                if (cmsg->cmsg_level == SOL_SOCKET &&
+                    cmsg->cmsg_type == SCM_CREDENTIALS &&
+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
+                        ucred = (struct ucred*) CMSG_DATA(cmsg);
+                else if (cmsg->cmsg_level == SOL_SOCKET &&
+                         cmsg->cmsg_type == SCM_SECURITY) {
+                        label = (char*) CMSG_DATA(cmsg);
+                        label_len = cmsg->cmsg_len - CMSG_LEN(0);
+                } else if (cmsg->cmsg_level == SOL_SOCKET &&
+                           cmsg->cmsg_type == SO_TIMESTAMP &&
+                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
+                        tv = (struct timeval*) CMSG_DATA(cmsg);
+                else if (cmsg->cmsg_level == SOL_SOCKET &&
+                         cmsg->cmsg_type == SCM_RIGHTS) {
+                        fds = (int*) CMSG_DATA(cmsg);
+                        n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
+                }
+        }
+
+        /* And a trailing NUL, just in case */
+        s->buffer[n] = 0;
+
+        if (fd == s->syslog_fd) {
+                if (n > 0 && n_fds == 0)
+                        server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
+                else if (n_fds > 0)
+                        log_warning("Got file descriptors via syslog socket. Ignoring.");
+
+        } else if (fd == s->native_fd) {
+                if (n > 0 && n_fds == 0)
+                        server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
+                else if (n == 0 && n_fds == 1)
+                        server_process_native_file(s, fds[0], ucred, tv, label, label_len);
+                else if (n_fds > 0)
+                        log_warning("Got too many file descriptors via native socket. Ignoring.");
+
+        } else {
+                assert(fd == s->audit_fd);
+
+                if (n > 0 && n_fds == 0)
+                        server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
+                else if (n_fds > 0)
+                        log_warning("Got file descriptors via audit socket. Ignoring.");
+        }
+
+        close_many(fds, n_fds);
+        return 0;
+}
+
+static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
+        Server *s = userdata;
+        int r;
+
+        assert(s);
+
+        log_info("Received request to flush runtime journal from PID " PID_FMT, si->ssi_pid);
+
+        server_flush_to_var(s);
+        server_sync(s);
+        server_vacuum(s, false, false);
+
+        r = touch("/run/systemd/journal/flushed");
+        if (r < 0)
+                log_warning_errno(r, "Failed to touch /run/systemd/journal/flushed, ignoring: %m");
+
+        return 0;
+}
+
+static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
+        Server *s = userdata;
+        int r;
+
+        assert(s);
+
+        log_info("Received request to rotate journal from PID " PID_FMT, si->ssi_pid);
+        server_rotate(s);
+        server_vacuum(s, true, true);
+
+        /* Let clients know when the most recent rotation happened. */
+        r = write_timestamp_file_atomic("/run/systemd/journal/rotated", now(CLOCK_MONOTONIC));
+        if (r < 0)
+                log_warning_errno(r, "Failed to write /run/systemd/journal/rotated, ignoring: %m");
+
+        return 0;
+}
+
+static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
+        Server *s = userdata;
+
+        assert(s);
+
+        log_received_signal(LOG_INFO, si);
+
+        sd_event_exit(s->event, 0);
+        return 0;
+}
+
+static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
+        Server *s = userdata;
+        int r;
+
+        assert(s);
+
+        log_debug("Received request to sync from PID " PID_FMT, si->ssi_pid);
+
+        server_sync(s);
+
+        /* Let clients know when the most recent sync happened. */
+        r = write_timestamp_file_atomic("/run/systemd/journal/synced", now(CLOCK_MONOTONIC));
+        if (r < 0)
+                log_warning_errno(r, "Failed to write /run/systemd/journal/synced, ignoring: %m");
+
+        return 0;
+}
+
+static int setup_signals(Server *s) {
+        int r;
+
+        assert(s);
+
+        assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, -1) >= 0);
+
+        r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
+        if (r < 0)
+                return r;
+
+        /* Let's process SIGTERM late, so that we flush all queued
+         * messages to disk before we exit */
+        r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20);
+        if (r < 0)
+                return r;
+
+        /* When journald is invoked on the terminal (when debugging),
+         * it's useful if C-c is handled equivalent to SIGTERM. */
+        r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
+        if (r < 0)
+                return r;
+
+        r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20);
+        if (r < 0)
+                return r;
+
+        /* SIGRTMIN+1 causes an immediate sync. We process this very
+         * late, so that everything else queued at this point is
+         * really written to disk. Clients can watch
+         * /run/systemd/journal/synced with inotify until its mtime
+         * changes to see when a sync happened. */
+        r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
+        if (r < 0)
+                return r;
+
+        r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int server_parse_proc_cmdline(Server *s) {
+        _cleanup_free_ char *line = NULL;
+        const char *p;
+        int r;
+
+        r = proc_cmdline(&line);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
+                return 0;
+        }
+
+        p = line;
+        for (;;) {
+                _cleanup_free_ char *word = NULL;
+
+                r = extract_first_word(&p, &word, NULL, 0);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to parse journald syntax \"%s\": %m", line);
+
+                if (r == 0)
+                        break;
+
+                if (startswith(word, "systemd.journald.forward_to_syslog=")) {
+                        r = parse_boolean(word + 35);
+                        if (r < 0)
+                                log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
+                        else
+                                s->forward_to_syslog = r;
+                } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
+                        r = parse_boolean(word + 33);
+                        if (r < 0)
+                                log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
+                        else
+                                s->forward_to_kmsg = r;
+                } else if (startswith(word, "systemd.journald.forward_to_console=")) {
+                        r = parse_boolean(word + 36);
+                        if (r < 0)
+                                log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
+                        else
+                                s->forward_to_console = r;
+                } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
+                        r = parse_boolean(word + 33);
+                        if (r < 0)
+                                log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
+                        else
+                                s->forward_to_wall = r;
+                } else if (startswith(word, "systemd.journald"))
+                        log_warning("Invalid systemd.journald parameter. Ignoring.");
+        }
+
+        /* do not warn about state here, since probably systemd already did */
+        return 0;
+}
+
+static int server_parse_config_file(Server *s) {
+        assert(s);
+
+        return config_parse_many(PKGSYSCONFDIR "/journald.conf",
+                                 CONF_PATHS_NULSTR("systemd/journald.conf.d"),
+                                 "Journal\0",
+                                 config_item_perf_lookup, journald_gperf_lookup,
+                                 false, s);
+}
+
+static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
+        Server *s = userdata;
+
+        assert(s);
+
+        server_sync(s);
+        return 0;
+}
+
+int server_schedule_sync(Server *s, int priority) {
+        int r;
+
+        assert(s);
+
+        if (priority <= LOG_CRIT) {
+                /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
+                server_sync(s);
+                return 0;
+        }
+
+        if (s->sync_scheduled)
+                return 0;
+
+        if (s->sync_interval_usec > 0) {
+                usec_t when;
+
+                r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
+                if (r < 0)
+                        return r;
+
+                when += s->sync_interval_usec;
+
+                if (!s->sync_event_source) {
+                        r = sd_event_add_time(
+                                        s->event,
+                                        &s->sync_event_source,
+                                        CLOCK_MONOTONIC,
+                                        when, 0,
+                                        server_dispatch_sync, s);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
+                } else {
+                        r = sd_event_source_set_time(s->sync_event_source, when);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
+                }
+                if (r < 0)
+                        return r;
+
+                s->sync_scheduled = true;
+        }
+
+        return 0;
+}
+
+static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+        Server *s = userdata;
+
+        assert(s);
+
+        server_cache_hostname(s);
+        return 0;
+}
+
+static int server_open_hostname(Server *s) {
+        int r;
+
+        assert(s);
+
+        s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
+        if (s->hostname_fd < 0)
+                return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
+
+        r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
+        if (r < 0) {
+                /* kernels prior to 3.2 don't support polling this file. Ignore
+                 * the failure. */
+                if (r == -EPERM) {
+                        log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
+                        s->hostname_fd = safe_close(s->hostname_fd);
+                        return 0;
+                }
+
+                return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
+        }
+
+        r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
+        if (r < 0)
+                return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
+
+        return 0;
+}
+
+static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+        Server *s = userdata;
+        int r;
+
+        assert(s);
+        assert(s->notify_event_source == es);
+        assert(s->notify_fd == fd);
+
+        /* The $NOTIFY_SOCKET is writable again, now send exactly one
+         * message on it. Either it's the wtachdog event, the initial
+         * READY=1 event or an stdout stream event. If there's nothing
+         * to write anymore, turn our event source off. The next time
+         * there's something to send it will be turned on again. */
+
+        if (!s->sent_notify_ready) {
+                static const char p[] =
+                        "READY=1\n"
+                        "STATUS=Processing requests...";
+                ssize_t l;
+
+                l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
+                if (l < 0) {
+                        if (errno == EAGAIN)
+                                return 0;
+
+                        return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
+                }
+
+                s->sent_notify_ready = true;
+                log_debug("Sent READY=1 notification.");
+
+        } else if (s->send_watchdog) {
+
+                static const char p[] =
+                        "WATCHDOG=1";
+
+                ssize_t l;
+
+                l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
+                if (l < 0) {
+                        if (errno == EAGAIN)
+                                return 0;
+
+                        return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
+                }
+
+                s->send_watchdog = false;
+                log_debug("Sent WATCHDOG=1 notification.");
+
+        } else if (s->stdout_streams_notify_queue)
+                /* Dispatch one stream notification event */
+                stdout_stream_send_notify(s->stdout_streams_notify_queue);
+
+        /* Leave us enabled if there's still more to to do. */
+        if (s->send_watchdog || s->stdout_streams_notify_queue)
+                return 0;
+
+        /* There was nothing to do anymore, let's turn ourselves off. */
+        r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
+        if (r < 0)
+                return log_error_errno(r, "Failed to turn off notify event source: %m");
+
+        return 0;
+}
+
+static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
+        Server *s = userdata;
+        int r;
+
+        assert(s);
+
+        s->send_watchdog = true;
+
+        r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
+        if (r < 0)
+                log_warning_errno(r, "Failed to turn on notify event source: %m");
+
+        r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
+        if (r < 0)
+                return log_error_errno(r, "Failed to restart watchdog event source: %m");
+
+        r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enable watchdog event source: %m");
+
+        return 0;
+}
+
+static int server_connect_notify(Server *s) {
+        union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+        };
+        const char *e;
+        int r;
+
+        assert(s);
+        assert(s->notify_fd < 0);
+        assert(!s->notify_event_source);
+
+        /*
+          So here's the problem: we'd like to send notification
+          messages to PID 1, but we cannot do that via sd_notify(),
+          since that's synchronous, and we might end up blocking on
+          it. Specifically: given that PID 1 might block on
+          dbus-daemon during IPC, and dbus-daemon is logging to us,
+          and might hence block on us, we might end up in a deadlock
+          if we block on sending PID 1 notification messages — by
+          generating a full blocking circle. To avoid this, let's
+          create a non-blocking socket, and connect it to the
+          notification socket, and then wait for POLLOUT before we
+          send anything. This should efficiently avoid any deadlocks,
+          as we'll never block on PID 1, hence PID 1 can safely block
+          on dbus-daemon which can safely block on us again.
+
+          Don't think that this issue is real? It is, see:
+          https://github.com/systemd/systemd/issues/1505
+        */
+
+        e = getenv("NOTIFY_SOCKET");
+        if (!e)
+                return 0;
+
+        if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
+                log_error("NOTIFY_SOCKET set to an invalid value: %s", e);
+                return -EINVAL;
+        }
+
+        if (strlen(e) > sizeof(sa.un.sun_path)) {
+                log_error("NOTIFY_SOCKET path too long: %s", e);
+                return -EINVAL;
+        }
+
+        s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+        if (s->notify_fd < 0)
+                return log_error_errno(errno, "Failed to create notify socket: %m");
+
+        (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
+
+        strncpy(sa.un.sun_path, e, sizeof(sa.un.sun_path));
+        if (sa.un.sun_path[0] == '@')
+                sa.un.sun_path[0] = 0;
+
+        r = connect(s->notify_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+        if (r < 0)
+                return log_error_errno(errno, "Failed to connect to notify socket: %m");
+
+        r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
+        if (r < 0)
+                return log_error_errno(r, "Failed to watch notification socket: %m");
+
+        if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
+                s->send_watchdog = true;
+
+                r = sd_event_add_time(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add watchdog time event: %m");
+        }
+
+        /* This should fire pretty soon, which we'll use to send the
+         * READY=1 event. */
+
+        return 0;
+}
+
+int server_init(Server *s) {
+        _cleanup_fdset_free_ FDSet *fds = NULL;
+        int n, r, fd;
+        bool no_sockets;
+
+        assert(s);
+
+        zero(*s);
+        s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = s->notify_fd = -1;
+        s->compress = true;
+        s->seal = true;
+
+        s->watchdog_usec = USEC_INFINITY;
+
+        s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
+        s->sync_scheduled = false;
+
+        s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
+        s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
+
+        s->forward_to_wall = true;
+
+        s->max_file_usec = DEFAULT_MAX_FILE_USEC;
+
+        s->max_level_store = LOG_DEBUG;
+        s->max_level_syslog = LOG_DEBUG;
+        s->max_level_kmsg = LOG_NOTICE;
+        s->max_level_console = LOG_INFO;
+        s->max_level_wall = LOG_EMERG;
+
+        journal_reset_metrics(&s->system_metrics);
+        journal_reset_metrics(&s->runtime_metrics);
+
+        server_parse_config_file(s);
+        server_parse_proc_cmdline(s);
+
+        if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
+                log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
+                          s->rate_limit_interval, s->rate_limit_burst);
+                s->rate_limit_interval = s->rate_limit_burst = 0;
+        }
+
+        (void) mkdir_p("/run/systemd/journal", 0755);
+
+        s->user_journals = ordered_hashmap_new(NULL);
+        if (!s->user_journals)
+                return log_oom();
+
+        s->mmap = mmap_cache_new();
+        if (!s->mmap)
+                return log_oom();
+
+        s->deferred_closes = set_new(NULL);
+        if (!s->deferred_closes)
+                return log_oom();
+
+        r = sd_event_default(&s->event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create event loop: %m");
+
+        n = sd_listen_fds(true);
+        if (n < 0)
+                return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
+
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
+
+                if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
+
+                        if (s->native_fd >= 0) {
+                                log_error("Too many native sockets passed.");
+                                return -EINVAL;
+                        }
+
+                        s->native_fd = fd;
+
+                } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
+
+                        if (s->stdout_fd >= 0) {
+                                log_error("Too many stdout sockets passed.");
+                                return -EINVAL;
+                        }
+
+                        s->stdout_fd = fd;
+
+                } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
+                           sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
+
+                        if (s->syslog_fd >= 0) {
+                                log_error("Too many /dev/log sockets passed.");
+                                return -EINVAL;
+                        }
+
+                        s->syslog_fd = fd;
+
+                } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
+
+                        if (s->audit_fd >= 0) {
+                                log_error("Too many audit sockets passed.");
+                                return -EINVAL;
+                        }
+
+                        s->audit_fd = fd;
+
+                } else {
+
+                        if (!fds) {
+                                fds = fdset_new();
+                                if (!fds)
+                                        return log_oom();
+                        }
+
+                        r = fdset_put(fds, fd);
+                        if (r < 0)
+                                return log_oom();
+                }
+        }
+
+        /* Try to restore streams, but don't bother if this fails */
+        (void) server_restore_streams(s, fds);
+
+        if (fdset_size(fds) > 0) {
+                log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
+                fds = fdset_free(fds);
+        }
+
+        no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0;
+
+        /* always open stdout, syslog, native, and kmsg sockets */
+
+        /* systemd-journald.socket: /run/systemd/journal/stdout */
+        r = server_open_stdout_socket(s);
+        if (r < 0)
+                return r;
+
+        /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
+        r = server_open_syslog_socket(s);
+        if (r < 0)
+                return r;
+
+        /* systemd-journald.socket: /run/systemd/journal/socket */
+        r = server_open_native_socket(s);
+        if (r < 0)
+                return r;
+
+        /* /dev/ksmg */
+        r = server_open_dev_kmsg(s);
+        if (r < 0)
+                return r;
+
+        /* Unless we got *some* sockets and not audit, open audit socket */
+        if (s->audit_fd >= 0 || no_sockets) {
+                r = server_open_audit(s);
+                if (r < 0)
+                        return r;
+        }
+
+        r = server_open_kernel_seqnum(s);
+        if (r < 0)
+                return r;
+
+        r = server_open_hostname(s);
+        if (r < 0)
+                return r;
+
+        r = setup_signals(s);
+        if (r < 0)
+                return r;
+
+        s->udev = udev_new();
+        if (!s->udev)
+                return -ENOMEM;
+
+        s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
+        if (!s->rate_limit)
+                return -ENOMEM;
+
+        r = cg_get_root_path(&s->cgroup_root);
+        if (r < 0)
+                return r;
+
+        server_cache_hostname(s);
+        server_cache_boot_id(s);
+        server_cache_machine_id(s);
+
+        (void) server_connect_notify(s);
+
+        return system_journal_open(s, false);
+}
+
+void server_maybe_append_tags(Server *s) {
+#ifdef HAVE_GCRYPT
+        JournalFile *f;
+        Iterator i;
+        usec_t n;
+
+        n = now(CLOCK_REALTIME);
+
+        if (s->system_journal)
+                journal_file_maybe_append_tag(s->system_journal, n);
+
+        ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
+                journal_file_maybe_append_tag(f, n);
+#endif
+}
+
+void server_done(Server *s) {
+        JournalFile *f;
+        assert(s);
+
+        if (s->deferred_closes) {
+                journal_file_close_set(s->deferred_closes);
+                set_free(s->deferred_closes);
+        }
+
+        while (s->stdout_streams)
+                stdout_stream_free(s->stdout_streams);
+
+        if (s->system_journal)
+                (void) journal_file_close(s->system_journal);
+
+        if (s->runtime_journal)
+                (void) journal_file_close(s->runtime_journal);
+
+        while ((f = ordered_hashmap_steal_first(s->user_journals)))
+                (void) journal_file_close(f);
+
+        ordered_hashmap_free(s->user_journals);
+
+        sd_event_source_unref(s->syslog_event_source);
+        sd_event_source_unref(s->native_event_source);
+        sd_event_source_unref(s->stdout_event_source);
+        sd_event_source_unref(s->dev_kmsg_event_source);
+        sd_event_source_unref(s->audit_event_source);
+        sd_event_source_unref(s->sync_event_source);
+        sd_event_source_unref(s->sigusr1_event_source);
+        sd_event_source_unref(s->sigusr2_event_source);
+        sd_event_source_unref(s->sigterm_event_source);
+        sd_event_source_unref(s->sigint_event_source);
+        sd_event_source_unref(s->sigrtmin1_event_source);
+        sd_event_source_unref(s->hostname_event_source);
+        sd_event_source_unref(s->notify_event_source);
+        sd_event_source_unref(s->watchdog_event_source);
+        sd_event_unref(s->event);
+
+        safe_close(s->syslog_fd);
+        safe_close(s->native_fd);
+        safe_close(s->stdout_fd);
+        safe_close(s->dev_kmsg_fd);
+        safe_close(s->audit_fd);
+        safe_close(s->hostname_fd);
+        safe_close(s->notify_fd);
+
+        if (s->rate_limit)
+                journal_rate_limit_free(s->rate_limit);
+
+        if (s->kernel_seqnum)
+                munmap(s->kernel_seqnum, sizeof(uint64_t));
+
+        free(s->buffer);
+        free(s->tty_path);
+        free(s->cgroup_root);
+        free(s->hostname_field);
+
+        if (s->mmap)
+                mmap_cache_unref(s->mmap);
+
+        udev_unref(s->udev);
+}
+
+static const char* const storage_table[_STORAGE_MAX] = {
+        [STORAGE_AUTO] = "auto",
+        [STORAGE_VOLATILE] = "volatile",
+        [STORAGE_PERSISTENT] = "persistent",
+        [STORAGE_NONE] = "none"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
+
+static const char* const split_mode_table[_SPLIT_MAX] = {
+        [SPLIT_LOGIN] = "login",
+        [SPLIT_UID] = "uid",
+        [SPLIT_NONE] = "none",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
diff --git a/src/grp-journal/libjournal-core/journald-server.h b/src/grp-journal/libjournal-core/journald-server.h
new file mode 100644
index 0000000000..bebb056aa7
--- /dev/null
+++ b/src/grp-journal/libjournal-core/journald-server.h
@@ -0,0 +1,186 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+#include <sys/types.h>
+
+#include <systemd/sd-event.h>
+
+typedef struct Server Server;
+
+#include "hashmap.h"
+#include "journal-file.h"
+#include "journald-rate-limit.h"
+#include "journald-stream.h"
+#include "list.h"
+
+typedef enum Storage {
+        STORAGE_AUTO,
+        STORAGE_VOLATILE,
+        STORAGE_PERSISTENT,
+        STORAGE_NONE,
+        _STORAGE_MAX,
+        _STORAGE_INVALID = -1
+} Storage;
+
+typedef enum SplitMode {
+        SPLIT_UID,
+        SPLIT_LOGIN,
+        SPLIT_NONE,
+        _SPLIT_MAX,
+        _SPLIT_INVALID = -1
+} SplitMode;
+
+struct Server {
+        int syslog_fd;
+        int native_fd;
+        int stdout_fd;
+        int dev_kmsg_fd;
+        int audit_fd;
+        int hostname_fd;
+        int notify_fd;
+
+        sd_event *event;
+
+        sd_event_source *syslog_event_source;
+        sd_event_source *native_event_source;
+        sd_event_source *stdout_event_source;
+        sd_event_source *dev_kmsg_event_source;
+        sd_event_source *audit_event_source;
+        sd_event_source *sync_event_source;
+        sd_event_source *sigusr1_event_source;
+        sd_event_source *sigusr2_event_source;
+        sd_event_source *sigterm_event_source;
+        sd_event_source *sigint_event_source;
+        sd_event_source *sigrtmin1_event_source;
+        sd_event_source *hostname_event_source;
+        sd_event_source *notify_event_source;
+        sd_event_source *watchdog_event_source;
+
+        JournalFile *runtime_journal;
+        JournalFile *system_journal;
+        OrderedHashmap *user_journals;
+
+        uint64_t seqnum;
+
+        char *buffer;
+        size_t buffer_size;
+
+        JournalRateLimit *rate_limit;
+        usec_t sync_interval_usec;
+        usec_t rate_limit_interval;
+        unsigned rate_limit_burst;
+
+        JournalMetrics runtime_metrics;
+        JournalMetrics system_metrics;
+
+        bool compress;
+        bool seal;
+
+        bool forward_to_kmsg;
+        bool forward_to_syslog;
+        bool forward_to_console;
+        bool forward_to_wall;
+
+        unsigned n_forward_syslog_missed;
+        usec_t last_warn_forward_syslog_missed;
+
+        uint64_t cached_space_available;
+        uint64_t cached_space_limit;
+        usec_t cached_space_timestamp;
+
+        uint64_t var_available_timestamp;
+
+        usec_t max_retention_usec;
+        usec_t max_file_usec;
+        usec_t oldest_file_usec;
+
+        LIST_HEAD(StdoutStream, stdout_streams);
+        LIST_HEAD(StdoutStream, stdout_streams_notify_queue);
+        unsigned n_stdout_streams;
+
+        char *tty_path;
+
+        int max_level_store;
+        int max_level_syslog;
+        int max_level_kmsg;
+        int max_level_console;
+        int max_level_wall;
+
+        Storage storage;
+        SplitMode split_mode;
+
+        MMapCache *mmap;
+
+        Set *deferred_closes;
+
+        struct udev *udev;
+
+        uint64_t *kernel_seqnum;
+        bool dev_kmsg_readable:1;
+
+        bool send_watchdog:1;
+        bool sent_notify_ready:1;
+        bool sync_scheduled:1;
+
+        char machine_id_field[sizeof("_MACHINE_ID=") + 32];
+        char boot_id_field[sizeof("_BOOT_ID=") + 32];
+        char *hostname_field;
+
+        /* Cached cgroup root, so that we don't have to query that all the time */
+        char *cgroup_root;
+
+        usec_t watchdog_usec;
+};
+
+#define SERVER_MACHINE_ID(s) ((s)->machine_id_field + strlen("_MACHINE_ID="))
+
+#define N_IOVEC_META_FIELDS 20
+#define N_IOVEC_KERNEL_FIELDS 64
+#define N_IOVEC_UDEV_FIELDS 32
+#define N_IOVEC_OBJECT_FIELDS 12
+#define N_IOVEC_PAYLOAD_FIELDS 15
+
+void server_dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigned m, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len, const char *unit_id, int priority, pid_t object_pid);
+void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) _printf_(3,0) _sentinel_;
+
+/* gperf lookup function */
+const struct ConfigPerfItem* journald_gperf_lookup(const char *key, unsigned length);
+
+int config_parse_storage(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+const char *storage_to_string(Storage s) _const_;
+Storage storage_from_string(const char *s) _pure_;
+
+int config_parse_split_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+const char *split_mode_to_string(SplitMode s) _const_;
+SplitMode split_mode_from_string(const char *s) _pure_;
+
+int server_init(Server *s);
+void server_done(Server *s);
+void server_sync(Server *s);
+int server_vacuum(Server *s, bool verbose, bool patch_min_use);
+void server_rotate(Server *s);
+int server_schedule_sync(Server *s, int priority);
+int server_flush_to_var(Server *s);
+void server_maybe_append_tags(Server *s);
+int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata);
diff --git a/src/grp-journal/libjournal-core/journald-stream.c b/src/grp-journal/libjournal-core/journald-stream.c
new file mode 100644
index 0000000000..99d856301c
--- /dev/null
+++ b/src/grp-journal/libjournal-core/journald-stream.c
@@ -0,0 +1,785 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stddef.h>
+#include <unistd.h>
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "dirent-util.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "io-util.h"
+#include "journald-console.h"
+#include "journald-kmsg.h"
+#include "journald-server.h"
+#include "journald-stream.h"
+#include "journald-syslog.h"
+#include "journald-wall.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "selinux-util.h"
+#include "socket-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "syslog-util.h"
+
+#define STDOUT_STREAMS_MAX 4096
+
+typedef enum StdoutStreamState {
+        STDOUT_STREAM_IDENTIFIER,
+        STDOUT_STREAM_UNIT_ID,
+        STDOUT_STREAM_PRIORITY,
+        STDOUT_STREAM_LEVEL_PREFIX,
+        STDOUT_STREAM_FORWARD_TO_SYSLOG,
+        STDOUT_STREAM_FORWARD_TO_KMSG,
+        STDOUT_STREAM_FORWARD_TO_CONSOLE,
+        STDOUT_STREAM_RUNNING
+} StdoutStreamState;
+
+struct StdoutStream {
+        Server *server;
+        StdoutStreamState state;
+
+        int fd;
+
+        struct ucred ucred;
+        char *label;
+        char *identifier;
+        char *unit_id;
+        int priority;
+        bool level_prefix:1;
+        bool forward_to_syslog:1;
+        bool forward_to_kmsg:1;
+        bool forward_to_console:1;
+
+        bool fdstore:1;
+        bool in_notify_queue:1;
+
+        char buffer[LINE_MAX+1];
+        size_t length;
+
+        sd_event_source *event_source;
+
+        char *state_file;
+
+        LIST_FIELDS(StdoutStream, stdout_stream);
+        LIST_FIELDS(StdoutStream, stdout_stream_notify_queue);
+};
+
+void stdout_stream_free(StdoutStream *s) {
+        if (!s)
+                return;
+
+        if (s->server) {
+                assert(s->server->n_stdout_streams > 0);
+                s->server->n_stdout_streams--;
+                LIST_REMOVE(stdout_stream, s->server->stdout_streams, s);
+
+                if (s->in_notify_queue)
+                        LIST_REMOVE(stdout_stream_notify_queue, s->server->stdout_streams_notify_queue, s);
+        }
+
+        if (s->event_source) {
+                sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF);
+                s->event_source = sd_event_source_unref(s->event_source);
+        }
+
+        safe_close(s->fd);
+        free(s->label);
+        free(s->identifier);
+        free(s->unit_id);
+        free(s->state_file);
+
+        free(s);
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(StdoutStream*, stdout_stream_free);
+
+static void stdout_stream_destroy(StdoutStream *s) {
+        if (!s)
+                return;
+
+        if (s->state_file)
+                (void) unlink(s->state_file);
+
+        stdout_stream_free(s);
+}
+
+static int stdout_stream_save(StdoutStream *s) {
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(s);
+
+        if (s->state != STDOUT_STREAM_RUNNING)
+                return 0;
+
+        if (!s->state_file) {
+                struct stat st;
+
+                r = fstat(s->fd, &st);
+                if (r < 0)
+                        return log_warning_errno(errno, "Failed to stat connected stream: %m");
+
+                /* We use device and inode numbers as identifier for the stream */
+                if (asprintf(&s->state_file, "/run/systemd/journal/streams/%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino) < 0)
+                        return log_oom();
+        }
+
+        mkdir_p("/run/systemd/journal/streams", 0755);
+
+        r = fopen_temporary(s->state_file, &f, &temp_path);
+        if (r < 0)
+                goto fail;
+
+        fprintf(f,
+                "# This is private data. Do not parse\n"
+                "PRIORITY=%i\n"
+                "LEVEL_PREFIX=%i\n"
+                "FORWARD_TO_SYSLOG=%i\n"
+                "FORWARD_TO_KMSG=%i\n"
+                "FORWARD_TO_CONSOLE=%i\n",
+                s->priority,
+                s->level_prefix,
+                s->forward_to_syslog,
+                s->forward_to_kmsg,
+                s->forward_to_console);
+
+        if (!isempty(s->identifier)) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(s->identifier);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "IDENTIFIER=%s\n", escaped);
+        }
+
+        if (!isempty(s->unit_id)) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(s->unit_id);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "UNIT=%s\n", escaped);
+        }
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, s->state_file) < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        if (!s->fdstore && !s->in_notify_queue) {
+                LIST_PREPEND(stdout_stream_notify_queue, s->server->stdout_streams_notify_queue, s);
+                s->in_notify_queue = true;
+
+                if (s->server->notify_event_source) {
+                        r = sd_event_source_set_enabled(s->server->notify_event_source, SD_EVENT_ON);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to enable notify event source: %m");
+                }
+        }
+
+        return 0;
+
+fail:
+        (void) unlink(s->state_file);
+
+        if (temp_path)
+                (void) unlink(temp_path);
+
+        return log_error_errno(r, "Failed to save stream data %s: %m", s->state_file);
+}
+
+static int stdout_stream_log(StdoutStream *s, const char *p) {
+        struct iovec iovec[N_IOVEC_META_FIELDS + 5];
+        int priority;
+        char syslog_priority[] = "PRIORITY=\0";
+        char syslog_facility[sizeof("SYSLOG_FACILITY=")-1 + DECIMAL_STR_MAX(int) + 1];
+        _cleanup_free_ char *message = NULL, *syslog_identifier = NULL;
+        unsigned n = 0;
+        size_t label_len;
+
+        assert(s);
+        assert(p);
+
+        priority = s->priority;
+
+        if (s->level_prefix)
+                syslog_parse_priority(&p, &priority, false);
+
+        if (isempty(p))
+                return 0;
+
+        if (s->forward_to_syslog || s->server->forward_to_syslog)
+                server_forward_syslog(s->server, syslog_fixup_facility(priority), s->identifier, p, &s->ucred, NULL);
+
+        if (s->forward_to_kmsg || s->server->forward_to_kmsg)
+                server_forward_kmsg(s->server, priority, s->identifier, p, &s->ucred);
+
+        if (s->forward_to_console || s->server->forward_to_console)
+                server_forward_console(s->server, priority, s->identifier, p, &s->ucred);
+
+        if (s->server->forward_to_wall)
+                server_forward_wall(s->server, priority, s->identifier, p, &s->ucred);
+
+        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=stdout");
+
+        syslog_priority[strlen("PRIORITY=")] = '0' + LOG_PRI(priority);
+        IOVEC_SET_STRING(iovec[n++], syslog_priority);
+
+        if (priority & LOG_FACMASK) {
+                xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
+                IOVEC_SET_STRING(iovec[n++], syslog_facility);
+        }
+
+        if (s->identifier) {
+                syslog_identifier = strappend("SYSLOG_IDENTIFIER=", s->identifier);
+                if (syslog_identifier)
+                        IOVEC_SET_STRING(iovec[n++], syslog_identifier);
+        }
+
+        message = strappend("MESSAGE=", p);
+        if (message)
+                IOVEC_SET_STRING(iovec[n++], message);
+
+        label_len = s->label ? strlen(s->label) : 0;
+        server_dispatch_message(s->server, iovec, n, ELEMENTSOF(iovec), &s->ucred, NULL, s->label, label_len, s->unit_id, priority, 0);
+        return 0;
+}
+
+static int stdout_stream_line(StdoutStream *s, char *p) {
+        int r;
+        char *orig;
+
+        assert(s);
+        assert(p);
+
+        orig = p;
+        p = strstrip(p);
+
+        switch (s->state) {
+
+        case STDOUT_STREAM_IDENTIFIER:
+                if (isempty(p))
+                        s->identifier = NULL;
+                else  {
+                        s->identifier = strdup(p);
+                        if (!s->identifier)
+                                return log_oom();
+                }
+
+                s->state = STDOUT_STREAM_UNIT_ID;
+                return 0;
+
+        case STDOUT_STREAM_UNIT_ID:
+                if (s->ucred.uid == 0) {
+                        if (isempty(p))
+                                s->unit_id = NULL;
+                        else  {
+                                s->unit_id = strdup(p);
+                                if (!s->unit_id)
+                                        return log_oom();
+                        }
+                }
+
+                s->state = STDOUT_STREAM_PRIORITY;
+                return 0;
+
+        case STDOUT_STREAM_PRIORITY:
+                r = safe_atoi(p, &s->priority);
+                if (r < 0 || s->priority < 0 || s->priority > 999) {
+                        log_warning("Failed to parse log priority line.");
+                        return -EINVAL;
+                }
+
+                s->state = STDOUT_STREAM_LEVEL_PREFIX;
+                return 0;
+
+        case STDOUT_STREAM_LEVEL_PREFIX:
+                r = parse_boolean(p);
+                if (r < 0) {
+                        log_warning("Failed to parse level prefix line.");
+                        return -EINVAL;
+                }
+
+                s->level_prefix = !!r;
+                s->state = STDOUT_STREAM_FORWARD_TO_SYSLOG;
+                return 0;
+
+        case STDOUT_STREAM_FORWARD_TO_SYSLOG:
+                r = parse_boolean(p);
+                if (r < 0) {
+                        log_warning("Failed to parse forward to syslog line.");
+                        return -EINVAL;
+                }
+
+                s->forward_to_syslog = !!r;
+                s->state = STDOUT_STREAM_FORWARD_TO_KMSG;
+                return 0;
+
+        case STDOUT_STREAM_FORWARD_TO_KMSG:
+                r = parse_boolean(p);
+                if (r < 0) {
+                        log_warning("Failed to parse copy to kmsg line.");
+                        return -EINVAL;
+                }
+
+                s->forward_to_kmsg = !!r;
+                s->state = STDOUT_STREAM_FORWARD_TO_CONSOLE;
+                return 0;
+
+        case STDOUT_STREAM_FORWARD_TO_CONSOLE:
+                r = parse_boolean(p);
+                if (r < 0) {
+                        log_warning("Failed to parse copy to console line.");
+                        return -EINVAL;
+                }
+
+                s->forward_to_console = !!r;
+                s->state = STDOUT_STREAM_RUNNING;
+
+                /* Try to save the stream, so that journald can be restarted and we can recover */
+                (void) stdout_stream_save(s);
+                return 0;
+
+        case STDOUT_STREAM_RUNNING:
+                return stdout_stream_log(s, orig);
+        }
+
+        assert_not_reached("Unknown stream state");
+}
+
+static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
+        char *p;
+        size_t remaining;
+        int r;
+
+        assert(s);
+
+        p = s->buffer;
+        remaining = s->length;
+        for (;;) {
+                char *end;
+                size_t skip;
+
+                end = memchr(p, '\n', remaining);
+                if (end)
+                        skip = end - p + 1;
+                else if (remaining >= sizeof(s->buffer) - 1) {
+                        end = p + sizeof(s->buffer) - 1;
+                        skip = remaining;
+                } else
+                        break;
+
+                *end = 0;
+
+                r = stdout_stream_line(s, p);
+                if (r < 0)
+                        return r;
+
+                remaining -= skip;
+                p += skip;
+        }
+
+        if (force_flush && remaining > 0) {
+                p[remaining] = 0;
+                r = stdout_stream_line(s, p);
+                if (r < 0)
+                        return r;
+
+                p += remaining;
+                remaining = 0;
+        }
+
+        if (p > s->buffer) {
+                memmove(s->buffer, p, remaining);
+                s->length = remaining;
+        }
+
+        return 0;
+}
+
+static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+        StdoutStream *s = userdata;
+        ssize_t l;
+        int r;
+
+        assert(s);
+
+        if ((revents|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
+                log_error("Got invalid event from epoll for stdout stream: %"PRIx32, revents);
+                goto terminate;
+        }
+
+        l = read(s->fd, s->buffer+s->length, sizeof(s->buffer)-1-s->length);
+        if (l < 0) {
+
+                if (errno == EAGAIN)
+                        return 0;
+
+                log_warning_errno(errno, "Failed to read from stream: %m");
+                goto terminate;
+        }
+
+        if (l == 0) {
+                stdout_stream_scan(s, true);
+                goto terminate;
+        }
+
+        s->length += l;
+        r = stdout_stream_scan(s, false);
+        if (r < 0)
+                goto terminate;
+
+        return 1;
+
+terminate:
+        stdout_stream_destroy(s);
+        return 0;
+}
+
+static int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
+        _cleanup_(stdout_stream_freep) StdoutStream *stream = NULL;
+        int r;
+
+        assert(s);
+        assert(fd >= 0);
+
+        stream = new0(StdoutStream, 1);
+        if (!stream)
+                return log_oom();
+
+        stream->fd = -1;
+        stream->priority = LOG_INFO;
+
+        r = getpeercred(fd, &stream->ucred);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine peer credentials: %m");
+
+        if (mac_selinux_have()) {
+                r = getpeersec(fd, &stream->label);
+                if (r < 0 && r != -EOPNOTSUPP)
+                        (void) log_warning_errno(r, "Failed to determine peer security context: %m");
+        }
+
+        (void) shutdown(fd, SHUT_WR);
+
+        r = sd_event_add_io(s->event, &stream->event_source, fd, EPOLLIN, stdout_stream_process, stream);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add stream to event loop: %m");
+
+        r = sd_event_source_set_priority(stream->event_source, SD_EVENT_PRIORITY_NORMAL+5);
+        if (r < 0)
+                return log_error_errno(r, "Failed to adjust stdout event source priority: %m");
+
+        stream->fd = fd;
+
+        stream->server = s;
+        LIST_PREPEND(stdout_stream, s->stdout_streams, stream);
+        s->n_stdout_streams++;
+
+        if (ret)
+                *ret = stream;
+
+        stream = NULL;
+
+        return 0;
+}
+
+static int stdout_stream_new(sd_event_source *es, int listen_fd, uint32_t revents, void *userdata) {
+        _cleanup_close_ int fd = -1;
+        Server *s = userdata;
+        int r;
+
+        assert(s);
+
+        if (revents != EPOLLIN) {
+                log_error("Got invalid event from epoll for stdout server fd: %"PRIx32, revents);
+                return -EIO;
+        }
+
+        fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+        if (fd < 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to accept stdout connection: %m");
+        }
+
+        if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
+                log_warning("Too many stdout streams, refusing connection.");
+                return 0;
+        }
+
+        r = stdout_stream_install(s, fd, NULL);
+        if (r < 0)
+                return r;
+
+        fd = -1;
+        return 0;
+}
+
+static int stdout_stream_load(StdoutStream *stream, const char *fname) {
+        _cleanup_free_ char
+                *priority = NULL,
+                *level_prefix = NULL,
+                *forward_to_syslog = NULL,
+                *forward_to_kmsg = NULL,
+                *forward_to_console = NULL;
+        int r;
+
+        assert(stream);
+        assert(fname);
+
+        if (!stream->state_file) {
+                stream->state_file = strappend("/run/systemd/journal/streams/", fname);
+                if (!stream->state_file)
+                        return log_oom();
+        }
+
+        r = parse_env_file(stream->state_file, NEWLINE,
+                           "PRIORITY", &priority,
+                           "LEVEL_PREFIX", &level_prefix,
+                           "FORWARD_TO_SYSLOG", &forward_to_syslog,
+                           "FORWARD_TO_KMSG", &forward_to_kmsg,
+                           "FORWARD_TO_CONSOLE", &forward_to_console,
+                           "IDENTIFIER", &stream->identifier,
+                           "UNIT", &stream->unit_id,
+                           NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read: %s", stream->state_file);
+
+        if (priority) {
+                int p;
+
+                p = log_level_from_string(priority);
+                if (p >= 0)
+                        stream->priority = p;
+        }
+
+        if (level_prefix) {
+                r = parse_boolean(level_prefix);
+                if (r >= 0)
+                        stream->level_prefix = r;
+        }
+
+        if (forward_to_syslog) {
+                r = parse_boolean(forward_to_syslog);
+                if (r >= 0)
+                        stream->forward_to_syslog = r;
+        }
+
+        if (forward_to_kmsg) {
+                r = parse_boolean(forward_to_kmsg);
+                if (r >= 0)
+                        stream->forward_to_kmsg = r;
+        }
+
+        if (forward_to_console) {
+                r = parse_boolean(forward_to_console);
+                if (r >= 0)
+                        stream->forward_to_console = r;
+        }
+
+        return 0;
+}
+
+static int stdout_stream_restore(Server *s, const char *fname, int fd) {
+        StdoutStream *stream;
+        int r;
+
+        assert(s);
+        assert(fname);
+        assert(fd >= 0);
+
+        if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
+                log_warning("Too many stdout streams, refusing restoring of stream.");
+                return -ENOBUFS;
+        }
+
+        r = stdout_stream_install(s, fd, &stream);
+        if (r < 0)
+                return r;
+
+        stream->state = STDOUT_STREAM_RUNNING;
+        stream->fdstore = true;
+
+        /* Ignore all parsing errors */
+        (void) stdout_stream_load(stream, fname);
+
+        return 0;
+}
+
+int server_restore_streams(Server *s, FDSet *fds) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r;
+
+        d = opendir("/run/systemd/journal/streams");
+        if (!d) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_warning_errno(errno, "Failed to enumerate /run/systemd/journal/streams: %m");
+        }
+
+        FOREACH_DIRENT(de, d, goto fail) {
+                unsigned long st_dev, st_ino;
+                bool found = false;
+                Iterator i;
+                int fd;
+
+                if (sscanf(de->d_name, "%lu:%lu", &st_dev, &st_ino) != 2)
+                        continue;
+
+                FDSET_FOREACH(fd, fds, i) {
+                        struct stat st;
+
+                        if (fstat(fd, &st) < 0)
+                                return log_error_errno(errno, "Failed to stat %s: %m", de->d_name);
+
+                        if (S_ISSOCK(st.st_mode) && st.st_dev == st_dev && st.st_ino == st_ino) {
+                                found = true;
+                                break;
+                        }
+                }
+
+                if (!found) {
+                        /* No file descriptor? Then let's delete the state file */
+                        log_debug("Cannot restore stream file %s", de->d_name);
+                        unlinkat(dirfd(d), de->d_name, 0);
+                        continue;
+                }
+
+                fdset_remove(fds, fd);
+
+                r = stdout_stream_restore(s, de->d_name, fd);
+                if (r < 0)
+                        safe_close(fd);
+        }
+
+        return 0;
+
+fail:
+        return log_error_errno(errno, "Failed to read streams directory: %m");
+}
+
+int server_open_stdout_socket(Server *s) {
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/journal/stdout",
+        };
+        int r;
+
+        assert(s);
+
+        if (s->stdout_fd < 0) {
+                s->stdout_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+                if (s->stdout_fd < 0)
+                        return log_error_errno(errno, "socket() failed: %m");
+
+                (void) unlink(sa.un.sun_path);
+
+                r = bind(s->stdout_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+                if (r < 0)
+                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
+
+                (void) chmod(sa.un.sun_path, 0666);
+
+                if (listen(s->stdout_fd, SOMAXCONN) < 0)
+                        return log_error_errno(errno, "listen(%s) failed: %m", sa.un.sun_path);
+        } else
+                fd_nonblock(s->stdout_fd, 1);
+
+        r = sd_event_add_io(s->event, &s->stdout_event_source, s->stdout_fd, EPOLLIN, stdout_stream_new, s);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add stdout server fd to event source: %m");
+
+        r = sd_event_source_set_priority(s->stdout_event_source, SD_EVENT_PRIORITY_NORMAL+5);
+        if (r < 0)
+                return log_error_errno(r, "Failed to adjust priority of stdout server event source: %m");
+
+        return 0;
+}
+
+void stdout_stream_send_notify(StdoutStream *s) {
+        struct iovec iovec = {
+                .iov_base = (char*) "FDSTORE=1",
+                .iov_len = strlen("FDSTORE=1"),
+        };
+        struct msghdr msghdr = {
+                .msg_iov = &iovec,
+                .msg_iovlen = 1,
+        };
+        struct cmsghdr *cmsg;
+        ssize_t l;
+
+        assert(s);
+        assert(!s->fdstore);
+        assert(s->in_notify_queue);
+        assert(s->server);
+        assert(s->server->notify_fd >= 0);
+
+        /* Store the connection fd in PID 1, so that we get it passed
+         * in again on next start */
+
+        msghdr.msg_controllen = CMSG_SPACE(sizeof(int));
+        msghdr.msg_control = alloca0(msghdr.msg_controllen);
+
+        cmsg = CMSG_FIRSTHDR(&msghdr);
+        cmsg->cmsg_level = SOL_SOCKET;
+        cmsg->cmsg_type = SCM_RIGHTS;
+        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+
+        memcpy(CMSG_DATA(cmsg), &s->fd, sizeof(int));
+
+        l = sendmsg(s->server->notify_fd, &msghdr, MSG_DONTWAIT|MSG_NOSIGNAL);
+        if (l < 0) {
+                if (errno == EAGAIN)
+                        return;
+
+                log_error_errno(errno, "Failed to send stream file descriptor to service manager: %m");
+        } else {
+                log_debug("Successfully sent stream file descriptor to service manager.");
+                s->fdstore = 1;
+        }
+
+        LIST_REMOVE(stdout_stream_notify_queue, s->server->stdout_streams_notify_queue, s);
+        s->in_notify_queue = false;
+
+}
diff --git a/src/journal/journald-stream.h b/src/grp-journal/libjournal-core/journald-stream.h
index db4c67fae3..db4c67fae3 100644
--- a/src/journal/journald-stream.h
+++ b/src/grp-journal/libjournal-core/journald-stream.h
diff --git a/src/grp-journal/libjournal-core/journald-syslog.c b/src/grp-journal/libjournal-core/journald-syslog.c
new file mode 100644
index 0000000000..86fe81d179
--- /dev/null
+++ b/src/grp-journal/libjournal-core/journald-syslog.c
@@ -0,0 +1,454 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stddef.h>
+#include <sys/epoll.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "io-util.h"
+#include "journald-console.h"
+#include "journald-kmsg.h"
+#include "journald-server.h"
+#include "journald-syslog.h"
+#include "journald-wall.h"
+#include "process-util.h"
+#include "selinux-util.h"
+#include "socket-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "syslog-util.h"
+
+/* Warn once every 30s if we missed syslog message */
+#define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
+
+static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, const struct ucred *ucred, const struct timeval *tv) {
+
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/journal/syslog",
+        };
+        struct msghdr msghdr = {
+                .msg_iov = (struct iovec *) iovec,
+                .msg_iovlen = n_iovec,
+                .msg_name = (struct sockaddr*) &sa.sa,
+                .msg_namelen = SOCKADDR_UN_LEN(sa.un),
+        };
+        struct cmsghdr *cmsg;
+        union {
+                struct cmsghdr cmsghdr;
+                uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
+        } control;
+
+        assert(s);
+        assert(iovec);
+        assert(n_iovec > 0);
+
+        if (ucred) {
+                zero(control);
+                msghdr.msg_control = &control;
+                msghdr.msg_controllen = sizeof(control);
+
+                cmsg = CMSG_FIRSTHDR(&msghdr);
+                cmsg->cmsg_level = SOL_SOCKET;
+                cmsg->cmsg_type = SCM_CREDENTIALS;
+                cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
+                memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
+                msghdr.msg_controllen = cmsg->cmsg_len;
+        }
+
+        /* Forward the syslog message we received via /dev/log to
+         * /run/systemd/syslog. Unfortunately we currently can't set
+         * the SO_TIMESTAMP auxiliary data, and hence we don't. */
+
+        if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
+                return;
+
+        /* The socket is full? I guess the syslog implementation is
+         * too slow, and we shouldn't wait for that... */
+        if (errno == EAGAIN) {
+                s->n_forward_syslog_missed++;
+                return;
+        }
+
+        if (ucred && (errno == ESRCH || errno == EPERM)) {
+                struct ucred u;
+
+                /* Hmm, presumably the sender process vanished
+                 * by now, or we don't have CAP_SYS_AMDIN, so
+                 * let's fix it as good as we can, and retry */
+
+                u = *ucred;
+                u.pid = getpid();
+                memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
+
+                if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
+                        return;
+
+                if (errno == EAGAIN) {
+                        s->n_forward_syslog_missed++;
+                        return;
+                }
+        }
+
+        if (errno != ENOENT)
+                log_debug_errno(errno, "Failed to forward syslog message: %m");
+}
+
+static void forward_syslog_raw(Server *s, int priority, const char *buffer, const struct ucred *ucred, const struct timeval *tv) {
+        struct iovec iovec;
+
+        assert(s);
+        assert(buffer);
+
+        if (LOG_PRI(priority) > s->max_level_syslog)
+                return;
+
+        IOVEC_SET_STRING(iovec, buffer);
+        forward_syslog_iovec(s, &iovec, 1, ucred, tv);
+}
+
+void server_forward_syslog(Server *s, int priority, const char *identifier, const char *message, const struct ucred *ucred, const struct timeval *tv) {
+        struct iovec iovec[5];
+        char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64],
+             header_pid[sizeof("[]: ")-1 + DECIMAL_STR_MAX(pid_t) + 1];
+        int n = 0;
+        time_t t;
+        struct tm *tm;
+        char *ident_buf = NULL;
+
+        assert(s);
+        assert(priority >= 0);
+        assert(priority <= 999);
+        assert(message);
+
+        if (LOG_PRI(priority) > s->max_level_syslog)
+                return;
+
+        /* First: priority field */
+        xsprintf(header_priority, "<%i>", priority);
+        IOVEC_SET_STRING(iovec[n++], header_priority);
+
+        /* Second: timestamp */
+        t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
+        tm = localtime(&t);
+        if (!tm)
+                return;
+        if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
+                return;
+        IOVEC_SET_STRING(iovec[n++], header_time);
+
+        /* Third: identifier and PID */
+        if (ucred) {
+                if (!identifier) {
+                        get_process_comm(ucred->pid, &ident_buf);
+                        identifier = ident_buf;
+                }
+
+                xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);
+
+                if (identifier)
+                        IOVEC_SET_STRING(iovec[n++], identifier);
+
+                IOVEC_SET_STRING(iovec[n++], header_pid);
+        } else if (identifier) {
+                IOVEC_SET_STRING(iovec[n++], identifier);
+                IOVEC_SET_STRING(iovec[n++], ": ");
+        }
+
+        /* Fourth: message */
+        IOVEC_SET_STRING(iovec[n++], message);
+
+        forward_syslog_iovec(s, iovec, n, ucred, tv);
+
+        free(ident_buf);
+}
+
+int syslog_fixup_facility(int priority) {
+
+        if ((priority & LOG_FACMASK) == 0)
+                return (priority & LOG_PRIMASK) | LOG_USER;
+
+        return priority;
+}
+
+size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid) {
+        const char *p;
+        char *t;
+        size_t l, e;
+
+        assert(buf);
+        assert(identifier);
+        assert(pid);
+
+        p = *buf;
+
+        p += strspn(p, WHITESPACE);
+        l = strcspn(p, WHITESPACE);
+
+        if (l <= 0 ||
+            p[l-1] != ':')
+                return 0;
+
+        e = l;
+        l--;
+
+        if (p[l-1] == ']') {
+                size_t k = l-1;
+
+                for (;;) {
+
+                        if (p[k] == '[') {
+                                t = strndup(p+k+1, l-k-2);
+                                if (t)
+                                        *pid = t;
+
+                                l = k;
+                                break;
+                        }
+
+                        if (k == 0)
+                                break;
+
+                        k--;
+                }
+        }
+
+        t = strndup(p, l);
+        if (t)
+                *identifier = t;
+
+        if (strchr(WHITESPACE, p[e]))
+                e++;
+        *buf = p + e;
+        return e;
+}
+
+static void syslog_skip_date(char **buf) {
+        enum {
+                LETTER,
+                SPACE,
+                NUMBER,
+                SPACE_OR_NUMBER,
+                COLON
+        } sequence[] = {
+                LETTER, LETTER, LETTER,
+                SPACE,
+                SPACE_OR_NUMBER, NUMBER,
+                SPACE,
+                SPACE_OR_NUMBER, NUMBER,
+                COLON,
+                SPACE_OR_NUMBER, NUMBER,
+                COLON,
+                SPACE_OR_NUMBER, NUMBER,
+                SPACE
+        };
+
+        char *p;
+        unsigned i;
+
+        assert(buf);
+        assert(*buf);
+
+        p = *buf;
+
+        for (i = 0; i < ELEMENTSOF(sequence); i++, p++) {
+
+                if (!*p)
+                        return;
+
+                switch (sequence[i]) {
+
+                case SPACE:
+                        if (*p != ' ')
+                                return;
+                        break;
+
+                case SPACE_OR_NUMBER:
+                        if (*p == ' ')
+                                break;
+
+                        /* fall through */
+
+                case NUMBER:
+                        if (*p < '0' || *p > '9')
+                                return;
+
+                        break;
+
+                case LETTER:
+                        if (!(*p >= 'A' && *p <= 'Z') &&
+                            !(*p >= 'a' && *p <= 'z'))
+                                return;
+
+                        break;
+
+                case COLON:
+                        if (*p != ':')
+                                return;
+                        break;
+
+                }
+        }
+
+        *buf = p;
+}
+
+void server_process_syslog_message(
+                Server *s,
+                const char *buf,
+                const struct ucred *ucred,
+                const struct timeval *tv,
+                const char *label,
+                size_t label_len) {
+
+        char syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
+             syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
+        const char *message = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
+        struct iovec iovec[N_IOVEC_META_FIELDS + 6];
+        unsigned n = 0;
+        int priority = LOG_USER | LOG_INFO;
+        _cleanup_free_ char *identifier = NULL, *pid = NULL;
+        const char *orig;
+
+        assert(s);
+        assert(buf);
+
+        orig = buf;
+        syslog_parse_priority(&buf, &priority, true);
+
+        if (s->forward_to_syslog)
+                forward_syslog_raw(s, priority, orig, ucred, tv);
+
+        syslog_skip_date((char**) &buf);
+        syslog_parse_identifier(&buf, &identifier, &pid);
+
+        if (s->forward_to_kmsg)
+                server_forward_kmsg(s, priority, identifier, buf, ucred);
+
+        if (s->forward_to_console)
+                server_forward_console(s, priority, identifier, buf, ucred);
+
+        if (s->forward_to_wall)
+                server_forward_wall(s, priority, identifier, buf, ucred);
+
+        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=syslog");
+
+        xsprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
+        IOVEC_SET_STRING(iovec[n++], syslog_priority);
+
+        if (priority & LOG_FACMASK) {
+                xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
+                IOVEC_SET_STRING(iovec[n++], syslog_facility);
+        }
+
+        if (identifier) {
+                syslog_identifier = strjoina("SYSLOG_IDENTIFIER=", identifier);
+                IOVEC_SET_STRING(iovec[n++], syslog_identifier);
+        }
+
+        if (pid) {
+                syslog_pid = strjoina("SYSLOG_PID=", pid);
+                IOVEC_SET_STRING(iovec[n++], syslog_pid);
+        }
+
+        message = strjoina("MESSAGE=", buf);
+        if (message)
+                IOVEC_SET_STRING(iovec[n++], message);
+
+        server_dispatch_message(s, iovec, n, ELEMENTSOF(iovec), ucred, tv, label, label_len, NULL, priority, 0);
+}
+
+int server_open_syslog_socket(Server *s) {
+
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/journal/dev-log",
+        };
+        static const int one = 1;
+        int r;
+
+        assert(s);
+
+        if (s->syslog_fd < 0) {
+                s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+                if (s->syslog_fd < 0)
+                        return log_error_errno(errno, "socket() failed: %m");
+
+                (void) unlink(sa.un.sun_path);
+
+                r = bind(s->syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+                if (r < 0)
+                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
+
+                (void) chmod(sa.un.sun_path, 0666);
+        } else
+                fd_nonblock(s->syslog_fd, 1);
+
+        r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
+        if (r < 0)
+                return log_error_errno(errno, "SO_PASSCRED failed: %m");
+
+#ifdef HAVE_SELINUX
+        if (mac_selinux_have()) {
+                r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
+                if (r < 0)
+                        log_warning_errno(errno, "SO_PASSSEC failed: %m");
+        }
+#endif
+
+        r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
+        if (r < 0)
+                return log_error_errno(errno, "SO_TIMESTAMP failed: %m");
+
+        r = sd_event_add_io(s->event, &s->syslog_event_source, s->syslog_fd, EPOLLIN, server_process_datagram, s);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add syslog server fd to event loop: %m");
+
+        r = sd_event_source_set_priority(s->syslog_event_source, SD_EVENT_PRIORITY_NORMAL+5);
+        if (r < 0)
+                return log_error_errno(r, "Failed to adjust syslog event source priority: %m");
+
+        return 0;
+}
+
+void server_maybe_warn_forward_syslog_missed(Server *s) {
+        usec_t n;
+
+        assert(s);
+
+        if (s->n_forward_syslog_missed <= 0)
+                return;
+
+        n = now(CLOCK_MONOTONIC);
+        if (s->last_warn_forward_syslog_missed + WARN_FORWARD_SYSLOG_MISSED_USEC > n)
+                return;
+
+        server_driver_message(s, SD_MESSAGE_FORWARD_SYSLOG_MISSED,
+                              LOG_MESSAGE("Forwarding to syslog missed %u messages.",
+                                          s->n_forward_syslog_missed),
+                              NULL);
+
+        s->n_forward_syslog_missed = 0;
+        s->last_warn_forward_syslog_missed = n;
+}
diff --git a/src/journal/journald-syslog.h b/src/grp-journal/libjournal-core/journald-syslog.h
index 46ad715314..46ad715314 100644
--- a/src/journal/journald-syslog.h
+++ b/src/grp-journal/libjournal-core/journald-syslog.h
diff --git a/src/journal/journald-wall.c b/src/grp-journal/libjournal-core/journald-wall.c
index 4d91fafffe..4d91fafffe 100644
--- a/src/journal/journald-wall.c
+++ b/src/grp-journal/libjournal-core/journald-wall.c
diff --git a/src/journal/journald-wall.h b/src/grp-journal/libjournal-core/journald-wall.h
index ebc2b89fa8..ebc2b89fa8 100644
--- a/src/journal/journald-wall.h
+++ b/src/grp-journal/libjournal-core/journald-wall.h
diff --git a/src/journal/journald.conf b/src/grp-journal/libjournal-core/journald.conf
index 2541b949be..2541b949be 100644
--- a/src/journal/journald.conf
+++ b/src/grp-journal/libjournal-core/journald.conf
diff --git a/src/journal/test-audit-type.c b/src/grp-journal/libjournal-core/test-audit-type.c
index 88a2e6d9d9..88a2e6d9d9 100644
--- a/src/journal/test-audit-type.c
+++ b/src/grp-journal/libjournal-core/test-audit-type.c
diff --git a/src/grp-journal/libjournal-core/test-catalog.c b/src/grp-journal/libjournal-core/test-catalog.c
new file mode 100644
index 0000000000..f939fcdc2a
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-catalog.c
@@ -0,0 +1,264 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "catalog.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "log.h"
+#include "macro.h"
+#include "string-util.h"
+#include "util.h"
+
+static const char *catalog_dirs[] = {
+        CATALOG_DIR,
+        NULL,
+};
+
+static const char *no_catalog_dirs[] = {
+        "/bin/hopefully/with/no/catalog",
+        NULL
+};
+
+static Hashmap * test_import(const char* contents, ssize_t size, int code) {
+        int r;
+        char name[] = "/tmp/test-catalog.XXXXXX";
+        _cleanup_close_ int fd;
+        Hashmap *h;
+
+        if (size < 0)
+                size = strlen(contents);
+
+        assert_se(h = hashmap_new(&catalog_hash_ops));
+
+        fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+        assert_se(fd >= 0);
+        assert_se(write(fd, contents, size) == size);
+
+        r = catalog_import_file(h, name);
+        assert_se(r == code);
+
+        unlink(name);
+
+        return h;
+}
+
+static void test_catalog_import_invalid(void) {
+        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+
+        h = test_import("xxx", -1, -EINVAL);
+        assert_se(hashmap_isempty(h));
+}
+
+static void test_catalog_import_badid(void) {
+        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+        const char *input =
+"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededede\n" \
+"Subject: message\n" \
+"\n" \
+"payload\n";
+        h = test_import(input, -1, -EINVAL);
+}
+
+static void test_catalog_import_one(void) {
+        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+        char *payload;
+        Iterator j;
+
+        const char *input =
+"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
+"Subject: message\n" \
+"\n" \
+"payload\n";
+        const char *expect =
+"Subject: message\n" \
+"\n" \
+"payload\n";
+
+        h = test_import(input, -1, 0);
+        assert_se(hashmap_size(h) == 1);
+
+        HASHMAP_FOREACH(payload, h, j) {
+                printf("expect: %s\n", expect);
+                printf("actual: %s\n", payload);
+                assert_se(streq(expect, payload));
+        }
+}
+
+static void test_catalog_import_merge(void) {
+        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+        char *payload;
+        Iterator j;
+
+        const char *input =
+"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
+"Subject: message\n" \
+"Defined-By: me\n" \
+"\n" \
+"payload\n" \
+"\n" \
+"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
+"Subject: override subject\n" \
+"X-Header: hello\n" \
+"\n" \
+"override payload\n";
+
+        const char *combined =
+"Subject: override subject\n" \
+"X-Header: hello\n" \
+"Subject: message\n" \
+"Defined-By: me\n" \
+"\n" \
+"override payload\n";
+
+        h = test_import(input, -1, 0);
+        assert_se(hashmap_size(h) == 1);
+
+        HASHMAP_FOREACH(payload, h, j) {
+                assert_se(streq(combined, payload));
+        }
+}
+
+static void test_catalog_import_merge_no_body(void) {
+        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+        char *payload;
+        Iterator j;
+
+        const char *input =
+"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
+"Subject: message\n" \
+"Defined-By: me\n" \
+"\n" \
+"payload\n" \
+"\n" \
+"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
+"Subject: override subject\n" \
+"X-Header: hello\n" \
+"\n";
+
+        const char *combined =
+"Subject: override subject\n" \
+"X-Header: hello\n" \
+"Subject: message\n" \
+"Defined-By: me\n" \
+"\n" \
+"payload\n";
+
+        h = test_import(input, -1, 0);
+        assert_se(hashmap_size(h) == 1);
+
+        HASHMAP_FOREACH(payload, h, j) {
+                assert_se(streq(combined, payload));
+        }
+}
+
+static const char* database = NULL;
+
+static void test_catalog_update(void) {
+        static char name[] = "/tmp/test-catalog.XXXXXX";
+        int r;
+
+        r = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+        assert_se(r >= 0);
+
+        database = name;
+
+        /* Test what happens if there are no files. */
+        r = catalog_update(database, NULL, NULL);
+        assert_se(r >= 0);
+
+        /* Test what happens if there are no files in the directory. */
+        r = catalog_update(database, NULL, no_catalog_dirs);
+        assert_se(r >= 0);
+
+        /* Make sure that we at least have some files loaded or the
+           catalog_list below will fail. */
+        r = catalog_update(database, NULL, catalog_dirs);
+        assert_se(r >= 0);
+}
+
+static void test_catalog_file_lang(void) {
+        _cleanup_free_ char *lang = NULL, *lang2 = NULL, *lang3 = NULL, *lang4 = NULL;
+
+        assert_se(catalog_file_lang("systemd.de_DE.catalog", &lang) == 1);
+        assert_se(streq(lang, "de_DE"));
+
+        assert_se(catalog_file_lang("systemd..catalog", &lang2) == 0);
+        assert_se(lang2 == NULL);
+
+        assert_se(catalog_file_lang("systemd.fr.catalog", &lang2) == 1);
+        assert_se(streq(lang2, "fr"));
+
+        assert_se(catalog_file_lang("systemd.fr.catalog.gz", &lang3) == 0);
+        assert_se(lang3 == NULL);
+
+        assert_se(catalog_file_lang("systemd.01234567890123456789012345678901.catalog", &lang3) == 0);
+        assert_se(lang3 == NULL);
+
+        assert_se(catalog_file_lang("systemd.0123456789012345678901234567890.catalog", &lang3) == 1);
+        assert_se(streq(lang3, "0123456789012345678901234567890"));
+
+        assert_se(catalog_file_lang("/x/y/systemd.catalog", &lang4) == 0);
+        assert_se(lang4 == NULL);
+
+        assert_se(catalog_file_lang("/x/y/systemd.ru_RU.catalog", &lang4) == 1);
+        assert_se(streq(lang4, "ru_RU"));
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_free_ char *text = NULL;
+        int r;
+
+        setlocale(LC_ALL, "de_DE.UTF-8");
+
+        log_parse_environment();
+        log_open();
+
+        test_catalog_file_lang();
+
+        test_catalog_import_invalid();
+        test_catalog_import_badid();
+        test_catalog_import_one();
+        test_catalog_import_merge();
+        test_catalog_import_merge_no_body();
+
+        test_catalog_update();
+
+        r = catalog_list(stdout, database, true);
+        assert_se(r >= 0);
+
+        r = catalog_list(stdout, database, false);
+        assert_se(r >= 0);
+
+        assert_se(catalog_get(database, SD_MESSAGE_COREDUMP, &text) >= 0);
+        printf(">>>%s<<<\n", text);
+
+        if (database)
+                unlink(database);
+
+        return 0;
+}
diff --git a/src/journal/test-compress-benchmark.c b/src/grp-journal/libjournal-core/test-compress-benchmark.c
index 6f6d71435d..6f6d71435d 100644
--- a/src/journal/test-compress-benchmark.c
+++ b/src/grp-journal/libjournal-core/test-compress-benchmark.c
diff --git a/src/journal/test-compress.c b/src/grp-journal/libjournal-core/test-compress.c
index 68c9a4d76c..68c9a4d76c 100644
--- a/src/journal/test-compress.c
+++ b/src/grp-journal/libjournal-core/test-compress.c
diff --git a/src/grp-journal/libjournal-core/test-journal-enum.c b/src/grp-journal/libjournal-core/test-journal-enum.c
new file mode 100644
index 0000000000..54df59f477
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-journal-enum.c
@@ -0,0 +1,53 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdio.h>
+
+#include <systemd/sd-journal.h>
+
+#include "journal-internal.h"
+#include "log.h"
+#include "macro.h"
+
+int main(int argc, char *argv[]) {
+        unsigned n = 0;
+        _cleanup_(sd_journal_closep) sd_journal*j = NULL;
+
+        log_set_max_level(LOG_DEBUG);
+
+        assert_se(sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY) >= 0);
+
+        assert_se(sd_journal_add_match(j, "_TRANSPORT=syslog", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "_UID=0", 0) >= 0);
+
+        SD_JOURNAL_FOREACH_BACKWARDS(j) {
+                const void *d;
+                size_t l;
+
+                assert_se(sd_journal_get_data(j, "MESSAGE", &d, &l) >= 0);
+
+                printf("%.*s\n", (int) l, (char*) d);
+
+                n++;
+                if (n >= 10)
+                        break;
+        }
+
+        return 0;
+}
diff --git a/src/grp-journal/libjournal-core/test-journal-flush.c b/src/grp-journal/libjournal-core/test-journal-flush.c
new file mode 100644
index 0000000000..7e9814f8fa
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-journal-flush.c
@@ -0,0 +1,75 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "journal-file.h"
+#include "journal-internal.h"
+#include "macro.h"
+#include "string-util.h"
+
+int main(int argc, char *argv[]) {
+        _cleanup_free_ char *fn = NULL;
+        char dn[] = "/var/tmp/test-journal-flush.XXXXXX";
+        JournalFile *new_journal = NULL;
+        sd_journal *j = NULL;
+        unsigned n = 0;
+        int r;
+
+        assert_se(mkdtemp(dn));
+        fn = strappend(dn, "/test.journal");
+
+        r = journal_file_open(-1, fn, O_CREAT|O_RDWR, 0644, false, false, NULL, NULL, NULL, NULL, &new_journal);
+        assert_se(r >= 0);
+
+        r = sd_journal_open(&j, 0);
+        assert_se(r >= 0);
+
+        sd_journal_set_data_threshold(j, 0);
+
+        SD_JOURNAL_FOREACH(j) {
+                Object *o;
+                JournalFile *f;
+
+                f = j->current_file;
+                assert_se(f && f->current_offset > 0);
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
+                assert_se(r >= 0);
+
+                r = journal_file_copy_entry(f, new_journal, o, f->current_offset, NULL, NULL, NULL);
+                assert_se(r >= 0);
+
+                n++;
+                if (n > 10000)
+                        break;
+        }
+
+        sd_journal_close(j);
+
+        (void) journal_file_close(new_journal);
+
+        unlink(fn);
+        assert_se(rmdir(dn) == 0);
+
+        return 0;
+}
diff --git a/src/grp-journal/libjournal-core/test-journal-init.c b/src/grp-journal/libjournal-core/test-journal-init.c
new file mode 100644
index 0000000000..e6713034dd
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-journal-init.c
@@ -0,0 +1,64 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-journal.h>
+
+#include "log.h"
+#include "parse-util.h"
+#include "rm-rf.h"
+#include "util.h"
+
+int main(int argc, char *argv[]) {
+        sd_journal *j;
+        int r, i, I = 100;
+        char t[] = "/tmp/journal-stream-XXXXXX";
+
+        log_set_max_level(LOG_DEBUG);
+
+        if (argc >= 2) {
+                r = safe_atoi(argv[1], &I);
+                if (r < 0)
+                        log_info("Could not parse loop count argument. Using default.");
+        }
+
+        log_info("Running %d loops", I);
+
+        assert_se(mkdtemp(t));
+
+        for (i = 0; i < I; i++) {
+                r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY);
+                assert_se(r == 0);
+
+                sd_journal_close(j);
+
+                r = sd_journal_open_directory(&j, t, 0);
+                assert_se(r == 0);
+
+                sd_journal_close(j);
+
+                j = NULL;
+                r = sd_journal_open_directory(&j, t, SD_JOURNAL_LOCAL_ONLY);
+                assert_se(r == -EINVAL);
+                assert_se(j == NULL);
+        }
+
+        assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
+
+        return 0;
+}
diff --git a/src/grp-journal/libjournal-core/test-journal-interleaving.c b/src/grp-journal/libjournal-core/test-journal-interleaving.c
new file mode 100644
index 0000000000..d09ef011a6
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-journal-interleaving.c
@@ -0,0 +1,307 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Marius Vollmer
+  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "journal-file.h"
+#include "journal-vacuum.h"
+#include "log.h"
+#include "parse-util.h"
+#include "rm-rf.h"
+#include "util.h"
+
+/* This program tests skipping around in a multi-file journal.
+ */
+
+static bool arg_keep = false;
+
+noreturn static void log_assert_errno(const char *text, int eno, const char *file, int line, const char *func) {
+        log_internal(LOG_CRIT, 0, file, line, func,
+                     "'%s' failed at %s:%u (%s): %s.",
+                     text, file, line, func, strerror(eno));
+        abort();
+}
+
+#define assert_ret(expr)                                                \
+        do {                                                            \
+                int _r_ = (expr);                                       \
+                if (_unlikely_(_r_ < 0))                                \
+                        log_assert_errno(#expr, -_r_, __FILE__, __LINE__, __PRETTY_FUNCTION__); \
+        } while (false)
+
+static JournalFile *test_open(const char *name) {
+        JournalFile *f;
+        assert_ret(journal_file_open(-1, name, O_RDWR|O_CREAT, 0644, true, false, NULL, NULL, NULL, NULL, &f));
+        return f;
+}
+
+static void test_close(JournalFile *f) {
+        (void) journal_file_close (f);
+}
+
+static void append_number(JournalFile *f, int n, uint64_t *seqnum) {
+        char *p;
+        dual_timestamp ts;
+        static dual_timestamp previous_ts = {};
+        struct iovec iovec[1];
+
+        dual_timestamp_get(&ts);
+
+        if (ts.monotonic <= previous_ts.monotonic)
+                ts.monotonic = previous_ts.monotonic + 1;
+
+        if (ts.realtime <= previous_ts.realtime)
+                ts.realtime = previous_ts.realtime + 1;
+
+        previous_ts = ts;
+
+        assert_se(asprintf(&p, "NUMBER=%d", n) >= 0);
+        iovec[0].iov_base = p;
+        iovec[0].iov_len = strlen(p);
+        assert_ret(journal_file_append_entry(f, &ts, iovec, 1, seqnum, NULL, NULL));
+        free(p);
+}
+
+static void test_check_number (sd_journal *j, int n) {
+        const void *d;
+        _cleanup_free_ char *k;
+        size_t l;
+        int x;
+
+        assert_ret(sd_journal_get_data(j, "NUMBER", &d, &l));
+        assert_se(k = strndup(d, l));
+        printf("%s\n", k);
+
+        assert_se(safe_atoi(k + 7, &x) >= 0);
+        assert_se(n == x);
+}
+
+static void test_check_numbers_down (sd_journal *j, int count) {
+        int i;
+
+        for (i = 1; i <= count; i++) {
+                int r;
+                test_check_number(j, i);
+                assert_ret(r = sd_journal_next(j));
+                if (i == count)
+                        assert_se(r == 0);
+                else
+                        assert_se(r == 1);
+        }
+
+}
+
+static void test_check_numbers_up (sd_journal *j, int count) {
+        for (int i = count; i >= 1; i--) {
+                int r;
+                test_check_number(j, i);
+                assert_ret(r = sd_journal_previous(j));
+                if (i == 1)
+                        assert_se(r == 0);
+                else
+                        assert_se(r == 1);
+        }
+
+}
+
+static void setup_sequential(void) {
+        JournalFile *one, *two;
+        one = test_open("one.journal");
+        two = test_open("two.journal");
+        append_number(one, 1, NULL);
+        append_number(one, 2, NULL);
+        append_number(two, 3, NULL);
+        append_number(two, 4, NULL);
+        test_close(one);
+        test_close(two);
+}
+
+static void setup_interleaved(void) {
+        JournalFile *one, *two;
+        one = test_open("one.journal");
+        two = test_open("two.journal");
+        append_number(one, 1, NULL);
+        append_number(two, 2, NULL);
+        append_number(one, 3, NULL);
+        append_number(two, 4, NULL);
+        test_close(one);
+        test_close(two);
+}
+
+static void test_skip(void (*setup)(void)) {
+        char t[] = "/tmp/journal-skip-XXXXXX";
+        sd_journal *j;
+        int r;
+
+        assert_se(mkdtemp(t));
+        assert_se(chdir(t) >= 0);
+
+        setup();
+
+        /* Seek to head, iterate down.
+         */
+        assert_ret(sd_journal_open_directory(&j, t, 0));
+        assert_ret(sd_journal_seek_head(j));
+        assert_ret(sd_journal_next(j));
+        test_check_numbers_down(j, 4);
+        sd_journal_close(j);
+
+        /* Seek to tail, iterate up.
+         */
+        assert_ret(sd_journal_open_directory(&j, t, 0));
+        assert_ret(sd_journal_seek_tail(j));
+        assert_ret(sd_journal_previous(j));
+        test_check_numbers_up(j, 4);
+        sd_journal_close(j);
+
+        /* Seek to tail, skip to head, iterate down.
+         */
+        assert_ret(sd_journal_open_directory(&j, t, 0));
+        assert_ret(sd_journal_seek_tail(j));
+        assert_ret(r = sd_journal_previous_skip(j, 4));
+        assert_se(r == 4);
+        test_check_numbers_down(j, 4);
+        sd_journal_close(j);
+
+        /* Seek to head, skip to tail, iterate up.
+         */
+        assert_ret(sd_journal_open_directory(&j, t, 0));
+        assert_ret(sd_journal_seek_head(j));
+        assert_ret(r = sd_journal_next_skip(j, 4));
+        assert_se(r == 4);
+        test_check_numbers_up(j, 4);
+        sd_journal_close(j);
+
+        log_info("Done...");
+
+        if (arg_keep)
+                log_info("Not removing %s", t);
+        else {
+                journal_directory_vacuum(".", 3000000, 0, 0, NULL, true);
+
+                assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
+        }
+
+        puts("------------------------------------------------------------");
+}
+
+static void test_sequence_numbers(void) {
+
+        char t[] = "/tmp/journal-seq-XXXXXX";
+        JournalFile *one, *two;
+        uint64_t seqnum = 0;
+        sd_id128_t seqnum_id;
+
+        assert_se(mkdtemp(t));
+        assert_se(chdir(t) >= 0);
+
+        assert_se(journal_file_open(-1, "one.journal", O_RDWR|O_CREAT, 0644,
+                                    true, false, NULL, NULL, NULL, NULL, &one) == 0);
+
+        append_number(one, 1, &seqnum);
+        printf("seqnum=%"PRIu64"\n", seqnum);
+        assert_se(seqnum == 1);
+        append_number(one, 2, &seqnum);
+        printf("seqnum=%"PRIu64"\n", seqnum);
+        assert_se(seqnum == 2);
+
+        assert_se(one->header->state == STATE_ONLINE);
+        assert_se(!sd_id128_equal(one->header->file_id, one->header->machine_id));
+        assert_se(!sd_id128_equal(one->header->file_id, one->header->boot_id));
+        assert_se(sd_id128_equal(one->header->file_id, one->header->seqnum_id));
+
+        memcpy(&seqnum_id, &one->header->seqnum_id, sizeof(sd_id128_t));
+
+        assert_se(journal_file_open(-1, "two.journal", O_RDWR|O_CREAT, 0644,
+                                    true, false, NULL, NULL, NULL, one, &two) == 0);
+
+        assert_se(two->header->state == STATE_ONLINE);
+        assert_se(!sd_id128_equal(two->header->file_id, one->header->file_id));
+        assert_se(sd_id128_equal(one->header->machine_id, one->header->machine_id));
+        assert_se(sd_id128_equal(one->header->boot_id, one->header->boot_id));
+        assert_se(sd_id128_equal(one->header->seqnum_id, one->header->seqnum_id));
+
+        append_number(two, 3, &seqnum);
+        printf("seqnum=%"PRIu64"\n", seqnum);
+        assert_se(seqnum == 3);
+        append_number(two, 4, &seqnum);
+        printf("seqnum=%"PRIu64"\n", seqnum);
+        assert_se(seqnum == 4);
+
+        test_close(two);
+
+        append_number(one, 5, &seqnum);
+        printf("seqnum=%"PRIu64"\n", seqnum);
+        assert_se(seqnum == 5);
+
+        append_number(one, 6, &seqnum);
+        printf("seqnum=%"PRIu64"\n", seqnum);
+        assert_se(seqnum == 6);
+
+        test_close(one);
+
+        /* restart server */
+        seqnum = 0;
+
+        assert_se(journal_file_open(-1, "two.journal", O_RDWR, 0,
+                                    true, false, NULL, NULL, NULL, NULL, &two) == 0);
+
+        assert_se(sd_id128_equal(two->header->seqnum_id, seqnum_id));
+
+        append_number(two, 7, &seqnum);
+        printf("seqnum=%"PRIu64"\n", seqnum);
+        assert_se(seqnum == 5);
+
+        /* So..., here we have the same seqnum in two files with the
+         * same seqnum_id. */
+
+        test_close(two);
+
+        log_info("Done...");
+
+        if (arg_keep)
+                log_info("Not removing %s", t);
+        else {
+                journal_directory_vacuum(".", 3000000, 0, 0, NULL, true);
+
+                assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
+        }
+}
+
+int main(int argc, char *argv[]) {
+        log_set_max_level(LOG_DEBUG);
+
+        /* journal_file_open requires a valid machine id */
+        if (access("/etc/machine-id", F_OK) != 0)
+                return EXIT_TEST_SKIP;
+
+        arg_keep = argc > 1;
+
+        test_skip(setup_sequential);
+        test_skip(setup_interleaved);
+
+        test_sequence_numbers();
+
+        return 0;
+}
diff --git a/src/grp-journal/libjournal-core/test-journal-match.c b/src/grp-journal/libjournal-core/test-journal-match.c
new file mode 100644
index 0000000000..5ee2adb827
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-journal-match.c
@@ -0,0 +1,76 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdio.h>
+
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "journal-internal.h"
+#include "log.h"
+#include "string-util.h"
+#include "util.h"
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_journal_closep) sd_journal*j = NULL;
+        _cleanup_free_ char *t;
+
+        log_set_max_level(LOG_DEBUG);
+
+        assert_se(sd_journal_open(&j, 0) >= 0);
+
+        assert_se(sd_journal_add_match(j, "foobar", 0) < 0);
+        assert_se(sd_journal_add_match(j, "foobar=waldo", 0) < 0);
+        assert_se(sd_journal_add_match(j, "", 0) < 0);
+        assert_se(sd_journal_add_match(j, "=", 0) < 0);
+        assert_se(sd_journal_add_match(j, "=xxxxx", 0) < 0);
+        assert_se(sd_journal_add_match(j, "HALLO=WALDO", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "QUUX=mmmm", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "QUUX=xxxxx", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "HALLO=", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "QUUX=xxxxx", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "QUUX=yyyyy", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "PIFF=paff", 0) >= 0);
+
+        assert_se(sd_journal_add_disjunction(j) >= 0);
+
+        assert_se(sd_journal_add_match(j, "ONE=one", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "ONE=two", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "TWO=two", 0) >= 0);
+
+        assert_se(sd_journal_add_conjunction(j) >= 0);
+
+        assert_se(sd_journal_add_match(j, "L4_1=yes", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "L4_1=ok", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "L4_2=yes", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "L4_2=ok", 0) >= 0);
+
+        assert_se(sd_journal_add_disjunction(j) >= 0);
+
+        assert_se(sd_journal_add_match(j, "L3=yes", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "L3=ok", 0) >= 0);
+
+        assert_se(t = journal_make_match_string(j));
+
+        printf("resulting match expression is: %s\n", t);
+
+        assert_se(streq(t, "(((L3=ok OR L3=yes) OR ((L4_2=ok OR L4_2=yes) AND (L4_1=ok OR L4_1=yes))) AND ((TWO=two AND (ONE=two OR ONE=one)) OR (PIFF=paff AND (QUUX=yyyyy OR QUUX=xxxxx OR QUUX=mmmm) AND (HALLO= OR HALLO=WALDO))))"));
+
+        return 0;
+}
diff --git a/src/grp-journal/libjournal-core/test-journal-send.c b/src/grp-journal/libjournal-core/test-journal-send.c
new file mode 100644
index 0000000000..169082f9a4
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-journal-send.c
@@ -0,0 +1,102 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <systemd/sd-journal.h>
+
+#include "macro.h"
+
+int main(int argc, char *argv[]) {
+        char huge[4096*1024];
+
+        /* utf-8 and non-utf-8, message-less and message-ful iovecs */
+        struct iovec graph1[] = {
+                {(char*) "GRAPH=graph", strlen("GRAPH=graph")}
+        };
+        struct iovec graph2[] = {
+                {(char*) "GRAPH=graph\n", strlen("GRAPH=graph\n")}
+        };
+        struct iovec message1[] = {
+                {(char*) "MESSAGE=graph", strlen("MESSAGE=graph")}
+        };
+        struct iovec message2[] = {
+                {(char*) "MESSAGE=graph\n", strlen("MESSAGE=graph\n")}
+        };
+
+        assert_se(sd_journal_print(LOG_INFO, "piepapo") == 0);
+
+        assert_se(sd_journal_send("MESSAGE=foobar",
+                                  "VALUE=%i", 7,
+                                  NULL) == 0);
+
+        errno = ENOENT;
+        assert_se(sd_journal_perror("Foobar") == 0);
+
+        assert_se(sd_journal_perror("") == 0);
+
+        memset(huge, 'x', sizeof(huge));
+        memcpy(huge, "HUGE=", 5);
+        char_array_0(huge);
+
+        assert_se(sd_journal_send("MESSAGE=Huge field attached",
+                                  huge,
+                                  NULL) == 0);
+
+        assert_se(sd_journal_send("MESSAGE=uiui",
+                                  "VALUE=A",
+                                  "VALUE=B",
+                                  "VALUE=C",
+                                  "SINGLETON=1",
+                                  "OTHERVALUE=X",
+                                  "OTHERVALUE=Y",
+                                  "WITH_BINARY=this is a binary value \a",
+                                  NULL) == 0);
+
+        syslog(LOG_NOTICE, "Hello World!");
+
+        assert_se(sd_journal_print(LOG_NOTICE, "Hello World") == 0);
+
+        assert_se(sd_journal_send("MESSAGE=Hello World!",
+                                  "MESSAGE_ID=52fb62f99e2c49d89cfbf9d6de5e3555",
+                                  "PRIORITY=5",
+                                  "HOME=%s", getenv("HOME"),
+                                  "TERM=%s", getenv("TERM"),
+                                  "PAGE_SIZE=%li", sysconf(_SC_PAGESIZE),
+                                  "N_CPUS=%li", sysconf(_SC_NPROCESSORS_ONLN),
+                                  NULL) == 0);
+
+        assert_se(sd_journal_sendv(graph1, 1) == 0);
+        assert_se(sd_journal_sendv(graph2, 1) == 0);
+        assert_se(sd_journal_sendv(message1, 1) == 0);
+        assert_se(sd_journal_sendv(message2, 1) == 0);
+
+        /* test without location fields */
+#undef sd_journal_sendv
+        assert_se(sd_journal_sendv(graph1, 1) == 0);
+        assert_se(sd_journal_sendv(graph2, 1) == 0);
+        assert_se(sd_journal_sendv(message1, 1) == 0);
+        assert_se(sd_journal_sendv(message2, 1) == 0);
+
+        sleep(1);
+
+        return 0;
+}
diff --git a/src/grp-journal/libjournal-core/test-journal-stream.c b/src/grp-journal/libjournal-core/test-journal-stream.c
new file mode 100644
index 0000000000..0a1da47861
--- /dev/null
+++ b/src/grp-journal/libjournal-core/test-journal-stream.c
@@ -0,0 +1,196 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "journal-file.h"
+#include "journal-internal.h"
+#include "log.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "rm-rf.h"
+#include "util.h"
+
+#define N_ENTRIES 200
+
+static void verify_contents(sd_journal *j, unsigned skip) {
+        unsigned i;
+
+        assert_se(j);
+
+        i = 0;
+        SD_JOURNAL_FOREACH(j) {
+                const void *d;
+                char *k, *c;
+                size_t l;
+                unsigned u = 0;
+
+                assert_se(sd_journal_get_cursor(j, &k) >= 0);
+                printf("cursor: %s\n", k);
+                free(k);
+
+                assert_se(sd_journal_get_data(j, "MAGIC", &d, &l) >= 0);
+                printf("\t%.*s\n", (int) l, (const char*) d);
+
+                assert_se(sd_journal_get_data(j, "NUMBER", &d, &l) >= 0);
+                assert_se(k = strndup(d, l));
+                printf("\t%s\n", k);
+
+                if (skip > 0) {
+                        assert_se(safe_atou(k + 7, &u) >= 0);
+                        assert_se(i == u);
+                        i += skip;
+                }
+
+                free(k);
+
+                assert_se(sd_journal_get_cursor(j, &c) >= 0);
+                assert_se(sd_journal_test_cursor(j, c) > 0);
+                free(c);
+        }
+
+        if (skip > 0)
+                assert_se(i == N_ENTRIES);
+}
+
+int main(int argc, char *argv[]) {
+        JournalFile *one, *two, *three;
+        char t[] = "/tmp/journal-stream-XXXXXX";
+        unsigned i;
+        _cleanup_(sd_journal_closep) sd_journal *j = NULL;
+        char *z;
+        const void *data;
+        size_t l;
+        dual_timestamp previous_ts = DUAL_TIMESTAMP_NULL;
+
+        /* journal_file_open requires a valid machine id */
+        if (access("/etc/machine-id", F_OK) != 0)
+                return EXIT_TEST_SKIP;
+
+        log_set_max_level(LOG_DEBUG);
+
+        assert_se(mkdtemp(t));
+        assert_se(chdir(t) >= 0);
+
+        assert_se(journal_file_open(-1, "one.journal", O_RDWR|O_CREAT, 0666, true, false, NULL, NULL, NULL, NULL, &one) == 0);
+        assert_se(journal_file_open(-1, "two.journal", O_RDWR|O_CREAT, 0666, true, false, NULL, NULL, NULL, NULL, &two) == 0);
+        assert_se(journal_file_open(-1, "three.journal", O_RDWR|O_CREAT, 0666, true, false, NULL, NULL, NULL, NULL, &three) == 0);
+
+        for (i = 0; i < N_ENTRIES; i++) {
+                char *p, *q;
+                dual_timestamp ts;
+                struct iovec iovec[2];
+
+                dual_timestamp_get(&ts);
+
+                if (ts.monotonic <= previous_ts.monotonic)
+                        ts.monotonic = previous_ts.monotonic + 1;
+
+                if (ts.realtime <= previous_ts.realtime)
+                        ts.realtime = previous_ts.realtime + 1;
+
+                previous_ts = ts;
+
+                assert_se(asprintf(&p, "NUMBER=%u", i) >= 0);
+                iovec[0].iov_base = p;
+                iovec[0].iov_len = strlen(p);
+
+                assert_se(asprintf(&q, "MAGIC=%s", i % 5 == 0 ? "quux" : "waldo") >= 0);
+
+                iovec[1].iov_base = q;
+                iovec[1].iov_len = strlen(q);
+
+                if (i % 10 == 0)
+                        assert_se(journal_file_append_entry(three, &ts, iovec, 2, NULL, NULL, NULL) == 0);
+                else {
+                        if (i % 3 == 0)
+                                assert_se(journal_file_append_entry(two, &ts, iovec, 2, NULL, NULL, NULL) == 0);
+
+                        assert_se(journal_file_append_entry(one, &ts, iovec, 2, NULL, NULL, NULL) == 0);
+                }
+
+                free(p);
+                free(q);
+        }
+
+        (void) journal_file_close(one);
+        (void) journal_file_close(two);
+        (void) journal_file_close(three);
+
+        assert_se(sd_journal_open_directory(&j, t, 0) >= 0);
+
+        assert_se(sd_journal_add_match(j, "MAGIC=quux", 0) >= 0);
+        SD_JOURNAL_FOREACH_BACKWARDS(j) {
+                _cleanup_free_ char *c;
+
+                assert_se(sd_journal_get_data(j, "NUMBER", &data, &l) >= 0);
+                printf("\t%.*s\n", (int) l, (const char*) data);
+
+                assert_se(sd_journal_get_cursor(j, &c) >= 0);
+                assert_se(sd_journal_test_cursor(j, c) > 0);
+        }
+
+        SD_JOURNAL_FOREACH(j) {
+                _cleanup_free_ char *c;
+
+                assert_se(sd_journal_get_data(j, "NUMBER", &data, &l) >= 0);
+                printf("\t%.*s\n", (int) l, (const char*) data);
+
+                assert_se(sd_journal_get_cursor(j, &c) >= 0);
+                assert_se(sd_journal_test_cursor(j, c) > 0);
+        }
+
+        sd_journal_flush_matches(j);
+
+        verify_contents(j, 1);
+
+        printf("NEXT TEST\n");
+        assert_se(sd_journal_add_match(j, "MAGIC=quux", 0) >= 0);
+
+        assert_se(z = journal_make_match_string(j));
+        printf("resulting match expression is: %s\n", z);
+        free(z);
+
+        verify_contents(j, 5);
+
+        printf("NEXT TEST\n");
+        sd_journal_flush_matches(j);
+        assert_se(sd_journal_add_match(j, "MAGIC=waldo", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "NUMBER=10", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "NUMBER=11", 0) >= 0);
+        assert_se(sd_journal_add_match(j, "NUMBER=12", 0) >= 0);
+
+        assert_se(z = journal_make_match_string(j));
+        printf("resulting match expression is: %s\n", z);
+        free(z);
+
+        verify_contents(j, 0);
+
+        assert_se(sd_journal_query_unique(j, "NUMBER") >= 0);
+        SD_JOURNAL_FOREACH_UNIQUE(j, data, l)
+                printf("%.*s\n", (int) l, (const char*) data);
+
+        assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
+
+        return 0;
+}
diff --git a/src/journal/test-journal-syslog.c b/src/grp-journal/libjournal-core/test-journal-syslog.c
index 4ff7f3ec2e..4ff7f3ec2e 100644
--- a/src/journal/test-journal-syslog.c
+++ b/src/grp-journal/libjournal-core/test-journal-syslog.c
diff --git a/src/journal/test-journal-verify.c b/src/grp-journal/libjournal-core/test-journal-verify.c
index 3d2312fc55..3d2312fc55 100644
--- a/src/journal/test-journal-verify.c
+++ b/src/grp-journal/libjournal-core/test-journal-verify.c
diff --git a/src/journal/test-journal.c b/src/grp-journal/libjournal-core/test-journal.c
index 2543d64b5b..2543d64b5b 100644
--- a/src/journal/test-journal.c
+++ b/src/grp-journal/libjournal-core/test-journal.c
diff --git a/src/journal/test-mmap-cache.c b/src/grp-journal/libjournal-core/test-mmap-cache.c
index 009aabf55e..009aabf55e 100644
--- a/src/journal/test-mmap-cache.c
+++ b/src/grp-journal/libjournal-core/test-mmap-cache.c
diff --git a/src/grp-journal/systemd-journald/Makefile b/src/grp-journal/systemd-journald/Makefile
new file mode 100644
index 0000000000..755e2d2c36
--- /dev/null
+++ b/src/grp-journal/systemd-journald/Makefile
@@ -0,0 +1,94 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemd_journald_SOURCES = \
+	src/journal/journald.c \
+	src/journal/journald-server.h
+
+systemd_journald_LDADD = \
+	libjournal-core.la \
+	libshared.la
+
+systemd_cat_SOURCES = \
+	src/journal/cat.c
+
+systemd_cat_LDADD = \
+	libjournal-core.la
+
+
+rootlibexec_PROGRAMS += \
+	systemd-journald
+
+rootbin_PROGRAMS += \
+	journalctl
+
+bin_PROGRAMS += \
+	systemd-cat
+
+dist_systemunit_DATA += \
+	units/systemd-journald.socket \
+	units/systemd-journald-dev-log.socket \
+	units/systemd-journald-audit.socket
+
+nodist_systemunit_DATA += \
+	units/systemd-journald.service \
+	units/systemd-journal-flush.service \
+	units/systemd-journal-catalog-update.service
+
+dist_pkgsysconf_DATA += \
+	src/journal/journald.conf
+
+dist_catalog_DATA = \
+	catalog/systemd.bg.catalog \
+	catalog/systemd.be.catalog \
+	catalog/systemd.be@latin.catalog \
+	catalog/systemd.fr.catalog \
+	catalog/systemd.it.catalog \
+	catalog/systemd.pl.catalog \
+	catalog/systemd.pt_BR.catalog \
+	catalog/systemd.ru.catalog \
+	catalog/systemd.zh_CN.catalog \
+	catalog/systemd.zh_TW.catalog \
+	catalog/systemd.catalog
+
+SOCKETS_TARGET_WANTS += \
+	systemd-journald.socket \
+	systemd-journald-dev-log.socket \
+	systemd-journald-audit.socket
+
+SYSINIT_TARGET_WANTS += \
+	systemd-journald.service \
+	systemd-journal-flush.service \
+	systemd-journal-catalog-update.service
+
+EXTRA_DIST += \
+	units/systemd-journald.service.in \
+	units/systemd-journal-flush.service.in \
+	units/systemd-journal-catalog-update.service.in
+
+gperf_gperf_sources += \
+	src/journal/journald-gperf.gperf
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-journal/systemd-journald/journald.c b/src/grp-journal/systemd-journald/journald.c
new file mode 100644
index 0000000000..1afe44fa8e
--- /dev/null
+++ b/src/grp-journal/systemd-journald/journald.c
@@ -0,0 +1,120 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-messages.h>
+
+#include "formats-util.h"
+#include "journal-authenticate.h"
+#include "journald-kmsg.h"
+#include "journald-server.h"
+#include "journald-syslog.h"
+#include "sigbus.h"
+
+int main(int argc, char *argv[]) {
+        Server server;
+        int r;
+
+        if (argc > 1) {
+                log_error("This program does not take arguments.");
+                return EXIT_FAILURE;
+        }
+
+        log_set_target(LOG_TARGET_SAFE);
+        log_set_facility(LOG_SYSLOG);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        sigbus_install();
+
+        r = server_init(&server);
+        if (r < 0)
+                goto finish;
+
+        server_vacuum(&server, false, false);
+        server_flush_to_var(&server);
+        server_flush_dev_kmsg(&server);
+
+        log_debug("systemd-journald running as pid "PID_FMT, getpid());
+        server_driver_message(&server, SD_MESSAGE_JOURNAL_START,
+                              LOG_MESSAGE("Journal started"),
+                              NULL);
+
+        for (;;) {
+                usec_t t = USEC_INFINITY, n;
+
+                r = sd_event_get_state(server.event);
+                if (r < 0)
+                        goto finish;
+                if (r == SD_EVENT_FINISHED)
+                        break;
+
+                n = now(CLOCK_REALTIME);
+
+                if (server.max_retention_usec > 0 && server.oldest_file_usec > 0) {
+
+                        /* The retention time is reached, so let's vacuum! */
+                        if (server.oldest_file_usec + server.max_retention_usec < n) {
+                                log_info("Retention time reached.");
+                                server_rotate(&server);
+                                server_vacuum(&server, false, false);
+                                continue;
+                        }
+
+                        /* Calculate when to rotate the next time */
+                        t = server.oldest_file_usec + server.max_retention_usec - n;
+                }
+
+#ifdef HAVE_GCRYPT
+                if (server.system_journal) {
+                        usec_t u;
+
+                        if (journal_file_next_evolve_usec(server.system_journal, &u)) {
+                                if (n >= u)
+                                        t = 0;
+                                else
+                                        t = MIN(t, u - n);
+                        }
+                }
+#endif
+
+                r = sd_event_run(server.event, t);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to run event loop: %m");
+                        goto finish;
+                }
+
+                server_maybe_append_tags(&server);
+                server_maybe_warn_forward_syslog_missed(&server);
+        }
+
+        log_debug("systemd-journald stopped as pid "PID_FMT, getpid());
+        server_driver_message(&server, SD_MESSAGE_JOURNAL_STOP,
+                              LOG_MESSAGE("Journal stopped"),
+                              NULL);
+
+finish:
+        server_done(&server);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/locale/.gitignore b/src/grp-locale/.gitignore
index b1e0ba755e..b1e0ba755e 100644
--- a/src/locale/.gitignore
+++ b/src/grp-locale/.gitignore
diff --git a/src/grp-locale/Makefile b/src/grp-locale/Makefile
new file mode 100644
index 0000000000..b34c066ec2
--- /dev/null
+++ b/src/grp-locale/Makefile
@@ -0,0 +1,90 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_LOCALED),)
+systemd_localed_SOURCES = \
+	src/locale/localed.c
+
+systemd_localed_LDADD = \
+	libshared.la \
+	-ldl
+
+systemd_localed_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(XKBCOMMON_CFLAGS)
+
+nodist_systemunit_DATA += \
+	units/systemd-localed.service
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.locale1.busname
+
+rootlibexec_PROGRAMS += \
+	systemd-localed
+
+dist_dbuspolicy_DATA += \
+	src/locale/org.freedesktop.locale1.conf
+
+dist_dbussystemservice_DATA += \
+	src/locale/org.freedesktop.locale1.service
+
+polkitpolicy_files += \
+	src/locale/org.freedesktop.locale1.policy
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-localed.service dbus-org.freedesktop.locale1.service
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.locale1.busname
+
+dist_pkgdata_DATA = \
+	src/locale/kbd-model-map \
+	src/locale/language-fallback-map
+
+localectl_SOURCES = \
+	src/locale/localectl.c
+
+localectl_LDADD = \
+	libshared.la
+
+bin_PROGRAMS += \
+	localectl
+
+dist_bashcompletion_data += \
+	shell-completion/bash/localectl
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_localectl
+endif # ENABLE_LOCALED
+
+.PHONY: update-kbd-model-map
+
+polkitpolicy_in_files += \
+	src/locale/org.freedesktop.locale1.policy.in
+
+EXTRA_DIST += \
+	units/systemd-localed.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/locale/kbd-model-map b/src/grp-locale/kbd-model-map
index 8fa984f83b..8fa984f83b 100644
--- a/src/locale/kbd-model-map
+++ b/src/grp-locale/kbd-model-map
diff --git a/src/locale/language-fallback-map b/src/grp-locale/language-fallback-map
index d0b02a6b98..d0b02a6b98 100644
--- a/src/locale/language-fallback-map
+++ b/src/grp-locale/language-fallback-map
diff --git a/src/grp-locale/localectl.c b/src/grp-locale/localectl.c
new file mode 100644
index 0000000000..c1b0a56346
--- /dev/null
+++ b/src/grp-locale/localectl.c
@@ -0,0 +1,682 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+  Copyright 2013 Kay Sievers
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <ftw.h>
+#include <getopt.h>
+#include <locale.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-error.h"
+#include "bus-util.h"
+#include "def.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "locale-util.h"
+#include "pager.h"
+#include "set.h"
+#include "spawn-polkit-agent.h"
+#include "strv.h"
+#include "util.h"
+#include "virt.h"
+
+static bool arg_no_pager = false;
+static bool arg_ask_password = true;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static char *arg_host = NULL;
+static bool arg_convert = true;
+
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+        if (!arg_ask_password)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
+typedef struct StatusInfo {
+        char **locale;
+        char *vconsole_keymap;
+        char *vconsole_keymap_toggle;
+        char *x11_layout;
+        char *x11_model;
+        char *x11_variant;
+        char *x11_options;
+} StatusInfo;
+
+static void status_info_clear(StatusInfo *info) {
+        if (info) {
+                strv_free(info->locale);
+                free(info->vconsole_keymap);
+                free(info->vconsole_keymap_toggle);
+                free(info->x11_layout);
+                free(info->x11_model);
+                free(info->x11_variant);
+                free(info->x11_options);
+                zero(*info);
+        }
+}
+
+static void print_overridden_variables(void) {
+        int r;
+        char *variables[_VARIABLE_LC_MAX] = {};
+        LocaleVariable j;
+        bool print_warning = true;
+
+        if (detect_container() > 0 || arg_host)
+                return;
+
+        r = parse_env_file("/proc/cmdline", WHITESPACE,
+                           "locale.LANG",              &variables[VARIABLE_LANG],
+                           "locale.LANGUAGE",          &variables[VARIABLE_LANGUAGE],
+                           "locale.LC_CTYPE",          &variables[VARIABLE_LC_CTYPE],
+                           "locale.LC_NUMERIC",        &variables[VARIABLE_LC_NUMERIC],
+                           "locale.LC_TIME",           &variables[VARIABLE_LC_TIME],
+                           "locale.LC_COLLATE",        &variables[VARIABLE_LC_COLLATE],
+                           "locale.LC_MONETARY",       &variables[VARIABLE_LC_MONETARY],
+                           "locale.LC_MESSAGES",       &variables[VARIABLE_LC_MESSAGES],
+                           "locale.LC_PAPER",          &variables[VARIABLE_LC_PAPER],
+                           "locale.LC_NAME",           &variables[VARIABLE_LC_NAME],
+                           "locale.LC_ADDRESS",        &variables[VARIABLE_LC_ADDRESS],
+                           "locale.LC_TELEPHONE",      &variables[VARIABLE_LC_TELEPHONE],
+                           "locale.LC_MEASUREMENT",    &variables[VARIABLE_LC_MEASUREMENT],
+                           "locale.LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION],
+                           NULL);
+
+        if (r < 0 && r != -ENOENT) {
+                log_warning_errno(r, "Failed to read /proc/cmdline: %m");
+                goto finish;
+        }
+
+        for (j = 0; j < _VARIABLE_LC_MAX; j++)
+                if (variables[j]) {
+                        if (print_warning) {
+                                log_warning("Warning: Settings on kernel command line override system locale settings in /etc/locale.conf.\n"
+                                            "    Command Line: %s=%s", locale_variable_to_string(j), variables[j]);
+
+                                print_warning = false;
+                        } else
+                                log_warning("                  %s=%s", locale_variable_to_string(j), variables[j]);
+                }
+ finish:
+        for (j = 0; j < _VARIABLE_LC_MAX; j++)
+                free(variables[j]);
+}
+
+static void print_status_info(StatusInfo *i) {
+        assert(i);
+
+        if (strv_isempty(i->locale))
+                puts("   System Locale: n/a");
+        else {
+                char **j;
+
+                printf("   System Locale: %s\n", i->locale[0]);
+                STRV_FOREACH(j, i->locale + 1)
+                        printf("                  %s\n", *j);
+        }
+
+        printf("       VC Keymap: %s\n", strna(i->vconsole_keymap));
+        if (!isempty(i->vconsole_keymap_toggle))
+                printf("VC Toggle Keymap: %s\n", i->vconsole_keymap_toggle);
+
+        printf("      X11 Layout: %s\n", strna(i->x11_layout));
+        if (!isempty(i->x11_model))
+                printf("       X11 Model: %s\n", i->x11_model);
+        if (!isempty(i->x11_variant))
+                printf("     X11 Variant: %s\n", i->x11_variant);
+        if (!isempty(i->x11_options))
+                printf("     X11 Options: %s\n", i->x11_options);
+}
+
+static int show_status(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(status_info_clear) StatusInfo info = {};
+        static const struct bus_properties_map map[]  = {
+                { "VConsoleKeymap",       "s",  NULL, offsetof(StatusInfo, vconsole_keymap) },
+                { "VConsoleKeymap",       "s",  NULL, offsetof(StatusInfo, vconsole_keymap) },
+                { "VConsoleKeymapToggle", "s",  NULL, offsetof(StatusInfo, vconsole_keymap_toggle) },
+                { "X11Layout",            "s",  NULL, offsetof(StatusInfo, x11_layout) },
+                { "X11Model",             "s",  NULL, offsetof(StatusInfo, x11_model) },
+                { "X11Variant",           "s",  NULL, offsetof(StatusInfo, x11_variant) },
+                { "X11Options",           "s",  NULL, offsetof(StatusInfo, x11_options) },
+                { "Locale",               "as", NULL, offsetof(StatusInfo, locale) },
+                {}
+        };
+        int r;
+
+        assert(bus);
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.locale1",
+                                   "/org/freedesktop/locale1",
+                                   map,
+                                   &info);
+        if (r < 0)
+                return log_error_errno(r, "Could not get properties: %m");
+
+        print_overridden_variables();
+        print_status_info(&info);
+
+        return r;
+}
+
+static int set_locale(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(args);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.locale1",
+                        "/org/freedesktop/locale1",
+                        "org.freedesktop.locale1",
+                        "SetLocale");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_strv(m, args + 1);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(m, "b", arg_ask_password);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, m, 0, &error, NULL);
+        if (r < 0) {
+                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int list_locales(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_strv_free_ char **l = NULL;
+        int r;
+
+        assert(args);
+
+        r = get_locales(&l);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read list of locales: %m");
+
+        pager_open(arg_no_pager, false);
+        strv_print(l);
+
+        return 0;
+}
+
+static int set_vconsole_keymap(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *map, *toggle_map;
+        int r;
+
+        assert(bus);
+        assert(args);
+
+        if (n > 3) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        polkit_agent_open_if_enabled();
+
+        map = args[1];
+        toggle_map = n > 2 ? args[2] : "";
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.locale1",
+                        "/org/freedesktop/locale1",
+                        "org.freedesktop.locale1",
+                        "SetVConsoleKeyboard",
+                        &error,
+                        NULL,
+                        "ssbb", map, toggle_map, arg_convert, arg_ask_password);
+        if (r < 0)
+                log_error("Failed to set keymap: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static Set *keymaps = NULL;
+
+static int nftw_cb(
+                const char *fpath,
+                const struct stat *sb,
+                int tflag,
+                struct FTW *ftwbuf) {
+
+        char *p, *e;
+        int r;
+
+        if (tflag != FTW_F)
+                return 0;
+
+        if (!endswith(fpath, ".map") &&
+            !endswith(fpath, ".map.gz"))
+                return 0;
+
+        p = strdup(basename(fpath));
+        if (!p)
+                return log_oom();
+
+        e = endswith(p, ".map");
+        if (e)
+                *e = 0;
+
+        e = endswith(p, ".map.gz");
+        if (e)
+                *e = 0;
+
+        r = set_consume(keymaps, p);
+        if (r < 0 && r != -EEXIST)
+                return log_error_errno(r, "Can't add keymap: %m");
+
+        return 0;
+}
+
+static int list_vconsole_keymaps(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_strv_free_ char **l = NULL;
+        const char *dir;
+
+        keymaps = set_new(&string_hash_ops);
+        if (!keymaps)
+                return log_oom();
+
+        NULSTR_FOREACH(dir, KBD_KEYMAP_DIRS)
+                nftw(dir, nftw_cb, 20, FTW_MOUNT|FTW_PHYS);
+
+        l = set_get_strv(keymaps);
+        if (!l) {
+                set_free_free(keymaps);
+                return log_oom();
+        }
+
+        set_free(keymaps);
+
+        if (strv_isempty(l)) {
+                log_error("Couldn't find any console keymaps.");
+                return -ENOENT;
+        }
+
+        strv_sort(l);
+
+        pager_open(arg_no_pager, false);
+
+        strv_print(l);
+
+        return 0;
+}
+
+static int set_x11_keymap(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *layout, *model, *variant, *options;
+        int r;
+
+        assert(bus);
+        assert(args);
+
+        if (n > 5) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        polkit_agent_open_if_enabled();
+
+        layout = args[1];
+        model = n > 2 ? args[2] : "";
+        variant = n > 3 ? args[3] : "";
+        options = n > 4 ? args[4] : "";
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.locale1",
+                        "/org/freedesktop/locale1",
+                        "org.freedesktop.locale1",
+                        "SetX11Keyboard",
+                        &error,
+                        NULL,
+                        "ssssbb", layout, model, variant, options,
+                                  arg_convert, arg_ask_password);
+        if (r < 0)
+                log_error("Failed to set keymap: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static int list_x11_keymaps(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_strv_free_ char **list = NULL;
+        char line[LINE_MAX];
+        enum {
+                NONE,
+                MODELS,
+                LAYOUTS,
+                VARIANTS,
+                OPTIONS
+        } state = NONE, look_for;
+        int r;
+
+        if (n > 2) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        f = fopen("/usr/share/X11/xkb/rules/base.lst", "re");
+        if (!f)
+                return log_error_errno(errno, "Failed to open keyboard mapping list. %m");
+
+        if (streq(args[0], "list-x11-keymap-models"))
+                look_for = MODELS;
+        else if (streq(args[0], "list-x11-keymap-layouts"))
+                look_for = LAYOUTS;
+        else if (streq(args[0], "list-x11-keymap-variants"))
+                look_for = VARIANTS;
+        else if (streq(args[0], "list-x11-keymap-options"))
+                look_for = OPTIONS;
+        else
+                assert_not_reached("Wrong parameter");
+
+        FOREACH_LINE(line, f, break) {
+                char *l, *w;
+
+                l = strstrip(line);
+
+                if (isempty(l))
+                        continue;
+
+                if (l[0] == '!') {
+                        if (startswith(l, "! model"))
+                                state = MODELS;
+                        else if (startswith(l, "! layout"))
+                                state = LAYOUTS;
+                        else if (startswith(l, "! variant"))
+                                state = VARIANTS;
+                        else if (startswith(l, "! option"))
+                                state = OPTIONS;
+                        else
+                                state = NONE;
+
+                        continue;
+                }
+
+                if (state != look_for)
+                        continue;
+
+                w = l + strcspn(l, WHITESPACE);
+
+                if (n > 1) {
+                        char *e;
+
+                        if (*w == 0)
+                                continue;
+
+                        *w = 0;
+                        w++;
+                        w += strspn(w, WHITESPACE);
+
+                        e = strchr(w, ':');
+                        if (!e)
+                                continue;
+
+                        *e = 0;
+
+                        if (!streq(w, args[1]))
+                                continue;
+                } else
+                        *w = 0;
+
+                r = strv_extend(&list, l);
+                if (r < 0)
+                        return log_oom();
+        }
+
+        if (strv_isempty(list)) {
+                log_error("Couldn't find any entries.");
+                return -ENOENT;
+        }
+
+        strv_sort(list);
+        strv_uniq(list);
+
+        pager_open(arg_no_pager, false);
+
+        strv_print(list);
+        return 0;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] COMMAND ...\n\n"
+               "Query or change system locale and keyboard settings.\n\n"
+               "  -h --help                Show this help\n"
+               "     --version             Show package version\n"
+               "     --no-pager            Do not pipe output into a pager\n"
+               "     --no-ask-password     Do not prompt for password\n"
+               "  -H --host=[USER@]HOST    Operate on remote host\n"
+               "  -M --machine=CONTAINER   Operate on local container\n"
+               "     --no-convert          Don't convert keyboard mappings\n\n"
+               "Commands:\n"
+               "  status                   Show current locale settings\n"
+               "  set-locale LOCALE...     Set system locale\n"
+               "  list-locales             Show known locales\n"
+               "  set-keymap MAP [MAP]     Set console and X11 keyboard mappings\n"
+               "  list-keymaps             Show known virtual console keyboard mappings\n"
+               "  set-x11-keymap LAYOUT [MODEL [VARIANT [OPTIONS]]]\n"
+               "                           Set X11 and console keyboard mappings\n"
+               "  list-x11-keymap-models   Show known X11 keyboard mapping models\n"
+               "  list-x11-keymap-layouts  Show known X11 keyboard mapping layouts\n"
+               "  list-x11-keymap-variants [LAYOUT]\n"
+               "                           Show known X11 keyboard mapping variants\n"
+               "  list-x11-keymap-options  Show known X11 keyboard mapping options\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_PAGER,
+                ARG_NO_CONVERT,
+                ARG_NO_ASK_PASSWORD
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'                 },
+                { "version",         no_argument,       NULL, ARG_VERSION         },
+                { "no-pager",        no_argument,       NULL, ARG_NO_PAGER        },
+                { "host",            required_argument, NULL, 'H'                 },
+                { "machine",         required_argument, NULL, 'M'                 },
+                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
+                { "no-convert",      no_argument,       NULL, ARG_NO_CONVERT      },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_NO_CONVERT:
+                        arg_convert = false;
+                        break;
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int localectl_main(sd_bus *bus, int argc, char *argv[]) {
+
+        static const struct {
+                const char* verb;
+                const enum {
+                        MORE,
+                        LESS,
+                        EQUAL
+                } argc_cmp;
+                const int argc;
+                int (* const dispatch)(sd_bus *bus, char **args, unsigned n);
+        } verbs[] = {
+                { "status",                   LESS,   1, show_status           },
+                { "set-locale",               MORE,   2, set_locale            },
+                { "list-locales",             EQUAL,  1, list_locales          },
+                { "set-keymap",               MORE,   2, set_vconsole_keymap   },
+                { "list-keymaps",             EQUAL,  1, list_vconsole_keymaps },
+                { "set-x11-keymap",           MORE,   2, set_x11_keymap        },
+                { "list-x11-keymap-models",   EQUAL,  1, list_x11_keymaps      },
+                { "list-x11-keymap-layouts",  EQUAL,  1, list_x11_keymaps      },
+                { "list-x11-keymap-variants", LESS,   2, list_x11_keymaps      },
+                { "list-x11-keymap-options",  EQUAL,  1, list_x11_keymaps      },
+        };
+
+        int left;
+        unsigned i;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        left = argc - optind;
+
+        if (left <= 0)
+                /* Special rule: no arguments means "status" */
+                i = 0;
+        else {
+                if (streq(argv[optind], "help")) {
+                        help();
+                        return 0;
+                }
+
+                for (i = 0; i < ELEMENTSOF(verbs); i++)
+                        if (streq(argv[optind], verbs[i].verb))
+                                break;
+
+                if (i >= ELEMENTSOF(verbs)) {
+                        log_error("Unknown operation %s", argv[optind]);
+                        return -EINVAL;
+                }
+        }
+
+        switch (verbs[i].argc_cmp) {
+
+        case EQUAL:
+                if (left != verbs[i].argc) {
+                        log_error("Invalid number of arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        case MORE:
+                if (left < verbs[i].argc) {
+                        log_error("Too few arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        case LESS:
+                if (left > verbs[i].argc) {
+                        log_error("Too many arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        default:
+                assert_not_reached("Unknown comparison operator.");
+        }
+
+        return verbs[i].dispatch(bus, argv + optind, left);
+}
+
+int main(int argc, char*argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create bus connection: %m");
+                goto finish;
+        }
+
+        r = localectl_main(bus, argc, argv);
+
+finish:
+        pager_close();
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-locale/localed.c b/src/grp-locale/localed.c
new file mode 100644
index 0000000000..7b4cbadfd0
--- /dev/null
+++ b/src/grp-locale/localed.c
@@ -0,0 +1,1389 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+  Copyright 2013 Kay Sievers
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifdef HAVE_XKBCOMMON
+#include <xkbcommon/xkbcommon.h>
+#include <dlfcn.h>
+#endif
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "def.h"
+#include "env-util.h"
+#include "fd-util.h"
+#include "fileio-label.h"
+#include "fileio.h"
+#include "locale-util.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "selinux-util.h"
+#include "strv.h"
+#include "user-util.h"
+#include "util.h"
+
+enum {
+        /* We don't list LC_ALL here on purpose. People should be
+         * using LANG instead. */
+        LOCALE_LANG,
+        LOCALE_LANGUAGE,
+        LOCALE_LC_CTYPE,
+        LOCALE_LC_NUMERIC,
+        LOCALE_LC_TIME,
+        LOCALE_LC_COLLATE,
+        LOCALE_LC_MONETARY,
+        LOCALE_LC_MESSAGES,
+        LOCALE_LC_PAPER,
+        LOCALE_LC_NAME,
+        LOCALE_LC_ADDRESS,
+        LOCALE_LC_TELEPHONE,
+        LOCALE_LC_MEASUREMENT,
+        LOCALE_LC_IDENTIFICATION,
+        _LOCALE_MAX
+};
+
+static const char * const names[_LOCALE_MAX] = {
+        [LOCALE_LANG] = "LANG",
+        [LOCALE_LANGUAGE] = "LANGUAGE",
+        [LOCALE_LC_CTYPE] = "LC_CTYPE",
+        [LOCALE_LC_NUMERIC] = "LC_NUMERIC",
+        [LOCALE_LC_TIME] = "LC_TIME",
+        [LOCALE_LC_COLLATE] = "LC_COLLATE",
+        [LOCALE_LC_MONETARY] = "LC_MONETARY",
+        [LOCALE_LC_MESSAGES] = "LC_MESSAGES",
+        [LOCALE_LC_PAPER] = "LC_PAPER",
+        [LOCALE_LC_NAME] = "LC_NAME",
+        [LOCALE_LC_ADDRESS] = "LC_ADDRESS",
+        [LOCALE_LC_TELEPHONE] = "LC_TELEPHONE",
+        [LOCALE_LC_MEASUREMENT] = "LC_MEASUREMENT",
+        [LOCALE_LC_IDENTIFICATION] = "LC_IDENTIFICATION"
+};
+
+typedef struct Context {
+        char *locale[_LOCALE_MAX];
+
+        char *x11_layout;
+        char *x11_model;
+        char *x11_variant;
+        char *x11_options;
+
+        char *vc_keymap;
+        char *vc_keymap_toggle;
+
+        Hashmap *polkit_registry;
+} Context;
+
+static const char* nonempty(const char *s) {
+        return isempty(s) ? NULL : s;
+}
+
+static bool startswith_comma(const char *s, const char *prefix) {
+        const char *t;
+
+        return s && (t = startswith(s, prefix)) && (*t == ',');
+}
+
+static void context_free_x11(Context *c) {
+        c->x11_layout = mfree(c->x11_layout);
+        c->x11_options = mfree(c->x11_options);
+        c->x11_model = mfree(c->x11_model);
+        c->x11_variant = mfree(c->x11_variant);
+}
+
+static void context_free_vconsole(Context *c) {
+        c->vc_keymap = mfree(c->vc_keymap);
+        c->vc_keymap_toggle = mfree(c->vc_keymap_toggle);
+}
+
+static void context_free_locale(Context *c) {
+        int p;
+
+        for (p = 0; p < _LOCALE_MAX; p++)
+                c->locale[p] = mfree(c->locale[p]);
+}
+
+static void context_free(Context *c) {
+        context_free_locale(c);
+        context_free_x11(c);
+        context_free_vconsole(c);
+
+        bus_verify_polkit_async_registry_free(c->polkit_registry);
+};
+
+static void locale_simplify(Context *c) {
+        int p;
+
+        for (p = LOCALE_LANG+1; p < _LOCALE_MAX; p++)
+                if (isempty(c->locale[p]) || streq_ptr(c->locale[LOCALE_LANG], c->locale[p]))
+                        c->locale[p] = mfree(c->locale[p]);
+}
+
+static int locale_read_data(Context *c) {
+        int r;
+
+        context_free_locale(c);
+
+        r = parse_env_file("/etc/locale.conf", NEWLINE,
+                           "LANG",              &c->locale[LOCALE_LANG],
+                           "LANGUAGE",          &c->locale[LOCALE_LANGUAGE],
+                           "LC_CTYPE",          &c->locale[LOCALE_LC_CTYPE],
+                           "LC_NUMERIC",        &c->locale[LOCALE_LC_NUMERIC],
+                           "LC_TIME",           &c->locale[LOCALE_LC_TIME],
+                           "LC_COLLATE",        &c->locale[LOCALE_LC_COLLATE],
+                           "LC_MONETARY",       &c->locale[LOCALE_LC_MONETARY],
+                           "LC_MESSAGES",       &c->locale[LOCALE_LC_MESSAGES],
+                           "LC_PAPER",          &c->locale[LOCALE_LC_PAPER],
+                           "LC_NAME",           &c->locale[LOCALE_LC_NAME],
+                           "LC_ADDRESS",        &c->locale[LOCALE_LC_ADDRESS],
+                           "LC_TELEPHONE",      &c->locale[LOCALE_LC_TELEPHONE],
+                           "LC_MEASUREMENT",    &c->locale[LOCALE_LC_MEASUREMENT],
+                           "LC_IDENTIFICATION", &c->locale[LOCALE_LC_IDENTIFICATION],
+                           NULL);
+
+        if (r == -ENOENT) {
+                int p;
+
+                /* Fill in what we got passed from systemd. */
+                for (p = 0; p < _LOCALE_MAX; p++) {
+                        assert(names[p]);
+
+                        r = free_and_strdup(&c->locale[p],
+                                            nonempty(getenv(names[p])));
+                        if (r < 0)
+                                return r;
+                }
+
+                r = 0;
+        }
+
+        locale_simplify(c);
+        return r;
+}
+
+static int vconsole_read_data(Context *c) {
+        int r;
+
+        context_free_vconsole(c);
+
+        r = parse_env_file("/etc/vconsole.conf", NEWLINE,
+                           "KEYMAP",        &c->vc_keymap,
+                           "KEYMAP_TOGGLE", &c->vc_keymap_toggle,
+                           NULL);
+
+        if (r < 0 && r != -ENOENT)
+                return r;
+
+        return 0;
+}
+
+static int x11_read_data(Context *c) {
+        _cleanup_fclose_ FILE *f;
+        char line[LINE_MAX];
+        bool in_section = false;
+        int r;
+
+        context_free_x11(c);
+
+        f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re");
+        if (!f)
+                return errno == ENOENT ? 0 : -errno;
+
+        while (fgets(line, sizeof(line), f)) {
+                char *l;
+
+                char_array_0(line);
+                l = strstrip(line);
+
+                if (l[0] == 0 || l[0] == '#')
+                        continue;
+
+                if (in_section && first_word(l, "Option")) {
+                        _cleanup_strv_free_ char **a = NULL;
+
+                        r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
+                        if (r < 0)
+                                return r;
+
+                        if (strv_length(a) == 3) {
+                                char **p = NULL;
+
+                                if (streq(a[1], "XkbLayout"))
+                                        p = &c->x11_layout;
+                                else if (streq(a[1], "XkbModel"))
+                                        p = &c->x11_model;
+                                else if (streq(a[1], "XkbVariant"))
+                                        p = &c->x11_variant;
+                                else if (streq(a[1], "XkbOptions"))
+                                        p = &c->x11_options;
+
+                                if (p) {
+                                        free(*p);
+                                        *p = a[2];
+                                        a[2] = NULL;
+                                }
+                        }
+
+                } else if (!in_section && first_word(l, "Section")) {
+                        _cleanup_strv_free_ char **a = NULL;
+
+                        r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
+                        if (r < 0)
+                                return -ENOMEM;
+
+                        if (strv_length(a) == 2 && streq(a[1], "InputClass"))
+                                in_section = true;
+
+                } else if (in_section && first_word(l, "EndSection"))
+                        in_section = false;
+        }
+
+        return 0;
+}
+
+static int context_read_data(Context *c) {
+        int r, q, p;
+
+        r = locale_read_data(c);
+        q = vconsole_read_data(c);
+        p = x11_read_data(c);
+
+        return r < 0 ? r : q < 0 ? q : p;
+}
+
+static int locale_write_data(Context *c, char ***settings) {
+        int r, p;
+        _cleanup_strv_free_ char **l = NULL;
+
+        /* Set values will be returned as strv in *settings on success. */
+
+        r = load_env_file(NULL, "/etc/locale.conf", NULL, &l);
+        if (r < 0 && r != -ENOENT)
+                return r;
+
+        for (p = 0; p < _LOCALE_MAX; p++) {
+                _cleanup_free_ char *t = NULL;
+                char **u;
+
+                assert(names[p]);
+
+                if (isempty(c->locale[p])) {
+                        l = strv_env_unset(l, names[p]);
+                        continue;
+                }
+
+                if (asprintf(&t, "%s=%s", names[p], c->locale[p]) < 0)
+                        return -ENOMEM;
+
+                u = strv_env_set(l, t);
+                if (!u)
+                        return -ENOMEM;
+
+                strv_free(l);
+                l = u;
+        }
+
+        if (strv_isempty(l)) {
+                if (unlink("/etc/locale.conf") < 0)
+                        return errno == ENOENT ? 0 : -errno;
+
+                return 0;
+        }
+
+        r = write_env_file_label("/etc/locale.conf", l);
+        if (r < 0)
+                return r;
+
+        *settings = l;
+        l = NULL;
+        return 0;
+}
+
+static int locale_update_system_manager(Context *c, sd_bus *bus) {
+        _cleanup_free_ char **l_unset = NULL;
+        _cleanup_strv_free_ char **l_set = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        sd_bus_error error = SD_BUS_ERROR_NULL;
+        unsigned c_set, c_unset, p;
+        int r;
+
+        assert(bus);
+
+        l_unset = new0(char*, _LOCALE_MAX);
+        if (!l_unset)
+                return -ENOMEM;
+
+        l_set = new0(char*, _LOCALE_MAX);
+        if (!l_set)
+                return -ENOMEM;
+
+        for (p = 0, c_set = 0, c_unset = 0; p < _LOCALE_MAX; p++) {
+                assert(names[p]);
+
+                if (isempty(c->locale[p]))
+                        l_unset[c_set++] = (char*) names[p];
+                else {
+                        char *s;
+
+                        if (asprintf(&s, "%s=%s", names[p], c->locale[p]) < 0)
+                                return -ENOMEM;
+
+                        l_set[c_unset++] = s;
+                }
+        }
+
+        assert(c_set + c_unset == _LOCALE_MAX);
+        r = sd_bus_message_new_method_call(bus, &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "UnsetAndSetEnvironment");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append_strv(m, l_unset);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append_strv(m, l_set);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call(bus, m, 0, &error, NULL);
+        if (r < 0)
+                log_error_errno(r, "Failed to update the manager environment: %m");
+
+        return 0;
+}
+
+static int vconsole_write_data(Context *c) {
+        int r;
+        _cleanup_strv_free_ char **l = NULL;
+
+        r = load_env_file(NULL, "/etc/vconsole.conf", NULL, &l);
+        if (r < 0 && r != -ENOENT)
+                return r;
+
+        if (isempty(c->vc_keymap))
+                l = strv_env_unset(l, "KEYMAP");
+        else {
+                _cleanup_free_ char *s = NULL;
+                char **u;
+
+                s = strappend("KEYMAP=", c->vc_keymap);
+                if (!s)
+                        return -ENOMEM;
+
+                u = strv_env_set(l, s);
+                if (!u)
+                        return -ENOMEM;
+
+                strv_free(l);
+                l = u;
+        }
+
+        if (isempty(c->vc_keymap_toggle))
+                l = strv_env_unset(l, "KEYMAP_TOGGLE");
+        else  {
+                _cleanup_free_ char *s = NULL;
+                char **u;
+
+                s = strappend("KEYMAP_TOGGLE=", c->vc_keymap_toggle);
+                if (!s)
+                        return -ENOMEM;
+
+                u = strv_env_set(l, s);
+                if (!u)
+                        return -ENOMEM;
+
+                strv_free(l);
+                l = u;
+        }
+
+        if (strv_isempty(l)) {
+                if (unlink("/etc/vconsole.conf") < 0)
+                        return errno == ENOENT ? 0 : -errno;
+
+                return 0;
+        }
+
+        return write_env_file_label("/etc/vconsole.conf", l);
+}
+
+static int x11_write_data(Context *c) {
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_free_ char *temp_path = NULL;
+        int r;
+
+        if (isempty(c->x11_layout) &&
+            isempty(c->x11_model) &&
+            isempty(c->x11_variant) &&
+            isempty(c->x11_options)) {
+
+                if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
+                        return errno == ENOENT ? 0 : -errno;
+
+                return 0;
+        }
+
+        mkdir_p_label("/etc/X11/xorg.conf.d", 0755);
+
+        r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
+        if (r < 0)
+                return r;
+
+        fchmod(fileno(f), 0644);
+
+        fputs("# Read and parsed by systemd-localed. It's probably wise not to edit this file\n"
+              "# manually too freely.\n"
+              "Section \"InputClass\"\n"
+              "        Identifier \"system-keyboard\"\n"
+              "        MatchIsKeyboard \"on\"\n", f);
+
+        if (!isempty(c->x11_layout))
+                fprintf(f, "        Option \"XkbLayout\" \"%s\"\n", c->x11_layout);
+
+        if (!isempty(c->x11_model))
+                fprintf(f, "        Option \"XkbModel\" \"%s\"\n", c->x11_model);
+
+        if (!isempty(c->x11_variant))
+                fprintf(f, "        Option \"XkbVariant\" \"%s\"\n", c->x11_variant);
+
+        if (!isempty(c->x11_options))
+                fprintf(f, "        Option \"XkbOptions\" \"%s\"\n", c->x11_options);
+
+        fputs("EndSection\n", f);
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        (void) unlink("/etc/X11/xorg.conf.d/00-keyboard.conf");
+
+        if (temp_path)
+                (void) unlink(temp_path);
+
+        return r;
+}
+
+static int vconsole_reload(sd_bus *bus) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+
+        r = sd_bus_call_method(bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "RestartUnit",
+                        &error,
+                        NULL,
+                        "ss", "systemd-vconsole-setup.service", "replace");
+
+        if (r < 0)
+                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
+        return r;
+}
+
+static const char* strnulldash(const char *s) {
+        return isempty(s) || streq(s, "-") ? NULL : s;
+}
+
+static int read_next_mapping(const char* filename,
+                             unsigned min_fields, unsigned max_fields,
+                             FILE *f, unsigned *n, char ***a) {
+        assert(f);
+        assert(n);
+        assert(a);
+
+        for (;;) {
+                char line[LINE_MAX];
+                char *l, **b;
+                int r;
+                size_t length;
+
+                errno = 0;
+                if (!fgets(line, sizeof(line), f)) {
+
+                        if (ferror(f))
+                                return errno > 0 ? -errno : -EIO;
+
+                        return 0;
+                }
+
+                (*n)++;
+
+                l = strstrip(line);
+                if (l[0] == 0 || l[0] == '#')
+                        continue;
+
+                r = strv_split_extract(&b, l, WHITESPACE, EXTRACT_QUOTES);
+                if (r < 0)
+                        return r;
+
+                length = strv_length(b);
+                if (length < min_fields || length > max_fields) {
+                        log_error("Invalid line %s:%u, ignoring.", filename, *n);
+                        strv_free(b);
+                        continue;
+
+                }
+
+                *a = b;
+                return 1;
+        }
+}
+
+static int vconsole_convert_to_x11(Context *c, sd_bus *bus) {
+        bool modified = false;
+
+        assert(bus);
+
+        if (isempty(c->vc_keymap)) {
+
+                modified =
+                        !isempty(c->x11_layout) ||
+                        !isempty(c->x11_model) ||
+                        !isempty(c->x11_variant) ||
+                        !isempty(c->x11_options);
+
+                context_free_x11(c);
+        } else {
+                _cleanup_fclose_ FILE *f = NULL;
+                unsigned n = 0;
+
+                f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
+                if (!f)
+                        return -errno;
+
+                for (;;) {
+                        _cleanup_strv_free_ char **a = NULL;
+                        int r;
+
+                        r = read_next_mapping(SYSTEMD_KBD_MODEL_MAP, 5, UINT_MAX, f, &n, &a);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                break;
+
+                        if (!streq(c->vc_keymap, a[0]))
+                                continue;
+
+                        if (!streq_ptr(c->x11_layout, strnulldash(a[1])) ||
+                            !streq_ptr(c->x11_model, strnulldash(a[2])) ||
+                            !streq_ptr(c->x11_variant, strnulldash(a[3])) ||
+                            !streq_ptr(c->x11_options, strnulldash(a[4]))) {
+
+                                if (free_and_strdup(&c->x11_layout, strnulldash(a[1])) < 0 ||
+                                    free_and_strdup(&c->x11_model, strnulldash(a[2])) < 0 ||
+                                    free_and_strdup(&c->x11_variant, strnulldash(a[3])) < 0 ||
+                                    free_and_strdup(&c->x11_options, strnulldash(a[4])) < 0)
+                                        return -ENOMEM;
+
+                                modified = true;
+                        }
+
+                        break;
+                }
+        }
+
+        if (modified) {
+                int r;
+
+                r = x11_write_data(c);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set X11 keyboard layout: %m");
+
+                log_info("Changed X11 keyboard layout to '%s' model '%s' variant '%s' options '%s'",
+                         strempty(c->x11_layout),
+                         strempty(c->x11_model),
+                         strempty(c->x11_variant),
+                         strempty(c->x11_options));
+
+                sd_bus_emit_properties_changed(bus,
+                                "/org/freedesktop/locale1",
+                                "org.freedesktop.locale1",
+                                "X11Layout", "X11Model", "X11Variant", "X11Options", NULL);
+        } else
+                log_debug("X11 keyboard layout was not modified.");
+
+        return 0;
+}
+
+static int find_converted_keymap(const char *x11_layout, const char *x11_variant, char **new_keymap) {
+        const char *dir;
+        _cleanup_free_ char *n;
+
+        if (x11_variant)
+                n = strjoin(x11_layout, "-", x11_variant, NULL);
+        else
+                n = strdup(x11_layout);
+        if (!n)
+                return -ENOMEM;
+
+        NULSTR_FOREACH(dir, KBD_KEYMAP_DIRS) {
+                _cleanup_free_ char *p = NULL, *pz = NULL;
+                bool uncompressed;
+
+                p = strjoin(dir, "xkb/", n, ".map", NULL);
+                pz = strjoin(dir, "xkb/", n, ".map.gz", NULL);
+                if (!p || !pz)
+                        return -ENOMEM;
+
+                uncompressed = access(p, F_OK) == 0;
+                if (uncompressed || access(pz, F_OK) == 0) {
+                        log_debug("Found converted keymap %s at %s",
+                                  n, uncompressed ? p : pz);
+
+                        *new_keymap = n;
+                        n = NULL;
+                        return 1;
+                }
+        }
+
+        return 0;
+}
+
+static int find_legacy_keymap(Context *c, char **new_keymap) {
+        _cleanup_fclose_ FILE *f;
+        unsigned n = 0;
+        unsigned best_matching = 0;
+        int r;
+
+        f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
+        if (!f)
+                return -errno;
+
+        for (;;) {
+                _cleanup_strv_free_ char **a = NULL;
+                unsigned matching = 0;
+
+                r = read_next_mapping(SYSTEMD_KBD_MODEL_MAP, 5, UINT_MAX, f, &n, &a);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                /* Determine how well matching this entry is */
+                if (streq_ptr(c->x11_layout, a[1]))
+                        /* If we got an exact match, this is best */
+                        matching = 10;
+                else {
+                        /* We have multiple X layouts, look for an
+                         * entry that matches our key with everything
+                         * but the first layout stripped off. */
+                        if (startswith_comma(c->x11_layout, a[1]))
+                                matching = 5;
+                        else  {
+                                char *x;
+
+                                /* If that didn't work, strip off the
+                                 * other layouts from the entry, too */
+                                x = strndupa(a[1], strcspn(a[1], ","));
+                                if (startswith_comma(c->x11_layout, x))
+                                        matching = 1;
+                        }
+                }
+
+                if (matching > 0) {
+                        if (isempty(c->x11_model) || streq_ptr(c->x11_model, a[2])) {
+                                matching++;
+
+                                if (streq_ptr(c->x11_variant, a[3])) {
+                                        matching++;
+
+                                        if (streq_ptr(c->x11_options, a[4]))
+                                                matching++;
+                                }
+                        }
+                }
+
+                /* The best matching entry so far, then let's save that */
+                if (matching >= MAX(best_matching, 1u)) {
+                        log_debug("Found legacy keymap %s with score %u",
+                                  a[0], matching);
+
+                        if (matching > best_matching) {
+                                best_matching = matching;
+
+                                r = free_and_strdup(new_keymap, a[0]);
+                                if (r < 0)
+                                        return r;
+                        }
+                }
+        }
+
+        if (best_matching < 10 && c->x11_layout) {
+                /* The best match is only the first part of the X11
+                 * keymap. Check if we have a converted map which
+                 * matches just the first layout.
+                 */
+                char *l, *v = NULL, *converted;
+
+                l = strndupa(c->x11_layout, strcspn(c->x11_layout, ","));
+                if (c->x11_variant)
+                        v = strndupa(c->x11_variant, strcspn(c->x11_variant, ","));
+                r = find_converted_keymap(l, v, &converted);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        free(*new_keymap);
+                        *new_keymap = converted;
+                }
+        }
+
+        return 0;
+}
+
+static int find_language_fallback(const char *lang, char **language) {
+        _cleanup_fclose_ FILE *f = NULL;
+        unsigned n = 0;
+
+        assert(language);
+
+        f = fopen(SYSTEMD_LANGUAGE_FALLBACK_MAP, "re");
+        if (!f)
+                return -errno;
+
+        for (;;) {
+                _cleanup_strv_free_ char **a = NULL;
+                int r;
+
+                r = read_next_mapping(SYSTEMD_LANGUAGE_FALLBACK_MAP, 2, 2, f, &n, &a);
+                if (r <= 0)
+                        return r;
+
+                if (streq(lang, a[0])) {
+                        assert(strv_length(a) == 2);
+                        *language = a[1];
+                        a[1] = NULL;
+                        return 1;
+                }
+        }
+
+        assert_not_reached("should not be here");
+}
+
+static int x11_convert_to_vconsole(Context *c, sd_bus *bus) {
+        bool modified = false;
+        int r;
+
+        assert(bus);
+
+        if (isempty(c->x11_layout)) {
+
+                modified =
+                        !isempty(c->vc_keymap) ||
+                        !isempty(c->vc_keymap_toggle);
+
+                context_free_x11(c);
+        } else {
+                char *new_keymap = NULL;
+
+                r = find_converted_keymap(c->x11_layout, c->x11_variant, &new_keymap);
+                if (r < 0)
+                        return r;
+                else if (r == 0) {
+                        r = find_legacy_keymap(c, &new_keymap);
+                        if (r < 0)
+                                return r;
+                }
+
+                if (!streq_ptr(c->vc_keymap, new_keymap)) {
+                        free(c->vc_keymap);
+                        c->vc_keymap = new_keymap;
+                        c->vc_keymap_toggle = mfree(c->vc_keymap_toggle);
+                        modified = true;
+                } else
+                        free(new_keymap);
+        }
+
+        if (modified) {
+                r = vconsole_write_data(c);
+                if (r < 0)
+                        log_error_errno(r, "Failed to set virtual console keymap: %m");
+
+                log_info("Changed virtual console keymap to '%s' toggle '%s'",
+                         strempty(c->vc_keymap), strempty(c->vc_keymap_toggle));
+
+                sd_bus_emit_properties_changed(bus,
+                                "/org/freedesktop/locale1",
+                                "org.freedesktop.locale1",
+                                "VConsoleKeymap", "VConsoleKeymapToggle", NULL);
+
+                return vconsole_reload(bus);
+        } else
+                log_debug("Virtual console keymap was not modified.");
+
+        return 0;
+}
+
+static int property_get_locale(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Context *c = userdata;
+        _cleanup_strv_free_ char **l = NULL;
+        int p, q;
+
+        l = new0(char*, _LOCALE_MAX+1);
+        if (!l)
+                return -ENOMEM;
+
+        for (p = 0, q = 0; p < _LOCALE_MAX; p++) {
+                char *t;
+
+                if (isempty(c->locale[p]))
+                        continue;
+
+                if (asprintf(&t, "%s=%s", names[p], c->locale[p]) < 0)
+                        return -ENOMEM;
+
+                l[q++] = t;
+        }
+
+        return sd_bus_message_append_strv(reply, l);
+}
+
+static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        Context *c = userdata;
+        _cleanup_strv_free_ char **l = NULL;
+        char **i;
+        const char *lang = NULL;
+        int interactive;
+        bool modified = false;
+        bool have[_LOCALE_MAX] = {};
+        int p;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        r = bus_message_read_strv_extend(m, &l);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read_basic(m, 'b', &interactive);
+        if (r < 0)
+                return r;
+
+        /* Check whether a variable changed and if it is valid */
+        STRV_FOREACH(i, l) {
+                bool valid = false;
+
+                for (p = 0; p < _LOCALE_MAX; p++) {
+                        size_t k;
+
+                        k = strlen(names[p]);
+                        if (startswith(*i, names[p]) &&
+                            (*i)[k] == '=' &&
+                            locale_is_valid((*i) + k + 1)) {
+                                valid = true;
+                                have[p] = true;
+
+                                if (p == LOCALE_LANG)
+                                        lang = (*i) + k + 1;
+
+                                if (!streq_ptr(*i + k + 1, c->locale[p]))
+                                        modified = true;
+
+                                break;
+                        }
+                }
+
+                if (!valid)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid Locale data.");
+        }
+
+        /* If LANG was specified, but not LANGUAGE, check if we should
+         * set it based on the language fallback table. */
+        if (have[LOCALE_LANG] && !have[LOCALE_LANGUAGE]) {
+                _cleanup_free_ char *language = NULL;
+
+                assert(lang);
+
+                (void) find_language_fallback(lang, &language);
+                if (language) {
+                        log_debug("Converted LANG=%s to LANGUAGE=%s", lang, language);
+                        if (!streq_ptr(language, c->locale[LOCALE_LANGUAGE])) {
+                                r = strv_extendf(&l, "LANGUAGE=%s", language);
+                                if (r < 0)
+                                        return r;
+
+                                have[LOCALE_LANGUAGE] = true;
+                                modified = true;
+                        }
+                }
+        }
+
+        /* Check whether a variable is unset */
+        if (!modified)
+                for (p = 0; p < _LOCALE_MAX; p++)
+                        if (!isempty(c->locale[p]) && !have[p]) {
+                                modified = true;
+                                break;
+                        }
+
+        if (modified) {
+                _cleanup_strv_free_ char **settings = NULL;
+
+                r = bus_verify_polkit_async(
+                                m,
+                                CAP_SYS_ADMIN,
+                                "org.freedesktop.locale1.set-locale",
+                                NULL,
+                                interactive,
+                                UID_INVALID,
+                                &c->polkit_registry,
+                                error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+                STRV_FOREACH(i, l)
+                        for (p = 0; p < _LOCALE_MAX; p++) {
+                                size_t k;
+
+                                k = strlen(names[p]);
+                                if (startswith(*i, names[p]) && (*i)[k] == '=') {
+                                        r = free_and_strdup(&c->locale[p], *i + k + 1);
+                                        if (r < 0)
+                                                return r;
+                                        break;
+                                }
+                        }
+
+                for (p = 0; p < _LOCALE_MAX; p++) {
+                        if (have[p])
+                                continue;
+
+                        c->locale[p] = mfree(c->locale[p]);
+                }
+
+                locale_simplify(c);
+
+                r = locale_write_data(c, &settings);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to set locale: %m");
+                        return sd_bus_error_set_errnof(error, r, "Failed to set locale: %s", strerror(-r));
+                }
+
+                locale_update_system_manager(c, sd_bus_message_get_bus(m));
+
+                if (settings) {
+                        _cleanup_free_ char *line;
+
+                        line = strv_join(settings, ", ");
+                        log_info("Changed locale to %s.", strnull(line));
+                } else
+                        log_info("Changed locale to unset.");
+
+                (void) sd_bus_emit_properties_changed(
+                                sd_bus_message_get_bus(m),
+                                "/org/freedesktop/locale1",
+                                "org.freedesktop.locale1",
+                                "Locale", NULL);
+        } else
+                log_debug("Locale settings were not modified.");
+
+
+        return sd_bus_reply_method_return(m, NULL);
+}
+
+static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        Context *c = userdata;
+        const char *keymap, *keymap_toggle;
+        int convert, interactive;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        r = sd_bus_message_read(m, "ssbb", &keymap, &keymap_toggle, &convert, &interactive);
+        if (r < 0)
+                return r;
+
+        if (isempty(keymap))
+                keymap = NULL;
+
+        if (isempty(keymap_toggle))
+                keymap_toggle = NULL;
+
+        if (!streq_ptr(keymap, c->vc_keymap) ||
+            !streq_ptr(keymap_toggle, c->vc_keymap_toggle)) {
+
+                if ((keymap && (!filename_is_valid(keymap) || !string_is_safe(keymap))) ||
+                    (keymap_toggle && (!filename_is_valid(keymap_toggle) || !string_is_safe(keymap_toggle))))
+                        return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keymap data");
+
+                r = bus_verify_polkit_async(
+                                m,
+                                CAP_SYS_ADMIN,
+                                "org.freedesktop.locale1.set-keyboard",
+                                NULL,
+                                interactive,
+                                UID_INVALID,
+                                &c->polkit_registry,
+                                error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+                if (free_and_strdup(&c->vc_keymap, keymap) < 0 ||
+                    free_and_strdup(&c->vc_keymap_toggle, keymap_toggle) < 0)
+                        return -ENOMEM;
+
+                r = vconsole_write_data(c);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to set virtual console keymap: %m");
+                        return sd_bus_error_set_errnof(error, r, "Failed to set virtual console keymap: %s", strerror(-r));
+                }
+
+                log_info("Changed virtual console keymap to '%s' toggle '%s'",
+                         strempty(c->vc_keymap), strempty(c->vc_keymap_toggle));
+
+                r = vconsole_reload(sd_bus_message_get_bus(m));
+                if (r < 0)
+                        log_error_errno(r, "Failed to request keymap reload: %m");
+
+                (void) sd_bus_emit_properties_changed(
+                                sd_bus_message_get_bus(m),
+                                "/org/freedesktop/locale1",
+                                "org.freedesktop.locale1",
+                                "VConsoleKeymap", "VConsoleKeymapToggle", NULL);
+
+                if (convert) {
+                        r = vconsole_convert_to_x11(c, sd_bus_message_get_bus(m));
+                        if (r < 0)
+                                log_error_errno(r, "Failed to convert keymap data: %m");
+                }
+        }
+
+        return sd_bus_reply_method_return(m, NULL);
+}
+
+#ifdef HAVE_XKBCOMMON
+
+_printf_(3, 0)
+static void log_xkb(struct xkb_context *ctx, enum xkb_log_level lvl, const char *format, va_list args) {
+        const char *fmt;
+
+        fmt = strjoina("libxkbcommon: ", format);
+        log_internalv(LOG_DEBUG, 0, __FILE__, __LINE__, __func__, fmt, args);
+}
+
+#define LOAD_SYMBOL(symbol, dl, name)                                   \
+        ({                                                              \
+                (symbol) = (typeof(symbol)) dlvsym((dl), (name), "V_0.5.0"); \
+                (symbol) ? 0 : -EOPNOTSUPP;                             \
+        })
+
+static int verify_xkb_rmlvo(const char *model, const char *layout, const char *variant, const char *options) {
+
+        /* We dlopen() the library in order to make the dependency soft. The library (and what it pulls in) is huge
+         * after all, hence let's support XKB maps when the library is around, and refuse otherwise. The function
+         * pointers to the shared library are below: */
+
+        struct xkb_context* (*symbol_xkb_context_new)(enum xkb_context_flags flags) = NULL;
+        void (*symbol_xkb_context_unref)(struct xkb_context *context) = NULL;
+        void (*symbol_xkb_context_set_log_fn)(struct xkb_context *context, void (*log_fn)(struct xkb_context *context, enum xkb_log_level level, const char *format, va_list args)) = NULL;
+        struct xkb_keymap* (*symbol_xkb_keymap_new_from_names)(struct xkb_context *context, const struct xkb_rule_names *names, enum xkb_keymap_compile_flags flags) = NULL;
+        void (*symbol_xkb_keymap_unref)(struct xkb_keymap *keymap) = NULL;
+
+        const struct xkb_rule_names rmlvo = {
+                .model          = model,
+                .layout         = layout,
+                .variant        = variant,
+                .options        = options,
+        };
+        struct xkb_context *ctx = NULL;
+        struct xkb_keymap *km = NULL;
+        void *dl;
+        int r;
+
+        /* Compile keymap from RMLVO information to check out its validity */
+
+        dl = dlopen("libxkbcommon.so.0", RTLD_LAZY);
+        if (!dl)
+                return -EOPNOTSUPP;
+
+        r = LOAD_SYMBOL(symbol_xkb_context_new, dl, "xkb_context_new");
+        if (r < 0)
+                goto finish;
+
+        r = LOAD_SYMBOL(symbol_xkb_context_unref, dl, "xkb_context_unref");
+        if (r < 0)
+                goto finish;
+
+        r = LOAD_SYMBOL(symbol_xkb_context_set_log_fn, dl, "xkb_context_set_log_fn");
+        if (r < 0)
+                goto finish;
+
+        r = LOAD_SYMBOL(symbol_xkb_keymap_new_from_names, dl, "xkb_keymap_new_from_names");
+        if (r < 0)
+                goto finish;
+
+        r = LOAD_SYMBOL(symbol_xkb_keymap_unref, dl, "xkb_keymap_unref");
+        if (r < 0)
+                goto finish;
+
+        ctx = symbol_xkb_context_new(XKB_CONTEXT_NO_ENVIRONMENT_NAMES);
+        if (!ctx) {
+                r = -ENOMEM;
+                goto finish;
+        }
+
+        symbol_xkb_context_set_log_fn(ctx, log_xkb);
+
+        km = symbol_xkb_keymap_new_from_names(ctx, &rmlvo, XKB_KEYMAP_COMPILE_NO_FLAGS);
+        if (!km) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        r = 0;
+
+finish:
+        if (symbol_xkb_keymap_unref && km)
+                symbol_xkb_keymap_unref(km);
+
+        if (symbol_xkb_context_unref && ctx)
+                symbol_xkb_context_unref(ctx);
+
+        (void) dlclose(dl);
+        return r;
+}
+
+#else
+
+static int verify_xkb_rmlvo(const char *model, const char *layout, const char *variant, const char *options) {
+        return 0;
+}
+
+#endif
+
+static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        Context *c = userdata;
+        const char *layout, *model, *variant, *options;
+        int convert, interactive;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        r = sd_bus_message_read(m, "ssssbb", &layout, &model, &variant, &options, &convert, &interactive);
+        if (r < 0)
+                return r;
+
+        if (isempty(layout))
+                layout = NULL;
+
+        if (isempty(model))
+                model = NULL;
+
+        if (isempty(variant))
+                variant = NULL;
+
+        if (isempty(options))
+                options = NULL;
+
+        if (!streq_ptr(layout, c->x11_layout) ||
+            !streq_ptr(model, c->x11_model) ||
+            !streq_ptr(variant, c->x11_variant) ||
+            !streq_ptr(options, c->x11_options)) {
+
+                if ((layout && !string_is_safe(layout)) ||
+                    (model && !string_is_safe(model)) ||
+                    (variant && !string_is_safe(variant)) ||
+                    (options && !string_is_safe(options)))
+                        return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keyboard data");
+
+                r = bus_verify_polkit_async(
+                                m,
+                                CAP_SYS_ADMIN,
+                                "org.freedesktop.locale1.set-keyboard",
+                                NULL,
+                                interactive,
+                                UID_INVALID,
+                                &c->polkit_registry,
+                                error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+                r = verify_xkb_rmlvo(model, layout, variant, options);
+                if (r < 0) {
+                        log_error_errno(r, "Cannot compile XKB keymap for new x11 keyboard layout ('%s' / '%s' / '%s' / '%s'): %m",
+                                        strempty(model), strempty(layout), strempty(variant), strempty(options));
+
+                        if (r == -EOPNOTSUPP)
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Local keyboard configuration not supported on this system.");
+
+                        return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Specified keymap cannot be compiled, refusing as invalid.");
+                }
+
+                if (free_and_strdup(&c->x11_layout, layout) < 0 ||
+                    free_and_strdup(&c->x11_model, model) < 0 ||
+                    free_and_strdup(&c->x11_variant, variant) < 0 ||
+                    free_and_strdup(&c->x11_options, options) < 0)
+                        return -ENOMEM;
+
+                r = x11_write_data(c);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to set X11 keyboard layout: %m");
+                        return sd_bus_error_set_errnof(error, r, "Failed to set X11 keyboard layout: %s", strerror(-r));
+                }
+
+                log_info("Changed X11 keyboard layout to '%s' model '%s' variant '%s' options '%s'",
+                         strempty(c->x11_layout),
+                         strempty(c->x11_model),
+                         strempty(c->x11_variant),
+                         strempty(c->x11_options));
+
+                (void) sd_bus_emit_properties_changed(
+                                sd_bus_message_get_bus(m),
+                                "/org/freedesktop/locale1",
+                                "org.freedesktop.locale1",
+                                "X11Layout", "X11Model", "X11Variant", "X11Options", NULL);
+
+                if (convert) {
+                        r = x11_convert_to_vconsole(c, sd_bus_message_get_bus(m));
+                        if (r < 0)
+                                log_error_errno(r, "Failed to convert keymap data: %m");
+                }
+        }
+
+        return sd_bus_reply_method_return(m, NULL);
+}
+
+static const sd_bus_vtable locale_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_PROPERTY("Locale", "as", property_get_locale, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("X11Layout", "s", NULL, offsetof(Context, x11_layout), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("X11Model", "s", NULL, offsetof(Context, x11_model), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("X11Variant", "s", NULL, offsetof(Context, x11_variant), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("X11Options", "s", NULL, offsetof(Context, x11_options), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("VConsoleKeymap", "s", NULL, offsetof(Context, vc_keymap), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("VConsoleKeymapToggle", "s", NULL, offsetof(Context, vc_keymap_toggle), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_METHOD("SetLocale", "asb", NULL, method_set_locale, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetVConsoleKeyboard", "ssbb", NULL, method_set_vc_keyboard, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetX11Keyboard", "ssssbb", NULL, method_set_x11_keyboard, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_VTABLE_END
+};
+
+static int connect_bus(Context *c, sd_event *event, sd_bus **_bus) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        assert(c);
+        assert(event);
+        assert(_bus);
+
+        r = sd_bus_default_system(&bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get system bus connection: %m");
+
+        r = sd_bus_add_object_vtable(bus, NULL, "/org/freedesktop/locale1", "org.freedesktop.locale1", locale_vtable, c);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register object: %m");
+
+        r = sd_bus_request_name(bus, "org.freedesktop.locale1", 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register name: %m");
+
+        r = sd_bus_attach_event(bus, event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        *_bus = bus;
+        bus = NULL;
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(context_free) Context context = {};
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+        mac_selinux_init();
+
+        if (argc != 1) {
+                log_error("This program takes no arguments.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        r = sd_event_default(&event);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate event loop: %m");
+                goto finish;
+        }
+
+        sd_event_set_watchdog(event, true);
+
+        r = connect_bus(&context, event, &bus);
+        if (r < 0)
+                goto finish;
+
+        r = context_read_data(&context);
+        if (r < 0) {
+                log_error_errno(r, "Failed to read locale data: %m");
+                goto finish;
+        }
+
+        r = bus_event_loop_with_idle(event, bus, "org.freedesktop.locale1", DEFAULT_EXIT_USEC, NULL, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Failed to run event loop: %m");
+                goto finish;
+        }
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/locale/org.freedesktop.locale1.conf b/src/grp-locale/org.freedesktop.locale1.conf
index 79d0ecd2bb..79d0ecd2bb 100644
--- a/src/locale/org.freedesktop.locale1.conf
+++ b/src/grp-locale/org.freedesktop.locale1.conf
diff --git a/src/locale/org.freedesktop.locale1.policy.in b/src/grp-locale/org.freedesktop.locale1.policy.in
index df63845e9b..df63845e9b 100644
--- a/src/locale/org.freedesktop.locale1.policy.in
+++ b/src/grp-locale/org.freedesktop.locale1.policy.in
diff --git a/src/locale/org.freedesktop.locale1.service b/src/grp-locale/org.freedesktop.locale1.service
index 025f9a0fc2..025f9a0fc2 100644
--- a/src/locale/org.freedesktop.locale1.service
+++ b/src/grp-locale/org.freedesktop.locale1.service
diff --git a/src/login/.gitignore b/src/grp-login/.gitignore
index 3a8ba497c1..3a8ba497c1 100644
--- a/src/login/.gitignore
+++ b/src/grp-login/.gitignore
diff --git a/src/login/70-power-switch.rules b/src/grp-login/70-power-switch.rules
index e2855b50f7..e2855b50f7 100644
--- a/src/login/70-power-switch.rules
+++ b/src/grp-login/70-power-switch.rules
diff --git a/src/login/70-uaccess.rules b/src/grp-login/70-uaccess.rules
index 50dcd2e275..50dcd2e275 100644
--- a/src/login/70-uaccess.rules
+++ b/src/grp-login/70-uaccess.rules
diff --git a/src/login/71-seat.rules.in b/src/grp-login/71-seat.rules.in
index de55c9a4ec..de55c9a4ec 100644
--- a/src/login/71-seat.rules.in
+++ b/src/grp-login/71-seat.rules.in
diff --git a/src/login/73-seat-late.rules.in b/src/grp-login/73-seat-late.rules.in
index 901df750fd..901df750fd 100644
--- a/src/login/73-seat-late.rules.in
+++ b/src/grp-login/73-seat-late.rules.in
diff --git a/src/grp-login/Makefile b/src/grp-login/Makefile
new file mode 100644
index 0000000000..381d653166
--- /dev/null
+++ b/src/grp-login/Makefile
@@ -0,0 +1,115 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_LOGIND),)
+test_login_SOURCES = \
+	src/libsystemd/sd-login/test-login.c
+
+test_login_LDADD = \
+	libshared.la
+
+test_login_shared_SOURCES = \
+	src/login/test-login-shared.c
+
+test_login_shared_LDADD = \
+	libshared.la
+
+test_inhibit_SOURCES = \
+	src/login/test-inhibit.c
+
+test_inhibit_LDADD = \
+	libshared.la
+
+test_login_tables_SOURCES = \
+	src/login/test-login-tables.c
+
+test_login_tables_LDADD = \
+	liblogind-core.la
+
+manual_tests += \
+	test-login \
+	test-inhibit
+
+tests += \
+	test-login-tables \
+	test-login-shared
+
+
+nodist_systemunit_DATA += \
+	units/systemd-logind.service
+
+dist_systemunit_DATA += \
+	units/user.slice
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.login1.busname
+
+dist_dbussystemservice_DATA += \
+	src/login/org.freedesktop.login1.service
+
+dist_dbuspolicy_DATA += \
+	src/login/org.freedesktop.login1.conf
+
+nodist_pkgsysconf_DATA += \
+	src/login/logind.conf
+
+polkitpolicy_files += \
+	src/login/org.freedesktop.login1.policy
+
+INSTALL_DIRS += \
+	$(systemdstatedir)
+
+MULTI_USER_TARGET_WANTS += \
+	systemd-logind.service
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-logind.service dbus-org.freedesktop.login1.service
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.login1.busname
+
+dist_udevrules_DATA += \
+	src/login/70-uaccess.rules \
+	src/login/70-power-switch.rules
+
+nodist_udevrules_DATA += \
+	src/login/71-seat.rules \
+	src/login/73-seat-late.rules
+
+endif # ENABLE_LOGIND
+
+polkitpolicy_in_files += \
+	src/login/org.freedesktop.login1.policy.in
+
+gperf_gperf_sources += \
+	src/login/logind-gperf.gperf
+
+EXTRA_DIST += \
+	src/login/71-seat.rules.in \
+	src/login/73-seat-late.rules.in \
+	units/systemd-logind.service.in \
+	src/login/logind.conf.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-login/liblogind-core/Makefile b/src/grp-login/liblogind-core/Makefile
new file mode 100644
index 0000000000..1575518aec
--- /dev/null
+++ b/src/grp-login/liblogind-core/Makefile
@@ -0,0 +1,62 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+liblogind_core_la_SOURCES = \
+	src/login/logind-core.c \
+	src/login/logind-device.c \
+	src/login/logind-device.h \
+	src/login/logind-button.c \
+	src/login/logind-button.h \
+	src/login/logind-action.c \
+	src/login/logind-action.h \
+	src/login/logind-seat.c \
+	src/login/logind-seat.h \
+	src/login/logind-session.c \
+	src/login/logind-session.h \
+	src/login/logind-session-device.c \
+	src/login/logind-session-device.h \
+	src/login/logind-user.c \
+	src/login/logind-user.h \
+	src/login/logind-inhibit.c \
+	src/login/logind-inhibit.h \
+	src/login/logind-dbus.c \
+	src/login/logind-session-dbus.c \
+	src/login/logind-seat-dbus.c \
+	src/login/logind-user-dbus.c \
+	src/login/logind-utmp.c \
+	src/login/logind-acl.h
+
+liblogind_core_la_LIBADD = \
+	libshared.la
+
+ifneq ($(HAVE_ACL),)
+liblogind_core_la_SOURCES += \
+	src/login/logind-acl.c
+endif # HAVE_ACL
+
+noinst_LTLIBRARIES += \
+	liblogind-core.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/login/logind-acl.c b/src/grp-login/liblogind-core/logind-acl.c
index 0cef88a82d..0cef88a82d 100644
--- a/src/login/logind-acl.c
+++ b/src/grp-login/liblogind-core/logind-acl.c
diff --git a/src/login/logind-acl.h b/src/grp-login/liblogind-core/logind-acl.h
index 1286c6a3cd..1286c6a3cd 100644
--- a/src/login/logind-acl.h
+++ b/src/grp-login/liblogind-core/logind-acl.h
diff --git a/src/login/logind-action.c b/src/grp-login/liblogind-core/logind-action.c
index 9a8089f97c..9a8089f97c 100644
--- a/src/login/logind-action.c
+++ b/src/grp-login/liblogind-core/logind-action.c
diff --git a/src/login/logind-action.h b/src/grp-login/liblogind-core/logind-action.h
index fb40ae48d2..fb40ae48d2 100644
--- a/src/login/logind-action.h
+++ b/src/grp-login/liblogind-core/logind-action.h
diff --git a/src/grp-login/liblogind-core/logind-button.c b/src/grp-login/liblogind-core/logind-button.c
new file mode 100644
index 0000000000..acf7504a2e
--- /dev/null
+++ b/src/grp-login/liblogind-core/logind-button.c
@@ -0,0 +1,288 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+#include <linux/input.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "logind-button.h"
+#include "string-util.h"
+#include "util.h"
+
+Button* button_new(Manager *m, const char *name) {
+        Button *b;
+
+        assert(m);
+        assert(name);
+
+        b = new0(Button, 1);
+        if (!b)
+                return NULL;
+
+        b->name = strdup(name);
+        if (!b->name) {
+                free(b);
+                return NULL;
+        }
+
+        if (hashmap_put(m->buttons, b->name, b) < 0) {
+                free(b->name);
+                free(b);
+                return NULL;
+        }
+
+        b->manager = m;
+        b->fd = -1;
+
+        return b;
+}
+
+void button_free(Button *b) {
+        assert(b);
+
+        hashmap_remove(b->manager->buttons, b->name);
+
+        sd_event_source_unref(b->io_event_source);
+        sd_event_source_unref(b->check_event_source);
+
+        if (b->fd >= 0)
+                /* If the device has been unplugged close() returns
+                 * ENODEV, let's ignore this, hence we don't use
+                 * safe_close() */
+                (void) close(b->fd);
+
+        free(b->name);
+        free(b->seat);
+        free(b);
+}
+
+int button_set_seat(Button *b, const char *sn) {
+        char *s;
+
+        assert(b);
+        assert(sn);
+
+        s = strdup(sn);
+        if (!s)
+                return -ENOMEM;
+
+        free(b->seat);
+        b->seat = s;
+
+        return 0;
+}
+
+static void button_lid_switch_handle_action(Manager *manager, bool is_edge) {
+        HandleAction handle_action;
+
+        assert(manager);
+
+        /* If we are docked, handle the lid switch differently */
+        if (manager_is_docked_or_external_displays(manager))
+                handle_action = manager->handle_lid_switch_docked;
+        else
+                handle_action = manager->handle_lid_switch;
+
+        manager_handle_action(manager, INHIBIT_HANDLE_LID_SWITCH, handle_action, manager->lid_switch_ignore_inhibited, is_edge);
+}
+
+static int button_recheck(sd_event_source *e, void *userdata) {
+        Button *b = userdata;
+
+        assert(b);
+        assert(b->lid_closed);
+
+        button_lid_switch_handle_action(b->manager, false);
+        return 1;
+}
+
+static int button_install_check_event_source(Button *b) {
+        int r;
+        assert(b);
+
+        /* Install a post handler, so that we keep rechecking as long as the lid is closed. */
+
+        if (b->check_event_source)
+                return 0;
+
+        r = sd_event_add_post(b->manager->event, &b->check_event_source, button_recheck, b);
+        if (r < 0)
+                return r;
+
+        return sd_event_source_set_priority(b->check_event_source, SD_EVENT_PRIORITY_IDLE+1);
+}
+
+static int button_dispatch(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Button *b = userdata;
+        struct input_event ev;
+        ssize_t l;
+
+        assert(s);
+        assert(fd == b->fd);
+        assert(b);
+
+        l = read(b->fd, &ev, sizeof(ev));
+        if (l < 0)
+                return errno != EAGAIN ? -errno : 0;
+        if ((size_t) l < sizeof(ev))
+                return -EIO;
+
+        if (ev.type == EV_KEY && ev.value > 0) {
+
+                switch (ev.code) {
+
+                case KEY_POWER:
+                case KEY_POWER2:
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE("Power key pressed."),
+                                   LOG_MESSAGE_ID(SD_MESSAGE_POWER_KEY),
+                                   NULL);
+
+                        manager_handle_action(b->manager, INHIBIT_HANDLE_POWER_KEY, b->manager->handle_power_key, b->manager->power_key_ignore_inhibited, true);
+                        break;
+
+                /* The kernel is a bit confused here:
+
+                   KEY_SLEEP   = suspend-to-ram, which everybody else calls "suspend"
+                   KEY_SUSPEND = suspend-to-disk, which everybody else calls "hibernate"
+                */
+
+                case KEY_SLEEP:
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE("Suspend key pressed."),
+                                   LOG_MESSAGE_ID(SD_MESSAGE_SUSPEND_KEY),
+                                   NULL);
+
+                        manager_handle_action(b->manager, INHIBIT_HANDLE_SUSPEND_KEY, b->manager->handle_suspend_key, b->manager->suspend_key_ignore_inhibited, true);
+                        break;
+
+                case KEY_SUSPEND:
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE("Hibernate key pressed."),
+                                   LOG_MESSAGE_ID(SD_MESSAGE_HIBERNATE_KEY),
+                                   NULL);
+
+                        manager_handle_action(b->manager, INHIBIT_HANDLE_HIBERNATE_KEY, b->manager->handle_hibernate_key, b->manager->hibernate_key_ignore_inhibited, true);
+                        break;
+                }
+
+        } else if (ev.type == EV_SW && ev.value > 0) {
+
+                if (ev.code == SW_LID) {
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE("Lid closed."),
+                                   LOG_MESSAGE_ID(SD_MESSAGE_LID_CLOSED),
+                                   NULL);
+
+                        b->lid_closed = true;
+                        button_lid_switch_handle_action(b->manager, true);
+                        button_install_check_event_source(b);
+
+                } else if (ev.code == SW_DOCK) {
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE("System docked."),
+                                   LOG_MESSAGE_ID(SD_MESSAGE_SYSTEM_DOCKED),
+                                   NULL);
+
+                        b->docked = true;
+                }
+
+        } else if (ev.type == EV_SW && ev.value == 0) {
+
+                if (ev.code == SW_LID) {
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE("Lid opened."),
+                                   LOG_MESSAGE_ID(SD_MESSAGE_LID_OPENED),
+                                   NULL);
+
+                        b->lid_closed = false;
+                        b->check_event_source = sd_event_source_unref(b->check_event_source);
+
+                } else if (ev.code == SW_DOCK) {
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE("System undocked."),
+                                   LOG_MESSAGE_ID(SD_MESSAGE_SYSTEM_UNDOCKED),
+                                   NULL);
+
+                        b->docked = false;
+                }
+        }
+
+        return 0;
+}
+
+int button_open(Button *b) {
+        char *p, name[256];
+        int r;
+
+        assert(b);
+
+        b->fd = safe_close(b->fd);
+
+        p = strjoina("/dev/input/", b->name);
+
+        b->fd = open(p, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
+        if (b->fd < 0)
+                return log_warning_errno(errno, "Failed to open %s: %m", b->name);
+
+        if (ioctl(b->fd, EVIOCGNAME(sizeof(name)), name) < 0) {
+                r = log_error_errno(errno, "Failed to get input name: %m");
+                goto fail;
+        }
+
+        r = sd_event_add_io(b->manager->event, &b->io_event_source, b->fd, EPOLLIN, button_dispatch, b);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add button event: %m");
+                goto fail;
+        }
+
+        log_info("Watching system buttons on /dev/input/%s (%s)", b->name, name);
+
+        return 0;
+
+fail:
+        b->fd = safe_close(b->fd);
+        return r;
+}
+
+int button_check_switches(Button *b) {
+        uint8_t switches[SW_MAX/8+1] = {};
+        assert(b);
+
+        if (b->fd < 0)
+                return -EINVAL;
+
+        if (ioctl(b->fd, EVIOCGSW(sizeof(switches)), switches) < 0)
+                return -errno;
+
+        b->lid_closed = (switches[SW_LID/8] >> (SW_LID % 8)) & 1;
+        b->docked = (switches[SW_DOCK/8] >> (SW_DOCK % 8)) & 1;
+
+        if (b->lid_closed)
+                button_install_check_event_source(b);
+
+        return 0;
+}
diff --git a/src/login/logind-button.h b/src/grp-login/liblogind-core/logind-button.h
index f30cba2959..f30cba2959 100644
--- a/src/login/logind-button.h
+++ b/src/grp-login/liblogind-core/logind-button.h
diff --git a/src/login/logind-core.c b/src/grp-login/liblogind-core/logind-core.c
index cbf8d757fe..cbf8d757fe 100644
--- a/src/login/logind-core.c
+++ b/src/grp-login/liblogind-core/logind-core.c
diff --git a/src/grp-login/liblogind-core/logind-dbus.c b/src/grp-login/liblogind-core/logind-dbus.c
new file mode 100644
index 0000000000..90dcd94710
--- /dev/null
+++ b/src/grp-login/liblogind-core/logind-dbus.c
@@ -0,0 +1,3169 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <pwd.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "audit-util.h"
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "dirent-util.h"
+#include "efivars.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "fileio-label.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "logind.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "selinux-util.h"
+#include "sleep-config.h"
+#include "special.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "udev-util.h"
+#include "unit-name.h"
+#include "user-util.h"
+#include "utmp-wtmp.h"
+
+int manager_get_session_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Session **ret) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        Session *session;
+        int r;
+
+        assert(m);
+        assert(message);
+        assert(ret);
+
+        if (isempty(name)) {
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_SESSION|SD_BUS_CREDS_AUGMENT, &creds);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_creds_get_session(creds, &name);
+                if (r < 0)
+                        return r;
+        }
+
+        session = hashmap_get(m->sessions, name);
+        if (!session)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name);
+
+        *ret = session;
+        return 0;
+}
+
+int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret) {
+        User *user;
+        int r;
+
+        assert(m);
+        assert(message);
+        assert(ret);
+
+        if (uid == UID_INVALID) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+
+                /* Note that we get the owner UID of the session, not the actual client UID here! */
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_creds_get_owner_uid(creds, &uid);
+                if (r < 0)
+                        return r;
+        }
+
+        user = hashmap_get(m->users, UID_TO_PTR(uid));
+        if (!user)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER, "No user "UID_FMT" known or logged in", uid);
+
+        *ret = user;
+        return 0;
+}
+
+int manager_get_seat_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Seat **ret) {
+        Seat *seat;
+        int r;
+
+        assert(m);
+        assert(message);
+        assert(ret);
+
+        if (isempty(name)) {
+                Session *session;
+
+                r = manager_get_session_from_creds(m, message, NULL, error, &session);
+                if (r < 0)
+                        return r;
+
+                seat = session->seat;
+                if (!seat)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "Session has no seat.");
+        } else {
+                seat = hashmap_get(m->seats, name);
+                if (!seat)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", name);
+        }
+
+        *ret = seat;
+        return 0;
+}
+
+static int property_get_idle_hint(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        return sd_bus_message_append(reply, "b", manager_get_idle_hint(m, NULL) > 0);
+}
+
+static int property_get_idle_since_hint(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+        dual_timestamp t = DUAL_TIMESTAMP_NULL;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        manager_get_idle_hint(m, &t);
+
+        return sd_bus_message_append(reply, "t", streq(property, "IdleSinceHint") ? t.realtime : t.monotonic);
+}
+
+static int property_get_inhibited(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+        InhibitWhat w;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        w = manager_inhibit_what(m, streq(property, "BlockInhibited") ? INHIBIT_BLOCK : INHIBIT_DELAY);
+
+        return sd_bus_message_append(reply, "s", inhibit_what_to_string(w));
+}
+
+static int property_get_preparing(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+        bool b;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        if (streq(property, "PreparingForShutdown"))
+                b = !!(m->action_what & INHIBIT_SHUTDOWN);
+        else
+                b = !!(m->action_what & INHIBIT_SLEEP);
+
+        return sd_bus_message_append(reply, "b", b);
+}
+
+static int property_get_scheduled_shutdown(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        r = sd_bus_message_open_container(reply, 'r', "st");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(reply, "st", m->scheduled_shutdown_type, m->scheduled_shutdown_timeout);
+        if (r < 0)
+                return r;
+
+        return sd_bus_message_close_container(reply);
+}
+
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction);
+
+static int property_get_docked(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        return sd_bus_message_append(reply, "b", manager_is_docked_or_external_displays(m));
+}
+
+static int property_get_current_sessions(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        return sd_bus_message_append(reply, "t", (uint64_t) hashmap_size(m->sessions));
+}
+
+static int property_get_current_inhibitors(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(m);
+
+        return sd_bus_message_append(reply, "t", (uint64_t) hashmap_size(m->inhibitors));
+}
+
+static int method_get_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Manager *m = userdata;
+        const char *name;
+        Session *session;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_session_from_creds(m, message, name, error, &session);
+        if (r < 0)
+                return r;
+
+        p = session_bus_path(session);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_get_session_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Session *session = NULL;
+        Manager *m = userdata;
+        pid_t pid;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
+
+        r = sd_bus_message_read(message, "u", &pid);
+        if (r < 0)
+                return r;
+        if (pid < 0)
+                return -EINVAL;
+
+        if (pid == 0) {
+                r = manager_get_session_from_creds(m, message, NULL, error, &session);
+                if (r < 0)
+                        return r;
+        } else {
+                r = manager_get_session_by_pid(m, pid, &session);
+                if (r < 0)
+                        return r;
+
+                if (!session)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_SESSION_FOR_PID, "PID "PID_FMT" does not belong to any known session", pid);
+        }
+
+        p = session_bus_path(session);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_get_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Manager *m = userdata;
+        uint32_t uid;
+        User *user;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "u", &uid);
+        if (r < 0)
+                return r;
+
+        r = manager_get_user_from_creds(m, message, uid, error, &user);
+        if (r < 0)
+                return r;
+
+        p = user_bus_path(user);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_get_user_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Manager *m = userdata;
+        User *user = NULL;
+        pid_t pid;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
+
+        r = sd_bus_message_read(message, "u", &pid);
+        if (r < 0)
+                return r;
+        if (pid < 0)
+                return -EINVAL;
+
+        if (pid == 0) {
+                r = manager_get_user_from_creds(m, message, UID_INVALID, error, &user);
+                if (r < 0)
+                        return r;
+        } else {
+                r = manager_get_user_by_pid(m, pid, &user);
+                if (r < 0)
+                        return r;
+                if (!user)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_USER_FOR_PID, "PID "PID_FMT" does not belong to any known or logged in user", pid);
+        }
+
+        p = user_bus_path(user);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_get_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Manager *m = userdata;
+        const char *name;
+        Seat *seat;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_seat_from_creds(m, message, name, error, &seat);
+        if (r < 0)
+                return r;
+
+        p = seat_bus_path(seat);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_list_sessions(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        Manager *m = userdata;
+        Session *session;
+        Iterator i;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(susso)");
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH(session, m->sessions, i) {
+                _cleanup_free_ char *p = NULL;
+
+                p = session_bus_path(session);
+                if (!p)
+                        return -ENOMEM;
+
+                r = sd_bus_message_append(reply, "(susso)",
+                                          session->id,
+                                          (uint32_t) session->user->uid,
+                                          session->user->name,
+                                          session->seat ? session->seat->id : "",
+                                          p);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_list_users(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        Manager *m = userdata;
+        User *user;
+        Iterator i;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(uso)");
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH(user, m->users, i) {
+                _cleanup_free_ char *p = NULL;
+
+                p = user_bus_path(user);
+                if (!p)
+                        return -ENOMEM;
+
+                r = sd_bus_message_append(reply, "(uso)",
+                                          (uint32_t) user->uid,
+                                          user->name,
+                                          p);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_list_seats(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        Manager *m = userdata;
+        Seat *seat;
+        Iterator i;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(so)");
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH(seat, m->seats, i) {
+                _cleanup_free_ char *p = NULL;
+
+                p = seat_bus_path(seat);
+                if (!p)
+                        return -ENOMEM;
+
+                r = sd_bus_message_append(reply, "(so)", seat->id, p);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_list_inhibitors(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        Manager *m = userdata;
+        Inhibitor *inhibitor;
+        Iterator i;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(ssssuu)");
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH(inhibitor, m->inhibitors, i) {
+
+                r = sd_bus_message_append(reply, "(ssssuu)",
+                                          strempty(inhibit_what_to_string(inhibitor->what)),
+                                          strempty(inhibitor->who),
+                                          strempty(inhibitor->why),
+                                          strempty(inhibit_mode_to_string(inhibitor->mode)),
+                                          (uint32_t) inhibitor->uid,
+                                          (uint32_t) inhibitor->pid);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_create_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *service, *type, *class, *cseat, *tty, *display, *remote_user, *remote_host, *desktop;
+        uint32_t audit_id = 0;
+        _cleanup_free_ char *id = NULL;
+        Session *session = NULL;
+        Manager *m = userdata;
+        User *user = NULL;
+        Seat *seat = NULL;
+        pid_t leader;
+        uid_t uid;
+        int remote;
+        uint32_t vtnr = 0;
+        SessionType t;
+        SessionClass c;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
+        assert_cc(sizeof(uid_t) == sizeof(uint32_t));
+
+        r = sd_bus_message_read(message, "uusssssussbss", &uid, &leader, &service, &type, &class, &desktop, &cseat, &vtnr, &tty, &display, &remote, &remote_user, &remote_host);
+        if (r < 0)
+                return r;
+
+        if (!uid_is_valid(uid))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid UID");
+        if (leader < 0 || leader == 1)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
+
+        if (isempty(type))
+                t = _SESSION_TYPE_INVALID;
+        else {
+                t = session_type_from_string(type);
+                if (t < 0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid session type %s", type);
+        }
+
+        if (isempty(class))
+                c = _SESSION_CLASS_INVALID;
+        else {
+                c = session_class_from_string(class);
+                if (c < 0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid session class %s", class);
+        }
+
+        if (isempty(desktop))
+                desktop = NULL;
+        else {
+                if (!string_is_safe(desktop))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid desktop string %s", desktop);
+        }
+
+        if (isempty(cseat))
+                seat = NULL;
+        else {
+                seat = hashmap_get(m->seats, cseat);
+                if (!seat)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", cseat);
+        }
+
+        if (tty_is_vc(tty)) {
+                int v;
+
+                if (!seat)
+                        seat = m->seat0;
+                else if (seat != m->seat0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "TTY %s is virtual console but seat %s is not seat0", tty, seat->id);
+
+                v = vtnr_from_tty(tty);
+                if (v <= 0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot determine VT number from virtual console TTY %s", tty);
+
+                if (!vtnr)
+                        vtnr = (uint32_t) v;
+                else if (vtnr != (uint32_t) v)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified TTY and VT number do not match");
+
+        } else if (tty_is_console(tty)) {
+
+                if (!seat)
+                        seat = m->seat0;
+                else if (seat != m->seat0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Console TTY specified but seat is not seat0");
+
+                if (vtnr != 0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Console TTY specified but VT number is not 0");
+        }
+
+        if (seat) {
+                if (seat_has_vts(seat)) {
+                        if (!vtnr || vtnr > 63)
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "VT number out of range");
+                } else {
+                        if (vtnr != 0)
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Seat has no VTs but VT number not 0");
+                }
+        }
+
+        r = sd_bus_message_enter_container(message, 'a', "(sv)");
+        if (r < 0)
+                return r;
+
+        if (t == _SESSION_TYPE_INVALID) {
+                if (!isempty(display))
+                        t = SESSION_X11;
+                else if (!isempty(tty))
+                        t = SESSION_TTY;
+                else
+                        t = SESSION_UNSPECIFIED;
+        }
+
+        if (c == _SESSION_CLASS_INVALID) {
+                if (t == SESSION_UNSPECIFIED)
+                        c = SESSION_BACKGROUND;
+                else
+                        c = SESSION_USER;
+        }
+
+        if (leader == 0) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_creds_get_pid(creds, (pid_t*) &leader);
+                if (r < 0)
+                        return r;
+        }
+
+        r = manager_get_session_by_pid(m, leader, NULL);
+        if (r > 0)
+                return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already running in a session");
+
+        /*
+         * Old gdm and lightdm start the user-session on the same VT as
+         * the greeter session. But they destroy the greeter session
+         * after the user-session and want the user-session to take
+         * over the VT. We need to support this for
+         * backwards-compatibility, so make sure we allow new sessions
+         * on a VT that a greeter is running on. Furthermore, to allow
+         * re-logins, we have to allow a greeter to take over a used VT for
+         * the exact same reasons.
+         */
+        if (c != SESSION_GREETER &&
+            vtnr > 0 &&
+            vtnr < m->seat0->position_count &&
+            m->seat0->positions[vtnr] &&
+            m->seat0->positions[vtnr]->class != SESSION_GREETER)
+                return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already occupied by a session");
+
+        if (hashmap_size(m->sessions) >= m->sessions_max)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.", m->sessions_max);
+
+        audit_session_from_pid(leader, &audit_id);
+        if (audit_id > 0) {
+                /* Keep our session IDs and the audit session IDs in sync */
+
+                if (asprintf(&id, "%"PRIu32, audit_id) < 0)
+                        return -ENOMEM;
+
+                /* Wut? There's already a session by this name and we
+                 * didn't find it above? Weird, then let's not trust
+                 * the audit data and let's better register a new
+                 * ID */
+                if (hashmap_get(m->sessions, id)) {
+                        log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
+                        audit_id = 0;
+
+                        id = mfree(id);
+                }
+        }
+
+        if (!id) {
+                do {
+                        id = mfree(id);
+
+                        if (asprintf(&id, "c%lu", ++m->session_counter) < 0)
+                                return -ENOMEM;
+
+                } while (hashmap_get(m->sessions, id));
+        }
+
+        r = manager_add_user_by_uid(m, uid, &user);
+        if (r < 0)
+                goto fail;
+
+        r = manager_add_session(m, id, &session);
+        if (r < 0)
+                goto fail;
+
+        session_set_user(session, user);
+
+        session->leader = leader;
+        session->audit_id = audit_id;
+        session->type = t;
+        session->class = c;
+        session->remote = remote;
+        session->vtnr = vtnr;
+
+        if (!isempty(tty)) {
+                session->tty = strdup(tty);
+                if (!session->tty) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (!isempty(display)) {
+                session->display = strdup(display);
+                if (!session->display) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (!isempty(remote_user)) {
+                session->remote_user = strdup(remote_user);
+                if (!session->remote_user) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (!isempty(remote_host)) {
+                session->remote_host = strdup(remote_host);
+                if (!session->remote_host) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (!isempty(service)) {
+                session->service = strdup(service);
+                if (!session->service) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (!isempty(desktop)) {
+                session->desktop = strdup(desktop);
+                if (!session->desktop) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (seat) {
+                r = seat_attach_session(seat, session);
+                if (r < 0)
+                        goto fail;
+        }
+
+        r = session_start(session);
+        if (r < 0)
+                goto fail;
+
+        session->create_message = sd_bus_message_ref(message);
+
+        /* Now, let's wait until the slice unit and stuff got
+         * created. We send the reply back from
+         * session_send_create_reply(). */
+
+        return 1;
+
+fail:
+        if (session)
+                session_add_to_gc_queue(session);
+
+        if (user)
+                user_add_to_gc_queue(user);
+
+        return r;
+}
+
+static int method_release_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Session *session;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_session_from_creds(m, message, name, error, &session);
+        if (r < 0)
+                return r;
+
+        r = session_release(session);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_activate_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Session *session;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_session_from_creds(m, message, name, error, &session);
+        if (r < 0)
+                return r;
+
+        return bus_session_method_activate(message, session, error);
+}
+
+static int method_activate_session_on_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *session_name, *seat_name;
+        Manager *m = userdata;
+        Session *session;
+        Seat *seat;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        /* Same as ActivateSession() but refuses to work if
+         * the seat doesn't match */
+
+        r = sd_bus_message_read(message, "ss", &session_name, &seat_name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_session_from_creds(m, message, session_name, error, &session);
+        if (r < 0)
+                return r;
+
+        r = manager_get_seat_from_creds(m, message, seat_name, error, &seat);
+        if (r < 0)
+                return r;
+
+        if (session->seat != seat)
+                return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT, "Session %s not on seat %s", session_name, seat_name);
+
+        r = session_activate(session);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_lock_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Session *session;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_session_from_creds(m, message, name, error, &session);
+        if (r < 0)
+                return r;
+
+        return bus_session_method_lock(message, session, error);
+}
+
+static int method_lock_sessions(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.login1.lock-sessions",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = session_send_lock_all(m, streq(sd_bus_message_get_member(message), "LockSessions"));
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_kill_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *name;
+        Manager *m = userdata;
+        Session *session;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_session_from_creds(m, message, name, error, &session);
+        if (r < 0)
+                return r;
+
+        return bus_session_method_kill(message, session, error);
+}
+
+static int method_kill_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        uint32_t uid;
+        User *user;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "u", &uid);
+        if (r < 0)
+                return r;
+
+        r = manager_get_user_from_creds(m, message, uid, error, &user);
+        if (r < 0)
+                return r;
+
+        return bus_user_method_kill(message, user, error);
+}
+
+static int method_terminate_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        const char *name;
+        Session *session;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_session_from_creds(m, message, name, error, &session);
+        if (r < 0)
+                return r;
+
+        return bus_session_method_terminate(message, session, error);
+}
+
+static int method_terminate_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        uint32_t uid;
+        User *user;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "u", &uid);
+        if (r < 0)
+                return r;
+
+        r = manager_get_user_from_creds(m, message, uid, error, &user);
+        if (r < 0)
+                return r;
+
+        return bus_user_method_terminate(message, user, error);
+}
+
+static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        const char *name;
+        Seat *seat;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = manager_get_seat_from_creds(m, message, name, error, &seat);
+        if (r < 0)
+                return r;
+
+        return bus_seat_method_terminate(message, seat, error);
+}
+
+static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *cc = NULL;
+        Manager *m = userdata;
+        int r, b, interactive;
+        struct passwd *pw;
+        const char *path;
+        uint32_t uid;
+        bool self = false;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "ubb", &uid, &b, &interactive);
+        if (r < 0)
+                return r;
+
+        if (uid == UID_INVALID) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+
+                /* Note that we get the owner UID of the session, not the actual client UID here! */
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_creds_get_owner_uid(creds, &uid);
+                if (r < 0)
+                        return r;
+
+                self = true;
+
+        } else if (!uid_is_valid(uid))
+                return -EINVAL;
+
+        errno = 0;
+        pw = getpwuid(uid);
+        if (!pw)
+                return errno > 0 ? -errno : -ENOENT;
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger",
+                        NULL,
+                        interactive,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        mkdir_p_label("/var/lib/systemd", 0755);
+
+        r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0);
+        if (r < 0)
+                return r;
+
+        cc = cescape(pw->pw_name);
+        if (!cc)
+                return -ENOMEM;
+
+        path = strjoina("/var/lib/systemd/linger/", cc);
+        if (b) {
+                User *u;
+
+                r = touch(path);
+                if (r < 0)
+                        return r;
+
+                if (manager_add_user_by_uid(m, uid, &u) >= 0)
+                        user_start(u);
+
+        } else {
+                User *u;
+
+                r = unlink(path);
+                if (r < 0 && errno != ENOENT)
+                        return -errno;
+
+                u = hashmap_get(m->users, UID_TO_PTR(uid));
+                if (u)
+                        user_add_to_gc_queue(u);
+        }
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int trigger_device(Manager *m, struct udev_device *d) {
+        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+        struct udev_list_entry *first, *item;
+        int r;
+
+        assert(m);
+
+        e = udev_enumerate_new(m->udev);
+        if (!e)
+                return -ENOMEM;
+
+        if (d) {
+                r = udev_enumerate_add_match_parent(e, d);
+                if (r < 0)
+                        return r;
+        }
+
+        r = udev_enumerate_scan_devices(e);
+        if (r < 0)
+                return r;
+
+        first = udev_enumerate_get_list_entry(e);
+        udev_list_entry_foreach(item, first) {
+                _cleanup_free_ char *t = NULL;
+                const char *p;
+
+                p = udev_list_entry_get_name(item);
+
+                t = strappend(p, "/uevent");
+                if (!t)
+                        return -ENOMEM;
+
+                write_string_file(t, "change", WRITE_STRING_FILE_CREATE);
+        }
+
+        return 0;
+}
+
+static int attach_device(Manager *m, const char *seat, const char *sysfs) {
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        _cleanup_free_ char *rule = NULL, *file = NULL;
+        const char *id_for_seat;
+        int r;
+
+        assert(m);
+        assert(seat);
+        assert(sysfs);
+
+        d = udev_device_new_from_syspath(m->udev, sysfs);
+        if (!d)
+                return -ENODEV;
+
+        if (!udev_device_has_tag(d, "seat"))
+                return -ENODEV;
+
+        id_for_seat = udev_device_get_property_value(d, "ID_FOR_SEAT");
+        if (!id_for_seat)
+                return -ENODEV;
+
+        if (asprintf(&file, "/etc/udev/rules.d/72-seat-%s.rules", id_for_seat) < 0)
+                return -ENOMEM;
+
+        if (asprintf(&rule, "TAG==\"seat\", ENV{ID_FOR_SEAT}==\"%s\", ENV{ID_SEAT}=\"%s\"", id_for_seat, seat) < 0)
+                return -ENOMEM;
+
+        mkdir_p_label("/etc/udev/rules.d", 0755);
+        r = write_string_file_atomic_label(file, rule);
+        if (r < 0)
+                return r;
+
+        return trigger_device(m, d);
+}
+
+static int flush_devices(Manager *m) {
+        _cleanup_closedir_ DIR *d;
+
+        assert(m);
+
+        d = opendir("/etc/udev/rules.d");
+        if (!d) {
+                if (errno != ENOENT)
+                        log_warning_errno(errno, "Failed to open /etc/udev/rules.d: %m");
+        } else {
+                struct dirent *de;
+
+                while ((de = readdir(d))) {
+
+                        if (!dirent_is_file(de))
+                                continue;
+
+                        if (!startswith(de->d_name, "72-seat-"))
+                                continue;
+
+                        if (!endswith(de->d_name, ".rules"))
+                                continue;
+
+                        if (unlinkat(dirfd(d), de->d_name, 0) < 0)
+                                log_warning_errno(errno, "Failed to unlink %s: %m", de->d_name);
+                }
+        }
+
+        return trigger_device(m, NULL);
+}
+
+static int method_attach_device(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *sysfs, *seat;
+        Manager *m = userdata;
+        int interactive, r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "ssb", &seat, &sysfs, &interactive);
+        if (r < 0)
+                return r;
+
+        if (!path_startswith(sysfs, "/sys"))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not in /sys", sysfs);
+
+        if (!seat_name_is_valid(seat))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Seat %s is not valid", seat);
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.login1.attach-device",
+                        NULL,
+                        interactive,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        r = attach_device(m, seat, sysfs);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_flush_devices(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        int interactive, r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "b", &interactive);
+        if (r < 0)
+                return r;
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.login1.flush-devices",
+                        NULL,
+                        interactive,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        r = flush_devices(m);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int have_multiple_sessions(
+                Manager *m,
+                uid_t uid) {
+
+        Session *session;
+        Iterator i;
+
+        assert(m);
+
+        /* Check for other users' sessions. Greeter sessions do not
+         * count, and non-login sessions do not count either. */
+        HASHMAP_FOREACH(session, m->sessions, i)
+                if (session->class == SESSION_USER &&
+                    session->user->uid != uid)
+                        return true;
+
+        return false;
+}
+
+static int bus_manager_log_shutdown(
+                Manager *m,
+                InhibitWhat w,
+                const char *unit_name) {
+
+        const char *p, *q;
+
+        assert(m);
+        assert(unit_name);
+
+        if (w != INHIBIT_SHUTDOWN)
+                return 0;
+
+        if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) {
+                p = "MESSAGE=System is powering down";
+                q = "SHUTDOWN=power-off";
+        } else if (streq(unit_name, SPECIAL_HALT_TARGET)) {
+                p = "MESSAGE=System is halting";
+                q = "SHUTDOWN=halt";
+        } else if (streq(unit_name, SPECIAL_REBOOT_TARGET)) {
+                p = "MESSAGE=System is rebooting";
+                q = "SHUTDOWN=reboot";
+        } else if (streq(unit_name, SPECIAL_KEXEC_TARGET)) {
+                p = "MESSAGE=System is rebooting with kexec";
+                q = "SHUTDOWN=kexec";
+        } else {
+                p = "MESSAGE=System is shutting down";
+                q = NULL;
+        }
+
+        if (isempty(m->wall_message))
+                p = strjoina(p, ".");
+        else
+                p = strjoina(p, " (", m->wall_message, ").");
+
+        return log_struct(LOG_NOTICE,
+                          LOG_MESSAGE_ID(SD_MESSAGE_SHUTDOWN),
+                          p,
+                          q,
+                          NULL);
+}
+
+static int lid_switch_ignore_handler(sd_event_source *e, uint64_t usec, void *userdata) {
+        Manager *m = userdata;
+
+        assert(e);
+        assert(m);
+
+        m->lid_switch_ignore_event_source = sd_event_source_unref(m->lid_switch_ignore_event_source);
+        return 0;
+}
+
+int manager_set_lid_switch_ignore(Manager *m, usec_t until) {
+        int r;
+
+        assert(m);
+
+        if (until <= now(CLOCK_MONOTONIC))
+                return 0;
+
+        /* We want to ignore the lid switch for a while after each
+         * suspend, and after boot-up. Hence let's install a timer for
+         * this. As long as the event source exists we ignore the lid
+         * switch. */
+
+        if (m->lid_switch_ignore_event_source) {
+                usec_t u;
+
+                r = sd_event_source_get_time(m->lid_switch_ignore_event_source, &u);
+                if (r < 0)
+                        return r;
+
+                if (until <= u)
+                        return 0;
+
+                r = sd_event_source_set_time(m->lid_switch_ignore_event_source, until);
+        } else
+                r = sd_event_add_time(
+                                m->event,
+                                &m->lid_switch_ignore_event_source,
+                                CLOCK_MONOTONIC,
+                                until, 0,
+                                lid_switch_ignore_handler, m);
+
+        return r;
+}
+
+static void reset_scheduled_shutdown(Manager *m) {
+        m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
+        m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source);
+        m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source);
+        m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type);
+        m->scheduled_shutdown_timeout = 0;
+        m->shutdown_dry_run = false;
+
+        if (m->unlink_nologin) {
+                (void) unlink("/run/nologin");
+                m->unlink_nologin = false;
+        }
+}
+
+static int execute_shutdown_or_sleep(
+                Manager *m,
+                InhibitWhat w,
+                const char *unit_name,
+                sd_bus_error *error) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        char *c = NULL;
+        const char *p;
+        int r;
+
+        assert(m);
+        assert(w >= 0);
+        assert(w < _INHIBIT_WHAT_MAX);
+        assert(unit_name);
+
+        bus_manager_log_shutdown(m, w, unit_name);
+
+        if (m->shutdown_dry_run) {
+                log_info("Running in dry run, suppressing action.");
+                reset_scheduled_shutdown(m);
+        } else {
+                r = sd_bus_call_method(
+                                m->bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "StartUnit",
+                                error,
+                                &reply,
+                                "ss", unit_name, "replace-irreversibly");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_read(reply, "o", &p);
+                if (r < 0)
+                        return r;
+
+                c = strdup(p);
+                if (!c)
+                        return -ENOMEM;
+        }
+
+        m->action_unit = unit_name;
+        free(m->action_job);
+        m->action_job = c;
+        m->action_what = w;
+
+        /* Make sure the lid switch is ignored for a while */
+        manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec);
+
+        return 0;
+}
+
+int manager_dispatch_delayed(Manager *manager, bool timeout) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        Inhibitor *offending = NULL;
+        int r;
+
+        assert(manager);
+
+        if (manager->action_what == 0 || manager->action_job)
+                return 0;
+
+        if (manager_is_inhibited(manager, manager->action_what, INHIBIT_DELAY, NULL, false, false, 0, &offending)) {
+                _cleanup_free_ char *comm = NULL, *u = NULL;
+
+                if (!timeout)
+                        return 0;
+
+                (void) get_process_comm(offending->pid, &comm);
+                u = uid_to_name(offending->uid);
+
+                log_notice("Delay lock is active (UID "UID_FMT"/%s, PID "PID_FMT"/%s) but inhibitor timeout is reached.",
+                           offending->uid, strna(u),
+                           offending->pid, strna(comm));
+        }
+
+        /* Actually do the operation */
+        r = execute_shutdown_or_sleep(manager, manager->action_what, manager->action_unit, &error);
+        if (r < 0) {
+                log_warning("Failed to send delayed message: %s", bus_error_message(&error, r));
+
+                manager->action_unit = NULL;
+                manager->action_what = 0;
+                return r;
+        }
+
+        return 1;
+}
+
+static int manager_inhibit_timeout_handler(
+                        sd_event_source *s,
+                        uint64_t usec,
+                        void *userdata) {
+
+        Manager *manager = userdata;
+        int r;
+
+        assert(manager);
+        assert(manager->inhibit_timeout_source == s);
+
+        r = manager_dispatch_delayed(manager, true);
+        return (r < 0) ? r : 0;
+}
+
+static int delay_shutdown_or_sleep(
+                Manager *m,
+                InhibitWhat w,
+                const char *unit_name) {
+
+        int r;
+        usec_t timeout_val;
+
+        assert(m);
+        assert(w >= 0);
+        assert(w < _INHIBIT_WHAT_MAX);
+        assert(unit_name);
+
+        timeout_val = now(CLOCK_MONOTONIC) + m->inhibit_delay_max;
+
+        if (m->inhibit_timeout_source) {
+                r = sd_event_source_set_time(m->inhibit_timeout_source, timeout_val);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_time() failed: %m");
+
+                r = sd_event_source_set_enabled(m->inhibit_timeout_source, SD_EVENT_ONESHOT);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
+        } else {
+                r = sd_event_add_time(m->event, &m->inhibit_timeout_source, CLOCK_MONOTONIC,
+                                      timeout_val, 0, manager_inhibit_timeout_handler, m);
+                if (r < 0)
+                        return r;
+        }
+
+        m->action_unit = unit_name;
+        m->action_what = w;
+
+        return 0;
+}
+
+static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) {
+
+        static const char * const signal_name[_INHIBIT_WHAT_MAX] = {
+                [INHIBIT_SHUTDOWN] = "PrepareForShutdown",
+                [INHIBIT_SLEEP] = "PrepareForSleep"
+        };
+
+        int active = _active;
+
+        assert(m);
+        assert(w >= 0);
+        assert(w < _INHIBIT_WHAT_MAX);
+        assert(signal_name[w]);
+
+        return sd_bus_emit_signal(m->bus,
+                                  "/org/freedesktop/login1",
+                                  "org.freedesktop.login1.Manager",
+                                  signal_name[w],
+                                  "b",
+                                  active);
+}
+
+int bus_manager_shutdown_or_sleep_now_or_later(
+                Manager *m,
+                const char *unit_name,
+                InhibitWhat w,
+                sd_bus_error *error) {
+
+        bool delayed;
+        int r;
+
+        assert(m);
+        assert(unit_name);
+        assert(w >= 0);
+        assert(w <= _INHIBIT_WHAT_MAX);
+        assert(!m->action_job);
+
+        /* Tell everybody to prepare for shutdown/sleep */
+        send_prepare_for(m, w, true);
+
+        delayed =
+                m->inhibit_delay_max > 0 &&
+                manager_is_inhibited(m, w, INHIBIT_DELAY, NULL, false, false, 0, NULL);
+
+        if (delayed)
+                /* Shutdown is delayed, keep in mind what we
+                 * want to do, and start a timeout */
+                r = delay_shutdown_or_sleep(m, w, unit_name);
+        else
+                /* Shutdown is not delayed, execute it
+                 * immediately */
+                r = execute_shutdown_or_sleep(m, w, unit_name, error);
+
+        return r;
+}
+
+static int verify_shutdown_creds(
+                Manager *m,
+                sd_bus_message *message,
+                InhibitWhat w,
+                bool interactive,
+                const char *action,
+                const char *action_multiple_sessions,
+                const char *action_ignore_inhibit,
+                sd_bus_error *error) {
+
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        bool multiple_sessions, blocked;
+        uid_t uid;
+        int r;
+
+        assert(m);
+        assert(message);
+        assert(w >= 0);
+        assert(w <= _INHIBIT_WHAT_MAX);
+
+        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_creds_get_euid(creds, &uid);
+        if (r < 0)
+                return r;
+
+        r = have_multiple_sessions(m, uid);
+        if (r < 0)
+                return r;
+
+        multiple_sessions = r > 0;
+        blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
+
+        if (multiple_sessions && action_multiple_sessions) {
+                r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+        }
+
+        if (blocked && action_ignore_inhibit) {
+                r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+        }
+
+        if (!multiple_sessions && !blocked && action) {
+                r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+        }
+
+        return 0;
+}
+
+static int method_do_shutdown_or_sleep(
+                Manager *m,
+                sd_bus_message *message,
+                const char *unit_name,
+                InhibitWhat w,
+                const char *action,
+                const char *action_multiple_sessions,
+                const char *action_ignore_inhibit,
+                const char *sleep_verb,
+                sd_bus_error *error) {
+
+        int interactive, r;
+
+        assert(m);
+        assert(message);
+        assert(unit_name);
+        assert(w >= 0);
+        assert(w <= _INHIBIT_WHAT_MAX);
+
+        r = sd_bus_message_read(message, "b", &interactive);
+        if (r < 0)
+                return r;
+
+        /* Don't allow multiple jobs being executed at the same time */
+        if (m->action_what)
+                return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS, "There's already a shutdown or sleep operation in progress");
+
+        if (sleep_verb) {
+                r = can_sleep(sleep_verb);
+                if (r < 0)
+                        return r;
+
+                if (r == 0)
+                        return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported");
+        }
+
+        r = verify_shutdown_creds(m, message, w, interactive, action, action_multiple_sessions,
+                                  action_ignore_inhibit, error);
+        if (r != 0)
+                return r;
+
+        r = bus_manager_shutdown_or_sleep_now_or_later(m, unit_name, w, error);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_poweroff(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_do_shutdown_or_sleep(
+                        m, message,
+                        SPECIAL_POWEROFF_TARGET,
+                        INHIBIT_SHUTDOWN,
+                        "org.freedesktop.login1.power-off",
+                        "org.freedesktop.login1.power-off-multiple-sessions",
+                        "org.freedesktop.login1.power-off-ignore-inhibit",
+                        NULL,
+                        error);
+}
+
+static int method_reboot(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_do_shutdown_or_sleep(
+                        m, message,
+                        SPECIAL_REBOOT_TARGET,
+                        INHIBIT_SHUTDOWN,
+                        "org.freedesktop.login1.reboot",
+                        "org.freedesktop.login1.reboot-multiple-sessions",
+                        "org.freedesktop.login1.reboot-ignore-inhibit",
+                        NULL,
+                        error);
+}
+
+static int method_suspend(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_do_shutdown_or_sleep(
+                        m, message,
+                        SPECIAL_SUSPEND_TARGET,
+                        INHIBIT_SLEEP,
+                        "org.freedesktop.login1.suspend",
+                        "org.freedesktop.login1.suspend-multiple-sessions",
+                        "org.freedesktop.login1.suspend-ignore-inhibit",
+                        "suspend",
+                        error);
+}
+
+static int nologin_timeout_handler(
+                        sd_event_source *s,
+                        uint64_t usec,
+                        void *userdata) {
+
+        Manager *m = userdata;
+        int r;
+
+        log_info("Creating /run/nologin, blocking further logins...");
+
+        r = write_string_file_atomic_label("/run/nologin", "System is going down.");
+        if (r < 0)
+                log_error_errno(r, "Failed to create /run/nologin: %m");
+        else
+                m->unlink_nologin = true;
+
+        return 0;
+}
+
+static int update_schedule_file(Manager *m) {
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(m);
+
+        r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
+
+        r = fopen_temporary("/run/systemd/shutdown/scheduled", &f, &temp_path);
+        if (r < 0)
+                return log_error_errno(r, "Failed to save information about scheduled shutdowns: %m");
+
+        (void) fchmod(fileno(f), 0644);
+
+        fprintf(f,
+                "USEC="USEC_FMT"\n"
+                "WARN_WALL=%i\n"
+                "MODE=%s\n",
+                m->scheduled_shutdown_timeout,
+                m->enable_wall_messages,
+                m->scheduled_shutdown_type);
+
+        if (!isempty(m->wall_message)) {
+                _cleanup_free_ char *t;
+
+                t = cescape(m->wall_message);
+                if (!t) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "WALL_MESSAGE=%s\n", t);
+        }
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, "/run/systemd/shutdown/scheduled") < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        (void) unlink(temp_path);
+        (void) unlink("/run/systemd/shutdown/scheduled");
+
+        return log_error_errno(r, "Failed to write information about scheduled shutdowns: %m");
+}
+
+static int manager_scheduled_shutdown_handler(
+                        sd_event_source *s,
+                        uint64_t usec,
+                        void *userdata) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        Manager *m = userdata;
+        const char *target;
+        int r;
+
+        assert(m);
+
+        if (isempty(m->scheduled_shutdown_type))
+                return 0;
+
+        if (streq(m->scheduled_shutdown_type, "halt"))
+                target = SPECIAL_HALT_TARGET;
+        else if (streq(m->scheduled_shutdown_type, "poweroff"))
+                target = SPECIAL_POWEROFF_TARGET;
+        else
+                target = SPECIAL_REBOOT_TARGET;
+
+        r = execute_shutdown_or_sleep(m, 0, target, &error);
+        if (r < 0)
+                return log_error_errno(r, "Unable to execute transition to %s: %m", target);
+
+        return 0;
+}
+
+static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        const char *action_multiple_sessions = NULL;
+        const char *action_ignore_inhibit = NULL;
+        const char *action = NULL;
+        uint64_t elapse;
+        char *type;
+        int r;
+
+        assert(m);
+        assert(message);
+
+        r = sd_bus_message_read(message, "st", &type, &elapse);
+        if (r < 0)
+                return r;
+
+        if (startswith(type, "dry-")) {
+                type += 4;
+                m->shutdown_dry_run = true;
+        }
+
+        if (streq(type, "reboot")) {
+                action = "org.freedesktop.login1.reboot";
+                action_multiple_sessions = "org.freedesktop.login1.reboot-multiple-sessions";
+                action_ignore_inhibit = "org.freedesktop.login1.reboot-ignore-inhibit";
+        } else if (streq(type, "halt")) {
+                action = "org.freedesktop.login1.halt";
+                action_multiple_sessions = "org.freedesktop.login1.halt-multiple-sessions";
+                action_ignore_inhibit = "org.freedesktop.login1.halt-ignore-inhibit";
+        } else if (streq(type, "poweroff")) {
+                action = "org.freedesktop.login1.power-off";
+                action_multiple_sessions = "org.freedesktop.login1.power-off-multiple-sessions";
+                action_ignore_inhibit = "org.freedesktop.login1.power-off-ignore-inhibit";
+        } else
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unsupported shutdown type");
+
+        r = verify_shutdown_creds(m, message, INHIBIT_SHUTDOWN, false,
+                                  action, action_multiple_sessions, action_ignore_inhibit, error);
+        if (r != 0)
+                return r;
+
+        if (m->scheduled_shutdown_timeout_source) {
+                r = sd_event_source_set_time(m->scheduled_shutdown_timeout_source, elapse);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_time() failed: %m");
+
+                r = sd_event_source_set_enabled(m->scheduled_shutdown_timeout_source, SD_EVENT_ONESHOT);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
+        } else {
+                r = sd_event_add_time(m->event, &m->scheduled_shutdown_timeout_source,
+                                      CLOCK_REALTIME, elapse, 0, manager_scheduled_shutdown_handler, m);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_add_time() failed: %m");
+        }
+
+        r = free_and_strdup(&m->scheduled_shutdown_type, type);
+        if (r < 0) {
+                m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
+                return log_oom();
+        }
+
+        if (m->nologin_timeout_source) {
+                r = sd_event_source_set_time(m->nologin_timeout_source, elapse);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_time() failed: %m");
+
+                r = sd_event_source_set_enabled(m->nologin_timeout_source, SD_EVENT_ONESHOT);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
+        } else {
+                r = sd_event_add_time(m->event, &m->nologin_timeout_source,
+                                      CLOCK_REALTIME, elapse - 5 * USEC_PER_MINUTE, 0, nologin_timeout_handler, m);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_add_time() failed: %m");
+        }
+
+        m->scheduled_shutdown_timeout = elapse;
+
+        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_TTY|SD_BUS_CREDS_UID, &creds);
+        if (r >= 0) {
+                const char *tty = NULL;
+
+                (void) sd_bus_creds_get_uid(creds, &m->scheduled_shutdown_uid);
+                (void) sd_bus_creds_get_tty(creds, &tty);
+
+                r = free_and_strdup(&m->scheduled_shutdown_tty, tty);
+                if (r < 0) {
+                        m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
+                        return log_oom();
+                }
+        }
+
+        r = manager_setup_wall_message_timer(m);
+        if (r < 0)
+                return r;
+
+        if (!isempty(type)) {
+                r = update_schedule_file(m);
+                if (r < 0)
+                        return r;
+        } else
+                (void) unlink("/run/systemd/shutdown/scheduled");
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_cancel_scheduled_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        bool cancelled;
+
+        assert(m);
+        assert(message);
+
+        cancelled = m->scheduled_shutdown_type != NULL;
+        reset_scheduled_shutdown(m);
+
+        if (cancelled) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+                const char *tty = NULL;
+                uid_t uid = 0;
+                int r;
+
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_TTY|SD_BUS_CREDS_UID, &creds);
+                if (r >= 0) {
+                        (void) sd_bus_creds_get_uid(creds, &uid);
+                        (void) sd_bus_creds_get_tty(creds, &tty);
+                }
+
+                utmp_wall("The system shutdown has been cancelled",
+                          uid_to_name(uid), tty, logind_wall_tty_filter, m);
+        }
+
+        return sd_bus_reply_method_return(message, "b", cancelled);
+}
+
+static int method_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_do_shutdown_or_sleep(
+                        m, message,
+                        SPECIAL_HIBERNATE_TARGET,
+                        INHIBIT_SLEEP,
+                        "org.freedesktop.login1.hibernate",
+                        "org.freedesktop.login1.hibernate-multiple-sessions",
+                        "org.freedesktop.login1.hibernate-ignore-inhibit",
+                        "hibernate",
+                        error);
+}
+
+static int method_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_do_shutdown_or_sleep(
+                        m, message,
+                        SPECIAL_HYBRID_SLEEP_TARGET,
+                        INHIBIT_SLEEP,
+                        "org.freedesktop.login1.hibernate",
+                        "org.freedesktop.login1.hibernate-multiple-sessions",
+                        "org.freedesktop.login1.hibernate-ignore-inhibit",
+                        "hybrid-sleep",
+                        error);
+}
+
+static int method_can_shutdown_or_sleep(
+                Manager *m,
+                sd_bus_message *message,
+                InhibitWhat w,
+                const char *action,
+                const char *action_multiple_sessions,
+                const char *action_ignore_inhibit,
+                const char *sleep_verb,
+                sd_bus_error *error) {
+
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        bool multiple_sessions, challenge, blocked;
+        const char *result = NULL;
+        uid_t uid;
+        int r;
+
+        assert(m);
+        assert(message);
+        assert(w >= 0);
+        assert(w <= _INHIBIT_WHAT_MAX);
+        assert(action);
+        assert(action_multiple_sessions);
+        assert(action_ignore_inhibit);
+
+        if (sleep_verb) {
+                r = can_sleep(sleep_verb);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return sd_bus_reply_method_return(message, "s", "na");
+        }
+
+        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_creds_get_euid(creds, &uid);
+        if (r < 0)
+                return r;
+
+        r = have_multiple_sessions(m, uid);
+        if (r < 0)
+                return r;
+
+        multiple_sessions = r > 0;
+        blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
+
+        if (multiple_sessions) {
+                r = bus_test_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, UID_INVALID, &challenge, error);
+                if (r < 0)
+                        return r;
+
+                if (r > 0)
+                        result = "yes";
+                else if (challenge)
+                        result = "challenge";
+                else
+                        result = "no";
+        }
+
+        if (blocked) {
+                r = bus_test_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, UID_INVALID, &challenge, error);
+                if (r < 0)
+                        return r;
+
+                if (r > 0 && !result)
+                        result = "yes";
+                else if (challenge && (!result || streq(result, "yes")))
+                        result = "challenge";
+                else
+                        result = "no";
+        }
+
+        if (!multiple_sessions && !blocked) {
+                /* If neither inhibit nor multiple sessions
+                 * apply then just check the normal policy */
+
+                r = bus_test_polkit(message, CAP_SYS_BOOT, action, NULL, UID_INVALID, &challenge, error);
+                if (r < 0)
+                        return r;
+
+                if (r > 0)
+                        result = "yes";
+                else if (challenge)
+                        result = "challenge";
+                else
+                        result = "no";
+        }
+
+        return sd_bus_reply_method_return(message, "s", result);
+}
+
+static int method_can_poweroff(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_can_shutdown_or_sleep(
+                        m, message,
+                        INHIBIT_SHUTDOWN,
+                        "org.freedesktop.login1.power-off",
+                        "org.freedesktop.login1.power-off-multiple-sessions",
+                        "org.freedesktop.login1.power-off-ignore-inhibit",
+                        NULL,
+                        error);
+}
+
+static int method_can_reboot(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_can_shutdown_or_sleep(
+                        m, message,
+                        INHIBIT_SHUTDOWN,
+                        "org.freedesktop.login1.reboot",
+                        "org.freedesktop.login1.reboot-multiple-sessions",
+                        "org.freedesktop.login1.reboot-ignore-inhibit",
+                        NULL,
+                        error);
+}
+
+static int method_can_suspend(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_can_shutdown_or_sleep(
+                        m, message,
+                        INHIBIT_SLEEP,
+                        "org.freedesktop.login1.suspend",
+                        "org.freedesktop.login1.suspend-multiple-sessions",
+                        "org.freedesktop.login1.suspend-ignore-inhibit",
+                        "suspend",
+                        error);
+}
+
+static int method_can_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_can_shutdown_or_sleep(
+                        m, message,
+                        INHIBIT_SLEEP,
+                        "org.freedesktop.login1.hibernate",
+                        "org.freedesktop.login1.hibernate-multiple-sessions",
+                        "org.freedesktop.login1.hibernate-ignore-inhibit",
+                        "hibernate",
+                        error);
+}
+
+static int method_can_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        return method_can_shutdown_or_sleep(
+                        m, message,
+                        INHIBIT_SLEEP,
+                        "org.freedesktop.login1.hibernate",
+                        "org.freedesktop.login1.hibernate-multiple-sessions",
+                        "org.freedesktop.login1.hibernate-ignore-inhibit",
+                        "hybrid-sleep",
+                        error);
+}
+
+static int property_get_reboot_to_firmware_setup(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(userdata);
+
+        r = efi_get_reboot_to_firmware();
+        if (r < 0 && r != -EOPNOTSUPP)
+                return r;
+
+        return sd_bus_message_append(reply, "b", r > 0);
+}
+
+static int method_set_reboot_to_firmware_setup(
+                sd_bus_message *message,
+                void *userdata,
+                sd_bus_error *error) {
+
+        int b, r;
+        Manager *m = userdata;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "b", &b);
+        if (r < 0)
+                return r;
+
+        r = bus_verify_polkit_async(message,
+                                    CAP_SYS_ADMIN,
+                                    "org.freedesktop.login1.set-reboot-to-firmware-setup",
+                                    NULL,
+                                    false,
+                                    UID_INVALID,
+                                    &m->polkit_registry,
+                                    error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        r = efi_set_reboot_to_firmware(b);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_can_reboot_to_firmware_setup(
+                sd_bus_message *message,
+                void *userdata,
+                sd_bus_error *error) {
+
+        int r;
+        bool challenge;
+        const char *result;
+        Manager *m = userdata;
+
+        assert(message);
+        assert(m);
+
+        r = efi_reboot_to_firmware_supported();
+        if (r == -EOPNOTSUPP)
+                return sd_bus_reply_method_return(message, "s", "na");
+        else if (r < 0)
+                return r;
+
+        r = bus_test_polkit(message,
+                            CAP_SYS_ADMIN,
+                            "org.freedesktop.login1.set-reboot-to-firmware-setup",
+                            NULL,
+                            UID_INVALID,
+                            &challenge,
+                            error);
+        if (r < 0)
+                return r;
+
+        if (r > 0)
+                result = "yes";
+        else if (challenge)
+                result = "challenge";
+        else
+                result = "no";
+
+        return sd_bus_reply_method_return(message, "s", result);
+}
+
+static int method_set_wall_message(
+                sd_bus_message *message,
+                void *userdata,
+                sd_bus_error *error) {
+
+        int r;
+        Manager *m = userdata;
+        char *wall_message;
+        int enable_wall_messages;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "sb", &wall_message, &enable_wall_messages);
+        if (r < 0)
+                return r;
+
+        r = bus_verify_polkit_async(message,
+                                    CAP_SYS_ADMIN,
+                                    "org.freedesktop.login1.set-wall-message",
+                                    NULL,
+                                    false,
+                                    UID_INVALID,
+                                    &m->polkit_registry,
+                                    error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        if (isempty(wall_message))
+                m->wall_message = mfree(m->wall_message);
+        else {
+                r = free_and_strdup(&m->wall_message, wall_message);
+                if (r < 0)
+                        return log_oom();
+        }
+
+        m->enable_wall_messages = enable_wall_messages;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_inhibit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        const char *who, *why, *what, *mode;
+        _cleanup_free_ char *id = NULL;
+        _cleanup_close_ int fifo_fd = -1;
+        Manager *m = userdata;
+        Inhibitor *i = NULL;
+        InhibitMode mm;
+        InhibitWhat w;
+        pid_t pid;
+        uid_t uid;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "ssss", &what, &who, &why, &mode);
+        if (r < 0)
+                return r;
+
+        w = inhibit_what_from_string(what);
+        if (w <= 0)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid what specification %s", what);
+
+        mm = inhibit_mode_from_string(mode);
+        if (mm < 0)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid mode specification %s", mode);
+
+        /* Delay is only supported for shutdown/sleep */
+        if (mm == INHIBIT_DELAY && (w & ~(INHIBIT_SHUTDOWN|INHIBIT_SLEEP)))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Delay inhibitors only supported for shutdown and sleep");
+
+        /* Don't allow taking delay locks while we are already
+         * executing the operation. We shouldn't create the impression
+         * that the lock was successful if the machine is about to go
+         * down/suspend any moment. */
+        if (m->action_what & w)
+                return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS, "The operation inhibition has been requested for is already running");
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_BOOT,
+                        w == INHIBIT_SHUTDOWN             ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-shutdown" : "org.freedesktop.login1.inhibit-delay-shutdown") :
+                        w == INHIBIT_SLEEP                ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-sleep"    : "org.freedesktop.login1.inhibit-delay-sleep") :
+                        w == INHIBIT_IDLE                 ? "org.freedesktop.login1.inhibit-block-idle" :
+                        w == INHIBIT_HANDLE_POWER_KEY     ? "org.freedesktop.login1.inhibit-handle-power-key" :
+                        w == INHIBIT_HANDLE_SUSPEND_KEY   ? "org.freedesktop.login1.inhibit-handle-suspend-key" :
+                        w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" :
+                                                            "org.freedesktop.login1.inhibit-handle-lid-switch",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID, &creds);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_creds_get_euid(creds, &uid);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_creds_get_pid(creds, &pid);
+        if (r < 0)
+                return r;
+
+        if (hashmap_size(m->inhibitors) >= m->inhibitors_max)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of inhibitors (%" PRIu64 ") reached, refusing further inhibitors.", m->inhibitors_max);
+
+        do {
+                id = mfree(id);
+
+                if (asprintf(&id, "%lu", ++m->inhibit_counter) < 0)
+                        return -ENOMEM;
+
+        } while (hashmap_get(m->inhibitors, id));
+
+        r = manager_add_inhibitor(m, id, &i);
+        if (r < 0)
+                return r;
+
+        i->what = w;
+        i->mode = mm;
+        i->pid = pid;
+        i->uid = uid;
+        i->why = strdup(why);
+        i->who = strdup(who);
+
+        if (!i->why || !i->who) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        fifo_fd = inhibitor_create_fifo(i);
+        if (fifo_fd < 0) {
+                r = fifo_fd;
+                goto fail;
+        }
+
+        inhibitor_start(i);
+
+        return sd_bus_reply_method_return(message, "h", fifo_fd);
+
+fail:
+        if (i)
+                inhibitor_free(i);
+
+        return r;
+}
+
+const sd_bus_vtable manager_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+
+        SD_BUS_WRITABLE_PROPERTY("EnableWallMessages", "b", NULL, NULL, offsetof(Manager, enable_wall_messages), 0),
+        SD_BUS_WRITABLE_PROPERTY("WallMessage", "s", NULL, NULL, offsetof(Manager, wall_message), 0),
+
+        SD_BUS_PROPERTY("NAutoVTs", "u", NULL, offsetof(Manager, n_autovts), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("KillOnlyUsers", "as", NULL, offsetof(Manager, kill_only_users), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("KillExcludeUsers", "as", NULL, offsetof(Manager, kill_exclude_users), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("KillUserProcesses", "b", NULL, offsetof(Manager, kill_user_processes), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RebootToFirmwareSetup", "b", property_get_reboot_to_firmware_setup, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("IdleHint", "b", property_get_idle_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("IdleSinceHint", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("IdleSinceHintMonotonic", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("BlockInhibited", "s", property_get_inhibited, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("DelayInhibited", "s", property_get_inhibited, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("InhibitDelayMaxUSec", "t", NULL, offsetof(Manager, inhibit_delay_max), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HandlePowerKey", "s", property_get_handle_action, offsetof(Manager, handle_power_key), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HandleSuspendKey", "s", property_get_handle_action, offsetof(Manager, handle_suspend_key), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HandleHibernateKey", "s", property_get_handle_action, offsetof(Manager, handle_hibernate_key), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HandleLidSwitch", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HandleLidSwitchDocked", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch_docked), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("HoldoffTimeoutUSec", "t", NULL, offsetof(Manager, holdoff_timeout_usec), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("IdleAction", "s", property_get_handle_action, offsetof(Manager, idle_action), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("IdleActionUSec", "t", NULL, offsetof(Manager, idle_action_usec), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("PreparingForShutdown", "b", property_get_preparing, 0, 0),
+        SD_BUS_PROPERTY("PreparingForSleep", "b", property_get_preparing, 0, 0),
+        SD_BUS_PROPERTY("ScheduledShutdown", "(st)", property_get_scheduled_shutdown, 0, 0),
+        SD_BUS_PROPERTY("Docked", "b", property_get_docked, 0, 0),
+        SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool, offsetof(Manager, remove_ipc), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RuntimeDirectorySize", "t", bus_property_get_size, offsetof(Manager, runtime_dir_size), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("InhibitorsMax", "t", NULL, offsetof(Manager, inhibitors_max), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("NCurrentInhibitors", "t", property_get_current_inhibitors, 0, 0),
+        SD_BUS_PROPERTY("SessionsMax", "t", NULL, offsetof(Manager, sessions_max), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("NCurrentSessions", "t", property_get_current_sessions, 0, 0),
+        SD_BUS_PROPERTY("UserTasksMax", "t", NULL, offsetof(Manager, user_tasks_max), SD_BUS_VTABLE_PROPERTY_CONST),
+
+        SD_BUS_METHOD("GetSession", "s", "o", method_get_session, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetSessionByPID", "u", "o", method_get_session_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetUser", "u", "o", method_get_user, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetUserByPID", "u", "o", method_get_user_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetSeat", "s", "o", method_get_seat, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ListSessions", NULL, "a(susso)", method_list_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ListUsers", NULL, "a(uso)", method_list_users, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ListSeats", NULL, "a(so)", method_list_seats, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ListInhibitors", NULL, "a(ssssuu)", method_list_inhibitors, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CreateSession", "uusssssussbssa(sv)", "soshusub", method_create_session, 0),
+        SD_BUS_METHOD("ReleaseSession", "s", NULL, method_release_session, 0),
+        SD_BUS_METHOD("ActivateSession", "s", NULL, method_activate_session, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ActivateSessionOnSeat", "ss", NULL, method_activate_session_on_seat, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("LockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("UnlockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("LockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("UnlockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("KillSession", "ssi", NULL, method_kill_session, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("KillUser", "ui", NULL, method_kill_user, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("TerminateSession", "s", NULL, method_terminate_session, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("TerminateUser", "u", NULL, method_terminate_user, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("TerminateSeat", "s", NULL, method_terminate_seat, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("PowerOff", "b", NULL, method_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Reboot", "b", NULL, method_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CanPowerOff", NULL, "s", method_can_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CanReboot", NULL, "s", method_can_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CanSuspend", NULL, "s", method_can_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CanHibernate", NULL, "s", method_can_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CanHybridSleep", NULL, "s", method_can_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ScheduleShutdown", "st", NULL, method_schedule_shutdown, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CancelScheduledShutdown", NULL, "b", method_cancel_scheduled_shutdown, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Inhibit", "ssss", "h", method_inhibit, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CanRebootToFirmwareSetup", NULL, "s", method_can_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetRebootToFirmwareSetup", "b", NULL, method_set_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetWallMessage", "sb", NULL, method_set_wall_message, SD_BUS_VTABLE_UNPRIVILEGED),
+
+        SD_BUS_SIGNAL("SessionNew", "so", 0),
+        SD_BUS_SIGNAL("SessionRemoved", "so", 0),
+        SD_BUS_SIGNAL("UserNew", "uo", 0),
+        SD_BUS_SIGNAL("UserRemoved", "uo", 0),
+        SD_BUS_SIGNAL("SeatNew", "so", 0),
+        SD_BUS_SIGNAL("SeatRemoved", "so", 0),
+        SD_BUS_SIGNAL("PrepareForShutdown", "b", 0),
+        SD_BUS_SIGNAL("PrepareForSleep", "b", 0),
+
+        SD_BUS_VTABLE_END
+};
+
+static int session_jobs_reply(Session *s, const char *unit, const char *result) {
+        int r = 0;
+
+        assert(s);
+        assert(unit);
+
+        if (!s->started)
+                return r;
+
+        if (streq(result, "done"))
+                r = session_send_create_reply(s, NULL);
+        else {
+                _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
+
+                sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED, "Start job for unit %s failed with '%s'", unit, result);
+                r = session_send_create_reply(s, &e);
+        }
+
+        return r;
+}
+
+int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *path, *result, *unit;
+        Manager *m = userdata;
+        Session *session;
+        uint32_t id;
+        User *user;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "uoss", &id, &path, &unit, &result);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        if (m->action_job && streq(m->action_job, path)) {
+                log_info("Operation '%s' finished.", inhibit_what_to_string(m->action_what));
+
+                /* Tell people that they now may take a lock again */
+                send_prepare_for(m, m->action_what, false);
+
+                m->action_job = mfree(m->action_job);
+                m->action_unit = NULL;
+                m->action_what = 0;
+                return 0;
+        }
+
+        session = hashmap_get(m->session_units, unit);
+        if (session && streq_ptr(path, session->scope_job)) {
+                session->scope_job = mfree(session->scope_job);
+                session_jobs_reply(session, unit, result);
+
+                session_save(session);
+                user_save(session->user);
+                session_add_to_gc_queue(session);
+        }
+
+        user = hashmap_get(m->user_units, unit);
+        if (user &&
+            (streq_ptr(path, user->service_job) ||
+             streq_ptr(path, user->slice_job))) {
+
+                if (streq_ptr(path, user->service_job))
+                        user->service_job = mfree(user->service_job);
+
+                if (streq_ptr(path, user->slice_job))
+                        user->slice_job = mfree(user->slice_job);
+
+                LIST_FOREACH(sessions_by_user, session, user->sessions)
+                        session_jobs_reply(session, unit, result);
+
+                user_save(user);
+                user_add_to_gc_queue(user);
+        }
+
+        return 0;
+}
+
+int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *path, *unit;
+        Manager *m = userdata;
+        Session *session;
+        User *user;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "so", &unit, &path);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        session = hashmap_get(m->session_units, unit);
+        if (session)
+                session_add_to_gc_queue(session);
+
+        user = hashmap_get(m->user_units, unit);
+        if (user)
+                user_add_to_gc_queue(user);
+
+        return 0;
+}
+
+int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *unit = NULL;
+        Manager *m = userdata;
+        const char *path;
+        Session *session;
+        User *user;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        path = sd_bus_message_get_path(message);
+        if (!path)
+                return 0;
+
+        r = unit_name_from_dbus_path(path, &unit);
+        if (r == -EINVAL) /* not a unit */
+                return 0;
+        if (r < 0) {
+                log_oom();
+                return 0;
+        }
+
+        session = hashmap_get(m->session_units, unit);
+        if (session)
+                session_add_to_gc_queue(session);
+
+        user = hashmap_get(m->user_units, unit);
+        if (user)
+                user_add_to_gc_queue(user);
+
+        return 0;
+}
+
+int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Session *session;
+        Iterator i;
+        int b, r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "b", &b);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        if (b)
+                return 0;
+
+        /* systemd finished reloading, let's recheck all our sessions */
+        log_debug("System manager has been reloaded, rechecking sessions...");
+
+        HASHMAP_FOREACH(session, m->sessions, i)
+                session_add_to_gc_queue(session);
+
+        return 0;
+}
+
+int manager_send_changed(Manager *manager, const char *property, ...) {
+        char **l;
+
+        assert(manager);
+
+        l = strv_from_stdarg_alloca(property);
+
+        return sd_bus_emit_properties_changed_strv(
+                        manager->bus,
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        l);
+}
+
+static int strdup_job(sd_bus_message *reply, char **job) {
+        const char *j;
+        char *copy;
+        int r;
+
+        r = sd_bus_message_read(reply, "o", &j);
+        if (r < 0)
+                return r;
+
+        copy = strdup(j);
+        if (!copy)
+                return -ENOMEM;
+
+        *job = copy;
+        return 1;
+}
+
+int manager_start_slice(
+                Manager *manager,
+                const char *slice,
+                const char *description,
+                const char *after,
+                const char *after2,
+                uint64_t tasks_max,
+                sd_bus_error *error,
+                char **job) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(slice);
+        assert(job);
+
+        r = sd_bus_message_new_method_call(
+                        manager->bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartTransientUnit");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "ss", strempty(slice), "fail");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(m, 'a', "(sv)");
+        if (r < 0)
+                return r;
+
+        if (!isempty(description)) {
+                r = sd_bus_message_append(m, "(sv)", "Description", "s", description);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!isempty(after)) {
+                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!isempty(after2)) {
+                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after2);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", tasks_max);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "a(sa(sv))", 0);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call(manager->bus, m, 0, error, &reply);
+        if (r < 0)
+                return r;
+
+        return strdup_job(reply, job);
+}
+
+int manager_start_scope(
+                Manager *manager,
+                const char *scope,
+                pid_t pid,
+                const char *slice,
+                const char *description,
+                const char *after,
+                const char *after2,
+                uint64_t tasks_max,
+                sd_bus_error *error,
+                char **job) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(scope);
+        assert(pid > 1);
+        assert(job);
+
+        r = sd_bus_message_new_method_call(
+                        manager->bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartTransientUnit");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "ss", strempty(scope), "fail");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(m, 'a', "(sv)");
+        if (r < 0)
+                return r;
+
+        if (!isempty(slice)) {
+                r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!isempty(description)) {
+                r = sd_bus_message_append(m, "(sv)", "Description", "s", description);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!isempty(after)) {
+                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!isempty(after2)) {
+                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after2);
+                if (r < 0)
+                        return r;
+        }
+
+        /* cgroup empty notification is not available in containers
+         * currently. To make this less problematic, let's shorten the
+         * stop timeout for sessions, so that we don't wait
+         * forever. */
+
+        /* Make sure that the session shells are terminated with
+         * SIGHUP since bash and friends tend to ignore SIGTERM */
+        r = sd_bus_message_append(m, "(sv)", "SendSIGHUP", "b", true);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "(sv)", "PIDs", "au", 1, pid);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", tasks_max);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "a(sa(sv))", 0);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call(manager->bus, m, 0, error, &reply);
+        if (r < 0)
+                return r;
+
+        return strdup_job(reply, job);
+}
+
+int manager_start_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(unit);
+        assert(job);
+
+        r = sd_bus_call_method(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartUnit",
+                        error,
+                        &reply,
+                        "ss", unit, "replace");
+        if (r < 0)
+                return r;
+
+        return strdup_job(reply, job);
+}
+
+int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(unit);
+        assert(job);
+
+        r = sd_bus_call_method(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StopUnit",
+                        error,
+                        &reply,
+                        "ss", unit, "fail");
+        if (r < 0) {
+                if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
+                    sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED)) {
+
+                        *job = NULL;
+                        sd_bus_error_free(error);
+                        return 0;
+                }
+
+                return r;
+        }
+
+        return strdup_job(reply, job);
+}
+
+int manager_abandon_scope(Manager *manager, const char *scope, sd_bus_error *error) {
+        _cleanup_free_ char *path = NULL;
+        int r;
+
+        assert(manager);
+        assert(scope);
+
+        path = unit_dbus_path_from_name(scope);
+        if (!path)
+                return -ENOMEM;
+
+        r = sd_bus_call_method(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Scope",
+                        "Abandon",
+                        error,
+                        NULL,
+                        NULL);
+        if (r < 0) {
+                if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
+                    sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED) ||
+                    sd_bus_error_has_name(error, BUS_ERROR_SCOPE_NOT_RUNNING)) {
+                        sd_bus_error_free(error);
+                        return 0;
+                }
+
+                return r;
+        }
+
+        return 1;
+}
+
+int manager_kill_unit(Manager *manager, const char *unit, KillWho who, int signo, sd_bus_error *error) {
+        assert(manager);
+        assert(unit);
+
+        return sd_bus_call_method(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "KillUnit",
+                        error,
+                        NULL,
+                        "ssi", unit, who == KILL_LEADER ? "main" : "all", signo);
+}
+
+int manager_unit_is_active(Manager *manager, const char *unit) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ char *path = NULL;
+        const char *state;
+        int r;
+
+        assert(manager);
+        assert(unit);
+
+        path = unit_dbus_path_from_name(unit);
+        if (!path)
+                return -ENOMEM;
+
+        r = sd_bus_get_property(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        "ActiveState",
+                        &error,
+                        &reply,
+                        "s");
+        if (r < 0) {
+                /* systemd might have droppped off momentarily, let's
+                 * not make this an error */
+                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
+                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
+                        return true;
+
+                /* If the unit is already unloaded then it's not
+                 * active */
+                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
+                    sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED))
+                        return false;
+
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "s", &state);
+        if (r < 0)
+                return -EINVAL;
+
+        return !streq(state, "inactive") && !streq(state, "failed");
+}
+
+int manager_job_is_active(Manager *manager, const char *path) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(path);
+
+        r = sd_bus_get_property(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Job",
+                        "State",
+                        &error,
+                        &reply,
+                        "s");
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
+                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
+                        return true;
+
+                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT))
+                        return false;
+
+                return r;
+        }
+
+        /* We don't actually care about the state really. The fact
+         * that we could read the job state is enough for us */
+
+        return true;
+}
diff --git a/src/login/logind-device.c b/src/grp-login/liblogind-core/logind-device.c
index eb5edd1cd5..eb5edd1cd5 100644
--- a/src/login/logind-device.c
+++ b/src/grp-login/liblogind-core/logind-device.c
diff --git a/src/login/logind-device.h b/src/grp-login/liblogind-core/logind-device.h
index 927068e00a..927068e00a 100644
--- a/src/login/logind-device.h
+++ b/src/grp-login/liblogind-core/logind-device.h
diff --git a/src/login/logind-gperf.gperf b/src/grp-login/liblogind-core/logind-gperf.gperf
index 6bd08adc05..6bd08adc05 100644
--- a/src/login/logind-gperf.gperf
+++ b/src/grp-login/liblogind-core/logind-gperf.gperf
diff --git a/src/login/logind-inhibit.c b/src/grp-login/liblogind-core/logind-inhibit.c
index 6c78e0dddc..6c78e0dddc 100644
--- a/src/login/logind-inhibit.c
+++ b/src/grp-login/liblogind-core/logind-inhibit.c
diff --git a/src/login/logind-inhibit.h b/src/grp-login/liblogind-core/logind-inhibit.h
index 70de199c60..70de199c60 100644
--- a/src/login/logind-inhibit.h
+++ b/src/grp-login/liblogind-core/logind-inhibit.h
diff --git a/src/login/logind-seat-dbus.c b/src/grp-login/liblogind-core/logind-seat-dbus.c
index f934a5326a..f934a5326a 100644
--- a/src/login/logind-seat-dbus.c
+++ b/src/grp-login/liblogind-core/logind-seat-dbus.c
diff --git a/src/grp-login/liblogind-core/logind-seat.c b/src/grp-login/liblogind-core/logind-seat.c
new file mode 100644
index 0000000000..aec67718a1
--- /dev/null
+++ b/src/grp-login/liblogind-core/logind-seat.c
@@ -0,0 +1,695 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "logind-acl.h"
+#include "logind-seat.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "terminal-util.h"
+#include "util.h"
+
+Seat *seat_new(Manager *m, const char *id) {
+        Seat *s;
+
+        assert(m);
+        assert(id);
+
+        s = new0(Seat, 1);
+        if (!s)
+                return NULL;
+
+        s->state_file = strappend("/run/systemd/seats/", id);
+        if (!s->state_file) {
+                free(s);
+                return NULL;
+        }
+
+        s->id = basename(s->state_file);
+        s->manager = m;
+
+        if (hashmap_put(m->seats, s->id, s) < 0) {
+                free(s->state_file);
+                free(s);
+                return NULL;
+        }
+
+        return s;
+}
+
+void seat_free(Seat *s) {
+        assert(s);
+
+        if (s->in_gc_queue)
+                LIST_REMOVE(gc_queue, s->manager->seat_gc_queue, s);
+
+        while (s->sessions)
+                session_free(s->sessions);
+
+        assert(!s->active);
+
+        while (s->devices)
+                device_free(s->devices);
+
+        hashmap_remove(s->manager->seats, s->id);
+
+        free(s->positions);
+        free(s->state_file);
+        free(s);
+}
+
+int seat_save(Seat *s) {
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(s);
+
+        if (!s->started)
+                return 0;
+
+        r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0);
+        if (r < 0)
+                goto fail;
+
+        r = fopen_temporary(s->state_file, &f, &temp_path);
+        if (r < 0)
+                goto fail;
+
+        fchmod(fileno(f), 0644);
+
+        fprintf(f,
+                "# This is private data. Do not parse.\n"
+                "IS_SEAT0=%i\n"
+                "CAN_MULTI_SESSION=%i\n"
+                "CAN_TTY=%i\n"
+                "CAN_GRAPHICAL=%i\n",
+                seat_is_seat0(s),
+                seat_can_multi_session(s),
+                seat_can_tty(s),
+                seat_can_graphical(s));
+
+        if (s->active) {
+                assert(s->active->user);
+
+                fprintf(f,
+                        "ACTIVE=%s\n"
+                        "ACTIVE_UID="UID_FMT"\n",
+                        s->active->id,
+                        s->active->user->uid);
+        }
+
+        if (s->sessions) {
+                Session *i;
+
+                fputs("SESSIONS=", f);
+                LIST_FOREACH(sessions_by_seat, i, s->sessions) {
+                        fprintf(f,
+                                "%s%c",
+                                i->id,
+                                i->sessions_by_seat_next ? ' ' : '\n');
+                }
+
+                fputs("UIDS=", f);
+                LIST_FOREACH(sessions_by_seat, i, s->sessions)
+                        fprintf(f,
+                                UID_FMT"%c",
+                                i->user->uid,
+                                i->sessions_by_seat_next ? ' ' : '\n');
+        }
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, s->state_file) < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        (void) unlink(s->state_file);
+
+        if (temp_path)
+                (void) unlink(temp_path);
+
+        return log_error_errno(r, "Failed to save seat data %s: %m", s->state_file);
+}
+
+int seat_load(Seat *s) {
+        assert(s);
+
+        /* There isn't actually anything to read here ... */
+
+        return 0;
+}
+
+static int vt_allocate(unsigned int vtnr) {
+        char p[sizeof("/dev/tty") + DECIMAL_STR_MAX(unsigned int)];
+        _cleanup_close_ int fd = -1;
+
+        assert(vtnr >= 1);
+
+        xsprintf(p, "/dev/tty%u", vtnr);
+        fd = open_terminal(p, O_RDWR|O_NOCTTY|O_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        return 0;
+}
+
+int seat_preallocate_vts(Seat *s) {
+        int r = 0;
+        unsigned i;
+
+        assert(s);
+        assert(s->manager);
+
+        log_debug("Preallocating VTs...");
+
+        if (s->manager->n_autovts <= 0)
+                return 0;
+
+        if (!seat_has_vts(s))
+                return 0;
+
+        for (i = 1; i <= s->manager->n_autovts; i++) {
+                int q;
+
+                q = vt_allocate(i);
+                if (q < 0) {
+                        log_error_errno(q, "Failed to preallocate VT %u: %m", i);
+                        r = q;
+                }
+        }
+
+        return r;
+}
+
+int seat_apply_acls(Seat *s, Session *old_active) {
+        int r;
+
+        assert(s);
+
+        r = devnode_acl_all(s->manager->udev,
+                            s->id,
+                            false,
+                            !!old_active, old_active ? old_active->user->uid : 0,
+                            !!s->active, s->active ? s->active->user->uid : 0);
+
+        if (r < 0)
+                log_error_errno(r, "Failed to apply ACLs: %m");
+
+        return r;
+}
+
+int seat_set_active(Seat *s, Session *session) {
+        Session *old_active;
+
+        assert(s);
+        assert(!session || session->seat == s);
+
+        if (session == s->active)
+                return 0;
+
+        old_active = s->active;
+        s->active = session;
+
+        if (old_active) {
+                session_device_pause_all(old_active);
+                session_send_changed(old_active, "Active", NULL);
+        }
+
+        seat_apply_acls(s, old_active);
+
+        if (session && session->started) {
+                session_send_changed(session, "Active", NULL);
+                session_device_resume_all(session);
+        }
+
+        if (!session || session->started)
+                seat_send_changed(s, "ActiveSession", NULL);
+
+        seat_save(s);
+
+        if (session) {
+                session_save(session);
+                user_save(session->user);
+        }
+
+        if (old_active) {
+                session_save(old_active);
+                if (!session || session->user != old_active->user)
+                        user_save(old_active->user);
+        }
+
+        return 0;
+}
+
+int seat_switch_to(Seat *s, unsigned int num) {
+        /* Public session positions skip 0 (there is only F1-F12). Maybe it
+         * will get reassigned in the future, so return error for now. */
+        if (num == 0)
+                return -EINVAL;
+
+        if (num >= s->position_count || !s->positions[num]) {
+                /* allow switching to unused VTs to trigger auto-activate */
+                if (seat_has_vts(s) && num < 64)
+                        return chvt(num);
+
+                return -EINVAL;
+        }
+
+        return session_activate(s->positions[num]);
+}
+
+int seat_switch_to_next(Seat *s) {
+        unsigned int start, i;
+
+        if (s->position_count == 0)
+                return -EINVAL;
+
+        start = 1;
+        if (s->active && s->active->position > 0)
+                start = s->active->position;
+
+        for (i = start + 1; i < s->position_count; ++i)
+                if (s->positions[i])
+                        return session_activate(s->positions[i]);
+
+        for (i = 1; i < start; ++i)
+                if (s->positions[i])
+                        return session_activate(s->positions[i]);
+
+        return -EINVAL;
+}
+
+int seat_switch_to_previous(Seat *s) {
+        unsigned int start, i;
+
+        if (s->position_count == 0)
+                return -EINVAL;
+
+        start = 1;
+        if (s->active && s->active->position > 0)
+                start = s->active->position;
+
+        for (i = start - 1; i > 0; --i)
+                if (s->positions[i])
+                        return session_activate(s->positions[i]);
+
+        for (i = s->position_count - 1; i > start; --i)
+                if (s->positions[i])
+                        return session_activate(s->positions[i]);
+
+        return -EINVAL;
+}
+
+int seat_active_vt_changed(Seat *s, unsigned int vtnr) {
+        Session *i, *new_active = NULL;
+        int r;
+
+        assert(s);
+        assert(vtnr >= 1);
+
+        if (!seat_has_vts(s))
+                return -EINVAL;
+
+        log_debug("VT changed to %u", vtnr);
+
+        /* we might have earlier closing sessions on the same VT, so try to
+         * find a running one first */
+        LIST_FOREACH(sessions_by_seat, i, s->sessions)
+                if (i->vtnr == vtnr && !i->stopping) {
+                        new_active = i;
+                        break;
+                }
+
+        if (!new_active) {
+                /* no running one? then we can't decide which one is the
+                 * active one, let the first one win */
+                LIST_FOREACH(sessions_by_seat, i, s->sessions)
+                        if (i->vtnr == vtnr) {
+                                new_active = i;
+                                break;
+                        }
+        }
+
+        r = seat_set_active(s, new_active);
+        manager_spawn_autovt(s->manager, vtnr);
+
+        return r;
+}
+
+int seat_read_active_vt(Seat *s) {
+        char t[64];
+        ssize_t k;
+        unsigned int vtnr;
+        int r;
+
+        assert(s);
+
+        if (!seat_has_vts(s))
+                return 0;
+
+        lseek(s->manager->console_active_fd, SEEK_SET, 0);
+
+        k = read(s->manager->console_active_fd, t, sizeof(t)-1);
+        if (k <= 0) {
+                log_error("Failed to read current console: %s", k < 0 ? strerror(-errno) : "EOF");
+                return k < 0 ? -errno : -EIO;
+        }
+
+        t[k] = 0;
+        truncate_nl(t);
+
+        if (!startswith(t, "tty")) {
+                log_error("Hm, /sys/class/tty/tty0/active is badly formatted.");
+                return -EIO;
+        }
+
+        r = safe_atou(t+3, &vtnr);
+        if (r < 0) {
+                log_error("Failed to parse VT number %s", t+3);
+                return r;
+        }
+
+        if (!vtnr) {
+                log_error("VT number invalid: %s", t+3);
+                return -EIO;
+        }
+
+        return seat_active_vt_changed(s, vtnr);
+}
+
+int seat_start(Seat *s) {
+        assert(s);
+
+        if (s->started)
+                return 0;
+
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_SEAT_START),
+                   "SEAT_ID=%s", s->id,
+                   LOG_MESSAGE("New seat %s.", s->id),
+                   NULL);
+
+        /* Initialize VT magic stuff */
+        seat_preallocate_vts(s);
+
+        /* Read current VT */
+        seat_read_active_vt(s);
+
+        s->started = true;
+
+        /* Save seat data */
+        seat_save(s);
+
+        seat_send_signal(s, true);
+
+        return 0;
+}
+
+int seat_stop(Seat *s, bool force) {
+        int r = 0;
+
+        assert(s);
+
+        if (s->started)
+                log_struct(LOG_INFO,
+                           LOG_MESSAGE_ID(SD_MESSAGE_SEAT_STOP),
+                           "SEAT_ID=%s", s->id,
+                           LOG_MESSAGE("Removed seat %s.", s->id),
+                           NULL);
+
+        seat_stop_sessions(s, force);
+
+        unlink(s->state_file);
+        seat_add_to_gc_queue(s);
+
+        if (s->started)
+                seat_send_signal(s, false);
+
+        s->started = false;
+
+        return r;
+}
+
+int seat_stop_sessions(Seat *s, bool force) {
+        Session *session;
+        int r = 0, k;
+
+        assert(s);
+
+        LIST_FOREACH(sessions_by_seat, session, s->sessions) {
+                k = session_stop(session, force);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+void seat_evict_position(Seat *s, Session *session) {
+        Session *iter;
+        unsigned int pos = session->position;
+
+        session->position = 0;
+
+        if (pos == 0)
+                return;
+
+        if (pos < s->position_count && s->positions[pos] == session) {
+                s->positions[pos] = NULL;
+
+                /* There might be another session claiming the same
+                 * position (eg., during gdm->session transition), so let's look
+                 * for it and set it on the free slot. */
+                LIST_FOREACH(sessions_by_seat, iter, s->sessions) {
+                        if (iter->position == pos && session_get_state(iter) != SESSION_CLOSING) {
+                                s->positions[pos] = iter;
+                                break;
+                        }
+                }
+        }
+}
+
+void seat_claim_position(Seat *s, Session *session, unsigned int pos) {
+        /* with VTs, the position is always the same as the VTnr */
+        if (seat_has_vts(s))
+                pos = session->vtnr;
+
+        if (!GREEDY_REALLOC0(s->positions, s->position_count, pos + 1))
+                return;
+
+        seat_evict_position(s, session);
+
+        session->position = pos;
+        if (pos > 0)
+                s->positions[pos] = session;
+}
+
+static void seat_assign_position(Seat *s, Session *session) {
+        unsigned int pos;
+
+        if (session->position > 0)
+                return;
+
+        for (pos = 1; pos < s->position_count; ++pos)
+                if (!s->positions[pos])
+                        break;
+
+        seat_claim_position(s, session, pos);
+}
+
+int seat_attach_session(Seat *s, Session *session) {
+        assert(s);
+        assert(session);
+        assert(!session->seat);
+
+        if (!seat_has_vts(s) != !session->vtnr)
+                return -EINVAL;
+
+        session->seat = s;
+        LIST_PREPEND(sessions_by_seat, s->sessions, session);
+        seat_assign_position(s, session);
+
+        seat_send_changed(s, "Sessions", NULL);
+
+        /* On seats with VTs, the VT logic defines which session is active. On
+         * seats without VTs, we automatically activate new sessions. */
+        if (!seat_has_vts(s))
+                seat_set_active(s, session);
+
+        return 0;
+}
+
+void seat_complete_switch(Seat *s) {
+        Session *session;
+
+        assert(s);
+
+        /* if no session-switch is pending or if it got canceled, do nothing */
+        if (!s->pending_switch)
+                return;
+
+        session = s->pending_switch;
+        s->pending_switch = NULL;
+
+        seat_set_active(s, session);
+}
+
+bool seat_has_vts(Seat *s) {
+        assert(s);
+
+        return seat_is_seat0(s) && s->manager->console_active_fd >= 0;
+}
+
+bool seat_is_seat0(Seat *s) {
+        assert(s);
+
+        return s->manager->seat0 == s;
+}
+
+bool seat_can_multi_session(Seat *s) {
+        assert(s);
+
+        return seat_has_vts(s);
+}
+
+bool seat_can_tty(Seat *s) {
+        assert(s);
+
+        return seat_has_vts(s);
+}
+
+bool seat_has_master_device(Seat *s) {
+        assert(s);
+
+        /* device list is ordered by "master" flag */
+        return !!s->devices && s->devices->master;
+}
+
+bool seat_can_graphical(Seat *s) {
+        assert(s);
+
+        return seat_has_master_device(s);
+}
+
+int seat_get_idle_hint(Seat *s, dual_timestamp *t) {
+        Session *session;
+        bool idle_hint = true;
+        dual_timestamp ts = DUAL_TIMESTAMP_NULL;
+
+        assert(s);
+
+        LIST_FOREACH(sessions_by_seat, session, s->sessions) {
+                dual_timestamp k;
+                int ih;
+
+                ih = session_get_idle_hint(session, &k);
+                if (ih < 0)
+                        return ih;
+
+                if (!ih) {
+                        if (!idle_hint) {
+                                if (k.monotonic > ts.monotonic)
+                                        ts = k;
+                        } else {
+                                idle_hint = false;
+                                ts = k;
+                        }
+                } else if (idle_hint) {
+
+                        if (k.monotonic > ts.monotonic)
+                                ts = k;
+                }
+        }
+
+        if (t)
+                *t = ts;
+
+        return idle_hint;
+}
+
+bool seat_check_gc(Seat *s, bool drop_not_started) {
+        assert(s);
+
+        if (drop_not_started && !s->started)
+                return false;
+
+        if (seat_is_seat0(s))
+                return true;
+
+        return seat_has_master_device(s);
+}
+
+void seat_add_to_gc_queue(Seat *s) {
+        assert(s);
+
+        if (s->in_gc_queue)
+                return;
+
+        LIST_PREPEND(gc_queue, s->manager->seat_gc_queue, s);
+        s->in_gc_queue = true;
+}
+
+static bool seat_name_valid_char(char c) {
+        return
+                (c >= 'a' && c <= 'z') ||
+                (c >= 'A' && c <= 'Z') ||
+                (c >= '0' && c <= '9') ||
+                c == '-' ||
+                c == '_';
+}
+
+bool seat_name_is_valid(const char *name) {
+        const char *p;
+
+        assert(name);
+
+        if (!startswith(name, "seat"))
+                return false;
+
+        if (!name[4])
+                return false;
+
+        for (p = name; *p; p++)
+                if (!seat_name_valid_char(*p))
+                        return false;
+
+        if (strlen(name) > 255)
+                return false;
+
+        return true;
+}
diff --git a/src/login/logind-seat.h b/src/grp-login/liblogind-core/logind-seat.h
index 9a4fbc5bc5..9a4fbc5bc5 100644
--- a/src/login/logind-seat.h
+++ b/src/grp-login/liblogind-core/logind-seat.h
diff --git a/src/login/logind-session-dbus.c b/src/grp-login/liblogind-core/logind-session-dbus.c
index 22dea5db1f..22dea5db1f 100644
--- a/src/login/logind-session-dbus.c
+++ b/src/grp-login/liblogind-core/logind-session-dbus.c
diff --git a/src/login/logind-session-device.c b/src/grp-login/liblogind-core/logind-session-device.c
index 4055a23277..4055a23277 100644
--- a/src/login/logind-session-device.c
+++ b/src/grp-login/liblogind-core/logind-session-device.c
diff --git a/src/login/logind-session-device.h b/src/grp-login/liblogind-core/logind-session-device.h
index 7c8503583f..7c8503583f 100644
--- a/src/login/logind-session-device.h
+++ b/src/grp-login/liblogind-core/logind-session-device.h
diff --git a/src/grp-login/liblogind-core/logind-session.c b/src/grp-login/liblogind-core/logind-session.c
new file mode 100644
index 0000000000..11a83106b1
--- /dev/null
+++ b/src/grp-login/liblogind-core/logind-session.c
@@ -0,0 +1,1271 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/kd.h>
+#include <linux/vt.h>
+#include <signal.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "audit-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "io-util.h"
+#include "logind-session.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "string-table.h"
+#include "terminal-util.h"
+#include "user-util.h"
+#include "util.h"
+
+#define RELEASE_USEC (20*USEC_PER_SEC)
+
+static void session_remove_fifo(Session *s);
+
+Session* session_new(Manager *m, const char *id) {
+        Session *s;
+
+        assert(m);
+        assert(id);
+        assert(session_id_valid(id));
+
+        s = new0(Session, 1);
+        if (!s)
+                return NULL;
+
+        s->state_file = strappend("/run/systemd/sessions/", id);
+        if (!s->state_file) {
+                free(s);
+                return NULL;
+        }
+
+        s->devices = hashmap_new(&devt_hash_ops);
+        if (!s->devices) {
+                free(s->state_file);
+                free(s);
+                return NULL;
+        }
+
+        s->id = basename(s->state_file);
+
+        if (hashmap_put(m->sessions, s->id, s) < 0) {
+                hashmap_free(s->devices);
+                free(s->state_file);
+                free(s);
+                return NULL;
+        }
+
+        s->manager = m;
+        s->fifo_fd = -1;
+        s->vtfd = -1;
+
+        return s;
+}
+
+void session_free(Session *s) {
+        SessionDevice *sd;
+
+        assert(s);
+
+        if (s->in_gc_queue)
+                LIST_REMOVE(gc_queue, s->manager->session_gc_queue, s);
+
+        s->timer_event_source = sd_event_source_unref(s->timer_event_source);
+
+        session_remove_fifo(s);
+
+        session_drop_controller(s);
+
+        while ((sd = hashmap_first(s->devices)))
+                session_device_free(sd);
+
+        hashmap_free(s->devices);
+
+        if (s->user) {
+                LIST_REMOVE(sessions_by_user, s->user->sessions, s);
+
+                if (s->user->display == s)
+                        s->user->display = NULL;
+        }
+
+        if (s->seat) {
+                if (s->seat->active == s)
+                        s->seat->active = NULL;
+                if (s->seat->pending_switch == s)
+                        s->seat->pending_switch = NULL;
+
+                seat_evict_position(s->seat, s);
+                LIST_REMOVE(sessions_by_seat, s->seat->sessions, s);
+        }
+
+        if (s->scope) {
+                hashmap_remove(s->manager->session_units, s->scope);
+                free(s->scope);
+        }
+
+        free(s->scope_job);
+
+        sd_bus_message_unref(s->create_message);
+
+        free(s->tty);
+        free(s->display);
+        free(s->remote_host);
+        free(s->remote_user);
+        free(s->service);
+        free(s->desktop);
+
+        hashmap_remove(s->manager->sessions, s->id);
+
+        free(s->state_file);
+        free(s);
+}
+
+void session_set_user(Session *s, User *u) {
+        assert(s);
+        assert(!s->user);
+
+        s->user = u;
+        LIST_PREPEND(sessions_by_user, u->sessions, s);
+}
+
+int session_save(Session *s) {
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r = 0;
+
+        assert(s);
+
+        if (!s->user)
+                return -ESTALE;
+
+        if (!s->started)
+                return 0;
+
+        r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
+        if (r < 0)
+                goto fail;
+
+        r = fopen_temporary(s->state_file, &f, &temp_path);
+        if (r < 0)
+                goto fail;
+
+        assert(s->user);
+
+        fchmod(fileno(f), 0644);
+
+        fprintf(f,
+                "# This is private data. Do not parse.\n"
+                "UID="UID_FMT"\n"
+                "USER=%s\n"
+                "ACTIVE=%i\n"
+                "STATE=%s\n"
+                "REMOTE=%i\n",
+                s->user->uid,
+                s->user->name,
+                session_is_active(s),
+                session_state_to_string(session_get_state(s)),
+                s->remote);
+
+        if (s->type >= 0)
+                fprintf(f, "TYPE=%s\n", session_type_to_string(s->type));
+
+        if (s->class >= 0)
+                fprintf(f, "CLASS=%s\n", session_class_to_string(s->class));
+
+        if (s->scope)
+                fprintf(f, "SCOPE=%s\n", s->scope);
+        if (s->scope_job)
+                fprintf(f, "SCOPE_JOB=%s\n", s->scope_job);
+
+        if (s->fifo_path)
+                fprintf(f, "FIFO=%s\n", s->fifo_path);
+
+        if (s->seat)
+                fprintf(f, "SEAT=%s\n", s->seat->id);
+
+        if (s->tty)
+                fprintf(f, "TTY=%s\n", s->tty);
+
+        if (s->display)
+                fprintf(f, "DISPLAY=%s\n", s->display);
+
+        if (s->remote_host) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(s->remote_host);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "REMOTE_HOST=%s\n", escaped);
+        }
+
+        if (s->remote_user) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(s->remote_user);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "REMOTE_USER=%s\n", escaped);
+        }
+
+        if (s->service) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(s->service);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "SERVICE=%s\n", escaped);
+        }
+
+        if (s->desktop) {
+                _cleanup_free_ char *escaped;
+
+
+                escaped = cescape(s->desktop);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "DESKTOP=%s\n", escaped);
+        }
+
+        if (s->seat && seat_has_vts(s->seat))
+                fprintf(f, "VTNR=%u\n", s->vtnr);
+
+        if (!s->vtnr)
+                fprintf(f, "POSITION=%u\n", s->position);
+
+        if (s->leader > 0)
+                fprintf(f, "LEADER="PID_FMT"\n", s->leader);
+
+        if (s->audit_id > 0)
+                fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id);
+
+        if (dual_timestamp_is_set(&s->timestamp))
+                fprintf(f,
+                        "REALTIME="USEC_FMT"\n"
+                        "MONOTONIC="USEC_FMT"\n",
+                        s->timestamp.realtime,
+                        s->timestamp.monotonic);
+
+        if (s->controller)
+                fprintf(f, "CONTROLLER=%s\n", s->controller);
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, s->state_file) < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        (void) unlink(s->state_file);
+
+        if (temp_path)
+                (void) unlink(temp_path);
+
+        return log_error_errno(r, "Failed to save session data %s: %m", s->state_file);
+}
+
+
+int session_load(Session *s) {
+        _cleanup_free_ char *remote = NULL,
+                *seat = NULL,
+                *vtnr = NULL,
+                *state = NULL,
+                *position = NULL,
+                *leader = NULL,
+                *type = NULL,
+                *class = NULL,
+                *uid = NULL,
+                *realtime = NULL,
+                *monotonic = NULL,
+                *controller = NULL;
+
+        int k, r;
+
+        assert(s);
+
+        r = parse_env_file(s->state_file, NEWLINE,
+                           "REMOTE",         &remote,
+                           "SCOPE",          &s->scope,
+                           "SCOPE_JOB",      &s->scope_job,
+                           "FIFO",           &s->fifo_path,
+                           "SEAT",           &seat,
+                           "TTY",            &s->tty,
+                           "DISPLAY",        &s->display,
+                           "REMOTE_HOST",    &s->remote_host,
+                           "REMOTE_USER",    &s->remote_user,
+                           "SERVICE",        &s->service,
+                           "DESKTOP",        &s->desktop,
+                           "VTNR",           &vtnr,
+                           "STATE",          &state,
+                           "POSITION",       &position,
+                           "LEADER",         &leader,
+                           "TYPE",           &type,
+                           "CLASS",          &class,
+                           "UID",            &uid,
+                           "REALTIME",       &realtime,
+                           "MONOTONIC",      &monotonic,
+                           "CONTROLLER",     &controller,
+                           NULL);
+
+        if (r < 0)
+                return log_error_errno(r, "Failed to read %s: %m", s->state_file);
+
+        if (!s->user) {
+                uid_t u;
+                User *user;
+
+                if (!uid) {
+                        log_error("UID not specified for session %s", s->id);
+                        return -ENOENT;
+                }
+
+                r = parse_uid(uid, &u);
+                if (r < 0)  {
+                        log_error("Failed to parse UID value %s for session %s.", uid, s->id);
+                        return r;
+                }
+
+                user = hashmap_get(s->manager->users, UID_TO_PTR(u));
+                if (!user) {
+                        log_error("User of session %s not known.", s->id);
+                        return -ENOENT;
+                }
+
+                session_set_user(s, user);
+        }
+
+        if (remote) {
+                k = parse_boolean(remote);
+                if (k >= 0)
+                        s->remote = k;
+        }
+
+        if (vtnr)
+                safe_atou(vtnr, &s->vtnr);
+
+        if (seat && !s->seat) {
+                Seat *o;
+
+                o = hashmap_get(s->manager->seats, seat);
+                if (o)
+                        r = seat_attach_session(o, s);
+                if (!o || r < 0)
+                        log_error("Cannot attach session %s to seat %s", s->id, seat);
+        }
+
+        if (!s->seat || !seat_has_vts(s->seat))
+                s->vtnr = 0;
+
+        if (position && s->seat) {
+                unsigned int npos;
+
+                safe_atou(position, &npos);
+                seat_claim_position(s->seat, s, npos);
+        }
+
+        if (leader) {
+                k = parse_pid(leader, &s->leader);
+                if (k >= 0)
+                        audit_session_from_pid(s->leader, &s->audit_id);
+        }
+
+        if (type) {
+                SessionType t;
+
+                t = session_type_from_string(type);
+                if (t >= 0)
+                        s->type = t;
+        }
+
+        if (class) {
+                SessionClass c;
+
+                c = session_class_from_string(class);
+                if (c >= 0)
+                        s->class = c;
+        }
+
+        if (state && streq(state, "closing"))
+                s->stopping = true;
+
+        if (s->fifo_path) {
+                int fd;
+
+                /* If we open an unopened pipe for reading we will not
+                   get an EOF. to trigger an EOF we hence open it for
+                   writing, but close it right away which then will
+                   trigger the EOF. This will happen immediately if no
+                   other process has the FIFO open for writing, i. e.
+                   when the session died before logind (re)started. */
+
+                fd = session_create_fifo(s);
+                safe_close(fd);
+        }
+
+        if (realtime)
+                timestamp_deserialize(realtime, &s->timestamp.realtime);
+        if (monotonic)
+                timestamp_deserialize(monotonic, &s->timestamp.monotonic);
+
+        if (controller) {
+                if (bus_name_has_owner(s->manager->bus, controller, NULL) > 0)
+                        session_set_controller(s, controller, false);
+                else
+                        session_restore_vt(s);
+        }
+
+        return r;
+}
+
+int session_activate(Session *s) {
+        unsigned int num_pending;
+
+        assert(s);
+        assert(s->user);
+
+        if (!s->seat)
+                return -EOPNOTSUPP;
+
+        if (s->seat->active == s)
+                return 0;
+
+        /* on seats with VTs, we let VTs manage session-switching */
+        if (seat_has_vts(s->seat)) {
+                if (!s->vtnr)
+                        return -EOPNOTSUPP;
+
+                return chvt(s->vtnr);
+        }
+
+        /* On seats without VTs, we implement session-switching in logind. We
+         * try to pause all session-devices and wait until the session
+         * controller acknowledged them. Once all devices are asleep, we simply
+         * switch the active session and be done.
+         * We save the session we want to switch to in seat->pending_switch and
+         * seat_complete_switch() will perform the final switch. */
+
+        s->seat->pending_switch = s;
+
+        /* if no devices are running, immediately perform the session switch */
+        num_pending = session_device_try_pause_all(s);
+        if (!num_pending)
+                seat_complete_switch(s->seat);
+
+        return 0;
+}
+
+static int session_start_scope(Session *s) {
+        int r;
+
+        assert(s);
+        assert(s->user);
+
+        if (!s->scope) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                char *scope, *job = NULL;
+                const char *description;
+
+                scope = strjoin("session-", s->id, ".scope", NULL);
+                if (!scope)
+                        return log_oom();
+
+                description = strjoina("Session ", s->id, " of user ", s->user->name);
+
+                r = manager_start_scope(
+                                s->manager,
+                                scope,
+                                s->leader,
+                                s->user->slice,
+                                description,
+                                "systemd-logind.service",
+                                "systemd-user-sessions.service",
+                                (uint64_t) -1, /* disable TasksMax= for the scope, rely on the slice setting for it */
+                                &error,
+                                &job);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to start session scope %s: %s", scope, bus_error_message(&error, r));
+                        free(scope);
+                        return r;
+                } else {
+                        s->scope = scope;
+
+                        free(s->scope_job);
+                        s->scope_job = job;
+                }
+        }
+
+        if (s->scope)
+                (void) hashmap_put(s->manager->session_units, s->scope, s);
+
+        return 0;
+}
+
+int session_start(Session *s) {
+        int r;
+
+        assert(s);
+
+        if (!s->user)
+                return -ESTALE;
+
+        if (s->started)
+                return 0;
+
+        r = user_start(s->user);
+        if (r < 0)
+                return r;
+
+        /* Create cgroup */
+        r = session_start_scope(s);
+        if (r < 0)
+                return r;
+
+        log_struct(s->class == SESSION_BACKGROUND ? LOG_DEBUG : LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_SESSION_START),
+                   "SESSION_ID=%s", s->id,
+                   "USER_ID=%s", s->user->name,
+                   "LEADER="PID_FMT, s->leader,
+                   LOG_MESSAGE("New session %s of user %s.", s->id, s->user->name),
+                   NULL);
+
+        if (!dual_timestamp_is_set(&s->timestamp))
+                dual_timestamp_get(&s->timestamp);
+
+        if (s->seat)
+                seat_read_active_vt(s->seat);
+
+        s->started = true;
+
+        user_elect_display(s->user);
+
+        /* Save data */
+        session_save(s);
+        user_save(s->user);
+        if (s->seat)
+                seat_save(s->seat);
+
+        /* Send signals */
+        session_send_signal(s, true);
+        user_send_changed(s->user, "Sessions", "Display", NULL);
+        if (s->seat) {
+                if (s->seat->active == s)
+                        seat_send_changed(s->seat, "Sessions", "ActiveSession", NULL);
+                else
+                        seat_send_changed(s->seat, "Sessions", NULL);
+        }
+
+        return 0;
+}
+
+static int session_stop_scope(Session *s, bool force) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char *job = NULL;
+        int r;
+
+        assert(s);
+
+        if (!s->scope)
+                return 0;
+
+        if (force || manager_shall_kill(s->manager, s->user->name)) {
+                r = manager_stop_unit(s->manager, s->scope, &error, &job);
+                if (r < 0) {
+                        log_error("Failed to stop session scope: %s", bus_error_message(&error, r));
+                        return r;
+                }
+
+                free(s->scope_job);
+                s->scope_job = job;
+        } else {
+                r = manager_abandon_scope(s->manager, s->scope, &error);
+                if (r < 0) {
+                        log_error("Failed to abandon session scope: %s", bus_error_message(&error, r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+int session_stop(Session *s, bool force) {
+        int r;
+
+        assert(s);
+
+        if (!s->user)
+                return -ESTALE;
+
+        s->timer_event_source = sd_event_source_unref(s->timer_event_source);
+
+        if (s->seat)
+                seat_evict_position(s->seat, s);
+
+        /* We are going down, don't care about FIFOs anymore */
+        session_remove_fifo(s);
+
+        /* Kill cgroup */
+        r = session_stop_scope(s, force);
+
+        s->stopping = true;
+
+        user_elect_display(s->user);
+
+        session_save(s);
+        user_save(s->user);
+
+        return r;
+}
+
+int session_finalize(Session *s) {
+        SessionDevice *sd;
+
+        assert(s);
+
+        if (!s->user)
+                return -ESTALE;
+
+        if (s->started)
+                log_struct(s->class == SESSION_BACKGROUND ? LOG_DEBUG : LOG_INFO,
+                           LOG_MESSAGE_ID(SD_MESSAGE_SESSION_STOP),
+                           "SESSION_ID=%s", s->id,
+                           "USER_ID=%s", s->user->name,
+                           "LEADER="PID_FMT, s->leader,
+                           LOG_MESSAGE("Removed session %s.", s->id),
+                           NULL);
+
+        s->timer_event_source = sd_event_source_unref(s->timer_event_source);
+
+        if (s->seat)
+                seat_evict_position(s->seat, s);
+
+        /* Kill session devices */
+        while ((sd = hashmap_first(s->devices)))
+                session_device_free(sd);
+
+        (void) unlink(s->state_file);
+        session_add_to_gc_queue(s);
+        user_add_to_gc_queue(s->user);
+
+        if (s->started) {
+                session_send_signal(s, false);
+                s->started = false;
+        }
+
+        if (s->seat) {
+                if (s->seat->active == s)
+                        seat_set_active(s->seat, NULL);
+
+                seat_save(s->seat);
+                seat_send_changed(s->seat, "Sessions", NULL);
+        }
+
+        user_save(s->user);
+        user_send_changed(s->user, "Sessions", "Display", NULL);
+
+        return 0;
+}
+
+static int release_timeout_callback(sd_event_source *es, uint64_t usec, void *userdata) {
+        Session *s = userdata;
+
+        assert(es);
+        assert(s);
+
+        session_stop(s, false);
+        return 0;
+}
+
+int session_release(Session *s) {
+        assert(s);
+
+        if (!s->started || s->stopping)
+                return 0;
+
+        if (s->timer_event_source)
+                return 0;
+
+        return sd_event_add_time(s->manager->event,
+                                 &s->timer_event_source,
+                                 CLOCK_MONOTONIC,
+                                 now(CLOCK_MONOTONIC) + RELEASE_USEC, 0,
+                                 release_timeout_callback, s);
+}
+
+bool session_is_active(Session *s) {
+        assert(s);
+
+        if (!s->seat)
+                return true;
+
+        return s->seat->active == s;
+}
+
+static int get_tty_atime(const char *tty, usec_t *atime) {
+        _cleanup_free_ char *p = NULL;
+        struct stat st;
+
+        assert(tty);
+        assert(atime);
+
+        if (!path_is_absolute(tty)) {
+                p = strappend("/dev/", tty);
+                if (!p)
+                        return -ENOMEM;
+
+                tty = p;
+        } else if (!path_startswith(tty, "/dev/"))
+                return -ENOENT;
+
+        if (lstat(tty, &st) < 0)
+                return -errno;
+
+        *atime = timespec_load(&st.st_atim);
+        return 0;
+}
+
+static int get_process_ctty_atime(pid_t pid, usec_t *atime) {
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        assert(pid > 0);
+        assert(atime);
+
+        r = get_ctty(pid, NULL, &p);
+        if (r < 0)
+                return r;
+
+        return get_tty_atime(p, atime);
+}
+
+int session_get_idle_hint(Session *s, dual_timestamp *t) {
+        usec_t atime = 0, n;
+        int r;
+
+        assert(s);
+
+        /* Explicit idle hint is set */
+        if (s->idle_hint) {
+                if (t)
+                        *t = s->idle_hint_timestamp;
+
+                return s->idle_hint;
+        }
+
+        /* Graphical sessions should really implement a real
+         * idle hint logic */
+        if (SESSION_TYPE_IS_GRAPHICAL(s->type))
+                goto dont_know;
+
+        /* For sessions with an explicitly configured tty, let's check
+         * its atime */
+        if (s->tty) {
+                r = get_tty_atime(s->tty, &atime);
+                if (r >= 0)
+                        goto found_atime;
+        }
+
+        /* For sessions with a leader but no explicitly configured
+         * tty, let's check the controlling tty of the leader */
+        if (s->leader > 0) {
+                r = get_process_ctty_atime(s->leader, &atime);
+                if (r >= 0)
+                        goto found_atime;
+        }
+
+dont_know:
+        if (t)
+                *t = s->idle_hint_timestamp;
+
+        return 0;
+
+found_atime:
+        if (t)
+                dual_timestamp_from_realtime(t, atime);
+
+        n = now(CLOCK_REALTIME);
+
+        if (s->manager->idle_action_usec <= 0)
+                return 0;
+
+        return atime + s->manager->idle_action_usec <= n;
+}
+
+void session_set_idle_hint(Session *s, bool b) {
+        assert(s);
+
+        if (s->idle_hint == b)
+                return;
+
+        s->idle_hint = b;
+        dual_timestamp_get(&s->idle_hint_timestamp);
+
+        session_send_changed(s, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
+
+        if (s->seat)
+                seat_send_changed(s->seat, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
+
+        user_send_changed(s->user, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
+        manager_send_changed(s->manager, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
+}
+
+int session_get_locked_hint(Session *s) {
+        assert(s);
+
+        return s->locked_hint;
+}
+
+void session_set_locked_hint(Session *s, bool b) {
+        assert(s);
+
+        if (s->locked_hint == b)
+                return;
+
+        s->locked_hint = b;
+
+        session_send_changed(s, "LockedHint", NULL);
+}
+
+static int session_dispatch_fifo(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+        Session *s = userdata;
+
+        assert(s);
+        assert(s->fifo_fd == fd);
+
+        /* EOF on the FIFO means the session died abnormally. */
+
+        session_remove_fifo(s);
+        session_stop(s, false);
+
+        return 1;
+}
+
+int session_create_fifo(Session *s) {
+        int r;
+
+        assert(s);
+
+        /* Create FIFO */
+        if (!s->fifo_path) {
+                r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
+                if (r < 0)
+                        return r;
+
+                if (asprintf(&s->fifo_path, "/run/systemd/sessions/%s.ref", s->id) < 0)
+                        return -ENOMEM;
+
+                if (mkfifo(s->fifo_path, 0600) < 0 && errno != EEXIST)
+                        return -errno;
+        }
+
+        /* Open reading side */
+        if (s->fifo_fd < 0) {
+                s->fifo_fd = open(s->fifo_path, O_RDONLY|O_CLOEXEC|O_NDELAY);
+                if (s->fifo_fd < 0)
+                        return -errno;
+
+        }
+
+        if (!s->fifo_event_source) {
+                r = sd_event_add_io(s->manager->event, &s->fifo_event_source, s->fifo_fd, 0, session_dispatch_fifo, s);
+                if (r < 0)
+                        return r;
+
+                /* Let's make sure we noticed dead sessions before we process new bus requests (which might create new
+                 * sessions). */
+                r = sd_event_source_set_priority(s->fifo_event_source, SD_EVENT_PRIORITY_NORMAL-10);
+                if (r < 0)
+                        return r;
+        }
+
+        /* Open writing side */
+        r = open(s->fifo_path, O_WRONLY|O_CLOEXEC|O_NDELAY);
+        if (r < 0)
+                return -errno;
+
+        return r;
+}
+
+static void session_remove_fifo(Session *s) {
+        assert(s);
+
+        s->fifo_event_source = sd_event_source_unref(s->fifo_event_source);
+        s->fifo_fd = safe_close(s->fifo_fd);
+
+        if (s->fifo_path) {
+                unlink(s->fifo_path);
+                s->fifo_path = mfree(s->fifo_path);
+        }
+}
+
+bool session_check_gc(Session *s, bool drop_not_started) {
+        assert(s);
+
+        if (drop_not_started && !s->started)
+                return false;
+
+        if (!s->user)
+                return false;
+
+        if (s->fifo_fd >= 0) {
+                if (pipe_eof(s->fifo_fd) <= 0)
+                        return true;
+        }
+
+        if (s->scope_job && manager_job_is_active(s->manager, s->scope_job))
+                return true;
+
+        if (s->scope && manager_unit_is_active(s->manager, s->scope))
+                return true;
+
+        return false;
+}
+
+void session_add_to_gc_queue(Session *s) {
+        assert(s);
+
+        if (s->in_gc_queue)
+                return;
+
+        LIST_PREPEND(gc_queue, s->manager->session_gc_queue, s);
+        s->in_gc_queue = true;
+}
+
+SessionState session_get_state(Session *s) {
+        assert(s);
+
+        /* always check closing first */
+        if (s->stopping || s->timer_event_source)
+                return SESSION_CLOSING;
+
+        if (s->scope_job || s->fifo_fd < 0)
+                return SESSION_OPENING;
+
+        if (session_is_active(s))
+                return SESSION_ACTIVE;
+
+        return SESSION_ONLINE;
+}
+
+int session_kill(Session *s, KillWho who, int signo) {
+        assert(s);
+
+        if (!s->scope)
+                return -ESRCH;
+
+        return manager_kill_unit(s->manager, s->scope, who, signo, NULL);
+}
+
+static int session_open_vt(Session *s) {
+        char path[sizeof("/dev/tty") + DECIMAL_STR_MAX(s->vtnr)];
+
+        if (s->vtnr < 1)
+                return -ENODEV;
+
+        if (s->vtfd >= 0)
+                return s->vtfd;
+
+        sprintf(path, "/dev/tty%u", s->vtnr);
+        s->vtfd = open_terminal(path, O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY);
+        if (s->vtfd < 0)
+                return log_error_errno(s->vtfd, "cannot open VT %s of session %s: %m", path, s->id);
+
+        return s->vtfd;
+}
+
+int session_prepare_vt(Session *s) {
+        int vt, r;
+        struct vt_mode mode = { 0 };
+
+        if (s->vtnr < 1)
+                return 0;
+
+        vt = session_open_vt(s);
+        if (vt < 0)
+                return vt;
+
+        r = fchown(vt, s->user->uid, -1);
+        if (r < 0) {
+                r = log_error_errno(errno,
+                                    "Cannot change owner of /dev/tty%u: %m",
+                                    s->vtnr);
+                goto error;
+        }
+
+        r = ioctl(vt, KDSKBMODE, K_OFF);
+        if (r < 0) {
+                r = log_error_errno(errno,
+                                    "Cannot set K_OFF on /dev/tty%u: %m",
+                                    s->vtnr);
+                goto error;
+        }
+
+        r = ioctl(vt, KDSETMODE, KD_GRAPHICS);
+        if (r < 0) {
+                r = log_error_errno(errno,
+                                    "Cannot set KD_GRAPHICS on /dev/tty%u: %m",
+                                    s->vtnr);
+                goto error;
+        }
+
+        /* Oh, thanks to the VT layer, VT_AUTO does not work with KD_GRAPHICS.
+         * So we need a dummy handler here which just acknowledges *all* VT
+         * switch requests. */
+        mode.mode = VT_PROCESS;
+        mode.relsig = SIGRTMIN;
+        mode.acqsig = SIGRTMIN + 1;
+        r = ioctl(vt, VT_SETMODE, &mode);
+        if (r < 0) {
+                r = log_error_errno(errno,
+                                    "Cannot set VT_PROCESS on /dev/tty%u: %m",
+                                    s->vtnr);
+                goto error;
+        }
+
+        return 0;
+
+error:
+        session_restore_vt(s);
+        return r;
+}
+
+void session_restore_vt(Session *s) {
+
+        static const struct vt_mode mode = {
+                .mode = VT_AUTO,
+        };
+
+        _cleanup_free_ char *utf8 = NULL;
+        int vt, kb, old_fd;
+
+        /* We need to get a fresh handle to the virtual terminal,
+         * since the old file-descriptor is potentially in a hung-up
+         * state after the controlling process exited; we do a
+         * little dance to avoid having the terminal be available
+         * for reuse before we've cleaned it up.
+         */
+        old_fd = s->vtfd;
+        s->vtfd = -1;
+
+        vt = session_open_vt(s);
+        safe_close(old_fd);
+
+        if (vt < 0)
+                return;
+
+        (void) ioctl(vt, KDSETMODE, KD_TEXT);
+
+        if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && *utf8 == '1')
+                kb = K_UNICODE;
+        else
+                kb = K_XLATE;
+
+        (void) ioctl(vt, KDSKBMODE, kb);
+
+        (void) ioctl(vt, VT_SETMODE, &mode);
+        (void) fchown(vt, 0, (gid_t) -1);
+
+        s->vtfd = safe_close(s->vtfd);
+}
+
+void session_leave_vt(Session *s) {
+        int r;
+
+        assert(s);
+
+        /* This is called whenever we get a VT-switch signal from the kernel.
+         * We acknowledge all of them unconditionally. Note that session are
+         * free to overwrite those handlers and we only register them for
+         * sessions with controllers. Legacy sessions are not affected.
+         * However, if we switch from a non-legacy to a legacy session, we must
+         * make sure to pause all device before acknowledging the switch. We
+         * process the real switch only after we are notified via sysfs, so the
+         * legacy session might have already started using the devices. If we
+         * don't pause the devices before the switch, we might confuse the
+         * session we switch to. */
+
+        if (s->vtfd < 0)
+                return;
+
+        session_device_pause_all(s);
+        r = ioctl(s->vtfd, VT_RELDISP, 1);
+        if (r < 0)
+                log_debug_errno(errno, "Cannot release VT of session %s: %m", s->id);
+}
+
+bool session_is_controller(Session *s, const char *sender) {
+        assert(s);
+
+        return streq_ptr(s->controller, sender);
+}
+
+static void session_release_controller(Session *s, bool notify) {
+        _cleanup_free_ char *name = NULL;
+        SessionDevice *sd;
+
+        if (!s->controller)
+                return;
+
+        name = s->controller;
+
+        /* By resetting the controller before releasing the devices, we won't
+         * send notification signals. This avoids sending useless notifications
+         * if the controller is released on disconnects. */
+        if (!notify)
+                s->controller = NULL;
+
+        while ((sd = hashmap_first(s->devices)))
+                session_device_free(sd);
+
+        s->controller = NULL;
+        s->track = sd_bus_track_unref(s->track);
+}
+
+static int on_bus_track(sd_bus_track *track, void *userdata) {
+        Session *s = userdata;
+
+        assert(track);
+        assert(s);
+
+        session_drop_controller(s);
+
+        return 0;
+}
+
+int session_set_controller(Session *s, const char *sender, bool force) {
+        _cleanup_free_ char *name = NULL;
+        int r;
+
+        assert(s);
+        assert(sender);
+
+        if (session_is_controller(s, sender))
+                return 0;
+        if (s->controller && !force)
+                return -EBUSY;
+
+        name = strdup(sender);
+        if (!name)
+                return -ENOMEM;
+
+        s->track = sd_bus_track_unref(s->track);
+        r = sd_bus_track_new(s->manager->bus, &s->track, on_bus_track, s);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_track_add_name(s->track, name);
+        if (r < 0)
+                return r;
+
+        /* When setting a session controller, we forcibly mute the VT and set
+         * it into graphics-mode. Applications can override that by changing
+         * VT state after calling TakeControl(). However, this serves as a good
+         * default and well-behaving controllers can now ignore VTs entirely.
+         * Note that we reset the VT on ReleaseControl() and if the controller
+         * exits.
+         * If logind crashes/restarts, we restore the controller during restart
+         * or reset the VT in case it crashed/exited, too. */
+        r = session_prepare_vt(s);
+        if (r < 0) {
+                s->track = sd_bus_track_unref(s->track);
+                return r;
+        }
+
+        session_release_controller(s, true);
+        s->controller = name;
+        name = NULL;
+        session_save(s);
+
+        return 0;
+}
+
+void session_drop_controller(Session *s) {
+        assert(s);
+
+        if (!s->controller)
+                return;
+
+        s->track = sd_bus_track_unref(s->track);
+        session_release_controller(s, false);
+        session_save(s);
+        session_restore_vt(s);
+}
+
+static const char* const session_state_table[_SESSION_STATE_MAX] = {
+        [SESSION_OPENING] = "opening",
+        [SESSION_ONLINE] = "online",
+        [SESSION_ACTIVE] = "active",
+        [SESSION_CLOSING] = "closing"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_state, SessionState);
+
+static const char* const session_type_table[_SESSION_TYPE_MAX] = {
+        [SESSION_UNSPECIFIED] = "unspecified",
+        [SESSION_TTY] = "tty",
+        [SESSION_X11] = "x11",
+        [SESSION_WAYLAND] = "wayland",
+        [SESSION_MIR] = "mir",
+        [SESSION_WEB] = "web",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
+
+static const char* const session_class_table[_SESSION_CLASS_MAX] = {
+        [SESSION_USER] = "user",
+        [SESSION_GREETER] = "greeter",
+        [SESSION_LOCK_SCREEN] = "lock-screen",
+        [SESSION_BACKGROUND] = "background"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
+
+static const char* const kill_who_table[_KILL_WHO_MAX] = {
+        [KILL_LEADER] = "leader",
+        [KILL_ALL] = "all"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);
diff --git a/src/login/logind-session.h b/src/grp-login/liblogind-core/logind-session.h
index ffb7cd2d41..ffb7cd2d41 100644
--- a/src/login/logind-session.h
+++ b/src/grp-login/liblogind-core/logind-session.h
diff --git a/src/login/logind-user-dbus.c b/src/grp-login/liblogind-core/logind-user-dbus.c
index af6392e025..af6392e025 100644
--- a/src/login/logind-user-dbus.c
+++ b/src/grp-login/liblogind-core/logind-user-dbus.c
diff --git a/src/login/logind-user.c b/src/grp-login/liblogind-core/logind-user.c
index a826321bf0..a826321bf0 100644
--- a/src/login/logind-user.c
+++ b/src/grp-login/liblogind-core/logind-user.c
diff --git a/src/login/logind-user.h b/src/grp-login/liblogind-core/logind-user.h
index 4f0966dc77..4f0966dc77 100644
--- a/src/login/logind-user.h
+++ b/src/grp-login/liblogind-core/logind-user.h
diff --git a/src/grp-login/liblogind-core/logind-utmp.c b/src/grp-login/liblogind-core/logind-utmp.c
new file mode 100644
index 0000000000..47599fd466
--- /dev/null
+++ b/src/grp-login/liblogind-core/logind-utmp.c
@@ -0,0 +1,183 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Daniel Mack
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <pwd.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "audit-util.h"
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "formats-util.h"
+#include "logind.h"
+#include "special.h"
+#include "strv.h"
+#include "unit-name.h"
+#include "user-util.h"
+#include "utmp-wtmp.h"
+
+_const_ static usec_t when_wall(usec_t n, usec_t elapse) {
+
+        usec_t left;
+        unsigned int i;
+        static const int wall_timers[] = {
+                0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+                25, 40, 55, 70, 100, 130, 150, 180,
+        };
+
+        /* If the time is already passed, then don't announce */
+        if (n >= elapse)
+                return 0;
+
+        left = elapse - n;
+
+        for (i = 1; i < ELEMENTSOF(wall_timers); i++)
+                if (wall_timers[i] * USEC_PER_MINUTE >= left)
+                        return left - wall_timers[i-1] * USEC_PER_MINUTE;
+
+        return left % USEC_PER_HOUR;
+}
+
+bool logind_wall_tty_filter(const char *tty, void *userdata) {
+
+        Manager *m = userdata;
+
+        assert(m);
+
+        if (!startswith(tty, "/dev/") || !m->scheduled_shutdown_tty)
+                return true;
+
+        return !streq(tty + 5, m->scheduled_shutdown_tty);
+}
+
+static int warn_wall(Manager *m, usec_t n) {
+        char date[FORMAT_TIMESTAMP_MAX] = {};
+        _cleanup_free_ char *l = NULL;
+        usec_t left;
+        int r;
+
+        assert(m);
+
+        if (!m->enable_wall_messages)
+                return 0;
+
+        left = m->scheduled_shutdown_timeout > n;
+
+        r = asprintf(&l, "%s%sThe system is going down for %s %s%s!",
+                     strempty(m->wall_message),
+                     isempty(m->wall_message) ? "" : "\n",
+                     m->scheduled_shutdown_type,
+                     left ? "at " : "NOW",
+                     left ? format_timestamp(date, sizeof(date), m->scheduled_shutdown_timeout) : "");
+        if (r < 0) {
+                log_oom();
+                return 0;
+        }
+
+        utmp_wall(l, uid_to_name(m->scheduled_shutdown_uid),
+                  m->scheduled_shutdown_tty, logind_wall_tty_filter, m);
+
+        return 1;
+}
+
+static int wall_message_timeout_handler(
+                        sd_event_source *s,
+                        uint64_t usec,
+                        void *userdata) {
+
+        Manager *m = userdata;
+        usec_t n, next;
+        int r;
+
+        assert(m);
+        assert(s == m->wall_message_timeout_source);
+
+        n = now(CLOCK_REALTIME);
+
+        r = warn_wall(m, n);
+        if (r == 0)
+                return 0;
+
+        next = when_wall(n, m->scheduled_shutdown_timeout);
+        if (next > 0) {
+                r = sd_event_source_set_time(s, n + next);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_time() failed. %m");
+
+                r = sd_event_source_set_enabled(s, SD_EVENT_ONESHOT);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_enabled() failed. %m");
+        }
+
+        return 0;
+}
+
+int manager_setup_wall_message_timer(Manager *m) {
+
+        usec_t n, elapse;
+        int r;
+
+        assert(m);
+
+        n = now(CLOCK_REALTIME);
+        elapse = m->scheduled_shutdown_timeout;
+
+        /* wall message handling */
+
+        if (isempty(m->scheduled_shutdown_type)) {
+                warn_wall(m, n);
+                return 0;
+        }
+
+        if (elapse < n)
+                return 0;
+
+        /* Warn immediately if less than 15 minutes are left */
+        if (elapse - n < 15 * USEC_PER_MINUTE) {
+                r = warn_wall(m, n);
+                if (r == 0)
+                        return 0;
+        }
+
+        elapse = when_wall(n, elapse);
+        if (elapse == 0)
+                return 0;
+
+        if (m->wall_message_timeout_source) {
+                r = sd_event_source_set_time(m->wall_message_timeout_source, n + elapse);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_time() failed. %m");
+
+                r = sd_event_source_set_enabled(m->wall_message_timeout_source, SD_EVENT_ONESHOT);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_source_set_enabled() failed. %m");
+        } else {
+                r = sd_event_add_time(m->event, &m->wall_message_timeout_source,
+                                      CLOCK_REALTIME, n + elapse, 0, wall_message_timeout_handler, m);
+                if (r < 0)
+                        return log_error_errno(r, "sd_event_add_time() failed. %m");
+        }
+
+        return 0;
+}
diff --git a/src/grp-login/loginctl/Makefile b/src/grp-login/loginctl/Makefile
new file mode 100644
index 0000000000..7c8c3d91a0
--- /dev/null
+++ b/src/grp-login/loginctl/Makefile
@@ -0,0 +1,41 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+loginctl_SOURCES = \
+	src/login/loginctl.c \
+	src/login/sysfs-show.h \
+	src/login/sysfs-show.c
+
+loginctl_LDADD = \
+	libshared.la
+
+rootbin_PROGRAMS += \
+	loginctl
+
+dist_bashcompletion_data += \
+	shell-completion/bash/loginctl
+
+dist_zshcompletion_data += shell-completion/zsh/_loginctl
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-login/loginctl/loginctl.c b/src/grp-login/loginctl/loginctl.c
new file mode 100644
index 0000000000..f3f57b4b13
--- /dev/null
+++ b/src/grp-login/loginctl/loginctl.c
@@ -0,0 +1,1585 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <locale.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-unit-util.h"
+#include "bus-util.h"
+#include "cgroup-show.h"
+#include "cgroup-util.h"
+#include "log.h"
+#include "logs-show.h"
+#include "macro.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "signal-util.h"
+#include "spawn-polkit-agent.h"
+#include "strv.h"
+#include "sysfs-show.h"
+#include "terminal-util.h"
+#include "unit-name.h"
+#include "user-util.h"
+#include "util.h"
+#include "verbs.h"
+
+static char **arg_property = NULL;
+static bool arg_all = false;
+static bool arg_value = false;
+static bool arg_full = false;
+static bool arg_no_pager = false;
+static bool arg_legend = true;
+static const char *arg_kill_who = NULL;
+static int arg_signal = SIGTERM;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static char *arg_host = NULL;
+static bool arg_ask_password = true;
+static unsigned arg_lines = 10;
+static OutputMode arg_output = OUTPUT_SHORT;
+
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+
+        if (!arg_ask_password)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
+static OutputFlags get_output_flags(void) {
+
+        return
+                arg_all * OUTPUT_SHOW_ALL |
+                arg_full * OUTPUT_FULL_WIDTH |
+                (!on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
+                colors_enabled() * OUTPUT_COLOR;
+}
+
+static int list_sessions(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *id, *user, *seat, *object;
+        sd_bus *bus = userdata;
+        unsigned k = 0;
+        uint32_t uid;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "ListSessions",
+                        &error, &reply,
+                        "");
+        if (r < 0) {
+                log_error("Failed to list sessions: %s", bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_message_enter_container(reply, 'a', "(susso)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (arg_legend)
+                printf("%10s %10s %-16s %-16s\n", "SESSION", "UID", "USER", "SEAT");
+
+        while ((r = sd_bus_message_read(reply, "(susso)", &id, &uid, &user, &seat, &object)) > 0) {
+                printf("%10s %10u %-16s %-16s\n", id, (unsigned) uid, user, seat);
+                k++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (arg_legend)
+                printf("\n%u sessions listed.\n", k);
+
+        return 0;
+}
+
+static int list_users(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *user, *object;
+        sd_bus *bus = userdata;
+        unsigned k = 0;
+        uint32_t uid;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "ListUsers",
+                        &error, &reply,
+                        "");
+        if (r < 0) {
+                log_error("Failed to list users: %s", bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_message_enter_container(reply, 'a', "(uso)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (arg_legend)
+                printf("%10s %-16s\n", "UID", "USER");
+
+        while ((r = sd_bus_message_read(reply, "(uso)", &uid, &user, &object)) > 0) {
+                printf("%10u %-16s\n", (unsigned) uid, user);
+                k++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (arg_legend)
+                printf("\n%u users listed.\n", k);
+
+        return 0;
+}
+
+static int list_seats(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *seat, *object;
+        sd_bus *bus = userdata;
+        unsigned k = 0;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "ListSeats",
+                        &error, &reply,
+                        "");
+        if (r < 0) {
+                log_error("Failed to list seats: %s", bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_message_enter_container(reply, 'a', "(so)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (arg_legend)
+                printf("%-16s\n", "SEAT");
+
+        while ((r = sd_bus_message_read(reply, "(so)", &seat, &object)) > 0) {
+                printf("%-16s\n", seat);
+                k++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (arg_legend)
+                printf("\n%u seats listed.\n", k);
+
+        return 0;
+}
+
+static int show_unit_cgroup(sd_bus *bus, const char *interface, const char *unit, pid_t leader) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ char *path = NULL;
+        const char *cgroup;
+        unsigned c;
+        int r;
+
+        assert(bus);
+        assert(unit);
+
+        path = unit_dbus_path_from_name(unit);
+        if (!path)
+                return log_oom();
+
+        r = sd_bus_get_property(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        interface,
+                        "ControlGroup",
+                        &error,
+                        &reply,
+                        "s");
+        if (r < 0)
+                return log_error_errno(r, "Failed to query ControlGroup: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_read(reply, "s", &cgroup);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (isempty(cgroup))
+                return 0;
+
+        c = columns();
+        if (c > 18)
+                c -= 18;
+        else
+                c = 0;
+
+        r = unit_show_processes(bus, unit, cgroup, "\t\t  ", c, get_output_flags(), &error);
+        if (r == -EBADR) {
+
+                if (arg_transport == BUS_TRANSPORT_REMOTE)
+                        return 0;
+
+                /* Fallback for older systemd versions where the GetUnitProcesses() call is not yet available */
+
+                if (cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) != 0 && leader <= 0)
+                        return 0;
+
+                show_cgroup_and_extra(SYSTEMD_CGROUP_CONTROLLER, cgroup, "\t\t  ", c, &leader, leader > 0, get_output_flags());
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to dump process list: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+typedef struct SessionStatusInfo {
+        char *id;
+        uid_t uid;
+        char *name;
+        struct dual_timestamp timestamp;
+        unsigned int vtnr;
+        char *seat;
+        char *tty;
+        char *display;
+        bool remote;
+        char *remote_host;
+        char *remote_user;
+        char *service;
+        pid_t leader;
+        char *type;
+        char *class;
+        char *state;
+        char *scope;
+        char *desktop;
+} SessionStatusInfo;
+
+typedef struct UserStatusInfo {
+        uid_t uid;
+        bool linger;
+        char *name;
+        struct dual_timestamp timestamp;
+        char *state;
+        char **sessions;
+        char *display;
+        char *slice;
+} UserStatusInfo;
+
+typedef struct SeatStatusInfo {
+        char *id;
+        char *active_session;
+        char **sessions;
+} SeatStatusInfo;
+
+static void session_status_info_clear(SessionStatusInfo *info) {
+        if (info) {
+                free(info->id);
+                free(info->name);
+                free(info->seat);
+                free(info->tty);
+                free(info->display);
+                free(info->remote_host);
+                free(info->remote_user);
+                free(info->service);
+                free(info->type);
+                free(info->class);
+                free(info->state);
+                free(info->scope);
+                free(info->desktop);
+                zero(*info);
+        }
+}
+
+static void user_status_info_clear(UserStatusInfo *info) {
+        if (info) {
+                free(info->name);
+                free(info->state);
+                strv_free(info->sessions);
+                free(info->display);
+                free(info->slice);
+                zero(*info);
+        }
+}
+
+static void seat_status_info_clear(SeatStatusInfo *info) {
+        if (info) {
+                free(info->id);
+                free(info->active_session);
+                strv_free(info->sessions);
+                zero(*info);
+        }
+}
+
+static int prop_map_first_of_struct(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
+        const char *contents;
+        int r;
+
+        r = sd_bus_message_peek_type(m, NULL, &contents);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_STRUCT, contents);
+        if (r < 0)
+                return r;
+
+        if (contents[0] == 's' || contents[0] == 'o') {
+                const char *s;
+                char **p = (char **) userdata;
+
+                r = sd_bus_message_read_basic(m, contents[0], &s);
+                if (r < 0)
+                        return r;
+
+                r = free_and_strdup(p, s);
+                if (r < 0)
+                        return r;
+        } else {
+                r = sd_bus_message_read_basic(m, contents[0], userdata);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_skip(m, contents+1);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_exit_container(m);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int prop_map_sessions_strv(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
+        const char *name;
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        r = sd_bus_message_enter_container(m, 'a', "(so)");
+        if (r < 0)
+                return r;
+
+        while ((r = sd_bus_message_read(m, "(so)", &name, NULL)) > 0) {
+                r = strv_extend(userdata, name);
+                if (r < 0)
+                        return r;
+        }
+        if (r < 0)
+                return r;
+
+        return sd_bus_message_exit_container(m);
+}
+
+static int print_session_status_info(sd_bus *bus, const char *path, bool *new_line) {
+
+        static const struct bus_properties_map map[]  = {
+                { "Id",                  "s",    NULL,                     offsetof(SessionStatusInfo, id)                  },
+                { "Name",                "s",    NULL,                     offsetof(SessionStatusInfo, name)                },
+                { "TTY",                 "s",    NULL,                     offsetof(SessionStatusInfo, tty)                 },
+                { "Display",             "s",    NULL,                     offsetof(SessionStatusInfo, display)             },
+                { "RemoteHost",          "s",    NULL,                     offsetof(SessionStatusInfo, remote_host)         },
+                { "RemoteUser",          "s",    NULL,                     offsetof(SessionStatusInfo, remote_user)         },
+                { "Service",             "s",    NULL,                     offsetof(SessionStatusInfo, service)             },
+                { "Desktop",             "s",    NULL,                     offsetof(SessionStatusInfo, desktop)             },
+                { "Type",                "s",    NULL,                     offsetof(SessionStatusInfo, type)                },
+                { "Class",               "s",    NULL,                     offsetof(SessionStatusInfo, class)               },
+                { "Scope",               "s",    NULL,                     offsetof(SessionStatusInfo, scope)               },
+                { "State",               "s",    NULL,                     offsetof(SessionStatusInfo, state)               },
+                { "VTNr",                "u",    NULL,                     offsetof(SessionStatusInfo, vtnr)                },
+                { "Leader",              "u",    NULL,                     offsetof(SessionStatusInfo, leader)              },
+                { "Remote",              "b",    NULL,                     offsetof(SessionStatusInfo, remote)              },
+                { "Timestamp",           "t",    NULL,                     offsetof(SessionStatusInfo, timestamp.realtime)  },
+                { "TimestampMonotonic",  "t",    NULL,                     offsetof(SessionStatusInfo, timestamp.monotonic) },
+                { "User",                "(uo)", prop_map_first_of_struct, offsetof(SessionStatusInfo, uid)                 },
+                { "Seat",                "(so)", prop_map_first_of_struct, offsetof(SessionStatusInfo, seat)                },
+                {}
+        };
+
+        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
+        char since2[FORMAT_TIMESTAMP_MAX], *s2;
+        _cleanup_(session_status_info_clear) SessionStatusInfo i = {};
+        int r;
+
+        r = bus_map_all_properties(bus, "org.freedesktop.login1", path, map, &i);
+        if (r < 0)
+                return log_error_errno(r, "Could not get properties: %m");
+
+        if (*new_line)
+                printf("\n");
+
+        *new_line = true;
+
+        printf("%s - ", strna(i.id));
+
+        if (i.name)
+                printf("%s (%u)\n", i.name, (unsigned) i.uid);
+        else
+                printf("%u\n", (unsigned) i.uid);
+
+        s1 = format_timestamp_relative(since1, sizeof(since1), i.timestamp.realtime);
+        s2 = format_timestamp(since2, sizeof(since2), i.timestamp.realtime);
+
+        if (s1)
+                printf("\t   Since: %s; %s\n", s2, s1);
+        else if (s2)
+                printf("\t   Since: %s\n", s2);
+
+        if (i.leader > 0) {
+                _cleanup_free_ char *t = NULL;
+
+                printf("\t  Leader: %u", (unsigned) i.leader);
+
+                get_process_comm(i.leader, &t);
+                if (t)
+                        printf(" (%s)", t);
+
+                printf("\n");
+        }
+
+        if (!isempty(i.seat)) {
+                printf("\t    Seat: %s", i.seat);
+
+                if (i.vtnr > 0)
+                        printf("; vc%u", i.vtnr);
+
+                printf("\n");
+        }
+
+        if (i.tty)
+                printf("\t     TTY: %s\n", i.tty);
+        else if (i.display)
+                printf("\t Display: %s\n", i.display);
+
+        if (i.remote_host && i.remote_user)
+                printf("\t  Remote: %s@%s\n", i.remote_user, i.remote_host);
+        else if (i.remote_host)
+                printf("\t  Remote: %s\n", i.remote_host);
+        else if (i.remote_user)
+                printf("\t  Remote: user %s\n", i.remote_user);
+        else if (i.remote)
+                printf("\t  Remote: Yes\n");
+
+        if (i.service) {
+                printf("\t Service: %s", i.service);
+
+                if (i.type)
+                        printf("; type %s", i.type);
+
+                if (i.class)
+                        printf("; class %s", i.class);
+
+                printf("\n");
+        } else if (i.type) {
+                printf("\t    Type: %s", i.type);
+
+                if (i.class)
+                        printf("; class %s", i.class);
+
+                printf("\n");
+        } else if (i.class)
+                printf("\t   Class: %s\n", i.class);
+
+        if (!isempty(i.desktop))
+                printf("\t Desktop: %s\n", i.desktop);
+
+        if (i.state)
+                printf("\t   State: %s\n", i.state);
+
+        if (i.scope) {
+                printf("\t    Unit: %s\n", i.scope);
+                show_unit_cgroup(bus, "org.freedesktop.systemd1.Scope", i.scope, i.leader);
+
+                if (arg_transport == BUS_TRANSPORT_LOCAL) {
+
+                        show_journal_by_unit(
+                                        stdout,
+                                        i.scope,
+                                        arg_output,
+                                        0,
+                                        i.timestamp.monotonic,
+                                        arg_lines,
+                                        0,
+                                        get_output_flags() | OUTPUT_BEGIN_NEWLINE,
+                                        SD_JOURNAL_LOCAL_ONLY,
+                                        true,
+                                        NULL);
+                }
+        }
+
+        return 0;
+}
+
+static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) {
+
+        static const struct bus_properties_map map[]  = {
+                { "Name",               "s",     NULL,                     offsetof(UserStatusInfo, name)                },
+                { "Linger",             "b",     NULL,                     offsetof(UserStatusInfo, linger)              },
+                { "Slice",              "s",     NULL,                     offsetof(UserStatusInfo, slice)               },
+                { "State",              "s",     NULL,                     offsetof(UserStatusInfo, state)               },
+                { "UID",                "u",     NULL,                     offsetof(UserStatusInfo, uid)                 },
+                { "Timestamp",          "t",     NULL,                     offsetof(UserStatusInfo, timestamp.realtime)  },
+                { "TimestampMonotonic", "t",     NULL,                     offsetof(UserStatusInfo, timestamp.monotonic) },
+                { "Display",            "(so)",  prop_map_first_of_struct, offsetof(UserStatusInfo, display)             },
+                { "Sessions",           "a(so)", prop_map_sessions_strv,   offsetof(UserStatusInfo, sessions)            },
+                {}
+        };
+
+        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
+        char since2[FORMAT_TIMESTAMP_MAX], *s2;
+        _cleanup_(user_status_info_clear) UserStatusInfo i = {};
+        int r;
+
+        r = bus_map_all_properties(bus, "org.freedesktop.login1", path, map, &i);
+        if (r < 0)
+                return log_error_errno(r, "Could not get properties: %m");
+
+        if (*new_line)
+                printf("\n");
+
+        *new_line = true;
+
+        if (i.name)
+                printf("%s (%u)\n", i.name, (unsigned) i.uid);
+        else
+                printf("%u\n", (unsigned) i.uid);
+
+        s1 = format_timestamp_relative(since1, sizeof(since1), i.timestamp.realtime);
+        s2 = format_timestamp(since2, sizeof(since2), i.timestamp.realtime);
+
+        if (s1)
+                printf("\t   Since: %s; %s\n", s2, s1);
+        else if (s2)
+                printf("\t   Since: %s\n", s2);
+
+        if (!isempty(i.state))
+                printf("\t   State: %s\n", i.state);
+
+        if (!strv_isempty(i.sessions)) {
+                char **l;
+                printf("\tSessions:");
+
+                STRV_FOREACH(l, i.sessions)
+                        printf(" %s%s",
+                               streq_ptr(*l, i.display) ? "*" : "",
+                               *l);
+
+                printf("\n");
+        }
+
+        printf("\t  Linger: %s\n", yes_no(i.linger));
+
+        if (i.slice) {
+                printf("\t    Unit: %s\n", i.slice);
+                show_unit_cgroup(bus, "org.freedesktop.systemd1.Slice", i.slice, 0);
+
+                show_journal_by_unit(
+                                stdout,
+                                i.slice,
+                                arg_output,
+                                0,
+                                i.timestamp.monotonic,
+                                arg_lines,
+                                0,
+                                get_output_flags() | OUTPUT_BEGIN_NEWLINE,
+                                SD_JOURNAL_LOCAL_ONLY,
+                                true,
+                                NULL);
+        }
+
+        return 0;
+}
+
+static int print_seat_status_info(sd_bus *bus, const char *path, bool *new_line) {
+
+        static const struct bus_properties_map map[]  = {
+                { "Id",            "s",     NULL, offsetof(SeatStatusInfo, id) },
+                { "ActiveSession", "(so)",  prop_map_first_of_struct, offsetof(SeatStatusInfo, active_session) },
+                { "Sessions",      "a(so)", prop_map_sessions_strv, offsetof(SeatStatusInfo, sessions) },
+                {}
+        };
+
+        _cleanup_(seat_status_info_clear) SeatStatusInfo i = {};
+        int r;
+
+        r = bus_map_all_properties(bus, "org.freedesktop.login1", path, map, &i);
+        if (r < 0)
+                return log_error_errno(r, "Could not get properties: %m");
+
+        if (*new_line)
+                printf("\n");
+
+        *new_line = true;
+
+        printf("%s\n", strna(i.id));
+
+        if (!strv_isempty(i.sessions)) {
+                char **l;
+                printf("\tSessions:");
+
+                STRV_FOREACH(l, i.sessions) {
+                        if (streq_ptr(*l, i.active_session))
+                                printf(" *%s", *l);
+                        else
+                                printf(" %s", *l);
+                }
+
+                printf("\n");
+        }
+
+        if (arg_transport == BUS_TRANSPORT_LOCAL) {
+                unsigned c;
+
+                c = columns();
+                if (c > 21)
+                        c -= 21;
+                else
+                        c = 0;
+
+                printf("\t Devices:\n");
+
+                show_sysfs(i.id, "\t\t  ", c);
+        }
+
+        return 0;
+}
+
+#define property(name, fmt, ...)                                        \
+        do {                                                            \
+                if (arg_value)                                          \
+                        printf(fmt "\n", __VA_ARGS__);                  \
+                else                                                    \
+                        printf("%s=" fmt "\n", name, __VA_ARGS__);      \
+        } while(0)
+
+static int print_property(const char *name, sd_bus_message *m, const char *contents) {
+        int r;
+
+        assert(name);
+        assert(m);
+        assert(contents);
+
+        if (arg_property && !strv_find(arg_property, name))
+                /* skip what we didn't read */
+                return sd_bus_message_skip(m, contents);
+
+        switch (contents[0]) {
+
+        case SD_BUS_TYPE_STRUCT_BEGIN:
+
+                if (contents[1] == SD_BUS_TYPE_STRING && STR_IN_SET(name, "Display", "Seat", "ActiveSession")) {
+                        const char *s;
+
+                        r = sd_bus_message_read(m, "(so)", &s, NULL);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (arg_all || !isempty(s))
+                                property(name, "%s", s);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_UINT32 && streq(name, "User")) {
+                        uint32_t uid;
+
+                        r = sd_bus_message_read(m, "(uo)", &uid, NULL);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (!uid_is_valid(uid)) {
+                                log_error("Invalid user ID: " UID_FMT, uid);
+                                return -EINVAL;
+                        }
+
+                        property(name, UID_FMT, uid);
+                        return 0;
+                }
+
+                break;
+
+        case SD_BUS_TYPE_ARRAY:
+
+                if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Sessions")) {
+                        const char *s;
+                        bool space = false;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(so)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (!arg_value)
+                                printf("%s=", name);
+
+                        while ((r = sd_bus_message_read(m, "(so)", &s, NULL)) > 0) {
+                                printf("%s%s", space ? " " : "", s);
+                                space = true;
+                        }
+
+                        if (space || !arg_value)
+                                printf("\n");
+
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+                }
+
+                break;
+        }
+
+        r = bus_print_property(name, m, arg_value, arg_all);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (r == 0) {
+                r = sd_bus_message_skip(m, contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (arg_all)
+                        printf("%s=[unprintable]\n", name);
+        }
+
+        return 0;
+}
+
+static int show_properties(sd_bus *bus, const char *path, bool *new_line) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(new_line);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        path,
+                        "org.freedesktop.DBus.Properties",
+                        "GetAll",
+                        &error,
+                        &reply,
+                        "s", "");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get properties: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (*new_line)
+                printf("\n");
+
+        *new_line = true;
+
+        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
+                const char *name, *contents;
+
+                r = sd_bus_message_read(reply, "s", &name);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_peek_type(reply, NULL, &contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = print_property(name, reply, contents);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return 0;
+}
+
+static int show_session(int argc, char *argv[], void *userdata) {
+        bool properties, new_line = false;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        properties = !strstr(argv[0], "status");
+
+        pager_open(arg_no_pager, false);
+
+        if (argc <= 1) {
+                /* If not argument is specified inspect the manager
+                 * itself */
+                if (properties)
+                        return show_properties(bus, "/org/freedesktop/login1", &new_line);
+
+                /* And in the pretty case, show data of the calling session */
+                return print_session_status_info(bus, "/org/freedesktop/login1/session/self", &new_line);
+        }
+
+        for (i = 1; i < argc; i++) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message * reply = NULL;
+                const char *path = NULL;
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.login1",
+                                "/org/freedesktop/login1",
+                                "org.freedesktop.login1.Manager",
+                                "GetSession",
+                                &error, &reply,
+                                "s", argv[i]);
+                if (r < 0) {
+                        log_error("Failed to get session: %s", bus_error_message(&error, r));
+                        return r;
+                }
+
+                r = sd_bus_message_read(reply, "o", &path);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (properties)
+                        r = show_properties(bus, path, &new_line);
+                else
+                        r = print_session_status_info(bus, path, &new_line);
+
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int show_user(int argc, char *argv[], void *userdata) {
+        bool properties, new_line = false;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        properties = !strstr(argv[0], "status");
+
+        pager_open(arg_no_pager, false);
+
+        if (argc <= 1) {
+                /* If not argument is specified inspect the manager
+                 * itself */
+                if (properties)
+                        return show_properties(bus, "/org/freedesktop/login1", &new_line);
+
+                return print_user_status_info(bus, "/org/freedesktop/login1/user/self", &new_line);
+        }
+
+        for (i = 1; i < argc; i++) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message * reply = NULL;
+                const char *path = NULL;
+                uid_t uid;
+
+                r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.login1",
+                                "/org/freedesktop/login1",
+                                "org.freedesktop.login1.Manager",
+                                "GetUser",
+                                &error, &reply,
+                                "u", (uint32_t) uid);
+                if (r < 0) {
+                        log_error("Failed to get user: %s", bus_error_message(&error, r));
+                        return r;
+                }
+
+                r = sd_bus_message_read(reply, "o", &path);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (properties)
+                        r = show_properties(bus, path, &new_line);
+                else
+                        r = print_user_status_info(bus, path, &new_line);
+
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int show_seat(int argc, char *argv[], void *userdata) {
+        bool properties, new_line = false;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        properties = !strstr(argv[0], "status");
+
+        pager_open(arg_no_pager, false);
+
+        if (argc <= 1) {
+                /* If not argument is specified inspect the manager
+                 * itself */
+                if (properties)
+                        return show_properties(bus, "/org/freedesktop/login1", &new_line);
+
+                return print_seat_status_info(bus, "/org/freedesktop/login1/seat/self", &new_line);
+        }
+
+        for (i = 1; i < argc; i++) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message * reply = NULL;
+                const char *path = NULL;
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.login1",
+                                "/org/freedesktop/login1",
+                                "org.freedesktop.login1.Manager",
+                                "GetSeat",
+                                &error, &reply,
+                                "s", argv[i]);
+                if (r < 0) {
+                        log_error("Failed to get seat: %s", bus_error_message(&error, r));
+                        return r;
+                }
+
+                r = sd_bus_message_read(reply, "o", &path);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (properties)
+                        r = show_properties(bus, path, &new_line);
+                else
+                        r = print_seat_status_info(bus, path, &new_line);
+
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int activate(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        char *short_argv[3];
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        if (argc < 2) {
+                /* No argument? Let's convert this into the empty
+                 * session name, which the calls will then resolve to
+                 * the caller's session. */
+
+                short_argv[0] = argv[0];
+                short_argv[1] = (char*) "";
+                short_argv[2] = NULL;
+
+                argv = short_argv;
+                argc = 2;
+        }
+
+        for (i = 1; i < argc; i++) {
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.login1",
+                                "/org/freedesktop/login1",
+                                "org.freedesktop.login1.Manager",
+                                streq(argv[0], "lock-session")      ? "LockSession" :
+                                streq(argv[0], "unlock-session")    ? "UnlockSession" :
+                                streq(argv[0], "terminate-session") ? "TerminateSession" :
+                                                                      "ActivateSession",
+                                &error, NULL,
+                                "s", argv[i]);
+                if (r < 0) {
+                        log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int kill_session(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        if (!arg_kill_who)
+                arg_kill_who = "all";
+
+        for (i = 1; i < argc; i++) {
+
+                r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "KillSession",
+                        &error, NULL,
+                        "ssi", argv[i], arg_kill_who, arg_signal);
+                if (r < 0) {
+                        log_error("Could not kill session: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int enable_linger(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        char* short_argv[3];
+        bool b;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        b = streq(argv[0], "enable-linger");
+
+        if (argc < 2) {
+                short_argv[0] = argv[0];
+                short_argv[1] = (char*) "";
+                short_argv[2] = NULL;
+                argv = short_argv;
+                argc = 2;
+        }
+
+        for (i = 1; i < argc; i++) {
+                uid_t uid;
+
+                if (isempty(argv[i]))
+                        uid = UID_INVALID;
+                else {
+                        r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
+                }
+
+                r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "SetUserLinger",
+                        &error, NULL,
+                        "ubb", (uint32_t) uid, b, true);
+                if (r < 0) {
+                        log_error("Could not enable linger: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int terminate_user(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        for (i = 1; i < argc; i++) {
+                uid_t uid;
+
+                r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
+
+                r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "TerminateUser",
+                        &error, NULL,
+                        "u", (uint32_t) uid);
+                if (r < 0) {
+                        log_error("Could not terminate user: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int kill_user(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        if (!arg_kill_who)
+                arg_kill_who = "all";
+
+        for (i = 1; i < argc; i++) {
+                uid_t uid;
+
+                r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
+
+                r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "KillUser",
+                        &error, NULL,
+                        "ui", (uint32_t) uid, arg_signal);
+                if (r < 0) {
+                        log_error("Could not kill user: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int attach(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        for (i = 2; i < argc; i++) {
+
+                r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "AttachDevice",
+                        &error, NULL,
+                        "ssb", argv[1], argv[i], true);
+
+                if (r < 0) {
+                        log_error("Could not attach device: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int flush_devices(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "FlushDevices",
+                        &error, NULL,
+                        "b", true);
+        if (r < 0)
+                log_error("Could not flush devices: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static int lock_sessions(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        streq(argv[0], "lock-sessions") ? "LockSessions" : "UnlockSessions",
+                        &error, NULL,
+                        NULL);
+        if (r < 0)
+                log_error("Could not lock sessions: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static int terminate_seat(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        for (i = 1; i < argc; i++) {
+
+                r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "TerminateSeat",
+                        &error, NULL,
+                        "s", argv[i]);
+                if (r < 0) {
+                        log_error("Could not terminate seat: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int help(int argc, char *argv[], void *userdata) {
+
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Send control commands to or query the login manager.\n\n"
+               "  -h --help                Show this help\n"
+               "     --version             Show package version\n"
+               "     --no-pager            Do not pipe output into a pager\n"
+               "     --no-legend           Do not show the headers and footers\n"
+               "     --no-ask-password     Don't prompt for password\n"
+               "  -H --host=[USER@]HOST    Operate on remote host\n"
+               "  -M --machine=CONTAINER   Operate on local container\n"
+               "  -p --property=NAME       Show only properties by this name\n"
+               "  -a --all                 Show all properties, including empty ones\n"
+               "     --value               When showing properties, only print the value\n"
+               "  -l --full                Do not ellipsize output\n"
+               "     --kill-who=WHO        Who to send signal to\n"
+               "  -s --signal=SIGNAL       Which signal to send\n"
+               "  -n --lines=INTEGER       Number of journal entries to show\n"
+               "  -o --output=STRING       Change journal output mode (short, short-monotonic,\n"
+               "                           verbose, export, json, json-pretty, json-sse, cat)\n\n"
+               "Session Commands:\n"
+               "  list-sessions            List sessions\n"
+               "  session-status [ID...]   Show session status\n"
+               "  show-session [ID...]     Show properties of sessions or the manager\n"
+               "  activate [ID]            Activate a session\n"
+               "  lock-session [ID...]     Screen lock one or more sessions\n"
+               "  unlock-session [ID...]   Screen unlock one or more sessions\n"
+               "  lock-sessions            Screen lock all current sessions\n"
+               "  unlock-sessions          Screen unlock all current sessions\n"
+               "  terminate-session ID...  Terminate one or more sessions\n"
+               "  kill-session ID...       Send signal to processes of a session\n\n"
+               "User Commands:\n"
+               "  list-users               List users\n"
+               "  user-status [USER...]    Show user status\n"
+               "  show-user [USER...]      Show properties of users or the manager\n"
+               "  enable-linger [USER...]  Enable linger state of one or more users\n"
+               "  disable-linger [USER...] Disable linger state of one or more users\n"
+               "  terminate-user USER...   Terminate all sessions of one or more users\n"
+               "  kill-user USER...        Send signal to processes of a user\n\n"
+               "Seat Commands:\n"
+               "  list-seats               List seats\n"
+               "  seat-status [NAME...]    Show seat status\n"
+               "  show-seat [NAME...]      Show properties of seats or the manager\n"
+               "  attach NAME DEVICE...    Attach one or more devices to a seat\n"
+               "  flush-devices            Flush all device associations\n"
+               "  terminate-seat NAME...   Terminate all sessions on one or more seats\n"
+               , program_invocation_short_name);
+
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_VALUE,
+                ARG_NO_PAGER,
+                ARG_NO_LEGEND,
+                ARG_KILL_WHO,
+                ARG_NO_ASK_PASSWORD,
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'                 },
+                { "version",         no_argument,       NULL, ARG_VERSION         },
+                { "property",        required_argument, NULL, 'p'                 },
+                { "all",             no_argument,       NULL, 'a'                 },
+                { "value",           no_argument,       NULL, ARG_VALUE           },
+                { "full",            no_argument,       NULL, 'l'                 },
+                { "no-pager",        no_argument,       NULL, ARG_NO_PAGER        },
+                { "no-legend",       no_argument,       NULL, ARG_NO_LEGEND       },
+                { "kill-who",        required_argument, NULL, ARG_KILL_WHO        },
+                { "signal",          required_argument, NULL, 's'                 },
+                { "host",            required_argument, NULL, 'H'                 },
+                { "machine",         required_argument, NULL, 'M'                 },
+                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
+                { "lines",           required_argument, NULL, 'n'                 },
+                { "output",          required_argument, NULL, 'o'                 },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hp:als:H:M:n:o:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help(0, NULL, NULL);
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'p': {
+                        r = strv_extend(&arg_property, optarg);
+                        if (r < 0)
+                                return log_oom();
+
+                        /* If the user asked for a particular
+                         * property, show it to him, even if it is
+                         * empty. */
+                        arg_all = true;
+                        break;
+                }
+
+                case 'a':
+                        arg_all = true;
+                        break;
+
+                case ARG_VALUE:
+                        arg_value = true;
+                        break;
+
+                case 'l':
+                        arg_full = true;
+                        break;
+
+                case 'n':
+                        if (safe_atou(optarg, &arg_lines) < 0) {
+                                log_error("Failed to parse lines '%s'", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case 'o':
+                        arg_output = output_mode_from_string(optarg);
+                        if (arg_output < 0) {
+                                log_error("Unknown output '%s'.", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_NO_LEGEND:
+                        arg_legend = false;
+                        break;
+
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
+                case ARG_KILL_WHO:
+                        arg_kill_who = optarg;
+                        break;
+
+                case 's':
+                        arg_signal = signal_from_string_try_harder(optarg);
+                        if (arg_signal < 0) {
+                                log_error("Failed to parse signal string %s.", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
+
+        static const Verb verbs[] = {
+                { "help",              VERB_ANY, VERB_ANY, 0,            help              },
+                { "list-sessions",     VERB_ANY, 1,        VERB_DEFAULT, list_sessions     },
+                { "session-status",    VERB_ANY, VERB_ANY, 0,            show_session      },
+                { "show-session",      VERB_ANY, VERB_ANY, 0,            show_session      },
+                { "activate",          VERB_ANY, 2,        0,            activate          },
+                { "lock-session",      VERB_ANY, VERB_ANY, 0,            activate          },
+                { "unlock-session",    VERB_ANY, VERB_ANY, 0,            activate          },
+                { "lock-sessions",     VERB_ANY, 1,        0,            lock_sessions     },
+                { "unlock-sessions",   VERB_ANY, 1,        0,            lock_sessions     },
+                { "terminate-session", 2,        VERB_ANY, 0,            activate          },
+                { "kill-session",      2,        VERB_ANY, 0,            kill_session      },
+                { "list-users",        VERB_ANY, 1,        0,            list_users        },
+                { "user-status",       VERB_ANY, VERB_ANY, 0,            show_user         },
+                { "show-user",         VERB_ANY, VERB_ANY, 0,            show_user         },
+                { "enable-linger",     VERB_ANY, VERB_ANY, 0,            enable_linger     },
+                { "disable-linger",    VERB_ANY, VERB_ANY, 0,            enable_linger     },
+                { "terminate-user",    2,        VERB_ANY, 0,            terminate_user    },
+                { "kill-user",         2,        VERB_ANY, 0,            kill_user         },
+                { "list-seats",        VERB_ANY, 1,        0,            list_seats        },
+                { "seat-status",       VERB_ANY, VERB_ANY, 0,            show_seat         },
+                { "show-seat",         VERB_ANY, VERB_ANY, 0,            show_seat         },
+                { "attach",            3,        VERB_ANY, 0,            attach            },
+                { "flush-devices",     VERB_ANY, 1,        0,            flush_devices     },
+                { "terminate-seat",    2,        VERB_ANY, 0,            terminate_seat    },
+                {}
+        };
+
+        return dispatch_verb(argc, argv, verbs, bus);
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create bus connection: %m");
+                goto finish;
+        }
+
+        sd_bus_set_allow_interactive_authorization(bus, arg_ask_password);
+
+        r = loginctl_main(argc, argv, bus);
+
+finish:
+        pager_close();
+        polkit_agent_close();
+
+        strv_free(arg_property);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/login/sysfs-show.c b/src/grp-login/loginctl/sysfs-show.c
index 29785e2f11..29785e2f11 100644
--- a/src/login/sysfs-show.c
+++ b/src/grp-login/loginctl/sysfs-show.c
diff --git a/src/login/sysfs-show.h b/src/grp-login/loginctl/sysfs-show.h
index 3e94bc3ed5..3e94bc3ed5 100644
--- a/src/login/sysfs-show.h
+++ b/src/grp-login/loginctl/sysfs-show.h
diff --git a/src/login/logind.conf.in b/src/grp-login/logind.conf.in
index 32c0844cb6..32c0844cb6 100644
--- a/src/login/logind.conf.in
+++ b/src/grp-login/logind.conf.in
diff --git a/src/login/org.freedesktop.login1.conf b/src/grp-login/org.freedesktop.login1.conf
index c89e40457e..c89e40457e 100644
--- a/src/login/org.freedesktop.login1.conf
+++ b/src/grp-login/org.freedesktop.login1.conf
diff --git a/src/login/org.freedesktop.login1.policy.in b/src/grp-login/org.freedesktop.login1.policy.in
index 1fa6441629..1fa6441629 100644
--- a/src/login/org.freedesktop.login1.policy.in
+++ b/src/grp-login/org.freedesktop.login1.policy.in
diff --git a/src/login/org.freedesktop.login1.service b/src/grp-login/org.freedesktop.login1.service
index 762dae2bb3..762dae2bb3 100644
--- a/src/login/org.freedesktop.login1.service
+++ b/src/grp-login/org.freedesktop.login1.service
diff --git a/src/grp-login/pam_systemd/Makefile b/src/grp-login/pam_systemd/Makefile
new file mode 100644
index 0000000000..8c87421bb0
--- /dev/null
+++ b/src/grp-login/pam_systemd/Makefile
@@ -0,0 +1,56 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_PAM),)
+pam_systemd_la_SOURCES = \
+	src/login/pam_systemd.sym \
+	src/login/pam_systemd.c
+
+pam_systemd_la_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(PAM_CFLAGS)
+
+pam_systemd_la_LDFLAGS = \
+	$(AM_LDFLAGS) \
+	-module \
+	-export-dynamic \
+	-avoid-version \
+	-shared \
+	-Wl,--version-script=$(srcdir)/pam_systemd.sym
+
+pam_systemd_la_LIBADD = \
+	libshared.la \
+	$(PAM_LIBS)
+
+pamlib_LTLIBRARIES = \
+	pam_systemd.la
+
+dist_pamconf_DATA = \
+	src/login/systemd-user
+
+EXTRA_DIST += \
+	src/login/systemd-user.m4
+endif # HAVE_PAM
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/login/pam_systemd.c b/src/grp-login/pam_systemd/pam_systemd.c
index 98dc201340..98dc201340 100644
--- a/src/login/pam_systemd.c
+++ b/src/grp-login/pam_systemd/pam_systemd.c
diff --git a/src/login/pam_systemd.sym b/src/grp-login/pam_systemd/pam_systemd.sym
index 23ff75f688..23ff75f688 100644
--- a/src/login/pam_systemd.sym
+++ b/src/grp-login/pam_systemd/pam_systemd.sym
diff --git a/src/grp-login/systemd-inhibit/Makefile b/src/grp-login/systemd-inhibit/Makefile
new file mode 100644
index 0000000000..93440da575
--- /dev/null
+++ b/src/grp-login/systemd-inhibit/Makefile
@@ -0,0 +1,37 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+dist_zshcompletion_data += shell-completion/zsh/_systemd-inhibit
+
+systemd_inhibit_SOURCES = \
+	src/login/inhibit.c
+
+systemd_inhibit_LDADD = \
+	libshared.la
+
+rootbin_PROGRAMS += \
+	systemd-inhibit
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-login/systemd-inhibit/inhibit.c b/src/grp-login/systemd-inhibit/inhibit.c
new file mode 100644
index 0000000000..905e757a32
--- /dev/null
+++ b/src/grp-login/systemd-inhibit/inhibit.c
@@ -0,0 +1,292 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "process-util.h"
+#include "signal-util.h"
+#include "strv.h"
+#include "user-util.h"
+#include "util.h"
+
+static const char* arg_what = "idle:sleep:shutdown";
+static const char* arg_who = NULL;
+static const char* arg_why = "Unknown reason";
+static const char* arg_mode = NULL;
+
+static enum {
+        ACTION_INHIBIT,
+        ACTION_LIST
+} arg_action = ACTION_INHIBIT;
+
+static int inhibit(sd_bus *bus, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+        int fd;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "Inhibit",
+                        error,
+                        &reply,
+                        "ssss", arg_what, arg_who, arg_why, arg_mode);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_UNIX_FD, &fd);
+        if (r < 0)
+                return r;
+
+        r = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+        if (r < 0)
+                return -errno;
+
+        return r;
+}
+
+static int print_inhibitors(sd_bus *bus, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *what, *who, *why, *mode;
+        unsigned int uid, pid;
+        unsigned n = 0;
+        int r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "ListInhibitors",
+                        error,
+                        &reply,
+                        "");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssuu)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(ssssuu)", &what, &who, &why, &mode, &uid, &pid)) > 0) {
+                _cleanup_free_ char *comm = NULL, *u = NULL;
+
+                if (arg_mode && !streq(mode, arg_mode))
+                        continue;
+
+                get_process_comm(pid, &comm);
+                u = uid_to_name(uid);
+
+                printf("     Who: %s (UID "UID_FMT"/%s, PID "PID_FMT"/%s)\n"
+                       "    What: %s\n"
+                       "     Why: %s\n"
+                       "    Mode: %s\n\n",
+                       who, uid, strna(u), pid, strna(comm),
+                       what,
+                       why,
+                       mode);
+
+                n++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        printf("%u inhibitors listed.\n", n);
+        return 0;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Execute a process while inhibiting shutdown/sleep/idle.\n\n"
+               "  -h --help               Show this help\n"
+               "     --version            Show package version\n"
+               "     --what=WHAT          Operations to inhibit, colon separated list of:\n"
+               "                          shutdown, sleep, idle, handle-power-key,\n"
+               "                          handle-suspend-key, handle-hibernate-key,\n"
+               "                          handle-lid-switch\n"
+               "     --who=STRING         A descriptive string who is inhibiting\n"
+               "     --why=STRING         A descriptive string why is being inhibited\n"
+               "     --mode=MODE          One of block or delay\n"
+               "     --list               List active inhibitors\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_WHAT,
+                ARG_WHO,
+                ARG_WHY,
+                ARG_MODE,
+                ARG_LIST,
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'              },
+                { "version",      no_argument,       NULL, ARG_VERSION      },
+                { "what",         required_argument, NULL, ARG_WHAT         },
+                { "who",          required_argument, NULL, ARG_WHO          },
+                { "why",          required_argument, NULL, ARG_WHY          },
+                { "mode",         required_argument, NULL, ARG_MODE         },
+                { "list",         no_argument,       NULL, ARG_LIST         },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "+h", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_WHAT:
+                        arg_what = optarg;
+                        break;
+
+                case ARG_WHO:
+                        arg_who = optarg;
+                        break;
+
+                case ARG_WHY:
+                        arg_why = optarg;
+                        break;
+
+                case ARG_MODE:
+                        arg_mode = optarg;
+                        break;
+
+                case ARG_LIST:
+                        arg_action = ACTION_LIST;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (arg_action == ACTION_INHIBIT && optind == argc)
+                arg_action = ACTION_LIST;
+
+        else if (arg_action == ACTION_INHIBIT && optind >= argc) {
+                log_error("Missing command line to execute.");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r < 0)
+                return EXIT_FAILURE;
+        if (r == 0)
+                return EXIT_SUCCESS;
+
+        r = sd_bus_default_system(&bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to connect to bus: %m");
+                return EXIT_FAILURE;
+        }
+
+        if (arg_action == ACTION_LIST) {
+
+                r = print_inhibitors(bus, &error);
+                if (r < 0) {
+                        log_error("Failed to list inhibitors: %s", bus_error_message(&error, -r));
+                        return EXIT_FAILURE;
+                }
+
+        } else {
+                _cleanup_close_ int fd = -1;
+                _cleanup_free_ char *w = NULL;
+                pid_t pid;
+
+                if (!arg_who)
+                        arg_who = w = strv_join(argv + optind, " ");
+
+                if (!arg_mode)
+                        arg_mode = "block";
+
+                fd = inhibit(bus, &error);
+                if (fd < 0) {
+                        log_error("Failed to inhibit: %s", bus_error_message(&error, fd));
+                        return EXIT_FAILURE;
+                }
+
+                pid = fork();
+                if (pid < 0) {
+                        log_error_errno(errno, "Failed to fork: %m");
+                        return EXIT_FAILURE;
+                }
+
+                if (pid == 0) {
+                        /* Child */
+
+                        (void) reset_all_signal_handlers();
+                        (void) reset_signal_mask();
+
+                        close_all_fds(NULL, 0);
+
+                        execvp(argv[optind], argv + optind);
+                        log_error_errno(errno, "Failed to execute %s: %m", argv[optind]);
+                        _exit(EXIT_FAILURE);
+                }
+
+                r = wait_for_terminate_and_warn(argv[optind], pid, true);
+                return r < 0 ? EXIT_FAILURE : r;
+        }
+
+        return 0;
+}
diff --git a/src/grp-login/systemd-logind/Makefile b/src/grp-login/systemd-logind/Makefile
new file mode 100644
index 0000000000..9dd5855e88
--- /dev/null
+++ b/src/grp-login/systemd-logind/Makefile
@@ -0,0 +1,39 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemd_logind_SOURCES = \
+	src/login/logind.c \
+	src/login/logind.h
+
+nodist_systemd_logind_SOURCES = \
+	src/login/logind-gperf.c
+
+systemd_logind_LDADD = \
+	liblogind-core.la
+
+rootlibexec_PROGRAMS += \
+	systemd-logind
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-login/systemd-logind/logind.c b/src/grp-login/systemd-logind/logind.c
new file mode 100644
index 0000000000..925c04a344
--- /dev/null
+++ b/src/grp-login/systemd-logind/logind.c
@@ -0,0 +1,1208 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libudev.h"
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "conf-parser.h"
+#include "def.h"
+#include "dirent-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "logind.h"
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "strv.h"
+#include "udev-util.h"
+
+static void manager_free(Manager *m);
+
+static void manager_reset_config(Manager *m) {
+        m->n_autovts = 6;
+        m->reserve_vt = 6;
+        m->remove_ipc = true;
+        m->inhibit_delay_max = 5 * USEC_PER_SEC;
+        m->handle_power_key = HANDLE_POWEROFF;
+        m->handle_suspend_key = HANDLE_SUSPEND;
+        m->handle_hibernate_key = HANDLE_HIBERNATE;
+        m->handle_lid_switch = HANDLE_SUSPEND;
+        m->handle_lid_switch_docked = HANDLE_IGNORE;
+        m->power_key_ignore_inhibited = false;
+        m->suspend_key_ignore_inhibited = false;
+        m->hibernate_key_ignore_inhibited = false;
+        m->lid_switch_ignore_inhibited = true;
+
+        m->holdoff_timeout_usec = 30 * USEC_PER_SEC;
+
+        m->idle_action_usec = 30 * USEC_PER_MINUTE;
+        m->idle_action = HANDLE_IGNORE;
+
+        m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */
+        m->user_tasks_max = 12288;
+        m->sessions_max = 8192;
+        m->inhibitors_max = 8192;
+
+        m->kill_user_processes = KILL_USER_PROCESSES;
+
+        m->kill_only_users = strv_free(m->kill_only_users);
+        m->kill_exclude_users = strv_free(m->kill_exclude_users);
+}
+
+static Manager *manager_new(void) {
+        Manager *m;
+        int r;
+
+        m = new0(Manager, 1);
+        if (!m)
+                return NULL;
+
+        m->console_active_fd = -1;
+        m->reserve_vt_fd = -1;
+
+        m->idle_action_not_before_usec = now(CLOCK_MONOTONIC);
+
+        m->devices = hashmap_new(&string_hash_ops);
+        m->seats = hashmap_new(&string_hash_ops);
+        m->sessions = hashmap_new(&string_hash_ops);
+        m->users = hashmap_new(NULL);
+        m->inhibitors = hashmap_new(&string_hash_ops);
+        m->buttons = hashmap_new(&string_hash_ops);
+
+        m->user_units = hashmap_new(&string_hash_ops);
+        m->session_units = hashmap_new(&string_hash_ops);
+
+        if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units)
+                goto fail;
+
+        m->udev = udev_new();
+        if (!m->udev)
+                goto fail;
+
+        r = sd_event_default(&m->event);
+        if (r < 0)
+                goto fail;
+
+        sd_event_set_watchdog(m->event, true);
+
+        manager_reset_config(m);
+
+        return m;
+
+fail:
+        manager_free(m);
+        return NULL;
+}
+
+static void manager_free(Manager *m) {
+        Session *session;
+        User *u;
+        Device *d;
+        Seat *s;
+        Inhibitor *i;
+        Button *b;
+
+        assert(m);
+
+        while ((session = hashmap_first(m->sessions)))
+                session_free(session);
+
+        while ((u = hashmap_first(m->users)))
+                user_free(u);
+
+        while ((d = hashmap_first(m->devices)))
+                device_free(d);
+
+        while ((s = hashmap_first(m->seats)))
+                seat_free(s);
+
+        while ((i = hashmap_first(m->inhibitors)))
+                inhibitor_free(i);
+
+        while ((b = hashmap_first(m->buttons)))
+                button_free(b);
+
+        hashmap_free(m->devices);
+        hashmap_free(m->seats);
+        hashmap_free(m->sessions);
+        hashmap_free(m->users);
+        hashmap_free(m->inhibitors);
+        hashmap_free(m->buttons);
+
+        hashmap_free(m->user_units);
+        hashmap_free(m->session_units);
+
+        sd_event_source_unref(m->idle_action_event_source);
+        sd_event_source_unref(m->inhibit_timeout_source);
+        sd_event_source_unref(m->scheduled_shutdown_timeout_source);
+        sd_event_source_unref(m->nologin_timeout_source);
+        sd_event_source_unref(m->wall_message_timeout_source);
+
+        sd_event_source_unref(m->console_active_event_source);
+        sd_event_source_unref(m->udev_seat_event_source);
+        sd_event_source_unref(m->udev_device_event_source);
+        sd_event_source_unref(m->udev_vcsa_event_source);
+        sd_event_source_unref(m->udev_button_event_source);
+        sd_event_source_unref(m->lid_switch_ignore_event_source);
+
+        safe_close(m->console_active_fd);
+
+        udev_monitor_unref(m->udev_seat_monitor);
+        udev_monitor_unref(m->udev_device_monitor);
+        udev_monitor_unref(m->udev_vcsa_monitor);
+        udev_monitor_unref(m->udev_button_monitor);
+
+        udev_unref(m->udev);
+
+        if (m->unlink_nologin)
+                (void) unlink("/run/nologin");
+
+        bus_verify_polkit_async_registry_free(m->polkit_registry);
+
+        sd_bus_unref(m->bus);
+        sd_event_unref(m->event);
+
+        safe_close(m->reserve_vt_fd);
+
+        strv_free(m->kill_only_users);
+        strv_free(m->kill_exclude_users);
+
+        free(m->scheduled_shutdown_type);
+        free(m->scheduled_shutdown_tty);
+        free(m->wall_message);
+        free(m->action_job);
+        free(m);
+}
+
+static int manager_enumerate_devices(Manager *m) {
+        struct udev_list_entry *item = NULL, *first = NULL;
+        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+        int r;
+
+        assert(m);
+
+        /* Loads devices from udev and creates seats for them as
+         * necessary */
+
+        e = udev_enumerate_new(m->udev);
+        if (!e)
+                return -ENOMEM;
+
+        r = udev_enumerate_add_match_tag(e, "master-of-seat");
+        if (r < 0)
+                return r;
+
+        r = udev_enumerate_add_match_is_initialized(e);
+        if (r < 0)
+                return r;
+
+        r = udev_enumerate_scan_devices(e);
+        if (r < 0)
+                return r;
+
+        first = udev_enumerate_get_list_entry(e);
+        udev_list_entry_foreach(item, first) {
+                _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+                int k;
+
+                d = udev_device_new_from_syspath(m->udev, udev_list_entry_get_name(item));
+                if (!d)
+                        return -ENOMEM;
+
+                k = manager_process_seat_device(m, d);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int manager_enumerate_buttons(Manager *m) {
+        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+        struct udev_list_entry *item = NULL, *first = NULL;
+        int r;
+
+        assert(m);
+
+        /* Loads buttons from udev */
+
+        if (m->handle_power_key == HANDLE_IGNORE &&
+            m->handle_suspend_key == HANDLE_IGNORE &&
+            m->handle_hibernate_key == HANDLE_IGNORE &&
+            m->handle_lid_switch == HANDLE_IGNORE &&
+            m->handle_lid_switch_docked == HANDLE_IGNORE)
+                return 0;
+
+        e = udev_enumerate_new(m->udev);
+        if (!e)
+                return -ENOMEM;
+
+        r = udev_enumerate_add_match_subsystem(e, "input");
+        if (r < 0)
+                return r;
+
+        r = udev_enumerate_add_match_tag(e, "power-switch");
+        if (r < 0)
+                return r;
+
+        r = udev_enumerate_add_match_is_initialized(e);
+        if (r < 0)
+                return r;
+
+        r = udev_enumerate_scan_devices(e);
+        if (r < 0)
+                return r;
+
+        first = udev_enumerate_get_list_entry(e);
+        udev_list_entry_foreach(item, first) {
+                _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+                int k;
+
+                d = udev_device_new_from_syspath(m->udev, udev_list_entry_get_name(item));
+                if (!d)
+                        return -ENOMEM;
+
+                k = manager_process_button_device(m, d);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int manager_enumerate_seats(Manager *m) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r = 0;
+
+        assert(m);
+
+        /* This loads data about seats stored on disk, but does not
+         * actually create any seats. Removes data of seats that no
+         * longer exist. */
+
+        d = opendir("/run/systemd/seats");
+        if (!d) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open /run/systemd/seats: %m");
+        }
+
+        FOREACH_DIRENT(de, d, return -errno) {
+                Seat *s;
+                int k;
+
+                if (!dirent_is_file(de))
+                        continue;
+
+                s = hashmap_get(m->seats, de->d_name);
+                if (!s) {
+                        unlinkat(dirfd(d), de->d_name, 0);
+                        continue;
+                }
+
+                k = seat_load(s);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int manager_enumerate_linger_users(Manager *m) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r = 0;
+
+        assert(m);
+
+        d = opendir("/var/lib/systemd/linger");
+        if (!d) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open /var/lib/systemd/linger/: %m");
+        }
+
+        FOREACH_DIRENT(de, d, return -errno) {
+                int k;
+
+                if (!dirent_is_file(de))
+                        continue;
+
+                k = manager_add_user_by_name(m, de->d_name, NULL);
+                if (k < 0) {
+                        log_notice_errno(k, "Couldn't add lingering user %s: %m", de->d_name);
+                        r = k;
+                }
+        }
+
+        return r;
+}
+
+static int manager_enumerate_users(Manager *m) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r, k;
+
+        assert(m);
+
+        /* Add lingering users */
+        r = manager_enumerate_linger_users(m);
+
+        /* Read in user data stored on disk */
+        d = opendir("/run/systemd/users");
+        if (!d) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open /run/systemd/users: %m");
+        }
+
+        FOREACH_DIRENT(de, d, return -errno) {
+                User *u;
+
+                if (!dirent_is_file(de))
+                        continue;
+
+                k = manager_add_user_by_name(m, de->d_name, &u);
+                if (k < 0) {
+                        log_error_errno(k, "Failed to add user by file name %s: %m", de->d_name);
+
+                        r = k;
+                        continue;
+                }
+
+                user_add_to_gc_queue(u);
+
+                k = user_load(u);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int manager_enumerate_sessions(Manager *m) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r = 0;
+
+        assert(m);
+
+        /* Read in session data stored on disk */
+        d = opendir("/run/systemd/sessions");
+        if (!d) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open /run/systemd/sessions: %m");
+        }
+
+        FOREACH_DIRENT(de, d, return -errno) {
+                struct Session *s;
+                int k;
+
+                if (!dirent_is_file(de))
+                        continue;
+
+                if (!session_id_valid(de->d_name)) {
+                        log_warning("Invalid session file name '%s', ignoring.", de->d_name);
+                        r = -EINVAL;
+                        continue;
+                }
+
+                k = manager_add_session(m, de->d_name, &s);
+                if (k < 0) {
+                        log_error_errno(k, "Failed to add session by file name %s: %m", de->d_name);
+
+                        r = k;
+                        continue;
+                }
+
+                session_add_to_gc_queue(s);
+
+                k = session_load(s);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int manager_enumerate_inhibitors(Manager *m) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r = 0;
+
+        assert(m);
+
+        d = opendir("/run/systemd/inhibit");
+        if (!d) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open /run/systemd/inhibit: %m");
+        }
+
+        FOREACH_DIRENT(de, d, return -errno) {
+                int k;
+                Inhibitor *i;
+
+                if (!dirent_is_file(de))
+                        continue;
+
+                k = manager_add_inhibitor(m, de->d_name, &i);
+                if (k < 0) {
+                        log_notice_errno(k, "Couldn't add inhibitor %s: %m", de->d_name);
+                        r = k;
+                        continue;
+                }
+
+                k = inhibitor_load(i);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int manager_dispatch_seat_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        Manager *m = userdata;
+
+        assert(m);
+
+        d = udev_monitor_receive_device(m->udev_seat_monitor);
+        if (!d)
+                return -ENOMEM;
+
+        manager_process_seat_device(m, d);
+        return 0;
+}
+
+static int manager_dispatch_device_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        Manager *m = userdata;
+
+        assert(m);
+
+        d = udev_monitor_receive_device(m->udev_device_monitor);
+        if (!d)
+                return -ENOMEM;
+
+        manager_process_seat_device(m, d);
+        return 0;
+}
+
+static int manager_dispatch_vcsa_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        Manager *m = userdata;
+        const char *name;
+
+        assert(m);
+
+        d = udev_monitor_receive_device(m->udev_vcsa_monitor);
+        if (!d)
+                return -ENOMEM;
+
+        name = udev_device_get_sysname(d);
+
+        /* Whenever a VCSA device is removed try to reallocate our
+         * VTs, to make sure our auto VTs never go away. */
+
+        if (name && startswith(name, "vcsa") && streq_ptr(udev_device_get_action(d), "remove"))
+                seat_preallocate_vts(m->seat0);
+
+        return 0;
+}
+
+static int manager_dispatch_button_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        Manager *m = userdata;
+
+        assert(m);
+
+        d = udev_monitor_receive_device(m->udev_button_monitor);
+        if (!d)
+                return -ENOMEM;
+
+        manager_process_button_device(m, d);
+        return 0;
+}
+
+static int manager_dispatch_console(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+
+        assert(m);
+        assert(m->seat0);
+        assert(m->console_active_fd == fd);
+
+        seat_read_active_vt(m->seat0);
+        return 0;
+}
+
+static int manager_reserve_vt(Manager *m) {
+        _cleanup_free_ char *p = NULL;
+
+        assert(m);
+
+        if (m->reserve_vt <= 0)
+                return 0;
+
+        if (asprintf(&p, "/dev/tty%u", m->reserve_vt) < 0)
+                return log_oom();
+
+        m->reserve_vt_fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC|O_NONBLOCK);
+        if (m->reserve_vt_fd < 0) {
+
+                /* Don't complain on VT-less systems */
+                if (errno != ENOENT)
+                        log_warning_errno(errno, "Failed to pin reserved VT: %m");
+                return -errno;
+        }
+
+        return 0;
+}
+
+static int manager_connect_bus(Manager *m) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(m);
+        assert(!m->bus);
+
+        r = sd_bus_default_system(&m->bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to system bus: %m");
+
+        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/login1", "org.freedesktop.login1.Manager", manager_vtable, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add manager object vtable: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/login1/seat", "org.freedesktop.login1.Seat", seat_vtable, seat_object_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add seat object vtable: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/login1/seat", seat_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add seat enumerator: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/login1/session", "org.freedesktop.login1.Session", session_vtable, session_object_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add session object vtable: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/login1/session", session_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add session enumerator: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/login1/user", "org.freedesktop.login1.User", user_vtable, user_object_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add user object vtable: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/login1/user", user_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add user enumerator: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.systemd1.Manager',"
+                             "member='JobRemoved',"
+                             "path='/org/freedesktop/systemd1'",
+                             match_job_removed, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for JobRemoved: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.systemd1.Manager',"
+                             "member='UnitRemoved',"
+                             "path='/org/freedesktop/systemd1'",
+                             match_unit_removed, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for UnitRemoved: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.DBus.Properties',"
+                             "member='PropertiesChanged'",
+                             match_properties_changed, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for PropertiesChanged: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.systemd1.Manager',"
+                             "member='Reloading',"
+                             "path='/org/freedesktop/systemd1'",
+                             match_reloading, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for Reloading: %m");
+
+        r = sd_bus_call_method(
+                        m->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "Subscribe",
+                        &error,
+                        NULL, NULL);
+        if (r < 0) {
+                log_error("Failed to enable subscription: %s", bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_request_name(m->bus, "org.freedesktop.login1", 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register name: %m");
+
+        r = sd_bus_attach_event(m->bus, m->event, SD_EVENT_PRIORITY_NORMAL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        return 0;
+}
+
+static int manager_vt_switch(sd_event_source *src, const struct signalfd_siginfo *si, void *data) {
+        Manager *m = data;
+        Session *active, *iter;
+
+        /*
+         * We got a VT-switch signal and we have to acknowledge it immediately.
+         * Preferably, we'd just use m->seat0->active->vtfd, but unfortunately,
+         * old user-space might run multiple sessions on a single VT, *sigh*.
+         * Therefore, we have to iterate all sessions and find one with a vtfd
+         * on the requested VT.
+         * As only VTs with active controllers have VT_PROCESS set, our current
+         * notion of the active VT might be wrong (for instance if the switch
+         * happens while we setup VT_PROCESS). Therefore, read the current VT
+         * first and then use s->active->vtnr as reference. Note that this is
+         * not racy, as no further VT-switch can happen as long as we're in
+         * synchronous VT_PROCESS mode.
+         */
+
+        assert(m->seat0);
+        seat_read_active_vt(m->seat0);
+
+        active = m->seat0->active;
+        if (!active || active->vtnr < 1) {
+                log_warning("Received VT_PROCESS signal without a registered session on that VT.");
+                return 0;
+        }
+
+        if (active->vtfd >= 0) {
+                session_leave_vt(active);
+        } else {
+                LIST_FOREACH(sessions_by_seat, iter, m->seat0->sessions) {
+                        if (iter->vtnr == active->vtnr && iter->vtfd >= 0) {
+                                session_leave_vt(iter);
+                                break;
+                        }
+                }
+        }
+
+        return 0;
+}
+
+static int manager_connect_console(Manager *m) {
+        int r;
+
+        assert(m);
+        assert(m->console_active_fd < 0);
+
+        /* On certain architectures (S390 and Xen, and containers),
+           /dev/tty0 does not exist, so don't fail if we can't open
+           it. */
+        if (access("/dev/tty0", F_OK) < 0)
+                return 0;
+
+        m->console_active_fd = open("/sys/class/tty/tty0/active", O_RDONLY|O_NOCTTY|O_CLOEXEC);
+        if (m->console_active_fd < 0) {
+
+                /* On some systems the device node /dev/tty0 may exist
+                 * even though /sys/class/tty/tty0 does not. */
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open /sys/class/tty/tty0/active: %m");
+        }
+
+        r = sd_event_add_io(m->event, &m->console_active_event_source, m->console_active_fd, 0, manager_dispatch_console, m);
+        if (r < 0) {
+                log_error("Failed to watch foreground console");
+                return r;
+        }
+
+        /*
+         * SIGRTMIN is used as global VT-release signal, SIGRTMIN + 1 is used
+         * as VT-acquire signal. We ignore any acquire-events (yes, we still
+         * have to provide a valid signal-number for it!) and acknowledge all
+         * release events immediately.
+         */
+
+        if (SIGRTMIN + 1 > SIGRTMAX) {
+                log_error("Not enough real-time signals available: %u-%u", SIGRTMIN, SIGRTMAX);
+                return -EINVAL;
+        }
+
+        assert_se(ignore_signals(SIGRTMIN + 1, -1) >= 0);
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGRTMIN, -1) >= 0);
+
+        r = sd_event_add_signal(m->event, NULL, SIGRTMIN, manager_vt_switch, m);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int manager_connect_udev(Manager *m) {
+        int r;
+
+        assert(m);
+        assert(!m->udev_seat_monitor);
+        assert(!m->udev_device_monitor);
+        assert(!m->udev_vcsa_monitor);
+        assert(!m->udev_button_monitor);
+
+        m->udev_seat_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
+        if (!m->udev_seat_monitor)
+                return -ENOMEM;
+
+        r = udev_monitor_filter_add_match_tag(m->udev_seat_monitor, "master-of-seat");
+        if (r < 0)
+                return r;
+
+        r = udev_monitor_enable_receiving(m->udev_seat_monitor);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_io(m->event, &m->udev_seat_event_source, udev_monitor_get_fd(m->udev_seat_monitor), EPOLLIN, manager_dispatch_seat_udev, m);
+        if (r < 0)
+                return r;
+
+        m->udev_device_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
+        if (!m->udev_device_monitor)
+                return -ENOMEM;
+
+        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_device_monitor, "input", NULL);
+        if (r < 0)
+                return r;
+
+        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_device_monitor, "graphics", NULL);
+        if (r < 0)
+                return r;
+
+        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_device_monitor, "drm", NULL);
+        if (r < 0)
+                return r;
+
+        r = udev_monitor_enable_receiving(m->udev_device_monitor);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_io(m->event, &m->udev_device_event_source, udev_monitor_get_fd(m->udev_device_monitor), EPOLLIN, manager_dispatch_device_udev, m);
+        if (r < 0)
+                return r;
+
+        /* Don't watch keys if nobody cares */
+        if (m->handle_power_key != HANDLE_IGNORE ||
+            m->handle_suspend_key != HANDLE_IGNORE ||
+            m->handle_hibernate_key != HANDLE_IGNORE ||
+            m->handle_lid_switch != HANDLE_IGNORE ||
+            m->handle_lid_switch_docked != HANDLE_IGNORE) {
+
+                m->udev_button_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
+                if (!m->udev_button_monitor)
+                        return -ENOMEM;
+
+                r = udev_monitor_filter_add_match_tag(m->udev_button_monitor, "power-switch");
+                if (r < 0)
+                        return r;
+
+                r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_button_monitor, "input", NULL);
+                if (r < 0)
+                        return r;
+
+                r = udev_monitor_enable_receiving(m->udev_button_monitor);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_add_io(m->event, &m->udev_button_event_source, udev_monitor_get_fd(m->udev_button_monitor), EPOLLIN, manager_dispatch_button_udev, m);
+                if (r < 0)
+                        return r;
+        }
+
+        /* Don't bother watching VCSA devices, if nobody cares */
+        if (m->n_autovts > 0 && m->console_active_fd >= 0) {
+
+                m->udev_vcsa_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
+                if (!m->udev_vcsa_monitor)
+                        return -ENOMEM;
+
+                r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_vcsa_monitor, "vc", NULL);
+                if (r < 0)
+                        return r;
+
+                r = udev_monitor_enable_receiving(m->udev_vcsa_monitor);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_add_io(m->event, &m->udev_vcsa_event_source, udev_monitor_get_fd(m->udev_vcsa_monitor), EPOLLIN, manager_dispatch_vcsa_udev, m);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static void manager_gc(Manager *m, bool drop_not_started) {
+        Seat *seat;
+        Session *session;
+        User *user;
+
+        assert(m);
+
+        while ((seat = m->seat_gc_queue)) {
+                LIST_REMOVE(gc_queue, m->seat_gc_queue, seat);
+                seat->in_gc_queue = false;
+
+                if (!seat_check_gc(seat, drop_not_started)) {
+                        seat_stop(seat, false);
+                        seat_free(seat);
+                }
+        }
+
+        while ((session = m->session_gc_queue)) {
+                LIST_REMOVE(gc_queue, m->session_gc_queue, session);
+                session->in_gc_queue = false;
+
+                /* First, if we are not closing yet, initiate stopping */
+                if (!session_check_gc(session, drop_not_started) &&
+                    session_get_state(session) != SESSION_CLOSING)
+                        session_stop(session, false);
+
+                /* Normally, this should make the session referenced
+                 * again, if it doesn't then let's get rid of it
+                 * immediately */
+                if (!session_check_gc(session, drop_not_started)) {
+                        session_finalize(session);
+                        session_free(session);
+                }
+        }
+
+        while ((user = m->user_gc_queue)) {
+                LIST_REMOVE(gc_queue, m->user_gc_queue, user);
+                user->in_gc_queue = false;
+
+                /* First step: queue stop jobs */
+                if (!user_check_gc(user, drop_not_started))
+                        user_stop(user, false);
+
+                /* Second step: finalize user */
+                if (!user_check_gc(user, drop_not_started)) {
+                        user_finalize(user);
+                        user_free(user);
+                }
+        }
+}
+
+static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *userdata) {
+        Manager *m = userdata;
+        struct dual_timestamp since;
+        usec_t n, elapse;
+        int r;
+
+        assert(m);
+
+        if (m->idle_action == HANDLE_IGNORE ||
+            m->idle_action_usec <= 0)
+                return 0;
+
+        n = now(CLOCK_MONOTONIC);
+
+        r = manager_get_idle_hint(m, &since);
+        if (r <= 0)
+                /* Not idle. Let's check if after a timeout it might be idle then. */
+                elapse = n + m->idle_action_usec;
+        else {
+                /* Idle! Let's see if it's time to do something, or if
+                 * we shall sleep for longer. */
+
+                if (n >= since.monotonic + m->idle_action_usec &&
+                    (m->idle_action_not_before_usec <= 0 || n >= m->idle_action_not_before_usec + m->idle_action_usec)) {
+                        log_info("System idle. Taking action.");
+
+                        manager_handle_action(m, 0, m->idle_action, false, false);
+                        m->idle_action_not_before_usec = n;
+                }
+
+                elapse = MAX(since.monotonic, m->idle_action_not_before_usec) + m->idle_action_usec;
+        }
+
+        if (!m->idle_action_event_source) {
+
+                r = sd_event_add_time(
+                                m->event,
+                                &m->idle_action_event_source,
+                                CLOCK_MONOTONIC,
+                                elapse, USEC_PER_SEC*30,
+                                manager_dispatch_idle_action, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add idle event source: %m");
+
+                r = sd_event_source_set_priority(m->idle_action_event_source, SD_EVENT_PRIORITY_IDLE+10);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set idle event source priority: %m");
+        } else {
+                r = sd_event_source_set_time(m->idle_action_event_source, elapse);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set idle event timer: %m");
+
+                r = sd_event_source_set_enabled(m->idle_action_event_source, SD_EVENT_ONESHOT);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to enable idle event timer: %m");
+        }
+
+        return 0;
+}
+
+static int manager_parse_config_file(Manager *m) {
+        assert(m);
+
+        return config_parse_many(PKGSYSCONFDIR "/logind.conf",
+                                 CONF_PATHS_NULSTR("systemd/logind.conf.d"),
+                                 "Login\0",
+                                 config_item_perf_lookup, logind_gperf_lookup,
+                                 false, m);
+}
+
+static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        Manager *m = userdata;
+        int r;
+
+        manager_reset_config(m);
+        r = manager_parse_config_file(m);
+        if (r < 0)
+                log_warning_errno(r, "Failed to parse config file, using defaults: %m");
+        else
+                log_info("Config file reloaded.");
+
+        return 0;
+}
+
+static int manager_startup(Manager *m) {
+        int r;
+        Seat *seat;
+        Session *session;
+        User *user;
+        Button *button;
+        Inhibitor *inhibitor;
+        Iterator i;
+
+        assert(m);
+
+        assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGHUP, -1) >= 0);
+
+        r = sd_event_add_signal(m->event, NULL, SIGHUP, manager_dispatch_reload_signal, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register SIGHUP handler: %m");
+
+        /* Connect to console */
+        r = manager_connect_console(m);
+        if (r < 0)
+                return r;
+
+        /* Connect to udev */
+        r = manager_connect_udev(m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create udev watchers: %m");
+
+        /* Connect to the bus */
+        r = manager_connect_bus(m);
+        if (r < 0)
+                return r;
+
+        /* Instantiate magic seat 0 */
+        r = manager_add_seat(m, "seat0", &m->seat0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add seat0: %m");
+
+        r = manager_set_lid_switch_ignore(m, 0 + m->holdoff_timeout_usec);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set up lid switch ignore event source: %m");
+
+        /* Deserialize state */
+        r = manager_enumerate_devices(m);
+        if (r < 0)
+                log_warning_errno(r, "Device enumeration failed: %m");
+
+        r = manager_enumerate_seats(m);
+        if (r < 0)
+                log_warning_errno(r, "Seat enumeration failed: %m");
+
+        r = manager_enumerate_users(m);
+        if (r < 0)
+                log_warning_errno(r, "User enumeration failed: %m");
+
+        r = manager_enumerate_sessions(m);
+        if (r < 0)
+                log_warning_errno(r, "Session enumeration failed: %m");
+
+        r = manager_enumerate_inhibitors(m);
+        if (r < 0)
+                log_warning_errno(r, "Inhibitor enumeration failed: %m");
+
+        r = manager_enumerate_buttons(m);
+        if (r < 0)
+                log_warning_errno(r, "Button enumeration failed: %m");
+
+        /* Remove stale objects before we start them */
+        manager_gc(m, false);
+
+        /* Reserve the special reserved VT */
+        manager_reserve_vt(m);
+
+        /* And start everything */
+        HASHMAP_FOREACH(seat, m->seats, i)
+                seat_start(seat);
+
+        HASHMAP_FOREACH(user, m->users, i)
+                user_start(user);
+
+        HASHMAP_FOREACH(session, m->sessions, i)
+                session_start(session);
+
+        HASHMAP_FOREACH(inhibitor, m->inhibitors, i)
+                inhibitor_start(inhibitor);
+
+        HASHMAP_FOREACH(button, m->buttons, i)
+                button_check_switches(button);
+
+        manager_dispatch_idle_action(NULL, 0, m);
+
+        return 0;
+}
+
+static int manager_run(Manager *m) {
+        int r;
+
+        assert(m);
+
+        for (;;) {
+                r = sd_event_get_state(m->event);
+                if (r < 0)
+                        return r;
+                if (r == SD_EVENT_FINISHED)
+                        return 0;
+
+                manager_gc(m, true);
+
+                r = manager_dispatch_delayed(m, false);
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        continue;
+
+                r = sd_event_run(m->event, (uint64_t) -1);
+                if (r < 0)
+                        return r;
+        }
+}
+
+int main(int argc, char *argv[]) {
+        Manager *m = NULL;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_set_facility(LOG_AUTH);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (argc != 1) {
+                log_error("This program takes no arguments.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        r = mac_selinux_init();
+        if (r < 0) {
+                log_error_errno(r, "Could not initialize labelling: %m");
+                goto finish;
+        }
+
+        /* Always create the directories people can create inotify
+         * watches in. Note that some applications might check for the
+         * existence of /run/systemd/seats/ to determine whether
+         * logind is available, so please always make sure this check
+         * stays in. */
+        mkdir_label("/run/systemd/seats", 0755);
+        mkdir_label("/run/systemd/users", 0755);
+        mkdir_label("/run/systemd/sessions", 0755);
+
+        m = manager_new();
+        if (!m) {
+                r = log_oom();
+                goto finish;
+        }
+
+        manager_parse_config_file(m);
+
+        r = manager_startup(m);
+        if (r < 0) {
+                log_error_errno(r, "Failed to fully start up daemon: %m");
+                goto finish;
+        }
+
+        log_debug("systemd-logind running as pid "PID_FMT, getpid());
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing requests...");
+
+        r = manager_run(m);
+
+        log_debug("systemd-logind stopped as pid "PID_FMT, getpid());
+
+finish:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Shutting down...");
+
+        manager_free(m);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-login/systemd-logind/logind.h b/src/grp-login/systemd-logind/logind.h
new file mode 100644
index 0000000000..9d43c2e7ee
--- /dev/null
+++ b/src/grp-login/systemd-logind/logind.h
@@ -0,0 +1,198 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include "libudev.h"
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+
+#include "hashmap.h"
+#include "list.h"
+#include "set.h"
+
+typedef struct Manager Manager;
+
+#include "logind-action.h"
+#include "logind-button.h"
+#include "logind-device.h"
+#include "logind-inhibit.h"
+
+struct Manager {
+        sd_event *event;
+        sd_bus *bus;
+
+        Hashmap *devices;
+        Hashmap *seats;
+        Hashmap *sessions;
+        Hashmap *users;
+        Hashmap *inhibitors;
+        Hashmap *buttons;
+
+        LIST_HEAD(Seat, seat_gc_queue);
+        LIST_HEAD(Session, session_gc_queue);
+        LIST_HEAD(User, user_gc_queue);
+
+        struct udev *udev;
+        struct udev_monitor *udev_seat_monitor, *udev_device_monitor, *udev_vcsa_monitor, *udev_button_monitor;
+
+        sd_event_source *console_active_event_source;
+        sd_event_source *udev_seat_event_source;
+        sd_event_source *udev_device_event_source;
+        sd_event_source *udev_vcsa_event_source;
+        sd_event_source *udev_button_event_source;
+
+        int console_active_fd;
+
+        unsigned n_autovts;
+
+        unsigned reserve_vt;
+        int reserve_vt_fd;
+
+        Seat *seat0;
+
+        char **kill_only_users, **kill_exclude_users;
+        bool kill_user_processes;
+
+        unsigned long session_counter;
+        unsigned long inhibit_counter;
+
+        Hashmap *session_units;
+        Hashmap *user_units;
+
+        usec_t inhibit_delay_max;
+
+        /* If an action is currently being executed or is delayed,
+         * this is != 0 and encodes what is being done */
+        InhibitWhat action_what;
+
+        /* If a shutdown/suspend was delayed due to a inhibitor this
+           contains the unit name we are supposed to start after the
+           delay is over */
+        const char *action_unit;
+
+        /* If a shutdown/suspend is currently executed, then this is
+         * the job of it */
+        char *action_job;
+        sd_event_source *inhibit_timeout_source;
+
+        char *scheduled_shutdown_type;
+        usec_t scheduled_shutdown_timeout;
+        sd_event_source *scheduled_shutdown_timeout_source;
+        uid_t scheduled_shutdown_uid;
+        char *scheduled_shutdown_tty;
+        sd_event_source *nologin_timeout_source;
+        bool unlink_nologin;
+
+        char *wall_message;
+        unsigned enable_wall_messages;
+        sd_event_source *wall_message_timeout_source;
+
+        bool shutdown_dry_run;
+
+        sd_event_source *idle_action_event_source;
+        usec_t idle_action_usec;
+        usec_t idle_action_not_before_usec;
+        HandleAction idle_action;
+
+        HandleAction handle_power_key;
+        HandleAction handle_suspend_key;
+        HandleAction handle_hibernate_key;
+        HandleAction handle_lid_switch;
+        HandleAction handle_lid_switch_docked;
+
+        bool power_key_ignore_inhibited;
+        bool suspend_key_ignore_inhibited;
+        bool hibernate_key_ignore_inhibited;
+        bool lid_switch_ignore_inhibited;
+
+        bool remove_ipc;
+
+        Hashmap *polkit_registry;
+
+        usec_t holdoff_timeout_usec;
+        sd_event_source *lid_switch_ignore_event_source;
+
+        size_t runtime_dir_size;
+        uint64_t user_tasks_max;
+        uint64_t sessions_max;
+        uint64_t inhibitors_max;
+};
+
+int manager_add_device(Manager *m, const char *sysfs, bool master, Device **_device);
+int manager_add_button(Manager *m, const char *name, Button **_button);
+int manager_add_seat(Manager *m, const char *id, Seat **_seat);
+int manager_add_session(Manager *m, const char *id, Session **_session);
+int manager_add_user(Manager *m, uid_t uid, gid_t gid, const char *name, User **_user);
+int manager_add_user_by_name(Manager *m, const char *name, User **_user);
+int manager_add_user_by_uid(Manager *m, uid_t uid, User **_user);
+int manager_add_inhibitor(Manager *m, const char* id, Inhibitor **_inhibitor);
+
+int manager_process_seat_device(Manager *m, struct udev_device *d);
+int manager_process_button_device(Manager *m, struct udev_device *d);
+
+int manager_spawn_autovt(Manager *m, unsigned int vtnr);
+
+bool manager_shall_kill(Manager *m, const char *user);
+
+int manager_get_idle_hint(Manager *m, dual_timestamp *t);
+
+int manager_get_user_by_pid(Manager *m, pid_t pid, User **user);
+int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session);
+
+bool manager_is_docked_or_external_displays(Manager *m);
+
+extern const sd_bus_vtable manager_vtable[];
+
+int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int match_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+
+int bus_manager_shutdown_or_sleep_now_or_later(Manager *m, const char *unit_name, InhibitWhat w, sd_bus_error *error);
+
+int manager_send_changed(Manager *manager, const char *property, ...) _sentinel_;
+
+int manager_start_slice(Manager *manager, const char *slice, const char *description, const char *after, const char *after2, uint64_t tasks_max, sd_bus_error *error, char **job);
+int manager_start_scope(Manager *manager, const char *scope, pid_t pid, const char *slice, const char *description, const char *after, const char *after2, uint64_t tasks_max, sd_bus_error *error, char **job);
+int manager_start_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job);
+int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job);
+int manager_abandon_scope(Manager *manager, const char *scope, sd_bus_error *error);
+int manager_kill_unit(Manager *manager, const char *unit, KillWho who, int signo, sd_bus_error *error);
+int manager_unit_is_active(Manager *manager, const char *unit);
+int manager_job_is_active(Manager *manager, const char *path);
+
+/* gperf lookup function */
+const struct ConfigPerfItem* logind_gperf_lookup(const char *key, unsigned length);
+
+int manager_set_lid_switch_ignore(Manager *m, usec_t until);
+
+int config_parse_tmpfs_size(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+int manager_get_session_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Session **ret);
+int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret);
+int manager_get_seat_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Seat **ret);
+
+int manager_setup_wall_message_timer(Manager *m);
+bool logind_wall_tty_filter(const char *tty, void *userdata);
+
+int manager_dispatch_delayed(Manager *manager, bool timeout);
diff --git a/src/login/systemd-user.m4 b/src/grp-login/systemd-user.m4
index f188a8e548..f188a8e548 100644
--- a/src/login/systemd-user.m4
+++ b/src/grp-login/systemd-user.m4
diff --git a/src/grp-login/test-inhibit.c b/src/grp-login/test-inhibit.c
new file mode 100644
index 0000000000..be7145b4bc
--- /dev/null
+++ b/src/grp-login/test-inhibit.c
@@ -0,0 +1,112 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-util.h"
+#include "fd-util.h"
+#include "macro.h"
+#include "util.h"
+
+static int inhibit(sd_bus *bus, const char *what) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *who = "Test Tool", *reason = "Just because!", *mode = "block";
+        int fd;
+        int r;
+
+        r = sd_bus_call_method(bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "Inhibit",
+                        &error,
+                        &reply,
+                        "ssss", what, who, reason, mode);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_UNIX_FD, &fd);
+        assert_se(r >= 0);
+        assert_se(fd >= 0);
+
+        return dup(fd);
+}
+
+static void print_inhibitors(sd_bus *bus) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *what, *who, *why, *mode;
+        uint32_t uid, pid;
+        unsigned n = 0;
+        int r;
+
+        r = sd_bus_call_method(bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "ListInhibitors",
+                        &error,
+                        &reply,
+                        "");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssuu)");
+        assert_se(r >= 0);
+
+        while ((r = sd_bus_message_read(reply, "(ssssuu)", &what, &who, &why, &mode, &uid, &pid)) > 0) {
+                printf("what=<%s> who=<%s> why=<%s> mode=<%s> uid=<%"PRIu32"> pid=<%"PRIu32">\n",
+                       what, who, why, mode, uid, pid);
+
+                n++;
+        }
+        assert_se(r >= 0);
+
+        printf("%u inhibitors\n", n);
+}
+
+int main(int argc, char*argv[]) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        int fd1, fd2;
+        int r;
+
+        r = sd_bus_open_system(&bus);
+        assert_se(r >= 0);
+
+        print_inhibitors(bus);
+
+        fd1 = inhibit(bus, "sleep");
+        assert_se(fd1 >= 0);
+        print_inhibitors(bus);
+
+        fd2 = inhibit(bus, "idle:shutdown");
+        assert_se(fd2 >= 0);
+        print_inhibitors(bus);
+
+        safe_close(fd1);
+        sleep(1);
+        print_inhibitors(bus);
+
+        safe_close(fd2);
+        sleep(1);
+        print_inhibitors(bus);
+
+        return 0;
+}
diff --git a/src/login/test-login-shared.c b/src/grp-login/test-login-shared.c
index 3d233f017c..3d233f017c 100644
--- a/src/login/test-login-shared.c
+++ b/src/grp-login/test-login-shared.c
diff --git a/src/login/test-login-tables.c b/src/grp-login/test-login-tables.c
index 4fbc893a9a..4fbc893a9a 100644
--- a/src/login/test-login-tables.c
+++ b/src/grp-login/test-login-tables.c
diff --git a/src/grp-machine/Makefile b/src/grp-machine/Makefile
new file mode 100644
index 0000000000..7412341233
--- /dev/null
+++ b/src/grp-machine/Makefile
@@ -0,0 +1,29 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += machinectl systemd-machined
+at.subdirs += nss-mymachines
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/machine/.gitignore b/src/grp-machine/libmachine-core/.gitignore
index e1065b5894..e1065b5894 100644
--- a/src/machine/.gitignore
+++ b/src/grp-machine/libmachine-core/.gitignore
diff --git a/src/grp-machine/libmachine-core/Makefile b/src/grp-machine/libmachine-core/Makefile
new file mode 100644
index 0000000000..3881224746
--- /dev/null
+++ b/src/grp-machine/libmachine-core/Makefile
@@ -0,0 +1,52 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+libmachine_core_la_SOURCES = \
+	src/machine/machine.c \
+	src/machine/machine.h \
+	src/machine/machined-dbus.c \
+	src/machine/machine-dbus.c \
+	src/machine/machine-dbus.h \
+	src/machine/image-dbus.c \
+	src/machine/image-dbus.h \
+	src/machine/operation.c \
+	src/machine/operation.h
+
+libmachine_core_la_LIBADD = \
+	libshared.la
+
+noinst_LTLIBRARIES += \
+	libmachine-core.la
+
+test_machine_tables_SOURCES = \
+	src/machine/test-machine-tables.c
+
+test_machine_tables_LDADD = \
+	libmachine-core.la
+
+tests += \
+	test-machine-tables
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/machine/image-dbus.c b/src/grp-machine/libmachine-core/image-dbus.c
index 0eed9b81bb..0eed9b81bb 100644
--- a/src/machine/image-dbus.c
+++ b/src/grp-machine/libmachine-core/image-dbus.c
diff --git a/src/machine/image-dbus.h b/src/grp-machine/libmachine-core/image-dbus.h
index b62da996c6..b62da996c6 100644
--- a/src/machine/image-dbus.h
+++ b/src/grp-machine/libmachine-core/image-dbus.h
diff --git a/src/machine/machine-dbus.c b/src/grp-machine/libmachine-core/machine-dbus.c
index 7b9aa66d63..7b9aa66d63 100644
--- a/src/machine/machine-dbus.c
+++ b/src/grp-machine/libmachine-core/machine-dbus.c
diff --git a/src/grp-machine/libmachine-core/machine-dbus.h b/src/grp-machine/libmachine-core/machine-dbus.h
new file mode 100644
index 0000000000..d3faf5cb07
--- /dev/null
+++ b/src/grp-machine/libmachine-core/machine-dbus.h
@@ -0,0 +1,44 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "machine.h"
+
+extern const sd_bus_vtable machine_vtable[];
+
+char *machine_bus_path(Machine *s);
+int machine_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
+int machine_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
+
+int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_get_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_open_pty(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_open_login(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_machine_method_open_root_directory(sd_bus_message *message, void *userdata, sd_bus_error *error);
+
+int machine_send_signal(Machine *m, bool new_machine);
+int machine_send_create_reply(Machine *m, sd_bus_error *error);
diff --git a/src/grp-machine/libmachine-core/machine.c b/src/grp-machine/libmachine-core/machine.c
new file mode 100644
index 0000000000..135f47dafc
--- /dev/null
+++ b/src/grp-machine/libmachine-core/machine.c
@@ -0,0 +1,630 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "escape.h"
+#include "extract-word.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "hashmap.h"
+#include "machine-dbus.h"
+#include "machine.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "special.h"
+#include "string-table.h"
+#include "terminal-util.h"
+#include "unit-name.h"
+#include "util.h"
+
+Machine* machine_new(Manager *manager, MachineClass class, const char *name) {
+        Machine *m;
+
+        assert(manager);
+        assert(class < _MACHINE_CLASS_MAX);
+        assert(name);
+
+        /* Passing class == _MACHINE_CLASS_INVALID here is fine. It
+         * means as much as "we don't know yet", and that we'll figure
+         * it out later when loading the state file. */
+
+        m = new0(Machine, 1);
+        if (!m)
+                return NULL;
+
+        m->name = strdup(name);
+        if (!m->name)
+                goto fail;
+
+        if (class != MACHINE_HOST) {
+                m->state_file = strappend("/run/systemd/machines/", m->name);
+                if (!m->state_file)
+                        goto fail;
+        }
+
+        m->class = class;
+
+        if (hashmap_put(manager->machines, m->name, m) < 0)
+                goto fail;
+
+        m->manager = manager;
+
+        return m;
+
+fail:
+        free(m->state_file);
+        free(m->name);
+        free(m);
+
+        return NULL;
+}
+
+void machine_free(Machine *m) {
+        assert(m);
+
+        while (m->operations)
+                operation_free(m->operations);
+
+        if (m->in_gc_queue)
+                LIST_REMOVE(gc_queue, m->manager->machine_gc_queue, m);
+
+        machine_release_unit(m);
+
+        free(m->scope_job);
+
+        (void) hashmap_remove(m->manager->machines, m->name);
+
+        if (m->manager->host_machine == m)
+                m->manager->host_machine = NULL;
+
+        if (m->leader > 0)
+                (void) hashmap_remove_value(m->manager->machine_leaders, PID_TO_PTR(m->leader), m);
+
+        sd_bus_message_unref(m->create_message);
+
+        free(m->name);
+        free(m->state_file);
+        free(m->service);
+        free(m->root_directory);
+        free(m->netif);
+        free(m);
+}
+
+int machine_save(Machine *m) {
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(m);
+
+        if (!m->state_file)
+                return 0;
+
+        if (!m->started)
+                return 0;
+
+        r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0);
+        if (r < 0)
+                goto fail;
+
+        r = fopen_temporary(m->state_file, &f, &temp_path);
+        if (r < 0)
+                goto fail;
+
+        (void) fchmod(fileno(f), 0644);
+
+        fprintf(f,
+                "# This is private data. Do not parse.\n"
+                "NAME=%s\n",
+                m->name);
+
+        if (m->unit) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(m->unit);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                fprintf(f, "SCOPE=%s\n", escaped); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */
+        }
+
+        if (m->scope_job)
+                fprintf(f, "SCOPE_JOB=%s\n", m->scope_job);
+
+        if (m->service) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(m->service);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+                fprintf(f, "SERVICE=%s\n", escaped);
+        }
+
+        if (m->root_directory) {
+                _cleanup_free_ char *escaped;
+
+                escaped = cescape(m->root_directory);
+                if (!escaped) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+                fprintf(f, "ROOT=%s\n", escaped);
+        }
+
+        if (!sd_id128_equal(m->id, SD_ID128_NULL))
+                fprintf(f, "ID=" SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->id));
+
+        if (m->leader != 0)
+                fprintf(f, "LEADER="PID_FMT"\n", m->leader);
+
+        if (m->class != _MACHINE_CLASS_INVALID)
+                fprintf(f, "CLASS=%s\n", machine_class_to_string(m->class));
+
+        if (dual_timestamp_is_set(&m->timestamp))
+                fprintf(f,
+                        "REALTIME="USEC_FMT"\n"
+                        "MONOTONIC="USEC_FMT"\n",
+                        m->timestamp.realtime,
+                        m->timestamp.monotonic);
+
+        if (m->n_netif > 0) {
+                unsigned i;
+
+                fputs("NETIF=", f);
+
+                for (i = 0; i < m->n_netif; i++) {
+                        if (i != 0)
+                                fputc(' ', f);
+
+                        fprintf(f, "%i", m->netif[i]);
+                }
+
+                fputc('\n', f);
+        }
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, m->state_file) < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        if (m->unit) {
+                char *sl;
+
+                /* Create a symlink from the unit name to the machine
+                 * name, so that we can quickly find the machine for
+                 * each given unit. Ignore error. */
+                sl = strjoina("/run/systemd/machines/unit:", m->unit);
+                (void) symlink(m->name, sl);
+        }
+
+        return 0;
+
+fail:
+        (void) unlink(m->state_file);
+
+        if (temp_path)
+                (void) unlink(temp_path);
+
+        return log_error_errno(r, "Failed to save machine data %s: %m", m->state_file);
+}
+
+static void machine_unlink(Machine *m) {
+        assert(m);
+
+        if (m->unit) {
+
+                char *sl;
+
+                sl = strjoina("/run/systemd/machines/unit:", m->unit);
+                (void) unlink(sl);
+        }
+
+        if (m->state_file)
+                (void) unlink(m->state_file);
+}
+
+int machine_load(Machine *m) {
+        _cleanup_free_ char *realtime = NULL, *monotonic = NULL, *id = NULL, *leader = NULL, *class = NULL, *netif = NULL;
+        int r;
+
+        assert(m);
+
+        if (!m->state_file)
+                return 0;
+
+        r = parse_env_file(m->state_file, NEWLINE,
+                           "SCOPE",     &m->unit,
+                           "SCOPE_JOB", &m->scope_job,
+                           "SERVICE",   &m->service,
+                           "ROOT",      &m->root_directory,
+                           "ID",        &id,
+                           "LEADER",    &leader,
+                           "CLASS",     &class,
+                           "REALTIME",  &realtime,
+                           "MONOTONIC", &monotonic,
+                           "NETIF",     &netif,
+                           NULL);
+        if (r < 0) {
+                if (r == -ENOENT)
+                        return 0;
+
+                return log_error_errno(r, "Failed to read %s: %m", m->state_file);
+        }
+
+        if (id)
+                sd_id128_from_string(id, &m->id);
+
+        if (leader)
+                parse_pid(leader, &m->leader);
+
+        if (class) {
+                MachineClass c;
+
+                c = machine_class_from_string(class);
+                if (c >= 0)
+                        m->class = c;
+        }
+
+        if (realtime)
+                timestamp_deserialize(realtime, &m->timestamp.realtime);
+        if (monotonic)
+                timestamp_deserialize(monotonic, &m->timestamp.monotonic);
+
+        if (netif) {
+                size_t allocated = 0, nr = 0;
+                const char *p;
+                int *ni = NULL;
+
+                p = netif;
+                for (;;) {
+                        _cleanup_free_ char *word = NULL;
+                        int ifi;
+
+                        r = extract_first_word(&p, &word, NULL, 0);
+                        if (r == 0)
+                                break;
+                        if (r == -ENOMEM)
+                                return log_oom();
+                        if (r < 0) {
+                                log_warning_errno(r, "Failed to parse NETIF: %s", netif);
+                                break;
+                        }
+
+                        if (parse_ifindex(word, &ifi) < 0)
+                                continue;
+
+                        if (!GREEDY_REALLOC(ni, allocated, nr+1)) {
+                                free(ni);
+                                return log_oom();
+                        }
+
+                        ni[nr++] = ifi;
+                }
+
+                free(m->netif);
+                m->netif = ni;
+                m->n_netif = nr;
+        }
+
+        return r;
+}
+
+static int machine_start_scope(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
+        int r = 0;
+
+        assert(m);
+        assert(m->class != MACHINE_HOST);
+
+        if (!m->unit) {
+                _cleanup_free_ char *escaped = NULL;
+                char *scope, *description, *job = NULL;
+
+                escaped = unit_name_escape(m->name);
+                if (!escaped)
+                        return log_oom();
+
+                scope = strjoin("machine-", escaped, ".scope", NULL);
+                if (!scope)
+                        return log_oom();
+
+                description = strjoina(m->class == MACHINE_VM ? "Virtual Machine " : "Container ", m->name);
+
+                r = manager_start_scope(m->manager, scope, m->leader, SPECIAL_MACHINE_SLICE, description, properties, error, &job);
+                if (r < 0) {
+                        log_error("Failed to start machine scope: %s", bus_error_message(error, r));
+                        free(scope);
+                        return r;
+                } else {
+                        m->unit = scope;
+
+                        free(m->scope_job);
+                        m->scope_job = job;
+                }
+        }
+
+        if (m->unit)
+                hashmap_put(m->manager->machine_units, m->unit, m);
+
+        return r;
+}
+
+int machine_start(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
+        int r;
+
+        assert(m);
+
+        if (!IN_SET(m->class, MACHINE_CONTAINER, MACHINE_VM))
+                return -EOPNOTSUPP;
+
+        if (m->started)
+                return 0;
+
+        r = hashmap_put(m->manager->machine_leaders, PID_TO_PTR(m->leader), m);
+        if (r < 0)
+                return r;
+
+        /* Create cgroup */
+        r = machine_start_scope(m, properties, error);
+        if (r < 0)
+                return r;
+
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_MACHINE_START),
+                   "NAME=%s", m->name,
+                   "LEADER="PID_FMT, m->leader,
+                   LOG_MESSAGE("New machine %s.", m->name),
+                   NULL);
+
+        if (!dual_timestamp_is_set(&m->timestamp))
+                dual_timestamp_get(&m->timestamp);
+
+        m->started = true;
+
+        /* Save new machine data */
+        machine_save(m);
+
+        machine_send_signal(m, true);
+
+        return 0;
+}
+
+static int machine_stop_scope(Machine *m) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char *job = NULL;
+        int r;
+
+        assert(m);
+        assert(m->class != MACHINE_HOST);
+
+        if (!m->unit)
+                return 0;
+
+        r = manager_stop_unit(m->manager, m->unit, &error, &job);
+        if (r < 0) {
+                log_error("Failed to stop machine scope: %s", bus_error_message(&error, r));
+                return r;
+        }
+
+        free(m->scope_job);
+        m->scope_job = job;
+
+        return 0;
+}
+
+int machine_stop(Machine *m) {
+        int r;
+        assert(m);
+
+        if (!IN_SET(m->class, MACHINE_CONTAINER, MACHINE_VM))
+                return -EOPNOTSUPP;
+
+        r = machine_stop_scope(m);
+
+        m->stopping = true;
+
+        machine_save(m);
+
+        return r;
+}
+
+int machine_finalize(Machine *m) {
+        assert(m);
+
+        if (m->started)
+                log_struct(LOG_INFO,
+                           LOG_MESSAGE_ID(SD_MESSAGE_MACHINE_STOP),
+                           "NAME=%s", m->name,
+                           "LEADER="PID_FMT, m->leader,
+                           LOG_MESSAGE("Machine %s terminated.", m->name),
+                           NULL);
+
+        machine_unlink(m);
+        machine_add_to_gc_queue(m);
+
+        if (m->started) {
+                machine_send_signal(m, false);
+                m->started = false;
+        }
+
+        return 0;
+}
+
+bool machine_check_gc(Machine *m, bool drop_not_started) {
+        assert(m);
+
+        if (m->class == MACHINE_HOST)
+                return true;
+
+        if (drop_not_started && !m->started)
+                return false;
+
+        if (m->scope_job && manager_job_is_active(m->manager, m->scope_job))
+                return true;
+
+        if (m->unit && manager_unit_is_active(m->manager, m->unit))
+                return true;
+
+        return false;
+}
+
+void machine_add_to_gc_queue(Machine *m) {
+        assert(m);
+
+        if (m->in_gc_queue)
+                return;
+
+        LIST_PREPEND(gc_queue, m->manager->machine_gc_queue, m);
+        m->in_gc_queue = true;
+}
+
+MachineState machine_get_state(Machine *s) {
+        assert(s);
+
+        if (s->class == MACHINE_HOST)
+                return MACHINE_RUNNING;
+
+        if (s->stopping)
+                return MACHINE_CLOSING;
+
+        if (s->scope_job)
+                return MACHINE_OPENING;
+
+        return MACHINE_RUNNING;
+}
+
+int machine_kill(Machine *m, KillWho who, int signo) {
+        assert(m);
+
+        if (!IN_SET(m->class, MACHINE_VM, MACHINE_CONTAINER))
+                return -EOPNOTSUPP;
+
+        if (!m->unit)
+                return -ESRCH;
+
+        if (who == KILL_LEADER) {
+                /* If we shall simply kill the leader, do so directly */
+
+                if (kill(m->leader, signo) < 0)
+                        return -errno;
+
+                return 0;
+        }
+
+        /* Otherwise, make PID 1 do it for us, for the entire cgroup */
+        return manager_kill_unit(m->manager, m->unit, signo, NULL);
+}
+
+int machine_openpt(Machine *m, int flags) {
+        assert(m);
+
+        switch (m->class) {
+
+        case MACHINE_HOST: {
+                int fd;
+
+                fd = posix_openpt(flags);
+                if (fd < 0)
+                        return -errno;
+
+                if (unlockpt(fd) < 0)
+                        return -errno;
+
+                return fd;
+        }
+
+        case MACHINE_CONTAINER:
+                if (m->leader <= 0)
+                        return -EINVAL;
+
+                return openpt_in_namespace(m->leader, flags);
+
+        default:
+                return -EOPNOTSUPP;
+        }
+}
+
+int machine_open_terminal(Machine *m, const char *path, int mode) {
+        assert(m);
+
+        switch (m->class) {
+
+        case MACHINE_HOST:
+                return open_terminal(path, mode);
+
+        case MACHINE_CONTAINER:
+                if (m->leader <= 0)
+                        return -EINVAL;
+
+                return open_terminal_in_namespace(m->leader, path, mode);
+
+        default:
+                return -EOPNOTSUPP;
+        }
+}
+
+void machine_release_unit(Machine *m) {
+        assert(m);
+
+        if (!m->unit)
+                return;
+
+        (void) hashmap_remove(m->manager->machine_units, m->unit);
+        m->unit = mfree(m->unit);
+}
+
+static const char* const machine_class_table[_MACHINE_CLASS_MAX] = {
+        [MACHINE_CONTAINER] = "container",
+        [MACHINE_VM] = "vm",
+        [MACHINE_HOST] = "host",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(machine_class, MachineClass);
+
+static const char* const machine_state_table[_MACHINE_STATE_MAX] = {
+        [MACHINE_OPENING] = "opening",
+        [MACHINE_RUNNING] = "running",
+        [MACHINE_CLOSING] = "closing"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(machine_state, MachineState);
+
+static const char* const kill_who_table[_KILL_WHO_MAX] = {
+        [KILL_LEADER] = "leader",
+        [KILL_ALL] = "all"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);
diff --git a/src/machine/machine.h b/src/grp-machine/libmachine-core/machine.h
index e5d75361a9..e5d75361a9 100644
--- a/src/machine/machine.h
+++ b/src/grp-machine/libmachine-core/machine.h
diff --git a/src/grp-machine/libmachine-core/machined-dbus.c b/src/grp-machine/libmachine-core/machined-dbus.c
new file mode 100644
index 0000000000..41f138882b
--- /dev/null
+++ b/src/grp-machine/libmachine-core/machined-dbus.c
@@ -0,0 +1,1660 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "bus-common-errors.h"
+#include "bus-util.h"
+#include "cgroup-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "hostname-util.h"
+#include "image-dbus.h"
+#include "io-util.h"
+#include "machine-dbus.h"
+#include "machine-image.h"
+#include "machine-pool.h"
+#include "machined.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "stdio-util.h"
+#include "strv.h"
+#include "unit-name.h"
+#include "user-util.h"
+
+static int property_get_pool_path(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        assert(bus);
+        assert(reply);
+
+        return sd_bus_message_append(reply, "s", "/var/lib/machines");
+}
+
+static int property_get_pool_usage(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        _cleanup_close_ int fd = -1;
+        uint64_t usage = (uint64_t) -1;
+        struct stat st;
+
+        assert(bus);
+        assert(reply);
+
+        /* We try to read the quota info from /var/lib/machines, as
+         * well as the usage of the loopback file
+         * /var/lib/machines.raw, and pick the larger value. */
+
+        fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY);
+        if (fd >= 0) {
+                BtrfsQuotaInfo q;
+
+                if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0)
+                        usage = q.referenced;
+        }
+
+        if (stat("/var/lib/machines.raw", &st) >= 0) {
+                if (usage == (uint64_t) -1 || st.st_blocks * 512ULL > usage)
+                        usage = st.st_blocks * 512ULL;
+        }
+
+        return sd_bus_message_append(reply, "t", usage);
+}
+
+static int property_get_pool_limit(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        _cleanup_close_ int fd = -1;
+        uint64_t size = (uint64_t) -1;
+        struct stat st;
+
+        assert(bus);
+        assert(reply);
+
+        /* We try to read the quota limit from /var/lib/machines, as
+         * well as the size of the loopback file
+         * /var/lib/machines.raw, and pick the smaller value. */
+
+        fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY);
+        if (fd >= 0) {
+                BtrfsQuotaInfo q;
+
+                if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0)
+                        size = q.referenced_max;
+        }
+
+        if (stat("/var/lib/machines.raw", &st) >= 0) {
+                if (size == (uint64_t) -1 || (uint64_t) st.st_size < size)
+                        size = st.st_size;
+        }
+
+        return sd_bus_message_append(reply, "t", size);
+}
+
+static int method_get_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        p = machine_bus_path(machine);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_get_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Manager *m = userdata;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        r = image_find(name, NULL);
+        if (r == 0)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
+        if (r < 0)
+                return r;
+
+        p = image_bus_path(name);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_get_machine_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *p = NULL;
+        Manager *m = userdata;
+        Machine *machine = NULL;
+        pid_t pid;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
+
+        r = sd_bus_message_read(message, "u", &pid);
+        if (r < 0)
+                return r;
+
+        if (pid < 0)
+                return -EINVAL;
+
+        if (pid == 0) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_creds_get_pid(creds, &pid);
+                if (r < 0)
+                        return r;
+        }
+
+        r = manager_get_machine_by_pid(m, pid, &machine);
+        if (r < 0)
+                return r;
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_MACHINE_FOR_PID, "PID "PID_FMT" does not belong to any known machine", pid);
+
+        p = machine_bus_path(machine);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", p);
+}
+
+static int method_list_machines(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        Manager *m = userdata;
+        Machine *machine;
+        Iterator i;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        r = sd_bus_message_open_container(reply, 'a', "(ssso)");
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        HASHMAP_FOREACH(machine, m->machines, i) {
+                _cleanup_free_ char *p = NULL;
+
+                p = machine_bus_path(machine);
+                if (!p)
+                        return -ENOMEM;
+
+                r = sd_bus_message_append(reply, "(ssso)",
+                                          machine->name,
+                                          strempty(machine_class_to_string(machine->class)),
+                                          machine->service,
+                                          p);
+                if (r < 0)
+                        return sd_bus_error_set_errno(error, r);
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_create_or_register_machine(Manager *manager, sd_bus_message *message, bool read_network, Machine **_m, sd_bus_error *error) {
+        const char *name, *service, *class, *root_directory;
+        const int32_t *netif = NULL;
+        MachineClass c;
+        uint32_t leader;
+        sd_id128_t id;
+        const void *v;
+        Machine *m;
+        size_t n, n_netif = 0;
+        int r;
+
+        assert(manager);
+        assert(message);
+        assert(_m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+        if (!machine_name_is_valid(name))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name");
+
+        r = sd_bus_message_read_array(message, 'y', &v, &n);
+        if (r < 0)
+                return r;
+        if (n == 0)
+                id = SD_ID128_NULL;
+        else if (n == 16)
+                memcpy(&id, v, n);
+        else
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter");
+
+        r = sd_bus_message_read(message, "ssus", &service, &class, &leader, &root_directory);
+        if (r < 0)
+                return r;
+
+        if (read_network) {
+                size_t i;
+
+                r = sd_bus_message_read_array(message, 'i', (const void**) &netif, &n_netif);
+                if (r < 0)
+                        return r;
+
+                n_netif /= sizeof(int32_t);
+
+                for (i = 0; i < n_netif; i++) {
+                        if (netif[i] <= 0)
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid network interface index %i", netif[i]);
+                }
+        }
+
+        if (isempty(class))
+                c = _MACHINE_CLASS_INVALID;
+        else {
+                c = machine_class_from_string(class);
+                if (c < 0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter");
+        }
+
+        if (leader == 1)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
+
+        if (!isempty(root_directory) && !path_is_absolute(root_directory))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path");
+
+        if (leader == 0) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
+                if (r < 0)
+                        return r;
+
+                assert_cc(sizeof(uint32_t) == sizeof(pid_t));
+
+                r = sd_bus_creds_get_pid(creds, (pid_t*) &leader);
+                if (r < 0)
+                        return r;
+        }
+
+        if (hashmap_get(manager->machines, name))
+                return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name);
+
+        r = manager_add_machine(manager, name, &m);
+        if (r < 0)
+                return r;
+
+        m->leader = leader;
+        m->class = c;
+        m->id = id;
+
+        if (!isempty(service)) {
+                m->service = strdup(service);
+                if (!m->service) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (!isempty(root_directory)) {
+                m->root_directory = strdup(root_directory);
+                if (!m->root_directory) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (n_netif > 0) {
+                assert_cc(sizeof(int32_t) == sizeof(int));
+                m->netif = memdup(netif, sizeof(int32_t) * n_netif);
+                if (!m->netif) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                m->n_netif = n_netif;
+        }
+
+        *_m = m;
+
+        return 1;
+
+fail:
+        machine_add_to_gc_queue(m);
+        return r;
+}
+
+static int method_create_machine_internal(sd_bus_message *message, bool read_network, void *userdata, sd_bus_error *error) {
+        Manager *manager = userdata;
+        Machine *m = NULL;
+        int r;
+
+        assert(message);
+        assert(manager);
+
+        r = method_create_or_register_machine(manager, message, read_network, &m, error);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_enter_container(message, 'a', "(sv)");
+        if (r < 0)
+                goto fail;
+
+        r = machine_start(m, message, error);
+        if (r < 0)
+                goto fail;
+
+        m->create_message = sd_bus_message_ref(message);
+        return 1;
+
+fail:
+        machine_add_to_gc_queue(m);
+        return r;
+}
+
+static int method_create_machine_with_network(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return method_create_machine_internal(message, true, userdata, error);
+}
+
+static int method_create_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return method_create_machine_internal(message, false, userdata, error);
+}
+
+static int method_register_machine_internal(sd_bus_message *message, bool read_network, void *userdata, sd_bus_error *error) {
+        Manager *manager = userdata;
+        _cleanup_free_ char *p = NULL;
+        Machine *m = NULL;
+        int r;
+
+        assert(message);
+        assert(manager);
+
+        r = method_create_or_register_machine(manager, message, read_network, &m, error);
+        if (r < 0)
+                return r;
+
+        r = cg_pid_get_unit(m->leader, &m->unit);
+        if (r < 0) {
+                r = sd_bus_error_set_errnof(error, r, "Failed to determine unit of process "PID_FMT" : %s", m->leader, strerror(-r));
+                goto fail;
+        }
+
+        r = machine_start(m, NULL, error);
+        if (r < 0)
+                goto fail;
+
+        p = machine_bus_path(m);
+        if (!p) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        return sd_bus_reply_method_return(message, "o", p);
+
+fail:
+        machine_add_to_gc_queue(m);
+        return r;
+}
+
+static int method_register_machine_with_network(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return method_register_machine_internal(message, true, userdata, error);
+}
+
+static int method_register_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return method_register_machine_internal(message, false, userdata, error);
+}
+
+static int method_terminate_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_terminate(message, machine, error);
+}
+
+static int method_kill_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_kill(message, machine, error);
+}
+
+static int method_get_machine_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_get_addresses(message, machine, error);
+}
+
+static int method_get_machine_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_get_os_release(message, machine, error);
+}
+
+static int method_list_images(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(image_hashmap_freep) Hashmap *images = NULL;
+        Manager *m = userdata;
+        Image *image;
+        Iterator i;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        images = hashmap_new(&string_hash_ops);
+        if (!images)
+                return -ENOMEM;
+
+        r = image_discover(images);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(ssbttto)");
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH(image, images, i) {
+                _cleanup_free_ char *p = NULL;
+
+                p = image_bus_path(image->name);
+                if (!p)
+                        return -ENOMEM;
+
+                r = sd_bus_message_append(reply, "(ssbttto)",
+                                          image->name,
+                                          image_type_to_string(image->type),
+                                          image->read_only,
+                                          image->crtime,
+                                          image->mtime,
+                                          image->usage,
+                                          p);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_open_machine_pty(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_open_pty(message, machine, error);
+}
+
+static int method_open_machine_login(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_open_login(message, machine, error);
+}
+
+static int method_open_machine_shell(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_open_shell(message, machine, error);
+}
+
+static int method_bind_mount_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_bind_mount(message, machine, error);
+}
+
+static int method_copy_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_copy(message, machine, error);
+}
+
+static int method_open_machine_root_directory(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        const char *name;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        return bus_machine_method_open_root_directory(message, machine, error);
+}
+
+static int method_remove_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(image_unrefp) Image* i = NULL;
+        const char *name;
+        int r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        if (!image_name_is_valid(name))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name);
+
+        r = image_find(name, &i);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
+
+        i->userdata = userdata;
+        return bus_image_method_remove(message, i, error);
+}
+
+static int method_rename_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(image_unrefp) Image* i = NULL;
+        const char *old_name;
+        int r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "s", &old_name);
+        if (r < 0)
+                return r;
+
+        if (!image_name_is_valid(old_name))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", old_name);
+
+        r = image_find(old_name, &i);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", old_name);
+
+        i->userdata = userdata;
+        return bus_image_method_rename(message, i, error);
+}
+
+static int method_clone_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(image_unrefp) Image *i = NULL;
+        const char *old_name;
+        int r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "s", &old_name);
+        if (r < 0)
+                return r;
+
+        if (!image_name_is_valid(old_name))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", old_name);
+
+        r = image_find(old_name, &i);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", old_name);
+
+        i->userdata = userdata;
+        return bus_image_method_clone(message, i, error);
+}
+
+static int method_mark_image_read_only(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(image_unrefp) Image *i = NULL;
+        const char *name;
+        int r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        if (!image_name_is_valid(name))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name);
+
+        r = image_find(name, &i);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
+
+        i->userdata = userdata;
+        return bus_image_method_mark_read_only(message, i, error);
+}
+
+static int method_clean_pool(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        enum {
+                REMOVE_ALL,
+                REMOVE_HIDDEN,
+        } mode;
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(image_hashmap_freep) Hashmap *images = NULL;
+        Manager *m = userdata;
+        Image *image;
+        const char *mm;
+        Iterator i;
+        int r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "s", &mm);
+        if (r < 0)
+                return r;
+
+        if (streq(mm, "all"))
+                mode = REMOVE_ALL;
+        else if (streq(mm, "hidden"))
+                mode = REMOVE_HIDDEN;
+        else
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown mode '%s'.", mm);
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.machine1.manage-machines",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        images = hashmap_new(&string_hash_ops);
+        if (!images)
+                return -ENOMEM;
+
+        r = image_discover(images);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(st)");
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH(image, images, i) {
+
+                /* We can't remove vendor images (i.e. those in /usr) */
+                if (IMAGE_IS_VENDOR(image))
+                        continue;
+
+                if (IMAGE_IS_HOST(image))
+                        continue;
+
+                if (mode == REMOVE_HIDDEN && !IMAGE_IS_HIDDEN(image))
+                        continue;
+
+                r = image_remove(image);
+                if (r == -EBUSY) /* keep images that are currently being used. */
+                        continue;
+                if (r < 0)
+                        return sd_bus_error_set_errnof(error, r, "Failed to remove image %s: %m", image->name);
+
+                r = sd_bus_message_append(reply, "(st)", image->name, image->usage_exclusive);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+static int method_set_pool_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        uint64_t limit;
+        int r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "t", &limit);
+        if (r < 0)
+                return r;
+        if (!FILE_SIZE_VALID_OR_INFINITY(limit))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.machine1.manage-machines",
+                        NULL,
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        /* Set up the machine directory if necessary */
+        r = setup_machine_directory(limit, error);
+        if (r < 0)
+                return r;
+
+        /* Resize the backing loopback device, if there is one, except if we asked to drop any limit */
+        if (limit != (uint64_t) -1) {
+                r = btrfs_resize_loopback("/var/lib/machines", limit, false);
+                if (r == -ENOTTY)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs.");
+                if (r < 0 && r != -ENODEV) /* ignore ENODEV, as that's what is returned if the file system is not on loopback */
+                        return sd_bus_error_set_errnof(error, r, "Failed to adjust loopback limit: %m");
+        }
+
+        (void) btrfs_qgroup_set_limit("/var/lib/machines", 0, limit);
+
+        r = btrfs_subvol_set_subtree_quota_limit("/var/lib/machines", 0, limit);
+        if (r == -ENOTTY)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs.");
+        if (r < 0)
+                return sd_bus_error_set_errnof(error, r, "Failed to adjust quota limit: %m");
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+static int method_set_image_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(image_unrefp) Image *i = NULL;
+        const char *name;
+        int r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0)
+                return r;
+
+        if (!image_name_is_valid(name))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name);
+
+        r = image_find(name, &i);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
+
+        i->userdata = userdata;
+        return bus_image_method_set_limit(message, i, error);
+}
+
+static int method_map_from_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_fclose_ FILE *f = NULL;
+        Manager *m = userdata;
+        const char *name, *p;
+        Machine *machine;
+        uint32_t uid;
+        int r;
+
+        r = sd_bus_message_read(message, "su", &name, &uid);
+        if (r < 0)
+                return r;
+
+        if (!uid_is_valid(uid))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        if (machine->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
+        p = procfs_file_alloca(machine->leader, "uid_map");
+        f = fopen(p, "re");
+        if (!f)
+                return -errno;
+
+        for (;;) {
+                uid_t uid_base, uid_shift, uid_range, converted;
+                int k;
+
+                errno = 0;
+                k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT, &uid_base, &uid_shift, &uid_range);
+                if (k < 0 && feof(f))
+                        break;
+                if (k != 3) {
+                        if (ferror(f) && errno > 0)
+                                return -errno;
+
+                        return -EIO;
+                }
+
+                if (uid < uid_base || uid >= uid_base + uid_range)
+                        continue;
+
+                converted = uid - uid_base + uid_shift;
+                if (!uid_is_valid(converted))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
+
+                return sd_bus_reply_method_return(message, "u", (uint32_t) converted);
+        }
+
+        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "Machine '%s' has no matching user mappings.", name);
+}
+
+static int method_map_to_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        uid_t uid;
+        Iterator i;
+        int r;
+
+        r = sd_bus_message_read(message, "u", &uid);
+        if (r < 0)
+                return r;
+        if (!uid_is_valid(uid))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
+        if (uid < 0x10000)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "User " UID_FMT " belongs to host UID range", uid);
+
+        HASHMAP_FOREACH(machine, m->machines, i) {
+                _cleanup_fclose_ FILE *f = NULL;
+                char p[strlen("/proc//uid_map") + DECIMAL_STR_MAX(pid_t) + 1];
+
+                if (machine->class != MACHINE_CONTAINER)
+                        continue;
+
+                xsprintf(p, "/proc/" UID_FMT "/uid_map", machine->leader);
+                f = fopen(p, "re");
+                if (!f) {
+                        log_warning_errno(errno, "Failed top open %s, ignoring,", p);
+                        continue;
+                }
+
+                for (;;) {
+                        _cleanup_free_ char *o = NULL;
+                        uid_t uid_base, uid_shift, uid_range, converted;
+                        int k;
+
+                        errno = 0;
+                        k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT, &uid_base, &uid_shift, &uid_range);
+                        if (k < 0 && feof(f))
+                                break;
+                        if (k != 3) {
+                                if (ferror(f) && errno > 0)
+                                        return -errno;
+
+                                return -EIO;
+                        }
+
+                        if (uid < uid_shift || uid >= uid_shift + uid_range)
+                                continue;
+
+                        converted = (uid - uid_shift + uid_base);
+                        if (!uid_is_valid(converted))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
+
+                        o = machine_bus_path(machine);
+                        if (!o)
+                                return -ENOMEM;
+
+                        return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted);
+                }
+        }
+
+        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "No matching user mapping for " UID_FMT ".", uid);
+}
+
+static int method_map_from_machine_group(sd_bus_message *message, void *groupdata, sd_bus_error *error) {
+        _cleanup_fclose_ FILE *f = NULL;
+        Manager *m = groupdata;
+        const char *name, *p;
+        Machine *machine;
+        uint32_t gid;
+        int r;
+
+        r = sd_bus_message_read(message, "su", &name, &gid);
+        if (r < 0)
+                return r;
+
+        if (!gid_is_valid(gid))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+
+        if (machine->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
+        p = procfs_file_alloca(machine->leader, "gid_map");
+        f = fopen(p, "re");
+        if (!f)
+                return -errno;
+
+        for (;;) {
+                gid_t gid_base, gid_shift, gid_range, converted;
+                int k;
+
+                errno = 0;
+                k = fscanf(f, GID_FMT " " GID_FMT " " GID_FMT, &gid_base, &gid_shift, &gid_range);
+                if (k < 0 && feof(f))
+                        break;
+                if (k != 3) {
+                        if (ferror(f) && errno > 0)
+                                return -errno;
+
+                        return -EIO;
+                }
+
+                if (gid < gid_base || gid >= gid_base + gid_range)
+                        continue;
+
+                converted = gid - gid_base + gid_shift;
+                if (!gid_is_valid(converted))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
+
+                return sd_bus_reply_method_return(message, "u", (uint32_t) converted);
+        }
+
+        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "Machine '%s' has no matching group mappings.", name);
+}
+
+static int method_map_to_machine_group(sd_bus_message *message, void *groupdata, sd_bus_error *error) {
+        Manager *m = groupdata;
+        Machine *machine;
+        gid_t gid;
+        Iterator i;
+        int r;
+
+        r = sd_bus_message_read(message, "u", &gid);
+        if (r < 0)
+                return r;
+        if (!gid_is_valid(gid))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
+        if (gid < 0x10000)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "Group " GID_FMT " belongs to host GID range", gid);
+
+        HASHMAP_FOREACH(machine, m->machines, i) {
+                _cleanup_fclose_ FILE *f = NULL;
+                char p[strlen("/proc//gid_map") + DECIMAL_STR_MAX(pid_t) + 1];
+
+                if (machine->class != MACHINE_CONTAINER)
+                        continue;
+
+                xsprintf(p, "/proc/" GID_FMT "/gid_map", machine->leader);
+                f = fopen(p, "re");
+                if (!f) {
+                        log_warning_errno(errno, "Failed top open %s, ignoring,", p);
+                        continue;
+                }
+
+                for (;;) {
+                        _cleanup_free_ char *o = NULL;
+                        gid_t gid_base, gid_shift, gid_range, converted;
+                        int k;
+
+                        errno = 0;
+                        k = fscanf(f, GID_FMT " " GID_FMT " " GID_FMT, &gid_base, &gid_shift, &gid_range);
+                        if (k < 0 && feof(f))
+                                break;
+                        if (k != 3) {
+                                if (ferror(f) && errno > 0)
+                                        return -errno;
+
+                                return -EIO;
+                        }
+
+                        if (gid < gid_shift || gid >= gid_shift + gid_range)
+                                continue;
+
+                        converted = (gid - gid_shift + gid_base);
+                        if (!gid_is_valid(converted))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
+
+                        o = machine_bus_path(machine);
+                        if (!o)
+                                return -ENOMEM;
+
+                        return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted);
+                }
+        }
+
+        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "No matching group mapping for " GID_FMT ".", gid);
+}
+
+const sd_bus_vtable manager_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_PROPERTY("PoolPath", "s", property_get_pool_path, 0, 0),
+        SD_BUS_PROPERTY("PoolUsage", "t", property_get_pool_usage, 0, 0),
+        SD_BUS_PROPERTY("PoolLimit", "t", property_get_pool_limit, 0, 0),
+        SD_BUS_METHOD("GetMachine", "s", "o", method_get_machine, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetImage", "s", "o", method_get_image, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetMachineByPID", "u", "o", method_get_machine_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ListMachines", NULL, "a(ssso)", method_list_machines, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ListImages", NULL, "a(ssbttto)", method_list_images, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CreateMachine", "sayssusa(sv)", "o", method_create_machine, 0),
+        SD_BUS_METHOD("CreateMachineWithNetwork", "sayssusaia(sv)", "o", method_create_machine_with_network, 0),
+        SD_BUS_METHOD("RegisterMachine", "sayssus", "o", method_register_machine, 0),
+        SD_BUS_METHOD("RegisterMachineWithNetwork", "sayssusai", "o", method_register_machine_with_network, 0),
+        SD_BUS_METHOD("TerminateMachine", "s", NULL, method_terminate_machine, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("KillMachine", "ssi", NULL, method_kill_machine, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetMachineAddresses", "s", "a(iay)", method_get_machine_addresses, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("GetMachineOSRelease", "s", "a{ss}", method_get_machine_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("OpenMachinePTY", "s", "hs", method_open_machine_pty, 0),
+        SD_BUS_METHOD("OpenMachineLogin", "s", "hs", method_open_machine_login, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("OpenMachineShell", "sssasas", "hs", method_open_machine_shell, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("BindMountMachine", "sssbb", NULL, method_bind_mount_machine, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CopyFromMachine", "sss", NULL, method_copy_machine, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CopyToMachine", "sss", NULL, method_copy_machine, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("OpenMachineRootDirectory", "s", "h", method_open_machine_root_directory, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("RemoveImage", "s", NULL, method_remove_image, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("RenameImage", "ss", NULL, method_rename_image, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CloneImage", "ssb", NULL, method_clone_image, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("MarkImageReadOnly", "sb", NULL, method_mark_image_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetPoolLimit", "t", NULL, method_set_pool_limit, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetImageLimit", "st", NULL, method_set_image_limit, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("CleanPool", "s", "a(st)", method_clean_pool, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("MapFromMachineUser", "su", "u", method_map_from_machine_user, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("MapToMachineUser", "u", "sou", method_map_to_machine_user, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("MapFromMachineGroup", "su", "u", method_map_from_machine_group, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("MapToMachineGroup", "u", "sou", method_map_to_machine_group, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_SIGNAL("MachineNew", "so", 0),
+        SD_BUS_SIGNAL("MachineRemoved", "so", 0),
+        SD_BUS_VTABLE_END
+};
+
+int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *path, *result, *unit;
+        Manager *m = userdata;
+        Machine *machine;
+        uint32_t id;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "uoss", &id, &path, &unit, &result);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        machine = hashmap_get(m->machine_units, unit);
+        if (!machine)
+                return 0;
+
+        if (streq_ptr(path, machine->scope_job)) {
+                machine->scope_job = mfree(machine->scope_job);
+
+                if (machine->started) {
+                        if (streq(result, "done"))
+                                machine_send_create_reply(machine, NULL);
+                        else {
+                                _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
+
+                                sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED, "Start job for unit %s failed with '%s'", unit, result);
+
+                                machine_send_create_reply(machine, &e);
+                        }
+                }
+
+                machine_save(machine);
+        }
+
+        machine_add_to_gc_queue(machine);
+        return 0;
+}
+
+int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *unit = NULL;
+        const char *path;
+        Manager *m = userdata;
+        Machine *machine;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        path = sd_bus_message_get_path(message);
+        if (!path)
+                return 0;
+
+        r = unit_name_from_dbus_path(path, &unit);
+        if (r == -EINVAL) /* not for a unit */
+                return 0;
+        if (r < 0) {
+                log_oom();
+                return 0;
+        }
+
+        machine = hashmap_get(m->machine_units, unit);
+        if (!machine)
+                return 0;
+
+        machine_add_to_gc_queue(machine);
+        return 0;
+}
+
+int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *path, *unit;
+        Manager *m = userdata;
+        Machine *machine;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "so", &unit, &path);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        machine = hashmap_get(m->machine_units, unit);
+        if (!machine)
+                return 0;
+
+        machine_add_to_gc_queue(machine);
+        return 0;
+}
+
+int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        Machine *machine;
+        Iterator i;
+        int b, r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "b", &b);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+        if (b)
+                return 0;
+
+        /* systemd finished reloading, let's recheck all our machines */
+        log_debug("System manager has been reloaded, rechecking machines...");
+
+        HASHMAP_FOREACH(machine, m->machines, i)
+                machine_add_to_gc_queue(machine);
+
+        return 0;
+}
+
+int manager_start_scope(
+                Manager *manager,
+                const char *scope,
+                pid_t pid,
+                const char *slice,
+                const char *description,
+                sd_bus_message *more_properties,
+                sd_bus_error *error,
+                char **job) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(scope);
+        assert(pid > 1);
+
+        r = sd_bus_message_new_method_call(
+                        manager->bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartTransientUnit");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "ss", strempty(scope), "fail");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(m, 'a', "(sv)");
+        if (r < 0)
+                return r;
+
+        if (!isempty(slice)) {
+                r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!isempty(description)) {
+                r = sd_bus_message_append(m, "(sv)", "Description", "s", description);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_append(m, "(sv)", "PIDs", "au", 1, pid);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "(sv)", "Delegate", "b", 1);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", UINT64_C(16384));
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        if (more_properties) {
+                r = sd_bus_message_copy(m, more_properties, true);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "a(sa(sv))", 0);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call(manager->bus, m, 0, error, &reply);
+        if (r < 0)
+                return r;
+
+        if (job) {
+                const char *j;
+                char *copy;
+
+                r = sd_bus_message_read(reply, "o", &j);
+                if (r < 0)
+                        return r;
+
+                copy = strdup(j);
+                if (!copy)
+                        return -ENOMEM;
+
+                *job = copy;
+        }
+
+        return 1;
+}
+
+int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(unit);
+
+        r = sd_bus_call_method(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StopUnit",
+                        error,
+                        &reply,
+                        "ss", unit, "fail");
+        if (r < 0) {
+                if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
+                    sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED)) {
+
+                        if (job)
+                                *job = NULL;
+
+                        sd_bus_error_free(error);
+                        return 0;
+                }
+
+                return r;
+        }
+
+        if (job) {
+                const char *j;
+                char *copy;
+
+                r = sd_bus_message_read(reply, "o", &j);
+                if (r < 0)
+                        return r;
+
+                copy = strdup(j);
+                if (!copy)
+                        return -ENOMEM;
+
+                *job = copy;
+        }
+
+        return 1;
+}
+
+int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_error *error) {
+        assert(manager);
+        assert(unit);
+
+        return sd_bus_call_method(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "KillUnit",
+                        error,
+                        NULL,
+                        "ssi", unit, "all", signo);
+}
+
+int manager_unit_is_active(Manager *manager, const char *unit) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ char *path = NULL;
+        const char *state;
+        int r;
+
+        assert(manager);
+        assert(unit);
+
+        path = unit_dbus_path_from_name(unit);
+        if (!path)
+                return -ENOMEM;
+
+        r = sd_bus_get_property(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        "ActiveState",
+                        &error,
+                        &reply,
+                        "s");
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
+                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
+                        return true;
+
+                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
+                    sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED))
+                        return false;
+
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "s", &state);
+        if (r < 0)
+                return -EINVAL;
+
+        return !STR_IN_SET(state, "inactive", "failed");
+}
+
+int manager_job_is_active(Manager *manager, const char *path) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+
+        assert(manager);
+        assert(path);
+
+        r = sd_bus_get_property(
+                        manager->bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Job",
+                        "State",
+                        &error,
+                        &reply,
+                        "s");
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
+                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
+                        return true;
+
+                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT))
+                        return false;
+
+                return r;
+        }
+
+        /* We don't actually care about the state really. The fact
+         * that we could read the job state is enough for us */
+
+        return true;
+}
+
+int manager_get_machine_by_pid(Manager *m, pid_t pid, Machine **machine) {
+        Machine *mm;
+        int r;
+
+        assert(m);
+        assert(pid >= 1);
+        assert(machine);
+
+        mm = hashmap_get(m->machine_leaders, PID_TO_PTR(pid));
+        if (!mm) {
+                _cleanup_free_ char *unit = NULL;
+
+                r = cg_pid_get_unit(pid, &unit);
+                if (r >= 0)
+                        mm = hashmap_get(m->machine_units, unit);
+        }
+        if (!mm)
+                return 0;
+
+        *machine = mm;
+        return 1;
+}
+
+int manager_add_machine(Manager *m, const char *name, Machine **_machine) {
+        Machine *machine;
+
+        assert(m);
+        assert(name);
+
+        machine = hashmap_get(m->machines, name);
+        if (!machine) {
+                machine = machine_new(m, _MACHINE_CLASS_INVALID, name);
+                if (!machine)
+                        return -ENOMEM;
+        }
+
+        if (_machine)
+                *_machine = machine;
+
+        return 0;
+}
diff --git a/src/grp-machine/libmachine-core/machined.h b/src/grp-machine/libmachine-core/machined.h
new file mode 100644
index 0000000000..777571ebc0
--- /dev/null
+++ b/src/grp-machine/libmachine-core/machined.h
@@ -0,0 +1,82 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+
+#include "hashmap.h"
+#include "list.h"
+
+typedef struct Manager Manager;
+
+#include "image-dbus.h"
+#include "machine-dbus.h"
+#include "machine.h"
+#include "operation.h"
+
+struct Manager {
+        sd_event *event;
+        sd_bus *bus;
+
+        Hashmap *machines;
+        Hashmap *machine_units;
+        Hashmap *machine_leaders;
+
+        Hashmap *polkit_registry;
+
+        Hashmap *image_cache;
+        sd_event_source *image_cache_defer_event;
+
+        LIST_HEAD(Machine, machine_gc_queue);
+
+        Machine *host_machine;
+
+        LIST_HEAD(Operation, operations);
+        unsigned n_operations;
+};
+
+Manager *manager_new(void);
+void manager_free(Manager *m);
+
+int manager_add_machine(Manager *m, const char *name, Machine **_machine);
+int manager_enumerate_machines(Manager *m);
+
+int manager_startup(Manager *m);
+int manager_run(Manager *m);
+
+void manager_gc(Manager *m, bool drop_not_started);
+
+int manager_get_machine_by_pid(Manager *m, pid_t pid, Machine **machine);
+
+extern const sd_bus_vtable manager_vtable[];
+
+int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+
+int manager_start_scope(Manager *manager, const char *scope, pid_t pid, const char *slice, const char *description, sd_bus_message *more_properties, sd_bus_error *error, char **job);
+int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job);
+int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_error *error);
+int manager_unit_is_active(Manager *manager, const char *unit);
+int manager_job_is_active(Manager *manager, const char *path);
diff --git a/src/machine/operation.c b/src/grp-machine/libmachine-core/operation.c
index e6ddc41a55..e6ddc41a55 100644
--- a/src/machine/operation.c
+++ b/src/grp-machine/libmachine-core/operation.c
diff --git a/src/grp-machine/libmachine-core/operation.h b/src/grp-machine/libmachine-core/operation.h
new file mode 100644
index 0000000000..9397cd5f6d
--- /dev/null
+++ b/src/grp-machine/libmachine-core/operation.h
@@ -0,0 +1,47 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2016 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/types.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+
+#include "list.h"
+
+typedef struct Operation Operation;
+
+#include "machined.h"
+
+#define OPERATIONS_MAX 64
+
+struct Operation {
+        Manager *manager;
+        Machine *machine;
+        pid_t pid;
+        sd_bus_message *message;
+        int errno_fd;
+        sd_event_source *event_source;
+        LIST_FIELDS(Operation, operations);
+        LIST_FIELDS(Operation, operations_by_machine);
+};
+
+int operation_new(Manager *manager, Machine *machine, pid_t child, sd_bus_message *message, int errno_fd);
+Operation *operation_free(Operation *o);
diff --git a/src/machine/org.freedesktop.machine1.conf b/src/grp-machine/libmachine-core/org.freedesktop.machine1.conf
index 9d40b90151..9d40b90151 100644
--- a/src/machine/org.freedesktop.machine1.conf
+++ b/src/grp-machine/libmachine-core/org.freedesktop.machine1.conf
diff --git a/src/machine/org.freedesktop.machine1.policy.in b/src/grp-machine/libmachine-core/org.freedesktop.machine1.policy.in
index 69f78a5c25..69f78a5c25 100644
--- a/src/machine/org.freedesktop.machine1.policy.in
+++ b/src/grp-machine/libmachine-core/org.freedesktop.machine1.policy.in
diff --git a/src/machine/org.freedesktop.machine1.service b/src/grp-machine/libmachine-core/org.freedesktop.machine1.service
index d3dc99852b..d3dc99852b 100644
--- a/src/machine/org.freedesktop.machine1.service
+++ b/src/grp-machine/libmachine-core/org.freedesktop.machine1.service
diff --git a/src/machine/test-machine-tables.c b/src/grp-machine/libmachine-core/test-machine-tables.c
index f851a4d37d..f851a4d37d 100644
--- a/src/machine/test-machine-tables.c
+++ b/src/grp-machine/libmachine-core/test-machine-tables.c
diff --git a/src/grp-machine/machinectl/Makefile b/src/grp-machine/machinectl/Makefile
new file mode 100644
index 0000000000..a3ad40e59c
--- /dev/null
+++ b/src/grp-machine/machinectl/Makefile
@@ -0,0 +1,42 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+machinectl_SOURCES = \
+	src/machine/machinectl.c
+
+machinectl_LDADD = \
+	libshared.la
+
+rootbin_PROGRAMS += \
+	machinectl
+
+dist_bashcompletion_data += \
+	shell-completion/bash/machinectl
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_machinectl \
+	shell-completion/zsh/_sd_machines
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-machine/machinectl/machinectl.c b/src/grp-machine/machinectl/machinectl.c
new file mode 100644
index 0000000000..92ffa8b83d
--- /dev/null
+++ b/src/grp-machine/machinectl/machinectl.c
@@ -0,0 +1,2782 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <arpa/inet.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <locale.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-unit-util.h"
+#include "bus-util.h"
+#include "cgroup-show.h"
+#include "cgroup-util.h"
+#include "copy.h"
+#include "env-util.h"
+#include "fd-util.h"
+#include "hostname-util.h"
+#include "import-util.h"
+#include "log.h"
+#include "logs-show.h"
+#include "macro.h"
+#include "mkdir.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "ptyfwd.h"
+#include "signal-util.h"
+#include "spawn-polkit-agent.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "unit-name.h"
+#include "util.h"
+#include "verbs.h"
+#include "web-util.h"
+
+static char **arg_property = NULL;
+static bool arg_all = false;
+static bool arg_value = false;
+static bool arg_full = false;
+static bool arg_no_pager = false;
+static bool arg_legend = true;
+static const char *arg_kill_who = NULL;
+static int arg_signal = SIGTERM;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static char *arg_host = NULL;
+static bool arg_read_only = false;
+static bool arg_mkdir = false;
+static bool arg_quiet = false;
+static bool arg_ask_password = true;
+static unsigned arg_lines = 10;
+static OutputMode arg_output = OUTPUT_SHORT;
+static bool arg_force = false;
+static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
+static const char* arg_format = NULL;
+static const char *arg_uid = NULL;
+static char **arg_setenv = NULL;
+
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+
+        if (!arg_ask_password)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
+static OutputFlags get_output_flags(void) {
+        return
+                arg_all * OUTPUT_SHOW_ALL |
+                arg_full * OUTPUT_FULL_WIDTH |
+                (!on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
+                colors_enabled() * OUTPUT_COLOR |
+                !arg_quiet * OUTPUT_WARN_CUTOFF;
+}
+
+typedef struct MachineInfo {
+        const char *name;
+        const char *class;
+        const char *service;
+} MachineInfo;
+
+static int compare_machine_info(const void *a, const void *b) {
+        const MachineInfo *x = a, *y = b;
+
+        return strcmp(x->name, y->name);
+}
+
+static int list_machines(int argc, char *argv[], void *userdata) {
+
+        size_t max_name = strlen("MACHINE"), max_class = strlen("CLASS"), max_service = strlen("SERVICE");
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ MachineInfo *machines = NULL;
+        const char *name, *class, *service, *object;
+        size_t n_machines = 0, n_allocated = 0, j;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "ListMachines",
+                               &error,
+                               &reply,
+                               NULL);
+        if (r < 0) {
+                log_error("Could not get machines: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_enter_container(reply, 'a', "(ssso)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(ssso)", &name, &class, &service, &object)) > 0) {
+                size_t l;
+
+                if (name[0] == '.' && !arg_all)
+                        continue;
+
+                if (!GREEDY_REALLOC(machines, n_allocated, n_machines + 1))
+                        return log_oom();
+
+                machines[n_machines].name = name;
+                machines[n_machines].class = class;
+                machines[n_machines].service = service;
+
+                l = strlen(name);
+                if (l > max_name)
+                        max_name = l;
+
+                l = strlen(class);
+                if (l > max_class)
+                        max_class = l;
+
+                l = strlen(service);
+                if (l > max_service)
+                        max_service = l;
+
+                n_machines++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        qsort_safe(machines, n_machines, sizeof(MachineInfo), compare_machine_info);
+
+        if (arg_legend)
+                printf("%-*s %-*s %-*s\n",
+                       (int) max_name, "MACHINE",
+                       (int) max_class, "CLASS",
+                       (int) max_service, "SERVICE");
+
+        for (j = 0; j < n_machines; j++)
+                printf("%-*s %-*s %-*s\n",
+                       (int) max_name, machines[j].name,
+                       (int) max_class, machines[j].class,
+                       (int) max_service, machines[j].service);
+
+        if (arg_legend)
+                printf("\n%zu machines listed.\n", n_machines);
+
+        return 0;
+}
+
+typedef struct ImageInfo {
+        const char *name;
+        const char *type;
+        bool read_only;
+        usec_t crtime;
+        usec_t mtime;
+        uint64_t size;
+} ImageInfo;
+
+static int compare_image_info(const void *a, const void *b) {
+        const ImageInfo *x = a, *y = b;
+
+        return strcmp(x->name, y->name);
+}
+
+static int list_images(int argc, char *argv[], void *userdata) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        size_t max_name = strlen("NAME"), max_type = strlen("TYPE"), max_size = strlen("USAGE"), max_crtime = strlen("CREATED"), max_mtime = strlen("MODIFIED");
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ ImageInfo *images = NULL;
+        size_t n_images = 0, n_allocated = 0, j;
+        const char *name, *type, *object;
+        sd_bus *bus = userdata;
+        uint64_t crtime, mtime, size;
+        int read_only, r;
+
+        assert(bus);
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "ListImages",
+                               &error,
+                               &reply,
+                               "");
+        if (r < 0) {
+                log_error("Could not get images: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssbttto)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(ssbttto)", &name, &type, &read_only, &crtime, &mtime, &size, &object)) > 0) {
+                char buf[MAX(FORMAT_TIMESTAMP_MAX, FORMAT_BYTES_MAX)];
+                size_t l;
+
+                if (name[0] == '.' && !arg_all)
+                        continue;
+
+                if (!GREEDY_REALLOC(images, n_allocated, n_images + 1))
+                        return log_oom();
+
+                images[n_images].name = name;
+                images[n_images].type = type;
+                images[n_images].read_only = read_only;
+                images[n_images].crtime = crtime;
+                images[n_images].mtime = mtime;
+                images[n_images].size = size;
+
+                l = strlen(name);
+                if (l > max_name)
+                        max_name = l;
+
+                l = strlen(type);
+                if (l > max_type)
+                        max_type = l;
+
+                if (crtime != 0) {
+                        l = strlen(strna(format_timestamp(buf, sizeof(buf), crtime)));
+                        if (l > max_crtime)
+                                max_crtime = l;
+                }
+
+                if (mtime != 0) {
+                        l = strlen(strna(format_timestamp(buf, sizeof(buf), mtime)));
+                        if (l > max_mtime)
+                                max_mtime = l;
+                }
+
+                if (size != (uint64_t) -1) {
+                        l = strlen(strna(format_bytes(buf, sizeof(buf), size)));
+                        if (l > max_size)
+                                max_size = l;
+                }
+
+                n_images++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        qsort_safe(images, n_images, sizeof(ImageInfo), compare_image_info);
+
+        if (arg_legend)
+                printf("%-*s %-*s %-3s %-*s %-*s %-*s\n",
+                       (int) max_name, "NAME",
+                       (int) max_type, "TYPE",
+                       "RO",
+                       (int) max_size, "USAGE",
+                       (int) max_crtime, "CREATED",
+                       (int) max_mtime, "MODIFIED");
+
+        for (j = 0; j < n_images; j++) {
+                char crtime_buf[FORMAT_TIMESTAMP_MAX], mtime_buf[FORMAT_TIMESTAMP_MAX], size_buf[FORMAT_BYTES_MAX];
+
+                printf("%-*s %-*s %s%-3s%s %-*s %-*s %-*s\n",
+                       (int) max_name, images[j].name,
+                       (int) max_type, images[j].type,
+                       images[j].read_only ? ansi_highlight_red() : "", yes_no(images[j].read_only), images[j].read_only ? ansi_normal() : "",
+                       (int) max_size, strna(format_bytes(size_buf, sizeof(size_buf), images[j].size)),
+                       (int) max_crtime, strna(format_timestamp(crtime_buf, sizeof(crtime_buf), images[j].crtime)),
+                       (int) max_mtime, strna(format_timestamp(mtime_buf, sizeof(mtime_buf), images[j].mtime)));
+        }
+
+        if (arg_legend)
+                printf("\n%zu images listed.\n", n_images);
+
+        return 0;
+}
+
+static int show_unit_cgroup(sd_bus *bus, const char *unit, pid_t leader) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ char *path = NULL;
+        const char *cgroup;
+        int r;
+        unsigned c;
+
+        assert(bus);
+        assert(unit);
+
+        path = unit_dbus_path_from_name(unit);
+        if (!path)
+                return log_oom();
+
+        r = sd_bus_get_property(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        unit_dbus_interface_from_name(unit),
+                        "ControlGroup",
+                        &error,
+                        &reply,
+                        "s");
+        if (r < 0)
+                return log_error_errno(r, "Failed to query ControlGroup: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_read(reply, "s", &cgroup);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (isempty(cgroup))
+                return 0;
+
+        c = columns();
+        if (c > 18)
+                c -= 18;
+        else
+                c = 0;
+
+        r = unit_show_processes(bus, unit, cgroup, "\t\t  ", c, get_output_flags(), &error);
+        if (r == -EBADR) {
+
+                if (arg_transport == BUS_TRANSPORT_REMOTE)
+                        return 0;
+
+                /* Fallback for older systemd versions where the GetUnitProcesses() call is not yet available */
+
+                if (cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) != 0 && leader <= 0)
+                        return 0;
+
+                show_cgroup_and_extra(SYSTEMD_CGROUP_CONTROLLER, cgroup, "\t\t  ", c, &leader, leader > 0, get_output_flags());
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to dump process list: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int print_addresses(sd_bus *bus, const char *name, int ifi, const char *prefix, const char *prefix2) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+
+        assert(bus);
+        assert(name);
+        assert(prefix);
+        assert(prefix2);
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "GetMachineAddresses",
+                               NULL,
+                               &reply,
+                               "s", name);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(iay)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
+                int family;
+                const void *a;
+                size_t sz;
+                char buffer[MAX(INET6_ADDRSTRLEN, INET_ADDRSTRLEN)];
+
+                r = sd_bus_message_read(reply, "i", &family);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                fputs(prefix, stdout);
+                fputs(inet_ntop(family, a, buffer, sizeof(buffer)), stdout);
+                if (family == AF_INET6 && ifi > 0)
+                        printf("%%%i", ifi);
+                fputc('\n', stdout);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (prefix != prefix2)
+                        prefix = prefix2;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return 0;
+}
+
+static int print_os_release(sd_bus *bus, const char *name, const char *prefix) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *k, *v, *pretty = NULL;
+        int r;
+
+        assert(bus);
+        assert(name);
+        assert(prefix);
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "GetMachineOSRelease",
+                               NULL,
+                               &reply,
+                               "s", name);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_enter_container(reply, 'a', "{ss}");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "{ss}", &k, &v)) > 0) {
+                if (streq(k, "PRETTY_NAME"))
+                        pretty = v;
+
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (pretty)
+                printf("%s%s\n", prefix, pretty);
+
+        return 0;
+}
+
+typedef struct MachineStatusInfo {
+        char *name;
+        sd_id128_t id;
+        char *class;
+        char *service;
+        char *unit;
+        char *root_directory;
+        pid_t leader;
+        struct dual_timestamp timestamp;
+        int *netif;
+        unsigned n_netif;
+} MachineStatusInfo;
+
+static void machine_status_info_clear(MachineStatusInfo *info) {
+        if (info) {
+                free(info->name);
+                free(info->class);
+                free(info->service);
+                free(info->unit);
+                free(info->root_directory);
+                free(info->netif);
+                zero(*info);
+        }
+}
+
+static void print_machine_status_info(sd_bus *bus, MachineStatusInfo *i) {
+        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
+        char since2[FORMAT_TIMESTAMP_MAX], *s2;
+        int ifi = -1;
+
+        assert(bus);
+        assert(i);
+
+        fputs(strna(i->name), stdout);
+
+        if (!sd_id128_equal(i->id, SD_ID128_NULL))
+                printf("(" SD_ID128_FORMAT_STR ")\n", SD_ID128_FORMAT_VAL(i->id));
+        else
+                putchar('\n');
+
+        s1 = format_timestamp_relative(since1, sizeof(since1), i->timestamp.realtime);
+        s2 = format_timestamp(since2, sizeof(since2), i->timestamp.realtime);
+
+        if (s1)
+                printf("\t   Since: %s; %s\n", s2, s1);
+        else if (s2)
+                printf("\t   Since: %s\n", s2);
+
+        if (i->leader > 0) {
+                _cleanup_free_ char *t = NULL;
+
+                printf("\t  Leader: %u", (unsigned) i->leader);
+
+                get_process_comm(i->leader, &t);
+                if (t)
+                        printf(" (%s)", t);
+
+                putchar('\n');
+        }
+
+        if (i->service) {
+                printf("\t Service: %s", i->service);
+
+                if (i->class)
+                        printf("; class %s", i->class);
+
+                putchar('\n');
+        } else if (i->class)
+                printf("\t   Class: %s\n", i->class);
+
+        if (i->root_directory)
+                printf("\t    Root: %s\n", i->root_directory);
+
+        if (i->n_netif > 0) {
+                unsigned c;
+
+                fputs("\t   Iface:", stdout);
+
+                for (c = 0; c < i->n_netif; c++) {
+                        char name[IF_NAMESIZE+1] = "";
+
+                        if (if_indextoname(i->netif[c], name)) {
+                                fputc(' ', stdout);
+                                fputs(name, stdout);
+
+                                if (ifi < 0)
+                                        ifi = i->netif[c];
+                                else
+                                        ifi = 0;
+                        } else
+                                printf(" %i", i->netif[c]);
+                }
+
+                fputc('\n', stdout);
+        }
+
+        print_addresses(bus, i->name, ifi,
+                       "\t Address: ",
+                       "\t          ");
+
+        print_os_release(bus, i->name, "\t      OS: ");
+
+        if (i->unit) {
+                printf("\t    Unit: %s\n", i->unit);
+                show_unit_cgroup(bus, i->unit, i->leader);
+
+                if (arg_transport == BUS_TRANSPORT_LOCAL)
+
+                        show_journal_by_unit(
+                                        stdout,
+                                        i->unit,
+                                        arg_output,
+                                        0,
+                                        i->timestamp.monotonic,
+                                        arg_lines,
+                                        0,
+                                        get_output_flags() | OUTPUT_BEGIN_NEWLINE,
+                                        SD_JOURNAL_LOCAL_ONLY,
+                                        true,
+                                        NULL);
+        }
+}
+
+static int map_netif(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
+        MachineStatusInfo *i = userdata;
+        size_t l;
+        const void *v;
+        int r;
+
+        assert_cc(sizeof(int32_t) == sizeof(int));
+        r = sd_bus_message_read_array(m, SD_BUS_TYPE_INT32, &v, &l);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return -EBADMSG;
+
+        i->n_netif = l / sizeof(int32_t);
+        i->netif = memdup(v, l);
+        if (!i->netif)
+                return -ENOMEM;
+
+        return 0;
+}
+
+static int show_machine_info(const char *verb, sd_bus *bus, const char *path, bool *new_line) {
+
+        static const struct bus_properties_map map[]  = {
+                { "Name",               "s",  NULL,          offsetof(MachineStatusInfo, name)                },
+                { "Class",              "s",  NULL,          offsetof(MachineStatusInfo, class)               },
+                { "Service",            "s",  NULL,          offsetof(MachineStatusInfo, service)             },
+                { "Unit",               "s",  NULL,          offsetof(MachineStatusInfo, unit)                },
+                { "RootDirectory",      "s",  NULL,          offsetof(MachineStatusInfo, root_directory)      },
+                { "Leader",             "u",  NULL,          offsetof(MachineStatusInfo, leader)              },
+                { "Timestamp",          "t",  NULL,          offsetof(MachineStatusInfo, timestamp.realtime)  },
+                { "TimestampMonotonic", "t",  NULL,          offsetof(MachineStatusInfo, timestamp.monotonic) },
+                { "Id",                 "ay", bus_map_id128, offsetof(MachineStatusInfo, id)                  },
+                { "NetworkInterfaces",  "ai", map_netif,     0                                                },
+                {}
+        };
+
+        _cleanup_(machine_status_info_clear) MachineStatusInfo info = {};
+        int r;
+
+        assert(verb);
+        assert(bus);
+        assert(path);
+        assert(new_line);
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.machine1",
+                                   path,
+                                   map,
+                                   &info);
+        if (r < 0)
+                return log_error_errno(r, "Could not get properties: %m");
+
+        if (*new_line)
+                printf("\n");
+        *new_line = true;
+
+        print_machine_status_info(bus, &info);
+
+        return r;
+}
+
+static int show_machine_properties(sd_bus *bus, const char *path, bool *new_line) {
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(new_line);
+
+        if (*new_line)
+                printf("\n");
+
+        *new_line = true;
+
+        r = bus_print_all_properties(bus, "org.freedesktop.machine1", path, arg_property, arg_value, arg_all);
+        if (r < 0)
+                log_error_errno(r, "Could not get properties: %m");
+
+        return r;
+}
+
+static int show_machine(int argc, char *argv[], void *userdata) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        bool properties, new_line = false;
+        sd_bus *bus = userdata;
+        int r = 0, i;
+
+        assert(bus);
+
+        properties = !strstr(argv[0], "status");
+
+        pager_open(arg_no_pager, false);
+
+        if (properties && argc <= 1) {
+
+                /* If no argument is specified, inspect the manager
+                 * itself */
+                r = show_machine_properties(bus, "/org/freedesktop/machine1", &new_line);
+                if (r < 0)
+                        return r;
+        }
+
+        for (i = 1; i < argc; i++) {
+                const char *path = NULL;
+
+                r = sd_bus_call_method(bus,
+                                       "org.freedesktop.machine1",
+                                       "/org/freedesktop/machine1",
+                                       "org.freedesktop.machine1.Manager",
+                                       "GetMachine",
+                                       &error,
+                                       &reply,
+                                       "s", argv[i]);
+                if (r < 0) {
+                        log_error("Could not get path to machine: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+
+                r = sd_bus_message_read(reply, "o", &path);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (properties)
+                        r = show_machine_properties(bus, path, &new_line);
+                else
+                        r = show_machine_info(argv[0], bus, path, &new_line);
+        }
+
+        return r;
+}
+
+typedef struct ImageStatusInfo {
+        char *name;
+        char *path;
+        char *type;
+        int read_only;
+        usec_t crtime;
+        usec_t mtime;
+        uint64_t usage;
+        uint64_t limit;
+        uint64_t usage_exclusive;
+        uint64_t limit_exclusive;
+} ImageStatusInfo;
+
+static void image_status_info_clear(ImageStatusInfo *info) {
+        if (info) {
+                free(info->name);
+                free(info->path);
+                free(info->type);
+                zero(*info);
+        }
+}
+
+static void print_image_status_info(sd_bus *bus, ImageStatusInfo *i) {
+        char ts_relative[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
+        char ts_absolute[FORMAT_TIMESTAMP_MAX], *s2;
+        char bs[FORMAT_BYTES_MAX], *s3;
+        char bs_exclusive[FORMAT_BYTES_MAX], *s4;
+
+        assert(bus);
+        assert(i);
+
+        if (i->name) {
+                fputs(i->name, stdout);
+                putchar('\n');
+        }
+
+        if (i->type)
+                printf("\t    Type: %s\n", i->type);
+
+        if (i->path)
+                printf("\t    Path: %s\n", i->path);
+
+        printf("\t      RO: %s%s%s\n",
+               i->read_only ? ansi_highlight_red() : "",
+               i->read_only ? "read-only" : "writable",
+               i->read_only ? ansi_normal() : "");
+
+        s1 = format_timestamp_relative(ts_relative, sizeof(ts_relative), i->crtime);
+        s2 = format_timestamp(ts_absolute, sizeof(ts_absolute), i->crtime);
+        if (s1 && s2)
+                printf("\t Created: %s; %s\n", s2, s1);
+        else if (s2)
+                printf("\t Created: %s\n", s2);
+
+        s1 = format_timestamp_relative(ts_relative, sizeof(ts_relative), i->mtime);
+        s2 = format_timestamp(ts_absolute, sizeof(ts_absolute), i->mtime);
+        if (s1 && s2)
+                printf("\tModified: %s; %s\n", s2, s1);
+        else if (s2)
+                printf("\tModified: %s\n", s2);
+
+        s3 = format_bytes(bs, sizeof(bs), i->usage);
+        s4 = i->usage_exclusive != i->usage ? format_bytes(bs_exclusive, sizeof(bs_exclusive), i->usage_exclusive) : NULL;
+        if (s3 && s4)
+                printf("\t   Usage: %s (exclusive: %s)\n", s3, s4);
+        else if (s3)
+                printf("\t   Usage: %s\n", s3);
+
+        s3 = format_bytes(bs, sizeof(bs), i->limit);
+        s4 = i->limit_exclusive != i->limit ? format_bytes(bs_exclusive, sizeof(bs_exclusive), i->limit_exclusive) : NULL;
+        if (s3 && s4)
+                printf("\t   Limit: %s (exclusive: %s)\n", s3, s4);
+        else if (s3)
+                printf("\t   Limit: %s\n", s3);
+}
+
+static int show_image_info(sd_bus *bus, const char *path, bool *new_line) {
+
+        static const struct bus_properties_map map[]  = {
+                { "Name",                  "s",  NULL, offsetof(ImageStatusInfo, name)            },
+                { "Path",                  "s",  NULL, offsetof(ImageStatusInfo, path)            },
+                { "Type",                  "s",  NULL, offsetof(ImageStatusInfo, type)            },
+                { "ReadOnly",              "b",  NULL, offsetof(ImageStatusInfo, read_only)       },
+                { "CreationTimestamp",     "t",  NULL, offsetof(ImageStatusInfo, crtime)          },
+                { "ModificationTimestamp", "t",  NULL, offsetof(ImageStatusInfo, mtime)           },
+                { "Usage",                 "t",  NULL, offsetof(ImageStatusInfo, usage)           },
+                { "Limit",                 "t",  NULL, offsetof(ImageStatusInfo, limit)           },
+                { "UsageExclusive",        "t",  NULL, offsetof(ImageStatusInfo, usage_exclusive) },
+                { "LimitExclusive",        "t",  NULL, offsetof(ImageStatusInfo, limit_exclusive) },
+                {}
+        };
+
+        _cleanup_(image_status_info_clear) ImageStatusInfo info = {};
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(new_line);
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.machine1",
+                                   path,
+                                   map,
+                                   &info);
+        if (r < 0)
+                return log_error_errno(r, "Could not get properties: %m");
+
+        if (*new_line)
+                printf("\n");
+        *new_line = true;
+
+        print_image_status_info(bus, &info);
+
+        return r;
+}
+
+typedef struct PoolStatusInfo {
+        char *path;
+        uint64_t usage;
+        uint64_t limit;
+} PoolStatusInfo;
+
+static void pool_status_info_clear(PoolStatusInfo *info) {
+        if (info) {
+                free(info->path);
+                zero(*info);
+                info->usage = -1;
+                info->limit = -1;
+        }
+}
+
+static void print_pool_status_info(sd_bus *bus, PoolStatusInfo *i) {
+        char bs[FORMAT_BYTES_MAX], *s;
+
+        if (i->path)
+                printf("\t    Path: %s\n", i->path);
+
+        s = format_bytes(bs, sizeof(bs), i->usage);
+        if (s)
+                printf("\t   Usage: %s\n", s);
+
+        s = format_bytes(bs, sizeof(bs), i->limit);
+        if (s)
+                printf("\t   Limit: %s\n", s);
+}
+
+static int show_pool_info(sd_bus *bus) {
+
+        static const struct bus_properties_map map[]  = {
+                { "PoolPath",  "s",  NULL, offsetof(PoolStatusInfo, path)  },
+                { "PoolUsage", "t",  NULL, offsetof(PoolStatusInfo, usage) },
+                { "PoolLimit", "t",  NULL, offsetof(PoolStatusInfo, limit) },
+                {}
+        };
+
+        _cleanup_(pool_status_info_clear) PoolStatusInfo info = {
+                .usage = (uint64_t) -1,
+                .limit = (uint64_t) -1,
+        };
+        int r;
+
+        assert(bus);
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.machine1",
+                                   "/org/freedesktop/machine1",
+                                   map,
+                                   &info);
+        if (r < 0)
+                return log_error_errno(r, "Could not get properties: %m");
+
+        print_pool_status_info(bus, &info);
+
+        return 0;
+}
+
+
+static int show_image_properties(sd_bus *bus, const char *path, bool *new_line) {
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(new_line);
+
+        if (*new_line)
+                printf("\n");
+
+        *new_line = true;
+
+        r = bus_print_all_properties(bus, "org.freedesktop.machine1", path, arg_property, arg_value, arg_all);
+        if (r < 0)
+                log_error_errno(r, "Could not get properties: %m");
+
+        return r;
+}
+
+static int show_image(int argc, char *argv[], void *userdata) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        bool properties, new_line = false;
+        sd_bus *bus = userdata;
+        int r = 0, i;
+
+        assert(bus);
+
+        properties = !strstr(argv[0], "status");
+
+        pager_open(arg_no_pager, false);
+
+        if (argc <= 1) {
+
+                /* If no argument is specified, inspect the manager
+                 * itself */
+
+                if (properties)
+                        r = show_image_properties(bus, "/org/freedesktop/machine1", &new_line);
+                else
+                        r = show_pool_info(bus);
+                if (r < 0)
+                        return r;
+        }
+
+        for (i = 1; i < argc; i++) {
+                const char *path = NULL;
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "GetImage",
+                                &error,
+                                &reply,
+                                "s", argv[i]);
+                if (r < 0) {
+                        log_error("Could not get path to image: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+
+                r = sd_bus_message_read(reply, "o", &path);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (properties)
+                        r = show_image_properties(bus, path, &new_line);
+                else
+                        r = show_image_info(bus, path, &new_line);
+        }
+
+        return r;
+}
+
+static int kill_machine(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        if (!arg_kill_who)
+                arg_kill_who = "all";
+
+        for (i = 1; i < argc; i++) {
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "KillMachine",
+                                &error,
+                                NULL,
+                                "ssi", argv[i], arg_kill_who, arg_signal);
+                if (r < 0) {
+                        log_error("Could not kill machine: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int reboot_machine(int argc, char *argv[], void *userdata) {
+        arg_kill_who = "leader";
+        arg_signal = SIGINT; /* sysvinit + systemd */
+
+        return kill_machine(argc, argv, userdata);
+}
+
+static int poweroff_machine(int argc, char *argv[], void *userdata) {
+        arg_kill_who = "leader";
+        arg_signal = SIGRTMIN+4; /* only systemd */
+
+        return kill_machine(argc, argv, userdata);
+}
+
+static int terminate_machine(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        for (i = 1; i < argc; i++) {
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "TerminateMachine",
+                                &error,
+                                NULL,
+                                "s", argv[i]);
+                if (r < 0) {
+                        log_error("Could not terminate machine: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int copy_files(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *abs_host_path = NULL;
+        char *dest, *host_path, *container_path;
+        sd_bus *bus = userdata;
+        bool copy_from;
+        int r;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        copy_from = streq(argv[0], "copy-from");
+        dest = argv[3] ?: argv[2];
+        host_path = copy_from ? dest : argv[2];
+        container_path = copy_from ? argv[2] : dest;
+
+        if (!path_is_absolute(host_path)) {
+                r = path_make_absolute_cwd(host_path, &abs_host_path);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to make path absolute: %m");
+
+                host_path = abs_host_path;
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        copy_from ? "CopyFromMachine" : "CopyToMachine");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(
+                        m,
+                        "sss",
+                        argv[1],
+                        copy_from ? container_path : host_path,
+                        copy_from ? host_path : container_path);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* This is a slow operation, hence turn off any method call timeouts */
+        r = sd_bus_call(bus, m, USEC_INFINITY, &error, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to copy: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int bind_mount(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "BindMountMachine",
+                        &error,
+                        NULL,
+                        "sssbb",
+                        argv[1],
+                        argv[2],
+                        argv[3],
+                        arg_read_only,
+                        arg_mkdir);
+        if (r < 0) {
+                log_error("Failed to bind mount: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int on_machine_removed(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+        PTYForward ** forward = (PTYForward**) userdata;
+        int r;
+
+        assert(m);
+        assert(forward);
+
+        if (*forward) {
+                /* If the forwarder is already initialized, tell it to
+                 * exit on the next vhangup(), so that we still flush
+                 * out what might be queued and exit then. */
+
+                r = pty_forward_set_ignore_vhangup(*forward, false);
+                if (r >= 0)
+                        return 0;
+
+                log_error_errno(r, "Failed to set ignore_vhangup flag: %m");
+        }
+
+        /* On error, or when the forwarder is not initialized yet, quit immediately */
+        sd_event_exit(sd_bus_get_event(sd_bus_message_get_bus(m)), EXIT_FAILURE);
+        return 0;
+}
+
+static int process_forward(sd_event *event, PTYForward **forward, int master, PTYForwardFlags flags, const char *name) {
+        char last_char = 0;
+        bool machine_died;
+        int ret = 0, r;
+
+        assert(event);
+        assert(master >= 0);
+        assert(name);
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGWINCH, SIGTERM, SIGINT, -1) >= 0);
+
+        if (streq(name, ".host"))
+                log_info("Connected to the local host. Press ^] three times within 1s to exit session.");
+        else
+                log_info("Connected to machine %s. Press ^] three times within 1s to exit session.", name);
+
+        sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
+        sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
+
+        r = pty_forward_new(event, master, flags, forward);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create PTY forwarder: %m");
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        pty_forward_get_last_char(*forward, &last_char);
+
+        machine_died =
+                (flags & PTY_FORWARD_IGNORE_VHANGUP) &&
+                pty_forward_get_ignore_vhangup(*forward) == 0;
+
+        *forward = pty_forward_free(*forward);
+
+        if (last_char != '\n')
+                fputc('\n', stdout);
+
+        if (machine_died)
+                log_info("Machine %s terminated.", name);
+        else if (streq(name, ".host"))
+                log_info("Connection to the local host terminated.");
+        else
+                log_info("Connection to machine %s terminated.", name);
+
+        sd_event_get_exit_code(event, &ret);
+        return ret;
+}
+
+static int login_machine(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
+        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        int master = -1, r;
+        sd_bus *bus = userdata;
+        const char *pty, *match, *machine;
+
+        assert(bus);
+
+        if (!strv_isempty(arg_setenv) || arg_uid) {
+                log_error("--setenv= and --uid= are not supported for 'login'. Use 'shell' instead.");
+                return -EINVAL;
+        }
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL &&
+            arg_transport != BUS_TRANSPORT_MACHINE) {
+                log_error("Login only supported on local machines.");
+                return -EOPNOTSUPP;
+        }
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get event loop: %m");
+
+        r = sd_bus_attach_event(bus, event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        machine = argc < 2 || isempty(argv[1]) ? ".host" : argv[1];
+
+        match = strjoina("type='signal',"
+                         "sender='org.freedesktop.machine1',"
+                         "path='/org/freedesktop/machine1',",
+                         "interface='org.freedesktop.machine1.Manager',"
+                         "member='MachineRemoved',"
+                         "arg0='", machine, "'");
+
+        r = sd_bus_add_match(bus, &slot, match, on_machine_removed, &forward);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add machine removal match: %m");
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "OpenMachineLogin",
+                        &error,
+                        &reply,
+                        "s", machine);
+        if (r < 0) {
+                log_error("Failed to get login PTY: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "hs", &master, &pty);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return process_forward(event, &forward, master, PTY_FORWARD_IGNORE_VHANGUP, machine);
+}
+
+static int shell_machine(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
+        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        int master = -1, r;
+        sd_bus *bus = userdata;
+        const char *pty, *match, *machine, *path, *uid = NULL;
+
+        assert(bus);
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL &&
+            arg_transport != BUS_TRANSPORT_MACHINE) {
+                log_error("Shell only supported on local machines.");
+                return -EOPNOTSUPP;
+        }
+
+        /* Pass $TERM to shell session, if not explicitly specified. */
+        if (!strv_find_prefix(arg_setenv, "TERM=")) {
+                const char *t;
+
+                t = strv_find_prefix(environ, "TERM=");
+                if (t) {
+                        if (strv_extend(&arg_setenv, t) < 0)
+                                return log_oom();
+                }
+        }
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get event loop: %m");
+
+        r = sd_bus_attach_event(bus, event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        machine = argc < 2 || isempty(argv[1]) ? NULL : argv[1];
+
+        if (arg_uid)
+                uid = arg_uid;
+        else if (machine) {
+                const char *at;
+
+                at = strchr(machine, '@');
+                if (at) {
+                        uid = strndupa(machine, at - machine);
+                        machine = at + 1;
+                }
+        }
+
+        if (isempty(machine))
+                machine = ".host";
+
+        match = strjoina("type='signal',"
+                         "sender='org.freedesktop.machine1',"
+                         "path='/org/freedesktop/machine1',",
+                         "interface='org.freedesktop.machine1.Manager',"
+                         "member='MachineRemoved',"
+                         "arg0='", machine, "'");
+
+        r = sd_bus_add_match(bus, &slot, match, on_machine_removed, &forward);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add machine removal match: %m");
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "OpenMachineShell");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        path = argc < 3 || isempty(argv[2]) ? NULL : argv[2];
+
+        r = sd_bus_message_append(m, "sss", machine, uid, path);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_strv(m, strv_length(argv) <= 3 ? NULL : argv + 2);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_strv(m, arg_setenv);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0) {
+                log_error("Failed to get shell PTY: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "hs", &master, &pty);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return process_forward(event, &forward, master, 0, machine);
+}
+
+static int remove_image(int argc, char *argv[], void *userdata) {
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        for (i = 1; i < argc; i++) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &m,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "RemoveImage");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append(m, "s", argv[i]);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                /* This is a slow operation, hence turn off any method call timeouts */
+                r = sd_bus_call(bus, m, USEC_INFINITY, &error, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Could not remove image: %s", bus_error_message(&error, r));
+        }
+
+        return 0;
+}
+
+static int rename_image(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "RenameImage",
+                        &error,
+                        NULL,
+                        "ss", argv[1], argv[2]);
+        if (r < 0) {
+                log_error("Could not rename image: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int clone_image(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "CloneImage");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(m, "ssb", argv[1], argv[2], arg_read_only);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* This is a slow operation, hence turn off any method call timeouts */
+        r = sd_bus_call(bus, m, USEC_INFINITY, &error, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Could not clone image: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int read_only_image(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int b = true, r;
+
+        if (argc > 2) {
+                b = parse_boolean(argv[2]);
+                if (b < 0) {
+                        log_error("Failed to parse boolean argument: %s", argv[2]);
+                        return -EINVAL;
+                }
+        }
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "MarkImageReadOnly",
+                        &error,
+                        NULL,
+                        "sb", argv[1], b);
+        if (r < 0) {
+                log_error("Could not mark image read-only: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int make_service_name(const char *name, char **ret) {
+        _cleanup_free_ char *e = NULL;
+        int r;
+
+        assert(name);
+        assert(ret);
+
+        if (!machine_name_is_valid(name)) {
+                log_error("Invalid machine name %s.", name);
+                return -EINVAL;
+        }
+
+        e = unit_name_escape(name);
+        if (!e)
+                return log_oom();
+
+        r = unit_name_build("systemd-nspawn", e, ".service", ret);
+        if (r < 0)
+                return log_error_errno(r, "Failed to build unit name: %m");
+
+        return 0;
+}
+
+static int start_machine(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        r = bus_wait_for_jobs_new(bus, &w);
+        if (r < 0)
+                return log_oom();
+
+        for (i = 1; i < argc; i++) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                _cleanup_free_ char *unit = NULL;
+                const char *object;
+
+                r = make_service_name(argv[i], &unit);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "StartUnit",
+                                &error,
+                                &reply,
+                                "ss", unit, "fail");
+                if (r < 0) {
+                        log_error("Failed to start unit: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+
+                r = sd_bus_message_read(reply, "o", &object);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = bus_wait_for_jobs_add(w, object);
+                if (r < 0)
+                        return log_oom();
+        }
+
+        r = bus_wait_for_jobs(w, arg_quiet, NULL);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int enable_machine(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        UnitFileChange *changes = NULL;
+        unsigned n_changes = 0;
+        int carries_install_info = 0;
+        const char *method = NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        method = streq(argv[0], "enable") ? "EnableUnitFiles" : "DisableUnitFiles";
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        method);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_open_container(m, 'a', "s");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        for (i = 1; i < argc; i++) {
+                _cleanup_free_ char *unit = NULL;
+
+                r = make_service_name(argv[i], &unit);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(m, "s", unit);
+                if (r < 0)
+                        return bus_log_create_error(r);
+        }
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        if (streq(argv[0], "enable"))
+                r = sd_bus_message_append(m, "bb", false, false);
+        else
+                r = sd_bus_message_append(m, "b", false);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0) {
+                log_error("Failed to enable or disable unit: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        if (streq(argv[0], "enable")) {
+                r = sd_bus_message_read(reply, "b", carries_install_info);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+        }
+
+        r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
+        if (r < 0)
+                goto finish;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "Reload",
+                        &error,
+                        NULL,
+                        NULL);
+        if (r < 0) {
+                log_error("Failed to reload daemon: %s", bus_error_message(&error, -r));
+                goto finish;
+        }
+
+        r = 0;
+
+finish:
+        unit_file_changes_free(changes, n_changes);
+
+        return r;
+}
+
+static int match_log_message(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        const char **our_path = userdata, *line;
+        unsigned priority;
+        int r;
+
+        assert(m);
+        assert(our_path);
+
+        r = sd_bus_message_read(m, "us", &priority, &line);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        if (!streq_ptr(*our_path, sd_bus_message_get_path(m)))
+                return 0;
+
+        if (arg_quiet && LOG_PRI(priority) >= LOG_INFO)
+                return 0;
+
+        log_full(priority, "%s", line);
+        return 0;
+}
+
+static int match_transfer_removed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        const char **our_path = userdata, *path, *result;
+        uint32_t id;
+        int r;
+
+        assert(m);
+        assert(our_path);
+
+        r = sd_bus_message_read(m, "uos", &id, &path, &result);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        if (!streq_ptr(*our_path, path))
+                return 0;
+
+        sd_event_exit(sd_bus_get_event(sd_bus_message_get_bus(m)), !streq_ptr(result, "done"));
+        return 0;
+}
+
+static int transfer_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        assert(s);
+        assert(si);
+
+        if (!arg_quiet)
+                log_info("Continuing download in the background. Use \"machinectl cancel-transfer %" PRIu32 "\" to abort transfer.", PTR_TO_UINT32(userdata));
+
+        sd_event_exit(sd_event_source_get_event(s), EINTR);
+        return 0;
+}
+
+static int transfer_image_common(sd_bus *bus, sd_bus_message *m) {
+        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot_job_removed = NULL, *slot_log_message = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_event_unrefp) sd_event* event = NULL;
+        const char *path = NULL;
+        uint32_t id;
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_event_default(&event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get event loop: %m");
+
+        r = sd_bus_attach_event(bus, event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        r = sd_bus_add_match(
+                        bus,
+                        &slot_job_removed,
+                        "type='signal',"
+                        "sender='org.freedesktop.import1',"
+                        "interface='org.freedesktop.import1.Manager',"
+                        "member='TransferRemoved',"
+                        "path='/org/freedesktop/import1'",
+                        match_transfer_removed, &path);
+        if (r < 0)
+                return log_error_errno(r, "Failed to install match: %m");
+
+        r = sd_bus_add_match(
+                        bus,
+                        &slot_log_message,
+                        "type='signal',"
+                        "sender='org.freedesktop.import1',"
+                        "interface='org.freedesktop.import1.Transfer',"
+                        "member='LogMessage'",
+                        match_log_message, &path);
+        if (r < 0)
+                return log_error_errno(r, "Failed to install match: %m");
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0) {
+                log_error("Failed to transfer image: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "uo", &id, &path);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+
+        if (!arg_quiet)
+                log_info("Enqueued transfer job %u. Press C-c to continue download in background.", id);
+
+        sd_event_add_signal(event, NULL, SIGINT, transfer_signal_handler, UINT32_TO_PTR(id));
+        sd_event_add_signal(event, NULL, SIGTERM, transfer_signal_handler, UINT32_TO_PTR(id));
+
+        r = sd_event_loop(event);
+        if (r < 0)
+                return log_error_errno(r, "Failed to run event loop: %m");
+
+        return -r;
+}
+
+static int import_tar(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *ll = NULL;
+        _cleanup_close_ int fd = -1;
+        const char *local = NULL, *path = NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        if (argc >= 2)
+                path = argv[1];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        if (argc >= 3)
+                local = argv[2];
+        else if (path)
+                local = basename(path);
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (!local) {
+                log_error("Need either path or local name.");
+                return -EINVAL;
+        }
+
+        r = tar_strip_suffixes(local, &ll);
+        if (r < 0)
+                return log_oom();
+
+        local = ll;
+
+        if (!machine_name_is_valid(local)) {
+                log_error("Local name %s is not a suitable machine name.", local);
+                return -EINVAL;
+        }
+
+        if (path) {
+                fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+                if (fd < 0)
+                        return log_error_errno(errno, "Failed to open %s: %m", path);
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.import1",
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "ImportTar");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(
+                        m,
+                        "hsbb",
+                        fd >= 0 ? fd : STDIN_FILENO,
+                        local,
+                        arg_force,
+                        arg_read_only);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        return transfer_image_common(bus, m);
+}
+
+static int import_raw(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *ll = NULL;
+        _cleanup_close_ int fd = -1;
+        const char *local = NULL, *path = NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        if (argc >= 2)
+                path = argv[1];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        if (argc >= 3)
+                local = argv[2];
+        else if (path)
+                local = basename(path);
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (!local) {
+                log_error("Need either path or local name.");
+                return -EINVAL;
+        }
+
+        r = raw_strip_suffixes(local, &ll);
+        if (r < 0)
+                return log_oom();
+
+        local = ll;
+
+        if (!machine_name_is_valid(local)) {
+                log_error("Local name %s is not a suitable machine name.", local);
+                return -EINVAL;
+        }
+
+        if (path) {
+                fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+                if (fd < 0)
+                        return log_error_errno(errno, "Failed to open %s: %m", path);
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.import1",
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "ImportRaw");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(
+                        m,
+                        "hsbb",
+                        fd >= 0 ? fd : STDIN_FILENO,
+                        local,
+                        arg_force,
+                        arg_read_only);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        return transfer_image_common(bus, m);
+}
+
+static void determine_compression_from_filename(const char *p) {
+        if (arg_format)
+                return;
+
+        if (!p)
+                return;
+
+        if (endswith(p, ".xz"))
+                arg_format = "xz";
+        else if (endswith(p, ".gz"))
+                arg_format = "gzip";
+        else if (endswith(p, ".bz2"))
+                arg_format = "bzip2";
+}
+
+static int export_tar(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_close_ int fd = -1;
+        const char *local = NULL, *path = NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        local = argv[1];
+        if (!machine_name_is_valid(local)) {
+                log_error("Machine name %s is not valid.", local);
+                return -EINVAL;
+        }
+
+        if (argc >= 3)
+                path = argv[2];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        if (path) {
+                determine_compression_from_filename(path);
+
+                fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
+                if (fd < 0)
+                        return log_error_errno(errno, "Failed to open %s: %m", path);
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.import1",
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "ExportTar");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(
+                        m,
+                        "shs",
+                        local,
+                        fd >= 0 ? fd : STDOUT_FILENO,
+                        arg_format);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        return transfer_image_common(bus, m);
+}
+
+static int export_raw(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_close_ int fd = -1;
+        const char *local = NULL, *path = NULL;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        local = argv[1];
+        if (!machine_name_is_valid(local)) {
+                log_error("Machine name %s is not valid.", local);
+                return -EINVAL;
+        }
+
+        if (argc >= 3)
+                path = argv[2];
+        if (isempty(path) || streq(path, "-"))
+                path = NULL;
+
+        if (path) {
+                determine_compression_from_filename(path);
+
+                fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
+                if (fd < 0)
+                        return log_error_errno(errno, "Failed to open %s: %m", path);
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.import1",
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "ExportRaw");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(
+                        m,
+                        "shs",
+                        local,
+                        fd >= 0 ? fd : STDOUT_FILENO,
+                        arg_format);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        return transfer_image_common(bus, m);
+}
+
+static int pull_tar(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *l = NULL, *ll = NULL;
+        const char *local, *remote;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        remote = argv[1];
+        if (!http_url_is_valid(remote)) {
+                log_error("URL '%s' is not valid.", remote);
+                return -EINVAL;
+        }
+
+        if (argc >= 3)
+                local = argv[2];
+        else {
+                r = import_url_last_component(remote, &l);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get final component of URL: %m");
+
+                local = l;
+        }
+
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (local) {
+                r = tar_strip_suffixes(local, &ll);
+                if (r < 0)
+                        return log_oom();
+
+                local = ll;
+
+                if (!machine_name_is_valid(local)) {
+                        log_error("Local name %s is not a suitable machine name.", local);
+                        return -EINVAL;
+                }
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.import1",
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "PullTar");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(
+                        m,
+                        "sssb",
+                        remote,
+                        local,
+                        import_verify_to_string(arg_verify),
+                        arg_force);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        return transfer_image_common(bus, m);
+}
+
+static int pull_raw(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *l = NULL, *ll = NULL;
+        const char *local, *remote;
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        remote = argv[1];
+        if (!http_url_is_valid(remote)) {
+                log_error("URL '%s' is not valid.", remote);
+                return -EINVAL;
+        }
+
+        if (argc >= 3)
+                local = argv[2];
+        else {
+                r = import_url_last_component(remote, &l);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get final component of URL: %m");
+
+                local = l;
+        }
+
+        if (isempty(local) || streq(local, "-"))
+                local = NULL;
+
+        if (local) {
+                r = raw_strip_suffixes(local, &ll);
+                if (r < 0)
+                        return log_oom();
+
+                local = ll;
+
+                if (!machine_name_is_valid(local)) {
+                        log_error("Local name %s is not a suitable machine name.", local);
+                        return -EINVAL;
+                }
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.import1",
+                        "/org/freedesktop/import1",
+                        "org.freedesktop.import1.Manager",
+                        "PullRaw");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(
+                        m,
+                        "sssb",
+                        remote,
+                        local,
+                        import_verify_to_string(arg_verify),
+                        arg_force);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        return transfer_image_common(bus, m);
+}
+
+typedef struct TransferInfo {
+        uint32_t id;
+        const char *type;
+        const char *remote;
+        const char *local;
+        double progress;
+} TransferInfo;
+
+static int compare_transfer_info(const void *a, const void *b) {
+        const TransferInfo *x = a, *y = b;
+
+        return strcmp(x->local, y->local);
+}
+
+static int list_transfers(int argc, char *argv[], void *userdata) {
+        size_t max_type = strlen("TYPE"), max_local = strlen("LOCAL"), max_remote = strlen("REMOTE");
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_free_ TransferInfo *transfers = NULL;
+        size_t n_transfers = 0, n_allocated = 0, j;
+        const char *type, *remote, *local, *object;
+        sd_bus *bus = userdata;
+        uint32_t id, max_id = 0;
+        double progress;
+        int r;
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.import1",
+                               "/org/freedesktop/import1",
+                               "org.freedesktop.import1.Manager",
+                               "ListTransfers",
+                               &error,
+                               &reply,
+                               NULL);
+        if (r < 0) {
+                log_error("Could not get transfers: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_enter_container(reply, 'a', "(usssdo)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(usssdo)", &id, &type, &remote, &local, &progress, &object)) > 0) {
+                size_t l;
+
+                if (!GREEDY_REALLOC(transfers, n_allocated, n_transfers + 1))
+                        return log_oom();
+
+                transfers[n_transfers].id = id;
+                transfers[n_transfers].type = type;
+                transfers[n_transfers].remote = remote;
+                transfers[n_transfers].local = local;
+                transfers[n_transfers].progress = progress;
+
+                l = strlen(type);
+                if (l > max_type)
+                        max_type = l;
+
+                l = strlen(remote);
+                if (l > max_remote)
+                        max_remote = l;
+
+                l = strlen(local);
+                if (l > max_local)
+                        max_local = l;
+
+                if (id > max_id)
+                        max_id = id;
+
+                n_transfers++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        qsort_safe(transfers, n_transfers, sizeof(TransferInfo), compare_transfer_info);
+
+        if (arg_legend)
+                printf("%-*s %-*s %-*s %-*s %-*s\n",
+                       (int) MAX(2U, DECIMAL_STR_WIDTH(max_id)), "ID",
+                       (int) 7, "PERCENT",
+                       (int) max_type, "TYPE",
+                       (int) max_local, "LOCAL",
+                       (int) max_remote, "REMOTE");
+
+        for (j = 0; j < n_transfers; j++)
+                printf("%*" PRIu32 " %*u%% %-*s %-*s %-*s\n",
+                       (int) MAX(2U, DECIMAL_STR_WIDTH(max_id)), transfers[j].id,
+                       (int) 6, (unsigned) (transfers[j].progress * 100),
+                       (int) max_type, transfers[j].type,
+                       (int) max_local, transfers[j].local,
+                       (int) max_remote, transfers[j].remote);
+
+        if (arg_legend)
+                printf("\n%zu transfers listed.\n", n_transfers);
+
+        return 0;
+}
+
+static int cancel_transfer(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        int r, i;
+
+        assert(bus);
+
+        polkit_agent_open_if_enabled();
+
+        for (i = 1; i < argc; i++) {
+                uint32_t id;
+
+                r = safe_atou32(argv[i], &id);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to parse transfer id: %s", argv[i]);
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.import1",
+                                "/org/freedesktop/import1",
+                                "org.freedesktop.import1.Manager",
+                                "CancelTransfer",
+                                &error,
+                                NULL,
+                                "u", id);
+                if (r < 0) {
+                        log_error("Could not cancel transfer: %s", bus_error_message(&error, -r));
+                        return r;
+                }
+        }
+
+        return 0;
+}
+
+static int set_limit(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus = userdata;
+        uint64_t limit;
+        int r;
+
+        if (STR_IN_SET(argv[argc-1], "-", "none", "infinity"))
+                limit = (uint64_t) -1;
+        else {
+                r = parse_size(argv[argc-1], 1024, &limit);
+                if (r < 0)
+                        return log_error("Failed to parse size: %s", argv[argc-1]);
+        }
+
+        if (argc > 2)
+                /* With two arguments changes the quota limit of the
+                 * specified image */
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "SetImageLimit",
+                                &error,
+                                NULL,
+                                "st", argv[1], limit);
+        else
+                /* With one argument changes the pool quota limit */
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "SetPoolLimit",
+                                &error,
+                                NULL,
+                                "t", limit);
+
+        if (r < 0) {
+                log_error("Could not set limit: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int clean_images(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        uint64_t usage, total = 0;
+        char fb[FORMAT_BYTES_MAX];
+        sd_bus *bus = userdata;
+        const char *name;
+        unsigned c = 0;
+        int r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "CleanPool",
+                        &error,
+                        &reply,
+                        "s", arg_all ? "all" : "hidden");
+        if (r < 0)
+                return log_error_errno(r, "Could not clean pool: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, 'a', "(st)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(st)", &name, &usage)) > 0) {
+                log_info("Removed image '%s'. Freed exclusive disk space: %s",
+                         name, format_bytes(fb, sizeof(fb), usage));
+
+                total += usage;
+                c++;
+        }
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        log_info("Removed %u images in total. Total freed exclusive disk space %s.",
+                 c, format_bytes(fb, sizeof(fb), total));
+
+        return 0;
+}
+
+static int help(int argc, char *argv[], void *userdata) {
+
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Send control commands to or query the virtual machine and container\n"
+               "registration manager.\n\n"
+               "  -h --help                   Show this help\n"
+               "     --version                Show package version\n"
+               "     --no-pager               Do not pipe output into a pager\n"
+               "     --no-legend              Do not show the headers and footers\n"
+               "     --no-ask-password        Do not ask for system passwords\n"
+               "  -H --host=[USER@]HOST       Operate on remote host\n"
+               "  -M --machine=CONTAINER      Operate on local container\n"
+               "  -p --property=NAME          Show only properties by this name\n"
+               "  -q --quiet                  Suppress output\n"
+               "  -a --all                    Show all properties, including empty ones\n"
+               "     --value                  When showing properties, only print the value\n"
+               "  -l --full                   Do not ellipsize output\n"
+               "     --kill-who=WHO           Who to send signal to\n"
+               "  -s --signal=SIGNAL          Which signal to send\n"
+               "     --uid=USER               Specify user ID to invoke shell as\n"
+               "  -E --setenv=VAR=VALUE       Add an environment variable for shell\n"
+               "     --read-only              Create read-only bind mount\n"
+               "     --mkdir                  Create directory before bind mounting, if missing\n"
+               "  -n --lines=INTEGER          Number of journal entries to show\n"
+               "  -o --output=STRING          Change journal output mode (short,\n"
+               "                              short-monotonic, verbose, export, json,\n"
+               "                              json-pretty, json-sse, cat)\n"
+               "      --verify=MODE           Verification mode for downloaded images (no,\n"
+               "                              checksum, signature)\n"
+               "      --force                 Download image even if already exists\n\n"
+               "Machine Commands:\n"
+               "  list                        List running VMs and containers\n"
+               "  status NAME...              Show VM/container details\n"
+               "  show [NAME...]              Show properties of one or more VMs/containers\n"
+               "  start NAME...               Start container as a service\n"
+               "  login [NAME]                Get a login prompt in a container or on the\n"
+               "                              local host\n"
+               "  shell [[USER@]NAME [COMMAND...]]\n"
+               "                              Invoke a shell (or other command) in a container\n"
+               "                              or on the local host\n"
+               "  enable NAME...              Enable automatic container start at boot\n"
+               "  disable NAME...             Disable automatic container start at boot\n"
+               "  poweroff NAME...            Power off one or more containers\n"
+               "  reboot NAME...              Reboot one or more containers\n"
+               "  terminate NAME...           Terminate one or more VMs/containers\n"
+               "  kill NAME...                Send signal to processes of a VM/container\n"
+               "  copy-to NAME PATH [PATH]    Copy files from the host to a container\n"
+               "  copy-from NAME PATH [PATH]  Copy files from a container to the host\n"
+               "  bind NAME PATH [PATH]       Bind mount a path from the host into a container\n\n"
+               "Image Commands:\n"
+               "  list-images                 Show available container and VM images\n"
+               "  image-status [NAME...]      Show image details\n"
+               "  show-image [NAME...]        Show properties of image\n"
+               "  clone NAME NAME             Clone an image\n"
+               "  rename NAME NAME            Rename an image\n"
+               "  read-only NAME [BOOL]       Mark or unmark image read-only\n"
+               "  remove NAME...              Remove an image\n"
+               "  set-limit [NAME] BYTES      Set image or pool size limit (disk quota)\n"
+               "  clean                       Remove hidden (or all) images\n\n"
+               "Image Transfer Commands:\n"
+               "  pull-tar URL [NAME]         Download a TAR container image\n"
+               "  pull-raw URL [NAME]         Download a RAW container or VM image\n"
+               "  import-tar FILE [NAME]      Import a local TAR container image\n"
+               "  import-raw FILE [NAME]      Import a local RAW container or VM image\n"
+               "  export-tar NAME [FILE]      Export a TAR container image locally\n"
+               "  export-raw NAME [FILE]      Export a RAW container or VM image locally\n"
+               "  list-transfers              Show list of downloads in progress\n"
+               "  cancel-transfer             Cancel a download\n"
+               , program_invocation_short_name);
+
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_PAGER,
+                ARG_NO_LEGEND,
+                ARG_VALUE,
+                ARG_KILL_WHO,
+                ARG_READ_ONLY,
+                ARG_MKDIR,
+                ARG_NO_ASK_PASSWORD,
+                ARG_VERIFY,
+                ARG_FORCE,
+                ARG_FORMAT,
+                ARG_UID,
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'                 },
+                { "version",         no_argument,       NULL, ARG_VERSION         },
+                { "property",        required_argument, NULL, 'p'                 },
+                { "all",             no_argument,       NULL, 'a'                 },
+                { "value",           no_argument,       NULL, ARG_VALUE           },
+                { "full",            no_argument,       NULL, 'l'                 },
+                { "no-pager",        no_argument,       NULL, ARG_NO_PAGER        },
+                { "no-legend",       no_argument,       NULL, ARG_NO_LEGEND       },
+                { "kill-who",        required_argument, NULL, ARG_KILL_WHO        },
+                { "signal",          required_argument, NULL, 's'                 },
+                { "host",            required_argument, NULL, 'H'                 },
+                { "machine",         required_argument, NULL, 'M'                 },
+                { "read-only",       no_argument,       NULL, ARG_READ_ONLY       },
+                { "mkdir",           no_argument,       NULL, ARG_MKDIR           },
+                { "quiet",           no_argument,       NULL, 'q'                 },
+                { "lines",           required_argument, NULL, 'n'                 },
+                { "output",          required_argument, NULL, 'o'                 },
+                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
+                { "verify",          required_argument, NULL, ARG_VERIFY          },
+                { "force",           no_argument,       NULL, ARG_FORCE           },
+                { "format",          required_argument, NULL, ARG_FORMAT          },
+                { "uid",             required_argument, NULL, ARG_UID             },
+                { "setenv",          required_argument, NULL, 'E'                 },
+                {}
+        };
+
+        bool reorder = false;
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        for (;;) {
+                const char * const option_string = "+hp:als:H:M:qn:o:";
+
+                c = getopt_long(argc, argv, option_string + reorder, options, NULL);
+                if (c < 0) {
+                        /* We generally are fine with the fact that getopt_long() reorders the command line, and looks
+                         * for switches after the main verb. However, for "shell" we really don't want that, since we
+                         * want that switches passed after that are passed to the program to execute, and not processed
+                         * by us. To make this possible, we'll first invoke getopt_long() with reordering disabled
+                         * (i.e. with the "+" prefix in the option string), and as soon as we hit the end (i.e. the
+                         * verb) we check if that's "shell". If it is, we exit the loop, since we don't want any
+                         * further options processed. However, if it is anything else, we process the same argument
+                         * again, but this time allow reordering. */
+
+                        if (!reorder && optind < argc && !streq(argv[optind], "shell")) {
+                                reorder = true;
+                                optind--;
+                                continue;
+                        }
+
+                        break;
+                }
+
+                switch (c) {
+
+                case 'h':
+                        return help(0, NULL, NULL);
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'p':
+                        r = strv_extend(&arg_property, optarg);
+                        if (r < 0)
+                                return log_oom();
+
+                        /* If the user asked for a particular
+                         * property, show it to him, even if it is
+                         * empty. */
+                        arg_all = true;
+                        break;
+
+                case 'a':
+                        arg_all = true;
+                        break;
+
+                case ARG_VALUE:
+                        arg_value = true;
+                        break;
+
+                case 'l':
+                        arg_full = true;
+                        break;
+
+                case 'n':
+                        if (safe_atou(optarg, &arg_lines) < 0) {
+                                log_error("Failed to parse lines '%s'", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case 'o':
+                        arg_output = output_mode_from_string(optarg);
+                        if (arg_output < 0) {
+                                log_error("Unknown output '%s'.", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_NO_LEGEND:
+                        arg_legend = false;
+                        break;
+
+                case ARG_KILL_WHO:
+                        arg_kill_who = optarg;
+                        break;
+
+                case 's':
+                        arg_signal = signal_from_string_try_harder(optarg);
+                        if (arg_signal < 0) {
+                                log_error("Failed to parse signal string %s.", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case ARG_READ_ONLY:
+                        arg_read_only = true;
+                        break;
+
+                case ARG_MKDIR:
+                        arg_mkdir = true;
+                        break;
+
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
+                case ARG_VERIFY:
+                        arg_verify = import_verify_from_string(optarg);
+                        if (arg_verify < 0) {
+                                log_error("Failed to parse --verify= setting: %s", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_FORCE:
+                        arg_force = true;
+                        break;
+
+                case ARG_FORMAT:
+                        if (!STR_IN_SET(optarg, "uncompressed", "xz", "gzip", "bzip2")) {
+                                log_error("Unknown format: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        arg_format = optarg;
+                        break;
+
+                case ARG_UID:
+                        arg_uid = optarg;
+                        break;
+
+                case 'E':
+                        if (!env_assignment_is_valid(optarg)) {
+                                log_error("Environment assignment invalid: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        r = strv_extend(&arg_setenv, optarg);
+                        if (r < 0)
+                                return log_oom();
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+        }
+
+        return 1;
+}
+
+static int machinectl_main(int argc, char *argv[], sd_bus *bus) {
+
+        static const Verb verbs[] = {
+                { "help",            VERB_ANY, VERB_ANY, 0,            help              },
+                { "list",            VERB_ANY, 1,        VERB_DEFAULT, list_machines     },
+                { "list-images",     VERB_ANY, 1,        0,            list_images       },
+                { "status",          2,        VERB_ANY, 0,            show_machine      },
+                { "image-status",    VERB_ANY, VERB_ANY, 0,            show_image        },
+                { "show",            VERB_ANY, VERB_ANY, 0,            show_machine      },
+                { "show-image",      VERB_ANY, VERB_ANY, 0,            show_image        },
+                { "terminate",       2,        VERB_ANY, 0,            terminate_machine },
+                { "reboot",          2,        VERB_ANY, 0,            reboot_machine    },
+                { "poweroff",        2,        VERB_ANY, 0,            poweroff_machine  },
+                { "kill",            2,        VERB_ANY, 0,            kill_machine      },
+                { "login",           VERB_ANY, 2,        0,            login_machine     },
+                { "shell",           VERB_ANY, VERB_ANY, 0,            shell_machine     },
+                { "bind",            3,        4,        0,            bind_mount        },
+                { "copy-to",         3,        4,        0,            copy_files        },
+                { "copy-from",       3,        4,        0,            copy_files        },
+                { "remove",          2,        VERB_ANY, 0,            remove_image      },
+                { "rename",          3,        3,        0,            rename_image      },
+                { "clone",           3,        3,        0,            clone_image       },
+                { "read-only",       2,        3,        0,            read_only_image   },
+                { "start",           2,        VERB_ANY, 0,            start_machine     },
+                { "enable",          2,        VERB_ANY, 0,            enable_machine    },
+                { "disable",         2,        VERB_ANY, 0,            enable_machine    },
+                { "import-tar",      2,        3,        0,            import_tar        },
+                { "import-raw",      2,        3,        0,            import_raw        },
+                { "export-tar",      2,        3,        0,            export_tar        },
+                { "export-raw",      2,        3,        0,            export_raw        },
+                { "pull-tar",        2,        3,        0,            pull_tar          },
+                { "pull-raw",        2,        3,        0,            pull_raw          },
+                { "list-transfers",  VERB_ANY, 1,        0,            list_transfers    },
+                { "cancel-transfer", 2,        VERB_ANY, 0,            cancel_transfer   },
+                { "set-limit",       2,        3,        0,            set_limit         },
+                { "clean",           VERB_ANY, 1,        0,            clean_images      },
+                {}
+        };
+
+        return dispatch_verb(argc, argv, verbs, bus);
+}
+
+int main(int argc, char*argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create bus connection: %m");
+                goto finish;
+        }
+
+        sd_bus_set_allow_interactive_authorization(bus, arg_ask_password);
+
+        r = machinectl_main(argc, argv, bus);
+
+finish:
+        pager_close();
+        polkit_agent_close();
+
+        strv_free(arg_property);
+        strv_free(arg_setenv);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-machine/nss-mymachines/Makefile b/src/grp-machine/nss-mymachines/Makefile
new file mode 100644
index 0000000000..c7c0d76907
--- /dev/null
+++ b/src/grp-machine/nss-mymachines/Makefile
@@ -0,0 +1,46 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+
+libnss_mymachines_la_SOURCES = \
+	src/nss-mymachines/nss-mymachines.sym \
+	src/nss-mymachines/nss-mymachines.c
+
+libnss_mymachines_la_LDFLAGS = \
+	$(AM_LDFLAGS) \
+	-module \
+	-export-dynamic \
+	-avoid-version \
+	-shared \
+	-shrext .so.2 \
+	-Wl,--version-script=$(srcdir)/nss-mymachines.sym
+
+libnss_mymachines_la_LIBADD = \
+	libsystemd-internal.la
+
+lib_LTLIBRARIES += \
+	libnss_mymachines.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-machine/nss-mymachines/nss-mymachines.c b/src/grp-machine/nss-mymachines/nss-mymachines.c
new file mode 100644
index 0000000000..da09035fe7
--- /dev/null
+++ b/src/grp-machine/nss-mymachines/nss-mymachines.c
@@ -0,0 +1,738 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netdb.h>
+#include <nss.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-login.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "hostname-util.h"
+#include "in-addr-util.h"
+#include "macro.h"
+#include "nss-util.h"
+#include "signal-util.h"
+#include "string-util.h"
+#include "user-util.h"
+#include "util.h"
+
+NSS_GETHOSTBYNAME_PROTOTYPES(mymachines);
+NSS_GETPW_PROTOTYPES(mymachines);
+NSS_GETGR_PROTOTYPES(mymachines);
+
+#define HOST_UID_LIMIT ((uid_t) UINT32_C(0x10000))
+#define HOST_GID_LIMIT ((gid_t) UINT32_C(0x10000))
+
+static int count_addresses(sd_bus_message *m, int af, unsigned *ret) {
+        unsigned c = 0;
+        int r;
+
+        assert(m);
+        assert(ret);
+
+        while ((r = sd_bus_message_enter_container(m, 'r', "iay")) > 0) {
+                int family;
+
+                r = sd_bus_message_read(m, "i", &family);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_skip(m, "ay");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_exit_container(m);
+                if (r < 0)
+                        return r;
+
+                if (af != AF_UNSPEC && family != af)
+                        continue;
+
+                c++;
+        }
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_rewind(m, false);
+        if (r < 0)
+                return r;
+
+        *ret = c;
+        return 0;
+}
+
+enum nss_status _nss_mymachines_gethostbyname4_r(
+                const char *name,
+                struct gaih_addrtuple **pat,
+                char *buffer, size_t buflen,
+                int *errnop, int *h_errnop,
+                int32_t *ttlp) {
+
+        struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ int *ifindices = NULL;
+        _cleanup_free_ char *class = NULL;
+        size_t l, ms, idx;
+        unsigned i = 0, c = 0;
+        char *r_name;
+        int n_ifindices, r;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        assert(name);
+        assert(pat);
+        assert(buffer);
+        assert(errnop);
+        assert(h_errnop);
+
+        r = sd_machine_get_class(name, &class);
+        if (r < 0)
+                goto fail;
+        if (!streq(class, "container")) {
+                r = -ENOTTY;
+                goto fail;
+        }
+
+        n_ifindices = sd_machine_get_ifindices(name, &ifindices);
+        if (n_ifindices < 0) {
+                r = n_ifindices;
+                goto fail;
+        }
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "GetMachineAddresses",
+                               NULL,
+                               &reply,
+                               "s", name);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(iay)");
+        if (r < 0)
+                goto fail;
+
+        r = count_addresses(reply, AF_UNSPEC, &c);
+        if (r < 0)
+                goto fail;
+
+        if (c <= 0) {
+                *errnop = ESRCH;
+                *h_errnop = HOST_NOT_FOUND;
+                return NSS_STATUS_NOTFOUND;
+        }
+
+        l = strlen(name);
+        ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c;
+        if (buflen < ms) {
+                *errnop = ENOMEM;
+                *h_errnop = TRY_AGAIN;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        /* First, append name */
+        r_name = buffer;
+        memcpy(r_name, name, l+1);
+        idx = ALIGN(l+1);
+
+        /* Second, append addresses */
+        r_tuple_first = (struct gaih_addrtuple*) (buffer + idx);
+        while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
+                int family;
+                const void *a;
+                size_t sz;
+
+                r = sd_bus_message_read(reply, "i", &family);
+                if (r < 0)
+                        goto fail;
+
+                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
+                if (r < 0)
+                        goto fail;
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        goto fail;
+
+                if (!IN_SET(family, AF_INET, AF_INET6)) {
+                        r = -EAFNOSUPPORT;
+                        goto fail;
+                }
+
+                if (sz != FAMILY_ADDRESS_SIZE(family)) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                r_tuple = (struct gaih_addrtuple*) (buffer + idx);
+                r_tuple->next = i == c-1 ? NULL : (struct gaih_addrtuple*) ((char*) r_tuple + ALIGN(sizeof(struct gaih_addrtuple)));
+                r_tuple->name = r_name;
+                r_tuple->family = family;
+                r_tuple->scopeid = n_ifindices == 1 ? ifindices[0] : 0;
+                memcpy(r_tuple->addr, a, sz);
+
+                idx += ALIGN(sizeof(struct gaih_addrtuple));
+                i++;
+        }
+
+        assert(i == c);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                goto fail;
+
+        assert(idx == ms);
+
+        if (*pat)
+                **pat = *r_tuple_first;
+        else
+                *pat = r_tuple_first;
+
+        if (ttlp)
+                *ttlp = 0;
+
+        /* Explicitly reset all error variables */
+        *errnop = 0;
+        *h_errnop = NETDB_SUCCESS;
+        h_errno = 0;
+
+        return NSS_STATUS_SUCCESS;
+
+fail:
+        *errnop = -r;
+        *h_errnop = NO_DATA;
+        return NSS_STATUS_UNAVAIL;
+}
+
+enum nss_status _nss_mymachines_gethostbyname3_r(
+                const char *name,
+                int af,
+                struct hostent *result,
+                char *buffer, size_t buflen,
+                int *errnop, int *h_errnop,
+                int32_t *ttlp,
+                char **canonp) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ char *class = NULL;
+        unsigned c = 0, i = 0;
+        char *r_name, *r_aliases, *r_addr, *r_addr_list;
+        size_t l, idx, ms, alen;
+        int r;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        assert(name);
+        assert(result);
+        assert(buffer);
+        assert(errnop);
+        assert(h_errnop);
+
+        if (af == AF_UNSPEC)
+                af = AF_INET;
+
+        if (af != AF_INET && af != AF_INET6) {
+                r = -EAFNOSUPPORT;
+                goto fail;
+        }
+
+        r = sd_machine_get_class(name, &class);
+        if (r < 0)
+                goto fail;
+        if (!streq(class, "container")) {
+                r = -ENOTTY;
+                goto fail;
+        }
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "GetMachineAddresses",
+                               NULL,
+                               &reply,
+                               "s", name);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(iay)");
+        if (r < 0)
+                goto fail;
+
+        r = count_addresses(reply, af, &c);
+        if (r < 0)
+                goto fail;
+
+        if (c <= 0) {
+                *errnop = ENOENT;
+                *h_errnop = HOST_NOT_FOUND;
+                return NSS_STATUS_NOTFOUND;
+        }
+
+        alen = FAMILY_ADDRESS_SIZE(af);
+        l = strlen(name);
+
+        ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
+
+        if (buflen < ms) {
+                *errnop = ENOMEM;
+                *h_errnop = NO_RECOVERY;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        /* First, append name */
+        r_name = buffer;
+        memcpy(r_name, name, l+1);
+        idx = ALIGN(l+1);
+
+        /* Second, create aliases array */
+        r_aliases = buffer + idx;
+        ((char**) r_aliases)[0] = NULL;
+        idx += sizeof(char*);
+
+        /* Third, append addresses */
+        r_addr = buffer + idx;
+        while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
+                int family;
+                const void *a;
+                size_t sz;
+
+                r = sd_bus_message_read(reply, "i", &family);
+                if (r < 0)
+                        goto fail;
+
+                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
+                if (r < 0)
+                        goto fail;
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        goto fail;
+
+                if (family != af)
+                        continue;
+
+                if (sz != alen) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                memcpy(r_addr + i*ALIGN(alen), a, alen);
+                i++;
+        }
+
+        assert(i == c);
+        idx += c * ALIGN(alen);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                goto fail;
+
+        /* Third, append address pointer array */
+        r_addr_list = buffer + idx;
+        for (i = 0; i < c; i++)
+                ((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen);
+
+        ((char**) r_addr_list)[i] = NULL;
+        idx += (c+1) * sizeof(char*);
+
+        assert(idx == ms);
+
+        result->h_name = r_name;
+        result->h_aliases = (char**) r_aliases;
+        result->h_addrtype = af;
+        result->h_length = alen;
+        result->h_addr_list = (char**) r_addr_list;
+
+        if (ttlp)
+                *ttlp = 0;
+
+        if (canonp)
+                *canonp = r_name;
+
+        /* Explicitly reset all error variables */
+        *errnop = 0;
+        *h_errnop = NETDB_SUCCESS;
+        h_errno = 0;
+
+        return NSS_STATUS_SUCCESS;
+
+fail:
+        *errnop = -r;
+        *h_errnop = NO_DATA;
+        return NSS_STATUS_UNAVAIL;
+}
+
+NSS_GETHOSTBYNAME_FALLBACKS(mymachines);
+
+enum nss_status _nss_mymachines_getpwnam_r(
+                const char *name,
+                struct passwd *pwd,
+                char *buffer, size_t buflen,
+                int *errnop) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        const char *p, *e, *machine;
+        uint32_t mapped;
+        uid_t uid;
+        size_t l;
+        int r;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        assert(name);
+        assert(pwd);
+
+        p = startswith(name, "vu-");
+        if (!p)
+                goto not_found;
+
+        e = strrchr(p, '-');
+        if (!e || e == p)
+                goto not_found;
+
+        if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */
+                goto not_found;
+
+        r = parse_uid(e + 1, &uid);
+        if (r < 0)
+                goto not_found;
+
+        machine = strndupa(p, e - p);
+        if (!machine_name_is_valid(machine))
+                goto not_found;
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "MapFromMachineUser",
+                               &error,
+                               &reply,
+                               "su",
+                               machine, (uint32_t) uid);
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING))
+                        goto not_found;
+
+                goto fail;
+        }
+
+        r = sd_bus_message_read(reply, "u", &mapped);
+        if (r < 0)
+                goto fail;
+
+        /* Refuse to work if the mapped address is in the host UID range, or if there was no mapping at all. */
+        if (mapped < HOST_UID_LIMIT || mapped == uid)
+                goto not_found;
+
+        l = strlen(name);
+        if (buflen < l+1) {
+                *errnop = ENOMEM;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        memcpy(buffer, name, l+1);
+
+        pwd->pw_name = buffer;
+        pwd->pw_uid = mapped;
+        pwd->pw_gid = 65534; /* nobody */
+        pwd->pw_gecos = buffer;
+        pwd->pw_passwd = (char*) "*"; /* locked */
+        pwd->pw_dir = (char*) "/";
+        pwd->pw_shell = (char*) "/sbin/nologin";
+
+        *errnop = 0;
+        return NSS_STATUS_SUCCESS;
+
+not_found:
+        *errnop = 0;
+        return NSS_STATUS_NOTFOUND;
+
+fail:
+        *errnop = -r;
+        return NSS_STATUS_UNAVAIL;
+}
+
+enum nss_status _nss_mymachines_getpwuid_r(
+                uid_t uid,
+                struct passwd *pwd,
+                char *buffer, size_t buflen,
+                int *errnop) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        const char *machine, *object;
+        uint32_t mapped;
+        int r;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        if (!uid_is_valid(uid)) {
+                r = -EINVAL;
+                goto fail;
+        }
+
+        /* We consider all uids < 65536 host uids */
+        if (uid < HOST_UID_LIMIT)
+                goto not_found;
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "MapToMachineUser",
+                               &error,
+                               &reply,
+                               "u",
+                               (uint32_t) uid);
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING))
+                        goto not_found;
+
+                goto fail;
+        }
+
+        r = sd_bus_message_read(reply, "sou", &machine, &object, &mapped);
+        if (r < 0)
+                goto fail;
+
+        if (mapped == uid)
+                goto not_found;
+
+        if (snprintf(buffer, buflen, "vu-%s-" UID_FMT, machine, (uid_t) mapped) >= (int) buflen) {
+                *errnop = ENOMEM;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        pwd->pw_name = buffer;
+        pwd->pw_uid = uid;
+        pwd->pw_gid = 65534; /* nobody */
+        pwd->pw_gecos = buffer;
+        pwd->pw_passwd = (char*) "*"; /* locked */
+        pwd->pw_dir = (char*) "/";
+        pwd->pw_shell = (char*) "/sbin/nologin";
+
+        *errnop = 0;
+        return NSS_STATUS_SUCCESS;
+
+not_found:
+        *errnop = 0;
+        return NSS_STATUS_NOTFOUND;
+
+fail:
+        *errnop = -r;
+        return NSS_STATUS_UNAVAIL;
+}
+
+enum nss_status _nss_mymachines_getgrnam_r(
+                const char *name,
+                struct group *gr,
+                char *buffer, size_t buflen,
+                int *errnop) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        const char *p, *e, *machine;
+        uint32_t mapped;
+        uid_t gid;
+        size_t l;
+        int r;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        assert(name);
+        assert(gr);
+
+        p = startswith(name, "vg-");
+        if (!p)
+                goto not_found;
+
+        e = strrchr(p, '-');
+        if (!e || e == p)
+                goto not_found;
+
+        if (e - p > HOST_NAME_MAX - 1)  /* -1 for the last dash */
+                goto not_found;
+
+        r = parse_gid(e + 1, &gid);
+        if (r < 0)
+                goto not_found;
+
+        machine = strndupa(p, e - p);
+        if (!machine_name_is_valid(machine))
+                goto not_found;
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "MapFromMachineGroup",
+                               &error,
+                               &reply,
+                               "su",
+                               machine, (uint32_t) gid);
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING))
+                        goto not_found;
+
+                goto fail;
+        }
+
+        r = sd_bus_message_read(reply, "u", &mapped);
+        if (r < 0)
+                goto fail;
+
+        if (mapped < HOST_GID_LIMIT || mapped == gid)
+                goto not_found;
+
+        l = sizeof(char*) + strlen(name) + 1;
+        if (buflen < l) {
+                *errnop = ENOMEM;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        memzero(buffer, sizeof(char*));
+        strcpy(buffer + sizeof(char*), name);
+
+        gr->gr_name = buffer + sizeof(char*);
+        gr->gr_gid = gid;
+        gr->gr_passwd = (char*) "*"; /* locked */
+        gr->gr_mem = (char**) buffer;
+
+        *errnop = 0;
+        return NSS_STATUS_SUCCESS;
+
+not_found:
+        *errnop = 0;
+        return NSS_STATUS_NOTFOUND;
+
+fail:
+        *errnop = -r;
+        return NSS_STATUS_UNAVAIL;
+}
+
+enum nss_status _nss_mymachines_getgrgid_r(
+                gid_t gid,
+                struct group *gr,
+                char *buffer, size_t buflen,
+                int *errnop) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        const char *machine, *object;
+        uint32_t mapped;
+        int r;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        if (!gid_is_valid(gid)) {
+                r = -EINVAL;
+                goto fail;
+        }
+
+        /* We consider all gids < 65536 host gids */
+        if (gid < HOST_GID_LIMIT)
+                goto not_found;
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.machine1",
+                               "/org/freedesktop/machine1",
+                               "org.freedesktop.machine1.Manager",
+                               "MapToMachineGroup",
+                               &error,
+                               &reply,
+                               "u",
+                               (uint32_t) gid);
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING))
+                        goto not_found;
+
+                goto fail;
+        }
+
+        r = sd_bus_message_read(reply, "sou", &machine, &object, &mapped);
+        if (r < 0)
+                goto fail;
+
+        if (mapped == gid)
+                goto not_found;
+
+        if (buflen < sizeof(char*) + 1) {
+                *errnop = ENOMEM;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        memzero(buffer, sizeof(char*));
+        if (snprintf(buffer + sizeof(char*), buflen - sizeof(char*), "vg-%s-" GID_FMT, machine, (gid_t) mapped) >= (int) buflen) {
+                *errnop = ENOMEM;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        gr->gr_name = buffer + sizeof(char*);
+        gr->gr_gid = gid;
+        gr->gr_passwd = (char*) "*"; /* locked */
+        gr->gr_mem = (char**) buffer;
+
+        *errnop = 0;
+        return NSS_STATUS_SUCCESS;
+
+not_found:
+        *errnop = 0;
+        return NSS_STATUS_NOTFOUND;
+
+fail:
+        *errnop = -r;
+        return NSS_STATUS_UNAVAIL;
+}
diff --git a/src/nss-mymachines/nss-mymachines.sym b/src/grp-machine/nss-mymachines/nss-mymachines.sym
index 0728ac3ba7..0728ac3ba7 100644
--- a/src/nss-mymachines/nss-mymachines.sym
+++ b/src/grp-machine/nss-mymachines/nss-mymachines.sym
diff --git a/src/grp-machine/systemd-machined/Makefile b/src/grp-machine/systemd-machined/Makefile
new file mode 100644
index 0000000000..8aac7b0f4f
--- /dev/null
+++ b/src/grp-machine/systemd-machined/Makefile
@@ -0,0 +1,67 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemd_machined_SOURCES = \
+	src/machine/machined.c \
+	src/machine/machined.h
+
+systemd_machined_LDADD = \
+	libmachine-core.la
+
+rootlibexec_PROGRAMS += \
+	systemd-machined
+
+nodist_systemunit_DATA += \
+	units/systemd-machined.service
+
+dist_systemunit_DATA += \
+	units/machine.slice
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.machine1.busname
+
+dist_dbussystemservice_DATA += \
+	src/machine/org.freedesktop.machine1.service
+
+dist_dbuspolicy_DATA += \
+	src/machine/org.freedesktop.machine1.conf
+
+polkitpolicy_files += \
+	src/machine/org.freedesktop.machine1.policy
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-machined.service dbus-org.freedesktop.machine1.service
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.machine1.busname
+
+
+polkitpolicy_in_files += \
+	src/machine/org.freedesktop.machine1.policy.in
+
+EXTRA_DIST += \
+	units/systemd-machined.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-machine/systemd-machined/machined.c b/src/grp-machine/systemd-machined/machined.c
new file mode 100644
index 0000000000..151f0983ec
--- /dev/null
+++ b/src/grp-machine/systemd-machined/machined.c
@@ -0,0 +1,415 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "cgroup-util.h"
+#include "dirent-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "hostname-util.h"
+#include "label.h"
+#include "machine-image.h"
+#include "machined.h"
+#include "signal-util.h"
+
+Manager *manager_new(void) {
+        Manager *m;
+        int r;
+
+        m = new0(Manager, 1);
+        if (!m)
+                return NULL;
+
+        m->machines = hashmap_new(&string_hash_ops);
+        m->machine_units = hashmap_new(&string_hash_ops);
+        m->machine_leaders = hashmap_new(NULL);
+
+        if (!m->machines || !m->machine_units || !m->machine_leaders) {
+                manager_free(m);
+                return NULL;
+        }
+
+        r = sd_event_default(&m->event);
+        if (r < 0) {
+                manager_free(m);
+                return NULL;
+        }
+
+        sd_event_set_watchdog(m->event, true);
+
+        return m;
+}
+
+void manager_free(Manager *m) {
+        Machine *machine;
+        Image *i;
+
+        assert(m);
+
+        while (m->operations)
+                operation_free(m->operations);
+
+        assert(m->n_operations == 0);
+
+        while ((machine = hashmap_first(m->machines)))
+                machine_free(machine);
+
+        hashmap_free(m->machines);
+        hashmap_free(m->machine_units);
+        hashmap_free(m->machine_leaders);
+
+        while ((i = hashmap_steal_first(m->image_cache)))
+                image_unref(i);
+
+        hashmap_free(m->image_cache);
+
+        sd_event_source_unref(m->image_cache_defer_event);
+
+        bus_verify_polkit_async_registry_free(m->polkit_registry);
+
+        sd_bus_unref(m->bus);
+        sd_event_unref(m->event);
+
+        free(m);
+}
+
+static int manager_add_host_machine(Manager *m) {
+        _cleanup_free_ char *rd = NULL, *unit = NULL;
+        sd_id128_t mid;
+        Machine *t;
+        int r;
+
+        if (m->host_machine)
+                return 0;
+
+        r = sd_id128_get_machine(&mid);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get machine ID: %m");
+
+        rd = strdup("/");
+        if (!rd)
+                return log_oom();
+
+        unit = strdup("-.slice");
+        if (!unit)
+                return log_oom();
+
+        t = machine_new(m, MACHINE_HOST, ".host");
+        if (!t)
+                return log_oom();
+
+        t->leader = 1;
+        t->id = mid;
+
+        t->root_directory = rd;
+        t->unit = unit;
+        rd = unit = NULL;
+
+        dual_timestamp_from_boottime_or_monotonic(&t->timestamp, 0);
+
+        m->host_machine = t;
+
+        return 0;
+}
+
+int manager_enumerate_machines(Manager *m) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r = 0;
+
+        assert(m);
+
+        r = manager_add_host_machine(m);
+        if (r < 0)
+                return r;
+
+        /* Read in machine data stored on disk */
+        d = opendir("/run/systemd/machines");
+        if (!d) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open /run/systemd/machines: %m");
+        }
+
+        FOREACH_DIRENT(de, d, return -errno) {
+                struct Machine *machine;
+                int k;
+
+                if (!dirent_is_file(de))
+                        continue;
+
+                /* Ignore symlinks that map the unit name to the machine */
+                if (startswith(de->d_name, "unit:"))
+                        continue;
+
+                if (!machine_name_is_valid(de->d_name))
+                        continue;
+
+                k = manager_add_machine(m, de->d_name, &machine);
+                if (k < 0) {
+                        r = log_error_errno(k, "Failed to add machine by file name %s: %m", de->d_name);
+                        continue;
+                }
+
+                machine_add_to_gc_queue(machine);
+
+                k = machine_load(machine);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int manager_connect_bus(Manager *m) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(m);
+        assert(!m->bus);
+
+        r = sd_bus_default_system(&m->bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to system bus: %m");
+
+        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/machine1", "org.freedesktop.machine1.Manager", manager_vtable, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add manager object vtable: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/machine1/machine", "org.freedesktop.machine1.Machine", machine_vtable, machine_object_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add machine object vtable: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/machine1/machine", machine_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add machine enumerator: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/machine1/image", "org.freedesktop.machine1.Image", image_vtable, image_object_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add image object vtable: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/machine1/image", image_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add image enumerator: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.systemd1.Manager',"
+                             "member='JobRemoved',"
+                             "path='/org/freedesktop/systemd1'",
+                             match_job_removed,
+                             m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for JobRemoved: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.systemd1.Manager',"
+                             "member='UnitRemoved',"
+                             "path='/org/freedesktop/systemd1'",
+                             match_unit_removed,
+                             m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for UnitRemoved: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.DBus.Properties',"
+                             "member='PropertiesChanged',"
+                             "arg0='org.freedesktop.systemd1.Unit'",
+                             match_properties_changed,
+                             m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for PropertiesChanged: %m");
+
+        r = sd_bus_add_match(m->bus,
+                             NULL,
+                             "type='signal',"
+                             "sender='org.freedesktop.systemd1',"
+                             "interface='org.freedesktop.systemd1.Manager',"
+                             "member='Reloading',"
+                             "path='/org/freedesktop/systemd1'",
+                             match_reloading,
+                             m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for Reloading: %m");
+
+        r = sd_bus_call_method(
+                        m->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "Subscribe",
+                        &error,
+                        NULL, NULL);
+        if (r < 0) {
+                log_error("Failed to enable subscription: %s", bus_error_message(&error, r));
+                return r;
+        }
+
+        r = sd_bus_request_name(m->bus, "org.freedesktop.machine1", 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register name: %m");
+
+        r = sd_bus_attach_event(m->bus, m->event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        return 0;
+}
+
+void manager_gc(Manager *m, bool drop_not_started) {
+        Machine *machine;
+
+        assert(m);
+
+        while ((machine = m->machine_gc_queue)) {
+                LIST_REMOVE(gc_queue, m->machine_gc_queue, machine);
+                machine->in_gc_queue = false;
+
+                /* First, if we are not closing yet, initiate stopping */
+                if (!machine_check_gc(machine, drop_not_started) &&
+                    machine_get_state(machine) != MACHINE_CLOSING)
+                        machine_stop(machine);
+
+                /* Now, the stop stop probably made this referenced
+                 * again, but if it didn't, then it's time to let it
+                 * go entirely. */
+                if (!machine_check_gc(machine, drop_not_started)) {
+                        machine_finalize(machine);
+                        machine_free(machine);
+                }
+        }
+}
+
+int manager_startup(Manager *m) {
+        Machine *machine;
+        Iterator i;
+        int r;
+
+        assert(m);
+
+        /* Connect to the bus */
+        r = manager_connect_bus(m);
+        if (r < 0)
+                return r;
+
+        /* Deserialize state */
+        manager_enumerate_machines(m);
+
+        /* Remove stale objects before we start them */
+        manager_gc(m, false);
+
+        /* And start everything */
+        HASHMAP_FOREACH(machine, m->machines, i)
+                machine_start(machine, NULL, NULL);
+
+        return 0;
+}
+
+static bool check_idle(void *userdata) {
+        Manager *m = userdata;
+
+        if (m->operations)
+                return false;
+
+        manager_gc(m, true);
+
+        return hashmap_isempty(m->machines);
+}
+
+int manager_run(Manager *m) {
+        assert(m);
+
+        return bus_event_loop_with_idle(
+                        m->event,
+                        m->bus,
+                        "org.freedesktop.machine1",
+                        DEFAULT_EXIT_USEC,
+                        check_idle, m);
+}
+
+int main(int argc, char *argv[]) {
+        Manager *m = NULL;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_set_facility(LOG_AUTH);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (argc != 1) {
+                log_error("This program takes no arguments.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        /* Always create the directories people can create inotify
+         * watches in. Note that some applications might check for the
+         * existence of /run/systemd/machines/ to determine whether
+         * machined is available, so please always make sure this
+         * check stays in. */
+        mkdir_label("/run/systemd/machines", 0755);
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, -1) >= 0);
+
+        m = manager_new();
+        if (!m) {
+                r = log_oom();
+                goto finish;
+        }
+
+        r = manager_startup(m);
+        if (r < 0) {
+                log_error_errno(r, "Failed to fully start up daemon: %m");
+                goto finish;
+        }
+
+        log_debug("systemd-machined running as pid "PID_FMT, getpid());
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing requests...");
+
+        r = manager_run(m);
+
+        log_debug("systemd-machined stopped as pid "PID_FMT, getpid());
+
+finish:
+        manager_free(m);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/network/.gitignore b/src/grp-network/.gitignore
index aca55206b7..aca55206b7 100644
--- a/src/network/.gitignore
+++ b/src/grp-network/.gitignore
diff --git a/src/grp-network/Makefile b/src/grp-network/Makefile
new file mode 100644
index 0000000000..7cbd9142d0
--- /dev/null
+++ b/src/grp-network/Makefile
@@ -0,0 +1,107 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+dist_network_DATA = \
+	network/99-default.link \
+	network/80-container-host0.network \
+	network/80-container-ve.network \
+	network/80-container-vz.network
+
+ifneq ($(ENABLE_NETWORKD),)
+test_networkd_conf_SOURCES = \
+	src/network/test-networkd-conf.c
+
+test_networkd_conf_LDADD = \
+	libnetworkd-core.la
+
+test_network_SOURCES = \
+	src/network/test-network.c
+
+test_network_LDADD = \
+	libnetworkd-core.la
+
+ifneq ($(HAVE_LIBIPTC),)
+test_network_LDADD += \
+	libfirewall.la
+endif # HAVE_LIBIPTC
+
+test_network_tables_SOURCES = \
+	src/network/test-network-tables.c \
+	src/shared/test-tables.h
+
+test_network_tables_LDADD = \
+	libnetworkd-core.la \
+	libudev-core.la
+
+ifneq ($(HAVE_LIBIPTC),)
+test_network_tables_LDADD += \
+	libfirewall.la
+endif # HAVE_LIBIPTC
+
+tests += \
+	test-networkd-conf \
+	test-network \
+	test-network-tables
+
+dist_systemunit_DATA += \
+	units/systemd-networkd.socket
+
+nodist_systemunit_DATA += \
+	units/systemd-networkd.service \
+	units/systemd-networkd-wait-online.service
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.network1.busname
+
+dist_dbussystemservice_DATA += \
+	src/network/org.freedesktop.network1.service
+
+dist_dbuspolicy_DATA += \
+	src/network/org.freedesktop.network1.conf
+
+GENERAL_ALIASES += \
+	$(systemunitdir)/systemd-networkd.socket $(pkgsysconfdir)/system/sockets.target.wants/systemd-networkd.socket \
+	$(systemunitdir)/systemd-networkd.service $(pkgsysconfdir)/system/multi-user.target.wants/systemd-networkd.service \
+	$(systemunitdir)/systemd-networkd-wait-online.service $(pkgsysconfdir)/system/network-online.target.wants/systemd-networkd-wait-online.service
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-networkd.service dbus-org.freedesktop.network1.service
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.network1.busname
+
+endif # ENABLE_NETWORKD
+
+gperf_gperf_sources += \
+	src/network/networkd-gperf.gperf \
+	src/network/networkd-network-gperf.gperf \
+	src/network/networkd-netdev-gperf.gperf
+
+EXTRA_DIST += \
+	units/systemd-networkd.service.m4.in \
+	units/systemd-networkd-wait-online.service.in \
+	test/networkd-test.py
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-network/libnetworkd-core/Makefile b/src/grp-network/libnetworkd-core/Makefile
new file mode 100644
index 0000000000..53d65460f2
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/Makefile
@@ -0,0 +1,93 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+noinst_LTLIBRARIES += \
+	libnetworkd-core.la
+
+libnetworkd_core_la_CFLAGS = \
+	$(AM_CFLAGS)
+
+libnetworkd_core_la_SOURCES = \
+	src/libsystemd-network/network-internal.h \
+	src/network/networkd.h \
+	src/network/networkd-conf.h \
+	src/network/networkd-conf.c \
+	src/network/networkd-link.h \
+	src/network/networkd-link.c \
+	src/network/networkd-netdev.h \
+	src/network/networkd-netdev.c \
+	src/network/networkd-netdev-tunnel.h \
+	src/network/networkd-netdev-tunnel.c \
+	src/network/networkd-netdev-veth.h \
+	src/network/networkd-netdev-veth.c \
+	src/network/networkd-netdev-vxlan.h \
+	src/network/networkd-netdev-vxlan.c \
+	src/network/networkd-netdev-vlan.h \
+	src/network/networkd-netdev-vlan.c \
+	src/network/networkd-netdev-macvlan.h \
+	src/network/networkd-netdev-macvlan.c \
+	src/network/networkd-netdev-ipvlan.h \
+	src/network/networkd-netdev-ipvlan.c \
+	src/network/networkd-netdev-dummy.h \
+	src/network/networkd-netdev-dummy.c \
+	src/network/networkd-netdev-tuntap.h \
+	src/network/networkd-netdev-tuntap.c \
+	src/network/networkd-netdev-bond.h \
+	src/network/networkd-netdev-bond.c \
+	src/network/networkd-netdev-bridge.h \
+	src/network/networkd-netdev-bridge.c \
+	src/network/networkd-link-bus.c \
+	src/network/networkd-ipv4ll.c \
+	src/network/networkd-dhcp4.c \
+	src/network/networkd-dhcp6.c \
+	src/network/networkd-ndisc.c \
+	src/network/networkd-network.h \
+	src/network/networkd-network.c \
+	src/network/networkd-network-bus.c \
+	src/network/networkd-address.h \
+	src/network/networkd-address.c \
+	src/network/networkd-route.h \
+	src/network/networkd-route.c \
+	src/network/networkd-manager.c \
+	src/network/networkd-manager-bus.c \
+	src/network/networkd-fdb.h \
+	src/network/networkd-fdb.c \
+	src/network/networkd-address-pool.h \
+	src/network/networkd-address-pool.c \
+	src/network/networkd-util.h \
+	src/network/networkd-util.c \
+	src/network/networkd-lldp-tx.h \
+	src/network/networkd-lldp-tx.c
+
+nodist_libnetworkd_core_la_SOURCES = \
+	src/network/networkd-gperf.c \
+	src/network/networkd-network-gperf.c \
+	src/network/networkd-netdev-gperf.c
+
+libnetworkd_core_la_LIBADD = \
+	libsystemd-network.la \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/network/networkd-address-pool.c b/src/grp-network/libnetworkd-core/networkd-address-pool.c
index ebc6c9eb9e..ebc6c9eb9e 100644
--- a/src/network/networkd-address-pool.c
+++ b/src/grp-network/libnetworkd-core/networkd-address-pool.c
diff --git a/src/network/networkd-address-pool.h b/src/grp-network/libnetworkd-core/networkd-address-pool.h
index af30decfe0..af30decfe0 100644
--- a/src/network/networkd-address-pool.h
+++ b/src/grp-network/libnetworkd-core/networkd-address-pool.h
diff --git a/src/network/networkd-address.c b/src/grp-network/libnetworkd-core/networkd-address.c
index 367c340e08..367c340e08 100644
--- a/src/network/networkd-address.c
+++ b/src/grp-network/libnetworkd-core/networkd-address.c
diff --git a/src/network/networkd-address.h b/src/grp-network/libnetworkd-core/networkd-address.h
index 784ab18b27..784ab18b27 100644
--- a/src/network/networkd-address.h
+++ b/src/grp-network/libnetworkd-core/networkd-address.h
diff --git a/src/network/networkd-conf.c b/src/grp-network/libnetworkd-core/networkd-conf.c
index b67a1f6d09..b67a1f6d09 100644
--- a/src/network/networkd-conf.c
+++ b/src/grp-network/libnetworkd-core/networkd-conf.c
diff --git a/src/network/networkd-conf.h b/src/grp-network/libnetworkd-core/networkd-conf.h
index c7bfb42a72..c7bfb42a72 100644
--- a/src/network/networkd-conf.h
+++ b/src/grp-network/libnetworkd-core/networkd-conf.h
diff --git a/src/network/networkd-dhcp4.c b/src/grp-network/libnetworkd-core/networkd-dhcp4.c
index 2ddcee9db8..2ddcee9db8 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/grp-network/libnetworkd-core/networkd-dhcp4.c
diff --git a/src/grp-network/libnetworkd-core/networkd-dhcp6.c b/src/grp-network/libnetworkd-core/networkd-dhcp6.c
new file mode 100644
index 0000000000..c5a3c52e94
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-dhcp6.c
@@ -0,0 +1,255 @@
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2014 Intel Corporation. All rights reserved.
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/ether.h>
+#include <linux/if.h>
+
+#include <systemd/sd-dhcp6-client.h>
+
+#include "network-internal.h"
+#include "networkd.h"
+
+static int dhcp6_lease_address_acquired(sd_dhcp6_client *client, Link *link);
+
+static int dhcp6_lease_information_acquired(sd_dhcp6_client *client,
+                                        Link *link) {
+        return 0;
+}
+
+static int dhcp6_address_handler(sd_netlink *rtnl, sd_netlink_message *m,
+                                 void *userdata) {
+        _cleanup_link_unref_ Link *link = userdata;
+        int r;
+
+        assert(link);
+
+        r = sd_netlink_message_get_errno(m);
+        if (r < 0 && r != -EEXIST) {
+                if (link->rtnl_extended_attrs) {
+                        log_link_warning(link, "Could not set extended netlink attributes, reverting to fallback mechanism");
+
+                        link->rtnl_extended_attrs = false;
+                        dhcp6_lease_address_acquired(link->dhcp6_client, link);
+
+                        return 1;
+                }
+
+                log_link_error_errno(link, r, "Could not set DHCPv6 address: %m");
+
+                link_enter_failed(link);
+
+        } else if (r >= 0)
+                manager_rtnl_process_address(rtnl, m, link->manager);
+
+        return 1;
+}
+
+static int dhcp6_address_change(Link *link, struct in6_addr *ip6_addr,
+                                uint32_t lifetime_preferred, uint32_t lifetime_valid) {
+        int r;
+        _cleanup_address_free_ Address *addr = NULL;
+
+        r = address_new(&addr);
+        if (r < 0)
+                return r;
+
+        addr->family = AF_INET6;
+        memcpy(&addr->in_addr.in6, ip6_addr, sizeof(*ip6_addr));
+
+        addr->flags = IFA_F_NOPREFIXROUTE;
+        addr->prefixlen = 128;
+
+        addr->cinfo.ifa_prefered = lifetime_preferred;
+        addr->cinfo.ifa_valid = lifetime_valid;
+
+        log_link_info(link,
+                      "DHCPv6 address "SD_NDISC_ADDRESS_FORMAT_STR"/%d timeout preferred %d valid %d",
+                      SD_NDISC_ADDRESS_FORMAT_VAL(addr->in_addr.in6),
+                      addr->prefixlen, lifetime_preferred, lifetime_valid);
+
+        r = address_configure(addr, link, dhcp6_address_handler, true);
+        if (r < 0)
+                log_link_warning_errno(link, r, "Could not assign DHCPv6 address: %m");
+
+        return r;
+}
+
+static int dhcp6_lease_address_acquired(sd_dhcp6_client *client, Link *link) {
+        int r;
+        sd_dhcp6_lease *lease;
+        struct in6_addr ip6_addr;
+        uint32_t lifetime_preferred, lifetime_valid;
+
+        r = sd_dhcp6_client_get_lease(client, &lease);
+        if (r < 0)
+                return r;
+
+        sd_dhcp6_lease_reset_address_iter(lease);
+
+        while (sd_dhcp6_lease_get_address(lease, &ip6_addr,
+                                                 &lifetime_preferred,
+                                                 &lifetime_valid) >= 0) {
+
+                r = dhcp6_address_change(link, &ip6_addr, lifetime_preferred, lifetime_valid);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static void dhcp6_handler(sd_dhcp6_client *client, int event, void *userdata) {
+        int r;
+        Link *link = userdata;
+
+        assert(link);
+        assert(link->network);
+        assert(link->manager);
+
+        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+                return;
+
+        switch(event) {
+        case SD_DHCP6_CLIENT_EVENT_STOP:
+        case SD_DHCP6_CLIENT_EVENT_RESEND_EXPIRE:
+        case SD_DHCP6_CLIENT_EVENT_RETRANS_MAX:
+                if (sd_dhcp6_client_get_lease(client, NULL) >= 0)
+                        log_link_warning(link, "DHCPv6 lease lost");
+
+                link->dhcp6_configured = false;
+                break;
+
+        case SD_DHCP6_CLIENT_EVENT_IP_ACQUIRE:
+                r = dhcp6_lease_address_acquired(client, link);
+                if (r < 0) {
+                        link_enter_failed(link);
+                        return;
+                }
+
+                /* fall through */
+        case SD_DHCP6_CLIENT_EVENT_INFORMATION_REQUEST:
+                r = dhcp6_lease_information_acquired(client, link);
+                if (r < 0) {
+                        link_enter_failed(link);
+                        return;
+                }
+
+                link->dhcp6_configured = true;
+                break;
+
+        default:
+                if (event < 0)
+                        log_link_warning_errno(link, event, "DHCPv6 error: %m");
+                else
+                        log_link_warning(link, "DHCPv6 unknown event: %d", event);
+                return;
+        }
+
+        link_check_ready(link);
+}
+
+int dhcp6_request_address(Link *link) {
+        int r, inf_req;
+        bool running;
+
+        assert(link);
+        assert(link->dhcp6_client);
+
+        r = sd_dhcp6_client_get_information_request(link->dhcp6_client, &inf_req);
+        if (r < 0)
+                return r;
+
+        if (!inf_req)
+                return 0;
+
+        r = sd_dhcp6_client_is_running(link->dhcp6_client);
+        if (r < 0)
+                return r;
+        else
+                running = !!r;
+
+        if (running) {
+                r = sd_dhcp6_client_stop(link->dhcp6_client);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_dhcp6_client_set_information_request(link->dhcp6_client, false);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int dhcp6_configure(Link *link) {
+        sd_dhcp6_client *client = NULL;
+        int r;
+        const DUID *duid;
+
+        assert(link);
+
+        if (link->dhcp6_client)
+                return 0;
+
+        r = sd_dhcp6_client_new(&client);
+        if (r < 0)
+                return r;
+
+        r = sd_dhcp6_client_attach_event(client, NULL, 0);
+        if (r < 0)
+                goto error;
+
+        r = sd_dhcp6_client_set_information_request(client, true);
+        if (r < 0)
+                goto error;
+
+        r = sd_dhcp6_client_set_mac(client,
+                                    (const uint8_t *) &link->mac,
+                                    sizeof (link->mac), ARPHRD_ETHER);
+        if (r < 0)
+                goto error;
+
+        r = sd_dhcp6_client_set_iaid(client, link->network->iaid);
+        if (r < 0)
+                goto error;
+
+        duid = link_duid(link);
+        r = sd_dhcp6_client_set_duid(client,
+                                     duid->type,
+                                     duid->raw_data_len > 0 ? duid->raw_data : NULL,
+                                     duid->raw_data_len);
+        if (r < 0)
+                goto error;
+
+        r = sd_dhcp6_client_set_index(client, link->ifindex);
+        if (r < 0)
+                goto error;
+
+        r = sd_dhcp6_client_set_callback(client, dhcp6_handler, link);
+        if (r < 0)
+                goto error;
+
+        link->dhcp6_client = client;
+
+        return 0;
+
+error:
+        sd_dhcp6_client_unref(client);
+        return r;
+}
diff --git a/src/network/networkd-fdb.c b/src/grp-network/libnetworkd-core/networkd-fdb.c
index 241f486211..241f486211 100644
--- a/src/network/networkd-fdb.c
+++ b/src/grp-network/libnetworkd-core/networkd-fdb.c
diff --git a/src/network/networkd-fdb.h b/src/grp-network/libnetworkd-core/networkd-fdb.h
index 84410714f5..84410714f5 100644
--- a/src/network/networkd-fdb.h
+++ b/src/grp-network/libnetworkd-core/networkd-fdb.h
diff --git a/src/network/networkd-gperf.gperf b/src/grp-network/libnetworkd-core/networkd-gperf.gperf
index 3fdfe74955..3fdfe74955 100644
--- a/src/network/networkd-gperf.gperf
+++ b/src/grp-network/libnetworkd-core/networkd-gperf.gperf
diff --git a/src/network/networkd-ipv4ll.c b/src/grp-network/libnetworkd-core/networkd-ipv4ll.c
index ae323d595b..ae323d595b 100644
--- a/src/network/networkd-ipv4ll.c
+++ b/src/grp-network/libnetworkd-core/networkd-ipv4ll.c
diff --git a/src/network/networkd-link-bus.c b/src/grp-network/libnetworkd-core/networkd-link-bus.c
index 532557ed6c..532557ed6c 100644
--- a/src/network/networkd-link-bus.c
+++ b/src/grp-network/libnetworkd-core/networkd-link-bus.c
diff --git a/src/network/networkd-link.c b/src/grp-network/libnetworkd-core/networkd-link.c
index a021fc886f..a021fc886f 100644
--- a/src/network/networkd-link.c
+++ b/src/grp-network/libnetworkd-core/networkd-link.c
diff --git a/src/grp-network/libnetworkd-core/networkd-link.h b/src/grp-network/libnetworkd-core/networkd-link.h
new file mode 100644
index 0000000000..90cb9b93f6
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-link.h
@@ -0,0 +1,209 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <endian.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-dhcp-client.h>
+#include <systemd/sd-dhcp-server.h>
+#include <systemd/sd-dhcp6-client.h>
+#include <systemd/sd-ipv4ll.h>
+#include <systemd/sd-lldp.h>
+#include <systemd/sd-ndisc.h>
+#include <systemd/sd-netlink.h>
+
+#include "list.h"
+#include "set.h"
+
+typedef enum LinkState {
+        LINK_STATE_PENDING,
+        LINK_STATE_ENSLAVING,
+        LINK_STATE_SETTING_ADDRESSES,
+        LINK_STATE_SETTING_ROUTES,
+        LINK_STATE_CONFIGURED,
+        LINK_STATE_UNMANAGED,
+        LINK_STATE_FAILED,
+        LINK_STATE_LINGER,
+        _LINK_STATE_MAX,
+        _LINK_STATE_INVALID = -1
+} LinkState;
+
+typedef enum LinkOperationalState {
+        LINK_OPERSTATE_OFF,
+        LINK_OPERSTATE_NO_CARRIER,
+        LINK_OPERSTATE_DORMANT,
+        LINK_OPERSTATE_CARRIER,
+        LINK_OPERSTATE_DEGRADED,
+        LINK_OPERSTATE_ROUTABLE,
+        _LINK_OPERSTATE_MAX,
+        _LINK_OPERSTATE_INVALID = -1
+} LinkOperationalState;
+
+typedef struct Manager Manager;
+typedef struct Network Network;
+typedef struct Address Address;
+
+typedef struct Link {
+        Manager *manager;
+
+        int n_ref;
+
+        int ifindex;
+        char *ifname;
+        unsigned short iftype;
+        char *state_file;
+        struct ether_addr mac;
+        struct in6_addr ipv6ll_address;
+        uint32_t mtu;
+        struct udev_device *udev_device;
+
+        unsigned flags;
+        uint8_t kernel_operstate;
+
+        Network *network;
+
+        LinkState state;
+        LinkOperationalState operstate;
+
+        unsigned link_messages;
+        unsigned enslaving;
+
+        Set *addresses;
+        Set *addresses_foreign;
+        Set *routes;
+        Set *routes_foreign;
+
+        sd_dhcp_client *dhcp_client;
+        sd_dhcp_lease *dhcp_lease;
+        char *lease_file;
+        uint16_t original_mtu;
+        unsigned dhcp4_messages;
+        bool dhcp4_configured;
+        bool dhcp6_configured;
+        unsigned ndisc_messages;
+        bool ndisc_configured;
+
+        sd_ipv4ll *ipv4ll;
+        bool ipv4ll_address:1;
+        bool ipv4ll_route:1;
+
+        bool static_configured;
+
+        LIST_HEAD(Address, pool_addresses);
+
+        sd_dhcp_server *dhcp_server;
+
+        sd_ndisc *ndisc_router_discovery;
+        sd_dhcp6_client *dhcp6_client;
+        bool rtnl_extended_attrs;
+
+        /* This is about LLDP reception */
+        sd_lldp *lldp;
+        char *lldp_file;
+
+        /* This is about LLDP transmission */
+        unsigned lldp_tx_fast; /* The LLDP txFast counter (See 802.1ab-2009, section 9.2.5.18) */
+        sd_event_source *lldp_emit_event_source;
+
+        Hashmap *bound_by_links;
+        Hashmap *bound_to_links;
+} Link;
+
+Link *link_unref(Link *link);
+Link *link_ref(Link *link);
+int link_get(Manager *m, int ifindex, Link **ret);
+int link_add(Manager *manager, sd_netlink_message *message, Link **ret);
+void link_drop(Link *link);
+
+int link_address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata);
+int link_route_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata);
+
+void link_enter_failed(Link *link);
+int link_initialized(Link *link, struct udev_device *device);
+
+void link_check_ready(Link *link);
+
+void link_update_operstate(Link *link);
+int link_update(Link *link, sd_netlink_message *message);
+
+void link_dirty(Link *link);
+void link_clean(Link *link);
+int link_save(Link *link);
+
+int link_carrier_reset(Link *link);
+bool link_has_carrier(Link *link);
+
+int link_ipv6ll_gained(Link *link, const struct in6_addr *address);
+
+int link_set_mtu(Link *link, uint32_t mtu);
+int link_set_hostname(Link *link, const char *hostname);
+int link_set_timezone(Link *link, const char *timezone);
+
+int ipv4ll_configure(Link *link);
+int dhcp4_configure(Link *link);
+int dhcp6_configure(Link *link);
+int dhcp6_request_address(Link *link);
+int ndisc_configure(Link *link);
+
+const char* link_state_to_string(LinkState s) _const_;
+LinkState link_state_from_string(const char *s) _pure_;
+
+const char* link_operstate_to_string(LinkOperationalState s) _const_;
+LinkOperationalState link_operstate_from_string(const char *s) _pure_;
+
+extern const sd_bus_vtable link_vtable[];
+
+int link_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
+int link_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
+int link_send_changed(Link *link, const char *property, ...) _sentinel_;
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_unref);
+#define _cleanup_link_unref_ _cleanup_(link_unrefp)
+
+/* Macros which append INTERFACE= to the message */
+
+#define log_link_full(link, level, error, ...)                          \
+        ({                                                              \
+                Link *_l = (link);                                      \
+                _l ? log_object_internal(level, error, __FILE__, __LINE__, __func__, "INTERFACE=", _l->ifname, ##__VA_ARGS__) : \
+                        log_internal(level, error, __FILE__, __LINE__, __func__, ##__VA_ARGS__); \
+        })                                                              \
+
+#define log_link_debug(link, ...)   log_link_full(link, LOG_DEBUG, 0, ##__VA_ARGS__)
+#define log_link_info(link, ...)    log_link_full(link, LOG_INFO, 0, ##__VA_ARGS__)
+#define log_link_notice(link, ...)  log_link_full(link, LOG_NOTICE, 0, ##__VA_ARGS__)
+#define log_link_warning(link, ...) log_link_full(link, LOG_WARNING, 0, ##__VA_ARGS__)
+#define log_link_error(link, ...)   log_link_full(link, LOG_ERR, 0, ##__VA_ARGS__)
+
+#define log_link_debug_errno(link, error, ...)   log_link_full(link, LOG_DEBUG, error, ##__VA_ARGS__)
+#define log_link_info_errno(link, error, ...)    log_link_full(link, LOG_INFO, error, ##__VA_ARGS__)
+#define log_link_notice_errno(link, error, ...)  log_link_full(link, LOG_NOTICE, error, ##__VA_ARGS__)
+#define log_link_warning_errno(link, error, ...) log_link_full(link, LOG_WARNING, error, ##__VA_ARGS__)
+#define log_link_error_errno(link, error, ...)   log_link_full(link, LOG_ERR, error, ##__VA_ARGS__)
+
+#define LOG_LINK_MESSAGE(link, fmt, ...) "MESSAGE=%s: " fmt, (link)->ifname, ##__VA_ARGS__
+#define LOG_LINK_INTERFACE(link) "INTERFACE=%s", (link)->ifname
+
+#define ADDRESS_FMT_VAL(address)                   \
+        be32toh((address).s_addr) >> 24,           \
+        (be32toh((address).s_addr) >> 16) & 0xFFu, \
+        (be32toh((address).s_addr) >> 8) & 0xFFu,  \
+        be32toh((address).s_addr) & 0xFFu
diff --git a/src/network/networkd-lldp-tx.c b/src/grp-network/libnetworkd-core/networkd-lldp-tx.c
index 3aa768388b..3aa768388b 100644
--- a/src/network/networkd-lldp-tx.c
+++ b/src/grp-network/libnetworkd-core/networkd-lldp-tx.c
diff --git a/src/network/networkd-lldp-tx.h b/src/grp-network/libnetworkd-core/networkd-lldp-tx.h
index 4680c9d950..4680c9d950 100644
--- a/src/network/networkd-lldp-tx.h
+++ b/src/grp-network/libnetworkd-core/networkd-lldp-tx.h
diff --git a/src/network/networkd-manager-bus.c b/src/grp-network/libnetworkd-core/networkd-manager-bus.c
index 0c429b9471..0c429b9471 100644
--- a/src/network/networkd-manager-bus.c
+++ b/src/grp-network/libnetworkd-core/networkd-manager-bus.c
diff --git a/src/grp-network/libnetworkd-core/networkd-manager.c b/src/grp-network/libnetworkd-core/networkd-manager.c
new file mode 100644
index 0000000000..7af7abaa81
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-manager.c
@@ -0,0 +1,1329 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
+#include <sys/socket.h>
+#include <linux/if.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "bus-util.h"
+#include "conf-parser.h"
+#include "def.h"
+#include "dns-domain.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "libudev-private.h"
+#include "local-addresses.h"
+#include "netlink-util.h"
+#include "networkd.h"
+#include "ordered-set.h"
+#include "path-util.h"
+#include "set.h"
+#include "udev-util.h"
+#include "virt.h"
+
+/* use 8 MB for receive socket kernel queue. */
+#define RCVBUF_SIZE    (8*1024*1024)
+
+const char* const network_dirs[] = {
+        "/etc/systemd/network",
+        "/run/systemd/network",
+        "/usr/lib/systemd/network",
+#ifdef HAVE_SPLIT_USR
+        "/lib/systemd/network",
+#endif
+        NULL};
+
+static int setup_default_address_pool(Manager *m) {
+        AddressPool *p;
+        int r;
+
+        assert(m);
+
+        /* Add in the well-known private address ranges. */
+
+        r = address_pool_new_from_string(m, &p, AF_INET6, "fc00::", 7);
+        if (r < 0)
+                return r;
+
+        r = address_pool_new_from_string(m, &p, AF_INET, "192.168.0.0", 16);
+        if (r < 0)
+                return r;
+
+        r = address_pool_new_from_string(m, &p, AF_INET, "172.16.0.0", 12);
+        if (r < 0)
+                return r;
+
+        r = address_pool_new_from_string(m, &p, AF_INET, "10.0.0.0", 8);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int on_bus_retry(sd_event_source *s, usec_t usec, void *userdata) {
+        Manager *m = userdata;
+
+        assert(s);
+        assert(m);
+
+        m->bus_retry_event_source = sd_event_source_unref(m->bus_retry_event_source);
+
+        manager_connect_bus(m);
+
+        return 0;
+}
+
+static int manager_reset_all(Manager *m) {
+        Link *link;
+        Iterator i;
+        int r;
+
+        assert(m);
+
+        HASHMAP_FOREACH(link, m->links, i) {
+                r = link_carrier_reset(link);
+                if (r < 0)
+                        log_link_warning_errno(link, r, "Could not reset carrier: %m");
+        }
+
+        return 0;
+}
+
+static int match_prepare_for_sleep(sd_bus_message *message, void *userdata, sd_bus_error *ret_error) {
+        Manager *m = userdata;
+        int b, r;
+
+        assert(message);
+
+        r = sd_bus_message_read(message, "b", &b);
+        if (r < 0) {
+                log_debug_errno(r, "Failed to parse PrepareForSleep signal: %m");
+                return 0;
+        }
+
+        if (b)
+                return 0;
+
+        log_debug("Coming back from suspend, resetting all connections...");
+
+        manager_reset_all(m);
+
+        return 0;
+}
+
+int manager_connect_bus(Manager *m) {
+        int r;
+
+        assert(m);
+
+        r = sd_bus_default_system(&m->bus);
+        if (r == -ENOENT) {
+                /* We failed to connect? Yuck, we must be in early
+                 * boot. Let's try in 5s again. As soon as we have
+                 * kdbus we can stop doing this... */
+
+                log_debug_errno(r, "Failed to connect to bus, trying again in 5s: %m");
+
+                r = sd_event_add_time(m->event, &m->bus_retry_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + 5*USEC_PER_SEC, 0, on_bus_retry, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to install bus reconnect time event: %m");
+
+                return 0;
+        }
+
+        if (r < 0)
+                return r;
+
+        r = sd_bus_add_match(m->bus, &m->prepare_for_sleep_slot,
+                             "type='signal',"
+                             "sender='org.freedesktop.login1',"
+                             "interface='org.freedesktop.login1.Manager',"
+                             "member='PrepareForSleep',"
+                             "path='/org/freedesktop/login1'",
+                             match_prepare_for_sleep,
+                             m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match for PrepareForSleep: %m");
+
+        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/network1", "org.freedesktop.network1.Manager", manager_vtable, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add manager object vtable: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/network1/link", "org.freedesktop.network1.Link", link_vtable, link_object_find, m);
+        if (r < 0)
+               return log_error_errno(r, "Failed to add link object vtable: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/network1/link", link_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add link enumerator: %m");
+
+        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/network1/network", "org.freedesktop.network1.Network", network_vtable, network_object_find, m);
+        if (r < 0)
+               return log_error_errno(r, "Failed to add network object vtable: %m");
+
+        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/network1/network", network_node_enumerator, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add network enumerator: %m");
+
+        r = sd_bus_request_name(m->bus, "org.freedesktop.network1", 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register name: %m");
+
+        r = sd_bus_attach_event(m->bus, m->event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        return 0;
+}
+
+static int manager_udev_process_link(Manager *m, struct udev_device *device) {
+        Link *link = NULL;
+        int r, ifindex;
+
+        assert(m);
+        assert(device);
+
+        if (!streq_ptr(udev_device_get_action(device), "add"))
+                return 0;
+
+        ifindex = udev_device_get_ifindex(device);
+        if (ifindex <= 0) {
+                log_debug("Ignoring udev ADD event for device with invalid ifindex");
+                return 0;
+        }
+
+        r = link_get(m, ifindex, &link);
+        if (r == -ENODEV)
+                return 0;
+        else if (r < 0)
+                return r;
+
+        r = link_initialized(link, device);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int manager_dispatch_link_udev(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+        struct udev_monitor *monitor = m->udev_monitor;
+        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
+
+        device = udev_monitor_receive_device(monitor);
+        if (!device)
+                return -ENOMEM;
+
+        manager_udev_process_link(m, device);
+        return 0;
+}
+
+static int manager_connect_udev(Manager *m) {
+        int r;
+
+        /* udev does not initialize devices inside containers,
+         * so we rely on them being already initialized before
+         * entering the container */
+        if (detect_container() > 0)
+                return 0;
+
+        m->udev = udev_new();
+        if (!m->udev)
+                return -ENOMEM;
+
+        m->udev_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
+        if (!m->udev_monitor)
+                return -ENOMEM;
+
+        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_monitor, "net", NULL);
+        if (r < 0)
+                return log_error_errno(r, "Could not add udev monitor filter: %m");
+
+        r = udev_monitor_enable_receiving(m->udev_monitor);
+        if (r < 0) {
+                log_error("Could not enable udev monitor");
+                return r;
+        }
+
+        r = sd_event_add_io(m->event,
+                        &m->udev_event_source,
+                        udev_monitor_get_fd(m->udev_monitor),
+                        EPOLLIN, manager_dispatch_link_udev,
+                        m);
+        if (r < 0)
+                return r;
+
+        r = sd_event_source_set_description(m->udev_event_source, "networkd-udev");
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int manager_rtnl_process_route(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
+        Manager *m = userdata;
+        Link *link = NULL;
+        uint16_t type;
+        uint32_t ifindex, priority = 0;
+        unsigned char protocol, scope, tos, table;
+        int family;
+        unsigned char dst_prefixlen, src_prefixlen;
+        union in_addr_union dst = {}, gw = {}, src = {}, prefsrc = {};
+        Route *route = NULL;
+        int r;
+
+        assert(rtnl);
+        assert(message);
+        assert(m);
+
+        if (sd_netlink_message_is_error(message)) {
+                r = sd_netlink_message_get_errno(message);
+                if (r < 0)
+                        log_warning_errno(r, "rtnl: failed to receive route: %m");
+
+                return 0;
+        }
+
+        r = sd_netlink_message_get_type(message, &type);
+        if (r < 0) {
+                log_warning_errno(r, "rtnl: could not get message type: %m");
+                return 0;
+        } else if (type != RTM_NEWROUTE && type != RTM_DELROUTE) {
+                log_warning("rtnl: received unexpected message type when processing route");
+                return 0;
+        }
+
+        r = sd_netlink_message_read_u32(message, RTA_OIF, &ifindex);
+        if (r == -ENODATA) {
+                log_debug("rtnl: received route without ifindex, ignoring");
+                return 0;
+        } else if (r < 0) {
+                log_warning_errno(r, "rtnl: could not get ifindex from route, ignoring: %m");
+                return 0;
+        } else if (ifindex <= 0) {
+                log_warning("rtnl: received route message with invalid ifindex, ignoring: %d", ifindex);
+                return 0;
+        } else {
+                r = link_get(m, ifindex, &link);
+                if (r < 0 || !link) {
+                        /* when enumerating we might be out of sync, but we will
+                         * get the route again, so just ignore it */
+                        if (!m->enumerating)
+                                log_warning("rtnl: received route for nonexistent link (%d), ignoring", ifindex);
+                        return 0;
+                }
+        }
+
+        r = sd_rtnl_message_route_get_family(message, &family);
+        if (r < 0 || !IN_SET(family, AF_INET, AF_INET6)) {
+                log_link_warning(link, "rtnl: received address with invalid family, ignoring.");
+                return 0;
+        }
+
+        r = sd_rtnl_message_route_get_protocol(message, &protocol);
+        if (r < 0) {
+                log_warning_errno(r, "rtnl: could not get route protocol: %m");
+                return 0;
+        }
+
+        switch (family) {
+        case AF_INET:
+                r = sd_netlink_message_read_in_addr(message, RTA_DST, &dst.in);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route without valid destination, ignoring: %m");
+                        return 0;
+                }
+
+                r = sd_netlink_message_read_in_addr(message, RTA_GATEWAY, &gw.in);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route with invalid gateway, ignoring: %m");
+                        return 0;
+                }
+
+                r = sd_netlink_message_read_in_addr(message, RTA_SRC, &src.in);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route with invalid source, ignoring: %m");
+                        return 0;
+                }
+
+                r = sd_netlink_message_read_in_addr(message, RTA_PREFSRC, &prefsrc.in);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route with invalid preferred source, ignoring: %m");
+                        return 0;
+                }
+
+                break;
+
+        case AF_INET6:
+                r = sd_netlink_message_read_in6_addr(message, RTA_DST, &dst.in6);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route without valid destination, ignoring: %m");
+                        return 0;
+                }
+
+                r = sd_netlink_message_read_in6_addr(message, RTA_GATEWAY, &gw.in6);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route with invalid gateway, ignoring: %m");
+                        return 0;
+                }
+
+                r = sd_netlink_message_read_in6_addr(message, RTA_SRC, &src.in6);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route with invalid source, ignoring: %m");
+                        return 0;
+                }
+
+                r = sd_netlink_message_read_in6_addr(message, RTA_PREFSRC, &prefsrc.in6);
+                if (r < 0 && r != -ENODATA) {
+                        log_link_warning_errno(link, r, "rtnl: received route with invalid preferred source, ignoring: %m");
+                        return 0;
+                }
+
+                break;
+
+        default:
+                log_link_debug(link, "rtnl: ignoring unsupported address family: %d", family);
+                return 0;
+        }
+
+        r = sd_rtnl_message_route_get_dst_prefixlen(message, &dst_prefixlen);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received route with invalid destination prefixlen, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_rtnl_message_route_get_src_prefixlen(message, &src_prefixlen);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received route with invalid source prefixlen, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_rtnl_message_route_get_scope(message, &scope);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received route with invalid scope, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_rtnl_message_route_get_tos(message, &tos);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received route with invalid tos, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_rtnl_message_route_get_table(message, &table);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received route with invalid table, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_netlink_message_read_u32(message, RTA_PRIORITY, &priority);
+        if (r < 0 && r != -ENODATA) {
+                log_link_warning_errno(link, r, "rtnl: received route with invalid priority, ignoring: %m");
+                return 0;
+        }
+
+        route_get(link, family, &dst, dst_prefixlen, tos, priority, table, &route);
+
+        switch (type) {
+        case RTM_NEWROUTE:
+                if (!route) {
+                        /* A route appeared that we did not request */
+                        r = route_add_foreign(link, family, &dst, dst_prefixlen, tos, priority, table, &route);
+                        if (r < 0)
+                                return 0;
+                }
+
+                route_update(route, &src, src_prefixlen, &gw, &prefsrc, scope, protocol);
+
+                break;
+
+        case RTM_DELROUTE:
+                route_free(route);
+                break;
+
+        default:
+                assert_not_reached("Received invalid RTNL message type");
+        }
+
+        return 1;
+}
+
+int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
+        Manager *m = userdata;
+        Link *link = NULL;
+        uint16_t type;
+        unsigned char flags;
+        int family;
+        unsigned char prefixlen;
+        unsigned char scope;
+        union in_addr_union in_addr;
+        struct ifa_cacheinfo cinfo;
+        Address *address = NULL;
+        char buf[INET6_ADDRSTRLEN], valid_buf[FORMAT_TIMESPAN_MAX];
+        const char *valid_str = NULL;
+        int r, ifindex;
+
+        assert(rtnl);
+        assert(message);
+        assert(m);
+
+        if (sd_netlink_message_is_error(message)) {
+                r = sd_netlink_message_get_errno(message);
+                if (r < 0)
+                        log_warning_errno(r, "rtnl: failed to receive address: %m");
+
+                return 0;
+        }
+
+        r = sd_netlink_message_get_type(message, &type);
+        if (r < 0) {
+                log_warning_errno(r, "rtnl: could not get message type: %m");
+                return 0;
+        } else if (type != RTM_NEWADDR && type != RTM_DELADDR) {
+                log_warning("rtnl: received unexpected message type when processing address");
+                return 0;
+        }
+
+        r = sd_rtnl_message_addr_get_ifindex(message, &ifindex);
+        if (r < 0) {
+                log_warning_errno(r, "rtnl: could not get ifindex from address: %m");
+                return 0;
+        } else if (ifindex <= 0) {
+                log_warning("rtnl: received address message with invalid ifindex: %d", ifindex);
+                return 0;
+        } else {
+                r = link_get(m, ifindex, &link);
+                if (r < 0 || !link) {
+                        /* when enumerating we might be out of sync, but we will
+                         * get the address again, so just ignore it */
+                        if (!m->enumerating)
+                                log_warning("rtnl: received address for nonexistent link (%d), ignoring", ifindex);
+                        return 0;
+                }
+        }
+
+        r = sd_rtnl_message_addr_get_family(message, &family);
+        if (r < 0 || !IN_SET(family, AF_INET, AF_INET6)) {
+                log_link_warning(link, "rtnl: received address with invalid family, ignoring.");
+                return 0;
+        }
+
+        r = sd_rtnl_message_addr_get_prefixlen(message, &prefixlen);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received address with invalid prefixlen, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_rtnl_message_addr_get_scope(message, &scope);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received address with invalid scope, ignoring: %m");
+                return 0;
+        }
+
+        r = sd_rtnl_message_addr_get_flags(message, &flags);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "rtnl: received address with invalid flags, ignoring: %m");
+                return 0;
+        }
+
+        switch (family) {
+        case AF_INET:
+                r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &in_addr.in);
+                if (r < 0) {
+                        log_link_warning_errno(link, r, "rtnl: received address without valid address, ignoring: %m");
+                        return 0;
+                }
+
+                break;
+
+        case AF_INET6:
+                r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &in_addr.in6);
+                if (r < 0) {
+                        log_link_warning_errno(link, r, "rtnl: received address without valid address, ignoring: %m");
+                        return 0;
+                }
+
+                break;
+
+        default:
+                log_link_debug(link, "rtnl: ignoring unsupported address family: %d", family);
+        }
+
+        if (!inet_ntop(family, &in_addr, buf, INET6_ADDRSTRLEN)) {
+                log_link_warning(link, "Could not print address");
+                return 0;
+        }
+
+        r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo);
+        if (r >= 0) {
+                if (cinfo.ifa_valid != CACHE_INFO_INFINITY_LIFE_TIME)
+                        valid_str = format_timespan(valid_buf, FORMAT_TIMESPAN_MAX,
+                                                    cinfo.ifa_valid * USEC_PER_SEC,
+                                                    USEC_PER_SEC);
+        }
+
+        address_get(link, family, &in_addr, prefixlen, &address);
+
+        switch (type) {
+        case RTM_NEWADDR:
+                if (address)
+                        log_link_debug(link, "Updating address: %s/%u (valid %s%s)", buf, prefixlen,
+                                       valid_str ? "for " : "forever", valid_str ?: "");
+                else {
+                        /* An address appeared that we did not request */
+                        r = address_add_foreign(link, family, &in_addr, prefixlen, &address);
+                        if (r < 0) {
+                                log_link_warning_errno(link, r, "Failed to add address %s/%u: %m", buf, prefixlen);
+                                return 0;
+                        } else
+                                log_link_debug(link, "Adding address: %s/%u (valid %s%s)", buf, prefixlen,
+                                               valid_str ? "for " : "forever", valid_str ?: "");
+                }
+
+                address_update(address, flags, scope, &cinfo);
+
+                break;
+
+        case RTM_DELADDR:
+
+                if (address) {
+                        log_link_debug(link, "Removing address: %s/%u (valid %s%s)", buf, prefixlen,
+                                       valid_str ? "for " : "forever", valid_str ?: "");
+                        address_drop(address);
+                } else
+                        log_link_warning(link, "Removing non-existent address: %s/%u (valid %s%s)", buf, prefixlen,
+                                         valid_str ? "for " : "forever", valid_str ?: "");
+
+                break;
+        default:
+                assert_not_reached("Received invalid RTNL message type");
+        }
+
+        return 1;
+}
+
+static int manager_rtnl_process_link(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
+        Manager *m = userdata;
+        Link *link = NULL;
+        NetDev *netdev = NULL;
+        uint16_t type;
+        const char *name;
+        int r, ifindex;
+
+        assert(rtnl);
+        assert(message);
+        assert(m);
+
+        if (sd_netlink_message_is_error(message)) {
+                r = sd_netlink_message_get_errno(message);
+                if (r < 0)
+                        log_warning_errno(r, "rtnl: Could not receive link: %m");
+
+                return 0;
+        }
+
+        r = sd_netlink_message_get_type(message, &type);
+        if (r < 0) {
+                log_warning_errno(r, "rtnl: Could not get message type: %m");
+                return 0;
+        } else if (type != RTM_NEWLINK && type != RTM_DELLINK) {
+                log_warning("rtnl: Received unexpected message type when processing link");
+                return 0;
+        }
+
+        r = sd_rtnl_message_link_get_ifindex(message, &ifindex);
+        if (r < 0) {
+                log_warning_errno(r, "rtnl: Could not get ifindex from link: %m");
+                return 0;
+        } else if (ifindex <= 0) {
+                log_warning("rtnl: received link message with invalid ifindex: %d", ifindex);
+                return 0;
+        }
+
+        r = sd_netlink_message_read_string(message, IFLA_IFNAME, &name);
+        if (r < 0) {
+                log_warning_errno(r, "rtnl: Received link message without ifname: %m");
+                return 0;
+        }
+
+        (void) link_get(m, ifindex, &link);
+        (void) netdev_get(m, name, &netdev);
+
+        switch (type) {
+        case RTM_NEWLINK:
+                if (!link) {
+                        /* link is new, so add it */
+                        r = link_add(m, message, &link);
+                        if (r < 0) {
+                                log_warning_errno(r, "Could not add new link: %m");
+                                return 0;
+                        }
+                }
+
+                if (netdev) {
+                        /* netdev exists, so make sure the ifindex matches */
+                        r = netdev_set_ifindex(netdev, message);
+                        if (r < 0) {
+                                log_warning_errno(r, "Could not set ifindex on netdev: %m");
+                                return 0;
+                        }
+                }
+
+                r = link_update(link, message);
+                if (r < 0)
+                        return 0;
+
+                break;
+
+        case RTM_DELLINK:
+                link_drop(link);
+                netdev_drop(netdev);
+
+                break;
+
+        default:
+                assert_not_reached("Received invalid RTNL message type.");
+        }
+
+        return 1;
+}
+
+static int systemd_netlink_fd(void) {
+        int n, fd, rtnl_fd = -EINVAL;
+
+        n = sd_listen_fds(true);
+        if (n <= 0)
+                return -EINVAL;
+
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
+                if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
+                        if (rtnl_fd >= 0)
+                                return -EINVAL;
+
+                        rtnl_fd = fd;
+                }
+        }
+
+        return rtnl_fd;
+}
+
+static int manager_connect_rtnl(Manager *m) {
+        int fd, r;
+
+        assert(m);
+
+        fd = systemd_netlink_fd();
+        if (fd < 0)
+                r = sd_netlink_open(&m->rtnl);
+        else
+                r = sd_netlink_open_fd(&m->rtnl, fd);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_inc_rcvbuf(m->rtnl, RCVBUF_SIZE);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_attach_event(m->rtnl, m->event, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_add_match(m->rtnl, RTM_NEWLINK, &manager_rtnl_process_link, m);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_add_match(m->rtnl, RTM_DELLINK, &manager_rtnl_process_link, m);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_add_match(m->rtnl, RTM_NEWADDR, &manager_rtnl_process_address, m);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_add_match(m->rtnl, RTM_DELADDR, &manager_rtnl_process_address, m);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_add_match(m->rtnl, RTM_NEWROUTE, &manager_rtnl_process_route, m);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_add_match(m->rtnl, RTM_DELROUTE, &manager_rtnl_process_route, m);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int ordered_set_put_in_addr(OrderedSet *s, const struct in_addr *address) {
+        char *p;
+        int r;
+
+        assert(s);
+
+        r = in_addr_to_string(AF_INET, (const union in_addr_union*) address, &p);
+        if (r < 0)
+                return r;
+
+        r = ordered_set_consume(s, p);
+        if (r == -EEXIST)
+                return 0;
+
+        return r;
+}
+
+static int ordered_set_put_in_addrv(OrderedSet *s, const struct in_addr *addresses, int n) {
+        int r, i, c = 0;
+
+        assert(s);
+        assert(n <= 0 || addresses);
+
+        for (i = 0; i < n; i++) {
+                r = ordered_set_put_in_addr(s, addresses+i);
+                if (r < 0)
+                        return r;
+
+                c += r;
+        }
+
+        return c;
+}
+
+static void print_string_set(FILE *f, const char *field, OrderedSet *s) {
+        bool space = false;
+        Iterator i;
+        char *p;
+
+        if (ordered_set_isempty(s))
+                return;
+
+        fputs(field, f);
+
+        ORDERED_SET_FOREACH(p, s, i)
+                fputs_with_space(f, p, NULL, &space);
+
+        fputc('\n', f);
+}
+
+static int manager_save(Manager *m) {
+        _cleanup_ordered_set_free_free_ OrderedSet *dns = NULL, *ntp = NULL, *search_domains = NULL, *route_domains = NULL;
+        Link *link;
+        Iterator i;
+        _cleanup_free_ char *temp_path = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        LinkOperationalState operstate = LINK_OPERSTATE_OFF;
+        const char *operstate_str;
+        int r;
+
+        assert(m);
+        assert(m->state_file);
+
+        /* We add all NTP and DNS server to a set, to filter out duplicates */
+        dns = ordered_set_new(&string_hash_ops);
+        if (!dns)
+                return -ENOMEM;
+
+        ntp = ordered_set_new(&string_hash_ops);
+        if (!ntp)
+                return -ENOMEM;
+
+        search_domains = ordered_set_new(&dns_name_hash_ops);
+        if (!search_domains)
+                return -ENOMEM;
+
+        route_domains = ordered_set_new(&dns_name_hash_ops);
+        if (!route_domains)
+                return -ENOMEM;
+
+        HASHMAP_FOREACH(link, m->links, i) {
+                if (link->flags & IFF_LOOPBACK)
+                        continue;
+
+                if (link->operstate > operstate)
+                        operstate = link->operstate;
+
+                if (!link->network)
+                        continue;
+
+                /* First add the static configured entries */
+                r = ordered_set_put_strdupv(dns, link->network->dns);
+                if (r < 0)
+                        return r;
+
+                r = ordered_set_put_strdupv(ntp, link->network->ntp);
+                if (r < 0)
+                        return r;
+
+                r = ordered_set_put_strdupv(search_domains, link->network->search_domains);
+                if (r < 0)
+                        return r;
+
+                r = ordered_set_put_strdupv(route_domains, link->network->route_domains);
+                if (r < 0)
+                        return r;
+
+                if (!link->dhcp_lease)
+                        continue;
+
+                /* Secondly, add the entries acquired via DHCP */
+                if (link->network->dhcp_use_dns) {
+                        const struct in_addr *addresses;
+
+                        r = sd_dhcp_lease_get_dns(link->dhcp_lease, &addresses);
+                        if (r > 0) {
+                                r = ordered_set_put_in_addrv(dns, addresses, r);
+                                if (r < 0)
+                                        return r;
+                        } else if (r < 0 && r != -ENODATA)
+                                return r;
+                }
+
+                if (link->network->dhcp_use_ntp) {
+                        const struct in_addr *addresses;
+
+                        r = sd_dhcp_lease_get_ntp(link->dhcp_lease, &addresses);
+                        if (r > 0) {
+                                r = ordered_set_put_in_addrv(ntp, addresses, r);
+                                if (r < 0)
+                                        return r;
+                        } else if (r < 0 && r != -ENODATA)
+                                return r;
+                }
+
+                if (link->network->dhcp_use_domains != DHCP_USE_DOMAINS_NO) {
+                        const char *domainname;
+
+                        r = sd_dhcp_lease_get_domainname(link->dhcp_lease, &domainname);
+                        if (r >= 0) {
+
+                                if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_YES)
+                                        r = ordered_set_put_strdup(search_domains, domainname);
+                                else
+                                        r = ordered_set_put_strdup(route_domains, domainname);
+
+                                if (r < 0)
+                                        return r;
+                        } else if (r != -ENODATA)
+                                return r;
+                }
+        }
+
+        operstate_str = link_operstate_to_string(operstate);
+        assert(operstate_str);
+
+        r = fopen_temporary(m->state_file, &f, &temp_path);
+        if (r < 0)
+                return r;
+
+        fchmod(fileno(f), 0644);
+
+        fprintf(f,
+                "# This is private data. Do not parse.\n"
+                "OPER_STATE=%s\n", operstate_str);
+
+        print_string_set(f, "DNS=", dns);
+        print_string_set(f, "NTP=", ntp);
+        print_string_set(f, "DOMAINS=", search_domains);
+        print_string_set(f, "ROUTE_DOMAINS=", route_domains);
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        if (rename(temp_path, m->state_file) < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        if (m->operational_state != operstate) {
+                m->operational_state = operstate;
+                r = manager_send_changed(m, "OperationalState", NULL);
+                if (r < 0)
+                        log_error_errno(r, "Could not emit changed OperationalState: %m");
+        }
+
+        m->dirty = false;
+
+        return 0;
+
+fail:
+        (void) unlink(m->state_file);
+        (void) unlink(temp_path);
+
+        return log_error_errno(r, "Failed to save network state to %s: %m", m->state_file);
+}
+
+static int manager_dirty_handler(sd_event_source *s, void *userdata) {
+        Manager *m = userdata;
+        Link *link;
+        Iterator i;
+        int r;
+
+        assert(m);
+
+        if (m->dirty)
+                manager_save(m);
+
+        SET_FOREACH(link, m->dirty_links, i) {
+                r = link_save(link);
+                if (r >= 0)
+                        link_clean(link);
+        }
+
+        return 1;
+}
+
+int manager_new(Manager **ret) {
+        _cleanup_manager_free_ Manager *m = NULL;
+        int r;
+
+        m = new0(Manager, 1);
+        if (!m)
+                return -ENOMEM;
+
+        m->state_file = strdup("/run/systemd/netif/state");
+        if (!m->state_file)
+                return -ENOMEM;
+
+        r = sd_event_default(&m->event);
+        if (r < 0)
+                return r;
+
+        sd_event_set_watchdog(m->event, true);
+
+        sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
+        sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
+
+        r = sd_event_add_post(m->event, NULL, manager_dirty_handler, m);
+        if (r < 0)
+                return r;
+
+        r = manager_connect_rtnl(m);
+        if (r < 0)
+                return r;
+
+        r = manager_connect_udev(m);
+        if (r < 0)
+                return r;
+
+        m->netdevs = hashmap_new(&string_hash_ops);
+        if (!m->netdevs)
+                return -ENOMEM;
+
+        LIST_HEAD_INIT(m->networks);
+
+        r = setup_default_address_pool(m);
+        if (r < 0)
+                return r;
+
+        m->duid.type = DUID_TYPE_EN;
+
+        *ret = m;
+        m = NULL;
+
+        return 0;
+}
+
+void manager_free(Manager *m) {
+        Network *network;
+        NetDev *netdev;
+        Link *link;
+        AddressPool *pool;
+
+        if (!m)
+                return;
+
+        free(m->state_file);
+
+        while ((link = hashmap_first(m->links)))
+                link_unref(link);
+        hashmap_free(m->links);
+
+        while ((network = m->networks))
+                network_free(network);
+
+        hashmap_free(m->networks_by_name);
+
+        while ((netdev = hashmap_first(m->netdevs)))
+                netdev_unref(netdev);
+        hashmap_free(m->netdevs);
+
+        while ((pool = m->address_pools))
+                address_pool_free(pool);
+
+        sd_netlink_unref(m->rtnl);
+        sd_event_unref(m->event);
+
+        sd_event_source_unref(m->udev_event_source);
+        udev_monitor_unref(m->udev_monitor);
+        udev_unref(m->udev);
+
+        sd_bus_unref(m->bus);
+        sd_bus_slot_unref(m->prepare_for_sleep_slot);
+        sd_event_source_unref(m->bus_retry_event_source);
+
+        free(m);
+}
+
+static bool manager_check_idle(void *userdata) {
+        Manager *m = userdata;
+        Link *link;
+        Iterator i;
+
+        assert(m);
+
+        /* Check whether we are idle now. The only case when we decide to be idle is when there's only a loopback
+         * device around, for which we have no configuration, and which already left the PENDING state. In all other
+         * cases we are not idle. */
+
+        HASHMAP_FOREACH(link, m->links, i) {
+                /* We are not woken on udev activity, so let's just wait for the pending udev event */
+                if (link->state == LINK_STATE_PENDING)
+                        return false;
+
+                if ((link->flags & IFF_LOOPBACK) == 0)
+                        return false;
+
+                if (link->network)
+                        return false;
+        }
+
+        return true;
+}
+
+int manager_run(Manager *m) {
+        Link *link;
+        Iterator i;
+
+        assert(m);
+
+        /* The dirty handler will deal with future serialization, but the first one
+           must be done explicitly. */
+
+        manager_save(m);
+
+        HASHMAP_FOREACH(link, m->links, i)
+                link_save(link);
+
+        if (m->bus)
+                return bus_event_loop_with_idle(
+                                m->event,
+                                m->bus,
+                                "org.freedesktop.network1",
+                                DEFAULT_EXIT_USEC,
+                                manager_check_idle,
+                                m);
+        else
+                /* failed to connect to the bus, so we lose exit-on-idle logic,
+                   this should not happen except if dbus is not around at all */
+                return sd_event_loop(m->event);
+}
+
+int manager_load_config(Manager *m) {
+        int r;
+
+        /* update timestamp */
+        paths_check_timestamp(network_dirs, &m->network_dirs_ts_usec, true);
+
+        r = netdev_load(m);
+        if (r < 0)
+                return r;
+
+        r = network_load(m);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+bool manager_should_reload(Manager *m) {
+        return paths_check_timestamp(network_dirs, &m->network_dirs_ts_usec, false);
+}
+
+int manager_rtnl_enumerate_links(Manager *m) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        sd_netlink_message *link;
+        int r;
+
+        assert(m);
+        assert(m->rtnl);
+
+        r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_request_dump(req, true);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(m->rtnl, req, 0, &reply);
+        if (r < 0)
+                return r;
+
+        for (link = reply; link; link = sd_netlink_message_next(link)) {
+                int k;
+
+                m->enumerating = true;
+
+                k = manager_rtnl_process_link(m->rtnl, link, m);
+                if (k < 0)
+                        r = k;
+
+                m->enumerating = false;
+        }
+
+        return r;
+}
+
+int manager_rtnl_enumerate_addresses(Manager *m) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        sd_netlink_message *addr;
+        int r;
+
+        assert(m);
+        assert(m->rtnl);
+
+        r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_request_dump(req, true);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(m->rtnl, req, 0, &reply);
+        if (r < 0)
+                return r;
+
+        for (addr = reply; addr; addr = sd_netlink_message_next(addr)) {
+                int k;
+
+                m->enumerating = true;
+
+                k = manager_rtnl_process_address(m->rtnl, addr, m);
+                if (k < 0)
+                        r = k;
+
+                m->enumerating = false;
+        }
+
+        return r;
+}
+
+int manager_rtnl_enumerate_routes(Manager *m) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        sd_netlink_message *route;
+        int r;
+
+        assert(m);
+        assert(m->rtnl);
+
+        r = sd_rtnl_message_new_route(m->rtnl, &req, RTM_GETROUTE, 0, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_request_dump(req, true);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(m->rtnl, req, 0, &reply);
+        if (r < 0)
+                return r;
+
+        for (route = reply; route; route = sd_netlink_message_next(route)) {
+                int k;
+
+                m->enumerating = true;
+
+                k = manager_rtnl_process_route(m->rtnl, route, m);
+                if (k < 0)
+                        r = k;
+
+                m->enumerating = false;
+        }
+
+        return r;
+}
+
+int manager_address_pool_acquire(Manager *m, int family, unsigned prefixlen, union in_addr_union *found) {
+        AddressPool *p;
+        int r;
+
+        assert(m);
+        assert(prefixlen > 0);
+        assert(found);
+
+        LIST_FOREACH(address_pools, p, m->address_pools) {
+                if (p->family != family)
+                        continue;
+
+                r = address_pool_acquire(p, prefixlen, found);
+                if (r != 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+Link* manager_find_uplink(Manager *m, Link *exclude) {
+        _cleanup_free_ struct local_address *gateways = NULL;
+        int n, i;
+
+        assert(m);
+
+        /* Looks for a suitable "uplink", via black magic: an
+         * interface that is up and where the default route with the
+         * highest priority points to. */
+
+        n = local_gateways(m->rtnl, 0, AF_UNSPEC, &gateways);
+        if (n < 0) {
+                log_warning_errno(n, "Failed to determine list of default gateways: %m");
+                return NULL;
+        }
+
+        for (i = 0; i < n; i++) {
+                Link *link;
+
+                link = hashmap_get(m->links, INT_TO_PTR(gateways[i].ifindex));
+                if (!link) {
+                        log_debug("Weird, found a gateway for a link we don't know. Ignoring.");
+                        continue;
+                }
+
+                if (link == exclude)
+                        continue;
+
+                if (link->operstate < LINK_OPERSTATE_ROUTABLE)
+                        continue;
+
+                return link;
+        }
+
+        return NULL;
+}
+
+void manager_dirty(Manager *manager) {
+        assert(manager);
+
+        /* the serialized state in /run is no longer up-to-date */
+        manager->dirty = true;
+}
diff --git a/src/grp-network/libnetworkd-core/networkd-ndisc.c b/src/grp-network/libnetworkd-core/networkd-ndisc.c
new file mode 100644
index 0000000000..f3a4fc0fa5
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-ndisc.c
@@ -0,0 +1,258 @@
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2014 Intel Corporation. All rights reserved.
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/ether.h>
+#include <netinet/icmp6.h>
+#include <netinet/in.h>
+#include <linux/if.h>
+
+#include <systemd/sd-ndisc.h>
+
+#include "networkd.h"
+
+static int ndisc_netlink_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
+        _cleanup_link_unref_ Link *link = userdata;
+        int r;
+
+        assert(link);
+        assert(link->ndisc_messages > 0);
+
+        link->ndisc_messages--;
+
+        r = sd_netlink_message_get_errno(m);
+        if (r < 0 && r != -EEXIST) {
+                log_link_error_errno(link, r, "Could not set NDisc route or address: %m");
+                link_enter_failed(link);
+        }
+
+        if (link->ndisc_messages == 0) {
+                link->ndisc_configured = true;
+                link_check_ready(link);
+        }
+
+        return 1;
+}
+
+static void ndisc_prefix_autonomous_handler(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen,
+                                            unsigned lifetime_preferred, unsigned lifetime_valid, void *userdata) {
+        _cleanup_address_free_ Address *address = NULL;
+        Link *link = userdata;
+        usec_t time_now;
+        int r;
+
+        assert(nd);
+        assert(link);
+        assert(link->network);
+
+        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+                return;
+
+        r = address_new(&address);
+        if (r < 0) {
+                log_link_error_errno(link, r, "Could not allocate address: %m");
+                return;
+        }
+
+        assert_se(sd_event_now(link->manager->event, clock_boottime_or_monotonic(), &time_now) >= 0);
+
+        address->family = AF_INET6;
+        address->in_addr.in6 = *prefix;
+        if (in_addr_is_null(AF_INET6, (const union in_addr_union *) &link->network->ipv6_token) == 0)
+                memcpy(((char *)&address->in_addr.in6) + 8, ((char *)&link->network->ipv6_token) + 8, 8);
+        else {
+                /* see RFC4291 section 2.5.1 */
+                address->in_addr.in6.s6_addr[8]  = link->mac.ether_addr_octet[0];
+                address->in_addr.in6.s6_addr[8] ^= 1 << 1;
+                address->in_addr.in6.s6_addr[9]  = link->mac.ether_addr_octet[1];
+                address->in_addr.in6.s6_addr[10] = link->mac.ether_addr_octet[2];
+                address->in_addr.in6.s6_addr[11] = 0xff;
+                address->in_addr.in6.s6_addr[12] = 0xfe;
+                address->in_addr.in6.s6_addr[13] = link->mac.ether_addr_octet[3];
+                address->in_addr.in6.s6_addr[14] = link->mac.ether_addr_octet[4];
+                address->in_addr.in6.s6_addr[15] = link->mac.ether_addr_octet[5];
+        }
+        address->prefixlen = prefixlen;
+        address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
+        address->cinfo.ifa_prefered = lifetime_preferred;
+        address->cinfo.ifa_valid = lifetime_valid;
+
+        r = address_configure(address, link, ndisc_netlink_handler, true);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "Could not set SLAAC address: %m");
+                link_enter_failed(link);
+                return;
+        }
+
+        link->ndisc_messages++;
+}
+
+static void ndisc_prefix_onlink_handler(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen, unsigned lifetime, void *userdata) {
+        _cleanup_route_free_ Route *route = NULL;
+        Link *link = userdata;
+        usec_t time_now;
+        int r;
+
+        assert(nd);
+        assert(link);
+
+        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+                return;
+
+        r = route_new(&route);
+        if (r < 0) {
+                log_link_error_errno(link, r, "Could not allocate route: %m");
+                return;
+        }
+
+        assert_se(sd_event_now(link->manager->event, clock_boottime_or_monotonic(), &time_now) >= 0);
+
+        route->family = AF_INET6;
+        route->table = RT_TABLE_MAIN;
+        route->protocol = RTPROT_RA;
+        route->flags = RTM_F_PREFIX;
+        route->dst.in6 = *prefix;
+        route->dst_prefixlen = prefixlen;
+        route->lifetime = time_now + lifetime * USEC_PER_SEC;
+
+        r = route_configure(route, link, ndisc_netlink_handler);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "Could not set prefix route: %m");
+                link_enter_failed(link);
+                return;
+        }
+
+        link->ndisc_messages++;
+}
+
+static void ndisc_router_handler(sd_ndisc *nd, uint8_t flags, const struct in6_addr *gateway, unsigned lifetime, int pref, void *userdata) {
+        _cleanup_route_free_ Route *route = NULL;
+        Link *link = userdata;
+        usec_t time_now;
+        int r;
+
+        assert(link);
+        assert(link->network);
+        assert(link->manager);
+
+        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+                return;
+
+        if (flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)) {
+                if (flags & ND_RA_FLAG_MANAGED)
+                        dhcp6_request_address(link);
+
+                r = sd_dhcp6_client_set_local_address(link->dhcp6_client, &link->ipv6ll_address);
+                if (r < 0 && r != -EBUSY)
+                        log_link_warning_errno(link, r, "Could not set IPv6LL address in DHCP client: %m");
+
+                r = sd_dhcp6_client_start(link->dhcp6_client);
+                if (r < 0 && r != -EBUSY)
+                        log_link_warning_errno(link, r, "Starting DHCPv6 client on NDisc request failed: %m");
+        }
+
+        if (!gateway)
+                return;
+
+        r = route_new(&route);
+        if (r < 0) {
+                log_link_error_errno(link, r, "Could not allocate route: %m");
+                return;
+        }
+
+        assert_se(sd_event_now(link->manager->event, clock_boottime_or_monotonic(), &time_now) >= 0);
+
+        route->family = AF_INET6;
+        route->table = RT_TABLE_MAIN;
+        route->protocol = RTPROT_RA;
+        route->pref = pref;
+        route->gw.in6 = *gateway;
+        route->lifetime = time_now + lifetime * USEC_PER_SEC;
+
+        r = route_configure(route, link, ndisc_netlink_handler);
+        if (r < 0) {
+                log_link_warning_errno(link, r, "Could not set default route: %m");
+                link_enter_failed(link);
+                return;
+        }
+
+        link->ndisc_messages++;
+}
+
+static void ndisc_handler(sd_ndisc *nd, int event, void *userdata) {
+        Link *link = userdata;
+        int r;
+
+        assert(link);
+
+        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+                return;
+
+        switch (event) {
+        case SD_NDISC_EVENT_TIMEOUT:
+                dhcp6_request_address(link);
+
+                r = sd_dhcp6_client_set_local_address(link->dhcp6_client, &link->ipv6ll_address);
+                if (r < 0 && r != -EBUSY)
+                        log_link_warning_errno(link, r, "Could not set IPv6LL address in DHCP client: %m");
+
+                r = sd_dhcp6_client_start(link->dhcp6_client);
+                if (r < 0 && r != -EBUSY)
+                        log_link_warning_errno(link, r, "Starting DHCPv6 client after NDisc timeout failed: %m");
+
+                link->ndisc_configured = true;
+                link_check_ready(link);
+
+                break;
+        case SD_NDISC_EVENT_STOP:
+                break;
+        default:
+                log_link_warning(link, "IPv6 Neighbor Discovery unknown event: %d", event);
+        }
+}
+
+int ndisc_configure(Link *link) {
+        int r;
+
+        assert_return(link, -EINVAL);
+
+        r = sd_ndisc_new(&link->ndisc_router_discovery);
+        if (r < 0)
+                return r;
+
+        r = sd_ndisc_attach_event(link->ndisc_router_discovery, NULL, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_ndisc_set_mac(link->ndisc_router_discovery, &link->mac);
+        if (r < 0)
+                return r;
+
+        r = sd_ndisc_set_index(link->ndisc_router_discovery, link->ifindex);
+        if (r < 0)
+                return r;
+
+        r = sd_ndisc_set_callback(link->ndisc_router_discovery,
+                                  ndisc_router_handler,
+                                  ndisc_prefix_onlink_handler,
+                                  ndisc_prefix_autonomous_handler,
+                                  ndisc_handler,
+                                  link);
+
+        return r;
+}
diff --git a/src/grp-network/libnetworkd-core/networkd-netdev-bond.c b/src/grp-network/libnetworkd-core/networkd-netdev-bond.c
new file mode 100644
index 0000000000..7005b165d9
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-bond.c
@@ -0,0 +1,444 @@
+/***
+    This file is part of systemd.
+
+    Copyright 2014  Tom Gundersen <teg@jklm.no>
+    Copyright 2014  Susant Sahani
+
+    systemd is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 2.1 of the License, or
+    (at your option) any later version.
+
+    systemd is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/ether.h>
+#include <linux/if_bonding.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "conf-parser.h"
+#include "extract-word.h"
+#include "missing.h"
+#include "networkd-netdev-bond.h"
+#include "string-table.h"
+#include "string-util.h"
+
+/*
+ * Number of seconds between instances where the bonding
+ * driver sends learning packets to each slaves peer switch
+ */
+#define LEARNING_PACKETS_INTERVAL_MIN_SEC       (1 * USEC_PER_SEC)
+#define LEARNING_PACKETS_INTERVAL_MAX_SEC       (0x7fffffff * USEC_PER_SEC)
+
+/* Number of IGMP membership reports to be issued after
+ * a failover event.
+ */
+#define RESEND_IGMP_MIN           0
+#define RESEND_IGMP_MAX           255
+#define RESEND_IGMP_DEFAULT       1
+
+/*
+ * Number of packets to transmit through a slave before
+ * moving to the next one.
+ */
+#define PACKETS_PER_SLAVE_MIN     0
+#define PACKETS_PER_SLAVE_MAX     65535
+#define PACKETS_PER_SLAVE_DEFAULT 1
+
+/*
+ * Number of peer notifications (gratuitous ARPs and
+ * unsolicited IPv6 Neighbor Advertisements) to be issued after a
+ * failover event.
+ */
+#define GRATUITOUS_ARP_MIN        0
+#define GRATUITOUS_ARP_MAX        255
+#define GRATUITOUS_ARP_DEFAULT    1
+
+static const char* const bond_mode_table[_NETDEV_BOND_MODE_MAX] = {
+        [NETDEV_BOND_MODE_BALANCE_RR] = "balance-rr",
+        [NETDEV_BOND_MODE_ACTIVE_BACKUP] = "active-backup",
+        [NETDEV_BOND_MODE_BALANCE_XOR] = "balance-xor",
+        [NETDEV_BOND_MODE_BROADCAST] = "broadcast",
+        [NETDEV_BOND_MODE_802_3AD] = "802.3ad",
+        [NETDEV_BOND_MODE_BALANCE_TLB] = "balance-tlb",
+        [NETDEV_BOND_MODE_BALANCE_ALB] = "balance-alb",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_mode, BondMode);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_mode, bond_mode, BondMode, "Failed to parse bond mode");
+
+static const char* const bond_xmit_hash_policy_table[_NETDEV_BOND_XMIT_HASH_POLICY_MAX] = {
+        [NETDEV_BOND_XMIT_HASH_POLICY_LAYER2] = "layer2",
+        [NETDEV_BOND_XMIT_HASH_POLICY_LAYER34] = "layer3+4",
+        [NETDEV_BOND_XMIT_HASH_POLICY_LAYER23] = "layer2+3",
+        [NETDEV_BOND_XMIT_HASH_POLICY_ENCAP23] = "encap2+3",
+        [NETDEV_BOND_XMIT_HASH_POLICY_ENCAP34] = "encap3+4",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_xmit_hash_policy, BondXmitHashPolicy);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_xmit_hash_policy,
+                         bond_xmit_hash_policy,
+                         BondXmitHashPolicy,
+                         "Failed to parse bond transmit hash policy")
+
+static const char* const bond_lacp_rate_table[_NETDEV_BOND_LACP_RATE_MAX] = {
+        [NETDEV_BOND_LACP_RATE_SLOW] = "slow",
+        [NETDEV_BOND_LACP_RATE_FAST] = "fast",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_lacp_rate, BondLacpRate);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_lacp_rate, bond_lacp_rate, BondLacpRate, "Failed to parse bond lacp rate")
+
+static const char* const bond_ad_select_table[_NETDEV_BOND_AD_SELECT_MAX] = {
+        [NETDEV_BOND_AD_SELECT_STABLE] = "stable",
+        [NETDEV_BOND_AD_SELECT_BANDWIDTH] = "bandwidth",
+        [NETDEV_BOND_AD_SELECT_COUNT] = "count",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_ad_select, BondAdSelect);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_ad_select, bond_ad_select, BondAdSelect, "Failed to parse bond AD select");
+
+static const char* const bond_fail_over_mac_table[_NETDEV_BOND_FAIL_OVER_MAC_MAX] = {
+        [NETDEV_BOND_FAIL_OVER_MAC_NONE] = "none",
+        [NETDEV_BOND_FAIL_OVER_MAC_ACTIVE] = "active",
+        [NETDEV_BOND_FAIL_OVER_MAC_FOLLOW] = "follow",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_fail_over_mac, BondFailOverMac);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_fail_over_mac, bond_fail_over_mac, BondFailOverMac, "Failed to parse bond fail over MAC");
+
+static const char *const bond_arp_validate_table[_NETDEV_BOND_ARP_VALIDATE_MAX] = {
+        [NETDEV_BOND_ARP_VALIDATE_NONE] = "none",
+        [NETDEV_BOND_ARP_VALIDATE_ACTIVE]= "active",
+        [NETDEV_BOND_ARP_VALIDATE_BACKUP]= "backup",
+        [NETDEV_BOND_ARP_VALIDATE_ALL]= "all",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_arp_validate, BondArpValidate);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_arp_validate, bond_arp_validate, BondArpValidate, "Failed to parse bond arp validate");
+
+static const char *const bond_arp_all_targets_table[_NETDEV_BOND_ARP_ALL_TARGETS_MAX] = {
+        [NETDEV_BOND_ARP_ALL_TARGETS_ANY] = "any",
+        [NETDEV_BOND_ARP_ALL_TARGETS_ALL] = "all",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_arp_all_targets, BondArpAllTargets);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_arp_all_targets, bond_arp_all_targets, BondArpAllTargets, "Failed to parse bond Arp all targets");
+
+static const char *bond_primary_reselect_table[_NETDEV_BOND_PRIMARY_RESELECT_MAX] = {
+        [NETDEV_BOND_PRIMARY_RESELECT_ALWAYS] = "always",
+        [NETDEV_BOND_PRIMARY_RESELECT_BETTER]= "better",
+        [NETDEV_BOND_PRIMARY_RESELECT_FAILURE]= "failure",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bond_primary_reselect, BondPrimaryReselect);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_primary_reselect, bond_primary_reselect, BondPrimaryReselect, "Failed to parse bond primary reselect");
+
+static uint8_t bond_mode_to_kernel(BondMode mode) {
+        switch (mode) {
+        case NETDEV_BOND_MODE_BALANCE_RR:
+                return BOND_MODE_ROUNDROBIN;
+        case NETDEV_BOND_MODE_ACTIVE_BACKUP:
+                return BOND_MODE_ACTIVEBACKUP;
+        case NETDEV_BOND_MODE_BALANCE_XOR:
+                return BOND_MODE_XOR;
+        case NETDEV_BOND_MODE_BROADCAST:
+                return BOND_MODE_BROADCAST;
+        case NETDEV_BOND_MODE_802_3AD:
+                return BOND_MODE_8023AD;
+        case NETDEV_BOND_MODE_BALANCE_TLB:
+                return BOND_MODE_TLB;
+        case NETDEV_BOND_MODE_BALANCE_ALB:
+                return BOND_MODE_ALB;
+        default:
+                return (uint8_t) -1;
+        }
+}
+
+static uint8_t bond_xmit_hash_policy_to_kernel(BondXmitHashPolicy policy) {
+        switch (policy) {
+        case NETDEV_BOND_XMIT_HASH_POLICY_LAYER2:
+                return BOND_XMIT_POLICY_LAYER2;
+        case NETDEV_BOND_XMIT_HASH_POLICY_LAYER34:
+                return BOND_XMIT_POLICY_LAYER34;
+        case NETDEV_BOND_XMIT_HASH_POLICY_LAYER23:
+                return BOND_XMIT_POLICY_LAYER23;
+        case NETDEV_BOND_XMIT_HASH_POLICY_ENCAP23:
+                return BOND_XMIT_POLICY_ENCAP23;
+        case NETDEV_BOND_XMIT_HASH_POLICY_ENCAP34:
+                return BOND_XMIT_POLICY_ENCAP34;
+        default:
+                return (uint8_t) -1;
+        }
+}
+
+static int netdev_bond_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Bond *b;
+        ArpIpTarget *target = NULL;
+        int r, i = 0;
+
+        assert(netdev);
+        assert(!link);
+        assert(m);
+
+        b = BOND(netdev);
+
+        assert(b);
+
+        if (b->mode != _NETDEV_BOND_MODE_INVALID) {
+                r = sd_netlink_message_append_u8(m, IFLA_BOND_MODE,
+                                              bond_mode_to_kernel(b->mode));
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_MODE attribute: %m");
+        }
+
+        if (b->xmit_hash_policy != _NETDEV_BOND_XMIT_HASH_POLICY_INVALID) {
+                r = sd_netlink_message_append_u8(m, IFLA_BOND_XMIT_HASH_POLICY,
+                                              bond_xmit_hash_policy_to_kernel(b->xmit_hash_policy));
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_XMIT_HASH_POLICY attribute: %m");
+        }
+
+        if (b->lacp_rate != _NETDEV_BOND_LACP_RATE_INVALID &&
+            b->mode == NETDEV_BOND_MODE_802_3AD) {
+                r = sd_netlink_message_append_u8(m, IFLA_BOND_AD_LACP_RATE, b->lacp_rate );
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_AD_LACP_RATE attribute: %m");
+        }
+
+        if (b->miimon != 0) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_MIIMON, b->miimon / USEC_PER_MSEC);
+                if (r < 0)
+                        log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_BOND_MIIMON attribute: %m");
+        }
+
+        if (b->downdelay != 0) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_DOWNDELAY, b->downdelay / USEC_PER_MSEC);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_DOWNDELAY attribute: %m");
+        }
+
+        if (b->updelay != 0) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_UPDELAY, b->updelay / USEC_PER_MSEC);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_UPDELAY attribute: %m");
+        }
+
+        if (b->arp_interval != 0) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_INTERVAL, b->arp_interval / USEC_PER_MSEC);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_INTERVAL attribute: %m");
+
+                if ((b->lp_interval >= LEARNING_PACKETS_INTERVAL_MIN_SEC) &&
+                    (b->lp_interval <= LEARNING_PACKETS_INTERVAL_MAX_SEC)) {
+                        r = sd_netlink_message_append_u32(m, IFLA_BOND_LP_INTERVAL, b->lp_interval / USEC_PER_SEC);
+                        if (r < 0)
+                                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_LP_INTERVAL attribute: %m");
+                }
+        }
+
+        if (b->ad_select != _NETDEV_BOND_AD_SELECT_INVALID &&
+            b->mode == NETDEV_BOND_MODE_802_3AD) {
+                r = sd_netlink_message_append_u8(m, IFLA_BOND_AD_SELECT, b->ad_select);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_AD_SELECT attribute: %m");
+        }
+
+        if (b->fail_over_mac != _NETDEV_BOND_FAIL_OVER_MAC_INVALID &&
+            b->mode == NETDEV_BOND_MODE_ACTIVE_BACKUP) {
+                r = sd_netlink_message_append_u8(m, IFLA_BOND_FAIL_OVER_MAC, b->fail_over_mac);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_FAIL_OVER_MAC attribute: %m");
+        }
+
+        if (b->arp_validate != _NETDEV_BOND_ARP_VALIDATE_INVALID) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_VALIDATE, b->arp_validate);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_VALIDATE attribute: %m");
+        }
+
+        if (b->arp_all_targets != _NETDEV_BOND_ARP_ALL_TARGETS_INVALID) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_ALL_TARGETS, b->arp_all_targets);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_VALIDATE attribute: %m");
+        }
+
+        if (b->primary_reselect != _NETDEV_BOND_PRIMARY_RESELECT_INVALID) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_ALL_TARGETS, b->primary_reselect);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_ALL_TARGETS attribute: %m");
+        }
+
+        if (b->resend_igmp <= RESEND_IGMP_MAX) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_RESEND_IGMP, b->resend_igmp);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_RESEND_IGMP attribute: %m");
+        }
+
+        if (b->packets_per_slave <= PACKETS_PER_SLAVE_MAX &&
+            b->mode == NETDEV_BOND_MODE_BALANCE_RR) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_PACKETS_PER_SLAVE, b->packets_per_slave);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_PACKETS_PER_SLAVE attribute: %m");
+        }
+
+        if (b->num_grat_arp <= GRATUITOUS_ARP_MAX) {
+                r = sd_netlink_message_append_u8(m, IFLA_BOND_NUM_PEER_NOTIF, b->num_grat_arp);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_NUM_PEER_NOTIF attribute: %m");
+        }
+
+        if (b->min_links != 0) {
+                r = sd_netlink_message_append_u32(m, IFLA_BOND_MIN_LINKS, b->min_links);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_MIN_LINKS attribute: %m");
+        }
+
+        r = sd_netlink_message_append_u8(m, IFLA_BOND_ALL_SLAVES_ACTIVE, b->all_slaves_active);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ALL_SLAVES_ACTIVE attribute: %m");
+
+        if (b->arp_interval > 0)  {
+                if (b->n_arp_ip_targets > 0) {
+
+                        r = sd_netlink_message_open_container(m, IFLA_BOND_ARP_IP_TARGET);
+                        if (r < 0)
+                                return log_netdev_error_errno(netdev, r, "Could not open contaniner IFLA_BOND_ARP_IP_TARGET : %m");
+
+                        LIST_FOREACH(arp_ip_target, target, b->arp_ip_targets) {
+                                r = sd_netlink_message_append_u32(m, i++, target->ip.in.s_addr);
+                                if (r < 0)
+                                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_ALL_TARGETS attribute: %m");
+                        }
+
+                        r = sd_netlink_message_close_container(m);
+                        if (r < 0)
+                                return log_netdev_error_errno(netdev, r, "Could not close contaniner IFLA_BOND_ARP_IP_TARGET : %m");
+                }
+        }
+
+        return 0;
+}
+
+int config_parse_arp_ip_target_address(const char *unit,
+                                       const char *filename,
+                                       unsigned line,
+                                       const char *section,
+                                       unsigned section_line,
+                                       const char *lvalue,
+                                       int ltype,
+                                       const char *rvalue,
+                                       void *data,
+                                       void *userdata) {
+        Bond *b = userdata;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        for (;;) {
+                _cleanup_free_ ArpIpTarget *buffer = NULL;
+                _cleanup_free_ char *n = NULL;
+                int f;
+
+                r = extract_first_word(&rvalue, &n, NULL, 0);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse Bond ARP ip target address, ignoring assignment: %s", rvalue);
+                        return 0;
+                }
+
+                if (r == 0)
+                        break;
+
+                buffer = new0(ArpIpTarget, 1);
+                if (!buffer)
+                        return -ENOMEM;
+
+                r = in_addr_from_string_auto(n, &f, &buffer->ip);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Bond ARP ip target address is invalid, ignoring assignment: %s", n);
+                        return 0;
+                }
+
+                if (f != AF_INET) {
+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Bond ARP ip target address is invalid, ignoring assignment: %s", n);
+                        return 0;
+                }
+
+                LIST_PREPEND(arp_ip_target, b->arp_ip_targets, buffer);
+                b->n_arp_ip_targets++;
+
+                buffer = NULL;
+        }
+
+        if (b->n_arp_ip_targets > NETDEV_BOND_ARP_TARGETS_MAX)
+                log_syntax(unit, LOG_WARNING, filename, line, 0,
+                           "More than the maximum number of kernel-supported ARP ip targets specified: %d > %d",
+                           b->n_arp_ip_targets, NETDEV_BOND_ARP_TARGETS_MAX);
+
+        return 0;
+}
+
+static void bond_done(NetDev *netdev) {
+        ArpIpTarget *t = NULL, *n = NULL;
+        Bond *b;
+
+        assert(netdev);
+
+        b = BOND(netdev);
+
+        assert(b);
+
+        LIST_FOREACH_SAFE(arp_ip_target, t, n, b->arp_ip_targets)
+                free(t);
+
+        b->arp_ip_targets = NULL;
+}
+
+static void bond_init(NetDev *netdev) {
+        Bond *b;
+
+        assert(netdev);
+
+        b = BOND(netdev);
+
+        assert(b);
+
+        b->mode = _NETDEV_BOND_MODE_INVALID;
+        b->xmit_hash_policy = _NETDEV_BOND_XMIT_HASH_POLICY_INVALID;
+        b->lacp_rate = _NETDEV_BOND_LACP_RATE_INVALID;
+        b->ad_select = _NETDEV_BOND_AD_SELECT_INVALID;
+        b->fail_over_mac = _NETDEV_BOND_FAIL_OVER_MAC_INVALID;
+        b->arp_validate = _NETDEV_BOND_ARP_VALIDATE_INVALID;
+        b->arp_all_targets = _NETDEV_BOND_ARP_ALL_TARGETS_INVALID;
+        b->primary_reselect = _NETDEV_BOND_PRIMARY_RESELECT_INVALID;
+
+        b->all_slaves_active = false;
+
+        b->resend_igmp = RESEND_IGMP_DEFAULT;
+        b->packets_per_slave = PACKETS_PER_SLAVE_DEFAULT;
+        b->num_grat_arp = GRATUITOUS_ARP_DEFAULT;
+        b->lp_interval = LEARNING_PACKETS_INTERVAL_MIN_SEC;
+
+        LIST_HEAD_INIT(b->arp_ip_targets);
+        b->n_arp_ip_targets = 0;
+}
+
+const NetDevVTable bond_vtable = {
+        .object_size = sizeof(Bond),
+        .init = bond_init,
+        .done = bond_done,
+        .sections = "Match\0NetDev\0Bond\0",
+        .fill_message_create = netdev_bond_fill_message_create,
+        .create_type = NETDEV_CREATE_MASTER,
+};
diff --git a/src/network/networkd-netdev-bond.h b/src/grp-network/libnetworkd-core/networkd-netdev-bond.h
index b941edb344..b941edb344 100644
--- a/src/network/networkd-netdev-bond.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-bond.h
diff --git a/src/network/networkd-netdev-bridge.c b/src/grp-network/libnetworkd-core/networkd-netdev-bridge.c
index 4cfd00413f..4cfd00413f 100644
--- a/src/network/networkd-netdev-bridge.c
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-bridge.c
diff --git a/src/network/networkd-netdev-bridge.h b/src/grp-network/libnetworkd-core/networkd-netdev-bridge.h
index f2ae21fc50..f2ae21fc50 100644
--- a/src/network/networkd-netdev-bridge.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-bridge.h
diff --git a/src/network/networkd-netdev-dummy.c b/src/grp-network/libnetworkd-core/networkd-netdev-dummy.c
index 6617a86c20..6617a86c20 100644
--- a/src/network/networkd-netdev-dummy.c
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-dummy.c
diff --git a/src/network/networkd-netdev-dummy.h b/src/grp-network/libnetworkd-core/networkd-netdev-dummy.h
index efe302267e..efe302267e 100644
--- a/src/network/networkd-netdev-dummy.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-dummy.h
diff --git a/src/network/networkd-netdev-gperf.gperf b/src/grp-network/libnetworkd-core/networkd-netdev-gperf.gperf
index ba04bb0165..ba04bb0165 100644
--- a/src/network/networkd-netdev-gperf.gperf
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-gperf.gperf
diff --git a/src/network/networkd-netdev-ipvlan.c b/src/grp-network/libnetworkd-core/networkd-netdev-ipvlan.c
index af4177e43a..af4177e43a 100644
--- a/src/network/networkd-netdev-ipvlan.c
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-ipvlan.c
diff --git a/src/network/networkd-netdev-ipvlan.h b/src/grp-network/libnetworkd-core/networkd-netdev-ipvlan.h
index 10d4079844..10d4079844 100644
--- a/src/network/networkd-netdev-ipvlan.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-ipvlan.h
diff --git a/src/network/networkd-netdev-macvlan.c b/src/grp-network/libnetworkd-core/networkd-netdev-macvlan.c
index 48e98aa51b..48e98aa51b 100644
--- a/src/network/networkd-netdev-macvlan.c
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-macvlan.c
diff --git a/src/network/networkd-netdev-macvlan.h b/src/grp-network/libnetworkd-core/networkd-netdev-macvlan.h
index 3663f4f051..3663f4f051 100644
--- a/src/network/networkd-netdev-macvlan.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-macvlan.h
diff --git a/src/grp-network/libnetworkd-core/networkd-netdev-tunnel.c b/src/grp-network/libnetworkd-core/networkd-netdev-tunnel.c
new file mode 100644
index 0000000000..26a9a972f1
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-tunnel.c
@@ -0,0 +1,650 @@
+/***
+    This file is part of systemd.
+
+    Copyright 2014 Susant Sahani
+
+    systemd is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 2.1 of the License, or
+    (at your option) any later version.
+
+    systemd is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <linux/ip.h>
+#include <linux/if_tunnel.h>
+#include <linux/ip6_tunnel.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "conf-parser.h"
+#include "missing.h"
+#include "networkd-link.h"
+#include "networkd-netdev-tunnel.h"
+#include "parse-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "util.h"
+
+#define DEFAULT_TNL_HOP_LIMIT   64
+#define IP6_FLOWINFO_FLOWLABEL  htonl(0x000FFFFF)
+
+static const char* const ip6tnl_mode_table[_NETDEV_IP6_TNL_MODE_MAX] = {
+        [NETDEV_IP6_TNL_MODE_IP6IP6] = "ip6ip6",
+        [NETDEV_IP6_TNL_MODE_IPIP6] = "ipip6",
+        [NETDEV_IP6_TNL_MODE_ANYIP6] = "any",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(ip6tnl_mode, Ip6TnlMode);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_ip6tnl_mode, ip6tnl_mode, Ip6TnlMode, "Failed to parse ip6 tunnel Mode");
+
+static int netdev_ipip_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Tunnel *t = IPIP(netdev);
+        int r;
+
+        assert(netdev);
+        assert(link);
+        assert(m);
+        assert(t);
+        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
+
+        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_LOCAL, &t->local.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL  attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PMTUDISC, t->pmtudisc);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m");
+
+        return r;
+}
+
+static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Tunnel *t = SIT(netdev);
+        int r;
+
+        assert(netdev);
+        assert(link);
+        assert(m);
+        assert(t);
+        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
+
+        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_LOCAL, &t->local.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PMTUDISC, t->pmtudisc);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m");
+
+        return r;
+}
+
+static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Tunnel *t;
+        int r;
+
+        assert(netdev);
+
+        if (netdev->kind == NETDEV_KIND_GRE)
+                t = GRE(netdev);
+        else
+                t = GRETAP(netdev);
+
+        assert(t);
+        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
+        assert(link);
+        assert(m);
+
+        r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_GRE_LOCAL, &t->local.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_GRE_REMOTE, &t->remote.in);
+        if (r < 0)
+                log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_GRE_TOS, t->tos);
+        if (r < 0)
+                log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TOS attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_GRE_PMTUDISC, t->pmtudisc);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_PMTUDISC attribute: %m");
+
+        return r;
+}
+
+static int netdev_ip6gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Tunnel *t;
+        int r;
+
+        assert(netdev);
+
+        if (netdev->kind == NETDEV_KIND_IP6GRE)
+                t = IP6GRE(netdev);
+        else
+                t = IP6GRETAP(netdev);
+
+        assert(t);
+        assert(t->family == AF_INET6);
+        assert(link);
+        assert(m);
+
+        r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m");
+
+        r = sd_netlink_message_append_in6_addr(m, IFLA_GRE_LOCAL, &t->local.in6);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m");
+
+        r = sd_netlink_message_append_in6_addr(m, IFLA_GRE_REMOTE, &t->remote.in6);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m");
+
+        if (t->ipv6_flowlabel != _NETDEV_IPV6_FLOWLABEL_INVALID) {
+                r = sd_netlink_message_append_u32(m, IFLA_GRE_FLOWINFO, t->ipv6_flowlabel);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_FLOWINFO attribute: %m");
+        }
+
+        r = sd_netlink_message_append_u32(m, IFLA_GRE_FLAGS, t->flags);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_FLAGS attribute: %m");
+
+        return r;
+}
+
+static int netdev_vti_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Tunnel *t = VTI(netdev);
+        int r;
+
+        assert(netdev);
+        assert(link);
+        assert(m);
+        assert(t);
+        assert(t->family == AF_INET);
+
+        r = sd_netlink_message_append_u32(m, IFLA_VTI_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_VTI_LOCAL, &t->local.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_VTI_REMOTE, &t->remote.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
+
+        return r;
+}
+
+static int netdev_vti6_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Tunnel *t = VTI6(netdev);
+        int r;
+
+        assert(netdev);
+        assert(link);
+        assert(m);
+        assert(t);
+        assert(t->family == AF_INET6);
+
+        r = sd_netlink_message_append_u32(m, IFLA_VTI_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
+
+        r = sd_netlink_message_append_in6_addr(m, IFLA_VTI_LOCAL, &t->local.in6);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
+
+        r = sd_netlink_message_append_in6_addr(m, IFLA_VTI_REMOTE, &t->remote.in6);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
+
+        return r;
+}
+
+static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Tunnel *t = IP6TNL(netdev);
+        uint8_t proto;
+        int r;
+
+        assert(netdev);
+        assert(link);
+        assert(m);
+        assert(t);
+        assert(t->family == AF_INET6);
+
+        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
+
+        r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_LOCAL, &t->local.in6);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
+
+        r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in6);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m");
+
+        if (t->ipv6_flowlabel != _NETDEV_IPV6_FLOWLABEL_INVALID) {
+                r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLOWINFO, t->ipv6_flowlabel);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLOWINFO attribute: %m");
+        }
+
+        if (t->copy_dscp)
+                t->flags |= IP6_TNL_F_RCV_DSCP_COPY;
+
+        if (t->encap_limit != IPV6_DEFAULT_TNL_ENCAP_LIMIT) {
+                r = sd_netlink_message_append_u8(m, IFLA_IPTUN_ENCAP_LIMIT, t->encap_limit);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_ENCAP_LIMIT attribute: %m");
+        }
+
+        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLAGS, t->flags);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLAGS attribute: %m");
+
+        switch (t->ip6tnl_mode) {
+        case NETDEV_IP6_TNL_MODE_IP6IP6:
+                proto = IPPROTO_IPV6;
+                break;
+        case NETDEV_IP6_TNL_MODE_IPIP6:
+                proto = IPPROTO_IPIP;
+                break;
+        case NETDEV_IP6_TNL_MODE_ANYIP6:
+        default:
+                proto = 0;
+                break;
+        }
+
+        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PROTO, proto);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_MODE attribute: %m");
+
+        return r;
+}
+
+static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
+        Tunnel *t = NULL;
+
+        assert(netdev);
+        assert(filename);
+
+        switch (netdev->kind) {
+        case NETDEV_KIND_IPIP:
+                t = IPIP(netdev);
+                break;
+        case NETDEV_KIND_SIT:
+                t = SIT(netdev);
+                break;
+        case NETDEV_KIND_GRE:
+                t = GRE(netdev);
+                break;
+        case NETDEV_KIND_GRETAP:
+                t = GRETAP(netdev);
+                break;
+        case NETDEV_KIND_IP6GRE:
+                t = IP6GRE(netdev);
+                break;
+        case NETDEV_KIND_IP6GRETAP:
+                t = IP6GRETAP(netdev);
+                break;
+        case NETDEV_KIND_VTI:
+                t = VTI(netdev);
+                break;
+        case NETDEV_KIND_VTI6:
+                t = VTI6(netdev);
+                break;
+        case NETDEV_KIND_IP6TNL:
+                t = IP6TNL(netdev);
+                break;
+        default:
+                assert_not_reached("Invalid tunnel kind");
+        }
+
+        assert(t);
+
+        if (t->family != AF_INET && t->family != AF_INET6 && t->family != 0) {
+                log_warning("Tunnel with invalid address family configured in %s. Ignoring", filename);
+                return -EINVAL;
+        }
+
+        if (netdev->kind == NETDEV_KIND_IP6TNL) {
+                if (t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) {
+                        log_warning("IP6 Tunnel without mode configured in %s. Ignoring", filename);
+                        return -EINVAL;
+                }
+        }
+
+        return 0;
+}
+
+int config_parse_tunnel_address(const char *unit,
+                                const char *filename,
+                                unsigned line,
+                                const char *section,
+                                unsigned section_line,
+                                const char *lvalue,
+                                int ltype,
+                                const char *rvalue,
+                                void *data,
+                                void *userdata) {
+        Tunnel *t = userdata;
+        union in_addr_union *addr = data, buffer;
+        int r, f;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        if (streq(rvalue, "any")) {
+                t->family = 0;
+                return 0;
+        } else {
+
+                r = in_addr_from_string_auto(rvalue, &f, &buffer);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Tunnel address is invalid, ignoring assignment: %s", rvalue);
+                        return 0;
+                }
+
+                if (t->family != AF_UNSPEC && t->family != f) {
+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Tunnel addresses incompatible, ignoring assignment: %s", rvalue);
+                        return 0;
+                }
+        }
+
+        t->family = f;
+        *addr = buffer;
+
+        return 0;
+}
+
+int config_parse_ipv6_flowlabel(const char* unit,
+                                const char *filename,
+                                unsigned line,
+                                const char *section,
+                                unsigned section_line,
+                                const char *lvalue,
+                                int ltype,
+                                const char *rvalue,
+                                void *data,
+                                void *userdata) {
+        IPv6FlowLabel *ipv6_flowlabel = data;
+        Tunnel *t = userdata;
+        int k = 0;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(ipv6_flowlabel);
+
+        if (streq(rvalue, "inherit")) {
+                *ipv6_flowlabel = IP6_FLOWINFO_FLOWLABEL;
+                t->flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL;
+        } else {
+                r = config_parse_int(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &k, userdata);
+                if (r < 0)
+                        return r;
+
+                if (k > 0xFFFFF)
+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IPv6 flowlabel option, ignoring: %s", rvalue);
+                else {
+                        *ipv6_flowlabel = htonl(k) & IP6_FLOWINFO_FLOWLABEL;
+                        t->flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL;
+                }
+        }
+
+        return 0;
+}
+
+int config_parse_encap_limit(const char* unit,
+                             const char *filename,
+                             unsigned line,
+                             const char *section,
+                             unsigned section_line,
+                             const char *lvalue,
+                              int ltype,
+                             const char *rvalue,
+                             void *data,
+                             void *userdata) {
+        Tunnel *t = userdata;
+        int k = 0;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+
+        if (streq(rvalue, "none"))
+                t->flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
+        else {
+                r = safe_atoi(rvalue, &k);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse Tunnel Encapsulation Limit option, ignoring: %s", rvalue);
+                        return 0;
+                }
+
+                if (k > 255 || k < 0)
+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid Tunnel Encapsulation value, ignoring: %d", k);
+                else {
+                        t->encap_limit = k;
+                        t->flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT;
+                }
+        }
+
+        return 0;
+}
+
+static void ipip_init(NetDev *n) {
+        Tunnel *t = IPIP(n);
+
+        assert(n);
+        assert(t);
+
+        t->pmtudisc = true;
+        t->family = AF_UNSPEC;
+}
+
+static void sit_init(NetDev *n) {
+        Tunnel *t = SIT(n);
+
+        assert(n);
+        assert(t);
+
+        t->pmtudisc = true;
+        t->family = AF_UNSPEC;
+}
+
+static void vti_init(NetDev *n) {
+        Tunnel *t;
+
+        assert(n);
+
+        if (n->kind == NETDEV_KIND_VTI)
+                t = VTI(n);
+        else
+                t = VTI6(n);
+
+        assert(t);
+
+        t->pmtudisc = true;
+}
+
+static void gre_init(NetDev *n) {
+        Tunnel *t;
+
+        assert(n);
+
+        if (n->kind == NETDEV_KIND_GRE)
+                t = GRE(n);
+        else
+                t = GRETAP(n);
+
+        assert(t);
+
+        t->pmtudisc = true;
+        t->family = AF_UNSPEC;
+}
+
+static void ip6gre_init(NetDev *n) {
+        Tunnel *t;
+
+        assert(n);
+
+        if (n->kind == NETDEV_KIND_IP6GRE)
+                t = IP6GRE(n);
+        else
+                t = IP6GRETAP(n);
+
+        assert(t);
+
+        t->ttl = DEFAULT_TNL_HOP_LIMIT;
+}
+
+static void ip6tnl_init(NetDev *n) {
+        Tunnel *t = IP6TNL(n);
+
+        assert(n);
+        assert(t);
+
+        t->ttl = DEFAULT_TNL_HOP_LIMIT;
+        t->encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
+        t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID;
+        t->ipv6_flowlabel = _NETDEV_IPV6_FLOWLABEL_INVALID;
+}
+
+const NetDevVTable ipip_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = ipip_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_ipip_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable sit_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = sit_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_sit_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable vti_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = vti_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_vti_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable vti6_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = vti_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_vti6_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable gre_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = gre_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_gre_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable gretap_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = gre_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_gre_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable ip6gre_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = ip6gre_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_ip6gre_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable ip6gretap_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = ip6gre_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_ip6gre_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
+
+const NetDevVTable ip6tnl_vtable = {
+        .object_size = sizeof(Tunnel),
+        .init = ip6tnl_init,
+        .sections = "Match\0NetDev\0Tunnel\0",
+        .fill_message_create = netdev_ip6tnl_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_tunnel_verify,
+};
diff --git a/src/network/networkd-netdev-tunnel.h b/src/grp-network/libnetworkd-core/networkd-netdev-tunnel.h
index 7d31e7b687..7d31e7b687 100644
--- a/src/network/networkd-netdev-tunnel.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-tunnel.h
diff --git a/src/network/networkd-netdev-tuntap.c b/src/grp-network/libnetworkd-core/networkd-netdev-tuntap.c
index 088a4d8d32..088a4d8d32 100644
--- a/src/network/networkd-netdev-tuntap.c
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-tuntap.c
diff --git a/src/network/networkd-netdev-tuntap.h b/src/grp-network/libnetworkd-core/networkd-netdev-tuntap.h
index 120f00a353..120f00a353 100644
--- a/src/network/networkd-netdev-tuntap.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-tuntap.h
diff --git a/src/grp-network/libnetworkd-core/networkd-netdev-veth.c b/src/grp-network/libnetworkd-core/networkd-netdev-veth.c
new file mode 100644
index 0000000000..185b441c5a
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-veth.c
@@ -0,0 +1,111 @@
+/***
+    This file is part of systemd.
+
+    Copyright 2014 Susant Sahani <susant@redhat.com>
+
+    systemd is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 2.1 of the License, or
+    (at your option) any later version.
+
+    systemd is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <net/if.h>
+#include <linux/veth.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "networkd-netdev-veth.h"
+
+static int netdev_veth_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        Veth *v;
+        int r;
+
+        assert(netdev);
+        assert(!link);
+        assert(m);
+
+        v = VETH(netdev);
+
+        assert(v);
+
+        r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append VETH_INFO_PEER attribute: %m");
+
+        if (v->ifname_peer) {
+                r = sd_netlink_message_append_string(m, IFLA_IFNAME, v->ifname_peer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink interface name: %m");
+        }
+
+        if (v->mac_peer) {
+                r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, v->mac_peer);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_ADDRESS attribute: %m");
+        }
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
+
+        return r;
+}
+
+static int netdev_veth_verify(NetDev *netdev, const char *filename) {
+        Veth *v;
+        int r;
+
+        assert(netdev);
+        assert(filename);
+
+        v = VETH(netdev);
+
+        assert(v);
+
+        if (!v->ifname_peer) {
+                log_warning("Veth NetDev without peer name configured in %s. Ignoring",
+                            filename);
+                return -EINVAL;
+        }
+
+        if (!v->mac_peer) {
+                r = netdev_get_mac(v->ifname_peer, &v->mac_peer);
+                if (r < 0) {
+                        log_warning("Failed to generate predictable MAC address for %s. Ignoring",
+                                  v->ifname_peer);
+                        return -EINVAL;
+                }
+        }
+
+        return 0;
+}
+
+static void veth_done(NetDev *n) {
+        Veth *v;
+
+        assert(n);
+
+        v = VETH(n);
+
+        assert(v);
+
+        free(v->ifname_peer);
+        free(v->mac_peer);
+}
+
+const NetDevVTable veth_vtable = {
+        .object_size = sizeof(Veth),
+        .sections = "Match\0NetDev\0Peer\0",
+        .done = veth_done,
+        .fill_message_create = netdev_veth_fill_message_create,
+        .create_type = NETDEV_CREATE_INDEPENDENT,
+        .config_verify = netdev_veth_verify,
+};
diff --git a/src/network/networkd-netdev-veth.h b/src/grp-network/libnetworkd-core/networkd-netdev-veth.h
index e69bfbc8f0..e69bfbc8f0 100644
--- a/src/network/networkd-netdev-veth.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-veth.h
diff --git a/src/network/networkd-netdev-vlan.c b/src/grp-network/libnetworkd-core/networkd-netdev-vlan.c
index b1f4714afa..b1f4714afa 100644
--- a/src/network/networkd-netdev-vlan.c
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-vlan.c
diff --git a/src/network/networkd-netdev-vlan.h b/src/grp-network/libnetworkd-core/networkd-netdev-vlan.h
index 73aacf4a0f..73aacf4a0f 100644
--- a/src/network/networkd-netdev-vlan.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-vlan.h
diff --git a/src/grp-network/libnetworkd-core/networkd-netdev-vxlan.c b/src/grp-network/libnetworkd-core/networkd-netdev-vxlan.c
new file mode 100644
index 0000000000..363a6bdde6
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-vxlan.c
@@ -0,0 +1,296 @@
+/***
+    This file is part of systemd.
+
+    Copyright 2014 Susant Sahani
+
+    systemd is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 2.1 of the License, or
+    (at your option) any later version.
+
+    systemd is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <net/if.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "conf-parser.h"
+#include "alloc-util.h"
+#include "extract-word.h"
+#include "parse-util.h"
+#include "missing.h"
+
+#include "networkd-link.h"
+#include "networkd-netdev-vxlan.h"
+
+static int netdev_vxlan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
+        VxLan *v;
+        int r;
+
+        assert(netdev);
+        assert(link);
+        assert(m);
+
+        v = VXLAN(netdev);
+
+        assert(v);
+
+        if (v->id <= VXLAN_VID_MAX) {
+                r = sd_netlink_message_append_u32(m, IFLA_VXLAN_ID, v->id);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_ID attribute: %m");
+        }
+
+        r = sd_netlink_message_append_in_addr(m, IFLA_VXLAN_GROUP, &v->group.in);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_GROUP attribute: %m");
+
+        r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LINK, link->ifindex);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LINK attribute: %m");
+
+        if (v->ttl) {
+                r = sd_netlink_message_append_u8(m, IFLA_VXLAN_TTL, v->ttl);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_TTL attribute: %m");
+        }
+
+        if (v->tos) {
+                r = sd_netlink_message_append_u8(m, IFLA_VXLAN_TOS, v->tos);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_TOS attribute: %m");
+        }
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_LEARNING, v->learning);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LEARNING attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_RSC, v->route_short_circuit);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_RSC attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_PROXY, v->arp_proxy);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_PROXY attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_L2MISS, v->l2miss);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_L2MISS attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_L3MISS, v->l3miss);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_L3MISS attribute: %m");
+
+        if (v->fdb_ageing) {
+                r = sd_netlink_message_append_u32(m, IFLA_VXLAN_AGEING, v->fdb_ageing / USEC_PER_SEC);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_AGEING attribute: %m");
+        }
+
+        if (v->max_fdb) {
+                r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LIMIT, v->max_fdb);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LIMIT attribute: %m");
+        }
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_UDP_CSUM, v->udpcsum);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_UDP_CSUM attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, v->udp6zerocsumtx);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_UDP_ZERO_CSUM6_TX attribute: %m");
+
+        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, v->udp6zerocsumrx);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_UDP_ZERO_CSUM6_RX attribute: %m");
+
+        r = sd_netlink_message_append_u16(m, IFLA_VXLAN_PORT, htobe16(v->dest_port));
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_PORT attribute: %m");
+
+        if (v->port_range.low || v->port_range.high) {
+                struct ifla_vxlan_port_range port_range;
+
+                port_range.low = htobe16(v->port_range.low);
+                port_range.high = htobe16(v->port_range.high);
+
+                r = sd_netlink_message_append_data(m, IFLA_VXLAN_PORT_RANGE, &port_range, sizeof(port_range));
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_PORT_RANGE attribute: %m");
+        }
+
+        if (v->group_policy) {
+                r = sd_netlink_message_append_flag(m, IFLA_VXLAN_GBP);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_GBP attribute: %m");
+        }
+
+        return r;
+}
+
+int config_parse_vxlan_group_address(const char *unit,
+                                     const char *filename,
+                                     unsigned line,
+                                     const char *section,
+                                     unsigned section_line,
+                                     const char *lvalue,
+                                     int ltype,
+                                     const char *rvalue,
+                                     void *data,
+                                     void *userdata) {
+        VxLan *v = userdata;
+        union in_addr_union *addr = data, buffer;
+        int r, f;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = in_addr_from_string_auto(rvalue, &f, &buffer);
+        if (r < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, r, "vxlan multicast group address is invalid, ignoring assignment: %s", rvalue);
+                return 0;
+        }
+
+        if (v->family != AF_UNSPEC && v->family != f) {
+                log_syntax(unit, LOG_ERR, filename, line, 0, "vxlan multicast group incompatible, ignoring assignment: %s", rvalue);
+                return 0;
+        }
+
+        v->family = f;
+        *addr = buffer;
+
+        return 0;
+}
+
+int config_parse_port_range(const char *unit,
+                            const char *filename,
+                            unsigned line,
+                            const char *section,
+                            unsigned section_line,
+                            const char *lvalue,
+                            int ltype,
+                            const char *rvalue,
+                            void *data,
+                            void *userdata) {
+        _cleanup_free_ char *word = NULL;
+        VxLan *v = userdata;
+        unsigned low, high;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = extract_first_word(&rvalue, &word, NULL, 0);
+        if (r < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract VXLAN port range, ignoring: %s", rvalue);
+                return 0;
+        }
+
+        if (r == 0)
+                return 0;
+
+        r = parse_range(word, &low, &high);
+        if (r < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse VXLAN port range '%s'", word);
+                return 0;
+        }
+
+        if (low <= 0 || low > 65535 || high <= 0 || high > 65535) {
+                log_syntax(unit, LOG_ERR, filename, line, r,
+                           "Failed to parse VXLAN port range '%s'. Port should be greater than 0 and less than 65535.", word);
+                return 0;
+        }
+
+        if (high < low) {
+                log_syntax(unit, LOG_ERR, filename, line, r,
+                           "Failed to parse VXLAN port range '%s'. Port range %u .. %u not valid", word, low, high);
+                return 0;
+        }
+
+        v->port_range.low = low;
+        v->port_range.high = high;
+
+        return 0;
+}
+
+int config_parse_destination_port(const char *unit,
+                                  const char *filename,
+                                  unsigned line,
+                                  const char *section,
+                                  unsigned section_line,
+                                  const char *lvalue,
+                                  int ltype,
+                                  const char *rvalue,
+                                  void *data,
+                                  void *userdata) {
+        VxLan *v = userdata;
+        uint16_t port;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = safe_atou16(rvalue, &port);
+        if (r < 0 || port <= 0) {
+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse VXLAN destination port '%s'.", rvalue);
+                return 0;
+        }
+
+        v->dest_port = port;
+
+        return 0;
+}
+
+static int netdev_vxlan_verify(NetDev *netdev, const char *filename) {
+        VxLan *v = VXLAN(netdev);
+
+        assert(netdev);
+        assert(v);
+        assert(filename);
+
+        if (v->id > VXLAN_VID_MAX) {
+                log_warning("VXLAN without valid Id configured in %s. Ignoring", filename);
+                return -EINVAL;
+        }
+
+        return 0;
+}
+
+static void vxlan_init(NetDev *netdev) {
+        VxLan *v;
+
+        assert(netdev);
+
+        v = VXLAN(netdev);
+
+        assert(v);
+
+        v->id = VXLAN_VID_MAX + 1;
+        v->learning = true;
+        v->udpcsum = false;
+        v->udp6zerocsumtx = false;
+        v->udp6zerocsumrx = false;
+}
+
+const NetDevVTable vxlan_vtable = {
+        .object_size = sizeof(VxLan),
+        .init = vxlan_init,
+        .sections = "Match\0NetDev\0VXLAN\0",
+        .fill_message_create = netdev_vxlan_fill_message_create,
+        .create_type = NETDEV_CREATE_STACKED,
+        .config_verify = netdev_vxlan_verify,
+};
diff --git a/src/network/networkd-netdev-vxlan.h b/src/grp-network/libnetworkd-core/networkd-netdev-vxlan.h
index 4614c66fd1..4614c66fd1 100644
--- a/src/network/networkd-netdev-vxlan.h
+++ b/src/grp-network/libnetworkd-core/networkd-netdev-vxlan.h
diff --git a/src/network/networkd-netdev.c b/src/grp-network/libnetworkd-core/networkd-netdev.c
index 851a36290c..851a36290c 100644
--- a/src/network/networkd-netdev.c
+++ b/src/grp-network/libnetworkd-core/networkd-netdev.c
diff --git a/src/grp-network/libnetworkd-core/networkd-netdev.h b/src/grp-network/libnetworkd-core/networkd-netdev.h
new file mode 100644
index 0000000000..ab3f068167
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-netdev.h
@@ -0,0 +1,200 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-netlink.h>
+
+#include "list.h"
+#include "time-util.h"
+
+typedef struct netdev_join_callback netdev_join_callback;
+typedef struct Link Link;
+
+struct netdev_join_callback {
+        sd_netlink_message_handler_t callback;
+        Link *link;
+
+        LIST_FIELDS(netdev_join_callback, callbacks);
+};
+
+typedef enum NetDevKind {
+        NETDEV_KIND_BRIDGE,
+        NETDEV_KIND_BOND,
+        NETDEV_KIND_VLAN,
+        NETDEV_KIND_MACVLAN,
+        NETDEV_KIND_MACVTAP,
+        NETDEV_KIND_IPVLAN,
+        NETDEV_KIND_VXLAN,
+        NETDEV_KIND_IPIP,
+        NETDEV_KIND_GRE,
+        NETDEV_KIND_GRETAP,
+        NETDEV_KIND_IP6GRE,
+        NETDEV_KIND_IP6GRETAP,
+        NETDEV_KIND_SIT,
+        NETDEV_KIND_VETH,
+        NETDEV_KIND_VTI,
+        NETDEV_KIND_VTI6,
+        NETDEV_KIND_IP6TNL,
+        NETDEV_KIND_DUMMY,
+        NETDEV_KIND_TUN,
+        NETDEV_KIND_TAP,
+        _NETDEV_KIND_MAX,
+        _NETDEV_KIND_INVALID = -1
+} NetDevKind;
+
+typedef enum NetDevState {
+        NETDEV_STATE_FAILED,
+        NETDEV_STATE_CREATING,
+        NETDEV_STATE_READY,
+        NETDEV_STATE_LINGER,
+        _NETDEV_STATE_MAX,
+        _NETDEV_STATE_INVALID = -1,
+} NetDevState;
+
+typedef enum NetDevCreateType {
+        NETDEV_CREATE_INDEPENDENT,
+        NETDEV_CREATE_MASTER,
+        NETDEV_CREATE_STACKED,
+        _NETDEV_CREATE_MAX,
+        _NETDEV_CREATE_INVALID = -1,
+} NetDevCreateType;
+
+typedef struct Manager Manager;
+typedef struct Condition Condition;
+
+typedef struct NetDev {
+        Manager *manager;
+
+        int n_ref;
+
+        char *filename;
+
+        Condition *match_host;
+        Condition *match_virt;
+        Condition *match_kernel;
+        Condition *match_arch;
+
+        NetDevState state;
+        NetDevKind kind;
+        char *description;
+        char *ifname;
+        struct ether_addr *mac;
+        size_t mtu;
+        int ifindex;
+
+        LIST_HEAD(netdev_join_callback, callbacks);
+} NetDev;
+
+typedef struct NetDevVTable {
+        /* How much memory does an object of this unit type need */
+        size_t object_size;
+
+        /* Config file sections this netdev kind understands, separated
+         * by NUL chars */
+        const char *sections;
+
+        /* This should reset all type-specific variables. This should
+         * not allocate memory, and is called with zero-initialized
+         * data. It should hence only initialize variables that need
+         * to be set != 0. */
+        void (*init)(NetDev *n);
+
+        /* This should free all kind-specific variables. It should be
+         * idempotent. */
+        void (*done)(NetDev *n);
+
+        /* fill in message to create netdev */
+        int (*fill_message_create)(NetDev *netdev, Link *link, sd_netlink_message *message);
+
+        /* specifies if netdev is independent, or a master device or a stacked device */
+        NetDevCreateType create_type;
+
+        /* create netdev, if not done via rtnl */
+        int (*create)(NetDev *netdev);
+
+        /* perform additional configuration after netdev has been createad */
+        int (*post_create)(NetDev *netdev, Link *link, sd_netlink_message *message);
+
+        /* verify that compulsory configuration options were specified */
+        int (*config_verify)(NetDev *netdev, const char *filename);
+} NetDevVTable;
+
+extern const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX];
+
+#define NETDEV_VTABLE(n) netdev_vtable[(n)->kind]
+
+/* For casting a netdev into the various netdev kinds */
+#define DEFINE_NETDEV_CAST(UPPERCASE, MixedCase)                            \
+        static inline MixedCase* UPPERCASE(NetDev *n) {                     \
+                if (_unlikely_(!n || n->kind != NETDEV_KIND_##UPPERCASE))   \
+                        return NULL;                                        \
+                                                                            \
+                return (MixedCase*) n;                                      \
+        }
+
+/* For casting the various netdev kinds into a netdev */
+#define NETDEV(n) (&(n)->meta)
+
+int netdev_load(Manager *manager);
+void netdev_drop(NetDev *netdev);
+
+NetDev *netdev_unref(NetDev *netdev);
+NetDev *netdev_ref(NetDev *netdev);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(NetDev*, netdev_unref);
+#define _cleanup_netdev_unref_ _cleanup_(netdev_unrefp)
+
+int netdev_get(Manager *manager, const char *name, NetDev **ret);
+int netdev_set_ifindex(NetDev *netdev, sd_netlink_message *newlink);
+int netdev_enslave(NetDev *netdev, Link *link, sd_netlink_message_handler_t callback);
+int netdev_get_mac(const char *ifname, struct ether_addr **ret);
+int netdev_join(NetDev *netdev, Link *link, sd_netlink_message_handler_t cb);
+
+const char *netdev_kind_to_string(NetDevKind d) _const_;
+NetDevKind netdev_kind_from_string(const char *d) _pure_;
+
+int config_parse_netdev_kind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+/* gperf */
+const struct ConfigPerfItem* network_netdev_gperf_lookup(const char *key, unsigned length);
+
+/* Macros which append INTERFACE= to the message */
+
+#define log_netdev_full(netdev, level, error, ...)                      \
+        ({                                                              \
+                NetDev *_n = (netdev);                                  \
+                _n ? log_object_internal(level, error, __FILE__, __LINE__, __func__, "INTERFACE=", _n->ifname, ##__VA_ARGS__) : \
+                        log_internal(level, error, __FILE__, __LINE__, __func__, ##__VA_ARGS__); \
+        })
+
+#define log_netdev_debug(netdev, ...)       log_netdev_full(netdev, LOG_DEBUG, 0, ##__VA_ARGS__)
+#define log_netdev_info(netdev, ...)        log_netdev_full(netdev, LOG_INFO, 0, ##__VA_ARGS__)
+#define log_netdev_notice(netdev, ...)      log_netdev_full(netdev, LOG_NOTICE, 0, ##__VA_ARGS__)
+#define log_netdev_warning(netdev, ...)     log_netdev_full(netdev, LOG_WARNING, 0, ## __VA_ARGS__)
+#define log_netdev_error(netdev, ...)       log_netdev_full(netdev, LOG_ERR, 0, ##__VA_ARGS__)
+
+#define log_netdev_debug_errno(netdev, error, ...)   log_netdev_full(netdev, LOG_DEBUG, error, ##__VA_ARGS__)
+#define log_netdev_info_errno(netdev, error, ...)    log_netdev_full(netdev, LOG_INFO, error, ##__VA_ARGS__)
+#define log_netdev_notice_errno(netdev, error, ...)  log_netdev_full(netdev, LOG_NOTICE, error, ##__VA_ARGS__)
+#define log_netdev_warning_errno(netdev, error, ...) log_netdev_full(netdev, LOG_WARNING, error, ##__VA_ARGS__)
+#define log_netdev_error_errno(netdev, error, ...)   log_netdev_full(netdev, LOG_ERR, error, ##__VA_ARGS__)
+
+#define LOG_NETDEV_MESSAGE(netdev, fmt, ...) "MESSAGE=%s: " fmt, (netdev)->ifname, ##__VA_ARGS__
+#define LOG_NETDEV_INTERFACE(netdev) "INTERFACE=%s", (netdev)->ifname
diff --git a/src/network/networkd-network-bus.c b/src/grp-network/libnetworkd-core/networkd-network-bus.c
index d6b7448a43..d6b7448a43 100644
--- a/src/network/networkd-network-bus.c
+++ b/src/grp-network/libnetworkd-core/networkd-network-bus.c
diff --git a/src/network/networkd-network-gperf.gperf b/src/grp-network/libnetworkd-core/networkd-network-gperf.gperf
index 03e4e3b39f..03e4e3b39f 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/grp-network/libnetworkd-core/networkd-network-gperf.gperf
diff --git a/src/network/networkd-network.c b/src/grp-network/libnetworkd-core/networkd-network.c
index dd89b3770c..dd89b3770c 100644
--- a/src/network/networkd-network.c
+++ b/src/grp-network/libnetworkd-core/networkd-network.c
diff --git a/src/grp-network/libnetworkd-core/networkd-network.h b/src/grp-network/libnetworkd-core/networkd-network.h
new file mode 100644
index 0000000000..177bc11ec4
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd-network.h
@@ -0,0 +1,231 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+#include "udev.h"
+
+#include "condition.h"
+#include "dhcp-identifier.h"
+#include "hashmap.h"
+#include "resolve-util.h"
+
+#include "networkd-address.h"
+#include "networkd-fdb.h"
+#include "networkd-lldp-tx.h"
+#include "networkd-netdev.h"
+#include "networkd-route.h"
+#include "networkd-util.h"
+
+#define DHCP_ROUTE_METRIC 1024
+#define IPV4LL_ROUTE_METRIC 2048
+
+typedef enum DCHPClientIdentifier {
+        DHCP_CLIENT_ID_MAC,
+        DHCP_CLIENT_ID_DUID,
+        _DHCP_CLIENT_ID_MAX,
+        _DHCP_CLIENT_ID_INVALID = -1,
+} DCHPClientIdentifier;
+
+typedef enum IPv6PrivacyExtensions {
+        /* The values map to the kernel's /proc/sys/net/ipv6/conf/xxx/use_tempaddr values */
+        IPV6_PRIVACY_EXTENSIONS_NO,
+        IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC,
+        IPV6_PRIVACY_EXTENSIONS_YES, /* aka prefer-temporary */
+        _IPV6_PRIVACY_EXTENSIONS_MAX,
+        _IPV6_PRIVACY_EXTENSIONS_INVALID = -1,
+} IPv6PrivacyExtensions;
+
+typedef enum DHCPUseDomains {
+        DHCP_USE_DOMAINS_NO,
+        DHCP_USE_DOMAINS_YES,
+        DHCP_USE_DOMAINS_ROUTE,
+        _DHCP_USE_DOMAINS_MAX,
+        _DHCP_USE_DOMAINS_INVALID = -1,
+} DHCPUseDomains;
+
+typedef enum LLDPMode {
+        LLDP_MODE_NO = 0,
+        LLDP_MODE_YES = 1,
+        LLDP_MODE_ROUTERS_ONLY = 2,
+        _LLDP_MODE_MAX,
+        _LLDP_MODE_INVALID = -1,
+} LLDPMode;
+
+typedef struct DUID {
+        /* Value of Type in [DHCP] section */
+        DUIDType type;
+
+        uint8_t raw_data_len;
+        uint8_t raw_data[MAX_DUID_LEN];
+} DUID;
+
+typedef struct Manager Manager;
+
+struct Network {
+        Manager *manager;
+
+        char *filename;
+        char *name;
+
+        struct ether_addr *match_mac;
+        char **match_path;
+        char **match_driver;
+        char **match_type;
+        char **match_name;
+
+        Condition *match_host;
+        Condition *match_virt;
+        Condition *match_kernel;
+        Condition *match_arch;
+
+        char *description;
+
+        NetDev *bridge;
+        NetDev *bond;
+        Hashmap *stacked_netdevs;
+
+        /* DHCP Client Support */
+        AddressFamilyBoolean dhcp;
+        DCHPClientIdentifier dhcp_client_identifier;
+        char *dhcp_vendor_class_identifier;
+        char *dhcp_hostname;
+        bool dhcp_use_dns;
+        bool dhcp_use_ntp;
+        bool dhcp_use_mtu;
+        bool dhcp_use_hostname;
+        DHCPUseDomains dhcp_use_domains;
+        bool dhcp_send_hostname;
+        bool dhcp_broadcast;
+        bool dhcp_critical;
+        bool dhcp_use_routes;
+        bool dhcp_use_timezone;
+        unsigned dhcp_route_metric;
+
+        /* DHCP Server Support */
+        bool dhcp_server;
+        bool dhcp_server_emit_dns;
+        struct in_addr *dhcp_server_dns;
+        unsigned n_dhcp_server_dns;
+        bool dhcp_server_emit_ntp;
+        struct in_addr *dhcp_server_ntp;
+        unsigned n_dhcp_server_ntp;
+        bool dhcp_server_emit_router;
+        bool dhcp_server_emit_timezone;
+        char *dhcp_server_timezone;
+        usec_t dhcp_server_default_lease_time_usec, dhcp_server_max_lease_time_usec;
+        uint32_t dhcp_server_pool_offset;
+        uint32_t dhcp_server_pool_size;
+
+        /* IPV4LL Support */
+        AddressFamilyBoolean link_local;
+        bool ipv4ll_route;
+
+        /* Bridge Support */
+        bool use_bpdu;
+        bool hairpin;
+        bool fast_leave;
+        bool allow_port_to_be_root;
+        bool unicast_flood;
+        unsigned cost;
+
+        AddressFamilyBoolean ip_forward;
+        bool ip_masquerade;
+
+        int ipv6_accept_ra;
+        int ipv6_dad_transmits;
+        int ipv6_hop_limit;
+        int proxy_arp;
+
+        union in_addr_union ipv6_token;
+        IPv6PrivacyExtensions ipv6_privacy_extensions;
+
+        struct ether_addr *mac;
+        unsigned mtu;
+        uint32_t iaid;
+        DUID duid;
+
+        LLDPMode lldp_mode; /* LLDP reception */
+        LLDPEmit lldp_emit; /* LLDP transmission */
+
+        LIST_HEAD(Address, static_addresses);
+        LIST_HEAD(Route, static_routes);
+        LIST_HEAD(FdbEntry, static_fdb_entries);
+
+        Hashmap *addresses_by_section;
+        Hashmap *routes_by_section;
+        Hashmap *fdb_entries_by_section;
+
+        char **search_domains, **route_domains, **dns, **ntp, **bind_carrier;
+
+        ResolveSupport llmnr;
+        ResolveSupport mdns;
+        DnssecMode dnssec_mode;
+        Set *dnssec_negative_trust_anchors;
+
+        LIST_FIELDS(Network, networks);
+};
+
+void network_free(Network *network);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Network*, network_free);
+#define _cleanup_network_free_ _cleanup_(network_freep)
+
+int network_load(Manager *manager);
+
+int network_get_by_name(Manager *manager, const char *name, Network **ret);
+int network_get(Manager *manager, struct udev_device *device, const char *ifname, const struct ether_addr *mac, Network **ret);
+int network_apply(Manager *manager, Network *network, Link *link);
+
+bool network_has_static_ipv6_addresses(Network *network);
+
+int config_parse_netdev(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_tunnel(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_dhcp(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_dhcp_client_identifier(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_ipv6token(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_ipv6_privacy_extensions(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_hostname(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_timezone(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_dhcp_server_dns(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_dhcp_server_ntp(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_dnssec_negative_trust_anchors(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_dhcp_use_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_lldp_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+/* Legacy IPv4LL support */
+int config_parse_ipv4ll(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, unsigned length);
+
+extern const sd_bus_vtable network_vtable[];
+
+int network_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
+int network_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
+
+const char* ipv6_privacy_extensions_to_string(IPv6PrivacyExtensions i) _const_;
+IPv6PrivacyExtensions ipv6_privacy_extensions_from_string(const char *s) _pure_;
+
+const char* dhcp_use_domains_to_string(DHCPUseDomains p) _const_;
+DHCPUseDomains dhcp_use_domains_from_string(const char *s) _pure_;
+
+const char* lldp_mode_to_string(LLDPMode m) _const_;
+LLDPMode lldp_mode_from_string(const char *s) _pure_;
diff --git a/src/network/networkd-route.c b/src/grp-network/libnetworkd-core/networkd-route.c
index f001de772a..f001de772a 100644
--- a/src/network/networkd-route.c
+++ b/src/grp-network/libnetworkd-core/networkd-route.c
diff --git a/src/network/networkd-route.h b/src/grp-network/libnetworkd-core/networkd-route.h
index 39de8363ed..39de8363ed 100644
--- a/src/network/networkd-route.h
+++ b/src/grp-network/libnetworkd-core/networkd-route.h
diff --git a/src/network/networkd-util.c b/src/grp-network/libnetworkd-core/networkd-util.c
index 555a7c68a1..555a7c68a1 100644
--- a/src/network/networkd-util.c
+++ b/src/grp-network/libnetworkd-core/networkd-util.c
diff --git a/src/network/networkd-util.h b/src/grp-network/libnetworkd-core/networkd-util.h
index d5c385bea4..d5c385bea4 100644
--- a/src/network/networkd-util.h
+++ b/src/grp-network/libnetworkd-core/networkd-util.h
diff --git a/src/grp-network/libnetworkd-core/networkd.h b/src/grp-network/libnetworkd-core/networkd.h
new file mode 100644
index 0000000000..b61e03920e
--- /dev/null
+++ b/src/grp-network/libnetworkd-core/networkd.h
@@ -0,0 +1,112 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <arpa/inet.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+#include <systemd/sd-netlink.h>
+#include "udev.h"
+
+#include "dhcp-identifier.h"
+#include "hashmap.h"
+#include "list.h"
+
+#include "networkd-address-pool.h"
+#include "networkd-link.h"
+#include "networkd-netdev-bond.h"
+#include "networkd-netdev-bridge.h"
+#include "networkd-netdev-dummy.h"
+#include "networkd-netdev-ipvlan.h"
+#include "networkd-netdev-macvlan.h"
+#include "networkd-netdev-tunnel.h"
+#include "networkd-netdev-tuntap.h"
+#include "networkd-netdev-veth.h"
+#include "networkd-netdev-vlan.h"
+#include "networkd-netdev-vxlan.h"
+#include "networkd-network.h"
+#include "networkd-util.h"
+
+extern const char* const network_dirs[];
+
+struct Manager {
+        sd_netlink *rtnl;
+        sd_event *event;
+        sd_event_source *bus_retry_event_source;
+        sd_bus *bus;
+        sd_bus_slot *prepare_for_sleep_slot;
+        struct udev *udev;
+        struct udev_monitor *udev_monitor;
+        sd_event_source *udev_event_source;
+
+        bool enumerating:1;
+        bool dirty:1;
+
+        Set *dirty_links;
+
+        char *state_file;
+        LinkOperationalState operational_state;
+
+        Hashmap *links;
+        Hashmap *netdevs;
+        Hashmap *networks_by_name;
+        LIST_HEAD(Network, networks);
+        LIST_HEAD(AddressPool, address_pools);
+
+        usec_t network_dirs_ts_usec;
+
+        DUID duid;
+};
+
+static inline const DUID* link_duid(const Link *link) {
+        if (link->network->duid.type != _DUID_TYPE_INVALID)
+                return &link->network->duid;
+        else
+                return &link->manager->duid;
+}
+
+extern const sd_bus_vtable manager_vtable[];
+
+int manager_new(Manager **ret);
+void manager_free(Manager *m);
+
+int manager_connect_bus(Manager *m);
+int manager_run(Manager *m);
+
+int manager_load_config(Manager *m);
+bool manager_should_reload(Manager *m);
+
+int manager_rtnl_enumerate_links(Manager *m);
+int manager_rtnl_enumerate_addresses(Manager *m);
+int manager_rtnl_enumerate_routes(Manager *m);
+
+int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, void *userdata);
+int manager_rtnl_process_route(sd_netlink *nl, sd_netlink_message *message, void *userdata);
+
+int manager_send_changed(Manager *m, const char *property, ...) _sentinel_;
+void manager_dirty(Manager *m);
+
+int manager_address_pool_acquire(Manager *m, int family, unsigned prefixlen, union in_addr_union *found);
+
+Link* manager_find_uplink(Manager *m, Link *exclude);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
+#define _cleanup_manager_free_ _cleanup_(manager_freep)
diff --git a/src/grp-network/networkctl/Makefile b/src/grp-network/networkctl/Makefile
new file mode 100644
index 0000000000..f92d402f78
--- /dev/null
+++ b/src/grp-network/networkctl/Makefile
@@ -0,0 +1,39 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += \
+	networkctl
+
+networkctl_SOURCES = \
+	src/network/networkctl.c
+
+networkctl_LDADD = \
+	libshared.la \
+	libsystemd-network.la
+
+dist_bashcompletion_data += \
+	shell-completion/bash/networkctl
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-network/networkctl/networkctl.c b/src/grp-network/networkctl/networkctl.c
new file mode 100644
index 0000000000..85635b59bc
--- /dev/null
+++ b/src/grp-network/networkctl/networkctl.c
@@ -0,0 +1,1142 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+#include <net/if.h>
+#include <stdbool.h>
+
+#include <systemd/sd-device.h>
+#include <systemd/sd-hwdb.h>
+#include <systemd/sd-lldp.h>
+#include <systemd/sd-netlink.h>
+#include <systemd/sd-network.h>
+
+#include "alloc-util.h"
+#include "arphrd-list.h"
+#include "device-util.h"
+#include "ether-addr-util.h"
+#include "fd-util.h"
+#include "hwdb-util.h"
+#include "local-addresses.h"
+#include "locale-util.h"
+#include "netlink-util.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "socket-util.h"
+#include "sparse-endian.h"
+#include "stdio-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "strxcpyx.h"
+#include "terminal-util.h"
+#include "util.h"
+#include "verbs.h"
+
+static bool arg_no_pager = false;
+static bool arg_legend = true;
+static bool arg_all = false;
+
+static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
+        const char *t;
+        char *p;
+
+        assert(ret);
+
+        if (iftype == ARPHRD_ETHER && d) {
+                const char *devtype = NULL, *id = NULL;
+                /* WLANs have iftype ARPHRD_ETHER, but we want
+                 * to show a more useful type string for
+                 * them */
+
+                (void) sd_device_get_devtype(d, &devtype);
+
+                if (streq_ptr(devtype, "wlan"))
+                        id = "wlan";
+                else if (streq_ptr(devtype, "wwan"))
+                        id = "wwan";
+
+                if (id) {
+                        p = strdup(id);
+                        if (!p)
+                                return -ENOMEM;
+
+                        *ret = p;
+                        return 1;
+                }
+        }
+
+        t = arphrd_to_name(iftype);
+        if (!t) {
+                *ret = NULL;
+                return 0;
+        }
+
+        p = strdup(t);
+        if (!p)
+                return -ENOMEM;
+
+        ascii_strlower(p);
+        *ret = p;
+
+        return 0;
+}
+
+static void operational_state_to_color(const char *state, const char **on, const char **off) {
+        assert(on);
+        assert(off);
+
+        if (streq_ptr(state, "routable")) {
+                *on = ansi_highlight_green();
+                *off = ansi_normal();
+        } else if (streq_ptr(state, "degraded")) {
+                *on = ansi_highlight_yellow();
+                *off = ansi_normal();
+        } else
+                *on = *off = "";
+}
+
+static void setup_state_to_color(const char *state, const char **on, const char **off) {
+        assert(on);
+        assert(off);
+
+        if (streq_ptr(state, "configured")) {
+                *on = ansi_highlight_green();
+                *off = ansi_normal();
+        } else if (streq_ptr(state, "configuring")) {
+                *on = ansi_highlight_yellow();
+                *off = ansi_normal();
+        } else if (streq_ptr(state, "failed") || streq_ptr(state, "linger")) {
+                *on = ansi_highlight_red();
+                *off = ansi_normal();
+        } else
+                *on = *off = "";
+}
+
+typedef struct LinkInfo {
+        char name[IFNAMSIZ+1];
+        int ifindex;
+        unsigned short iftype;
+        struct ether_addr mac_address;
+        uint32_t mtu;
+
+        bool has_mac_address:1;
+        bool has_mtu:1;
+} LinkInfo;
+
+static int link_info_compare(const void *a, const void *b) {
+        const LinkInfo *x = a, *y = b;
+
+        return x->ifindex - y->ifindex;
+}
+
+static int decode_link(sd_netlink_message *m, LinkInfo *info) {
+        const char *name;
+        uint16_t type;
+        int r;
+
+        assert(m);
+        assert(info);
+
+        r = sd_netlink_message_get_type(m, &type);
+        if (r < 0)
+                return r;
+
+        if (type != RTM_NEWLINK)
+                return 0;
+
+        r = sd_rtnl_message_link_get_ifindex(m, &info->ifindex);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_read_string(m, IFLA_IFNAME, &name);
+        if (r < 0)
+                return r;
+
+        r = sd_rtnl_message_link_get_type(m, &info->iftype);
+        if (r < 0)
+                return r;
+
+        strscpy(info->name, sizeof info->name, name);
+
+        info->has_mac_address =
+                sd_netlink_message_read_ether_addr(m, IFLA_ADDRESS, &info->mac_address) >= 0 &&
+                memcmp(&info->mac_address, &ETHER_ADDR_NULL, sizeof(struct ether_addr)) != 0;
+
+        info->has_mtu =
+                sd_netlink_message_read_u32(m, IFLA_MTU, &info->mtu) &&
+                info->mtu > 0;
+
+        return 1;
+}
+
+static int acquire_link_info_strv(sd_netlink *rtnl, char **l, LinkInfo **ret) {
+        _cleanup_free_ LinkInfo *links = NULL;
+        char **i;
+        size_t c = 0;
+        int r;
+
+        assert(rtnl);
+        assert(ret);
+
+        links = new(LinkInfo, strv_length(l));
+        if (!links)
+                return log_oom();
+
+        STRV_FOREACH(i, l) {
+                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+                int ifindex;
+
+                if (parse_ifindex(*i, &ifindex) >= 0)
+                        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, ifindex);
+                else {
+                        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, 0);
+                        if (r < 0)
+                                return rtnl_log_create_error(r);
+
+                        r = sd_netlink_message_append_string(req, IFLA_IFNAME, *i);
+                }
+                if (r < 0)
+                        return rtnl_log_create_error(r);
+
+                r = sd_netlink_call(rtnl, req, 0, &reply);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to request link: %m");
+
+                r = decode_link(reply, links + c);
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        c++;
+        }
+
+        qsort_safe(links, c, sizeof(LinkInfo), link_info_compare);
+
+        *ret = links;
+        links = NULL;
+
+        return (int) c;
+}
+
+static int acquire_link_info_all(sd_netlink *rtnl, LinkInfo **ret) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        _cleanup_free_ LinkInfo *links = NULL;
+        size_t allocated = 0, c = 0;
+        sd_netlink_message *i;
+        int r;
+
+        assert(rtnl);
+        assert(ret);
+
+        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, 0);
+        if (r < 0)
+                return rtnl_log_create_error(r);
+
+        r = sd_netlink_message_request_dump(req, true);
+        if (r < 0)
+                return rtnl_log_create_error(r);
+
+        r = sd_netlink_call(rtnl, req, 0, &reply);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enumerate links: %m");
+
+        for (i = reply; i; i = sd_netlink_message_next(i)) {
+                if (!GREEDY_REALLOC(links, allocated, c+1))
+                        return -ENOMEM;
+
+                r = decode_link(i, links + c);
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        c++;
+        }
+
+        qsort_safe(links, c, sizeof(LinkInfo), link_info_compare);
+
+        *ret = links;
+        links = NULL;
+
+        return (int) c;
+}
+
+static int list_links(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_free_ LinkInfo *links = NULL;
+        int c, i, r;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        if (argc > 1)
+                c = acquire_link_info_strv(rtnl, argv + 1, &links);
+        else
+                c = acquire_link_info_all(rtnl, &links);
+        if (c < 0)
+                return c;
+
+        pager_open(arg_no_pager, false);
+
+        if (arg_legend)
+                printf("%3s %-16s %-18s %-11s %-10s\n",
+                       "IDX",
+                       "LINK",
+                       "TYPE",
+                       "OPERATIONAL",
+                       "SETUP");
+
+        for (i = 0; i < c; i++) {
+                _cleanup_free_ char *setup_state = NULL, *operational_state = NULL;
+                _cleanup_(sd_device_unrefp) sd_device *d = NULL;
+                const char *on_color_operational, *off_color_operational,
+                           *on_color_setup, *off_color_setup;
+                char devid[2 + DECIMAL_STR_MAX(int)];
+                _cleanup_free_ char *t = NULL;
+
+                (void) sd_network_link_get_operational_state(links[i].ifindex, &operational_state);
+                operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
+
+                r = sd_network_link_get_setup_state(links[i].ifindex, &setup_state);
+                if (r == -ENODATA) /* If there's no info available about this iface, it's unmanaged by networkd */
+                        setup_state = strdup("unmanaged");
+                setup_state_to_color(setup_state, &on_color_setup, &off_color_setup);
+
+                xsprintf(devid, "n%i", links[i].ifindex);
+                (void) sd_device_new_from_device_id(&d, devid);
+
+                (void) link_get_type_string(links[i].iftype, d, &t);
+
+                printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
+                       links[i].ifindex, links[i].name, strna(t),
+                       on_color_operational, strna(operational_state), off_color_operational,
+                       on_color_setup, strna(setup_state), off_color_setup);
+        }
+
+        if (arg_legend)
+                printf("\n%i links listed.\n", c);
+
+        return 0;
+}
+
+/* IEEE Organizationally Unique Identifier vendor string */
+static int ieee_oui(sd_hwdb *hwdb, const struct ether_addr *mac, char **ret) {
+        const char *description;
+        char modalias[strlen("OUI:XXYYXXYYXXYY") + 1], *desc;
+        int r;
+
+        assert(ret);
+
+        if (!hwdb)
+                return -EINVAL;
+
+        if (!mac)
+                return -EINVAL;
+
+        /* skip commonly misused 00:00:00 (Xerox) prefix */
+        if (memcmp(mac, "\0\0\0", 3) == 0)
+                return -EINVAL;
+
+        xsprintf(modalias, "OUI:" ETHER_ADDR_FORMAT_STR,
+                 ETHER_ADDR_FORMAT_VAL(*mac));
+
+        r = sd_hwdb_get(hwdb, modalias, "ID_OUI_FROM_DATABASE", &description);
+        if (r < 0)
+                return r;
+
+        desc = strdup(description);
+        if (!desc)
+                return -ENOMEM;
+
+        *ret = desc;
+
+        return 0;
+}
+
+static int get_gateway_description(
+                sd_netlink *rtnl,
+                sd_hwdb *hwdb,
+                int ifindex,
+                int family,
+                union in_addr_union *gateway,
+                char **gateway_description) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        sd_netlink_message *m;
+        int r;
+
+        assert(rtnl);
+        assert(ifindex >= 0);
+        assert(family == AF_INET || family == AF_INET6);
+        assert(gateway);
+        assert(gateway_description);
+
+        r = sd_rtnl_message_new_neigh(rtnl, &req, RTM_GETNEIGH, ifindex, family);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_request_dump(req, true);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(rtnl, req, 0, &reply);
+        if (r < 0)
+                return r;
+
+        for (m = reply; m; m = sd_netlink_message_next(m)) {
+                union in_addr_union gw = {};
+                struct ether_addr mac = {};
+                uint16_t type;
+                int ifi, fam;
+
+                r = sd_netlink_message_get_errno(m);
+                if (r < 0) {
+                        log_error_errno(r, "got error: %m");
+                        continue;
+                }
+
+                r = sd_netlink_message_get_type(m, &type);
+                if (r < 0) {
+                        log_error_errno(r, "could not get type: %m");
+                        continue;
+                }
+
+                if (type != RTM_NEWNEIGH) {
+                        log_error("type is not RTM_NEWNEIGH");
+                        continue;
+                }
+
+                r = sd_rtnl_message_neigh_get_family(m, &fam);
+                if (r < 0) {
+                        log_error_errno(r, "could not get family: %m");
+                        continue;
+                }
+
+                if (fam != family) {
+                        log_error("family is not correct");
+                        continue;
+                }
+
+                r = sd_rtnl_message_neigh_get_ifindex(m, &ifi);
+                if (r < 0) {
+                        log_error_errno(r, "could not get ifindex: %m");
+                        continue;
+                }
+
+                if (ifindex > 0 && ifi != ifindex)
+                        continue;
+
+                switch (fam) {
+                case AF_INET:
+                        r = sd_netlink_message_read_in_addr(m, NDA_DST, &gw.in);
+                        if (r < 0)
+                                continue;
+
+                        break;
+                case AF_INET6:
+                        r = sd_netlink_message_read_in6_addr(m, NDA_DST, &gw.in6);
+                        if (r < 0)
+                                continue;
+
+                        break;
+                default:
+                        continue;
+                }
+
+                if (!in_addr_equal(fam, &gw, gateway))
+                        continue;
+
+                r = sd_netlink_message_read_ether_addr(m, NDA_LLADDR, &mac);
+                if (r < 0)
+                        continue;
+
+                r = ieee_oui(hwdb, &mac, gateway_description);
+                if (r < 0)
+                        continue;
+
+                return 0;
+        }
+
+        return -ENODATA;
+}
+
+static int dump_gateways(
+                sd_netlink *rtnl,
+                sd_hwdb *hwdb,
+                const char *prefix,
+                int ifindex) {
+        _cleanup_free_ struct local_address *local = NULL;
+        int r, n, i;
+
+        assert(rtnl);
+        assert(prefix);
+
+        n = local_gateways(rtnl, ifindex, AF_UNSPEC, &local);
+        if (n < 0)
+                return n;
+
+        for (i = 0; i < n; i++) {
+                _cleanup_free_ char *gateway = NULL, *description = NULL;
+
+                r = in_addr_to_string(local[i].family, &local[i].address, &gateway);
+                if (r < 0)
+                        return r;
+
+                r = get_gateway_description(rtnl, hwdb, local[i].ifindex, local[i].family, &local[i].address, &description);
+                if (r < 0)
+                        log_debug_errno(r, "Could not get description of gateway: %m");
+
+                printf("%*s%s",
+                       (int) strlen(prefix),
+                       i == 0 ? prefix : "",
+                       gateway);
+
+                if (description)
+                        printf(" (%s)", description);
+
+                /* Show interface name for the entry if we show
+                 * entries for all interfaces */
+                if (ifindex <= 0) {
+                        char name[IF_NAMESIZE+1];
+
+                        if (if_indextoname(local[i].ifindex, name)) {
+                                fputs(" on ", stdout);
+                                fputs(name, stdout);
+                        } else
+                                printf(" on %%%i", local[i].ifindex);
+                }
+
+                fputc('\n', stdout);
+        }
+
+        return 0;
+}
+
+static int dump_addresses(
+                sd_netlink *rtnl,
+                const char *prefix,
+                int ifindex) {
+
+        _cleanup_free_ struct local_address *local = NULL;
+        int r, n, i;
+
+        assert(rtnl);
+        assert(prefix);
+
+        n = local_addresses(rtnl, ifindex, AF_UNSPEC, &local);
+        if (n < 0)
+                return n;
+
+        for (i = 0; i < n; i++) {
+                _cleanup_free_ char *pretty = NULL;
+
+                r = in_addr_to_string(local[i].family, &local[i].address, &pretty);
+                if (r < 0)
+                        return r;
+
+                printf("%*s%s",
+                       (int) strlen(prefix),
+                       i == 0 ? prefix : "",
+                       pretty);
+
+                if (ifindex <= 0) {
+                        char name[IF_NAMESIZE+1];
+
+                        if (if_indextoname(local[i].ifindex, name)) {
+                                fputs(" on ", stdout);
+                                fputs(name, stdout);
+                        } else
+                                printf(" on %%%i", local[i].ifindex);
+                }
+
+                fputc('\n', stdout);
+        }
+
+        return 0;
+}
+
+static int open_lldp_neighbors(int ifindex, FILE **ret) {
+        _cleanup_free_ char *p = NULL;
+        FILE *f;
+
+        if (asprintf(&p, "/run/systemd/netif/lldp/%i", ifindex) < 0)
+                return -ENOMEM;
+
+        f = fopen(p, "re");
+        if (!f)
+                return -errno;
+
+        *ret = f;
+        return 0;
+}
+
+static int next_lldp_neighbor(FILE *f, sd_lldp_neighbor **ret) {
+        _cleanup_free_ void *raw = NULL;
+        size_t l;
+        le64_t u;
+        int r;
+
+        assert(f);
+        assert(ret);
+
+        l = fread(&u, 1, sizeof(u), f);
+        if (l == 0 && feof(f))
+                return 0;
+        if (l != sizeof(u))
+                return -EBADMSG;
+
+        raw = new(uint8_t, le64toh(u));
+        if (!raw)
+                return -ENOMEM;
+
+        if (fread(raw, 1, le64toh(u), f) != le64toh(u))
+                return -EBADMSG;
+
+        r = sd_lldp_neighbor_from_raw(ret, raw, le64toh(u));
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int dump_lldp_neighbors(const char *prefix, int ifindex) {
+        _cleanup_fclose_ FILE *f = NULL;
+        int r, c = 0;
+
+        assert(prefix);
+        assert(ifindex > 0);
+
+        r = open_lldp_neighbors(ifindex, &f);
+        if (r < 0)
+                return r;
+
+        for (;;) {
+                const char *system_name = NULL, *port_id = NULL, *port_description = NULL;
+                _cleanup_(sd_lldp_neighbor_unrefp) sd_lldp_neighbor *n = NULL;
+
+                r = next_lldp_neighbor(f, &n);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                printf("%*s",
+                       (int) strlen(prefix),
+                       c == 0 ? prefix : "");
+
+                (void) sd_lldp_neighbor_get_system_name(n, &system_name);
+                (void) sd_lldp_neighbor_get_port_id_as_string(n, &port_id);
+                (void) sd_lldp_neighbor_get_port_description(n, &port_description);
+
+                printf("%s on port %s", strna(system_name), strna(port_id));
+
+                if (!isempty(port_description))
+                        printf(" (%s)", port_description);
+
+                putchar('\n');
+
+                c++;
+        }
+
+        return c;
+}
+
+static void dump_ifindexes(const char *prefix, const int *ifindexes) {
+        unsigned c;
+
+        assert(prefix);
+
+        if (!ifindexes || ifindexes[0] <= 0)
+                return;
+
+        for (c = 0; ifindexes[c] > 0; c++) {
+                char name[IF_NAMESIZE+1];
+
+                printf("%*s",
+                       (int) strlen(prefix),
+                       c == 0 ? prefix : "");
+
+                if (if_indextoname(ifindexes[c], name))
+                        fputs(name, stdout);
+                else
+                        printf("%i", ifindexes[c]);
+
+                fputc('\n', stdout);
+        }
+}
+
+static void dump_list(const char *prefix, char **l) {
+        char **i;
+
+        if (strv_isempty(l))
+                return;
+
+        STRV_FOREACH(i, l) {
+                printf("%*s%s\n",
+                       (int) strlen(prefix),
+                       i == l ? prefix : "",
+                       *i);
+        }
+}
+
+static int link_status_one(
+                sd_netlink *rtnl,
+                sd_hwdb *hwdb,
+                const LinkInfo *info) {
+
+        _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
+        _cleanup_free_ char *setup_state = NULL, *operational_state = NULL, *tz = NULL;
+        _cleanup_(sd_device_unrefp) sd_device *d = NULL;
+        char devid[2 + DECIMAL_STR_MAX(int)];
+        _cleanup_free_ char *t = NULL, *network = NULL;
+        const char *driver = NULL, *path = NULL, *vendor = NULL, *model = NULL, *link = NULL;
+        const char *on_color_operational, *off_color_operational,
+                   *on_color_setup, *off_color_setup;
+        _cleanup_free_ int *carrier_bound_to = NULL, *carrier_bound_by = NULL;
+        int r;
+
+        assert(rtnl);
+        assert(info);
+
+        (void) sd_network_link_get_operational_state(info->ifindex, &operational_state);
+        operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
+
+        r = sd_network_link_get_setup_state(info->ifindex, &setup_state);
+        if (r == -ENODATA) /* If there's no info available about this iface, it's unmanaged by networkd */
+                setup_state = strdup("unmanaged");
+        setup_state_to_color(setup_state, &on_color_setup, &off_color_setup);
+
+        (void) sd_network_link_get_dns(info->ifindex, &dns);
+        (void) sd_network_link_get_search_domains(info->ifindex, &search_domains);
+        (void) sd_network_link_get_route_domains(info->ifindex, &route_domains);
+        (void) sd_network_link_get_ntp(info->ifindex, &ntp);
+
+        xsprintf(devid, "n%i", info->ifindex);
+
+        (void) sd_device_new_from_device_id(&d, devid);
+
+        if (d) {
+                (void) sd_device_get_property_value(d, "ID_NET_LINK_FILE", &link);
+                (void) sd_device_get_property_value(d, "ID_NET_DRIVER", &driver);
+                (void) sd_device_get_property_value(d, "ID_PATH", &path);
+
+                r = sd_device_get_property_value(d, "ID_VENDOR_FROM_DATABASE", &vendor);
+                if (r < 0)
+                        (void) sd_device_get_property_value(d, "ID_VENDOR", &vendor);
+
+                r = sd_device_get_property_value(d, "ID_MODEL_FROM_DATABASE", &model);
+                if (r < 0)
+                        (void) sd_device_get_property_value(d, "ID_MODEL", &model);
+        }
+
+        (void) link_get_type_string(info->iftype, d, &t);
+
+        (void) sd_network_link_get_network_file(info->ifindex, &network);
+
+        (void) sd_network_link_get_carrier_bound_to(info->ifindex, &carrier_bound_to);
+        (void) sd_network_link_get_carrier_bound_by(info->ifindex, &carrier_bound_by);
+
+        printf("%s%s%s %i: %s\n", on_color_operational, special_glyph(BLACK_CIRCLE), off_color_operational, info->ifindex, info->name);
+
+        printf("       Link File: %s\n"
+               "    Network File: %s\n"
+               "            Type: %s\n"
+               "           State: %s%s%s (%s%s%s)\n",
+               strna(link),
+               strna(network),
+               strna(t),
+               on_color_operational, strna(operational_state), off_color_operational,
+               on_color_setup, strna(setup_state), off_color_setup);
+
+        if (path)
+                printf("            Path: %s\n", path);
+        if (driver)
+                printf("          Driver: %s\n", driver);
+        if (vendor)
+                printf("          Vendor: %s\n", vendor);
+        if (model)
+                printf("           Model: %s\n", model);
+
+        if (info->has_mac_address) {
+                _cleanup_free_ char *description = NULL;
+                char ea[ETHER_ADDR_TO_STRING_MAX];
+
+                (void) ieee_oui(hwdb, &info->mac_address, &description);
+
+                if (description)
+                        printf("      HW Address: %s (%s)\n", ether_addr_to_string(&info->mac_address, ea), description);
+                else
+                        printf("      HW Address: %s\n", ether_addr_to_string(&info->mac_address, ea));
+        }
+
+        if (info->has_mtu)
+                printf("             MTU: %u\n", info->mtu);
+
+        (void) dump_addresses(rtnl, "         Address: ", info->ifindex);
+        (void) dump_gateways(rtnl, hwdb, "         Gateway: ", info->ifindex);
+
+        dump_list("             DNS: ", dns);
+        dump_list("  Search Domains: ", search_domains);
+        dump_list("   Route Domains: ", route_domains);
+
+        dump_list("             NTP: ", ntp);
+
+        dump_ifindexes("Carrier Bound To: ", carrier_bound_to);
+        dump_ifindexes("Carrier Bound By: ", carrier_bound_by);
+
+        (void) sd_network_link_get_timezone(info->ifindex, &tz);
+        if (tz)
+                printf("       Time Zone: %s\n", tz);
+
+        (void) dump_lldp_neighbors("    Connected To: ", info->ifindex);
+
+        return 0;
+}
+
+static int system_status(sd_netlink *rtnl, sd_hwdb *hwdb) {
+        _cleanup_free_ char *operational_state = NULL;
+        _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
+        const char *on_color_operational, *off_color_operational;
+
+        assert(rtnl);
+
+        (void) sd_network_get_operational_state(&operational_state);
+        operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
+
+        printf("%s%s%s        State: %s%s%s\n",
+               on_color_operational, special_glyph(BLACK_CIRCLE), off_color_operational,
+               on_color_operational, strna(operational_state), off_color_operational);
+
+        (void) dump_addresses(rtnl, "       Address: ", 0);
+        (void) dump_gateways(rtnl, hwdb, "       Gateway: ", 0);
+
+        (void) sd_network_get_dns(&dns);
+        dump_list("           DNS: ", dns);
+
+        (void) sd_network_get_search_domains(&search_domains);
+        dump_list("Search Domains: ", search_domains);
+
+        (void) sd_network_get_route_domains(&route_domains);
+        dump_list(" Route Domains: ", route_domains);
+
+        (void) sd_network_get_ntp(&ntp);
+        dump_list("           NTP: ", ntp);
+
+        return 0;
+}
+
+static int link_status(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
+        _cleanup_free_ LinkInfo *links = NULL;
+        int r, c, i;
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        r = sd_hwdb_new(&hwdb);
+        if (r < 0)
+                log_debug_errno(r, "Failed to open hardware database: %m");
+
+        if (arg_all)
+                c = acquire_link_info_all(rtnl, &links);
+        else if (argc <= 1)
+                return system_status(rtnl, hwdb);
+        else
+                c = acquire_link_info_strv(rtnl, argv + 1, &links);
+        if (c < 0)
+                return c;
+
+        for (i = 0; i < c; i++) {
+                if (i > 0)
+                        fputc('\n', stdout);
+
+                link_status_one(rtnl, hwdb, links + i);
+        }
+
+        return 0;
+}
+
+static char *lldp_capabilities_to_string(uint16_t x) {
+        static const char characters[] = {
+                'o', 'p', 'b', 'w', 'r', 't', 'd', 'a', 'c', 's', 'm',
+        };
+        char *ret;
+        unsigned i;
+
+        ret = new(char, ELEMENTSOF(characters) + 1);
+        if (!ret)
+                return NULL;
+
+        for (i = 0; i < ELEMENTSOF(characters); i++)
+                ret[i] = (x & (1U << i)) ? characters[i] : '.';
+
+        ret[i] = 0;
+        return ret;
+}
+
+static void lldp_capabilities_legend(uint16_t x) {
+        unsigned w, i, cols = columns();
+        static const char* const table[] = {
+                "o - Other",
+                "p - Repeater",
+                "b - Bridge",
+                "w - WLAN Access Point",
+                "r - Router",
+                "t - Telephone",
+                "d - DOCSIS cable device",
+                "a - Station",
+                "c - Customer VLAN",
+                "s - Service VLAN",
+                "m - Two-port MAC Relay (TPMR)",
+        };
+
+        if (x == 0)
+                return;
+
+        printf("\nCapability Flags:\n");
+        for (w = 0, i = 0; i < ELEMENTSOF(table); i++)
+                if (x & (1U << i) || arg_all) {
+                        bool newline;
+
+                        newline = w + strlen(table[i]) + (w == 0 ? 0 : 2) > cols;
+                        if (newline)
+                                w = 0;
+                        w += printf("%s%s%s", newline ? "\n" : "", w == 0 ? "" : "; ", table[i]);
+                }
+        puts("");
+}
+
+static int link_lldp_status(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_free_ LinkInfo *links = NULL;
+        int i, r, c, m = 0;
+        uint16_t all = 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        if (argc > 1)
+                c = acquire_link_info_strv(rtnl, argv + 1, &links);
+        else
+                c = acquire_link_info_all(rtnl, &links);
+        if (c < 0)
+                return c;
+
+        pager_open(arg_no_pager, false);
+
+        if (arg_legend)
+                printf("%-16s %-17s %-16s %-11s %-17s %-16s\n",
+                       "LINK",
+                       "CHASSIS ID",
+                       "SYSTEM NAME",
+                       "CAPS",
+                       "PORT ID",
+                       "PORT DESCRIPTION");
+
+        for (i = 0; i < c; i++) {
+                _cleanup_fclose_ FILE *f = NULL;
+
+                r = open_lldp_neighbors(links[i].ifindex, &f);
+                if (r == -ENOENT)
+                        continue;
+                if (r < 0) {
+                        log_warning_errno(r, "Failed to open LLDP data for %i, ignoring: %m", links[i].ifindex);
+                        continue;
+                }
+
+                for (;;) {
+                        _cleanup_free_ char *cid = NULL, *pid = NULL, *sname = NULL, *pdesc = NULL;
+                        const char *chassis_id = NULL, *port_id = NULL, *system_name = NULL, *port_description = NULL, *capabilities = NULL;
+                        _cleanup_(sd_lldp_neighbor_unrefp) sd_lldp_neighbor *n = NULL;
+                        uint16_t cc;
+
+                        r = next_lldp_neighbor(f, &n);
+                        if (r < 0) {
+                                log_warning_errno(r, "Failed to read neighbor data: %m");
+                                break;
+                        }
+                        if (r == 0)
+                                break;
+
+                        (void) sd_lldp_neighbor_get_chassis_id_as_string(n, &chassis_id);
+                        (void) sd_lldp_neighbor_get_port_id_as_string(n, &port_id);
+                        (void) sd_lldp_neighbor_get_system_name(n, &system_name);
+                        (void) sd_lldp_neighbor_get_port_description(n, &port_description);
+
+                        if (chassis_id) {
+                                cid = ellipsize(chassis_id, 17, 100);
+                                if (cid)
+                                        chassis_id = cid;
+                        }
+
+                        if (port_id) {
+                                pid = ellipsize(port_id, 17, 100);
+                                if (pid)
+                                        port_id = pid;
+                        }
+
+                        if (system_name) {
+                                sname = ellipsize(system_name, 16, 100);
+                                if (sname)
+                                        system_name = sname;
+                        }
+
+                        if (port_description) {
+                                pdesc = ellipsize(port_description, 16, 100);
+                                if (pdesc)
+                                        port_description = pdesc;
+                        }
+
+                        if (sd_lldp_neighbor_get_enabled_capabilities(n, &cc) >= 0) {
+                                capabilities = lldp_capabilities_to_string(cc);
+                                all |= cc;
+                        }
+
+                        printf("%-16s %-17s %-16s %-11s %-17s %-16s\n",
+                               links[i].name,
+                               strna(chassis_id),
+                               strna(system_name),
+                               strna(capabilities),
+                               strna(port_id),
+                               strna(port_description));
+
+                        m++;
+                }
+        }
+
+        if (arg_legend) {
+                lldp_capabilities_legend(all);
+                printf("\n%i neighbors listed.\n", m);
+        }
+
+        return 0;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...]\n\n"
+               "Query and control the networking subsystem.\n\n"
+               "  -h --help             Show this help\n"
+               "     --version          Show package version\n"
+               "     --no-pager         Do not pipe output into a pager\n"
+               "     --no-legend        Do not show the headers and footers\n"
+               "  -a --all              Show status for all links\n\n"
+               "Commands:\n"
+               "  list [LINK...]        List links\n"
+               "  status [LINK...]      Show link status\n"
+               "  lldp [LINK...]        Show LLDP neighbors\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_PAGER,
+                ARG_NO_LEGEND,
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, 'h'           },
+                { "version",   no_argument,       NULL, ARG_VERSION   },
+                { "no-pager",  no_argument,       NULL, ARG_NO_PAGER  },
+                { "no-legend", no_argument,       NULL, ARG_NO_LEGEND },
+                { "all",       no_argument,       NULL, 'a'           },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "ha", options, NULL)) >= 0) {
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_NO_LEGEND:
+                        arg_legend = false;
+                        break;
+
+                case 'a':
+                        arg_all = true;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+        }
+
+        return 1;
+}
+
+static int networkctl_main(int argc, char *argv[]) {
+        const Verb verbs[] = {
+                { "list",   VERB_ANY, VERB_ANY, VERB_DEFAULT, list_links       },
+                { "status", VERB_ANY, VERB_ANY, 0,            link_status      },
+                { "lldp",   VERB_ANY, VERB_ANY, 0,            link_lldp_status },
+                {}
+        };
+
+        return dispatch_verb(argc, argv, verbs, NULL);
+}
+
+static void warn_networkd_missing(void) {
+
+        if (access("/run/systemd/netif/state", F_OK) >= 0)
+                return;
+
+        fprintf(stderr, "WARNING: systemd-networkd is not running, output will be incomplete.\n\n");
+}
+
+int main(int argc, char* argv[]) {
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        warn_networkd_missing();
+
+        r = networkctl_main(argc, argv);
+
+finish:
+        pager_close();
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/network/org.freedesktop.network1.conf b/src/grp-network/org.freedesktop.network1.conf
index 52dad33668..52dad33668 100644
--- a/src/network/org.freedesktop.network1.conf
+++ b/src/grp-network/org.freedesktop.network1.conf
diff --git a/src/network/org.freedesktop.network1.service b/src/grp-network/org.freedesktop.network1.service
index bea885fe53..bea885fe53 100644
--- a/src/network/org.freedesktop.network1.service
+++ b/src/grp-network/org.freedesktop.network1.service
diff --git a/src/grp-network/systemd-networkd-wait-online/Makefile b/src/grp-network/systemd-networkd-wait-online/Makefile
new file mode 100644
index 0000000000..12aa13c48f
--- /dev/null
+++ b/src/grp-network/systemd-networkd-wait-online/Makefile
@@ -0,0 +1,44 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += \
+	systemd-networkd-wait-online
+
+systemd_networkd_wait_online_CFLAGS = \
+	$(AM_CFLAGS)
+
+systemd_networkd_wait_online_SOURCES = \
+	src/libsystemd-network/network-internal.h \
+	src/network/networkd-wait-online.h \
+	src/network/networkd-wait-online-link.h \
+	src/network/networkd-wait-online.c \
+	src/network/networkd-wait-online-manager.c \
+	src/network/networkd-wait-online-link.c
+
+systemd_networkd_wait_online_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-network/systemd-networkd-wait-online/networkd-wait-online-link.c b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online-link.c
new file mode 100644
index 0000000000..971545296f
--- /dev/null
+++ b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online-link.c
@@ -0,0 +1,131 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+  Copyright 2014 Tom Gundersen
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-network.h>
+
+#include "alloc-util.h"
+#include "networkd-wait-online-link.h"
+#include "string-util.h"
+
+int link_new(Manager *m, Link **ret, int ifindex, const char *ifname) {
+        _cleanup_(link_freep) Link *l = NULL;
+        int r;
+
+        assert(m);
+        assert(ifindex > 0);
+
+        r = hashmap_ensure_allocated(&m->links, NULL);
+        if (r < 0)
+                return r;
+
+        r = hashmap_ensure_allocated(&m->links_by_name, &string_hash_ops);
+        if (r < 0)
+                return r;
+
+        l = new0(Link, 1);
+        if (!l)
+                return -ENOMEM;
+
+        l->manager = m;
+
+        l->ifname = strdup(ifname);
+        if (!l->ifname)
+                return -ENOMEM;
+
+        r = hashmap_put(m->links_by_name, l->ifname, l);
+        if (r < 0)
+                return r;
+
+        l->ifindex = ifindex;
+
+        r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = l;
+        l = NULL;
+
+        return 0;
+}
+
+Link *link_free(Link *l) {
+
+        if (!l)
+                return NULL;
+
+        if (l->manager) {
+                hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
+                hashmap_remove(l->manager->links_by_name, l->ifname);
+        }
+
+        free(l->ifname);
+        free(l);
+        return NULL;
+ }
+
+int link_update_rtnl(Link *l, sd_netlink_message *m) {
+        const char *ifname;
+        int r;
+
+        assert(l);
+        assert(l->manager);
+        assert(m);
+
+        r = sd_rtnl_message_link_get_flags(m, &l->flags);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_read_string(m, IFLA_IFNAME, &ifname);
+        if (r < 0)
+                return r;
+
+        if (!streq(l->ifname, ifname)) {
+                char *new_ifname;
+
+                new_ifname = strdup(ifname);
+                if (!new_ifname)
+                        return -ENOMEM;
+
+                hashmap_remove(l->manager->links_by_name, l->ifname);
+                free(l->ifname);
+                l->ifname = new_ifname;
+
+                r = hashmap_put(l->manager->links_by_name, l->ifname, l);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+int link_update_monitor(Link *l) {
+        assert(l);
+
+        l->operational_state = mfree(l->operational_state);
+
+        sd_network_link_get_operational_state(l->ifindex, &l->operational_state);
+
+        l->state = mfree(l->state);
+
+        sd_network_link_get_setup_state(l->ifindex, &l->state);
+
+        return 0;
+}
diff --git a/src/network/networkd-wait-online-link.h b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online-link.h
index dc35085c55..dc35085c55 100644
--- a/src/network/networkd-wait-online-link.h
+++ b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online-link.h
diff --git a/src/network/networkd-wait-online-manager.c b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online-manager.c
index 2ff7ddb044..2ff7ddb044 100644
--- a/src/network/networkd-wait-online-manager.c
+++ b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online-manager.c
diff --git a/src/grp-network/systemd-networkd-wait-online/networkd-wait-online.c b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online.c
new file mode 100644
index 0000000000..a08272463e
--- /dev/null
+++ b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online.c
@@ -0,0 +1,166 @@
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "networkd-wait-online.h"
+#include "signal-util.h"
+#include "strv.h"
+
+static bool arg_quiet = false;
+static usec_t arg_timeout = 120 * USEC_PER_SEC;
+static char **arg_interfaces = NULL;
+static char **arg_ignore = NULL;
+
+static void help(void) {
+        printf("%s [OPTIONS...]\n\n"
+               "Block until network is configured.\n\n"
+               "  -h --help                 Show this help\n"
+               "     --version              Print version string\n"
+               "  -q --quiet                Do not show status information\n"
+               "  -i --interface=INTERFACE  Block until at least these interfaces have appeared\n"
+               "     --ignore=INTERFACE     Don't take these interfaces into account\n"
+               "     --timeout=SECS         Maximum time to wait for network connectivity\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_IGNORE,
+                ARG_TIMEOUT,
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'         },
+                { "version",         no_argument,       NULL, ARG_VERSION },
+                { "quiet",           no_argument,       NULL, 'q'         },
+                { "interface",       required_argument, NULL, 'i'         },
+                { "ignore",          required_argument, NULL, ARG_IGNORE  },
+                { "timeout",         required_argument, NULL, ARG_TIMEOUT  },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "+hi:q", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'i':
+                        if (strv_extend(&arg_interfaces, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case ARG_IGNORE:
+                        if (strv_extend(&arg_ignore, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case ARG_TIMEOUT:
+                        r = parse_sec(optarg, &arg_timeout);
+                        if (r < 0)
+                                return r;
+
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(manager_freep) Manager *m = NULL;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                return r;
+
+        if (arg_quiet)
+                log_set_max_level(LOG_WARNING);
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+
+        r = manager_new(&m, arg_interfaces, arg_ignore, arg_timeout);
+        if (r < 0) {
+                log_error_errno(r, "Could not create manager: %m");
+                goto finish;
+        }
+
+        if (manager_all_configured(m)) {
+                r = 0;
+                goto finish;
+        }
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Waiting for network connections...");
+
+        r = sd_event_loop(m->event);
+        if (r < 0) {
+                log_error_errno(r, "Event loop failed: %m");
+                goto finish;
+        }
+
+finish:
+        strv_free(arg_interfaces);
+        strv_free(arg_ignore);
+
+        if (r >= 0) {
+                sd_notify(false, "STATUS=All interfaces configured...");
+
+                return EXIT_SUCCESS;
+        } else {
+                sd_notify(false, "STATUS=Failed waiting for network connectivity...");
+
+                return EXIT_FAILURE;
+        }
+}
diff --git a/src/grp-network/systemd-networkd-wait-online/networkd-wait-online.h b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online.h
new file mode 100644
index 0000000000..7ac7f4018a
--- /dev/null
+++ b/src/grp-network/systemd-networkd-wait-online/networkd-wait-online.h
@@ -0,0 +1,54 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+#include <systemd/sd-netlink.h>
+#include <systemd/sd-network.h>
+
+#include "hashmap.h"
+
+typedef struct Manager Manager;
+
+#include "networkd-wait-online-link.h"
+
+struct Manager {
+        Hashmap *links;
+        Hashmap *links_by_name;
+
+        char **interfaces;
+        char **ignore;
+
+        sd_netlink *rtnl;
+        sd_event_source *rtnl_event_source;
+
+        sd_network_monitor *network_monitor;
+        sd_event_source *network_monitor_event_source;
+
+        sd_event *event;
+};
+
+void manager_free(Manager *m);
+int manager_new(Manager **ret, char **interfaces, char **ignore, usec_t timeout);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
+
+bool manager_all_configured(Manager *m);
+bool manager_ignore_link(Manager *m, Link *link);
diff --git a/src/grp-network/systemd-networkd/Makefile b/src/grp-network/systemd-networkd/Makefile
new file mode 100644
index 0000000000..8b7e44062b
--- /dev/null
+++ b/src/grp-network/systemd-networkd/Makefile
@@ -0,0 +1,40 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += \
+	systemd-networkd
+
+systemd_networkd_SOURCES = \
+	src/network/networkd.c
+
+systemd_networkd_LDADD = \
+	libnetworkd-core.la
+
+ifneq ($(HAVE_LIBIPTC),)
+systemd_networkd_LDADD += \
+	libfirewall.la
+endif # HAVE_LIBIPTC
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-network/systemd-networkd/networkd.c b/src/grp-network/systemd-networkd/networkd.c
new file mode 100644
index 0000000000..9f5c75ac3d
--- /dev/null
+++ b/src/grp-network/systemd-networkd/networkd.c
@@ -0,0 +1,139 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-daemon.h>
+
+#include "capability-util.h"
+#include "networkd.h"
+#include "networkd-conf.h"
+#include "signal-util.h"
+#include "user-util.h"
+
+int main(int argc, char *argv[]) {
+        _cleanup_manager_free_ Manager *m = NULL;
+        const char *user = "systemd-network";
+        uid_t uid;
+        gid_t gid;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (argc != 1) {
+                log_error("This program takes no arguments.");
+                r = -EINVAL;
+                goto out;
+        }
+
+        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Cannot resolve user name %s: %m", user);
+                goto out;
+        }
+
+        /* Always create the directories people can create inotify
+         * watches in. */
+        r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid);
+        if (r < 0)
+                log_warning_errno(r, "Could not create runtime directory: %m");
+
+        r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid);
+        if (r < 0)
+                log_warning_errno(r, "Could not create runtime directory 'links': %m");
+
+        r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid);
+        if (r < 0)
+                log_warning_errno(r, "Could not create runtime directory 'leases': %m");
+
+        r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid);
+        if (r < 0)
+                log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
+
+        r = drop_privileges(uid, gid,
+                            (1ULL << CAP_NET_ADMIN) |
+                            (1ULL << CAP_NET_BIND_SERVICE) |
+                            (1ULL << CAP_NET_BROADCAST) |
+                            (1ULL << CAP_NET_RAW));
+        if (r < 0)
+                goto out;
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+
+        r = manager_new(&m);
+        if (r < 0) {
+                log_error_errno(r, "Could not create manager: %m");
+                goto out;
+        }
+
+        r = manager_connect_bus(m);
+        if (r < 0) {
+                log_error_errno(r, "Could not connect to bus: %m");
+                goto out;
+        }
+
+        r = manager_parse_config_file(m);
+        if (r < 0)
+                log_warning_errno(r, "Failed to parse configuration file: %m");
+
+        r = manager_load_config(m);
+        if (r < 0) {
+                log_error_errno(r, "Could not load configuration files: %m");
+                goto out;
+        }
+
+        r = manager_rtnl_enumerate_links(m);
+        if (r < 0) {
+                log_error_errno(r, "Could not enumerate links: %m");
+                goto out;
+        }
+
+        r = manager_rtnl_enumerate_addresses(m);
+        if (r < 0) {
+                log_error_errno(r, "Could not enumerate addresses: %m");
+                goto out;
+        }
+
+        r = manager_rtnl_enumerate_routes(m);
+        if (r < 0) {
+                log_error_errno(r, "Could not enumerate routes: %m");
+                goto out;
+        }
+
+        log_info("Enumeration completed");
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing requests...");
+
+        r = manager_run(m);
+        if (r < 0) {
+                log_error_errno(r, "Event loop failed: %m");
+                goto out;
+        }
+
+out:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Shutting down...");
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/network/test-network-tables.c b/src/grp-network/test-network-tables.c
index adbe09a5e1..adbe09a5e1 100644
--- a/src/network/test-network-tables.c
+++ b/src/grp-network/test-network-tables.c
diff --git a/src/network/test-network.c b/src/grp-network/test-network.c
index 855646173f..855646173f 100644
--- a/src/network/test-network.c
+++ b/src/grp-network/test-network.c
diff --git a/src/network/test-networkd-conf.c b/src/grp-network/test-networkd-conf.c
index 0e1a18457d..0e1a18457d 100644
--- a/src/network/test-networkd-conf.c
+++ b/src/grp-network/test-networkd-conf.c
diff --git a/src/grp-resolve/Makefile b/src/grp-resolve/Makefile
new file mode 100644
index 0000000000..ae0c5a2466
--- /dev/null
+++ b/src/grp-resolve/Makefile
@@ -0,0 +1,28 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += systemd-resolved nss-resolve
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-resolve/nss-resolve/Makefile b/src/grp-resolve/nss-resolve/Makefile
new file mode 100644
index 0000000000..acfbe831ae
--- /dev/null
+++ b/src/grp-resolve/nss-resolve/Makefile
@@ -0,0 +1,46 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+libnss_resolve_la_SOURCES = \
+	src/nss-resolve/nss-resolve.sym \
+	src/nss-resolve/nss-resolve.c
+
+libnss_resolve_la_LDFLAGS = \
+	$(AM_LDFLAGS) \
+	-module \
+	-export-dynamic \
+	-avoid-version \
+	-shared \
+	-shrext .so.2 \
+	-Wl,--version-script=$(srcdir)/nss-resolve.sym
+
+libnss_resolve_la_LIBADD = \
+	libsystemd-internal.la \
+        -ldl
+
+lib_LTLIBRARIES += \
+	libnss_resolve.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-resolve/nss-resolve/nss-resolve.c b/src/grp-resolve/nss-resolve/nss-resolve.c
new file mode 100644
index 0000000000..4c2101d856
--- /dev/null
+++ b/src/grp-resolve/nss-resolve/nss-resolve.c
@@ -0,0 +1,675 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <dlfcn.h>
+#include <errno.h>
+#include <netdb.h>
+#include <nss.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-common-errors.h"
+#include "in-addr-util.h"
+#include "macro.h"
+#include "nss-util.h"
+#include "string-util.h"
+#include "util.h"
+#include "signal-util.h"
+
+NSS_GETHOSTBYNAME_PROTOTYPES(resolve);
+NSS_GETHOSTBYADDR_PROTOTYPES(resolve);
+
+#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
+
+typedef void (*voidfunc_t)(void);
+
+static voidfunc_t find_fallback(const char *module, const char *symbol) {
+        void *dl;
+
+        /* Try to find a fallback NSS module symbol */
+
+        dl = dlopen(module, RTLD_LAZY|RTLD_NODELETE);
+        if (!dl)
+                return NULL;
+
+        return dlsym(dl, symbol);
+}
+
+static bool bus_error_shall_fallback(sd_bus_error *e) {
+        return sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN) ||
+               sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER) ||
+               sd_bus_error_has_name(e, SD_BUS_ERROR_NO_REPLY) ||
+               sd_bus_error_has_name(e, SD_BUS_ERROR_ACCESS_DENIED);
+}
+
+static int count_addresses(sd_bus_message *m, int af, const char **canonical) {
+        int c = 0, r;
+
+        assert(m);
+        assert(canonical);
+
+        r = sd_bus_message_enter_container(m, 'a', "(iiay)");
+        if (r < 0)
+                return r;
+
+        while ((r = sd_bus_message_enter_container(m, 'r', "iiay")) > 0) {
+                int family, ifindex;
+
+                assert_cc(sizeof(int32_t) == sizeof(int));
+
+                r = sd_bus_message_read(m, "ii", &ifindex, &family);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_skip(m, "ay");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_exit_container(m);
+                if (r < 0)
+                        return r;
+
+                if (af != AF_UNSPEC && family != af)
+                        continue;
+
+                c++;
+        }
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_exit_container(m);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(m, "s", canonical);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_rewind(m, true);
+        if (r < 0)
+                return r;
+
+        return c;
+}
+
+enum nss_status _nss_resolve_gethostbyname4_r(
+                const char *name,
+                struct gaih_addrtuple **pat,
+                char *buffer, size_t buflen,
+                int *errnop, int *h_errnop,
+                int32_t *ttlp) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        const char *canonical = NULL;
+        size_t l, ms, idx;
+        char *r_name;
+        int c, r, i = 0;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        assert(name);
+        assert(pat);
+        assert(buffer);
+        assert(errnop);
+        assert(h_errnop);
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fallback;
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &req,
+                        "org.freedesktop.resolve1",
+                        "/org/freedesktop/resolve1",
+                        "org.freedesktop.resolve1.Manager",
+                        "ResolveHostname");
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_set_auto_start(req, false);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_append(req, "isit", 0, name, AF_UNSPEC, (uint64_t) 0);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
+                        *errnop = ESRCH;
+                        *h_errnop = HOST_NOT_FOUND;
+                        return NSS_STATUS_NOTFOUND;
+                }
+
+                if (bus_error_shall_fallback(&error))
+                        goto fallback;
+
+                goto fail;
+        }
+
+        c = count_addresses(reply, AF_UNSPEC, &canonical);
+        if (c < 0) {
+                r = c;
+                goto fail;
+        }
+        if (c == 0) {
+                *errnop = ESRCH;
+                *h_errnop = HOST_NOT_FOUND;
+                return NSS_STATUS_NOTFOUND;
+        }
+
+        if (isempty(canonical))
+                canonical = name;
+
+        l = strlen(canonical);
+        ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c;
+        if (buflen < ms) {
+                *errnop = ENOMEM;
+                *h_errnop = TRY_AGAIN;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        /* First, append name */
+        r_name = buffer;
+        memcpy(r_name, canonical, l+1);
+        idx = ALIGN(l+1);
+
+        /* Second, append addresses */
+        r_tuple_first = (struct gaih_addrtuple*) (buffer + idx);
+
+        r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
+        if (r < 0)
+                goto fail;
+
+        while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
+                int family, ifindex;
+                const void *a;
+                size_t sz;
+
+                assert_cc(sizeof(int32_t) == sizeof(int));
+
+                r = sd_bus_message_read(reply, "ii", &ifindex, &family);
+                if (r < 0)
+                        goto fail;
+
+                if (ifindex < 0) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
+                if (r < 0)
+                        goto fail;
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        goto fail;
+
+                if (!IN_SET(family, AF_INET, AF_INET6))
+                        continue;
+
+                if (sz != FAMILY_ADDRESS_SIZE(family)) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                r_tuple = (struct gaih_addrtuple*) (buffer + idx);
+                r_tuple->next = i == c-1 ? NULL : (struct gaih_addrtuple*) ((char*) r_tuple + ALIGN(sizeof(struct gaih_addrtuple)));
+                r_tuple->name = r_name;
+                r_tuple->family = family;
+                r_tuple->scopeid = ifindex;
+                memcpy(r_tuple->addr, a, sz);
+
+                idx += ALIGN(sizeof(struct gaih_addrtuple));
+                i++;
+        }
+        if (r < 0)
+                goto fail;
+
+        assert(i == c);
+        assert(idx == ms);
+
+        if (*pat)
+                **pat = *r_tuple_first;
+        else
+                *pat = r_tuple_first;
+
+        if (ttlp)
+                *ttlp = 0;
+
+        /* Explicitly reset all error variables */
+        *errnop = 0;
+        *h_errnop = NETDB_SUCCESS;
+        h_errno = 0;
+
+        return NSS_STATUS_SUCCESS;
+
+fallback:
+        {
+                _nss_gethostbyname4_r_t fallback;
+
+                fallback = (_nss_gethostbyname4_r_t)
+                        find_fallback("libnss_dns.so.2", "_nss_dns_gethostbyname4_r");
+
+                if (fallback)
+                        return fallback(name, pat, buffer, buflen, errnop, h_errnop, ttlp);
+        }
+
+fail:
+        *errnop = -r;
+        *h_errnop = NO_RECOVERY;
+        return NSS_STATUS_UNAVAIL;
+}
+
+enum nss_status _nss_resolve_gethostbyname3_r(
+                const char *name,
+                int af,
+                struct hostent *result,
+                char *buffer, size_t buflen,
+                int *errnop, int *h_errnop,
+                int32_t *ttlp,
+                char **canonp) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char *r_name, *r_aliases, *r_addr, *r_addr_list;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        size_t l, idx, ms, alen;
+        const char *canonical;
+        int c, r, i = 0;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        assert(name);
+        assert(result);
+        assert(buffer);
+        assert(errnop);
+        assert(h_errnop);
+
+        if (af == AF_UNSPEC)
+                af = AF_INET;
+
+        if (af != AF_INET && af != AF_INET6) {
+                r = -EAFNOSUPPORT;
+                goto fail;
+        }
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fallback;
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &req,
+                        "org.freedesktop.resolve1",
+                        "/org/freedesktop/resolve1",
+                        "org.freedesktop.resolve1.Manager",
+                        "ResolveHostname");
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_set_auto_start(req, false);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_append(req, "isit", 0, name, af, (uint64_t) 0);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
+                        *errnop = ESRCH;
+                        *h_errnop = HOST_NOT_FOUND;
+                        return NSS_STATUS_NOTFOUND;
+                }
+
+                if (bus_error_shall_fallback(&error))
+                        goto fallback;
+
+                goto fail;
+        }
+
+        c = count_addresses(reply, af, &canonical);
+        if (c < 0) {
+                r = c;
+                goto fail;
+        }
+        if (c == 0) {
+                *errnop = ESRCH;
+                *h_errnop = HOST_NOT_FOUND;
+                return NSS_STATUS_NOTFOUND;
+        }
+
+        if (isempty(canonical))
+                canonical = name;
+
+        alen = FAMILY_ADDRESS_SIZE(af);
+        l = strlen(canonical);
+
+        ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
+
+        if (buflen < ms) {
+                *errnop = ENOMEM;
+                *h_errnop = TRY_AGAIN;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        /* First, append name */
+        r_name = buffer;
+        memcpy(r_name, canonical, l+1);
+        idx = ALIGN(l+1);
+
+        /* Second, create empty aliases array */
+        r_aliases = buffer + idx;
+        ((char**) r_aliases)[0] = NULL;
+        idx += sizeof(char*);
+
+        /* Third, append addresses */
+        r_addr = buffer + idx;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
+        if (r < 0)
+                goto fail;
+
+        while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
+                int ifindex, family;
+                const void *a;
+                size_t sz;
+
+                r = sd_bus_message_read(reply, "ii", &ifindex, &family);
+                if (r < 0)
+                        goto fail;
+
+                if (ifindex < 0) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
+                if (r < 0)
+                        goto fail;
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        goto fail;
+
+                if (family != af)
+                        continue;
+
+                if (sz != alen) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                memcpy(r_addr + i*ALIGN(alen), a, alen);
+                i++;
+        }
+        if (r < 0)
+                goto fail;
+
+        assert(i == c);
+        idx += c * ALIGN(alen);
+
+        /* Fourth, append address pointer array */
+        r_addr_list = buffer + idx;
+        for (i = 0; i < c; i++)
+                ((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen);
+
+        ((char**) r_addr_list)[i] = NULL;
+        idx += (c+1) * sizeof(char*);
+
+        assert(idx == ms);
+
+        result->h_name = r_name;
+        result->h_aliases = (char**) r_aliases;
+        result->h_addrtype = af;
+        result->h_length = alen;
+        result->h_addr_list = (char**) r_addr_list;
+
+        /* Explicitly reset all error variables */
+        *errnop = 0;
+        *h_errnop = NETDB_SUCCESS;
+        h_errno = 0;
+
+        if (ttlp)
+                *ttlp = 0;
+
+        if (canonp)
+                *canonp = r_name;
+
+        return NSS_STATUS_SUCCESS;
+
+fallback:
+        {
+                _nss_gethostbyname3_r_t fallback;
+
+                fallback = (_nss_gethostbyname3_r_t)
+                        find_fallback("libnss_dns.so.2", "_nss_dns_gethostbyname3_r");
+                if (fallback)
+                        return fallback(name, af, result, buffer, buflen, errnop, h_errnop, ttlp, canonp);
+        }
+
+fail:
+        *errnop = -r;
+        *h_errnop = NO_RECOVERY;
+        return NSS_STATUS_UNAVAIL;
+}
+
+enum nss_status _nss_resolve_gethostbyaddr2_r(
+                const void* addr, socklen_t len,
+                int af,
+                struct hostent *result,
+                char *buffer, size_t buflen,
+                int *errnop, int *h_errnop,
+                int32_t *ttlp) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char *r_name, *r_aliases, *r_addr, *r_addr_list;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        unsigned c = 0, i = 0;
+        size_t ms = 0, idx;
+        const char *n;
+        int r, ifindex;
+
+        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
+
+        assert(addr);
+        assert(result);
+        assert(buffer);
+        assert(errnop);
+        assert(h_errnop);
+
+        if (!IN_SET(af, AF_INET, AF_INET6)) {
+                *errnop = EAFNOSUPPORT;
+                *h_errnop = NO_DATA;
+                return NSS_STATUS_UNAVAIL;
+        }
+
+        if (len != FAMILY_ADDRESS_SIZE(af)) {
+                *errnop = EINVAL;
+                *h_errnop = NO_RECOVERY;
+                return NSS_STATUS_UNAVAIL;
+        }
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                goto fallback;
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &req,
+                        "org.freedesktop.resolve1",
+                        "/org/freedesktop/resolve1",
+                        "org.freedesktop.resolve1.Manager",
+                        "ResolveAddress");
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_set_auto_start(req, false);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_append(req, "ii", 0, af);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_append_array(req, 'y', addr, len);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_append(req, "t", (uint64_t) 0);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
+                        *errnop = ESRCH;
+                        *h_errnop = HOST_NOT_FOUND;
+                        return NSS_STATUS_NOTFOUND;
+                }
+
+                if (bus_error_shall_fallback(&error))
+                        goto fallback;
+
+
+                *errnop = -r;
+                *h_errnop = NO_RECOVERY;
+                return NSS_STATUS_UNAVAIL;
+        }
+
+        r = sd_bus_message_enter_container(reply, 'a', "(is)");
+        if (r < 0)
+                goto fail;
+
+        while ((r = sd_bus_message_read(reply, "(is)", &ifindex, &n)) > 0) {
+
+                if (ifindex < 0) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                c++;
+                ms += ALIGN(strlen(n) + 1);
+        }
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_message_rewind(reply, false);
+        if (r < 0)
+                return r;
+
+        if (c <= 0) {
+                *errnop = ESRCH;
+                *h_errnop = HOST_NOT_FOUND;
+                return NSS_STATUS_NOTFOUND;
+        }
+
+        ms += ALIGN(len) +              /* the address */
+              2 * sizeof(char*) +       /* pointers to the address, plus trailing NULL */
+              c * sizeof(char*);        /* pointers to aliases, plus trailing NULL */
+
+        if (buflen < ms) {
+                *errnop = ENOMEM;
+                *h_errnop = TRY_AGAIN;
+                return NSS_STATUS_TRYAGAIN;
+        }
+
+        /* First, place address */
+        r_addr = buffer;
+        memcpy(r_addr, addr, len);
+        idx = ALIGN(len);
+
+        /* Second, place address list */
+        r_addr_list = buffer + idx;
+        ((char**) r_addr_list)[0] = r_addr;
+        ((char**) r_addr_list)[1] = NULL;
+        idx += sizeof(char*) * 2;
+
+        /* Third, reserve space for the aliases array */
+        r_aliases = buffer + idx;
+        idx += sizeof(char*) * c;
+
+        /* Fourth, place aliases */
+        i = 0;
+        r_name = buffer + idx;
+        while ((r = sd_bus_message_read(reply, "(is)", &ifindex, &n)) > 0) {
+                char *p;
+                size_t l;
+
+                l = strlen(n);
+                p = buffer + idx;
+                memcpy(p, n, l+1);
+
+                if (i > 0)
+                        ((char**) r_aliases)[i-1] = p;
+                i++;
+
+                idx += ALIGN(l+1);
+        }
+        if (r < 0)
+                goto fail;
+
+        ((char**) r_aliases)[c-1] = NULL;
+        assert(idx == ms);
+
+        result->h_name = r_name;
+        result->h_aliases = (char**) r_aliases;
+        result->h_addrtype = af;
+        result->h_length = len;
+        result->h_addr_list = (char**) r_addr_list;
+
+        if (ttlp)
+                *ttlp = 0;
+
+        /* Explicitly reset all error variables */
+        *errnop = 0;
+        *h_errnop = NETDB_SUCCESS;
+        h_errno = 0;
+
+        return NSS_STATUS_SUCCESS;
+
+fallback:
+        {
+                _nss_gethostbyaddr2_r_t fallback;
+
+                fallback = (_nss_gethostbyaddr2_r_t)
+                        find_fallback("libnss_dns.so.2", "_nss_dns_gethostbyaddr2_r");
+
+                if (fallback)
+                        return fallback(addr, len, af, result, buffer, buflen, errnop, h_errnop, ttlp);
+        }
+
+fail:
+        *errnop = -r;
+        *h_errnop = NO_RECOVERY;
+        return NSS_STATUS_UNAVAIL;
+}
+
+NSS_GETHOSTBYNAME_FALLBACKS(resolve);
+NSS_GETHOSTBYADDR_FALLBACKS(resolve);
diff --git a/src/nss-resolve/nss-resolve.sym b/src/grp-resolve/nss-resolve/nss-resolve.sym
index df8dff2a20..df8dff2a20 100644
--- a/src/nss-resolve/nss-resolve.sym
+++ b/src/grp-resolve/nss-resolve/nss-resolve.sym
diff --git a/src/resolve/.gitignore b/src/grp-resolve/systemd-resolved/.gitignore
index f0835923b7..f0835923b7 100644
--- a/src/resolve/.gitignore
+++ b/src/grp-resolve/systemd-resolved/.gitignore
diff --git a/src/grp-resolve/systemd-resolved/Makefile b/src/grp-resolve/systemd-resolved/Makefile
new file mode 100644
index 0000000000..e18b1b3d90
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/Makefile
@@ -0,0 +1,227 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+
+$(outdir)/dns_type-list.txt: src/resolve/dns-type.h
+	$(AM_V_at)$(MKDIR_P) $(dir $@)
+	$(AM_V_GEN)$(SED) -n -r 's/.* DNS_TYPE_(\w+).*/\1/p' <$< >$@
+
+$(outdir)/dns_type-to-name.h: src/resolve/dns_type-list.txt
+	$(AM_V_at)$(MKDIR_P) $(dir $@)
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "const char *dns_type_to_string(int type) {\n\tswitch(type) {" } {printf "        case DNS_TYPE_%s: return ", $$1; sub(/_/, "-"); printf "\"%s\";\n", $$1 } END{ print "        default: return NULL;\n\t}\n}\n" }' <$< >$@
+
+$(outdir)/dns_type-from-name.gperf: src/resolve/dns_type-list.txt
+	$(AM_V_at)$(MKDIR_P) $(dir $@)
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "struct dns_type_name { const char* name; int id; };"; print "%null-strings"; print "%%";} { s=$$1; sub(/_/, "-", s); printf "%s, ", $$s; printf "DNS_TYPE_%s\n", $$1 }' <$< >$@
+
+ifneq ($(ENABLE_RESOLVED),)
+
+basic_dns_sources = \
+	src/resolve/resolved-dns-dnssec.c \
+	src/resolve/resolved-dns-dnssec.h \
+	src/resolve/resolved-dns-packet.c \
+	src/resolve/resolved-dns-packet.h \
+	src/resolve/resolved-dns-rr.c \
+	src/resolve/resolved-dns-rr.h \
+	src/resolve/resolved-dns-answer.c \
+	src/resolve/resolved-dns-answer.h \
+	src/resolve/resolved-dns-question.c \
+	src/resolve/resolved-dns-question.h \
+	src/resolve/dns-type.c \
+	src/resolve/dns-type.h
+
+systemd_resolved_SOURCES = \
+	src/resolve/resolved.c \
+	src/resolve/resolved-manager.c \
+	src/resolve/resolved-manager.h \
+	src/resolve/resolved-conf.c \
+	src/resolve/resolved-conf.h \
+	src/resolve/resolved-resolv-conf.c \
+	src/resolve/resolved-resolv-conf.h \
+	src/resolve/resolved-bus.c \
+	src/resolve/resolved-bus.h \
+	src/resolve/resolved-link.h \
+	src/resolve/resolved-link.c \
+	src/resolve/resolved-link-bus.c \
+	src/resolve/resolved-link-bus.h \
+	src/resolve/resolved-llmnr.h \
+	src/resolve/resolved-llmnr.c \
+	src/resolve/resolved-mdns.h \
+	src/resolve/resolved-mdns.c \
+	src/resolve/resolved-def.h \
+	$(basic_dns_sources) \
+	src/resolve/resolved-dns-query.h \
+	src/resolve/resolved-dns-query.c \
+	src/resolve/resolved-dns-synthesize.h \
+	src/resolve/resolved-dns-synthesize.c \
+	src/resolve/resolved-dns-transaction.h \
+	src/resolve/resolved-dns-transaction.c \
+	src/resolve/resolved-dns-scope.h \
+	src/resolve/resolved-dns-scope.c \
+	src/resolve/resolved-dns-server.h \
+	src/resolve/resolved-dns-server.c \
+	src/resolve/resolved-dns-search-domain.h \
+	src/resolve/resolved-dns-search-domain.c \
+	src/resolve/resolved-dns-cache.h \
+	src/resolve/resolved-dns-cache.c \
+	src/resolve/resolved-dns-zone.h \
+	src/resolve/resolved-dns-zone.c \
+	src/resolve/resolved-dns-stream.h \
+	src/resolve/resolved-dns-stream.c \
+	src/resolve/resolved-dns-trust-anchor.h \
+	src/resolve/resolved-dns-trust-anchor.c \
+	src/resolve/resolved-etc-hosts.h \
+	src/resolve/resolved-etc-hosts.c \
+	src/shared/gcrypt-util.c \
+	src/shared/gcrypt-util.h
+
+nodist_systemd_resolved_SOURCES = \
+	src/resolve/dns_type-from-name.h \
+	src/resolve/dns_type-to-name.h \
+	src/resolve/resolved-gperf.c
+
+systemd_resolved_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+rootlibexec_PROGRAMS += \
+	systemd-resolved
+
+nodist_systemunit_DATA += \
+	units/systemd-resolved.service
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.resolve1.busname
+
+dist_dbuspolicy_DATA += \
+	src/resolve/org.freedesktop.resolve1.conf
+
+dist_dbussystemservice_DATA += \
+	src/resolve/org.freedesktop.resolve1.service
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-resolved.service dbus-org.freedesktop.resolve1.service
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.resolve1.busname
+
+GENERAL_ALIASES += \
+	$(systemunitdir)/systemd-resolved.service $(pkgsysconfdir)/system/multi-user.target.wants/systemd-resolved.service
+
+nodist_pkgsysconf_DATA += \
+	src/resolve/resolved.conf
+
+systemd_resolve_SOURCES = \
+	src/resolve/resolve-tool.c \
+	$(basic_dns_sources) \
+	src/shared/gcrypt-util.c \
+	src/shared/gcrypt-util.h
+
+nodist_systemd_resolve_SOURCES = \
+	src/resolve/dns_type-from-name.h \
+	src/resolve/dns_type-to-name.h
+
+systemd_resolve_LDADD = \
+	libshared.la
+
+bin_PROGRAMS += \
+	systemd-resolve
+
+dist_bashcompletion_data += \
+	shell-completion/bash/systemd-resolve
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_systemd-resolve
+
+tests += \
+	test-dns-packet \
+	test-resolve-tables \
+	test-dnssec
+
+manual_tests += \
+	test-dnssec-complex
+
+test_resolve_tables_SOURCES = \
+	src/resolve/test-resolve-tables.c \
+	src/resolve/dns_type-from-name.h \
+	src/resolve/dns_type-to-name.h \
+	$(basic_dns_sources) \
+	src/shared/test-tables.h
+
+test_resolve_tables_LDADD = \
+	libshared.la
+
+test_dns_packet_SOURCES = \
+	src/resolve/test-dns-packet.c \
+	$(basic_dns_sources)
+
+test_dns_packet_CPPFLAGS = \
+	$(AM_CPPFLAGS) \
+	-DRESOLVE_TEST_DIR=\"$(abs_top_srcdir)/src/resolve/test-data\"
+
+test_dns_packet_LDADD = \
+	libshared.la
+
+EXTRA_DIST += \
+	src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts \
+	src/resolve/test-data/fedoraproject.org.pkts \
+	src/resolve/test-data/gandi.net.pkts \
+	src/resolve/test-data/google.com.pkts \
+	src/resolve/test-data/root.pkts \
+	src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts \
+	src/resolve/test-data/teamits.com.pkts \
+	src/resolve/test-data/zbyszek@fedoraproject.org.pkts \
+	src/resolve/test-data/_443._tcp.fedoraproject.org.pkts \
+	src/resolve/test-data/kyhwana.org.pkts \
+	src/resolve/test-data/fake-caa.pkts
+
+test_dnssec_SOURCES = \
+	src/resolve/test-dnssec.c \
+	$(basic_dns_sources)
+
+test_dnssec_LDADD = \
+	libshared.la
+
+test_dnssec_complex_SOURCES = \
+	src/resolve/test-dnssec-complex.c \
+	src/resolve/dns-type.c \
+	src/resolve/dns-type.h
+
+test_dnssec_complex_LDADD = \
+	libshared.la
+
+endif # ENABLE_RESOLVED
+
+gperf_txt_sources += \
+	src/resolve/dns_type-list.txt
+
+gperf_gperf_sources += \
+	src/resolve/resolved-gperf.gperf
+
+EXTRA_DIST += \
+	units/systemd-resolved.service.m4.in \
+	src/resolve/resolved.conf.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/resolve/RFCs b/src/grp-resolve/systemd-resolved/RFCs
index 09c85f9518..09c85f9518 100644
--- a/src/resolve/RFCs
+++ b/src/grp-resolve/systemd-resolved/RFCs
diff --git a/src/resolve/dns-type.c b/src/grp-resolve/systemd-resolved/dns-type.c
index 78d9d5733f..78d9d5733f 100644
--- a/src/resolve/dns-type.c
+++ b/src/grp-resolve/systemd-resolved/dns-type.c
diff --git a/src/resolve/dns-type.h b/src/grp-resolve/systemd-resolved/dns-type.h
index 7b79d29d7e..7b79d29d7e 100644
--- a/src/resolve/dns-type.h
+++ b/src/grp-resolve/systemd-resolved/dns-type.h
diff --git a/src/resolve/org.freedesktop.resolve1.conf b/src/grp-resolve/systemd-resolved/org.freedesktop.resolve1.conf
index 25b09774e5..25b09774e5 100644
--- a/src/resolve/org.freedesktop.resolve1.conf
+++ b/src/grp-resolve/systemd-resolved/org.freedesktop.resolve1.conf
diff --git a/src/resolve/org.freedesktop.resolve1.service b/src/grp-resolve/systemd-resolved/org.freedesktop.resolve1.service
index 7ac5c323f0..7ac5c323f0 100644
--- a/src/resolve/org.freedesktop.resolve1.service
+++ b/src/grp-resolve/systemd-resolved/org.freedesktop.resolve1.service
diff --git a/src/grp-resolve/systemd-resolved/resolve-tool.c b/src/grp-resolve/systemd-resolved/resolve-tool.c
new file mode 100644
index 0000000000..fbf7b0e4f6
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolve-tool.c
@@ -0,0 +1,1484 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+#include <net/if.h>
+
+#include <systemd/sd-bus.h>
+
+#include "af-list.h"
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "escape.h"
+#include "in-addr-util.h"
+#include "gcrypt-util.h"
+#include "parse-util.h"
+#include "resolved-def.h"
+#include "resolved-dns-packet.h"
+#include "terminal-util.h"
+
+#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
+
+static int arg_family = AF_UNSPEC;
+static int arg_ifindex = 0;
+static uint16_t arg_type = 0;
+static uint16_t arg_class = 0;
+static bool arg_legend = true;
+static uint64_t arg_flags = 0;
+
+typedef enum ServiceFamily {
+        SERVICE_FAMILY_TCP,
+        SERVICE_FAMILY_UDP,
+        SERVICE_FAMILY_SCTP,
+        _SERVICE_FAMILY_INVALID = -1,
+} ServiceFamily;
+static ServiceFamily arg_service_family = SERVICE_FAMILY_TCP;
+
+typedef enum RawType {
+        RAW_NONE,
+        RAW_PAYLOAD,
+        RAW_PACKET,
+} RawType;
+static RawType arg_raw = RAW_NONE;
+
+static enum {
+        MODE_RESOLVE_HOST,
+        MODE_RESOLVE_RECORD,
+        MODE_RESOLVE_SERVICE,
+        MODE_RESOLVE_OPENPGP,
+        MODE_RESOLVE_TLSA,
+        MODE_STATISTICS,
+        MODE_RESET_STATISTICS,
+} arg_mode = MODE_RESOLVE_HOST;
+
+static ServiceFamily service_family_from_string(const char *s) {
+        if (s == NULL || streq(s, "tcp"))
+                return SERVICE_FAMILY_TCP;
+        if (streq(s, "udp"))
+                return SERVICE_FAMILY_UDP;
+        if (streq(s, "sctp"))
+                return SERVICE_FAMILY_SCTP;
+        return _SERVICE_FAMILY_INVALID;
+}
+
+static const char* service_family_to_string(ServiceFamily service) {
+        switch(service) {
+        case SERVICE_FAMILY_TCP:
+                return "_tcp";
+        case SERVICE_FAMILY_UDP:
+                return "_udp";
+        case SERVICE_FAMILY_SCTP:
+                return "_sctp";
+        default:
+                assert_not_reached("invalid service");
+        }
+}
+
+static void print_source(uint64_t flags, usec_t rtt) {
+        char rtt_str[FORMAT_TIMESTAMP_MAX];
+
+        if (!arg_legend)
+                return;
+
+        if (flags == 0)
+                return;
+
+        fputs("\n-- Information acquired via", stdout);
+
+        if (flags != 0)
+                printf(" protocol%s%s%s%s%s",
+                       flags & SD_RESOLVED_DNS ? " DNS" :"",
+                       flags & SD_RESOLVED_LLMNR_IPV4 ? " LLMNR/IPv4" : "",
+                       flags & SD_RESOLVED_LLMNR_IPV6 ? " LLMNR/IPv6" : "",
+                       flags & SD_RESOLVED_MDNS_IPV4 ? "mDNS/IPv4" : "",
+                       flags & SD_RESOLVED_MDNS_IPV6 ? "mDNS/IPv6" : "");
+
+        assert_se(format_timespan(rtt_str, sizeof(rtt_str), rtt, 100));
+
+        printf(" in %s", rtt_str);
+
+        fputc('.', stdout);
+        fputc('\n', stdout);
+
+        printf("-- Data is authenticated: %s\n", yes_no(flags & SD_RESOLVED_AUTHENTICATED));
+}
+
+static int resolve_host(sd_bus *bus, const char *name) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *canonical = NULL;
+        char ifname[IF_NAMESIZE] = "";
+        unsigned c = 0;
+        int r;
+        uint64_t flags;
+        usec_t ts;
+
+        assert(name);
+
+        if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
+                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
+
+        log_debug("Resolving %s (family %s, interface %s).", name, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &req,
+                        "org.freedesktop.resolve1",
+                        "/org/freedesktop/resolve1",
+                        "org.freedesktop.resolve1.Manager",
+                        "ResolveHostname");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(req, "isit", arg_ifindex, name, arg_family, arg_flags);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        ts = now(CLOCK_MONOTONIC);
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        if (r < 0)
+                return log_error_errno(r, "%s: resolve call failed: %s", name, bus_error_message(&error, r));
+
+        ts = now(CLOCK_MONOTONIC) - ts;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
+                _cleanup_free_ char *pretty = NULL;
+                int ifindex, family;
+                const void *a;
+                size_t sz;
+
+                assert_cc(sizeof(int) == sizeof(int32_t));
+
+                r = sd_bus_message_read(reply, "ii", &ifindex, &family);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (!IN_SET(family, AF_INET, AF_INET6)) {
+                        log_debug("%s: skipping entry with family %d (%s)", name, family, af_to_name(family) ?: "unknown");
+                        continue;
+                }
+
+                if (sz != FAMILY_ADDRESS_SIZE(family)) {
+                        log_error("%s: systemd-resolved returned address of invalid size %zu for family %s", name, sz, af_to_name(family) ?: "unknown");
+                        return -EINVAL;
+                }
+
+                ifname[0] = 0;
+                if (ifindex > 0 && !if_indextoname(ifindex, ifname))
+                        log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
+
+                r = in_addr_to_string(family, a, &pretty);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to print address for %s: %m", name);
+
+                printf("%*s%s %s%s%s\n",
+                       (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
+                       pretty,
+                       isempty(ifname) ? "" : "%", ifname);
+
+                c++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_read(reply, "st", &canonical, &flags);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (!streq(name, canonical))
+                printf("%*s%s (%s)\n",
+                       (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
+                       canonical);
+
+        if (c == 0) {
+                log_error("%s: no addresses found", name);
+                return -ESRCH;
+        }
+
+        print_source(flags, ts);
+
+        return 0;
+}
+
+static int resolve_address(sd_bus *bus, int family, const union in_addr_union *address, int ifindex) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_free_ char *pretty = NULL;
+        char ifname[IF_NAMESIZE] = "";
+        uint64_t flags;
+        unsigned c = 0;
+        usec_t ts;
+        int r;
+
+        assert(bus);
+        assert(IN_SET(family, AF_INET, AF_INET6));
+        assert(address);
+
+        if (ifindex <= 0)
+                ifindex = arg_ifindex;
+
+        r = in_addr_to_string(family, address, &pretty);
+        if (r < 0)
+                return log_oom();
+
+        if (ifindex > 0 && !if_indextoname(ifindex, ifname))
+                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
+
+        log_debug("Resolving %s%s%s.", pretty, isempty(ifname) ? "" : "%", ifname);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &req,
+                        "org.freedesktop.resolve1",
+                        "/org/freedesktop/resolve1",
+                        "org.freedesktop.resolve1.Manager",
+                        "ResolveAddress");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(req, "ii", ifindex, family);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_array(req, 'y', address, FAMILY_ADDRESS_SIZE(family));
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(req, "t", arg_flags);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        ts = now(CLOCK_MONOTONIC);
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        if (r < 0) {
+                log_error("%s: resolve call failed: %s", pretty, bus_error_message(&error, r));
+                return r;
+        }
+
+        ts = now(CLOCK_MONOTONIC) - ts;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(is)");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        while ((r = sd_bus_message_enter_container(reply, 'r', "is")) > 0) {
+                const char *n;
+
+                assert_cc(sizeof(int) == sizeof(int32_t));
+
+                r = sd_bus_message_read(reply, "is", &ifindex, &n);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return r;
+
+                ifname[0] = 0;
+                if (ifindex > 0 && !if_indextoname(ifindex, ifname))
+                        log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
+
+                printf("%*s%*s%*s%s %s\n",
+                       (int) strlen(pretty), c == 0 ? pretty : "",
+                       isempty(ifname) ? 0 : 1, c > 0 || isempty(ifname) ? "" : "%",
+                       (int) strlen(ifname), c == 0 ? ifname : "",
+                       c == 0 ? ":" : " ",
+                       n);
+
+                c++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_read(reply, "t", &flags);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (c == 0) {
+                log_error("%s: no names found", pretty);
+                return -ESRCH;
+        }
+
+        print_source(flags, ts);
+
+        return 0;
+}
+
+static int parse_address(const char *s, int *family, union in_addr_union *address, int *ifindex) {
+        const char *percent, *a;
+        int ifi = 0;
+        int r;
+
+        percent = strchr(s, '%');
+        if (percent) {
+                if (parse_ifindex(percent+1, &ifi) < 0) {
+                        ifi = if_nametoindex(percent+1);
+                        if (ifi <= 0)
+                                return -EINVAL;
+                }
+
+                a = strndupa(s, percent - s);
+        } else
+                a = s;
+
+        r = in_addr_from_string_auto(a, family, address);
+        if (r < 0)
+                return r;
+
+        *ifindex = ifi;
+        return 0;
+}
+
+static int output_rr_packet(const void *d, size_t l, int ifindex) {
+        _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
+        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
+        int r;
+        char ifname[IF_NAMESIZE] = "";
+
+        r = dns_packet_new(&p, DNS_PROTOCOL_DNS, 0);
+        if (r < 0)
+                return log_oom();
+
+        p->refuse_compression = true;
+
+        r = dns_packet_append_blob(p, d, l, NULL);
+        if (r < 0)
+                return log_oom();
+
+        r = dns_packet_read_rr(p, &rr, NULL, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to parse RR: %m");
+
+        if (arg_raw == RAW_PAYLOAD) {
+                void *data;
+                ssize_t k;
+
+                k = dns_resource_record_payload(rr, &data);
+                if (k < 0)
+                        return log_error_errno(k, "Cannot dump RR: %m");
+                fwrite(data, 1, k, stdout);
+        } else {
+                const char *s;
+
+                s = dns_resource_record_to_string(rr);
+                if (!s)
+                        return log_oom();
+
+                if (ifindex > 0 && !if_indextoname(ifindex, ifname))
+                        log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
+
+                printf("%s%s%s\n", s, isempty(ifname) ? "" : " # interface ", ifname);
+        }
+
+        return 0;
+}
+
+static int resolve_record(sd_bus *bus, const char *name, uint16_t class, uint16_t type) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char ifname[IF_NAMESIZE] = "";
+        unsigned n = 0;
+        uint64_t flags;
+        int r;
+        usec_t ts;
+        bool needs_authentication = false;
+
+        assert(name);
+
+        if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
+                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
+
+        log_debug("Resolving %s %s %s (interface %s).", name, dns_class_to_string(class), dns_type_to_string(type), isempty(ifname) ? "*" : ifname);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &req,
+                        "org.freedesktop.resolve1",
+                        "/org/freedesktop/resolve1",
+                        "org.freedesktop.resolve1.Manager",
+                        "ResolveRecord");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(req, "isqqt", arg_ifindex, name, class, type, arg_flags);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        ts = now(CLOCK_MONOTONIC);
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        if (r < 0) {
+                log_error("%s: resolve call failed: %s", name, bus_error_message(&error, r));
+                return r;
+        }
+
+        ts = now(CLOCK_MONOTONIC) - ts;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(iqqay)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_enter_container(reply, 'r', "iqqay")) > 0) {
+                uint16_t c, t;
+                int ifindex;
+                const void *d;
+                size_t l;
+
+                assert_cc(sizeof(int) == sizeof(int32_t));
+
+                r = sd_bus_message_read(reply, "iqq", &ifindex, &c, &t);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_read_array(reply, 'y', &d, &l);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (arg_raw == RAW_PACKET) {
+                        uint64_t u64 = htole64(l);
+
+                        fwrite(&u64, sizeof(u64), 1, stdout);
+                        fwrite(d, 1, l, stdout);
+                } else {
+                        r = output_rr_packet(d, l, ifindex);
+                        if (r < 0)
+                                return r;
+                }
+
+                if (dns_type_needs_authentication(t))
+                        needs_authentication = true;
+
+                n++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_read(reply, "t", &flags);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (n == 0) {
+                log_error("%s: no records found", name);
+                return -ESRCH;
+        }
+
+        print_source(flags, ts);
+
+        if ((flags & SD_RESOLVED_AUTHENTICATED) == 0 && needs_authentication) {
+                fflush(stdout);
+
+                fprintf(stderr, "\n%s"
+                       "WARNING: The resources shown contain cryptographic key data which could not be\n"
+                       "         authenticated. It is not suitable to authenticate any communication.\n"
+                       "         This is usually indication that DNSSEC authentication was not enabled\n"
+                       "         or is not available for the selected protocol or DNS servers.%s\n",
+                       ansi_highlight_red(),
+                       ansi_normal());
+        }
+
+        return 0;
+}
+
+static int resolve_rfc4501(sd_bus *bus, const char *name) {
+        uint16_t type = 0, class = 0;
+        const char *p, *q, *n;
+        int r;
+
+        assert(bus);
+        assert(name);
+        assert(startswith(name, "dns:"));
+
+        /* Parse RFC 4501 dns: URIs */
+
+        p = name + 4;
+
+        if (p[0] == '/') {
+                const char *e;
+
+                if (p[1] != '/')
+                        goto invalid;
+
+                e = strchr(p + 2, '/');
+                if (!e)
+                        goto invalid;
+
+                if (e != p + 2)
+                        log_warning("DNS authority specification not supported; ignoring specified authority.");
+
+                p = e + 1;
+        }
+
+        q = strchr(p, '?');
+        if (q) {
+                n = strndupa(p, q - p);
+                q++;
+
+                for (;;) {
+                        const char *f;
+
+                        f = startswith_no_case(q, "class=");
+                        if (f) {
+                                _cleanup_free_ char *t = NULL;
+                                const char *e;
+
+                                if (class != 0) {
+                                        log_error("DNS class specified twice.");
+                                        return -EINVAL;
+                                }
+
+                                e = strchrnul(f, ';');
+                                t = strndup(f, e - f);
+                                if (!t)
+                                        return log_oom();
+
+                                r = dns_class_from_string(t);
+                                if (r < 0) {
+                                        log_error("Unknown DNS class %s.", t);
+                                        return -EINVAL;
+                                }
+
+                                class = r;
+
+                                if (*e == ';') {
+                                        q = e + 1;
+                                        continue;
+                                }
+
+                                break;
+                        }
+
+                        f = startswith_no_case(q, "type=");
+                        if (f) {
+                                _cleanup_free_ char *t = NULL;
+                                const char *e;
+
+                                if (type != 0) {
+                                        log_error("DNS type specified twice.");
+                                        return -EINVAL;
+                                }
+
+                                e = strchrnul(f, ';');
+                                t = strndup(f, e - f);
+                                if (!t)
+                                        return log_oom();
+
+                                r = dns_type_from_string(t);
+                                if (r < 0) {
+                                        log_error("Unknown DNS type %s.", t);
+                                        return -EINVAL;
+                                }
+
+                                type = r;
+
+                                if (*e == ';') {
+                                        q = e + 1;
+                                        continue;
+                                }
+
+                                break;
+                        }
+
+                        goto invalid;
+                }
+        } else
+                n = p;
+
+        if (class == 0)
+                class = arg_class ?: DNS_CLASS_IN;
+        if (type == 0)
+                type = arg_type ?: DNS_TYPE_A;
+
+        return resolve_record(bus, n, class, type);
+
+invalid:
+        log_error("Invalid DNS URI: %s", name);
+        return -EINVAL;
+}
+
+static int resolve_service(sd_bus *bus, const char *name, const char *type, const char *domain) {
+        const char *canonical_name, *canonical_type, *canonical_domain;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char ifname[IF_NAMESIZE] = "";
+        size_t indent, sz;
+        uint64_t flags;
+        const char *p;
+        unsigned c;
+        usec_t ts;
+        int r;
+
+        assert(bus);
+        assert(domain);
+
+        if (isempty(name))
+                name = NULL;
+        if (isempty(type))
+                type = NULL;
+
+        if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
+                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
+
+        if (name)
+                log_debug("Resolving service \"%s\" of type %s in %s (family %s, interface %s).", name, type, domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
+        else if (type)
+                log_debug("Resolving service type %s of %s (family %s, interface %s).", type, domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
+        else
+                log_debug("Resolving service type %s (family %s, interface %s).", domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &req,
+                        "org.freedesktop.resolve1",
+                        "/org/freedesktop/resolve1",
+                        "org.freedesktop.resolve1.Manager",
+                        "ResolveService");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append(req, "isssit", arg_ifindex, name, type, domain, arg_family, arg_flags);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        ts = now(CLOCK_MONOTONIC);
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        if (r < 0)
+                return log_error_errno(r, "Resolve call failed: %s", bus_error_message(&error, r));
+
+        ts = now(CLOCK_MONOTONIC) - ts;
+
+        r = sd_bus_message_enter_container(reply, 'a', "(qqqsa(iiay)s)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        indent =
+                (name ? strlen(name) + 1 : 0) +
+                (type ? strlen(type) + 1 : 0) +
+                strlen(domain) + 2;
+
+        c = 0;
+        while ((r = sd_bus_message_enter_container(reply, 'r', "qqqsa(iiay)s")) > 0) {
+                uint16_t priority, weight, port;
+                const char *hostname, *canonical;
+
+                r = sd_bus_message_read(reply, "qqqs", &priority, &weight, &port, &hostname);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (name)
+                        printf("%*s%s", (int) strlen(name), c == 0 ? name : "", c == 0 ? "/" : " ");
+                if (type)
+                        printf("%*s%s", (int) strlen(type), c == 0 ? type : "", c == 0 ? "/" : " ");
+
+                printf("%*s%s %s:%u [priority=%u, weight=%u]\n",
+                       (int) strlen(domain), c == 0 ? domain : "",
+                       c == 0 ? ":" : " ",
+                       hostname, port,
+                       priority, weight);
+
+                r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
+                        _cleanup_free_ char *pretty = NULL;
+                        int ifindex, family;
+                        const void *a;
+
+                        assert_cc(sizeof(int) == sizeof(int32_t));
+
+                        r = sd_bus_message_read(reply, "ii", &ifindex, &family);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_read_array(reply, 'y', &a, &sz);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(reply);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (!IN_SET(family, AF_INET, AF_INET6)) {
+                                log_debug("%s: skipping entry with family %d (%s)", name, family, af_to_name(family) ?: "unknown");
+                                continue;
+                        }
+
+                        if (sz != FAMILY_ADDRESS_SIZE(family)) {
+                                log_error("%s: systemd-resolved returned address of invalid size %zu for family %s", name, sz, af_to_name(family) ?: "unknown");
+                                return -EINVAL;
+                        }
+
+                        ifname[0] = 0;
+                        if (ifindex > 0 && !if_indextoname(ifindex, ifname))
+                                log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
+
+                        r = in_addr_to_string(family, a, &pretty);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to print address for %s: %m", name);
+
+                        printf("%*s%s%s%s\n", (int) indent, "", pretty, isempty(ifname) ? "" : "%s", ifname);
+                }
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_read(reply, "s", &canonical);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (!streq(hostname, canonical))
+                        printf("%*s(%s)\n", (int) indent, "", canonical);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                c++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_enter_container(reply, 'a', "ay");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        c = 0;
+        while ((r = sd_bus_message_read_array(reply, 'y', (const void**) &p, &sz)) > 0) {
+                _cleanup_free_ char *escaped = NULL;
+
+                escaped = cescape_length(p, sz);
+                if (!escaped)
+                        return log_oom();
+
+                printf("%*s%s\n", (int) indent, "", escaped);
+                c++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_read(reply, "ssst", &canonical_name, &canonical_type, &canonical_domain, &flags);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (isempty(canonical_name))
+                canonical_name = NULL;
+        if (isempty(canonical_type))
+                canonical_type = NULL;
+
+        if (!streq_ptr(name, canonical_name) ||
+            !streq_ptr(type, canonical_type) ||
+            !streq_ptr(domain, canonical_domain)) {
+
+                printf("%*s(", (int) indent, "");
+
+                if (canonical_name)
+                        printf("%s/", canonical_name);
+                if (canonical_type)
+                        printf("%s/", canonical_type);
+
+                printf("%s)\n", canonical_domain);
+        }
+
+        print_source(flags, ts);
+
+        return 0;
+}
+
+static int resolve_openpgp(sd_bus *bus, const char *address) {
+        const char *domain, *full;
+        int r;
+        _cleanup_free_ char *hashed = NULL;
+
+        assert(bus);
+        assert(address);
+
+        domain = strrchr(address, '@');
+        if (!domain) {
+                log_error("Address does not contain '@': \"%s\"", address);
+                return -EINVAL;
+        } else if (domain == address || domain[1] == '\0') {
+                log_error("Address starts or ends with '@': \"%s\"", address);
+                return -EINVAL;
+        }
+        domain++;
+
+        r = string_hashsum_sha224(address, domain - 1 - address, &hashed);
+        if (r < 0)
+                return log_error_errno(r, "Hashing failed: %m");
+
+        full = strjoina(hashed, "._openpgpkey.", domain);
+        log_debug("Looking up \"%s\".", full);
+
+        return resolve_record(bus, full,
+                              arg_class ?: DNS_CLASS_IN,
+                              arg_type ?: DNS_TYPE_OPENPGPKEY);
+}
+
+static int resolve_tlsa(sd_bus *bus, const char *address) {
+        const char *port;
+        uint16_t port_num = 443;
+        _cleanup_free_ char *full = NULL;
+        int r;
+
+        assert(bus);
+        assert(address);
+
+        port = strrchr(address, ':');
+        if (port) {
+                r = safe_atou16(port + 1, &port_num);
+                if (r < 0 || port_num == 0)
+                        return log_error_errno(r, "Invalid port \"%s\".", port + 1);
+
+                address = strndupa(address, port - address);
+        }
+
+        r = asprintf(&full, "_%u.%s.%s",
+                     port_num,
+                     service_family_to_string(arg_service_family),
+                     address);
+        if (r < 0)
+                return log_oom();
+
+        log_debug("Looking up \"%s\".", full);
+
+        return resolve_record(bus, full,
+                              arg_class ?: DNS_CLASS_IN,
+                              arg_type ?: DNS_TYPE_TLSA);
+}
+
+static int show_statistics(sd_bus *bus) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        uint64_t n_current_transactions, n_total_transactions,
+                cache_size, n_cache_hit, n_cache_miss,
+                n_dnssec_secure, n_dnssec_insecure, n_dnssec_bogus, n_dnssec_indeterminate;
+        int r, dnssec_supported;
+
+        assert(bus);
+
+        r = sd_bus_get_property_trivial(bus,
+                                        "org.freedesktop.resolve1",
+                                        "/org/freedesktop/resolve1",
+                                        "org.freedesktop.resolve1.Manager",
+                                        "DNSSECSupported",
+                                        &error,
+                                        'b',
+                                        &dnssec_supported);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get DNSSEC supported state: %s", bus_error_message(&error, r));
+
+        printf("DNSSEC supported by current servers: %s%s%s\n\n",
+               ansi_highlight(),
+               yes_no(dnssec_supported),
+               ansi_normal());
+
+        r = sd_bus_get_property(bus,
+                                "org.freedesktop.resolve1",
+                                "/org/freedesktop/resolve1",
+                                "org.freedesktop.resolve1.Manager",
+                                "TransactionStatistics",
+                                &error,
+                                &reply,
+                                "(tt)");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get transaction statistics: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_read(reply, "(tt)",
+                                &n_current_transactions,
+                                &n_total_transactions);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        printf("%sTransactions%s\n"
+               "Current Transactions: %" PRIu64 "\n"
+               "  Total Transactions: %" PRIu64 "\n",
+               ansi_highlight(),
+               ansi_normal(),
+               n_current_transactions,
+               n_total_transactions);
+
+        reply = sd_bus_message_unref(reply);
+
+        r = sd_bus_get_property(bus,
+                                "org.freedesktop.resolve1",
+                                "/org/freedesktop/resolve1",
+                                "org.freedesktop.resolve1.Manager",
+                                "CacheStatistics",
+                                &error,
+                                &reply,
+                                "(ttt)");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get cache statistics: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_read(reply, "(ttt)",
+                                &cache_size,
+                                &n_cache_hit,
+                                &n_cache_miss);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        printf("\n%sCache%s\n"
+               "  Current Cache Size: %" PRIu64 "\n"
+               "          Cache Hits: %" PRIu64 "\n"
+               "        Cache Misses: %" PRIu64 "\n",
+               ansi_highlight(),
+               ansi_normal(),
+               cache_size,
+               n_cache_hit,
+               n_cache_miss);
+
+        reply = sd_bus_message_unref(reply);
+
+        r = sd_bus_get_property(bus,
+                                "org.freedesktop.resolve1",
+                                "/org/freedesktop/resolve1",
+                                "org.freedesktop.resolve1.Manager",
+                                "DNSSECStatistics",
+                                &error,
+                                &reply,
+                                "(tttt)");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get DNSSEC statistics: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_read(reply, "(tttt)",
+                                &n_dnssec_secure,
+                                &n_dnssec_insecure,
+                                &n_dnssec_bogus,
+                                &n_dnssec_indeterminate);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        printf("\n%sDNSSEC Verdicts%s\n"
+               "              Secure: %" PRIu64 "\n"
+               "            Insecure: %" PRIu64 "\n"
+               "               Bogus: %" PRIu64 "\n"
+               "       Indeterminate: %" PRIu64 "\n",
+               ansi_highlight(),
+               ansi_normal(),
+               n_dnssec_secure,
+               n_dnssec_insecure,
+               n_dnssec_bogus,
+               n_dnssec_indeterminate);
+
+        return 0;
+}
+
+static int reset_statistics(sd_bus *bus) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.resolve1",
+                               "/org/freedesktop/resolve1",
+                               "org.freedesktop.resolve1.Manager",
+                               "ResetStatistics",
+                               &error,
+                               NULL,
+                               NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to reset statistics: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static void help_protocol_types(void) {
+        if (arg_legend)
+                puts("Known protocol types:");
+        puts("dns\nllmnr\nllmnr-ipv4\nllmnr-ipv6");
+}
+
+static void help_dns_types(void) {
+        int i;
+        const char *t;
+
+        if (arg_legend)
+                puts("Known DNS RR types:");
+        for (i = 0; i < _DNS_TYPE_MAX; i++) {
+                t = dns_type_to_string(i);
+                if (t)
+                        puts(t);
+        }
+}
+
+static void help_dns_classes(void) {
+        int i;
+        const char *t;
+
+        if (arg_legend)
+                puts("Known DNS RR classes:");
+        for (i = 0; i < _DNS_CLASS_MAX; i++) {
+                t = dns_class_to_string(i);
+                if (t)
+                        puts(t);
+        }
+}
+
+static void help(void) {
+        printf("%1$s [OPTIONS...] HOSTNAME|ADDRESS...\n"
+               "%1$s [OPTIONS...] --service [[NAME] TYPE] DOMAIN\n"
+               "%1$s [OPTIONS...] --openpgp EMAIL@DOMAIN...\n"
+               "%1$s [OPTIONS...] --statistics\n"
+               "%1$s [OPTIONS...] --reset-statistics\n"
+               "\n"
+               "Resolve domain names, IPv4 and IPv6 addresses, DNS resource records, and services.\n\n"
+               "  -h --help                 Show this help\n"
+               "     --version              Show package version\n"
+               "  -4                        Resolve IPv4 addresses\n"
+               "  -6                        Resolve IPv6 addresses\n"
+               "  -i --interface=INTERFACE  Look on interface\n"
+               "  -p --protocol=PROTO|help  Look via protocol\n"
+               "  -t --type=TYPE|help       Query RR with DNS type\n"
+               "  -c --class=CLASS|help     Query RR with DNS class\n"
+               "     --service              Resolve service (SRV)\n"
+               "     --service-address=BOOL Resolve address for services (default: yes)\n"
+               "     --service-txt=BOOL     Resolve TXT records for services (default: yes)\n"
+               "     --openpgp              Query OpenPGP public key\n"
+               "     --tlsa                 Query TLS public key\n"
+               "     --cname=BOOL           Follow CNAME redirects (default: yes)\n"
+               "     --search=BOOL          Use search domains for single-label names\n"
+               "                                                              (default: yes)\n"
+               "     --raw[=payload|packet] Dump the answer as binary data\n"
+               "     --legend=BOOL          Print headers and additional info (default: yes)\n"
+               "     --statistics           Show resolver statistics\n"
+               "     --reset-statistics     Reset resolver statistics\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_LEGEND,
+                ARG_SERVICE,
+                ARG_CNAME,
+                ARG_SERVICE_ADDRESS,
+                ARG_SERVICE_TXT,
+                ARG_OPENPGP,
+                ARG_TLSA,
+                ARG_RAW,
+                ARG_SEARCH,
+                ARG_STATISTICS,
+                ARG_RESET_STATISTICS,
+        };
+
+        static const struct option options[] = {
+                { "help",             no_argument,       NULL, 'h'                  },
+                { "version",          no_argument,       NULL, ARG_VERSION          },
+                { "type",             required_argument, NULL, 't'                  },
+                { "class",            required_argument, NULL, 'c'                  },
+                { "legend",           required_argument, NULL, ARG_LEGEND           },
+                { "interface",        required_argument, NULL, 'i'                  },
+                { "protocol",         required_argument, NULL, 'p'                  },
+                { "cname",            required_argument, NULL, ARG_CNAME            },
+                { "service",          no_argument,       NULL, ARG_SERVICE          },
+                { "service-address",  required_argument, NULL, ARG_SERVICE_ADDRESS  },
+                { "service-txt",      required_argument, NULL, ARG_SERVICE_TXT      },
+                { "openpgp",          no_argument,       NULL, ARG_OPENPGP          },
+                { "tlsa",             optional_argument, NULL, ARG_TLSA             },
+                { "raw",              optional_argument, NULL, ARG_RAW              },
+                { "search",           required_argument, NULL, ARG_SEARCH           },
+                { "statistics",       no_argument,       NULL, ARG_STATISTICS,      },
+                { "reset-statistics", no_argument,       NULL, ARG_RESET_STATISTICS },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h46i:t:c:p:", options, NULL)) >= 0)
+                switch(c) {
+
+                case 'h':
+                        help();
+                        return 0; /* done */;
+
+                case ARG_VERSION:
+                        return version();
+
+                case '4':
+                        arg_family = AF_INET;
+                        break;
+
+                case '6':
+                        arg_family = AF_INET6;
+                        break;
+
+                case 'i': {
+                        int ifi;
+
+                        if (parse_ifindex(optarg, &ifi) >= 0)
+                                arg_ifindex = ifi;
+                        else {
+                                ifi = if_nametoindex(optarg);
+                                if (ifi <= 0)
+                                        return log_error_errno(errno, "Unknown interface %s: %m", optarg);
+
+                                arg_ifindex = ifi;
+                        }
+
+                        break;
+                }
+
+                case 't':
+                        if (streq(optarg, "help")) {
+                                help_dns_types();
+                                return 0;
+                        }
+
+                        r = dns_type_from_string(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse RR record type %s", optarg);
+                                return r;
+                        }
+                        arg_type = (uint16_t) r;
+                        assert((int) arg_type == r);
+
+                        arg_mode = MODE_RESOLVE_RECORD;
+                        break;
+
+                case 'c':
+                        if (streq(optarg, "help")) {
+                                help_dns_classes();
+                                return 0;
+                        }
+
+                        r = dns_class_from_string(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse RR record class %s", optarg);
+                                return r;
+                        }
+                        arg_class = (uint16_t) r;
+                        assert((int) arg_class == r);
+
+                        break;
+
+                case ARG_LEGEND:
+                        r = parse_boolean(optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --legend= argument");
+
+                        arg_legend = r;
+                        break;
+
+                case 'p':
+                        if (streq(optarg, "help")) {
+                                help_protocol_types();
+                                return 0;
+                        } else if (streq(optarg, "dns"))
+                                arg_flags |= SD_RESOLVED_DNS;
+                        else if (streq(optarg, "llmnr"))
+                                arg_flags |= SD_RESOLVED_LLMNR;
+                        else if (streq(optarg, "llmnr-ipv4"))
+                                arg_flags |= SD_RESOLVED_LLMNR_IPV4;
+                        else if (streq(optarg, "llmnr-ipv6"))
+                                arg_flags |= SD_RESOLVED_LLMNR_IPV6;
+                        else {
+                                log_error("Unknown protocol specifier: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case ARG_SERVICE:
+                        arg_mode = MODE_RESOLVE_SERVICE;
+                        break;
+
+                case ARG_OPENPGP:
+                        arg_mode = MODE_RESOLVE_OPENPGP;
+                        break;
+
+                case ARG_TLSA:
+                        arg_mode = MODE_RESOLVE_TLSA;
+                        arg_service_family = service_family_from_string(optarg);
+                        if (arg_service_family < 0) {
+                                log_error("Unknown service family \"%s\".", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_RAW:
+                        if (on_tty()) {
+                                log_error("Refusing to write binary data to tty.");
+                                return -ENOTTY;
+                        }
+
+                        if (optarg == NULL || streq(optarg, "payload"))
+                                arg_raw = RAW_PAYLOAD;
+                        else if (streq(optarg, "packet"))
+                                arg_raw = RAW_PACKET;
+                        else {
+                                log_error("Unknown --raw specifier \"%s\".", optarg);
+                                return -EINVAL;
+                        }
+
+                        arg_legend = false;
+                        break;
+
+                case ARG_CNAME:
+                        r = parse_boolean(optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --cname= argument.");
+                        SET_FLAG(arg_flags, SD_RESOLVED_NO_CNAME, r == 0);
+                        break;
+
+                case ARG_SERVICE_ADDRESS:
+                        r = parse_boolean(optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --service-address= argument.");
+                        SET_FLAG(arg_flags, SD_RESOLVED_NO_ADDRESS, r == 0);
+                        break;
+
+                case ARG_SERVICE_TXT:
+                        r = parse_boolean(optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --service-txt= argument.");
+                        SET_FLAG(arg_flags, SD_RESOLVED_NO_TXT, r == 0);
+                        break;
+
+                case ARG_SEARCH:
+                        r = parse_boolean(optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --search argument.");
+                        SET_FLAG(arg_flags, SD_RESOLVED_NO_SEARCH, r == 0);
+                        break;
+
+                case ARG_STATISTICS:
+                        arg_mode = MODE_STATISTICS;
+                        break;
+
+                case ARG_RESET_STATISTICS:
+                        arg_mode = MODE_RESET_STATISTICS;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (arg_type == 0 && arg_class != 0) {
+                log_error("--class= may only be used in conjunction with --type=.");
+                return -EINVAL;
+        }
+
+        if (arg_type != 0 && arg_mode == MODE_RESOLVE_SERVICE) {
+                log_error("--service and --type= may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_type != 0 && arg_class == 0)
+                arg_class = DNS_CLASS_IN;
+
+        if (arg_class != 0 && arg_type == 0)
+                arg_type = DNS_TYPE_A;
+
+        return 1 /* work to do */;
+}
+
+int main(int argc, char **argv) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0) {
+                log_error_errno(r, "sd_bus_open_system: %m");
+                goto finish;
+        }
+
+        switch (arg_mode) {
+
+        case MODE_RESOLVE_HOST:
+                if (optind >= argc) {
+                        log_error("No arguments passed.");
+                        r = -EINVAL;
+                        goto finish;
+                }
+
+                while (argv[optind]) {
+                        int family, ifindex, k;
+                        union in_addr_union a;
+
+                        if (startswith(argv[optind], "dns:"))
+                                k = resolve_rfc4501(bus, argv[optind]);
+                        else {
+                                k = parse_address(argv[optind], &family, &a, &ifindex);
+                                if (k >= 0)
+                                        k = resolve_address(bus, family, &a, ifindex);
+                                else
+                                        k = resolve_host(bus, argv[optind]);
+                        }
+
+                        if (r == 0)
+                                r = k;
+
+                        optind++;
+                }
+                break;
+
+        case MODE_RESOLVE_RECORD:
+                if (optind >= argc) {
+                        log_error("No arguments passed.");
+                        r = -EINVAL;
+                        goto finish;
+                }
+
+                while (argv[optind]) {
+                        int k;
+
+                        k = resolve_record(bus, argv[optind], arg_class, arg_type);
+                        if (r == 0)
+                                r = k;
+
+                        optind++;
+                }
+                break;
+
+        case MODE_RESOLVE_SERVICE:
+                if (argc < optind + 1) {
+                        log_error("Domain specification required.");
+                        r = -EINVAL;
+                        goto finish;
+
+                } else if (argc == optind + 1)
+                        r = resolve_service(bus, NULL, NULL, argv[optind]);
+                else if (argc == optind + 2)
+                        r = resolve_service(bus, NULL, argv[optind], argv[optind+1]);
+                else if (argc == optind + 3)
+                        r = resolve_service(bus, argv[optind], argv[optind+1], argv[optind+2]);
+                else {
+                        log_error("Too many arguments.");
+                        r = -EINVAL;
+                        goto finish;
+                }
+
+                break;
+
+        case MODE_RESOLVE_OPENPGP:
+                if (argc < optind + 1) {
+                        log_error("E-mail address required.");
+                        r = -EINVAL;
+                        goto finish;
+
+                }
+
+                r = 0;
+                while (optind < argc) {
+                        int k;
+
+                        k = resolve_openpgp(bus, argv[optind++]);
+                        if (k < 0)
+                                r = k;
+                }
+                break;
+
+        case MODE_RESOLVE_TLSA:
+                if (argc < optind + 1) {
+                        log_error("Domain name required.");
+                        r = -EINVAL;
+                        goto finish;
+
+                }
+
+                r = 0;
+                while (optind < argc) {
+                        int k;
+
+                        k = resolve_tlsa(bus, argv[optind++]);
+                        if (k < 0)
+                                r = k;
+                }
+                break;
+
+        case MODE_STATISTICS:
+                if (argc > optind) {
+                        log_error("Too many arguments.");
+                        r = -EINVAL;
+                        goto finish;
+                }
+
+                r = show_statistics(bus);
+                break;
+
+        case MODE_RESET_STATISTICS:
+                if (argc > optind) {
+                        log_error("Too many arguments.");
+                        r = -EINVAL;
+                        goto finish;
+                }
+
+                r = reset_statistics(bus);
+                break;
+        }
+
+finish:
+        return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
diff --git a/src/resolve/resolved-bus.c b/src/grp-resolve/systemd-resolved/resolved-bus.c
index 33f7c61557..33f7c61557 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/grp-resolve/systemd-resolved/resolved-bus.c
diff --git a/src/resolve/resolved-bus.h b/src/grp-resolve/systemd-resolved/resolved-bus.h
index f49e1337d2..f49e1337d2 100644
--- a/src/resolve/resolved-bus.h
+++ b/src/grp-resolve/systemd-resolved/resolved-bus.h
diff --git a/src/resolve/resolved-conf.c b/src/grp-resolve/systemd-resolved/resolved-conf.c
index 990dc03b60..990dc03b60 100644
--- a/src/resolve/resolved-conf.c
+++ b/src/grp-resolve/systemd-resolved/resolved-conf.c
diff --git a/src/resolve/resolved-conf.h b/src/grp-resolve/systemd-resolved/resolved-conf.h
index e1fd2cceec..e1fd2cceec 100644
--- a/src/resolve/resolved-conf.h
+++ b/src/grp-resolve/systemd-resolved/resolved-conf.h
diff --git a/src/resolve/resolved-def.h b/src/grp-resolve/systemd-resolved/resolved-def.h
index c4c1915b18..c4c1915b18 100644
--- a/src/resolve/resolved-def.h
+++ b/src/grp-resolve/systemd-resolved/resolved-def.h
diff --git a/src/resolve/resolved-dns-answer.c b/src/grp-resolve/systemd-resolved/resolved-dns-answer.c
index 0dadf8b1dd..0dadf8b1dd 100644
--- a/src/resolve/resolved-dns-answer.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-answer.c
diff --git a/src/resolve/resolved-dns-answer.h b/src/grp-resolve/systemd-resolved/resolved-dns-answer.h
index 0679c610f5..0679c610f5 100644
--- a/src/resolve/resolved-dns-answer.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-answer.h
diff --git a/src/resolve/resolved-dns-cache.c b/src/grp-resolve/systemd-resolved/resolved-dns-cache.c
index 77c42d7aad..77c42d7aad 100644
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-cache.c
diff --git a/src/resolve/resolved-dns-cache.h b/src/grp-resolve/systemd-resolved/resolved-dns-cache.h
index 2293718e86..2293718e86 100644
--- a/src/resolve/resolved-dns-cache.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-cache.h
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/grp-resolve/systemd-resolved/resolved-dns-dnssec.c
index a54aed3a63..a54aed3a63 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-dnssec.c
diff --git a/src/resolve/resolved-dns-dnssec.h b/src/grp-resolve/systemd-resolved/resolved-dns-dnssec.h
index 77bd4d71bf..77bd4d71bf 100644
--- a/src/resolve/resolved-dns-dnssec.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-dnssec.h
diff --git a/src/resolve/resolved-dns-packet.c b/src/grp-resolve/systemd-resolved/resolved-dns-packet.c
index b7907bb511..b7907bb511 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-packet.c
diff --git a/src/resolve/resolved-dns-packet.h b/src/grp-resolve/systemd-resolved/resolved-dns-packet.h
index 416335d0a2..416335d0a2 100644
--- a/src/resolve/resolved-dns-packet.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-packet.h
diff --git a/src/resolve/resolved-dns-query.c b/src/grp-resolve/systemd-resolved/resolved-dns-query.c
index ea04e58d61..ea04e58d61 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-query.c
diff --git a/src/grp-resolve/systemd-resolved/resolved-dns-query.h b/src/grp-resolve/systemd-resolved/resolved-dns-query.h
new file mode 100644
index 0000000000..7f7c76ff20
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-query.h
@@ -0,0 +1,133 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+
+#include <systemd/sd-bus.h>
+
+#include "set.h"
+
+typedef struct DnsQueryCandidate DnsQueryCandidate;
+typedef struct DnsQuery DnsQuery;
+
+#include "resolved-dns-answer.h"
+#include "resolved-dns-question.h"
+#include "resolved-dns-stream.h"
+#include "resolved-dns-search-domain.h"
+
+struct DnsQueryCandidate {
+        DnsQuery *query;
+        DnsScope *scope;
+
+        DnsSearchDomain *search_domain;
+
+        int error_code;
+        Set *transactions;
+
+        LIST_FIELDS(DnsQueryCandidate, candidates_by_query);
+        LIST_FIELDS(DnsQueryCandidate, candidates_by_scope);
+};
+
+struct DnsQuery {
+        Manager *manager;
+
+        /* When resolving a service, we first create a TXT+SRV query,
+         * and then for the hostnames we discover auxiliary A+AAAA
+         * queries. This pointer always points from the auxiliary
+         * queries back to the TXT+SRV query. */
+        DnsQuery *auxiliary_for;
+        LIST_HEAD(DnsQuery, auxiliary_queries);
+        unsigned n_auxiliary_queries;
+        int auxiliary_result;
+
+        /* The question, formatted in IDNA for use on classic DNS, and as UTF8 for use in LLMNR or mDNS. Note that even
+         * on classic DNS some labels might use UTF8 encoding. Specifically, DNS-SD service names (in contrast to their
+         * domain suffixes) use UTF-8 encoding even on DNS. Thus, the difference between these two fields is mostly
+         * relevant only for explicit *hostname* lookups as well as the domain suffixes of service lookups. */
+        DnsQuestion *question_idna;
+        DnsQuestion *question_utf8;
+
+        uint64_t flags;
+        int ifindex;
+
+        /* If true, A or AAAA RR lookups will be suppressed on links with no routable address of the matching address
+         * family */
+        bool suppress_unroutable_family;
+
+        DnsTransactionState state;
+        unsigned n_cname_redirects;
+
+        LIST_HEAD(DnsQueryCandidate, candidates);
+        sd_event_source *timeout_event_source;
+
+        /* Discovered data */
+        DnsAnswer *answer;
+        int answer_rcode;
+        DnssecResult answer_dnssec_result;
+        bool answer_authenticated;
+        DnsProtocol answer_protocol;
+        int answer_family;
+        DnsSearchDomain *answer_search_domain;
+        int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
+
+        /* Bus client information */
+        sd_bus_message *request;
+        int request_family;
+        bool request_address_valid;
+        union in_addr_union request_address;
+        unsigned block_all_complete;
+        char *request_address_string;
+
+        /* Completion callback */
+        void (*complete)(DnsQuery* q);
+        unsigned block_ready;
+
+        sd_bus_track *bus_track;
+
+        LIST_FIELDS(DnsQuery, queries);
+        LIST_FIELDS(DnsQuery, auxiliary_queries);
+};
+
+enum {
+        DNS_QUERY_MATCH,
+        DNS_QUERY_NOMATCH,
+        DNS_QUERY_RESTARTED,
+};
+
+DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c);
+void dns_query_candidate_notify(DnsQueryCandidate *c);
+
+int dns_query_new(Manager *m, DnsQuery **q, DnsQuestion *question_utf8, DnsQuestion *question_idna, int family, uint64_t flags);
+DnsQuery *dns_query_free(DnsQuery *q);
+
+int dns_query_make_auxiliary(DnsQuery *q, DnsQuery *auxiliary_for);
+
+int dns_query_go(DnsQuery *q);
+void dns_query_ready(DnsQuery *q);
+
+int dns_query_process_cname(DnsQuery *q);
+
+int dns_query_bus_track(DnsQuery *q, sd_bus_message *m);
+
+DnsQuestion* dns_query_question_for_protocol(DnsQuery *q, DnsProtocol protocol);
+
+const char *dns_query_string(DnsQuery *q);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQuery*, dns_query_free);
diff --git a/src/resolve/resolved-dns-question.c b/src/grp-resolve/systemd-resolved/resolved-dns-question.c
index c8b502d1cd..c8b502d1cd 100644
--- a/src/resolve/resolved-dns-question.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-question.c
diff --git a/src/resolve/resolved-dns-question.h b/src/grp-resolve/systemd-resolved/resolved-dns-question.h
index ea41478975..ea41478975 100644
--- a/src/resolve/resolved-dns-question.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-question.h
diff --git a/src/resolve/resolved-dns-rr.c b/src/grp-resolve/systemd-resolved/resolved-dns-rr.c
index 6a29a93a26..6a29a93a26 100644
--- a/src/resolve/resolved-dns-rr.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-rr.c
diff --git a/src/resolve/resolved-dns-rr.h b/src/grp-resolve/systemd-resolved/resolved-dns-rr.h
index 020a2abd77..020a2abd77 100644
--- a/src/resolve/resolved-dns-rr.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-rr.h
diff --git a/src/resolve/resolved-dns-scope.c b/src/grp-resolve/systemd-resolved/resolved-dns-scope.c
index 66e4585c18..66e4585c18 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-scope.c
diff --git a/src/resolve/resolved-dns-scope.h b/src/grp-resolve/systemd-resolved/resolved-dns-scope.h
index 291e5817d0..291e5817d0 100644
--- a/src/resolve/resolved-dns-scope.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-scope.h
diff --git a/src/resolve/resolved-dns-search-domain.c b/src/grp-resolve/systemd-resolved/resolved-dns-search-domain.c
index 732471027b..732471027b 100644
--- a/src/resolve/resolved-dns-search-domain.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-search-domain.c
diff --git a/src/resolve/resolved-dns-search-domain.h b/src/grp-resolve/systemd-resolved/resolved-dns-search-domain.h
index eaacef4edc..eaacef4edc 100644
--- a/src/resolve/resolved-dns-search-domain.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-search-domain.h
diff --git a/src/grp-resolve/systemd-resolved/resolved-dns-server.c b/src/grp-resolve/systemd-resolved/resolved-dns-server.c
new file mode 100644
index 0000000000..dedc9beb19
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-server.c
@@ -0,0 +1,741 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "resolved-dns-server.h"
+#include "resolved-resolv-conf.h"
+#include "siphash24.h"
+#include "string-table.h"
+#include "string-util.h"
+
+/* After how much time to repeat classic DNS requests */
+#define DNS_TIMEOUT_MIN_USEC (500 * USEC_PER_MSEC)
+#define DNS_TIMEOUT_MAX_USEC (5 * USEC_PER_SEC)
+
+/* The amount of time to wait before retrying with a full feature set */
+#define DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC (6 * USEC_PER_HOUR)
+#define DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC (5 * USEC_PER_MINUTE)
+
+/* The number of times we will attempt a certain feature set before degrading */
+#define DNS_SERVER_FEATURE_RETRY_ATTEMPTS 3
+
+int dns_server_new(
+                Manager *m,
+                DnsServer **ret,
+                DnsServerType type,
+                Link *l,
+                int family,
+                const union in_addr_union *in_addr) {
+
+        DnsServer *s;
+
+        assert(m);
+        assert((type == DNS_SERVER_LINK) == !!l);
+        assert(in_addr);
+
+        if (!IN_SET(family, AF_INET, AF_INET6))
+                return -EAFNOSUPPORT;
+
+        if (l) {
+                if (l->n_dns_servers >= LINK_DNS_SERVERS_MAX)
+                        return -E2BIG;
+        } else {
+                if (m->n_dns_servers >= MANAGER_DNS_SERVERS_MAX)
+                        return -E2BIG;
+        }
+
+        s = new0(DnsServer, 1);
+        if (!s)
+                return -ENOMEM;
+
+        s->n_ref = 1;
+        s->manager = m;
+        s->verified_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
+        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;
+        s->features_grace_period_usec = DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC;
+        s->received_udp_packet_max = DNS_PACKET_UNICAST_SIZE_MAX;
+        s->type = type;
+        s->family = family;
+        s->address = *in_addr;
+        s->resend_timeout = DNS_TIMEOUT_MIN_USEC;
+
+        switch (type) {
+
+        case DNS_SERVER_LINK:
+                s->link = l;
+                LIST_APPEND(servers, l->dns_servers, s);
+                l->n_dns_servers++;
+                break;
+
+        case DNS_SERVER_SYSTEM:
+                LIST_APPEND(servers, m->dns_servers, s);
+                m->n_dns_servers++;
+                break;
+
+        case DNS_SERVER_FALLBACK:
+                LIST_APPEND(servers, m->fallback_dns_servers, s);
+                m->n_dns_servers++;
+                break;
+
+        default:
+                assert_not_reached("Unknown server type");
+        }
+
+        s->linked = true;
+
+        /* A new DNS server that isn't fallback is added and the one
+         * we used so far was a fallback one? Then let's try to pick
+         * the new one */
+        if (type != DNS_SERVER_FALLBACK &&
+            m->current_dns_server &&
+            m->current_dns_server->type == DNS_SERVER_FALLBACK)
+                manager_set_dns_server(m, NULL);
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+}
+
+DnsServer* dns_server_ref(DnsServer *s)  {
+        if (!s)
+                return NULL;
+
+        assert(s->n_ref > 0);
+        s->n_ref++;
+
+        return s;
+}
+
+DnsServer* dns_server_unref(DnsServer *s)  {
+        if (!s)
+                return NULL;
+
+        assert(s->n_ref > 0);
+        s->n_ref--;
+
+        if (s->n_ref > 0)
+                return NULL;
+
+        free(s->server_string);
+        free(s);
+        return NULL;
+}
+
+void dns_server_unlink(DnsServer *s) {
+        assert(s);
+        assert(s->manager);
+
+        /* This removes the specified server from the linked list of
+         * servers, but any server might still stay around if it has
+         * refs, for example from an ongoing transaction. */
+
+        if (!s->linked)
+                return;
+
+        switch (s->type) {
+
+        case DNS_SERVER_LINK:
+                assert(s->link);
+                assert(s->link->n_dns_servers > 0);
+                LIST_REMOVE(servers, s->link->dns_servers, s);
+                s->link->n_dns_servers--;
+                break;
+
+        case DNS_SERVER_SYSTEM:
+                assert(s->manager->n_dns_servers > 0);
+                LIST_REMOVE(servers, s->manager->dns_servers, s);
+                s->manager->n_dns_servers--;
+                break;
+
+        case DNS_SERVER_FALLBACK:
+                assert(s->manager->n_dns_servers > 0);
+                LIST_REMOVE(servers, s->manager->fallback_dns_servers, s);
+                s->manager->n_dns_servers--;
+                break;
+        }
+
+        s->linked = false;
+
+        if (s->link && s->link->current_dns_server == s)
+                link_set_dns_server(s->link, NULL);
+
+        if (s->manager->current_dns_server == s)
+                manager_set_dns_server(s->manager, NULL);
+
+        dns_server_unref(s);
+}
+
+void dns_server_move_back_and_unmark(DnsServer *s) {
+        DnsServer *tail;
+
+        assert(s);
+
+        if (!s->marked)
+                return;
+
+        s->marked = false;
+
+        if (!s->linked || !s->servers_next)
+                return;
+
+        /* Move us to the end of the list, so that the order is
+         * strictly kept, if we are not at the end anyway. */
+
+        switch (s->type) {
+
+        case DNS_SERVER_LINK:
+                assert(s->link);
+                LIST_FIND_TAIL(servers, s, tail);
+                LIST_REMOVE(servers, s->link->dns_servers, s);
+                LIST_INSERT_AFTER(servers, s->link->dns_servers, tail, s);
+                break;
+
+        case DNS_SERVER_SYSTEM:
+                LIST_FIND_TAIL(servers, s, tail);
+                LIST_REMOVE(servers, s->manager->dns_servers, s);
+                LIST_INSERT_AFTER(servers, s->manager->dns_servers, tail, s);
+                break;
+
+        case DNS_SERVER_FALLBACK:
+                LIST_FIND_TAIL(servers, s, tail);
+                LIST_REMOVE(servers, s->manager->fallback_dns_servers, s);
+                LIST_INSERT_AFTER(servers, s->manager->fallback_dns_servers, tail, s);
+                break;
+
+        default:
+                assert_not_reached("Unknown server type");
+        }
+}
+
+static void dns_server_verified(DnsServer *s, DnsServerFeatureLevel level) {
+        assert(s);
+
+        if (s->verified_feature_level > level)
+                return;
+
+        if (s->verified_feature_level != level) {
+                log_debug("Verified we get a response at feature level %s from DNS server %s.",
+                          dns_server_feature_level_to_string(level),
+                          dns_server_string(s));
+                s->verified_feature_level = level;
+        }
+
+        assert_se(sd_event_now(s->manager->event, clock_boottime_or_monotonic(), &s->verified_usec) >= 0);
+}
+
+void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t rtt, size_t size) {
+        assert(s);
+
+        if (protocol == IPPROTO_UDP) {
+                if (s->possible_feature_level == level)
+                        s->n_failed_udp = 0;
+
+                /* If the RRSIG data is missing, then we can only validate EDNS0 at max */
+                if (s->packet_rrsig_missing && level >= DNS_SERVER_FEATURE_LEVEL_DO)
+                        level = DNS_SERVER_FEATURE_LEVEL_DO - 1;
+
+                /* If the OPT RR got lost, then we can only validate UDP at max */
+                if (s->packet_bad_opt && level >= DNS_SERVER_FEATURE_LEVEL_EDNS0)
+                        level = DNS_SERVER_FEATURE_LEVEL_EDNS0 - 1;
+
+                /* Even if we successfully receive a reply to a request announcing support for large packets,
+                   that does not mean we can necessarily receive large packets. */
+                if (level == DNS_SERVER_FEATURE_LEVEL_LARGE)
+                        level = DNS_SERVER_FEATURE_LEVEL_LARGE - 1;
+
+        } else if (protocol == IPPROTO_TCP) {
+
+                if (s->possible_feature_level == level)
+                        s->n_failed_tcp = 0;
+
+                /* Successful TCP connections are only useful to verify the TCP feature level. */
+                level = DNS_SERVER_FEATURE_LEVEL_TCP;
+        }
+
+        dns_server_verified(s, level);
+
+        /* Remember the size of the largest UDP packet we received from a server,
+           we know that we can always announce support for packets with at least
+           this size. */
+        if (protocol == IPPROTO_UDP && s->received_udp_packet_max < size)
+                s->received_udp_packet_max = size;
+
+        if (s->max_rtt < rtt) {
+                s->max_rtt = rtt;
+                s->resend_timeout = CLAMP(s->max_rtt * 2, DNS_TIMEOUT_MIN_USEC, DNS_TIMEOUT_MAX_USEC);
+        }
+}
+
+void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t usec) {
+        assert(s);
+        assert(s->manager);
+
+        if (s->possible_feature_level == level) {
+                if (protocol == IPPROTO_UDP)
+                        s->n_failed_udp++;
+                else if (protocol == IPPROTO_TCP)
+                        s->n_failed_tcp++;
+        }
+
+        if (s->resend_timeout > usec)
+                return;
+
+        s->resend_timeout = MIN(s->resend_timeout * 2, DNS_TIMEOUT_MAX_USEC);
+}
+
+void dns_server_packet_failed(DnsServer *s, DnsServerFeatureLevel level) {
+        assert(s);
+
+        /* Invoked whenever we get a FORMERR, SERVFAIL or NOTIMP rcode from a server. */
+
+        if (s->possible_feature_level != level)
+                return;
+
+        s->packet_failed = true;
+}
+
+void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level) {
+        assert(s);
+
+        /* Invoked whenever we get a packet with TC bit set. */
+
+        if (s->possible_feature_level != level)
+                return;
+
+        s->packet_truncated = true;
+}
+
+void dns_server_packet_rrsig_missing(DnsServer *s, DnsServerFeatureLevel level) {
+        assert(s);
+
+        if (level < DNS_SERVER_FEATURE_LEVEL_DO)
+                return;
+
+        /* If the RRSIG RRs are missing, we have to downgrade what we previously verified */
+        if (s->verified_feature_level >= DNS_SERVER_FEATURE_LEVEL_DO)
+                s->verified_feature_level = DNS_SERVER_FEATURE_LEVEL_DO-1;
+
+        s->packet_rrsig_missing = true;
+}
+
+void dns_server_packet_bad_opt(DnsServer *s, DnsServerFeatureLevel level) {
+        assert(s);
+
+        if (level < DNS_SERVER_FEATURE_LEVEL_EDNS0)
+                return;
+
+        /* If the OPT RR got lost, we have to downgrade what we previously verified */
+        if (s->verified_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0)
+                s->verified_feature_level = DNS_SERVER_FEATURE_LEVEL_EDNS0-1;
+
+        s->packet_bad_opt = true;
+}
+
+static bool dns_server_grace_period_expired(DnsServer *s) {
+        usec_t ts;
+
+        assert(s);
+        assert(s->manager);
+
+        if (s->verified_usec == 0)
+                return false;
+
+        assert_se(sd_event_now(s->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
+
+        if (s->verified_usec + s->features_grace_period_usec > ts)
+                return false;
+
+        s->features_grace_period_usec = MIN(s->features_grace_period_usec * 2, DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC);
+
+        return true;
+}
+
+static void dns_server_reset_counters(DnsServer *s) {
+        assert(s);
+
+        s->n_failed_udp = 0;
+        s->n_failed_tcp = 0;
+        s->packet_failed = false;
+        s->packet_truncated = false;
+        s->verified_usec = 0;
+
+        /* Note that we do not reset s->packet_bad_opt and s->packet_rrsig_missing here. We reset them only when the
+         * grace period ends, but not when lowering the possible feature level, as a lower level feature level should
+         * not make RRSIGs appear or OPT appear, but rather make them disappear. If the reappear anyway, then that's
+         * indication for a differently broken OPT/RRSIG implementation, and we really don't want to support that
+         * either.
+         *
+         * This is particularly important to deal with certain Belkin routers which break OPT for certain lookups (A),
+         * but pass traffic through for others (AAAA). If we detect the broken behaviour on one lookup we should not
+         * reenable it for another, because we cannot validate things anyway, given that the RRSIG/OPT data will be
+         * incomplete. */
+}
+
+DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
+        assert(s);
+
+        if (s->possible_feature_level != DNS_SERVER_FEATURE_LEVEL_BEST &&
+            dns_server_grace_period_expired(s)) {
+
+                s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;
+
+                dns_server_reset_counters(s);
+
+                s->packet_bad_opt = false;
+                s->packet_rrsig_missing = false;
+
+                log_info("Grace period over, resuming full feature set (%s) for DNS server %s.",
+                         dns_server_feature_level_to_string(s->possible_feature_level),
+                         dns_server_string(s));
+
+        } else if (s->possible_feature_level <= s->verified_feature_level)
+                s->possible_feature_level = s->verified_feature_level;
+        else {
+                DnsServerFeatureLevel p = s->possible_feature_level;
+
+                if (s->n_failed_tcp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS &&
+                    s->possible_feature_level == DNS_SERVER_FEATURE_LEVEL_TCP) {
+
+                        /* We are at the TCP (lowest) level, and we tried a couple of TCP connections, and it didn't
+                         * work. Upgrade back to UDP again. */
+                        log_debug("Reached maximum number of failed TCP connection attempts, trying UDP again...");
+                        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_UDP;
+
+                } else if (s->packet_bad_opt &&
+                           s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) {
+
+                        /* A reply to one of our EDNS0 queries didn't carry a valid OPT RR, then downgrade to below
+                         * EDNS0 levels. After all, some records generate different responses with and without OPT RR
+                         * in the request. Example:
+                         * https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html */
+
+                        log_debug("Server doesn't support EDNS(0) properly, downgrading feature level...");
+                        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_UDP;
+
+                } else if (s->packet_rrsig_missing &&
+                           s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_DO) {
+
+                        /* RRSIG data was missing on a EDNS0 packet with DO bit set. This means the server doesn't
+                         * augment responses with DNSSEC RRs. If so, let's better not ask the server for it anymore,
+                         * after all some servers generate different replies depending if an OPT RR is in the query or
+                         * not. */
+
+                        log_debug("Detected server responses lack RRSIG records, downgrading feature level...");
+                        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_EDNS0;
+
+                } else if (s->n_failed_udp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS &&
+                            s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_UDP) {
+
+                        /* We lost too many UDP packets in a row, and are on a feature level of UDP or higher. If the
+                         * packets are lost, maybe the server cannot parse them, hence downgrading sounds like a good
+                         * idea. We might downgrade all the way down to TCP this way. */
+
+                        log_debug("Lost too many UDP packets, downgrading feature level...");
+                        s->possible_feature_level--;
+
+                } else if (s->packet_failed &&
+                           s->possible_feature_level > DNS_SERVER_FEATURE_LEVEL_UDP) {
+
+                        /* We got a failure packet, and are at a feature level above UDP. Note that in this case we
+                         * downgrade no further than UDP, under the assumption that a failure packet indicates an
+                         * incompatible packet contents, but not a problem with the transport. */
+
+                        log_debug("Got server failure, downgrading feature level...");
+                        s->possible_feature_level--;
+
+                } else if (s->n_failed_tcp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS &&
+                           s->packet_truncated &&
+                           s->possible_feature_level > DNS_SERVER_FEATURE_LEVEL_UDP) {
+
+                         /* We got too many TCP connection failures in a row, we had at least one truncated packet, and
+                          * are on a feature level above UDP. By downgrading things and getting rid of DNSSEC or EDNS0
+                          * data we hope to make the packet smaller, so that it still works via UDP given that TCP
+                          * appears not to be a fallback. Note that if we are already at the lowest UDP level, we don't
+                          * go further down, since that's TCP, and TCP failed too often after all. */
+
+                        log_debug("Got too many failed TCP connection failures and truncated UDP packets, downgrading feature level...");
+                        s->possible_feature_level--;
+                }
+
+                if (p != s->possible_feature_level) {
+
+                        /* We changed the feature level, reset the counting */
+                        dns_server_reset_counters(s);
+
+                        log_warning("Using degraded feature set (%s) for DNS server %s.",
+                                    dns_server_feature_level_to_string(s->possible_feature_level),
+                                    dns_server_string(s));
+                }
+        }
+
+        return s->possible_feature_level;
+}
+
+int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeatureLevel level) {
+        size_t packet_size;
+        bool edns_do;
+        int r;
+
+        assert(server);
+        assert(packet);
+        assert(packet->protocol == DNS_PROTOCOL_DNS);
+
+        /* Fix the OPT field in the packet to match our current feature level. */
+
+        r = dns_packet_truncate_opt(packet);
+        if (r < 0)
+                return r;
+
+        if (level < DNS_SERVER_FEATURE_LEVEL_EDNS0)
+                return 0;
+
+        edns_do = level >= DNS_SERVER_FEATURE_LEVEL_DO;
+
+        if (level >= DNS_SERVER_FEATURE_LEVEL_LARGE)
+                packet_size = DNS_PACKET_UNICAST_SIZE_LARGE_MAX;
+        else
+                packet_size = server->received_udp_packet_max;
+
+        return dns_packet_append_opt(packet, packet_size, edns_do, NULL);
+}
+
+const char *dns_server_string(DnsServer *server) {
+        assert(server);
+
+        if (!server->server_string)
+                (void) in_addr_to_string(server->family, &server->address, &server->server_string);
+
+        return strna(server->server_string);
+}
+
+bool dns_server_dnssec_supported(DnsServer *server) {
+        assert(server);
+
+        /* Returns whether the server supports DNSSEC according to what we know about it */
+
+        if (server->possible_feature_level < DNS_SERVER_FEATURE_LEVEL_DO)
+                return false;
+
+        if (server->packet_bad_opt)
+                return false;
+
+        if (server->packet_rrsig_missing)
+                return false;
+
+        /* DNSSEC servers need to support TCP properly (see RFC5966), if they don't, we assume DNSSEC is borked too */
+        if (server->n_failed_tcp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS)
+                return false;
+
+        return true;
+}
+
+void dns_server_warn_downgrade(DnsServer *server) {
+        assert(server);
+
+        if (server->warned_downgrade)
+                return;
+
+        log_struct(LOG_NOTICE,
+                   LOG_MESSAGE_ID(SD_MESSAGE_DNSSEC_DOWNGRADE),
+                   LOG_MESSAGE("Server %s does not support DNSSEC, downgrading to non-DNSSEC mode.", dns_server_string(server)),
+                   "DNS_SERVER=%s", dns_server_string(server),
+                   "DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(server->possible_feature_level),
+                   NULL);
+
+        server->warned_downgrade = true;
+}
+
+static void dns_server_hash_func(const void *p, struct siphash *state) {
+        const DnsServer *s = p;
+
+        assert(s);
+
+        siphash24_compress(&s->family, sizeof(s->family), state);
+        siphash24_compress(&s->address, FAMILY_ADDRESS_SIZE(s->family), state);
+}
+
+static int dns_server_compare_func(const void *a, const void *b) {
+        const DnsServer *x = a, *y = b;
+
+        if (x->family < y->family)
+                return -1;
+        if (x->family > y->family)
+                return 1;
+
+        return memcmp(&x->address, &y->address, FAMILY_ADDRESS_SIZE(x->family));
+}
+
+const struct hash_ops dns_server_hash_ops = {
+        .hash = dns_server_hash_func,
+        .compare = dns_server_compare_func
+};
+
+void dns_server_unlink_all(DnsServer *first) {
+        DnsServer *next;
+
+        if (!first)
+                return;
+
+        next = first->servers_next;
+        dns_server_unlink(first);
+
+        dns_server_unlink_all(next);
+}
+
+void dns_server_unlink_marked(DnsServer *first) {
+        DnsServer *next;
+
+        if (!first)
+                return;
+
+        next = first->servers_next;
+
+        if (first->marked)
+                dns_server_unlink(first);
+
+        dns_server_unlink_marked(next);
+}
+
+void dns_server_mark_all(DnsServer *first) {
+        if (!first)
+                return;
+
+        first->marked = true;
+        dns_server_mark_all(first->servers_next);
+}
+
+DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr) {
+        DnsServer *s;
+
+        LIST_FOREACH(servers, s, first)
+                if (s->family == family && in_addr_equal(family, &s->address, in_addr) > 0)
+                        return s;
+
+        return NULL;
+}
+
+DnsServer *manager_get_first_dns_server(Manager *m, DnsServerType t) {
+        assert(m);
+
+        switch (t) {
+
+        case DNS_SERVER_SYSTEM:
+                return m->dns_servers;
+
+        case DNS_SERVER_FALLBACK:
+                return m->fallback_dns_servers;
+
+        default:
+                return NULL;
+        }
+}
+
+DnsServer *manager_set_dns_server(Manager *m, DnsServer *s) {
+        assert(m);
+
+        if (m->current_dns_server == s)
+                return s;
+
+        if (s)
+                log_info("Switching to %s DNS server %s.",
+                         dns_server_type_to_string(s->type),
+                         dns_server_string(s));
+
+        dns_server_unref(m->current_dns_server);
+        m->current_dns_server = dns_server_ref(s);
+
+        if (m->unicast_scope)
+                dns_cache_flush(&m->unicast_scope->cache);
+
+        return s;
+}
+
+DnsServer *manager_get_dns_server(Manager *m) {
+        Link *l;
+        assert(m);
+
+        /* Try to read updates resolv.conf */
+        manager_read_resolv_conf(m);
+
+        /* If no DNS server was chosen so far, pick the first one */
+        if (!m->current_dns_server)
+                manager_set_dns_server(m, m->dns_servers);
+
+        if (!m->current_dns_server) {
+                bool found = false;
+                Iterator i;
+
+                /* No DNS servers configured, let's see if there are
+                 * any on any links. If not, we use the fallback
+                 * servers */
+
+                HASHMAP_FOREACH(l, m->links, i)
+                        if (l->dns_servers) {
+                                found = true;
+                                break;
+                        }
+
+                if (!found)
+                        manager_set_dns_server(m, m->fallback_dns_servers);
+        }
+
+        return m->current_dns_server;
+}
+
+void manager_next_dns_server(Manager *m) {
+        assert(m);
+
+        /* If there's currently no DNS server set, then the next
+         * manager_get_dns_server() will find one */
+        if (!m->current_dns_server)
+                return;
+
+        /* Change to the next one, but make sure to follow the linked
+         * list only if the server is still linked. */
+        if (m->current_dns_server->linked && m->current_dns_server->servers_next) {
+                manager_set_dns_server(m, m->current_dns_server->servers_next);
+                return;
+        }
+
+        /* If there was no next one, then start from the beginning of
+         * the list */
+        if (m->current_dns_server->type == DNS_SERVER_FALLBACK)
+                manager_set_dns_server(m, m->fallback_dns_servers);
+        else
+                manager_set_dns_server(m, m->dns_servers);
+}
+
+static const char* const dns_server_type_table[_DNS_SERVER_TYPE_MAX] = {
+        [DNS_SERVER_SYSTEM] = "system",
+        [DNS_SERVER_FALLBACK] = "fallback",
+        [DNS_SERVER_LINK] = "link",
+};
+DEFINE_STRING_TABLE_LOOKUP(dns_server_type, DnsServerType);
+
+static const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVEL_MAX] = {
+        [DNS_SERVER_FEATURE_LEVEL_TCP] = "TCP",
+        [DNS_SERVER_FEATURE_LEVEL_UDP] = "UDP",
+        [DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0",
+        [DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO",
+        [DNS_SERVER_FEATURE_LEVEL_LARGE] = "UDP+EDNS0+DO+LARGE",
+};
+DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel);
diff --git a/src/resolve/resolved-dns-server.h b/src/grp-resolve/systemd-resolved/resolved-dns-server.h
index 9f4a69c37a..9f4a69c37a 100644
--- a/src/resolve/resolved-dns-server.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-server.h
diff --git a/src/resolve/resolved-dns-stream.c b/src/grp-resolve/systemd-resolved/resolved-dns-stream.c
index a1040aeff4..a1040aeff4 100644
--- a/src/resolve/resolved-dns-stream.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-stream.c
diff --git a/src/resolve/resolved-dns-stream.h b/src/grp-resolve/systemd-resolved/resolved-dns-stream.h
index 5ccc842249..5ccc842249 100644
--- a/src/resolve/resolved-dns-stream.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-stream.h
diff --git a/src/resolve/resolved-dns-synthesize.c b/src/grp-resolve/systemd-resolved/resolved-dns-synthesize.c
index e3003411f7..e3003411f7 100644
--- a/src/resolve/resolved-dns-synthesize.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-synthesize.c
diff --git a/src/resolve/resolved-dns-synthesize.h b/src/grp-resolve/systemd-resolved/resolved-dns-synthesize.h
index 5d829bb2e7..5d829bb2e7 100644
--- a/src/resolve/resolved-dns-synthesize.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-synthesize.h
diff --git a/src/grp-resolve/systemd-resolved/resolved-dns-transaction.c b/src/grp-resolve/systemd-resolved/resolved-dns-transaction.c
new file mode 100644
index 0000000000..1b4b2b804b
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-transaction.c
@@ -0,0 +1,3048 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-messages.h>
+
+#include "af-list.h"
+#include "alloc-util.h"
+#include "dns-domain.h"
+#include "errno-list.h"
+#include "fd-util.h"
+#include "random-util.h"
+#include "resolved-dns-cache.h"
+#include "resolved-dns-transaction.h"
+#include "resolved-llmnr.h"
+#include "string-table.h"
+
+#define TRANSACTIONS_MAX 4096
+
+static void dns_transaction_reset_answer(DnsTransaction *t) {
+        assert(t);
+
+        t->received = dns_packet_unref(t->received);
+        t->answer = dns_answer_unref(t->answer);
+        t->answer_rcode = 0;
+        t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
+        t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
+        t->answer_authenticated = false;
+        t->answer_nsec_ttl = (uint32_t) -1;
+        t->answer_errno = 0;
+}
+
+static void dns_transaction_flush_dnssec_transactions(DnsTransaction *t) {
+        DnsTransaction *z;
+
+        assert(t);
+
+        while ((z = set_steal_first(t->dnssec_transactions))) {
+                set_remove(z->notify_transactions, t);
+                set_remove(z->notify_transactions_done, t);
+                dns_transaction_gc(z);
+        }
+}
+
+static void dns_transaction_close_connection(DnsTransaction *t) {
+        assert(t);
+
+        t->stream = dns_stream_free(t->stream);
+        t->dns_udp_event_source = sd_event_source_unref(t->dns_udp_event_source);
+        t->dns_udp_fd = safe_close(t->dns_udp_fd);
+}
+
+static void dns_transaction_stop_timeout(DnsTransaction *t) {
+        assert(t);
+
+        t->timeout_event_source = sd_event_source_unref(t->timeout_event_source);
+}
+
+DnsTransaction* dns_transaction_free(DnsTransaction *t) {
+        DnsQueryCandidate *c;
+        DnsZoneItem *i;
+        DnsTransaction *z;
+
+        if (!t)
+                return NULL;
+
+        log_debug("Freeing transaction %" PRIu16 ".", t->id);
+
+        dns_transaction_close_connection(t);
+        dns_transaction_stop_timeout(t);
+
+        dns_packet_unref(t->sent);
+        dns_transaction_reset_answer(t);
+
+        dns_server_unref(t->server);
+
+        if (t->scope) {
+                hashmap_remove_value(t->scope->transactions_by_key, t->key, t);
+                LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
+
+                if (t->id != 0)
+                        hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
+        }
+
+        while ((c = set_steal_first(t->notify_query_candidates)))
+                set_remove(c->transactions, t);
+        set_free(t->notify_query_candidates);
+
+        while ((c = set_steal_first(t->notify_query_candidates_done)))
+                set_remove(c->transactions, t);
+        set_free(t->notify_query_candidates_done);
+
+        while ((i = set_steal_first(t->notify_zone_items)))
+                i->probe_transaction = NULL;
+        set_free(t->notify_zone_items);
+
+        while ((i = set_steal_first(t->notify_zone_items_done)))
+                i->probe_transaction = NULL;
+        set_free(t->notify_zone_items_done);
+
+        while ((z = set_steal_first(t->notify_transactions)))
+                set_remove(z->dnssec_transactions, t);
+        set_free(t->notify_transactions);
+
+        while ((z = set_steal_first(t->notify_transactions_done)))
+                set_remove(z->dnssec_transactions, t);
+        set_free(t->notify_transactions_done);
+
+        dns_transaction_flush_dnssec_transactions(t);
+        set_free(t->dnssec_transactions);
+
+        dns_answer_unref(t->validated_keys);
+        dns_resource_key_unref(t->key);
+
+        free(t);
+        return NULL;
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free);
+
+bool dns_transaction_gc(DnsTransaction *t) {
+        assert(t);
+
+        if (t->block_gc > 0)
+                return true;
+
+        if (set_isempty(t->notify_query_candidates) &&
+            set_isempty(t->notify_query_candidates_done) &&
+            set_isempty(t->notify_zone_items) &&
+            set_isempty(t->notify_zone_items_done) &&
+            set_isempty(t->notify_transactions) &&
+            set_isempty(t->notify_transactions_done)) {
+                dns_transaction_free(t);
+                return false;
+        }
+
+        return true;
+}
+
+static uint16_t pick_new_id(Manager *m) {
+        uint16_t new_id;
+
+        /* Find a fresh, unused transaction id. Note that this loop is bounded because there's a limit on the number of
+         * transactions, and it's much lower than the space of IDs. */
+
+        assert_cc(TRANSACTIONS_MAX < 0xFFFF);
+
+        do
+                random_bytes(&new_id, sizeof(new_id));
+        while (new_id == 0 ||
+               hashmap_get(m->dns_transactions, UINT_TO_PTR(new_id)));
+
+        return new_id;
+}
+
+int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key) {
+        _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL;
+        int r;
+
+        assert(ret);
+        assert(s);
+        assert(key);
+
+        /* Don't allow looking up invalid or pseudo RRs */
+        if (!dns_type_is_valid_query(key->type))
+                return -EINVAL;
+        if (dns_type_is_obsolete(key->type))
+                return -EOPNOTSUPP;
+
+        /* We only support the IN class */
+        if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY)
+                return -EOPNOTSUPP;
+
+        if (hashmap_size(s->manager->dns_transactions) >= TRANSACTIONS_MAX)
+                return -EBUSY;
+
+        r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
+        if (r < 0)
+                return r;
+
+        r = hashmap_ensure_allocated(&s->transactions_by_key, &dns_resource_key_hash_ops);
+        if (r < 0)
+                return r;
+
+        t = new0(DnsTransaction, 1);
+        if (!t)
+                return -ENOMEM;
+
+        t->dns_udp_fd = -1;
+        t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
+        t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
+        t->answer_nsec_ttl = (uint32_t) -1;
+        t->key = dns_resource_key_ref(key);
+        t->current_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
+
+        t->id = pick_new_id(s->manager);
+
+        r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
+        if (r < 0) {
+                t->id = 0;
+                return r;
+        }
+
+        r = hashmap_replace(s->transactions_by_key, t->key, t);
+        if (r < 0) {
+                hashmap_remove(s->manager->dns_transactions, UINT_TO_PTR(t->id));
+                return r;
+        }
+
+        LIST_PREPEND(transactions_by_scope, s->transactions, t);
+        t->scope = s;
+
+        s->manager->n_transactions_total++;
+
+        if (ret)
+                *ret = t;
+
+        t = NULL;
+
+        return 0;
+}
+
+static void dns_transaction_shuffle_id(DnsTransaction *t) {
+        uint16_t new_id;
+        assert(t);
+
+        /* Pick a new ID for this transaction. */
+
+        new_id = pick_new_id(t->scope->manager);
+        assert_se(hashmap_remove_and_put(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id), UINT_TO_PTR(new_id), t) >= 0);
+
+        log_debug("Transaction %" PRIu16 " is now %" PRIu16 ".", t->id, new_id);
+        t->id = new_id;
+
+        /* Make sure we generate a new packet with the new ID */
+        t->sent = dns_packet_unref(t->sent);
+}
+
+static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
+        _cleanup_free_ char *pretty = NULL;
+        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
+        DnsZoneItem *z;
+
+        assert(t);
+        assert(p);
+
+        if (manager_our_packet(t->scope->manager, p) != 0)
+                return;
+
+        (void) in_addr_to_string(p->family, &p->sender, &pretty);
+
+        log_debug("Transaction %" PRIu16 " for <%s> on scope %s on %s/%s got tentative packet from %s.",
+                  t->id,
+                  dns_resource_key_to_string(t->key, key_str, sizeof key_str),
+                  dns_protocol_to_string(t->scope->protocol),
+                  t->scope->link ? t->scope->link->name : "*",
+                  af_to_name_short(t->scope->family),
+                  strnull(pretty));
+
+        /* RFC 4795, Section 4.1 says that the peer with the
+         * lexicographically smaller IP address loses */
+        if (memcmp(&p->sender, &p->destination, FAMILY_ADDRESS_SIZE(p->family)) >= 0) {
+                log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
+                return;
+        }
+
+        log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
+
+        t->block_gc++;
+
+        while ((z = set_first(t->notify_zone_items))) {
+                /* First, make sure the zone item drops the reference
+                 * to us */
+                dns_zone_item_probe_stop(z);
+
+                /* Secondly, report this as conflict, so that we might
+                 * look for a different hostname */
+                dns_zone_item_conflict(z);
+        }
+        t->block_gc--;
+
+        dns_transaction_gc(t);
+}
+
+void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
+        DnsQueryCandidate *c;
+        DnsZoneItem *z;
+        DnsTransaction *d;
+        const char *st;
+        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
+
+        assert(t);
+        assert(!DNS_TRANSACTION_IS_LIVE(state));
+
+        if (state == DNS_TRANSACTION_DNSSEC_FAILED) {
+                dns_resource_key_to_string(t->key, key_str, sizeof key_str);
+
+                log_struct(LOG_NOTICE,
+                           LOG_MESSAGE_ID(SD_MESSAGE_DNSSEC_FAILURE),
+                           LOG_MESSAGE("DNSSEC validation failed for question %s: %s", key_str, dnssec_result_to_string(t->answer_dnssec_result)),
+                           "DNS_TRANSACTION=%" PRIu16, t->id,
+                           "DNS_QUESTION=%s", key_str,
+                           "DNSSEC_RESULT=%s", dnssec_result_to_string(t->answer_dnssec_result),
+                           "DNS_SERVER=%s", dns_server_string(t->server),
+                           "DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(t->server->possible_feature_level),
+                           NULL);
+        }
+
+        /* Note that this call might invalidate the query. Callers
+         * should hence not attempt to access the query or transaction
+         * after calling this function. */
+
+        if (state == DNS_TRANSACTION_ERRNO)
+                st = errno_to_name(t->answer_errno);
+        else
+                st = dns_transaction_state_to_string(state);
+
+        log_debug("Transaction %" PRIu16 " for <%s> on scope %s on %s/%s now complete with <%s> from %s (%s).",
+                  t->id,
+                  dns_resource_key_to_string(t->key, key_str, sizeof key_str),
+                  dns_protocol_to_string(t->scope->protocol),
+                  t->scope->link ? t->scope->link->name : "*",
+                  af_to_name_short(t->scope->family),
+                  st,
+                  t->answer_source < 0 ? "none" : dns_transaction_source_to_string(t->answer_source),
+                  t->answer_authenticated ? "authenticated" : "unsigned");
+
+        t->state = state;
+
+        dns_transaction_close_connection(t);
+        dns_transaction_stop_timeout(t);
+
+        /* Notify all queries that are interested, but make sure the
+         * transaction isn't freed while we are still looking at it */
+        t->block_gc++;
+
+        SET_FOREACH_MOVE(c, t->notify_query_candidates_done, t->notify_query_candidates)
+                dns_query_candidate_notify(c);
+        SWAP_TWO(t->notify_query_candidates, t->notify_query_candidates_done);
+
+        SET_FOREACH_MOVE(z, t->notify_zone_items_done, t->notify_zone_items)
+                dns_zone_item_notify(z);
+        SWAP_TWO(t->notify_zone_items, t->notify_zone_items_done);
+
+        SET_FOREACH_MOVE(d, t->notify_transactions_done, t->notify_transactions)
+                dns_transaction_notify(d, t);
+        SWAP_TWO(t->notify_transactions, t->notify_transactions_done);
+
+        t->block_gc--;
+        dns_transaction_gc(t);
+}
+
+static int dns_transaction_pick_server(DnsTransaction *t) {
+        DnsServer *server;
+
+        assert(t);
+        assert(t->scope->protocol == DNS_PROTOCOL_DNS);
+
+        server = dns_scope_get_dns_server(t->scope);
+        if (!server)
+                return -ESRCH;
+
+        t->current_feature_level = dns_server_possible_feature_level(server);
+
+        if (server == t->server)
+                return 0;
+
+        dns_server_unref(t->server);
+        t->server = dns_server_ref(server);
+
+        return 1;
+}
+
+static void dns_transaction_retry(DnsTransaction *t) {
+        int r;
+
+        assert(t);
+
+        log_debug("Retrying transaction %" PRIu16 ".", t->id);
+
+        /* Before we try again, switch to a new server. */
+        dns_scope_next_dns_server(t->scope);
+
+        r = dns_transaction_go(t);
+        if (r < 0) {
+                t->answer_errno = -r;
+                dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
+        }
+}
+
+static int dns_transaction_maybe_restart(DnsTransaction *t) {
+        assert(t);
+
+        if (!t->server)
+                return 0;
+
+        if (t->current_feature_level <= dns_server_possible_feature_level(t->server))
+                return 0;
+
+        /* The server's current feature level is lower than when we sent the original query. We learnt something from
+           the response or possibly an auxiliary DNSSEC response that we didn't know before.  We take that as reason to
+           restart the whole transaction. This is a good idea to deal with servers that respond rubbish if we include
+           OPT RR or DO bit. One of these cases is documented here, for example:
+           https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html */
+
+        log_debug("Server feature level is now lower than when we began our transaction. Restarting with new ID.");
+        dns_transaction_shuffle_id(t);
+        return dns_transaction_go(t);
+}
+
+static int on_stream_complete(DnsStream *s, int error) {
+        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
+        DnsTransaction *t;
+
+        assert(s);
+        assert(s->transaction);
+
+        /* Copy the data we care about out of the stream before we
+         * destroy it. */
+        t = s->transaction;
+        p = dns_packet_ref(s->read_packet);
+
+        t->stream = dns_stream_free(t->stream);
+
+        if (ERRNO_IS_DISCONNECT(error)) {
+                usec_t usec;
+
+                if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
+                        /* If the LLMNR/TCP connection failed, the host doesn't support LLMNR, and we cannot answer the
+                         * question on this scope. */
+                        dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND);
+                        return 0;
+                }
+
+                log_debug_errno(error, "Connection failure for DNS TCP stream: %m");
+                assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
+                dns_server_packet_lost(t->server, IPPROTO_TCP, t->current_feature_level, usec - t->start_usec);
+
+                dns_transaction_retry(t);
+                return 0;
+        }
+        if (error != 0) {
+                t->answer_errno = error;
+                dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
+                return 0;
+        }
+
+        if (dns_packet_validate_reply(p) <= 0) {
+                log_debug("Invalid TCP reply packet.");
+                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                return 0;
+        }
+
+        dns_scope_check_conflicts(t->scope, p);
+
+        t->block_gc++;
+        dns_transaction_process_reply(t, p);
+        t->block_gc--;
+
+        /* If the response wasn't useful, then complete the transition
+         * now. After all, we are the worst feature set now with TCP
+         * sockets, and there's really no point in retrying. */
+        if (t->state == DNS_TRANSACTION_PENDING)
+                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+        else
+                dns_transaction_gc(t);
+
+        return 0;
+}
+
+static int dns_transaction_open_tcp(DnsTransaction *t) {
+        _cleanup_close_ int fd = -1;
+        int r;
+
+        assert(t);
+
+        dns_transaction_close_connection(t);
+
+        switch (t->scope->protocol) {
+
+        case DNS_PROTOCOL_DNS:
+                r = dns_transaction_pick_server(t);
+                if (r < 0)
+                        return r;
+
+                if (!dns_server_dnssec_supported(t->server) && dns_type_is_dnssec(t->key->type))
+                        return -EOPNOTSUPP;
+
+                r = dns_server_adjust_opt(t->server, t->sent, t->current_feature_level);
+                if (r < 0)
+                        return r;
+
+                fd = dns_scope_socket_tcp(t->scope, AF_UNSPEC, NULL, t->server, 53);
+                break;
+
+        case DNS_PROTOCOL_LLMNR:
+                /* When we already received a reply to this (but it was truncated), send to its sender address */
+                if (t->received)
+                        fd = dns_scope_socket_tcp(t->scope, t->received->family, &t->received->sender, NULL, t->received->sender_port);
+                else {
+                        union in_addr_union address;
+                        int family = AF_UNSPEC;
+
+                        /* Otherwise, try to talk to the owner of a
+                         * the IP address, in case this is a reverse
+                         * PTR lookup */
+
+                        r = dns_name_address(dns_resource_key_name(t->key), &family, &address);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                return -EINVAL;
+                        if (family != t->scope->family)
+                                return -ESRCH;
+
+                        fd = dns_scope_socket_tcp(t->scope, family, &address, NULL, LLMNR_PORT);
+                }
+
+                break;
+
+        default:
+                return -EAFNOSUPPORT;
+        }
+
+        if (fd < 0)
+                return fd;
+
+        r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd);
+        if (r < 0)
+                return r;
+        fd = -1;
+
+        r = dns_stream_write_packet(t->stream, t->sent);
+        if (r < 0) {
+                t->stream = dns_stream_free(t->stream);
+                return r;
+        }
+
+        t->stream->complete = on_stream_complete;
+        t->stream->transaction = t;
+
+        /* The interface index is difficult to determine if we are
+         * connecting to the local host, hence fill this in right away
+         * instead of determining it from the socket */
+        if (t->scope->link)
+                t->stream->ifindex = t->scope->link->ifindex;
+
+        dns_transaction_reset_answer(t);
+
+        t->tried_stream = true;
+
+        return 0;
+}
+
+static void dns_transaction_cache_answer(DnsTransaction *t) {
+        assert(t);
+
+        /* For mDNS we cache whenever we get the packet, rather than
+         * in each transaction. */
+        if (!IN_SET(t->scope->protocol, DNS_PROTOCOL_DNS, DNS_PROTOCOL_LLMNR))
+                return;
+
+        /* We never cache if this packet is from the local host, under
+         * the assumption that a locally running DNS server would
+         * cache this anyway, and probably knows better when to flush
+         * the cache then we could. */
+        if (!DNS_PACKET_SHALL_CACHE(t->received))
+                return;
+
+        dns_cache_put(&t->scope->cache,
+                      t->key,
+                      t->answer_rcode,
+                      t->answer,
+                      t->answer_authenticated,
+                      t->answer_nsec_ttl,
+                      0,
+                      t->received->family,
+                      &t->received->sender);
+}
+
+static bool dns_transaction_dnssec_is_live(DnsTransaction *t) {
+        DnsTransaction *dt;
+        Iterator i;
+
+        assert(t);
+
+        SET_FOREACH(dt, t->dnssec_transactions, i)
+                if (DNS_TRANSACTION_IS_LIVE(dt->state))
+                        return true;
+
+        return false;
+}
+
+static int dns_transaction_dnssec_ready(DnsTransaction *t) {
+        DnsTransaction *dt;
+        Iterator i;
+
+        assert(t);
+
+        /* Checks whether the auxiliary DNSSEC transactions of our transaction have completed, or are still
+         * ongoing. Returns 0, if we aren't ready for the DNSSEC validation, positive if we are. */
+
+        SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                switch (dt->state) {
+
+                case DNS_TRANSACTION_NULL:
+                case DNS_TRANSACTION_PENDING:
+                case DNS_TRANSACTION_VALIDATING:
+                        /* Still ongoing */
+                        return 0;
+
+                case DNS_TRANSACTION_RCODE_FAILURE:
+                        if (dt->answer_rcode != DNS_RCODE_NXDOMAIN) {
+                                log_debug("Auxiliary DNSSEC RR query failed with rcode=%s.", dns_rcode_to_string(dt->answer_rcode));
+                                goto fail;
+                        }
+
+                        /* Fall-through: NXDOMAIN is good enough for us. This is because some DNS servers erronously
+                         * return NXDOMAIN for empty non-terminals (Akamai...), and we need to handle that nicely, when
+                         * asking for parent SOA or similar RRs to make unsigned proofs. */
+
+                case DNS_TRANSACTION_SUCCESS:
+                        /* All good. */
+                        break;
+
+                case DNS_TRANSACTION_DNSSEC_FAILED:
+                        /* We handle DNSSEC failures different from other errors, as we care about the DNSSEC
+                         * validationr result */
+
+                        log_debug("Auxiliary DNSSEC RR query failed validation: %s", dnssec_result_to_string(dt->answer_dnssec_result));
+                        t->answer_dnssec_result = dt->answer_dnssec_result; /* Copy error code over */
+                        dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
+                        return 0;
+
+
+                default:
+                        log_debug("Auxiliary DNSSEC RR query failed with %s", dns_transaction_state_to_string(dt->state));
+                        goto fail;
+                }
+        }
+
+        /* All is ready, we can go and validate */
+        return 1;
+
+fail:
+        t->answer_dnssec_result = DNSSEC_FAILED_AUXILIARY;
+        dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
+        return 0;
+}
+
+static void dns_transaction_process_dnssec(DnsTransaction *t) {
+        int r;
+
+        assert(t);
+
+        /* Are there ongoing DNSSEC transactions? If so, let's wait for them. */
+        r = dns_transaction_dnssec_ready(t);
+        if (r < 0)
+                goto fail;
+        if (r == 0) /* We aren't ready yet (or one of our auxiliary transactions failed, and we shouldn't validate now */
+                return;
+
+        /* See if we learnt things from the additional DNSSEC transactions, that we didn't know before, and better
+         * restart the lookup immediately. */
+        r = dns_transaction_maybe_restart(t);
+        if (r < 0)
+                goto fail;
+        if (r > 0) /* Transaction got restarted... */
+                return;
+
+        /* All our auxiliary DNSSEC transactions are complete now. Try
+         * to validate our RRset now. */
+        r = dns_transaction_validate_dnssec(t);
+        if (r == -EBADMSG) {
+                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                return;
+        }
+        if (r < 0)
+                goto fail;
+
+        if (t->answer_dnssec_result == DNSSEC_INCOMPATIBLE_SERVER &&
+            t->scope->dnssec_mode == DNSSEC_YES) {
+                /*  We are not in automatic downgrade mode, and the
+                 *  server is bad, refuse operation. */
+                dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
+                return;
+        }
+
+        if (!IN_SET(t->answer_dnssec_result,
+                    _DNSSEC_RESULT_INVALID,        /* No DNSSEC validation enabled */
+                    DNSSEC_VALIDATED,              /* Answer is signed and validated successfully */
+                    DNSSEC_UNSIGNED,               /* Answer is right-fully unsigned */
+                    DNSSEC_INCOMPATIBLE_SERVER)) { /* Server does not do DNSSEC (Yay, we are downgrade attack vulnerable!) */
+                dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
+                return;
+        }
+
+        if (t->answer_dnssec_result == DNSSEC_INCOMPATIBLE_SERVER)
+                dns_server_warn_downgrade(t->server);
+
+        dns_transaction_cache_answer(t);
+
+        if (t->answer_rcode == DNS_RCODE_SUCCESS)
+                dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
+        else
+                dns_transaction_complete(t, DNS_TRANSACTION_RCODE_FAILURE);
+
+        return;
+
+fail:
+        t->answer_errno = -r;
+        dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
+}
+
+static int dns_transaction_has_positive_answer(DnsTransaction *t, DnsAnswerFlags *flags) {
+        int r;
+
+        assert(t);
+
+        /* Checks whether the answer is positive, i.e. either a direct
+         * answer to the question, or a CNAME/DNAME for it */
+
+        r = dns_answer_match_key(t->answer, t->key, flags);
+        if (r != 0)
+                return r;
+
+        r = dns_answer_find_cname_or_dname(t->answer, t->key, NULL, flags);
+        if (r != 0)
+                return r;
+
+        return false;
+}
+
+static int dns_transaction_fix_rcode(DnsTransaction *t) {
+        int r;
+
+        assert(t);
+
+        /* Fix up the RCODE to SUCCESS if we get at least one matching RR in a response. Note that this contradicts the
+         * DNS RFCs a bit. Specifically, RFC 6604 Section 3 clarifies that the RCODE shall say something about a
+         * CNAME/DNAME chain element coming after the last chain element contained in the message, and not the first
+         * one included. However, it also indicates that not all DNS servers implement this correctly. Moreover, when
+         * using DNSSEC we usually only can prove the first element of a CNAME/DNAME chain anyway, hence let's settle
+         * on always processing the RCODE as referring to the immediate look-up we do, i.e. the first element of a
+         * CNAME/DNAME chain. This way, we uniformly handle CNAME/DNAME chains, regardless if the DNS server
+         * incorrectly implements RCODE, whether DNSSEC is in use, or whether the DNS server only supplied us with an
+         * incomplete CNAME/DNAME chain.
+         *
+         * Or in other words: if we get at least one positive reply in a message we patch NXDOMAIN to become SUCCESS,
+         * and then rely on the CNAME chasing logic to figure out that there's actually a CNAME error with a new
+         * lookup. */
+
+        if (t->answer_rcode != DNS_RCODE_NXDOMAIN)
+                return 0;
+
+        r = dns_transaction_has_positive_answer(t, NULL);
+        if (r <= 0)
+                return r;
+
+        t->answer_rcode = DNS_RCODE_SUCCESS;
+        return 0;
+}
+
+void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
+        usec_t ts;
+        int r;
+
+        assert(t);
+        assert(p);
+        assert(t->scope);
+        assert(t->scope->manager);
+
+        if (t->state != DNS_TRANSACTION_PENDING)
+                return;
+
+        /* Note that this call might invalidate the query. Callers
+         * should hence not attempt to access the query or transaction
+         * after calling this function. */
+
+        log_debug("Processing incoming packet on transaction %" PRIu16".", t->id);
+
+        switch (t->scope->protocol) {
+
+        case DNS_PROTOCOL_LLMNR:
+                assert(t->scope->link);
+
+                /* For LLMNR we will not accept any packets from other
+                 * interfaces */
+
+                if (p->ifindex != t->scope->link->ifindex)
+                        return;
+
+                if (p->family != t->scope->family)
+                        return;
+
+                /* Tentative packets are not full responses but still
+                 * useful for identifying uniqueness conflicts during
+                 * probing. */
+                if (DNS_PACKET_LLMNR_T(p)) {
+                        dns_transaction_tentative(t, p);
+                        return;
+                }
+
+                break;
+
+        case DNS_PROTOCOL_MDNS:
+                assert(t->scope->link);
+
+                /* For mDNS we will not accept any packets from other interfaces */
+                if (p->ifindex != t->scope->link->ifindex)
+                        return;
+
+                if (p->family != t->scope->family)
+                        return;
+
+                break;
+
+        case DNS_PROTOCOL_DNS:
+                /* Note that we do not need to verify the
+                 * addresses/port numbers of incoming traffic, as we
+                 * invoked connect() on our UDP socket in which case
+                 * the kernel already does the needed verification for
+                 * us. */
+                break;
+
+        default:
+                assert_not_reached("Invalid DNS protocol.");
+        }
+
+        if (t->received != p) {
+                dns_packet_unref(t->received);
+                t->received = dns_packet_ref(p);
+        }
+
+        t->answer_source = DNS_TRANSACTION_NETWORK;
+
+        if (p->ipproto == IPPROTO_TCP) {
+                if (DNS_PACKET_TC(p)) {
+                        /* Truncated via TCP? Somebody must be fucking with us */
+                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                        return;
+                }
+
+                if (DNS_PACKET_ID(p) != t->id) {
+                        /* Not the reply to our query? Somebody must be fucking with us */
+                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                        return;
+                }
+        }
+
+        assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
+
+        switch (t->scope->protocol) {
+
+        case DNS_PROTOCOL_DNS:
+                assert(t->server);
+
+                if (IN_SET(DNS_PACKET_RCODE(p), DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NOTIMP)) {
+
+                        /* Request failed, immediately try again with reduced features */
+                        log_debug("Server returned error: %s", dns_rcode_to_string(DNS_PACKET_RCODE(p)));
+
+                        dns_server_packet_failed(t->server, t->current_feature_level);
+                        dns_transaction_retry(t);
+                        return;
+                } else if (DNS_PACKET_TC(p))
+                        dns_server_packet_truncated(t->server, t->current_feature_level);
+
+                break;
+
+        case DNS_PROTOCOL_LLMNR:
+        case DNS_PROTOCOL_MDNS:
+                dns_scope_packet_received(t->scope, ts - t->start_usec);
+                break;
+
+        default:
+                assert_not_reached("Invalid DNS protocol.");
+        }
+
+        if (DNS_PACKET_TC(p)) {
+
+                /* Truncated packets for mDNS are not allowed. Give up immediately. */
+                if (t->scope->protocol == DNS_PROTOCOL_MDNS) {
+                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                        return;
+                }
+
+                log_debug("Reply truncated, retrying via TCP.");
+
+                /* Response was truncated, let's try again with good old TCP */
+                r = dns_transaction_open_tcp(t);
+                if (r == -ESRCH) {
+                        /* No servers found? Damn! */
+                        dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
+                        return;
+                }
+                if (r == -EOPNOTSUPP) {
+                        /* Tried to ask for DNSSEC RRs, on a server that doesn't do DNSSEC  */
+                        dns_transaction_complete(t, DNS_TRANSACTION_RR_TYPE_UNSUPPORTED);
+                        return;
+                }
+                if (r < 0) {
+                        /* On LLMNR, if we cannot connect to the host,
+                         * we immediately give up */
+                        if (t->scope->protocol != DNS_PROTOCOL_DNS)
+                                goto fail;
+
+                        /* On DNS, couldn't send? Try immediately again, with a new server */
+                        dns_transaction_retry(t);
+                }
+
+                return;
+        }
+
+        /* After the superficial checks, actually parse the message. */
+        r = dns_packet_extract(p);
+        if (r < 0) {
+                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                return;
+        }
+
+        /* Report that the OPT RR was missing */
+        if (t->server) {
+                if (!p->opt)
+                        dns_server_packet_bad_opt(t->server, t->current_feature_level);
+
+                dns_server_packet_received(t->server, p->ipproto, t->current_feature_level, ts - t->start_usec, p->size);
+        }
+
+        /* See if we know things we didn't know before that indicate we better restart the lookup immediately. */
+        r = dns_transaction_maybe_restart(t);
+        if (r < 0)
+                goto fail;
+        if (r > 0) /* Transaction got restarted... */
+                return;
+
+        if (IN_SET(t->scope->protocol, DNS_PROTOCOL_DNS, DNS_PROTOCOL_LLMNR)) {
+
+                /* Only consider responses with equivalent query section to the request */
+                r = dns_packet_is_reply_for(p, t->key);
+                if (r < 0)
+                        goto fail;
+                if (r == 0) {
+                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                        return;
+                }
+
+                /* Install the answer as answer to the transaction */
+                dns_answer_unref(t->answer);
+                t->answer = dns_answer_ref(p->answer);
+                t->answer_rcode = DNS_PACKET_RCODE(p);
+                t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
+                t->answer_authenticated = false;
+
+                r = dns_transaction_fix_rcode(t);
+                if (r < 0)
+                        goto fail;
+
+                /* Block GC while starting requests for additional DNSSEC RRs */
+                t->block_gc++;
+                r = dns_transaction_request_dnssec_keys(t);
+                t->block_gc--;
+
+                /* Maybe the transaction is ready for GC'ing now? If so, free it and return. */
+                if (!dns_transaction_gc(t))
+                        return;
+
+                /* Requesting additional keys might have resulted in
+                 * this transaction to fail, since the auxiliary
+                 * request failed for some reason. If so, we are not
+                 * in pending state anymore, and we should exit
+                 * quickly. */
+                if (t->state != DNS_TRANSACTION_PENDING)
+                        return;
+                if (r < 0)
+                        goto fail;
+                if (r > 0) {
+                        /* There are DNSSEC transactions pending now. Update the state accordingly. */
+                        t->state = DNS_TRANSACTION_VALIDATING;
+                        dns_transaction_close_connection(t);
+                        dns_transaction_stop_timeout(t);
+                        return;
+                }
+        }
+
+        dns_transaction_process_dnssec(t);
+        return;
+
+fail:
+        t->answer_errno = -r;
+        dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
+}
+
+static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
+        DnsTransaction *t = userdata;
+        int r;
+
+        assert(t);
+        assert(t->scope);
+
+        r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p);
+        if (ERRNO_IS_DISCONNECT(-r)) {
+                usec_t usec;
+
+                /* UDP connection failure get reported via ICMP and then are possible delivered to us on the next
+                 * recvmsg(). Treat this like a lost packet. */
+
+                log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
+                assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
+                dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level, usec - t->start_usec);
+
+                dns_transaction_retry(t);
+                return 0;
+        }
+        if (r < 0) {
+                dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
+                t->answer_errno = -r;
+                return 0;
+        }
+
+        r = dns_packet_validate_reply(p);
+        if (r < 0) {
+                log_debug_errno(r, "Received invalid DNS packet as response, ignoring: %m");
+                return 0;
+        }
+        if (r == 0) {
+                log_debug("Received inappropriate DNS packet as response, ignoring.");
+                return 0;
+        }
+
+        if (DNS_PACKET_ID(p) != t->id) {
+                log_debug("Received packet with incorrect transaction ID, ignoring.");
+                return 0;
+        }
+
+        dns_transaction_process_reply(t, p);
+        return 0;
+}
+
+static int dns_transaction_emit_udp(DnsTransaction *t) {
+        int r;
+
+        assert(t);
+
+        if (t->scope->protocol == DNS_PROTOCOL_DNS) {
+
+                r = dns_transaction_pick_server(t);
+                if (r < 0)
+                        return r;
+
+                if (t->current_feature_level < DNS_SERVER_FEATURE_LEVEL_UDP)
+                        return -EAGAIN;
+
+                if (!dns_server_dnssec_supported(t->server) && dns_type_is_dnssec(t->key->type))
+                        return -EOPNOTSUPP;
+
+                if (r > 0 || t->dns_udp_fd < 0) { /* Server changed, or no connection yet. */
+                        int fd;
+
+                        dns_transaction_close_connection(t);
+
+                        fd = dns_scope_socket_udp(t->scope, t->server, 53);
+                        if (fd < 0)
+                                return fd;
+
+                        r = sd_event_add_io(t->scope->manager->event, &t->dns_udp_event_source, fd, EPOLLIN, on_dns_packet, t);
+                        if (r < 0) {
+                                safe_close(fd);
+                                return r;
+                        }
+
+                        (void) sd_event_source_set_description(t->dns_udp_event_source, "dns-transaction-udp");
+                        t->dns_udp_fd = fd;
+                }
+
+                r = dns_server_adjust_opt(t->server, t->sent, t->current_feature_level);
+                if (r < 0)
+                        return r;
+        } else
+                dns_transaction_close_connection(t);
+
+        r = dns_scope_emit_udp(t->scope, t->dns_udp_fd, t->sent);
+        if (r < 0)
+                return r;
+
+        dns_transaction_reset_answer(t);
+
+        return 0;
+}
+
+static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) {
+        DnsTransaction *t = userdata;
+
+        assert(s);
+        assert(t);
+
+        if (!t->initial_jitter_scheduled || t->initial_jitter_elapsed) {
+                /* Timeout reached? Increase the timeout for the server used */
+                switch (t->scope->protocol) {
+
+                case DNS_PROTOCOL_DNS:
+                        assert(t->server);
+                        dns_server_packet_lost(t->server, t->stream ? IPPROTO_TCP : IPPROTO_UDP, t->current_feature_level, usec - t->start_usec);
+                        break;
+
+                case DNS_PROTOCOL_LLMNR:
+                case DNS_PROTOCOL_MDNS:
+                        dns_scope_packet_lost(t->scope, usec - t->start_usec);
+                        break;
+
+                default:
+                        assert_not_reached("Invalid DNS protocol.");
+                }
+
+                if (t->initial_jitter_scheduled)
+                        t->initial_jitter_elapsed = true;
+        }
+
+        log_debug("Timeout reached on transaction %" PRIu16 ".", t->id);
+
+        dns_transaction_retry(t);
+        return 0;
+}
+
+static usec_t transaction_get_resend_timeout(DnsTransaction *t) {
+        assert(t);
+        assert(t->scope);
+
+        switch (t->scope->protocol) {
+
+        case DNS_PROTOCOL_DNS:
+                assert(t->server);
+                return t->server->resend_timeout;
+
+        case DNS_PROTOCOL_MDNS:
+                assert(t->n_attempts > 0);
+                return (1 << (t->n_attempts - 1)) * USEC_PER_SEC;
+
+        case DNS_PROTOCOL_LLMNR:
+                return t->scope->resend_timeout;
+
+        default:
+                assert_not_reached("Invalid DNS protocol.");
+        }
+}
+
+static int dns_transaction_prepare(DnsTransaction *t, usec_t ts) {
+        int r;
+
+        assert(t);
+
+        dns_transaction_stop_timeout(t);
+
+        r = dns_scope_network_good(t->scope);
+        if (r < 0)
+                return r;
+        if (r == 0) {
+                dns_transaction_complete(t, DNS_TRANSACTION_NETWORK_DOWN);
+                return 0;
+        }
+
+        if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) {
+                dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
+                return 0;
+        }
+
+        if (t->scope->protocol == DNS_PROTOCOL_LLMNR && t->tried_stream) {
+                /* If we already tried via a stream, then we don't
+                 * retry on LLMNR. See RFC 4795, Section 2.7. */
+                dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
+                return 0;
+        }
+
+        t->n_attempts++;
+        t->start_usec = ts;
+
+        dns_transaction_reset_answer(t);
+        dns_transaction_flush_dnssec_transactions(t);
+
+        /* Check the trust anchor. Do so only on classic DNS, since DNSSEC does not apply otherwise. */
+        if (t->scope->protocol == DNS_PROTOCOL_DNS) {
+                r = dns_trust_anchor_lookup_positive(&t->scope->manager->trust_anchor, t->key, &t->answer);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        t->answer_rcode = DNS_RCODE_SUCCESS;
+                        t->answer_source = DNS_TRANSACTION_TRUST_ANCHOR;
+                        t->answer_authenticated = true;
+                        dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
+                        return 0;
+                }
+
+                if (dns_name_is_root(dns_resource_key_name(t->key)) &&
+                    t->key->type == DNS_TYPE_DS) {
+
+                        /* Hmm, this is a request for the root DS? A
+                         * DS RR doesn't exist in the root zone, and
+                         * if our trust anchor didn't know it either,
+                         * this means we cannot do any DNSSEC logic
+                         * anymore. */
+
+                        if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE) {
+                                /* We are in downgrade mode. In this
+                                 * case, synthesize an unsigned empty
+                                 * response, so that the any lookup
+                                 * depending on this one can continue
+                                 * assuming there was no DS, and hence
+                                 * the root zone was unsigned. */
+
+                                t->answer_rcode = DNS_RCODE_SUCCESS;
+                                t->answer_source = DNS_TRANSACTION_TRUST_ANCHOR;
+                                t->answer_authenticated = false;
+                                dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
+                        } else
+                                /* If we are not in downgrade mode,
+                                 * then fail the lookup, because we
+                                 * cannot reasonably answer it. There
+                                 * might be DS RRs, but we don't know
+                                 * them, and the DNS server won't tell
+                                 * them to us (and even if it would,
+                                 * we couldn't validate and trust them. */
+                                dns_transaction_complete(t, DNS_TRANSACTION_NO_TRUST_ANCHOR);
+
+                        return 0;
+                }
+        }
+
+        /* Check the zone, but only if this transaction is not used
+         * for probing or verifying a zone item. */
+        if (set_isempty(t->notify_zone_items)) {
+
+                r = dns_zone_lookup(&t->scope->zone, t->key, &t->answer, NULL, NULL);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        t->answer_rcode = DNS_RCODE_SUCCESS;
+                        t->answer_source = DNS_TRANSACTION_ZONE;
+                        t->answer_authenticated = true;
+                        dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
+                        return 0;
+                }
+        }
+
+        /* Check the cache, but only if this transaction is not used
+         * for probing or verifying a zone item. */
+        if (set_isempty(t->notify_zone_items)) {
+
+                /* Before trying the cache, let's make sure we figured out a
+                 * server to use. Should this cause a change of server this
+                 * might flush the cache. */
+                dns_scope_get_dns_server(t->scope);
+
+                /* Let's then prune all outdated entries */
+                dns_cache_prune(&t->scope->cache);
+
+                r = dns_cache_lookup(&t->scope->cache, t->key, &t->answer_rcode, &t->answer, &t->answer_authenticated);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        t->answer_source = DNS_TRANSACTION_CACHE;
+                        if (t->answer_rcode == DNS_RCODE_SUCCESS)
+                                dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
+                        else
+                                dns_transaction_complete(t, DNS_TRANSACTION_RCODE_FAILURE);
+                        return 0;
+                }
+        }
+
+        return 1;
+}
+
+static int dns_transaction_make_packet_mdns(DnsTransaction *t) {
+
+        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
+        bool add_known_answers = false;
+        DnsTransaction *other;
+        unsigned qdcount;
+        usec_t ts;
+        int r;
+
+        assert(t);
+        assert(t->scope->protocol == DNS_PROTOCOL_MDNS);
+
+        /* Discard any previously prepared packet, so we can start over and coalesce again */
+        t->sent = dns_packet_unref(t->sent);
+
+        r = dns_packet_new_query(&p, t->scope->protocol, 0, false);
+        if (r < 0)
+                return r;
+
+        r = dns_packet_append_key(p, t->key, NULL);
+        if (r < 0)
+                return r;
+
+        qdcount = 1;
+
+        if (dns_key_is_shared(t->key))
+                add_known_answers = true;
+
+        /*
+         * For mDNS, we want to coalesce as many open queries in pending transactions into one single
+         * query packet on the wire as possible. To achieve that, we iterate through all pending transactions
+         * in our current scope, and see whether their timing contraints allow them to be sent.
+         */
+
+        assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
+
+        LIST_FOREACH(transactions_by_scope, other, t->scope->transactions) {
+
+                /* Skip ourselves */
+                if (other == t)
+                        continue;
+
+                if (other->state != DNS_TRANSACTION_PENDING)
+                        continue;
+
+                if (other->next_attempt_after > ts)
+                        continue;
+
+                if (qdcount >= UINT16_MAX)
+                        break;
+
+                r = dns_packet_append_key(p, other->key, NULL);
+
+                /*
+                 * If we can't stuff more questions into the packet, just give up.
+                 * One of the 'other' transactions will fire later and take care of the rest.
+                 */
+                if (r == -EMSGSIZE)
+                        break;
+
+                if (r < 0)
+                        return r;
+
+                r = dns_transaction_prepare(other, ts);
+                if (r <= 0)
+                        continue;
+
+                ts += transaction_get_resend_timeout(other);
+
+                r = sd_event_add_time(
+                                other->scope->manager->event,
+                                &other->timeout_event_source,
+                                clock_boottime_or_monotonic(),
+                                ts, 0,
+                                on_transaction_timeout, other);
+                if (r < 0)
+                        return r;
+
+                (void) sd_event_source_set_description(t->timeout_event_source, "dns-transaction-timeout");
+
+                other->state = DNS_TRANSACTION_PENDING;
+                other->next_attempt_after = ts;
+
+                qdcount++;
+
+                if (dns_key_is_shared(other->key))
+                        add_known_answers = true;
+        }
+
+        DNS_PACKET_HEADER(p)->qdcount = htobe16(qdcount);
+
+        /* Append known answer section if we're asking for any shared record */
+        if (add_known_answers) {
+                r = dns_cache_export_shared_to_packet(&t->scope->cache, p);
+                if (r < 0)
+                        return r;
+        }
+
+        t->sent = p;
+        p = NULL;
+
+        return 0;
+}
+
+static int dns_transaction_make_packet(DnsTransaction *t) {
+        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
+        int r;
+
+        assert(t);
+
+        if (t->scope->protocol == DNS_PROTOCOL_MDNS)
+                return dns_transaction_make_packet_mdns(t);
+
+        if (t->sent)
+                return 0;
+
+        r = dns_packet_new_query(&p, t->scope->protocol, 0, t->scope->dnssec_mode != DNSSEC_NO);
+        if (r < 0)
+                return r;
+
+        r = dns_packet_append_key(p, t->key, NULL);
+        if (r < 0)
+                return r;
+
+        DNS_PACKET_HEADER(p)->qdcount = htobe16(1);
+        DNS_PACKET_HEADER(p)->id = t->id;
+
+        t->sent = p;
+        p = NULL;
+
+        return 0;
+}
+
+int dns_transaction_go(DnsTransaction *t) {
+        usec_t ts;
+        int r;
+        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
+
+        assert(t);
+
+        assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
+
+        r = dns_transaction_prepare(t, ts);
+        if (r <= 0)
+                return r;
+
+        log_debug("Transaction %" PRIu16 " for <%s> scope %s on %s/%s.",
+                  t->id,
+                  dns_resource_key_to_string(t->key, key_str, sizeof key_str),
+                  dns_protocol_to_string(t->scope->protocol),
+                  t->scope->link ? t->scope->link->name : "*",
+                  af_to_name_short(t->scope->family));
+
+        if (!t->initial_jitter_scheduled &&
+            (t->scope->protocol == DNS_PROTOCOL_LLMNR ||
+             t->scope->protocol == DNS_PROTOCOL_MDNS)) {
+                usec_t jitter, accuracy;
+
+                /* RFC 4795 Section 2.7 suggests all queries should be
+                 * delayed by a random time from 0 to JITTER_INTERVAL. */
+
+                t->initial_jitter_scheduled = true;
+
+                random_bytes(&jitter, sizeof(jitter));
+
+                switch (t->scope->protocol) {
+
+                case DNS_PROTOCOL_LLMNR:
+                        jitter %= LLMNR_JITTER_INTERVAL_USEC;
+                        accuracy = LLMNR_JITTER_INTERVAL_USEC;
+                        break;
+
+                case DNS_PROTOCOL_MDNS:
+                        jitter %= MDNS_JITTER_RANGE_USEC;
+                        jitter += MDNS_JITTER_MIN_USEC;
+                        accuracy = MDNS_JITTER_RANGE_USEC;
+                        break;
+                default:
+                        assert_not_reached("bad protocol");
+                }
+
+                r = sd_event_add_time(
+                                t->scope->manager->event,
+                                &t->timeout_event_source,
+                                clock_boottime_or_monotonic(),
+                                ts + jitter, accuracy,
+                                on_transaction_timeout, t);
+                if (r < 0)
+                        return r;
+
+                (void) sd_event_source_set_description(t->timeout_event_source, "dns-transaction-timeout");
+
+                t->n_attempts = 0;
+                t->next_attempt_after = ts;
+                t->state = DNS_TRANSACTION_PENDING;
+
+                log_debug("Delaying %s transaction for " USEC_FMT "us.", dns_protocol_to_string(t->scope->protocol), jitter);
+                return 0;
+        }
+
+        /* Otherwise, we need to ask the network */
+        r = dns_transaction_make_packet(t);
+        if (r < 0)
+                return r;
+
+        if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
+            (dns_name_endswith(dns_resource_key_name(t->key), "in-addr.arpa") > 0 ||
+             dns_name_endswith(dns_resource_key_name(t->key), "ip6.arpa") > 0)) {
+
+                /* RFC 4795, Section 2.4. says reverse lookups shall
+                 * always be made via TCP on LLMNR */
+                r = dns_transaction_open_tcp(t);
+        } else {
+                /* Try via UDP, and if that fails due to large size or lack of
+                 * support try via TCP */
+                r = dns_transaction_emit_udp(t);
+                if (r == -EMSGSIZE)
+                        log_debug("Sending query via TCP since it is too large.");
+                if (r == -EAGAIN)
+                        log_debug("Sending query via TCP since server doesn't support UDP.");
+                if (r == -EMSGSIZE || r == -EAGAIN)
+                        r = dns_transaction_open_tcp(t);
+        }
+
+        if (r == -ESRCH) {
+                /* No servers to send this to? */
+                dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
+                return 0;
+        }
+        if (r == -EOPNOTSUPP) {
+                /* Tried to ask for DNSSEC RRs, on a server that doesn't do DNSSEC  */
+                dns_transaction_complete(t, DNS_TRANSACTION_RR_TYPE_UNSUPPORTED);
+                return 0;
+        }
+        if (t->scope->protocol == DNS_PROTOCOL_LLMNR && ERRNO_IS_DISCONNECT(-r)) {
+                /* On LLMNR, if we cannot connect to a host via TCP when doing reverse lookups. This means we cannot
+                 * answer this request with this protocol. */
+                dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND);
+                return 0;
+        }
+        if (r < 0) {
+                if (t->scope->protocol != DNS_PROTOCOL_DNS)
+                        return r;
+
+                /* Couldn't send? Try immediately again, with a new server */
+                dns_scope_next_dns_server(t->scope);
+
+                return dns_transaction_go(t);
+        }
+
+        ts += transaction_get_resend_timeout(t);
+
+        r = sd_event_add_time(
+                        t->scope->manager->event,
+                        &t->timeout_event_source,
+                        clock_boottime_or_monotonic(),
+                        ts, 0,
+                        on_transaction_timeout, t);
+        if (r < 0)
+                return r;
+
+        (void) sd_event_source_set_description(t->timeout_event_source, "dns-transaction-timeout");
+
+        t->state = DNS_TRANSACTION_PENDING;
+        t->next_attempt_after = ts;
+
+        return 1;
+}
+
+static int dns_transaction_find_cyclic(DnsTransaction *t, DnsTransaction *aux) {
+        DnsTransaction *n;
+        Iterator i;
+        int r;
+
+        assert(t);
+        assert(aux);
+
+        /* Try to find cyclic dependencies between transaction objects */
+
+        if (t == aux)
+                return 1;
+
+        SET_FOREACH(n, aux->dnssec_transactions, i) {
+                r = dns_transaction_find_cyclic(t, n);
+                if (r != 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int dns_transaction_add_dnssec_transaction(DnsTransaction *t, DnsResourceKey *key, DnsTransaction **ret) {
+        DnsTransaction *aux;
+        int r;
+
+        assert(t);
+        assert(ret);
+        assert(key);
+
+        aux = dns_scope_find_transaction(t->scope, key, true);
+        if (!aux) {
+                r = dns_transaction_new(&aux, t->scope, key);
+                if (r < 0)
+                        return r;
+        } else {
+                if (set_contains(t->dnssec_transactions, aux)) {
+                        *ret = aux;
+                        return 0;
+                }
+
+                r = dns_transaction_find_cyclic(t, aux);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        char s[DNS_RESOURCE_KEY_STRING_MAX], saux[DNS_RESOURCE_KEY_STRING_MAX];
+
+                        log_debug("Potential cyclic dependency, refusing to add transaction %" PRIu16 " (%s) as dependency for %" PRIu16 " (%s).",
+                                  aux->id,
+                                  dns_resource_key_to_string(t->key, s, sizeof s),
+                                  t->id,
+                                  dns_resource_key_to_string(aux->key, saux, sizeof saux));
+
+                        return -ELOOP;
+                }
+        }
+
+        r = set_ensure_allocated(&t->dnssec_transactions, NULL);
+        if (r < 0)
+                goto gc;
+
+        r = set_ensure_allocated(&aux->notify_transactions, NULL);
+        if (r < 0)
+                goto gc;
+
+        r = set_ensure_allocated(&aux->notify_transactions_done, NULL);
+        if (r < 0)
+                goto gc;
+
+        r = set_put(t->dnssec_transactions, aux);
+        if (r < 0)
+                goto gc;
+
+        r = set_put(aux->notify_transactions, t);
+        if (r < 0) {
+                (void) set_remove(t->dnssec_transactions, aux);
+                goto gc;
+        }
+
+        *ret = aux;
+        return 1;
+
+gc:
+        dns_transaction_gc(aux);
+        return r;
+}
+
+static int dns_transaction_request_dnssec_rr(DnsTransaction *t, DnsResourceKey *key) {
+        _cleanup_(dns_answer_unrefp) DnsAnswer *a = NULL;
+        DnsTransaction *aux;
+        int r;
+
+        assert(t);
+        assert(key);
+
+        /* Try to get the data from the trust anchor */
+        r = dns_trust_anchor_lookup_positive(&t->scope->manager->trust_anchor, key, &a);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                r = dns_answer_extend(&t->validated_keys, a);
+                if (r < 0)
+                        return r;
+
+                return 0;
+        }
+
+        /* This didn't work, ask for it via the network/cache then. */
+        r = dns_transaction_add_dnssec_transaction(t, key, &aux);
+        if (r == -ELOOP) /* This would result in a cyclic dependency */
+                return 0;
+        if (r < 0)
+                return r;
+
+        if (aux->state == DNS_TRANSACTION_NULL) {
+                r = dns_transaction_go(aux);
+                if (r < 0)
+                        return r;
+        }
+
+        return 1;
+}
+
+static int dns_transaction_negative_trust_anchor_lookup(DnsTransaction *t, const char *name) {
+        int r;
+
+        assert(t);
+
+        /* Check whether the specified name is in the NTA
+         * database, either in the global one, or the link-local
+         * one. */
+
+        r = dns_trust_anchor_lookup_negative(&t->scope->manager->trust_anchor, name);
+        if (r != 0)
+                return r;
+
+        if (!t->scope->link)
+                return 0;
+
+        return set_contains(t->scope->link->dnssec_negative_trust_anchors, name);
+}
+
+static int dns_transaction_has_unsigned_negative_answer(DnsTransaction *t) {
+        int r;
+
+        assert(t);
+
+        /* Checks whether the answer is negative, and lacks NSEC/NSEC3
+         * RRs to prove it */
+
+        r = dns_transaction_has_positive_answer(t, NULL);
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return false;
+
+        /* Is this key explicitly listed as a negative trust anchor?
+         * If so, it's nothing we need to care about */
+        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(t->key));
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return false;
+
+        /* The answer does not contain any RRs that match to the
+         * question. If so, let's see if there are any NSEC/NSEC3 RRs
+         * included. If not, the answer is unsigned. */
+
+        r = dns_answer_contains_nsec_or_nsec3(t->answer);
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return false;
+
+        return true;
+}
+
+static int dns_transaction_is_primary_response(DnsTransaction *t, DnsResourceRecord *rr) {
+        int r;
+
+        assert(t);
+        assert(rr);
+
+        /* Check if the specified RR is the "primary" response,
+         * i.e. either matches the question precisely or is a
+         * CNAME/DNAME for it. */
+
+        r = dns_resource_key_match_rr(t->key, rr, NULL);
+        if (r != 0)
+                return r;
+
+        return dns_resource_key_match_cname_or_dname(t->key, rr->key, NULL);
+}
+
+static bool dns_transaction_dnssec_supported(DnsTransaction *t) {
+        assert(t);
+
+        /* Checks whether our transaction's DNS server is assumed to be compatible with DNSSEC. Returns false as soon
+         * as we changed our mind about a server, and now believe it is incompatible with DNSSEC. */
+
+        if (t->scope->protocol != DNS_PROTOCOL_DNS)
+                return false;
+
+        /* If we have picked no server, then we are working from the cache or some other source, and DNSSEC might well
+         * be supported, hence return true. */
+        if (!t->server)
+                return true;
+
+        if (t->current_feature_level < DNS_SERVER_FEATURE_LEVEL_DO)
+                return false;
+
+        return dns_server_dnssec_supported(t->server);
+}
+
+static bool dns_transaction_dnssec_supported_full(DnsTransaction *t) {
+        DnsTransaction *dt;
+        Iterator i;
+
+        assert(t);
+
+        /* Checks whether our transaction our any of the auxiliary transactions couldn't do DNSSEC. */
+
+        if (!dns_transaction_dnssec_supported(t))
+                return false;
+
+        SET_FOREACH(dt, t->dnssec_transactions, i)
+                if (!dns_transaction_dnssec_supported(dt))
+                        return false;
+
+        return true;
+}
+
+int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
+        DnsResourceRecord *rr;
+
+        int r;
+
+        assert(t);
+
+        /*
+         * Retrieve all auxiliary RRs for the answer we got, so that
+         * we can verify signatures or prove that RRs are rightfully
+         * unsigned. Specifically:
+         *
+         * - For RRSIG we get the matching DNSKEY
+         * - For DNSKEY we get the matching DS
+         * - For unsigned SOA/NS we get the matching DS
+         * - For unsigned CNAME/DNAME/DS we get the parent SOA RR
+         * - For other unsigned RRs we get the matching SOA RR
+         * - For SOA/NS queries with no matching response RR, and no NSEC/NSEC3, the DS RR
+         * - For DS queries with no matching response RRs, and no NSEC/NSEC3, the parent's SOA RR
+         * - For other queries with no matching response RRs, and no NSEC/NSEC3, the SOA RR
+         */
+
+        if (t->scope->dnssec_mode == DNSSEC_NO)
+                return 0;
+        if (t->answer_source != DNS_TRANSACTION_NETWORK)
+                return 0; /* We only need to validate stuff from the network */
+        if (!dns_transaction_dnssec_supported(t))
+                return 0; /* If we can't do DNSSEC anyway there's no point in geting the auxiliary RRs */
+
+        DNS_ANSWER_FOREACH(rr, t->answer) {
+
+                if (dns_type_is_pseudo(rr->key->type))
+                        continue;
+
+                /* If this RR is in the negative trust anchor, we don't need to validate it. */
+                r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        continue;
+
+                switch (rr->key->type) {
+
+                case DNS_TYPE_RRSIG: {
+                        /* For each RRSIG we request the matching DNSKEY */
+                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *dnskey = NULL;
+
+                        /* If this RRSIG is about a DNSKEY RR and the
+                         * signer is the same as the owner, then we
+                         * already have the DNSKEY, and we don't have
+                         * to look for more. */
+                        if (rr->rrsig.type_covered == DNS_TYPE_DNSKEY) {
+                                r = dns_name_equal(rr->rrsig.signer, dns_resource_key_name(rr->key));
+                                if (r < 0)
+                                        return r;
+                                if (r > 0)
+                                        continue;
+                        }
+
+                        /* If the signer is not a parent of our
+                         * original query, then this is about an
+                         * auxiliary RRset, but not anything we asked
+                         * for. In this case we aren't interested,
+                         * because we don't want to request additional
+                         * RRs for stuff we didn't really ask for, and
+                         * also to avoid request loops, where
+                         * additional RRs from one transaction result
+                         * in another transaction whose additonal RRs
+                         * point back to the original transaction, and
+                         * we deadlock. */
+                        r = dns_name_endswith(dns_resource_key_name(t->key), rr->rrsig.signer);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        dnskey = dns_resource_key_new(rr->key->class, DNS_TYPE_DNSKEY, rr->rrsig.signer);
+                        if (!dnskey)
+                                return -ENOMEM;
+
+                        log_debug("Requesting DNSKEY to validate transaction %" PRIu16" (%s, RRSIG with key tag: %" PRIu16 ").",
+                                  t->id, dns_resource_key_name(rr->key), rr->rrsig.key_tag);
+                        r = dns_transaction_request_dnssec_rr(t, dnskey);
+                        if (r < 0)
+                                return r;
+                        break;
+                }
+
+                case DNS_TYPE_DNSKEY: {
+                        /* For each DNSKEY we request the matching DS */
+                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *ds = NULL;
+
+                        /* If the DNSKEY we are looking at is not for
+                         * zone we are interested in, nor any of its
+                         * parents, we aren't interested, and don't
+                         * request it. After all, we don't want to end
+                         * up in request loops, and want to keep
+                         * additional traffic down. */
+
+                        r = dns_name_endswith(dns_resource_key_name(t->key), dns_resource_key_name(rr->key));
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, dns_resource_key_name(rr->key));
+                        if (!ds)
+                                return -ENOMEM;
+
+                        log_debug("Requesting DS to validate transaction %" PRIu16" (%s, DNSKEY with key tag: %" PRIu16 ").",
+                                  t->id, dns_resource_key_name(rr->key), dnssec_keytag(rr, false));
+                        r = dns_transaction_request_dnssec_rr(t, ds);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                }
+
+                case DNS_TYPE_SOA:
+                case DNS_TYPE_NS: {
+                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *ds = NULL;
+
+                        /* For an unsigned SOA or NS, try to acquire
+                         * the matching DS RR, as we are at a zone cut
+                         * then, and whether a DS exists tells us
+                         * whether the zone is signed. Do so only if
+                         * this RR matches our original question,
+                         * however. */
+
+                        r = dns_resource_key_match_rr(t->key, rr, NULL);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        r = dnssec_has_rrsig(t->answer, rr->key);
+                        if (r < 0)
+                                return r;
+                        if (r > 0)
+                                continue;
+
+                        ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, dns_resource_key_name(rr->key));
+                        if (!ds)
+                                return -ENOMEM;
+
+                        log_debug("Requesting DS to validate transaction %" PRIu16 " (%s, unsigned SOA/NS RRset).",
+                                  t->id, dns_resource_key_name(rr->key));
+                        r = dns_transaction_request_dnssec_rr(t, ds);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                }
+
+                case DNS_TYPE_DS:
+                case DNS_TYPE_CNAME:
+                case DNS_TYPE_DNAME: {
+                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
+                        const char *name;
+
+                        /* CNAMEs and DNAMEs cannot be located at a
+                         * zone apex, hence ask for the parent SOA for
+                         * unsigned CNAME/DNAME RRs, maybe that's the
+                         * apex. But do all that only if this is
+                         * actually a response to our original
+                         * question.
+                         *
+                         * Similar for DS RRs, which are signed when
+                         * the parent SOA is signed. */
+
+                        r = dns_transaction_is_primary_response(t, rr);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        r = dnssec_has_rrsig(t->answer, rr->key);
+                        if (r < 0)
+                                return r;
+                        if (r > 0)
+                                continue;
+
+                        r = dns_answer_has_dname_for_cname(t->answer, rr);
+                        if (r < 0)
+                                return r;
+                        if (r > 0)
+                                continue;
+
+                        name = dns_resource_key_name(rr->key);
+                        r = dns_name_parent(&name);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name);
+                        if (!soa)
+                                return -ENOMEM;
+
+                        log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned CNAME/DNAME/DS RRset).",
+                                  t->id, dns_resource_key_name(rr->key));
+                        r = dns_transaction_request_dnssec_rr(t, soa);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                }
+
+                default: {
+                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
+
+                        /* For other unsigned RRsets (including
+                         * NSEC/NSEC3!), look for proof the zone is
+                         * unsigned, by requesting the SOA RR of the
+                         * zone. However, do so only if they are
+                         * directly relevant to our original
+                         * question. */
+
+                        r = dns_transaction_is_primary_response(t, rr);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        r = dnssec_has_rrsig(t->answer, rr->key);
+                        if (r < 0)
+                                return r;
+                        if (r > 0)
+                                continue;
+
+                        soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, dns_resource_key_name(rr->key));
+                        if (!soa)
+                                return -ENOMEM;
+
+                        log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned non-SOA/NS RRset <%s>).",
+                                  t->id, dns_resource_key_name(rr->key), dns_resource_record_to_string(rr));
+                        r = dns_transaction_request_dnssec_rr(t, soa);
+                        if (r < 0)
+                                return r;
+                        break;
+                }}
+        }
+
+        /* Above, we requested everything necessary to validate what
+         * we got. Now, let's request what we need to validate what we
+         * didn't get... */
+
+        r = dns_transaction_has_unsigned_negative_answer(t);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                const char *name;
+                uint16_t type = 0;
+
+                name = dns_resource_key_name(t->key);
+
+                /* If this was a SOA or NS request, then check if there's a DS RR for the same domain. Note that this
+                 * could also be used as indication that we are not at a zone apex, but in real world setups there are
+                 * too many broken DNS servers (Hello, incapdns.net!) where non-terminal zones return NXDOMAIN even
+                 * though they have further children. If this was a DS request, then it's signed when the parent zone
+                 * is signed, hence ask the parent SOA in that case. If this was any other RR then ask for the SOA RR,
+                 * to see if that is signed. */
+
+                if (t->key->type == DNS_TYPE_DS) {
+                        r = dns_name_parent(&name);
+                        if (r > 0) {
+                                type = DNS_TYPE_SOA;
+                                log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned empty DS response).",
+                                          t->id, dns_resource_key_name(t->key));
+                        } else
+                                name = NULL;
+
+                } else if (IN_SET(t->key->type, DNS_TYPE_SOA, DNS_TYPE_NS)) {
+
+                        type = DNS_TYPE_DS;
+                        log_debug("Requesting DS to validate transaction %" PRIu16 " (%s, unsigned empty SOA/NS response).",
+                                  t->id, dns_resource_key_name(t->key));
+
+                } else {
+                        type = DNS_TYPE_SOA;
+                        log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned empty non-SOA/NS/DS response).",
+                                  t->id, dns_resource_key_name(t->key));
+                }
+
+                if (name) {
+                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
+
+                        soa = dns_resource_key_new(t->key->class, type, name);
+                        if (!soa)
+                                return -ENOMEM;
+
+                        r = dns_transaction_request_dnssec_rr(t, soa);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        return dns_transaction_dnssec_is_live(t);
+}
+
+void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source) {
+        assert(t);
+        assert(source);
+
+        /* Invoked whenever any of our auxiliary DNSSEC transactions completed its work. If the state is still PENDING,
+           we are still in the loop that adds further DNSSEC transactions, hence don't check if we are ready yet. If
+           the state is VALIDATING however, we should check if we are complete now. */
+
+        if (t->state == DNS_TRANSACTION_VALIDATING)
+                dns_transaction_process_dnssec(t);
+}
+
+static int dns_transaction_validate_dnskey_by_ds(DnsTransaction *t) {
+        DnsResourceRecord *rr;
+        int ifindex, r;
+
+        assert(t);
+
+        /* Add all DNSKEY RRs from the answer that are validated by DS
+         * RRs from the list of validated keys to the list of
+         * validated keys. */
+
+        DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, t->answer) {
+
+                r = dnssec_verify_dnskey_by_ds_search(rr, t->validated_keys);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                /* If so, the DNSKEY is validated too. */
+                r = dns_answer_add_extend(&t->validated_keys, rr, ifindex, DNS_ANSWER_AUTHENTICATED);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *rr) {
+        int r;
+
+        assert(t);
+        assert(rr);
+
+        /* Checks if the RR we are looking for must be signed with an
+         * RRSIG. This is used for positive responses. */
+
+        if (t->scope->dnssec_mode == DNSSEC_NO)
+                return false;
+
+        if (dns_type_is_pseudo(rr->key->type))
+                return -EINVAL;
+
+        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return false;
+
+        switch (rr->key->type) {
+
+        case DNS_TYPE_RRSIG:
+                /* RRSIGs are the signatures themselves, they need no signing. */
+                return false;
+
+        case DNS_TYPE_SOA:
+        case DNS_TYPE_NS: {
+                DnsTransaction *dt;
+                Iterator i;
+
+                /* For SOA or NS RRs we look for a matching DS transaction */
+
+                SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                        if (dt->key->class != rr->key->class)
+                                continue;
+                        if (dt->key->type != DNS_TYPE_DS)
+                                continue;
+
+                        r = dns_name_equal(dns_resource_key_name(dt->key), dns_resource_key_name(rr->key));
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        /* We found a DS transactions for the SOA/NS
+                         * RRs we are looking at. If it discovered signed DS
+                         * RRs, then we need to be signed, too. */
+
+                        if (!dt->answer_authenticated)
+                                return false;
+
+                        return dns_answer_match_key(dt->answer, dt->key, NULL);
+                }
+
+                /* We found nothing that proves this is safe to leave
+                 * this unauthenticated, hence ask inist on
+                 * authentication. */
+                return true;
+        }
+
+        case DNS_TYPE_DS:
+        case DNS_TYPE_CNAME:
+        case DNS_TYPE_DNAME: {
+                const char *parent = NULL;
+                DnsTransaction *dt;
+                Iterator i;
+
+                /*
+                 * CNAME/DNAME RRs cannot be located at a zone apex, hence look directly for the parent SOA.
+                 *
+                 * DS RRs are signed if the parent is signed, hence also look at the parent SOA
+                 */
+
+                SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                        if (dt->key->class != rr->key->class)
+                                continue;
+                        if (dt->key->type != DNS_TYPE_SOA)
+                                continue;
+
+                        if (!parent) {
+                                parent = dns_resource_key_name(rr->key);
+                                r = dns_name_parent(&parent);
+                                if (r < 0)
+                                        return r;
+                                if (r == 0) {
+                                        if (rr->key->type == DNS_TYPE_DS)
+                                                return true;
+
+                                        /* A CNAME/DNAME without a parent? That's sooo weird. */
+                                        log_debug("Transaction %" PRIu16 " claims CNAME/DNAME at root. Refusing.", t->id);
+                                        return -EBADMSG;
+                                }
+                        }
+
+                        r = dns_name_equal(dns_resource_key_name(dt->key), parent);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        return t->answer_authenticated;
+                }
+
+                return true;
+        }
+
+        default: {
+                DnsTransaction *dt;
+                Iterator i;
+
+                /* Any other kind of RR (including DNSKEY/NSEC/NSEC3). Let's see if our SOA lookup was authenticated */
+
+                SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                        if (dt->key->class != rr->key->class)
+                                continue;
+                        if (dt->key->type != DNS_TYPE_SOA)
+                                continue;
+
+                        r = dns_name_equal(dns_resource_key_name(dt->key), dns_resource_key_name(rr->key));
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        /* We found the transaction that was supposed to find
+                         * the SOA RR for us. It was successful, but found no
+                         * RR for us. This means we are not at a zone cut. In
+                         * this case, we require authentication if the SOA
+                         * lookup was authenticated too. */
+                        return t->answer_authenticated;
+                }
+
+                return true;
+        }}
+}
+
+static int dns_transaction_in_private_tld(DnsTransaction *t, const DnsResourceKey *key) {
+        DnsTransaction *dt;
+        const char *tld;
+        Iterator i;
+        int r;
+
+        /* If DNSSEC downgrade mode is on, checks whether the
+         * specified RR is one level below a TLD we have proven not to
+         * exist. In such a case we assume that this is a private
+         * domain, and permit it.
+         *
+         * This detects cases like the Fritz!Box router networks. Each
+         * Fritz!Box router serves a private "fritz.box" zone, in the
+         * non-existing TLD "box". Requests for the "fritz.box" domain
+         * are served by the router itself, while requests for the
+         * "box" domain will result in NXDOMAIN.
+         *
+         * Note that this logic is unable to detect cases where a
+         * router serves a private DNS zone directly under
+         * non-existing TLD. In such a case we cannot detect whether
+         * the TLD is supposed to exist or not, as all requests we
+         * make for it will be answered by the router's zone, and not
+         * by the root zone. */
+
+        assert(t);
+
+        if (t->scope->dnssec_mode != DNSSEC_ALLOW_DOWNGRADE)
+                return false; /* In strict DNSSEC mode what doesn't exist, doesn't exist */
+
+        tld = dns_resource_key_name(key);
+        r = dns_name_parent(&tld);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return false; /* Already the root domain */
+
+        if (!dns_name_is_single_label(tld))
+                return false;
+
+        SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                if (dt->key->class != key->class)
+                        continue;
+
+                r = dns_name_equal(dns_resource_key_name(dt->key), tld);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                /* We found an auxiliary lookup we did for the TLD. If
+                 * that returned with NXDOMAIN, we know the TLD didn't
+                 * exist, and hence this might be a private zone. */
+
+                return dt->answer_rcode == DNS_RCODE_NXDOMAIN;
+        }
+
+        return false;
+}
+
+static int dns_transaction_requires_nsec(DnsTransaction *t) {
+        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
+        DnsTransaction *dt;
+        const char *name;
+        uint16_t type = 0;
+        Iterator i;
+        int r;
+
+        assert(t);
+
+        /* Checks if we need to insist on NSEC/NSEC3 RRs for proving
+         * this negative reply */
+
+        if (t->scope->dnssec_mode == DNSSEC_NO)
+                return false;
+
+        if (dns_type_is_pseudo(t->key->type))
+                return -EINVAL;
+
+        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(t->key));
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return false;
+
+        r = dns_transaction_in_private_tld(t, t->key);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                /* The lookup is from a TLD that is proven not to
+                 * exist, and we are in downgrade mode, hence ignore
+                 * that fact that we didn't get any NSEC RRs.*/
+
+                log_info("Detected a negative query %s in a private DNS zone, permitting unsigned response.",
+                         dns_resource_key_to_string(t->key, key_str, sizeof key_str));
+                return false;
+        }
+
+        name = dns_resource_key_name(t->key);
+
+        if (t->key->type == DNS_TYPE_DS) {
+
+                /* We got a negative reply for this DS lookup? DS RRs are signed when their parent zone is signed,
+                 * hence check the parent SOA in this case. */
+
+                r = dns_name_parent(&name);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return true;
+
+                type = DNS_TYPE_SOA;
+
+        } else if (IN_SET(t->key->type, DNS_TYPE_SOA, DNS_TYPE_NS))
+                /* We got a negative reply for this SOA/NS lookup? If so, check if there's a DS RR for this */
+                type = DNS_TYPE_DS;
+        else
+                /* For all other negative replies, check for the SOA lookup */
+                type = DNS_TYPE_SOA;
+
+        /* For all other RRs we check the SOA on the same level to see
+         * if it's signed. */
+
+        SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                if (dt->key->class != t->key->class)
+                        continue;
+                if (dt->key->type != type)
+                        continue;
+
+                r = dns_name_equal(dns_resource_key_name(dt->key), name);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                return dt->answer_authenticated;
+        }
+
+        /* If in doubt, require NSEC/NSEC3 */
+        return true;
+}
+
+static int dns_transaction_dnskey_authenticated(DnsTransaction *t, DnsResourceRecord *rr) {
+        DnsResourceRecord *rrsig;
+        bool found = false;
+        int r;
+
+        /* Checks whether any of the DNSKEYs used for the RRSIGs for
+         * the specified RRset is authenticated (i.e. has a matching
+         * DS RR). */
+
+        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return false;
+
+        DNS_ANSWER_FOREACH(rrsig, t->answer) {
+                DnsTransaction *dt;
+                Iterator i;
+
+                r = dnssec_key_match_rrsig(rr->key, rrsig);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                        if (dt->key->class != rr->key->class)
+                                continue;
+
+                        if (dt->key->type == DNS_TYPE_DNSKEY) {
+
+                                r = dns_name_equal(dns_resource_key_name(dt->key), rrsig->rrsig.signer);
+                                if (r < 0)
+                                        return r;
+                                if (r == 0)
+                                        continue;
+
+                                /* OK, we found an auxiliary DNSKEY
+                                 * lookup. If that lookup is
+                                 * authenticated, report this. */
+
+                                if (dt->answer_authenticated)
+                                        return true;
+
+                                found = true;
+
+                        } else if (dt->key->type == DNS_TYPE_DS) {
+
+                                r = dns_name_equal(dns_resource_key_name(dt->key), rrsig->rrsig.signer);
+                                if (r < 0)
+                                        return r;
+                                if (r == 0)
+                                        continue;
+
+                                /* OK, we found an auxiliary DS
+                                 * lookup. If that lookup is
+                                 * authenticated and non-zero, we
+                                 * won! */
+
+                                if (!dt->answer_authenticated)
+                                        return false;
+
+                                return dns_answer_match_key(dt->answer, dt->key, NULL);
+                        }
+                }
+        }
+
+        return found ? false : -ENXIO;
+}
+
+static int dns_transaction_known_signed(DnsTransaction *t, DnsResourceRecord *rr) {
+        assert(t);
+        assert(rr);
+
+        /* We know that the root domain is signed, hence if it appears
+         * not to be signed, there's a problem with the DNS server */
+
+        return rr->key->class == DNS_CLASS_IN &&
+                dns_name_is_root(dns_resource_key_name(rr->key));
+}
+
+static int dns_transaction_check_revoked_trust_anchors(DnsTransaction *t) {
+        DnsResourceRecord *rr;
+        int r;
+
+        assert(t);
+
+        /* Maybe warn the user that we encountered a revoked DNSKEY
+         * for a key from our trust anchor. Note that we don't care
+         * whether the DNSKEY can be authenticated or not. It's
+         * sufficient if it is self-signed. */
+
+        DNS_ANSWER_FOREACH(rr, t->answer) {
+                r = dns_trust_anchor_check_revoked(&t->scope->manager->trust_anchor, rr, t->answer);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int dns_transaction_invalidate_revoked_keys(DnsTransaction *t) {
+        bool changed;
+        int r;
+
+        assert(t);
+
+        /* Removes all DNSKEY/DS objects from t->validated_keys that
+         * our trust anchors database considers revoked. */
+
+        do {
+                DnsResourceRecord *rr;
+
+                changed = false;
+
+                DNS_ANSWER_FOREACH(rr, t->validated_keys) {
+                        r = dns_trust_anchor_is_revoked(&t->scope->manager->trust_anchor, rr);
+                        if (r < 0)
+                                return r;
+                        if (r > 0) {
+                                r = dns_answer_remove_by_rr(&t->validated_keys, rr);
+                                if (r < 0)
+                                        return r;
+
+                                assert(r > 0);
+                                changed = true;
+                                break;
+                        }
+                }
+        } while (changed);
+
+        return 0;
+}
+
+static int dns_transaction_copy_validated(DnsTransaction *t) {
+        DnsTransaction *dt;
+        Iterator i;
+        int r;
+
+        assert(t);
+
+        /* Copy all validated RRs from the auxiliary DNSSEC transactions into our set of validated RRs */
+
+        SET_FOREACH(dt, t->dnssec_transactions, i) {
+
+                if (DNS_TRANSACTION_IS_LIVE(dt->state))
+                        continue;
+
+                if (!dt->answer_authenticated)
+                        continue;
+
+                r = dns_answer_extend(&t->validated_keys, dt->answer);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+typedef enum {
+        DNSSEC_PHASE_DNSKEY,   /* Phase #1, only validate DNSKEYs */
+        DNSSEC_PHASE_NSEC,     /* Phase #2, only validate NSEC+NSEC3 */
+        DNSSEC_PHASE_ALL,      /* Phase #3, validate everything else */
+} Phase;
+
+static int dnssec_validate_records(
+                DnsTransaction *t,
+                Phase phase,
+                bool *have_nsec,
+                DnsAnswer **validated) {
+
+        DnsResourceRecord *rr;
+        int r;
+
+        /* Returns negative on error, 0 if validation failed, 1 to restart validation, 2 when finished. */
+
+        DNS_ANSWER_FOREACH(rr, t->answer) {
+                DnsResourceRecord *rrsig = NULL;
+                DnssecResult result;
+
+                switch (rr->key->type) {
+                case DNS_TYPE_RRSIG:
+                        continue;
+
+                case DNS_TYPE_DNSKEY:
+                        /* We validate DNSKEYs only in the DNSKEY and ALL phases */
+                        if (phase == DNSSEC_PHASE_NSEC)
+                                continue;
+                        break;
+
+                case DNS_TYPE_NSEC:
+                case DNS_TYPE_NSEC3:
+                        *have_nsec = true;
+
+                        /* We validate NSEC/NSEC3 only in the NSEC and ALL phases */
+                        if (phase == DNSSEC_PHASE_DNSKEY)
+                                continue;
+                        break;
+
+                default:
+                        /* We validate all other RRs only in the ALL phases */
+                        if (phase != DNSSEC_PHASE_ALL)
+                                continue;
+                }
+
+                r = dnssec_verify_rrset_search(t->answer, rr->key, t->validated_keys, USEC_INFINITY, &result, &rrsig);
+                if (r < 0)
+                        return r;
+
+                log_debug("Looking at %s: %s", strna(dns_resource_record_to_string(rr)), dnssec_result_to_string(result));
+
+                if (result == DNSSEC_VALIDATED) {
+
+                        if (rr->key->type == DNS_TYPE_DNSKEY) {
+                                /* If we just validated a DNSKEY RRset, then let's add these keys to
+                                 * the set of validated keys for this transaction. */
+
+                                r = dns_answer_copy_by_key(&t->validated_keys, t->answer, rr->key, DNS_ANSWER_AUTHENTICATED);
+                                if (r < 0)
+                                        return r;
+
+                                /* Some of the DNSKEYs we just added might already have been revoked,
+                                 * remove them again in that case. */
+                                r = dns_transaction_invalidate_revoked_keys(t);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        /* Add the validated RRset to the new list of validated
+                         * RRsets, and remove it from the unvalidated RRsets.
+                         * We mark the RRset as authenticated and cacheable. */
+                        r = dns_answer_move_by_key(validated, &t->answer, rr->key, DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE);
+                        if (r < 0)
+                                return r;
+
+                        manager_dnssec_verdict(t->scope->manager, DNSSEC_SECURE, rr->key);
+
+                        /* Exit the loop, we dropped something from the answer, start from the beginning */
+                        return 1;
+                }
+
+                /* If we haven't read all DNSKEYs yet a negative result of the validation is irrelevant, as
+                 * there might be more DNSKEYs coming. Similar, if we haven't read all NSEC/NSEC3 RRs yet,
+                 * we cannot do positive wildcard proofs yet, as those require the NSEC/NSEC3 RRs. */
+                if (phase != DNSSEC_PHASE_ALL)
+                        continue;
+
+                if (result == DNSSEC_VALIDATED_WILDCARD) {
+                        bool authenticated = false;
+                        const char *source;
+
+                        /* This RRset validated, but as a wildcard. This means we need
+                         * to prove via NSEC/NSEC3 that no matching non-wildcard RR exists.*/
+
+                        /* First step, determine the source of synthesis */
+                        r = dns_resource_record_source(rrsig, &source);
+                        if (r < 0)
+                                return r;
+
+                        r = dnssec_test_positive_wildcard(*validated,
+                                                          dns_resource_key_name(rr->key),
+                                                          source,
+                                                          rrsig->rrsig.signer,
+                                                          &authenticated);
+
+                        /* Unless the NSEC proof showed that the key really doesn't exist something is off. */
+                        if (r == 0)
+                                result = DNSSEC_INVALID;
+                        else {
+                                r = dns_answer_move_by_key(validated, &t->answer, rr->key,
+                                                           authenticated ? (DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE) : 0);
+                                if (r < 0)
+                                        return r;
+
+                                manager_dnssec_verdict(t->scope->manager, authenticated ? DNSSEC_SECURE : DNSSEC_INSECURE, rr->key);
+
+                                /* Exit the loop, we dropped something from the answer, start from the beginning */
+                                return 1;
+                        }
+                }
+
+                if (result == DNSSEC_NO_SIGNATURE) {
+                        r = dns_transaction_requires_rrsig(t, rr);
+                        if (r < 0)
+                                return r;
+                        if (r == 0) {
+                                /* Data does not require signing. In that case, just copy it over,
+                                 * but remember that this is by no means authenticated.*/
+                                r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
+                                if (r < 0)
+                                        return r;
+
+                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
+                                return 1;
+                        }
+
+                        r = dns_transaction_known_signed(t, rr);
+                        if (r < 0)
+                                return r;
+                        if (r > 0) {
+                                /* This is an RR we know has to be signed. If it isn't this means
+                                 * the server is not attaching RRSIGs, hence complain. */
+
+                                dns_server_packet_rrsig_missing(t->server, t->current_feature_level);
+
+                                if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE) {
+
+                                        /* Downgrading is OK? If so, just consider the information unsigned */
+
+                                        r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
+                                        if (r < 0)
+                                                return r;
+
+                                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
+                                        return 1;
+                                }
+
+                                /* Otherwise, fail */
+                                t->answer_dnssec_result = DNSSEC_INCOMPATIBLE_SERVER;
+                                return 0;
+                        }
+
+                        r = dns_transaction_in_private_tld(t, rr->key);
+                        if (r < 0)
+                                return r;
+                        if (r > 0) {
+                                char s[DNS_RESOURCE_KEY_STRING_MAX];
+
+                                /* The data is from a TLD that is proven not to exist, and we are in downgrade
+                                 * mode, hence ignore the fact that this was not signed. */
+
+                                log_info("Detected RRset %s is in a private DNS zone, permitting unsigned RRs.",
+                                         dns_resource_key_to_string(rr->key, s, sizeof s));
+
+                                r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
+                                if (r < 0)
+                                        return r;
+
+                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
+                                return 1;
+                        }
+                }
+
+                if (IN_SET(result,
+                           DNSSEC_MISSING_KEY,
+                           DNSSEC_SIGNATURE_EXPIRED,
+                           DNSSEC_UNSUPPORTED_ALGORITHM)) {
+
+                        r = dns_transaction_dnskey_authenticated(t, rr);
+                        if (r < 0 && r != -ENXIO)
+                                return r;
+                        if (r == 0) {
+                                /* The DNSKEY transaction was not authenticated, this means there's
+                                 * no DS for this, which means it's OK if no keys are found for this signature. */
+
+                                r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
+                                if (r < 0)
+                                        return r;
+
+                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
+                                return 1;
+                        }
+                }
+
+                r = dns_transaction_is_primary_response(t, rr);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        /* Look for a matching DNAME for this CNAME */
+                        r = dns_answer_has_dname_for_cname(t->answer, rr);
+                        if (r < 0)
+                                return r;
+                        if (r == 0) {
+                                /* Also look among the stuff we already validated */
+                                r = dns_answer_has_dname_for_cname(*validated, rr);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        if (r == 0) {
+                                if (IN_SET(result,
+                                           DNSSEC_INVALID,
+                                           DNSSEC_SIGNATURE_EXPIRED,
+                                           DNSSEC_NO_SIGNATURE))
+                                        manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, rr->key);
+                                else /* DNSSEC_MISSING_KEY or DNSSEC_UNSUPPORTED_ALGORITHM */
+                                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, rr->key);
+
+                                /* This is a primary response to our question, and it failed validation.
+                                 * That's fatal. */
+                                t->answer_dnssec_result = result;
+                                return 0;
+                        }
+
+                        /* This is a primary response, but we do have a DNAME RR
+                         * in the RR that can replay this CNAME, hence rely on
+                         * that, and we can remove the CNAME in favour of it. */
+                }
+
+                /* This is just some auxiliary data. Just remove the RRset and continue. */
+                r = dns_answer_remove_by_key(&t->answer, rr->key);
+                if (r < 0)
+                        return r;
+
+                /* We dropped something from the answer, start from the beginning. */
+                return 1;
+        }
+
+        return 2; /* Finito. */
+}
+
+int dns_transaction_validate_dnssec(DnsTransaction *t) {
+        _cleanup_(dns_answer_unrefp) DnsAnswer *validated = NULL;
+        Phase phase;
+        DnsAnswerFlags flags;
+        int r;
+        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
+
+        assert(t);
+
+        /* We have now collected all DS and DNSKEY RRs in
+         * t->validated_keys, let's see which RRs we can now
+         * authenticate with that. */
+
+        if (t->scope->dnssec_mode == DNSSEC_NO)
+                return 0;
+
+        /* Already validated */
+        if (t->answer_dnssec_result != _DNSSEC_RESULT_INVALID)
+                return 0;
+
+        /* Our own stuff needs no validation */
+        if (IN_SET(t->answer_source, DNS_TRANSACTION_ZONE, DNS_TRANSACTION_TRUST_ANCHOR)) {
+                t->answer_dnssec_result = DNSSEC_VALIDATED;
+                t->answer_authenticated = true;
+                return 0;
+        }
+
+        /* Cached stuff is not affected by validation. */
+        if (t->answer_source != DNS_TRANSACTION_NETWORK)
+                return 0;
+
+        if (!dns_transaction_dnssec_supported_full(t)) {
+                /* The server does not support DNSSEC, or doesn't augment responses with RRSIGs. */
+                t->answer_dnssec_result = DNSSEC_INCOMPATIBLE_SERVER;
+                log_debug("Not validating response for %" PRIu16 ", server lacks DNSSEC support.", t->id);
+                return 0;
+        }
+
+        log_debug("Validating response from transaction %" PRIu16 " (%s).",
+                  t->id,
+                  dns_resource_key_to_string(t->key, key_str, sizeof key_str));
+
+        /* First, see if this response contains any revoked trust
+         * anchors we care about */
+        r = dns_transaction_check_revoked_trust_anchors(t);
+        if (r < 0)
+                return r;
+
+        /* Third, copy all RRs we acquired successfully from auxiliary RRs over. */
+        r = dns_transaction_copy_validated(t);
+        if (r < 0)
+                return r;
+
+        /* Second, see if there are DNSKEYs we already know a
+         * validated DS for. */
+        r = dns_transaction_validate_dnskey_by_ds(t);
+        if (r < 0)
+                return r;
+
+        /* Fourth, remove all DNSKEY and DS RRs again that our trust
+         * anchor says are revoked. After all we might have marked
+         * some keys revoked above, but they might still be lingering
+         * in our validated_keys list. */
+        r = dns_transaction_invalidate_revoked_keys(t);
+        if (r < 0)
+                return r;
+
+        phase = DNSSEC_PHASE_DNSKEY;
+        for (;;) {
+                bool have_nsec = false;
+
+                r = dnssec_validate_records(t, phase, &have_nsec, &validated);
+                if (r <= 0)
+                        return r;
+
+                /* Try again as long as we managed to achieve something */
+                if (r == 1)
+                        continue;
+
+                if (phase == DNSSEC_PHASE_DNSKEY && have_nsec) {
+                        /* OK, we processed all DNSKEYs, and there are NSEC/NSEC3 RRs, look at those now. */
+                        phase = DNSSEC_PHASE_NSEC;
+                        continue;
+                }
+
+                if (phase != DNSSEC_PHASE_ALL) {
+                        /* OK, we processed all DNSKEYs and NSEC/NSEC3 RRs, look at all the rest now.
+                         * Note that in this third phase we start to remove RRs we couldn't validate. */
+                        phase = DNSSEC_PHASE_ALL;
+                        continue;
+                }
+
+                /* We're done */
+                break;
+        }
+
+        dns_answer_unref(t->answer);
+        t->answer = validated;
+        validated = NULL;
+
+        /* At this point the answer only contains validated
+         * RRsets. Now, let's see if it actually answers the question
+         * we asked. If so, great! If it doesn't, then see if
+         * NSEC/NSEC3 can prove this. */
+        r = dns_transaction_has_positive_answer(t, &flags);
+        if (r > 0) {
+                /* Yes, it answers the question! */
+
+                if (flags & DNS_ANSWER_AUTHENTICATED) {
+                        /* The answer is fully authenticated, yay. */
+                        t->answer_dnssec_result = DNSSEC_VALIDATED;
+                        t->answer_rcode = DNS_RCODE_SUCCESS;
+                        t->answer_authenticated = true;
+                } else {
+                        /* The answer is not fully authenticated. */
+                        t->answer_dnssec_result = DNSSEC_UNSIGNED;
+                        t->answer_authenticated = false;
+                }
+
+        } else if (r == 0) {
+                DnssecNsecResult nr;
+                bool authenticated = false;
+
+                /* Bummer! Let's check NSEC/NSEC3 */
+                r = dnssec_nsec_test(t->answer, t->key, &nr, &authenticated, &t->answer_nsec_ttl);
+                if (r < 0)
+                        return r;
+
+                switch (nr) {
+
+                case DNSSEC_NSEC_NXDOMAIN:
+                        /* NSEC proves the domain doesn't exist. Very good. */
+                        log_debug("Proved NXDOMAIN via NSEC/NSEC3 for transaction %u (%s)", t->id, key_str);
+                        t->answer_dnssec_result = DNSSEC_VALIDATED;
+                        t->answer_rcode = DNS_RCODE_NXDOMAIN;
+                        t->answer_authenticated = authenticated;
+
+                        manager_dnssec_verdict(t->scope->manager, authenticated ? DNSSEC_SECURE : DNSSEC_INSECURE, t->key);
+                        break;
+
+                case DNSSEC_NSEC_NODATA:
+                        /* NSEC proves that there's no data here, very good. */
+                        log_debug("Proved NODATA via NSEC/NSEC3 for transaction %u (%s)", t->id, key_str);
+                        t->answer_dnssec_result = DNSSEC_VALIDATED;
+                        t->answer_rcode = DNS_RCODE_SUCCESS;
+                        t->answer_authenticated = authenticated;
+
+                        manager_dnssec_verdict(t->scope->manager, authenticated ? DNSSEC_SECURE : DNSSEC_INSECURE, t->key);
+                        break;
+
+                case DNSSEC_NSEC_OPTOUT:
+                        /* NSEC3 says the data might not be signed */
+                        log_debug("Data is NSEC3 opt-out via NSEC/NSEC3 for transaction %u (%s)", t->id, key_str);
+                        t->answer_dnssec_result = DNSSEC_UNSIGNED;
+                        t->answer_authenticated = false;
+
+                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, t->key);
+                        break;
+
+                case DNSSEC_NSEC_NO_RR:
+                        /* No NSEC data? Bummer! */
+
+                        r = dns_transaction_requires_nsec(t);
+                        if (r < 0)
+                                return r;
+                        if (r > 0) {
+                                t->answer_dnssec_result = DNSSEC_NO_SIGNATURE;
+                                manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, t->key);
+                        } else {
+                                t->answer_dnssec_result = DNSSEC_UNSIGNED;
+                                t->answer_authenticated = false;
+                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, t->key);
+                        }
+
+                        break;
+
+                case DNSSEC_NSEC_UNSUPPORTED_ALGORITHM:
+                        /* We don't know the NSEC3 algorithm used? */
+                        t->answer_dnssec_result = DNSSEC_UNSUPPORTED_ALGORITHM;
+                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, t->key);
+                        break;
+
+                case DNSSEC_NSEC_FOUND:
+                case DNSSEC_NSEC_CNAME:
+                        /* NSEC says it needs to be there, but we couldn't find it? Bummer! */
+                        t->answer_dnssec_result = DNSSEC_NSEC_MISMATCH;
+                        manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, t->key);
+                        break;
+
+                default:
+                        assert_not_reached("Unexpected NSEC result.");
+                }
+        }
+
+        return 1;
+}
+
+static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = {
+        [DNS_TRANSACTION_NULL] = "null",
+        [DNS_TRANSACTION_PENDING] = "pending",
+        [DNS_TRANSACTION_VALIDATING] = "validating",
+        [DNS_TRANSACTION_RCODE_FAILURE] = "rcode-failure",
+        [DNS_TRANSACTION_SUCCESS] = "success",
+        [DNS_TRANSACTION_NO_SERVERS] = "no-servers",
+        [DNS_TRANSACTION_TIMEOUT] = "timeout",
+        [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached",
+        [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply",
+        [DNS_TRANSACTION_ERRNO] = "errno",
+        [DNS_TRANSACTION_ABORTED] = "aborted",
+        [DNS_TRANSACTION_DNSSEC_FAILED] = "dnssec-failed",
+        [DNS_TRANSACTION_NO_TRUST_ANCHOR] = "no-trust-anchor",
+        [DNS_TRANSACTION_RR_TYPE_UNSUPPORTED] = "rr-type-unsupported",
+        [DNS_TRANSACTION_NETWORK_DOWN] = "network-down",
+        [DNS_TRANSACTION_NOT_FOUND] = "not-found",
+};
+DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState);
+
+static const char* const dns_transaction_source_table[_DNS_TRANSACTION_SOURCE_MAX] = {
+        [DNS_TRANSACTION_NETWORK] = "network",
+        [DNS_TRANSACTION_CACHE] = "cache",
+        [DNS_TRANSACTION_ZONE] = "zone",
+        [DNS_TRANSACTION_TRUST_ANCHOR] = "trust-anchor",
+};
+DEFINE_STRING_TABLE_LOOKUP(dns_transaction_source, DnsTransactionSource);
diff --git a/src/resolve/resolved-dns-transaction.h b/src/grp-resolve/systemd-resolved/resolved-dns-transaction.h
index eaece91533..eaece91533 100644
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-transaction.h
diff --git a/src/grp-resolve/systemd-resolved/resolved-dns-trust-anchor.c b/src/grp-resolve/systemd-resolved/resolved-dns-trust-anchor.c
new file mode 100644
index 0000000000..0972792341
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-trust-anchor.c
@@ -0,0 +1,743 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "conf-files.h"
+#include "def.h"
+#include "dns-domain.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "hexdecoct.h"
+#include "parse-util.h"
+#include "resolved-dns-trust-anchor.h"
+#include "resolved-dns-dnssec.h"
+#include "set.h"
+#include "string-util.h"
+#include "strv.h"
+
+static const char trust_anchor_dirs[] = CONF_PATHS_NULSTR("dnssec-trust-anchors.d");
+
+/* The DS RR from https://data.iana.org/root-anchors/root-anchors.xml, retrieved December 2015 */
+static const uint8_t root_digest[] =
+        { 0x49, 0xAA, 0xC1, 0x1D, 0x7B, 0x6F, 0x64, 0x46, 0x70, 0x2E, 0x54, 0xA1, 0x60, 0x73, 0x71, 0x60,
+          0x7A, 0x1A, 0x41, 0x85, 0x52, 0x00, 0xFD, 0x2C, 0xE1, 0xCD, 0xDE, 0x32, 0xF2, 0x4E, 0x8F, 0xB5 };
+
+static bool dns_trust_anchor_knows_domain_positive(DnsTrustAnchor *d, const char *name) {
+        assert(d);
+
+        /* Returns true if there's an entry for the specified domain
+         * name in our trust anchor */
+
+        return
+                hashmap_contains(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DNSKEY, name)) ||
+                hashmap_contains(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, name));
+}
+
+static int dns_trust_anchor_add_builtin_positive(DnsTrustAnchor *d) {
+        _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
+        _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
+        int r;
+
+        assert(d);
+
+        r = hashmap_ensure_allocated(&d->positive_by_key, &dns_resource_key_hash_ops);
+        if (r < 0)
+                return r;
+
+        /* Only add the built-in trust anchor if there's neither a DS
+         * nor a DNSKEY defined for the root domain. That way users
+         * have an easy way to override the root domain DS/DNSKEY
+         * data. */
+        if (dns_trust_anchor_knows_domain_positive(d, "."))
+                return 0;
+
+        /* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */
+        rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, "");
+        if (!rr)
+                return -ENOMEM;
+
+        rr->ds.key_tag = 19036;
+        rr->ds.algorithm = DNSSEC_ALGORITHM_RSASHA256;
+        rr->ds.digest_type = DNSSEC_DIGEST_SHA256;
+        rr->ds.digest_size = sizeof(root_digest);
+        rr->ds.digest = memdup(root_digest, rr->ds.digest_size);
+        if (!rr->ds.digest)
+                return  -ENOMEM;
+
+        answer = dns_answer_new(1);
+        if (!answer)
+                return -ENOMEM;
+
+        r = dns_answer_add(answer, rr, 0, DNS_ANSWER_AUTHENTICATED);
+        if (r < 0)
+                return r;
+
+        r = hashmap_put(d->positive_by_key, rr->key, answer);
+        if (r < 0)
+                return r;
+
+        answer = NULL;
+        return 0;
+}
+
+static int dns_trust_anchor_add_builtin_negative(DnsTrustAnchor *d) {
+
+        static const char private_domains[] =
+                /* RFC 6761 says that .test is a special domain for
+                 * testing and not to be installed in the root zone */
+                "test\0"
+
+                /* RFC 6761 says that these reverse IP lookup ranges
+                 * are for private addresses, and hence should not
+                 * show up in the root zone */
+                "10.in-addr.arpa\0"
+                "16.172.in-addr.arpa\0"
+                "17.172.in-addr.arpa\0"
+                "18.172.in-addr.arpa\0"
+                "19.172.in-addr.arpa\0"
+                "20.172.in-addr.arpa\0"
+                "21.172.in-addr.arpa\0"
+                "22.172.in-addr.arpa\0"
+                "23.172.in-addr.arpa\0"
+                "24.172.in-addr.arpa\0"
+                "25.172.in-addr.arpa\0"
+                "26.172.in-addr.arpa\0"
+                "27.172.in-addr.arpa\0"
+                "28.172.in-addr.arpa\0"
+                "29.172.in-addr.arpa\0"
+                "30.172.in-addr.arpa\0"
+                "31.172.in-addr.arpa\0"
+                "168.192.in-addr.arpa\0"
+
+                /* RFC 6762 reserves the .local domain for Multicast
+                 * DNS, it hence cannot appear in the root zone. (Note
+                 * that we by default do not route .local traffic to
+                 * DNS anyway, except when a configured search domain
+                 * suggests so.) */
+                "local\0"
+
+                /* These two are well known, popular private zone
+                 * TLDs, that are blocked from delegation, according
+                 * to:
+                 * http://icannwiki.com/Name_Collision#NGPC_Resolution
+                 *
+                 * There's also ongoing work on making this official
+                 * in an RRC:
+                 * https://www.ietf.org/archive/id/draft-chapin-additional-reserved-tlds-02.txt */
+                "home\0"
+                "corp\0"
+
+                /* The following four TLDs are suggested for private
+                 * zones in RFC 6762, Appendix G, and are hence very
+                 * unlikely to be made official TLDs any day soon */
+                "lan\0"
+                "intranet\0"
+                "internal\0"
+                "private\0";
+
+        const char *name;
+        int r;
+
+        assert(d);
+
+        /* Only add the built-in trust anchor if there's no negative
+         * trust anchor defined at all. This enables easy overriding
+         * of negative trust anchors. */
+
+        if (set_size(d->negative_by_name) > 0)
+                return 0;
+
+        r = set_ensure_allocated(&d->negative_by_name, &dns_name_hash_ops);
+        if (r < 0)
+                return r;
+
+        /* We add a couple of domains as default negative trust
+         * anchors, where it's very unlikely they will be installed in
+         * the root zone. If they exist they must be private, and thus
+         * unsigned. */
+
+        NULSTR_FOREACH(name, private_domains) {
+
+                if (dns_trust_anchor_knows_domain_positive(d, name))
+                        continue;
+
+                r = set_put_strdup(d->negative_by_name, name);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, unsigned line, const char *s) {
+        _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
+        _cleanup_free_ char *domain = NULL, *class = NULL, *type = NULL;
+        _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
+        DnsAnswer *old_answer = NULL;
+        const char *p = s;
+        int r;
+
+        assert(d);
+        assert(line);
+
+        r = extract_first_word(&p, &domain, NULL, EXTRACT_QUOTES);
+        if (r < 0)
+                return log_warning_errno(r, "Unable to parse domain in line %s:%u: %m", path, line);
+
+        if (!dns_name_is_valid(domain)) {
+                log_warning("Domain name %s is invalid, at line %s:%u, ignoring line.", domain, path, line);
+                return -EINVAL;
+        }
+
+        r = extract_many_words(&p, NULL, 0, &class, &type, NULL);
+        if (r < 0)
+                return log_warning_errno(r, "Unable to parse class and type in line %s:%u: %m", path, line);
+        if (r != 2) {
+                log_warning("Missing class or type in line %s:%u", path, line);
+                return -EINVAL;
+        }
+
+        if (!strcaseeq(class, "IN")) {
+                log_warning("RR class %s is not supported, ignoring line %s:%u.", class, path, line);
+                return -EINVAL;
+        }
+
+        if (strcaseeq(type, "DS")) {
+                _cleanup_free_ char *key_tag = NULL, *algorithm = NULL, *digest_type = NULL, *digest = NULL;
+                _cleanup_free_ void *dd = NULL;
+                uint16_t kt;
+                int a, dt;
+                size_t l;
+
+                r = extract_many_words(&p, NULL, 0, &key_tag, &algorithm, &digest_type, &digest, NULL);
+                if (r < 0) {
+                        log_warning_errno(r, "Failed to parse DS parameters on line %s:%u: %m", path, line);
+                        return -EINVAL;
+                }
+                if (r != 4) {
+                        log_warning("Missing DS parameters on line %s:%u", path, line);
+                        return -EINVAL;
+                }
+
+                r = safe_atou16(key_tag, &kt);
+                if (r < 0)
+                        return log_warning_errno(r, "Failed to parse DS key tag %s on line %s:%u: %m", key_tag, path, line);
+
+                a = dnssec_algorithm_from_string(algorithm);
+                if (a < 0) {
+                        log_warning("Failed to parse DS algorithm %s on line %s:%u", algorithm, path, line);
+                        return -EINVAL;
+                }
+
+                dt = dnssec_digest_from_string(digest_type);
+                if (dt < 0) {
+                        log_warning("Failed to parse DS digest type %s on line %s:%u", digest_type, path, line);
+                        return -EINVAL;
+                }
+
+                r = unhexmem(digest, strlen(digest), &dd, &l);
+                if (r < 0) {
+                        log_warning("Failed to parse DS digest %s on line %s:%u", digest, path, line);
+                        return -EINVAL;
+                }
+
+                rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, domain);
+                if (!rr)
+                        return log_oom();
+
+                rr->ds.key_tag = kt;
+                rr->ds.algorithm = a;
+                rr->ds.digest_type = dt;
+                rr->ds.digest_size = l;
+                rr->ds.digest = dd;
+                dd = NULL;
+
+        } else if (strcaseeq(type, "DNSKEY")) {
+                _cleanup_free_ char *flags = NULL, *protocol = NULL, *algorithm = NULL, *key = NULL;
+                _cleanup_free_ void *k = NULL;
+                uint16_t f;
+                size_t l;
+                int a;
+
+                r = extract_many_words(&p, NULL, 0, &flags, &protocol, &algorithm, &key, NULL);
+                if (r < 0)
+                        return log_warning_errno(r, "Failed to parse DNSKEY parameters on line %s:%u: %m", path, line);
+                if (r != 4) {
+                        log_warning("Missing DNSKEY parameters on line %s:%u", path, line);
+                        return -EINVAL;
+                }
+
+                if (!streq(protocol, "3")) {
+                        log_warning("DNSKEY Protocol is not 3 on line %s:%u", path, line);
+                        return -EINVAL;
+                }
+
+                r = safe_atou16(flags, &f);
+                if (r < 0)
+                        return log_warning_errno(r, "Failed to parse DNSKEY flags field %s on line %s:%u", flags, path, line);
+                if ((f & DNSKEY_FLAG_ZONE_KEY) == 0) {
+                        log_warning("DNSKEY lacks zone key bit set on line %s:%u", path, line);
+                        return -EINVAL;
+                }
+                if ((f & DNSKEY_FLAG_REVOKE)) {
+                        log_warning("DNSKEY is already revoked on line %s:%u", path, line);
+                        return -EINVAL;
+                }
+
+                a = dnssec_algorithm_from_string(algorithm);
+                if (a < 0) {
+                        log_warning("Failed to parse DNSKEY algorithm %s on line %s:%u", algorithm, path, line);
+                        return -EINVAL;
+                }
+
+                r = unbase64mem(key, strlen(key), &k, &l);
+                if (r < 0)
+                        return log_warning_errno(r, "Failed to parse DNSKEY key data %s on line %s:%u", key, path, line);
+
+                rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DNSKEY, domain);
+                if (!rr)
+                        return log_oom();
+
+                rr->dnskey.flags = f;
+                rr->dnskey.protocol = 3;
+                rr->dnskey.algorithm = a;
+                rr->dnskey.key_size = l;
+                rr->dnskey.key = k;
+                k = NULL;
+
+        } else {
+                log_warning("RR type %s is not supported, ignoring line %s:%u.", type, path, line);
+                return -EINVAL;
+        }
+
+        if (!isempty(p)) {
+                log_warning("Trailing garbage on line %s:%u, ignoring line.", path, line);
+                return -EINVAL;
+        }
+
+        r = hashmap_ensure_allocated(&d->positive_by_key, &dns_resource_key_hash_ops);
+        if (r < 0)
+                return log_oom();
+
+        old_answer = hashmap_get(d->positive_by_key, rr->key);
+        answer = dns_answer_ref(old_answer);
+
+        r = dns_answer_add_extend(&answer, rr, 0, DNS_ANSWER_AUTHENTICATED);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add trust anchor RR: %m");
+
+        r = hashmap_replace(d->positive_by_key, rr->key, answer);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add answer to trust anchor: %m");
+
+        old_answer = dns_answer_unref(old_answer);
+        answer = NULL;
+
+        return 0;
+}
+
+static int dns_trust_anchor_load_negative(DnsTrustAnchor *d, const char *path, unsigned line, const char *s) {
+        _cleanup_free_ char *domain = NULL;
+        const char *p = s;
+        int r;
+
+        assert(d);
+        assert(line);
+
+        r = extract_first_word(&p, &domain, NULL, EXTRACT_QUOTES);
+        if (r < 0)
+                return log_warning_errno(r, "Unable to parse line %s:%u: %m", path, line);
+
+        if (!dns_name_is_valid(domain)) {
+                log_warning("Domain name %s is invalid, at line %s:%u, ignoring line.", domain, path, line);
+                return -EINVAL;
+        }
+
+        if (!isempty(p)) {
+                log_warning("Trailing garbage at line %s:%u, ignoring line.", path, line);
+                return -EINVAL;
+        }
+
+        r = set_ensure_allocated(&d->negative_by_name, &dns_name_hash_ops);
+        if (r < 0)
+                return log_oom();
+
+        r = set_put(d->negative_by_name, domain);
+        if (r < 0)
+                return log_oom();
+        if (r > 0)
+                domain = NULL;
+
+        return 0;
+}
+
+static int dns_trust_anchor_load_files(
+                DnsTrustAnchor *d,
+                const char *suffix,
+                int (*loader)(DnsTrustAnchor *d, const char *path, unsigned n, const char *line)) {
+
+        _cleanup_strv_free_ char **files = NULL;
+        char **f;
+        int r;
+
+        assert(d);
+        assert(suffix);
+        assert(loader);
+
+        r = conf_files_list_nulstr(&files, suffix, NULL, trust_anchor_dirs);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enumerate %s trust anchor files: %m", suffix);
+
+        STRV_FOREACH(f, files) {
+                _cleanup_fclose_ FILE *g = NULL;
+                char line[LINE_MAX];
+                unsigned n = 0;
+
+                g = fopen(*f, "r");
+                if (!g) {
+                        if (errno == ENOENT)
+                                continue;
+
+                        log_warning_errno(errno, "Failed to open %s: %m", *f);
+                        continue;
+                }
+
+                FOREACH_LINE(line, g, log_warning_errno(errno, "Failed to read %s, ignoring: %m", *f)) {
+                        char *l;
+
+                        n++;
+
+                        l = strstrip(line);
+                        if (isempty(l))
+                                continue;
+
+                        if (*l == ';')
+                                continue;
+
+                        (void) loader(d, *f, n, l);
+                }
+        }
+
+        return 0;
+}
+
+static int domain_name_cmp(const void *a, const void *b) {
+        char **x = (char**) a, **y = (char**) b;
+
+        return dns_name_compare_func(*x, *y);
+}
+
+static int dns_trust_anchor_dump(DnsTrustAnchor *d) {
+        DnsAnswer *a;
+        Iterator i;
+
+        assert(d);
+
+        if (hashmap_isempty(d->positive_by_key))
+                log_info("No positive trust anchors defined.");
+        else {
+                log_info("Positive Trust Anchors:");
+                HASHMAP_FOREACH(a, d->positive_by_key, i) {
+                        DnsResourceRecord *rr;
+
+                        DNS_ANSWER_FOREACH(rr, a)
+                                log_info("%s", dns_resource_record_to_string(rr));
+                }
+        }
+
+        if (set_isempty(d->negative_by_name))
+                log_info("No negative trust anchors defined.");
+        else {
+                _cleanup_free_ char **l = NULL, *j = NULL;
+
+                l = set_get_strv(d->negative_by_name);
+                if (!l)
+                        return log_oom();
+
+                qsort_safe(l, set_size(d->negative_by_name), sizeof(char*), domain_name_cmp);
+
+                j = strv_join(l, " ");
+                if (!j)
+                        return log_oom();
+
+                log_info("Negative trust anchors: %s", j);
+        }
+
+        return 0;
+}
+
+int dns_trust_anchor_load(DnsTrustAnchor *d) {
+        int r;
+
+        assert(d);
+
+        /* If loading things from disk fails, we don't consider this fatal */
+        (void) dns_trust_anchor_load_files(d, ".positive", dns_trust_anchor_load_positive);
+        (void) dns_trust_anchor_load_files(d, ".negative", dns_trust_anchor_load_negative);
+
+        /* However, if the built-in DS fails, then we have a problem. */
+        r = dns_trust_anchor_add_builtin_positive(d);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add built-in positive trust anchor: %m");
+
+        r = dns_trust_anchor_add_builtin_negative(d);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add built-in negative trust anchor: %m");
+
+        dns_trust_anchor_dump(d);
+
+        return 0;
+}
+
+void dns_trust_anchor_flush(DnsTrustAnchor *d) {
+        DnsAnswer *a;
+        DnsResourceRecord *rr;
+
+        assert(d);
+
+        while ((a = hashmap_steal_first(d->positive_by_key)))
+                dns_answer_unref(a);
+        d->positive_by_key = hashmap_free(d->positive_by_key);
+
+        while ((rr = set_steal_first(d->revoked_by_rr)))
+                dns_resource_record_unref(rr);
+        d->revoked_by_rr = set_free(d->revoked_by_rr);
+
+        d->negative_by_name = set_free_free(d->negative_by_name);
+}
+
+int dns_trust_anchor_lookup_positive(DnsTrustAnchor *d, const DnsResourceKey *key, DnsAnswer **ret) {
+        DnsAnswer *a;
+
+        assert(d);
+        assert(key);
+        assert(ret);
+
+        /* We only serve DS and DNSKEY RRs. */
+        if (!IN_SET(key->type, DNS_TYPE_DS, DNS_TYPE_DNSKEY))
+                return 0;
+
+        a = hashmap_get(d->positive_by_key, key);
+        if (!a)
+                return 0;
+
+        *ret = dns_answer_ref(a);
+        return 1;
+}
+
+int dns_trust_anchor_lookup_negative(DnsTrustAnchor *d, const char *name) {
+        assert(d);
+        assert(name);
+
+        return set_contains(d->negative_by_name, name);
+}
+
+static int dns_trust_anchor_revoked_put(DnsTrustAnchor *d, DnsResourceRecord *rr) {
+        int r;
+
+        assert(d);
+
+        r = set_ensure_allocated(&d->revoked_by_rr, &dns_resource_record_hash_ops);
+        if (r < 0)
+                return r;
+
+        r = set_put(d->revoked_by_rr, rr);
+        if (r < 0)
+                return r;
+        if (r > 0)
+                dns_resource_record_ref(rr);
+
+        return r;
+}
+
+static int dns_trust_anchor_remove_revoked(DnsTrustAnchor *d, DnsResourceRecord *rr) {
+        _cleanup_(dns_answer_unrefp) DnsAnswer *new_answer = NULL;
+        DnsAnswer *old_answer;
+        int r;
+
+        /* Remember that this is a revoked trust anchor RR */
+        r = dns_trust_anchor_revoked_put(d, rr);
+        if (r < 0)
+                return r;
+
+        /* Remove this from the positive trust anchor */
+        old_answer = hashmap_get(d->positive_by_key, rr->key);
+        if (!old_answer)
+                return 0;
+
+        new_answer = dns_answer_ref(old_answer);
+
+        r = dns_answer_remove_by_rr(&new_answer, rr);
+        if (r <= 0)
+                return r;
+
+        /* We found the key! Warn the user */
+        log_struct(LOG_WARNING,
+                   LOG_MESSAGE_ID(SD_MESSAGE_DNSSEC_TRUST_ANCHOR_REVOKED),
+                   LOG_MESSAGE("DNSSEC Trust anchor %s has been revoked. Please update the trust anchor, or upgrade your operating system."), strna(dns_resource_record_to_string(rr)),
+                   "TRUST_ANCHOR=%s", dns_resource_record_to_string(rr),
+                   NULL);
+
+        if (dns_answer_size(new_answer) <= 0) {
+                assert_se(hashmap_remove(d->positive_by_key, rr->key) == old_answer);
+                dns_answer_unref(old_answer);
+                return 1;
+        }
+
+        r = hashmap_replace(d->positive_by_key, new_answer->items[0].rr->key, new_answer);
+        if (r < 0)
+                return r;
+
+        new_answer = NULL;
+        dns_answer_unref(old_answer);
+        return 1;
+}
+
+static int dns_trust_anchor_check_revoked_one(DnsTrustAnchor *d, DnsResourceRecord *revoked_dnskey) {
+        DnsAnswer *a;
+        int r;
+
+        assert(d);
+        assert(revoked_dnskey);
+        assert(revoked_dnskey->key->type == DNS_TYPE_DNSKEY);
+        assert(revoked_dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE);
+
+        a = hashmap_get(d->positive_by_key, revoked_dnskey->key);
+        if (a) {
+                DnsResourceRecord *anchor;
+
+                /* First, look for the precise DNSKEY in our trust anchor database */
+
+                DNS_ANSWER_FOREACH(anchor, a) {
+
+                        if (anchor->dnskey.protocol != revoked_dnskey->dnskey.protocol)
+                                continue;
+
+                        if (anchor->dnskey.algorithm != revoked_dnskey->dnskey.algorithm)
+                                continue;
+
+                        if (anchor->dnskey.key_size != revoked_dnskey->dnskey.key_size)
+                                continue;
+
+                        /* Note that we allow the REVOKE bit to be
+                         * different! It will be set in the revoked
+                         * key, but unset in our version of it */
+                        if (((anchor->dnskey.flags ^ revoked_dnskey->dnskey.flags) | DNSKEY_FLAG_REVOKE) != DNSKEY_FLAG_REVOKE)
+                                continue;
+
+                        if (memcmp(anchor->dnskey.key, revoked_dnskey->dnskey.key, anchor->dnskey.key_size) != 0)
+                                continue;
+
+                        dns_trust_anchor_remove_revoked(d, anchor);
+                        break;
+                }
+        }
+
+        a = hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(revoked_dnskey->key->class, DNS_TYPE_DS, dns_resource_key_name(revoked_dnskey->key)));
+        if (a) {
+                DnsResourceRecord *anchor;
+
+                /* Second, look for DS RRs matching this DNSKEY in our trust anchor database */
+
+                DNS_ANSWER_FOREACH(anchor, a) {
+
+                        /* We set mask_revoke to true here, since our
+                         * DS fingerprint will be the one of the
+                         * unrevoked DNSKEY, but the one we got passed
+                         * here has the bit set. */
+                        r = dnssec_verify_dnskey_by_ds(revoked_dnskey, anchor, true);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                continue;
+
+                        dns_trust_anchor_remove_revoked(d, anchor);
+                        break;
+                }
+        }
+
+        return 0;
+}
+
+int dns_trust_anchor_check_revoked(DnsTrustAnchor *d, DnsResourceRecord *dnskey, DnsAnswer *rrs) {
+        DnsResourceRecord *rrsig;
+        int r;
+
+        assert(d);
+        assert(dnskey);
+
+        /* Looks if "dnskey" is a self-signed RR that has been revoked
+         * and matches one of our trust anchor entries. If so, removes
+         * it from the trust anchor and returns > 0. */
+
+        if (dnskey->key->type != DNS_TYPE_DNSKEY)
+                return 0;
+
+        /* Is this DNSKEY revoked? */
+        if ((dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE) == 0)
+                return 0;
+
+        /* Could this be interesting to us at all? If not,
+         * there's no point in looking for and verifying a
+         * self-signed RRSIG. */
+        if (!dns_trust_anchor_knows_domain_positive(d, dns_resource_key_name(dnskey->key)))
+                return 0;
+
+        /* Look for a self-signed RRSIG in the other rrs belonging to this DNSKEY */
+        DNS_ANSWER_FOREACH(rrsig, rrs) {
+                DnssecResult result;
+
+                if (rrsig->key->type != DNS_TYPE_RRSIG)
+                        continue;
+
+                r = dnssec_rrsig_match_dnskey(rrsig, dnskey, true);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                r = dnssec_verify_rrset(rrs, dnskey->key, rrsig, dnskey, USEC_INFINITY, &result);
+                if (r < 0)
+                        return r;
+                if (result != DNSSEC_VALIDATED)
+                        continue;
+
+                /* Bingo! This is a revoked self-signed DNSKEY. Let's
+                 * see if this precise one exists in our trust anchor
+                 * database, too. */
+                r = dns_trust_anchor_check_revoked_one(d, dnskey);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
+        return 0;
+}
+
+int dns_trust_anchor_is_revoked(DnsTrustAnchor *d, DnsResourceRecord *rr) {
+        assert(d);
+
+        if (!IN_SET(rr->key->type, DNS_TYPE_DS, DNS_TYPE_DNSKEY))
+                return 0;
+
+        return set_contains(d->revoked_by_rr, rr);
+}
diff --git a/src/resolve/resolved-dns-trust-anchor.h b/src/grp-resolve/systemd-resolved/resolved-dns-trust-anchor.h
index 635c75fde5..635c75fde5 100644
--- a/src/resolve/resolved-dns-trust-anchor.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-trust-anchor.h
diff --git a/src/resolve/resolved-dns-zone.c b/src/grp-resolve/systemd-resolved/resolved-dns-zone.c
index 850eed8cb8..850eed8cb8 100644
--- a/src/resolve/resolved-dns-zone.c
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-zone.c
diff --git a/src/resolve/resolved-dns-zone.h b/src/grp-resolve/systemd-resolved/resolved-dns-zone.h
index 408833c359..408833c359 100644
--- a/src/resolve/resolved-dns-zone.h
+++ b/src/grp-resolve/systemd-resolved/resolved-dns-zone.h
diff --git a/src/resolve/resolved-etc-hosts.c b/src/grp-resolve/systemd-resolved/resolved-etc-hosts.c
index 40d650949d..40d650949d 100644
--- a/src/resolve/resolved-etc-hosts.c
+++ b/src/grp-resolve/systemd-resolved/resolved-etc-hosts.c
diff --git a/src/resolve/resolved-etc-hosts.h b/src/grp-resolve/systemd-resolved/resolved-etc-hosts.h
index 9d5a175f18..9d5a175f18 100644
--- a/src/resolve/resolved-etc-hosts.h
+++ b/src/grp-resolve/systemd-resolved/resolved-etc-hosts.h
diff --git a/src/resolve/resolved-gperf.gperf b/src/grp-resolve/systemd-resolved/resolved-gperf.gperf
index 82f26215df..82f26215df 100644
--- a/src/resolve/resolved-gperf.gperf
+++ b/src/grp-resolve/systemd-resolved/resolved-gperf.gperf
diff --git a/src/resolve/resolved-link-bus.c b/src/grp-resolve/systemd-resolved/resolved-link-bus.c
index 7f21891819..7f21891819 100644
--- a/src/resolve/resolved-link-bus.c
+++ b/src/grp-resolve/systemd-resolved/resolved-link-bus.c
diff --git a/src/grp-resolve/systemd-resolved/resolved-link-bus.h b/src/grp-resolve/systemd-resolved/resolved-link-bus.h
new file mode 100644
index 0000000000..b1ac57961d
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved-link-bus.h
@@ -0,0 +1,38 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2016 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "resolved-link.h"
+
+extern const sd_bus_vtable link_vtable[];
+
+int link_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
+char *link_bus_path(Link *link);
+int link_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
+
+int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error *error);
diff --git a/src/grp-resolve/systemd-resolved/resolved-link.c b/src/grp-resolve/systemd-resolved/resolved-link.c
new file mode 100644
index 0000000000..4eef20599a
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved-link.c
@@ -0,0 +1,840 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <net/if.h>
+
+#include <systemd/sd-network.h>
+
+#include "alloc-util.h"
+#include "missing.h"
+#include "parse-util.h"
+#include "resolved-link.h"
+#include "string-util.h"
+#include "strv.h"
+
+int link_new(Manager *m, Link **ret, int ifindex) {
+        _cleanup_(link_freep) Link *l = NULL;
+        int r;
+
+        assert(m);
+        assert(ifindex > 0);
+
+        r = hashmap_ensure_allocated(&m->links, NULL);
+        if (r < 0)
+                return r;
+
+        l = new0(Link, 1);
+        if (!l)
+                return -ENOMEM;
+
+        l->ifindex = ifindex;
+        l->llmnr_support = RESOLVE_SUPPORT_YES;
+        l->mdns_support = RESOLVE_SUPPORT_NO;
+        l->dnssec_mode = _DNSSEC_MODE_INVALID;
+        l->operstate = IF_OPER_UNKNOWN;
+
+        r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
+        if (r < 0)
+                return r;
+
+        l->manager = m;
+
+        if (ret)
+                *ret = l;
+        l = NULL;
+
+        return 0;
+}
+
+void link_flush_settings(Link *l) {
+        assert(l);
+
+        l->llmnr_support = RESOLVE_SUPPORT_YES;
+        l->mdns_support = RESOLVE_SUPPORT_NO;
+        l->dnssec_mode = _DNSSEC_MODE_INVALID;
+
+        dns_server_unlink_all(l->dns_servers);
+        dns_search_domain_unlink_all(l->search_domains);
+
+        l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
+}
+
+Link *link_free(Link *l) {
+        if (!l)
+                return NULL;
+
+        link_flush_settings(l);
+
+        while (l->addresses)
+                (void) link_address_free(l->addresses);
+
+        if (l->manager)
+                hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
+
+        dns_scope_free(l->unicast_scope);
+        dns_scope_free(l->llmnr_ipv4_scope);
+        dns_scope_free(l->llmnr_ipv6_scope);
+        dns_scope_free(l->mdns_ipv4_scope);
+        dns_scope_free(l->mdns_ipv6_scope);
+
+        free(l);
+        return NULL;
+}
+
+void link_allocate_scopes(Link *l) {
+        int r;
+
+        assert(l);
+
+        if (link_relevant(l, AF_UNSPEC, false) &&
+            l->dns_servers) {
+                if (!l->unicast_scope) {
+                        r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to allocate DNS scope: %m");
+                }
+        } else
+                l->unicast_scope = dns_scope_free(l->unicast_scope);
+
+        if (link_relevant(l, AF_INET, true) &&
+            l->llmnr_support != RESOLVE_SUPPORT_NO &&
+            l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
+                if (!l->llmnr_ipv4_scope) {
+                        r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
+                }
+        } else
+                l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
+
+        if (link_relevant(l, AF_INET6, true) &&
+            l->llmnr_support != RESOLVE_SUPPORT_NO &&
+            l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
+            socket_ipv6_is_supported()) {
+                if (!l->llmnr_ipv6_scope) {
+                        r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
+                }
+        } else
+                l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
+
+        if (link_relevant(l, AF_INET, true) &&
+            l->mdns_support != RESOLVE_SUPPORT_NO &&
+            l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
+                if (!l->mdns_ipv4_scope) {
+                        r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
+                }
+        } else
+                l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
+
+        if (link_relevant(l, AF_INET6, true) &&
+            l->mdns_support != RESOLVE_SUPPORT_NO &&
+            l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
+                if (!l->mdns_ipv6_scope) {
+                        r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
+                }
+        } else
+                l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
+}
+
+void link_add_rrs(Link *l, bool force_remove) {
+        LinkAddress *a;
+
+        LIST_FOREACH(addresses, a, l->addresses)
+                link_address_add_rrs(a, force_remove);
+}
+
+int link_update_rtnl(Link *l, sd_netlink_message *m) {
+        const char *n = NULL;
+        int r;
+
+        assert(l);
+        assert(m);
+
+        r = sd_rtnl_message_link_get_flags(m, &l->flags);
+        if (r < 0)
+                return r;
+
+        (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
+        (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
+
+        if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
+                strncpy(l->name, n, sizeof(l->name)-1);
+                char_array_0(l->name);
+        }
+
+        link_allocate_scopes(l);
+        link_add_rrs(l, false);
+
+        return 0;
+}
+
+static int link_update_dns_servers(Link *l) {
+        _cleanup_strv_free_ char **nameservers = NULL;
+        char **nameserver;
+        int r;
+
+        assert(l);
+
+        r = sd_network_link_get_dns(l->ifindex, &nameservers);
+        if (r == -ENODATA) {
+                r = 0;
+                goto clear;
+        }
+        if (r < 0)
+                goto clear;
+
+        dns_server_mark_all(l->dns_servers);
+
+        STRV_FOREACH(nameserver, nameservers) {
+                union in_addr_union a;
+                DnsServer *s;
+                int family;
+
+                r = in_addr_from_string_auto(*nameserver, &family, &a);
+                if (r < 0)
+                        goto clear;
+
+                s = dns_server_find(l->dns_servers, family, &a);
+                if (s)
+                        dns_server_move_back_and_unmark(s);
+                else {
+                        r = dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a);
+                        if (r < 0)
+                                goto clear;
+                }
+        }
+
+        dns_server_unlink_marked(l->dns_servers);
+        return 0;
+
+clear:
+        dns_server_unlink_all(l->dns_servers);
+        return r;
+}
+
+static int link_update_llmnr_support(Link *l) {
+        _cleanup_free_ char *b = NULL;
+        int r;
+
+        assert(l);
+
+        r = sd_network_link_get_llmnr(l->ifindex, &b);
+        if (r == -ENODATA) {
+                r = 0;
+                goto clear;
+        }
+        if (r < 0)
+                goto clear;
+
+        l->llmnr_support = resolve_support_from_string(b);
+        if (l->llmnr_support < 0) {
+                r = -EINVAL;
+                goto clear;
+        }
+
+        return 0;
+
+clear:
+        l->llmnr_support = RESOLVE_SUPPORT_YES;
+        return r;
+}
+
+static int link_update_mdns_support(Link *l) {
+        _cleanup_free_ char *b = NULL;
+        int r;
+
+        assert(l);
+
+        r = sd_network_link_get_mdns(l->ifindex, &b);
+        if (r == -ENODATA) {
+                r = 0;
+                goto clear;
+        }
+        if (r < 0)
+                goto clear;
+
+        l->mdns_support = resolve_support_from_string(b);
+        if (l->mdns_support < 0) {
+                r = -EINVAL;
+                goto clear;
+        }
+
+        return 0;
+
+clear:
+        l->mdns_support = RESOLVE_SUPPORT_NO;
+        return r;
+}
+
+void link_set_dnssec_mode(Link *l, DnssecMode mode) {
+
+        assert(l);
+
+        if (l->dnssec_mode == mode)
+                return;
+
+        if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
+            (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
+            (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
+
+                /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
+                 * allow-downgrade mode to full DNSSEC mode, flush it too. */
+                if (l->unicast_scope)
+                        dns_cache_flush(&l->unicast_scope->cache);
+        }
+
+        l->dnssec_mode = mode;
+}
+
+static int link_update_dnssec_mode(Link *l) {
+        _cleanup_free_ char *m = NULL;
+        DnssecMode mode;
+        int r;
+
+        assert(l);
+
+        r = sd_network_link_get_dnssec(l->ifindex, &m);
+        if (r == -ENODATA) {
+                r = 0;
+                goto clear;
+        }
+        if (r < 0)
+                goto clear;
+
+        mode = dnssec_mode_from_string(m);
+        if (mode < 0) {
+                r = -EINVAL;
+                goto clear;
+        }
+
+        link_set_dnssec_mode(l, mode);
+
+        return 0;
+
+clear:
+        l->dnssec_mode = _DNSSEC_MODE_INVALID;
+        return r;
+}
+
+static int link_update_dnssec_negative_trust_anchors(Link *l) {
+        _cleanup_strv_free_ char **ntas = NULL;
+        _cleanup_set_free_free_ Set *ns = NULL;
+        char **i;
+        int r;
+
+        assert(l);
+
+        r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
+        if (r == -ENODATA) {
+                r = 0;
+                goto clear;
+        }
+        if (r < 0)
+                goto clear;
+
+        ns = set_new(&dns_name_hash_ops);
+        if (!ns)
+                return -ENOMEM;
+
+        STRV_FOREACH(i, ntas) {
+                r = set_put_strdup(ns, *i);
+                if (r < 0)
+                        return r;
+        }
+
+        set_free_free(l->dnssec_negative_trust_anchors);
+        l->dnssec_negative_trust_anchors = ns;
+        ns = NULL;
+
+        return 0;
+
+clear:
+        l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
+        return r;
+}
+
+static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
+        DnsSearchDomain *d;
+        int r;
+
+        r = dns_search_domain_find(l->search_domains, name, &d);
+        if (r < 0)
+                return r;
+        if (r > 0)
+                dns_search_domain_move_back_and_unmark(d);
+        else {
+                r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
+                if (r < 0)
+                        return r;
+        }
+
+        d->route_only = route_only;
+        return 0;
+}
+
+static int link_update_search_domains(Link *l) {
+        _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
+        char **i;
+        int r, q;
+
+        assert(l);
+
+        r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
+        if (r < 0 && r != -ENODATA)
+                goto clear;
+
+        q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
+        if (q < 0 && q != -ENODATA) {
+                r = q;
+                goto clear;
+        }
+
+        if (r == -ENODATA && q == -ENODATA) {
+                /* networkd knows nothing about this interface, and that's fine. */
+                r = 0;
+                goto clear;
+        }
+
+        dns_search_domain_mark_all(l->search_domains);
+
+        STRV_FOREACH(i, sdomains) {
+                r = link_update_search_domain_one(l, *i, false);
+                if (r < 0)
+                        goto clear;
+        }
+
+        STRV_FOREACH(i, rdomains) {
+                r = link_update_search_domain_one(l, *i, true);
+                if (r < 0)
+                        goto clear;
+        }
+
+        dns_search_domain_unlink_marked(l->search_domains);
+        return 0;
+
+clear:
+        dns_search_domain_unlink_all(l->search_domains);
+        return r;
+}
+
+static int link_is_unmanaged(Link *l) {
+        _cleanup_free_ char *state = NULL;
+        int r;
+
+        assert(l);
+
+        r = sd_network_link_get_setup_state(l->ifindex, &state);
+        if (r == -ENODATA)
+                return 1;
+        if (r < 0)
+                return r;
+
+        return STR_IN_SET(state, "pending", "unmanaged");
+}
+
+static void link_read_settings(Link *l) {
+        int r;
+
+        assert(l);
+
+        /* Read settings from networkd, except when networkd is not managing this interface. */
+
+        r = link_is_unmanaged(l);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->name);
+                return;
+        }
+        if (r > 0) {
+
+                /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
+                if (l->is_managed)
+                        link_flush_settings(l);
+
+                l->is_managed = false;
+                return;
+        }
+
+        l->is_managed = true;
+
+        r = link_update_dns_servers(l);
+        if (r < 0)
+                log_warning_errno(r, "Failed to read DNS servers for interface %s, ignoring: %m", l->name);
+
+        r = link_update_llmnr_support(l);
+        if (r < 0)
+                log_warning_errno(r, "Failed to read LLMNR support for interface %s, ignoring: %m", l->name);
+
+        r = link_update_mdns_support(l);
+        if (r < 0)
+                log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
+
+        r = link_update_dnssec_mode(l);
+        if (r < 0)
+                log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->name);
+
+        r = link_update_dnssec_negative_trust_anchors(l);
+        if (r < 0)
+                log_warning_errno(r, "Failed to read DNSSEC negative trust anchors for interface %s, ignoring: %m", l->name);
+
+        r = link_update_search_domains(l);
+        if (r < 0)
+                log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->name);
+}
+
+int link_update_monitor(Link *l) {
+        assert(l);
+
+        link_read_settings(l);
+        link_allocate_scopes(l);
+        link_add_rrs(l, false);
+
+        return 0;
+}
+
+bool link_relevant(Link *l, int family, bool local_multicast) {
+        _cleanup_free_ char *state = NULL;
+        LinkAddress *a;
+
+        assert(l);
+
+        /* A link is relevant for local multicast traffic if it isn't a loopback or pointopoint device, has a link
+         * beat, can do multicast and has at least one link-local (or better) IP address.
+         *
+         * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
+         * least one routable address.*/
+
+        if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
+                return false;
+
+        if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
+                return false;
+
+        if (local_multicast) {
+                if (l->flags & IFF_POINTOPOINT)
+                        return false;
+
+                if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
+                        return false;
+        }
+
+        /* Check kernel operstate
+         * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
+        if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
+                return false;
+
+        (void) sd_network_link_get_operational_state(l->ifindex, &state);
+        if (state && !STR_IN_SET(state, "unknown", "degraded", "routable"))
+                return false;
+
+        LIST_FOREACH(addresses, a, l->addresses)
+                if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
+                        return true;
+
+        return false;
+}
+
+LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
+        LinkAddress *a;
+
+        assert(l);
+
+        LIST_FOREACH(addresses, a, l->addresses)
+                if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
+                        return a;
+
+        return NULL;
+}
+
+DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
+        assert(l);
+
+        if (l->current_dns_server == s)
+                return s;
+
+        if (s)
+                log_info("Switching to DNS server %s for interface %s.", dns_server_string(s), l->name);
+
+        dns_server_unref(l->current_dns_server);
+        l->current_dns_server = dns_server_ref(s);
+
+        if (l->unicast_scope)
+                dns_cache_flush(&l->unicast_scope->cache);
+
+        return s;
+}
+
+DnsServer *link_get_dns_server(Link *l) {
+        assert(l);
+
+        if (!l->current_dns_server)
+                link_set_dns_server(l, l->dns_servers);
+
+        return l->current_dns_server;
+}
+
+void link_next_dns_server(Link *l) {
+        assert(l);
+
+        if (!l->current_dns_server)
+                return;
+
+        /* Change to the next one, but make sure to follow the linked
+         * list only if this server is actually still linked. */
+        if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
+                link_set_dns_server(l, l->current_dns_server->servers_next);
+                return;
+        }
+
+        link_set_dns_server(l, l->dns_servers);
+}
+
+DnssecMode link_get_dnssec_mode(Link *l) {
+        assert(l);
+
+        if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
+                return l->dnssec_mode;
+
+        return manager_get_dnssec_mode(l->manager);
+}
+
+bool link_dnssec_supported(Link *l) {
+        DnsServer *server;
+
+        assert(l);
+
+        if (link_get_dnssec_mode(l) == DNSSEC_NO)
+                return false;
+
+        server = link_get_dns_server(l);
+        if (server)
+                return dns_server_dnssec_supported(server);
+
+        return true;
+}
+
+int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
+        LinkAddress *a;
+
+        assert(l);
+        assert(in_addr);
+
+        a = new0(LinkAddress, 1);
+        if (!a)
+                return -ENOMEM;
+
+        a->family = family;
+        a->in_addr = *in_addr;
+
+        a->link = l;
+        LIST_PREPEND(addresses, l->addresses, a);
+
+        if (ret)
+                *ret = a;
+
+        return 0;
+}
+
+LinkAddress *link_address_free(LinkAddress *a) {
+        if (!a)
+                return NULL;
+
+        if (a->link) {
+                LIST_REMOVE(addresses, a->link->addresses, a);
+
+                if (a->llmnr_address_rr) {
+                        if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
+                                dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
+                        else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
+                                dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
+                }
+
+                if (a->llmnr_ptr_rr) {
+                        if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
+                                dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
+                        else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
+                                dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
+                }
+        }
+
+        dns_resource_record_unref(a->llmnr_address_rr);
+        dns_resource_record_unref(a->llmnr_ptr_rr);
+
+        free(a);
+        return NULL;
+}
+
+void link_address_add_rrs(LinkAddress *a, bool force_remove) {
+        int r;
+
+        assert(a);
+
+        if (a->family == AF_INET) {
+
+                if (!force_remove &&
+                    link_address_relevant(a, true) &&
+                    a->link->llmnr_ipv4_scope &&
+                    a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
+                    a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
+
+                        if (!a->link->manager->llmnr_host_ipv4_key) {
+                                a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
+                                if (!a->link->manager->llmnr_host_ipv4_key) {
+                                        r = -ENOMEM;
+                                        goto fail;
+                                }
+                        }
+
+                        if (!a->llmnr_address_rr) {
+                                a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
+                                if (!a->llmnr_address_rr) {
+                                        r = -ENOMEM;
+                                        goto fail;
+                                }
+
+                                a->llmnr_address_rr->a.in_addr = a->in_addr.in;
+                                a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
+                        }
+
+                        if (!a->llmnr_ptr_rr) {
+                                r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
+                                if (r < 0)
+                                        goto fail;
+
+                                a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
+                        }
+
+                        r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
+
+                        r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
+                } else {
+                        if (a->llmnr_address_rr) {
+                                if (a->link->llmnr_ipv4_scope)
+                                        dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
+                                a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
+                        }
+
+                        if (a->llmnr_ptr_rr) {
+                                if (a->link->llmnr_ipv4_scope)
+                                        dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
+                                a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
+                        }
+                }
+        }
+
+        if (a->family == AF_INET6) {
+
+                if (!force_remove &&
+                    link_address_relevant(a, true) &&
+                    a->link->llmnr_ipv6_scope &&
+                    a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
+                    a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
+
+                        if (!a->link->manager->llmnr_host_ipv6_key) {
+                                a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
+                                if (!a->link->manager->llmnr_host_ipv6_key) {
+                                        r = -ENOMEM;
+                                        goto fail;
+                                }
+                        }
+
+                        if (!a->llmnr_address_rr) {
+                                a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
+                                if (!a->llmnr_address_rr) {
+                                        r = -ENOMEM;
+                                        goto fail;
+                                }
+
+                                a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
+                                a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
+                        }
+
+                        if (!a->llmnr_ptr_rr) {
+                                r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
+                                if (r < 0)
+                                        goto fail;
+
+                                a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
+                        }
+
+                        r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
+
+                        r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
+                } else {
+                        if (a->llmnr_address_rr) {
+                                if (a->link->llmnr_ipv6_scope)
+                                        dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
+                                a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
+                        }
+
+                        if (a->llmnr_ptr_rr) {
+                                if (a->link->llmnr_ipv6_scope)
+                                        dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
+                                a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
+                        }
+                }
+        }
+
+        return;
+
+fail:
+        log_debug_errno(r, "Failed to update address RRs: %m");
+}
+
+int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
+        int r;
+        assert(a);
+        assert(m);
+
+        r = sd_rtnl_message_addr_get_flags(m, &a->flags);
+        if (r < 0)
+                return r;
+
+        sd_rtnl_message_addr_get_scope(m, &a->scope);
+
+        link_allocate_scopes(a->link);
+        link_add_rrs(a->link, false);
+
+        return 0;
+}
+
+bool link_address_relevant(LinkAddress *a, bool local_multicast) {
+        assert(a);
+
+        if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
+                return false;
+
+        if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
+                return false;
+
+        return true;
+}
diff --git a/src/resolve/resolved-link.h b/src/grp-resolve/systemd-resolved/resolved-link.h
index f534c12824..f534c12824 100644
--- a/src/resolve/resolved-link.h
+++ b/src/grp-resolve/systemd-resolved/resolved-link.h
diff --git a/src/resolve/resolved-llmnr.c b/src/grp-resolve/systemd-resolved/resolved-llmnr.c
index 8b1d71a3eb..8b1d71a3eb 100644
--- a/src/resolve/resolved-llmnr.c
+++ b/src/grp-resolve/systemd-resolved/resolved-llmnr.c
diff --git a/src/resolve/resolved-llmnr.h b/src/grp-resolve/systemd-resolved/resolved-llmnr.h
index 8133582fa7..8133582fa7 100644
--- a/src/resolve/resolved-llmnr.h
+++ b/src/grp-resolve/systemd-resolved/resolved-llmnr.h
diff --git a/src/resolve/resolved-manager.c b/src/grp-resolve/systemd-resolved/resolved-manager.c
index 7166b94d71..7166b94d71 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/grp-resolve/systemd-resolved/resolved-manager.c
diff --git a/src/grp-resolve/systemd-resolved/resolved-manager.h b/src/grp-resolve/systemd-resolved/resolved-manager.h
new file mode 100644
index 0000000000..8bef2d2b28
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved-manager.h
@@ -0,0 +1,171 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+#include <systemd/sd-netlink.h>
+#include <systemd/sd-network.h>
+
+#include "hashmap.h"
+#include "list.h"
+#include "ordered-set.h"
+#include "resolve-util.h"
+
+typedef struct Manager Manager;
+
+#include "resolved-dns-query.h"
+#include "resolved-dns-search-domain.h"
+#include "resolved-dns-server.h"
+#include "resolved-dns-stream.h"
+#include "resolved-dns-trust-anchor.h"
+#include "resolved-link.h"
+
+#define MANAGER_SEARCH_DOMAINS_MAX 32
+#define MANAGER_DNS_SERVERS_MAX 32
+
+struct Manager {
+        sd_event *event;
+
+        ResolveSupport llmnr_support;
+        ResolveSupport mdns_support;
+        DnssecMode dnssec_mode;
+
+        /* Network */
+        Hashmap *links;
+
+        sd_netlink *rtnl;
+        sd_event_source *rtnl_event_source;
+
+        sd_network_monitor *network_monitor;
+        sd_event_source *network_event_source;
+
+        /* DNS query management */
+        Hashmap *dns_transactions;
+        LIST_HEAD(DnsQuery, dns_queries);
+        unsigned n_dns_queries;
+
+        LIST_HEAD(DnsStream, dns_streams);
+        unsigned n_dns_streams;
+
+        /* Unicast dns */
+        LIST_HEAD(DnsServer, dns_servers);
+        LIST_HEAD(DnsServer, fallback_dns_servers);
+        unsigned n_dns_servers; /* counts both main and fallback */
+        DnsServer *current_dns_server;
+
+        LIST_HEAD(DnsSearchDomain, search_domains);
+        unsigned n_search_domains;
+        bool permit_domain_search;
+
+        bool need_builtin_fallbacks:1;
+
+        bool read_resolv_conf:1;
+        usec_t resolv_conf_mtime;
+
+        DnsTrustAnchor trust_anchor;
+
+        LIST_HEAD(DnsScope, dns_scopes);
+        DnsScope *unicast_scope;
+
+        /* LLMNR */
+        int llmnr_ipv4_udp_fd;
+        int llmnr_ipv6_udp_fd;
+        int llmnr_ipv4_tcp_fd;
+        int llmnr_ipv6_tcp_fd;
+
+        sd_event_source *llmnr_ipv4_udp_event_source;
+        sd_event_source *llmnr_ipv6_udp_event_source;
+        sd_event_source *llmnr_ipv4_tcp_event_source;
+        sd_event_source *llmnr_ipv6_tcp_event_source;
+
+        /* mDNS */
+        int mdns_ipv4_fd;
+        int mdns_ipv6_fd;
+
+        sd_event_source *mdns_ipv4_event_source;
+        sd_event_source *mdns_ipv6_event_source;
+
+        /* dbus */
+        sd_bus *bus;
+        sd_event_source *bus_retry_event_source;
+
+        /* The hostname we publish on LLMNR and mDNS */
+        char *llmnr_hostname;
+        char *mdns_hostname;
+        DnsResourceKey *llmnr_host_ipv4_key;
+        DnsResourceKey *llmnr_host_ipv6_key;
+
+        /* Watch the system hostname */
+        int hostname_fd;
+        sd_event_source *hostname_event_source;
+
+        /* Watch for system suspends */
+        sd_bus_slot *prepare_for_sleep_slot;
+
+        sd_event_source *sigusr1_event_source;
+
+        unsigned n_transactions_total;
+        unsigned n_dnssec_verdict[_DNSSEC_VERDICT_MAX];
+
+        /* Data from /etc/hosts */
+        Set* etc_hosts_by_address;
+        Hashmap* etc_hosts_by_name;
+        usec_t etc_hosts_last, etc_hosts_mtime;
+};
+
+/* Manager */
+
+int manager_new(Manager **ret);
+Manager* manager_free(Manager *m);
+
+int manager_start(Manager *m);
+
+uint32_t manager_find_mtu(Manager *m);
+
+int manager_write(Manager *m, int fd, DnsPacket *p);
+int manager_send(Manager *m, int fd, int ifindex, int family, const union in_addr_union *addr, uint16_t port, DnsPacket *p);
+int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret);
+
+int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr);
+LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr);
+
+void manager_refresh_rrs(Manager *m);
+int manager_next_hostname(Manager *m);
+
+bool manager_our_packet(Manager *m, DnsPacket *p);
+DnsScope* manager_find_scope(Manager *m, DnsPacket *p);
+
+void manager_verify_all(Manager *m);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
+
+#define EXTRA_CMSG_SPACE 1024
+
+int manager_is_own_hostname(Manager *m, const char *name);
+
+int manager_compile_dns_servers(Manager *m, OrderedSet **servers);
+int manager_compile_search_domains(Manager *m, OrderedSet **domains);
+
+DnssecMode manager_get_dnssec_mode(Manager *m);
+bool manager_dnssec_supported(Manager *m);
+
+void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key);
+
+bool manager_routable(Manager *m, int family);
diff --git a/src/resolve/resolved-mdns.c b/src/grp-resolve/systemd-resolved/resolved-mdns.c
index b13b1d0144..b13b1d0144 100644
--- a/src/resolve/resolved-mdns.c
+++ b/src/grp-resolve/systemd-resolved/resolved-mdns.c
diff --git a/src/resolve/resolved-mdns.h b/src/grp-resolve/systemd-resolved/resolved-mdns.h
index 5d274648f4..5d274648f4 100644
--- a/src/resolve/resolved-mdns.h
+++ b/src/grp-resolve/systemd-resolved/resolved-mdns.h
diff --git a/src/resolve/resolved-resolv-conf.c b/src/grp-resolve/systemd-resolved/resolved-resolv-conf.c
index ff03acc772..ff03acc772 100644
--- a/src/resolve/resolved-resolv-conf.c
+++ b/src/grp-resolve/systemd-resolved/resolved-resolv-conf.c
diff --git a/src/resolve/resolved-resolv-conf.h b/src/grp-resolve/systemd-resolved/resolved-resolv-conf.h
index 75fa080e4c..75fa080e4c 100644
--- a/src/resolve/resolved-resolv-conf.h
+++ b/src/grp-resolve/systemd-resolved/resolved-resolv-conf.h
diff --git a/src/grp-resolve/systemd-resolved/resolved.c b/src/grp-resolve/systemd-resolved/resolved.c
new file mode 100644
index 0000000000..086a2fcac7
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/resolved.c
@@ -0,0 +1,112 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+
+#include "capability-util.h"
+#include "mkdir.h"
+#include "resolved-conf.h"
+#include "resolved-manager.h"
+#include "resolved-resolv-conf.h"
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "user-util.h"
+
+int main(int argc, char *argv[]) {
+        _cleanup_(manager_freep) Manager *m = NULL;
+        const char *user = "systemd-resolve";
+        uid_t uid;
+        gid_t gid;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        if (argc != 1) {
+                log_error("This program takes no arguments.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        umask(0022);
+
+        r = mac_selinux_init();
+        if (r < 0) {
+                log_error_errno(r, "SELinux setup failed: %m");
+                goto finish;
+        }
+
+        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Cannot resolve user name %s: %m", user);
+                goto finish;
+        }
+
+        /* Always create the directory where resolv.conf will live */
+        r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid);
+        if (r < 0) {
+                log_error_errno(r, "Could not create runtime directory: %m");
+                goto finish;
+        }
+
+        r = drop_privileges(uid, gid, 0);
+        if (r < 0)
+                goto finish;
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, SIGUSR1, -1) >= 0);
+
+        r = manager_new(&m);
+        if (r < 0) {
+                log_error_errno(r, "Could not create manager: %m");
+                goto finish;
+        }
+
+        r = manager_start(m);
+        if (r < 0) {
+                log_error_errno(r, "Failed to start manager: %m");
+                goto finish;
+        }
+
+        /* Write finish default resolv.conf to avoid a dangling
+         * symlink */
+        r = manager_write_resolv_conf(m);
+        if (r < 0)
+                log_warning_errno(r, "Could not create "PRIVATE_RESOLV_CONF": %m");
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing requests...");
+
+        r = sd_event_loop(m->event);
+        if (r < 0) {
+                log_error_errno(r, "Event loop failed: %m");
+                goto finish;
+        }
+
+        sd_event_get_exit_code(m->event, &r);
+
+finish:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Shutting down...");
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/resolve/resolved.conf.in b/src/grp-resolve/systemd-resolved/resolved.conf.in
index a288588924..a288588924 100644
--- a/src/resolve/resolved.conf.in
+++ b/src/grp-resolve/systemd-resolved/resolved.conf.in
diff --git a/src/resolve/test-data/_443._tcp.fedoraproject.org.pkts b/src/grp-resolve/systemd-resolved/test-data/_443._tcp.fedoraproject.org.pkts
index a383c6286d..a383c6286d 100644
--- a/src/resolve/test-data/_443._tcp.fedoraproject.org.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/_443._tcp.fedoraproject.org.pkts
diff --git a/src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts b/src/grp-resolve/systemd-resolved/test-data/_openpgpkey.fedoraproject.org.pkts
index 15de02e997..15de02e997 100644
--- a/src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/_openpgpkey.fedoraproject.org.pkts
diff --git a/src/resolve/test-data/fake-caa.pkts b/src/grp-resolve/systemd-resolved/test-data/fake-caa.pkts
index 1c3ecc5491..1c3ecc5491 100644
--- a/src/resolve/test-data/fake-caa.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/fake-caa.pkts
diff --git a/src/resolve/test-data/fedoraproject.org.pkts b/src/grp-resolve/systemd-resolved/test-data/fedoraproject.org.pkts
index 17874844d9..17874844d9 100644
--- a/src/resolve/test-data/fedoraproject.org.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/fedoraproject.org.pkts
diff --git a/src/resolve/test-data/gandi.net.pkts b/src/grp-resolve/systemd-resolved/test-data/gandi.net.pkts
index 5ef51e0c8e..5ef51e0c8e 100644
--- a/src/resolve/test-data/gandi.net.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/gandi.net.pkts
diff --git a/src/resolve/test-data/google.com.pkts b/src/grp-resolve/systemd-resolved/test-data/google.com.pkts
index f98c4cd855..f98c4cd855 100644
--- a/src/resolve/test-data/google.com.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/google.com.pkts
diff --git a/src/resolve/test-data/kyhwana.org.pkts b/src/grp-resolve/systemd-resolved/test-data/kyhwana.org.pkts
index e28a725c9a..e28a725c9a 100644
--- a/src/resolve/test-data/kyhwana.org.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/kyhwana.org.pkts
diff --git a/src/resolve/test-data/root.pkts b/src/grp-resolve/systemd-resolved/test-data/root.pkts
index 54ba668c75..54ba668c75 100644
--- a/src/resolve/test-data/root.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/root.pkts
diff --git a/src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts b/src/grp-resolve/systemd-resolved/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts
index a854249532..a854249532 100644
--- a/src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts
diff --git a/src/resolve/test-data/teamits.com.pkts b/src/grp-resolve/systemd-resolved/test-data/teamits.com.pkts
index 11deb39677..11deb39677 100644
--- a/src/resolve/test-data/teamits.com.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/teamits.com.pkts
diff --git a/src/resolve/test-data/zbyszek@fedoraproject.org.pkts b/src/grp-resolve/systemd-resolved/test-data/zbyszek@fedoraproject.org.pkts
index f0a6f982df..f0a6f982df 100644
--- a/src/resolve/test-data/zbyszek@fedoraproject.org.pkts
+++ b/src/grp-resolve/systemd-resolved/test-data/zbyszek@fedoraproject.org.pkts
diff --git a/src/resolve/test-dns-packet.c b/src/grp-resolve/systemd-resolved/test-dns-packet.c
index c232a69ce1..c232a69ce1 100644
--- a/src/resolve/test-dns-packet.c
+++ b/src/grp-resolve/systemd-resolved/test-dns-packet.c
diff --git a/src/grp-resolve/systemd-resolved/test-dnssec-complex.c b/src/grp-resolve/systemd-resolved/test-dnssec-complex.c
new file mode 100644
index 0000000000..568400ac77
--- /dev/null
+++ b/src/grp-resolve/systemd-resolved/test-dnssec-complex.c
@@ -0,0 +1,236 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2016 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/ip.h>
+
+#include <systemd/sd-bus.h>
+
+#include "af-list.h"
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "dns-type.h"
+#include "random-util.h"
+#include "string-util.h"
+#include "time-util.h"
+
+#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
+
+static void prefix_random(const char *name, char **ret) {
+        uint64_t i, u;
+        char *m = NULL;
+
+        u = 1 + (random_u64() & 3);
+
+        for (i = 0; i < u; i++) {
+                _cleanup_free_ char *b = NULL;
+                char *x;
+
+                assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
+                x = strjoin(b, ".", name, NULL);
+                assert_se(x);
+
+                free(m);
+                m = x;
+        }
+
+        *ret = m;
+ }
+
+static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_free_ char *m = NULL;
+        int r;
+
+        /* If the name starts with a dot, we prefix one to three random labels */
+        if (startswith(name, ".")) {
+                prefix_random(name + 1, &m);
+                name = m;
+        }
+
+        assert_se(sd_bus_message_new_method_call(
+                                  bus,
+                                  &req,
+                                  "org.freedesktop.resolve1",
+                                  "/org/freedesktop/resolve1",
+                                  "org.freedesktop.resolve1.Manager",
+                                  "ResolveRecord") >= 0);
+
+        assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0);
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+
+        if (r < 0) {
+                assert_se(result);
+                assert_se(sd_bus_error_has_name(&error, result));
+                log_info("[OK] %s/%s resulted in <%s>.", name, dns_type_to_string(type), error.name);
+        } else {
+                assert_se(!result);
+                log_info("[OK] %s/%s succeeded.", name, dns_type_to_string(type));
+        }
+}
+
+static void test_hostname_lookup(sd_bus *bus, const char *name, int family, const char *result) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_free_ char *m = NULL;
+        const char *af;
+        int r;
+
+        af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family);
+
+        /* If the name starts with a dot, we prefix one to three random labels */
+        if (startswith(name, ".")) {
+                prefix_random(name + 1, &m);
+                name = m;
+        }
+
+        assert_se(sd_bus_message_new_method_call(
+                                  bus,
+                                  &req,
+                                  "org.freedesktop.resolve1",
+                                  "/org/freedesktop/resolve1",
+                                  "org.freedesktop.resolve1.Manager",
+                                  "ResolveHostname") >= 0);
+
+        assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);
+
+        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+
+        if (r < 0) {
+                assert_se(result);
+                assert_se(sd_bus_error_has_name(&error, result));
+                log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name);
+        } else {
+                assert_se(!result);
+                log_info("[OK] %s/%s succeeded.", name, af);
+        }
+
+}
+
+int main(int argc, char* argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+
+        /* Note that this is a manual test as it requires:
+         *
+         *    Full network access
+         *    A DNSSEC capable DNS server
+         *    That zones contacted are still set up as they were when I wrote this.
+         */
+
+        assert_se(sd_bus_open_system(&bus) >= 0);
+
+        /* Normally signed */
+        test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
+        test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL);
+
+        test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
+        test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL);
+
+        /* Normally signed, NODATA */
+        test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
+        test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
+
+        /* Invalid signature */
+        test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
+        test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED);
+
+        /* Invalid signature, RSA, wildcard */
+        test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
+        test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
+
+        /* Invalid signature, ECDSA, wildcard */
+        test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
+        test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
+
+        /* NXDOMAIN in NSEC domain */
+        test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
+
+        /* wildcard, NSEC zone */
+        test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
+        test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL);
+
+        /* wildcard, NSEC zone, NODATA */
+        test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
+
+        /* wildcard, NSEC3 zone */
+        test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
+        test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL);
+
+        /* wildcard, NSEC3 zone, NODATA */
+        test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
+
+        /* wildcard, NSEC zone, CNAME */
+        test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
+        test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL);
+        test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL);
+
+        /* wildcard, NSEC zone, NODATA, CNAME */
+        test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
+
+        /* wildcard, NSEC3 zone, CNAME */
+        test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
+        test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL);
+        test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL);
+
+        /* wildcard, NSEC3 zone, NODATA, CNAME */
+        test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
+
+        /* NODATA due to empty non-terminal in NSEC domain */
+        test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
+        test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR);
+        test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR);
+        test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR);
+
+        /* NXDOMAIN in NSEC root zone: */
+        test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
+
+        /* NXDOMAIN in NSEC3 .com zone: */
+        test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
+
+        /* Unsigned A */
+        test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL);
+        test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL);
+        test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL);
+        test_hostname_lookup(bus, "poettering.de", AF_INET, NULL);
+        test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL);
+
+#ifdef HAVE_LIBIDN
+        /* Unsigned A with IDNA conversion necessary */
+        test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL);
+        test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL);
+        test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL);
+#endif
+
+        /* DNAME, pointing to NXDOMAIN */
+        test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
+        test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
+        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
+
+        return 0;
+}
diff --git a/src/resolve/test-dnssec.c b/src/grp-resolve/systemd-resolved/test-dnssec.c
index b3018e8239..b3018e8239 100644
--- a/src/resolve/test-dnssec.c
+++ b/src/grp-resolve/systemd-resolved/test-dnssec.c
diff --git a/src/resolve/test-resolve-tables.c b/src/grp-resolve/systemd-resolved/test-resolve-tables.c
index 2d615130e1..2d615130e1 100644
--- a/src/resolve/test-resolve-tables.c
+++ b/src/grp-resolve/systemd-resolved/test-resolve-tables.c
diff --git a/src/grp-system/Makefile b/src/grp-system/Makefile
new file mode 100644
index 0000000000..ea8b031596
--- /dev/null
+++ b/src/grp-system/Makefile
@@ -0,0 +1,28 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += systemctl systemd
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-system/systemctl/Makefile b/src/grp-system/systemctl/Makefile
new file mode 100644
index 0000000000..24585cc12b
--- /dev/null
+++ b/src/grp-system/systemctl/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += systemctl
+systemctl_SOURCES = \
+	src/systemctl/systemctl.c
+
+systemctl_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-system/systemctl/systemctl.c b/src/grp-system/systemctl/systemctl.c
new file mode 100644
index 0000000000..c7c00bbbc3
--- /dev/null
+++ b/src/grp-system/systemctl/systemctl.c
@@ -0,0 +1,7815 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+  Copyright 2013 Marc-Antoine Perennou
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <linux/reboot.h>
+#include <locale.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/reboot.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-login.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-message.h"
+#include "bus-unit-util.h"
+#include "bus-util.h"
+#include "cgroup-show.h"
+#include "cgroup-util.h"
+#include "copy.h"
+#include "dropin.h"
+#include "efivars.h"
+#include "env-util.h"
+#include "exit-status.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "glob-util.h"
+#include "hostname-util.h"
+#include "initreq.h"
+#include "install.h"
+#include "io-util.h"
+#include "list.h"
+#include "locale-util.h"
+#include "log.h"
+#include "logs-show.h"
+#include "macro.h"
+#include "mkdir.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "path-lookup.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "rlimit-util.h"
+#include "set.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "spawn-ask-password-agent.h"
+#include "spawn-polkit-agent.h"
+#include "special.h"
+#include "stat-util.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "unit-name.h"
+#include "user-util.h"
+#include "util.h"
+#include "utmp-wtmp.h"
+#include "verbs.h"
+#include "virt.h"
+
+static char **arg_types = NULL;
+static char **arg_states = NULL;
+static char **arg_properties = NULL;
+static bool arg_all = false;
+static enum dependency {
+        DEPENDENCY_FORWARD,
+        DEPENDENCY_REVERSE,
+        DEPENDENCY_AFTER,
+        DEPENDENCY_BEFORE,
+        _DEPENDENCY_MAX
+} arg_dependency = DEPENDENCY_FORWARD;
+static const char *arg_job_mode = "replace";
+static UnitFileScope arg_scope = UNIT_FILE_SYSTEM;
+static bool arg_no_block = false;
+static bool arg_no_legend = false;
+static bool arg_no_pager = false;
+static bool arg_no_wtmp = false;
+static bool arg_no_sync = false;
+static bool arg_no_wall = false;
+static bool arg_no_reload = false;
+static bool arg_value = false;
+static bool arg_show_types = false;
+static bool arg_ignore_inhibitors = false;
+static bool arg_dry = false;
+static bool arg_quiet = false;
+static bool arg_full = false;
+static bool arg_recursive = false;
+static int arg_force = 0;
+static bool arg_ask_password = false;
+static bool arg_runtime = false;
+static UnitFilePresetMode arg_preset_mode = UNIT_FILE_PRESET_FULL;
+static char **arg_wall = NULL;
+static const char *arg_kill_who = NULL;
+static int arg_signal = SIGTERM;
+static char *arg_root = NULL;
+static usec_t arg_when = 0;
+static enum action {
+        _ACTION_INVALID,
+        ACTION_SYSTEMCTL,
+        ACTION_HALT,
+        ACTION_POWEROFF,
+        ACTION_REBOOT,
+        ACTION_KEXEC,
+        ACTION_EXIT,
+        ACTION_SUSPEND,
+        ACTION_HIBERNATE,
+        ACTION_HYBRID_SLEEP,
+        ACTION_RUNLEVEL2,
+        ACTION_RUNLEVEL3,
+        ACTION_RUNLEVEL4,
+        ACTION_RUNLEVEL5,
+        ACTION_RESCUE,
+        ACTION_EMERGENCY,
+        ACTION_DEFAULT,
+        ACTION_RELOAD,
+        ACTION_REEXEC,
+        ACTION_RUNLEVEL,
+        ACTION_CANCEL_SHUTDOWN,
+        _ACTION_MAX
+} arg_action = ACTION_SYSTEMCTL;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static const char *arg_host = NULL;
+static unsigned arg_lines = 10;
+static OutputMode arg_output = OUTPUT_SHORT;
+static bool arg_plain = false;
+static bool arg_firmware_setup = false;
+static bool arg_now = false;
+
+static int daemon_reload(int argc, char *argv[], void* userdata);
+static int halt_now(enum action a);
+static int get_state_one_unit(sd_bus *bus, const char *name, UnitActiveState *active_state);
+
+static bool original_stdout_is_tty;
+
+typedef enum BusFocus {
+        BUS_FULL,      /* The full bus indicated via --system or --user */
+        BUS_MANAGER,   /* The manager itself, possibly directly, possibly via the bus */
+        _BUS_FOCUS_MAX
+} BusFocus;
+
+static sd_bus *busses[_BUS_FOCUS_MAX] = {};
+
+static int acquire_bus(BusFocus focus, sd_bus **ret) {
+        int r;
+
+        assert(focus < _BUS_FOCUS_MAX);
+        assert(ret);
+
+        /* We only go directly to the manager, if we are using a local transport */
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                focus = BUS_FULL;
+
+        if (!busses[focus]) {
+                bool user;
+
+                user = arg_scope != UNIT_FILE_SYSTEM;
+
+                if (focus == BUS_MANAGER)
+                        r = bus_connect_transport_systemd(arg_transport, arg_host, user, &busses[focus]);
+                else
+                        r = bus_connect_transport(arg_transport, arg_host, user, &busses[focus]);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to connect to bus: %m");
+
+                (void) sd_bus_set_allow_interactive_authorization(busses[focus], arg_ask_password);
+        }
+
+        *ret = busses[focus];
+        return 0;
+}
+
+static void release_busses(void) {
+        BusFocus w;
+
+        for (w = 0; w < _BUS_FOCUS_MAX; w++)
+                busses[w] = sd_bus_flush_close_unref(busses[w]);
+}
+
+static void ask_password_agent_open_if_enabled(void) {
+
+        /* Open the password agent as a child process if necessary */
+
+        if (!arg_ask_password)
+                return;
+
+        if (arg_scope != UNIT_FILE_SYSTEM)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        ask_password_agent_open();
+}
+
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+
+        if (!arg_ask_password)
+                return;
+
+        if (arg_scope != UNIT_FILE_SYSTEM)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
+static OutputFlags get_output_flags(void) {
+        return
+                arg_all * OUTPUT_SHOW_ALL |
+                arg_full * OUTPUT_FULL_WIDTH |
+                (!on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
+                colors_enabled() * OUTPUT_COLOR |
+                !arg_quiet * OUTPUT_WARN_CUTOFF;
+}
+
+static int translate_bus_error_to_exit_status(int r, const sd_bus_error *error) {
+        assert(error);
+
+        if (!sd_bus_error_is_set(error))
+                return r;
+
+        if (sd_bus_error_has_name(error, SD_BUS_ERROR_ACCESS_DENIED) ||
+            sd_bus_error_has_name(error, BUS_ERROR_ONLY_BY_DEPENDENCY) ||
+            sd_bus_error_has_name(error, BUS_ERROR_NO_ISOLATION) ||
+            sd_bus_error_has_name(error, BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE))
+                return EXIT_NOPERMISSION;
+
+        if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT))
+                return EXIT_NOTINSTALLED;
+
+        if (sd_bus_error_has_name(error, BUS_ERROR_JOB_TYPE_NOT_APPLICABLE) ||
+            sd_bus_error_has_name(error, SD_BUS_ERROR_NOT_SUPPORTED))
+                return EXIT_NOTIMPLEMENTED;
+
+        if (sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED))
+                return EXIT_NOTCONFIGURED;
+
+        if (r != 0)
+                return r;
+
+        return EXIT_FAILURE;
+}
+
+static bool install_client_side(void) {
+
+        /* Decides when to execute enable/disable/... operations
+         * client-side rather than server-side. */
+
+        if (running_in_chroot() > 0)
+                return true;
+
+        if (sd_booted() <= 0)
+                return true;
+
+        if (!isempty(arg_root))
+                return true;
+
+        if (arg_scope == UNIT_FILE_GLOBAL)
+                return true;
+
+        /* Unsupported environment variable, mostly for debugging purposes */
+        if (getenv_bool("SYSTEMCTL_INSTALL_CLIENT_SIDE") > 0)
+                return true;
+
+        return false;
+}
+
+static int compare_unit_info(const void *a, const void *b) {
+        const UnitInfo *u = a, *v = b;
+        const char *d1, *d2;
+        int r;
+
+        /* First, order by machine */
+        if (!u->machine && v->machine)
+                return -1;
+        if (u->machine && !v->machine)
+                return 1;
+        if (u->machine && v->machine) {
+                r = strcasecmp(u->machine, v->machine);
+                if (r != 0)
+                        return r;
+        }
+
+        /* Second, order by unit type */
+        d1 = strrchr(u->id, '.');
+        d2 = strrchr(v->id, '.');
+        if (d1 && d2) {
+                r = strcasecmp(d1, d2);
+                if (r != 0)
+                        return r;
+        }
+
+        /* Third, order by name */
+        return strcasecmp(u->id, v->id);
+}
+
+static bool output_show_unit(const UnitInfo *u, char **patterns) {
+        assert(u);
+
+        if (!strv_fnmatch_or_empty(patterns, u->id, FNM_NOESCAPE))
+                return false;
+
+        if (arg_types) {
+                const char *dot;
+
+                dot = strrchr(u->id, '.');
+                if (!dot)
+                        return false;
+
+                if (!strv_find(arg_types, dot+1))
+                        return false;
+        }
+
+        if (arg_all)
+                return true;
+
+        /* Note that '--all' is not purely a state filter, but also a
+         * filter that hides units that "follow" other units (which is
+         * used for device units that appear under different names). */
+        if (!isempty(u->following))
+                return false;
+
+        if (!strv_isempty(arg_states))
+                return true;
+
+        /* By default show all units except the ones in inactive
+         * state and with no pending job */
+        if (u->job_id > 0)
+                return true;
+
+        if (streq(u->active_state, "inactive"))
+                return false;
+
+        return true;
+}
+
+static int output_units_list(const UnitInfo *unit_infos, unsigned c) {
+        unsigned circle_len = 0, id_len, max_id_len, load_len, active_len, sub_len, job_len, desc_len;
+        const UnitInfo *u;
+        unsigned n_shown = 0;
+        int job_count = 0;
+
+        max_id_len = strlen("UNIT");
+        load_len = strlen("LOAD");
+        active_len = strlen("ACTIVE");
+        sub_len = strlen("SUB");
+        job_len = strlen("JOB");
+        desc_len = 0;
+
+        for (u = unit_infos; u < unit_infos + c; u++) {
+                max_id_len = MAX(max_id_len, strlen(u->id) + (u->machine ? strlen(u->machine)+1 : 0));
+                load_len = MAX(load_len, strlen(u->load_state));
+                active_len = MAX(active_len, strlen(u->active_state));
+                sub_len = MAX(sub_len, strlen(u->sub_state));
+
+                if (u->job_id != 0) {
+                        job_len = MAX(job_len, strlen(u->job_type));
+                        job_count++;
+                }
+
+                if (!arg_no_legend &&
+                    (streq(u->active_state, "failed") ||
+                     STR_IN_SET(u->load_state, "error", "not-found", "masked")))
+                        circle_len = 2;
+        }
+
+        if (!arg_full && original_stdout_is_tty) {
+                unsigned basic_len;
+
+                id_len = MIN(max_id_len, 25u);
+                basic_len = circle_len + 5 + id_len + 5 + active_len + sub_len;
+
+                if (job_count)
+                        basic_len += job_len + 1;
+
+                if (basic_len < (unsigned) columns()) {
+                        unsigned extra_len, incr;
+                        extra_len = columns() - basic_len;
+
+                        /* Either UNIT already got 25, or is fully satisfied.
+                         * Grant up to 25 to DESC now. */
+                        incr = MIN(extra_len, 25u);
+                        desc_len += incr;
+                        extra_len -= incr;
+
+                        /* split the remaining space between UNIT and DESC,
+                         * but do not give UNIT more than it needs. */
+                        if (extra_len > 0) {
+                                incr = MIN(extra_len / 2, max_id_len - id_len);
+                                id_len += incr;
+                                desc_len += extra_len - incr;
+                        }
+                }
+        } else
+                id_len = max_id_len;
+
+        for (u = unit_infos; u < unit_infos + c; u++) {
+                _cleanup_free_ char *e = NULL, *j = NULL;
+                const char *on_loaded = "", *off_loaded = "";
+                const char *on_active = "", *off_active = "";
+                const char *on_circle = "", *off_circle = "";
+                const char *id;
+                bool circle = false;
+
+                if (!n_shown && !arg_no_legend) {
+
+                        if (circle_len > 0)
+                                fputs("  ", stdout);
+
+                        printf("%-*s %-*s %-*s %-*s ",
+                               id_len, "UNIT",
+                               load_len, "LOAD",
+                               active_len, "ACTIVE",
+                               sub_len, "SUB");
+
+                        if (job_count)
+                                printf("%-*s ", job_len, "JOB");
+
+                        if (!arg_full && arg_no_pager)
+                                printf("%.*s\n", desc_len, "DESCRIPTION");
+                        else
+                                printf("%s\n", "DESCRIPTION");
+                }
+
+                n_shown++;
+
+                if (STR_IN_SET(u->load_state, "error", "not-found", "masked") && !arg_plain) {
+                        on_loaded = ansi_highlight_red();
+                        on_circle = ansi_highlight_yellow();
+                        off_loaded = off_circle = ansi_normal();
+                        circle = true;
+                } else if (streq(u->active_state, "failed") && !arg_plain) {
+                        on_circle = on_active = ansi_highlight_red();
+                        off_circle = off_active = ansi_normal();
+                        circle = true;
+                }
+
+                if (u->machine) {
+                        j = strjoin(u->machine, ":", u->id, NULL);
+                        if (!j)
+                                return log_oom();
+
+                        id = j;
+                } else
+                        id = u->id;
+
+                if (arg_full) {
+                        e = ellipsize(id, id_len, 33);
+                        if (!e)
+                                return log_oom();
+
+                        id = e;
+                }
+
+                if (circle_len > 0)
+                        printf("%s%s%s ", on_circle, circle ? special_glyph(BLACK_CIRCLE) : " ", off_circle);
+
+                printf("%s%-*s%s %s%-*s%s %s%-*s %-*s%s %-*s",
+                       on_active, id_len, id, off_active,
+                       on_loaded, load_len, u->load_state, off_loaded,
+                       on_active, active_len, u->active_state,
+                       sub_len, u->sub_state, off_active,
+                       job_count ? job_len + 1 : 0, u->job_id ? u->job_type : "");
+
+                if (desc_len > 0)
+                        printf("%.*s\n", desc_len, u->description);
+                else
+                        printf("%s\n", u->description);
+        }
+
+        if (!arg_no_legend) {
+                const char *on, *off;
+
+                if (n_shown) {
+                        puts("\n"
+                             "LOAD   = Reflects whether the unit definition was properly loaded.\n"
+                             "ACTIVE = The high-level unit activation state, i.e. generalization of SUB.\n"
+                             "SUB    = The low-level unit activation state, values depend on unit type.");
+                        puts(job_count ? "JOB    = Pending job for the unit.\n" : "");
+                        on = ansi_highlight();
+                        off = ansi_normal();
+                } else {
+                        on = ansi_highlight_red();
+                        off = ansi_normal();
+                }
+
+                if (arg_all)
+                        printf("%s%u loaded units listed.%s\n"
+                               "To show all installed unit files use 'systemctl list-unit-files'.\n",
+                               on, n_shown, off);
+                else
+                        printf("%s%u loaded units listed.%s Pass --all to see loaded but inactive units, too.\n"
+                               "To show all installed unit files use 'systemctl list-unit-files'.\n",
+                               on, n_shown, off);
+        }
+
+        return 0;
+}
+
+static int get_unit_list(
+                sd_bus *bus,
+                const char *machine,
+                char **patterns,
+                UnitInfo **unit_infos,
+                int c,
+                sd_bus_message **_reply) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        size_t size = c;
+        int r;
+        UnitInfo u;
+        bool fallback = false;
+
+        assert(bus);
+        assert(unit_infos);
+        assert(_reply);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "ListUnitsByPatterns");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_strv(m, arg_states);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_strv(m, patterns);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0 && sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD)) {
+                /* Fallback to legacy ListUnitsFiltered method */
+                fallback = true;
+                log_debug_errno(r, "Failed to list units: %s Falling back to ListUnitsFiltered method.", bus_error_message(&error, r));
+                m = sd_bus_message_unref(m);
+                sd_bus_error_free(&error);
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &m,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "ListUnitsFiltered");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append_strv(m, arg_states);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_call(bus, m, 0, &error, &reply);
+        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = bus_parse_unit_info(reply, &u)) > 0) {
+                u.machine = machine;
+
+                if (!output_show_unit(&u, fallback ? patterns : NULL))
+                        continue;
+
+                if (!GREEDY_REALLOC(*unit_infos, size, c+1))
+                        return log_oom();
+
+                (*unit_infos)[c++] = u;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        *_reply = reply;
+        reply = NULL;
+
+        return c;
+}
+
+static void message_set_freep(Set **set) {
+        sd_bus_message *m;
+
+        while ((m = set_steal_first(*set)))
+                sd_bus_message_unref(m);
+
+        set_free(*set);
+}
+
+static int get_unit_list_recursive(
+                sd_bus *bus,
+                char **patterns,
+                UnitInfo **_unit_infos,
+                Set **_replies,
+                char ***_machines) {
+
+        _cleanup_free_ UnitInfo *unit_infos = NULL;
+        _cleanup_(message_set_freep) Set *replies;
+        sd_bus_message *reply;
+        int c, r;
+
+        assert(bus);
+        assert(_replies);
+        assert(_unit_infos);
+        assert(_machines);
+
+        replies = set_new(NULL);
+        if (!replies)
+                return log_oom();
+
+        c = get_unit_list(bus, NULL, patterns, &unit_infos, 0, &reply);
+        if (c < 0)
+                return c;
+
+        r = set_put(replies, reply);
+        if (r < 0) {
+                sd_bus_message_unref(reply);
+                return log_oom();
+        }
+
+        if (arg_recursive) {
+                _cleanup_strv_free_ char **machines = NULL;
+                char **i;
+
+                r = sd_get_machine_names(&machines);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get machine names: %m");
+
+                STRV_FOREACH(i, machines) {
+                        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *container = NULL;
+                        int k;
+
+                        r = sd_bus_open_system_machine(&container, *i);
+                        if (r < 0) {
+                                log_warning_errno(r, "Failed to connect to container %s, ignoring: %m", *i);
+                                continue;
+                        }
+
+                        k = get_unit_list(container, *i, patterns, &unit_infos, c, &reply);
+                        if (k < 0)
+                                return k;
+
+                        c = k;
+
+                        r = set_put(replies, reply);
+                        if (r < 0) {
+                                sd_bus_message_unref(reply);
+                                return log_oom();
+                        }
+                }
+
+                *_machines = machines;
+                machines = NULL;
+        } else
+                *_machines = NULL;
+
+        *_unit_infos = unit_infos;
+        unit_infos = NULL;
+
+        *_replies = replies;
+        replies = NULL;
+
+        return c;
+}
+
+static int list_units(int argc, char *argv[], void *userdata) {
+        _cleanup_free_ UnitInfo *unit_infos = NULL;
+        _cleanup_(message_set_freep) Set *replies = NULL;
+        _cleanup_strv_free_ char **machines = NULL;
+        sd_bus *bus;
+        int r;
+
+        pager_open(arg_no_pager, false);
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = get_unit_list_recursive(bus, strv_skip(argv, 1), &unit_infos, &replies, &machines);
+        if (r < 0)
+                return r;
+
+        qsort_safe(unit_infos, r, sizeof(UnitInfo), compare_unit_info);
+        return output_units_list(unit_infos, r);
+}
+
+static int get_triggered_units(
+                sd_bus *bus,
+                const char* path,
+                char*** ret) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(ret);
+
+        r = sd_bus_get_property_strv(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        "Triggers",
+                        &error,
+                        ret);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine triggers: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int get_listening(
+                sd_bus *bus,
+                const char* unit_path,
+                char*** listening) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *type, *path;
+        int r, n = 0;
+
+        r = sd_bus_get_property(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        unit_path,
+                        "org.freedesktop.systemd1.Socket",
+                        "Listen",
+                        &error,
+                        &reply,
+                        "a(ss)");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get list of listening sockets: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ss)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(ss)", &type, &path)) > 0) {
+
+                r = strv_extend(listening, type);
+                if (r < 0)
+                        return log_oom();
+
+                r = strv_extend(listening, path);
+                if (r < 0)
+                        return log_oom();
+
+                n++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return n;
+}
+
+struct socket_info {
+        const char *machine;
+        const char* id;
+
+        char* type;
+        char* path;
+
+        /* Note: triggered is a list here, although it almost certainly
+         * will always be one unit. Nevertheless, dbus API allows for multiple
+         * values, so let's follow that. */
+        char** triggered;
+
+        /* The strv above is shared. free is set only in the first one. */
+        bool own_triggered;
+};
+
+static int socket_info_compare(const struct socket_info *a, const struct socket_info *b) {
+        int o;
+
+        assert(a);
+        assert(b);
+
+        if (!a->machine && b->machine)
+                return -1;
+        if (a->machine && !b->machine)
+                return 1;
+        if (a->machine && b->machine) {
+                o = strcasecmp(a->machine, b->machine);
+                if (o != 0)
+                        return o;
+        }
+
+        o = strcmp(a->path, b->path);
+        if (o == 0)
+                o = strcmp(a->type, b->type);
+
+        return o;
+}
+
+static int output_sockets_list(struct socket_info *socket_infos, unsigned cs) {
+        struct socket_info *s;
+        unsigned pathlen = strlen("LISTEN"),
+                typelen = strlen("TYPE") * arg_show_types,
+                socklen = strlen("UNIT"),
+                servlen = strlen("ACTIVATES");
+        const char *on, *off;
+
+        for (s = socket_infos; s < socket_infos + cs; s++) {
+                unsigned tmp = 0;
+                char **a;
+
+                socklen = MAX(socklen, strlen(s->id));
+                if (arg_show_types)
+                        typelen = MAX(typelen, strlen(s->type));
+                pathlen = MAX(pathlen, strlen(s->path) + (s->machine ? strlen(s->machine)+1 : 0));
+
+                STRV_FOREACH(a, s->triggered)
+                        tmp += strlen(*a) + 2*(a != s->triggered);
+                servlen = MAX(servlen, tmp);
+        }
+
+        if (cs) {
+                if (!arg_no_legend)
+                        printf("%-*s %-*.*s%-*s %s\n",
+                               pathlen, "LISTEN",
+                               typelen + arg_show_types, typelen + arg_show_types, "TYPE ",
+                               socklen, "UNIT",
+                               "ACTIVATES");
+
+                for (s = socket_infos; s < socket_infos + cs; s++) {
+                        _cleanup_free_ char *j = NULL;
+                        const char *path;
+                        char **a;
+
+                        if (s->machine) {
+                                j = strjoin(s->machine, ":", s->path, NULL);
+                                if (!j)
+                                        return log_oom();
+                                path = j;
+                        } else
+                                path = s->path;
+
+                        if (arg_show_types)
+                                printf("%-*s %-*s %-*s",
+                                       pathlen, path, typelen, s->type, socklen, s->id);
+                        else
+                                printf("%-*s %-*s",
+                                       pathlen, path, socklen, s->id);
+                        STRV_FOREACH(a, s->triggered)
+                                printf("%s %s",
+                                       a == s->triggered ? "" : ",", *a);
+                        printf("\n");
+                }
+
+                on = ansi_highlight();
+                off = ansi_normal();
+                if (!arg_no_legend)
+                        printf("\n");
+        } else {
+                on = ansi_highlight_red();
+                off = ansi_normal();
+        }
+
+        if (!arg_no_legend) {
+                printf("%s%u sockets listed.%s\n", on, cs, off);
+                if (!arg_all)
+                        printf("Pass --all to see loaded but inactive sockets, too.\n");
+        }
+
+        return 0;
+}
+
+static int list_sockets(int argc, char *argv[], void *userdata) {
+        _cleanup_(message_set_freep) Set *replies = NULL;
+        _cleanup_strv_free_ char **machines = NULL;
+        _cleanup_free_ UnitInfo *unit_infos = NULL;
+        _cleanup_free_ struct socket_info *socket_infos = NULL;
+        const UnitInfo *u;
+        struct socket_info *s;
+        unsigned cs = 0;
+        size_t size = 0;
+        int r = 0, n;
+        sd_bus *bus;
+
+        pager_open(arg_no_pager, false);
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        n = get_unit_list_recursive(bus, strv_skip(argv, 1), &unit_infos, &replies, &machines);
+        if (n < 0)
+                return n;
+
+        for (u = unit_infos; u < unit_infos + n; u++) {
+                _cleanup_strv_free_ char **listening = NULL, **triggered = NULL;
+                int i, c;
+
+                if (!endswith(u->id, ".socket"))
+                        continue;
+
+                r = get_triggered_units(bus, u->unit_path, &triggered);
+                if (r < 0)
+                        goto cleanup;
+
+                c = get_listening(bus, u->unit_path, &listening);
+                if (c < 0) {
+                        r = c;
+                        goto cleanup;
+                }
+
+                if (!GREEDY_REALLOC(socket_infos, size, cs + c)) {
+                        r = log_oom();
+                        goto cleanup;
+                }
+
+                for (i = 0; i < c; i++)
+                        socket_infos[cs + i] = (struct socket_info) {
+                                .machine = u->machine,
+                                .id = u->id,
+                                .type = listening[i*2],
+                                .path = listening[i*2 + 1],
+                                .triggered = triggered,
+                                .own_triggered = i==0,
+                        };
+
+                /* from this point on we will cleanup those socket_infos */
+                cs += c;
+                free(listening);
+                listening = triggered = NULL; /* avoid cleanup */
+        }
+
+        qsort_safe(socket_infos, cs, sizeof(struct socket_info),
+                   (__compar_fn_t) socket_info_compare);
+
+        output_sockets_list(socket_infos, cs);
+
+ cleanup:
+        assert(cs == 0 || socket_infos);
+        for (s = socket_infos; s < socket_infos + cs; s++) {
+                free(s->type);
+                free(s->path);
+                if (s->own_triggered)
+                        strv_free(s->triggered);
+        }
+
+        return r;
+}
+
+static int get_next_elapse(
+                sd_bus *bus,
+                const char *path,
+                dual_timestamp *next) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        dual_timestamp t;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(next);
+
+        r = sd_bus_get_property_trivial(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Timer",
+                        "NextElapseUSecMonotonic",
+                        &error,
+                        't',
+                        &t.monotonic);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get next elapsation time: %s", bus_error_message(&error, r));
+
+        r = sd_bus_get_property_trivial(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Timer",
+                        "NextElapseUSecRealtime",
+                        &error,
+                        't',
+                        &t.realtime);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get next elapsation time: %s", bus_error_message(&error, r));
+
+        *next = t;
+        return 0;
+}
+
+static int get_last_trigger(
+                sd_bus *bus,
+                const char *path,
+                usec_t *last) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(last);
+
+        r = sd_bus_get_property_trivial(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Timer",
+                        "LastTriggerUSec",
+                        &error,
+                        't',
+                        last);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get last trigger time: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+struct timer_info {
+        const char* machine;
+        const char* id;
+        usec_t next_elapse;
+        usec_t last_trigger;
+        char** triggered;
+};
+
+static int timer_info_compare(const struct timer_info *a, const struct timer_info *b) {
+        int o;
+
+        assert(a);
+        assert(b);
+
+        if (!a->machine && b->machine)
+                return -1;
+        if (a->machine && !b->machine)
+                return 1;
+        if (a->machine && b->machine) {
+                o = strcasecmp(a->machine, b->machine);
+                if (o != 0)
+                        return o;
+        }
+
+        if (a->next_elapse < b->next_elapse)
+                return -1;
+        if (a->next_elapse > b->next_elapse)
+                return 1;
+
+        return strcmp(a->id, b->id);
+}
+
+static int output_timers_list(struct timer_info *timer_infos, unsigned n) {
+        struct timer_info *t;
+        unsigned
+                nextlen = strlen("NEXT"),
+                leftlen = strlen("LEFT"),
+                lastlen = strlen("LAST"),
+                passedlen = strlen("PASSED"),
+                unitlen = strlen("UNIT"),
+                activatelen = strlen("ACTIVATES");
+
+        const char *on, *off;
+
+        assert(timer_infos || n == 0);
+
+        for (t = timer_infos; t < timer_infos + n; t++) {
+                unsigned ul = 0;
+                char **a;
+
+                if (t->next_elapse > 0) {
+                        char tstamp[FORMAT_TIMESTAMP_MAX] = "", trel[FORMAT_TIMESTAMP_RELATIVE_MAX] = "";
+
+                        format_timestamp(tstamp, sizeof(tstamp), t->next_elapse);
+                        nextlen = MAX(nextlen, strlen(tstamp) + 1);
+
+                        format_timestamp_relative(trel, sizeof(trel), t->next_elapse);
+                        leftlen = MAX(leftlen, strlen(trel));
+                }
+
+                if (t->last_trigger > 0) {
+                        char tstamp[FORMAT_TIMESTAMP_MAX] = "", trel[FORMAT_TIMESTAMP_RELATIVE_MAX] = "";
+
+                        format_timestamp(tstamp, sizeof(tstamp), t->last_trigger);
+                        lastlen = MAX(lastlen, strlen(tstamp) + 1);
+
+                        format_timestamp_relative(trel, sizeof(trel), t->last_trigger);
+                        passedlen = MAX(passedlen, strlen(trel));
+                }
+
+                unitlen = MAX(unitlen, strlen(t->id) + (t->machine ? strlen(t->machine)+1 : 0));
+
+                STRV_FOREACH(a, t->triggered)
+                        ul += strlen(*a) + 2*(a != t->triggered);
+
+                activatelen = MAX(activatelen, ul);
+        }
+
+        if (n > 0) {
+                if (!arg_no_legend)
+                        printf("%-*s %-*s %-*s %-*s %-*s %s\n",
+                               nextlen,   "NEXT",
+                               leftlen,   "LEFT",
+                               lastlen,   "LAST",
+                               passedlen, "PASSED",
+                               unitlen,   "UNIT",
+                                          "ACTIVATES");
+
+                for (t = timer_infos; t < timer_infos + n; t++) {
+                        _cleanup_free_ char *j = NULL;
+                        const char *unit;
+                        char tstamp1[FORMAT_TIMESTAMP_MAX] = "n/a", trel1[FORMAT_TIMESTAMP_RELATIVE_MAX] = "n/a";
+                        char tstamp2[FORMAT_TIMESTAMP_MAX] = "n/a", trel2[FORMAT_TIMESTAMP_RELATIVE_MAX] = "n/a";
+                        char **a;
+
+                        format_timestamp(tstamp1, sizeof(tstamp1), t->next_elapse);
+                        format_timestamp_relative(trel1, sizeof(trel1), t->next_elapse);
+
+                        format_timestamp(tstamp2, sizeof(tstamp2), t->last_trigger);
+                        format_timestamp_relative(trel2, sizeof(trel2), t->last_trigger);
+
+                        if (t->machine) {
+                                j = strjoin(t->machine, ":", t->id, NULL);
+                                if (!j)
+                                        return log_oom();
+                                unit = j;
+                        } else
+                                unit = t->id;
+
+                        printf("%-*s %-*s %-*s %-*s %-*s",
+                               nextlen, tstamp1, leftlen, trel1, lastlen, tstamp2, passedlen, trel2, unitlen, unit);
+
+                        STRV_FOREACH(a, t->triggered)
+                                printf("%s %s",
+                                       a == t->triggered ? "" : ",", *a);
+                        printf("\n");
+                }
+
+                on = ansi_highlight();
+                off = ansi_normal();
+                if (!arg_no_legend)
+                        printf("\n");
+        } else {
+                on = ansi_highlight_red();
+                off = ansi_normal();
+        }
+
+        if (!arg_no_legend) {
+                printf("%s%u timers listed.%s\n", on, n, off);
+                if (!arg_all)
+                        printf("Pass --all to see loaded but inactive timers, too.\n");
+        }
+
+        return 0;
+}
+
+static usec_t calc_next_elapse(dual_timestamp *nw, dual_timestamp *next) {
+        usec_t next_elapse;
+
+        assert(nw);
+        assert(next);
+
+        if (next->monotonic != USEC_INFINITY && next->monotonic > 0) {
+                usec_t converted;
+
+                if (next->monotonic > nw->monotonic)
+                        converted = nw->realtime + (next->monotonic - nw->monotonic);
+                else
+                        converted = nw->realtime - (nw->monotonic - next->monotonic);
+
+                if (next->realtime != USEC_INFINITY && next->realtime > 0)
+                        next_elapse = MIN(converted, next->realtime);
+                else
+                        next_elapse = converted;
+
+        } else
+                next_elapse = next->realtime;
+
+        return next_elapse;
+}
+
+static int list_timers(int argc, char *argv[], void *userdata) {
+        _cleanup_(message_set_freep) Set *replies = NULL;
+        _cleanup_strv_free_ char **machines = NULL;
+        _cleanup_free_ struct timer_info *timer_infos = NULL;
+        _cleanup_free_ UnitInfo *unit_infos = NULL;
+        struct timer_info *t;
+        const UnitInfo *u;
+        size_t size = 0;
+        int n, c = 0;
+        dual_timestamp nw;
+        sd_bus *bus;
+        int r = 0;
+
+        pager_open(arg_no_pager, false);
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        n = get_unit_list_recursive(bus, strv_skip(argv, 1), &unit_infos, &replies, &machines);
+        if (n < 0)
+                return n;
+
+        dual_timestamp_get(&nw);
+
+        for (u = unit_infos; u < unit_infos + n; u++) {
+                _cleanup_strv_free_ char **triggered = NULL;
+                dual_timestamp next = DUAL_TIMESTAMP_NULL;
+                usec_t m, last = 0;
+
+                if (!endswith(u->id, ".timer"))
+                        continue;
+
+                r = get_triggered_units(bus, u->unit_path, &triggered);
+                if (r < 0)
+                        goto cleanup;
+
+                r = get_next_elapse(bus, u->unit_path, &next);
+                if (r < 0)
+                        goto cleanup;
+
+                get_last_trigger(bus, u->unit_path, &last);
+
+                if (!GREEDY_REALLOC(timer_infos, size, c+1)) {
+                        r = log_oom();
+                        goto cleanup;
+                }
+
+                m = calc_next_elapse(&nw, &next);
+
+                timer_infos[c++] = (struct timer_info) {
+                        .machine = u->machine,
+                        .id = u->id,
+                        .next_elapse = m,
+                        .last_trigger = last,
+                        .triggered = triggered,
+                };
+
+                triggered = NULL; /* avoid cleanup */
+        }
+
+        qsort_safe(timer_infos, c, sizeof(struct timer_info),
+                   (__compar_fn_t) timer_info_compare);
+
+        output_timers_list(timer_infos, c);
+
+ cleanup:
+        for (t = timer_infos; t < timer_infos + c; t++)
+                strv_free(t->triggered);
+
+        return r;
+}
+
+static int compare_unit_file_list(const void *a, const void *b) {
+        const char *d1, *d2;
+        const UnitFileList *u = a, *v = b;
+
+        d1 = strrchr(u->path, '.');
+        d2 = strrchr(v->path, '.');
+
+        if (d1 && d2) {
+                int r;
+
+                r = strcasecmp(d1, d2);
+                if (r != 0)
+                        return r;
+        }
+
+        return strcasecmp(basename(u->path), basename(v->path));
+}
+
+static bool output_show_unit_file(const UnitFileList *u, char **states, char **patterns) {
+        assert(u);
+
+        if (!strv_fnmatch_or_empty(patterns, basename(u->path), FNM_NOESCAPE))
+                return false;
+
+        if (!strv_isempty(arg_types)) {
+                const char *dot;
+
+                dot = strrchr(u->path, '.');
+                if (!dot)
+                        return false;
+
+                if (!strv_find(arg_types, dot+1))
+                        return false;
+        }
+
+        if (!strv_isempty(states) &&
+            !strv_find(states, unit_file_state_to_string(u->state)))
+                return false;
+
+        return true;
+}
+
+static void output_unit_file_list(const UnitFileList *units, unsigned c) {
+        unsigned max_id_len, id_cols, state_cols;
+        const UnitFileList *u;
+
+        max_id_len = strlen("UNIT FILE");
+        state_cols = strlen("STATE");
+
+        for (u = units; u < units + c; u++) {
+                max_id_len = MAX(max_id_len, strlen(basename(u->path)));
+                state_cols = MAX(state_cols, strlen(unit_file_state_to_string(u->state)));
+        }
+
+        if (!arg_full) {
+                unsigned basic_cols;
+
+                id_cols = MIN(max_id_len, 25u);
+                basic_cols = 1 + id_cols + state_cols;
+                if (basic_cols < (unsigned) columns())
+                        id_cols += MIN(columns() - basic_cols, max_id_len - id_cols);
+        } else
+                id_cols = max_id_len;
+
+        if (!arg_no_legend && c > 0)
+                printf("%-*s %-*s\n",
+                       id_cols, "UNIT FILE",
+                       state_cols, "STATE");
+
+        for (u = units; u < units + c; u++) {
+                _cleanup_free_ char *e = NULL;
+                const char *on, *off;
+                const char *id;
+
+                if (IN_SET(u->state,
+                           UNIT_FILE_MASKED,
+                           UNIT_FILE_MASKED_RUNTIME,
+                           UNIT_FILE_DISABLED,
+                           UNIT_FILE_BAD)) {
+                        on  = ansi_highlight_red();
+                        off = ansi_normal();
+                } else if (u->state == UNIT_FILE_ENABLED) {
+                        on  = ansi_highlight_green();
+                        off = ansi_normal();
+                } else
+                        on = off = "";
+
+                id = basename(u->path);
+
+                e = arg_full ? NULL : ellipsize(id, id_cols, 33);
+
+                printf("%-*s %s%-*s%s\n",
+                       id_cols, e ? e : id,
+                       on, state_cols, unit_file_state_to_string(u->state), off);
+        }
+
+        if (!arg_no_legend)
+                printf("\n%u unit files listed.\n", c);
+}
+
+static int list_unit_files(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ UnitFileList *units = NULL;
+        UnitFileList *unit;
+        size_t size = 0;
+        unsigned c = 0;
+        const char *state;
+        char *path;
+        int r;
+        bool fallback = false;
+
+        pager_open(arg_no_pager, false);
+
+        if (install_client_side()) {
+                Hashmap *h;
+                UnitFileList *u;
+                Iterator i;
+                unsigned n_units;
+
+                h = hashmap_new(&string_hash_ops);
+                if (!h)
+                        return log_oom();
+
+                r = unit_file_get_list(arg_scope, arg_root, h, arg_states, strv_skip(argv, 1));
+                if (r < 0) {
+                        unit_file_list_free(h);
+                        return log_error_errno(r, "Failed to get unit file list: %m");
+                }
+
+                n_units = hashmap_size(h);
+
+                units = new(UnitFileList, n_units ?: 1); /* avoid malloc(0) */
+                if (!units) {
+                        unit_file_list_free(h);
+                        return log_oom();
+                }
+
+                HASHMAP_FOREACH(u, h, i) {
+                        if (!output_show_unit_file(u, NULL, NULL))
+                                continue;
+
+                        units[c++] = *u;
+                        free(u);
+                }
+
+                assert(c <= n_units);
+                hashmap_free(h);
+
+                r = 0;
+        } else {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                sd_bus *bus;
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &m,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "ListUnitFilesByPatterns");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append_strv(m, arg_states);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append_strv(m, strv_skip(argv, 1));
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_call(bus, m, 0, &error, &reply);
+                if (r < 0 && sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD)) {
+                        /* Fallback to legacy ListUnitFiles method */
+                        fallback = true;
+                        log_debug_errno(r, "Failed to list unit files: %s Falling back to ListUnitsFiles method.", bus_error_message(&error, r));
+                        m = sd_bus_message_unref(m);
+                        sd_bus_error_free(&error);
+
+                        r = sd_bus_message_new_method_call(
+                                        bus,
+                                        &m,
+                                        "org.freedesktop.systemd1",
+                                        "/org/freedesktop/systemd1",
+                                        "org.freedesktop.systemd1.Manager",
+                                        "ListUnitFiles");
+                        if (r < 0)
+                                return bus_log_create_error(r);
+
+                        r = sd_bus_call(bus, m, 0, &error, &reply);
+                }
+                if (r < 0)
+                        return log_error_errno(r, "Failed to list unit files: %s", bus_error_message(&error, r));
+
+                r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ss)");
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                while ((r = sd_bus_message_read(reply, "(ss)", &path, &state)) > 0) {
+
+                        if (!GREEDY_REALLOC(units, size, c + 1))
+                                return log_oom();
+
+                        units[c] = (struct UnitFileList) {
+                                path,
+                                unit_file_state_from_string(state)
+                        };
+
+                        if (output_show_unit_file(&units[c],
+                            fallback ? arg_states : NULL,
+                            fallback ? strv_skip(argv, 1) : NULL))
+                                c++;
+
+                }
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+        }
+
+        qsort_safe(units, c, sizeof(UnitFileList), compare_unit_file_list);
+        output_unit_file_list(units, c);
+
+        if (install_client_side())
+                for (unit = units; unit < units + c; unit++)
+                        free(unit->path);
+
+        return 0;
+}
+
+static int list_dependencies_print(const char *name, int level, unsigned int branches, bool last) {
+        _cleanup_free_ char *n = NULL;
+        size_t max_len = MAX(columns(),20u);
+        size_t len = 0;
+        int i;
+
+        if (!arg_plain) {
+
+                for (i = level - 1; i >= 0; i--) {
+                        len += 2;
+                        if (len > max_len - 3 && !arg_full) {
+                                printf("%s...\n",max_len % 2 ? "" : " ");
+                                return 0;
+                        }
+                        printf("%s", special_glyph(branches & (1 << i) ? TREE_VERTICAL : TREE_SPACE));
+                }
+                len += 2;
+
+                if (len > max_len - 3 && !arg_full) {
+                        printf("%s...\n",max_len % 2 ? "" : " ");
+                        return 0;
+                }
+
+                printf("%s", special_glyph(last ? TREE_RIGHT : TREE_BRANCH));
+        }
+
+        if (arg_full) {
+                printf("%s\n", name);
+                return 0;
+        }
+
+        n = ellipsize(name, max_len-len, 100);
+        if (!n)
+                return log_oom();
+
+        printf("%s\n", n);
+        return 0;
+}
+
+static int list_dependencies_get_dependencies(sd_bus *bus, const char *name, char ***deps) {
+
+        static const char *dependencies[_DEPENDENCY_MAX] = {
+                [DEPENDENCY_FORWARD] = "Requires\0"
+                                       "Requisite\0"
+                                       "Wants\0"
+                                       "ConsistsOf\0"
+                                       "BindsTo\0",
+                [DEPENDENCY_REVERSE] = "RequiredBy\0"
+                                       "RequisiteOf\0"
+                                       "WantedBy\0"
+                                       "PartOf\0"
+                                       "BoundBy\0",
+                [DEPENDENCY_AFTER]   = "After\0",
+                [DEPENDENCY_BEFORE]  = "Before\0",
+        };
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_strv_free_ char **ret = NULL;
+        _cleanup_free_ char *path = NULL;
+        int r;
+
+        assert(bus);
+        assert(name);
+        assert(deps);
+        assert_cc(ELEMENTSOF(dependencies) == _DEPENDENCY_MAX);
+
+        path = unit_dbus_path_from_name(name);
+        if (!path)
+                return log_oom();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.DBus.Properties",
+                        "GetAll",
+                        &error,
+                        &reply,
+                        "s", "org.freedesktop.systemd1.Unit");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get properties of %s: %s", name, bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
+                const char *prop;
+
+                r = sd_bus_message_read(reply, "s", &prop);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (!nulstr_contains(dependencies[arg_dependency], prop)) {
+                        r = sd_bus_message_skip(reply, "v");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+                } else {
+
+                        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, "as");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = bus_message_read_strv_extend(reply, &ret);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(reply);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+                }
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        *deps = ret;
+        ret = NULL;
+
+        return 0;
+}
+
+static int list_dependencies_compare(const void *_a, const void *_b) {
+        const char **a = (const char**) _a, **b = (const char**) _b;
+
+        if (unit_name_to_type(*a) == UNIT_TARGET && unit_name_to_type(*b) != UNIT_TARGET)
+                return 1;
+        if (unit_name_to_type(*a) != UNIT_TARGET && unit_name_to_type(*b) == UNIT_TARGET)
+                return -1;
+
+        return strcasecmp(*a, *b);
+}
+
+static int list_dependencies_one(
+                sd_bus *bus,
+                const char *name,
+                int level,
+                char ***units,
+                unsigned int branches) {
+
+        _cleanup_strv_free_ char **deps = NULL;
+        char **c;
+        int r = 0;
+
+        assert(bus);
+        assert(name);
+        assert(units);
+
+        r = strv_extend(units, name);
+        if (r < 0)
+                return log_oom();
+
+        r = list_dependencies_get_dependencies(bus, name, &deps);
+        if (r < 0)
+                return r;
+
+        qsort_safe(deps, strv_length(deps), sizeof (char*), list_dependencies_compare);
+
+        STRV_FOREACH(c, deps) {
+                if (strv_contains(*units, *c)) {
+                        if (!arg_plain) {
+                                r = list_dependencies_print("...", level + 1, (branches << 1) | (c[1] == NULL ? 0 : 1), 1);
+                                if (r < 0)
+                                        return r;
+                        }
+                        continue;
+                }
+
+                if (arg_plain)
+                        printf("  ");
+                else {
+                        UnitActiveState active_state = _UNIT_ACTIVE_STATE_INVALID;
+                        const char *on;
+
+                        (void) get_state_one_unit(bus, *c, &active_state);
+
+                        switch (active_state) {
+                        case UNIT_ACTIVE:
+                        case UNIT_RELOADING:
+                        case UNIT_ACTIVATING:
+                                on = ansi_highlight_green();
+                                break;
+
+                        case UNIT_INACTIVE:
+                        case UNIT_DEACTIVATING:
+                                on = ansi_normal();
+                                break;
+
+                        default:
+                                on = ansi_highlight_red();
+                                break;
+                        }
+
+                        printf("%s%s%s ", on, special_glyph(BLACK_CIRCLE), ansi_normal());
+                }
+
+                r = list_dependencies_print(*c, level, branches, c[1] == NULL);
+                if (r < 0)
+                        return r;
+
+                if (arg_all || unit_name_to_type(*c) == UNIT_TARGET) {
+                       r = list_dependencies_one(bus, *c, level + 1, units, (branches << 1) | (c[1] == NULL ? 0 : 1));
+                       if (r < 0)
+                               return r;
+                }
+        }
+
+        if (!arg_plain)
+                strv_remove(*units, name);
+
+        return 0;
+}
+
+static int list_dependencies(int argc, char *argv[], void *userdata) {
+        _cleanup_strv_free_ char **units = NULL;
+        _cleanup_free_ char *unit = NULL;
+        const char *u;
+        sd_bus *bus;
+        int r;
+
+        if (argv[1]) {
+                r = unit_name_mangle(argv[1], UNIT_NAME_NOGLOB, &unit);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to mangle unit name: %m");
+
+                u = unit;
+        } else
+                u = SPECIAL_DEFAULT_TARGET;
+
+        pager_open(arg_no_pager, false);
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        puts(u);
+
+        return list_dependencies_one(bus, u, 0, &units, 0);
+}
+
+struct machine_info {
+        bool is_host;
+        char *name;
+        char *state;
+        char *control_group;
+        uint32_t n_failed_units;
+        uint32_t n_jobs;
+        usec_t timestamp;
+};
+
+static const struct bus_properties_map machine_info_property_map[] = {
+        { "SystemState",        "s", NULL, offsetof(struct machine_info, state)          },
+        { "NJobs",              "u", NULL, offsetof(struct machine_info, n_jobs)         },
+        { "NFailedUnits",       "u", NULL, offsetof(struct machine_info, n_failed_units) },
+        { "ControlGroup",       "s", NULL, offsetof(struct machine_info, control_group)  },
+        { "UserspaceTimestamp", "t", NULL, offsetof(struct machine_info, timestamp)      },
+        {}
+};
+
+static void machine_info_clear(struct machine_info *info) {
+        if (info) {
+                free(info->name);
+                free(info->state);
+                free(info->control_group);
+                zero(*info);
+        }
+}
+
+static void free_machines_list(struct machine_info *machine_infos, int n) {
+        int i;
+
+        if (!machine_infos)
+                return;
+
+        for (i = 0; i < n; i++)
+                machine_info_clear(&machine_infos[i]);
+
+        free(machine_infos);
+}
+
+static int compare_machine_info(const void *a, const void *b) {
+        const struct machine_info *u = a, *v = b;
+
+        if (u->is_host != v->is_host)
+                return u->is_host > v->is_host ? -1 : 1;
+
+        return strcasecmp(u->name, v->name);
+}
+
+static int get_machine_properties(sd_bus *bus, struct machine_info *mi) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *container = NULL;
+        int r;
+
+        assert(mi);
+
+        if (!bus) {
+                r = sd_bus_open_system_machine(&container, mi->name);
+                if (r < 0)
+                        return r;
+
+                bus = container;
+        }
+
+        r = bus_map_all_properties(bus, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", machine_info_property_map, mi);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static bool output_show_machine(const char *name, char **patterns) {
+        return strv_fnmatch_or_empty(patterns, name, FNM_NOESCAPE);
+}
+
+static int get_machine_list(
+                sd_bus *bus,
+                struct machine_info **_machine_infos,
+                char **patterns) {
+
+        struct machine_info *machine_infos = NULL;
+        _cleanup_strv_free_ char **m = NULL;
+        _cleanup_free_ char *hn = NULL;
+        size_t sz = 0;
+        char **i;
+        int c = 0, r;
+
+        hn = gethostname_malloc();
+        if (!hn)
+                return log_oom();
+
+        if (output_show_machine(hn, patterns)) {
+                if (!GREEDY_REALLOC0(machine_infos, sz, c+1))
+                        return log_oom();
+
+                machine_infos[c].is_host = true;
+                machine_infos[c].name = hn;
+                hn = NULL;
+
+                get_machine_properties(bus, &machine_infos[c]);
+                c++;
+        }
+
+        r = sd_get_machine_names(&m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get machine list: %m");
+
+        STRV_FOREACH(i, m) {
+                _cleanup_free_ char *class = NULL;
+
+                if (!output_show_machine(*i, patterns))
+                        continue;
+
+                sd_machine_get_class(*i, &class);
+                if (!streq_ptr(class, "container"))
+                        continue;
+
+                if (!GREEDY_REALLOC0(machine_infos, sz, c+1)) {
+                        free_machines_list(machine_infos, c);
+                        return log_oom();
+                }
+
+                machine_infos[c].is_host = false;
+                machine_infos[c].name = strdup(*i);
+                if (!machine_infos[c].name) {
+                        free_machines_list(machine_infos, c);
+                        return log_oom();
+                }
+
+                get_machine_properties(NULL, &machine_infos[c]);
+                c++;
+        }
+
+        *_machine_infos = machine_infos;
+        return c;
+}
+
+static void output_machines_list(struct machine_info *machine_infos, unsigned n) {
+        struct machine_info *m;
+        unsigned
+                circle_len = 0,
+                namelen = sizeof("NAME") - 1,
+                statelen = sizeof("STATE") - 1,
+                failedlen = sizeof("FAILED") - 1,
+                jobslen = sizeof("JOBS") - 1;
+
+        assert(machine_infos || n == 0);
+
+        for (m = machine_infos; m < machine_infos + n; m++) {
+                namelen = MAX(namelen, strlen(m->name) + (m->is_host ? sizeof(" (host)") - 1 : 0));
+                statelen = MAX(statelen, m->state ? strlen(m->state) : 0);
+                failedlen = MAX(failedlen, DECIMAL_STR_WIDTH(m->n_failed_units));
+                jobslen = MAX(jobslen, DECIMAL_STR_WIDTH(m->n_jobs));
+
+                if (!arg_plain && !streq_ptr(m->state, "running"))
+                        circle_len = 2;
+        }
+
+        if (!arg_no_legend) {
+                if (circle_len > 0)
+                        fputs("  ", stdout);
+
+                printf("%-*s %-*s %-*s %-*s\n",
+                         namelen, "NAME",
+                        statelen, "STATE",
+                       failedlen, "FAILED",
+                         jobslen, "JOBS");
+        }
+
+        for (m = machine_infos; m < machine_infos + n; m++) {
+                const char *on_state = "", *off_state = "";
+                const char *on_failed = "", *off_failed = "";
+                bool circle = false;
+
+                if (streq_ptr(m->state, "degraded")) {
+                        on_state = ansi_highlight_red();
+                        off_state = ansi_normal();
+                        circle = true;
+                } else if (!streq_ptr(m->state, "running")) {
+                        on_state = ansi_highlight_yellow();
+                        off_state = ansi_normal();
+                        circle = true;
+                }
+
+                if (m->n_failed_units > 0) {
+                        on_failed = ansi_highlight_red();
+                        off_failed = ansi_normal();
+                } else
+                        on_failed = off_failed = "";
+
+                if (circle_len > 0)
+                        printf("%s%s%s ", on_state, circle ? special_glyph(BLACK_CIRCLE) : " ", off_state);
+
+                if (m->is_host)
+                        printf("%-*s (host) %s%-*s%s %s%*" PRIu32 "%s %*" PRIu32 "\n",
+                               (int) (namelen - (sizeof(" (host)")-1)), strna(m->name),
+                               on_state, statelen, strna(m->state), off_state,
+                               on_failed, failedlen, m->n_failed_units, off_failed,
+                               jobslen, m->n_jobs);
+                else
+                        printf("%-*s %s%-*s%s %s%*" PRIu32 "%s %*" PRIu32 "\n",
+                               namelen, strna(m->name),
+                               on_state, statelen, strna(m->state), off_state,
+                               on_failed, failedlen, m->n_failed_units, off_failed,
+                               jobslen, m->n_jobs);
+        }
+
+        if (!arg_no_legend)
+                printf("\n%u machines listed.\n", n);
+}
+
+static int list_machines(int argc, char *argv[], void *userdata) {
+        struct machine_info *machine_infos = NULL;
+        sd_bus *bus;
+        int r;
+
+        if (geteuid() != 0) {
+                log_error("Must be root.");
+                return -EPERM;
+        }
+
+        pager_open(arg_no_pager, false);
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = get_machine_list(bus, &machine_infos, strv_skip(argv, 1));
+        if (r < 0)
+                return r;
+
+        qsort_safe(machine_infos, r, sizeof(struct machine_info), compare_machine_info);
+        output_machines_list(machine_infos, r);
+        free_machines_list(machine_infos, r);
+
+        return 0;
+}
+
+static int get_default(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ char *_path = NULL;
+        const char *path;
+        int r;
+
+        if (install_client_side()) {
+                r = unit_file_get_default(arg_scope, arg_root, &_path);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get default target: %m");
+                path = _path;
+
+                r = 0;
+        } else {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                sd_bus *bus;
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "GetDefaultTarget",
+                                &error,
+                                &reply,
+                                NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get default target: %s", bus_error_message(&error, r));
+
+                r = sd_bus_message_read(reply, "s", &path);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+        }
+
+        if (path)
+                printf("%s\n", path);
+
+        return 0;
+}
+
+static int set_default(int argc, char *argv[], void *userdata) {
+        _cleanup_free_ char *unit = NULL;
+        UnitFileChange *changes = NULL;
+        unsigned n_changes = 0;
+        int r;
+
+        assert(argc >= 2);
+        assert(argv);
+
+        r = unit_name_mangle_with_suffix(argv[1], UNIT_NAME_NOGLOB, ".target", &unit);
+        if (r < 0)
+                return log_error_errno(r, "Failed to mangle unit name: %m");
+
+        if (install_client_side()) {
+                r = unit_file_set_default(arg_scope, arg_root, unit, true, &changes, &n_changes);
+                unit_file_dump_changes(r, "set default", changes, n_changes, arg_quiet);
+
+                if (r > 0)
+                        r = 0;
+        } else {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                sd_bus *bus;
+
+                polkit_agent_open_if_enabled();
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "SetDefaultTarget",
+                                &error,
+                                &reply,
+                                "sb", unit, 1);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set default target: %s", bus_error_message(&error, r));
+
+                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
+                if (r < 0)
+                        goto finish;
+
+                /* Try to reload if enabled */
+                if (!arg_no_reload)
+                        r = daemon_reload(argc, argv, userdata);
+                else
+                        r = 0;
+        }
+
+finish:
+        unit_file_changes_free(changes, n_changes);
+
+        return r;
+}
+
+struct job_info {
+        uint32_t id;
+        const char *name, *type, *state;
+};
+
+static void output_jobs_list(const struct job_info* jobs, unsigned n, bool skipped) {
+        unsigned id_len, unit_len, type_len, state_len;
+        const struct job_info *j;
+        const char *on, *off;
+        bool shorten = false;
+
+        assert(n == 0 || jobs);
+
+        if (n == 0) {
+                if (!arg_no_legend) {
+                        on = ansi_highlight_green();
+                        off = ansi_normal();
+
+                        printf("%sNo jobs %s.%s\n", on, skipped ? "listed" : "running", off);
+                }
+                return;
+        }
+
+        pager_open(arg_no_pager, false);
+
+        id_len = strlen("JOB");
+        unit_len = strlen("UNIT");
+        type_len = strlen("TYPE");
+        state_len = strlen("STATE");
+
+        for (j = jobs; j < jobs + n; j++) {
+                uint32_t id = j->id;
+                assert(j->name && j->type && j->state);
+
+                id_len = MAX(id_len, DECIMAL_STR_WIDTH(id));
+                unit_len = MAX(unit_len, strlen(j->name));
+                type_len = MAX(type_len, strlen(j->type));
+                state_len = MAX(state_len, strlen(j->state));
+        }
+
+        if (!arg_full && id_len + 1 + unit_len + type_len + 1 + state_len > columns()) {
+                unit_len = MAX(33u, columns() - id_len - type_len - state_len - 3);
+                shorten = true;
+        }
+
+        if (!arg_no_legend)
+                printf("%*s %-*s %-*s %-*s\n",
+                       id_len, "JOB",
+                       unit_len, "UNIT",
+                       type_len, "TYPE",
+                       state_len, "STATE");
+
+        for (j = jobs; j < jobs + n; j++) {
+                _cleanup_free_ char *e = NULL;
+
+                if (streq(j->state, "running")) {
+                        on = ansi_highlight();
+                        off = ansi_normal();
+                } else
+                        on = off = "";
+
+                e = shorten ? ellipsize(j->name, unit_len, 33) : NULL;
+                printf("%*u %s%-*s%s %-*s %s%-*s%s\n",
+                       id_len, j->id,
+                       on, unit_len, e ? e : j->name, off,
+                       type_len, j->type,
+                       on, state_len, j->state, off);
+        }
+
+        if (!arg_no_legend) {
+                on = ansi_highlight();
+                off = ansi_normal();
+
+                printf("\n%s%u jobs listed%s.\n", on, n, off);
+        }
+}
+
+static bool output_show_job(struct job_info *job, char **patterns) {
+        return strv_fnmatch_or_empty(patterns, job->name, FNM_NOESCAPE);
+}
+
+static int list_jobs(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *name, *type, *state, *job_path, *unit_path;
+        _cleanup_free_ struct job_info *jobs = NULL;
+        size_t size = 0;
+        unsigned c = 0;
+        sd_bus *bus;
+        uint32_t id;
+        int r;
+        bool skipped = false;
+
+        pager_open(arg_no_pager, false);
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "ListJobs",
+                        &error,
+                        &reply,
+                        NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to list jobs: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, 'a', "(usssoo)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(usssoo)", &id, &name, &type, &state, &job_path, &unit_path)) > 0) {
+                struct job_info job = { id, name, type, state };
+
+                if (!output_show_job(&job, strv_skip(argv, 1))) {
+                        skipped = true;
+                        continue;
+                }
+
+                if (!GREEDY_REALLOC(jobs, size, c + 1))
+                        return log_oom();
+
+                jobs[c++] = job;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        output_jobs_list(jobs, c, skipped);
+        return 0;
+}
+
+static int cancel_job(int argc, char *argv[], void *userdata) {
+        sd_bus *bus;
+        char **name;
+        int r = 0;
+
+        if (argc <= 1)
+                return daemon_reload(argc, argv, userdata);
+
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH(name, strv_skip(argv, 1)) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                uint32_t id;
+                int q;
+
+                q = safe_atou32(*name, &id);
+                if (q < 0)
+                        return log_error_errno(q, "Failed to parse job id \"%s\": %m", *name);
+
+                q = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "CancelJob",
+                                &error,
+                                NULL,
+                                "u", id);
+                if (q < 0) {
+                        log_error_errno(q, "Failed to cancel job %"PRIu32": %s", id, bus_error_message(&error, q));
+                        if (r == 0)
+                                r = q;
+                }
+        }
+
+        return r;
+}
+
+static int need_daemon_reload(sd_bus *bus, const char *unit) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *path;
+        int b, r;
+
+        /* We ignore all errors here, since this is used to show a
+         * warning only */
+
+        /* We don't use unit_dbus_path_from_name() directly since we
+         * don't want to load the unit if it isn't loaded. */
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "GetUnit",
+                        NULL,
+                        &reply,
+                        "s", unit);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(reply, "o", &path);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_get_property_trivial(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        "NeedDaemonReload",
+                        NULL,
+                        'b', &b);
+        if (r < 0)
+                return r;
+
+        return b;
+}
+
+static void warn_unit_file_changed(const char *name) {
+        assert(name);
+
+        log_warning("%sWarning:%s %s changed on disk. Run 'systemctl%s daemon-reload' to reload units.",
+                    ansi_highlight_red(),
+                    ansi_normal(),
+                    name,
+                    arg_scope == UNIT_FILE_SYSTEM ? "" : " --user");
+}
+
+static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **unit_path) {
+        char **p;
+
+        assert(lp);
+        assert(unit_name);
+        assert(unit_path);
+
+        STRV_FOREACH(p, lp->search_path) {
+                _cleanup_free_ char *path;
+
+                path = path_join(arg_root, *p, unit_name);
+                if (!path)
+                        return log_oom();
+
+                if (access(path, F_OK) == 0) {
+                        *unit_path = path;
+                        path = NULL;
+                        return 1;
+                }
+        }
+
+        return 0;
+}
+
+static int unit_find_paths(
+                sd_bus *bus,
+                const char *unit_name,
+                LookupPaths *lp,
+                char **fragment_path,
+                char ***dropin_paths) {
+
+        _cleanup_free_ char *path = NULL;
+        _cleanup_strv_free_ char **dropins = NULL;
+        int r;
+
+        /**
+         * Finds where the unit is defined on disk. Returns 0 if the unit
+         * is not found. Returns 1 if it is found, and sets
+         * - the path to the unit in *path, if it exists on disk,
+         * - and a strv of existing drop-ins in *dropins,
+         *   if the arg is not NULL and any dropins were found.
+         */
+
+        assert(unit_name);
+        assert(fragment_path);
+        assert(lp);
+
+        if (!install_client_side() && !unit_name_is_valid(unit_name, UNIT_NAME_TEMPLATE)) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_free_ char *unit = NULL;
+
+                unit = unit_dbus_path_from_name(unit_name);
+                if (!unit)
+                        return log_oom();
+
+                r = sd_bus_get_property_string(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                unit,
+                                "org.freedesktop.systemd1.Unit",
+                                "FragmentPath",
+                                &error,
+                                &path);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get FragmentPath: %s", bus_error_message(&error, r));
+
+                if (dropin_paths) {
+                        r = sd_bus_get_property_strv(
+                                        bus,
+                                        "org.freedesktop.systemd1",
+                                        unit,
+                                        "org.freedesktop.systemd1.Unit",
+                                        "DropInPaths",
+                                        &error,
+                                        &dropins);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get DropInPaths: %s", bus_error_message(&error, r));
+                }
+        } else {
+                _cleanup_set_free_ Set *names;
+
+                names = set_new(NULL);
+                if (!names)
+                        return log_oom();
+
+                r = set_put(names, unit_name);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add unit name: %m");
+
+                r = unit_file_find_path(lp, unit_name, &path);
+                if (r < 0)
+                        return r;
+
+                if (r == 0) {
+                        _cleanup_free_ char *template = NULL;
+
+                        r = unit_name_template(unit_name, &template);
+                        if (r < 0 && r != -EINVAL)
+                                return log_error_errno(r, "Failed to determine template name: %m");
+                        if (r >= 0) {
+                                r = unit_file_find_path(lp, template, &path);
+                                if (r < 0)
+                                        return r;
+                        }
+                }
+
+                if (dropin_paths) {
+                        r = unit_file_find_dropin_paths(lp->search_path, NULL, names, &dropins);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        r = 0;
+
+        if (!isempty(path)) {
+                *fragment_path = path;
+                path = NULL;
+                r = 1;
+        }
+
+        if (dropin_paths && !strv_isempty(dropins)) {
+                *dropin_paths = dropins;
+                dropins = NULL;
+                r = 1;
+        }
+
+        if (r == 0)
+                log_error("No files found for %s.", unit_name);
+
+        return r;
+}
+
+static int get_state_one_unit(sd_bus *bus, const char *name, UnitActiveState *active_state) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ char *buf = NULL;
+        UnitActiveState state;
+        const char *path;
+        int r;
+
+        assert(name);
+        assert(active_state);
+
+        /* We don't use unit_dbus_path_from_name() directly since we don't want to load the unit unnecessarily, if it
+         * isn't loaded. */
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "GetUnit",
+                        &error,
+                        &reply,
+                        "s", name);
+        if (r < 0) {
+                if (!sd_bus_error_has_name(&error,  BUS_ERROR_NO_SUCH_UNIT))
+                        return log_error_errno(r, "Failed to retrieve unit: %s", bus_error_message(&error, r));
+
+                /* The unit is currently not loaded, hence say it's "inactive", since all units that aren't loaded are
+                 * considered inactive. */
+                state = UNIT_INACTIVE;
+
+        } else {
+                r = sd_bus_message_read(reply, "o", &path);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_get_property_string(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                path,
+                                "org.freedesktop.systemd1.Unit",
+                                "ActiveState",
+                                &error,
+                                &buf);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to retrieve unit state: %s", bus_error_message(&error, r));
+
+                state = unit_active_state_from_string(buf);
+                if (state == _UNIT_ACTIVE_STATE_INVALID) {
+                        log_error("Invalid unit state '%s' for: %s", buf, name);
+                        return -EINVAL;
+                }
+        }
+
+        *active_state = state;
+        return 0;
+}
+
+static int check_triggering_units(
+                sd_bus *bus,
+                const char *name) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_free_ char *path = NULL, *n = NULL, *load_state = NULL;
+        _cleanup_strv_free_ char **triggered_by = NULL;
+        bool print_warning_label = true;
+        UnitActiveState active_state;
+        char **i;
+        int r;
+
+        r = unit_name_mangle(name, UNIT_NAME_NOGLOB, &n);
+        if (r < 0)
+                return log_error_errno(r, "Failed to mangle unit name: %m");
+
+        path = unit_dbus_path_from_name(n);
+        if (!path)
+                return log_oom();
+
+        r = sd_bus_get_property_string(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        "LoadState",
+                        &error,
+                        &load_state);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get load state of %s: %s", n, bus_error_message(&error, r));
+
+        if (streq(load_state, "masked"))
+                return 0;
+
+        r = sd_bus_get_property_strv(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        "TriggeredBy",
+                        &error,
+                        &triggered_by);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get triggered by array of %s: %s", n, bus_error_message(&error, r));
+
+        STRV_FOREACH(i, triggered_by) {
+                r = get_state_one_unit(bus, *i, &active_state);
+                if (r < 0)
+                        return r;
+
+                if (!IN_SET(active_state, UNIT_ACTIVE, UNIT_RELOADING))
+                        continue;
+
+                if (print_warning_label) {
+                        log_warning("Warning: Stopping %s, but it can still be activated by:", n);
+                        print_warning_label = false;
+                }
+
+                log_warning("  %s", *i);
+        }
+
+        return 0;
+}
+
+static const struct {
+        const char *verb;
+        const char *method;
+} unit_actions[] = {
+        { "start",                 "StartUnit" },
+        { "stop",                  "StopUnit" },
+        { "condstop",              "StopUnit" },
+        { "reload",                "ReloadUnit" },
+        { "restart",               "RestartUnit" },
+        { "try-restart",           "TryRestartUnit" },
+        { "condrestart",           "TryRestartUnit" },
+        { "reload-or-restart",     "ReloadOrRestartUnit" },
+        { "try-reload-or-restart", "ReloadOrTryRestartUnit" },
+        { "reload-or-try-restart", "ReloadOrTryRestartUnit" },
+        { "condreload",            "ReloadOrTryRestartUnit" },
+        { "force-reload",          "ReloadOrTryRestartUnit" }
+};
+
+static const char *verb_to_method(const char *verb) {
+       uint i;
+
+       for (i = 0; i < ELEMENTSOF(unit_actions); i++)
+                if (streq_ptr(unit_actions[i].verb, verb))
+                        return unit_actions[i].method;
+
+       return "StartUnit";
+}
+
+static const char *method_to_verb(const char *method) {
+       uint i;
+
+       for (i = 0; i < ELEMENTSOF(unit_actions); i++)
+                if (streq_ptr(unit_actions[i].method, method))
+                        return unit_actions[i].verb;
+
+       return "n/a";
+}
+
+static int start_unit_one(
+                sd_bus *bus,
+                const char *method,
+                const char *name,
+                const char *mode,
+                sd_bus_error *error,
+                BusWaitForJobs *w) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *path;
+        int r;
+
+        assert(method);
+        assert(name);
+        assert(mode);
+        assert(error);
+
+        log_debug("Calling manager for %s on %s, %s", method, name, mode);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        method,
+                        error,
+                        &reply,
+                        "ss", name, mode);
+        if (r < 0) {
+                const char *verb;
+
+                if (r == -ENOENT && arg_action != ACTION_SYSTEMCTL)
+                        /* There's always a fallback possible for
+                         * legacy actions. */
+                        return -EADDRNOTAVAIL;
+
+                verb = method_to_verb(method);
+
+                log_error("Failed to %s %s: %s", verb, name, bus_error_message(error, r));
+
+                if (!sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) &&
+                    !sd_bus_error_has_name(error, BUS_ERROR_UNIT_MASKED))
+                        log_error("See %s logs and 'systemctl%s status %s' for details.",
+                                   arg_scope == UNIT_FILE_SYSTEM ? "system" : "user",
+                                   arg_scope == UNIT_FILE_SYSTEM ? "" : " --user",
+                                   name);
+
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "o", &path);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (need_daemon_reload(bus, name) > 0)
+                warn_unit_file_changed(name);
+
+        if (w) {
+                log_debug("Adding %s to the set", path);
+                r = bus_wait_for_jobs_add(w, path);
+                if (r < 0)
+                        return log_oom();
+        }
+
+        return 0;
+}
+
+static int expand_names(sd_bus *bus, char **names, const char* suffix, char ***ret) {
+        _cleanup_strv_free_ char **mangled = NULL, **globs = NULL;
+        char **name;
+        int r, i;
+
+        assert(bus);
+        assert(ret);
+
+        STRV_FOREACH(name, names) {
+                char *t;
+
+                if (suffix)
+                        r = unit_name_mangle_with_suffix(*name, UNIT_NAME_GLOB, suffix, &t);
+                else
+                        r = unit_name_mangle(*name, UNIT_NAME_GLOB, &t);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to mangle name: %m");
+
+                if (string_is_glob(t))
+                        r = strv_consume(&globs, t);
+                else
+                        r = strv_consume(&mangled, t);
+                if (r < 0)
+                        return log_oom();
+        }
+
+        /* Query the manager only if any of the names are a glob, since
+         * this is fairly expensive */
+        if (!strv_isempty(globs)) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                _cleanup_free_ UnitInfo *unit_infos = NULL;
+                size_t allocated, n;
+
+                r = get_unit_list(bus, NULL, globs, &unit_infos, 0, &reply);
+                if (r < 0)
+                        return r;
+
+                n = strv_length(mangled);
+                allocated = n + 1;
+
+                for (i = 0; i < r; i++) {
+                        if (!GREEDY_REALLOC(mangled, allocated, n+2))
+                                return log_oom();
+
+                        mangled[n] = strdup(unit_infos[i].id);
+                        if (!mangled[n])
+                                return log_oom();
+
+                        mangled[++n] = NULL;
+                }
+        }
+
+        *ret = mangled;
+        mangled = NULL; /* do not free */
+
+        return 0;
+}
+
+static const struct {
+        const char *target;
+        const char *verb;
+        const char *mode;
+} action_table[_ACTION_MAX] = {
+        [ACTION_HALT]         = { SPECIAL_HALT_TARGET,         "halt",         "replace-irreversibly" },
+        [ACTION_POWEROFF]     = { SPECIAL_POWEROFF_TARGET,     "poweroff",     "replace-irreversibly" },
+        [ACTION_REBOOT]       = { SPECIAL_REBOOT_TARGET,       "reboot",       "replace-irreversibly" },
+        [ACTION_KEXEC]        = { SPECIAL_KEXEC_TARGET,        "kexec",        "replace-irreversibly" },
+        [ACTION_RUNLEVEL2]    = { SPECIAL_MULTI_USER_TARGET,   NULL,           "isolate" },
+        [ACTION_RUNLEVEL3]    = { SPECIAL_MULTI_USER_TARGET,   NULL,           "isolate" },
+        [ACTION_RUNLEVEL4]    = { SPECIAL_MULTI_USER_TARGET,   NULL,           "isolate" },
+        [ACTION_RUNLEVEL5]    = { SPECIAL_GRAPHICAL_TARGET,    NULL,           "isolate" },
+        [ACTION_RESCUE]       = { SPECIAL_RESCUE_TARGET,       "rescue",       "isolate" },
+        [ACTION_EMERGENCY]    = { SPECIAL_EMERGENCY_TARGET,    "emergency",    "isolate" },
+        [ACTION_DEFAULT]      = { SPECIAL_DEFAULT_TARGET,      "default",      "isolate" },
+        [ACTION_EXIT]         = { SPECIAL_EXIT_TARGET,         "exit",         "replace-irreversibly" },
+        [ACTION_SUSPEND]      = { SPECIAL_SUSPEND_TARGET,      "suspend",      "replace-irreversibly" },
+        [ACTION_HIBERNATE]    = { SPECIAL_HIBERNATE_TARGET,    "hibernate",    "replace-irreversibly" },
+        [ACTION_HYBRID_SLEEP] = { SPECIAL_HYBRID_SLEEP_TARGET, "hybrid-sleep", "replace-irreversibly" },
+};
+
+static enum action verb_to_action(const char *verb) {
+        enum action i;
+
+        for (i = _ACTION_INVALID; i < _ACTION_MAX; i++)
+                if (streq_ptr(action_table[i].verb, verb))
+                        return i;
+
+        return _ACTION_INVALID;
+}
+
+static int start_unit(int argc, char *argv[], void *userdata) {
+        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
+        const char *method, *mode, *one_name, *suffix = NULL;
+        _cleanup_strv_free_ char **names = NULL;
+        sd_bus *bus;
+        char **name;
+        int r = 0;
+
+        ask_password_agent_open_if_enabled();
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        if (arg_action == ACTION_SYSTEMCTL) {
+                enum action action;
+
+                method = verb_to_method(argv[0]);
+                action = verb_to_action(argv[0]);
+
+                if (streq(argv[0], "isolate")) {
+                        mode = "isolate";
+                        suffix = ".target";
+                } else
+                        mode = action_table[action].mode ?: arg_job_mode;
+
+                one_name = action_table[action].target;
+        } else {
+                assert(arg_action < ELEMENTSOF(action_table));
+                assert(action_table[arg_action].target);
+
+                method = "StartUnit";
+
+                mode = action_table[arg_action].mode;
+                one_name = action_table[arg_action].target;
+        }
+
+        if (one_name)
+                names = strv_new(one_name, NULL);
+        else {
+                r = expand_names(bus, strv_skip(argv, 1), suffix, &names);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to expand names: %m");
+        }
+
+        if (!arg_no_block) {
+                r = bus_wait_for_jobs_new(bus, &w);
+                if (r < 0)
+                        return log_error_errno(r, "Could not watch jobs: %m");
+        }
+
+        STRV_FOREACH(name, names) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                int q;
+
+                q = start_unit_one(bus, method, *name, mode, &error, w);
+                if (r >= 0 && q < 0)
+                        r = translate_bus_error_to_exit_status(q, &error);
+        }
+
+        if (!arg_no_block) {
+                int q, arg_count = 0;
+                const char* extra_args[4] = {};
+
+                if (arg_scope != UNIT_FILE_SYSTEM)
+                        extra_args[arg_count++] = "--user";
+
+                assert(IN_SET(arg_transport, BUS_TRANSPORT_LOCAL, BUS_TRANSPORT_REMOTE, BUS_TRANSPORT_MACHINE));
+                if (arg_transport == BUS_TRANSPORT_REMOTE) {
+                        extra_args[arg_count++] = "-H";
+                        extra_args[arg_count++] = arg_host;
+                } else if (arg_transport == BUS_TRANSPORT_MACHINE) {
+                        extra_args[arg_count++] = "-M";
+                        extra_args[arg_count++] = arg_host;
+                }
+
+                q = bus_wait_for_jobs(w, arg_quiet, extra_args);
+                if (q < 0)
+                        return q;
+
+                /* When stopping units, warn if they can still be triggered by
+                 * another active unit (socket, path, timer) */
+                if (!arg_quiet && streq(method, "StopUnit"))
+                        STRV_FOREACH(name, names)
+                                check_triggering_units(bus, *name);
+        }
+
+        return r;
+}
+
+static int logind_set_wall_message(void) {
+#ifdef HAVE_LOGIND
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus;
+        _cleanup_free_ char *m = NULL;
+        int r;
+
+        r = acquire_bus(BUS_FULL, &bus);
+        if (r < 0)
+                return r;
+
+        m = strv_join(arg_wall, " ");
+        if (!m)
+                return log_oom();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "SetWallMessage",
+                        &error,
+                        NULL,
+                        "sb",
+                        m,
+                        !arg_no_wall);
+
+        if (r < 0)
+                return log_warning_errno(r, "Failed to set wall message, ignoring: %s", bus_error_message(&error, r));
+
+#endif
+        return 0;
+}
+
+/* Ask systemd-logind, which might grant access to unprivileged users
+ * through PolicyKit */
+static int logind_reboot(enum action a) {
+#ifdef HAVE_LOGIND
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *method, *description;
+        sd_bus *bus;
+        int r;
+
+        polkit_agent_open_if_enabled();
+        (void) logind_set_wall_message();
+
+        r = acquire_bus(BUS_FULL, &bus);
+        if (r < 0)
+                return r;
+
+        switch (a) {
+
+        case ACTION_REBOOT:
+                method = "Reboot";
+                description = "reboot system";
+                break;
+
+        case ACTION_POWEROFF:
+                method = "PowerOff";
+                description = "power off system";
+                break;
+
+        case ACTION_SUSPEND:
+                method = "Suspend";
+                description = "suspend system";
+                break;
+
+        case ACTION_HIBERNATE:
+                method = "Hibernate";
+                description = "hibernate system";
+                break;
+
+        case ACTION_HYBRID_SLEEP:
+                method = "HybridSleep";
+                description = "put system into hybrid sleep";
+                break;
+
+        default:
+                return -EINVAL;
+        }
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        method,
+                        &error,
+                        NULL,
+                        "b", arg_ask_password);
+        if (r < 0)
+                return log_error_errno(r, "Failed to %s via logind: %s", description, bus_error_message(&error, r));
+
+        return 0;
+#else
+        return -ENOSYS;
+#endif
+}
+
+static int logind_check_inhibitors(enum action a) {
+#ifdef HAVE_LOGIND
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_strv_free_ char **sessions = NULL;
+        const char *what, *who, *why, *mode;
+        uint32_t uid, pid;
+        sd_bus *bus;
+        unsigned c = 0;
+        char **s;
+        int r;
+
+        if (arg_ignore_inhibitors || arg_force > 0)
+                return 0;
+
+        if (arg_when > 0)
+                return 0;
+
+        if (geteuid() == 0)
+                return 0;
+
+        if (!on_tty())
+                return 0;
+
+        r = acquire_bus(BUS_FULL, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "ListInhibitors",
+                        NULL,
+                        &reply,
+                        NULL);
+        if (r < 0)
+                /* If logind is not around, then there are no inhibitors... */
+                return 0;
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssuu)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read(reply, "(ssssuu)", &what, &who, &why, &mode, &uid, &pid)) > 0) {
+                _cleanup_free_ char *comm = NULL, *user = NULL;
+                _cleanup_strv_free_ char **sv = NULL;
+
+                if (!streq(mode, "block"))
+                        continue;
+
+                sv = strv_split(what, ":");
+                if (!sv)
+                        return log_oom();
+
+                if ((pid_t) pid < 0)
+                        return log_error_errno(ERANGE, "Bad PID %"PRIu32": %m", pid);
+
+                if (!strv_contains(sv,
+                                   IN_SET(a,
+                                          ACTION_HALT,
+                                          ACTION_POWEROFF,
+                                          ACTION_REBOOT,
+                                          ACTION_KEXEC) ? "shutdown" : "sleep"))
+                        continue;
+
+                get_process_comm(pid, &comm);
+                user = uid_to_name(uid);
+
+                log_warning("Operation inhibited by \"%s\" (PID "PID_FMT" \"%s\", user %s), reason is \"%s\".",
+                            who, (pid_t) pid, strna(comm), strna(user), why);
+
+                c++;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        /* Check for current sessions */
+        sd_get_sessions(&sessions);
+        STRV_FOREACH(s, sessions) {
+                _cleanup_free_ char *type = NULL, *tty = NULL, *seat = NULL, *user = NULL, *service = NULL, *class = NULL;
+
+                if (sd_session_get_uid(*s, &uid) < 0 || uid == getuid())
+                        continue;
+
+                if (sd_session_get_class(*s, &class) < 0 || !streq(class, "user"))
+                        continue;
+
+                if (sd_session_get_type(*s, &type) < 0 || (!streq(type, "x11") && !streq(type, "tty")))
+                        continue;
+
+                sd_session_get_tty(*s, &tty);
+                sd_session_get_seat(*s, &seat);
+                sd_session_get_service(*s, &service);
+                user = uid_to_name(uid);
+
+                log_warning("User %s is logged in on %s.", strna(user), isempty(tty) ? (isempty(seat) ? strna(service) : seat) : tty);
+                c++;
+        }
+
+        if (c <= 0)
+                return 0;
+
+        log_error("Please retry operation after closing inhibitors and logging out other users.\nAlternatively, ignore inhibitors and users with 'systemctl %s -i'.",
+                  action_table[a].verb);
+
+        return -EPERM;
+#else
+        return 0;
+#endif
+}
+
+static int logind_prepare_firmware_setup(void) {
+#ifdef HAVE_LOGIND
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus;
+        int r;
+
+        r = acquire_bus(BUS_FULL, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "SetRebootToFirmwareSetup",
+                        &error,
+                        NULL,
+                        "b", true);
+        if (r < 0)
+                return log_error_errno(r, "Cannot indicate to EFI to boot into setup mode: %s", bus_error_message(&error, r));
+
+        return 0;
+#else
+        log_error("Cannot remotely indicate to EFI to boot into setup mode.");
+        return -ENOSYS;
+#endif
+}
+
+static int prepare_firmware_setup(void) {
+        int r;
+
+        if (!arg_firmware_setup)
+                return 0;
+
+        if (arg_transport == BUS_TRANSPORT_LOCAL) {
+
+                r = efi_set_reboot_to_firmware(true);
+                if (r < 0)
+                        log_debug_errno(r, "Cannot indicate to EFI to boot into setup mode, will retry via logind: %m");
+                else
+                        return r;
+        }
+
+        return logind_prepare_firmware_setup();
+}
+
+static int set_exit_code(uint8_t code) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus;
+        int r;
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "SetExitCode",
+                        &error,
+                        NULL,
+                        "y", code);
+        if (r < 0)
+                return log_error_errno(r, "Failed to set exit code: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int start_special(int argc, char *argv[], void *userdata) {
+        enum action a;
+        int r;
+
+        assert(argv);
+
+        a = verb_to_action(argv[0]);
+
+        r = logind_check_inhibitors(a);
+        if (r < 0)
+                return r;
+
+        if (arg_force >= 2 && geteuid() != 0) {
+                log_error("Must be root.");
+                return -EPERM;
+        }
+
+        r = prepare_firmware_setup();
+        if (r < 0)
+                return r;
+
+        if (a == ACTION_REBOOT && argc > 1) {
+                r = update_reboot_parameter_and_warn(argv[1]);
+                if (r < 0)
+                        return r;
+
+        } else if (a == ACTION_EXIT && argc > 1) {
+                uint8_t code;
+
+                /* If the exit code is not given on the command line,
+                 * don't reset it to zero: just keep it as it might
+                 * have been set previously. */
+
+                r = safe_atou8(argv[1], &code);
+                if (r < 0)
+                        return log_error_errno(r, "Invalid exit code.");
+
+                r = set_exit_code(code);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_force >= 2 &&
+            IN_SET(a,
+                   ACTION_HALT,
+                   ACTION_POWEROFF,
+                   ACTION_REBOOT))
+                return halt_now(a);
+
+        if (arg_force >= 1 &&
+            IN_SET(a,
+                   ACTION_HALT,
+                   ACTION_POWEROFF,
+                   ACTION_REBOOT,
+                   ACTION_KEXEC,
+                   ACTION_EXIT))
+                return daemon_reload(argc, argv, userdata);
+
+        /* First try logind, to allow authentication with polkit */
+        if (IN_SET(a,
+                   ACTION_POWEROFF,
+                   ACTION_REBOOT,
+                   ACTION_SUSPEND,
+                   ACTION_HIBERNATE,
+                   ACTION_HYBRID_SLEEP)) {
+                r = logind_reboot(a);
+                if (r >= 0)
+                        return r;
+                if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
+                        /* requested operation is not supported or already in progress */
+                        return r;
+
+                /* On all other errors, try low-level operation */
+        }
+
+        return start_unit(argc, argv, userdata);
+}
+
+static int check_unit_generic(int code, const UnitActiveState good_states[], int nb_states, char **args) {
+        _cleanup_strv_free_ char **names = NULL;
+        UnitActiveState active_state;
+        sd_bus *bus;
+        char **name;
+        int r, i;
+        bool found = false;
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = expand_names(bus, args, NULL, &names);
+        if (r < 0)
+                return log_error_errno(r, "Failed to expand names: %m");
+
+        STRV_FOREACH(name, names) {
+                r = get_state_one_unit(bus, *name, &active_state);
+                if (r < 0)
+                        return r;
+
+                if (!arg_quiet)
+                        puts(unit_active_state_to_string(active_state));
+
+                for (i = 0; i < nb_states; ++i)
+                        if (good_states[i] == active_state)
+                                found = true;
+        }
+
+        /* use the given return code for the case that we won't find
+         * any unit which matches the list */
+        return found ? 0 : code;
+}
+
+static int check_unit_active(int argc, char *argv[], void *userdata) {
+        const UnitActiveState states[] = { UNIT_ACTIVE, UNIT_RELOADING };
+        /* According to LSB: 3, "program is not running" */
+        return check_unit_generic(3, states, ELEMENTSOF(states), strv_skip(argv, 1));
+}
+
+static int check_unit_failed(int argc, char *argv[], void *userdata) {
+        const UnitActiveState states[] = { UNIT_FAILED };
+        return check_unit_generic(1, states, ELEMENTSOF(states), strv_skip(argv, 1));
+}
+
+static int kill_unit(int argc, char *argv[], void *userdata) {
+        _cleanup_strv_free_ char **names = NULL;
+        char *kill_who = NULL, **name;
+        sd_bus *bus;
+        int r, q;
+
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        if (!arg_kill_who)
+                arg_kill_who = "all";
+
+        /* --fail was specified */
+        if (streq(arg_job_mode, "fail"))
+                kill_who = strjoina(arg_kill_who, "-fail");
+
+        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
+        if (r < 0)
+                return log_error_errno(r, "Failed to expand names: %m");
+
+        STRV_FOREACH(name, names) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+
+                q = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "KillUnit",
+                                &error,
+                                NULL,
+                                "ssi", *names, kill_who ? kill_who : arg_kill_who, arg_signal);
+                if (q < 0) {
+                        log_error_errno(q, "Failed to kill unit %s: %s", *names, bus_error_message(&error, q));
+                        if (r == 0)
+                                r = q;
+                }
+        }
+
+        return r;
+}
+
+typedef struct ExecStatusInfo {
+        char *name;
+
+        char *path;
+        char **argv;
+
+        bool ignore;
+
+        usec_t start_timestamp;
+        usec_t exit_timestamp;
+        pid_t pid;
+        int code;
+        int status;
+
+        LIST_FIELDS(struct ExecStatusInfo, exec);
+} ExecStatusInfo;
+
+static void exec_status_info_free(ExecStatusInfo *i) {
+        assert(i);
+
+        free(i->name);
+        free(i->path);
+        strv_free(i->argv);
+        free(i);
+}
+
+static int exec_status_info_deserialize(sd_bus_message *m, ExecStatusInfo *i) {
+        uint64_t start_timestamp, exit_timestamp, start_timestamp_monotonic, exit_timestamp_monotonic;
+        const char *path;
+        uint32_t pid;
+        int32_t code, status;
+        int ignore, r;
+
+        assert(m);
+        assert(i);
+
+        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_STRUCT, "sasbttttuii");
+        if (r < 0)
+                return bus_log_parse_error(r);
+        else if (r == 0)
+                return 0;
+
+        r = sd_bus_message_read(m, "s", &path);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        i->path = strdup(path);
+        if (!i->path)
+                return log_oom();
+
+        r = sd_bus_message_read_strv(m, &i->argv);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_read(m,
+                                "bttttuii",
+                                &ignore,
+                                &start_timestamp, &start_timestamp_monotonic,
+                                &exit_timestamp, &exit_timestamp_monotonic,
+                                &pid,
+                                &code, &status);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        i->ignore = ignore;
+        i->start_timestamp = (usec_t) start_timestamp;
+        i->exit_timestamp = (usec_t) exit_timestamp;
+        i->pid = (pid_t) pid;
+        i->code = code;
+        i->status = status;
+
+        r = sd_bus_message_exit_container(m);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return 1;
+}
+
+typedef struct UnitStatusInfo {
+        const char *id;
+        const char *load_state;
+        const char *active_state;
+        const char *sub_state;
+        const char *unit_file_state;
+        const char *unit_file_preset;
+
+        const char *description;
+        const char *following;
+
+        char **documentation;
+
+        const char *fragment_path;
+        const char *source_path;
+        const char *control_group;
+
+        char **dropin_paths;
+
+        const char *load_error;
+        const char *result;
+
+        usec_t inactive_exit_timestamp;
+        usec_t inactive_exit_timestamp_monotonic;
+        usec_t active_enter_timestamp;
+        usec_t active_exit_timestamp;
+        usec_t inactive_enter_timestamp;
+
+        bool need_daemon_reload;
+        bool transient;
+
+        /* Service */
+        pid_t main_pid;
+        pid_t control_pid;
+        const char *status_text;
+        const char *pid_file;
+        bool running:1;
+        int status_errno;
+
+        usec_t start_timestamp;
+        usec_t exit_timestamp;
+
+        int exit_code, exit_status;
+
+        usec_t condition_timestamp;
+        bool condition_result;
+        bool failed_condition_trigger;
+        bool failed_condition_negate;
+        const char *failed_condition;
+        const char *failed_condition_parameter;
+
+        usec_t assert_timestamp;
+        bool assert_result;
+        bool failed_assert_trigger;
+        bool failed_assert_negate;
+        const char *failed_assert;
+        const char *failed_assert_parameter;
+
+        /* Socket */
+        unsigned n_accepted;
+        unsigned n_connections;
+        bool accept;
+
+        /* Pairs of type, path */
+        char **listen;
+
+        /* Device */
+        const char *sysfs_path;
+
+        /* Mount, Automount */
+        const char *where;
+
+        /* Swap */
+        const char *what;
+
+        /* CGroup */
+        uint64_t memory_current;
+        uint64_t memory_limit;
+        uint64_t cpu_usage_nsec;
+        uint64_t tasks_current;
+        uint64_t tasks_max;
+
+        LIST_HEAD(ExecStatusInfo, exec);
+} UnitStatusInfo;
+
+static void print_status_info(
+                sd_bus *bus,
+                UnitStatusInfo *i,
+                bool *ellipsized) {
+
+        ExecStatusInfo *p;
+        const char *active_on, *active_off, *on, *off, *ss;
+        usec_t timestamp;
+        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
+        char since2[FORMAT_TIMESTAMP_MAX], *s2;
+        const char *path;
+        char **t, **t2;
+        int r;
+
+        assert(i);
+
+        /* This shows pretty information about a unit. See
+         * print_property() for a low-level property printer */
+
+        if (streq_ptr(i->active_state, "failed")) {
+                active_on = ansi_highlight_red();
+                active_off = ansi_normal();
+        } else if (streq_ptr(i->active_state, "active") || streq_ptr(i->active_state, "reloading")) {
+                active_on = ansi_highlight_green();
+                active_off = ansi_normal();
+        } else
+                active_on = active_off = "";
+
+        printf("%s%s%s %s", active_on, special_glyph(BLACK_CIRCLE), active_off, strna(i->id));
+
+        if (i->description && !streq_ptr(i->id, i->description))
+                printf(" - %s", i->description);
+
+        printf("\n");
+
+        if (i->following)
+                printf("   Follow: unit currently follows state of %s\n", i->following);
+
+        if (streq_ptr(i->load_state, "error")) {
+                on = ansi_highlight_red();
+                off = ansi_normal();
+        } else
+                on = off = "";
+
+        path = i->source_path ? i->source_path : i->fragment_path;
+
+        if (i->load_error != 0)
+                printf("   Loaded: %s%s%s (Reason: %s)\n",
+                       on, strna(i->load_state), off, i->load_error);
+        else if (path && !isempty(i->unit_file_state) && !isempty(i->unit_file_preset))
+                printf("   Loaded: %s%s%s (%s; %s; vendor preset: %s)\n",
+                       on, strna(i->load_state), off, path, i->unit_file_state, i->unit_file_preset);
+        else if (path && !isempty(i->unit_file_state))
+                printf("   Loaded: %s%s%s (%s; %s)\n",
+                       on, strna(i->load_state), off, path, i->unit_file_state);
+        else if (path)
+                printf("   Loaded: %s%s%s (%s)\n",
+                       on, strna(i->load_state), off, path);
+        else
+                printf("   Loaded: %s%s%s\n",
+                       on, strna(i->load_state), off);
+
+        if (i->transient)
+                printf("Transient: yes\n");
+
+        if (!strv_isempty(i->dropin_paths)) {
+                _cleanup_free_ char *dir = NULL;
+                bool last = false;
+                char ** dropin;
+
+                STRV_FOREACH(dropin, i->dropin_paths) {
+                        if (! dir || last) {
+                                printf(dir ? "        " : "  Drop-In: ");
+
+                                dir = mfree(dir);
+
+                                dir = dirname_malloc(*dropin);
+                                if (!dir) {
+                                        log_oom();
+                                        return;
+                                }
+
+                                printf("%s\n           %s", dir,
+                                       special_glyph(TREE_RIGHT));
+                        }
+
+                        last = ! (*(dropin + 1) && startswith(*(dropin + 1), dir));
+
+                        printf("%s%s", basename(*dropin), last ? "\n" : ", ");
+                }
+        }
+
+        ss = streq_ptr(i->active_state, i->sub_state) ? NULL : i->sub_state;
+        if (ss)
+                printf("   Active: %s%s (%s)%s",
+                       active_on, strna(i->active_state), ss, active_off);
+        else
+                printf("   Active: %s%s%s",
+                       active_on, strna(i->active_state), active_off);
+
+        if (!isempty(i->result) && !streq(i->result, "success"))
+                printf(" (Result: %s)", i->result);
+
+        timestamp = (streq_ptr(i->active_state, "active")      ||
+                     streq_ptr(i->active_state, "reloading"))   ? i->active_enter_timestamp :
+                    (streq_ptr(i->active_state, "inactive")    ||
+                     streq_ptr(i->active_state, "failed"))      ? i->inactive_enter_timestamp :
+                    streq_ptr(i->active_state, "activating")    ? i->inactive_exit_timestamp :
+                                                                  i->active_exit_timestamp;
+
+        s1 = format_timestamp_relative(since1, sizeof(since1), timestamp);
+        s2 = format_timestamp(since2, sizeof(since2), timestamp);
+
+        if (s1)
+                printf(" since %s; %s\n", s2, s1);
+        else if (s2)
+                printf(" since %s\n", s2);
+        else
+                printf("\n");
+
+        if (!i->condition_result && i->condition_timestamp > 0) {
+                s1 = format_timestamp_relative(since1, sizeof(since1), i->condition_timestamp);
+                s2 = format_timestamp(since2, sizeof(since2), i->condition_timestamp);
+
+                printf("Condition: start %scondition failed%s at %s%s%s\n",
+                       ansi_highlight_yellow(), ansi_normal(),
+                       s2, s1 ? "; " : "", strempty(s1));
+                if (i->failed_condition_trigger)
+                        printf("           none of the trigger conditions were met\n");
+                else if (i->failed_condition)
+                        printf("           %s=%s%s was not met\n",
+                               i->failed_condition,
+                               i->failed_condition_negate ? "!" : "",
+                               i->failed_condition_parameter);
+        }
+
+        if (!i->assert_result && i->assert_timestamp > 0) {
+                s1 = format_timestamp_relative(since1, sizeof(since1), i->assert_timestamp);
+                s2 = format_timestamp(since2, sizeof(since2), i->assert_timestamp);
+
+                printf("   Assert: start %sassertion failed%s at %s%s%s\n",
+                       ansi_highlight_red(), ansi_normal(),
+                       s2, s1 ? "; " : "", strempty(s1));
+                if (i->failed_assert_trigger)
+                        printf("           none of the trigger assertions were met\n");
+                else if (i->failed_assert)
+                        printf("           %s=%s%s was not met\n",
+                               i->failed_assert,
+                               i->failed_assert_negate ? "!" : "",
+                               i->failed_assert_parameter);
+        }
+
+        if (i->sysfs_path)
+                printf("   Device: %s\n", i->sysfs_path);
+        if (i->where)
+                printf("    Where: %s\n", i->where);
+        if (i->what)
+                printf("     What: %s\n", i->what);
+
+        STRV_FOREACH(t, i->documentation)
+                printf(" %*s %s\n", 9, t == i->documentation ? "Docs:" : "", *t);
+
+        STRV_FOREACH_PAIR(t, t2, i->listen)
+                printf(" %*s %s (%s)\n", 9, t == i->listen ? "Listen:" : "", *t2, *t);
+
+        if (i->accept)
+                printf(" Accepted: %u; Connected: %u\n", i->n_accepted, i->n_connections);
+
+        LIST_FOREACH(exec, p, i->exec) {
+                _cleanup_free_ char *argv = NULL;
+                bool good;
+
+                /* Only show exited processes here */
+                if (p->code == 0)
+                        continue;
+
+                argv = strv_join(p->argv, " ");
+                printf("  Process: "PID_FMT" %s=%s ", p->pid, p->name, strna(argv));
+
+                good = is_clean_exit_lsb(p->code, p->status, NULL);
+                if (!good) {
+                        on = ansi_highlight_red();
+                        off = ansi_normal();
+                } else
+                        on = off = "";
+
+                printf("%s(code=%s, ", on, sigchld_code_to_string(p->code));
+
+                if (p->code == CLD_EXITED) {
+                        const char *c;
+
+                        printf("status=%i", p->status);
+
+                        c = exit_status_to_string(p->status, EXIT_STATUS_SYSTEMD);
+                        if (c)
+                                printf("/%s", c);
+
+                } else
+                        printf("signal=%s", signal_to_string(p->status));
+
+                printf(")%s\n", off);
+
+                if (i->main_pid == p->pid &&
+                    i->start_timestamp == p->start_timestamp &&
+                    i->exit_timestamp == p->start_timestamp)
+                        /* Let's not show this twice */
+                        i->main_pid = 0;
+
+                if (p->pid == i->control_pid)
+                        i->control_pid = 0;
+        }
+
+        if (i->main_pid > 0 || i->control_pid > 0) {
+                if (i->main_pid > 0) {
+                        printf(" Main PID: "PID_FMT, i->main_pid);
+
+                        if (i->running) {
+                                _cleanup_free_ char *comm = NULL;
+                                get_process_comm(i->main_pid, &comm);
+                                if (comm)
+                                        printf(" (%s)", comm);
+                        } else if (i->exit_code > 0) {
+                                printf(" (code=%s, ", sigchld_code_to_string(i->exit_code));
+
+                                if (i->exit_code == CLD_EXITED) {
+                                        const char *c;
+
+                                        printf("status=%i", i->exit_status);
+
+                                        c = exit_status_to_string(i->exit_status, EXIT_STATUS_SYSTEMD);
+                                        if (c)
+                                                printf("/%s", c);
+
+                                } else
+                                        printf("signal=%s", signal_to_string(i->exit_status));
+                                printf(")");
+                        }
+
+                        if (i->control_pid > 0)
+                                printf(";");
+                }
+
+                if (i->control_pid > 0) {
+                        _cleanup_free_ char *c = NULL;
+
+                        printf(" %8s: "PID_FMT, i->main_pid ? "" : " Control", i->control_pid);
+
+                        get_process_comm(i->control_pid, &c);
+                        if (c)
+                                printf(" (%s)", c);
+                }
+
+                printf("\n");
+        }
+
+        if (i->status_text)
+                printf("   Status: \"%s\"\n", i->status_text);
+        if (i->status_errno > 0)
+                printf("    Error: %i (%s)\n", i->status_errno, strerror(i->status_errno));
+
+        if (i->tasks_current != (uint64_t) -1) {
+                printf("    Tasks: %" PRIu64, i->tasks_current);
+
+                if (i->tasks_max != (uint64_t) -1)
+                        printf(" (limit: %" PRIi64 ")\n", i->tasks_max);
+                else
+                        printf("\n");
+        }
+
+        if (i->memory_current != (uint64_t) -1) {
+                char buf[FORMAT_BYTES_MAX];
+
+                printf("   Memory: %s", format_bytes(buf, sizeof(buf), i->memory_current));
+
+                if (i->memory_limit != (uint64_t) -1)
+                        printf(" (limit: %s)\n", format_bytes(buf, sizeof(buf), i->memory_limit));
+                else
+                        printf("\n");
+        }
+
+        if (i->cpu_usage_nsec != (uint64_t) -1) {
+                char buf[FORMAT_TIMESPAN_MAX];
+                printf("      CPU: %s\n", format_timespan(buf, sizeof(buf), i->cpu_usage_nsec / NSEC_PER_USEC, USEC_PER_MSEC));
+        }
+
+        if (i->control_group)
+                printf("   CGroup: %s\n", i->control_group);
+
+        {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                static const char prefix[] = "           ";
+                unsigned c;
+
+                c = columns();
+                if (c > sizeof(prefix) - 1)
+                        c -= sizeof(prefix) - 1;
+                else
+                        c = 0;
+
+                r = unit_show_processes(bus, i->id, i->control_group, prefix, c, get_output_flags(), &error);
+                if (r == -EBADR) {
+                        unsigned k = 0;
+                        pid_t extra[2];
+
+                        /* Fallback for older systemd versions where the GetUnitProcesses() call is not yet available */
+
+                        if (i->main_pid > 0)
+                                extra[k++] = i->main_pid;
+
+                        if (i->control_pid > 0)
+                                extra[k++] = i->control_pid;
+
+                        show_cgroup_and_extra(SYSTEMD_CGROUP_CONTROLLER, i->control_group, prefix, c, extra, k, get_output_flags());
+                } else if (r < 0)
+                        log_warning_errno(r, "Failed to dump process list, ignoring: %s", bus_error_message(&error, r));
+        }
+
+        if (i->id && arg_transport == BUS_TRANSPORT_LOCAL)
+                show_journal_by_unit(
+                                stdout,
+                                i->id,
+                                arg_output,
+                                0,
+                                i->inactive_exit_timestamp_monotonic,
+                                arg_lines,
+                                getuid(),
+                                get_output_flags() | OUTPUT_BEGIN_NEWLINE,
+                                SD_JOURNAL_LOCAL_ONLY,
+                                arg_scope == UNIT_FILE_SYSTEM,
+                                ellipsized);
+
+        if (i->need_daemon_reload)
+                warn_unit_file_changed(i->id);
+}
+
+static void show_unit_help(UnitStatusInfo *i) {
+        char **p;
+
+        assert(i);
+
+        if (!i->documentation) {
+                log_info("Documentation for %s not known.", i->id);
+                return;
+        }
+
+        STRV_FOREACH(p, i->documentation)
+                if (startswith(*p, "man:"))
+                        show_man_page(*p + 4, false);
+                else
+                        log_info("Can't show: %s", *p);
+}
+
+static int status_property(const char *name, sd_bus_message *m, UnitStatusInfo *i, const char *contents) {
+        int r;
+
+        assert(name);
+        assert(m);
+        assert(i);
+
+        switch (contents[0]) {
+
+        case SD_BUS_TYPE_STRING: {
+                const char *s;
+
+                r = sd_bus_message_read(m, "s", &s);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (!isempty(s)) {
+                        if (streq(name, "Id"))
+                                i->id = s;
+                        else if (streq(name, "LoadState"))
+                                i->load_state = s;
+                        else if (streq(name, "ActiveState"))
+                                i->active_state = s;
+                        else if (streq(name, "SubState"))
+                                i->sub_state = s;
+                        else if (streq(name, "Description"))
+                                i->description = s;
+                        else if (streq(name, "FragmentPath"))
+                                i->fragment_path = s;
+                        else if (streq(name, "SourcePath"))
+                                i->source_path = s;
+#ifndef NOLEGACY
+                        else if (streq(name, "DefaultControlGroup")) {
+                                const char *e;
+                                e = startswith(s, SYSTEMD_CGROUP_CONTROLLER ":");
+                                if (e)
+                                        i->control_group = e;
+                        }
+#endif
+                        else if (streq(name, "ControlGroup"))
+                                i->control_group = s;
+                        else if (streq(name, "StatusText"))
+                                i->status_text = s;
+                        else if (streq(name, "PIDFile"))
+                                i->pid_file = s;
+                        else if (streq(name, "SysFSPath"))
+                                i->sysfs_path = s;
+                        else if (streq(name, "Where"))
+                                i->where = s;
+                        else if (streq(name, "What"))
+                                i->what = s;
+                        else if (streq(name, "Following"))
+                                i->following = s;
+                        else if (streq(name, "UnitFileState"))
+                                i->unit_file_state = s;
+                        else if (streq(name, "UnitFilePreset"))
+                                i->unit_file_preset = s;
+                        else if (streq(name, "Result"))
+                                i->result = s;
+                }
+
+                break;
+        }
+
+        case SD_BUS_TYPE_BOOLEAN: {
+                int b;
+
+                r = sd_bus_message_read(m, "b", &b);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (streq(name, "Accept"))
+                        i->accept = b;
+                else if (streq(name, "NeedDaemonReload"))
+                        i->need_daemon_reload = b;
+                else if (streq(name, "ConditionResult"))
+                        i->condition_result = b;
+                else if (streq(name, "AssertResult"))
+                        i->assert_result = b;
+                else if (streq(name, "Transient"))
+                        i->transient = b;
+
+                break;
+        }
+
+        case SD_BUS_TYPE_UINT32: {
+                uint32_t u;
+
+                r = sd_bus_message_read(m, "u", &u);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (streq(name, "MainPID")) {
+                        if (u > 0) {
+                                i->main_pid = (pid_t) u;
+                                i->running = true;
+                        }
+                } else if (streq(name, "ControlPID"))
+                        i->control_pid = (pid_t) u;
+                else if (streq(name, "ExecMainPID")) {
+                        if (u > 0)
+                                i->main_pid = (pid_t) u;
+                } else if (streq(name, "NAccepted"))
+                        i->n_accepted = u;
+                else if (streq(name, "NConnections"))
+                        i->n_connections = u;
+
+                break;
+        }
+
+        case SD_BUS_TYPE_INT32: {
+                int32_t j;
+
+                r = sd_bus_message_read(m, "i", &j);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (streq(name, "ExecMainCode"))
+                        i->exit_code = (int) j;
+                else if (streq(name, "ExecMainStatus"))
+                        i->exit_status = (int) j;
+                else if (streq(name, "StatusErrno"))
+                        i->status_errno = (int) j;
+
+                break;
+        }
+
+        case SD_BUS_TYPE_UINT64: {
+                uint64_t u;
+
+                r = sd_bus_message_read(m, "t", &u);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (streq(name, "ExecMainStartTimestamp"))
+                        i->start_timestamp = (usec_t) u;
+                else if (streq(name, "ExecMainExitTimestamp"))
+                        i->exit_timestamp = (usec_t) u;
+                else if (streq(name, "ActiveEnterTimestamp"))
+                        i->active_enter_timestamp = (usec_t) u;
+                else if (streq(name, "InactiveEnterTimestamp"))
+                        i->inactive_enter_timestamp = (usec_t) u;
+                else if (streq(name, "InactiveExitTimestamp"))
+                        i->inactive_exit_timestamp = (usec_t) u;
+                else if (streq(name, "InactiveExitTimestampMonotonic"))
+                        i->inactive_exit_timestamp_monotonic = (usec_t) u;
+                else if (streq(name, "ActiveExitTimestamp"))
+                        i->active_exit_timestamp = (usec_t) u;
+                else if (streq(name, "ConditionTimestamp"))
+                        i->condition_timestamp = (usec_t) u;
+                else if (streq(name, "AssertTimestamp"))
+                        i->assert_timestamp = (usec_t) u;
+                else if (streq(name, "MemoryCurrent"))
+                        i->memory_current = u;
+                else if (streq(name, "MemoryLimit"))
+                        i->memory_limit = u;
+                else if (streq(name, "TasksCurrent"))
+                        i->tasks_current = u;
+                else if (streq(name, "TasksMax"))
+                        i->tasks_max = u;
+                else if (streq(name, "CPUUsageNSec"))
+                        i->cpu_usage_nsec = u;
+
+                break;
+        }
+
+        case SD_BUS_TYPE_ARRAY:
+
+                if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && startswith(name, "Exec")) {
+                        _cleanup_free_ ExecStatusInfo *info = NULL;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sasbttttuii)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        info = new0(ExecStatusInfo, 1);
+                        if (!info)
+                                return log_oom();
+
+                        while ((r = exec_status_info_deserialize(m, info)) > 0) {
+
+                                info->name = strdup(name);
+                                if (!info->name)
+                                        return log_oom();
+
+                                LIST_PREPEND(exec, i->exec, info);
+
+                                info = new0(ExecStatusInfo, 1);
+                                if (!info)
+                                        return log_oom();
+                        }
+
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Listen")) {
+                        const char *type, *path;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(ss)", &type, &path)) > 0) {
+
+                                r = strv_extend(&i->listen, type);
+                                if (r < 0)
+                                        return r;
+
+                                r = strv_extend(&i->listen, path);
+                                if (r < 0)
+                                        return r;
+                        }
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "DropInPaths")) {
+
+                        r = sd_bus_message_read_strv(m, &i->dropin_paths);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "Documentation")) {
+
+                        r = sd_bus_message_read_strv(m, &i->documentation);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Conditions")) {
+                        const char *cond, *param;
+                        int trigger, negate;
+                        int32_t state;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sbbsi)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(sbbsi)", &cond, &trigger, &negate, &param, &state)) > 0) {
+                                log_debug("%s %d %d %s %d", cond, trigger, negate, param, state);
+                                if (state < 0 && (!trigger || !i->failed_condition)) {
+                                        i->failed_condition = cond;
+                                        i->failed_condition_trigger = trigger;
+                                        i->failed_condition_negate = negate;
+                                        i->failed_condition_parameter = param;
+                                }
+                        }
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Asserts")) {
+                        const char *cond, *param;
+                        int trigger, negate;
+                        int32_t state;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sbbsi)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(sbbsi)", &cond, &trigger, &negate, &param, &state)) > 0) {
+                                log_debug("%s %d %d %s %d", cond, trigger, negate, param, state);
+                                if (state < 0 && (!trigger || !i->failed_assert)) {
+                                        i->failed_assert = cond;
+                                        i->failed_assert_trigger = trigger;
+                                        i->failed_assert_negate = negate;
+                                        i->failed_assert_parameter = param;
+                                }
+                        }
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                } else
+                        goto skip;
+
+                break;
+
+        case SD_BUS_TYPE_STRUCT_BEGIN:
+
+                if (streq(name, "LoadError")) {
+                        const char *n, *message;
+
+                        r = sd_bus_message_read(m, "(ss)", &n, &message);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (!isempty(message))
+                                i->load_error = message;
+                } else
+                        goto skip;
+
+                break;
+
+        default:
+                goto skip;
+        }
+
+        return 0;
+
+skip:
+        r = sd_bus_message_skip(m, contents);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return 0;
+}
+
+#define print_prop(name, fmt, ...)                                      \
+        do {                                                            \
+                if (arg_value)                                          \
+                        printf(fmt "\n", __VA_ARGS__);                  \
+                else                                                    \
+                        printf("%s=" fmt "\n", name, __VA_ARGS__);      \
+        } while(0)
+
+static int print_property(const char *name, sd_bus_message *m, const char *contents) {
+        int r;
+
+        assert(name);
+        assert(m);
+
+        /* This is a low-level property printer, see
+         * print_status_info() for the nicer output */
+
+        if (arg_properties && !strv_find(arg_properties, name)) {
+                /* skip what we didn't read */
+                r = sd_bus_message_skip(m, contents);
+                return r;
+        }
+
+        switch (contents[0]) {
+
+        case SD_BUS_TYPE_STRUCT_BEGIN:
+
+                if (contents[1] == SD_BUS_TYPE_UINT32 && streq(name, "Job")) {
+                        uint32_t u;
+
+                        r = sd_bus_message_read(m, "(uo)", &u, NULL);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (u > 0)
+                                print_prop(name, "%"PRIu32, u);
+                        else if (arg_all)
+                                print_prop(name, "%s", "");
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "Unit")) {
+                        const char *s;
+
+                        r = sd_bus_message_read(m, "(so)", &s, NULL);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (arg_all || !isempty(s))
+                                print_prop(name, "%s", s);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "LoadError")) {
+                        const char *a = NULL, *b = NULL;
+
+                        r = sd_bus_message_read(m, "(ss)", &a, &b);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (arg_all || !isempty(a) || !isempty(b))
+                                print_prop(name, "%s \"%s\"", strempty(a), strempty(b));
+
+                        return 0;
+                } else if (streq_ptr(name, "SystemCallFilter")) {
+                        _cleanup_strv_free_ char **l = NULL;
+                        int whitelist;
+
+                        r = sd_bus_message_enter_container(m, 'r', "bas");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_read(m, "b", &whitelist);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_read_strv(m, &l);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (arg_all || whitelist || !strv_isempty(l)) {
+                                bool first = true;
+                                char **i;
+
+                                if (!arg_value) {
+                                        fputs(name, stdout);
+                                        fputc('=', stdout);
+                                }
+
+                                if (!whitelist)
+                                        fputc('~', stdout);
+
+                                STRV_FOREACH(i, l) {
+                                        if (first)
+                                                first = false;
+                                        else
+                                                fputc(' ', stdout);
+
+                                        fputs(*i, stdout);
+                                }
+                                fputc('\n', stdout);
+                        }
+
+                        return 0;
+                }
+
+                break;
+
+        case SD_BUS_TYPE_ARRAY:
+
+                if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "EnvironmentFiles")) {
+                        const char *path;
+                        int ignore;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sb)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(sb)", &path, &ignore)) > 0)
+                                print_prop("EnvironmentFile", "%s (ignore_errors=%s)\n", path, yes_no(ignore));
+
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Paths")) {
+                        const char *type, *path;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(ss)", &type, &path)) > 0)
+                                print_prop(type, "%s", path);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Listen")) {
+                        const char *type, *path;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(ss)", &type, &path)) > 0)
+                                if (arg_value)
+                                        puts(path);
+                                else
+                                        printf("Listen%s=%s\n", type, path);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Timers")) {
+                        const char *base;
+                        uint64_t value, next_elapse;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(stt)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(stt)", &base, &value, &next_elapse)) > 0) {
+                                char timespan1[FORMAT_TIMESPAN_MAX], timespan2[FORMAT_TIMESPAN_MAX];
+
+                                print_prop(base, "{ value=%s ; next_elapse=%s }",
+                                           format_timespan(timespan1, sizeof(timespan1), value, 0),
+                                           format_timespan(timespan2, sizeof(timespan2), next_elapse, 0));
+                        }
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && startswith(name, "Exec")) {
+                        ExecStatusInfo info = {};
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sasbttttuii)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = exec_status_info_deserialize(m, &info)) > 0) {
+                                char timestamp1[FORMAT_TIMESTAMP_MAX], timestamp2[FORMAT_TIMESTAMP_MAX];
+                                _cleanup_free_ char *tt;
+
+                                tt = strv_join(info.argv, " ");
+
+                                print_prop(name,
+                                           "{ path=%s ; argv[]=%s ; ignore_errors=%s ; start_time=[%s] ; stop_time=[%s] ; pid="PID_FMT" ; code=%s ; status=%i%s%s }",
+                                           strna(info.path),
+                                           strna(tt),
+                                           yes_no(info.ignore),
+                                           strna(format_timestamp(timestamp1, sizeof(timestamp1), info.start_timestamp)),
+                                           strna(format_timestamp(timestamp2, sizeof(timestamp2), info.exit_timestamp)),
+                                           info.pid,
+                                           sigchld_code_to_string(info.code),
+                                           info.status,
+                                           info.code == CLD_EXITED ? "" : "/",
+                                           strempty(info.code == CLD_EXITED ? NULL : signal_to_string(info.status)));
+
+                                free(info.path);
+                                strv_free(info.argv);
+                                zero(info);
+                        }
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "DeviceAllow")) {
+                        const char *path, *rwm;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(ss)", &path, &rwm)) > 0)
+                                print_prop(name, "%s %s", strna(path), strna(rwm));
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && (streq(name, "IODeviceWeight") || streq(name, "BlockIODeviceWeight"))) {
+                        const char *path;
+                        uint64_t weight;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(st)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(st)", &path, &weight)) > 0)
+                                print_prop(name, "%s %"PRIu64, strna(path), weight);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+
+                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && (cgroup_io_limit_type_from_string(name) >= 0 ||
+                                                                       streq(name, "BlockIOReadBandwidth") || streq(name, "BlockIOWriteBandwidth"))) {
+                        const char *path;
+                        uint64_t bandwidth;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(st)");
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        while ((r = sd_bus_message_read(m, "(st)", &path, &bandwidth)) > 0)
+                                print_prop(name, "%s %"PRIu64, strna(path), bandwidth);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        return 0;
+                }
+
+                break;
+        }
+
+        r = bus_print_property(name, m, arg_value, arg_all);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (r == 0) {
+                r = sd_bus_message_skip(m, contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (arg_all)
+                        printf("%s=[unprintable]\n", name);
+        }
+
+        return 0;
+}
+
+static int show_one(
+                const char *verb,
+                sd_bus *bus,
+                const char *path,
+                bool show_properties,
+                bool *new_line,
+                bool *ellipsized) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        UnitStatusInfo info = {
+                .memory_current = (uint64_t) -1,
+                .memory_limit = (uint64_t) -1,
+                .cpu_usage_nsec = (uint64_t) -1,
+                .tasks_current = (uint64_t) -1,
+                .tasks_max = (uint64_t) -1,
+        };
+        ExecStatusInfo *p;
+        int r;
+
+        assert(path);
+        assert(new_line);
+
+        log_debug("Showing one %s", path);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.DBus.Properties",
+                        "GetAll",
+                        &error,
+                        &reply,
+                        "s", "");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get properties: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        if (*new_line)
+                printf("\n");
+
+        *new_line = true;
+
+        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
+                const char *name, *contents;
+
+                r = sd_bus_message_read(reply, "s", &name);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_peek_type(reply, NULL, &contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, contents);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                if (show_properties)
+                        r = print_property(name, reply, contents);
+                else
+                        r = status_property(name, reply, &info, contents);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = 0;
+
+        if (!show_properties) {
+                if (streq(verb, "help"))
+                        show_unit_help(&info);
+                else
+                        print_status_info(bus, &info, ellipsized);
+        }
+
+        strv_free(info.documentation);
+        strv_free(info.dropin_paths);
+        strv_free(info.listen);
+
+        if (!streq_ptr(info.active_state, "active") &&
+            !streq_ptr(info.active_state, "reloading") &&
+            streq(verb, "status")) {
+                /* According to LSB: "program not running" */
+                /* 0: program is running or service is OK
+                 * 1: program is dead and /run PID file exists
+                 * 2: program is dead and /run/lock lock file exists
+                 * 3: program is not running
+                 * 4: program or service status is unknown
+                 */
+                if (info.pid_file && access(info.pid_file, F_OK) == 0)
+                        r = 1;
+                else
+                        r = 3;
+        }
+
+        while ((p = info.exec)) {
+                LIST_REMOVE(exec, info.exec, p);
+                exec_status_info_free(p);
+        }
+
+        return r;
+}
+
+static int get_unit_dbus_path_by_pid(
+                sd_bus *bus,
+                uint32_t pid,
+                char **unit) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        char *u;
+        int r;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "GetUnitByPID",
+                        &error,
+                        &reply,
+                        "u", pid);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get unit for PID %"PRIu32": %s", pid, bus_error_message(&error, r));
+
+        r = sd_bus_message_read(reply, "o", &u);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        u = strdup(u);
+        if (!u)
+                return log_oom();
+
+        *unit = u;
+        return 0;
+}
+
+static int show_all(
+                const char* verb,
+                sd_bus *bus,
+                bool show_properties,
+                bool *new_line,
+                bool *ellipsized) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_free_ UnitInfo *unit_infos = NULL;
+        const UnitInfo *u;
+        unsigned c;
+        int r, ret = 0;
+
+        r = get_unit_list(bus, NULL, NULL, &unit_infos, 0, &reply);
+        if (r < 0)
+                return r;
+
+        pager_open(arg_no_pager, false);
+
+        c = (unsigned) r;
+
+        qsort_safe(unit_infos, c, sizeof(UnitInfo), compare_unit_info);
+
+        for (u = unit_infos; u < unit_infos + c; u++) {
+                _cleanup_free_ char *p = NULL;
+
+                p = unit_dbus_path_from_name(u->id);
+                if (!p)
+                        return log_oom();
+
+                r = show_one(verb, bus, p, show_properties, new_line, ellipsized);
+                if (r < 0)
+                        return r;
+                else if (r > 0 && ret == 0)
+                        ret = r;
+        }
+
+        return ret;
+}
+
+static int show_system_status(sd_bus *bus) {
+        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], since2[FORMAT_TIMESTAMP_MAX];
+        _cleanup_free_ char *hn = NULL;
+        _cleanup_(machine_info_clear) struct machine_info mi = {};
+        const char *on, *off;
+        int r;
+
+        hn = gethostname_malloc();
+        if (!hn)
+                return log_oom();
+
+        r = bus_map_all_properties(bus, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", machine_info_property_map, &mi);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read server status: %m");
+
+        if (streq_ptr(mi.state, "degraded")) {
+                on = ansi_highlight_red();
+                off = ansi_normal();
+        } else if (!streq_ptr(mi.state, "running")) {
+                on = ansi_highlight_yellow();
+                off = ansi_normal();
+        } else
+                on = off = "";
+
+        printf("%s%s%s %s\n", on, special_glyph(BLACK_CIRCLE), off, arg_host ? arg_host : hn);
+
+        printf("    State: %s%s%s\n",
+               on, strna(mi.state), off);
+
+        printf("     Jobs: %" PRIu32 " queued\n", mi.n_jobs);
+        printf("   Failed: %" PRIu32 " units\n", mi.n_failed_units);
+
+        printf("    Since: %s; %s\n",
+               format_timestamp(since2, sizeof(since2), mi.timestamp),
+               format_timestamp_relative(since1, sizeof(since1), mi.timestamp));
+
+        printf("   CGroup: %s\n", mi.control_group ?: "/");
+        if (IN_SET(arg_transport,
+                   BUS_TRANSPORT_LOCAL,
+                   BUS_TRANSPORT_MACHINE)) {
+                static const char prefix[] = "           ";
+                unsigned c;
+
+                c = columns();
+                if (c > sizeof(prefix) - 1)
+                        c -= sizeof(prefix) - 1;
+                else
+                        c = 0;
+
+                show_cgroup(SYSTEMD_CGROUP_CONTROLLER, strempty(mi.control_group), prefix, c, get_output_flags());
+        }
+
+        return 0;
+}
+
+static int show(int argc, char *argv[], void *userdata) {
+        bool show_properties, show_status, show_help, new_line = false;
+        bool ellipsized = false;
+        int r, ret = 0;
+        sd_bus *bus;
+
+        assert(argv);
+
+        show_properties = streq(argv[0], "show");
+        show_status = streq(argv[0], "status");
+        show_help = streq(argv[0], "help");
+
+        if (show_help && argc <= 1) {
+                log_error("This command expects one or more unit names. Did you mean --help?");
+                return -EINVAL;
+        }
+
+        pager_open(arg_no_pager, false);
+
+        if (show_status)
+                /* Increase max number of open files to 16K if we can, we
+                 * might needs this when browsing journal files, which might
+                 * be split up into many files. */
+                setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        /* If no argument is specified inspect the manager itself */
+        if (show_properties && argc <= 1)
+                return show_one(argv[0], bus, "/org/freedesktop/systemd1", show_properties, &new_line, &ellipsized);
+
+        if (show_status && argc <= 1) {
+
+                pager_open(arg_no_pager, false);
+                show_system_status(bus);
+                new_line = true;
+
+                if (arg_all)
+                        ret = show_all(argv[0], bus, false, &new_line, &ellipsized);
+        } else {
+                _cleanup_free_ char **patterns = NULL;
+                char **name;
+
+                STRV_FOREACH(name, strv_skip(argv, 1)) {
+                        _cleanup_free_ char *unit = NULL;
+                        uint32_t id;
+
+                        if (safe_atou32(*name, &id) < 0) {
+                                if (strv_push(&patterns, *name) < 0)
+                                        return log_oom();
+
+                                continue;
+                        } else if (show_properties) {
+                                /* Interpret as job id */
+                                if (asprintf(&unit, "/org/freedesktop/systemd1/job/%u", id) < 0)
+                                        return log_oom();
+
+                        } else {
+                                /* Interpret as PID */
+                                r = get_unit_dbus_path_by_pid(bus, id, &unit);
+                                if (r < 0) {
+                                        ret = r;
+                                        continue;
+                                }
+                        }
+
+                        r = show_one(argv[0], bus, unit, show_properties, &new_line, &ellipsized);
+                        if (r < 0)
+                                return r;
+                        else if (r > 0 && ret == 0)
+                                ret = r;
+                }
+
+                if (!strv_isempty(patterns)) {
+                        _cleanup_strv_free_ char **names = NULL;
+
+                        r = expand_names(bus, patterns, NULL, &names);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to expand names: %m");
+
+                        STRV_FOREACH(name, names) {
+                                _cleanup_free_ char *unit;
+
+                                unit = unit_dbus_path_from_name(*name);
+                                if (!unit)
+                                        return log_oom();
+
+                                r = show_one(argv[0], bus, unit, show_properties, &new_line, &ellipsized);
+                                if (r < 0)
+                                        return r;
+                                else if (r > 0 && ret == 0)
+                                        ret = r;
+                        }
+                }
+        }
+
+        if (ellipsized && !arg_quiet)
+                printf("Hint: Some lines were ellipsized, use -l to show in full.\n");
+
+        return ret;
+}
+
+static int cat_file(const char *filename, bool newline) {
+        _cleanup_close_ int fd;
+
+        fd = open(filename, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+        if (fd < 0)
+                return -errno;
+
+        printf("%s%s# %s%s\n",
+               newline ? "\n" : "",
+               ansi_highlight_blue(),
+               filename,
+               ansi_normal());
+        fflush(stdout);
+
+        return copy_bytes(fd, STDOUT_FILENO, (uint64_t) -1, false);
+}
+
+static int cat(int argc, char *argv[], void *userdata) {
+        _cleanup_lookup_paths_free_ LookupPaths lp = {};
+        _cleanup_strv_free_ char **names = NULL;
+        char **name;
+        sd_bus *bus;
+        bool first = true;
+        int r;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL) {
+                log_error("Cannot remotely cat units.");
+                return -EINVAL;
+        }
+
+        r = lookup_paths_init(&lp, arg_scope, 0, arg_root);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine unit paths: %m");
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
+        if (r < 0)
+                return log_error_errno(r, "Failed to expand names: %m");
+
+        pager_open(arg_no_pager, false);
+
+        STRV_FOREACH(name, names) {
+                _cleanup_free_ char *fragment_path = NULL;
+                _cleanup_strv_free_ char **dropin_paths = NULL;
+                char **path;
+
+                r = unit_find_paths(bus, *name, &lp, &fragment_path, &dropin_paths);
+                if (r < 0)
+                        return r;
+                else if (r == 0)
+                        return -ENOENT;
+
+                if (first)
+                        first = false;
+                else
+                        puts("");
+
+                if (fragment_path) {
+                        r = cat_file(fragment_path, false);
+                        if (r < 0)
+                                return log_warning_errno(r, "Failed to cat %s: %m", fragment_path);
+                }
+
+                STRV_FOREACH(path, dropin_paths) {
+                        r = cat_file(*path, path == dropin_paths);
+                        if (r < 0)
+                                return log_warning_errno(r, "Failed to cat %s: %m", *path);
+                }
+        }
+
+        return 0;
+}
+
+static int set_property(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_free_ char *n = NULL;
+        sd_bus *bus;
+        char **i;
+        int r;
+
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "SetUnitProperties");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = unit_name_mangle(argv[1], UNIT_NAME_NOGLOB, &n);
+        if (r < 0)
+                return log_error_errno(r, "Failed to mangle unit name: %m");
+
+        r = sd_bus_message_append(m, "sb", n, arg_runtime);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, "(sv)");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        STRV_FOREACH(i, strv_skip(argv, 2)) {
+                r = bus_append_unit_property_assignment(m, *i);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, m, 0, &error, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to set unit properties on %s: %s", n, bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int daemon_reload(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *method;
+        sd_bus *bus;
+        int r;
+
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        if (arg_action == ACTION_RELOAD)
+                method = "Reload";
+        else if (arg_action == ACTION_REEXEC)
+                method = "Reexecute";
+        else {
+                assert(arg_action == ACTION_SYSTEMCTL);
+
+                method =
+                        streq(argv[0], "clear-jobs")    ||
+                        streq(argv[0], "cancel")        ? "ClearJobs" :
+                        streq(argv[0], "daemon-reexec") ? "Reexecute" :
+                        streq(argv[0], "reset-failed")  ? "ResetFailed" :
+                        streq(argv[0], "halt")          ? "Halt" :
+                        streq(argv[0], "poweroff")      ? "PowerOff" :
+                        streq(argv[0], "reboot")        ? "Reboot" :
+                        streq(argv[0], "kexec")         ? "KExec" :
+                        streq(argv[0], "exit")          ? "Exit" :
+                                    /* "daemon-reload" */ "Reload";
+        }
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        method,
+                        &error,
+                        NULL,
+                        NULL);
+        if (r == -ENOENT && arg_action != ACTION_SYSTEMCTL)
+                /* There's always a fallback possible for
+                 * legacy actions. */
+                r = -EADDRNOTAVAIL;
+        else if ((r == -ETIMEDOUT || r == -ECONNRESET) && streq(method, "Reexecute"))
+                /* On reexecution, we expect a disconnect, not a
+                 * reply */
+                r = 0;
+        else if (r < 0)
+                return log_error_errno(r, "Failed to reload daemon: %s", bus_error_message(&error, r));
+
+        return r < 0 ? r : 0;
+}
+
+static int reset_failed(int argc, char *argv[], void *userdata) {
+        _cleanup_strv_free_ char **names = NULL;
+        sd_bus *bus;
+        char **name;
+        int r, q;
+
+        if (argc <= 1)
+                return daemon_reload(argc, argv, userdata);
+
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
+        if (r < 0)
+                return log_error_errno(r, "Failed to expand names: %m");
+
+        STRV_FOREACH(name, names) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+
+                q = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "ResetFailedUnit",
+                                &error,
+                                NULL,
+                                "s", *name);
+                if (q < 0) {
+                        log_error_errno(q, "Failed to reset failed state of unit %s: %s", *name, bus_error_message(&error, q));
+                        if (r == 0)
+                                r = q;
+                }
+        }
+
+        return r;
+}
+
+static int show_environment(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *text;
+        sd_bus *bus;
+        int r;
+
+        pager_open(arg_no_pager, false);
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_get_property(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "Environment",
+                        &error,
+                        &reply,
+                        "as");
+        if (r < 0)
+                return log_error_errno(r, "Failed to get environment: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "s");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        while ((r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_STRING, &text)) > 0)
+                puts(text);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        return 0;
+}
+
+static int switch_root(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_free_ char *cmdline_init = NULL;
+        const char *root, *init;
+        sd_bus *bus;
+        int r;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL) {
+                log_error("Cannot switch root remotely.");
+                return -EINVAL;
+        }
+
+        if (argc < 2 || argc > 3) {
+                log_error("Wrong number of arguments.");
+                return -EINVAL;
+        }
+
+        root = argv[1];
+
+        if (argc >= 3)
+                init = argv[2];
+        else {
+                r = parse_env_file("/proc/cmdline", WHITESPACE,
+                                   "init", &cmdline_init,
+                                   NULL);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to parse /proc/cmdline: %m");
+
+                init = cmdline_init;
+        }
+
+        if (isempty(init))
+                init = NULL;
+
+        if (init) {
+                const char *root_systemd_path = NULL, *root_init_path = NULL;
+
+                root_systemd_path = strjoina(root, "/" SYSTEMD_BINARY_PATH);
+                root_init_path = strjoina(root, "/", init);
+
+                /* If the passed init is actually the same as the
+                 * systemd binary, then let's suppress it. */
+                if (files_same(root_init_path, root_systemd_path) > 0)
+                        init = NULL;
+        }
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        log_debug("Switching root - root: %s; init: %s", root, strna(init));
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "SwitchRoot",
+                        &error,
+                        NULL,
+                        "ss", root, init);
+        if (r < 0)
+                return log_error_errno(r, "Failed to switch root: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int set_environment(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        const char *method;
+        sd_bus *bus;
+        int r;
+
+        assert(argc > 1);
+        assert(argv);
+
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        method = streq(argv[0], "set-environment")
+                ? "SetEnvironment"
+                : "UnsetEnvironment";
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        method);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_append_strv(m, strv_skip(argv, 1));
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, m, 0, &error, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to set environment: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int import_environment(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        sd_bus *bus;
+        int r;
+
+        polkit_agent_open_if_enabled();
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "SetEnvironment");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        if (argc < 2)
+                r = sd_bus_message_append_strv(m, environ);
+        else {
+                char **a, **b;
+
+                r = sd_bus_message_open_container(m, 'a', "s");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                STRV_FOREACH(a, strv_skip(argv, 1)) {
+
+                        if (!env_name_is_valid(*a)) {
+                                log_error("Not a valid environment variable name: %s", *a);
+                                return -EINVAL;
+                        }
+
+                        STRV_FOREACH(b, environ) {
+                                const char *eq;
+
+                                eq = startswith(*b, *a);
+                                if (eq && *eq == '=') {
+
+                                        r = sd_bus_message_append(m, "s", *b);
+                                        if (r < 0)
+                                                return bus_log_create_error(r);
+
+                                        break;
+                                }
+                        }
+                }
+
+                r = sd_bus_message_close_container(m);
+        }
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_call(bus, m, 0, &error, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to import environment: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int enable_sysv_units(const char *verb, char **args) {
+        int r = 0;
+
+#if defined(HAVE_SYSV_COMPAT)
+        _cleanup_lookup_paths_free_ LookupPaths paths = {};
+        unsigned f = 0;
+
+        /* Processes all SysV units, and reshuffles the array so that afterwards only the native units remain */
+
+        if (arg_scope != UNIT_FILE_SYSTEM)
+                return 0;
+
+        if (getenv_bool("SYSTEMCTL_SKIP_SYSV") > 0)
+                return 0;
+
+        if (!STR_IN_SET(verb,
+                        "enable",
+                        "disable",
+                        "is-enabled"))
+                return 0;
+
+        r = lookup_paths_init(&paths, arg_scope, LOOKUP_PATHS_EXCLUDE_GENERATED, arg_root);
+        if (r < 0)
+                return r;
+
+        r = 0;
+        while (args[f]) {
+
+                const char *argv[] = {
+                        ROOTLIBEXECDIR "/systemd-sysv-install",
+                        NULL,
+                        NULL,
+                        NULL,
+                        NULL,
+                };
+
+                _cleanup_free_ char *p = NULL, *q = NULL, *l = NULL;
+                bool found_native = false, found_sysv;
+                siginfo_t status;
+                const char *name;
+                unsigned c = 1;
+                pid_t pid;
+                int j;
+
+                name = args[f++];
+
+                if (!endswith(name, ".service"))
+                        continue;
+
+                if (path_is_absolute(name))
+                        continue;
+
+                j = unit_file_exists(arg_scope, &paths, name);
+                if (j < 0 && !IN_SET(j, -ELOOP, -ERFKILL, -EADDRNOTAVAIL))
+                        return log_error_errno(j, "Failed to lookup unit file state: %m");
+                found_native = j != 0;
+
+                /* If we have both a native unit and a SysV script, enable/disable them both (below); for is-enabled,
+                 * prefer the native unit */
+                if (found_native && streq(verb, "is-enabled"))
+                        continue;
+
+                p = path_join(arg_root, SYSTEM_SYSVINIT_PATH, name);
+                if (!p)
+                        return log_oom();
+
+                p[strlen(p) - strlen(".service")] = 0;
+                found_sysv = access(p, F_OK) >= 0;
+                if (!found_sysv)
+                        continue;
+
+                if (found_native)
+                        log_info("Synchronizing state of %s with SysV service script with %s.", name, argv[0]);
+                else
+                        log_info("%s is not a native service, redirecting to systemd-sysv-install.", name);
+
+                if (!isempty(arg_root))
+                        argv[c++] = q = strappend("--root=", arg_root);
+
+                argv[c++] = verb;
+                argv[c++] = basename(p);
+                argv[c] = NULL;
+
+                l = strv_join((char**)argv, " ");
+                if (!l)
+                        return log_oom();
+
+                log_info("Executing: %s", l);
+
+                pid = fork();
+                if (pid < 0)
+                        return log_error_errno(errno, "Failed to fork: %m");
+                else if (pid == 0) {
+                        /* Child */
+
+                        (void) reset_all_signal_handlers();
+                        (void) reset_signal_mask();
+
+                        execv(argv[0], (char**) argv);
+                        log_error_errno(errno, "Failed to execute %s: %m", argv[0]);
+                        _exit(EXIT_FAILURE);
+                }
+
+                j = wait_for_terminate(pid, &status);
+                if (j < 0) {
+                        log_error_errno(j, "Failed to wait for child: %m");
+                        return j;
+                }
+
+                if (status.si_code == CLD_EXITED) {
+                        if (streq(verb, "is-enabled")) {
+                                if (status.si_status == 0) {
+                                        if (!arg_quiet)
+                                                puts("enabled");
+                                        r = 1;
+                                } else {
+                                        if (!arg_quiet)
+                                                puts("disabled");
+                                }
+
+                        } else if (status.si_status != 0)
+                                return -EBADE; /* We don't warn here, under the assumption the script already showed an explanation */
+                } else {
+                        log_error("Unexpected waitid() result.");
+                        return -EPROTO;
+                }
+
+                if (found_native)
+                        continue;
+
+                /* Remove this entry, so that we don't try enabling it as native unit */
+                assert(f > 0);
+                f--;
+                assert(args[f] == name);
+                strv_remove(args, name);
+        }
+
+#endif
+        return r;
+}
+
+static int mangle_names(char **original_names, char ***mangled_names) {
+        char **i, **l, **name;
+        int r;
+
+        l = i = new(char*, strv_length(original_names) + 1);
+        if (!l)
+                return log_oom();
+
+        STRV_FOREACH(name, original_names) {
+
+                /* When enabling units qualified path names are OK,
+                 * too, hence allow them explicitly. */
+
+                if (is_path(*name)) {
+                        *i = strdup(*name);
+                        if (!*i) {
+                                strv_free(l);
+                                return log_oom();
+                        }
+                } else {
+                        r = unit_name_mangle(*name, UNIT_NAME_NOGLOB, i);
+                        if (r < 0) {
+                                strv_free(l);
+                                return log_error_errno(r, "Failed to mangle unit name: %m");
+                        }
+                }
+
+                i++;
+        }
+
+        *i = NULL;
+        *mangled_names = l;
+
+        return 0;
+}
+
+static int enable_unit(int argc, char *argv[], void *userdata) {
+        _cleanup_strv_free_ char **names = NULL;
+        const char *verb = argv[0];
+        UnitFileChange *changes = NULL;
+        unsigned n_changes = 0;
+        int carries_install_info = -1;
+        bool ignore_carries_install_info = arg_quiet;
+        int r;
+
+        if (!argv[1])
+                return 0;
+
+        r = mangle_names(strv_skip(argv, 1), &names);
+        if (r < 0)
+                return r;
+
+        r = enable_sysv_units(verb, names);
+        if (r < 0)
+                return r;
+
+        /* If the operation was fully executed by the SysV compat, let's finish early */
+        if (strv_isempty(names)) {
+                if (arg_no_reload || install_client_side())
+                        return 0;
+                return daemon_reload(argc, argv, userdata);
+        }
+
+        if (install_client_side()) {
+                if (streq(verb, "enable")) {
+                        r = unit_file_enable(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                        carries_install_info = r;
+                } else if (streq(verb, "disable"))
+                        r = unit_file_disable(arg_scope, arg_runtime, arg_root, names, &changes, &n_changes);
+                else if (streq(verb, "reenable")) {
+                        r = unit_file_reenable(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                        carries_install_info = r;
+                } else if (streq(verb, "link"))
+                        r = unit_file_link(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                else if (streq(verb, "preset")) {
+                        r = unit_file_preset(arg_scope, arg_runtime, arg_root, names, arg_preset_mode, arg_force, &changes, &n_changes);
+                } else if (streq(verb, "mask"))
+                        r = unit_file_mask(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
+                else if (streq(verb, "unmask"))
+                        r = unit_file_unmask(arg_scope, arg_runtime, arg_root, names, &changes, &n_changes);
+                else if (streq(verb, "revert"))
+                        r = unit_file_revert(arg_scope, arg_root, names, &changes, &n_changes);
+                else
+                        assert_not_reached("Unknown verb");
+
+                unit_file_dump_changes(r, verb, changes, n_changes, arg_quiet);
+                if (r < 0)
+                        return r;
+                r = 0;
+        } else {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                bool expect_carries_install_info = false;
+                bool send_runtime = true, send_force = true, send_preset_mode = false;
+                const char *method;
+                sd_bus *bus;
+
+                polkit_agent_open_if_enabled();
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        return r;
+
+                if (streq(verb, "enable")) {
+                        method = "EnableUnitFiles";
+                        expect_carries_install_info = true;
+                } else if (streq(verb, "disable")) {
+                        method = "DisableUnitFiles";
+                        send_force = false;
+                } else if (streq(verb, "reenable")) {
+                        method = "ReenableUnitFiles";
+                        expect_carries_install_info = true;
+                } else if (streq(verb, "link"))
+                        method = "LinkUnitFiles";
+                else if (streq(verb, "preset")) {
+
+                        if (arg_preset_mode != UNIT_FILE_PRESET_FULL) {
+                                method = "PresetUnitFilesWithMode";
+                                send_preset_mode = true;
+                        } else
+                                method = "PresetUnitFiles";
+
+                        expect_carries_install_info = true;
+                        ignore_carries_install_info = true;
+                } else if (streq(verb, "mask"))
+                        method = "MaskUnitFiles";
+                else if (streq(verb, "unmask")) {
+                        method = "UnmaskUnitFiles";
+                        send_force = false;
+                } else if (streq(verb, "revert")) {
+                        method = "RevertUnitFiles";
+                        send_runtime = send_force = false;
+                } else
+                        assert_not_reached("Unknown verb");
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &m,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                method);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append_strv(m, names);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                if (send_preset_mode) {
+                        r = sd_bus_message_append(m, "s", unit_file_preset_mode_to_string(arg_preset_mode));
+                        if (r < 0)
+                                return bus_log_create_error(r);
+                }
+
+                if (send_runtime) {
+                        r = sd_bus_message_append(m, "b", arg_runtime);
+                        if (r < 0)
+                                return bus_log_create_error(r);
+                }
+
+                if (send_force) {
+                        r = sd_bus_message_append(m, "b", arg_force);
+                        if (r < 0)
+                                return bus_log_create_error(r);
+                }
+
+                r = sd_bus_call(bus, m, 0, &error, &reply);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to %s unit: %s", verb, bus_error_message(&error, r));
+
+                if (expect_carries_install_info) {
+                        r = sd_bus_message_read(reply, "b", &carries_install_info);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+                }
+
+                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
+                if (r < 0)
+                        return r;
+
+                /* Try to reload if enabled */
+                if (!arg_no_reload)
+                        r = daemon_reload(argc, argv, userdata);
+                else
+                        r = 0;
+        }
+
+        if (carries_install_info == 0 && !ignore_carries_install_info)
+                log_warning("The unit files have no installation config (WantedBy, RequiredBy, Also, Alias\n"
+                            "settings in the [Install] section, and DefaultInstance for template units).\n"
+                            "This means they are not meant to be enabled using systemctl.\n"
+                            "Possible reasons for having this kind of units are:\n"
+                            "1) A unit may be statically enabled by being symlinked from another unit's\n"
+                            "   .wants/ or .requires/ directory.\n"
+                            "2) A unit's purpose may be to act as a helper for some other unit which has\n"
+                            "   a requirement dependency on it.\n"
+                            "3) A unit may be started when needed via activation (socket, path, timer,\n"
+                            "   D-Bus, udev, scripted systemctl call, ...).\n"
+                            "4) In case of template units, the unit is meant to be enabled with some\n"
+                            "   instance name specified.");
+
+        if (arg_now && n_changes > 0 && STR_IN_SET(argv[0], "enable", "disable", "mask")) {
+                char *new_args[n_changes + 2];
+                sd_bus *bus;
+                unsigned i;
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        goto finish;
+
+                new_args[0] = (char*) (streq(argv[0], "enable") ? "start" : "stop");
+                for (i = 0; i < n_changes; i++)
+                        new_args[i + 1] = basename(changes[i].path);
+                new_args[i + 1] = NULL;
+
+                r = start_unit(strv_length(new_args), new_args, userdata);
+        }
+
+finish:
+        unit_file_changes_free(changes, n_changes);
+
+        return r;
+}
+
+static int add_dependency(int argc, char *argv[], void *userdata) {
+        _cleanup_strv_free_ char **names = NULL;
+        _cleanup_free_ char *target = NULL;
+        const char *verb = argv[0];
+        UnitFileChange *changes = NULL;
+        unsigned n_changes = 0;
+        UnitDependency dep;
+        int r = 0;
+
+        if (!argv[1])
+                return 0;
+
+        r = unit_name_mangle_with_suffix(argv[1], UNIT_NAME_NOGLOB, ".target", &target);
+        if (r < 0)
+                return log_error_errno(r, "Failed to mangle unit name: %m");
+
+        r = mangle_names(strv_skip(argv, 2), &names);
+        if (r < 0)
+                return r;
+
+        if (streq(verb, "add-wants"))
+                dep = UNIT_WANTS;
+        else if (streq(verb, "add-requires"))
+                dep = UNIT_REQUIRES;
+        else
+                assert_not_reached("Unknown verb");
+
+        if (install_client_side()) {
+                r = unit_file_add_dependency(arg_scope, arg_runtime, arg_root, names, target, dep, arg_force, &changes, &n_changes);
+                unit_file_dump_changes(r, "add dependency on", changes, n_changes, arg_quiet);
+
+                if (r > 0)
+                        r = 0;
+        } else {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                sd_bus *bus;
+
+                polkit_agent_open_if_enabled();
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &m,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "AddDependencyUnitFiles");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append_strv(m, names);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append(m, "ssbb", target, unit_dependency_to_string(dep), arg_runtime, arg_force);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_call(bus, m, 0, &error, &reply);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add dependency: %s", bus_error_message(&error, r));
+
+                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
+                if (r < 0)
+                        goto finish;
+
+                if (arg_no_reload) {
+                        r = 0;
+                        goto finish;
+                }
+
+                r = daemon_reload(argc, argv, userdata);
+        }
+
+finish:
+        unit_file_changes_free(changes, n_changes);
+
+        return r;
+}
+
+static int preset_all(int argc, char *argv[], void *userdata) {
+        UnitFileChange *changes = NULL;
+        unsigned n_changes = 0;
+        int r;
+
+        if (install_client_side()) {
+                r = unit_file_preset_all(arg_scope, arg_runtime, arg_root, arg_preset_mode, arg_force, &changes, &n_changes);
+                unit_file_dump_changes(r, "preset", changes, n_changes, arg_quiet);
+
+                if (r > 0)
+                        r = 0;
+        } else {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                sd_bus *bus;
+
+                polkit_agent_open_if_enabled();
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "PresetAllUnitFiles",
+                                &error,
+                                &reply,
+                                "sbb",
+                                unit_file_preset_mode_to_string(arg_preset_mode),
+                                arg_runtime,
+                                arg_force);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to preset all units: %s", bus_error_message(&error, r));
+
+                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
+                if (r < 0)
+                        goto finish;
+
+                if (arg_no_reload) {
+                        r = 0;
+                        goto finish;
+                }
+
+                r = daemon_reload(argc, argv, userdata);
+        }
+
+finish:
+        unit_file_changes_free(changes, n_changes);
+
+        return r;
+}
+
+static int unit_is_enabled(int argc, char *argv[], void *userdata) {
+
+        _cleanup_strv_free_ char **names = NULL;
+        bool enabled;
+        char **name;
+        int r;
+
+        r = mangle_names(strv_skip(argv, 1), &names);
+        if (r < 0)
+                return r;
+
+        r = enable_sysv_units(argv[0], names);
+        if (r < 0)
+                return r;
+
+        enabled = r > 0;
+
+        if (install_client_side()) {
+
+                STRV_FOREACH(name, names) {
+                        UnitFileState state;
+
+                        r = unit_file_get_state(arg_scope, arg_root, *name, &state);
+                        if (r < 0)
+                                return log_error_errno(state, "Failed to get unit file state for %s: %m", *name);
+
+                        if (IN_SET(state,
+                                   UNIT_FILE_ENABLED,
+                                   UNIT_FILE_ENABLED_RUNTIME,
+                                   UNIT_FILE_STATIC,
+                                   UNIT_FILE_INDIRECT,
+                                   UNIT_FILE_GENERATED))
+                                enabled = true;
+
+                        if (!arg_quiet)
+                                puts(unit_file_state_to_string(state));
+                }
+
+                r = 0;
+        } else {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                sd_bus *bus;
+
+                r = acquire_bus(BUS_MANAGER, &bus);
+                if (r < 0)
+                        return r;
+
+                STRV_FOREACH(name, names) {
+                        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                        const char *s;
+
+                        r = sd_bus_call_method(
+                                        bus,
+                                        "org.freedesktop.systemd1",
+                                        "/org/freedesktop/systemd1",
+                                        "org.freedesktop.systemd1.Manager",
+                                        "GetUnitFileState",
+                                        &error,
+                                        &reply,
+                                        "s", *name);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get unit file state for %s: %s", *name, bus_error_message(&error, r));
+
+                        r = sd_bus_message_read(reply, "s", &s);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        if (STR_IN_SET(s, "enabled", "enabled-runtime", "static", "indirect", "generated"))
+                                enabled = true;
+
+                        if (!arg_quiet)
+                                puts(s);
+                }
+        }
+
+        return enabled ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+static int is_system_running(int argc, char *argv[], void *userdata) {
+        _cleanup_free_ char *state = NULL;
+        sd_bus *bus;
+        int r;
+
+        if (running_in_chroot() > 0 || (arg_transport == BUS_TRANSPORT_LOCAL && !sd_booted())) {
+                if (!arg_quiet)
+                        puts("offline");
+                return EXIT_FAILURE;
+        }
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_get_property_string(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "SystemState",
+                        NULL,
+                        &state);
+        if (r < 0) {
+                if (!arg_quiet)
+                        puts("unknown");
+                return 0;
+        }
+
+        if (!arg_quiet)
+                puts(state);
+
+        return streq(state, "running") ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+static int create_edit_temp_file(const char *new_path, const char *original_path, char **ret_tmp_fn) {
+        _cleanup_free_ char *t = NULL;
+        int r;
+
+        assert(new_path);
+        assert(original_path);
+        assert(ret_tmp_fn);
+
+        r = tempfn_random(new_path, NULL, &t);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine temporary filename for \"%s\": %m", new_path);
+
+        r = mkdir_parents(new_path, 0755);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create directories for \"%s\": %m", new_path);
+
+        r = copy_file(original_path, t, 0, 0644, 0);
+        if (r == -ENOENT) {
+
+                r = touch(t);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to create temporary file \"%s\": %m", t);
+
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to copy \"%s\" to \"%s\": %m", original_path, t);
+
+        *ret_tmp_fn = t;
+        t = NULL;
+
+        return 0;
+}
+
+static int get_file_to_edit(
+                const LookupPaths *paths,
+                const char *name,
+                char **ret_path) {
+
+        _cleanup_free_ char *path = NULL, *run = NULL;
+
+        assert(name);
+        assert(ret_path);
+
+        path = strjoin(paths->persistent_config, "/", name, NULL);
+        if (!path)
+                return log_oom();
+
+        if (arg_runtime) {
+                run = strjoin(paths->runtime_config, name, NULL);
+                if (!run)
+                        return log_oom();
+        }
+
+        if (arg_runtime) {
+                if (access(path, F_OK) >= 0) {
+                        log_error("Refusing to create \"%s\" because it would be overridden by \"%s\" anyway.", run, path);
+                        return -EEXIST;
+                }
+
+                *ret_path = run;
+                run = NULL;
+        } else {
+                *ret_path = path;
+                path = NULL;
+        }
+
+        return 0;
+}
+
+static int unit_file_create_dropin(
+                const LookupPaths *paths,
+                const char *unit_name,
+                char **ret_new_path,
+                char **ret_tmp_path) {
+
+        char *tmp_new_path, *tmp_tmp_path, *ending;
+        int r;
+
+        assert(unit_name);
+        assert(ret_new_path);
+        assert(ret_tmp_path);
+
+        ending = strjoina(unit_name, ".d/override.conf");
+        r = get_file_to_edit(paths, ending, &tmp_new_path);
+        if (r < 0)
+                return r;
+
+        r = create_edit_temp_file(tmp_new_path, tmp_new_path, &tmp_tmp_path);
+        if (r < 0) {
+                free(tmp_new_path);
+                return r;
+        }
+
+        *ret_new_path = tmp_new_path;
+        *ret_tmp_path = tmp_tmp_path;
+
+        return 0;
+}
+
+static int unit_file_create_copy(
+                const LookupPaths *paths,
+                const char *unit_name,
+                const char *fragment_path,
+                char **ret_new_path,
+                char **ret_tmp_path) {
+
+        char *tmp_new_path, *tmp_tmp_path;
+        int r;
+
+        assert(fragment_path);
+        assert(unit_name);
+        assert(ret_new_path);
+        assert(ret_tmp_path);
+
+        r = get_file_to_edit(paths, unit_name, &tmp_new_path);
+        if (r < 0)
+                return r;
+
+        if (!path_equal(fragment_path, tmp_new_path) && access(tmp_new_path, F_OK) == 0) {
+                char response;
+
+                r = ask_char(&response, "yn", "\"%s\" already exists. Overwrite with \"%s\"? [(y)es, (n)o] ", tmp_new_path, fragment_path);
+                if (r < 0) {
+                        free(tmp_new_path);
+                        return r;
+                }
+                if (response != 'y') {
+                        log_warning("%s ignored", unit_name);
+                        free(tmp_new_path);
+                        return -1;
+                }
+        }
+
+        r = create_edit_temp_file(tmp_new_path, fragment_path, &tmp_tmp_path);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create temporary file for \"%s\": %m", tmp_new_path);
+                free(tmp_new_path);
+                return r;
+        }
+
+        *ret_new_path = tmp_new_path;
+        *ret_tmp_path = tmp_tmp_path;
+
+        return 0;
+}
+
+static int run_editor(char **paths) {
+        pid_t pid;
+        int r;
+
+        assert(paths);
+
+        pid = fork();
+        if (pid < 0)
+                return log_error_errno(errno, "Failed to fork: %m");
+
+        if (pid == 0) {
+                const char **args;
+                char *editor, **editor_args = NULL;
+                char **tmp_path, **original_path, *p;
+                unsigned n_editor_args = 0, i = 1;
+                size_t argc;
+
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+
+                argc = strv_length(paths)/2 + 1;
+
+                /* SYSTEMD_EDITOR takes precedence over EDITOR which takes precedence over VISUAL
+                 * If neither SYSTEMD_EDITOR nor EDITOR nor VISUAL are present,
+                 * we try to execute well known editors
+                 */
+                editor = getenv("SYSTEMD_EDITOR");
+                if (!editor)
+                        editor = getenv("EDITOR");
+                if (!editor)
+                        editor = getenv("VISUAL");
+
+                if (!isempty(editor)) {
+                        editor_args = strv_split(editor, WHITESPACE);
+                        if (!editor_args) {
+                                (void) log_oom();
+                                _exit(EXIT_FAILURE);
+                        }
+                        n_editor_args = strv_length(editor_args);
+                        argc += n_editor_args - 1;
+                }
+                args = newa(const char*, argc + 1);
+
+                if (n_editor_args > 0) {
+                        args[0] = editor_args[0];
+                        for (; i < n_editor_args; i++)
+                                args[i] = editor_args[i];
+                }
+
+                STRV_FOREACH_PAIR(original_path, tmp_path, paths) {
+                        args[i] = *tmp_path;
+                        i++;
+                }
+                args[i] = NULL;
+
+                if (n_editor_args > 0)
+                        execvp(args[0], (char* const*) args);
+
+                FOREACH_STRING(p, "editor", "nano", "vim", "vi") {
+                        args[0] = p;
+                        execvp(p, (char* const*) args);
+                        /* We do not fail if the editor doesn't exist
+                         * because we want to try each one of them before
+                         * failing.
+                         */
+                        if (errno != ENOENT) {
+                                log_error_errno(errno, "Failed to execute %s: %m", editor);
+                                _exit(EXIT_FAILURE);
+                        }
+                }
+
+                log_error("Cannot edit unit(s), no editor available. Please set either $SYSTEMD_EDITOR, $EDITOR or $VISUAL.");
+                _exit(EXIT_FAILURE);
+        }
+
+        r = wait_for_terminate_and_warn("editor", pid, true);
+        if (r < 0)
+                return log_error_errno(r, "Failed to wait for child: %m");
+
+        return 0;
+}
+
+static int find_paths_to_edit(sd_bus *bus, char **names, char ***paths) {
+        _cleanup_lookup_paths_free_ LookupPaths lp = {};
+        char **name;
+        int r;
+
+        assert(names);
+        assert(paths);
+
+        r = lookup_paths_init(&lp, arg_scope, 0, arg_root);
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH(name, names) {
+                _cleanup_free_ char *path = NULL, *new_path = NULL, *tmp_path = NULL;
+
+                r = unit_find_paths(bus, *name, &lp, &path, NULL);
+                if (r < 0)
+                        return r;
+                else if (r == 0)
+                        return -ENOENT;
+                else if (!path) {
+                        // FIXME: support units with path==NULL (no FragmentPath)
+                        log_error("No fragment exists for %s.", *name);
+                        return -ENOENT;
+                }
+
+                if (arg_full)
+                        r = unit_file_create_copy(&lp, *name, path, &new_path, &tmp_path);
+                else
+                        r = unit_file_create_dropin(&lp, *name, &new_path, &tmp_path);
+                if (r < 0)
+                        return r;
+
+                r = strv_push_pair(paths, new_path, tmp_path);
+                if (r < 0)
+                        return log_oom();
+                new_path = tmp_path = NULL;
+        }
+
+        return 0;
+}
+
+static int edit(int argc, char *argv[], void *userdata) {
+        _cleanup_strv_free_ char **names = NULL;
+        _cleanup_strv_free_ char **paths = NULL;
+        char **original, **tmp;
+        sd_bus *bus;
+        int r;
+
+        if (!on_tty()) {
+                log_error("Cannot edit units if not on a tty.");
+                return -EINVAL;
+        }
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL) {
+                log_error("Cannot edit units remotely.");
+                return -EINVAL;
+        }
+
+        r = acquire_bus(BUS_MANAGER, &bus);
+        if (r < 0)
+                return r;
+
+        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
+        if (r < 0)
+                return log_error_errno(r, "Failed to expand names: %m");
+
+        r = find_paths_to_edit(bus, names, &paths);
+        if (r < 0)
+                return r;
+
+        if (strv_isempty(paths))
+                return -ENOENT;
+
+        r = run_editor(paths);
+        if (r < 0)
+                goto end;
+
+        STRV_FOREACH_PAIR(original, tmp, paths) {
+                /* If the temporary file is empty we ignore it.  It's
+                 * useful if the user wants to cancel its modification
+                 */
+                if (null_or_empty_path(*tmp)) {
+                        log_warning("Editing \"%s\" canceled: temporary file is empty.", *original);
+                        continue;
+                }
+
+                r = rename(*tmp, *original);
+                if (r < 0) {
+                        r = log_error_errno(errno, "Failed to rename \"%s\" to \"%s\": %m", *tmp, *original);
+                        goto end;
+                }
+        }
+
+        r = 0;
+
+        if (!arg_no_reload && !install_client_side())
+                r = daemon_reload(argc, argv, userdata);
+
+end:
+        STRV_FOREACH_PAIR(original, tmp, paths) {
+                (void) unlink(*tmp);
+
+                /* Removing empty dropin dirs */
+                if (!arg_full) {
+                        _cleanup_free_ char *dir;
+
+                        dir = dirname_malloc(*original);
+                        if (!dir)
+                                return log_oom();
+
+                        /* no need to check if the dir is empty, rmdir
+                         * does nothing if it is not the case.
+                         */
+                        (void) rmdir(dir);
+                }
+        }
+
+        return r;
+}
+
+static void systemctl_help(void) {
+
+        pager_open(arg_no_pager, false);
+
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Query or send control commands to the systemd manager.\n\n"
+               "  -h --help           Show this help\n"
+               "     --version        Show package version\n"
+               "     --system         Connect to system manager\n"
+               "     --user           Connect to user service manager\n"
+               "  -H --host=[USER@]HOST\n"
+               "                      Operate on remote host\n"
+               "  -M --machine=CONTAINER\n"
+               "                      Operate on local container\n"
+               "  -t --type=TYPE      List units of a particular type\n"
+               "     --state=STATE    List units with particular LOAD or SUB or ACTIVE state\n"
+               "  -p --property=NAME  Show only properties by this name\n"
+               "  -a --all            Show all loaded units/properties, including dead/empty\n"
+               "                      ones. To list all units installed on the system, use\n"
+               "                      the 'list-unit-files' command instead.\n"
+               "  -l --full           Don't ellipsize unit names on output\n"
+               "  -r --recursive      Show unit list of host and local containers\n"
+               "     --reverse        Show reverse dependencies with 'list-dependencies'\n"
+               "     --job-mode=MODE  Specify how to deal with already queued jobs, when\n"
+               "                      queueing a new job\n"
+               "     --show-types     When showing sockets, explicitly show their type\n"
+               "     --value          When showing properties, only print the value\n"
+               "  -i --ignore-inhibitors\n"
+               "                      When shutting down or sleeping, ignore inhibitors\n"
+               "     --kill-who=WHO   Who to send signal to\n"
+               "  -s --signal=SIGNAL  Which signal to send\n"
+               "     --now            Start or stop unit in addition to enabling or disabling it\n"
+               "  -q --quiet          Suppress output\n"
+               "     --no-block       Do not wait until operation finished\n"
+               "     --no-wall        Don't send wall message before halt/power-off/reboot\n"
+               "     --no-reload      Don't reload daemon after en-/dis-abling unit files\n"
+               "     --no-legend      Do not print a legend (column headers and hints)\n"
+               "     --no-pager       Do not pipe output into a pager\n"
+               "     --no-ask-password\n"
+               "                      Do not ask for system passwords\n"
+               "     --global         Enable/disable unit files globally\n"
+               "     --runtime        Enable unit files only temporarily until next reboot\n"
+               "  -f --force          When enabling unit files, override existing symlinks\n"
+               "                      When shutting down, execute action immediately\n"
+               "     --preset-mode=   Apply only enable, only disable, or all presets\n"
+               "     --root=PATH      Enable unit files in the specified root directory\n"
+               "  -n --lines=INTEGER  Number of journal entries to show\n"
+               "  -o --output=STRING  Change journal output mode (short, short-iso,\n"
+               "                              short-precise, short-monotonic, verbose,\n"
+               "                              export, json, json-pretty, json-sse, cat)\n"
+               "     --firmware-setup Tell the firmware to show the setup menu on next boot\n"
+               "     --plain          Print unit dependencies as a list instead of a tree\n\n"
+               "Unit Commands:\n"
+               "  list-units [PATTERN...]         List loaded units\n"
+               "  list-sockets [PATTERN...]       List loaded sockets ordered by address\n"
+               "  list-timers [PATTERN...]        List loaded timers ordered by next elapse\n"
+               "  start NAME...                   Start (activate) one or more units\n"
+               "  stop NAME...                    Stop (deactivate) one or more units\n"
+               "  reload NAME...                  Reload one or more units\n"
+               "  restart NAME...                 Start or restart one or more units\n"
+               "  try-restart NAME...             Restart one or more units if active\n"
+               "  reload-or-restart NAME...       Reload one or more units if possible,\n"
+               "                                  otherwise start or restart\n"
+               "  try-reload-or-restart NAME...   If active, reload one or more units,\n"
+               "                                  if supported, otherwise restart\n"
+               "  isolate NAME                    Start one unit and stop all others\n"
+               "  kill NAME...                    Send signal to processes of a unit\n"
+               "  is-active PATTERN...            Check whether units are active\n"
+               "  is-failed PATTERN...            Check whether units are failed\n"
+               "  status [PATTERN...|PID...]      Show runtime status of one or more units\n"
+               "  show [PATTERN...|JOB...]        Show properties of one or more\n"
+               "                                  units/jobs or the manager\n"
+               "  cat PATTERN...                  Show files and drop-ins of one or more units\n"
+               "  set-property NAME ASSIGNMENT... Sets one or more properties of a unit\n"
+               "  help PATTERN...|PID...          Show manual for one or more units\n"
+               "  reset-failed [PATTERN...]       Reset failed state for all, one, or more\n"
+               "                                  units\n"
+               "  list-dependencies [NAME]        Recursively show units which are required\n"
+               "                                  or wanted by this unit or by which this\n"
+               "                                  unit is required or wanted\n\n"
+               "Unit File Commands:\n"
+               "  list-unit-files [PATTERN...]    List installed unit files\n"
+               "  enable NAME...                  Enable one or more unit files\n"
+               "  disable NAME...                 Disable one or more unit files\n"
+               "  reenable NAME...                Reenable one or more unit files\n"
+               "  preset NAME...                  Enable/disable one or more unit files\n"
+               "                                  based on preset configuration\n"
+               "  preset-all                      Enable/disable all unit files based on\n"
+               "                                  preset configuration\n"
+               "  is-enabled NAME...              Check whether unit files are enabled\n"
+               "  mask NAME...                    Mask one or more units\n"
+               "  unmask NAME...                  Unmask one or more units\n"
+               "  link PATH...                    Link one or more units files into\n"
+               "                                  the search path\n"
+               "  revert NAME...                  Revert one or more unit files to vendor\n"
+               "                                  version\n"
+               "  add-wants TARGET NAME...        Add 'Wants' dependency for the target\n"
+               "                                  on specified one or more units\n"
+               "  add-requires TARGET NAME...     Add 'Requires' dependency for the target\n"
+               "                                  on specified one or more units\n"
+               "  edit NAME...                    Edit one or more unit files\n"
+               "  get-default                     Get the name of the default target\n"
+               "  set-default NAME                Set the default target\n\n"
+               "Machine Commands:\n"
+               "  list-machines [PATTERN...]      List local containers and host\n\n"
+               "Job Commands:\n"
+               "  list-jobs [PATTERN...]          List jobs\n"
+               "  cancel [JOB...]                 Cancel all, one, or more jobs\n\n"
+               "Environment Commands:\n"
+               "  show-environment                Dump environment\n"
+               "  set-environment NAME=VALUE...   Set one or more environment variables\n"
+               "  unset-environment NAME...       Unset one or more environment variables\n"
+               "  import-environment [NAME...]    Import all or some environment variables\n\n"
+               "Manager Lifecycle Commands:\n"
+               "  daemon-reload                   Reload systemd manager configuration\n"
+               "  daemon-reexec                   Reexecute systemd manager\n\n"
+               "System Commands:\n"
+               "  is-system-running               Check whether system is fully running\n"
+               "  default                         Enter system default mode\n"
+               "  rescue                          Enter system rescue mode\n"
+               "  emergency                       Enter system emergency mode\n"
+               "  halt                            Shut down and halt the system\n"
+               "  poweroff                        Shut down and power-off the system\n"
+               "  reboot [ARG]                    Shut down and reboot the system\n"
+               "  kexec                           Shut down and reboot the system with kexec\n"
+               "  exit [EXIT_CODE]                Request user instance or container exit\n"
+               "  switch-root ROOT [INIT]         Change to a different root file system\n"
+               "  suspend                         Suspend the system\n"
+               "  hibernate                       Hibernate the system\n"
+               "  hybrid-sleep                    Hibernate and suspend the system\n",
+               program_invocation_short_name);
+}
+
+static void halt_help(void) {
+        printf("%s [OPTIONS...]%s\n\n"
+               "%s the system.\n\n"
+               "     --help      Show this help\n"
+               "     --halt      Halt the machine\n"
+               "  -p --poweroff  Switch off the machine\n"
+               "     --reboot    Reboot the machine\n"
+               "  -f --force     Force immediate halt/power-off/reboot\n"
+               "  -w --wtmp-only Don't halt/power-off/reboot, just write wtmp record\n"
+               "  -d --no-wtmp   Don't write wtmp record\n"
+               "     --no-wall   Don't send wall message before halt/power-off/reboot\n",
+               program_invocation_short_name,
+               arg_action == ACTION_REBOOT   ? " [ARG]" : "",
+               arg_action == ACTION_REBOOT   ? "Reboot" :
+               arg_action == ACTION_POWEROFF ? "Power off" :
+                                               "Halt");
+}
+
+static void shutdown_help(void) {
+        printf("%s [OPTIONS...] [TIME] [WALL...]\n\n"
+               "Shut down the system.\n\n"
+               "     --help      Show this help\n"
+               "  -H --halt      Halt the machine\n"
+               "  -P --poweroff  Power-off the machine\n"
+               "  -r --reboot    Reboot the machine\n"
+               "  -h             Equivalent to --poweroff, overridden by --halt\n"
+               "  -k             Don't halt/power-off/reboot, just send warnings\n"
+               "     --no-wall   Don't send wall message before halt/power-off/reboot\n"
+               "  -c             Cancel a pending shutdown\n",
+               program_invocation_short_name);
+}
+
+static void telinit_help(void) {
+        printf("%s [OPTIONS...] {COMMAND}\n\n"
+               "Send control commands to the init daemon.\n\n"
+               "     --help      Show this help\n"
+               "     --no-wall   Don't send wall message before halt/power-off/reboot\n\n"
+               "Commands:\n"
+               "  0              Power-off the machine\n"
+               "  6              Reboot the machine\n"
+               "  2, 3, 4, 5     Start runlevelX.target unit\n"
+               "  1, s, S        Enter rescue mode\n"
+               "  q, Q           Reload init daemon configuration\n"
+               "  u, U           Reexecute init daemon\n",
+               program_invocation_short_name);
+}
+
+static void runlevel_help(void) {
+        printf("%s [OPTIONS...]\n\n"
+               "Prints the previous and current runlevel of the init system.\n\n"
+               "     --help      Show this help\n",
+               program_invocation_short_name);
+}
+
+static void help_types(void) {
+        int i;
+
+        if (!arg_no_legend)
+                puts("Available unit types:");
+        for (i = 0; i < _UNIT_TYPE_MAX; i++)
+                puts(unit_type_to_string(i));
+}
+
+static void help_states(void) {
+        int i;
+
+        if (!arg_no_legend)
+                puts("Available unit load states:");
+        for (i = 0; i < _UNIT_LOAD_STATE_MAX; i++)
+                puts(unit_load_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable unit active states:");
+        for (i = 0; i < _UNIT_ACTIVE_STATE_MAX; i++)
+                puts(unit_active_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable automount unit substates:");
+        for (i = 0; i < _AUTOMOUNT_STATE_MAX; i++)
+                puts(automount_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable busname unit substates:");
+        for (i = 0; i < _BUSNAME_STATE_MAX; i++)
+                puts(busname_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable device unit substates:");
+        for (i = 0; i < _DEVICE_STATE_MAX; i++)
+                puts(device_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable mount unit substates:");
+        for (i = 0; i < _MOUNT_STATE_MAX; i++)
+                puts(mount_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable path unit substates:");
+        for (i = 0; i < _PATH_STATE_MAX; i++)
+                puts(path_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable scope unit substates:");
+        for (i = 0; i < _SCOPE_STATE_MAX; i++)
+                puts(scope_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable service unit substates:");
+        for (i = 0; i < _SERVICE_STATE_MAX; i++)
+                puts(service_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable slice unit substates:");
+        for (i = 0; i < _SLICE_STATE_MAX; i++)
+                puts(slice_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable socket unit substates:");
+        for (i = 0; i < _SOCKET_STATE_MAX; i++)
+                puts(socket_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable swap unit substates:");
+        for (i = 0; i < _SWAP_STATE_MAX; i++)
+                puts(swap_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable target unit substates:");
+        for (i = 0; i < _TARGET_STATE_MAX; i++)
+                puts(target_state_to_string(i));
+
+        if (!arg_no_legend)
+                puts("\nAvailable timer unit substates:");
+        for (i = 0; i < _TIMER_STATE_MAX; i++)
+                puts(timer_state_to_string(i));
+}
+
+static int systemctl_parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_FAIL = 0x100,
+                ARG_REVERSE,
+                ARG_AFTER,
+                ARG_BEFORE,
+                ARG_SHOW_TYPES,
+                ARG_IRREVERSIBLE,
+                ARG_IGNORE_DEPENDENCIES,
+                ARG_VALUE,
+                ARG_VERSION,
+                ARG_USER,
+                ARG_SYSTEM,
+                ARG_GLOBAL,
+                ARG_NO_BLOCK,
+                ARG_NO_LEGEND,
+                ARG_NO_PAGER,
+                ARG_NO_WALL,
+                ARG_ROOT,
+                ARG_NO_RELOAD,
+                ARG_KILL_WHO,
+                ARG_NO_ASK_PASSWORD,
+                ARG_FAILED,
+                ARG_RUNTIME,
+                ARG_FORCE,
+                ARG_PLAIN,
+                ARG_STATE,
+                ARG_JOB_MODE,
+                ARG_PRESET_MODE,
+                ARG_FIRMWARE_SETUP,
+                ARG_NOW,
+                ARG_MESSAGE,
+        };
+
+        static const struct option options[] = {
+                { "help",                no_argument,       NULL, 'h'                     },
+                { "version",             no_argument,       NULL, ARG_VERSION             },
+                { "type",                required_argument, NULL, 't'                     },
+                { "property",            required_argument, NULL, 'p'                     },
+                { "all",                 no_argument,       NULL, 'a'                     },
+                { "reverse",             no_argument,       NULL, ARG_REVERSE             },
+                { "after",               no_argument,       NULL, ARG_AFTER               },
+                { "before",              no_argument,       NULL, ARG_BEFORE              },
+                { "show-types",          no_argument,       NULL, ARG_SHOW_TYPES          },
+                { "failed",              no_argument,       NULL, ARG_FAILED              }, /* compatibility only */
+                { "full",                no_argument,       NULL, 'l'                     },
+                { "job-mode",            required_argument, NULL, ARG_JOB_MODE            },
+                { "fail",                no_argument,       NULL, ARG_FAIL                }, /* compatibility only */
+                { "irreversible",        no_argument,       NULL, ARG_IRREVERSIBLE        }, /* compatibility only */
+                { "ignore-dependencies", no_argument,       NULL, ARG_IGNORE_DEPENDENCIES }, /* compatibility only */
+                { "ignore-inhibitors",   no_argument,       NULL, 'i'                     },
+                { "value",               no_argument,       NULL, ARG_VALUE               },
+                { "user",                no_argument,       NULL, ARG_USER                },
+                { "system",              no_argument,       NULL, ARG_SYSTEM              },
+                { "global",              no_argument,       NULL, ARG_GLOBAL              },
+                { "no-block",            no_argument,       NULL, ARG_NO_BLOCK            },
+                { "no-legend",           no_argument,       NULL, ARG_NO_LEGEND           },
+                { "no-pager",            no_argument,       NULL, ARG_NO_PAGER            },
+                { "no-wall",             no_argument,       NULL, ARG_NO_WALL             },
+                { "quiet",               no_argument,       NULL, 'q'                     },
+                { "root",                required_argument, NULL, ARG_ROOT                },
+                { "force",               no_argument,       NULL, ARG_FORCE               },
+                { "no-reload",           no_argument,       NULL, ARG_NO_RELOAD           },
+                { "kill-who",            required_argument, NULL, ARG_KILL_WHO            },
+                { "signal",              required_argument, NULL, 's'                     },
+                { "no-ask-password",     no_argument,       NULL, ARG_NO_ASK_PASSWORD     },
+                { "host",                required_argument, NULL, 'H'                     },
+                { "machine",             required_argument, NULL, 'M'                     },
+                { "runtime",             no_argument,       NULL, ARG_RUNTIME             },
+                { "lines",               required_argument, NULL, 'n'                     },
+                { "output",              required_argument, NULL, 'o'                     },
+                { "plain",               no_argument,       NULL, ARG_PLAIN               },
+                { "state",               required_argument, NULL, ARG_STATE               },
+                { "recursive",           no_argument,       NULL, 'r'                     },
+                { "preset-mode",         required_argument, NULL, ARG_PRESET_MODE         },
+                { "firmware-setup",      no_argument,       NULL, ARG_FIRMWARE_SETUP      },
+                { "now",                 no_argument,       NULL, ARG_NOW                 },
+                { "message",             required_argument, NULL, ARG_MESSAGE             },
+                {}
+        };
+
+        const char *p;
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        /* we default to allowing interactive authorization only in systemctl (not in the legacy commands) */
+        arg_ask_password = true;
+
+        while ((c = getopt_long(argc, argv, "ht:p:alqfs:H:M:n:o:ir", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        systemctl_help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 't': {
+                        if (isempty(optarg)) {
+                                log_error("--type requires arguments.");
+                                return -EINVAL;
+                        }
+
+                        p = optarg;
+                        for (;;) {
+                                _cleanup_free_ char *type = NULL;
+
+                                r = extract_first_word(&p, &type, ",", 0);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse type: %s", optarg);
+
+                                if (r == 0)
+                                        break;
+
+                                if (streq(type, "help")) {
+                                        help_types();
+                                        return 0;
+                                }
+
+                                if (unit_type_from_string(type) >= 0) {
+                                        if (strv_push(&arg_types, type) < 0)
+                                                return log_oom();
+                                        type = NULL;
+                                        continue;
+                                }
+
+                                /* It's much nicer to use --state= for
+                                 * load states, but let's support this
+                                 * in --types= too for compatibility
+                                 * with old versions */
+                                if (unit_load_state_from_string(type) >= 0) {
+                                        if (strv_push(&arg_states, type) < 0)
+                                                return log_oom();
+                                        type = NULL;
+                                        continue;
+                                }
+
+                                log_error("Unknown unit type or load state '%s'.", type);
+                                log_info("Use -t help to see a list of allowed values.");
+                                return -EINVAL;
+                        }
+
+                        break;
+                }
+
+                case 'p': {
+                        /* Make sure that if the empty property list
+                           was specified, we won't show any properties. */
+                        if (isempty(optarg) && !arg_properties) {
+                                arg_properties = new0(char*, 1);
+                                if (!arg_properties)
+                                        return log_oom();
+                        } else {
+                                p = optarg;
+                                for (;;) {
+                                        _cleanup_free_ char *prop = NULL;
+
+                                        r = extract_first_word(&p, &prop, ",", 0);
+                                        if (r < 0)
+                                                return log_error_errno(r, "Failed to parse property: %s", optarg);
+
+                                        if (r == 0)
+                                                break;
+
+                                        if (strv_push(&arg_properties, prop) < 0)
+                                                return log_oom();
+
+                                        prop = NULL;
+                                }
+                        }
+
+                        /* If the user asked for a particular
+                         * property, show it to him, even if it is
+                         * empty. */
+                        arg_all = true;
+
+                        break;
+                }
+
+                case 'a':
+                        arg_all = true;
+                        break;
+
+                case ARG_REVERSE:
+                        arg_dependency = DEPENDENCY_REVERSE;
+                        break;
+
+                case ARG_AFTER:
+                        arg_dependency = DEPENDENCY_AFTER;
+                        break;
+
+                case ARG_BEFORE:
+                        arg_dependency = DEPENDENCY_BEFORE;
+                        break;
+
+                case ARG_SHOW_TYPES:
+                        arg_show_types = true;
+                        break;
+
+                case ARG_VALUE:
+                        arg_value = true;
+                        break;
+
+                case ARG_JOB_MODE:
+                        arg_job_mode = optarg;
+                        break;
+
+                case ARG_FAIL:
+                        arg_job_mode = "fail";
+                        break;
+
+                case ARG_IRREVERSIBLE:
+                        arg_job_mode = "replace-irreversibly";
+                        break;
+
+                case ARG_IGNORE_DEPENDENCIES:
+                        arg_job_mode = "ignore-dependencies";
+                        break;
+
+                case ARG_USER:
+                        arg_scope = UNIT_FILE_USER;
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_scope = UNIT_FILE_SYSTEM;
+                        break;
+
+                case ARG_GLOBAL:
+                        arg_scope = UNIT_FILE_GLOBAL;
+                        break;
+
+                case ARG_NO_BLOCK:
+                        arg_no_block = true;
+                        break;
+
+                case ARG_NO_LEGEND:
+                        arg_no_legend = true;
+                        break;
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_NO_WALL:
+                        arg_no_wall = true;
+                        break;
+
+                case ARG_ROOT:
+                        r = parse_path_argument_and_warn(optarg, false, &arg_root);
+                        if (r < 0)
+                                return r;
+                        break;
+
+                case 'l':
+                        arg_full = true;
+                        break;
+
+                case ARG_FAILED:
+                        if (strv_extend(&arg_states, "failed") < 0)
+                                return log_oom();
+
+                        break;
+
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
+                case ARG_FORCE:
+                        arg_force++;
+                        break;
+
+                case 'f':
+                        arg_force++;
+                        break;
+
+                case ARG_NO_RELOAD:
+                        arg_no_reload = true;
+                        break;
+
+                case ARG_KILL_WHO:
+                        arg_kill_who = optarg;
+                        break;
+
+                case 's':
+                        arg_signal = signal_from_string_try_harder(optarg);
+                        if (arg_signal < 0) {
+                                log_error("Failed to parse signal string %s.", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case ARG_RUNTIME:
+                        arg_runtime = true;
+                        break;
+
+                case 'n':
+                        if (safe_atou(optarg, &arg_lines) < 0) {
+                                log_error("Failed to parse lines '%s'", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case 'o':
+                        arg_output = output_mode_from_string(optarg);
+                        if (arg_output < 0) {
+                                log_error("Unknown output '%s'.", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case 'i':
+                        arg_ignore_inhibitors = true;
+                        break;
+
+                case ARG_PLAIN:
+                        arg_plain = true;
+                        break;
+
+                case ARG_FIRMWARE_SETUP:
+                        arg_firmware_setup = true;
+                        break;
+
+                case ARG_STATE: {
+                        if (isempty(optarg)) {
+                                log_error("--signal requires arguments.");
+                                return -EINVAL;
+                        }
+
+                        p = optarg;
+                        for (;;) {
+                                _cleanup_free_ char *s = NULL;
+
+                                r = extract_first_word(&p, &s, ",", 0);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse signal: %s", optarg);
+
+                                if (r == 0)
+                                        break;
+
+                                if (streq(s, "help")) {
+                                        help_states();
+                                        return 0;
+                                }
+
+                                if (strv_push(&arg_states, s) < 0)
+                                        return log_oom();
+
+                                s = NULL;
+                        }
+                        break;
+                }
+
+                case 'r':
+                        if (geteuid() != 0) {
+                                log_error("--recursive requires root privileges.");
+                                return -EPERM;
+                        }
+
+                        arg_recursive = true;
+                        break;
+
+                case ARG_PRESET_MODE:
+
+                        arg_preset_mode = unit_file_preset_mode_from_string(optarg);
+                        if (arg_preset_mode < 0) {
+                                log_error("Failed to parse preset mode: %s.", optarg);
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case ARG_NOW:
+                        arg_now = true;
+                        break;
+
+                case ARG_MESSAGE:
+                        if (strv_extend(&arg_wall, optarg) < 0)
+                                return log_oom();
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL && arg_scope != UNIT_FILE_SYSTEM) {
+                log_error("Cannot access user instance remotely.");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+static int halt_parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_HELP = 0x100,
+                ARG_HALT,
+                ARG_REBOOT,
+                ARG_NO_WALL
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, ARG_HELP    },
+                { "halt",      no_argument,       NULL, ARG_HALT    },
+                { "poweroff",  no_argument,       NULL, 'p'         },
+                { "reboot",    no_argument,       NULL, ARG_REBOOT  },
+                { "force",     no_argument,       NULL, 'f'         },
+                { "wtmp-only", no_argument,       NULL, 'w'         },
+                { "no-wtmp",   no_argument,       NULL, 'd'         },
+                { "no-sync",   no_argument,       NULL, 'n'         },
+                { "no-wall",   no_argument,       NULL, ARG_NO_WALL },
+                {}
+        };
+
+        int c, r, runlevel;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        if (utmp_get_runlevel(&runlevel, NULL) >= 0)
+                if (runlevel == '0' || runlevel == '6')
+                        arg_force = 2;
+
+        while ((c = getopt_long(argc, argv, "pfwdnih", options, NULL)) >= 0)
+                switch (c) {
+
+                case ARG_HELP:
+                        halt_help();
+                        return 0;
+
+                case ARG_HALT:
+                        arg_action = ACTION_HALT;
+                        break;
+
+                case 'p':
+                        if (arg_action != ACTION_REBOOT)
+                                arg_action = ACTION_POWEROFF;
+                        break;
+
+                case ARG_REBOOT:
+                        arg_action = ACTION_REBOOT;
+                        break;
+
+                case 'f':
+                        arg_force = 2;
+                        break;
+
+                case 'w':
+                        arg_dry = true;
+                        break;
+
+                case 'd':
+                        arg_no_wtmp = true;
+                        break;
+
+                case 'n':
+                        arg_no_sync = true;
+                        break;
+
+                case ARG_NO_WALL:
+                        arg_no_wall = true;
+                        break;
+
+                case 'i':
+                case 'h':
+                        /* Compatibility nops */
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) {
+                r = update_reboot_parameter_and_warn(argc == optind + 1 ? argv[optind] : NULL);
+                if (r < 0)
+                        return r;
+        } else if (optind < argc) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+static int parse_shutdown_time_spec(const char *t, usec_t *_u) {
+        assert(t);
+        assert(_u);
+
+        if (streq(t, "now"))
+                *_u = 0;
+        else if (!strchr(t, ':')) {
+                uint64_t u;
+
+                if (safe_atou64(t, &u) < 0)
+                        return -EINVAL;
+
+                *_u = now(CLOCK_REALTIME) + USEC_PER_MINUTE * u;
+        } else {
+                char *e = NULL;
+                long hour, minute;
+                struct tm tm = {};
+                time_t s;
+                usec_t n;
+
+                errno = 0;
+                hour = strtol(t, &e, 10);
+                if (errno > 0 || *e != ':' || hour < 0 || hour > 23)
+                        return -EINVAL;
+
+                minute = strtol(e+1, &e, 10);
+                if (errno > 0 || *e != 0 || minute < 0 || minute > 59)
+                        return -EINVAL;
+
+                n = now(CLOCK_REALTIME);
+                s = (time_t) (n / USEC_PER_SEC);
+
+                assert_se(localtime_r(&s, &tm));
+
+                tm.tm_hour = (int) hour;
+                tm.tm_min = (int) minute;
+                tm.tm_sec = 0;
+
+                assert_se(s = mktime(&tm));
+
+                *_u = (usec_t) s * USEC_PER_SEC;
+
+                while (*_u <= n)
+                        *_u += USEC_PER_DAY;
+        }
+
+        return 0;
+}
+
+static int shutdown_parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_HELP = 0x100,
+                ARG_NO_WALL
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, ARG_HELP    },
+                { "halt",      no_argument,       NULL, 'H'         },
+                { "poweroff",  no_argument,       NULL, 'P'         },
+                { "reboot",    no_argument,       NULL, 'r'         },
+                { "kexec",     no_argument,       NULL, 'K'         }, /* not documented extension */
+                { "no-wall",   no_argument,       NULL, ARG_NO_WALL },
+                {}
+        };
+
+        char **wall = NULL;
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "HPrhkKtafFc", options, NULL)) >= 0)
+                switch (c) {
+
+                case ARG_HELP:
+                        shutdown_help();
+                        return 0;
+
+                case 'H':
+                        arg_action = ACTION_HALT;
+                        break;
+
+                case 'P':
+                        arg_action = ACTION_POWEROFF;
+                        break;
+
+                case 'r':
+                        if (kexec_loaded())
+                                arg_action = ACTION_KEXEC;
+                        else
+                                arg_action = ACTION_REBOOT;
+                        break;
+
+                case 'K':
+                        arg_action = ACTION_KEXEC;
+                        break;
+
+                case 'h':
+                        if (arg_action != ACTION_HALT)
+                                arg_action = ACTION_POWEROFF;
+                        break;
+
+                case 'k':
+                        arg_dry = true;
+                        break;
+
+                case ARG_NO_WALL:
+                        arg_no_wall = true;
+                        break;
+
+                case 't':
+                case 'a':
+                case 'f':
+                case 'F':
+                        /* Compatibility nops */
+                        break;
+
+                case 'c':
+                        arg_action = ACTION_CANCEL_SHUTDOWN;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (argc > optind && arg_action != ACTION_CANCEL_SHUTDOWN) {
+                r = parse_shutdown_time_spec(argv[optind], &arg_when);
+                if (r < 0) {
+                        log_error("Failed to parse time specification: %s", argv[optind]);
+                        return r;
+                }
+        } else
+                arg_when = now(CLOCK_REALTIME) + USEC_PER_MINUTE;
+
+        if (argc > optind && arg_action == ACTION_CANCEL_SHUTDOWN)
+                /* No time argument for shutdown cancel */
+                wall = argv + optind;
+        else if (argc > optind + 1)
+                /* We skip the time argument */
+                wall = argv + optind + 1;
+
+        if (wall) {
+                arg_wall = strv_copy(wall);
+                if (!arg_wall)
+                        return log_oom();
+        }
+
+        optind = argc;
+
+        return 1;
+}
+
+static int telinit_parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_HELP = 0x100,
+                ARG_NO_WALL
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, ARG_HELP    },
+                { "no-wall",   no_argument,       NULL, ARG_NO_WALL },
+                {}
+        };
+
+        static const struct {
+                char from;
+                enum action to;
+        } table[] = {
+                { '0', ACTION_POWEROFF },
+                { '6', ACTION_REBOOT },
+                { '1', ACTION_RESCUE },
+                { '2', ACTION_RUNLEVEL2 },
+                { '3', ACTION_RUNLEVEL3 },
+                { '4', ACTION_RUNLEVEL4 },
+                { '5', ACTION_RUNLEVEL5 },
+                { 's', ACTION_RESCUE },
+                { 'S', ACTION_RESCUE },
+                { 'q', ACTION_RELOAD },
+                { 'Q', ACTION_RELOAD },
+                { 'u', ACTION_REEXEC },
+                { 'U', ACTION_REEXEC }
+        };
+
+        unsigned i;
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0)
+                switch (c) {
+
+                case ARG_HELP:
+                        telinit_help();
+                        return 0;
+
+                case ARG_NO_WALL:
+                        arg_no_wall = true;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (optind >= argc) {
+                log_error("%s: required argument missing.", program_invocation_short_name);
+                return -EINVAL;
+        }
+
+        if (optind + 1 < argc) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        if (strlen(argv[optind]) != 1) {
+                log_error("Expected single character argument.");
+                return -EINVAL;
+        }
+
+        for (i = 0; i < ELEMENTSOF(table); i++)
+                if (table[i].from == argv[optind][0])
+                        break;
+
+        if (i >= ELEMENTSOF(table)) {
+                log_error("Unknown command '%s'.", argv[optind]);
+                return -EINVAL;
+        }
+
+        arg_action = table[i].to;
+
+        optind++;
+
+        return 1;
+}
+
+static int runlevel_parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_HELP = 0x100,
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, ARG_HELP    },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0)
+                switch (c) {
+
+                case ARG_HELP:
+                        runlevel_help();
+                        return 0;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (optind < argc) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        assert(argc >= 0);
+        assert(argv);
+
+        if (program_invocation_short_name) {
+
+                if (strstr(program_invocation_short_name, "halt")) {
+                        arg_action = ACTION_HALT;
+                        return halt_parse_argv(argc, argv);
+                } else if (strstr(program_invocation_short_name, "poweroff")) {
+                        arg_action = ACTION_POWEROFF;
+                        return halt_parse_argv(argc, argv);
+                } else if (strstr(program_invocation_short_name, "reboot")) {
+                        if (kexec_loaded())
+                                arg_action = ACTION_KEXEC;
+                        else
+                                arg_action = ACTION_REBOOT;
+                        return halt_parse_argv(argc, argv);
+                } else if (strstr(program_invocation_short_name, "shutdown")) {
+                        arg_action = ACTION_POWEROFF;
+                        return shutdown_parse_argv(argc, argv);
+                } else if (strstr(program_invocation_short_name, "init")) {
+
+                        if (sd_booted() > 0) {
+                                arg_action = _ACTION_INVALID;
+                                return telinit_parse_argv(argc, argv);
+                        } else {
+                                /* Hmm, so some other init system is
+                                 * running, we need to forward this
+                                 * request to it. For now we simply
+                                 * guess that it is Upstart. */
+
+                                execv(TELINIT, argv);
+
+                                log_error("Couldn't find an alternative telinit implementation to spawn.");
+                                return -EIO;
+                        }
+
+                } else if (strstr(program_invocation_short_name, "runlevel")) {
+                        arg_action = ACTION_RUNLEVEL;
+                        return runlevel_parse_argv(argc, argv);
+                }
+        }
+
+        arg_action = ACTION_SYSTEMCTL;
+        return systemctl_parse_argv(argc, argv);
+}
+
+#ifdef HAVE_SYSV_COMPAT
+_pure_ static int action_to_runlevel(void) {
+
+        static const char table[_ACTION_MAX] = {
+                [ACTION_HALT] =      '0',
+                [ACTION_POWEROFF] =  '0',
+                [ACTION_REBOOT] =    '6',
+                [ACTION_RUNLEVEL2] = '2',
+                [ACTION_RUNLEVEL3] = '3',
+                [ACTION_RUNLEVEL4] = '4',
+                [ACTION_RUNLEVEL5] = '5',
+                [ACTION_RESCUE] =    '1'
+        };
+
+        assert(arg_action < _ACTION_MAX);
+
+        return table[arg_action];
+}
+#endif
+
+static int talk_initctl(void) {
+#ifdef HAVE_SYSV_COMPAT
+        struct init_request request = {
+                .magic = INIT_MAGIC,
+                .sleeptime  = 0,
+                .cmd = INIT_CMD_RUNLVL
+        };
+
+        _cleanup_close_ int fd = -1;
+        char rl;
+        int r;
+
+        rl = action_to_runlevel();
+        if (!rl)
+                return 0;
+
+        request.runlevel = rl;
+
+        fd = open(INIT_FIFO, O_WRONLY|O_NDELAY|O_CLOEXEC|O_NOCTTY);
+        if (fd < 0) {
+                if (errno == ENOENT)
+                        return 0;
+
+                return log_error_errno(errno, "Failed to open "INIT_FIFO": %m");
+        }
+
+        r = loop_write(fd, &request, sizeof(request), false);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write to "INIT_FIFO": %m");
+
+        return 1;
+#else
+        return 0;
+#endif
+}
+
+static int systemctl_main(int argc, char *argv[]) {
+
+        static const Verb verbs[] = {
+                { "list-units",            VERB_ANY, VERB_ANY, VERB_DEFAULT|VERB_NOCHROOT, list_units },
+                { "list-unit-files",       VERB_ANY, VERB_ANY, 0,             list_unit_files   },
+                { "list-sockets",          VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_sockets      },
+                { "list-timers",           VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_timers       },
+                { "list-jobs",             VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_jobs         },
+                { "list-machines",         VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_machines     },
+                { "clear-jobs",            VERB_ANY, 1,        VERB_NOCHROOT, daemon_reload     },
+                { "cancel",                VERB_ANY, VERB_ANY, VERB_NOCHROOT, cancel_job        },
+                { "start",                 2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
+                { "stop",                  2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
+                { "condstop",              2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with ALTLinux */
+                { "reload",                2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
+                { "restart",               2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
+                { "try-restart",           2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
+                { "reload-or-restart",     2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
+                { "reload-or-try-restart", 2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatbility with old systemctl <= 228 */
+                { "try-reload-or-restart", 2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
+                { "force-reload",          2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with SysV */
+                { "condreload",            2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with ALTLinux */
+                { "condrestart",           2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with RH */
+                { "isolate",               2,        2,        VERB_NOCHROOT, start_unit        },
+                { "kill",                  2,        VERB_ANY, VERB_NOCHROOT, kill_unit         },
+                { "is-active",             2,        VERB_ANY, VERB_NOCHROOT, check_unit_active },
+                { "check",                 2,        VERB_ANY, VERB_NOCHROOT, check_unit_active },
+                { "is-failed",             2,        VERB_ANY, VERB_NOCHROOT, check_unit_failed },
+                { "show",                  VERB_ANY, VERB_ANY, VERB_NOCHROOT, show              },
+                { "cat",                   2,        VERB_ANY, VERB_NOCHROOT, cat               },
+                { "status",                VERB_ANY, VERB_ANY, VERB_NOCHROOT, show              },
+                { "help",                  VERB_ANY, VERB_ANY, VERB_NOCHROOT, show              },
+                { "daemon-reload",         VERB_ANY, 1,        VERB_NOCHROOT, daemon_reload     },
+                { "daemon-reexec",         VERB_ANY, 1,        VERB_NOCHROOT, daemon_reload     },
+                { "show-environment",      VERB_ANY, 1,        VERB_NOCHROOT, show_environment  },
+                { "set-environment",       2,        VERB_ANY, VERB_NOCHROOT, set_environment   },
+                { "unset-environment",     2,        VERB_ANY, VERB_NOCHROOT, set_environment   },
+                { "import-environment",    VERB_ANY, VERB_ANY, VERB_NOCHROOT, import_environment},
+                { "halt",                  VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "poweroff",              VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "reboot",                VERB_ANY, 2,        VERB_NOCHROOT, start_special     },
+                { "kexec",                 VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "suspend",               VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "hibernate",             VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "hybrid-sleep",          VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "default",               VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "rescue",                VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "emergency",             VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
+                { "exit",                  VERB_ANY, 2,        VERB_NOCHROOT, start_special     },
+                { "reset-failed",          VERB_ANY, VERB_ANY, VERB_NOCHROOT, reset_failed      },
+                { "enable",                2,        VERB_ANY, 0,             enable_unit       },
+                { "disable",               2,        VERB_ANY, 0,             enable_unit       },
+                { "is-enabled",            2,        VERB_ANY, 0,             unit_is_enabled   },
+                { "reenable",              2,        VERB_ANY, 0,             enable_unit       },
+                { "preset",                2,        VERB_ANY, 0,             enable_unit       },
+                { "preset-all",            VERB_ANY, 1,        0,             preset_all        },
+                { "mask",                  2,        VERB_ANY, 0,             enable_unit       },
+                { "unmask",                2,        VERB_ANY, 0,             enable_unit       },
+                { "link",                  2,        VERB_ANY, 0,             enable_unit       },
+                { "revert",                2,        VERB_ANY, 0,             enable_unit       },
+                { "switch-root",           2,        VERB_ANY, VERB_NOCHROOT, switch_root       },
+                { "list-dependencies",     VERB_ANY, 2,        VERB_NOCHROOT, list_dependencies },
+                { "set-default",           2,        2,        0,             set_default       },
+                { "get-default",           VERB_ANY, 1,        0,             get_default,      },
+                { "set-property",          3,        VERB_ANY, VERB_NOCHROOT, set_property      },
+                { "is-system-running",     VERB_ANY, 1,        0,             is_system_running },
+                { "add-wants",             3,        VERB_ANY, 0,             add_dependency    },
+                { "add-requires",          3,        VERB_ANY, 0,             add_dependency    },
+                { "edit",                  2,        VERB_ANY, VERB_NOCHROOT, edit              },
+                {}
+        };
+
+        return dispatch_verb(argc, argv, verbs, NULL);
+}
+
+static int reload_with_fallback(void) {
+
+        /* First, try systemd via D-Bus. */
+        if (daemon_reload(0, NULL, NULL) >= 0)
+                return 0;
+
+        /* Nothing else worked, so let's try signals */
+        assert(arg_action == ACTION_RELOAD || arg_action == ACTION_REEXEC);
+
+        if (kill(1, arg_action == ACTION_RELOAD ? SIGHUP : SIGTERM) < 0)
+                return log_error_errno(errno, "kill() failed: %m");
+
+        return 0;
+}
+
+static int start_with_fallback(void) {
+
+        /* First, try systemd via D-Bus. */
+        if (start_unit(0, NULL, NULL) >= 0)
+                return 0;
+
+        /* Nothing else worked, so let's try
+         * /dev/initctl */
+        if (talk_initctl() > 0)
+                return 0;
+
+        log_error("Failed to talk to init daemon.");
+        return -EIO;
+}
+
+static int halt_now(enum action a) {
+        int r;
+
+        /* The kernel will automaticall flush ATA disks and suchlike
+         * on reboot(), but the file systems need to be synce'd
+         * explicitly in advance. */
+        if (!arg_no_sync)
+                (void) sync();
+
+        /* Make sure C-A-D is handled by the kernel from this point
+         * on... */
+        (void) reboot(RB_ENABLE_CAD);
+
+        switch (a) {
+
+        case ACTION_HALT:
+                log_info("Halting.");
+                (void) reboot(RB_HALT_SYSTEM);
+                return -errno;
+
+        case ACTION_POWEROFF:
+                log_info("Powering off.");
+                (void) reboot(RB_POWER_OFF);
+                return -errno;
+
+        case ACTION_KEXEC:
+        case ACTION_REBOOT: {
+                _cleanup_free_ char *param = NULL;
+
+                r = read_one_line_file("/run/systemd/reboot-param", &param);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to read reboot parameter file: %m");
+
+                if (!isempty(param)) {
+                        log_info("Rebooting with argument '%s'.", param);
+                        (void) syscall(SYS_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_RESTART2, param);
+                        log_warning_errno(errno, "Failed to reboot with parameter, retrying without: %m");
+                }
+
+                log_info("Rebooting.");
+                (void) reboot(RB_AUTOBOOT);
+                return -errno;
+        }
+
+        default:
+                assert_not_reached("Unknown action.");
+        }
+}
+
+static int logind_schedule_shutdown(void) {
+
+#ifdef HAVE_LOGIND
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        char date[FORMAT_TIMESTAMP_MAX];
+        const char *action;
+        sd_bus *bus;
+        int r;
+
+        (void) logind_set_wall_message();
+
+        r = acquire_bus(BUS_FULL, &bus);
+        if (r < 0)
+                return r;
+
+        switch (arg_action) {
+        case ACTION_HALT:
+                action = "halt";
+                break;
+        case ACTION_POWEROFF:
+                action = "poweroff";
+                break;
+        case ACTION_KEXEC:
+                action = "kexec";
+                break;
+        case ACTION_EXIT:
+                action = "exit";
+                break;
+        case ACTION_REBOOT:
+        default:
+                action = "reboot";
+                break;
+        }
+
+        if (arg_dry)
+                action = strjoina("dry-", action);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "ScheduleShutdown",
+                        &error,
+                        NULL,
+                        "st",
+                        action,
+                        arg_when);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r));
+
+        log_info("Shutdown scheduled for %s, use 'shutdown -c' to cancel.", format_timestamp(date, sizeof(date), arg_when));
+        return 0;
+#else
+        log_error("Cannot schedule shutdown without logind support, proceeding with immediate shutdown.");
+        return -ENOSYS;
+#endif
+}
+
+static int halt_main(void) {
+        int r;
+
+        r = logind_check_inhibitors(arg_action);
+        if (r < 0)
+                return r;
+
+        if (arg_when > 0)
+                return logind_schedule_shutdown();
+
+        if (geteuid() != 0) {
+                if (arg_dry || arg_force > 0) {
+                        log_error("Must be root.");
+                        return -EPERM;
+                }
+
+                /* Try logind if we are a normal user and no special
+                 * mode applies. Maybe PolicyKit allows us to shutdown
+                 * the machine. */
+                if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT)) {
+                        r = logind_reboot(arg_action);
+                        if (r >= 0)
+                                return r;
+                        if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
+                                /* requested operation is not
+                                 * supported on the local system or
+                                 * already in progress */
+                                return r;
+                        /* on all other errors, try low-level operation */
+                }
+        }
+
+        if (!arg_dry && !arg_force)
+                return start_with_fallback();
+
+        assert(geteuid() == 0);
+
+        if (!arg_no_wtmp) {
+                if (sd_booted() > 0)
+                        log_debug("Not writing utmp record, assuming that systemd-update-utmp is used.");
+                else {
+                        r = utmp_put_shutdown();
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to write utmp record: %m");
+                }
+        }
+
+        if (arg_dry)
+                return 0;
+
+        r = halt_now(arg_action);
+        return log_error_errno(r, "Failed to reboot: %m");
+}
+
+static int runlevel_main(void) {
+        int r, runlevel, previous;
+
+        r = utmp_get_runlevel(&runlevel, &previous);
+        if (r < 0) {
+                puts("unknown");
+                return r;
+        }
+
+        printf("%c %c\n",
+               previous <= 0 ? 'N' : previous,
+               runlevel <= 0 ? 'N' : runlevel);
+
+        return 0;
+}
+
+static int logind_cancel_shutdown(void) {
+#ifdef HAVE_LOGIND
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        sd_bus *bus;
+        int r;
+
+        r = acquire_bus(BUS_FULL, &bus);
+        if (r < 0)
+                return r;
+
+        (void) logind_set_wall_message();
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.login1",
+                        "/org/freedesktop/login1",
+                        "org.freedesktop.login1.Manager",
+                        "CancelScheduledShutdown",
+                        &error,
+                        NULL, NULL);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to talk to logind, shutdown hasn't been cancelled: %s", bus_error_message(&error, r));
+
+        return 0;
+#else
+        log_error("Not compiled with logind support, cannot cancel scheduled shutdowns.");
+        return -ENOSYS;
+#endif
+}
+
+int main(int argc, char*argv[]) {
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        /* Explicitly not on_tty() to avoid setting cached value.
+         * This becomes relevant for piping output which might be
+         * ellipsized. */
+        original_stdout_is_tty = isatty(STDOUT_FILENO);
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        if (arg_action != ACTION_SYSTEMCTL && running_in_chroot() > 0) {
+                log_info("Running in chroot, ignoring request.");
+                r = 0;
+                goto finish;
+        }
+
+        /* systemctl_main() will print an error message for the bus
+         * connection, but only if it needs to */
+
+        switch (arg_action) {
+
+        case ACTION_SYSTEMCTL:
+                r = systemctl_main(argc, argv);
+                break;
+
+        case ACTION_HALT:
+        case ACTION_POWEROFF:
+        case ACTION_REBOOT:
+        case ACTION_KEXEC:
+                r = halt_main();
+                break;
+
+        case ACTION_RUNLEVEL2:
+        case ACTION_RUNLEVEL3:
+        case ACTION_RUNLEVEL4:
+        case ACTION_RUNLEVEL5:
+        case ACTION_RESCUE:
+        case ACTION_EMERGENCY:
+        case ACTION_DEFAULT:
+                r = start_with_fallback();
+                break;
+
+        case ACTION_RELOAD:
+        case ACTION_REEXEC:
+                r = reload_with_fallback();
+                break;
+
+        case ACTION_CANCEL_SHUTDOWN:
+                r = logind_cancel_shutdown();
+                break;
+
+        case ACTION_RUNLEVEL:
+                r = runlevel_main();
+                break;
+
+        case _ACTION_INVALID:
+        default:
+                assert_not_reached("Unknown action");
+        }
+
+finish:
+        pager_close();
+        ask_password_agent_close();
+        polkit_agent_close();
+
+        strv_free(arg_types);
+        strv_free(arg_states);
+        strv_free(arg_properties);
+
+        strv_free(arg_wall);
+        free(arg_root);
+
+        release_busses();
+
+        /* Note that we return r here, not EXIT_SUCCESS, so that we can implement the LSB-like return codes */
+
+        return r < 0 ? EXIT_FAILURE : r;
+}
diff --git a/src/systemctl/systemd-sysv-install.SKELETON b/src/grp-system/systemctl/systemd-sysv-install.SKELETON
index a53a3e6221..a53a3e6221 100755
--- a/src/systemctl/systemd-sysv-install.SKELETON
+++ b/src/grp-system/systemctl/systemd-sysv-install.SKELETON
diff --git a/src/grp-system/systemd/Makefile b/src/grp-system/systemd/Makefile
new file mode 100644
index 0000000000..cfef258c6d
--- /dev/null
+++ b/src/grp-system/systemd/Makefile
@@ -0,0 +1,71 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd
+systemd_SOURCES = \
+	src/core/main.c
+
+systemd_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(SECCOMP_CFLAGS) \
+	$(MOUNT_CFLAGS)
+
+systemd_LDADD = \
+	libcore.la
+
+dist_pkgsysconf_DATA += \
+	src/core/system.conf \
+	src/core/user.conf
+
+dist_dbuspolicy_DATA += \
+	src/core/org.freedesktop.systemd1.conf
+
+dist_dbussystemservice_DATA += \
+	src/core/org.freedesktop.systemd1.service
+
+polkitpolicy_in_in_files += \
+	src/core/org.freedesktop.systemd1.policy.in.in
+
+pkgconfigdata_DATA += \
+	src/core/systemd.pc
+
+nodist_rpmmacros_DATA = \
+	src/core/macros.systemd
+
+BUILT_SOURCES += \
+	src/core/triggers.systemd
+
+EXTRA_DIST += \
+	src/core/systemd.pc.in \
+	src/core/macros.systemd.in \
+	src/core/triggers.systemd.in
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.systemd1.busname
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.systemd1.busname
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/core/macros.systemd.in b/src/grp-system/systemd/macros.systemd.in
index 2cace3d3ba..2cace3d3ba 100644
--- a/src/core/macros.systemd.in
+++ b/src/grp-system/systemd/macros.systemd.in
diff --git a/src/grp-system/systemd/main.c b/src/grp-system/systemd/main.c
new file mode 100644
index 0000000000..042cce49dd
--- /dev/null
+++ b/src/grp-system/systemd/main.c
@@ -0,0 +1,2149 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/prctl.h>
+#include <sys/reboot.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#ifdef HAVE_SECCOMP
+#include <seccomp.h>
+#endif
+#ifdef HAVE_VALGRIND_VALGRIND_H
+#include <valgrind/valgrind.h>
+#endif
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "architecture.h"
+#include "build.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "capability-util.h"
+#include "clock-util.h"
+#include "conf-parser.h"
+#include "cpu-set-util.h"
+#include "dbus-manager.h"
+#include "def.h"
+#include "env-util.h"
+#include "fd-util.h"
+#include "fdset.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "hostname-setup.h"
+#include "ima-setup.h"
+#include "killall.h"
+#include "kmod-setup.h"
+#include "load-fragment.h"
+#include "log.h"
+#include "loopback-setup.h"
+#include "machine-id-setup.h"
+#include "manager.h"
+#include "missing.h"
+#include "mount-setup.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "proc-cmdline.h"
+#include "process-util.h"
+#include "rlimit-util.h"
+#include "selinux-setup.h"
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "smack-setup.h"
+#include "special.h"
+#include "stat-util.h"
+#include "stdio-util.h"
+#include "strv.h"
+#include "switch-root.h"
+#include "terminal-util.h"
+#include "umask-util.h"
+#include "user-util.h"
+#include "virt.h"
+#include "watchdog.h"
+
+static enum {
+        ACTION_RUN,
+        ACTION_HELP,
+        ACTION_VERSION,
+        ACTION_TEST,
+        ACTION_DUMP_CONFIGURATION_ITEMS,
+        ACTION_DONE
+} arg_action = ACTION_RUN;
+static char *arg_default_unit = NULL;
+static bool arg_system = false;
+static bool arg_dump_core = true;
+static int arg_crash_chvt = -1;
+static bool arg_crash_shell = false;
+static bool arg_crash_reboot = false;
+static bool arg_confirm_spawn = false;
+static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
+static bool arg_switched_root = false;
+static bool arg_no_pager = false;
+static char ***arg_join_controllers = NULL;
+static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
+static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
+static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
+static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
+static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
+static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
+static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
+static usec_t arg_runtime_watchdog = 0;
+static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
+static char **arg_default_environment = NULL;
+static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
+static uint64_t arg_capability_bounding_set = CAP_ALL;
+static nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
+static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
+static Set* arg_syscall_archs = NULL;
+static FILE* arg_serialization = NULL;
+static bool arg_default_cpu_accounting = false;
+static bool arg_default_io_accounting = false;
+static bool arg_default_blockio_accounting = false;
+static bool arg_default_memory_accounting = false;
+static bool arg_default_tasks_accounting = true;
+static uint64_t arg_default_tasks_max = UINT64_C(512);
+static sd_id128_t arg_machine_id = {};
+
+noreturn static void freeze_or_reboot(void) {
+
+        if (arg_crash_reboot) {
+                log_notice("Rebooting in 10s...");
+                (void) sleep(10);
+
+                log_notice("Rebooting now...");
+                (void) reboot(RB_AUTOBOOT);
+                log_emergency_errno(errno, "Failed to reboot: %m");
+        }
+
+        log_emergency("Freezing execution.");
+        freeze();
+}
+
+noreturn static void crash(int sig) {
+        struct sigaction sa;
+        pid_t pid;
+
+        if (getpid() != 1)
+                /* Pass this on immediately, if this is not PID 1 */
+                (void) raise(sig);
+        else if (!arg_dump_core)
+                log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
+        else {
+                sa = (struct sigaction) {
+                        .sa_handler = nop_signal_handler,
+                        .sa_flags = SA_NOCLDSTOP|SA_RESTART,
+                };
+
+                /* We want to wait for the core process, hence let's enable SIGCHLD */
+                (void) sigaction(SIGCHLD, &sa, NULL);
+
+                pid = raw_clone(SIGCHLD, NULL);
+                if (pid < 0)
+                        log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
+                else if (pid == 0) {
+                        /* Enable default signal handler for core dump */
+
+                        sa = (struct sigaction) {
+                                .sa_handler = SIG_DFL,
+                        };
+                        (void) sigaction(sig, &sa, NULL);
+
+                        /* Don't limit the coredump size */
+                        (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
+
+                        /* Just to be sure... */
+                        (void) chdir("/");
+
+                        /* Raise the signal again */
+                        pid = raw_getpid();
+                        (void) kill(pid, sig); /* raise() would kill the parent */
+
+                        assert_not_reached("We shouldn't be here...");
+                        _exit(EXIT_FAILURE);
+                } else {
+                        siginfo_t status;
+                        int r;
+
+                        /* Order things nicely. */
+                        r = wait_for_terminate(pid, &status);
+                        if (r < 0)
+                                log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
+                        else if (status.si_code != CLD_DUMPED)
+                                log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
+                                              signal_to_string(sig),
+                                              pid, sigchld_code_to_string(status.si_code),
+                                              status.si_status,
+                                              strna(status.si_code == CLD_EXITED
+                                                    ? exit_status_to_string(status.si_status, EXIT_STATUS_FULL)
+                                                    : signal_to_string(status.si_status)));
+                        else
+                                log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
+                }
+        }
+
+        if (arg_crash_chvt >= 0)
+                (void) chvt(arg_crash_chvt);
+
+        sa = (struct sigaction) {
+                .sa_handler = SIG_IGN,
+                .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
+        };
+
+        /* Let the kernel reap children for us */
+        (void) sigaction(SIGCHLD, &sa, NULL);
+
+        if (arg_crash_shell) {
+                log_notice("Executing crash shell in 10s...");
+                (void) sleep(10);
+
+                pid = raw_clone(SIGCHLD, NULL);
+                if (pid < 0)
+                        log_emergency_errno(errno, "Failed to fork off crash shell: %m");
+                else if (pid == 0) {
+                        (void) setsid();
+                        (void) make_console_stdio();
+                        (void) execle("/bin/sh", "/bin/sh", NULL, environ);
+
+                        log_emergency_errno(errno, "execle() failed: %m");
+                        _exit(EXIT_FAILURE);
+                } else {
+                        log_info("Spawned crash shell as PID "PID_FMT".", pid);
+                        (void) wait_for_terminate(pid, NULL);
+                }
+        }
+
+        freeze_or_reboot();
+}
+
+static void install_crash_handler(void) {
+        static const struct sigaction sa = {
+                .sa_handler = crash,
+                .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
+        };
+        int r;
+
+        /* We ignore the return value here, since, we don't mind if we
+         * cannot set up a crash handler */
+        r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
+        if (r < 0)
+                log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
+}
+
+static int console_setup(void) {
+        _cleanup_close_ int tty_fd = -1;
+        int r;
+
+        tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
+        if (tty_fd < 0)
+                return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
+
+        /* We don't want to force text mode.  plymouth may be showing
+         * pictures already from initrd. */
+        r = reset_terminal_fd(tty_fd, false);
+        if (r < 0)
+                return log_error_errno(r, "Failed to reset /dev/console: %m");
+
+        return 0;
+}
+
+static int parse_crash_chvt(const char *value) {
+        int b;
+
+        if (safe_atoi(value, &arg_crash_chvt) >= 0)
+                return 0;
+
+        b = parse_boolean(value);
+        if (b < 0)
+                return b;
+
+        if (b > 0)
+                arg_crash_chvt = 0; /* switch to where kmsg goes */
+        else
+                arg_crash_chvt = -1; /* turn off switching */
+
+        return 0;
+}
+
+static int set_machine_id(const char *m) {
+        assert(m);
+
+        if (sd_id128_from_string(m, &arg_machine_id) < 0)
+                return -EINVAL;
+
+        if (sd_id128_is_null(arg_machine_id))
+                return -EINVAL;
+
+        return 0;
+}
+
+static int parse_proc_cmdline_item(const char *key, const char *value) {
+
+        int r;
+
+        assert(key);
+
+        if (streq(key, "systemd.unit") && value) {
+
+                if (!in_initrd())
+                        return free_and_strdup(&arg_default_unit, value);
+
+        } else if (streq(key, "rd.systemd.unit") && value) {
+
+                if (in_initrd())
+                        return free_and_strdup(&arg_default_unit, value);
+
+        } else if (streq(key, "systemd.dump_core") && value) {
+
+                r = parse_boolean(value);
+                if (r < 0)
+                        log_warning("Failed to parse dump core switch %s. Ignoring.", value);
+                else
+                        arg_dump_core = r;
+
+        } else if (streq(key, "systemd.crash_chvt") && value) {
+
+                if (parse_crash_chvt(value) < 0)
+                        log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
+
+        } else if (streq(key, "systemd.crash_shell") && value) {
+
+                r = parse_boolean(value);
+                if (r < 0)
+                        log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
+                else
+                        arg_crash_shell = r;
+
+        } else if (streq(key, "systemd.crash_reboot") && value) {
+
+                r = parse_boolean(value);
+                if (r < 0)
+                        log_warning("Failed to parse crash reboot switch %s. Ignoring.", value);
+                else
+                        arg_crash_reboot = r;
+
+        } else if (streq(key, "systemd.confirm_spawn") && value) {
+
+                r = parse_boolean(value);
+                if (r < 0)
+                        log_warning("Failed to parse confirm spawn switch %s. Ignoring.", value);
+                else
+                        arg_confirm_spawn = r;
+
+        } else if (streq(key, "systemd.show_status") && value) {
+
+                r = parse_show_status(value, &arg_show_status);
+                if (r < 0)
+                        log_warning("Failed to parse show status switch %s. Ignoring.", value);
+
+        } else if (streq(key, "systemd.default_standard_output") && value) {
+
+                r = exec_output_from_string(value);
+                if (r < 0)
+                        log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
+                else
+                        arg_default_std_output = r;
+
+        } else if (streq(key, "systemd.default_standard_error") && value) {
+
+                r = exec_output_from_string(value);
+                if (r < 0)
+                        log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
+                else
+                        arg_default_std_error = r;
+
+        } else if (streq(key, "systemd.setenv") && value) {
+
+                if (env_assignment_is_valid(value)) {
+                        char **env;
+
+                        env = strv_env_set(arg_default_environment, value);
+                        if (env)
+                                arg_default_environment = env;
+                        else
+                                log_warning_errno(ENOMEM, "Setting environment variable '%s' failed, ignoring: %m", value);
+                } else
+                        log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
+
+        } else if (streq(key, "systemd.machine_id") && value) {
+
+               r = set_machine_id(value);
+               if (r < 0)
+                       log_warning("MachineID '%s' is not valid. Ignoring.", value);
+
+        } else if (streq(key, "quiet") && !value) {
+
+                if (arg_show_status == _SHOW_STATUS_UNSET)
+                        arg_show_status = SHOW_STATUS_AUTO;
+
+        } else if (streq(key, "debug") && !value) {
+
+                /* Note that log_parse_environment() handles 'debug'
+                 * too, and sets the log level to LOG_DEBUG. */
+
+                if (detect_container() > 0)
+                        log_set_target(LOG_TARGET_CONSOLE);
+
+        } else if (!in_initrd() && !value) {
+                const char *target;
+
+                /* SysV compatibility */
+                target = runlevel_to_target(key);
+                if (target)
+                        return free_and_strdup(&arg_default_unit, target);
+
+        } else if (streq(key, "systemd.default_timeout_start_sec") && value) {
+
+                r = parse_sec(value, &arg_default_timeout_start_usec);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to parse default start timeout: %s, ignoring.", value);
+
+                if (arg_default_timeout_start_usec <= 0)
+                        arg_default_timeout_start_usec = USEC_INFINITY;
+        }
+
+        return 0;
+}
+
+#define DEFINE_SETTER(name, func, descr)                              \
+        static int name(const char *unit,                             \
+                        const char *filename,                         \
+                        unsigned line,                                \
+                        const char *section,                          \
+                        unsigned section_line,                        \
+                        const char *lvalue,                           \
+                        int ltype,                                    \
+                        const char *rvalue,                           \
+                        void *data,                                   \
+                        void *userdata) {                             \
+                                                                      \
+                int r;                                                \
+                                                                      \
+                assert(filename);                                     \
+                assert(lvalue);                                       \
+                assert(rvalue);                                       \
+                                                                      \
+                r = func(rvalue);                                     \
+                if (r < 0)                                            \
+                        log_syntax(unit, LOG_ERR, filename, line, r,  \
+                                   "Invalid " descr "'%s': %m",       \
+                                   rvalue);                           \
+                                                                      \
+                return 0;                                             \
+        }
+
+DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
+DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
+DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
+DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
+
+static int config_parse_cpu_affinity2(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        _cleanup_cpu_free_ cpu_set_t *c = NULL;
+        int ncpus;
+
+        ncpus = parse_cpu_set_and_warn(rvalue, &c, unit, filename, line, lvalue);
+        if (ncpus < 0)
+                return ncpus;
+
+        if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
+                log_warning("Failed to set CPU affinity: %m");
+
+        return 0;
+}
+
+static int config_parse_show_status(
+                const char* unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        int k;
+        ShowStatus *b = data;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        k = parse_show_status(rvalue, b);
+        if (k < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
+                return 0;
+        }
+
+        return 0;
+}
+
+static int config_parse_crash_chvt(
+                const char* unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+
+        r = parse_crash_chvt(rvalue);
+        if (r < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
+                return 0;
+        }
+
+        return 0;
+}
+
+static int config_parse_join_controllers(const char *unit,
+                                         const char *filename,
+                                         unsigned line,
+                                         const char *section,
+                                         unsigned section_line,
+                                         const char *lvalue,
+                                         int ltype,
+                                         const char *rvalue,
+                                         void *data,
+                                         void *userdata) {
+
+        const char *whole_rvalue = rvalue;
+        unsigned n = 0;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+
+        arg_join_controllers = strv_free_free(arg_join_controllers);
+
+        for (;;) {
+                _cleanup_free_ char *word = NULL;
+                char **l;
+                int r;
+
+                r = extract_first_word(&rvalue, &word, WHITESPACE, EXTRACT_QUOTES);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Invalid value for %s: %s", lvalue, whole_rvalue);
+                        return r;
+                }
+                if (r == 0)
+                        break;
+
+                l = strv_split(word, ",");
+                if (!l)
+                        return log_oom();
+                strv_uniq(l);
+
+                if (strv_length(l) <= 1) {
+                        strv_free(l);
+                        continue;
+                }
+
+                if (!arg_join_controllers) {
+                        arg_join_controllers = new(char**, 2);
+                        if (!arg_join_controllers) {
+                                strv_free(l);
+                                return log_oom();
+                        }
+
+                        arg_join_controllers[0] = l;
+                        arg_join_controllers[1] = NULL;
+
+                        n = 1;
+                } else {
+                        char ***a;
+                        char ***t;
+
+                        t = new0(char**, n+2);
+                        if (!t) {
+                                strv_free(l);
+                                return log_oom();
+                        }
+
+                        n = 0;
+
+                        for (a = arg_join_controllers; *a; a++) {
+
+                                if (strv_overlap(*a, l)) {
+                                        if (strv_extend_strv(&l, *a, false) < 0) {
+                                                strv_free(l);
+                                                strv_free_free(t);
+                                                return log_oom();
+                                        }
+
+                                } else {
+                                        char **c;
+
+                                        c = strv_copy(*a);
+                                        if (!c) {
+                                                strv_free(l);
+                                                strv_free_free(t);
+                                                return log_oom();
+                                        }
+
+                                        t[n++] = c;
+                                }
+                        }
+
+                        t[n++] = strv_uniq(l);
+
+                        strv_free_free(arg_join_controllers);
+                        arg_join_controllers = t;
+                }
+        }
+        if (!isempty(rvalue))
+                log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
+
+        return 0;
+}
+
+static int parse_config_file(void) {
+
+        const ConfigTableItem items[] = {
+                { "Manager", "LogLevel",                  config_parse_level2,           0, NULL                                   },
+                { "Manager", "LogTarget",                 config_parse_target,           0, NULL                                   },
+                { "Manager", "LogColor",                  config_parse_color,            0, NULL                                   },
+                { "Manager", "LogLocation",               config_parse_location,         0, NULL                                   },
+                { "Manager", "DumpCore",                  config_parse_bool,             0, &arg_dump_core                         },
+                { "Manager", "CrashChVT", /* legacy */    config_parse_crash_chvt,       0, NULL                                   },
+                { "Manager", "CrashChangeVT",             config_parse_crash_chvt,       0, NULL                                   },
+                { "Manager", "CrashShell",                config_parse_bool,             0, &arg_crash_shell                       },
+                { "Manager", "CrashReboot",               config_parse_bool,             0, &arg_crash_reboot                      },
+                { "Manager", "ShowStatus",                config_parse_show_status,      0, &arg_show_status                       },
+                { "Manager", "CPUAffinity",               config_parse_cpu_affinity2,    0, NULL                                   },
+                { "Manager", "JoinControllers",           config_parse_join_controllers, 0, &arg_join_controllers                  },
+                { "Manager", "RuntimeWatchdogSec",        config_parse_sec,              0, &arg_runtime_watchdog                  },
+                { "Manager", "ShutdownWatchdogSec",       config_parse_sec,              0, &arg_shutdown_watchdog                 },
+                { "Manager", "CapabilityBoundingSet",     config_parse_capability_set,   0, &arg_capability_bounding_set           },
+#ifdef HAVE_SECCOMP
+                { "Manager", "SystemCallArchitectures",   config_parse_syscall_archs,    0, &arg_syscall_archs                     },
+#endif
+                { "Manager", "TimerSlackNSec",            config_parse_nsec,             0, &arg_timer_slack_nsec                  },
+                { "Manager", "DefaultTimerAccuracySec",   config_parse_sec,              0, &arg_default_timer_accuracy_usec       },
+                { "Manager", "DefaultStandardOutput",     config_parse_output,           0, &arg_default_std_output                },
+                { "Manager", "DefaultStandardError",      config_parse_output,           0, &arg_default_std_error                 },
+                { "Manager", "DefaultTimeoutStartSec",    config_parse_sec,              0, &arg_default_timeout_start_usec        },
+                { "Manager", "DefaultTimeoutStopSec",     config_parse_sec,              0, &arg_default_timeout_stop_usec         },
+                { "Manager", "DefaultRestartSec",         config_parse_sec,              0, &arg_default_restart_usec              },
+                { "Manager", "DefaultStartLimitInterval", config_parse_sec,              0, &arg_default_start_limit_interval      }, /* obsolete alias */
+                { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec,            0, &arg_default_start_limit_interval      },
+                { "Manager", "DefaultStartLimitBurst",    config_parse_unsigned,         0, &arg_default_start_limit_burst         },
+                { "Manager", "DefaultEnvironment",        config_parse_environ,          0, &arg_default_environment               },
+                { "Manager", "DefaultLimitCPU",           config_parse_limit,            RLIMIT_CPU, arg_default_rlimit            },
+                { "Manager", "DefaultLimitFSIZE",         config_parse_limit,            RLIMIT_FSIZE, arg_default_rlimit          },
+                { "Manager", "DefaultLimitDATA",          config_parse_limit,            RLIMIT_DATA, arg_default_rlimit           },
+                { "Manager", "DefaultLimitSTACK",         config_parse_limit,            RLIMIT_STACK, arg_default_rlimit          },
+                { "Manager", "DefaultLimitCORE",          config_parse_limit,            RLIMIT_CORE, arg_default_rlimit           },
+                { "Manager", "DefaultLimitRSS",           config_parse_limit,            RLIMIT_RSS, arg_default_rlimit            },
+                { "Manager", "DefaultLimitNOFILE",        config_parse_limit,            RLIMIT_NOFILE, arg_default_rlimit         },
+                { "Manager", "DefaultLimitAS",            config_parse_limit,            RLIMIT_AS, arg_default_rlimit             },
+                { "Manager", "DefaultLimitNPROC",         config_parse_limit,            RLIMIT_NPROC, arg_default_rlimit          },
+                { "Manager", "DefaultLimitMEMLOCK",       config_parse_limit,            RLIMIT_MEMLOCK, arg_default_rlimit        },
+                { "Manager", "DefaultLimitLOCKS",         config_parse_limit,            RLIMIT_LOCKS, arg_default_rlimit          },
+                { "Manager", "DefaultLimitSIGPENDING",    config_parse_limit,            RLIMIT_SIGPENDING, arg_default_rlimit     },
+                { "Manager", "DefaultLimitMSGQUEUE",      config_parse_limit,            RLIMIT_MSGQUEUE, arg_default_rlimit       },
+                { "Manager", "DefaultLimitNICE",          config_parse_limit,            RLIMIT_NICE, arg_default_rlimit           },
+                { "Manager", "DefaultLimitRTPRIO",        config_parse_limit,            RLIMIT_RTPRIO, arg_default_rlimit         },
+                { "Manager", "DefaultLimitRTTIME",        config_parse_limit,            RLIMIT_RTTIME, arg_default_rlimit         },
+                { "Manager", "DefaultCPUAccounting",      config_parse_bool,             0, &arg_default_cpu_accounting            },
+                { "Manager", "DefaultIOAccounting",       config_parse_bool,             0, &arg_default_io_accounting             },
+                { "Manager", "DefaultBlockIOAccounting",  config_parse_bool,             0, &arg_default_blockio_accounting        },
+                { "Manager", "DefaultMemoryAccounting",   config_parse_bool,             0, &arg_default_memory_accounting         },
+                { "Manager", "DefaultTasksAccounting",    config_parse_bool,             0, &arg_default_tasks_accounting          },
+                { "Manager", "DefaultTasksMax",           config_parse_tasks_max,        0, &arg_default_tasks_max                 },
+                {}
+        };
+
+        const char *fn, *conf_dirs_nulstr;
+
+        fn = arg_system ?
+                PKGSYSCONFDIR "/system.conf" :
+                PKGSYSCONFDIR "/user.conf";
+
+        conf_dirs_nulstr = arg_system ?
+                CONF_PATHS_NULSTR("systemd/system.conf.d") :
+                CONF_PATHS_NULSTR("systemd/user.conf.d");
+
+        config_parse_many(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, false, NULL);
+
+        /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
+         * like everywhere else. */
+        if (arg_default_timeout_start_usec <= 0)
+                arg_default_timeout_start_usec = USEC_INFINITY;
+        if (arg_default_timeout_stop_usec <= 0)
+                arg_default_timeout_stop_usec = USEC_INFINITY;
+
+        return 0;
+}
+
+static void manager_set_defaults(Manager *m) {
+
+        assert(m);
+
+        m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
+        m->default_std_output = arg_default_std_output;
+        m->default_std_error = arg_default_std_error;
+        m->default_timeout_start_usec = arg_default_timeout_start_usec;
+        m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
+        m->default_restart_usec = arg_default_restart_usec;
+        m->default_start_limit_interval = arg_default_start_limit_interval;
+        m->default_start_limit_burst = arg_default_start_limit_burst;
+        m->default_cpu_accounting = arg_default_cpu_accounting;
+        m->default_io_accounting = arg_default_io_accounting;
+        m->default_blockio_accounting = arg_default_blockio_accounting;
+        m->default_memory_accounting = arg_default_memory_accounting;
+        m->default_tasks_accounting = arg_default_tasks_accounting;
+        m->default_tasks_max = arg_default_tasks_max;
+
+        manager_set_default_rlimits(m, arg_default_rlimit);
+        manager_environment_add(m, NULL, arg_default_environment);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_LOG_LEVEL = 0x100,
+                ARG_LOG_TARGET,
+                ARG_LOG_COLOR,
+                ARG_LOG_LOCATION,
+                ARG_UNIT,
+                ARG_SYSTEM,
+                ARG_USER,
+                ARG_TEST,
+                ARG_NO_PAGER,
+                ARG_VERSION,
+                ARG_DUMP_CONFIGURATION_ITEMS,
+                ARG_DUMP_CORE,
+                ARG_CRASH_CHVT,
+                ARG_CRASH_SHELL,
+                ARG_CRASH_REBOOT,
+                ARG_CONFIRM_SPAWN,
+                ARG_SHOW_STATUS,
+                ARG_DESERIALIZE,
+                ARG_SWITCHED_ROOT,
+                ARG_DEFAULT_STD_OUTPUT,
+                ARG_DEFAULT_STD_ERROR,
+                ARG_MACHINE_ID
+        };
+
+        static const struct option options[] = {
+                { "log-level",                required_argument, NULL, ARG_LOG_LEVEL                },
+                { "log-target",               required_argument, NULL, ARG_LOG_TARGET               },
+                { "log-color",                optional_argument, NULL, ARG_LOG_COLOR                },
+                { "log-location",             optional_argument, NULL, ARG_LOG_LOCATION             },
+                { "unit",                     required_argument, NULL, ARG_UNIT                     },
+                { "system",                   no_argument,       NULL, ARG_SYSTEM                   },
+                { "user",                     no_argument,       NULL, ARG_USER                     },
+                { "test",                     no_argument,       NULL, ARG_TEST                     },
+                { "no-pager",                 no_argument,       NULL, ARG_NO_PAGER                 },
+                { "help",                     no_argument,       NULL, 'h'                          },
+                { "version",                  no_argument,       NULL, ARG_VERSION                  },
+                { "dump-configuration-items", no_argument,       NULL, ARG_DUMP_CONFIGURATION_ITEMS },
+                { "dump-core",                optional_argument, NULL, ARG_DUMP_CORE                },
+                { "crash-chvt",               required_argument, NULL, ARG_CRASH_CHVT               },
+                { "crash-shell",              optional_argument, NULL, ARG_CRASH_SHELL              },
+                { "crash-reboot",             optional_argument, NULL, ARG_CRASH_REBOOT             },
+                { "confirm-spawn",            optional_argument, NULL, ARG_CONFIRM_SPAWN            },
+                { "show-status",              optional_argument, NULL, ARG_SHOW_STATUS              },
+                { "deserialize",              required_argument, NULL, ARG_DESERIALIZE              },
+                { "switched-root",            no_argument,       NULL, ARG_SWITCHED_ROOT            },
+                { "default-standard-output",  required_argument, NULL, ARG_DEFAULT_STD_OUTPUT,      },
+                { "default-standard-error",   required_argument, NULL, ARG_DEFAULT_STD_ERROR,       },
+                { "machine-id",               required_argument, NULL, ARG_MACHINE_ID               },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 1);
+        assert(argv);
+
+        if (getpid() == 1)
+                opterr = 0;
+
+        while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case ARG_LOG_LEVEL:
+                        r = log_set_max_level_from_string(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse log level %s.", optarg);
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_LOG_TARGET:
+                        r = log_set_target_from_string(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse log target %s.", optarg);
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_LOG_COLOR:
+
+                        if (optarg) {
+                                r = log_show_color_from_string(optarg);
+                                if (r < 0) {
+                                        log_error("Failed to parse log color setting %s.", optarg);
+                                        return r;
+                                }
+                        } else
+                                log_show_color(true);
+
+                        break;
+
+                case ARG_LOG_LOCATION:
+                        if (optarg) {
+                                r = log_show_location_from_string(optarg);
+                                if (r < 0) {
+                                        log_error("Failed to parse log location setting %s.", optarg);
+                                        return r;
+                                }
+                        } else
+                                log_show_location(true);
+
+                        break;
+
+                case ARG_DEFAULT_STD_OUTPUT:
+                        r = exec_output_from_string(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse default standard output setting %s.", optarg);
+                                return r;
+                        } else
+                                arg_default_std_output = r;
+                        break;
+
+                case ARG_DEFAULT_STD_ERROR:
+                        r = exec_output_from_string(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse default standard error output setting %s.", optarg);
+                                return r;
+                        } else
+                                arg_default_std_error = r;
+                        break;
+
+                case ARG_UNIT:
+
+                        r = free_and_strdup(&arg_default_unit, optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to set default unit %s: %m", optarg);
+
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_system = true;
+                        break;
+
+                case ARG_USER:
+                        arg_system = false;
+                        break;
+
+                case ARG_TEST:
+                        arg_action = ACTION_TEST;
+                        break;
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case ARG_VERSION:
+                        arg_action = ACTION_VERSION;
+                        break;
+
+                case ARG_DUMP_CONFIGURATION_ITEMS:
+                        arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
+                        break;
+
+                case ARG_DUMP_CORE:
+                        if (!optarg)
+                                arg_dump_core = true;
+                        else {
+                                r = parse_boolean(optarg);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse dump core boolean: %s", optarg);
+                                arg_dump_core = r;
+                        }
+                        break;
+
+                case ARG_CRASH_CHVT:
+                        r = parse_crash_chvt(optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse crash virtual terminal index: %s", optarg);
+                        break;
+
+                case ARG_CRASH_SHELL:
+                        if (!optarg)
+                                arg_crash_shell = true;
+                        else {
+                                r = parse_boolean(optarg);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
+                                arg_crash_shell = r;
+                        }
+                        break;
+
+                case ARG_CRASH_REBOOT:
+                        if (!optarg)
+                                arg_crash_reboot = true;
+                        else {
+                                r = parse_boolean(optarg);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
+                                arg_crash_reboot = r;
+                        }
+                        break;
+
+                case ARG_CONFIRM_SPAWN:
+                        r = optarg ? parse_boolean(optarg) : 1;
+                        if (r < 0) {
+                                log_error("Failed to parse confirm spawn boolean %s.", optarg);
+                                return r;
+                        }
+                        arg_confirm_spawn = r;
+                        break;
+
+                case ARG_SHOW_STATUS:
+                        if (optarg) {
+                                r = parse_show_status(optarg, &arg_show_status);
+                                if (r < 0) {
+                                        log_error("Failed to parse show status boolean %s.", optarg);
+                                        return r;
+                                }
+                        } else
+                                arg_show_status = SHOW_STATUS_YES;
+                        break;
+
+                case ARG_DESERIALIZE: {
+                        int fd;
+                        FILE *f;
+
+                        r = safe_atoi(optarg, &fd);
+                        if (r < 0 || fd < 0) {
+                                log_error("Failed to parse deserialize option %s.", optarg);
+                                return -EINVAL;
+                        }
+
+                        (void) fd_cloexec(fd, true);
+
+                        f = fdopen(fd, "r");
+                        if (!f)
+                                return log_error_errno(errno, "Failed to open serialization fd: %m");
+
+                        safe_fclose(arg_serialization);
+                        arg_serialization = f;
+
+                        break;
+                }
+
+                case ARG_SWITCHED_ROOT:
+                        arg_switched_root = true;
+                        break;
+
+                case ARG_MACHINE_ID:
+                        r = set_machine_id(optarg);
+                        if (r < 0) {
+                                log_error("MachineID '%s' is not valid.", optarg);
+                                return r;
+                        }
+                        break;
+
+                case 'h':
+                        arg_action = ACTION_HELP;
+                        break;
+
+                case 'D':
+                        log_set_max_level(LOG_DEBUG);
+                        break;
+
+                case 'b':
+                case 's':
+                case 'z':
+                        /* Just to eat away the sysvinit kernel
+                         * cmdline args without getopt() error
+                         * messages that we'll parse in
+                         * parse_proc_cmdline_word() or ignore. */
+
+                case '?':
+                        if (getpid() != 1)
+                                return -EINVAL;
+                        else
+                                return 0;
+
+                default:
+                        assert_not_reached("Unhandled option code.");
+                }
+
+        if (optind < argc && getpid() != 1) {
+                /* Hmm, when we aren't run as init system
+                 * let's complain about excess arguments */
+
+                log_error("Excess arguments.");
+                return -EINVAL;
+        }
+
+        return 0;
+}
+
+static int help(void) {
+
+        printf("%s [OPTIONS...]\n\n"
+               "Starts up and maintains the system or user services.\n\n"
+               "  -h --help                      Show this help\n"
+               "     --test                      Determine startup sequence, dump it and exit\n"
+               "     --no-pager                  Do not pipe output into a pager\n"
+               "     --dump-configuration-items  Dump understood unit configuration items\n"
+               "     --unit=UNIT                 Set default unit\n"
+               "     --system                    Run a system instance, even if PID != 1\n"
+               "     --user                      Run a user instance\n"
+               "     --dump-core[=BOOL]          Dump core on crash\n"
+               "     --crash-vt=NR               Change to specified VT on crash\n"
+               "     --crash-reboot[=BOOL]       Reboot on crash\n"
+               "     --crash-shell[=BOOL]        Run shell on crash\n"
+               "     --confirm-spawn[=BOOL]      Ask for confirmation when spawning processes\n"
+               "     --show-status[=BOOL]        Show status updates on the console during bootup\n"
+               "     --log-target=TARGET         Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
+               "     --log-level=LEVEL           Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
+               "     --log-color[=BOOL]          Highlight important log messages\n"
+               "     --log-location[=BOOL]       Include code location in log messages\n"
+               "     --default-standard-output=  Set default standard output for services\n"
+               "     --default-standard-error=   Set default standard error output for services\n",
+               program_invocation_short_name);
+
+        return 0;
+}
+
+static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
+        _cleanup_fdset_free_ FDSet *fds = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(m);
+        assert(_f);
+        assert(_fds);
+
+        r = manager_open_serialization(m, &f);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create serialization file: %m");
+
+        /* Make sure nothing is really destructed when we shut down */
+        m->n_reloading++;
+        bus_manager_send_reloading(m, true);
+
+        fds = fdset_new();
+        if (!fds)
+                return log_oom();
+
+        r = manager_serialize(m, f, fds, switching_root);
+        if (r < 0)
+                return log_error_errno(r, "Failed to serialize state: %m");
+
+        if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
+                return log_error_errno(errno, "Failed to rewind serialization fd: %m");
+
+        r = fd_cloexec(fileno(f), false);
+        if (r < 0)
+                return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
+
+        r = fdset_cloexec(fds, false);
+        if (r < 0)
+                return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
+
+        *_f = f;
+        *_fds = fds;
+
+        f = NULL;
+        fds = NULL;
+
+        return 0;
+}
+
+static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
+        struct rlimit nl;
+        int r;
+
+        assert(saved_rlimit);
+
+        /* Save the original RLIMIT_NOFILE so that we can reset it
+         * later when transitioning from the initrd to the main
+         * systemd or suchlike. */
+        if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0)
+                return log_error_errno(errno, "Reading RLIMIT_NOFILE failed: %m");
+
+        /* Make sure forked processes get the default kernel setting */
+        if (!arg_default_rlimit[RLIMIT_NOFILE]) {
+                struct rlimit *rl;
+
+                rl = newdup(struct rlimit, saved_rlimit, 1);
+                if (!rl)
+                        return log_oom();
+
+                arg_default_rlimit[RLIMIT_NOFILE] = rl;
+        }
+
+        /* Bump up the resource limit for ourselves substantially */
+        nl.rlim_cur = nl.rlim_max = 64*1024;
+        r = setrlimit_closest(RLIMIT_NOFILE, &nl);
+        if (r < 0)
+                return log_error_errno(r, "Setting RLIMIT_NOFILE failed: %m");
+
+        return 0;
+}
+
+static void test_usr(void) {
+
+        /* Check that /usr is not a separate fs */
+
+        if (dir_is_empty("/usr") <= 0)
+                return;
+
+        log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
+                    "Some things will probably break (sometimes even silently) in mysterious ways. "
+                    "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
+}
+
+static int initialize_join_controllers(void) {
+        /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
+         * + "net_prio". We'd like to add "cpuset" to the mix, but
+         * "cpuset" doesn't really work for groups with no initialized
+         * attributes. */
+
+        arg_join_controllers = new(char**, 3);
+        if (!arg_join_controllers)
+                return -ENOMEM;
+
+        arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
+        if (!arg_join_controllers[0])
+                goto oom;
+
+        arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
+        if (!arg_join_controllers[1])
+                goto oom;
+
+        arg_join_controllers[2] = NULL;
+        return 0;
+
+oom:
+        arg_join_controllers = strv_free_free(arg_join_controllers);
+        return -ENOMEM;
+}
+
+static int enforce_syscall_archs(Set *archs) {
+#ifdef HAVE_SECCOMP
+        scmp_filter_ctx *seccomp;
+        Iterator i;
+        void *id;
+        int r;
+
+        seccomp = seccomp_init(SCMP_ACT_ALLOW);
+        if (!seccomp)
+                return log_oom();
+
+        SET_FOREACH(id, arg_syscall_archs, i) {
+                r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
+                if (r == -EEXIST)
+                        continue;
+                if (r < 0) {
+                        log_error_errno(r, "Failed to add architecture to seccomp: %m");
+                        goto finish;
+                }
+        }
+
+        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+        if (r < 0) {
+                log_error_errno(r, "Failed to unset NO_NEW_PRIVS: %m");
+                goto finish;
+        }
+
+        r = seccomp_load(seccomp);
+        if (r < 0)
+                log_error_errno(r, "Failed to add install architecture seccomp: %m");
+
+finish:
+        seccomp_release(seccomp);
+        return r;
+#else
+        return 0;
+#endif
+}
+
+static int status_welcome(void) {
+        _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
+        int r;
+
+        r = parse_env_file("/etc/os-release", NEWLINE,
+                           "PRETTY_NAME", &pretty_name,
+                           "ANSI_COLOR", &ansi_color,
+                           NULL);
+        if (r == -ENOENT)
+                r = parse_env_file("/usr/lib/os-release", NEWLINE,
+                                   "PRETTY_NAME", &pretty_name,
+                                   "ANSI_COLOR", &ansi_color,
+                                   NULL);
+
+        if (r < 0 && r != -ENOENT)
+                log_warning_errno(r, "Failed to read os-release file: %m");
+
+        if (log_get_show_color())
+                return status_printf(NULL, false, false,
+                                     "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
+                                     isempty(ansi_color) ? "1" : ansi_color,
+                                     isempty(pretty_name) ? "GNU/Linux" : pretty_name);
+        else
+                return status_printf(NULL, false, false,
+                                     "\nWelcome to %s!\n",
+                                     isempty(pretty_name) ? "GNU/Linux" : pretty_name);
+}
+
+static int write_container_id(void) {
+        const char *c;
+        int r;
+
+        c = getenv("container");
+        if (isempty(c))
+                return 0;
+
+        RUN_WITH_UMASK(0022)
+                r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
+
+        return 1;
+}
+
+static int bump_unix_max_dgram_qlen(void) {
+        _cleanup_free_ char *qlen = NULL;
+        unsigned long v;
+        int r;
+
+        /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
+         * default of 16 is simply too low. We set the value really
+         * really early during boot, so that it is actually applied to
+         * all our sockets, including the $NOTIFY_SOCKET one. */
+
+        r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
+
+        r = safe_atolu(qlen, &v);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
+
+        if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
+                return 0;
+
+        qlen = mfree(qlen);
+        if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0)
+                return log_oom();
+
+        r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0);
+        if (r < 0)
+                return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
+                                      "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        Manager *m = NULL;
+        int r, retval = EXIT_FAILURE;
+        usec_t before_startup, after_startup;
+        char timespan[FORMAT_TIMESPAN_MAX];
+        FDSet *fds = NULL;
+        bool reexecute = false;
+        const char *shutdown_verb = NULL;
+        dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL;
+        dual_timestamp userspace_timestamp = DUAL_TIMESTAMP_NULL;
+        dual_timestamp kernel_timestamp = DUAL_TIMESTAMP_NULL;
+        dual_timestamp security_start_timestamp = DUAL_TIMESTAMP_NULL;
+        dual_timestamp security_finish_timestamp = DUAL_TIMESTAMP_NULL;
+        static char systemd[] = "systemd";
+        bool skip_setup = false;
+        unsigned j;
+        bool loaded_policy = false;
+        bool arm_reboot_watchdog = false;
+        bool queue_default_job = false;
+        bool empty_etc = false;
+        char *switch_root_dir = NULL, *switch_root_init = NULL;
+        struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0);
+        const char *error_message = NULL;
+
+#ifdef HAVE_SYSV_COMPAT
+        if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {
+                /* This is compatibility support for SysV, where
+                 * calling init as a user is identical to telinit. */
+
+                execv(SYSTEMCTL_BINARY_PATH, argv);
+                log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
+                return 1;
+        }
+#endif
+
+        dual_timestamp_from_monotonic(&kernel_timestamp, 0);
+        dual_timestamp_get(&userspace_timestamp);
+
+        /* Determine if this is a reexecution or normal bootup. We do
+         * the full command line parsing much later, so let's just
+         * have a quick peek here. */
+        if (strv_find(argv+1, "--deserialize"))
+                skip_setup = true;
+
+        /* If we have switched root, do all the special setup
+         * things */
+        if (strv_find(argv+1, "--switched-root"))
+                skip_setup = false;
+
+        /* If we get started via the /sbin/init symlink then we are
+           called 'init'. After a subsequent reexecution we are then
+           called 'systemd'. That is confusing, hence let's call us
+           systemd right-away. */
+        program_invocation_short_name = systemd;
+        prctl(PR_SET_NAME, systemd);
+
+        saved_argv = argv;
+        saved_argc = argc;
+
+        log_show_color(colors_enabled());
+        log_set_upgrade_syslog_to_journal(true);
+
+        /* Disable the umask logic */
+        if (getpid() == 1)
+                umask(0);
+
+        if (getpid() == 1 && detect_container() <= 0) {
+
+                /* Running outside of a container as PID 1 */
+                arg_system = true;
+                make_null_stdio();
+                log_set_target(LOG_TARGET_KMSG);
+                log_open();
+
+                if (in_initrd())
+                        initrd_timestamp = userspace_timestamp;
+
+                if (!skip_setup) {
+                        r = mount_setup_early();
+                        if (r < 0) {
+                                error_message = "Failed to early mount API filesystems";
+                                goto finish;
+                        }
+                        dual_timestamp_get(&security_start_timestamp);
+                        if (mac_selinux_setup(&loaded_policy) < 0) {
+                                error_message = "Failed to load SELinux policy";
+                                goto finish;
+                        } else if (ima_setup() < 0) {
+                                error_message = "Failed to load IMA policy";
+                                goto finish;
+                        } else if (mac_smack_setup(&loaded_policy) < 0) {
+                                error_message = "Failed to load SMACK policy";
+                                goto finish;
+                        }
+                        dual_timestamp_get(&security_finish_timestamp);
+                }
+
+                if (mac_selinux_init() < 0) {
+                        error_message = "Failed to initialize SELinux policy";
+                        goto finish;
+                }
+
+                if (!skip_setup) {
+                        if (clock_is_localtime(NULL) > 0) {
+                                int min;
+
+                                /*
+                                 * The very first call of settimeofday() also does a time warp in the kernel.
+                                 *
+                                 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on
+                                 * external tools to take care of maintaining the RTC and do all adjustments.
+                                 * This matches the behavior of Windows, which leaves the RTC alone if the
+                                 * registry tells that the RTC runs in UTC.
+                                 */
+                                r = clock_set_timezone(&min);
+                                if (r < 0)
+                                        log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
+                                else
+                                        log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
+                        } else if (!in_initrd()) {
+                                /*
+                                 * Do a dummy very first call to seal the kernel's time warp magic.
+                                 *
+                                 * Do not call this this from inside the initrd. The initrd might not
+                                 * carry /etc/adjtime with LOCAL, but the real system could be set up
+                                 * that way. In such case, we need to delay the time-warp or the sealing
+                                 * until we reach the real system.
+                                 *
+                                 * Do no set the kernel's timezone. The concept of local time cannot
+                                 * be supported reliably, the time will jump or be incorrect at every daylight
+                                 * saving time change. All kernel local time concepts will be treated
+                                 * as UTC that way.
+                                 */
+                                (void) clock_reset_timewarp();
+                        }
+
+                        r = clock_apply_epoch();
+                        if (r < 0)
+                                log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
+                        else if (r > 0)
+                                log_info("System time before build time, advancing clock.");
+                }
+
+                /* Set the default for later on, but don't actually
+                 * open the logs like this for now. Note that if we
+                 * are transitioning from the initrd there might still
+                 * be journal fd open, and we shouldn't attempt
+                 * opening that before we parsed /proc/cmdline which
+                 * might redirect output elsewhere. */
+                log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
+
+        } else if (getpid() == 1) {
+                /* Running inside a container, as PID 1 */
+                arg_system = true;
+                log_set_target(LOG_TARGET_CONSOLE);
+                log_close_console(); /* force reopen of /dev/console */
+                log_open();
+
+                /* For the later on, see above... */
+                log_set_target(LOG_TARGET_JOURNAL);
+
+                /* clear the kernel timestamp,
+                 * because we are in a container */
+                kernel_timestamp = DUAL_TIMESTAMP_NULL;
+        } else {
+                /* Running as user instance */
+                arg_system = false;
+                log_set_target(LOG_TARGET_AUTO);
+                log_open();
+
+                /* clear the kernel timestamp,
+                 * because we are not PID 1 */
+                kernel_timestamp = DUAL_TIMESTAMP_NULL;
+        }
+
+        if (getpid() == 1) {
+                /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
+                 * will process core dumps for system services by default. */
+                (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
+
+                /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
+                 * until the systemd-coredump tool is enabled via sysctl. */
+                if (!skip_setup)
+                        (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
+        }
+
+        /* Initialize default unit */
+        r = free_and_strdup(&arg_default_unit, SPECIAL_DEFAULT_TARGET);
+        if (r < 0) {
+                log_emergency_errno(r, "Failed to set default unit %s: %m", SPECIAL_DEFAULT_TARGET);
+                error_message = "Failed to set default unit";
+                goto finish;
+        }
+
+        r = initialize_join_controllers();
+        if (r < 0) {
+                error_message = "Failed to initialize cgroup controllers";
+                goto finish;
+        }
+
+        /* Mount /proc, /sys and friends, so that /proc/cmdline and
+         * /proc/$PID/fd is available. */
+        if (getpid() == 1) {
+
+                /* Load the kernel modules early, so that we kdbus.ko is loaded before kdbusfs shall be mounted */
+                if (!skip_setup)
+                        kmod_setup();
+
+                r = mount_setup(loaded_policy);
+                if (r < 0) {
+                        error_message = "Failed to mount API filesystems";
+                        goto finish;
+                }
+        }
+
+        /* Reset all signal handlers. */
+        (void) reset_all_signal_handlers();
+        (void) ignore_signals(SIGNALS_IGNORE, -1);
+
+        if (parse_config_file() < 0) {
+                error_message = "Failed to parse config file";
+                goto finish;
+        }
+
+        if (arg_system) {
+                r = parse_proc_cmdline(parse_proc_cmdline_item);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
+        }
+
+        /* Note that this also parses bits from the kernel command
+         * line, including "debug". */
+        log_parse_environment();
+
+        if (parse_argv(argc, argv) < 0) {
+                error_message = "Failed to parse commandline arguments";
+                goto finish;
+        }
+
+        if (arg_action == ACTION_TEST &&
+            geteuid() == 0) {
+                log_error("Don't run test mode as root.");
+                goto finish;
+        }
+
+        if (!arg_system &&
+            arg_action == ACTION_RUN &&
+            sd_booted() <= 0) {
+                log_error("Trying to run as user instance, but the system has not been booted with systemd.");
+                goto finish;
+        }
+
+        if (arg_system &&
+            arg_action == ACTION_RUN &&
+            running_in_chroot() > 0) {
+                log_error("Cannot be run in a chroot() environment.");
+                goto finish;
+        }
+
+        if (arg_action == ACTION_TEST)
+                skip_setup = true;
+
+        if (arg_action == ACTION_TEST || arg_action == ACTION_HELP)
+                pager_open(arg_no_pager, false);
+
+        if (arg_action == ACTION_HELP) {
+                retval = help();
+                goto finish;
+        } else if (arg_action == ACTION_VERSION) {
+                retval = version();
+                goto finish;
+        } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
+                unit_dump_config_items(stdout);
+                retval = EXIT_SUCCESS;
+                goto finish;
+        } else if (arg_action == ACTION_DONE) {
+                retval = EXIT_SUCCESS;
+                goto finish;
+        }
+
+        if (!arg_system &&
+            !getenv("XDG_RUNTIME_DIR")) {
+                log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
+                goto finish;
+        }
+
+        assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST);
+
+        /* Close logging fds, in order not to confuse fdset below */
+        log_close();
+
+        /* Remember open file descriptors for later deserialization */
+        r = fdset_new_fill(&fds);
+        if (r < 0) {
+                log_emergency_errno(r, "Failed to allocate fd set: %m");
+                error_message = "Failed to allocate fd set";
+                goto finish;
+        } else
+                fdset_cloexec(fds, true);
+
+        if (arg_serialization)
+                assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
+
+        if (arg_system)
+                /* Become a session leader if we aren't one yet. */
+                setsid();
+
+        /* Move out of the way, so that we won't block unmounts */
+        assert_se(chdir("/") == 0);
+
+        /* Reset the console, but only if this is really init and we
+         * are freshly booted */
+        if (arg_system && arg_action == ACTION_RUN) {
+
+                /* If we are init, we connect stdin/stdout/stderr to
+                 * /dev/null and make sure we don't have a controlling
+                 * tty. */
+                release_terminal();
+
+                if (getpid() == 1 && !skip_setup)
+                        console_setup();
+        }
+
+        /* Open the logging devices, if possible and necessary */
+        log_open();
+
+        if (arg_show_status == _SHOW_STATUS_UNSET)
+                arg_show_status = SHOW_STATUS_YES;
+
+        /* Make sure we leave a core dump without panicing the
+         * kernel. */
+        if (getpid() == 1) {
+                install_crash_handler();
+
+                r = mount_cgroup_controllers(arg_join_controllers);
+                if (r < 0)
+                        goto finish;
+        }
+
+        if (arg_system) {
+                int v;
+
+                log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
+                         arg_action == ACTION_TEST ? "test " : "" );
+
+                v = detect_virtualization();
+                if (v > 0)
+                        log_info("Detected virtualization %s.", virtualization_to_string(v));
+
+                write_container_id();
+
+                log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
+
+                if (in_initrd())
+                        log_info("Running in initial RAM disk.");
+
+                /* Let's check whether /etc is already populated. We
+                 * don't actually really check for that, but use
+                 * /etc/machine-id as flag file. This allows container
+                 * managers and installers to provision a couple of
+                 * files already. If the container manager wants to
+                 * provision the machine ID itself it should pass
+                 * $container_uuid to PID 1. */
+
+                empty_etc = access("/etc/machine-id", F_OK) < 0;
+                if (empty_etc)
+                        log_info("Running with unpopulated /etc.");
+        } else {
+                _cleanup_free_ char *t;
+
+                t = uid_to_name(getuid());
+                log_debug(PACKAGE_STRING " running in %suser mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")",
+                          arg_action == ACTION_TEST ? " test" : "", getuid(), t);
+        }
+
+        if (arg_system && !skip_setup) {
+                if (arg_show_status > 0)
+                        status_welcome();
+
+                hostname_setup();
+                machine_id_setup(NULL, arg_machine_id);
+                loopback_setup();
+                bump_unix_max_dgram_qlen();
+
+                test_usr();
+        }
+
+        if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
+                watchdog_set_timeout(&arg_runtime_watchdog);
+
+        if (arg_timer_slack_nsec != NSEC_INFINITY)
+                if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
+                        log_error_errno(errno, "Failed to adjust timer slack: %m");
+
+        if (!cap_test_all(arg_capability_bounding_set)) {
+                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
+                if (r < 0) {
+                        log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
+                        error_message = "Failed to drop capability bounding set of usermode helpers";
+                        goto finish;
+                }
+                r = capability_bounding_set_drop(arg_capability_bounding_set, true);
+                if (r < 0) {
+                        log_emergency_errno(r, "Failed to drop capability bounding set: %m");
+                        error_message = "Failed to drop capability bounding set";
+                        goto finish;
+                }
+        }
+
+        if (arg_syscall_archs) {
+                r = enforce_syscall_archs(arg_syscall_archs);
+                if (r < 0) {
+                        error_message = "Failed to set syscall architectures";
+                        goto finish;
+                }
+        }
+
+        if (!arg_system)
+                /* Become reaper of our children */
+                if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
+                        log_warning_errno(errno, "Failed to make us a subreaper: %m");
+
+        if (arg_system) {
+                bump_rlimit_nofile(&saved_rlimit_nofile);
+
+                if (empty_etc) {
+                        r = unit_file_preset_all(UNIT_FILE_SYSTEM, false, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, false, NULL, 0);
+                        if (r < 0)
+                                log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r, "Failed to populate /etc with preset unit settings, ignoring: %m");
+                        else
+                                log_info("Populated /etc with preset unit settings.");
+                }
+        }
+
+        r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m);
+        if (r < 0) {
+                log_emergency_errno(r, "Failed to allocate manager object: %m");
+                error_message = "Failed to allocate manager object";
+                goto finish;
+        }
+
+        m->confirm_spawn = arg_confirm_spawn;
+        m->runtime_watchdog = arg_runtime_watchdog;
+        m->shutdown_watchdog = arg_shutdown_watchdog;
+        m->userspace_timestamp = userspace_timestamp;
+        m->kernel_timestamp = kernel_timestamp;
+        m->initrd_timestamp = initrd_timestamp;
+        m->security_start_timestamp = security_start_timestamp;
+        m->security_finish_timestamp = security_finish_timestamp;
+
+        manager_set_defaults(m);
+        manager_set_show_status(m, arg_show_status);
+        manager_set_first_boot(m, empty_etc);
+
+        /* Remember whether we should queue the default job */
+        queue_default_job = !arg_serialization || arg_switched_root;
+
+        before_startup = now(CLOCK_MONOTONIC);
+
+        r = manager_startup(m, arg_serialization, fds);
+        if (r < 0)
+                log_error_errno(r, "Failed to fully start up daemon: %m");
+
+        /* This will close all file descriptors that were opened, but
+         * not claimed by any unit. */
+        fds = fdset_free(fds);
+
+        arg_serialization = safe_fclose(arg_serialization);
+
+        if (queue_default_job) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                Unit *target = NULL;
+                Job *default_unit_job;
+
+                log_debug("Activating default unit: %s", arg_default_unit);
+
+                r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
+                if (r < 0)
+                        log_error("Failed to load default target: %s", bus_error_message(&error, r));
+                else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND)
+                        log_error_errno(target->load_error, "Failed to load default target: %m");
+                else if (target->load_state == UNIT_MASKED)
+                        log_error("Default target masked.");
+
+                if (!target || target->load_state != UNIT_LOADED) {
+                        log_info("Trying to load rescue target...");
+
+                        r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
+                        if (r < 0) {
+                                log_emergency("Failed to load rescue target: %s", bus_error_message(&error, r));
+                                error_message = "Failed to load rescue target";
+                                goto finish;
+                        } else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND) {
+                                log_emergency_errno(target->load_error, "Failed to load rescue target: %m");
+                                error_message = "Failed to load rescue target";
+                                goto finish;
+                        } else if (target->load_state == UNIT_MASKED) {
+                                log_emergency("Rescue target masked.");
+                                error_message = "Rescue target masked";
+                                goto finish;
+                        }
+                }
+
+                assert(target->load_state == UNIT_LOADED);
+
+                if (arg_action == ACTION_TEST) {
+                        printf("-> By units:\n");
+                        manager_dump_units(m, stdout, "\t");
+                }
+
+                r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, &error, &default_unit_job);
+                if (r == -EPERM) {
+                        log_debug("Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
+
+                        sd_bus_error_free(&error);
+
+                        r = manager_add_job(m, JOB_START, target, JOB_REPLACE, &error, &default_unit_job);
+                        if (r < 0) {
+                                log_emergency("Failed to start default target: %s", bus_error_message(&error, r));
+                                error_message = "Failed to start default target";
+                                goto finish;
+                        }
+                } else if (r < 0) {
+                        log_emergency("Failed to isolate default target: %s", bus_error_message(&error, r));
+                        error_message = "Failed to isolate default target";
+                        goto finish;
+                }
+
+                m->default_unit_job_id = default_unit_job->id;
+
+                after_startup = now(CLOCK_MONOTONIC);
+                log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
+                         "Loaded units and determined initial transaction in %s.",
+                         format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
+
+                if (arg_action == ACTION_TEST) {
+                        printf("-> By jobs:\n");
+                        manager_dump_jobs(m, stdout, "\t");
+                        retval = EXIT_SUCCESS;
+                        goto finish;
+                }
+        }
+
+        for (;;) {
+                r = manager_loop(m);
+                if (r < 0) {
+                        log_emergency_errno(r, "Failed to run main loop: %m");
+                        error_message = "Failed to run main loop";
+                        goto finish;
+                }
+
+                switch (m->exit_code) {
+
+                case MANAGER_RELOAD:
+                        log_info("Reloading.");
+
+                        r = parse_config_file();
+                        if (r < 0)
+                                log_error("Failed to parse config file.");
+
+                        manager_set_defaults(m);
+
+                        r = manager_reload(m);
+                        if (r < 0)
+                                log_error_errno(r, "Failed to reload: %m");
+                        break;
+
+                case MANAGER_REEXECUTE:
+
+                        if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0) {
+                                error_message = "Failed to prepare for reexecution";
+                                goto finish;
+                        }
+
+                        reexecute = true;
+                        log_notice("Reexecuting.");
+                        goto finish;
+
+                case MANAGER_SWITCH_ROOT:
+                        /* Steal the switch root parameters */
+                        switch_root_dir = m->switch_root;
+                        switch_root_init = m->switch_root_init;
+                        m->switch_root = m->switch_root_init = NULL;
+
+                        if (!switch_root_init)
+                                if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0) {
+                                        error_message = "Failed to prepare for reexecution";
+                                        goto finish;
+                                }
+
+                        reexecute = true;
+                        log_notice("Switching root.");
+                        goto finish;
+
+                case MANAGER_EXIT:
+                        retval = m->return_value;
+
+                        if (MANAGER_IS_USER(m)) {
+                                log_debug("Exit.");
+                                goto finish;
+                        }
+
+                        /* fallthrough */
+                case MANAGER_REBOOT:
+                case MANAGER_POWEROFF:
+                case MANAGER_HALT:
+                case MANAGER_KEXEC: {
+                        static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
+                                [MANAGER_EXIT] = "exit",
+                                [MANAGER_REBOOT] = "reboot",
+                                [MANAGER_POWEROFF] = "poweroff",
+                                [MANAGER_HALT] = "halt",
+                                [MANAGER_KEXEC] = "kexec"
+                        };
+
+                        assert_se(shutdown_verb = table[m->exit_code]);
+                        arm_reboot_watchdog = m->exit_code == MANAGER_REBOOT;
+
+                        log_notice("Shutting down.");
+                        goto finish;
+                }
+
+                default:
+                        assert_not_reached("Unknown exit code.");
+                }
+        }
+
+finish:
+        pager_close();
+
+        if (m)
+                arg_shutdown_watchdog = m->shutdown_watchdog;
+
+        m = manager_free(m);
+
+        for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++)
+                arg_default_rlimit[j] = mfree(arg_default_rlimit[j]);
+
+        arg_default_unit = mfree(arg_default_unit);
+        arg_join_controllers = strv_free_free(arg_join_controllers);
+        arg_default_environment = strv_free(arg_default_environment);
+        arg_syscall_archs = set_free(arg_syscall_archs);
+
+        mac_selinux_finish();
+
+        if (reexecute) {
+                const char **args;
+                unsigned i, args_size;
+
+                /* Close and disarm the watchdog, so that the new
+                 * instance can reinitialize it, but doesn't get
+                 * rebooted while we do that */
+                watchdog_close(true);
+
+                /* Reset the RLIMIT_NOFILE to the kernel default, so
+                 * that the new systemd can pass the kernel default to
+                 * its child processes */
+                if (saved_rlimit_nofile.rlim_cur > 0)
+                        (void) setrlimit(RLIMIT_NOFILE, &saved_rlimit_nofile);
+
+                if (switch_root_dir) {
+                        /* Kill all remaining processes from the
+                         * initrd, but don't wait for them, so that we
+                         * can handle the SIGCHLD for them after
+                         * deserializing. */
+                        broadcast_signal(SIGTERM, false, true);
+
+                        /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
+                        r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
+                        if (r < 0)
+                                log_error_errno(r, "Failed to switch root, trying to continue: %m");
+                }
+
+                args_size = MAX(6, argc+1);
+                args = newa(const char*, args_size);
+
+                if (!switch_root_init) {
+                        char sfd[DECIMAL_STR_MAX(int) + 1];
+
+                        /* First try to spawn ourselves with the right
+                         * path, and with full serialization. We do
+                         * this only if the user didn't specify an
+                         * explicit init to spawn. */
+
+                        assert(arg_serialization);
+                        assert(fds);
+
+                        xsprintf(sfd, "%i", fileno(arg_serialization));
+
+                        i = 0;
+                        args[i++] = SYSTEMD_BINARY_PATH;
+                        if (switch_root_dir)
+                                args[i++] = "--switched-root";
+                        args[i++] = arg_system ? "--system" : "--user";
+                        args[i++] = "--deserialize";
+                        args[i++] = sfd;
+                        args[i++] = NULL;
+
+                        /* do not pass along the environment we inherit from the kernel or initrd */
+                        if (switch_root_dir)
+                                (void) clearenv();
+
+                        assert(i <= args_size);
+
+                        /*
+                         * We want valgrind to print its memory usage summary before reexecution.
+                         * Valgrind won't do this is on its own on exec(), but it will do it on exit().
+                         * Hence, to ensure we get a summary here, fork() off a child, let it exit() cleanly,
+                         * so that it prints the summary, and wait() for it in the parent, before proceeding into the exec().
+                         */
+                        valgrind_summary_hack();
+
+                        (void) execv(args[0], (char* const*) args);
+                }
+
+                /* Try the fallback, if there is any, without any
+                 * serialization. We pass the original argv[] and
+                 * envp[]. (Well, modulo the ordering changes due to
+                 * getopt() in argv[], and some cleanups in envp[],
+                 * but let's hope that doesn't matter.) */
+
+                arg_serialization = safe_fclose(arg_serialization);
+                fds = fdset_free(fds);
+
+                /* Reopen the console */
+                (void) make_console_stdio();
+
+                for (j = 1, i = 1; j < (unsigned) argc; j++)
+                        args[i++] = argv[j];
+                args[i++] = NULL;
+                assert(i <= args_size);
+
+                /* Reenable any blocked signals, especially important
+                 * if we switch from initial ramdisk to init=... */
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+
+                if (switch_root_init) {
+                        args[0] = switch_root_init;
+                        (void) execv(args[0], (char* const*) args);
+                        log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
+                }
+
+                args[0] = "/sbin/init";
+                (void) execv(args[0], (char* const*) args);
+
+                if (errno == ENOENT) {
+                        log_warning("No /sbin/init, trying fallback");
+
+                        args[0] = "/bin/sh";
+                        args[1] = NULL;
+                        (void) execv(args[0], (char* const*) args);
+                        log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
+                } else
+                        log_warning_errno(errno, "Failed to execute /sbin/init, giving up: %m");
+        }
+
+        arg_serialization = safe_fclose(arg_serialization);
+        fds = fdset_free(fds);
+
+#ifdef HAVE_VALGRIND_VALGRIND_H
+        /* If we are PID 1 and running under valgrind, then let's exit
+         * here explicitly. valgrind will only generate nice output on
+         * exit(), not on exec(), hence let's do the former not the
+         * latter here. */
+        if (getpid() == 1 && RUNNING_ON_VALGRIND)
+                return 0;
+#endif
+
+        if (shutdown_verb) {
+                char log_level[DECIMAL_STR_MAX(int) + 1];
+                char exit_code[DECIMAL_STR_MAX(uint8_t) + 1];
+                const char* command_line[11] = {
+                        SYSTEMD_SHUTDOWN_BINARY_PATH,
+                        shutdown_verb,
+                        "--log-level", log_level,
+                        "--log-target",
+                };
+                unsigned pos = 5;
+                _cleanup_strv_free_ char **env_block = NULL;
+
+                assert(command_line[pos] == NULL);
+                env_block = strv_copy(environ);
+
+                xsprintf(log_level, "%d", log_get_max_level());
+
+                switch (log_get_target()) {
+
+                case LOG_TARGET_KMSG:
+                case LOG_TARGET_JOURNAL_OR_KMSG:
+                case LOG_TARGET_SYSLOG_OR_KMSG:
+                        command_line[pos++] = "kmsg";
+                        break;
+
+                case LOG_TARGET_NULL:
+                        command_line[pos++] = "null";
+                        break;
+
+                case LOG_TARGET_CONSOLE:
+                default:
+                        command_line[pos++] = "console";
+                        break;
+                };
+
+                if (log_get_show_color())
+                        command_line[pos++] = "--log-color";
+
+                if (log_get_show_location())
+                        command_line[pos++] = "--log-location";
+
+                if (streq(shutdown_verb, "exit")) {
+                        command_line[pos++] = "--exit-code";
+                        command_line[pos++] = exit_code;
+                        xsprintf(exit_code, "%d", retval);
+                }
+
+                assert(pos < ELEMENTSOF(command_line));
+
+                if (arm_reboot_watchdog && arg_shutdown_watchdog > 0 && arg_shutdown_watchdog != USEC_INFINITY) {
+                        char *e;
+
+                        /* If we reboot let's set the shutdown
+                         * watchdog and tell the shutdown binary to
+                         * repeatedly ping it */
+                        r = watchdog_set_timeout(&arg_shutdown_watchdog);
+                        watchdog_close(r < 0);
+
+                        /* Tell the binary how often to ping, ignore failure */
+                        if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
+                                (void) strv_push(&env_block, e);
+                } else
+                        watchdog_close(true);
+
+                /* Avoid the creation of new processes forked by the
+                 * kernel; at this point, we will not listen to the
+                 * signals anyway */
+                if (detect_container() <= 0)
+                        (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
+
+                execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
+                log_error_errno(errno, "Failed to execute shutdown binary, %s: %m",
+                          getpid() == 1 ? "freezing" : "quitting");
+        }
+
+        if (getpid() == 1) {
+                if (error_message)
+                        manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
+                                              ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
+                                              "%s, freezing.", error_message);
+                freeze_or_reboot();
+        }
+
+        return retval;
+}
diff --git a/src/core/org.freedesktop.systemd1.conf b/src/grp-system/systemd/org.freedesktop.systemd1.conf
index 3c64f20872..3c64f20872 100644
--- a/src/core/org.freedesktop.systemd1.conf
+++ b/src/grp-system/systemd/org.freedesktop.systemd1.conf
diff --git a/src/core/org.freedesktop.systemd1.policy.in.in b/src/grp-system/systemd/org.freedesktop.systemd1.policy.in.in
index cc39a9e1c3..cc39a9e1c3 100644
--- a/src/core/org.freedesktop.systemd1.policy.in.in
+++ b/src/grp-system/systemd/org.freedesktop.systemd1.policy.in.in
diff --git a/src/core/org.freedesktop.systemd1.service b/src/grp-system/systemd/org.freedesktop.systemd1.service
index d4df3e93a2..d4df3e93a2 100644
--- a/src/core/org.freedesktop.systemd1.service
+++ b/src/grp-system/systemd/org.freedesktop.systemd1.service
diff --git a/src/core/system.conf b/src/grp-system/systemd/system.conf
index db8b7acd78..db8b7acd78 100644
--- a/src/core/system.conf
+++ b/src/grp-system/systemd/system.conf
diff --git a/src/core/systemd.pc.in b/src/grp-system/systemd/systemd.pc.in
index ac52b30dd3..ac52b30dd3 100644
--- a/src/core/systemd.pc.in
+++ b/src/grp-system/systemd/systemd.pc.in
diff --git a/src/core/triggers.systemd.in b/src/grp-system/systemd/triggers.systemd.in
index 0d8c303136..0d8c303136 100644
--- a/src/core/triggers.systemd.in
+++ b/src/grp-system/systemd/triggers.systemd.in
diff --git a/src/core/user.conf b/src/grp-system/systemd/user.conf
index b427f1ef6d..b427f1ef6d 100644
--- a/src/core/user.conf
+++ b/src/grp-system/systemd/user.conf
diff --git a/src/grp-timedate/Makefile b/src/grp-timedate/Makefile
new file mode 100644
index 0000000000..bb8be753da
--- /dev/null
+++ b/src/grp-timedate/Makefile
@@ -0,0 +1,28 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += timedatectl systemd-timedated
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/timedate/.gitignore b/src/grp-timedate/systemd-timedated/.gitignore
index 48757f0968..48757f0968 100644
--- a/src/timedate/.gitignore
+++ b/src/grp-timedate/systemd-timedated/.gitignore
diff --git a/src/grp-timedate/systemd-timedated/Makefile b/src/grp-timedate/systemd-timedated/Makefile
new file mode 100644
index 0000000000..798e3ba5a4
--- /dev/null
+++ b/src/grp-timedate/systemd-timedated/Makefile
@@ -0,0 +1,65 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_TIMEDATED),)
+systemd_timedated_SOURCES = \
+	src/timedate/timedated.c
+
+systemd_timedated_LDADD = \
+	libshared.la
+
+rootlibexec_PROGRAMS += \
+	systemd-timedated
+
+dist_dbussystemservice_DATA += \
+	src/timedate/org.freedesktop.timedate1.service
+
+dist_dbuspolicy_DATA += \
+	src/timedate/org.freedesktop.timedate1.conf
+
+nodist_systemunit_DATA += \
+	units/systemd-timedated.service
+
+dist_systemunit_DATA_busnames += \
+	units/org.freedesktop.timedate1.busname
+
+polkitpolicy_files += \
+	src/timedate/org.freedesktop.timedate1.policy
+
+SYSTEM_UNIT_ALIASES += \
+	systemd-timedated.service dbus-org.freedesktop.timedate1.service
+
+BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.timedate1.busname
+
+endif # ENABLE_TIMEDATED
+
+polkitpolicy_in_files += \
+	src/timedate/org.freedesktop.timedate1.policy.in
+
+EXTRA_DIST += \
+	units/systemd-timedated.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/timedate/org.freedesktop.timedate1.conf b/src/grp-timedate/systemd-timedated/org.freedesktop.timedate1.conf
index 36557d5841..36557d5841 100644
--- a/src/timedate/org.freedesktop.timedate1.conf
+++ b/src/grp-timedate/systemd-timedated/org.freedesktop.timedate1.conf
diff --git a/src/timedate/org.freedesktop.timedate1.policy.in b/src/grp-timedate/systemd-timedated/org.freedesktop.timedate1.policy.in
index aa30b70831..aa30b70831 100644
--- a/src/timedate/org.freedesktop.timedate1.policy.in
+++ b/src/grp-timedate/systemd-timedated/org.freedesktop.timedate1.policy.in
diff --git a/src/timedate/org.freedesktop.timedate1.service b/src/grp-timedate/systemd-timedated/org.freedesktop.timedate1.service
index 875f4bec78..875f4bec78 100644
--- a/src/timedate/org.freedesktop.timedate1.service
+++ b/src/grp-timedate/systemd-timedated/org.freedesktop.timedate1.service
diff --git a/src/grp-timedate/systemd-timedated/timedated.c b/src/grp-timedate/systemd-timedated/timedated.c
new file mode 100644
index 0000000000..51a13fcf49
--- /dev/null
+++ b/src/grp-timedate/systemd-timedated/timedated.c
@@ -0,0 +1,747 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "clock-util.h"
+#include "def.h"
+#include "fileio-label.h"
+#include "fs-util.h"
+#include "path-util.h"
+#include "selinux-util.h"
+#include "strv.h"
+#include "user-util.h"
+#include "util.h"
+
+#define NULL_ADJTIME_UTC "0.0 0 0\n0\nUTC\n"
+#define NULL_ADJTIME_LOCAL "0.0 0 0\n0\nLOCAL\n"
+
+static BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map timedated_errors[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.timedate1.NoNTPSupport", EOPNOTSUPP),
+        SD_BUS_ERROR_MAP_END
+};
+
+typedef struct Context {
+        char *zone;
+        bool local_rtc;
+        bool can_ntp;
+        bool use_ntp;
+        Hashmap *polkit_registry;
+} Context;
+
+static void context_free(Context *c) {
+        assert(c);
+
+        free(c->zone);
+        bus_verify_polkit_async_registry_free(c->polkit_registry);
+}
+
+static int context_read_data(Context *c) {
+        _cleanup_free_ char *t = NULL;
+        int r;
+
+        assert(c);
+
+        r = get_timezone(&t);
+        if (r == -EINVAL)
+                log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /usr/share/zoneinfo/.");
+        else if (r < 0)
+                log_warning_errno(r, "Failed to get target of /etc/localtime: %m");
+
+        free(c->zone);
+        c->zone = t;
+        t = NULL;
+
+        c->local_rtc = clock_is_localtime(NULL) > 0;
+
+        return 0;
+}
+
+static int context_write_data_timezone(Context *c) {
+        _cleanup_free_ char *p = NULL;
+        int r = 0;
+
+        assert(c);
+
+        if (isempty(c->zone)) {
+                if (unlink("/etc/localtime") < 0 && errno != ENOENT)
+                        r = -errno;
+
+                return r;
+        }
+
+        p = strappend("../usr/share/zoneinfo/", c->zone);
+        if (!p)
+                return log_oom();
+
+        r = symlink_atomic(p, "/etc/localtime");
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int context_write_data_local_rtc(Context *c) {
+        int r;
+        _cleanup_free_ char *s = NULL, *w = NULL;
+
+        assert(c);
+
+        r = read_full_file("/etc/adjtime", &s, NULL);
+        if (r < 0) {
+                if (r != -ENOENT)
+                        return r;
+
+                if (!c->local_rtc)
+                        return 0;
+
+                w = strdup(NULL_ADJTIME_LOCAL);
+                if (!w)
+                        return -ENOMEM;
+        } else {
+                char *p;
+                const char *e = "\n"; /* default if there is less than 3 lines */
+                const char *prepend = "";
+                size_t a, b;
+
+                p = strchrnul(s, '\n');
+                if (*p == '\0')
+                        /* only one line, no \n terminator */
+                        prepend = "\n0\n";
+                else if (p[1] == '\0') {
+                        /* only one line, with \n terminator */
+                        ++p;
+                        prepend = "0\n";
+                } else {
+                        p = strchr(p+1, '\n');
+                        if (!p) {
+                                /* only two lines, no \n terminator */
+                                prepend = "\n";
+                                p = s + strlen(s);
+                        } else {
+                                char *end;
+                                /* third line might have a \n terminator or not */
+                                p++;
+                                end = strchr(p, '\n');
+                                /* if we actually have a fourth line, use that as suffix "e", otherwise the default \n */
+                                if (end)
+                                        e = end;
+                        }
+                }
+
+                a = p - s;
+                b = strlen(e);
+
+                w = new(char, a + (c->local_rtc ? 5 : 3) + strlen(prepend) + b + 1);
+                if (!w)
+                        return -ENOMEM;
+
+                *(char*) mempcpy(stpcpy(stpcpy(mempcpy(w, s, a), prepend), c->local_rtc ? "LOCAL" : "UTC"), e, b) = 0;
+
+                if (streq(w, NULL_ADJTIME_UTC)) {
+                        if (unlink("/etc/adjtime") < 0)
+                                if (errno != ENOENT)
+                                        return -errno;
+
+                        return 0;
+                }
+        }
+
+        mac_selinux_init();
+        return write_string_file_atomic_label("/etc/adjtime", w);
+}
+
+static int context_read_ntp(Context *c, sd_bus *bus) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        const char *s;
+        int r;
+
+        assert(c);
+        assert(bus);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "GetUnitFileState",
+                        &error,
+                        &reply,
+                        "s",
+                        "systemd-timesyncd.service");
+
+        if (r < 0) {
+                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_FILE_NOT_FOUND) ||
+                    sd_bus_error_has_name(&error, "org.freedesktop.systemd1.LoadFailed") ||
+                    sd_bus_error_has_name(&error, "org.freedesktop.systemd1.NoSuchUnit"))
+                        return 0;
+
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "s", &s);
+        if (r < 0)
+                return r;
+
+        c->can_ntp = true;
+        c->use_ntp = STR_IN_SET(s, "enabled", "enabled-runtime");
+
+        return 0;
+}
+
+static int context_start_ntp(sd_bus *bus, sd_bus_error *error, bool enabled) {
+        int r;
+
+        assert(bus);
+        assert(error);
+
+        r = sd_bus_call_method(
+                bus,
+                "org.freedesktop.systemd1",
+                "/org/freedesktop/systemd1",
+                "org.freedesktop.systemd1.Manager",
+                enabled ? "StartUnit" : "StopUnit",
+                error,
+                NULL,
+                "ss",
+                "systemd-timesyncd.service",
+                "replace");
+        if (r < 0) {
+                if (sd_bus_error_has_name(error, SD_BUS_ERROR_FILE_NOT_FOUND) ||
+                    sd_bus_error_has_name(error, "org.freedesktop.systemd1.LoadFailed") ||
+                    sd_bus_error_has_name(error, "org.freedesktop.systemd1.NoSuchUnit"))
+                        return sd_bus_error_set_const(error, "org.freedesktop.timedate1.NoNTPSupport", "NTP not supported.");
+
+                return r;
+        }
+
+        return 0;
+}
+
+static int context_enable_ntp(sd_bus *bus, sd_bus_error *error, bool enabled) {
+        int r;
+
+        assert(bus);
+        assert(error);
+
+        if (enabled)
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "EnableUnitFiles",
+                                error,
+                                NULL,
+                                "asbb", 1,
+                                "systemd-timesyncd.service",
+                                false, true);
+        else
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                "/org/freedesktop/systemd1",
+                                "org.freedesktop.systemd1.Manager",
+                                "DisableUnitFiles",
+                                error,
+                                NULL,
+                                "asb", 1,
+                                "systemd-timesyncd.service",
+                                false);
+
+        if (r < 0) {
+                if (sd_bus_error_has_name(error, SD_BUS_ERROR_FILE_NOT_FOUND))
+                        return sd_bus_error_set_const(error, "org.freedesktop.timedate1.NoNTPSupport", "NTP not supported.");
+
+                return r;
+        }
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "Reload",
+                        error,
+                        NULL,
+                        NULL);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int property_get_rtc_time(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        struct tm tm;
+        usec_t t;
+        int r;
+
+        zero(tm);
+        r = clock_get_hwclock(&tm);
+        if (r == -EBUSY) {
+                log_warning("/dev/rtc is busy. Is somebody keeping it open continuously? That's not a good idea... Returning a bogus RTC timestamp.");
+                t = 0;
+        } else if (r == -ENOENT) {
+                log_debug("/dev/rtc not found.");
+                t = 0; /* no RTC found */
+        } else if (r < 0)
+                return sd_bus_error_set_errnof(error, r, "Failed to read RTC: %m");
+        else
+                t = (usec_t) timegm(&tm) * USEC_PER_SEC;
+
+        return sd_bus_message_append(reply, "t", t);
+}
+
+static int property_get_time(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        return sd_bus_message_append(reply, "t", now(CLOCK_REALTIME));
+}
+
+static int property_get_ntp_sync(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        return sd_bus_message_append(reply, "b", ntp_synced());
+}
+
+static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        Context *c = userdata;
+        const char *z;
+        int interactive;
+        char *t;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        r = sd_bus_message_read(m, "sb", &z, &interactive);
+        if (r < 0)
+                return r;
+
+        if (!timezone_is_valid(z))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid time zone '%s'", z);
+
+        if (streq_ptr(z, c->zone))
+                return sd_bus_reply_method_return(m, NULL);
+
+        r = bus_verify_polkit_async(
+                        m,
+                        CAP_SYS_TIME,
+                        "org.freedesktop.timedate1.set-timezone",
+                        NULL,
+                        interactive,
+                        UID_INVALID,
+                        &c->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        t = strdup(z);
+        if (!t)
+                return -ENOMEM;
+
+        free(c->zone);
+        c->zone = t;
+
+        /* 1. Write new configuration file */
+        r = context_write_data_timezone(c);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set time zone: %m");
+                return sd_bus_error_set_errnof(error, r, "Failed to set time zone: %m");
+        }
+
+        /* 2. Tell the kernel our timezone */
+        clock_set_timezone(NULL);
+
+        if (c->local_rtc) {
+                struct timespec ts;
+                struct tm *tm;
+
+                /* 3. Sync RTC from system clock, with the new delta */
+                assert_se(clock_gettime(CLOCK_REALTIME, &ts) == 0);
+                assert_se(tm = localtime(&ts.tv_sec));
+                clock_set_hwclock(tm);
+        }
+
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_TIMEZONE_CHANGE),
+                   "TIMEZONE=%s", c->zone,
+                   LOG_MESSAGE("Changed time zone to '%s'.", c->zone),
+                   NULL);
+
+        (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "Timezone", NULL);
+
+        return sd_bus_reply_method_return(m, NULL);
+}
+
+static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int lrtc, fix_system, interactive;
+        Context *c = userdata;
+        struct timespec ts;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        r = sd_bus_message_read(m, "bbb", &lrtc, &fix_system, &interactive);
+        if (r < 0)
+                return r;
+
+        if (lrtc == c->local_rtc)
+                return sd_bus_reply_method_return(m, NULL);
+
+        r = bus_verify_polkit_async(
+                        m,
+                        CAP_SYS_TIME,
+                        "org.freedesktop.timedate1.set-local-rtc",
+                        NULL,
+                        interactive,
+                        UID_INVALID,
+                        &c->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1;
+
+        c->local_rtc = lrtc;
+
+        /* 1. Write new configuration file */
+        r = context_write_data_local_rtc(c);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set RTC to local/UTC: %m");
+                return sd_bus_error_set_errnof(error, r, "Failed to set RTC to local/UTC: %m");
+        }
+
+        /* 2. Tell the kernel our timezone */
+        clock_set_timezone(NULL);
+
+        /* 3. Synchronize clocks */
+        assert_se(clock_gettime(CLOCK_REALTIME, &ts) == 0);
+
+        if (fix_system) {
+                struct tm tm;
+
+                /* Sync system clock from RTC; first,
+                 * initialize the timezone fields of
+                 * struct tm. */
+                if (c->local_rtc)
+                        tm = *localtime(&ts.tv_sec);
+                else
+                        tm = *gmtime(&ts.tv_sec);
+
+                /* Override the main fields of
+                 * struct tm, but not the timezone
+                 * fields */
+                if (clock_get_hwclock(&tm) >= 0) {
+
+                        /* And set the system clock
+                         * with this */
+                        if (c->local_rtc)
+                                ts.tv_sec = mktime(&tm);
+                        else
+                                ts.tv_sec = timegm(&tm);
+
+                        clock_settime(CLOCK_REALTIME, &ts);
+                }
+
+        } else {
+                struct tm *tm;
+
+                /* Sync RTC from system clock */
+                if (c->local_rtc)
+                        tm = localtime(&ts.tv_sec);
+                else
+                        tm = gmtime(&ts.tv_sec);
+
+                clock_set_hwclock(tm);
+        }
+
+        log_info("RTC configured to %s time.", c->local_rtc ? "local" : "UTC");
+
+        (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "LocalRTC", NULL);
+
+        return sd_bus_reply_method_return(m, NULL);
+}
+
+static int method_set_time(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int relative, interactive;
+        Context *c = userdata;
+        int64_t utc;
+        struct timespec ts;
+        usec_t start;
+        struct tm* tm;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        if (c->use_ntp)
+                return sd_bus_error_setf(error, BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED, "Automatic time synchronization is enabled");
+
+        /* this only gets used if dbus does not provide a timestamp */
+        start = now(CLOCK_MONOTONIC);
+
+        r = sd_bus_message_read(m, "xbb", &utc, &relative, &interactive);
+        if (r < 0)
+                return r;
+
+        if (!relative && utc <= 0)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid absolute time");
+
+        if (relative && utc == 0)
+                return sd_bus_reply_method_return(m, NULL);
+
+        if (relative) {
+                usec_t n, x;
+
+                n = now(CLOCK_REALTIME);
+                x = n + utc;
+
+                if ((utc > 0 && x < n) ||
+                    (utc < 0 && x > n))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Time value overflow");
+
+                timespec_store(&ts, x);
+        } else
+                timespec_store(&ts, (usec_t) utc);
+
+        r = bus_verify_polkit_async(
+                        m,
+                        CAP_SYS_TIME,
+                        "org.freedesktop.timedate1.set-time",
+                        NULL,
+                        interactive,
+                        UID_INVALID,
+                        &c->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1;
+
+        /* adjust ts for time spent in program */
+        r = sd_bus_message_get_monotonic_usec(m, &start);
+        /* when sd_bus_message_get_monotonic_usec() returns -ENODATA it does not modify &start */
+        if (r < 0 && r != -ENODATA)
+                return r;
+
+        timespec_store(&ts, timespec_load(&ts) + (now(CLOCK_MONOTONIC) - start));
+
+        /* Set system clock */
+        if (clock_settime(CLOCK_REALTIME, &ts) < 0) {
+                log_error_errno(errno, "Failed to set local time: %m");
+                return sd_bus_error_set_errnof(error, errno, "Failed to set local time: %m");
+        }
+
+        /* Sync down to RTC */
+        if (c->local_rtc)
+                tm = localtime(&ts.tv_sec);
+        else
+                tm = gmtime(&ts.tv_sec);
+        clock_set_hwclock(tm);
+
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_TIME_CHANGE),
+                   "REALTIME="USEC_FMT, timespec_load(&ts),
+                   LOG_MESSAGE("Changed local time to %s", ctime(&ts.tv_sec)),
+                   NULL);
+
+        return sd_bus_reply_method_return(m, NULL);
+}
+
+static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int enabled, interactive;
+        Context *c = userdata;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        r = sd_bus_message_read(m, "bb", &enabled, &interactive);
+        if (r < 0)
+                return r;
+
+        if ((bool)enabled == c->use_ntp)
+                return sd_bus_reply_method_return(m, NULL);
+
+        r = bus_verify_polkit_async(
+                        m,
+                        CAP_SYS_TIME,
+                        "org.freedesktop.timedate1.set-ntp",
+                        NULL,
+                        interactive,
+                        UID_INVALID,
+                        &c->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1;
+
+        r = context_enable_ntp(sd_bus_message_get_bus(m), error, enabled);
+        if (r < 0)
+                return r;
+
+        r = context_start_ntp(sd_bus_message_get_bus(m), error, enabled);
+        if (r < 0)
+                return r;
+
+        c->use_ntp = enabled;
+        log_info("Set NTP to %s", enabled ? "enabled" : "disabled");
+
+        (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "NTP", NULL);
+
+        return sd_bus_reply_method_return(m, NULL);
+}
+
+static const sd_bus_vtable timedate_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_PROPERTY("Timezone", "s", NULL, offsetof(Context, zone), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("LocalRTC", "b", bus_property_get_bool, offsetof(Context, local_rtc), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("CanNTP", "b", bus_property_get_bool, offsetof(Context, can_ntp), 0),
+        SD_BUS_PROPERTY("NTP", "b", bus_property_get_bool, offsetof(Context, use_ntp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("NTPSynchronized", "b", property_get_ntp_sync, 0, 0),
+        SD_BUS_PROPERTY("TimeUSec", "t", property_get_time, 0, 0),
+        SD_BUS_PROPERTY("RTCTimeUSec", "t", property_get_rtc_time, 0, 0),
+        SD_BUS_METHOD("SetTime", "xbb", NULL, method_set_time, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetTimezone", "sb", NULL, method_set_timezone, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetLocalRTC", "bbb", NULL, method_set_local_rtc, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetNTP", "bb", NULL, method_set_ntp, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_VTABLE_END,
+};
+
+static int connect_bus(Context *c, sd_event *event, sd_bus **_bus) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        assert(c);
+        assert(event);
+        assert(_bus);
+
+        r = sd_bus_default_system(&bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get system bus connection: %m");
+
+        r = sd_bus_add_object_vtable(bus, NULL, "/org/freedesktop/timedate1", "org.freedesktop.timedate1", timedate_vtable, c);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register object: %m");
+
+        r = sd_bus_request_name(bus, "org.freedesktop.timedate1", 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register name: %m");
+
+        r = sd_bus_attach_event(bus, event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to attach bus to event loop: %m");
+
+        *_bus = bus;
+        bus = NULL;
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        Context context = {};
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (argc != 1) {
+                log_error("This program takes no arguments.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        r = sd_event_default(&event);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate event loop: %m");
+                goto finish;
+        }
+
+        sd_event_set_watchdog(event, true);
+
+        r = connect_bus(&context, event, &bus);
+        if (r < 0)
+                goto finish;
+
+        (void) sd_bus_negotiate_timestamp(bus, true);
+
+        r = context_read_data(&context);
+        if (r < 0) {
+                log_error_errno(r, "Failed to read time zone data: %m");
+                goto finish;
+        }
+
+        r = context_read_ntp(&context, bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to determine whether NTP is enabled: %m");
+                goto finish;
+        }
+
+        r = bus_event_loop_with_idle(event, bus, "org.freedesktop.timedate1", DEFAULT_EXIT_USEC, NULL, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Failed to run event loop: %m");
+                goto finish;
+        }
+
+finish:
+        context_free(&context);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-timedate/timedatectl/Makefile b/src/grp-timedate/timedatectl/Makefile
new file mode 100644
index 0000000000..c1be945443
--- /dev/null
+++ b/src/grp-timedate/timedatectl/Makefile
@@ -0,0 +1,42 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_TIMEDATED),)
+timedatectl_SOURCES = \
+	src/timedate/timedatectl.c
+
+timedatectl_LDADD = \
+	libshared.la
+
+bin_PROGRAMS += \
+	timedatectl
+
+dist_bashcompletion_data += \
+	shell-completion/bash/timedatectl
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_timedatectl
+endif # ENABLE_TIMEDATED
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-timedate/timedatectl/timedatectl.c b/src/grp-timedate/timedatectl/timedatectl.c
new file mode 100644
index 0000000000..1fd542fb49
--- /dev/null
+++ b/src/grp-timedate/timedatectl/timedatectl.c
@@ -0,0 +1,506 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+  Copyright 2013 Kay Sievers
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+#include <locale.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-error.h"
+#include "bus-util.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "spawn-polkit-agent.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "util.h"
+
+static bool arg_no_pager = false;
+static bool arg_ask_password = true;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static char *arg_host = NULL;
+static bool arg_adjust_system_clock = false;
+
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+        if (!arg_ask_password)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
+typedef struct StatusInfo {
+        usec_t time;
+        char *timezone;
+
+        usec_t rtc_time;
+        bool rtc_local;
+
+        bool ntp_enabled;
+        bool ntp_capable;
+        bool ntp_synced;
+} StatusInfo;
+
+static void status_info_clear(StatusInfo *info) {
+        if (info) {
+                free(info->timezone);
+                zero(*info);
+        }
+}
+
+static void print_status_info(const StatusInfo *i) {
+        char a[FORMAT_TIMESTAMP_MAX];
+        struct tm tm;
+        time_t sec;
+        bool have_time = false;
+        const char *old_tz = NULL, *tz;
+        int r;
+
+        assert(i);
+
+        /* Save the old $TZ */
+        tz = getenv("TZ");
+        if (tz)
+                old_tz = strdupa(tz);
+
+        /* Set the new $TZ */
+        if (setenv("TZ", isempty(i->timezone) ? "UTC" : i->timezone, true) < 0)
+                log_warning_errno(errno, "Failed to set TZ environment variable, ignoring: %m");
+        else
+                tzset();
+
+        if (i->time != 0) {
+                sec = (time_t) (i->time / USEC_PER_SEC);
+                have_time = true;
+        } else if (IN_SET(arg_transport, BUS_TRANSPORT_LOCAL, BUS_TRANSPORT_MACHINE)) {
+                sec = time(NULL);
+                have_time = true;
+        } else
+                log_warning("Could not get time from timedated and not operating locally, ignoring.");
+
+        if (have_time) {
+                xstrftime(a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm));
+                printf("      Local time: %.*s\n", (int) sizeof(a), a);
+
+                xstrftime(a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm));
+                printf("  Universal time: %.*s\n", (int) sizeof(a), a);
+        } else {
+                printf("      Local time: %s\n", "n/a");
+                printf("  Universal time: %s\n", "n/a");
+        }
+
+        if (i->rtc_time > 0) {
+                time_t rtc_sec;
+
+                rtc_sec = (time_t) (i->rtc_time / USEC_PER_SEC);
+                xstrftime(a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm));
+                printf("        RTC time: %.*s\n", (int) sizeof(a), a);
+        } else
+                printf("        RTC time: %s\n", "n/a");
+
+        if (have_time)
+                xstrftime(a, "%Z, %z", localtime_r(&sec, &tm));
+
+        /* Restore the $TZ */
+        if (old_tz)
+                r = setenv("TZ", old_tz, true);
+        else
+                r = unsetenv("TZ");
+        if (r < 0)
+                log_warning_errno(errno, "Failed to set TZ environment variable, ignoring: %m");
+        else
+                tzset();
+
+        printf("       Time zone: %s (%.*s)\n"
+               " Network time on: %s\n"
+               "NTP synchronized: %s\n"
+               " RTC in local TZ: %s\n",
+               strna(i->timezone), (int) sizeof(a), have_time ? a : "n/a",
+               i->ntp_capable ? yes_no(i->ntp_enabled) : "n/a",
+               yes_no(i->ntp_synced),
+               yes_no(i->rtc_local));
+
+        if (i->rtc_local)
+                fputs("\n" ANSI_HIGHLIGHT
+                      "Warning: The system is configured to read the RTC time in the local time zone.\n"
+                      "         This mode can not be fully supported. It will create various problems\n"
+                      "         with time zone changes and daylight saving time adjustments. The RTC\n"
+                      "         time is never updated, it relies on external facilities to maintain it.\n"
+                      "         If at all possible, use RTC in UTC by calling\n"
+                      "         'timedatectl set-local-rtc 0'." ANSI_NORMAL "\n", stdout);
+}
+
+static int show_status(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(status_info_clear) StatusInfo info = {};
+        static const struct bus_properties_map map[]  = {
+                { "Timezone",        "s", NULL, offsetof(StatusInfo, timezone) },
+                { "LocalRTC",        "b", NULL, offsetof(StatusInfo, rtc_local) },
+                { "NTP",             "b", NULL, offsetof(StatusInfo, ntp_enabled) },
+                { "CanNTP",          "b", NULL, offsetof(StatusInfo, ntp_capable) },
+                { "NTPSynchronized", "b", NULL, offsetof(StatusInfo, ntp_synced) },
+                { "TimeUSec",        "t", NULL, offsetof(StatusInfo, time) },
+                { "RTCTimeUSec",     "t", NULL, offsetof(StatusInfo, rtc_time) },
+                {}
+        };
+        int r;
+
+        assert(bus);
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.timedate1",
+                                   "/org/freedesktop/timedate1",
+                                   map,
+                                   &info);
+        if (r < 0)
+                return log_error_errno(r, "Failed to query server: %m");
+
+        print_status_info(&info);
+
+        return r;
+}
+
+static int set_time(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        bool relative = false, interactive = arg_ask_password;
+        usec_t t;
+        int r;
+
+        assert(args);
+        assert(n == 2);
+
+        polkit_agent_open_if_enabled();
+
+        r = parse_timestamp(args[1], &t);
+        if (r < 0) {
+                log_error("Failed to parse time specification: %s", args[1]);
+                return r;
+        }
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.timedate1",
+                               "/org/freedesktop/timedate1",
+                               "org.freedesktop.timedate1",
+                               "SetTime",
+                               &error,
+                               NULL,
+                               "xbb", (int64_t)t, relative, interactive);
+        if (r < 0)
+                log_error("Failed to set time: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static int set_timezone(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(args);
+        assert(n == 2);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.timedate1",
+                               "/org/freedesktop/timedate1",
+                               "org.freedesktop.timedate1",
+                               "SetTimezone",
+                               &error,
+                               NULL,
+                               "sb", args[1], arg_ask_password);
+        if (r < 0)
+                log_error("Failed to set time zone: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static int set_local_rtc(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r, b;
+
+        assert(args);
+        assert(n == 2);
+
+        polkit_agent_open_if_enabled();
+
+        b = parse_boolean(args[1]);
+        if (b < 0) {
+                log_error("Failed to parse local RTC setting: %s", args[1]);
+                return b;
+        }
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.timedate1",
+                               "/org/freedesktop/timedate1",
+                               "org.freedesktop.timedate1",
+                               "SetLocalRTC",
+                               &error,
+                               NULL,
+                               "bbb", b, arg_adjust_system_clock, arg_ask_password);
+        if (r < 0)
+                log_error("Failed to set local RTC: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static int set_ntp(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int b, r;
+
+        assert(args);
+        assert(n == 2);
+
+        polkit_agent_open_if_enabled();
+
+        b = parse_boolean(args[1]);
+        if (b < 0) {
+                log_error("Failed to parse NTP setting: %s", args[1]);
+                return b;
+        }
+
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.timedate1",
+                               "/org/freedesktop/timedate1",
+                               "org.freedesktop.timedate1",
+                               "SetNTP",
+                               &error,
+                               NULL,
+                               "bb", b, arg_ask_password);
+        if (r < 0)
+                log_error("Failed to set ntp: %s", bus_error_message(&error, -r));
+
+        return r;
+}
+
+static int list_timezones(sd_bus *bus, char **args, unsigned n) {
+        _cleanup_strv_free_ char **zones = NULL;
+        int r;
+
+        assert(args);
+        assert(n == 1);
+
+        r = get_timezones(&zones);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read list of time zones: %m");
+
+        pager_open(arg_no_pager, false);
+        strv_print(zones);
+
+        return 0;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] COMMAND ...\n\n"
+               "Query or change system time and date settings.\n\n"
+               "  -h --help                Show this help message\n"
+               "     --version             Show package version\n"
+               "     --no-pager            Do not pipe output into a pager\n"
+               "     --no-ask-password     Do not prompt for password\n"
+               "  -H --host=[USER@]HOST    Operate on remote host\n"
+               "  -M --machine=CONTAINER   Operate on local container\n"
+               "     --adjust-system-clock Adjust system clock when changing local RTC mode\n\n"
+               "Commands:\n"
+               "  status                   Show current time settings\n"
+               "  set-time TIME            Set system time\n"
+               "  set-timezone ZONE        Set system time zone\n"
+               "  list-timezones           Show known time zones\n"
+               "  set-local-rtc BOOL       Control whether RTC is in local time\n"
+               "  set-ntp BOOL             Enable or disable network time synchronization\n",
+               program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_NO_PAGER,
+                ARG_ADJUST_SYSTEM_CLOCK,
+                ARG_NO_ASK_PASSWORD
+        };
+
+        static const struct option options[] = {
+                { "help",                no_argument,       NULL, 'h'                     },
+                { "version",             no_argument,       NULL, ARG_VERSION             },
+                { "no-pager",            no_argument,       NULL, ARG_NO_PAGER            },
+                { "host",                required_argument, NULL, 'H'                     },
+                { "machine",             required_argument, NULL, 'M'                     },
+                { "no-ask-password",     no_argument,       NULL, ARG_NO_ASK_PASSWORD     },
+                { "adjust-system-clock", no_argument,       NULL, ARG_ADJUST_SYSTEM_CLOCK },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
+                case ARG_ADJUST_SYSTEM_CLOCK:
+                        arg_adjust_system_clock = true;
+                        break;
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int timedatectl_main(sd_bus *bus, int argc, char *argv[]) {
+
+        static const struct {
+                const char* verb;
+                const enum {
+                        MORE,
+                        LESS,
+                        EQUAL
+                } argc_cmp;
+                const int argc;
+                int (* const dispatch)(sd_bus *bus, char **args, unsigned n);
+        } verbs[] = {
+                { "status",                LESS,   1, show_status      },
+                { "set-time",              EQUAL,  2, set_time         },
+                { "set-timezone",          EQUAL,  2, set_timezone     },
+                { "list-timezones",        EQUAL,  1, list_timezones   },
+                { "set-local-rtc",         EQUAL,  2, set_local_rtc    },
+                { "set-ntp",               EQUAL,  2, set_ntp,         },
+        };
+
+        int left;
+        unsigned i;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        left = argc - optind;
+
+        if (left <= 0)
+                /* Special rule: no arguments means "status" */
+                i = 0;
+        else {
+                if (streq(argv[optind], "help")) {
+                        help();
+                        return 0;
+                }
+
+                for (i = 0; i < ELEMENTSOF(verbs); i++)
+                        if (streq(argv[optind], verbs[i].verb))
+                                break;
+
+                if (i >= ELEMENTSOF(verbs)) {
+                        log_error("Unknown operation %s", argv[optind]);
+                        return -EINVAL;
+                }
+        }
+
+        switch (verbs[i].argc_cmp) {
+
+        case EQUAL:
+                if (left != verbs[i].argc) {
+                        log_error("Invalid number of arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        case MORE:
+                if (left < verbs[i].argc) {
+                        log_error("Too few arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        case LESS:
+                if (left > verbs[i].argc) {
+                        log_error("Too many arguments.");
+                        return -EINVAL;
+                }
+
+                break;
+
+        default:
+                assert_not_reached("Unknown comparison operator.");
+        }
+
+        return verbs[i].dispatch(bus, argv + optind, left);
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        setlocale(LC_ALL, "");
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create bus connection: %m");
+                goto finish;
+        }
+
+        r = timedatectl_main(bus, argc, argv);
+
+finish:
+        pager_close();
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/udev/.gitignore b/src/grp-udev/.gitignore
index f5d8be3dc1..f5d8be3dc1 100644
--- a/src/udev/.gitignore
+++ b/src/grp-udev/.gitignore
diff --git a/src/udev/.vimrc b/src/grp-udev/.vimrc
index 366fbdca4b..366fbdca4b 100644
--- a/src/udev/.vimrc
+++ b/src/grp-udev/.vimrc
diff --git a/src/grp-udev/Makefile b/src/grp-udev/Makefile
new file mode 100644
index 0000000000..cc85f0317f
--- /dev/null
+++ b/src/grp-udev/Makefile
@@ -0,0 +1,72 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+INSTALL_DIRS += \
+	$(sysconfdir)/udev/rules.d
+
+dist_udevrules_DATA += \
+	rules/50-udev-default.rules \
+	rules/60-block.rules \
+	rules/60-drm.rules \
+	rules/60-evdev.rules \
+	rules/60-persistent-storage-tape.rules \
+	rules/60-persistent-input.rules \
+	rules/60-persistent-alsa.rules \
+	rules/60-persistent-storage.rules \
+	rules/60-serial.rules \
+	rules/64-btrfs.rules \
+	rules/70-mouse.rules \
+	rules/75-net-description.rules \
+	rules/78-sound-card.rules \
+	rules/80-net-setup-link.rules
+
+nodist_udevrules_DATA += \
+	rules/99-systemd.rules
+
+udevconfdir = $(sysconfdir)/udev
+dist_udevconf_DATA = \
+	src/udev/udev.conf
+
+pkgconfigdata_DATA += \
+	src/udev/udev.pc
+
+EXTRA_DIST += \
+	rules/99-systemd.rules.in \
+	src/udev/udev.pc.in
+
+EXTRA_DIST += \
+	units/systemd-udevd.service.in \
+	units/systemd-udev-trigger.service.in \
+	units/systemd-udev-settle.service.in
+
+SOCKETS_TARGET_WANTS += \
+	systemd-udevd-control.socket \
+	systemd-udevd-kernel.socket
+
+SYSINIT_TARGET_WANTS += \
+	systemd-udevd.service \
+	systemd-udev-trigger.service
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-udev/ata_id/Makefile b/src/grp-udev/ata_id/Makefile
new file mode 100644
index 0000000000..00a8c37ac2
--- /dev/null
+++ b/src/grp-udev/ata_id/Makefile
@@ -0,0 +1,35 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ata_id_SOURCES = \
+	src/udev/ata_id/ata_id.c
+
+ata_id_LDADD = \
+	libshared.la
+
+udevlibexec_PROGRAMS += \
+	ata_id
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/ata_id/ata_id.c b/src/grp-udev/ata_id/ata_id.c
index 1e414664ce..1e414664ce 100644
--- a/src/udev/ata_id/ata_id.c
+++ b/src/grp-udev/ata_id/ata_id.c
diff --git a/src/grp-udev/cdrom_id/Makefile b/src/grp-udev/cdrom_id/Makefile
new file mode 100644
index 0000000000..a9297413d3
--- /dev/null
+++ b/src/grp-udev/cdrom_id/Makefile
@@ -0,0 +1,38 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+cdrom_id_SOURCES = \
+	src/udev/cdrom_id/cdrom_id.c
+
+cdrom_id_LDADD = \
+	libshared.la
+
+udevlibexec_PROGRAMS += \
+	cdrom_id
+
+dist_udevrules_DATA += \
+	rules/60-cdrom_id.rules
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/grp-udev/cdrom_id/cdrom_id.c
index 72f284f710..72f284f710 100644
--- a/src/udev/cdrom_id/cdrom_id.c
+++ b/src/grp-udev/cdrom_id/cdrom_id.c
diff --git a/src/grp-udev/collect/Makefile b/src/grp-udev/collect/Makefile
new file mode 100644
index 0000000000..60af3b7627
--- /dev/null
+++ b/src/grp-udev/collect/Makefile
@@ -0,0 +1,35 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+collect_SOURCES = \
+	src/udev/collect/collect.c
+
+collect_LDADD = \
+	libshared.la
+
+udevlibexec_PROGRAMS += \
+	collect
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/collect/collect.c b/src/grp-udev/collect/collect.c
index 349585b634..349585b634 100644
--- a/src/udev/collect/collect.c
+++ b/src/grp-udev/collect/collect.c
diff --git a/src/grp-udev/libudev-core/Makefile b/src/grp-udev/libudev-core/Makefile
new file mode 100644
index 0000000000..e95d53120a
--- /dev/null
+++ b/src/grp-udev/libudev-core/Makefile
@@ -0,0 +1,101 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+noinst_LTLIBRARIES += \
+	libudev-core.la
+
+$(outdir)/keyboard-keys-list.txt:
+	$(AM_V_GEN)$(CPP) $(ALL_CPPFLAGS) -dM -include linux/input.h - < /dev/null | $(AWK) '/^#define[ \t]+KEY_[^ ]+[ \t]+[0-9K]/ { if ($$2 != "KEY_MAX") { print $$2 } }' > $@
+
+$(outdir)/keyboard-keys-from-name.gperf: $(outdir)/keyboard-keys-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "struct key { const char* name; unsigned short id; };"; print "%null-strings"; print "%%";} { print tolower(substr($$1 ,5)) ", " $$1 }' < $< > $@
+
+$(outdir)/keyboard-keys-from-name.h: $(outdir)/keyboard-keys-from-name.gperf
+	$(AM_V_GPERF)$(GPERF) -L ANSI-C -t -N keyboard_lookup_key -H hash_key_name -p -C < $< > $@
+
+gperf_txt_sources += \
+	src/udev/keyboard-keys-list.txt
+
+libudev_core_la_SOURCES = \
+	src/udev/udev.h \
+	src/udev/udev-event.c \
+	src/udev/udev-watch.c \
+	src/udev/udev-node.c \
+	src/udev/udev-rules.c \
+	src/udev/udev-ctrl.c \
+	src/udev/udev-builtin.c \
+	src/udev/udev-builtin-btrfs.c \
+	src/udev/udev-builtin-hwdb.c \
+	src/udev/udev-builtin-input_id.c \
+	src/udev/udev-builtin-keyboard.c \
+	src/udev/udev-builtin-net_id.c \
+	src/udev/udev-builtin-net_setup_link.c \
+	src/udev/udev-builtin-path_id.c \
+	src/udev/udev-builtin-usb_id.c \
+	src/udev/net/link-config.h \
+	src/udev/net/link-config.c \
+	src/udev/net/ethtool-util.h \
+	src/udev/net/ethtool-util.c
+
+nodist_libudev_core_la_SOURCES = \
+	src/udev/keyboard-keys-from-name.h \
+	src/udev/net/link-config-gperf.c
+
+gperf_gperf_sources += \
+	src/udev/net/link-config-gperf.gperf
+
+libudev_core_la_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(BLKID_CFLAGS) \
+	$(KMOD_CFLAGS)
+
+libudev_core_la_LIBADD = \
+	libsystemd-network.la \
+	libshared.la \
+	$(BLKID_LIBS) \
+	$(KMOD_LIBS)
+
+ifneq ($(HAVE_KMOD),)
+libudev_core_la_SOURCES += \
+	src/udev/udev-builtin-kmod.c
+
+dist_udevrules_DATA += \
+	rules/80-drivers.rules
+endif # HAVE_KMOD
+
+ifneq ($(HAVE_BLKID),)
+libudev_core_la_SOURCES += \
+	src/udev/udev-builtin-blkid.c
+endif # HAVE_BLKID
+
+ifneq ($(HAVE_ACL),)
+libudev_core_la_SOURCES += \
+	src/udev/udev-builtin-uaccess.c \
+	src/login/logind-acl.c \
+	src/libsystemd/sd-login/sd-login.c \
+	src/systemd/sd-login.h
+endif # HAVE_ACL
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/net/.gitignore b/src/grp-udev/libudev-core/net/.gitignore
index 9ca85bacc9..9ca85bacc9 100644
--- a/src/udev/net/.gitignore
+++ b/src/grp-udev/libudev-core/net/.gitignore
diff --git a/src/udev/net/ethtool-util.c b/src/grp-udev/libudev-core/net/ethtool-util.c
index c00ff79123..c00ff79123 100644
--- a/src/udev/net/ethtool-util.c
+++ b/src/grp-udev/libudev-core/net/ethtool-util.c
diff --git a/src/udev/net/ethtool-util.h b/src/grp-udev/libudev-core/net/ethtool-util.h
index 7716516e76..7716516e76 100644
--- a/src/udev/net/ethtool-util.h
+++ b/src/grp-udev/libudev-core/net/ethtool-util.h
diff --git a/src/udev/net/link-config-gperf.gperf b/src/grp-udev/libudev-core/net/link-config-gperf.gperf
index b25e4b3344..b25e4b3344 100644
--- a/src/udev/net/link-config-gperf.gperf
+++ b/src/grp-udev/libudev-core/net/link-config-gperf.gperf
diff --git a/src/grp-udev/libudev-core/net/link-config.c b/src/grp-udev/libudev-core/net/link-config.c
new file mode 100644
index 0000000000..350cd24e9c
--- /dev/null
+++ b/src/grp-udev/libudev-core/net/link-config.c
@@ -0,0 +1,519 @@
+/***
+ This file is part of systemd.
+
+ Copyright (C) 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/ether.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "conf-files.h"
+#include "conf-parser.h"
+#include "ethtool-util.h"
+#include "fd-util.h"
+#include "libudev-private.h"
+#include "link-config.h"
+#include "log.h"
+#include "missing.h"
+#include "netlink-util.h"
+#include "network-internal.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "proc-cmdline.h"
+#include "random-util.h"
+#include "stat-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+struct link_config_ctx {
+        LIST_HEAD(link_config, links);
+
+        int ethtool_fd;
+
+        bool enable_name_policy;
+
+        sd_netlink *rtnl;
+
+        usec_t link_dirs_ts_usec;
+};
+
+static const char* const link_dirs[] = {
+        "/etc/systemd/network",
+        "/run/systemd/network",
+        "/usr/lib/systemd/network",
+#ifdef HAVE_SPLIT_USR
+        "/lib/systemd/network",
+#endif
+        NULL};
+
+static void link_config_free(link_config *link) {
+        if (!link)
+                return;
+
+        free(link->filename);
+
+        free(link->match_mac);
+        strv_free(link->match_path);
+        strv_free(link->match_driver);
+        strv_free(link->match_type);
+        free(link->match_name);
+        free(link->match_host);
+        free(link->match_virt);
+        free(link->match_kernel);
+        free(link->match_arch);
+
+        free(link->description);
+        free(link->mac);
+        free(link->name_policy);
+        free(link->name);
+        free(link->alias);
+
+        free(link);
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(link_config*, link_config_free);
+
+static void link_configs_free(link_config_ctx *ctx) {
+        link_config *link, *link_next;
+
+        if (!ctx)
+                return;
+
+        LIST_FOREACH_SAFE(links, link, link_next, ctx->links)
+                link_config_free(link);
+}
+
+void link_config_ctx_free(link_config_ctx *ctx) {
+        if (!ctx)
+                return;
+
+        safe_close(ctx->ethtool_fd);
+
+        sd_netlink_unref(ctx->rtnl);
+
+        link_configs_free(ctx);
+
+        free(ctx);
+
+        return;
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(link_config_ctx*, link_config_ctx_free);
+
+int link_config_ctx_new(link_config_ctx **ret) {
+        _cleanup_(link_config_ctx_freep) link_config_ctx *ctx = NULL;
+
+        if (!ret)
+                return -EINVAL;
+
+        ctx = new0(link_config_ctx, 1);
+        if (!ctx)
+                return -ENOMEM;
+
+        LIST_HEAD_INIT(ctx->links);
+
+        ctx->ethtool_fd = -1;
+
+        ctx->enable_name_policy = true;
+
+        *ret = ctx;
+        ctx = NULL;
+
+        return 0;
+}
+
+static int load_link(link_config_ctx *ctx, const char *filename) {
+        _cleanup_(link_config_freep) link_config *link = NULL;
+        _cleanup_fclose_ FILE *file = NULL;
+        int r;
+
+        assert(ctx);
+        assert(filename);
+
+        file = fopen(filename, "re");
+        if (!file) {
+                if (errno == ENOENT)
+                        return 0;
+                else
+                        return -errno;
+        }
+
+        if (null_or_empty_fd(fileno(file))) {
+                log_debug("Skipping empty file: %s", filename);
+                return 0;
+        }
+
+        link = new0(link_config, 1);
+        if (!link)
+                return log_oom();
+
+        link->mac_policy = _MACPOLICY_INVALID;
+        link->wol = _WOL_INVALID;
+        link->duplex = _DUP_INVALID;
+
+        r = config_parse(NULL, filename, file,
+                         "Match\0Link\0Ethernet\0",
+                         config_item_perf_lookup, link_config_gperf_lookup,
+                         false, false, true, link);
+        if (r < 0)
+                return r;
+        else
+                log_debug("Parsed configuration file %s", filename);
+
+        if (link->mtu > UINT_MAX || link->speed > UINT_MAX)
+                return -ERANGE;
+
+        link->filename = strdup(filename);
+
+        LIST_PREPEND(links, ctx->links, link);
+        link = NULL;
+
+        return 0;
+}
+
+static bool enable_name_policy(void) {
+        _cleanup_free_ char *line = NULL;
+        const char *word, *state;
+        int r;
+        size_t l;
+
+        r = proc_cmdline(&line);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
+                return true;
+        }
+
+        FOREACH_WORD_QUOTED(word, l, line, state)
+                if (strneq(word, "net.ifnames=0", l))
+                        return false;
+
+        return true;
+}
+
+int link_config_load(link_config_ctx *ctx) {
+        int r;
+        _cleanup_strv_free_ char **files;
+        char **f;
+
+        link_configs_free(ctx);
+
+        if (!enable_name_policy()) {
+                ctx->enable_name_policy = false;
+                log_info("Network interface NamePolicy= disabled on kernel command line, ignoring.");
+        }
+
+        /* update timestamp */
+        paths_check_timestamp(link_dirs, &ctx->link_dirs_ts_usec, true);
+
+        r = conf_files_list_strv(&files, ".link", NULL, link_dirs);
+        if (r < 0)
+                return log_error_errno(r, "failed to enumerate link files: %m");
+
+        STRV_FOREACH_BACKWARDS(f, files) {
+                r = load_link(ctx, *f);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+bool link_config_should_reload(link_config_ctx *ctx) {
+        return paths_check_timestamp(link_dirs, &ctx->link_dirs_ts_usec, false);
+}
+
+int link_config_get(link_config_ctx *ctx, struct udev_device *device,
+                    link_config **ret) {
+        link_config *link;
+
+        assert(ctx);
+        assert(device);
+        assert(ret);
+
+        LIST_FOREACH(links, link, ctx->links) {
+                const char* attr_value;
+
+                attr_value = udev_device_get_sysattr_value(device, "address");
+
+                if (net_match_config(link->match_mac, link->match_path, link->match_driver,
+                                     link->match_type, link->match_name, link->match_host,
+                                     link->match_virt, link->match_kernel, link->match_arch,
+                                     attr_value ? ether_aton(attr_value) : NULL,
+                                     udev_device_get_property_value(device, "ID_PATH"),
+                                     udev_device_get_driver(udev_device_get_parent(device)),
+                                     udev_device_get_property_value(device, "ID_NET_DRIVER"),
+                                     udev_device_get_devtype(device),
+                                     udev_device_get_sysname(device))) {
+                        if (link->match_name) {
+                                unsigned char name_assign_type = NET_NAME_UNKNOWN;
+
+                                attr_value = udev_device_get_sysattr_value(device, "name_assign_type");
+                                if (attr_value)
+                                        (void) safe_atou8(attr_value, &name_assign_type);
+
+                                if (name_assign_type == NET_NAME_ENUM) {
+                                        log_warning("Config file %s applies to device based on potentially unpredictable interface name '%s'",
+                                                  link->filename, udev_device_get_sysname(device));
+                                        *ret = link;
+
+                                        return 0;
+                                } else if (name_assign_type == NET_NAME_RENAMED) {
+                                        log_warning("Config file %s matches device based on renamed interface name '%s', ignoring",
+                                                  link->filename, udev_device_get_sysname(device));
+
+                                        continue;
+                                }
+                        }
+
+                        log_debug("Config file %s applies to device %s",
+                                  link->filename,  udev_device_get_sysname(device));
+
+                        *ret = link;
+
+                        return 0;
+                }
+        }
+
+        *ret = NULL;
+
+        return -ENOENT;
+}
+
+static bool mac_is_random(struct udev_device *device) {
+        const char *s;
+        unsigned type;
+        int r;
+
+        /* if we can't get the assign type, assume it is not random */
+        s = udev_device_get_sysattr_value(device, "addr_assign_type");
+        if (!s)
+                return false;
+
+        r = safe_atou(s, &type);
+        if (r < 0)
+                return false;
+
+        return type == NET_ADDR_RANDOM;
+}
+
+static bool should_rename(struct udev_device *device, bool respect_predictable) {
+        const char *s;
+        unsigned type;
+        int r;
+
+        /* if we can't get the assgin type, assume we should rename */
+        s = udev_device_get_sysattr_value(device, "name_assign_type");
+        if (!s)
+                return true;
+
+        r = safe_atou(s, &type);
+        if (r < 0)
+                return true;
+
+        switch (type) {
+        case NET_NAME_USER:
+        case NET_NAME_RENAMED:
+                /* these were already named by userspace, do not touch again */
+                return false;
+        case NET_NAME_PREDICTABLE:
+                /* the kernel claims to have given a predictable name */
+                if (respect_predictable)
+                        return false;
+                /* fall through */
+        case NET_NAME_ENUM:
+        default:
+                /* the name is known to be bad, or of an unknown type */
+                return true;
+        }
+}
+
+static int get_mac(struct udev_device *device, bool want_random,
+                   struct ether_addr *mac) {
+        int r;
+
+        if (want_random)
+                random_bytes(mac->ether_addr_octet, ETH_ALEN);
+        else {
+                uint64_t result;
+
+                r = net_get_unique_predictable_data(device, &result);
+                if (r < 0)
+                        return r;
+
+                assert_cc(ETH_ALEN <= sizeof(result));
+                memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
+        }
+
+        /* see eth_random_addr in the kernel */
+        mac->ether_addr_octet[0] &= 0xfe;  /* clear multicast bit */
+        mac->ether_addr_octet[0] |= 0x02;  /* set local assignment bit (IEEE802) */
+
+        return 0;
+}
+
+int link_config_apply(link_config_ctx *ctx, link_config *config,
+                      struct udev_device *device, const char **name) {
+        const char *old_name;
+        const char *new_name = NULL;
+        struct ether_addr generated_mac;
+        struct ether_addr *mac = NULL;
+        bool respect_predictable = false;
+        int r, ifindex;
+
+        assert(ctx);
+        assert(config);
+        assert(device);
+        assert(name);
+
+        old_name = udev_device_get_sysname(device);
+        if (!old_name)
+                return -EINVAL;
+
+        r = ethtool_set_speed(&ctx->ethtool_fd, old_name, config->speed / 1024, config->duplex);
+        if (r < 0)
+                log_warning_errno(r, "Could not set speed or duplex of %s to %zu Mbps (%s): %m",
+                                  old_name, config->speed / 1024,
+                                  duplex_to_string(config->duplex));
+
+        r = ethtool_set_wol(&ctx->ethtool_fd, old_name, config->wol);
+        if (r < 0)
+                log_warning_errno(r, "Could not set WakeOnLan of %s to %s: %m",
+                                  old_name, wol_to_string(config->wol));
+
+        ifindex = udev_device_get_ifindex(device);
+        if (ifindex <= 0) {
+                log_warning("Could not find ifindex");
+                return -ENODEV;
+        }
+
+        if (ctx->enable_name_policy && config->name_policy) {
+                NamePolicy *policy;
+
+                for (policy = config->name_policy;
+                     !new_name && *policy != _NAMEPOLICY_INVALID; policy++) {
+                        switch (*policy) {
+                                case NAMEPOLICY_KERNEL:
+                                        respect_predictable = true;
+                                        break;
+                                case NAMEPOLICY_DATABASE:
+                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_FROM_DATABASE");
+                                        break;
+                                case NAMEPOLICY_ONBOARD:
+                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_ONBOARD");
+                                        break;
+                                case NAMEPOLICY_SLOT:
+                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_SLOT");
+                                        break;
+                                case NAMEPOLICY_PATH:
+                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_PATH");
+                                        break;
+                                case NAMEPOLICY_MAC:
+                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_MAC");
+                                        break;
+                                default:
+                                        break;
+                        }
+                }
+        }
+
+        if (should_rename(device, respect_predictable)) {
+                /* if not set by policy, fall back manually set name */
+                if (!new_name)
+                        new_name = config->name;
+        } else
+                new_name = NULL;
+
+        switch (config->mac_policy) {
+                case MACPOLICY_PERSISTENT:
+                        if (mac_is_random(device)) {
+                                r = get_mac(device, false, &generated_mac);
+                                if (r == -ENOENT) {
+                                        log_warning_errno(r, "Could not generate persistent MAC address for %s: %m", old_name);
+                                        break;
+                                } else if (r < 0)
+                                        return r;
+                                mac = &generated_mac;
+                        }
+                        break;
+                case MACPOLICY_RANDOM:
+                        if (!mac_is_random(device)) {
+                                r = get_mac(device, true, &generated_mac);
+                                if (r == -ENOENT) {
+                                        log_warning_errno(r, "Could not generate random MAC address for %s: %m", old_name);
+                                        break;
+                                } else if (r < 0)
+                                        return r;
+                                mac = &generated_mac;
+                        }
+                        break;
+                case MACPOLICY_NONE:
+                default:
+                        mac = config->mac;
+        }
+
+        r = rtnl_set_link_properties(&ctx->rtnl, ifindex, config->alias, mac, config->mtu);
+        if (r < 0)
+                return log_warning_errno(r, "Could not set Alias, MACAddress or MTU on %s: %m", old_name);
+
+        *name = new_name;
+
+        return 0;
+}
+
+int link_get_driver(link_config_ctx *ctx, struct udev_device *device, char **ret) {
+        const char *name;
+        char *driver = NULL;
+        int r;
+
+        name = udev_device_get_sysname(device);
+        if (!name)
+                return -EINVAL;
+
+        r = ethtool_get_driver(&ctx->ethtool_fd, name, &driver);
+        if (r < 0)
+                return r;
+
+        *ret = driver;
+        return 0;
+}
+
+static const char* const mac_policy_table[_MACPOLICY_MAX] = {
+        [MACPOLICY_PERSISTENT] = "persistent",
+        [MACPOLICY_RANDOM] = "random",
+        [MACPOLICY_NONE] = "none"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(mac_policy, MACPolicy);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_mac_policy, mac_policy, MACPolicy,
+                         "Failed to parse MAC address policy");
+
+static const char* const name_policy_table[_NAMEPOLICY_MAX] = {
+        [NAMEPOLICY_KERNEL] = "kernel",
+        [NAMEPOLICY_DATABASE] = "database",
+        [NAMEPOLICY_ONBOARD] = "onboard",
+        [NAMEPOLICY_SLOT] = "slot",
+        [NAMEPOLICY_PATH] = "path",
+        [NAMEPOLICY_MAC] = "mac"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(name_policy, NamePolicy);
+DEFINE_CONFIG_PARSE_ENUMV(config_parse_name_policy, name_policy, NamePolicy,
+                          _NAMEPOLICY_INVALID,
+                          "Failed to parse interface name policy");
diff --git a/src/udev/net/link-config.h b/src/grp-udev/libudev-core/net/link-config.h
index 9df5529d05..9df5529d05 100644
--- a/src/udev/net/link-config.h
+++ b/src/grp-udev/libudev-core/net/link-config.h
diff --git a/src/grp-udev/libudev-core/udev-builtin-blkid.c b/src/grp-udev/libudev-core/udev-builtin-blkid.c
new file mode 100644
index 0000000000..62cd93264b
--- /dev/null
+++ b/src/grp-udev/libudev-core/udev-builtin-blkid.c
@@ -0,0 +1,337 @@
+/*
+ * probe disks for filesystems and partitions
+ *
+ * Copyright (C) 2011 Kay Sievers <kay@vrfy.org>
+ * Copyright (C) 2011 Karel Zak <kzak@redhat.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <blkid/blkid.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "efivars.h"
+#include "fd-util.h"
+#include "gpt.h"
+#include "string-util.h"
+#include "udev.h"
+
+static void print_property(struct udev_device *dev, bool test, const char *name, const char *value) {
+        char s[256];
+
+        s[0] = '\0';
+
+        if (streq(name, "TYPE")) {
+                udev_builtin_add_property(dev, test, "ID_FS_TYPE", value);
+
+        } else if (streq(name, "USAGE")) {
+                udev_builtin_add_property(dev, test, "ID_FS_USAGE", value);
+
+        } else if (streq(name, "VERSION")) {
+                udev_builtin_add_property(dev, test, "ID_FS_VERSION", value);
+
+        } else if (streq(name, "UUID")) {
+                blkid_safe_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_UUID", s);
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_UUID_ENC", s);
+
+        } else if (streq(name, "UUID_SUB")) {
+                blkid_safe_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_UUID_SUB", s);
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_UUID_SUB_ENC", s);
+
+        } else if (streq(name, "LABEL")) {
+                blkid_safe_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_LABEL", s);
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_LABEL_ENC", s);
+
+        } else if (streq(name, "PTTYPE")) {
+                udev_builtin_add_property(dev, test, "ID_PART_TABLE_TYPE", value);
+
+        } else if (streq(name, "PTUUID")) {
+                udev_builtin_add_property(dev, test, "ID_PART_TABLE_UUID", value);
+
+        } else if (streq(name, "PART_ENTRY_NAME")) {
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_PART_ENTRY_NAME", s);
+
+        } else if (streq(name, "PART_ENTRY_TYPE")) {
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_PART_ENTRY_TYPE", s);
+
+        } else if (startswith(name, "PART_ENTRY_")) {
+                strscpyl(s, sizeof(s), "ID_", name, NULL);
+                udev_builtin_add_property(dev, test, s, value);
+
+        } else if (streq(name, "SYSTEM_ID")) {
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_SYSTEM_ID", s);
+
+        } else if (streq(name, "PUBLISHER_ID")) {
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_PUBLISHER_ID", s);
+
+        } else if (streq(name, "APPLICATION_ID")) {
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_APPLICATION_ID", s);
+
+        } else if (streq(name, "BOOT_SYSTEM_ID")) {
+                blkid_encode_string(value, s, sizeof(s));
+                udev_builtin_add_property(dev, test, "ID_FS_BOOT_SYSTEM_ID", s);
+        }
+}
+
+static int find_gpt_root(struct udev_device *dev, blkid_probe pr, bool test) {
+
+#if defined(GPT_ROOT_NATIVE) && defined(ENABLE_EFI)
+
+        _cleanup_free_ char *root_id = NULL;
+        bool found_esp = false;
+        blkid_partlist pl;
+        int i, nvals, r;
+
+        assert(pr);
+
+        /* Iterate through the partitions on this disk, and see if the
+         * EFI ESP we booted from is on it. If so, find the first root
+         * disk, and add a property indicating its partition UUID. */
+
+        errno = 0;
+        pl = blkid_probe_get_partitions(pr);
+        if (!pl)
+                return errno > 0 ? -errno : -ENOMEM;
+
+        nvals = blkid_partlist_numof_partitions(pl);
+        for (i = 0; i < nvals; i++) {
+                blkid_partition pp;
+                const char *stype, *sid;
+                sd_id128_t type;
+
+                pp = blkid_partlist_get_partition(pl, i);
+                if (!pp)
+                        continue;
+
+                sid = blkid_partition_get_uuid(pp);
+                if (!sid)
+                        continue;
+
+                stype = blkid_partition_get_type_string(pp);
+                if (!stype)
+                        continue;
+
+                if (sd_id128_from_string(stype, &type) < 0)
+                        continue;
+
+                if (sd_id128_equal(type, GPT_ESP)) {
+                        sd_id128_t id, esp;
+                        unsigned long long flags;
+
+                        flags = blkid_partition_get_flags(pp);
+                        if (flags & GPT_FLAG_NO_AUTO)
+                                continue;
+
+                        /* We found an ESP, let's see if it matches
+                         * the ESP we booted from. */
+
+                        if (sd_id128_from_string(sid, &id) < 0)
+                                continue;
+
+                        r = efi_loader_get_device_part_uuid(&esp);
+                        if (r < 0)
+                                return r;
+
+                        if (sd_id128_equal(id, esp))
+                                found_esp = true;
+
+                } else if (sd_id128_equal(type, GPT_ROOT_NATIVE)) {
+
+                        /* We found a suitable root partition, let's
+                         * remember the first one. */
+
+                        if (!root_id) {
+                                root_id = strdup(sid);
+                                if (!root_id)
+                                        return -ENOMEM;
+                        }
+                }
+        }
+
+        /* We found the ESP on this disk, and also found a root
+         * partition, nice! Let's export its UUID */
+        if (found_esp && root_id)
+                udev_builtin_add_property(dev, test, "ID_PART_GPT_AUTO_ROOT_UUID", root_id);
+#endif
+
+        return 0;
+}
+
+static int probe_superblocks(blkid_probe pr) {
+        struct stat st;
+        int rc;
+
+        if (fstat(blkid_probe_get_fd(pr), &st))
+                return -1;
+
+        blkid_probe_enable_partitions(pr, 1);
+
+        if (!S_ISCHR(st.st_mode) &&
+            blkid_probe_get_size(pr) <= 1024 * 1440 &&
+            blkid_probe_is_wholedisk(pr)) {
+                /*
+                 * check if the small disk is partitioned, if yes then
+                 * don't probe for filesystems.
+                 */
+                blkid_probe_enable_superblocks(pr, 0);
+
+                rc = blkid_do_fullprobe(pr);
+                if (rc < 0)
+                        return rc;        /* -1 = error, 1 = nothing, 0 = success */
+
+                if (blkid_probe_lookup_value(pr, "PTTYPE", NULL, NULL) == 0)
+                        return 0;        /* partition table detected */
+        }
+
+        blkid_probe_set_partitions_flags(pr, BLKID_PARTS_ENTRY_DETAILS);
+        blkid_probe_enable_superblocks(pr, 1);
+
+        return blkid_do_safeprobe(pr);
+}
+
+static int builtin_blkid(struct udev_device *dev, int argc, char *argv[], bool test) {
+        const char *root_partition;
+        int64_t offset = 0;
+        bool noraid = false;
+        _cleanup_close_ int fd = -1;
+        blkid_probe pr;
+        const char *data;
+        const char *name;
+        const char *prtype = NULL;
+        int nvals;
+        int i;
+        int err = 0;
+        bool is_gpt = false;
+
+        static const struct option options[] = {
+                { "offset", optional_argument, NULL, 'o' },
+                { "noraid", no_argument, NULL, 'R' },
+                {}
+        };
+
+        for (;;) {
+                int option;
+
+                option = getopt_long(argc, argv, "oR", options, NULL);
+                if (option == -1)
+                        break;
+
+                switch (option) {
+                case 'o':
+                        offset = strtoull(optarg, NULL, 0);
+                        break;
+                case 'R':
+                        noraid = true;
+                        break;
+                }
+        }
+
+        pr = blkid_new_probe();
+        if (!pr)
+                return EXIT_FAILURE;
+
+        blkid_probe_set_superblocks_flags(pr,
+                BLKID_SUBLKS_LABEL | BLKID_SUBLKS_UUID |
+                BLKID_SUBLKS_TYPE | BLKID_SUBLKS_SECTYPE |
+                BLKID_SUBLKS_USAGE | BLKID_SUBLKS_VERSION |
+                BLKID_SUBLKS_BADCSUM);
+
+        if (noraid)
+                blkid_probe_filter_superblocks_usage(pr, BLKID_FLTR_NOTIN, BLKID_USAGE_RAID);
+
+        fd = open(udev_device_get_devnode(dev), O_RDONLY|O_CLOEXEC);
+        if (fd < 0) {
+                err = log_debug_errno(errno, "Failure opening block device %s: %m", udev_device_get_devnode(dev));
+                goto out;
+        }
+
+        err = blkid_probe_set_device(pr, fd, offset, 0);
+        if (err < 0)
+                goto out;
+
+        log_debug("probe %s %sraid offset=%"PRIi64,
+                  udev_device_get_devnode(dev),
+                  noraid ? "no" : "", offset);
+
+        err = probe_superblocks(pr);
+        if (err < 0)
+                goto out;
+        if (blkid_probe_has_value(pr, "SBBADCSUM")) {
+                if (!blkid_probe_lookup_value(pr, "TYPE", &prtype, NULL))
+                        log_warning("incorrect %s checksum on %s",
+                                    prtype, udev_device_get_devnode(dev));
+                else
+                        log_warning("incorrect checksum on %s",
+                                    udev_device_get_devnode(dev));
+                goto out;
+        }
+
+        /* If we are a partition then our parent passed on the root
+         * partition UUID to us */
+        root_partition = udev_device_get_property_value(dev, "ID_PART_GPT_AUTO_ROOT_UUID");
+
+        nvals = blkid_probe_numof_values(pr);
+        for (i = 0; i < nvals; i++) {
+                if (blkid_probe_get_value(pr, i, &name, &data, NULL))
+                        continue;
+
+                print_property(dev, test, name, data);
+
+                /* Is this a disk with GPT partition table? */
+                if (streq(name, "PTTYPE") && streq(data, "gpt"))
+                        is_gpt = true;
+
+                /* Is this a partition that matches the root partition
+                 * property we inherited from our parent? */
+                if (root_partition && streq(name, "PART_ENTRY_UUID") && streq(data, root_partition))
+                        udev_builtin_add_property(dev, test, "ID_PART_GPT_AUTO_ROOT", "1");
+        }
+
+        if (is_gpt)
+                find_gpt_root(dev, pr, test);
+
+        blkid_free_probe(pr);
+out:
+        if (err < 0)
+                return EXIT_FAILURE;
+
+        return EXIT_SUCCESS;
+}
+
+const struct udev_builtin udev_builtin_blkid = {
+        .name = "blkid",
+        .cmd = builtin_blkid,
+        .help = "Filesystem and partition probing",
+        .run_once = true,
+};
diff --git a/src/udev/udev-builtin-btrfs.c b/src/grp-udev/libudev-core/udev-builtin-btrfs.c
index cfaa463804..cfaa463804 100644
--- a/src/udev/udev-builtin-btrfs.c
+++ b/src/grp-udev/libudev-core/udev-builtin-btrfs.c
diff --git a/src/grp-udev/libudev-core/udev-builtin-hwdb.c b/src/grp-udev/libudev-core/udev-builtin-hwdb.c
new file mode 100644
index 0000000000..b96f39ba20
--- /dev/null
+++ b/src/grp-udev/libudev-core/udev-builtin-hwdb.c
@@ -0,0 +1,223 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Kay Sievers <kay@vrfy.org>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fnmatch.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <systemd/sd-hwdb.h>
+
+#include "alloc-util.h"
+#include "hwdb-util.h"
+#include "string-util.h"
+#include "udev-util.h"
+#include "udev.h"
+
+static sd_hwdb *hwdb;
+
+int udev_builtin_hwdb_lookup(struct udev_device *dev,
+                             const char *prefix, const char *modalias,
+                             const char *filter, bool test) {
+        _cleanup_free_ char *lookup = NULL;
+        const char *key, *value;
+        int n = 0;
+
+        if (!hwdb)
+                return -ENOENT;
+
+        if (prefix) {
+                lookup = strjoin(prefix, modalias, NULL);
+                if (!lookup)
+                        return -ENOMEM;
+                modalias = lookup;
+        }
+
+        SD_HWDB_FOREACH_PROPERTY(hwdb, modalias, key, value) {
+                if (filter && fnmatch(filter, key, FNM_NOESCAPE) != 0)
+                        continue;
+
+                if (udev_builtin_add_property(dev, test, key, value) < 0)
+                        return -ENOMEM;
+                n++;
+        }
+        return n;
+}
+
+static const char *modalias_usb(struct udev_device *dev, char *s, size_t size) {
+        const char *v, *p;
+        int vn, pn;
+
+        v = udev_device_get_sysattr_value(dev, "idVendor");
+        if (!v)
+                return NULL;
+        p = udev_device_get_sysattr_value(dev, "idProduct");
+        if (!p)
+                return NULL;
+        vn = strtol(v, NULL, 16);
+        if (vn <= 0)
+                return NULL;
+        pn = strtol(p, NULL, 16);
+        if (pn <= 0)
+                return NULL;
+        snprintf(s, size, "usb:v%04Xp%04X*", vn, pn);
+        return s;
+}
+
+static int udev_builtin_hwdb_search(struct udev_device *dev, struct udev_device *srcdev,
+                                    const char *subsystem, const char *prefix,
+                                    const char *filter, bool test) {
+        struct udev_device *d;
+        char s[16];
+        bool last = false;
+        int r = 0;
+
+        assert(dev);
+
+        if (!srcdev)
+                srcdev = dev;
+
+        for (d = srcdev; d && !last; d = udev_device_get_parent(d)) {
+                const char *dsubsys;
+                const char *modalias = NULL;
+
+                dsubsys = udev_device_get_subsystem(d);
+                if (!dsubsys)
+                        continue;
+
+                /* look only at devices of a specific subsystem */
+                if (subsystem && !streq(dsubsys, subsystem))
+                        continue;
+
+                modalias = udev_device_get_property_value(d, "MODALIAS");
+
+                if (streq(dsubsys, "usb") && streq_ptr(udev_device_get_devtype(d), "usb_device")) {
+                        /* if the usb_device does not have a modalias, compose one */
+                        if (!modalias)
+                                modalias = modalias_usb(d, s, sizeof(s));
+
+                        /* avoid looking at any parent device, they are usually just a USB hub */
+                        last = true;
+                }
+
+                if (!modalias)
+                        continue;
+
+                r = udev_builtin_hwdb_lookup(dev, prefix, modalias, filter, test);
+                if (r > 0)
+                        break;
+        }
+
+        return r;
+}
+
+static int builtin_hwdb(struct udev_device *dev, int argc, char *argv[], bool test) {
+        static const struct option options[] = {
+                { "filter", required_argument, NULL, 'f' },
+                { "device", required_argument, NULL, 'd' },
+                { "subsystem", required_argument, NULL, 's' },
+                { "lookup-prefix", required_argument, NULL, 'p' },
+                {}
+        };
+        const char *filter = NULL;
+        const char *device = NULL;
+        const char *subsystem = NULL;
+        const char *prefix = NULL;
+        _cleanup_udev_device_unref_ struct udev_device *srcdev = NULL;
+
+        if (!hwdb)
+                return EXIT_FAILURE;
+
+        for (;;) {
+                int option;
+
+                option = getopt_long(argc, argv, "f:d:s:p:", options, NULL);
+                if (option == -1)
+                        break;
+
+                switch (option) {
+                case 'f':
+                        filter = optarg;
+                        break;
+
+                case 'd':
+                        device = optarg;
+                        break;
+
+                case 's':
+                        subsystem = optarg;
+                        break;
+
+                case 'p':
+                        prefix = optarg;
+                        break;
+                }
+        }
+
+        /* query a specific key given as argument */
+        if (argv[optind]) {
+                if (udev_builtin_hwdb_lookup(dev, prefix, argv[optind], filter, test) > 0)
+                        return EXIT_SUCCESS;
+                return EXIT_FAILURE;
+        }
+
+        /* read data from another device than the device we will store the data */
+        if (device) {
+                srcdev = udev_device_new_from_device_id(udev_device_get_udev(dev), device);
+                if (!srcdev)
+                        return EXIT_FAILURE;
+        }
+
+        if (udev_builtin_hwdb_search(dev, srcdev, subsystem, prefix, filter, test) > 0)
+                return EXIT_SUCCESS;
+        return EXIT_FAILURE;
+}
+
+/* called at udev startup and reload */
+static int builtin_hwdb_init(struct udev *udev) {
+        int r;
+
+        if (hwdb)
+                return 0;
+
+        r = sd_hwdb_new(&hwdb);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+/* called on udev shutdown and reload request */
+static void builtin_hwdb_exit(struct udev *udev) {
+        hwdb = sd_hwdb_unref(hwdb);
+}
+
+/* called every couple of seconds during event activity; 'true' if config has changed */
+static bool builtin_hwdb_validate(struct udev *udev) {
+        return hwdb_validate(hwdb);
+}
+
+const struct udev_builtin udev_builtin_hwdb = {
+        .name = "hwdb",
+        .cmd = builtin_hwdb,
+        .init = builtin_hwdb_init,
+        .exit = builtin_hwdb_exit,
+        .validate = builtin_hwdb_validate,
+        .help = "Hardware database",
+};
diff --git a/src/udev/udev-builtin-input_id.c b/src/grp-udev/libudev-core/udev-builtin-input_id.c
index 51a55cdbc4..51a55cdbc4 100644
--- a/src/udev/udev-builtin-input_id.c
+++ b/src/grp-udev/libudev-core/udev-builtin-input_id.c
diff --git a/src/udev/udev-builtin-keyboard.c b/src/grp-udev/libudev-core/udev-builtin-keyboard.c
index aa10beafb0..aa10beafb0 100644
--- a/src/udev/udev-builtin-keyboard.c
+++ b/src/grp-udev/libudev-core/udev-builtin-keyboard.c
diff --git a/src/udev/udev-builtin-kmod.c b/src/grp-udev/libudev-core/udev-builtin-kmod.c
index 9665f678fd..9665f678fd 100644
--- a/src/udev/udev-builtin-kmod.c
+++ b/src/grp-udev/libudev-core/udev-builtin-kmod.c
diff --git a/src/udev/udev-builtin-net_id.c b/src/grp-udev/libudev-core/udev-builtin-net_id.c
index a7be2a4eed..a7be2a4eed 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/grp-udev/libudev-core/udev-builtin-net_id.c
diff --git a/src/udev/udev-builtin-net_setup_link.c b/src/grp-udev/libudev-core/udev-builtin-net_setup_link.c
index 8e47775135..8e47775135 100644
--- a/src/udev/udev-builtin-net_setup_link.c
+++ b/src/grp-udev/libudev-core/udev-builtin-net_setup_link.c
diff --git a/src/udev/udev-builtin-path_id.c b/src/grp-udev/libudev-core/udev-builtin-path_id.c
index 6e9adc6e96..6e9adc6e96 100644
--- a/src/udev/udev-builtin-path_id.c
+++ b/src/grp-udev/libudev-core/udev-builtin-path_id.c
diff --git a/src/grp-udev/libudev-core/udev-builtin-uaccess.c b/src/grp-udev/libudev-core/udev-builtin-uaccess.c
new file mode 100644
index 0000000000..2c27116ae9
--- /dev/null
+++ b/src/grp-udev/libudev-core/udev-builtin-uaccess.c
@@ -0,0 +1,88 @@
+/*
+ * manage device node user ACL
+ *
+ * Copyright 2010-2012 Kay Sievers <kay@vrfy.org>
+ * Copyright 2010 Lennart Poettering
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <systemd/sd-login.h>
+
+#include "login-util.h"
+#include "logind-acl.h"
+#include "udev.h"
+#include "util.h"
+
+static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
+        int r;
+        const char *path = NULL, *seat;
+        bool changed_acl = false;
+        uid_t uid;
+
+        umask(0022);
+
+        /* don't muck around with ACLs when the system is not running systemd */
+        if (!logind_running())
+                return 0;
+
+        path = udev_device_get_devnode(dev);
+        seat = udev_device_get_property_value(dev, "ID_SEAT");
+        if (!seat)
+                seat = "seat0";
+
+        r = sd_seat_get_active(seat, NULL, &uid);
+        if (r == -ENXIO || r == -ENODATA) {
+                /* No active session on this seat */
+                r = 0;
+                goto finish;
+        } else if (r < 0) {
+                log_error("Failed to determine active user on seat %s.", seat);
+                goto finish;
+        }
+
+        r = devnode_acl(path, true, false, 0, true, uid);
+        if (r < 0) {
+                log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
+                goto finish;
+        }
+
+        changed_acl = true;
+        r = 0;
+
+finish:
+        if (path && !changed_acl) {
+                int k;
+
+                /* Better be safe than sorry and reset ACL */
+                k = devnode_acl(path, true, false, 0, false, 0);
+                if (k < 0) {
+                        log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
+                        if (r >= 0)
+                                r = k;
+                }
+        }
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
+
+const struct udev_builtin udev_builtin_uaccess = {
+        .name = "uaccess",
+        .cmd = builtin_uaccess,
+        .help = "Manage device node user ACL",
+};
diff --git a/src/udev/udev-builtin-usb_id.c b/src/grp-udev/libudev-core/udev-builtin-usb_id.c
index 587649eff0..587649eff0 100644
--- a/src/udev/udev-builtin-usb_id.c
+++ b/src/grp-udev/libudev-core/udev-builtin-usb_id.c
diff --git a/src/udev/udev-builtin.c b/src/grp-udev/libudev-core/udev-builtin.c
index e6b36f124f..e6b36f124f 100644
--- a/src/udev/udev-builtin.c
+++ b/src/grp-udev/libudev-core/udev-builtin.c
diff --git a/src/udev/udev-ctrl.c b/src/grp-udev/libudev-core/udev-ctrl.c
index f68a09d7a8..f68a09d7a8 100644
--- a/src/udev/udev-ctrl.c
+++ b/src/grp-udev/libudev-core/udev-ctrl.c
diff --git a/src/udev/udev-event.c b/src/grp-udev/libudev-core/udev-event.c
index 8d601c9c2c..8d601c9c2c 100644
--- a/src/udev/udev-event.c
+++ b/src/grp-udev/libudev-core/udev-event.c
diff --git a/src/udev/udev-node.c b/src/grp-udev/libudev-core/udev-node.c
index 5d2997fd8f..5d2997fd8f 100644
--- a/src/udev/udev-node.c
+++ b/src/grp-udev/libudev-core/udev-node.c
diff --git a/src/udev/udev-rules.c b/src/grp-udev/libudev-core/udev-rules.c
index 26fa52cf6c..26fa52cf6c 100644
--- a/src/udev/udev-rules.c
+++ b/src/grp-udev/libudev-core/udev-rules.c
diff --git a/src/udev/udev-watch.c b/src/grp-udev/libudev-core/udev-watch.c
index 9ce5e975de..9ce5e975de 100644
--- a/src/udev/udev-watch.c
+++ b/src/grp-udev/libudev-core/udev-watch.c
diff --git a/src/udev/udev.conf b/src/grp-udev/libudev-core/udev.conf
index 47d1433002..47d1433002 100644
--- a/src/udev/udev.conf
+++ b/src/grp-udev/libudev-core/udev.conf
diff --git a/src/udev/udev.pc.in b/src/grp-udev/libudev-core/udev.pc.in
index a0c2e82d47..a0c2e82d47 100644
--- a/src/udev/udev.pc.in
+++ b/src/grp-udev/libudev-core/udev.pc.in
diff --git a/src/grp-udev/mtd_probe/Makefile b/src/grp-udev/mtd_probe/Makefile
new file mode 100644
index 0000000000..d7392a8a3b
--- /dev/null
+++ b/src/grp-udev/mtd_probe/Makefile
@@ -0,0 +1,37 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+mtd_probe_SOURCES =  \
+	src/udev/mtd_probe/mtd_probe.c \
+	src/udev/mtd_probe/mtd_probe.h \
+	src/udev/mtd_probe/probe_smartmedia.c
+
+dist_udevrules_DATA += \
+	rules/75-probe_mtd.rules
+
+udevlibexec_PROGRAMS += \
+	mtd_probe
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/mtd_probe/mtd_probe.c b/src/grp-udev/mtd_probe/mtd_probe.c
index 462fab7623..462fab7623 100644
--- a/src/udev/mtd_probe/mtd_probe.c
+++ b/src/grp-udev/mtd_probe/mtd_probe.c
diff --git a/src/udev/mtd_probe/mtd_probe.h b/src/grp-udev/mtd_probe/mtd_probe.h
index 68e4954537..68e4954537 100644
--- a/src/udev/mtd_probe/mtd_probe.h
+++ b/src/grp-udev/mtd_probe/mtd_probe.h
diff --git a/src/udev/mtd_probe/probe_smartmedia.c b/src/grp-udev/mtd_probe/probe_smartmedia.c
index 2a7ba17637..2a7ba17637 100644
--- a/src/udev/mtd_probe/probe_smartmedia.c
+++ b/src/grp-udev/mtd_probe/probe_smartmedia.c
diff --git a/src/udev/scsi_id/.gitignore b/src/grp-udev/scsi_id/.gitignore
index 6aebddd809..6aebddd809 100644
--- a/src/udev/scsi_id/.gitignore
+++ b/src/grp-udev/scsi_id/.gitignore
diff --git a/src/grp-udev/scsi_id/Makefile b/src/grp-udev/scsi_id/Makefile
new file mode 100644
index 0000000000..7064a864f7
--- /dev/null
+++ b/src/grp-udev/scsi_id/Makefile
@@ -0,0 +1,41 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+scsi_id_SOURCES =\
+	src/udev/scsi_id/scsi_id.c \
+	src/udev/scsi_id/scsi_serial.c \
+	src/udev/scsi_id/scsi.h \
+	src/udev/scsi_id/scsi_id.h
+
+scsi_id_LDADD = \
+	libshared.la
+
+udevlibexec_PROGRAMS += \
+	scsi_id
+
+EXTRA_DIST += \
+	src/udev/scsi_id/README
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/scsi_id/README b/src/grp-udev/scsi_id/README
index 9cfe73991c..9cfe73991c 100644
--- a/src/udev/scsi_id/README
+++ b/src/grp-udev/scsi_id/README
diff --git a/src/udev/scsi_id/scsi.h b/src/grp-udev/scsi_id/scsi.h
index a27a84a40a..a27a84a40a 100644
--- a/src/udev/scsi_id/scsi.h
+++ b/src/grp-udev/scsi_id/scsi.h
diff --git a/src/udev/scsi_id/scsi_id.c b/src/grp-udev/scsi_id/scsi_id.c
index 4655691642..4655691642 100644
--- a/src/udev/scsi_id/scsi_id.c
+++ b/src/grp-udev/scsi_id/scsi_id.c
diff --git a/src/udev/scsi_id/scsi_id.h b/src/grp-udev/scsi_id/scsi_id.h
index 5c2e1c28ee..5c2e1c28ee 100644
--- a/src/udev/scsi_id/scsi_id.h
+++ b/src/grp-udev/scsi_id/scsi_id.h
diff --git a/src/udev/scsi_id/scsi_serial.c b/src/grp-udev/scsi_id/scsi_serial.c
index e079e28698..e079e28698 100644
--- a/src/udev/scsi_id/scsi_serial.c
+++ b/src/grp-udev/scsi_id/scsi_serial.c
diff --git a/src/grp-udev/systemd-udevd/Makefile b/src/grp-udev/systemd-udevd/Makefile
new file mode 100644
index 0000000000..5bbc548cfe
--- /dev/null
+++ b/src/grp-udev/systemd-udevd/Makefile
@@ -0,0 +1,35 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += \
+	systemd-udevd
+
+systemd_udevd_SOURCES = \
+	src/udev/udevd.c
+
+systemd_udevd_LDADD = \
+	libudev-core.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-udev/systemd-udevd/udevd.c b/src/grp-udev/systemd-udevd/udevd.c
new file mode 100644
index 0000000000..89006e6e3a
--- /dev/null
+++ b/src/grp-udev/systemd-udevd/udevd.c
@@ -0,0 +1,1765 @@
+/*
+ * Copyright (C) 2004-2012 Kay Sievers <kay@vrfy.org>
+ * Copyright (C) 2004 Chris Friesen <chris_friesen@sympatico.ca>
+ * Copyright (C) 2009 Canonical Ltd.
+ * Copyright (C) 2009 Scott James Remnant <scott@netsplit.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <signal.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/epoll.h>
+#include <sys/file.h>
+#include <sys/inotify.h>
+#include <sys/ioctl.h>
+#include <sys/mount.h>
+#include <sys/prctl.h>
+#include <sys/signalfd.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "cgroup-util.h"
+#include "cpu-set-util.h"
+#include "dev-setup.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "hashmap.h"
+#include "io-util.h"
+#include "netlink-util.h"
+#include "parse-util.h"
+#include "proc-cmdline.h"
+#include "process-util.h"
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "string-util.h"
+#include "terminal-util.h"
+#include "udev-util.h"
+#include "udev.h"
+#include "user-util.h"
+
+static bool arg_debug = false;
+static int arg_daemonize = false;
+static int arg_resolve_names = 1;
+static unsigned arg_children_max;
+static int arg_exec_delay;
+static usec_t arg_event_timeout_usec = 180 * USEC_PER_SEC;
+static usec_t arg_event_timeout_warn_usec = 180 * USEC_PER_SEC / 3;
+
+typedef struct Manager {
+        struct udev *udev;
+        sd_event *event;
+        Hashmap *workers;
+        struct udev_list_node events;
+        const char *cgroup;
+        pid_t pid; /* the process that originally allocated the manager object */
+
+        struct udev_rules *rules;
+        struct udev_list properties;
+
+        struct udev_monitor *monitor;
+        struct udev_ctrl *ctrl;
+        struct udev_ctrl_connection *ctrl_conn_blocking;
+        int fd_inotify;
+        int worker_watch[2];
+
+        sd_event_source *ctrl_event;
+        sd_event_source *uevent_event;
+        sd_event_source *inotify_event;
+
+        usec_t last_usec;
+
+        bool stop_exec_queue:1;
+        bool exit:1;
+} Manager;
+
+enum event_state {
+        EVENT_UNDEF,
+        EVENT_QUEUED,
+        EVENT_RUNNING,
+};
+
+struct event {
+        struct udev_list_node node;
+        Manager *manager;
+        struct udev *udev;
+        struct udev_device *dev;
+        struct udev_device *dev_kernel;
+        struct worker *worker;
+        enum event_state state;
+        unsigned long long int delaying_seqnum;
+        unsigned long long int seqnum;
+        const char *devpath;
+        size_t devpath_len;
+        const char *devpath_old;
+        dev_t devnum;
+        int ifindex;
+        bool is_block;
+        sd_event_source *timeout_warning;
+        sd_event_source *timeout;
+};
+
+static inline struct event *node_to_event(struct udev_list_node *node) {
+        return container_of(node, struct event, node);
+}
+
+static void event_queue_cleanup(Manager *manager, enum event_state type);
+
+enum worker_state {
+        WORKER_UNDEF,
+        WORKER_RUNNING,
+        WORKER_IDLE,
+        WORKER_KILLED,
+};
+
+struct worker {
+        Manager *manager;
+        struct udev_list_node node;
+        int refcount;
+        pid_t pid;
+        struct udev_monitor *monitor;
+        enum worker_state state;
+        struct event *event;
+};
+
+/* passed from worker to main process */
+struct worker_message {
+};
+
+static void event_free(struct event *event) {
+        int r;
+
+        if (!event)
+                return;
+
+        udev_list_node_remove(&event->node);
+        udev_device_unref(event->dev);
+        udev_device_unref(event->dev_kernel);
+
+        sd_event_source_unref(event->timeout_warning);
+        sd_event_source_unref(event->timeout);
+
+        if (event->worker)
+                event->worker->event = NULL;
+
+        assert(event->manager);
+
+        if (udev_list_node_is_empty(&event->manager->events)) {
+                /* only clean up the queue from the process that created it */
+                if (event->manager->pid == getpid()) {
+                        r = unlink("/run/udev/queue");
+                        if (r < 0)
+                                log_warning_errno(errno, "could not unlink /run/udev/queue: %m");
+                }
+        }
+
+        free(event);
+}
+
+static void worker_free(struct worker *worker) {
+        if (!worker)
+                return;
+
+        assert(worker->manager);
+
+        hashmap_remove(worker->manager->workers, PID_TO_PTR(worker->pid));
+        udev_monitor_unref(worker->monitor);
+        event_free(worker->event);
+
+        free(worker);
+}
+
+static void manager_workers_free(Manager *manager) {
+        struct worker *worker;
+        Iterator i;
+
+        assert(manager);
+
+        HASHMAP_FOREACH(worker, manager->workers, i)
+                worker_free(worker);
+
+        manager->workers = hashmap_free(manager->workers);
+}
+
+static int worker_new(struct worker **ret, Manager *manager, struct udev_monitor *worker_monitor, pid_t pid) {
+        _cleanup_free_ struct worker *worker = NULL;
+        int r;
+
+        assert(ret);
+        assert(manager);
+        assert(worker_monitor);
+        assert(pid > 1);
+
+        worker = new0(struct worker, 1);
+        if (!worker)
+                return -ENOMEM;
+
+        worker->refcount = 1;
+        worker->manager = manager;
+        /* close monitor, but keep address around */
+        udev_monitor_disconnect(worker_monitor);
+        worker->monitor = udev_monitor_ref(worker_monitor);
+        worker->pid = pid;
+
+        r = hashmap_ensure_allocated(&manager->workers, NULL);
+        if (r < 0)
+                return r;
+
+        r = hashmap_put(manager->workers, PID_TO_PTR(pid), worker);
+        if (r < 0)
+                return r;
+
+        *ret = worker;
+        worker = NULL;
+
+        return 0;
+}
+
+static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
+        struct event *event = userdata;
+
+        assert(event);
+        assert(event->worker);
+
+        kill_and_sigcont(event->worker->pid, SIGKILL);
+        event->worker->state = WORKER_KILLED;
+
+        log_error("seq %llu '%s' killed", udev_device_get_seqnum(event->dev), event->devpath);
+
+        return 1;
+}
+
+static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) {
+        struct event *event = userdata;
+
+        assert(event);
+
+        log_warning("seq %llu '%s' is taking a long time", udev_device_get_seqnum(event->dev), event->devpath);
+
+        return 1;
+}
+
+static void worker_attach_event(struct worker *worker, struct event *event) {
+        sd_event *e;
+        uint64_t usec;
+
+        assert(worker);
+        assert(worker->manager);
+        assert(event);
+        assert(!event->worker);
+        assert(!worker->event);
+
+        worker->state = WORKER_RUNNING;
+        worker->event = event;
+        event->state = EVENT_RUNNING;
+        event->worker = worker;
+
+        e = worker->manager->event;
+
+        assert_se(sd_event_now(e, clock_boottime_or_monotonic(), &usec) >= 0);
+
+        (void) sd_event_add_time(e, &event->timeout_warning, clock_boottime_or_monotonic(),
+                                 usec + arg_event_timeout_warn_usec, USEC_PER_SEC, on_event_timeout_warning, event);
+
+        (void) sd_event_add_time(e, &event->timeout, clock_boottime_or_monotonic(),
+                                 usec + arg_event_timeout_usec, USEC_PER_SEC, on_event_timeout, event);
+}
+
+static void manager_free(Manager *manager) {
+        if (!manager)
+                return;
+
+        udev_builtin_exit(manager->udev);
+
+        sd_event_source_unref(manager->ctrl_event);
+        sd_event_source_unref(manager->uevent_event);
+        sd_event_source_unref(manager->inotify_event);
+
+        udev_unref(manager->udev);
+        sd_event_unref(manager->event);
+        manager_workers_free(manager);
+        event_queue_cleanup(manager, EVENT_UNDEF);
+
+        udev_monitor_unref(manager->monitor);
+        udev_ctrl_unref(manager->ctrl);
+        udev_ctrl_connection_unref(manager->ctrl_conn_blocking);
+
+        udev_list_cleanup(&manager->properties);
+        udev_rules_unref(manager->rules);
+
+        safe_close(manager->fd_inotify);
+        safe_close_pair(manager->worker_watch);
+
+        free(manager);
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
+
+static int worker_send_message(int fd) {
+        struct worker_message message = {};
+
+        return loop_write(fd, &message, sizeof(message), false);
+}
+
+static void worker_spawn(Manager *manager, struct event *event) {
+        struct udev *udev = event->udev;
+        _cleanup_udev_monitor_unref_ struct udev_monitor *worker_monitor = NULL;
+        pid_t pid;
+        int r = 0;
+
+        /* listen for new events */
+        worker_monitor = udev_monitor_new_from_netlink(udev, NULL);
+        if (worker_monitor == NULL)
+                return;
+        /* allow the main daemon netlink address to send devices to the worker */
+        udev_monitor_allow_unicast_sender(worker_monitor, manager->monitor);
+        r = udev_monitor_enable_receiving(worker_monitor);
+        if (r < 0)
+                log_error_errno(r, "worker: could not enable receiving of device: %m");
+
+        pid = fork();
+        switch (pid) {
+        case 0: {
+                struct udev_device *dev = NULL;
+                _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+                int fd_monitor;
+                _cleanup_close_ int fd_signal = -1, fd_ep = -1;
+                struct epoll_event ep_signal = { .events = EPOLLIN };
+                struct epoll_event ep_monitor = { .events = EPOLLIN };
+                sigset_t mask;
+
+                /* take initial device from queue */
+                dev = event->dev;
+                event->dev = NULL;
+
+                unsetenv("NOTIFY_SOCKET");
+
+                manager_workers_free(manager);
+                event_queue_cleanup(manager, EVENT_UNDEF);
+
+                manager->monitor = udev_monitor_unref(manager->monitor);
+                manager->ctrl_conn_blocking = udev_ctrl_connection_unref(manager->ctrl_conn_blocking);
+                manager->ctrl = udev_ctrl_unref(manager->ctrl);
+                manager->ctrl_conn_blocking = udev_ctrl_connection_unref(manager->ctrl_conn_blocking);
+                manager->worker_watch[READ_END] = safe_close(manager->worker_watch[READ_END]);
+
+                manager->ctrl_event = sd_event_source_unref(manager->ctrl_event);
+                manager->uevent_event = sd_event_source_unref(manager->uevent_event);
+                manager->inotify_event = sd_event_source_unref(manager->inotify_event);
+
+                manager->event = sd_event_unref(manager->event);
+
+                sigfillset(&mask);
+                fd_signal = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
+                if (fd_signal < 0) {
+                        r = log_error_errno(errno, "error creating signalfd %m");
+                        goto out;
+                }
+                ep_signal.data.fd = fd_signal;
+
+                fd_monitor = udev_monitor_get_fd(worker_monitor);
+                ep_monitor.data.fd = fd_monitor;
+
+                fd_ep = epoll_create1(EPOLL_CLOEXEC);
+                if (fd_ep < 0) {
+                        r = log_error_errno(errno, "error creating epoll fd: %m");
+                        goto out;
+                }
+
+                if (epoll_ctl(fd_ep, EPOLL_CTL_ADD, fd_signal, &ep_signal) < 0 ||
+                    epoll_ctl(fd_ep, EPOLL_CTL_ADD, fd_monitor, &ep_monitor) < 0) {
+                        r = log_error_errno(errno, "fail to add fds to epoll: %m");
+                        goto out;
+                }
+
+                /* Request TERM signal if parent exits.
+                   Ignore error, not much we can do in that case. */
+                (void) prctl(PR_SET_PDEATHSIG, SIGTERM);
+
+                /* Reset OOM score, we only protect the main daemon. */
+                write_string_file("/proc/self/oom_score_adj", "0", 0);
+
+                for (;;) {
+                        struct udev_event *udev_event;
+                        int fd_lock = -1;
+
+                        assert(dev);
+
+                        log_debug("seq %llu running", udev_device_get_seqnum(dev));
+                        udev_event = udev_event_new(dev);
+                        if (udev_event == NULL) {
+                                r = -ENOMEM;
+                                goto out;
+                        }
+
+                        if (arg_exec_delay > 0)
+                                udev_event->exec_delay = arg_exec_delay;
+
+                        /*
+                         * Take a shared lock on the device node; this establishes
+                         * a concept of device "ownership" to serialize device
+                         * access. External processes holding an exclusive lock will
+                         * cause udev to skip the event handling; in the case udev
+                         * acquired the lock, the external process can block until
+                         * udev has finished its event handling.
+                         */
+                        if (!streq_ptr(udev_device_get_action(dev), "remove") &&
+                            streq_ptr("block", udev_device_get_subsystem(dev)) &&
+                            !startswith(udev_device_get_sysname(dev), "dm-") &&
+                            !startswith(udev_device_get_sysname(dev), "md")) {
+                                struct udev_device *d = dev;
+
+                                if (streq_ptr("partition", udev_device_get_devtype(d)))
+                                        d = udev_device_get_parent(d);
+
+                                if (d) {
+                                        fd_lock = open(udev_device_get_devnode(d), O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK);
+                                        if (fd_lock >= 0 && flock(fd_lock, LOCK_SH|LOCK_NB) < 0) {
+                                                log_debug_errno(errno, "Unable to flock(%s), skipping event handling: %m", udev_device_get_devnode(d));
+                                                fd_lock = safe_close(fd_lock);
+                                                goto skip;
+                                        }
+                                }
+                        }
+
+                        /* needed for renaming netifs */
+                        udev_event->rtnl = rtnl;
+
+                        /* apply rules, create node, symlinks */
+                        udev_event_execute_rules(udev_event,
+                                                 arg_event_timeout_usec, arg_event_timeout_warn_usec,
+                                                 &manager->properties,
+                                                 manager->rules);
+
+                        udev_event_execute_run(udev_event,
+                                               arg_event_timeout_usec, arg_event_timeout_warn_usec);
+
+                        if (udev_event->rtnl)
+                                /* in case rtnl was initialized */
+                                rtnl = sd_netlink_ref(udev_event->rtnl);
+
+                        /* apply/restore inotify watch */
+                        if (udev_event->inotify_watch) {
+                                udev_watch_begin(udev, dev);
+                                udev_device_update_db(dev);
+                        }
+
+                        safe_close(fd_lock);
+
+                        /* send processed event back to libudev listeners */
+                        udev_monitor_send_device(worker_monitor, NULL, dev);
+
+skip:
+                        log_debug("seq %llu processed", udev_device_get_seqnum(dev));
+
+                        /* send udevd the result of the event execution */
+                        r = worker_send_message(manager->worker_watch[WRITE_END]);
+                        if (r < 0)
+                                log_error_errno(r, "failed to send result of seq %llu to main daemon: %m",
+                                                udev_device_get_seqnum(dev));
+
+                        udev_device_unref(dev);
+                        dev = NULL;
+
+                        udev_event_unref(udev_event);
+
+                        /* wait for more device messages from main udevd, or term signal */
+                        while (dev == NULL) {
+                                struct epoll_event ev[4];
+                                int fdcount;
+                                int i;
+
+                                fdcount = epoll_wait(fd_ep, ev, ELEMENTSOF(ev), -1);
+                                if (fdcount < 0) {
+                                        if (errno == EINTR)
+                                                continue;
+                                        r = log_error_errno(errno, "failed to poll: %m");
+                                        goto out;
+                                }
+
+                                for (i = 0; i < fdcount; i++) {
+                                        if (ev[i].data.fd == fd_monitor && ev[i].events & EPOLLIN) {
+                                                dev = udev_monitor_receive_device(worker_monitor);
+                                                break;
+                                        } else if (ev[i].data.fd == fd_signal && ev[i].events & EPOLLIN) {
+                                                struct signalfd_siginfo fdsi;
+                                                ssize_t size;
+
+                                                size = read(fd_signal, &fdsi, sizeof(struct signalfd_siginfo));
+                                                if (size != sizeof(struct signalfd_siginfo))
+                                                        continue;
+                                                switch (fdsi.ssi_signo) {
+                                                case SIGTERM:
+                                                        goto out;
+                                                }
+                                        }
+                                }
+                        }
+                }
+out:
+                udev_device_unref(dev);
+                manager_free(manager);
+                log_close();
+                _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
+        }
+        case -1:
+                event->state = EVENT_QUEUED;
+                log_error_errno(errno, "fork of child failed: %m");
+                break;
+        default:
+        {
+                struct worker *worker;
+
+                r = worker_new(&worker, manager, worker_monitor, pid);
+                if (r < 0)
+                        return;
+
+                worker_attach_event(worker, event);
+
+                log_debug("seq %llu forked new worker ["PID_FMT"]", udev_device_get_seqnum(event->dev), pid);
+                break;
+        }
+        }
+}
+
+static void event_run(Manager *manager, struct event *event) {
+        struct worker *worker;
+        Iterator i;
+
+        assert(manager);
+        assert(event);
+
+        HASHMAP_FOREACH(worker, manager->workers, i) {
+                ssize_t count;
+
+                if (worker->state != WORKER_IDLE)
+                        continue;
+
+                count = udev_monitor_send_device(manager->monitor, worker->monitor, event->dev);
+                if (count < 0) {
+                        log_error_errno(errno, "worker ["PID_FMT"] did not accept message %zi (%m), kill it",
+                                        worker->pid, count);
+                        kill(worker->pid, SIGKILL);
+                        worker->state = WORKER_KILLED;
+                        continue;
+                }
+                worker_attach_event(worker, event);
+                return;
+        }
+
+        if (hashmap_size(manager->workers) >= arg_children_max) {
+                if (arg_children_max > 1)
+                        log_debug("maximum number (%i) of children reached", hashmap_size(manager->workers));
+                return;
+        }
+
+        /* start new worker and pass initial device */
+        worker_spawn(manager, event);
+}
+
+static int event_queue_insert(Manager *manager, struct udev_device *dev) {
+        struct event *event;
+        int r;
+
+        assert(manager);
+        assert(dev);
+
+        /* only one process can add events to the queue */
+        if (manager->pid == 0)
+                manager->pid = getpid();
+
+        assert(manager->pid == getpid());
+
+        event = new0(struct event, 1);
+        if (!event)
+                return -ENOMEM;
+
+        event->udev = udev_device_get_udev(dev);
+        event->manager = manager;
+        event->dev = dev;
+        event->dev_kernel = udev_device_shallow_clone(dev);
+        udev_device_copy_properties(event->dev_kernel, dev);
+        event->seqnum = udev_device_get_seqnum(dev);
+        event->devpath = udev_device_get_devpath(dev);
+        event->devpath_len = strlen(event->devpath);
+        event->devpath_old = udev_device_get_devpath_old(dev);
+        event->devnum = udev_device_get_devnum(dev);
+        event->is_block = streq("block", udev_device_get_subsystem(dev));
+        event->ifindex = udev_device_get_ifindex(dev);
+
+        log_debug("seq %llu queued, '%s' '%s'", udev_device_get_seqnum(dev),
+             udev_device_get_action(dev), udev_device_get_subsystem(dev));
+
+        event->state = EVENT_QUEUED;
+
+        if (udev_list_node_is_empty(&manager->events)) {
+                r = touch("/run/udev/queue");
+                if (r < 0)
+                        log_warning_errno(r, "could not touch /run/udev/queue: %m");
+        }
+
+        udev_list_node_append(&event->node, &manager->events);
+
+        return 0;
+}
+
+static void manager_kill_workers(Manager *manager) {
+        struct worker *worker;
+        Iterator i;
+
+        assert(manager);
+
+        HASHMAP_FOREACH(worker, manager->workers, i) {
+                if (worker->state == WORKER_KILLED)
+                        continue;
+
+                worker->state = WORKER_KILLED;
+                kill(worker->pid, SIGTERM);
+        }
+}
+
+/* lookup event for identical, parent, child device */
+static bool is_devpath_busy(Manager *manager, struct event *event) {
+        struct udev_list_node *loop;
+        size_t common;
+
+        /* check if queue contains events we depend on */
+        udev_list_node_foreach(loop, &manager->events) {
+                struct event *loop_event = node_to_event(loop);
+
+                /* we already found a later event, earlier can not block us, no need to check again */
+                if (loop_event->seqnum < event->delaying_seqnum)
+                        continue;
+
+                /* event we checked earlier still exists, no need to check again */
+                if (loop_event->seqnum == event->delaying_seqnum)
+                        return true;
+
+                /* found ourself, no later event can block us */
+                if (loop_event->seqnum >= event->seqnum)
+                        break;
+
+                /* check major/minor */
+                if (major(event->devnum) != 0 && event->devnum == loop_event->devnum && event->is_block == loop_event->is_block)
+                        return true;
+
+                /* check network device ifindex */
+                if (event->ifindex != 0 && event->ifindex == loop_event->ifindex)
+                        return true;
+
+                /* check our old name */
+                if (event->devpath_old != NULL && streq(loop_event->devpath, event->devpath_old)) {
+                        event->delaying_seqnum = loop_event->seqnum;
+                        return true;
+                }
+
+                /* compare devpath */
+                common = MIN(loop_event->devpath_len, event->devpath_len);
+
+                /* one devpath is contained in the other? */
+                if (memcmp(loop_event->devpath, event->devpath, common) != 0)
+                        continue;
+
+                /* identical device event found */
+                if (loop_event->devpath_len == event->devpath_len) {
+                        /* devices names might have changed/swapped in the meantime */
+                        if (major(event->devnum) != 0 && (event->devnum != loop_event->devnum || event->is_block != loop_event->is_block))
+                                continue;
+                        if (event->ifindex != 0 && event->ifindex != loop_event->ifindex)
+                                continue;
+                        event->delaying_seqnum = loop_event->seqnum;
+                        return true;
+                }
+
+                /* parent device event found */
+                if (event->devpath[common] == '/') {
+                        event->delaying_seqnum = loop_event->seqnum;
+                        return true;
+                }
+
+                /* child device event found */
+                if (loop_event->devpath[common] == '/') {
+                        event->delaying_seqnum = loop_event->seqnum;
+                        return true;
+                }
+
+                /* no matching device */
+                continue;
+        }
+
+        return false;
+}
+
+static int on_exit_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
+        Manager *manager = userdata;
+
+        assert(manager);
+
+        log_error_errno(ETIMEDOUT, "giving up waiting for workers to finish");
+
+        sd_event_exit(manager->event, -ETIMEDOUT);
+
+        return 1;
+}
+
+static void manager_exit(Manager *manager) {
+        uint64_t usec;
+        int r;
+
+        assert(manager);
+
+        manager->exit = true;
+
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Starting shutdown...");
+
+        /* close sources of new events and discard buffered events */
+        manager->ctrl_event = sd_event_source_unref(manager->ctrl_event);
+        manager->ctrl = udev_ctrl_unref(manager->ctrl);
+
+        manager->inotify_event = sd_event_source_unref(manager->inotify_event);
+        manager->fd_inotify = safe_close(manager->fd_inotify);
+
+        manager->uevent_event = sd_event_source_unref(manager->uevent_event);
+        manager->monitor = udev_monitor_unref(manager->monitor);
+
+        /* discard queued events and kill workers */
+        event_queue_cleanup(manager, EVENT_QUEUED);
+        manager_kill_workers(manager);
+
+        assert_se(sd_event_now(manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
+
+        r = sd_event_add_time(manager->event, NULL, clock_boottime_or_monotonic(),
+                              usec + 30 * USEC_PER_SEC, USEC_PER_SEC, on_exit_timeout, manager);
+        if (r < 0)
+                return;
+}
+
+/* reload requested, HUP signal received, rules changed, builtin changed */
+static void manager_reload(Manager *manager) {
+
+        assert(manager);
+
+        sd_notify(false,
+                  "RELOADING=1\n"
+                  "STATUS=Flushing configuration...");
+
+        manager_kill_workers(manager);
+        manager->rules = udev_rules_unref(manager->rules);
+        udev_builtin_exit(manager->udev);
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing...");
+}
+
+static void event_queue_start(Manager *manager) {
+        struct udev_list_node *loop;
+        usec_t usec;
+
+        assert(manager);
+
+        if (udev_list_node_is_empty(&manager->events) ||
+            manager->exit || manager->stop_exec_queue)
+                return;
+
+        assert_se(sd_event_now(manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
+        /* check for changed config, every 3 seconds at most */
+        if (manager->last_usec == 0 ||
+            (usec - manager->last_usec) > 3 * USEC_PER_SEC) {
+                if (udev_rules_check_timestamp(manager->rules) ||
+                    udev_builtin_validate(manager->udev))
+                        manager_reload(manager);
+
+                manager->last_usec = usec;
+        }
+
+        udev_builtin_init(manager->udev);
+
+        if (!manager->rules) {
+                manager->rules = udev_rules_new(manager->udev, arg_resolve_names);
+                if (!manager->rules)
+                        return;
+        }
+
+        udev_list_node_foreach(loop, &manager->events) {
+                struct event *event = node_to_event(loop);
+
+                if (event->state != EVENT_QUEUED)
+                        continue;
+
+                /* do not start event if parent or child event is still running */
+                if (is_devpath_busy(manager, event))
+                        continue;
+
+                event_run(manager, event);
+        }
+}
+
+static void event_queue_cleanup(Manager *manager, enum event_state match_type) {
+        struct udev_list_node *loop, *tmp;
+
+        udev_list_node_foreach_safe(loop, tmp, &manager->events) {
+                struct event *event = node_to_event(loop);
+
+                if (match_type != EVENT_UNDEF && match_type != event->state)
+                        continue;
+
+                event_free(event);
+        }
+}
+
+static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Manager *manager = userdata;
+
+        assert(manager);
+
+        for (;;) {
+                struct worker_message msg;
+                struct iovec iovec = {
+                        .iov_base = &msg,
+                        .iov_len = sizeof(msg),
+                };
+                union {
+                        struct cmsghdr cmsghdr;
+                        uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
+                } control = {};
+                struct msghdr msghdr = {
+                        .msg_iov = &iovec,
+                        .msg_iovlen = 1,
+                        .msg_control = &control,
+                        .msg_controllen = sizeof(control),
+                };
+                struct cmsghdr *cmsg;
+                ssize_t size;
+                struct ucred *ucred = NULL;
+                struct worker *worker;
+
+                size = recvmsg(fd, &msghdr, MSG_DONTWAIT);
+                if (size < 0) {
+                        if (errno == EINTR)
+                                continue;
+                        else if (errno == EAGAIN)
+                                /* nothing more to read */
+                                break;
+
+                        return log_error_errno(errno, "failed to receive message: %m");
+                } else if (size != sizeof(struct worker_message)) {
+                        log_warning_errno(EIO, "ignoring worker message with invalid size %zi bytes", size);
+                        continue;
+                }
+
+                CMSG_FOREACH(cmsg, &msghdr) {
+                        if (cmsg->cmsg_level == SOL_SOCKET &&
+                            cmsg->cmsg_type == SCM_CREDENTIALS &&
+                            cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
+                                ucred = (struct ucred*) CMSG_DATA(cmsg);
+                }
+
+                if (!ucred || ucred->pid <= 0) {
+                        log_warning_errno(EIO, "ignoring worker message without valid PID");
+                        continue;
+                }
+
+                /* lookup worker who sent the signal */
+                worker = hashmap_get(manager->workers, PID_TO_PTR(ucred->pid));
+                if (!worker) {
+                        log_debug("worker ["PID_FMT"] returned, but is no longer tracked", ucred->pid);
+                        continue;
+                }
+
+                if (worker->state != WORKER_KILLED)
+                        worker->state = WORKER_IDLE;
+
+                /* worker returned */
+                event_free(worker->event);
+        }
+
+        /* we have free workers, try to schedule events */
+        event_queue_start(manager);
+
+        return 1;
+}
+
+static int on_uevent(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Manager *manager = userdata;
+        struct udev_device *dev;
+        int r;
+
+        assert(manager);
+
+        dev = udev_monitor_receive_device(manager->monitor);
+        if (dev) {
+                udev_device_ensure_usec_initialized(dev, NULL);
+                r = event_queue_insert(manager, dev);
+                if (r < 0)
+                        udev_device_unref(dev);
+                else
+                        /* we have fresh events, try to schedule them */
+                        event_queue_start(manager);
+        }
+
+        return 1;
+}
+
+/* receive the udevd message from userspace */
+static int on_ctrl_msg(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Manager *manager = userdata;
+        _cleanup_udev_ctrl_connection_unref_ struct udev_ctrl_connection *ctrl_conn = NULL;
+        _cleanup_udev_ctrl_msg_unref_ struct udev_ctrl_msg *ctrl_msg = NULL;
+        const char *str;
+        int i;
+
+        assert(manager);
+
+        ctrl_conn = udev_ctrl_get_connection(manager->ctrl);
+        if (!ctrl_conn)
+                return 1;
+
+        ctrl_msg = udev_ctrl_receive_msg(ctrl_conn);
+        if (!ctrl_msg)
+                return 1;
+
+        i = udev_ctrl_get_set_log_level(ctrl_msg);
+        if (i >= 0) {
+                log_debug("udevd message (SET_LOG_LEVEL) received, log_priority=%i", i);
+                log_set_max_level(i);
+                manager_kill_workers(manager);
+        }
+
+        if (udev_ctrl_get_stop_exec_queue(ctrl_msg) > 0) {
+                log_debug("udevd message (STOP_EXEC_QUEUE) received");
+                manager->stop_exec_queue = true;
+        }
+
+        if (udev_ctrl_get_start_exec_queue(ctrl_msg) > 0) {
+                log_debug("udevd message (START_EXEC_QUEUE) received");
+                manager->stop_exec_queue = false;
+                event_queue_start(manager);
+        }
+
+        if (udev_ctrl_get_reload(ctrl_msg) > 0) {
+                log_debug("udevd message (RELOAD) received");
+                manager_reload(manager);
+        }
+
+        str = udev_ctrl_get_set_env(ctrl_msg);
+        if (str != NULL) {
+                _cleanup_free_ char *key = NULL;
+
+                key = strdup(str);
+                if (key) {
+                        char *val;
+
+                        val = strchr(key, '=');
+                        if (val != NULL) {
+                                val[0] = '\0';
+                                val = &val[1];
+                                if (val[0] == '\0') {
+                                        log_debug("udevd message (ENV) received, unset '%s'", key);
+                                        udev_list_entry_add(&manager->properties, key, NULL);
+                                } else {
+                                        log_debug("udevd message (ENV) received, set '%s=%s'", key, val);
+                                        udev_list_entry_add(&manager->properties, key, val);
+                                }
+                        } else
+                                log_error("wrong key format '%s'", key);
+                }
+                manager_kill_workers(manager);
+        }
+
+        i = udev_ctrl_get_set_children_max(ctrl_msg);
+        if (i >= 0) {
+                log_debug("udevd message (SET_MAX_CHILDREN) received, children_max=%i", i);
+                arg_children_max = i;
+        }
+
+        if (udev_ctrl_get_ping(ctrl_msg) > 0)
+                log_debug("udevd message (SYNC) received");
+
+        if (udev_ctrl_get_exit(ctrl_msg) > 0) {
+                log_debug("udevd message (EXIT) received");
+                manager_exit(manager);
+                /* keep reference to block the client until we exit
+                   TODO: deal with several blocking exit requests */
+                manager->ctrl_conn_blocking = udev_ctrl_connection_ref(ctrl_conn);
+        }
+
+        return 1;
+}
+
+static int synthesize_change(struct udev_device *dev) {
+        char filename[UTIL_PATH_SIZE];
+        int r;
+
+        if (streq_ptr("block", udev_device_get_subsystem(dev)) &&
+            streq_ptr("disk", udev_device_get_devtype(dev)) &&
+            !startswith(udev_device_get_sysname(dev), "dm-")) {
+                bool part_table_read = false;
+                bool has_partitions = false;
+                int fd;
+                struct udev *udev = udev_device_get_udev(dev);
+                _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+                struct udev_list_entry *item;
+
+                /*
+                 * Try to re-read the partition table. This only succeeds if
+                 * none of the devices is busy. The kernel returns 0 if no
+                 * partition table is found, and we will not get an event for
+                 * the disk.
+                 */
+                fd = open(udev_device_get_devnode(dev), O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK);
+                if (fd >= 0) {
+                        r = flock(fd, LOCK_EX|LOCK_NB);
+                        if (r >= 0)
+                                r = ioctl(fd, BLKRRPART, 0);
+
+                        close(fd);
+                        if (r >= 0)
+                                part_table_read = true;
+                }
+
+                /* search for partitions */
+                e = udev_enumerate_new(udev);
+                if (!e)
+                        return -ENOMEM;
+
+                r = udev_enumerate_add_match_parent(e, dev);
+                if (r < 0)
+                        return r;
+
+                r = udev_enumerate_add_match_subsystem(e, "block");
+                if (r < 0)
+                        return r;
+
+                r = udev_enumerate_scan_devices(e);
+                if (r < 0)
+                        return r;
+
+                udev_list_entry_foreach(item, udev_enumerate_get_list_entry(e)) {
+                        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+
+                        d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
+                        if (!d)
+                                continue;
+
+                        if (!streq_ptr("partition", udev_device_get_devtype(d)))
+                                continue;
+
+                        has_partitions = true;
+                        break;
+                }
+
+                /*
+                 * We have partitions and re-read the table, the kernel already sent
+                 * out a "change" event for the disk, and "remove/add" for all
+                 * partitions.
+                 */
+                if (part_table_read && has_partitions)
+                        return 0;
+
+                /*
+                 * We have partitions but re-reading the partition table did not
+                 * work, synthesize "change" for the disk and all partitions.
+                 */
+                log_debug("device %s closed, synthesising 'change'", udev_device_get_devnode(dev));
+                strscpyl(filename, sizeof(filename), udev_device_get_syspath(dev), "/uevent", NULL);
+                write_string_file(filename, "change", WRITE_STRING_FILE_CREATE);
+
+                udev_list_entry_foreach(item, udev_enumerate_get_list_entry(e)) {
+                        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+
+                        d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
+                        if (!d)
+                                continue;
+
+                        if (!streq_ptr("partition", udev_device_get_devtype(d)))
+                                continue;
+
+                        log_debug("device %s closed, synthesising partition '%s' 'change'",
+                                  udev_device_get_devnode(dev), udev_device_get_devnode(d));
+                        strscpyl(filename, sizeof(filename), udev_device_get_syspath(d), "/uevent", NULL);
+                        write_string_file(filename, "change", WRITE_STRING_FILE_CREATE);
+                }
+
+                return 0;
+        }
+
+        log_debug("device %s closed, synthesising 'change'", udev_device_get_devnode(dev));
+        strscpyl(filename, sizeof(filename), udev_device_get_syspath(dev), "/uevent", NULL);
+        write_string_file(filename, "change", WRITE_STRING_FILE_CREATE);
+
+        return 0;
+}
+
+static int on_inotify(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Manager *manager = userdata;
+        union inotify_event_buffer buffer;
+        struct inotify_event *e;
+        ssize_t l;
+
+        assert(manager);
+
+        l = read(fd, &buffer, sizeof(buffer));
+        if (l < 0) {
+                if (errno == EAGAIN || errno == EINTR)
+                        return 1;
+
+                return log_error_errno(errno, "Failed to read inotify fd: %m");
+        }
+
+        FOREACH_INOTIFY_EVENT(e, buffer, l) {
+                _cleanup_udev_device_unref_ struct udev_device *dev = NULL;
+
+                dev = udev_watch_lookup(manager->udev, e->wd);
+                if (!dev)
+                        continue;
+
+                log_debug("inotify event: %x for %s", e->mask, udev_device_get_devnode(dev));
+                if (e->mask & IN_CLOSE_WRITE) {
+                        synthesize_change(dev);
+
+                        /* settle might be waiting on us to determine the queue
+                         * state. If we just handled an inotify event, we might have
+                         * generated a "change" event, but we won't have queued up
+                         * the resultant uevent yet. Do that.
+                         */
+                        on_uevent(NULL, -1, 0, manager);
+                } else if (e->mask & IN_IGNORED)
+                        udev_watch_end(manager->udev, dev);
+        }
+
+        return 1;
+}
+
+static int on_sigterm(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        Manager *manager = userdata;
+
+        assert(manager);
+
+        manager_exit(manager);
+
+        return 1;
+}
+
+static int on_sighup(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        Manager *manager = userdata;
+
+        assert(manager);
+
+        manager_reload(manager);
+
+        return 1;
+}
+
+static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        Manager *manager = userdata;
+
+        assert(manager);
+
+        for (;;) {
+                pid_t pid;
+                int status;
+                struct worker *worker;
+
+                pid = waitpid(-1, &status, WNOHANG);
+                if (pid <= 0)
+                        break;
+
+                worker = hashmap_get(manager->workers, PID_TO_PTR(pid));
+                if (!worker) {
+                        log_warning("worker ["PID_FMT"] is unknown, ignoring", pid);
+                        continue;
+                }
+
+                if (WIFEXITED(status)) {
+                        if (WEXITSTATUS(status) == 0)
+                                log_debug("worker ["PID_FMT"] exited", pid);
+                        else
+                                log_warning("worker ["PID_FMT"] exited with return code %i", pid, WEXITSTATUS(status));
+                } else if (WIFSIGNALED(status)) {
+                        log_warning("worker ["PID_FMT"] terminated by signal %i (%s)", pid, WTERMSIG(status), strsignal(WTERMSIG(status)));
+                } else if (WIFSTOPPED(status)) {
+                        log_info("worker ["PID_FMT"] stopped", pid);
+                        continue;
+                } else if (WIFCONTINUED(status)) {
+                        log_info("worker ["PID_FMT"] continued", pid);
+                        continue;
+                } else
+                        log_warning("worker ["PID_FMT"] exit with status 0x%04x", pid, status);
+
+                if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+                        if (worker->event) {
+                                log_error("worker ["PID_FMT"] failed while handling '%s'", pid, worker->event->devpath);
+                                /* delete state from disk */
+                                udev_device_delete_db(worker->event->dev);
+                                udev_device_tag_index(worker->event->dev, NULL, false);
+                                /* forward kernel event without amending it */
+                                udev_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel);
+                        }
+                }
+
+                worker_free(worker);
+        }
+
+        /* we can start new workers, try to schedule events */
+        event_queue_start(manager);
+
+        return 1;
+}
+
+static int on_post(sd_event_source *s, void *userdata) {
+        Manager *manager = userdata;
+        int r;
+
+        assert(manager);
+
+        if (udev_list_node_is_empty(&manager->events)) {
+                /* no pending events */
+                if (!hashmap_isempty(manager->workers)) {
+                        /* there are idle workers */
+                        log_debug("cleanup idle workers");
+                        manager_kill_workers(manager);
+                } else {
+                        /* we are idle */
+                        if (manager->exit) {
+                                r = sd_event_exit(manager->event, 0);
+                                if (r < 0)
+                                        return r;
+                        } else if (manager->cgroup)
+                                /* cleanup possible left-over processes in our cgroup */
+                                cg_kill(SYSTEMD_CGROUP_CONTROLLER, manager->cgroup, SIGKILL, false, true, NULL);
+                }
+        }
+
+        return 1;
+}
+
+static int listen_fds(int *rctrl, int *rnetlink) {
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        int ctrl_fd = -1, netlink_fd = -1;
+        int fd, n, r;
+
+        assert(rctrl);
+        assert(rnetlink);
+
+        n = sd_listen_fds(true);
+        if (n < 0)
+                return n;
+
+        for (fd = SD_LISTEN_FDS_START; fd < n + SD_LISTEN_FDS_START; fd++) {
+                if (sd_is_socket(fd, AF_LOCAL, SOCK_SEQPACKET, -1)) {
+                        if (ctrl_fd >= 0)
+                                return -EINVAL;
+                        ctrl_fd = fd;
+                        continue;
+                }
+
+                if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1)) {
+                        if (netlink_fd >= 0)
+                                return -EINVAL;
+                        netlink_fd = fd;
+                        continue;
+                }
+
+                return -EINVAL;
+        }
+
+        if (ctrl_fd < 0) {
+                _cleanup_udev_ctrl_unref_ struct udev_ctrl *ctrl = NULL;
+
+                udev = udev_new();
+                if (!udev)
+                        return -ENOMEM;
+
+                ctrl = udev_ctrl_new(udev);
+                if (!ctrl)
+                        return log_error_errno(EINVAL, "error initializing udev control socket");
+
+                r = udev_ctrl_enable_receiving(ctrl);
+                if (r < 0)
+                        return log_error_errno(EINVAL, "error binding udev control socket");
+
+                fd = udev_ctrl_get_fd(ctrl);
+                if (fd < 0)
+                        return log_error_errno(EIO, "could not get ctrl fd");
+
+                ctrl_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+                if (ctrl_fd < 0)
+                        return log_error_errno(errno, "could not dup ctrl fd: %m");
+        }
+
+        if (netlink_fd < 0) {
+                _cleanup_udev_monitor_unref_ struct udev_monitor *monitor = NULL;
+
+                if (!udev) {
+                        udev = udev_new();
+                        if (!udev)
+                                return -ENOMEM;
+                }
+
+                monitor = udev_monitor_new_from_netlink(udev, "kernel");
+                if (!monitor)
+                        return log_error_errno(EINVAL, "error initializing netlink socket");
+
+                (void) udev_monitor_set_receive_buffer_size(monitor, 128 * 1024 * 1024);
+
+                r = udev_monitor_enable_receiving(monitor);
+                if (r < 0)
+                        return log_error_errno(EINVAL, "error binding netlink socket");
+
+                fd = udev_monitor_get_fd(monitor);
+                if (fd < 0)
+                        return log_error_errno(netlink_fd, "could not get uevent fd: %m");
+
+                netlink_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+                if (ctrl_fd < 0)
+                        return log_error_errno(errno, "could not dup netlink fd: %m");
+        }
+
+        *rctrl = ctrl_fd;
+        *rnetlink = netlink_fd;
+
+        return 0;
+}
+
+/*
+ * read the kernel command line, in case we need to get into debug mode
+ *   udev.log-priority=<level>                 syslog priority
+ *   udev.children-max=<number of workers>     events are fully serialized if set to 1
+ *   udev.exec-delay=<number of seconds>       delay execution of every executed program
+ *   udev.event-timeout=<number of seconds>    seconds to wait before terminating an event
+ */
+static int parse_proc_cmdline_item(const char *key, const char *value) {
+        const char *full_key = key;
+        int r;
+
+        assert(key);
+
+        if (!value)
+                return 0;
+
+        if (startswith(key, "rd."))
+                key += strlen("rd.");
+
+        if (startswith(key, "udev."))
+                key += strlen("udev.");
+        else
+                return 0;
+
+        if (streq(key, "log-priority")) {
+                int prio;
+
+                prio = util_log_priority(value);
+                if (prio < 0)
+                        goto invalid;
+                log_set_max_level(prio);
+        } else if (streq(key, "children-max")) {
+                r = safe_atou(value, &arg_children_max);
+                if (r < 0)
+                        goto invalid;
+        } else if (streq(key, "exec-delay")) {
+                r = safe_atoi(value, &arg_exec_delay);
+                if (r < 0)
+                        goto invalid;
+        } else if (streq(key, "event-timeout")) {
+                r = safe_atou64(value, &arg_event_timeout_usec);
+                if (r < 0)
+                        goto invalid;
+                arg_event_timeout_usec *= USEC_PER_SEC;
+                arg_event_timeout_warn_usec = (arg_event_timeout_usec / 3) ? : 1;
+        }
+
+        return 0;
+invalid:
+        log_warning("invalid %s ignored: %s", full_key, value);
+        return 0;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...]\n\n"
+               "Manages devices.\n\n"
+               "  -h --help                   Print this message\n"
+               "     --version                Print version of the program\n"
+               "     --daemon                 Detach and run in the background\n"
+               "     --debug                  Enable debug output\n"
+               "     --children-max=INT       Set maximum number of workers\n"
+               "     --exec-delay=SECONDS     Seconds to wait before executing RUN=\n"
+               "     --event-timeout=SECONDS  Seconds to wait before terminating an event\n"
+               "     --resolve-names=early|late|never\n"
+               "                              When to resolve users and groups\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        static const struct option options[] = {
+                { "daemon",             no_argument,            NULL, 'd' },
+                { "debug",              no_argument,            NULL, 'D' },
+                { "children-max",       required_argument,      NULL, 'c' },
+                { "exec-delay",         required_argument,      NULL, 'e' },
+                { "event-timeout",      required_argument,      NULL, 't' },
+                { "resolve-names",      required_argument,      NULL, 'N' },
+                { "help",               no_argument,            NULL, 'h' },
+                { "version",            no_argument,            NULL, 'V' },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "c:de:Dt:N:hV", options, NULL)) >= 0) {
+                int r;
+
+                switch (c) {
+
+                case 'd':
+                        arg_daemonize = true;
+                        break;
+                case 'c':
+                        r = safe_atou(optarg, &arg_children_max);
+                        if (r < 0)
+                                log_warning("Invalid --children-max ignored: %s", optarg);
+                        break;
+                case 'e':
+                        r = safe_atoi(optarg, &arg_exec_delay);
+                        if (r < 0)
+                                log_warning("Invalid --exec-delay ignored: %s", optarg);
+                        break;
+                case 't':
+                        r = safe_atou64(optarg, &arg_event_timeout_usec);
+                        if (r < 0)
+                                log_warning("Invalid --event-timeout ignored: %s", optarg);
+                        else {
+                                arg_event_timeout_usec *= USEC_PER_SEC;
+                                arg_event_timeout_warn_usec = (arg_event_timeout_usec / 3) ? : 1;
+                        }
+                        break;
+                case 'D':
+                        arg_debug = true;
+                        break;
+                case 'N':
+                        if (streq(optarg, "early")) {
+                                arg_resolve_names = 1;
+                        } else if (streq(optarg, "late")) {
+                                arg_resolve_names = 0;
+                        } else if (streq(optarg, "never")) {
+                                arg_resolve_names = -1;
+                        } else {
+                                log_error("resolve-names must be early, late or never");
+                                return 0;
+                        }
+                        break;
+                case 'h':
+                        help();
+                        return 0;
+                case 'V':
+                        printf("%s\n", VERSION);
+                        return 0;
+                case '?':
+                        return -EINVAL;
+                default:
+                        assert_not_reached("Unhandled option");
+
+                }
+        }
+
+        return 1;
+}
+
+static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cgroup) {
+        _cleanup_(manager_freep) Manager *manager = NULL;
+        int r, fd_worker, one = 1;
+
+        assert(ret);
+        assert(fd_ctrl >= 0);
+        assert(fd_uevent >= 0);
+
+        manager = new0(Manager, 1);
+        if (!manager)
+                return log_oom();
+
+        manager->fd_inotify = -1;
+        manager->worker_watch[WRITE_END] = -1;
+        manager->worker_watch[READ_END] = -1;
+
+        manager->udev = udev_new();
+        if (!manager->udev)
+                return log_error_errno(errno, "could not allocate udev context: %m");
+
+        udev_builtin_init(manager->udev);
+
+        manager->rules = udev_rules_new(manager->udev, arg_resolve_names);
+        if (!manager->rules)
+                return log_error_errno(ENOMEM, "error reading rules");
+
+        udev_list_node_init(&manager->events);
+        udev_list_init(manager->udev, &manager->properties, true);
+
+        manager->cgroup = cgroup;
+
+        manager->ctrl = udev_ctrl_new_from_fd(manager->udev, fd_ctrl);
+        if (!manager->ctrl)
+                return log_error_errno(EINVAL, "error taking over udev control socket");
+
+        manager->monitor = udev_monitor_new_from_netlink_fd(manager->udev, "kernel", fd_uevent);
+        if (!manager->monitor)
+                return log_error_errno(EINVAL, "error taking over netlink socket");
+
+        /* unnamed socket from workers to the main daemon */
+        r = socketpair(AF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0, manager->worker_watch);
+        if (r < 0)
+                return log_error_errno(errno, "error creating socketpair: %m");
+
+        fd_worker = manager->worker_watch[READ_END];
+
+        r = setsockopt(fd_worker, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
+        if (r < 0)
+                return log_error_errno(errno, "could not enable SO_PASSCRED: %m");
+
+        manager->fd_inotify = udev_watch_init(manager->udev);
+        if (manager->fd_inotify < 0)
+                return log_error_errno(ENOMEM, "error initializing inotify");
+
+        udev_watch_restore(manager->udev);
+
+        /* block and listen to all signals on signalfd */
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, SIGHUP, SIGCHLD, -1) >= 0);
+
+        r = sd_event_default(&manager->event);
+        if (r < 0)
+                return log_error_errno(r, "could not allocate event loop: %m");
+
+        r = sd_event_add_signal(manager->event, NULL, SIGINT, on_sigterm, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating sigint event source: %m");
+
+        r = sd_event_add_signal(manager->event, NULL, SIGTERM, on_sigterm, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating sigterm event source: %m");
+
+        r = sd_event_add_signal(manager->event, NULL, SIGHUP, on_sighup, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating sighup event source: %m");
+
+        r = sd_event_add_signal(manager->event, NULL, SIGCHLD, on_sigchld, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating sigchld event source: %m");
+
+        r = sd_event_set_watchdog(manager->event, true);
+        if (r < 0)
+                return log_error_errno(r, "error creating watchdog event source: %m");
+
+        r = sd_event_add_io(manager->event, &manager->ctrl_event, fd_ctrl, EPOLLIN, on_ctrl_msg, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating ctrl event source: %m");
+
+        /* This needs to be after the inotify and uevent handling, to make sure
+         * that the ping is send back after fully processing the pending uevents
+         * (including the synthetic ones we may create due to inotify events).
+         */
+        r = sd_event_source_set_priority(manager->ctrl_event, SD_EVENT_PRIORITY_IDLE);
+        if (r < 0)
+                return log_error_errno(r, "cold not set IDLE event priority for ctrl event source: %m");
+
+        r = sd_event_add_io(manager->event, &manager->inotify_event, manager->fd_inotify, EPOLLIN, on_inotify, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating inotify event source: %m");
+
+        r = sd_event_add_io(manager->event, &manager->uevent_event, fd_uevent, EPOLLIN, on_uevent, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating uevent event source: %m");
+
+        r = sd_event_add_io(manager->event, NULL, fd_worker, EPOLLIN, on_worker, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating worker event source: %m");
+
+        r = sd_event_add_post(manager->event, NULL, on_post, manager);
+        if (r < 0)
+                return log_error_errno(r, "error creating post event source: %m");
+
+        *ret = manager;
+        manager = NULL;
+
+        return 0;
+}
+
+static int run(int fd_ctrl, int fd_uevent, const char *cgroup) {
+        _cleanup_(manager_freep) Manager *manager = NULL;
+        int r;
+
+        r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup);
+        if (r < 0) {
+                r = log_error_errno(r, "failed to allocate manager object: %m");
+                goto exit;
+        }
+
+        r = udev_rules_apply_static_dev_perms(manager->rules);
+        if (r < 0)
+                log_error_errno(r, "failed to apply permissions on static device nodes: %m");
+
+        (void) sd_notify(false,
+                         "READY=1\n"
+                         "STATUS=Processing...");
+
+        r = sd_event_loop(manager->event);
+        if (r < 0) {
+                log_error_errno(r, "event loop failed: %m");
+                goto exit;
+        }
+
+        sd_event_get_exit_code(manager->event, &r);
+
+exit:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Shutting down...");
+        if (manager)
+                udev_ctrl_cleanup(manager->ctrl);
+        return r;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_free_ char *cgroup = NULL;
+        int fd_ctrl = -1, fd_uevent = -1;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto exit;
+
+        r = parse_proc_cmdline(parse_proc_cmdline_item);
+        if (r < 0)
+                log_warning_errno(r, "failed to parse kernel command line, ignoring: %m");
+
+        if (arg_debug) {
+                log_set_target(LOG_TARGET_CONSOLE);
+                log_set_max_level(LOG_DEBUG);
+        }
+
+        if (getuid() != 0) {
+                r = log_error_errno(EPERM, "root privileges required");
+                goto exit;
+        }
+
+        if (arg_children_max == 0) {
+                cpu_set_t cpu_set;
+
+                arg_children_max = 8;
+
+                if (sched_getaffinity(0, sizeof(cpu_set), &cpu_set) == 0)
+                        arg_children_max += CPU_COUNT(&cpu_set) * 2;
+
+                log_debug("set children_max to %u", arg_children_max);
+        }
+
+        /* set umask before creating any file/directory */
+        r = chdir("/");
+        if (r < 0) {
+                r = log_error_errno(errno, "could not change dir to /: %m");
+                goto exit;
+        }
+
+        umask(022);
+
+        r = mac_selinux_init();
+        if (r < 0) {
+                log_error_errno(r, "could not initialize labelling: %m");
+                goto exit;
+        }
+
+        r = mkdir("/run/udev", 0755);
+        if (r < 0 && errno != EEXIST) {
+                r = log_error_errno(errno, "could not create /run/udev: %m");
+                goto exit;
+        }
+
+        dev_setup(NULL, UID_INVALID, GID_INVALID);
+
+        if (getppid() == 1) {
+                /* get our own cgroup, we regularly kill everything udev has left behind
+                   we only do this on systemd systems, and only if we are directly spawned
+                   by PID1. otherwise we are not guaranteed to have a dedicated cgroup */
+                r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup);
+                if (r < 0) {
+                        if (r == -ENOENT || r == -ENOMEDIUM)
+                                log_debug_errno(r, "did not find dedicated cgroup: %m");
+                        else
+                                log_warning_errno(r, "failed to get cgroup: %m");
+                }
+        }
+
+        r = listen_fds(&fd_ctrl, &fd_uevent);
+        if (r < 0) {
+                r = log_error_errno(r, "could not listen on fds: %m");
+                goto exit;
+        }
+
+        if (arg_daemonize) {
+                pid_t pid;
+
+                log_info("starting version " VERSION);
+
+                /* connect /dev/null to stdin, stdout, stderr */
+                if (log_get_max_level() < LOG_DEBUG)
+                        (void) make_null_stdio();
+
+                pid = fork();
+                switch (pid) {
+                case 0:
+                        break;
+                case -1:
+                        r = log_error_errno(errno, "fork of daemon failed: %m");
+                        goto exit;
+                default:
+                        mac_selinux_finish();
+                        log_close();
+                        _exit(EXIT_SUCCESS);
+                }
+
+                setsid();
+
+                write_string_file("/proc/self/oom_score_adj", "-1000", 0);
+        }
+
+        r = run(fd_ctrl, fd_uevent, cgroup);
+
+exit:
+        mac_selinux_finish();
+        log_close();
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-udev/udevadm/Makefile b/src/grp-udev/udevadm/Makefile
new file mode 100644
index 0000000000..ba3b466935
--- /dev/null
+++ b/src/grp-udev/udevadm/Makefile
@@ -0,0 +1,45 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += \
+	udevadm
+
+udevadm_SOURCES = \
+	src/udev/udevadm.c \
+	src/udev/udevadm-info.c \
+	src/udev/udevadm-control.c \
+	src/udev/udevadm-monitor.c \
+	src/udev/udevadm-hwdb.c \
+	src/udev/udevadm-settle.c \
+	src/udev/udevadm-trigger.c \
+	src/udev/udevadm-test.c \
+	src/udev/udevadm-test-builtin.c \
+	src/udev/udevadm-util.c \
+	src/udev/udevadm-util.h
+
+udevadm_LDADD = \
+	libudev-core.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/udevadm-control.c b/src/grp-udev/udevadm/udevadm-control.c
index 989decbe95..989decbe95 100644
--- a/src/udev/udevadm-control.c
+++ b/src/grp-udev/udevadm/udevadm-control.c
diff --git a/src/udev/udevadm-hwdb.c b/src/grp-udev/udevadm/udevadm-hwdb.c
index 948ad0f5a5..948ad0f5a5 100644
--- a/src/udev/udevadm-hwdb.c
+++ b/src/grp-udev/udevadm/udevadm-hwdb.c
diff --git a/src/udev/udevadm-info.c b/src/grp-udev/udevadm/udevadm-info.c
index 7182668f23..7182668f23 100644
--- a/src/udev/udevadm-info.c
+++ b/src/grp-udev/udevadm/udevadm-info.c
diff --git a/src/udev/udevadm-monitor.c b/src/grp-udev/udevadm/udevadm-monitor.c
index c0ef073476..c0ef073476 100644
--- a/src/udev/udevadm-monitor.c
+++ b/src/grp-udev/udevadm/udevadm-monitor.c
diff --git a/src/udev/udevadm-settle.c b/src/grp-udev/udevadm/udevadm-settle.c
index 6a5dc6e9e4..6a5dc6e9e4 100644
--- a/src/udev/udevadm-settle.c
+++ b/src/grp-udev/udevadm/udevadm-settle.c
diff --git a/src/udev/udevadm-test-builtin.c b/src/grp-udev/udevadm/udevadm-test-builtin.c
index 0b180d03eb..0b180d03eb 100644
--- a/src/udev/udevadm-test-builtin.c
+++ b/src/grp-udev/udevadm/udevadm-test-builtin.c
diff --git a/src/udev/udevadm-test.c b/src/grp-udev/udevadm/udevadm-test.c
index 702dbe5282..702dbe5282 100644
--- a/src/udev/udevadm-test.c
+++ b/src/grp-udev/udevadm/udevadm-test.c
diff --git a/src/udev/udevadm-trigger.c b/src/grp-udev/udevadm/udevadm-trigger.c
index 9d52345d92..9d52345d92 100644
--- a/src/udev/udevadm-trigger.c
+++ b/src/grp-udev/udevadm/udevadm-trigger.c
diff --git a/src/udev/udevadm-util.c b/src/grp-udev/udevadm/udevadm-util.c
index 3539c1d6ab..3539c1d6ab 100644
--- a/src/udev/udevadm-util.c
+++ b/src/grp-udev/udevadm/udevadm-util.c
diff --git a/src/udev/udevadm-util.h b/src/grp-udev/udevadm/udevadm-util.h
index dc712b0d93..dc712b0d93 100644
--- a/src/udev/udevadm-util.h
+++ b/src/grp-udev/udevadm/udevadm-util.h
diff --git a/src/udev/udevadm.c b/src/grp-udev/udevadm/udevadm.c
index a6a873e5de..a6a873e5de 100644
--- a/src/udev/udevadm.c
+++ b/src/grp-udev/udevadm/udevadm.c
diff --git a/src/grp-udev/v4l_id/Makefile b/src/grp-udev/v4l_id/Makefile
new file mode 100644
index 0000000000..0641af8065
--- /dev/null
+++ b/src/grp-udev/v4l_id/Makefile
@@ -0,0 +1,38 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+v4l_id_SOURCES = \
+	src/udev/v4l_id/v4l_id.c
+
+v4l_id_LDADD = \
+	libshared.la
+
+udevlibexec_PROGRAMS += \
+	v4l_id
+
+dist_udevrules_DATA += \
+	rules/60-persistent-v4l.rules
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/udev/v4l_id/v4l_id.c b/src/grp-udev/v4l_id/v4l_id.c
index aec6676a33..aec6676a33 100644
--- a/src/udev/v4l_id/v4l_id.c
+++ b/src/grp-udev/v4l_id/v4l_id.c
diff --git a/src/hibernate-resume/Makefile b/src/hibernate-resume/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/hibernate-resume/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/hostname/Makefile b/src/hostname/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/hostname/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c
deleted file mode 100644
index c16a324232..0000000000
--- a/src/hostname/hostnamectl.c
+++ /dev/null
@@ -1,529 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-#include <locale.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "sd-bus.h"
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "architecture.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "hostname-util.h"
-#include "spawn-polkit-agent.h"
-#include "util.h"
-
-static bool arg_ask_password = true;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static char *arg_host = NULL;
-static bool arg_transient = false;
-static bool arg_pretty = false;
-static bool arg_static = false;
-
-static void polkit_agent_open_if_enabled(void) {
-
-        /* Open the polkit agent as a child process if necessary */
-        if (!arg_ask_password)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        polkit_agent_open();
-}
-
-typedef struct StatusInfo {
-        char *hostname;
-        char *static_hostname;
-        char *pretty_hostname;
-        char *icon_name;
-        char *chassis;
-        char *deployment;
-        char *location;
-        char *kernel_name;
-        char *kernel_release;
-        char *os_pretty_name;
-        char *os_cpe_name;
-        char *virtualization;
-        char *architecture;
-} StatusInfo;
-
-static void print_status_info(StatusInfo *i) {
-        sd_id128_t mid = {}, bid = {};
-        int r;
-
-        assert(i);
-
-        printf("   Static hostname: %s\n", strna(i->static_hostname));
-
-        if (!isempty(i->pretty_hostname) &&
-            !streq_ptr(i->pretty_hostname, i->static_hostname))
-                printf("   Pretty hostname: %s\n", i->pretty_hostname);
-
-        if (!isempty(i->hostname) &&
-            !streq_ptr(i->hostname, i->static_hostname))
-                printf("Transient hostname: %s\n", i->hostname);
-
-        if (!isempty(i->icon_name))
-                printf("         Icon name: %s\n",
-                       strna(i->icon_name));
-
-        if (!isempty(i->chassis))
-                printf("           Chassis: %s\n",
-                       strna(i->chassis));
-
-        if (!isempty(i->deployment))
-                printf("        Deployment: %s\n", i->deployment);
-
-        if (!isempty(i->location))
-                printf("          Location: %s\n", i->location);
-
-        r = sd_id128_get_machine(&mid);
-        if (r >= 0)
-                printf("        Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(mid));
-
-        r = sd_id128_get_boot(&bid);
-        if (r >= 0)
-                printf("           Boot ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(bid));
-
-        if (!isempty(i->virtualization))
-                printf("    Virtualization: %s\n", i->virtualization);
-
-        if (!isempty(i->os_pretty_name))
-                printf("  Operating System: %s\n", i->os_pretty_name);
-
-        if (!isempty(i->os_cpe_name))
-                printf("       CPE OS Name: %s\n", i->os_cpe_name);
-
-        if (!isempty(i->kernel_name) && !isempty(i->kernel_release))
-                printf("            Kernel: %s %s\n", i->kernel_name, i->kernel_release);
-
-        if (!isempty(i->architecture))
-                printf("      Architecture: %s\n", i->architecture);
-
-}
-
-static int show_one_name(sd_bus *bus, const char* attr) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *s;
-        int r;
-
-        r = sd_bus_get_property(
-                        bus,
-                        "org.freedesktop.hostname1",
-                        "/org/freedesktop/hostname1",
-                        "org.freedesktop.hostname1",
-                        attr,
-                        &error, &reply, "s");
-        if (r < 0) {
-                log_error("Could not get property: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "s", &s);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        printf("%s\n", s);
-
-        return 0;
-}
-
-static int show_all_names(sd_bus *bus) {
-        StatusInfo info = {};
-
-        static const struct bus_properties_map hostname_map[]  = {
-                { "Hostname",                  "s", NULL, offsetof(StatusInfo, hostname)        },
-                { "StaticHostname",            "s", NULL, offsetof(StatusInfo, static_hostname) },
-                { "PrettyHostname",            "s", NULL, offsetof(StatusInfo, pretty_hostname) },
-                { "IconName",                  "s", NULL, offsetof(StatusInfo, icon_name)       },
-                { "Chassis",                   "s", NULL, offsetof(StatusInfo, chassis)         },
-                { "Deployment",                "s", NULL, offsetof(StatusInfo, deployment)      },
-                { "Location",                  "s", NULL, offsetof(StatusInfo, location)        },
-                { "KernelName",                "s", NULL, offsetof(StatusInfo, kernel_name)     },
-                { "KernelRelease",             "s", NULL, offsetof(StatusInfo, kernel_release)  },
-                { "OperatingSystemPrettyName", "s", NULL, offsetof(StatusInfo, os_pretty_name)  },
-                { "OperatingSystemCPEName",    "s", NULL, offsetof(StatusInfo, os_cpe_name)     },
-                {}
-        };
-
-        static const struct bus_properties_map manager_map[] = {
-                { "Virtualization",            "s", NULL, offsetof(StatusInfo, virtualization)  },
-                { "Architecture",              "s", NULL, offsetof(StatusInfo, architecture)    },
-                {}
-        };
-
-        int r;
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.hostname1",
-                                   "/org/freedesktop/hostname1",
-                                   hostname_map,
-                                   &info);
-        if (r < 0)
-                goto fail;
-
-        bus_map_all_properties(bus,
-                               "org.freedesktop.systemd1",
-                               "/org/freedesktop/systemd1",
-                               manager_map,
-                               &info);
-
-        print_status_info(&info);
-
-fail:
-        free(info.hostname);
-        free(info.static_hostname);
-        free(info.pretty_hostname);
-        free(info.icon_name);
-        free(info.chassis);
-        free(info.deployment);
-        free(info.location);
-        free(info.kernel_name);
-        free(info.kernel_release);
-        free(info.os_pretty_name);
-        free(info.os_cpe_name);
-        free(info.virtualization);
-        free(info.architecture);
-
-        return r;
-}
-
-static int show_status(sd_bus *bus, char **args, unsigned n) {
-        assert(args);
-
-        if (arg_pretty || arg_static || arg_transient) {
-                const char *attr;
-
-                if (!!arg_static + !!arg_pretty + !!arg_transient > 1) {
-                        log_error("Cannot query more than one name type at a time");
-                        return -EINVAL;
-                }
-
-                attr = arg_pretty ? "PrettyHostname" :
-                        arg_static ? "StaticHostname" : "Hostname";
-
-                return show_one_name(bus, attr);
-        } else
-                return show_all_names(bus);
-}
-
-static int set_simple_string(sd_bus *bus, const char *method, const char *value) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r = 0;
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.hostname1",
-                        "/org/freedesktop/hostname1",
-                        "org.freedesktop.hostname1",
-                        method,
-                        &error, NULL,
-                        "sb", value, arg_ask_password);
-        if (r < 0)
-                log_error("Could not set property: %s", bus_error_message(&error, -r));
-        return r;
-}
-
-static int set_hostname(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_free_ char *h = NULL;
-        char *hostname = args[1];
-        int r;
-
-        assert(args);
-        assert(n == 2);
-
-        if (!arg_pretty && !arg_static && !arg_transient)
-                arg_pretty = arg_static = arg_transient = true;
-
-        if (arg_pretty) {
-                const char *p;
-
-                /* If the passed hostname is already valid, then
-                 * assume the user doesn't know anything about pretty
-                 * hostnames, so let's unset the pretty hostname, and
-                 * just set the passed hostname as static/dynamic
-                 * hostname. */
-
-                if (arg_static && hostname_is_valid(hostname, true)) {
-                        p = "";
-                        /* maybe get rid of trailing dot */
-                        hostname = hostname_cleanup(hostname);
-                } else {
-                        p = h = strdup(hostname);
-                        if (!p)
-                                return log_oom();
-
-                        hostname_cleanup(hostname);
-                }
-
-                r = set_simple_string(bus, "SetPrettyHostname", p);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_static) {
-                r = set_simple_string(bus, "SetStaticHostname", hostname);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_transient) {
-                r = set_simple_string(bus, "SetHostname", hostname);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int set_icon_name(sd_bus *bus, char **args, unsigned n) {
-        assert(args);
-        assert(n == 2);
-
-        return set_simple_string(bus, "SetIconName", args[1]);
-}
-
-static int set_chassis(sd_bus *bus, char **args, unsigned n) {
-        assert(args);
-        assert(n == 2);
-
-        return set_simple_string(bus, "SetChassis", args[1]);
-}
-
-static int set_deployment(sd_bus *bus, char **args, unsigned n) {
-        assert(args);
-        assert(n == 2);
-
-        return set_simple_string(bus, "SetDeployment", args[1]);
-}
-
-static int set_location(sd_bus *bus, char **args, unsigned n) {
-        assert(args);
-        assert(n == 2);
-
-        return set_simple_string(bus, "SetLocation", args[1]);
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] COMMAND ...\n\n"
-               "Query or change system hostname.\n\n"
-               "  -h --help              Show this help\n"
-               "     --version           Show package version\n"
-               "     --no-ask-password   Do not prompt for password\n"
-               "  -H --host=[USER@]HOST  Operate on remote host\n"
-               "  -M --machine=CONTAINER Operate on local container\n"
-               "     --transient         Only set transient hostname\n"
-               "     --static            Only set static hostname\n"
-               "     --pretty            Only set pretty hostname\n\n"
-               "Commands:\n"
-               "  status                 Show current hostname settings\n"
-               "  set-hostname NAME      Set system hostname\n"
-               "  set-icon-name NAME     Set icon name for host\n"
-               "  set-chassis NAME       Set chassis type for host\n"
-               "  set-deployment NAME    Set deployment environment for host\n"
-               "  set-location NAME      Set location for host\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_ASK_PASSWORD,
-                ARG_TRANSIENT,
-                ARG_STATIC,
-                ARG_PRETTY
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'                 },
-                { "version",         no_argument,       NULL, ARG_VERSION         },
-                { "transient",       no_argument,       NULL, ARG_TRANSIENT       },
-                { "static",          no_argument,       NULL, ARG_STATIC          },
-                { "pretty",          no_argument,       NULL, ARG_PRETTY          },
-                { "host",            required_argument, NULL, 'H'                 },
-                { "machine",         required_argument, NULL, 'M'                 },
-                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case ARG_TRANSIENT:
-                        arg_transient = true;
-                        break;
-
-                case ARG_PRETTY:
-                        arg_pretty = true;
-                        break;
-
-                case ARG_STATIC:
-                        arg_static = true;
-                        break;
-
-                case ARG_NO_ASK_PASSWORD:
-                        arg_ask_password = false;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int hostnamectl_main(sd_bus *bus, int argc, char *argv[]) {
-
-        static const struct {
-                const char* verb;
-                const enum {
-                        MORE,
-                        LESS,
-                        EQUAL
-                } argc_cmp;
-                const int argc;
-                int (* const dispatch)(sd_bus *bus, char **args, unsigned n);
-        } verbs[] = {
-                { "status",           LESS,  1, show_status    },
-                { "set-hostname",     EQUAL, 2, set_hostname   },
-                { "set-icon-name",    EQUAL, 2, set_icon_name  },
-                { "set-chassis",      EQUAL, 2, set_chassis    },
-                { "set-deployment",   EQUAL, 2, set_deployment },
-                { "set-location",     EQUAL, 2, set_location   },
-        };
-
-        int left;
-        unsigned i;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        left = argc - optind;
-
-        if (left <= 0)
-                /* Special rule: no arguments means "status" */
-                i = 0;
-        else {
-                if (streq(argv[optind], "help")) {
-                        help();
-                        return 0;
-                }
-
-                for (i = 0; i < ELEMENTSOF(verbs); i++)
-                        if (streq(argv[optind], verbs[i].verb))
-                                break;
-
-                if (i >= ELEMENTSOF(verbs)) {
-                        log_error("Unknown operation %s", argv[optind]);
-                        return -EINVAL;
-                }
-        }
-
-        switch (verbs[i].argc_cmp) {
-
-        case EQUAL:
-                if (left != verbs[i].argc) {
-                        log_error("Invalid number of arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        case MORE:
-                if (left < verbs[i].argc) {
-                        log_error("Too few arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        case LESS:
-                if (left > verbs[i].argc) {
-                        log_error("Too many arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        default:
-                assert_not_reached("Unknown comparison operator.");
-        }
-
-        return verbs[i].dispatch(bus, argv + optind, left);
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create bus connection: %m");
-                goto finish;
-        }
-
-        r = hostnamectl_main(bus, argc, argv);
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/hwdb/Makefile b/src/hwdb/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/hwdb/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/import/Makefile b/src/import/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/import/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/import/curl-util.h b/src/import/curl-util.h
deleted file mode 100644
index a758cc5640..0000000000
--- a/src/import/curl-util.h
+++ /dev/null
@@ -1,56 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <curl/curl.h>
-#include <sys/types.h>
-
-#include "sd-event.h"
-
-#include "hashmap.h"
-
-typedef struct CurlGlue CurlGlue;
-
-struct CurlGlue {
-        sd_event *event;
-        CURLM *curl;
-        sd_event_source *timer;
-        Hashmap *ios;
-        Hashmap *translate_fds;
-
-        void (*on_finished)(CurlGlue *g, CURL *curl, CURLcode code);
-        void *userdata;
-};
-
-int curl_glue_new(CurlGlue **glue, sd_event *event);
-CurlGlue* curl_glue_unref(CurlGlue *glue);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(CurlGlue*, curl_glue_unref);
-
-int curl_glue_make(CURL **ret, const char *url, void *userdata);
-int curl_glue_add(CurlGlue *g, CURL *c);
-void curl_glue_remove_and_free(CurlGlue *g, CURL *c);
-
-struct curl_slist *curl_slist_new(const char *first, ...) _sentinel_;
-int curl_header_strdup(const void *contents, size_t sz, const char *field, char **value);
-int curl_parse_http_time(const char *t, usec_t *ret);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(CURL*, curl_easy_cleanup);
-DEFINE_TRIVIAL_CLEANUP_FUNC(struct curl_slist*, curl_slist_free_all);
diff --git a/src/import/export-raw.c b/src/import/export-raw.c
deleted file mode 100644
index db06e11b87..0000000000
--- a/src/import/export-raw.c
+++ /dev/null
@@ -1,352 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sys/sendfile.h>
-
-/* When we include libgen.h because we need dirname() we immediately
- * undefine basename() since libgen.h defines it as a macro to the POSIX
- * version which is really broken. We prefer GNU basename(). */
-#include <libgen.h>
-#undef basename
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "copy.h"
-#include "export-raw.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "import-common.h"
-#include "ratelimit.h"
-#include "string-util.h"
-#include "util.h"
-
-#define COPY_BUFFER_SIZE (16*1024)
-
-struct RawExport {
-        sd_event *event;
-
-        RawExportFinished on_finished;
-        void *userdata;
-
-        char *path;
-
-        int input_fd;
-        int output_fd;
-
-        ImportCompress compress;
-
-        sd_event_source *output_event_source;
-
-        void *buffer;
-        size_t buffer_size;
-        size_t buffer_allocated;
-
-        uint64_t written_compressed;
-        uint64_t written_uncompressed;
-
-        unsigned last_percent;
-        RateLimit progress_rate_limit;
-
-        struct stat st;
-
-        bool eof;
-        bool tried_reflink;
-        bool tried_sendfile;
-};
-
-RawExport *raw_export_unref(RawExport *e) {
-        if (!e)
-                return NULL;
-
-        sd_event_source_unref(e->output_event_source);
-
-        import_compress_free(&e->compress);
-
-        sd_event_unref(e->event);
-
-        safe_close(e->input_fd);
-
-        free(e->buffer);
-        free(e->path);
-        free(e);
-
-        return NULL;
-}
-
-int raw_export_new(
-                RawExport **ret,
-                sd_event *event,
-                RawExportFinished on_finished,
-                void *userdata) {
-
-        _cleanup_(raw_export_unrefp) RawExport *e = NULL;
-        int r;
-
-        assert(ret);
-
-        e = new0(RawExport, 1);
-        if (!e)
-                return -ENOMEM;
-
-        e->output_fd = e->input_fd = -1;
-        e->on_finished = on_finished;
-        e->userdata = userdata;
-
-        RATELIMIT_INIT(e->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
-        e->last_percent = (unsigned) -1;
-
-        if (event)
-                e->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&e->event);
-                if (r < 0)
-                        return r;
-        }
-
-        *ret = e;
-        e = NULL;
-
-        return 0;
-}
-
-static void raw_export_report_progress(RawExport *e) {
-        unsigned percent;
-        assert(e);
-
-        if (e->written_uncompressed >= (uint64_t) e->st.st_size)
-                percent = 100;
-        else
-                percent = (unsigned) ((e->written_uncompressed * UINT64_C(100)) / (uint64_t) e->st.st_size);
-
-        if (percent == e->last_percent)
-                return;
-
-        if (!ratelimit_test(&e->progress_rate_limit))
-                return;
-
-        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
-        log_info("Exported %u%%.", percent);
-
-        e->last_percent = percent;
-}
-
-static int raw_export_process(RawExport *e) {
-        ssize_t l;
-        int r;
-
-        assert(e);
-
-        if (!e->tried_reflink && e->compress.type == IMPORT_COMPRESS_UNCOMPRESSED) {
-
-                /* If we shall take an uncompressed snapshot we can
-                 * reflink source to destination directly. Let's see
-                 * if this works. */
-
-                r = btrfs_reflink(e->input_fd, e->output_fd);
-                if (r >= 0) {
-                        r = 0;
-                        goto finish;
-                }
-
-                e->tried_reflink = true;
-        }
-
-        if (!e->tried_sendfile && e->compress.type == IMPORT_COMPRESS_UNCOMPRESSED) {
-
-                l = sendfile(e->output_fd, e->input_fd, NULL, COPY_BUFFER_SIZE);
-                if (l < 0) {
-                        if (errno == EAGAIN)
-                                return 0;
-
-                        e->tried_sendfile = true;
-                } else if (l == 0) {
-                        r = 0;
-                        goto finish;
-                } else {
-                        e->written_uncompressed += l;
-                        e->written_compressed += l;
-
-                        raw_export_report_progress(e);
-
-                        return 0;
-                }
-        }
-
-        while (e->buffer_size <= 0) {
-                uint8_t input[COPY_BUFFER_SIZE];
-
-                if (e->eof) {
-                        r = 0;
-                        goto finish;
-                }
-
-                l = read(e->input_fd, input, sizeof(input));
-                if (l < 0) {
-                        r = log_error_errno(errno, "Failed to read raw file: %m");
-                        goto finish;
-                }
-
-                if (l == 0) {
-                        e->eof = true;
-                        r = import_compress_finish(&e->compress, &e->buffer, &e->buffer_size, &e->buffer_allocated);
-                } else {
-                        e->written_uncompressed += l;
-                        r = import_compress(&e->compress, input, l, &e->buffer, &e->buffer_size, &e->buffer_allocated);
-                }
-                if (r < 0) {
-                        r = log_error_errno(r, "Failed to encode: %m");
-                        goto finish;
-                }
-        }
-
-        l = write(e->output_fd, e->buffer, e->buffer_size);
-        if (l < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                r = log_error_errno(errno, "Failed to write output file: %m");
-                goto finish;
-        }
-
-        assert((size_t) l <= e->buffer_size);
-        memmove(e->buffer, (uint8_t*) e->buffer + l, e->buffer_size - l);
-        e->buffer_size -= l;
-        e->written_compressed += l;
-
-        raw_export_report_progress(e);
-
-        return 0;
-
-finish:
-        if (r >= 0) {
-                (void) copy_times(e->input_fd, e->output_fd);
-                (void) copy_xattr(e->input_fd, e->output_fd);
-        }
-
-        if (e->on_finished)
-                e->on_finished(e, r, e->userdata);
-        else
-                sd_event_exit(e->event, r);
-
-        return 0;
-}
-
-static int raw_export_on_output(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        RawExport *i = userdata;
-
-        return raw_export_process(i);
-}
-
-static int raw_export_on_defer(sd_event_source *s, void *userdata) {
-        RawExport *i = userdata;
-
-        return raw_export_process(i);
-}
-
-static int reflink_snapshot(int fd, const char *path) {
-        char *p, *d;
-        int new_fd, r;
-
-        p = strdupa(path);
-        d = dirname(p);
-
-        new_fd = open(d, O_TMPFILE|O_CLOEXEC|O_NOCTTY|O_RDWR, 0600);
-        if (new_fd < 0) {
-                _cleanup_free_ char *t = NULL;
-
-                r = tempfn_random(path, NULL, &t);
-                if (r < 0)
-                        return r;
-
-                new_fd = open(t, O_CLOEXEC|O_CREAT|O_NOCTTY|O_RDWR, 0600);
-                if (new_fd < 0)
-                        return -errno;
-
-                (void) unlink(t);
-        }
-
-        r = btrfs_reflink(fd, new_fd);
-        if (r < 0) {
-                safe_close(new_fd);
-                return r;
-        }
-
-        return new_fd;
-}
-
-int raw_export_start(RawExport *e, const char *path, int fd, ImportCompressType compress) {
-        _cleanup_close_ int sfd = -1, tfd = -1;
-        int r;
-
-        assert(e);
-        assert(path);
-        assert(fd >= 0);
-        assert(compress < _IMPORT_COMPRESS_TYPE_MAX);
-        assert(compress != IMPORT_COMPRESS_UNKNOWN);
-
-        if (e->output_fd >= 0)
-                return -EBUSY;
-
-        r = fd_nonblock(fd, true);
-        if (r < 0)
-                return r;
-
-        r = free_and_strdup(&e->path, path);
-        if (r < 0)
-                return r;
-
-        sfd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-        if (sfd < 0)
-                return -errno;
-
-        if (fstat(sfd, &e->st) < 0)
-                return -errno;
-        if (!S_ISREG(e->st.st_mode))
-                return -ENOTTY;
-
-        /* Try to take a reflink snapshot of the file, if we can t make the export atomic */
-        tfd = reflink_snapshot(sfd, path);
-        if (tfd >= 0) {
-                e->input_fd = tfd;
-                tfd = -1;
-        } else {
-                e->input_fd = sfd;
-                sfd = -1;
-        }
-
-        r = import_compress_init(&e->compress, compress);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_io(e->event, &e->output_event_source, fd, EPOLLOUT, raw_export_on_output, e);
-        if (r == -EPERM) {
-                r = sd_event_add_defer(e->event, &e->output_event_source, raw_export_on_defer, e);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_enabled(e->output_event_source, SD_EVENT_ON);
-        }
-        if (r < 0)
-                return r;
-
-        e->output_fd = fd;
-        return r;
-}
diff --git a/src/import/export-raw.h b/src/import/export-raw.h
deleted file mode 100644
index 8e723d4908..0000000000
--- a/src/import/export-raw.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "import-compress.h"
-#include "macro.h"
-
-typedef struct RawExport RawExport;
-
-typedef void (*RawExportFinished)(RawExport *export, int error, void *userdata);
-
-int raw_export_new(RawExport **export, sd_event *event, RawExportFinished on_finished, void *userdata);
-RawExport* raw_export_unref(RawExport *export);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(RawExport*, raw_export_unref);
-
-int raw_export_start(RawExport *export, const char *path, int fd, ImportCompressType compress);
diff --git a/src/import/export-tar.c b/src/import/export-tar.c
deleted file mode 100644
index d79c27f2d0..0000000000
--- a/src/import/export-tar.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "export-tar.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "import-common.h"
-#include "process-util.h"
-#include "ratelimit.h"
-#include "string-util.h"
-#include "util.h"
-
-#define COPY_BUFFER_SIZE (16*1024)
-
-struct TarExport {
-        sd_event *event;
-
-        TarExportFinished on_finished;
-        void *userdata;
-
-        char *path;
-        char *temp_path;
-
-        int output_fd;
-        int tar_fd;
-
-        ImportCompress compress;
-
-        sd_event_source *output_event_source;
-
-        void *buffer;
-        size_t buffer_size;
-        size_t buffer_allocated;
-
-        uint64_t written_compressed;
-        uint64_t written_uncompressed;
-
-        pid_t tar_pid;
-
-        struct stat st;
-        uint64_t quota_referenced;
-
-        unsigned last_percent;
-        RateLimit progress_rate_limit;
-
-        bool eof;
-        bool tried_splice;
-};
-
-TarExport *tar_export_unref(TarExport *e) {
-        if (!e)
-                return NULL;
-
-        sd_event_source_unref(e->output_event_source);
-
-        if (e->tar_pid > 1) {
-                (void) kill_and_sigcont(e->tar_pid, SIGKILL);
-                (void) wait_for_terminate(e->tar_pid, NULL);
-        }
-
-        if (e->temp_path) {
-                (void) btrfs_subvol_remove(e->temp_path, BTRFS_REMOVE_QUOTA);
-                free(e->temp_path);
-        }
-
-        import_compress_free(&e->compress);
-
-        sd_event_unref(e->event);
-
-        safe_close(e->tar_fd);
-
-        free(e->buffer);
-        free(e->path);
-        free(e);
-
-        return NULL;
-}
-
-int tar_export_new(
-                TarExport **ret,
-                sd_event *event,
-                TarExportFinished on_finished,
-                void *userdata) {
-
-        _cleanup_(tar_export_unrefp) TarExport *e = NULL;
-        int r;
-
-        assert(ret);
-
-        e = new0(TarExport, 1);
-        if (!e)
-                return -ENOMEM;
-
-        e->output_fd = e->tar_fd = -1;
-        e->on_finished = on_finished;
-        e->userdata = userdata;
-        e->quota_referenced = (uint64_t) -1;
-
-        RATELIMIT_INIT(e->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
-        e->last_percent = (unsigned) -1;
-
-        if (event)
-                e->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&e->event);
-                if (r < 0)
-                        return r;
-        }
-
-        *ret = e;
-        e = NULL;
-
-        return 0;
-}
-
-static void tar_export_report_progress(TarExport *e) {
-        unsigned percent;
-        assert(e);
-
-        /* Do we have any quota info? If not, we don't know anything about the progress */
-        if (e->quota_referenced == (uint64_t) -1)
-                return;
-
-        if (e->written_uncompressed >= e->quota_referenced)
-                percent = 100;
-        else
-                percent = (unsigned) ((e->written_uncompressed * UINT64_C(100)) / e->quota_referenced);
-
-        if (percent == e->last_percent)
-                return;
-
-        if (!ratelimit_test(&e->progress_rate_limit))
-                return;
-
-        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
-        log_info("Exported %u%%.", percent);
-
-        e->last_percent = percent;
-}
-
-static int tar_export_process(TarExport *e) {
-        ssize_t l;
-        int r;
-
-        assert(e);
-
-        if (!e->tried_splice && e->compress.type == IMPORT_COMPRESS_UNCOMPRESSED) {
-
-                l = splice(e->tar_fd, NULL, e->output_fd, NULL, COPY_BUFFER_SIZE, 0);
-                if (l < 0) {
-                        if (errno == EAGAIN)
-                                return 0;
-
-                        e->tried_splice = true;
-                } else if (l == 0) {
-                        r = 0;
-                        goto finish;
-                } else {
-                        e->written_uncompressed += l;
-                        e->written_compressed += l;
-
-                        tar_export_report_progress(e);
-
-                        return 0;
-                }
-        }
-
-        while (e->buffer_size <= 0) {
-                uint8_t input[COPY_BUFFER_SIZE];
-
-                if (e->eof) {
-                        r = 0;
-                        goto finish;
-                }
-
-                l = read(e->tar_fd, input, sizeof(input));
-                if (l < 0) {
-                        r = log_error_errno(errno, "Failed to read tar file: %m");
-                        goto finish;
-                }
-
-                if (l == 0) {
-                        e->eof = true;
-                        r = import_compress_finish(&e->compress, &e->buffer, &e->buffer_size, &e->buffer_allocated);
-                } else {
-                        e->written_uncompressed += l;
-                        r = import_compress(&e->compress, input, l, &e->buffer, &e->buffer_size, &e->buffer_allocated);
-                }
-                if (r < 0) {
-                        r = log_error_errno(r, "Failed to encode: %m");
-                        goto finish;
-                }
-        }
-
-        l = write(e->output_fd, e->buffer, e->buffer_size);
-        if (l < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                r = log_error_errno(errno, "Failed to write output file: %m");
-                goto finish;
-        }
-
-        assert((size_t) l <= e->buffer_size);
-        memmove(e->buffer, (uint8_t*) e->buffer + l, e->buffer_size - l);
-        e->buffer_size -= l;
-        e->written_compressed += l;
-
-        tar_export_report_progress(e);
-
-        return 0;
-
-finish:
-        if (e->on_finished)
-                e->on_finished(e, r, e->userdata);
-        else
-                sd_event_exit(e->event, r);
-
-        return 0;
-}
-
-static int tar_export_on_output(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        TarExport *i = userdata;
-
-        return tar_export_process(i);
-}
-
-static int tar_export_on_defer(sd_event_source *s, void *userdata) {
-        TarExport *i = userdata;
-
-        return tar_export_process(i);
-}
-
-int tar_export_start(TarExport *e, const char *path, int fd, ImportCompressType compress) {
-        _cleanup_close_ int sfd = -1;
-        int r;
-
-        assert(e);
-        assert(path);
-        assert(fd >= 0);
-        assert(compress < _IMPORT_COMPRESS_TYPE_MAX);
-        assert(compress != IMPORT_COMPRESS_UNKNOWN);
-
-        if (e->output_fd >= 0)
-                return -EBUSY;
-
-        sfd = open(path, O_DIRECTORY|O_RDONLY|O_NOCTTY|O_CLOEXEC);
-        if (sfd < 0)
-                return -errno;
-
-        if (fstat(sfd, &e->st) < 0)
-                return -errno;
-
-        r = fd_nonblock(fd, true);
-        if (r < 0)
-                return r;
-
-        r = free_and_strdup(&e->path, path);
-        if (r < 0)
-                return r;
-
-        e->quota_referenced = (uint64_t) -1;
-
-        if (e->st.st_ino == 256) { /* might be a btrfs subvolume? */
-                BtrfsQuotaInfo q;
-
-                r = btrfs_subvol_get_subtree_quota_fd(sfd, 0, &q);
-                if (r >= 0)
-                        e->quota_referenced = q.referenced;
-
-                e->temp_path = mfree(e->temp_path);
-
-                r = tempfn_random(path, NULL, &e->temp_path);
-                if (r < 0)
-                        return r;
-
-                /* Let's try to make a snapshot, if we can, so that the export is atomic */
-                r = btrfs_subvol_snapshot_fd(sfd, e->temp_path, BTRFS_SNAPSHOT_READ_ONLY|BTRFS_SNAPSHOT_RECURSIVE);
-                if (r < 0) {
-                        log_debug_errno(r, "Couldn't create snapshot %s of %s, not exporting atomically: %m", e->temp_path, path);
-                        e->temp_path = mfree(e->temp_path);
-                }
-        }
-
-        r = import_compress_init(&e->compress, compress);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_io(e->event, &e->output_event_source, fd, EPOLLOUT, tar_export_on_output, e);
-        if (r == -EPERM) {
-                r = sd_event_add_defer(e->event, &e->output_event_source, tar_export_on_defer, e);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_enabled(e->output_event_source, SD_EVENT_ON);
-        }
-        if (r < 0)
-                return r;
-
-        e->tar_fd = import_fork_tar_c(e->temp_path ?: e->path, &e->tar_pid);
-        if (e->tar_fd < 0) {
-                e->output_event_source = sd_event_source_unref(e->output_event_source);
-                return e->tar_fd;
-        }
-
-        e->output_fd = fd;
-        return r;
-}
diff --git a/src/import/export-tar.h b/src/import/export-tar.h
deleted file mode 100644
index 1e3c8bb80c..0000000000
--- a/src/import/export-tar.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "import-compress.h"
-#include "macro.h"
-
-typedef struct TarExport TarExport;
-
-typedef void (*TarExportFinished)(TarExport *export, int error, void *userdata);
-
-int tar_export_new(TarExport **export, sd_event *event, TarExportFinished on_finished, void *userdata);
-TarExport* tar_export_unref(TarExport *export);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(TarExport*, tar_export_unref);
-
-int tar_export_start(TarExport *export, const char *path, int fd, ImportCompressType compress);
diff --git a/src/import/export.c b/src/import/export.c
deleted file mode 100644
index cc98c33ef6..0000000000
--- a/src/import/export.c
+++ /dev/null
@@ -1,320 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "export-raw.h"
-#include "export-tar.h"
-#include "fd-util.h"
-#include "fs-util.h"
-#include "hostname-util.h"
-#include "import-util.h"
-#include "machine-image.h"
-#include "signal-util.h"
-#include "string-util.h"
-#include "verbs.h"
-
-static ImportCompressType arg_compress = IMPORT_COMPRESS_UNKNOWN;
-
-static void determine_compression_from_filename(const char *p) {
-
-        if (arg_compress != IMPORT_COMPRESS_UNKNOWN)
-                return;
-
-        if (!p) {
-                arg_compress = IMPORT_COMPRESS_UNCOMPRESSED;
-                return;
-        }
-
-        if (endswith(p, ".xz"))
-                arg_compress = IMPORT_COMPRESS_XZ;
-        else if (endswith(p, ".gz"))
-                arg_compress = IMPORT_COMPRESS_GZIP;
-        else if (endswith(p, ".bz2"))
-                arg_compress = IMPORT_COMPRESS_BZIP2;
-        else
-                arg_compress = IMPORT_COMPRESS_UNCOMPRESSED;
-}
-
-static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        log_notice("Transfer aborted.");
-        sd_event_exit(sd_event_source_get_event(s), EINTR);
-        return 0;
-}
-
-static void on_tar_finished(TarExport *export, int error, void *userdata) {
-        sd_event *event = userdata;
-        assert(export);
-
-        if (error == 0)
-                log_info("Operation completed successfully.");
-
-        sd_event_exit(event, abs(error));
-}
-
-static int export_tar(int argc, char *argv[], void *userdata) {
-        _cleanup_(tar_export_unrefp) TarExport *export = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        _cleanup_(image_unrefp) Image *image = NULL;
-        const char *path = NULL, *local = NULL;
-        _cleanup_close_ int open_fd = -1;
-        int r, fd;
-
-        if (machine_name_is_valid(argv[1])) {
-                r = image_find(argv[1], &image);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to look for machine %s: %m", argv[1]);
-                if (r == 0) {
-                        log_error("Machine image %s not found.", argv[1]);
-                        return -ENOENT;
-                }
-
-                local = image->path;
-        } else
-                local = argv[1];
-
-        if (argc >= 3)
-                path = argv[2];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        determine_compression_from_filename(path);
-
-        if (path) {
-                open_fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
-                if (open_fd < 0)
-                        return log_error_errno(errno, "Failed to open tar image for export: %m");
-
-                fd = open_fd;
-
-                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, path, import_compress_type_to_string(arg_compress));
-        } else {
-                _cleanup_free_ char *pretty = NULL;
-
-                fd = STDOUT_FILENO;
-
-                (void) readlink_malloc("/proc/self/fd/1", &pretty);
-                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, strna(pretty), import_compress_type_to_string(arg_compress));
-        }
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event loop: %m");
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
-        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
-
-        r = tar_export_new(&export, event, on_tar_finished, event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate exporter: %m");
-
-        r = tar_export_start(export, local, fd, arg_compress);
-        if (r < 0)
-                return log_error_errno(r, "Failed to export image: %m");
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        log_info("Exiting.");
-        return -r;
-}
-
-static void on_raw_finished(RawExport *export, int error, void *userdata) {
-        sd_event *event = userdata;
-        assert(export);
-
-        if (error == 0)
-                log_info("Operation completed successfully.");
-
-        sd_event_exit(event, abs(error));
-}
-
-static int export_raw(int argc, char *argv[], void *userdata) {
-        _cleanup_(raw_export_unrefp) RawExport *export = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        _cleanup_(image_unrefp) Image *image = NULL;
-        const char *path = NULL, *local = NULL;
-        _cleanup_close_ int open_fd = -1;
-        int r, fd;
-
-        if (machine_name_is_valid(argv[1])) {
-                r = image_find(argv[1], &image);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to look for machine %s: %m", argv[1]);
-                if (r == 0) {
-                        log_error("Machine image %s not found.", argv[1]);
-                        return -ENOENT;
-                }
-
-                local = image->path;
-        } else
-                local = argv[1];
-
-        if (argc >= 3)
-                path = argv[2];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        determine_compression_from_filename(path);
-
-        if (path) {
-                open_fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
-                if (open_fd < 0)
-                        return log_error_errno(errno, "Failed to open raw image for export: %m");
-
-                fd = open_fd;
-
-                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, path, import_compress_type_to_string(arg_compress));
-        } else {
-                _cleanup_free_ char *pretty = NULL;
-
-                fd = STDOUT_FILENO;
-
-                (void) readlink_malloc("/proc/self/fd/1", &pretty);
-                log_info("Exporting '%s', saving to '%s' with compression '%s'.", local, strna(pretty), import_compress_type_to_string(arg_compress));
-        }
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event loop: %m");
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
-        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
-
-        r = raw_export_new(&export, event, on_raw_finished, event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate exporter: %m");
-
-        r = raw_export_start(export, local, fd, arg_compress);
-        if (r < 0)
-                return log_error_errno(r, "Failed to export image: %m");
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        log_info("Exiting.");
-        return -r;
-}
-
-static int help(int argc, char *argv[], void *userdata) {
-
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Export container or virtual machine images.\n\n"
-               "  -h --help                    Show this help\n"
-               "     --version                 Show package version\n"
-               "     --format=FORMAT           Select format\n\n"
-               "Commands:\n"
-               "  tar NAME [FILE]              Export a TAR image\n"
-               "  raw NAME [FILE]              Export a RAW image\n",
-               program_invocation_short_name);
-
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_FORMAT,
-        };
-
-        static const struct option options[] = {
-                { "help",    no_argument,       NULL, 'h'         },
-                { "version", no_argument,       NULL, ARG_VERSION },
-                { "format",  required_argument, NULL, ARG_FORMAT  },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        return help(0, NULL, NULL);
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_FORMAT:
-                        if (streq(optarg, "uncompressed"))
-                                arg_compress = IMPORT_COMPRESS_UNCOMPRESSED;
-                        else if (streq(optarg, "xz"))
-                                arg_compress = IMPORT_COMPRESS_XZ;
-                        else if (streq(optarg, "gzip"))
-                                arg_compress = IMPORT_COMPRESS_GZIP;
-                        else if (streq(optarg, "bzip2"))
-                                arg_compress = IMPORT_COMPRESS_BZIP2;
-                        else {
-                                log_error("Unknown format: %s", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int export_main(int argc, char *argv[]) {
-
-        static const Verb verbs[] = {
-                { "help", VERB_ANY, VERB_ANY, 0, help       },
-                { "tar",  2,        3,        0, export_tar },
-                { "raw",  2,        3,        0, export_raw },
-                {}
-        };
-
-        return dispatch_verb(argc, argv, verbs, NULL);
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        (void) ignore_signals(SIGPIPE, -1);
-
-        r = export_main(argc, argv);
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/import/import-raw.c b/src/import/import-raw.c
deleted file mode 100644
index fd6b9f7703..0000000000
--- a/src/import/import-raw.c
+++ /dev/null
@@ -1,467 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <linux/fs.h>
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "chattr-util.h"
-#include "copy.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hostname-util.h"
-#include "import-common.h"
-#include "import-compress.h"
-#include "import-raw.h"
-#include "io-util.h"
-#include "machine-pool.h"
-#include "mkdir.h"
-#include "path-util.h"
-#include "qcow2-util.h"
-#include "ratelimit.h"
-#include "rm-rf.h"
-#include "string-util.h"
-#include "util.h"
-
-struct RawImport {
-        sd_event *event;
-
-        char *image_root;
-
-        RawImportFinished on_finished;
-        void *userdata;
-
-        char *local;
-        bool force_local;
-        bool read_only;
-        bool grow_machine_directory;
-
-        char *temp_path;
-        char *final_path;
-
-        int input_fd;
-        int output_fd;
-
-        ImportCompress compress;
-
-        uint64_t written_since_last_grow;
-
-        sd_event_source *input_event_source;
-
-        uint8_t buffer[16*1024];
-        size_t buffer_size;
-
-        uint64_t written_compressed;
-        uint64_t written_uncompressed;
-
-        struct stat st;
-
-        unsigned last_percent;
-        RateLimit progress_rate_limit;
-};
-
-RawImport* raw_import_unref(RawImport *i) {
-        if (!i)
-                return NULL;
-
-        sd_event_unref(i->event);
-
-        if (i->temp_path) {
-                (void) unlink(i->temp_path);
-                free(i->temp_path);
-        }
-
-        import_compress_free(&i->compress);
-
-        sd_event_source_unref(i->input_event_source);
-
-        safe_close(i->output_fd);
-
-        free(i->final_path);
-        free(i->image_root);
-        free(i->local);
-        free(i);
-
-        return NULL;
-}
-
-int raw_import_new(
-                RawImport **ret,
-                sd_event *event,
-                const char *image_root,
-                RawImportFinished on_finished,
-                void *userdata) {
-
-        _cleanup_(raw_import_unrefp) RawImport *i = NULL;
-        int r;
-
-        assert(ret);
-
-        i = new0(RawImport, 1);
-        if (!i)
-                return -ENOMEM;
-
-        i->input_fd = i->output_fd = -1;
-        i->on_finished = on_finished;
-        i->userdata = userdata;
-
-        RATELIMIT_INIT(i->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
-        i->last_percent = (unsigned) -1;
-
-        i->image_root = strdup(image_root ?: "/var/lib/machines");
-        if (!i->image_root)
-                return -ENOMEM;
-
-        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
-
-        if (event)
-                i->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&i->event);
-                if (r < 0)
-                        return r;
-        }
-
-        *ret = i;
-        i = NULL;
-
-        return 0;
-}
-
-static void raw_import_report_progress(RawImport *i) {
-        unsigned percent;
-        assert(i);
-
-        /* We have no size information, unless the source is a regular file */
-        if (!S_ISREG(i->st.st_mode))
-                return;
-
-        if (i->written_compressed >= (uint64_t) i->st.st_size)
-                percent = 100;
-        else
-                percent = (unsigned) ((i->written_compressed * UINT64_C(100)) / (uint64_t) i->st.st_size);
-
-        if (percent == i->last_percent)
-                return;
-
-        if (!ratelimit_test(&i->progress_rate_limit))
-                return;
-
-        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
-        log_info("Imported %u%%.", percent);
-
-        i->last_percent = percent;
-}
-
-static int raw_import_maybe_convert_qcow2(RawImport *i) {
-        _cleanup_close_ int converted_fd = -1;
-        _cleanup_free_ char *t = NULL;
-        int r;
-
-        assert(i);
-
-        r = qcow2_detect(i->output_fd);
-        if (r < 0)
-                return log_error_errno(r, "Failed to detect whether this is a QCOW2 image: %m");
-        if (r == 0)
-                return 0;
-
-        /* This is a QCOW2 image, let's convert it */
-        r = tempfn_random(i->final_path, NULL, &t);
-        if (r < 0)
-                return log_oom();
-
-        converted_fd = open(t, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
-        if (converted_fd < 0)
-                return log_error_errno(errno, "Failed to create %s: %m", t);
-
-        r = chattr_fd(converted_fd, FS_NOCOW_FL, FS_NOCOW_FL);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set file attributes on %s: %m", t);
-
-        log_info("Unpacking QCOW2 file.");
-
-        r = qcow2_convert(i->output_fd, converted_fd);
-        if (r < 0) {
-                unlink(t);
-                return log_error_errno(r, "Failed to convert qcow2 image: %m");
-        }
-
-        (void) unlink(i->temp_path);
-        free(i->temp_path);
-        i->temp_path = t;
-        t = NULL;
-
-        safe_close(i->output_fd);
-        i->output_fd = converted_fd;
-        converted_fd = -1;
-
-        return 1;
-}
-
-static int raw_import_finish(RawImport *i) {
-        int r;
-
-        assert(i);
-        assert(i->output_fd >= 0);
-        assert(i->temp_path);
-        assert(i->final_path);
-
-        /* In case this was a sparse file, make sure the file system is right */
-        if (i->written_uncompressed > 0) {
-                if (ftruncate(i->output_fd, i->written_uncompressed) < 0)
-                        return log_error_errno(errno, "Failed to truncate file: %m");
-        }
-
-        r = raw_import_maybe_convert_qcow2(i);
-        if (r < 0)
-                return r;
-
-        if (S_ISREG(i->st.st_mode)) {
-                (void) copy_times(i->input_fd, i->output_fd);
-                (void) copy_xattr(i->input_fd, i->output_fd);
-        }
-
-        if (i->read_only) {
-                r = import_make_read_only_fd(i->output_fd);
-                if (r < 0)
-                        return r;
-        }
-
-        if (i->force_local)
-                (void) rm_rf(i->final_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
-
-        r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
-        if (r < 0)
-                return log_error_errno(r, "Failed to move image into place: %m");
-
-        i->temp_path = mfree(i->temp_path);
-
-        return 0;
-}
-
-static int raw_import_open_disk(RawImport *i) {
-        int r;
-
-        assert(i);
-
-        assert(!i->final_path);
-        assert(!i->temp_path);
-        assert(i->output_fd < 0);
-
-        i->final_path = strjoin(i->image_root, "/", i->local, ".raw", NULL);
-        if (!i->final_path)
-                return log_oom();
-
-        r = tempfn_random(i->final_path, NULL, &i->temp_path);
-        if (r < 0)
-                return log_oom();
-
-        (void) mkdir_parents_label(i->temp_path, 0700);
-
-        i->output_fd = open(i->temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
-        if (i->output_fd < 0)
-                return log_error_errno(errno, "Failed to open destination %s: %m", i->temp_path);
-
-        r = chattr_fd(i->output_fd, FS_NOCOW_FL, FS_NOCOW_FL);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set file attributes on %s: %m", i->temp_path);
-
-        return 0;
-}
-
-static int raw_import_try_reflink(RawImport *i) {
-        off_t p;
-        int r;
-
-        assert(i);
-        assert(i->input_fd >= 0);
-        assert(i->output_fd >= 0);
-
-        if (i->compress.type != IMPORT_COMPRESS_UNCOMPRESSED)
-                return 0;
-
-        if (!S_ISREG(i->st.st_mode))
-                return 0;
-
-        p = lseek(i->input_fd, 0, SEEK_CUR);
-        if (p == (off_t) -1)
-                return log_error_errno(errno, "Failed to read file offset of input file: %m");
-
-        /* Let's only try a btrfs reflink, if we are reading from the beginning of the file */
-        if ((uint64_t) p != (uint64_t) i->buffer_size)
-                return 0;
-
-        r = btrfs_reflink(i->input_fd, i->output_fd);
-        if (r >= 0)
-                return 1;
-
-        return 0;
-}
-
-static int raw_import_write(const void *p, size_t sz, void *userdata) {
-        RawImport *i = userdata;
-        ssize_t n;
-
-        if (i->grow_machine_directory && i->written_since_last_grow >= GROW_INTERVAL_BYTES) {
-                i->written_since_last_grow = 0;
-                grow_machine_directory();
-        }
-
-        n = sparse_write(i->output_fd, p, sz, 64);
-        if (n < 0)
-                return -errno;
-        if ((size_t) n < sz)
-                return -EIO;
-
-        i->written_uncompressed += sz;
-        i->written_since_last_grow += sz;
-
-        return 0;
-}
-
-static int raw_import_process(RawImport *i) {
-        ssize_t l;
-        int r;
-
-        assert(i);
-        assert(i->buffer_size < sizeof(i->buffer));
-
-        l = read(i->input_fd, i->buffer + i->buffer_size, sizeof(i->buffer) - i->buffer_size);
-        if (l < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                r = log_error_errno(errno, "Failed to read input file: %m");
-                goto finish;
-        }
-        if (l == 0) {
-                if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-                        log_error("Premature end of file: %m");
-                        r = -EIO;
-                        goto finish;
-                }
-
-                r = raw_import_finish(i);
-                goto finish;
-        }
-
-        i->buffer_size += l;
-
-        if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-                r = import_uncompress_detect(&i->compress, i->buffer, i->buffer_size);
-                if (r < 0) {
-                        log_error("Failed to detect file compression: %m");
-                        goto finish;
-                }
-                if (r == 0) /* Need more data */
-                        return 0;
-
-                r = raw_import_open_disk(i);
-                if (r < 0)
-                        goto finish;
-
-                r = raw_import_try_reflink(i);
-                if (r < 0)
-                        goto finish;
-                if (r > 0) {
-                        r = raw_import_finish(i);
-                        goto finish;
-                }
-        }
-
-        r = import_uncompress(&i->compress, i->buffer, i->buffer_size, raw_import_write, i);
-        if (r < 0) {
-                log_error_errno(r, "Failed to decode and write: %m");
-                goto finish;
-        }
-
-        i->written_compressed += i->buffer_size;
-        i->buffer_size = 0;
-
-        raw_import_report_progress(i);
-
-        return 0;
-
-finish:
-        if (i->on_finished)
-                i->on_finished(i, r, i->userdata);
-        else
-                sd_event_exit(i->event, r);
-
-        return 0;
-}
-
-static int raw_import_on_input(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        RawImport *i = userdata;
-
-        return raw_import_process(i);
-}
-
-static int raw_import_on_defer(sd_event_source *s, void *userdata) {
-        RawImport *i = userdata;
-
-        return raw_import_process(i);
-}
-
-int raw_import_start(RawImport *i, int fd, const char *local, bool force_local, bool read_only) {
-        int r;
-
-        assert(i);
-        assert(fd >= 0);
-        assert(local);
-
-        if (!machine_name_is_valid(local))
-                return -EINVAL;
-
-        if (i->input_fd >= 0)
-                return -EBUSY;
-
-        r = fd_nonblock(fd, true);
-        if (r < 0)
-                return r;
-
-        r = free_and_strdup(&i->local, local);
-        if (r < 0)
-                return r;
-        i->force_local = force_local;
-        i->read_only = read_only;
-
-        if (fstat(fd, &i->st) < 0)
-                return -errno;
-
-        r = sd_event_add_io(i->event, &i->input_event_source, fd, EPOLLIN, raw_import_on_input, i);
-        if (r == -EPERM) {
-                /* This fd does not support epoll, for example because it is a regular file. Busy read in that case */
-                r = sd_event_add_defer(i->event, &i->input_event_source, raw_import_on_defer, i);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_enabled(i->input_event_source, SD_EVENT_ON);
-        }
-        if (r < 0)
-                return r;
-
-        i->input_fd = fd;
-        return r;
-}
diff --git a/src/import/import-raw.h b/src/import/import-raw.h
deleted file mode 100644
index 4f543e0883..0000000000
--- a/src/import/import-raw.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "import-util.h"
-#include "macro.h"
-
-typedef struct RawImport RawImport;
-
-typedef void (*RawImportFinished)(RawImport *import, int error, void *userdata);
-
-int raw_import_new(RawImport **import, sd_event *event, const char *image_root, RawImportFinished on_finished, void *userdata);
-RawImport* raw_import_unref(RawImport *import);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(RawImport*, raw_import_unref);
-
-int raw_import_start(RawImport *i, int fd, const char *local, bool force_local, bool read_only);
diff --git a/src/import/import-tar.c b/src/import/import-tar.c
deleted file mode 100644
index 8b81324fde..0000000000
--- a/src/import/import-tar.c
+++ /dev/null
@@ -1,388 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <linux/fs.h>
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "copy.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hostname-util.h"
-#include "import-common.h"
-#include "import-compress.h"
-#include "import-tar.h"
-#include "io-util.h"
-#include "machine-pool.h"
-#include "mkdir.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "qcow2-util.h"
-#include "ratelimit.h"
-#include "rm-rf.h"
-#include "string-util.h"
-#include "util.h"
-
-struct TarImport {
-        sd_event *event;
-
-        char *image_root;
-
-        TarImportFinished on_finished;
-        void *userdata;
-
-        char *local;
-        bool force_local;
-        bool read_only;
-        bool grow_machine_directory;
-
-        char *temp_path;
-        char *final_path;
-
-        int input_fd;
-        int tar_fd;
-
-        ImportCompress compress;
-
-        uint64_t written_since_last_grow;
-
-        sd_event_source *input_event_source;
-
-        uint8_t buffer[16*1024];
-        size_t buffer_size;
-
-        uint64_t written_compressed;
-        uint64_t written_uncompressed;
-
-        struct stat st;
-
-        pid_t tar_pid;
-
-        unsigned last_percent;
-        RateLimit progress_rate_limit;
-};
-
-TarImport* tar_import_unref(TarImport *i) {
-        if (!i)
-                return NULL;
-
-        sd_event_source_unref(i->input_event_source);
-
-        if (i->tar_pid > 1) {
-                (void) kill_and_sigcont(i->tar_pid, SIGKILL);
-                (void) wait_for_terminate(i->tar_pid, NULL);
-        }
-
-        if (i->temp_path) {
-                (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
-                free(i->temp_path);
-        }
-
-        import_compress_free(&i->compress);
-
-        sd_event_unref(i->event);
-
-        safe_close(i->tar_fd);
-
-        free(i->final_path);
-        free(i->image_root);
-        free(i->local);
-        free(i);
-
-        return NULL;
-}
-
-int tar_import_new(
-                TarImport **ret,
-                sd_event *event,
-                const char *image_root,
-                TarImportFinished on_finished,
-                void *userdata) {
-
-        _cleanup_(tar_import_unrefp) TarImport *i = NULL;
-        int r;
-
-        assert(ret);
-
-        i = new0(TarImport, 1);
-        if (!i)
-                return -ENOMEM;
-
-        i->input_fd = i->tar_fd = -1;
-        i->on_finished = on_finished;
-        i->userdata = userdata;
-
-        RATELIMIT_INIT(i->progress_rate_limit, 100 * USEC_PER_MSEC, 1);
-        i->last_percent = (unsigned) -1;
-
-        i->image_root = strdup(image_root ?: "/var/lib/machines");
-        if (!i->image_root)
-                return -ENOMEM;
-
-        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
-
-        if (event)
-                i->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&i->event);
-                if (r < 0)
-                        return r;
-        }
-
-        *ret = i;
-        i = NULL;
-
-        return 0;
-}
-
-static void tar_import_report_progress(TarImport *i) {
-        unsigned percent;
-        assert(i);
-
-        /* We have no size information, unless the source is a regular file */
-        if (!S_ISREG(i->st.st_mode))
-                return;
-
-        if (i->written_compressed >= (uint64_t) i->st.st_size)
-                percent = 100;
-        else
-                percent = (unsigned) ((i->written_compressed * UINT64_C(100)) / (uint64_t) i->st.st_size);
-
-        if (percent == i->last_percent)
-                return;
-
-        if (!ratelimit_test(&i->progress_rate_limit))
-                return;
-
-        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
-        log_info("Imported %u%%.", percent);
-
-        i->last_percent = percent;
-}
-
-static int tar_import_finish(TarImport *i) {
-        int r;
-
-        assert(i);
-        assert(i->tar_fd >= 0);
-        assert(i->temp_path);
-        assert(i->final_path);
-
-        i->tar_fd = safe_close(i->tar_fd);
-
-        if (i->tar_pid > 0) {
-                r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
-                i->tar_pid = 0;
-                if (r < 0)
-                        return r;
-        }
-
-        if (i->read_only) {
-                r = import_make_read_only(i->temp_path);
-                if (r < 0)
-                        return r;
-        }
-
-        if (i->force_local)
-                (void) rm_rf(i->final_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
-
-        r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
-        if (r < 0)
-                return log_error_errno(r, "Failed to move image into place: %m");
-
-        i->temp_path = mfree(i->temp_path);
-
-        return 0;
-}
-
-static int tar_import_fork_tar(TarImport *i) {
-        int r;
-
-        assert(i);
-
-        assert(!i->final_path);
-        assert(!i->temp_path);
-        assert(i->tar_fd < 0);
-
-        i->final_path = strjoin(i->image_root, "/", i->local, NULL);
-        if (!i->final_path)
-                return log_oom();
-
-        r = tempfn_random(i->final_path, NULL, &i->temp_path);
-        if (r < 0)
-                return log_oom();
-
-        (void) mkdir_parents_label(i->temp_path, 0700);
-
-        r = btrfs_subvol_make(i->temp_path);
-        if (r == -ENOTTY) {
-                if (mkdir(i->temp_path, 0755) < 0)
-                        return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
-        else
-                (void) import_assign_pool_quota_and_warn(i->temp_path);
-
-        i->tar_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);
-        if (i->tar_fd < 0)
-                return i->tar_fd;
-
-        return 0;
-}
-
-static int tar_import_write(const void *p, size_t sz, void *userdata) {
-        TarImport *i = userdata;
-        int r;
-
-        if (i->grow_machine_directory && i->written_since_last_grow >= GROW_INTERVAL_BYTES) {
-                i->written_since_last_grow = 0;
-                grow_machine_directory();
-        }
-
-        r = loop_write(i->tar_fd, p, sz, false);
-        if (r < 0)
-                return r;
-
-        i->written_uncompressed += sz;
-        i->written_since_last_grow += sz;
-
-        return 0;
-}
-
-static int tar_import_process(TarImport *i) {
-        ssize_t l;
-        int r;
-
-        assert(i);
-        assert(i->buffer_size < sizeof(i->buffer));
-
-        l = read(i->input_fd, i->buffer + i->buffer_size, sizeof(i->buffer) - i->buffer_size);
-        if (l < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                r = log_error_errno(errno, "Failed to read input file: %m");
-                goto finish;
-        }
-        if (l == 0) {
-                if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-                        log_error("Premature end of file: %m");
-                        r = -EIO;
-                        goto finish;
-                }
-
-                r = tar_import_finish(i);
-                goto finish;
-        }
-
-        i->buffer_size += l;
-
-        if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-                r = import_uncompress_detect(&i->compress, i->buffer, i->buffer_size);
-                if (r < 0) {
-                        log_error("Failed to detect file compression: %m");
-                        goto finish;
-                }
-                if (r == 0) /* Need more data */
-                        return 0;
-
-                r = tar_import_fork_tar(i);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = import_uncompress(&i->compress, i->buffer, i->buffer_size, tar_import_write, i);
-        if (r < 0) {
-                log_error_errno(r, "Failed to decode and write: %m");
-                goto finish;
-        }
-
-        i->written_compressed += i->buffer_size;
-        i->buffer_size = 0;
-
-        tar_import_report_progress(i);
-
-        return 0;
-
-finish:
-        if (i->on_finished)
-                i->on_finished(i, r, i->userdata);
-        else
-                sd_event_exit(i->event, r);
-
-        return 0;
-}
-
-static int tar_import_on_input(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        TarImport *i = userdata;
-
-        return tar_import_process(i);
-}
-
-static int tar_import_on_defer(sd_event_source *s, void *userdata) {
-        TarImport *i = userdata;
-
-        return tar_import_process(i);
-}
-
-int tar_import_start(TarImport *i, int fd, const char *local, bool force_local, bool read_only) {
-        int r;
-
-        assert(i);
-        assert(fd >= 0);
-        assert(local);
-
-        if (!machine_name_is_valid(local))
-                return -EINVAL;
-
-        if (i->input_fd >= 0)
-                return -EBUSY;
-
-        r = fd_nonblock(fd, true);
-        if (r < 0)
-                return r;
-
-        r = free_and_strdup(&i->local, local);
-        if (r < 0)
-                return r;
-        i->force_local = force_local;
-        i->read_only = read_only;
-
-        if (fstat(fd, &i->st) < 0)
-                return -errno;
-
-        r = sd_event_add_io(i->event, &i->input_event_source, fd, EPOLLIN, tar_import_on_input, i);
-        if (r == -EPERM) {
-                /* This fd does not support epoll, for example because it is a regular file. Busy read in that case */
-                r = sd_event_add_defer(i->event, &i->input_event_source, tar_import_on_defer, i);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_enabled(i->input_event_source, SD_EVENT_ON);
-        }
-        if (r < 0)
-                return r;
-
-        i->input_fd = fd;
-        return r;
-}
diff --git a/src/import/import-tar.h b/src/import/import-tar.h
deleted file mode 100644
index 24abe06c8f..0000000000
--- a/src/import/import-tar.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "import-util.h"
-#include "macro.h"
-
-typedef struct TarImport TarImport;
-
-typedef void (*TarImportFinished)(TarImport *import, int error, void *userdata);
-
-int tar_import_new(TarImport **import, sd_event *event, const char *image_root, TarImportFinished on_finished, void *userdata);
-TarImport* tar_import_unref(TarImport *import);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(TarImport*, tar_import_unref);
-
-int tar_import_start(TarImport *import, int fd, const char *local, bool force_local, bool read_only);
diff --git a/src/import/import.c b/src/import/import.c
deleted file mode 100644
index 4e442ee84a..0000000000
--- a/src/import/import.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "fs-util.h"
-#include "hostname-util.h"
-#include "import-raw.h"
-#include "import-tar.h"
-#include "import-util.h"
-#include "machine-image.h"
-#include "signal-util.h"
-#include "string-util.h"
-#include "verbs.h"
-
-static bool arg_force = false;
-static bool arg_read_only = false;
-static const char *arg_image_root = "/var/lib/machines";
-
-static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        log_notice("Transfer aborted.");
-        sd_event_exit(sd_event_source_get_event(s), EINTR);
-        return 0;
-}
-
-static void on_tar_finished(TarImport *import, int error, void *userdata) {
-        sd_event *event = userdata;
-        assert(import);
-
-        if (error == 0)
-                log_info("Operation completed successfully.");
-
-        sd_event_exit(event, abs(error));
-}
-
-static int import_tar(int argc, char *argv[], void *userdata) {
-        _cleanup_(tar_import_unrefp) TarImport *import = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        const char *path = NULL, *local = NULL;
-        _cleanup_free_ char *ll = NULL;
-        _cleanup_close_ int open_fd = -1;
-        int r, fd;
-
-        if (argc >= 2)
-                path = argv[1];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        if (argc >= 3)
-                local = argv[2];
-        else if (path)
-                local = basename(path);
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (local) {
-                r = tar_strip_suffixes(local, &ll);
-                if (r < 0)
-                        return log_oom();
-
-                local = ll;
-
-                if (!machine_name_is_valid(local)) {
-                        log_error("Local image name '%s' is not valid.", local);
-                        return -EINVAL;
-                }
-
-                if (!arg_force) {
-                        r = image_find(local, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
-                        else if (r > 0) {
-                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
-                                return -EEXIST;
-                        }
-                }
-        } else
-                local = "imported";
-
-        if (path) {
-                open_fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                if (open_fd < 0)
-                        return log_error_errno(errno, "Failed to open tar image to import: %m");
-
-                fd = open_fd;
-
-                log_info("Importing '%s', saving as '%s'.", path, local);
-        } else {
-                _cleanup_free_ char *pretty = NULL;
-
-                fd = STDIN_FILENO;
-
-                (void) readlink_malloc("/proc/self/fd/0", &pretty);
-                log_info("Importing '%s', saving as '%s'.", strna(pretty), local);
-        }
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event loop: %m");
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
-        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
-
-        r = tar_import_new(&import, event, arg_image_root, on_tar_finished, event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate importer: %m");
-
-        r = tar_import_start(import, fd, local, arg_force, arg_read_only);
-        if (r < 0)
-                return log_error_errno(r, "Failed to import image: %m");
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        log_info("Exiting.");
-        return -r;
-}
-
-static void on_raw_finished(RawImport *import, int error, void *userdata) {
-        sd_event *event = userdata;
-        assert(import);
-
-        if (error == 0)
-                log_info("Operation completed successfully.");
-
-        sd_event_exit(event, abs(error));
-}
-
-static int import_raw(int argc, char *argv[], void *userdata) {
-        _cleanup_(raw_import_unrefp) RawImport *import = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        const char *path = NULL, *local = NULL;
-        _cleanup_free_ char *ll = NULL;
-        _cleanup_close_ int open_fd = -1;
-        int r, fd;
-
-        if (argc >= 2)
-                path = argv[1];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        if (argc >= 3)
-                local = argv[2];
-        else if (path)
-                local = basename(path);
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (local) {
-                r = raw_strip_suffixes(local, &ll);
-                if (r < 0)
-                        return log_oom();
-
-                local = ll;
-
-                if (!machine_name_is_valid(local)) {
-                        log_error("Local image name '%s' is not valid.", local);
-                        return -EINVAL;
-                }
-
-                if (!arg_force) {
-                        r = image_find(local, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
-                        else if (r > 0) {
-                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
-                                return -EEXIST;
-                        }
-                }
-        } else
-                local = "imported";
-
-        if (path) {
-                open_fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                if (open_fd < 0)
-                        return log_error_errno(errno, "Failed to open raw image to import: %m");
-
-                fd = open_fd;
-
-                log_info("Importing '%s', saving as '%s'.", path, local);
-        } else {
-                _cleanup_free_ char *pretty = NULL;
-
-                fd = STDIN_FILENO;
-
-                (void) readlink_malloc("/proc/self/fd/0", &pretty);
-                log_info("Importing '%s', saving as '%s'.", pretty, local);
-        }
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event loop: %m");
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
-        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
-
-        r = raw_import_new(&import, event, arg_image_root, on_raw_finished, event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate importer: %m");
-
-        r = raw_import_start(import, fd, local, arg_force, arg_read_only);
-        if (r < 0)
-                return log_error_errno(r, "Failed to import image: %m");
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        log_info("Exiting.");
-        return -r;
-}
-
-static int help(int argc, char *argv[], void *userdata) {
-
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Import container or virtual machine images.\n\n"
-               "  -h --help                   Show this help\n"
-               "     --version                Show package version\n"
-               "     --force                  Force creation of image\n"
-               "     --image-root=PATH        Image root directory\n"
-               "     --read-only              Create a read-only image\n\n"
-               "Commands:\n"
-               "  tar FILE [NAME]             Import a TAR image\n"
-               "  raw FILE [NAME]             Import a RAW image\n",
-               program_invocation_short_name);
-
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_FORCE,
-                ARG_IMAGE_ROOT,
-                ARG_READ_ONLY,
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'                 },
-                { "version",         no_argument,       NULL, ARG_VERSION         },
-                { "force",           no_argument,       NULL, ARG_FORCE           },
-                { "image-root",      required_argument, NULL, ARG_IMAGE_ROOT      },
-                { "read-only",       no_argument,       NULL, ARG_READ_ONLY       },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        return help(0, NULL, NULL);
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_FORCE:
-                        arg_force = true;
-                        break;
-
-                case ARG_IMAGE_ROOT:
-                        arg_image_root = optarg;
-                        break;
-
-                case ARG_READ_ONLY:
-                        arg_read_only = true;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int import_main(int argc, char *argv[]) {
-
-        static const Verb verbs[] = {
-                { "help", VERB_ANY, VERB_ANY, 0, help       },
-                { "tar",  2,        3,        0, import_tar },
-                { "raw",  2,        3,        0, import_raw },
-                {}
-        };
-
-        return dispatch_verb(argc, argv, verbs, NULL);
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        (void) ignore_signals(SIGPIPE, -1);
-
-        r = import_main(argc, argv);
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/import/importd.c b/src/import/importd.c
deleted file mode 100644
index 956a82945c..0000000000
--- a/src/import/importd.c
+++ /dev/null
@@ -1,1221 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sys/prctl.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "bus-util.h"
-#include "def.h"
-#include "fd-util.h"
-#include "hostname-util.h"
-#include "import-util.h"
-#include "machine-pool.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "string-table.h"
-#include "strv.h"
-#include "syslog-util.h"
-#include "user-util.h"
-#include "util.h"
-#include "web-util.h"
-
-typedef struct Transfer Transfer;
-typedef struct Manager Manager;
-
-typedef enum TransferType {
-        TRANSFER_IMPORT_TAR,
-        TRANSFER_IMPORT_RAW,
-        TRANSFER_EXPORT_TAR,
-        TRANSFER_EXPORT_RAW,
-        TRANSFER_PULL_TAR,
-        TRANSFER_PULL_RAW,
-        _TRANSFER_TYPE_MAX,
-        _TRANSFER_TYPE_INVALID = -1,
-} TransferType;
-
-struct Transfer {
-        Manager *manager;
-
-        uint32_t id;
-        char *object_path;
-
-        TransferType type;
-        ImportVerify verify;
-
-        char *remote;
-        char *local;
-        bool force_local;
-        bool read_only;
-
-        char *format;
-
-        pid_t pid;
-
-        int log_fd;
-
-        char log_message[LINE_MAX];
-        size_t log_message_size;
-
-        sd_event_source *pid_event_source;
-        sd_event_source *log_event_source;
-
-        unsigned n_canceled;
-        unsigned progress_percent;
-
-        int stdin_fd;
-        int stdout_fd;
-};
-
-struct Manager {
-        sd_event *event;
-        sd_bus *bus;
-
-        uint32_t current_transfer_id;
-        Hashmap *transfers;
-
-        Hashmap *polkit_registry;
-
-        int notify_fd;
-
-        sd_event_source *notify_event_source;
-};
-
-#define TRANSFERS_MAX 64
-
-static const char* const transfer_type_table[_TRANSFER_TYPE_MAX] = {
-        [TRANSFER_IMPORT_TAR] = "import-tar",
-        [TRANSFER_IMPORT_RAW] = "import-raw",
-        [TRANSFER_EXPORT_TAR] = "export-tar",
-        [TRANSFER_EXPORT_RAW] = "export-raw",
-        [TRANSFER_PULL_TAR] = "pull-tar",
-        [TRANSFER_PULL_RAW] = "pull-raw",
-};
-
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(transfer_type, TransferType);
-
-static Transfer *transfer_unref(Transfer *t) {
-        if (!t)
-                return NULL;
-
-        if (t->manager)
-                hashmap_remove(t->manager->transfers, UINT32_TO_PTR(t->id));
-
-        sd_event_source_unref(t->pid_event_source);
-        sd_event_source_unref(t->log_event_source);
-
-        free(t->remote);
-        free(t->local);
-        free(t->format);
-        free(t->object_path);
-
-        if (t->pid > 0) {
-                (void) kill_and_sigcont(t->pid, SIGKILL);
-                (void) wait_for_terminate(t->pid, NULL);
-        }
-
-        safe_close(t->log_fd);
-        safe_close(t->stdin_fd);
-        safe_close(t->stdout_fd);
-
-        free(t);
-        return NULL;
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Transfer*, transfer_unref);
-
-static int transfer_new(Manager *m, Transfer **ret) {
-        _cleanup_(transfer_unrefp) Transfer *t = NULL;
-        uint32_t id;
-        int r;
-
-        assert(m);
-        assert(ret);
-
-        if (hashmap_size(m->transfers) >= TRANSFERS_MAX)
-                return -E2BIG;
-
-        r = hashmap_ensure_allocated(&m->transfers, &trivial_hash_ops);
-        if (r < 0)
-                return r;
-
-        t = new0(Transfer, 1);
-        if (!t)
-                return -ENOMEM;
-
-        t->type = _TRANSFER_TYPE_INVALID;
-        t->log_fd = -1;
-        t->stdin_fd = -1;
-        t->stdout_fd = -1;
-        t->verify = _IMPORT_VERIFY_INVALID;
-
-        id = m->current_transfer_id + 1;
-
-        if (asprintf(&t->object_path, "/org/freedesktop/import1/transfer/_%" PRIu32, id) < 0)
-                return -ENOMEM;
-
-        r = hashmap_put(m->transfers, UINT32_TO_PTR(id), t);
-        if (r < 0)
-                return r;
-
-        m->current_transfer_id = id;
-
-        t->manager = m;
-        t->id = id;
-
-        *ret = t;
-        t = NULL;
-
-        return 0;
-}
-
-static void transfer_send_log_line(Transfer *t, const char *line) {
-        int r, priority = LOG_INFO;
-
-        assert(t);
-        assert(line);
-
-        syslog_parse_priority(&line, &priority, true);
-
-        log_full(priority, "(transfer%" PRIu32 ") %s", t->id, line);
-
-        r = sd_bus_emit_signal(
-                        t->manager->bus,
-                        t->object_path,
-                        "org.freedesktop.import1.Transfer",
-                        "LogMessage",
-                        "us",
-                        priority,
-                        line);
-        if (r < 0)
-                log_error_errno(r, "Cannot emit message: %m");
- }
-
-static void transfer_send_logs(Transfer *t, bool flush) {
-        assert(t);
-
-        /* Try to send out all log messages, if we can. But if we
-         * can't we remove the messages from the buffer, but don't
-         * fail */
-
-        while (t->log_message_size > 0) {
-                _cleanup_free_ char *n = NULL;
-                char *e;
-
-                if (t->log_message_size >= sizeof(t->log_message))
-                        e = t->log_message + sizeof(t->log_message);
-                else {
-                        char *a, *b;
-
-                        a = memchr(t->log_message, 0, t->log_message_size);
-                        b = memchr(t->log_message, '\n', t->log_message_size);
-
-                        if (a && b)
-                                e = a < b ? a : b;
-                        else if (a)
-                                e = a;
-                        else
-                                e = b;
-                }
-
-                if (!e) {
-                        if (!flush)
-                                return;
-
-                        e = t->log_message + t->log_message_size;
-                }
-
-                n = strndup(t->log_message, e - t->log_message);
-
-                /* Skip over NUL and newlines */
-                while ((e < t->log_message + t->log_message_size) && (*e == 0 || *e == '\n'))
-                        e++;
-
-                memmove(t->log_message, e, t->log_message + sizeof(t->log_message) - e);
-                t->log_message_size -= e - t->log_message;
-
-                if (!n) {
-                        log_oom();
-                        continue;
-                }
-
-                if (isempty(n))
-                        continue;
-
-                transfer_send_log_line(t, n);
-        }
-}
-
-static int transfer_finalize(Transfer *t, bool success) {
-        int r;
-
-        assert(t);
-
-        transfer_send_logs(t, true);
-
-        r = sd_bus_emit_signal(
-                        t->manager->bus,
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "TransferRemoved",
-                        "uos",
-                        t->id,
-                        t->object_path,
-                        success ? "done" :
-                        t->n_canceled > 0 ? "canceled" : "failed");
-
-        if (r < 0)
-                log_error_errno(r, "Cannot emit message: %m");
-
-        transfer_unref(t);
-        return 0;
-}
-
-static int transfer_cancel(Transfer *t) {
-        int r;
-
-        assert(t);
-
-        r = kill_and_sigcont(t->pid, t->n_canceled < 3 ? SIGTERM : SIGKILL);
-        if (r < 0)
-                return r;
-
-        t->n_canceled++;
-        return 0;
-}
-
-static int transfer_on_pid(sd_event_source *s, const siginfo_t *si, void *userdata) {
-        Transfer *t = userdata;
-        bool success = false;
-
-        assert(s);
-        assert(t);
-
-        if (si->si_code == CLD_EXITED) {
-                if (si->si_status != 0)
-                        log_error("Import process failed with exit code %i.", si->si_status);
-                else {
-                        log_debug("Import process succeeded.");
-                        success = true;
-                }
-
-        } else if (si->si_code == CLD_KILLED ||
-                   si->si_code == CLD_DUMPED)
-
-                log_error("Import process terminated by signal %s.", signal_to_string(si->si_status));
-        else
-                log_error("Import process failed due to unknown reason.");
-
-        t->pid = 0;
-
-        return transfer_finalize(t, success);
-}
-
-static int transfer_on_log(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Transfer *t = userdata;
-        ssize_t l;
-
-        assert(s);
-        assert(t);
-
-        l = read(fd, t->log_message + t->log_message_size, sizeof(t->log_message) - t->log_message_size);
-        if (l <= 0) {
-                /* EOF/read error. We just close the pipe here, and
-                 * close the watch, waiting for the SIGCHLD to arrive,
-                 * before we do anything else. */
-
-                if (l < 0)
-                        log_error_errno(errno, "Failed to read log message: %m");
-
-                t->log_event_source = sd_event_source_unref(t->log_event_source);
-                return 0;
-        }
-
-        t->log_message_size += l;
-
-        transfer_send_logs(t, false);
-
-        return 0;
-}
-
-static int transfer_start(Transfer *t) {
-        _cleanup_close_pair_ int pipefd[2] = { -1, -1 };
-        int r;
-
-        assert(t);
-        assert(t->pid <= 0);
-
-        if (pipe2(pipefd, O_CLOEXEC) < 0)
-                return -errno;
-
-        t->pid = fork();
-        if (t->pid < 0)
-                return -errno;
-        if (t->pid == 0) {
-                const char *cmd[] = {
-                        NULL, /* systemd-import, systemd-export or systemd-pull */
-                        NULL, /* tar, raw  */
-                        NULL, /* --verify= */
-                        NULL, /* verify argument */
-                        NULL, /* maybe --force */
-                        NULL, /* maybe --read-only */
-                        NULL, /* if so: the actual URL */
-                        NULL, /* maybe --format= */
-                        NULL, /* if so: the actual format */
-                        NULL, /* remote */
-                        NULL, /* local */
-                        NULL
-                };
-                unsigned k = 0;
-
-                /* Child */
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
-
-                pipefd[0] = safe_close(pipefd[0]);
-
-                if (dup2(pipefd[1], STDERR_FILENO) != STDERR_FILENO) {
-                        log_error_errno(errno, "Failed to dup2() fd: %m");
-                        _exit(EXIT_FAILURE);
-                }
-
-                if (t->stdout_fd >= 0) {
-                        if (dup2(t->stdout_fd, STDOUT_FILENO) != STDOUT_FILENO) {
-                                log_error_errno(errno, "Failed to dup2() fd: %m");
-                                _exit(EXIT_FAILURE);
-                        }
-
-                        if (t->stdout_fd != STDOUT_FILENO)
-                                safe_close(t->stdout_fd);
-                } else {
-                        if (dup2(pipefd[1], STDOUT_FILENO) != STDOUT_FILENO) {
-                                log_error_errno(errno, "Failed to dup2() fd: %m");
-                                _exit(EXIT_FAILURE);
-                        }
-                }
-
-                if (pipefd[1] != STDOUT_FILENO && pipefd[1] != STDERR_FILENO)
-                        pipefd[1] = safe_close(pipefd[1]);
-
-                if (t->stdin_fd >= 0) {
-                        if (dup2(t->stdin_fd, STDIN_FILENO) != STDIN_FILENO) {
-                                log_error_errno(errno, "Failed to dup2() fd: %m");
-                                _exit(EXIT_FAILURE);
-                        }
-
-                        if (t->stdin_fd != STDIN_FILENO)
-                                safe_close(t->stdin_fd);
-                } else {
-                        int null_fd;
-
-                        null_fd = open("/dev/null", O_RDONLY|O_NOCTTY);
-                        if (null_fd < 0) {
-                                log_error_errno(errno, "Failed to open /dev/null: %m");
-                                _exit(EXIT_FAILURE);
-                        }
-
-                        if (dup2(null_fd, STDIN_FILENO) != STDIN_FILENO) {
-                                log_error_errno(errno, "Failed to dup2() fd: %m");
-                                _exit(EXIT_FAILURE);
-                        }
-
-                        if (null_fd != STDIN_FILENO)
-                                safe_close(null_fd);
-                }
-
-                fd_cloexec(STDIN_FILENO, false);
-                fd_cloexec(STDOUT_FILENO, false);
-                fd_cloexec(STDERR_FILENO, false);
-
-                setenv("SYSTEMD_LOG_TARGET", "console-prefixed", 1);
-                setenv("NOTIFY_SOCKET", "/run/systemd/import/notify", 1);
-
-                if (IN_SET(t->type, TRANSFER_IMPORT_TAR, TRANSFER_IMPORT_RAW))
-                        cmd[k++] = SYSTEMD_IMPORT_PATH;
-                else if (IN_SET(t->type, TRANSFER_EXPORT_TAR, TRANSFER_EXPORT_RAW))
-                        cmd[k++] = SYSTEMD_EXPORT_PATH;
-                else
-                        cmd[k++] = SYSTEMD_PULL_PATH;
-
-                if (IN_SET(t->type, TRANSFER_IMPORT_TAR, TRANSFER_EXPORT_TAR, TRANSFER_PULL_TAR))
-                        cmd[k++] = "tar";
-                else
-                        cmd[k++] = "raw";
-
-                if (t->verify != _IMPORT_VERIFY_INVALID) {
-                        cmd[k++] = "--verify";
-                        cmd[k++] = import_verify_to_string(t->verify);
-                }
-
-                if (t->force_local)
-                        cmd[k++] = "--force";
-                if (t->read_only)
-                        cmd[k++] = "--read-only";
-
-                if (t->format) {
-                        cmd[k++] = "--format";
-                        cmd[k++] = t->format;
-                }
-
-                if (!IN_SET(t->type, TRANSFER_EXPORT_TAR, TRANSFER_EXPORT_RAW)) {
-                        if (t->remote)
-                                cmd[k++] = t->remote;
-                        else
-                                cmd[k++] = "-";
-                }
-
-                if (t->local)
-                        cmd[k++] = t->local;
-                cmd[k] = NULL;
-
-                execv(cmd[0], (char * const *) cmd);
-                log_error_errno(errno, "Failed to execute %s tool: %m", cmd[0]);
-                _exit(EXIT_FAILURE);
-        }
-
-        pipefd[1] = safe_close(pipefd[1]);
-        t->log_fd = pipefd[0];
-        pipefd[0] = -1;
-
-        t->stdin_fd = safe_close(t->stdin_fd);
-
-        r = sd_event_add_child(t->manager->event, &t->pid_event_source, t->pid, WEXITED, transfer_on_pid, t);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_io(t->manager->event, &t->log_event_source, t->log_fd, EPOLLIN, transfer_on_log, t);
-        if (r < 0)
-                return r;
-
-        /* Make sure always process logging before SIGCHLD */
-        r = sd_event_source_set_priority(t->log_event_source, SD_EVENT_PRIORITY_NORMAL -5);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_emit_signal(
-                        t->manager->bus,
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "TransferNew",
-                        "uo",
-                        t->id,
-                        t->object_path);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static Manager *manager_unref(Manager *m) {
-        Transfer *t;
-
-        if (!m)
-                return NULL;
-
-        sd_event_source_unref(m->notify_event_source);
-        safe_close(m->notify_fd);
-
-        while ((t = hashmap_first(m->transfers)))
-                transfer_unref(t);
-
-        hashmap_free(m->transfers);
-
-        bus_verify_polkit_async_registry_free(m->polkit_registry);
-
-        m->bus = sd_bus_flush_close_unref(m->bus);
-        sd_event_unref(m->event);
-
-        free(m);
-        return NULL;
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_unref);
-
-static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-
-        char buf[NOTIFY_BUFFER_MAX+1];
-        struct iovec iovec = {
-                .iov_base = buf,
-                .iov_len = sizeof(buf)-1,
-        };
-        union {
-                struct cmsghdr cmsghdr;
-                uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
-                            CMSG_SPACE(sizeof(int) * NOTIFY_FD_MAX)];
-        } control = {};
-        struct msghdr msghdr = {
-                .msg_iov = &iovec,
-                .msg_iovlen = 1,
-                .msg_control = &control,
-                .msg_controllen = sizeof(control),
-        };
-        struct ucred *ucred = NULL;
-        Manager *m = userdata;
-        struct cmsghdr *cmsg;
-        unsigned percent;
-        char *p, *e;
-        Transfer *t;
-        Iterator i;
-        ssize_t n;
-        int r;
-
-        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (n < 0) {
-                if (errno == EAGAIN || errno == EINTR)
-                        return 0;
-
-                return -errno;
-        }
-
-        cmsg_close_all(&msghdr);
-
-        CMSG_FOREACH(cmsg, &msghdr)
-                if (cmsg->cmsg_level == SOL_SOCKET &&
-                    cmsg->cmsg_type == SCM_CREDENTIALS &&
-                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
-                        ucred = (struct ucred*) CMSG_DATA(cmsg);
-
-        if (msghdr.msg_flags & MSG_TRUNC) {
-                log_warning("Got overly long notification datagram, ignoring.");
-                return 0;
-        }
-
-        if (!ucred || ucred->pid <= 0) {
-                log_warning("Got notification datagram lacking credential information, ignoring.");
-                return 0;
-        }
-
-        HASHMAP_FOREACH(t, m->transfers, i)
-                if (ucred->pid == t->pid)
-                        break;
-
-        if (!t) {
-                log_warning("Got notification datagram from unexpected peer, ignoring.");
-                return 0;
-        }
-
-        buf[n] = 0;
-
-        p = startswith(buf, "X_IMPORT_PROGRESS=");
-        if (!p) {
-                p = strstr(buf, "\nX_IMPORT_PROGRESS=");
-                if (!p)
-                        return 0;
-
-                p += 19;
-        }
-
-        e = strchrnul(p, '\n');
-        *e = 0;
-
-        r = safe_atou(p, &percent);
-        if (r < 0 || percent > 100) {
-                log_warning("Got invalid percent value, ignoring.");
-                return 0;
-        }
-
-        t->progress_percent = percent;
-
-        log_debug("Got percentage from client: %u%%", percent);
-        return 0;
-}
-
-static int manager_new(Manager **ret) {
-        _cleanup_(manager_unrefp) Manager *m = NULL;
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/import/notify",
-        };
-        static const int one = 1;
-        int r;
-
-        assert(ret);
-
-        m = new0(Manager, 1);
-        if (!m)
-                return -ENOMEM;
-
-        r = sd_event_default(&m->event);
-        if (r < 0)
-                return r;
-
-        sd_event_set_watchdog(m->event, true);
-
-        r = sd_bus_default_system(&m->bus);
-        if (r < 0)
-                return r;
-
-        m->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-        if (m->notify_fd < 0)
-                return -errno;
-
-        (void) mkdir_parents_label(sa.un.sun_path, 0755);
-        (void) unlink(sa.un.sun_path);
-
-        if (bind(m->notify_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
-                return -errno;
-
-        if (setsockopt(m->notify_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
-                return -errno;
-
-        r = sd_event_add_io(m->event, &m->notify_event_source, m->notify_fd, EPOLLIN, manager_on_notify, m);
-        if (r < 0)
-                return r;
-
-        *ret = m;
-        m = NULL;
-
-        return 0;
-}
-
-static Transfer *manager_find(Manager *m, TransferType type, const char *remote) {
-        Transfer *t;
-        Iterator i;
-
-        assert(m);
-        assert(type >= 0);
-        assert(type < _TRANSFER_TYPE_MAX);
-
-        HASHMAP_FOREACH(t, m->transfers, i) {
-
-                if (t->type == type &&
-                    streq_ptr(t->remote, remote))
-                        return t;
-        }
-
-        return NULL;
-}
-
-static int method_import_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
-        _cleanup_(transfer_unrefp) Transfer *t = NULL;
-        int fd, force, read_only, r;
-        const char *local, *object;
-        Manager *m = userdata;
-        TransferType type;
-        uint32_t id;
-
-        assert(msg);
-        assert(m);
-
-        r = bus_verify_polkit_async(
-                        msg,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.import1.import",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        r = sd_bus_message_read(msg, "hsbb", &fd, &local, &force, &read_only);
-        if (r < 0)
-                return r;
-
-        if (!machine_name_is_valid(local))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Local name %s is invalid", local);
-
-        r = setup_machine_directory((uint64_t) -1, error);
-        if (r < 0)
-                return r;
-
-        type = streq_ptr(sd_bus_message_get_member(msg), "ImportTar") ? TRANSFER_IMPORT_TAR : TRANSFER_IMPORT_RAW;
-
-        r = transfer_new(m, &t);
-        if (r < 0)
-                return r;
-
-        t->type = type;
-        t->force_local = force;
-        t->read_only = read_only;
-
-        t->local = strdup(local);
-        if (!t->local)
-                return -ENOMEM;
-
-        t->stdin_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-        if (t->stdin_fd < 0)
-                return -errno;
-
-        r = transfer_start(t);
-        if (r < 0)
-                return r;
-
-        object = t->object_path;
-        id = t->id;
-        t = NULL;
-
-        return sd_bus_reply_method_return(msg, "uo", id, object);
-}
-
-static int method_export_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
-        _cleanup_(transfer_unrefp) Transfer *t = NULL;
-        int fd, r;
-        const char *local, *object, *format;
-        Manager *m = userdata;
-        TransferType type;
-        uint32_t id;
-
-        assert(msg);
-        assert(m);
-
-        r = bus_verify_polkit_async(
-                        msg,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.import1.export",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        r = sd_bus_message_read(msg, "shs", &local, &fd, &format);
-        if (r < 0)
-                return r;
-
-        if (!machine_name_is_valid(local))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Local name %s is invalid", local);
-
-        type = streq_ptr(sd_bus_message_get_member(msg), "ExportTar") ? TRANSFER_EXPORT_TAR : TRANSFER_EXPORT_RAW;
-
-        r = transfer_new(m, &t);
-        if (r < 0)
-                return r;
-
-        t->type = type;
-
-        if (!isempty(format)) {
-                t->format = strdup(format);
-                if (!t->format)
-                        return -ENOMEM;
-        }
-
-        t->local = strdup(local);
-        if (!t->local)
-                return -ENOMEM;
-
-        t->stdout_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-        if (t->stdout_fd < 0)
-                return -errno;
-
-        r = transfer_start(t);
-        if (r < 0)
-                return r;
-
-        object = t->object_path;
-        id = t->id;
-        t = NULL;
-
-        return sd_bus_reply_method_return(msg, "uo", id, object);
-}
-
-static int method_pull_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
-        _cleanup_(transfer_unrefp) Transfer *t = NULL;
-        const char *remote, *local, *verify, *object;
-        Manager *m = userdata;
-        ImportVerify v;
-        TransferType type;
-        int force, r;
-        uint32_t id;
-
-        assert(msg);
-        assert(m);
-
-        r = bus_verify_polkit_async(
-                        msg,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.import1.pull",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        r = sd_bus_message_read(msg, "sssb", &remote, &local, &verify, &force);
-        if (r < 0)
-                return r;
-
-        if (!http_url_is_valid(remote))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "URL %s is invalid", remote);
-
-        if (isempty(local))
-                local = NULL;
-        else if (!machine_name_is_valid(local))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Local name %s is invalid", local);
-
-        if (isempty(verify))
-                v = IMPORT_VERIFY_SIGNATURE;
-        else
-                v = import_verify_from_string(verify);
-        if (v < 0)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown verification mode %s", verify);
-
-        r = setup_machine_directory((uint64_t) -1, error);
-        if (r < 0)
-                return r;
-
-        type = streq_ptr(sd_bus_message_get_member(msg), "PullTar") ? TRANSFER_PULL_TAR : TRANSFER_PULL_RAW;
-
-        if (manager_find(m, type, remote))
-                return sd_bus_error_setf(error, BUS_ERROR_TRANSFER_IN_PROGRESS, "Transfer for %s already in progress.", remote);
-
-        r = transfer_new(m, &t);
-        if (r < 0)
-                return r;
-
-        t->type = type;
-        t->verify = v;
-        t->force_local = force;
-
-        t->remote = strdup(remote);
-        if (!t->remote)
-                return -ENOMEM;
-
-        if (local) {
-                t->local = strdup(local);
-                if (!t->local)
-                        return -ENOMEM;
-        }
-
-        r = transfer_start(t);
-        if (r < 0)
-                return r;
-
-        object = t->object_path;
-        id = t->id;
-        t = NULL;
-
-        return sd_bus_reply_method_return(msg, "uo", id, object);
-}
-
-static int method_list_transfers(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        Manager *m = userdata;
-        Transfer *t;
-        Iterator i;
-        int r;
-
-        assert(msg);
-        assert(m);
-
-        r = sd_bus_message_new_method_return(msg, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(usssdo)");
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH(t, m->transfers, i) {
-
-                r = sd_bus_message_append(
-                                reply,
-                                "(usssdo)",
-                                t->id,
-                                transfer_type_to_string(t->type),
-                                t->remote,
-                                t->local,
-                                (double) t->progress_percent / 100.0,
-                                t->object_path);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_cancel(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
-        Transfer *t = userdata;
-        int r;
-
-        assert(msg);
-        assert(t);
-
-        r = bus_verify_polkit_async(
-                        msg,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.import1.pull",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &t->manager->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        r = transfer_cancel(t);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(msg, NULL);
-}
-
-static int method_cancel_transfer(sd_bus_message *msg, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Transfer *t;
-        uint32_t id;
-        int r;
-
-        assert(msg);
-        assert(m);
-
-        r = bus_verify_polkit_async(
-                        msg,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.import1.pull",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        r = sd_bus_message_read(msg, "u", &id);
-        if (r < 0)
-                return r;
-        if (id <= 0)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid transfer id");
-
-        t = hashmap_get(m->transfers, UINT32_TO_PTR(id));
-        if (!t)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_TRANSFER, "No transfer by id %" PRIu32, id);
-
-        r = transfer_cancel(t);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(msg, NULL);
-}
-
-static int property_get_progress(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Transfer *t = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(t);
-
-        return sd_bus_message_append(reply, "d", (double) t->progress_percent / 100.0);
-}
-
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, transfer_type, TransferType);
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_verify, import_verify, ImportVerify);
-
-static const sd_bus_vtable transfer_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_PROPERTY("Id", "u", NULL, offsetof(Transfer, id), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Local", "s", NULL, offsetof(Transfer, local), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Remote", "s", NULL, offsetof(Transfer, remote), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Type", "s", property_get_type, offsetof(Transfer, type), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Verify", "s", property_get_verify, offsetof(Transfer, verify), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Progress", "d", property_get_progress, 0, 0),
-        SD_BUS_METHOD("Cancel", NULL, NULL, method_cancel, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_SIGNAL("LogMessage", "us", 0),
-        SD_BUS_VTABLE_END,
-};
-
-static const sd_bus_vtable manager_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_METHOD("ImportTar", "hsbb", "uo", method_import_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ImportRaw", "hsbb", "uo", method_import_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ExportTar", "shs", "uo", method_export_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ExportRaw", "shs", "uo", method_export_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("PullTar", "sssb", "uo", method_pull_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("PullRaw", "sssb", "uo", method_pull_tar_or_raw, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ListTransfers", NULL, "a(usssdo)", method_list_transfers, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CancelTransfer", "u", NULL, method_cancel_transfer, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_SIGNAL("TransferNew", "uo", 0),
-        SD_BUS_SIGNAL("TransferRemoved", "uos", 0),
-        SD_BUS_VTABLE_END,
-};
-
-static int transfer_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
-        Manager *m = userdata;
-        Transfer *t;
-        const char *p;
-        uint32_t id;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(interface);
-        assert(found);
-        assert(m);
-
-        p = startswith(path, "/org/freedesktop/import1/transfer/_");
-        if (!p)
-                return 0;
-
-        r = safe_atou32(p, &id);
-        if (r < 0 || id == 0)
-                return 0;
-
-        t = hashmap_get(m->transfers, UINT32_TO_PTR(id));
-        if (!t)
-                return 0;
-
-        *found = t;
-        return 1;
-}
-
-static int transfer_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
-        _cleanup_strv_free_ char **l = NULL;
-        Manager *m = userdata;
-        Transfer *t;
-        unsigned k = 0;
-        Iterator i;
-
-        l = new0(char*, hashmap_size(m->transfers) + 1);
-        if (!l)
-                return -ENOMEM;
-
-        HASHMAP_FOREACH(t, m->transfers, i) {
-
-                l[k] = strdup(t->object_path);
-                if (!l[k])
-                        return -ENOMEM;
-
-                k++;
-        }
-
-        *nodes = l;
-        l = NULL;
-
-        return 1;
-}
-
-static int manager_add_bus_objects(Manager *m) {
-        int r;
-
-        assert(m);
-
-        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/import1", "org.freedesktop.import1.Manager", manager_vtable, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register object: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/import1/transfer", "org.freedesktop.import1.Transfer", transfer_vtable, transfer_object_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register object: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/import1/transfer", transfer_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add transfer enumerator: %m");
-
-        r = sd_bus_request_name(m->bus, "org.freedesktop.import1", 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register name: %m");
-
-        r = sd_bus_attach_event(m->bus, m->event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        return 0;
-}
-
-static bool manager_check_idle(void *userdata) {
-        Manager *m = userdata;
-
-        return hashmap_isempty(m->transfers);
-}
-
-static int manager_run(Manager *m) {
-        assert(m);
-
-        return bus_event_loop_with_idle(
-                        m->event,
-                        m->bus,
-                        "org.freedesktop.import1",
-                        DEFAULT_EXIT_USEC,
-                        manager_check_idle,
-                        m);
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(manager_unrefp) Manager *m = NULL;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (argc != 1) {
-                log_error("This program takes no arguments.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, -1) >= 0);
-
-        r = manager_new(&m);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate manager object: %m");
-                goto finish;
-        }
-
-        r = manager_add_bus_objects(m);
-        if (r < 0)
-                goto finish;
-
-        r = manager_run(m);
-        if (r < 0) {
-                log_error_errno(r, "Failed to run event loop: %m");
-                goto finish;
-        }
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/import/pull-raw.c b/src/import/pull-raw.c
deleted file mode 100644
index 8993402821..0000000000
--- a/src/import/pull-raw.c
+++ /dev/null
@@ -1,651 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <curl/curl.h>
-#include <linux/fs.h>
-#include <sys/xattr.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "chattr-util.h"
-#include "copy.h"
-#include "curl-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hostname-util.h"
-#include "import-common.h"
-#include "import-util.h"
-#include "macro.h"
-#include "mkdir.h"
-#include "path-util.h"
-#include "pull-common.h"
-#include "pull-job.h"
-#include "pull-raw.h"
-#include "qcow2-util.h"
-#include "rm-rf.h"
-#include "string-util.h"
-#include "strv.h"
-#include "utf8.h"
-#include "util.h"
-#include "web-util.h"
-
-typedef enum RawProgress {
-        RAW_DOWNLOADING,
-        RAW_VERIFYING,
-        RAW_UNPACKING,
-        RAW_FINALIZING,
-        RAW_COPYING,
-} RawProgress;
-
-struct RawPull {
-        sd_event *event;
-        CurlGlue *glue;
-
-        char *image_root;
-
-        PullJob *raw_job;
-        PullJob *settings_job;
-        PullJob *checksum_job;
-        PullJob *signature_job;
-
-        RawPullFinished on_finished;
-        void *userdata;
-
-        char *local;
-        bool force_local;
-        bool grow_machine_directory;
-        bool settings;
-
-        char *final_path;
-        char *temp_path;
-
-        char *settings_path;
-        char *settings_temp_path;
-
-        ImportVerify verify;
-};
-
-RawPull* raw_pull_unref(RawPull *i) {
-        if (!i)
-                return NULL;
-
-        pull_job_unref(i->raw_job);
-        pull_job_unref(i->settings_job);
-        pull_job_unref(i->checksum_job);
-        pull_job_unref(i->signature_job);
-
-        curl_glue_unref(i->glue);
-        sd_event_unref(i->event);
-
-        if (i->temp_path) {
-                (void) unlink(i->temp_path);
-                free(i->temp_path);
-        }
-
-        if (i->settings_temp_path) {
-                (void) unlink(i->settings_temp_path);
-                free(i->settings_temp_path);
-        }
-
-        free(i->final_path);
-        free(i->settings_path);
-        free(i->image_root);
-        free(i->local);
-        free(i);
-
-        return NULL;
-}
-
-int raw_pull_new(
-                RawPull **ret,
-                sd_event *event,
-                const char *image_root,
-                RawPullFinished on_finished,
-                void *userdata) {
-
-        _cleanup_(raw_pull_unrefp) RawPull *i = NULL;
-        int r;
-
-        assert(ret);
-
-        i = new0(RawPull, 1);
-        if (!i)
-                return -ENOMEM;
-
-        i->on_finished = on_finished;
-        i->userdata = userdata;
-
-        i->image_root = strdup(image_root ?: "/var/lib/machines");
-        if (!i->image_root)
-                return -ENOMEM;
-
-        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
-
-        if (event)
-                i->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&i->event);
-                if (r < 0)
-                        return r;
-        }
-
-        r = curl_glue_new(&i->glue, i->event);
-        if (r < 0)
-                return r;
-
-        i->glue->on_finished = pull_job_curl_on_finished;
-        i->glue->userdata = i;
-
-        *ret = i;
-        i = NULL;
-
-        return 0;
-}
-
-static void raw_pull_report_progress(RawPull *i, RawProgress p) {
-        unsigned percent;
-
-        assert(i);
-
-        switch (p) {
-
-        case RAW_DOWNLOADING: {
-                unsigned remain = 80;
-
-                percent = 0;
-
-                if (i->settings_job) {
-                        percent += i->settings_job->progress_percent * 5 / 100;
-                        remain -= 5;
-                }
-
-                if (i->checksum_job) {
-                        percent += i->checksum_job->progress_percent * 5 / 100;
-                        remain -= 5;
-                }
-
-                if (i->signature_job) {
-                        percent += i->signature_job->progress_percent * 5 / 100;
-                        remain -= 5;
-                }
-
-                if (i->raw_job)
-                        percent += i->raw_job->progress_percent * remain / 100;
-                break;
-        }
-
-        case RAW_VERIFYING:
-                percent = 80;
-                break;
-
-        case RAW_UNPACKING:
-                percent = 85;
-                break;
-
-        case RAW_FINALIZING:
-                percent = 90;
-                break;
-
-        case RAW_COPYING:
-                percent = 95;
-                break;
-
-        default:
-                assert_not_reached("Unknown progress state");
-        }
-
-        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
-        log_debug("Combined progress %u%%", percent);
-}
-
-static int raw_pull_maybe_convert_qcow2(RawPull *i) {
-        _cleanup_close_ int converted_fd = -1;
-        _cleanup_free_ char *t = NULL;
-        int r;
-
-        assert(i);
-        assert(i->raw_job);
-
-        r = qcow2_detect(i->raw_job->disk_fd);
-        if (r < 0)
-                return log_error_errno(r, "Failed to detect whether this is a QCOW2 image: %m");
-        if (r == 0)
-                return 0;
-
-        /* This is a QCOW2 image, let's convert it */
-        r = tempfn_random(i->final_path, NULL, &t);
-        if (r < 0)
-                return log_oom();
-
-        converted_fd = open(t, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
-        if (converted_fd < 0)
-                return log_error_errno(errno, "Failed to create %s: %m", t);
-
-        r = chattr_fd(converted_fd, FS_NOCOW_FL, FS_NOCOW_FL);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set file attributes on %s: %m", t);
-
-        log_info("Unpacking QCOW2 file.");
-
-        r = qcow2_convert(i->raw_job->disk_fd, converted_fd);
-        if (r < 0) {
-                unlink(t);
-                return log_error_errno(r, "Failed to convert qcow2 image: %m");
-        }
-
-        (void) unlink(i->temp_path);
-        free(i->temp_path);
-        i->temp_path = t;
-        t = NULL;
-
-        safe_close(i->raw_job->disk_fd);
-        i->raw_job->disk_fd = converted_fd;
-        converted_fd = -1;
-
-        return 1;
-}
-
-static int raw_pull_make_local_copy(RawPull *i) {
-        _cleanup_free_ char *tp = NULL;
-        _cleanup_close_ int dfd = -1;
-        const char *p;
-        int r;
-
-        assert(i);
-        assert(i->raw_job);
-
-        if (!i->local)
-                return 0;
-
-        if (!i->final_path) {
-                r = pull_make_path(i->raw_job->url, i->raw_job->etag, i->image_root, ".raw-", ".raw", &i->final_path);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        if (i->raw_job->etag_exists) {
-                /* We have downloaded this one previously, reopen it */
-
-                assert(i->raw_job->disk_fd < 0);
-
-                i->raw_job->disk_fd = open(i->final_path, O_RDONLY|O_NOCTTY|O_CLOEXEC);
-                if (i->raw_job->disk_fd < 0)
-                        return log_error_errno(errno, "Failed to open vendor image: %m");
-        } else {
-                /* We freshly downloaded the image, use it */
-
-                assert(i->raw_job->disk_fd >= 0);
-
-                if (lseek(i->raw_job->disk_fd, SEEK_SET, 0) == (off_t) -1)
-                        return log_error_errno(errno, "Failed to seek to beginning of vendor image: %m");
-        }
-
-        p = strjoina(i->image_root, "/", i->local, ".raw");
-
-        if (i->force_local)
-                (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
-
-        r = tempfn_random(p, NULL, &tp);
-        if (r < 0)
-                return log_oom();
-
-        dfd = open(tp, O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
-        if (dfd < 0)
-                return log_error_errno(errno, "Failed to create writable copy of image: %m");
-
-        /* Turn off COW writing. This should greatly improve
-         * performance on COW file systems like btrfs, since it
-         * reduces fragmentation caused by not allowing in-place
-         * writes. */
-        r = chattr_fd(dfd, FS_NOCOW_FL, FS_NOCOW_FL);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set file attributes on %s: %m", tp);
-
-        r = copy_bytes(i->raw_job->disk_fd, dfd, (uint64_t) -1, true);
-        if (r < 0) {
-                unlink(tp);
-                return log_error_errno(r, "Failed to make writable copy of image: %m");
-        }
-
-        (void) copy_times(i->raw_job->disk_fd, dfd);
-        (void) copy_xattr(i->raw_job->disk_fd, dfd);
-
-        dfd = safe_close(dfd);
-
-        r = rename(tp, p);
-        if (r < 0)  {
-                r = log_error_errno(errno, "Failed to move writable image into place: %m");
-                unlink(tp);
-                return r;
-        }
-
-        log_info("Created new local image '%s'.", i->local);
-
-        if (i->settings) {
-                const char *local_settings;
-                assert(i->settings_job);
-
-                if (!i->settings_path) {
-                        r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
-                        if (r < 0)
-                                return log_oom();
-                }
-
-                local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
-
-                r = copy_file_atomic(i->settings_path, local_settings, 0644, i->force_local, 0);
-                if (r == -EEXIST)
-                        log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
-                else if (r == -ENOENT)
-                        log_debug_errno(r, "Skipping creation of settings file, since none was found.");
-                else if (r < 0)
-                        log_warning_errno(r, "Failed to copy settings files %s, ignoring: %m", local_settings);
-                else
-                        log_info("Created new settings file %s.", local_settings);
-        }
-
-        return 0;
-}
-
-static bool raw_pull_is_done(RawPull *i) {
-        assert(i);
-        assert(i->raw_job);
-
-        if (!PULL_JOB_IS_COMPLETE(i->raw_job))
-                return false;
-        if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
-                return false;
-        if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
-                return false;
-        if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
-                return false;
-
-        return true;
-}
-
-static void raw_pull_job_on_finished(PullJob *j) {
-        RawPull *i;
-        int r;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-        if (j == i->settings_job) {
-                if (j->error != 0)
-                        log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
-        } else if (j->error != 0) {
-                if (j == i->checksum_job)
-                        log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
-                else if (j == i->signature_job)
-                        log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
-                else
-                        log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
-
-                r = j->error;
-                goto finish;
-        }
-
-        /* This is invoked if either the download completed
-         * successfully, or the download was skipped because we
-         * already have the etag. In this case ->etag_exists is
-         * true.
-         *
-         * We only do something when we got all three files */
-
-        if (!raw_pull_is_done(i))
-                return;
-
-        if (i->settings_job)
-                i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
-
-        if (!i->raw_job->etag_exists) {
-                /* This is a new download, verify it, and move it into place */
-                assert(i->raw_job->disk_fd >= 0);
-
-                raw_pull_report_progress(i, RAW_VERIFYING);
-
-                r = pull_verify(i->raw_job, i->settings_job, i->checksum_job, i->signature_job);
-                if (r < 0)
-                        goto finish;
-
-                raw_pull_report_progress(i, RAW_UNPACKING);
-
-                r = raw_pull_maybe_convert_qcow2(i);
-                if (r < 0)
-                        goto finish;
-
-                raw_pull_report_progress(i, RAW_FINALIZING);
-
-                r = import_make_read_only_fd(i->raw_job->disk_fd);
-                if (r < 0)
-                        goto finish;
-
-                r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to move RAW file into place: %m");
-                        goto finish;
-                }
-
-                i->temp_path = mfree(i->temp_path);
-
-                if (i->settings_job &&
-                    i->settings_job->error == 0 &&
-                    !i->settings_job->etag_exists) {
-
-                        assert(i->settings_temp_path);
-                        assert(i->settings_path);
-
-                        r = import_make_read_only(i->settings_temp_path);
-                        if (r < 0)
-                                goto finish;
-
-                        r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to rename settings file: %m");
-                                goto finish;
-                        }
-
-                        i->settings_temp_path = mfree(i->settings_temp_path);
-                }
-        }
-
-        raw_pull_report_progress(i, RAW_COPYING);
-
-        r = raw_pull_make_local_copy(i);
-        if (r < 0)
-                goto finish;
-
-        r = 0;
-
-finish:
-        if (i->on_finished)
-                i->on_finished(i, r, i->userdata);
-        else
-                sd_event_exit(i->event, r);
-}
-
-static int raw_pull_job_on_open_disk_raw(PullJob *j) {
-        RawPull *i;
-        int r;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-        assert(i->raw_job == j);
-        assert(!i->final_path);
-        assert(!i->temp_path);
-
-        r = pull_make_path(j->url, j->etag, i->image_root, ".raw-", ".raw", &i->final_path);
-        if (r < 0)
-                return log_oom();
-
-        r = tempfn_random(i->final_path, NULL, &i->temp_path);
-        if (r < 0)
-                return log_oom();
-
-        (void) mkdir_parents_label(i->temp_path, 0700);
-
-        j->disk_fd = open(i->temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
-        if (j->disk_fd < 0)
-                return log_error_errno(errno, "Failed to create %s: %m", i->temp_path);
-
-        r = chattr_fd(j->disk_fd, FS_NOCOW_FL, FS_NOCOW_FL);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set file attributes on %s: %m", i->temp_path);
-
-        return 0;
-}
-
-static int raw_pull_job_on_open_disk_settings(PullJob *j) {
-        RawPull *i;
-        int r;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-        assert(i->settings_job == j);
-        assert(!i->settings_path);
-        assert(!i->settings_temp_path);
-
-        r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
-        if (r < 0)
-                return log_oom();
-
-        r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
-        if (r < 0)
-                return log_oom();
-
-        mkdir_parents_label(i->settings_temp_path, 0700);
-
-        j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
-        if (j->disk_fd < 0)
-                return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
-
-        return 0;
-}
-
-static void raw_pull_job_on_progress(PullJob *j) {
-        RawPull *i;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-
-        raw_pull_report_progress(i, RAW_DOWNLOADING);
-}
-
-int raw_pull_start(
-                RawPull *i,
-                const char *url,
-                const char *local,
-                bool force_local,
-                ImportVerify verify,
-                bool settings) {
-
-        int r;
-
-        assert(i);
-        assert(verify < _IMPORT_VERIFY_MAX);
-        assert(verify >= 0);
-
-        if (!http_url_is_valid(url))
-                return -EINVAL;
-
-        if (local && !machine_name_is_valid(local))
-                return -EINVAL;
-
-        if (i->raw_job)
-                return -EBUSY;
-
-        r = free_and_strdup(&i->local, local);
-        if (r < 0)
-                return r;
-
-        i->force_local = force_local;
-        i->verify = verify;
-        i->settings = settings;
-
-        /* Queue job for the image itself */
-        r = pull_job_new(&i->raw_job, url, i->glue, i);
-        if (r < 0)
-                return r;
-
-        i->raw_job->on_finished = raw_pull_job_on_finished;
-        i->raw_job->on_open_disk = raw_pull_job_on_open_disk_raw;
-        i->raw_job->on_progress = raw_pull_job_on_progress;
-        i->raw_job->calc_checksum = verify != IMPORT_VERIFY_NO;
-        i->raw_job->grow_machine_directory = i->grow_machine_directory;
-
-        r = pull_find_old_etags(url, i->image_root, DT_REG, ".raw-", ".raw", &i->raw_job->old_etags);
-        if (r < 0)
-                return r;
-
-        if (settings) {
-                r = pull_make_settings_job(&i->settings_job, url, i->glue, raw_pull_job_on_finished, i);
-                if (r < 0)
-                        return r;
-
-                i->settings_job->on_open_disk = raw_pull_job_on_open_disk_settings;
-                i->settings_job->on_progress = raw_pull_job_on_progress;
-                i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
-
-                r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
-                if (r < 0)
-                        return r;
-        }
-
-        r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_pull_job_on_finished, i);
-        if (r < 0)
-                return r;
-
-        r = pull_job_begin(i->raw_job);
-        if (r < 0)
-                return r;
-
-        if (i->settings_job) {
-                r = pull_job_begin(i->settings_job);
-                if (r < 0)
-                        return r;
-        }
-
-        if (i->checksum_job) {
-                i->checksum_job->on_progress = raw_pull_job_on_progress;
-
-                r = pull_job_begin(i->checksum_job);
-                if (r < 0)
-                        return r;
-        }
-
-        if (i->signature_job) {
-                i->signature_job->on_progress = raw_pull_job_on_progress;
-
-                r = pull_job_begin(i->signature_job);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
diff --git a/src/import/pull-raw.h b/src/import/pull-raw.h
deleted file mode 100644
index 8f6d16eb3a..0000000000
--- a/src/import/pull-raw.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "import-util.h"
-#include "macro.h"
-
-typedef struct RawPull RawPull;
-
-typedef void (*RawPullFinished)(RawPull *pull, int error, void *userdata);
-
-int raw_pull_new(RawPull **pull, sd_event *event, const char *image_root, RawPullFinished on_finished, void *userdata);
-RawPull* raw_pull_unref(RawPull *pull);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(RawPull*, raw_pull_unref);
-
-int raw_pull_start(RawPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings);
diff --git a/src/import/pull-tar.c b/src/import/pull-tar.c
deleted file mode 100644
index 8c61c46f73..0000000000
--- a/src/import/pull-tar.c
+++ /dev/null
@@ -1,563 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <curl/curl.h>
-#include <sys/prctl.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "copy.h"
-#include "curl-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hostname-util.h"
-#include "import-common.h"
-#include "import-util.h"
-#include "macro.h"
-#include "mkdir.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "pull-common.h"
-#include "pull-job.h"
-#include "pull-tar.h"
-#include "rm-rf.h"
-#include "string-util.h"
-#include "strv.h"
-#include "utf8.h"
-#include "util.h"
-#include "web-util.h"
-
-typedef enum TarProgress {
-        TAR_DOWNLOADING,
-        TAR_VERIFYING,
-        TAR_FINALIZING,
-        TAR_COPYING,
-} TarProgress;
-
-struct TarPull {
-        sd_event *event;
-        CurlGlue *glue;
-
-        char *image_root;
-
-        PullJob *tar_job;
-        PullJob *settings_job;
-        PullJob *checksum_job;
-        PullJob *signature_job;
-
-        TarPullFinished on_finished;
-        void *userdata;
-
-        char *local;
-        bool force_local;
-        bool grow_machine_directory;
-        bool settings;
-
-        pid_t tar_pid;
-
-        char *final_path;
-        char *temp_path;
-
-        char *settings_path;
-        char *settings_temp_path;
-
-        ImportVerify verify;
-};
-
-TarPull* tar_pull_unref(TarPull *i) {
-        if (!i)
-                return NULL;
-
-        if (i->tar_pid > 1) {
-                (void) kill_and_sigcont(i->tar_pid, SIGKILL);
-                (void) wait_for_terminate(i->tar_pid, NULL);
-        }
-
-        pull_job_unref(i->tar_job);
-        pull_job_unref(i->settings_job);
-        pull_job_unref(i->checksum_job);
-        pull_job_unref(i->signature_job);
-
-        curl_glue_unref(i->glue);
-        sd_event_unref(i->event);
-
-        if (i->temp_path) {
-                (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
-                free(i->temp_path);
-        }
-
-        if (i->settings_temp_path) {
-                (void) unlink(i->settings_temp_path);
-                free(i->settings_temp_path);
-        }
-
-        free(i->final_path);
-        free(i->settings_path);
-        free(i->image_root);
-        free(i->local);
-        free(i);
-
-        return NULL;
-}
-
-int tar_pull_new(
-                TarPull **ret,
-                sd_event *event,
-                const char *image_root,
-                TarPullFinished on_finished,
-                void *userdata) {
-
-        _cleanup_(tar_pull_unrefp) TarPull *i = NULL;
-        int r;
-
-        assert(ret);
-
-        i = new0(TarPull, 1);
-        if (!i)
-                return -ENOMEM;
-
-        i->on_finished = on_finished;
-        i->userdata = userdata;
-
-        i->image_root = strdup(image_root ?: "/var/lib/machines");
-        if (!i->image_root)
-                return -ENOMEM;
-
-        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
-
-        if (event)
-                i->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&i->event);
-                if (r < 0)
-                        return r;
-        }
-
-        r = curl_glue_new(&i->glue, i->event);
-        if (r < 0)
-                return r;
-
-        i->glue->on_finished = pull_job_curl_on_finished;
-        i->glue->userdata = i;
-
-        *ret = i;
-        i = NULL;
-
-        return 0;
-}
-
-static void tar_pull_report_progress(TarPull *i, TarProgress p) {
-        unsigned percent;
-
-        assert(i);
-
-        switch (p) {
-
-        case TAR_DOWNLOADING: {
-                unsigned remain = 85;
-
-                percent = 0;
-
-                if (i->settings_job) {
-                        percent += i->settings_job->progress_percent * 5 / 100;
-                        remain -= 5;
-                }
-
-                if (i->checksum_job) {
-                        percent += i->checksum_job->progress_percent * 5 / 100;
-                        remain -= 5;
-                }
-
-                if (i->signature_job) {
-                        percent += i->signature_job->progress_percent * 5 / 100;
-                        remain -= 5;
-                }
-
-                if (i->tar_job)
-                        percent += i->tar_job->progress_percent * remain / 100;
-                break;
-        }
-
-        case TAR_VERIFYING:
-                percent = 85;
-                break;
-
-        case TAR_FINALIZING:
-                percent = 90;
-                break;
-
-        case TAR_COPYING:
-                percent = 95;
-                break;
-
-        default:
-                assert_not_reached("Unknown progress state");
-        }
-
-        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
-        log_debug("Combined progress %u%%", percent);
-}
-
-static int tar_pull_make_local_copy(TarPull *i) {
-        int r;
-
-        assert(i);
-        assert(i->tar_job);
-
-        if (!i->local)
-                return 0;
-
-        if (!i->final_path) {
-                r = pull_make_path(i->tar_job->url, i->tar_job->etag, i->image_root, ".tar-", NULL, &i->final_path);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
-        if (r < 0)
-                return r;
-
-        if (i->settings) {
-                const char *local_settings;
-                assert(i->settings_job);
-
-                if (!i->settings_path) {
-                        r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
-                        if (r < 0)
-                                return log_oom();
-                }
-
-                local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
-
-                r = copy_file_atomic(i->settings_path, local_settings, 0664, i->force_local, 0);
-                if (r == -EEXIST)
-                        log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
-                else if (r == -ENOENT)
-                        log_debug_errno(r, "Skipping creation of settings file, since none was found.");
-                else if (r < 0)
-                        log_warning_errno(r, "Failed to copy settings files %s, ignoring: %m", local_settings);
-                else
-                        log_info("Created new settings file %s.", local_settings);
-        }
-
-        return 0;
-}
-
-static bool tar_pull_is_done(TarPull *i) {
-        assert(i);
-        assert(i->tar_job);
-
-        if (!PULL_JOB_IS_COMPLETE(i->tar_job))
-                return false;
-        if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
-                return false;
-        if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
-                return false;
-        if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
-                return false;
-
-        return true;
-}
-
-static void tar_pull_job_on_finished(PullJob *j) {
-        TarPull *i;
-        int r;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-
-        if (j == i->settings_job) {
-                if (j->error != 0)
-                        log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
-        } else if (j->error != 0) {
-                if (j == i->checksum_job)
-                        log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
-                else if (j == i->signature_job)
-                        log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
-                else
-                        log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
-
-                r = j->error;
-                goto finish;
-        }
-
-        /* This is invoked if either the download completed
-         * successfully, or the download was skipped because we
-         * already have the etag. */
-
-        if (!tar_pull_is_done(i))
-                return;
-
-        i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd);
-        if (i->settings_job)
-                i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
-
-        if (i->tar_pid > 0) {
-                r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
-                i->tar_pid = 0;
-                if (r < 0)
-                        goto finish;
-                if (r > 0) {
-                        r = -EIO;
-                        goto finish;
-                }
-        }
-
-        if (!i->tar_job->etag_exists) {
-                /* This is a new download, verify it, and move it into place */
-
-                tar_pull_report_progress(i, TAR_VERIFYING);
-
-                r = pull_verify(i->tar_job, i->settings_job, i->checksum_job, i->signature_job);
-                if (r < 0)
-                        goto finish;
-
-                tar_pull_report_progress(i, TAR_FINALIZING);
-
-                r = import_make_read_only(i->temp_path);
-                if (r < 0)
-                        goto finish;
-
-                r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to rename to final image name: %m");
-                        goto finish;
-                }
-
-                i->temp_path = mfree(i->temp_path);
-
-                if (i->settings_job &&
-                    i->settings_job->error == 0 &&
-                    !i->settings_job->etag_exists) {
-
-                        assert(i->settings_temp_path);
-                        assert(i->settings_path);
-
-                        /* Also move the settings file into place, if
-                         * it exist. Note that we do so only if we
-                         * also moved the tar file in place, to keep
-                         * things strictly in sync. */
-
-                        r = import_make_read_only(i->settings_temp_path);
-                        if (r < 0)
-                                goto finish;
-
-                        r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to rename settings file: %m");
-                                goto finish;
-                        }
-
-                        i->settings_temp_path = mfree(i->settings_temp_path);
-                }
-        }
-
-        tar_pull_report_progress(i, TAR_COPYING);
-
-        r = tar_pull_make_local_copy(i);
-        if (r < 0)
-                goto finish;
-
-        r = 0;
-
-finish:
-        if (i->on_finished)
-                i->on_finished(i, r, i->userdata);
-        else
-                sd_event_exit(i->event, r);
-}
-
-static int tar_pull_job_on_open_disk_tar(PullJob *j) {
-        TarPull *i;
-        int r;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-        assert(i->tar_job == j);
-        assert(!i->final_path);
-        assert(!i->temp_path);
-        assert(i->tar_pid <= 0);
-
-        r = pull_make_path(j->url, j->etag, i->image_root, ".tar-", NULL, &i->final_path);
-        if (r < 0)
-                return log_oom();
-
-        r = tempfn_random(i->final_path, NULL, &i->temp_path);
-        if (r < 0)
-                return log_oom();
-
-        mkdir_parents_label(i->temp_path, 0700);
-
-        r = btrfs_subvol_make(i->temp_path);
-        if (r == -ENOTTY) {
-                if (mkdir(i->temp_path, 0755) < 0)
-                        return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
-        else
-                (void) import_assign_pool_quota_and_warn(i->temp_path);
-
-        j->disk_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);
-        if (j->disk_fd < 0)
-                return j->disk_fd;
-
-        return 0;
-}
-
-static int tar_pull_job_on_open_disk_settings(PullJob *j) {
-        TarPull *i;
-        int r;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-        assert(i->settings_job == j);
-        assert(!i->settings_path);
-        assert(!i->settings_temp_path);
-
-        r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
-        if (r < 0)
-                return log_oom();
-
-        r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
-        if (r < 0)
-                return log_oom();
-
-        mkdir_parents_label(i->settings_temp_path, 0700);
-
-        j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
-        if (j->disk_fd < 0)
-                return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
-
-        return 0;
-}
-
-static void tar_pull_job_on_progress(PullJob *j) {
-        TarPull *i;
-
-        assert(j);
-        assert(j->userdata);
-
-        i = j->userdata;
-
-        tar_pull_report_progress(i, TAR_DOWNLOADING);
-}
-
-int tar_pull_start(
-                TarPull *i,
-                const char *url,
-                const char *local,
-                bool force_local,
-                ImportVerify verify,
-                bool settings) {
-
-        int r;
-
-        assert(i);
-        assert(verify < _IMPORT_VERIFY_MAX);
-        assert(verify >= 0);
-
-        if (!http_url_is_valid(url))
-                return -EINVAL;
-
-        if (local && !machine_name_is_valid(local))
-                return -EINVAL;
-
-        if (i->tar_job)
-                return -EBUSY;
-
-        r = free_and_strdup(&i->local, local);
-        if (r < 0)
-                return r;
-
-        i->force_local = force_local;
-        i->verify = verify;
-        i->settings = settings;
-
-        /* Set up download job for TAR file */
-        r = pull_job_new(&i->tar_job, url, i->glue, i);
-        if (r < 0)
-                return r;
-
-        i->tar_job->on_finished = tar_pull_job_on_finished;
-        i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar;
-        i->tar_job->on_progress = tar_pull_job_on_progress;
-        i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO;
-        i->tar_job->grow_machine_directory = i->grow_machine_directory;
-
-        r = pull_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags);
-        if (r < 0)
-                return r;
-
-        /* Set up download job for the settings file (.nspawn) */
-        if (settings) {
-                r = pull_make_settings_job(&i->settings_job, url, i->glue, tar_pull_job_on_finished, i);
-                if (r < 0)
-                        return r;
-
-                i->settings_job->on_open_disk = tar_pull_job_on_open_disk_settings;
-                i->settings_job->on_progress = tar_pull_job_on_progress;
-                i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
-
-                r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
-                if (r < 0)
-                        return r;
-        }
-
-        /* Set up download of checksum/signature files */
-        r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
-        if (r < 0)
-                return r;
-
-        r = pull_job_begin(i->tar_job);
-        if (r < 0)
-                return r;
-
-        if (i->settings_job) {
-                r = pull_job_begin(i->settings_job);
-                if (r < 0)
-                        return r;
-        }
-
-        if (i->checksum_job) {
-                i->checksum_job->on_progress = tar_pull_job_on_progress;
-
-                r = pull_job_begin(i->checksum_job);
-                if (r < 0)
-                        return r;
-        }
-
-        if (i->signature_job) {
-                i->signature_job->on_progress = tar_pull_job_on_progress;
-
-                r = pull_job_begin(i->signature_job);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
diff --git a/src/import/pull-tar.h b/src/import/pull-tar.h
deleted file mode 100644
index 7e63e496d8..0000000000
--- a/src/import/pull-tar.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "import-util.h"
-#include "macro.h"
-
-typedef struct TarPull TarPull;
-
-typedef void (*TarPullFinished)(TarPull *pull, int error, void *userdata);
-
-int tar_pull_new(TarPull **pull, sd_event *event, const char *image_root, TarPullFinished on_finished, void *userdata);
-TarPull* tar_pull_unref(TarPull *pull);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(TarPull*, tar_pull_unref);
-
-int tar_pull_start(TarPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings);
diff --git a/src/import/pull.c b/src/import/pull.c
deleted file mode 100644
index 72604a6a74..0000000000
--- a/src/import/pull.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "hostname-util.h"
-#include "import-util.h"
-#include "machine-image.h"
-#include "parse-util.h"
-#include "pull-raw.h"
-#include "pull-tar.h"
-#include "signal-util.h"
-#include "string-util.h"
-#include "verbs.h"
-#include "web-util.h"
-
-static bool arg_force = false;
-static const char *arg_image_root = "/var/lib/machines";
-static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
-static bool arg_settings = true;
-
-static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        log_notice("Transfer aborted.");
-        sd_event_exit(sd_event_source_get_event(s), EINTR);
-        return 0;
-}
-
-static void on_tar_finished(TarPull *pull, int error, void *userdata) {
-        sd_event *event = userdata;
-        assert(pull);
-
-        if (error == 0)
-                log_info("Operation completed successfully.");
-
-        sd_event_exit(event, abs(error));
-}
-
-static int pull_tar(int argc, char *argv[], void *userdata) {
-        _cleanup_(tar_pull_unrefp) TarPull *pull = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        const char *url, *local;
-        _cleanup_free_ char *l = NULL, *ll = NULL;
-        int r;
-
-        url = argv[1];
-        if (!http_url_is_valid(url)) {
-                log_error("URL '%s' is not valid.", url);
-                return -EINVAL;
-        }
-
-        if (argc >= 3)
-                local = argv[2];
-        else {
-                r = import_url_last_component(url, &l);
-                if (r < 0)
-                        return log_error_errno(r, "Failed get final component of URL: %m");
-
-                local = l;
-        }
-
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (local) {
-                r = tar_strip_suffixes(local, &ll);
-                if (r < 0)
-                        return log_oom();
-
-                local = ll;
-
-                if (!machine_name_is_valid(local)) {
-                        log_error("Local image name '%s' is not valid.", local);
-                        return -EINVAL;
-                }
-
-                if (!arg_force) {
-                        r = image_find(local, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
-                        else if (r > 0) {
-                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
-                                return -EEXIST;
-                        }
-                }
-
-                log_info("Pulling '%s', saving as '%s'.", url, local);
-        } else
-                log_info("Pulling '%s'.", url);
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event loop: %m");
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
-        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
-
-        r = tar_pull_new(&pull, event, arg_image_root, on_tar_finished, event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate puller: %m");
-
-        r = tar_pull_start(pull, url, local, arg_force, arg_verify, arg_settings);
-        if (r < 0)
-                return log_error_errno(r, "Failed to pull image: %m");
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        log_info("Exiting.");
-        return -r;
-}
-
-static void on_raw_finished(RawPull *pull, int error, void *userdata) {
-        sd_event *event = userdata;
-        assert(pull);
-
-        if (error == 0)
-                log_info("Operation completed successfully.");
-
-        sd_event_exit(event, abs(error));
-}
-
-static int pull_raw(int argc, char *argv[], void *userdata) {
-        _cleanup_(raw_pull_unrefp) RawPull *pull = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        const char *url, *local;
-        _cleanup_free_ char *l = NULL, *ll = NULL;
-        int r;
-
-        url = argv[1];
-        if (!http_url_is_valid(url)) {
-                log_error("URL '%s' is not valid.", url);
-                return -EINVAL;
-        }
-
-        if (argc >= 3)
-                local = argv[2];
-        else {
-                r = import_url_last_component(url, &l);
-                if (r < 0)
-                        return log_error_errno(r, "Failed get final component of URL: %m");
-
-                local = l;
-        }
-
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (local) {
-                r = raw_strip_suffixes(local, &ll);
-                if (r < 0)
-                        return log_oom();
-
-                local = ll;
-
-                if (!machine_name_is_valid(local)) {
-                        log_error("Local image name '%s' is not valid.", local);
-                        return -EINVAL;
-                }
-
-                if (!arg_force) {
-                        r = image_find(local, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local);
-                        else if (r > 0) {
-                                log_error_errno(EEXIST, "Image '%s' already exists.", local);
-                                return -EEXIST;
-                        }
-                }
-
-                log_info("Pulling '%s', saving as '%s'.", url, local);
-        } else
-                log_info("Pulling '%s'.", url);
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event loop: %m");
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-        (void) sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler,  NULL);
-        (void) sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
-
-        r = raw_pull_new(&pull, event, arg_image_root, on_raw_finished, event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate puller: %m");
-
-        r = raw_pull_start(pull, url, local, arg_force, arg_verify, arg_settings);
-        if (r < 0)
-                return log_error_errno(r, "Failed to pull image: %m");
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        log_info("Exiting.");
-        return -r;
-}
-
-static int help(int argc, char *argv[], void *userdata) {
-
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Download container or virtual machine images.\n\n"
-               "  -h --help                   Show this help\n"
-               "     --version                Show package version\n"
-               "     --force                  Force creation of image\n"
-               "     --verify=MODE            Verify downloaded image, one of: 'no',\n"
-               "                              'checksum', 'signature'\n"
-               "     --settings=BOOL          Download settings file with image\n"
-               "     --image-root=PATH        Image root directory\n\n"
-               "Commands:\n"
-               "  tar URL [NAME]              Download a TAR image\n"
-               "  raw URL [NAME]              Download a RAW image\n",
-               program_invocation_short_name);
-
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_FORCE,
-                ARG_IMAGE_ROOT,
-                ARG_VERIFY,
-                ARG_SETTINGS,
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'                 },
-                { "version",         no_argument,       NULL, ARG_VERSION         },
-                { "force",           no_argument,       NULL, ARG_FORCE           },
-                { "image-root",      required_argument, NULL, ARG_IMAGE_ROOT      },
-                { "verify",          required_argument, NULL, ARG_VERIFY          },
-                { "settings",        required_argument, NULL, ARG_SETTINGS        },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        return help(0, NULL, NULL);
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_FORCE:
-                        arg_force = true;
-                        break;
-
-                case ARG_IMAGE_ROOT:
-                        arg_image_root = optarg;
-                        break;
-
-                case ARG_VERIFY:
-                        arg_verify = import_verify_from_string(optarg);
-                        if (arg_verify < 0) {
-                                log_error("Invalid verification setting '%s'", optarg);
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case ARG_SETTINGS:
-                        r = parse_boolean(optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --settings= parameter '%s'", optarg);
-
-                        arg_settings = r;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int pull_main(int argc, char *argv[]) {
-
-        static const Verb verbs[] = {
-                { "help", VERB_ANY, VERB_ANY, 0, help     },
-                { "tar",  2,        3,        0, pull_tar },
-                { "raw",  2,        3,        0, pull_raw },
-                {}
-        };
-
-        return dispatch_verb(argc, argv, verbs, NULL);
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        (void) ignore_signals(SIGPIPE, -1);
-
-        r = pull_main(argc, argv);
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/initctl/Makefile b/src/initctl/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/initctl/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/initctl/initctl.c b/src/initctl/initctl.c
deleted file mode 100644
index 41b2237d16..0000000000
--- a/src/initctl/initctl.c
+++ /dev/null
@@ -1,428 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <ctype.h>
-#include <errno.h>
-#include <stdio.h>
-#include <sys/epoll.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "def.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "initreq.h"
-#include "list.h"
-#include "log.h"
-#include "special.h"
-#include "util.h"
-
-#define SERVER_FD_MAX 16
-#define TIMEOUT_MSEC ((int) (DEFAULT_EXIT_USEC/USEC_PER_MSEC))
-
-typedef struct Fifo Fifo;
-
-typedef struct Server {
-        int epoll_fd;
-
-        LIST_HEAD(Fifo, fifos);
-        unsigned n_fifos;
-
-        sd_bus *bus;
-
-        bool quit;
-} Server;
-
-struct Fifo {
-        Server *server;
-
-        int fd;
-
-        struct init_request buffer;
-        size_t bytes_read;
-
-        LIST_FIELDS(Fifo, fifo);
-};
-
-static const char *translate_runlevel(int runlevel, bool *isolate) {
-        static const struct {
-                const int runlevel;
-                const char *special;
-                bool isolate;
-        } table[] = {
-                { '0', SPECIAL_POWEROFF_TARGET,   false },
-                { '1', SPECIAL_RESCUE_TARGET,     true  },
-                { 's', SPECIAL_RESCUE_TARGET,     true  },
-                { 'S', SPECIAL_RESCUE_TARGET,     true  },
-                { '2', SPECIAL_MULTI_USER_TARGET, true  },
-                { '3', SPECIAL_MULTI_USER_TARGET, true  },
-                { '4', SPECIAL_MULTI_USER_TARGET, true  },
-                { '5', SPECIAL_GRAPHICAL_TARGET,  true  },
-                { '6', SPECIAL_REBOOT_TARGET,     false },
-        };
-
-        unsigned i;
-
-        assert(isolate);
-
-        for (i = 0; i < ELEMENTSOF(table); i++)
-                if (table[i].runlevel == runlevel) {
-                        *isolate = table[i].isolate;
-                        if (runlevel == '6' && kexec_loaded())
-                                return SPECIAL_KEXEC_TARGET;
-                        return table[i].special;
-                }
-
-        return NULL;
-}
-
-static void change_runlevel(Server *s, int runlevel) {
-        const char *target;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *mode;
-        bool isolate = false;
-        int r;
-
-        assert(s);
-
-        target = translate_runlevel(runlevel, &isolate);
-        if (!target) {
-                log_warning("Got request for unknown runlevel %c, ignoring.", runlevel);
-                return;
-        }
-
-        if (isolate)
-                mode = "isolate";
-        else
-                mode = "replace-irreversibly";
-
-        log_debug("Running request %s/start/%s", target, mode);
-
-        r = sd_bus_call_method(
-                        s->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartUnit",
-                        &error,
-                        NULL,
-                        "ss", target, mode);
-        if (r < 0) {
-                log_error("Failed to change runlevel: %s", bus_error_message(&error, -r));
-                return;
-        }
-}
-
-static void request_process(Server *s, const struct init_request *req) {
-        assert(s);
-        assert(req);
-
-        if (req->magic != INIT_MAGIC) {
-                log_error("Got initctl request with invalid magic. Ignoring.");
-                return;
-        }
-
-        switch (req->cmd) {
-
-        case INIT_CMD_RUNLVL:
-                if (!isprint(req->runlevel))
-                        log_error("Got invalid runlevel. Ignoring.");
-                else
-                        switch (req->runlevel) {
-
-                        /* we are async anyway, so just use kill for reexec/reload */
-                        case 'u':
-                        case 'U':
-                                if (kill(1, SIGTERM) < 0)
-                                        log_error_errno(errno, "kill() failed: %m");
-
-                                /* The bus connection will be
-                                 * terminated if PID 1 is reexecuted,
-                                 * hence let's just exit here, and
-                                 * rely on that we'll be restarted on
-                                 * the next request */
-                                s->quit = true;
-                                break;
-
-                        case 'q':
-                        case 'Q':
-                                if (kill(1, SIGHUP) < 0)
-                                        log_error_errno(errno, "kill() failed: %m");
-                                break;
-
-                        default:
-                                change_runlevel(s, req->runlevel);
-                        }
-                return;
-
-        case INIT_CMD_POWERFAIL:
-        case INIT_CMD_POWERFAILNOW:
-        case INIT_CMD_POWEROK:
-                log_warning("Received UPS/power initctl request. This is not implemented in systemd. Upgrade your UPS daemon!");
-                return;
-
-        case INIT_CMD_CHANGECONS:
-                log_warning("Received console change initctl request. This is not implemented in systemd.");
-                return;
-
-        case INIT_CMD_SETENV:
-        case INIT_CMD_UNSETENV:
-                log_warning("Received environment initctl request. This is not implemented in systemd.");
-                return;
-
-        default:
-                log_warning("Received unknown initctl request. Ignoring.");
-                return;
-        }
-}
-
-static int fifo_process(Fifo *f) {
-        ssize_t l;
-
-        assert(f);
-
-        errno = EIO;
-        l = read(f->fd,
-                 ((uint8_t*) &f->buffer) + f->bytes_read,
-                 sizeof(f->buffer) - f->bytes_read);
-        if (l <= 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                return log_warning_errno(errno, "Failed to read from fifo: %m");
-        }
-
-        f->bytes_read += l;
-        assert(f->bytes_read <= sizeof(f->buffer));
-
-        if (f->bytes_read == sizeof(f->buffer)) {
-                request_process(f->server, &f->buffer);
-                f->bytes_read = 0;
-        }
-
-        return 0;
-}
-
-static void fifo_free(Fifo *f) {
-        assert(f);
-
-        if (f->server) {
-                assert(f->server->n_fifos > 0);
-                f->server->n_fifos--;
-                LIST_REMOVE(fifo, f->server->fifos, f);
-        }
-
-        if (f->fd >= 0) {
-                if (f->server)
-                        epoll_ctl(f->server->epoll_fd, EPOLL_CTL_DEL, f->fd, NULL);
-
-                safe_close(f->fd);
-        }
-
-        free(f);
-}
-
-static void server_done(Server *s) {
-        assert(s);
-
-        while (s->fifos)
-                fifo_free(s->fifos);
-
-        safe_close(s->epoll_fd);
-
-        if (s->bus) {
-                sd_bus_flush(s->bus);
-                sd_bus_unref(s->bus);
-        }
-}
-
-static int server_init(Server *s, unsigned n_sockets) {
-        int r;
-        unsigned i;
-
-        assert(s);
-        assert(n_sockets > 0);
-
-        zero(*s);
-
-        s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
-        if (s->epoll_fd < 0) {
-                r = log_error_errno(errno,
-                                    "Failed to create epoll object: %m");
-                goto fail;
-        }
-
-        for (i = 0; i < n_sockets; i++) {
-                struct epoll_event ev;
-                Fifo *f;
-                int fd;
-
-                fd = SD_LISTEN_FDS_START+i;
-
-                r = sd_is_fifo(fd, NULL);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to determine file descriptor type: %m");
-                        goto fail;
-                }
-
-                if (!r) {
-                        log_error("Wrong file descriptor type.");
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                f = new0(Fifo, 1);
-                if (!f) {
-                        r = -ENOMEM;
-                        log_error_errno(errno, "Failed to create fifo object: %m");
-                        goto fail;
-                }
-
-                f->fd = -1;
-
-                zero(ev);
-                ev.events = EPOLLIN;
-                ev.data.ptr = f;
-                if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) {
-                        r = -errno;
-                        fifo_free(f);
-                        log_error_errno(errno, "Failed to add fifo fd to epoll object: %m");
-                        goto fail;
-                }
-
-                f->fd = fd;
-                LIST_PREPEND(fifo, s->fifos, f);
-                f->server = s;
-                s->n_fifos++;
-        }
-
-        r = bus_connect_system_systemd(&s->bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get D-Bus connection: %m");
-                r = -EIO;
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        server_done(s);
-
-        return r;
-}
-
-static int process_event(Server *s, struct epoll_event *ev) {
-        int r;
-        Fifo *f;
-
-        assert(s);
-
-        if (!(ev->events & EPOLLIN)) {
-                log_info("Got invalid event from epoll. (3)");
-                return -EIO;
-        }
-
-        f = (Fifo*) ev->data.ptr;
-        r = fifo_process(f);
-        if (r < 0) {
-                log_info_errno(r, "Got error on fifo: %m");
-                fifo_free(f);
-                return r;
-        }
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        Server server;
-        int r = EXIT_FAILURE, n;
-
-        if (getppid() != 1) {
-                log_error("This program should be invoked by init only.");
-                return EXIT_FAILURE;
-        }
-
-        if (argc > 1) {
-                log_error("This program does not take arguments.");
-                return EXIT_FAILURE;
-        }
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        n = sd_listen_fds(true);
-        if (n < 0) {
-                log_error_errno(r, "Failed to read listening file descriptors from environment: %m");
-                return EXIT_FAILURE;
-        }
-
-        if (n <= 0 || n > SERVER_FD_MAX) {
-                log_error("No or too many file descriptors passed.");
-                return EXIT_FAILURE;
-        }
-
-        if (server_init(&server, (unsigned) n) < 0)
-                return EXIT_FAILURE;
-
-        log_debug("systemd-initctl running as pid "PID_FMT, getpid());
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing requests...");
-
-        while (!server.quit) {
-                struct epoll_event event;
-                int k;
-
-                k = epoll_wait(server.epoll_fd, &event, 1, TIMEOUT_MSEC);
-                if (k < 0) {
-                        if (errno == EINTR)
-                                continue;
-                        log_error_errno(errno, "epoll_wait() failed: %m");
-                        goto fail;
-                }
-
-                if (k <= 0)
-                        break;
-
-                if (process_event(&server, &event) < 0)
-                        goto fail;
-        }
-
-        r = EXIT_SUCCESS;
-
-        log_debug("systemd-initctl stopped as pid "PID_FMT, getpid());
-
-fail:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Shutting down...");
-
-        server_done(&server);
-
-        return r;
-}
diff --git a/src/journal-remote/Makefile b/src/journal-remote/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/journal-remote/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
deleted file mode 100644
index e265027a04..0000000000
--- a/src/journal-remote/journal-gatewayd.c
+++ /dev/null
@@ -1,1077 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <getopt.h>
-#ifdef HAVE_GNUTLS
-#include <gnutls/gnutls.h>
-#endif
-#include <microhttpd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-daemon.h"
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "bus-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "hostname-util.h"
-#include "log.h"
-#include "logs-show.h"
-#include "microhttpd-util.h"
-#include "parse-util.h"
-#include "sigbus.h"
-#include "util.h"
-
-#define JOURNAL_WAIT_TIMEOUT (10*USEC_PER_SEC)
-
-static char *arg_key_pem = NULL;
-static char *arg_cert_pem = NULL;
-static char *arg_trust_pem = NULL;
-
-typedef struct RequestMeta {
-        sd_journal *journal;
-
-        OutputMode mode;
-
-        char *cursor;
-        int64_t n_skip;
-        uint64_t n_entries;
-        bool n_entries_set;
-
-        FILE *tmp;
-        uint64_t delta, size;
-
-        int argument_parse_error;
-
-        bool follow;
-        bool discrete;
-
-        uint64_t n_fields;
-        bool n_fields_set;
-} RequestMeta;
-
-static const char* const mime_types[_OUTPUT_MODE_MAX] = {
-        [OUTPUT_SHORT] = "text/plain",
-        [OUTPUT_JSON] = "application/json",
-        [OUTPUT_JSON_SSE] = "text/event-stream",
-        [OUTPUT_EXPORT] = "application/vnd.fdo.journal",
-};
-
-static RequestMeta *request_meta(void **connection_cls) {
-        RequestMeta *m;
-
-        assert(connection_cls);
-        if (*connection_cls)
-                return *connection_cls;
-
-        m = new0(RequestMeta, 1);
-        if (!m)
-                return NULL;
-
-        *connection_cls = m;
-        return m;
-}
-
-static void request_meta_free(
-                void *cls,
-                struct MHD_Connection *connection,
-                void **connection_cls,
-                enum MHD_RequestTerminationCode toe) {
-
-        RequestMeta *m = *connection_cls;
-
-        if (!m)
-                return;
-
-        sd_journal_close(m->journal);
-
-        safe_fclose(m->tmp);
-
-        free(m->cursor);
-        free(m);
-}
-
-static int open_journal(RequestMeta *m) {
-        assert(m);
-
-        if (m->journal)
-                return 0;
-
-        return sd_journal_open(&m->journal, SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM);
-}
-
-static int request_meta_ensure_tmp(RequestMeta *m) {
-        assert(m);
-
-        if (m->tmp)
-                rewind(m->tmp);
-        else {
-                int fd;
-
-                fd = open_tmpfile_unlinkable("/tmp", O_RDWR|O_CLOEXEC);
-                if (fd < 0)
-                        return fd;
-
-                m->tmp = fdopen(fd, "w+");
-                if (!m->tmp) {
-                        safe_close(fd);
-                        return -errno;
-                }
-        }
-
-        return 0;
-}
-
-static ssize_t request_reader_entries(
-                void *cls,
-                uint64_t pos,
-                char *buf,
-                size_t max) {
-
-        RequestMeta *m = cls;
-        int r;
-        size_t n, k;
-
-        assert(m);
-        assert(buf);
-        assert(max > 0);
-        assert(pos >= m->delta);
-
-        pos -= m->delta;
-
-        while (pos >= m->size) {
-                off_t sz;
-
-                /* End of this entry, so let's serialize the next
-                 * one */
-
-                if (m->n_entries_set &&
-                    m->n_entries <= 0)
-                        return MHD_CONTENT_READER_END_OF_STREAM;
-
-                if (m->n_skip < 0)
-                        r = sd_journal_previous_skip(m->journal, (uint64_t) -m->n_skip + 1);
-                else if (m->n_skip > 0)
-                        r = sd_journal_next_skip(m->journal, (uint64_t) m->n_skip + 1);
-                else
-                        r = sd_journal_next(m->journal);
-
-                if (r < 0) {
-                        log_error_errno(r, "Failed to advance journal pointer: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                } else if (r == 0) {
-
-                        if (m->follow) {
-                                r = sd_journal_wait(m->journal, (uint64_t) JOURNAL_WAIT_TIMEOUT);
-                                if (r < 0) {
-                                        log_error_errno(r, "Couldn't wait for journal event: %m");
-                                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                                }
-                                if (r == SD_JOURNAL_NOP)
-                                        break;
-
-                                continue;
-                        }
-
-                        return MHD_CONTENT_READER_END_OF_STREAM;
-                }
-
-                if (m->discrete) {
-                        assert(m->cursor);
-
-                        r = sd_journal_test_cursor(m->journal, m->cursor);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to test cursor: %m");
-                                return MHD_CONTENT_READER_END_WITH_ERROR;
-                        }
-
-                        if (r == 0)
-                                return MHD_CONTENT_READER_END_OF_STREAM;
-                }
-
-                pos -= m->size;
-                m->delta += m->size;
-
-                if (m->n_entries_set)
-                        m->n_entries -= 1;
-
-                m->n_skip = 0;
-
-                r = request_meta_ensure_tmp(m);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to create temporary file: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                }
-
-                r = output_journal(m->tmp, m->journal, m->mode, 0, OUTPUT_FULL_WIDTH, NULL);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to serialize item: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                }
-
-                sz = ftello(m->tmp);
-                if (sz == (off_t) -1) {
-                        log_error_errno(errno, "Failed to retrieve file position: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                }
-
-                m->size = (uint64_t) sz;
-        }
-
-        if (fseeko(m->tmp, pos, SEEK_SET) < 0) {
-                log_error_errno(errno, "Failed to seek to position: %m");
-                return MHD_CONTENT_READER_END_WITH_ERROR;
-        }
-
-        n = m->size - pos;
-        if (n < 1)
-                return 0;
-        if (n > max)
-                n = max;
-
-        errno = 0;
-        k = fread(buf, 1, n, m->tmp);
-        if (k != n) {
-                log_error("Failed to read from file: %s", errno ? strerror(errno) : "Premature EOF");
-                return MHD_CONTENT_READER_END_WITH_ERROR;
-        }
-
-        return (ssize_t) k;
-}
-
-static int request_parse_accept(
-                RequestMeta *m,
-                struct MHD_Connection *connection) {
-
-        const char *header;
-
-        assert(m);
-        assert(connection);
-
-        header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Accept");
-        if (!header)
-                return 0;
-
-        if (streq(header, mime_types[OUTPUT_JSON]))
-                m->mode = OUTPUT_JSON;
-        else if (streq(header, mime_types[OUTPUT_JSON_SSE]))
-                m->mode = OUTPUT_JSON_SSE;
-        else if (streq(header, mime_types[OUTPUT_EXPORT]))
-                m->mode = OUTPUT_EXPORT;
-        else
-                m->mode = OUTPUT_SHORT;
-
-        return 0;
-}
-
-static int request_parse_range(
-                RequestMeta *m,
-                struct MHD_Connection *connection) {
-
-        const char *range, *colon, *colon2;
-        int r;
-
-        assert(m);
-        assert(connection);
-
-        range = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Range");
-        if (!range)
-                return 0;
-
-        if (!startswith(range, "entries="))
-                return 0;
-
-        range += 8;
-        range += strspn(range, WHITESPACE);
-
-        colon = strchr(range, ':');
-        if (!colon)
-                m->cursor = strdup(range);
-        else {
-                const char *p;
-
-                colon2 = strchr(colon + 1, ':');
-                if (colon2) {
-                        _cleanup_free_ char *t;
-
-                        t = strndup(colon + 1, colon2 - colon - 1);
-                        if (!t)
-                                return -ENOMEM;
-
-                        r = safe_atoi64(t, &m->n_skip);
-                        if (r < 0)
-                                return r;
-                }
-
-                p = (colon2 ? colon2 : colon) + 1;
-                if (*p) {
-                        r = safe_atou64(p, &m->n_entries);
-                        if (r < 0)
-                                return r;
-
-                        if (m->n_entries <= 0)
-                                return -EINVAL;
-
-                        m->n_entries_set = true;
-                }
-
-                m->cursor = strndup(range, colon - range);
-        }
-
-        if (!m->cursor)
-                return -ENOMEM;
-
-        m->cursor[strcspn(m->cursor, WHITESPACE)] = 0;
-        if (isempty(m->cursor))
-                m->cursor = mfree(m->cursor);
-
-        return 0;
-}
-
-static int request_parse_arguments_iterator(
-                void *cls,
-                enum MHD_ValueKind kind,
-                const char *key,
-                const char *value) {
-
-        RequestMeta *m = cls;
-        _cleanup_free_ char *p = NULL;
-        int r;
-
-        assert(m);
-
-        if (isempty(key)) {
-                m->argument_parse_error = -EINVAL;
-                return MHD_NO;
-        }
-
-        if (streq(key, "follow")) {
-                if (isempty(value)) {
-                        m->follow = true;
-                        return MHD_YES;
-                }
-
-                r = parse_boolean(value);
-                if (r < 0) {
-                        m->argument_parse_error = r;
-                        return MHD_NO;
-                }
-
-                m->follow = r;
-                return MHD_YES;
-        }
-
-        if (streq(key, "discrete")) {
-                if (isempty(value)) {
-                        m->discrete = true;
-                        return MHD_YES;
-                }
-
-                r = parse_boolean(value);
-                if (r < 0) {
-                        m->argument_parse_error = r;
-                        return MHD_NO;
-                }
-
-                m->discrete = r;
-                return MHD_YES;
-        }
-
-        if (streq(key, "boot")) {
-                if (isempty(value))
-                        r = true;
-                else {
-                        r = parse_boolean(value);
-                        if (r < 0) {
-                                m->argument_parse_error = r;
-                                return MHD_NO;
-                        }
-                }
-
-                if (r) {
-                        char match[9 + 32 + 1] = "_BOOT_ID=";
-                        sd_id128_t bid;
-
-                        r = sd_id128_get_boot(&bid);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to get boot ID: %m");
-                                return MHD_NO;
-                        }
-
-                        sd_id128_to_string(bid, match + 9);
-                        r = sd_journal_add_match(m->journal, match, sizeof(match)-1);
-                        if (r < 0) {
-                                m->argument_parse_error = r;
-                                return MHD_NO;
-                        }
-                }
-
-                return MHD_YES;
-        }
-
-        p = strjoin(key, "=", strempty(value), NULL);
-        if (!p) {
-                m->argument_parse_error = log_oom();
-                return MHD_NO;
-        }
-
-        r = sd_journal_add_match(m->journal, p, 0);
-        if (r < 0) {
-                m->argument_parse_error = r;
-                return MHD_NO;
-        }
-
-        return MHD_YES;
-}
-
-static int request_parse_arguments(
-                RequestMeta *m,
-                struct MHD_Connection *connection) {
-
-        assert(m);
-        assert(connection);
-
-        m->argument_parse_error = 0;
-        MHD_get_connection_values(connection, MHD_GET_ARGUMENT_KIND, request_parse_arguments_iterator, m);
-
-        return m->argument_parse_error;
-}
-
-static int request_handler_entries(
-                struct MHD_Connection *connection,
-                void *connection_cls) {
-
-        struct MHD_Response *response;
-        RequestMeta *m = connection_cls;
-        int r;
-
-        assert(connection);
-        assert(m);
-
-        r = open_journal(m);
-        if (r < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to open journal: %s\n", strerror(-r));
-
-        if (request_parse_accept(m, connection) < 0)
-                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse Accept header.\n");
-
-        if (request_parse_range(m, connection) < 0)
-                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse Range header.\n");
-
-        if (request_parse_arguments(m, connection) < 0)
-                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse URL arguments.\n");
-
-        if (m->discrete) {
-                if (!m->cursor)
-                        return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Discrete seeks require a cursor specification.\n");
-
-                m->n_entries = 1;
-                m->n_entries_set = true;
-        }
-
-        if (m->cursor)
-                r = sd_journal_seek_cursor(m->journal, m->cursor);
-        else if (m->n_skip >= 0)
-                r = sd_journal_seek_head(m->journal);
-        else if (m->n_skip < 0)
-                r = sd_journal_seek_tail(m->journal);
-        if (r < 0)
-                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to seek in journal.\n");
-
-        response = MHD_create_response_from_callback(MHD_SIZE_UNKNOWN, 4*1024, request_reader_entries, m, NULL);
-        if (!response)
-                return respond_oom(connection);
-
-        MHD_add_response_header(response, "Content-Type", mime_types[m->mode]);
-
-        r = MHD_queue_response(connection, MHD_HTTP_OK, response);
-        MHD_destroy_response(response);
-
-        return r;
-}
-
-static int output_field(FILE *f, OutputMode m, const char *d, size_t l) {
-        const char *eq;
-        size_t j;
-
-        eq = memchr(d, '=', l);
-        if (!eq)
-                return -EINVAL;
-
-        j = l - (eq - d + 1);
-
-        if (m == OUTPUT_JSON) {
-                fprintf(f, "{ \"%.*s\" : ", (int) (eq - d), d);
-                json_escape(f, eq+1, j, OUTPUT_FULL_WIDTH);
-                fputs(" }\n", f);
-        } else {
-                fwrite(eq+1, 1, j, f);
-                fputc('\n', f);
-        }
-
-        return 0;
-}
-
-static ssize_t request_reader_fields(
-                void *cls,
-                uint64_t pos,
-                char *buf,
-                size_t max) {
-
-        RequestMeta *m = cls;
-        int r;
-        size_t n, k;
-
-        assert(m);
-        assert(buf);
-        assert(max > 0);
-        assert(pos >= m->delta);
-
-        pos -= m->delta;
-
-        while (pos >= m->size) {
-                off_t sz;
-                const void *d;
-                size_t l;
-
-                /* End of this field, so let's serialize the next
-                 * one */
-
-                if (m->n_fields_set &&
-                    m->n_fields <= 0)
-                        return MHD_CONTENT_READER_END_OF_STREAM;
-
-                r = sd_journal_enumerate_unique(m->journal, &d, &l);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to advance field index: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                } else if (r == 0)
-                        return MHD_CONTENT_READER_END_OF_STREAM;
-
-                pos -= m->size;
-                m->delta += m->size;
-
-                if (m->n_fields_set)
-                        m->n_fields -= 1;
-
-                r = request_meta_ensure_tmp(m);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to create temporary file: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                }
-
-                r = output_field(m->tmp, m->mode, d, l);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to serialize item: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                }
-
-                sz = ftello(m->tmp);
-                if (sz == (off_t) -1) {
-                        log_error_errno(errno, "Failed to retrieve file position: %m");
-                        return MHD_CONTENT_READER_END_WITH_ERROR;
-                }
-
-                m->size = (uint64_t) sz;
-        }
-
-        if (fseeko(m->tmp, pos, SEEK_SET) < 0) {
-                log_error_errno(errno, "Failed to seek to position: %m");
-                return MHD_CONTENT_READER_END_WITH_ERROR;
-        }
-
-        n = m->size - pos;
-        if (n > max)
-                n = max;
-
-        errno = 0;
-        k = fread(buf, 1, n, m->tmp);
-        if (k != n) {
-                log_error("Failed to read from file: %s", errno ? strerror(errno) : "Premature EOF");
-                return MHD_CONTENT_READER_END_WITH_ERROR;
-        }
-
-        return (ssize_t) k;
-}
-
-static int request_handler_fields(
-                struct MHD_Connection *connection,
-                const char *field,
-                void *connection_cls) {
-
-        struct MHD_Response *response;
-        RequestMeta *m = connection_cls;
-        int r;
-
-        assert(connection);
-        assert(m);
-
-        r = open_journal(m);
-        if (r < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to open journal: %s\n", strerror(-r));
-
-        if (request_parse_accept(m, connection) < 0)
-                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to parse Accept header.\n");
-
-        r = sd_journal_query_unique(m->journal, field);
-        if (r < 0)
-                return mhd_respond(connection, MHD_HTTP_BAD_REQUEST, "Failed to query unique fields.\n");
-
-        response = MHD_create_response_from_callback(MHD_SIZE_UNKNOWN, 4*1024, request_reader_fields, m, NULL);
-        if (!response)
-                return respond_oom(connection);
-
-        MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]);
-
-        r = MHD_queue_response(connection, MHD_HTTP_OK, response);
-        MHD_destroy_response(response);
-
-        return r;
-}
-
-static int request_handler_redirect(
-                struct MHD_Connection *connection,
-                const char *target) {
-
-        char *page;
-        struct MHD_Response *response;
-        int ret;
-
-        assert(connection);
-        assert(target);
-
-        if (asprintf(&page, "<html><body>Please continue to the <a href=\"%s\">journal browser</a>.</body></html>", target) < 0)
-                return respond_oom(connection);
-
-        response = MHD_create_response_from_buffer(strlen(page), page, MHD_RESPMEM_MUST_FREE);
-        if (!response) {
-                free(page);
-                return respond_oom(connection);
-        }
-
-        MHD_add_response_header(response, "Content-Type", "text/html");
-        MHD_add_response_header(response, "Location", target);
-
-        ret = MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
-        MHD_destroy_response(response);
-
-        return ret;
-}
-
-static int request_handler_file(
-                struct MHD_Connection *connection,
-                const char *path,
-                const char *mime_type) {
-
-        struct MHD_Response *response;
-        int ret;
-        _cleanup_close_ int fd = -1;
-        struct stat st;
-
-        assert(connection);
-        assert(path);
-        assert(mime_type);
-
-        fd = open(path, O_RDONLY|O_CLOEXEC);
-        if (fd < 0)
-                return mhd_respondf(connection, MHD_HTTP_NOT_FOUND, "Failed to open file %s: %m\n", path);
-
-        if (fstat(fd, &st) < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to stat file: %m\n");
-
-        response = MHD_create_response_from_fd_at_offset64(st.st_size, fd, 0);
-        if (!response)
-                return respond_oom(connection);
-
-        fd = -1;
-
-        MHD_add_response_header(response, "Content-Type", mime_type);
-
-        ret = MHD_queue_response(connection, MHD_HTTP_OK, response);
-        MHD_destroy_response(response);
-
-        return ret;
-}
-
-static int get_virtualization(char **v) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        char *b = NULL;
-        int r;
-
-        r = sd_bus_default_system(&bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_get_property_string(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "Virtualization",
-                        NULL,
-                        &b);
-        if (r < 0)
-                return r;
-
-        if (isempty(b)) {
-                free(b);
-                *v = NULL;
-                return 0;
-        }
-
-        *v = b;
-        return 1;
-}
-
-static int request_handler_machine(
-                struct MHD_Connection *connection,
-                void *connection_cls) {
-
-        struct MHD_Response *response;
-        RequestMeta *m = connection_cls;
-        int r;
-        _cleanup_free_ char* hostname = NULL, *os_name = NULL;
-        uint64_t cutoff_from = 0, cutoff_to = 0, usage = 0;
-        char *json;
-        sd_id128_t mid, bid;
-        _cleanup_free_ char *v = NULL;
-
-        assert(connection);
-        assert(m);
-
-        r = open_journal(m);
-        if (r < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to open journal: %s\n", strerror(-r));
-
-        r = sd_id128_get_machine(&mid);
-        if (r < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine machine ID: %s\n", strerror(-r));
-
-        r = sd_id128_get_boot(&bid);
-        if (r < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine boot ID: %s\n", strerror(-r));
-
-        hostname = gethostname_malloc();
-        if (!hostname)
-                return respond_oom(connection);
-
-        r = sd_journal_get_usage(m->journal, &usage);
-        if (r < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine disk usage: %s\n", strerror(-r));
-
-        r = sd_journal_get_cutoff_realtime_usec(m->journal, &cutoff_from, &cutoff_to);
-        if (r < 0)
-                return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to determine disk usage: %s\n", strerror(-r));
-
-        if (parse_env_file("/etc/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL) == -ENOENT)
-                (void) parse_env_file("/usr/lib/os-release", NEWLINE, "PRETTY_NAME", &os_name, NULL);
-
-        get_virtualization(&v);
-
-        r = asprintf(&json,
-                     "{ \"machine_id\" : \"" SD_ID128_FORMAT_STR "\","
-                     "\"boot_id\" : \"" SD_ID128_FORMAT_STR "\","
-                     "\"hostname\" : \"%s\","
-                     "\"os_pretty_name\" : \"%s\","
-                     "\"virtualization\" : \"%s\","
-                     "\"usage\" : \"%"PRIu64"\","
-                     "\"cutoff_from_realtime\" : \"%"PRIu64"\","
-                     "\"cutoff_to_realtime\" : \"%"PRIu64"\" }\n",
-                     SD_ID128_FORMAT_VAL(mid),
-                     SD_ID128_FORMAT_VAL(bid),
-                     hostname_cleanup(hostname),
-                     os_name ? os_name : "GNU/Linux",
-                     v ? v : "bare",
-                     usage,
-                     cutoff_from,
-                     cutoff_to);
-
-        if (r < 0)
-                return respond_oom(connection);
-
-        response = MHD_create_response_from_buffer(strlen(json), json, MHD_RESPMEM_MUST_FREE);
-        if (!response) {
-                free(json);
-                return respond_oom(connection);
-        }
-
-        MHD_add_response_header(response, "Content-Type", "application/json");
-        r = MHD_queue_response(connection, MHD_HTTP_OK, response);
-        MHD_destroy_response(response);
-
-        return r;
-}
-
-static int request_handler(
-                void *cls,
-                struct MHD_Connection *connection,
-                const char *url,
-                const char *method,
-                const char *version,
-                const char *upload_data,
-                size_t *upload_data_size,
-                void **connection_cls) {
-        int r, code;
-
-        assert(connection);
-        assert(connection_cls);
-        assert(url);
-        assert(method);
-
-        if (!streq(method, "GET"))
-                return mhd_respond(connection, MHD_HTTP_NOT_ACCEPTABLE,
-                                   "Unsupported method.\n");
-
-
-        if (!*connection_cls) {
-                if (!request_meta(connection_cls))
-                        return respond_oom(connection);
-                return MHD_YES;
-        }
-
-        if (arg_trust_pem) {
-                r = check_permissions(connection, &code, NULL);
-                if (r < 0)
-                        return code;
-        }
-
-        if (streq(url, "/"))
-                return request_handler_redirect(connection, "/browse");
-
-        if (streq(url, "/entries"))
-                return request_handler_entries(connection, *connection_cls);
-
-        if (startswith(url, "/fields/"))
-                return request_handler_fields(connection, url + 8, *connection_cls);
-
-        if (streq(url, "/browse"))
-                return request_handler_file(connection, DOCUMENT_ROOT "/browse.html", "text/html");
-
-        if (streq(url, "/machine"))
-                return request_handler_machine(connection, *connection_cls);
-
-        return mhd_respond(connection, MHD_HTTP_NOT_FOUND, "Not found.\n");
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] ...\n\n"
-               "HTTP server for journal events.\n\n"
-               "  -h --help           Show this help\n"
-               "     --version        Show package version\n"
-               "     --cert=CERT.PEM  Server certificate in PEM format\n"
-               "     --key=KEY.PEM    Server key in PEM format\n"
-               "     --trust=CERT.PEM Certificat authority certificate in PEM format\n",
-               program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_KEY,
-                ARG_CERT,
-                ARG_TRUST,
-        };
-
-        int r, c;
-
-        static const struct option options[] = {
-                { "help",    no_argument,       NULL, 'h'         },
-                { "version", no_argument,       NULL, ARG_VERSION },
-                { "key",     required_argument, NULL, ARG_KEY     },
-                { "cert",    required_argument, NULL, ARG_CERT    },
-                { "trust",   required_argument, NULL, ARG_TRUST   },
-                {}
-        };
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
-
-                switch(c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_KEY:
-                        if (arg_key_pem) {
-                                log_error("Key file specified twice");
-                                return -EINVAL;
-                        }
-                        r = read_full_file(optarg, &arg_key_pem, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to read key file: %m");
-                        assert(arg_key_pem);
-                        break;
-
-                case ARG_CERT:
-                        if (arg_cert_pem) {
-                                log_error("Certificate file specified twice");
-                                return -EINVAL;
-                        }
-                        r = read_full_file(optarg, &arg_cert_pem, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to read certificate file: %m");
-                        assert(arg_cert_pem);
-                        break;
-
-                case ARG_TRUST:
-#ifdef HAVE_GNUTLS
-                        if (arg_trust_pem) {
-                                log_error("CA certificate file specified twice");
-                                return -EINVAL;
-                        }
-                        r = read_full_file(optarg, &arg_trust_pem, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to read CA certificate file: %m");
-                        assert(arg_trust_pem);
-                        break;
-#else
-                        log_error("Option --trust is not available.");
-#endif
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (optind < argc) {
-                log_error("This program does not take arguments.");
-                return -EINVAL;
-        }
-
-        if (!!arg_key_pem != !!arg_cert_pem) {
-                log_error("Certificate and key files must be specified together");
-                return -EINVAL;
-        }
-
-        if (arg_trust_pem && !arg_key_pem) {
-                log_error("CA certificate can only be used with certificate file");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-int main(int argc, char *argv[]) {
-        struct MHD_Daemon *d = NULL;
-        int r, n;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r < 0)
-                return EXIT_FAILURE;
-        if (r == 0)
-                return EXIT_SUCCESS;
-
-        sigbus_install();
-
-        r = setup_gnutls_logger(NULL);
-        if (r < 0)
-                return EXIT_FAILURE;
-
-        n = sd_listen_fds(1);
-        if (n < 0) {
-                log_error_errno(n, "Failed to determine passed sockets: %m");
-                goto finish;
-        } else if (n > 1) {
-                log_error("Can't listen on more than one socket.");
-                goto finish;
-        } else {
-                struct MHD_OptionItem opts[] = {
-                        { MHD_OPTION_NOTIFY_COMPLETED,
-                          (intptr_t) request_meta_free, NULL },
-                        { MHD_OPTION_EXTERNAL_LOGGER,
-                          (intptr_t) microhttpd_logger, NULL },
-                        { MHD_OPTION_END, 0, NULL },
-                        { MHD_OPTION_END, 0, NULL },
-                        { MHD_OPTION_END, 0, NULL },
-                        { MHD_OPTION_END, 0, NULL },
-                        { MHD_OPTION_END, 0, NULL }};
-                int opts_pos = 2;
-
-                /* We force MHD_USE_PIPE_FOR_SHUTDOWN here, in order
-                 * to make sure libmicrohttpd doesn't use shutdown()
-                 * on our listening socket, which would break socket
-                 * re-activation. See
-                 *
-                 * https://lists.gnu.org/archive/html/libmicrohttpd/2015-09/msg00014.html
-                 * https://github.com/systemd/systemd/pull/1286
-                 */
-
-                int flags =
-                        MHD_USE_DEBUG |
-                        MHD_USE_DUAL_STACK |
-                        MHD_USE_PIPE_FOR_SHUTDOWN |
-                        MHD_USE_POLL |
-                        MHD_USE_THREAD_PER_CONNECTION;
-
-                if (n > 0)
-                        opts[opts_pos++] = (struct MHD_OptionItem)
-                                {MHD_OPTION_LISTEN_SOCKET, SD_LISTEN_FDS_START};
-                if (arg_key_pem) {
-                        assert(arg_cert_pem);
-                        opts[opts_pos++] = (struct MHD_OptionItem)
-                                {MHD_OPTION_HTTPS_MEM_KEY, 0, arg_key_pem};
-                        opts[opts_pos++] = (struct MHD_OptionItem)
-                                {MHD_OPTION_HTTPS_MEM_CERT, 0, arg_cert_pem};
-                        flags |= MHD_USE_SSL;
-                }
-                if (arg_trust_pem) {
-                        assert(flags & MHD_USE_SSL);
-                        opts[opts_pos++] = (struct MHD_OptionItem)
-                                {MHD_OPTION_HTTPS_MEM_TRUST, 0, arg_trust_pem};
-                }
-
-                d = MHD_start_daemon(flags, 19531,
-                                     NULL, NULL,
-                                     request_handler, NULL,
-                                     MHD_OPTION_ARRAY, opts,
-                                     MHD_OPTION_END);
-        }
-
-        if (!d) {
-                log_error("Failed to start daemon!");
-                goto finish;
-        }
-
-        pause();
-
-        r = EXIT_SUCCESS;
-
-finish:
-        if (d)
-                MHD_stop_daemon(d);
-
-        return r;
-}
diff --git a/src/journal-remote/journal-remote-parse.h b/src/journal-remote/journal-remote-parse.h
deleted file mode 100644
index 1740a21f92..0000000000
--- a/src/journal-remote/journal-remote-parse.h
+++ /dev/null
@@ -1,69 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "journal-remote-write.h"
-
-typedef enum {
-        STATE_LINE = 0,    /* waiting to read, or reading line */
-        STATE_DATA_START,  /* reading binary data header */
-        STATE_DATA,        /* reading binary data */
-        STATE_DATA_FINISH, /* expecting newline */
-        STATE_EOF,         /* done */
-} source_state;
-
-typedef struct RemoteSource {
-        char *name;
-        int fd;
-        bool passive_fd;
-
-        char *buf;
-        size_t size;       /* total size of the buffer */
-        size_t offset;     /* offset to the beginning of live data in the buffer */
-        size_t scanned;    /* number of bytes since the beginning of data without a newline */
-        size_t filled;     /* total number of bytes in the buffer */
-
-        size_t field_len;  /* used for binary fields: the field name length */
-        size_t data_size;  /* and the size of the binary data chunk being processed */
-
-        struct iovec_wrapper iovw;
-
-        source_state state;
-        dual_timestamp ts;
-
-        Writer *writer;
-
-        sd_event_source *event;
-        sd_event_source *buffer_event;
-} RemoteSource;
-
-RemoteSource* source_new(int fd, bool passive_fd, char *name, Writer *writer);
-
-static inline size_t source_non_empty(RemoteSource *source) {
-        assert(source);
-
-        return source->filled;
-}
-
-void source_free(RemoteSource *source);
-int push_data(RemoteSource *source, const char *data, size_t size);
-int process_source(RemoteSource *source, bool compress, bool seal);
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
deleted file mode 100644
index 35a1e55f9e..0000000000
--- a/src/journal-remote/journal-remote.c
+++ /dev/null
@@ -1,1601 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/prctl.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#ifdef HAVE_GNUTLS
-#include <gnutls/gnutls.h>
-#endif
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "conf-parser.h"
-#include "def.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "journal-file.h"
-#include "journal-remote-write.h"
-#include "journal-remote.h"
-#include "journald-native.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "stat-util.h"
-#include "stdio-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-
-#define REMOTE_JOURNAL_PATH "/var/log/journal/remote"
-
-#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
-#define CERT_FILE     CERTIFICATE_ROOT "/certs/journal-remote.pem"
-#define TRUST_FILE    CERTIFICATE_ROOT "/ca/trusted.pem"
-
-static char* arg_url = NULL;
-static char* arg_getter = NULL;
-static char* arg_listen_raw = NULL;
-static char* arg_listen_http = NULL;
-static char* arg_listen_https = NULL;
-static char** arg_files = NULL;
-static int arg_compress = true;
-static int arg_seal = false;
-static int http_socket = -1, https_socket = -1;
-static char** arg_gnutls_log = NULL;
-
-static JournalWriteSplitMode arg_split_mode = JOURNAL_WRITE_SPLIT_HOST;
-static char* arg_output = NULL;
-
-static char *arg_key = NULL;
-static char *arg_cert = NULL;
-static char *arg_trust = NULL;
-static bool arg_trust_all = false;
-
-/**********************************************************************
- **********************************************************************
- **********************************************************************/
-
-static int spawn_child(const char* child, char** argv) {
-        int fd[2];
-        pid_t parent_pid, child_pid;
-        int r;
-
-        if (pipe(fd) < 0)
-                return log_error_errno(errno, "Failed to create pager pipe: %m");
-
-        parent_pid = getpid();
-
-        child_pid = fork();
-        if (child_pid < 0) {
-                r = log_error_errno(errno, "Failed to fork: %m");
-                safe_close_pair(fd);
-                return r;
-        }
-
-        /* In the child */
-        if (child_pid == 0) {
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-
-                r = dup2(fd[1], STDOUT_FILENO);
-                if (r < 0) {
-                        log_error_errno(errno, "Failed to dup pipe to stdout: %m");
-                        _exit(EXIT_FAILURE);
-                }
-
-                safe_close_pair(fd);
-
-                /* Make sure the child goes away when the parent dies */
-                if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
-                        _exit(EXIT_FAILURE);
-
-                /* Check whether our parent died before we were able
-                 * to set the death signal */
-                if (getppid() != parent_pid)
-                        _exit(EXIT_SUCCESS);
-
-                execvp(child, argv);
-                log_error_errno(errno, "Failed to exec child %s: %m", child);
-                _exit(EXIT_FAILURE);
-        }
-
-        r = close(fd[1]);
-        if (r < 0)
-                log_warning_errno(errno, "Failed to close write end of pipe: %m");
-
-        return fd[0];
-}
-
-static int spawn_curl(const char* url) {
-        char **argv = STRV_MAKE("curl",
-                                "-HAccept: application/vnd.fdo.journal",
-                                "--silent",
-                                "--show-error",
-                                url);
-        int r;
-
-        r = spawn_child("curl", argv);
-        if (r < 0)
-                log_error_errno(r, "Failed to spawn curl: %m");
-        return r;
-}
-
-static int spawn_getter(const char *getter) {
-        int r;
-        _cleanup_strv_free_ char **words = NULL;
-
-        assert(getter);
-        r = strv_split_extract(&words, getter, WHITESPACE, EXTRACT_QUOTES);
-        if (r < 0)
-                return log_error_errno(r, "Failed to split getter option: %m");
-
-        r = spawn_child(words[0], words);
-        if (r < 0)
-                log_error_errno(r, "Failed to spawn getter %s: %m", getter);
-
-        return r;
-}
-
-#define filename_escape(s) xescape((s), "/ ")
-
-static int open_output(Writer *w, const char* host) {
-        _cleanup_free_ char *_output = NULL;
-        const char *output;
-        int r;
-
-        switch (arg_split_mode) {
-        case JOURNAL_WRITE_SPLIT_NONE:
-                output = arg_output ?: REMOTE_JOURNAL_PATH "/remote.journal";
-                break;
-
-        case JOURNAL_WRITE_SPLIT_HOST: {
-                _cleanup_free_ char *name;
-
-                assert(host);
-
-                name = filename_escape(host);
-                if (!name)
-                        return log_oom();
-
-                r = asprintf(&_output, "%s/remote-%s.journal",
-                             arg_output ?: REMOTE_JOURNAL_PATH,
-                             name);
-                if (r < 0)
-                        return log_oom();
-
-                output = _output;
-                break;
-        }
-
-        default:
-                assert_not_reached("what?");
-        }
-
-        r = journal_file_open_reliably(output,
-                                       O_RDWR|O_CREAT, 0640,
-                                       arg_compress, arg_seal,
-                                       &w->metrics,
-                                       w->mmap, NULL,
-                                       NULL, &w->journal);
-        if (r < 0)
-                log_error_errno(r, "Failed to open output journal %s: %m",
-                                output);
-        else
-                log_debug("Opened output file %s", w->journal->path);
-        return r;
-}
-
-/**********************************************************************
- **********************************************************************
- **********************************************************************/
-
-static int init_writer_hashmap(RemoteServer *s) {
-        static const struct hash_ops *hash_ops[] = {
-                [JOURNAL_WRITE_SPLIT_NONE] = NULL,
-                [JOURNAL_WRITE_SPLIT_HOST] = &string_hash_ops,
-        };
-
-        assert(arg_split_mode >= 0 && arg_split_mode < (int) ELEMENTSOF(hash_ops));
-
-        s->writers = hashmap_new(hash_ops[arg_split_mode]);
-        if (!s->writers)
-                return log_oom();
-
-        return 0;
-}
-
-static int get_writer(RemoteServer *s, const char *host,
-                      Writer **writer) {
-        const void *key;
-        _cleanup_writer_unref_ Writer *w = NULL;
-        int r;
-
-        switch(arg_split_mode) {
-        case JOURNAL_WRITE_SPLIT_NONE:
-                key = "one and only";
-                break;
-
-        case JOURNAL_WRITE_SPLIT_HOST:
-                assert(host);
-                key = host;
-                break;
-
-        default:
-                assert_not_reached("what split mode?");
-        }
-
-        w = hashmap_get(s->writers, key);
-        if (w)
-                writer_ref(w);
-        else {
-                w = writer_new(s);
-                if (!w)
-                        return log_oom();
-
-                if (arg_split_mode == JOURNAL_WRITE_SPLIT_HOST) {
-                        w->hashmap_key = strdup(key);
-                        if (!w->hashmap_key)
-                                return log_oom();
-                }
-
-                r = open_output(w, host);
-                if (r < 0)
-                        return r;
-
-                r = hashmap_put(s->writers, w->hashmap_key ?: key, w);
-                if (r < 0)
-                        return r;
-        }
-
-        *writer = w;
-        w = NULL;
-        return 0;
-}
-
-/**********************************************************************
- **********************************************************************
- **********************************************************************/
-
-/* This should go away as soon as µhttpd allows state to be passed around. */
-static RemoteServer *server;
-
-static int dispatch_raw_source_event(sd_event_source *event,
-                                     int fd,
-                                     uint32_t revents,
-                                     void *userdata);
-static int dispatch_raw_source_until_block(sd_event_source *event,
-                                           void *userdata);
-static int dispatch_blocking_source_event(sd_event_source *event,
-                                          void *userdata);
-static int dispatch_raw_connection_event(sd_event_source *event,
-                                         int fd,
-                                         uint32_t revents,
-                                         void *userdata);
-static int dispatch_http_event(sd_event_source *event,
-                               int fd,
-                               uint32_t revents,
-                               void *userdata);
-
-static int get_source_for_fd(RemoteServer *s,
-                             int fd, char *name, RemoteSource **source) {
-        Writer *writer;
-        int r;
-
-        /* This takes ownership of name, but only on success. */
-
-        assert(fd >= 0);
-        assert(source);
-
-        if (!GREEDY_REALLOC0(s->sources, s->sources_size, fd + 1))
-                return log_oom();
-
-        r = get_writer(s, name, &writer);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to get writer for source %s: %m",
-                                         name);
-
-        if (s->sources[fd] == NULL) {
-                s->sources[fd] = source_new(fd, false, name, writer);
-                if (!s->sources[fd]) {
-                        writer_unref(writer);
-                        return log_oom();
-                }
-
-                s->active++;
-        }
-
-        *source = s->sources[fd];
-        return 0;
-}
-
-static int remove_source(RemoteServer *s, int fd) {
-        RemoteSource *source;
-
-        assert(s);
-        assert(fd >= 0 && fd < (ssize_t) s->sources_size);
-
-        source = s->sources[fd];
-        if (source) {
-                /* this closes fd too */
-                source_free(source);
-                s->sources[fd] = NULL;
-                s->active--;
-        }
-
-        return 0;
-}
-
-static int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
-
-        RemoteSource *source = NULL;
-        int r;
-
-        /* This takes ownership of name, even on failure, if own_name is true. */
-
-        assert(s);
-        assert(fd >= 0);
-        assert(name);
-
-        if (!own_name) {
-                name = strdup(name);
-                if (!name)
-                        return log_oom();
-        }
-
-        r = get_source_for_fd(s, fd, name, &source);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create source for fd:%d (%s): %m",
-                                fd, name);
-                free(name);
-                return r;
-        }
-
-        r = sd_event_add_io(s->events, &source->event,
-                            fd, EPOLLIN|EPOLLRDHUP|EPOLLPRI,
-                            dispatch_raw_source_event, source);
-        if (r == 0) {
-                /* Add additional source for buffer processing. It will be
-                 * enabled later. */
-                r = sd_event_add_defer(s->events, &source->buffer_event,
-                                       dispatch_raw_source_until_block, source);
-                if (r == 0)
-                        sd_event_source_set_enabled(source->buffer_event, SD_EVENT_OFF);
-        } else if (r == -EPERM) {
-                log_debug("Falling back to sd_event_add_defer for fd:%d (%s)", fd, name);
-                r = sd_event_add_defer(s->events, &source->event,
-                                       dispatch_blocking_source_event, source);
-                if (r == 0)
-                        sd_event_source_set_enabled(source->event, SD_EVENT_ON);
-        }
-        if (r < 0) {
-                log_error_errno(r, "Failed to register event source for fd:%d: %m",
-                                fd);
-                goto error;
-        }
-
-        r = sd_event_source_set_description(source->event, name);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set source name for fd:%d: %m", fd);
-                goto error;
-        }
-
-        return 1; /* work to do */
-
- error:
-        remove_source(s, fd);
-        return r;
-}
-
-static int add_raw_socket(RemoteServer *s, int fd) {
-        int r;
-        _cleanup_close_ int fd_ = fd;
-        char name[sizeof("raw-socket-")-1 + DECIMAL_STR_MAX(int) + 1];
-
-        assert(fd >= 0);
-
-        r = sd_event_add_io(s->events, &s->listen_event,
-                            fd, EPOLLIN,
-                            dispatch_raw_connection_event, s);
-        if (r < 0)
-                return r;
-
-        xsprintf(name, "raw-socket-%d", fd);
-
-        r = sd_event_source_set_description(s->listen_event, name);
-        if (r < 0)
-                return r;
-
-        fd_ = -1;
-        s->active++;
-        return 0;
-}
-
-static int setup_raw_socket(RemoteServer *s, const char *address) {
-        int fd;
-
-        fd = make_socket_fd(LOG_INFO, address, SOCK_STREAM, SOCK_CLOEXEC);
-        if (fd < 0)
-                return fd;
-
-        return add_raw_socket(s, fd);
-}
-
-/**********************************************************************
- **********************************************************************
- **********************************************************************/
-
-static int request_meta(void **connection_cls, int fd, char *hostname) {
-        RemoteSource *source;
-        Writer *writer;
-        int r;
-
-        assert(connection_cls);
-        if (*connection_cls)
-                return 0;
-
-        r = get_writer(server, hostname, &writer);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to get writer for source %s: %m",
-                                         hostname);
-
-        source = source_new(fd, true, hostname, writer);
-        if (!source) {
-                writer_unref(writer);
-                return log_oom();
-        }
-
-        log_debug("Added RemoteSource as connection metadata %p", source);
-
-        *connection_cls = source;
-        return 0;
-}
-
-static void request_meta_free(void *cls,
-                              struct MHD_Connection *connection,
-                              void **connection_cls,
-                              enum MHD_RequestTerminationCode toe) {
-        RemoteSource *s;
-
-        assert(connection_cls);
-        s = *connection_cls;
-
-        if (s) {
-                log_debug("Cleaning up connection metadata %p", s);
-                source_free(s);
-                *connection_cls = NULL;
-        }
-}
-
-static int process_http_upload(
-                struct MHD_Connection *connection,
-                const char *upload_data,
-                size_t *upload_data_size,
-                RemoteSource *source) {
-
-        bool finished = false;
-        size_t remaining;
-        int r;
-
-        assert(source);
-
-        log_trace("%s: connection %p, %zu bytes",
-                  __func__, connection, *upload_data_size);
-
-        if (*upload_data_size) {
-                log_trace("Received %zu bytes", *upload_data_size);
-
-                r = push_data(source, upload_data, *upload_data_size);
-                if (r < 0)
-                        return mhd_respond_oom(connection);
-
-                *upload_data_size = 0;
-        } else
-                finished = true;
-
-        for (;;) {
-                r = process_source(source, arg_compress, arg_seal);
-                if (r == -EAGAIN)
-                        break;
-                else if (r < 0) {
-                        log_warning("Failed to process data for connection %p", connection);
-                        if (r == -E2BIG)
-                                return mhd_respondf(connection,
-                                                    MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
-                                                    "Entry is too large, maximum is %u bytes.\n",
-                                                    DATA_SIZE_MAX);
-                        else
-                                return mhd_respondf(connection,
-                                                    MHD_HTTP_UNPROCESSABLE_ENTITY,
-                                                    "Processing failed: %s.", strerror(-r));
-                }
-        }
-
-        if (!finished)
-                return MHD_YES;
-
-        /* The upload is finished */
-
-        remaining = source_non_empty(source);
-        if (remaining > 0) {
-                log_warning("Premature EOFbyte. %zu bytes lost.", remaining);
-                return mhd_respondf(connection, MHD_HTTP_EXPECTATION_FAILED,
-                                    "Premature EOF. %zu bytes of trailing data not processed.",
-                                    remaining);
-        }
-
-        return mhd_respond(connection, MHD_HTTP_ACCEPTED, "OK.\n");
-};
-
-static int request_handler(
-                void *cls,
-                struct MHD_Connection *connection,
-                const char *url,
-                const char *method,
-                const char *version,
-                const char *upload_data,
-                size_t *upload_data_size,
-                void **connection_cls) {
-
-        const char *header;
-        int r, code, fd;
-        _cleanup_free_ char *hostname = NULL;
-
-        assert(connection);
-        assert(connection_cls);
-        assert(url);
-        assert(method);
-
-        log_trace("Handling a connection %s %s %s", method, url, version);
-
-        if (*connection_cls)
-                return process_http_upload(connection,
-                                           upload_data, upload_data_size,
-                                           *connection_cls);
-
-        if (!streq(method, "POST"))
-                return mhd_respond(connection, MHD_HTTP_NOT_ACCEPTABLE,
-                                   "Unsupported method.\n");
-
-        if (!streq(url, "/upload"))
-                return mhd_respond(connection, MHD_HTTP_NOT_FOUND,
-                                   "Not found.\n");
-
-        header = MHD_lookup_connection_value(connection,
-                                             MHD_HEADER_KIND, "Content-Type");
-        if (!header || !streq(header, "application/vnd.fdo.journal"))
-                return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
-                                   "Content-Type: application/vnd.fdo.journal"
-                                   " is required.\n");
-
-        {
-                const union MHD_ConnectionInfo *ci;
-
-                ci = MHD_get_connection_info(connection,
-                                             MHD_CONNECTION_INFO_CONNECTION_FD);
-                if (!ci) {
-                        log_error("MHD_get_connection_info failed: cannot get remote fd");
-                        return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                           "Cannot check remote address");
-                }
-
-                fd = ci->connect_fd;
-                assert(fd >= 0);
-        }
-
-        if (server->check_trust) {
-                r = check_permissions(connection, &code, &hostname);
-                if (r < 0)
-                        return code;
-        } else {
-                r = getpeername_pretty(fd, false, &hostname);
-                if (r < 0)
-                        return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                           "Cannot check remote hostname");
-        }
-
-        assert(hostname);
-
-        r = request_meta(connection_cls, fd, hostname);
-        if (r == -ENOMEM)
-                return respond_oom(connection);
-        else if (r < 0)
-                return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                   strerror(-r));
-
-        hostname = NULL;
-        return MHD_YES;
-}
-
-static int setup_microhttpd_server(RemoteServer *s,
-                                   int fd,
-                                   const char *key,
-                                   const char *cert,
-                                   const char *trust) {
-        struct MHD_OptionItem opts[] = {
-                { MHD_OPTION_NOTIFY_COMPLETED, (intptr_t) request_meta_free},
-                { MHD_OPTION_EXTERNAL_LOGGER, (intptr_t) microhttpd_logger},
-                { MHD_OPTION_LISTEN_SOCKET, fd},
-                { MHD_OPTION_CONNECTION_MEMORY_LIMIT, 128*1024},
-                { MHD_OPTION_END},
-                { MHD_OPTION_END},
-                { MHD_OPTION_END},
-                { MHD_OPTION_END}};
-        int opts_pos = 4;
-        int flags =
-                MHD_USE_DEBUG |
-                MHD_USE_DUAL_STACK |
-                MHD_USE_EPOLL_LINUX_ONLY |
-                MHD_USE_PEDANTIC_CHECKS |
-                MHD_USE_PIPE_FOR_SHUTDOWN;
-
-        const union MHD_DaemonInfo *info;
-        int r, epoll_fd;
-        MHDDaemonWrapper *d;
-
-        assert(fd >= 0);
-
-        r = fd_nonblock(fd, true);
-        if (r < 0)
-                return log_error_errno(r, "Failed to make fd:%d nonblocking: %m", fd);
-
-        if (key) {
-                assert(cert);
-
-                opts[opts_pos++] = (struct MHD_OptionItem)
-                        {MHD_OPTION_HTTPS_MEM_KEY, 0, (char*) key};
-                opts[opts_pos++] = (struct MHD_OptionItem)
-                        {MHD_OPTION_HTTPS_MEM_CERT, 0, (char*) cert};
-
-                flags |= MHD_USE_SSL;
-
-                if (trust)
-                        opts[opts_pos++] = (struct MHD_OptionItem)
-                                {MHD_OPTION_HTTPS_MEM_TRUST, 0, (char*) trust};
-        }
-
-        d = new(MHDDaemonWrapper, 1);
-        if (!d)
-                return log_oom();
-
-        d->fd = (uint64_t) fd;
-
-        d->daemon = MHD_start_daemon(flags, 0,
-                                     NULL, NULL,
-                                     request_handler, NULL,
-                                     MHD_OPTION_ARRAY, opts,
-                                     MHD_OPTION_END);
-        if (!d->daemon) {
-                log_error("Failed to start µhttp daemon");
-                r = -EINVAL;
-                goto error;
-        }
-
-        log_debug("Started MHD %s daemon on fd:%d (wrapper @ %p)",
-                  key ? "HTTPS" : "HTTP", fd, d);
-
-
-        info = MHD_get_daemon_info(d->daemon, MHD_DAEMON_INFO_EPOLL_FD_LINUX_ONLY);
-        if (!info) {
-                log_error("µhttp returned NULL daemon info");
-                r = -EOPNOTSUPP;
-                goto error;
-        }
-
-        epoll_fd = info->listen_fd;
-        if (epoll_fd < 0) {
-                log_error("µhttp epoll fd is invalid");
-                r = -EUCLEAN;
-                goto error;
-        }
-
-        r = sd_event_add_io(s->events, &d->event,
-                            epoll_fd, EPOLLIN,
-                            dispatch_http_event, d);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add event callback: %m");
-                goto error;
-        }
-
-        r = sd_event_source_set_description(d->event, "epoll-fd");
-        if (r < 0) {
-                log_error_errno(r, "Failed to set source name: %m");
-                goto error;
-        }
-
-        r = hashmap_ensure_allocated(&s->daemons, &uint64_hash_ops);
-        if (r < 0) {
-                log_oom();
-                goto error;
-        }
-
-        r = hashmap_put(s->daemons, &d->fd, d);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add daemon to hashmap: %m");
-                goto error;
-        }
-
-        s->active++;
-        return 0;
-
-error:
-        MHD_stop_daemon(d->daemon);
-        free(d->daemon);
-        free(d);
-        return r;
-}
-
-static int setup_microhttpd_socket(RemoteServer *s,
-                                   const char *address,
-                                   const char *key,
-                                   const char *cert,
-                                   const char *trust) {
-        int fd;
-
-        fd = make_socket_fd(LOG_DEBUG, address, SOCK_STREAM, SOCK_CLOEXEC);
-        if (fd < 0)
-                return fd;
-
-        return setup_microhttpd_server(s, fd, key, cert, trust);
-}
-
-static int dispatch_http_event(sd_event_source *event,
-                               int fd,
-                               uint32_t revents,
-                               void *userdata) {
-        MHDDaemonWrapper *d = userdata;
-        int r;
-
-        assert(d);
-
-        r = MHD_run(d->daemon);
-        if (r == MHD_NO) {
-                log_error("MHD_run failed!");
-                // XXX: unregister daemon
-                return -EINVAL;
-        }
-
-        return 1; /* work to do */
-}
-
-/**********************************************************************
- **********************************************************************
- **********************************************************************/
-
-static int setup_signals(RemoteServer *s) {
-        int r;
-
-        assert(s);
-
-        assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, -1) >= 0);
-
-        r = sd_event_add_signal(s->events, &s->sigterm_event, SIGTERM, NULL, s);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_signal(s->events, &s->sigint_event, SIGINT, NULL, s);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int negative_fd(const char *spec) {
-        /* Return a non-positive number as its inverse, -EINVAL otherwise. */
-
-        int fd, r;
-
-        r = safe_atoi(spec, &fd);
-        if (r < 0)
-                return r;
-
-        if (fd > 0)
-                return -EINVAL;
-        else
-                return -fd;
-}
-
-static int remoteserver_init(RemoteServer *s,
-                             const char* key,
-                             const char* cert,
-                             const char* trust) {
-        int r, n, fd;
-        char **file;
-
-        assert(s);
-
-        if ((arg_listen_raw || arg_listen_http) && trust) {
-                log_error("Option --trust makes all non-HTTPS connections untrusted.");
-                return -EINVAL;
-        }
-
-        r = sd_event_default(&s->events);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate event loop: %m");
-
-        setup_signals(s);
-
-        assert(server == NULL);
-        server = s;
-
-        r = init_writer_hashmap(s);
-        if (r < 0)
-                return r;
-
-        n = sd_listen_fds(true);
-        if (n < 0)
-                return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
-        else
-                log_debug("Received %d descriptors", n);
-
-        if (MAX(http_socket, https_socket) >= SD_LISTEN_FDS_START + n) {
-                log_error("Received fewer sockets than expected");
-                return -EBADFD;
-        }
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
-                if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
-                        log_debug("Received a listening socket (fd:%d)", fd);
-
-                        if (fd == http_socket)
-                                r = setup_microhttpd_server(s, fd, NULL, NULL, NULL);
-                        else if (fd == https_socket)
-                                r = setup_microhttpd_server(s, fd, key, cert, trust);
-                        else
-                                r = add_raw_socket(s, fd);
-                } else if (sd_is_socket(fd, AF_UNSPEC, 0, false)) {
-                        char *hostname;
-
-                        r = getpeername_pretty(fd, false, &hostname);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to retrieve remote name: %m");
-
-                        log_debug("Received a connection socket (fd:%d) from %s", fd, hostname);
-
-                        r = add_source(s, fd, hostname, true);
-                } else {
-                        log_error("Unknown socket passed on fd:%d", fd);
-
-                        return -EINVAL;
-                }
-
-                if (r < 0)
-                        return log_error_errno(r, "Failed to register socket (fd:%d): %m",
-                                               fd);
-        }
-
-        if (arg_getter) {
-                log_info("Spawning getter %s...", arg_getter);
-                fd = spawn_getter(arg_getter);
-                if (fd < 0)
-                        return fd;
-
-                r = add_source(s, fd, (char*) arg_output, false);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_url) {
-                const char *url;
-                char *hostname, *p;
-
-                if (!strstr(arg_url, "/entries")) {
-                        if (endswith(arg_url, "/"))
-                                url = strjoina(arg_url, "entries");
-                        else
-                                url = strjoina(arg_url, "/entries");
-                }
-                else
-                        url = strdupa(arg_url);
-
-                log_info("Spawning curl %s...", url);
-                fd = spawn_curl(url);
-                if (fd < 0)
-                        return fd;
-
-                hostname =
-                        startswith(arg_url, "https://") ?:
-                        startswith(arg_url, "http://") ?:
-                        arg_url;
-
-                hostname = strdupa(hostname);
-                if ((p = strchr(hostname, '/')))
-                        *p = '\0';
-                if ((p = strchr(hostname, ':')))
-                        *p = '\0';
-
-                r = add_source(s, fd, hostname, false);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_listen_raw) {
-                log_debug("Listening on a socket...");
-                r = setup_raw_socket(s, arg_listen_raw);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_listen_http) {
-                r = setup_microhttpd_socket(s, arg_listen_http, NULL, NULL, NULL);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_listen_https) {
-                r = setup_microhttpd_socket(s, arg_listen_https, key, cert, trust);
-                if (r < 0)
-                        return r;
-        }
-
-        STRV_FOREACH(file, arg_files) {
-                const char *output_name;
-
-                if (streq(*file, "-")) {
-                        log_debug("Using standard input as source.");
-
-                        fd = STDIN_FILENO;
-                        output_name = "stdin";
-                } else {
-                        log_debug("Reading file %s...", *file);
-
-                        fd = open(*file, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
-                        if (fd < 0)
-                                return log_error_errno(errno, "Failed to open %s: %m", *file);
-                        output_name = *file;
-                }
-
-                r = add_source(s, fd, (char*) output_name, false);
-                if (r < 0)
-                        return r;
-        }
-
-        if (s->active == 0) {
-                log_error("Zero sources specified");
-                return -EINVAL;
-        }
-
-        if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE) {
-                /* In this case we know what the writer will be
-                   called, so we can create it and verify that we can
-                   create output as expected. */
-                r = get_writer(s, NULL, &s->_single_writer);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static void server_destroy(RemoteServer *s) {
-        size_t i;
-        MHDDaemonWrapper *d;
-
-        while ((d = hashmap_steal_first(s->daemons))) {
-                MHD_stop_daemon(d->daemon);
-                sd_event_source_unref(d->event);
-                free(d);
-        }
-
-        hashmap_free(s->daemons);
-
-        assert(s->sources_size == 0 || s->sources);
-        for (i = 0; i < s->sources_size; i++)
-                remove_source(s, i);
-        free(s->sources);
-
-        writer_unref(s->_single_writer);
-        hashmap_free(s->writers);
-
-        sd_event_source_unref(s->sigterm_event);
-        sd_event_source_unref(s->sigint_event);
-        sd_event_source_unref(s->listen_event);
-        sd_event_unref(s->events);
-
-        /* fds that we're listening on remain open... */
-}
-
-/**********************************************************************
- **********************************************************************
- **********************************************************************/
-
-static int handle_raw_source(sd_event_source *event,
-                             int fd,
-                             uint32_t revents,
-                             RemoteServer *s) {
-
-        RemoteSource *source;
-        int r;
-
-        /* Returns 1 if there might be more data pending,
-         * 0 if data is currently exhausted, negative on error.
-         */
-
-        assert(fd >= 0 && fd < (ssize_t) s->sources_size);
-        source = s->sources[fd];
-        assert(source->fd == fd);
-
-        r = process_source(source, arg_compress, arg_seal);
-        if (source->state == STATE_EOF) {
-                size_t remaining;
-
-                log_debug("EOF reached with source fd:%d (%s)",
-                          source->fd, source->name);
-
-                remaining = source_non_empty(source);
-                if (remaining > 0)
-                        log_notice("Premature EOF. %zu bytes lost.", remaining);
-                remove_source(s, source->fd);
-                log_debug("%zu active sources remaining", s->active);
-                return 0;
-        } else if (r == -E2BIG) {
-                log_notice_errno(E2BIG, "Entry too big, skipped");
-                return 1;
-        } else if (r == -EAGAIN) {
-                return 0;
-        } else if (r < 0) {
-                log_debug_errno(r, "Closing connection: %m");
-                remove_source(server, fd);
-                return 0;
-        } else
-                return 1;
-}
-
-static int dispatch_raw_source_until_block(sd_event_source *event,
-                                           void *userdata) {
-        RemoteSource *source = userdata;
-        int r;
-
-        /* Make sure event stays around even if source is destroyed */
-        sd_event_source_ref(event);
-
-        r = handle_raw_source(event, source->fd, EPOLLIN, server);
-        if (r != 1)
-                /* No more data for now */
-                sd_event_source_set_enabled(event, SD_EVENT_OFF);
-
-        sd_event_source_unref(event);
-
-        return r;
-}
-
-static int dispatch_raw_source_event(sd_event_source *event,
-                                     int fd,
-                                     uint32_t revents,
-                                     void *userdata) {
-        RemoteSource *source = userdata;
-        int r;
-
-        assert(source->event);
-        assert(source->buffer_event);
-
-        r = handle_raw_source(event, fd, EPOLLIN, server);
-        if (r == 1)
-                /* Might have more data. We need to rerun the handler
-                 * until we are sure the buffer is exhausted. */
-                sd_event_source_set_enabled(source->buffer_event, SD_EVENT_ON);
-
-        return r;
-}
-
-static int dispatch_blocking_source_event(sd_event_source *event,
-                                          void *userdata) {
-        RemoteSource *source = userdata;
-
-        return handle_raw_source(event, source->fd, EPOLLIN, server);
-}
-
-static int accept_connection(const char* type, int fd,
-                             SocketAddress *addr, char **hostname) {
-        int fd2, r;
-
-        log_debug("Accepting new %s connection on fd:%d", type, fd);
-        fd2 = accept4(fd, &addr->sockaddr.sa, &addr->size, SOCK_NONBLOCK|SOCK_CLOEXEC);
-        if (fd2 < 0)
-                return log_error_errno(errno, "accept() on fd:%d failed: %m", fd);
-
-        switch(socket_address_family(addr)) {
-        case AF_INET:
-        case AF_INET6: {
-                _cleanup_free_ char *a = NULL;
-                char *b;
-
-                r = socket_address_print(addr, &a);
-                if (r < 0) {
-                        log_error_errno(r, "socket_address_print(): %m");
-                        close(fd2);
-                        return r;
-                }
-
-                r = socknameinfo_pretty(&addr->sockaddr, addr->size, &b);
-                if (r < 0) {
-                        log_error_errno(r, "Resolving hostname failed: %m");
-                        close(fd2);
-                        return r;
-                }
-
-                log_debug("Accepted %s %s connection from %s",
-                          type,
-                          socket_address_family(addr) == AF_INET ? "IP" : "IPv6",
-                          a);
-
-                *hostname = b;
-
-                return fd2;
-        };
-        default:
-                log_error("Rejected %s connection with unsupported family %d",
-                          type, socket_address_family(addr));
-                close(fd2);
-
-                return -EINVAL;
-        }
-}
-
-static int dispatch_raw_connection_event(sd_event_source *event,
-                                         int fd,
-                                         uint32_t revents,
-                                         void *userdata) {
-        RemoteServer *s = userdata;
-        int fd2;
-        SocketAddress addr = {
-                .size = sizeof(union sockaddr_union),
-                .type = SOCK_STREAM,
-        };
-        char *hostname = NULL;
-
-        fd2 = accept_connection("raw", fd, &addr, &hostname);
-        if (fd2 < 0)
-                return fd2;
-
-        return add_source(s, fd2, hostname, true);
-}
-
-/**********************************************************************
- **********************************************************************
- **********************************************************************/
-
-static const char* const journal_write_split_mode_table[_JOURNAL_WRITE_SPLIT_MAX] = {
-        [JOURNAL_WRITE_SPLIT_NONE] = "none",
-        [JOURNAL_WRITE_SPLIT_HOST] = "host",
-};
-
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP(journal_write_split_mode, JournalWriteSplitMode);
-static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode,
-                                journal_write_split_mode,
-                                JournalWriteSplitMode,
-                                "Failed to parse split mode setting");
-
-static int parse_config(void) {
-        const ConfigTableItem items[] = {
-                { "Remote",  "Seal",                   config_parse_bool,             0, &arg_seal       },
-                { "Remote",  "SplitMode",              config_parse_write_split_mode, 0, &arg_split_mode },
-                { "Remote",  "ServerKeyFile",          config_parse_path,             0, &arg_key        },
-                { "Remote",  "ServerCertificateFile",  config_parse_path,             0, &arg_cert       },
-                { "Remote",  "TrustedCertificateFile", config_parse_path,             0, &arg_trust      },
-                {}};
-
-        return config_parse_many(PKGSYSCONFDIR "/journal-remote.conf",
-                                 CONF_PATHS_NULSTR("systemd/journal-remote.conf.d"),
-                                 "Remote\0", config_item_table_lookup, items,
-                                 false, NULL);
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] {FILE|-}...\n\n"
-               "Write external journal events to journal file(s).\n\n"
-               "  -h --help                 Show this help\n"
-               "     --version              Show package version\n"
-               "     --url=URL              Read events from systemd-journal-gatewayd at URL\n"
-               "     --getter=COMMAND       Read events from the output of COMMAND\n"
-               "     --listen-raw=ADDR      Listen for connections at ADDR\n"
-               "     --listen-http=ADDR     Listen for HTTP connections at ADDR\n"
-               "     --listen-https=ADDR    Listen for HTTPS connections at ADDR\n"
-               "  -o --output=FILE|DIR      Write output to FILE or DIR/external-*.journal\n"
-               "     --compress[=BOOL]      XZ-compress the output journal (default: yes)\n"
-               "     --seal[=BOOL]          Use event sealing (default: no)\n"
-               "     --key=FILENAME         SSL key in PEM format (default:\n"
-               "                            \"" PRIV_KEY_FILE "\")\n"
-               "     --cert=FILENAME        SSL certificate in PEM format (default:\n"
-               "                            \"" CERT_FILE "\")\n"
-               "     --trust=FILENAME|all   SSL CA certificate or disable checking (default:\n"
-               "                            \"" TRUST_FILE "\")\n"
-               "     --gnutls-log=CATEGORY...\n"
-               "                            Specify a list of gnutls logging categories\n"
-               "     --split-mode=none|host How many output files to create\n"
-               "\n"
-               "Note: file descriptors from sd_listen_fds() will be consumed, too.\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_URL,
-                ARG_LISTEN_RAW,
-                ARG_LISTEN_HTTP,
-                ARG_LISTEN_HTTPS,
-                ARG_GETTER,
-                ARG_SPLIT_MODE,
-                ARG_COMPRESS,
-                ARG_SEAL,
-                ARG_KEY,
-                ARG_CERT,
-                ARG_TRUST,
-                ARG_GNUTLS_LOG,
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'              },
-                { "version",      no_argument,       NULL, ARG_VERSION      },
-                { "url",          required_argument, NULL, ARG_URL          },
-                { "getter",       required_argument, NULL, ARG_GETTER       },
-                { "listen-raw",   required_argument, NULL, ARG_LISTEN_RAW   },
-                { "listen-http",  required_argument, NULL, ARG_LISTEN_HTTP  },
-                { "listen-https", required_argument, NULL, ARG_LISTEN_HTTPS },
-                { "output",       required_argument, NULL, 'o'              },
-                { "split-mode",   required_argument, NULL, ARG_SPLIT_MODE   },
-                { "compress",     optional_argument, NULL, ARG_COMPRESS     },
-                { "seal",         optional_argument, NULL, ARG_SEAL         },
-                { "key",          required_argument, NULL, ARG_KEY          },
-                { "cert",         required_argument, NULL, ARG_CERT         },
-                { "trust",        required_argument, NULL, ARG_TRUST        },
-                { "gnutls-log",   required_argument, NULL, ARG_GNUTLS_LOG   },
-                {}
-        };
-
-        int c, r;
-        bool type_a, type_b;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "ho:", options, NULL)) >= 0)
-                switch(c) {
-                case 'h':
-                        help();
-                        return 0 /* done */;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_URL:
-                        if (arg_url) {
-                                log_error("cannot currently set more than one --url");
-                                return -EINVAL;
-                        }
-
-                        arg_url = optarg;
-                        break;
-
-                case ARG_GETTER:
-                        if (arg_getter) {
-                                log_error("cannot currently use --getter more than once");
-                                return -EINVAL;
-                        }
-
-                        arg_getter = optarg;
-                        break;
-
-                case ARG_LISTEN_RAW:
-                        if (arg_listen_raw) {
-                                log_error("cannot currently use --listen-raw more than once");
-                                return -EINVAL;
-                        }
-
-                        arg_listen_raw = optarg;
-                        break;
-
-                case ARG_LISTEN_HTTP:
-                        if (arg_listen_http || http_socket >= 0) {
-                                log_error("cannot currently use --listen-http more than once");
-                                return -EINVAL;
-                        }
-
-                        r = negative_fd(optarg);
-                        if (r >= 0)
-                                http_socket = r;
-                        else
-                                arg_listen_http = optarg;
-                        break;
-
-                case ARG_LISTEN_HTTPS:
-                        if (arg_listen_https || https_socket >= 0) {
-                                log_error("cannot currently use --listen-https more than once");
-                                return -EINVAL;
-                        }
-
-                        r = negative_fd(optarg);
-                        if (r >= 0)
-                                https_socket = r;
-                        else
-                                arg_listen_https = optarg;
-
-                        break;
-
-                case ARG_KEY:
-                        if (arg_key) {
-                                log_error("Key file specified twice");
-                                return -EINVAL;
-                        }
-
-                        arg_key = strdup(optarg);
-                        if (!arg_key)
-                                return log_oom();
-
-                        break;
-
-                case ARG_CERT:
-                        if (arg_cert) {
-                                log_error("Certificate file specified twice");
-                                return -EINVAL;
-                        }
-
-                        arg_cert = strdup(optarg);
-                        if (!arg_cert)
-                                return log_oom();
-
-                        break;
-
-                case ARG_TRUST:
-                        if (arg_trust || arg_trust_all) {
-                                log_error("Confusing trusted CA configuration");
-                                return -EINVAL;
-                        }
-
-                        if (streq(optarg, "all"))
-                                arg_trust_all = true;
-                        else {
-#ifdef HAVE_GNUTLS
-                                arg_trust = strdup(optarg);
-                                if (!arg_trust)
-                                        return log_oom();
-#else
-                                log_error("Option --trust is not available.");
-                                return -EINVAL;
-#endif
-                        }
-
-                        break;
-
-                case 'o':
-                        if (arg_output) {
-                                log_error("cannot use --output/-o more than once");
-                                return -EINVAL;
-                        }
-
-                        arg_output = optarg;
-                        break;
-
-                case ARG_SPLIT_MODE:
-                        arg_split_mode = journal_write_split_mode_from_string(optarg);
-                        if (arg_split_mode == _JOURNAL_WRITE_SPLIT_INVALID) {
-                                log_error("Invalid split mode: %s", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_COMPRESS:
-                        if (optarg) {
-                                r = parse_boolean(optarg);
-                                if (r < 0) {
-                                        log_error("Failed to parse --compress= parameter.");
-                                        return -EINVAL;
-                                }
-
-                                arg_compress = !!r;
-                        } else
-                                arg_compress = true;
-
-                        break;
-
-                case ARG_SEAL:
-                        if (optarg) {
-                                r = parse_boolean(optarg);
-                                if (r < 0) {
-                                        log_error("Failed to parse --seal= parameter.");
-                                        return -EINVAL;
-                                }
-
-                                arg_seal = !!r;
-                        } else
-                                arg_seal = true;
-
-                        break;
-
-                case ARG_GNUTLS_LOG: {
-#ifdef HAVE_GNUTLS
-                        const char* p = optarg;
-                        for (;;) {
-                                _cleanup_free_ char *word = NULL;
-
-                                r = extract_first_word(&p, &word, ",", 0);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse --gnutls-log= argument: %m");
-
-                                if (r == 0)
-                                        break;
-
-                                if (strv_push(&arg_gnutls_log, word) < 0)
-                                        return log_oom();
-
-                                word = NULL;
-                        }
-                        break;
-#else
-                        log_error("Option --gnutls-log is not available.");
-                        return -EINVAL;
-#endif
-                }
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unknown option code.");
-                }
-
-        if (optind < argc)
-                arg_files = argv + optind;
-
-        type_a = arg_getter || !strv_isempty(arg_files);
-        type_b = arg_url
-                || arg_listen_raw
-                || arg_listen_http || arg_listen_https
-                || sd_listen_fds(false) > 0;
-        if (type_a && type_b) {
-                log_error("Cannot use file input or --getter with "
-                          "--arg-listen-... or socket activation.");
-                return -EINVAL;
-        }
-        if (type_a) {
-                if (!arg_output) {
-                        log_error("Option --output must be specified with file input or --getter.");
-                        return -EINVAL;
-                }
-
-                arg_split_mode = JOURNAL_WRITE_SPLIT_NONE;
-        }
-
-        if (arg_split_mode == JOURNAL_WRITE_SPLIT_NONE
-            && arg_output && is_dir(arg_output, true) > 0) {
-                log_error("For SplitMode=none, output must be a file.");
-                return -EINVAL;
-        }
-
-        if (arg_split_mode == JOURNAL_WRITE_SPLIT_HOST
-            && arg_output && is_dir(arg_output, true) <= 0) {
-                log_error("For SplitMode=host, output must be a directory.");
-                return -EINVAL;
-        }
-
-        log_debug("Full config: SplitMode=%s Key=%s Cert=%s Trust=%s",
-                  journal_write_split_mode_to_string(arg_split_mode),
-                  strna(arg_key),
-                  strna(arg_cert),
-                  strna(arg_trust));
-
-        return 1 /* work to do */;
-}
-
-static int load_certificates(char **key, char **cert, char **trust) {
-        int r;
-
-        r = read_full_file(arg_key ?: PRIV_KEY_FILE, key, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read key from file '%s': %m",
-                                       arg_key ?: PRIV_KEY_FILE);
-
-        r = read_full_file(arg_cert ?: CERT_FILE, cert, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read certificate from file '%s': %m",
-                                       arg_cert ?: CERT_FILE);
-
-        if (arg_trust_all)
-                log_info("Certificate checking disabled.");
-        else {
-                r = read_full_file(arg_trust ?: TRUST_FILE, trust, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to read CA certificate file '%s': %m",
-                                               arg_trust ?: TRUST_FILE);
-        }
-
-        return 0;
-}
-
-int main(int argc, char **argv) {
-        RemoteServer s = {};
-        int r;
-        _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
-
-        log_show_color(true);
-        log_parse_environment();
-
-        r = parse_config();
-        if (r < 0)
-                return EXIT_FAILURE;
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
-
-
-        if (arg_listen_http || arg_listen_https) {
-                r = setup_gnutls_logger(arg_gnutls_log);
-                if (r < 0)
-                        return EXIT_FAILURE;
-        }
-
-        if (arg_listen_https || https_socket >= 0)
-                if (load_certificates(&key, &cert, &trust) < 0)
-                        return EXIT_FAILURE;
-
-        if (remoteserver_init(&s, key, cert, trust) < 0)
-                return EXIT_FAILURE;
-
-        r = sd_event_set_watchdog(s.events, true);
-        if (r < 0)
-                log_error_errno(r, "Failed to enable watchdog: %m");
-        else
-                log_debug("Watchdog is %s.", r > 0 ? "enabled" : "disabled");
-
-        log_debug("%s running as pid "PID_FMT,
-                  program_invocation_short_name, getpid());
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing requests...");
-
-        while (s.active) {
-                r = sd_event_get_state(s.events);
-                if (r < 0)
-                        break;
-                if (r == SD_EVENT_FINISHED)
-                        break;
-
-                r = sd_event_run(s.events, -1);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to run event loop: %m");
-                        break;
-                }
-        }
-
-        sd_notifyf(false,
-                   "STOPPING=1\n"
-                   "STATUS=Shutting down after writing %" PRIu64 " entries...", s.event_count);
-        log_info("Finishing after writing %" PRIu64 " entries", s.event_count);
-
-        server_destroy(&s);
-
-        free(arg_key);
-        free(arg_cert);
-        free(arg_trust);
-
-        return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
-}
diff --git a/src/journal-remote/journal-remote.h b/src/journal-remote/journal-remote.h
deleted file mode 100644
index 30ad7df996..0000000000
--- a/src/journal-remote/journal-remote.h
+++ /dev/null
@@ -1,52 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "hashmap.h"
-#include "journal-remote-parse.h"
-#include "journal-remote-write.h"
-#include "microhttpd-util.h"
-
-typedef struct MHDDaemonWrapper MHDDaemonWrapper;
-
-struct MHDDaemonWrapper {
-        uint64_t fd;
-        struct MHD_Daemon *daemon;
-
-        sd_event_source *event;
-};
-
-struct RemoteServer {
-        RemoteSource **sources;
-        size_t sources_size;
-        size_t active;
-
-        sd_event *events;
-        sd_event_source *sigterm_event, *sigint_event, *listen_event;
-
-        Hashmap *writers;
-        Writer *_single_writer;
-        uint64_t event_count;
-
-        bool check_trust;
-        Hashmap *daemons;
-};
diff --git a/src/journal-remote/journal-upload-journal.c b/src/journal-remote/journal-upload-journal.c
deleted file mode 100644
index 8ce8e1895e..0000000000
--- a/src/journal-remote/journal-upload-journal.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <curl/curl.h>
-#include <stdbool.h>
-
-#include "alloc-util.h"
-#include "journal-upload.h"
-#include "log.h"
-#include "utf8.h"
-#include "util.h"
-#include "sd-daemon.h"
-
-/**
- * Write up to size bytes to buf. Return negative on error, and number of
- * bytes written otherwise. The last case is a kind of an error too.
- */
-static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
-        int r;
-        size_t pos = 0;
-
-        assert(size <= SSIZE_MAX);
-
-        for (;;) {
-
-                switch(u->entry_state) {
-                case ENTRY_CURSOR: {
-                        u->current_cursor = mfree(u->current_cursor);
-
-                        r = sd_journal_get_cursor(u->journal, &u->current_cursor);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get cursor: %m");
-
-                        r = snprintf(buf + pos, size - pos,
-                                     "__CURSOR=%s\n", u->current_cursor);
-                        if (pos + r > size)
-                                /* not enough space */
-                                return pos;
-
-                        u->entry_state++;
-
-                        if (pos + r == size) {
-                                /* exactly one character short, but we don't need it */
-                                buf[size - 1] = '\n';
-                                return size;
-                        }
-
-                        pos += r;
-                }       /* fall through */
-
-                case ENTRY_REALTIME: {
-                        usec_t realtime;
-
-                        r = sd_journal_get_realtime_usec(u->journal, &realtime);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get realtime timestamp: %m");
-
-                        r = snprintf(buf + pos, size - pos,
-                                     "__REALTIME_TIMESTAMP="USEC_FMT"\n", realtime);
-                        if (r + pos > size)
-                                /* not enough space */
-                                return pos;
-
-                        u->entry_state++;
-
-                        if (r + pos == size) {
-                                /* exactly one character short, but we don't need it */
-                                buf[size - 1] = '\n';
-                                return size;
-                        }
-
-                        pos += r;
-                }       /* fall through */
-
-                case ENTRY_MONOTONIC: {
-                        usec_t monotonic;
-                        sd_id128_t boot_id;
-
-                        r = sd_journal_get_monotonic_usec(u->journal, &monotonic, &boot_id);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
-
-                        r = snprintf(buf + pos, size - pos,
-                                     "__MONOTONIC_TIMESTAMP="USEC_FMT"\n", monotonic);
-                        if (r + pos > size)
-                                /* not enough space */
-                                return pos;
-
-                        u->entry_state++;
-
-                        if (r + pos == size) {
-                                /* exactly one character short, but we don't need it */
-                                buf[size - 1] = '\n';
-                                return size;
-                        }
-
-                        pos += r;
-                }       /* fall through */
-
-                case ENTRY_BOOT_ID: {
-                        sd_id128_t boot_id;
-                        char sid[33];
-
-                        r = sd_journal_get_monotonic_usec(u->journal, NULL, &boot_id);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
-
-                        r = snprintf(buf + pos, size - pos,
-                                     "_BOOT_ID=%s\n", sd_id128_to_string(boot_id, sid));
-                        if (r + pos > size)
-                                /* not enough space */
-                                return pos;
-
-                        u->entry_state++;
-
-                        if (r + pos == size) {
-                                /* exactly one character short, but we don't need it */
-                                buf[size - 1] = '\n';
-                                return size;
-                        }
-
-                        pos += r;
-                }       /* fall through */
-
-                case ENTRY_NEW_FIELD: {
-                        u->field_pos = 0;
-
-                        r = sd_journal_enumerate_data(u->journal,
-                                                      &u->field_data,
-                                                      &u->field_length);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to move to next field in entry: %m");
-                        else if (r == 0) {
-                                u->entry_state = ENTRY_OUTRO;
-                                continue;
-                        }
-
-                        if (!utf8_is_printable_newline(u->field_data,
-                                                       u->field_length, false)) {
-                                u->entry_state = ENTRY_BINARY_FIELD_START;
-                                continue;
-                        }
-
-                        u->entry_state++;
-                }       /* fall through */
-
-                case ENTRY_TEXT_FIELD:
-                case ENTRY_BINARY_FIELD: {
-                        bool done;
-                        size_t tocopy;
-
-                        done = size - pos > u->field_length - u->field_pos;
-                        if (done)
-                                tocopy = u->field_length - u->field_pos;
-                        else
-                                tocopy = size - pos;
-
-                        memcpy(buf + pos,
-                               (char*) u->field_data + u->field_pos,
-                               tocopy);
-
-                        if (done) {
-                                buf[pos + tocopy] = '\n';
-                                pos += tocopy + 1;
-                                u->entry_state = ENTRY_NEW_FIELD;
-                                continue;
-                        } else {
-                                u->field_pos += tocopy;
-                                return size;
-                        }
-                }
-
-                case ENTRY_BINARY_FIELD_START: {
-                        const char *c;
-                        size_t len;
-
-                        c = memchr(u->field_data, '=', u->field_length);
-                        if (!c || c == u->field_data) {
-                                log_error("Invalid field.");
-                                return -EINVAL;
-                        }
-
-                        len = c - (const char*)u->field_data;
-
-                        /* need space for label + '\n' */
-                        if (size - pos < len + 1)
-                                return pos;
-
-                        memcpy(buf + pos, u->field_data, len);
-                        buf[pos + len] = '\n';
-                        pos += len + 1;
-
-                        u->field_pos = len + 1;
-                        u->entry_state++;
-                }       /* fall through */
-
-                case ENTRY_BINARY_FIELD_SIZE: {
-                        uint64_t le64;
-
-                        /* need space for uint64_t */
-                        if (size - pos < 8)
-                                return pos;
-
-                        le64 = htole64(u->field_length - u->field_pos);
-                        memcpy(buf + pos, &le64, 8);
-                        pos += 8;
-
-                        u->entry_state++;
-                        continue;
-                }
-
-                case ENTRY_OUTRO:
-                        /* need space for '\n' */
-                        if (size - pos < 1)
-                                return pos;
-
-                        buf[pos++] = '\n';
-                        u->entry_state++;
-                        u->entries_sent++;
-
-                        return pos;
-
-                default:
-                        assert_not_reached("WTF?");
-                }
-        }
-        assert_not_reached("WTF?");
-}
-
-static inline void check_update_watchdog(Uploader *u) {
-        usec_t after;
-        usec_t elapsed_time;
-
-        if (u->watchdog_usec <= 0)
-                return;
-
-        after = now(CLOCK_MONOTONIC);
-        elapsed_time = usec_sub(after, u->watchdog_timestamp);
-        if (elapsed_time > u->watchdog_usec / 2) {
-                log_debug("Update watchdog timer");
-                sd_notify(false, "WATCHDOG=1");
-                u->watchdog_timestamp = after;
-        }
-}
-
-static size_t journal_input_callback(void *buf, size_t size, size_t nmemb, void *userp) {
-        Uploader *u = userp;
-        int r;
-        sd_journal *j;
-        size_t filled = 0;
-        ssize_t w;
-
-        assert(u);
-        assert(nmemb <= SSIZE_MAX / size);
-
-        check_update_watchdog(u);
-
-        j = u->journal;
-
-        while (j && filled < size * nmemb) {
-                if (u->entry_state == ENTRY_DONE) {
-                        r = sd_journal_next(j);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to move to next entry in journal: %m");
-                                return CURL_READFUNC_ABORT;
-                        } else if (r == 0) {
-                                if (u->input_event)
-                                        log_debug("No more entries, waiting for journal.");
-                                else {
-                                        log_info("No more entries, closing journal.");
-                                        close_journal_input(u);
-                                }
-
-                                u->uploading = false;
-
-                                break;
-                        }
-
-                        u->entry_state = ENTRY_CURSOR;
-                }
-
-                w = write_entry((char*)buf + filled, size * nmemb - filled, u);
-                if (w < 0)
-                        return CURL_READFUNC_ABORT;
-                filled += w;
-
-                if (filled == 0) {
-                        log_error("Buffer space is too small to write entry.");
-                        return CURL_READFUNC_ABORT;
-                } else if (u->entry_state != ENTRY_DONE)
-                        /* This means that all available space was used up */
-                        break;
-
-                log_debug("Entry %zu (%s) has been uploaded.",
-                          u->entries_sent, u->current_cursor);
-        }
-
-        return filled;
-}
-
-void close_journal_input(Uploader *u) {
-        assert(u);
-
-        if (u->journal) {
-                log_debug("Closing journal input.");
-
-                sd_journal_close(u->journal);
-                u->journal = NULL;
-        }
-        u->timeout = 0;
-}
-
-static int process_journal_input(Uploader *u, int skip) {
-        int r;
-
-        if (u->uploading)
-                return 0;
-
-        r = sd_journal_next_skip(u->journal, skip);
-        if (r < 0)
-                return log_error_errno(r, "Failed to skip to next entry: %m");
-        else if (r < skip)
-                return 0;
-
-        /* have data */
-        u->entry_state = ENTRY_CURSOR;
-        return start_upload(u, journal_input_callback, u);
-}
-
-int check_journal_input(Uploader *u) {
-        if (u->input_event) {
-                int r;
-
-                r = sd_journal_process(u->journal);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to process journal: %m");
-                        close_journal_input(u);
-                        return r;
-                }
-
-                if (r == SD_JOURNAL_NOP)
-                        return 0;
-        }
-
-        return process_journal_input(u, 1);
-}
-
-static int dispatch_journal_input(sd_event_source *event,
-                                  int fd,
-                                  uint32_t revents,
-                                  void *userp) {
-        Uploader *u = userp;
-
-        assert(u);
-
-        if (u->uploading)
-                return 0;
-
-        log_debug("Detected journal input, checking for new data.");
-        return check_journal_input(u);
-}
-
-int open_journal_for_upload(Uploader *u,
-                            sd_journal *j,
-                            const char *cursor,
-                            bool after_cursor,
-                            bool follow) {
-        int fd, r, events;
-
-        u->journal = j;
-
-        sd_journal_set_data_threshold(j, 0);
-
-        if (follow) {
-                fd = sd_journal_get_fd(j);
-                if (fd < 0)
-                        return log_error_errno(fd, "sd_journal_get_fd failed: %m");
-
-                events = sd_journal_get_events(j);
-
-                r = sd_journal_reliable_fd(j);
-                assert(r >= 0);
-                if (r > 0)
-                        u->timeout = -1;
-                else
-                        u->timeout = JOURNAL_UPLOAD_POLL_TIMEOUT;
-
-                r = sd_event_add_io(u->events, &u->input_event,
-                                    fd, events, dispatch_journal_input, u);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to register input event: %m");
-
-                log_debug("Listening for journal events on fd:%d, timeout %d",
-                          fd, u->timeout == (uint64_t) -1 ? -1 : (int) u->timeout);
-        } else
-                log_debug("Not listening for journal events.");
-
-        if (cursor) {
-                r = sd_journal_seek_cursor(j, cursor);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to seek to cursor %s: %m",
-                                               cursor);
-        }
-
-        return process_journal_input(u, 1 + !!after_cursor);
-}
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
deleted file mode 100644
index 4647cfdeb3..0000000000
--- a/src/journal-remote/journal-upload.c
+++ /dev/null
@@ -1,880 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <curl/curl.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <sys/stat.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "conf-parser.h"
-#include "def.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "glob-util.h"
-#include "journal-upload.h"
-#include "log.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "sigbus.h"
-#include "signal-util.h"
-#include "string-util.h"
-#include "util.h"
-
-#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem"
-#define CERT_FILE     CERTIFICATE_ROOT "/certs/journal-upload.pem"
-#define TRUST_FILE    CERTIFICATE_ROOT "/ca/trusted.pem"
-#define DEFAULT_PORT  19532
-
-static const char* arg_url = NULL;
-static const char *arg_key = NULL;
-static const char *arg_cert = NULL;
-static const char *arg_trust = NULL;
-static const char *arg_directory = NULL;
-static char **arg_file = NULL;
-static const char *arg_cursor = NULL;
-static bool arg_after_cursor = false;
-static int arg_journal_type = 0;
-static const char *arg_machine = NULL;
-static bool arg_merge = false;
-static int arg_follow = -1;
-static const char *arg_save_state = NULL;
-
-static void close_fd_input(Uploader *u);
-
-#define SERVER_ANSWER_KEEP 2048
-
-#define STATE_FILE "/var/lib/systemd/journal-upload/state"
-
-#define easy_setopt(curl, opt, value, level, cmd)                       \
-        do {                                                            \
-                code = curl_easy_setopt(curl, opt, value);              \
-                if (code) {                                             \
-                        log_full(level,                                 \
-                                 "curl_easy_setopt " #opt " failed: %s", \
-                                  curl_easy_strerror(code));            \
-                        cmd;                                            \
-                }                                                       \
-        } while (0)
-
-static size_t output_callback(char *buf,
-                              size_t size,
-                              size_t nmemb,
-                              void *userp) {
-        Uploader *u = userp;
-
-        assert(u);
-
-        log_debug("The server answers (%zu bytes): %.*s",
-                  size*nmemb, (int)(size*nmemb), buf);
-
-        if (nmemb && !u->answer) {
-                u->answer = strndup(buf, size*nmemb);
-                if (!u->answer)
-                        log_warning_errno(ENOMEM, "Failed to store server answer (%zu bytes): %m",
-                                          size*nmemb);
-        }
-
-        return size * nmemb;
-}
-
-static int check_cursor_updating(Uploader *u) {
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        if (!u->state_file)
-                return 0;
-
-        r = mkdir_parents(u->state_file, 0755);
-        if (r < 0)
-                return log_error_errno(r, "Cannot create parent directory of state file %s: %m",
-                                       u->state_file);
-
-        r = fopen_temporary(u->state_file, &f, &temp_path);
-        if (r < 0)
-                return log_error_errno(r, "Cannot save state to %s: %m",
-                                       u->state_file);
-        unlink(temp_path);
-
-        return 0;
-}
-
-static int update_cursor_state(Uploader *u) {
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        if (!u->state_file || !u->last_cursor)
-                return 0;
-
-        r = fopen_temporary(u->state_file, &f, &temp_path);
-        if (r < 0)
-                goto fail;
-
-        fprintf(f,
-                "# This is private data. Do not parse.\n"
-                "LAST_CURSOR=%s\n",
-                u->last_cursor);
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, u->state_file) < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        if (temp_path)
-                (void) unlink(temp_path);
-
-        (void) unlink(u->state_file);
-
-        return log_error_errno(r, "Failed to save state %s: %m", u->state_file);
-}
-
-static int load_cursor_state(Uploader *u) {
-        int r;
-
-        if (!u->state_file)
-                return 0;
-
-        r = parse_env_file(u->state_file, NEWLINE,
-                           "LAST_CURSOR",  &u->last_cursor,
-                           NULL);
-
-        if (r == -ENOENT)
-                log_debug("State file %s is not present.", u->state_file);
-        else if (r < 0)
-                return log_error_errno(r, "Failed to read state file %s: %m",
-                                       u->state_file);
-        else
-                log_debug("Last cursor was %s", u->last_cursor);
-
-        return 0;
-}
-
-
-
-int start_upload(Uploader *u,
-                 size_t (*input_callback)(void *ptr,
-                                          size_t size,
-                                          size_t nmemb,
-                                          void *userdata),
-                 void *data) {
-        CURLcode code;
-
-        assert(u);
-        assert(input_callback);
-
-        if (!u->header) {
-                struct curl_slist *h;
-
-                h = curl_slist_append(NULL, "Content-Type: application/vnd.fdo.journal");
-                if (!h)
-                        return log_oom();
-
-                h = curl_slist_append(h, "Transfer-Encoding: chunked");
-                if (!h) {
-                        curl_slist_free_all(h);
-                        return log_oom();
-                }
-
-                h = curl_slist_append(h, "Accept: text/plain");
-                if (!h) {
-                        curl_slist_free_all(h);
-                        return log_oom();
-                }
-
-                u->header = h;
-        }
-
-        if (!u->easy) {
-                CURL *curl;
-
-                curl = curl_easy_init();
-                if (!curl) {
-                        log_error("Call to curl_easy_init failed.");
-                        return -ENOSR;
-                }
-
-                /* tell it to POST to the URL */
-                easy_setopt(curl, CURLOPT_POST, 1L,
-                            LOG_ERR, return -EXFULL);
-
-                easy_setopt(curl, CURLOPT_ERRORBUFFER, u->error,
-                            LOG_ERR, return -EXFULL);
-
-                /* set where to write to */
-                easy_setopt(curl, CURLOPT_WRITEFUNCTION, output_callback,
-                            LOG_ERR, return -EXFULL);
-
-                easy_setopt(curl, CURLOPT_WRITEDATA, data,
-                            LOG_ERR, return -EXFULL);
-
-                /* set where to read from */
-                easy_setopt(curl, CURLOPT_READFUNCTION, input_callback,
-                            LOG_ERR, return -EXFULL);
-
-                easy_setopt(curl, CURLOPT_READDATA, data,
-                            LOG_ERR, return -EXFULL);
-
-                /* use our special own mime type and chunked transfer */
-                easy_setopt(curl, CURLOPT_HTTPHEADER, u->header,
-                            LOG_ERR, return -EXFULL);
-
-                if (_unlikely_(log_get_max_level() >= LOG_DEBUG))
-                        /* enable verbose for easier tracing */
-                        easy_setopt(curl, CURLOPT_VERBOSE, 1L, LOG_WARNING, );
-
-                easy_setopt(curl, CURLOPT_USERAGENT,
-                            "systemd-journal-upload " PACKAGE_STRING,
-                            LOG_WARNING, );
-
-                if (arg_key || startswith(u->url, "https://")) {
-                        easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: PRIV_KEY_FILE,
-                                    LOG_ERR, return -EXFULL);
-                        easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE,
-                                    LOG_ERR, return -EXFULL);
-                }
-
-                if (streq_ptr(arg_trust, "all"))
-                        easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0,
-                                    LOG_ERR, return -EUCLEAN);
-                else if (arg_trust || startswith(u->url, "https://"))
-                        easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE,
-                                    LOG_ERR, return -EXFULL);
-
-                if (arg_key || arg_trust)
-                        easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1,
-                                    LOG_WARNING, );
-
-                u->easy = curl;
-        } else {
-                /* truncate the potential old error message */
-                u->error[0] = '\0';
-
-                free(u->answer);
-                u->answer = 0;
-        }
-
-        /* upload to this place */
-        code = curl_easy_setopt(u->easy, CURLOPT_URL, u->url);
-        if (code) {
-                log_error("curl_easy_setopt CURLOPT_URL failed: %s",
-                          curl_easy_strerror(code));
-                return -EXFULL;
-        }
-
-        u->uploading = true;
-
-        return 0;
-}
-
-static size_t fd_input_callback(void *buf, size_t size, size_t nmemb, void *userp) {
-        Uploader *u = userp;
-
-        ssize_t r;
-
-        assert(u);
-        assert(nmemb <= SSIZE_MAX / size);
-
-        if (u->input < 0)
-                return 0;
-
-        r = read(u->input, buf, size * nmemb);
-        log_debug("%s: allowed %zu, read %zd", __func__, size*nmemb, r);
-
-        if (r > 0)
-                return r;
-
-        u->uploading = false;
-        if (r == 0) {
-                log_debug("Reached EOF");
-                close_fd_input(u);
-                return 0;
-        } else {
-                log_error_errno(errno, "Aborting transfer after read error on input: %m.");
-                return CURL_READFUNC_ABORT;
-        }
-}
-
-static void close_fd_input(Uploader *u) {
-        assert(u);
-
-        if (u->input >= 0)
-                close_nointr(u->input);
-        u->input = -1;
-        u->timeout = 0;
-}
-
-static int dispatch_fd_input(sd_event_source *event,
-                             int fd,
-                             uint32_t revents,
-                             void *userp) {
-        Uploader *u = userp;
-
-        assert(u);
-        assert(fd >= 0);
-
-        if (revents & EPOLLHUP) {
-                log_debug("Received HUP");
-                close_fd_input(u);
-                return 0;
-        }
-
-        if (!(revents & EPOLLIN)) {
-                log_warning("Unexpected poll event %"PRIu32".", revents);
-                return -EINVAL;
-        }
-
-        if (u->uploading) {
-                log_warning("dispatch_fd_input called when uploading, ignoring.");
-                return 0;
-        }
-
-        return start_upload(u, fd_input_callback, u);
-}
-
-static int open_file_for_upload(Uploader *u, const char *filename) {
-        int fd, r = 0;
-
-        if (streq(filename, "-"))
-                fd = STDIN_FILENO;
-        else {
-                fd = open(filename, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                if (fd < 0)
-                        return log_error_errno(errno, "Failed to open %s: %m", filename);
-        }
-
-        u->input = fd;
-
-        if (arg_follow) {
-                r = sd_event_add_io(u->events, &u->input_event,
-                                    fd, EPOLLIN, dispatch_fd_input, u);
-                if (r < 0) {
-                        if (r != -EPERM || arg_follow > 0)
-                                return log_error_errno(r, "Failed to register input event: %m");
-
-                        /* Normal files should just be consumed without polling. */
-                        r = start_upload(u, fd_input_callback, u);
-                }
-        }
-
-        return r;
-}
-
-static int dispatch_sigterm(sd_event_source *event,
-                            const struct signalfd_siginfo *si,
-                            void *userdata) {
-        Uploader *u = userdata;
-
-        assert(u);
-
-        log_received_signal(LOG_INFO, si);
-
-        close_fd_input(u);
-        close_journal_input(u);
-
-        sd_event_exit(u->events, 0);
-        return 0;
-}
-
-static int setup_signals(Uploader *u) {
-        int r;
-
-        assert(u);
-
-        assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, -1) >= 0);
-
-        r = sd_event_add_signal(u->events, &u->sigterm_event, SIGTERM, dispatch_sigterm, u);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_signal(u->events, &u->sigint_event, SIGINT, dispatch_sigterm, u);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int setup_uploader(Uploader *u, const char *url, const char *state_file) {
-        int r;
-        const char *host, *proto = "";
-
-        assert(u);
-        assert(url);
-
-        memzero(u, sizeof(Uploader));
-        u->input = -1;
-
-        if (!(host = startswith(url, "http://")) && !(host = startswith(url, "https://"))) {
-                host = url;
-                proto = "https://";
-        }
-
-        if (strchr(host, ':'))
-                u->url = strjoin(proto, url, "/upload", NULL);
-        else {
-                char *t;
-                size_t x;
-
-                t = strdupa(url);
-                x = strlen(t);
-                while (x > 0 && t[x - 1] == '/')
-                        t[x - 1] = '\0';
-
-                u->url = strjoin(proto, t, ":" STRINGIFY(DEFAULT_PORT), "/upload", NULL);
-        }
-        if (!u->url)
-                return log_oom();
-
-        u->state_file = state_file;
-
-        r = sd_event_default(&u->events);
-        if (r < 0)
-                return log_error_errno(r, "sd_event_default failed: %m");
-
-        r = setup_signals(u);
-        if (r < 0)
-                return log_error_errno(r, "Failed to set up signals: %m");
-
-        (void) sd_watchdog_enabled(false, &u->watchdog_usec);
-
-        return load_cursor_state(u);
-}
-
-static void destroy_uploader(Uploader *u) {
-        assert(u);
-
-        curl_easy_cleanup(u->easy);
-        curl_slist_free_all(u->header);
-        free(u->answer);
-
-        free(u->last_cursor);
-        free(u->current_cursor);
-
-        free(u->url);
-
-        u->input_event = sd_event_source_unref(u->input_event);
-
-        close_fd_input(u);
-        close_journal_input(u);
-
-        sd_event_source_unref(u->sigterm_event);
-        sd_event_source_unref(u->sigint_event);
-        sd_event_unref(u->events);
-}
-
-static int perform_upload(Uploader *u) {
-        CURLcode code;
-        long status;
-
-        assert(u);
-
-        u->watchdog_timestamp = now(CLOCK_MONOTONIC);
-        code = curl_easy_perform(u->easy);
-        if (code) {
-                if (u->error[0])
-                        log_error("Upload to %s failed: %.*s",
-                                  u->url, (int) sizeof(u->error), u->error);
-                else
-                        log_error("Upload to %s failed: %s",
-                                  u->url, curl_easy_strerror(code));
-                return -EIO;
-        }
-
-        code = curl_easy_getinfo(u->easy, CURLINFO_RESPONSE_CODE, &status);
-        if (code) {
-                log_error("Failed to retrieve response code: %s",
-                          curl_easy_strerror(code));
-                return -EUCLEAN;
-        }
-
-        if (status >= 300) {
-                log_error("Upload to %s failed with code %ld: %s",
-                          u->url, status, strna(u->answer));
-                return -EIO;
-        } else if (status < 200) {
-                log_error("Upload to %s finished with unexpected code %ld: %s",
-                          u->url, status, strna(u->answer));
-                return -EIO;
-        } else
-                log_debug("Upload finished successfully with code %ld: %s",
-                          status, strna(u->answer));
-
-        free(u->last_cursor);
-        u->last_cursor = u->current_cursor;
-        u->current_cursor = NULL;
-
-        return update_cursor_state(u);
-}
-
-static int parse_config(void) {
-        const ConfigTableItem items[] = {
-                { "Upload",  "URL",                    config_parse_string, 0, &arg_url    },
-                { "Upload",  "ServerKeyFile",          config_parse_path,   0, &arg_key    },
-                { "Upload",  "ServerCertificateFile",  config_parse_path,   0, &arg_cert   },
-                { "Upload",  "TrustedCertificateFile", config_parse_path,   0, &arg_trust  },
-                {}};
-
-        return config_parse_many(PKGSYSCONFDIR "/journal-upload.conf",
-                                 CONF_PATHS_NULSTR("systemd/journal-upload.conf.d"),
-                                 "Upload\0", config_item_table_lookup, items,
-                                 false, NULL);
-}
-
-static void help(void) {
-        printf("%s -u URL {FILE|-}...\n\n"
-               "Upload journal events to a remote server.\n\n"
-               "  -h --help                 Show this help\n"
-               "     --version              Show package version\n"
-               "  -u --url=URL              Upload to this address (default port "
-                                            STRINGIFY(DEFAULT_PORT) ")\n"
-               "     --key=FILENAME         Specify key in PEM format (default:\n"
-               "                            \"" PRIV_KEY_FILE "\")\n"
-               "     --cert=FILENAME        Specify certificate in PEM format (default:\n"
-               "                            \"" CERT_FILE "\")\n"
-               "     --trust=FILENAME|all   Specify CA certificate or disable checking (default:\n"
-               "                            \"" TRUST_FILE "\")\n"
-               "     --system               Use the system journal\n"
-               "     --user                 Use the user journal for the current user\n"
-               "  -m --merge                Use  all available journals\n"
-               "  -M --machine=CONTAINER    Operate on local container\n"
-               "  -D --directory=PATH       Use journal files from directory\n"
-               "     --file=PATH            Use this journal file\n"
-               "     --cursor=CURSOR        Start at the specified cursor\n"
-               "     --after-cursor=CURSOR  Start after the specified cursor\n"
-               "     --follow[=BOOL]        Do [not] wait for input\n"
-               "     --save-state[=FILE]    Save uploaded cursors (default \n"
-               "                            " STATE_FILE ")\n"
-               "  -h --help                 Show this help and exit\n"
-               "     --version              Print version string and exit\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_KEY,
-                ARG_CERT,
-                ARG_TRUST,
-                ARG_USER,
-                ARG_SYSTEM,
-                ARG_FILE,
-                ARG_CURSOR,
-                ARG_AFTER_CURSOR,
-                ARG_FOLLOW,
-                ARG_SAVE_STATE,
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'                },
-                { "version",      no_argument,       NULL, ARG_VERSION        },
-                { "url",          required_argument, NULL, 'u'                },
-                { "key",          required_argument, NULL, ARG_KEY            },
-                { "cert",         required_argument, NULL, ARG_CERT           },
-                { "trust",        required_argument, NULL, ARG_TRUST          },
-                { "system",       no_argument,       NULL, ARG_SYSTEM         },
-                { "user",         no_argument,       NULL, ARG_USER           },
-                { "merge",        no_argument,       NULL, 'm'                },
-                { "machine",      required_argument, NULL, 'M'                },
-                { "directory",    required_argument, NULL, 'D'                },
-                { "file",         required_argument, NULL, ARG_FILE           },
-                { "cursor",       required_argument, NULL, ARG_CURSOR         },
-                { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR   },
-                { "follow",       optional_argument, NULL, ARG_FOLLOW         },
-                { "save-state",   optional_argument, NULL, ARG_SAVE_STATE     },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        opterr = 0;
-
-        while ((c = getopt_long(argc, argv, "hu:mM:D:", options, NULL)) >= 0)
-                switch(c) {
-                case 'h':
-                        help();
-                        return 0 /* done */;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'u':
-                        if (arg_url) {
-                                log_error("cannot use more than one --url");
-                                return -EINVAL;
-                        }
-
-                        arg_url = optarg;
-                        break;
-
-                case ARG_KEY:
-                        if (arg_key) {
-                                log_error("cannot use more than one --key");
-                                return -EINVAL;
-                        }
-
-                        arg_key = optarg;
-                        break;
-
-                case ARG_CERT:
-                        if (arg_cert) {
-                                log_error("cannot use more than one --cert");
-                                return -EINVAL;
-                        }
-
-                        arg_cert = optarg;
-                        break;
-
-                case ARG_TRUST:
-                        if (arg_trust) {
-                                log_error("cannot use more than one --trust");
-                                return -EINVAL;
-                        }
-
-                        arg_trust = optarg;
-                        break;
-
-                case ARG_SYSTEM:
-                        arg_journal_type |= SD_JOURNAL_SYSTEM;
-                        break;
-
-                case ARG_USER:
-                        arg_journal_type |= SD_JOURNAL_CURRENT_USER;
-                        break;
-
-                case 'm':
-                        arg_merge = true;
-                        break;
-
-                case 'M':
-                        if (arg_machine) {
-                                log_error("cannot use more than one --machine/-M");
-                                return -EINVAL;
-                        }
-
-                        arg_machine = optarg;
-                        break;
-
-                case 'D':
-                        if (arg_directory) {
-                                log_error("cannot use more than one --directory/-D");
-                                return -EINVAL;
-                        }
-
-                        arg_directory = optarg;
-                        break;
-
-                case ARG_FILE:
-                        r = glob_extend(&arg_file, optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to add paths: %m");
-                        break;
-
-                case ARG_CURSOR:
-                        if (arg_cursor) {
-                                log_error("cannot use more than one --cursor/--after-cursor");
-                                return -EINVAL;
-                        }
-
-                        arg_cursor = optarg;
-                        break;
-
-                case ARG_AFTER_CURSOR:
-                        if (arg_cursor) {
-                                log_error("cannot use more than one --cursor/--after-cursor");
-                                return -EINVAL;
-                        }
-
-                        arg_cursor = optarg;
-                        arg_after_cursor = true;
-                        break;
-
-                case ARG_FOLLOW:
-                        if (optarg) {
-                                r = parse_boolean(optarg);
-                                if (r < 0) {
-                                        log_error("Failed to parse --follow= parameter.");
-                                        return -EINVAL;
-                                }
-
-                                arg_follow = !!r;
-                        } else
-                                arg_follow = true;
-
-                        break;
-
-                case ARG_SAVE_STATE:
-                        arg_save_state = optarg ?: STATE_FILE;
-                        break;
-
-                case '?':
-                        log_error("Unknown option %s.", argv[optind-1]);
-                        return -EINVAL;
-
-                case ':':
-                        log_error("Missing argument to %s.", argv[optind-1]);
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option code.");
-                }
-
-        if (!arg_url) {
-                log_error("Required --url/-u option missing.");
-                return -EINVAL;
-        }
-
-        if (!!arg_key != !!arg_cert) {
-                log_error("Options --key and --cert must be used together.");
-                return -EINVAL;
-        }
-
-        if (optind < argc && (arg_directory || arg_file || arg_machine || arg_journal_type)) {
-                log_error("Input arguments make no sense with journal input.");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-static int open_journal(sd_journal **j) {
-        int r;
-
-        if (arg_directory)
-                r = sd_journal_open_directory(j, arg_directory, arg_journal_type);
-        else if (arg_file)
-                r = sd_journal_open_files(j, (const char**) arg_file, 0);
-        else if (arg_machine)
-                r = sd_journal_open_container(j, arg_machine, 0);
-        else
-                r = sd_journal_open(j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
-        if (r < 0)
-                log_error_errno(r, "Failed to open %s: %m",
-                                arg_directory ? arg_directory : arg_file ? "files" : "journal");
-        return r;
-}
-
-int main(int argc, char **argv) {
-        Uploader u;
-        int r;
-        bool use_journal;
-
-        log_show_color(true);
-        log_parse_environment();
-
-        r = parse_config();
-        if (r < 0)
-                goto finish;
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        sigbus_install();
-
-        r = setup_uploader(&u, arg_url, arg_save_state);
-        if (r < 0)
-                goto cleanup;
-
-        sd_event_set_watchdog(u.events, true);
-
-        r = check_cursor_updating(&u);
-        if (r < 0)
-                goto cleanup;
-
-        log_debug("%s running as pid "PID_FMT,
-                  program_invocation_short_name, getpid());
-
-        use_journal = optind >= argc;
-        if (use_journal) {
-                sd_journal *j;
-                r = open_journal(&j);
-                if (r < 0)
-                        goto finish;
-                r = open_journal_for_upload(&u, j,
-                                            arg_cursor ?: u.last_cursor,
-                                            arg_cursor ? arg_after_cursor : true,
-                                            !!arg_follow);
-                if (r < 0)
-                        goto finish;
-        }
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing input...");
-
-        for (;;) {
-                r = sd_event_get_state(u.events);
-                if (r < 0)
-                        break;
-                if (r == SD_EVENT_FINISHED)
-                        break;
-
-                if (use_journal) {
-                        if (!u.journal)
-                                break;
-
-                        r = check_journal_input(&u);
-                } else if (u.input < 0 && !use_journal) {
-                        if (optind >= argc)
-                                break;
-
-                        log_debug("Using %s as input.", argv[optind]);
-                        r = open_file_for_upload(&u, argv[optind++]);
-                }
-                if (r < 0)
-                        goto cleanup;
-
-                if (u.uploading) {
-                        r = perform_upload(&u);
-                        if (r < 0)
-                                break;
-                }
-
-                r = sd_event_run(u.events, u.timeout);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to run event loop: %m");
-                        break;
-                }
-        }
-
-cleanup:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Shutting down...");
-
-        destroy_uploader(&u);
-
-finish:
-        return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
-}
diff --git a/src/journal-remote/journal-upload.h b/src/journal-remote/journal-upload.h
deleted file mode 100644
index 5711905f86..0000000000
--- a/src/journal-remote/journal-upload.h
+++ /dev/null
@@ -1,71 +0,0 @@
-#pragma once
-
-#include <inttypes.h>
-
-#include "sd-event.h"
-#include "sd-journal.h"
-#include "time-util.h"
-
-typedef enum {
-        ENTRY_CURSOR = 0,           /* Nothing actually written yet. */
-        ENTRY_REALTIME,
-        ENTRY_MONOTONIC,
-        ENTRY_BOOT_ID,
-        ENTRY_NEW_FIELD,            /* In between fields. */
-        ENTRY_TEXT_FIELD,           /* In the middle of a text field. */
-        ENTRY_BINARY_FIELD_START,   /* Writing the name of a binary field. */
-        ENTRY_BINARY_FIELD_SIZE,    /* Writing the size of a binary field. */
-        ENTRY_BINARY_FIELD,         /* In the middle of a binary field. */
-        ENTRY_OUTRO,                /* Writing '\n' */
-        ENTRY_DONE,                 /* Need to move to a new field. */
-} entry_state;
-
-typedef struct Uploader {
-        sd_event *events;
-        sd_event_source *sigint_event, *sigterm_event;
-
-        char *url;
-        CURL *easy;
-        bool uploading;
-        char error[CURL_ERROR_SIZE];
-        struct curl_slist *header;
-        char *answer;
-
-        sd_event_source *input_event;
-        uint64_t timeout;
-
-        /* fd stuff */
-        int input;
-
-        /* journal stuff */
-        sd_journal* journal;
-
-        entry_state entry_state;
-        const void *field_data;
-        size_t field_pos, field_length;
-
-        /* general metrics */
-        const char *state_file;
-
-        size_t entries_sent;
-        char *last_cursor, *current_cursor;
-        usec_t watchdog_timestamp;
-        usec_t watchdog_usec;
-} Uploader;
-
-#define JOURNAL_UPLOAD_POLL_TIMEOUT (10 * USEC_PER_SEC)
-
-int start_upload(Uploader *u,
-                 size_t (*input_callback)(void *ptr,
-                                          size_t size,
-                                          size_t nmemb,
-                                          void *userdata),
-                 void *data);
-
-int open_journal_for_upload(Uploader *u,
-                            sd_journal *j,
-                            const char *cursor,
-                            bool after_cursor,
-                            bool follow);
-void close_journal_input(Uploader *u);
-int check_journal_input(Uploader *u);
diff --git a/src/journal/Makefile b/src/journal/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/journal/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/journal/cat.c b/src/journal/cat.c
deleted file mode 100644
index 08c844d44f..0000000000
--- a/src/journal/cat.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "sd-journal.h"
-
-#include "fd-util.h"
-#include "parse-util.h"
-#include "string-util.h"
-#include "syslog-util.h"
-#include "util.h"
-
-static const char *arg_identifier = NULL;
-static int arg_priority = LOG_INFO;
-static bool arg_level_prefix = true;
-
-static void help(void) {
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Execute process with stdout/stderr connected to the journal.\n\n"
-               "  -h --help               Show this help\n"
-               "     --version            Show package version\n"
-               "  -t --identifier=STRING  Set syslog identifier\n"
-               "  -p --priority=PRIORITY  Set priority value (0..7)\n"
-               "     --level-prefix=BOOL  Control whether level prefix shall be parsed\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_LEVEL_PREFIX
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'              },
-                { "version",      no_argument,       NULL, ARG_VERSION      },
-                { "identifier",   required_argument, NULL, 't'              },
-                { "priority",     required_argument, NULL, 'p'              },
-                { "level-prefix", required_argument, NULL, ARG_LEVEL_PREFIX },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "+ht:p:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 't':
-                        if (isempty(optarg))
-                                arg_identifier = NULL;
-                        else
-                                arg_identifier = optarg;
-                        break;
-
-                case 'p':
-                        arg_priority = log_level_from_string(optarg);
-                        if (arg_priority < 0) {
-                                log_error("Failed to parse priority value.");
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_LEVEL_PREFIX: {
-                        int k;
-
-                        k = parse_boolean(optarg);
-                        if (k < 0)
-                                return log_error_errno(k, "Failed to parse level prefix value.");
-
-                        arg_level_prefix = k;
-                        break;
-                }
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_close_ int  fd = -1, saved_stderr = -1;
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        fd = sd_journal_stream_fd(arg_identifier, arg_priority, arg_level_prefix);
-        if (fd < 0) {
-                r = log_error_errno(fd, "Failed to create stream fd: %m");
-                goto finish;
-        }
-
-        saved_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
-
-        if (dup3(fd, STDOUT_FILENO, 0) < 0 ||
-            dup3(fd, STDERR_FILENO, 0) < 0) {
-                r = log_error_errno(errno, "Failed to duplicate fd: %m");
-                goto finish;
-        }
-
-        if (fd >= 3)
-                safe_close(fd);
-        fd = -1;
-
-        if (argc <= optind)
-                (void) execl("/bin/cat", "/bin/cat", NULL);
-        else
-                (void) execvp(argv[optind], argv + optind);
-        r = -errno;
-
-        /* Let's try to restore a working stderr, so we can print the error message */
-        if (saved_stderr >= 0)
-                (void) dup3(saved_stderr, STDERR_FILENO, 0);
-
-        log_error_errno(r, "Failed to execute process: %m");
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/journal/catalog.c b/src/journal/catalog.c
deleted file mode 100644
index 886f6efd8b..0000000000
--- a/src/journal/catalog.c
+++ /dev/null
@@ -1,767 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <locale.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "catalog.h"
-#include "conf-files.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "hashmap.h"
-#include "log.h"
-#include "mkdir.h"
-#include "path-util.h"
-#include "siphash24.h"
-#include "sparse-endian.h"
-#include "strbuf.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-const char * const catalog_file_dirs[] = {
-        "/usr/local/lib/systemd/catalog/",
-        "/usr/lib/systemd/catalog/",
-        NULL
-};
-
-#define CATALOG_SIGNATURE (uint8_t[]) { 'R', 'H', 'H', 'H', 'K', 'S', 'L', 'P' }
-
-typedef struct CatalogHeader {
-        uint8_t signature[8];  /* "RHHHKSLP" */
-        le32_t compatible_flags;
-        le32_t incompatible_flags;
-        le64_t header_size;
-        le64_t n_items;
-        le64_t catalog_item_size;
-} CatalogHeader;
-
-typedef struct CatalogItem {
-        sd_id128_t id;
-        char language[32];
-        le64_t offset;
-} CatalogItem;
-
-static void catalog_hash_func(const void *p, struct siphash *state) {
-        const CatalogItem *i = p;
-
-        siphash24_compress(&i->id, sizeof(i->id), state);
-        siphash24_compress(i->language, strlen(i->language), state);
-}
-
-static int catalog_compare_func(const void *a, const void *b) {
-        const CatalogItem *i = a, *j = b;
-        unsigned k;
-
-        for (k = 0; k < ELEMENTSOF(j->id.bytes); k++) {
-                 if (i->id.bytes[k] < j->id.bytes[k])
-                        return -1;
-                 if (i->id.bytes[k] > j->id.bytes[k])
-                        return 1;
-        }
-
-        return strcmp(i->language, j->language);
-}
-
-const struct hash_ops catalog_hash_ops = {
-        .hash = catalog_hash_func,
-        .compare = catalog_compare_func
-};
-
-static bool next_header(const char **s) {
-        const char *e;
-
-        e = strchr(*s, '\n');
-
-        /* Unexpected end */
-        if (!e)
-                return false;
-
-        /* End of headers */
-        if (e == *s)
-                return false;
-
-        *s = e + 1;
-        return true;
-}
-
-static const char *skip_header(const char *s) {
-        while (next_header(&s))
-                ;
-        return s;
-}
-
-static char *combine_entries(const char *one, const char *two) {
-        const char *b1, *b2;
-        size_t l1, l2, n;
-        char *dest, *p;
-
-        /* Find split point of headers to body */
-        b1 = skip_header(one);
-        b2 = skip_header(two);
-
-        l1 = strlen(one);
-        l2 = strlen(two);
-        dest = new(char, l1 + l2 + 1);
-        if (!dest) {
-                log_oom();
-                return NULL;
-        }
-
-        p = dest;
-
-        /* Headers from @one */
-        n = b1 - one;
-        p = mempcpy(p, one, n);
-
-        /* Headers from @two, these will only be found if not present above */
-        n = b2 - two;
-        p = mempcpy(p, two, n);
-
-        /* Body from @one */
-        n = l1 - (b1 - one);
-        if (n > 0) {
-                memcpy(p, b1, n);
-                p += n;
-
-        /* Body from @two */
-        } else {
-                n = l2 - (b2 - two);
-                memcpy(p, b2, n);
-                p += n;
-        }
-
-        assert(p - dest <= (ptrdiff_t)(l1 + l2));
-        p[0] = '\0';
-        return dest;
-}
-
-static int finish_item(
-                Hashmap *h,
-                sd_id128_t id,
-                const char *language,
-                char *payload, size_t payload_size) {
-
-        _cleanup_free_ CatalogItem *i = NULL;
-        _cleanup_free_ char *prev = NULL, *combined = NULL;
-
-        assert(h);
-        assert(payload);
-        assert(payload_size > 0);
-
-        i = new0(CatalogItem, 1);
-        if (!i)
-                return log_oom();
-
-        i->id = id;
-        if (language) {
-                assert(strlen(language) > 1 && strlen(language) < 32);
-                strcpy(i->language, language);
-        }
-
-        prev = hashmap_get(h, i);
-        if (prev) {
-                /* Already have such an item, combine them */
-                combined = combine_entries(payload, prev);
-                if (!combined)
-                        return log_oom();
-
-                if (hashmap_update(h, i, combined) < 0)
-                        return log_oom();
-                combined = NULL;
-        } else {
-                /* A new item */
-                combined = memdup(payload, payload_size + 1);
-                if (!combined)
-                        return log_oom();
-
-                if (hashmap_put(h, i, combined) < 0)
-                        return log_oom();
-                i = NULL;
-                combined = NULL;
-        }
-
-        return 0;
-}
-
-int catalog_file_lang(const char* filename, char **lang) {
-        char *beg, *end, *_lang;
-
-        end = endswith(filename, ".catalog");
-        if (!end)
-                return 0;
-
-        beg = end - 1;
-        while (beg > filename && *beg != '.' && *beg != '/' && end - beg < 32)
-                beg--;
-
-        if (*beg != '.' || end <= beg + 1)
-                return 0;
-
-        _lang = strndup(beg + 1, end - beg - 1);
-        if (!_lang)
-                return -ENOMEM;
-
-        *lang = _lang;
-        return 1;
-}
-
-static int catalog_entry_lang(const char* filename, int line,
-                              const char* t, const char* deflang, char **lang) {
-        size_t c;
-
-        c = strlen(t);
-        if (c == 0) {
-                log_error("[%s:%u] Language too short.", filename, line);
-                return -EINVAL;
-        }
-        if (c > 31) {
-                log_error("[%s:%u] language too long.", filename, line);
-                return -EINVAL;
-        }
-
-        if (deflang) {
-                if (streq(t, deflang)) {
-                        log_warning("[%s:%u] language specified unnecessarily",
-                                    filename, line);
-                        return 0;
-                } else
-                        log_warning("[%s:%u] language differs from default for file",
-                                    filename, line);
-        }
-
-        *lang = strdup(t);
-        if (!*lang)
-                        return -ENOMEM;
-
-        return 0;
-}
-
-int catalog_import_file(Hashmap *h, const char *path) {
-        _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_free_ char *payload = NULL;
-        size_t payload_size = 0, payload_allocated = 0;
-        unsigned n = 0;
-        sd_id128_t id;
-        _cleanup_free_ char *deflang = NULL, *lang = NULL;
-        bool got_id = false, empty_line = true;
-        int r;
-
-        assert(h);
-        assert(path);
-
-        f = fopen(path, "re");
-        if (!f)
-                return log_error_errno(errno, "Failed to open file %s: %m", path);
-
-        r = catalog_file_lang(path, &deflang);
-        if (r < 0)
-                log_error_errno(r, "Failed to determine language for file %s: %m", path);
-        if (r == 1)
-                log_debug("File %s has language %s.", path, deflang);
-
-        for (;;) {
-                char line[LINE_MAX];
-                size_t line_len;
-
-                if (!fgets(line, sizeof(line), f)) {
-                        if (feof(f))
-                                break;
-
-                        return log_error_errno(errno, "Failed to read file %s: %m", path);
-                }
-
-                n++;
-
-                truncate_nl(line);
-
-                if (line[0] == 0) {
-                        empty_line = true;
-                        continue;
-                }
-
-                if (strchr(COMMENTS "\n", line[0]))
-                        continue;
-
-                if (empty_line &&
-                    strlen(line) >= 2+1+32 &&
-                    line[0] == '-' &&
-                    line[1] == '-' &&
-                    line[2] == ' ' &&
-                    (line[2+1+32] == ' ' || line[2+1+32] == '\0')) {
-
-                        bool with_language;
-                        sd_id128_t jd;
-
-                        /* New entry */
-
-                        with_language = line[2+1+32] != '\0';
-                        line[2+1+32] = '\0';
-
-                        if (sd_id128_from_string(line + 2 + 1, &jd) >= 0) {
-
-                                if (got_id) {
-                                        if (payload_size == 0) {
-                                                log_error("[%s:%u] No payload text.", path, n);
-                                                return -EINVAL;
-                                        }
-
-                                        r = finish_item(h, id, lang ?: deflang, payload, payload_size);
-                                        if (r < 0)
-                                                return r;
-
-                                        lang = mfree(lang);
-                                        payload_size = 0;
-                                }
-
-                                if (with_language) {
-                                        char *t;
-
-                                        t = strstrip(line + 2 + 1 + 32 + 1);
-                                        r = catalog_entry_lang(path, n, t, deflang, &lang);
-                                        if (r < 0)
-                                                return r;
-                                }
-
-                                got_id = true;
-                                empty_line = false;
-                                id = jd;
-
-                                continue;
-                        }
-                }
-
-                /* Payload */
-                if (!got_id) {
-                        log_error("[%s:%u] Got payload before ID.", path, n);
-                        return -EINVAL;
-                }
-
-                line_len = strlen(line);
-                if (!GREEDY_REALLOC(payload, payload_allocated,
-                                    payload_size + (empty_line ? 1 : 0) + line_len + 1 + 1))
-                        return log_oom();
-
-                if (empty_line)
-                        payload[payload_size++] = '\n';
-                memcpy(payload + payload_size, line, line_len);
-                payload_size += line_len;
-                payload[payload_size++] = '\n';
-                payload[payload_size] = '\0';
-
-                empty_line = false;
-        }
-
-        if (got_id) {
-                if (payload_size == 0) {
-                        log_error("[%s:%u] No payload text.", path, n);
-                        return -EINVAL;
-                }
-
-                r = finish_item(h, id, lang ?: deflang, payload, payload_size);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int64_t write_catalog(const char *database, struct strbuf *sb,
-                             CatalogItem *items, size_t n) {
-        CatalogHeader header;
-        _cleanup_fclose_ FILE *w = NULL;
-        int r;
-        _cleanup_free_ char *d, *p = NULL;
-        size_t k;
-
-        d = dirname_malloc(database);
-        if (!d)
-                return log_oom();
-
-        r = mkdir_p(d, 0775);
-        if (r < 0)
-                return log_error_errno(r, "Recursive mkdir %s: %m", d);
-
-        r = fopen_temporary(database, &w, &p);
-        if (r < 0)
-                return log_error_errno(r, "Failed to open database for writing: %s: %m",
-                                       database);
-
-        zero(header);
-        memcpy(header.signature, CATALOG_SIGNATURE, sizeof(header.signature));
-        header.header_size = htole64(ALIGN_TO(sizeof(CatalogHeader), 8));
-        header.catalog_item_size = htole64(sizeof(CatalogItem));
-        header.n_items = htole64(n);
-
-        r = -EIO;
-
-        k = fwrite(&header, 1, sizeof(header), w);
-        if (k != sizeof(header)) {
-                log_error("%s: failed to write header.", p);
-                goto error;
-        }
-
-        k = fwrite(items, 1, n * sizeof(CatalogItem), w);
-        if (k != n * sizeof(CatalogItem)) {
-                log_error("%s: failed to write database.", p);
-                goto error;
-        }
-
-        k = fwrite(sb->buf, 1, sb->len, w);
-        if (k != sb->len) {
-                log_error("%s: failed to write strings.", p);
-                goto error;
-        }
-
-        r = fflush_and_check(w);
-        if (r < 0) {
-                log_error_errno(r, "%s: failed to write database: %m", p);
-                goto error;
-        }
-
-        fchmod(fileno(w), 0644);
-
-        if (rename(p, database) < 0) {
-                r = log_error_errno(errno, "rename (%s -> %s) failed: %m", p, database);
-                goto error;
-        }
-
-        return ftello(w);
-
-error:
-        (void) unlink(p);
-        return r;
-}
-
-int catalog_update(const char* database, const char* root, const char* const* dirs) {
-        _cleanup_strv_free_ char **files = NULL;
-        char **f;
-        struct strbuf *sb = NULL;
-        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
-        _cleanup_free_ CatalogItem *items = NULL;
-        ssize_t offset;
-        char *payload;
-        CatalogItem *i;
-        Iterator j;
-        unsigned n;
-        int r;
-        int64_t sz;
-
-        h = hashmap_new(&catalog_hash_ops);
-        sb = strbuf_new();
-
-        if (!h || !sb) {
-                r = log_oom();
-                goto finish;
-        }
-
-        r = conf_files_list_strv(&files, ".catalog", root, dirs);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get catalog files: %m");
-                goto finish;
-        }
-
-        STRV_FOREACH(f, files) {
-                log_debug("Reading file '%s'", *f);
-                r = catalog_import_file(h, *f);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to import file '%s': %m", *f);
-                        goto finish;
-                }
-        }
-
-        if (hashmap_size(h) <= 0) {
-                log_info("No items in catalog.");
-                goto finish;
-        } else
-                log_debug("Found %u items in catalog.", hashmap_size(h));
-
-        items = new(CatalogItem, hashmap_size(h));
-        if (!items) {
-                r = log_oom();
-                goto finish;
-        }
-
-        n = 0;
-        HASHMAP_FOREACH_KEY(payload, i, h, j) {
-                log_debug("Found " SD_ID128_FORMAT_STR ", language %s",
-                          SD_ID128_FORMAT_VAL(i->id),
-                          isempty(i->language) ? "C" : i->language);
-
-                offset = strbuf_add_string(sb, payload, strlen(payload));
-                if (offset < 0) {
-                        r = log_oom();
-                        goto finish;
-                }
-                i->offset = htole64((uint64_t) offset);
-                items[n++] = *i;
-        }
-
-        assert(n == hashmap_size(h));
-        qsort_safe(items, n, sizeof(CatalogItem), catalog_compare_func);
-
-        strbuf_complete(sb);
-
-        sz = write_catalog(database, sb, items, n);
-        if (sz < 0)
-                r = log_error_errno(sz, "Failed to write %s: %m", database);
-        else {
-                r = 0;
-                log_debug("%s: wrote %u items, with %zu bytes of strings, %"PRIi64" total size.",
-                          database, n, sb->len, sz);
-        }
-
-finish:
-        strbuf_cleanup(sb);
-
-        return r;
-}
-
-static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p) {
-        const CatalogHeader *h;
-        int fd;
-        void *p;
-        struct stat st;
-
-        assert(_fd);
-        assert(_st);
-        assert(_p);
-
-        fd = open(database, O_RDONLY|O_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        if (fstat(fd, &st) < 0) {
-                safe_close(fd);
-                return -errno;
-        }
-
-        if (st.st_size < (off_t) sizeof(CatalogHeader)) {
-                safe_close(fd);
-                return -EINVAL;
-        }
-
-        p = mmap(NULL, PAGE_ALIGN(st.st_size), PROT_READ, MAP_SHARED, fd, 0);
-        if (p == MAP_FAILED) {
-                safe_close(fd);
-                return -errno;
-        }
-
-        h = p;
-        if (memcmp(h->signature, CATALOG_SIGNATURE, sizeof(h->signature)) != 0 ||
-            le64toh(h->header_size) < sizeof(CatalogHeader) ||
-            le64toh(h->catalog_item_size) < sizeof(CatalogItem) ||
-            h->incompatible_flags != 0 ||
-            le64toh(h->n_items) <= 0 ||
-            st.st_size < (off_t) (le64toh(h->header_size) + le64toh(h->catalog_item_size) * le64toh(h->n_items))) {
-                safe_close(fd);
-                munmap(p, st.st_size);
-                return -EBADMSG;
-        }
-
-        *_fd = fd;
-        *_st = st;
-        *_p = p;
-
-        return 0;
-}
-
-static const char *find_id(void *p, sd_id128_t id) {
-        CatalogItem key, *f = NULL;
-        const CatalogHeader *h = p;
-        const char *loc;
-
-        zero(key);
-        key.id = id;
-
-        loc = setlocale(LC_MESSAGES, NULL);
-        if (loc && loc[0] && !streq(loc, "C") && !streq(loc, "POSIX")) {
-                strncpy(key.language, loc, sizeof(key.language));
-                key.language[strcspn(key.language, ".@")] = 0;
-
-                f = bsearch(&key, (const uint8_t*) p + le64toh(h->header_size), le64toh(h->n_items), le64toh(h->catalog_item_size), catalog_compare_func);
-                if (!f) {
-                        char *e;
-
-                        e = strchr(key.language, '_');
-                        if (e) {
-                                *e = 0;
-                                f = bsearch(&key, (const uint8_t*) p + le64toh(h->header_size), le64toh(h->n_items), le64toh(h->catalog_item_size), catalog_compare_func);
-                        }
-                }
-        }
-
-        if (!f) {
-                zero(key.language);
-                f = bsearch(&key, (const uint8_t*) p + le64toh(h->header_size), le64toh(h->n_items), le64toh(h->catalog_item_size), catalog_compare_func);
-        }
-
-        if (!f)
-                return NULL;
-
-        return (const char*) p +
-                le64toh(h->header_size) +
-                le64toh(h->n_items) * le64toh(h->catalog_item_size) +
-                le64toh(f->offset);
-}
-
-int catalog_get(const char* database, sd_id128_t id, char **_text) {
-        _cleanup_close_ int fd = -1;
-        void *p = NULL;
-        struct stat st = {};
-        char *text = NULL;
-        int r;
-        const char *s;
-
-        assert(_text);
-
-        r = open_mmap(database, &fd, &st, &p);
-        if (r < 0)
-                return r;
-
-        s = find_id(p, id);
-        if (!s) {
-                r = -ENOENT;
-                goto finish;
-        }
-
-        text = strdup(s);
-        if (!text) {
-                r = -ENOMEM;
-                goto finish;
-        }
-
-        *_text = text;
-        r = 0;
-
-finish:
-        if (p)
-                munmap(p, st.st_size);
-
-        return r;
-}
-
-static char *find_header(const char *s, const char *header) {
-
-        for (;;) {
-                const char *v;
-
-                v = startswith(s, header);
-                if (v) {
-                        v += strspn(v, WHITESPACE);
-                        return strndup(v, strcspn(v, NEWLINE));
-                }
-
-                if (!next_header(&s))
-                        return NULL;
-        }
-}
-
-static void dump_catalog_entry(FILE *f, sd_id128_t id, const char *s, bool oneline) {
-        if (oneline) {
-                _cleanup_free_ char *subject = NULL, *defined_by = NULL;
-
-                subject = find_header(s, "Subject:");
-                defined_by = find_header(s, "Defined-By:");
-
-                fprintf(f, SD_ID128_FORMAT_STR " %s: %s\n",
-                        SD_ID128_FORMAT_VAL(id),
-                        strna(defined_by), strna(subject));
-        } else
-                fprintf(f, "-- " SD_ID128_FORMAT_STR "\n%s\n",
-                        SD_ID128_FORMAT_VAL(id), s);
-}
-
-
-int catalog_list(FILE *f, const char *database, bool oneline) {
-        _cleanup_close_ int fd = -1;
-        void *p = NULL;
-        struct stat st;
-        const CatalogHeader *h;
-        const CatalogItem *items;
-        int r;
-        unsigned n;
-        sd_id128_t last_id;
-        bool last_id_set = false;
-
-        r = open_mmap(database, &fd, &st, &p);
-        if (r < 0)
-                return r;
-
-        h = p;
-        items = (const CatalogItem*) ((const uint8_t*) p + le64toh(h->header_size));
-
-        for (n = 0; n < le64toh(h->n_items); n++) {
-                const char *s;
-
-                if (last_id_set && sd_id128_equal(last_id, items[n].id))
-                        continue;
-
-                assert_se(s = find_id(p, items[n].id));
-
-                dump_catalog_entry(f, items[n].id, s, oneline);
-
-                last_id_set = true;
-                last_id = items[n].id;
-        }
-
-        munmap(p, st.st_size);
-
-        return 0;
-}
-
-int catalog_list_items(FILE *f, const char *database, bool oneline, char **items) {
-        char **item;
-        int r = 0;
-
-        STRV_FOREACH(item, items) {
-                sd_id128_t id;
-                int k;
-                _cleanup_free_ char *msg = NULL;
-
-                k = sd_id128_from_string(*item, &id);
-                if (k < 0) {
-                        log_error_errno(k, "Failed to parse id128 '%s': %m", *item);
-                        if (r == 0)
-                                r = k;
-                        continue;
-                }
-
-                k = catalog_get(database, id, &msg);
-                if (k < 0) {
-                        log_full_errno(k == -ENOENT ? LOG_NOTICE : LOG_ERR, k,
-                                       "Failed to retrieve catalog entry for '%s': %m", *item);
-                        if (r == 0)
-                                r = k;
-                        continue;
-                }
-
-                dump_catalog_entry(f, id, msg, oneline);
-        }
-
-        return r;
-}
diff --git a/src/journal/catalog.h b/src/journal/catalog.h
deleted file mode 100644
index 1b1014b335..0000000000
--- a/src/journal/catalog.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-id128.h"
-
-#include "hashmap.h"
-#include "strbuf.h"
-
-int catalog_import_file(Hashmap *h, const char *path);
-int catalog_update(const char* database, const char* root, const char* const* dirs);
-int catalog_get(const char* database, sd_id128_t id, char **data);
-int catalog_list(FILE *f, const char* database, bool oneline);
-int catalog_list_items(FILE *f, const char* database, bool oneline, char **items);
-int catalog_file_lang(const char *filename, char **lang);
-extern const char * const catalog_file_dirs[];
-extern const struct hash_ops catalog_hash_ops;
diff --git a/src/journal/journal-def.h b/src/journal/journal-def.h
deleted file mode 100644
index 67edb43960..0000000000
--- a/src/journal/journal-def.h
+++ /dev/null
@@ -1,237 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-id128.h"
-
-#include "macro.h"
-#include "sparse-endian.h"
-
-/*
- * If you change this file you probably should also change its documentation:
- *
- * http://www.freedesktop.org/wiki/Software/systemd/journal-files
- *
- */
-
-typedef struct Header Header;
-
-typedef struct ObjectHeader ObjectHeader;
-typedef union Object Object;
-
-typedef struct DataObject DataObject;
-typedef struct FieldObject FieldObject;
-typedef struct EntryObject EntryObject;
-typedef struct HashTableObject HashTableObject;
-typedef struct EntryArrayObject EntryArrayObject;
-typedef struct TagObject TagObject;
-
-typedef struct EntryItem EntryItem;
-typedef struct HashItem HashItem;
-
-typedef struct FSSHeader FSSHeader;
-
-/* Object types */
-typedef enum ObjectType {
-        OBJECT_UNUSED, /* also serves as "any type" or "additional context" */
-        OBJECT_DATA,
-        OBJECT_FIELD,
-        OBJECT_ENTRY,
-        OBJECT_DATA_HASH_TABLE,
-        OBJECT_FIELD_HASH_TABLE,
-        OBJECT_ENTRY_ARRAY,
-        OBJECT_TAG,
-        _OBJECT_TYPE_MAX
-} ObjectType;
-
-/* Object flags */
-enum {
-        OBJECT_COMPRESSED_XZ = 1 << 0,
-        OBJECT_COMPRESSED_LZ4 = 1 << 1,
-        _OBJECT_COMPRESSED_MAX
-};
-
-#define OBJECT_COMPRESSION_MASK (OBJECT_COMPRESSED_XZ | OBJECT_COMPRESSED_LZ4)
-
-struct ObjectHeader {
-        uint8_t type;
-        uint8_t flags;
-        uint8_t reserved[6];
-        le64_t size;
-        uint8_t payload[];
-} _packed_;
-
-struct DataObject {
-        ObjectHeader object;
-        le64_t hash;
-        le64_t next_hash_offset;
-        le64_t next_field_offset;
-        le64_t entry_offset; /* the first array entry we store inline */
-        le64_t entry_array_offset;
-        le64_t n_entries;
-        uint8_t payload[];
-} _packed_;
-
-struct FieldObject {
-        ObjectHeader object;
-        le64_t hash;
-        le64_t next_hash_offset;
-        le64_t head_data_offset;
-        uint8_t payload[];
-} _packed_;
-
-struct EntryItem {
-        le64_t object_offset;
-        le64_t hash;
-} _packed_;
-
-struct EntryObject {
-        ObjectHeader object;
-        le64_t seqnum;
-        le64_t realtime;
-        le64_t monotonic;
-        sd_id128_t boot_id;
-        le64_t xor_hash;
-        EntryItem items[];
-} _packed_;
-
-struct HashItem {
-        le64_t head_hash_offset;
-        le64_t tail_hash_offset;
-} _packed_;
-
-struct HashTableObject {
-        ObjectHeader object;
-        HashItem items[];
-} _packed_;
-
-struct EntryArrayObject {
-        ObjectHeader object;
-        le64_t next_entry_array_offset;
-        le64_t items[];
-} _packed_;
-
-#define TAG_LENGTH (256/8)
-
-struct TagObject {
-        ObjectHeader object;
-        le64_t seqnum;
-        le64_t epoch;
-        uint8_t tag[TAG_LENGTH]; /* SHA-256 HMAC */
-} _packed_;
-
-union Object {
-        ObjectHeader object;
-        DataObject data;
-        FieldObject field;
-        EntryObject entry;
-        HashTableObject hash_table;
-        EntryArrayObject entry_array;
-        TagObject tag;
-};
-
-enum {
-        STATE_OFFLINE = 0,
-        STATE_ONLINE = 1,
-        STATE_ARCHIVED = 2,
-        _STATE_MAX
-};
-
-/* Header flags */
-enum {
-        HEADER_INCOMPATIBLE_COMPRESSED_XZ = 1 << 0,
-        HEADER_INCOMPATIBLE_COMPRESSED_LZ4 = 1 << 1,
-};
-
-#define HEADER_INCOMPATIBLE_ANY (HEADER_INCOMPATIBLE_COMPRESSED_XZ|HEADER_INCOMPATIBLE_COMPRESSED_LZ4)
-
-#if defined(HAVE_XZ) && defined(HAVE_LZ4)
-#  define HEADER_INCOMPATIBLE_SUPPORTED HEADER_INCOMPATIBLE_ANY
-#elif defined(HAVE_XZ)
-#  define HEADER_INCOMPATIBLE_SUPPORTED HEADER_INCOMPATIBLE_COMPRESSED_XZ
-#elif defined(HAVE_LZ4)
-#  define HEADER_INCOMPATIBLE_SUPPORTED HEADER_INCOMPATIBLE_COMPRESSED_LZ4
-#else
-#  define HEADER_INCOMPATIBLE_SUPPORTED 0
-#endif
-
-enum {
-        HEADER_COMPATIBLE_SEALED = 1
-};
-
-#define HEADER_COMPATIBLE_ANY HEADER_COMPATIBLE_SEALED
-#ifdef HAVE_GCRYPT
-#  define HEADER_COMPATIBLE_SUPPORTED HEADER_COMPATIBLE_SEALED
-#else
-#  define HEADER_COMPATIBLE_SUPPORTED 0
-#endif
-
-#define HEADER_SIGNATURE ((char[]) { 'L', 'P', 'K', 'S', 'H', 'H', 'R', 'H' })
-
-struct Header {
-        uint8_t signature[8]; /* "LPKSHHRH" */
-        le32_t compatible_flags;
-        le32_t incompatible_flags;
-        uint8_t state;
-        uint8_t reserved[7];
-        sd_id128_t file_id;
-        sd_id128_t machine_id;
-        sd_id128_t boot_id;    /* last writer */
-        sd_id128_t seqnum_id;
-        le64_t header_size;
-        le64_t arena_size;
-        le64_t data_hash_table_offset;
-        le64_t data_hash_table_size;
-        le64_t field_hash_table_offset;
-        le64_t field_hash_table_size;
-        le64_t tail_object_offset;
-        le64_t n_objects;
-        le64_t n_entries;
-        le64_t tail_entry_seqnum;
-        le64_t head_entry_seqnum;
-        le64_t entry_array_offset;
-        le64_t head_entry_realtime;
-        le64_t tail_entry_realtime;
-        le64_t tail_entry_monotonic;
-        /* Added in 187 */
-        le64_t n_data;
-        le64_t n_fields;
-        /* Added in 189 */
-        le64_t n_tags;
-        le64_t n_entry_arrays;
-
-        /* Size: 240 */
-} _packed_;
-
-#define FSS_HEADER_SIGNATURE ((char[]) { 'K', 'S', 'H', 'H', 'R', 'H', 'L', 'P' })
-
-struct FSSHeader {
-        uint8_t signature[8]; /* "KSHHRHLP" */
-        le32_t compatible_flags;
-        le32_t incompatible_flags;
-        sd_id128_t machine_id;
-        sd_id128_t boot_id;    /* last writer */
-        le64_t header_size;
-        le64_t start_usec;
-        le64_t interval_usec;
-        le16_t fsprg_secpar;
-        le16_t reserved[3];
-        le64_t fsprg_state_size;
-} _packed_;
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
deleted file mode 100644
index 7504326bff..0000000000
--- a/src/journal/journal-file.c
+++ /dev/null
@@ -1,3616 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/fs.h>
-#include <pthread.h>
-#include <stddef.h>
-#include <sys/mman.h>
-#include <sys/statvfs.h>
-#include <sys/uio.h>
-#include <unistd.h>
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "chattr-util.h"
-#include "compress.h"
-#include "fd-util.h"
-#include "journal-authenticate.h"
-#include "journal-def.h"
-#include "journal-file.h"
-#include "lookup3.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "random-util.h"
-#include "sd-event.h"
-#include "set.h"
-#include "string-util.h"
-#include "xattr-util.h"
-
-#define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem))
-#define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem))
-
-#define COMPRESSION_SIZE_THRESHOLD (512ULL)
-
-/* This is the minimum journal file size */
-#define JOURNAL_FILE_SIZE_MIN (512ULL*1024ULL)                 /* 512 KiB */
-
-/* These are the lower and upper bounds if we deduce the max_use value
- * from the file system size */
-#define DEFAULT_MAX_USE_LOWER (1ULL*1024ULL*1024ULL)           /* 1 MiB */
-#define DEFAULT_MAX_USE_UPPER (4ULL*1024ULL*1024ULL*1024ULL)   /* 4 GiB */
-
-/* This is the default minimal use limit, how much we'll use even if keep_free suggests otherwise. */
-#define DEFAULT_MIN_USE (1ULL*1024ULL*1024ULL)                 /* 1 MiB */
-
-/* This is the upper bound if we deduce max_size from max_use */
-#define DEFAULT_MAX_SIZE_UPPER (128ULL*1024ULL*1024ULL)        /* 128 MiB */
-
-/* This is the upper bound if we deduce the keep_free value from the
- * file system size */
-#define DEFAULT_KEEP_FREE_UPPER (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */
-
-/* This is the keep_free value when we can't determine the system
- * size */
-#define DEFAULT_KEEP_FREE (1024ULL*1024ULL)                    /* 1 MB */
-
-/* This is the default maximum number of journal files to keep around. */
-#define DEFAULT_N_MAX_FILES (100)
-
-/* n_data was the first entry we added after the initial file format design */
-#define HEADER_SIZE_MIN ALIGN64(offsetof(Header, n_data))
-
-/* How many entries to keep in the entry array chain cache at max */
-#define CHAIN_CACHE_MAX 20
-
-/* How much to increase the journal file size at once each time we allocate something new. */
-#define FILE_SIZE_INCREASE (8ULL*1024ULL*1024ULL)              /* 8MB */
-
-/* Reread fstat() of the file for detecting deletions at least this often */
-#define LAST_STAT_REFRESH_USEC (5*USEC_PER_SEC)
-
-/* The mmap context to use for the header we pick as one above the last defined typed */
-#define CONTEXT_HEADER _OBJECT_TYPE_MAX
-
-/* This may be called from a separate thread to prevent blocking the caller for the duration of fsync().
- * As a result we use atomic operations on f->offline_state for inter-thread communications with
- * journal_file_set_offline() and journal_file_set_online(). */
-static void journal_file_set_offline_internal(JournalFile *f) {
-        assert(f);
-        assert(f->fd >= 0);
-        assert(f->header);
-
-        for (;;) {
-                switch (f->offline_state) {
-                case OFFLINE_CANCEL:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_CANCEL, OFFLINE_DONE))
-                                continue;
-                        return;
-
-                case OFFLINE_AGAIN_FROM_SYNCING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_SYNCING, OFFLINE_SYNCING))
-                                continue;
-                        break;
-
-                case OFFLINE_AGAIN_FROM_OFFLINING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_OFFLINING, OFFLINE_SYNCING))
-                                continue;
-                        break;
-
-                case OFFLINE_SYNCING:
-                        (void) fsync(f->fd);
-
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_SYNCING, OFFLINE_OFFLINING))
-                                continue;
-
-                        f->header->state = f->archive ? STATE_ARCHIVED : STATE_OFFLINE;
-                        (void) fsync(f->fd);
-                        break;
-
-                case OFFLINE_OFFLINING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_OFFLINING, OFFLINE_DONE))
-                                continue;
-                        /* fall through */
-
-                case OFFLINE_DONE:
-                        return;
-
-                case OFFLINE_JOINED:
-                        log_debug("OFFLINE_JOINED unexpected offline state for journal_file_set_offline_internal()");
-                        return;
-                }
-        }
-}
-
-static void * journal_file_set_offline_thread(void *arg) {
-        JournalFile *f = arg;
-
-        journal_file_set_offline_internal(f);
-
-        return NULL;
-}
-
-static int journal_file_set_offline_thread_join(JournalFile *f) {
-        int r;
-
-        assert(f);
-
-        if (f->offline_state == OFFLINE_JOINED)
-                return 0;
-
-        r = pthread_join(f->offline_thread, NULL);
-        if (r)
-                return -r;
-
-        f->offline_state = OFFLINE_JOINED;
-
-        if (mmap_cache_got_sigbus(f->mmap, f->fd))
-                return -EIO;
-
-        return 0;
-}
-
-/* Trigger a restart if the offline thread is mid-flight in a restartable state. */
-static bool journal_file_set_offline_try_restart(JournalFile *f) {
-        for (;;) {
-                switch (f->offline_state) {
-                case OFFLINE_AGAIN_FROM_SYNCING:
-                case OFFLINE_AGAIN_FROM_OFFLINING:
-                        return true;
-
-                case OFFLINE_CANCEL:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_CANCEL, OFFLINE_AGAIN_FROM_SYNCING))
-                                continue;
-                        return true;
-
-                case OFFLINE_SYNCING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_SYNCING, OFFLINE_AGAIN_FROM_SYNCING))
-                                continue;
-                        return true;
-
-                case OFFLINE_OFFLINING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_OFFLINING, OFFLINE_AGAIN_FROM_OFFLINING))
-                                continue;
-                        return true;
-
-                default:
-                        return false;
-                }
-        }
-}
-
-/* Sets a journal offline.
- *
- * If wait is false then an offline is dispatched in a separate thread for a
- * subsequent journal_file_set_offline() or journal_file_set_online() of the
- * same journal to synchronize with.
- *
- * If wait is true, then either an existing offline thread will be restarted
- * and joined, or if none exists the offline is simply performed in this
- * context without involving another thread.
- */
-int journal_file_set_offline(JournalFile *f, bool wait) {
-        bool restarted;
-        int r;
-
-        assert(f);
-
-        if (!f->writable)
-                return -EPERM;
-
-        if (!(f->fd >= 0 && f->header))
-                return -EINVAL;
-
-        /* An offlining journal is implicitly online and may modify f->header->state,
-         * we must also join any potentially lingering offline thread when not online. */
-        if (!journal_file_is_offlining(f) && f->header->state != STATE_ONLINE)
-                return journal_file_set_offline_thread_join(f);
-
-        /* Restart an in-flight offline thread and wait if needed, or join a lingering done one. */
-        restarted = journal_file_set_offline_try_restart(f);
-        if ((restarted && wait) || !restarted) {
-                r = journal_file_set_offline_thread_join(f);
-                if (r < 0)
-                        return r;
-        }
-
-        if (restarted)
-                return 0;
-
-        /* Initiate a new offline. */
-        f->offline_state = OFFLINE_SYNCING;
-
-        if (wait) /* Without using a thread if waiting. */
-                journal_file_set_offline_internal(f);
-        else {
-                r = pthread_create(&f->offline_thread, NULL, journal_file_set_offline_thread, f);
-                if (r > 0) {
-                        f->offline_state = OFFLINE_JOINED;
-                        return -r;
-                }
-        }
-
-        return 0;
-}
-
-static int journal_file_set_online(JournalFile *f) {
-        bool joined = false;
-
-        assert(f);
-
-        if (!f->writable)
-                return -EPERM;
-
-        if (!(f->fd >= 0 && f->header))
-                return -EINVAL;
-
-        while (!joined) {
-                switch (f->offline_state) {
-                case OFFLINE_JOINED:
-                        /* No offline thread, no need to wait. */
-                        joined = true;
-                        break;
-
-                case OFFLINE_SYNCING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_SYNCING, OFFLINE_CANCEL))
-                                continue;
-                        /* Canceled syncing prior to offlining, no need to wait. */
-                        break;
-
-                case OFFLINE_AGAIN_FROM_SYNCING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_SYNCING, OFFLINE_CANCEL))
-                                continue;
-                        /* Canceled restart from syncing, no need to wait. */
-                        break;
-
-                case OFFLINE_AGAIN_FROM_OFFLINING:
-                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_OFFLINING, OFFLINE_CANCEL))
-                                continue;
-                        /* Canceled restart from offlining, must wait for offlining to complete however. */
-
-                        /* fall through to wait */
-                default: {
-                        int r;
-
-                        r = journal_file_set_offline_thread_join(f);
-                        if (r < 0)
-                                return r;
-
-                        joined = true;
-                        break;
-                }
-                }
-        }
-
-        if (mmap_cache_got_sigbus(f->mmap, f->fd))
-                return -EIO;
-
-        switch (f->header->state) {
-                case STATE_ONLINE:
-                        return 0;
-
-                case STATE_OFFLINE:
-                        f->header->state = STATE_ONLINE;
-                        (void) fsync(f->fd);
-                        return 0;
-
-                default:
-                        return -EINVAL;
-        }
-}
-
-bool journal_file_is_offlining(JournalFile *f) {
-        assert(f);
-
-        __sync_synchronize();
-
-        if (f->offline_state == OFFLINE_DONE ||
-            f->offline_state == OFFLINE_JOINED)
-                return false;
-
-        return true;
-}
-
-JournalFile* journal_file_close(JournalFile *f) {
-        assert(f);
-
-#ifdef HAVE_GCRYPT
-        /* Write the final tag */
-        if (f->seal && f->writable)
-                journal_file_append_tag(f);
-#endif
-
-        if (f->post_change_timer) {
-                int enabled;
-
-                if (sd_event_source_get_enabled(f->post_change_timer, &enabled) >= 0)
-                        if (enabled == SD_EVENT_ONESHOT)
-                                journal_file_post_change(f);
-
-                (void) sd_event_source_set_enabled(f->post_change_timer, SD_EVENT_OFF);
-                sd_event_source_unref(f->post_change_timer);
-        }
-
-        journal_file_set_offline(f, true);
-
-        if (f->mmap && f->fd >= 0)
-                mmap_cache_close_fd(f->mmap, f->fd);
-
-        if (f->fd >= 0 && f->defrag_on_close) {
-
-                /* Be friendly to btrfs: turn COW back on again now,
-                 * and defragment the file. We won't write to the file
-                 * ever again, hence remove all fragmentation, and
-                 * reenable all the good bits COW usually provides
-                 * (such as data checksumming). */
-
-                (void) chattr_fd(f->fd, 0, FS_NOCOW_FL);
-                (void) btrfs_defrag_fd(f->fd);
-        }
-
-        if (f->close_fd)
-                safe_close(f->fd);
-        free(f->path);
-
-        mmap_cache_unref(f->mmap);
-
-        ordered_hashmap_free_free(f->chain_cache);
-
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-        free(f->compress_buffer);
-#endif
-
-#ifdef HAVE_GCRYPT
-        if (f->fss_file)
-                munmap(f->fss_file, PAGE_ALIGN(f->fss_file_size));
-        else
-                free(f->fsprg_state);
-
-        free(f->fsprg_seed);
-
-        if (f->hmac)
-                gcry_md_close(f->hmac);
-#endif
-
-        free(f);
-        return NULL;
-}
-
-void journal_file_close_set(Set *s) {
-        JournalFile *f;
-
-        assert(s);
-
-        while ((f = set_steal_first(s)))
-                (void) journal_file_close(f);
-}
-
-static int journal_file_init_header(JournalFile *f, JournalFile *template) {
-        Header h = {};
-        ssize_t k;
-        int r;
-
-        assert(f);
-
-        memcpy(h.signature, HEADER_SIGNATURE, 8);
-        h.header_size = htole64(ALIGN64(sizeof(h)));
-
-        h.incompatible_flags |= htole32(
-                f->compress_xz * HEADER_INCOMPATIBLE_COMPRESSED_XZ |
-                f->compress_lz4 * HEADER_INCOMPATIBLE_COMPRESSED_LZ4);
-
-        h.compatible_flags = htole32(
-                f->seal * HEADER_COMPATIBLE_SEALED);
-
-        r = sd_id128_randomize(&h.file_id);
-        if (r < 0)
-                return r;
-
-        if (template) {
-                h.seqnum_id = template->header->seqnum_id;
-                h.tail_entry_seqnum = template->header->tail_entry_seqnum;
-        } else
-                h.seqnum_id = h.file_id;
-
-        k = pwrite(f->fd, &h, sizeof(h), 0);
-        if (k < 0)
-                return -errno;
-
-        if (k != sizeof(h))
-                return -EIO;
-
-        return 0;
-}
-
-static int fsync_directory_of_file(int fd) {
-        _cleanup_free_ char *path = NULL, *dn = NULL;
-        _cleanup_close_ int dfd = -1;
-        struct stat st;
-        int r;
-
-        if (fstat(fd, &st) < 0)
-                return -errno;
-
-        if (!S_ISREG(st.st_mode))
-                return -EBADFD;
-
-        r = fd_get_path(fd, &path);
-        if (r < 0)
-                return r;
-
-        if (!path_is_absolute(path))
-                return -EINVAL;
-
-        dn = dirname_malloc(path);
-        if (!dn)
-                return -ENOMEM;
-
-        dfd = open(dn, O_RDONLY|O_CLOEXEC|O_DIRECTORY);
-        if (dfd < 0)
-                return -errno;
-
-        if (fsync(dfd) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int journal_file_refresh_header(JournalFile *f) {
-        sd_id128_t boot_id;
-        int r;
-
-        assert(f);
-        assert(f->header);
-
-        r = sd_id128_get_machine(&f->header->machine_id);
-        if (r < 0)
-                return r;
-
-        r = sd_id128_get_boot(&boot_id);
-        if (r < 0)
-                return r;
-
-        if (sd_id128_equal(boot_id, f->header->boot_id))
-                f->tail_entry_monotonic_valid = true;
-
-        f->header->boot_id = boot_id;
-
-        r = journal_file_set_online(f);
-
-        /* Sync the online state to disk */
-        (void) fsync(f->fd);
-
-        /* We likely just created a new file, also sync the directory this file is located in. */
-        (void) fsync_directory_of_file(f->fd);
-
-        return r;
-}
-
-static int journal_file_verify_header(JournalFile *f) {
-        uint32_t flags;
-
-        assert(f);
-        assert(f->header);
-
-        if (memcmp(f->header->signature, HEADER_SIGNATURE, 8))
-                return -EBADMSG;
-
-        /* In both read and write mode we refuse to open files with
-         * incompatible flags we don't know */
-        flags = le32toh(f->header->incompatible_flags);
-        if (flags & ~HEADER_INCOMPATIBLE_SUPPORTED) {
-                if (flags & ~HEADER_INCOMPATIBLE_ANY)
-                        log_debug("Journal file %s has unknown incompatible flags %"PRIx32,
-                                  f->path, flags & ~HEADER_INCOMPATIBLE_ANY);
-                flags = (flags & HEADER_INCOMPATIBLE_ANY) & ~HEADER_INCOMPATIBLE_SUPPORTED;
-                if (flags)
-                        log_debug("Journal file %s uses incompatible flags %"PRIx32
-                                  " disabled at compilation time.", f->path, flags);
-                return -EPROTONOSUPPORT;
-        }
-
-        /* When open for writing we refuse to open files with
-         * compatible flags, too */
-        flags = le32toh(f->header->compatible_flags);
-        if (f->writable && (flags & ~HEADER_COMPATIBLE_SUPPORTED)) {
-                if (flags & ~HEADER_COMPATIBLE_ANY)
-                        log_debug("Journal file %s has unknown compatible flags %"PRIx32,
-                                  f->path, flags & ~HEADER_COMPATIBLE_ANY);
-                flags = (flags & HEADER_COMPATIBLE_ANY) & ~HEADER_COMPATIBLE_SUPPORTED;
-                if (flags)
-                        log_debug("Journal file %s uses compatible flags %"PRIx32
-                                  " disabled at compilation time.", f->path, flags);
-                return -EPROTONOSUPPORT;
-        }
-
-        if (f->header->state >= _STATE_MAX)
-                return -EBADMSG;
-
-        /* The first addition was n_data, so check that we are at least this large */
-        if (le64toh(f->header->header_size) < HEADER_SIZE_MIN)
-                return -EBADMSG;
-
-        if (JOURNAL_HEADER_SEALED(f->header) && !JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
-                return -EBADMSG;
-
-        if ((le64toh(f->header->header_size) + le64toh(f->header->arena_size)) > (uint64_t) f->last_stat.st_size)
-                return -ENODATA;
-
-        if (le64toh(f->header->tail_object_offset) > (le64toh(f->header->header_size) + le64toh(f->header->arena_size)))
-                return -ENODATA;
-
-        if (!VALID64(le64toh(f->header->data_hash_table_offset)) ||
-            !VALID64(le64toh(f->header->field_hash_table_offset)) ||
-            !VALID64(le64toh(f->header->tail_object_offset)) ||
-            !VALID64(le64toh(f->header->entry_array_offset)))
-                return -ENODATA;
-
-        if (f->writable) {
-                uint8_t state;
-                sd_id128_t machine_id;
-                int r;
-
-                r = sd_id128_get_machine(&machine_id);
-                if (r < 0)
-                        return r;
-
-                if (!sd_id128_equal(machine_id, f->header->machine_id))
-                        return -EHOSTDOWN;
-
-                state = f->header->state;
-
-                if (state == STATE_ONLINE) {
-                        log_debug("Journal file %s is already online. Assuming unclean closing.", f->path);
-                        return -EBUSY;
-                } else if (state == STATE_ARCHIVED)
-                        return -ESHUTDOWN;
-                else if (state != STATE_OFFLINE) {
-                        log_debug("Journal file %s has unknown state %i.", f->path, state);
-                        return -EBUSY;
-                }
-        }
-
-        f->compress_xz = JOURNAL_HEADER_COMPRESSED_XZ(f->header);
-        f->compress_lz4 = JOURNAL_HEADER_COMPRESSED_LZ4(f->header);
-
-        f->seal = JOURNAL_HEADER_SEALED(f->header);
-
-        return 0;
-}
-
-static int journal_file_fstat(JournalFile *f) {
-        assert(f);
-        assert(f->fd >= 0);
-
-        if (fstat(f->fd, &f->last_stat) < 0)
-                return -errno;
-
-        f->last_stat_usec = now(CLOCK_MONOTONIC);
-
-        /* Refuse appending to files that are already deleted */
-        if (f->last_stat.st_nlink <= 0)
-                return -EIDRM;
-
-        return 0;
-}
-
-static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size) {
-        uint64_t old_size, new_size;
-        int r;
-
-        assert(f);
-        assert(f->header);
-
-        /* We assume that this file is not sparse, and we know that
-         * for sure, since we always call posix_fallocate()
-         * ourselves */
-
-        if (mmap_cache_got_sigbus(f->mmap, f->fd))
-                return -EIO;
-
-        old_size =
-                le64toh(f->header->header_size) +
-                le64toh(f->header->arena_size);
-
-        new_size = PAGE_ALIGN(offset + size);
-        if (new_size < le64toh(f->header->header_size))
-                new_size = le64toh(f->header->header_size);
-
-        if (new_size <= old_size) {
-
-                /* We already pre-allocated enough space, but before
-                 * we write to it, let's check with fstat() if the
-                 * file got deleted, in order make sure we don't throw
-                 * away the data immediately. Don't check fstat() for
-                 * all writes though, but only once ever 10s. */
-
-                if (f->last_stat_usec + LAST_STAT_REFRESH_USEC > now(CLOCK_MONOTONIC))
-                        return 0;
-
-                return journal_file_fstat(f);
-        }
-
-        /* Allocate more space. */
-
-        if (f->metrics.max_size > 0 && new_size > f->metrics.max_size)
-                return -E2BIG;
-
-        if (new_size > f->metrics.min_size && f->metrics.keep_free > 0) {
-                struct statvfs svfs;
-
-                if (fstatvfs(f->fd, &svfs) >= 0) {
-                        uint64_t available;
-
-                        available = LESS_BY((uint64_t) svfs.f_bfree * (uint64_t) svfs.f_bsize, f->metrics.keep_free);
-
-                        if (new_size - old_size > available)
-                                return -E2BIG;
-                }
-        }
-
-        /* Increase by larger blocks at once */
-        new_size = ((new_size+FILE_SIZE_INCREASE-1) / FILE_SIZE_INCREASE) * FILE_SIZE_INCREASE;
-        if (f->metrics.max_size > 0 && new_size > f->metrics.max_size)
-                new_size = f->metrics.max_size;
-
-        /* Note that the glibc fallocate() fallback is very
-           inefficient, hence we try to minimize the allocation area
-           as we can. */
-        r = posix_fallocate(f->fd, old_size, new_size - old_size);
-        if (r != 0)
-                return -r;
-
-        f->header->arena_size = htole64(new_size - le64toh(f->header->header_size));
-
-        return journal_file_fstat(f);
-}
-
-static unsigned type_to_context(ObjectType type) {
-        /* One context for each type, plus one catch-all for the rest */
-        assert_cc(_OBJECT_TYPE_MAX <= MMAP_CACHE_MAX_CONTEXTS);
-        assert_cc(CONTEXT_HEADER < MMAP_CACHE_MAX_CONTEXTS);
-        return type > OBJECT_UNUSED && type < _OBJECT_TYPE_MAX ? type : 0;
-}
-
-static int journal_file_move_to(JournalFile *f, ObjectType type, bool keep_always, uint64_t offset, uint64_t size, void **ret) {
-        int r;
-
-        assert(f);
-        assert(ret);
-
-        if (size <= 0)
-                return -EINVAL;
-
-        /* Avoid SIGBUS on invalid accesses */
-        if (offset + size > (uint64_t) f->last_stat.st_size) {
-                /* Hmm, out of range? Let's refresh the fstat() data
-                 * first, before we trust that check. */
-
-                r = journal_file_fstat(f);
-                if (r < 0)
-                        return r;
-
-                if (offset + size > (uint64_t) f->last_stat.st_size)
-                        return -EADDRNOTAVAIL;
-        }
-
-        return mmap_cache_get(f->mmap, f->fd, f->prot, type_to_context(type), keep_always, offset, size, &f->last_stat, ret);
-}
-
-static uint64_t minimum_header_size(Object *o) {
-
-        static const uint64_t table[] = {
-                [OBJECT_DATA] = sizeof(DataObject),
-                [OBJECT_FIELD] = sizeof(FieldObject),
-                [OBJECT_ENTRY] = sizeof(EntryObject),
-                [OBJECT_DATA_HASH_TABLE] = sizeof(HashTableObject),
-                [OBJECT_FIELD_HASH_TABLE] = sizeof(HashTableObject),
-                [OBJECT_ENTRY_ARRAY] = sizeof(EntryArrayObject),
-                [OBJECT_TAG] = sizeof(TagObject),
-        };
-
-        if (o->object.type >= ELEMENTSOF(table) || table[o->object.type] <= 0)
-                return sizeof(ObjectHeader);
-
-        return table[o->object.type];
-}
-
-int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset, Object **ret) {
-        int r;
-        void *t;
-        Object *o;
-        uint64_t s;
-
-        assert(f);
-        assert(ret);
-
-        /* Objects may only be located at multiple of 64 bit */
-        if (!VALID64(offset))
-                return -EBADMSG;
-
-        /* Object may not be located in the file header */
-        if (offset < le64toh(f->header->header_size))
-                return -EBADMSG;
-
-        r = journal_file_move_to(f, type, false, offset, sizeof(ObjectHeader), &t);
-        if (r < 0)
-                return r;
-
-        o = (Object*) t;
-        s = le64toh(o->object.size);
-
-        if (s < sizeof(ObjectHeader))
-                return -EBADMSG;
-
-        if (o->object.type <= OBJECT_UNUSED)
-                return -EBADMSG;
-
-        if (s < minimum_header_size(o))
-                return -EBADMSG;
-
-        if (type > OBJECT_UNUSED && o->object.type != type)
-                return -EBADMSG;
-
-        if (s > sizeof(ObjectHeader)) {
-                r = journal_file_move_to(f, type, false, offset, s, &t);
-                if (r < 0)
-                        return r;
-
-                o = (Object*) t;
-        }
-
-        *ret = o;
-        return 0;
-}
-
-static uint64_t journal_file_entry_seqnum(JournalFile *f, uint64_t *seqnum) {
-        uint64_t r;
-
-        assert(f);
-        assert(f->header);
-
-        r = le64toh(f->header->tail_entry_seqnum) + 1;
-
-        if (seqnum) {
-                /* If an external seqnum counter was passed, we update
-                 * both the local and the external one, and set it to
-                 * the maximum of both */
-
-                if (*seqnum + 1 > r)
-                        r = *seqnum + 1;
-
-                *seqnum = r;
-        }
-
-        f->header->tail_entry_seqnum = htole64(r);
-
-        if (f->header->head_entry_seqnum == 0)
-                f->header->head_entry_seqnum = htole64(r);
-
-        return r;
-}
-
-int journal_file_append_object(JournalFile *f, ObjectType type, uint64_t size, Object **ret, uint64_t *offset) {
-        int r;
-        uint64_t p;
-        Object *tail, *o;
-        void *t;
-
-        assert(f);
-        assert(f->header);
-        assert(type > OBJECT_UNUSED && type < _OBJECT_TYPE_MAX);
-        assert(size >= sizeof(ObjectHeader));
-        assert(offset);
-        assert(ret);
-
-        r = journal_file_set_online(f);
-        if (r < 0)
-                return r;
-
-        p = le64toh(f->header->tail_object_offset);
-        if (p == 0)
-                p = le64toh(f->header->header_size);
-        else {
-                r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &tail);
-                if (r < 0)
-                        return r;
-
-                p += ALIGN64(le64toh(tail->object.size));
-        }
-
-        r = journal_file_allocate(f, p, size);
-        if (r < 0)
-                return r;
-
-        r = journal_file_move_to(f, type, false, p, size, &t);
-        if (r < 0)
-                return r;
-
-        o = (Object*) t;
-
-        zero(o->object);
-        o->object.type = type;
-        o->object.size = htole64(size);
-
-        f->header->tail_object_offset = htole64(p);
-        f->header->n_objects = htole64(le64toh(f->header->n_objects) + 1);
-
-        *ret = o;
-        *offset = p;
-
-        return 0;
-}
-
-static int journal_file_setup_data_hash_table(JournalFile *f) {
-        uint64_t s, p;
-        Object *o;
-        int r;
-
-        assert(f);
-        assert(f->header);
-
-        /* We estimate that we need 1 hash table entry per 768 bytes
-           of journal file and we want to make sure we never get
-           beyond 75% fill level. Calculate the hash table size for
-           the maximum file size based on these metrics. */
-
-        s = (f->metrics.max_size * 4 / 768 / 3) * sizeof(HashItem);
-        if (s < DEFAULT_DATA_HASH_TABLE_SIZE)
-                s = DEFAULT_DATA_HASH_TABLE_SIZE;
-
-        log_debug("Reserving %"PRIu64" entries in hash table.", s / sizeof(HashItem));
-
-        r = journal_file_append_object(f,
-                                       OBJECT_DATA_HASH_TABLE,
-                                       offsetof(Object, hash_table.items) + s,
-                                       &o, &p);
-        if (r < 0)
-                return r;
-
-        memzero(o->hash_table.items, s);
-
-        f->header->data_hash_table_offset = htole64(p + offsetof(Object, hash_table.items));
-        f->header->data_hash_table_size = htole64(s);
-
-        return 0;
-}
-
-static int journal_file_setup_field_hash_table(JournalFile *f) {
-        uint64_t s, p;
-        Object *o;
-        int r;
-
-        assert(f);
-        assert(f->header);
-
-        /* We use a fixed size hash table for the fields as this
-         * number should grow very slowly only */
-
-        s = DEFAULT_FIELD_HASH_TABLE_SIZE;
-        r = journal_file_append_object(f,
-                                       OBJECT_FIELD_HASH_TABLE,
-                                       offsetof(Object, hash_table.items) + s,
-                                       &o, &p);
-        if (r < 0)
-                return r;
-
-        memzero(o->hash_table.items, s);
-
-        f->header->field_hash_table_offset = htole64(p + offsetof(Object, hash_table.items));
-        f->header->field_hash_table_size = htole64(s);
-
-        return 0;
-}
-
-int journal_file_map_data_hash_table(JournalFile *f) {
-        uint64_t s, p;
-        void *t;
-        int r;
-
-        assert(f);
-        assert(f->header);
-
-        if (f->data_hash_table)
-                return 0;
-
-        p = le64toh(f->header->data_hash_table_offset);
-        s = le64toh(f->header->data_hash_table_size);
-
-        r = journal_file_move_to(f,
-                                 OBJECT_DATA_HASH_TABLE,
-                                 true,
-                                 p, s,
-                                 &t);
-        if (r < 0)
-                return r;
-
-        f->data_hash_table = t;
-        return 0;
-}
-
-int journal_file_map_field_hash_table(JournalFile *f) {
-        uint64_t s, p;
-        void *t;
-        int r;
-
-        assert(f);
-        assert(f->header);
-
-        if (f->field_hash_table)
-                return 0;
-
-        p = le64toh(f->header->field_hash_table_offset);
-        s = le64toh(f->header->field_hash_table_size);
-
-        r = journal_file_move_to(f,
-                                 OBJECT_FIELD_HASH_TABLE,
-                                 true,
-                                 p, s,
-                                 &t);
-        if (r < 0)
-                return r;
-
-        f->field_hash_table = t;
-        return 0;
-}
-
-static int journal_file_link_field(
-                JournalFile *f,
-                Object *o,
-                uint64_t offset,
-                uint64_t hash) {
-
-        uint64_t p, h, m;
-        int r;
-
-        assert(f);
-        assert(f->header);
-        assert(f->field_hash_table);
-        assert(o);
-        assert(offset > 0);
-
-        if (o->object.type != OBJECT_FIELD)
-                return -EINVAL;
-
-        m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
-        if (m <= 0)
-                return -EBADMSG;
-
-        /* This might alter the window we are looking at */
-        o->field.next_hash_offset = o->field.head_data_offset = 0;
-
-        h = hash % m;
-        p = le64toh(f->field_hash_table[h].tail_hash_offset);
-        if (p == 0)
-                f->field_hash_table[h].head_hash_offset = htole64(offset);
-        else {
-                r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o);
-                if (r < 0)
-                        return r;
-
-                o->field.next_hash_offset = htole64(offset);
-        }
-
-        f->field_hash_table[h].tail_hash_offset = htole64(offset);
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
-                f->header->n_fields = htole64(le64toh(f->header->n_fields) + 1);
-
-        return 0;
-}
-
-static int journal_file_link_data(
-                JournalFile *f,
-                Object *o,
-                uint64_t offset,
-                uint64_t hash) {
-
-        uint64_t p, h, m;
-        int r;
-
-        assert(f);
-        assert(f->header);
-        assert(f->data_hash_table);
-        assert(o);
-        assert(offset > 0);
-
-        if (o->object.type != OBJECT_DATA)
-                return -EINVAL;
-
-        m = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
-        if (m <= 0)
-                return -EBADMSG;
-
-        /* This might alter the window we are looking at */
-        o->data.next_hash_offset = o->data.next_field_offset = 0;
-        o->data.entry_offset = o->data.entry_array_offset = 0;
-        o->data.n_entries = 0;
-
-        h = hash % m;
-        p = le64toh(f->data_hash_table[h].tail_hash_offset);
-        if (p == 0)
-                /* Only entry in the hash table is easy */
-                f->data_hash_table[h].head_hash_offset = htole64(offset);
-        else {
-                /* Move back to the previous data object, to patch in
-                 * pointer */
-
-                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
-                if (r < 0)
-                        return r;
-
-                o->data.next_hash_offset = htole64(offset);
-        }
-
-        f->data_hash_table[h].tail_hash_offset = htole64(offset);
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
-                f->header->n_data = htole64(le64toh(f->header->n_data) + 1);
-
-        return 0;
-}
-
-int journal_file_find_field_object_with_hash(
-                JournalFile *f,
-                const void *field, uint64_t size, uint64_t hash,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t p, osize, h, m;
-        int r;
-
-        assert(f);
-        assert(f->header);
-        assert(field && size > 0);
-
-        /* If the field hash table is empty, we can't find anything */
-        if (le64toh(f->header->field_hash_table_size) <= 0)
-                return 0;
-
-        /* Map the field hash table, if it isn't mapped yet. */
-        r = journal_file_map_field_hash_table(f);
-        if (r < 0)
-                return r;
-
-        osize = offsetof(Object, field.payload) + size;
-
-        m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
-        if (m <= 0)
-                return -EBADMSG;
-
-        h = hash % m;
-        p = le64toh(f->field_hash_table[h].head_hash_offset);
-
-        while (p > 0) {
-                Object *o;
-
-                r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o);
-                if (r < 0)
-                        return r;
-
-                if (le64toh(o->field.hash) == hash &&
-                    le64toh(o->object.size) == osize &&
-                    memcmp(o->field.payload, field, size) == 0) {
-
-                        if (ret)
-                                *ret = o;
-                        if (offset)
-                                *offset = p;
-
-                        return 1;
-                }
-
-                p = le64toh(o->field.next_hash_offset);
-        }
-
-        return 0;
-}
-
-int journal_file_find_field_object(
-                JournalFile *f,
-                const void *field, uint64_t size,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t hash;
-
-        assert(f);
-        assert(field && size > 0);
-
-        hash = hash64(field, size);
-
-        return journal_file_find_field_object_with_hash(f,
-                                                        field, size, hash,
-                                                        ret, offset);
-}
-
-int journal_file_find_data_object_with_hash(
-                JournalFile *f,
-                const void *data, uint64_t size, uint64_t hash,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t p, osize, h, m;
-        int r;
-
-        assert(f);
-        assert(f->header);
-        assert(data || size == 0);
-
-        /* If there's no data hash table, then there's no entry. */
-        if (le64toh(f->header->data_hash_table_size) <= 0)
-                return 0;
-
-        /* Map the data hash table, if it isn't mapped yet. */
-        r = journal_file_map_data_hash_table(f);
-        if (r < 0)
-                return r;
-
-        osize = offsetof(Object, data.payload) + size;
-
-        m = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
-        if (m <= 0)
-                return -EBADMSG;
-
-        h = hash % m;
-        p = le64toh(f->data_hash_table[h].head_hash_offset);
-
-        while (p > 0) {
-                Object *o;
-
-                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
-                if (r < 0)
-                        return r;
-
-                if (le64toh(o->data.hash) != hash)
-                        goto next;
-
-                if (o->object.flags & OBJECT_COMPRESSION_MASK) {
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-                        uint64_t l;
-                        size_t rsize = 0;
-
-                        l = le64toh(o->object.size);
-                        if (l <= offsetof(Object, data.payload))
-                                return -EBADMSG;
-
-                        l -= offsetof(Object, data.payload);
-
-                        r = decompress_blob(o->object.flags & OBJECT_COMPRESSION_MASK,
-                                            o->data.payload, l, &f->compress_buffer, &f->compress_buffer_size, &rsize, 0);
-                        if (r < 0)
-                                return r;
-
-                        if (rsize == size &&
-                            memcmp(f->compress_buffer, data, size) == 0) {
-
-                                if (ret)
-                                        *ret = o;
-
-                                if (offset)
-                                        *offset = p;
-
-                                return 1;
-                        }
-#else
-                        return -EPROTONOSUPPORT;
-#endif
-                } else if (le64toh(o->object.size) == osize &&
-                           memcmp(o->data.payload, data, size) == 0) {
-
-                        if (ret)
-                                *ret = o;
-
-                        if (offset)
-                                *offset = p;
-
-                        return 1;
-                }
-
-        next:
-                p = le64toh(o->data.next_hash_offset);
-        }
-
-        return 0;
-}
-
-int journal_file_find_data_object(
-                JournalFile *f,
-                const void *data, uint64_t size,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t hash;
-
-        assert(f);
-        assert(data || size == 0);
-
-        hash = hash64(data, size);
-
-        return journal_file_find_data_object_with_hash(f,
-                                                       data, size, hash,
-                                                       ret, offset);
-}
-
-static int journal_file_append_field(
-                JournalFile *f,
-                const void *field, uint64_t size,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t hash, p;
-        uint64_t osize;
-        Object *o;
-        int r;
-
-        assert(f);
-        assert(field && size > 0);
-
-        hash = hash64(field, size);
-
-        r = journal_file_find_field_object_with_hash(f, field, size, hash, &o, &p);
-        if (r < 0)
-                return r;
-        else if (r > 0) {
-
-                if (ret)
-                        *ret = o;
-
-                if (offset)
-                        *offset = p;
-
-                return 0;
-        }
-
-        osize = offsetof(Object, field.payload) + size;
-        r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p);
-        if (r < 0)
-                return r;
-
-        o->field.hash = htole64(hash);
-        memcpy(o->field.payload, field, size);
-
-        r = journal_file_link_field(f, o, p, hash);
-        if (r < 0)
-                return r;
-
-        /* The linking might have altered the window, so let's
-         * refresh our pointer */
-        r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o);
-        if (r < 0)
-                return r;
-
-#ifdef HAVE_GCRYPT
-        r = journal_file_hmac_put_object(f, OBJECT_FIELD, o, p);
-        if (r < 0)
-                return r;
-#endif
-
-        if (ret)
-                *ret = o;
-
-        if (offset)
-                *offset = p;
-
-        return 0;
-}
-
-static int journal_file_append_data(
-                JournalFile *f,
-                const void *data, uint64_t size,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t hash, p;
-        uint64_t osize;
-        Object *o;
-        int r, compression = 0;
-        const void *eq;
-
-        assert(f);
-        assert(data || size == 0);
-
-        hash = hash64(data, size);
-
-        r = journal_file_find_data_object_with_hash(f, data, size, hash, &o, &p);
-        if (r < 0)
-                return r;
-        if (r > 0) {
-
-                if (ret)
-                        *ret = o;
-
-                if (offset)
-                        *offset = p;
-
-                return 0;
-        }
-
-        osize = offsetof(Object, data.payload) + size;
-        r = journal_file_append_object(f, OBJECT_DATA, osize, &o, &p);
-        if (r < 0)
-                return r;
-
-        o->data.hash = htole64(hash);
-
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-        if (JOURNAL_FILE_COMPRESS(f) && size >= COMPRESSION_SIZE_THRESHOLD) {
-                size_t rsize = 0;
-
-                compression = compress_blob(data, size, o->data.payload, size - 1, &rsize);
-
-                if (compression >= 0) {
-                        o->object.size = htole64(offsetof(Object, data.payload) + rsize);
-                        o->object.flags |= compression;
-
-                        log_debug("Compressed data object %"PRIu64" -> %zu using %s",
-                                  size, rsize, object_compressed_to_string(compression));
-                } else
-                        /* Compression didn't work, we don't really care why, let's continue without compression */
-                        compression = 0;
-        }
-#endif
-
-        if (compression == 0)
-                memcpy_safe(o->data.payload, data, size);
-
-        r = journal_file_link_data(f, o, p, hash);
-        if (r < 0)
-                return r;
-
-        /* The linking might have altered the window, so let's
-         * refresh our pointer */
-        r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
-        if (r < 0)
-                return r;
-
-        if (!data)
-                eq = NULL;
-        else
-                eq = memchr(data, '=', size);
-        if (eq && eq > data) {
-                Object *fo = NULL;
-                uint64_t fp;
-
-                /* Create field object ... */
-                r = journal_file_append_field(f, data, (uint8_t*) eq - (uint8_t*) data, &fo, &fp);
-                if (r < 0)
-                        return r;
-
-                /* ... and link it in. */
-                o->data.next_field_offset = fo->field.head_data_offset;
-                fo->field.head_data_offset = le64toh(p);
-        }
-
-#ifdef HAVE_GCRYPT
-        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
-        if (r < 0)
-                return r;
-#endif
-
-        if (ret)
-                *ret = o;
-
-        if (offset)
-                *offset = p;
-
-        return 0;
-}
-
-uint64_t journal_file_entry_n_items(Object *o) {
-        assert(o);
-
-        if (o->object.type != OBJECT_ENTRY)
-                return 0;
-
-        return (le64toh(o->object.size) - offsetof(Object, entry.items)) / sizeof(EntryItem);
-}
-
-uint64_t journal_file_entry_array_n_items(Object *o) {
-        assert(o);
-
-        if (o->object.type != OBJECT_ENTRY_ARRAY)
-                return 0;
-
-        return (le64toh(o->object.size) - offsetof(Object, entry_array.items)) / sizeof(uint64_t);
-}
-
-uint64_t journal_file_hash_table_n_items(Object *o) {
-        assert(o);
-
-        if (o->object.type != OBJECT_DATA_HASH_TABLE &&
-            o->object.type != OBJECT_FIELD_HASH_TABLE)
-                return 0;
-
-        return (le64toh(o->object.size) - offsetof(Object, hash_table.items)) / sizeof(HashItem);
-}
-
-static int link_entry_into_array(JournalFile *f,
-                                 le64_t *first,
-                                 le64_t *idx,
-                                 uint64_t p) {
-        int r;
-        uint64_t n = 0, ap = 0, q, i, a, hidx;
-        Object *o;
-
-        assert(f);
-        assert(f->header);
-        assert(first);
-        assert(idx);
-        assert(p > 0);
-
-        a = le64toh(*first);
-        i = hidx = le64toh(*idx);
-        while (a > 0) {
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
-                if (r < 0)
-                        return r;
-
-                n = journal_file_entry_array_n_items(o);
-                if (i < n) {
-                        o->entry_array.items[i] = htole64(p);
-                        *idx = htole64(hidx + 1);
-                        return 0;
-                }
-
-                i -= n;
-                ap = a;
-                a = le64toh(o->entry_array.next_entry_array_offset);
-        }
-
-        if (hidx > n)
-                n = (hidx+1) * 2;
-        else
-                n = n * 2;
-
-        if (n < 4)
-                n = 4;
-
-        r = journal_file_append_object(f, OBJECT_ENTRY_ARRAY,
-                                       offsetof(Object, entry_array.items) + n * sizeof(uint64_t),
-                                       &o, &q);
-        if (r < 0)
-                return r;
-
-#ifdef HAVE_GCRYPT
-        r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, o, q);
-        if (r < 0)
-                return r;
-#endif
-
-        o->entry_array.items[i] = htole64(p);
-
-        if (ap == 0)
-                *first = htole64(q);
-        else {
-                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, ap, &o);
-                if (r < 0)
-                        return r;
-
-                o->entry_array.next_entry_array_offset = htole64(q);
-        }
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
-                f->header->n_entry_arrays = htole64(le64toh(f->header->n_entry_arrays) + 1);
-
-        *idx = htole64(hidx + 1);
-
-        return 0;
-}
-
-static int link_entry_into_array_plus_one(JournalFile *f,
-                                          le64_t *extra,
-                                          le64_t *first,
-                                          le64_t *idx,
-                                          uint64_t p) {
-
-        int r;
-
-        assert(f);
-        assert(extra);
-        assert(first);
-        assert(idx);
-        assert(p > 0);
-
-        if (*idx == 0)
-                *extra = htole64(p);
-        else {
-                le64_t i;
-
-                i = htole64(le64toh(*idx) - 1);
-                r = link_entry_into_array(f, first, &i, p);
-                if (r < 0)
-                        return r;
-        }
-
-        *idx = htole64(le64toh(*idx) + 1);
-        return 0;
-}
-
-static int journal_file_link_entry_item(JournalFile *f, Object *o, uint64_t offset, uint64_t i) {
-        uint64_t p;
-        int r;
-        assert(f);
-        assert(o);
-        assert(offset > 0);
-
-        p = le64toh(o->entry.items[i].object_offset);
-        if (p == 0)
-                return -EINVAL;
-
-        r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
-        if (r < 0)
-                return r;
-
-        return link_entry_into_array_plus_one(f,
-                                              &o->data.entry_offset,
-                                              &o->data.entry_array_offset,
-                                              &o->data.n_entries,
-                                              offset);
-}
-
-static int journal_file_link_entry(JournalFile *f, Object *o, uint64_t offset) {
-        uint64_t n, i;
-        int r;
-
-        assert(f);
-        assert(f->header);
-        assert(o);
-        assert(offset > 0);
-
-        if (o->object.type != OBJECT_ENTRY)
-                return -EINVAL;
-
-        __sync_synchronize();
-
-        /* Link up the entry itself */
-        r = link_entry_into_array(f,
-                                  &f->header->entry_array_offset,
-                                  &f->header->n_entries,
-                                  offset);
-        if (r < 0)
-                return r;
-
-        /* log_debug("=> %s seqnr=%"PRIu64" n_entries=%"PRIu64, f->path, o->entry.seqnum, f->header->n_entries); */
-
-        if (f->header->head_entry_realtime == 0)
-                f->header->head_entry_realtime = o->entry.realtime;
-
-        f->header->tail_entry_realtime = o->entry.realtime;
-        f->header->tail_entry_monotonic = o->entry.monotonic;
-
-        f->tail_entry_monotonic_valid = true;
-
-        /* Link up the items */
-        n = journal_file_entry_n_items(o);
-        for (i = 0; i < n; i++) {
-                r = journal_file_link_entry_item(f, o, offset, i);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int journal_file_append_entry_internal(
-                JournalFile *f,
-                const dual_timestamp *ts,
-                uint64_t xor_hash,
-                const EntryItem items[], unsigned n_items,
-                uint64_t *seqnum,
-                Object **ret, uint64_t *offset) {
-        uint64_t np;
-        uint64_t osize;
-        Object *o;
-        int r;
-
-        assert(f);
-        assert(f->header);
-        assert(items || n_items == 0);
-        assert(ts);
-
-        osize = offsetof(Object, entry.items) + (n_items * sizeof(EntryItem));
-
-        r = journal_file_append_object(f, OBJECT_ENTRY, osize, &o, &np);
-        if (r < 0)
-                return r;
-
-        o->entry.seqnum = htole64(journal_file_entry_seqnum(f, seqnum));
-        memcpy_safe(o->entry.items, items, n_items * sizeof(EntryItem));
-        o->entry.realtime = htole64(ts->realtime);
-        o->entry.monotonic = htole64(ts->monotonic);
-        o->entry.xor_hash = htole64(xor_hash);
-        o->entry.boot_id = f->header->boot_id;
-
-#ifdef HAVE_GCRYPT
-        r = journal_file_hmac_put_object(f, OBJECT_ENTRY, o, np);
-        if (r < 0)
-                return r;
-#endif
-
-        r = journal_file_link_entry(f, o, np);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = o;
-
-        if (offset)
-                *offset = np;
-
-        return 0;
-}
-
-void journal_file_post_change(JournalFile *f) {
-        assert(f);
-
-        /* inotify() does not receive IN_MODIFY events from file
-         * accesses done via mmap(). After each access we hence
-         * trigger IN_MODIFY by truncating the journal file to its
-         * current size which triggers IN_MODIFY. */
-
-        __sync_synchronize();
-
-        if (ftruncate(f->fd, f->last_stat.st_size) < 0)
-                log_debug_errno(errno, "Failed to truncate file to its own size: %m");
-}
-
-static int post_change_thunk(sd_event_source *timer, uint64_t usec, void *userdata) {
-        assert(userdata);
-
-        journal_file_post_change(userdata);
-
-        return 1;
-}
-
-static void schedule_post_change(JournalFile *f) {
-        sd_event_source *timer;
-        int enabled, r;
-        uint64_t now;
-
-        assert(f);
-        assert(f->post_change_timer);
-
-        timer = f->post_change_timer;
-
-        r = sd_event_source_get_enabled(timer, &enabled);
-        if (r < 0) {
-                log_debug_errno(r, "Failed to get ftruncate timer state: %m");
-                goto fail;
-        }
-
-        if (enabled == SD_EVENT_ONESHOT)
-                return;
-
-        r = sd_event_now(sd_event_source_get_event(timer), CLOCK_MONOTONIC, &now);
-        if (r < 0) {
-                log_debug_errno(r, "Failed to get clock's now for scheduling ftruncate: %m");
-                goto fail;
-        }
-
-        r = sd_event_source_set_time(timer, now+f->post_change_timer_period);
-        if (r < 0) {
-                log_debug_errno(r, "Failed to set time for scheduling ftruncate: %m");
-                goto fail;
-        }
-
-        r = sd_event_source_set_enabled(timer, SD_EVENT_ONESHOT);
-        if (r < 0) {
-                log_debug_errno(r, "Failed to enable scheduled ftruncate: %m");
-                goto fail;
-        }
-
-        return;
-
-fail:
-        /* On failure, let's simply post the change immediately. */
-        journal_file_post_change(f);
-}
-
-/* Enable coalesced change posting in a timer on the provided sd_event instance */
-int journal_file_enable_post_change_timer(JournalFile *f, sd_event *e, usec_t t) {
-        _cleanup_(sd_event_source_unrefp) sd_event_source *timer = NULL;
-        int r;
-
-        assert(f);
-        assert_return(!f->post_change_timer, -EINVAL);
-        assert(e);
-        assert(t);
-
-        r = sd_event_add_time(e, &timer, CLOCK_MONOTONIC, 0, 0, post_change_thunk, f);
-        if (r < 0)
-                return r;
-
-        r = sd_event_source_set_enabled(timer, SD_EVENT_OFF);
-        if (r < 0)
-                return r;
-
-        f->post_change_timer = timer;
-        timer = NULL;
-        f->post_change_timer_period = t;
-
-        return r;
-}
-
-static int entry_item_cmp(const void *_a, const void *_b) {
-        const EntryItem *a = _a, *b = _b;
-
-        if (le64toh(a->object_offset) < le64toh(b->object_offset))
-                return -1;
-        if (le64toh(a->object_offset) > le64toh(b->object_offset))
-                return 1;
-        return 0;
-}
-
-int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const struct iovec iovec[], unsigned n_iovec, uint64_t *seqnum, Object **ret, uint64_t *offset) {
-        unsigned i;
-        EntryItem *items;
-        int r;
-        uint64_t xor_hash = 0;
-        struct dual_timestamp _ts;
-
-        assert(f);
-        assert(f->header);
-        assert(iovec || n_iovec == 0);
-
-        if (!ts) {
-                dual_timestamp_get(&_ts);
-                ts = &_ts;
-        }
-
-#ifdef HAVE_GCRYPT
-        r = journal_file_maybe_append_tag(f, ts->realtime);
-        if (r < 0)
-                return r;
-#endif
-
-        /* alloca() can't take 0, hence let's allocate at least one */
-        items = alloca(sizeof(EntryItem) * MAX(1u, n_iovec));
-
-        for (i = 0; i < n_iovec; i++) {
-                uint64_t p;
-                Object *o;
-
-                r = journal_file_append_data(f, iovec[i].iov_base, iovec[i].iov_len, &o, &p);
-                if (r < 0)
-                        return r;
-
-                xor_hash ^= le64toh(o->data.hash);
-                items[i].object_offset = htole64(p);
-                items[i].hash = o->data.hash;
-        }
-
-        /* Order by the position on disk, in order to improve seek
-         * times for rotating media. */
-        qsort_safe(items, n_iovec, sizeof(EntryItem), entry_item_cmp);
-
-        r = journal_file_append_entry_internal(f, ts, xor_hash, items, n_iovec, seqnum, ret, offset);
-
-        /* If the memory mapping triggered a SIGBUS then we return an
-         * IO error and ignore the error code passed down to us, since
-         * it is very likely just an effect of a nullified replacement
-         * mapping page */
-
-        if (mmap_cache_got_sigbus(f->mmap, f->fd))
-                r = -EIO;
-
-        if (f->post_change_timer)
-                schedule_post_change(f);
-        else
-                journal_file_post_change(f);
-
-        return r;
-}
-
-typedef struct ChainCacheItem {
-        uint64_t first; /* the array at the beginning of the chain */
-        uint64_t array; /* the cached array */
-        uint64_t begin; /* the first item in the cached array */
-        uint64_t total; /* the total number of items in all arrays before this one in the chain */
-        uint64_t last_index; /* the last index we looked at, to optimize locality when bisecting */
-} ChainCacheItem;
-
-static void chain_cache_put(
-                OrderedHashmap *h,
-                ChainCacheItem *ci,
-                uint64_t first,
-                uint64_t array,
-                uint64_t begin,
-                uint64_t total,
-                uint64_t last_index) {
-
-        if (!ci) {
-                /* If the chain item to cache for this chain is the
-                 * first one it's not worth caching anything */
-                if (array == first)
-                        return;
-
-                if (ordered_hashmap_size(h) >= CHAIN_CACHE_MAX) {
-                        ci = ordered_hashmap_steal_first(h);
-                        assert(ci);
-                } else {
-                        ci = new(ChainCacheItem, 1);
-                        if (!ci)
-                                return;
-                }
-
-                ci->first = first;
-
-                if (ordered_hashmap_put(h, &ci->first, ci) < 0) {
-                        free(ci);
-                        return;
-                }
-        } else
-                assert(ci->first == first);
-
-        ci->array = array;
-        ci->begin = begin;
-        ci->total = total;
-        ci->last_index = last_index;
-}
-
-static int generic_array_get(
-                JournalFile *f,
-                uint64_t first,
-                uint64_t i,
-                Object **ret, uint64_t *offset) {
-
-        Object *o;
-        uint64_t p = 0, a, t = 0;
-        int r;
-        ChainCacheItem *ci;
-
-        assert(f);
-
-        a = first;
-
-        /* Try the chain cache first */
-        ci = ordered_hashmap_get(f->chain_cache, &first);
-        if (ci && i > ci->total) {
-                a = ci->array;
-                i -= ci->total;
-                t = ci->total;
-        }
-
-        while (a > 0) {
-                uint64_t k;
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
-                if (r < 0)
-                        return r;
-
-                k = journal_file_entry_array_n_items(o);
-                if (i < k) {
-                        p = le64toh(o->entry_array.items[i]);
-                        goto found;
-                }
-
-                i -= k;
-                t += k;
-                a = le64toh(o->entry_array.next_entry_array_offset);
-        }
-
-        return 0;
-
-found:
-        /* Let's cache this item for the next invocation */
-        chain_cache_put(f->chain_cache, ci, first, a, le64toh(o->entry_array.items[0]), t, i);
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = o;
-
-        if (offset)
-                *offset = p;
-
-        return 1;
-}
-
-static int generic_array_get_plus_one(
-                JournalFile *f,
-                uint64_t extra,
-                uint64_t first,
-                uint64_t i,
-                Object **ret, uint64_t *offset) {
-
-        Object *o;
-
-        assert(f);
-
-        if (i == 0) {
-                int r;
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o);
-                if (r < 0)
-                        return r;
-
-                if (ret)
-                        *ret = o;
-
-                if (offset)
-                        *offset = extra;
-
-                return 1;
-        }
-
-        return generic_array_get(f, first, i-1, ret, offset);
-}
-
-enum {
-        TEST_FOUND,
-        TEST_LEFT,
-        TEST_RIGHT
-};
-
-static int generic_array_bisect(
-                JournalFile *f,
-                uint64_t first,
-                uint64_t n,
-                uint64_t needle,
-                int (*test_object)(JournalFile *f, uint64_t p, uint64_t needle),
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset,
-                uint64_t *idx) {
-
-        uint64_t a, p, t = 0, i = 0, last_p = 0, last_index = (uint64_t) -1;
-        bool subtract_one = false;
-        Object *o, *array = NULL;
-        int r;
-        ChainCacheItem *ci;
-
-        assert(f);
-        assert(test_object);
-
-        /* Start with the first array in the chain */
-        a = first;
-
-        ci = ordered_hashmap_get(f->chain_cache, &first);
-        if (ci && n > ci->total) {
-                /* Ah, we have iterated this bisection array chain
-                 * previously! Let's see if we can skip ahead in the
-                 * chain, as far as the last time. But we can't jump
-                 * backwards in the chain, so let's check that
-                 * first. */
-
-                r = test_object(f, ci->begin, needle);
-                if (r < 0)
-                        return r;
-
-                if (r == TEST_LEFT) {
-                        /* OK, what we are looking for is right of the
-                         * begin of this EntryArray, so let's jump
-                         * straight to previously cached array in the
-                         * chain */
-
-                        a = ci->array;
-                        n -= ci->total;
-                        t = ci->total;
-                        last_index = ci->last_index;
-                }
-        }
-
-        while (a > 0) {
-                uint64_t left, right, k, lp;
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &array);
-                if (r < 0)
-                        return r;
-
-                k = journal_file_entry_array_n_items(array);
-                right = MIN(k, n);
-                if (right <= 0)
-                        return 0;
-
-                i = right - 1;
-                lp = p = le64toh(array->entry_array.items[i]);
-                if (p <= 0)
-                        r = -EBADMSG;
-                else
-                        r = test_object(f, p, needle);
-                if (r == -EBADMSG) {
-                        log_debug_errno(r, "Encountered invalid entry while bisecting, cutting algorithm short. (1)");
-                        n = i;
-                        continue;
-                }
-                if (r < 0)
-                        return r;
-
-                if (r == TEST_FOUND)
-                        r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
-
-                if (r == TEST_RIGHT) {
-                        left = 0;
-                        right -= 1;
-
-                        if (last_index != (uint64_t) -1) {
-                                assert(last_index <= right);
-
-                                /* If we cached the last index we
-                                 * looked at, let's try to not to jump
-                                 * too wildly around and see if we can
-                                 * limit the range to look at early to
-                                 * the immediate neighbors of the last
-                                 * index we looked at. */
-
-                                if (last_index > 0) {
-                                        uint64_t x = last_index - 1;
-
-                                        p = le64toh(array->entry_array.items[x]);
-                                        if (p <= 0)
-                                                return -EBADMSG;
-
-                                        r = test_object(f, p, needle);
-                                        if (r < 0)
-                                                return r;
-
-                                        if (r == TEST_FOUND)
-                                                r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
-
-                                        if (r == TEST_RIGHT)
-                                                right = x;
-                                        else
-                                                left = x + 1;
-                                }
-
-                                if (last_index < right) {
-                                        uint64_t y = last_index + 1;
-
-                                        p = le64toh(array->entry_array.items[y]);
-                                        if (p <= 0)
-                                                return -EBADMSG;
-
-                                        r = test_object(f, p, needle);
-                                        if (r < 0)
-                                                return r;
-
-                                        if (r == TEST_FOUND)
-                                                r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
-
-                                        if (r == TEST_RIGHT)
-                                                right = y;
-                                        else
-                                                left = y + 1;
-                                }
-                        }
-
-                        for (;;) {
-                                if (left == right) {
-                                        if (direction == DIRECTION_UP)
-                                                subtract_one = true;
-
-                                        i = left;
-                                        goto found;
-                                }
-
-                                assert(left < right);
-                                i = (left + right) / 2;
-
-                                p = le64toh(array->entry_array.items[i]);
-                                if (p <= 0)
-                                        r = -EBADMSG;
-                                else
-                                        r = test_object(f, p, needle);
-                                if (r == -EBADMSG) {
-                                        log_debug_errno(r, "Encountered invalid entry while bisecting, cutting algorithm short. (2)");
-                                        right = n = i;
-                                        continue;
-                                }
-                                if (r < 0)
-                                        return r;
-
-                                if (r == TEST_FOUND)
-                                        r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
-
-                                if (r == TEST_RIGHT)
-                                        right = i;
-                                else
-                                        left = i + 1;
-                        }
-                }
-
-                if (k >= n) {
-                        if (direction == DIRECTION_UP) {
-                                i = n;
-                                subtract_one = true;
-                                goto found;
-                        }
-
-                        return 0;
-                }
-
-                last_p = lp;
-
-                n -= k;
-                t += k;
-                last_index = (uint64_t) -1;
-                a = le64toh(array->entry_array.next_entry_array_offset);
-        }
-
-        return 0;
-
-found:
-        if (subtract_one && t == 0 && i == 0)
-                return 0;
-
-        /* Let's cache this item for the next invocation */
-        chain_cache_put(f->chain_cache, ci, first, a, le64toh(array->entry_array.items[0]), t, subtract_one ? (i > 0 ? i-1 : (uint64_t) -1) : i);
-
-        if (subtract_one && i == 0)
-                p = last_p;
-        else if (subtract_one)
-                p = le64toh(array->entry_array.items[i-1]);
-        else
-                p = le64toh(array->entry_array.items[i]);
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = o;
-
-        if (offset)
-                *offset = p;
-
-        if (idx)
-                *idx = t + i + (subtract_one ? -1 : 0);
-
-        return 1;
-}
-
-static int generic_array_bisect_plus_one(
-                JournalFile *f,
-                uint64_t extra,
-                uint64_t first,
-                uint64_t n,
-                uint64_t needle,
-                int (*test_object)(JournalFile *f, uint64_t p, uint64_t needle),
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset,
-                uint64_t *idx) {
-
-        int r;
-        bool step_back = false;
-        Object *o;
-
-        assert(f);
-        assert(test_object);
-
-        if (n <= 0)
-                return 0;
-
-        /* This bisects the array in object 'first', but first checks
-         * an extra  */
-        r = test_object(f, extra, needle);
-        if (r < 0)
-                return r;
-
-        if (r == TEST_FOUND)
-                r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
-
-        /* if we are looking with DIRECTION_UP then we need to first
-           see if in the actual array there is a matching entry, and
-           return the last one of that. But if there isn't any we need
-           to return this one. Hence remember this, and return it
-           below. */
-        if (r == TEST_LEFT)
-                step_back = direction == DIRECTION_UP;
-
-        if (r == TEST_RIGHT) {
-                if (direction == DIRECTION_DOWN)
-                        goto found;
-                else
-                        return 0;
-        }
-
-        r = generic_array_bisect(f, first, n-1, needle, test_object, direction, ret, offset, idx);
-
-        if (r == 0 && step_back)
-                goto found;
-
-        if (r > 0 && idx)
-                (*idx)++;
-
-        return r;
-
-found:
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = o;
-
-        if (offset)
-                *offset = extra;
-
-        if (idx)
-                *idx = 0;
-
-        return 1;
-}
-
-_pure_ static int test_object_offset(JournalFile *f, uint64_t p, uint64_t needle) {
-        assert(f);
-        assert(p > 0);
-
-        if (p == needle)
-                return TEST_FOUND;
-        else if (p < needle)
-                return TEST_LEFT;
-        else
-                return TEST_RIGHT;
-}
-
-static int test_object_seqnum(JournalFile *f, uint64_t p, uint64_t needle) {
-        Object *o;
-        int r;
-
-        assert(f);
-        assert(p > 0);
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
-        if (r < 0)
-                return r;
-
-        if (le64toh(o->entry.seqnum) == needle)
-                return TEST_FOUND;
-        else if (le64toh(o->entry.seqnum) < needle)
-                return TEST_LEFT;
-        else
-                return TEST_RIGHT;
-}
-
-int journal_file_move_to_entry_by_seqnum(
-                JournalFile *f,
-                uint64_t seqnum,
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset) {
-        assert(f);
-        assert(f->header);
-
-        return generic_array_bisect(f,
-                                    le64toh(f->header->entry_array_offset),
-                                    le64toh(f->header->n_entries),
-                                    seqnum,
-                                    test_object_seqnum,
-                                    direction,
-                                    ret, offset, NULL);
-}
-
-static int test_object_realtime(JournalFile *f, uint64_t p, uint64_t needle) {
-        Object *o;
-        int r;
-
-        assert(f);
-        assert(p > 0);
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
-        if (r < 0)
-                return r;
-
-        if (le64toh(o->entry.realtime) == needle)
-                return TEST_FOUND;
-        else if (le64toh(o->entry.realtime) < needle)
-                return TEST_LEFT;
-        else
-                return TEST_RIGHT;
-}
-
-int journal_file_move_to_entry_by_realtime(
-                JournalFile *f,
-                uint64_t realtime,
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset) {
-        assert(f);
-        assert(f->header);
-
-        return generic_array_bisect(f,
-                                    le64toh(f->header->entry_array_offset),
-                                    le64toh(f->header->n_entries),
-                                    realtime,
-                                    test_object_realtime,
-                                    direction,
-                                    ret, offset, NULL);
-}
-
-static int test_object_monotonic(JournalFile *f, uint64_t p, uint64_t needle) {
-        Object *o;
-        int r;
-
-        assert(f);
-        assert(p > 0);
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
-        if (r < 0)
-                return r;
-
-        if (le64toh(o->entry.monotonic) == needle)
-                return TEST_FOUND;
-        else if (le64toh(o->entry.monotonic) < needle)
-                return TEST_LEFT;
-        else
-                return TEST_RIGHT;
-}
-
-static int find_data_object_by_boot_id(
-                JournalFile *f,
-                sd_id128_t boot_id,
-                Object **o,
-                uint64_t *b) {
-
-        char t[sizeof("_BOOT_ID=")-1 + 32 + 1] = "_BOOT_ID=";
-
-        sd_id128_to_string(boot_id, t + 9);
-        return journal_file_find_data_object(f, t, sizeof(t) - 1, o, b);
-}
-
-int journal_file_move_to_entry_by_monotonic(
-                JournalFile *f,
-                sd_id128_t boot_id,
-                uint64_t monotonic,
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset) {
-
-        Object *o;
-        int r;
-
-        assert(f);
-
-        r = find_data_object_by_boot_id(f, boot_id, &o, NULL);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return -ENOENT;
-
-        return generic_array_bisect_plus_one(f,
-                                             le64toh(o->data.entry_offset),
-                                             le64toh(o->data.entry_array_offset),
-                                             le64toh(o->data.n_entries),
-                                             monotonic,
-                                             test_object_monotonic,
-                                             direction,
-                                             ret, offset, NULL);
-}
-
-void journal_file_reset_location(JournalFile *f) {
-        f->location_type = LOCATION_HEAD;
-        f->current_offset = 0;
-        f->current_seqnum = 0;
-        f->current_realtime = 0;
-        f->current_monotonic = 0;
-        zero(f->current_boot_id);
-        f->current_xor_hash = 0;
-}
-
-void journal_file_save_location(JournalFile *f, Object *o, uint64_t offset) {
-        f->location_type = LOCATION_SEEK;
-        f->current_offset = offset;
-        f->current_seqnum = le64toh(o->entry.seqnum);
-        f->current_realtime = le64toh(o->entry.realtime);
-        f->current_monotonic = le64toh(o->entry.monotonic);
-        f->current_boot_id = o->entry.boot_id;
-        f->current_xor_hash = le64toh(o->entry.xor_hash);
-}
-
-int journal_file_compare_locations(JournalFile *af, JournalFile *bf) {
-        assert(af);
-        assert(af->header);
-        assert(bf);
-        assert(bf->header);
-        assert(af->location_type == LOCATION_SEEK);
-        assert(bf->location_type == LOCATION_SEEK);
-
-        /* If contents and timestamps match, these entries are
-         * identical, even if the seqnum does not match */
-        if (sd_id128_equal(af->current_boot_id, bf->current_boot_id) &&
-            af->current_monotonic == bf->current_monotonic &&
-            af->current_realtime == bf->current_realtime &&
-            af->current_xor_hash == bf->current_xor_hash)
-                return 0;
-
-        if (sd_id128_equal(af->header->seqnum_id, bf->header->seqnum_id)) {
-
-                /* If this is from the same seqnum source, compare
-                 * seqnums */
-                if (af->current_seqnum < bf->current_seqnum)
-                        return -1;
-                if (af->current_seqnum > bf->current_seqnum)
-                        return 1;
-
-                /* Wow! This is weird, different data but the same
-                 * seqnums? Something is borked, but let's make the
-                 * best of it and compare by time. */
-        }
-
-        if (sd_id128_equal(af->current_boot_id, bf->current_boot_id)) {
-
-                /* If the boot id matches, compare monotonic time */
-                if (af->current_monotonic < bf->current_monotonic)
-                        return -1;
-                if (af->current_monotonic > bf->current_monotonic)
-                        return 1;
-        }
-
-        /* Otherwise, compare UTC time */
-        if (af->current_realtime < bf->current_realtime)
-                return -1;
-        if (af->current_realtime > bf->current_realtime)
-                return 1;
-
-        /* Finally, compare by contents */
-        if (af->current_xor_hash < bf->current_xor_hash)
-                return -1;
-        if (af->current_xor_hash > bf->current_xor_hash)
-                return 1;
-
-        return 0;
-}
-
-int journal_file_next_entry(
-                JournalFile *f,
-                uint64_t p,
-                direction_t direction,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t i, n, ofs;
-        int r;
-
-        assert(f);
-        assert(f->header);
-
-        n = le64toh(f->header->n_entries);
-        if (n <= 0)
-                return 0;
-
-        if (p == 0)
-                i = direction == DIRECTION_DOWN ? 0 : n - 1;
-        else {
-                r = generic_array_bisect(f,
-                                         le64toh(f->header->entry_array_offset),
-                                         le64toh(f->header->n_entries),
-                                         p,
-                                         test_object_offset,
-                                         DIRECTION_DOWN,
-                                         NULL, NULL,
-                                         &i);
-                if (r <= 0)
-                        return r;
-
-                if (direction == DIRECTION_DOWN) {
-                        if (i >= n - 1)
-                                return 0;
-
-                        i++;
-                } else {
-                        if (i <= 0)
-                                return 0;
-
-                        i--;
-                }
-        }
-
-        /* And jump to it */
-        r = generic_array_get(f,
-                              le64toh(f->header->entry_array_offset),
-                              i,
-                              ret, &ofs);
-        if (r == -EBADMSG && direction == DIRECTION_DOWN) {
-                /* Special case: when we iterate throught the journal file linearly, and hit an entry we can't read,
-                 * consider this the end of the journal file. */
-                log_debug_errno(r, "Encountered entry we can't read while iterating through journal file. Considering this the end of the file.");
-                return 0;
-        }
-        if (r <= 0)
-                return r;
-
-        if (p > 0 &&
-            (direction == DIRECTION_DOWN ? ofs <= p : ofs >= p)) {
-                log_debug("%s: entry array corrupted at entry %" PRIu64, f->path, i);
-                return -EBADMSG;
-        }
-
-        if (offset)
-                *offset = ofs;
-
-        return 1;
-}
-
-int journal_file_next_entry_for_data(
-                JournalFile *f,
-                Object *o, uint64_t p,
-                uint64_t data_offset,
-                direction_t direction,
-                Object **ret, uint64_t *offset) {
-
-        uint64_t n, i;
-        int r;
-        Object *d;
-
-        assert(f);
-        assert(p > 0 || !o);
-
-        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
-        if (r < 0)
-                return r;
-
-        n = le64toh(d->data.n_entries);
-        if (n <= 0)
-                return n;
-
-        if (!o)
-                i = direction == DIRECTION_DOWN ? 0 : n - 1;
-        else {
-                if (o->object.type != OBJECT_ENTRY)
-                        return -EINVAL;
-
-                r = generic_array_bisect_plus_one(f,
-                                                  le64toh(d->data.entry_offset),
-                                                  le64toh(d->data.entry_array_offset),
-                                                  le64toh(d->data.n_entries),
-                                                  p,
-                                                  test_object_offset,
-                                                  DIRECTION_DOWN,
-                                                  NULL, NULL,
-                                                  &i);
-
-                if (r <= 0)
-                        return r;
-
-                if (direction == DIRECTION_DOWN) {
-                        if (i >= n - 1)
-                                return 0;
-
-                        i++;
-                } else {
-                        if (i <= 0)
-                                return 0;
-
-                        i--;
-                }
-
-        }
-
-        return generic_array_get_plus_one(f,
-                                          le64toh(d->data.entry_offset),
-                                          le64toh(d->data.entry_array_offset),
-                                          i,
-                                          ret, offset);
-}
-
-int journal_file_move_to_entry_by_offset_for_data(
-                JournalFile *f,
-                uint64_t data_offset,
-                uint64_t p,
-                direction_t direction,
-                Object **ret, uint64_t *offset) {
-
-        int r;
-        Object *d;
-
-        assert(f);
-
-        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
-        if (r < 0)
-                return r;
-
-        return generic_array_bisect_plus_one(f,
-                                             le64toh(d->data.entry_offset),
-                                             le64toh(d->data.entry_array_offset),
-                                             le64toh(d->data.n_entries),
-                                             p,
-                                             test_object_offset,
-                                             direction,
-                                             ret, offset, NULL);
-}
-
-int journal_file_move_to_entry_by_monotonic_for_data(
-                JournalFile *f,
-                uint64_t data_offset,
-                sd_id128_t boot_id,
-                uint64_t monotonic,
-                direction_t direction,
-                Object **ret, uint64_t *offset) {
-
-        Object *o, *d;
-        int r;
-        uint64_t b, z;
-
-        assert(f);
-
-        /* First, seek by time */
-        r = find_data_object_by_boot_id(f, boot_id, &o, &b);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return -ENOENT;
-
-        r = generic_array_bisect_plus_one(f,
-                                          le64toh(o->data.entry_offset),
-                                          le64toh(o->data.entry_array_offset),
-                                          le64toh(o->data.n_entries),
-                                          monotonic,
-                                          test_object_monotonic,
-                                          direction,
-                                          NULL, &z, NULL);
-        if (r <= 0)
-                return r;
-
-        /* And now, continue seeking until we find an entry that
-         * exists in both bisection arrays */
-
-        for (;;) {
-                Object *qo;
-                uint64_t p, q;
-
-                r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
-                if (r < 0)
-                        return r;
-
-                r = generic_array_bisect_plus_one(f,
-                                                  le64toh(d->data.entry_offset),
-                                                  le64toh(d->data.entry_array_offset),
-                                                  le64toh(d->data.n_entries),
-                                                  z,
-                                                  test_object_offset,
-                                                  direction,
-                                                  NULL, &p, NULL);
-                if (r <= 0)
-                        return r;
-
-                r = journal_file_move_to_object(f, OBJECT_DATA, b, &o);
-                if (r < 0)
-                        return r;
-
-                r = generic_array_bisect_plus_one(f,
-                                                  le64toh(o->data.entry_offset),
-                                                  le64toh(o->data.entry_array_offset),
-                                                  le64toh(o->data.n_entries),
-                                                  p,
-                                                  test_object_offset,
-                                                  direction,
-                                                  &qo, &q, NULL);
-
-                if (r <= 0)
-                        return r;
-
-                if (p == q) {
-                        if (ret)
-                                *ret = qo;
-                        if (offset)
-                                *offset = q;
-
-                        return 1;
-                }
-
-                z = q;
-        }
-}
-
-int journal_file_move_to_entry_by_seqnum_for_data(
-                JournalFile *f,
-                uint64_t data_offset,
-                uint64_t seqnum,
-                direction_t direction,
-                Object **ret, uint64_t *offset) {
-
-        Object *d;
-        int r;
-
-        assert(f);
-
-        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
-        if (r < 0)
-                return r;
-
-        return generic_array_bisect_plus_one(f,
-                                             le64toh(d->data.entry_offset),
-                                             le64toh(d->data.entry_array_offset),
-                                             le64toh(d->data.n_entries),
-                                             seqnum,
-                                             test_object_seqnum,
-                                             direction,
-                                             ret, offset, NULL);
-}
-
-int journal_file_move_to_entry_by_realtime_for_data(
-                JournalFile *f,
-                uint64_t data_offset,
-                uint64_t realtime,
-                direction_t direction,
-                Object **ret, uint64_t *offset) {
-
-        Object *d;
-        int r;
-
-        assert(f);
-
-        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
-        if (r < 0)
-                return r;
-
-        return generic_array_bisect_plus_one(f,
-                                             le64toh(d->data.entry_offset),
-                                             le64toh(d->data.entry_array_offset),
-                                             le64toh(d->data.n_entries),
-                                             realtime,
-                                             test_object_realtime,
-                                             direction,
-                                             ret, offset, NULL);
-}
-
-void journal_file_dump(JournalFile *f) {
-        Object *o;
-        int r;
-        uint64_t p;
-
-        assert(f);
-        assert(f->header);
-
-        journal_file_print_header(f);
-
-        p = le64toh(f->header->header_size);
-        while (p != 0) {
-                r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o);
-                if (r < 0)
-                        goto fail;
-
-                switch (o->object.type) {
-
-                case OBJECT_UNUSED:
-                        printf("Type: OBJECT_UNUSED\n");
-                        break;
-
-                case OBJECT_DATA:
-                        printf("Type: OBJECT_DATA\n");
-                        break;
-
-                case OBJECT_FIELD:
-                        printf("Type: OBJECT_FIELD\n");
-                        break;
-
-                case OBJECT_ENTRY:
-                        printf("Type: OBJECT_ENTRY seqnum=%"PRIu64" monotonic=%"PRIu64" realtime=%"PRIu64"\n",
-                               le64toh(o->entry.seqnum),
-                               le64toh(o->entry.monotonic),
-                               le64toh(o->entry.realtime));
-                        break;
-
-                case OBJECT_FIELD_HASH_TABLE:
-                        printf("Type: OBJECT_FIELD_HASH_TABLE\n");
-                        break;
-
-                case OBJECT_DATA_HASH_TABLE:
-                        printf("Type: OBJECT_DATA_HASH_TABLE\n");
-                        break;
-
-                case OBJECT_ENTRY_ARRAY:
-                        printf("Type: OBJECT_ENTRY_ARRAY\n");
-                        break;
-
-                case OBJECT_TAG:
-                        printf("Type: OBJECT_TAG seqnum=%"PRIu64" epoch=%"PRIu64"\n",
-                               le64toh(o->tag.seqnum),
-                               le64toh(o->tag.epoch));
-                        break;
-
-                default:
-                        printf("Type: unknown (%i)\n", o->object.type);
-                        break;
-                }
-
-                if (o->object.flags & OBJECT_COMPRESSION_MASK)
-                        printf("Flags: %s\n",
-                               object_compressed_to_string(o->object.flags & OBJECT_COMPRESSION_MASK));
-
-                if (p == le64toh(f->header->tail_object_offset))
-                        p = 0;
-                else
-                        p = p + ALIGN64(le64toh(o->object.size));
-        }
-
-        return;
-fail:
-        log_error("File corrupt");
-}
-
-static const char* format_timestamp_safe(char *buf, size_t l, usec_t t) {
-        const char *x;
-
-        x = format_timestamp(buf, l, t);
-        if (x)
-                return x;
-        return " --- ";
-}
-
-void journal_file_print_header(JournalFile *f) {
-        char a[33], b[33], c[33], d[33];
-        char x[FORMAT_TIMESTAMP_MAX], y[FORMAT_TIMESTAMP_MAX], z[FORMAT_TIMESTAMP_MAX];
-        struct stat st;
-        char bytes[FORMAT_BYTES_MAX];
-
-        assert(f);
-        assert(f->header);
-
-        printf("File Path: %s\n"
-               "File ID: %s\n"
-               "Machine ID: %s\n"
-               "Boot ID: %s\n"
-               "Sequential Number ID: %s\n"
-               "State: %s\n"
-               "Compatible Flags:%s%s\n"
-               "Incompatible Flags:%s%s%s\n"
-               "Header size: %"PRIu64"\n"
-               "Arena size: %"PRIu64"\n"
-               "Data Hash Table Size: %"PRIu64"\n"
-               "Field Hash Table Size: %"PRIu64"\n"
-               "Rotate Suggested: %s\n"
-               "Head Sequential Number: %"PRIu64" (%"PRIx64")\n"
-               "Tail Sequential Number: %"PRIu64" (%"PRIx64")\n"
-               "Head Realtime Timestamp: %s (%"PRIx64")\n"
-               "Tail Realtime Timestamp: %s (%"PRIx64")\n"
-               "Tail Monotonic Timestamp: %s (%"PRIx64")\n"
-               "Objects: %"PRIu64"\n"
-               "Entry Objects: %"PRIu64"\n",
-               f->path,
-               sd_id128_to_string(f->header->file_id, a),
-               sd_id128_to_string(f->header->machine_id, b),
-               sd_id128_to_string(f->header->boot_id, c),
-               sd_id128_to_string(f->header->seqnum_id, d),
-               f->header->state == STATE_OFFLINE ? "OFFLINE" :
-               f->header->state == STATE_ONLINE ? "ONLINE" :
-               f->header->state == STATE_ARCHIVED ? "ARCHIVED" : "UNKNOWN",
-               JOURNAL_HEADER_SEALED(f->header) ? " SEALED" : "",
-               (le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_ANY) ? " ???" : "",
-               JOURNAL_HEADER_COMPRESSED_XZ(f->header) ? " COMPRESSED-XZ" : "",
-               JOURNAL_HEADER_COMPRESSED_LZ4(f->header) ? " COMPRESSED-LZ4" : "",
-               (le32toh(f->header->incompatible_flags) & ~HEADER_INCOMPATIBLE_ANY) ? " ???" : "",
-               le64toh(f->header->header_size),
-               le64toh(f->header->arena_size),
-               le64toh(f->header->data_hash_table_size) / sizeof(HashItem),
-               le64toh(f->header->field_hash_table_size) / sizeof(HashItem),
-               yes_no(journal_file_rotate_suggested(f, 0)),
-               le64toh(f->header->head_entry_seqnum), le64toh(f->header->head_entry_seqnum),
-               le64toh(f->header->tail_entry_seqnum), le64toh(f->header->tail_entry_seqnum),
-               format_timestamp_safe(x, sizeof(x), le64toh(f->header->head_entry_realtime)), le64toh(f->header->head_entry_realtime),
-               format_timestamp_safe(y, sizeof(y), le64toh(f->header->tail_entry_realtime)), le64toh(f->header->tail_entry_realtime),
-               format_timespan(z, sizeof(z), le64toh(f->header->tail_entry_monotonic), USEC_PER_MSEC), le64toh(f->header->tail_entry_monotonic),
-               le64toh(f->header->n_objects),
-               le64toh(f->header->n_entries));
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
-                printf("Data Objects: %"PRIu64"\n"
-                       "Data Hash Table Fill: %.1f%%\n",
-                       le64toh(f->header->n_data),
-                       100.0 * (double) le64toh(f->header->n_data) / ((double) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem))));
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
-                printf("Field Objects: %"PRIu64"\n"
-                       "Field Hash Table Fill: %.1f%%\n",
-                       le64toh(f->header->n_fields),
-                       100.0 * (double) le64toh(f->header->n_fields) / ((double) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem))));
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_tags))
-                printf("Tag Objects: %"PRIu64"\n",
-                       le64toh(f->header->n_tags));
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
-                printf("Entry Array Objects: %"PRIu64"\n",
-                       le64toh(f->header->n_entry_arrays));
-
-        if (fstat(f->fd, &st) >= 0)
-                printf("Disk usage: %s\n", format_bytes(bytes, sizeof(bytes), (uint64_t) st.st_blocks * 512ULL));
-}
-
-static int journal_file_warn_btrfs(JournalFile *f) {
-        unsigned attrs;
-        int r;
-
-        assert(f);
-
-        /* Before we write anything, check if the COW logic is turned
-         * off on btrfs. Given our write pattern that is quite
-         * unfriendly to COW file systems this should greatly improve
-         * performance on COW file systems, such as btrfs, at the
-         * expense of data integrity features (which shouldn't be too
-         * bad, given that we do our own checksumming). */
-
-        r = btrfs_is_filesystem(f->fd);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to determine if journal is on btrfs: %m");
-        if (!r)
-                return 0;
-
-        r = read_attr_fd(f->fd, &attrs);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to read file attributes: %m");
-
-        if (attrs & FS_NOCOW_FL) {
-                log_debug("Detected btrfs file system with copy-on-write disabled, all is good.");
-                return 0;
-        }
-
-        log_notice("Creating journal file %s on a btrfs file system, and copy-on-write is enabled. "
-                   "This is likely to slow down journal access substantially, please consider turning "
-                   "off the copy-on-write file attribute on the journal directory, using chattr +C.", f->path);
-
-        return 1;
-}
-
-int journal_file_open(
-                int fd,
-                const char *fname,
-                int flags,
-                mode_t mode,
-                bool compress,
-                bool seal,
-                JournalMetrics *metrics,
-                MMapCache *mmap_cache,
-                Set *deferred_closes,
-                JournalFile *template,
-                JournalFile **ret) {
-
-        bool newly_created = false;
-        JournalFile *f;
-        void *h;
-        int r;
-
-        assert(ret);
-        assert(fd >= 0 || fname);
-
-        if ((flags & O_ACCMODE) != O_RDONLY &&
-            (flags & O_ACCMODE) != O_RDWR)
-                return -EINVAL;
-
-        if (fname) {
-                if (!endswith(fname, ".journal") &&
-                    !endswith(fname, ".journal~"))
-                        return -EINVAL;
-        }
-
-        f = new0(JournalFile, 1);
-        if (!f)
-                return -ENOMEM;
-
-        f->fd = fd;
-        f->mode = mode;
-
-        f->flags = flags;
-        f->prot = prot_from_flags(flags);
-        f->writable = (flags & O_ACCMODE) != O_RDONLY;
-#if defined(HAVE_LZ4)
-        f->compress_lz4 = compress;
-#elif defined(HAVE_XZ)
-        f->compress_xz = compress;
-#endif
-#ifdef HAVE_GCRYPT
-        f->seal = seal;
-#endif
-
-        if (mmap_cache)
-                f->mmap = mmap_cache_ref(mmap_cache);
-        else {
-                f->mmap = mmap_cache_new();
-                if (!f->mmap) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (fname)
-                f->path = strdup(fname);
-        else /* If we don't know the path, fill in something explanatory and vaguely useful */
-                asprintf(&f->path, "/proc/self/%i", fd);
-        if (!f->path) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        f->chain_cache = ordered_hashmap_new(&uint64_hash_ops);
-        if (!f->chain_cache) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        if (f->fd < 0) {
-                f->fd = open(f->path, f->flags|O_CLOEXEC, f->mode);
-                if (f->fd < 0) {
-                        r = -errno;
-                        goto fail;
-                }
-
-                /* fds we opened here by us should also be closed by us. */
-                f->close_fd = true;
-        }
-
-        r = journal_file_fstat(f);
-        if (r < 0)
-                goto fail;
-
-        if (f->last_stat.st_size == 0 && f->writable) {
-
-                (void) journal_file_warn_btrfs(f);
-
-                /* Let's attach the creation time to the journal file,
-                 * so that the vacuuming code knows the age of this
-                 * file even if the file might end up corrupted one
-                 * day... Ideally we'd just use the creation time many
-                 * file systems maintain for each file, but there is
-                 * currently no usable API to query this, hence let's
-                 * emulate this via extended attributes. If extended
-                 * attributes are not supported we'll just skip this,
-                 * and rely solely on mtime/atime/ctime of the file. */
-
-                fd_setcrtime(f->fd, 0);
-
-#ifdef HAVE_GCRYPT
-                /* Try to load the FSPRG state, and if we can't, then
-                 * just don't do sealing */
-                if (f->seal) {
-                        r = journal_file_fss_load(f);
-                        if (r < 0)
-                                f->seal = false;
-                }
-#endif
-
-                r = journal_file_init_header(f, template);
-                if (r < 0)
-                        goto fail;
-
-                r = journal_file_fstat(f);
-                if (r < 0)
-                        goto fail;
-
-                newly_created = true;
-        }
-
-        if (f->last_stat.st_size < (off_t) HEADER_SIZE_MIN) {
-                r = -ENODATA;
-                goto fail;
-        }
-
-        r = mmap_cache_get(f->mmap, f->fd, f->prot, CONTEXT_HEADER, true, 0, PAGE_ALIGN(sizeof(Header)), &f->last_stat, &h);
-        if (r < 0)
-                goto fail;
-
-        f->header = h;
-
-        if (!newly_created) {
-                if (deferred_closes)
-                        journal_file_close_set(deferred_closes);
-
-                r = journal_file_verify_header(f);
-                if (r < 0)
-                        goto fail;
-        }
-
-#ifdef HAVE_GCRYPT
-        if (!newly_created && f->writable) {
-                r = journal_file_fss_load(f);
-                if (r < 0)
-                        goto fail;
-        }
-#endif
-
-        if (f->writable) {
-                if (metrics) {
-                        journal_default_metrics(metrics, f->fd);
-                        f->metrics = *metrics;
-                } else if (template)
-                        f->metrics = template->metrics;
-
-                r = journal_file_refresh_header(f);
-                if (r < 0)
-                        goto fail;
-        }
-
-#ifdef HAVE_GCRYPT
-        r = journal_file_hmac_setup(f);
-        if (r < 0)
-                goto fail;
-#endif
-
-        if (newly_created) {
-                r = journal_file_setup_field_hash_table(f);
-                if (r < 0)
-                        goto fail;
-
-                r = journal_file_setup_data_hash_table(f);
-                if (r < 0)
-                        goto fail;
-
-#ifdef HAVE_GCRYPT
-                r = journal_file_append_first_tag(f);
-                if (r < 0)
-                        goto fail;
-#endif
-        }
-
-        if (mmap_cache_got_sigbus(f->mmap, f->fd)) {
-                r = -EIO;
-                goto fail;
-        }
-
-        if (template && template->post_change_timer) {
-                r = journal_file_enable_post_change_timer(
-                                f,
-                                sd_event_source_get_event(template->post_change_timer),
-                                template->post_change_timer_period);
-
-                if (r < 0)
-                        goto fail;
-        }
-
-        /* The file is opened now successfully, thus we take possession of any passed in fd. */
-        f->close_fd = true;
-
-        *ret = f;
-        return 0;
-
-fail:
-        if (f->fd >= 0 && mmap_cache_got_sigbus(f->mmap, f->fd))
-                r = -EIO;
-
-        (void) journal_file_close(f);
-
-        return r;
-}
-
-int journal_file_rotate(JournalFile **f, bool compress, bool seal, Set *deferred_closes) {
-        _cleanup_free_ char *p = NULL;
-        size_t l;
-        JournalFile *old_file, *new_file = NULL;
-        int r;
-
-        assert(f);
-        assert(*f);
-
-        old_file = *f;
-
-        if (!old_file->writable)
-                return -EINVAL;
-
-        /* Is this a journal file that was passed to us as fd? If so, we synthesized a path name for it, and we refuse
-         * rotation, since we don't know the actual path, and couldn't rename the file hence.*/
-        if (path_startswith(old_file->path, "/proc/self/fd"))
-                return -EINVAL;
-
-        if (!endswith(old_file->path, ".journal"))
-                return -EINVAL;
-
-        l = strlen(old_file->path);
-        r = asprintf(&p, "%.*s@" SD_ID128_FORMAT_STR "-%016"PRIx64"-%016"PRIx64".journal",
-                     (int) l - 8, old_file->path,
-                     SD_ID128_FORMAT_VAL(old_file->header->seqnum_id),
-                     le64toh((*f)->header->head_entry_seqnum),
-                     le64toh((*f)->header->head_entry_realtime));
-        if (r < 0)
-                return -ENOMEM;
-
-        /* Try to rename the file to the archived version. If the file
-         * already was deleted, we'll get ENOENT, let's ignore that
-         * case. */
-        r = rename(old_file->path, p);
-        if (r < 0 && errno != ENOENT)
-                return -errno;
-
-        /* Sync the rename to disk */
-        (void) fsync_directory_of_file(old_file->fd);
-
-        /* Set as archive so offlining commits w/state=STATE_ARCHIVED.
-         * Previously we would set old_file->header->state to STATE_ARCHIVED directly here,
-         * but journal_file_set_offline() short-circuits when state != STATE_ONLINE, which
-         * would result in the rotated journal never getting fsync() called before closing.
-         * Now we simply queue the archive state by setting an archive bit, leaving the state
-         * as STATE_ONLINE so proper offlining occurs. */
-        old_file->archive = true;
-
-        /* Currently, btrfs is not very good with out write patterns
-         * and fragments heavily. Let's defrag our journal files when
-         * we archive them */
-        old_file->defrag_on_close = true;
-
-        r = journal_file_open(-1, old_file->path, old_file->flags, old_file->mode, compress, seal, NULL, old_file->mmap, deferred_closes, old_file, &new_file);
-
-        if (deferred_closes &&
-            set_put(deferred_closes, old_file) >= 0)
-                (void) journal_file_set_offline(old_file, false);
-        else
-                (void) journal_file_close(old_file);
-
-        *f = new_file;
-        return r;
-}
-
-int journal_file_open_reliably(
-                const char *fname,
-                int flags,
-                mode_t mode,
-                bool compress,
-                bool seal,
-                JournalMetrics *metrics,
-                MMapCache *mmap_cache,
-                Set *deferred_closes,
-                JournalFile *template,
-                JournalFile **ret) {
-
-        int r;
-        size_t l;
-        _cleanup_free_ char *p = NULL;
-
-        r = journal_file_open(-1, fname, flags, mode, compress, seal, metrics, mmap_cache, deferred_closes, template, ret);
-        if (!IN_SET(r,
-                    -EBADMSG,           /* corrupted */
-                    -ENODATA,           /* truncated */
-                    -EHOSTDOWN,         /* other machine */
-                    -EPROTONOSUPPORT,   /* incompatible feature */
-                    -EBUSY,             /* unclean shutdown */
-                    -ESHUTDOWN,         /* already archived */
-                    -EIO,               /* IO error, including SIGBUS on mmap */
-                    -EIDRM              /* File has been deleted */))
-                return r;
-
-        if ((flags & O_ACCMODE) == O_RDONLY)
-                return r;
-
-        if (!(flags & O_CREAT))
-                return r;
-
-        if (!endswith(fname, ".journal"))
-                return r;
-
-        /* The file is corrupted. Rotate it away and try it again (but only once) */
-
-        l = strlen(fname);
-        if (asprintf(&p, "%.*s@%016"PRIx64 "-%016"PRIx64 ".journal~",
-                     (int) l - 8, fname,
-                     now(CLOCK_REALTIME),
-                     random_u64()) < 0)
-                return -ENOMEM;
-
-        if (rename(fname, p) < 0)
-                return -errno;
-
-        /* btrfs doesn't cope well with our write pattern and
-         * fragments heavily. Let's defrag all files we rotate */
-
-        (void) chattr_path(p, 0, FS_NOCOW_FL);
-        (void) btrfs_defrag(p);
-
-        log_warning_errno(r, "File %s corrupted or uncleanly shut down, renaming and replacing.", fname);
-
-        return journal_file_open(-1, fname, flags, mode, compress, seal, metrics, mmap_cache, deferred_closes, template, ret);
-}
-
-int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p, uint64_t *seqnum, Object **ret, uint64_t *offset) {
-        uint64_t i, n;
-        uint64_t q, xor_hash = 0;
-        int r;
-        EntryItem *items;
-        dual_timestamp ts;
-
-        assert(from);
-        assert(to);
-        assert(o);
-        assert(p);
-
-        if (!to->writable)
-                return -EPERM;
-
-        ts.monotonic = le64toh(o->entry.monotonic);
-        ts.realtime = le64toh(o->entry.realtime);
-
-        n = journal_file_entry_n_items(o);
-        /* alloca() can't take 0, hence let's allocate at least one */
-        items = alloca(sizeof(EntryItem) * MAX(1u, n));
-
-        for (i = 0; i < n; i++) {
-                uint64_t l, h;
-                le64_t le_hash;
-                size_t t;
-                void *data;
-                Object *u;
-
-                q = le64toh(o->entry.items[i].object_offset);
-                le_hash = o->entry.items[i].hash;
-
-                r = journal_file_move_to_object(from, OBJECT_DATA, q, &o);
-                if (r < 0)
-                        return r;
-
-                if (le_hash != o->data.hash)
-                        return -EBADMSG;
-
-                l = le64toh(o->object.size) - offsetof(Object, data.payload);
-                t = (size_t) l;
-
-                /* We hit the limit on 32bit machines */
-                if ((uint64_t) t != l)
-                        return -E2BIG;
-
-                if (o->object.flags & OBJECT_COMPRESSION_MASK) {
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-                        size_t rsize = 0;
-
-                        r = decompress_blob(o->object.flags & OBJECT_COMPRESSION_MASK,
-                                            o->data.payload, l, &from->compress_buffer, &from->compress_buffer_size, &rsize, 0);
-                        if (r < 0)
-                                return r;
-
-                        data = from->compress_buffer;
-                        l = rsize;
-#else
-                        return -EPROTONOSUPPORT;
-#endif
-                } else
-                        data = o->data.payload;
-
-                r = journal_file_append_data(to, data, l, &u, &h);
-                if (r < 0)
-                        return r;
-
-                xor_hash ^= le64toh(u->data.hash);
-                items[i].object_offset = htole64(h);
-                items[i].hash = u->data.hash;
-
-                r = journal_file_move_to_object(from, OBJECT_ENTRY, p, &o);
-                if (r < 0)
-                        return r;
-        }
-
-        r = journal_file_append_entry_internal(to, &ts, xor_hash, items, n, seqnum, ret, offset);
-
-        if (mmap_cache_got_sigbus(to->mmap, to->fd))
-                return -EIO;
-
-        return r;
-}
-
-void journal_reset_metrics(JournalMetrics *m) {
-        assert(m);
-
-        /* Set everything to "pick automatic values". */
-
-        *m = (JournalMetrics) {
-                .min_use = (uint64_t) -1,
-                .max_use = (uint64_t) -1,
-                .min_size = (uint64_t) -1,
-                .max_size = (uint64_t) -1,
-                .keep_free = (uint64_t) -1,
-                .n_max_files = (uint64_t) -1,
-        };
-}
-
-void journal_default_metrics(JournalMetrics *m, int fd) {
-        char a[FORMAT_BYTES_MAX], b[FORMAT_BYTES_MAX], c[FORMAT_BYTES_MAX], d[FORMAT_BYTES_MAX], e[FORMAT_BYTES_MAX];
-        struct statvfs ss;
-        uint64_t fs_size;
-
-        assert(m);
-        assert(fd >= 0);
-
-        if (fstatvfs(fd, &ss) >= 0)
-                fs_size = ss.f_frsize * ss.f_blocks;
-        else {
-                log_debug_errno(errno, "Failed to detremine disk size: %m");
-                fs_size = 0;
-        }
-
-        if (m->max_use == (uint64_t) -1) {
-
-                if (fs_size > 0) {
-                        m->max_use = PAGE_ALIGN(fs_size / 10); /* 10% of file system size */
-
-                        if (m->max_use > DEFAULT_MAX_USE_UPPER)
-                                m->max_use = DEFAULT_MAX_USE_UPPER;
-
-                        if (m->max_use < DEFAULT_MAX_USE_LOWER)
-                                m->max_use = DEFAULT_MAX_USE_LOWER;
-                } else
-                        m->max_use = DEFAULT_MAX_USE_LOWER;
-        } else {
-                m->max_use = PAGE_ALIGN(m->max_use);
-
-                if (m->max_use != 0 && m->max_use < JOURNAL_FILE_SIZE_MIN*2)
-                        m->max_use = JOURNAL_FILE_SIZE_MIN*2;
-        }
-
-        if (m->min_use == (uint64_t) -1)
-                m->min_use = DEFAULT_MIN_USE;
-
-        if (m->min_use > m->max_use)
-                m->min_use = m->max_use;
-
-        if (m->max_size == (uint64_t) -1) {
-                m->max_size = PAGE_ALIGN(m->max_use / 8); /* 8 chunks */
-
-                if (m->max_size > DEFAULT_MAX_SIZE_UPPER)
-                        m->max_size = DEFAULT_MAX_SIZE_UPPER;
-        } else
-                m->max_size = PAGE_ALIGN(m->max_size);
-
-        if (m->max_size != 0) {
-                if (m->max_size < JOURNAL_FILE_SIZE_MIN)
-                        m->max_size = JOURNAL_FILE_SIZE_MIN;
-
-                if (m->max_use != 0 && m->max_size*2 > m->max_use)
-                        m->max_use = m->max_size*2;
-        }
-
-        if (m->min_size == (uint64_t) -1)
-                m->min_size = JOURNAL_FILE_SIZE_MIN;
-        else {
-                m->min_size = PAGE_ALIGN(m->min_size);
-
-                if (m->min_size < JOURNAL_FILE_SIZE_MIN)
-                        m->min_size = JOURNAL_FILE_SIZE_MIN;
-
-                if (m->max_size != 0 && m->min_size > m->max_size)
-                        m->max_size = m->min_size;
-        }
-
-        if (m->keep_free == (uint64_t) -1) {
-
-                if (fs_size > 0) {
-                        m->keep_free = PAGE_ALIGN(fs_size * 3 / 20); /* 15% of file system size */
-
-                        if (m->keep_free > DEFAULT_KEEP_FREE_UPPER)
-                                m->keep_free = DEFAULT_KEEP_FREE_UPPER;
-
-                } else
-                        m->keep_free = DEFAULT_KEEP_FREE;
-        }
-
-        if (m->n_max_files == (uint64_t) -1)
-                m->n_max_files = DEFAULT_N_MAX_FILES;
-
-        log_debug("Fixed min_use=%s max_use=%s max_size=%s min_size=%s keep_free=%s n_max_files=%" PRIu64,
-                  format_bytes(a, sizeof(a), m->min_use),
-                  format_bytes(b, sizeof(b), m->max_use),
-                  format_bytes(c, sizeof(c), m->max_size),
-                  format_bytes(d, sizeof(d), m->min_size),
-                  format_bytes(e, sizeof(e), m->keep_free),
-                  m->n_max_files);
-}
-
-int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *to) {
-        assert(f);
-        assert(f->header);
-        assert(from || to);
-
-        if (from) {
-                if (f->header->head_entry_realtime == 0)
-                        return -ENOENT;
-
-                *from = le64toh(f->header->head_entry_realtime);
-        }
-
-        if (to) {
-                if (f->header->tail_entry_realtime == 0)
-                        return -ENOENT;
-
-                *to = le64toh(f->header->tail_entry_realtime);
-        }
-
-        return 1;
-}
-
-int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot_id, usec_t *from, usec_t *to) {
-        Object *o;
-        uint64_t p;
-        int r;
-
-        assert(f);
-        assert(from || to);
-
-        r = find_data_object_by_boot_id(f, boot_id, &o, &p);
-        if (r <= 0)
-                return r;
-
-        if (le64toh(o->data.n_entries) <= 0)
-                return 0;
-
-        if (from) {
-                r = journal_file_move_to_object(f, OBJECT_ENTRY, le64toh(o->data.entry_offset), &o);
-                if (r < 0)
-                        return r;
-
-                *from = le64toh(o->entry.monotonic);
-        }
-
-        if (to) {
-                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
-                if (r < 0)
-                        return r;
-
-                r = generic_array_get_plus_one(f,
-                                               le64toh(o->data.entry_offset),
-                                               le64toh(o->data.entry_array_offset),
-                                               le64toh(o->data.n_entries)-1,
-                                               &o, NULL);
-                if (r <= 0)
-                        return r;
-
-                *to = le64toh(o->entry.monotonic);
-        }
-
-        return 1;
-}
-
-bool journal_file_rotate_suggested(JournalFile *f, usec_t max_file_usec) {
-        assert(f);
-        assert(f->header);
-
-        /* If we gained new header fields we gained new features,
-         * hence suggest a rotation */
-        if (le64toh(f->header->header_size) < sizeof(Header)) {
-                log_debug("%s uses an outdated header, suggesting rotation.", f->path);
-                return true;
-        }
-
-        /* Let's check if the hash tables grew over a certain fill
-         * level (75%, borrowing this value from Java's hash table
-         * implementation), and if so suggest a rotation. To calculate
-         * the fill level we need the n_data field, which only exists
-         * in newer versions. */
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
-                if (le64toh(f->header->n_data) * 4ULL > (le64toh(f->header->data_hash_table_size) / sizeof(HashItem)) * 3ULL) {
-                        log_debug("Data hash table of %s has a fill level at %.1f (%"PRIu64" of %"PRIu64" items, %llu file size, %"PRIu64" bytes per hash table item), suggesting rotation.",
-                                  f->path,
-                                  100.0 * (double) le64toh(f->header->n_data) / ((double) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem))),
-                                  le64toh(f->header->n_data),
-                                  le64toh(f->header->data_hash_table_size) / sizeof(HashItem),
-                                  (unsigned long long) f->last_stat.st_size,
-                                  f->last_stat.st_size / le64toh(f->header->n_data));
-                        return true;
-                }
-
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
-                if (le64toh(f->header->n_fields) * 4ULL > (le64toh(f->header->field_hash_table_size) / sizeof(HashItem)) * 3ULL) {
-                        log_debug("Field hash table of %s has a fill level at %.1f (%"PRIu64" of %"PRIu64" items), suggesting rotation.",
-                                  f->path,
-                                  100.0 * (double) le64toh(f->header->n_fields) / ((double) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem))),
-                                  le64toh(f->header->n_fields),
-                                  le64toh(f->header->field_hash_table_size) / sizeof(HashItem));
-                        return true;
-                }
-
-        /* Are the data objects properly indexed by field objects? */
-        if (JOURNAL_HEADER_CONTAINS(f->header, n_data) &&
-            JOURNAL_HEADER_CONTAINS(f->header, n_fields) &&
-            le64toh(f->header->n_data) > 0 &&
-            le64toh(f->header->n_fields) == 0)
-                return true;
-
-        if (max_file_usec > 0) {
-                usec_t t, h;
-
-                h = le64toh(f->header->head_entry_realtime);
-                t = now(CLOCK_REALTIME);
-
-                if (h > 0 && t > h + max_file_usec)
-                        return true;
-        }
-
-        return false;
-}
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
deleted file mode 100644
index 564e1a8179..0000000000
--- a/src/journal/journal-file.h
+++ /dev/null
@@ -1,265 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-
-#ifdef HAVE_GCRYPT
-#include <gcrypt.h>
-#endif
-
-#include "sd-id128.h"
-
-#include "hashmap.h"
-#include "journal-def.h"
-#include "macro.h"
-#include "mmap-cache.h"
-#include "sd-event.h"
-#include "sparse-endian.h"
-
-typedef struct JournalMetrics {
-        /* For all these: -1 means "pick automatically", and 0 means "no limit enforced" */
-        uint64_t max_size;     /* how large journal files grow at max */
-        uint64_t min_size;     /* how large journal files grow at least */
-        uint64_t max_use;      /* how much disk space to use in total at max, keep_free permitting */
-        uint64_t min_use;      /* how much disk space to use in total at least, even if keep_free says not to */
-        uint64_t keep_free;    /* how much to keep free on disk */
-        uint64_t n_max_files;  /* how many files to keep around at max */
-} JournalMetrics;
-
-typedef enum direction {
-        DIRECTION_UP,
-        DIRECTION_DOWN
-} direction_t;
-
-typedef enum LocationType {
-        /* The first and last entries, resp. */
-        LOCATION_HEAD,
-        LOCATION_TAIL,
-
-        /* We already read the entry we currently point to, and the
-         * next one to read should probably not be this one again. */
-        LOCATION_DISCRETE,
-
-        /* We should seek to the precise location specified, and
-         * return it, as we haven't read it yet. */
-        LOCATION_SEEK
-} LocationType;
-
-typedef enum OfflineState {
-        OFFLINE_JOINED,
-        OFFLINE_SYNCING,
-        OFFLINE_OFFLINING,
-        OFFLINE_CANCEL,
-        OFFLINE_AGAIN_FROM_SYNCING,
-        OFFLINE_AGAIN_FROM_OFFLINING,
-        OFFLINE_DONE
-} OfflineState;
-
-typedef struct JournalFile {
-        int fd;
-
-        mode_t mode;
-
-        int flags;
-        int prot;
-        bool writable:1;
-        bool compress_xz:1;
-        bool compress_lz4:1;
-        bool seal:1;
-        bool defrag_on_close:1;
-        bool close_fd:1;
-        bool archive:1;
-
-        bool tail_entry_monotonic_valid:1;
-
-        direction_t last_direction;
-        LocationType location_type;
-        uint64_t last_n_entries;
-
-        char *path;
-        struct stat last_stat;
-        usec_t last_stat_usec;
-
-        Header *header;
-        HashItem *data_hash_table;
-        HashItem *field_hash_table;
-
-        uint64_t current_offset;
-        uint64_t current_seqnum;
-        uint64_t current_realtime;
-        uint64_t current_monotonic;
-        sd_id128_t current_boot_id;
-        uint64_t current_xor_hash;
-
-        JournalMetrics metrics;
-        MMapCache *mmap;
-
-        sd_event_source *post_change_timer;
-        usec_t post_change_timer_period;
-
-        OrderedHashmap *chain_cache;
-
-        pthread_t offline_thread;
-        volatile OfflineState offline_state;
-
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-        void *compress_buffer;
-        size_t compress_buffer_size;
-#endif
-
-#ifdef HAVE_GCRYPT
-        gcry_md_hd_t hmac;
-        bool hmac_running;
-
-        FSSHeader *fss_file;
-        size_t fss_file_size;
-
-        uint64_t fss_start_usec;
-        uint64_t fss_interval_usec;
-
-        void *fsprg_state;
-        size_t fsprg_state_size;
-
-        void *fsprg_seed;
-        size_t fsprg_seed_size;
-#endif
-} JournalFile;
-
-int journal_file_open(
-                int fd,
-                const char *fname,
-                int flags,
-                mode_t mode,
-                bool compress,
-                bool seal,
-                JournalMetrics *metrics,
-                MMapCache *mmap_cache,
-                Set *deferred_closes,
-                JournalFile *template,
-                JournalFile **ret);
-
-int journal_file_set_offline(JournalFile *f, bool wait);
-bool journal_file_is_offlining(JournalFile *f);
-JournalFile* journal_file_close(JournalFile *j);
-void journal_file_close_set(Set *s);
-
-int journal_file_open_reliably(
-                const char *fname,
-                int flags,
-                mode_t mode,
-                bool compress,
-                bool seal,
-                JournalMetrics *metrics,
-                MMapCache *mmap_cache,
-                Set *deferred_closes,
-                JournalFile *template,
-                JournalFile **ret);
-
-#define ALIGN64(x) (((x) + 7ULL) & ~7ULL)
-#define VALID64(x) (((x) & 7ULL) == 0ULL)
-
-/* Use six characters to cover the offsets common in smallish journal
- * files without adding too many zeros. */
-#define OFSfmt "%06"PRIx64
-
-static inline bool VALID_REALTIME(uint64_t u) {
-        /* This considers timestamps until the year 3112 valid. That should be plenty room... */
-        return u > 0 && u < (1ULL << 55);
-}
-
-static inline bool VALID_MONOTONIC(uint64_t u) {
-        /* This considers timestamps until 1142 years of runtime valid. */
-        return u < (1ULL << 55);
-}
-
-static inline bool VALID_EPOCH(uint64_t u) {
-        /* This allows changing the key for 1142 years, every usec. */
-        return u < (1ULL << 55);
-}
-
-#define JOURNAL_HEADER_CONTAINS(h, field) \
-        (le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))
-
-#define JOURNAL_HEADER_SEALED(h) \
-        (!!(le32toh((h)->compatible_flags) & HEADER_COMPATIBLE_SEALED))
-
-#define JOURNAL_HEADER_COMPRESSED_XZ(h) \
-        (!!(le32toh((h)->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED_XZ))
-
-#define JOURNAL_HEADER_COMPRESSED_LZ4(h) \
-        (!!(le32toh((h)->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED_LZ4))
-
-int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset, Object **ret);
-
-uint64_t journal_file_entry_n_items(Object *o) _pure_;
-uint64_t journal_file_entry_array_n_items(Object *o) _pure_;
-uint64_t journal_file_hash_table_n_items(Object *o) _pure_;
-
-int journal_file_append_object(JournalFile *f, ObjectType type, uint64_t size, Object **ret, uint64_t *offset);
-int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const struct iovec iovec[], unsigned n_iovec, uint64_t *seqno, Object **ret, uint64_t *offset);
-
-int journal_file_find_data_object(JournalFile *f, const void *data, uint64_t size, Object **ret, uint64_t *offset);
-int journal_file_find_data_object_with_hash(JournalFile *f, const void *data, uint64_t size, uint64_t hash, Object **ret, uint64_t *offset);
-
-int journal_file_find_field_object(JournalFile *f, const void *field, uint64_t size, Object **ret, uint64_t *offset);
-int journal_file_find_field_object_with_hash(JournalFile *f, const void *field, uint64_t size, uint64_t hash, Object **ret, uint64_t *offset);
-
-void journal_file_reset_location(JournalFile *f);
-void journal_file_save_location(JournalFile *f, Object *o, uint64_t offset);
-int journal_file_compare_locations(JournalFile *af, JournalFile *bf);
-int journal_file_next_entry(JournalFile *f, uint64_t p, direction_t direction, Object **ret, uint64_t *offset);
-
-int journal_file_next_entry_for_data(JournalFile *f, Object *o, uint64_t p, uint64_t data_offset, direction_t direction, Object **ret, uint64_t *offset);
-
-int journal_file_move_to_entry_by_seqnum(JournalFile *f, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset);
-int journal_file_move_to_entry_by_realtime(JournalFile *f, uint64_t realtime, direction_t direction, Object **ret, uint64_t *offset);
-int journal_file_move_to_entry_by_monotonic(JournalFile *f, sd_id128_t boot_id, uint64_t monotonic, direction_t direction, Object **ret, uint64_t *offset);
-
-int journal_file_move_to_entry_by_offset_for_data(JournalFile *f, uint64_t data_offset, uint64_t p, direction_t direction, Object **ret, uint64_t *offset);
-int journal_file_move_to_entry_by_seqnum_for_data(JournalFile *f, uint64_t data_offset, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset);
-int journal_file_move_to_entry_by_realtime_for_data(JournalFile *f, uint64_t data_offset, uint64_t realtime, direction_t direction, Object **ret, uint64_t *offset);
-int journal_file_move_to_entry_by_monotonic_for_data(JournalFile *f, uint64_t data_offset, sd_id128_t boot_id, uint64_t monotonic, direction_t direction, Object **ret, uint64_t *offset);
-
-int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p, uint64_t *seqnum, Object **ret, uint64_t *offset);
-
-void journal_file_dump(JournalFile *f);
-void journal_file_print_header(JournalFile *f);
-
-int journal_file_rotate(JournalFile **f, bool compress, bool seal, Set *deferred_closes);
-
-void journal_file_post_change(JournalFile *f);
-int journal_file_enable_post_change_timer(JournalFile *f, sd_event *e, usec_t t);
-
-void journal_reset_metrics(JournalMetrics *m);
-void journal_default_metrics(JournalMetrics *m, int fd);
-
-int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *to);
-int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot, usec_t *from, usec_t *to);
-
-bool journal_file_rotate_suggested(JournalFile *f, usec_t max_file_usec);
-
-int journal_file_map_data_hash_table(JournalFile *f);
-int journal_file_map_field_hash_table(JournalFile *f);
-
-static inline bool JOURNAL_FILE_COMPRESS(JournalFile *f) {
-        assert(f);
-        return f->compress_xz || f->compress_lz4;
-}
diff --git a/src/journal/journal-internal.h b/src/journal/journal-internal.h
deleted file mode 100644
index 34a48141f5..0000000000
--- a/src/journal/journal-internal.h
+++ /dev/null
@@ -1,143 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <stdbool.h>
-#include <sys/types.h>
-
-#include "sd-id128.h"
-#include "sd-journal.h"
-
-#include "hashmap.h"
-#include "journal-def.h"
-#include "journal-file.h"
-#include "list.h"
-#include "set.h"
-
-typedef struct Match Match;
-typedef struct Location Location;
-typedef struct Directory Directory;
-
-typedef enum MatchType {
-        MATCH_DISCRETE,
-        MATCH_OR_TERM,
-        MATCH_AND_TERM
-} MatchType;
-
-struct Match {
-        MatchType type;
-        Match *parent;
-        LIST_FIELDS(Match, matches);
-
-        /* For concrete matches */
-        char *data;
-        size_t size;
-        le64_t le_hash;
-
-        /* For terms */
-        LIST_HEAD(Match, matches);
-};
-
-struct Location {
-        LocationType type;
-
-        bool seqnum_set;
-        bool realtime_set;
-        bool monotonic_set;
-        bool xor_hash_set;
-
-        uint64_t seqnum;
-        sd_id128_t seqnum_id;
-
-        uint64_t realtime;
-
-        uint64_t monotonic;
-        sd_id128_t boot_id;
-
-        uint64_t xor_hash;
-};
-
-struct Directory {
-        char *path;
-        int wd;
-        bool is_root;
-};
-
-struct sd_journal {
-        int toplevel_fd;
-
-        char *path;
-        char *prefix;
-
-        OrderedHashmap *files;
-        MMapCache *mmap;
-
-        Location current_location;
-
-        JournalFile *current_file;
-        uint64_t current_field;
-
-        Match *level0, *level1, *level2;
-
-        pid_t original_pid;
-
-        int inotify_fd;
-        unsigned current_invalidate_counter, last_invalidate_counter;
-        usec_t last_process_usec;
-
-        /* Iterating through unique fields and their data values */
-        char *unique_field;
-        JournalFile *unique_file;
-        uint64_t unique_offset;
-
-        /* Iterating through known fields */
-        JournalFile *fields_file;
-        uint64_t fields_offset;
-        uint64_t fields_hash_table_index;
-        char *fields_buffer;
-        size_t fields_buffer_allocated;
-
-        int flags;
-
-        bool on_network:1;
-        bool no_new_files:1;
-        bool no_inotify:1;
-        bool unique_file_lost:1; /* File we were iterating over got
-                                    removed, and there were no more
-                                    files, so sd_j_enumerate_unique
-                                    will return a value equal to 0. */
-        bool fields_file_lost:1;
-        bool has_runtime_files:1;
-        bool has_persistent_files:1;
-
-        size_t data_threshold;
-
-        Hashmap *directories_by_path;
-        Hashmap *directories_by_wd;
-
-        Hashmap *errors;
-};
-
-char *journal_make_match_string(sd_journal *j);
-void journal_print_header(sd_journal *j);
-
-#define JOURNAL_FOREACH_DATA_RETVAL(j, data, l, retval)                     \
-        for (sd_journal_restart_data(j); ((retval) = sd_journal_enumerate_data((j), &(data), &(l))) > 0; )
diff --git a/src/journal/journal-qrcode.h b/src/journal/journal-qrcode.h
deleted file mode 100644
index ef39085561..0000000000
--- a/src/journal/journal-qrcode.h
+++ /dev/null
@@ -1,27 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <stdio.h>
-
-#include "sd-id128.h"
-
-int print_qr_code(FILE *f, const void *seed, size_t seed_size, uint64_t start, uint64_t interval, const char *hn, sd_id128_t machine);
diff --git a/src/journal/journal-send.c b/src/journal/journal-send.c
deleted file mode 100644
index 5e8a3e3200..0000000000
--- a/src/journal/journal-send.c
+++ /dev/null
@@ -1,559 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <printf.h>
-#include <stddef.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <unistd.h>
-
-#define SD_JOURNAL_SUPPRESS_LOCATION
-
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "io-util.h"
-#include "memfd-util.h"
-#include "socket-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "util.h"
-
-#define SNDBUF_SIZE (8*1024*1024)
-
-#define ALLOCA_CODE_FUNC(f, func)                 \
-        do {                                      \
-                size_t _fl;                       \
-                const char *_func = (func);       \
-                char **_f = &(f);                 \
-                _fl = strlen(_func) + 1;          \
-                *_f = alloca(_fl + 10);           \
-                memcpy(*_f, "CODE_FUNC=", 10);    \
-                memcpy(*_f + 10, _func, _fl);     \
-        } while (false)
-
-/* We open a single fd, and we'll share it with the current process,
- * all its threads, and all its subprocesses. This means we need to
- * initialize it atomically, and need to operate on it atomically
- * never assuming we are the only user */
-
-static int journal_fd(void) {
-        int fd;
-        static int fd_plus_one = 0;
-
-retry:
-        if (fd_plus_one > 0)
-                return fd_plus_one - 1;
-
-        fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
-        if (fd < 0)
-                return -errno;
-
-        fd_inc_sndbuf(fd, SNDBUF_SIZE);
-
-        if (!__sync_bool_compare_and_swap(&fd_plus_one, 0, fd+1)) {
-                safe_close(fd);
-                goto retry;
-        }
-
-        return fd;
-}
-
-_public_ int sd_journal_print(int priority, const char *format, ...) {
-        int r;
-        va_list ap;
-
-        va_start(ap, format);
-        r = sd_journal_printv(priority, format, ap);
-        va_end(ap);
-
-        return r;
-}
-
-_public_ int sd_journal_printv(int priority, const char *format, va_list ap) {
-
-        /* FIXME: Instead of limiting things to LINE_MAX we could do a
-           C99 variable-length array on the stack here in a loop. */
-
-        char buffer[8 + LINE_MAX], p[sizeof("PRIORITY=")-1 + DECIMAL_STR_MAX(int) + 1];
-        struct iovec iov[2];
-
-        assert_return(priority >= 0, -EINVAL);
-        assert_return(priority <= 7, -EINVAL);
-        assert_return(format, -EINVAL);
-
-        xsprintf(p, "PRIORITY=%i", priority & LOG_PRIMASK);
-
-        memcpy(buffer, "MESSAGE=", 8);
-        vsnprintf(buffer+8, sizeof(buffer) - 8, format, ap);
-
-        zero(iov);
-        IOVEC_SET_STRING(iov[0], buffer);
-        IOVEC_SET_STRING(iov[1], p);
-
-        return sd_journal_sendv(iov, 2);
-}
-
-_printf_(1, 0) static int fill_iovec_sprintf(const char *format, va_list ap, int extra, struct iovec **_iov) {
-        PROTECT_ERRNO;
-        int r, n = 0, i = 0, j;
-        struct iovec *iov = NULL;
-
-        assert(_iov);
-
-        if (extra > 0) {
-                n = MAX(extra * 2, extra + 4);
-                iov = malloc0(n * sizeof(struct iovec));
-                if (!iov) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                i = extra;
-        }
-
-        while (format) {
-                struct iovec *c;
-                char *buffer;
-                va_list aq;
-
-                if (i >= n) {
-                        n = MAX(i*2, 4);
-                        c = realloc(iov, n * sizeof(struct iovec));
-                        if (!c) {
-                                r = -ENOMEM;
-                                goto fail;
-                        }
-
-                        iov = c;
-                }
-
-                va_copy(aq, ap);
-                if (vasprintf(&buffer, format, aq) < 0) {
-                        va_end(aq);
-                        r = -ENOMEM;
-                        goto fail;
-                }
-                va_end(aq);
-
-                VA_FORMAT_ADVANCE(format, ap);
-
-                IOVEC_SET_STRING(iov[i++], buffer);
-
-                format = va_arg(ap, char *);
-        }
-
-        *_iov = iov;
-
-        return i;
-
-fail:
-        for (j = 0; j < i; j++)
-                free(iov[j].iov_base);
-
-        free(iov);
-
-        return r;
-}
-
-_public_ int sd_journal_send(const char *format, ...) {
-        int r, i, j;
-        va_list ap;
-        struct iovec *iov = NULL;
-
-        va_start(ap, format);
-        i = fill_iovec_sprintf(format, ap, 0, &iov);
-        va_end(ap);
-
-        if (_unlikely_(i < 0)) {
-                r = i;
-                goto finish;
-        }
-
-        r = sd_journal_sendv(iov, i);
-
-finish:
-        for (j = 0; j < i; j++)
-                free(iov[j].iov_base);
-
-        free(iov);
-
-        return r;
-}
-
-_public_ int sd_journal_sendv(const struct iovec *iov, int n) {
-        PROTECT_ERRNO;
-        int fd, r;
-        _cleanup_close_ int buffer_fd = -1;
-        struct iovec *w;
-        uint64_t *l;
-        int i, j = 0;
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/journal/socket",
-        };
-        struct msghdr mh = {
-                .msg_name = (struct sockaddr*) &sa.sa,
-                .msg_namelen = SOCKADDR_UN_LEN(sa.un),
-        };
-        ssize_t k;
-        bool have_syslog_identifier = false;
-        bool seal = true;
-
-        assert_return(iov, -EINVAL);
-        assert_return(n > 0, -EINVAL);
-
-        w = newa(struct iovec, n * 5 + 3);
-        l = newa(uint64_t, n);
-
-        for (i = 0; i < n; i++) {
-                char *c, *nl;
-
-                if (_unlikely_(!iov[i].iov_base || iov[i].iov_len <= 1))
-                        return -EINVAL;
-
-                c = memchr(iov[i].iov_base, '=', iov[i].iov_len);
-                if (_unlikely_(!c || c == iov[i].iov_base))
-                        return -EINVAL;
-
-                have_syslog_identifier = have_syslog_identifier ||
-                        (c == (char *) iov[i].iov_base + 17 &&
-                         startswith(iov[i].iov_base, "SYSLOG_IDENTIFIER"));
-
-                nl = memchr(iov[i].iov_base, '\n', iov[i].iov_len);
-                if (nl) {
-                        if (_unlikely_(nl < c))
-                                return -EINVAL;
-
-                        /* Already includes a newline? Bummer, then
-                         * let's write the variable name, then a
-                         * newline, then the size (64bit LE), followed
-                         * by the data and a final newline */
-
-                        w[j].iov_base = iov[i].iov_base;
-                        w[j].iov_len = c - (char*) iov[i].iov_base;
-                        j++;
-
-                        IOVEC_SET_STRING(w[j++], "\n");
-
-                        l[i] = htole64(iov[i].iov_len - (c - (char*) iov[i].iov_base) - 1);
-                        w[j].iov_base = &l[i];
-                        w[j].iov_len = sizeof(uint64_t);
-                        j++;
-
-                        w[j].iov_base = c + 1;
-                        w[j].iov_len = iov[i].iov_len - (c - (char*) iov[i].iov_base) - 1;
-                        j++;
-
-                } else
-                        /* Nothing special? Then just add the line and
-                         * append a newline */
-                        w[j++] = iov[i];
-
-                IOVEC_SET_STRING(w[j++], "\n");
-        }
-
-        if (!have_syslog_identifier &&
-            string_is_safe(program_invocation_short_name)) {
-
-                /* Implicitly add program_invocation_short_name, if it
-                 * is not set explicitly. We only do this for
-                 * program_invocation_short_name, and nothing else
-                 * since everything else is much nicer to retrieve
-                 * from the outside. */
-
-                IOVEC_SET_STRING(w[j++], "SYSLOG_IDENTIFIER=");
-                IOVEC_SET_STRING(w[j++], program_invocation_short_name);
-                IOVEC_SET_STRING(w[j++], "\n");
-        }
-
-        fd = journal_fd();
-        if (_unlikely_(fd < 0))
-                return fd;
-
-        mh.msg_iov = w;
-        mh.msg_iovlen = j;
-
-        k = sendmsg(fd, &mh, MSG_NOSIGNAL);
-        if (k >= 0)
-                return 0;
-
-        /* Fail silently if the journal is not available */
-        if (errno == ENOENT)
-                return 0;
-
-        if (errno != EMSGSIZE && errno != ENOBUFS)
-                return -errno;
-
-        /* Message doesn't fit... Let's dump the data in a memfd or
-         * temporary file and just pass a file descriptor of it to the
-         * other side.
-         *
-         * For the temporary files we use /dev/shm instead of /tmp
-         * here, since we want this to be a tmpfs, and one that is
-         * available from early boot on and where unprivileged users
-         * can create files. */
-        buffer_fd = memfd_new(NULL);
-        if (buffer_fd < 0) {
-                if (buffer_fd == -ENOSYS) {
-                        buffer_fd = open_tmpfile_unlinkable("/dev/shm", O_RDWR | O_CLOEXEC);
-                        if (buffer_fd < 0)
-                                return buffer_fd;
-
-                        seal = false;
-                } else
-                        return buffer_fd;
-        }
-
-        n = writev(buffer_fd, w, j);
-        if (n < 0)
-                return -errno;
-
-        if (seal) {
-                r = memfd_set_sealed(buffer_fd);
-                if (r < 0)
-                        return r;
-        }
-
-        r = send_one_fd_sa(fd, buffer_fd, mh.msg_name, mh.msg_namelen, 0);
-        if (r == -ENOENT)
-                /* Fail silently if the journal is not available */
-                return 0;
-        return r;
-}
-
-static int fill_iovec_perror_and_send(const char *message, int skip, struct iovec iov[]) {
-        PROTECT_ERRNO;
-        size_t n, k;
-
-        k = isempty(message) ? 0 : strlen(message) + 2;
-        n = 8 + k + 256 + 1;
-
-        for (;;) {
-                char buffer[n];
-                char* j;
-
-                errno = 0;
-                j = strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k);
-                if (errno == 0) {
-                        char error[sizeof("ERRNO=")-1 + DECIMAL_STR_MAX(int) + 1];
-
-                        if (j != buffer + 8 + k)
-                                memmove(buffer + 8 + k, j, strlen(j)+1);
-
-                        memcpy(buffer, "MESSAGE=", 8);
-
-                        if (k > 0) {
-                                memcpy(buffer + 8, message, k - 2);
-                                memcpy(buffer + 8 + k - 2, ": ", 2);
-                        }
-
-                        xsprintf(error, "ERRNO=%i", _saved_errno_);
-
-                        assert_cc(3 == LOG_ERR);
-                        IOVEC_SET_STRING(iov[skip+0], "PRIORITY=3");
-                        IOVEC_SET_STRING(iov[skip+1], buffer);
-                        IOVEC_SET_STRING(iov[skip+2], error);
-
-                        return sd_journal_sendv(iov, skip + 3);
-                }
-
-                if (errno != ERANGE)
-                        return -errno;
-
-                n *= 2;
-        }
-}
-
-_public_ int sd_journal_perror(const char *message) {
-        struct iovec iovec[3];
-
-        return fill_iovec_perror_and_send(message, 0, iovec);
-}
-
-_public_ int sd_journal_stream_fd(const char *identifier, int priority, int level_prefix) {
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/journal/stdout",
-        };
-        _cleanup_close_ int fd = -1;
-        char *header;
-        size_t l;
-        int r;
-
-        assert_return(priority >= 0, -EINVAL);
-        assert_return(priority <= 7, -EINVAL);
-
-        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
-        if (fd < 0)
-                return -errno;
-
-        r = connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-        if (r < 0)
-                return -errno;
-
-        if (shutdown(fd, SHUT_RD) < 0)
-                return -errno;
-
-        fd_inc_sndbuf(fd, SNDBUF_SIZE);
-
-        if (!identifier)
-                identifier = "";
-
-        l = strlen(identifier);
-        header = alloca(l + 1 + 1 + 2 + 2 + 2 + 2 + 2);
-
-        memcpy(header, identifier, l);
-        header[l++] = '\n';
-        header[l++] = '\n'; /* unit id */
-        header[l++] = '0' + priority;
-        header[l++] = '\n';
-        header[l++] = '0' + !!level_prefix;
-        header[l++] = '\n';
-        header[l++] = '0';
-        header[l++] = '\n';
-        header[l++] = '0';
-        header[l++] = '\n';
-        header[l++] = '0';
-        header[l++] = '\n';
-
-        r = loop_write(fd, header, l, false);
-        if (r < 0)
-                return r;
-
-        r = fd;
-        fd = -1;
-        return r;
-}
-
-_public_ int sd_journal_print_with_location(int priority, const char *file, const char *line, const char *func, const char *format, ...) {
-        int r;
-        va_list ap;
-
-        va_start(ap, format);
-        r = sd_journal_printv_with_location(priority, file, line, func, format, ap);
-        va_end(ap);
-
-        return r;
-}
-
-_public_ int sd_journal_printv_with_location(int priority, const char *file, const char *line, const char *func, const char *format, va_list ap) {
-        char buffer[8 + LINE_MAX], p[sizeof("PRIORITY=")-1 + DECIMAL_STR_MAX(int) + 1];
-        struct iovec iov[5];
-        char *f;
-
-        assert_return(priority >= 0, -EINVAL);
-        assert_return(priority <= 7, -EINVAL);
-        assert_return(format, -EINVAL);
-
-        xsprintf(p, "PRIORITY=%i", priority & LOG_PRIMASK);
-
-        memcpy(buffer, "MESSAGE=", 8);
-        vsnprintf(buffer+8, sizeof(buffer) - 8, format, ap);
-
-        /* func is initialized from __func__ which is not a macro, but
-         * a static const char[], hence cannot easily be prefixed with
-         * CODE_FUNC=, hence let's do it manually here. */
-        ALLOCA_CODE_FUNC(f, func);
-
-        zero(iov);
-        IOVEC_SET_STRING(iov[0], buffer);
-        IOVEC_SET_STRING(iov[1], p);
-        IOVEC_SET_STRING(iov[2], file);
-        IOVEC_SET_STRING(iov[3], line);
-        IOVEC_SET_STRING(iov[4], f);
-
-        return sd_journal_sendv(iov, ELEMENTSOF(iov));
-}
-
-_public_ int sd_journal_send_with_location(const char *file, const char *line, const char *func, const char *format, ...) {
-        int r, i, j;
-        va_list ap;
-        struct iovec *iov = NULL;
-        char *f;
-
-        va_start(ap, format);
-        i = fill_iovec_sprintf(format, ap, 3, &iov);
-        va_end(ap);
-
-        if (_unlikely_(i < 0)) {
-                r = i;
-                goto finish;
-        }
-
-        ALLOCA_CODE_FUNC(f, func);
-
-        IOVEC_SET_STRING(iov[0], file);
-        IOVEC_SET_STRING(iov[1], line);
-        IOVEC_SET_STRING(iov[2], f);
-
-        r = sd_journal_sendv(iov, i);
-
-finish:
-        for (j = 3; j < i; j++)
-                free(iov[j].iov_base);
-
-        free(iov);
-
-        return r;
-}
-
-_public_ int sd_journal_sendv_with_location(
-                const char *file, const char *line,
-                const char *func,
-                const struct iovec *iov, int n) {
-
-        struct iovec *niov;
-        char *f;
-
-        assert_return(iov, -EINVAL);
-        assert_return(n > 0, -EINVAL);
-
-        niov = alloca(sizeof(struct iovec) * (n + 3));
-        memcpy(niov, iov, sizeof(struct iovec) * n);
-
-        ALLOCA_CODE_FUNC(f, func);
-
-        IOVEC_SET_STRING(niov[n++], file);
-        IOVEC_SET_STRING(niov[n++], line);
-        IOVEC_SET_STRING(niov[n++], f);
-
-        return sd_journal_sendv(niov, n);
-}
-
-_public_ int sd_journal_perror_with_location(
-                const char *file, const char *line,
-                const char *func,
-                const char *message) {
-
-        struct iovec iov[6];
-        char *f;
-
-        ALLOCA_CODE_FUNC(f, func);
-
-        IOVEC_SET_STRING(iov[0], file);
-        IOVEC_SET_STRING(iov[1], line);
-        IOVEC_SET_STRING(iov[2], f);
-
-        return fill_iovec_perror_and_send(message, 3, iov);
-}
diff --git a/src/journal/journal-vacuum.c b/src/journal/journal-vacuum.c
deleted file mode 100644
index f09dc66e03..0000000000
--- a/src/journal/journal-vacuum.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "dirent-util.h"
-#include "fd-util.h"
-#include "journal-def.h"
-#include "journal-file.h"
-#include "journal-vacuum.h"
-#include "parse-util.h"
-#include "string-util.h"
-#include "util.h"
-#include "xattr-util.h"
-
-struct vacuum_info {
-        uint64_t usage;
-        char *filename;
-
-        uint64_t realtime;
-
-        sd_id128_t seqnum_id;
-        uint64_t seqnum;
-        bool have_seqnum;
-};
-
-static int vacuum_compare(const void *_a, const void *_b) {
-        const struct vacuum_info *a, *b;
-
-        a = _a;
-        b = _b;
-
-        if (a->have_seqnum && b->have_seqnum &&
-            sd_id128_equal(a->seqnum_id, b->seqnum_id)) {
-                if (a->seqnum < b->seqnum)
-                        return -1;
-                else if (a->seqnum > b->seqnum)
-                        return 1;
-                else
-                        return 0;
-        }
-
-        if (a->realtime < b->realtime)
-                return -1;
-        else if (a->realtime > b->realtime)
-                return 1;
-        else if (a->have_seqnum && b->have_seqnum)
-                return memcmp(&a->seqnum_id, &b->seqnum_id, 16);
-        else
-                return strcmp(a->filename, b->filename);
-}
-
-static void patch_realtime(
-                int fd,
-                const char *fn,
-                const struct stat *st,
-                unsigned long long *realtime) {
-
-        usec_t x, crtime = 0;
-
-        /* The timestamp was determined by the file name, but let's
-         * see if the file might actually be older than the file name
-         * suggested... */
-
-        assert(fd >= 0);
-        assert(fn);
-        assert(st);
-        assert(realtime);
-
-        x = timespec_load(&st->st_ctim);
-        if (x > 0 && x != USEC_INFINITY && x < *realtime)
-                *realtime = x;
-
-        x = timespec_load(&st->st_atim);
-        if (x > 0 && x != USEC_INFINITY && x < *realtime)
-                *realtime = x;
-
-        x = timespec_load(&st->st_mtim);
-        if (x > 0 && x != USEC_INFINITY && x < *realtime)
-                *realtime = x;
-
-        /* Let's read the original creation time, if possible. Ideally
-         * we'd just query the creation time the FS might provide, but
-         * unfortunately there's currently no sane API to query
-         * it. Hence let's implement this manually... */
-
-        if (fd_getcrtime_at(fd, fn, &crtime, 0) >= 0) {
-                if (crtime < *realtime)
-                        *realtime = crtime;
-        }
-}
-
-static int journal_file_empty(int dir_fd, const char *name) {
-        _cleanup_close_ int fd;
-        struct stat st;
-        le64_t n_entries;
-        ssize_t n;
-
-        fd = openat(dir_fd, name, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK|O_NOATIME);
-        if (fd < 0) {
-                /* Maybe failed due to O_NOATIME and lack of privileges? */
-                fd = openat(dir_fd, name, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK);
-                if (fd < 0)
-                        return -errno;
-        }
-
-        if (fstat(fd, &st) < 0)
-                return -errno;
-
-        /* If an offline file doesn't even have a header we consider it empty */
-        if (st.st_size < (off_t) sizeof(Header))
-                return 1;
-
-        /* If the number of entries is empty, we consider it empty, too */
-        n = pread(fd, &n_entries, sizeof(n_entries), offsetof(Header, n_entries));
-        if (n < 0)
-                return -errno;
-        if (n != sizeof(n_entries))
-                return -EIO;
-
-        return le64toh(n_entries) <= 0;
-}
-
-int journal_directory_vacuum(
-                const char *directory,
-                uint64_t max_use,
-                uint64_t n_max_files,
-                usec_t max_retention_usec,
-                usec_t *oldest_usec,
-                bool verbose) {
-
-        _cleanup_closedir_ DIR *d = NULL;
-        struct vacuum_info *list = NULL;
-        unsigned n_list = 0, i, n_active_files = 0;
-        size_t n_allocated = 0;
-        uint64_t sum = 0, freed = 0;
-        usec_t retention_limit = 0;
-        char sbytes[FORMAT_BYTES_MAX];
-        struct dirent *de;
-        int r;
-
-        assert(directory);
-
-        if (max_use <= 0 && max_retention_usec <= 0 && n_max_files <= 0)
-                return 0;
-
-        if (max_retention_usec > 0) {
-                retention_limit = now(CLOCK_REALTIME);
-                if (retention_limit > max_retention_usec)
-                        retention_limit -= max_retention_usec;
-                else
-                        max_retention_usec = retention_limit = 0;
-        }
-
-        d = opendir(directory);
-        if (!d)
-                return -errno;
-
-        FOREACH_DIRENT_ALL(de, d, r = -errno; goto finish) {
-
-                unsigned long long seqnum = 0, realtime;
-                _cleanup_free_ char *p = NULL;
-                sd_id128_t seqnum_id;
-                bool have_seqnum;
-                uint64_t size;
-                struct stat st;
-                size_t q;
-
-                if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
-                        log_debug_errno(errno, "Failed to stat file %s while vacuuming, ignoring: %m", de->d_name);
-                        continue;
-                }
-
-                if (!S_ISREG(st.st_mode))
-                        continue;
-
-                q = strlen(de->d_name);
-
-                if (endswith(de->d_name, ".journal")) {
-
-                        /* Vacuum archived files. Active files are
-                         * left around */
-
-                        if (q < 1 + 32 + 1 + 16 + 1 + 16 + 8) {
-                                n_active_files++;
-                                continue;
-                        }
-
-                        if (de->d_name[q-8-16-1] != '-' ||
-                            de->d_name[q-8-16-1-16-1] != '-' ||
-                            de->d_name[q-8-16-1-16-1-32-1] != '@') {
-                                n_active_files++;
-                                continue;
-                        }
-
-                        p = strdup(de->d_name);
-                        if (!p) {
-                                r = -ENOMEM;
-                                goto finish;
-                        }
-
-                        de->d_name[q-8-16-1-16-1] = 0;
-                        if (sd_id128_from_string(de->d_name + q-8-16-1-16-1-32, &seqnum_id) < 0) {
-                                n_active_files++;
-                                continue;
-                        }
-
-                        if (sscanf(de->d_name + q-8-16-1-16, "%16llx-%16llx.journal", &seqnum, &realtime) != 2) {
-                                n_active_files++;
-                                continue;
-                        }
-
-                        have_seqnum = true;
-
-                } else if (endswith(de->d_name, ".journal~")) {
-                        unsigned long long tmp;
-
-                        /* Vacuum corrupted files */
-
-                        if (q < 1 + 16 + 1 + 16 + 8 + 1) {
-                                n_active_files++;
-                                continue;
-                        }
-
-                        if (de->d_name[q-1-8-16-1] != '-' ||
-                            de->d_name[q-1-8-16-1-16-1] != '@') {
-                                n_active_files++;
-                                continue;
-                        }
-
-                        p = strdup(de->d_name);
-                        if (!p) {
-                                r = -ENOMEM;
-                                goto finish;
-                        }
-
-                        if (sscanf(de->d_name + q-1-8-16-1-16, "%16llx-%16llx.journal~", &realtime, &tmp) != 2) {
-                                n_active_files++;
-                                continue;
-                        }
-
-                        have_seqnum = false;
-                } else {
-                        /* We do not vacuum unknown files! */
-                        log_debug("Not vacuuming unknown file %s.", de->d_name);
-                        continue;
-                }
-
-                size = 512UL * (uint64_t) st.st_blocks;
-
-                r = journal_file_empty(dirfd(d), p);
-                if (r < 0) {
-                        log_debug_errno(r, "Failed check if %s is empty, ignoring: %m", p);
-                        continue;
-                }
-                if (r > 0) {
-                        /* Always vacuum empty non-online files. */
-
-                        if (unlinkat(dirfd(d), p, 0) >= 0) {
-
-                                log_full(verbose ? LOG_INFO : LOG_DEBUG,
-                                         "Deleted empty archived journal %s/%s (%s).", directory, p, format_bytes(sbytes, sizeof(sbytes), size));
-
-                                freed += size;
-                        } else if (errno != ENOENT)
-                                log_warning_errno(errno, "Failed to delete empty archived journal %s/%s: %m", directory, p);
-
-                        continue;
-                }
-
-                patch_realtime(dirfd(d), p, &st, &realtime);
-
-                if (!GREEDY_REALLOC(list, n_allocated, n_list + 1)) {
-                        r = -ENOMEM;
-                        goto finish;
-                }
-
-                list[n_list].filename = p;
-                list[n_list].usage = size;
-                list[n_list].seqnum = seqnum;
-                list[n_list].realtime = realtime;
-                list[n_list].seqnum_id = seqnum_id;
-                list[n_list].have_seqnum = have_seqnum;
-                n_list++;
-
-                p = NULL;
-                sum += size;
-        }
-
-        qsort_safe(list, n_list, sizeof(struct vacuum_info), vacuum_compare);
-
-        for (i = 0; i < n_list; i++) {
-                unsigned left;
-
-                left = n_active_files + n_list - i;
-
-                if ((max_retention_usec <= 0 || list[i].realtime >= retention_limit) &&
-                    (max_use <= 0 || sum <= max_use) &&
-                    (n_max_files <= 0 || left <= n_max_files))
-                        break;
-
-                if (unlinkat(dirfd(d), list[i].filename, 0) >= 0) {
-                        log_full(verbose ? LOG_INFO : LOG_DEBUG, "Deleted archived journal %s/%s (%s).", directory, list[i].filename, format_bytes(sbytes, sizeof(sbytes), list[i].usage));
-                        freed += list[i].usage;
-
-                        if (list[i].usage < sum)
-                                sum -= list[i].usage;
-                        else
-                                sum = 0;
-
-                } else if (errno != ENOENT)
-                        log_warning_errno(errno, "Failed to delete archived journal %s/%s: %m", directory, list[i].filename);
-        }
-
-        if (oldest_usec && i < n_list && (*oldest_usec == 0 || list[i].realtime < *oldest_usec))
-                *oldest_usec = list[i].realtime;
-
-        r = 0;
-
-finish:
-        for (i = 0; i < n_list; i++)
-                free(list[i].filename);
-        free(list);
-
-        log_full(verbose ? LOG_INFO : LOG_DEBUG, "Vacuuming done, freed %s of archived journals on disk.", format_bytes(sbytes, sizeof(sbytes), freed));
-
-        return r;
-}
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
deleted file mode 100644
index f67c556783..0000000000
--- a/src/journal/journalctl.c
+++ /dev/null
@@ -1,2600 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <fnmatch.h>
-#include <getopt.h>
-#include <linux/fs.h>
-#include <locale.h>
-#include <poll.h>
-#include <signal.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/inotify.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-journal.h"
-
-#include "acl-util.h"
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "catalog.h"
-#include "chattr-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "fsprg.h"
-#include "glob-util.h"
-#include "hostname-util.h"
-#include "io-util.h"
-#include "journal-def.h"
-#include "journal-internal.h"
-#include "journal-qrcode.h"
-#include "journal-vacuum.h"
-#include "journal-verify.h"
-#include "locale-util.h"
-#include "log.h"
-#include "logs-show.h"
-#include "mkdir.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "rlimit-util.h"
-#include "set.h"
-#include "sigbus.h"
-#include "strv.h"
-#include "syslog-util.h"
-#include "terminal-util.h"
-#include "udev.h"
-#include "udev-util.h"
-#include "unit-name.h"
-#include "user-util.h"
-
-#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
-
-enum {
-        /* Special values for arg_lines */
-        ARG_LINES_DEFAULT = -2,
-        ARG_LINES_ALL = -1,
-};
-
-static OutputMode arg_output = OUTPUT_SHORT;
-static bool arg_utc = false;
-static bool arg_pager_end = false;
-static bool arg_follow = false;
-static bool arg_full = true;
-static bool arg_all = false;
-static bool arg_no_pager = false;
-static int arg_lines = ARG_LINES_DEFAULT;
-static bool arg_no_tail = false;
-static bool arg_quiet = false;
-static bool arg_merge = false;
-static bool arg_boot = false;
-static sd_id128_t arg_boot_id = {};
-static int arg_boot_offset = 0;
-static bool arg_dmesg = false;
-static bool arg_no_hostname = false;
-static const char *arg_cursor = NULL;
-static const char *arg_after_cursor = NULL;
-static bool arg_show_cursor = false;
-static const char *arg_directory = NULL;
-static char **arg_file = NULL;
-static bool arg_file_stdin = false;
-static int arg_priorities = 0xFF;
-static const char *arg_verify_key = NULL;
-#ifdef HAVE_GCRYPT
-static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
-static bool arg_force = false;
-#endif
-static usec_t arg_since, arg_until;
-static bool arg_since_set = false, arg_until_set = false;
-static char **arg_syslog_identifier = NULL;
-static char **arg_system_units = NULL;
-static char **arg_user_units = NULL;
-static const char *arg_field = NULL;
-static bool arg_catalog = false;
-static bool arg_reverse = false;
-static int arg_journal_type = 0;
-static char *arg_root = NULL;
-static const char *arg_machine = NULL;
-static uint64_t arg_vacuum_size = 0;
-static uint64_t arg_vacuum_n_files = 0;
-static usec_t arg_vacuum_time = 0;
-
-static enum {
-        ACTION_SHOW,
-        ACTION_NEW_ID128,
-        ACTION_PRINT_HEADER,
-        ACTION_SETUP_KEYS,
-        ACTION_VERIFY,
-        ACTION_DISK_USAGE,
-        ACTION_LIST_CATALOG,
-        ACTION_DUMP_CATALOG,
-        ACTION_UPDATE_CATALOG,
-        ACTION_LIST_BOOTS,
-        ACTION_FLUSH,
-        ACTION_SYNC,
-        ACTION_ROTATE,
-        ACTION_VACUUM,
-        ACTION_LIST_FIELDS,
-        ACTION_LIST_FIELD_NAMES,
-} arg_action = ACTION_SHOW;
-
-typedef struct BootId {
-        sd_id128_t id;
-        uint64_t first;
-        uint64_t last;
-        LIST_FIELDS(struct BootId, boot_list);
-} BootId;
-
-static int add_matches_for_device(sd_journal *j, const char *devpath) {
-        int r;
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
-        struct udev_device *d = NULL;
-        struct stat st;
-
-        assert(j);
-        assert(devpath);
-
-        if (!path_startswith(devpath, "/dev/")) {
-                log_error("Devpath does not start with /dev/");
-                return -EINVAL;
-        }
-
-        udev = udev_new();
-        if (!udev)
-                return log_oom();
-
-        r = stat(devpath, &st);
-        if (r < 0)
-                log_error_errno(errno, "Couldn't stat file: %m");
-
-        d = device = udev_device_new_from_devnum(udev, S_ISBLK(st.st_mode) ? 'b' : 'c', st.st_rdev);
-        if (!device)
-                return log_error_errno(errno, "Failed to get udev device from devnum %u:%u: %m", major(st.st_rdev), minor(st.st_rdev));
-
-        while (d) {
-                _cleanup_free_ char *match = NULL;
-                const char *subsys, *sysname, *devnode;
-
-                subsys = udev_device_get_subsystem(d);
-                if (!subsys) {
-                        d = udev_device_get_parent(d);
-                        continue;
-                }
-
-                sysname = udev_device_get_sysname(d);
-                if (!sysname) {
-                        d = udev_device_get_parent(d);
-                        continue;
-                }
-
-                match = strjoin("_KERNEL_DEVICE=+", subsys, ":", sysname, NULL);
-                if (!match)
-                        return log_oom();
-
-                r = sd_journal_add_match(j, match, 0);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add match: %m");
-
-                devnode = udev_device_get_devnode(d);
-                if (devnode) {
-                        _cleanup_free_ char *match1 = NULL;
-
-                        r = stat(devnode, &st);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to stat() device node \"%s\": %m", devnode);
-
-                        r = asprintf(&match1, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st.st_mode) ? 'b' : 'c', major(st.st_rdev), minor(st.st_rdev));
-                        if (r < 0)
-                                return log_oom();
-
-                        r = sd_journal_add_match(j, match1, 0);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to add match: %m");
-                }
-
-                d = udev_device_get_parent(d);
-        }
-
-        r = add_match_this_boot(j, arg_machine);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for the current boot: %m");
-
-        return 0;
-}
-
-static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
-
-        if (arg_utc)
-                return format_timestamp_utc(buf, l, t);
-
-        return format_timestamp(buf, l, t);
-}
-
-static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
-        sd_id128_t id = SD_ID128_NULL;
-        int off = 0, r;
-
-        if (strlen(x) >= 32) {
-                char *t;
-
-                t = strndupa(x, 32);
-                r = sd_id128_from_string(t, &id);
-                if (r >= 0)
-                        x += 32;
-
-                if (*x != '-' && *x != '+' && *x != 0)
-                        return -EINVAL;
-
-                if (*x != 0) {
-                        r = safe_atoi(x, &off);
-                        if (r < 0)
-                                return r;
-                }
-        } else {
-                r = safe_atoi(x, &off);
-                if (r < 0)
-                        return r;
-        }
-
-        if (boot_id)
-                *boot_id = id;
-
-        if (offset)
-                *offset = off;
-
-        return 0;
-}
-
-static void help(void) {
-
-        pager_open(arg_no_pager, arg_pager_end);
-
-        printf("%s [OPTIONS...] [MATCHES...]\n\n"
-               "Query the journal.\n\n"
-               "Options:\n"
-               "     --system              Show the system journal\n"
-               "     --user                Show the user journal for the current user\n"
-               "  -M --machine=CONTAINER   Operate on local container\n"
-               "  -S --since=DATE          Show entries not older than the specified date\n"
-               "  -U --until=DATE          Show entries not newer than the specified date\n"
-               "  -c --cursor=CURSOR       Show entries starting at the specified cursor\n"
-               "     --after-cursor=CURSOR Show entries after the specified cursor\n"
-               "     --show-cursor         Print the cursor after all the entries\n"
-               "  -b --boot[=ID]           Show current boot or the specified boot\n"
-               "     --list-boots          Show terse information about recorded boots\n"
-               "  -k --dmesg               Show kernel message log from the current boot\n"
-               "  -u --unit=UNIT           Show logs from the specified unit\n"
-               "     --user-unit=UNIT      Show logs from the specified user unit\n"
-               "  -t --identifier=STRING   Show entries with the specified syslog identifier\n"
-               "  -p --priority=RANGE      Show entries with the specified priority\n"
-               "  -e --pager-end           Immediately jump to the end in the pager\n"
-               "  -f --follow              Follow the journal\n"
-               "  -n --lines[=INTEGER]     Number of journal entries to show\n"
-               "     --no-tail             Show all lines, even in follow mode\n"
-               "  -r --reverse             Show the newest entries first\n"
-               "  -o --output=STRING       Change journal output mode (short, short-iso,\n"
-               "                                   short-precise, short-monotonic, verbose,\n"
-               "                                   export, json, json-pretty, json-sse, cat)\n"
-               "     --utc                 Express time in Coordinated Universal Time (UTC)\n"
-               "  -x --catalog             Add message explanations where available\n"
-               "     --no-full             Ellipsize fields\n"
-               "  -a --all                 Show all fields, including long and unprintable\n"
-               "  -q --quiet               Do not show info messages and privilege warning\n"
-               "     --no-pager            Do not pipe output into a pager\n"
-               "     --no-hostname         Suppress output of hostname field\n"
-               "  -m --merge               Show entries from all available journals\n"
-               "  -D --directory=PATH      Show journal files from directory\n"
-               "     --file=PATH           Show journal file\n"
-               "     --root=ROOT           Operate on catalog files below a root directory\n"
-#ifdef HAVE_GCRYPT
-               "     --interval=TIME       Time interval for changing the FSS sealing key\n"
-               "     --verify-key=KEY      Specify FSS verification key\n"
-               "     --force               Override of the FSS key pair with --setup-keys\n"
-#endif
-               "\nCommands:\n"
-               "  -h --help                Show this help text\n"
-               "     --version             Show package version\n"
-               "  -N --fields              List all field names currently used\n"
-               "  -F --field=FIELD         List all values that a specified field takes\n"
-               "     --disk-usage          Show total disk usage of all journal files\n"
-               "     --vacuum-size=BYTES   Reduce disk usage below specified size\n"
-               "     --vacuum-files=INT    Leave only the specified number of journal files\n"
-               "     --vacuum-time=TIME    Remove journal files older than specified time\n"
-               "     --verify              Verify journal file consistency\n"
-               "     --sync                Synchronize unwritten journal messages to disk\n"
-               "     --flush               Flush all journal data from /run into /var\n"
-               "     --rotate              Request immediate rotation of the journal files\n"
-               "     --header              Show journal header information\n"
-               "     --list-catalog        Show all message IDs in the catalog\n"
-               "     --dump-catalog        Show entries in the message catalog\n"
-               "     --update-catalog      Update the message catalog database\n"
-               "     --new-id128           Generate a new 128-bit ID\n"
-#ifdef HAVE_GCRYPT
-               "     --setup-keys          Generate a new FSS key pair\n"
-#endif
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_PAGER,
-                ARG_NO_FULL,
-                ARG_NO_TAIL,
-                ARG_NEW_ID128,
-                ARG_LIST_BOOTS,
-                ARG_USER,
-                ARG_SYSTEM,
-                ARG_ROOT,
-                ARG_HEADER,
-                ARG_SETUP_KEYS,
-                ARG_FILE,
-                ARG_INTERVAL,
-                ARG_VERIFY,
-                ARG_VERIFY_KEY,
-                ARG_DISK_USAGE,
-                ARG_AFTER_CURSOR,
-                ARG_SHOW_CURSOR,
-                ARG_USER_UNIT,
-                ARG_LIST_CATALOG,
-                ARG_DUMP_CATALOG,
-                ARG_UPDATE_CATALOG,
-                ARG_FORCE,
-                ARG_UTC,
-                ARG_SYNC,
-                ARG_FLUSH,
-                ARG_ROTATE,
-                ARG_VACUUM_SIZE,
-                ARG_VACUUM_FILES,
-                ARG_VACUUM_TIME,
-                ARG_NO_HOSTNAME,
-        };
-
-        static const struct option options[] = {
-                { "help",           no_argument,       NULL, 'h'                },
-                { "version" ,       no_argument,       NULL, ARG_VERSION        },
-                { "no-pager",       no_argument,       NULL, ARG_NO_PAGER       },
-                { "pager-end",      no_argument,       NULL, 'e'                },
-                { "follow",         no_argument,       NULL, 'f'                },
-                { "force",          no_argument,       NULL, ARG_FORCE          },
-                { "output",         required_argument, NULL, 'o'                },
-                { "all",            no_argument,       NULL, 'a'                },
-                { "full",           no_argument,       NULL, 'l'                },
-                { "no-full",        no_argument,       NULL, ARG_NO_FULL        },
-                { "lines",          optional_argument, NULL, 'n'                },
-                { "no-tail",        no_argument,       NULL, ARG_NO_TAIL        },
-                { "new-id128",      no_argument,       NULL, ARG_NEW_ID128      },
-                { "quiet",          no_argument,       NULL, 'q'                },
-                { "merge",          no_argument,       NULL, 'm'                },
-                { "boot",           optional_argument, NULL, 'b'                },
-                { "list-boots",     no_argument,       NULL, ARG_LIST_BOOTS     },
-                { "this-boot",      optional_argument, NULL, 'b'                }, /* deprecated */
-                { "dmesg",          no_argument,       NULL, 'k'                },
-                { "system",         no_argument,       NULL, ARG_SYSTEM         },
-                { "user",           no_argument,       NULL, ARG_USER           },
-                { "directory",      required_argument, NULL, 'D'                },
-                { "file",           required_argument, NULL, ARG_FILE           },
-                { "root",           required_argument, NULL, ARG_ROOT           },
-                { "header",         no_argument,       NULL, ARG_HEADER         },
-                { "identifier",     required_argument, NULL, 't'                },
-                { "priority",       required_argument, NULL, 'p'                },
-                { "setup-keys",     no_argument,       NULL, ARG_SETUP_KEYS     },
-                { "interval",       required_argument, NULL, ARG_INTERVAL       },
-                { "verify",         no_argument,       NULL, ARG_VERIFY         },
-                { "verify-key",     required_argument, NULL, ARG_VERIFY_KEY     },
-                { "disk-usage",     no_argument,       NULL, ARG_DISK_USAGE     },
-                { "cursor",         required_argument, NULL, 'c'                },
-                { "after-cursor",   required_argument, NULL, ARG_AFTER_CURSOR   },
-                { "show-cursor",    no_argument,       NULL, ARG_SHOW_CURSOR    },
-                { "since",          required_argument, NULL, 'S'                },
-                { "until",          required_argument, NULL, 'U'                },
-                { "unit",           required_argument, NULL, 'u'                },
-                { "user-unit",      required_argument, NULL, ARG_USER_UNIT      },
-                { "field",          required_argument, NULL, 'F'                },
-                { "fields",         no_argument,       NULL, 'N'                },
-                { "catalog",        no_argument,       NULL, 'x'                },
-                { "list-catalog",   no_argument,       NULL, ARG_LIST_CATALOG   },
-                { "dump-catalog",   no_argument,       NULL, ARG_DUMP_CATALOG   },
-                { "update-catalog", no_argument,       NULL, ARG_UPDATE_CATALOG },
-                { "reverse",        no_argument,       NULL, 'r'                },
-                { "machine",        required_argument, NULL, 'M'                },
-                { "utc",            no_argument,       NULL, ARG_UTC            },
-                { "flush",          no_argument,       NULL, ARG_FLUSH          },
-                { "sync",           no_argument,       NULL, ARG_SYNC           },
-                { "rotate",         no_argument,       NULL, ARG_ROTATE         },
-                { "vacuum-size",    required_argument, NULL, ARG_VACUUM_SIZE    },
-                { "vacuum-files",   required_argument, NULL, ARG_VACUUM_FILES   },
-                { "vacuum-time",    required_argument, NULL, ARG_VACUUM_TIME    },
-                { "no-hostname",    no_argument,       NULL, ARG_NO_HOSTNAME    },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:S:U:t:u:NF:xrM:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case 'e':
-                        arg_pager_end = true;
-
-                        if (arg_lines == ARG_LINES_DEFAULT)
-                                arg_lines = 1000;
-
-                        break;
-
-                case 'f':
-                        arg_follow = true;
-                        break;
-
-                case 'o':
-                        arg_output = output_mode_from_string(optarg);
-                        if (arg_output < 0) {
-                                log_error("Unknown output format '%s'.", optarg);
-                                return -EINVAL;
-                        }
-
-                        if (arg_output == OUTPUT_EXPORT ||
-                            arg_output == OUTPUT_JSON ||
-                            arg_output == OUTPUT_JSON_PRETTY ||
-                            arg_output == OUTPUT_JSON_SSE ||
-                            arg_output == OUTPUT_CAT)
-                                arg_quiet = true;
-
-                        break;
-
-                case 'l':
-                        arg_full = true;
-                        break;
-
-                case ARG_NO_FULL:
-                        arg_full = false;
-                        break;
-
-                case 'a':
-                        arg_all = true;
-                        break;
-
-                case 'n':
-                        if (optarg) {
-                                if (streq(optarg, "all"))
-                                        arg_lines = ARG_LINES_ALL;
-                                else {
-                                        r = safe_atoi(optarg, &arg_lines);
-                                        if (r < 0 || arg_lines < 0) {
-                                                log_error("Failed to parse lines '%s'", optarg);
-                                                return -EINVAL;
-                                        }
-                                }
-                        } else {
-                                arg_lines = 10;
-
-                                /* Hmm, no argument? Maybe the next
-                                 * word on the command line is
-                                 * supposed to be the argument? Let's
-                                 * see if there is one, and is
-                                 * parsable. */
-                                if (optind < argc) {
-                                        int n;
-                                        if (streq(argv[optind], "all")) {
-                                                arg_lines = ARG_LINES_ALL;
-                                                optind++;
-                                        } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
-                                                arg_lines = n;
-                                                optind++;
-                                        }
-                                }
-                        }
-
-                        break;
-
-                case ARG_NO_TAIL:
-                        arg_no_tail = true;
-                        break;
-
-                case ARG_NEW_ID128:
-                        arg_action = ACTION_NEW_ID128;
-                        break;
-
-                case 'q':
-                        arg_quiet = true;
-                        break;
-
-                case 'm':
-                        arg_merge = true;
-                        break;
-
-                case 'b':
-                        arg_boot = true;
-
-                        if (optarg) {
-                                r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
-                                if (r < 0) {
-                                        log_error("Failed to parse boot descriptor '%s'", optarg);
-                                        return -EINVAL;
-                                }
-                        } else {
-
-                                /* Hmm, no argument? Maybe the next
-                                 * word on the command line is
-                                 * supposed to be the argument? Let's
-                                 * see if there is one and is parsable
-                                 * as a boot descriptor... */
-
-                                if (optind < argc &&
-                                    parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
-                                        optind++;
-                        }
-
-                        break;
-
-                case ARG_LIST_BOOTS:
-                        arg_action = ACTION_LIST_BOOTS;
-                        break;
-
-                case 'k':
-                        arg_boot = arg_dmesg = true;
-                        break;
-
-                case ARG_SYSTEM:
-                        arg_journal_type |= SD_JOURNAL_SYSTEM;
-                        break;
-
-                case ARG_USER:
-                        arg_journal_type |= SD_JOURNAL_CURRENT_USER;
-                        break;
-
-                case 'M':
-                        arg_machine = optarg;
-                        break;
-
-                case 'D':
-                        arg_directory = optarg;
-                        break;
-
-                case ARG_FILE:
-                        if (streq(optarg, "-"))
-                                /* An undocumented feature: we can read journal files from STDIN. We don't document
-                                 * this though, since after all we only support this for mmap-able, seekable files, and
-                                 * not for example pipes which are probably the primary usecase for reading things from
-                                 * STDIN. To avoid confusion we hence don't document this feature. */
-                                arg_file_stdin = true;
-                        else {
-                                r = glob_extend(&arg_file, optarg);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to add paths: %m");
-                        }
-                        break;
-
-                case ARG_ROOT:
-                        r = parse_path_argument_and_warn(optarg, true, &arg_root);
-                        if (r < 0)
-                                return r;
-                        break;
-
-                case 'c':
-                        arg_cursor = optarg;
-                        break;
-
-                case ARG_AFTER_CURSOR:
-                        arg_after_cursor = optarg;
-                        break;
-
-                case ARG_SHOW_CURSOR:
-                        arg_show_cursor = true;
-                        break;
-
-                case ARG_HEADER:
-                        arg_action = ACTION_PRINT_HEADER;
-                        break;
-
-                case ARG_VERIFY:
-                        arg_action = ACTION_VERIFY;
-                        break;
-
-                case ARG_DISK_USAGE:
-                        arg_action = ACTION_DISK_USAGE;
-                        break;
-
-                case ARG_VACUUM_SIZE:
-                        r = parse_size(optarg, 1024, &arg_vacuum_size);
-                        if (r < 0) {
-                                log_error("Failed to parse vacuum size: %s", optarg);
-                                return r;
-                        }
-
-                        arg_action = ACTION_VACUUM;
-                        break;
-
-                case ARG_VACUUM_FILES:
-                        r = safe_atou64(optarg, &arg_vacuum_n_files);
-                        if (r < 0) {
-                                log_error("Failed to parse vacuum files: %s", optarg);
-                                return r;
-                        }
-
-                        arg_action = ACTION_VACUUM;
-                        break;
-
-                case ARG_VACUUM_TIME:
-                        r = parse_sec(optarg, &arg_vacuum_time);
-                        if (r < 0) {
-                                log_error("Failed to parse vacuum time: %s", optarg);
-                                return r;
-                        }
-
-                        arg_action = ACTION_VACUUM;
-                        break;
-
-#ifdef HAVE_GCRYPT
-                case ARG_FORCE:
-                        arg_force = true;
-                        break;
-
-                case ARG_SETUP_KEYS:
-                        arg_action = ACTION_SETUP_KEYS;
-                        break;
-
-
-                case ARG_VERIFY_KEY:
-                        arg_action = ACTION_VERIFY;
-                        arg_verify_key = optarg;
-                        arg_merge = false;
-                        break;
-
-                case ARG_INTERVAL:
-                        r = parse_sec(optarg, &arg_interval);
-                        if (r < 0 || arg_interval <= 0) {
-                                log_error("Failed to parse sealing key change interval: %s", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-#else
-                case ARG_SETUP_KEYS:
-                case ARG_VERIFY_KEY:
-                case ARG_INTERVAL:
-                case ARG_FORCE:
-                        log_error("Forward-secure sealing not available.");
-                        return -EOPNOTSUPP;
-#endif
-
-                case 'p': {
-                        const char *dots;
-
-                        dots = strstr(optarg, "..");
-                        if (dots) {
-                                char *a;
-                                int from, to, i;
-
-                                /* a range */
-                                a = strndup(optarg, dots - optarg);
-                                if (!a)
-                                        return log_oom();
-
-                                from = log_level_from_string(a);
-                                to = log_level_from_string(dots + 2);
-                                free(a);
-
-                                if (from < 0 || to < 0) {
-                                        log_error("Failed to parse log level range %s", optarg);
-                                        return -EINVAL;
-                                }
-
-                                arg_priorities = 0;
-
-                                if (from < to) {
-                                        for (i = from; i <= to; i++)
-                                                arg_priorities |= 1 << i;
-                                } else {
-                                        for (i = to; i <= from; i++)
-                                                arg_priorities |= 1 << i;
-                                }
-
-                        } else {
-                                int p, i;
-
-                                p = log_level_from_string(optarg);
-                                if (p < 0) {
-                                        log_error("Unknown log level %s", optarg);
-                                        return -EINVAL;
-                                }
-
-                                arg_priorities = 0;
-
-                                for (i = 0; i <= p; i++)
-                                        arg_priorities |= 1 << i;
-                        }
-
-                        break;
-                }
-
-                case 'S':
-                        r = parse_timestamp(optarg, &arg_since);
-                        if (r < 0) {
-                                log_error("Failed to parse timestamp: %s", optarg);
-                                return -EINVAL;
-                        }
-                        arg_since_set = true;
-                        break;
-
-                case 'U':
-                        r = parse_timestamp(optarg, &arg_until);
-                        if (r < 0) {
-                                log_error("Failed to parse timestamp: %s", optarg);
-                                return -EINVAL;
-                        }
-                        arg_until_set = true;
-                        break;
-
-                case 't':
-                        r = strv_extend(&arg_syslog_identifier, optarg);
-                        if (r < 0)
-                                return log_oom();
-                        break;
-
-                case 'u':
-                        r = strv_extend(&arg_system_units, optarg);
-                        if (r < 0)
-                                return log_oom();
-                        break;
-
-                case ARG_USER_UNIT:
-                        r = strv_extend(&arg_user_units, optarg);
-                        if (r < 0)
-                                return log_oom();
-                        break;
-
-                case 'F':
-                        arg_action = ACTION_LIST_FIELDS;
-                        arg_field = optarg;
-                        break;
-
-                case 'N':
-                        arg_action = ACTION_LIST_FIELD_NAMES;
-                        break;
-
-                case ARG_NO_HOSTNAME:
-                        arg_no_hostname = true;
-                        break;
-
-                case 'x':
-                        arg_catalog = true;
-                        break;
-
-                case ARG_LIST_CATALOG:
-                        arg_action = ACTION_LIST_CATALOG;
-                        break;
-
-                case ARG_DUMP_CATALOG:
-                        arg_action = ACTION_DUMP_CATALOG;
-                        break;
-
-                case ARG_UPDATE_CATALOG:
-                        arg_action = ACTION_UPDATE_CATALOG;
-                        break;
-
-                case 'r':
-                        arg_reverse = true;
-                        break;
-
-                case ARG_UTC:
-                        arg_utc = true;
-                        break;
-
-                case ARG_FLUSH:
-                        arg_action = ACTION_FLUSH;
-                        break;
-
-                case ARG_ROTATE:
-                        arg_action = ACTION_ROTATE;
-                        break;
-
-                case ARG_SYNC:
-                        arg_action = ACTION_SYNC;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
-                arg_lines = 10;
-
-        if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
-                log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
-                return -EINVAL;
-        }
-
-        if (arg_since_set && arg_until_set && arg_since > arg_until) {
-                log_error("--since= must be before --until=.");
-                return -EINVAL;
-        }
-
-        if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
-                log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
-                return -EINVAL;
-        }
-
-        if (arg_follow && arg_reverse) {
-                log_error("Please specify either --reverse= or --follow=, not both.");
-                return -EINVAL;
-        }
-
-        if (!IN_SET(arg_action, ACTION_SHOW, ACTION_DUMP_CATALOG, ACTION_LIST_CATALOG) && optind < argc) {
-                log_error("Extraneous arguments starting with '%s'", argv[optind]);
-                return -EINVAL;
-        }
-
-        if ((arg_boot || arg_action == ACTION_LIST_BOOTS) && (arg_file || arg_directory || arg_merge)) {
-                log_error("Using --boot or --list-boots with --file, --directory or --merge is not supported.");
-                return -EINVAL;
-        }
-
-        if (!strv_isempty(arg_system_units) && (arg_journal_type == SD_JOURNAL_CURRENT_USER)) {
-
-                /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
-                 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
-                 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
-                r = strv_extend_strv(&arg_user_units, arg_system_units, true);
-                if (r < 0)
-                        return -ENOMEM;
-
-                arg_system_units = strv_free(arg_system_units);
-        }
-
-        return 1;
-}
-
-static int generate_new_id128(void) {
-        sd_id128_t id;
-        int r;
-        unsigned i;
-
-        r = sd_id128_randomize(&id);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate ID: %m");
-
-        printf("As string:\n"
-               SD_ID128_FORMAT_STR "\n\n"
-               "As UUID:\n"
-               "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
-               "As macro:\n"
-               "#define MESSAGE_XYZ SD_ID128_MAKE(",
-               SD_ID128_FORMAT_VAL(id),
-               SD_ID128_FORMAT_VAL(id));
-        for (i = 0; i < 16; i++)
-                printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
-        fputs(")\n\n", stdout);
-
-        printf("As Python constant:\n"
-               ">>> import uuid\n"
-               ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
-               SD_ID128_FORMAT_VAL(id));
-
-        return 0;
-}
-
-static int add_matches(sd_journal *j, char **args) {
-        char **i;
-        bool have_term = false;
-
-        assert(j);
-
-        STRV_FOREACH(i, args) {
-                int r;
-
-                if (streq(*i, "+")) {
-                        if (!have_term)
-                                break;
-                        r = sd_journal_add_disjunction(j);
-                        have_term = false;
-
-                } else if (path_is_absolute(*i)) {
-                        _cleanup_free_ char *p, *t = NULL, *t2 = NULL, *interpreter = NULL;
-                        const char *path;
-                        struct stat st;
-
-                        p = canonicalize_file_name(*i);
-                        path = p ?: *i;
-
-                        if (lstat(path, &st) < 0)
-                                return log_error_errno(errno, "Couldn't stat file: %m");
-
-                        if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
-                                if (executable_is_script(path, &interpreter) > 0) {
-                                        _cleanup_free_ char *comm;
-
-                                        comm = strndup(basename(path), 15);
-                                        if (!comm)
-                                                return log_oom();
-
-                                        t = strappend("_COMM=", comm);
-                                        if (!t)
-                                                return log_oom();
-
-                                        /* Append _EXE only if the interpreter is not a link.
-                                           Otherwise, it might be outdated often. */
-                                        if (lstat(interpreter, &st) == 0 && !S_ISLNK(st.st_mode)) {
-                                                t2 = strappend("_EXE=", interpreter);
-                                                if (!t2)
-                                                        return log_oom();
-                                        }
-                                } else {
-                                        t = strappend("_EXE=", path);
-                                        if (!t)
-                                                return log_oom();
-                                }
-
-                                r = sd_journal_add_match(j, t, 0);
-
-                                if (r >=0 && t2)
-                                        r = sd_journal_add_match(j, t2, 0);
-
-                        } else if (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode)) {
-                                r = add_matches_for_device(j, path);
-                                if (r < 0)
-                                        return r;
-                        } else {
-                                log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
-                                return -EINVAL;
-                        }
-
-                        have_term = true;
-                } else {
-                        r = sd_journal_add_match(j, *i, 0);
-                        have_term = true;
-                }
-
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add match '%s': %m", *i);
-        }
-
-        if (!strv_isempty(args) && !have_term) {
-                log_error("\"+\" can only be used between terms");
-                return -EINVAL;
-        }
-
-        return 0;
-}
-
-static void boot_id_free_all(BootId *l) {
-
-        while (l) {
-                BootId *i = l;
-                LIST_REMOVE(boot_list, l, i);
-                free(i);
-        }
-}
-
-static int discover_next_boot(sd_journal *j,
-                sd_id128_t previous_boot_id,
-                bool advance_older,
-                BootId **ret) {
-
-        _cleanup_free_ BootId *next_boot = NULL;
-        char match[9+32+1] = "_BOOT_ID=";
-        sd_id128_t boot_id;
-        int r;
-
-        assert(j);
-        assert(ret);
-
-        /* We expect the journal to be on the last position of a boot
-         * (in relation to the direction we are going), so that the next
-         * invocation of sd_journal_next/previous will be from a different
-         * boot. We then collect any information we desire and then jump
-         * to the last location of the new boot by using a _BOOT_ID match
-         * coming from the other journal direction. */
-
-        /* Make sure we aren't restricted by any _BOOT_ID matches, so that
-         * we can actually advance to a *different* boot. */
-        sd_journal_flush_matches(j);
-
-        do {
-                if (advance_older)
-                        r = sd_journal_previous(j);
-                else
-                        r = sd_journal_next(j);
-                if (r < 0)
-                        return r;
-                else if (r == 0)
-                        return 0; /* End of journal, yay. */
-
-                r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
-                if (r < 0)
-                        return r;
-
-                /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
-                 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
-                 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
-                 * complete than the main entry array, and hence might reference an entry that's not actually the last
-                 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
-                 * speed things up, but let's not trust that it is complete, and hence, manually advance as
-                 * necessary. */
-
-        } while (sd_id128_equal(boot_id, previous_boot_id));
-
-        next_boot = new0(BootId, 1);
-        if (!next_boot)
-                return -ENOMEM;
-
-        next_boot->id = boot_id;
-
-        r = sd_journal_get_realtime_usec(j, &next_boot->first);
-        if (r < 0)
-                return r;
-
-        /* Now seek to the last occurrence of this boot ID. */
-        sd_id128_to_string(next_boot->id, match + 9);
-        r = sd_journal_add_match(j, match, sizeof(match) - 1);
-        if (r < 0)
-                return r;
-
-        if (advance_older)
-                r = sd_journal_seek_head(j);
-        else
-                r = sd_journal_seek_tail(j);
-        if (r < 0)
-                return r;
-
-        if (advance_older)
-                r = sd_journal_next(j);
-        else
-                r = sd_journal_previous(j);
-        if (r < 0)
-                return r;
-        else if (r == 0)
-                return -ENODATA; /* This shouldn't happen. We just came from this very boot ID. */
-
-        r = sd_journal_get_realtime_usec(j, &next_boot->last);
-        if (r < 0)
-                return r;
-
-        *ret = next_boot;
-        next_boot = NULL;
-
-        return 0;
-}
-
-static int get_boots(
-                sd_journal *j,
-                BootId **boots,
-                sd_id128_t *query_ref_boot,
-                int ref_boot_offset) {
-
-        bool skip_once;
-        int r, count = 0;
-        BootId *head = NULL, *tail = NULL;
-        const bool advance_older = query_ref_boot && ref_boot_offset <= 0;
-        sd_id128_t previous_boot_id;
-
-        assert(j);
-
-        /* Adjust for the asymmetry that offset 0 is
-         * the last (and current) boot, while 1 is considered the
-         * (chronological) first boot in the journal. */
-        skip_once = query_ref_boot && sd_id128_is_null(*query_ref_boot) && ref_boot_offset < 0;
-
-        /* Advance to the earliest/latest occurrence of our reference
-         * boot ID (taking our lookup direction into account), so that
-         * discover_next_boot() can do its job.
-         * If no reference is given, the journal head/tail will do,
-         * they're "virtual" boots after all. */
-        if (query_ref_boot && !sd_id128_is_null(*query_ref_boot)) {
-                char match[9+32+1] = "_BOOT_ID=";
-
-                sd_journal_flush_matches(j);
-
-                sd_id128_to_string(*query_ref_boot, match + 9);
-                r = sd_journal_add_match(j, match, sizeof(match) - 1);
-                if (r < 0)
-                        return r;
-
-                if (advance_older)
-                        r = sd_journal_seek_head(j); /* seek to oldest */
-                else
-                        r = sd_journal_seek_tail(j); /* seek to newest */
-                if (r < 0)
-                        return r;
-
-                if (advance_older)
-                        r = sd_journal_next(j);     /* read the oldest entry */
-                else
-                        r = sd_journal_previous(j); /* read the most recently added entry */
-                if (r < 0)
-                        return r;
-                else if (r == 0)
-                        goto finish;
-                else if (ref_boot_offset == 0) {
-                        count = 1;
-                        goto finish;
-                }
-
-                /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
-                 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
-                 * the following entry, which must then have an older/newer boot ID */
-        } else {
-
-                if (advance_older)
-                        r = sd_journal_seek_tail(j); /* seek to newest */
-                else
-                        r = sd_journal_seek_head(j); /* seek to oldest */
-                if (r < 0)
-                        return r;
-
-                /* No sd_journal_next()/_previous() here.
-                 *
-                 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
-                 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
-                 * entry we have. */
-        }
-
-        previous_boot_id = SD_ID128_NULL;
-        for (;;) {
-                _cleanup_free_ BootId *current = NULL;
-
-                r = discover_next_boot(j, previous_boot_id, advance_older, &current);
-                if (r < 0) {
-                        boot_id_free_all(head);
-                        return r;
-                }
-
-                if (!current)
-                        break;
-
-                previous_boot_id = current->id;
-
-                if (query_ref_boot) {
-                        if (!skip_once)
-                                ref_boot_offset += advance_older ? 1 : -1;
-                        skip_once = false;
-
-                        if (ref_boot_offset == 0) {
-                                count = 1;
-                                *query_ref_boot = current->id;
-                                break;
-                        }
-                } else {
-                        LIST_INSERT_AFTER(boot_list, head, tail, current);
-                        tail = current;
-                        current = NULL;
-                        count++;
-                }
-        }
-
-finish:
-        if (boots)
-                *boots = head;
-
-        sd_journal_flush_matches(j);
-
-        return count;
-}
-
-static int list_boots(sd_journal *j) {
-        int w, i, count;
-        BootId *id, *all_ids;
-
-        assert(j);
-
-        count = get_boots(j, &all_ids, NULL, 0);
-        if (count < 0)
-                return log_error_errno(count, "Failed to determine boots: %m");
-        if (count == 0)
-                return count;
-
-        pager_open(arg_no_pager, arg_pager_end);
-
-        /* numbers are one less, but we need an extra char for the sign */
-        w = DECIMAL_STR_WIDTH(count - 1) + 1;
-
-        i = 0;
-        LIST_FOREACH(boot_list, id, all_ids) {
-                char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
-
-                printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
-                       w, i - count + 1,
-                       SD_ID128_FORMAT_VAL(id->id),
-                       format_timestamp_maybe_utc(a, sizeof(a), id->first),
-                       format_timestamp_maybe_utc(b, sizeof(b), id->last));
-                i++;
-        }
-
-        boot_id_free_all(all_ids);
-
-        return 0;
-}
-
-static int add_boot(sd_journal *j) {
-        char match[9+32+1] = "_BOOT_ID=";
-        sd_id128_t ref_boot_id;
-        int r;
-
-        assert(j);
-
-        if (!arg_boot)
-                return 0;
-
-        if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
-                return add_match_this_boot(j, arg_machine);
-
-        ref_boot_id = arg_boot_id;
-        r = get_boots(j, NULL, &ref_boot_id, arg_boot_offset);
-        assert(r <= 1);
-        if (r <= 0) {
-                const char *reason = (r == 0) ? "No such boot ID in journal" : strerror(-r);
-
-                if (sd_id128_is_null(arg_boot_id))
-                        log_error("Data from the specified boot (%+i) is not available: %s",
-                                  arg_boot_offset, reason);
-                else
-                        log_error("Data from the specified boot ("SD_ID128_FORMAT_STR") is not available: %s",
-                                  SD_ID128_FORMAT_VAL(arg_boot_id), reason);
-
-                return r == 0 ? -ENODATA : r;
-        }
-
-        sd_id128_to_string(ref_boot_id, match + 9);
-
-        r = sd_journal_add_match(j, match, sizeof(match) - 1);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match: %m");
-
-        r = sd_journal_add_conjunction(j);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add conjunction: %m");
-
-        return 0;
-}
-
-static int add_dmesg(sd_journal *j) {
-        int r;
-        assert(j);
-
-        if (!arg_dmesg)
-                return 0;
-
-        r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match: %m");
-
-        r = sd_journal_add_conjunction(j);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add conjunction: %m");
-
-        return 0;
-}
-
-static int get_possible_units(
-                sd_journal *j,
-                const char *fields,
-                char **patterns,
-                Set **units) {
-
-        _cleanup_set_free_free_ Set *found;
-        const char *field;
-        int r;
-
-        found = set_new(&string_hash_ops);
-        if (!found)
-                return -ENOMEM;
-
-        NULSTR_FOREACH(field, fields) {
-                const void *data;
-                size_t size;
-
-                r = sd_journal_query_unique(j, field);
-                if (r < 0)
-                        return r;
-
-                SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
-                        char **pattern, *eq;
-                        size_t prefix;
-                        _cleanup_free_ char *u = NULL;
-
-                        eq = memchr(data, '=', size);
-                        if (eq)
-                                prefix = eq - (char*) data + 1;
-                        else
-                                prefix = 0;
-
-                        u = strndup((char*) data + prefix, size - prefix);
-                        if (!u)
-                                return -ENOMEM;
-
-                        STRV_FOREACH(pattern, patterns)
-                                if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
-                                        log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
-
-                                        r = set_consume(found, u);
-                                        u = NULL;
-                                        if (r < 0 && r != -EEXIST)
-                                                return r;
-
-                                        break;
-                                }
-                }
-        }
-
-        *units = found;
-        found = NULL;
-        return 0;
-}
-
-/* This list is supposed to return the superset of unit names
- * possibly matched by rules added with add_matches_for_unit... */
-#define SYSTEM_UNITS                 \
-        "_SYSTEMD_UNIT\0"            \
-        "COREDUMP_UNIT\0"            \
-        "UNIT\0"                     \
-        "OBJECT_SYSTEMD_UNIT\0"      \
-        "_SYSTEMD_SLICE\0"
-
-/* ... and add_matches_for_user_unit */
-#define USER_UNITS                   \
-        "_SYSTEMD_USER_UNIT\0"       \
-        "USER_UNIT\0"                \
-        "COREDUMP_USER_UNIT\0"       \
-        "OBJECT_SYSTEMD_USER_UNIT\0"
-
-static int add_units(sd_journal *j) {
-        _cleanup_strv_free_ char **patterns = NULL;
-        int r, count = 0;
-        char **i;
-
-        assert(j);
-
-        STRV_FOREACH(i, arg_system_units) {
-                _cleanup_free_ char *u = NULL;
-
-                r = unit_name_mangle(*i, UNIT_NAME_GLOB, &u);
-                if (r < 0)
-                        return r;
-
-                if (string_is_glob(u)) {
-                        r = strv_push(&patterns, u);
-                        if (r < 0)
-                                return r;
-                        u = NULL;
-                } else {
-                        r = add_matches_for_unit(j, u);
-                        if (r < 0)
-                                return r;
-                        r = sd_journal_add_disjunction(j);
-                        if (r < 0)
-                                return r;
-                        count++;
-                }
-        }
-
-        if (!strv_isempty(patterns)) {
-                _cleanup_set_free_free_ Set *units = NULL;
-                Iterator it;
-                char *u;
-
-                r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
-                if (r < 0)
-                        return r;
-
-                SET_FOREACH(u, units, it) {
-                        r = add_matches_for_unit(j, u);
-                        if (r < 0)
-                                return r;
-                        r = sd_journal_add_disjunction(j);
-                        if (r < 0)
-                                return r;
-                        count++;
-                }
-        }
-
-        patterns = strv_free(patterns);
-
-        STRV_FOREACH(i, arg_user_units) {
-                _cleanup_free_ char *u = NULL;
-
-                r = unit_name_mangle(*i, UNIT_NAME_GLOB, &u);
-                if (r < 0)
-                        return r;
-
-                if (string_is_glob(u)) {
-                        r = strv_push(&patterns, u);
-                        if (r < 0)
-                                return r;
-                        u = NULL;
-                } else {
-                        r = add_matches_for_user_unit(j, u, getuid());
-                        if (r < 0)
-                                return r;
-                        r = sd_journal_add_disjunction(j);
-                        if (r < 0)
-                                return r;
-                        count++;
-                }
-        }
-
-        if (!strv_isempty(patterns)) {
-                _cleanup_set_free_free_ Set *units = NULL;
-                Iterator it;
-                char *u;
-
-                r = get_possible_units(j, USER_UNITS, patterns, &units);
-                if (r < 0)
-                        return r;
-
-                SET_FOREACH(u, units, it) {
-                        r = add_matches_for_user_unit(j, u, getuid());
-                        if (r < 0)
-                                return r;
-                        r = sd_journal_add_disjunction(j);
-                        if (r < 0)
-                                return r;
-                        count++;
-                }
-        }
-
-        /* Complain if the user request matches but nothing whatsoever was
-         * found, since otherwise everything would be matched. */
-        if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
-                return -ENODATA;
-
-        r = sd_journal_add_conjunction(j);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int add_priorities(sd_journal *j) {
-        char match[] = "PRIORITY=0";
-        int i, r;
-        assert(j);
-
-        if (arg_priorities == 0xFF)
-                return 0;
-
-        for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
-                if (arg_priorities & (1 << i)) {
-                        match[sizeof(match)-2] = '0' + i;
-
-                        r = sd_journal_add_match(j, match, strlen(match));
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to add match: %m");
-                }
-
-        r = sd_journal_add_conjunction(j);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add conjunction: %m");
-
-        return 0;
-}
-
-
-static int add_syslog_identifier(sd_journal *j) {
-        int r;
-        char **i;
-
-        assert(j);
-
-        STRV_FOREACH(i, arg_syslog_identifier) {
-                char *u;
-
-                u = strjoina("SYSLOG_IDENTIFIER=", *i);
-                r = sd_journal_add_match(j, u, 0);
-                if (r < 0)
-                        return r;
-                r = sd_journal_add_disjunction(j);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_journal_add_conjunction(j);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int setup_keys(void) {
-#ifdef HAVE_GCRYPT
-        size_t mpk_size, seed_size, state_size, i;
-        uint8_t *mpk, *seed, *state;
-        int fd = -1, r;
-        sd_id128_t machine, boot;
-        char *p = NULL, *k = NULL;
-        struct FSSHeader h;
-        uint64_t n;
-        struct stat st;
-
-        r = stat("/var/log/journal", &st);
-        if (r < 0 && errno != ENOENT && errno != ENOTDIR)
-                return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
-
-        if (r < 0 || !S_ISDIR(st.st_mode)) {
-                log_error("%s is not a directory, must be using persistent logging for FSS.",
-                          "/var/log/journal");
-                return r < 0 ? -errno : -ENOTDIR;
-        }
-
-        r = sd_id128_get_machine(&machine);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get machine ID: %m");
-
-        r = sd_id128_get_boot(&boot);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get boot ID: %m");
-
-        if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
-                     SD_ID128_FORMAT_VAL(machine)) < 0)
-                return log_oom();
-
-        if (arg_force) {
-                r = unlink(p);
-                if (r < 0 && errno != ENOENT) {
-                        r = log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
-                        goto finish;
-                }
-        } else if (access(p, F_OK) >= 0) {
-                log_error("Sealing key file %s exists already. Use --force to recreate.", p);
-                r = -EEXIST;
-                goto finish;
-        }
-
-        if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
-                     SD_ID128_FORMAT_VAL(machine)) < 0) {
-                r = log_oom();
-                goto finish;
-        }
-
-        mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
-        mpk = alloca(mpk_size);
-
-        seed_size = FSPRG_RECOMMENDED_SEEDLEN;
-        seed = alloca(seed_size);
-
-        state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
-        state = alloca(state_size);
-
-        fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
-        if (fd < 0) {
-                r = log_error_errno(errno, "Failed to open /dev/random: %m");
-                goto finish;
-        }
-
-        log_info("Generating seed...");
-        r = loop_read_exact(fd, seed, seed_size, true);
-        if (r < 0) {
-                log_error_errno(r, "Failed to read random seed: %m");
-                goto finish;
-        }
-
-        log_info("Generating key pair...");
-        FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
-
-        log_info("Generating sealing key...");
-        FSPRG_GenState0(state, mpk, seed, seed_size);
-
-        assert(arg_interval > 0);
-
-        n = now(CLOCK_REALTIME);
-        n /= arg_interval;
-
-        safe_close(fd);
-        fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
-        if (fd < 0) {
-                r = log_error_errno(fd, "Failed to open %s: %m", k);
-                goto finish;
-        }
-
-        /* Enable secure remove, exclusion from dump, synchronous
-         * writing and in-place updating */
-        r = chattr_fd(fd, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set file attributes: %m");
-
-        zero(h);
-        memcpy(h.signature, "KSHHRHLP", 8);
-        h.machine_id = machine;
-        h.boot_id = boot;
-        h.header_size = htole64(sizeof(h));
-        h.start_usec = htole64(n * arg_interval);
-        h.interval_usec = htole64(arg_interval);
-        h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
-        h.fsprg_state_size = htole64(state_size);
-
-        r = loop_write(fd, &h, sizeof(h), false);
-        if (r < 0) {
-                log_error_errno(r, "Failed to write header: %m");
-                goto finish;
-        }
-
-        r = loop_write(fd, state, state_size, false);
-        if (r < 0) {
-                log_error_errno(r, "Failed to write state: %m");
-                goto finish;
-        }
-
-        if (link(k, p) < 0) {
-                r = log_error_errno(errno, "Failed to link file: %m");
-                goto finish;
-        }
-
-        if (on_tty()) {
-                fprintf(stderr,
-                        "\n"
-                        "The new key pair has been generated. The " ANSI_HIGHLIGHT "secret sealing key" ANSI_NORMAL " has been written to\n"
-                        "the following local file. This key file is automatically updated when the\n"
-                        "sealing key is advanced. It should not be used on multiple hosts.\n"
-                        "\n"
-                        "\t%s\n"
-                        "\n"
-                        "Please write down the following " ANSI_HIGHLIGHT "secret verification key" ANSI_NORMAL ". It should be stored\n"
-                        "at a safe location and should not be saved locally on disk.\n"
-                        "\n\t" ANSI_HIGHLIGHT_RED, p);
-                fflush(stderr);
-        }
-        for (i = 0; i < seed_size; i++) {
-                if (i > 0 && i % 3 == 0)
-                        putchar('-');
-                printf("%02x", ((uint8_t*) seed)[i]);
-        }
-
-        printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
-
-        if (on_tty()) {
-                char tsb[FORMAT_TIMESPAN_MAX], *hn;
-
-                fprintf(stderr,
-                        ANSI_NORMAL "\n"
-                        "The sealing key is automatically changed every %s.\n",
-                        format_timespan(tsb, sizeof(tsb), arg_interval, 0));
-
-                hn = gethostname_malloc();
-
-                if (hn) {
-                        hostname_cleanup(hn);
-                        fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
-                } else
-                        fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
-
-#ifdef HAVE_QRENCODE
-                /* If this is not an UTF-8 system don't print any QR codes */
-                if (is_locale_utf8()) {
-                        fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
-                        print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
-                }
-#endif
-                free(hn);
-        }
-
-        r = 0;
-
-finish:
-        safe_close(fd);
-
-        if (k) {
-                unlink(k);
-                free(k);
-        }
-
-        free(p);
-
-        return r;
-#else
-        log_error("Forward-secure sealing not available.");
-        return -EOPNOTSUPP;
-#endif
-}
-
-static int verify(sd_journal *j) {
-        int r = 0;
-        Iterator i;
-        JournalFile *f;
-
-        assert(j);
-
-        log_show_color(true);
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
-                int k;
-                usec_t first = 0, validated = 0, last = 0;
-
-#ifdef HAVE_GCRYPT
-                if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
-                        log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
-#endif
-
-                k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
-                if (k == -EINVAL) {
-                        /* If the key was invalid give up right-away. */
-                        return k;
-                } else if (k < 0) {
-                        log_warning_errno(k, "FAIL: %s (%m)", f->path);
-                        r = k;
-                } else {
-                        char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
-                        log_info("PASS: %s", f->path);
-
-                        if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
-                                if (validated > 0) {
-                                        log_info("=> Validated from %s to %s, final %s entries not sealed.",
-                                                 format_timestamp_maybe_utc(a, sizeof(a), first),
-                                                 format_timestamp_maybe_utc(b, sizeof(b), validated),
-                                                 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
-                                } else if (last > 0)
-                                        log_info("=> No sealing yet, %s of entries not sealed.",
-                                                 format_timespan(c, sizeof(c), last - first, 0));
-                                else
-                                        log_info("=> No sealing yet, no entries in file.");
-                        }
-                }
-        }
-
-        return r;
-}
-
-static int access_check_var_log_journal(sd_journal *j) {
-#ifdef HAVE_ACL
-        _cleanup_strv_free_ char **g = NULL;
-        const char* dir;
-#endif
-        int r;
-
-        assert(j);
-
-        if (arg_quiet)
-                return 0;
-
-        /* If we are root, we should have access, don't warn. */
-        if (getuid() == 0)
-                return 0;
-
-        /* If we are in the 'systemd-journal' group, we should have
-         * access too. */
-        r = in_group("systemd-journal");
-        if (r < 0)
-                return log_error_errno(r, "Failed to check if we are in the 'systemd-journal' group: %m");
-        if (r > 0)
-                return 0;
-
-#ifdef HAVE_ACL
-        if (laccess("/run/log/journal", F_OK) >= 0)
-                dir = "/run/log/journal";
-        else
-                dir = "/var/log/journal";
-
-        /* If we are in any of the groups listed in the journal ACLs,
-         * then all is good, too. Let's enumerate all groups from the
-         * default ACL of the directory, which generally should allow
-         * access to most journal files too. */
-        r = acl_search_groups(dir, &g);
-        if (r < 0)
-                return log_error_errno(r, "Failed to search journal ACL: %m");
-        if (r > 0)
-                return 0;
-
-        /* Print a pretty list, if there were ACLs set. */
-        if (!strv_isempty(g)) {
-                _cleanup_free_ char *s = NULL;
-
-                /* Thre are groups in the ACL, let's list them */
-                r = strv_extend(&g, "systemd-journal");
-                if (r < 0)
-                        return log_oom();
-
-                strv_sort(g);
-                strv_uniq(g);
-
-                s = strv_join(g, "', '");
-                if (!s)
-                        return log_oom();
-
-                log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
-                           "      Users in groups '%s' can see all messages.\n"
-                           "      Pass -q to turn off this notice.", s);
-                return 1;
-        }
-#endif
-
-        /* If no ACLs were found, print a short version of the message. */
-        log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
-                   "      Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
-                   "      turn off this notice.");
-
-        return 1;
-}
-
-static int access_check(sd_journal *j) {
-        Iterator it;
-        void *code;
-        char *path;
-        int r = 0;
-
-        assert(j);
-
-        if (hashmap_isempty(j->errors)) {
-                if (ordered_hashmap_isempty(j->files))
-                        log_notice("No journal files were found.");
-
-                return 0;
-        }
-
-        if (hashmap_contains(j->errors, INT_TO_PTR(-EACCES))) {
-                (void) access_check_var_log_journal(j);
-
-                if (ordered_hashmap_isempty(j->files))
-                        r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");
-        }
-
-        HASHMAP_FOREACH_KEY(path, code, j->errors, it) {
-                int err;
-
-                err = abs(PTR_TO_INT(code));
-
-                switch (err) {
-                case EACCES:
-                        continue;
-
-                case ENODATA:
-                        log_warning_errno(err, "Journal file %s is truncated, ignoring file.", path);
-                        break;
-
-                case EPROTONOSUPPORT:
-                        log_warning_errno(err, "Journal file %s uses an unsupported feature, ignoring file.", path);
-                        break;
-
-                case EBADMSG:
-                        log_warning_errno(err, "Journal file %s corrupted, ignoring file.", path);
-                        break;
-
-                default:
-                        log_warning_errno(err, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path);
-                        break;
-                }
-        }
-
-        return r;
-}
-
-static int flush_to_var(void) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_close_ int watch_fd = -1;
-        int r;
-
-        if (arg_machine) {
-                log_error("--flush is not supported in conjunction with --machine=.");
-                return -EOPNOTSUPP;
-        }
-
-        /* Quick exit */
-        if (access("/run/systemd/journal/flushed", F_OK) >= 0)
-                return 0;
-
-        /* OK, let's actually do the full logic, send SIGUSR1 to the
-         * daemon and set up inotify to wait for the flushed file to appear */
-        r = bus_connect_system_systemd(&bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get D-Bus connection: %m");
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "KillUnit",
-                        &error,
-                        NULL,
-                        "ssi", "systemd-journald.service", "main", SIGUSR1);
-        if (r < 0)
-                return log_error_errno(r, "Failed to kill journal service: %s", bus_error_message(&error, r));
-
-        mkdir_p("/run/systemd/journal", 0755);
-
-        watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
-        if (watch_fd < 0)
-                return log_error_errno(errno, "Failed to create inotify watch: %m");
-
-        r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
-        if (r < 0)
-                return log_error_errno(errno, "Failed to watch journal directory: %m");
-
-        for (;;) {
-                if (access("/run/systemd/journal/flushed", F_OK) >= 0)
-                        break;
-
-                if (errno != ENOENT)
-                        return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
-
-                r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to wait for event: %m");
-
-                r = flush_fd(watch_fd);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to flush inotify events: %m");
-        }
-
-        return 0;
-}
-
-static int send_signal_and_wait(int sig, const char *watch_path) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_close_ int watch_fd = -1;
-        usec_t start;
-        int r;
-
-        if (arg_machine) {
-                log_error("--sync and --rotate are not supported in conjunction with --machine=.");
-                return -EOPNOTSUPP;
-        }
-
-        start = now(CLOCK_MONOTONIC);
-
-        /* This call sends the specified signal to journald, and waits
-         * for acknowledgment by watching the mtime of the specified
-         * flag file. This is used to trigger syncing or rotation and
-         * then wait for the operation to complete. */
-
-        for (;;) {
-                usec_t tstamp;
-
-                /* See if a sync happened by now. */
-                r = read_timestamp_file(watch_path, &tstamp);
-                if (r < 0 && r != -ENOENT)
-                        return log_error_errno(errno, "Failed to read %s: %m", watch_path);
-                if (r >= 0 && tstamp >= start)
-                        return 0;
-
-                /* Let's ask for a sync, but only once. */
-                if (!bus) {
-                        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-
-                        r = bus_connect_system_systemd(&bus);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get D-Bus connection: %m");
-
-                        r = sd_bus_call_method(
-                                        bus,
-                                        "org.freedesktop.systemd1",
-                                        "/org/freedesktop/systemd1",
-                                        "org.freedesktop.systemd1.Manager",
-                                        "KillUnit",
-                                        &error,
-                                        NULL,
-                                        "ssi", "systemd-journald.service", "main", sig);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to kill journal service: %s", bus_error_message(&error, r));
-
-                        continue;
-                }
-
-                /* Let's install the inotify watch, if we didn't do that yet. */
-                if (watch_fd < 0) {
-
-                        mkdir_p("/run/systemd/journal", 0755);
-
-                        watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
-                        if (watch_fd < 0)
-                                return log_error_errno(errno, "Failed to create inotify watch: %m");
-
-                        r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_MOVED_TO|IN_DONT_FOLLOW|IN_ONLYDIR);
-                        if (r < 0)
-                                return log_error_errno(errno, "Failed to watch journal directory: %m");
-
-                        /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
-                        continue;
-                }
-
-                /* OK, all preparatory steps done, let's wait until
-                 * inotify reports an event. */
-
-                r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to wait for event: %m");
-
-                r = flush_fd(watch_fd);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to flush inotify events: %m");
-        }
-
-        return 0;
-}
-
-static int rotate(void) {
-        return send_signal_and_wait(SIGUSR2, "/run/systemd/journal/rotated");
-}
-
-static int sync_journal(void) {
-        return send_signal_and_wait(SIGRTMIN+1, "/run/systemd/journal/synced");
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-        _cleanup_(sd_journal_closep) sd_journal *j = NULL;
-        bool need_seek = false;
-        sd_id128_t previous_boot_id;
-        bool previous_boot_id_valid = false, first_line = true;
-        int n_shown = 0;
-        bool ellipsized = false;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        signal(SIGWINCH, columns_lines_cache_reset);
-        sigbus_install();
-
-        /* Increase max number of open files to 16K if we can, we
-         * might needs this when browsing journal files, which might
-         * be split up into many files. */
-        setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
-
-        switch (arg_action) {
-
-        case ACTION_NEW_ID128:
-                r = generate_new_id128();
-                goto finish;
-
-        case ACTION_SETUP_KEYS:
-                r = setup_keys();
-                goto finish;
-
-        case ACTION_LIST_CATALOG:
-        case ACTION_DUMP_CATALOG:
-        case ACTION_UPDATE_CATALOG: {
-                _cleanup_free_ char *database;
-
-                database = path_join(arg_root, CATALOG_DATABASE, NULL);
-                if (!database) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                if (arg_action == ACTION_UPDATE_CATALOG) {
-                        r = catalog_update(database, arg_root, catalog_file_dirs);
-                        if (r < 0)
-                                log_error_errno(r, "Failed to list catalog: %m");
-                } else {
-                        bool oneline = arg_action == ACTION_LIST_CATALOG;
-
-                        pager_open(arg_no_pager, arg_pager_end);
-
-                        if (optind < argc)
-                                r = catalog_list_items(stdout, database, oneline, argv + optind);
-                        else
-                                r = catalog_list(stdout, database, oneline);
-                        if (r < 0)
-                                log_error_errno(r, "Failed to list catalog: %m");
-                }
-
-                goto finish;
-        }
-
-        case ACTION_FLUSH:
-                r = flush_to_var();
-                goto finish;
-
-        case ACTION_SYNC:
-                r = sync_journal();
-                goto finish;
-
-        case ACTION_ROTATE:
-                r = rotate();
-                goto finish;
-
-        case ACTION_SHOW:
-        case ACTION_PRINT_HEADER:
-        case ACTION_VERIFY:
-        case ACTION_DISK_USAGE:
-        case ACTION_LIST_BOOTS:
-        case ACTION_VACUUM:
-        case ACTION_LIST_FIELDS:
-        case ACTION_LIST_FIELD_NAMES:
-                /* These ones require access to the journal files, continue below. */
-                break;
-
-        default:
-                assert_not_reached("Unknown action");
-        }
-
-        if (arg_directory)
-                r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
-        else if (arg_file_stdin) {
-                int ifd = STDIN_FILENO;
-                r = sd_journal_open_files_fd(&j, &ifd, 1, 0);
-        } else if (arg_file)
-                r = sd_journal_open_files(&j, (const char**) arg_file, 0);
-        else if (arg_machine) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-                int fd;
-
-                if (geteuid() != 0) {
-                        /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
-                         * the container, thus we need root privileges to override them. */
-                        log_error("Using the --machine= switch requires root privileges.");
-                        r = -EPERM;
-                        goto finish;
-                }
-
-                r = sd_bus_open_system(&bus);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to open system bus: %m");
-                        goto finish;
-                }
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "OpenMachineRootDirectory",
-                                &error,
-                                &reply,
-                                "s", arg_machine);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to open root directory: %s", bus_error_message(&error, r));
-                        goto finish;
-                }
-
-                r = sd_bus_message_read(reply, "h", &fd);
-                if (r < 0) {
-                        bus_log_parse_error(r);
-                        goto finish;
-                }
-
-                fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-                if (fd < 0) {
-                        r = log_error_errno(errno, "Failed to duplicate file descriptor: %m");
-                        goto finish;
-                }
-
-                r = sd_journal_open_directory_fd(&j, fd, SD_JOURNAL_OS_ROOT);
-                if (r < 0)
-                        safe_close(fd);
-        } else
-                r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
-        if (r < 0) {
-                log_error_errno(r, "Failed to open %s: %m", arg_directory ?: arg_file ? "files" : "journal");
-                goto finish;
-        }
-
-        r = access_check(j);
-        if (r < 0)
-                goto finish;
-
-        switch (arg_action) {
-
-        case ACTION_NEW_ID128:
-        case ACTION_SETUP_KEYS:
-        case ACTION_LIST_CATALOG:
-        case ACTION_DUMP_CATALOG:
-        case ACTION_UPDATE_CATALOG:
-        case ACTION_FLUSH:
-        case ACTION_SYNC:
-        case ACTION_ROTATE:
-                assert_not_reached("Unexpected action.");
-
-        case ACTION_PRINT_HEADER:
-                journal_print_header(j);
-                r = 0;
-                goto finish;
-
-        case ACTION_VERIFY:
-                r = verify(j);
-                goto finish;
-
-        case ACTION_DISK_USAGE: {
-                uint64_t bytes = 0;
-                char sbytes[FORMAT_BYTES_MAX];
-
-                r = sd_journal_get_usage(j, &bytes);
-                if (r < 0)
-                        goto finish;
-
-                printf("Archived and active journals take up %s on disk.\n",
-                       format_bytes(sbytes, sizeof(sbytes), bytes));
-                goto finish;
-        }
-
-        case ACTION_LIST_BOOTS:
-                r = list_boots(j);
-                goto finish;
-
-        case ACTION_VACUUM: {
-                Directory *d;
-                Iterator i;
-
-                HASHMAP_FOREACH(d, j->directories_by_path, i) {
-                        int q;
-
-                        if (d->is_root)
-                                continue;
-
-                        q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, true);
-                        if (q < 0) {
-                                log_error_errno(q, "Failed to vacuum %s: %m", d->path);
-                                r = q;
-                        }
-                }
-
-                goto finish;
-        }
-
-        case ACTION_LIST_FIELD_NAMES: {
-                const char *field;
-
-                SD_JOURNAL_FOREACH_FIELD(j, field) {
-                        printf("%s\n", field);
-                        n_shown++;
-                }
-
-                r = 0;
-                goto finish;
-        }
-
-        case ACTION_SHOW:
-        case ACTION_LIST_FIELDS:
-                break;
-
-        default:
-                assert_not_reached("Unknown action");
-        }
-
-        if (arg_boot_offset != 0 &&
-            sd_journal_has_runtime_files(j) > 0 &&
-            sd_journal_has_persistent_files(j) == 0) {
-                log_info("Specifying boot ID has no effect, no persistent journal was found");
-                r = 0;
-                goto finish;
-        }
-        /* add_boot() must be called first!
-         * It may need to seek the journal to find parent boot IDs. */
-        r = add_boot(j);
-        if (r < 0)
-                goto finish;
-
-        r = add_dmesg(j);
-        if (r < 0)
-                goto finish;
-
-        r = add_units(j);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add filter for units: %m");
-                goto finish;
-        }
-
-        r = add_syslog_identifier(j);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
-                goto finish;
-        }
-
-        r = add_priorities(j);
-        if (r < 0)
-                goto finish;
-
-        r = add_matches(j, argv + optind);
-        if (r < 0)
-                goto finish;
-
-        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
-                _cleanup_free_ char *filter;
-
-                filter = journal_make_match_string(j);
-                if (!filter)
-                        return log_oom();
-
-                log_debug("Journal filter: %s", filter);
-        }
-
-        if (arg_action == ACTION_LIST_FIELDS) {
-                const void *data;
-                size_t size;
-
-                assert(arg_field);
-
-                r = sd_journal_set_data_threshold(j, 0);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to unset data size threshold: %m");
-                        goto finish;
-                }
-
-                r = sd_journal_query_unique(j, arg_field);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to query unique data objects: %m");
-                        goto finish;
-                }
-
-                SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
-                        const void *eq;
-
-                        if (arg_lines >= 0 && n_shown >= arg_lines)
-                                break;
-
-                        eq = memchr(data, '=', size);
-                        if (eq)
-                                printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
-                        else
-                                printf("%.*s\n", (int) size, (const char*) data);
-
-                        n_shown++;
-                }
-
-                r = 0;
-                goto finish;
-        }
-
-        /* Opening the fd now means the first sd_journal_wait() will actually wait */
-        if (arg_follow) {
-                r = sd_journal_get_fd(j);
-                if (r == -EMEDIUMTYPE) {
-                        log_error_errno(r, "The --follow switch is not supported in conjunction with reading from STDIN.");
-                        goto finish;
-                }
-                if (r < 0) {
-                        log_error_errno(r, "Failed to get journal fd: %m");
-                        goto finish;
-                }
-        }
-
-        if (arg_cursor || arg_after_cursor) {
-                r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to seek to cursor: %m");
-                        goto finish;
-                }
-
-                if (!arg_reverse)
-                        r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
-                else
-                        r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
-
-                if (arg_after_cursor && r < 2) {
-                        /* We couldn't find the next entry after the cursor. */
-                        if (arg_follow)
-                                need_seek = true;
-                        else
-                                arg_lines = 0;
-                }
-
-        } else if (arg_since_set && !arg_reverse) {
-                r = sd_journal_seek_realtime_usec(j, arg_since);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to seek to date: %m");
-                        goto finish;
-                }
-                r = sd_journal_next(j);
-
-        } else if (arg_until_set && arg_reverse) {
-                r = sd_journal_seek_realtime_usec(j, arg_until);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to seek to date: %m");
-                        goto finish;
-                }
-                r = sd_journal_previous(j);
-
-        } else if (arg_lines >= 0) {
-                r = sd_journal_seek_tail(j);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to seek to tail: %m");
-                        goto finish;
-                }
-
-                r = sd_journal_previous_skip(j, arg_lines);
-
-        } else if (arg_reverse) {
-                r = sd_journal_seek_tail(j);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to seek to tail: %m");
-                        goto finish;
-                }
-
-                r = sd_journal_previous(j);
-
-        } else {
-                r = sd_journal_seek_head(j);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to seek to head: %m");
-                        goto finish;
-                }
-
-                r = sd_journal_next(j);
-        }
-
-        if (r < 0) {
-                log_error_errno(r, "Failed to iterate through journal: %m");
-                goto finish;
-        }
-        if (r == 0) {
-                if (arg_follow)
-                        need_seek = true;
-                else {
-                        if (!arg_quiet)
-                                printf("-- No entries --\n");
-                        goto finish;
-                }
-        }
-
-        if (!arg_follow)
-                pager_open(arg_no_pager, arg_pager_end);
-
-        if (!arg_quiet) {
-                usec_t start, end;
-                char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
-
-                r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to get cutoff: %m");
-                        goto finish;
-                }
-
-                if (r > 0) {
-                        if (arg_follow)
-                                printf("-- Logs begin at %s. --\n",
-                                       format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
-                        else
-                                printf("-- Logs begin at %s, end at %s. --\n",
-                                       format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
-                                       format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
-                }
-        }
-
-        for (;;) {
-                while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
-                        int flags;
-
-                        if (need_seek) {
-                                if (!arg_reverse)
-                                        r = sd_journal_next(j);
-                                else
-                                        r = sd_journal_previous(j);
-                                if (r < 0) {
-                                        log_error_errno(r, "Failed to iterate through journal: %m");
-                                        goto finish;
-                                }
-                                if (r == 0)
-                                        break;
-                        }
-
-                        if (arg_until_set && !arg_reverse) {
-                                usec_t usec;
-
-                                r = sd_journal_get_realtime_usec(j, &usec);
-                                if (r < 0) {
-                                        log_error_errno(r, "Failed to determine timestamp: %m");
-                                        goto finish;
-                                }
-                                if (usec > arg_until)
-                                        goto finish;
-                        }
-
-                        if (arg_since_set && arg_reverse) {
-                                usec_t usec;
-
-                                r = sd_journal_get_realtime_usec(j, &usec);
-                                if (r < 0) {
-                                        log_error_errno(r, "Failed to determine timestamp: %m");
-                                        goto finish;
-                                }
-                                if (usec < arg_since)
-                                        goto finish;
-                        }
-
-                        if (!arg_merge && !arg_quiet) {
-                                sd_id128_t boot_id;
-
-                                r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
-                                if (r >= 0) {
-                                        if (previous_boot_id_valid &&
-                                            !sd_id128_equal(boot_id, previous_boot_id))
-                                                printf("%s-- Reboot --%s\n",
-                                                       ansi_highlight(), ansi_normal());
-
-                                        previous_boot_id = boot_id;
-                                        previous_boot_id_valid = true;
-                                }
-                        }
-
-                        flags =
-                                arg_all * OUTPUT_SHOW_ALL |
-                                arg_full * OUTPUT_FULL_WIDTH |
-                                colors_enabled() * OUTPUT_COLOR |
-                                arg_catalog * OUTPUT_CATALOG |
-                                arg_utc * OUTPUT_UTC |
-                                arg_no_hostname * OUTPUT_NO_HOSTNAME;
-
-                        r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
-                        need_seek = true;
-                        if (r == -EADDRNOTAVAIL)
-                                break;
-                        else if (r < 0 || ferror(stdout))
-                                goto finish;
-
-                        n_shown++;
-                }
-
-                if (!arg_follow) {
-                        if (arg_show_cursor) {
-                                _cleanup_free_ char *cursor = NULL;
-
-                                r = sd_journal_get_cursor(j, &cursor);
-                                if (r < 0 && r != -EADDRNOTAVAIL)
-                                        log_error_errno(r, "Failed to get cursor: %m");
-                                else if (r >= 0)
-                                        printf("-- cursor: %s\n", cursor);
-                        }
-
-                        break;
-                }
-
-                r = sd_journal_wait(j, (uint64_t) -1);
-                if (r < 0) {
-                        log_error_errno(r, "Couldn't wait for journal event: %m");
-                        goto finish;
-                }
-
-                first_line = false;
-        }
-
-finish:
-        pager_close();
-
-        strv_free(arg_file);
-
-        strv_free(arg_syslog_identifier);
-        strv_free(arg_system_units);
-        strv_free(arg_user_units);
-
-        free(arg_root);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/journal/journald-kmsg.c b/src/journal/journald-kmsg.c
deleted file mode 100644
index f64abdd431..0000000000
--- a/src/journal/journald-kmsg.c
+++ /dev/null
@@ -1,473 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <sys/epoll.h>
-#include <sys/mman.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include "libudev.h"
-#include "sd-messages.h"
-
-#include "escape.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "io-util.h"
-#include "journald-kmsg.h"
-#include "journald-server.h"
-#include "journald-syslog.h"
-#include "parse-util.h"
-#include "process-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-
-void server_forward_kmsg(
-        Server *s,
-        int priority,
-        const char *identifier,
-        const char *message,
-        const struct ucred *ucred) {
-
-        struct iovec iovec[5];
-        char header_priority[DECIMAL_STR_MAX(priority) + 3],
-             header_pid[sizeof("[]: ")-1 + DECIMAL_STR_MAX(pid_t) + 1];
-        int n = 0;
-        char *ident_buf = NULL;
-
-        assert(s);
-        assert(priority >= 0);
-        assert(priority <= 999);
-        assert(message);
-
-        if (_unlikely_(LOG_PRI(priority) > s->max_level_kmsg))
-                return;
-
-        if (_unlikely_(s->dev_kmsg_fd < 0))
-                return;
-
-        /* Never allow messages with kernel facility to be written to
-         * kmsg, regardless where the data comes from. */
-        priority = syslog_fixup_facility(priority);
-
-        /* First: priority field */
-        xsprintf(header_priority, "<%i>", priority);
-        IOVEC_SET_STRING(iovec[n++], header_priority);
-
-        /* Second: identifier and PID */
-        if (ucred) {
-                if (!identifier) {
-                        get_process_comm(ucred->pid, &ident_buf);
-                        identifier = ident_buf;
-                }
-
-                xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);
-
-                if (identifier)
-                        IOVEC_SET_STRING(iovec[n++], identifier);
-
-                IOVEC_SET_STRING(iovec[n++], header_pid);
-        } else if (identifier) {
-                IOVEC_SET_STRING(iovec[n++], identifier);
-                IOVEC_SET_STRING(iovec[n++], ": ");
-        }
-
-        /* Fourth: message */
-        IOVEC_SET_STRING(iovec[n++], message);
-        IOVEC_SET_STRING(iovec[n++], "\n");
-
-        if (writev(s->dev_kmsg_fd, iovec, n) < 0)
-                log_debug_errno(errno, "Failed to write to /dev/kmsg for logging: %m");
-
-        free(ident_buf);
-}
-
-static bool is_us(const char *pid) {
-        pid_t t;
-
-        assert(pid);
-
-        if (parse_pid(pid, &t) < 0)
-                return false;
-
-        return t == getpid();
-}
-
-static void dev_kmsg_record(Server *s, const char *p, size_t l) {
-        struct iovec iovec[N_IOVEC_META_FIELDS + 7 + N_IOVEC_KERNEL_FIELDS + 2 + N_IOVEC_UDEV_FIELDS];
-        char *message = NULL, *syslog_priority = NULL, *syslog_pid = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *source_time = NULL;
-        int priority, r;
-        unsigned n = 0, z = 0, j;
-        unsigned long long usec;
-        char *identifier = NULL, *pid = NULL, *e, *f, *k;
-        uint64_t serial;
-        size_t pl;
-        char *kernel_device = NULL;
-
-        assert(s);
-        assert(p);
-
-        if (l <= 0)
-                return;
-
-        e = memchr(p, ',', l);
-        if (!e)
-                return;
-        *e = 0;
-
-        r = safe_atoi(p, &priority);
-        if (r < 0 || priority < 0 || priority > 999)
-                return;
-
-        if (s->forward_to_kmsg && (priority & LOG_FACMASK) != LOG_KERN)
-                return;
-
-        l -= (e - p) + 1;
-        p = e + 1;
-        e = memchr(p, ',', l);
-        if (!e)
-                return;
-        *e = 0;
-
-        r = safe_atou64(p, &serial);
-        if (r < 0)
-                return;
-
-        if (s->kernel_seqnum) {
-                /* We already read this one? */
-                if (serial < *s->kernel_seqnum)
-                        return;
-
-                /* Did we lose any? */
-                if (serial > *s->kernel_seqnum)
-                        server_driver_message(s, SD_MESSAGE_JOURNAL_MISSED,
-                                              LOG_MESSAGE("Missed %"PRIu64" kernel messages",
-                                                          serial - *s->kernel_seqnum),
-                                              NULL);
-
-                /* Make sure we never read this one again. Note that
-                 * we always store the next message serial we expect
-                 * here, simply because this makes handling the first
-                 * message with serial 0 easy. */
-                *s->kernel_seqnum = serial + 1;
-        }
-
-        l -= (e - p) + 1;
-        p = e + 1;
-        f = memchr(p, ';', l);
-        if (!f)
-                return;
-        /* Kernel 3.6 has the flags field, kernel 3.5 lacks that */
-        e = memchr(p, ',', l);
-        if (!e || f < e)
-                e = f;
-        *e = 0;
-
-        r = safe_atollu(p, &usec);
-        if (r < 0)
-                return;
-
-        l -= (f - p) + 1;
-        p = f + 1;
-        e = memchr(p, '\n', l);
-        if (!e)
-                return;
-        *e = 0;
-
-        pl = e - p;
-        l -= (e - p) + 1;
-        k = e + 1;
-
-        for (j = 0; l > 0 && j < N_IOVEC_KERNEL_FIELDS; j++) {
-                char *m;
-                /* Metadata fields attached */
-
-                if (*k != ' ')
-                        break;
-
-                k++, l--;
-
-                e = memchr(k, '\n', l);
-                if (!e)
-                        return;
-
-                *e = 0;
-
-                if (cunescape_length_with_prefix(k, e - k, "_KERNEL_", UNESCAPE_RELAX, &m) < 0)
-                        break;
-
-                if (startswith(m, "_KERNEL_DEVICE="))
-                        kernel_device = m + 15;
-
-                IOVEC_SET_STRING(iovec[n++], m);
-                z++;
-
-                l -= (e - k) + 1;
-                k = e + 1;
-        }
-
-        if (kernel_device) {
-                struct udev_device *ud;
-
-                ud = udev_device_new_from_device_id(s->udev, kernel_device);
-                if (ud) {
-                        const char *g;
-                        struct udev_list_entry *ll;
-                        char *b;
-
-                        g = udev_device_get_devnode(ud);
-                        if (g) {
-                                b = strappend("_UDEV_DEVNODE=", g);
-                                if (b) {
-                                        IOVEC_SET_STRING(iovec[n++], b);
-                                        z++;
-                                }
-                        }
-
-                        g = udev_device_get_sysname(ud);
-                        if (g) {
-                                b = strappend("_UDEV_SYSNAME=", g);
-                                if (b) {
-                                        IOVEC_SET_STRING(iovec[n++], b);
-                                        z++;
-                                }
-                        }
-
-                        j = 0;
-                        ll = udev_device_get_devlinks_list_entry(ud);
-                        udev_list_entry_foreach(ll, ll) {
-
-                                if (j > N_IOVEC_UDEV_FIELDS)
-                                        break;
-
-                                g = udev_list_entry_get_name(ll);
-                                if (g) {
-                                        b = strappend("_UDEV_DEVLINK=", g);
-                                        if (b) {
-                                                IOVEC_SET_STRING(iovec[n++], b);
-                                                z++;
-                                        }
-                                }
-
-                                j++;
-                        }
-
-                        udev_device_unref(ud);
-                }
-        }
-
-        if (asprintf(&source_time, "_SOURCE_MONOTONIC_TIMESTAMP=%llu", usec) >= 0)
-                IOVEC_SET_STRING(iovec[n++], source_time);
-
-        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=kernel");
-
-        if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
-                IOVEC_SET_STRING(iovec[n++], syslog_priority);
-
-        if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
-                IOVEC_SET_STRING(iovec[n++], syslog_facility);
-
-        if ((priority & LOG_FACMASK) == LOG_KERN)
-                IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=kernel");
-        else {
-                pl -= syslog_parse_identifier((const char**) &p, &identifier, &pid);
-
-                /* Avoid any messages we generated ourselves via
-                 * log_info() and friends. */
-                if (pid && is_us(pid))
-                        goto finish;
-
-                if (identifier) {
-                        syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
-                        if (syslog_identifier)
-                                IOVEC_SET_STRING(iovec[n++], syslog_identifier);
-                }
-
-                if (pid) {
-                        syslog_pid = strappend("SYSLOG_PID=", pid);
-                        if (syslog_pid)
-                                IOVEC_SET_STRING(iovec[n++], syslog_pid);
-                }
-        }
-
-        if (cunescape_length_with_prefix(p, pl, "MESSAGE=", UNESCAPE_RELAX, &message) >= 0)
-                IOVEC_SET_STRING(iovec[n++], message);
-
-        server_dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, NULL, 0, NULL, priority, 0);
-
-finish:
-        for (j = 0; j < z; j++)
-                free(iovec[j].iov_base);
-
-        free(message);
-        free(syslog_priority);
-        free(syslog_identifier);
-        free(syslog_pid);
-        free(syslog_facility);
-        free(source_time);
-        free(identifier);
-        free(pid);
-}
-
-static int server_read_dev_kmsg(Server *s) {
-        char buffer[8192+1]; /* the kernel-side limit per record is 8K currently */
-        ssize_t l;
-
-        assert(s);
-        assert(s->dev_kmsg_fd >= 0);
-
-        l = read(s->dev_kmsg_fd, buffer, sizeof(buffer) - 1);
-        if (l == 0)
-                return 0;
-        if (l < 0) {
-                /* Old kernels who don't allow reading from /dev/kmsg
-                 * return EINVAL when we try. So handle this cleanly,
-                 * but don' try to ever read from it again. */
-                if (errno == EINVAL) {
-                        s->dev_kmsg_event_source = sd_event_source_unref(s->dev_kmsg_event_source);
-                        return 0;
-                }
-
-                if (errno == EAGAIN || errno == EINTR || errno == EPIPE)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to read from kernel: %m");
-        }
-
-        dev_kmsg_record(s, buffer, l);
-        return 1;
-}
-
-int server_flush_dev_kmsg(Server *s) {
-        int r;
-
-        assert(s);
-
-        if (s->dev_kmsg_fd < 0)
-                return 0;
-
-        if (!s->dev_kmsg_readable)
-                return 0;
-
-        log_debug("Flushing /dev/kmsg...");
-
-        for (;;) {
-                r = server_read_dev_kmsg(s);
-                if (r < 0)
-                        return r;
-
-                if (r == 0)
-                        break;
-        }
-
-        return 0;
-}
-
-static int dispatch_dev_kmsg(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
-        Server *s = userdata;
-
-        assert(es);
-        assert(fd == s->dev_kmsg_fd);
-        assert(s);
-
-        if (revents & EPOLLERR)
-                log_warning("/dev/kmsg buffer overrun, some messages lost.");
-
-        if (!(revents & EPOLLIN))
-                log_error("Got invalid event from epoll for /dev/kmsg: %"PRIx32, revents);
-
-        return server_read_dev_kmsg(s);
-}
-
-int server_open_dev_kmsg(Server *s) {
-        int r;
-
-        assert(s);
-
-        s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
-        if (s->dev_kmsg_fd < 0) {
-                log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
-                         "Failed to open /dev/kmsg, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_event_add_io(s->event, &s->dev_kmsg_event_source, s->dev_kmsg_fd, EPOLLIN, dispatch_dev_kmsg, s);
-        if (r < 0) {
-
-                /* This will fail with EPERM on older kernels where
-                 * /dev/kmsg is not readable. */
-                if (r == -EPERM) {
-                        r = 0;
-                        goto fail;
-                }
-
-                log_error_errno(r, "Failed to add /dev/kmsg fd to event loop: %m");
-                goto fail;
-        }
-
-        r = sd_event_source_set_priority(s->dev_kmsg_event_source, SD_EVENT_PRIORITY_IMPORTANT+10);
-        if (r < 0) {
-                log_error_errno(r, "Failed to adjust priority of kmsg event source: %m");
-                goto fail;
-        }
-
-        s->dev_kmsg_readable = true;
-
-        return 0;
-
-fail:
-        s->dev_kmsg_event_source = sd_event_source_unref(s->dev_kmsg_event_source);
-        s->dev_kmsg_fd = safe_close(s->dev_kmsg_fd);
-
-        return r;
-}
-
-int server_open_kernel_seqnum(Server *s) {
-        _cleanup_close_ int fd;
-        uint64_t *p;
-        int r;
-
-        assert(s);
-
-        /* We store the seqnum we last read in an mmaped file. That
-         * way we can just use it like a variable, but it is
-         * persistent and automatically flushed at reboot. */
-
-        fd = open("/run/systemd/journal/kernel-seqnum", O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
-        if (fd < 0) {
-                log_error_errno(errno, "Failed to open /run/systemd/journal/kernel-seqnum, ignoring: %m");
-                return 0;
-        }
-
-        r = posix_fallocate(fd, 0, sizeof(uint64_t));
-        if (r != 0) {
-                log_error_errno(r, "Failed to allocate sequential number file, ignoring: %m");
-                return 0;
-        }
-
-        p = mmap(NULL, sizeof(uint64_t), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
-        if (p == MAP_FAILED) {
-                log_error_errno(errno, "Failed to map sequential number file, ignoring: %m");
-                return 0;
-        }
-
-        s->kernel_seqnum = p;
-
-        return 0;
-}
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
deleted file mode 100644
index 8f82d2a838..0000000000
--- a/src/journal/journald-server.c
+++ /dev/null
@@ -1,2007 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-#include <sys/ioctl.h>
-#include <sys/mman.h>
-#include <sys/signalfd.h>
-#include <sys/statvfs.h>
-#include <linux/sockios.h>
-
-#include "libudev.h"
-#include "sd-daemon.h"
-#include "sd-journal.h"
-#include "sd-messages.h"
-
-#include "acl-util.h"
-#include "alloc-util.h"
-#include "audit-util.h"
-#include "cgroup-util.h"
-#include "conf-parser.h"
-#include "dirent-util.h"
-#include "extract-word.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "hashmap.h"
-#include "hostname-util.h"
-#include "io-util.h"
-#include "journal-authenticate.h"
-#include "journal-file.h"
-#include "journal-internal.h"
-#include "journal-vacuum.h"
-#include "journald-audit.h"
-#include "journald-kmsg.h"
-#include "journald-native.h"
-#include "journald-rate-limit.h"
-#include "journald-server.h"
-#include "journald-stream.h"
-#include "journald-syslog.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "proc-cmdline.h"
-#include "process-util.h"
-#include "rm-rf.h"
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "stdio-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "user-util.h"
-#include "log.h"
-
-#define USER_JOURNALS_MAX 1024
-
-#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
-#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
-#define DEFAULT_RATE_LIMIT_BURST 1000
-#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
-
-#define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
-
-#define NOTIFY_SNDBUF_SIZE (8*1024*1024)
-
-/* The period to insert between posting changes for coalescing */
-#define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
-
-static int determine_space_for(
-                Server *s,
-                JournalMetrics *metrics,
-                const char *path,
-                const char *name,
-                bool verbose,
-                bool patch_min_use,
-                uint64_t *available,
-                uint64_t *limit) {
-
-        uint64_t sum = 0, ss_avail, avail;
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        struct statvfs ss;
-        const char *p;
-        usec_t ts;
-
-        assert(s);
-        assert(metrics);
-        assert(path);
-        assert(name);
-
-        ts = now(CLOCK_MONOTONIC);
-
-        if (!verbose && s->cached_space_timestamp + RECHECK_SPACE_USEC > ts) {
-
-                if (available)
-                        *available = s->cached_space_available;
-                if (limit)
-                        *limit = s->cached_space_limit;
-
-                return 0;
-        }
-
-        p = strjoina(path, SERVER_MACHINE_ID(s));
-        d = opendir(p);
-        if (!d)
-                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open %s: %m", p);
-
-        if (fstatvfs(dirfd(d), &ss) < 0)
-                return log_error_errno(errno, "Failed to fstatvfs(%s): %m", p);
-
-        FOREACH_DIRENT_ALL(de, d, break) {
-                struct stat st;
-
-                if (!endswith(de->d_name, ".journal") &&
-                    !endswith(de->d_name, ".journal~"))
-                        continue;
-
-                if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
-                        log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", p, de->d_name);
-                        continue;
-                }
-
-                if (!S_ISREG(st.st_mode))
-                        continue;
-
-                sum += (uint64_t) st.st_blocks * 512UL;
-        }
-
-        /* If requested, then let's bump the min_use limit to the
-         * current usage on disk. We do this when starting up and
-         * first opening the journal files. This way sudden spikes in
-         * disk usage will not cause journald to vacuum files without
-         * bounds. Note that this means that only a restart of
-         * journald will make it reset this value. */
-
-        if (patch_min_use)
-                metrics->min_use = MAX(metrics->min_use, sum);
-
-        ss_avail = ss.f_bsize * ss.f_bavail;
-        avail = LESS_BY(ss_avail, metrics->keep_free);
-
-        s->cached_space_limit = MIN(MAX(sum + avail, metrics->min_use), metrics->max_use);
-        s->cached_space_available = LESS_BY(s->cached_space_limit, sum);
-        s->cached_space_timestamp = ts;
-
-        if (verbose) {
-                char    fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
-                        fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX], fb6[FORMAT_BYTES_MAX];
-                format_bytes(fb1, sizeof(fb1), sum);
-                format_bytes(fb2, sizeof(fb2), metrics->max_use);
-                format_bytes(fb3, sizeof(fb3), metrics->keep_free);
-                format_bytes(fb4, sizeof(fb4), ss_avail);
-                format_bytes(fb5, sizeof(fb5), s->cached_space_limit);
-                format_bytes(fb6, sizeof(fb6), s->cached_space_available);
-
-                server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
-                                      LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
-                                                  name, path, fb1, fb5, fb6),
-                                      "JOURNAL_NAME=%s", name,
-                                      "JOURNAL_PATH=%s", path,
-                                      "CURRENT_USE=%"PRIu64, sum,
-                                      "CURRENT_USE_PRETTY=%s", fb1,
-                                      "MAX_USE=%"PRIu64, metrics->max_use,
-                                      "MAX_USE_PRETTY=%s", fb2,
-                                      "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
-                                      "DISK_KEEP_FREE_PRETTY=%s", fb3,
-                                      "DISK_AVAILABLE=%"PRIu64, ss_avail,
-                                      "DISK_AVAILABLE_PRETTY=%s", fb4,
-                                      "LIMIT=%"PRIu64, s->cached_space_limit,
-                                      "LIMIT_PRETTY=%s", fb5,
-                                      "AVAILABLE=%"PRIu64, s->cached_space_available,
-                                      "AVAILABLE_PRETTY=%s", fb6,
-                                      NULL);
-        }
-
-        if (available)
-                *available = s->cached_space_available;
-        if (limit)
-                *limit = s->cached_space_limit;
-
-        return 1;
-}
-
-static int determine_space(Server *s, bool verbose, bool patch_min_use, uint64_t *available, uint64_t *limit) {
-        JournalMetrics *metrics;
-        const char *path, *name;
-
-        assert(s);
-
-        if (s->system_journal) {
-                path = "/var/log/journal/";
-                metrics = &s->system_metrics;
-                name = "System journal";
-        } else {
-                path = "/run/log/journal/";
-                metrics = &s->runtime_metrics;
-                name = "Runtime journal";
-        }
-
-        return determine_space_for(s, metrics, path, name, verbose, patch_min_use, available, limit);
-}
-
-static void server_add_acls(JournalFile *f, uid_t uid) {
-#ifdef HAVE_ACL
-        int r;
-#endif
-        assert(f);
-
-#ifdef HAVE_ACL
-        if (uid <= SYSTEM_UID_MAX)
-                return;
-
-        r = add_acls_for_user(f->fd, uid);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set ACL on %s, ignoring: %m", f->path);
-#endif
-}
-
-static int open_journal(
-                Server *s,
-                bool reliably,
-                const char *fname,
-                int flags,
-                bool seal,
-                JournalMetrics *metrics,
-                JournalFile **ret) {
-        int r;
-        JournalFile *f;
-
-        assert(s);
-        assert(fname);
-        assert(ret);
-
-        if (reliably)
-                r = journal_file_open_reliably(fname, flags, 0640, s->compress, seal, metrics, s->mmap, s->deferred_closes, NULL, &f);
-        else
-                r = journal_file_open(-1, fname, flags, 0640, s->compress, seal, metrics, s->mmap, s->deferred_closes, NULL, &f);
-        if (r < 0)
-                return r;
-
-        r = journal_file_enable_post_change_timer(f, s->event, POST_CHANGE_TIMER_INTERVAL_USEC);
-        if (r < 0) {
-                (void) journal_file_close(f);
-                return r;
-        }
-
-        *ret = f;
-        return r;
-}
-
-static JournalFile* find_journal(Server *s, uid_t uid) {
-        _cleanup_free_ char *p = NULL;
-        int r;
-        JournalFile *f;
-        sd_id128_t machine;
-
-        assert(s);
-
-        /* We split up user logs only on /var, not on /run. If the
-         * runtime file is open, we write to it exclusively, in order
-         * to guarantee proper order as soon as we flush /run to
-         * /var and close the runtime file. */
-
-        if (s->runtime_journal)
-                return s->runtime_journal;
-
-        if (uid <= SYSTEM_UID_MAX)
-                return s->system_journal;
-
-        r = sd_id128_get_machine(&machine);
-        if (r < 0)
-                return s->system_journal;
-
-        f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
-        if (f)
-                return f;
-
-        if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
-                     SD_ID128_FORMAT_VAL(machine), uid) < 0)
-                return s->system_journal;
-
-        while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
-                /* Too many open? Then let's close one */
-                f = ordered_hashmap_steal_first(s->user_journals);
-                assert(f);
-                (void) journal_file_close(f);
-        }
-
-        r = open_journal(s, true, p, O_RDWR|O_CREAT, s->seal, &s->system_metrics, &f);
-        if (r < 0)
-                return s->system_journal;
-
-        server_add_acls(f, uid);
-
-        r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
-        if (r < 0) {
-                (void) journal_file_close(f);
-                return s->system_journal;
-        }
-
-        return f;
-}
-
-static int do_rotate(
-                Server *s,
-                JournalFile **f,
-                const char* name,
-                bool seal,
-                uint32_t uid) {
-
-        int r;
-        assert(s);
-
-        if (!*f)
-                return -EINVAL;
-
-        r = journal_file_rotate(f, s->compress, seal, s->deferred_closes);
-        if (r < 0)
-                if (*f)
-                        log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
-                else
-                        log_error_errno(r, "Failed to create new %s journal: %m", name);
-        else
-                server_add_acls(*f, uid);
-
-        return r;
-}
-
-void server_rotate(Server *s) {
-        JournalFile *f;
-        void *k;
-        Iterator i;
-        int r;
-
-        log_debug("Rotating...");
-
-        (void) do_rotate(s, &s->runtime_journal, "runtime", false, 0);
-        (void) do_rotate(s, &s->system_journal, "system", s->seal, 0);
-
-        ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
-                r = do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
-                if (r >= 0)
-                        ordered_hashmap_replace(s->user_journals, k, f);
-                else if (!f)
-                        /* Old file has been closed and deallocated */
-                        ordered_hashmap_remove(s->user_journals, k);
-        }
-
-        /* Perform any deferred closes which aren't still offlining. */
-        SET_FOREACH(f, s->deferred_closes, i)
-                if (!journal_file_is_offlining(f)) {
-                        (void) set_remove(s->deferred_closes, f);
-                        (void) journal_file_close(f);
-                }
-}
-
-void server_sync(Server *s) {
-        JournalFile *f;
-        Iterator i;
-        int r;
-
-        if (s->system_journal) {
-                r = journal_file_set_offline(s->system_journal, false);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to sync system journal, ignoring: %m");
-        }
-
-        ORDERED_HASHMAP_FOREACH(f, s->user_journals, i) {
-                r = journal_file_set_offline(f, false);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to sync user journal, ignoring: %m");
-        }
-
-        if (s->sync_event_source) {
-                r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
-                if (r < 0)
-                        log_error_errno(r, "Failed to disable sync timer source: %m");
-        }
-
-        s->sync_scheduled = false;
-}
-
-static void do_vacuum(
-                Server *s,
-                JournalFile *f,
-                JournalMetrics *metrics,
-                const char *path,
-                const char *name,
-                bool verbose,
-                bool patch_min_use) {
-
-        const char *p;
-        uint64_t limit;
-        int r;
-
-        assert(s);
-        assert(metrics);
-        assert(path);
-        assert(name);
-
-        if (!f)
-                return;
-
-        p = strjoina(path, SERVER_MACHINE_ID(s));
-
-        limit = metrics->max_use;
-        (void) determine_space_for(s, metrics, path, name, verbose, patch_min_use, NULL, &limit);
-
-        r = journal_directory_vacuum(p, limit, metrics->n_max_files, s->max_retention_usec, &s->oldest_file_usec,  verbose);
-        if (r < 0 && r != -ENOENT)
-                log_warning_errno(r, "Failed to vacuum %s, ignoring: %m", p);
-}
-
-int server_vacuum(Server *s, bool verbose, bool patch_min_use) {
-        assert(s);
-
-        log_debug("Vacuuming...");
-
-        s->oldest_file_usec = 0;
-
-        do_vacuum(s, s->system_journal, &s->system_metrics, "/var/log/journal/", "System journal", verbose, patch_min_use);
-        do_vacuum(s, s->runtime_journal, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", verbose, patch_min_use);
-
-        s->cached_space_limit = 0;
-        s->cached_space_available = 0;
-        s->cached_space_timestamp = 0;
-
-        return 0;
-}
-
-static void server_cache_machine_id(Server *s) {
-        sd_id128_t id;
-        int r;
-
-        assert(s);
-
-        r = sd_id128_get_machine(&id);
-        if (r < 0)
-                return;
-
-        sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
-}
-
-static void server_cache_boot_id(Server *s) {
-        sd_id128_t id;
-        int r;
-
-        assert(s);
-
-        r = sd_id128_get_boot(&id);
-        if (r < 0)
-                return;
-
-        sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
-}
-
-static void server_cache_hostname(Server *s) {
-        _cleanup_free_ char *t = NULL;
-        char *x;
-
-        assert(s);
-
-        t = gethostname_malloc();
-        if (!t)
-                return;
-
-        x = strappend("_HOSTNAME=", t);
-        if (!x)
-                return;
-
-        free(s->hostname_field);
-        s->hostname_field = x;
-}
-
-static bool shall_try_append_again(JournalFile *f, int r) {
-        switch(r) {
-        case -E2BIG:           /* Hit configured limit          */
-        case -EFBIG:           /* Hit fs limit                  */
-        case -EDQUOT:          /* Quota limit hit               */
-        case -ENOSPC:          /* Disk full                     */
-                log_debug("%s: Allocation limit reached, rotating.", f->path);
-                return true;
-        case -EIO:             /* I/O error of some kind (mmap) */
-                log_warning("%s: IO error, rotating.", f->path);
-                return true;
-        case -EHOSTDOWN:       /* Other machine                 */
-                log_info("%s: Journal file from other machine, rotating.", f->path);
-                return true;
-        case -EBUSY:           /* Unclean shutdown              */
-                log_info("%s: Unclean shutdown, rotating.", f->path);
-                return true;
-        case -EPROTONOSUPPORT: /* Unsupported feature           */
-                log_info("%s: Unsupported feature, rotating.", f->path);
-                return true;
-        case -EBADMSG:         /* Corrupted                     */
-        case -ENODATA:         /* Truncated                     */
-        case -ESHUTDOWN:       /* Already archived              */
-                log_warning("%s: Journal file corrupted, rotating.", f->path);
-                return true;
-        case -EIDRM:           /* Journal file has been deleted */
-                log_warning("%s: Journal file has been deleted, rotating.", f->path);
-                return true;
-        default:
-                return false;
-        }
-}
-
-static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
-        JournalFile *f;
-        bool vacuumed = false;
-        int r;
-
-        assert(s);
-        assert(iovec);
-        assert(n > 0);
-
-        f = find_journal(s, uid);
-        if (!f)
-                return;
-
-        if (journal_file_rotate_suggested(f, s->max_file_usec)) {
-                log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
-                server_rotate(s);
-                server_vacuum(s, false, false);
-                vacuumed = true;
-
-                f = find_journal(s, uid);
-                if (!f)
-                        return;
-        }
-
-        r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
-        if (r >= 0) {
-                server_schedule_sync(s, priority);
-                return;
-        }
-
-        if (vacuumed || !shall_try_append_again(f, r)) {
-                log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
-                return;
-        }
-
-        server_rotate(s);
-        server_vacuum(s, false, false);
-
-        f = find_journal(s, uid);
-        if (!f)
-                return;
-
-        log_debug("Retrying write.");
-        r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
-        if (r < 0)
-                log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
-        else
-                server_schedule_sync(s, priority);
-}
-
-static void dispatch_message_real(
-                Server *s,
-                struct iovec *iovec, unsigned n, unsigned m,
-                const struct ucred *ucred,
-                const struct timeval *tv,
-                const char *label, size_t label_len,
-                const char *unit_id,
-                int priority,
-                pid_t object_pid) {
-
-        char    pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
-                uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
-                gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
-                owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
-                source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
-                o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
-                o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
-                o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
-        uid_t object_uid;
-        gid_t object_gid;
-        char *x;
-        int r;
-        char *t, *c;
-        uid_t realuid = 0, owner = 0, journal_uid;
-        bool owner_valid = false;
-#ifdef HAVE_AUDIT
-        char    audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
-                audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
-                o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
-                o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
-
-        uint32_t audit;
-        uid_t loginuid;
-#endif
-
-        assert(s);
-        assert(iovec);
-        assert(n > 0);
-        assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
-
-        if (ucred) {
-                realuid = ucred->uid;
-
-                sprintf(pid, "_PID="PID_FMT, ucred->pid);
-                IOVEC_SET_STRING(iovec[n++], pid);
-
-                sprintf(uid, "_UID="UID_FMT, ucred->uid);
-                IOVEC_SET_STRING(iovec[n++], uid);
-
-                sprintf(gid, "_GID="GID_FMT, ucred->gid);
-                IOVEC_SET_STRING(iovec[n++], gid);
-
-                r = get_process_comm(ucred->pid, &t);
-                if (r >= 0) {
-                        x = strjoina("_COMM=", t);
-                        free(t);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-                r = get_process_exe(ucred->pid, &t);
-                if (r >= 0) {
-                        x = strjoina("_EXE=", t);
-                        free(t);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-                r = get_process_cmdline(ucred->pid, 0, false, &t);
-                if (r >= 0) {
-                        x = strjoina("_CMDLINE=", t);
-                        free(t);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-                r = get_process_capeff(ucred->pid, &t);
-                if (r >= 0) {
-                        x = strjoina("_CAP_EFFECTIVE=", t);
-                        free(t);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-#ifdef HAVE_AUDIT
-                r = audit_session_from_pid(ucred->pid, &audit);
-                if (r >= 0) {
-                        sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
-                        IOVEC_SET_STRING(iovec[n++], audit_session);
-                }
-
-                r = audit_loginuid_from_pid(ucred->pid, &loginuid);
-                if (r >= 0) {
-                        sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
-                        IOVEC_SET_STRING(iovec[n++], audit_loginuid);
-                }
-#endif
-
-                r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
-                if (r >= 0) {
-                        char *session = NULL;
-
-                        x = strjoina("_SYSTEMD_CGROUP=", c);
-                        IOVEC_SET_STRING(iovec[n++], x);
-
-                        r = cg_path_get_session(c, &t);
-                        if (r >= 0) {
-                                session = strjoina("_SYSTEMD_SESSION=", t);
-                                free(t);
-                                IOVEC_SET_STRING(iovec[n++], session);
-                        }
-
-                        if (cg_path_get_owner_uid(c, &owner) >= 0) {
-                                owner_valid = true;
-
-                                sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
-                                IOVEC_SET_STRING(iovec[n++], owner_uid);
-                        }
-
-                        if (cg_path_get_unit(c, &t) >= 0) {
-                                x = strjoina("_SYSTEMD_UNIT=", t);
-                                free(t);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        } else if (unit_id && !session) {
-                                x = strjoina("_SYSTEMD_UNIT=", unit_id);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        }
-
-                        if (cg_path_get_user_unit(c, &t) >= 0) {
-                                x = strjoina("_SYSTEMD_USER_UNIT=", t);
-                                free(t);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        } else if (unit_id && session) {
-                                x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        }
-
-                        if (cg_path_get_slice(c, &t) >= 0) {
-                                x = strjoina("_SYSTEMD_SLICE=", t);
-                                free(t);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        }
-
-                        free(c);
-                } else if (unit_id) {
-                        x = strjoina("_SYSTEMD_UNIT=", unit_id);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-#ifdef HAVE_SELINUX
-                if (mac_selinux_have()) {
-                        if (label) {
-                                x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
-
-                                *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        } else {
-                                security_context_t con;
-
-                                if (getpidcon(ucred->pid, &con) >= 0) {
-                                        x = strjoina("_SELINUX_CONTEXT=", con);
-
-                                        freecon(con);
-                                        IOVEC_SET_STRING(iovec[n++], x);
-                                }
-                        }
-                }
-#endif
-        }
-        assert(n <= m);
-
-        if (object_pid) {
-                r = get_process_uid(object_pid, &object_uid);
-                if (r >= 0) {
-                        sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
-                        IOVEC_SET_STRING(iovec[n++], o_uid);
-                }
-
-                r = get_process_gid(object_pid, &object_gid);
-                if (r >= 0) {
-                        sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
-                        IOVEC_SET_STRING(iovec[n++], o_gid);
-                }
-
-                r = get_process_comm(object_pid, &t);
-                if (r >= 0) {
-                        x = strjoina("OBJECT_COMM=", t);
-                        free(t);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-                r = get_process_exe(object_pid, &t);
-                if (r >= 0) {
-                        x = strjoina("OBJECT_EXE=", t);
-                        free(t);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-                r = get_process_cmdline(object_pid, 0, false, &t);
-                if (r >= 0) {
-                        x = strjoina("OBJECT_CMDLINE=", t);
-                        free(t);
-                        IOVEC_SET_STRING(iovec[n++], x);
-                }
-
-#ifdef HAVE_AUDIT
-                r = audit_session_from_pid(object_pid, &audit);
-                if (r >= 0) {
-                        sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
-                        IOVEC_SET_STRING(iovec[n++], o_audit_session);
-                }
-
-                r = audit_loginuid_from_pid(object_pid, &loginuid);
-                if (r >= 0) {
-                        sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
-                        IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
-                }
-#endif
-
-                r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
-                if (r >= 0) {
-                        x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
-                        IOVEC_SET_STRING(iovec[n++], x);
-
-                        r = cg_path_get_session(c, &t);
-                        if (r >= 0) {
-                                x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
-                                free(t);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        }
-
-                        if (cg_path_get_owner_uid(c, &owner) >= 0) {
-                                sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
-                                IOVEC_SET_STRING(iovec[n++], o_owner_uid);
-                        }
-
-                        if (cg_path_get_unit(c, &t) >= 0) {
-                                x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
-                                free(t);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        }
-
-                        if (cg_path_get_user_unit(c, &t) >= 0) {
-                                x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
-                                free(t);
-                                IOVEC_SET_STRING(iovec[n++], x);
-                        }
-
-                        free(c);
-                }
-        }
-        assert(n <= m);
-
-        if (tv) {
-                sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
-                IOVEC_SET_STRING(iovec[n++], source_time);
-        }
-
-        /* Note that strictly speaking storing the boot id here is
-         * redundant since the entry includes this in-line
-         * anyway. However, we need this indexed, too. */
-        if (!isempty(s->boot_id_field))
-                IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
-
-        if (!isempty(s->machine_id_field))
-                IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
-
-        if (!isempty(s->hostname_field))
-                IOVEC_SET_STRING(iovec[n++], s->hostname_field);
-
-        assert(n <= m);
-
-        if (s->split_mode == SPLIT_UID && realuid > 0)
-                /* Split up strictly by any UID */
-                journal_uid = realuid;
-        else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
-                /* Split up by login UIDs.  We do this only if the
-                 * realuid is not root, in order not to accidentally
-                 * leak privileged information to the user that is
-                 * logged by a privileged process that is part of an
-                 * unprivileged session. */
-                journal_uid = owner;
-        else
-                journal_uid = 0;
-
-        write_to_journal(s, journal_uid, iovec, n, priority);
-}
-
-void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
-        char mid[11 + 32 + 1];
-        struct iovec iovec[N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS];
-        unsigned n = 0, m;
-        int r;
-        va_list ap;
-        struct ucred ucred = {};
-
-        assert(s);
-        assert(format);
-
-        assert_cc(3 == LOG_FAC(LOG_DAEMON));
-        IOVEC_SET_STRING(iovec[n++], "SYSLOG_FACILITY=3");
-        IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=systemd-journald");
-
-        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
-        assert_cc(6 == LOG_INFO);
-        IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
-
-        if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
-                snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
-                IOVEC_SET_STRING(iovec[n++], mid);
-        }
-
-        m = n;
-
-        va_start(ap, format);
-        r = log_format_iovec(iovec, ELEMENTSOF(iovec), &n, false, 0, format, ap);
-        /* Error handling below */
-        va_end(ap);
-
-        ucred.pid = getpid();
-        ucred.uid = getuid();
-        ucred.gid = getgid();
-
-        if (r >= 0)
-                dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
-
-        while (m < n)
-                free(iovec[m++].iov_base);
-
-        if (r < 0) {
-                /* We failed to format the message. Emit a warning instead. */
-                char buf[LINE_MAX];
-
-                xsprintf(buf, "MESSAGE=Entry printing failed: %s", strerror(-r));
-
-                n = 3;
-                IOVEC_SET_STRING(iovec[n++], "PRIORITY=4");
-                IOVEC_SET_STRING(iovec[n++], buf);
-                dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
-        }
-}
-
-void server_dispatch_message(
-                Server *s,
-                struct iovec *iovec, unsigned n, unsigned m,
-                const struct ucred *ucred,
-                const struct timeval *tv,
-                const char *label, size_t label_len,
-                const char *unit_id,
-                int priority,
-                pid_t object_pid) {
-
-        int rl, r;
-        _cleanup_free_ char *path = NULL;
-        uint64_t available = 0;
-        char *c;
-
-        assert(s);
-        assert(iovec || n == 0);
-
-        if (n == 0)
-                return;
-
-        if (LOG_PRI(priority) > s->max_level_store)
-                return;
-
-        /* Stop early in case the information will not be stored
-         * in a journal. */
-        if (s->storage == STORAGE_NONE)
-                return;
-
-        if (!ucred)
-                goto finish;
-
-        r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
-        if (r < 0)
-                goto finish;
-
-        /* example: /user/lennart/3/foobar
-         *          /system/dbus.service/foobar
-         *
-         * So let's cut of everything past the third /, since that is
-         * where user directories start */
-
-        c = strchr(path, '/');
-        if (c) {
-                c = strchr(c+1, '/');
-                if (c) {
-                        c = strchr(c+1, '/');
-                        if (c)
-                                *c = 0;
-                }
-        }
-
-        (void) determine_space(s, false, false, &available, NULL);
-        rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available);
-        if (rl == 0)
-                return;
-
-        /* Write a suppression message if we suppressed something */
-        if (rl > 1)
-                server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
-                                      LOG_MESSAGE("Suppressed %u messages from %s", rl - 1, path),
-                                      NULL);
-
-finish:
-        dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
-}
-
-
-static int system_journal_open(Server *s, bool flush_requested) {
-        const char *fn;
-        int r = 0;
-
-        if (!s->system_journal &&
-            (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
-            (flush_requested
-             || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
-
-                /* If in auto mode: first try to create the machine
-                 * path, but not the prefix.
-                 *
-                 * If in persistent mode: create /var/log/journal and
-                 * the machine path */
-
-                if (s->storage == STORAGE_PERSISTENT)
-                        (void) mkdir_p("/var/log/journal/", 0755);
-
-                fn = strjoina("/var/log/journal/", SERVER_MACHINE_ID(s));
-                (void) mkdir(fn, 0755);
-
-                fn = strjoina(fn, "/system.journal");
-                r = open_journal(s, true, fn, O_RDWR|O_CREAT, s->seal, &s->system_metrics, &s->system_journal);
-                if (r >= 0) {
-                        server_add_acls(s->system_journal, 0);
-                        (void) determine_space_for(s, &s->system_metrics, "/var/log/journal/", "System journal", true, true, NULL, NULL);
-                } else if (r < 0) {
-                        if (r != -ENOENT && r != -EROFS)
-                                log_warning_errno(r, "Failed to open system journal: %m");
-
-                        r = 0;
-                }
-        }
-
-        if (!s->runtime_journal &&
-            (s->storage != STORAGE_NONE)) {
-
-                fn = strjoina("/run/log/journal/", SERVER_MACHINE_ID(s), "/system.journal");
-
-                if (s->system_journal) {
-
-                        /* Try to open the runtime journal, but only
-                         * if it already exists, so that we can flush
-                         * it into the system journal */
-
-                        r = open_journal(s, false, fn, O_RDWR, false, &s->runtime_metrics, &s->runtime_journal);
-                        if (r < 0) {
-                                if (r != -ENOENT)
-                                        log_warning_errno(r, "Failed to open runtime journal: %m");
-
-                                r = 0;
-                        }
-
-                } else {
-
-                        /* OK, we really need the runtime journal, so create
-                         * it if necessary. */
-
-                        (void) mkdir("/run/log", 0755);
-                        (void) mkdir("/run/log/journal", 0755);
-                        (void) mkdir_parents(fn, 0750);
-
-                        r = open_journal(s, true, fn, O_RDWR|O_CREAT, false, &s->runtime_metrics, &s->runtime_journal);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to open runtime journal: %m");
-                }
-
-                if (s->runtime_journal) {
-                        server_add_acls(s->runtime_journal, 0);
-                        (void) determine_space_for(s, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", true, true, NULL, NULL);
-                }
-        }
-
-        return r;
-}
-
-int server_flush_to_var(Server *s) {
-        sd_id128_t machine;
-        sd_journal *j = NULL;
-        char ts[FORMAT_TIMESPAN_MAX];
-        usec_t start;
-        unsigned n = 0;
-        int r;
-
-        assert(s);
-
-        if (s->storage != STORAGE_AUTO &&
-            s->storage != STORAGE_PERSISTENT)
-                return 0;
-
-        if (!s->runtime_journal)
-                return 0;
-
-        (void) system_journal_open(s, true);
-
-        if (!s->system_journal)
-                return 0;
-
-        log_debug("Flushing to /var...");
-
-        start = now(CLOCK_MONOTONIC);
-
-        r = sd_id128_get_machine(&machine);
-        if (r < 0)
-                return r;
-
-        r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read runtime journal: %m");
-
-        sd_journal_set_data_threshold(j, 0);
-
-        SD_JOURNAL_FOREACH(j) {
-                Object *o = NULL;
-                JournalFile *f;
-
-                f = j->current_file;
-                assert(f && f->current_offset > 0);
-
-                n++;
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
-                if (r < 0) {
-                        log_error_errno(r, "Can't read entry: %m");
-                        goto finish;
-                }
-
-                r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
-                if (r >= 0)
-                        continue;
-
-                if (!shall_try_append_again(s->system_journal, r)) {
-                        log_error_errno(r, "Can't write entry: %m");
-                        goto finish;
-                }
-
-                server_rotate(s);
-                server_vacuum(s, false, false);
-
-                if (!s->system_journal) {
-                        log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
-                        r = -EIO;
-                        goto finish;
-                }
-
-                log_debug("Retrying write.");
-                r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
-                if (r < 0) {
-                        log_error_errno(r, "Can't write entry: %m");
-                        goto finish;
-                }
-        }
-
-        r = 0;
-
-finish:
-        journal_file_post_change(s->system_journal);
-
-        s->runtime_journal = journal_file_close(s->runtime_journal);
-
-        if (r >= 0)
-                (void) rm_rf("/run/log/journal", REMOVE_ROOT);
-
-        sd_journal_close(j);
-
-        server_driver_message(s, SD_ID128_NULL,
-                              LOG_MESSAGE("Time spent on flushing to /var is %s for %u entries.",
-                                          format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0),
-                                          n),
-                              NULL);
-
-        return r;
-}
-
-int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
-        Server *s = userdata;
-        struct ucred *ucred = NULL;
-        struct timeval *tv = NULL;
-        struct cmsghdr *cmsg;
-        char *label = NULL;
-        size_t label_len = 0, m;
-        struct iovec iovec;
-        ssize_t n;
-        int *fds = NULL, v = 0;
-        unsigned n_fds = 0;
-
-        union {
-                struct cmsghdr cmsghdr;
-
-                /* We use NAME_MAX space for the SELinux label
-                 * here. The kernel currently enforces no
-                 * limit, but according to suggestions from
-                 * the SELinux people this will change and it
-                 * will probably be identical to NAME_MAX. For
-                 * now we use that, but this should be updated
-                 * one day when the final limit is known. */
-                uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
-                            CMSG_SPACE(sizeof(struct timeval)) +
-                            CMSG_SPACE(sizeof(int)) + /* fd */
-                            CMSG_SPACE(NAME_MAX)]; /* selinux label */
-        } control = {};
-
-        union sockaddr_union sa = {};
-
-        struct msghdr msghdr = {
-                .msg_iov = &iovec,
-                .msg_iovlen = 1,
-                .msg_control = &control,
-                .msg_controllen = sizeof(control),
-                .msg_name = &sa,
-                .msg_namelen = sizeof(sa),
-        };
-
-        assert(s);
-        assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
-
-        if (revents != EPOLLIN) {
-                log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
-                return -EIO;
-        }
-
-        /* Try to get the right size, if we can. (Not all
-         * sockets support SIOCINQ, hence we just try, but
-         * don't rely on it. */
-        (void) ioctl(fd, SIOCINQ, &v);
-
-        /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
-        m = PAGE_ALIGN(MAX3((size_t) v + 1,
-                            (size_t) LINE_MAX,
-                            ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
-
-        if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
-                return log_oom();
-
-        iovec.iov_base = s->buffer;
-        iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
-
-        n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-        if (n < 0) {
-                if (errno == EINTR || errno == EAGAIN)
-                        return 0;
-
-                return log_error_errno(errno, "recvmsg() failed: %m");
-        }
-
-        CMSG_FOREACH(cmsg, &msghdr) {
-
-                if (cmsg->cmsg_level == SOL_SOCKET &&
-                    cmsg->cmsg_type == SCM_CREDENTIALS &&
-                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
-                        ucred = (struct ucred*) CMSG_DATA(cmsg);
-                else if (cmsg->cmsg_level == SOL_SOCKET &&
-                         cmsg->cmsg_type == SCM_SECURITY) {
-                        label = (char*) CMSG_DATA(cmsg);
-                        label_len = cmsg->cmsg_len - CMSG_LEN(0);
-                } else if (cmsg->cmsg_level == SOL_SOCKET &&
-                           cmsg->cmsg_type == SO_TIMESTAMP &&
-                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
-                        tv = (struct timeval*) CMSG_DATA(cmsg);
-                else if (cmsg->cmsg_level == SOL_SOCKET &&
-                         cmsg->cmsg_type == SCM_RIGHTS) {
-                        fds = (int*) CMSG_DATA(cmsg);
-                        n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
-                }
-        }
-
-        /* And a trailing NUL, just in case */
-        s->buffer[n] = 0;
-
-        if (fd == s->syslog_fd) {
-                if (n > 0 && n_fds == 0)
-                        server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
-                else if (n_fds > 0)
-                        log_warning("Got file descriptors via syslog socket. Ignoring.");
-
-        } else if (fd == s->native_fd) {
-                if (n > 0 && n_fds == 0)
-                        server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
-                else if (n == 0 && n_fds == 1)
-                        server_process_native_file(s, fds[0], ucred, tv, label, label_len);
-                else if (n_fds > 0)
-                        log_warning("Got too many file descriptors via native socket. Ignoring.");
-
-        } else {
-                assert(fd == s->audit_fd);
-
-                if (n > 0 && n_fds == 0)
-                        server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
-                else if (n_fds > 0)
-                        log_warning("Got file descriptors via audit socket. Ignoring.");
-        }
-
-        close_many(fds, n_fds);
-        return 0;
-}
-
-static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
-        Server *s = userdata;
-        int r;
-
-        assert(s);
-
-        log_info("Received request to flush runtime journal from PID " PID_FMT, si->ssi_pid);
-
-        server_flush_to_var(s);
-        server_sync(s);
-        server_vacuum(s, false, false);
-
-        r = touch("/run/systemd/journal/flushed");
-        if (r < 0)
-                log_warning_errno(r, "Failed to touch /run/systemd/journal/flushed, ignoring: %m");
-
-        return 0;
-}
-
-static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
-        Server *s = userdata;
-        int r;
-
-        assert(s);
-
-        log_info("Received request to rotate journal from PID " PID_FMT, si->ssi_pid);
-        server_rotate(s);
-        server_vacuum(s, true, true);
-
-        /* Let clients know when the most recent rotation happened. */
-        r = write_timestamp_file_atomic("/run/systemd/journal/rotated", now(CLOCK_MONOTONIC));
-        if (r < 0)
-                log_warning_errno(r, "Failed to write /run/systemd/journal/rotated, ignoring: %m");
-
-        return 0;
-}
-
-static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
-        Server *s = userdata;
-
-        assert(s);
-
-        log_received_signal(LOG_INFO, si);
-
-        sd_event_exit(s->event, 0);
-        return 0;
-}
-
-static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
-        Server *s = userdata;
-        int r;
-
-        assert(s);
-
-        log_debug("Received request to sync from PID " PID_FMT, si->ssi_pid);
-
-        server_sync(s);
-
-        /* Let clients know when the most recent sync happened. */
-        r = write_timestamp_file_atomic("/run/systemd/journal/synced", now(CLOCK_MONOTONIC));
-        if (r < 0)
-                log_warning_errno(r, "Failed to write /run/systemd/journal/synced, ignoring: %m");
-
-        return 0;
-}
-
-static int setup_signals(Server *s) {
-        int r;
-
-        assert(s);
-
-        assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, -1) >= 0);
-
-        r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
-        if (r < 0)
-                return r;
-
-        /* Let's process SIGTERM late, so that we flush all queued
-         * messages to disk before we exit */
-        r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20);
-        if (r < 0)
-                return r;
-
-        /* When journald is invoked on the terminal (when debugging),
-         * it's useful if C-c is handled equivalent to SIGTERM. */
-        r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
-        if (r < 0)
-                return r;
-
-        r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20);
-        if (r < 0)
-                return r;
-
-        /* SIGRTMIN+1 causes an immediate sync. We process this very
-         * late, so that everything else queued at this point is
-         * really written to disk. Clients can watch
-         * /run/systemd/journal/synced with inotify until its mtime
-         * changes to see when a sync happened. */
-        r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
-        if (r < 0)
-                return r;
-
-        r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int server_parse_proc_cmdline(Server *s) {
-        _cleanup_free_ char *line = NULL;
-        const char *p;
-        int r;
-
-        r = proc_cmdline(&line);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
-                return 0;
-        }
-
-        p = line;
-        for (;;) {
-                _cleanup_free_ char *word = NULL;
-
-                r = extract_first_word(&p, &word, NULL, 0);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse journald syntax \"%s\": %m", line);
-
-                if (r == 0)
-                        break;
-
-                if (startswith(word, "systemd.journald.forward_to_syslog=")) {
-                        r = parse_boolean(word + 35);
-                        if (r < 0)
-                                log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
-                        else
-                                s->forward_to_syslog = r;
-                } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
-                        r = parse_boolean(word + 33);
-                        if (r < 0)
-                                log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
-                        else
-                                s->forward_to_kmsg = r;
-                } else if (startswith(word, "systemd.journald.forward_to_console=")) {
-                        r = parse_boolean(word + 36);
-                        if (r < 0)
-                                log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
-                        else
-                                s->forward_to_console = r;
-                } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
-                        r = parse_boolean(word + 33);
-                        if (r < 0)
-                                log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
-                        else
-                                s->forward_to_wall = r;
-                } else if (startswith(word, "systemd.journald"))
-                        log_warning("Invalid systemd.journald parameter. Ignoring.");
-        }
-
-        /* do not warn about state here, since probably systemd already did */
-        return 0;
-}
-
-static int server_parse_config_file(Server *s) {
-        assert(s);
-
-        return config_parse_many(PKGSYSCONFDIR "/journald.conf",
-                                 CONF_PATHS_NULSTR("systemd/journald.conf.d"),
-                                 "Journal\0",
-                                 config_item_perf_lookup, journald_gperf_lookup,
-                                 false, s);
-}
-
-static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
-        Server *s = userdata;
-
-        assert(s);
-
-        server_sync(s);
-        return 0;
-}
-
-int server_schedule_sync(Server *s, int priority) {
-        int r;
-
-        assert(s);
-
-        if (priority <= LOG_CRIT) {
-                /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
-                server_sync(s);
-                return 0;
-        }
-
-        if (s->sync_scheduled)
-                return 0;
-
-        if (s->sync_interval_usec > 0) {
-                usec_t when;
-
-                r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
-                if (r < 0)
-                        return r;
-
-                when += s->sync_interval_usec;
-
-                if (!s->sync_event_source) {
-                        r = sd_event_add_time(
-                                        s->event,
-                                        &s->sync_event_source,
-                                        CLOCK_MONOTONIC,
-                                        when, 0,
-                                        server_dispatch_sync, s);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
-                } else {
-                        r = sd_event_source_set_time(s->sync_event_source, when);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
-                }
-                if (r < 0)
-                        return r;
-
-                s->sync_scheduled = true;
-        }
-
-        return 0;
-}
-
-static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
-        Server *s = userdata;
-
-        assert(s);
-
-        server_cache_hostname(s);
-        return 0;
-}
-
-static int server_open_hostname(Server *s) {
-        int r;
-
-        assert(s);
-
-        s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
-        if (s->hostname_fd < 0)
-                return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
-
-        r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
-        if (r < 0) {
-                /* kernels prior to 3.2 don't support polling this file. Ignore
-                 * the failure. */
-                if (r == -EPERM) {
-                        log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
-                        s->hostname_fd = safe_close(s->hostname_fd);
-                        return 0;
-                }
-
-                return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
-        }
-
-        r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
-        if (r < 0)
-                return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
-
-        return 0;
-}
-
-static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
-        Server *s = userdata;
-        int r;
-
-        assert(s);
-        assert(s->notify_event_source == es);
-        assert(s->notify_fd == fd);
-
-        /* The $NOTIFY_SOCKET is writable again, now send exactly one
-         * message on it. Either it's the wtachdog event, the initial
-         * READY=1 event or an stdout stream event. If there's nothing
-         * to write anymore, turn our event source off. The next time
-         * there's something to send it will be turned on again. */
-
-        if (!s->sent_notify_ready) {
-                static const char p[] =
-                        "READY=1\n"
-                        "STATUS=Processing requests...";
-                ssize_t l;
-
-                l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
-                if (l < 0) {
-                        if (errno == EAGAIN)
-                                return 0;
-
-                        return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
-                }
-
-                s->sent_notify_ready = true;
-                log_debug("Sent READY=1 notification.");
-
-        } else if (s->send_watchdog) {
-
-                static const char p[] =
-                        "WATCHDOG=1";
-
-                ssize_t l;
-
-                l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
-                if (l < 0) {
-                        if (errno == EAGAIN)
-                                return 0;
-
-                        return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
-                }
-
-                s->send_watchdog = false;
-                log_debug("Sent WATCHDOG=1 notification.");
-
-        } else if (s->stdout_streams_notify_queue)
-                /* Dispatch one stream notification event */
-                stdout_stream_send_notify(s->stdout_streams_notify_queue);
-
-        /* Leave us enabled if there's still more to to do. */
-        if (s->send_watchdog || s->stdout_streams_notify_queue)
-                return 0;
-
-        /* There was nothing to do anymore, let's turn ourselves off. */
-        r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
-        if (r < 0)
-                return log_error_errno(r, "Failed to turn off notify event source: %m");
-
-        return 0;
-}
-
-static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
-        Server *s = userdata;
-        int r;
-
-        assert(s);
-
-        s->send_watchdog = true;
-
-        r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
-        if (r < 0)
-                log_warning_errno(r, "Failed to turn on notify event source: %m");
-
-        r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
-        if (r < 0)
-                return log_error_errno(r, "Failed to restart watchdog event source: %m");
-
-        r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enable watchdog event source: %m");
-
-        return 0;
-}
-
-static int server_connect_notify(Server *s) {
-        union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-        };
-        const char *e;
-        int r;
-
-        assert(s);
-        assert(s->notify_fd < 0);
-        assert(!s->notify_event_source);
-
-        /*
-          So here's the problem: we'd like to send notification
-          messages to PID 1, but we cannot do that via sd_notify(),
-          since that's synchronous, and we might end up blocking on
-          it. Specifically: given that PID 1 might block on
-          dbus-daemon during IPC, and dbus-daemon is logging to us,
-          and might hence block on us, we might end up in a deadlock
-          if we block on sending PID 1 notification messages — by
-          generating a full blocking circle. To avoid this, let's
-          create a non-blocking socket, and connect it to the
-          notification socket, and then wait for POLLOUT before we
-          send anything. This should efficiently avoid any deadlocks,
-          as we'll never block on PID 1, hence PID 1 can safely block
-          on dbus-daemon which can safely block on us again.
-
-          Don't think that this issue is real? It is, see:
-          https://github.com/systemd/systemd/issues/1505
-        */
-
-        e = getenv("NOTIFY_SOCKET");
-        if (!e)
-                return 0;
-
-        if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
-                log_error("NOTIFY_SOCKET set to an invalid value: %s", e);
-                return -EINVAL;
-        }
-
-        if (strlen(e) > sizeof(sa.un.sun_path)) {
-                log_error("NOTIFY_SOCKET path too long: %s", e);
-                return -EINVAL;
-        }
-
-        s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-        if (s->notify_fd < 0)
-                return log_error_errno(errno, "Failed to create notify socket: %m");
-
-        (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
-
-        strncpy(sa.un.sun_path, e, sizeof(sa.un.sun_path));
-        if (sa.un.sun_path[0] == '@')
-                sa.un.sun_path[0] = 0;
-
-        r = connect(s->notify_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-        if (r < 0)
-                return log_error_errno(errno, "Failed to connect to notify socket: %m");
-
-        r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
-        if (r < 0)
-                return log_error_errno(r, "Failed to watch notification socket: %m");
-
-        if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
-                s->send_watchdog = true;
-
-                r = sd_event_add_time(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add watchdog time event: %m");
-        }
-
-        /* This should fire pretty soon, which we'll use to send the
-         * READY=1 event. */
-
-        return 0;
-}
-
-int server_init(Server *s) {
-        _cleanup_fdset_free_ FDSet *fds = NULL;
-        int n, r, fd;
-        bool no_sockets;
-
-        assert(s);
-
-        zero(*s);
-        s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = s->notify_fd = -1;
-        s->compress = true;
-        s->seal = true;
-
-        s->watchdog_usec = USEC_INFINITY;
-
-        s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
-        s->sync_scheduled = false;
-
-        s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
-        s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
-
-        s->forward_to_wall = true;
-
-        s->max_file_usec = DEFAULT_MAX_FILE_USEC;
-
-        s->max_level_store = LOG_DEBUG;
-        s->max_level_syslog = LOG_DEBUG;
-        s->max_level_kmsg = LOG_NOTICE;
-        s->max_level_console = LOG_INFO;
-        s->max_level_wall = LOG_EMERG;
-
-        journal_reset_metrics(&s->system_metrics);
-        journal_reset_metrics(&s->runtime_metrics);
-
-        server_parse_config_file(s);
-        server_parse_proc_cmdline(s);
-
-        if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
-                log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
-                          s->rate_limit_interval, s->rate_limit_burst);
-                s->rate_limit_interval = s->rate_limit_burst = 0;
-        }
-
-        (void) mkdir_p("/run/systemd/journal", 0755);
-
-        s->user_journals = ordered_hashmap_new(NULL);
-        if (!s->user_journals)
-                return log_oom();
-
-        s->mmap = mmap_cache_new();
-        if (!s->mmap)
-                return log_oom();
-
-        s->deferred_closes = set_new(NULL);
-        if (!s->deferred_closes)
-                return log_oom();
-
-        r = sd_event_default(&s->event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create event loop: %m");
-
-        n = sd_listen_fds(true);
-        if (n < 0)
-                return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
-
-                if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
-
-                        if (s->native_fd >= 0) {
-                                log_error("Too many native sockets passed.");
-                                return -EINVAL;
-                        }
-
-                        s->native_fd = fd;
-
-                } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
-
-                        if (s->stdout_fd >= 0) {
-                                log_error("Too many stdout sockets passed.");
-                                return -EINVAL;
-                        }
-
-                        s->stdout_fd = fd;
-
-                } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
-                           sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
-
-                        if (s->syslog_fd >= 0) {
-                                log_error("Too many /dev/log sockets passed.");
-                                return -EINVAL;
-                        }
-
-                        s->syslog_fd = fd;
-
-                } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
-
-                        if (s->audit_fd >= 0) {
-                                log_error("Too many audit sockets passed.");
-                                return -EINVAL;
-                        }
-
-                        s->audit_fd = fd;
-
-                } else {
-
-                        if (!fds) {
-                                fds = fdset_new();
-                                if (!fds)
-                                        return log_oom();
-                        }
-
-                        r = fdset_put(fds, fd);
-                        if (r < 0)
-                                return log_oom();
-                }
-        }
-
-        /* Try to restore streams, but don't bother if this fails */
-        (void) server_restore_streams(s, fds);
-
-        if (fdset_size(fds) > 0) {
-                log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
-                fds = fdset_free(fds);
-        }
-
-        no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0;
-
-        /* always open stdout, syslog, native, and kmsg sockets */
-
-        /* systemd-journald.socket: /run/systemd/journal/stdout */
-        r = server_open_stdout_socket(s);
-        if (r < 0)
-                return r;
-
-        /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
-        r = server_open_syslog_socket(s);
-        if (r < 0)
-                return r;
-
-        /* systemd-journald.socket: /run/systemd/journal/socket */
-        r = server_open_native_socket(s);
-        if (r < 0)
-                return r;
-
-        /* /dev/ksmg */
-        r = server_open_dev_kmsg(s);
-        if (r < 0)
-                return r;
-
-        /* Unless we got *some* sockets and not audit, open audit socket */
-        if (s->audit_fd >= 0 || no_sockets) {
-                r = server_open_audit(s);
-                if (r < 0)
-                        return r;
-        }
-
-        r = server_open_kernel_seqnum(s);
-        if (r < 0)
-                return r;
-
-        r = server_open_hostname(s);
-        if (r < 0)
-                return r;
-
-        r = setup_signals(s);
-        if (r < 0)
-                return r;
-
-        s->udev = udev_new();
-        if (!s->udev)
-                return -ENOMEM;
-
-        s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
-        if (!s->rate_limit)
-                return -ENOMEM;
-
-        r = cg_get_root_path(&s->cgroup_root);
-        if (r < 0)
-                return r;
-
-        server_cache_hostname(s);
-        server_cache_boot_id(s);
-        server_cache_machine_id(s);
-
-        (void) server_connect_notify(s);
-
-        return system_journal_open(s, false);
-}
-
-void server_maybe_append_tags(Server *s) {
-#ifdef HAVE_GCRYPT
-        JournalFile *f;
-        Iterator i;
-        usec_t n;
-
-        n = now(CLOCK_REALTIME);
-
-        if (s->system_journal)
-                journal_file_maybe_append_tag(s->system_journal, n);
-
-        ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
-                journal_file_maybe_append_tag(f, n);
-#endif
-}
-
-void server_done(Server *s) {
-        JournalFile *f;
-        assert(s);
-
-        if (s->deferred_closes) {
-                journal_file_close_set(s->deferred_closes);
-                set_free(s->deferred_closes);
-        }
-
-        while (s->stdout_streams)
-                stdout_stream_free(s->stdout_streams);
-
-        if (s->system_journal)
-                (void) journal_file_close(s->system_journal);
-
-        if (s->runtime_journal)
-                (void) journal_file_close(s->runtime_journal);
-
-        while ((f = ordered_hashmap_steal_first(s->user_journals)))
-                (void) journal_file_close(f);
-
-        ordered_hashmap_free(s->user_journals);
-
-        sd_event_source_unref(s->syslog_event_source);
-        sd_event_source_unref(s->native_event_source);
-        sd_event_source_unref(s->stdout_event_source);
-        sd_event_source_unref(s->dev_kmsg_event_source);
-        sd_event_source_unref(s->audit_event_source);
-        sd_event_source_unref(s->sync_event_source);
-        sd_event_source_unref(s->sigusr1_event_source);
-        sd_event_source_unref(s->sigusr2_event_source);
-        sd_event_source_unref(s->sigterm_event_source);
-        sd_event_source_unref(s->sigint_event_source);
-        sd_event_source_unref(s->sigrtmin1_event_source);
-        sd_event_source_unref(s->hostname_event_source);
-        sd_event_source_unref(s->notify_event_source);
-        sd_event_source_unref(s->watchdog_event_source);
-        sd_event_unref(s->event);
-
-        safe_close(s->syslog_fd);
-        safe_close(s->native_fd);
-        safe_close(s->stdout_fd);
-        safe_close(s->dev_kmsg_fd);
-        safe_close(s->audit_fd);
-        safe_close(s->hostname_fd);
-        safe_close(s->notify_fd);
-
-        if (s->rate_limit)
-                journal_rate_limit_free(s->rate_limit);
-
-        if (s->kernel_seqnum)
-                munmap(s->kernel_seqnum, sizeof(uint64_t));
-
-        free(s->buffer);
-        free(s->tty_path);
-        free(s->cgroup_root);
-        free(s->hostname_field);
-
-        if (s->mmap)
-                mmap_cache_unref(s->mmap);
-
-        udev_unref(s->udev);
-}
-
-static const char* const storage_table[_STORAGE_MAX] = {
-        [STORAGE_AUTO] = "auto",
-        [STORAGE_VOLATILE] = "volatile",
-        [STORAGE_PERSISTENT] = "persistent",
-        [STORAGE_NONE] = "none"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
-
-static const char* const split_mode_table[_SPLIT_MAX] = {
-        [SPLIT_LOGIN] = "login",
-        [SPLIT_UID] = "uid",
-        [SPLIT_NONE] = "none",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
diff --git a/src/journal/journald-server.h b/src/journal/journald-server.h
deleted file mode 100644
index e025a4cf90..0000000000
--- a/src/journal/journald-server.h
+++ /dev/null
@@ -1,186 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-#include <sys/types.h>
-
-#include "sd-event.h"
-
-typedef struct Server Server;
-
-#include "hashmap.h"
-#include "journal-file.h"
-#include "journald-rate-limit.h"
-#include "journald-stream.h"
-#include "list.h"
-
-typedef enum Storage {
-        STORAGE_AUTO,
-        STORAGE_VOLATILE,
-        STORAGE_PERSISTENT,
-        STORAGE_NONE,
-        _STORAGE_MAX,
-        _STORAGE_INVALID = -1
-} Storage;
-
-typedef enum SplitMode {
-        SPLIT_UID,
-        SPLIT_LOGIN,
-        SPLIT_NONE,
-        _SPLIT_MAX,
-        _SPLIT_INVALID = -1
-} SplitMode;
-
-struct Server {
-        int syslog_fd;
-        int native_fd;
-        int stdout_fd;
-        int dev_kmsg_fd;
-        int audit_fd;
-        int hostname_fd;
-        int notify_fd;
-
-        sd_event *event;
-
-        sd_event_source *syslog_event_source;
-        sd_event_source *native_event_source;
-        sd_event_source *stdout_event_source;
-        sd_event_source *dev_kmsg_event_source;
-        sd_event_source *audit_event_source;
-        sd_event_source *sync_event_source;
-        sd_event_source *sigusr1_event_source;
-        sd_event_source *sigusr2_event_source;
-        sd_event_source *sigterm_event_source;
-        sd_event_source *sigint_event_source;
-        sd_event_source *sigrtmin1_event_source;
-        sd_event_source *hostname_event_source;
-        sd_event_source *notify_event_source;
-        sd_event_source *watchdog_event_source;
-
-        JournalFile *runtime_journal;
-        JournalFile *system_journal;
-        OrderedHashmap *user_journals;
-
-        uint64_t seqnum;
-
-        char *buffer;
-        size_t buffer_size;
-
-        JournalRateLimit *rate_limit;
-        usec_t sync_interval_usec;
-        usec_t rate_limit_interval;
-        unsigned rate_limit_burst;
-
-        JournalMetrics runtime_metrics;
-        JournalMetrics system_metrics;
-
-        bool compress;
-        bool seal;
-
-        bool forward_to_kmsg;
-        bool forward_to_syslog;
-        bool forward_to_console;
-        bool forward_to_wall;
-
-        unsigned n_forward_syslog_missed;
-        usec_t last_warn_forward_syslog_missed;
-
-        uint64_t cached_space_available;
-        uint64_t cached_space_limit;
-        usec_t cached_space_timestamp;
-
-        uint64_t var_available_timestamp;
-
-        usec_t max_retention_usec;
-        usec_t max_file_usec;
-        usec_t oldest_file_usec;
-
-        LIST_HEAD(StdoutStream, stdout_streams);
-        LIST_HEAD(StdoutStream, stdout_streams_notify_queue);
-        unsigned n_stdout_streams;
-
-        char *tty_path;
-
-        int max_level_store;
-        int max_level_syslog;
-        int max_level_kmsg;
-        int max_level_console;
-        int max_level_wall;
-
-        Storage storage;
-        SplitMode split_mode;
-
-        MMapCache *mmap;
-
-        Set *deferred_closes;
-
-        struct udev *udev;
-
-        uint64_t *kernel_seqnum;
-        bool dev_kmsg_readable:1;
-
-        bool send_watchdog:1;
-        bool sent_notify_ready:1;
-        bool sync_scheduled:1;
-
-        char machine_id_field[sizeof("_MACHINE_ID=") + 32];
-        char boot_id_field[sizeof("_BOOT_ID=") + 32];
-        char *hostname_field;
-
-        /* Cached cgroup root, so that we don't have to query that all the time */
-        char *cgroup_root;
-
-        usec_t watchdog_usec;
-};
-
-#define SERVER_MACHINE_ID(s) ((s)->machine_id_field + strlen("_MACHINE_ID="))
-
-#define N_IOVEC_META_FIELDS 20
-#define N_IOVEC_KERNEL_FIELDS 64
-#define N_IOVEC_UDEV_FIELDS 32
-#define N_IOVEC_OBJECT_FIELDS 12
-#define N_IOVEC_PAYLOAD_FIELDS 15
-
-void server_dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigned m, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len, const char *unit_id, int priority, pid_t object_pid);
-void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) _printf_(3,0) _sentinel_;
-
-/* gperf lookup function */
-const struct ConfigPerfItem* journald_gperf_lookup(const char *key, unsigned length);
-
-int config_parse_storage(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-
-const char *storage_to_string(Storage s) _const_;
-Storage storage_from_string(const char *s) _pure_;
-
-int config_parse_split_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-
-const char *split_mode_to_string(SplitMode s) _const_;
-SplitMode split_mode_from_string(const char *s) _pure_;
-
-int server_init(Server *s);
-void server_done(Server *s);
-void server_sync(Server *s);
-int server_vacuum(Server *s, bool verbose, bool patch_min_use);
-void server_rotate(Server *s);
-int server_schedule_sync(Server *s, int priority);
-int server_flush_to_var(Server *s);
-void server_maybe_append_tags(Server *s);
-int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata);
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
deleted file mode 100644
index 4ad16ee41c..0000000000
--- a/src/journal/journald-stream.c
+++ /dev/null
@@ -1,785 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stddef.h>
-#include <unistd.h>
-
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "dirent-util.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "io-util.h"
-#include "journald-console.h"
-#include "journald-kmsg.h"
-#include "journald-server.h"
-#include "journald-stream.h"
-#include "journald-syslog.h"
-#include "journald-wall.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "selinux-util.h"
-#include "socket-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "syslog-util.h"
-
-#define STDOUT_STREAMS_MAX 4096
-
-typedef enum StdoutStreamState {
-        STDOUT_STREAM_IDENTIFIER,
-        STDOUT_STREAM_UNIT_ID,
-        STDOUT_STREAM_PRIORITY,
-        STDOUT_STREAM_LEVEL_PREFIX,
-        STDOUT_STREAM_FORWARD_TO_SYSLOG,
-        STDOUT_STREAM_FORWARD_TO_KMSG,
-        STDOUT_STREAM_FORWARD_TO_CONSOLE,
-        STDOUT_STREAM_RUNNING
-} StdoutStreamState;
-
-struct StdoutStream {
-        Server *server;
-        StdoutStreamState state;
-
-        int fd;
-
-        struct ucred ucred;
-        char *label;
-        char *identifier;
-        char *unit_id;
-        int priority;
-        bool level_prefix:1;
-        bool forward_to_syslog:1;
-        bool forward_to_kmsg:1;
-        bool forward_to_console:1;
-
-        bool fdstore:1;
-        bool in_notify_queue:1;
-
-        char buffer[LINE_MAX+1];
-        size_t length;
-
-        sd_event_source *event_source;
-
-        char *state_file;
-
-        LIST_FIELDS(StdoutStream, stdout_stream);
-        LIST_FIELDS(StdoutStream, stdout_stream_notify_queue);
-};
-
-void stdout_stream_free(StdoutStream *s) {
-        if (!s)
-                return;
-
-        if (s->server) {
-                assert(s->server->n_stdout_streams > 0);
-                s->server->n_stdout_streams--;
-                LIST_REMOVE(stdout_stream, s->server->stdout_streams, s);
-
-                if (s->in_notify_queue)
-                        LIST_REMOVE(stdout_stream_notify_queue, s->server->stdout_streams_notify_queue, s);
-        }
-
-        if (s->event_source) {
-                sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF);
-                s->event_source = sd_event_source_unref(s->event_source);
-        }
-
-        safe_close(s->fd);
-        free(s->label);
-        free(s->identifier);
-        free(s->unit_id);
-        free(s->state_file);
-
-        free(s);
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(StdoutStream*, stdout_stream_free);
-
-static void stdout_stream_destroy(StdoutStream *s) {
-        if (!s)
-                return;
-
-        if (s->state_file)
-                (void) unlink(s->state_file);
-
-        stdout_stream_free(s);
-}
-
-static int stdout_stream_save(StdoutStream *s) {
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(s);
-
-        if (s->state != STDOUT_STREAM_RUNNING)
-                return 0;
-
-        if (!s->state_file) {
-                struct stat st;
-
-                r = fstat(s->fd, &st);
-                if (r < 0)
-                        return log_warning_errno(errno, "Failed to stat connected stream: %m");
-
-                /* We use device and inode numbers as identifier for the stream */
-                if (asprintf(&s->state_file, "/run/systemd/journal/streams/%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino) < 0)
-                        return log_oom();
-        }
-
-        mkdir_p("/run/systemd/journal/streams", 0755);
-
-        r = fopen_temporary(s->state_file, &f, &temp_path);
-        if (r < 0)
-                goto fail;
-
-        fprintf(f,
-                "# This is private data. Do not parse\n"
-                "PRIORITY=%i\n"
-                "LEVEL_PREFIX=%i\n"
-                "FORWARD_TO_SYSLOG=%i\n"
-                "FORWARD_TO_KMSG=%i\n"
-                "FORWARD_TO_CONSOLE=%i\n",
-                s->priority,
-                s->level_prefix,
-                s->forward_to_syslog,
-                s->forward_to_kmsg,
-                s->forward_to_console);
-
-        if (!isempty(s->identifier)) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(s->identifier);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "IDENTIFIER=%s\n", escaped);
-        }
-
-        if (!isempty(s->unit_id)) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(s->unit_id);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "UNIT=%s\n", escaped);
-        }
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, s->state_file) < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        if (!s->fdstore && !s->in_notify_queue) {
-                LIST_PREPEND(stdout_stream_notify_queue, s->server->stdout_streams_notify_queue, s);
-                s->in_notify_queue = true;
-
-                if (s->server->notify_event_source) {
-                        r = sd_event_source_set_enabled(s->server->notify_event_source, SD_EVENT_ON);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to enable notify event source: %m");
-                }
-        }
-
-        return 0;
-
-fail:
-        (void) unlink(s->state_file);
-
-        if (temp_path)
-                (void) unlink(temp_path);
-
-        return log_error_errno(r, "Failed to save stream data %s: %m", s->state_file);
-}
-
-static int stdout_stream_log(StdoutStream *s, const char *p) {
-        struct iovec iovec[N_IOVEC_META_FIELDS + 5];
-        int priority;
-        char syslog_priority[] = "PRIORITY=\0";
-        char syslog_facility[sizeof("SYSLOG_FACILITY=")-1 + DECIMAL_STR_MAX(int) + 1];
-        _cleanup_free_ char *message = NULL, *syslog_identifier = NULL;
-        unsigned n = 0;
-        size_t label_len;
-
-        assert(s);
-        assert(p);
-
-        priority = s->priority;
-
-        if (s->level_prefix)
-                syslog_parse_priority(&p, &priority, false);
-
-        if (isempty(p))
-                return 0;
-
-        if (s->forward_to_syslog || s->server->forward_to_syslog)
-                server_forward_syslog(s->server, syslog_fixup_facility(priority), s->identifier, p, &s->ucred, NULL);
-
-        if (s->forward_to_kmsg || s->server->forward_to_kmsg)
-                server_forward_kmsg(s->server, priority, s->identifier, p, &s->ucred);
-
-        if (s->forward_to_console || s->server->forward_to_console)
-                server_forward_console(s->server, priority, s->identifier, p, &s->ucred);
-
-        if (s->server->forward_to_wall)
-                server_forward_wall(s->server, priority, s->identifier, p, &s->ucred);
-
-        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=stdout");
-
-        syslog_priority[strlen("PRIORITY=")] = '0' + LOG_PRI(priority);
-        IOVEC_SET_STRING(iovec[n++], syslog_priority);
-
-        if (priority & LOG_FACMASK) {
-                xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
-                IOVEC_SET_STRING(iovec[n++], syslog_facility);
-        }
-
-        if (s->identifier) {
-                syslog_identifier = strappend("SYSLOG_IDENTIFIER=", s->identifier);
-                if (syslog_identifier)
-                        IOVEC_SET_STRING(iovec[n++], syslog_identifier);
-        }
-
-        message = strappend("MESSAGE=", p);
-        if (message)
-                IOVEC_SET_STRING(iovec[n++], message);
-
-        label_len = s->label ? strlen(s->label) : 0;
-        server_dispatch_message(s->server, iovec, n, ELEMENTSOF(iovec), &s->ucred, NULL, s->label, label_len, s->unit_id, priority, 0);
-        return 0;
-}
-
-static int stdout_stream_line(StdoutStream *s, char *p) {
-        int r;
-        char *orig;
-
-        assert(s);
-        assert(p);
-
-        orig = p;
-        p = strstrip(p);
-
-        switch (s->state) {
-
-        case STDOUT_STREAM_IDENTIFIER:
-                if (isempty(p))
-                        s->identifier = NULL;
-                else  {
-                        s->identifier = strdup(p);
-                        if (!s->identifier)
-                                return log_oom();
-                }
-
-                s->state = STDOUT_STREAM_UNIT_ID;
-                return 0;
-
-        case STDOUT_STREAM_UNIT_ID:
-                if (s->ucred.uid == 0) {
-                        if (isempty(p))
-                                s->unit_id = NULL;
-                        else  {
-                                s->unit_id = strdup(p);
-                                if (!s->unit_id)
-                                        return log_oom();
-                        }
-                }
-
-                s->state = STDOUT_STREAM_PRIORITY;
-                return 0;
-
-        case STDOUT_STREAM_PRIORITY:
-                r = safe_atoi(p, &s->priority);
-                if (r < 0 || s->priority < 0 || s->priority > 999) {
-                        log_warning("Failed to parse log priority line.");
-                        return -EINVAL;
-                }
-
-                s->state = STDOUT_STREAM_LEVEL_PREFIX;
-                return 0;
-
-        case STDOUT_STREAM_LEVEL_PREFIX:
-                r = parse_boolean(p);
-                if (r < 0) {
-                        log_warning("Failed to parse level prefix line.");
-                        return -EINVAL;
-                }
-
-                s->level_prefix = !!r;
-                s->state = STDOUT_STREAM_FORWARD_TO_SYSLOG;
-                return 0;
-
-        case STDOUT_STREAM_FORWARD_TO_SYSLOG:
-                r = parse_boolean(p);
-                if (r < 0) {
-                        log_warning("Failed to parse forward to syslog line.");
-                        return -EINVAL;
-                }
-
-                s->forward_to_syslog = !!r;
-                s->state = STDOUT_STREAM_FORWARD_TO_KMSG;
-                return 0;
-
-        case STDOUT_STREAM_FORWARD_TO_KMSG:
-                r = parse_boolean(p);
-                if (r < 0) {
-                        log_warning("Failed to parse copy to kmsg line.");
-                        return -EINVAL;
-                }
-
-                s->forward_to_kmsg = !!r;
-                s->state = STDOUT_STREAM_FORWARD_TO_CONSOLE;
-                return 0;
-
-        case STDOUT_STREAM_FORWARD_TO_CONSOLE:
-                r = parse_boolean(p);
-                if (r < 0) {
-                        log_warning("Failed to parse copy to console line.");
-                        return -EINVAL;
-                }
-
-                s->forward_to_console = !!r;
-                s->state = STDOUT_STREAM_RUNNING;
-
-                /* Try to save the stream, so that journald can be restarted and we can recover */
-                (void) stdout_stream_save(s);
-                return 0;
-
-        case STDOUT_STREAM_RUNNING:
-                return stdout_stream_log(s, orig);
-        }
-
-        assert_not_reached("Unknown stream state");
-}
-
-static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
-        char *p;
-        size_t remaining;
-        int r;
-
-        assert(s);
-
-        p = s->buffer;
-        remaining = s->length;
-        for (;;) {
-                char *end;
-                size_t skip;
-
-                end = memchr(p, '\n', remaining);
-                if (end)
-                        skip = end - p + 1;
-                else if (remaining >= sizeof(s->buffer) - 1) {
-                        end = p + sizeof(s->buffer) - 1;
-                        skip = remaining;
-                } else
-                        break;
-
-                *end = 0;
-
-                r = stdout_stream_line(s, p);
-                if (r < 0)
-                        return r;
-
-                remaining -= skip;
-                p += skip;
-        }
-
-        if (force_flush && remaining > 0) {
-                p[remaining] = 0;
-                r = stdout_stream_line(s, p);
-                if (r < 0)
-                        return r;
-
-                p += remaining;
-                remaining = 0;
-        }
-
-        if (p > s->buffer) {
-                memmove(s->buffer, p, remaining);
-                s->length = remaining;
-        }
-
-        return 0;
-}
-
-static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
-        StdoutStream *s = userdata;
-        ssize_t l;
-        int r;
-
-        assert(s);
-
-        if ((revents|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
-                log_error("Got invalid event from epoll for stdout stream: %"PRIx32, revents);
-                goto terminate;
-        }
-
-        l = read(s->fd, s->buffer+s->length, sizeof(s->buffer)-1-s->length);
-        if (l < 0) {
-
-                if (errno == EAGAIN)
-                        return 0;
-
-                log_warning_errno(errno, "Failed to read from stream: %m");
-                goto terminate;
-        }
-
-        if (l == 0) {
-                stdout_stream_scan(s, true);
-                goto terminate;
-        }
-
-        s->length += l;
-        r = stdout_stream_scan(s, false);
-        if (r < 0)
-                goto terminate;
-
-        return 1;
-
-terminate:
-        stdout_stream_destroy(s);
-        return 0;
-}
-
-static int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
-        _cleanup_(stdout_stream_freep) StdoutStream *stream = NULL;
-        int r;
-
-        assert(s);
-        assert(fd >= 0);
-
-        stream = new0(StdoutStream, 1);
-        if (!stream)
-                return log_oom();
-
-        stream->fd = -1;
-        stream->priority = LOG_INFO;
-
-        r = getpeercred(fd, &stream->ucred);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine peer credentials: %m");
-
-        if (mac_selinux_have()) {
-                r = getpeersec(fd, &stream->label);
-                if (r < 0 && r != -EOPNOTSUPP)
-                        (void) log_warning_errno(r, "Failed to determine peer security context: %m");
-        }
-
-        (void) shutdown(fd, SHUT_WR);
-
-        r = sd_event_add_io(s->event, &stream->event_source, fd, EPOLLIN, stdout_stream_process, stream);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add stream to event loop: %m");
-
-        r = sd_event_source_set_priority(stream->event_source, SD_EVENT_PRIORITY_NORMAL+5);
-        if (r < 0)
-                return log_error_errno(r, "Failed to adjust stdout event source priority: %m");
-
-        stream->fd = fd;
-
-        stream->server = s;
-        LIST_PREPEND(stdout_stream, s->stdout_streams, stream);
-        s->n_stdout_streams++;
-
-        if (ret)
-                *ret = stream;
-
-        stream = NULL;
-
-        return 0;
-}
-
-static int stdout_stream_new(sd_event_source *es, int listen_fd, uint32_t revents, void *userdata) {
-        _cleanup_close_ int fd = -1;
-        Server *s = userdata;
-        int r;
-
-        assert(s);
-
-        if (revents != EPOLLIN) {
-                log_error("Got invalid event from epoll for stdout server fd: %"PRIx32, revents);
-                return -EIO;
-        }
-
-        fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
-        if (fd < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to accept stdout connection: %m");
-        }
-
-        if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
-                log_warning("Too many stdout streams, refusing connection.");
-                return 0;
-        }
-
-        r = stdout_stream_install(s, fd, NULL);
-        if (r < 0)
-                return r;
-
-        fd = -1;
-        return 0;
-}
-
-static int stdout_stream_load(StdoutStream *stream, const char *fname) {
-        _cleanup_free_ char
-                *priority = NULL,
-                *level_prefix = NULL,
-                *forward_to_syslog = NULL,
-                *forward_to_kmsg = NULL,
-                *forward_to_console = NULL;
-        int r;
-
-        assert(stream);
-        assert(fname);
-
-        if (!stream->state_file) {
-                stream->state_file = strappend("/run/systemd/journal/streams/", fname);
-                if (!stream->state_file)
-                        return log_oom();
-        }
-
-        r = parse_env_file(stream->state_file, NEWLINE,
-                           "PRIORITY", &priority,
-                           "LEVEL_PREFIX", &level_prefix,
-                           "FORWARD_TO_SYSLOG", &forward_to_syslog,
-                           "FORWARD_TO_KMSG", &forward_to_kmsg,
-                           "FORWARD_TO_CONSOLE", &forward_to_console,
-                           "IDENTIFIER", &stream->identifier,
-                           "UNIT", &stream->unit_id,
-                           NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read: %s", stream->state_file);
-
-        if (priority) {
-                int p;
-
-                p = log_level_from_string(priority);
-                if (p >= 0)
-                        stream->priority = p;
-        }
-
-        if (level_prefix) {
-                r = parse_boolean(level_prefix);
-                if (r >= 0)
-                        stream->level_prefix = r;
-        }
-
-        if (forward_to_syslog) {
-                r = parse_boolean(forward_to_syslog);
-                if (r >= 0)
-                        stream->forward_to_syslog = r;
-        }
-
-        if (forward_to_kmsg) {
-                r = parse_boolean(forward_to_kmsg);
-                if (r >= 0)
-                        stream->forward_to_kmsg = r;
-        }
-
-        if (forward_to_console) {
-                r = parse_boolean(forward_to_console);
-                if (r >= 0)
-                        stream->forward_to_console = r;
-        }
-
-        return 0;
-}
-
-static int stdout_stream_restore(Server *s, const char *fname, int fd) {
-        StdoutStream *stream;
-        int r;
-
-        assert(s);
-        assert(fname);
-        assert(fd >= 0);
-
-        if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
-                log_warning("Too many stdout streams, refusing restoring of stream.");
-                return -ENOBUFS;
-        }
-
-        r = stdout_stream_install(s, fd, &stream);
-        if (r < 0)
-                return r;
-
-        stream->state = STDOUT_STREAM_RUNNING;
-        stream->fdstore = true;
-
-        /* Ignore all parsing errors */
-        (void) stdout_stream_load(stream, fname);
-
-        return 0;
-}
-
-int server_restore_streams(Server *s, FDSet *fds) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r;
-
-        d = opendir("/run/systemd/journal/streams");
-        if (!d) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_warning_errno(errno, "Failed to enumerate /run/systemd/journal/streams: %m");
-        }
-
-        FOREACH_DIRENT(de, d, goto fail) {
-                unsigned long st_dev, st_ino;
-                bool found = false;
-                Iterator i;
-                int fd;
-
-                if (sscanf(de->d_name, "%lu:%lu", &st_dev, &st_ino) != 2)
-                        continue;
-
-                FDSET_FOREACH(fd, fds, i) {
-                        struct stat st;
-
-                        if (fstat(fd, &st) < 0)
-                                return log_error_errno(errno, "Failed to stat %s: %m", de->d_name);
-
-                        if (S_ISSOCK(st.st_mode) && st.st_dev == st_dev && st.st_ino == st_ino) {
-                                found = true;
-                                break;
-                        }
-                }
-
-                if (!found) {
-                        /* No file descriptor? Then let's delete the state file */
-                        log_debug("Cannot restore stream file %s", de->d_name);
-                        unlinkat(dirfd(d), de->d_name, 0);
-                        continue;
-                }
-
-                fdset_remove(fds, fd);
-
-                r = stdout_stream_restore(s, de->d_name, fd);
-                if (r < 0)
-                        safe_close(fd);
-        }
-
-        return 0;
-
-fail:
-        return log_error_errno(errno, "Failed to read streams directory: %m");
-}
-
-int server_open_stdout_socket(Server *s) {
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/journal/stdout",
-        };
-        int r;
-
-        assert(s);
-
-        if (s->stdout_fd < 0) {
-                s->stdout_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-                if (s->stdout_fd < 0)
-                        return log_error_errno(errno, "socket() failed: %m");
-
-                (void) unlink(sa.un.sun_path);
-
-                r = bind(s->stdout_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-                if (r < 0)
-                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
-
-                (void) chmod(sa.un.sun_path, 0666);
-
-                if (listen(s->stdout_fd, SOMAXCONN) < 0)
-                        return log_error_errno(errno, "listen(%s) failed: %m", sa.un.sun_path);
-        } else
-                fd_nonblock(s->stdout_fd, 1);
-
-        r = sd_event_add_io(s->event, &s->stdout_event_source, s->stdout_fd, EPOLLIN, stdout_stream_new, s);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add stdout server fd to event source: %m");
-
-        r = sd_event_source_set_priority(s->stdout_event_source, SD_EVENT_PRIORITY_NORMAL+5);
-        if (r < 0)
-                return log_error_errno(r, "Failed to adjust priority of stdout server event source: %m");
-
-        return 0;
-}
-
-void stdout_stream_send_notify(StdoutStream *s) {
-        struct iovec iovec = {
-                .iov_base = (char*) "FDSTORE=1",
-                .iov_len = strlen("FDSTORE=1"),
-        };
-        struct msghdr msghdr = {
-                .msg_iov = &iovec,
-                .msg_iovlen = 1,
-        };
-        struct cmsghdr *cmsg;
-        ssize_t l;
-
-        assert(s);
-        assert(!s->fdstore);
-        assert(s->in_notify_queue);
-        assert(s->server);
-        assert(s->server->notify_fd >= 0);
-
-        /* Store the connection fd in PID 1, so that we get it passed
-         * in again on next start */
-
-        msghdr.msg_controllen = CMSG_SPACE(sizeof(int));
-        msghdr.msg_control = alloca0(msghdr.msg_controllen);
-
-        cmsg = CMSG_FIRSTHDR(&msghdr);
-        cmsg->cmsg_level = SOL_SOCKET;
-        cmsg->cmsg_type = SCM_RIGHTS;
-        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
-
-        memcpy(CMSG_DATA(cmsg), &s->fd, sizeof(int));
-
-        l = sendmsg(s->server->notify_fd, &msghdr, MSG_DONTWAIT|MSG_NOSIGNAL);
-        if (l < 0) {
-                if (errno == EAGAIN)
-                        return;
-
-                log_error_errno(errno, "Failed to send stream file descriptor to service manager: %m");
-        } else {
-                log_debug("Successfully sent stream file descriptor to service manager.");
-                s->fdstore = 1;
-        }
-
-        LIST_REMOVE(stdout_stream_notify_queue, s->server->stdout_streams_notify_queue, s);
-        s->in_notify_queue = false;
-
-}
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
deleted file mode 100644
index 0609b4b694..0000000000
--- a/src/journal/journald-syslog.c
+++ /dev/null
@@ -1,454 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stddef.h>
-#include <sys/epoll.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "io-util.h"
-#include "journald-console.h"
-#include "journald-kmsg.h"
-#include "journald-server.h"
-#include "journald-syslog.h"
-#include "journald-wall.h"
-#include "process-util.h"
-#include "selinux-util.h"
-#include "socket-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "syslog-util.h"
-
-/* Warn once every 30s if we missed syslog message */
-#define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
-
-static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, const struct ucred *ucred, const struct timeval *tv) {
-
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/journal/syslog",
-        };
-        struct msghdr msghdr = {
-                .msg_iov = (struct iovec *) iovec,
-                .msg_iovlen = n_iovec,
-                .msg_name = (struct sockaddr*) &sa.sa,
-                .msg_namelen = SOCKADDR_UN_LEN(sa.un),
-        };
-        struct cmsghdr *cmsg;
-        union {
-                struct cmsghdr cmsghdr;
-                uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
-        } control;
-
-        assert(s);
-        assert(iovec);
-        assert(n_iovec > 0);
-
-        if (ucred) {
-                zero(control);
-                msghdr.msg_control = &control;
-                msghdr.msg_controllen = sizeof(control);
-
-                cmsg = CMSG_FIRSTHDR(&msghdr);
-                cmsg->cmsg_level = SOL_SOCKET;
-                cmsg->cmsg_type = SCM_CREDENTIALS;
-                cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
-                memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
-                msghdr.msg_controllen = cmsg->cmsg_len;
-        }
-
-        /* Forward the syslog message we received via /dev/log to
-         * /run/systemd/syslog. Unfortunately we currently can't set
-         * the SO_TIMESTAMP auxiliary data, and hence we don't. */
-
-        if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
-                return;
-
-        /* The socket is full? I guess the syslog implementation is
-         * too slow, and we shouldn't wait for that... */
-        if (errno == EAGAIN) {
-                s->n_forward_syslog_missed++;
-                return;
-        }
-
-        if (ucred && (errno == ESRCH || errno == EPERM)) {
-                struct ucred u;
-
-                /* Hmm, presumably the sender process vanished
-                 * by now, or we don't have CAP_SYS_AMDIN, so
-                 * let's fix it as good as we can, and retry */
-
-                u = *ucred;
-                u.pid = getpid();
-                memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
-
-                if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
-                        return;
-
-                if (errno == EAGAIN) {
-                        s->n_forward_syslog_missed++;
-                        return;
-                }
-        }
-
-        if (errno != ENOENT)
-                log_debug_errno(errno, "Failed to forward syslog message: %m");
-}
-
-static void forward_syslog_raw(Server *s, int priority, const char *buffer, const struct ucred *ucred, const struct timeval *tv) {
-        struct iovec iovec;
-
-        assert(s);
-        assert(buffer);
-
-        if (LOG_PRI(priority) > s->max_level_syslog)
-                return;
-
-        IOVEC_SET_STRING(iovec, buffer);
-        forward_syslog_iovec(s, &iovec, 1, ucred, tv);
-}
-
-void server_forward_syslog(Server *s, int priority, const char *identifier, const char *message, const struct ucred *ucred, const struct timeval *tv) {
-        struct iovec iovec[5];
-        char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64],
-             header_pid[sizeof("[]: ")-1 + DECIMAL_STR_MAX(pid_t) + 1];
-        int n = 0;
-        time_t t;
-        struct tm *tm;
-        char *ident_buf = NULL;
-
-        assert(s);
-        assert(priority >= 0);
-        assert(priority <= 999);
-        assert(message);
-
-        if (LOG_PRI(priority) > s->max_level_syslog)
-                return;
-
-        /* First: priority field */
-        xsprintf(header_priority, "<%i>", priority);
-        IOVEC_SET_STRING(iovec[n++], header_priority);
-
-        /* Second: timestamp */
-        t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
-        tm = localtime(&t);
-        if (!tm)
-                return;
-        if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
-                return;
-        IOVEC_SET_STRING(iovec[n++], header_time);
-
-        /* Third: identifier and PID */
-        if (ucred) {
-                if (!identifier) {
-                        get_process_comm(ucred->pid, &ident_buf);
-                        identifier = ident_buf;
-                }
-
-                xsprintf(header_pid, "["PID_FMT"]: ", ucred->pid);
-
-                if (identifier)
-                        IOVEC_SET_STRING(iovec[n++], identifier);
-
-                IOVEC_SET_STRING(iovec[n++], header_pid);
-        } else if (identifier) {
-                IOVEC_SET_STRING(iovec[n++], identifier);
-                IOVEC_SET_STRING(iovec[n++], ": ");
-        }
-
-        /* Fourth: message */
-        IOVEC_SET_STRING(iovec[n++], message);
-
-        forward_syslog_iovec(s, iovec, n, ucred, tv);
-
-        free(ident_buf);
-}
-
-int syslog_fixup_facility(int priority) {
-
-        if ((priority & LOG_FACMASK) == 0)
-                return (priority & LOG_PRIMASK) | LOG_USER;
-
-        return priority;
-}
-
-size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid) {
-        const char *p;
-        char *t;
-        size_t l, e;
-
-        assert(buf);
-        assert(identifier);
-        assert(pid);
-
-        p = *buf;
-
-        p += strspn(p, WHITESPACE);
-        l = strcspn(p, WHITESPACE);
-
-        if (l <= 0 ||
-            p[l-1] != ':')
-                return 0;
-
-        e = l;
-        l--;
-
-        if (p[l-1] == ']') {
-                size_t k = l-1;
-
-                for (;;) {
-
-                        if (p[k] == '[') {
-                                t = strndup(p+k+1, l-k-2);
-                                if (t)
-                                        *pid = t;
-
-                                l = k;
-                                break;
-                        }
-
-                        if (k == 0)
-                                break;
-
-                        k--;
-                }
-        }
-
-        t = strndup(p, l);
-        if (t)
-                *identifier = t;
-
-        if (strchr(WHITESPACE, p[e]))
-                e++;
-        *buf = p + e;
-        return e;
-}
-
-static void syslog_skip_date(char **buf) {
-        enum {
-                LETTER,
-                SPACE,
-                NUMBER,
-                SPACE_OR_NUMBER,
-                COLON
-        } sequence[] = {
-                LETTER, LETTER, LETTER,
-                SPACE,
-                SPACE_OR_NUMBER, NUMBER,
-                SPACE,
-                SPACE_OR_NUMBER, NUMBER,
-                COLON,
-                SPACE_OR_NUMBER, NUMBER,
-                COLON,
-                SPACE_OR_NUMBER, NUMBER,
-                SPACE
-        };
-
-        char *p;
-        unsigned i;
-
-        assert(buf);
-        assert(*buf);
-
-        p = *buf;
-
-        for (i = 0; i < ELEMENTSOF(sequence); i++, p++) {
-
-                if (!*p)
-                        return;
-
-                switch (sequence[i]) {
-
-                case SPACE:
-                        if (*p != ' ')
-                                return;
-                        break;
-
-                case SPACE_OR_NUMBER:
-                        if (*p == ' ')
-                                break;
-
-                        /* fall through */
-
-                case NUMBER:
-                        if (*p < '0' || *p > '9')
-                                return;
-
-                        break;
-
-                case LETTER:
-                        if (!(*p >= 'A' && *p <= 'Z') &&
-                            !(*p >= 'a' && *p <= 'z'))
-                                return;
-
-                        break;
-
-                case COLON:
-                        if (*p != ':')
-                                return;
-                        break;
-
-                }
-        }
-
-        *buf = p;
-}
-
-void server_process_syslog_message(
-                Server *s,
-                const char *buf,
-                const struct ucred *ucred,
-                const struct timeval *tv,
-                const char *label,
-                size_t label_len) {
-
-        char syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
-             syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
-        const char *message = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
-        struct iovec iovec[N_IOVEC_META_FIELDS + 6];
-        unsigned n = 0;
-        int priority = LOG_USER | LOG_INFO;
-        _cleanup_free_ char *identifier = NULL, *pid = NULL;
-        const char *orig;
-
-        assert(s);
-        assert(buf);
-
-        orig = buf;
-        syslog_parse_priority(&buf, &priority, true);
-
-        if (s->forward_to_syslog)
-                forward_syslog_raw(s, priority, orig, ucred, tv);
-
-        syslog_skip_date((char**) &buf);
-        syslog_parse_identifier(&buf, &identifier, &pid);
-
-        if (s->forward_to_kmsg)
-                server_forward_kmsg(s, priority, identifier, buf, ucred);
-
-        if (s->forward_to_console)
-                server_forward_console(s, priority, identifier, buf, ucred);
-
-        if (s->forward_to_wall)
-                server_forward_wall(s, priority, identifier, buf, ucred);
-
-        IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=syslog");
-
-        xsprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
-        IOVEC_SET_STRING(iovec[n++], syslog_priority);
-
-        if (priority & LOG_FACMASK) {
-                xsprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
-                IOVEC_SET_STRING(iovec[n++], syslog_facility);
-        }
-
-        if (identifier) {
-                syslog_identifier = strjoina("SYSLOG_IDENTIFIER=", identifier);
-                IOVEC_SET_STRING(iovec[n++], syslog_identifier);
-        }
-
-        if (pid) {
-                syslog_pid = strjoina("SYSLOG_PID=", pid);
-                IOVEC_SET_STRING(iovec[n++], syslog_pid);
-        }
-
-        message = strjoina("MESSAGE=", buf);
-        if (message)
-                IOVEC_SET_STRING(iovec[n++], message);
-
-        server_dispatch_message(s, iovec, n, ELEMENTSOF(iovec), ucred, tv, label, label_len, NULL, priority, 0);
-}
-
-int server_open_syslog_socket(Server *s) {
-
-        static const union sockaddr_union sa = {
-                .un.sun_family = AF_UNIX,
-                .un.sun_path = "/run/systemd/journal/dev-log",
-        };
-        static const int one = 1;
-        int r;
-
-        assert(s);
-
-        if (s->syslog_fd < 0) {
-                s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-                if (s->syslog_fd < 0)
-                        return log_error_errno(errno, "socket() failed: %m");
-
-                (void) unlink(sa.un.sun_path);
-
-                r = bind(s->syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-                if (r < 0)
-                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
-
-                (void) chmod(sa.un.sun_path, 0666);
-        } else
-                fd_nonblock(s->syslog_fd, 1);
-
-        r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
-        if (r < 0)
-                return log_error_errno(errno, "SO_PASSCRED failed: %m");
-
-#ifdef HAVE_SELINUX
-        if (mac_selinux_have()) {
-                r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
-                if (r < 0)
-                        log_warning_errno(errno, "SO_PASSSEC failed: %m");
-        }
-#endif
-
-        r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
-        if (r < 0)
-                return log_error_errno(errno, "SO_TIMESTAMP failed: %m");
-
-        r = sd_event_add_io(s->event, &s->syslog_event_source, s->syslog_fd, EPOLLIN, server_process_datagram, s);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add syslog server fd to event loop: %m");
-
-        r = sd_event_source_set_priority(s->syslog_event_source, SD_EVENT_PRIORITY_NORMAL+5);
-        if (r < 0)
-                return log_error_errno(r, "Failed to adjust syslog event source priority: %m");
-
-        return 0;
-}
-
-void server_maybe_warn_forward_syslog_missed(Server *s) {
-        usec_t n;
-
-        assert(s);
-
-        if (s->n_forward_syslog_missed <= 0)
-                return;
-
-        n = now(CLOCK_MONOTONIC);
-        if (s->last_warn_forward_syslog_missed + WARN_FORWARD_SYSLOG_MISSED_USEC > n)
-                return;
-
-        server_driver_message(s, SD_MESSAGE_FORWARD_SYSLOG_MISSED,
-                              LOG_MESSAGE("Forwarding to syslog missed %u messages.",
-                                          s->n_forward_syslog_missed),
-                              NULL);
-
-        s->n_forward_syslog_missed = 0;
-        s->last_warn_forward_syslog_missed = n;
-}
diff --git a/src/journal/journald.c b/src/journal/journald.c
deleted file mode 100644
index 272acb71c4..0000000000
--- a/src/journal/journald.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <unistd.h>
-
-#include "sd-daemon.h"
-#include "sd-messages.h"
-
-#include "formats-util.h"
-#include "journal-authenticate.h"
-#include "journald-kmsg.h"
-#include "journald-server.h"
-#include "journald-syslog.h"
-#include "sigbus.h"
-
-int main(int argc, char *argv[]) {
-        Server server;
-        int r;
-
-        if (argc > 1) {
-                log_error("This program does not take arguments.");
-                return EXIT_FAILURE;
-        }
-
-        log_set_target(LOG_TARGET_SAFE);
-        log_set_facility(LOG_SYSLOG);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        sigbus_install();
-
-        r = server_init(&server);
-        if (r < 0)
-                goto finish;
-
-        server_vacuum(&server, false, false);
-        server_flush_to_var(&server);
-        server_flush_dev_kmsg(&server);
-
-        log_debug("systemd-journald running as pid "PID_FMT, getpid());
-        server_driver_message(&server, SD_MESSAGE_JOURNAL_START,
-                              LOG_MESSAGE("Journal started"),
-                              NULL);
-
-        for (;;) {
-                usec_t t = USEC_INFINITY, n;
-
-                r = sd_event_get_state(server.event);
-                if (r < 0)
-                        goto finish;
-                if (r == SD_EVENT_FINISHED)
-                        break;
-
-                n = now(CLOCK_REALTIME);
-
-                if (server.max_retention_usec > 0 && server.oldest_file_usec > 0) {
-
-                        /* The retention time is reached, so let's vacuum! */
-                        if (server.oldest_file_usec + server.max_retention_usec < n) {
-                                log_info("Retention time reached.");
-                                server_rotate(&server);
-                                server_vacuum(&server, false, false);
-                                continue;
-                        }
-
-                        /* Calculate when to rotate the next time */
-                        t = server.oldest_file_usec + server.max_retention_usec - n;
-                }
-
-#ifdef HAVE_GCRYPT
-                if (server.system_journal) {
-                        usec_t u;
-
-                        if (journal_file_next_evolve_usec(server.system_journal, &u)) {
-                                if (n >= u)
-                                        t = 0;
-                                else
-                                        t = MIN(t, u - n);
-                        }
-                }
-#endif
-
-                r = sd_event_run(server.event, t);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to run event loop: %m");
-                        goto finish;
-                }
-
-                server_maybe_append_tags(&server);
-                server_maybe_warn_forward_syslog_missed(&server);
-        }
-
-        log_debug("systemd-journald stopped as pid "PID_FMT, getpid());
-        server_driver_message(&server, SD_MESSAGE_JOURNAL_STOP,
-                              LOG_MESSAGE("Journal stopped"),
-                              NULL);
-
-finish:
-        server_done(&server);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
deleted file mode 100644
index 1cea68ad42..0000000000
--- a/src/journal/sd-journal.c
+++ /dev/null
@@ -1,2985 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <inttypes.h>
-#include <linux/magic.h>
-#include <poll.h>
-#include <stddef.h>
-#include <sys/inotify.h>
-#include <sys/vfs.h>
-#include <unistd.h>
-
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "catalog.h"
-#include "compress.h"
-#include "dirent-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "hashmap.h"
-#include "hostname-util.h"
-#include "io-util.h"
-#include "journal-def.h"
-#include "journal-file.h"
-#include "journal-internal.h"
-#include "list.h"
-#include "lookup3.h"
-#include "missing.h"
-#include "path-util.h"
-#include "replace-var.h"
-#include "stat-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "strv.h"
-
-#define JOURNAL_FILES_MAX 7168
-
-#define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC)
-
-#define REPLACE_VAR_MAX 256
-
-#define DEFAULT_DATA_THRESHOLD (64*1024)
-
-static void remove_file_real(sd_journal *j, JournalFile *f);
-
-static bool journal_pid_changed(sd_journal *j) {
-        assert(j);
-
-        /* We don't support people creating a journal object and
-         * keeping it around over a fork(). Let's complain. */
-
-        return j->original_pid != getpid();
-}
-
-static int journal_put_error(sd_journal *j, int r, const char *path) {
-        char *copy;
-        int k;
-
-        /* Memorize an error we encountered, and store which
-         * file/directory it was generated from. Note that we store
-         * only *one* path per error code, as the error code is the
-         * key into the hashmap, and the path is the value. This means
-         * we keep track only of all error kinds, but not of all error
-         * locations. This has the benefit that the hashmap cannot
-         * grow beyond bounds.
-         *
-         * We return an error here only if we didn't manage to
-         * memorize the real error. */
-
-        if (r >= 0)
-                return r;
-
-        k = hashmap_ensure_allocated(&j->errors, NULL);
-        if (k < 0)
-                return k;
-
-        if (path) {
-                copy = strdup(path);
-                if (!copy)
-                        return -ENOMEM;
-        } else
-                copy = NULL;
-
-        k = hashmap_put(j->errors, INT_TO_PTR(r), copy);
-        if (k < 0) {
-                free(copy);
-
-                if (k == -EEXIST)
-                        return 0;
-
-                return k;
-        }
-
-        return 0;
-}
-
-static void detach_location(sd_journal *j) {
-        Iterator i;
-        JournalFile *f;
-
-        assert(j);
-
-        j->current_file = NULL;
-        j->current_field = 0;
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i)
-                journal_file_reset_location(f);
-}
-
-static void reset_location(sd_journal *j) {
-        assert(j);
-
-        detach_location(j);
-        zero(j->current_location);
-}
-
-static void init_location(Location *l, LocationType type, JournalFile *f, Object *o) {
-        assert(l);
-        assert(type == LOCATION_DISCRETE || type == LOCATION_SEEK);
-        assert(f);
-        assert(o->object.type == OBJECT_ENTRY);
-
-        l->type = type;
-        l->seqnum = le64toh(o->entry.seqnum);
-        l->seqnum_id = f->header->seqnum_id;
-        l->realtime = le64toh(o->entry.realtime);
-        l->monotonic = le64toh(o->entry.monotonic);
-        l->boot_id = o->entry.boot_id;
-        l->xor_hash = le64toh(o->entry.xor_hash);
-
-        l->seqnum_set = l->realtime_set = l->monotonic_set = l->xor_hash_set = true;
-}
-
-static void set_location(sd_journal *j, JournalFile *f, Object *o) {
-        assert(j);
-        assert(f);
-        assert(o);
-
-        init_location(&j->current_location, LOCATION_DISCRETE, f, o);
-
-        j->current_file = f;
-        j->current_field = 0;
-
-        /* Let f know its candidate entry was picked. */
-        assert(f->location_type == LOCATION_SEEK);
-        f->location_type = LOCATION_DISCRETE;
-}
-
-static int match_is_valid(const void *data, size_t size) {
-        const char *b, *p;
-
-        assert(data);
-
-        if (size < 2)
-                return false;
-
-        if (startswith(data, "__"))
-                return false;
-
-        b = data;
-        for (p = b; p < b + size; p++) {
-
-                if (*p == '=')
-                        return p > b;
-
-                if (*p == '_')
-                        continue;
-
-                if (*p >= 'A' && *p <= 'Z')
-                        continue;
-
-                if (*p >= '0' && *p <= '9')
-                        continue;
-
-                return false;
-        }
-
-        return false;
-}
-
-static bool same_field(const void *_a, size_t s, const void *_b, size_t t) {
-        const uint8_t *a = _a, *b = _b;
-        size_t j;
-
-        for (j = 0; j < s && j < t; j++) {
-
-                if (a[j] != b[j])
-                        return false;
-
-                if (a[j] == '=')
-                        return true;
-        }
-
-        assert_not_reached("\"=\" not found");
-}
-
-static Match *match_new(Match *p, MatchType t) {
-        Match *m;
-
-        m = new0(Match, 1);
-        if (!m)
-                return NULL;
-
-        m->type = t;
-
-        if (p) {
-                m->parent = p;
-                LIST_PREPEND(matches, p->matches, m);
-        }
-
-        return m;
-}
-
-static void match_free(Match *m) {
-        assert(m);
-
-        while (m->matches)
-                match_free(m->matches);
-
-        if (m->parent)
-                LIST_REMOVE(matches, m->parent->matches, m);
-
-        free(m->data);
-        free(m);
-}
-
-static void match_free_if_empty(Match *m) {
-        if (!m || m->matches)
-                return;
-
-        match_free(m);
-}
-
-_public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) {
-        Match *l3, *l4, *add_here = NULL, *m;
-        le64_t le_hash;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(data, -EINVAL);
-
-        if (size == 0)
-                size = strlen(data);
-
-        assert_return(match_is_valid(data, size), -EINVAL);
-
-        /* level 0: AND term
-         * level 1: OR terms
-         * level 2: AND terms
-         * level 3: OR terms
-         * level 4: concrete matches */
-
-        if (!j->level0) {
-                j->level0 = match_new(NULL, MATCH_AND_TERM);
-                if (!j->level0)
-                        return -ENOMEM;
-        }
-
-        if (!j->level1) {
-                j->level1 = match_new(j->level0, MATCH_OR_TERM);
-                if (!j->level1)
-                        return -ENOMEM;
-        }
-
-        if (!j->level2) {
-                j->level2 = match_new(j->level1, MATCH_AND_TERM);
-                if (!j->level2)
-                        return -ENOMEM;
-        }
-
-        assert(j->level0->type == MATCH_AND_TERM);
-        assert(j->level1->type == MATCH_OR_TERM);
-        assert(j->level2->type == MATCH_AND_TERM);
-
-        le_hash = htole64(hash64(data, size));
-
-        LIST_FOREACH(matches, l3, j->level2->matches) {
-                assert(l3->type == MATCH_OR_TERM);
-
-                LIST_FOREACH(matches, l4, l3->matches) {
-                        assert(l4->type == MATCH_DISCRETE);
-
-                        /* Exactly the same match already? Then ignore
-                         * this addition */
-                        if (l4->le_hash == le_hash &&
-                            l4->size == size &&
-                            memcmp(l4->data, data, size) == 0)
-                                return 0;
-
-                        /* Same field? Then let's add this to this OR term */
-                        if (same_field(data, size, l4->data, l4->size)) {
-                                add_here = l3;
-                                break;
-                        }
-                }
-
-                if (add_here)
-                        break;
-        }
-
-        if (!add_here) {
-                add_here = match_new(j->level2, MATCH_OR_TERM);
-                if (!add_here)
-                        goto fail;
-        }
-
-        m = match_new(add_here, MATCH_DISCRETE);
-        if (!m)
-                goto fail;
-
-        m->le_hash = le_hash;
-        m->size = size;
-        m->data = memdup(data, size);
-        if (!m->data)
-                goto fail;
-
-        detach_location(j);
-
-        return 0;
-
-fail:
-        match_free_if_empty(add_here);
-        match_free_if_empty(j->level2);
-        match_free_if_empty(j->level1);
-        match_free_if_empty(j->level0);
-
-        return -ENOMEM;
-}
-
-_public_ int sd_journal_add_conjunction(sd_journal *j) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        if (!j->level0)
-                return 0;
-
-        if (!j->level1)
-                return 0;
-
-        if (!j->level1->matches)
-                return 0;
-
-        j->level1 = NULL;
-        j->level2 = NULL;
-
-        return 0;
-}
-
-_public_ int sd_journal_add_disjunction(sd_journal *j) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        if (!j->level0)
-                return 0;
-
-        if (!j->level1)
-                return 0;
-
-        if (!j->level2)
-                return 0;
-
-        if (!j->level2->matches)
-                return 0;
-
-        j->level2 = NULL;
-        return 0;
-}
-
-static char *match_make_string(Match *m) {
-        char *p, *r;
-        Match *i;
-        bool enclose = false;
-
-        if (!m)
-                return strdup("none");
-
-        if (m->type == MATCH_DISCRETE)
-                return strndup(m->data, m->size);
-
-        p = NULL;
-        LIST_FOREACH(matches, i, m->matches) {
-                char *t, *k;
-
-                t = match_make_string(i);
-                if (!t) {
-                        free(p);
-                        return NULL;
-                }
-
-                if (p) {
-                        k = strjoin(p, m->type == MATCH_OR_TERM ? " OR " : " AND ", t, NULL);
-                        free(p);
-                        free(t);
-
-                        if (!k)
-                                return NULL;
-
-                        p = k;
-
-                        enclose = true;
-                } else
-                        p = t;
-        }
-
-        if (enclose) {
-                r = strjoin("(", p, ")", NULL);
-                free(p);
-                return r;
-        }
-
-        return p;
-}
-
-char *journal_make_match_string(sd_journal *j) {
-        assert(j);
-
-        return match_make_string(j->level0);
-}
-
-_public_ void sd_journal_flush_matches(sd_journal *j) {
-        if (!j)
-                return;
-
-        if (j->level0)
-                match_free(j->level0);
-
-        j->level0 = j->level1 = j->level2 = NULL;
-
-        detach_location(j);
-}
-
-_pure_ static int compare_with_location(JournalFile *f, Location *l) {
-        assert(f);
-        assert(l);
-        assert(f->location_type == LOCATION_SEEK);
-        assert(l->type == LOCATION_DISCRETE || l->type == LOCATION_SEEK);
-
-        if (l->monotonic_set &&
-            sd_id128_equal(f->current_boot_id, l->boot_id) &&
-            l->realtime_set &&
-            f->current_realtime == l->realtime &&
-            l->xor_hash_set &&
-            f->current_xor_hash == l->xor_hash)
-                return 0;
-
-        if (l->seqnum_set &&
-            sd_id128_equal(f->header->seqnum_id, l->seqnum_id)) {
-
-                if (f->current_seqnum < l->seqnum)
-                        return -1;
-                if (f->current_seqnum > l->seqnum)
-                        return 1;
-        }
-
-        if (l->monotonic_set &&
-            sd_id128_equal(f->current_boot_id, l->boot_id)) {
-
-                if (f->current_monotonic < l->monotonic)
-                        return -1;
-                if (f->current_monotonic > l->monotonic)
-                        return 1;
-        }
-
-        if (l->realtime_set) {
-
-                if (f->current_realtime < l->realtime)
-                        return -1;
-                if (f->current_realtime > l->realtime)
-                        return 1;
-        }
-
-        if (l->xor_hash_set) {
-
-                if (f->current_xor_hash < l->xor_hash)
-                        return -1;
-                if (f->current_xor_hash > l->xor_hash)
-                        return 1;
-        }
-
-        return 0;
-}
-
-static int next_for_match(
-                sd_journal *j,
-                Match *m,
-                JournalFile *f,
-                uint64_t after_offset,
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset) {
-
-        int r;
-        uint64_t np = 0;
-        Object *n;
-
-        assert(j);
-        assert(m);
-        assert(f);
-
-        if (m->type == MATCH_DISCRETE) {
-                uint64_t dp;
-
-                r = journal_file_find_data_object_with_hash(f, m->data, m->size, le64toh(m->le_hash), NULL, &dp);
-                if (r <= 0)
-                        return r;
-
-                return journal_file_move_to_entry_by_offset_for_data(f, dp, after_offset, direction, ret, offset);
-
-        } else if (m->type == MATCH_OR_TERM) {
-                Match *i;
-
-                /* Find the earliest match beyond after_offset */
-
-                LIST_FOREACH(matches, i, m->matches) {
-                        uint64_t cp;
-
-                        r = next_for_match(j, i, f, after_offset, direction, NULL, &cp);
-                        if (r < 0)
-                                return r;
-                        else if (r > 0) {
-                                if (np == 0 || (direction == DIRECTION_DOWN ? cp < np : cp > np))
-                                        np = cp;
-                        }
-                }
-
-                if (np == 0)
-                        return 0;
-
-        } else if (m->type == MATCH_AND_TERM) {
-                Match *i, *last_moved;
-
-                /* Always jump to the next matching entry and repeat
-                 * this until we find an offset that matches for all
-                 * matches. */
-
-                if (!m->matches)
-                        return 0;
-
-                r = next_for_match(j, m->matches, f, after_offset, direction, NULL, &np);
-                if (r <= 0)
-                        return r;
-
-                assert(direction == DIRECTION_DOWN ? np >= after_offset : np <= after_offset);
-                last_moved = m->matches;
-
-                LIST_LOOP_BUT_ONE(matches, i, m->matches, last_moved) {
-                        uint64_t cp;
-
-                        r = next_for_match(j, i, f, np, direction, NULL, &cp);
-                        if (r <= 0)
-                                return r;
-
-                        assert(direction == DIRECTION_DOWN ? cp >= np : cp <= np);
-                        if (direction == DIRECTION_DOWN ? cp > np : cp < np) {
-                                np = cp;
-                                last_moved = i;
-                        }
-                }
-        }
-
-        assert(np > 0);
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, np, &n);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = n;
-        if (offset)
-                *offset = np;
-
-        return 1;
-}
-
-static int find_location_for_match(
-                sd_journal *j,
-                Match *m,
-                JournalFile *f,
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset) {
-
-        int r;
-
-        assert(j);
-        assert(m);
-        assert(f);
-
-        if (m->type == MATCH_DISCRETE) {
-                uint64_t dp;
-
-                r = journal_file_find_data_object_with_hash(f, m->data, m->size, le64toh(m->le_hash), NULL, &dp);
-                if (r <= 0)
-                        return r;
-
-                /* FIXME: missing: find by monotonic */
-
-                if (j->current_location.type == LOCATION_HEAD)
-                        return journal_file_next_entry_for_data(f, NULL, 0, dp, DIRECTION_DOWN, ret, offset);
-                if (j->current_location.type == LOCATION_TAIL)
-                        return journal_file_next_entry_for_data(f, NULL, 0, dp, DIRECTION_UP, ret, offset);
-                if (j->current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id))
-                        return journal_file_move_to_entry_by_seqnum_for_data(f, dp, j->current_location.seqnum, direction, ret, offset);
-                if (j->current_location.monotonic_set) {
-                        r = journal_file_move_to_entry_by_monotonic_for_data(f, dp, j->current_location.boot_id, j->current_location.monotonic, direction, ret, offset);
-                        if (r != -ENOENT)
-                                return r;
-                }
-                if (j->current_location.realtime_set)
-                        return journal_file_move_to_entry_by_realtime_for_data(f, dp, j->current_location.realtime, direction, ret, offset);
-
-                return journal_file_next_entry_for_data(f, NULL, 0, dp, direction, ret, offset);
-
-        } else if (m->type == MATCH_OR_TERM) {
-                uint64_t np = 0;
-                Object *n;
-                Match *i;
-
-                /* Find the earliest match */
-
-                LIST_FOREACH(matches, i, m->matches) {
-                        uint64_t cp;
-
-                        r = find_location_for_match(j, i, f, direction, NULL, &cp);
-                        if (r < 0)
-                                return r;
-                        else if (r > 0) {
-                                if (np == 0 || (direction == DIRECTION_DOWN ? np > cp : np < cp))
-                                        np = cp;
-                        }
-                }
-
-                if (np == 0)
-                        return 0;
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY, np, &n);
-                if (r < 0)
-                        return r;
-
-                if (ret)
-                        *ret = n;
-                if (offset)
-                        *offset = np;
-
-                return 1;
-
-        } else {
-                Match *i;
-                uint64_t np = 0;
-
-                assert(m->type == MATCH_AND_TERM);
-
-                /* First jump to the last match, and then find the
-                 * next one where all matches match */
-
-                if (!m->matches)
-                        return 0;
-
-                LIST_FOREACH(matches, i, m->matches) {
-                        uint64_t cp;
-
-                        r = find_location_for_match(j, i, f, direction, NULL, &cp);
-                        if (r <= 0)
-                                return r;
-
-                        if (np == 0 || (direction == DIRECTION_DOWN ? cp > np : cp < np))
-                                np = cp;
-                }
-
-                return next_for_match(j, m, f, np, direction, ret, offset);
-        }
-}
-
-static int find_location_with_matches(
-                sd_journal *j,
-                JournalFile *f,
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset) {
-
-        int r;
-
-        assert(j);
-        assert(f);
-        assert(ret);
-        assert(offset);
-
-        if (!j->level0) {
-                /* No matches is simple */
-
-                if (j->current_location.type == LOCATION_HEAD)
-                        return journal_file_next_entry(f, 0, DIRECTION_DOWN, ret, offset);
-                if (j->current_location.type == LOCATION_TAIL)
-                        return journal_file_next_entry(f, 0, DIRECTION_UP, ret, offset);
-                if (j->current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id))
-                        return journal_file_move_to_entry_by_seqnum(f, j->current_location.seqnum, direction, ret, offset);
-                if (j->current_location.monotonic_set) {
-                        r = journal_file_move_to_entry_by_monotonic(f, j->current_location.boot_id, j->current_location.monotonic, direction, ret, offset);
-                        if (r != -ENOENT)
-                                return r;
-                }
-                if (j->current_location.realtime_set)
-                        return journal_file_move_to_entry_by_realtime(f, j->current_location.realtime, direction, ret, offset);
-
-                return journal_file_next_entry(f, 0, direction, ret, offset);
-        } else
-                return find_location_for_match(j, j->level0, f, direction, ret, offset);
-}
-
-static int next_with_matches(
-                sd_journal *j,
-                JournalFile *f,
-                direction_t direction,
-                Object **ret,
-                uint64_t *offset) {
-
-        assert(j);
-        assert(f);
-        assert(ret);
-        assert(offset);
-
-        /* No matches is easy. We simple advance the file
-         * pointer by one. */
-        if (!j->level0)
-                return journal_file_next_entry(f, f->current_offset, direction, ret, offset);
-
-        /* If we have a match then we look for the next matching entry
-         * with an offset at least one step larger */
-        return next_for_match(j, j->level0, f,
-                              direction == DIRECTION_DOWN ? f->current_offset + 1
-                                                          : f->current_offset - 1,
-                              direction, ret, offset);
-}
-
-static int next_beyond_location(sd_journal *j, JournalFile *f, direction_t direction) {
-        Object *c;
-        uint64_t cp, n_entries;
-        int r;
-
-        assert(j);
-        assert(f);
-
-        n_entries = le64toh(f->header->n_entries);
-
-        /* If we hit EOF before, we don't need to look into this file again
-         * unless direction changed or new entries appeared. */
-        if (f->last_direction == direction && f->location_type == LOCATION_TAIL &&
-            n_entries == f->last_n_entries)
-                return 0;
-
-        f->last_n_entries = n_entries;
-
-        if (f->last_direction == direction && f->current_offset > 0) {
-                /* LOCATION_SEEK here means we did the work in a previous
-                 * iteration and the current location already points to a
-                 * candidate entry. */
-                if (f->location_type != LOCATION_SEEK) {
-                        r = next_with_matches(j, f, direction, &c, &cp);
-                        if (r <= 0)
-                                return r;
-
-                        journal_file_save_location(f, c, cp);
-                }
-        } else {
-                f->last_direction = direction;
-
-                r = find_location_with_matches(j, f, direction, &c, &cp);
-                if (r <= 0)
-                        return r;
-
-                journal_file_save_location(f, c, cp);
-        }
-
-        /* OK, we found the spot, now let's advance until an entry
-         * that is actually different from what we were previously
-         * looking at. This is necessary to handle entries which exist
-         * in two (or more) journal files, and which shall all be
-         * suppressed but one. */
-
-        for (;;) {
-                bool found;
-
-                if (j->current_location.type == LOCATION_DISCRETE) {
-                        int k;
-
-                        k = compare_with_location(f, &j->current_location);
-
-                        found = direction == DIRECTION_DOWN ? k > 0 : k < 0;
-                } else
-                        found = true;
-
-                if (found)
-                        return 1;
-
-                r = next_with_matches(j, f, direction, &c, &cp);
-                if (r <= 0)
-                        return r;
-
-                journal_file_save_location(f, c, cp);
-        }
-}
-
-static int real_journal_next(sd_journal *j, direction_t direction) {
-        JournalFile *f, *new_file = NULL;
-        Iterator i;
-        Object *o;
-        int r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
-                bool found;
-
-                r = next_beyond_location(j, f, direction);
-                if (r < 0) {
-                        log_debug_errno(r, "Can't iterate through %s, ignoring: %m", f->path);
-                        remove_file_real(j, f);
-                        continue;
-                } else if (r == 0) {
-                        f->location_type = LOCATION_TAIL;
-                        continue;
-                }
-
-                if (!new_file)
-                        found = true;
-                else {
-                        int k;
-
-                        k = journal_file_compare_locations(f, new_file);
-
-                        found = direction == DIRECTION_DOWN ? k < 0 : k > 0;
-                }
-
-                if (found)
-                        new_file = f;
-        }
-
-        if (!new_file)
-                return 0;
-
-        r = journal_file_move_to_object(new_file, OBJECT_ENTRY, new_file->current_offset, &o);
-        if (r < 0)
-                return r;
-
-        set_location(j, new_file, o);
-
-        return 1;
-}
-
-_public_ int sd_journal_next(sd_journal *j) {
-        return real_journal_next(j, DIRECTION_DOWN);
-}
-
-_public_ int sd_journal_previous(sd_journal *j) {
-        return real_journal_next(j, DIRECTION_UP);
-}
-
-static int real_journal_next_skip(sd_journal *j, direction_t direction, uint64_t skip) {
-        int c = 0, r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        if (skip == 0) {
-                /* If this is not a discrete skip, then at least
-                 * resolve the current location */
-                if (j->current_location.type != LOCATION_DISCRETE)
-                        return real_journal_next(j, direction);
-
-                return 0;
-        }
-
-        do {
-                r = real_journal_next(j, direction);
-                if (r < 0)
-                        return r;
-
-                if (r == 0)
-                        return c;
-
-                skip--;
-                c++;
-        } while (skip > 0);
-
-        return c;
-}
-
-_public_ int sd_journal_next_skip(sd_journal *j, uint64_t skip) {
-        return real_journal_next_skip(j, DIRECTION_DOWN, skip);
-}
-
-_public_ int sd_journal_previous_skip(sd_journal *j, uint64_t skip) {
-        return real_journal_next_skip(j, DIRECTION_UP, skip);
-}
-
-_public_ int sd_journal_get_cursor(sd_journal *j, char **cursor) {
-        Object *o;
-        int r;
-        char bid[33], sid[33];
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(cursor, -EINVAL);
-
-        if (!j->current_file || j->current_file->current_offset <= 0)
-                return -EADDRNOTAVAIL;
-
-        r = journal_file_move_to_object(j->current_file, OBJECT_ENTRY, j->current_file->current_offset, &o);
-        if (r < 0)
-                return r;
-
-        sd_id128_to_string(j->current_file->header->seqnum_id, sid);
-        sd_id128_to_string(o->entry.boot_id, bid);
-
-        if (asprintf(cursor,
-                     "s=%s;i=%"PRIx64";b=%s;m=%"PRIx64";t=%"PRIx64";x=%"PRIx64,
-                     sid, le64toh(o->entry.seqnum),
-                     bid, le64toh(o->entry.monotonic),
-                     le64toh(o->entry.realtime),
-                     le64toh(o->entry.xor_hash)) < 0)
-                return -ENOMEM;
-
-        return 0;
-}
-
-_public_ int sd_journal_seek_cursor(sd_journal *j, const char *cursor) {
-        const char *word, *state;
-        size_t l;
-        unsigned long long seqnum, monotonic, realtime, xor_hash;
-        bool
-                seqnum_id_set = false,
-                seqnum_set = false,
-                boot_id_set = false,
-                monotonic_set = false,
-                realtime_set = false,
-                xor_hash_set = false;
-        sd_id128_t seqnum_id, boot_id;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(!isempty(cursor), -EINVAL);
-
-        FOREACH_WORD_SEPARATOR(word, l, cursor, ";", state) {
-                char *item;
-                int k = 0;
-
-                if (l < 2 || word[1] != '=')
-                        return -EINVAL;
-
-                item = strndup(word, l);
-                if (!item)
-                        return -ENOMEM;
-
-                switch (word[0]) {
-
-                case 's':
-                        seqnum_id_set = true;
-                        k = sd_id128_from_string(item+2, &seqnum_id);
-                        break;
-
-                case 'i':
-                        seqnum_set = true;
-                        if (sscanf(item+2, "%llx", &seqnum) != 1)
-                                k = -EINVAL;
-                        break;
-
-                case 'b':
-                        boot_id_set = true;
-                        k = sd_id128_from_string(item+2, &boot_id);
-                        break;
-
-                case 'm':
-                        monotonic_set = true;
-                        if (sscanf(item+2, "%llx", &monotonic) != 1)
-                                k = -EINVAL;
-                        break;
-
-                case 't':
-                        realtime_set = true;
-                        if (sscanf(item+2, "%llx", &realtime) != 1)
-                                k = -EINVAL;
-                        break;
-
-                case 'x':
-                        xor_hash_set = true;
-                        if (sscanf(item+2, "%llx", &xor_hash) != 1)
-                                k = -EINVAL;
-                        break;
-                }
-
-                free(item);
-
-                if (k < 0)
-                        return k;
-        }
-
-        if ((!seqnum_set || !seqnum_id_set) &&
-            (!monotonic_set || !boot_id_set) &&
-            !realtime_set)
-                return -EINVAL;
-
-        reset_location(j);
-
-        j->current_location.type = LOCATION_SEEK;
-
-        if (realtime_set) {
-                j->current_location.realtime = (uint64_t) realtime;
-                j->current_location.realtime_set = true;
-        }
-
-        if (seqnum_set && seqnum_id_set) {
-                j->current_location.seqnum = (uint64_t) seqnum;
-                j->current_location.seqnum_id = seqnum_id;
-                j->current_location.seqnum_set = true;
-        }
-
-        if (monotonic_set && boot_id_set) {
-                j->current_location.monotonic = (uint64_t) monotonic;
-                j->current_location.boot_id = boot_id;
-                j->current_location.monotonic_set = true;
-        }
-
-        if (xor_hash_set) {
-                j->current_location.xor_hash = (uint64_t) xor_hash;
-                j->current_location.xor_hash_set = true;
-        }
-
-        return 0;
-}
-
-_public_ int sd_journal_test_cursor(sd_journal *j, const char *cursor) {
-        int r;
-        Object *o;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(!isempty(cursor), -EINVAL);
-
-        if (!j->current_file || j->current_file->current_offset <= 0)
-                return -EADDRNOTAVAIL;
-
-        r = journal_file_move_to_object(j->current_file, OBJECT_ENTRY, j->current_file->current_offset, &o);
-        if (r < 0)
-                return r;
-
-        for (;;) {
-                _cleanup_free_ char *item = NULL;
-                unsigned long long ll;
-                sd_id128_t id;
-                int k = 0;
-
-                r = extract_first_word(&cursor, &item, ";", EXTRACT_DONT_COALESCE_SEPARATORS);
-                if (r < 0)
-                        return r;
-
-                if (r == 0)
-                        break;
-
-                if (strlen(item) < 2 || item[1] != '=')
-                        return -EINVAL;
-
-                switch (item[0]) {
-
-                case 's':
-                        k = sd_id128_from_string(item+2, &id);
-                        if (k < 0)
-                                return k;
-                        if (!sd_id128_equal(id, j->current_file->header->seqnum_id))
-                                return 0;
-                        break;
-
-                case 'i':
-                        if (sscanf(item+2, "%llx", &ll) != 1)
-                                return -EINVAL;
-                        if (ll != le64toh(o->entry.seqnum))
-                                return 0;
-                        break;
-
-                case 'b':
-                        k = sd_id128_from_string(item+2, &id);
-                        if (k < 0)
-                                return k;
-                        if (!sd_id128_equal(id, o->entry.boot_id))
-                                return 0;
-                        break;
-
-                case 'm':
-                        if (sscanf(item+2, "%llx", &ll) != 1)
-                                return -EINVAL;
-                        if (ll != le64toh(o->entry.monotonic))
-                                return 0;
-                        break;
-
-                case 't':
-                        if (sscanf(item+2, "%llx", &ll) != 1)
-                                return -EINVAL;
-                        if (ll != le64toh(o->entry.realtime))
-                                return 0;
-                        break;
-
-                case 'x':
-                        if (sscanf(item+2, "%llx", &ll) != 1)
-                                return -EINVAL;
-                        if (ll != le64toh(o->entry.xor_hash))
-                                return 0;
-                        break;
-                }
-        }
-
-        return 1;
-}
-
-
-_public_ int sd_journal_seek_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t usec) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        reset_location(j);
-        j->current_location.type = LOCATION_SEEK;
-        j->current_location.boot_id = boot_id;
-        j->current_location.monotonic = usec;
-        j->current_location.monotonic_set = true;
-
-        return 0;
-}
-
-_public_ int sd_journal_seek_realtime_usec(sd_journal *j, uint64_t usec) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        reset_location(j);
-        j->current_location.type = LOCATION_SEEK;
-        j->current_location.realtime = usec;
-        j->current_location.realtime_set = true;
-
-        return 0;
-}
-
-_public_ int sd_journal_seek_head(sd_journal *j) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        reset_location(j);
-        j->current_location.type = LOCATION_HEAD;
-
-        return 0;
-}
-
-_public_ int sd_journal_seek_tail(sd_journal *j) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        reset_location(j);
-        j->current_location.type = LOCATION_TAIL;
-
-        return 0;
-}
-
-static void check_network(sd_journal *j, int fd) {
-        struct statfs sfs;
-
-        assert(j);
-
-        if (j->on_network)
-                return;
-
-        if (fstatfs(fd, &sfs) < 0)
-                return;
-
-        j->on_network =
-                F_TYPE_EQUAL(sfs.f_type, CIFS_MAGIC_NUMBER) ||
-                F_TYPE_EQUAL(sfs.f_type, CODA_SUPER_MAGIC) ||
-                F_TYPE_EQUAL(sfs.f_type, NCP_SUPER_MAGIC) ||
-                F_TYPE_EQUAL(sfs.f_type, NFS_SUPER_MAGIC) ||
-                F_TYPE_EQUAL(sfs.f_type, SMB_SUPER_MAGIC);
-}
-
-static bool file_has_type_prefix(const char *prefix, const char *filename) {
-        const char *full, *tilded, *atted;
-
-        full = strjoina(prefix, ".journal");
-        tilded = strjoina(full, "~");
-        atted = strjoina(prefix, "@");
-
-        return streq(filename, full) ||
-               streq(filename, tilded) ||
-               startswith(filename, atted);
-}
-
-static bool file_type_wanted(int flags, const char *filename) {
-        assert(filename);
-
-        if (!endswith(filename, ".journal") && !endswith(filename, ".journal~"))
-                return false;
-
-        /* no flags set → every type is OK */
-        if (!(flags & (SD_JOURNAL_SYSTEM | SD_JOURNAL_CURRENT_USER)))
-                return true;
-
-        if (flags & SD_JOURNAL_SYSTEM && file_has_type_prefix("system", filename))
-                return true;
-
-        if (flags & SD_JOURNAL_CURRENT_USER) {
-                char prefix[5 + DECIMAL_STR_MAX(uid_t) + 1];
-
-                xsprintf(prefix, "user-"UID_FMT, getuid());
-
-                if (file_has_type_prefix(prefix, filename))
-                        return true;
-        }
-
-        return false;
-}
-
-static bool path_has_prefix(sd_journal *j, const char *path, const char *prefix) {
-        assert(j);
-        assert(path);
-        assert(prefix);
-
-        if (j->toplevel_fd >= 0)
-                return false;
-
-        return path_startswith(path, prefix);
-}
-
-static const char *skip_slash(const char *p) {
-
-        if (!p)
-                return NULL;
-
-        while (*p == '/')
-                p++;
-
-        return p;
-}
-
-static int add_any_file(sd_journal *j, int fd, const char *path) {
-        JournalFile *f = NULL;
-        bool close_fd = false;
-        int r, k;
-
-        assert(j);
-        assert(fd >= 0 || path);
-
-        if (path && ordered_hashmap_get(j->files, path))
-                return 0;
-
-        if (ordered_hashmap_size(j->files) >= JOURNAL_FILES_MAX) {
-                log_debug("Too many open journal files, not adding %s.", path);
-                r = -ETOOMANYREFS;
-                goto fail;
-        }
-
-        if (fd < 0 && j->toplevel_fd >= 0) {
-
-                /* If there's a top-level fd defined, open the file relative to this now. (Make the path relative,
-                 * explicitly, since otherwise openat() ignores the first argument.) */
-
-                fd = openat(j->toplevel_fd, skip_slash(path), O_RDONLY|O_CLOEXEC);
-                if (fd < 0) {
-                        r = log_debug_errno(errno, "Failed to open journal file %s: %m", path);
-                        goto fail;
-                }
-
-                close_fd = true;
-        }
-
-        r = journal_file_open(fd, path, O_RDONLY, 0, false, false, NULL, j->mmap, NULL, NULL, &f);
-        if (r < 0) {
-                if (close_fd)
-                        safe_close(fd);
-                log_debug_errno(r, "Failed to open journal file %s: %m", path);
-                goto fail;
-        }
-
-        /* journal_file_dump(f); */
-
-        r = ordered_hashmap_put(j->files, f->path, f);
-        if (r < 0) {
-                f->close_fd = close_fd;
-                (void) journal_file_close(f);
-                goto fail;
-        }
-
-        if (!j->has_runtime_files && path_has_prefix(j, f->path, "/run"))
-                j->has_runtime_files = true;
-        else if (!j->has_persistent_files && path_has_prefix(j, f->path, "/var"))
-                j->has_persistent_files = true;
-
-        log_debug("File %s added.", f->path);
-
-        check_network(j, f->fd);
-
-        j->current_invalidate_counter++;
-
-        return 0;
-
-fail:
-        k = journal_put_error(j, r, path);
-        if (k < 0)
-                return k;
-
-        return r;
-}
-
-static int add_file(sd_journal *j, const char *prefix, const char *filename) {
-        const char *path;
-
-        assert(j);
-        assert(prefix);
-        assert(filename);
-
-        if (j->no_new_files)
-                return 0;
-
-        if (!file_type_wanted(j->flags, filename))
-                return 0;
-
-        path = strjoina(prefix, "/", filename);
-        return add_any_file(j, -1, path);
-}
-
-static void remove_file(sd_journal *j, const char *prefix, const char *filename) {
-        const char *path;
-        JournalFile *f;
-
-        assert(j);
-        assert(prefix);
-        assert(filename);
-
-        path = strjoina(prefix, "/", filename);
-        f = ordered_hashmap_get(j->files, path);
-        if (!f)
-                return;
-
-        remove_file_real(j, f);
-}
-
-static void remove_file_real(sd_journal *j, JournalFile *f) {
-        assert(j);
-        assert(f);
-
-        ordered_hashmap_remove(j->files, f->path);
-
-        log_debug("File %s removed.", f->path);
-
-        if (j->current_file == f) {
-                j->current_file = NULL;
-                j->current_field = 0;
-        }
-
-        if (j->unique_file == f) {
-                /* Jump to the next unique_file or NULL if that one was last */
-                j->unique_file = ordered_hashmap_next(j->files, j->unique_file->path);
-                j->unique_offset = 0;
-                if (!j->unique_file)
-                        j->unique_file_lost = true;
-        }
-
-        if (j->fields_file == f) {
-                j->fields_file = ordered_hashmap_next(j->files, j->fields_file->path);
-                j->fields_offset = 0;
-                if (!j->fields_file)
-                        j->fields_file_lost = true;
-        }
-
-        (void) journal_file_close(f);
-
-        j->current_invalidate_counter++;
-}
-
-static int dirname_is_machine_id(const char *fn) {
-        sd_id128_t id, machine;
-        int r;
-
-        r = sd_id128_get_machine(&machine);
-        if (r < 0)
-                return r;
-
-        r = sd_id128_from_string(fn, &id);
-        if (r < 0)
-                return r;
-
-        return sd_id128_equal(id, machine);
-}
-
-static int add_directory(sd_journal *j, const char *prefix, const char *dirname) {
-        _cleanup_free_ char *path = NULL;
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de = NULL;
-        Directory *m;
-        int r, k;
-
-        assert(j);
-        assert(prefix);
-
-        /* Adds a journal file directory to watch. If the directory is already tracked this updates the inotify watch
-         * and reenumerates directory contents */
-
-        if (dirname)
-                path = strjoin(prefix, "/", dirname, NULL);
-        else
-                path = strdup(prefix);
-        if (!path) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        log_debug("Considering directory %s.", path);
-
-        /* We consider everything local that is in a directory for the local machine ID, or that is stored in /run */
-        if ((j->flags & SD_JOURNAL_LOCAL_ONLY) &&
-            !((dirname && dirname_is_machine_id(dirname) > 0) || path_has_prefix(j, path, "/run")))
-            return 0;
-
-
-        if (j->toplevel_fd < 0)
-                d = opendir(path);
-        else
-                /* Open the specified directory relative to the the toplevel fd. Enforce that the path specified is
-                 * relative, by dropping the initial slash */
-                d = xopendirat(j->toplevel_fd, skip_slash(path), 0);
-        if (!d) {
-                r = log_debug_errno(errno, "Failed to open directory %s: %m", path);
-                goto fail;
-        }
-
-        m = hashmap_get(j->directories_by_path, path);
-        if (!m) {
-                m = new0(Directory, 1);
-                if (!m) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                m->is_root = false;
-                m->path = path;
-
-                if (hashmap_put(j->directories_by_path, m->path, m) < 0) {
-                        free(m);
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                path = NULL; /* avoid freeing in cleanup */
-                j->current_invalidate_counter++;
-
-                log_debug("Directory %s added.", m->path);
-
-        } else if (m->is_root)
-                return 0;
-
-        if (m->wd <= 0 && j->inotify_fd >= 0) {
-                /* Watch this directory, if it not being watched yet. */
-
-                m->wd = inotify_add_watch_fd(j->inotify_fd, dirfd(d),
-                                             IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB|IN_DELETE|
-                                             IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT|IN_MOVED_FROM|
-                                             IN_ONLYDIR);
-
-                if (m->wd > 0 && hashmap_put(j->directories_by_wd, INT_TO_PTR(m->wd), m) < 0)
-                        inotify_rm_watch(j->inotify_fd, m->wd);
-        }
-
-        FOREACH_DIRENT_ALL(de, d, r = log_debug_errno(errno, "Failed to read directory %s: %m", m->path); goto fail) {
-
-                if (dirent_is_file_with_suffix(de, ".journal") ||
-                    dirent_is_file_with_suffix(de, ".journal~"))
-                        (void) add_file(j, m->path, de->d_name);
-        }
-
-        check_network(j, dirfd(d));
-
-        return 0;
-
-fail:
-        k = journal_put_error(j, r, path ?: prefix);
-        if (k < 0)
-                return k;
-
-        return r;
-}
-
-static int add_root_directory(sd_journal *j, const char *p, bool missing_ok) {
-
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        Directory *m;
-        int r, k;
-
-        assert(j);
-
-        /* Adds a root directory to our set of directories to use. If the root directory is already in the set, we
-         * update the inotify logic, and renumerate the directory entries. This call may hence be called to initially
-         * populate the set, as well as to update it later. */
-
-        if (p) {
-                /* If there's a path specified, use it. */
-
-                if ((j->flags & SD_JOURNAL_RUNTIME_ONLY) &&
-                    !path_has_prefix(j, p, "/run"))
-                        return -EINVAL;
-
-                if (j->prefix)
-                        p = strjoina(j->prefix, p);
-
-                if (j->toplevel_fd < 0)
-                        d = opendir(p);
-                else
-                        d = xopendirat(j->toplevel_fd, skip_slash(p), 0);
-
-                if (!d) {
-                        if (errno == ENOENT && missing_ok)
-                                return 0;
-
-                        r = log_debug_errno(errno, "Failed to open root directory %s: %m", p);
-                        goto fail;
-                }
-        } else {
-                int dfd;
-
-                /* If there's no path specified, then we use the top-level fd itself. We duplicate the fd here, since
-                 * opendir() will take possession of the fd, and close it, which we don't want. */
-
-                p = "."; /* store this as "." in the directories hashmap */
-
-                dfd = fcntl(j->toplevel_fd, F_DUPFD_CLOEXEC, 3);
-                if (dfd < 0) {
-                        r = -errno;
-                        goto fail;
-                }
-
-                d = fdopendir(dfd);
-                if (!d) {
-                        r = -errno;
-                        safe_close(dfd);
-                        goto fail;
-                }
-
-                rewinddir(d);
-        }
-
-        m = hashmap_get(j->directories_by_path, p);
-        if (!m) {
-                m = new0(Directory, 1);
-                if (!m) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                m->is_root = true;
-
-                m->path = strdup(p);
-                if (!m->path) {
-                        free(m);
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                if (hashmap_put(j->directories_by_path, m->path, m) < 0) {
-                        free(m->path);
-                        free(m);
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                j->current_invalidate_counter++;
-
-                log_debug("Root directory %s added.", m->path);
-
-        } else if (!m->is_root)
-                return 0;
-
-        if (m->wd <= 0 && j->inotify_fd >= 0) {
-
-                m->wd = inotify_add_watch_fd(j->inotify_fd, dirfd(d),
-                                          IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB|IN_DELETE|
-                                          IN_ONLYDIR);
-
-                if (m->wd > 0 && hashmap_put(j->directories_by_wd, INT_TO_PTR(m->wd), m) < 0)
-                        inotify_rm_watch(j->inotify_fd, m->wd);
-        }
-
-        if (j->no_new_files)
-                return 0;
-
-        FOREACH_DIRENT_ALL(de, d, r = log_debug_errno(errno, "Failed to read directory %s: %m", m->path); goto fail) {
-                sd_id128_t id;
-
-                if (dirent_is_file_with_suffix(de, ".journal") ||
-                    dirent_is_file_with_suffix(de, ".journal~"))
-                        (void) add_file(j, m->path, de->d_name);
-                else if (IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN) &&
-                         sd_id128_from_string(de->d_name, &id) >= 0)
-                        (void) add_directory(j, m->path, de->d_name);
-        }
-
-        check_network(j, dirfd(d));
-
-        return 0;
-
-fail:
-        k = journal_put_error(j, r, p);
-        if (k < 0)
-                return k;
-
-        return r;
-}
-
-static void remove_directory(sd_journal *j, Directory *d) {
-        assert(j);
-
-        if (d->wd > 0) {
-                hashmap_remove(j->directories_by_wd, INT_TO_PTR(d->wd));
-
-                if (j->inotify_fd >= 0)
-                        inotify_rm_watch(j->inotify_fd, d->wd);
-        }
-
-        hashmap_remove(j->directories_by_path, d->path);
-
-        if (d->is_root)
-                log_debug("Root directory %s removed.", d->path);
-        else
-                log_debug("Directory %s removed.", d->path);
-
-        free(d->path);
-        free(d);
-}
-
-static int add_search_paths(sd_journal *j) {
-
-        static const char search_paths[] =
-                "/run/log/journal\0"
-                "/var/log/journal\0";
-        const char *p;
-
-        assert(j);
-
-        /* We ignore most errors here, since the idea is to only open
-         * what's actually accessible, and ignore the rest. */
-
-        NULSTR_FOREACH(p, search_paths)
-                (void) add_root_directory(j, p, true);
-
-        return 0;
-}
-
-static int add_current_paths(sd_journal *j) {
-        Iterator i;
-        JournalFile *f;
-
-        assert(j);
-        assert(j->no_new_files);
-
-        /* Simply adds all directories for files we have open as directories. We don't expect errors here, so we
-         * treat them as fatal. */
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
-                _cleanup_free_ char *dir;
-                int r;
-
-                dir = dirname_malloc(f->path);
-                if (!dir)
-                        return -ENOMEM;
-
-                r = add_directory(j, dir, NULL);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int allocate_inotify(sd_journal *j) {
-        assert(j);
-
-        if (j->inotify_fd < 0) {
-                j->inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
-                if (j->inotify_fd < 0)
-                        return -errno;
-        }
-
-        return hashmap_ensure_allocated(&j->directories_by_wd, NULL);
-}
-
-static sd_journal *journal_new(int flags, const char *path) {
-        sd_journal *j;
-
-        j = new0(sd_journal, 1);
-        if (!j)
-                return NULL;
-
-        j->original_pid = getpid();
-        j->toplevel_fd = -1;
-        j->inotify_fd = -1;
-        j->flags = flags;
-        j->data_threshold = DEFAULT_DATA_THRESHOLD;
-
-        if (path) {
-                j->path = strdup(path);
-                if (!j->path)
-                        goto fail;
-        }
-
-        j->files = ordered_hashmap_new(&string_hash_ops);
-        j->directories_by_path = hashmap_new(&string_hash_ops);
-        j->mmap = mmap_cache_new();
-        if (!j->files || !j->directories_by_path || !j->mmap)
-                goto fail;
-
-        return j;
-
-fail:
-        sd_journal_close(j);
-        return NULL;
-}
-
-_public_ int sd_journal_open(sd_journal **ret, int flags) {
-        sd_journal *j;
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return((flags & ~(SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_RUNTIME_ONLY|SD_JOURNAL_SYSTEM|SD_JOURNAL_CURRENT_USER)) == 0, -EINVAL);
-
-        j = journal_new(flags, NULL);
-        if (!j)
-                return -ENOMEM;
-
-        r = add_search_paths(j);
-        if (r < 0)
-                goto fail;
-
-        *ret = j;
-        return 0;
-
-fail:
-        sd_journal_close(j);
-
-        return r;
-}
-
-_public_ int sd_journal_open_container(sd_journal **ret, const char *machine, int flags) {
-        _cleanup_free_ char *root = NULL, *class = NULL;
-        sd_journal *j;
-        char *p;
-        int r;
-
-        /* This is pretty much deprecated, people should use machined's OpenMachineRootDirectory() call instead in
-         * combination with sd_journal_open_directory_fd(). */
-
-        assert_return(machine, -EINVAL);
-        assert_return(ret, -EINVAL);
-        assert_return((flags & ~(SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM)) == 0, -EINVAL);
-        assert_return(machine_name_is_valid(machine), -EINVAL);
-
-        p = strjoina("/run/systemd/machines/", machine);
-        r = parse_env_file(p, NEWLINE, "ROOT", &root, "CLASS", &class, NULL);
-        if (r == -ENOENT)
-                return -EHOSTDOWN;
-        if (r < 0)
-                return r;
-        if (!root)
-                return -ENODATA;
-
-        if (!streq_ptr(class, "container"))
-                return -EIO;
-
-        j = journal_new(flags, NULL);
-        if (!j)
-                return -ENOMEM;
-
-        j->prefix = root;
-        root = NULL;
-
-        r = add_search_paths(j);
-        if (r < 0)
-                goto fail;
-
-        *ret = j;
-        return 0;
-
-fail:
-        sd_journal_close(j);
-        return r;
-}
-
-_public_ int sd_journal_open_directory(sd_journal **ret, const char *path, int flags) {
-        sd_journal *j;
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return(path, -EINVAL);
-        assert_return((flags & ~SD_JOURNAL_OS_ROOT) == 0, -EINVAL);
-
-        j = journal_new(flags, path);
-        if (!j)
-                return -ENOMEM;
-
-        if (flags & SD_JOURNAL_OS_ROOT)
-                r = add_search_paths(j);
-        else
-                r = add_root_directory(j, path, false);
-        if (r < 0)
-                goto fail;
-
-        *ret = j;
-        return 0;
-
-fail:
-        sd_journal_close(j);
-        return r;
-}
-
-_public_ int sd_journal_open_files(sd_journal **ret, const char **paths, int flags) {
-        sd_journal *j;
-        const char **path;
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return(flags == 0, -EINVAL);
-
-        j = journal_new(flags, NULL);
-        if (!j)
-                return -ENOMEM;
-
-        STRV_FOREACH(path, paths) {
-                r = add_any_file(j, -1, *path);
-                if (r < 0)
-                        goto fail;
-        }
-
-        j->no_new_files = true;
-
-        *ret = j;
-        return 0;
-
-fail:
-        sd_journal_close(j);
-        return r;
-}
-
-_public_ int sd_journal_open_directory_fd(sd_journal **ret, int fd, int flags) {
-        sd_journal *j;
-        struct stat st;
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return(fd >= 0, -EBADF);
-        assert_return((flags & ~SD_JOURNAL_OS_ROOT) == 0, -EINVAL);
-
-        if (fstat(fd, &st) < 0)
-                return -errno;
-
-        if (!S_ISDIR(st.st_mode))
-                return -EBADFD;
-
-        j = journal_new(flags, NULL);
-        if (!j)
-                return -ENOMEM;
-
-        j->toplevel_fd = fd;
-
-        if (flags & SD_JOURNAL_OS_ROOT)
-                r = add_search_paths(j);
-        else
-                r = add_root_directory(j, NULL, false);
-        if (r < 0)
-                goto fail;
-
-        *ret = j;
-        return 0;
-
-fail:
-        sd_journal_close(j);
-        return r;
-}
-
-_public_ int sd_journal_open_files_fd(sd_journal **ret, int fds[], unsigned n_fds, int flags) {
-        Iterator iterator;
-        JournalFile *f;
-        sd_journal *j;
-        unsigned i;
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return(n_fds > 0, -EBADF);
-        assert_return(flags == 0, -EINVAL);
-
-        j = journal_new(flags, NULL);
-        if (!j)
-                return -ENOMEM;
-
-        for (i = 0; i < n_fds; i++) {
-                struct stat st;
-
-                if (fds[i] < 0) {
-                        r = -EBADF;
-                        goto fail;
-                }
-
-                if (fstat(fds[i], &st) < 0) {
-                        r = -errno;
-                        goto fail;
-                }
-
-                if (!S_ISREG(st.st_mode)) {
-                        r = -EBADFD;
-                        goto fail;
-                }
-
-                r = add_any_file(j, fds[i], NULL);
-                if (r < 0)
-                        goto fail;
-        }
-
-        j->no_new_files = true;
-        j->no_inotify = true;
-
-        *ret = j;
-        return 0;
-
-fail:
-        /* If we fail, make sure we don't take possession of the files we managed to make use of successfully, and they
-         * remain open */
-        ORDERED_HASHMAP_FOREACH(f, j->files, iterator)
-                f->close_fd = false;
-
-        sd_journal_close(j);
-        return r;
-}
-
-_public_ void sd_journal_close(sd_journal *j) {
-        Directory *d;
-        JournalFile *f;
-        char *p;
-
-        if (!j)
-                return;
-
-        sd_journal_flush_matches(j);
-
-        while ((f = ordered_hashmap_steal_first(j->files)))
-                (void) journal_file_close(f);
-
-        ordered_hashmap_free(j->files);
-
-        while ((d = hashmap_first(j->directories_by_path)))
-                remove_directory(j, d);
-
-        while ((d = hashmap_first(j->directories_by_wd)))
-                remove_directory(j, d);
-
-        hashmap_free(j->directories_by_path);
-        hashmap_free(j->directories_by_wd);
-
-        safe_close(j->inotify_fd);
-
-        if (j->mmap) {
-                log_debug("mmap cache statistics: %u hit, %u miss", mmap_cache_get_hit(j->mmap), mmap_cache_get_missed(j->mmap));
-                mmap_cache_unref(j->mmap);
-        }
-
-        while ((p = hashmap_steal_first(j->errors)))
-                free(p);
-        hashmap_free(j->errors);
-
-        free(j->path);
-        free(j->prefix);
-        free(j->unique_field);
-        free(j->fields_buffer);
-        free(j);
-}
-
-_public_ int sd_journal_get_realtime_usec(sd_journal *j, uint64_t *ret) {
-        Object *o;
-        JournalFile *f;
-        int r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(ret, -EINVAL);
-
-        f = j->current_file;
-        if (!f)
-                return -EADDRNOTAVAIL;
-
-        if (f->current_offset <= 0)
-                return -EADDRNOTAVAIL;
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
-        if (r < 0)
-                return r;
-
-        *ret = le64toh(o->entry.realtime);
-        return 0;
-}
-
-_public_ int sd_journal_get_monotonic_usec(sd_journal *j, uint64_t *ret, sd_id128_t *ret_boot_id) {
-        Object *o;
-        JournalFile *f;
-        int r;
-        sd_id128_t id;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        f = j->current_file;
-        if (!f)
-                return -EADDRNOTAVAIL;
-
-        if (f->current_offset <= 0)
-                return -EADDRNOTAVAIL;
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
-        if (r < 0)
-                return r;
-
-        if (ret_boot_id)
-                *ret_boot_id = o->entry.boot_id;
-        else {
-                r = sd_id128_get_boot(&id);
-                if (r < 0)
-                        return r;
-
-                if (!sd_id128_equal(id, o->entry.boot_id))
-                        return -ESTALE;
-        }
-
-        if (ret)
-                *ret = le64toh(o->entry.monotonic);
-
-        return 0;
-}
-
-static bool field_is_valid(const char *field) {
-        const char *p;
-
-        assert(field);
-
-        if (isempty(field))
-                return false;
-
-        if (startswith(field, "__"))
-                return false;
-
-        for (p = field; *p; p++) {
-
-                if (*p == '_')
-                        continue;
-
-                if (*p >= 'A' && *p <= 'Z')
-                        continue;
-
-                if (*p >= '0' && *p <= '9')
-                        continue;
-
-                return false;
-        }
-
-        return true;
-}
-
-_public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **data, size_t *size) {
-        JournalFile *f;
-        uint64_t i, n;
-        size_t field_length;
-        int r;
-        Object *o;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(field, -EINVAL);
-        assert_return(data, -EINVAL);
-        assert_return(size, -EINVAL);
-        assert_return(field_is_valid(field), -EINVAL);
-
-        f = j->current_file;
-        if (!f)
-                return -EADDRNOTAVAIL;
-
-        if (f->current_offset <= 0)
-                return -EADDRNOTAVAIL;
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
-        if (r < 0)
-                return r;
-
-        field_length = strlen(field);
-
-        n = journal_file_entry_n_items(o);
-        for (i = 0; i < n; i++) {
-                uint64_t p, l;
-                le64_t le_hash;
-                size_t t;
-                int compression;
-
-                p = le64toh(o->entry.items[i].object_offset);
-                le_hash = o->entry.items[i].hash;
-                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
-                if (r < 0)
-                        return r;
-
-                if (le_hash != o->data.hash)
-                        return -EBADMSG;
-
-                l = le64toh(o->object.size) - offsetof(Object, data.payload);
-
-                compression = o->object.flags & OBJECT_COMPRESSION_MASK;
-                if (compression) {
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-                        r = decompress_startswith(compression,
-                                                  o->data.payload, l,
-                                                  &f->compress_buffer, &f->compress_buffer_size,
-                                                  field, field_length, '=');
-                        if (r < 0)
-                                log_debug_errno(r, "Cannot decompress %s object of length %"PRIu64" at offset "OFSfmt": %m",
-                                                object_compressed_to_string(compression), l, p);
-                        else if (r > 0) {
-
-                                size_t rsize;
-
-                                r = decompress_blob(compression,
-                                                    o->data.payload, l,
-                                                    &f->compress_buffer, &f->compress_buffer_size, &rsize,
-                                                    j->data_threshold);
-                                if (r < 0)
-                                        return r;
-
-                                *data = f->compress_buffer;
-                                *size = (size_t) rsize;
-
-                                return 0;
-                        }
-#else
-                        return -EPROTONOSUPPORT;
-#endif
-                } else if (l >= field_length+1 &&
-                           memcmp(o->data.payload, field, field_length) == 0 &&
-                           o->data.payload[field_length] == '=') {
-
-                        t = (size_t) l;
-
-                        if ((uint64_t) t != l)
-                                return -E2BIG;
-
-                        *data = o->data.payload;
-                        *size = t;
-
-                        return 0;
-                }
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
-                if (r < 0)
-                        return r;
-        }
-
-        return -ENOENT;
-}
-
-static int return_data(sd_journal *j, JournalFile *f, Object *o, const void **data, size_t *size) {
-        size_t t;
-        uint64_t l;
-        int compression;
-
-        l = le64toh(o->object.size) - offsetof(Object, data.payload);
-        t = (size_t) l;
-
-        /* We can't read objects larger than 4G on a 32bit machine */
-        if ((uint64_t) t != l)
-                return -E2BIG;
-
-        compression = o->object.flags & OBJECT_COMPRESSION_MASK;
-        if (compression) {
-#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-                size_t rsize;
-                int r;
-
-                r = decompress_blob(compression,
-                                    o->data.payload, l, &f->compress_buffer,
-                                    &f->compress_buffer_size, &rsize, j->data_threshold);
-                if (r < 0)
-                        return r;
-
-                *data = f->compress_buffer;
-                *size = (size_t) rsize;
-#else
-                return -EPROTONOSUPPORT;
-#endif
-        } else {
-                *data = o->data.payload;
-                *size = t;
-        }
-
-        return 0;
-}
-
-_public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *size) {
-        JournalFile *f;
-        uint64_t p, n;
-        le64_t le_hash;
-        int r;
-        Object *o;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(data, -EINVAL);
-        assert_return(size, -EINVAL);
-
-        f = j->current_file;
-        if (!f)
-                return -EADDRNOTAVAIL;
-
-        if (f->current_offset <= 0)
-                return -EADDRNOTAVAIL;
-
-        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
-        if (r < 0)
-                return r;
-
-        n = journal_file_entry_n_items(o);
-        if (j->current_field >= n)
-                return 0;
-
-        p = le64toh(o->entry.items[j->current_field].object_offset);
-        le_hash = o->entry.items[j->current_field].hash;
-        r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
-        if (r < 0)
-                return r;
-
-        if (le_hash != o->data.hash)
-                return -EBADMSG;
-
-        r = return_data(j, f, o, data, size);
-        if (r < 0)
-                return r;
-
-        j->current_field++;
-
-        return 1;
-}
-
-_public_ void sd_journal_restart_data(sd_journal *j) {
-        if (!j)
-                return;
-
-        j->current_field = 0;
-}
-
-_public_ int sd_journal_get_fd(sd_journal *j) {
-        int r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        if (j->no_inotify)
-                return -EMEDIUMTYPE;
-
-        if (j->inotify_fd >= 0)
-                return j->inotify_fd;
-
-        r = allocate_inotify(j);
-        if (r < 0)
-                return r;
-
-        log_debug("Reiterating files to get inotify watches established");
-
-        /* Iterate through all dirs again, to add them to the
-         * inotify */
-        if (j->no_new_files)
-                r = add_current_paths(j);
-        else if (j->toplevel_fd >= 0)
-                r = add_root_directory(j, NULL, false);
-        else if (j->path)
-                r = add_root_directory(j, j->path, true);
-        else
-                r = add_search_paths(j);
-        if (r < 0)
-                return r;
-
-        return j->inotify_fd;
-}
-
-_public_ int sd_journal_get_events(sd_journal *j) {
-        int fd;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        fd = sd_journal_get_fd(j);
-        if (fd < 0)
-                return fd;
-
-        return POLLIN;
-}
-
-_public_ int sd_journal_get_timeout(sd_journal *j, uint64_t *timeout_usec) {
-        int fd;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(timeout_usec, -EINVAL);
-
-        fd = sd_journal_get_fd(j);
-        if (fd < 0)
-                return fd;
-
-        if (!j->on_network) {
-                *timeout_usec = (uint64_t) -1;
-                return 0;
-        }
-
-        /* If we are on the network we need to regularly check for
-         * changes manually */
-
-        *timeout_usec = j->last_process_usec + JOURNAL_FILES_RECHECK_USEC;
-        return 1;
-}
-
-static void process_inotify_event(sd_journal *j, struct inotify_event *e) {
-        Directory *d;
-
-        assert(j);
-        assert(e);
-
-        /* Is this a subdirectory we watch? */
-        d = hashmap_get(j->directories_by_wd, INT_TO_PTR(e->wd));
-        if (d) {
-                sd_id128_t id;
-
-                if (!(e->mask & IN_ISDIR) && e->len > 0 &&
-                    (endswith(e->name, ".journal") ||
-                     endswith(e->name, ".journal~"))) {
-
-                        /* Event for a journal file */
-
-                        if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB))
-                                (void) add_file(j, d->path, e->name);
-                        else if (e->mask & (IN_DELETE|IN_MOVED_FROM|IN_UNMOUNT))
-                                remove_file(j, d->path, e->name);
-
-                } else if (!d->is_root && e->len == 0) {
-
-                        /* Event for a subdirectory */
-
-                        if (e->mask & (IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT))
-                                remove_directory(j, d);
-
-                } else if (d->is_root && (e->mask & IN_ISDIR) && e->len > 0 && sd_id128_from_string(e->name, &id) >= 0) {
-
-                        /* Event for root directory */
-
-                        if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB))
-                                (void) add_directory(j, d->path, e->name);
-                }
-
-                return;
-        }
-
-        if (e->mask & IN_IGNORED)
-                return;
-
-        log_debug("Unknown inotify event.");
-}
-
-static int determine_change(sd_journal *j) {
-        bool b;
-
-        assert(j);
-
-        b = j->current_invalidate_counter != j->last_invalidate_counter;
-        j->last_invalidate_counter = j->current_invalidate_counter;
-
-        return b ? SD_JOURNAL_INVALIDATE : SD_JOURNAL_APPEND;
-}
-
-_public_ int sd_journal_process(sd_journal *j) {
-        bool got_something = false;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        j->last_process_usec = now(CLOCK_MONOTONIC);
-
-        for (;;) {
-                union inotify_event_buffer buffer;
-                struct inotify_event *e;
-                ssize_t l;
-
-                l = read(j->inotify_fd, &buffer, sizeof(buffer));
-                if (l < 0) {
-                        if (errno == EAGAIN || errno == EINTR)
-                                return got_something ? determine_change(j) : SD_JOURNAL_NOP;
-
-                        return -errno;
-                }
-
-                got_something = true;
-
-                FOREACH_INOTIFY_EVENT(e, buffer, l)
-                        process_inotify_event(j, e);
-        }
-}
-
-_public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) {
-        int r;
-        uint64_t t;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        if (j->inotify_fd < 0) {
-
-                /* This is the first invocation, hence create the
-                 * inotify watch */
-                r = sd_journal_get_fd(j);
-                if (r < 0)
-                        return r;
-
-                /* The journal might have changed since the context
-                 * object was created and we weren't watching before,
-                 * hence don't wait for anything, and return
-                 * immediately. */
-                return determine_change(j);
-        }
-
-        r = sd_journal_get_timeout(j, &t);
-        if (r < 0)
-                return r;
-
-        if (t != (uint64_t) -1) {
-                usec_t n;
-
-                n = now(CLOCK_MONOTONIC);
-                t = t > n ? t - n : 0;
-
-                if (timeout_usec == (uint64_t) -1 || timeout_usec > t)
-                        timeout_usec = t;
-        }
-
-        do {
-                r = fd_wait_for_event(j->inotify_fd, POLLIN, timeout_usec);
-        } while (r == -EINTR);
-
-        if (r < 0)
-                return r;
-
-        return sd_journal_process(j);
-}
-
-_public_ int sd_journal_get_cutoff_realtime_usec(sd_journal *j, uint64_t *from, uint64_t *to) {
-        Iterator i;
-        JournalFile *f;
-        bool first = true;
-        uint64_t fmin = 0, tmax = 0;
-        int r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(from || to, -EINVAL);
-        assert_return(from != to, -EINVAL);
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
-                usec_t fr, t;
-
-                r = journal_file_get_cutoff_realtime_usec(f, &fr, &t);
-                if (r == -ENOENT)
-                        continue;
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        continue;
-
-                if (first) {
-                        fmin = fr;
-                        tmax = t;
-                        first = false;
-                } else {
-                        fmin = MIN(fr, fmin);
-                        tmax = MAX(t, tmax);
-                }
-        }
-
-        if (from)
-                *from = fmin;
-        if (to)
-                *to = tmax;
-
-        return first ? 0 : 1;
-}
-
-_public_ int sd_journal_get_cutoff_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t *from, uint64_t *to) {
-        Iterator i;
-        JournalFile *f;
-        bool found = false;
-        int r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(from || to, -EINVAL);
-        assert_return(from != to, -EINVAL);
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
-                usec_t fr, t;
-
-                r = journal_file_get_cutoff_monotonic_usec(f, boot_id, &fr, &t);
-                if (r == -ENOENT)
-                        continue;
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        continue;
-
-                if (found) {
-                        if (from)
-                                *from = MIN(fr, *from);
-                        if (to)
-                                *to = MAX(t, *to);
-                } else {
-                        if (from)
-                                *from = fr;
-                        if (to)
-                                *to = t;
-                        found = true;
-                }
-        }
-
-        return found;
-}
-
-void journal_print_header(sd_journal *j) {
-        Iterator i;
-        JournalFile *f;
-        bool newline = false;
-
-        assert(j);
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
-                if (newline)
-                        putchar('\n');
-                else
-                        newline = true;
-
-                journal_file_print_header(f);
-        }
-}
-
-_public_ int sd_journal_get_usage(sd_journal *j, uint64_t *bytes) {
-        Iterator i;
-        JournalFile *f;
-        uint64_t sum = 0;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(bytes, -EINVAL);
-
-        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
-                struct stat st;
-
-                if (fstat(f->fd, &st) < 0)
-                        return -errno;
-
-                sum += (uint64_t) st.st_blocks * 512ULL;
-        }
-
-        *bytes = sum;
-        return 0;
-}
-
-_public_ int sd_journal_query_unique(sd_journal *j, const char *field) {
-        char *f;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(!isempty(field), -EINVAL);
-        assert_return(field_is_valid(field), -EINVAL);
-
-        f = strdup(field);
-        if (!f)
-                return -ENOMEM;
-
-        free(j->unique_field);
-        j->unique_field = f;
-        j->unique_file = NULL;
-        j->unique_offset = 0;
-        j->unique_file_lost = false;
-
-        return 0;
-}
-
-_public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_t *l) {
-        size_t k;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(data, -EINVAL);
-        assert_return(l, -EINVAL);
-        assert_return(j->unique_field, -EINVAL);
-
-        k = strlen(j->unique_field);
-
-        if (!j->unique_file) {
-                if (j->unique_file_lost)
-                        return 0;
-
-                j->unique_file = ordered_hashmap_first(j->files);
-                if (!j->unique_file)
-                        return 0;
-
-                j->unique_offset = 0;
-        }
-
-        for (;;) {
-                JournalFile *of;
-                Iterator i;
-                Object *o;
-                const void *odata;
-                size_t ol;
-                bool found;
-                int r;
-
-                /* Proceed to next data object in the field's linked list */
-                if (j->unique_offset == 0) {
-                        r = journal_file_find_field_object(j->unique_file, j->unique_field, k, &o, NULL);
-                        if (r < 0)
-                                return r;
-
-                        j->unique_offset = r > 0 ? le64toh(o->field.head_data_offset) : 0;
-                } else {
-                        r = journal_file_move_to_object(j->unique_file, OBJECT_DATA, j->unique_offset, &o);
-                        if (r < 0)
-                                return r;
-
-                        j->unique_offset = le64toh(o->data.next_field_offset);
-                }
-
-                /* We reached the end of the list? Then start again, with the next file */
-                if (j->unique_offset == 0) {
-                        j->unique_file = ordered_hashmap_next(j->files, j->unique_file->path);
-                        if (!j->unique_file)
-                                return 0;
-
-                        continue;
-                }
-
-                /* We do not use OBJECT_DATA context here, but OBJECT_UNUSED
-                 * instead, so that we can look at this data object at the same
-                 * time as one on another file */
-                r = journal_file_move_to_object(j->unique_file, OBJECT_UNUSED, j->unique_offset, &o);
-                if (r < 0)
-                        return r;
-
-                /* Let's do the type check by hand, since we used 0 context above. */
-                if (o->object.type != OBJECT_DATA) {
-                        log_debug("%s:offset " OFSfmt ": object has type %d, expected %d",
-                                  j->unique_file->path, j->unique_offset,
-                                  o->object.type, OBJECT_DATA);
-                        return -EBADMSG;
-                }
-
-                r = return_data(j, j->unique_file, o, &odata, &ol);
-                if (r < 0)
-                        return r;
-
-                /* Check if we have at least the field name and "=". */
-                if (ol <= k) {
-                        log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu",
-                                  j->unique_file->path, j->unique_offset,
-                                  ol, k + 1);
-                        return -EBADMSG;
-                }
-
-                if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') {
-                        log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"",
-                                  j->unique_file->path, j->unique_offset,
-                                  j->unique_field);
-                        return -EBADMSG;
-                }
-
-                /* OK, now let's see if we already returned this data
-                 * object by checking if it exists in the earlier
-                 * traversed files. */
-                found = false;
-                ORDERED_HASHMAP_FOREACH(of, j->files, i) {
-                        if (of == j->unique_file)
-                                break;
-
-                        /* Skip this file it didn't have any fields indexed */
-                        if (JOURNAL_HEADER_CONTAINS(of->header, n_fields) && le64toh(of->header->n_fields) <= 0)
-                                continue;
-
-                        r = journal_file_find_data_object_with_hash(of, odata, ol, le64toh(o->data.hash), NULL, NULL);
-                        if (r < 0)
-                                return r;
-                        if (r > 0) {
-                                found = true;
-                                break;
-                        }
-                }
-
-                if (found)
-                        continue;
-
-                r = return_data(j, j->unique_file, o, data, l);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-}
-
-_public_ void sd_journal_restart_unique(sd_journal *j) {
-        if (!j)
-                return;
-
-        j->unique_file = NULL;
-        j->unique_offset = 0;
-        j->unique_file_lost = false;
-}
-
-_public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) {
-        int r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(field, -EINVAL);
-
-        if (!j->fields_file) {
-                if (j->fields_file_lost)
-                        return 0;
-
-                j->fields_file = ordered_hashmap_first(j->files);
-                if (!j->fields_file)
-                        return 0;
-
-                j->fields_hash_table_index = 0;
-                j->fields_offset = 0;
-        }
-
-        for (;;) {
-                JournalFile *f, *of;
-                Iterator i;
-                uint64_t m;
-                Object *o;
-                size_t sz;
-                bool found;
-
-                f = j->fields_file;
-
-                if (j->fields_offset == 0) {
-                        bool eof = false;
-
-                        /* We are not yet positioned at any field. Let's pick the first one */
-                        r = journal_file_map_field_hash_table(f);
-                        if (r < 0)
-                                return r;
-
-                        m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
-                        for (;;) {
-                                if (j->fields_hash_table_index >= m) {
-                                        /* Reached the end of the hash table, go to the next file. */
-                                        eof = true;
-                                        break;
-                                }
-
-                                j->fields_offset = le64toh(f->field_hash_table[j->fields_hash_table_index].head_hash_offset);
-
-                                if (j->fields_offset != 0)
-                                        break;
-
-                                /* Empty hash table bucket, go to next one */
-                                j->fields_hash_table_index++;
-                        }
-
-                        if (eof) {
-                                /* Proceed with next file */
-                                j->fields_file = ordered_hashmap_next(j->files, f->path);
-                                if (!j->fields_file) {
-                                        *field = NULL;
-                                        return 0;
-                                }
-
-                                j->fields_offset = 0;
-                                j->fields_hash_table_index = 0;
-                                continue;
-                        }
-
-                } else {
-                        /* We are already positioned at a field. If so, let's figure out the next field from it */
-
-                        r = journal_file_move_to_object(f, OBJECT_FIELD, j->fields_offset, &o);
-                        if (r < 0)
-                                return r;
-
-                        j->fields_offset = le64toh(o->field.next_hash_offset);
-                        if (j->fields_offset == 0) {
-                                /* Reached the end of the hash table chain */
-                                j->fields_hash_table_index++;
-                                continue;
-                        }
-                }
-
-                /* We use OBJECT_UNUSED here, so that the iterator below doesn't remove our mmap window */
-                r = journal_file_move_to_object(f, OBJECT_UNUSED, j->fields_offset, &o);
-                if (r < 0)
-                        return r;
-
-                /* Because we used OBJECT_UNUSED above, we need to do our type check manually */
-                if (o->object.type != OBJECT_FIELD) {
-                        log_debug("%s:offset " OFSfmt ": object has type %i, expected %i", f->path, j->fields_offset, o->object.type, OBJECT_FIELD);
-                        return -EBADMSG;
-                }
-
-                sz = le64toh(o->object.size) - offsetof(Object, field.payload);
-
-                /* Let's see if we already returned this field name before. */
-                found = false;
-                ORDERED_HASHMAP_FOREACH(of, j->files, i) {
-                        if (of == f)
-                                break;
-
-                        /* Skip this file it didn't have any fields indexed */
-                        if (JOURNAL_HEADER_CONTAINS(of->header, n_fields) && le64toh(of->header->n_fields) <= 0)
-                                continue;
-
-                        r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, le64toh(o->field.hash), NULL, NULL);
-                        if (r < 0)
-                                return r;
-                        if (r > 0) {
-                                found = true;
-                                break;
-                        }
-                }
-
-                if (found)
-                        continue;
-
-                /* Check if this is really a valid string containing no NUL byte */
-                if (memchr(o->field.payload, 0, sz))
-                        return -EBADMSG;
-
-                if (sz > j->data_threshold)
-                        sz = j->data_threshold;
-
-                if (!GREEDY_REALLOC(j->fields_buffer, j->fields_buffer_allocated, sz + 1))
-                        return -ENOMEM;
-
-                memcpy(j->fields_buffer, o->field.payload, sz);
-                j->fields_buffer[sz] = 0;
-
-                if (!field_is_valid(j->fields_buffer))
-                        return -EBADMSG;
-
-                *field = j->fields_buffer;
-                return 1;
-        }
-}
-
-_public_ void sd_journal_restart_fields(sd_journal *j) {
-        if (!j)
-                return;
-
-        j->fields_file = NULL;
-        j->fields_hash_table_index = 0;
-        j->fields_offset = 0;
-        j->fields_file_lost = false;
-}
-
-_public_ int sd_journal_reliable_fd(sd_journal *j) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        return !j->on_network;
-}
-
-static char *lookup_field(const char *field, void *userdata) {
-        sd_journal *j = userdata;
-        const void *data;
-        size_t size, d;
-        int r;
-
-        assert(field);
-        assert(j);
-
-        r = sd_journal_get_data(j, field, &data, &size);
-        if (r < 0 ||
-            size > REPLACE_VAR_MAX)
-                return strdup(field);
-
-        d = strlen(field) + 1;
-
-        return strndup((const char*) data + d, size - d);
-}
-
-_public_ int sd_journal_get_catalog(sd_journal *j, char **ret) {
-        const void *data;
-        size_t size;
-        sd_id128_t id;
-        _cleanup_free_ char *text = NULL, *cid = NULL;
-        char *t;
-        int r;
-
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(ret, -EINVAL);
-
-        r = sd_journal_get_data(j, "MESSAGE_ID", &data, &size);
-        if (r < 0)
-                return r;
-
-        cid = strndup((const char*) data + 11, size - 11);
-        if (!cid)
-                return -ENOMEM;
-
-        r = sd_id128_from_string(cid, &id);
-        if (r < 0)
-                return r;
-
-        r = catalog_get(CATALOG_DATABASE, id, &text);
-        if (r < 0)
-                return r;
-
-        t = replace_var(text, lookup_field, j);
-        if (!t)
-                return -ENOMEM;
-
-        *ret = t;
-        return 0;
-}
-
-_public_ int sd_journal_get_catalog_for_message_id(sd_id128_t id, char **ret) {
-        assert_return(ret, -EINVAL);
-
-        return catalog_get(CATALOG_DATABASE, id, ret);
-}
-
-_public_ int sd_journal_set_data_threshold(sd_journal *j, size_t sz) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-
-        j->data_threshold = sz;
-        return 0;
-}
-
-_public_ int sd_journal_get_data_threshold(sd_journal *j, size_t *sz) {
-        assert_return(j, -EINVAL);
-        assert_return(!journal_pid_changed(j), -ECHILD);
-        assert_return(sz, -EINVAL);
-
-        *sz = j->data_threshold;
-        return 0;
-}
-
-_public_ int sd_journal_has_runtime_files(sd_journal *j) {
-        assert_return(j, -EINVAL);
-
-        return j->has_runtime_files;
-}
-
-_public_ int sd_journal_has_persistent_files(sd_journal *j) {
-        assert_return(j, -EINVAL);
-
-        return j->has_persistent_files;
-}
diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c
deleted file mode 100644
index 898c876450..0000000000
--- a/src/journal/test-catalog.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-  Copyright 2013 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <locale.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "catalog.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "log.h"
-#include "macro.h"
-#include "string-util.h"
-#include "util.h"
-
-static const char *catalog_dirs[] = {
-        CATALOG_DIR,
-        NULL,
-};
-
-static const char *no_catalog_dirs[] = {
-        "/bin/hopefully/with/no/catalog",
-        NULL
-};
-
-static Hashmap * test_import(const char* contents, ssize_t size, int code) {
-        int r;
-        char name[] = "/tmp/test-catalog.XXXXXX";
-        _cleanup_close_ int fd;
-        Hashmap *h;
-
-        if (size < 0)
-                size = strlen(contents);
-
-        assert_se(h = hashmap_new(&catalog_hash_ops));
-
-        fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
-        assert_se(fd >= 0);
-        assert_se(write(fd, contents, size) == size);
-
-        r = catalog_import_file(h, name);
-        assert_se(r == code);
-
-        unlink(name);
-
-        return h;
-}
-
-static void test_catalog_import_invalid(void) {
-        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
-
-        h = test_import("xxx", -1, -EINVAL);
-        assert_se(hashmap_isempty(h));
-}
-
-static void test_catalog_import_badid(void) {
-        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
-        const char *input =
-"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededede\n" \
-"Subject: message\n" \
-"\n" \
-"payload\n";
-        h = test_import(input, -1, -EINVAL);
-}
-
-static void test_catalog_import_one(void) {
-        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
-        char *payload;
-        Iterator j;
-
-        const char *input =
-"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
-"Subject: message\n" \
-"\n" \
-"payload\n";
-        const char *expect =
-"Subject: message\n" \
-"\n" \
-"payload\n";
-
-        h = test_import(input, -1, 0);
-        assert_se(hashmap_size(h) == 1);
-
-        HASHMAP_FOREACH(payload, h, j) {
-                printf("expect: %s\n", expect);
-                printf("actual: %s\n", payload);
-                assert_se(streq(expect, payload));
-        }
-}
-
-static void test_catalog_import_merge(void) {
-        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
-        char *payload;
-        Iterator j;
-
-        const char *input =
-"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
-"Subject: message\n" \
-"Defined-By: me\n" \
-"\n" \
-"payload\n" \
-"\n" \
-"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
-"Subject: override subject\n" \
-"X-Header: hello\n" \
-"\n" \
-"override payload\n";
-
-        const char *combined =
-"Subject: override subject\n" \
-"X-Header: hello\n" \
-"Subject: message\n" \
-"Defined-By: me\n" \
-"\n" \
-"override payload\n";
-
-        h = test_import(input, -1, 0);
-        assert_se(hashmap_size(h) == 1);
-
-        HASHMAP_FOREACH(payload, h, j) {
-                assert_se(streq(combined, payload));
-        }
-}
-
-static void test_catalog_import_merge_no_body(void) {
-        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
-        char *payload;
-        Iterator j;
-
-        const char *input =
-"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
-"Subject: message\n" \
-"Defined-By: me\n" \
-"\n" \
-"payload\n" \
-"\n" \
-"-- 0027229ca0644181a76c4e92458afaff dededededededededededededededed\n" \
-"Subject: override subject\n" \
-"X-Header: hello\n" \
-"\n";
-
-        const char *combined =
-"Subject: override subject\n" \
-"X-Header: hello\n" \
-"Subject: message\n" \
-"Defined-By: me\n" \
-"\n" \
-"payload\n";
-
-        h = test_import(input, -1, 0);
-        assert_se(hashmap_size(h) == 1);
-
-        HASHMAP_FOREACH(payload, h, j) {
-                assert_se(streq(combined, payload));
-        }
-}
-
-static const char* database = NULL;
-
-static void test_catalog_update(void) {
-        static char name[] = "/tmp/test-catalog.XXXXXX";
-        int r;
-
-        r = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
-        assert_se(r >= 0);
-
-        database = name;
-
-        /* Test what happens if there are no files. */
-        r = catalog_update(database, NULL, NULL);
-        assert_se(r >= 0);
-
-        /* Test what happens if there are no files in the directory. */
-        r = catalog_update(database, NULL, no_catalog_dirs);
-        assert_se(r >= 0);
-
-        /* Make sure that we at least have some files loaded or the
-           catalog_list below will fail. */
-        r = catalog_update(database, NULL, catalog_dirs);
-        assert_se(r >= 0);
-}
-
-static void test_catalog_file_lang(void) {
-        _cleanup_free_ char *lang = NULL, *lang2 = NULL, *lang3 = NULL, *lang4 = NULL;
-
-        assert_se(catalog_file_lang("systemd.de_DE.catalog", &lang) == 1);
-        assert_se(streq(lang, "de_DE"));
-
-        assert_se(catalog_file_lang("systemd..catalog", &lang2) == 0);
-        assert_se(lang2 == NULL);
-
-        assert_se(catalog_file_lang("systemd.fr.catalog", &lang2) == 1);
-        assert_se(streq(lang2, "fr"));
-
-        assert_se(catalog_file_lang("systemd.fr.catalog.gz", &lang3) == 0);
-        assert_se(lang3 == NULL);
-
-        assert_se(catalog_file_lang("systemd.01234567890123456789012345678901.catalog", &lang3) == 0);
-        assert_se(lang3 == NULL);
-
-        assert_se(catalog_file_lang("systemd.0123456789012345678901234567890.catalog", &lang3) == 1);
-        assert_se(streq(lang3, "0123456789012345678901234567890"));
-
-        assert_se(catalog_file_lang("/x/y/systemd.catalog", &lang4) == 0);
-        assert_se(lang4 == NULL);
-
-        assert_se(catalog_file_lang("/x/y/systemd.ru_RU.catalog", &lang4) == 1);
-        assert_se(streq(lang4, "ru_RU"));
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_free_ char *text = NULL;
-        int r;
-
-        setlocale(LC_ALL, "de_DE.UTF-8");
-
-        log_parse_environment();
-        log_open();
-
-        test_catalog_file_lang();
-
-        test_catalog_import_invalid();
-        test_catalog_import_badid();
-        test_catalog_import_one();
-        test_catalog_import_merge();
-        test_catalog_import_merge_no_body();
-
-        test_catalog_update();
-
-        r = catalog_list(stdout, database, true);
-        assert_se(r >= 0);
-
-        r = catalog_list(stdout, database, false);
-        assert_se(r >= 0);
-
-        assert_se(catalog_get(database, SD_MESSAGE_COREDUMP, &text) >= 0);
-        printf(">>>%s<<<\n", text);
-
-        if (database)
-                unlink(database);
-
-        return 0;
-}
diff --git a/src/journal/test-journal-enum.c b/src/journal/test-journal-enum.c
deleted file mode 100644
index 354c2c3c00..0000000000
--- a/src/journal/test-journal-enum.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdio.h>
-
-#include "sd-journal.h"
-
-#include "journal-internal.h"
-#include "log.h"
-#include "macro.h"
-
-int main(int argc, char *argv[]) {
-        unsigned n = 0;
-        _cleanup_(sd_journal_closep) sd_journal*j = NULL;
-
-        log_set_max_level(LOG_DEBUG);
-
-        assert_se(sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY) >= 0);
-
-        assert_se(sd_journal_add_match(j, "_TRANSPORT=syslog", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "_UID=0", 0) >= 0);
-
-        SD_JOURNAL_FOREACH_BACKWARDS(j) {
-                const void *d;
-                size_t l;
-
-                assert_se(sd_journal_get_data(j, "MESSAGE", &d, &l) >= 0);
-
-                printf("%.*s\n", (int) l, (char*) d);
-
-                n++;
-                if (n >= 10)
-                        break;
-        }
-
-        return 0;
-}
diff --git a/src/journal/test-journal-flush.c b/src/journal/test-journal-flush.c
deleted file mode 100644
index ba8b20b228..0000000000
--- a/src/journal/test-journal-flush.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "journal-file.h"
-#include "journal-internal.h"
-#include "macro.h"
-#include "string-util.h"
-
-int main(int argc, char *argv[]) {
-        _cleanup_free_ char *fn = NULL;
-        char dn[] = "/var/tmp/test-journal-flush.XXXXXX";
-        JournalFile *new_journal = NULL;
-        sd_journal *j = NULL;
-        unsigned n = 0;
-        int r;
-
-        assert_se(mkdtemp(dn));
-        fn = strappend(dn, "/test.journal");
-
-        r = journal_file_open(-1, fn, O_CREAT|O_RDWR, 0644, false, false, NULL, NULL, NULL, NULL, &new_journal);
-        assert_se(r >= 0);
-
-        r = sd_journal_open(&j, 0);
-        assert_se(r >= 0);
-
-        sd_journal_set_data_threshold(j, 0);
-
-        SD_JOURNAL_FOREACH(j) {
-                Object *o;
-                JournalFile *f;
-
-                f = j->current_file;
-                assert_se(f && f->current_offset > 0);
-
-                r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
-                assert_se(r >= 0);
-
-                r = journal_file_copy_entry(f, new_journal, o, f->current_offset, NULL, NULL, NULL);
-                assert_se(r >= 0);
-
-                n++;
-                if (n > 10000)
-                        break;
-        }
-
-        sd_journal_close(j);
-
-        (void) journal_file_close(new_journal);
-
-        unlink(fn);
-        assert_se(rmdir(dn) == 0);
-
-        return 0;
-}
diff --git a/src/journal/test-journal-init.c b/src/journal/test-journal-init.c
deleted file mode 100644
index ef21e2d05f..0000000000
--- a/src/journal/test-journal-init.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-journal.h"
-
-#include "log.h"
-#include "parse-util.h"
-#include "rm-rf.h"
-#include "util.h"
-
-int main(int argc, char *argv[]) {
-        sd_journal *j;
-        int r, i, I = 100;
-        char t[] = "/tmp/journal-stream-XXXXXX";
-
-        log_set_max_level(LOG_DEBUG);
-
-        if (argc >= 2) {
-                r = safe_atoi(argv[1], &I);
-                if (r < 0)
-                        log_info("Could not parse loop count argument. Using default.");
-        }
-
-        log_info("Running %d loops", I);
-
-        assert_se(mkdtemp(t));
-
-        for (i = 0; i < I; i++) {
-                r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY);
-                assert_se(r == 0);
-
-                sd_journal_close(j);
-
-                r = sd_journal_open_directory(&j, t, 0);
-                assert_se(r == 0);
-
-                sd_journal_close(j);
-
-                j = NULL;
-                r = sd_journal_open_directory(&j, t, SD_JOURNAL_LOCAL_ONLY);
-                assert_se(r == -EINVAL);
-                assert_se(j == NULL);
-        }
-
-        assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
-
-        return 0;
-}
diff --git a/src/journal/test-journal-interleaving.c b/src/journal/test-journal-interleaving.c
deleted file mode 100644
index 5e063f4d04..0000000000
--- a/src/journal/test-journal-interleaving.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Marius Vollmer
-  Copyright 2013 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <unistd.h>
-
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "journal-file.h"
-#include "journal-vacuum.h"
-#include "log.h"
-#include "parse-util.h"
-#include "rm-rf.h"
-#include "util.h"
-
-/* This program tests skipping around in a multi-file journal.
- */
-
-static bool arg_keep = false;
-
-noreturn static void log_assert_errno(const char *text, int eno, const char *file, int line, const char *func) {
-        log_internal(LOG_CRIT, 0, file, line, func,
-                     "'%s' failed at %s:%u (%s): %s.",
-                     text, file, line, func, strerror(eno));
-        abort();
-}
-
-#define assert_ret(expr)                                                \
-        do {                                                            \
-                int _r_ = (expr);                                       \
-                if (_unlikely_(_r_ < 0))                                \
-                        log_assert_errno(#expr, -_r_, __FILE__, __LINE__, __PRETTY_FUNCTION__); \
-        } while (false)
-
-static JournalFile *test_open(const char *name) {
-        JournalFile *f;
-        assert_ret(journal_file_open(-1, name, O_RDWR|O_CREAT, 0644, true, false, NULL, NULL, NULL, NULL, &f));
-        return f;
-}
-
-static void test_close(JournalFile *f) {
-        (void) journal_file_close (f);
-}
-
-static void append_number(JournalFile *f, int n, uint64_t *seqnum) {
-        char *p;
-        dual_timestamp ts;
-        static dual_timestamp previous_ts = {};
-        struct iovec iovec[1];
-
-        dual_timestamp_get(&ts);
-
-        if (ts.monotonic <= previous_ts.monotonic)
-                ts.monotonic = previous_ts.monotonic + 1;
-
-        if (ts.realtime <= previous_ts.realtime)
-                ts.realtime = previous_ts.realtime + 1;
-
-        previous_ts = ts;
-
-        assert_se(asprintf(&p, "NUMBER=%d", n) >= 0);
-        iovec[0].iov_base = p;
-        iovec[0].iov_len = strlen(p);
-        assert_ret(journal_file_append_entry(f, &ts, iovec, 1, seqnum, NULL, NULL));
-        free(p);
-}
-
-static void test_check_number (sd_journal *j, int n) {
-        const void *d;
-        _cleanup_free_ char *k;
-        size_t l;
-        int x;
-
-        assert_ret(sd_journal_get_data(j, "NUMBER", &d, &l));
-        assert_se(k = strndup(d, l));
-        printf("%s\n", k);
-
-        assert_se(safe_atoi(k + 7, &x) >= 0);
-        assert_se(n == x);
-}
-
-static void test_check_numbers_down (sd_journal *j, int count) {
-        int i;
-
-        for (i = 1; i <= count; i++) {
-                int r;
-                test_check_number(j, i);
-                assert_ret(r = sd_journal_next(j));
-                if (i == count)
-                        assert_se(r == 0);
-                else
-                        assert_se(r == 1);
-        }
-
-}
-
-static void test_check_numbers_up (sd_journal *j, int count) {
-        for (int i = count; i >= 1; i--) {
-                int r;
-                test_check_number(j, i);
-                assert_ret(r = sd_journal_previous(j));
-                if (i == 1)
-                        assert_se(r == 0);
-                else
-                        assert_se(r == 1);
-        }
-
-}
-
-static void setup_sequential(void) {
-        JournalFile *one, *two;
-        one = test_open("one.journal");
-        two = test_open("two.journal");
-        append_number(one, 1, NULL);
-        append_number(one, 2, NULL);
-        append_number(two, 3, NULL);
-        append_number(two, 4, NULL);
-        test_close(one);
-        test_close(two);
-}
-
-static void setup_interleaved(void) {
-        JournalFile *one, *two;
-        one = test_open("one.journal");
-        two = test_open("two.journal");
-        append_number(one, 1, NULL);
-        append_number(two, 2, NULL);
-        append_number(one, 3, NULL);
-        append_number(two, 4, NULL);
-        test_close(one);
-        test_close(two);
-}
-
-static void test_skip(void (*setup)(void)) {
-        char t[] = "/tmp/journal-skip-XXXXXX";
-        sd_journal *j;
-        int r;
-
-        assert_se(mkdtemp(t));
-        assert_se(chdir(t) >= 0);
-
-        setup();
-
-        /* Seek to head, iterate down.
-         */
-        assert_ret(sd_journal_open_directory(&j, t, 0));
-        assert_ret(sd_journal_seek_head(j));
-        assert_ret(sd_journal_next(j));
-        test_check_numbers_down(j, 4);
-        sd_journal_close(j);
-
-        /* Seek to tail, iterate up.
-         */
-        assert_ret(sd_journal_open_directory(&j, t, 0));
-        assert_ret(sd_journal_seek_tail(j));
-        assert_ret(sd_journal_previous(j));
-        test_check_numbers_up(j, 4);
-        sd_journal_close(j);
-
-        /* Seek to tail, skip to head, iterate down.
-         */
-        assert_ret(sd_journal_open_directory(&j, t, 0));
-        assert_ret(sd_journal_seek_tail(j));
-        assert_ret(r = sd_journal_previous_skip(j, 4));
-        assert_se(r == 4);
-        test_check_numbers_down(j, 4);
-        sd_journal_close(j);
-
-        /* Seek to head, skip to tail, iterate up.
-         */
-        assert_ret(sd_journal_open_directory(&j, t, 0));
-        assert_ret(sd_journal_seek_head(j));
-        assert_ret(r = sd_journal_next_skip(j, 4));
-        assert_se(r == 4);
-        test_check_numbers_up(j, 4);
-        sd_journal_close(j);
-
-        log_info("Done...");
-
-        if (arg_keep)
-                log_info("Not removing %s", t);
-        else {
-                journal_directory_vacuum(".", 3000000, 0, 0, NULL, true);
-
-                assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
-        }
-
-        puts("------------------------------------------------------------");
-}
-
-static void test_sequence_numbers(void) {
-
-        char t[] = "/tmp/journal-seq-XXXXXX";
-        JournalFile *one, *two;
-        uint64_t seqnum = 0;
-        sd_id128_t seqnum_id;
-
-        assert_se(mkdtemp(t));
-        assert_se(chdir(t) >= 0);
-
-        assert_se(journal_file_open(-1, "one.journal", O_RDWR|O_CREAT, 0644,
-                                    true, false, NULL, NULL, NULL, NULL, &one) == 0);
-
-        append_number(one, 1, &seqnum);
-        printf("seqnum=%"PRIu64"\n", seqnum);
-        assert_se(seqnum == 1);
-        append_number(one, 2, &seqnum);
-        printf("seqnum=%"PRIu64"\n", seqnum);
-        assert_se(seqnum == 2);
-
-        assert_se(one->header->state == STATE_ONLINE);
-        assert_se(!sd_id128_equal(one->header->file_id, one->header->machine_id));
-        assert_se(!sd_id128_equal(one->header->file_id, one->header->boot_id));
-        assert_se(sd_id128_equal(one->header->file_id, one->header->seqnum_id));
-
-        memcpy(&seqnum_id, &one->header->seqnum_id, sizeof(sd_id128_t));
-
-        assert_se(journal_file_open(-1, "two.journal", O_RDWR|O_CREAT, 0644,
-                                    true, false, NULL, NULL, NULL, one, &two) == 0);
-
-        assert_se(two->header->state == STATE_ONLINE);
-        assert_se(!sd_id128_equal(two->header->file_id, one->header->file_id));
-        assert_se(sd_id128_equal(one->header->machine_id, one->header->machine_id));
-        assert_se(sd_id128_equal(one->header->boot_id, one->header->boot_id));
-        assert_se(sd_id128_equal(one->header->seqnum_id, one->header->seqnum_id));
-
-        append_number(two, 3, &seqnum);
-        printf("seqnum=%"PRIu64"\n", seqnum);
-        assert_se(seqnum == 3);
-        append_number(two, 4, &seqnum);
-        printf("seqnum=%"PRIu64"\n", seqnum);
-        assert_se(seqnum == 4);
-
-        test_close(two);
-
-        append_number(one, 5, &seqnum);
-        printf("seqnum=%"PRIu64"\n", seqnum);
-        assert_se(seqnum == 5);
-
-        append_number(one, 6, &seqnum);
-        printf("seqnum=%"PRIu64"\n", seqnum);
-        assert_se(seqnum == 6);
-
-        test_close(one);
-
-        /* restart server */
-        seqnum = 0;
-
-        assert_se(journal_file_open(-1, "two.journal", O_RDWR, 0,
-                                    true, false, NULL, NULL, NULL, NULL, &two) == 0);
-
-        assert_se(sd_id128_equal(two->header->seqnum_id, seqnum_id));
-
-        append_number(two, 7, &seqnum);
-        printf("seqnum=%"PRIu64"\n", seqnum);
-        assert_se(seqnum == 5);
-
-        /* So..., here we have the same seqnum in two files with the
-         * same seqnum_id. */
-
-        test_close(two);
-
-        log_info("Done...");
-
-        if (arg_keep)
-                log_info("Not removing %s", t);
-        else {
-                journal_directory_vacuum(".", 3000000, 0, 0, NULL, true);
-
-                assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
-        }
-}
-
-int main(int argc, char *argv[]) {
-        log_set_max_level(LOG_DEBUG);
-
-        /* journal_file_open requires a valid machine id */
-        if (access("/etc/machine-id", F_OK) != 0)
-                return EXIT_TEST_SKIP;
-
-        arg_keep = argc > 1;
-
-        test_skip(setup_sequential);
-        test_skip(setup_interleaved);
-
-        test_sequence_numbers();
-
-        return 0;
-}
diff --git a/src/journal/test-journal-match.c b/src/journal/test-journal-match.c
deleted file mode 100644
index 3ab554b9b0..0000000000
--- a/src/journal/test-journal-match.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdio.h>
-
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "journal-internal.h"
-#include "log.h"
-#include "string-util.h"
-#include "util.h"
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_journal_closep) sd_journal*j = NULL;
-        _cleanup_free_ char *t;
-
-        log_set_max_level(LOG_DEBUG);
-
-        assert_se(sd_journal_open(&j, 0) >= 0);
-
-        assert_se(sd_journal_add_match(j, "foobar", 0) < 0);
-        assert_se(sd_journal_add_match(j, "foobar=waldo", 0) < 0);
-        assert_se(sd_journal_add_match(j, "", 0) < 0);
-        assert_se(sd_journal_add_match(j, "=", 0) < 0);
-        assert_se(sd_journal_add_match(j, "=xxxxx", 0) < 0);
-        assert_se(sd_journal_add_match(j, "HALLO=WALDO", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "QUUX=mmmm", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "QUUX=xxxxx", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "HALLO=", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "QUUX=xxxxx", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "QUUX=yyyyy", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "PIFF=paff", 0) >= 0);
-
-        assert_se(sd_journal_add_disjunction(j) >= 0);
-
-        assert_se(sd_journal_add_match(j, "ONE=one", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "ONE=two", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "TWO=two", 0) >= 0);
-
-        assert_se(sd_journal_add_conjunction(j) >= 0);
-
-        assert_se(sd_journal_add_match(j, "L4_1=yes", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "L4_1=ok", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "L4_2=yes", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "L4_2=ok", 0) >= 0);
-
-        assert_se(sd_journal_add_disjunction(j) >= 0);
-
-        assert_se(sd_journal_add_match(j, "L3=yes", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "L3=ok", 0) >= 0);
-
-        assert_se(t = journal_make_match_string(j));
-
-        printf("resulting match expression is: %s\n", t);
-
-        assert_se(streq(t, "(((L3=ok OR L3=yes) OR ((L4_2=ok OR L4_2=yes) AND (L4_1=ok OR L4_1=yes))) AND ((TWO=two AND (ONE=two OR ONE=one)) OR (PIFF=paff AND (QUUX=yyyyy OR QUUX=xxxxx OR QUUX=mmmm) AND (HALLO= OR HALLO=WALDO))))"));
-
-        return 0;
-}
diff --git a/src/journal/test-journal-send.c b/src/journal/test-journal-send.c
deleted file mode 100644
index d70f0b0bc8..0000000000
--- a/src/journal/test-journal-send.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "sd-journal.h"
-
-#include "macro.h"
-
-int main(int argc, char *argv[]) {
-        char huge[4096*1024];
-
-        /* utf-8 and non-utf-8, message-less and message-ful iovecs */
-        struct iovec graph1[] = {
-                {(char*) "GRAPH=graph", strlen("GRAPH=graph")}
-        };
-        struct iovec graph2[] = {
-                {(char*) "GRAPH=graph\n", strlen("GRAPH=graph\n")}
-        };
-        struct iovec message1[] = {
-                {(char*) "MESSAGE=graph", strlen("MESSAGE=graph")}
-        };
-        struct iovec message2[] = {
-                {(char*) "MESSAGE=graph\n", strlen("MESSAGE=graph\n")}
-        };
-
-        assert_se(sd_journal_print(LOG_INFO, "piepapo") == 0);
-
-        assert_se(sd_journal_send("MESSAGE=foobar",
-                                  "VALUE=%i", 7,
-                                  NULL) == 0);
-
-        errno = ENOENT;
-        assert_se(sd_journal_perror("Foobar") == 0);
-
-        assert_se(sd_journal_perror("") == 0);
-
-        memset(huge, 'x', sizeof(huge));
-        memcpy(huge, "HUGE=", 5);
-        char_array_0(huge);
-
-        assert_se(sd_journal_send("MESSAGE=Huge field attached",
-                                  huge,
-                                  NULL) == 0);
-
-        assert_se(sd_journal_send("MESSAGE=uiui",
-                                  "VALUE=A",
-                                  "VALUE=B",
-                                  "VALUE=C",
-                                  "SINGLETON=1",
-                                  "OTHERVALUE=X",
-                                  "OTHERVALUE=Y",
-                                  "WITH_BINARY=this is a binary value \a",
-                                  NULL) == 0);
-
-        syslog(LOG_NOTICE, "Hello World!");
-
-        assert_se(sd_journal_print(LOG_NOTICE, "Hello World") == 0);
-
-        assert_se(sd_journal_send("MESSAGE=Hello World!",
-                                  "MESSAGE_ID=52fb62f99e2c49d89cfbf9d6de5e3555",
-                                  "PRIORITY=5",
-                                  "HOME=%s", getenv("HOME"),
-                                  "TERM=%s", getenv("TERM"),
-                                  "PAGE_SIZE=%li", sysconf(_SC_PAGESIZE),
-                                  "N_CPUS=%li", sysconf(_SC_NPROCESSORS_ONLN),
-                                  NULL) == 0);
-
-        assert_se(sd_journal_sendv(graph1, 1) == 0);
-        assert_se(sd_journal_sendv(graph2, 1) == 0);
-        assert_se(sd_journal_sendv(message1, 1) == 0);
-        assert_se(sd_journal_sendv(message2, 1) == 0);
-
-        /* test without location fields */
-#undef sd_journal_sendv
-        assert_se(sd_journal_sendv(graph1, 1) == 0);
-        assert_se(sd_journal_sendv(graph2, 1) == 0);
-        assert_se(sd_journal_sendv(message1, 1) == 0);
-        assert_se(sd_journal_sendv(message2, 1) == 0);
-
-        sleep(1);
-
-        return 0;
-}
diff --git a/src/journal/test-journal-stream.c b/src/journal/test-journal-stream.c
deleted file mode 100644
index 7e5a980719..0000000000
--- a/src/journal/test-journal-stream.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <unistd.h>
-
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "journal-file.h"
-#include "journal-internal.h"
-#include "log.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "rm-rf.h"
-#include "util.h"
-
-#define N_ENTRIES 200
-
-static void verify_contents(sd_journal *j, unsigned skip) {
-        unsigned i;
-
-        assert_se(j);
-
-        i = 0;
-        SD_JOURNAL_FOREACH(j) {
-                const void *d;
-                char *k, *c;
-                size_t l;
-                unsigned u = 0;
-
-                assert_se(sd_journal_get_cursor(j, &k) >= 0);
-                printf("cursor: %s\n", k);
-                free(k);
-
-                assert_se(sd_journal_get_data(j, "MAGIC", &d, &l) >= 0);
-                printf("\t%.*s\n", (int) l, (const char*) d);
-
-                assert_se(sd_journal_get_data(j, "NUMBER", &d, &l) >= 0);
-                assert_se(k = strndup(d, l));
-                printf("\t%s\n", k);
-
-                if (skip > 0) {
-                        assert_se(safe_atou(k + 7, &u) >= 0);
-                        assert_se(i == u);
-                        i += skip;
-                }
-
-                free(k);
-
-                assert_se(sd_journal_get_cursor(j, &c) >= 0);
-                assert_se(sd_journal_test_cursor(j, c) > 0);
-                free(c);
-        }
-
-        if (skip > 0)
-                assert_se(i == N_ENTRIES);
-}
-
-int main(int argc, char *argv[]) {
-        JournalFile *one, *two, *three;
-        char t[] = "/tmp/journal-stream-XXXXXX";
-        unsigned i;
-        _cleanup_(sd_journal_closep) sd_journal *j = NULL;
-        char *z;
-        const void *data;
-        size_t l;
-        dual_timestamp previous_ts = DUAL_TIMESTAMP_NULL;
-
-        /* journal_file_open requires a valid machine id */
-        if (access("/etc/machine-id", F_OK) != 0)
-                return EXIT_TEST_SKIP;
-
-        log_set_max_level(LOG_DEBUG);
-
-        assert_se(mkdtemp(t));
-        assert_se(chdir(t) >= 0);
-
-        assert_se(journal_file_open(-1, "one.journal", O_RDWR|O_CREAT, 0666, true, false, NULL, NULL, NULL, NULL, &one) == 0);
-        assert_se(journal_file_open(-1, "two.journal", O_RDWR|O_CREAT, 0666, true, false, NULL, NULL, NULL, NULL, &two) == 0);
-        assert_se(journal_file_open(-1, "three.journal", O_RDWR|O_CREAT, 0666, true, false, NULL, NULL, NULL, NULL, &three) == 0);
-
-        for (i = 0; i < N_ENTRIES; i++) {
-                char *p, *q;
-                dual_timestamp ts;
-                struct iovec iovec[2];
-
-                dual_timestamp_get(&ts);
-
-                if (ts.monotonic <= previous_ts.monotonic)
-                        ts.monotonic = previous_ts.monotonic + 1;
-
-                if (ts.realtime <= previous_ts.realtime)
-                        ts.realtime = previous_ts.realtime + 1;
-
-                previous_ts = ts;
-
-                assert_se(asprintf(&p, "NUMBER=%u", i) >= 0);
-                iovec[0].iov_base = p;
-                iovec[0].iov_len = strlen(p);
-
-                assert_se(asprintf(&q, "MAGIC=%s", i % 5 == 0 ? "quux" : "waldo") >= 0);
-
-                iovec[1].iov_base = q;
-                iovec[1].iov_len = strlen(q);
-
-                if (i % 10 == 0)
-                        assert_se(journal_file_append_entry(three, &ts, iovec, 2, NULL, NULL, NULL) == 0);
-                else {
-                        if (i % 3 == 0)
-                                assert_se(journal_file_append_entry(two, &ts, iovec, 2, NULL, NULL, NULL) == 0);
-
-                        assert_se(journal_file_append_entry(one, &ts, iovec, 2, NULL, NULL, NULL) == 0);
-                }
-
-                free(p);
-                free(q);
-        }
-
-        (void) journal_file_close(one);
-        (void) journal_file_close(two);
-        (void) journal_file_close(three);
-
-        assert_se(sd_journal_open_directory(&j, t, 0) >= 0);
-
-        assert_se(sd_journal_add_match(j, "MAGIC=quux", 0) >= 0);
-        SD_JOURNAL_FOREACH_BACKWARDS(j) {
-                _cleanup_free_ char *c;
-
-                assert_se(sd_journal_get_data(j, "NUMBER", &data, &l) >= 0);
-                printf("\t%.*s\n", (int) l, (const char*) data);
-
-                assert_se(sd_journal_get_cursor(j, &c) >= 0);
-                assert_se(sd_journal_test_cursor(j, c) > 0);
-        }
-
-        SD_JOURNAL_FOREACH(j) {
-                _cleanup_free_ char *c;
-
-                assert_se(sd_journal_get_data(j, "NUMBER", &data, &l) >= 0);
-                printf("\t%.*s\n", (int) l, (const char*) data);
-
-                assert_se(sd_journal_get_cursor(j, &c) >= 0);
-                assert_se(sd_journal_test_cursor(j, c) > 0);
-        }
-
-        sd_journal_flush_matches(j);
-
-        verify_contents(j, 1);
-
-        printf("NEXT TEST\n");
-        assert_se(sd_journal_add_match(j, "MAGIC=quux", 0) >= 0);
-
-        assert_se(z = journal_make_match_string(j));
-        printf("resulting match expression is: %s\n", z);
-        free(z);
-
-        verify_contents(j, 5);
-
-        printf("NEXT TEST\n");
-        sd_journal_flush_matches(j);
-        assert_se(sd_journal_add_match(j, "MAGIC=waldo", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "NUMBER=10", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "NUMBER=11", 0) >= 0);
-        assert_se(sd_journal_add_match(j, "NUMBER=12", 0) >= 0);
-
-        assert_se(z = journal_make_match_string(j));
-        printf("resulting match expression is: %s\n", z);
-        free(z);
-
-        verify_contents(j, 0);
-
-        assert_se(sd_journal_query_unique(j, "NUMBER") >= 0);
-        SD_JOURNAL_FOREACH_UNIQUE(j, data, l)
-                printf("%.*s\n", (int) l, (const char*) data);
-
-        assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
-
-        return 0;
-}
diff --git a/src/kernel-install/Makefile b/src/kernel-install/Makefile
index d0b0e8e008..d50b684d01 120000..100644
--- a/src/kernel-install/Makefile
+++ b/src/kernel-install/Makefile
@@ -1 +1,33 @@
-../Makefile
-\ No newline at end of file
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+dist_bin_SCRIPTS = \
+	src/kernel-install/kernel-install
+
+dist_kernelinstall_SCRIPTS = \
+	src/kernel-install/50-depmod.install \
+	src/kernel-install/90-loaderentry.install
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/kernel-install/bash-completion_kernel-install b/src/kernel-install/bash-completion_kernel-install
new file mode 100644
index 0000000000..7cd2494cf7
--- /dev/null
+++ b/src/kernel-install/bash-completion_kernel-install
@@ -0,0 +1,50 @@
+# kernel-install(8) completion                                   -*- shell-script -*-
+#
+# This file is part of systemd.
+#
+# Copyright 2013 Kay Sievers
+# Copyright 2013 Harald Hoyer
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# systemd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+_kernel_install() {
+        local comps
+        local MACHINE_ID
+        local cur=${COMP_WORDS[COMP_CWORD]}
+
+        case $COMP_CWORD in
+            1)
+                comps="add remove"
+                ;;
+            2)
+                comps=$(cd /lib/modules; echo [0-9]*)
+                if [[ ${COMP_WORDS[1]} == "remove" ]] && [[ -f /etc/machine-id ]]; then
+                    read MACHINE_ID < /etc/machine-id
+                    if [[ $MACHINE_ID ]] && ( [[ -d /boot/$MACHINE_ID ]] || [[ -L /boot/$MACHINE_ID ]] ); then
+                        comps=$(cd "/boot/$MACHINE_ID"; echo [0-9]*)
+                    fi
+                fi
+                ;;
+            3)
+                [[ "$cur" ]] || cur=/boot/vmlinuz-${COMP_WORDS[2]}
+                comps=$(compgen -f -- "$cur")
+                compopt -o filenames
+                ;;
+        esac
+
+        COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
+        return 0
+}
+
+complete -F _kernel_install kernel-install
diff --git a/src/kernel-install/kernel-install.xml b/src/kernel-install/kernel-install.xml
new file mode 100644
index 0000000000..eb519188a6
--- /dev/null
+++ b/src/kernel-install/kernel-install.xml
@@ -0,0 +1,192 @@
+<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<!--
+  This file is part of systemd.
+
+  Copyright 2013 Harald Hoyer
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<refentry id="kernel-install">
+
+  <refentryinfo>
+    <title>kernel-install</title>
+    <productname>systemd</productname>
+
+    <authorgroup>
+      <author>
+        <contrib>Developer</contrib>
+        <firstname>Harald</firstname>
+        <surname>Hoyer</surname>
+        <email>harald@redhat.com</email>
+      </author>
+    </authorgroup>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>kernel-install</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>kernel-install</refname>
+    <refpurpose>Add and remove kernel and initramfs images to and from /boot</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>kernel-install</command>
+      <arg choice="plain">COMMAND</arg>
+      <arg choice="plain"><replaceable>KERNEL-VERSION</replaceable></arg>
+      <arg choice="opt"><replaceable>KERNEL-IMAGE</replaceable></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+    <para>
+      <command>kernel-install</command> is used to install and remove kernel and
+      initramfs images to and from <filename>/boot</filename>.
+    </para>
+
+    <para><command>kernel-install</command> will execute the files
+    located in the directory <filename>/usr/lib/kernel/install.d/</filename>
+    and the local administration directory <filename>/etc/kernel/install.d/</filename>.
+    All files are collectively sorted and executed in lexical order, regardless of the directory in
+    which they live. However, files with identical filenames replace each other.
+    Files in <filename>/etc/kernel/install.d/</filename> take precedence over files with the same name
+    in <filename>/usr/lib/kernel/install.d/</filename>. This can be used to override a system-supplied
+    executables with a local file if needed; a symbolic link in <filename>/etc/kernel/install.d/</filename>
+    with the same name as an executable in <filename>/usr/lib/kernel/install.d/</filename>,
+    pointing to /dev/null, disables the executable entirely. Executables must have the
+    extension <literal>.install</literal>; other extensions are ignored.</para>
+
+  </refsect1>
+
+  <refsect1>
+    <title>Commands</title>
+    <para>The following commands are understood:</para>
+    <variablelist>
+      <varlistentry>
+        <term><command>add <replaceable>KERNEL-VERSION</replaceable> <replaceable>KERNEL-IMAGE</replaceable></command></term>
+        <listitem>
+          <para><command>kernel-install</command> creates the directory
+          <filename>/boot/<replaceable>MACHINE-ID</replaceable>/<replaceable>KERNEL-VERSION</replaceable>/</filename>
+          and calls every executable
+          <filename>/usr/lib/kernel/install.d/*.install</filename> and
+          <filename>/etc/kernel/install.d/*.install</filename> with
+          the arguments
+          <programlisting>add <replaceable>KERNEL-VERSION</replaceable> <filename>/boot/<replaceable>MACHINE-ID</replaceable>/<replaceable>KERNEL-VERSION</replaceable>/</filename></programlisting>
+          </para>
+
+          <para>The kernel-install plugin <filename>50-depmod.install</filename> runs depmod for the <replaceable>KERNEL-VERSION</replaceable>.</para>
+
+          <para>The kernel-install plugin
+          <filename>90-loaderentry.install</filename> copies
+          <replaceable>KERNEL-IMAGE</replaceable> to
+          <filename>/boot/<replaceable>MACHINE-ID</replaceable>/<replaceable>KERNEL-VERSION</replaceable>/linux</filename>.
+          It also creates a boot loader entry according to the boot
+          loader specification in
+          <filename>/boot/loader/entries/<replaceable>MACHINE-ID</replaceable>-<replaceable>KERNEL-VERSION</replaceable>.conf</filename>.
+          The title of the entry is the
+          <replaceable>PRETTY_NAME</replaceable> parameter specified
+          in <filename>/etc/os-release</filename> or
+          <filename>/usr/lib/os-release</filename> (if the former is
+          missing), or "GNU/Linux
+          <replaceable>KERNEL-VERSION</replaceable>", if unset.  If
+          the file <filename>initrd</filename> is found next to the
+          <filename>linux</filename> file, the initrd will be added to
+          the configuration.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><command>remove <replaceable>KERNEL-VERSION</replaceable></command></term>
+        <listitem>
+          <para>Calls every executable <filename>/usr/lib/kernel/install.d/*.install</filename>
+          and <filename>/etc/kernel/install.d/*.install</filename> with the arguments
+          <programlisting>remove <replaceable>KERNEL-VERSION</replaceable> <filename>/boot/<replaceable>MACHINE-ID</replaceable>/<replaceable>KERNEL-VERSION</replaceable>/</filename></programlisting>
+          </para>
+
+          <para><command>kernel-install</command> removes the entire directory
+          <filename>/boot/<replaceable>MACHINE-ID</replaceable>/<replaceable>KERNEL-VERSION</replaceable>/</filename> afterwards.</para>
+
+          <para>The kernel-install plugin <filename>90-loaderentry.install</filename> removes the file
+          <filename>/boot/loader/entries/<replaceable>MACHINE-ID</replaceable>-<replaceable>KERNEL-VERSION</replaceable>.conf</filename>.</para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </refsect1>
+
+  <refsect1>
+    <title>Exit status</title>
+    <para>If every executable returns with 0, 0 is returned, a non-zero failure code otherwise.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Files</title>
+    <variablelist>
+      <varlistentry>
+        <term>
+          <filename>/usr/lib/kernel/install.d/*.install</filename>
+          <filename>/etc/kernel/install.d/*.install</filename>
+        </term>
+          <listitem>
+            <para>Drop-in files which are executed by kernel-install.</para>
+          </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <filename>/etc/kernel/cmdline</filename>
+          <filename>/proc/cmdline</filename>
+        </term>
+          <listitem>
+            <para>The content of the file <filename>/etc/kernel/cmdline</filename> specifies the kernel command line to use.
+            If that file does not exist, <filename>/proc/cmdline</filename> is used.</para>
+          </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <filename>/etc/machine-id</filename>
+        </term>
+          <listitem>
+            <para>The content of the file specifies the machine identification <replaceable>MACHINE-ID</replaceable>.</para>
+          </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <filename>/etc/os-release</filename>
+          <filename>/usr/lib/os-release</filename>
+        </term>
+          <listitem>
+            <para>The content of the file specifies the operating system title <replaceable>PRETTY_NAME</replaceable>.</para>
+          </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <ulink url="http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec">Boot loader specification</ulink>
+    </para>
+  </refsect1>
+
+</refentry>
diff --git a/src/kernel-install/zsh-completion_kernel-install b/src/kernel-install/zsh-completion_kernel-install
new file mode 100644
index 0000000000..4fdd3a4ae7
--- /dev/null
+++ b/src/kernel-install/zsh-completion_kernel-install
@@ -0,0 +1,26 @@
+#compdef kernel-install
+
+_images(){
+    if [[ "$words[2]" == "remove" ]]; then
+        _message 'No more options'
+    else
+        _path_files -W /boot/ -P /boot/ -g "vmlinuz-*"
+    fi
+}
+
+_kernels(){
+    read _MACHINE_ID < /etc/machine-id
+    _kernel=( /lib/modules/[0-9]* )
+    if [[ "$cmd" == "remove" && -n "$_MACHINE_ID" ]]; then
+        _kernel=( "/boot/$_MACHINE_ID"/[0-9]* )
+    fi
+    _kernel=( ${_kernel##*/} )
+    _describe "installed kernels" _kernel
+}
+
+_arguments \
+    '1::add or remove:(add remove)' \
+    '2::kernel versions:_kernels' \
+    '3::kernel images:_images'
+
+#vim: set ft=zsh sw=4 ts=4 et
diff --git a/src/basic/.gitignore b/src/libbasic/.gitignore
index e22411e484..e22411e484 100644
--- a/src/basic/.gitignore
+++ b/src/libbasic/.gitignore
diff --git a/src/libbasic/Makefile b/src/libbasic/Makefile
new file mode 100644
index 0000000000..9f8d4ec995
--- /dev/null
+++ b/src/libbasic/Makefile
@@ -0,0 +1,279 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+noinst_LTLIBRARIES += \
+	libbasic.la
+
+libbasic_la_SOURCES = \
+	src/basic/missing.h \
+	src/basic/missing_syscall.h \
+	src/basic/capability-util.c \
+	src/basic/capability-util.h \
+	src/basic/conf-files.c \
+	src/basic/conf-files.h \
+	src/basic/stdio-util.h \
+	src/basic/hostname-util.h \
+	src/basic/hostname-util.c \
+	src/basic/unit-name.c \
+	src/basic/unit-name.h \
+	src/basic/ioprio.h \
+	src/basic/securebits.h \
+	src/basic/special.h \
+	src/basic/list.h \
+	src/basic/unaligned.h \
+	src/basic/macro.h \
+	src/basic/def.h \
+	src/basic/sparse-endian.h \
+	src/basic/refcnt.h \
+	src/basic/util.c \
+	src/basic/util.h \
+	src/basic/io-util.c \
+	src/basic/io-util.h \
+	src/basic/string-util.c \
+	src/basic/string-util.h \
+	src/basic/fd-util.c \
+	src/basic/fd-util.h \
+	src/basic/parse-util.c \
+	src/basic/parse-util.h \
+	src/basic/user-util.c \
+	src/basic/user-util.h \
+	src/basic/rlimit-util.c \
+	src/basic/rlimit-util.h \
+	src/basic/dirent-util.c \
+	src/basic/dirent-util.h \
+	src/basic/xattr-util.c \
+	src/basic/xattr-util.h \
+	src/basic/chattr-util.c \
+	src/basic/chattr-util.h \
+	src/basic/proc-cmdline.c \
+	src/basic/proc-cmdline.h \
+	src/basic/fs-util.c \
+	src/basic/fs-util.h \
+	src/basic/syslog-util.c \
+	src/basic/syslog-util.h \
+	src/basic/stat-util.c \
+	src/basic/stat-util.h \
+	src/basic/mount-util.c \
+	src/basic/mount-util.h \
+	src/basic/hexdecoct.c \
+	src/basic/hexdecoct.h \
+	src/basic/glob-util.h \
+	src/basic/glob-util.c \
+	src/basic/extract-word.c \
+	src/basic/extract-word.h \
+	src/basic/escape.c \
+	src/basic/escape.h \
+	src/basic/cpu-set-util.c \
+	src/basic/cpu-set-util.h \
+	src/basic/lockfile-util.c \
+	src/basic/lockfile-util.h \
+	src/basic/path-util.c \
+	src/basic/path-util.h \
+	src/basic/time-util.c \
+	src/basic/time-util.h \
+	src/basic/locale-util.c \
+	src/basic/locale-util.h \
+	src/basic/umask-util.h \
+	src/basic/signal-util.c \
+	src/basic/signal-util.h \
+	src/basic/string-table.c \
+	src/basic/string-table.h \
+	src/basic/mempool.c \
+	src/basic/mempool.h \
+	src/basic/hashmap.c \
+	src/basic/hashmap.h \
+	src/basic/hash-funcs.c \
+	src/basic/hash-funcs.h \
+	src/basic/siphash24.c \
+	src/basic/siphash24.h \
+	src/basic/set.h \
+	src/basic/ordered-set.h \
+	src/basic/ordered-set.c \
+	src/basic/bitmap.c \
+	src/basic/bitmap.h \
+	src/basic/fdset.c \
+	src/basic/fdset.h \
+	src/basic/prioq.c \
+	src/basic/prioq.h \
+	src/basic/web-util.c \
+	src/basic/web-util.h \
+	src/basic/strv.c \
+	src/basic/strv.h \
+	src/basic/env-util.c \
+	src/basic/env-util.h \
+	src/basic/strbuf.c \
+	src/basic/strbuf.h \
+	src/basic/strxcpyx.c \
+	src/basic/strxcpyx.h \
+	src/basic/log.c \
+	src/basic/log.h \
+	src/basic/bus-label.c \
+	src/basic/bus-label.h \
+	src/basic/ratelimit.h \
+	src/basic/ratelimit.c \
+	src/basic/exit-status.c \
+	src/basic/exit-status.h \
+	src/basic/virt.c \
+	src/basic/virt.h \
+	src/basic/architecture.c \
+	src/basic/architecture.h \
+	src/basic/smack-util.c \
+	src/basic/smack-util.h \
+	src/basic/device-nodes.c \
+	src/basic/device-nodes.h \
+	src/basic/utf8.c \
+	src/basic/utf8.h \
+	src/basic/gunicode.c \
+	src/basic/gunicode.h \
+	src/basic/socket-util.c \
+	src/basic/socket-util.h \
+	src/basic/in-addr-util.c \
+	src/basic/in-addr-util.h \
+	src/basic/ether-addr-util.h \
+	src/basic/ether-addr-util.c \
+	src/basic/replace-var.c \
+	src/basic/replace-var.h \
+	src/basic/clock-util.c \
+	src/basic/clock-util.h \
+	src/basic/calendarspec.c \
+	src/basic/calendarspec.h \
+	src/basic/fileio.c \
+	src/basic/fileio.h \
+	src/basic/MurmurHash2.c \
+	src/basic/MurmurHash2.h \
+	src/basic/mkdir.c \
+	src/basic/mkdir.h \
+	src/basic/cgroup-util.c \
+	src/basic/cgroup-util.h \
+	src/basic/errno-list.c \
+	src/basic/errno-list.h \
+	src/basic/af-list.c \
+	src/basic/af-list.h \
+	src/basic/arphrd-list.c \
+	src/basic/arphrd-list.h \
+	src/basic/terminal-util.c \
+	src/basic/terminal-util.h \
+	src/basic/login-util.h \
+	src/basic/login-util.c \
+	src/basic/cap-list.c \
+	src/basic/cap-list.h \
+	src/basic/audit-util.c \
+	src/basic/audit-util.h \
+	src/basic/xml.c \
+	src/basic/xml.h \
+	src/basic/barrier.c \
+	src/basic/barrier.h \
+	src/basic/async.c \
+	src/basic/async.h \
+	src/basic/memfd-util.c \
+	src/basic/memfd-util.h \
+	src/basic/process-util.c \
+	src/basic/process-util.h \
+	src/basic/random-util.c \
+	src/basic/random-util.h \
+	src/basic/verbs.c \
+	src/basic/verbs.h \
+	src/basic/sigbus.c \
+	src/basic/sigbus.h \
+	src/basic/build.h \
+	src/basic/socket-label.c \
+	src/basic/label.c \
+	src/basic/label.h \
+	src/basic/btrfs-util.c \
+	src/basic/btrfs-util.h \
+	src/basic/btrfs-ctree.h \
+	src/basic/selinux-util.c \
+	src/basic/selinux-util.h \
+	src/basic/mkdir-label.c \
+	src/basic/fileio-label.c \
+	src/basic/fileio-label.h \
+	src/basic/rm-rf.c \
+	src/basic/rm-rf.h \
+	src/basic/copy.c \
+	src/basic/copy.h \
+	src/basic/alloc-util.h \
+	src/basic/alloc-util.c \
+	src/basic/formats-util.h \
+	src/basic/nss-util.h
+
+nodist_libbasic_la_SOURCES = \
+	src/basic/errno-from-name.h \
+	src/basic/errno-to-name.h \
+	src/basic/af-from-name.h \
+	src/basic/af-to-name.h \
+	src/basic/arphrd-from-name.h \
+	src/basic/arphrd-to-name.h \
+	src/basic/cap-from-name.h \
+	src/basic/cap-to-name.h
+
+libbasic_la_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(SELINUX_CFLAGS) \
+	$(CAP_CFLAGS) \
+	-pthread
+
+libbasic_la_LIBADD = \
+	$(SELINUX_LIBS) \
+	$(CAP_LIBS) \
+	-lrt \
+	-lm
+
+$(outdir)/errno-list.txt:
+	$(AM_V_GEN)$(CPP) $(ALL_CPPFLAGS) -dM -include errno.h - </dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+/ { print $$2; }' >$@
+
+$(outdir)/errno-to-name.h: $(outdir)/errno-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} !/EDEADLOCK/ && !/EWOULDBLOCK/ && !/ENOTSUP/ { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' <$< >$@
+
+
+$(outdir)/af-list.txt:
+	$(AM_V_GEN)$(CPP) $(ALL_CPPFLAGS) -dM -include sys/socket.h - </dev/null | grep -v AF_UNSPEC | grep -v AF_MAX | $(AWK) '/^#define[ \t]+AF_[^ \t]+[ \t]+PF_[^ \t]/ { print $$2; }' >$@
+
+$(outdir)/af-to-name.h: $(outdir)/af-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const af_names[] = { "} !/AF_FILE/ && !/AF_ROUTE/ && !/AF_LOCAL/ { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' <$< >$@
+
+
+$(outdir)/arphrd-list.txt:
+	$(AM_V_GEN)$(CPP) $(ALL_CPPFLAGS) -dM -include net/if_arp.h - </dev/null | $(AWK) '/^#define[ \t]+ARPHRD_[^ \t]+[ \t]+[^ \t]/ { print $$2; }' | sed -e 's/ARPHRD_//' >$@
+
+$(outdir)/arphrd-to-name.h: $(outdir)/arphrd-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const arphrd_names[] = { "} !/CISCO/ { printf "[ARPHRD_%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' <$< >$@
+
+$(outdir)/arphrd-from-name.gperf: $(outdir)/arphrd-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "struct arphrd_name { const char* name; int id; };"; print "%null-strings"; print "%%";} { printf "%s, ARPHRD_%s\n", $$1, $$1 }' <$< >$@
+
+
+$(outdir)/cap-list.txt:
+	$(AM_V_GEN)$(CPP) $(ALL_CPPFLAGS) -dM -include linux/capability.h -include missing.h - </dev/null | $(AWK) '/^#define[ \t]+CAP_[A-Z_]+[ \t]+/ { print $$2; }' | grep -v CAP_LAST_CAP >$@
+
+$(outdir)/cap-to-name.h: $(outdir)/cap-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const capability_names[] = { "} { printf "[%s] = \"%s\",\n", $$1, tolower($$1) } END{print "};"}' <$< >$@
+
+$(outdir)/cap-from-name.gperf: $(outdir)/cap-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "struct capability_name { const char* name; int id; };"; print "%null-strings"; print "%%";} { printf "%s, %s\n", $$1, $$1 }' <$< >$@
+
+$(outdir)/cap-from-name.h: $(outdir)/cap-from-name.gperf
+	$(AM_V_GPERF)$(GPERF) -L ANSI-C -t --ignore-case -N lookup_capability -H hash_capability_name -p -C <$< >$@
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/basic/MurmurHash2.c b/src/libbasic/MurmurHash2.c
index 9020793930..9020793930 100644
--- a/src/basic/MurmurHash2.c
+++ b/src/libbasic/MurmurHash2.c
diff --git a/src/basic/MurmurHash2.h b/src/libbasic/MurmurHash2.h
index 93362dd485..93362dd485 100644
--- a/src/basic/MurmurHash2.h
+++ b/src/libbasic/MurmurHash2.h
diff --git a/src/basic/af-list.c b/src/libbasic/af-list.c
index 3fac9c508b..3fac9c508b 100644
--- a/src/basic/af-list.c
+++ b/src/libbasic/af-list.c
diff --git a/src/basic/af-list.h b/src/libbasic/af-list.h
index 6a4cc03839..6a4cc03839 100644
--- a/src/basic/af-list.h
+++ b/src/libbasic/af-list.h
diff --git a/src/basic/alloc-util.c b/src/libbasic/alloc-util.c
index b540dcddf5..b540dcddf5 100644
--- a/src/basic/alloc-util.c
+++ b/src/libbasic/alloc-util.c
diff --git a/src/basic/alloc-util.h b/src/libbasic/alloc-util.h
index ceeee519b7..ceeee519b7 100644
--- a/src/basic/alloc-util.h
+++ b/src/libbasic/alloc-util.h
diff --git a/src/basic/architecture.c b/src/libbasic/architecture.c
index b1c8e91f50..b1c8e91f50 100644
--- a/src/basic/architecture.c
+++ b/src/libbasic/architecture.c
diff --git a/src/basic/architecture.h b/src/libbasic/architecture.h
index b3e4d85906..b3e4d85906 100644
--- a/src/basic/architecture.h
+++ b/src/libbasic/architecture.h
diff --git a/src/basic/arphrd-list.c b/src/libbasic/arphrd-list.c
index 6792d1ee3f..6792d1ee3f 100644
--- a/src/basic/arphrd-list.c
+++ b/src/libbasic/arphrd-list.c
diff --git a/src/basic/arphrd-list.h b/src/libbasic/arphrd-list.h
index c0f8758dbe..c0f8758dbe 100644
--- a/src/basic/arphrd-list.h
+++ b/src/libbasic/arphrd-list.h
diff --git a/src/basic/async.c b/src/libbasic/async.c
index a1f163f27b..a1f163f27b 100644
--- a/src/basic/async.c
+++ b/src/libbasic/async.c
diff --git a/src/basic/async.h b/src/libbasic/async.h
index 9bd13ff6e0..9bd13ff6e0 100644
--- a/src/basic/async.h
+++ b/src/libbasic/async.h
diff --git a/src/basic/audit-util.c b/src/libbasic/audit-util.c
index 5741fecdd6..5741fecdd6 100644
--- a/src/basic/audit-util.c
+++ b/src/libbasic/audit-util.c
diff --git a/src/basic/audit-util.h b/src/libbasic/audit-util.h
index e048503991..e048503991 100644
--- a/src/basic/audit-util.h
+++ b/src/libbasic/audit-util.h
diff --git a/src/basic/barrier.c b/src/libbasic/barrier.c
index 2da633b311..2da633b311 100644
--- a/src/basic/barrier.c
+++ b/src/libbasic/barrier.c
diff --git a/src/basic/barrier.h b/src/libbasic/barrier.h
index 6347fddc4d..6347fddc4d 100644
--- a/src/basic/barrier.h
+++ b/src/libbasic/barrier.h
diff --git a/src/basic/bitmap.c b/src/libbasic/bitmap.c
index ad1fda0198..ad1fda0198 100644
--- a/src/basic/bitmap.c
+++ b/src/libbasic/bitmap.c
diff --git a/src/basic/bitmap.h b/src/libbasic/bitmap.h
index f5f8f2f018..f5f8f2f018 100644
--- a/src/basic/bitmap.h
+++ b/src/libbasic/bitmap.h
diff --git a/src/basic/blkid-util.h b/src/libbasic/blkid-util.h
index 7aa75eb091..7aa75eb091 100644
--- a/src/basic/blkid-util.h
+++ b/src/libbasic/blkid-util.h
diff --git a/src/basic/btrfs-ctree.h b/src/libbasic/btrfs-ctree.h
index 66bdf9736e..66bdf9736e 100644
--- a/src/basic/btrfs-ctree.h
+++ b/src/libbasic/btrfs-ctree.h
diff --git a/src/basic/btrfs-util.c b/src/libbasic/btrfs-util.c
index 359d85f2e8..359d85f2e8 100644
--- a/src/basic/btrfs-util.c
+++ b/src/libbasic/btrfs-util.c
diff --git a/src/libbasic/btrfs-util.h b/src/libbasic/btrfs-util.h
new file mode 100644
index 0000000000..db431f5b74
--- /dev/null
+++ b/src/libbasic/btrfs-util.h
@@ -0,0 +1,131 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+#include <systemd/sd-id128.h>
+
+#include "time-util.h"
+
+typedef struct BtrfsSubvolInfo {
+        uint64_t subvol_id;
+        usec_t otime;
+
+        sd_id128_t uuid;
+        sd_id128_t parent_uuid;
+
+        bool read_only;
+} BtrfsSubvolInfo;
+
+typedef struct BtrfsQuotaInfo {
+        uint64_t referenced;
+        uint64_t exclusive;
+        uint64_t referenced_max;
+        uint64_t exclusive_max;
+} BtrfsQuotaInfo;
+
+typedef enum BtrfsSnapshotFlags {
+        BTRFS_SNAPSHOT_FALLBACK_COPY = 1,
+        BTRFS_SNAPSHOT_READ_ONLY = 2,
+        BTRFS_SNAPSHOT_RECURSIVE = 4,
+        BTRFS_SNAPSHOT_QUOTA = 8,
+} BtrfsSnapshotFlags;
+
+typedef enum BtrfsRemoveFlags {
+        BTRFS_REMOVE_RECURSIVE = 1,
+        BTRFS_REMOVE_QUOTA = 2,
+} BtrfsRemoveFlags;
+
+int btrfs_is_filesystem(int fd);
+
+int btrfs_is_subvol_fd(int fd);
+int btrfs_is_subvol(const char *path);
+
+int btrfs_reflink(int infd, int outfd);
+int btrfs_clone_range(int infd, uint64_t in_offset, int ofd, uint64_t out_offset, uint64_t sz);
+
+int btrfs_get_block_device_fd(int fd, dev_t *dev);
+int btrfs_get_block_device(const char *path, dev_t *dev);
+
+int btrfs_defrag_fd(int fd);
+int btrfs_defrag(const char *p);
+
+int btrfs_quota_enable_fd(int fd, bool b);
+int btrfs_quota_enable(const char *path, bool b);
+
+int btrfs_quota_scan_start(int fd);
+int btrfs_quota_scan_wait(int fd);
+int btrfs_quota_scan_ongoing(int fd);
+
+int btrfs_resize_loopback_fd(int fd, uint64_t size, bool grow_only);
+int btrfs_resize_loopback(const char *path, uint64_t size, bool grow_only);
+
+int btrfs_subvol_make(const char *path);
+int btrfs_subvol_make_label(const char *path);
+
+int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlags flags);
+int btrfs_subvol_snapshot(const char *old_path, const char *new_path, BtrfsSnapshotFlags flags);
+
+int btrfs_subvol_remove(const char *path, BtrfsRemoveFlags flags);
+int btrfs_subvol_remove_fd(int fd, const char *subvolume, BtrfsRemoveFlags flags);
+
+int btrfs_subvol_set_read_only_fd(int fd, bool b);
+int btrfs_subvol_set_read_only(const char *path, bool b);
+int btrfs_subvol_get_read_only_fd(int fd);
+
+int btrfs_subvol_get_id(int fd, const char *subvolume, uint64_t *ret);
+int btrfs_subvol_get_id_fd(int fd, uint64_t *ret);
+int btrfs_subvol_get_parent(int fd, uint64_t subvol_id, uint64_t *ret);
+
+int btrfs_subvol_get_info_fd(int fd, uint64_t subvol_id, BtrfsSubvolInfo *info);
+
+int btrfs_subvol_find_subtree_qgroup(int fd, uint64_t subvol_id, uint64_t *ret);
+
+int btrfs_subvol_get_subtree_quota(const char *path, uint64_t subvol_id, BtrfsQuotaInfo *quota);
+int btrfs_subvol_get_subtree_quota_fd(int fd, uint64_t subvol_id, BtrfsQuotaInfo *quota);
+
+int btrfs_subvol_set_subtree_quota_limit(const char *path, uint64_t subvol_id, uint64_t referenced_max);
+int btrfs_subvol_set_subtree_quota_limit_fd(int fd, uint64_t subvol_id, uint64_t referenced_max);
+
+int btrfs_subvol_auto_qgroup_fd(int fd, uint64_t subvol_id, bool new_qgroup);
+int btrfs_subvol_auto_qgroup(const char *path, uint64_t subvol_id, bool create_intermediary_qgroup);
+
+int btrfs_qgroupid_make(uint64_t level, uint64_t id, uint64_t *ret);
+int btrfs_qgroupid_split(uint64_t qgroupid, uint64_t *level, uint64_t *id);
+
+int btrfs_qgroup_create(int fd, uint64_t qgroupid);
+int btrfs_qgroup_destroy(int fd, uint64_t qgroupid);
+int btrfs_qgroup_destroy_recursive(int fd, uint64_t qgroupid);
+
+int btrfs_qgroup_set_limit_fd(int fd, uint64_t qgroupid, uint64_t referenced_max);
+int btrfs_qgroup_set_limit(const char *path, uint64_t qgroupid, uint64_t referenced_max);
+
+int btrfs_qgroup_copy_limits(int fd, uint64_t old_qgroupid, uint64_t new_qgroupid);
+
+int btrfs_qgroup_assign(int fd, uint64_t child, uint64_t parent);
+int btrfs_qgroup_unassign(int fd, uint64_t child, uint64_t parent);
+
+int btrfs_qgroup_find_parents(int fd, uint64_t qgroupid, uint64_t **ret);
+
+int btrfs_qgroup_get_quota_fd(int fd, uint64_t qgroupid, BtrfsQuotaInfo *quota);
+int btrfs_qgroup_get_quota(const char *path, uint64_t qgroupid, BtrfsQuotaInfo *quota);
diff --git a/src/basic/build.h b/src/libbasic/build.h
index 633c2aaccb..633c2aaccb 100644
--- a/src/basic/build.h
+++ b/src/libbasic/build.h
diff --git a/src/basic/bus-label.c b/src/libbasic/bus-label.c
index d4531c7947..d4531c7947 100644
--- a/src/basic/bus-label.c
+++ b/src/libbasic/bus-label.c
diff --git a/src/basic/bus-label.h b/src/libbasic/bus-label.h
index 62fb2c450c..62fb2c450c 100644
--- a/src/basic/bus-label.h
+++ b/src/libbasic/bus-label.h
diff --git a/src/basic/calendarspec.c b/src/libbasic/calendarspec.c
index 6e0bab9b94..6e0bab9b94 100644
--- a/src/basic/calendarspec.c
+++ b/src/libbasic/calendarspec.c
diff --git a/src/basic/calendarspec.h b/src/libbasic/calendarspec.h
index f6472c1244..f6472c1244 100644
--- a/src/basic/calendarspec.h
+++ b/src/libbasic/calendarspec.h
diff --git a/src/basic/cap-list.c b/src/libbasic/cap-list.c
index 3e773a06f5..3e773a06f5 100644
--- a/src/basic/cap-list.c
+++ b/src/libbasic/cap-list.c
diff --git a/src/basic/cap-list.h b/src/libbasic/cap-list.h
index c1f6b94ad3..c1f6b94ad3 100644
--- a/src/basic/cap-list.h
+++ b/src/libbasic/cap-list.h
diff --git a/src/basic/capability-util.c b/src/libbasic/capability-util.c
index d4c5bd6937..d4c5bd6937 100644
--- a/src/basic/capability-util.c
+++ b/src/libbasic/capability-util.c
diff --git a/src/basic/capability-util.h b/src/libbasic/capability-util.h
index 35a896e229..35a896e229 100644
--- a/src/basic/capability-util.h
+++ b/src/libbasic/capability-util.h
diff --git a/src/basic/cgroup-util.c b/src/libbasic/cgroup-util.c
index 7cdc97ee3c..7cdc97ee3c 100644
--- a/src/basic/cgroup-util.c
+++ b/src/libbasic/cgroup-util.c
diff --git a/src/basic/cgroup-util.h b/src/libbasic/cgroup-util.h
index 4bb5291296..4bb5291296 100644
--- a/src/basic/cgroup-util.h
+++ b/src/libbasic/cgroup-util.h
diff --git a/src/basic/chattr-util.c b/src/libbasic/chattr-util.c
index 2896a729af..2896a729af 100644
--- a/src/basic/chattr-util.c
+++ b/src/libbasic/chattr-util.c
diff --git a/src/basic/chattr-util.h b/src/libbasic/chattr-util.h
index 960cf6d5b3..960cf6d5b3 100644
--- a/src/basic/chattr-util.h
+++ b/src/libbasic/chattr-util.h
diff --git a/src/basic/clock-util.c b/src/libbasic/clock-util.c
index 7fe8d35ea5..7fe8d35ea5 100644
--- a/src/basic/clock-util.c
+++ b/src/libbasic/clock-util.c
diff --git a/src/basic/clock-util.h b/src/libbasic/clock-util.h
index 8830cd2f38..8830cd2f38 100644
--- a/src/basic/clock-util.h
+++ b/src/libbasic/clock-util.h
diff --git a/src/basic/conf-files.c b/src/libbasic/conf-files.c
index c781610e14..c781610e14 100644
--- a/src/basic/conf-files.c
+++ b/src/libbasic/conf-files.c
diff --git a/src/basic/conf-files.h b/src/libbasic/conf-files.h
index e00e0e81fb..e00e0e81fb 100644
--- a/src/basic/conf-files.h
+++ b/src/libbasic/conf-files.h
diff --git a/src/basic/copy.c b/src/libbasic/copy.c
index c3586728d0..c3586728d0 100644
--- a/src/basic/copy.c
+++ b/src/libbasic/copy.c
diff --git a/src/basic/copy.h b/src/libbasic/copy.h
index b5d08ebafe..b5d08ebafe 100644
--- a/src/basic/copy.h
+++ b/src/libbasic/copy.h
diff --git a/src/basic/cpu-set-util.c b/src/libbasic/cpu-set-util.c
index 95ed6928ff..95ed6928ff 100644
--- a/src/basic/cpu-set-util.c
+++ b/src/libbasic/cpu-set-util.c
diff --git a/src/basic/cpu-set-util.h b/src/libbasic/cpu-set-util.h
index 6f49d9afb0..6f49d9afb0 100644
--- a/src/basic/cpu-set-util.h
+++ b/src/libbasic/cpu-set-util.h
diff --git a/src/basic/def.h b/src/libbasic/def.h
index 1a7a0f4928..1a7a0f4928 100644
--- a/src/basic/def.h
+++ b/src/libbasic/def.h
diff --git a/src/basic/device-nodes.c b/src/libbasic/device-nodes.c
index 38c0628a90..38c0628a90 100644
--- a/src/basic/device-nodes.c
+++ b/src/libbasic/device-nodes.c
diff --git a/src/basic/device-nodes.h b/src/libbasic/device-nodes.h
index 94f385abcb..94f385abcb 100644
--- a/src/basic/device-nodes.h
+++ b/src/libbasic/device-nodes.h
diff --git a/src/basic/dirent-util.c b/src/libbasic/dirent-util.c
index 59067121b7..59067121b7 100644
--- a/src/basic/dirent-util.c
+++ b/src/libbasic/dirent-util.c
diff --git a/src/basic/dirent-util.h b/src/libbasic/dirent-util.h
index b91d04908f..b91d04908f 100644
--- a/src/basic/dirent-util.h
+++ b/src/libbasic/dirent-util.h
diff --git a/src/basic/env-util.c b/src/libbasic/env-util.c
index 7f5fddb700..7f5fddb700 100644
--- a/src/basic/env-util.c
+++ b/src/libbasic/env-util.c
diff --git a/src/basic/env-util.h b/src/libbasic/env-util.h
index b1fef704c2..b1fef704c2 100644
--- a/src/basic/env-util.h
+++ b/src/libbasic/env-util.h
diff --git a/src/basic/errno-list.c b/src/libbasic/errno-list.c
index 31b66bad5e..31b66bad5e 100644
--- a/src/basic/errno-list.c
+++ b/src/libbasic/errno-list.c
diff --git a/src/basic/errno-list.h b/src/libbasic/errno-list.h
index 4eec0cc786..4eec0cc786 100644
--- a/src/basic/errno-list.h
+++ b/src/libbasic/errno-list.h
diff --git a/src/basic/escape.c b/src/libbasic/escape.c
index 01daf11ce7..01daf11ce7 100644
--- a/src/basic/escape.c
+++ b/src/libbasic/escape.c
diff --git a/src/basic/escape.h b/src/libbasic/escape.h
index deaa4def28..deaa4def28 100644
--- a/src/basic/escape.h
+++ b/src/libbasic/escape.h
diff --git a/src/basic/ether-addr-util.c b/src/libbasic/ether-addr-util.c
index 5697e8d132..5697e8d132 100644
--- a/src/basic/ether-addr-util.c
+++ b/src/libbasic/ether-addr-util.c
diff --git a/src/basic/ether-addr-util.h b/src/libbasic/ether-addr-util.h
index 74e125a95f..74e125a95f 100644
--- a/src/basic/ether-addr-util.h
+++ b/src/libbasic/ether-addr-util.h
diff --git a/src/basic/exit-status.c b/src/libbasic/exit-status.c
index 92fa5ace61..92fa5ace61 100644
--- a/src/basic/exit-status.c
+++ b/src/libbasic/exit-status.c
diff --git a/src/basic/exit-status.h b/src/libbasic/exit-status.h
index 1208c8feed..1208c8feed 100644
--- a/src/basic/exit-status.h
+++ b/src/libbasic/exit-status.h
diff --git a/src/basic/extract-word.c b/src/libbasic/extract-word.c
index d6c1228463..d6c1228463 100644
--- a/src/basic/extract-word.c
+++ b/src/libbasic/extract-word.c
diff --git a/src/basic/extract-word.h b/src/libbasic/extract-word.h
index 21db5ef33f..21db5ef33f 100644
--- a/src/basic/extract-word.h
+++ b/src/libbasic/extract-word.h
diff --git a/src/basic/fd-util.c b/src/libbasic/fd-util.c
index 8b466cff15..8b466cff15 100644
--- a/src/basic/fd-util.c
+++ b/src/libbasic/fd-util.c
diff --git a/src/basic/fd-util.h b/src/libbasic/fd-util.h
index b86e41698a..b86e41698a 100644
--- a/src/basic/fd-util.h
+++ b/src/libbasic/fd-util.h
diff --git a/src/libbasic/fdset.c b/src/libbasic/fdset.c
new file mode 100644
index 0000000000..b52bf1ad05
--- /dev/null
+++ b/src/libbasic/fdset.c
@@ -0,0 +1,273 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <alloca.h>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stddef.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "fd-util.h"
+#include "fdset.h"
+#include "log.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "set.h"
+
+#define MAKE_SET(s) ((Set*) s)
+#define MAKE_FDSET(s) ((FDSet*) s)
+
+FDSet *fdset_new(void) {
+        return MAKE_FDSET(set_new(NULL));
+}
+
+int fdset_new_array(FDSet **ret, const int *fds, unsigned n_fds) {
+        unsigned i;
+        FDSet *s;
+        int r;
+
+        assert(ret);
+
+        s = fdset_new();
+        if (!s)
+                return -ENOMEM;
+
+        for (i = 0; i < n_fds; i++) {
+
+                r = fdset_put(s, fds[i]);
+                if (r < 0) {
+                        set_free(MAKE_SET(s));
+                        return r;
+                }
+        }
+
+        *ret = s;
+        return 0;
+}
+
+FDSet* fdset_free(FDSet *s) {
+        void *p;
+
+        while ((p = set_steal_first(MAKE_SET(s)))) {
+                /* Valgrind's fd might have ended up in this set here,
+                 * due to fdset_new_fill(). We'll ignore all failures
+                 * here, so that the EBADFD that valgrind will return
+                 * us on close() doesn't influence us */
+
+                /* When reloading duplicates of the private bus
+                 * connection fds and suchlike are closed here, which
+                 * has no effect at all, since they are only
+                 * duplicates. So don't be surprised about these log
+                 * messages. */
+
+                log_debug("Closing left-over fd %i", PTR_TO_FD(p));
+                close_nointr(PTR_TO_FD(p));
+        }
+
+        set_free(MAKE_SET(s));
+        return NULL;
+}
+
+int fdset_put(FDSet *s, int fd) {
+        assert(s);
+        assert(fd >= 0);
+
+        return set_put(MAKE_SET(s), FD_TO_PTR(fd));
+}
+
+int fdset_put_dup(FDSet *s, int fd) {
+        int copy, r;
+
+        assert(s);
+        assert(fd >= 0);
+
+        copy = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+        if (copy < 0)
+                return -errno;
+
+        r = fdset_put(s, copy);
+        if (r < 0) {
+                safe_close(copy);
+                return r;
+        }
+
+        return copy;
+}
+
+bool fdset_contains(FDSet *s, int fd) {
+        assert(s);
+        assert(fd >= 0);
+
+        return !!set_get(MAKE_SET(s), FD_TO_PTR(fd));
+}
+
+int fdset_remove(FDSet *s, int fd) {
+        assert(s);
+        assert(fd >= 0);
+
+        return set_remove(MAKE_SET(s), FD_TO_PTR(fd)) ? fd : -ENOENT;
+}
+
+int fdset_new_fill(FDSet **_s) {
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        int r = 0;
+        FDSet *s;
+
+        assert(_s);
+
+        /* Creates an fdset and fills in all currently open file
+         * descriptors. */
+
+        d = opendir("/proc/self/fd");
+        if (!d)
+                return -errno;
+
+        s = fdset_new();
+        if (!s) {
+                r = -ENOMEM;
+                goto finish;
+        }
+
+        while ((de = readdir(d))) {
+                int fd = -1;
+
+                if (hidden_or_backup_file(de->d_name))
+                        continue;
+
+                r = safe_atoi(de->d_name, &fd);
+                if (r < 0)
+                        goto finish;
+
+                if (fd < 3)
+                        continue;
+
+                if (fd == dirfd(d))
+                        continue;
+
+                r = fdset_put(s, fd);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = 0;
+        *_s = s;
+        s = NULL;
+
+finish:
+        /* We won't close the fds here! */
+        if (s)
+                set_free(MAKE_SET(s));
+
+        return r;
+}
+
+int fdset_cloexec(FDSet *fds, bool b) {
+        Iterator i;
+        void *p;
+        int r;
+
+        assert(fds);
+
+        SET_FOREACH(p, MAKE_SET(fds), i) {
+                r = fd_cloexec(PTR_TO_FD(p), b);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+int fdset_new_listen_fds(FDSet **_s, bool unset) {
+        int n, fd, r;
+        FDSet *s;
+
+        assert(_s);
+
+        /* Creates an fdset and fills in all passed file descriptors */
+
+        s = fdset_new();
+        if (!s) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        n = sd_listen_fds(unset);
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
+                r = fdset_put(s, fd);
+                if (r < 0)
+                        goto fail;
+        }
+
+        *_s = s;
+        return 0;
+
+
+fail:
+        if (s)
+                set_free(MAKE_SET(s));
+
+        return r;
+}
+
+int fdset_close_others(FDSet *fds) {
+        void *e;
+        Iterator i;
+        int *a;
+        unsigned j, m;
+
+        j = 0, m = fdset_size(fds);
+        a = alloca(sizeof(int) * m);
+        SET_FOREACH(e, MAKE_SET(fds), i)
+                a[j++] = PTR_TO_FD(e);
+
+        assert(j == m);
+
+        return close_all_fds(a, j);
+}
+
+unsigned fdset_size(FDSet *fds) {
+        return set_size(MAKE_SET(fds));
+}
+
+bool fdset_isempty(FDSet *fds) {
+        return set_isempty(MAKE_SET(fds));
+}
+
+int fdset_iterate(FDSet *s, Iterator *i) {
+        void *p;
+
+        if (!set_iterate(MAKE_SET(s), i, &p))
+                return -ENOENT;
+
+        return PTR_TO_FD(p);
+}
+
+int fdset_steal_first(FDSet *fds) {
+        void *p;
+
+        p = set_steal_first(MAKE_SET(fds));
+        if (!p)
+                return -ENOENT;
+
+        return PTR_TO_FD(p);
+}
diff --git a/src/basic/fdset.h b/src/libbasic/fdset.h
index 16efe5bdf2..16efe5bdf2 100644
--- a/src/basic/fdset.h
+++ b/src/libbasic/fdset.h
diff --git a/src/basic/fileio-label.c b/src/libbasic/fileio-label.c
index 66dbc0fe1e..66dbc0fe1e 100644
--- a/src/basic/fileio-label.c
+++ b/src/libbasic/fileio-label.c
diff --git a/src/basic/fileio-label.h b/src/libbasic/fileio-label.h
index fe7543013d..fe7543013d 100644
--- a/src/basic/fileio-label.h
+++ b/src/libbasic/fileio-label.h
diff --git a/src/basic/fileio.c b/src/libbasic/fileio.c
index 29f5374222..29f5374222 100644
--- a/src/basic/fileio.c
+++ b/src/libbasic/fileio.c
diff --git a/src/basic/fileio.h b/src/libbasic/fileio.h
index 58dbc80c24..58dbc80c24 100644
--- a/src/basic/fileio.h
+++ b/src/libbasic/fileio.h
diff --git a/src/basic/formats-util.h b/src/libbasic/formats-util.h
index 9b4e8e98fa..9b4e8e98fa 100644
--- a/src/basic/formats-util.h
+++ b/src/libbasic/formats-util.h
diff --git a/src/basic/fs-util.c b/src/libbasic/fs-util.c
index e24e7036f7..e24e7036f7 100644
--- a/src/basic/fs-util.c
+++ b/src/libbasic/fs-util.c
diff --git a/src/basic/fs-util.h b/src/libbasic/fs-util.h
index 517b599d6f..517b599d6f 100644
--- a/src/basic/fs-util.h
+++ b/src/libbasic/fs-util.h
diff --git a/src/basic/glob-util.c b/src/libbasic/glob-util.c
index 007198c269..007198c269 100644
--- a/src/basic/glob-util.c
+++ b/src/libbasic/glob-util.c
diff --git a/src/basic/glob-util.h b/src/libbasic/glob-util.h
index 5d8fb47a26..5d8fb47a26 100644
--- a/src/basic/glob-util.h
+++ b/src/libbasic/glob-util.h
diff --git a/src/basic/gunicode.c b/src/libbasic/gunicode.c
index 542110503f..542110503f 100644
--- a/src/basic/gunicode.c
+++ b/src/libbasic/gunicode.c
diff --git a/src/basic/gunicode.h b/src/libbasic/gunicode.h
index 5975bc8fc9..5975bc8fc9 100644
--- a/src/basic/gunicode.h
+++ b/src/libbasic/gunicode.h
diff --git a/src/basic/hash-funcs.c b/src/libbasic/hash-funcs.c
index c3a4a011b5..c3a4a011b5 100644
--- a/src/basic/hash-funcs.c
+++ b/src/libbasic/hash-funcs.c
diff --git a/src/basic/hash-funcs.h b/src/libbasic/hash-funcs.h
index 299189d143..299189d143 100644
--- a/src/basic/hash-funcs.h
+++ b/src/libbasic/hash-funcs.h
diff --git a/src/basic/hashmap.c b/src/libbasic/hashmap.c
index 49a0479592..49a0479592 100644
--- a/src/basic/hashmap.c
+++ b/src/libbasic/hashmap.c
diff --git a/src/basic/hashmap.h b/src/libbasic/hashmap.h
index 6d1ae48b21..6d1ae48b21 100644
--- a/src/basic/hashmap.h
+++ b/src/libbasic/hashmap.h
diff --git a/src/basic/hexdecoct.c b/src/libbasic/hexdecoct.c
index c5bda6c4d6..c5bda6c4d6 100644
--- a/src/basic/hexdecoct.c
+++ b/src/libbasic/hexdecoct.c
diff --git a/src/basic/hexdecoct.h b/src/libbasic/hexdecoct.h
index 1ba2f69ebd..1ba2f69ebd 100644
--- a/src/basic/hexdecoct.h
+++ b/src/libbasic/hexdecoct.h
diff --git a/src/basic/hostname-util.c b/src/libbasic/hostname-util.c
index 13c3bb6446..13c3bb6446 100644
--- a/src/basic/hostname-util.c
+++ b/src/libbasic/hostname-util.c
diff --git a/src/basic/hostname-util.h b/src/libbasic/hostname-util.h
index 7af4e6c7ec..7af4e6c7ec 100644
--- a/src/basic/hostname-util.h
+++ b/src/libbasic/hostname-util.h
diff --git a/src/basic/in-addr-util.c b/src/libbasic/in-addr-util.c
index 245107ebb8..245107ebb8 100644
--- a/src/basic/in-addr-util.c
+++ b/src/libbasic/in-addr-util.c
diff --git a/src/basic/in-addr-util.h b/src/libbasic/in-addr-util.h
index 17798ce816..17798ce816 100644
--- a/src/basic/in-addr-util.h
+++ b/src/libbasic/in-addr-util.h
diff --git a/src/basic/io-util.c b/src/libbasic/io-util.c
index cc6dfa8c1b..cc6dfa8c1b 100644
--- a/src/basic/io-util.c
+++ b/src/libbasic/io-util.c
diff --git a/src/basic/io-util.h b/src/libbasic/io-util.h
index 4684ed3bfc..4684ed3bfc 100644
--- a/src/basic/io-util.h
+++ b/src/libbasic/io-util.h
diff --git a/src/basic/ioprio.h b/src/libbasic/ioprio.h
index d8bb6eb497..d8bb6eb497 100644
--- a/src/basic/ioprio.h
+++ b/src/libbasic/ioprio.h
diff --git a/src/basic/label.c b/src/libbasic/label.c
index f5ab855d32..f5ab855d32 100644
--- a/src/basic/label.c
+++ b/src/libbasic/label.c
diff --git a/src/basic/label.h b/src/libbasic/label.h
index 3e9251aa71..3e9251aa71 100644
--- a/src/basic/label.h
+++ b/src/libbasic/label.h
diff --git a/src/basic/list.h b/src/libbasic/list.h
index 5962aa4211..5962aa4211 100644
--- a/src/basic/list.h
+++ b/src/libbasic/list.h
diff --git a/src/basic/locale-util.c b/src/libbasic/locale-util.c
index ada0a28cd8..ada0a28cd8 100644
--- a/src/basic/locale-util.c
+++ b/src/libbasic/locale-util.c
diff --git a/src/basic/locale-util.h b/src/libbasic/locale-util.h
index 0630a034ab..0630a034ab 100644
--- a/src/basic/locale-util.h
+++ b/src/libbasic/locale-util.h
diff --git a/src/basic/lockfile-util.c b/src/libbasic/lockfile-util.c
index 3ee4191e4d..3ee4191e4d 100644
--- a/src/basic/lockfile-util.c
+++ b/src/libbasic/lockfile-util.c
diff --git a/src/basic/lockfile-util.h b/src/libbasic/lockfile-util.h
index 22491ee8e1..22491ee8e1 100644
--- a/src/basic/lockfile-util.h
+++ b/src/libbasic/lockfile-util.h
diff --git a/src/libbasic/log.c b/src/libbasic/log.c
new file mode 100644
index 0000000000..05c4896f55
--- /dev/null
+++ b/src/libbasic/log.c
@@ -0,0 +1,1170 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/signalfd.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/uio.h>
+#include <sys/un.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "io-util.h"
+#include "log.h"
+#include "macro.h"
+#include "missing.h"
+#include "parse-util.h"
+#include "proc-cmdline.h"
+#include "process-util.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "stdio-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "syslog-util.h"
+#include "terminal-util.h"
+#include "time-util.h"
+#include "util.h"
+
+#define SNDBUF_SIZE (8*1024*1024)
+
+static LogTarget log_target = LOG_TARGET_CONSOLE;
+static int log_max_level = LOG_INFO;
+static int log_facility = LOG_DAEMON;
+
+static int console_fd = STDERR_FILENO;
+static int syslog_fd = -1;
+static int kmsg_fd = -1;
+static int journal_fd = -1;
+
+static bool syslog_is_stream = false;
+
+static bool show_color = false;
+static bool show_location = false;
+
+static bool upgrade_syslog_to_journal = false;
+
+/* Akin to glibc's __abort_msg; which is private and we hence cannot
+ * use here. */
+static char *log_abort_msg = NULL;
+
+void log_close_console(void) {
+
+        if (console_fd < 0)
+                return;
+
+        if (getpid() == 1) {
+                if (console_fd >= 3)
+                        safe_close(console_fd);
+
+                console_fd = -1;
+        }
+}
+
+static int log_open_console(void) {
+
+        if (console_fd >= 0)
+                return 0;
+
+        if (getpid() == 1) {
+                console_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
+                if (console_fd < 0)
+                        return console_fd;
+        } else
+                console_fd = STDERR_FILENO;
+
+        return 0;
+}
+
+void log_close_kmsg(void) {
+        kmsg_fd = safe_close(kmsg_fd);
+}
+
+static int log_open_kmsg(void) {
+
+        if (kmsg_fd >= 0)
+                return 0;
+
+        kmsg_fd = open("/dev/kmsg", O_WRONLY|O_NOCTTY|O_CLOEXEC);
+        if (kmsg_fd < 0)
+                return -errno;
+
+        return 0;
+}
+
+void log_close_syslog(void) {
+        syslog_fd = safe_close(syslog_fd);
+}
+
+static int create_log_socket(int type) {
+        struct timeval tv;
+        int fd;
+
+        fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
+        if (fd < 0)
+                return -errno;
+
+        fd_inc_sndbuf(fd, SNDBUF_SIZE);
+
+        /* We need a blocking fd here since we'd otherwise lose
+        messages way too early. However, let's not hang forever in the
+        unlikely case of a deadlock. */
+        if (getpid() == 1)
+                timeval_store(&tv, 10 * USEC_PER_MSEC);
+        else
+                timeval_store(&tv, 10 * USEC_PER_SEC);
+        (void) setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
+
+        return fd;
+}
+
+static int log_open_syslog(void) {
+
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/dev/log",
+        };
+
+        int r;
+
+        if (syslog_fd >= 0)
+                return 0;
+
+        syslog_fd = create_log_socket(SOCK_DGRAM);
+        if (syslog_fd < 0) {
+                r = syslog_fd;
+                goto fail;
+        }
+
+        if (connect(syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
+                safe_close(syslog_fd);
+
+                /* Some legacy syslog systems still use stream
+                 * sockets. They really shouldn't. But what can we
+                 * do... */
+                syslog_fd = create_log_socket(SOCK_STREAM);
+                if (syslog_fd < 0) {
+                        r = syslog_fd;
+                        goto fail;
+                }
+
+                if (connect(syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+
+                syslog_is_stream = true;
+        } else
+                syslog_is_stream = false;
+
+        return 0;
+
+fail:
+        log_close_syslog();
+        return r;
+}
+
+void log_close_journal(void) {
+        journal_fd = safe_close(journal_fd);
+}
+
+static int log_open_journal(void) {
+
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/journal/socket",
+        };
+
+        int r;
+
+        if (journal_fd >= 0)
+                return 0;
+
+        journal_fd = create_log_socket(SOCK_DGRAM);
+        if (journal_fd < 0) {
+                r = journal_fd;
+                goto fail;
+        }
+
+        if (connect(journal_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        log_close_journal();
+        return r;
+}
+
+int log_open(void) {
+        int r;
+
+        /* If we don't use the console we close it here, to not get
+         * killed by SAK. If we don't use syslog we close it here so
+         * that we are not confused by somebody deleting the socket in
+         * the fs. If we don't use /dev/kmsg we still keep it open,
+         * because there is no reason to close it. */
+
+        if (log_target == LOG_TARGET_NULL) {
+                log_close_journal();
+                log_close_syslog();
+                log_close_console();
+                return 0;
+        }
+
+        if ((log_target != LOG_TARGET_AUTO && log_target != LOG_TARGET_SAFE) ||
+            getpid() == 1 ||
+            isatty(STDERR_FILENO) <= 0) {
+
+                if (log_target == LOG_TARGET_AUTO ||
+                    log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
+                    log_target == LOG_TARGET_JOURNAL) {
+                        r = log_open_journal();
+                        if (r >= 0) {
+                                log_close_syslog();
+                                log_close_console();
+                                return r;
+                        }
+                }
+
+                if (log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
+                    log_target == LOG_TARGET_SYSLOG) {
+                        r = log_open_syslog();
+                        if (r >= 0) {
+                                log_close_journal();
+                                log_close_console();
+                                return r;
+                        }
+                }
+
+                if (log_target == LOG_TARGET_AUTO ||
+                    log_target == LOG_TARGET_SAFE ||
+                    log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
+                    log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
+                    log_target == LOG_TARGET_KMSG) {
+                        r = log_open_kmsg();
+                        if (r >= 0) {
+                                log_close_journal();
+                                log_close_syslog();
+                                log_close_console();
+                                return r;
+                        }
+                }
+        }
+
+        log_close_journal();
+        log_close_syslog();
+
+        return log_open_console();
+}
+
+void log_set_target(LogTarget target) {
+        assert(target >= 0);
+        assert(target < _LOG_TARGET_MAX);
+
+        if (upgrade_syslog_to_journal) {
+                if (target == LOG_TARGET_SYSLOG)
+                        target = LOG_TARGET_JOURNAL;
+                else if (target == LOG_TARGET_SYSLOG_OR_KMSG)
+                        target = LOG_TARGET_JOURNAL_OR_KMSG;
+        }
+
+        log_target = target;
+}
+
+void log_close(void) {
+        log_close_journal();
+        log_close_syslog();
+        log_close_kmsg();
+        log_close_console();
+}
+
+void log_forget_fds(void) {
+        console_fd = kmsg_fd = syslog_fd = journal_fd = -1;
+}
+
+void log_set_max_level(int level) {
+        assert((level & LOG_PRIMASK) == level);
+
+        log_max_level = level;
+}
+
+void log_set_facility(int facility) {
+        log_facility = facility;
+}
+
+static int write_to_console(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *buffer) {
+
+        char location[64], prefix[1 + DECIMAL_STR_MAX(int) + 2];
+        struct iovec iovec[6] = {};
+        unsigned n = 0;
+        bool highlight;
+
+        if (console_fd < 0)
+                return 0;
+
+        if (log_target == LOG_TARGET_CONSOLE_PREFIXED) {
+                sprintf(prefix, "<%i>", level);
+                IOVEC_SET_STRING(iovec[n++], prefix);
+        }
+
+        highlight = LOG_PRI(level) <= LOG_ERR && show_color;
+
+        if (show_location) {
+                xsprintf(location, "(%s:%i) ", file, line);
+                IOVEC_SET_STRING(iovec[n++], location);
+        }
+
+        if (highlight)
+                IOVEC_SET_STRING(iovec[n++], ANSI_HIGHLIGHT_RED);
+        IOVEC_SET_STRING(iovec[n++], buffer);
+        if (highlight)
+                IOVEC_SET_STRING(iovec[n++], ANSI_NORMAL);
+        IOVEC_SET_STRING(iovec[n++], "\n");
+
+        if (writev(console_fd, iovec, n) < 0) {
+
+                if (errno == EIO && getpid() == 1) {
+
+                        /* If somebody tried to kick us from our
+                         * console tty (via vhangup() or suchlike),
+                         * try to reconnect */
+
+                        log_close_console();
+                        log_open_console();
+
+                        if (console_fd < 0)
+                                return 0;
+
+                        if (writev(console_fd, iovec, n) < 0)
+                                return -errno;
+                } else
+                        return -errno;
+        }
+
+        return 1;
+}
+
+static int write_to_syslog(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *buffer) {
+
+        char header_priority[2 + DECIMAL_STR_MAX(int) + 1],
+             header_time[64],
+             header_pid[4 + DECIMAL_STR_MAX(pid_t) + 1];
+        struct iovec iovec[5] = {};
+        struct msghdr msghdr = {
+                .msg_iov = iovec,
+                .msg_iovlen = ELEMENTSOF(iovec),
+        };
+        time_t t;
+        struct tm *tm;
+
+        if (syslog_fd < 0)
+                return 0;
+
+        xsprintf(header_priority, "<%i>", level);
+
+        t = (time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC);
+        tm = localtime(&t);
+        if (!tm)
+                return -EINVAL;
+
+        if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
+                return -EINVAL;
+
+        xsprintf(header_pid, "["PID_FMT"]: ", getpid());
+
+        IOVEC_SET_STRING(iovec[0], header_priority);
+        IOVEC_SET_STRING(iovec[1], header_time);
+        IOVEC_SET_STRING(iovec[2], program_invocation_short_name);
+        IOVEC_SET_STRING(iovec[3], header_pid);
+        IOVEC_SET_STRING(iovec[4], buffer);
+
+        /* When using syslog via SOCK_STREAM separate the messages by NUL chars */
+        if (syslog_is_stream)
+                iovec[4].iov_len++;
+
+        for (;;) {
+                ssize_t n;
+
+                n = sendmsg(syslog_fd, &msghdr, MSG_NOSIGNAL);
+                if (n < 0)
+                        return -errno;
+
+                if (!syslog_is_stream ||
+                    (size_t) n >= IOVEC_TOTAL_SIZE(iovec, ELEMENTSOF(iovec)))
+                        break;
+
+                IOVEC_INCREMENT(iovec, ELEMENTSOF(iovec), n);
+        }
+
+        return 1;
+}
+
+static int write_to_kmsg(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *buffer) {
+
+        char header_priority[2 + DECIMAL_STR_MAX(int) + 1],
+             header_pid[4 + DECIMAL_STR_MAX(pid_t) + 1];
+        struct iovec iovec[5] = {};
+
+        if (kmsg_fd < 0)
+                return 0;
+
+        xsprintf(header_priority, "<%i>", level);
+        xsprintf(header_pid, "["PID_FMT"]: ", getpid());
+
+        IOVEC_SET_STRING(iovec[0], header_priority);
+        IOVEC_SET_STRING(iovec[1], program_invocation_short_name);
+        IOVEC_SET_STRING(iovec[2], header_pid);
+        IOVEC_SET_STRING(iovec[3], buffer);
+        IOVEC_SET_STRING(iovec[4], "\n");
+
+        if (writev(kmsg_fd, iovec, ELEMENTSOF(iovec)) < 0)
+                return -errno;
+
+        return 1;
+}
+
+static int log_do_header(
+                char *header,
+                size_t size,
+                int level,
+                int error,
+                const char *file, int line, const char *func,
+                const char *object_field, const char *object) {
+
+        snprintf(header, size,
+                 "PRIORITY=%i\n"
+                 "SYSLOG_FACILITY=%i\n"
+                 "%s%s%s"
+                 "%s%.*i%s"
+                 "%s%s%s"
+                 "%s%.*i%s"
+                 "%s%s%s"
+                 "SYSLOG_IDENTIFIER=%s\n",
+                 LOG_PRI(level),
+                 LOG_FAC(level),
+                 isempty(file) ? "" : "CODE_FILE=",
+                 isempty(file) ? "" : file,
+                 isempty(file) ? "" : "\n",
+                 line ? "CODE_LINE=" : "",
+                 line ? 1 : 0, line, /* %.0d means no output too, special case for 0 */
+                 line ? "\n" : "",
+                 isempty(func) ? "" : "CODE_FUNCTION=",
+                 isempty(func) ? "" : func,
+                 isempty(func) ? "" : "\n",
+                 error ? "ERRNO=" : "",
+                 error ? 1 : 0, error,
+                 error ? "\n" : "",
+                 isempty(object) ? "" : object_field,
+                 isempty(object) ? "" : object,
+                 isempty(object) ? "" : "\n",
+                 program_invocation_short_name);
+
+        return 0;
+}
+
+static int write_to_journal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *buffer) {
+
+        char header[LINE_MAX];
+        struct iovec iovec[4] = {};
+        struct msghdr mh = {};
+
+        if (journal_fd < 0)
+                return 0;
+
+        log_do_header(header, sizeof(header), level, error, file, line, func, object_field, object);
+
+        IOVEC_SET_STRING(iovec[0], header);
+        IOVEC_SET_STRING(iovec[1], "MESSAGE=");
+        IOVEC_SET_STRING(iovec[2], buffer);
+        IOVEC_SET_STRING(iovec[3], "\n");
+
+        mh.msg_iov = iovec;
+        mh.msg_iovlen = ELEMENTSOF(iovec);
+
+        if (sendmsg(journal_fd, &mh, MSG_NOSIGNAL) < 0)
+                return -errno;
+
+        return 1;
+}
+
+static int log_dispatch(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                char *buffer) {
+
+        assert(buffer);
+
+        if (log_target == LOG_TARGET_NULL)
+                return -error;
+
+        /* Patch in LOG_DAEMON facility if necessary */
+        if ((level & LOG_FACMASK) == 0)
+                level = log_facility | LOG_PRI(level);
+
+        if (error < 0)
+                error = -error;
+
+        do {
+                char *e;
+                int k = 0;
+
+                buffer += strspn(buffer, NEWLINE);
+
+                if (buffer[0] == 0)
+                        break;
+
+                if ((e = strpbrk(buffer, NEWLINE)))
+                        *(e++) = 0;
+
+                if (log_target == LOG_TARGET_AUTO ||
+                    log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
+                    log_target == LOG_TARGET_JOURNAL) {
+
+                        k = write_to_journal(level, error, file, line, func, object_field, object, buffer);
+                        if (k < 0) {
+                                if (k != -EAGAIN)
+                                        log_close_journal();
+                                log_open_kmsg();
+                        }
+                }
+
+                if (log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
+                    log_target == LOG_TARGET_SYSLOG) {
+
+                        k = write_to_syslog(level, error, file, line, func, object_field, object, buffer);
+                        if (k < 0) {
+                                if (k != -EAGAIN)
+                                        log_close_syslog();
+                                log_open_kmsg();
+                        }
+                }
+
+                if (k <= 0 &&
+                    (log_target == LOG_TARGET_AUTO ||
+                     log_target == LOG_TARGET_SAFE ||
+                     log_target == LOG_TARGET_SYSLOG_OR_KMSG ||
+                     log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
+                     log_target == LOG_TARGET_KMSG)) {
+
+                        k = write_to_kmsg(level, error, file, line, func, object_field, object, buffer);
+                        if (k < 0) {
+                                log_close_kmsg();
+                                log_open_console();
+                        }
+                }
+
+                if (k <= 0)
+                        (void) write_to_console(level, error, file, line, func, object_field, object, buffer);
+
+                buffer = e;
+        } while (buffer);
+
+        return -error;
+}
+
+int log_dump_internal(
+        int level,
+        int error,
+        const char *file,
+        int line,
+        const char *func,
+        char *buffer) {
+
+        PROTECT_ERRNO;
+
+        /* This modifies the buffer... */
+
+        if (error < 0)
+                error = -error;
+
+        if (_likely_(LOG_PRI(level) > log_max_level))
+                return -error;
+
+        return log_dispatch(level, error, file, line, func, NULL, NULL, buffer);
+}
+
+int log_internalv(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format,
+                va_list ap) {
+
+        PROTECT_ERRNO;
+        char buffer[LINE_MAX];
+
+        if (error < 0)
+                error = -error;
+
+        if (_likely_(LOG_PRI(level) > log_max_level))
+                return -error;
+
+        /* Make sure that %m maps to the specified error */
+        if (error != 0)
+                errno = error;
+
+        vsnprintf(buffer, sizeof(buffer), format, ap);
+
+        return log_dispatch(level, error, file, line, func, NULL, NULL, buffer);
+}
+
+int log_internal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format, ...) {
+
+        va_list ap;
+        int r;
+
+        va_start(ap, format);
+        r = log_internalv(level, error, file, line, func, format, ap);
+        va_end(ap);
+
+        return r;
+}
+
+int log_object_internalv(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *format,
+                va_list ap) {
+
+        PROTECT_ERRNO;
+        char *buffer, *b;
+        size_t l;
+
+        if (error < 0)
+                error = -error;
+
+        if (_likely_(LOG_PRI(level) > log_max_level))
+                return -error;
+
+        /* Make sure that %m maps to the specified error */
+        if (error != 0)
+                errno = error;
+
+        /* Prepend the object name before the message */
+        if (object) {
+                size_t n;
+
+                n = strlen(object);
+                l = n + 2 + LINE_MAX;
+
+                buffer = newa(char, l);
+                b = stpcpy(stpcpy(buffer, object), ": ");
+        } else {
+                l = LINE_MAX;
+                b = buffer = newa(char, l);
+        }
+
+        vsnprintf(b, l, format, ap);
+
+        return log_dispatch(level, error, file, line, func, object_field, object, buffer);
+}
+
+int log_object_internal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *format, ...) {
+
+        va_list ap;
+        int r;
+
+        va_start(ap, format);
+        r = log_object_internalv(level, error, file, line, func, object_field, object, format, ap);
+        va_end(ap);
+
+        return r;
+}
+
+static void log_assert(
+                int level,
+                const char *text,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format) {
+
+        static char buffer[LINE_MAX];
+
+        if (_likely_(LOG_PRI(level) > log_max_level))
+                return;
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        xsprintf(buffer, format, text, file, line, func);
+        REENABLE_WARNING;
+
+        log_abort_msg = buffer;
+
+        log_dispatch(level, 0, file, line, func, NULL, NULL, buffer);
+}
+
+noreturn void log_assert_failed(const char *text, const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, text, file, line, func, "Assertion '%s' failed at %s:%u, function %s(). Aborting.");
+        abort();
+}
+
+noreturn void log_assert_failed_unreachable(const char *text, const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, text, file, line, func, "Code should not be reached '%s' at %s:%u, function %s(). Aborting.");
+        abort();
+}
+
+void log_assert_failed_return(const char *text, const char *file, int line, const char *func) {
+        PROTECT_ERRNO;
+        log_assert(LOG_DEBUG, text, file, line, func, "Assertion '%s' failed at %s:%u, function %s(). Ignoring.");
+}
+
+int log_oom_internal(const char *file, int line, const char *func) {
+        log_internal(LOG_ERR, ENOMEM, file, line, func, "Out of memory.");
+        return -ENOMEM;
+}
+
+int log_format_iovec(
+                struct iovec *iovec,
+                unsigned iovec_len,
+                unsigned *n,
+                bool newline_separator,
+                int error,
+                const char *format,
+                va_list ap) {
+
+        static const char nl = '\n';
+
+        while (format && *n + 1 < iovec_len) {
+                va_list aq;
+                char *m;
+                int r;
+
+                /* We need to copy the va_list structure,
+                 * since vasprintf() leaves it afterwards at
+                 * an undefined location */
+
+                if (error != 0)
+                        errno = error;
+
+                va_copy(aq, ap);
+                r = vasprintf(&m, format, aq);
+                va_end(aq);
+                if (r < 0)
+                        return -EINVAL;
+
+                /* Now, jump enough ahead, so that we point to
+                 * the next format string */
+                VA_FORMAT_ADVANCE(format, ap);
+
+                IOVEC_SET_STRING(iovec[(*n)++], m);
+
+                if (newline_separator) {
+                        iovec[*n].iov_base = (char*) &nl;
+                        iovec[*n].iov_len = 1;
+                        (*n)++;
+                }
+
+                format = va_arg(ap, char *);
+        }
+        return 0;
+}
+
+int log_struct_internal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format, ...) {
+
+        char buf[LINE_MAX];
+        bool found = false;
+        PROTECT_ERRNO;
+        va_list ap;
+
+        if (error < 0)
+                error = -error;
+
+        if (_likely_(LOG_PRI(level) > log_max_level))
+                return -error;
+
+        if (log_target == LOG_TARGET_NULL)
+                return -error;
+
+        if ((level & LOG_FACMASK) == 0)
+                level = log_facility | LOG_PRI(level);
+
+        if ((log_target == LOG_TARGET_AUTO ||
+             log_target == LOG_TARGET_JOURNAL_OR_KMSG ||
+             log_target == LOG_TARGET_JOURNAL) &&
+            journal_fd >= 0) {
+                char header[LINE_MAX];
+                struct iovec iovec[17] = {};
+                unsigned n = 0, i;
+                int r;
+                struct msghdr mh = {
+                        .msg_iov = iovec,
+                };
+                bool fallback = false;
+
+                /* If the journal is available do structured logging */
+                log_do_header(header, sizeof(header), level, error, file, line, func, NULL, NULL);
+                IOVEC_SET_STRING(iovec[n++], header);
+
+                va_start(ap, format);
+                r = log_format_iovec(iovec, ELEMENTSOF(iovec), &n, true, error, format, ap);
+                if (r < 0)
+                        fallback = true;
+                else {
+                        mh.msg_iovlen = n;
+                        (void) sendmsg(journal_fd, &mh, MSG_NOSIGNAL);
+                }
+
+                va_end(ap);
+                for (i = 1; i < n; i += 2)
+                        free(iovec[i].iov_base);
+
+                if (!fallback)
+                        return -error;
+        }
+
+        /* Fallback if journal logging is not available or didn't work. */
+
+        va_start(ap, format);
+        while (format) {
+                va_list aq;
+
+                if (error != 0)
+                        errno = error;
+
+                va_copy(aq, ap);
+                vsnprintf(buf, sizeof(buf), format, aq);
+                va_end(aq);
+
+                if (startswith(buf, "MESSAGE=")) {
+                        found = true;
+                        break;
+                }
+
+                VA_FORMAT_ADVANCE(format, ap);
+
+                format = va_arg(ap, char *);
+        }
+        va_end(ap);
+
+        if (!found)
+                return -error;
+
+        return log_dispatch(level, error, file, line, func, NULL, NULL, buf + 8);
+}
+
+int log_set_target_from_string(const char *e) {
+        LogTarget t;
+
+        t = log_target_from_string(e);
+        if (t < 0)
+                return -EINVAL;
+
+        log_set_target(t);
+        return 0;
+}
+
+int log_set_max_level_from_string(const char *e) {
+        int t;
+
+        t = log_level_from_string(e);
+        if (t < 0)
+                return -EINVAL;
+
+        log_set_max_level(t);
+        return 0;
+}
+
+static int parse_proc_cmdline_item(const char *key, const char *value) {
+
+        /*
+         * The systemd.log_xyz= settings are parsed by all tools, and
+         * so is "debug".
+         *
+         * However, "quiet" is only parsed by PID 1, and only turns of
+         * status output to /dev/console, but does not alter the log
+         * level.
+         */
+
+        if (streq(key, "debug") && !value)
+                log_set_max_level(LOG_DEBUG);
+
+        else if (streq(key, "systemd.log_target") && value) {
+
+                if (log_set_target_from_string(value) < 0)
+                        log_warning("Failed to parse log target '%s'. Ignoring.", value);
+
+        } else if (streq(key, "systemd.log_level") && value) {
+
+                if (log_set_max_level_from_string(value) < 0)
+                        log_warning("Failed to parse log level '%s'. Ignoring.", value);
+
+        } else if (streq(key, "systemd.log_color") && value) {
+
+                if (log_show_color_from_string(value) < 0)
+                        log_warning("Failed to parse log color setting '%s'. Ignoring.", value);
+
+        } else if (streq(key, "systemd.log_location") && value) {
+
+                if (log_show_location_from_string(value) < 0)
+                        log_warning("Failed to parse log location setting '%s'. Ignoring.", value);
+        }
+
+        return 0;
+}
+
+void log_parse_environment(void) {
+        const char *e;
+
+        if (get_ctty_devnr(0, NULL) < 0)
+                /* Only try to read the command line in daemons.
+                   We assume that anything that has a controlling
+                   tty is user stuff. */
+                (void) parse_proc_cmdline(parse_proc_cmdline_item);
+
+        e = secure_getenv("SYSTEMD_LOG_TARGET");
+        if (e && log_set_target_from_string(e) < 0)
+                log_warning("Failed to parse log target '%s'. Ignoring.", e);
+
+        e = secure_getenv("SYSTEMD_LOG_LEVEL");
+        if (e && log_set_max_level_from_string(e) < 0)
+                log_warning("Failed to parse log level '%s'. Ignoring.", e);
+
+        e = secure_getenv("SYSTEMD_LOG_COLOR");
+        if (e && log_show_color_from_string(e) < 0)
+                log_warning("Failed to parse bool '%s'. Ignoring.", e);
+
+        e = secure_getenv("SYSTEMD_LOG_LOCATION");
+        if (e && log_show_location_from_string(e) < 0)
+                log_warning("Failed to parse bool '%s'. Ignoring.", e);
+}
+
+LogTarget log_get_target(void) {
+        return log_target;
+}
+
+int log_get_max_level(void) {
+        return log_max_level;
+}
+
+void log_show_color(bool b) {
+        show_color = b;
+}
+
+bool log_get_show_color(void) {
+        return show_color;
+}
+
+void log_show_location(bool b) {
+        show_location = b;
+}
+
+bool log_get_show_location(void) {
+        return show_location;
+}
+
+int log_show_color_from_string(const char *e) {
+        int t;
+
+        t = parse_boolean(e);
+        if (t < 0)
+                return t;
+
+        log_show_color(t);
+        return 0;
+}
+
+int log_show_location_from_string(const char *e) {
+        int t;
+
+        t = parse_boolean(e);
+        if (t < 0)
+                return t;
+
+        log_show_location(t);
+        return 0;
+}
+
+bool log_on_console(void) {
+        if (log_target == LOG_TARGET_CONSOLE ||
+            log_target == LOG_TARGET_CONSOLE_PREFIXED)
+                return true;
+
+        return syslog_fd < 0 && kmsg_fd < 0 && journal_fd < 0;
+}
+
+static const char *const log_target_table[_LOG_TARGET_MAX] = {
+        [LOG_TARGET_CONSOLE] = "console",
+        [LOG_TARGET_CONSOLE_PREFIXED] = "console-prefixed",
+        [LOG_TARGET_KMSG] = "kmsg",
+        [LOG_TARGET_JOURNAL] = "journal",
+        [LOG_TARGET_JOURNAL_OR_KMSG] = "journal-or-kmsg",
+        [LOG_TARGET_SYSLOG] = "syslog",
+        [LOG_TARGET_SYSLOG_OR_KMSG] = "syslog-or-kmsg",
+        [LOG_TARGET_AUTO] = "auto",
+        [LOG_TARGET_SAFE] = "safe",
+        [LOG_TARGET_NULL] = "null"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(log_target, LogTarget);
+
+void log_received_signal(int level, const struct signalfd_siginfo *si) {
+        if (si->ssi_pid > 0) {
+                _cleanup_free_ char *p = NULL;
+
+                get_process_comm(si->ssi_pid, &p);
+
+                log_full(level,
+                         "Received SIG%s from PID %"PRIu32" (%s).",
+                         signal_to_string(si->ssi_signo),
+                         si->ssi_pid, strna(p));
+        } else
+                log_full(level,
+                         "Received SIG%s.",
+                         signal_to_string(si->ssi_signo));
+
+}
+
+void log_set_upgrade_syslog_to_journal(bool b) {
+        upgrade_syslog_to_journal = b;
+}
+
+int log_syntax_internal(
+                const char *unit,
+                int level,
+                const char *config_file,
+                unsigned config_line,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format, ...) {
+
+        PROTECT_ERRNO;
+        char buffer[LINE_MAX];
+        int r;
+        va_list ap;
+
+        if (error < 0)
+                error = -error;
+
+        if (_likely_(LOG_PRI(level) > log_max_level))
+                return -error;
+
+        if (log_target == LOG_TARGET_NULL)
+                return -error;
+
+        if (error != 0)
+                errno = error;
+
+        va_start(ap, format);
+        vsnprintf(buffer, sizeof(buffer), format, ap);
+        va_end(ap);
+
+        if (unit)
+                r = log_struct_internal(
+                                level, error,
+                                file, line, func,
+                                getpid() == 1 ? "UNIT=%s" : "USER_UNIT=%s", unit,
+                                LOG_MESSAGE_ID(SD_MESSAGE_INVALID_CONFIGURATION),
+                                "CONFIG_FILE=%s", config_file,
+                                "CONFIG_LINE=%u", config_line,
+                                LOG_MESSAGE("[%s:%u] %s", config_file, config_line, buffer),
+                                NULL);
+        else
+                r = log_struct_internal(
+                                level, error,
+                                file, line, func,
+                                LOG_MESSAGE_ID(SD_MESSAGE_INVALID_CONFIGURATION),
+                                "CONFIG_FILE=%s", config_file,
+                                "CONFIG_LINE=%u", config_line,
+                                LOG_MESSAGE("[%s:%u] %s", config_file, config_line, buffer),
+                                NULL);
+
+        return r;
+}
diff --git a/src/libbasic/log.h b/src/libbasic/log.h
new file mode 100644
index 0000000000..d2a22b5829
--- /dev/null
+++ b/src/libbasic/log.h
@@ -0,0 +1,249 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <sys/signalfd.h>
+#include <sys/socket.h>
+#include <syslog.h>
+
+#include <systemd/sd-id128.h>
+
+#include "macro.h"
+
+typedef enum LogTarget{
+        LOG_TARGET_CONSOLE,
+        LOG_TARGET_CONSOLE_PREFIXED,
+        LOG_TARGET_KMSG,
+        LOG_TARGET_JOURNAL,
+        LOG_TARGET_JOURNAL_OR_KMSG,
+        LOG_TARGET_SYSLOG,
+        LOG_TARGET_SYSLOG_OR_KMSG,
+        LOG_TARGET_AUTO, /* console if stderr is tty, JOURNAL_OR_KMSG otherwise */
+        LOG_TARGET_SAFE, /* console if stderr is tty, KMSG otherwise */
+        LOG_TARGET_NULL,
+        _LOG_TARGET_MAX,
+        _LOG_TARGET_INVALID = -1
+}  LogTarget;
+
+void log_set_target(LogTarget target);
+void log_set_max_level(int level);
+void log_set_facility(int facility);
+
+int log_set_target_from_string(const char *e);
+int log_set_max_level_from_string(const char *e);
+
+void log_show_color(bool b);
+bool log_get_show_color(void) _pure_;
+void log_show_location(bool b);
+bool log_get_show_location(void) _pure_;
+
+int log_show_color_from_string(const char *e);
+int log_show_location_from_string(const char *e);
+
+LogTarget log_get_target(void) _pure_;
+int log_get_max_level(void) _pure_;
+
+int log_open(void);
+void log_close(void);
+void log_forget_fds(void);
+
+void log_close_syslog(void);
+void log_close_journal(void);
+void log_close_kmsg(void);
+void log_close_console(void);
+
+void log_parse_environment(void);
+
+int log_internal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format, ...) _printf_(6,7);
+
+int log_internalv(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format,
+                va_list ap) _printf_(6,0);
+
+int log_object_internal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *format, ...) _printf_(8,9);
+
+int log_object_internalv(
+                int level,
+                int error,
+                const char*file,
+                int line,
+                const char *func,
+                const char *object_field,
+                const char *object,
+                const char *format,
+                va_list ap) _printf_(8,0);
+
+int log_struct_internal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format, ...) _printf_(6,0) _sentinel_;
+
+int log_oom_internal(
+                const char *file,
+                int line,
+                const char *func);
+
+int log_format_iovec(
+                struct iovec *iovec,
+                unsigned iovec_len,
+                unsigned *n,
+                bool newline_separator,
+                int error,
+                const char *format,
+                va_list ap);
+
+/* This modifies the buffer passed! */
+int log_dump_internal(
+                int level,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                char *buffer);
+
+/* Logging for various assertions */
+noreturn void log_assert_failed(
+                const char *text,
+                const char *file,
+                int line,
+                const char *func);
+
+noreturn void log_assert_failed_unreachable(
+                const char *text,
+                const char *file,
+                int line,
+                const char *func);
+
+void log_assert_failed_return(
+                const char *text,
+                const char *file,
+                int line,
+                const char *func);
+
+/* Logging with level */
+#define log_full_errno(level, error, ...)                               \
+        ({                                                              \
+                int _level = (level), _e = (error);                     \
+                (log_get_max_level() >= LOG_PRI(_level))                \
+                        ? log_internal(_level, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \
+                        : -abs(_e);                                     \
+        })
+
+#define log_full(level, ...) log_full_errno(level, 0, __VA_ARGS__)
+
+/* Normal logging */
+#define log_debug(...)     log_full(LOG_DEBUG,   __VA_ARGS__)
+#define log_info(...)      log_full(LOG_INFO,    __VA_ARGS__)
+#define log_notice(...)    log_full(LOG_NOTICE,  __VA_ARGS__)
+#define log_warning(...)   log_full(LOG_WARNING, __VA_ARGS__)
+#define log_error(...)     log_full(LOG_ERR,     __VA_ARGS__)
+#define log_emergency(...) log_full(getpid() == 1 ? LOG_EMERG : LOG_ERR, __VA_ARGS__)
+
+/* Logging triggered by an errno-like error */
+#define log_debug_errno(error, ...)     log_full_errno(LOG_DEBUG,   error, __VA_ARGS__)
+#define log_info_errno(error, ...)      log_full_errno(LOG_INFO,    error, __VA_ARGS__)
+#define log_notice_errno(error, ...)    log_full_errno(LOG_NOTICE,  error, __VA_ARGS__)
+#define log_warning_errno(error, ...)   log_full_errno(LOG_WARNING, error, __VA_ARGS__)
+#define log_error_errno(error, ...)     log_full_errno(LOG_ERR,     error, __VA_ARGS__)
+#define log_emergency_errno(error, ...) log_full_errno(getpid() == 1 ? LOG_EMERG : LOG_ERR, error, __VA_ARGS__)
+
+#ifdef LOG_TRACE
+#  define log_trace(...) log_debug(__VA_ARGS__)
+#else
+#  define log_trace(...) do {} while (0)
+#endif
+
+/* Structured logging */
+#define log_struct(level, ...) log_struct_internal(level, 0, __FILE__, __LINE__, __func__, __VA_ARGS__)
+#define log_struct_errno(level, error, ...) log_struct_internal(level, error, __FILE__, __LINE__, __func__, __VA_ARGS__)
+
+/* This modifies the buffer passed! */
+#define log_dump(level, buffer) log_dump_internal(level, 0, __FILE__, __LINE__, __func__, buffer)
+
+#define log_oom() log_oom_internal(__FILE__, __LINE__, __func__)
+
+bool log_on_console(void) _pure_;
+
+const char *log_target_to_string(LogTarget target) _const_;
+LogTarget log_target_from_string(const char *s) _pure_;
+
+/* Helpers to prepare various fields for structured logging */
+#define LOG_MESSAGE(fmt, ...) "MESSAGE=" fmt, ##__VA_ARGS__
+#define LOG_MESSAGE_ID(x) "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(x)
+
+void log_received_signal(int level, const struct signalfd_siginfo *si);
+
+void log_set_upgrade_syslog_to_journal(bool b);
+
+int log_syntax_internal(
+                const char *unit,
+                int level,
+                const char *config_file,
+                unsigned config_line,
+                int error,
+                const char *file,
+                int line,
+                const char *func,
+                const char *format, ...) _printf_(9, 10);
+
+#define log_syntax(unit, level, config_file, config_line, error, ...)   \
+        ({                                                              \
+                int _level = (level), _e = (error);                     \
+                (log_get_max_level() >= LOG_PRI(_level))                \
+                        ? log_syntax_internal(unit, _level, config_file, config_line, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \
+                        : -abs(_e);                                     \
+        })
+
+#define log_syntax_invalid_utf8(unit, level, config_file, config_line, rvalue) \
+        ({                                                              \
+                int _level = (level);                                   \
+                if (log_get_max_level() >= LOG_PRI(_level)) {           \
+                        _cleanup_free_ char *_p = NULL;                 \
+                        _p = utf8_escape_invalid(rvalue);               \
+                        log_syntax_internal(unit, _level, config_file, config_line, 0, __FILE__, __LINE__, __func__, \
+                                            "String is not UTF-8 clean, ignoring assignment: %s", strna(_p)); \
+                }                                                       \
+        })
diff --git a/src/basic/login-util.c b/src/libbasic/login-util.c
index 339e94f12d..339e94f12d 100644
--- a/src/basic/login-util.c
+++ b/src/libbasic/login-util.c
diff --git a/src/basic/login-util.h b/src/libbasic/login-util.h
index b01ee25c88..b01ee25c88 100644
--- a/src/basic/login-util.h
+++ b/src/libbasic/login-util.h
diff --git a/src/basic/macro.h b/src/libbasic/macro.h
index e41aa4260f..e41aa4260f 100644
--- a/src/basic/macro.h
+++ b/src/libbasic/macro.h
diff --git a/src/basic/memfd-util.c b/src/libbasic/memfd-util.c
index 8c8cc78ebf..8c8cc78ebf 100644
--- a/src/basic/memfd-util.c
+++ b/src/libbasic/memfd-util.c
diff --git a/src/basic/memfd-util.h b/src/libbasic/memfd-util.h
index 46d4989e4c..46d4989e4c 100644
--- a/src/basic/memfd-util.h
+++ b/src/libbasic/memfd-util.h
diff --git a/src/basic/mempool.c b/src/libbasic/mempool.c
index f95e2beb0f..f95e2beb0f 100644
--- a/src/basic/mempool.c
+++ b/src/libbasic/mempool.c
diff --git a/src/basic/mempool.h b/src/libbasic/mempool.h
index 0618b8dd22..0618b8dd22 100644
--- a/src/basic/mempool.h
+++ b/src/libbasic/mempool.h
diff --git a/src/basic/missing.h b/src/libbasic/missing.h
index 651e414395..651e414395 100644
--- a/src/basic/missing.h
+++ b/src/libbasic/missing.h
diff --git a/src/basic/missing_syscall.h b/src/libbasic/missing_syscall.h
index d502d3b9ca..d502d3b9ca 100644
--- a/src/basic/missing_syscall.h
+++ b/src/libbasic/missing_syscall.h
diff --git a/src/basic/mkdir-label.c b/src/libbasic/mkdir-label.c
index aa6878cdf0..aa6878cdf0 100644
--- a/src/basic/mkdir-label.c
+++ b/src/libbasic/mkdir-label.c
diff --git a/src/basic/mkdir.c b/src/libbasic/mkdir.c
index 6b1a98402c..6b1a98402c 100644
--- a/src/basic/mkdir.c
+++ b/src/libbasic/mkdir.c
diff --git a/src/basic/mkdir.h b/src/libbasic/mkdir.h
index d564a3547f..d564a3547f 100644
--- a/src/basic/mkdir.h
+++ b/src/libbasic/mkdir.h
diff --git a/src/basic/mount-util.c b/src/libbasic/mount-util.c
index ba698959b7..ba698959b7 100644
--- a/src/basic/mount-util.c
+++ b/src/libbasic/mount-util.c
diff --git a/src/basic/mount-util.h b/src/libbasic/mount-util.h
index bdb525d6b0..bdb525d6b0 100644
--- a/src/basic/mount-util.h
+++ b/src/libbasic/mount-util.h
diff --git a/src/basic/nss-util.h b/src/libbasic/nss-util.h
index bf7c4854fc..bf7c4854fc 100644
--- a/src/basic/nss-util.h
+++ b/src/libbasic/nss-util.h
diff --git a/src/basic/ordered-set.c b/src/libbasic/ordered-set.c
index 2e0bdf6488..2e0bdf6488 100644
--- a/src/basic/ordered-set.c
+++ b/src/libbasic/ordered-set.c
diff --git a/src/basic/ordered-set.h b/src/libbasic/ordered-set.h
index e1dfc86380..e1dfc86380 100644
--- a/src/basic/ordered-set.h
+++ b/src/libbasic/ordered-set.h
diff --git a/src/basic/parse-util.c b/src/libbasic/parse-util.c
index 6c11b605a9..6c11b605a9 100644
--- a/src/basic/parse-util.c
+++ b/src/libbasic/parse-util.c
diff --git a/src/basic/parse-util.h b/src/libbasic/parse-util.h
index 7dc579a159..7dc579a159 100644
--- a/src/basic/parse-util.h
+++ b/src/libbasic/parse-util.h
diff --git a/src/basic/path-util.c b/src/libbasic/path-util.c
index b2fa81a294..b2fa81a294 100644
--- a/src/basic/path-util.c
+++ b/src/libbasic/path-util.c
diff --git a/src/basic/path-util.h b/src/libbasic/path-util.h
index a27c13fcc3..a27c13fcc3 100644
--- a/src/basic/path-util.h
+++ b/src/libbasic/path-util.h
diff --git a/src/basic/prioq.c b/src/libbasic/prioq.c
index d2ec516d29..d2ec516d29 100644
--- a/src/basic/prioq.c
+++ b/src/libbasic/prioq.c
diff --git a/src/basic/prioq.h b/src/libbasic/prioq.h
index 113c73d040..113c73d040 100644
--- a/src/basic/prioq.h
+++ b/src/libbasic/prioq.h
diff --git a/src/basic/proc-cmdline.c b/src/libbasic/proc-cmdline.c
index 3505fa9c9a..3505fa9c9a 100644
--- a/src/basic/proc-cmdline.c
+++ b/src/libbasic/proc-cmdline.c
diff --git a/src/basic/proc-cmdline.h b/src/libbasic/proc-cmdline.h
index 452642a2f5..452642a2f5 100644
--- a/src/basic/proc-cmdline.h
+++ b/src/libbasic/proc-cmdline.h
diff --git a/src/basic/process-util.c b/src/libbasic/process-util.c
index 1ad8816206..1ad8816206 100644
--- a/src/basic/process-util.c
+++ b/src/libbasic/process-util.c
diff --git a/src/basic/process-util.h b/src/libbasic/process-util.h
index 9f75088796..9f75088796 100644
--- a/src/basic/process-util.h
+++ b/src/libbasic/process-util.h
diff --git a/src/basic/random-util.c b/src/libbasic/random-util.c
index 2f468db770..2f468db770 100644
--- a/src/basic/random-util.c
+++ b/src/libbasic/random-util.c
diff --git a/src/basic/random-util.h b/src/libbasic/random-util.h
index 3cee4c5014..3cee4c5014 100644
--- a/src/basic/random-util.h
+++ b/src/libbasic/random-util.h
diff --git a/src/basic/ratelimit.c b/src/libbasic/ratelimit.c
index 3ca5625e4d..3ca5625e4d 100644
--- a/src/basic/ratelimit.c
+++ b/src/libbasic/ratelimit.c
diff --git a/src/basic/ratelimit.h b/src/libbasic/ratelimit.h
index 9c8dddf5ad..9c8dddf5ad 100644
--- a/src/basic/ratelimit.h
+++ b/src/libbasic/ratelimit.h
diff --git a/src/basic/refcnt.h b/src/libbasic/refcnt.h
index 1d77a6445a..1d77a6445a 100644
--- a/src/basic/refcnt.h
+++ b/src/libbasic/refcnt.h
diff --git a/src/basic/replace-var.c b/src/libbasic/replace-var.c
index 6a204b9ec3..6a204b9ec3 100644
--- a/src/basic/replace-var.c
+++ b/src/libbasic/replace-var.c
diff --git a/src/basic/replace-var.h b/src/libbasic/replace-var.h
index 78412910b2..78412910b2 100644
--- a/src/basic/replace-var.h
+++ b/src/libbasic/replace-var.h
diff --git a/src/basic/rlimit-util.c b/src/libbasic/rlimit-util.c
index ee063720ed..ee063720ed 100644
--- a/src/basic/rlimit-util.c
+++ b/src/libbasic/rlimit-util.c
diff --git a/src/basic/rlimit-util.h b/src/libbasic/rlimit-util.h
index d4594eccd6..d4594eccd6 100644
--- a/src/basic/rlimit-util.h
+++ b/src/libbasic/rlimit-util.h
diff --git a/src/basic/rm-rf.c b/src/libbasic/rm-rf.c
index 43816fd1bb..43816fd1bb 100644
--- a/src/basic/rm-rf.c
+++ b/src/libbasic/rm-rf.c
diff --git a/src/basic/rm-rf.h b/src/libbasic/rm-rf.h
index f693a5bb7c..f693a5bb7c 100644
--- a/src/basic/rm-rf.h
+++ b/src/libbasic/rm-rf.h
diff --git a/src/basic/securebits.h b/src/libbasic/securebits.h
index 98fbe0d433..98fbe0d433 100644
--- a/src/basic/securebits.h
+++ b/src/libbasic/securebits.h
diff --git a/src/basic/selinux-util.c b/src/libbasic/selinux-util.c
index 10c2f39369..10c2f39369 100644
--- a/src/basic/selinux-util.c
+++ b/src/libbasic/selinux-util.c
diff --git a/src/basic/selinux-util.h b/src/libbasic/selinux-util.h
index ce6bc8e44c..ce6bc8e44c 100644
--- a/src/basic/selinux-util.h
+++ b/src/libbasic/selinux-util.h
diff --git a/src/basic/set.h b/src/libbasic/set.h
index e0d9dd001c..e0d9dd001c 100644
--- a/src/basic/set.h
+++ b/src/libbasic/set.h
diff --git a/src/basic/sigbus.c b/src/libbasic/sigbus.c
index 0ce4f75684..0ce4f75684 100644
--- a/src/basic/sigbus.c
+++ b/src/libbasic/sigbus.c
diff --git a/src/basic/sigbus.h b/src/libbasic/sigbus.h
index 980243d9ce..980243d9ce 100644
--- a/src/basic/sigbus.h
+++ b/src/libbasic/sigbus.h
diff --git a/src/basic/signal-util.c b/src/libbasic/signal-util.c
index 280b5c3251..280b5c3251 100644
--- a/src/basic/signal-util.c
+++ b/src/libbasic/signal-util.c
diff --git a/src/basic/signal-util.h b/src/libbasic/signal-util.h
index dfd6eb564d..dfd6eb564d 100644
--- a/src/basic/signal-util.h
+++ b/src/libbasic/signal-util.h
diff --git a/src/basic/siphash24.c b/src/libbasic/siphash24.c
index 060e8ba387..060e8ba387 100644
--- a/src/basic/siphash24.c
+++ b/src/libbasic/siphash24.c
diff --git a/src/basic/siphash24.h b/src/libbasic/siphash24.h
index 54e2420cc6..54e2420cc6 100644
--- a/src/basic/siphash24.h
+++ b/src/libbasic/siphash24.h
diff --git a/src/basic/smack-util.c b/src/libbasic/smack-util.c
index 3a3df987df..3a3df987df 100644
--- a/src/basic/smack-util.c
+++ b/src/libbasic/smack-util.c
diff --git a/src/basic/smack-util.h b/src/libbasic/smack-util.h
index f90ba0a027..f90ba0a027 100644
--- a/src/basic/smack-util.h
+++ b/src/libbasic/smack-util.h
diff --git a/src/basic/socket-label.c b/src/libbasic/socket-label.c
index 6d1dc83874..6d1dc83874 100644
--- a/src/basic/socket-label.c
+++ b/src/libbasic/socket-label.c
diff --git a/src/basic/socket-util.c b/src/libbasic/socket-util.c
index c8769a54f4..c8769a54f4 100644
--- a/src/basic/socket-util.c
+++ b/src/libbasic/socket-util.c
diff --git a/src/basic/socket-util.h b/src/libbasic/socket-util.h
index e9230e4a9f..e9230e4a9f 100644
--- a/src/basic/socket-util.h
+++ b/src/libbasic/socket-util.h
diff --git a/src/basic/sparse-endian.h b/src/libbasic/sparse-endian.h
index c913fda8c5..c913fda8c5 100644
--- a/src/basic/sparse-endian.h
+++ b/src/libbasic/sparse-endian.h
diff --git a/src/basic/special.h b/src/libbasic/special.h
index 084d3dfa23..084d3dfa23 100644
--- a/src/basic/special.h
+++ b/src/libbasic/special.h
diff --git a/src/basic/stat-util.c b/src/libbasic/stat-util.c
index 309e84b93d..309e84b93d 100644
--- a/src/basic/stat-util.c
+++ b/src/libbasic/stat-util.c
diff --git a/src/basic/stat-util.h b/src/libbasic/stat-util.h
index 56d28f791e..56d28f791e 100644
--- a/src/basic/stat-util.h
+++ b/src/libbasic/stat-util.h
diff --git a/src/basic/stdio-util.h b/src/libbasic/stdio-util.h
index bd1144b4c9..bd1144b4c9 100644
--- a/src/basic/stdio-util.h
+++ b/src/libbasic/stdio-util.h
diff --git a/src/basic/strbuf.c b/src/libbasic/strbuf.c
index 4bef87d3c2..4bef87d3c2 100644
--- a/src/basic/strbuf.c
+++ b/src/libbasic/strbuf.c
diff --git a/src/basic/strbuf.h b/src/libbasic/strbuf.h
index a1632da0e8..a1632da0e8 100644
--- a/src/basic/strbuf.h
+++ b/src/libbasic/strbuf.h
diff --git a/src/basic/string-table.c b/src/libbasic/string-table.c
index a1499ab126..a1499ab126 100644
--- a/src/basic/string-table.c
+++ b/src/libbasic/string-table.c
diff --git a/src/basic/string-table.h b/src/libbasic/string-table.h
index d88625fca7..d88625fca7 100644
--- a/src/basic/string-table.h
+++ b/src/libbasic/string-table.h
diff --git a/src/basic/string-util.c b/src/libbasic/string-util.c
index 293a15f9c0..293a15f9c0 100644
--- a/src/basic/string-util.c
+++ b/src/libbasic/string-util.c
diff --git a/src/basic/string-util.h b/src/libbasic/string-util.h
index 139cc8c91b..139cc8c91b 100644
--- a/src/basic/string-util.h
+++ b/src/libbasic/string-util.h
diff --git a/src/basic/strv.c b/src/libbasic/strv.c
index 97a96e5762..97a96e5762 100644
--- a/src/basic/strv.c
+++ b/src/libbasic/strv.c
diff --git a/src/basic/strv.h b/src/libbasic/strv.h
index f61bbb5386..f61bbb5386 100644
--- a/src/basic/strv.h
+++ b/src/libbasic/strv.h
diff --git a/src/basic/strxcpyx.c b/src/libbasic/strxcpyx.c
index aaf11d21f6..aaf11d21f6 100644
--- a/src/basic/strxcpyx.c
+++ b/src/libbasic/strxcpyx.c
diff --git a/src/basic/strxcpyx.h b/src/libbasic/strxcpyx.h
index 80ff58726b..80ff58726b 100644
--- a/src/basic/strxcpyx.h
+++ b/src/libbasic/strxcpyx.h
diff --git a/src/basic/syslog-util.c b/src/libbasic/syslog-util.c
index db3405154e..db3405154e 100644
--- a/src/basic/syslog-util.c
+++ b/src/libbasic/syslog-util.c
diff --git a/src/basic/syslog-util.h b/src/libbasic/syslog-util.h
index 5cb606a1bf..5cb606a1bf 100644
--- a/src/basic/syslog-util.h
+++ b/src/libbasic/syslog-util.h
diff --git a/src/basic/terminal-util.c b/src/libbasic/terminal-util.c
index 9521b79daa..9521b79daa 100644
--- a/src/basic/terminal-util.c
+++ b/src/libbasic/terminal-util.c
diff --git a/src/basic/terminal-util.h b/src/libbasic/terminal-util.h
index a7c96a77cb..a7c96a77cb 100644
--- a/src/basic/terminal-util.h
+++ b/src/libbasic/terminal-util.h
diff --git a/src/basic/time-util.c b/src/libbasic/time-util.c
index edd9179cb8..edd9179cb8 100644
--- a/src/basic/time-util.c
+++ b/src/libbasic/time-util.c
diff --git a/src/basic/time-util.h b/src/libbasic/time-util.h
index a5e3f567ec..a5e3f567ec 100644
--- a/src/basic/time-util.h
+++ b/src/libbasic/time-util.h
diff --git a/src/basic/umask-util.h b/src/libbasic/umask-util.h
index 359d87d27c..359d87d27c 100644
--- a/src/basic/umask-util.h
+++ b/src/libbasic/umask-util.h
diff --git a/src/basic/unaligned.h b/src/libbasic/unaligned.h
index 79be645bed..79be645bed 100644
--- a/src/basic/unaligned.h
+++ b/src/libbasic/unaligned.h
diff --git a/src/basic/unit-name.c b/src/libbasic/unit-name.c
index fe883b95c7..fe883b95c7 100644
--- a/src/basic/unit-name.c
+++ b/src/libbasic/unit-name.c
diff --git a/src/basic/unit-name.h b/src/libbasic/unit-name.h
index f209a84634..f209a84634 100644
--- a/src/basic/unit-name.h
+++ b/src/libbasic/unit-name.h
diff --git a/src/basic/user-util.c b/src/libbasic/user-util.c
index f65ca3edaa..f65ca3edaa 100644
--- a/src/basic/user-util.c
+++ b/src/libbasic/user-util.c
diff --git a/src/basic/user-util.h b/src/libbasic/user-util.h
index 8026eca3f4..8026eca3f4 100644
--- a/src/basic/user-util.h
+++ b/src/libbasic/user-util.h
diff --git a/src/basic/utf8.c b/src/libbasic/utf8.c
index 6eae2b983d..6eae2b983d 100644
--- a/src/basic/utf8.c
+++ b/src/libbasic/utf8.c
diff --git a/src/basic/utf8.h b/src/libbasic/utf8.h
index f9b9c9468b..f9b9c9468b 100644
--- a/src/basic/utf8.h
+++ b/src/libbasic/utf8.h
diff --git a/src/basic/util.c b/src/libbasic/util.c
index 756c663be4..756c663be4 100644
--- a/src/basic/util.c
+++ b/src/libbasic/util.c
diff --git a/src/basic/util.h b/src/libbasic/util.h
index 1c032c15c9..1c032c15c9 100644
--- a/src/basic/util.h
+++ b/src/libbasic/util.h
diff --git a/src/basic/verbs.c b/src/libbasic/verbs.c
index d9cdb38d65..d9cdb38d65 100644
--- a/src/basic/verbs.c
+++ b/src/libbasic/verbs.c
diff --git a/src/basic/verbs.h b/src/libbasic/verbs.h
index 7b5e18510f..7b5e18510f 100644
--- a/src/basic/verbs.h
+++ b/src/libbasic/verbs.h
diff --git a/src/basic/virt.c b/src/libbasic/virt.c
index dace1f4328..dace1f4328 100644
--- a/src/basic/virt.c
+++ b/src/libbasic/virt.c
diff --git a/src/basic/virt.h b/src/libbasic/virt.h
index a538f07f6b..a538f07f6b 100644
--- a/src/basic/virt.h
+++ b/src/libbasic/virt.h
diff --git a/src/basic/web-util.c b/src/libbasic/web-util.c
index 595688ed93..595688ed93 100644
--- a/src/basic/web-util.c
+++ b/src/libbasic/web-util.c
diff --git a/src/basic/web-util.h b/src/libbasic/web-util.h
index e6bb6b53f5..e6bb6b53f5 100644
--- a/src/basic/web-util.h
+++ b/src/libbasic/web-util.h
diff --git a/src/basic/xattr-util.c b/src/libbasic/xattr-util.c
index 8256899eda..8256899eda 100644
--- a/src/basic/xattr-util.c
+++ b/src/libbasic/xattr-util.c
diff --git a/src/basic/xattr-util.h b/src/libbasic/xattr-util.h
index 6fa097bf7e..6fa097bf7e 100644
--- a/src/basic/xattr-util.h
+++ b/src/libbasic/xattr-util.h
diff --git a/src/basic/xml.c b/src/libbasic/xml.c
index 1dbeac7324..1dbeac7324 100644
--- a/src/basic/xml.c
+++ b/src/libbasic/xml.c
diff --git a/src/basic/xml.h b/src/libbasic/xml.h
index 41cb69f0dc..41cb69f0dc 100644
--- a/src/basic/xml.h
+++ b/src/libbasic/xml.h
diff --git a/src/core/.gitignore b/src/libcore/.gitignore
index 465b4fcc20..465b4fcc20 100644
--- a/src/core/.gitignore
+++ b/src/libcore/.gitignore
diff --git a/src/libcore/Makefile b/src/libcore/Makefile
new file mode 100644
index 0000000000..f40a115042
--- /dev/null
+++ b/src/libcore/Makefile
@@ -0,0 +1,170 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+noinst_LTLIBRARIES += \
+	libcore.la
+
+libcore_la_SOURCES = \
+	src/core/unit.c \
+	src/core/unit.h \
+	src/core/unit-printf.c \
+	src/core/unit-printf.h \
+	src/core/job.c \
+	src/core/job.h \
+	src/core/manager.c \
+	src/core/manager.h \
+	src/core/transaction.c \
+	src/core/transaction.h \
+	src/core/load-fragment.c \
+	src/core/load-fragment.h \
+	src/core/service.c \
+	src/core/service.h \
+	src/core/socket.c \
+	src/core/socket.h \
+	src/core/busname.c \
+	src/core/busname.h \
+	src/core/bus-policy.c \
+	src/core/bus-policy.h \
+	src/core/target.c \
+	src/core/target.h \
+	src/core/device.c \
+	src/core/device.h \
+	src/core/mount.c \
+	src/core/mount.h \
+	src/core/automount.c \
+	src/core/automount.h \
+	src/core/swap.c \
+	src/core/swap.h \
+	src/core/timer.c \
+	src/core/timer.h \
+	src/core/path.c \
+	src/core/path.h \
+	src/core/slice.c \
+	src/core/slice.h \
+	src/core/scope.c \
+	src/core/scope.h \
+	src/core/load-dropin.c \
+	src/core/load-dropin.h \
+	src/core/execute.c \
+	src/core/execute.h \
+	src/core/kill.c \
+	src/core/kill.h \
+	src/core/dbus.c \
+	src/core/dbus.h \
+	src/core/dbus-manager.c \
+	src/core/dbus-manager.h \
+	src/core/dbus-unit.c \
+	src/core/dbus-unit.h \
+	src/core/dbus-job.c \
+	src/core/dbus-job.h \
+	src/core/dbus-service.c \
+	src/core/dbus-service.h \
+	src/core/dbus-socket.c \
+	src/core/dbus-socket.h \
+	src/core/dbus-busname.c \
+	src/core/dbus-busname.h \
+	src/core/dbus-target.c \
+	src/core/dbus-target.h \
+	src/core/dbus-device.c \
+	src/core/dbus-device.h \
+	src/core/dbus-mount.c \
+	src/core/dbus-mount.h \
+	src/core/dbus-automount.c \
+	src/core/dbus-automount.h \
+	src/core/dbus-swap.c \
+	src/core/dbus-swap.h \
+	src/core/dbus-timer.c \
+	src/core/dbus-timer.h \
+	src/core/dbus-path.c \
+	src/core/dbus-path.h \
+	src/core/dbus-slice.c \
+	src/core/dbus-slice.h \
+	src/core/dbus-scope.c \
+	src/core/dbus-scope.h \
+	src/core/dbus-execute.c \
+	src/core/dbus-execute.h \
+	src/core/dbus-kill.c \
+	src/core/dbus-kill.h \
+	src/core/dbus-cgroup.c \
+	src/core/dbus-cgroup.h \
+	src/core/cgroup.c \
+	src/core/cgroup.h \
+	src/core/selinux-access.c \
+	src/core/selinux-access.h \
+	src/core/selinux-setup.c \
+	src/core/selinux-setup.h \
+	src/core/smack-setup.c \
+	src/core/smack-setup.h \
+	src/core/ima-setup.c \
+	src/core/ima-setup.h \
+	src/core/locale-setup.h \
+	src/core/locale-setup.c \
+	src/core/hostname-setup.c \
+	src/core/hostname-setup.h \
+	src/core/machine-id-setup.c \
+	src/core/machine-id-setup.h \
+	src/core/mount-setup.c \
+	src/core/mount-setup.h \
+	src/core/kmod-setup.c \
+	src/core/kmod-setup.h \
+	src/core/loopback-setup.h \
+	src/core/loopback-setup.c \
+	src/core/namespace.c \
+	src/core/namespace.h \
+	src/core/killall.h \
+	src/core/killall.c \
+	src/core/audit-fd.c \
+	src/core/audit-fd.h \
+	src/core/show-status.c \
+	src/core/show-status.h \
+	src/core/failure-action.c \
+	src/core/failure-action.h
+
+nodist_libcore_la_SOURCES = \
+	src/core/load-fragment-gperf.c \
+	src/core/load-fragment-gperf-nulstr.c
+
+libcore_la_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(PAM_CFLAGS) \
+	$(AUDIT_CFLAGS) \
+	$(KMOD_CFLAGS) \
+	$(APPARMOR_CFLAGS) \
+	$(MOUNT_CFLAGS) \
+	$(SECCOMP_CFLAGS)
+
+libcore_la_LIBADD = \
+	libshared.la \
+	$(PAM_LIBS) \
+	$(AUDIT_LIBS) \
+	$(KMOD_LIBS) \
+	$(APPARMOR_LIBS) \
+	$(MOUNT_LIBS)
+
+$(outdir)/load-fragment-gperf-nulstr.c: src/core/load-fragment-gperf.gperf
+	$(AM_V_at)$(MKDIR_P) $(dir $@)
+	$(AM_V_GEN)$(AWK) 'BEGIN{ keywords=0 ; FS="," ; print "extern const char load_fragment_gperf_nulstr[];" ; print "const char load_fragment_gperf_nulstr[] ="} ; keyword==1 { print "\"" $$1 "\\0\"" } ; /%%/ { keyword=1} ; END { print ";" }' < $< > $@
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/core/audit-fd.c b/src/libcore/audit-fd.c
index 76afe3fe15..76afe3fe15 100644
--- a/src/core/audit-fd.c
+++ b/src/libcore/audit-fd.c
diff --git a/src/core/audit-fd.h b/src/libcore/audit-fd.h
index 0eccb59210..0eccb59210 100644
--- a/src/core/audit-fd.h
+++ b/src/libcore/audit-fd.h
diff --git a/src/core/automount.c b/src/libcore/automount.c
index f06d837e30..f06d837e30 100644
--- a/src/core/automount.c
+++ b/src/libcore/automount.c
diff --git a/src/core/automount.h b/src/libcore/automount.h
index 76a201178e..76a201178e 100644
--- a/src/core/automount.h
+++ b/src/libcore/automount.h
diff --git a/src/core/bus-policy.c b/src/libcore/bus-policy.c
index 4907c268e8..4907c268e8 100644
--- a/src/core/bus-policy.c
+++ b/src/libcore/bus-policy.c
diff --git a/src/core/bus-policy.h b/src/libcore/bus-policy.h
index 5b2c4d5953..5b2c4d5953 100644
--- a/src/core/bus-policy.h
+++ b/src/libcore/bus-policy.h
diff --git a/src/core/busname.c b/src/libcore/busname.c
index f03a95c24e..f03a95c24e 100644
--- a/src/core/busname.c
+++ b/src/libcore/busname.c
diff --git a/src/core/busname.h b/src/libcore/busname.h
index a8562db458..a8562db458 100644
--- a/src/core/busname.h
+++ b/src/libcore/busname.h
diff --git a/src/core/cgroup.c b/src/libcore/cgroup.c
index 0fb63b1bd1..0fb63b1bd1 100644
--- a/src/core/cgroup.c
+++ b/src/libcore/cgroup.c
diff --git a/src/core/cgroup.h b/src/libcore/cgroup.h
index 2b1edbafc4..2b1edbafc4 100644
--- a/src/core/cgroup.h
+++ b/src/libcore/cgroup.h
diff --git a/src/core/dbus-automount.c b/src/libcore/dbus-automount.c
index b2806ad86f..b2806ad86f 100644
--- a/src/core/dbus-automount.c
+++ b/src/libcore/dbus-automount.c
diff --git a/src/core/dbus-automount.h b/src/libcore/dbus-automount.h
index 7b51eb973a..7b51eb973a 100644
--- a/src/core/dbus-automount.h
+++ b/src/libcore/dbus-automount.h
diff --git a/src/core/dbus-busname.c b/src/libcore/dbus-busname.c
index cf816ba15b..cf816ba15b 100644
--- a/src/core/dbus-busname.c
+++ b/src/libcore/dbus-busname.c
diff --git a/src/core/dbus-busname.h b/src/libcore/dbus-busname.h
index 8643d1a404..8643d1a404 100644
--- a/src/core/dbus-busname.h
+++ b/src/libcore/dbus-busname.h
diff --git a/src/core/dbus-cgroup.c b/src/libcore/dbus-cgroup.c
index eef1c47c14..eef1c47c14 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/libcore/dbus-cgroup.c
diff --git a/src/libcore/dbus-cgroup.h b/src/libcore/dbus-cgroup.h
new file mode 100644
index 0000000000..84d0f1ba04
--- /dev/null
+++ b/src/libcore/dbus-cgroup.h
@@ -0,0 +1,28 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "cgroup.h"
+
+extern const sd_bus_vtable bus_cgroup_vtable[];
+
+int bus_cgroup_set_property(Unit *u, CGroupContext *c, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/core/dbus-device.c b/src/libcore/dbus-device.c
index e1a12224d3..e1a12224d3 100644
--- a/src/core/dbus-device.c
+++ b/src/libcore/dbus-device.c
diff --git a/src/core/dbus-device.h b/src/libcore/dbus-device.h
index eb1d8c3278..eb1d8c3278 100644
--- a/src/core/dbus-device.h
+++ b/src/libcore/dbus-device.h
diff --git a/src/core/dbus-execute.c b/src/libcore/dbus-execute.c
index 06943c6365..06943c6365 100644
--- a/src/core/dbus-execute.c
+++ b/src/libcore/dbus-execute.c
diff --git a/src/libcore/dbus-execute.h b/src/libcore/dbus-execute.h
new file mode 100644
index 0000000000..bdfef41db4
--- /dev/null
+++ b/src/libcore/dbus-execute.h
@@ -0,0 +1,45 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "execute.h"
+
+#define BUS_EXEC_STATUS_VTABLE(prefix, offset, flags)                   \
+        BUS_PROPERTY_DUAL_TIMESTAMP(prefix "StartTimestamp", (offset) + offsetof(ExecStatus, start_timestamp), flags), \
+        BUS_PROPERTY_DUAL_TIMESTAMP(prefix "ExitTimestamp", (offset) + offsetof(ExecStatus, exit_timestamp), flags), \
+        SD_BUS_PROPERTY(prefix "PID", "u", bus_property_get_pid, (offset) + offsetof(ExecStatus, pid), flags), \
+        SD_BUS_PROPERTY(prefix "Code", "i", bus_property_get_int, (offset) + offsetof(ExecStatus, code), flags), \
+        SD_BUS_PROPERTY(prefix "Status", "i", bus_property_get_int, (offset) + offsetof(ExecStatus, status), flags)
+
+#define BUS_EXEC_COMMAND_VTABLE(name, offset, flags)                    \
+        SD_BUS_PROPERTY(name, "a(sasbttttuii)", bus_property_get_exec_command, offset, flags)
+
+#define BUS_EXEC_COMMAND_LIST_VTABLE(name, offset, flags)                    \
+        SD_BUS_PROPERTY(name, "a(sasbttttuii)", bus_property_get_exec_command_list, offset, flags)
+
+extern const sd_bus_vtable bus_exec_vtable[];
+
+int bus_property_get_exec_output(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
+int bus_property_get_exec_command(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
+int bus_property_get_exec_command_list(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
+
+int bus_exec_context_set_transient_property(Unit *u, ExecContext *c, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/libcore/dbus-job.c b/src/libcore/dbus-job.c
new file mode 100644
index 0000000000..1d739787bb
--- /dev/null
+++ b/src/libcore/dbus-job.c
@@ -0,0 +1,193 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "dbus-job.h"
+#include "dbus.h"
+#include "job.h"
+#include "log.h"
+#include "selinux-access.h"
+#include "string-util.h"
+
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, job_type, JobType);
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_state, job_state, JobState);
+
+static int property_get_unit(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        _cleanup_free_ char *p = NULL;
+        Job *j = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(j);
+
+        p = unit_dbus_path(j->unit);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_message_append(reply, "(so)", j->unit->id, p);
+}
+
+int bus_job_method_cancel(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Job *j = userdata;
+        int r;
+
+        assert(message);
+        assert(j);
+
+        r = mac_selinux_unit_access_check(j->unit, message, "stop", error);
+        if (r < 0)
+                return r;
+
+        /* Access is granted to the job owner */
+        if (!sd_bus_track_contains(j->clients, sd_bus_message_get_sender(message))) {
+
+                /* And for everybody else consult PolicyKit */
+                r = bus_verify_manage_units_async(j->unit->manager, message, error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+        }
+
+        job_finish_and_invalidate(j, JOB_CANCELED, true, false);
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+const sd_bus_vtable bus_job_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_METHOD("Cancel", NULL, NULL, bus_job_method_cancel, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_PROPERTY("Id", "u", NULL, offsetof(Job, id), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Unit", "(so)", property_get_unit, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("JobType", "s", property_get_type, offsetof(Job, type), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("State", "s", property_get_state, offsetof(Job, state), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_VTABLE_END
+};
+
+static int send_new_signal(sd_bus *bus, void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *p = NULL;
+        Job *j = userdata;
+        int r;
+
+        assert(bus);
+        assert(j);
+
+        p = job_dbus_path(j);
+        if (!p)
+                return -ENOMEM;
+
+        r = sd_bus_message_new_signal(
+                        bus,
+                        &m,
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "JobNew");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "uos", j->id, p, j->unit->id);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(bus, m, NULL);
+}
+
+static int send_changed_signal(sd_bus *bus, void *userdata) {
+        _cleanup_free_ char *p = NULL;
+        Job *j = userdata;
+
+        assert(bus);
+        assert(j);
+
+        p = job_dbus_path(j);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_emit_properties_changed(bus, p, "org.freedesktop.systemd1.Job", "State", NULL);
+}
+
+void bus_job_send_change_signal(Job *j) {
+        int r;
+
+        assert(j);
+
+        if (j->in_dbus_queue) {
+                LIST_REMOVE(dbus_queue, j->manager->dbus_job_queue, j);
+                j->in_dbus_queue = false;
+        }
+
+        r = bus_foreach_bus(j->manager, j->clients, j->sent_dbus_new_signal ? send_changed_signal : send_new_signal, j);
+        if (r < 0)
+                log_debug_errno(r, "Failed to send job change signal for %u: %m", j->id);
+
+        j->sent_dbus_new_signal = true;
+}
+
+static int send_removed_signal(sd_bus *bus, void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *p = NULL;
+        Job *j = userdata;
+        int r;
+
+        assert(bus);
+        assert(j);
+
+        p = job_dbus_path(j);
+        if (!p)
+                return -ENOMEM;
+
+        r = sd_bus_message_new_signal(
+                        bus,
+                        &m,
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "JobRemoved");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "uoss", j->id, p, j->unit->id, job_result_to_string(j->result));
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(bus, m, NULL);
+}
+
+void bus_job_send_removed_signal(Job *j) {
+        int r;
+
+        assert(j);
+
+        if (!j->sent_dbus_new_signal)
+                bus_job_send_change_signal(j);
+
+        r = bus_foreach_bus(j->manager, j->clients, send_removed_signal, j);
+        if (r < 0)
+                log_debug_errno(r, "Failed to send job remove signal for %u: %m", j->id);
+}
diff --git a/src/libcore/dbus-job.h b/src/libcore/dbus-job.h
new file mode 100644
index 0000000000..95664cb90c
--- /dev/null
+++ b/src/libcore/dbus-job.h
@@ -0,0 +1,31 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "job.h"
+
+extern const sd_bus_vtable bus_job_vtable[];
+
+int bus_job_method_cancel(sd_bus_message *message, void *job, sd_bus_error *error);
+
+void bus_job_send_change_signal(Job *j);
+void bus_job_send_removed_signal(Job *j);
diff --git a/src/core/dbus-kill.c b/src/libcore/dbus-kill.c
index 0f54c6b84b..0f54c6b84b 100644
--- a/src/core/dbus-kill.c
+++ b/src/libcore/dbus-kill.c
diff --git a/src/libcore/dbus-kill.h b/src/libcore/dbus-kill.h
new file mode 100644
index 0000000000..b32ce9d223
--- /dev/null
+++ b/src/libcore/dbus-kill.h
@@ -0,0 +1,29 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "kill.h"
+#include "unit.h"
+
+extern const sd_bus_vtable bus_kill_vtable[];
+
+int bus_kill_context_set_transient_property(Unit *u, KillContext *c, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/core/dbus-manager.c b/src/libcore/dbus-manager.c
index 86722e1162..86722e1162 100644
--- a/src/core/dbus-manager.c
+++ b/src/libcore/dbus-manager.c
diff --git a/src/core/dbus-manager.h b/src/libcore/dbus-manager.h
index 36a2e9481b..36a2e9481b 100644
--- a/src/core/dbus-manager.h
+++ b/src/libcore/dbus-manager.h
diff --git a/src/core/dbus-mount.c b/src/libcore/dbus-mount.c
index 935db7c48b..935db7c48b 100644
--- a/src/core/dbus-mount.c
+++ b/src/libcore/dbus-mount.c
diff --git a/src/libcore/dbus-mount.h b/src/libcore/dbus-mount.h
new file mode 100644
index 0000000000..f9844e449d
--- /dev/null
+++ b/src/libcore/dbus-mount.h
@@ -0,0 +1,29 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_mount_vtable[];
+
+int bus_mount_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
+int bus_mount_commit_properties(Unit *u);
diff --git a/src/core/dbus-path.c b/src/libcore/dbus-path.c
index 1e153e503f..1e153e503f 100644
--- a/src/core/dbus-path.c
+++ b/src/libcore/dbus-path.c
diff --git a/src/core/dbus-path.h b/src/libcore/dbus-path.h
index d3c19e0c2b..d3c19e0c2b 100644
--- a/src/core/dbus-path.h
+++ b/src/libcore/dbus-path.h
diff --git a/src/core/dbus-scope.c b/src/libcore/dbus-scope.c
index 34ee9a8fa9..34ee9a8fa9 100644
--- a/src/core/dbus-scope.c
+++ b/src/libcore/dbus-scope.c
diff --git a/src/libcore/dbus-scope.h b/src/libcore/dbus-scope.h
new file mode 100644
index 0000000000..f96ddef0cf
--- /dev/null
+++ b/src/libcore/dbus-scope.h
@@ -0,0 +1,31 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_scope_vtable[];
+
+int bus_scope_set_property(Unit *u, const char *name, sd_bus_message *i, UnitSetPropertiesMode mode, sd_bus_error *error);
+int bus_scope_commit_properties(Unit *u);
+
+int bus_scope_send_request_stop(Scope *s);
diff --git a/src/core/dbus-service.c b/src/libcore/dbus-service.c
index 03eecca911..03eecca911 100644
--- a/src/core/dbus-service.c
+++ b/src/libcore/dbus-service.c
diff --git a/src/libcore/dbus-service.h b/src/libcore/dbus-service.h
new file mode 100644
index 0000000000..291959325c
--- /dev/null
+++ b/src/libcore/dbus-service.h
@@ -0,0 +1,29 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_service_vtable[];
+
+int bus_service_set_property(Unit *u, const char *name, sd_bus_message *i, UnitSetPropertiesMode mode, sd_bus_error *error);
+int bus_service_commit_properties(Unit *u);
diff --git a/src/core/dbus-slice.c b/src/libcore/dbus-slice.c
index e37f50b283..e37f50b283 100644
--- a/src/core/dbus-slice.c
+++ b/src/libcore/dbus-slice.c
diff --git a/src/libcore/dbus-slice.h b/src/libcore/dbus-slice.h
new file mode 100644
index 0000000000..8e4cabbf8a
--- /dev/null
+++ b/src/libcore/dbus-slice.h
@@ -0,0 +1,29 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_slice_vtable[];
+
+int bus_slice_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
+int bus_slice_commit_properties(Unit *u);
diff --git a/src/core/dbus-socket.c b/src/libcore/dbus-socket.c
index 961340608d..961340608d 100644
--- a/src/core/dbus-socket.c
+++ b/src/libcore/dbus-socket.c
diff --git a/src/libcore/dbus-socket.h b/src/libcore/dbus-socket.h
new file mode 100644
index 0000000000..a31906feea
--- /dev/null
+++ b/src/libcore/dbus-socket.h
@@ -0,0 +1,29 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_socket_vtable[];
+
+int bus_socket_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
+int bus_socket_commit_properties(Unit *u);
diff --git a/src/core/dbus-swap.c b/src/libcore/dbus-swap.c
index 292f8738c6..292f8738c6 100644
--- a/src/core/dbus-swap.c
+++ b/src/libcore/dbus-swap.c
diff --git a/src/libcore/dbus-swap.h b/src/libcore/dbus-swap.h
new file mode 100644
index 0000000000..19151fb771
--- /dev/null
+++ b/src/libcore/dbus-swap.h
@@ -0,0 +1,30 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+  Copyright 2010 Maarten Lankhorst
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_swap_vtable[];
+
+int bus_swap_set_property(Unit *u, const char *name, sd_bus_message *message, UnitSetPropertiesMode mode, sd_bus_error *error);
+int bus_swap_commit_properties(Unit *u);
diff --git a/src/core/dbus-target.c b/src/libcore/dbus-target.c
index 6858b1ce72..6858b1ce72 100644
--- a/src/core/dbus-target.c
+++ b/src/libcore/dbus-target.c
diff --git a/src/libcore/dbus-target.h b/src/libcore/dbus-target.h
new file mode 100644
index 0000000000..c97a9d626e
--- /dev/null
+++ b/src/libcore/dbus-target.h
@@ -0,0 +1,24 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+extern const sd_bus_vtable bus_target_vtable[];
diff --git a/src/core/dbus-timer.c b/src/libcore/dbus-timer.c
index a0e61b023e..a0e61b023e 100644
--- a/src/core/dbus-timer.c
+++ b/src/libcore/dbus-timer.c
diff --git a/src/libcore/dbus-timer.h b/src/libcore/dbus-timer.h
new file mode 100644
index 0000000000..505fb5df72
--- /dev/null
+++ b/src/libcore/dbus-timer.h
@@ -0,0 +1,28 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_timer_vtable[];
+
+int bus_timer_set_property(Unit *u, const char *name, sd_bus_message *i, UnitSetPropertiesMode mode, sd_bus_error *error);
diff --git a/src/libcore/dbus-unit.c b/src/libcore/dbus-unit.c
new file mode 100644
index 0000000000..dcd8db0898
--- /dev/null
+++ b/src/libcore/dbus-unit.c
@@ -0,0 +1,1423 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "cgroup-util.h"
+#include "dbus-unit.h"
+#include "dbus.h"
+#include "fd-util.h"
+#include "locale-util.h"
+#include "log.h"
+#include "process-util.h"
+#include "selinux-access.h"
+#include "signal-util.h"
+#include "special.h"
+#include "string-util.h"
+#include "strv.h"
+#include "user-util.h"
+
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_load_state, unit_load_state, UnitLoadState);
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_job_mode, job_mode, JobMode);
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_failure_action, failure_action, FailureAction);
+
+static int property_get_names(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+        Iterator i;
+        const char *t;
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        r = sd_bus_message_open_container(reply, 'a', "s");
+        if (r < 0)
+                return r;
+
+        SET_FOREACH(t, u->names, i) {
+                r = sd_bus_message_append(reply, "s", t);
+                if (r < 0)
+                        return r;
+        }
+
+        return sd_bus_message_close_container(reply);
+}
+
+static int property_get_following(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata, *f;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        f = unit_following(u);
+        return sd_bus_message_append(reply, "s", f ? f->id : "");
+}
+
+static int property_get_dependencies(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Set *s = *(Set**) userdata;
+        Iterator j;
+        Unit *u;
+        int r;
+
+        assert(bus);
+        assert(reply);
+
+        r = sd_bus_message_open_container(reply, 'a', "s");
+        if (r < 0)
+                return r;
+
+        SET_FOREACH(u, s, j) {
+                r = sd_bus_message_append(reply, "s", u->id);
+                if (r < 0)
+                        return r;
+        }
+
+        return sd_bus_message_close_container(reply);
+}
+
+static int property_get_obsolete_dependencies(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        assert(bus);
+        assert(reply);
+
+        /* For dependency types we don't support anymore always return an empty array */
+        return sd_bus_message_append(reply, "as", 0);
+}
+
+static int property_get_description(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "s", unit_description(u));
+}
+
+static int property_get_active_state(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "s", unit_active_state_to_string(unit_active_state(u)));
+}
+
+static int property_get_sub_state(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "s", unit_sub_state_to_string(u));
+}
+
+static int property_get_unit_file_preset(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        r = unit_get_unit_file_preset(u);
+
+        return sd_bus_message_append(reply, "s",
+                                     r < 0 ? "":
+                                     r > 0 ? "enabled" : "disabled");
+}
+
+static int property_get_unit_file_state(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "s", unit_file_state_to_string(unit_get_unit_file_state(u)));
+}
+
+static int property_get_can_start(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "b", unit_can_start(u) && !u->refuse_manual_start);
+}
+
+static int property_get_can_stop(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        /* On the lower levels we assume that every unit we can start
+         * we can also stop */
+
+        return sd_bus_message_append(reply, "b", unit_can_start(u) && !u->refuse_manual_stop);
+}
+
+static int property_get_can_reload(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "b", unit_can_reload(u));
+}
+
+static int property_get_can_isolate(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "b", unit_can_isolate(u) && !u->refuse_manual_start);
+}
+
+static int property_get_job(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        _cleanup_free_ char *p = NULL;
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        if (!u->job)
+                return sd_bus_message_append(reply, "(uo)", 0, "/");
+
+        p = job_dbus_path(u->job);
+        if (!p)
+                return -ENOMEM;
+
+        return sd_bus_message_append(reply, "(uo)", u->job->id, p);
+}
+
+static int property_get_need_daemon_reload(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "b", unit_need_daemon_reload(u));
+}
+
+static int property_get_conditions(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        const char *(*to_string)(ConditionType type) = NULL;
+        Condition **list = userdata, *c;
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(list);
+
+        to_string = streq(property, "Asserts") ? assert_type_to_string : condition_type_to_string;
+
+        r = sd_bus_message_open_container(reply, 'a', "(sbbsi)");
+        if (r < 0)
+                return r;
+
+        LIST_FOREACH(conditions, c, *list) {
+                int tristate;
+
+                tristate =
+                        c->result == CONDITION_UNTESTED ? 0 :
+                        c->result == CONDITION_SUCCEEDED ? 1 : -1;
+
+                r = sd_bus_message_append(reply, "(sbbsi)",
+                                          to_string(c->type),
+                                          c->trigger, c->negate,
+                                          c->parameter, tristate);
+                if (r < 0)
+                        return r;
+
+        }
+
+        return sd_bus_message_close_container(reply);
+}
+
+static int property_get_load_error(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        if (u->load_error != 0)
+                sd_bus_error_set_errno(&e, u->load_error);
+
+        return sd_bus_message_append(reply, "(ss)", e.name, e.message);
+}
+
+static int bus_verify_manage_units_async_full(
+                Unit *u,
+                const char *verb,
+                int capability,
+                const char *polkit_message,
+                sd_bus_message *call,
+                sd_bus_error *error) {
+
+        const char *details[9] = {
+                "unit", u->id,
+                "verb", verb,
+        };
+
+        if (polkit_message) {
+                details[4] = "polkit.message";
+                details[5] = polkit_message;
+                details[6] = "polkit.gettext_domain";
+                details[7] = GETTEXT_PACKAGE;
+        }
+
+        return bus_verify_polkit_async(call, capability, "org.freedesktop.systemd1.manage-units", details, false, UID_INVALID, &u->manager->polkit_registry, error);
+}
+
+int bus_unit_method_start_generic(
+                sd_bus_message *message,
+                Unit *u,
+                JobType job_type,
+                bool reload_if_possible,
+                sd_bus_error *error) {
+
+        const char *smode;
+        JobMode mode;
+        _cleanup_free_ char *verb = NULL;
+        static const char *const polkit_message_for_job[_JOB_TYPE_MAX] = {
+                [JOB_START]       = N_("Authentication is required to start '$(unit)'."),
+                [JOB_STOP]        = N_("Authentication is required to stop '$(unit)'."),
+                [JOB_RELOAD]      = N_("Authentication is required to reload '$(unit)'."),
+                [JOB_RESTART]     = N_("Authentication is required to restart '$(unit)'."),
+                [JOB_TRY_RESTART] = N_("Authentication is required to restart '$(unit)'."),
+        };
+        int r;
+
+        assert(message);
+        assert(u);
+        assert(job_type >= 0 && job_type < _JOB_TYPE_MAX);
+
+        r = mac_selinux_unit_access_check(
+                        u, message,
+                        job_type_to_access_method(job_type),
+                        error);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(message, "s", &smode);
+        if (r < 0)
+                return r;
+
+        mode = job_mode_from_string(smode);
+        if (mode < 0)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Job mode %s invalid", smode);
+
+        if (reload_if_possible)
+                verb = strjoin("reload-or-", job_type_to_string(job_type), NULL);
+        else
+                verb = strdup(job_type_to_string(job_type));
+        if (!verb)
+                return -ENOMEM;
+
+        r = bus_verify_manage_units_async_full(
+                        u,
+                        verb,
+                        CAP_SYS_ADMIN,
+                        job_type < _JOB_TYPE_MAX ? polkit_message_for_job[job_type] : NULL,
+                        message,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        return bus_unit_queue_job(message, u, job_type, mode, reload_if_possible, error);
+}
+
+static int method_start(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return bus_unit_method_start_generic(message, userdata, JOB_START, false, error);
+}
+
+static int method_stop(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return bus_unit_method_start_generic(message, userdata, JOB_STOP, false, error);
+}
+
+static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return bus_unit_method_start_generic(message, userdata, JOB_RELOAD, false, error);
+}
+
+static int method_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return bus_unit_method_start_generic(message, userdata, JOB_RESTART, false, error);
+}
+
+static int method_try_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return bus_unit_method_start_generic(message, userdata, JOB_TRY_RESTART, false, error);
+}
+
+static int method_reload_or_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return bus_unit_method_start_generic(message, userdata, JOB_RESTART, true, error);
+}
+
+static int method_reload_or_try_restart(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        return bus_unit_method_start_generic(message, userdata, JOB_TRY_RESTART, true, error);
+}
+
+int bus_unit_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Unit *u = userdata;
+        const char *swho;
+        int32_t signo;
+        KillWho who;
+        int r;
+
+        assert(message);
+        assert(u);
+
+        r = mac_selinux_unit_access_check(u, message, "stop", error);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(message, "si", &swho, &signo);
+        if (r < 0)
+                return r;
+
+        if (isempty(swho))
+                who = KILL_ALL;
+        else {
+                who = kill_who_from_string(swho);
+                if (who < 0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid who argument %s", swho);
+        }
+
+        if (!SIGNAL_VALID(signo))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Signal number out of range.");
+
+        r = bus_verify_manage_units_async_full(
+                        u,
+                        "kill",
+                        CAP_KILL,
+                        N_("Authentication is required to kill '$(unit)'."),
+                        message,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        r = unit_kill(u, who, signo, error);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+int bus_unit_method_reset_failed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Unit *u = userdata;
+        int r;
+
+        assert(message);
+        assert(u);
+
+        r = mac_selinux_unit_access_check(u, message, "reload", error);
+        if (r < 0)
+                return r;
+
+        r = bus_verify_manage_units_async_full(
+                        u,
+                        "reset-failed",
+                        CAP_SYS_ADMIN,
+                        N_("Authentication is required to reset the \"failed\" state of '$(unit)'."),
+                        message,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        unit_reset_failed(u);
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+int bus_unit_method_set_properties(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Unit *u = userdata;
+        int runtime, r;
+
+        assert(message);
+        assert(u);
+
+        r = mac_selinux_unit_access_check(u, message, "start", error);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(message, "b", &runtime);
+        if (r < 0)
+                return r;
+
+        r = bus_verify_manage_units_async_full(
+                        u,
+                        "set-property",
+                        CAP_SYS_ADMIN,
+                        N_("Authentication is required to set properties on '$(unit)'."),
+                        message,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+        r = bus_unit_set_properties(u, message, runtime ? UNIT_RUNTIME : UNIT_PERSISTENT, true, error);
+        if (r < 0)
+                return r;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
+const sd_bus_vtable bus_unit_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+
+        SD_BUS_PROPERTY("Id", "s", NULL, offsetof(Unit, id), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Names", "as", property_get_names, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Following", "s", property_get_following, 0, 0),
+        SD_BUS_PROPERTY("Requires", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUIRES]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Requisite", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUISITE]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Wants", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_WANTS]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("BindsTo", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_BINDS_TO]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("PartOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_PART_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RequiredBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUIRED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RequisiteOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_REQUISITE_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("WantedBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_WANTED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("BoundBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_BOUND_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("ConsistsOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_CONSISTS_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Conflicts", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_CONFLICTS]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("ConflictedBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_CONFLICTED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Before", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_BEFORE]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("After", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_AFTER]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("OnFailure", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_ON_FAILURE]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Triggers", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_TRIGGERS]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("TriggeredBy", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_TRIGGERED_BY]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("PropagatesReloadTo", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_PROPAGATES_RELOAD_TO]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("ReloadPropagatedFrom", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_RELOAD_PROPAGATED_FROM]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("JoinsNamespaceOf", "as", property_get_dependencies, offsetof(Unit, dependencies[UNIT_JOINS_NAMESPACE_OF]), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RequiresOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("RequisiteOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("RequiredByOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("RequisiteOfOverridable", "as", property_get_obsolete_dependencies, 0, SD_BUS_VTABLE_HIDDEN),
+        SD_BUS_PROPERTY("RequiresMountsFor", "as", NULL, offsetof(Unit, requires_mounts_for), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Documentation", "as", NULL, offsetof(Unit, documentation), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Description", "s", property_get_description, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("LoadState", "s", property_get_load_state, offsetof(Unit, load_state), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("ActiveState", "s", property_get_active_state, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("SubState", "s", property_get_sub_state, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("FragmentPath", "s", NULL, offsetof(Unit, fragment_path), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("SourcePath", "s", NULL, offsetof(Unit, source_path), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("DropInPaths", "as", NULL, offsetof(Unit, dropin_paths), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("UnitFileState", "s", property_get_unit_file_state, 0, 0),
+        SD_BUS_PROPERTY("UnitFilePreset", "s", property_get_unit_file_preset, 0, 0),
+        BUS_PROPERTY_DUAL_TIMESTAMP("StateChangeTimestamp", offsetof(Unit, state_change_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        BUS_PROPERTY_DUAL_TIMESTAMP("InactiveExitTimestamp", offsetof(Unit, inactive_exit_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        BUS_PROPERTY_DUAL_TIMESTAMP("ActiveEnterTimestamp", offsetof(Unit, active_enter_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        BUS_PROPERTY_DUAL_TIMESTAMP("ActiveExitTimestamp", offsetof(Unit, active_exit_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        BUS_PROPERTY_DUAL_TIMESTAMP("InactiveEnterTimestamp", offsetof(Unit, inactive_enter_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("CanStart", "b", property_get_can_start, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("CanStop", "b", property_get_can_stop, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("CanReload", "b", property_get_can_reload, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("CanIsolate", "b", property_get_can_isolate, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Job", "(uo)", property_get_job, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("StopWhenUnneeded", "b", bus_property_get_bool, offsetof(Unit, stop_when_unneeded), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RefuseManualStart", "b", bus_property_get_bool, offsetof(Unit, refuse_manual_start), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RefuseManualStop", "b", bus_property_get_bool, offsetof(Unit, refuse_manual_stop), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("AllowIsolate", "b", bus_property_get_bool, offsetof(Unit, allow_isolate), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("DefaultDependencies", "b", bus_property_get_bool, offsetof(Unit, default_dependencies), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("OnFailureJobMode", "s", property_get_job_mode, offsetof(Unit, on_failure_job_mode), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("IgnoreOnIsolate", "b", bus_property_get_bool, offsetof(Unit, ignore_on_isolate), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("NeedDaemonReload", "b", property_get_need_daemon_reload, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("JobTimeoutUSec", "t", bus_property_get_usec, offsetof(Unit, job_timeout), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("JobTimeoutAction", "s", property_get_failure_action, offsetof(Unit, job_timeout_action), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("JobTimeoutRebootArgument", "s", NULL, offsetof(Unit, job_timeout_reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("ConditionResult", "b", bus_property_get_bool, offsetof(Unit, condition_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("AssertResult", "b", bus_property_get_bool, offsetof(Unit, assert_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        BUS_PROPERTY_DUAL_TIMESTAMP("ConditionTimestamp", offsetof(Unit, condition_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        BUS_PROPERTY_DUAL_TIMESTAMP("AssertTimestamp", offsetof(Unit, assert_timestamp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("Conditions", "a(sbbsi)", property_get_conditions, offsetof(Unit, conditions), 0),
+        SD_BUS_PROPERTY("Asserts", "a(sbbsi)", property_get_conditions, offsetof(Unit, asserts), 0),
+        SD_BUS_PROPERTY("LoadError", "(ss)", property_get_load_error, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Transient", "b", bus_property_get_bool, offsetof(Unit, transient), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("StartLimitIntervalSec", "t", bus_property_get_usec, offsetof(Unit, start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("StartLimitInterval", "t", bus_property_get_usec, offsetof(Unit, start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), /* obsolete alias name */
+        SD_BUS_PROPERTY("StartLimitBurst", "u", bus_property_get_unsigned, offsetof(Unit, start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("StartLimitAction", "s", property_get_failure_action, offsetof(Unit, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("RebootArgument", "s", NULL, offsetof(Unit, reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST),
+
+        SD_BUS_METHOD("Start", "s", "o", method_start, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Stop", "s", "o", method_stop, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Reload", "s", "o", method_reload, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Restart", "s", "o", method_restart, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("TryRestart", "s", "o", method_try_restart, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ReloadOrRestart", "s", "o", method_reload_or_restart, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ReloadOrTryRestart", "s", "o", method_reload_or_try_restart, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Kill", "si", NULL, bus_unit_method_kill, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("ResetFailed", NULL, NULL, bus_unit_method_reset_failed, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetProperties", "ba(sv)", NULL, bus_unit_method_set_properties, SD_BUS_VTABLE_UNPRIVILEGED),
+
+        SD_BUS_VTABLE_END
+};
+
+static int property_get_slice(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        return sd_bus_message_append(reply, "s", unit_slice_name(u));
+}
+
+static int property_get_current_memory(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        uint64_t sz = (uint64_t) -1;
+        Unit *u = userdata;
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        r = unit_get_memory_current(u, &sz);
+        if (r < 0 && r != -ENODATA)
+                log_unit_warning_errno(u, r, "Failed to get memory.usage_in_bytes attribute: %m");
+
+        return sd_bus_message_append(reply, "t", sz);
+}
+
+static int property_get_current_tasks(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        uint64_t cn = (uint64_t) -1;
+        Unit *u = userdata;
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        r = unit_get_tasks_current(u, &cn);
+        if (r < 0 && r != -ENODATA)
+                log_unit_warning_errno(u, r, "Failed to get pids.current attribute: %m");
+
+        return sd_bus_message_append(reply, "t", cn);
+}
+
+static int property_get_cpu_usage(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        nsec_t ns = (nsec_t) -1;
+        Unit *u = userdata;
+        int r;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        r = unit_get_cpu_usage(u, &ns);
+        if (r < 0 && r != -ENODATA)
+                log_unit_warning_errno(u, r, "Failed to get cpuacct.usage attribute: %m");
+
+        return sd_bus_message_append(reply, "t", ns);
+}
+
+static int property_get_cgroup(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Unit *u = userdata;
+        const char *t;
+
+        assert(bus);
+        assert(reply);
+        assert(u);
+
+        /* Three cases: a) u->cgroup_path is NULL, in which case the
+         * unit has no control group, which we report as the empty
+         * string. b) u->cgroup_path is the empty string, which
+         * indicates the root cgroup, which we report as "/". c) all
+         * other cases we report as-is. */
+
+        if (u->cgroup_path)
+                t = isempty(u->cgroup_path) ? "/" : u->cgroup_path;
+        else
+                t = "";
+
+        return sd_bus_message_append(reply, "s", t);
+}
+
+static int append_process(sd_bus_message *reply, const char *p, pid_t pid, Set *pids) {
+        _cleanup_free_ char *buf = NULL, *cmdline = NULL;
+        int r;
+
+        assert(reply);
+        assert(pid > 0);
+
+        r = set_put(pids, PID_TO_PTR(pid));
+        if (r == -EEXIST || r == 0)
+                return 0;
+        if (r < 0)
+                return r;
+
+        if (!p) {
+                r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &buf);
+                if (r == -ESRCH)
+                        return 0;
+                if (r < 0)
+                        return r;
+
+                p = buf;
+        }
+
+        (void) get_process_cmdline(pid, 0, true, &cmdline);
+
+        return sd_bus_message_append(reply,
+                                     "(sus)",
+                                     p,
+                                     (uint32_t) pid,
+                                     cmdline);
+}
+
+static int append_cgroup(sd_bus_message *reply, const char *p, Set *pids) {
+        _cleanup_closedir_ DIR *d = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(reply);
+        assert(p);
+
+        r = cg_enumerate_processes(SYSTEMD_CGROUP_CONTROLLER, p, &f);
+        if (r == ENOENT)
+                return 0;
+        if (r < 0)
+                return r;
+
+        for (;;) {
+                pid_t pid;
+
+                r = cg_read_pid(f, &pid);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                if (is_kernel_thread(pid) > 0)
+                        continue;
+
+                r = append_process(reply, p, pid, pids);
+                if (r < 0)
+                        return r;
+        }
+
+        r = cg_enumerate_subgroups(SYSTEMD_CGROUP_CONTROLLER, p, &d);
+        if (r == -ENOENT)
+                return 0;
+        if (r < 0)
+                return r;
+
+        for (;;) {
+                _cleanup_free_ char *g = NULL, *j = NULL;
+
+                r = cg_read_subgroup(d, &g);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                j = strjoin(p, "/", g, NULL);
+                if (!j)
+                        return -ENOMEM;
+
+                r = append_cgroup(reply, j, pids);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(set_freep) Set *pids = NULL;
+        Unit *u = userdata;
+        pid_t pid;
+        int r;
+
+        assert(message);
+
+        pids = set_new(NULL);
+        if (!pids)
+                return -ENOMEM;
+
+        r = sd_bus_message_new_method_return(message, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(reply, 'a', "(sus)");
+        if (r < 0)
+                return r;
+
+        if (u->cgroup_path) {
+                r = append_cgroup(reply, u->cgroup_path, pids);
+                if (r < 0)
+                        return r;
+        }
+
+        /* The main and control pids might live outside of the cgroup, hence fetch them separately */
+        pid = unit_main_pid(u);
+        if (pid > 0) {
+                r = append_process(reply, NULL, pid, pids);
+                if (r < 0)
+                        return r;
+        }
+
+        pid = unit_control_pid(u);
+        if (pid > 0) {
+                r = append_process(reply, NULL, pid, pids);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(reply);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(NULL, reply, NULL);
+}
+
+const sd_bus_vtable bus_unit_cgroup_vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_PROPERTY("Slice", "s", property_get_slice, 0, 0),
+        SD_BUS_PROPERTY("ControlGroup", "s", property_get_cgroup, 0, 0),
+        SD_BUS_PROPERTY("MemoryCurrent", "t", property_get_current_memory, 0, 0),
+        SD_BUS_PROPERTY("CPUUsageNSec", "t", property_get_cpu_usage, 0, 0),
+        SD_BUS_PROPERTY("TasksCurrent", "t", property_get_current_tasks, 0, 0),
+        SD_BUS_METHOD("GetProcesses", NULL, "a(sus)", bus_unit_method_get_processes, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_VTABLE_END
+};
+
+static int send_new_signal(sd_bus *bus, void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *p = NULL;
+        Unit *u = userdata;
+        int r;
+
+        assert(bus);
+        assert(u);
+
+        p = unit_dbus_path(u);
+        if (!p)
+                return -ENOMEM;
+
+        r = sd_bus_message_new_signal(
+                        bus,
+                        &m,
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "UnitNew");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "so", u->id, p);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(bus, m, NULL);
+}
+
+static int send_changed_signal(sd_bus *bus, void *userdata) {
+        _cleanup_free_ char *p = NULL;
+        Unit *u = userdata;
+        int r;
+
+        assert(bus);
+        assert(u);
+
+        p = unit_dbus_path(u);
+        if (!p)
+                return -ENOMEM;
+
+        /* Send a properties changed signal. First for the specific
+         * type, then for the generic unit. The clients may rely on
+         * this order to get atomic behavior if needed. */
+
+        r = sd_bus_emit_properties_changed_strv(
+                        bus, p,
+                        unit_dbus_interface_from_type(u->type),
+                        NULL);
+        if (r < 0)
+                return r;
+
+        return sd_bus_emit_properties_changed_strv(
+                        bus, p,
+                        "org.freedesktop.systemd1.Unit",
+                        NULL);
+}
+
+void bus_unit_send_change_signal(Unit *u) {
+        int r;
+        assert(u);
+
+        if (u->in_dbus_queue) {
+                LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
+                u->in_dbus_queue = false;
+        }
+
+        if (!u->id)
+                return;
+
+        r = bus_foreach_bus(u->manager, NULL, u->sent_dbus_new_signal ? send_changed_signal : send_new_signal, u);
+        if (r < 0)
+                log_unit_debug_errno(u, r, "Failed to send unit change signal for %s: %m", u->id);
+
+        u->sent_dbus_new_signal = true;
+}
+
+static int send_removed_signal(sd_bus *bus, void *userdata) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ char *p = NULL;
+        Unit *u = userdata;
+        int r;
+
+        assert(bus);
+        assert(u);
+
+        p = unit_dbus_path(u);
+        if (!p)
+                return -ENOMEM;
+
+        r = sd_bus_message_new_signal(
+                        bus,
+                        &m,
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "UnitRemoved");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "so", u->id, p);
+        if (r < 0)
+                return r;
+
+        return sd_bus_send(bus, m, NULL);
+}
+
+void bus_unit_send_removed_signal(Unit *u) {
+        int r;
+        assert(u);
+
+        if (!u->sent_dbus_new_signal)
+                bus_unit_send_change_signal(u);
+
+        if (!u->id)
+                return;
+
+        r = bus_foreach_bus(u->manager, NULL, send_removed_signal, u);
+        if (r < 0)
+                log_unit_debug_errno(u, r, "Failed to send unit remove signal for %s: %m", u->id);
+}
+
+int bus_unit_queue_job(
+                sd_bus_message *message,
+                Unit *u,
+                JobType type,
+                JobMode mode,
+                bool reload_if_possible,
+                sd_bus_error *error) {
+
+        _cleanup_free_ char *path = NULL;
+        Job *j;
+        int r;
+
+        assert(message);
+        assert(u);
+        assert(type >= 0 && type < _JOB_TYPE_MAX);
+        assert(mode >= 0 && mode < _JOB_MODE_MAX);
+
+        r = mac_selinux_unit_access_check(
+                        u, message,
+                        job_type_to_access_method(type),
+                        error);
+        if (r < 0)
+                return r;
+
+        if (reload_if_possible && unit_can_reload(u)) {
+                if (type == JOB_RESTART)
+                        type = JOB_RELOAD_OR_START;
+                else if (type == JOB_TRY_RESTART)
+                        type = JOB_TRY_RELOAD;
+        }
+
+        if (type == JOB_STOP &&
+            (u->load_state == UNIT_NOT_FOUND || u->load_state == UNIT_ERROR) &&
+            unit_active_state(u) == UNIT_INACTIVE)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not loaded.", u->id);
+
+        if ((type == JOB_START && u->refuse_manual_start) ||
+            (type == JOB_STOP && u->refuse_manual_stop) ||
+            ((type == JOB_RESTART || type == JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)) ||
+            (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))
+                return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only.", u->id);
+
+        r = manager_add_job(u->manager, type, u, mode, error, &j);
+        if (r < 0)
+                return r;
+
+        if (sd_bus_message_get_bus(message) == u->manager->api_bus) {
+                if (!j->clients) {
+                        r = sd_bus_track_new(sd_bus_message_get_bus(message), &j->clients, NULL, NULL);
+                        if (r < 0)
+                                return r;
+                }
+
+                r = sd_bus_track_add_sender(j->clients, message);
+                if (r < 0)
+                        return r;
+        }
+
+        path = job_dbus_path(j);
+        if (!path)
+                return -ENOMEM;
+
+        return sd_bus_reply_method_return(message, "o", path);
+}
+
+static int bus_unit_set_transient_property(
+                Unit *u,
+                const char *name,
+                sd_bus_message *message,
+                UnitSetPropertiesMode mode,
+                sd_bus_error *error) {
+
+        int r;
+
+        assert(u);
+        assert(name);
+        assert(message);
+
+        if (streq(name, "Description")) {
+                const char *d;
+
+                r = sd_bus_message_read(message, "s", &d);
+                if (r < 0)
+                        return r;
+
+                if (mode != UNIT_CHECK) {
+                        r = unit_set_description(u, d);
+                        if (r < 0)
+                                return r;
+
+                        unit_write_drop_in_format(u, mode, name, "[Unit]\nDescription=%s\n", d);
+                }
+
+                return 1;
+
+        } else if (streq(name, "DefaultDependencies")) {
+                int b;
+
+                r = sd_bus_message_read(message, "b", &b);
+                if (r < 0)
+                        return r;
+
+                if (mode != UNIT_CHECK) {
+                        u->default_dependencies = b;
+                        unit_write_drop_in_format(u, mode, name, "[Unit]\nDefaultDependencies=%s\n", yes_no(b));
+                }
+
+                return 1;
+
+        } else if (streq(name, "Slice")) {
+                Unit *slice;
+                const char *s;
+
+                if (!UNIT_HAS_CGROUP_CONTEXT(u))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "The slice property is only available for units with control groups.");
+                if (u->type == UNIT_SLICE)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Slice may not be set for slice units.");
+                if (unit_has_name(u, SPECIAL_INIT_SCOPE))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set slice for init.scope");
+
+                r = sd_bus_message_read(message, "s", &s);
+                if (r < 0)
+                        return r;
+
+                if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid unit name '%s'", s);
+
+                /* Note that we do not dispatch the load queue here yet, as we don't want our own transient unit to be
+                 * loaded while we are still setting it up. Or in other words, we use manager_load_unit_prepare()
+                 * instead of manager_load_unit() on purpose, here. */
+                r = manager_load_unit_prepare(u->manager, s, NULL, error, &slice);
+                if (r < 0)
+                        return r;
+
+                if (slice->type != UNIT_SLICE)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s);
+
+                if (mode != UNIT_CHECK) {
+                        r = unit_set_slice(u, slice);
+                        if (r < 0)
+                                return r;
+
+                        unit_write_drop_in_private_format(u, mode, name, "Slice=%s\n", s);
+                }
+
+                return 1;
+
+        } else if (STR_IN_SET(name,
+                              "Requires", "RequiresOverridable",
+                              "Requisite", "RequisiteOverridable",
+                              "Wants",
+                              "BindsTo",
+                              "Conflicts",
+                              "Before", "After",
+                              "OnFailure",
+                              "PropagatesReloadTo", "ReloadPropagatedFrom",
+                              "PartOf")) {
+
+                UnitDependency d;
+                const char *other;
+
+                if (streq(name, "RequiresOverridable"))
+                        d = UNIT_REQUIRES; /* redirect for obsolete unit dependency type */
+                else if (streq(name, "RequisiteOverridable"))
+                        d = UNIT_REQUISITE; /* same here */
+                else {
+                        d = unit_dependency_from_string(name);
+                        if (d < 0)
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid unit dependency: %s", name);
+                }
+
+                r = sd_bus_message_enter_container(message, 'a', "s");
+                if (r < 0)
+                        return r;
+
+                while ((r = sd_bus_message_read(message, "s", &other)) > 0) {
+                        if (!unit_name_is_valid(other, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid unit name %s", other);
+
+                        if (mode != UNIT_CHECK) {
+                                _cleanup_free_ char *label = NULL;
+
+                                r = unit_add_dependency_by_name(u, d, other, NULL, true);
+                                if (r < 0)
+                                        return r;
+
+                                label = strjoin(name, "-", other, NULL);
+                                if (!label)
+                                        return -ENOMEM;
+
+                                unit_write_drop_in_format(u, mode, label, "[Unit]\n%s=%s\n", name, other);
+                        }
+
+                }
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_exit_container(message);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
+        return 0;
+}
+
+int bus_unit_set_properties(
+                Unit *u,
+                sd_bus_message *message,
+                UnitSetPropertiesMode mode,
+                bool commit,
+                sd_bus_error *error) {
+
+        bool for_real = false;
+        unsigned n = 0;
+        int r;
+
+        assert(u);
+        assert(message);
+
+        /* We iterate through the array twice. First run we just check
+         * if all passed data is valid, second run actually applies
+         * it. This is to implement transaction-like behaviour without
+         * actually providing full transactions. */
+
+        r = sd_bus_message_enter_container(message, 'a', "(sv)");
+        if (r < 0)
+                return r;
+
+        for (;;) {
+                const char *name;
+
+                r = sd_bus_message_enter_container(message, 'r', "sv");
+                if (r < 0)
+                        return r;
+                if (r == 0) {
+                        if (for_real || mode == UNIT_CHECK)
+                                break;
+
+                        /* Reached EOF. Let's try again, and this time for realz... */
+                        r = sd_bus_message_rewind(message, false);
+                        if (r < 0)
+                                return r;
+
+                        for_real = true;
+                        continue;
+                }
+
+                r = sd_bus_message_read(message, "s", &name);
+                if (r < 0)
+                        return r;
+
+                if (!UNIT_VTABLE(u)->bus_set_property)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_PROPERTY_READ_ONLY, "Objects of this type do not support setting properties.");
+
+                r = sd_bus_message_enter_container(message, 'v', NULL);
+                if (r < 0)
+                        return r;
+
+                r = UNIT_VTABLE(u)->bus_set_property(u, name, message, for_real ? mode : UNIT_CHECK, error);
+                if (r == 0 && u->transient && u->load_state == UNIT_STUB)
+                        r = bus_unit_set_transient_property(u, name, message, for_real ? mode : UNIT_CHECK, error);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return sd_bus_error_setf(error, SD_BUS_ERROR_PROPERTY_READ_ONLY, "Cannot set property %s, or unknown property.", name);
+
+                r = sd_bus_message_exit_container(message);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_exit_container(message);
+                if (r < 0)
+                        return r;
+
+                n += for_real;
+        }
+
+        r = sd_bus_message_exit_container(message);
+        if (r < 0)
+                return r;
+
+        if (commit && n > 0 && UNIT_VTABLE(u)->bus_commit_properties)
+                UNIT_VTABLE(u)->bus_commit_properties(u);
+
+        return n;
+}
+
+int bus_unit_check_load_state(Unit *u, sd_bus_error *error) {
+        assert(u);
+
+        if (u->load_state == UNIT_LOADED)
+                return 0;
+
+        /* Give a better description of the unit error when
+         * possible. Note that in the case of UNIT_MASKED, load_error
+         * is not set. */
+        if (u->load_state == UNIT_MASKED)
+                return sd_bus_error_setf(error, BUS_ERROR_UNIT_MASKED, "Unit %s is masked.", u->id);
+
+        if (u->load_state == UNIT_NOT_FOUND)
+                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not found.", u->id);
+
+        return sd_bus_error_set_errnof(error, u->load_error, "Unit %s is not loaded properly: %m.", u->id);
+}
diff --git a/src/libcore/dbus-unit.h b/src/libcore/dbus-unit.h
new file mode 100644
index 0000000000..758045a47c
--- /dev/null
+++ b/src/libcore/dbus-unit.h
@@ -0,0 +1,41 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "unit.h"
+
+extern const sd_bus_vtable bus_unit_vtable[];
+extern const sd_bus_vtable bus_unit_cgroup_vtable[];
+
+void bus_unit_send_change_signal(Unit *u);
+void bus_unit_send_removed_signal(Unit *u);
+
+int bus_unit_method_start_generic(sd_bus_message *message, Unit *u, JobType job_type, bool reload_if_possible, sd_bus_error *error);
+int bus_unit_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_unit_method_reset_failed(sd_bus_message *message, void *userdata, sd_bus_error *error);
+
+int bus_unit_queue_job(sd_bus_message *message, Unit *u, JobType type, JobMode mode, bool reload_if_possible, sd_bus_error *error);
+int bus_unit_set_properties(Unit *u, sd_bus_message *message, UnitSetPropertiesMode mode, bool commit, sd_bus_error *error);
+int bus_unit_method_set_properties(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bus_error *error);
+
+int bus_unit_check_load_state(Unit *u, sd_bus_error *error);
diff --git a/src/libcore/dbus.c b/src/libcore/dbus.c
new file mode 100644
index 0000000000..1b217da303
--- /dev/null
+++ b/src/libcore/dbus.c
@@ -0,0 +1,1243 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <sys/epoll.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-internal.h"
+#include "bus-util.h"
+#include "dbus-cgroup.h"
+#include "dbus-execute.h"
+#include "dbus-job.h"
+#include "dbus-kill.h"
+#include "dbus-manager.h"
+#include "dbus-unit.h"
+#include "dbus.h"
+#include "fd-util.h"
+#include "log.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "selinux-access.h"
+#include "special.h"
+#include "string-util.h"
+#include "strv.h"
+#include "strxcpyx.h"
+#include "user-util.h"
+
+#define CONNECTIONS_MAX 4096
+
+static void destroy_bus(Manager *m, sd_bus **bus);
+
+int bus_send_queued_message(Manager *m) {
+        int r;
+
+        assert(m);
+
+        if (!m->queued_message)
+                return 0;
+
+        /* If we cannot get rid of this message we won't dispatch any
+         * D-Bus messages, so that we won't end up wanting to queue
+         * another message. */
+
+        r = sd_bus_send(NULL, m->queued_message, NULL);
+        if (r < 0)
+                log_warning_errno(r, "Failed to send queued message: %m");
+
+        m->queued_message = sd_bus_message_unref(m->queued_message);
+
+        return 0;
+}
+
+int bus_forward_agent_released(Manager *m, const char *path) {
+        int r;
+
+        assert(m);
+        assert(path);
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return 0;
+
+        if (!m->system_bus)
+                return 0;
+
+        /* If we are running a system instance we forward the agent message on the system bus, so that the user
+         * instances get notified about this, too */
+
+        r = sd_bus_emit_signal(m->system_bus,
+                               "/org/freedesktop/systemd1/agent",
+                               "org.freedesktop.systemd1.Agent",
+                               "Released",
+                               "s", path);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to propagate agent release message: %m");
+
+        return 1;
+}
+
+static int signal_agent_released(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        Manager *m = userdata;
+        const char *cgroup;
+        uid_t sender_uid;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        /* only accept org.freedesktop.systemd1.Agent from UID=0 */
+        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_creds_get_euid(creds, &sender_uid);
+        if (r < 0 || sender_uid != 0)
+                return 0;
+
+        /* parse 'cgroup-empty' notification */
+        r = sd_bus_message_read(message, "s", &cgroup);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        manager_notify_cgroup_empty(m, cgroup);
+        return 0;
+}
+
+static int signal_disconnected(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        sd_bus *bus;
+
+        assert(message);
+        assert(m);
+        assert_se(bus = sd_bus_message_get_bus(message));
+
+        if (bus == m->api_bus)
+                destroy_bus(m, &m->api_bus);
+        if (bus == m->system_bus)
+                destroy_bus(m, &m->system_bus);
+        if (set_remove(m->private_buses, bus)) {
+                log_debug("Got disconnect on private connection.");
+                destroy_bus(m, &bus);
+        }
+
+        return 0;
+}
+
+static int signal_activation_request(sd_bus_message *message, void *userdata, sd_bus_error *ret_error) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        Manager *m = userdata;
+        const char *name;
+        Unit *u;
+        int r;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "s", &name);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        if (manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SERVICE) ||
+            manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SOCKET)) {
+                r = sd_bus_error_setf(&error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is shutting down.");
+                goto failed;
+        }
+
+        r = manager_load_unit(m, name, NULL, &error, &u);
+        if (r < 0)
+                goto failed;
+
+        if (u->refuse_manual_start) {
+                r = sd_bus_error_setf(&error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, %s may be requested by dependency only.", u->id);
+                goto failed;
+        }
+
+        r = manager_add_job(m, JOB_START, u, JOB_REPLACE, &error, NULL);
+        if (r < 0)
+                goto failed;
+
+        /* Successfully queued, that's it for us */
+        return 0;
+
+failed:
+        if (!sd_bus_error_is_set(&error))
+                sd_bus_error_set_errno(&error, r);
+
+        log_debug("D-Bus activation failed for %s: %s", name, bus_error_message(&error, r));
+
+        r = sd_bus_message_new_signal(sd_bus_message_get_bus(message), &reply, "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Activator", "ActivationFailure");
+        if (r < 0) {
+                bus_log_create_error(r);
+                return 0;
+        }
+
+        r = sd_bus_message_append(reply, "sss", name, error.name, error.message);
+        if (r < 0) {
+                bus_log_create_error(r);
+                return 0;
+        }
+
+        r = sd_bus_send_to(NULL, reply, "org.freedesktop.DBus", NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to respond with to bus activation request: %m");
+
+        return 0;
+}
+
+#ifdef HAVE_SELINUX
+static int mac_selinux_filter(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+        const char *verb, *path;
+        Unit *u = NULL;
+        Job *j;
+        int r;
+
+        assert(message);
+
+        /* Our own method calls are all protected individually with
+         * selinux checks, but the built-in interfaces need to be
+         * protected too. */
+
+        if (sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Properties", "Set"))
+                verb = "reload";
+        else if (sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Introspectable", NULL) ||
+                 sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Properties", NULL) ||
+                 sd_bus_message_is_method_call(message, "org.freedesktop.DBus.ObjectManager", NULL) ||
+                 sd_bus_message_is_method_call(message, "org.freedesktop.DBus.Peer", NULL))
+                verb = "status";
+        else
+                return 0;
+
+        path = sd_bus_message_get_path(message);
+
+        if (object_path_startswith("/org/freedesktop/systemd1", path)) {
+
+                r = mac_selinux_access_check(message, verb, error);
+                if (r < 0)
+                        return r;
+
+                return 0;
+        }
+
+        if (streq_ptr(path, "/org/freedesktop/systemd1/unit/self")) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+                pid_t pid;
+
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
+                if (r < 0)
+                        return 0;
+
+                r = sd_bus_creds_get_pid(creds, &pid);
+                if (r < 0)
+                        return 0;
+
+                u = manager_get_unit_by_pid(m, pid);
+        } else {
+                r = manager_get_job_from_dbus_path(m, path, &j);
+                if (r >= 0)
+                        u = j->unit;
+                else
+                        manager_load_unit_from_dbus_path(m, path, NULL, &u);
+        }
+
+        if (!u)
+                return 0;
+
+        r = mac_selinux_unit_access_check(u, message, verb, error);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+#endif
+
+static int bus_job_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+        Job *j;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        r = manager_get_job_from_dbus_path(m, path, &j);
+        if (r < 0)
+                return 0;
+
+        *found = j;
+        return 1;
+}
+
+static int find_unit(Manager *m, sd_bus *bus, const char *path, Unit **unit, sd_bus_error *error) {
+        Unit *u;
+        int r;
+
+        assert(m);
+        assert(bus);
+        assert(path);
+
+        if (streq_ptr(path, "/org/freedesktop/systemd1/unit/self")) {
+                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+                sd_bus_message *message;
+                pid_t pid;
+
+                message = sd_bus_get_current_message(bus);
+                if (!message)
+                        return 0;
+
+                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_creds_get_pid(creds, &pid);
+                if (r < 0)
+                        return r;
+
+                u = manager_get_unit_by_pid(m, pid);
+        } else {
+                r = manager_load_unit_from_dbus_path(m, path, error, &u);
+                if (r < 0)
+                        return 0;
+        }
+
+        if (!u)
+                return 0;
+
+        *unit = u;
+        return 1;
+}
+
+static int bus_unit_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        return find_unit(m, bus, path, (Unit**) found, error);
+}
+
+static int bus_unit_interface_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+        Unit *u;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        r = find_unit(m, bus, path, &u, error);
+        if (r <= 0)
+                return r;
+
+        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
+                return 0;
+
+        *found = u;
+        return 1;
+}
+
+static int bus_unit_cgroup_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+        Unit *u;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        r = find_unit(m, bus, path, &u, error);
+        if (r <= 0)
+                return r;
+
+        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
+                return 0;
+
+        if (!UNIT_HAS_CGROUP_CONTEXT(u))
+                return 0;
+
+        *found = u;
+        return 1;
+}
+
+static int bus_cgroup_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+        CGroupContext *c;
+        Unit *u;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        r = find_unit(m, bus, path, &u, error);
+        if (r <= 0)
+                return r;
+
+        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
+                return 0;
+
+        c = unit_get_cgroup_context(u);
+        if (!c)
+                return 0;
+
+        *found = c;
+        return 1;
+}
+
+static int bus_exec_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+        ExecContext *c;
+        Unit *u;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        r = find_unit(m, bus, path, &u, error);
+        if (r <= 0)
+                return r;
+
+        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
+                return 0;
+
+        c = unit_get_exec_context(u);
+        if (!c)
+                return 0;
+
+        *found = c;
+        return 1;
+}
+
+static int bus_kill_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
+        Manager *m = userdata;
+        KillContext *c;
+        Unit *u;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(found);
+        assert(m);
+
+        r = find_unit(m, bus, path, &u, error);
+        if (r <= 0)
+                return r;
+
+        if (!streq_ptr(interface, unit_dbus_interface_from_type(u->type)))
+                return 0;
+
+        c = unit_get_kill_context(u);
+        if (!c)
+                return 0;
+
+        *found = c;
+        return 1;
+}
+
+static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
+        _cleanup_free_ char **l = NULL;
+        Manager *m = userdata;
+        unsigned k = 0;
+        Iterator i;
+        Job *j;
+
+        l = new0(char*, hashmap_size(m->jobs)+1);
+        if (!l)
+                return -ENOMEM;
+
+        HASHMAP_FOREACH(j, m->jobs, i) {
+                l[k] = job_dbus_path(j);
+                if (!l[k])
+                        return -ENOMEM;
+
+                k++;
+        }
+
+        assert(hashmap_size(m->jobs) == k);
+
+        *nodes = l;
+        l = NULL;
+
+        return k;
+}
+
+static int bus_unit_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
+        _cleanup_free_ char **l = NULL;
+        Manager *m = userdata;
+        unsigned k = 0;
+        Iterator i;
+        Unit *u;
+
+        l = new0(char*, hashmap_size(m->units)+1);
+        if (!l)
+                return -ENOMEM;
+
+        HASHMAP_FOREACH(u, m->units, i) {
+                l[k] = unit_dbus_path(u);
+                if (!l[k])
+                        return -ENOMEM;
+
+                k++;
+        }
+
+        *nodes = l;
+        l = NULL;
+
+        return k;
+}
+
+static int bus_setup_api_vtables(Manager *m, sd_bus *bus) {
+        UnitType t;
+        int r;
+
+        assert(m);
+        assert(bus);
+
+#ifdef HAVE_SELINUX
+        r = sd_bus_add_filter(bus, NULL, mac_selinux_filter, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add SELinux access filter: %m");
+#endif
+
+        r = sd_bus_add_object_vtable(bus, NULL, "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager", bus_manager_vtable, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register Manager vtable: %m");
+
+        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/job", "org.freedesktop.systemd1.Job", bus_job_vtable, bus_job_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register Job vtable: %m");
+
+        r = sd_bus_add_node_enumerator(bus, NULL, "/org/freedesktop/systemd1/job", bus_job_enumerate, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add job enumerator: %m");
+
+        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", "org.freedesktop.systemd1.Unit", bus_unit_vtable, bus_unit_find, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register Unit vtable: %m");
+
+        r = sd_bus_add_node_enumerator(bus, NULL, "/org/freedesktop/systemd1/unit", bus_unit_enumerate, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add job enumerator: %m");
+
+        for (t = 0; t < _UNIT_TYPE_MAX; t++) {
+                const char *interface;
+
+                assert_se(interface = unit_dbus_interface_from_type(t));
+
+                r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, unit_vtable[t]->bus_vtable, bus_unit_interface_find, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to register type specific vtable for %s: %m", interface);
+
+                if (unit_vtable[t]->cgroup_context_offset > 0) {
+                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_unit_cgroup_vtable, bus_unit_cgroup_find, m);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to register control group unit vtable for %s: %m", interface);
+
+                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_cgroup_vtable, bus_cgroup_context_find, m);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to register control group vtable for %s: %m", interface);
+                }
+
+                if (unit_vtable[t]->exec_context_offset > 0) {
+                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_exec_vtable, bus_exec_context_find, m);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to register execute vtable for %s: %m", interface);
+                }
+
+                if (unit_vtable[t]->kill_context_offset > 0) {
+                        r = sd_bus_add_fallback_vtable(bus, NULL, "/org/freedesktop/systemd1/unit", interface, bus_kill_vtable, bus_kill_context_find, m);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to register kill vtable for %s: %m", interface);
+                }
+        }
+
+        return 0;
+}
+
+static int bus_setup_disconnected_match(Manager *m, sd_bus *bus) {
+        int r;
+
+        assert(m);
+        assert(bus);
+
+        r = sd_bus_add_match(
+                        bus,
+                        NULL,
+                        "sender='org.freedesktop.DBus.Local',"
+                        "type='signal',"
+                        "path='/org/freedesktop/DBus/Local',"
+                        "interface='org.freedesktop.DBus.Local',"
+                        "member='Disconnected'",
+                        signal_disconnected, m);
+
+        if (r < 0)
+                return log_error_errno(r, "Failed to register match for Disconnected message: %m");
+
+        return 0;
+}
+
+static int bus_on_connection(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        _cleanup_close_ int nfd = -1;
+        Manager *m = userdata;
+        sd_id128_t id;
+        int r;
+
+        assert(s);
+        assert(m);
+
+        nfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+        if (nfd < 0) {
+                log_warning_errno(errno, "Failed to accept private connection, ignoring: %m");
+                return 0;
+        }
+
+        if (set_size(m->private_buses) >= CONNECTIONS_MAX) {
+                log_warning("Too many concurrent connections, refusing");
+                return 0;
+        }
+
+        r = set_ensure_allocated(&m->private_buses, NULL);
+        if (r < 0) {
+                log_oom();
+                return 0;
+        }
+
+        r = sd_bus_new(&bus);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to allocate new private connection bus: %m");
+                return 0;
+        }
+
+        r = sd_bus_set_fd(bus, nfd, nfd);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to set fd on new connection bus: %m");
+                return 0;
+        }
+
+        nfd = -1;
+
+        r = bus_check_peercred(bus);
+        if (r < 0) {
+                log_warning_errno(r, "Incoming private connection from unprivileged client, refusing: %m");
+                return 0;
+        }
+
+        assert_se(sd_id128_randomize(&id) >= 0);
+
+        r = sd_bus_set_server(bus, 1, id);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to enable server support for new connection bus: %m");
+                return 0;
+        }
+
+        r = sd_bus_negotiate_creds(bus, 1,
+                                   SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
+                                   SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
+                                   SD_BUS_CREDS_SELINUX_CONTEXT);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to enable credentials for new connection: %m");
+                return 0;
+        }
+
+        r = sd_bus_start(bus);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to start new connection bus: %m");
+                return 0;
+        }
+
+        r = sd_bus_attach_event(bus, m->event, SD_EVENT_PRIORITY_NORMAL);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to attach new connection bus to event loop: %m");
+                return 0;
+        }
+
+        r = bus_setup_disconnected_match(m, bus);
+        if (r < 0)
+                return 0;
+
+        r = bus_setup_api_vtables(m, bus);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to set up API vtables on new connection bus: %m");
+                return 0;
+        }
+
+        r = set_put(m->private_buses, bus);
+        if (r < 0) {
+                log_warning_errno(r, "Failed to add new connection bus to set: %m");
+                return 0;
+        }
+
+        bus = NULL;
+
+        log_debug("Accepted new private connection.");
+
+        return 0;
+}
+
+int manager_sync_bus_names(Manager *m, sd_bus *bus) {
+        _cleanup_strv_free_ char **names = NULL;
+        const char *name;
+        Iterator i;
+        Unit *u;
+        int r;
+
+        assert(m);
+        assert(bus);
+
+        r = sd_bus_list_names(bus, &names, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get initial list of names: %m");
+
+        /* We have to synchronize the current bus names with the
+         * list of active services. To do this, walk the list of
+         * all units with bus names. */
+        HASHMAP_FOREACH_KEY(u, name, m->watch_bus, i) {
+                Service *s = SERVICE(u);
+
+                assert(s);
+
+                if (!streq_ptr(s->bus_name, name)) {
+                        log_unit_warning(u, "Bus name has changed from %s → %s, ignoring.", s->bus_name, name);
+                        continue;
+                }
+
+                /* Check if a service's bus name is in the list of currently
+                 * active names */
+                if (strv_contains(names, name)) {
+                        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+                        const char *unique;
+
+                        /* If it is, determine its current owner */
+                        r = sd_bus_get_name_creds(bus, name, SD_BUS_CREDS_UNIQUE_NAME, &creds);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to get bus name owner %s: %m", name);
+                                continue;
+                        }
+
+                        r = sd_bus_creds_get_unique_name(creds, &unique);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to get unique name for %s: %m", name);
+                                continue;
+                        }
+
+                        /* Now, let's compare that to the previous bus owner, and
+                         * if it's still the same, all is fine, so just don't
+                         * bother the service. Otherwise, the name has apparently
+                         * changed, so synthesize a name owner changed signal. */
+
+                        if (!streq_ptr(unique, s->bus_name_owner))
+                                UNIT_VTABLE(u)->bus_name_owner_change(u, name, s->bus_name_owner, unique);
+                } else {
+                        /* So, the name we're watching is not on the bus.
+                         * This either means it simply hasn't appeared yet,
+                         * or it was lost during the daemon reload.
+                         * Check if the service has a stored name owner,
+                         * and synthesize a name loss signal in this case. */
+
+                        if (s->bus_name_owner)
+                                UNIT_VTABLE(u)->bus_name_owner_change(u, name, s->bus_name_owner, NULL);
+                }
+        }
+
+        return 0;
+}
+
+static int bus_setup_api(Manager *m, sd_bus *bus) {
+        Iterator i;
+        char *name;
+        Unit *u;
+        int r;
+
+        assert(m);
+        assert(bus);
+
+        /* Let's make sure we have enough credential bits so that we can make security and selinux decisions */
+        r = sd_bus_negotiate_creds(bus, 1,
+                                   SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
+                                   SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
+                                   SD_BUS_CREDS_SELINUX_CONTEXT);
+        if (r < 0)
+                log_warning_errno(r, "Failed to enable credential passing, ignoring: %m");
+
+        r = bus_setup_api_vtables(m, bus);
+        if (r < 0)
+                return r;
+
+        HASHMAP_FOREACH_KEY(u, name, m->watch_bus, i) {
+                r = unit_install_bus_match(u, bus, name);
+                if (r < 0)
+                        log_error_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
+        }
+
+        r = sd_bus_add_match(
+                        bus,
+                        NULL,
+                        "type='signal',"
+                        "sender='org.freedesktop.DBus',"
+                        "path='/org/freedesktop/DBus',"
+                        "interface='org.freedesktop.systemd1.Activator',"
+                        "member='ActivationRequest'",
+                        signal_activation_request, m);
+        if (r < 0)
+                log_warning_errno(r, "Failed to subscribe to activation signal: %m");
+
+        /* Allow replacing of our name, to ease implementation of
+         * reexecution, where we keep the old connection open until
+         * after the new connection is set up and the name installed
+         * to allow clients to synchronously wait for reexecution to
+         * finish */
+        r = sd_bus_request_name(bus,"org.freedesktop.systemd1", SD_BUS_NAME_REPLACE_EXISTING|SD_BUS_NAME_ALLOW_REPLACEMENT);
+        if (r < 0)
+                return log_error_errno(r, "Failed to register name: %m");
+
+        r = manager_sync_bus_names(m, bus);
+        if (r < 0)
+                return r;
+
+        log_debug("Successfully connected to API bus.");
+        return 0;
+}
+
+static int bus_init_api(Manager *m) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        if (m->api_bus)
+                return 0;
+
+        /* The API and system bus is the same if we are running in system mode */
+        if (MANAGER_IS_SYSTEM(m) && m->system_bus)
+                bus = sd_bus_ref(m->system_bus);
+        else {
+                if (MANAGER_IS_SYSTEM(m))
+                        r = sd_bus_open_system(&bus);
+                else
+                        r = sd_bus_open_user(&bus);
+
+                if (r < 0) {
+                        log_debug("Failed to connect to API bus, retrying later...");
+                        return 0;
+                }
+
+                r = sd_bus_attach_event(bus, m->event, SD_EVENT_PRIORITY_NORMAL);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to attach API bus to event loop: %m");
+                        return 0;
+                }
+
+                r = bus_setup_disconnected_match(m, bus);
+                if (r < 0)
+                        return 0;
+        }
+
+        r = bus_setup_api(m, bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set up API bus: %m");
+                return 0;
+        }
+
+        m->api_bus = bus;
+        bus = NULL;
+
+        return 0;
+}
+
+static int bus_setup_system(Manager *m, sd_bus *bus) {
+        int r;
+
+        assert(m);
+        assert(bus);
+
+        /* if we are a user instance we get the Released message via the system bus */
+        if (MANAGER_IS_USER(m)) {
+                r = sd_bus_add_match(
+                                bus,
+                                NULL,
+                                "type='signal',"
+                                "interface='org.freedesktop.systemd1.Agent',"
+                                "member='Released',"
+                                "path='/org/freedesktop/systemd1/agent'",
+                                signal_agent_released, m);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to register Released match on system bus: %m");
+        }
+
+        log_debug("Successfully connected to system bus.");
+        return 0;
+}
+
+static int bus_init_system(Manager *m) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        if (m->system_bus)
+                return 0;
+
+        /* The API and system bus is the same if we are running in system mode */
+        if (MANAGER_IS_SYSTEM(m) && m->api_bus) {
+                m->system_bus = sd_bus_ref(m->api_bus);
+                return 0;
+        }
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0) {
+                log_debug("Failed to connect to system bus, retrying later...");
+                return 0;
+        }
+
+        r = bus_setup_disconnected_match(m, bus);
+        if (r < 0)
+                return 0;
+
+        r = sd_bus_attach_event(bus, m->event, SD_EVENT_PRIORITY_NORMAL);
+        if (r < 0) {
+                log_error_errno(r, "Failed to attach system bus to event loop: %m");
+                return 0;
+        }
+
+        r = bus_setup_system(m, bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set up system bus: %m");
+                return 0;
+        }
+
+        m->system_bus = bus;
+        bus = NULL;
+
+        return 0;
+}
+
+static int bus_init_private(Manager *m) {
+        _cleanup_close_ int fd = -1;
+        union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX
+        };
+        sd_event_source *s;
+        socklen_t salen;
+        int r;
+
+        assert(m);
+
+        if (m->private_listen_fd >= 0)
+                return 0;
+
+        /* We don't need the private socket if we have kdbus */
+        if (m->kdbus_fd >= 0)
+                return 0;
+
+        if (MANAGER_IS_SYSTEM(m)) {
+
+                /* We want the private bus only when running as init */
+                if (getpid() != 1)
+                        return 0;
+
+                strcpy(sa.un.sun_path, "/run/systemd/private");
+                salen = SOCKADDR_UN_LEN(sa.un);
+        } else {
+                size_t left = sizeof(sa.un.sun_path);
+                char *p = sa.un.sun_path;
+                const char *e;
+
+                e = secure_getenv("XDG_RUNTIME_DIR");
+                if (!e) {
+                        log_error("Failed to determine XDG_RUNTIME_DIR");
+                        return -EHOSTDOWN;
+                }
+
+                left = strpcpy(&p, left, e);
+                left = strpcpy(&p, left, "/systemd/private");
+
+                salen = sizeof(sa.un) - left;
+        }
+
+        (void) mkdir_parents_label(sa.un.sun_path, 0755);
+        (void) unlink(sa.un.sun_path);
+
+        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+        if (fd < 0)
+                return log_error_errno(errno, "Failed to allocate private socket: %m");
+
+        r = bind(fd, &sa.sa, salen);
+        if (r < 0)
+                return log_error_errno(errno, "Failed to bind private socket: %m");
+
+        r = listen(fd, SOMAXCONN);
+        if (r < 0)
+                return log_error_errno(errno, "Failed to make private socket listening: %m");
+
+        r = sd_event_add_io(m->event, &s, fd, EPOLLIN, bus_on_connection, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate event source: %m");
+
+        (void) sd_event_source_set_description(s, "bus-connection");
+
+        m->private_listen_fd = fd;
+        m->private_listen_event_source = s;
+        fd = -1;
+
+        log_debug("Successfully created private D-Bus server.");
+
+        return 0;
+}
+
+int bus_init(Manager *m, bool try_bus_connect) {
+        int r;
+
+        if (try_bus_connect) {
+                r = bus_init_system(m);
+                if (r < 0)
+                        return r;
+
+                r = bus_init_api(m);
+                if (r < 0)
+                        return r;
+        }
+
+        r = bus_init_private(m);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static void destroy_bus(Manager *m, sd_bus **bus) {
+        Iterator i;
+        Job *j;
+
+        assert(m);
+        assert(bus);
+
+        if (!*bus)
+                return;
+
+        /* Get rid of tracked clients on this bus */
+        if (m->subscribed && sd_bus_track_get_bus(m->subscribed) == *bus)
+                m->subscribed = sd_bus_track_unref(m->subscribed);
+
+        HASHMAP_FOREACH(j, m->jobs, i)
+                if (j->clients && sd_bus_track_get_bus(j->clients) == *bus)
+                        j->clients = sd_bus_track_unref(j->clients);
+
+        /* Get rid of queued message on this bus */
+        if (m->queued_message && sd_bus_message_get_bus(m->queued_message) == *bus)
+                m->queued_message = sd_bus_message_unref(m->queued_message);
+
+        /* Possibly flush unwritten data, but only if we are
+         * unprivileged, since we don't want to sync here */
+        if (!MANAGER_IS_SYSTEM(m))
+                sd_bus_flush(*bus);
+
+        /* And destroy the object */
+        sd_bus_close(*bus);
+        *bus = sd_bus_unref(*bus);
+}
+
+void bus_done(Manager *m) {
+        sd_bus *b;
+
+        assert(m);
+
+        if (m->api_bus)
+                destroy_bus(m, &m->api_bus);
+        if (m->system_bus)
+                destroy_bus(m, &m->system_bus);
+        while ((b = set_steal_first(m->private_buses)))
+                destroy_bus(m, &b);
+
+        m->private_buses = set_free(m->private_buses);
+
+        m->subscribed = sd_bus_track_unref(m->subscribed);
+        m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
+
+        if (m->private_listen_event_source)
+                m->private_listen_event_source = sd_event_source_unref(m->private_listen_event_source);
+
+        m->private_listen_fd = safe_close(m->private_listen_fd);
+
+        bus_verify_polkit_async_registry_free(m->polkit_registry);
+}
+
+int bus_fdset_add_all(Manager *m, FDSet *fds) {
+        Iterator i;
+        sd_bus *b;
+        int fd;
+
+        assert(m);
+        assert(fds);
+
+        /* When we are about to reexecute we add all D-Bus fds to the
+         * set to pass over to the newly executed systemd. They won't
+         * be used there however, except thatt they are closed at the
+         * very end of deserialization, those making it possible for
+         * clients to synchronously wait for systemd to reexec by
+         * simply waiting for disconnection */
+
+        if (m->api_bus) {
+                fd = sd_bus_get_fd(m->api_bus);
+                if (fd >= 0) {
+                        fd = fdset_put_dup(fds, fd);
+                        if (fd < 0)
+                                return fd;
+                }
+        }
+
+        SET_FOREACH(b, m->private_buses, i) {
+                fd = sd_bus_get_fd(b);
+                if (fd >= 0) {
+                        fd = fdset_put_dup(fds, fd);
+                        if (fd < 0)
+                                return fd;
+                }
+        }
+
+        /* We don't offer any APIs on the system bus (well, unless it
+         * is the same as the API bus) hence we don't bother with it
+         * here */
+
+        return 0;
+}
+
+int bus_foreach_bus(
+                Manager *m,
+                sd_bus_track *subscribed2,
+                int (*send_message)(sd_bus *bus, void *userdata),
+                void *userdata) {
+
+        Iterator i;
+        sd_bus *b;
+        int r, ret = 0;
+
+        /* Send to all direct buses, unconditionally */
+        SET_FOREACH(b, m->private_buses, i) {
+                r = send_message(b, userdata);
+                if (r < 0)
+                        ret = r;
+        }
+
+        /* Send to API bus, but only if somebody is subscribed */
+        if (sd_bus_track_count(m->subscribed) > 0 ||
+            sd_bus_track_count(subscribed2) > 0) {
+                r = send_message(m->api_bus, userdata);
+                if (r < 0)
+                        ret = r;
+        }
+
+        return ret;
+}
+
+void bus_track_serialize(sd_bus_track *t, FILE *f) {
+        const char *n;
+
+        assert(f);
+
+        for (n = sd_bus_track_first(t); n; n = sd_bus_track_next(t))
+                fprintf(f, "subscribed=%s\n", n);
+}
+
+int bus_track_deserialize_item(char ***l, const char *line) {
+        const char *e;
+        int r;
+
+        assert(l);
+        assert(line);
+
+        e = startswith(line, "subscribed=");
+        if (!e)
+                return 0;
+
+        r = strv_extend(l, e);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+int bus_track_coldplug(Manager *m, sd_bus_track **t, char ***l) {
+        int r = 0;
+
+        assert(m);
+        assert(t);
+        assert(l);
+
+        if (!strv_isempty(*l) && m->api_bus) {
+                char **i;
+
+                if (!*t) {
+                        r = sd_bus_track_new(m->api_bus, t, NULL, NULL);
+                        if (r < 0)
+                                return r;
+                }
+
+                r = 0;
+                STRV_FOREACH(i, *l) {
+                        int k;
+
+                        k = sd_bus_track_add_name(*t, *i);
+                        if (k < 0)
+                                r = k;
+                }
+        }
+
+        *l = strv_free(*l);
+
+        return r;
+}
+
+int bus_verify_manage_units_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
+        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-units", NULL, false, UID_INVALID, &m->polkit_registry, error);
+}
+
+int bus_verify_manage_unit_files_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
+        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-unit-files", NULL, false, UID_INVALID, &m->polkit_registry, error);
+}
+
+int bus_verify_reload_daemon_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
+        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.reload-daemon", NULL, false, UID_INVALID, &m->polkit_registry, error);
+}
+
+int bus_verify_set_environment_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
+        return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.set-environment", NULL, false, UID_INVALID, &m->polkit_registry, error);
+}
diff --git a/src/core/dbus.h b/src/libcore/dbus.h
index 6baaffbd75..6baaffbd75 100644
--- a/src/core/dbus.h
+++ b/src/libcore/dbus.h
diff --git a/src/core/device.c b/src/libcore/device.c
index 16e56efcc3..16e56efcc3 100644
--- a/src/core/device.c
+++ b/src/libcore/device.c
diff --git a/src/core/device.h b/src/libcore/device.h
index 184a1a349b..184a1a349b 100644
--- a/src/core/device.h
+++ b/src/libcore/device.h
diff --git a/src/libcore/execute.c b/src/libcore/execute.c
new file mode 100644
index 0000000000..b58fb80be2
--- /dev/null
+++ b/src/libcore/execute.c
@@ -0,0 +1,3092 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <glob.h>
+#include <grp.h>
+#include <poll.h>
+#include <signal.h>
+#include <string.h>
+#include <sys/capability.h>
+#include <sys/personality.h>
+#include <sys/prctl.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <utmpx.h>
+
+#ifdef HAVE_PAM
+#include <security/pam_appl.h>
+#endif
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+#ifdef HAVE_SECCOMP
+#include <seccomp.h>
+#endif
+
+#ifdef HAVE_APPARMOR
+#include <sys/apparmor.h>
+#endif
+
+#include <systemd/sd-messages.h>
+
+#include "af-list.h"
+#include "alloc-util.h"
+#ifdef HAVE_APPARMOR
+#include "apparmor-util.h"
+#endif
+#include "async.h"
+#include "barrier.h"
+#include "cap-list.h"
+#include "capability-util.h"
+#include "def.h"
+#include "env-util.h"
+#include "errno-list.h"
+#include "execute.h"
+#include "exit-status.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "glob-util.h"
+#include "io-util.h"
+#include "ioprio.h"
+#include "log.h"
+#include "macro.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "namespace.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "rlimit-util.h"
+#include "rm-rf.h"
+#ifdef HAVE_SECCOMP
+#include "seccomp-util.h"
+#endif
+#include "securebits.h"
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "smack-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "syslog-util.h"
+#include "terminal-util.h"
+#include "unit.h"
+#include "user-util.h"
+#include "util.h"
+#include "utmp-wtmp.h"
+
+#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
+#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
+
+/* This assumes there is a 'tty' group */
+#define TTY_MODE 0620
+
+#define SNDBUF_SIZE (8*1024*1024)
+
+static int shift_fds(int fds[], unsigned n_fds) {
+        int start, restart_from;
+
+        if (n_fds <= 0)
+                return 0;
+
+        /* Modifies the fds array! (sorts it) */
+
+        assert(fds);
+
+        start = 0;
+        for (;;) {
+                int i;
+
+                restart_from = -1;
+
+                for (i = start; i < (int) n_fds; i++) {
+                        int nfd;
+
+                        /* Already at right index? */
+                        if (fds[i] == i+3)
+                                continue;
+
+                        nfd = fcntl(fds[i], F_DUPFD, i + 3);
+                        if (nfd < 0)
+                                return -errno;
+
+                        safe_close(fds[i]);
+                        fds[i] = nfd;
+
+                        /* Hmm, the fd we wanted isn't free? Then
+                         * let's remember that and try again from here */
+                        if (nfd != i+3 && restart_from < 0)
+                                restart_from = i;
+                }
+
+                if (restart_from < 0)
+                        break;
+
+                start = restart_from;
+        }
+
+        return 0;
+}
+
+static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
+        unsigned i;
+        int r;
+
+        if (n_fds <= 0)
+                return 0;
+
+        assert(fds);
+
+        /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
+
+        for (i = 0; i < n_fds; i++) {
+
+                r = fd_nonblock(fds[i], nonblock);
+                if (r < 0)
+                        return r;
+
+                /* We unconditionally drop FD_CLOEXEC from the fds,
+                 * since after all we want to pass these fds to our
+                 * children */
+
+                r = fd_cloexec(fds[i], false);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static const char *exec_context_tty_path(const ExecContext *context) {
+        assert(context);
+
+        if (context->stdio_as_fds)
+                return NULL;
+
+        if (context->tty_path)
+                return context->tty_path;
+
+        return "/dev/console";
+}
+
+static void exec_context_tty_reset(const ExecContext *context, const ExecParameters *p) {
+        const char *path;
+
+        assert(context);
+
+        path = exec_context_tty_path(context);
+
+        if (context->tty_vhangup) {
+                if (p && p->stdin_fd >= 0)
+                        (void) terminal_vhangup_fd(p->stdin_fd);
+                else if (path)
+                        (void) terminal_vhangup(path);
+        }
+
+        if (context->tty_reset) {
+                if (p && p->stdin_fd >= 0)
+                        (void) reset_terminal_fd(p->stdin_fd, true);
+                else if (path)
+                        (void) reset_terminal(path);
+        }
+
+        if (context->tty_vt_disallocate && path)
+                (void) vt_disallocate(path);
+}
+
+static bool is_terminal_output(ExecOutput o) {
+        return
+                o == EXEC_OUTPUT_TTY ||
+                o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
+                o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
+                o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
+}
+
+static int open_null_as(int flags, int nfd) {
+        int fd, r;
+
+        assert(nfd >= 0);
+
+        fd = open("/dev/null", flags|O_NOCTTY);
+        if (fd < 0)
+                return -errno;
+
+        if (fd != nfd) {
+                r = dup2(fd, nfd) < 0 ? -errno : nfd;
+                safe_close(fd);
+        } else
+                r = nfd;
+
+        return r;
+}
+
+static int connect_journal_socket(int fd, uid_t uid, gid_t gid) {
+        union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/journal/stdout",
+        };
+        uid_t olduid = UID_INVALID;
+        gid_t oldgid = GID_INVALID;
+        int r;
+
+        if (gid != GID_INVALID) {
+                oldgid = getgid();
+
+                r = setegid(gid);
+                if (r < 0)
+                        return -errno;
+        }
+
+        if (uid != UID_INVALID) {
+                olduid = getuid();
+
+                r = seteuid(uid);
+                if (r < 0) {
+                        r = -errno;
+                        goto restore_gid;
+                }
+        }
+
+        r = connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+        if (r < 0)
+                r = -errno;
+
+        /* If we fail to restore the uid or gid, things will likely
+           fail later on. This should only happen if an LSM interferes. */
+
+        if (uid != UID_INVALID)
+                (void) seteuid(olduid);
+
+ restore_gid:
+        if (gid != GID_INVALID)
+                (void) setegid(oldgid);
+
+        return r;
+}
+
+static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd, uid_t uid, gid_t gid) {
+        int fd, r;
+
+        assert(context);
+        assert(output < _EXEC_OUTPUT_MAX);
+        assert(ident);
+        assert(nfd >= 0);
+
+        fd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (fd < 0)
+                return -errno;
+
+        r = connect_journal_socket(fd, uid, gid);
+        if (r < 0)
+                return r;
+
+        if (shutdown(fd, SHUT_RD) < 0) {
+                safe_close(fd);
+                return -errno;
+        }
+
+        fd_inc_sndbuf(fd, SNDBUF_SIZE);
+
+        dprintf(fd,
+                "%s\n"
+                "%s\n"
+                "%i\n"
+                "%i\n"
+                "%i\n"
+                "%i\n"
+                "%i\n",
+                context->syslog_identifier ? context->syslog_identifier : ident,
+                unit_id,
+                context->syslog_priority,
+                !!context->syslog_level_prefix,
+                output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
+                output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
+                is_terminal_output(output));
+
+        if (fd != nfd) {
+                r = dup2(fd, nfd) < 0 ? -errno : nfd;
+                safe_close(fd);
+        } else
+                r = nfd;
+
+        return r;
+}
+static int open_terminal_as(const char *path, mode_t mode, int nfd) {
+        int fd, r;
+
+        assert(path);
+        assert(nfd >= 0);
+
+        fd = open_terminal(path, mode | O_NOCTTY);
+        if (fd < 0)
+                return fd;
+
+        if (fd != nfd) {
+                r = dup2(fd, nfd) < 0 ? -errno : nfd;
+                safe_close(fd);
+        } else
+                r = nfd;
+
+        return r;
+}
+
+static bool is_terminal_input(ExecInput i) {
+        return
+                i == EXEC_INPUT_TTY ||
+                i == EXEC_INPUT_TTY_FORCE ||
+                i == EXEC_INPUT_TTY_FAIL;
+}
+
+static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
+
+        if (is_terminal_input(std_input) && !apply_tty_stdin)
+                return EXEC_INPUT_NULL;
+
+        if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
+                return EXEC_INPUT_NULL;
+
+        return std_input;
+}
+
+static int fixup_output(ExecOutput std_output, int socket_fd) {
+
+        if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
+                return EXEC_OUTPUT_INHERIT;
+
+        return std_output;
+}
+
+static int setup_input(
+                const ExecContext *context,
+                const ExecParameters *params,
+                int socket_fd) {
+
+        ExecInput i;
+
+        assert(context);
+        assert(params);
+
+        if (params->stdin_fd >= 0) {
+                if (dup2(params->stdin_fd, STDIN_FILENO) < 0)
+                        return -errno;
+
+                /* Try to make this the controlling tty, if it is a tty, and reset it */
+                (void) ioctl(STDIN_FILENO, TIOCSCTTY, context->std_input == EXEC_INPUT_TTY_FORCE);
+                (void) reset_terminal_fd(STDIN_FILENO, true);
+
+                return STDIN_FILENO;
+        }
+
+        i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
+
+        switch (i) {
+
+        case EXEC_INPUT_NULL:
+                return open_null_as(O_RDONLY, STDIN_FILENO);
+
+        case EXEC_INPUT_TTY:
+        case EXEC_INPUT_TTY_FORCE:
+        case EXEC_INPUT_TTY_FAIL: {
+                int fd, r;
+
+                fd = acquire_terminal(exec_context_tty_path(context),
+                                      i == EXEC_INPUT_TTY_FAIL,
+                                      i == EXEC_INPUT_TTY_FORCE,
+                                      false,
+                                      USEC_INFINITY);
+                if (fd < 0)
+                        return fd;
+
+                if (fd != STDIN_FILENO) {
+                        r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
+                        safe_close(fd);
+                } else
+                        r = STDIN_FILENO;
+
+                return r;
+        }
+
+        case EXEC_INPUT_SOCKET:
+                return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
+
+        default:
+                assert_not_reached("Unknown input type");
+        }
+}
+
+static int setup_output(
+                Unit *unit,
+                const ExecContext *context,
+                const ExecParameters *params,
+                int fileno,
+                int socket_fd,
+                const char *ident,
+                uid_t uid, gid_t gid) {
+
+        ExecOutput o;
+        ExecInput i;
+        int r;
+
+        assert(unit);
+        assert(context);
+        assert(params);
+        assert(ident);
+
+        if (fileno == STDOUT_FILENO && params->stdout_fd >= 0) {
+
+                if (dup2(params->stdout_fd, STDOUT_FILENO) < 0)
+                        return -errno;
+
+                return STDOUT_FILENO;
+        }
+
+        if (fileno == STDERR_FILENO && params->stderr_fd >= 0) {
+                if (dup2(params->stderr_fd, STDERR_FILENO) < 0)
+                        return -errno;
+
+                return STDERR_FILENO;
+        }
+
+        i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
+        o = fixup_output(context->std_output, socket_fd);
+
+        if (fileno == STDERR_FILENO) {
+                ExecOutput e;
+                e = fixup_output(context->std_error, socket_fd);
+
+                /* This expects the input and output are already set up */
+
+                /* Don't change the stderr file descriptor if we inherit all
+                 * the way and are not on a tty */
+                if (e == EXEC_OUTPUT_INHERIT &&
+                    o == EXEC_OUTPUT_INHERIT &&
+                    i == EXEC_INPUT_NULL &&
+                    !is_terminal_input(context->std_input) &&
+                    getppid () != 1)
+                        return fileno;
+
+                /* Duplicate from stdout if possible */
+                if (e == o || e == EXEC_OUTPUT_INHERIT)
+                        return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
+
+                o = e;
+
+        } else if (o == EXEC_OUTPUT_INHERIT) {
+                /* If input got downgraded, inherit the original value */
+                if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
+                        return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
+
+                /* If the input is connected to anything that's not a /dev/null, inherit that... */
+                if (i != EXEC_INPUT_NULL)
+                        return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
+
+                /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
+                if (getppid() != 1)
+                        return fileno;
+
+                /* We need to open /dev/null here anew, to get the right access mode. */
+                return open_null_as(O_WRONLY, fileno);
+        }
+
+        switch (o) {
+
+        case EXEC_OUTPUT_NULL:
+                return open_null_as(O_WRONLY, fileno);
+
+        case EXEC_OUTPUT_TTY:
+                if (is_terminal_input(i))
+                        return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
+
+                /* We don't reset the terminal if this is just about output */
+                return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
+
+        case EXEC_OUTPUT_SYSLOG:
+        case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
+        case EXEC_OUTPUT_KMSG:
+        case EXEC_OUTPUT_KMSG_AND_CONSOLE:
+        case EXEC_OUTPUT_JOURNAL:
+        case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
+                r = connect_logger_as(context, o, ident, unit->id, fileno, uid, gid);
+                if (r < 0) {
+                        log_unit_error_errno(unit, r, "Failed to connect %s to the journal socket, ignoring: %m", fileno == STDOUT_FILENO ? "stdout" : "stderr");
+                        r = open_null_as(O_WRONLY, fileno);
+                }
+                return r;
+
+        case EXEC_OUTPUT_SOCKET:
+                assert(socket_fd >= 0);
+                return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
+
+        default:
+                assert_not_reached("Unknown error type");
+        }
+}
+
+static int chown_terminal(int fd, uid_t uid) {
+        struct stat st;
+
+        assert(fd >= 0);
+
+        /* This might fail. What matters are the results. */
+        (void) fchown(fd, uid, -1);
+        (void) fchmod(fd, TTY_MODE);
+
+        if (fstat(fd, &st) < 0)
+                return -errno;
+
+        if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
+                return -EPERM;
+
+        return 0;
+}
+
+static int setup_confirm_stdio(int *_saved_stdin, int *_saved_stdout) {
+        _cleanup_close_ int fd = -1, saved_stdin = -1, saved_stdout = -1;
+        int r;
+
+        assert(_saved_stdin);
+        assert(_saved_stdout);
+
+        saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
+        if (saved_stdin < 0)
+                return -errno;
+
+        saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
+        if (saved_stdout < 0)
+                return -errno;
+
+        fd = acquire_terminal(
+                        "/dev/console",
+                        false,
+                        false,
+                        false,
+                        DEFAULT_CONFIRM_USEC);
+        if (fd < 0)
+                return fd;
+
+        r = chown_terminal(fd, getuid());
+        if (r < 0)
+                return r;
+
+        r = reset_terminal_fd(fd, true);
+        if (r < 0)
+                return r;
+
+        if (dup2(fd, STDIN_FILENO) < 0)
+                return -errno;
+
+        if (dup2(fd, STDOUT_FILENO) < 0)
+                return -errno;
+
+        if (fd >= 2)
+                safe_close(fd);
+        fd = -1;
+
+        *_saved_stdin = saved_stdin;
+        *_saved_stdout = saved_stdout;
+
+        saved_stdin = saved_stdout = -1;
+
+        return 0;
+}
+
+_printf_(1, 2) static int write_confirm_message(const char *format, ...) {
+        _cleanup_close_ int fd = -1;
+        va_list ap;
+
+        assert(format);
+
+        fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
+        if (fd < 0)
+                return fd;
+
+        va_start(ap, format);
+        vdprintf(fd, format, ap);
+        va_end(ap);
+
+        return 0;
+}
+
+static int restore_confirm_stdio(int *saved_stdin, int *saved_stdout) {
+        int r = 0;
+
+        assert(saved_stdin);
+        assert(saved_stdout);
+
+        release_terminal();
+
+        if (*saved_stdin >= 0)
+                if (dup2(*saved_stdin, STDIN_FILENO) < 0)
+                        r = -errno;
+
+        if (*saved_stdout >= 0)
+                if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
+                        r = -errno;
+
+        *saved_stdin = safe_close(*saved_stdin);
+        *saved_stdout = safe_close(*saved_stdout);
+
+        return r;
+}
+
+static int ask_for_confirmation(char *response, char **argv) {
+        int saved_stdout = -1, saved_stdin = -1, r;
+        _cleanup_free_ char *line = NULL;
+
+        r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
+        if (r < 0)
+                return r;
+
+        line = exec_command_line(argv);
+        if (!line)
+                return -ENOMEM;
+
+        r = ask_char(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
+
+        restore_confirm_stdio(&saved_stdin, &saved_stdout);
+
+        return r;
+}
+
+static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
+        bool keep_groups = false;
+        int r;
+
+        assert(context);
+
+        /* Lookup and set GID and supplementary group list. Here too
+         * we avoid NSS lookups for gid=0. */
+
+        if (context->group || username) {
+                /* First step, initialize groups from /etc/groups */
+                if (username && gid != 0) {
+                        if (initgroups(username, gid) < 0)
+                                return -errno;
+
+                        keep_groups = true;
+                }
+
+                /* Second step, set our gids */
+                if (setresgid(gid, gid, gid) < 0)
+                        return -errno;
+        }
+
+        if (context->supplementary_groups) {
+                int ngroups_max, k;
+                gid_t *gids;
+                char **i;
+
+                /* Final step, initialize any manually set supplementary groups */
+                assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
+
+                if (!(gids = new(gid_t, ngroups_max)))
+                        return -ENOMEM;
+
+                if (keep_groups) {
+                        k = getgroups(ngroups_max, gids);
+                        if (k < 0) {
+                                free(gids);
+                                return -errno;
+                        }
+                } else
+                        k = 0;
+
+                STRV_FOREACH(i, context->supplementary_groups) {
+                        const char *g;
+
+                        if (k >= ngroups_max) {
+                                free(gids);
+                                return -E2BIG;
+                        }
+
+                        g = *i;
+                        r = get_group_creds(&g, gids+k);
+                        if (r < 0) {
+                                free(gids);
+                                return r;
+                        }
+
+                        k++;
+                }
+
+                if (setgroups(k, gids) < 0) {
+                        free(gids);
+                        return -errno;
+                }
+
+                free(gids);
+        }
+
+        return 0;
+}
+
+static int enforce_user(const ExecContext *context, uid_t uid) {
+        assert(context);
+
+        /* Sets (but doesn't look up) the uid and make sure we keep the
+         * capabilities while doing so. */
+
+        if (context->capability_ambient_set != 0) {
+
+                /* First step: If we need to keep capabilities but
+                 * drop privileges we need to make sure we keep our
+                 * caps, while we drop privileges. */
+                if (uid != 0) {
+                        int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
+
+                        if (prctl(PR_GET_SECUREBITS) != sb)
+                                if (prctl(PR_SET_SECUREBITS, sb) < 0)
+                                        return -errno;
+                }
+        }
+
+        /* Second step: actually set the uids */
+        if (setresuid(uid, uid, uid) < 0)
+                return -errno;
+
+        /* At this point we should have all necessary capabilities but
+           are otherwise a normal user. However, the caps might got
+           corrupted due to the setresuid() so we need clean them up
+           later. This is done outside of this call. */
+
+        return 0;
+}
+
+#ifdef HAVE_PAM
+
+static int null_conv(
+                int num_msg,
+                const struct pam_message **msg,
+                struct pam_response **resp,
+                void *appdata_ptr) {
+
+        /* We don't support conversations */
+
+        return PAM_CONV_ERR;
+}
+
+static int setup_pam(
+                const char *name,
+                const char *user,
+                uid_t uid,
+                const char *tty,
+                char ***pam_env,
+                int fds[], unsigned n_fds) {
+
+        static const struct pam_conv conv = {
+                .conv = null_conv,
+                .appdata_ptr = NULL
+        };
+
+        _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
+        pam_handle_t *handle = NULL;
+        sigset_t old_ss;
+        int pam_code = PAM_SUCCESS, r;
+        char **e = NULL;
+        bool close_session = false;
+        pid_t pam_pid = 0, parent_pid;
+        int flags = 0;
+
+        assert(name);
+        assert(user);
+        assert(pam_env);
+
+        /* We set up PAM in the parent process, then fork. The child
+         * will then stay around until killed via PR_GET_PDEATHSIG or
+         * systemd via the cgroup logic. It will then remove the PAM
+         * session again. The parent process will exec() the actual
+         * daemon. We do things this way to ensure that the main PID
+         * of the daemon is the one we initially fork()ed. */
+
+        r = barrier_create(&barrier);
+        if (r < 0)
+                goto fail;
+
+        if (log_get_max_level() < LOG_DEBUG)
+                flags |= PAM_SILENT;
+
+        pam_code = pam_start(name, user, &conv, &handle);
+        if (pam_code != PAM_SUCCESS) {
+                handle = NULL;
+                goto fail;
+        }
+
+        if (tty) {
+                pam_code = pam_set_item(handle, PAM_TTY, tty);
+                if (pam_code != PAM_SUCCESS)
+                        goto fail;
+        }
+
+        pam_code = pam_acct_mgmt(handle, flags);
+        if (pam_code != PAM_SUCCESS)
+                goto fail;
+
+        pam_code = pam_open_session(handle, flags);
+        if (pam_code != PAM_SUCCESS)
+                goto fail;
+
+        close_session = true;
+
+        e = pam_getenvlist(handle);
+        if (!e) {
+                pam_code = PAM_BUF_ERR;
+                goto fail;
+        }
+
+        /* Block SIGTERM, so that we know that it won't get lost in
+         * the child */
+
+        assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0);
+
+        parent_pid = getpid();
+
+        pam_pid = fork();
+        if (pam_pid < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        if (pam_pid == 0) {
+                int sig, ret = EXIT_PAM;
+
+                /* The child's job is to reset the PAM session on
+                 * termination */
+                barrier_set_role(&barrier, BARRIER_CHILD);
+
+                /* This string must fit in 10 chars (i.e. the length
+                 * of "/sbin/init"), to look pretty in /bin/ps */
+                rename_process("(sd-pam)");
+
+                /* Make sure we don't keep open the passed fds in this
+                child. We assume that otherwise only those fds are
+                open here that have been opened by PAM. */
+                close_many(fds, n_fds);
+
+                /* Drop privileges - we don't need any to pam_close_session
+                 * and this will make PR_SET_PDEATHSIG work in most cases.
+                 * If this fails, ignore the error - but expect sd-pam threads
+                 * to fail to exit normally */
+                if (setresuid(uid, uid, uid) < 0)
+                        log_error_errno(r, "Error: Failed to setresuid() in sd-pam: %m");
+
+                (void) ignore_signals(SIGPIPE, -1);
+
+                /* Wait until our parent died. This will only work if
+                 * the above setresuid() succeeds, otherwise the kernel
+                 * will not allow unprivileged parents kill their privileged
+                 * children this way. We rely on the control groups kill logic
+                 * to do the rest for us. */
+                if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
+                        goto child_finish;
+
+                /* Tell the parent that our setup is done. This is especially
+                 * important regarding dropping privileges. Otherwise, unit
+                 * setup might race against our setresuid(2) call. */
+                barrier_place(&barrier);
+
+                /* Check if our parent process might already have
+                 * died? */
+                if (getppid() == parent_pid) {
+                        sigset_t ss;
+
+                        assert_se(sigemptyset(&ss) >= 0);
+                        assert_se(sigaddset(&ss, SIGTERM) >= 0);
+
+                        for (;;) {
+                                if (sigwait(&ss, &sig) < 0) {
+                                        if (errno == EINTR)
+                                                continue;
+
+                                        goto child_finish;
+                                }
+
+                                assert(sig == SIGTERM);
+                                break;
+                        }
+                }
+
+                /* If our parent died we'll end the session */
+                if (getppid() != parent_pid) {
+                        pam_code = pam_close_session(handle, flags);
+                        if (pam_code != PAM_SUCCESS)
+                                goto child_finish;
+                }
+
+                ret = 0;
+
+        child_finish:
+                pam_end(handle, pam_code | flags);
+                _exit(ret);
+        }
+
+        barrier_set_role(&barrier, BARRIER_PARENT);
+
+        /* If the child was forked off successfully it will do all the
+         * cleanups, so forget about the handle here. */
+        handle = NULL;
+
+        /* Unblock SIGTERM again in the parent */
+        assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0);
+
+        /* We close the log explicitly here, since the PAM modules
+         * might have opened it, but we don't want this fd around. */
+        closelog();
+
+        /* Synchronously wait for the child to initialize. We don't care for
+         * errors as we cannot recover. However, warn loudly if it happens. */
+        if (!barrier_place_and_sync(&barrier))
+                log_error("PAM initialization failed");
+
+        *pam_env = e;
+        e = NULL;
+
+        return 0;
+
+fail:
+        if (pam_code != PAM_SUCCESS) {
+                log_error("PAM failed: %s", pam_strerror(handle, pam_code));
+                r = -EPERM;  /* PAM errors do not map to errno */
+        } else
+                log_error_errno(r, "PAM failed: %m");
+
+        if (handle) {
+                if (close_session)
+                        pam_code = pam_close_session(handle, flags);
+
+                pam_end(handle, pam_code | flags);
+        }
+
+        strv_free(e);
+        closelog();
+
+        return r;
+}
+#endif
+
+static void rename_process_from_path(const char *path) {
+        char process_name[11];
+        const char *p;
+        size_t l;
+
+        /* This resulting string must fit in 10 chars (i.e. the length
+         * of "/sbin/init") to look pretty in /bin/ps */
+
+        p = basename(path);
+        if (isempty(p)) {
+                rename_process("(...)");
+                return;
+        }
+
+        l = strlen(p);
+        if (l > 8) {
+                /* The end of the process name is usually more
+                 * interesting, since the first bit might just be
+                 * "systemd-" */
+                p = p + l - 8;
+                l = 8;
+        }
+
+        process_name[0] = '(';
+        memcpy(process_name+1, p, l);
+        process_name[1+l] = ')';
+        process_name[1+l+1] = 0;
+
+        rename_process(process_name);
+}
+
+#ifdef HAVE_SECCOMP
+
+static int apply_seccomp(const ExecContext *c) {
+        uint32_t negative_action, action;
+        scmp_filter_ctx *seccomp;
+        Iterator i;
+        void *id;
+        int r;
+
+        assert(c);
+
+        negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);
+
+        seccomp = seccomp_init(c->syscall_whitelist ? negative_action : SCMP_ACT_ALLOW);
+        if (!seccomp)
+                return -ENOMEM;
+
+        if (c->syscall_archs) {
+
+                SET_FOREACH(id, c->syscall_archs, i) {
+                        r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
+                        if (r == -EEXIST)
+                                continue;
+                        if (r < 0)
+                                goto finish;
+                }
+
+        } else {
+                r = seccomp_add_secondary_archs(seccomp);
+                if (r < 0)
+                        goto finish;
+        }
+
+        action = c->syscall_whitelist ? SCMP_ACT_ALLOW : negative_action;
+        SET_FOREACH(id, c->syscall_filter, i) {
+                r = seccomp_rule_add(seccomp, action, PTR_TO_INT(id) - 1, 0);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+        if (r < 0)
+                goto finish;
+
+        r = seccomp_load(seccomp);
+
+finish:
+        seccomp_release(seccomp);
+        return r;
+}
+
+static int apply_address_families(const ExecContext *c) {
+        scmp_filter_ctx *seccomp;
+        Iterator i;
+        int r;
+
+        assert(c);
+
+        seccomp = seccomp_init(SCMP_ACT_ALLOW);
+        if (!seccomp)
+                return -ENOMEM;
+
+        r = seccomp_add_secondary_archs(seccomp);
+        if (r < 0)
+                goto finish;
+
+        if (c->address_families_whitelist) {
+                int af, first = 0, last = 0;
+                void *afp;
+
+                /* If this is a whitelist, we first block the address
+                 * families that are out of range and then everything
+                 * that is not in the set. First, we find the lowest
+                 * and highest address family in the set. */
+
+                SET_FOREACH(afp, c->address_families, i) {
+                        af = PTR_TO_INT(afp);
+
+                        if (af <= 0 || af >= af_max())
+                                continue;
+
+                        if (first == 0 || af < first)
+                                first = af;
+
+                        if (last == 0 || af > last)
+                                last = af;
+                }
+
+                assert((first == 0) == (last == 0));
+
+                if (first == 0) {
+
+                        /* No entries in the valid range, block everything */
+                        r = seccomp_rule_add(
+                                        seccomp,
+                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
+                                        SCMP_SYS(socket),
+                                        0);
+                        if (r < 0)
+                                goto finish;
+
+                } else {
+
+                        /* Block everything below the first entry */
+                        r = seccomp_rule_add(
+                                        seccomp,
+                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
+                                        SCMP_SYS(socket),
+                                        1,
+                                        SCMP_A0(SCMP_CMP_LT, first));
+                        if (r < 0)
+                                goto finish;
+
+                        /* Block everything above the last entry */
+                        r = seccomp_rule_add(
+                                        seccomp,
+                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
+                                        SCMP_SYS(socket),
+                                        1,
+                                        SCMP_A0(SCMP_CMP_GT, last));
+                        if (r < 0)
+                                goto finish;
+
+                        /* Block everything between the first and last
+                         * entry */
+                        for (af = 1; af < af_max(); af++) {
+
+                                if (set_contains(c->address_families, INT_TO_PTR(af)))
+                                        continue;
+
+                                r = seccomp_rule_add(
+                                                seccomp,
+                                                SCMP_ACT_ERRNO(EPROTONOSUPPORT),
+                                                SCMP_SYS(socket),
+                                                1,
+                                                SCMP_A0(SCMP_CMP_EQ, af));
+                                if (r < 0)
+                                        goto finish;
+                        }
+                }
+
+        } else {
+                void *af;
+
+                /* If this is a blacklist, then generate one rule for
+                 * each address family that are then combined in OR
+                 * checks. */
+
+                SET_FOREACH(af, c->address_families, i) {
+
+                        r = seccomp_rule_add(
+                                        seccomp,
+                                        SCMP_ACT_ERRNO(EPROTONOSUPPORT),
+                                        SCMP_SYS(socket),
+                                        1,
+                                        SCMP_A0(SCMP_CMP_EQ, PTR_TO_INT(af)));
+                        if (r < 0)
+                                goto finish;
+                }
+        }
+
+        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+        if (r < 0)
+                goto finish;
+
+        r = seccomp_load(seccomp);
+
+finish:
+        seccomp_release(seccomp);
+        return r;
+}
+
+#endif
+
+static void do_idle_pipe_dance(int idle_pipe[4]) {
+        assert(idle_pipe);
+
+
+        idle_pipe[1] = safe_close(idle_pipe[1]);
+        idle_pipe[2] = safe_close(idle_pipe[2]);
+
+        if (idle_pipe[0] >= 0) {
+                int r;
+
+                r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
+
+                if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
+                        ssize_t n;
+
+                        /* Signal systemd that we are bored and want to continue. */
+                        n = write(idle_pipe[3], "x", 1);
+                        if (n > 0)
+                                /* Wait for systemd to react to the signal above. */
+                                fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
+                }
+
+                idle_pipe[0] = safe_close(idle_pipe[0]);
+
+        }
+
+        idle_pipe[3] = safe_close(idle_pipe[3]);
+}
+
+static int build_environment(
+                const ExecContext *c,
+                const ExecParameters *p,
+                unsigned n_fds,
+                const char *home,
+                const char *username,
+                const char *shell,
+                char ***ret) {
+
+        _cleanup_strv_free_ char **our_env = NULL;
+        unsigned n_env = 0;
+        char *x;
+
+        assert(c);
+        assert(ret);
+
+        our_env = new0(char*, 11);
+        if (!our_env)
+                return -ENOMEM;
+
+        if (n_fds > 0) {
+                _cleanup_free_ char *joined = NULL;
+
+                if (asprintf(&x, "LISTEN_PID="PID_FMT, getpid()) < 0)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+
+                if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+
+                joined = strv_join(p->fd_names, ":");
+                if (!joined)
+                        return -ENOMEM;
+
+                x = strjoin("LISTEN_FDNAMES=", joined, NULL);
+                if (!x)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+        }
+
+        if (p->watchdog_usec > 0) {
+                if (asprintf(&x, "WATCHDOG_PID="PID_FMT, getpid()) < 0)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+
+                if (asprintf(&x, "WATCHDOG_USEC="USEC_FMT, p->watchdog_usec) < 0)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+        }
+
+        if (home) {
+                x = strappend("HOME=", home);
+                if (!x)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+        }
+
+        if (username) {
+                x = strappend("LOGNAME=", username);
+                if (!x)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+
+                x = strappend("USER=", username);
+                if (!x)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+        }
+
+        if (shell) {
+                x = strappend("SHELL=", shell);
+                if (!x)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+        }
+
+        if (is_terminal_input(c->std_input) ||
+            c->std_output == EXEC_OUTPUT_TTY ||
+            c->std_error == EXEC_OUTPUT_TTY ||
+            c->tty_path) {
+
+                x = strdup(default_term_for_tty(exec_context_tty_path(c)));
+                if (!x)
+                        return -ENOMEM;
+                our_env[n_env++] = x;
+        }
+
+        our_env[n_env++] = NULL;
+        assert(n_env <= 11);
+
+        *ret = our_env;
+        our_env = NULL;
+
+        return 0;
+}
+
+static int build_pass_environment(const ExecContext *c, char ***ret) {
+        _cleanup_strv_free_ char **pass_env = NULL;
+        size_t n_env = 0, n_bufsize = 0;
+        char **i;
+
+        STRV_FOREACH(i, c->pass_environment) {
+                _cleanup_free_ char *x = NULL;
+                char *v;
+
+                v = getenv(*i);
+                if (!v)
+                        continue;
+                x = strjoin(*i, "=", v, NULL);
+                if (!x)
+                        return -ENOMEM;
+                if (!GREEDY_REALLOC(pass_env, n_bufsize, n_env + 2))
+                        return -ENOMEM;
+                pass_env[n_env++] = x;
+                pass_env[n_env] = NULL;
+                x = NULL;
+        }
+
+        *ret = pass_env;
+        pass_env = NULL;
+
+        return 0;
+}
+
+static bool exec_needs_mount_namespace(
+                const ExecContext *context,
+                const ExecParameters *params,
+                ExecRuntime *runtime) {
+
+        assert(context);
+        assert(params);
+
+        if (!strv_isempty(context->read_write_dirs) ||
+            !strv_isempty(context->read_only_dirs) ||
+            !strv_isempty(context->inaccessible_dirs))
+                return true;
+
+        if (context->mount_flags != 0)
+                return true;
+
+        if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
+                return true;
+
+        if (context->private_devices ||
+            context->protect_system != PROTECT_SYSTEM_NO ||
+            context->protect_home != PROTECT_HOME_NO)
+                return true;
+
+        return false;
+}
+
+static int close_remaining_fds(
+                const ExecParameters *params,
+                ExecRuntime *runtime,
+                int socket_fd,
+                int *fds, unsigned n_fds) {
+
+        unsigned n_dont_close = 0;
+        int dont_close[n_fds + 7];
+
+        assert(params);
+
+        if (params->stdin_fd >= 0)
+                dont_close[n_dont_close++] = params->stdin_fd;
+        if (params->stdout_fd >= 0)
+                dont_close[n_dont_close++] = params->stdout_fd;
+        if (params->stderr_fd >= 0)
+                dont_close[n_dont_close++] = params->stderr_fd;
+
+        if (socket_fd >= 0)
+                dont_close[n_dont_close++] = socket_fd;
+        if (n_fds > 0) {
+                memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
+                n_dont_close += n_fds;
+        }
+
+        if (runtime) {
+                if (runtime->netns_storage_socket[0] >= 0)
+                        dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
+                if (runtime->netns_storage_socket[1] >= 0)
+                        dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
+        }
+
+        return close_all_fds(dont_close, n_dont_close);
+}
+
+static int exec_child(
+                Unit *unit,
+                ExecCommand *command,
+                const ExecContext *context,
+                const ExecParameters *params,
+                ExecRuntime *runtime,
+                char **argv,
+                int socket_fd,
+                int *fds, unsigned n_fds,
+                char **files_env,
+                int *exit_status) {
+
+        _cleanup_strv_free_ char **our_env = NULL, **pass_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
+        _cleanup_free_ char *mac_selinux_context_net = NULL;
+        const char *username = NULL, *home = NULL, *shell = NULL, *wd;
+        uid_t uid = UID_INVALID;
+        gid_t gid = GID_INVALID;
+        int i, r;
+        bool needs_mount_namespace;
+
+        assert(unit);
+        assert(command);
+        assert(context);
+        assert(params);
+        assert(exit_status);
+
+        rename_process_from_path(command->path);
+
+        /* We reset exactly these signals, since they are the
+         * only ones we set to SIG_IGN in the main daemon. All
+         * others we leave untouched because we set them to
+         * SIG_DFL or a valid handler initially, both of which
+         * will be demoted to SIG_DFL. */
+        (void) default_signals(SIGNALS_CRASH_HANDLER,
+                               SIGNALS_IGNORE, -1);
+
+        if (context->ignore_sigpipe)
+                (void) ignore_signals(SIGPIPE, -1);
+
+        r = reset_signal_mask();
+        if (r < 0) {
+                *exit_status = EXIT_SIGNAL_MASK;
+                return r;
+        }
+
+        if (params->idle_pipe)
+                do_idle_pipe_dance(params->idle_pipe);
+
+        /* Close sockets very early to make sure we don't
+         * block init reexecution because it cannot bind its
+         * sockets */
+
+        log_forget_fds();
+
+        r = close_remaining_fds(params, runtime, socket_fd, fds, n_fds);
+        if (r < 0) {
+                *exit_status = EXIT_FDS;
+                return r;
+        }
+
+        if (!context->same_pgrp)
+                if (setsid() < 0) {
+                        *exit_status = EXIT_SETSID;
+                        return -errno;
+                }
+
+        exec_context_tty_reset(context, params);
+
+        if (params->confirm_spawn) {
+                char response;
+
+                r = ask_for_confirmation(&response, argv);
+                if (r == -ETIMEDOUT)
+                        write_confirm_message("Confirmation question timed out, assuming positive response.\n");
+                else if (r < 0)
+                        write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-r));
+                else if (response == 's') {
+                        write_confirm_message("Skipping execution.\n");
+                        *exit_status = EXIT_CONFIRM;
+                        return -ECANCELED;
+                } else if (response == 'n') {
+                        write_confirm_message("Failing execution.\n");
+                        *exit_status = 0;
+                        return 0;
+                }
+        }
+
+        if (context->user) {
+                username = context->user;
+                r = get_user_creds(&username, &uid, &gid, &home, &shell);
+                if (r < 0) {
+                        *exit_status = EXIT_USER;
+                        return r;
+                }
+        }
+
+        if (context->group) {
+                const char *g = context->group;
+
+                r = get_group_creds(&g, &gid);
+                if (r < 0) {
+                        *exit_status = EXIT_GROUP;
+                        return r;
+                }
+        }
+
+
+        /* If a socket is connected to STDIN/STDOUT/STDERR, we
+         * must sure to drop O_NONBLOCK */
+        if (socket_fd >= 0)
+                (void) fd_nonblock(socket_fd, false);
+
+        r = setup_input(context, params, socket_fd);
+        if (r < 0) {
+                *exit_status = EXIT_STDIN;
+                return r;
+        }
+
+        r = setup_output(unit, context, params, STDOUT_FILENO, socket_fd, basename(command->path), uid, gid);
+        if (r < 0) {
+                *exit_status = EXIT_STDOUT;
+                return r;
+        }
+
+        r = setup_output(unit, context, params, STDERR_FILENO, socket_fd, basename(command->path), uid, gid);
+        if (r < 0) {
+                *exit_status = EXIT_STDERR;
+                return r;
+        }
+
+        if (params->cgroup_path) {
+                r = cg_attach_everywhere(params->cgroup_supported, params->cgroup_path, 0, NULL, NULL);
+                if (r < 0) {
+                        *exit_status = EXIT_CGROUP;
+                        return r;
+                }
+        }
+
+        if (context->oom_score_adjust_set) {
+                char t[DECIMAL_STR_MAX(context->oom_score_adjust)];
+
+                /* When we can't make this change due to EPERM, then
+                 * let's silently skip over it. User namespaces
+                 * prohibit write access to this file, and we
+                 * shouldn't trip up over that. */
+
+                sprintf(t, "%i", context->oom_score_adjust);
+                r = write_string_file("/proc/self/oom_score_adj", t, 0);
+                if (r == -EPERM || r == -EACCES) {
+                        log_open();
+                        log_unit_debug_errno(unit, r, "Failed to adjust OOM setting, assuming containerized execution, ignoring: %m");
+                        log_close();
+                } else if (r < 0) {
+                        *exit_status = EXIT_OOM_ADJUST;
+                        return -errno;
+                }
+        }
+
+        if (context->nice_set)
+                if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
+                        *exit_status = EXIT_NICE;
+                        return -errno;
+                }
+
+        if (context->cpu_sched_set) {
+                struct sched_param param = {
+                        .sched_priority = context->cpu_sched_priority,
+                };
+
+                r = sched_setscheduler(0,
+                                       context->cpu_sched_policy |
+                                       (context->cpu_sched_reset_on_fork ?
+                                        SCHED_RESET_ON_FORK : 0),
+                                       &param);
+                if (r < 0) {
+                        *exit_status = EXIT_SETSCHEDULER;
+                        return -errno;
+                }
+        }
+
+        if (context->cpuset)
+                if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
+                        *exit_status = EXIT_CPUAFFINITY;
+                        return -errno;
+                }
+
+        if (context->ioprio_set)
+                if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
+                        *exit_status = EXIT_IOPRIO;
+                        return -errno;
+                }
+
+        if (context->timer_slack_nsec != NSEC_INFINITY)
+                if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
+                        *exit_status = EXIT_TIMERSLACK;
+                        return -errno;
+                }
+
+        if (context->personality != PERSONALITY_INVALID)
+                if (personality(context->personality) < 0) {
+                        *exit_status = EXIT_PERSONALITY;
+                        return -errno;
+                }
+
+        if (context->utmp_id)
+                utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path,
+                                      context->utmp_mode == EXEC_UTMP_INIT  ? INIT_PROCESS :
+                                      context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS :
+                                      USER_PROCESS,
+                                      username ? "root" : context->user);
+
+        if (context->user && is_terminal_input(context->std_input)) {
+                r = chown_terminal(STDIN_FILENO, uid);
+                if (r < 0) {
+                        *exit_status = EXIT_STDIN;
+                        return r;
+                }
+        }
+
+        /* If delegation is enabled we'll pass ownership of the cgroup
+         * (but only in systemd's own controller hierarchy!) to the
+         * user of the new process. */
+        if (params->cgroup_path && context->user && params->cgroup_delegate) {
+                r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid);
+                if (r < 0) {
+                        *exit_status = EXIT_CGROUP;
+                        return r;
+                }
+
+
+                r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0755, uid, gid);
+                if (r < 0) {
+                        *exit_status = EXIT_CGROUP;
+                        return r;
+                }
+        }
+
+        if (!strv_isempty(context->runtime_directory) && params->runtime_prefix) {
+                char **rt;
+
+                STRV_FOREACH(rt, context->runtime_directory) {
+                        _cleanup_free_ char *p;
+
+                        p = strjoin(params->runtime_prefix, "/", *rt, NULL);
+                        if (!p) {
+                                *exit_status = EXIT_RUNTIME_DIRECTORY;
+                                return -ENOMEM;
+                        }
+
+                        r = mkdir_p_label(p, context->runtime_directory_mode);
+                        if (r < 0) {
+                                *exit_status = EXIT_RUNTIME_DIRECTORY;
+                                return r;
+                        }
+
+                        r = chmod_and_chown(p, context->runtime_directory_mode, uid, gid);
+                        if (r < 0) {
+                                *exit_status = EXIT_RUNTIME_DIRECTORY;
+                                return r;
+                        }
+                }
+        }
+
+        umask(context->umask);
+
+        if (params->apply_permissions) {
+                r = enforce_groups(context, username, gid);
+                if (r < 0) {
+                        *exit_status = EXIT_GROUP;
+                        return r;
+                }
+#ifdef HAVE_SMACK
+                if (context->smack_process_label) {
+                        r = mac_smack_apply_pid(0, context->smack_process_label);
+                        if (r < 0) {
+                                *exit_status = EXIT_SMACK_PROCESS_LABEL;
+                                return r;
+                        }
+                }
+#ifdef SMACK_DEFAULT_PROCESS_LABEL
+                else {
+                        _cleanup_free_ char *exec_label = NULL;
+
+                        r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label);
+                        if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) {
+                                *exit_status = EXIT_SMACK_PROCESS_LABEL;
+                                return r;
+                        }
+
+                        r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL);
+                        if (r < 0) {
+                                *exit_status = EXIT_SMACK_PROCESS_LABEL;
+                                return r;
+                        }
+                }
+#endif
+#endif
+#ifdef HAVE_PAM
+                if (context->pam_name && username) {
+                        r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
+                        if (r < 0) {
+                                *exit_status = EXIT_PAM;
+                                return r;
+                        }
+                }
+#endif
+        }
+
+        if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
+                r = setup_netns(runtime->netns_storage_socket);
+                if (r < 0) {
+                        *exit_status = EXIT_NETWORK;
+                        return r;
+                }
+        }
+
+        needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
+
+        if (needs_mount_namespace) {
+                char *tmp = NULL, *var = NULL;
+
+                /* The runtime struct only contains the parent
+                 * of the private /tmp, which is
+                 * non-accessible to world users. Inside of it
+                 * there's a /tmp that is sticky, and that's
+                 * the one we want to use here. */
+
+                if (context->private_tmp && runtime) {
+                        if (runtime->tmp_dir)
+                                tmp = strjoina(runtime->tmp_dir, "/tmp");
+                        if (runtime->var_tmp_dir)
+                                var = strjoina(runtime->var_tmp_dir, "/tmp");
+                }
+
+                r = setup_namespace(
+                                params->apply_chroot ? context->root_directory : NULL,
+                                context->read_write_dirs,
+                                context->read_only_dirs,
+                                context->inaccessible_dirs,
+                                tmp,
+                                var,
+                                context->private_devices,
+                                context->protect_home,
+                                context->protect_system,
+                                context->mount_flags);
+
+                /* If we couldn't set up the namespace this is
+                 * probably due to a missing capability. In this case,
+                 * silently proceeed. */
+                if (r == -EPERM || r == -EACCES) {
+                        log_open();
+                        log_unit_debug_errno(unit, r, "Failed to set up namespace, assuming containerized execution, ignoring: %m");
+                        log_close();
+                } else if (r < 0) {
+                        *exit_status = EXIT_NAMESPACE;
+                        return r;
+                }
+        }
+
+        if (context->working_directory_home)
+                wd = home;
+        else if (context->working_directory)
+                wd = context->working_directory;
+        else
+                wd = "/";
+
+        if (params->apply_chroot) {
+                if (!needs_mount_namespace && context->root_directory)
+                        if (chroot(context->root_directory) < 0) {
+                                *exit_status = EXIT_CHROOT;
+                                return -errno;
+                        }
+
+                if (chdir(wd) < 0 &&
+                    !context->working_directory_missing_ok) {
+                        *exit_status = EXIT_CHDIR;
+                        return -errno;
+                }
+        } else {
+                const char *d;
+
+                d = strjoina(strempty(context->root_directory), "/", strempty(wd));
+                if (chdir(d) < 0 &&
+                    !context->working_directory_missing_ok) {
+                        *exit_status = EXIT_CHDIR;
+                        return -errno;
+                }
+        }
+
+#ifdef HAVE_SELINUX
+        if (params->apply_permissions && mac_selinux_use() && params->selinux_context_net && socket_fd >= 0) {
+                r = mac_selinux_get_child_mls_label(socket_fd, command->path, context->selinux_context, &mac_selinux_context_net);
+                if (r < 0) {
+                        *exit_status = EXIT_SELINUX_CONTEXT;
+                        return r;
+                }
+        }
+#endif
+
+        /* We repeat the fd closing here, to make sure that
+         * nothing is leaked from the PAM modules. Note that
+         * we are more aggressive this time since socket_fd
+         * and the netns fds we don't need anymore. The custom
+         * endpoint fd was needed to upload the policy and can
+         * now be closed as well. */
+        r = close_all_fds(fds, n_fds);
+        if (r >= 0)
+                r = shift_fds(fds, n_fds);
+        if (r >= 0)
+                r = flags_fds(fds, n_fds, context->non_blocking);
+        if (r < 0) {
+                *exit_status = EXIT_FDS;
+                return r;
+        }
+
+        if (params->apply_permissions) {
+
+                bool use_address_families = context->address_families_whitelist ||
+                        !set_isempty(context->address_families);
+                bool use_syscall_filter = context->syscall_whitelist ||
+                        !set_isempty(context->syscall_filter) ||
+                        !set_isempty(context->syscall_archs);
+                int secure_bits = context->secure_bits;
+
+                for (i = 0; i < _RLIMIT_MAX; i++) {
+                        if (!context->rlimit[i])
+                                continue;
+
+                        if (setrlimit_closest(i, context->rlimit[i]) < 0) {
+                                *exit_status = EXIT_LIMITS;
+                                return -errno;
+                        }
+                }
+
+                if (!cap_test_all(context->capability_bounding_set)) {
+                        r = capability_bounding_set_drop(context->capability_bounding_set, false);
+                        if (r < 0) {
+                                *exit_status = EXIT_CAPABILITIES;
+                                return r;
+                        }
+                }
+
+                /* This is done before enforce_user, but ambient set
+                 * does not survive over setresuid() if keep_caps is not set. */
+                if (context->capability_ambient_set != 0) {
+                        r = capability_ambient_set_apply(context->capability_ambient_set, true);
+                        if (r < 0) {
+                                *exit_status = EXIT_CAPABILITIES;
+                                return r;
+                        }
+                }
+
+                if (context->user) {
+                        r = enforce_user(context, uid);
+                        if (r < 0) {
+                                *exit_status = EXIT_USER;
+                                return r;
+                        }
+                        if (context->capability_ambient_set != 0) {
+
+                                /* Fix the ambient capabilities after user change. */
+                                r = capability_ambient_set_apply(context->capability_ambient_set, false);
+                                if (r < 0) {
+                                        *exit_status = EXIT_CAPABILITIES;
+                                        return r;
+                                }
+
+                                /* If we were asked to change user and ambient capabilities
+                                 * were requested, we had to add keep-caps to the securebits
+                                 * so that we would maintain the inherited capability set
+                                 * through the setresuid(). Make sure that the bit is added
+                                 * also to the context secure_bits so that we don't try to
+                                 * drop the bit away next. */
+
+                                secure_bits |= 1<<SECURE_KEEP_CAPS;
+                        }
+                }
+
+                /* PR_GET_SECUREBITS is not privileged, while
+                 * PR_SET_SECUREBITS is. So to suppress
+                 * potential EPERMs we'll try not to call
+                 * PR_SET_SECUREBITS unless necessary. */
+                if (prctl(PR_GET_SECUREBITS) != secure_bits)
+                        if (prctl(PR_SET_SECUREBITS, secure_bits) < 0) {
+                                *exit_status = EXIT_SECUREBITS;
+                                return -errno;
+                        }
+
+                if (context->no_new_privileges ||
+                    (!have_effective_cap(CAP_SYS_ADMIN) && (use_address_families || use_syscall_filter)))
+                        if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+                                *exit_status = EXIT_NO_NEW_PRIVILEGES;
+                                return -errno;
+                        }
+
+#ifdef HAVE_SECCOMP
+                if (use_address_families) {
+                        r = apply_address_families(context);
+                        if (r < 0) {
+                                *exit_status = EXIT_ADDRESS_FAMILIES;
+                                return r;
+                        }
+                }
+
+                if (use_syscall_filter) {
+                        r = apply_seccomp(context);
+                        if (r < 0) {
+                                *exit_status = EXIT_SECCOMP;
+                                return r;
+                        }
+                }
+#endif
+
+#ifdef HAVE_SELINUX
+                if (mac_selinux_use()) {
+                        char *exec_context = mac_selinux_context_net ?: context->selinux_context;
+
+                        if (exec_context) {
+                                r = setexeccon(exec_context);
+                                if (r < 0) {
+                                        *exit_status = EXIT_SELINUX_CONTEXT;
+                                        return r;
+                                }
+                        }
+                }
+#endif
+
+#ifdef HAVE_APPARMOR
+                if (context->apparmor_profile && mac_apparmor_use()) {
+                        r = aa_change_onexec(context->apparmor_profile);
+                        if (r < 0 && !context->apparmor_profile_ignore) {
+                                *exit_status = EXIT_APPARMOR_PROFILE;
+                                return -errno;
+                        }
+                }
+#endif
+        }
+
+        r = build_environment(context, params, n_fds, home, username, shell, &our_env);
+        if (r < 0) {
+                *exit_status = EXIT_MEMORY;
+                return r;
+        }
+
+        r = build_pass_environment(context, &pass_env);
+        if (r < 0) {
+                *exit_status = EXIT_MEMORY;
+                return r;
+        }
+
+        final_env = strv_env_merge(6,
+                                   params->environment,
+                                   our_env,
+                                   pass_env,
+                                   context->environment,
+                                   files_env,
+                                   pam_env,
+                                   NULL);
+        if (!final_env) {
+                *exit_status = EXIT_MEMORY;
+                return -ENOMEM;
+        }
+
+        final_argv = replace_env_argv(argv, final_env);
+        if (!final_argv) {
+                *exit_status = EXIT_MEMORY;
+                return -ENOMEM;
+        }
+
+        final_env = strv_env_clean(final_env);
+
+        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
+                _cleanup_free_ char *line;
+
+                line = exec_command_line(final_argv);
+                if (line) {
+                        log_open();
+                        log_struct(LOG_DEBUG,
+                                   LOG_UNIT_ID(unit),
+                                   "EXECUTABLE=%s", command->path,
+                                   LOG_UNIT_MESSAGE(unit, "Executing: %s", line),
+                                   NULL);
+                        log_close();
+                }
+        }
+
+        execve(command->path, final_argv, final_env);
+        *exit_status = EXIT_EXEC;
+        return -errno;
+}
+
+int exec_spawn(Unit *unit,
+               ExecCommand *command,
+               const ExecContext *context,
+               const ExecParameters *params,
+               ExecRuntime *runtime,
+               pid_t *ret) {
+
+        _cleanup_strv_free_ char **files_env = NULL;
+        int *fds = NULL; unsigned n_fds = 0;
+        _cleanup_free_ char *line = NULL;
+        int socket_fd, r;
+        char **argv;
+        pid_t pid;
+
+        assert(unit);
+        assert(command);
+        assert(context);
+        assert(ret);
+        assert(params);
+        assert(params->fds || params->n_fds <= 0);
+
+        if (context->std_input == EXEC_INPUT_SOCKET ||
+            context->std_output == EXEC_OUTPUT_SOCKET ||
+            context->std_error == EXEC_OUTPUT_SOCKET) {
+
+                if (params->n_fds != 1) {
+                        log_unit_error(unit, "Got more than one socket.");
+                        return -EINVAL;
+                }
+
+                socket_fd = params->fds[0];
+        } else {
+                socket_fd = -1;
+                fds = params->fds;
+                n_fds = params->n_fds;
+        }
+
+        r = exec_context_load_environment(unit, context, &files_env);
+        if (r < 0)
+                return log_unit_error_errno(unit, r, "Failed to load environment files: %m");
+
+        argv = params->argv ?: command->argv;
+        line = exec_command_line(argv);
+        if (!line)
+                return log_oom();
+
+        log_struct(LOG_DEBUG,
+                   LOG_UNIT_ID(unit),
+                   LOG_UNIT_MESSAGE(unit, "About to execute: %s", line),
+                   "EXECUTABLE=%s", command->path,
+                   NULL);
+        pid = fork();
+        if (pid < 0)
+                return log_unit_error_errno(unit, errno, "Failed to fork: %m");
+
+        if (pid == 0) {
+                int exit_status;
+
+                r = exec_child(unit,
+                               command,
+                               context,
+                               params,
+                               runtime,
+                               argv,
+                               socket_fd,
+                               fds, n_fds,
+                               files_env,
+                               &exit_status);
+                if (r < 0) {
+                        log_open();
+                        log_struct_errno(LOG_ERR, r,
+                                         LOG_MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
+                                         LOG_UNIT_ID(unit),
+                                         LOG_UNIT_MESSAGE(unit, "Failed at step %s spawning %s: %m",
+                                                          exit_status_to_string(exit_status, EXIT_STATUS_SYSTEMD),
+                                                          command->path),
+                                         "EXECUTABLE=%s", command->path,
+                                         NULL);
+                }
+
+                _exit(exit_status);
+        }
+
+        log_unit_debug(unit, "Forked %s as "PID_FMT, command->path, pid);
+
+        /* We add the new process to the cgroup both in the child (so
+         * that we can be sure that no user code is ever executed
+         * outside of the cgroup) and in the parent (so that we can be
+         * sure that when we kill the cgroup the process will be
+         * killed too). */
+        if (params->cgroup_path)
+                (void) cg_attach(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, pid);
+
+        exec_status_start(&command->exec_status, pid);
+
+        *ret = pid;
+        return 0;
+}
+
+void exec_context_init(ExecContext *c) {
+        assert(c);
+
+        c->umask = 0022;
+        c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
+        c->cpu_sched_policy = SCHED_OTHER;
+        c->syslog_priority = LOG_DAEMON|LOG_INFO;
+        c->syslog_level_prefix = true;
+        c->ignore_sigpipe = true;
+        c->timer_slack_nsec = NSEC_INFINITY;
+        c->personality = PERSONALITY_INVALID;
+        c->runtime_directory_mode = 0755;
+        c->capability_bounding_set = CAP_ALL;
+}
+
+void exec_context_done(ExecContext *c) {
+        unsigned l;
+
+        assert(c);
+
+        c->environment = strv_free(c->environment);
+        c->environment_files = strv_free(c->environment_files);
+        c->pass_environment = strv_free(c->pass_environment);
+
+        for (l = 0; l < ELEMENTSOF(c->rlimit); l++)
+                c->rlimit[l] = mfree(c->rlimit[l]);
+
+        c->working_directory = mfree(c->working_directory);
+        c->root_directory = mfree(c->root_directory);
+        c->tty_path = mfree(c->tty_path);
+        c->syslog_identifier = mfree(c->syslog_identifier);
+        c->user = mfree(c->user);
+        c->group = mfree(c->group);
+
+        c->supplementary_groups = strv_free(c->supplementary_groups);
+
+        c->pam_name = mfree(c->pam_name);
+
+        c->read_only_dirs = strv_free(c->read_only_dirs);
+        c->read_write_dirs = strv_free(c->read_write_dirs);
+        c->inaccessible_dirs = strv_free(c->inaccessible_dirs);
+
+        if (c->cpuset)
+                CPU_FREE(c->cpuset);
+
+        c->utmp_id = mfree(c->utmp_id);
+        c->selinux_context = mfree(c->selinux_context);
+        c->apparmor_profile = mfree(c->apparmor_profile);
+
+        c->syscall_filter = set_free(c->syscall_filter);
+        c->syscall_archs = set_free(c->syscall_archs);
+        c->address_families = set_free(c->address_families);
+
+        c->runtime_directory = strv_free(c->runtime_directory);
+}
+
+int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_prefix) {
+        char **i;
+
+        assert(c);
+
+        if (!runtime_prefix)
+                return 0;
+
+        STRV_FOREACH(i, c->runtime_directory) {
+                _cleanup_free_ char *p;
+
+                p = strjoin(runtime_prefix, "/", *i, NULL);
+                if (!p)
+                        return -ENOMEM;
+
+                /* We execute this synchronously, since we need to be
+                 * sure this is gone when we start the service
+                 * next. */
+                (void) rm_rf(p, REMOVE_ROOT);
+        }
+
+        return 0;
+}
+
+void exec_command_done(ExecCommand *c) {
+        assert(c);
+
+        c->path = mfree(c->path);
+
+        c->argv = strv_free(c->argv);
+}
+
+void exec_command_done_array(ExecCommand *c, unsigned n) {
+        unsigned i;
+
+        for (i = 0; i < n; i++)
+                exec_command_done(c+i);
+}
+
+ExecCommand* exec_command_free_list(ExecCommand *c) {
+        ExecCommand *i;
+
+        while ((i = c)) {
+                LIST_REMOVE(command, c, i);
+                exec_command_done(i);
+                free(i);
+        }
+
+        return NULL;
+}
+
+void exec_command_free_array(ExecCommand **c, unsigned n) {
+        unsigned i;
+
+        for (i = 0; i < n; i++)
+                c[i] = exec_command_free_list(c[i]);
+}
+
+typedef struct InvalidEnvInfo {
+        Unit *unit;
+        const char *path;
+} InvalidEnvInfo;
+
+static void invalid_env(const char *p, void *userdata) {
+        InvalidEnvInfo *info = userdata;
+
+        log_unit_error(info->unit, "Ignoring invalid environment assignment '%s': %s", p, info->path);
+}
+
+int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l) {
+        char **i, **r = NULL;
+
+        assert(c);
+        assert(l);
+
+        STRV_FOREACH(i, c->environment_files) {
+                char *fn;
+                int k;
+                bool ignore = false;
+                char **p;
+                _cleanup_globfree_ glob_t pglob = {};
+                int count, n;
+
+                fn = *i;
+
+                if (fn[0] == '-') {
+                        ignore = true;
+                        fn++;
+                }
+
+                if (!path_is_absolute(fn)) {
+                        if (ignore)
+                                continue;
+
+                        strv_free(r);
+                        return -EINVAL;
+                }
+
+                /* Filename supports globbing, take all matching files */
+                errno = 0;
+                if (glob(fn, 0, NULL, &pglob) != 0) {
+                        if (ignore)
+                                continue;
+
+                        strv_free(r);
+                        return errno > 0 ? -errno : -EINVAL;
+                }
+                count = pglob.gl_pathc;
+                if (count == 0) {
+                        if (ignore)
+                                continue;
+
+                        strv_free(r);
+                        return -EINVAL;
+                }
+                for (n = 0; n < count; n++) {
+                        k = load_env_file(NULL, pglob.gl_pathv[n], NULL, &p);
+                        if (k < 0) {
+                                if (ignore)
+                                        continue;
+
+                                strv_free(r);
+                                return k;
+                        }
+                        /* Log invalid environment variables with filename */
+                        if (p) {
+                                InvalidEnvInfo info = {
+                                        .unit = unit,
+                                        .path = pglob.gl_pathv[n]
+                                };
+
+                                p = strv_env_clean_with_callback(p, invalid_env, &info);
+                        }
+
+                        if (r == NULL)
+                                r = p;
+                        else {
+                                char **m;
+
+                                m = strv_env_merge(2, r, p);
+                                strv_free(r);
+                                strv_free(p);
+                                if (!m)
+                                        return -ENOMEM;
+
+                                r = m;
+                        }
+                }
+        }
+
+        *l = r;
+
+        return 0;
+}
+
+static bool tty_may_match_dev_console(const char *tty) {
+        _cleanup_free_ char *active = NULL;
+        char *console;
+
+        if (!tty)
+                return true;
+
+        if (startswith(tty, "/dev/"))
+                tty += 5;
+
+        /* trivial identity? */
+        if (streq(tty, "console"))
+                return true;
+
+        console = resolve_dev_console(&active);
+        /* if we could not resolve, assume it may */
+        if (!console)
+                return true;
+
+        /* "tty0" means the active VC, so it may be the same sometimes */
+        return streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
+}
+
+bool exec_context_may_touch_console(ExecContext *ec) {
+
+        return (ec->tty_reset ||
+                ec->tty_vhangup ||
+                ec->tty_vt_disallocate ||
+                is_terminal_input(ec->std_input) ||
+                is_terminal_output(ec->std_output) ||
+                is_terminal_output(ec->std_error)) &&
+               tty_may_match_dev_console(exec_context_tty_path(ec));
+}
+
+static void strv_fprintf(FILE *f, char **l) {
+        char **g;
+
+        assert(f);
+
+        STRV_FOREACH(g, l)
+                fprintf(f, " %s", *g);
+}
+
+void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
+        char **e, **d;
+        unsigned i;
+
+        assert(c);
+        assert(f);
+
+        prefix = strempty(prefix);
+
+        fprintf(f,
+                "%sUMask: %04o\n"
+                "%sWorkingDirectory: %s\n"
+                "%sRootDirectory: %s\n"
+                "%sNonBlocking: %s\n"
+                "%sPrivateTmp: %s\n"
+                "%sPrivateNetwork: %s\n"
+                "%sPrivateDevices: %s\n"
+                "%sProtectHome: %s\n"
+                "%sProtectSystem: %s\n"
+                "%sIgnoreSIGPIPE: %s\n",
+                prefix, c->umask,
+                prefix, c->working_directory ? c->working_directory : "/",
+                prefix, c->root_directory ? c->root_directory : "/",
+                prefix, yes_no(c->non_blocking),
+                prefix, yes_no(c->private_tmp),
+                prefix, yes_no(c->private_network),
+                prefix, yes_no(c->private_devices),
+                prefix, protect_home_to_string(c->protect_home),
+                prefix, protect_system_to_string(c->protect_system),
+                prefix, yes_no(c->ignore_sigpipe));
+
+        STRV_FOREACH(e, c->environment)
+                fprintf(f, "%sEnvironment: %s\n", prefix, *e);
+
+        STRV_FOREACH(e, c->environment_files)
+                fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
+
+        STRV_FOREACH(e, c->pass_environment)
+                fprintf(f, "%sPassEnvironment: %s\n", prefix, *e);
+
+        fprintf(f, "%sRuntimeDirectoryMode: %04o\n", prefix, c->runtime_directory_mode);
+
+        STRV_FOREACH(d, c->runtime_directory)
+                fprintf(f, "%sRuntimeDirectory: %s\n", prefix, *d);
+
+        if (c->nice_set)
+                fprintf(f,
+                        "%sNice: %i\n",
+                        prefix, c->nice);
+
+        if (c->oom_score_adjust_set)
+                fprintf(f,
+                        "%sOOMScoreAdjust: %i\n",
+                        prefix, c->oom_score_adjust);
+
+        for (i = 0; i < RLIM_NLIMITS; i++)
+                if (c->rlimit[i]) {
+                        fprintf(f, "%s%s: " RLIM_FMT "\n",
+                                prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max);
+                        fprintf(f, "%s%sSoft: " RLIM_FMT "\n",
+                                prefix, rlimit_to_string(i), c->rlimit[i]->rlim_cur);
+                }
+
+        if (c->ioprio_set) {
+                _cleanup_free_ char *class_str = NULL;
+
+                ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
+                fprintf(f,
+                        "%sIOSchedulingClass: %s\n"
+                        "%sIOPriority: %i\n",
+                        prefix, strna(class_str),
+                        prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
+        }
+
+        if (c->cpu_sched_set) {
+                _cleanup_free_ char *policy_str = NULL;
+
+                sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
+                fprintf(f,
+                        "%sCPUSchedulingPolicy: %s\n"
+                        "%sCPUSchedulingPriority: %i\n"
+                        "%sCPUSchedulingResetOnFork: %s\n",
+                        prefix, strna(policy_str),
+                        prefix, c->cpu_sched_priority,
+                        prefix, yes_no(c->cpu_sched_reset_on_fork));
+        }
+
+        if (c->cpuset) {
+                fprintf(f, "%sCPUAffinity:", prefix);
+                for (i = 0; i < c->cpuset_ncpus; i++)
+                        if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
+                                fprintf(f, " %u", i);
+                fputs("\n", f);
+        }
+
+        if (c->timer_slack_nsec != NSEC_INFINITY)
+                fprintf(f, "%sTimerSlackNSec: "NSEC_FMT "\n", prefix, c->timer_slack_nsec);
+
+        fprintf(f,
+                "%sStandardInput: %s\n"
+                "%sStandardOutput: %s\n"
+                "%sStandardError: %s\n",
+                prefix, exec_input_to_string(c->std_input),
+                prefix, exec_output_to_string(c->std_output),
+                prefix, exec_output_to_string(c->std_error));
+
+        if (c->tty_path)
+                fprintf(f,
+                        "%sTTYPath: %s\n"
+                        "%sTTYReset: %s\n"
+                        "%sTTYVHangup: %s\n"
+                        "%sTTYVTDisallocate: %s\n",
+                        prefix, c->tty_path,
+                        prefix, yes_no(c->tty_reset),
+                        prefix, yes_no(c->tty_vhangup),
+                        prefix, yes_no(c->tty_vt_disallocate));
+
+        if (c->std_output == EXEC_OUTPUT_SYSLOG ||
+            c->std_output == EXEC_OUTPUT_KMSG ||
+            c->std_output == EXEC_OUTPUT_JOURNAL ||
+            c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
+            c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
+            c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
+            c->std_error == EXEC_OUTPUT_SYSLOG ||
+            c->std_error == EXEC_OUTPUT_KMSG ||
+            c->std_error == EXEC_OUTPUT_JOURNAL ||
+            c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
+            c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
+            c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
+
+                _cleanup_free_ char *fac_str = NULL, *lvl_str = NULL;
+
+                log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
+                log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
+
+                fprintf(f,
+                        "%sSyslogFacility: %s\n"
+                        "%sSyslogLevel: %s\n",
+                        prefix, strna(fac_str),
+                        prefix, strna(lvl_str));
+        }
+
+        if (c->secure_bits)
+                fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
+                        prefix,
+                        (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
+                        (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
+                        (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
+                        (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
+                        (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
+                        (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
+
+        if (c->capability_bounding_set != CAP_ALL) {
+                unsigned long l;
+                fprintf(f, "%sCapabilityBoundingSet:", prefix);
+
+                for (l = 0; l <= cap_last_cap(); l++)
+                        if (c->capability_bounding_set & (UINT64_C(1) << l))
+                                fprintf(f, " %s", strna(capability_to_name(l)));
+
+                fputs("\n", f);
+        }
+
+        if (c->capability_ambient_set != 0) {
+                unsigned long l;
+                fprintf(f, "%sAmbientCapabilities:", prefix);
+
+                for (l = 0; l <= cap_last_cap(); l++)
+                        if (c->capability_ambient_set & (UINT64_C(1) << l))
+                                fprintf(f, " %s", strna(capability_to_name(l)));
+
+                fputs("\n", f);
+        }
+
+        if (c->user)
+                fprintf(f, "%sUser: %s\n", prefix, c->user);
+        if (c->group)
+                fprintf(f, "%sGroup: %s\n", prefix, c->group);
+
+        if (strv_length(c->supplementary_groups) > 0) {
+                fprintf(f, "%sSupplementaryGroups:", prefix);
+                strv_fprintf(f, c->supplementary_groups);
+                fputs("\n", f);
+        }
+
+        if (c->pam_name)
+                fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
+
+        if (strv_length(c->read_write_dirs) > 0) {
+                fprintf(f, "%sReadWriteDirs:", prefix);
+                strv_fprintf(f, c->read_write_dirs);
+                fputs("\n", f);
+        }
+
+        if (strv_length(c->read_only_dirs) > 0) {
+                fprintf(f, "%sReadOnlyDirs:", prefix);
+                strv_fprintf(f, c->read_only_dirs);
+                fputs("\n", f);
+        }
+
+        if (strv_length(c->inaccessible_dirs) > 0) {
+                fprintf(f, "%sInaccessibleDirs:", prefix);
+                strv_fprintf(f, c->inaccessible_dirs);
+                fputs("\n", f);
+        }
+
+        if (c->utmp_id)
+                fprintf(f,
+                        "%sUtmpIdentifier: %s\n",
+                        prefix, c->utmp_id);
+
+        if (c->selinux_context)
+                fprintf(f,
+                        "%sSELinuxContext: %s%s\n",
+                        prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
+
+        if (c->personality != PERSONALITY_INVALID)
+                fprintf(f,
+                        "%sPersonality: %s\n",
+                        prefix, strna(personality_to_string(c->personality)));
+
+        if (c->syscall_filter) {
+#ifdef HAVE_SECCOMP
+                Iterator j;
+                void *id;
+                bool first = true;
+#endif
+
+                fprintf(f,
+                        "%sSystemCallFilter: ",
+                        prefix);
+
+                if (!c->syscall_whitelist)
+                        fputc('~', f);
+
+#ifdef HAVE_SECCOMP
+                SET_FOREACH(id, c->syscall_filter, j) {
+                        _cleanup_free_ char *name = NULL;
+
+                        if (first)
+                                first = false;
+                        else
+                                fputc(' ', f);
+
+                        name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1);
+                        fputs(strna(name), f);
+                }
+#endif
+
+                fputc('\n', f);
+        }
+
+        if (c->syscall_archs) {
+#ifdef HAVE_SECCOMP
+                Iterator j;
+                void *id;
+#endif
+
+                fprintf(f,
+                        "%sSystemCallArchitectures:",
+                        prefix);
+
+#ifdef HAVE_SECCOMP
+                SET_FOREACH(id, c->syscall_archs, j)
+                        fprintf(f, " %s", strna(seccomp_arch_to_string(PTR_TO_UINT32(id) - 1)));
+#endif
+                fputc('\n', f);
+        }
+
+        if (c->syscall_errno > 0)
+                fprintf(f,
+                        "%sSystemCallErrorNumber: %s\n",
+                        prefix, strna(errno_to_name(c->syscall_errno)));
+
+        if (c->apparmor_profile)
+                fprintf(f,
+                        "%sAppArmorProfile: %s%s\n",
+                        prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile);
+}
+
+bool exec_context_maintains_privileges(ExecContext *c) {
+        assert(c);
+
+        /* Returns true if the process forked off would run run under
+         * an unchanged UID or as root. */
+
+        if (!c->user)
+                return true;
+
+        if (streq(c->user, "root") || streq(c->user, "0"))
+                return true;
+
+        return false;
+}
+
+void exec_status_start(ExecStatus *s, pid_t pid) {
+        assert(s);
+
+        zero(*s);
+        s->pid = pid;
+        dual_timestamp_get(&s->start_timestamp);
+}
+
+void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
+        assert(s);
+
+        if (s->pid && s->pid != pid)
+                zero(*s);
+
+        s->pid = pid;
+        dual_timestamp_get(&s->exit_timestamp);
+
+        s->code = code;
+        s->status = status;
+
+        if (context) {
+                if (context->utmp_id)
+                        utmp_put_dead_process(context->utmp_id, pid, code, status);
+
+                exec_context_tty_reset(context, NULL);
+        }
+}
+
+void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
+        char buf[FORMAT_TIMESTAMP_MAX];
+
+        assert(s);
+        assert(f);
+
+        if (s->pid <= 0)
+                return;
+
+        prefix = strempty(prefix);
+
+        fprintf(f,
+                "%sPID: "PID_FMT"\n",
+                prefix, s->pid);
+
+        if (s->start_timestamp.realtime > 0)
+                fprintf(f,
+                        "%sStart Timestamp: %s\n",
+                        prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
+
+        if (s->exit_timestamp.realtime > 0)
+                fprintf(f,
+                        "%sExit Timestamp: %s\n"
+                        "%sExit Code: %s\n"
+                        "%sExit Status: %i\n",
+                        prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
+                        prefix, sigchld_code_to_string(s->code),
+                        prefix, s->status);
+}
+
+char *exec_command_line(char **argv) {
+        size_t k;
+        char *n, *p, **a;
+        bool first = true;
+
+        assert(argv);
+
+        k = 1;
+        STRV_FOREACH(a, argv)
+                k += strlen(*a)+3;
+
+        if (!(n = new(char, k)))
+                return NULL;
+
+        p = n;
+        STRV_FOREACH(a, argv) {
+
+                if (!first)
+                        *(p++) = ' ';
+                else
+                        first = false;
+
+                if (strpbrk(*a, WHITESPACE)) {
+                        *(p++) = '\'';
+                        p = stpcpy(p, *a);
+                        *(p++) = '\'';
+                } else
+                        p = stpcpy(p, *a);
+
+        }
+
+        *p = 0;
+
+        /* FIXME: this doesn't really handle arguments that have
+         * spaces and ticks in them */
+
+        return n;
+}
+
+void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
+        _cleanup_free_ char *cmd = NULL;
+        const char *prefix2;
+
+        assert(c);
+        assert(f);
+
+        prefix = strempty(prefix);
+        prefix2 = strjoina(prefix, "\t");
+
+        cmd = exec_command_line(c->argv);
+        fprintf(f,
+                "%sCommand Line: %s\n",
+                prefix, cmd ? cmd : strerror(ENOMEM));
+
+        exec_status_dump(&c->exec_status, f, prefix2);
+}
+
+void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
+        assert(f);
+
+        prefix = strempty(prefix);
+
+        LIST_FOREACH(command, c, c)
+                exec_command_dump(c, f, prefix);
+}
+
+void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
+        ExecCommand *end;
+
+        assert(l);
+        assert(e);
+
+        if (*l) {
+                /* It's kind of important, that we keep the order here */
+                LIST_FIND_TAIL(command, *l, end);
+                LIST_INSERT_AFTER(command, *l, end, e);
+        } else
+              *l = e;
+}
+
+int exec_command_set(ExecCommand *c, const char *path, ...) {
+        va_list ap;
+        char **l, *p;
+
+        assert(c);
+        assert(path);
+
+        va_start(ap, path);
+        l = strv_new_ap(path, ap);
+        va_end(ap);
+
+        if (!l)
+                return -ENOMEM;
+
+        p = strdup(path);
+        if (!p) {
+                strv_free(l);
+                return -ENOMEM;
+        }
+
+        free(c->path);
+        c->path = p;
+
+        strv_free(c->argv);
+        c->argv = l;
+
+        return 0;
+}
+
+int exec_command_append(ExecCommand *c, const char *path, ...) {
+        _cleanup_strv_free_ char **l = NULL;
+        va_list ap;
+        int r;
+
+        assert(c);
+        assert(path);
+
+        va_start(ap, path);
+        l = strv_new_ap(path, ap);
+        va_end(ap);
+
+        if (!l)
+                return -ENOMEM;
+
+        r = strv_extend_strv(&c->argv, l, false);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+
+static int exec_runtime_allocate(ExecRuntime **rt) {
+
+        if (*rt)
+                return 0;
+
+        *rt = new0(ExecRuntime, 1);
+        if (!*rt)
+                return -ENOMEM;
+
+        (*rt)->n_ref = 1;
+        (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
+
+        return 0;
+}
+
+int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
+        int r;
+
+        assert(rt);
+        assert(c);
+        assert(id);
+
+        if (*rt)
+                return 1;
+
+        if (!c->private_network && !c->private_tmp)
+                return 0;
+
+        r = exec_runtime_allocate(rt);
+        if (r < 0)
+                return r;
+
+        if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
+                if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
+                        return -errno;
+        }
+
+        if (c->private_tmp && !(*rt)->tmp_dir) {
+                r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
+                if (r < 0)
+                        return r;
+        }
+
+        return 1;
+}
+
+ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
+        assert(r);
+        assert(r->n_ref > 0);
+
+        r->n_ref++;
+        return r;
+}
+
+ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
+
+        if (!r)
+                return NULL;
+
+        assert(r->n_ref > 0);
+
+        r->n_ref--;
+        if (r->n_ref > 0)
+                return NULL;
+
+        free(r->tmp_dir);
+        free(r->var_tmp_dir);
+        safe_close_pair(r->netns_storage_socket);
+        free(r);
+
+        return NULL;
+}
+
+int exec_runtime_serialize(Unit *u, ExecRuntime *rt, FILE *f, FDSet *fds) {
+        assert(u);
+        assert(f);
+        assert(fds);
+
+        if (!rt)
+                return 0;
+
+        if (rt->tmp_dir)
+                unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
+
+        if (rt->var_tmp_dir)
+                unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
+
+        if (rt->netns_storage_socket[0] >= 0) {
+                int copy;
+
+                copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
+                if (copy < 0)
+                        return copy;
+
+                unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
+        }
+
+        if (rt->netns_storage_socket[1] >= 0) {
+                int copy;
+
+                copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
+                if (copy < 0)
+                        return copy;
+
+                unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
+        }
+
+        return 0;
+}
+
+int exec_runtime_deserialize_item(Unit *u, ExecRuntime **rt, const char *key, const char *value, FDSet *fds) {
+        int r;
+
+        assert(rt);
+        assert(key);
+        assert(value);
+
+        if (streq(key, "tmp-dir")) {
+                char *copy;
+
+                r = exec_runtime_allocate(rt);
+                if (r < 0)
+                        return log_oom();
+
+                copy = strdup(value);
+                if (!copy)
+                        return log_oom();
+
+                free((*rt)->tmp_dir);
+                (*rt)->tmp_dir = copy;
+
+        } else if (streq(key, "var-tmp-dir")) {
+                char *copy;
+
+                r = exec_runtime_allocate(rt);
+                if (r < 0)
+                        return log_oom();
+
+                copy = strdup(value);
+                if (!copy)
+                        return log_oom();
+
+                free((*rt)->var_tmp_dir);
+                (*rt)->var_tmp_dir = copy;
+
+        } else if (streq(key, "netns-socket-0")) {
+                int fd;
+
+                r = exec_runtime_allocate(rt);
+                if (r < 0)
+                        return log_oom();
+
+                if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
+                        log_unit_debug(u, "Failed to parse netns socket value: %s", value);
+                else {
+                        safe_close((*rt)->netns_storage_socket[0]);
+                        (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
+                }
+        } else if (streq(key, "netns-socket-1")) {
+                int fd;
+
+                r = exec_runtime_allocate(rt);
+                if (r < 0)
+                        return log_oom();
+
+                if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
+                        log_unit_debug(u, "Failed to parse netns socket value: %s", value);
+                else {
+                        safe_close((*rt)->netns_storage_socket[1]);
+                        (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
+                }
+        } else
+                return 0;
+
+        return 1;
+}
+
+static void *remove_tmpdir_thread(void *p) {
+        _cleanup_free_ char *path = p;
+
+        (void) rm_rf(path, REMOVE_ROOT|REMOVE_PHYSICAL);
+        return NULL;
+}
+
+void exec_runtime_destroy(ExecRuntime *rt) {
+        int r;
+
+        if (!rt)
+                return;
+
+        /* If there are multiple users of this, let's leave the stuff around */
+        if (rt->n_ref > 1)
+                return;
+
+        if (rt->tmp_dir) {
+                log_debug("Spawning thread to nuke %s", rt->tmp_dir);
+
+                r = asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
+                if (r < 0) {
+                        log_warning_errno(r, "Failed to nuke %s: %m", rt->tmp_dir);
+                        free(rt->tmp_dir);
+                }
+
+                rt->tmp_dir = NULL;
+        }
+
+        if (rt->var_tmp_dir) {
+                log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
+
+                r = asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
+                if (r < 0) {
+                        log_warning_errno(r, "Failed to nuke %s: %m", rt->var_tmp_dir);
+                        free(rt->var_tmp_dir);
+                }
+
+                rt->var_tmp_dir = NULL;
+        }
+
+        safe_close_pair(rt->netns_storage_socket);
+}
+
+static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
+        [EXEC_INPUT_NULL] = "null",
+        [EXEC_INPUT_TTY] = "tty",
+        [EXEC_INPUT_TTY_FORCE] = "tty-force",
+        [EXEC_INPUT_TTY_FAIL] = "tty-fail",
+        [EXEC_INPUT_SOCKET] = "socket"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
+
+static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
+        [EXEC_OUTPUT_INHERIT] = "inherit",
+        [EXEC_OUTPUT_NULL] = "null",
+        [EXEC_OUTPUT_TTY] = "tty",
+        [EXEC_OUTPUT_SYSLOG] = "syslog",
+        [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
+        [EXEC_OUTPUT_KMSG] = "kmsg",
+        [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
+        [EXEC_OUTPUT_JOURNAL] = "journal",
+        [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
+        [EXEC_OUTPUT_SOCKET] = "socket"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
+
+static const char* const exec_utmp_mode_table[_EXEC_UTMP_MODE_MAX] = {
+        [EXEC_UTMP_INIT] = "init",
+        [EXEC_UTMP_LOGIN] = "login",
+        [EXEC_UTMP_USER] = "user",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(exec_utmp_mode, ExecUtmpMode);
diff --git a/src/core/execute.h b/src/libcore/execute.h
index 41148bcea2..41148bcea2 100644
--- a/src/core/execute.h
+++ b/src/libcore/execute.h
diff --git a/src/core/failure-action.c b/src/libcore/failure-action.c
index ddae46190f..ddae46190f 100644
--- a/src/core/failure-action.c
+++ b/src/libcore/failure-action.c
diff --git a/src/core/failure-action.h b/src/libcore/failure-action.h
index 1adac4ad5c..1adac4ad5c 100644
--- a/src/core/failure-action.h
+++ b/src/libcore/failure-action.h
diff --git a/src/core/hostname-setup.c b/src/libcore/hostname-setup.c
index 68be52856b..68be52856b 100644
--- a/src/core/hostname-setup.c
+++ b/src/libcore/hostname-setup.c
diff --git a/src/core/hostname-setup.h b/src/libcore/hostname-setup.h
index 73e8c75c71..73e8c75c71 100644
--- a/src/core/hostname-setup.h
+++ b/src/libcore/hostname-setup.h
diff --git a/src/core/ima-setup.c b/src/libcore/ima-setup.c
index d1b0ce76ef..d1b0ce76ef 100644
--- a/src/core/ima-setup.c
+++ b/src/libcore/ima-setup.c
diff --git a/src/core/ima-setup.h b/src/libcore/ima-setup.h
index 472b58cb00..472b58cb00 100644
--- a/src/core/ima-setup.h
+++ b/src/libcore/ima-setup.h
diff --git a/src/libcore/job.c b/src/libcore/job.c
new file mode 100644
index 0000000000..42fdcb988a
--- /dev/null
+++ b/src/libcore/job.c
@@ -0,0 +1,1259 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+
+#include <systemd/sd-id128.h>
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "async.h"
+#include "dbus-job.h"
+#include "dbus.h"
+#include "escape.h"
+#include "job.h"
+#include "log.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "set.h"
+#include "special.h"
+#include "stdio-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "unit.h"
+#include "virt.h"
+
+Job* job_new_raw(Unit *unit) {
+        Job *j;
+
+        /* used for deserialization */
+
+        assert(unit);
+
+        j = new0(Job, 1);
+        if (!j)
+                return NULL;
+
+        j->manager = unit->manager;
+        j->unit = unit;
+        j->type = _JOB_TYPE_INVALID;
+
+        return j;
+}
+
+Job* job_new(Unit *unit, JobType type) {
+        Job *j;
+
+        assert(type < _JOB_TYPE_MAX);
+
+        j = job_new_raw(unit);
+        if (!j)
+                return NULL;
+
+        j->id = j->manager->current_job_id++;
+        j->type = type;
+
+        /* We don't link it here, that's what job_dependency() is for */
+
+        return j;
+}
+
+void job_free(Job *j) {
+        assert(j);
+        assert(!j->installed);
+        assert(!j->transaction_prev);
+        assert(!j->transaction_next);
+        assert(!j->subject_list);
+        assert(!j->object_list);
+
+        if (j->in_run_queue)
+                LIST_REMOVE(run_queue, j->manager->run_queue, j);
+
+        if (j->in_dbus_queue)
+                LIST_REMOVE(dbus_queue, j->manager->dbus_job_queue, j);
+
+        sd_event_source_unref(j->timer_event_source);
+
+        sd_bus_track_unref(j->clients);
+        strv_free(j->deserialized_clients);
+
+        free(j);
+}
+
+static void job_set_state(Job *j, JobState state) {
+        assert(j);
+        assert(state >= 0);
+        assert(state < _JOB_STATE_MAX);
+
+        if (j->state == state)
+                return;
+
+        j->state = state;
+
+        if (!j->installed)
+                return;
+
+        if (j->state == JOB_RUNNING)
+                j->unit->manager->n_running_jobs++;
+        else {
+                assert(j->state == JOB_WAITING);
+                assert(j->unit->manager->n_running_jobs > 0);
+
+                j->unit->manager->n_running_jobs--;
+
+                if (j->unit->manager->n_running_jobs <= 0)
+                        j->unit->manager->jobs_in_progress_event_source = sd_event_source_unref(j->unit->manager->jobs_in_progress_event_source);
+        }
+}
+
+void job_uninstall(Job *j) {
+        Job **pj;
+
+        assert(j->installed);
+
+        job_set_state(j, JOB_WAITING);
+
+        pj = (j->type == JOB_NOP) ? &j->unit->nop_job : &j->unit->job;
+        assert(*pj == j);
+
+        /* Detach from next 'bigger' objects */
+
+        /* daemon-reload should be transparent to job observers */
+        if (!MANAGER_IS_RELOADING(j->manager))
+                bus_job_send_removed_signal(j);
+
+        *pj = NULL;
+
+        unit_add_to_gc_queue(j->unit);
+
+        hashmap_remove(j->manager->jobs, UINT32_TO_PTR(j->id));
+        j->installed = false;
+}
+
+static bool job_type_allows_late_merge(JobType t) {
+        /* Tells whether it is OK to merge a job of type 't' with an already
+         * running job.
+         * Reloads cannot be merged this way. Think of the sequence:
+         * 1. Reload of a daemon is in progress; the daemon has already loaded
+         *    its config file, but hasn't completed the reload operation yet.
+         * 2. Edit foo's config file.
+         * 3. Trigger another reload to have the daemon use the new config.
+         * Should the second reload job be merged into the first one, the daemon
+         * would not know about the new config.
+         * JOB_RESTART jobs on the other hand can be merged, because they get
+         * patched into JOB_START after stopping the unit. So if we see a
+         * JOB_RESTART running, it means the unit hasn't stopped yet and at
+         * this time the merge is still allowed. */
+        return t != JOB_RELOAD;
+}
+
+static void job_merge_into_installed(Job *j, Job *other) {
+        assert(j->installed);
+        assert(j->unit == other->unit);
+
+        if (j->type != JOB_NOP)
+                job_type_merge_and_collapse(&j->type, other->type, j->unit);
+        else
+                assert(other->type == JOB_NOP);
+
+        j->irreversible = j->irreversible || other->irreversible;
+        j->ignore_order = j->ignore_order || other->ignore_order;
+}
+
+Job* job_install(Job *j) {
+        Job **pj;
+        Job *uj;
+
+        assert(!j->installed);
+        assert(j->type < _JOB_TYPE_MAX_IN_TRANSACTION);
+        assert(j->state == JOB_WAITING);
+
+        pj = (j->type == JOB_NOP) ? &j->unit->nop_job : &j->unit->job;
+        uj = *pj;
+
+        if (uj) {
+                if (job_type_is_conflicting(uj->type, j->type))
+                        job_finish_and_invalidate(uj, JOB_CANCELED, false, false);
+                else {
+                        /* not conflicting, i.e. mergeable */
+
+                        if (uj->state == JOB_WAITING ||
+                            (job_type_allows_late_merge(j->type) && job_type_is_superset(uj->type, j->type))) {
+                                job_merge_into_installed(uj, j);
+                                log_unit_debug(uj->unit,
+                                               "Merged into installed job %s/%s as %u",
+                                               uj->unit->id, job_type_to_string(uj->type), (unsigned) uj->id);
+                                return uj;
+                        } else {
+                                /* already running and not safe to merge into */
+                                /* Patch uj to become a merged job and re-run it. */
+                                /* XXX It should be safer to queue j to run after uj finishes, but it is
+                                 * not currently possible to have more than one installed job per unit. */
+                                job_merge_into_installed(uj, j);
+                                log_unit_debug(uj->unit,
+                                               "Merged into running job, re-running: %s/%s as %u",
+                                               uj->unit->id, job_type_to_string(uj->type), (unsigned) uj->id);
+
+                                job_set_state(uj, JOB_WAITING);
+                                return uj;
+                        }
+                }
+        }
+
+        /* Install the job */
+        *pj = j;
+        j->installed = true;
+
+        j->manager->n_installed_jobs++;
+        log_unit_debug(j->unit,
+                       "Installed new job %s/%s as %u",
+                       j->unit->id, job_type_to_string(j->type), (unsigned) j->id);
+        return j;
+}
+
+int job_install_deserialized(Job *j) {
+        Job **pj;
+
+        assert(!j->installed);
+
+        if (j->type < 0 || j->type >= _JOB_TYPE_MAX_IN_TRANSACTION) {
+                log_debug("Invalid job type %s in deserialization.", strna(job_type_to_string(j->type)));
+                return -EINVAL;
+        }
+
+        pj = (j->type == JOB_NOP) ? &j->unit->nop_job : &j->unit->job;
+        if (*pj) {
+                log_unit_debug(j->unit, "Unit already has a job installed. Not installing deserialized job.");
+                return -EEXIST;
+        }
+
+        *pj = j;
+        j->installed = true;
+
+        if (j->state == JOB_RUNNING)
+                j->unit->manager->n_running_jobs++;
+
+        log_unit_debug(j->unit,
+                       "Reinstalled deserialized job %s/%s as %u",
+                       j->unit->id, job_type_to_string(j->type), (unsigned) j->id);
+        return 0;
+}
+
+JobDependency* job_dependency_new(Job *subject, Job *object, bool matters, bool conflicts) {
+        JobDependency *l;
+
+        assert(object);
+
+        /* Adds a new job link, which encodes that the 'subject' job
+         * needs the 'object' job in some way. If 'subject' is NULL
+         * this means the 'anchor' job (i.e. the one the user
+         * explicitly asked for) is the requester. */
+
+        if (!(l = new0(JobDependency, 1)))
+                return NULL;
+
+        l->subject = subject;
+        l->object = object;
+        l->matters = matters;
+        l->conflicts = conflicts;
+
+        if (subject)
+                LIST_PREPEND(subject, subject->subject_list, l);
+
+        LIST_PREPEND(object, object->object_list, l);
+
+        return l;
+}
+
+void job_dependency_free(JobDependency *l) {
+        assert(l);
+
+        if (l->subject)
+                LIST_REMOVE(subject, l->subject->subject_list, l);
+
+        LIST_REMOVE(object, l->object->object_list, l);
+
+        free(l);
+}
+
+void job_dump(Job *j, FILE*f, const char *prefix) {
+        assert(j);
+        assert(f);
+
+        if (!prefix)
+                prefix = "";
+
+        fprintf(f,
+                "%s-> Job %u:\n"
+                "%s\tAction: %s -> %s\n"
+                "%s\tState: %s\n"
+                "%s\tIrreversible: %s\n",
+                prefix, j->id,
+                prefix, j->unit->id, job_type_to_string(j->type),
+                prefix, job_state_to_string(j->state),
+                prefix, yes_no(j->irreversible));
+}
+
+/*
+ * Merging is commutative, so imagine the matrix as symmetric. We store only
+ * its lower triangle to avoid duplication. We don't store the main diagonal,
+ * because A merged with A is simply A.
+ *
+ * If the resulting type is collapsed immediately afterwards (to get rid of
+ * the JOB_RELOAD_OR_START, which lies outside the lookup function's domain),
+ * the following properties hold:
+ *
+ * Merging is associative! A merged with B, and then merged with C is the same
+ * as A merged with the result of B merged with C.
+ *
+ * Mergeability is transitive! If A can be merged with B and B with C then
+ * A also with C.
+ *
+ * Also, if A merged with B cannot be merged with C, then either A or B cannot
+ * be merged with C either.
+ */
+static const JobType job_merging_table[] = {
+/* What \ With       *  JOB_START         JOB_VERIFY_ACTIVE  JOB_STOP JOB_RELOAD */
+/*********************************************************************************/
+/*JOB_START          */
+/*JOB_VERIFY_ACTIVE  */ JOB_START,
+/*JOB_STOP           */ -1,                  -1,
+/*JOB_RELOAD         */ JOB_RELOAD_OR_START, JOB_RELOAD,          -1,
+/*JOB_RESTART        */ JOB_RESTART,         JOB_RESTART,         -1, JOB_RESTART,
+};
+
+JobType job_type_lookup_merge(JobType a, JobType b) {
+        assert_cc(ELEMENTSOF(job_merging_table) == _JOB_TYPE_MAX_MERGING * (_JOB_TYPE_MAX_MERGING - 1) / 2);
+        assert(a >= 0 && a < _JOB_TYPE_MAX_MERGING);
+        assert(b >= 0 && b < _JOB_TYPE_MAX_MERGING);
+
+        if (a == b)
+                return a;
+
+        if (a < b) {
+                JobType tmp = a;
+                a = b;
+                b = tmp;
+        }
+
+        return job_merging_table[(a - 1) * a / 2 + b];
+}
+
+bool job_type_is_redundant(JobType a, UnitActiveState b) {
+        switch (a) {
+
+        case JOB_START:
+                return
+                        b == UNIT_ACTIVE ||
+                        b == UNIT_RELOADING;
+
+        case JOB_STOP:
+                return
+                        b == UNIT_INACTIVE ||
+                        b == UNIT_FAILED;
+
+        case JOB_VERIFY_ACTIVE:
+                return
+                        b == UNIT_ACTIVE ||
+                        b == UNIT_RELOADING;
+
+        case JOB_RELOAD:
+                return
+                        b == UNIT_RELOADING;
+
+        case JOB_RESTART:
+                return
+                        b == UNIT_ACTIVATING;
+
+        case JOB_NOP:
+                return true;
+
+        default:
+                assert_not_reached("Invalid job type");
+        }
+}
+
+JobType job_type_collapse(JobType t, Unit *u) {
+        UnitActiveState s;
+
+        switch (t) {
+
+        case JOB_TRY_RESTART:
+                s = unit_active_state(u);
+                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(s))
+                        return JOB_NOP;
+
+                return JOB_RESTART;
+
+        case JOB_TRY_RELOAD:
+                s = unit_active_state(u);
+                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(s))
+                        return JOB_NOP;
+
+                return JOB_RELOAD;
+
+        case JOB_RELOAD_OR_START:
+                s = unit_active_state(u);
+                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(s))
+                        return JOB_START;
+
+                return JOB_RELOAD;
+
+        default:
+                return t;
+        }
+}
+
+int job_type_merge_and_collapse(JobType *a, JobType b, Unit *u) {
+        JobType t;
+
+        t = job_type_lookup_merge(*a, b);
+        if (t < 0)
+                return -EEXIST;
+
+        *a = job_type_collapse(t, u);
+        return 0;
+}
+
+static bool job_is_runnable(Job *j) {
+        Iterator i;
+        Unit *other;
+
+        assert(j);
+        assert(j->installed);
+
+        /* Checks whether there is any job running for the units this
+         * job needs to be running after (in the case of a 'positive'
+         * job type) or before (in the case of a 'negative' job
+         * type. */
+
+        /* Note that unit types have a say in what is runnable,
+         * too. For example, if they return -EAGAIN from
+         * unit_start() they can indicate they are not
+         * runnable yet. */
+
+        /* First check if there is an override */
+        if (j->ignore_order)
+                return true;
+
+        if (j->type == JOB_NOP)
+                return true;
+
+        if (j->type == JOB_START ||
+            j->type == JOB_VERIFY_ACTIVE ||
+            j->type == JOB_RELOAD) {
+
+                /* Immediate result is that the job is or might be
+                 * started. In this case let's wait for the
+                 * dependencies, regardless whether they are
+                 * starting or stopping something. */
+
+                SET_FOREACH(other, j->unit->dependencies[UNIT_AFTER], i)
+                        if (other->job)
+                                return false;
+        }
+
+        /* Also, if something else is being stopped and we should
+         * change state after it, then let's wait. */
+
+        SET_FOREACH(other, j->unit->dependencies[UNIT_BEFORE], i)
+                if (other->job &&
+                    (other->job->type == JOB_STOP ||
+                     other->job->type == JOB_RESTART))
+                        return false;
+
+        /* This means that for a service a and a service b where b
+         * shall be started after a:
+         *
+         *  start a + start b → 1st step start a, 2nd step start b
+         *  start a + stop b  → 1st step stop b,  2nd step start a
+         *  stop a  + start b → 1st step stop a,  2nd step start b
+         *  stop a  + stop b  → 1st step stop b,  2nd step stop a
+         *
+         *  This has the side effect that restarts are properly
+         *  synchronized too. */
+
+        return true;
+}
+
+static void job_change_type(Job *j, JobType newtype) {
+        assert(j);
+
+        log_unit_debug(j->unit,
+                       "Converting job %s/%s -> %s/%s",
+                       j->unit->id, job_type_to_string(j->type),
+                       j->unit->id, job_type_to_string(newtype));
+
+        j->type = newtype;
+}
+
+static int job_perform_on_unit(Job **j) {
+        uint32_t id;
+        Manager *m;
+        JobType t;
+        Unit *u;
+        int r;
+
+        /* While we execute this operation the job might go away (for
+         * example: because it finishes immediately or is replaced by
+         * a new, conflicting job.) To make sure we don't access a
+         * freed job later on we store the id here, so that we can
+         * verify the job is still valid. */
+
+        assert(j);
+        assert(*j);
+
+        m = (*j)->manager;
+        u = (*j)->unit;
+        t = (*j)->type;
+        id = (*j)->id;
+
+        switch (t) {
+                case JOB_START:
+                        r = unit_start(u);
+                        break;
+
+                case JOB_RESTART:
+                        t = JOB_STOP;
+                        /* fall through */
+                case JOB_STOP:
+                        r = unit_stop(u);
+                        break;
+
+                case JOB_RELOAD:
+                        r = unit_reload(u);
+                        break;
+
+                default:
+                        assert_not_reached("Invalid job type");
+        }
+
+        /* Log if the job still exists and the start/stop/reload function
+         * actually did something. */
+        *j = manager_get_job(m, id);
+        if (*j && r > 0)
+                unit_status_emit_starting_stopping_reloading(u, t);
+
+        return r;
+}
+
+int job_run_and_invalidate(Job *j) {
+        int r;
+
+        assert(j);
+        assert(j->installed);
+        assert(j->type < _JOB_TYPE_MAX_IN_TRANSACTION);
+        assert(j->in_run_queue);
+
+        LIST_REMOVE(run_queue, j->manager->run_queue, j);
+        j->in_run_queue = false;
+
+        if (j->state != JOB_WAITING)
+                return 0;
+
+        if (!job_is_runnable(j))
+                return -EAGAIN;
+
+        job_set_state(j, JOB_RUNNING);
+        job_add_to_dbus_queue(j);
+
+
+        switch (j->type) {
+
+                case JOB_VERIFY_ACTIVE: {
+                        UnitActiveState t = unit_active_state(j->unit);
+                        if (UNIT_IS_ACTIVE_OR_RELOADING(t))
+                                r = -EALREADY;
+                        else if (t == UNIT_ACTIVATING)
+                                r = -EAGAIN;
+                        else
+                                r = -EBADR;
+                        break;
+                }
+
+                case JOB_START:
+                case JOB_STOP:
+                case JOB_RESTART:
+                        r = job_perform_on_unit(&j);
+
+                        /* If the unit type does not support starting/stopping,
+                         * then simply wait. */
+                        if (r == -EBADR)
+                                r = 0;
+                        break;
+
+                case JOB_RELOAD:
+                        r = job_perform_on_unit(&j);
+                        break;
+
+                case JOB_NOP:
+                        r = -EALREADY;
+                        break;
+
+                default:
+                        assert_not_reached("Unknown job type");
+        }
+
+        if (j) {
+                if (r == -EALREADY)
+                        r = job_finish_and_invalidate(j, JOB_DONE, true, true);
+                else if (r == -EBADR)
+                        r = job_finish_and_invalidate(j, JOB_SKIPPED, true, false);
+                else if (r == -ENOEXEC)
+                        r = job_finish_and_invalidate(j, JOB_INVALID, true, false);
+                else if (r == -EPROTO)
+                        r = job_finish_and_invalidate(j, JOB_ASSERT, true, false);
+                else if (r == -EOPNOTSUPP)
+                        r = job_finish_and_invalidate(j, JOB_UNSUPPORTED, true, false);
+                else if (r == -EAGAIN)
+                        job_set_state(j, JOB_WAITING);
+                else if (r < 0)
+                        r = job_finish_and_invalidate(j, JOB_FAILED, true, false);
+        }
+
+        return r;
+}
+
+_pure_ static const char *job_get_status_message_format(Unit *u, JobType t, JobResult result) {
+
+        static const char *const generic_finished_start_job[_JOB_RESULT_MAX] = {
+                [JOB_DONE]        = "Started %s.",
+                [JOB_TIMEOUT]     = "Timed out starting %s.",
+                [JOB_FAILED]      = "Failed to start %s.",
+                [JOB_DEPENDENCY]  = "Dependency failed for %s.",
+                [JOB_ASSERT]      = "Assertion failed for %s.",
+                [JOB_UNSUPPORTED] = "Starting of %s not supported.",
+        };
+        static const char *const generic_finished_stop_job[_JOB_RESULT_MAX] = {
+                [JOB_DONE]        = "Stopped %s.",
+                [JOB_FAILED]      = "Stopped (with error) %s.",
+                [JOB_TIMEOUT]     = "Timed out stopping %s.",
+        };
+        static const char *const generic_finished_reload_job[_JOB_RESULT_MAX] = {
+                [JOB_DONE]        = "Reloaded %s.",
+                [JOB_FAILED]      = "Reload failed for %s.",
+                [JOB_TIMEOUT]     = "Timed out reloading %s.",
+        };
+        /* When verify-active detects the unit is inactive, report it.
+         * Most likely a DEPEND warning from a requisiting unit will
+         * occur next and it's nice to see what was requisited. */
+        static const char *const generic_finished_verify_active_job[_JOB_RESULT_MAX] = {
+                [JOB_SKIPPED]     = "%s is not active.",
+        };
+
+        const UnitStatusMessageFormats *format_table;
+        const char *format;
+
+        assert(u);
+        assert(t >= 0);
+        assert(t < _JOB_TYPE_MAX);
+
+        if (IN_SET(t, JOB_START, JOB_STOP, JOB_RESTART)) {
+                format_table = &UNIT_VTABLE(u)->status_message_formats;
+                if (format_table) {
+                        format = t == JOB_START ? format_table->finished_start_job[result] :
+                                                  format_table->finished_stop_job[result];
+                        if (format)
+                                return format;
+                }
+        }
+
+        /* Return generic strings */
+        if (t == JOB_START)
+                return generic_finished_start_job[result];
+        else if (t == JOB_STOP || t == JOB_RESTART)
+                return generic_finished_stop_job[result];
+        else if (t == JOB_RELOAD)
+                return generic_finished_reload_job[result];
+        else if (t == JOB_VERIFY_ACTIVE)
+                return generic_finished_verify_active_job[result];
+
+        return NULL;
+}
+
+static void job_print_status_message(Unit *u, JobType t, JobResult result) {
+        static struct {
+                const char *color, *word;
+        } const statuses[_JOB_RESULT_MAX] = {
+                [JOB_DONE]        = {ANSI_GREEN,            "  OK  "},
+                [JOB_TIMEOUT]     = {ANSI_HIGHLIGHT_RED,    " TIME "},
+                [JOB_FAILED]      = {ANSI_HIGHLIGHT_RED,    "FAILED"},
+                [JOB_DEPENDENCY]  = {ANSI_HIGHLIGHT_YELLOW, "DEPEND"},
+                [JOB_SKIPPED]     = {ANSI_HIGHLIGHT,        " INFO "},
+                [JOB_ASSERT]      = {ANSI_HIGHLIGHT_YELLOW, "ASSERT"},
+                [JOB_UNSUPPORTED] = {ANSI_HIGHLIGHT_YELLOW, "UNSUPP"},
+        };
+
+        const char *format;
+        const char *status;
+
+        assert(u);
+        assert(t >= 0);
+        assert(t < _JOB_TYPE_MAX);
+
+        /* Reload status messages have traditionally not been printed to console. */
+        if (t == JOB_RELOAD)
+                return;
+
+        format = job_get_status_message_format(u, t, result);
+        if (!format)
+                return;
+
+        if (log_get_show_color())
+                status = strjoina(statuses[result].color, statuses[result].word, ANSI_NORMAL);
+        else
+                status = statuses[result].word;
+
+        if (result != JOB_DONE)
+                manager_flip_auto_status(u->manager, true);
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        unit_status_printf(u, status, format);
+        REENABLE_WARNING;
+
+        if (t == JOB_START && result == JOB_FAILED) {
+                _cleanup_free_ char *quoted;
+
+                quoted = shell_maybe_quote(u->id);
+                manager_status_printf(u->manager, STATUS_TYPE_NORMAL, NULL, "See 'systemctl status %s' for details.", strna(quoted));
+        }
+}
+
+static void job_log_status_message(Unit *u, JobType t, JobResult result) {
+        const char *format;
+        char buf[LINE_MAX];
+        sd_id128_t mid;
+        static const int job_result_log_level[_JOB_RESULT_MAX] = {
+                [JOB_DONE]        = LOG_INFO,
+                [JOB_CANCELED]    = LOG_INFO,
+                [JOB_TIMEOUT]     = LOG_ERR,
+                [JOB_FAILED]      = LOG_ERR,
+                [JOB_DEPENDENCY]  = LOG_WARNING,
+                [JOB_SKIPPED]     = LOG_NOTICE,
+                [JOB_INVALID]     = LOG_INFO,
+                [JOB_ASSERT]      = LOG_WARNING,
+                [JOB_UNSUPPORTED] = LOG_WARNING,
+        };
+
+        assert(u);
+        assert(t >= 0);
+        assert(t < _JOB_TYPE_MAX);
+
+        /* Skip this if it goes to the console. since we already print
+         * to the console anyway... */
+
+        if (log_on_console())
+                return;
+
+        format = job_get_status_message_format(u, t, result);
+        if (!format)
+                return;
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        xsprintf(buf, format, unit_description(u));
+        REENABLE_WARNING;
+
+        switch (t) {
+
+        case JOB_START:
+                mid = result == JOB_DONE ? SD_MESSAGE_UNIT_STARTED : SD_MESSAGE_UNIT_FAILED;
+                break;
+
+        case JOB_RELOAD:
+                mid = SD_MESSAGE_UNIT_RELOADED;
+                break;
+
+        case JOB_STOP:
+        case JOB_RESTART:
+                mid = SD_MESSAGE_UNIT_STOPPED;
+                break;
+
+        default:
+                log_struct(job_result_log_level[result],
+                           LOG_UNIT_ID(u),
+                           LOG_MESSAGE("%s", buf),
+                           "RESULT=%s", job_result_to_string(result),
+                           NULL);
+                return;
+        }
+
+        log_struct(job_result_log_level[result],
+                   LOG_MESSAGE_ID(mid),
+                   LOG_UNIT_ID(u),
+                   LOG_MESSAGE("%s", buf),
+                   "RESULT=%s", job_result_to_string(result),
+                   NULL);
+}
+
+static void job_emit_status_message(Unit *u, JobType t, JobResult result) {
+
+        /* No message if the job did not actually do anything due to failed condition. */
+        if (t == JOB_START && result == JOB_DONE && !u->condition_result)
+                return;
+
+        job_log_status_message(u, t, result);
+        job_print_status_message(u, t, result);
+}
+
+static void job_fail_dependencies(Unit *u, UnitDependency d) {
+        Unit *other;
+        Iterator i;
+
+        assert(u);
+
+        SET_FOREACH(other, u->dependencies[d], i) {
+                Job *j = other->job;
+
+                if (!j)
+                        continue;
+                if (!IN_SET(j->type, JOB_START, JOB_VERIFY_ACTIVE))
+                        continue;
+
+                job_finish_and_invalidate(j, JOB_DEPENDENCY, true, false);
+        }
+}
+
+int job_finish_and_invalidate(Job *j, JobResult result, bool recursive, bool already) {
+        Unit *u;
+        Unit *other;
+        JobType t;
+        Iterator i;
+
+        assert(j);
+        assert(j->installed);
+        assert(j->type < _JOB_TYPE_MAX_IN_TRANSACTION);
+
+        u = j->unit;
+        t = j->type;
+
+        j->result = result;
+
+        log_unit_debug(u, "Job %s/%s finished, result=%s", u->id, job_type_to_string(t), job_result_to_string(result));
+
+        /* If this job did nothing to respective unit we don't log the status message */
+        if (!already)
+                job_emit_status_message(u, t, result);
+
+        job_add_to_dbus_queue(j);
+
+        /* Patch restart jobs so that they become normal start jobs */
+        if (result == JOB_DONE && t == JOB_RESTART) {
+
+                job_change_type(j, JOB_START);
+                job_set_state(j, JOB_WAITING);
+
+                job_add_to_run_queue(j);
+
+                goto finish;
+        }
+
+        if (result == JOB_FAILED || result == JOB_INVALID)
+                j->manager->n_failed_jobs++;
+
+        job_uninstall(j);
+        job_free(j);
+
+        /* Fail depending jobs on failure */
+        if (result != JOB_DONE && recursive) {
+                if (IN_SET(t, JOB_START, JOB_VERIFY_ACTIVE)) {
+                        job_fail_dependencies(u, UNIT_REQUIRED_BY);
+                        job_fail_dependencies(u, UNIT_REQUISITE_OF);
+                        job_fail_dependencies(u, UNIT_BOUND_BY);
+                } else if (t == JOB_STOP)
+                        job_fail_dependencies(u, UNIT_CONFLICTED_BY);
+        }
+
+        /* Trigger OnFailure dependencies that are not generated by
+         * the unit itself. We don't treat JOB_CANCELED as failure in
+         * this context. And JOB_FAILURE is already handled by the
+         * unit itself. */
+        if (result == JOB_TIMEOUT || result == JOB_DEPENDENCY) {
+                log_struct(LOG_NOTICE,
+                           "JOB_TYPE=%s", job_type_to_string(t),
+                           "JOB_RESULT=%s", job_result_to_string(result),
+                           LOG_UNIT_ID(u),
+                           LOG_UNIT_MESSAGE(u, "Job %s/%s failed with result '%s'.",
+                                            u->id,
+                                            job_type_to_string(t),
+                                            job_result_to_string(result)),
+                           NULL);
+
+                unit_start_on_failure(u);
+        }
+
+        unit_trigger_notify(u);
+
+finish:
+        /* Try to start the next jobs that can be started */
+        SET_FOREACH(other, u->dependencies[UNIT_AFTER], i)
+                if (other->job)
+                        job_add_to_run_queue(other->job);
+        SET_FOREACH(other, u->dependencies[UNIT_BEFORE], i)
+                if (other->job)
+                        job_add_to_run_queue(other->job);
+
+        manager_check_finished(u->manager);
+
+        return 0;
+}
+
+static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *userdata) {
+        Job *j = userdata;
+        Unit *u;
+
+        assert(j);
+        assert(s == j->timer_event_source);
+
+        log_unit_warning(j->unit, "Job %s/%s timed out.", j->unit->id, job_type_to_string(j->type));
+
+        u = j->unit;
+        job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
+
+        failure_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg);
+
+        return 0;
+}
+
+int job_start_timer(Job *j) {
+        int r;
+
+        if (j->timer_event_source)
+                return 0;
+
+        j->begin_usec = now(CLOCK_MONOTONIC);
+
+        if (j->unit->job_timeout == USEC_INFINITY)
+                return 0;
+
+        r = sd_event_add_time(
+                        j->manager->event,
+                        &j->timer_event_source,
+                        CLOCK_MONOTONIC,
+                        usec_add(j->begin_usec, j->unit->job_timeout), 0,
+                        job_dispatch_timer, j);
+        if (r < 0)
+                return r;
+
+        (void) sd_event_source_set_description(j->timer_event_source, "job-start");
+
+        return 0;
+}
+
+void job_add_to_run_queue(Job *j) {
+        assert(j);
+        assert(j->installed);
+
+        if (j->in_run_queue)
+                return;
+
+        if (!j->manager->run_queue)
+                sd_event_source_set_enabled(j->manager->run_queue_event_source, SD_EVENT_ONESHOT);
+
+        LIST_PREPEND(run_queue, j->manager->run_queue, j);
+        j->in_run_queue = true;
+}
+
+void job_add_to_dbus_queue(Job *j) {
+        assert(j);
+        assert(j->installed);
+
+        if (j->in_dbus_queue)
+                return;
+
+        /* We don't check if anybody is subscribed here, since this
+         * job might just have been created and not yet assigned to a
+         * connection/client. */
+
+        LIST_PREPEND(dbus_queue, j->manager->dbus_job_queue, j);
+        j->in_dbus_queue = true;
+}
+
+char *job_dbus_path(Job *j) {
+        char *p;
+
+        assert(j);
+
+        if (asprintf(&p, "/org/freedesktop/systemd1/job/%"PRIu32, j->id) < 0)
+                return NULL;
+
+        return p;
+}
+
+int job_serialize(Job *j, FILE *f, FDSet *fds) {
+        fprintf(f, "job-id=%u\n", j->id);
+        fprintf(f, "job-type=%s\n", job_type_to_string(j->type));
+        fprintf(f, "job-state=%s\n", job_state_to_string(j->state));
+        fprintf(f, "job-irreversible=%s\n", yes_no(j->irreversible));
+        fprintf(f, "job-sent-dbus-new-signal=%s\n", yes_no(j->sent_dbus_new_signal));
+        fprintf(f, "job-ignore-order=%s\n", yes_no(j->ignore_order));
+
+        if (j->begin_usec > 0)
+                fprintf(f, "job-begin="USEC_FMT"\n", j->begin_usec);
+
+        bus_track_serialize(j->clients, f);
+
+        /* End marker */
+        fputc('\n', f);
+        return 0;
+}
+
+int job_deserialize(Job *j, FILE *f, FDSet *fds) {
+        assert(j);
+
+        for (;;) {
+                char line[LINE_MAX], *l, *v;
+                size_t k;
+
+                if (!fgets(line, sizeof(line), f)) {
+                        if (feof(f))
+                                return 0;
+                        return -errno;
+                }
+
+                char_array_0(line);
+                l = strstrip(line);
+
+                /* End marker */
+                if (l[0] == 0)
+                        return 0;
+
+                k = strcspn(l, "=");
+
+                if (l[k] == '=') {
+                        l[k] = 0;
+                        v = l+k+1;
+                } else
+                        v = l+k;
+
+                if (streq(l, "job-id")) {
+
+                        if (safe_atou32(v, &j->id) < 0)
+                                log_debug("Failed to parse job id value %s", v);
+
+                } else if (streq(l, "job-type")) {
+                        JobType t;
+
+                        t = job_type_from_string(v);
+                        if (t < 0)
+                                log_debug("Failed to parse job type %s", v);
+                        else if (t >= _JOB_TYPE_MAX_IN_TRANSACTION)
+                                log_debug("Cannot deserialize job of type %s", v);
+                        else
+                                j->type = t;
+
+                } else if (streq(l, "job-state")) {
+                        JobState s;
+
+                        s = job_state_from_string(v);
+                        if (s < 0)
+                                log_debug("Failed to parse job state %s", v);
+                        else
+                                job_set_state(j, s);
+
+                } else if (streq(l, "job-irreversible")) {
+                        int b;
+
+                        b = parse_boolean(v);
+                        if (b < 0)
+                                log_debug("Failed to parse job irreversible flag %s", v);
+                        else
+                                j->irreversible = j->irreversible || b;
+
+                } else if (streq(l, "job-sent-dbus-new-signal")) {
+                        int b;
+
+                        b = parse_boolean(v);
+                        if (b < 0)
+                                log_debug("Failed to parse job sent_dbus_new_signal flag %s", v);
+                        else
+                                j->sent_dbus_new_signal = j->sent_dbus_new_signal || b;
+
+                } else if (streq(l, "job-ignore-order")) {
+                        int b;
+
+                        b = parse_boolean(v);
+                        if (b < 0)
+                                log_debug("Failed to parse job ignore_order flag %s", v);
+                        else
+                                j->ignore_order = j->ignore_order || b;
+
+                } else if (streq(l, "job-begin")) {
+                        unsigned long long ull;
+
+                        if (sscanf(v, "%llu", &ull) != 1)
+                                log_debug("Failed to parse job-begin value %s", v);
+                        else
+                                j->begin_usec = ull;
+
+                } else if (streq(l, "subscribed")) {
+
+                        if (strv_extend(&j->deserialized_clients, v) < 0)
+                                return log_oom();
+                }
+        }
+}
+
+int job_coldplug(Job *j) {
+        int r;
+
+        assert(j);
+
+        /* After deserialization is complete and the bus connection
+         * set up again, let's start watching our subscribers again */
+        r = bus_track_coldplug(j->manager, &j->clients, &j->deserialized_clients);
+        if (r < 0)
+                return r;
+
+        if (j->state == JOB_WAITING)
+                job_add_to_run_queue(j);
+
+        if (j->begin_usec == 0 || j->unit->job_timeout == USEC_INFINITY)
+                return 0;
+
+        j->timer_event_source = sd_event_source_unref(j->timer_event_source);
+
+        r = sd_event_add_time(
+                        j->manager->event,
+                        &j->timer_event_source,
+                        CLOCK_MONOTONIC,
+                        usec_add(j->begin_usec, j->unit->job_timeout), 0,
+                        job_dispatch_timer, j);
+        if (r < 0)
+                log_debug_errno(r, "Failed to restart timeout for job: %m");
+
+        (void) sd_event_source_set_description(j->timer_event_source, "job-timeout");
+
+        return r;
+}
+
+void job_shutdown_magic(Job *j) {
+        assert(j);
+
+        /* The shutdown target gets some special treatment here: we
+         * tell the kernel to begin with flushing its disk caches, to
+         * optimize shutdown time a bit. Ideally we wouldn't hardcode
+         * this magic into PID 1. However all other processes aren't
+         * options either since they'd exit much sooner than PID 1 and
+         * asynchronous sync() would cause their exit to be
+         * delayed. */
+
+        if (j->type != JOB_START)
+                return;
+
+        if (!MANAGER_IS_SYSTEM(j->unit->manager))
+                return;
+
+        if (!unit_has_name(j->unit, SPECIAL_SHUTDOWN_TARGET))
+                return;
+
+        /* In case messages on console has been disabled on boot */
+        j->unit->manager->no_console_output = false;
+
+        if (detect_container() > 0)
+                return;
+
+        asynchronous_sync();
+}
+
+int job_get_timeout(Job *j, usec_t *timeout) {
+        usec_t x = USEC_INFINITY, y = USEC_INFINITY;
+        Unit *u = j->unit;
+        int r;
+
+        assert(u);
+
+        if (j->timer_event_source) {
+                r = sd_event_source_get_time(j->timer_event_source, &x);
+                if (r < 0)
+                        return r;
+        }
+
+        if (UNIT_VTABLE(u)->get_timeout) {
+                r = UNIT_VTABLE(u)->get_timeout(u, &y);
+                if (r < 0)
+                        return r;
+        }
+
+        if (x == USEC_INFINITY && y == USEC_INFINITY)
+                return 0;
+
+        *timeout = MIN(x, y);
+        return 1;
+}
+
+static const char* const job_state_table[_JOB_STATE_MAX] = {
+        [JOB_WAITING] = "waiting",
+        [JOB_RUNNING] = "running"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(job_state, JobState);
+
+static const char* const job_type_table[_JOB_TYPE_MAX] = {
+        [JOB_START] = "start",
+        [JOB_VERIFY_ACTIVE] = "verify-active",
+        [JOB_STOP] = "stop",
+        [JOB_RELOAD] = "reload",
+        [JOB_RELOAD_OR_START] = "reload-or-start",
+        [JOB_RESTART] = "restart",
+        [JOB_TRY_RESTART] = "try-restart",
+        [JOB_TRY_RELOAD] = "try-reload",
+        [JOB_NOP] = "nop",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(job_type, JobType);
+
+static const char* const job_mode_table[_JOB_MODE_MAX] = {
+        [JOB_FAIL] = "fail",
+        [JOB_REPLACE] = "replace",
+        [JOB_REPLACE_IRREVERSIBLY] = "replace-irreversibly",
+        [JOB_ISOLATE] = "isolate",
+        [JOB_FLUSH] = "flush",
+        [JOB_IGNORE_DEPENDENCIES] = "ignore-dependencies",
+        [JOB_IGNORE_REQUIREMENTS] = "ignore-requirements",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(job_mode, JobMode);
+
+static const char* const job_result_table[_JOB_RESULT_MAX] = {
+        [JOB_DONE] = "done",
+        [JOB_CANCELED] = "canceled",
+        [JOB_TIMEOUT] = "timeout",
+        [JOB_FAILED] = "failed",
+        [JOB_DEPENDENCY] = "dependency",
+        [JOB_SKIPPED] = "skipped",
+        [JOB_INVALID] = "invalid",
+        [JOB_ASSERT] = "assert",
+        [JOB_UNSUPPORTED] = "unsupported",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(job_result, JobResult);
+
+const char* job_type_to_access_method(JobType t) {
+        assert(t >= 0);
+        assert(t < _JOB_TYPE_MAX);
+
+        if (IN_SET(t, JOB_START, JOB_RESTART, JOB_TRY_RESTART))
+                return "start";
+        else if (t == JOB_STOP)
+                return "stop";
+        else
+                return "reload";
+}
diff --git a/src/libcore/job.h b/src/libcore/job.h
new file mode 100644
index 0000000000..68c2089b91
--- /dev/null
+++ b/src/libcore/job.h
@@ -0,0 +1,242 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-event.h>
+
+#include "list.h"
+#include "unit-name.h"
+
+typedef struct Job Job;
+typedef struct JobDependency JobDependency;
+typedef enum JobType JobType;
+typedef enum JobState JobState;
+typedef enum JobMode JobMode;
+typedef enum JobResult JobResult;
+
+/* Be careful when changing the job types! Adjust job_merging_table[] accordingly! */
+enum JobType {
+        JOB_START,                  /* if a unit does not support being started, we'll just wait until it becomes active */
+        JOB_VERIFY_ACTIVE,
+
+        JOB_STOP,
+
+        JOB_RELOAD,                 /* if running, reload */
+
+        /* Note that restarts are first treated like JOB_STOP, but
+         * then instead of finishing are patched to become
+         * JOB_START. */
+        JOB_RESTART,                /* If running, stop. Then start unconditionally. */
+
+        _JOB_TYPE_MAX_MERGING,
+
+        /* JOB_NOP can enter into a transaction, but as it won't pull in
+         * any dependencies and it uses the special 'nop_job' slot in Unit,
+         * it won't have to merge with anything (except possibly into another
+         * JOB_NOP, previously installed). JOB_NOP is special-cased in
+         * job_type_is_*() functions so that the transaction can be
+         * activated. */
+        JOB_NOP = _JOB_TYPE_MAX_MERGING, /* do nothing */
+
+        _JOB_TYPE_MAX_IN_TRANSACTION,
+
+        /* JOB_TRY_RESTART can never appear in a transaction, because
+         * it always collapses into JOB_RESTART or JOB_NOP before entering.
+         * Thus we never need to merge it with anything. */
+        JOB_TRY_RESTART = _JOB_TYPE_MAX_IN_TRANSACTION, /* if running, stop and then start */
+
+        /* Similar to JOB_TRY_RESTART but collapses to JOB_RELOAD or JOB_NOP */
+        JOB_TRY_RELOAD,
+
+        /* JOB_RELOAD_OR_START won't enter into a transaction and cannot result
+         * from transaction merging (there's no way for JOB_RELOAD and
+         * JOB_START to meet in one transaction). It can result from a merge
+         * during job installation, but then it will immediately collapse into
+         * one of the two simpler types. */
+        JOB_RELOAD_OR_START,        /* if running, reload, otherwise start */
+
+        _JOB_TYPE_MAX,
+        _JOB_TYPE_INVALID = -1
+};
+
+enum JobState {
+        JOB_WAITING,
+        JOB_RUNNING,
+        _JOB_STATE_MAX,
+        _JOB_STATE_INVALID = -1
+};
+
+enum JobMode {
+        JOB_FAIL,                /* Fail if a conflicting job is already queued */
+        JOB_REPLACE,             /* Replace an existing conflicting job */
+        JOB_REPLACE_IRREVERSIBLY,/* Like JOB_REPLACE + produce irreversible jobs */
+        JOB_ISOLATE,             /* Start a unit, and stop all others */
+        JOB_FLUSH,               /* Flush out all other queued jobs when queing this one */
+        JOB_IGNORE_DEPENDENCIES, /* Ignore both requirement and ordering dependencies */
+        JOB_IGNORE_REQUIREMENTS, /* Ignore requirement dependencies */
+        _JOB_MODE_MAX,
+        _JOB_MODE_INVALID = -1
+};
+
+enum JobResult {
+        JOB_DONE,                /* Job completed successfully */
+        JOB_CANCELED,            /* Job canceled by a conflicting job installation or by explicit cancel request */
+        JOB_TIMEOUT,             /* Job timeout elapsed */
+        JOB_FAILED,              /* Job failed */
+        JOB_DEPENDENCY,          /* A required dependency job did not result in JOB_DONE */
+        JOB_SKIPPED,             /* Negative result of JOB_VERIFY_ACTIVE */
+        JOB_INVALID,             /* JOB_RELOAD of inactive unit */
+        JOB_ASSERT,              /* Couldn't start a unit, because an assert didn't hold */
+        JOB_UNSUPPORTED,         /* Couldn't start a unit, because the unit type is not supported on the system */
+        _JOB_RESULT_MAX,
+        _JOB_RESULT_INVALID = -1
+};
+
+#include "unit.h"
+
+struct JobDependency {
+        /* Encodes that the 'subject' job needs the 'object' job in
+         * some way. This structure is used only while building a transaction. */
+        Job *subject;
+        Job *object;
+
+        LIST_FIELDS(JobDependency, subject);
+        LIST_FIELDS(JobDependency, object);
+
+        bool matters;
+        bool conflicts;
+};
+
+struct Job {
+        Manager *manager;
+        Unit *unit;
+
+        LIST_FIELDS(Job, transaction);
+        LIST_FIELDS(Job, run_queue);
+        LIST_FIELDS(Job, dbus_queue);
+
+        LIST_HEAD(JobDependency, subject_list);
+        LIST_HEAD(JobDependency, object_list);
+
+        /* Used for graph algs as a "I have been here" marker */
+        Job* marker;
+        unsigned generation;
+
+        uint32_t id;
+
+        JobType type;
+        JobState state;
+
+        sd_event_source *timer_event_source;
+        usec_t begin_usec;
+
+        /*
+         * This tracks where to send signals, and also which clients
+         * are allowed to call DBus methods on the job (other than
+         * root).
+         *
+         * There can be more than one client, because of job merging.
+         */
+        sd_bus_track *clients;
+        char **deserialized_clients;
+
+        JobResult result;
+
+        bool installed:1;
+        bool in_run_queue:1;
+        bool matters_to_anchor:1;
+        bool in_dbus_queue:1;
+        bool sent_dbus_new_signal:1;
+        bool ignore_order:1;
+        bool irreversible:1;
+};
+
+Job* job_new(Unit *unit, JobType type);
+Job* job_new_raw(Unit *unit);
+void job_free(Job *job);
+Job* job_install(Job *j);
+int job_install_deserialized(Job *j);
+void job_uninstall(Job *j);
+void job_dump(Job *j, FILE*f, const char *prefix);
+int job_serialize(Job *j, FILE *f, FDSet *fds);
+int job_deserialize(Job *j, FILE *f, FDSet *fds);
+int job_coldplug(Job *j);
+
+JobDependency* job_dependency_new(Job *subject, Job *object, bool matters, bool conflicts);
+void job_dependency_free(JobDependency *l);
+
+int job_merge(Job *j, Job *other);
+
+JobType job_type_lookup_merge(JobType a, JobType b) _pure_;
+
+_pure_ static inline bool job_type_is_mergeable(JobType a, JobType b) {
+        return job_type_lookup_merge(a, b) >= 0;
+}
+
+_pure_ static inline bool job_type_is_conflicting(JobType a, JobType b) {
+        return a != JOB_NOP && b != JOB_NOP && !job_type_is_mergeable(a, b);
+}
+
+_pure_ static inline bool job_type_is_superset(JobType a, JobType b) {
+        /* Checks whether operation a is a "superset" of b in its actions */
+        if (b == JOB_NOP)
+                return true;
+        if (a == JOB_NOP)
+                return false;
+        return a == job_type_lookup_merge(a, b);
+}
+
+bool job_type_is_redundant(JobType a, UnitActiveState b) _pure_;
+
+/* Collapses a state-dependent job type into a simpler type by observing
+ * the state of the unit which it is going to be applied to. */
+JobType job_type_collapse(JobType t, Unit *u);
+
+int job_type_merge_and_collapse(JobType *a, JobType b, Unit *u);
+
+void job_add_to_run_queue(Job *j);
+void job_add_to_dbus_queue(Job *j);
+
+int job_start_timer(Job *j);
+
+int job_run_and_invalidate(Job *j);
+int job_finish_and_invalidate(Job *j, JobResult result, bool recursive, bool already);
+
+char *job_dbus_path(Job *j);
+
+void job_shutdown_magic(Job *j);
+
+int job_get_timeout(Job *j, usec_t *timeout) _pure_;
+
+const char* job_type_to_string(JobType t) _const_;
+JobType job_type_from_string(const char *s) _pure_;
+
+const char* job_state_to_string(JobState t) _const_;
+JobState job_state_from_string(const char *s) _pure_;
+
+const char* job_mode_to_string(JobMode t) _const_;
+JobMode job_mode_from_string(const char *s) _pure_;
+
+const char* job_result_to_string(JobResult t) _const_;
+JobResult job_result_from_string(const char *s) _pure_;
+
+const char* job_type_to_access_method(JobType t);
diff --git a/src/core/kill.c b/src/libcore/kill.c
index 6854587d54..6854587d54 100644
--- a/src/core/kill.c
+++ b/src/libcore/kill.c
diff --git a/src/core/kill.h b/src/libcore/kill.h
index b3d2056cb0..b3d2056cb0 100644
--- a/src/core/kill.h
+++ b/src/libcore/kill.h
diff --git a/src/core/killall.c b/src/libcore/killall.c
index 09378f7085..09378f7085 100644
--- a/src/core/killall.c
+++ b/src/libcore/killall.c
diff --git a/src/core/killall.h b/src/libcore/killall.h
index acc2439f00..acc2439f00 100644
--- a/src/core/killall.h
+++ b/src/libcore/killall.h
diff --git a/src/core/kmod-setup.c b/src/libcore/kmod-setup.c
index 3503db52ed..3503db52ed 100644
--- a/src/core/kmod-setup.c
+++ b/src/libcore/kmod-setup.c
diff --git a/src/core/kmod-setup.h b/src/libcore/kmod-setup.h
index 685f4df301..685f4df301 100644
--- a/src/core/kmod-setup.h
+++ b/src/libcore/kmod-setup.h
diff --git a/src/shared/linux/auto_dev-ioctl.h b/src/libcore/linux/auto_dev-ioctl.h
index aeaeb3ea7a..aeaeb3ea7a 100644
--- a/src/shared/linux/auto_dev-ioctl.h
+++ b/src/libcore/linux/auto_dev-ioctl.h
diff --git a/src/core/load-dropin.c b/src/libcore/load-dropin.c
index f83fa09301..f83fa09301 100644
--- a/src/core/load-dropin.c
+++ b/src/libcore/load-dropin.c
diff --git a/src/core/load-dropin.h b/src/libcore/load-dropin.h
index 942d26724e..942d26724e 100644
--- a/src/core/load-dropin.h
+++ b/src/libcore/load-dropin.h
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/libcore/load-fragment-gperf.gperf.m4
index 8193418980..8193418980 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/libcore/load-fragment-gperf.gperf.m4
diff --git a/src/core/load-fragment.c b/src/libcore/load-fragment.c
index 86b4fb071b..86b4fb071b 100644
--- a/src/core/load-fragment.c
+++ b/src/libcore/load-fragment.c
diff --git a/src/core/load-fragment.h b/src/libcore/load-fragment.h
index b36a2e3a02..b36a2e3a02 100644
--- a/src/core/load-fragment.h
+++ b/src/libcore/load-fragment.h
diff --git a/src/core/locale-setup.c b/src/libcore/locale-setup.c
index ccf61d29fb..ccf61d29fb 100644
--- a/src/core/locale-setup.c
+++ b/src/libcore/locale-setup.c
diff --git a/src/core/locale-setup.h b/src/libcore/locale-setup.h
index 3b97497afe..3b97497afe 100644
--- a/src/core/locale-setup.h
+++ b/src/libcore/locale-setup.h
diff --git a/src/libcore/loopback-setup.c b/src/libcore/loopback-setup.c
new file mode 100644
index 0000000000..d56bbfa6fc
--- /dev/null
+++ b/src/libcore/loopback-setup.c
@@ -0,0 +1,90 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <net/if.h>
+#include <stdlib.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "loopback-setup.h"
+#include "missing.h"
+#include "netlink-util.h"
+
+static int start_loopback(sd_netlink *rtnl) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
+        int r;
+
+        r = sd_rtnl_message_new_link(rtnl, &req, RTM_SETLINK, LOOPBACK_IFINDEX);
+        if (r < 0)
+                return r;
+
+        r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(rtnl, req, 0, NULL);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static bool check_loopback(sd_netlink *rtnl) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        unsigned flags;
+        int r;
+
+        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
+        if (r < 0)
+                return false;
+
+        r = sd_netlink_call(rtnl, req, 0, &reply);
+        if (r < 0)
+                return false;
+
+        r = sd_rtnl_message_link_get_flags(reply, &flags);
+        if (r < 0)
+                return false;
+
+        return flags & IFF_UP;
+}
+
+int loopback_setup(void) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        int r;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return r;
+
+        r = start_loopback(rtnl);
+        if (r < 0) {
+
+                /* If we lack the permissions to configure the
+                 * loopback device, but we find it to be already
+                 * configured, let's exit cleanly, in order to
+                 * supported unprivileged containers. */
+                if (r == -EPERM && check_loopback(rtnl))
+                        return 0;
+
+                return log_warning_errno(r, "Failed to configure loopback device: %m");
+        }
+
+        return 0;
+}
diff --git a/src/core/loopback-setup.h b/src/libcore/loopback-setup.h
index e7547b8a26..e7547b8a26 100644
--- a/src/core/loopback-setup.h
+++ b/src/libcore/loopback-setup.h
diff --git a/src/libcore/machine-id-setup.c b/src/libcore/machine-id-setup.c
new file mode 100644
index 0000000000..812e4b038c
--- /dev/null
+++ b/src/libcore/machine-id-setup.c
@@ -0,0 +1,364 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <sched.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hexdecoct.h"
+#include "io-util.h"
+#include "log.h"
+#include "machine-id-setup.h"
+#include "macro.h"
+#include "mkdir.h"
+#include "mount-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "stat-util.h"
+#include "string-util.h"
+#include "umask-util.h"
+#include "util.h"
+#include "virt.h"
+
+static int shorten_uuid(char destination[34], const char source[36]) {
+        unsigned i, j;
+
+        assert(destination);
+        assert(source);
+
+        /* Converts a UUID into a machine ID, by lowercasing it and
+         * removing dashes. Validates everything. */
+
+        for (i = 0, j = 0; i < 36 && j < 32; i++) {
+                int t;
+
+                t = unhexchar(source[i]);
+                if (t < 0)
+                        continue;
+
+                destination[j++] = hexchar(t);
+        }
+
+        if (i != 36 || j != 32)
+                return -EINVAL;
+
+        destination[32] = '\n';
+        destination[33] = 0;
+        return 0;
+}
+
+static int read_machine_id(int fd, char id[34]) {
+        char id_to_validate[34];
+        int r;
+
+        assert(fd >= 0);
+        assert(id);
+
+        /* Reads a machine ID from a file, validates it, and returns
+         * it. The returned ID ends in a newline. */
+
+        r = loop_read_exact(fd, id_to_validate, 33, false);
+        if (r < 0)
+                return r;
+
+        if (id_to_validate[32] != '\n')
+                return -EINVAL;
+
+        id_to_validate[32] = 0;
+
+        if (!id128_is_valid(id_to_validate))
+                return -EINVAL;
+
+        memcpy(id, id_to_validate, 32);
+        id[32] = '\n';
+        id[33] = 0;
+        return 0;
+}
+
+static int write_machine_id(int fd, const char id[34]) {
+        int r;
+
+        assert(fd >= 0);
+        assert(id);
+
+        if (lseek(fd, 0, SEEK_SET) < 0)
+                return -errno;
+
+        r = loop_write(fd, id, 33, false);
+        if (r < 0)
+                return r;
+
+        if (fsync(fd) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int generate_machine_id(char id[34], const char *root) {
+        int fd, r;
+        unsigned char *p;
+        sd_id128_t buf;
+        char  *q;
+        const char *dbus_machine_id;
+
+        assert(id);
+
+        dbus_machine_id = prefix_roota(root, "/var/lib/dbus/machine-id");
+
+        /* First, try reading the D-Bus machine id, unless it is a symlink */
+        fd = open(dbus_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
+        if (fd >= 0) {
+                r = read_machine_id(fd, id);
+                safe_close(fd);
+
+                if (r >= 0) {
+                        log_info("Initializing machine ID from D-Bus machine ID.");
+                        return 0;
+                }
+        }
+
+        if (isempty(root)) {
+                /* If that didn't work, see if we are running in a container,
+                 * and a machine ID was passed in via $container_uuid the way
+                 * libvirt/LXC does it */
+
+                if (detect_container() > 0) {
+                        _cleanup_free_ char *e = NULL;
+
+                        r = getenv_for_pid(1, "container_uuid", &e);
+                        if (r > 0) {
+                                r = shorten_uuid(id, e);
+                                if (r >= 0) {
+                                        log_info("Initializing machine ID from container UUID.");
+                                        return 0;
+                                }
+                        }
+
+                } else if (detect_vm() == VIRTUALIZATION_KVM) {
+
+                        /* If we are not running in a container, see if we are
+                         * running in qemu/kvm and a machine ID was passed in
+                         * via -uuid on the qemu/kvm command line */
+
+                        char uuid[36];
+
+                        fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
+                        if (fd >= 0) {
+                                r = loop_read_exact(fd, uuid, 36, false);
+                                safe_close(fd);
+
+                                if (r >= 0) {
+                                        r = shorten_uuid(id, uuid);
+                                        if (r >= 0) {
+                                                log_info("Initializing machine ID from KVM UUID.");
+                                                return 0;
+                                        }
+                                }
+                        }
+                }
+        }
+
+        /* If that didn't work, generate a random machine id */
+        r = sd_id128_randomize(&buf);
+        if (r < 0)
+                return log_error_errno(r, "Failed to open /dev/urandom: %m");
+
+        for (p = buf.bytes, q = id; p < buf.bytes + sizeof(buf); p++, q += 2) {
+                q[0] = hexchar(*p >> 4);
+                q[1] = hexchar(*p & 15);
+        }
+
+        id[32] = '\n';
+        id[33] = 0;
+
+        log_info("Initializing machine ID from random generator.");
+
+        return 0;
+}
+
+int machine_id_setup(const char *root, sd_id128_t machine_id) {
+        const char *etc_machine_id, *run_machine_id;
+        _cleanup_close_ int fd = -1;
+        bool writable = true;
+        char id[34]; /* 32 + \n + \0 */
+        int r;
+
+        etc_machine_id = prefix_roota(root, "/etc/machine-id");
+        run_machine_id = prefix_roota(root, "/run/machine-id");
+
+        RUN_WITH_UMASK(0000) {
+                /* We create this 0444, to indicate that this isn't really
+                 * something you should ever modify. Of course, since the file
+                 * will be owned by root it doesn't matter much, but maybe
+                 * people look. */
+
+                mkdir_parents(etc_machine_id, 0755);
+                fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
+                if (fd < 0) {
+                        int old_errno = errno;
+
+                        fd = open(etc_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+                        if (fd < 0) {
+                                if (old_errno == EROFS && errno == ENOENT)
+                                        log_error_errno(errno,
+                                                  "System cannot boot: Missing /etc/machine-id and /etc is mounted read-only.\n"
+                                                  "Booting up is supported only when:\n"
+                                                  "1) /etc/machine-id exists and is populated.\n"
+                                                  "2) /etc/machine-id exists and is empty.\n"
+                                                  "3) /etc/machine-id is missing and /etc is writable.\n");
+                                else
+                                        log_error_errno(errno, "Cannot open %s: %m", etc_machine_id);
+
+                                return -errno;
+                        }
+
+                        writable = false;
+                }
+        }
+
+        /* A machine id argument overrides all other machined-ids */
+        if (!sd_id128_is_null(machine_id)) {
+                sd_id128_to_string(machine_id, id);
+                id[32] = '\n';
+                id[33] = 0;
+        } else {
+                if (read_machine_id(fd, id) >= 0)
+                        return 0;
+
+                /* Hmm, so, the id currently stored is not useful, then let's
+                 * generate one */
+
+                r = generate_machine_id(id, root);
+                if (r < 0)
+                        return r;
+        }
+
+        if (writable)
+                if (write_machine_id(fd, id) >= 0)
+                        return 0;
+
+        fd = safe_close(fd);
+
+        /* Hmm, we couldn't write it? So let's write it to
+         * /run/machine-id as a replacement */
+
+        RUN_WITH_UMASK(0022) {
+                r = write_string_file(run_machine_id, id, WRITE_STRING_FILE_CREATE);
+                if (r < 0) {
+                        (void) unlink(run_machine_id);
+                        return log_error_errno(r, "Cannot write %s: %m", run_machine_id);
+                }
+        }
+
+        /* And now, let's mount it over */
+        if (mount(run_machine_id, etc_machine_id, NULL, MS_BIND, NULL) < 0) {
+                (void) unlink_noerrno(run_machine_id);
+                return log_error_errno(errno, "Failed to mount %s: %m", etc_machine_id);
+        }
+
+        log_info("Installed transient %s file.", etc_machine_id);
+
+        /* Mark the mount read-only */
+        if (mount(NULL, etc_machine_id, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, NULL) < 0)
+                log_warning_errno(errno, "Failed to make transient %s read-only: %m", etc_machine_id);
+
+        return 0;
+}
+
+int machine_id_commit(const char *root) {
+        _cleanup_close_ int fd = -1, initial_mntns_fd = -1;
+        const char *etc_machine_id;
+        char id[34]; /* 32 + \n + \0 */
+        int r;
+
+        etc_machine_id = prefix_roota(root, "/etc/machine-id");
+
+        r = path_is_mount_point(etc_machine_id, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine whether %s is a mount point: %m", etc_machine_id);
+        if (r == 0) {
+                log_debug("%s is is not a mount point. Nothing to do.", etc_machine_id);
+                return 0;
+        }
+
+        /* Read existing machine-id */
+        fd = open(etc_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+        if (fd < 0)
+                return log_error_errno(errno, "Cannot open %s: %m", etc_machine_id);
+
+        r = read_machine_id(fd, id);
+        if (r < 0)
+                return log_error_errno(r, "We didn't find a valid machine ID in %s.", etc_machine_id);
+
+        r = fd_is_temporary_fs(fd);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine whether %s is on a temporary file system: %m", etc_machine_id);
+        if (r == 0) {
+                log_error("%s is not on a temporary file system.", etc_machine_id);
+                return -EROFS;
+        }
+
+        fd = safe_close(fd);
+
+        /* Store current mount namespace */
+        r = namespace_open(0, NULL, &initial_mntns_fd, NULL, NULL, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Can't fetch current mount namespace: %m");
+
+        /* Switch to a new mount namespace, isolate ourself and unmount etc_machine_id in our new namespace */
+        if (unshare(CLONE_NEWNS) < 0)
+                return log_error_errno(errno, "Failed to enter new namespace: %m");
+
+        if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
+                return log_error_errno(errno, "Couldn't make-rslave / mountpoint in our private namespace: %m");
+
+        if (umount(etc_machine_id) < 0)
+                return log_error_errno(errno, "Failed to unmount transient %s file in our private namespace: %m", etc_machine_id);
+
+        /* Update a persistent version of etc_machine_id */
+        fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY, 0444);
+        if (fd < 0)
+                return log_error_errno(errno, "Cannot open for writing %s. This is mandatory to get a persistent machine-id: %m", etc_machine_id);
+
+        r = write_machine_id(fd, id);
+        if (r < 0)
+                return log_error_errno(r, "Cannot write %s: %m", etc_machine_id);
+
+        fd = safe_close(fd);
+
+        /* Return to initial namespace and proceed a lazy tmpfs unmount */
+        r = namespace_enter(-1, initial_mntns_fd, -1, -1, -1);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to switch back to initial mount namespace: %m.\nWe'll keep transient %s file until next reboot.", etc_machine_id);
+
+        if (umount2(etc_machine_id, MNT_DETACH) < 0)
+                return log_warning_errno(errno, "Failed to unmount transient %s file: %m.\nWe keep that mount until next reboot.", etc_machine_id);
+
+        return 0;
+}
diff --git a/src/core/machine-id-setup.h b/src/libcore/machine-id-setup.h
index a7e7678ed9..a7e7678ed9 100644
--- a/src/core/machine-id-setup.h
+++ b/src/libcore/machine-id-setup.h
diff --git a/src/libcore/manager.c b/src/libcore/manager.c
new file mode 100644
index 0000000000..831fdbaabf
--- /dev/null
+++ b/src/libcore/manager.c
@@ -0,0 +1,3134 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/kd.h>
+#include <signal.h>
+#include <string.h>
+#include <sys/epoll.h>
+#include <sys/inotify.h>
+#include <sys/ioctl.h>
+#include <sys/reboot.h>
+#include <sys/timerfd.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#ifdef HAVE_AUDIT
+#include <libaudit.h>
+#endif
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "audit-fd.h"
+#include "boot-timestamps.h"
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-kernel.h"
+#include "bus-util.h"
+#include "dbus-job.h"
+#include "dbus-manager.h"
+#include "dbus-unit.h"
+#include "dbus.h"
+#include "dirent-util.h"
+#include "env-util.h"
+#include "escape.h"
+#include "exit-status.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hashmap.h"
+#include "io-util.h"
+#include "locale-setup.h"
+#include "log.h"
+#include "macro.h"
+#include "manager.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "path-lookup.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "ratelimit.h"
+#include "rm-rf.h"
+#include "signal-util.h"
+#include "special.h"
+#include "stat-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "time-util.h"
+#include "transaction.h"
+#include "umask-util.h"
+#include "unit-name.h"
+#include "util.h"
+#include "virt.h"
+#include "watchdog.h"
+
+#define NOTIFY_RCVBUF_SIZE (8*1024*1024)
+#define CGROUPS_AGENT_RCVBUF_SIZE (8*1024*1024)
+
+/* Initial delay and the interval for printing status messages about running jobs */
+#define JOBS_IN_PROGRESS_WAIT_USEC (5*USEC_PER_SEC)
+#define JOBS_IN_PROGRESS_PERIOD_USEC (USEC_PER_SEC / 3)
+#define JOBS_IN_PROGRESS_PERIOD_DIVISOR 3
+
+static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata);
+static int manager_dispatch_run_queue(sd_event_source *source, void *userdata);
+static int manager_run_generators(Manager *m);
+
+static void manager_watch_jobs_in_progress(Manager *m) {
+        usec_t next;
+        int r;
+
+        assert(m);
+
+        if (m->jobs_in_progress_event_source)
+                return;
+
+        next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC;
+        r = sd_event_add_time(
+                        m->event,
+                        &m->jobs_in_progress_event_source,
+                        CLOCK_MONOTONIC,
+                        next, 0,
+                        manager_dispatch_jobs_in_progress, m);
+        if (r < 0)
+                return;
+
+        (void) sd_event_source_set_description(m->jobs_in_progress_event_source, "manager-jobs-in-progress");
+}
+
+#define CYLON_BUFFER_EXTRA (2*(sizeof(ANSI_RED)-1) + sizeof(ANSI_HIGHLIGHT_RED)-1 + 2*(sizeof(ANSI_NORMAL)-1))
+
+static void draw_cylon(char buffer[], size_t buflen, unsigned width, unsigned pos) {
+        char *p = buffer;
+
+        assert(buflen >= CYLON_BUFFER_EXTRA + width + 1);
+        assert(pos <= width+1); /* 0 or width+1 mean that the center light is behind the corner */
+
+        if (pos > 1) {
+                if (pos > 2)
+                        p = mempset(p, ' ', pos-2);
+                p = stpcpy(p, ANSI_RED);
+                *p++ = '*';
+        }
+
+        if (pos > 0 && pos <= width) {
+                p = stpcpy(p, ANSI_HIGHLIGHT_RED);
+                *p++ = '*';
+        }
+
+        p = stpcpy(p, ANSI_NORMAL);
+
+        if (pos < width) {
+                p = stpcpy(p, ANSI_RED);
+                *p++ = '*';
+                if (pos < width-1)
+                        p = mempset(p, ' ', width-1-pos);
+                strcpy(p, ANSI_NORMAL);
+        }
+}
+
+void manager_flip_auto_status(Manager *m, bool enable) {
+        assert(m);
+
+        if (enable) {
+                if (m->show_status == SHOW_STATUS_AUTO)
+                        manager_set_show_status(m, SHOW_STATUS_TEMPORARY);
+        } else {
+                if (m->show_status == SHOW_STATUS_TEMPORARY)
+                        manager_set_show_status(m, SHOW_STATUS_AUTO);
+        }
+}
+
+static void manager_print_jobs_in_progress(Manager *m) {
+        _cleanup_free_ char *job_of_n = NULL;
+        Iterator i;
+        Job *j;
+        unsigned counter = 0, print_nr;
+        char cylon[6 + CYLON_BUFFER_EXTRA + 1];
+        unsigned cylon_pos;
+        char time[FORMAT_TIMESPAN_MAX], limit[FORMAT_TIMESPAN_MAX] = "no limit";
+        uint64_t x;
+
+        assert(m);
+        assert(m->n_running_jobs > 0);
+
+        manager_flip_auto_status(m, true);
+
+        print_nr = (m->jobs_in_progress_iteration / JOBS_IN_PROGRESS_PERIOD_DIVISOR) % m->n_running_jobs;
+
+        HASHMAP_FOREACH(j, m->jobs, i)
+                if (j->state == JOB_RUNNING && counter++ == print_nr)
+                        break;
+
+        /* m->n_running_jobs must be consistent with the contents of m->jobs,
+         * so the above loop must have succeeded in finding j. */
+        assert(counter == print_nr + 1);
+        assert(j);
+
+        cylon_pos = m->jobs_in_progress_iteration % 14;
+        if (cylon_pos >= 8)
+                cylon_pos = 14 - cylon_pos;
+        draw_cylon(cylon, sizeof(cylon), 6, cylon_pos);
+
+        m->jobs_in_progress_iteration++;
+
+        if (m->n_running_jobs > 1) {
+                if (asprintf(&job_of_n, "(%u of %u) ", counter, m->n_running_jobs) < 0)
+                        job_of_n = NULL;
+        }
+
+        format_timespan(time, sizeof(time), now(CLOCK_MONOTONIC) - j->begin_usec, 1*USEC_PER_SEC);
+        if (job_get_timeout(j, &x) > 0)
+                format_timespan(limit, sizeof(limit), x - j->begin_usec, 1*USEC_PER_SEC);
+
+        manager_status_printf(m, STATUS_TYPE_EPHEMERAL, cylon,
+                              "%sA %s job is running for %s (%s / %s)",
+                              strempty(job_of_n),
+                              job_type_to_string(j->type),
+                              unit_description(j->unit),
+                              time, limit);
+}
+
+static int have_ask_password(void) {
+        _cleanup_closedir_ DIR *dir;
+
+        dir = opendir("/run/systemd/ask-password");
+        if (!dir) {
+                if (errno == ENOENT)
+                        return false;
+                else
+                        return -errno;
+        }
+
+        for (;;) {
+                struct dirent *de;
+
+                errno = 0;
+                de = readdir(dir);
+                if (!de && errno > 0)
+                        return -errno;
+                if (!de)
+                        return false;
+
+                if (startswith(de->d_name, "ask."))
+                        return true;
+        }
+}
+
+static int manager_dispatch_ask_password_fd(sd_event_source *source,
+                                            int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+
+        assert(m);
+
+        flush_fd(fd);
+
+        m->have_ask_password = have_ask_password();
+        if (m->have_ask_password < 0)
+                /* Log error but continue. Negative have_ask_password
+                 * is treated as unknown status. */
+                log_error_errno(m->have_ask_password, "Failed to list /run/systemd/ask-password: %m");
+
+        return 0;
+}
+
+static void manager_close_ask_password(Manager *m) {
+        assert(m);
+
+        m->ask_password_event_source = sd_event_source_unref(m->ask_password_event_source);
+        m->ask_password_inotify_fd = safe_close(m->ask_password_inotify_fd);
+        m->have_ask_password = -EINVAL;
+}
+
+static int manager_check_ask_password(Manager *m) {
+        int r;
+
+        assert(m);
+
+        if (!m->ask_password_event_source) {
+                assert(m->ask_password_inotify_fd < 0);
+
+                mkdir_p_label("/run/systemd/ask-password", 0755);
+
+                m->ask_password_inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
+                if (m->ask_password_inotify_fd < 0)
+                        return log_error_errno(errno, "inotify_init1() failed: %m");
+
+                if (inotify_add_watch(m->ask_password_inotify_fd, "/run/systemd/ask-password", IN_CREATE|IN_DELETE|IN_MOVE) < 0) {
+                        log_error_errno(errno, "Failed to add watch on /run/systemd/ask-password: %m");
+                        manager_close_ask_password(m);
+                        return -errno;
+                }
+
+                r = sd_event_add_io(m->event, &m->ask_password_event_source,
+                                    m->ask_password_inotify_fd, EPOLLIN,
+                                    manager_dispatch_ask_password_fd, m);
+                if (r < 0) {
+                        log_error_errno(errno, "Failed to add event source for /run/systemd/ask-password: %m");
+                        manager_close_ask_password(m);
+                        return -errno;
+                }
+
+                (void) sd_event_source_set_description(m->ask_password_event_source, "manager-ask-password");
+
+                /* Queries might have been added meanwhile... */
+                manager_dispatch_ask_password_fd(m->ask_password_event_source,
+                                                 m->ask_password_inotify_fd, EPOLLIN, m);
+        }
+
+        return m->have_ask_password;
+}
+
+static int manager_watch_idle_pipe(Manager *m) {
+        int r;
+
+        assert(m);
+
+        if (m->idle_pipe_event_source)
+                return 0;
+
+        if (m->idle_pipe[2] < 0)
+                return 0;
+
+        r = sd_event_add_io(m->event, &m->idle_pipe_event_source, m->idle_pipe[2], EPOLLIN, manager_dispatch_idle_pipe_fd, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to watch idle pipe: %m");
+
+        (void) sd_event_source_set_description(m->idle_pipe_event_source, "manager-idle-pipe");
+
+        return 0;
+}
+
+static void manager_close_idle_pipe(Manager *m) {
+        assert(m);
+
+        m->idle_pipe_event_source = sd_event_source_unref(m->idle_pipe_event_source);
+
+        safe_close_pair(m->idle_pipe);
+        safe_close_pair(m->idle_pipe + 2);
+}
+
+static int manager_setup_time_change(Manager *m) {
+        int r;
+
+        /* We only care for the cancellation event, hence we set the
+         * timeout to the latest possible value. */
+        struct itimerspec its = {
+                .it_value.tv_sec = TIME_T_MAX,
+        };
+
+        assert(m);
+        assert_cc(sizeof(time_t) == sizeof(TIME_T_MAX));
+
+        if (m->test_run)
+                return 0;
+
+        /* Uses TFD_TIMER_CANCEL_ON_SET to get notifications whenever
+         * CLOCK_REALTIME makes a jump relative to CLOCK_MONOTONIC */
+
+        m->time_change_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
+        if (m->time_change_fd < 0)
+                return log_error_errno(errno, "Failed to create timerfd: %m");
+
+        if (timerfd_settime(m->time_change_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0) {
+                log_debug_errno(errno, "Failed to set up TFD_TIMER_CANCEL_ON_SET, ignoring: %m");
+                m->time_change_fd = safe_close(m->time_change_fd);
+                return 0;
+        }
+
+        r = sd_event_add_io(m->event, &m->time_change_event_source, m->time_change_fd, EPOLLIN, manager_dispatch_time_change_fd, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create time change event source: %m");
+
+        (void) sd_event_source_set_description(m->time_change_event_source, "manager-time-change");
+
+        log_debug("Set up TFD_TIMER_CANCEL_ON_SET timerfd.");
+
+        return 0;
+}
+
+static int enable_special_signals(Manager *m) {
+        _cleanup_close_ int fd = -1;
+
+        assert(m);
+
+        if (m->test_run)
+                return 0;
+
+        /* Enable that we get SIGINT on control-alt-del. In containers
+         * this will fail with EPERM (older) or EINVAL (newer), so
+         * ignore that. */
+        if (reboot(RB_DISABLE_CAD) < 0 && errno != EPERM && errno != EINVAL)
+                log_warning_errno(errno, "Failed to enable ctrl-alt-del handling: %m");
+
+        fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
+        if (fd < 0) {
+                /* Support systems without virtual console */
+                if (fd != -ENOENT)
+                        log_warning_errno(errno, "Failed to open /dev/tty0: %m");
+        } else {
+                /* Enable that we get SIGWINCH on kbrequest */
+                if (ioctl(fd, KDSIGACCEPT, SIGWINCH) < 0)
+                        log_warning_errno(errno, "Failed to enable kbrequest handling: %m");
+        }
+
+        return 0;
+}
+
+static int manager_setup_signals(Manager *m) {
+        struct sigaction sa = {
+                .sa_handler = SIG_DFL,
+                .sa_flags = SA_NOCLDSTOP|SA_RESTART,
+        };
+        sigset_t mask;
+        int r;
+
+        assert(m);
+
+        assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);
+
+        /* We make liberal use of realtime signals here. On
+         * Linux/glibc we have 30 of them (with the exception of Linux
+         * on hppa, see below), between SIGRTMIN+0 ... SIGRTMIN+30
+         * (aka SIGRTMAX). */
+
+        assert_se(sigemptyset(&mask) == 0);
+        sigset_add_many(&mask,
+                        SIGCHLD,     /* Child died */
+                        SIGTERM,     /* Reexecute daemon */
+                        SIGHUP,      /* Reload configuration */
+                        SIGUSR1,     /* systemd/upstart: reconnect to D-Bus */
+                        SIGUSR2,     /* systemd: dump status */
+                        SIGINT,      /* Kernel sends us this on control-alt-del */
+                        SIGWINCH,    /* Kernel sends us this on kbrequest (alt-arrowup) */
+                        SIGPWR,      /* Some kernel drivers and upsd send us this on power failure */
+
+                        SIGRTMIN+0,  /* systemd: start default.target */
+                        SIGRTMIN+1,  /* systemd: isolate rescue.target */
+                        SIGRTMIN+2,  /* systemd: isolate emergency.target */
+                        SIGRTMIN+3,  /* systemd: start halt.target */
+                        SIGRTMIN+4,  /* systemd: start poweroff.target */
+                        SIGRTMIN+5,  /* systemd: start reboot.target */
+                        SIGRTMIN+6,  /* systemd: start kexec.target */
+
+                        /* ... space for more special targets ... */
+
+                        SIGRTMIN+13, /* systemd: Immediate halt */
+                        SIGRTMIN+14, /* systemd: Immediate poweroff */
+                        SIGRTMIN+15, /* systemd: Immediate reboot */
+                        SIGRTMIN+16, /* systemd: Immediate kexec */
+
+                        /* ... space for more immediate system state changes ... */
+
+                        SIGRTMIN+20, /* systemd: enable status messages */
+                        SIGRTMIN+21, /* systemd: disable status messages */
+                        SIGRTMIN+22, /* systemd: set log level to LOG_DEBUG */
+                        SIGRTMIN+23, /* systemd: set log level to LOG_INFO */
+                        SIGRTMIN+24, /* systemd: Immediate exit (--user only) */
+
+                        /* .. one free signal here ... */
+
+#if !defined(__hppa64__) && !defined(__hppa__)
+                        /* Apparently Linux on hppa has fewer RT
+                         * signals (SIGRTMAX is SIGRTMIN+25 there),
+                         * hence let's not try to make use of them
+                         * here. Since these commands are accessible
+                         * by different means and only really a safety
+                         * net, the missing functionality on hppa
+                         * shouldn't matter. */
+
+                        SIGRTMIN+26, /* systemd: set log target to journal-or-kmsg */
+                        SIGRTMIN+27, /* systemd: set log target to console */
+                        SIGRTMIN+28, /* systemd: set log target to kmsg */
+                        SIGRTMIN+29, /* systemd: set log target to syslog-or-kmsg (obsolete) */
+
+                        /* ... one free signal here SIGRTMIN+30 ... */
+#endif
+                        -1);
+        assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
+
+        m->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
+        if (m->signal_fd < 0)
+                return -errno;
+
+        r = sd_event_add_io(m->event, &m->signal_event_source, m->signal_fd, EPOLLIN, manager_dispatch_signal_fd, m);
+        if (r < 0)
+                return r;
+
+        (void) sd_event_source_set_description(m->signal_event_source, "manager-signal");
+
+        /* Process signals a bit earlier than the rest of things, but later than notify_fd processing, so that the
+         * notify processing can still figure out to which process/service a message belongs, before we reap the
+         * process. Also, process this before handling cgroup notifications, so that we always collect child exit
+         * status information before detecting that there's no process in a cgroup. */
+        r = sd_event_source_set_priority(m->signal_event_source, SD_EVENT_PRIORITY_NORMAL-6);
+        if (r < 0)
+                return r;
+
+        if (MANAGER_IS_SYSTEM(m))
+                return enable_special_signals(m);
+
+        return 0;
+}
+
+static void manager_clean_environment(Manager *m) {
+        assert(m);
+
+        /* Let's remove some environment variables that we
+         * need ourselves to communicate with our clients */
+        strv_env_unset_many(
+                        m->environment,
+                        "NOTIFY_SOCKET",
+                        "MAINPID",
+                        "MANAGERPID",
+                        "LISTEN_PID",
+                        "LISTEN_FDS",
+                        "LISTEN_FDNAMES",
+                        "WATCHDOG_PID",
+                        "WATCHDOG_USEC",
+                        NULL);
+}
+
+static int manager_default_environment(Manager *m) {
+        assert(m);
+
+        if (MANAGER_IS_SYSTEM(m)) {
+                /* The system manager always starts with a clean
+                 * environment for its children. It does not import
+                 * the kernel or the parents exported variables.
+                 *
+                 * The initial passed environ is untouched to keep
+                 * /proc/self/environ valid; it is used for tagging
+                 * the init process inside containers. */
+                m->environment = strv_new("PATH=" DEFAULT_PATH,
+                                          NULL);
+
+                /* Import locale variables LC_*= from configuration */
+                locale_setup(&m->environment);
+        } else {
+                /* The user manager passes its own environment
+                 * along to its children. */
+                m->environment = strv_copy(environ);
+        }
+
+        if (!m->environment)
+                return -ENOMEM;
+
+        manager_clean_environment(m);
+        strv_sort(m->environment);
+
+        return 0;
+}
+
+
+int manager_new(UnitFileScope scope, bool test_run, Manager **_m) {
+        Manager *m;
+        int r;
+
+        assert(_m);
+        assert(IN_SET(scope, UNIT_FILE_SYSTEM, UNIT_FILE_USER));
+
+        m = new0(Manager, 1);
+        if (!m)
+                return -ENOMEM;
+
+        m->unit_file_scope = scope;
+        m->exit_code = _MANAGER_EXIT_CODE_INVALID;
+        m->default_timer_accuracy_usec = USEC_PER_MINUTE;
+        m->default_tasks_accounting = true;
+        m->default_tasks_max = UINT64_C(512);
+
+#ifdef ENABLE_EFI
+        if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0)
+                boot_timestamps(&m->userspace_timestamp, &m->firmware_timestamp, &m->loader_timestamp);
+#endif
+
+        /* Prepare log fields we can use for structured logging */
+        if (MANAGER_IS_SYSTEM(m)) {
+                m->unit_log_field = "UNIT=";
+                m->unit_log_format_string = "UNIT=%s";
+        } else {
+                m->unit_log_field = "USER_UNIT=";
+                m->unit_log_format_string = "USER_UNIT=%s";
+        }
+
+        m->idle_pipe[0] = m->idle_pipe[1] = m->idle_pipe[2] = m->idle_pipe[3] = -1;
+
+        m->pin_cgroupfs_fd = m->notify_fd = m->cgroups_agent_fd = m->signal_fd = m->time_change_fd =
+                m->dev_autofs_fd = m->private_listen_fd = m->kdbus_fd = m->cgroup_inotify_fd =
+                m->ask_password_inotify_fd = -1;
+
+        m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
+
+        m->have_ask_password = -EINVAL; /* we don't know */
+        m->first_boot = -1;
+
+        m->test_run = test_run;
+
+        /* Reboot immediately if the user hits C-A-D more often than 7x per 2s */
+        RATELIMIT_INIT(m->ctrl_alt_del_ratelimit, 2 * USEC_PER_SEC, 7);
+
+        r = manager_default_environment(m);
+        if (r < 0)
+                goto fail;
+
+        r = hashmap_ensure_allocated(&m->units, &string_hash_ops);
+        if (r < 0)
+                goto fail;
+
+        r = hashmap_ensure_allocated(&m->jobs, NULL);
+        if (r < 0)
+                goto fail;
+
+        r = hashmap_ensure_allocated(&m->cgroup_unit, &string_hash_ops);
+        if (r < 0)
+                goto fail;
+
+        r = hashmap_ensure_allocated(&m->watch_bus, &string_hash_ops);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_default(&m->event);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_add_defer(m->event, &m->run_queue_event_source, manager_dispatch_run_queue, m);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_priority(m->run_queue_event_source, SD_EVENT_PRIORITY_IDLE);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_enabled(m->run_queue_event_source, SD_EVENT_OFF);
+        if (r < 0)
+                goto fail;
+
+        (void) sd_event_source_set_description(m->run_queue_event_source, "manager-run-queue");
+
+        r = manager_setup_signals(m);
+        if (r < 0)
+                goto fail;
+
+        r = manager_setup_cgroup(m);
+        if (r < 0)
+                goto fail;
+
+        r = manager_setup_time_change(m);
+        if (r < 0)
+                goto fail;
+
+        m->udev = udev_new();
+        if (!m->udev) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        /* Note that we set up neither kdbus, nor the notify fd
+         * here. We do that after deserialization, since they might
+         * have gotten serialized across the reexec. */
+
+        m->taint_usr = dir_is_empty("/usr") > 0;
+
+        *_m = m;
+        return 0;
+
+fail:
+        manager_free(m);
+        return r;
+}
+
+static int manager_setup_notify(Manager *m) {
+        int r;
+
+        if (m->test_run)
+                return 0;
+
+        if (m->notify_fd < 0) {
+                _cleanup_close_ int fd = -1;
+                union sockaddr_union sa = {
+                        .sa.sa_family = AF_UNIX,
+                };
+                static const int one = 1;
+                const char *e;
+
+                /* First free all secondary fields */
+                m->notify_socket = mfree(m->notify_socket);
+                m->notify_event_source = sd_event_source_unref(m->notify_event_source);
+
+                fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+                if (fd < 0)
+                        return log_error_errno(errno, "Failed to allocate notification socket: %m");
+
+                fd_inc_rcvbuf(fd, NOTIFY_RCVBUF_SIZE);
+
+                e = manager_get_runtime_prefix(m);
+                if (!e) {
+                        log_error("Failed to determine runtime prefix.");
+                        return -EINVAL;
+                }
+
+                m->notify_socket = strappend(e, "/systemd/notify");
+                if (!m->notify_socket)
+                        return log_oom();
+
+                (void) mkdir_parents_label(m->notify_socket, 0755);
+                (void) unlink(m->notify_socket);
+
+                strncpy(sa.un.sun_path, m->notify_socket, sizeof(sa.un.sun_path)-1);
+                r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+                if (r < 0)
+                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
+
+                r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
+                if (r < 0)
+                        return log_error_errno(errno, "SO_PASSCRED failed: %m");
+
+                m->notify_fd = fd;
+                fd = -1;
+
+                log_debug("Using notification socket %s", m->notify_socket);
+        }
+
+        if (!m->notify_event_source) {
+                r = sd_event_add_io(m->event, &m->notify_event_source, m->notify_fd, EPOLLIN, manager_dispatch_notify_fd, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to allocate notify event source: %m");
+
+                /* Process notification messages a bit earlier than SIGCHLD, so that we can still identify to which
+                 * service an exit message belongs. */
+                r = sd_event_source_set_priority(m->notify_event_source, SD_EVENT_PRIORITY_NORMAL-7);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set priority of notify event source: %m");
+
+                (void) sd_event_source_set_description(m->notify_event_source, "manager-notify");
+        }
+
+        return 0;
+}
+
+static int manager_setup_cgroups_agent(Manager *m) {
+
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/cgroups-agent",
+        };
+        int r;
+
+        /* This creates a listening socket we receive cgroups agent messages on. We do not use D-Bus for delivering
+         * these messages from the cgroups agent binary to PID 1, as the cgroups agent binary is very short-living, and
+         * each instance of it needs a new D-Bus connection. Since D-Bus connections are SOCK_STREAM/AF_UNIX, on
+         * overloaded systems the backlog of the D-Bus socket becomes relevant, as not more than the configured number
+         * of D-Bus connections may be queued until the kernel will start dropping further incoming connections,
+         * possibly resulting in lost cgroups agent messages. To avoid this, we'll use a private SOCK_DGRAM/AF_UNIX
+         * socket, where no backlog is relevant as communication may take place without an actual connect() cycle, and
+         * we thus won't lose messages.
+         *
+         * Note that PID 1 will forward the agent message to system bus, so that the user systemd instance may listen
+         * to it. The system instance hence listens on this special socket, but the user instances listen on the system
+         * bus for these messages. */
+
+        if (m->test_run)
+                return 0;
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return 0;
+
+        if (cg_unified() > 0) /* We don't need this anymore on the unified hierarchy */
+                return 0;
+
+        if (m->cgroups_agent_fd < 0) {
+                _cleanup_close_ int fd = -1;
+
+                /* First free all secondary fields */
+                m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
+
+                fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+                if (fd < 0)
+                        return log_error_errno(errno, "Failed to allocate cgroups agent socket: %m");
+
+                fd_inc_rcvbuf(fd, CGROUPS_AGENT_RCVBUF_SIZE);
+
+                (void) unlink(sa.un.sun_path);
+
+                /* Only allow root to connect to this socket */
+                RUN_WITH_UMASK(0077)
+                        r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+                if (r < 0)
+                        return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
+
+                m->cgroups_agent_fd = fd;
+                fd = -1;
+        }
+
+        if (!m->cgroups_agent_event_source) {
+                r = sd_event_add_io(m->event, &m->cgroups_agent_event_source, m->cgroups_agent_fd, EPOLLIN, manager_dispatch_cgroups_agent_fd, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to allocate cgroups agent event source: %m");
+
+                /* Process cgroups notifications early, but after having processed service notification messages or
+                 * SIGCHLD signals, so that a cgroup running empty is always just the last safety net of notification,
+                 * and we collected the metadata the notification and SIGCHLD stuff offers first. Also see handling of
+                 * cgroup inotify for the unified cgroup stuff. */
+                r = sd_event_source_set_priority(m->cgroups_agent_event_source, SD_EVENT_PRIORITY_NORMAL-5);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set priority of cgroups agent event source: %m");
+
+                (void) sd_event_source_set_description(m->cgroups_agent_event_source, "manager-cgroups-agent");
+        }
+
+        return 0;
+}
+
+static int manager_setup_kdbus(Manager *m) {
+        _cleanup_free_ char *p = NULL;
+
+        assert(m);
+
+        if (m->test_run || m->kdbus_fd >= 0)
+                return 0;
+        if (!is_kdbus_available())
+                return -ESOCKTNOSUPPORT;
+
+        m->kdbus_fd = bus_kernel_create_bus(
+                        MANAGER_IS_SYSTEM(m) ? "system" : "user",
+                        MANAGER_IS_SYSTEM(m), &p);
+
+        if (m->kdbus_fd < 0)
+                return log_debug_errno(m->kdbus_fd, "Failed to set up kdbus: %m");
+
+        log_debug("Successfully set up kdbus on %s", p);
+
+        return 0;
+}
+
+static int manager_connect_bus(Manager *m, bool reexecuting) {
+        bool try_bus_connect;
+
+        assert(m);
+
+        if (m->test_run)
+                return 0;
+
+        try_bus_connect =
+                m->kdbus_fd >= 0 ||
+                reexecuting ||
+                (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS"));
+
+        /* Try to connect to the buses, if possible. */
+        return bus_init(m, try_bus_connect);
+}
+
+static unsigned manager_dispatch_cleanup_queue(Manager *m) {
+        Unit *u;
+        unsigned n = 0;
+
+        assert(m);
+
+        while ((u = m->cleanup_queue)) {
+                assert(u->in_cleanup_queue);
+
+                unit_free(u);
+                n++;
+        }
+
+        return n;
+}
+
+enum {
+        GC_OFFSET_IN_PATH,  /* This one is on the path we were traveling */
+        GC_OFFSET_UNSURE,   /* No clue */
+        GC_OFFSET_GOOD,     /* We still need this unit */
+        GC_OFFSET_BAD,      /* We don't need this unit anymore */
+        _GC_OFFSET_MAX
+};
+
+static void unit_gc_sweep(Unit *u, unsigned gc_marker) {
+        Iterator i;
+        Unit *other;
+        bool is_bad;
+
+        assert(u);
+
+        if (u->gc_marker == gc_marker + GC_OFFSET_GOOD ||
+            u->gc_marker == gc_marker + GC_OFFSET_BAD ||
+            u->gc_marker == gc_marker + GC_OFFSET_IN_PATH)
+                return;
+
+        if (u->in_cleanup_queue)
+                goto bad;
+
+        if (unit_check_gc(u))
+                goto good;
+
+        u->gc_marker = gc_marker + GC_OFFSET_IN_PATH;
+
+        is_bad = true;
+
+        SET_FOREACH(other, u->dependencies[UNIT_REFERENCED_BY], i) {
+                unit_gc_sweep(other, gc_marker);
+
+                if (other->gc_marker == gc_marker + GC_OFFSET_GOOD)
+                        goto good;
+
+                if (other->gc_marker != gc_marker + GC_OFFSET_BAD)
+                        is_bad = false;
+        }
+
+        if (is_bad)
+                goto bad;
+
+        /* We were unable to find anything out about this entry, so
+         * let's investigate it later */
+        u->gc_marker = gc_marker + GC_OFFSET_UNSURE;
+        unit_add_to_gc_queue(u);
+        return;
+
+bad:
+        /* We definitely know that this one is not useful anymore, so
+         * let's mark it for deletion */
+        u->gc_marker = gc_marker + GC_OFFSET_BAD;
+        unit_add_to_cleanup_queue(u);
+        return;
+
+good:
+        u->gc_marker = gc_marker + GC_OFFSET_GOOD;
+}
+
+static unsigned manager_dispatch_gc_queue(Manager *m) {
+        Unit *u;
+        unsigned n = 0;
+        unsigned gc_marker;
+
+        assert(m);
+
+        /* log_debug("Running GC..."); */
+
+        m->gc_marker += _GC_OFFSET_MAX;
+        if (m->gc_marker + _GC_OFFSET_MAX <= _GC_OFFSET_MAX)
+                m->gc_marker = 1;
+
+        gc_marker = m->gc_marker;
+
+        while ((u = m->gc_queue)) {
+                assert(u->in_gc_queue);
+
+                unit_gc_sweep(u, gc_marker);
+
+                LIST_REMOVE(gc_queue, m->gc_queue, u);
+                u->in_gc_queue = false;
+
+                n++;
+
+                if (u->gc_marker == gc_marker + GC_OFFSET_BAD ||
+                    u->gc_marker == gc_marker + GC_OFFSET_UNSURE) {
+                        if (u->id)
+                                log_unit_debug(u, "Collecting.");
+                        u->gc_marker = gc_marker + GC_OFFSET_BAD;
+                        unit_add_to_cleanup_queue(u);
+                }
+        }
+
+        m->n_in_gc_queue = 0;
+
+        return n;
+}
+
+static void manager_clear_jobs_and_units(Manager *m) {
+        Unit *u;
+
+        assert(m);
+
+        while ((u = hashmap_first(m->units)))
+                unit_free(u);
+
+        manager_dispatch_cleanup_queue(m);
+
+        assert(!m->load_queue);
+        assert(!m->run_queue);
+        assert(!m->dbus_unit_queue);
+        assert(!m->dbus_job_queue);
+        assert(!m->cleanup_queue);
+        assert(!m->gc_queue);
+
+        assert(hashmap_isempty(m->jobs));
+        assert(hashmap_isempty(m->units));
+
+        m->n_on_console = 0;
+        m->n_running_jobs = 0;
+}
+
+Manager* manager_free(Manager *m) {
+        UnitType c;
+        int i;
+
+        if (!m)
+                return NULL;
+
+        manager_clear_jobs_and_units(m);
+
+        for (c = 0; c < _UNIT_TYPE_MAX; c++)
+                if (unit_vtable[c]->shutdown)
+                        unit_vtable[c]->shutdown(m);
+
+        /* If we reexecute ourselves, we keep the root cgroup
+         * around */
+        manager_shutdown_cgroup(m, m->exit_code != MANAGER_REEXECUTE);
+
+        lookup_paths_flush_generator(&m->lookup_paths);
+
+        bus_done(m);
+
+        hashmap_free(m->units);
+        hashmap_free(m->jobs);
+        hashmap_free(m->watch_pids1);
+        hashmap_free(m->watch_pids2);
+        hashmap_free(m->watch_bus);
+
+        set_free(m->startup_units);
+        set_free(m->failed_units);
+
+        sd_event_source_unref(m->signal_event_source);
+        sd_event_source_unref(m->notify_event_source);
+        sd_event_source_unref(m->cgroups_agent_event_source);
+        sd_event_source_unref(m->time_change_event_source);
+        sd_event_source_unref(m->jobs_in_progress_event_source);
+        sd_event_source_unref(m->run_queue_event_source);
+
+        safe_close(m->signal_fd);
+        safe_close(m->notify_fd);
+        safe_close(m->cgroups_agent_fd);
+        safe_close(m->time_change_fd);
+        safe_close(m->kdbus_fd);
+
+        manager_close_ask_password(m);
+
+        manager_close_idle_pipe(m);
+
+        udev_unref(m->udev);
+        sd_event_unref(m->event);
+
+        free(m->notify_socket);
+
+        lookup_paths_free(&m->lookup_paths);
+        strv_free(m->environment);
+
+        hashmap_free(m->cgroup_unit);
+        set_free_free(m->unit_path_cache);
+
+        free(m->switch_root);
+        free(m->switch_root_init);
+
+        for (i = 0; i < _RLIMIT_MAX; i++)
+                m->rlimit[i] = mfree(m->rlimit[i]);
+
+        assert(hashmap_isempty(m->units_requiring_mounts_for));
+        hashmap_free(m->units_requiring_mounts_for);
+
+        free(m);
+        return NULL;
+}
+
+void manager_enumerate(Manager *m) {
+        UnitType c;
+
+        assert(m);
+
+        /* Let's ask every type to load all units from disk/kernel
+         * that it might know */
+        for (c = 0; c < _UNIT_TYPE_MAX; c++) {
+                if (!unit_type_supported(c)) {
+                        log_debug("Unit type .%s is not supported on this system.", unit_type_to_string(c));
+                        continue;
+                }
+
+                if (!unit_vtable[c]->enumerate)
+                        continue;
+
+                unit_vtable[c]->enumerate(m);
+        }
+
+        manager_dispatch_load_queue(m);
+}
+
+static void manager_coldplug(Manager *m) {
+        Iterator i;
+        Unit *u;
+        char *k;
+        int r;
+
+        assert(m);
+
+        /* Then, let's set up their initial state. */
+        HASHMAP_FOREACH_KEY(u, k, m->units, i) {
+
+                /* ignore aliases */
+                if (u->id != k)
+                        continue;
+
+                r = unit_coldplug(u);
+                if (r < 0)
+                        log_warning_errno(r, "We couldn't coldplug %s, proceeding anyway: %m", u->id);
+        }
+}
+
+static void manager_build_unit_path_cache(Manager *m) {
+        char **i;
+        int r;
+
+        assert(m);
+
+        set_free_free(m->unit_path_cache);
+
+        m->unit_path_cache = set_new(&string_hash_ops);
+        if (!m->unit_path_cache) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        /* This simply builds a list of files we know exist, so that
+         * we don't always have to go to disk */
+
+        STRV_FOREACH(i, m->lookup_paths.search_path) {
+                _cleanup_closedir_ DIR *d = NULL;
+                struct dirent *de;
+
+                d = opendir(*i);
+                if (!d) {
+                        if (errno != ENOENT)
+                                log_warning_errno(errno, "Failed to open directory %s, ignoring: %m", *i);
+                        continue;
+                }
+
+                FOREACH_DIRENT(de, d, r = -errno; goto fail) {
+                        char *p;
+
+                        p = strjoin(streq(*i, "/") ? "" : *i, "/", de->d_name, NULL);
+                        if (!p) {
+                                r = -ENOMEM;
+                                goto fail;
+                        }
+
+                        r = set_consume(m->unit_path_cache, p);
+                        if (r < 0)
+                                goto fail;
+                }
+        }
+
+        return;
+
+fail:
+        log_warning_errno(r, "Failed to build unit path cache, proceeding without: %m");
+        m->unit_path_cache = set_free_free(m->unit_path_cache);
+}
+
+static void manager_distribute_fds(Manager *m, FDSet *fds) {
+        Iterator i;
+        Unit *u;
+
+        assert(m);
+
+        HASHMAP_FOREACH(u, m->units, i) {
+
+                if (fdset_size(fds) <= 0)
+                        break;
+
+                if (!UNIT_VTABLE(u)->distribute_fds)
+                        continue;
+
+                UNIT_VTABLE(u)->distribute_fds(u, fds);
+        }
+}
+
+int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
+        int r, q;
+
+        assert(m);
+
+        r = lookup_paths_init(&m->lookup_paths, m->unit_file_scope, 0, NULL);
+        if (r < 0)
+                return r;
+
+        /* Make sure the transient directory always exists, so that it remains in the search path */
+        r = mkdir_p_label(m->lookup_paths.transient, 0755);
+        if (r < 0)
+                return r;
+
+        dual_timestamp_get(&m->generators_start_timestamp);
+        r = manager_run_generators(m);
+        dual_timestamp_get(&m->generators_finish_timestamp);
+        if (r < 0)
+                return r;
+
+        lookup_paths_reduce(&m->lookup_paths);
+        manager_build_unit_path_cache(m);
+
+        /* If we will deserialize make sure that during enumeration
+         * this is already known, so we increase the counter here
+         * already */
+        if (serialization)
+                m->n_reloading++;
+
+        /* First, enumerate what we can from all config files */
+        dual_timestamp_get(&m->units_load_start_timestamp);
+        manager_enumerate(m);
+        dual_timestamp_get(&m->units_load_finish_timestamp);
+
+        /* Second, deserialize if there is something to deserialize */
+        if (serialization)
+                r = manager_deserialize(m, serialization, fds);
+
+        /* Any fds left? Find some unit which wants them. This is
+         * useful to allow container managers to pass some file
+         * descriptors to us pre-initialized. This enables
+         * socket-based activation of entire containers. */
+        manager_distribute_fds(m, fds);
+
+        /* We might have deserialized the notify fd, but if we didn't
+         * then let's create the bus now */
+        q = manager_setup_notify(m);
+        if (q < 0 && r == 0)
+                r = q;
+
+        q = manager_setup_cgroups_agent(m);
+        if (q < 0 && r == 0)
+                r = q;
+
+        /* We might have deserialized the kdbus control fd, but if we
+         * didn't, then let's create the bus now. */
+        manager_setup_kdbus(m);
+        manager_connect_bus(m, !!serialization);
+        bus_track_coldplug(m, &m->subscribed, &m->deserialized_subscribed);
+
+        /* Third, fire things up! */
+        manager_coldplug(m);
+
+        if (serialization) {
+                assert(m->n_reloading > 0);
+                m->n_reloading--;
+
+                /* Let's wait for the UnitNew/JobNew messages being
+                 * sent, before we notify that the reload is
+                 * finished */
+                m->send_reloading_done = true;
+        }
+
+        return r;
+}
+
+int manager_add_job(Manager *m, JobType type, Unit *unit, JobMode mode, sd_bus_error *e, Job **_ret) {
+        int r;
+        Transaction *tr;
+
+        assert(m);
+        assert(type < _JOB_TYPE_MAX);
+        assert(unit);
+        assert(mode < _JOB_MODE_MAX);
+
+        if (mode == JOB_ISOLATE && type != JOB_START)
+                return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Isolate is only valid for start.");
+
+        if (mode == JOB_ISOLATE && !unit->allow_isolate)
+                return sd_bus_error_setf(e, BUS_ERROR_NO_ISOLATION, "Operation refused, unit may not be isolated.");
+
+        log_unit_debug(unit, "Trying to enqueue job %s/%s/%s", unit->id, job_type_to_string(type), job_mode_to_string(mode));
+
+        type = job_type_collapse(type, unit);
+
+        tr = transaction_new(mode == JOB_REPLACE_IRREVERSIBLY);
+        if (!tr)
+                return -ENOMEM;
+
+        r = transaction_add_job_and_dependencies(tr, type, unit, NULL, true, false,
+                                                 mode == JOB_IGNORE_DEPENDENCIES || mode == JOB_IGNORE_REQUIREMENTS,
+                                                 mode == JOB_IGNORE_DEPENDENCIES, e);
+        if (r < 0)
+                goto tr_abort;
+
+        if (mode == JOB_ISOLATE) {
+                r = transaction_add_isolate_jobs(tr, m);
+                if (r < 0)
+                        goto tr_abort;
+        }
+
+        r = transaction_activate(tr, m, mode, e);
+        if (r < 0)
+                goto tr_abort;
+
+        log_unit_debug(unit,
+                       "Enqueued job %s/%s as %u", unit->id,
+                       job_type_to_string(type), (unsigned) tr->anchor_job->id);
+
+        if (_ret)
+                *_ret = tr->anchor_job;
+
+        transaction_free(tr);
+        return 0;
+
+tr_abort:
+        transaction_abort(tr);
+        transaction_free(tr);
+        return r;
+}
+
+int manager_add_job_by_name(Manager *m, JobType type, const char *name, JobMode mode, sd_bus_error *e, Job **ret) {
+        Unit *unit;
+        int r;
+
+        assert(m);
+        assert(type < _JOB_TYPE_MAX);
+        assert(name);
+        assert(mode < _JOB_MODE_MAX);
+
+        r = manager_load_unit(m, name, NULL, NULL, &unit);
+        if (r < 0)
+                return r;
+
+        return manager_add_job(m, type, unit, mode, e, ret);
+}
+
+int manager_add_job_by_name_and_warn(Manager *m, JobType type, const char *name, JobMode mode, Job **ret) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(m);
+        assert(type < _JOB_TYPE_MAX);
+        assert(name);
+        assert(mode < _JOB_MODE_MAX);
+
+        r = manager_add_job_by_name(m, type, name, mode, &error, ret);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to enqueue %s job for %s: %s", job_mode_to_string(mode), name, bus_error_message(&error, r));
+
+        return r;
+}
+
+Job *manager_get_job(Manager *m, uint32_t id) {
+        assert(m);
+
+        return hashmap_get(m->jobs, UINT32_TO_PTR(id));
+}
+
+Unit *manager_get_unit(Manager *m, const char *name) {
+        assert(m);
+        assert(name);
+
+        return hashmap_get(m->units, name);
+}
+
+unsigned manager_dispatch_load_queue(Manager *m) {
+        Unit *u;
+        unsigned n = 0;
+
+        assert(m);
+
+        /* Make sure we are not run recursively */
+        if (m->dispatching_load_queue)
+                return 0;
+
+        m->dispatching_load_queue = true;
+
+        /* Dispatches the load queue. Takes a unit from the queue and
+         * tries to load its data until the queue is empty */
+
+        while ((u = m->load_queue)) {
+                assert(u->in_load_queue);
+
+                unit_load(u);
+                n++;
+        }
+
+        m->dispatching_load_queue = false;
+        return n;
+}
+
+int manager_load_unit_prepare(
+                Manager *m,
+                const char *name,
+                const char *path,
+                sd_bus_error *e,
+                Unit **_ret) {
+
+        Unit *ret;
+        UnitType t;
+        int r;
+
+        assert(m);
+        assert(name || path);
+
+        /* This will prepare the unit for loading, but not actually
+         * load anything from disk. */
+
+        if (path && !is_path(path))
+                return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute.", path);
+
+        if (!name)
+                name = basename(path);
+
+        t = unit_name_to_type(name);
+
+        if (t == _UNIT_TYPE_INVALID || !unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) {
+                if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE))
+                        return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is missing the instance name.", name);
+
+                return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is not valid.", name);
+        }
+
+        ret = manager_get_unit(m, name);
+        if (ret) {
+                *_ret = ret;
+                return 1;
+        }
+
+        ret = unit_new(m, unit_vtable[t]->object_size);
+        if (!ret)
+                return -ENOMEM;
+
+        if (path) {
+                ret->fragment_path = strdup(path);
+                if (!ret->fragment_path) {
+                        unit_free(ret);
+                        return -ENOMEM;
+                }
+        }
+
+        r = unit_add_name(ret, name);
+        if (r < 0) {
+                unit_free(ret);
+                return r;
+        }
+
+        unit_add_to_load_queue(ret);
+        unit_add_to_dbus_queue(ret);
+        unit_add_to_gc_queue(ret);
+
+        if (_ret)
+                *_ret = ret;
+
+        return 0;
+}
+
+int manager_load_unit(
+                Manager *m,
+                const char *name,
+                const char *path,
+                sd_bus_error *e,
+                Unit **_ret) {
+
+        int r;
+
+        assert(m);
+
+        /* This will load the service information files, but not actually
+         * start any services or anything. */
+
+        r = manager_load_unit_prepare(m, name, path, e, _ret);
+        if (r != 0)
+                return r;
+
+        manager_dispatch_load_queue(m);
+
+        if (_ret)
+                *_ret = unit_follow_merge(*_ret);
+
+        return 0;
+}
+
+void manager_dump_jobs(Manager *s, FILE *f, const char *prefix) {
+        Iterator i;
+        Job *j;
+
+        assert(s);
+        assert(f);
+
+        HASHMAP_FOREACH(j, s->jobs, i)
+                job_dump(j, f, prefix);
+}
+
+void manager_dump_units(Manager *s, FILE *f, const char *prefix) {
+        Iterator i;
+        Unit *u;
+        const char *t;
+
+        assert(s);
+        assert(f);
+
+        HASHMAP_FOREACH_KEY(u, t, s->units, i)
+                if (u->id == t)
+                        unit_dump(u, f, prefix);
+}
+
+void manager_clear_jobs(Manager *m) {
+        Job *j;
+
+        assert(m);
+
+        while ((j = hashmap_first(m->jobs)))
+                /* No need to recurse. We're cancelling all jobs. */
+                job_finish_and_invalidate(j, JOB_CANCELED, false, false);
+}
+
+static int manager_dispatch_run_queue(sd_event_source *source, void *userdata) {
+        Manager *m = userdata;
+        Job *j;
+
+        assert(source);
+        assert(m);
+
+        while ((j = m->run_queue)) {
+                assert(j->installed);
+                assert(j->in_run_queue);
+
+                job_run_and_invalidate(j);
+        }
+
+        if (m->n_running_jobs > 0)
+                manager_watch_jobs_in_progress(m);
+
+        if (m->n_on_console > 0)
+                manager_watch_idle_pipe(m);
+
+        return 1;
+}
+
+static unsigned manager_dispatch_dbus_queue(Manager *m) {
+        Job *j;
+        Unit *u;
+        unsigned n = 0;
+
+        assert(m);
+
+        if (m->dispatching_dbus_queue)
+                return 0;
+
+        m->dispatching_dbus_queue = true;
+
+        while ((u = m->dbus_unit_queue)) {
+                assert(u->in_dbus_queue);
+
+                bus_unit_send_change_signal(u);
+                n++;
+        }
+
+        while ((j = m->dbus_job_queue)) {
+                assert(j->in_dbus_queue);
+
+                bus_job_send_change_signal(j);
+                n++;
+        }
+
+        m->dispatching_dbus_queue = false;
+
+        if (m->send_reloading_done) {
+                m->send_reloading_done = false;
+
+                bus_manager_send_reloading(m, false);
+        }
+
+        if (m->queued_message)
+                bus_send_queued_message(m);
+
+        return n;
+}
+
+static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+        char buf[PATH_MAX+1];
+        ssize_t n;
+
+        n = recv(fd, buf, sizeof(buf), 0);
+        if (n < 0)
+                return log_error_errno(errno, "Failed to read cgroups agent message: %m");
+        if (n == 0) {
+                log_error("Got zero-length cgroups agent message, ignoring.");
+                return 0;
+        }
+        if ((size_t) n >= sizeof(buf)) {
+                log_error("Got overly long cgroups agent message, ignoring.");
+                return 0;
+        }
+
+        if (memchr(buf, 0, n)) {
+                log_error("Got cgroups agent message with embedded NUL byte, ignoring.");
+                return 0;
+        }
+        buf[n] = 0;
+
+        manager_notify_cgroup_empty(m, buf);
+        bus_forward_agent_released(m, buf);
+
+        return 0;
+}
+
+static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
+        _cleanup_strv_free_ char **tags = NULL;
+
+        assert(m);
+        assert(u);
+        assert(buf);
+        assert(n > 0);
+
+        tags = strv_split(buf, "\n\r");
+        if (!tags) {
+                log_oom();
+                return;
+        }
+
+        if (UNIT_VTABLE(u)->notify_message)
+                UNIT_VTABLE(u)->notify_message(u, pid, tags, fds);
+        else
+                log_unit_debug(u, "Got notification message for unit. Ignoring.");
+}
+
+static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        _cleanup_fdset_free_ FDSet *fds = NULL;
+        Manager *m = userdata;
+
+        char buf[NOTIFY_BUFFER_MAX+1];
+        struct iovec iovec = {
+                .iov_base = buf,
+                .iov_len = sizeof(buf)-1,
+        };
+        union {
+                struct cmsghdr cmsghdr;
+                uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
+                            CMSG_SPACE(sizeof(int) * NOTIFY_FD_MAX)];
+        } control = {};
+        struct msghdr msghdr = {
+                .msg_iov = &iovec,
+                .msg_iovlen = 1,
+                .msg_control = &control,
+                .msg_controllen = sizeof(control),
+        };
+
+        struct cmsghdr *cmsg;
+        struct ucred *ucred = NULL;
+        bool found = false;
+        Unit *u1, *u2, *u3;
+        int r, *fd_array = NULL;
+        unsigned n_fds = 0;
+        ssize_t n;
+
+        assert(m);
+        assert(m->notify_fd == fd);
+
+        if (revents != EPOLLIN) {
+                log_warning("Got unexpected poll event for notify fd.");
+                return 0;
+        }
+
+        n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+        if (n < 0) {
+                if (errno == EAGAIN || errno == EINTR)
+                        return 0;
+
+                return -errno;
+        }
+
+        CMSG_FOREACH(cmsg, &msghdr) {
+                if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+
+                        fd_array = (int*) CMSG_DATA(cmsg);
+                        n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
+
+                } else if (cmsg->cmsg_level == SOL_SOCKET &&
+                           cmsg->cmsg_type == SCM_CREDENTIALS &&
+                           cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+
+                        ucred = (struct ucred*) CMSG_DATA(cmsg);
+                }
+        }
+
+        if (n_fds > 0) {
+                assert(fd_array);
+
+                r = fdset_new_array(&fds, fd_array, n_fds);
+                if (r < 0) {
+                        close_many(fd_array, n_fds);
+                        return log_oom();
+                }
+        }
+
+        if (!ucred || ucred->pid <= 0) {
+                log_warning("Received notify message without valid credentials. Ignoring.");
+                return 0;
+        }
+
+        if ((size_t) n >= sizeof(buf)) {
+                log_warning("Received notify message exceeded maximum size. Ignoring.");
+                return 0;
+        }
+
+        buf[n] = 0;
+
+        /* Notify every unit that might be interested, but try
+         * to avoid notifying the same one multiple times. */
+        u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
+        if (u1) {
+                manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
+                found = true;
+        }
+
+        u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
+        if (u2 && u2 != u1) {
+                manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
+                found = true;
+        }
+
+        u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
+        if (u3 && u3 != u2 && u3 != u1) {
+                manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
+                found = true;
+        }
+
+        if (!found)
+                log_warning("Cannot find unit for notify message of PID "PID_FMT".", ucred->pid);
+
+        if (fdset_size(fds) > 0)
+                log_warning("Got auxiliary fds with notification message, closing all.");
+
+        return 0;
+}
+
+static void invoke_sigchld_event(Manager *m, Unit *u, const siginfo_t *si) {
+        assert(m);
+        assert(u);
+        assert(si);
+
+        log_unit_debug(u, "Child "PID_FMT" belongs to %s", si->si_pid, u->id);
+
+        unit_unwatch_pid(u, si->si_pid);
+
+        if (UNIT_VTABLE(u)->sigchld_event)
+                UNIT_VTABLE(u)->sigchld_event(u, si->si_pid, si->si_code, si->si_status);
+}
+
+static int manager_dispatch_sigchld(Manager *m) {
+        assert(m);
+
+        for (;;) {
+                siginfo_t si = {};
+
+                /* First we call waitd() for a PID and do not reap the
+                 * zombie. That way we can still access /proc/$PID for
+                 * it while it is a zombie. */
+                if (waitid(P_ALL, 0, &si, WEXITED|WNOHANG|WNOWAIT) < 0) {
+
+                        if (errno == ECHILD)
+                                break;
+
+                        if (errno == EINTR)
+                                continue;
+
+                        return -errno;
+                }
+
+                if (si.si_pid <= 0)
+                        break;
+
+                if (si.si_code == CLD_EXITED || si.si_code == CLD_KILLED || si.si_code == CLD_DUMPED) {
+                        _cleanup_free_ char *name = NULL;
+                        Unit *u1, *u2, *u3;
+
+                        get_process_comm(si.si_pid, &name);
+
+                        log_debug("Child "PID_FMT" (%s) died (code=%s, status=%i/%s)",
+                                  si.si_pid, strna(name),
+                                  sigchld_code_to_string(si.si_code),
+                                  si.si_status,
+                                  strna(si.si_code == CLD_EXITED
+                                        ? exit_status_to_string(si.si_status, EXIT_STATUS_FULL)
+                                        : signal_to_string(si.si_status)));
+
+                        /* And now figure out the unit this belongs
+                         * to, it might be multiple... */
+                        u1 = manager_get_unit_by_pid_cgroup(m, si.si_pid);
+                        if (u1)
+                                invoke_sigchld_event(m, u1, &si);
+                        u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(si.si_pid));
+                        if (u2 && u2 != u1)
+                                invoke_sigchld_event(m, u2, &si);
+                        u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(si.si_pid));
+                        if (u3 && u3 != u2 && u3 != u1)
+                                invoke_sigchld_event(m, u3, &si);
+                }
+
+                /* And now, we actually reap the zombie. */
+                if (waitid(P_PID, si.si_pid, &si, WEXITED) < 0) {
+                        if (errno == EINTR)
+                                continue;
+
+                        return -errno;
+                }
+        }
+
+        return 0;
+}
+
+static int manager_start_target(Manager *m, const char *name, JobMode mode) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        log_debug("Activating special unit %s", name);
+
+        r = manager_add_job_by_name(m, JOB_START, name, mode, &error, NULL);
+        if (r < 0)
+                log_error("Failed to enqueue %s job: %s", name, bus_error_message(&error, r));
+
+        return r;
+}
+
+static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+        ssize_t n;
+        struct signalfd_siginfo sfsi;
+        bool sigchld = false;
+        int r;
+
+        assert(m);
+        assert(m->signal_fd == fd);
+
+        if (revents != EPOLLIN) {
+                log_warning("Got unexpected events from signal file descriptor.");
+                return 0;
+        }
+
+        for (;;) {
+                n = read(m->signal_fd, &sfsi, sizeof(sfsi));
+                if (n != sizeof(sfsi)) {
+
+                        if (n >= 0)
+                                return -EIO;
+
+                        if (errno == EINTR || errno == EAGAIN)
+                                break;
+
+                        return -errno;
+                }
+
+                log_received_signal(sfsi.ssi_signo == SIGCHLD ||
+                                    (sfsi.ssi_signo == SIGTERM && MANAGER_IS_USER(m))
+                                    ? LOG_DEBUG : LOG_INFO,
+                                    &sfsi);
+
+                switch (sfsi.ssi_signo) {
+
+                case SIGCHLD:
+                        sigchld = true;
+                        break;
+
+                case SIGTERM:
+                        if (MANAGER_IS_SYSTEM(m)) {
+                                /* This is for compatibility with the
+                                 * original sysvinit */
+                                m->exit_code = MANAGER_REEXECUTE;
+                                break;
+                        }
+
+                        /* Fall through */
+
+                case SIGINT:
+                        if (MANAGER_IS_SYSTEM(m)) {
+
+                                /* If the user presses C-A-D more than
+                                 * 7 times within 2s, we reboot
+                                 * immediately. */
+
+                                if (ratelimit_test(&m->ctrl_alt_del_ratelimit))
+                                        manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
+                                else {
+                                        log_notice("Ctrl-Alt-Del was pressed more than 7 times within 2s, rebooting immediately.");
+                                        status_printf(NULL, true, false, "Ctrl-Alt-Del was pressed more than 7 times within 2s, rebooting immediately.");
+                                        m->exit_code = MANAGER_REBOOT;
+                                }
+
+                                break;
+                        }
+
+                        /* Run the exit target if there is one, if not, just exit. */
+                        if (manager_start_target(m, SPECIAL_EXIT_TARGET, JOB_REPLACE) < 0) {
+                                m->exit_code = MANAGER_EXIT;
+                                return 0;
+                        }
+
+                        break;
+
+                case SIGWINCH:
+                        if (MANAGER_IS_SYSTEM(m))
+                                manager_start_target(m, SPECIAL_KBREQUEST_TARGET, JOB_REPLACE);
+
+                        /* This is a nop on non-init */
+                        break;
+
+                case SIGPWR:
+                        if (MANAGER_IS_SYSTEM(m))
+                                manager_start_target(m, SPECIAL_SIGPWR_TARGET, JOB_REPLACE);
+
+                        /* This is a nop on non-init */
+                        break;
+
+                case SIGUSR1: {
+                        Unit *u;
+
+                        u = manager_get_unit(m, SPECIAL_DBUS_SERVICE);
+
+                        if (!u || UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u))) {
+                                log_info("Trying to reconnect to bus...");
+                                bus_init(m, true);
+                        }
+
+                        if (!u || !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u))) {
+                                log_info("Loading D-Bus service...");
+                                manager_start_target(m, SPECIAL_DBUS_SERVICE, JOB_REPLACE);
+                        }
+
+                        break;
+                }
+
+                case SIGUSR2: {
+                        _cleanup_free_ char *dump = NULL;
+                        _cleanup_fclose_ FILE *f = NULL;
+                        size_t size;
+
+                        f = open_memstream(&dump, &size);
+                        if (!f) {
+                                log_warning_errno(errno, "Failed to allocate memory stream: %m");
+                                break;
+                        }
+
+                        manager_dump_units(m, f, "\t");
+                        manager_dump_jobs(m, f, "\t");
+
+                        r = fflush_and_check(f);
+                        if (r < 0) {
+                                log_warning_errno(r, "Failed to write status stream: %m");
+                                break;
+                        }
+
+                        log_dump(LOG_INFO, dump);
+                        break;
+                }
+
+                case SIGHUP:
+                        m->exit_code = MANAGER_RELOAD;
+                        break;
+
+                default: {
+
+                        /* Starting SIGRTMIN+0 */
+                        static const char * const target_table[] = {
+                                [0] = SPECIAL_DEFAULT_TARGET,
+                                [1] = SPECIAL_RESCUE_TARGET,
+                                [2] = SPECIAL_EMERGENCY_TARGET,
+                                [3] = SPECIAL_HALT_TARGET,
+                                [4] = SPECIAL_POWEROFF_TARGET,
+                                [5] = SPECIAL_REBOOT_TARGET,
+                                [6] = SPECIAL_KEXEC_TARGET
+                        };
+
+                        /* Starting SIGRTMIN+13, so that target halt and system halt are 10 apart */
+                        static const ManagerExitCode code_table[] = {
+                                [0] = MANAGER_HALT,
+                                [1] = MANAGER_POWEROFF,
+                                [2] = MANAGER_REBOOT,
+                                [3] = MANAGER_KEXEC
+                        };
+
+                        if ((int) sfsi.ssi_signo >= SIGRTMIN+0 &&
+                            (int) sfsi.ssi_signo < SIGRTMIN+(int) ELEMENTSOF(target_table)) {
+                                int idx = (int) sfsi.ssi_signo - SIGRTMIN;
+                                manager_start_target(m, target_table[idx],
+                                                     (idx == 1 || idx == 2) ? JOB_ISOLATE : JOB_REPLACE);
+                                break;
+                        }
+
+                        if ((int) sfsi.ssi_signo >= SIGRTMIN+13 &&
+                            (int) sfsi.ssi_signo < SIGRTMIN+13+(int) ELEMENTSOF(code_table)) {
+                                m->exit_code = code_table[sfsi.ssi_signo - SIGRTMIN - 13];
+                                break;
+                        }
+
+                        switch (sfsi.ssi_signo - SIGRTMIN) {
+
+                        case 20:
+                                manager_set_show_status(m, SHOW_STATUS_YES);
+                                break;
+
+                        case 21:
+                                manager_set_show_status(m, SHOW_STATUS_NO);
+                                break;
+
+                        case 22:
+                                log_set_max_level(LOG_DEBUG);
+                                log_info("Setting log level to debug.");
+                                break;
+
+                        case 23:
+                                log_set_max_level(LOG_INFO);
+                                log_info("Setting log level to info.");
+                                break;
+
+                        case 24:
+                                if (MANAGER_IS_USER(m)) {
+                                        m->exit_code = MANAGER_EXIT;
+                                        return 0;
+                                }
+
+                                /* This is a nop on init */
+                                break;
+
+                        case 26:
+                        case 29: /* compatibility: used to be mapped to LOG_TARGET_SYSLOG_OR_KMSG */
+                                log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
+                                log_notice("Setting log target to journal-or-kmsg.");
+                                break;
+
+                        case 27:
+                                log_set_target(LOG_TARGET_CONSOLE);
+                                log_notice("Setting log target to console.");
+                                break;
+
+                        case 28:
+                                log_set_target(LOG_TARGET_KMSG);
+                                log_notice("Setting log target to kmsg.");
+                                break;
+
+                        default:
+                                log_warning("Got unhandled signal <%s>.", signal_to_string(sfsi.ssi_signo));
+                        }
+                }
+                }
+        }
+
+        if (sigchld)
+                manager_dispatch_sigchld(m);
+
+        return 0;
+}
+
+static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+        Iterator i;
+        Unit *u;
+
+        assert(m);
+        assert(m->time_change_fd == fd);
+
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(SD_MESSAGE_TIME_CHANGE),
+                   LOG_MESSAGE("Time has been changed"),
+                   NULL);
+
+        /* Restart the watch */
+        m->time_change_event_source = sd_event_source_unref(m->time_change_event_source);
+        m->time_change_fd = safe_close(m->time_change_fd);
+
+        manager_setup_time_change(m);
+
+        HASHMAP_FOREACH(u, m->units, i)
+                if (UNIT_VTABLE(u)->time_change)
+                        UNIT_VTABLE(u)->time_change(u);
+
+        return 0;
+}
+
+static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+
+        assert(m);
+        assert(m->idle_pipe[2] == fd);
+
+        m->no_console_output = m->n_on_console > 0;
+
+        manager_close_idle_pipe(m);
+
+        return 0;
+}
+
+static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata) {
+        Manager *m = userdata;
+        int r;
+        uint64_t next;
+
+        assert(m);
+        assert(source);
+
+        manager_print_jobs_in_progress(m);
+
+        next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_PERIOD_USEC;
+        r = sd_event_source_set_time(source, next);
+        if (r < 0)
+                return r;
+
+        return sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
+}
+
+int manager_loop(Manager *m) {
+        int r;
+
+        RATELIMIT_DEFINE(rl, 1*USEC_PER_SEC, 50000);
+
+        assert(m);
+        m->exit_code = MANAGER_OK;
+
+        /* Release the path cache */
+        m->unit_path_cache = set_free_free(m->unit_path_cache);
+
+        manager_check_finished(m);
+
+        /* There might still be some zombies hanging around from
+         * before we were exec()'ed. Let's reap them. */
+        r = manager_dispatch_sigchld(m);
+        if (r < 0)
+                return r;
+
+        while (m->exit_code == MANAGER_OK) {
+                usec_t wait_usec;
+
+                if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m))
+                        watchdog_ping();
+
+                if (!ratelimit_test(&rl)) {
+                        /* Yay, something is going seriously wrong, pause a little */
+                        log_warning("Looping too fast. Throttling execution a little.");
+                        sleep(1);
+                }
+
+                if (manager_dispatch_load_queue(m) > 0)
+                        continue;
+
+                if (manager_dispatch_gc_queue(m) > 0)
+                        continue;
+
+                if (manager_dispatch_cleanup_queue(m) > 0)
+                        continue;
+
+                if (manager_dispatch_cgroup_queue(m) > 0)
+                        continue;
+
+                if (manager_dispatch_dbus_queue(m) > 0)
+                        continue;
+
+                /* Sleep for half the watchdog time */
+                if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m)) {
+                        wait_usec = m->runtime_watchdog / 2;
+                        if (wait_usec <= 0)
+                                wait_usec = 1;
+                } else
+                        wait_usec = USEC_INFINITY;
+
+                r = sd_event_run(m->event, wait_usec);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to run event loop: %m");
+        }
+
+        return m->exit_code;
+}
+
+int manager_load_unit_from_dbus_path(Manager *m, const char *s, sd_bus_error *e, Unit **_u) {
+        _cleanup_free_ char *n = NULL;
+        Unit *u;
+        int r;
+
+        assert(m);
+        assert(s);
+        assert(_u);
+
+        r = unit_name_from_dbus_path(s, &n);
+        if (r < 0)
+                return r;
+
+        r = manager_load_unit(m, n, NULL, e, &u);
+        if (r < 0)
+                return r;
+
+        *_u = u;
+
+        return 0;
+}
+
+int manager_get_job_from_dbus_path(Manager *m, const char *s, Job **_j) {
+        const char *p;
+        unsigned id;
+        Job *j;
+        int r;
+
+        assert(m);
+        assert(s);
+        assert(_j);
+
+        p = startswith(s, "/org/freedesktop/systemd1/job/");
+        if (!p)
+                return -EINVAL;
+
+        r = safe_atou(p, &id);
+        if (r < 0)
+                return r;
+
+        j = manager_get_job(m, id);
+        if (!j)
+                return -ENOENT;
+
+        *_j = j;
+
+        return 0;
+}
+
+void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
+
+#ifdef HAVE_AUDIT
+        _cleanup_free_ char *p = NULL;
+        const char *msg;
+        int audit_fd, r;
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return;
+
+        audit_fd = get_audit_fd();
+        if (audit_fd < 0)
+                return;
+
+        /* Don't generate audit events if the service was already
+         * started and we're just deserializing */
+        if (MANAGER_IS_RELOADING(m))
+                return;
+
+        if (u->type != UNIT_SERVICE)
+                return;
+
+        r = unit_name_to_prefix_and_instance(u->id, &p);
+        if (r < 0) {
+                log_error_errno(r, "Failed to extract prefix and instance of unit name: %m");
+                return;
+        }
+
+        msg = strjoina("unit=", p);
+        if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
+                if (errno == EPERM)
+                        /* We aren't allowed to send audit messages?
+                         * Then let's not retry again. */
+                        close_audit_fd();
+                else
+                        log_warning_errno(errno, "Failed to send audit message: %m");
+        }
+#endif
+
+}
+
+void manager_send_unit_plymouth(Manager *m, Unit *u) {
+        static const union sockaddr_union sa = PLYMOUTH_SOCKET;
+        _cleanup_free_ char *message = NULL;
+        _cleanup_close_ int fd = -1;
+        int n = 0;
+
+        /* Don't generate plymouth events if the service was already
+         * started and we're just deserializing */
+        if (MANAGER_IS_RELOADING(m))
+                return;
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return;
+
+        if (detect_container() > 0)
+                return;
+
+        if (u->type != UNIT_SERVICE &&
+            u->type != UNIT_MOUNT &&
+            u->type != UNIT_SWAP)
+                return;
+
+        /* We set SOCK_NONBLOCK here so that we rather drop the
+         * message then wait for plymouth */
+        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+        if (fd < 0) {
+                log_error_errno(errno, "socket() failed: %m");
+                return;
+        }
+
+        if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
+
+                if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
+                        log_error_errno(errno, "connect() failed: %m");
+                return;
+        }
+
+        if (asprintf(&message, "U\002%c%s%n", (int) (strlen(u->id) + 1), u->id, &n) < 0) {
+                log_oom();
+                return;
+        }
+
+        errno = 0;
+        if (write(fd, message, n + 1) != n + 1)
+                if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
+                        log_error_errno(errno, "Failed to write Plymouth message: %m");
+}
+
+int manager_open_serialization(Manager *m, FILE **_f) {
+        const char *path;
+        int fd = -1;
+        FILE *f;
+
+        assert(_f);
+
+        path = MANAGER_IS_SYSTEM(m) ? "/run/systemd" : "/tmp";
+        fd = open_tmpfile_unlinkable(path, O_RDWR|O_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        log_debug("Serializing state to %s", path);
+
+        f = fdopen(fd, "w+");
+        if (!f) {
+                safe_close(fd);
+                return -errno;
+        }
+
+        *_f = f;
+
+        return 0;
+}
+
+int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
+        Iterator i;
+        Unit *u;
+        const char *t;
+        char **e;
+        int r;
+
+        assert(m);
+        assert(f);
+        assert(fds);
+
+        m->n_reloading++;
+
+        fprintf(f, "current-job-id=%"PRIu32"\n", m->current_job_id);
+        fprintf(f, "taint-usr=%s\n", yes_no(m->taint_usr));
+        fprintf(f, "n-installed-jobs=%u\n", m->n_installed_jobs);
+        fprintf(f, "n-failed-jobs=%u\n", m->n_failed_jobs);
+
+        dual_timestamp_serialize(f, "firmware-timestamp", &m->firmware_timestamp);
+        dual_timestamp_serialize(f, "loader-timestamp", &m->loader_timestamp);
+        dual_timestamp_serialize(f, "kernel-timestamp", &m->kernel_timestamp);
+        dual_timestamp_serialize(f, "initrd-timestamp", &m->initrd_timestamp);
+
+        if (!in_initrd()) {
+                dual_timestamp_serialize(f, "userspace-timestamp", &m->userspace_timestamp);
+                dual_timestamp_serialize(f, "finish-timestamp", &m->finish_timestamp);
+                dual_timestamp_serialize(f, "security-start-timestamp", &m->security_start_timestamp);
+                dual_timestamp_serialize(f, "security-finish-timestamp", &m->security_finish_timestamp);
+                dual_timestamp_serialize(f, "generators-start-timestamp", &m->generators_start_timestamp);
+                dual_timestamp_serialize(f, "generators-finish-timestamp", &m->generators_finish_timestamp);
+                dual_timestamp_serialize(f, "units-load-start-timestamp", &m->units_load_start_timestamp);
+                dual_timestamp_serialize(f, "units-load-finish-timestamp", &m->units_load_finish_timestamp);
+        }
+
+        if (!switching_root) {
+                STRV_FOREACH(e, m->environment) {
+                        _cleanup_free_ char *ce;
+
+                        ce = cescape(*e);
+                        if (!ce)
+                                return -ENOMEM;
+
+                        fprintf(f, "env=%s\n", *e);
+                }
+        }
+
+        if (m->notify_fd >= 0) {
+                int copy;
+
+                copy = fdset_put_dup(fds, m->notify_fd);
+                if (copy < 0)
+                        return copy;
+
+                fprintf(f, "notify-fd=%i\n", copy);
+                fprintf(f, "notify-socket=%s\n", m->notify_socket);
+        }
+
+        if (m->cgroups_agent_fd >= 0) {
+                int copy;
+
+                copy = fdset_put_dup(fds, m->cgroups_agent_fd);
+                if (copy < 0)
+                        return copy;
+
+                fprintf(f, "cgroups-agent-fd=%i\n", copy);
+        }
+
+        if (m->kdbus_fd >= 0) {
+                int copy;
+
+                copy = fdset_put_dup(fds, m->kdbus_fd);
+                if (copy < 0)
+                        return copy;
+
+                fprintf(f, "kdbus-fd=%i\n", copy);
+        }
+
+        bus_track_serialize(m->subscribed, f);
+
+        fputc('\n', f);
+
+        HASHMAP_FOREACH_KEY(u, t, m->units, i) {
+                if (u->id != t)
+                        continue;
+
+                /* Start marker */
+                fputs(u->id, f);
+                fputc('\n', f);
+
+                r = unit_serialize(u, f, fds, !switching_root);
+                if (r < 0) {
+                        m->n_reloading--;
+                        return r;
+                }
+        }
+
+        assert(m->n_reloading > 0);
+        m->n_reloading--;
+
+        if (ferror(f))
+                return -EIO;
+
+        r = bus_fdset_add_all(m, fds);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
+        int r = 0;
+
+        assert(m);
+        assert(f);
+
+        log_debug("Deserializing state...");
+
+        m->n_reloading++;
+
+        for (;;) {
+                char line[LINE_MAX], *l;
+
+                if (!fgets(line, sizeof(line), f)) {
+                        if (feof(f))
+                                r = 0;
+                        else
+                                r = -errno;
+
+                        goto finish;
+                }
+
+                char_array_0(line);
+                l = strstrip(line);
+
+                if (l[0] == 0)
+                        break;
+
+                if (startswith(l, "current-job-id=")) {
+                        uint32_t id;
+
+                        if (safe_atou32(l+15, &id) < 0)
+                                log_debug("Failed to parse current job id value %s", l+15);
+                        else
+                                m->current_job_id = MAX(m->current_job_id, id);
+
+                } else if (startswith(l, "n-installed-jobs=")) {
+                        uint32_t n;
+
+                        if (safe_atou32(l+17, &n) < 0)
+                                log_debug("Failed to parse installed jobs counter %s", l+17);
+                        else
+                                m->n_installed_jobs += n;
+
+                } else if (startswith(l, "n-failed-jobs=")) {
+                        uint32_t n;
+
+                        if (safe_atou32(l+14, &n) < 0)
+                                log_debug("Failed to parse failed jobs counter %s", l+14);
+                        else
+                                m->n_failed_jobs += n;
+
+                } else if (startswith(l, "taint-usr=")) {
+                        int b;
+
+                        b = parse_boolean(l+10);
+                        if (b < 0)
+                                log_debug("Failed to parse taint /usr flag %s", l+10);
+                        else
+                                m->taint_usr = m->taint_usr || b;
+
+                } else if (startswith(l, "firmware-timestamp="))
+                        dual_timestamp_deserialize(l+19, &m->firmware_timestamp);
+                else if (startswith(l, "loader-timestamp="))
+                        dual_timestamp_deserialize(l+17, &m->loader_timestamp);
+                else if (startswith(l, "kernel-timestamp="))
+                        dual_timestamp_deserialize(l+17, &m->kernel_timestamp);
+                else if (startswith(l, "initrd-timestamp="))
+                        dual_timestamp_deserialize(l+17, &m->initrd_timestamp);
+                else if (startswith(l, "userspace-timestamp="))
+                        dual_timestamp_deserialize(l+20, &m->userspace_timestamp);
+                else if (startswith(l, "finish-timestamp="))
+                        dual_timestamp_deserialize(l+17, &m->finish_timestamp);
+                else if (startswith(l, "security-start-timestamp="))
+                        dual_timestamp_deserialize(l+25, &m->security_start_timestamp);
+                else if (startswith(l, "security-finish-timestamp="))
+                        dual_timestamp_deserialize(l+26, &m->security_finish_timestamp);
+                else if (startswith(l, "generators-start-timestamp="))
+                        dual_timestamp_deserialize(l+27, &m->generators_start_timestamp);
+                else if (startswith(l, "generators-finish-timestamp="))
+                        dual_timestamp_deserialize(l+28, &m->generators_finish_timestamp);
+                else if (startswith(l, "units-load-start-timestamp="))
+                        dual_timestamp_deserialize(l+27, &m->units_load_start_timestamp);
+                else if (startswith(l, "units-load-finish-timestamp="))
+                        dual_timestamp_deserialize(l+28, &m->units_load_finish_timestamp);
+                else if (startswith(l, "env=")) {
+                        _cleanup_free_ char *uce = NULL;
+                        char **e;
+
+                        r = cunescape(l + 4, UNESCAPE_RELAX, &uce);
+                        if (r < 0)
+                                goto finish;
+
+                        e = strv_env_set(m->environment, uce);
+                        if (!e) {
+                                r = -ENOMEM;
+                                goto finish;
+                        }
+
+                        strv_free(m->environment);
+                        m->environment = e;
+
+                } else if (startswith(l, "notify-fd=")) {
+                        int fd;
+
+                        if (safe_atoi(l + 10, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
+                                log_debug("Failed to parse notify fd: %s", l + 10);
+                        else {
+                                m->notify_event_source = sd_event_source_unref(m->notify_event_source);
+                                safe_close(m->notify_fd);
+                                m->notify_fd = fdset_remove(fds, fd);
+                        }
+
+                } else if (startswith(l, "notify-socket=")) {
+                        char *n;
+
+                        n = strdup(l+14);
+                        if (!n) {
+                                r = -ENOMEM;
+                                goto finish;
+                        }
+
+                        free(m->notify_socket);
+                        m->notify_socket = n;
+
+                } else if (startswith(l, "cgroups-agent-fd=")) {
+                        int fd;
+
+                        if (safe_atoi(l + 17, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
+                                log_debug("Failed to parse cgroups agent fd: %s", l + 10);
+                        else {
+                                m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
+                                safe_close(m->cgroups_agent_fd);
+                                m->cgroups_agent_fd = fdset_remove(fds, fd);
+                        }
+
+                } else if (startswith(l, "kdbus-fd=")) {
+                        int fd;
+
+                        if (safe_atoi(l + 9, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
+                                log_debug("Failed to parse kdbus fd: %s", l + 9);
+                        else {
+                                safe_close(m->kdbus_fd);
+                                m->kdbus_fd = fdset_remove(fds, fd);
+                        }
+
+                } else {
+                        int k;
+
+                        k = bus_track_deserialize_item(&m->deserialized_subscribed, l);
+                        if (k < 0)
+                                log_debug_errno(k, "Failed to deserialize bus tracker object: %m");
+                        else if (k == 0)
+                                log_debug("Unknown serialization item '%s'", l);
+                }
+        }
+
+        for (;;) {
+                Unit *u;
+                char name[UNIT_NAME_MAX+2];
+
+                /* Start marker */
+                if (!fgets(name, sizeof(name), f)) {
+                        if (feof(f))
+                                r = 0;
+                        else
+                                r = -errno;
+
+                        goto finish;
+                }
+
+                char_array_0(name);
+
+                r = manager_load_unit(m, strstrip(name), NULL, NULL, &u);
+                if (r < 0)
+                        goto finish;
+
+                r = unit_deserialize(u, f, fds);
+                if (r < 0)
+                        goto finish;
+        }
+
+finish:
+        if (ferror(f))
+                r = -EIO;
+
+        assert(m->n_reloading > 0);
+        m->n_reloading--;
+
+        return r;
+}
+
+int manager_reload(Manager *m) {
+        int r, q;
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_fdset_free_ FDSet *fds = NULL;
+
+        assert(m);
+
+        r = manager_open_serialization(m, &f);
+        if (r < 0)
+                return r;
+
+        m->n_reloading++;
+        bus_manager_send_reloading(m, true);
+
+        fds = fdset_new();
+        if (!fds) {
+                m->n_reloading--;
+                return -ENOMEM;
+        }
+
+        r = manager_serialize(m, f, fds, false);
+        if (r < 0) {
+                m->n_reloading--;
+                return r;
+        }
+
+        if (fseeko(f, 0, SEEK_SET) < 0) {
+                m->n_reloading--;
+                return -errno;
+        }
+
+        /* From here on there is no way back. */
+        manager_clear_jobs_and_units(m);
+        lookup_paths_flush_generator(&m->lookup_paths);
+        lookup_paths_free(&m->lookup_paths);
+
+        q = lookup_paths_init(&m->lookup_paths, m->unit_file_scope, 0, NULL);
+        if (q < 0 && r >= 0)
+                r = q;
+
+        /* Find new unit paths */
+        q = manager_run_generators(m);
+        if (q < 0 && r >= 0)
+                r = q;
+
+        lookup_paths_reduce(&m->lookup_paths);
+        manager_build_unit_path_cache(m);
+
+        /* First, enumerate what we can from all config files */
+        manager_enumerate(m);
+
+        /* Second, deserialize our stored data */
+        q = manager_deserialize(m, f, fds);
+        if (q < 0 && r >= 0)
+                r = q;
+
+        fclose(f);
+        f = NULL;
+
+        /* Re-register notify_fd as event source */
+        q = manager_setup_notify(m);
+        if (q < 0 && r >= 0)
+                r = q;
+
+        q = manager_setup_cgroups_agent(m);
+        if (q < 0 && r >= 0)
+                r = q;
+
+        /* Third, fire things up! */
+        manager_coldplug(m);
+
+        /* Sync current state of bus names with our set of listening units */
+        if (m->api_bus)
+                manager_sync_bus_names(m, m->api_bus);
+
+        assert(m->n_reloading > 0);
+        m->n_reloading--;
+
+        m->send_reloading_done = true;
+
+        return r;
+}
+
+void manager_reset_failed(Manager *m) {
+        Unit *u;
+        Iterator i;
+
+        assert(m);
+
+        HASHMAP_FOREACH(u, m->units, i)
+                unit_reset_failed(u);
+}
+
+bool manager_unit_inactive_or_pending(Manager *m, const char *name) {
+        Unit *u;
+
+        assert(m);
+        assert(name);
+
+        /* Returns true if the unit is inactive or going down */
+        u = manager_get_unit(m, name);
+        if (!u)
+                return true;
+
+        return unit_inactive_or_pending(u);
+}
+
+static void manager_notify_finished(Manager *m) {
+        char userspace[FORMAT_TIMESPAN_MAX], initrd[FORMAT_TIMESPAN_MAX], kernel[FORMAT_TIMESPAN_MAX], sum[FORMAT_TIMESPAN_MAX];
+        usec_t firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec;
+
+        if (m->test_run)
+                return;
+
+        if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0) {
+
+                /* Note that m->kernel_usec.monotonic is always at 0,
+                 * and m->firmware_usec.monotonic and
+                 * m->loader_usec.monotonic should be considered
+                 * negative values. */
+
+                firmware_usec = m->firmware_timestamp.monotonic - m->loader_timestamp.monotonic;
+                loader_usec = m->loader_timestamp.monotonic - m->kernel_timestamp.monotonic;
+                userspace_usec = m->finish_timestamp.monotonic - m->userspace_timestamp.monotonic;
+                total_usec = m->firmware_timestamp.monotonic + m->finish_timestamp.monotonic;
+
+                if (dual_timestamp_is_set(&m->initrd_timestamp)) {
+
+                        kernel_usec = m->initrd_timestamp.monotonic - m->kernel_timestamp.monotonic;
+                        initrd_usec = m->userspace_timestamp.monotonic - m->initrd_timestamp.monotonic;
+
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE_ID(SD_MESSAGE_STARTUP_FINISHED),
+                                   "KERNEL_USEC="USEC_FMT, kernel_usec,
+                                   "INITRD_USEC="USEC_FMT, initrd_usec,
+                                   "USERSPACE_USEC="USEC_FMT, userspace_usec,
+                                   LOG_MESSAGE("Startup finished in %s (kernel) + %s (initrd) + %s (userspace) = %s.",
+                                               format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
+                                               format_timespan(initrd, sizeof(initrd), initrd_usec, USEC_PER_MSEC),
+                                               format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
+                                               format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
+                                   NULL);
+                } else {
+                        kernel_usec = m->userspace_timestamp.monotonic - m->kernel_timestamp.monotonic;
+                        initrd_usec = 0;
+
+                        log_struct(LOG_INFO,
+                                   LOG_MESSAGE_ID(SD_MESSAGE_STARTUP_FINISHED),
+                                   "KERNEL_USEC="USEC_FMT, kernel_usec,
+                                   "USERSPACE_USEC="USEC_FMT, userspace_usec,
+                                   LOG_MESSAGE("Startup finished in %s (kernel) + %s (userspace) = %s.",
+                                               format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
+                                               format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
+                                               format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
+                                   NULL);
+                }
+        } else {
+                firmware_usec = loader_usec = initrd_usec = kernel_usec = 0;
+                total_usec = userspace_usec = m->finish_timestamp.monotonic - m->userspace_timestamp.monotonic;
+
+                log_struct(LOG_INFO,
+                           LOG_MESSAGE_ID(SD_MESSAGE_STARTUP_FINISHED),
+                           "USERSPACE_USEC="USEC_FMT, userspace_usec,
+                           LOG_MESSAGE("Startup finished in %s.",
+                                       format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
+                           NULL);
+        }
+
+        bus_manager_send_finished(m, firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec);
+
+        sd_notifyf(false,
+                   "READY=1\n"
+                   "STATUS=Startup finished in %s.",
+                   format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC));
+}
+
+void manager_check_finished(Manager *m) {
+        assert(m);
+
+        if (MANAGER_IS_RELOADING(m))
+                return;
+
+        /* Verify that we are actually running currently. Initially
+         * the exit code is set to invalid, and during operation it is
+         * then set to MANAGER_OK */
+        if (m->exit_code != MANAGER_OK)
+                return;
+
+        if (hashmap_size(m->jobs) > 0) {
+                if (m->jobs_in_progress_event_source)
+                        /* Ignore any failure, this is only for feedback */
+                        (void) sd_event_source_set_time(m->jobs_in_progress_event_source, now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC);
+
+                return;
+        }
+
+        manager_flip_auto_status(m, false);
+
+        /* Notify Type=idle units that we are done now */
+        manager_close_idle_pipe(m);
+
+        /* Turn off confirm spawn now */
+        m->confirm_spawn = false;
+
+        /* No need to update ask password status when we're going non-interactive */
+        manager_close_ask_password(m);
+
+        /* This is no longer the first boot */
+        manager_set_first_boot(m, false);
+
+        if (dual_timestamp_is_set(&m->finish_timestamp))
+                return;
+
+        dual_timestamp_get(&m->finish_timestamp);
+
+        manager_notify_finished(m);
+
+        manager_invalidate_startup_units(m);
+}
+
+static int manager_run_generators(Manager *m) {
+        _cleanup_strv_free_ char **paths = NULL;
+        const char *argv[5];
+        char **path;
+        int r;
+
+        assert(m);
+
+        if (m->test_run)
+                return 0;
+
+        paths = generator_binary_paths(m->unit_file_scope);
+        if (!paths)
+                return log_oom();
+
+        /* Optimize by skipping the whole process by not creating output directories
+         * if no generators are found. */
+        STRV_FOREACH(path, paths) {
+                if (access(*path, F_OK) >= 0)
+                        goto found;
+                if (errno != ENOENT)
+                        log_warning_errno(errno, "Failed to open generator directory %s: %m", *path);
+        }
+
+        return 0;
+
+ found:
+        r = lookup_paths_mkdir_generator(&m->lookup_paths);
+        if (r < 0)
+                goto finish;
+
+        argv[0] = NULL; /* Leave this empty, execute_directory() will fill something in */
+        argv[1] = m->lookup_paths.generator;
+        argv[2] = m->lookup_paths.generator_early;
+        argv[3] = m->lookup_paths.generator_late;
+        argv[4] = NULL;
+
+        RUN_WITH_UMASK(0022)
+                execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, (char**) argv);
+
+finish:
+        lookup_paths_trim_generator(&m->lookup_paths);
+        return r;
+}
+
+int manager_environment_add(Manager *m, char **minus, char **plus) {
+        char **a = NULL, **b = NULL, **l;
+        assert(m);
+
+        l = m->environment;
+
+        if (!strv_isempty(minus)) {
+                a = strv_env_delete(l, 1, minus);
+                if (!a)
+                        return -ENOMEM;
+
+                l = a;
+        }
+
+        if (!strv_isempty(plus)) {
+                b = strv_env_merge(2, l, plus);
+                if (!b) {
+                        strv_free(a);
+                        return -ENOMEM;
+                }
+
+                l = b;
+        }
+
+        if (m->environment != l)
+                strv_free(m->environment);
+        if (a != l)
+                strv_free(a);
+        if (b != l)
+                strv_free(b);
+
+        m->environment = l;
+        manager_clean_environment(m);
+        strv_sort(m->environment);
+
+        return 0;
+}
+
+int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit) {
+        int i;
+
+        assert(m);
+
+        for (i = 0; i < _RLIMIT_MAX; i++) {
+                m->rlimit[i] = mfree(m->rlimit[i]);
+
+                if (!default_rlimit[i])
+                        continue;
+
+                m->rlimit[i] = newdup(struct rlimit, default_rlimit[i], 1);
+                if (!m->rlimit[i])
+                        return -ENOMEM;
+        }
+
+        return 0;
+}
+
+void manager_recheck_journal(Manager *m) {
+        Unit *u;
+
+        assert(m);
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return;
+
+        u = manager_get_unit(m, SPECIAL_JOURNALD_SOCKET);
+        if (u && SOCKET(u)->state != SOCKET_RUNNING) {
+                log_close_journal();
+                return;
+        }
+
+        u = manager_get_unit(m, SPECIAL_JOURNALD_SERVICE);
+        if (u && SERVICE(u)->state != SERVICE_RUNNING) {
+                log_close_journal();
+                return;
+        }
+
+        /* Hmm, OK, so the socket is fully up and the service is up
+         * too, then let's make use of the thing. */
+        log_open();
+}
+
+void manager_set_show_status(Manager *m, ShowStatus mode) {
+        assert(m);
+        assert(IN_SET(mode, SHOW_STATUS_AUTO, SHOW_STATUS_NO, SHOW_STATUS_YES, SHOW_STATUS_TEMPORARY));
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return;
+
+        if (m->show_status != mode)
+                log_debug("%s showing of status.",
+                          mode == SHOW_STATUS_NO ? "Disabling" : "Enabling");
+        m->show_status = mode;
+
+        if (mode > 0)
+                (void) touch("/run/systemd/show-status");
+        else
+                (void) unlink("/run/systemd/show-status");
+}
+
+static bool manager_get_show_status(Manager *m, StatusType type) {
+        assert(m);
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return false;
+
+        if (m->no_console_output)
+                return false;
+
+        if (!IN_SET(manager_state(m), MANAGER_INITIALIZING, MANAGER_STARTING, MANAGER_STOPPING))
+                return false;
+
+        /* If we cannot find out the status properly, just proceed. */
+        if (type != STATUS_TYPE_EMERGENCY && manager_check_ask_password(m) > 0)
+                return false;
+
+        if (m->show_status > 0)
+                return true;
+
+        return false;
+}
+
+void manager_set_first_boot(Manager *m, bool b) {
+        assert(m);
+
+        if (!MANAGER_IS_SYSTEM(m))
+                return;
+
+        if (m->first_boot != (int) b) {
+                if (b)
+                        (void) touch("/run/systemd/first-boot");
+                else
+                        (void) unlink("/run/systemd/first-boot");
+        }
+
+        m->first_boot = b;
+}
+
+void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) {
+        va_list ap;
+
+        /* If m is NULL, assume we're after shutdown and let the messages through. */
+
+        if (m && !manager_get_show_status(m, type))
+                return;
+
+        /* XXX We should totally drop the check for ephemeral here
+         * and thus effectively make 'Type=idle' pointless. */
+        if (type == STATUS_TYPE_EPHEMERAL && m && m->n_on_console > 0)
+                return;
+
+        va_start(ap, format);
+        status_vprintf(status, true, type == STATUS_TYPE_EPHEMERAL, format, ap);
+        va_end(ap);
+}
+
+Set *manager_get_units_requiring_mounts_for(Manager *m, const char *path) {
+        char p[strlen(path)+1];
+
+        assert(m);
+        assert(path);
+
+        strcpy(p, path);
+        path_kill_slashes(p);
+
+        return hashmap_get(m->units_requiring_mounts_for, streq(p, "/") ? "" : p);
+}
+
+const char *manager_get_runtime_prefix(Manager *m) {
+        assert(m);
+
+        return MANAGER_IS_SYSTEM(m) ?
+               "/run" :
+               getenv("XDG_RUNTIME_DIR");
+}
+
+int manager_update_failed_units(Manager *m, Unit *u, bool failed) {
+        unsigned size;
+        int r;
+
+        assert(m);
+        assert(u->manager == m);
+
+        size = set_size(m->failed_units);
+
+        if (failed) {
+                r = set_ensure_allocated(&m->failed_units, NULL);
+                if (r < 0)
+                        return log_oom();
+
+                if (set_put(m->failed_units, u) < 0)
+                        return log_oom();
+        } else
+                (void) set_remove(m->failed_units, u);
+
+        if (set_size(m->failed_units) != size)
+                bus_manager_send_change_signal(m);
+
+        return 0;
+}
+
+ManagerState manager_state(Manager *m) {
+        Unit *u;
+
+        assert(m);
+
+        /* Did we ever finish booting? If not then we are still starting up */
+        if (!dual_timestamp_is_set(&m->finish_timestamp)) {
+
+                u = manager_get_unit(m, SPECIAL_BASIC_TARGET);
+                if (!u || !UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
+                        return MANAGER_INITIALIZING;
+
+                return MANAGER_STARTING;
+        }
+
+        /* Is the special shutdown target queued? If so, we are in shutdown state */
+        u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
+        if (u && u->job && IN_SET(u->job->type, JOB_START, JOB_RESTART, JOB_RELOAD_OR_START))
+                return MANAGER_STOPPING;
+
+        /* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
+        u = manager_get_unit(m, SPECIAL_RESCUE_TARGET);
+        if (u && (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)) ||
+                  (u->job && IN_SET(u->job->type, JOB_START, JOB_RESTART, JOB_RELOAD_OR_START))))
+                return MANAGER_MAINTENANCE;
+
+        u = manager_get_unit(m, SPECIAL_EMERGENCY_TARGET);
+        if (u && (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)) ||
+                  (u->job && IN_SET(u->job->type, JOB_START, JOB_RESTART, JOB_RELOAD_OR_START))))
+                return MANAGER_MAINTENANCE;
+
+        /* Are there any failed units? If so, we are in degraded mode */
+        if (set_size(m->failed_units) > 0)
+                return MANAGER_DEGRADED;
+
+        return MANAGER_RUNNING;
+}
+
+static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
+        [MANAGER_INITIALIZING] = "initializing",
+        [MANAGER_STARTING] = "starting",
+        [MANAGER_RUNNING] = "running",
+        [MANAGER_DEGRADED] = "degraded",
+        [MANAGER_MAINTENANCE] = "maintenance",
+        [MANAGER_STOPPING] = "stopping",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(manager_state, ManagerState);
diff --git a/src/libcore/manager.h b/src/libcore/manager.h
new file mode 100644
index 0000000000..70d79ce549
--- /dev/null
+++ b/src/libcore/manager.h
@@ -0,0 +1,379 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <libmount.h>
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+
+#include "cgroup-util.h"
+#include "fdset.h"
+#include "hashmap.h"
+#include "list.h"
+#include "ratelimit.h"
+
+/* Enforce upper limit how many names we allow */
+#define MANAGER_MAX_NAMES 131072 /* 128K */
+
+typedef struct Manager Manager;
+
+typedef enum ManagerState {
+        MANAGER_INITIALIZING,
+        MANAGER_STARTING,
+        MANAGER_RUNNING,
+        MANAGER_DEGRADED,
+        MANAGER_MAINTENANCE,
+        MANAGER_STOPPING,
+        _MANAGER_STATE_MAX,
+        _MANAGER_STATE_INVALID = -1
+} ManagerState;
+
+typedef enum ManagerExitCode {
+        MANAGER_OK,
+        MANAGER_EXIT,
+        MANAGER_RELOAD,
+        MANAGER_REEXECUTE,
+        MANAGER_REBOOT,
+        MANAGER_POWEROFF,
+        MANAGER_HALT,
+        MANAGER_KEXEC,
+        MANAGER_SWITCH_ROOT,
+        _MANAGER_EXIT_CODE_MAX,
+        _MANAGER_EXIT_CODE_INVALID = -1
+} ManagerExitCode;
+
+typedef enum StatusType {
+        STATUS_TYPE_EPHEMERAL,
+        STATUS_TYPE_NORMAL,
+        STATUS_TYPE_EMERGENCY,
+} StatusType;
+
+#include "execute.h"
+#include "job.h"
+#include "path-lookup.h"
+#include "show-status.h"
+#include "unit-name.h"
+
+struct Manager {
+        /* Note that the set of units we know of is allowed to be
+         * inconsistent. However the subset of it that is loaded may
+         * not, and the list of jobs may neither. */
+
+        /* Active jobs and units */
+        Hashmap *units;  /* name string => Unit object n:1 */
+        Hashmap *jobs;   /* job id => Job object 1:1 */
+
+        /* To make it easy to iterate through the units of a specific
+         * type we maintain a per type linked list */
+        LIST_HEAD(Unit, units_by_type[_UNIT_TYPE_MAX]);
+
+        /* Units that need to be loaded */
+        LIST_HEAD(Unit, load_queue); /* this is actually more a stack than a queue, but uh. */
+
+        /* Jobs that need to be run */
+        LIST_HEAD(Job, run_queue);   /* more a stack than a queue, too */
+
+        /* Units and jobs that have not yet been announced via
+         * D-Bus. When something about a job changes it is added here
+         * if it is not in there yet. This allows easy coalescing of
+         * D-Bus change signals. */
+        LIST_HEAD(Unit, dbus_unit_queue);
+        LIST_HEAD(Job, dbus_job_queue);
+
+        /* Units to remove */
+        LIST_HEAD(Unit, cleanup_queue);
+
+        /* Units to check when doing GC */
+        LIST_HEAD(Unit, gc_queue);
+
+        /* Units that should be realized */
+        LIST_HEAD(Unit, cgroup_queue);
+
+        sd_event *event;
+
+        /* We use two hash tables here, since the same PID might be
+         * watched by two different units: once the unit that forked
+         * it off, and possibly a different unit to which it was
+         * joined as cgroup member. Since we know that it is either
+         * one or two units for each PID we just use to hashmaps
+         * here. */
+        Hashmap *watch_pids1;  /* pid => Unit object n:1 */
+        Hashmap *watch_pids2;  /* pid => Unit object n:1 */
+
+        /* A set contains all units which cgroup should be refreshed after startup */
+        Set *startup_units;
+
+        /* A set which contains all currently failed units */
+        Set *failed_units;
+
+        sd_event_source *run_queue_event_source;
+
+        char *notify_socket;
+        int notify_fd;
+        sd_event_source *notify_event_source;
+
+        int cgroups_agent_fd;
+        sd_event_source *cgroups_agent_event_source;
+
+        int signal_fd;
+        sd_event_source *signal_event_source;
+
+        int time_change_fd;
+        sd_event_source *time_change_event_source;
+
+        sd_event_source *jobs_in_progress_event_source;
+
+        UnitFileScope unit_file_scope;
+        LookupPaths lookup_paths;
+        Set *unit_path_cache;
+
+        char **environment;
+
+        usec_t runtime_watchdog;
+        usec_t shutdown_watchdog;
+
+        dual_timestamp firmware_timestamp;
+        dual_timestamp loader_timestamp;
+        dual_timestamp kernel_timestamp;
+        dual_timestamp initrd_timestamp;
+        dual_timestamp userspace_timestamp;
+        dual_timestamp finish_timestamp;
+
+        dual_timestamp security_start_timestamp;
+        dual_timestamp security_finish_timestamp;
+        dual_timestamp generators_start_timestamp;
+        dual_timestamp generators_finish_timestamp;
+        dual_timestamp units_load_start_timestamp;
+        dual_timestamp units_load_finish_timestamp;
+
+        struct udev* udev;
+
+        /* Data specific to the device subsystem */
+        struct udev_monitor* udev_monitor;
+        sd_event_source *udev_event_source;
+        Hashmap *devices_by_sysfs;
+
+        /* Data specific to the mount subsystem */
+        struct libmnt_monitor *mount_monitor;
+        sd_event_source *mount_event_source;
+
+        /* Data specific to the swap filesystem */
+        FILE *proc_swaps;
+        sd_event_source *swap_event_source;
+        Hashmap *swaps_by_devnode;
+
+        /* Data specific to the D-Bus subsystem */
+        sd_bus *api_bus, *system_bus;
+        Set *private_buses;
+        int private_listen_fd;
+        sd_event_source *private_listen_event_source;
+
+        /* Contains all the clients that are subscribed to signals via
+        the API bus. Note that private bus connections are always
+        considered subscribes, since they last for very short only,
+        and it is much simpler that way. */
+        sd_bus_track *subscribed;
+        char **deserialized_subscribed;
+
+        /* This is used during reloading: before the reload we queue
+         * the reply message here, and afterwards we send it */
+        sd_bus_message *queued_message;
+
+        Hashmap *watch_bus;  /* D-Bus names => Unit object n:1 */
+
+        bool send_reloading_done;
+
+        uint32_t current_job_id;
+        uint32_t default_unit_job_id;
+
+        /* Data specific to the Automount subsystem */
+        int dev_autofs_fd;
+
+        /* Data specific to the cgroup subsystem */
+        Hashmap *cgroup_unit;
+        CGroupMask cgroup_supported;
+        char *cgroup_root;
+
+        /* Notifications from cgroups, when the unified hierarchy is
+         * used is done via inotify. */
+        int cgroup_inotify_fd;
+        sd_event_source *cgroup_inotify_event_source;
+        Hashmap *cgroup_inotify_wd_unit;
+
+        /* Make sure the user cannot accidentally unmount our cgroup
+         * file system */
+        int pin_cgroupfs_fd;
+
+        int gc_marker;
+        unsigned n_in_gc_queue;
+
+        /* Flags */
+        ManagerExitCode exit_code:5;
+
+        bool dispatching_load_queue:1;
+        bool dispatching_dbus_queue:1;
+
+        bool taint_usr:1;
+
+        bool test_run:1;
+
+        /* If non-zero, exit with the following value when the systemd
+         * process terminate. Useful for containers: systemd-nspawn could get
+         * the return value. */
+        uint8_t return_value;
+
+        ShowStatus show_status;
+        bool confirm_spawn;
+        bool no_console_output;
+
+        ExecOutput default_std_output, default_std_error;
+
+        usec_t default_restart_usec, default_timeout_start_usec, default_timeout_stop_usec;
+
+        usec_t default_start_limit_interval;
+        unsigned default_start_limit_burst;
+
+        bool default_cpu_accounting;
+        bool default_memory_accounting;
+        bool default_io_accounting;
+        bool default_blockio_accounting;
+        bool default_tasks_accounting;
+
+        uint64_t default_tasks_max;
+        usec_t default_timer_accuracy_usec;
+
+        struct rlimit *rlimit[_RLIMIT_MAX];
+
+        /* non-zero if we are reloading or reexecuting, */
+        int n_reloading;
+
+        unsigned n_installed_jobs;
+        unsigned n_failed_jobs;
+
+        /* Jobs in progress watching */
+        unsigned n_running_jobs;
+        unsigned n_on_console;
+        unsigned jobs_in_progress_iteration;
+
+        /* Do we have any outstanding password prompts? */
+        int have_ask_password;
+        int ask_password_inotify_fd;
+        sd_event_source *ask_password_event_source;
+
+        /* Type=idle pipes */
+        int idle_pipe[4];
+        sd_event_source *idle_pipe_event_source;
+
+        char *switch_root;
+        char *switch_root_init;
+
+        /* This maps all possible path prefixes to the units needing
+         * them. It's a hashmap with a path string as key and a Set as
+         * value where Unit objects are contained. */
+        Hashmap *units_requiring_mounts_for;
+
+        /* Reference to the kdbus bus control fd */
+        int kdbus_fd;
+
+        /* Used for processing polkit authorization responses */
+        Hashmap *polkit_registry;
+
+        /* When the user hits C-A-D more than 7 times per 2s, reboot immediately... */
+        RateLimit ctrl_alt_del_ratelimit;
+
+        const char *unit_log_field;
+        const char *unit_log_format_string;
+
+        int first_boot; /* tri-state */
+};
+
+#define MANAGER_IS_SYSTEM(m) ((m)->unit_file_scope == UNIT_FILE_SYSTEM)
+#define MANAGER_IS_USER(m) ((m)->unit_file_scope != UNIT_FILE_SYSTEM)
+
+#define MANAGER_IS_RELOADING(m) ((m)->n_reloading > 0)
+
+int manager_new(UnitFileScope scope, bool test_run, Manager **m);
+Manager* manager_free(Manager *m);
+
+void manager_enumerate(Manager *m);
+int manager_startup(Manager *m, FILE *serialization, FDSet *fds);
+
+Job *manager_get_job(Manager *m, uint32_t id);
+Unit *manager_get_unit(Manager *m, const char *name);
+
+int manager_get_job_from_dbus_path(Manager *m, const char *s, Job **_j);
+
+int manager_load_unit_prepare(Manager *m, const char *name, const char *path, sd_bus_error *e, Unit **_ret);
+int manager_load_unit(Manager *m, const char *name, const char *path, sd_bus_error *e, Unit **_ret);
+int manager_load_unit_from_dbus_path(Manager *m, const char *s, sd_bus_error *e, Unit **_u);
+
+int manager_add_job(Manager *m, JobType type, Unit *unit, JobMode mode, sd_bus_error *e, Job **_ret);
+int manager_add_job_by_name(Manager *m, JobType type, const char *name, JobMode mode, sd_bus_error *e, Job **_ret);
+int manager_add_job_by_name_and_warn(Manager *m, JobType type, const char *name, JobMode mode, Job **ret);
+
+void manager_dump_units(Manager *s, FILE *f, const char *prefix);
+void manager_dump_jobs(Manager *s, FILE *f, const char *prefix);
+
+void manager_clear_jobs(Manager *m);
+
+unsigned manager_dispatch_load_queue(Manager *m);
+
+int manager_environment_add(Manager *m, char **minus, char **plus);
+int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit);
+
+int manager_loop(Manager *m);
+
+int manager_open_serialization(Manager *m, FILE **_f);
+
+int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root);
+int manager_deserialize(Manager *m, FILE *f, FDSet *fds);
+
+int manager_reload(Manager *m);
+
+void manager_reset_failed(Manager *m);
+
+void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success);
+void manager_send_unit_plymouth(Manager *m, Unit *u);
+
+bool manager_unit_inactive_or_pending(Manager *m, const char *name);
+
+void manager_check_finished(Manager *m);
+
+void manager_recheck_journal(Manager *m);
+
+void manager_set_show_status(Manager *m, ShowStatus mode);
+void manager_set_first_boot(Manager *m, bool b);
+
+void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) _printf_(4,5);
+void manager_flip_auto_status(Manager *m, bool enable);
+
+Set *manager_get_units_requiring_mounts_for(Manager *m, const char *path);
+
+const char *manager_get_runtime_prefix(Manager *m);
+
+ManagerState manager_state(Manager *m);
+
+int manager_update_failed_units(Manager *m, Unit *u, bool failed);
+
+const char *manager_state_to_string(ManagerState m) _const_;
+ManagerState manager_state_from_string(const char *s) _pure_;
diff --git a/src/core/mount-setup.c b/src/libcore/mount-setup.c
index 40fc548b42..40fc548b42 100644
--- a/src/core/mount-setup.c
+++ b/src/libcore/mount-setup.c
diff --git a/src/core/mount-setup.h b/src/libcore/mount-setup.h
index 647bd770ae..647bd770ae 100644
--- a/src/core/mount-setup.h
+++ b/src/libcore/mount-setup.h
diff --git a/src/libcore/mount.c b/src/libcore/mount.c
new file mode 100644
index 0000000000..7db9d1325b
--- /dev/null
+++ b/src/libcore/mount.c
@@ -0,0 +1,1881 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <signal.h>
+#include <stdio.h>
+#include <sys/epoll.h>
+
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "dbus-mount.h"
+#include "escape.h"
+#include "exit-status.h"
+#include "formats-util.h"
+#include "fstab-util.h"
+#include "log.h"
+#include "manager.h"
+#include "mkdir.h"
+#include "mount-setup.h"
+#include "mount-util.h"
+#include "mount.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "special.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "unit-name.h"
+#include "unit.h"
+
+#define RETRY_UMOUNT_MAX 32
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_table*, mnt_free_table);
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_iter*, mnt_free_iter);
+
+static const UnitActiveState state_translation_table[_MOUNT_STATE_MAX] = {
+        [MOUNT_DEAD] = UNIT_INACTIVE,
+        [MOUNT_MOUNTING] = UNIT_ACTIVATING,
+        [MOUNT_MOUNTING_DONE] = UNIT_ACTIVE,
+        [MOUNT_MOUNTED] = UNIT_ACTIVE,
+        [MOUNT_REMOUNTING] = UNIT_RELOADING,
+        [MOUNT_UNMOUNTING] = UNIT_DEACTIVATING,
+        [MOUNT_MOUNTING_SIGTERM] = UNIT_DEACTIVATING,
+        [MOUNT_MOUNTING_SIGKILL] = UNIT_DEACTIVATING,
+        [MOUNT_REMOUNTING_SIGTERM] = UNIT_RELOADING,
+        [MOUNT_REMOUNTING_SIGKILL] = UNIT_RELOADING,
+        [MOUNT_UNMOUNTING_SIGTERM] = UNIT_DEACTIVATING,
+        [MOUNT_UNMOUNTING_SIGKILL] = UNIT_DEACTIVATING,
+        [MOUNT_FAILED] = UNIT_FAILED
+};
+
+static int mount_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
+static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+
+static bool mount_needs_network(const char *options, const char *fstype) {
+        if (fstab_test_option(options, "_netdev\0"))
+                return true;
+
+        if (fstype && fstype_is_network(fstype))
+                return true;
+
+        return false;
+}
+
+static bool mount_is_network(const MountParameters *p) {
+        assert(p);
+
+        return mount_needs_network(p->options, p->fstype);
+}
+
+static bool mount_is_loop(const MountParameters *p) {
+        assert(p);
+
+        if (fstab_test_option(p->options, "loop\0"))
+                return true;
+
+        return false;
+}
+
+static bool mount_is_bind(const MountParameters *p) {
+        assert(p);
+
+        if (fstab_test_option(p->options, "bind\0" "rbind\0"))
+                return true;
+
+        if (p->fstype && STR_IN_SET(p->fstype, "bind", "rbind"))
+                return true;
+
+        return false;
+}
+
+static bool mount_is_auto(const MountParameters *p) {
+        assert(p);
+
+        return !fstab_test_option(p->options, "noauto\0");
+}
+
+static bool mount_is_automount(const MountParameters *p) {
+        assert(p);
+
+        return fstab_test_option(p->options,
+                                 "comment=systemd.automount\0"
+                                 "x-systemd.automount\0");
+}
+
+static bool mount_state_active(MountState state) {
+        return IN_SET(state,
+                      MOUNT_MOUNTING,
+                      MOUNT_MOUNTING_DONE,
+                      MOUNT_REMOUNTING,
+                      MOUNT_UNMOUNTING,
+                      MOUNT_MOUNTING_SIGTERM,
+                      MOUNT_MOUNTING_SIGKILL,
+                      MOUNT_UNMOUNTING_SIGTERM,
+                      MOUNT_UNMOUNTING_SIGKILL,
+                      MOUNT_REMOUNTING_SIGTERM,
+                      MOUNT_REMOUNTING_SIGKILL);
+}
+
+static bool needs_quota(const MountParameters *p) {
+        assert(p);
+
+        /* Quotas are not enabled on network filesystems,
+         * but we want them, for example, on storage connected via iscsi */
+        if (p->fstype && fstype_is_network(p->fstype))
+                return false;
+
+        if (mount_is_bind(p))
+                return false;
+
+        return fstab_test_option(p->options,
+                                 "usrquota\0" "grpquota\0" "quota\0" "usrjquota\0" "grpjquota\0");
+}
+
+static void mount_init(Unit *u) {
+        Mount *m = MOUNT(u);
+
+        assert(u);
+        assert(u->load_state == UNIT_STUB);
+
+        m->timeout_usec = u->manager->default_timeout_start_usec;
+        m->directory_mode = 0755;
+
+        if (unit_has_name(u, "-.mount")) {
+                /* Don't allow start/stop for root directory */
+                u->refuse_manual_start = true;
+                u->refuse_manual_stop = true;
+        } else {
+                /* The stdio/kmsg bridge socket is on /, in order to avoid a
+                 * dep loop, don't use kmsg logging for -.mount */
+                m->exec_context.std_output = u->manager->default_std_output;
+                m->exec_context.std_error = u->manager->default_std_error;
+        }
+
+        /* We need to make sure that /usr/bin/mount is always called
+         * in the same process group as us, so that the autofs kernel
+         * side doesn't send us another mount request while we are
+         * already trying to comply its last one. */
+        m->exec_context.same_pgrp = true;
+
+        m->control_command_id = _MOUNT_EXEC_COMMAND_INVALID;
+
+        u->ignore_on_isolate = true;
+}
+
+static int mount_arm_timer(Mount *m, usec_t usec) {
+        int r;
+
+        assert(m);
+
+        if (m->timer_event_source) {
+                r = sd_event_source_set_time(m->timer_event_source, usec);
+                if (r < 0)
+                        return r;
+
+                return sd_event_source_set_enabled(m->timer_event_source, SD_EVENT_ONESHOT);
+        }
+
+        if (usec == USEC_INFINITY)
+                return 0;
+
+        r = sd_event_add_time(
+                        UNIT(m)->manager->event,
+                        &m->timer_event_source,
+                        CLOCK_MONOTONIC,
+                        usec, 0,
+                        mount_dispatch_timer, m);
+        if (r < 0)
+                return r;
+
+        (void) sd_event_source_set_description(m->timer_event_source, "mount-timer");
+
+        return 0;
+}
+
+static void mount_unwatch_control_pid(Mount *m) {
+        assert(m);
+
+        if (m->control_pid <= 0)
+                return;
+
+        unit_unwatch_pid(UNIT(m), m->control_pid);
+        m->control_pid = 0;
+}
+
+static void mount_parameters_done(MountParameters *p) {
+        assert(p);
+
+        free(p->what);
+        free(p->options);
+        free(p->fstype);
+
+        p->what = p->options = p->fstype = NULL;
+}
+
+static void mount_done(Unit *u) {
+        Mount *m = MOUNT(u);
+
+        assert(m);
+
+        m->where = mfree(m->where);
+
+        mount_parameters_done(&m->parameters_proc_self_mountinfo);
+        mount_parameters_done(&m->parameters_fragment);
+
+        m->exec_runtime = exec_runtime_unref(m->exec_runtime);
+        exec_command_done_array(m->exec_command, _MOUNT_EXEC_COMMAND_MAX);
+        m->control_command = NULL;
+
+        mount_unwatch_control_pid(m);
+
+        m->timer_event_source = sd_event_source_unref(m->timer_event_source);
+}
+
+_pure_ static MountParameters* get_mount_parameters_fragment(Mount *m) {
+        assert(m);
+
+        if (m->from_fragment)
+                return &m->parameters_fragment;
+
+        return NULL;
+}
+
+_pure_ static MountParameters* get_mount_parameters(Mount *m) {
+        assert(m);
+
+        if (m->from_proc_self_mountinfo)
+                return &m->parameters_proc_self_mountinfo;
+
+        return get_mount_parameters_fragment(m);
+}
+
+static int mount_add_mount_links(Mount *m) {
+        _cleanup_free_ char *parent = NULL;
+        MountParameters *pm;
+        Unit *other;
+        Iterator i;
+        Set *s;
+        int r;
+
+        assert(m);
+
+        if (!path_equal(m->where, "/")) {
+                /* Adds in links to other mount points that might lie further
+                 * up in the hierarchy */
+
+                parent = dirname_malloc(m->where);
+                if (!parent)
+                        return -ENOMEM;
+
+                r = unit_require_mounts_for(UNIT(m), parent);
+                if (r < 0)
+                        return r;
+        }
+
+        /* Adds in links to other mount points that might be needed
+         * for the source path (if this is a bind mount or a loop mount) to be
+         * available. */
+        pm = get_mount_parameters_fragment(m);
+        if (pm && pm->what &&
+            path_is_absolute(pm->what) &&
+            (mount_is_bind(pm) || mount_is_loop(pm) || !mount_is_network(pm))) {
+
+                r = unit_require_mounts_for(UNIT(m), pm->what);
+                if (r < 0)
+                        return r;
+        }
+
+        /* Adds in links to other units that use this path or paths
+         * further down in the hierarchy */
+        s = manager_get_units_requiring_mounts_for(UNIT(m)->manager, m->where);
+        SET_FOREACH(other, s, i) {
+
+                if (other->load_state != UNIT_LOADED)
+                        continue;
+
+                if (other == UNIT(m))
+                        continue;
+
+                r = unit_add_dependency(other, UNIT_AFTER, UNIT(m), true);
+                if (r < 0)
+                        return r;
+
+                if (UNIT(m)->fragment_path) {
+                        /* If we have fragment configuration, then make this dependency required */
+                        r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        return 0;
+}
+
+static int mount_add_device_links(Mount *m) {
+        MountParameters *p;
+        bool device_wants_mount = false;
+        int r;
+
+        assert(m);
+
+        p = get_mount_parameters(m);
+        if (!p)
+                return 0;
+
+        if (!p->what)
+                return 0;
+
+        if (mount_is_bind(p))
+                return 0;
+
+        if (!is_device_path(p->what))
+                return 0;
+
+        /* /dev/root is a really weird thing, it's not a real device,
+         * but just a path the kernel exports for the root file system
+         * specified on the kernel command line. Ignore it here. */
+        if (path_equal(p->what, "/dev/root"))
+                return 0;
+
+        if (path_equal(m->where, "/"))
+                return 0;
+
+        if (mount_is_auto(p) && !mount_is_automount(p) && MANAGER_IS_SYSTEM(UNIT(m)->manager))
+                device_wants_mount = true;
+
+        r = unit_add_node_link(UNIT(m), p->what, device_wants_mount, m->from_fragment ? UNIT_BINDS_TO : UNIT_REQUIRES);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int mount_add_quota_links(Mount *m) {
+        int r;
+        MountParameters *p;
+
+        assert(m);
+
+        if (!MANAGER_IS_SYSTEM(UNIT(m)->manager))
+                return 0;
+
+        p = get_mount_parameters_fragment(m);
+        if (!p)
+                return 0;
+
+        if (!needs_quota(p))
+                return 0;
+
+        r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_WANTS, SPECIAL_QUOTACHECK_SERVICE, NULL, true);
+        if (r < 0)
+                return r;
+
+        r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_WANTS, SPECIAL_QUOTAON_SERVICE, NULL, true);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static bool should_umount(Mount *m) {
+        MountParameters *p;
+
+        if (PATH_IN_SET(m->where, "/", "/usr") ||
+            path_startswith(m->where, "/run/initramfs"))
+                return false;
+
+        p = get_mount_parameters(m);
+        if (p && fstab_test_option(p->options, "x-initrd.mount\0") &&
+            !in_initrd())
+                return false;
+
+        return true;
+}
+
+static int mount_add_default_dependencies(Mount *m) {
+        MountParameters *p;
+        const char *after;
+        int r;
+
+        assert(m);
+
+        if (!UNIT(m)->default_dependencies)
+                return 0;
+
+        if (!MANAGER_IS_SYSTEM(UNIT(m)->manager))
+                return 0;
+
+        /* We do not add any default dependencies to /, /usr or
+         * /run/initramfs/, since they are guaranteed to stay
+         * mounted the whole time, since our system is on it.
+         * Also, don't bother with anything mounted below virtual
+         * file systems, it's also going to be virtual, and hence
+         * not worth the effort. */
+        if (PATH_IN_SET(m->where, "/", "/usr") ||
+            path_startswith(m->where, "/run/initramfs") ||
+            path_startswith(m->where, "/proc") ||
+            path_startswith(m->where, "/sys") ||
+            path_startswith(m->where, "/dev"))
+                return 0;
+
+        p = get_mount_parameters(m);
+        if (!p)
+                return 0;
+
+        if (mount_is_network(p)) {
+                /* We order ourselves after network.target. This is
+                 * primarily useful at shutdown: services that take
+                 * down the network should order themselves before
+                 * network.target, so that they are shut down only
+                 * after this mount unit is stopped. */
+
+                r = unit_add_dependency_by_name(UNIT(m), UNIT_AFTER, SPECIAL_NETWORK_TARGET, NULL, true);
+                if (r < 0)
+                        return r;
+
+                /* We pull in network-online.target, and order
+                 * ourselves after it. This is useful at start-up to
+                 * actively pull in tools that want to be started
+                 * before we start mounting network file systems, and
+                 * whose purpose it is to delay this until the network
+                 * is "up". */
+
+                r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_WANTS, UNIT_AFTER, SPECIAL_NETWORK_ONLINE_TARGET, NULL, true);
+                if (r < 0)
+                        return r;
+
+                after = SPECIAL_REMOTE_FS_PRE_TARGET;
+        } else
+                after = SPECIAL_LOCAL_FS_PRE_TARGET;
+
+        r = unit_add_dependency_by_name(UNIT(m), UNIT_AFTER, after, NULL, true);
+        if (r < 0)
+                return r;
+
+        if (should_umount(m)) {
+                r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int mount_verify(Mount *m) {
+        _cleanup_free_ char *e = NULL;
+        int r;
+
+        assert(m);
+
+        if (UNIT(m)->load_state != UNIT_LOADED)
+                return 0;
+
+        if (!m->from_fragment && !m->from_proc_self_mountinfo)
+                return -ENOENT;
+
+        r = unit_name_from_path(m->where, ".mount", &e);
+        if (r < 0)
+                return log_unit_error_errno(UNIT(m), r, "Failed to generate unit name from mount path: %m");
+
+        if (!unit_has_name(UNIT(m), e)) {
+                log_unit_error(UNIT(m), "Where= setting doesn't match unit name. Refusing.");
+                return -EINVAL;
+        }
+
+        if (mount_point_is_api(m->where) || mount_point_ignore(m->where)) {
+                log_unit_error(UNIT(m), "Cannot create mount unit for API file system %s. Refusing.", m->where);
+                return -EINVAL;
+        }
+
+        if (UNIT(m)->fragment_path && !m->parameters_fragment.what) {
+                log_unit_error(UNIT(m), "What= setting is missing. Refusing.");
+                return -EBADMSG;
+        }
+
+        if (m->exec_context.pam_name && m->kill_context.kill_mode != KILL_CONTROL_GROUP) {
+                log_unit_error(UNIT(m), "Unit has PAM enabled. Kill mode must be set to control-group'. Refusing.");
+                return -EINVAL;
+        }
+
+        return 0;
+}
+
+static int mount_add_extras(Mount *m) {
+        Unit *u = UNIT(m);
+        int r;
+
+        assert(m);
+
+        if (u->fragment_path)
+                m->from_fragment = true;
+
+        if (!m->where) {
+                r = unit_name_to_path(u->id, &m->where);
+                if (r < 0)
+                        return r;
+        }
+
+        path_kill_slashes(m->where);
+
+        if (!u->description) {
+                r = unit_set_description(u, m->where);
+                if (r < 0)
+                        return r;
+        }
+
+        r = mount_add_device_links(m);
+        if (r < 0)
+                return r;
+
+        r = mount_add_mount_links(m);
+        if (r < 0)
+                return r;
+
+        r = mount_add_quota_links(m);
+        if (r < 0)
+                return r;
+
+        r = unit_patch_contexts(u);
+        if (r < 0)
+                return r;
+
+        r = unit_add_exec_dependencies(u, &m->exec_context);
+        if (r < 0)
+                return r;
+
+        r = unit_set_default_slice(u);
+        if (r < 0)
+                return r;
+
+        r = mount_add_default_dependencies(m);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int mount_load(Unit *u) {
+        Mount *m = MOUNT(u);
+        int r;
+
+        assert(u);
+        assert(u->load_state == UNIT_STUB);
+
+        if (m->from_proc_self_mountinfo)
+                r = unit_load_fragment_and_dropin_optional(u);
+        else
+                r = unit_load_fragment_and_dropin(u);
+
+        if (r < 0)
+                return r;
+
+        /* This is a new unit? Then let's add in some extras */
+        if (u->load_state == UNIT_LOADED) {
+                r = mount_add_extras(m);
+                if (r < 0)
+                        return r;
+        }
+
+        return mount_verify(m);
+}
+
+static void mount_set_state(Mount *m, MountState state) {
+        MountState old_state;
+        assert(m);
+
+        old_state = m->state;
+        m->state = state;
+
+        if (!mount_state_active(state)) {
+                m->timer_event_source = sd_event_source_unref(m->timer_event_source);
+                mount_unwatch_control_pid(m);
+                m->control_command = NULL;
+                m->control_command_id = _MOUNT_EXEC_COMMAND_INVALID;
+        }
+
+        if (state != old_state)
+                log_unit_debug(UNIT(m), "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state));
+
+        unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state], m->reload_result == MOUNT_SUCCESS);
+        m->reload_result = MOUNT_SUCCESS;
+}
+
+static int mount_coldplug(Unit *u) {
+        Mount *m = MOUNT(u);
+        MountState new_state = MOUNT_DEAD;
+        int r;
+
+        assert(m);
+        assert(m->state == MOUNT_DEAD);
+
+        if (m->deserialized_state != m->state)
+                new_state = m->deserialized_state;
+        else if (m->from_proc_self_mountinfo)
+                new_state = MOUNT_MOUNTED;
+
+        if (new_state == m->state)
+                return 0;
+
+        if (m->control_pid > 0 &&
+            pid_is_unwaited(m->control_pid) &&
+            mount_state_active(new_state)) {
+
+                r = unit_watch_pid(UNIT(m), m->control_pid);
+                if (r < 0)
+                        return r;
+
+                r = mount_arm_timer(m, usec_add(u->state_change_timestamp.monotonic, m->timeout_usec));
+                if (r < 0)
+                        return r;
+        }
+
+        mount_set_state(m, new_state);
+        return 0;
+}
+
+static void mount_dump(Unit *u, FILE *f, const char *prefix) {
+        Mount *m = MOUNT(u);
+        MountParameters *p;
+
+        assert(m);
+        assert(f);
+
+        p = get_mount_parameters(m);
+
+        fprintf(f,
+                "%sMount State: %s\n"
+                "%sResult: %s\n"
+                "%sWhere: %s\n"
+                "%sWhat: %s\n"
+                "%sFile System Type: %s\n"
+                "%sOptions: %s\n"
+                "%sFrom /proc/self/mountinfo: %s\n"
+                "%sFrom fragment: %s\n"
+                "%sDirectoryMode: %04o\n",
+                prefix, mount_state_to_string(m->state),
+                prefix, mount_result_to_string(m->result),
+                prefix, m->where,
+                prefix, p ? strna(p->what) : "n/a",
+                prefix, p ? strna(p->fstype) : "n/a",
+                prefix, p ? strna(p->options) : "n/a",
+                prefix, yes_no(m->from_proc_self_mountinfo),
+                prefix, yes_no(m->from_fragment),
+                prefix, m->directory_mode);
+
+        if (m->control_pid > 0)
+                fprintf(f,
+                        "%sControl PID: "PID_FMT"\n",
+                        prefix, m->control_pid);
+
+        exec_context_dump(&m->exec_context, f, prefix);
+        kill_context_dump(&m->kill_context, f, prefix);
+}
+
+static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
+        pid_t pid;
+        int r;
+        ExecParameters exec_params = {
+                .apply_permissions = true,
+                .apply_chroot      = true,
+                .apply_tty_stdin   = true,
+                .stdin_fd          = -1,
+                .stdout_fd         = -1,
+                .stderr_fd         = -1,
+        };
+
+        assert(m);
+        assert(c);
+        assert(_pid);
+
+        (void) unit_realize_cgroup(UNIT(m));
+        if (m->reset_cpu_usage) {
+                (void) unit_reset_cpu_usage(UNIT(m));
+                m->reset_cpu_usage = false;
+        }
+
+        r = unit_setup_exec_runtime(UNIT(m));
+        if (r < 0)
+                return r;
+
+        r = mount_arm_timer(m, usec_add(now(CLOCK_MONOTONIC), m->timeout_usec));
+        if (r < 0)
+                return r;
+
+        exec_params.environment = UNIT(m)->manager->environment;
+        exec_params.confirm_spawn = UNIT(m)->manager->confirm_spawn;
+        exec_params.cgroup_supported = UNIT(m)->manager->cgroup_supported;
+        exec_params.cgroup_path = UNIT(m)->cgroup_path;
+        exec_params.cgroup_delegate = m->cgroup_context.delegate;
+        exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(m)->manager);
+
+        r = exec_spawn(UNIT(m),
+                       c,
+                       &m->exec_context,
+                       &exec_params,
+                       m->exec_runtime,
+                       &pid);
+        if (r < 0)
+                return r;
+
+        r = unit_watch_pid(UNIT(m), pid);
+        if (r < 0)
+                /* FIXME: we need to do something here */
+                return r;
+
+        *_pid = pid;
+
+        return 0;
+}
+
+static void mount_enter_dead(Mount *m, MountResult f) {
+        assert(m);
+
+        if (f != MOUNT_SUCCESS)
+                m->result = f;
+
+        exec_runtime_destroy(m->exec_runtime);
+        m->exec_runtime = exec_runtime_unref(m->exec_runtime);
+
+        exec_context_destroy_runtime_directory(&m->exec_context, manager_get_runtime_prefix(UNIT(m)->manager));
+
+        mount_set_state(m, m->result != MOUNT_SUCCESS ? MOUNT_FAILED : MOUNT_DEAD);
+}
+
+static void mount_enter_mounted(Mount *m, MountResult f) {
+        assert(m);
+
+        if (f != MOUNT_SUCCESS)
+                m->result = f;
+
+        mount_set_state(m, MOUNT_MOUNTED);
+}
+
+static void mount_enter_signal(Mount *m, MountState state, MountResult f) {
+        int r;
+
+        assert(m);
+
+        if (f != MOUNT_SUCCESS)
+                m->result = f;
+
+        r = unit_kill_context(
+                        UNIT(m),
+                        &m->kill_context,
+                        (state != MOUNT_MOUNTING_SIGTERM && state != MOUNT_UNMOUNTING_SIGTERM && state != MOUNT_REMOUNTING_SIGTERM) ?
+                        KILL_KILL : KILL_TERMINATE,
+                        -1,
+                        m->control_pid,
+                        false);
+        if (r < 0)
+                goto fail;
+
+        if (r > 0) {
+                r = mount_arm_timer(m, usec_add(now(CLOCK_MONOTONIC), m->timeout_usec));
+                if (r < 0)
+                        goto fail;
+
+                mount_set_state(m, state);
+        } else if (state == MOUNT_REMOUNTING_SIGTERM)
+                mount_enter_signal(m, MOUNT_REMOUNTING_SIGKILL, MOUNT_SUCCESS);
+        else if (state == MOUNT_REMOUNTING_SIGKILL)
+                mount_enter_mounted(m, MOUNT_SUCCESS);
+        else if (state == MOUNT_MOUNTING_SIGTERM)
+                mount_enter_signal(m, MOUNT_MOUNTING_SIGKILL, MOUNT_SUCCESS);
+        else if (state == MOUNT_UNMOUNTING_SIGTERM)
+                mount_enter_signal(m, MOUNT_UNMOUNTING_SIGKILL, MOUNT_SUCCESS);
+        else
+                mount_enter_dead(m, MOUNT_SUCCESS);
+
+        return;
+
+fail:
+        log_unit_warning_errno(UNIT(m), r, "Failed to kill processes: %m");
+
+        if (state == MOUNT_REMOUNTING_SIGTERM || state == MOUNT_REMOUNTING_SIGKILL)
+                mount_enter_mounted(m, MOUNT_FAILURE_RESOURCES);
+        else
+                mount_enter_dead(m, MOUNT_FAILURE_RESOURCES);
+}
+
+static void mount_enter_unmounting(Mount *m) {
+        int r;
+
+        assert(m);
+
+        /* Start counting our attempts */
+        if (!IN_SET(m->state,
+                    MOUNT_UNMOUNTING,
+                    MOUNT_UNMOUNTING_SIGTERM,
+                    MOUNT_UNMOUNTING_SIGKILL))
+                m->n_retry_umount = 0;
+
+        m->control_command_id = MOUNT_EXEC_UNMOUNT;
+        m->control_command = m->exec_command + MOUNT_EXEC_UNMOUNT;
+
+        r = exec_command_set(m->control_command, UMOUNT_PATH, m->where, NULL);
+        if (r < 0)
+                goto fail;
+
+        mount_unwatch_control_pid(m);
+
+        r = mount_spawn(m, m->control_command, &m->control_pid);
+        if (r < 0)
+                goto fail;
+
+        mount_set_state(m, MOUNT_UNMOUNTING);
+
+        return;
+
+fail:
+        log_unit_warning_errno(UNIT(m), r, "Failed to run 'umount' task: %m");
+        mount_enter_mounted(m, MOUNT_FAILURE_RESOURCES);
+}
+
+static int mount_get_opts(Mount *m, char **ret) {
+        return fstab_filter_options(m->parameters_fragment.options,
+                                    "nofail\0" "noauto\0" "auto\0", NULL, NULL, ret);
+}
+
+static void mount_enter_mounting(Mount *m) {
+        int r;
+        MountParameters *p;
+
+        assert(m);
+
+        m->control_command_id = MOUNT_EXEC_MOUNT;
+        m->control_command = m->exec_command + MOUNT_EXEC_MOUNT;
+
+        r = unit_fail_if_symlink(UNIT(m), m->where);
+        if (r < 0)
+                goto fail;
+
+        (void) mkdir_p_label(m->where, m->directory_mode);
+
+        unit_warn_if_dir_nonempty(UNIT(m), m->where);
+
+        /* Create the source directory for bind-mounts if needed */
+        p = get_mount_parameters_fragment(m);
+        if (p && mount_is_bind(p))
+                (void) mkdir_p_label(p->what, m->directory_mode);
+
+        if (m->from_fragment) {
+                _cleanup_free_ char *opts = NULL;
+
+                r = mount_get_opts(m, &opts);
+                if (r < 0)
+                        goto fail;
+
+                r = exec_command_set(m->control_command, MOUNT_PATH,
+                                     m->parameters_fragment.what, m->where, NULL);
+                if (r >= 0 && m->sloppy_options)
+                        r = exec_command_append(m->control_command, "-s", NULL);
+                if (r >= 0 && m->parameters_fragment.fstype)
+                        r = exec_command_append(m->control_command, "-t", m->parameters_fragment.fstype, NULL);
+                if (r >= 0 && !isempty(opts))
+                        r = exec_command_append(m->control_command, "-o", opts, NULL);
+        } else
+                r = -ENOENT;
+
+        if (r < 0)
+                goto fail;
+
+        mount_unwatch_control_pid(m);
+
+        r = mount_spawn(m, m->control_command, &m->control_pid);
+        if (r < 0)
+                goto fail;
+
+        mount_set_state(m, MOUNT_MOUNTING);
+
+        return;
+
+fail:
+        log_unit_warning_errno(UNIT(m), r, "Failed to run 'mount' task: %m");
+        mount_enter_dead(m, MOUNT_FAILURE_RESOURCES);
+}
+
+static void mount_enter_remounting(Mount *m) {
+        int r;
+
+        assert(m);
+
+        m->control_command_id = MOUNT_EXEC_REMOUNT;
+        m->control_command = m->exec_command + MOUNT_EXEC_REMOUNT;
+
+        if (m->from_fragment) {
+                const char *o;
+
+                if (m->parameters_fragment.options)
+                        o = strjoina("remount,", m->parameters_fragment.options);
+                else
+                        o = "remount";
+
+                r = exec_command_set(m->control_command, MOUNT_PATH,
+                                     m->parameters_fragment.what, m->where,
+                                     "-o", o, NULL);
+                if (r >= 0 && m->sloppy_options)
+                        r = exec_command_append(m->control_command, "-s", NULL);
+                if (r >= 0 && m->parameters_fragment.fstype)
+                        r = exec_command_append(m->control_command, "-t", m->parameters_fragment.fstype, NULL);
+        } else
+                r = -ENOENT;
+
+        if (r < 0)
+                goto fail;
+
+        mount_unwatch_control_pid(m);
+
+        r = mount_spawn(m, m->control_command, &m->control_pid);
+        if (r < 0)
+                goto fail;
+
+        mount_set_state(m, MOUNT_REMOUNTING);
+
+        return;
+
+fail:
+        log_unit_warning_errno(UNIT(m), r, "Failed to run 'remount' task: %m");
+        m->reload_result = MOUNT_FAILURE_RESOURCES;
+        mount_enter_mounted(m, MOUNT_SUCCESS);
+}
+
+static int mount_start(Unit *u) {
+        Mount *m = MOUNT(u);
+        int r;
+
+        assert(m);
+
+        /* We cannot fulfill this request right now, try again later
+         * please! */
+        if (m->state == MOUNT_UNMOUNTING ||
+            m->state == MOUNT_UNMOUNTING_SIGTERM ||
+            m->state == MOUNT_UNMOUNTING_SIGKILL ||
+            m->state == MOUNT_MOUNTING_SIGTERM ||
+            m->state == MOUNT_MOUNTING_SIGKILL)
+                return -EAGAIN;
+
+        /* Already on it! */
+        if (m->state == MOUNT_MOUNTING)
+                return 0;
+
+        assert(m->state == MOUNT_DEAD || m->state == MOUNT_FAILED);
+
+        r = unit_start_limit_test(u);
+        if (r < 0) {
+                mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
+                return r;
+        }
+
+        m->result = MOUNT_SUCCESS;
+        m->reload_result = MOUNT_SUCCESS;
+        m->reset_cpu_usage = true;
+
+        mount_enter_mounting(m);
+        return 1;
+}
+
+static int mount_stop(Unit *u) {
+        Mount *m = MOUNT(u);
+
+        assert(m);
+
+        /* Already on it */
+        if (m->state == MOUNT_UNMOUNTING ||
+            m->state == MOUNT_UNMOUNTING_SIGKILL ||
+            m->state == MOUNT_UNMOUNTING_SIGTERM ||
+            m->state == MOUNT_MOUNTING_SIGTERM ||
+            m->state == MOUNT_MOUNTING_SIGKILL)
+                return 0;
+
+        assert(m->state == MOUNT_MOUNTING ||
+               m->state == MOUNT_MOUNTING_DONE ||
+               m->state == MOUNT_MOUNTED ||
+               m->state == MOUNT_REMOUNTING ||
+               m->state == MOUNT_REMOUNTING_SIGTERM ||
+               m->state == MOUNT_REMOUNTING_SIGKILL);
+
+        mount_enter_unmounting(m);
+        return 1;
+}
+
+static int mount_reload(Unit *u) {
+        Mount *m = MOUNT(u);
+
+        assert(m);
+
+        if (m->state == MOUNT_MOUNTING_DONE)
+                return -EAGAIN;
+
+        assert(m->state == MOUNT_MOUNTED);
+
+        mount_enter_remounting(m);
+        return 1;
+}
+
+static int mount_serialize(Unit *u, FILE *f, FDSet *fds) {
+        Mount *m = MOUNT(u);
+
+        assert(m);
+        assert(f);
+        assert(fds);
+
+        unit_serialize_item(u, f, "state", mount_state_to_string(m->state));
+        unit_serialize_item(u, f, "result", mount_result_to_string(m->result));
+        unit_serialize_item(u, f, "reload-result", mount_result_to_string(m->reload_result));
+
+        if (m->control_pid > 0)
+                unit_serialize_item_format(u, f, "control-pid", PID_FMT, m->control_pid);
+
+        if (m->control_command_id >= 0)
+                unit_serialize_item(u, f, "control-command", mount_exec_command_to_string(m->control_command_id));
+
+        return 0;
+}
+
+static int mount_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
+        Mount *m = MOUNT(u);
+
+        assert(u);
+        assert(key);
+        assert(value);
+        assert(fds);
+
+        if (streq(key, "state")) {
+                MountState state;
+
+                if ((state = mount_state_from_string(value)) < 0)
+                        log_unit_debug(u, "Failed to parse state value: %s", value);
+                else
+                        m->deserialized_state = state;
+        } else if (streq(key, "result")) {
+                MountResult f;
+
+                f = mount_result_from_string(value);
+                if (f < 0)
+                        log_unit_debug(u, "Failed to parse result value: %s", value);
+                else if (f != MOUNT_SUCCESS)
+                        m->result = f;
+
+        } else if (streq(key, "reload-result")) {
+                MountResult f;
+
+                f = mount_result_from_string(value);
+                if (f < 0)
+                        log_unit_debug(u, "Failed to parse reload result value: %s", value);
+                else if (f != MOUNT_SUCCESS)
+                        m->reload_result = f;
+
+        } else if (streq(key, "control-pid")) {
+                pid_t pid;
+
+                if (parse_pid(value, &pid) < 0)
+                        log_unit_debug(u, "Failed to parse control-pid value: %s", value);
+                else
+                        m->control_pid = pid;
+        } else if (streq(key, "control-command")) {
+                MountExecCommand id;
+
+                id = mount_exec_command_from_string(value);
+                if (id < 0)
+                        log_unit_debug(u, "Failed to parse exec-command value: %s", value);
+                else {
+                        m->control_command_id = id;
+                        m->control_command = m->exec_command + id;
+                }
+        } else
+                log_unit_debug(u, "Unknown serialization key: %s", key);
+
+        return 0;
+}
+
+_pure_ static UnitActiveState mount_active_state(Unit *u) {
+        assert(u);
+
+        return state_translation_table[MOUNT(u)->state];
+}
+
+_pure_ static const char *mount_sub_state_to_string(Unit *u) {
+        assert(u);
+
+        return mount_state_to_string(MOUNT(u)->state);
+}
+
+_pure_ static bool mount_check_gc(Unit *u) {
+        Mount *m = MOUNT(u);
+
+        assert(m);
+
+        return m->from_proc_self_mountinfo;
+}
+
+static void mount_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+        Mount *m = MOUNT(u);
+        MountResult f;
+
+        assert(m);
+        assert(pid >= 0);
+
+        if (pid != m->control_pid)
+                return;
+
+        m->control_pid = 0;
+
+        if (is_clean_exit(code, status, NULL))
+                f = MOUNT_SUCCESS;
+        else if (code == CLD_EXITED)
+                f = MOUNT_FAILURE_EXIT_CODE;
+        else if (code == CLD_KILLED)
+                f = MOUNT_FAILURE_SIGNAL;
+        else if (code == CLD_DUMPED)
+                f = MOUNT_FAILURE_CORE_DUMP;
+        else
+                assert_not_reached("Unknown code");
+
+        if (f != MOUNT_SUCCESS)
+                m->result = f;
+
+        if (m->control_command) {
+                exec_status_exit(&m->control_command->exec_status, &m->exec_context, pid, code, status);
+
+                m->control_command = NULL;
+                m->control_command_id = _MOUNT_EXEC_COMMAND_INVALID;
+        }
+
+        log_unit_full(u, f == MOUNT_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
+                      "Mount process exited, code=%s status=%i", sigchld_code_to_string(code), status);
+
+        /* Note that mount(8) returning and the kernel sending us a
+         * mount table change event might happen out-of-order. If an
+         * operation succeed we assume the kernel will follow soon too
+         * and already change into the resulting state.  If it fails
+         * we check if the kernel still knows about the mount. and
+         * change state accordingly. */
+
+        switch (m->state) {
+
+        case MOUNT_MOUNTING:
+        case MOUNT_MOUNTING_DONE:
+        case MOUNT_MOUNTING_SIGKILL:
+        case MOUNT_MOUNTING_SIGTERM:
+
+                if (f == MOUNT_SUCCESS)
+                        mount_enter_mounted(m, f);
+                else if (m->from_proc_self_mountinfo)
+                        mount_enter_mounted(m, f);
+                else
+                        mount_enter_dead(m, f);
+                break;
+
+        case MOUNT_REMOUNTING:
+        case MOUNT_REMOUNTING_SIGKILL:
+        case MOUNT_REMOUNTING_SIGTERM:
+
+                m->reload_result = f;
+                if (m->from_proc_self_mountinfo)
+                        mount_enter_mounted(m, MOUNT_SUCCESS);
+                else
+                        mount_enter_dead(m, MOUNT_SUCCESS);
+
+                break;
+
+        case MOUNT_UNMOUNTING:
+        case MOUNT_UNMOUNTING_SIGKILL:
+        case MOUNT_UNMOUNTING_SIGTERM:
+
+                if (f == MOUNT_SUCCESS) {
+
+                        if (m->from_proc_self_mountinfo) {
+
+                                /* Still a mount point? If so, let's
+                                 * try again. Most likely there were
+                                 * multiple mount points stacked on
+                                 * top of each other. Note that due to
+                                 * the io event priority logic we can
+                                 * be sure the new mountinfo is loaded
+                                 * before we process the SIGCHLD for
+                                 * the mount command. */
+
+                                if (m->n_retry_umount < RETRY_UMOUNT_MAX) {
+                                        log_unit_debug(u, "Mount still present, trying again.");
+                                        m->n_retry_umount++;
+                                        mount_enter_unmounting(m);
+                                } else {
+                                        log_unit_debug(u, "Mount still present after %u attempts to unmount, giving up.", m->n_retry_umount);
+                                        mount_enter_mounted(m, f);
+                                }
+                        } else
+                                mount_enter_dead(m, f);
+
+                } else if (m->from_proc_self_mountinfo)
+                        mount_enter_mounted(m, f);
+                else
+                        mount_enter_dead(m, f);
+                break;
+
+        default:
+                assert_not_reached("Uh, control process died at wrong time.");
+        }
+
+        /* Notify clients about changed exit status */
+        unit_add_to_dbus_queue(u);
+}
+
+static int mount_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
+        Mount *m = MOUNT(userdata);
+
+        assert(m);
+        assert(m->timer_event_source == source);
+
+        switch (m->state) {
+
+        case MOUNT_MOUNTING:
+        case MOUNT_MOUNTING_DONE:
+                log_unit_warning(UNIT(m), "Mounting timed out. Stopping.");
+                mount_enter_signal(m, MOUNT_MOUNTING_SIGTERM, MOUNT_FAILURE_TIMEOUT);
+                break;
+
+        case MOUNT_REMOUNTING:
+                log_unit_warning(UNIT(m), "Remounting timed out. Stopping.");
+                m->reload_result = MOUNT_FAILURE_TIMEOUT;
+                mount_enter_mounted(m, MOUNT_SUCCESS);
+                break;
+
+        case MOUNT_UNMOUNTING:
+                log_unit_warning(UNIT(m), "Unmounting timed out. Stopping.");
+                mount_enter_signal(m, MOUNT_UNMOUNTING_SIGTERM, MOUNT_FAILURE_TIMEOUT);
+                break;
+
+        case MOUNT_MOUNTING_SIGTERM:
+                if (m->kill_context.send_sigkill) {
+                        log_unit_warning(UNIT(m), "Mounting timed out. Killing.");
+                        mount_enter_signal(m, MOUNT_MOUNTING_SIGKILL, MOUNT_FAILURE_TIMEOUT);
+                } else {
+                        log_unit_warning(UNIT(m), "Mounting timed out. Skipping SIGKILL. Ignoring.");
+
+                        if (m->from_proc_self_mountinfo)
+                                mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
+                        else
+                                mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
+                }
+                break;
+
+        case MOUNT_REMOUNTING_SIGTERM:
+                if (m->kill_context.send_sigkill) {
+                        log_unit_warning(UNIT(m), "Remounting timed out. Killing.");
+                        mount_enter_signal(m, MOUNT_REMOUNTING_SIGKILL, MOUNT_FAILURE_TIMEOUT);
+                } else {
+                        log_unit_warning(UNIT(m), "Remounting timed out. Skipping SIGKILL. Ignoring.");
+
+                        if (m->from_proc_self_mountinfo)
+                                mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
+                        else
+                                mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
+                }
+                break;
+
+        case MOUNT_UNMOUNTING_SIGTERM:
+                if (m->kill_context.send_sigkill) {
+                        log_unit_warning(UNIT(m), "Unmounting timed out. Killing.");
+                        mount_enter_signal(m, MOUNT_UNMOUNTING_SIGKILL, MOUNT_FAILURE_TIMEOUT);
+                } else {
+                        log_unit_warning(UNIT(m), "Unmounting timed out. Skipping SIGKILL. Ignoring.");
+
+                        if (m->from_proc_self_mountinfo)
+                                mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
+                        else
+                                mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
+                }
+                break;
+
+        case MOUNT_MOUNTING_SIGKILL:
+        case MOUNT_REMOUNTING_SIGKILL:
+        case MOUNT_UNMOUNTING_SIGKILL:
+                log_unit_warning(UNIT(m),"Mount process still around after SIGKILL. Ignoring.");
+
+                if (m->from_proc_self_mountinfo)
+                        mount_enter_mounted(m, MOUNT_FAILURE_TIMEOUT);
+                else
+                        mount_enter_dead(m, MOUNT_FAILURE_TIMEOUT);
+                break;
+
+        default:
+                assert_not_reached("Timeout at wrong time.");
+        }
+
+        return 0;
+}
+
+static int mount_setup_unit(
+                Manager *m,
+                const char *what,
+                const char *where,
+                const char *options,
+                const char *fstype,
+                bool set_flags) {
+
+        _cleanup_free_ char *e = NULL, *w = NULL, *o = NULL, *f = NULL;
+        bool load_extras = false;
+        MountParameters *p;
+        bool delete, changed = false;
+        Unit *u;
+        int r;
+
+        assert(m);
+        assert(what);
+        assert(where);
+        assert(options);
+        assert(fstype);
+
+        /* Ignore API mount points. They should never be referenced in
+         * dependencies ever. */
+        if (mount_point_is_api(where) || mount_point_ignore(where))
+                return 0;
+
+        if (streq(fstype, "autofs"))
+                return 0;
+
+        /* probably some kind of swap, ignore */
+        if (!is_path(where))
+                return 0;
+
+        r = unit_name_from_path(where, ".mount", &e);
+        if (r < 0)
+                return r;
+
+        u = manager_get_unit(m, e);
+        if (!u) {
+                delete = true;
+
+                u = unit_new(m, sizeof(Mount));
+                if (!u)
+                        return log_oom();
+
+                r = unit_add_name(u, e);
+                if (r < 0)
+                        goto fail;
+
+                MOUNT(u)->where = strdup(where);
+                if (!MOUNT(u)->where) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                u->source_path = strdup("/proc/self/mountinfo");
+                if (!u->source_path) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                if (MANAGER_IS_SYSTEM(m)) {
+                        const char* target;
+
+                        target = mount_needs_network(options, fstype) ?  SPECIAL_REMOTE_FS_TARGET : SPECIAL_LOCAL_FS_TARGET;
+                        r = unit_add_dependency_by_name(u, UNIT_BEFORE, target, NULL, true);
+                        if (r < 0)
+                                goto fail;
+
+                        if (should_umount(MOUNT(u))) {
+                                r = unit_add_dependency_by_name(u, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
+                                if (r < 0)
+                                        goto fail;
+                        }
+                }
+
+                unit_add_to_load_queue(u);
+                changed = true;
+        } else {
+                delete = false;
+
+                if (!MOUNT(u)->where) {
+                        MOUNT(u)->where = strdup(where);
+                        if (!MOUNT(u)->where) {
+                                r = -ENOMEM;
+                                goto fail;
+                        }
+                }
+
+                if (MANAGER_IS_SYSTEM(m) &&
+                    mount_needs_network(options, fstype)) {
+                        /* _netdev option may have shown up late, or on a
+                         * remount. Add remote-fs dependencies, even though
+                         * local-fs ones may already be there. */
+                        unit_add_dependency_by_name(u, UNIT_BEFORE, SPECIAL_REMOTE_FS_TARGET, NULL, true);
+                        load_extras = true;
+                }
+
+                if (u->load_state == UNIT_NOT_FOUND) {
+                        u->load_state = UNIT_LOADED;
+                        u->load_error = 0;
+
+                        /* Load in the extras later on, after we
+                         * finished initialization of the unit */
+                        load_extras = true;
+                        changed = true;
+                }
+        }
+
+        w = strdup(what);
+        o = strdup(options);
+        f = strdup(fstype);
+        if (!w || !o || !f) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        p = &MOUNT(u)->parameters_proc_self_mountinfo;
+
+        changed = changed ||
+                !streq_ptr(p->options, options) ||
+                !streq_ptr(p->what, what) ||
+                !streq_ptr(p->fstype, fstype);
+
+        if (set_flags) {
+                MOUNT(u)->is_mounted = true;
+                MOUNT(u)->just_mounted = !MOUNT(u)->from_proc_self_mountinfo;
+                MOUNT(u)->just_changed = changed;
+        }
+
+        MOUNT(u)->from_proc_self_mountinfo = true;
+
+        free(p->what);
+        p->what = w;
+        w = NULL;
+
+        free(p->options);
+        p->options = o;
+        o = NULL;
+
+        free(p->fstype);
+        p->fstype = f;
+        f = NULL;
+
+        if (load_extras) {
+                r = mount_add_extras(MOUNT(u));
+                if (r < 0)
+                        goto fail;
+        }
+
+        if (changed)
+                unit_add_to_dbus_queue(u);
+
+        return 0;
+
+fail:
+        log_warning_errno(r, "Failed to set up mount unit: %m");
+
+        if (delete && u)
+                unit_free(u);
+
+        return r;
+}
+
+static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
+        _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
+        _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
+        int r = 0;
+
+        assert(m);
+
+        t = mnt_new_table();
+        if (!t)
+                return log_oom();
+
+        i = mnt_new_iter(MNT_ITER_FORWARD);
+        if (!i)
+                return log_oom();
+
+        r = mnt_table_parse_mtab(t, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m");
+
+        r = 0;
+        for (;;) {
+                const char *device, *path, *options, *fstype;
+                _cleanup_free_ char *d = NULL, *p = NULL;
+                struct libmnt_fs *fs;
+                int k;
+
+                k = mnt_table_next_fs(t, i, &fs);
+                if (k == 1)
+                        break;
+                if (k < 0)
+                        return log_error_errno(k, "Failed to get next entry from /proc/self/mountinfo: %m");
+
+                device = mnt_fs_get_source(fs);
+                path = mnt_fs_get_target(fs);
+                options = mnt_fs_get_options(fs);
+                fstype = mnt_fs_get_fstype(fs);
+
+                if (!device || !path)
+                        continue;
+
+                if (cunescape(device, UNESCAPE_RELAX, &d) < 0)
+                        return log_oom();
+
+                if (cunescape(path, UNESCAPE_RELAX, &p) < 0)
+                        return log_oom();
+
+                (void) device_found_node(m, d, true, DEVICE_FOUND_MOUNT, set_flags);
+
+                k = mount_setup_unit(m, d, p, options, fstype, set_flags);
+                if (r == 0 && k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static void mount_shutdown(Manager *m) {
+
+        assert(m);
+
+        m->mount_event_source = sd_event_source_unref(m->mount_event_source);
+
+        mnt_unref_monitor(m->mount_monitor);
+        m->mount_monitor = NULL;
+}
+
+static int mount_get_timeout(Unit *u, usec_t *timeout) {
+        Mount *m = MOUNT(u);
+        usec_t t;
+        int r;
+
+        if (!m->timer_event_source)
+                return 0;
+
+        r = sd_event_source_get_time(m->timer_event_source, &t);
+        if (r < 0)
+                return r;
+        if (t == USEC_INFINITY)
+                return 0;
+
+        *timeout = t;
+        return 1;
+}
+
+static void mount_enumerate(Manager *m) {
+        int r;
+
+        assert(m);
+
+        mnt_init_debug(0);
+
+        if (!m->mount_monitor) {
+                int fd;
+
+                m->mount_monitor = mnt_new_monitor();
+                if (!m->mount_monitor) {
+                        log_oom();
+                        goto fail;
+                }
+
+                r = mnt_monitor_enable_kernel(m->mount_monitor, 1);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to enable watching of kernel mount events: %m");
+                        goto fail;
+                }
+
+                r = mnt_monitor_enable_userspace(m->mount_monitor, 1, NULL);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to enable watching of userspace mount events: %m");
+                        goto fail;
+                }
+
+                /* mnt_unref_monitor() will close the fd */
+                fd = r = mnt_monitor_get_fd(m->mount_monitor);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to acquire watch file descriptor: %m");
+                        goto fail;
+                }
+
+                r = sd_event_add_io(m->event, &m->mount_event_source, fd, EPOLLIN, mount_dispatch_io, m);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to watch mount file descriptor: %m");
+                        goto fail;
+                }
+
+                r = sd_event_source_set_priority(m->mount_event_source, -10);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to adjust mount watch priority: %m");
+                        goto fail;
+                }
+
+                (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch");
+        }
+
+        r = mount_load_proc_self_mountinfo(m, false);
+        if (r < 0)
+                goto fail;
+
+        return;
+
+fail:
+        mount_shutdown(m);
+}
+
+static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        _cleanup_set_free_ Set *around = NULL, *gone = NULL;
+        Manager *m = userdata;
+        const char *what;
+        Iterator i;
+        Unit *u;
+        int r;
+
+        assert(m);
+        assert(revents & EPOLLIN);
+
+        if (fd == mnt_monitor_get_fd(m->mount_monitor)) {
+                bool rescan = false;
+
+                /* Drain all events and verify that the event is valid.
+                 *
+                 * Note that libmount also monitors /run/mount mkdir if the
+                 * directory does not exist yet. The mkdir may generate event
+                 * which is irrelevant for us.
+                 *
+                 * error: r < 0; valid: r == 0, false positive: rc == 1 */
+                do {
+                        r = mnt_monitor_next_change(m->mount_monitor, NULL, NULL);
+                        if (r == 0)
+                                rescan = true;
+                        else if (r < 0)
+                                return log_error_errno(r, "Failed to drain libmount events");
+                } while (r == 0);
+
+                log_debug("libmount event [rescan: %s]", yes_no(rescan));
+                if (!rescan)
+                        return 0;
+        }
+
+        r = mount_load_proc_self_mountinfo(m, true);
+        if (r < 0) {
+                /* Reset flags, just in case, for later calls */
+                LIST_FOREACH(units_by_type, u, m->units_by_type[UNIT_MOUNT]) {
+                        Mount *mount = MOUNT(u);
+
+                        mount->is_mounted = mount->just_mounted = mount->just_changed = false;
+                }
+
+                return 0;
+        }
+
+        manager_dispatch_load_queue(m);
+
+        LIST_FOREACH(units_by_type, u, m->units_by_type[UNIT_MOUNT]) {
+                Mount *mount = MOUNT(u);
+
+                if (!mount->is_mounted) {
+
+                        /* A mount point is not around right now. It
+                         * might be gone, or might never have
+                         * existed. */
+
+                        if (mount->from_proc_self_mountinfo &&
+                            mount->parameters_proc_self_mountinfo.what) {
+
+                                /* Remember that this device might just have disappeared */
+                                if (set_ensure_allocated(&gone, &string_hash_ops) < 0 ||
+                                    set_put(gone, mount->parameters_proc_self_mountinfo.what) < 0)
+                                        log_oom(); /* we don't care too much about OOM here... */
+                        }
+
+                        mount->from_proc_self_mountinfo = false;
+
+                        switch (mount->state) {
+
+                        case MOUNT_MOUNTED:
+                                /* This has just been unmounted by
+                                 * somebody else, follow the state
+                                 * change. */
+                                mount_enter_dead(mount, MOUNT_SUCCESS);
+                                break;
+
+                        default:
+                                break;
+                        }
+
+                } else if (mount->just_mounted || mount->just_changed) {
+
+                        /* A mount point was added or changed */
+
+                        switch (mount->state) {
+
+                        case MOUNT_DEAD:
+                        case MOUNT_FAILED:
+                                /* This has just been mounted by
+                                 * somebody else, follow the state
+                                 * change. */
+                                mount_enter_mounted(mount, MOUNT_SUCCESS);
+                                break;
+
+                        case MOUNT_MOUNTING:
+                                mount_set_state(mount, MOUNT_MOUNTING_DONE);
+                                break;
+
+                        default:
+                                /* Nothing really changed, but let's
+                                 * issue an notification call
+                                 * nonetheless, in case somebody is
+                                 * waiting for this. (e.g. file system
+                                 * ro/rw remounts.) */
+                                mount_set_state(mount, mount->state);
+                                break;
+                        }
+                }
+
+                if (mount->is_mounted &&
+                    mount->from_proc_self_mountinfo &&
+                    mount->parameters_proc_self_mountinfo.what) {
+
+                        if (set_ensure_allocated(&around, &string_hash_ops) < 0 ||
+                            set_put(around, mount->parameters_proc_self_mountinfo.what) < 0)
+                                log_oom();
+                }
+
+                /* Reset the flags for later calls */
+                mount->is_mounted = mount->just_mounted = mount->just_changed = false;
+        }
+
+        SET_FOREACH(what, gone, i) {
+                if (set_contains(around, what))
+                        continue;
+
+                /* Let the device units know that the device is no longer mounted */
+                (void) device_found_node(m, what, false, DEVICE_FOUND_MOUNT, true);
+        }
+
+        return 0;
+}
+
+static void mount_reset_failed(Unit *u) {
+        Mount *m = MOUNT(u);
+
+        assert(m);
+
+        if (m->state == MOUNT_FAILED)
+                mount_set_state(m, MOUNT_DEAD);
+
+        m->result = MOUNT_SUCCESS;
+        m->reload_result = MOUNT_SUCCESS;
+}
+
+static int mount_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
+        return unit_kill_common(u, who, signo, -1, MOUNT(u)->control_pid, error);
+}
+
+static int mount_control_pid(Unit *u) {
+        Mount *m = MOUNT(u);
+
+        assert(m);
+
+        return m->control_pid;
+}
+
+static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
+        [MOUNT_EXEC_MOUNT] = "ExecMount",
+        [MOUNT_EXEC_UNMOUNT] = "ExecUnmount",
+        [MOUNT_EXEC_REMOUNT] = "ExecRemount",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(mount_exec_command, MountExecCommand);
+
+static const char* const mount_result_table[_MOUNT_RESULT_MAX] = {
+        [MOUNT_SUCCESS] = "success",
+        [MOUNT_FAILURE_RESOURCES] = "resources",
+        [MOUNT_FAILURE_TIMEOUT] = "timeout",
+        [MOUNT_FAILURE_EXIT_CODE] = "exit-code",
+        [MOUNT_FAILURE_SIGNAL] = "signal",
+        [MOUNT_FAILURE_CORE_DUMP] = "core-dump",
+        [MOUNT_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(mount_result, MountResult);
+
+const UnitVTable mount_vtable = {
+        .object_size = sizeof(Mount),
+        .exec_context_offset = offsetof(Mount, exec_context),
+        .cgroup_context_offset = offsetof(Mount, cgroup_context),
+        .kill_context_offset = offsetof(Mount, kill_context),
+        .exec_runtime_offset = offsetof(Mount, exec_runtime),
+
+        .sections =
+                "Unit\0"
+                "Mount\0"
+                "Install\0",
+        .private_section = "Mount",
+
+        .init = mount_init,
+        .load = mount_load,
+        .done = mount_done,
+
+        .coldplug = mount_coldplug,
+
+        .dump = mount_dump,
+
+        .start = mount_start,
+        .stop = mount_stop,
+        .reload = mount_reload,
+
+        .kill = mount_kill,
+
+        .serialize = mount_serialize,
+        .deserialize_item = mount_deserialize_item,
+
+        .active_state = mount_active_state,
+        .sub_state_to_string = mount_sub_state_to_string,
+
+        .check_gc = mount_check_gc,
+
+        .sigchld_event = mount_sigchld_event,
+
+        .reset_failed = mount_reset_failed,
+
+        .control_pid = mount_control_pid,
+
+        .bus_vtable = bus_mount_vtable,
+        .bus_set_property = bus_mount_set_property,
+        .bus_commit_properties = bus_mount_commit_properties,
+
+        .get_timeout = mount_get_timeout,
+
+        .can_transient = true,
+
+        .enumerate = mount_enumerate,
+        .shutdown = mount_shutdown,
+
+        .status_message_formats = {
+                .starting_stopping = {
+                        [0] = "Mounting %s...",
+                        [1] = "Unmounting %s...",
+                },
+                .finished_start_job = {
+                        [JOB_DONE]       = "Mounted %s.",
+                        [JOB_FAILED]     = "Failed to mount %s.",
+                        [JOB_TIMEOUT]    = "Timed out mounting %s.",
+                },
+                .finished_stop_job = {
+                        [JOB_DONE]       = "Unmounted %s.",
+                        [JOB_FAILED]     = "Failed unmounting %s.",
+                        [JOB_TIMEOUT]    = "Timed out unmounting %s.",
+                },
+        },
+};
diff --git a/src/core/mount.h b/src/libcore/mount.h
index da529c44f4..da529c44f4 100644
--- a/src/core/mount.h
+++ b/src/libcore/mount.h
diff --git a/src/core/namespace.c b/src/libcore/namespace.c
index 203d122810..203d122810 100644
--- a/src/core/namespace.c
+++ b/src/libcore/namespace.c
diff --git a/src/core/namespace.h b/src/libcore/namespace.h
index b54b7b47d6..b54b7b47d6 100644
--- a/src/core/namespace.h
+++ b/src/libcore/namespace.h
diff --git a/src/core/path.c b/src/libcore/path.c
index 0dd0d375d8..0dd0d375d8 100644
--- a/src/core/path.c
+++ b/src/libcore/path.c
diff --git a/src/core/path.h b/src/libcore/path.h
index 4230c8fb99..4230c8fb99 100644
--- a/src/core/path.h
+++ b/src/libcore/path.h
diff --git a/src/core/scope.c b/src/libcore/scope.c
index 238f63a729..238f63a729 100644
--- a/src/core/scope.c
+++ b/src/libcore/scope.c
diff --git a/src/core/scope.h b/src/libcore/scope.h
index 2dc86325c5..2dc86325c5 100644
--- a/src/core/scope.h
+++ b/src/libcore/scope.h
diff --git a/src/libcore/selinux-access.c b/src/libcore/selinux-access.c
new file mode 100644
index 0000000000..2c04fb0a8f
--- /dev/null
+++ b/src/libcore/selinux-access.c
@@ -0,0 +1,283 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Dan Walsh
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include "selinux-access.h"
+
+#ifdef HAVE_SELINUX
+
+#include <errno.h>
+#include <selinux/avc.h>
+#include <selinux/selinux.h>
+#include <stdio.h>
+#ifdef HAVE_AUDIT
+#include <libaudit.h>
+#endif
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "audit-fd.h"
+#include "bus-util.h"
+#include "log.h"
+#include "path-util.h"
+#include "selinux-util.h"
+#include "stdio-util.h"
+#include "strv.h"
+#include "util.h"
+
+static bool initialized = false;
+
+struct audit_info {
+        sd_bus_creds *creds;
+        const char *path;
+        const char *cmdline;
+};
+
+/*
+   Any time an access gets denied this callback will be called
+   with the audit data.  We then need to just copy the audit data into the msgbuf.
+*/
+static int audit_callback(
+                void *auditdata,
+                security_class_t cls,
+                char *msgbuf,
+                size_t msgbufsize) {
+
+        const struct audit_info *audit = auditdata;
+        uid_t uid = 0, login_uid = 0;
+        gid_t gid = 0;
+        char login_uid_buf[DECIMAL_STR_MAX(uid_t) + 1] = "n/a";
+        char uid_buf[DECIMAL_STR_MAX(uid_t) + 1] = "n/a";
+        char gid_buf[DECIMAL_STR_MAX(gid_t) + 1] = "n/a";
+
+        if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
+                xsprintf(login_uid_buf, UID_FMT, login_uid);
+        if (sd_bus_creds_get_euid(audit->creds, &uid) >= 0)
+                xsprintf(uid_buf, UID_FMT, uid);
+        if (sd_bus_creds_get_egid(audit->creds, &gid) >= 0)
+                xsprintf(gid_buf, GID_FMT, gid);
+
+        snprintf(msgbuf, msgbufsize,
+                 "auid=%s uid=%s gid=%s%s%s%s%s%s%s",
+                 login_uid_buf, uid_buf, gid_buf,
+                 audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
+                 audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
+
+        return 0;
+}
+
+static int callback_type_to_priority(int type) {
+        switch(type) {
+
+        case SELINUX_ERROR:
+                return LOG_ERR;
+
+        case SELINUX_WARNING:
+                return LOG_WARNING;
+
+        case SELINUX_INFO:
+                return LOG_INFO;
+
+        case SELINUX_AVC:
+        default:
+                return LOG_NOTICE;
+        }
+}
+
+/*
+   libselinux uses this callback when access gets denied or other
+   events happen. If audit is turned on, messages will be reported
+   using audit netlink, otherwise they will be logged using the usual
+   channels.
+
+   Code copied from dbus and modified.
+*/
+_printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
+        va_list ap;
+        const char *fmt2;
+
+#ifdef HAVE_AUDIT
+        int fd;
+
+        fd = get_audit_fd();
+
+        if (fd >= 0) {
+                _cleanup_free_ char *buf = NULL;
+                int r;
+
+                va_start(ap, fmt);
+                r = vasprintf(&buf, fmt, ap);
+                va_end(ap);
+
+                if (r >= 0) {
+                        audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
+                        return 0;
+                }
+        }
+#endif
+
+        fmt2 = strjoina("selinux: ", fmt);
+
+        va_start(ap, fmt);
+        log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt2, ap);
+        va_end(ap);
+
+        return 0;
+}
+
+static int access_init(sd_bus_error *error) {
+
+        if (!mac_selinux_use())
+                return 0;
+
+        if (initialized)
+                return 1;
+
+        if (avc_open(NULL, 0) != 0) {
+                int enforce, saved_errno = errno;
+
+                enforce = security_getenforce();
+                log_full_errno(enforce != 0 ? LOG_ERR : LOG_WARNING, saved_errno, "Failed to open the SELinux AVC: %m");
+
+                /* If enforcement isn't on, then let's suppress this
+                 * error, and just don't do any AVC checks. The
+                 * warning we printed is hence all the admin will
+                 * see. */
+                if (enforce == 0)
+                        return 0;
+
+                /* Return an access denied error, if we couldn't load
+                 * the AVC but enforcing mode was on, or we couldn't
+                 * determine whether it is one. */
+                return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to open the SELinux AVC: %s", strerror(saved_errno));
+        }
+
+        selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) audit_callback);
+        selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) log_callback);
+
+        initialized = true;
+        return 1;
+}
+
+/*
+   This function communicates with the kernel to check whether or not it should
+   allow the access.
+   If the machine is in permissive mode it will return ok.  Audit messages will
+   still be generated if the access would be denied in enforcing mode.
+*/
+int mac_selinux_generic_access_check(
+                sd_bus_message *message,
+                const char *path,
+                const char *permission,
+                sd_bus_error *error) {
+
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        const char *tclass = NULL, *scon = NULL;
+        struct audit_info audit_info = {};
+        _cleanup_free_ char *cl = NULL;
+        security_context_t fcon = NULL;
+        char **cmdline = NULL;
+        int r = 0;
+
+        assert(message);
+        assert(permission);
+        assert(error);
+
+        r = access_init(error);
+        if (r <= 0)
+                return r;
+
+        r = sd_bus_query_sender_creds(
+                        message,
+                        SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
+                        SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
+                        SD_BUS_CREDS_SELINUX_CONTEXT|
+                        SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
+                        &creds);
+        if (r < 0)
+                goto finish;
+
+        /* The SELinux context is something we really should have
+         * gotten directly from the message or sender, and not be an
+         * augmented field. If it was augmented we cannot use it for
+         * authorization, since this is racy and vulnerable. Let's add
+         * an extra check, just in case, even though this really
+         * shouldn't be possible. */
+        assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_SELINUX_CONTEXT) == 0, -EPERM);
+
+        r = sd_bus_creds_get_selinux_context(creds, &scon);
+        if (r < 0)
+                goto finish;
+
+        if (path) {
+                /* Get the file context of the unit file */
+
+                r = getfilecon_raw(path, &fcon);
+                if (r < 0) {
+                        r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get file context on %s.", path);
+                        goto finish;
+                }
+
+                tclass = "service";
+        } else {
+                r = getcon_raw(&fcon);
+                if (r < 0) {
+                        r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get current context.");
+                        goto finish;
+                }
+
+                tclass = "system";
+        }
+
+        sd_bus_creds_get_cmdline(creds, &cmdline);
+        cl = strv_join(cmdline, " ");
+
+        audit_info.creds = creds;
+        audit_info.path = path;
+        audit_info.cmdline = cl;
+
+        r = selinux_check_access(scon, fcon, tclass, permission, &audit_info);
+        if (r < 0)
+                r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
+
+        log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, cl, r);
+
+finish:
+        freecon(fcon);
+
+        if (r < 0 && security_getenforce() != 1) {
+                sd_bus_error_free(error);
+                r = 0;
+        }
+
+        return r;
+}
+
+#else
+
+int mac_selinux_generic_access_check(
+                sd_bus_message *message,
+                const char *path,
+                const char *permission,
+                sd_bus_error *error) {
+
+        return 0;
+}
+
+#endif
diff --git a/src/libcore/selinux-access.h b/src/libcore/selinux-access.h
new file mode 100644
index 0000000000..cbf33ef6c4
--- /dev/null
+++ b/src/libcore/selinux-access.h
@@ -0,0 +1,45 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Dan Walsh
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "bus-util.h"
+#include "manager.h"
+
+int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
+
+#ifdef HAVE_SELINUX
+
+#define mac_selinux_access_check(message, permission, error) \
+        mac_selinux_generic_access_check((message), NULL, (permission), (error))
+
+#define mac_selinux_unit_access_check(unit, message, permission, error) \
+        ({                                                              \
+                Unit *_unit = (unit);                                   \
+                mac_selinux_generic_access_check((message), _unit->source_path ?: _unit->fragment_path, (permission), (error)); \
+        })
+
+#else
+
+#define mac_selinux_access_check(message, permission, error) 0
+#define mac_selinux_unit_access_check(unit, message, permission, error) 0
+
+#endif
diff --git a/src/core/selinux-setup.c b/src/libcore/selinux-setup.c
index 4072df58e6..4072df58e6 100644
--- a/src/core/selinux-setup.c
+++ b/src/libcore/selinux-setup.c
diff --git a/src/core/selinux-setup.h b/src/libcore/selinux-setup.h
index 7b613249b0..7b613249b0 100644
--- a/src/core/selinux-setup.h
+++ b/src/libcore/selinux-setup.h
diff --git a/src/core/service.c b/src/libcore/service.c
index 7ebabca5d6..7ebabca5d6 100644
--- a/src/core/service.c
+++ b/src/libcore/service.c
diff --git a/src/core/service.h b/src/libcore/service.h
index 4af3d40439..4af3d40439 100644
--- a/src/core/service.h
+++ b/src/libcore/service.h
diff --git a/src/core/show-status.c b/src/libcore/show-status.c
index 59ebdc7219..59ebdc7219 100644
--- a/src/core/show-status.c
+++ b/src/libcore/show-status.c
diff --git a/src/core/show-status.h b/src/libcore/show-status.h
index 9a29e72645..9a29e72645 100644
--- a/src/core/show-status.h
+++ b/src/libcore/show-status.h
diff --git a/src/core/slice.c b/src/libcore/slice.c
index c7700b8857..c7700b8857 100644
--- a/src/core/slice.c
+++ b/src/libcore/slice.c
diff --git a/src/core/slice.h b/src/libcore/slice.h
index c9f3f61067..c9f3f61067 100644
--- a/src/core/slice.h
+++ b/src/libcore/slice.h
diff --git a/src/core/smack-setup.c b/src/libcore/smack-setup.c
index 5a6d11cfa1..5a6d11cfa1 100644
--- a/src/core/smack-setup.c
+++ b/src/libcore/smack-setup.c
diff --git a/src/core/smack-setup.h b/src/libcore/smack-setup.h
index 78164c85e6..78164c85e6 100644
--- a/src/core/smack-setup.h
+++ b/src/libcore/smack-setup.h
diff --git a/src/core/socket.c b/src/libcore/socket.c
index f6204d04bf..f6204d04bf 100644
--- a/src/core/socket.c
+++ b/src/libcore/socket.c
diff --git a/src/core/socket.h b/src/libcore/socket.h
index 0f1ac69c6f..0f1ac69c6f 100644
--- a/src/core/socket.h
+++ b/src/libcore/socket.h
diff --git a/src/core/swap.c b/src/libcore/swap.c
index a532b15be8..a532b15be8 100644
--- a/src/core/swap.c
+++ b/src/libcore/swap.c
diff --git a/src/core/swap.h b/src/libcore/swap.h
index fbf66debdc..fbf66debdc 100644
--- a/src/core/swap.h
+++ b/src/libcore/swap.h
diff --git a/src/core/target.c b/src/libcore/target.c
index 61a91aad07..61a91aad07 100644
--- a/src/core/target.c
+++ b/src/libcore/target.c
diff --git a/src/core/target.h b/src/libcore/target.h
index 339aea154e..339aea154e 100644
--- a/src/core/target.h
+++ b/src/libcore/target.h
diff --git a/src/core/timer.c b/src/libcore/timer.c
index 3206296f09..3206296f09 100644
--- a/src/core/timer.c
+++ b/src/libcore/timer.c
diff --git a/src/core/timer.h b/src/libcore/timer.h
index 9c4b64f898..9c4b64f898 100644
--- a/src/core/timer.h
+++ b/src/libcore/timer.h
diff --git a/src/core/transaction.c b/src/libcore/transaction.c
index e06a48a2f1..e06a48a2f1 100644
--- a/src/core/transaction.c
+++ b/src/libcore/transaction.c
diff --git a/src/core/transaction.h b/src/libcore/transaction.h
index 6a3f927b0f..6a3f927b0f 100644
--- a/src/core/transaction.h
+++ b/src/libcore/transaction.h
diff --git a/src/core/unit-printf.c b/src/libcore/unit-printf.c
index f11df42af3..f11df42af3 100644
--- a/src/core/unit-printf.c
+++ b/src/libcore/unit-printf.c
diff --git a/src/core/unit-printf.h b/src/libcore/unit-printf.h
index 4fc8531228..4fc8531228 100644
--- a/src/core/unit-printf.h
+++ b/src/libcore/unit-printf.h
diff --git a/src/libcore/unit.c b/src/libcore/unit.c
new file mode 100644
index 0000000000..8bd39f87f9
--- /dev/null
+++ b/src/libcore/unit.c
@@ -0,0 +1,3818 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+#include <systemd/sd-messages.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "bus-util.h"
+#include "cgroup-util.h"
+#include "dbus-unit.h"
+#include "dbus.h"
+#include "dropin.h"
+#include "escape.h"
+#include "execute.h"
+#include "fileio-label.h"
+#include "formats-util.h"
+#include "load-dropin.h"
+#include "load-fragment.h"
+#include "log.h"
+#include "macro.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "set.h"
+#include "signal-util.h"
+#include "special.h"
+#include "stat-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "umask-util.h"
+#include "unit-name.h"
+#include "unit.h"
+#include "user-util.h"
+#include "virt.h"
+
+const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
+        [UNIT_SERVICE] = &service_vtable,
+        [UNIT_SOCKET] = &socket_vtable,
+        [UNIT_BUSNAME] = &busname_vtable,
+        [UNIT_TARGET] = &target_vtable,
+        [UNIT_DEVICE] = &device_vtable,
+        [UNIT_MOUNT] = &mount_vtable,
+        [UNIT_AUTOMOUNT] = &automount_vtable,
+        [UNIT_SWAP] = &swap_vtable,
+        [UNIT_TIMER] = &timer_vtable,
+        [UNIT_PATH] = &path_vtable,
+        [UNIT_SLICE] = &slice_vtable,
+        [UNIT_SCOPE] = &scope_vtable
+};
+
+static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency);
+
+Unit *unit_new(Manager *m, size_t size) {
+        Unit *u;
+
+        assert(m);
+        assert(size >= sizeof(Unit));
+
+        u = malloc0(size);
+        if (!u)
+                return NULL;
+
+        u->names = set_new(&string_hash_ops);
+        if (!u->names) {
+                free(u);
+                return NULL;
+        }
+
+        u->manager = m;
+        u->type = _UNIT_TYPE_INVALID;
+        u->default_dependencies = true;
+        u->unit_file_state = _UNIT_FILE_STATE_INVALID;
+        u->unit_file_preset = -1;
+        u->on_failure_job_mode = JOB_REPLACE;
+        u->cgroup_inotify_wd = -1;
+        u->job_timeout = USEC_INFINITY;
+
+        RATELIMIT_INIT(u->start_limit, m->default_start_limit_interval, m->default_start_limit_burst);
+        RATELIMIT_INIT(u->auto_stop_ratelimit, 10 * USEC_PER_SEC, 16);
+
+        return u;
+}
+
+bool unit_has_name(Unit *u, const char *name) {
+        assert(u);
+        assert(name);
+
+        return !!set_get(u->names, (char*) name);
+}
+
+static void unit_init(Unit *u) {
+        CGroupContext *cc;
+        ExecContext *ec;
+        KillContext *kc;
+
+        assert(u);
+        assert(u->manager);
+        assert(u->type >= 0);
+
+        cc = unit_get_cgroup_context(u);
+        if (cc) {
+                cgroup_context_init(cc);
+
+                /* Copy in the manager defaults into the cgroup
+                 * context, _before_ the rest of the settings have
+                 * been initialized */
+
+                cc->cpu_accounting = u->manager->default_cpu_accounting;
+                cc->io_accounting = u->manager->default_io_accounting;
+                cc->blockio_accounting = u->manager->default_blockio_accounting;
+                cc->memory_accounting = u->manager->default_memory_accounting;
+                cc->tasks_accounting = u->manager->default_tasks_accounting;
+
+                if (u->type != UNIT_SLICE)
+                        cc->tasks_max = u->manager->default_tasks_max;
+        }
+
+        ec = unit_get_exec_context(u);
+        if (ec)
+                exec_context_init(ec);
+
+        kc = unit_get_kill_context(u);
+        if (kc)
+                kill_context_init(kc);
+
+        if (UNIT_VTABLE(u)->init)
+                UNIT_VTABLE(u)->init(u);
+}
+
+int unit_add_name(Unit *u, const char *text) {
+        _cleanup_free_ char *s = NULL, *i = NULL;
+        UnitType t;
+        int r;
+
+        assert(u);
+        assert(text);
+
+        if (unit_name_is_valid(text, UNIT_NAME_TEMPLATE)) {
+
+                if (!u->instance)
+                        return -EINVAL;
+
+                r = unit_name_replace_instance(text, u->instance, &s);
+                if (r < 0)
+                        return r;
+        } else {
+                s = strdup(text);
+                if (!s)
+                        return -ENOMEM;
+        }
+
+        if (set_contains(u->names, s))
+                return 0;
+        if (hashmap_contains(u->manager->units, s))
+                return -EEXIST;
+
+        if (!unit_name_is_valid(s, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
+                return -EINVAL;
+
+        t = unit_name_to_type(s);
+        if (t < 0)
+                return -EINVAL;
+
+        if (u->type != _UNIT_TYPE_INVALID && t != u->type)
+                return -EINVAL;
+
+        r = unit_name_to_instance(s, &i);
+        if (r < 0)
+                return r;
+
+        if (i && !unit_type_may_template(t))
+                return -EINVAL;
+
+        /* Ensure that this unit is either instanced or not instanced,
+         * but not both. Note that we do allow names with different
+         * instance names however! */
+        if (u->type != _UNIT_TYPE_INVALID && !u->instance != !i)
+                return -EINVAL;
+
+        if (!unit_type_may_alias(t) && !set_isempty(u->names))
+                return -EEXIST;
+
+        if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES)
+                return -E2BIG;
+
+        r = set_put(u->names, s);
+        if (r < 0)
+                return r;
+        assert(r > 0);
+
+        r = hashmap_put(u->manager->units, s, u);
+        if (r < 0) {
+                (void) set_remove(u->names, s);
+                return r;
+        }
+
+        if (u->type == _UNIT_TYPE_INVALID) {
+                u->type = t;
+                u->id = s;
+                u->instance = i;
+
+                LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u);
+
+                unit_init(u);
+
+                i = NULL;
+        }
+
+        s = NULL;
+
+        unit_add_to_dbus_queue(u);
+        return 0;
+}
+
+int unit_choose_id(Unit *u, const char *name) {
+        _cleanup_free_ char *t = NULL;
+        char *s, *i;
+        int r;
+
+        assert(u);
+        assert(name);
+
+        if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
+
+                if (!u->instance)
+                        return -EINVAL;
+
+                r = unit_name_replace_instance(name, u->instance, &t);
+                if (r < 0)
+                        return r;
+
+                name = t;
+        }
+
+        /* Selects one of the names of this unit as the id */
+        s = set_get(u->names, (char*) name);
+        if (!s)
+                return -ENOENT;
+
+        /* Determine the new instance from the new id */
+        r = unit_name_to_instance(s, &i);
+        if (r < 0)
+                return r;
+
+        u->id = s;
+
+        free(u->instance);
+        u->instance = i;
+
+        unit_add_to_dbus_queue(u);
+
+        return 0;
+}
+
+int unit_set_description(Unit *u, const char *description) {
+        char *s;
+
+        assert(u);
+
+        if (isempty(description))
+                s = NULL;
+        else {
+                s = strdup(description);
+                if (!s)
+                        return -ENOMEM;
+        }
+
+        free(u->description);
+        u->description = s;
+
+        unit_add_to_dbus_queue(u);
+        return 0;
+}
+
+bool unit_check_gc(Unit *u) {
+        UnitActiveState state;
+        assert(u);
+
+        if (u->job)
+                return true;
+
+        if (u->nop_job)
+                return true;
+
+        state = unit_active_state(u);
+
+        /* If the unit is inactive and failed and no job is queued for
+         * it, then release its runtime resources */
+        if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
+            UNIT_VTABLE(u)->release_resources)
+                UNIT_VTABLE(u)->release_resources(u);
+
+        /* But we keep the unit object around for longer when it is
+         * referenced or configured to not be gc'ed */
+        if (state != UNIT_INACTIVE)
+                return true;
+
+        if (u->no_gc)
+                return true;
+
+        if (u->refs)
+                return true;
+
+        if (UNIT_VTABLE(u)->check_gc)
+                if (UNIT_VTABLE(u)->check_gc(u))
+                        return true;
+
+        return false;
+}
+
+void unit_add_to_load_queue(Unit *u) {
+        assert(u);
+        assert(u->type != _UNIT_TYPE_INVALID);
+
+        if (u->load_state != UNIT_STUB || u->in_load_queue)
+                return;
+
+        LIST_PREPEND(load_queue, u->manager->load_queue, u);
+        u->in_load_queue = true;
+}
+
+void unit_add_to_cleanup_queue(Unit *u) {
+        assert(u);
+
+        if (u->in_cleanup_queue)
+                return;
+
+        LIST_PREPEND(cleanup_queue, u->manager->cleanup_queue, u);
+        u->in_cleanup_queue = true;
+}
+
+void unit_add_to_gc_queue(Unit *u) {
+        assert(u);
+
+        if (u->in_gc_queue || u->in_cleanup_queue)
+                return;
+
+        if (unit_check_gc(u))
+                return;
+
+        LIST_PREPEND(gc_queue, u->manager->gc_queue, u);
+        u->in_gc_queue = true;
+
+        u->manager->n_in_gc_queue++;
+}
+
+void unit_add_to_dbus_queue(Unit *u) {
+        assert(u);
+        assert(u->type != _UNIT_TYPE_INVALID);
+
+        if (u->load_state == UNIT_STUB || u->in_dbus_queue)
+                return;
+
+        /* Shortcut things if nobody cares */
+        if (sd_bus_track_count(u->manager->subscribed) <= 0 &&
+            set_isempty(u->manager->private_buses)) {
+                u->sent_dbus_new_signal = true;
+                return;
+        }
+
+        LIST_PREPEND(dbus_queue, u->manager->dbus_unit_queue, u);
+        u->in_dbus_queue = true;
+}
+
+static void bidi_set_free(Unit *u, Set *s) {
+        Iterator i;
+        Unit *other;
+
+        assert(u);
+
+        /* Frees the set and makes sure we are dropped from the
+         * inverse pointers */
+
+        SET_FOREACH(other, s, i) {
+                UnitDependency d;
+
+                for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
+                        set_remove(other->dependencies[d], u);
+
+                unit_add_to_gc_queue(other);
+        }
+
+        set_free(s);
+}
+
+static void unit_remove_transient(Unit *u) {
+        char **i;
+
+        assert(u);
+
+        if (!u->transient)
+                return;
+
+        if (u->fragment_path)
+                (void) unlink(u->fragment_path);
+
+        STRV_FOREACH(i, u->dropin_paths) {
+                _cleanup_free_ char *p = NULL, *pp = NULL;
+
+                p = dirname_malloc(*i); /* Get the drop-in directory from the drop-in file */
+                if (!p)
+                        continue;
+
+                pp = dirname_malloc(p); /* Get the config directory from the drop-in directory */
+                if (!pp)
+                        continue;
+
+                /* Only drop transient drop-ins */
+                if (!path_equal(u->manager->lookup_paths.transient, pp))
+                        continue;
+
+                (void) unlink(*i);
+                (void) rmdir(p);
+        }
+}
+
+static void unit_free_requires_mounts_for(Unit *u) {
+        char **j;
+
+        STRV_FOREACH(j, u->requires_mounts_for) {
+                char s[strlen(*j) + 1];
+
+                PATH_FOREACH_PREFIX_MORE(s, *j) {
+                        char *y;
+                        Set *x;
+
+                        x = hashmap_get2(u->manager->units_requiring_mounts_for, s, (void**) &y);
+                        if (!x)
+                                continue;
+
+                        set_remove(x, u);
+
+                        if (set_isempty(x)) {
+                                hashmap_remove(u->manager->units_requiring_mounts_for, y);
+                                free(y);
+                                set_free(x);
+                        }
+                }
+        }
+
+        u->requires_mounts_for = strv_free(u->requires_mounts_for);
+}
+
+static void unit_done(Unit *u) {
+        ExecContext *ec;
+        CGroupContext *cc;
+
+        assert(u);
+
+        if (u->type < 0)
+                return;
+
+        if (UNIT_VTABLE(u)->done)
+                UNIT_VTABLE(u)->done(u);
+
+        ec = unit_get_exec_context(u);
+        if (ec)
+                exec_context_done(ec);
+
+        cc = unit_get_cgroup_context(u);
+        if (cc)
+                cgroup_context_done(cc);
+}
+
+void unit_free(Unit *u) {
+        UnitDependency d;
+        Iterator i;
+        char *t;
+
+        assert(u);
+
+        if (u->transient_file)
+                fclose(u->transient_file);
+
+        if (!MANAGER_IS_RELOADING(u->manager))
+                unit_remove_transient(u);
+
+        bus_unit_send_removed_signal(u);
+
+        unit_done(u);
+
+        sd_bus_slot_unref(u->match_bus_slot);
+
+        unit_free_requires_mounts_for(u);
+
+        SET_FOREACH(t, u->names, i)
+                hashmap_remove_value(u->manager->units, t, u);
+
+        if (u->job) {
+                Job *j = u->job;
+                job_uninstall(j);
+                job_free(j);
+        }
+
+        if (u->nop_job) {
+                Job *j = u->nop_job;
+                job_uninstall(j);
+                job_free(j);
+        }
+
+        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
+                bidi_set_free(u, u->dependencies[d]);
+
+        if (u->type != _UNIT_TYPE_INVALID)
+                LIST_REMOVE(units_by_type, u->manager->units_by_type[u->type], u);
+
+        if (u->in_load_queue)
+                LIST_REMOVE(load_queue, u->manager->load_queue, u);
+
+        if (u->in_dbus_queue)
+                LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
+
+        if (u->in_cleanup_queue)
+                LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
+
+        if (u->in_gc_queue) {
+                LIST_REMOVE(gc_queue, u->manager->gc_queue, u);
+                u->manager->n_in_gc_queue--;
+        }
+
+        if (u->in_cgroup_queue)
+                LIST_REMOVE(cgroup_queue, u->manager->cgroup_queue, u);
+
+        unit_release_cgroup(u);
+
+        (void) manager_update_failed_units(u->manager, u, false);
+        set_remove(u->manager->startup_units, u);
+
+        free(u->description);
+        strv_free(u->documentation);
+        free(u->fragment_path);
+        free(u->source_path);
+        strv_free(u->dropin_paths);
+        free(u->instance);
+
+        free(u->job_timeout_reboot_arg);
+
+        set_free_free(u->names);
+
+        unit_unwatch_all_pids(u);
+
+        condition_free_list(u->conditions);
+        condition_free_list(u->asserts);
+
+        free(u->reboot_arg);
+
+        unit_ref_unset(&u->slice);
+
+        while (u->refs)
+                unit_ref_unset(u->refs);
+
+        free(u);
+}
+
+UnitActiveState unit_active_state(Unit *u) {
+        assert(u);
+
+        if (u->load_state == UNIT_MERGED)
+                return unit_active_state(unit_follow_merge(u));
+
+        /* After a reload it might happen that a unit is not correctly
+         * loaded but still has a process around. That's why we won't
+         * shortcut failed loading to UNIT_INACTIVE_FAILED. */
+
+        return UNIT_VTABLE(u)->active_state(u);
+}
+
+const char* unit_sub_state_to_string(Unit *u) {
+        assert(u);
+
+        return UNIT_VTABLE(u)->sub_state_to_string(u);
+}
+
+static int complete_move(Set **s, Set **other) {
+        int r;
+
+        assert(s);
+        assert(other);
+
+        if (!*other)
+                return 0;
+
+        if (*s) {
+                r = set_move(*s, *other);
+                if (r < 0)
+                        return r;
+        } else {
+                *s = *other;
+                *other = NULL;
+        }
+
+        return 0;
+}
+
+static int merge_names(Unit *u, Unit *other) {
+        char *t;
+        Iterator i;
+        int r;
+
+        assert(u);
+        assert(other);
+
+        r = complete_move(&u->names, &other->names);
+        if (r < 0)
+                return r;
+
+        set_free_free(other->names);
+        other->names = NULL;
+        other->id = NULL;
+
+        SET_FOREACH(t, u->names, i)
+                assert_se(hashmap_replace(u->manager->units, t, u) == 0);
+
+        return 0;
+}
+
+static int reserve_dependencies(Unit *u, Unit *other, UnitDependency d) {
+        unsigned n_reserve;
+
+        assert(u);
+        assert(other);
+        assert(d < _UNIT_DEPENDENCY_MAX);
+
+        /*
+         * If u does not have this dependency set allocated, there is no need
+         * to reserve anything. In that case other's set will be transferred
+         * as a whole to u by complete_move().
+         */
+        if (!u->dependencies[d])
+                return 0;
+
+        /* merge_dependencies() will skip a u-on-u dependency */
+        n_reserve = set_size(other->dependencies[d]) - !!set_get(other->dependencies[d], u);
+
+        return set_reserve(u->dependencies[d], n_reserve);
+}
+
+static void merge_dependencies(Unit *u, Unit *other, const char *other_id, UnitDependency d) {
+        Iterator i;
+        Unit *back;
+        int r;
+
+        assert(u);
+        assert(other);
+        assert(d < _UNIT_DEPENDENCY_MAX);
+
+        /* Fix backwards pointers */
+        SET_FOREACH(back, other->dependencies[d], i) {
+                UnitDependency k;
+
+                for (k = 0; k < _UNIT_DEPENDENCY_MAX; k++) {
+                        /* Do not add dependencies between u and itself */
+                        if (back == u) {
+                                if (set_remove(back->dependencies[k], other))
+                                        maybe_warn_about_dependency(u, other_id, k);
+                        } else {
+                                r = set_remove_and_put(back->dependencies[k], other, u);
+                                if (r == -EEXIST)
+                                        set_remove(back->dependencies[k], other);
+                                else
+                                        assert(r >= 0 || r == -ENOENT);
+                        }
+                }
+        }
+
+        /* Also do not move dependencies on u to itself */
+        back = set_remove(other->dependencies[d], u);
+        if (back)
+                maybe_warn_about_dependency(u, other_id, d);
+
+        /* The move cannot fail. The caller must have performed a reservation. */
+        assert_se(complete_move(&u->dependencies[d], &other->dependencies[d]) == 0);
+
+        other->dependencies[d] = set_free(other->dependencies[d]);
+}
+
+int unit_merge(Unit *u, Unit *other) {
+        UnitDependency d;
+        const char *other_id = NULL;
+        int r;
+
+        assert(u);
+        assert(other);
+        assert(u->manager == other->manager);
+        assert(u->type != _UNIT_TYPE_INVALID);
+
+        other = unit_follow_merge(other);
+
+        if (other == u)
+                return 0;
+
+        if (u->type != other->type)
+                return -EINVAL;
+
+        if (!u->instance != !other->instance)
+                return -EINVAL;
+
+        if (!unit_type_may_alias(u->type)) /* Merging only applies to unit names that support aliases */
+                return -EEXIST;
+
+        if (other->load_state != UNIT_STUB &&
+            other->load_state != UNIT_NOT_FOUND)
+                return -EEXIST;
+
+        if (other->job)
+                return -EEXIST;
+
+        if (other->nop_job)
+                return -EEXIST;
+
+        if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
+                return -EEXIST;
+
+        if (other->id)
+                other_id = strdupa(other->id);
+
+        /* Make reservations to ensure merge_dependencies() won't fail */
+        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
+                r = reserve_dependencies(u, other, d);
+                /*
+                 * We don't rollback reservations if we fail. We don't have
+                 * a way to undo reservations. A reservation is not a leak.
+                 */
+                if (r < 0)
+                        return r;
+        }
+
+        /* Merge names */
+        r = merge_names(u, other);
+        if (r < 0)
+                return r;
+
+        /* Redirect all references */
+        while (other->refs)
+                unit_ref_set(other->refs, u);
+
+        /* Merge dependencies */
+        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
+                merge_dependencies(u, other, other_id, d);
+
+        other->load_state = UNIT_MERGED;
+        other->merged_into = u;
+
+        /* If there is still some data attached to the other node, we
+         * don't need it anymore, and can free it. */
+        if (other->load_state != UNIT_STUB)
+                if (UNIT_VTABLE(other)->done)
+                        UNIT_VTABLE(other)->done(other);
+
+        unit_add_to_dbus_queue(u);
+        unit_add_to_cleanup_queue(other);
+
+        return 0;
+}
+
+int unit_merge_by_name(Unit *u, const char *name) {
+        _cleanup_free_ char *s = NULL;
+        Unit *other;
+        int r;
+
+        assert(u);
+        assert(name);
+
+        if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
+                if (!u->instance)
+                        return -EINVAL;
+
+                r = unit_name_replace_instance(name, u->instance, &s);
+                if (r < 0)
+                        return r;
+
+                name = s;
+        }
+
+        other = manager_get_unit(u->manager, name);
+        if (other)
+                return unit_merge(u, other);
+
+        return unit_add_name(u, name);
+}
+
+Unit* unit_follow_merge(Unit *u) {
+        assert(u);
+
+        while (u->load_state == UNIT_MERGED)
+                assert_se(u = u->merged_into);
+
+        return u;
+}
+
+int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
+        int r;
+
+        assert(u);
+        assert(c);
+
+        if (c->working_directory) {
+                r = unit_require_mounts_for(u, c->working_directory);
+                if (r < 0)
+                        return r;
+        }
+
+        if (c->root_directory) {
+                r = unit_require_mounts_for(u, c->root_directory);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!MANAGER_IS_SYSTEM(u->manager))
+                return 0;
+
+        if (c->private_tmp) {
+                r = unit_require_mounts_for(u, "/tmp");
+                if (r < 0)
+                        return r;
+
+                r = unit_require_mounts_for(u, "/var/tmp");
+                if (r < 0)
+                        return r;
+        }
+
+        if (c->std_output != EXEC_OUTPUT_KMSG &&
+            c->std_output != EXEC_OUTPUT_SYSLOG &&
+            c->std_output != EXEC_OUTPUT_JOURNAL &&
+            c->std_output != EXEC_OUTPUT_KMSG_AND_CONSOLE &&
+            c->std_output != EXEC_OUTPUT_SYSLOG_AND_CONSOLE &&
+            c->std_output != EXEC_OUTPUT_JOURNAL_AND_CONSOLE &&
+            c->std_error != EXEC_OUTPUT_KMSG &&
+            c->std_error != EXEC_OUTPUT_SYSLOG &&
+            c->std_error != EXEC_OUTPUT_JOURNAL &&
+            c->std_error != EXEC_OUTPUT_KMSG_AND_CONSOLE &&
+            c->std_error != EXEC_OUTPUT_JOURNAL_AND_CONSOLE &&
+            c->std_error != EXEC_OUTPUT_SYSLOG_AND_CONSOLE)
+                return 0;
+
+        /* If syslog or kernel logging is requested, make sure our own
+         * logging daemon is run first. */
+
+        r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, NULL, true);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+const char *unit_description(Unit *u) {
+        assert(u);
+
+        if (u->description)
+                return u->description;
+
+        return strna(u->id);
+}
+
+void unit_dump(Unit *u, FILE *f, const char *prefix) {
+        char *t, **j;
+        UnitDependency d;
+        Iterator i;
+        const char *prefix2;
+        char
+                timestamp0[FORMAT_TIMESTAMP_MAX],
+                timestamp1[FORMAT_TIMESTAMP_MAX],
+                timestamp2[FORMAT_TIMESTAMP_MAX],
+                timestamp3[FORMAT_TIMESTAMP_MAX],
+                timestamp4[FORMAT_TIMESTAMP_MAX],
+                timespan[FORMAT_TIMESPAN_MAX];
+        Unit *following;
+        _cleanup_set_free_ Set *following_set = NULL;
+        int r;
+
+        assert(u);
+        assert(u->type >= 0);
+
+        prefix = strempty(prefix);
+        prefix2 = strjoina(prefix, "\t");
+
+        fprintf(f,
+                "%s-> Unit %s:\n"
+                "%s\tDescription: %s\n"
+                "%s\tInstance: %s\n"
+                "%s\tUnit Load State: %s\n"
+                "%s\tUnit Active State: %s\n"
+                "%s\tState Change Timestamp: %s\n"
+                "%s\tInactive Exit Timestamp: %s\n"
+                "%s\tActive Enter Timestamp: %s\n"
+                "%s\tActive Exit Timestamp: %s\n"
+                "%s\tInactive Enter Timestamp: %s\n"
+                "%s\tGC Check Good: %s\n"
+                "%s\tNeed Daemon Reload: %s\n"
+                "%s\tTransient: %s\n"
+                "%s\tSlice: %s\n"
+                "%s\tCGroup: %s\n"
+                "%s\tCGroup realized: %s\n"
+                "%s\tCGroup mask: 0x%x\n"
+                "%s\tCGroup members mask: 0x%x\n",
+                prefix, u->id,
+                prefix, unit_description(u),
+                prefix, strna(u->instance),
+                prefix, unit_load_state_to_string(u->load_state),
+                prefix, unit_active_state_to_string(unit_active_state(u)),
+                prefix, strna(format_timestamp(timestamp0, sizeof(timestamp0), u->state_change_timestamp.realtime)),
+                prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->inactive_exit_timestamp.realtime)),
+                prefix, strna(format_timestamp(timestamp2, sizeof(timestamp2), u->active_enter_timestamp.realtime)),
+                prefix, strna(format_timestamp(timestamp3, sizeof(timestamp3), u->active_exit_timestamp.realtime)),
+                prefix, strna(format_timestamp(timestamp4, sizeof(timestamp4), u->inactive_enter_timestamp.realtime)),
+                prefix, yes_no(unit_check_gc(u)),
+                prefix, yes_no(unit_need_daemon_reload(u)),
+                prefix, yes_no(u->transient),
+                prefix, strna(unit_slice_name(u)),
+                prefix, strna(u->cgroup_path),
+                prefix, yes_no(u->cgroup_realized),
+                prefix, u->cgroup_realized_mask,
+                prefix, u->cgroup_members_mask);
+
+        SET_FOREACH(t, u->names, i)
+                fprintf(f, "%s\tName: %s\n", prefix, t);
+
+        STRV_FOREACH(j, u->documentation)
+                fprintf(f, "%s\tDocumentation: %s\n", prefix, *j);
+
+        following = unit_following(u);
+        if (following)
+                fprintf(f, "%s\tFollowing: %s\n", prefix, following->id);
+
+        r = unit_following_set(u, &following_set);
+        if (r >= 0) {
+                Unit *other;
+
+                SET_FOREACH(other, following_set, i)
+                        fprintf(f, "%s\tFollowing Set Member: %s\n", prefix, other->id);
+        }
+
+        if (u->fragment_path)
+                fprintf(f, "%s\tFragment Path: %s\n", prefix, u->fragment_path);
+
+        if (u->source_path)
+                fprintf(f, "%s\tSource Path: %s\n", prefix, u->source_path);
+
+        STRV_FOREACH(j, u->dropin_paths)
+                fprintf(f, "%s\tDropIn Path: %s\n", prefix, *j);
+
+        if (u->job_timeout != USEC_INFINITY)
+                fprintf(f, "%s\tJob Timeout: %s\n", prefix, format_timespan(timespan, sizeof(timespan), u->job_timeout, 0));
+
+        if (u->job_timeout_action != FAILURE_ACTION_NONE)
+                fprintf(f, "%s\tJob Timeout Action: %s\n", prefix, failure_action_to_string(u->job_timeout_action));
+
+        if (u->job_timeout_reboot_arg)
+                fprintf(f, "%s\tJob Timeout Reboot Argument: %s\n", prefix, u->job_timeout_reboot_arg);
+
+        condition_dump_list(u->conditions, f, prefix, condition_type_to_string);
+        condition_dump_list(u->asserts, f, prefix, assert_type_to_string);
+
+        if (dual_timestamp_is_set(&u->condition_timestamp))
+                fprintf(f,
+                        "%s\tCondition Timestamp: %s\n"
+                        "%s\tCondition Result: %s\n",
+                        prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->condition_timestamp.realtime)),
+                        prefix, yes_no(u->condition_result));
+
+        if (dual_timestamp_is_set(&u->assert_timestamp))
+                fprintf(f,
+                        "%s\tAssert Timestamp: %s\n"
+                        "%s\tAssert Result: %s\n",
+                        prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->assert_timestamp.realtime)),
+                        prefix, yes_no(u->assert_result));
+
+        for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
+                Unit *other;
+
+                SET_FOREACH(other, u->dependencies[d], i)
+                        fprintf(f, "%s\t%s: %s\n", prefix, unit_dependency_to_string(d), other->id);
+        }
+
+        if (!strv_isempty(u->requires_mounts_for)) {
+                fprintf(f,
+                        "%s\tRequiresMountsFor:", prefix);
+
+                STRV_FOREACH(j, u->requires_mounts_for)
+                        fprintf(f, " %s", *j);
+
+                fputs("\n", f);
+        }
+
+        if (u->load_state == UNIT_LOADED) {
+
+                fprintf(f,
+                        "%s\tStopWhenUnneeded: %s\n"
+                        "%s\tRefuseManualStart: %s\n"
+                        "%s\tRefuseManualStop: %s\n"
+                        "%s\tDefaultDependencies: %s\n"
+                        "%s\tOnFailureJobMode: %s\n"
+                        "%s\tIgnoreOnIsolate: %s\n",
+                        prefix, yes_no(u->stop_when_unneeded),
+                        prefix, yes_no(u->refuse_manual_start),
+                        prefix, yes_no(u->refuse_manual_stop),
+                        prefix, yes_no(u->default_dependencies),
+                        prefix, job_mode_to_string(u->on_failure_job_mode),
+                        prefix, yes_no(u->ignore_on_isolate));
+
+                if (UNIT_VTABLE(u)->dump)
+                        UNIT_VTABLE(u)->dump(u, f, prefix2);
+
+        } else if (u->load_state == UNIT_MERGED)
+                fprintf(f,
+                        "%s\tMerged into: %s\n",
+                        prefix, u->merged_into->id);
+        else if (u->load_state == UNIT_ERROR)
+                fprintf(f, "%s\tLoad Error Code: %s\n", prefix, strerror(-u->load_error));
+
+
+        if (u->job)
+                job_dump(u->job, f, prefix2);
+
+        if (u->nop_job)
+                job_dump(u->nop_job, f, prefix2);
+
+}
+
+/* Common implementation for multiple backends */
+int unit_load_fragment_and_dropin(Unit *u) {
+        int r;
+
+        assert(u);
+
+        /* Load a .{service,socket,...} file */
+        r = unit_load_fragment(u);
+        if (r < 0)
+                return r;
+
+        if (u->load_state == UNIT_STUB)
+                return -ENOENT;
+
+        /* Load drop-in directory data */
+        r = unit_load_dropin(unit_follow_merge(u));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+/* Common implementation for multiple backends */
+int unit_load_fragment_and_dropin_optional(Unit *u) {
+        int r;
+
+        assert(u);
+
+        /* Same as unit_load_fragment_and_dropin(), but whether
+         * something can be loaded or not doesn't matter. */
+
+        /* Load a .service file */
+        r = unit_load_fragment(u);
+        if (r < 0)
+                return r;
+
+        if (u->load_state == UNIT_STUB)
+                u->load_state = UNIT_LOADED;
+
+        /* Load drop-in directory data */
+        r = unit_load_dropin(unit_follow_merge(u));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int unit_add_default_target_dependency(Unit *u, Unit *target) {
+        assert(u);
+        assert(target);
+
+        if (target->type != UNIT_TARGET)
+                return 0;
+
+        /* Only add the dependency if both units are loaded, so that
+         * that loop check below is reliable */
+        if (u->load_state != UNIT_LOADED ||
+            target->load_state != UNIT_LOADED)
+                return 0;
+
+        /* If either side wants no automatic dependencies, then let's
+         * skip this */
+        if (!u->default_dependencies ||
+            !target->default_dependencies)
+                return 0;
+
+        /* Don't create loops */
+        if (set_get(target->dependencies[UNIT_BEFORE], u))
+                return 0;
+
+        return unit_add_dependency(target, UNIT_AFTER, u, true);
+}
+
+static int unit_add_target_dependencies(Unit *u) {
+
+        static const UnitDependency deps[] = {
+                UNIT_REQUIRED_BY,
+                UNIT_REQUISITE_OF,
+                UNIT_WANTED_BY,
+                UNIT_BOUND_BY
+        };
+
+        Unit *target;
+        Iterator i;
+        unsigned k;
+        int r = 0;
+
+        assert(u);
+
+        for (k = 0; k < ELEMENTSOF(deps); k++)
+                SET_FOREACH(target, u->dependencies[deps[k]], i) {
+                        r = unit_add_default_target_dependency(u, target);
+                        if (r < 0)
+                                return r;
+                }
+
+        return r;
+}
+
+static int unit_add_slice_dependencies(Unit *u) {
+        assert(u);
+
+        if (!UNIT_HAS_CGROUP_CONTEXT(u))
+                return 0;
+
+        if (UNIT_ISSET(u->slice))
+                return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_REQUIRES, UNIT_DEREF(u->slice), true);
+
+        if (unit_has_name(u, SPECIAL_ROOT_SLICE))
+                return 0;
+
+        return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_ROOT_SLICE, NULL, true);
+}
+
+static int unit_add_mount_dependencies(Unit *u) {
+        char **i;
+        int r;
+
+        assert(u);
+
+        STRV_FOREACH(i, u->requires_mounts_for) {
+                char prefix[strlen(*i) + 1];
+
+                PATH_FOREACH_PREFIX_MORE(prefix, *i) {
+                        _cleanup_free_ char *p = NULL;
+                        Unit *m;
+
+                        r = unit_name_from_path(prefix, ".mount", &p);
+                        if (r < 0)
+                                return r;
+
+                        m = manager_get_unit(u->manager, p);
+                        if (!m) {
+                                /* Make sure to load the mount unit if
+                                 * it exists. If so the dependencies
+                                 * on this unit will be added later
+                                 * during the loading of the mount
+                                 * unit. */
+                                (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m);
+                                continue;
+                        }
+                        if (m == u)
+                                continue;
+
+                        if (m->load_state != UNIT_LOADED)
+                                continue;
+
+                        r = unit_add_dependency(u, UNIT_AFTER, m, true);
+                        if (r < 0)
+                                return r;
+
+                        if (m->fragment_path) {
+                                r = unit_add_dependency(u, UNIT_REQUIRES, m, true);
+                                if (r < 0)
+                                        return r;
+                        }
+                }
+        }
+
+        return 0;
+}
+
+static int unit_add_startup_units(Unit *u) {
+        CGroupContext *c;
+        int r;
+
+        c = unit_get_cgroup_context(u);
+        if (!c)
+                return 0;
+
+        if (c->startup_cpu_shares == CGROUP_CPU_SHARES_INVALID &&
+            c->startup_io_weight == CGROUP_WEIGHT_INVALID &&
+            c->startup_blockio_weight == CGROUP_BLKIO_WEIGHT_INVALID)
+                return 0;
+
+        r = set_ensure_allocated(&u->manager->startup_units, NULL);
+        if (r < 0)
+                return r;
+
+        return set_put(u->manager->startup_units, u);
+}
+
+int unit_load(Unit *u) {
+        int r;
+
+        assert(u);
+
+        if (u->in_load_queue) {
+                LIST_REMOVE(load_queue, u->manager->load_queue, u);
+                u->in_load_queue = false;
+        }
+
+        if (u->type == _UNIT_TYPE_INVALID)
+                return -EINVAL;
+
+        if (u->load_state != UNIT_STUB)
+                return 0;
+
+        if (u->transient_file) {
+                r = fflush_and_check(u->transient_file);
+                if (r < 0)
+                        goto fail;
+
+                fclose(u->transient_file);
+                u->transient_file = NULL;
+
+                u->fragment_mtime = now(CLOCK_REALTIME);
+        }
+
+        if (UNIT_VTABLE(u)->load) {
+                r = UNIT_VTABLE(u)->load(u);
+                if (r < 0)
+                        goto fail;
+        }
+
+        if (u->load_state == UNIT_STUB) {
+                r = -ENOENT;
+                goto fail;
+        }
+
+        if (u->load_state == UNIT_LOADED) {
+
+                r = unit_add_target_dependencies(u);
+                if (r < 0)
+                        goto fail;
+
+                r = unit_add_slice_dependencies(u);
+                if (r < 0)
+                        goto fail;
+
+                r = unit_add_mount_dependencies(u);
+                if (r < 0)
+                        goto fail;
+
+                r = unit_add_startup_units(u);
+                if (r < 0)
+                        goto fail;
+
+                if (u->on_failure_job_mode == JOB_ISOLATE && set_size(u->dependencies[UNIT_ON_FAILURE]) > 1) {
+                        log_unit_error(u, "More than one OnFailure= dependencies specified but OnFailureJobMode=isolate set. Refusing.");
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                unit_update_cgroup_members_masks(u);
+        }
+
+        assert((u->load_state != UNIT_MERGED) == !u->merged_into);
+
+        unit_add_to_dbus_queue(unit_follow_merge(u));
+        unit_add_to_gc_queue(u);
+
+        return 0;
+
+fail:
+        u->load_state = u->load_state == UNIT_STUB ? UNIT_NOT_FOUND : UNIT_ERROR;
+        u->load_error = r;
+        unit_add_to_dbus_queue(u);
+        unit_add_to_gc_queue(u);
+
+        log_unit_debug_errno(u, r, "Failed to load configuration: %m");
+
+        return r;
+}
+
+static bool unit_condition_test_list(Unit *u, Condition *first, const char *(*to_string)(ConditionType t)) {
+        Condition *c;
+        int triggered = -1;
+
+        assert(u);
+        assert(to_string);
+
+        /* If the condition list is empty, then it is true */
+        if (!first)
+                return true;
+
+        /* Otherwise, if all of the non-trigger conditions apply and
+         * if any of the trigger conditions apply (unless there are
+         * none) we return true */
+        LIST_FOREACH(conditions, c, first) {
+                int r;
+
+                r = condition_test(c);
+                if (r < 0)
+                        log_unit_warning(u,
+                                         "Couldn't determine result for %s=%s%s%s, assuming failed: %m",
+                                         to_string(c->type),
+                                         c->trigger ? "|" : "",
+                                         c->negate ? "!" : "",
+                                         c->parameter);
+                else
+                        log_unit_debug(u,
+                                       "%s=%s%s%s %s.",
+                                       to_string(c->type),
+                                       c->trigger ? "|" : "",
+                                       c->negate ? "!" : "",
+                                       c->parameter,
+                                       condition_result_to_string(c->result));
+
+                if (!c->trigger && r <= 0)
+                        return false;
+
+                if (c->trigger && triggered <= 0)
+                        triggered = r > 0;
+        }
+
+        return triggered != 0;
+}
+
+static bool unit_condition_test(Unit *u) {
+        assert(u);
+
+        dual_timestamp_get(&u->condition_timestamp);
+        u->condition_result = unit_condition_test_list(u, u->conditions, condition_type_to_string);
+
+        return u->condition_result;
+}
+
+static bool unit_assert_test(Unit *u) {
+        assert(u);
+
+        dual_timestamp_get(&u->assert_timestamp);
+        u->assert_result = unit_condition_test_list(u, u->asserts, assert_type_to_string);
+
+        return u->assert_result;
+}
+
+void unit_status_printf(Unit *u, const char *status, const char *unit_status_msg_format) {
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        manager_status_printf(u->manager, STATUS_TYPE_NORMAL, status, unit_status_msg_format, unit_description(u));
+        REENABLE_WARNING;
+}
+
+_pure_ static const char* unit_get_status_message_format(Unit *u, JobType t) {
+        const char *format;
+        const UnitStatusMessageFormats *format_table;
+
+        assert(u);
+        assert(IN_SET(t, JOB_START, JOB_STOP, JOB_RELOAD));
+
+        if (t != JOB_RELOAD) {
+                format_table = &UNIT_VTABLE(u)->status_message_formats;
+                if (format_table) {
+                        format = format_table->starting_stopping[t == JOB_STOP];
+                        if (format)
+                                return format;
+                }
+        }
+
+        /* Return generic strings */
+        if (t == JOB_START)
+                return "Starting %s.";
+        else if (t == JOB_STOP)
+                return "Stopping %s.";
+        else
+                return "Reloading %s.";
+}
+
+static void unit_status_print_starting_stopping(Unit *u, JobType t) {
+        const char *format;
+
+        assert(u);
+
+        /* Reload status messages have traditionally not been printed to console. */
+        if (!IN_SET(t, JOB_START, JOB_STOP))
+                return;
+
+        format = unit_get_status_message_format(u, t);
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        unit_status_printf(u, "", format);
+        REENABLE_WARNING;
+}
+
+static void unit_status_log_starting_stopping_reloading(Unit *u, JobType t) {
+        const char *format;
+        char buf[LINE_MAX];
+        sd_id128_t mid;
+
+        assert(u);
+
+        if (!IN_SET(t, JOB_START, JOB_STOP, JOB_RELOAD))
+                return;
+
+        if (log_on_console())
+                return;
+
+        /* We log status messages for all units and all operations. */
+
+        format = unit_get_status_message_format(u, t);
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        xsprintf(buf, format, unit_description(u));
+        REENABLE_WARNING;
+
+        mid = t == JOB_START ? SD_MESSAGE_UNIT_STARTING :
+              t == JOB_STOP  ? SD_MESSAGE_UNIT_STOPPING :
+                               SD_MESSAGE_UNIT_RELOADING;
+
+        /* Note that we deliberately use LOG_MESSAGE() instead of
+         * LOG_UNIT_MESSAGE() here, since this is supposed to mimic
+         * closely what is written to screen using the status output,
+         * which is supposed the highest level, friendliest output
+         * possible, which means we should avoid the low-level unit
+         * name. */
+        log_struct(LOG_INFO,
+                   LOG_MESSAGE_ID(mid),
+                   LOG_UNIT_ID(u),
+                   LOG_MESSAGE("%s", buf),
+                   NULL);
+}
+
+void unit_status_emit_starting_stopping_reloading(Unit *u, JobType t) {
+        assert(u);
+        assert(t >= 0);
+        assert(t < _JOB_TYPE_MAX);
+
+        unit_status_log_starting_stopping_reloading(u, t);
+        unit_status_print_starting_stopping(u, t);
+}
+
+int unit_start_limit_test(Unit *u) {
+        assert(u);
+
+        if (ratelimit_test(&u->start_limit)) {
+                u->start_limit_hit = false;
+                return 0;
+        }
+
+        log_unit_warning(u, "Start request repeated too quickly.");
+        u->start_limit_hit = true;
+
+        return failure_action(u->manager, u->start_limit_action, u->reboot_arg);
+}
+
+/* Errors:
+ *         -EBADR:      This unit type does not support starting.
+ *         -EALREADY:   Unit is already started.
+ *         -EAGAIN:     An operation is already in progress. Retry later.
+ *         -ECANCELED:  Too many requests for now.
+ *         -EPROTO:     Assert failed
+ *         -EINVAL:     Unit not loaded
+ *         -EOPNOTSUPP: Unit type not supported
+ */
+int unit_start(Unit *u) {
+        UnitActiveState state;
+        Unit *following;
+
+        assert(u);
+
+        /* If this is already started, then this will succeed. Note
+         * that this will even succeed if this unit is not startable
+         * by the user. This is relied on to detect when we need to
+         * wait for units and when waiting is finished. */
+        state = unit_active_state(u);
+        if (UNIT_IS_ACTIVE_OR_RELOADING(state))
+                return -EALREADY;
+
+        /* Units that aren't loaded cannot be started */
+        if (u->load_state != UNIT_LOADED)
+                return -EINVAL;
+
+        /* If the conditions failed, don't do anything at all. If we
+         * already are activating this call might still be useful to
+         * speed up activation in case there is some hold-off time,
+         * but we don't want to recheck the condition in that case. */
+        if (state != UNIT_ACTIVATING &&
+            !unit_condition_test(u)) {
+                log_unit_debug(u, "Starting requested but condition failed. Not starting unit.");
+                return -EALREADY;
+        }
+
+        /* If the asserts failed, fail the entire job */
+        if (state != UNIT_ACTIVATING &&
+            !unit_assert_test(u)) {
+                log_unit_notice(u, "Starting requested but asserts failed.");
+                return -EPROTO;
+        }
+
+        /* Units of types that aren't supported cannot be
+         * started. Note that we do this test only after the condition
+         * checks, so that we rather return condition check errors
+         * (which are usually not considered a true failure) than "not
+         * supported" errors (which are considered a failure).
+         */
+        if (!unit_supported(u))
+                return -EOPNOTSUPP;
+
+        /* Forward to the main object, if we aren't it. */
+        following = unit_following(u);
+        if (following) {
+                log_unit_debug(u, "Redirecting start request from %s to %s.", u->id, following->id);
+                return unit_start(following);
+        }
+
+        /* If it is stopped, but we cannot start it, then fail */
+        if (!UNIT_VTABLE(u)->start)
+                return -EBADR;
+
+        /* We don't suppress calls to ->start() here when we are
+         * already starting, to allow this request to be used as a
+         * "hurry up" call, for example when the unit is in some "auto
+         * restart" state where it waits for a holdoff timer to elapse
+         * before it will start again. */
+
+        unit_add_to_dbus_queue(u);
+
+        return UNIT_VTABLE(u)->start(u);
+}
+
+bool unit_can_start(Unit *u) {
+        assert(u);
+
+        if (u->load_state != UNIT_LOADED)
+                return false;
+
+        if (!unit_supported(u))
+                return false;
+
+        return !!UNIT_VTABLE(u)->start;
+}
+
+bool unit_can_isolate(Unit *u) {
+        assert(u);
+
+        return unit_can_start(u) &&
+                u->allow_isolate;
+}
+
+/* Errors:
+ *         -EBADR:    This unit type does not support stopping.
+ *         -EALREADY: Unit is already stopped.
+ *         -EAGAIN:   An operation is already in progress. Retry later.
+ */
+int unit_stop(Unit *u) {
+        UnitActiveState state;
+        Unit *following;
+
+        assert(u);
+
+        state = unit_active_state(u);
+        if (UNIT_IS_INACTIVE_OR_FAILED(state))
+                return -EALREADY;
+
+        following = unit_following(u);
+        if (following) {
+                log_unit_debug(u, "Redirecting stop request from %s to %s.", u->id, following->id);
+                return unit_stop(following);
+        }
+
+        if (!UNIT_VTABLE(u)->stop)
+                return -EBADR;
+
+        unit_add_to_dbus_queue(u);
+
+        return UNIT_VTABLE(u)->stop(u);
+}
+
+/* Errors:
+ *         -EBADR:    This unit type does not support reloading.
+ *         -ENOEXEC:  Unit is not started.
+ *         -EAGAIN:   An operation is already in progress. Retry later.
+ */
+int unit_reload(Unit *u) {
+        UnitActiveState state;
+        Unit *following;
+
+        assert(u);
+
+        if (u->load_state != UNIT_LOADED)
+                return -EINVAL;
+
+        if (!unit_can_reload(u))
+                return -EBADR;
+
+        state = unit_active_state(u);
+        if (state == UNIT_RELOADING)
+                return -EALREADY;
+
+        if (state != UNIT_ACTIVE) {
+                log_unit_warning(u, "Unit cannot be reloaded because it is inactive.");
+                return -ENOEXEC;
+        }
+
+        following = unit_following(u);
+        if (following) {
+                log_unit_debug(u, "Redirecting reload request from %s to %s.", u->id, following->id);
+                return unit_reload(following);
+        }
+
+        unit_add_to_dbus_queue(u);
+
+        return UNIT_VTABLE(u)->reload(u);
+}
+
+bool unit_can_reload(Unit *u) {
+        assert(u);
+
+        if (!UNIT_VTABLE(u)->reload)
+                return false;
+
+        if (!UNIT_VTABLE(u)->can_reload)
+                return true;
+
+        return UNIT_VTABLE(u)->can_reload(u);
+}
+
+static void unit_check_unneeded(Unit *u) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+
+        static const UnitDependency needed_dependencies[] = {
+                UNIT_REQUIRED_BY,
+                UNIT_REQUISITE_OF,
+                UNIT_WANTED_BY,
+                UNIT_BOUND_BY,
+        };
+
+        Unit *other;
+        Iterator i;
+        unsigned j;
+        int r;
+
+        assert(u);
+
+        /* If this service shall be shut down when unneeded then do
+         * so. */
+
+        if (!u->stop_when_unneeded)
+                return;
+
+        if (!UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
+                return;
+
+        for (j = 0; j < ELEMENTSOF(needed_dependencies); j++)
+                SET_FOREACH(other, u->dependencies[needed_dependencies[j]], i)
+                        if (unit_active_or_pending(other))
+                                return;
+
+        /* If stopping a unit fails continously we might enter a stop
+         * loop here, hence stop acting on the service being
+         * unnecessary after a while. */
+        if (!ratelimit_test(&u->auto_stop_ratelimit)) {
+                log_unit_warning(u, "Unit not needed anymore, but not stopping since we tried this too often recently.");
+                return;
+        }
+
+        log_unit_info(u, "Unit not needed anymore. Stopping.");
+
+        /* Ok, nobody needs us anymore. Sniff. Then let's commit suicide */
+        r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, &error, NULL);
+        if (r < 0)
+                log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
+}
+
+static void unit_check_binds_to(Unit *u) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        bool stop = false;
+        Unit *other;
+        Iterator i;
+        int r;
+
+        assert(u);
+
+        if (u->job)
+                return;
+
+        if (unit_active_state(u) != UNIT_ACTIVE)
+                return;
+
+        SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i) {
+                if (other->job)
+                        continue;
+
+                if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
+                        continue;
+
+                stop = true;
+                break;
+        }
+
+        if (!stop)
+                return;
+
+        /* If stopping a unit fails continously we might enter a stop
+         * loop here, hence stop acting on the service being
+         * unnecessary after a while. */
+        if (!ratelimit_test(&u->auto_stop_ratelimit)) {
+                log_unit_warning(u, "Unit is bound to inactive unit %s, but not stopping since we tried this too often recently.", other->id);
+                return;
+        }
+
+        assert(other);
+        log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id);
+
+        /* A unit we need to run is gone. Sniff. Let's stop this. */
+        r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, &error, NULL);
+        if (r < 0)
+                log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
+}
+
+static void retroactively_start_dependencies(Unit *u) {
+        Iterator i;
+        Unit *other;
+
+        assert(u);
+        assert(UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)));
+
+        SET_FOREACH(other, u->dependencies[UNIT_REQUIRES], i)
+                if (!set_get(u->dependencies[UNIT_AFTER], other) &&
+                    !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
+                        manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL);
+
+        SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i)
+                if (!set_get(u->dependencies[UNIT_AFTER], other) &&
+                    !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
+                        manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL);
+
+        SET_FOREACH(other, u->dependencies[UNIT_WANTS], i)
+                if (!set_get(u->dependencies[UNIT_AFTER], other) &&
+                    !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
+                        manager_add_job(u->manager, JOB_START, other, JOB_FAIL, NULL, NULL);
+
+        SET_FOREACH(other, u->dependencies[UNIT_CONFLICTS], i)
+                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+                        manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
+
+        SET_FOREACH(other, u->dependencies[UNIT_CONFLICTED_BY], i)
+                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+                        manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
+}
+
+static void retroactively_stop_dependencies(Unit *u) {
+        Iterator i;
+        Unit *other;
+
+        assert(u);
+        assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
+
+        /* Pull down units which are bound to us recursively if enabled */
+        SET_FOREACH(other, u->dependencies[UNIT_BOUND_BY], i)
+                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+                        manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
+}
+
+static void check_unneeded_dependencies(Unit *u) {
+        Iterator i;
+        Unit *other;
+
+        assert(u);
+        assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
+
+        /* Garbage collect services that might not be needed anymore, if enabled */
+        SET_FOREACH(other, u->dependencies[UNIT_REQUIRES], i)
+                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+                        unit_check_unneeded(other);
+        SET_FOREACH(other, u->dependencies[UNIT_WANTS], i)
+                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+                        unit_check_unneeded(other);
+        SET_FOREACH(other, u->dependencies[UNIT_REQUISITE], i)
+                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+                        unit_check_unneeded(other);
+        SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i)
+                if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+                        unit_check_unneeded(other);
+}
+
+void unit_start_on_failure(Unit *u) {
+        Unit *other;
+        Iterator i;
+
+        assert(u);
+
+        if (set_size(u->dependencies[UNIT_ON_FAILURE]) <= 0)
+                return;
+
+        log_unit_info(u, "Triggering OnFailure= dependencies.");
+
+        SET_FOREACH(other, u->dependencies[UNIT_ON_FAILURE], i) {
+                int r;
+
+                r = manager_add_job(u->manager, JOB_START, other, u->on_failure_job_mode, NULL, NULL);
+                if (r < 0)
+                        log_unit_error_errno(u, r, "Failed to enqueue OnFailure= job: %m");
+        }
+}
+
+void unit_trigger_notify(Unit *u) {
+        Unit *other;
+        Iterator i;
+
+        assert(u);
+
+        SET_FOREACH(other, u->dependencies[UNIT_TRIGGERED_BY], i)
+                if (UNIT_VTABLE(other)->trigger_notify)
+                        UNIT_VTABLE(other)->trigger_notify(other, u);
+}
+
+void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_success) {
+        Manager *m;
+        bool unexpected;
+
+        assert(u);
+        assert(os < _UNIT_ACTIVE_STATE_MAX);
+        assert(ns < _UNIT_ACTIVE_STATE_MAX);
+
+        /* Note that this is called for all low-level state changes,
+         * even if they might map to the same high-level
+         * UnitActiveState! That means that ns == os is an expected
+         * behavior here. For example: if a mount point is remounted
+         * this function will be called too! */
+
+        m = u->manager;
+
+        /* Update timestamps for state changes */
+        if (!MANAGER_IS_RELOADING(m)) {
+                dual_timestamp_get(&u->state_change_timestamp);
+
+                if (UNIT_IS_INACTIVE_OR_FAILED(os) && !UNIT_IS_INACTIVE_OR_FAILED(ns))
+                        u->inactive_exit_timestamp = u->state_change_timestamp;
+                else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_INACTIVE_OR_FAILED(ns))
+                        u->inactive_enter_timestamp = u->state_change_timestamp;
+
+                if (!UNIT_IS_ACTIVE_OR_RELOADING(os) && UNIT_IS_ACTIVE_OR_RELOADING(ns))
+                        u->active_enter_timestamp = u->state_change_timestamp;
+                else if (UNIT_IS_ACTIVE_OR_RELOADING(os) && !UNIT_IS_ACTIVE_OR_RELOADING(ns))
+                        u->active_exit_timestamp = u->state_change_timestamp;
+        }
+
+        /* Keep track of failed units */
+        (void) manager_update_failed_units(u->manager, u, ns == UNIT_FAILED);
+
+        /* Make sure the cgroup is always removed when we become inactive */
+        if (UNIT_IS_INACTIVE_OR_FAILED(ns))
+                unit_prune_cgroup(u);
+
+        /* Note that this doesn't apply to RemainAfterExit services exiting
+         * successfully, since there's no change of state in that case. Which is
+         * why it is handled in service_set_state() */
+        if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) {
+                ExecContext *ec;
+
+                ec = unit_get_exec_context(u);
+                if (ec && exec_context_may_touch_console(ec)) {
+                        if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
+                                m->n_on_console--;
+
+                                if (m->n_on_console == 0)
+                                        /* unset no_console_output flag, since the console is free */
+                                        m->no_console_output = false;
+                        } else
+                                m->n_on_console++;
+                }
+        }
+
+        if (u->job) {
+                unexpected = false;
+
+                if (u->job->state == JOB_WAITING)
+
+                        /* So we reached a different state for this
+                         * job. Let's see if we can run it now if it
+                         * failed previously due to EAGAIN. */
+                        job_add_to_run_queue(u->job);
+
+                /* Let's check whether this state change constitutes a
+                 * finished job, or maybe contradicts a running job and
+                 * hence needs to invalidate jobs. */
+
+                switch (u->job->type) {
+
+                case JOB_START:
+                case JOB_VERIFY_ACTIVE:
+
+                        if (UNIT_IS_ACTIVE_OR_RELOADING(ns))
+                                job_finish_and_invalidate(u->job, JOB_DONE, true, false);
+                        else if (u->job->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
+                                unexpected = true;
+
+                                if (UNIT_IS_INACTIVE_OR_FAILED(ns))
+                                        job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
+                        }
+
+                        break;
+
+                case JOB_RELOAD:
+                case JOB_RELOAD_OR_START:
+                case JOB_TRY_RELOAD:
+
+                        if (u->job->state == JOB_RUNNING) {
+                                if (ns == UNIT_ACTIVE)
+                                        job_finish_and_invalidate(u->job, reload_success ? JOB_DONE : JOB_FAILED, true, false);
+                                else if (ns != UNIT_ACTIVATING && ns != UNIT_RELOADING) {
+                                        unexpected = true;
+
+                                        if (UNIT_IS_INACTIVE_OR_FAILED(ns))
+                                                job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
+                                }
+                        }
+
+                        break;
+
+                case JOB_STOP:
+                case JOB_RESTART:
+                case JOB_TRY_RESTART:
+
+                        if (UNIT_IS_INACTIVE_OR_FAILED(ns))
+                                job_finish_and_invalidate(u->job, JOB_DONE, true, false);
+                        else if (u->job->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) {
+                                unexpected = true;
+                                job_finish_and_invalidate(u->job, JOB_FAILED, true, false);
+                        }
+
+                        break;
+
+                default:
+                        assert_not_reached("Job type unknown");
+                }
+
+        } else
+                unexpected = true;
+
+        if (!MANAGER_IS_RELOADING(m)) {
+
+                /* If this state change happened without being
+                 * requested by a job, then let's retroactively start
+                 * or stop dependencies. We skip that step when
+                 * deserializing, since we don't want to create any
+                 * additional jobs just because something is already
+                 * activated. */
+
+                if (unexpected) {
+                        if (UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_ACTIVE_OR_ACTIVATING(ns))
+                                retroactively_start_dependencies(u);
+                        else if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
+                                retroactively_stop_dependencies(u);
+                }
+
+                /* stop unneeded units regardless if going down was expected or not */
+                if (UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
+                        check_unneeded_dependencies(u);
+
+                if (ns != os && ns == UNIT_FAILED) {
+                        log_unit_notice(u, "Unit entered failed state.");
+                        unit_start_on_failure(u);
+                }
+        }
+
+        /* Some names are special */
+        if (UNIT_IS_ACTIVE_OR_RELOADING(ns)) {
+
+                if (unit_has_name(u, SPECIAL_DBUS_SERVICE))
+                        /* The bus might have just become available,
+                         * hence try to connect to it, if we aren't
+                         * yet connected. */
+                        bus_init(m, true);
+
+                if (u->type == UNIT_SERVICE &&
+                    !UNIT_IS_ACTIVE_OR_RELOADING(os) &&
+                    !MANAGER_IS_RELOADING(m)) {
+                        /* Write audit record if we have just finished starting up */
+                        manager_send_unit_audit(m, u, AUDIT_SERVICE_START, true);
+                        u->in_audit = true;
+                }
+
+                if (!UNIT_IS_ACTIVE_OR_RELOADING(os))
+                        manager_send_unit_plymouth(m, u);
+
+        } else {
+
+                /* We don't care about D-Bus here, since we'll get an
+                 * asynchronous notification for it anyway. */
+
+                if (u->type == UNIT_SERVICE &&
+                    UNIT_IS_INACTIVE_OR_FAILED(ns) &&
+                    !UNIT_IS_INACTIVE_OR_FAILED(os) &&
+                    !MANAGER_IS_RELOADING(m)) {
+
+                        /* Hmm, if there was no start record written
+                         * write it now, so that we always have a nice
+                         * pair */
+                        if (!u->in_audit) {
+                                manager_send_unit_audit(m, u, AUDIT_SERVICE_START, ns == UNIT_INACTIVE);
+
+                                if (ns == UNIT_INACTIVE)
+                                        manager_send_unit_audit(m, u, AUDIT_SERVICE_STOP, true);
+                        } else
+                                /* Write audit record if we have just finished shutting down */
+                                manager_send_unit_audit(m, u, AUDIT_SERVICE_STOP, ns == UNIT_INACTIVE);
+
+                        u->in_audit = false;
+                }
+        }
+
+        manager_recheck_journal(m);
+        unit_trigger_notify(u);
+
+        if (!MANAGER_IS_RELOADING(u->manager)) {
+                /* Maybe we finished startup and are now ready for
+                 * being stopped because unneeded? */
+                unit_check_unneeded(u);
+
+                /* Maybe we finished startup, but something we needed
+                 * has vanished? Let's die then. (This happens when
+                 * something BindsTo= to a Type=oneshot unit, as these
+                 * units go directly from starting to inactive,
+                 * without ever entering started.) */
+                unit_check_binds_to(u);
+        }
+
+        unit_add_to_dbus_queue(u);
+        unit_add_to_gc_queue(u);
+}
+
+int unit_watch_pid(Unit *u, pid_t pid) {
+        int q, r;
+
+        assert(u);
+        assert(pid >= 1);
+
+        /* Watch a specific PID. We only support one or two units
+         * watching each PID for now, not more. */
+
+        r = set_ensure_allocated(&u->pids, NULL);
+        if (r < 0)
+                return r;
+
+        r = hashmap_ensure_allocated(&u->manager->watch_pids1, NULL);
+        if (r < 0)
+                return r;
+
+        r = hashmap_put(u->manager->watch_pids1, PID_TO_PTR(pid), u);
+        if (r == -EEXIST) {
+                r = hashmap_ensure_allocated(&u->manager->watch_pids2, NULL);
+                if (r < 0)
+                        return r;
+
+                r = hashmap_put(u->manager->watch_pids2, PID_TO_PTR(pid), u);
+        }
+
+        q = set_put(u->pids, PID_TO_PTR(pid));
+        if (q < 0)
+                return q;
+
+        return r;
+}
+
+void unit_unwatch_pid(Unit *u, pid_t pid) {
+        assert(u);
+        assert(pid >= 1);
+
+        (void) hashmap_remove_value(u->manager->watch_pids1, PID_TO_PTR(pid), u);
+        (void) hashmap_remove_value(u->manager->watch_pids2, PID_TO_PTR(pid), u);
+        (void) set_remove(u->pids, PID_TO_PTR(pid));
+}
+
+void unit_unwatch_all_pids(Unit *u) {
+        assert(u);
+
+        while (!set_isempty(u->pids))
+                unit_unwatch_pid(u, PTR_TO_PID(set_first(u->pids)));
+
+        u->pids = set_free(u->pids);
+}
+
+void unit_tidy_watch_pids(Unit *u, pid_t except1, pid_t except2) {
+        Iterator i;
+        void *e;
+
+        assert(u);
+
+        /* Cleans dead PIDs from our list */
+
+        SET_FOREACH(e, u->pids, i) {
+                pid_t pid = PTR_TO_PID(e);
+
+                if (pid == except1 || pid == except2)
+                        continue;
+
+                if (!pid_is_unwaited(pid))
+                        unit_unwatch_pid(u, pid);
+        }
+}
+
+bool unit_job_is_applicable(Unit *u, JobType j) {
+        assert(u);
+        assert(j >= 0 && j < _JOB_TYPE_MAX);
+
+        switch (j) {
+
+        case JOB_VERIFY_ACTIVE:
+        case JOB_START:
+        case JOB_STOP:
+        case JOB_NOP:
+                return true;
+
+        case JOB_RESTART:
+        case JOB_TRY_RESTART:
+                return unit_can_start(u);
+
+        case JOB_RELOAD:
+        case JOB_TRY_RELOAD:
+                return unit_can_reload(u);
+
+        case JOB_RELOAD_OR_START:
+                return unit_can_reload(u) && unit_can_start(u);
+
+        default:
+                assert_not_reached("Invalid job type");
+        }
+}
+
+static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency) {
+        assert(u);
+
+        /* Only warn about some unit types */
+        if (!IN_SET(dependency, UNIT_CONFLICTS, UNIT_CONFLICTED_BY, UNIT_BEFORE, UNIT_AFTER, UNIT_ON_FAILURE, UNIT_TRIGGERS, UNIT_TRIGGERED_BY))
+                return;
+
+        if (streq_ptr(u->id, other))
+                log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id);
+        else
+                log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other), u->id);
+}
+
+int unit_add_dependency(Unit *u, UnitDependency d, Unit *other, bool add_reference) {
+
+        static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = {
+                [UNIT_REQUIRES] = UNIT_REQUIRED_BY,
+                [UNIT_WANTS] = UNIT_WANTED_BY,
+                [UNIT_REQUISITE] = UNIT_REQUISITE_OF,
+                [UNIT_BINDS_TO] = UNIT_BOUND_BY,
+                [UNIT_PART_OF] = UNIT_CONSISTS_OF,
+                [UNIT_REQUIRED_BY] = UNIT_REQUIRES,
+                [UNIT_REQUISITE_OF] = UNIT_REQUISITE,
+                [UNIT_WANTED_BY] = UNIT_WANTS,
+                [UNIT_BOUND_BY] = UNIT_BINDS_TO,
+                [UNIT_CONSISTS_OF] = UNIT_PART_OF,
+                [UNIT_CONFLICTS] = UNIT_CONFLICTED_BY,
+                [UNIT_CONFLICTED_BY] = UNIT_CONFLICTS,
+                [UNIT_BEFORE] = UNIT_AFTER,
+                [UNIT_AFTER] = UNIT_BEFORE,
+                [UNIT_ON_FAILURE] = _UNIT_DEPENDENCY_INVALID,
+                [UNIT_REFERENCES] = UNIT_REFERENCED_BY,
+                [UNIT_REFERENCED_BY] = UNIT_REFERENCES,
+                [UNIT_TRIGGERS] = UNIT_TRIGGERED_BY,
+                [UNIT_TRIGGERED_BY] = UNIT_TRIGGERS,
+                [UNIT_PROPAGATES_RELOAD_TO] = UNIT_RELOAD_PROPAGATED_FROM,
+                [UNIT_RELOAD_PROPAGATED_FROM] = UNIT_PROPAGATES_RELOAD_TO,
+                [UNIT_JOINS_NAMESPACE_OF] = UNIT_JOINS_NAMESPACE_OF,
+        };
+        int r, q = 0, v = 0, w = 0;
+        Unit *orig_u = u, *orig_other = other;
+
+        assert(u);
+        assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
+        assert(other);
+
+        u = unit_follow_merge(u);
+        other = unit_follow_merge(other);
+
+        /* We won't allow dependencies on ourselves. We will not
+         * consider them an error however. */
+        if (u == other) {
+                maybe_warn_about_dependency(orig_u, orig_other->id, d);
+                return 0;
+        }
+
+        r = set_ensure_allocated(&u->dependencies[d], NULL);
+        if (r < 0)
+                return r;
+
+        if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID) {
+                r = set_ensure_allocated(&other->dependencies[inverse_table[d]], NULL);
+                if (r < 0)
+                        return r;
+        }
+
+        if (add_reference) {
+                r = set_ensure_allocated(&u->dependencies[UNIT_REFERENCES], NULL);
+                if (r < 0)
+                        return r;
+
+                r = set_ensure_allocated(&other->dependencies[UNIT_REFERENCED_BY], NULL);
+                if (r < 0)
+                        return r;
+        }
+
+        q = set_put(u->dependencies[d], other);
+        if (q < 0)
+                return q;
+
+        if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) {
+                v = set_put(other->dependencies[inverse_table[d]], u);
+                if (v < 0) {
+                        r = v;
+                        goto fail;
+                }
+        }
+
+        if (add_reference) {
+                w = set_put(u->dependencies[UNIT_REFERENCES], other);
+                if (w < 0) {
+                        r = w;
+                        goto fail;
+                }
+
+                r = set_put(other->dependencies[UNIT_REFERENCED_BY], u);
+                if (r < 0)
+                        goto fail;
+        }
+
+        unit_add_to_dbus_queue(u);
+        return 0;
+
+fail:
+        if (q > 0)
+                set_remove(u->dependencies[d], other);
+
+        if (v > 0)
+                set_remove(other->dependencies[inverse_table[d]], u);
+
+        if (w > 0)
+                set_remove(u->dependencies[UNIT_REFERENCES], other);
+
+        return r;
+}
+
+int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference) {
+        int r;
+
+        assert(u);
+
+        r = unit_add_dependency(u, d, other, add_reference);
+        if (r < 0)
+                return r;
+
+        return unit_add_dependency(u, e, other, add_reference);
+}
+
+static int resolve_template(Unit *u, const char *name, const char*path, char **buf, const char **ret) {
+        int r;
+
+        assert(u);
+        assert(name || path);
+        assert(buf);
+        assert(ret);
+
+        if (!name)
+                name = basename(path);
+
+        if (!unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
+                *buf = NULL;
+                *ret = name;
+                return 0;
+        }
+
+        if (u->instance)
+                r = unit_name_replace_instance(name, u->instance, buf);
+        else {
+                _cleanup_free_ char *i = NULL;
+
+                r = unit_name_to_prefix(u->id, &i);
+                if (r < 0)
+                        return r;
+
+                r = unit_name_replace_instance(name, i, buf);
+        }
+        if (r < 0)
+                return r;
+
+        *ret = *buf;
+        return 0;
+}
+
+int unit_add_dependency_by_name(Unit *u, UnitDependency d, const char *name, const char *path, bool add_reference) {
+        _cleanup_free_ char *buf = NULL;
+        Unit *other;
+        int r;
+
+        assert(u);
+        assert(name || path);
+
+        r = resolve_template(u, name, path, &buf, &name);
+        if (r < 0)
+                return r;
+
+        r = manager_load_unit(u->manager, name, path, NULL, &other);
+        if (r < 0)
+                return r;
+
+        return unit_add_dependency(u, d, other, add_reference);
+}
+
+int unit_add_two_dependencies_by_name(Unit *u, UnitDependency d, UnitDependency e, const char *name, const char *path, bool add_reference) {
+        _cleanup_free_ char *buf = NULL;
+        Unit *other;
+        int r;
+
+        assert(u);
+        assert(name || path);
+
+        r = resolve_template(u, name, path, &buf, &name);
+        if (r < 0)
+                return r;
+
+        r = manager_load_unit(u->manager, name, path, NULL, &other);
+        if (r < 0)
+                return r;
+
+        return unit_add_two_dependencies(u, d, e, other, add_reference);
+}
+
+int set_unit_path(const char *p) {
+        /* This is mostly for debug purposes */
+        if (setenv("SYSTEMD_UNIT_PATH", p, 1) < 0)
+                return -errno;
+
+        return 0;
+}
+
+char *unit_dbus_path(Unit *u) {
+        assert(u);
+
+        if (!u->id)
+                return NULL;
+
+        return unit_dbus_path_from_name(u->id);
+}
+
+int unit_set_slice(Unit *u, Unit *slice) {
+        assert(u);
+        assert(slice);
+
+        /* Sets the unit slice if it has not been set before. Is extra
+         * careful, to only allow this for units that actually have a
+         * cgroup context. Also, we don't allow to set this for slices
+         * (since the parent slice is derived from the name). Make
+         * sure the unit we set is actually a slice. */
+
+        if (!UNIT_HAS_CGROUP_CONTEXT(u))
+                return -EOPNOTSUPP;
+
+        if (u->type == UNIT_SLICE)
+                return -EINVAL;
+
+        if (unit_active_state(u) != UNIT_INACTIVE)
+                return -EBUSY;
+
+        if (slice->type != UNIT_SLICE)
+                return -EINVAL;
+
+        if (unit_has_name(u, SPECIAL_INIT_SCOPE) &&
+            !unit_has_name(slice, SPECIAL_ROOT_SLICE))
+                return -EPERM;
+
+        if (UNIT_DEREF(u->slice) == slice)
+                return 0;
+
+        /* Disallow slice changes if @u is already bound to cgroups */
+        if (UNIT_ISSET(u->slice) && u->cgroup_realized)
+                return -EBUSY;
+
+        unit_ref_unset(&u->slice);
+        unit_ref_set(&u->slice, slice);
+        return 1;
+}
+
+int unit_set_default_slice(Unit *u) {
+        _cleanup_free_ char *b = NULL;
+        const char *slice_name;
+        Unit *slice;
+        int r;
+
+        assert(u);
+
+        if (UNIT_ISSET(u->slice))
+                return 0;
+
+        if (u->instance) {
+                _cleanup_free_ char *prefix = NULL, *escaped = NULL;
+
+                /* Implicitly place all instantiated units in their
+                 * own per-template slice */
+
+                r = unit_name_to_prefix(u->id, &prefix);
+                if (r < 0)
+                        return r;
+
+                /* The prefix is already escaped, but it might include
+                 * "-" which has a special meaning for slice units,
+                 * hence escape it here extra. */
+                escaped = unit_name_escape(prefix);
+                if (!escaped)
+                        return -ENOMEM;
+
+                if (MANAGER_IS_SYSTEM(u->manager))
+                        b = strjoin("system-", escaped, ".slice", NULL);
+                else
+                        b = strappend(escaped, ".slice");
+                if (!b)
+                        return -ENOMEM;
+
+                slice_name = b;
+        } else
+                slice_name =
+                        MANAGER_IS_SYSTEM(u->manager) && !unit_has_name(u, SPECIAL_INIT_SCOPE)
+                        ? SPECIAL_SYSTEM_SLICE
+                        : SPECIAL_ROOT_SLICE;
+
+        r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
+        if (r < 0)
+                return r;
+
+        return unit_set_slice(u, slice);
+}
+
+const char *unit_slice_name(Unit *u) {
+        assert(u);
+
+        if (!UNIT_ISSET(u->slice))
+                return NULL;
+
+        return UNIT_DEREF(u->slice)->id;
+}
+
+int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
+        _cleanup_free_ char *t = NULL;
+        int r;
+
+        assert(u);
+        assert(type);
+        assert(_found);
+
+        r = unit_name_change_suffix(u->id, type, &t);
+        if (r < 0)
+                return r;
+        if (unit_has_name(u, t))
+                return -EINVAL;
+
+        r = manager_load_unit(u->manager, t, NULL, NULL, _found);
+        assert(r < 0 || *_found != u);
+        return r;
+}
+
+static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        const char *name, *old_owner, *new_owner;
+        Unit *u = userdata;
+        int r;
+
+        assert(message);
+        assert(u);
+
+        r = sd_bus_message_read(message, "sss", &name, &old_owner, &new_owner);
+        if (r < 0) {
+                bus_log_parse_error(r);
+                return 0;
+        }
+
+        if (UNIT_VTABLE(u)->bus_name_owner_change)
+                UNIT_VTABLE(u)->bus_name_owner_change(u, name, old_owner, new_owner);
+
+        return 0;
+}
+
+int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
+        const char *match;
+
+        assert(u);
+        assert(bus);
+        assert(name);
+
+        if (u->match_bus_slot)
+                return -EBUSY;
+
+        match = strjoina("type='signal',"
+                         "sender='org.freedesktop.DBus',"
+                         "path='/org/freedesktop/DBus',"
+                         "interface='org.freedesktop.DBus',"
+                         "member='NameOwnerChanged',"
+                         "arg0='", name, "'");
+
+        return sd_bus_add_match(bus, &u->match_bus_slot, match, signal_name_owner_changed, u);
+}
+
+int unit_watch_bus_name(Unit *u, const char *name) {
+        int r;
+
+        assert(u);
+        assert(name);
+
+        /* Watch a specific name on the bus. We only support one unit
+         * watching each name for now. */
+
+        if (u->manager->api_bus) {
+                /* If the bus is already available, install the match directly.
+                 * Otherwise, just put the name in the list. bus_setup_api() will take care later. */
+                r = unit_install_bus_match(u, u->manager->api_bus, name);
+                if (r < 0)
+                        return log_warning_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
+        }
+
+        r = hashmap_put(u->manager->watch_bus, name, u);
+        if (r < 0) {
+                u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
+                return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
+        }
+
+        return 0;
+}
+
+void unit_unwatch_bus_name(Unit *u, const char *name) {
+        assert(u);
+        assert(name);
+
+        hashmap_remove_value(u->manager->watch_bus, name, u);
+        u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
+}
+
+bool unit_can_serialize(Unit *u) {
+        assert(u);
+
+        return UNIT_VTABLE(u)->serialize && UNIT_VTABLE(u)->deserialize_item;
+}
+
+int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
+        int r;
+
+        assert(u);
+        assert(f);
+        assert(fds);
+
+        if (unit_can_serialize(u)) {
+                ExecRuntime *rt;
+
+                r = UNIT_VTABLE(u)->serialize(u, f, fds);
+                if (r < 0)
+                        return r;
+
+                rt = unit_get_exec_runtime(u);
+                if (rt) {
+                        r = exec_runtime_serialize(u, rt, f, fds);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        dual_timestamp_serialize(f, "state-change-timestamp", &u->state_change_timestamp);
+
+        dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
+        dual_timestamp_serialize(f, "active-enter-timestamp", &u->active_enter_timestamp);
+        dual_timestamp_serialize(f, "active-exit-timestamp", &u->active_exit_timestamp);
+        dual_timestamp_serialize(f, "inactive-enter-timestamp", &u->inactive_enter_timestamp);
+
+        dual_timestamp_serialize(f, "condition-timestamp", &u->condition_timestamp);
+        dual_timestamp_serialize(f, "assert-timestamp", &u->assert_timestamp);
+
+        if (dual_timestamp_is_set(&u->condition_timestamp))
+                unit_serialize_item(u, f, "condition-result", yes_no(u->condition_result));
+
+        if (dual_timestamp_is_set(&u->assert_timestamp))
+                unit_serialize_item(u, f, "assert-result", yes_no(u->assert_result));
+
+        unit_serialize_item(u, f, "transient", yes_no(u->transient));
+        unit_serialize_item_format(u, f, "cpuacct-usage-base", "%" PRIu64, u->cpuacct_usage_base);
+
+        if (u->cgroup_path)
+                unit_serialize_item(u, f, "cgroup", u->cgroup_path);
+        unit_serialize_item(u, f, "cgroup-realized", yes_no(u->cgroup_realized));
+
+        if (serialize_jobs) {
+                if (u->job) {
+                        fprintf(f, "job\n");
+                        job_serialize(u->job, f, fds);
+                }
+
+                if (u->nop_job) {
+                        fprintf(f, "job\n");
+                        job_serialize(u->nop_job, f, fds);
+                }
+        }
+
+        /* End marker */
+        fputc('\n', f);
+        return 0;
+}
+
+int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) {
+        assert(u);
+        assert(f);
+        assert(key);
+
+        if (!value)
+                return 0;
+
+        fputs(key, f);
+        fputc('=', f);
+        fputs(value, f);
+        fputc('\n', f);
+
+        return 1;
+}
+
+int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value) {
+        _cleanup_free_ char *c = NULL;
+
+        assert(u);
+        assert(f);
+        assert(key);
+
+        if (!value)
+                return 0;
+
+        c = cescape(value);
+        if (!c)
+                return -ENOMEM;
+
+        fputs(key, f);
+        fputc('=', f);
+        fputs(c, f);
+        fputc('\n', f);
+
+        return 1;
+}
+
+int unit_serialize_item_fd(Unit *u, FILE *f, FDSet *fds, const char *key, int fd) {
+        int copy;
+
+        assert(u);
+        assert(f);
+        assert(key);
+
+        if (fd < 0)
+                return 0;
+
+        copy = fdset_put_dup(fds, fd);
+        if (copy < 0)
+                return copy;
+
+        fprintf(f, "%s=%i\n", key, copy);
+        return 1;
+}
+
+void unit_serialize_item_format(Unit *u, FILE *f, const char *key, const char *format, ...) {
+        va_list ap;
+
+        assert(u);
+        assert(f);
+        assert(key);
+        assert(format);
+
+        fputs(key, f);
+        fputc('=', f);
+
+        va_start(ap, format);
+        vfprintf(f, format, ap);
+        va_end(ap);
+
+        fputc('\n', f);
+}
+
+int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
+        ExecRuntime **rt = NULL;
+        size_t offset;
+        int r;
+
+        assert(u);
+        assert(f);
+        assert(fds);
+
+        offset = UNIT_VTABLE(u)->exec_runtime_offset;
+        if (offset > 0)
+                rt = (ExecRuntime**) ((uint8_t*) u + offset);
+
+        for (;;) {
+                char line[LINE_MAX], *l, *v;
+                size_t k;
+
+                if (!fgets(line, sizeof(line), f)) {
+                        if (feof(f))
+                                return 0;
+                        return -errno;
+                }
+
+                char_array_0(line);
+                l = strstrip(line);
+
+                /* End marker */
+                if (isempty(l))
+                        break;
+
+                k = strcspn(l, "=");
+
+                if (l[k] == '=') {
+                        l[k] = 0;
+                        v = l+k+1;
+                } else
+                        v = l+k;
+
+                if (streq(l, "job")) {
+                        if (v[0] == '\0') {
+                                /* new-style serialized job */
+                                Job *j;
+
+                                j = job_new_raw(u);
+                                if (!j)
+                                        return log_oom();
+
+                                r = job_deserialize(j, f, fds);
+                                if (r < 0) {
+                                        job_free(j);
+                                        return r;
+                                }
+
+                                r = hashmap_put(u->manager->jobs, UINT32_TO_PTR(j->id), j);
+                                if (r < 0) {
+                                        job_free(j);
+                                        return r;
+                                }
+
+                                r = job_install_deserialized(j);
+                                if (r < 0) {
+                                        hashmap_remove(u->manager->jobs, UINT32_TO_PTR(j->id));
+                                        job_free(j);
+                                        return r;
+                                }
+                        } else  /* legacy for pre-44 */
+                                log_unit_warning(u, "Update from too old systemd versions are unsupported, cannot deserialize job: %s", v);
+                        continue;
+                } else if (streq(l, "state-change-timestamp")) {
+                        dual_timestamp_deserialize(v, &u->state_change_timestamp);
+                        continue;
+                } else if (streq(l, "inactive-exit-timestamp")) {
+                        dual_timestamp_deserialize(v, &u->inactive_exit_timestamp);
+                        continue;
+                } else if (streq(l, "active-enter-timestamp")) {
+                        dual_timestamp_deserialize(v, &u->active_enter_timestamp);
+                        continue;
+                } else if (streq(l, "active-exit-timestamp")) {
+                        dual_timestamp_deserialize(v, &u->active_exit_timestamp);
+                        continue;
+                } else if (streq(l, "inactive-enter-timestamp")) {
+                        dual_timestamp_deserialize(v, &u->inactive_enter_timestamp);
+                        continue;
+                } else if (streq(l, "condition-timestamp")) {
+                        dual_timestamp_deserialize(v, &u->condition_timestamp);
+                        continue;
+                } else if (streq(l, "assert-timestamp")) {
+                        dual_timestamp_deserialize(v, &u->assert_timestamp);
+                        continue;
+                } else if (streq(l, "condition-result")) {
+
+                        r = parse_boolean(v);
+                        if (r < 0)
+                                log_unit_debug(u, "Failed to parse condition result value %s, ignoring.", v);
+                        else
+                                u->condition_result = r;
+
+                        continue;
+
+                } else if (streq(l, "assert-result")) {
+
+                        r = parse_boolean(v);
+                        if (r < 0)
+                                log_unit_debug(u, "Failed to parse assert result value %s, ignoring.", v);
+                        else
+                                u->assert_result = r;
+
+                        continue;
+
+                } else if (streq(l, "transient")) {
+
+                        r = parse_boolean(v);
+                        if (r < 0)
+                                log_unit_debug(u, "Failed to parse transient bool %s, ignoring.", v);
+                        else
+                                u->transient = r;
+
+                        continue;
+
+                } else if (streq(l, "cpuacct-usage-base")) {
+
+                        r = safe_atou64(v, &u->cpuacct_usage_base);
+                        if (r < 0)
+                                log_unit_debug(u, "Failed to parse CPU usage %s, ignoring.", v);
+
+                        continue;
+
+                } else if (streq(l, "cgroup")) {
+
+                        r = unit_set_cgroup_path(u, v);
+                        if (r < 0)
+                                log_unit_debug_errno(u, r, "Failed to set cgroup path %s, ignoring: %m", v);
+
+                        (void) unit_watch_cgroup(u);
+
+                        continue;
+                } else if (streq(l, "cgroup-realized")) {
+                        int b;
+
+                        b = parse_boolean(v);
+                        if (b < 0)
+                                log_unit_debug(u, "Failed to parse cgroup-realized bool %s, ignoring.", v);
+                        else
+                                u->cgroup_realized = b;
+
+                        continue;
+                }
+
+                if (unit_can_serialize(u)) {
+                        if (rt) {
+                                r = exec_runtime_deserialize_item(u, rt, l, v, fds);
+                                if (r < 0) {
+                                        log_unit_warning(u, "Failed to deserialize runtime parameter '%s', ignoring.", l);
+                                        continue;
+                                }
+
+                                /* Returns positive if key was handled by the call */
+                                if (r > 0)
+                                        continue;
+                        }
+
+                        r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
+                        if (r < 0)
+                                log_unit_warning(u, "Failed to deserialize unit parameter '%s', ignoring.", l);
+                }
+        }
+
+        /* Versions before 228 did not carry a state change timestamp. In this case, take the current time. This is
+         * useful, so that timeouts based on this timestamp don't trigger too early, and is in-line with the logic from
+         * before 228 where the base for timeouts was not persistent across reboots. */
+
+        if (!dual_timestamp_is_set(&u->state_change_timestamp))
+                dual_timestamp_get(&u->state_change_timestamp);
+
+        return 0;
+}
+
+int unit_add_node_link(Unit *u, const char *what, bool wants, UnitDependency dep) {
+        Unit *device;
+        _cleanup_free_ char *e = NULL;
+        int r;
+
+        assert(u);
+
+        /* Adds in links to the device node that this unit is based on */
+        if (isempty(what))
+                return 0;
+
+        if (!is_device_path(what))
+                return 0;
+
+        /* When device units aren't supported (such as in a
+         * container), don't create dependencies on them. */
+        if (!unit_type_supported(UNIT_DEVICE))
+                return 0;
+
+        r = unit_name_from_path(what, ".device", &e);
+        if (r < 0)
+                return r;
+
+        r = manager_load_unit(u->manager, e, NULL, NULL, &device);
+        if (r < 0)
+                return r;
+
+        r = unit_add_two_dependencies(u, UNIT_AFTER,
+                                      MANAGER_IS_SYSTEM(u->manager) ? dep : UNIT_WANTS,
+                                      device, true);
+        if (r < 0)
+                return r;
+
+        if (wants) {
+                r = unit_add_dependency(device, UNIT_WANTS, u, false);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+int unit_coldplug(Unit *u) {
+        int r = 0, q = 0;
+
+        assert(u);
+
+        /* Make sure we don't enter a loop, when coldplugging
+         * recursively. */
+        if (u->coldplugged)
+                return 0;
+
+        u->coldplugged = true;
+
+        if (UNIT_VTABLE(u)->coldplug)
+                r = UNIT_VTABLE(u)->coldplug(u);
+
+        if (u->job)
+                q = job_coldplug(u->job);
+
+        if (r < 0)
+                return r;
+        if (q < 0)
+                return q;
+
+        return 0;
+}
+
+static bool fragment_mtime_newer(const char *path, usec_t mtime) {
+        struct stat st;
+
+        if (!path)
+                return false;
+
+        if (stat(path, &st) < 0)
+                /* What, cannot access this anymore? */
+                return true;
+
+        if (mtime > 0)
+                /* For non-empty files check the mtime */
+                return timespec_load(&st.st_mtim) > mtime;
+        else if (!null_or_empty(&st))
+                /* For masked files check if they are still so */
+                return true;
+
+        return false;
+}
+
+bool unit_need_daemon_reload(Unit *u) {
+        _cleanup_strv_free_ char **t = NULL;
+        char **path;
+
+        assert(u);
+
+        if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime))
+                return true;
+
+        if (fragment_mtime_newer(u->source_path, u->source_mtime))
+                return true;
+
+        (void) unit_find_dropin_paths(u, &t);
+        if (!strv_equal(u->dropin_paths, t))
+                return true;
+
+        STRV_FOREACH(path, u->dropin_paths)
+                if (fragment_mtime_newer(*path, u->dropin_mtime))
+                        return true;
+
+        return false;
+}
+
+void unit_reset_failed(Unit *u) {
+        assert(u);
+
+        if (UNIT_VTABLE(u)->reset_failed)
+                UNIT_VTABLE(u)->reset_failed(u);
+
+        RATELIMIT_RESET(u->start_limit);
+        u->start_limit_hit = false;
+}
+
+Unit *unit_following(Unit *u) {
+        assert(u);
+
+        if (UNIT_VTABLE(u)->following)
+                return UNIT_VTABLE(u)->following(u);
+
+        return NULL;
+}
+
+bool unit_stop_pending(Unit *u) {
+        assert(u);
+
+        /* This call does check the current state of the unit. It's
+         * hence useful to be called from state change calls of the
+         * unit itself, where the state isn't updated yet. This is
+         * different from unit_inactive_or_pending() which checks both
+         * the current state and for a queued job. */
+
+        return u->job && u->job->type == JOB_STOP;
+}
+
+bool unit_inactive_or_pending(Unit *u) {
+        assert(u);
+
+        /* Returns true if the unit is inactive or going down */
+
+        if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)))
+                return true;
+
+        if (unit_stop_pending(u))
+                return true;
+
+        return false;
+}
+
+bool unit_active_or_pending(Unit *u) {
+        assert(u);
+
+        /* Returns true if the unit is active or going up */
+
+        if (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
+                return true;
+
+        if (u->job &&
+            (u->job->type == JOB_START ||
+             u->job->type == JOB_RELOAD_OR_START ||
+             u->job->type == JOB_RESTART))
+                return true;
+
+        return false;
+}
+
+int unit_kill(Unit *u, KillWho w, int signo, sd_bus_error *error) {
+        assert(u);
+        assert(w >= 0 && w < _KILL_WHO_MAX);
+        assert(SIGNAL_VALID(signo));
+
+        if (!UNIT_VTABLE(u)->kill)
+                return -EOPNOTSUPP;
+
+        return UNIT_VTABLE(u)->kill(u, w, signo, error);
+}
+
+static Set *unit_pid_set(pid_t main_pid, pid_t control_pid) {
+        Set *pid_set;
+        int r;
+
+        pid_set = set_new(NULL);
+        if (!pid_set)
+                return NULL;
+
+        /* Exclude the main/control pids from being killed via the cgroup */
+        if (main_pid > 0) {
+                r = set_put(pid_set, PID_TO_PTR(main_pid));
+                if (r < 0)
+                        goto fail;
+        }
+
+        if (control_pid > 0) {
+                r = set_put(pid_set, PID_TO_PTR(control_pid));
+                if (r < 0)
+                        goto fail;
+        }
+
+        return pid_set;
+
+fail:
+        set_free(pid_set);
+        return NULL;
+}
+
+int unit_kill_common(
+                Unit *u,
+                KillWho who,
+                int signo,
+                pid_t main_pid,
+                pid_t control_pid,
+                sd_bus_error *error) {
+
+        int r = 0;
+        bool killed = false;
+
+        if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL)) {
+                if (main_pid < 0)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no main processes", unit_type_to_string(u->type));
+                else if (main_pid == 0)
+                        return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No main process to kill");
+        }
+
+        if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL)) {
+                if (control_pid < 0)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no control processes", unit_type_to_string(u->type));
+                else if (control_pid == 0)
+                        return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
+        }
+
+        if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL, KILL_ALL, KILL_ALL_FAIL))
+                if (control_pid > 0) {
+                        if (kill(control_pid, signo) < 0)
+                                r = -errno;
+                        else
+                                killed = true;
+                }
+
+        if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL, KILL_ALL, KILL_ALL_FAIL))
+                if (main_pid > 0) {
+                        if (kill(main_pid, signo) < 0)
+                                r = -errno;
+                        else
+                                killed = true;
+                }
+
+        if (IN_SET(who, KILL_ALL, KILL_ALL_FAIL) && u->cgroup_path) {
+                _cleanup_set_free_ Set *pid_set = NULL;
+                int q;
+
+                /* Exclude the main/control pids from being killed via the cgroup */
+                pid_set = unit_pid_set(main_pid, control_pid);
+                if (!pid_set)
+                        return -ENOMEM;
+
+                q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, signo, false, false, false, pid_set);
+                if (q < 0 && q != -EAGAIN && q != -ESRCH && q != -ENOENT)
+                        r = q;
+                else
+                        killed = true;
+        }
+
+        if (r == 0 && !killed && IN_SET(who, KILL_ALL_FAIL, KILL_CONTROL_FAIL))
+                return -ESRCH;
+
+        return r;
+}
+
+int unit_following_set(Unit *u, Set **s) {
+        assert(u);
+        assert(s);
+
+        if (UNIT_VTABLE(u)->following_set)
+                return UNIT_VTABLE(u)->following_set(u, s);
+
+        *s = NULL;
+        return 0;
+}
+
+UnitFileState unit_get_unit_file_state(Unit *u) {
+        int r;
+
+        assert(u);
+
+        if (u->unit_file_state < 0 && u->fragment_path) {
+                r = unit_file_get_state(
+                                u->manager->unit_file_scope,
+                                NULL,
+                                basename(u->fragment_path),
+                                &u->unit_file_state);
+                if (r < 0)
+                        u->unit_file_state = UNIT_FILE_BAD;
+        }
+
+        return u->unit_file_state;
+}
+
+int unit_get_unit_file_preset(Unit *u) {
+        assert(u);
+
+        if (u->unit_file_preset < 0 && u->fragment_path)
+                u->unit_file_preset = unit_file_query_preset(
+                                u->manager->unit_file_scope,
+                                NULL,
+                                basename(u->fragment_path));
+
+        return u->unit_file_preset;
+}
+
+Unit* unit_ref_set(UnitRef *ref, Unit *u) {
+        assert(ref);
+        assert(u);
+
+        if (ref->unit)
+                unit_ref_unset(ref);
+
+        ref->unit = u;
+        LIST_PREPEND(refs, u->refs, ref);
+        return u;
+}
+
+void unit_ref_unset(UnitRef *ref) {
+        assert(ref);
+
+        if (!ref->unit)
+                return;
+
+        /* We are about to drop a reference to the unit, make sure the garbage collection has a look at it as it might
+         * be unreferenced now. */
+        unit_add_to_gc_queue(ref->unit);
+
+        LIST_REMOVE(refs, ref->unit->refs, ref);
+        ref->unit = NULL;
+}
+
+int unit_patch_contexts(Unit *u) {
+        CGroupContext *cc;
+        ExecContext *ec;
+        unsigned i;
+        int r;
+
+        assert(u);
+
+        /* Patch in the manager defaults into the exec and cgroup
+         * contexts, _after_ the rest of the settings have been
+         * initialized */
+
+        ec = unit_get_exec_context(u);
+        if (ec) {
+                /* This only copies in the ones that need memory */
+                for (i = 0; i < _RLIMIT_MAX; i++)
+                        if (u->manager->rlimit[i] && !ec->rlimit[i]) {
+                                ec->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1);
+                                if (!ec->rlimit[i])
+                                        return -ENOMEM;
+                        }
+
+                if (MANAGER_IS_USER(u->manager) &&
+                    !ec->working_directory) {
+
+                        r = get_home_dir(&ec->working_directory);
+                        if (r < 0)
+                                return r;
+
+                        /* Allow user services to run, even if the
+                         * home directory is missing */
+                        ec->working_directory_missing_ok = true;
+                }
+
+                if (MANAGER_IS_USER(u->manager) &&
+                    (ec->syscall_whitelist ||
+                     !set_isempty(ec->syscall_filter) ||
+                     !set_isempty(ec->syscall_archs) ||
+                     ec->address_families_whitelist ||
+                     !set_isempty(ec->address_families)))
+                        ec->no_new_privileges = true;
+
+                if (ec->private_devices)
+                        ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_MKNOD);
+        }
+
+        cc = unit_get_cgroup_context(u);
+        if (cc) {
+
+                if (ec &&
+                    ec->private_devices &&
+                    cc->device_policy == CGROUP_AUTO)
+                        cc->device_policy = CGROUP_CLOSED;
+        }
+
+        return 0;
+}
+
+ExecContext *unit_get_exec_context(Unit *u) {
+        size_t offset;
+        assert(u);
+
+        if (u->type < 0)
+                return NULL;
+
+        offset = UNIT_VTABLE(u)->exec_context_offset;
+        if (offset <= 0)
+                return NULL;
+
+        return (ExecContext*) ((uint8_t*) u + offset);
+}
+
+KillContext *unit_get_kill_context(Unit *u) {
+        size_t offset;
+        assert(u);
+
+        if (u->type < 0)
+                return NULL;
+
+        offset = UNIT_VTABLE(u)->kill_context_offset;
+        if (offset <= 0)
+                return NULL;
+
+        return (KillContext*) ((uint8_t*) u + offset);
+}
+
+CGroupContext *unit_get_cgroup_context(Unit *u) {
+        size_t offset;
+
+        if (u->type < 0)
+                return NULL;
+
+        offset = UNIT_VTABLE(u)->cgroup_context_offset;
+        if (offset <= 0)
+                return NULL;
+
+        return (CGroupContext*) ((uint8_t*) u + offset);
+}
+
+ExecRuntime *unit_get_exec_runtime(Unit *u) {
+        size_t offset;
+
+        if (u->type < 0)
+                return NULL;
+
+        offset = UNIT_VTABLE(u)->exec_runtime_offset;
+        if (offset <= 0)
+                return NULL;
+
+        return *(ExecRuntime**) ((uint8_t*) u + offset);
+}
+
+static const char* unit_drop_in_dir(Unit *u, UnitSetPropertiesMode mode) {
+        assert(u);
+
+        if (!IN_SET(mode, UNIT_RUNTIME, UNIT_PERSISTENT))
+                return NULL;
+
+        if (u->transient) /* Redirect drop-ins for transient units always into the transient directory. */
+                return u->manager->lookup_paths.transient;
+
+        if (mode == UNIT_RUNTIME)
+                return u->manager->lookup_paths.runtime_control;
+
+        if (mode == UNIT_PERSISTENT)
+                return u->manager->lookup_paths.persistent_control;
+
+        return NULL;
+}
+
+int unit_write_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *data) {
+        _cleanup_free_ char *p = NULL, *q = NULL;
+        const char *dir, *prefixed;
+        int r;
+
+        assert(u);
+
+        if (u->transient_file) {
+                /* When this is a transient unit file in creation, then let's not create a new drop-in but instead
+                 * write to the transient unit file. */
+                fputs(data, u->transient_file);
+                return 0;
+        }
+
+        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+                return 0;
+
+        dir = unit_drop_in_dir(u, mode);
+        if (!dir)
+                return -EINVAL;
+
+        prefixed = strjoina("# This is a drop-in unit file extension, created via \"systemctl set-property\" or an equivalent operation. Do not edit.\n",
+                            data);
+
+        r = drop_in_file(dir, u->id, 50, name, &p, &q);
+        if (r < 0)
+                return r;
+
+        (void) mkdir_p(p, 0755);
+        r = write_string_file_atomic_label(q, prefixed);
+        if (r < 0)
+                return r;
+
+        r = strv_push(&u->dropin_paths, q);
+        if (r < 0)
+                return r;
+        q = NULL;
+
+        strv_uniq(u->dropin_paths);
+
+        u->dropin_mtime = now(CLOCK_REALTIME);
+
+        return 0;
+}
+
+int unit_write_drop_in_format(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *format, ...) {
+        _cleanup_free_ char *p = NULL;
+        va_list ap;
+        int r;
+
+        assert(u);
+        assert(name);
+        assert(format);
+
+        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+                return 0;
+
+        va_start(ap, format);
+        r = vasprintf(&p, format, ap);
+        va_end(ap);
+
+        if (r < 0)
+                return -ENOMEM;
+
+        return unit_write_drop_in(u, mode, name, p);
+}
+
+int unit_write_drop_in_private(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *data) {
+        const char *ndata;
+
+        assert(u);
+        assert(name);
+        assert(data);
+
+        if (!UNIT_VTABLE(u)->private_section)
+                return -EINVAL;
+
+        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+                return 0;
+
+        ndata = strjoina("[", UNIT_VTABLE(u)->private_section, "]\n", data);
+
+        return unit_write_drop_in(u, mode, name, ndata);
+}
+
+int unit_write_drop_in_private_format(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *format, ...) {
+        _cleanup_free_ char *p = NULL;
+        va_list ap;
+        int r;
+
+        assert(u);
+        assert(name);
+        assert(format);
+
+        if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
+                return 0;
+
+        va_start(ap, format);
+        r = vasprintf(&p, format, ap);
+        va_end(ap);
+
+        if (r < 0)
+                return -ENOMEM;
+
+        return unit_write_drop_in_private(u, mode, name, p);
+}
+
+int unit_make_transient(Unit *u) {
+        FILE *f;
+        char *path;
+
+        assert(u);
+
+        if (!UNIT_VTABLE(u)->can_transient)
+                return -EOPNOTSUPP;
+
+        path = strjoin(u->manager->lookup_paths.transient, "/", u->id, NULL);
+        if (!path)
+                return -ENOMEM;
+
+        /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are
+         * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */
+
+        RUN_WITH_UMASK(0022) {
+                f = fopen(path, "we");
+                if (!f) {
+                        free(path);
+                        return -errno;
+                }
+        }
+
+        if (u->transient_file)
+                fclose(u->transient_file);
+        u->transient_file = f;
+
+        free(u->fragment_path);
+        u->fragment_path = path;
+
+        u->source_path = mfree(u->source_path);
+        u->dropin_paths = strv_free(u->dropin_paths);
+        u->fragment_mtime = u->source_mtime = u->dropin_mtime = 0;
+
+        u->load_state = UNIT_STUB;
+        u->load_error = 0;
+        u->transient = true;
+
+        unit_add_to_dbus_queue(u);
+        unit_add_to_gc_queue(u);
+        unit_add_to_load_queue(u);
+
+        fputs("# This is a transient unit file, created programmatically via the systemd API. Do not edit.\n",
+              u->transient_file);
+
+        return 0;
+}
+
+int unit_kill_context(
+                Unit *u,
+                KillContext *c,
+                KillOperation k,
+                pid_t main_pid,
+                pid_t control_pid,
+                bool main_pid_alien) {
+
+        bool wait_for_exit = false;
+        int sig, r;
+
+        assert(u);
+        assert(c);
+
+        if (c->kill_mode == KILL_NONE)
+                return 0;
+
+        switch (k) {
+        case KILL_KILL:
+                sig = SIGKILL;
+                break;
+        case KILL_ABORT:
+                sig = SIGABRT;
+                break;
+        case KILL_TERMINATE:
+                sig = c->kill_signal;
+                break;
+        default:
+                assert_not_reached("KillOperation unknown");
+        }
+
+        if (main_pid > 0) {
+                r = kill_and_sigcont(main_pid, sig);
+
+                if (r < 0 && r != -ESRCH) {
+                        _cleanup_free_ char *comm = NULL;
+                        get_process_comm(main_pid, &comm);
+
+                        log_unit_warning_errno(u, r, "Failed to kill main process " PID_FMT " (%s), ignoring: %m", main_pid, strna(comm));
+                } else {
+                        if (!main_pid_alien)
+                                wait_for_exit = true;
+
+                        if (c->send_sighup && k == KILL_TERMINATE)
+                                (void) kill(main_pid, SIGHUP);
+                }
+        }
+
+        if (control_pid > 0) {
+                r = kill_and_sigcont(control_pid, sig);
+
+                if (r < 0 && r != -ESRCH) {
+                        _cleanup_free_ char *comm = NULL;
+                        get_process_comm(control_pid, &comm);
+
+                        log_unit_warning_errno(u, r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m", control_pid, strna(comm));
+                } else {
+                        wait_for_exit = true;
+
+                        if (c->send_sighup && k == KILL_TERMINATE)
+                                (void) kill(control_pid, SIGHUP);
+                }
+        }
+
+        if (u->cgroup_path &&
+            (c->kill_mode == KILL_CONTROL_GROUP || (c->kill_mode == KILL_MIXED && k == KILL_KILL))) {
+                _cleanup_set_free_ Set *pid_set = NULL;
+
+                /* Exclude the main/control pids from being killed via the cgroup */
+                pid_set = unit_pid_set(main_pid, control_pid);
+                if (!pid_set)
+                        return -ENOMEM;
+
+                r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, sig, true, k != KILL_TERMINATE, false, pid_set);
+                if (r < 0) {
+                        if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
+                                log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path);
+
+                } else if (r > 0) {
+
+                        /* FIXME: For now, on the legacy hierarchy, we
+                         * will not wait for the cgroup members to die
+                         * if we are running in a container or if this
+                         * is a delegation unit, simply because cgroup
+                         * notification is unreliable in these
+                         * cases. It doesn't work at all in
+                         * containers, and outside of containers it
+                         * can be confused easily by left-over
+                         * directories in the cgroup — which however
+                         * should not exist in non-delegated units. On
+                         * the unified hierarchy that's different,
+                         * there we get proper events. Hence rely on
+                         * them.*/
+
+                        if  (cg_unified() > 0 ||
+                             (detect_container() == 0 && !unit_cgroup_delegate(u)))
+                                wait_for_exit = true;
+
+                        if (c->send_sighup && k != KILL_KILL) {
+                                set_free(pid_set);
+
+                                pid_set = unit_pid_set(main_pid, control_pid);
+                                if (!pid_set)
+                                        return -ENOMEM;
+
+                                cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, SIGHUP, false, true, false, pid_set);
+                        }
+                }
+        }
+
+        return wait_for_exit;
+}
+
+int unit_require_mounts_for(Unit *u, const char *path) {
+        char prefix[strlen(path) + 1], *p;
+        int r;
+
+        assert(u);
+        assert(path);
+
+        /* Registers a unit for requiring a certain path and all its
+         * prefixes. We keep a simple array of these paths in the
+         * unit, since its usually short. However, we build a prefix
+         * table for all possible prefixes so that new appearing mount
+         * units can easily determine which units to make themselves a
+         * dependency of. */
+
+        if (!path_is_absolute(path))
+                return -EINVAL;
+
+        p = strdup(path);
+        if (!p)
+                return -ENOMEM;
+
+        path_kill_slashes(p);
+
+        if (!path_is_safe(p)) {
+                free(p);
+                return -EPERM;
+        }
+
+        if (strv_contains(u->requires_mounts_for, p)) {
+                free(p);
+                return 0;
+        }
+
+        r = strv_consume(&u->requires_mounts_for, p);
+        if (r < 0)
+                return r;
+
+        PATH_FOREACH_PREFIX_MORE(prefix, p) {
+                Set *x;
+
+                x = hashmap_get(u->manager->units_requiring_mounts_for, prefix);
+                if (!x) {
+                        char *q;
+
+                        r = hashmap_ensure_allocated(&u->manager->units_requiring_mounts_for, &string_hash_ops);
+                        if (r < 0)
+                                return r;
+
+                        q = strdup(prefix);
+                        if (!q)
+                                return -ENOMEM;
+
+                        x = set_new(NULL);
+                        if (!x) {
+                                free(q);
+                                return -ENOMEM;
+                        }
+
+                        r = hashmap_put(u->manager->units_requiring_mounts_for, q, x);
+                        if (r < 0) {
+                                free(q);
+                                set_free(x);
+                                return r;
+                        }
+                }
+
+                r = set_put(x, u);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+int unit_setup_exec_runtime(Unit *u) {
+        ExecRuntime **rt;
+        size_t offset;
+        Iterator i;
+        Unit *other;
+
+        offset = UNIT_VTABLE(u)->exec_runtime_offset;
+        assert(offset > 0);
+
+        /* Check if there already is an ExecRuntime for this unit? */
+        rt = (ExecRuntime**) ((uint8_t*) u + offset);
+        if (*rt)
+                return 0;
+
+        /* Try to get it from somebody else */
+        SET_FOREACH(other, u->dependencies[UNIT_JOINS_NAMESPACE_OF], i) {
+
+                *rt = unit_get_exec_runtime(other);
+                if (*rt) {
+                        exec_runtime_ref(*rt);
+                        return 0;
+                }
+        }
+
+        return exec_runtime_make(rt, unit_get_exec_context(u), u->id);
+}
+
+bool unit_type_supported(UnitType t) {
+        if (_unlikely_(t < 0))
+                return false;
+        if (_unlikely_(t >= _UNIT_TYPE_MAX))
+                return false;
+
+        if (!unit_vtable[t]->supported)
+                return true;
+
+        return unit_vtable[t]->supported();
+}
+
+void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
+        int r;
+
+        assert(u);
+        assert(where);
+
+        r = dir_is_empty(where);
+        if (r > 0)
+                return;
+        if (r < 0) {
+                log_unit_warning_errno(u, r, "Failed to check directory %s: %m", where);
+                return;
+        }
+
+        log_struct(LOG_NOTICE,
+                   LOG_MESSAGE_ID(SD_MESSAGE_OVERMOUNTING),
+                   LOG_UNIT_ID(u),
+                   LOG_UNIT_MESSAGE(u, "Directory %s to mount over is not empty, mounting anyway.", where),
+                   "WHERE=%s", where,
+                   NULL);
+}
+
+int unit_fail_if_symlink(Unit *u, const char* where) {
+        int r;
+
+        assert(u);
+        assert(where);
+
+        r = is_symlink(where);
+        if (r < 0) {
+                log_unit_debug_errno(u, r, "Failed to check symlink %s, ignoring: %m", where);
+                return 0;
+        }
+        if (r == 0)
+                return 0;
+
+        log_struct(LOG_ERR,
+                   LOG_MESSAGE_ID(SD_MESSAGE_OVERMOUNTING),
+                   LOG_UNIT_ID(u),
+                   LOG_UNIT_MESSAGE(u, "Mount on symlink %s not allowed.", where),
+                   "WHERE=%s", where,
+                   NULL);
+
+        return -ELOOP;
+}
+
+bool unit_is_pristine(Unit *u) {
+        assert(u);
+
+        /* Check if the unit already exists or is already around,
+         * in a number of different ways. Note that to cater for unit
+         * types such as slice, we are generally fine with units that
+         * are marked UNIT_LOADED even even though nothing was
+         * actually loaded, as those unit types don't require a file
+         * on disk to validly load. */
+
+        return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) ||
+                 u->fragment_path ||
+                 u->source_path ||
+                 !strv_isempty(u->dropin_paths) ||
+                 u->job ||
+                 u->merged_into);
+}
+
+pid_t unit_control_pid(Unit *u) {
+        assert(u);
+
+        if (UNIT_VTABLE(u)->control_pid)
+                return UNIT_VTABLE(u)->control_pid(u);
+
+        return 0;
+}
+
+pid_t unit_main_pid(Unit *u) {
+        assert(u);
+
+        if (UNIT_VTABLE(u)->main_pid)
+                return UNIT_VTABLE(u)->main_pid(u);
+
+        return 0;
+}
diff --git a/src/core/unit.h b/src/libcore/unit.h
index 08a927962d..08a927962d 100644
--- a/src/core/unit.h
+++ b/src/libcore/unit.h
diff --git a/src/libfirewall/Makefile b/src/libfirewall/Makefile
new file mode 100644
index 0000000000..ced0f7e476
--- /dev/null
+++ b/src/libfirewall/Makefile
@@ -0,0 +1,42 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_LIBIPTC),)
+noinst_LTLIBRARIES += \
+	libfirewall.la
+
+libfirewall_la_SOURCES = \
+	src/shared/firewall-util.h \
+	src/shared/firewall-util.c
+
+libfirewall_la_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(LIBIPTC_CFLAGS)
+
+libfirewall_la_LIBADD = \
+	$(LIBIPTC_LIBS)
+endif # HAVE_LIBIPTC
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/shared/firewall-util.c b/src/libfirewall/firewall-util.c
index f73108eaa3..f73108eaa3 100644
--- a/src/shared/firewall-util.c
+++ b/src/libfirewall/firewall-util.c
diff --git a/src/shared/firewall-util.h b/src/libfirewall/firewall-util.h
index c39b34cf8f..c39b34cf8f 100644
--- a/src/shared/firewall-util.h
+++ b/src/libfirewall/firewall-util.h
diff --git a/src/libshared/Makefile b/src/libshared/Makefile
new file mode 100644
index 0000000000..67a19f4e21
--- /dev/null
+++ b/src/libshared/Makefile
@@ -0,0 +1,149 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+noinst_LTLIBRARIES += \
+	libshared.la
+
+libshared_la_SOURCES = \
+	src/shared/output-mode.h \
+	src/shared/output-mode.c \
+	src/shared/gpt.h \
+	src/shared/udev-util.h \
+	src/shared/linux/auto_dev-ioctl.h \
+	src/shared/initreq.h \
+	src/shared/dns-domain.c \
+	src/shared/dns-domain.h \
+	src/shared/efivars.c \
+	src/shared/efivars.h \
+	src/shared/fstab-util.c \
+	src/shared/fstab-util.h \
+	src/shared/sleep-config.c \
+	src/shared/sleep-config.h \
+	src/shared/conf-parser.c \
+	src/shared/conf-parser.h \
+	src/shared/pager.c \
+	src/shared/pager.h \
+	src/shared/spawn-polkit-agent.c \
+	src/shared/spawn-polkit-agent.h \
+	src/shared/apparmor-util.c \
+	src/shared/apparmor-util.h \
+	src/shared/ima-util.c \
+	src/shared/ima-util.h \
+	src/shared/ptyfwd.c \
+	src/shared/ptyfwd.h \
+	src/shared/base-filesystem.c \
+	src/shared/base-filesystem.h \
+	src/shared/uid-range.c \
+	src/shared/uid-range.h \
+	src/shared/install.c \
+	src/shared/install.h \
+	src/shared/install-printf.c \
+	src/shared/install-printf.h \
+	src/shared/path-lookup.c \
+	src/shared/path-lookup.h \
+	src/shared/specifier.c \
+	src/shared/specifier.h \
+	src/shared/dev-setup.c \
+	src/shared/dev-setup.h \
+	src/shared/dropin.c \
+	src/shared/dropin.h \
+	src/shared/condition.c \
+	src/shared/condition.h \
+	src/shared/clean-ipc.c \
+	src/shared/clean-ipc.h \
+	src/shared/generator.h \
+	src/shared/generator.c \
+	src/shared/acpi-fpdt.h \
+	src/shared/acpi-fpdt.c \
+	src/shared/boot-timestamps.h \
+	src/shared/boot-timestamps.c \
+	src/shared/cgroup-show.c \
+	src/shared/cgroup-show.h \
+	src/shared/utmp-wtmp.h \
+	src/shared/watchdog.c \
+	src/shared/watchdog.h \
+	src/shared/spawn-ask-password-agent.c \
+	src/shared/spawn-ask-password-agent.h \
+	src/shared/ask-password-api.c \
+	src/shared/ask-password-api.h \
+	src/shared/switch-root.h \
+	src/shared/switch-root.c \
+	src/shared/import-util.c \
+	src/shared/import-util.h \
+	src/shared/sysctl-util.c \
+	src/shared/sysctl-util.h \
+	src/shared/bus-util.c \
+	src/shared/bus-util.h \
+	src/shared/logs-show.c \
+	src/shared/logs-show.h \
+	src/shared/machine-image.c \
+	src/shared/machine-image.h \
+	src/shared/machine-pool.c \
+	src/shared/machine-pool.h \
+	src/shared/resolve-util.c \
+	src/shared/resolve-util.h \
+	src/shared/bus-unit-util.c \
+	src/shared/bus-unit-util.h \
+	src/shared/tests.h \
+	src/shared/tests.c
+
+ifneq ($(HAVE_UTMP),)
+libshared_la_SOURCES += \
+	src/shared/utmp-wtmp.c
+endif # HAVE_UTMP
+
+ifneq ($(HAVE_SECCOMP),)
+libshared_la_SOURCES += \
+	src/shared/seccomp-util.h \
+	src/shared/seccomp-util.c
+endif # HAVE_SECCOMP
+
+ifneq ($(HAVE_ACL),)
+libshared_la_SOURCES += \
+	src/shared/acl-util.c \
+	src/shared/acl-util.h
+endif # HAVE_ACL
+
+libshared_la_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(ACL_CFLAGS) \
+	$(LIBIDN_CFLAGS) \
+	$(SECCOMP_CFLAGS)
+
+libshared_la_LIBADD = \
+	libsystemd-internal.la \
+	libsystemd-journal-internal.la \
+	libudev-internal.la \
+	$(ACL_LIBS) \
+	$(LIBIDN_LIBS) \
+	$(SECCOMP_LIBS)
+
+test_local_addresses_SOURCES = \
+	src/libsystemd/sd-netlink/test-local-addresses.c
+
+test_local_addresses_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/shared/acl-util.c b/src/libshared/acl-util.c
index 2aa951fce9..2aa951fce9 100644
--- a/src/shared/acl-util.c
+++ b/src/libshared/acl-util.c
diff --git a/src/shared/acl-util.h b/src/libshared/acl-util.h
index 396e9e067e..396e9e067e 100644
--- a/src/shared/acl-util.h
+++ b/src/libshared/acl-util.h
diff --git a/src/shared/acpi-fpdt.c b/src/libshared/acpi-fpdt.c
index 6779691c28..6779691c28 100644
--- a/src/shared/acpi-fpdt.c
+++ b/src/libshared/acpi-fpdt.c
diff --git a/src/shared/acpi-fpdt.h b/src/libshared/acpi-fpdt.h
index fc28175d0a..fc28175d0a 100644
--- a/src/shared/acpi-fpdt.h
+++ b/src/libshared/acpi-fpdt.h
diff --git a/src/shared/apparmor-util.c b/src/libshared/apparmor-util.c
index edd695fd23..edd695fd23 100644
--- a/src/shared/apparmor-util.c
+++ b/src/libshared/apparmor-util.c
diff --git a/src/shared/apparmor-util.h b/src/libshared/apparmor-util.h
index 524f740152..524f740152 100644
--- a/src/shared/apparmor-util.h
+++ b/src/libshared/apparmor-util.h
diff --git a/src/shared/ask-password-api.c b/src/libshared/ask-password-api.c
index 4a4bd8d3b8..4a4bd8d3b8 100644
--- a/src/shared/ask-password-api.c
+++ b/src/libshared/ask-password-api.c
diff --git a/src/shared/ask-password-api.h b/src/libshared/ask-password-api.h
index 9d7f65130c..9d7f65130c 100644
--- a/src/shared/ask-password-api.h
+++ b/src/libshared/ask-password-api.h
diff --git a/src/shared/base-filesystem.c b/src/libshared/base-filesystem.c
index 59a34a9d11..59a34a9d11 100644
--- a/src/shared/base-filesystem.c
+++ b/src/libshared/base-filesystem.c
diff --git a/src/shared/base-filesystem.h b/src/libshared/base-filesystem.h
index 49599f0a60..49599f0a60 100644
--- a/src/shared/base-filesystem.h
+++ b/src/libshared/base-filesystem.h
diff --git a/src/shared/boot-timestamps.c b/src/libshared/boot-timestamps.c
index 7e0152761c..7e0152761c 100644
--- a/src/shared/boot-timestamps.c
+++ b/src/libshared/boot-timestamps.c
diff --git a/src/shared/boot-timestamps.h b/src/libshared/boot-timestamps.h
index 6f691026be..6f691026be 100644
--- a/src/shared/boot-timestamps.h
+++ b/src/libshared/boot-timestamps.h
diff --git a/src/shared/bus-unit-util.c b/src/libshared/bus-unit-util.c
index f68c4a41ac..f68c4a41ac 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/libshared/bus-unit-util.c
diff --git a/src/libshared/bus-unit-util.h b/src/libshared/bus-unit-util.h
new file mode 100644
index 0000000000..8327189a63
--- /dev/null
+++ b/src/libshared/bus-unit-util.h
@@ -0,0 +1,57 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2016 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "output-mode.h"
+#include "install.h"
+
+typedef struct UnitInfo {
+        const char *machine;
+        const char *id;
+        const char *description;
+        const char *load_state;
+        const char *active_state;
+        const char *sub_state;
+        const char *following;
+        const char *unit_path;
+        uint32_t job_id;
+        const char *job_type;
+        const char *job_path;
+} UnitInfo;
+
+int bus_parse_unit_info(sd_bus_message *message, UnitInfo *u);
+
+int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignment);
+
+typedef struct BusWaitForJobs BusWaitForJobs;
+
+int bus_wait_for_jobs_new(sd_bus *bus, BusWaitForJobs **ret);
+void bus_wait_for_jobs_free(BusWaitForJobs *d);
+int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path);
+int bus_wait_for_jobs(BusWaitForJobs *d, bool quiet, const char* const* extra_args);
+int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(BusWaitForJobs*, bus_wait_for_jobs_free);
+
+int bus_deserialize_and_dump_unit_file_changes(sd_bus_message *m, bool quiet, UnitFileChange **changes, unsigned *n_changes);
+
+int unit_show_processes(sd_bus *bus, const char *unit, const char *cgroup_path, const char *prefix, unsigned n_columns, OutputFlags flags, sd_bus_error *error);
diff --git a/src/libshared/bus-util.c b/src/libshared/bus-util.c
new file mode 100644
index 0000000000..62b5585e84
--- /dev/null
+++ b/src/libshared/bus-util.c
@@ -0,0 +1,1571 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/resource.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus-protocol.h>
+#include <systemd/sd-bus.h>
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "bus-internal.h"
+#include "bus-label.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "def.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "missing.h"
+#include "parse-util.h"
+#include "proc-cmdline.h"
+#include "rlimit-util.h"
+#include "stdio-util.h"
+#include "strv.h"
+#include "user-util.h"
+
+static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+        sd_event *e = userdata;
+
+        assert(m);
+        assert(e);
+
+        sd_bus_close(sd_bus_message_get_bus(m));
+        sd_event_exit(e, 0);
+
+        return 1;
+}
+
+int bus_async_unregister_and_exit(sd_event *e, sd_bus *bus, const char *name) {
+        _cleanup_free_ char *match = NULL;
+        const char *unique;
+        int r;
+
+        assert(e);
+        assert(bus);
+        assert(name);
+
+        /* We unregister the name here and then wait for the
+         * NameOwnerChanged signal for this event to arrive before we
+         * quit. We do this in order to make sure that any queued
+         * requests are still processed before we really exit. */
+
+        r = sd_bus_get_unique_name(bus, &unique);
+        if (r < 0)
+                return r;
+
+        r = asprintf(&match,
+                     "sender='org.freedesktop.DBus',"
+                     "type='signal',"
+                     "interface='org.freedesktop.DBus',"
+                     "member='NameOwnerChanged',"
+                     "path='/org/freedesktop/DBus',"
+                     "arg0='%s',"
+                     "arg1='%s',"
+                     "arg2=''", name, unique);
+        if (r < 0)
+                return -ENOMEM;
+
+        r = sd_bus_add_match(bus, NULL, match, name_owner_change_callback, e);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_release_name(bus, name);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int bus_event_loop_with_idle(
+                sd_event *e,
+                sd_bus *bus,
+                const char *name,
+                usec_t timeout,
+                check_idle_t check_idle,
+                void *userdata) {
+        bool exiting = false;
+        int r, code;
+
+        assert(e);
+        assert(bus);
+        assert(name);
+
+        for (;;) {
+                bool idle;
+
+                r = sd_event_get_state(e);
+                if (r < 0)
+                        return r;
+                if (r == SD_EVENT_FINISHED)
+                        break;
+
+                if (check_idle)
+                        idle = check_idle(userdata);
+                else
+                        idle = true;
+
+                r = sd_event_run(e, exiting || !idle ? (uint64_t) -1 : timeout);
+                if (r < 0)
+                        return r;
+
+                if (r == 0 && !exiting && idle) {
+
+                        r = sd_bus_try_close(bus);
+                        if (r == -EBUSY)
+                                continue;
+
+                        /* Fallback for dbus1 connections: we
+                         * unregister the name and wait for the
+                         * response to come through for it */
+                        if (r == -EOPNOTSUPP) {
+
+                                /* Inform the service manager that we
+                                 * are going down, so that it will
+                                 * queue all further start requests,
+                                 * instead of assuming we are already
+                                 * running. */
+                                sd_notify(false, "STOPPING=1");
+
+                                r = bus_async_unregister_and_exit(e, bus, name);
+                                if (r < 0)
+                                        return r;
+
+                                exiting = true;
+                                continue;
+                        }
+
+                        if (r < 0)
+                                return r;
+
+                        sd_event_exit(e, 0);
+                        break;
+                }
+        }
+
+        r = sd_event_get_exit_code(e, &code);
+        if (r < 0)
+                return r;
+
+        return code;
+}
+
+int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *rep = NULL;
+        int r, has_owner = 0;
+
+        assert(c);
+        assert(name);
+
+        r = sd_bus_call_method(c,
+                               "org.freedesktop.DBus",
+                               "/org/freedesktop/dbus",
+                               "org.freedesktop.DBus",
+                               "NameHasOwner",
+                               error,
+                               &rep,
+                               "s",
+                               name);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read_basic(rep, 'b', &has_owner);
+        if (r < 0)
+                return sd_bus_error_set_errno(error, r);
+
+        return has_owner;
+}
+
+static int check_good_user(sd_bus_message *m, uid_t good_user) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        uid_t sender_uid;
+        int r;
+
+        assert(m);
+
+        if (good_user == UID_INVALID)
+                return 0;
+
+        r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_EUID, &creds);
+        if (r < 0)
+                return r;
+
+        /* Don't trust augmented credentials for authorization */
+        assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM);
+
+        r = sd_bus_creds_get_euid(creds, &sender_uid);
+        if (r < 0)
+                return r;
+
+        return sender_uid == good_user;
+}
+
+int bus_test_polkit(
+                sd_bus_message *call,
+                int capability,
+                const char *action,
+                const char **details,
+                uid_t good_user,
+                bool *_challenge,
+                sd_bus_error *e) {
+
+        int r;
+
+        assert(call);
+        assert(action);
+
+        /* Tests non-interactively! */
+
+        r = check_good_user(call, good_user);
+        if (r != 0)
+                return r;
+
+        r = sd_bus_query_sender_privilege(call, capability);
+        if (r < 0)
+                return r;
+        else if (r > 0)
+                return 1;
+#ifdef ENABLE_POLKIT
+        else {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL;
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+                int authorized = false, challenge = false;
+                const char *sender, **k, **v;
+
+                sender = sd_bus_message_get_sender(call);
+                if (!sender)
+                        return -EBADMSG;
+
+                r = sd_bus_message_new_method_call(
+                                call->bus,
+                                &request,
+                                "org.freedesktop.PolicyKit1",
+                                "/org/freedesktop/PolicyKit1/Authority",
+                                "org.freedesktop.PolicyKit1.Authority",
+                                "CheckAuthorization");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(
+                                request,
+                                "(sa{sv})s",
+                                "system-bus-name", 1, "name", "s", sender,
+                                action);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_open_container(request, 'a', "{ss}");
+                if (r < 0)
+                        return r;
+
+                STRV_FOREACH_PAIR(k, v, details) {
+                        r = sd_bus_message_append(request, "{ss}", *k, *v);
+                        if (r < 0)
+                                return r;
+                }
+
+                r = sd_bus_message_close_container(request);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(request, "us", 0, NULL);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_call(call->bus, request, 0, e, &reply);
+                if (r < 0) {
+                        /* Treat no PK available as access denied */
+                        if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
+                                sd_bus_error_free(e);
+                                return -EACCES;
+                        }
+
+                        return r;
+                }
+
+                r = sd_bus_message_enter_container(reply, 'r', "bba{ss}");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_read(reply, "bb", &authorized, &challenge);
+                if (r < 0)
+                        return r;
+
+                if (authorized)
+                        return 1;
+
+                if (_challenge) {
+                        *_challenge = challenge;
+                        return 0;
+                }
+        }
+#endif
+
+        return -EACCES;
+}
+
+#ifdef ENABLE_POLKIT
+
+typedef struct AsyncPolkitQuery {
+        sd_bus_message *request, *reply;
+        sd_bus_message_handler_t callback;
+        void *userdata;
+        sd_bus_slot *slot;
+        Hashmap *registry;
+} AsyncPolkitQuery;
+
+static void async_polkit_query_free(AsyncPolkitQuery *q) {
+
+        if (!q)
+                return;
+
+        sd_bus_slot_unref(q->slot);
+
+        if (q->registry && q->request)
+                hashmap_remove(q->registry, q->request);
+
+        sd_bus_message_unref(q->request);
+        sd_bus_message_unref(q->reply);
+
+        free(q);
+}
+
+static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
+        AsyncPolkitQuery *q = userdata;
+        int r;
+
+        assert(reply);
+        assert(q);
+
+        q->slot = sd_bus_slot_unref(q->slot);
+        q->reply = sd_bus_message_ref(reply);
+
+        r = sd_bus_message_rewind(q->request, true);
+        if (r < 0) {
+                r = sd_bus_reply_method_errno(q->request, r, NULL);
+                goto finish;
+        }
+
+        r = q->callback(q->request, q->userdata, &error_buffer);
+        r = bus_maybe_reply_error(q->request, r, &error_buffer);
+
+finish:
+        async_polkit_query_free(q);
+
+        return r;
+}
+
+#endif
+
+int bus_verify_polkit_async(
+                sd_bus_message *call,
+                int capability,
+                const char *action,
+                const char **details,
+                bool interactive,
+                uid_t good_user,
+                Hashmap **registry,
+                sd_bus_error *error) {
+
+#ifdef ENABLE_POLKIT
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
+        AsyncPolkitQuery *q;
+        const char *sender, **k, **v;
+        sd_bus_message_handler_t callback;
+        void *userdata;
+        int c;
+#endif
+        int r;
+
+        assert(call);
+        assert(action);
+        assert(registry);
+
+        r = check_good_user(call, good_user);
+        if (r != 0)
+                return r;
+
+#ifdef ENABLE_POLKIT
+        q = hashmap_get(*registry, call);
+        if (q) {
+                int authorized, challenge;
+
+                /* This is the second invocation of this function, and
+                 * there's already a response from polkit, let's
+                 * process it */
+                assert(q->reply);
+
+                if (sd_bus_message_is_method_error(q->reply, NULL)) {
+                        const sd_bus_error *e;
+
+                        /* Copy error from polkit reply */
+                        e = sd_bus_message_get_error(q->reply);
+                        sd_bus_error_copy(error, e);
+
+                        /* Treat no PK available as access denied */
+                        if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN))
+                                return -EACCES;
+
+                        return -sd_bus_error_get_errno(e);
+                }
+
+                r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}");
+                if (r >= 0)
+                        r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge);
+
+                if (r < 0)
+                        return r;
+
+                if (authorized)
+                        return 1;
+
+                if (challenge)
+                        return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
+
+                return -EACCES;
+        }
+#endif
+
+        r = sd_bus_query_sender_privilege(call, capability);
+        if (r < 0)
+                return r;
+        else if (r > 0)
+                return 1;
+
+#ifdef ENABLE_POLKIT
+        if (sd_bus_get_current_message(call->bus) != call)
+                return -EINVAL;
+
+        callback = sd_bus_get_current_handler(call->bus);
+        if (!callback)
+                return -EINVAL;
+
+        userdata = sd_bus_get_current_userdata(call->bus);
+
+        sender = sd_bus_message_get_sender(call);
+        if (!sender)
+                return -EBADMSG;
+
+        c = sd_bus_message_get_allow_interactive_authorization(call);
+        if (c < 0)
+                return c;
+        if (c > 0)
+                interactive = true;
+
+        r = hashmap_ensure_allocated(registry, NULL);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_new_method_call(
+                        call->bus,
+                        &pk,
+                        "org.freedesktop.PolicyKit1",
+                        "/org/freedesktop/PolicyKit1/Authority",
+                        "org.freedesktop.PolicyKit1.Authority",
+                        "CheckAuthorization");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(
+                        pk,
+                        "(sa{sv})s",
+                        "system-bus-name", 1, "name", "s", sender,
+                        action);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_open_container(pk, 'a', "{ss}");
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH_PAIR(k, v, details) {
+                r = sd_bus_message_append(pk, "{ss}", *k, *v);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_close_container(pk);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(pk, "us", !!interactive, NULL);
+        if (r < 0)
+                return r;
+
+        q = new0(AsyncPolkitQuery, 1);
+        if (!q)
+                return -ENOMEM;
+
+        q->request = sd_bus_message_ref(call);
+        q->callback = callback;
+        q->userdata = userdata;
+
+        r = hashmap_put(*registry, call, q);
+        if (r < 0) {
+                async_polkit_query_free(q);
+                return r;
+        }
+
+        q->registry = *registry;
+
+        r = sd_bus_call_async(call->bus, &q->slot, pk, async_polkit_callback, q, 0);
+        if (r < 0) {
+                async_polkit_query_free(q);
+                return r;
+        }
+
+        return 0;
+#endif
+
+        return -EACCES;
+}
+
+void bus_verify_polkit_async_registry_free(Hashmap *registry) {
+#ifdef ENABLE_POLKIT
+        AsyncPolkitQuery *q;
+
+        while ((q = hashmap_steal_first(registry)))
+                async_polkit_query_free(q);
+
+        hashmap_free(registry);
+#endif
+}
+
+int bus_check_peercred(sd_bus *c) {
+        struct ucred ucred;
+        socklen_t l;
+        int fd;
+
+        assert(c);
+
+        fd = sd_bus_get_fd(c);
+        if (fd < 0)
+                return fd;
+
+        l = sizeof(struct ucred);
+        if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0)
+                return -errno;
+
+        if (l != sizeof(struct ucred))
+                return -E2BIG;
+
+        if (ucred.uid != 0 && ucred.uid != geteuid())
+                return -EPERM;
+
+        return 1;
+}
+
+int bus_connect_system_systemd(sd_bus **_bus) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        assert(_bus);
+
+        if (geteuid() != 0)
+                return sd_bus_default_system(_bus);
+
+        /* If we are root and kdbus is not available, then let's talk
+         * directly to the system instance, instead of going via the
+         * bus */
+
+        r = sd_bus_new(&bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_set_address(bus, KERNEL_SYSTEM_BUS_ADDRESS);
+        if (r < 0)
+                return r;
+
+        bus->bus_client = true;
+
+        r = sd_bus_start(bus);
+        if (r >= 0) {
+                *_bus = bus;
+                bus = NULL;
+                return 0;
+        }
+
+        bus = sd_bus_unref(bus);
+
+        r = sd_bus_new(&bus);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_set_address(bus, "unix:path=/run/systemd/private");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_start(bus);
+        if (r < 0)
+                return sd_bus_default_system(_bus);
+
+        r = bus_check_peercred(bus);
+        if (r < 0)
+                return r;
+
+        *_bus = bus;
+        bus = NULL;
+
+        return 0;
+}
+
+int bus_connect_user_systemd(sd_bus **_bus) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ char *ee = NULL;
+        const char *e;
+        int r;
+
+        /* Try via kdbus first, and then directly */
+
+        assert(_bus);
+
+        r = sd_bus_new(&bus);
+        if (r < 0)
+                return r;
+
+        if (asprintf(&bus->address, KERNEL_USER_BUS_ADDRESS_FMT, getuid()) < 0)
+                return -ENOMEM;
+
+        bus->bus_client = true;
+
+        r = sd_bus_start(bus);
+        if (r >= 0) {
+                *_bus = bus;
+                bus = NULL;
+                return 0;
+        }
+
+        bus = sd_bus_unref(bus);
+
+        e = secure_getenv("XDG_RUNTIME_DIR");
+        if (!e)
+                return sd_bus_default_user(_bus);
+
+        ee = bus_address_escape(e);
+        if (!ee)
+                return -ENOMEM;
+
+        r = sd_bus_new(&bus);
+        if (r < 0)
+                return r;
+
+        bus->address = strjoin("unix:path=", ee, "/systemd/private", NULL);
+        if (!bus->address)
+                return -ENOMEM;
+
+        r = sd_bus_start(bus);
+        if (r < 0)
+                return sd_bus_default_user(_bus);
+
+        r = bus_check_peercred(bus);
+        if (r < 0)
+                return r;
+
+        *_bus = bus;
+        bus = NULL;
+
+        return 0;
+}
+
+#define print_property(name, fmt, ...)                                  \
+        do {                                                            \
+                if (value)                                              \
+                        printf(fmt "\n", __VA_ARGS__);                  \
+                else                                                    \
+                        printf("%s=" fmt "\n", name, __VA_ARGS__);      \
+        } while(0)
+
+int bus_print_property(const char *name, sd_bus_message *property, bool value, bool all) {
+        char type;
+        const char *contents;
+        int r;
+
+        assert(name);
+        assert(property);
+
+        r = sd_bus_message_peek_type(property, &type, &contents);
+        if (r < 0)
+                return r;
+
+        switch (type) {
+
+        case SD_BUS_TYPE_STRING: {
+                const char *s;
+
+                r = sd_bus_message_read_basic(property, type, &s);
+                if (r < 0)
+                        return r;
+
+                if (all || !isempty(s)) {
+                        _cleanup_free_ char *escaped = NULL;
+
+                        escaped = xescape(s, "\n");
+                        if (!escaped)
+                                return -ENOMEM;
+
+                        print_property(name, "%s", escaped);
+                }
+
+                return 1;
+        }
+
+        case SD_BUS_TYPE_BOOLEAN: {
+                int b;
+
+                r = sd_bus_message_read_basic(property, type, &b);
+                if (r < 0)
+                        return r;
+
+                print_property(name, "%s", yes_no(b));
+
+                return 1;
+        }
+
+        case SD_BUS_TYPE_UINT64: {
+                uint64_t u;
+
+                r = sd_bus_message_read_basic(property, type, &u);
+                if (r < 0)
+                        return r;
+
+                /* Yes, heuristics! But we can change this check
+                 * should it turn out to not be sufficient */
+
+                if (endswith(name, "Timestamp")) {
+                        char timestamp[FORMAT_TIMESTAMP_MAX], *t;
+
+                        t = format_timestamp(timestamp, sizeof(timestamp), u);
+                        if (t || all)
+                                print_property(name, "%s", strempty(t));
+
+                } else if (strstr(name, "USec")) {
+                        char timespan[FORMAT_TIMESPAN_MAX];
+
+                        print_property(name, "%s", format_timespan(timespan, sizeof(timespan), u, 0));
+                } else
+                        print_property(name, "%"PRIu64, u);
+
+                return 1;
+        }
+
+        case SD_BUS_TYPE_INT64: {
+                int64_t i;
+
+                r = sd_bus_message_read_basic(property, type, &i);
+                if (r < 0)
+                        return r;
+
+                print_property(name, "%"PRIi64, i);
+
+                return 1;
+        }
+
+        case SD_BUS_TYPE_UINT32: {
+                uint32_t u;
+
+                r = sd_bus_message_read_basic(property, type, &u);
+                if (r < 0)
+                        return r;
+
+                if (strstr(name, "UMask") || strstr(name, "Mode"))
+                        print_property(name, "%04o", u);
+                else
+                        print_property(name, "%"PRIu32, u);
+
+                return 1;
+        }
+
+        case SD_BUS_TYPE_INT32: {
+                int32_t i;
+
+                r = sd_bus_message_read_basic(property, type, &i);
+                if (r < 0)
+                        return r;
+
+                print_property(name, "%"PRIi32, i);
+                return 1;
+        }
+
+        case SD_BUS_TYPE_DOUBLE: {
+                double d;
+
+                r = sd_bus_message_read_basic(property, type, &d);
+                if (r < 0)
+                        return r;
+
+                print_property(name, "%g", d);
+                return 1;
+        }
+
+        case SD_BUS_TYPE_ARRAY:
+                if (streq(contents, "s")) {
+                        bool first = true;
+                        const char *str;
+
+                        r = sd_bus_message_enter_container(property, SD_BUS_TYPE_ARRAY, contents);
+                        if (r < 0)
+                                return r;
+
+                        while ((r = sd_bus_message_read_basic(property, SD_BUS_TYPE_STRING, &str)) > 0) {
+                                _cleanup_free_ char *escaped = NULL;
+
+                                if (first && !value)
+                                        printf("%s=", name);
+
+                                escaped = xescape(str, "\n ");
+                                if (!escaped)
+                                        return -ENOMEM;
+
+                                printf("%s%s", first ? "" : " ", escaped);
+
+                                first = false;
+                        }
+                        if (r < 0)
+                                return r;
+
+                        if (first && all && !value)
+                                printf("%s=", name);
+                        if (!first || all)
+                                puts("");
+
+                        r = sd_bus_message_exit_container(property);
+                        if (r < 0)
+                                return r;
+
+                        return 1;
+
+                } else if (streq(contents, "y")) {
+                        const uint8_t *u;
+                        size_t n;
+
+                        r = sd_bus_message_read_array(property, SD_BUS_TYPE_BYTE, (const void**) &u, &n);
+                        if (r < 0)
+                                return r;
+
+                        if (all || n > 0) {
+                                unsigned int i;
+
+                                if (!value)
+                                        printf("%s=", name);
+
+                                for (i = 0; i < n; i++)
+                                        printf("%02x", u[i]);
+
+                                puts("");
+                        }
+
+                        return 1;
+
+                } else if (streq(contents, "u")) {
+                        uint32_t *u;
+                        size_t n;
+
+                        r = sd_bus_message_read_array(property, SD_BUS_TYPE_UINT32, (const void**) &u, &n);
+                        if (r < 0)
+                                return r;
+
+                        if (all || n > 0) {
+                                unsigned int i;
+
+                                if (!value)
+                                        printf("%s=", name);
+
+                                for (i = 0; i < n; i++)
+                                        printf("%08x", u[i]);
+
+                                puts("");
+                        }
+
+                        return 1;
+                }
+
+                break;
+        }
+
+        return 0;
+}
+
+int bus_print_all_properties(sd_bus *bus, const char *dest, const char *path, char **filter, bool value, bool all) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(path);
+
+        r = sd_bus_call_method(bus,
+                        dest,
+                        path,
+                        "org.freedesktop.DBus.Properties",
+                        "GetAll",
+                        &error,
+                        &reply,
+                        "s", "");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
+        if (r < 0)
+                return r;
+
+        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
+                const char *name;
+                const char *contents;
+
+                r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_STRING, &name);
+                if (r < 0)
+                        return r;
+
+                if (!filter || strv_find(filter, name)) {
+                        r = sd_bus_message_peek_type(reply, NULL, &contents);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, contents);
+                        if (r < 0)
+                                return r;
+
+                        r = bus_print_property(name, reply, value, all);
+                        if (r < 0)
+                                return r;
+                        if (r == 0) {
+                                if (all)
+                                        printf("%s=[unprintable]\n", name);
+                                /* skip what we didn't read */
+                                r = sd_bus_message_skip(reply, contents);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        r = sd_bus_message_exit_container(reply);
+                        if (r < 0)
+                                return r;
+                } else {
+                        r = sd_bus_message_skip(reply, "v");
+                        if (r < 0)
+                                return r;
+                }
+
+                r = sd_bus_message_exit_container(reply);
+                if (r < 0)
+                        return r;
+        }
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_exit_container(reply);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int bus_map_id128(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
+        sd_id128_t *p = userdata;
+        const void *v;
+        size_t n;
+        int r;
+
+        r = sd_bus_message_read_array(m, SD_BUS_TYPE_BYTE, &v, &n);
+        if (r < 0)
+                return r;
+
+        if (n == 0)
+                *p = SD_ID128_NULL;
+        else if (n == 16)
+                memcpy((*p).bytes, v, n);
+        else
+                return -EINVAL;
+
+        return 0;
+}
+
+static int map_basic(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
+        char type;
+        int r;
+
+        r = sd_bus_message_peek_type(m, &type, NULL);
+        if (r < 0)
+                return r;
+
+        switch (type) {
+        case SD_BUS_TYPE_STRING: {
+                const char *s;
+                char **p = userdata;
+
+                r = sd_bus_message_read_basic(m, type, &s);
+                if (r < 0)
+                        break;
+
+                if (isempty(s))
+                        break;
+
+                r = free_and_strdup(p, s);
+                break;
+        }
+
+        case SD_BUS_TYPE_ARRAY: {
+                _cleanup_strv_free_ char **l = NULL;
+                char ***p = userdata;
+
+                r = bus_message_read_strv_extend(m, &l);
+                if (r < 0)
+                        break;
+
+                strv_free(*p);
+                *p = l;
+                l = NULL;
+
+                break;
+        }
+
+        case SD_BUS_TYPE_BOOLEAN: {
+                unsigned b;
+                bool *p = userdata;
+
+                r = sd_bus_message_read_basic(m, type, &b);
+                if (r < 0)
+                        break;
+
+                *p = b;
+
+                break;
+        }
+
+        case SD_BUS_TYPE_UINT32: {
+                uint32_t u;
+                uint32_t *p = userdata;
+
+                r = sd_bus_message_read_basic(m, type, &u);
+                if (r < 0)
+                        break;
+
+                *p = u;
+
+                break;
+        }
+
+        case SD_BUS_TYPE_UINT64: {
+                uint64_t t;
+                uint64_t *p = userdata;
+
+                r = sd_bus_message_read_basic(m, type, &t);
+                if (r < 0)
+                        break;
+
+                *p = t;
+
+                break;
+        }
+
+        default:
+                break;
+        }
+
+        return r;
+}
+
+int bus_message_map_all_properties(
+                sd_bus_message *m,
+                const struct bus_properties_map *map,
+                void *userdata) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(m);
+        assert(map);
+
+        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "{sv}");
+        if (r < 0)
+                return r;
+
+        while ((r = sd_bus_message_enter_container(m, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
+                const struct bus_properties_map *prop;
+                const char *member;
+                const char *contents;
+                void *v;
+                unsigned i;
+
+                r = sd_bus_message_read_basic(m, SD_BUS_TYPE_STRING, &member);
+                if (r < 0)
+                        return r;
+
+                for (i = 0, prop = NULL; map[i].member; i++)
+                        if (streq(map[i].member, member)) {
+                                prop = &map[i];
+                                break;
+                        }
+
+                if (prop) {
+                        r = sd_bus_message_peek_type(m, NULL, &contents);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, contents);
+                        if (r < 0)
+                                return r;
+
+                        v = (uint8_t *)userdata + prop->offset;
+                        if (map[i].set)
+                                r = prop->set(sd_bus_message_get_bus(m), member, m, &error, v);
+                        else
+                                r = map_basic(sd_bus_message_get_bus(m), member, m, &error, v);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return r;
+                } else {
+                        r = sd_bus_message_skip(m, "v");
+                        if (r < 0)
+                                return r;
+                }
+
+                r = sd_bus_message_exit_container(m);
+                if (r < 0)
+                        return r;
+        }
+        if (r < 0)
+                return r;
+
+        return sd_bus_message_exit_container(m);
+}
+
+int bus_message_map_properties_changed(
+                sd_bus_message *m,
+                const struct bus_properties_map *map,
+                void *userdata) {
+
+        const char *member;
+        int r, invalidated, i;
+
+        assert(m);
+        assert(map);
+
+        r = bus_message_map_all_properties(m, map, userdata);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "s");
+        if (r < 0)
+                return r;
+
+        invalidated = 0;
+        while ((r = sd_bus_message_read_basic(m, SD_BUS_TYPE_STRING, &member)) > 0)
+                for (i = 0; map[i].member; i++)
+                        if (streq(map[i].member, member)) {
+                                ++invalidated;
+                                break;
+                        }
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_exit_container(m);
+        if (r < 0)
+                return r;
+
+        return invalidated;
+}
+
+int bus_map_all_properties(
+                sd_bus *bus,
+                const char *destination,
+                const char *path,
+                const struct bus_properties_map *map,
+                void *userdata) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(destination);
+        assert(path);
+        assert(map);
+
+        r = sd_bus_call_method(
+                        bus,
+                        destination,
+                        path,
+                        "org.freedesktop.DBus.Properties",
+                        "GetAll",
+                        &error,
+                        &m,
+                        "s", "");
+        if (r < 0)
+                return r;
+
+        return bus_message_map_all_properties(m, map, userdata);
+}
+
+int bus_connect_transport(BusTransport transport, const char *host, bool user, sd_bus **bus) {
+        int r;
+
+        assert(transport >= 0);
+        assert(transport < _BUS_TRANSPORT_MAX);
+        assert(bus);
+
+        assert_return((transport == BUS_TRANSPORT_LOCAL) == !host, -EINVAL);
+        assert_return(transport == BUS_TRANSPORT_LOCAL || !user, -EOPNOTSUPP);
+
+        switch (transport) {
+
+        case BUS_TRANSPORT_LOCAL:
+                if (user)
+                        r = sd_bus_default_user(bus);
+                else
+                        r = sd_bus_default_system(bus);
+
+                break;
+
+        case BUS_TRANSPORT_REMOTE:
+                r = sd_bus_open_system_remote(bus, host);
+                break;
+
+        case BUS_TRANSPORT_MACHINE:
+                r = sd_bus_open_system_machine(bus, host);
+                break;
+
+        default:
+                assert_not_reached("Hmm, unknown transport type.");
+        }
+
+        return r;
+}
+
+int bus_connect_transport_systemd(BusTransport transport, const char *host, bool user, sd_bus **bus) {
+        int r;
+
+        assert(transport >= 0);
+        assert(transport < _BUS_TRANSPORT_MAX);
+        assert(bus);
+
+        assert_return((transport == BUS_TRANSPORT_LOCAL) == !host, -EINVAL);
+        assert_return(transport == BUS_TRANSPORT_LOCAL || !user, -EOPNOTSUPP);
+
+        switch (transport) {
+
+        case BUS_TRANSPORT_LOCAL:
+                if (user)
+                        r = bus_connect_user_systemd(bus);
+                else
+                        r = bus_connect_system_systemd(bus);
+
+                break;
+
+        case BUS_TRANSPORT_REMOTE:
+                r = sd_bus_open_system_remote(bus, host);
+                break;
+
+        case BUS_TRANSPORT_MACHINE:
+                r = sd_bus_open_system_machine(bus, host);
+                break;
+
+        default:
+                assert_not_reached("Hmm, unknown transport type.");
+        }
+
+        return r;
+}
+
+int bus_property_get_bool(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        int b = *(bool*) userdata;
+
+        return sd_bus_message_append_basic(reply, 'b', &b);
+}
+
+#if __SIZEOF_SIZE_T__ != 8
+int bus_property_get_size(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        uint64_t sz = *(size_t*) userdata;
+
+        return sd_bus_message_append_basic(reply, 't', &sz);
+}
+#endif
+
+#if __SIZEOF_LONG__ != 8
+int bus_property_get_long(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        int64_t l = *(long*) userdata;
+
+        return sd_bus_message_append_basic(reply, 'x', &l);
+}
+
+int bus_property_get_ulong(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        uint64_t ul = *(unsigned long*) userdata;
+
+        return sd_bus_message_append_basic(reply, 't', &ul);
+}
+#endif
+
+int bus_log_parse_error(int r) {
+        return log_error_errno(r, "Failed to parse bus message: %m");
+}
+
+int bus_log_create_error(int r) {
+        return log_error_errno(r, "Failed to create bus message: %m");
+}
+
+/**
+ * bus_path_encode_unique() - encode unique object path
+ * @b: bus connection or NULL
+ * @prefix: object path prefix
+ * @sender_id: unique-name of client, or NULL
+ * @external_id: external ID to be chosen by client, or NULL
+ * @ret_path: storage for encoded object path pointer
+ *
+ * Whenever we provide a bus API that allows clients to create and manage
+ * server-side objects, we need to provide a unique name for these objects. If
+ * we let the server choose the name, we suffer from a race condition: If a
+ * client creates an object asynchronously, it cannot destroy that object until
+ * it received the method reply. It cannot know the name of the new object,
+ * thus, it cannot destroy it. Furthermore, it enforces a round-trip.
+ *
+ * Therefore, many APIs allow the client to choose the unique name for newly
+ * created objects. There're two problems to solve, though:
+ *    1) Object names are usually defined via dbus object paths, which are
+ *       usually globally namespaced. Therefore, multiple clients must be able
+ *       to choose unique object names without interference.
+ *    2) If multiple libraries share the same bus connection, they must be
+ *       able to choose unique object names without interference.
+ * The first problem is solved easily by prefixing a name with the
+ * unique-bus-name of a connection. The server side must enforce this and
+ * reject any other name. The second problem is solved by providing unique
+ * suffixes from within sd-bus.
+ *
+ * This helper allows clients to create unique object-paths. It uses the
+ * template '/prefix/sender_id/external_id' and returns the new path in
+ * @ret_path (must be freed by the caller).
+ * If @sender_id is NULL, the unique-name of @b is used. If @external_id is
+ * NULL, this function allocates a unique suffix via @b (by requesting a new
+ * cookie). If both @sender_id and @external_id are given, @b can be passed as
+ * NULL.
+ *
+ * Returns: 0 on success, negative error code on failure.
+ */
+int bus_path_encode_unique(sd_bus *b, const char *prefix, const char *sender_id, const char *external_id, char **ret_path) {
+        _cleanup_free_ char *sender_label = NULL, *external_label = NULL;
+        char external_buf[DECIMAL_STR_MAX(uint64_t)], *p;
+        int r;
+
+        assert_return(b || (sender_id && external_id), -EINVAL);
+        assert_return(object_path_is_valid(prefix), -EINVAL);
+        assert_return(ret_path, -EINVAL);
+
+        if (!sender_id) {
+                r = sd_bus_get_unique_name(b, &sender_id);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!external_id) {
+                xsprintf(external_buf, "%"PRIu64, ++b->cookie);
+                external_id = external_buf;
+        }
+
+        sender_label = bus_label_escape(sender_id);
+        if (!sender_label)
+                return -ENOMEM;
+
+        external_label = bus_label_escape(external_id);
+        if (!external_label)
+                return -ENOMEM;
+
+        p = strjoin(prefix, "/", sender_label, "/", external_label, NULL);
+        if (!p)
+                return -ENOMEM;
+
+        *ret_path = p;
+        return 0;
+}
+
+/**
+ * bus_path_decode_unique() - decode unique object path
+ * @path: object path to decode
+ * @prefix: object path prefix
+ * @ret_sender: output parameter for sender-id label
+ * @ret_external: output parameter for external-id label
+ *
+ * This does the reverse of bus_path_encode_unique() (see its description for
+ * details). Both trailing labels, sender-id and external-id, are unescaped and
+ * returned in the given output parameters (the caller must free them).
+ *
+ * Note that this function returns 0 if the path does not match the template
+ * (see bus_path_encode_unique()), 1 if it matched.
+ *
+ * Returns: Negative error code on failure, 0 if the given object path does not
+ *          match the template (return parameters are set to NULL), 1 if it was
+ *          parsed successfully (return parameters contain allocated labels).
+ */
+int bus_path_decode_unique(const char *path, const char *prefix, char **ret_sender, char **ret_external) {
+        const char *p, *q;
+        char *sender, *external;
+
+        assert(object_path_is_valid(path));
+        assert(object_path_is_valid(prefix));
+        assert(ret_sender);
+        assert(ret_external);
+
+        p = object_path_startswith(path, prefix);
+        if (!p) {
+                *ret_sender = NULL;
+                *ret_external = NULL;
+                return 0;
+        }
+
+        q = strchr(p, '/');
+        if (!q) {
+                *ret_sender = NULL;
+                *ret_external = NULL;
+                return 0;
+        }
+
+        sender = bus_label_unescape_n(p, q - p);
+        external = bus_label_unescape(q + 1);
+        if (!sender || !external) {
+                free(sender);
+                free(external);
+                return -ENOMEM;
+        }
+
+        *ret_sender = sender;
+        *ret_external = external;
+        return 1;
+}
+
+bool is_kdbus_wanted(void) {
+        _cleanup_free_ char *value = NULL;
+#ifdef ENABLE_KDBUS
+        const bool configured = true;
+#else
+        const bool configured = false;
+#endif
+
+        int r;
+
+        if (get_proc_cmdline_key("kdbus", NULL) > 0)
+                return true;
+
+        r = get_proc_cmdline_key("kdbus=", &value);
+        if (r <= 0)
+                return configured;
+
+        return parse_boolean(value) == 1;
+}
+
+bool is_kdbus_available(void) {
+        _cleanup_close_ int fd = -1;
+        struct kdbus_cmd cmd = { .size = sizeof(cmd), .flags = KDBUS_FLAG_NEGOTIATE };
+
+        if (!is_kdbus_wanted())
+                return false;
+
+        fd = open("/sys/fs/kdbus/control", O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY);
+        if (fd < 0)
+                return false;
+
+        return ioctl(fd, KDBUS_CMD_BUS_MAKE, &cmd) >= 0;
+}
+
+int bus_property_get_rlimit(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        struct rlimit *rl;
+        uint64_t u;
+        rlim_t x;
+        const char *is_soft;
+
+        assert(bus);
+        assert(reply);
+        assert(userdata);
+
+        is_soft = endswith(property, "Soft");
+        rl = *(struct rlimit**) userdata;
+        if (rl)
+                x = is_soft ? rl->rlim_cur : rl->rlim_max;
+        else {
+                struct rlimit buf = {};
+                int z;
+                const char *s;
+
+                s = is_soft ? strndupa(property, is_soft - property) : property;
+
+                z = rlimit_from_string(strstr(s, "Limit"));
+                assert(z >= 0);
+
+                getrlimit(z, &buf);
+                x = is_soft ? buf.rlim_cur : buf.rlim_max;
+        }
+
+        /* rlim_t might have different sizes, let's map
+         * RLIMIT_INFINITY to (uint64_t) -1, so that it is the same on
+         * all archs */
+        u = x == RLIM_INFINITY ? (uint64_t) -1 : (uint64_t) x;
+
+        return sd_bus_message_append(reply, "t", u);
+}
diff --git a/src/libshared/bus-util.h b/src/libshared/bus-util.h
new file mode 100644
index 0000000000..f2b46530ba
--- /dev/null
+++ b/src/libshared/bus-util.h
@@ -0,0 +1,163 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+
+#include "hashmap.h"
+#include "macro.h"
+#include "string-util.h"
+
+typedef enum BusTransport {
+        BUS_TRANSPORT_LOCAL,
+        BUS_TRANSPORT_REMOTE,
+        BUS_TRANSPORT_MACHINE,
+        _BUS_TRANSPORT_MAX,
+        _BUS_TRANSPORT_INVALID = -1
+} BusTransport;
+
+typedef int (*bus_property_set_t) (sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata);
+
+struct bus_properties_map {
+        const char *member;
+        const char *signature;
+        bus_property_set_t set;
+        size_t offset;
+};
+
+int bus_map_id128(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata);
+
+int bus_message_map_all_properties(sd_bus_message *m, const struct bus_properties_map *map,  void *userdata);
+int bus_message_map_properties_changed(sd_bus_message *m, const struct bus_properties_map *map, void *userdata);
+int bus_map_all_properties(sd_bus *bus, const char *destination, const char *path, const struct bus_properties_map *map, void *userdata);
+
+int bus_async_unregister_and_exit(sd_event *e, sd_bus *bus, const char *name);
+
+typedef bool (*check_idle_t)(void *userdata);
+
+int bus_event_loop_with_idle(sd_event *e, sd_bus *bus, const char *name, usec_t timeout, check_idle_t check_idle, void *userdata);
+
+int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error);
+
+int bus_check_peercred(sd_bus *c);
+
+int bus_test_polkit(sd_bus_message *call, int capability, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);
+
+int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, const char **details, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error);
+void bus_verify_polkit_async_registry_free(Hashmap *registry);
+
+int bus_connect_system_systemd(sd_bus **_bus);
+int bus_connect_user_systemd(sd_bus **_bus);
+
+int bus_connect_transport(BusTransport transport, const char *host, bool user, sd_bus **bus);
+int bus_connect_transport_systemd(BusTransport transport, const char *host, bool user, sd_bus **bus);
+
+int bus_print_property(const char *name, sd_bus_message *property, bool value, bool all);
+int bus_print_all_properties(sd_bus *bus, const char *dest, const char *path, char **filter, bool value, bool all);
+
+int bus_property_get_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+
+#define bus_property_get_usec ((sd_bus_property_get_t) NULL)
+#define bus_property_set_usec ((sd_bus_property_set_t) NULL)
+
+assert_cc(sizeof(int) == sizeof(int32_t));
+#define bus_property_get_int ((sd_bus_property_get_t) NULL)
+
+assert_cc(sizeof(unsigned) == sizeof(unsigned));
+#define bus_property_get_unsigned ((sd_bus_property_get_t) NULL)
+
+/* On 64bit machines we can use the default serializer for size_t and
+ * friends, otherwise we need to cast this manually */
+#if __SIZEOF_SIZE_T__ == 8
+#define bus_property_get_size ((sd_bus_property_get_t) NULL)
+#else
+int bus_property_get_size(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+#endif
+
+#if __SIZEOF_LONG__ == 8
+#define bus_property_get_long ((sd_bus_property_get_t) NULL)
+#define bus_property_get_ulong ((sd_bus_property_get_t) NULL)
+#else
+int bus_property_get_long(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+int bus_property_get_ulong(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
+#endif
+
+/* uid_t and friends on Linux 32 bit. This means we can just use the
+ * default serializer for 32bit unsigned, for serializing it, and map
+ * it to NULL here */
+assert_cc(sizeof(uid_t) == sizeof(uint32_t));
+#define bus_property_get_uid ((sd_bus_property_get_t) NULL)
+
+assert_cc(sizeof(gid_t) == sizeof(uint32_t));
+#define bus_property_get_gid ((sd_bus_property_get_t) NULL)
+
+assert_cc(sizeof(pid_t) == sizeof(uint32_t));
+#define bus_property_get_pid ((sd_bus_property_get_t) NULL)
+
+assert_cc(sizeof(mode_t) == sizeof(uint32_t));
+#define bus_property_get_mode ((sd_bus_property_get_t) NULL)
+
+int bus_log_parse_error(int r);
+int bus_log_create_error(int r);
+
+#define BUS_DEFINE_PROPERTY_GET_ENUM(function, name, type)              \
+        int function(sd_bus *bus,                                       \
+                     const char *path,                                  \
+                     const char *interface,                             \
+                     const char *property,                              \
+                     sd_bus_message *reply,                             \
+                     void *userdata,                                    \
+                     sd_bus_error *error) {                             \
+                                                                        \
+                const char *value;                                      \
+                type *field = userdata;                                 \
+                int r;                                                  \
+                                                                        \
+                assert(bus);                                            \
+                assert(reply);                                          \
+                assert(field);                                          \
+                                                                        \
+                value = strempty(name##_to_string(*field));             \
+                                                                        \
+                r = sd_bus_message_append_basic(reply, 's', value);     \
+                if (r < 0)                                              \
+                        return r;                                       \
+                                                                        \
+                return 1;                                               \
+        }                                                               \
+        struct __useless_struct_to_allow_trailing_semicolon__
+
+#define BUS_PROPERTY_DUAL_TIMESTAMP(name, offset, flags) \
+        SD_BUS_PROPERTY(name, "t", bus_property_get_usec, (offset) + offsetof(struct dual_timestamp, realtime), (flags)), \
+        SD_BUS_PROPERTY(name "Monotonic", "t", bus_property_get_usec, (offset) + offsetof(struct dual_timestamp, monotonic), (flags))
+
+int bus_path_encode_unique(sd_bus *b, const char *prefix, const char *sender_id, const char *external_id, char **ret_path);
+int bus_path_decode_unique(const char *path, const char *prefix, char **ret_sender, char **ret_external);
+
+bool is_kdbus_wanted(void);
+bool is_kdbus_available(void);
+
+int bus_property_get_rlimit(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
diff --git a/src/shared/cgroup-show.c b/src/libshared/cgroup-show.c
index 3e451db715..3e451db715 100644
--- a/src/shared/cgroup-show.c
+++ b/src/libshared/cgroup-show.c
diff --git a/src/shared/cgroup-show.h b/src/libshared/cgroup-show.h
index 5c1d6e6d98..5c1d6e6d98 100644
--- a/src/shared/cgroup-show.h
+++ b/src/libshared/cgroup-show.h
diff --git a/src/shared/clean-ipc.c b/src/libshared/clean-ipc.c
index a3ac7aeb82..a3ac7aeb82 100644
--- a/src/shared/clean-ipc.c
+++ b/src/libshared/clean-ipc.c
diff --git a/src/shared/clean-ipc.h b/src/libshared/clean-ipc.h
index 44a83afcf7..44a83afcf7 100644
--- a/src/shared/clean-ipc.h
+++ b/src/libshared/clean-ipc.h
diff --git a/src/libshared/condition.c b/src/libshared/condition.c
new file mode 100644
index 0000000000..33ca6e029e
--- /dev/null
+++ b/src/libshared/condition.c
@@ -0,0 +1,541 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <fnmatch.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "apparmor-util.h"
+#include "architecture.h"
+#include "audit-util.h"
+#include "cap-list.h"
+#include "condition.h"
+#include "extract-word.h"
+#include "fd-util.h"
+#include "glob-util.h"
+#include "hostname-util.h"
+#include "ima-util.h"
+#include "list.h"
+#include "macro.h"
+#include "mount-util.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "proc-cmdline.h"
+#include "selinux-util.h"
+#include "smack-util.h"
+#include "stat-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "util.h"
+#include "virt.h"
+
+Condition* condition_new(ConditionType type, const char *parameter, bool trigger, bool negate) {
+        Condition *c;
+        int r;
+
+        assert(type >= 0);
+        assert(type < _CONDITION_TYPE_MAX);
+        assert((!parameter) == (type == CONDITION_NULL));
+
+        c = new0(Condition, 1);
+        if (!c)
+                return NULL;
+
+        c->type = type;
+        c->trigger = trigger;
+        c->negate = negate;
+
+        r = free_and_strdup(&c->parameter, parameter);
+        if (r < 0) {
+                free(c);
+                return NULL;
+        }
+
+        return c;
+}
+
+void condition_free(Condition *c) {
+        assert(c);
+
+        free(c->parameter);
+        free(c);
+}
+
+Condition* condition_free_list(Condition *first) {
+        Condition *c, *n;
+
+        LIST_FOREACH_SAFE(conditions, c, n, first)
+                condition_free(c);
+
+        return NULL;
+}
+
+static int condition_test_kernel_command_line(Condition *c) {
+        _cleanup_free_ char *line = NULL;
+        const char *p;
+        bool equal;
+        int r;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_KERNEL_COMMAND_LINE);
+
+        r = proc_cmdline(&line);
+        if (r < 0)
+                return r;
+
+        equal = !!strchr(c->parameter, '=');
+        p = line;
+
+        for (;;) {
+                _cleanup_free_ char *word = NULL;
+                bool found;
+
+                r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES|EXTRACT_RELAX);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                if (equal)
+                        found = streq(word, c->parameter);
+                else {
+                        const char *f;
+
+                        f = startswith(word, c->parameter);
+                        found = f && (*f == '=' || *f == 0);
+                }
+
+                if (found)
+                        return true;
+        }
+
+        return false;
+}
+
+static int condition_test_virtualization(Condition *c) {
+        int b, v;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_VIRTUALIZATION);
+
+        v = detect_virtualization();
+        if (v < 0)
+                return v;
+
+        /* First, compare with yes/no */
+        b = parse_boolean(c->parameter);
+
+        if (v > 0 && b > 0)
+                return true;
+
+        if (v == 0 && b == 0)
+                return true;
+
+        /* Then, compare categorization */
+        if (VIRTUALIZATION_IS_VM(v) && streq(c->parameter, "vm"))
+                return true;
+
+        if (VIRTUALIZATION_IS_CONTAINER(v) && streq(c->parameter, "container"))
+                return true;
+
+        /* Finally compare id */
+        return v != VIRTUALIZATION_NONE && streq(c->parameter, virtualization_to_string(v));
+}
+
+static int condition_test_architecture(Condition *c) {
+        int a, b;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_ARCHITECTURE);
+
+        a = uname_architecture();
+        if (a < 0)
+                return a;
+
+        if (streq(c->parameter, "native"))
+                b = native_architecture();
+        else
+                b = architecture_from_string(c->parameter);
+        if (b < 0)
+                return b;
+
+        return a == b;
+}
+
+static int condition_test_host(Condition *c) {
+        _cleanup_free_ char *h = NULL;
+        sd_id128_t x, y;
+        int r;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_HOST);
+
+        if (sd_id128_from_string(c->parameter, &x) >= 0) {
+
+                r = sd_id128_get_machine(&y);
+                if (r < 0)
+                        return r;
+
+                return sd_id128_equal(x, y);
+        }
+
+        h = gethostname_malloc();
+        if (!h)
+                return -ENOMEM;
+
+        return fnmatch(c->parameter, h, FNM_CASEFOLD) == 0;
+}
+
+static int condition_test_ac_power(Condition *c) {
+        int r;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_AC_POWER);
+
+        r = parse_boolean(c->parameter);
+        if (r < 0)
+                return r;
+
+        return (on_ac_power() != 0) == !!r;
+}
+
+static int condition_test_security(Condition *c) {
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_SECURITY);
+
+        if (streq(c->parameter, "selinux"))
+                return mac_selinux_have();
+        if (streq(c->parameter, "smack"))
+                return mac_smack_use();
+        if (streq(c->parameter, "apparmor"))
+                return mac_apparmor_use();
+        if (streq(c->parameter, "audit"))
+                return use_audit();
+        if (streq(c->parameter, "ima"))
+                return use_ima();
+
+        return false;
+}
+
+static int condition_test_capability(Condition *c) {
+        _cleanup_fclose_ FILE *f = NULL;
+        int value;
+        char line[LINE_MAX];
+        unsigned long long capabilities = -1;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_CAPABILITY);
+
+        /* If it's an invalid capability, we don't have it */
+        value = capability_from_name(c->parameter);
+        if (value < 0)
+                return -EINVAL;
+
+        /* If it's a valid capability we default to assume
+         * that we have it */
+
+        f = fopen("/proc/self/status", "re");
+        if (!f)
+                return -errno;
+
+        while (fgets(line, sizeof(line), f)) {
+                truncate_nl(line);
+
+                if (startswith(line, "CapBnd:")) {
+                        (void) sscanf(line+7, "%llx", &capabilities);
+                        break;
+                }
+        }
+
+        return !!(capabilities & (1ULL << value));
+}
+
+static int condition_test_needs_update(Condition *c) {
+        const char *p;
+        struct stat usr, other;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_NEEDS_UPDATE);
+
+        /* If the file system is read-only we shouldn't suggest an update */
+        if (path_is_read_only_fs(c->parameter) > 0)
+                return false;
+
+        /* Any other failure means we should allow the condition to be true,
+         * so that we rather invoke too many update tools than too
+         * few. */
+
+        if (!path_is_absolute(c->parameter))
+                return true;
+
+        p = strjoina(c->parameter, "/.updated");
+        if (lstat(p, &other) < 0)
+                return true;
+
+        if (lstat("/usr/", &usr) < 0)
+                return true;
+
+        return usr.st_mtim.tv_sec > other.st_mtim.tv_sec ||
+                (usr.st_mtim.tv_sec == other.st_mtim.tv_sec && usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec);
+}
+
+static int condition_test_first_boot(Condition *c) {
+        int r;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_FIRST_BOOT);
+
+        r = parse_boolean(c->parameter);
+        if (r < 0)
+                return r;
+
+        return (access("/run/systemd/first-boot", F_OK) >= 0) == !!r;
+}
+
+static int condition_test_path_exists(Condition *c) {
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_PATH_EXISTS);
+
+        return access(c->parameter, F_OK) >= 0;
+}
+
+static int condition_test_path_exists_glob(Condition *c) {
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_PATH_EXISTS_GLOB);
+
+        return glob_exists(c->parameter) > 0;
+}
+
+static int condition_test_path_is_directory(Condition *c) {
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_PATH_IS_DIRECTORY);
+
+        return is_dir(c->parameter, true) > 0;
+}
+
+static int condition_test_path_is_symbolic_link(Condition *c) {
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_PATH_IS_SYMBOLIC_LINK);
+
+        return is_symlink(c->parameter) > 0;
+}
+
+static int condition_test_path_is_mount_point(Condition *c) {
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_PATH_IS_MOUNT_POINT);
+
+        return path_is_mount_point(c->parameter, AT_SYMLINK_FOLLOW) > 0;
+}
+
+static int condition_test_path_is_read_write(Condition *c) {
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_PATH_IS_READ_WRITE);
+
+        return path_is_read_only_fs(c->parameter) <= 0;
+}
+
+static int condition_test_directory_not_empty(Condition *c) {
+        int r;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_DIRECTORY_NOT_EMPTY);
+
+        r = dir_is_empty(c->parameter);
+        return r <= 0 && r != -ENOENT;
+}
+
+static int condition_test_file_not_empty(Condition *c) {
+        struct stat st;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_FILE_NOT_EMPTY);
+
+        return (stat(c->parameter, &st) >= 0 &&
+                S_ISREG(st.st_mode) &&
+                st.st_size > 0);
+}
+
+static int condition_test_file_is_executable(Condition *c) {
+        struct stat st;
+
+        assert(c);
+        assert(c->parameter);
+        assert(c->type == CONDITION_FILE_IS_EXECUTABLE);
+
+        return (stat(c->parameter, &st) >= 0 &&
+                S_ISREG(st.st_mode) &&
+                (st.st_mode & 0111));
+}
+
+static int condition_test_null(Condition *c) {
+        assert(c);
+        assert(c->type == CONDITION_NULL);
+
+        /* Note that during parsing we already evaluate the string and
+         * store it in c->negate */
+        return true;
+}
+
+int condition_test(Condition *c) {
+
+        static int (*const condition_tests[_CONDITION_TYPE_MAX])(Condition *c) = {
+                [CONDITION_PATH_EXISTS] = condition_test_path_exists,
+                [CONDITION_PATH_EXISTS_GLOB] = condition_test_path_exists_glob,
+                [CONDITION_PATH_IS_DIRECTORY] = condition_test_path_is_directory,
+                [CONDITION_PATH_IS_SYMBOLIC_LINK] = condition_test_path_is_symbolic_link,
+                [CONDITION_PATH_IS_MOUNT_POINT] = condition_test_path_is_mount_point,
+                [CONDITION_PATH_IS_READ_WRITE] = condition_test_path_is_read_write,
+                [CONDITION_DIRECTORY_NOT_EMPTY] = condition_test_directory_not_empty,
+                [CONDITION_FILE_NOT_EMPTY] = condition_test_file_not_empty,
+                [CONDITION_FILE_IS_EXECUTABLE] = condition_test_file_is_executable,
+                [CONDITION_KERNEL_COMMAND_LINE] = condition_test_kernel_command_line,
+                [CONDITION_VIRTUALIZATION] = condition_test_virtualization,
+                [CONDITION_SECURITY] = condition_test_security,
+                [CONDITION_CAPABILITY] = condition_test_capability,
+                [CONDITION_HOST] = condition_test_host,
+                [CONDITION_AC_POWER] = condition_test_ac_power,
+                [CONDITION_ARCHITECTURE] = condition_test_architecture,
+                [CONDITION_NEEDS_UPDATE] = condition_test_needs_update,
+                [CONDITION_FIRST_BOOT] = condition_test_first_boot,
+                [CONDITION_NULL] = condition_test_null,
+        };
+
+        int r, b;
+
+        assert(c);
+        assert(c->type >= 0);
+        assert(c->type < _CONDITION_TYPE_MAX);
+
+        r = condition_tests[c->type](c);
+        if (r < 0) {
+                c->result = CONDITION_ERROR;
+                return r;
+        }
+
+        b = (r > 0) == !c->negate;
+        c->result = b ? CONDITION_SUCCEEDED : CONDITION_FAILED;
+        return b;
+}
+
+void condition_dump(Condition *c, FILE *f, const char *prefix, const char *(*to_string)(ConditionType t)) {
+        assert(c);
+        assert(f);
+
+        if (!prefix)
+                prefix = "";
+
+        fprintf(f,
+                "%s\t%s: %s%s%s %s\n",
+                prefix,
+                to_string(c->type),
+                c->trigger ? "|" : "",
+                c->negate ? "!" : "",
+                c->parameter,
+                condition_result_to_string(c->result));
+}
+
+void condition_dump_list(Condition *first, FILE *f, const char *prefix, const char *(*to_string)(ConditionType t)) {
+        Condition *c;
+
+        LIST_FOREACH(conditions, c, first)
+                condition_dump(c, f, prefix, to_string);
+}
+
+static const char* const condition_type_table[_CONDITION_TYPE_MAX] = {
+        [CONDITION_ARCHITECTURE] = "ConditionArchitecture",
+        [CONDITION_VIRTUALIZATION] = "ConditionVirtualization",
+        [CONDITION_HOST] = "ConditionHost",
+        [CONDITION_KERNEL_COMMAND_LINE] = "ConditionKernelCommandLine",
+        [CONDITION_SECURITY] = "ConditionSecurity",
+        [CONDITION_CAPABILITY] = "ConditionCapability",
+        [CONDITION_AC_POWER] = "ConditionACPower",
+        [CONDITION_NEEDS_UPDATE] = "ConditionNeedsUpdate",
+        [CONDITION_FIRST_BOOT] = "ConditionFirstBoot",
+        [CONDITION_PATH_EXISTS] = "ConditionPathExists",
+        [CONDITION_PATH_EXISTS_GLOB] = "ConditionPathExistsGlob",
+        [CONDITION_PATH_IS_DIRECTORY] = "ConditionPathIsDirectory",
+        [CONDITION_PATH_IS_SYMBOLIC_LINK] = "ConditionPathIsSymbolicLink",
+        [CONDITION_PATH_IS_MOUNT_POINT] = "ConditionPathIsMountPoint",
+        [CONDITION_PATH_IS_READ_WRITE] = "ConditionPathIsReadWrite",
+        [CONDITION_DIRECTORY_NOT_EMPTY] = "ConditionDirectoryNotEmpty",
+        [CONDITION_FILE_NOT_EMPTY] = "ConditionFileNotEmpty",
+        [CONDITION_FILE_IS_EXECUTABLE] = "ConditionFileIsExecutable",
+        [CONDITION_NULL] = "ConditionNull"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(condition_type, ConditionType);
+
+static const char* const assert_type_table[_CONDITION_TYPE_MAX] = {
+        [CONDITION_ARCHITECTURE] = "AssertArchitecture",
+        [CONDITION_VIRTUALIZATION] = "AssertVirtualization",
+        [CONDITION_HOST] = "AssertHost",
+        [CONDITION_KERNEL_COMMAND_LINE] = "AssertKernelCommandLine",
+        [CONDITION_SECURITY] = "AssertSecurity",
+        [CONDITION_CAPABILITY] = "AssertCapability",
+        [CONDITION_AC_POWER] = "AssertACPower",
+        [CONDITION_NEEDS_UPDATE] = "AssertNeedsUpdate",
+        [CONDITION_FIRST_BOOT] = "AssertFirstBoot",
+        [CONDITION_PATH_EXISTS] = "AssertPathExists",
+        [CONDITION_PATH_EXISTS_GLOB] = "AssertPathExistsGlob",
+        [CONDITION_PATH_IS_DIRECTORY] = "AssertPathIsDirectory",
+        [CONDITION_PATH_IS_SYMBOLIC_LINK] = "AssertPathIsSymbolicLink",
+        [CONDITION_PATH_IS_MOUNT_POINT] = "AssertPathIsMountPoint",
+        [CONDITION_PATH_IS_READ_WRITE] = "AssertPathIsReadWrite",
+        [CONDITION_DIRECTORY_NOT_EMPTY] = "AssertDirectoryNotEmpty",
+        [CONDITION_FILE_NOT_EMPTY] = "AssertFileNotEmpty",
+        [CONDITION_FILE_IS_EXECUTABLE] = "AssertFileIsExecutable",
+        [CONDITION_NULL] = "AssertNull"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(assert_type, ConditionType);
+
+static const char* const condition_result_table[_CONDITION_RESULT_MAX] = {
+        [CONDITION_UNTESTED] = "untested",
+        [CONDITION_SUCCEEDED] = "succeeded",
+        [CONDITION_FAILED] = "failed",
+        [CONDITION_ERROR] = "error",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(condition_result, ConditionResult);
diff --git a/src/shared/condition.h b/src/libshared/condition.h
index bdda04b770..bdda04b770 100644
--- a/src/shared/condition.h
+++ b/src/libshared/condition.h
diff --git a/src/shared/conf-parser.c b/src/libshared/conf-parser.c
index 83be79a4f5..83be79a4f5 100644
--- a/src/shared/conf-parser.c
+++ b/src/libshared/conf-parser.c
diff --git a/src/shared/conf-parser.h b/src/libshared/conf-parser.h
index f6964e3fd4..f6964e3fd4 100644
--- a/src/shared/conf-parser.h
+++ b/src/libshared/conf-parser.h
diff --git a/src/shared/dev-setup.c b/src/libshared/dev-setup.c
index b2d464c117..b2d464c117 100644
--- a/src/shared/dev-setup.c
+++ b/src/libshared/dev-setup.c
diff --git a/src/shared/dev-setup.h b/src/libshared/dev-setup.h
index 5766a62060..5766a62060 100644
--- a/src/shared/dev-setup.h
+++ b/src/libshared/dev-setup.h
diff --git a/src/shared/dns-domain.c b/src/libshared/dns-domain.c
index 835557c6b2..835557c6b2 100644
--- a/src/shared/dns-domain.c
+++ b/src/libshared/dns-domain.c
diff --git a/src/shared/dns-domain.h b/src/libshared/dns-domain.h
index af780f0b8b..af780f0b8b 100644
--- a/src/shared/dns-domain.h
+++ b/src/libshared/dns-domain.h
diff --git a/src/shared/dropin.c b/src/libshared/dropin.c
index b9cd952ac8..b9cd952ac8 100644
--- a/src/shared/dropin.c
+++ b/src/libshared/dropin.c
diff --git a/src/shared/dropin.h b/src/libshared/dropin.h
index c1936f397b..c1936f397b 100644
--- a/src/shared/dropin.h
+++ b/src/libshared/dropin.h
diff --git a/src/libshared/efivars.c b/src/libshared/efivars.c
new file mode 100644
index 0000000000..5073c61740
--- /dev/null
+++ b/src/libshared/efivars.c
@@ -0,0 +1,715 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "dirent-util.h"
+#include "efivars.h"
+#include "fd-util.h"
+#include "io-util.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "stdio-util.h"
+#include "time-util.h"
+#include "utf8.h"
+#include "util.h"
+#include "virt.h"
+
+#ifdef ENABLE_EFI
+
+#define LOAD_OPTION_ACTIVE            0x00000001
+#define MEDIA_DEVICE_PATH                   0x04
+#define MEDIA_HARDDRIVE_DP                  0x01
+#define MEDIA_FILEPATH_DP                   0x04
+#define SIGNATURE_TYPE_GUID                 0x02
+#define MBR_TYPE_EFI_PARTITION_TABLE_HEADER 0x02
+#define END_DEVICE_PATH_TYPE                0x7f
+#define END_ENTIRE_DEVICE_PATH_SUBTYPE      0xff
+#define EFI_OS_INDICATIONS_BOOT_TO_FW_UI    0x0000000000000001
+
+struct boot_option {
+        uint32_t attr;
+        uint16_t path_len;
+        uint16_t title[];
+} _packed_;
+
+struct drive_path {
+        uint32_t part_nr;
+        uint64_t part_start;
+        uint64_t part_size;
+        char signature[16];
+        uint8_t mbr_type;
+        uint8_t signature_type;
+} _packed_;
+
+struct device_path {
+        uint8_t type;
+        uint8_t sub_type;
+        uint16_t length;
+        union {
+                uint16_t path[0];
+                struct drive_path drive;
+        };
+} _packed_;
+
+bool is_efi_boot(void) {
+        return access("/sys/firmware/efi", F_OK) >= 0;
+}
+
+static int read_flag(const char *varname) {
+        int r;
+        _cleanup_free_ void *v = NULL;
+        size_t s;
+        uint8_t b;
+
+        r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, NULL, &v, &s);
+        if (r < 0)
+                return r;
+
+        if (s != 1)
+                return -EINVAL;
+
+        b = *(uint8_t *)v;
+        r = b > 0;
+        return r;
+}
+
+bool is_efi_secure_boot(void) {
+        return read_flag("SecureBoot") > 0;
+}
+
+bool is_efi_secure_boot_setup_mode(void) {
+        return read_flag("SetupMode") > 0;
+}
+
+int efi_reboot_to_firmware_supported(void) {
+        int r;
+        size_t s;
+        uint64_t b;
+        _cleanup_free_ void *v = NULL;
+
+        if (!is_efi_boot() || detect_container() > 0)
+                return -EOPNOTSUPP;
+
+        r = efi_get_variable(EFI_VENDOR_GLOBAL, "OsIndicationsSupported", NULL, &v, &s);
+        if (r < 0)
+                return r;
+        else if (s != sizeof(uint64_t))
+                return -EINVAL;
+
+        b = *(uint64_t *)v;
+        b &= EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
+        return b > 0 ? 0 : -EOPNOTSUPP;
+}
+
+static int get_os_indications(uint64_t *os_indication) {
+        int r;
+        size_t s;
+        _cleanup_free_ void *v = NULL;
+
+        r = efi_reboot_to_firmware_supported();
+        if (r < 0)
+                return r;
+
+        r = efi_get_variable(EFI_VENDOR_GLOBAL, "OsIndications", NULL, &v, &s);
+        if (r == -ENOENT) {
+                /* Some firmware implementations that do support
+                 * OsIndications and report that with
+                 * OsIndicationsSupported will remove the
+                 * OsIndications variable when it is unset. Let's
+                 * pretend it's 0 then, to hide this implementation
+                 * detail. Note that this call will return -ENOENT
+                 * then only if the support for OsIndications is
+                 * missing entirely, as determined by
+                 * efi_reboot_to_firmware_supported() above. */
+                *os_indication = 0;
+                return 0;
+        } else if (r < 0)
+                return r;
+        else if (s != sizeof(uint64_t))
+                return -EINVAL;
+
+        *os_indication = *(uint64_t *)v;
+        return 0;
+}
+
+int efi_get_reboot_to_firmware(void) {
+        int r;
+        uint64_t b;
+
+        r = get_os_indications(&b);
+        if (r < 0)
+                return r;
+
+        return !!(b & EFI_OS_INDICATIONS_BOOT_TO_FW_UI);
+}
+
+int efi_set_reboot_to_firmware(bool value) {
+        int r;
+        uint64_t b, b_new;
+
+        r = get_os_indications(&b);
+        if (r < 0)
+                return r;
+
+        if (value)
+                b_new = b | EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
+        else
+                b_new = b & ~EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
+
+        /* Avoid writing to efi vars store if we can due to firmware bugs. */
+        if (b != b_new)
+                return efi_set_variable(EFI_VENDOR_GLOBAL, "OsIndications", &b_new, sizeof(uint64_t));
+
+        return 0;
+}
+
+int efi_get_variable(
+                sd_id128_t vendor,
+                const char *name,
+                uint32_t *attribute,
+                void **value,
+                size_t *size) {
+
+        _cleanup_close_ int fd = -1;
+        _cleanup_free_ char *p = NULL;
+        uint32_t a;
+        ssize_t n;
+        struct stat st;
+        _cleanup_free_ void *buf = NULL;
+
+        assert(name);
+        assert(value);
+        assert(size);
+
+        if (asprintf(&p,
+                     "/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                     name, SD_ID128_FORMAT_VAL(vendor)) < 0)
+                return -ENOMEM;
+
+        fd = open(p, O_RDONLY|O_NOCTTY|O_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        if (fstat(fd, &st) < 0)
+                return -errno;
+        if (st.st_size < 4)
+                return -EIO;
+        if (st.st_size > 4*1024*1024 + 4)
+                return -E2BIG;
+
+        n = read(fd, &a, sizeof(a));
+        if (n < 0)
+                return -errno;
+        if (n != sizeof(a))
+                return -EIO;
+
+        buf = malloc(st.st_size - 4 + 2);
+        if (!buf)
+                return -ENOMEM;
+
+        n = read(fd, buf, (size_t) st.st_size - 4);
+        if (n < 0)
+                return -errno;
+        if (n != (ssize_t) st.st_size - 4)
+                return -EIO;
+
+        /* Always NUL terminate (2 bytes, to protect UTF-16) */
+        ((char*) buf)[st.st_size - 4] = 0;
+        ((char*) buf)[st.st_size - 4 + 1] = 0;
+
+        *value = buf;
+        buf = NULL;
+        *size = (size_t) st.st_size - 4;
+
+        if (attribute)
+                *attribute = a;
+
+        return 0;
+}
+
+int efi_set_variable(
+                sd_id128_t vendor,
+                const char *name,
+                const void *value,
+                size_t size) {
+
+        struct var {
+                uint32_t attr;
+                char buf[];
+        } _packed_ * _cleanup_free_ buf = NULL;
+        _cleanup_free_ char *p = NULL;
+        _cleanup_close_ int fd = -1;
+
+        assert(name);
+
+        if (asprintf(&p,
+                     "/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                     name, SD_ID128_FORMAT_VAL(vendor)) < 0)
+                return -ENOMEM;
+
+        if (size == 0) {
+                if (unlink(p) < 0)
+                        return -errno;
+                return 0;
+        }
+
+        fd = open(p, O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0644);
+        if (fd < 0)
+                return -errno;
+
+        buf = malloc(sizeof(uint32_t) + size);
+        if (!buf)
+                return -ENOMEM;
+
+        buf->attr = EFI_VARIABLE_NON_VOLATILE|EFI_VARIABLE_BOOTSERVICE_ACCESS|EFI_VARIABLE_RUNTIME_ACCESS;
+        memcpy(buf->buf, value, size);
+
+        return loop_write(fd, buf, sizeof(uint32_t) + size, false);
+}
+
+int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p) {
+        _cleanup_free_ void *s = NULL;
+        size_t ss = 0;
+        int r;
+        char *x;
+
+        r = efi_get_variable(vendor, name, NULL, &s, &ss);
+        if (r < 0)
+                return r;
+
+        x = utf16_to_utf8(s, ss);
+        if (!x)
+                return -ENOMEM;
+
+        *p = x;
+        return 0;
+}
+
+static size_t utf16_size(const uint16_t *s) {
+        size_t l = 0;
+
+        while (s[l] > 0)
+                l++;
+
+        return (l+1) * sizeof(uint16_t);
+}
+
+static void efi_guid_to_id128(const void *guid, sd_id128_t *id128) {
+        struct uuid {
+                uint32_t u1;
+                uint16_t u2;
+                uint16_t u3;
+                uint8_t u4[8];
+        } _packed_;
+        const struct uuid *uuid = guid;
+
+        id128->bytes[0] = (uuid->u1 >> 24) & 0xff;
+        id128->bytes[1] = (uuid->u1 >> 16) & 0xff;
+        id128->bytes[2] = (uuid->u1 >> 8) & 0xff;
+        id128->bytes[3] = (uuid->u1) & 0xff;
+        id128->bytes[4] = (uuid->u2 >> 8) & 0xff;
+        id128->bytes[5] = (uuid->u2) & 0xff;
+        id128->bytes[6] = (uuid->u3 >> 8) & 0xff;
+        id128->bytes[7] = (uuid->u3) & 0xff;
+        memcpy(&id128->bytes[8], uuid->u4, sizeof(uuid->u4));
+}
+
+int efi_get_boot_option(
+                uint16_t id,
+                char **title,
+                sd_id128_t *part_uuid,
+                char **path,
+                bool *active) {
+
+        char boot_id[9];
+        _cleanup_free_ uint8_t *buf = NULL;
+        size_t l;
+        struct boot_option *header;
+        size_t title_size;
+        _cleanup_free_ char *s = NULL, *p = NULL;
+        sd_id128_t p_uuid = SD_ID128_NULL;
+        int r;
+
+        xsprintf(boot_id, "Boot%04X", id);
+        r = efi_get_variable(EFI_VENDOR_GLOBAL, boot_id, NULL, (void **)&buf, &l);
+        if (r < 0)
+                return r;
+        if (l < sizeof(struct boot_option))
+                return -ENOENT;
+
+        header = (struct boot_option *)buf;
+        title_size = utf16_size(header->title);
+        if (title_size > l - offsetof(struct boot_option, title))
+                return -EINVAL;
+
+        if (title) {
+                s = utf16_to_utf8(header->title, title_size);
+                if (!s)
+                        return -ENOMEM;
+        }
+
+        if (header->path_len > 0) {
+                uint8_t *dbuf;
+                size_t dnext;
+
+                dbuf = buf + offsetof(struct boot_option, title) + title_size;
+                dnext = 0;
+                while (dnext < header->path_len) {
+                        struct device_path *dpath;
+
+                        dpath = (struct device_path *)(dbuf + dnext);
+                        if (dpath->length < 4)
+                                break;
+
+                        /* Type 0x7F – End of Hardware Device Path, Sub-Type 0xFF – End Entire Device Path */
+                        if (dpath->type == END_DEVICE_PATH_TYPE && dpath->sub_type == END_ENTIRE_DEVICE_PATH_SUBTYPE)
+                                break;
+
+                        dnext += dpath->length;
+
+                        /* Type 0x04 – Media Device Path */
+                        if (dpath->type != MEDIA_DEVICE_PATH)
+                                continue;
+
+                        /* Sub-Type 1 – Hard Drive */
+                        if (dpath->sub_type == MEDIA_HARDDRIVE_DP) {
+                                /* 0x02 – GUID Partition Table */
+                                if (dpath->drive.mbr_type != MBR_TYPE_EFI_PARTITION_TABLE_HEADER)
+                                        continue;
+
+                                /* 0x02 – GUID signature */
+                                if (dpath->drive.signature_type != SIGNATURE_TYPE_GUID)
+                                        continue;
+
+                                if (part_uuid)
+                                        efi_guid_to_id128(dpath->drive.signature, &p_uuid);
+                                continue;
+                        }
+
+                        /* Sub-Type 4 – File Path */
+                        if (dpath->sub_type == MEDIA_FILEPATH_DP && !p && path) {
+                                p = utf16_to_utf8(dpath->path, dpath->length-4);
+                                efi_tilt_backslashes(p);
+                                continue;
+                        }
+                }
+        }
+
+        if (title) {
+                *title = s;
+                s = NULL;
+        }
+        if (part_uuid)
+                *part_uuid = p_uuid;
+        if (path) {
+                *path = p;
+                p = NULL;
+        }
+        if (active)
+                *active = !!(header->attr & LOAD_OPTION_ACTIVE);
+
+        return 0;
+}
+
+static void to_utf16(uint16_t *dest, const char *src) {
+        int i;
+
+        for (i = 0; src[i] != '\0'; i++)
+                dest[i] = src[i];
+        dest[i] = '\0';
+}
+
+struct guid {
+        uint32_t u1;
+        uint16_t u2;
+        uint16_t u3;
+        uint8_t u4[8];
+} _packed_;
+
+static void id128_to_efi_guid(sd_id128_t id, void *guid) {
+        struct guid *uuid = guid;
+
+        uuid->u1 = id.bytes[0] << 24 | id.bytes[1] << 16 | id.bytes[2] << 8 | id.bytes[3];
+        uuid->u2 = id.bytes[4] << 8 | id.bytes[5];
+        uuid->u3 = id.bytes[6] << 8 | id.bytes[7];
+        memcpy(uuid->u4, id.bytes+8, sizeof(uuid->u4));
+}
+
+static uint16_t *tilt_slashes(uint16_t *s) {
+        uint16_t *p;
+
+        for (p = s; *p; p++)
+                if (*p == '/')
+                        *p = '\\';
+
+        return s;
+}
+
+int efi_add_boot_option(uint16_t id, const char *title,
+                        uint32_t part, uint64_t pstart, uint64_t psize,
+                        sd_id128_t part_uuid, const char *path) {
+        char boot_id[9];
+        size_t size;
+        size_t title_len;
+        size_t path_len;
+        struct boot_option *option;
+        struct device_path *devicep;
+        _cleanup_free_ char *buf = NULL;
+
+        title_len = (strlen(title)+1) * 2;
+        path_len = (strlen(path)+1) * 2;
+
+        buf = calloc(sizeof(struct boot_option) + title_len +
+                     sizeof(struct drive_path) +
+                     sizeof(struct device_path) + path_len, 1);
+        if (!buf)
+                return -ENOMEM;
+
+        /* header */
+        option = (struct boot_option *)buf;
+        option->attr = LOAD_OPTION_ACTIVE;
+        option->path_len = offsetof(struct device_path, drive) + sizeof(struct drive_path) +
+                           offsetof(struct device_path, path) + path_len +
+                           offsetof(struct device_path, path);
+        to_utf16(option->title, title);
+        size = offsetof(struct boot_option, title) + title_len;
+
+        /* partition info */
+        devicep = (struct device_path *)(buf + size);
+        devicep->type = MEDIA_DEVICE_PATH;
+        devicep->sub_type = MEDIA_HARDDRIVE_DP;
+        devicep->length = offsetof(struct device_path, drive) + sizeof(struct drive_path);
+        devicep->drive.part_nr = part;
+        devicep->drive.part_start = pstart;
+        devicep->drive.part_size = psize;
+        devicep->drive.signature_type = SIGNATURE_TYPE_GUID;
+        devicep->drive.mbr_type = MBR_TYPE_EFI_PARTITION_TABLE_HEADER;
+        id128_to_efi_guid(part_uuid, devicep->drive.signature);
+        size += devicep->length;
+
+        /* path to loader */
+        devicep = (struct device_path *)(buf + size);
+        devicep->type = MEDIA_DEVICE_PATH;
+        devicep->sub_type = MEDIA_FILEPATH_DP;
+        devicep->length = offsetof(struct device_path, path) + path_len;
+        to_utf16(devicep->path, path);
+        tilt_slashes(devicep->path);
+        size += devicep->length;
+
+        /* end of path */
+        devicep = (struct device_path *)(buf + size);
+        devicep->type = END_DEVICE_PATH_TYPE;
+        devicep->sub_type = END_ENTIRE_DEVICE_PATH_SUBTYPE;
+        devicep->length = offsetof(struct device_path, path);
+        size += devicep->length;
+
+        xsprintf(boot_id, "Boot%04X", id);
+        return efi_set_variable(EFI_VENDOR_GLOBAL, boot_id, buf, size);
+}
+
+int efi_remove_boot_option(uint16_t id) {
+        char boot_id[9];
+
+        xsprintf(boot_id, "Boot%04X", id);
+        return efi_set_variable(EFI_VENDOR_GLOBAL, boot_id, NULL, 0);
+}
+
+int efi_get_boot_order(uint16_t **order) {
+        _cleanup_free_ void *buf = NULL;
+        size_t l;
+        int r;
+
+        r = efi_get_variable(EFI_VENDOR_GLOBAL, "BootOrder", NULL, &buf, &l);
+        if (r < 0)
+                return r;
+
+        if (l <= 0)
+                return -ENOENT;
+
+        if (l % sizeof(uint16_t) > 0 ||
+            l / sizeof(uint16_t) > INT_MAX)
+                return -EINVAL;
+
+        *order = buf;
+        buf = NULL;
+        return (int) (l / sizeof(uint16_t));
+}
+
+int efi_set_boot_order(uint16_t *order, size_t n) {
+        return efi_set_variable(EFI_VENDOR_GLOBAL, "BootOrder", order, n * sizeof(uint16_t));
+}
+
+static int boot_id_hex(const char s[4]) {
+        int i;
+        int id = 0;
+
+        for (i = 0; i < 4; i++)
+                if (s[i] >= '0' && s[i] <= '9')
+                        id |= (s[i] - '0') << (3 - i) * 4;
+                else if (s[i] >= 'A' && s[i] <= 'F')
+                        id |= (s[i] - 'A' + 10) << (3 - i) * 4;
+                else
+                        return -EINVAL;
+
+        return id;
+}
+
+static int cmp_uint16(const void *_a, const void *_b) {
+        const uint16_t *a = _a, *b = _b;
+
+        return (int)*a - (int)*b;
+}
+
+int efi_get_boot_options(uint16_t **options) {
+        _cleanup_closedir_ DIR *dir = NULL;
+        struct dirent *de;
+        _cleanup_free_ uint16_t *list = NULL;
+        size_t alloc = 0;
+        int count = 0;
+
+        assert(options);
+
+        dir = opendir("/sys/firmware/efi/efivars/");
+        if (!dir)
+                return -errno;
+
+        FOREACH_DIRENT(de, dir, return -errno) {
+                int id;
+
+                if (strncmp(de->d_name, "Boot", 4) != 0)
+                        continue;
+
+                if (strlen(de->d_name) != 45)
+                        continue;
+
+                if (strcmp(de->d_name + 8, "-8be4df61-93ca-11d2-aa0d-00e098032b8c") != 0)
+                        continue;
+
+                id = boot_id_hex(de->d_name + 4);
+                if (id < 0)
+                        continue;
+
+                if (!GREEDY_REALLOC(list, alloc, count + 1))
+                        return -ENOMEM;
+
+                list[count++] = id;
+        }
+
+        qsort_safe(list, count, sizeof(uint16_t), cmp_uint16);
+
+        *options = list;
+        list = NULL;
+        return count;
+}
+
+static int read_usec(sd_id128_t vendor, const char *name, usec_t *u) {
+        _cleanup_free_ char *j = NULL;
+        int r;
+        uint64_t x = 0;
+
+        assert(name);
+        assert(u);
+
+        r = efi_get_variable_string(EFI_VENDOR_LOADER, name, &j);
+        if (r < 0)
+                return r;
+
+        r = safe_atou64(j, &x);
+        if (r < 0)
+                return r;
+
+        *u = x;
+        return 0;
+}
+
+int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader) {
+        uint64_t x, y;
+        int r;
+
+        assert(firmware);
+        assert(loader);
+
+        r = read_usec(EFI_VENDOR_LOADER, "LoaderTimeInitUSec", &x);
+        if (r < 0)
+                return r;
+
+        r = read_usec(EFI_VENDOR_LOADER, "LoaderTimeExecUSec", &y);
+        if (r < 0)
+                return r;
+
+        if (y == 0 || y < x)
+                return -EIO;
+
+        if (y > USEC_PER_HOUR)
+                return -EIO;
+
+        *firmware = x;
+        *loader = y;
+
+        return 0;
+}
+
+int efi_loader_get_device_part_uuid(sd_id128_t *u) {
+        _cleanup_free_ char *p = NULL;
+        int r, parsed[16];
+
+        r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderDevicePartUUID", &p);
+        if (r < 0)
+                return r;
+
+        if (sscanf(p, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                   &parsed[0], &parsed[1], &parsed[2], &parsed[3],
+                   &parsed[4], &parsed[5], &parsed[6], &parsed[7],
+                   &parsed[8], &parsed[9], &parsed[10], &parsed[11],
+                   &parsed[12], &parsed[13], &parsed[14], &parsed[15]) != 16)
+                return -EIO;
+
+        if (u) {
+                unsigned i;
+
+                for (i = 0; i < ELEMENTSOF(parsed); i++)
+                        u->bytes[i] = parsed[i];
+        }
+
+        return 0;
+}
+
+#endif
+
+char *efi_tilt_backslashes(char *s) {
+        char *p;
+
+        for (p = s; *p; p++)
+                if (*p == '\\')
+                        *p = '/';
+
+        return s;
+}
diff --git a/src/libshared/efivars.h b/src/libshared/efivars.h
new file mode 100644
index 0000000000..243151f922
--- /dev/null
+++ b/src/libshared/efivars.h
@@ -0,0 +1,131 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <systemd/sd-id128.h>
+
+#include "time-util.h"
+
+#define EFI_VENDOR_LOADER SD_ID128_MAKE(4a,67,b0,82,0a,4c,41,cf,b6,c7,44,0b,29,bb,8c,4f)
+#define EFI_VENDOR_GLOBAL SD_ID128_MAKE(8b,e4,df,61,93,ca,11,d2,aa,0d,00,e0,98,03,2b,8c)
+#define EFI_VARIABLE_NON_VOLATILE       0x0000000000000001
+#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x0000000000000002
+#define EFI_VARIABLE_RUNTIME_ACCESS     0x0000000000000004
+
+#ifdef ENABLE_EFI
+
+bool is_efi_boot(void);
+bool is_efi_secure_boot(void);
+bool is_efi_secure_boot_setup_mode(void);
+int efi_reboot_to_firmware_supported(void);
+int efi_get_reboot_to_firmware(void);
+int efi_set_reboot_to_firmware(bool value);
+
+int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size);
+int efi_set_variable(sd_id128_t vendor, const char *name, const void *value, size_t size);
+int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p);
+
+int efi_get_boot_option(uint16_t nr, char **title, sd_id128_t *part_uuid, char **path, bool *active);
+int efi_add_boot_option(uint16_t id, const char *title, uint32_t part, uint64_t pstart, uint64_t psize, sd_id128_t part_uuid, const char *path);
+int efi_remove_boot_option(uint16_t id);
+int efi_get_boot_order(uint16_t **order);
+int efi_set_boot_order(uint16_t *order, size_t n);
+int efi_get_boot_options(uint16_t **options);
+
+int efi_loader_get_device_part_uuid(sd_id128_t *u);
+int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader);
+
+#else
+
+static inline bool is_efi_boot(void) {
+        return false;
+}
+
+static inline bool is_efi_secure_boot(void) {
+        return false;
+}
+
+static inline bool is_efi_secure_boot_setup_mode(void) {
+        return false;
+}
+
+static inline int efi_reboot_to_firmware_supported(void) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_get_reboot_to_firmware(void) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_set_reboot_to_firmware(bool value) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_set_variable(sd_id128_t vendor, const char *name, const void *value, size_t size) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_get_boot_option(uint16_t nr, char **title, sd_id128_t *part_uuid, char **path, bool *active) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_add_boot_option(uint16_t id, const char *title, uint32_t part, uint64_t pstart, uint64_t psize, sd_id128_t part_uuid, const char *path) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_remove_boot_option(uint16_t id) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_get_boot_order(uint16_t **order) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_set_boot_order(uint16_t *order, size_t n) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_get_boot_options(uint16_t **options) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_loader_get_device_part_uuid(sd_id128_t *u) {
+        return -EOPNOTSUPP;
+}
+
+static inline int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader) {
+        return -EOPNOTSUPP;
+}
+
+#endif
+
+char *efi_tilt_backslashes(char *s);
diff --git a/src/shared/fstab-util.c b/src/libshared/fstab-util.c
index a4e0cd3267..a4e0cd3267 100644
--- a/src/shared/fstab-util.c
+++ b/src/libshared/fstab-util.c
diff --git a/src/shared/fstab-util.h b/src/libshared/fstab-util.h
index 679f6902f7..679f6902f7 100644
--- a/src/shared/fstab-util.h
+++ b/src/libshared/fstab-util.h
diff --git a/src/shared/gcrypt-util.c b/src/libshared/gcrypt-util.c
index 39b544b6f0..39b544b6f0 100644
--- a/src/shared/gcrypt-util.c
+++ b/src/libshared/gcrypt-util.c
diff --git a/src/shared/gcrypt-util.h b/src/libshared/gcrypt-util.h
index cf33b3c59c..cf33b3c59c 100644
--- a/src/shared/gcrypt-util.h
+++ b/src/libshared/gcrypt-util.h
diff --git a/src/shared/generator.c b/src/libshared/generator.c
index 70afc6a285..70afc6a285 100644
--- a/src/shared/generator.c
+++ b/src/libshared/generator.c
diff --git a/src/shared/generator.h b/src/libshared/generator.h
index a6017c1b76..a6017c1b76 100644
--- a/src/shared/generator.h
+++ b/src/libshared/generator.h
diff --git a/src/libshared/gpt.h b/src/libshared/gpt.h
new file mode 100644
index 0000000000..07153b51f4
--- /dev/null
+++ b/src/libshared/gpt.h
@@ -0,0 +1,66 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <endian.h>
+
+#include <systemd/sd-id128.h>
+
+/* We only support root disk discovery for x86, x86-64, Itanium and ARM for
+ * now, since EFI for anything else doesn't really exist, and we only
+ * care for root partitions on the same disk as the EFI ESP. */
+
+#define GPT_ROOT_X86    SD_ID128_MAKE(44,47,95,40,f2,97,41,b2,9a,f7,d1,31,d5,f0,45,8a)
+#define GPT_ROOT_X86_64 SD_ID128_MAKE(4f,68,bc,e3,e8,cd,4d,b1,96,e7,fb,ca,f9,84,b7,09)
+#define GPT_ROOT_ARM    SD_ID128_MAKE(69,da,d7,10,2c,e4,4e,3c,b1,6c,21,a1,d4,9a,be,d3)
+#define GPT_ROOT_ARM_64 SD_ID128_MAKE(b9,21,b0,45,1d,f0,41,c3,af,44,4c,6f,28,0d,3f,ae)
+#define GPT_ROOT_IA64   SD_ID128_MAKE(99,3d,8d,3d,f8,0e,42,25,85,5a,9d,af,8e,d7,ea,97)
+
+#define GPT_ESP         SD_ID128_MAKE(c1,2a,73,28,f8,1f,11,d2,ba,4b,00,a0,c9,3e,c9,3b)
+#define GPT_SWAP        SD_ID128_MAKE(06,57,fd,6d,a4,ab,43,c4,84,e5,09,33,c8,4b,4f,4f)
+#define GPT_HOME        SD_ID128_MAKE(93,3a,c7,e1,2e,b4,4f,13,b8,44,0e,14,e2,ae,f9,15)
+#define GPT_SRV         SD_ID128_MAKE(3b,8f,84,25,20,e0,4f,3b,90,7f,1a,25,a7,6f,98,e8)
+
+#if defined(__x86_64__)
+#  define GPT_ROOT_NATIVE GPT_ROOT_X86_64
+#  define GPT_ROOT_SECONDARY GPT_ROOT_X86
+#elif defined(__i386__)
+#  define GPT_ROOT_NATIVE GPT_ROOT_X86
+#endif
+
+#if defined(__ia64__)
+#  define GPT_ROOT_NATIVE GPT_ROOT_IA64
+#endif
+
+#if defined(__aarch64__) && (__BYTE_ORDER != __BIG_ENDIAN)
+#  define GPT_ROOT_NATIVE GPT_ROOT_ARM_64
+#  define GPT_ROOT_SECONDARY GPT_ROOT_ARM
+#elif defined(__arm__) && (__BYTE_ORDER != __BIG_ENDIAN)
+#  define GPT_ROOT_NATIVE GPT_ROOT_ARM
+#endif
+
+/* Flags we recognize on the root, swap, home and srv partitions when
+ * doing auto-discovery. These happen to be identical to what
+ * Microsoft defines for its own Basic Data Partitions, but that's
+ * just because we saw no point in defining any other values here. */
+#define GPT_FLAG_READ_ONLY (1ULL << 60)
+#define GPT_FLAG_NO_AUTO (1ULL << 63)
+
+#define GPT_LINUX_GENERIC SD_ID128_MAKE(0f,c6,3d,af,84,83,47,72,8e,79,3d,69,d8,47,7d,e4)
diff --git a/src/shared/ima-util.c b/src/libshared/ima-util.c
index 789064d653..789064d653 100644
--- a/src/shared/ima-util.c
+++ b/src/libshared/ima-util.c
diff --git a/src/shared/ima-util.h b/src/libshared/ima-util.h
index 5be94761fd..5be94761fd 100644
--- a/src/shared/ima-util.h
+++ b/src/libshared/ima-util.h
diff --git a/src/shared/import-util.c b/src/libshared/import-util.c
index ab701ad8b2..ab701ad8b2 100644
--- a/src/shared/import-util.c
+++ b/src/libshared/import-util.c
diff --git a/src/shared/import-util.h b/src/libshared/import-util.h
index 77b17d91f3..77b17d91f3 100644
--- a/src/shared/import-util.h
+++ b/src/libshared/import-util.h
diff --git a/src/shared/initreq.h b/src/libshared/initreq.h
index 710037d84b..710037d84b 100644
--- a/src/shared/initreq.h
+++ b/src/libshared/initreq.h
diff --git a/src/shared/install-printf.c b/src/libshared/install-printf.c
index 88143361da..88143361da 100644
--- a/src/shared/install-printf.c
+++ b/src/libshared/install-printf.c
diff --git a/src/shared/install-printf.h b/src/libshared/install-printf.h
index 8a570fc265..8a570fc265 100644
--- a/src/shared/install-printf.h
+++ b/src/libshared/install-printf.h
diff --git a/src/shared/install.c b/src/libshared/install.c
index 64d66a45d3..64d66a45d3 100644
--- a/src/shared/install.c
+++ b/src/libshared/install.c
diff --git a/src/shared/install.h b/src/libshared/install.h
index c6aa4f6ef1..c6aa4f6ef1 100644
--- a/src/shared/install.h
+++ b/src/libshared/install.h
diff --git a/src/libshared/local-addresses.c b/src/libshared/local-addresses.c
new file mode 100644
index 0000000000..1abce75b01
--- /dev/null
+++ b/src/libshared/local-addresses.c
@@ -0,0 +1,275 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2011 Lennart Poettering
+  Copyright 2014 Tom Gundersen
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "local-addresses.h"
+#include "macro.h"
+#include "netlink-util.h"
+
+static int address_compare(const void *_a, const void *_b) {
+        const struct local_address *a = _a, *b = _b;
+
+        /* Order lowest scope first, IPv4 before IPv6, lowest interface index first */
+
+        if (a->family == AF_INET && b->family == AF_INET6)
+                return -1;
+        if (a->family == AF_INET6 && b->family == AF_INET)
+                return 1;
+
+        if (a->scope < b->scope)
+                return -1;
+        if (a->scope > b->scope)
+                return 1;
+
+        if (a->metric < b->metric)
+                return -1;
+        if (a->metric > b->metric)
+                return 1;
+
+        if (a->ifindex < b->ifindex)
+                return -1;
+        if (a->ifindex > b->ifindex)
+                return 1;
+
+        return memcmp(&a->address, &b->address, FAMILY_ADDRESS_SIZE(a->family));
+}
+
+int local_addresses(sd_netlink *context, int ifindex, int af, struct local_address **ret) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_free_ struct local_address *list = NULL;
+        size_t n_list = 0, n_allocated = 0;
+        sd_netlink_message *m;
+        int r;
+
+        assert(ret);
+
+        if (context)
+                rtnl = sd_netlink_ref(context);
+        else {
+                r = sd_netlink_open(&rtnl);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_rtnl_message_new_addr(rtnl, &req, RTM_GETADDR, 0, af);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(rtnl, req, 0, &reply);
+        if (r < 0)
+                return r;
+
+        for (m = reply; m; m = sd_netlink_message_next(m)) {
+                struct local_address *a;
+                unsigned char flags;
+                uint16_t type;
+                int ifi, family;
+
+                r = sd_netlink_message_get_errno(m);
+                if (r < 0)
+                        return r;
+
+                r = sd_netlink_message_get_type(m, &type);
+                if (r < 0)
+                        return r;
+                if (type != RTM_NEWADDR)
+                        continue;
+
+                r = sd_rtnl_message_addr_get_ifindex(m, &ifi);
+                if (r < 0)
+                        return r;
+                if (ifindex > 0 && ifi != ifindex)
+                        continue;
+
+                r = sd_rtnl_message_addr_get_family(m, &family);
+                if (r < 0)
+                        return r;
+                if (af != AF_UNSPEC && af != family)
+                        continue;
+
+                r = sd_rtnl_message_addr_get_flags(m, &flags);
+                if (r < 0)
+                        return r;
+                if (flags & IFA_F_DEPRECATED)
+                        continue;
+
+                if (!GREEDY_REALLOC0(list, n_allocated, n_list+1))
+                        return -ENOMEM;
+
+                a = list + n_list;
+
+                r = sd_rtnl_message_addr_get_scope(m, &a->scope);
+                if (r < 0)
+                        return r;
+
+                if (ifindex == 0 && (a->scope == RT_SCOPE_HOST || a->scope == RT_SCOPE_NOWHERE))
+                        continue;
+
+                switch (family) {
+
+                case AF_INET:
+                        r = sd_netlink_message_read_in_addr(m, IFA_LOCAL, &a->address.in);
+                        if (r < 0) {
+                                r = sd_netlink_message_read_in_addr(m, IFA_ADDRESS, &a->address.in);
+                                if (r < 0)
+                                        continue;
+                        }
+                        break;
+
+                case AF_INET6:
+                        r = sd_netlink_message_read_in6_addr(m, IFA_LOCAL, &a->address.in6);
+                        if (r < 0) {
+                                r = sd_netlink_message_read_in6_addr(m, IFA_ADDRESS, &a->address.in6);
+                                if (r < 0)
+                                        continue;
+                        }
+                        break;
+
+                default:
+                        continue;
+                }
+
+                a->ifindex = ifi;
+                a->family = family;
+
+                n_list++;
+        };
+
+        qsort_safe(list, n_list, sizeof(struct local_address), address_compare);
+
+        *ret = list;
+        list = NULL;
+
+        return (int) n_list;
+}
+
+int local_gateways(sd_netlink *context, int ifindex, int af, struct local_address **ret) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_free_ struct local_address *list = NULL;
+        sd_netlink_message *m = NULL;
+        size_t n_list = 0, n_allocated = 0;
+        int r;
+
+        assert(ret);
+
+        if (context)
+                rtnl = sd_netlink_ref(context);
+        else {
+                r = sd_netlink_open(&rtnl);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_rtnl_message_new_route(rtnl, &req, RTM_GETROUTE, af, RTPROT_UNSPEC);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_request_dump(req, true);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(rtnl, req, 0, &reply);
+        if (r < 0)
+                return r;
+
+        for (m = reply; m; m = sd_netlink_message_next(m)) {
+                struct local_address *a;
+                uint16_t type;
+                unsigned char dst_len, src_len;
+                uint32_t ifi;
+                int family;
+
+                r = sd_netlink_message_get_errno(m);
+                if (r < 0)
+                        return r;
+
+                r = sd_netlink_message_get_type(m, &type);
+                if (r < 0)
+                        return r;
+                if (type != RTM_NEWROUTE)
+                        continue;
+
+                /* We only care for default routes */
+                r = sd_rtnl_message_route_get_dst_prefixlen(m, &dst_len);
+                if (r < 0)
+                        return r;
+                if (dst_len != 0)
+                        continue;
+
+                r = sd_rtnl_message_route_get_src_prefixlen(m, &src_len);
+                if (r < 0)
+                        return r;
+                if (src_len != 0)
+                        continue;
+
+                r = sd_netlink_message_read_u32(m, RTA_OIF, &ifi);
+                if (r < 0)
+                        return r;
+                if (ifindex > 0 && (int) ifi != ifindex)
+                        continue;
+
+                r = sd_rtnl_message_route_get_family(m, &family);
+                if (r < 0)
+                        return r;
+                if (af != AF_UNSPEC && af != family)
+                        continue;
+
+                if (!GREEDY_REALLOC0(list, n_allocated, n_list + 1))
+                        return -ENOMEM;
+
+                a = list + n_list;
+
+                switch (family) {
+                case AF_INET:
+                        r = sd_netlink_message_read_in_addr(m, RTA_GATEWAY, &a->address.in);
+                        if (r < 0)
+                                continue;
+
+                        break;
+                case AF_INET6:
+                        r = sd_netlink_message_read_in6_addr(m, RTA_GATEWAY, &a->address.in6);
+                        if (r < 0)
+                                continue;
+
+                        break;
+                default:
+                        continue;
+                }
+
+                sd_netlink_message_read_u32(m, RTA_PRIORITY, &a->metric);
+
+                a->ifindex = ifi;
+                a->family = family;
+
+                n_list++;
+        }
+
+        if (n_list > 0)
+                qsort(list, n_list, sizeof(struct local_address), address_compare);
+
+        *ret = list;
+        list = NULL;
+
+        return (int) n_list;
+}
diff --git a/src/libshared/local-addresses.h b/src/libshared/local-addresses.h
new file mode 100644
index 0000000000..1ddc50ace5
--- /dev/null
+++ b/src/libshared/local-addresses.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+
+#include <systemd/sd-netlink.h>
+
+#include "in-addr-util.h"
+
+struct local_address {
+        int family, ifindex;
+        unsigned char scope;
+        uint32_t metric;
+        union in_addr_union address;
+};
+
+int local_addresses(sd_netlink *rtnl, int ifindex, int af, struct local_address **ret);
+
+int local_gateways(sd_netlink *rtnl, int ifindex, int af, struct local_address **ret);
diff --git a/src/libshared/logs-show.c b/src/libshared/logs-show.c
new file mode 100644
index 0000000000..294fa3bede
--- /dev/null
+++ b/src/libshared/logs-show.c
@@ -0,0 +1,1310 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <syslog.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "hashmap.h"
+#include "hostname-util.h"
+#include "io-util.h"
+#include "journal-internal.h"
+#include "log.h"
+#include "logs-show.h"
+#include "macro.h"
+#include "output-mode.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "sparse-endian.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "terminal-util.h"
+#include "time-util.h"
+#include "utf8.h"
+#include "util.h"
+
+/* up to three lines (each up to 100 characters) or 300 characters, whichever is less */
+#define PRINT_LINE_THRESHOLD 3
+#define PRINT_CHAR_THRESHOLD 300
+
+#define JSON_THRESHOLD 4096
+
+static int print_catalog(FILE *f, sd_journal *j) {
+        int r;
+        _cleanup_free_ char *t = NULL, *z = NULL;
+
+
+        r = sd_journal_get_catalog(j, &t);
+        if (r < 0)
+                return r;
+
+        z = strreplace(strstrip(t), "\n", "\n-- ");
+        if (!z)
+                return log_oom();
+
+        fputs("-- ", f);
+        fputs(z, f);
+        fputc('\n', f);
+
+        return 0;
+}
+
+static int parse_field(const void *data, size_t length, const char *field, char **target, size_t *target_size) {
+        size_t fl, nl;
+        char *buf;
+
+        assert(data);
+        assert(field);
+        assert(target);
+
+        fl = strlen(field);
+        if (length < fl)
+                return 0;
+
+        if (memcmp(data, field, fl))
+                return 0;
+
+        nl = length - fl;
+        buf = new(char, nl+1);
+        if (!buf)
+                return log_oom();
+
+        memcpy(buf, (const char*) data + fl, nl);
+        buf[nl] = 0;
+
+        free(*target);
+        *target = buf;
+
+        if (target_size)
+                *target_size = nl;
+
+        return 1;
+}
+
+static bool shall_print(const char *p, size_t l, OutputFlags flags) {
+        assert(p);
+
+        if (flags & OUTPUT_SHOW_ALL)
+                return true;
+
+        if (l >= PRINT_CHAR_THRESHOLD)
+                return false;
+
+        if (!utf8_is_printable(p, l))
+                return false;
+
+        return true;
+}
+
+static bool print_multiline(FILE *f, unsigned prefix, unsigned n_columns, OutputFlags flags, int priority, const char* message, size_t message_len) {
+        const char *color_on = "", *color_off = "";
+        const char *pos, *end;
+        bool ellipsized = false;
+        int line = 0;
+
+        if (flags & OUTPUT_COLOR) {
+                if (priority <= LOG_ERR) {
+                        color_on = ANSI_HIGHLIGHT_RED;
+                        color_off = ANSI_NORMAL;
+                } else if (priority <= LOG_NOTICE) {
+                        color_on = ANSI_HIGHLIGHT;
+                        color_off = ANSI_NORMAL;
+                }
+        }
+
+        /* A special case: make sure that we print a newline when
+           the message is empty. */
+        if (message_len == 0)
+                fputs("\n", f);
+
+        for (pos = message;
+             pos < message + message_len;
+             pos = end + 1, line++) {
+                bool continuation = line > 0;
+                bool tail_line;
+                int len;
+                for (end = pos; end < message + message_len && *end != '\n'; end++)
+                        ;
+                len = end - pos;
+                assert(len >= 0);
+
+                /* We need to figure out when we are showing not-last line, *and*
+                 * will skip subsequent lines. In that case, we will put the dots
+                 * at the end of the line, instead of putting dots in the middle
+                 * or not at all.
+                 */
+                tail_line =
+                        line + 1 == PRINT_LINE_THRESHOLD ||
+                        end + 1 >= message + PRINT_CHAR_THRESHOLD;
+
+                if (flags & (OUTPUT_FULL_WIDTH | OUTPUT_SHOW_ALL) ||
+                    (prefix + len + 1 < n_columns && !tail_line)) {
+                        fprintf(f, "%*s%s%.*s%s\n",
+                                continuation * prefix, "",
+                                color_on, len, pos, color_off);
+                        continue;
+                }
+
+                /* Beyond this point, ellipsization will happen. */
+                ellipsized = true;
+
+                if (prefix < n_columns && n_columns - prefix >= 3) {
+                        if (n_columns - prefix > (unsigned) len + 3)
+                                fprintf(f, "%*s%s%.*s...%s\n",
+                                        continuation * prefix, "",
+                                        color_on, len, pos, color_off);
+                        else {
+                                _cleanup_free_ char *e;
+
+                                e = ellipsize_mem(pos, len, n_columns - prefix,
+                                                  tail_line ? 100 : 90);
+                                if (!e)
+                                        fprintf(f, "%*s%s%.*s%s\n",
+                                                continuation * prefix, "",
+                                                color_on, len, pos, color_off);
+                                else
+                                        fprintf(f, "%*s%s%s%s\n",
+                                                continuation * prefix, "",
+                                                color_on, e, color_off);
+                        }
+                } else
+                        fputs("...\n", f);
+
+                if (tail_line)
+                        break;
+        }
+
+        return ellipsized;
+}
+
+static int output_short(
+                FILE *f,
+                sd_journal *j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags) {
+
+        int r;
+        const void *data;
+        size_t length;
+        size_t n = 0;
+        _cleanup_free_ char *hostname = NULL, *identifier = NULL, *comm = NULL, *pid = NULL, *fake_pid = NULL, *message = NULL, *realtime = NULL, *monotonic = NULL, *priority = NULL;
+        size_t hostname_len = 0, identifier_len = 0, comm_len = 0, pid_len = 0, fake_pid_len = 0, message_len = 0, realtime_len = 0, monotonic_len = 0, priority_len = 0;
+        int p = LOG_INFO;
+        bool ellipsized = false;
+
+        assert(f);
+        assert(j);
+
+        /* Set the threshold to one bigger than the actual print
+         * threshold, so that if the line is actually longer than what
+         * we're willing to print, ellipsization will occur. This way
+         * we won't output a misleading line without any indication of
+         * truncation.
+         */
+        sd_journal_set_data_threshold(j, flags & (OUTPUT_SHOW_ALL|OUTPUT_FULL_WIDTH) ? 0 : PRINT_CHAR_THRESHOLD + 1);
+
+        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
+
+                r = parse_field(data, length, "PRIORITY=", &priority, &priority_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "_HOSTNAME=", &hostname, &hostname_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "SYSLOG_IDENTIFIER=", &identifier, &identifier_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "_COMM=", &comm, &comm_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "_PID=", &pid, &pid_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "SYSLOG_PID=", &fake_pid, &fake_pid_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "_SOURCE_REALTIME_TIMESTAMP=", &realtime, &realtime_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "_SOURCE_MONOTONIC_TIMESTAMP=", &monotonic, &monotonic_len);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_field(data, length, "MESSAGE=", &message, &message_len);
+                if (r < 0)
+                        return r;
+        }
+        if (r == -EBADMSG) {
+                log_debug_errno(r, "Skipping message we can't read: %m");
+                return 0;
+        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to get journal fields: %m");
+
+        if (!message) {
+                log_debug("Skipping message without MESSAGE= field.");
+                return 0;
+        }
+
+        if (!(flags & OUTPUT_SHOW_ALL))
+                strip_tab_ansi(&message, &message_len);
+
+        if (priority_len == 1 && *priority >= '0' && *priority <= '7')
+                p = *priority - '0';
+
+        if (mode == OUTPUT_SHORT_MONOTONIC) {
+                uint64_t t;
+                sd_id128_t boot_id;
+
+                r = -ENOENT;
+
+                if (monotonic)
+                        r = safe_atou64(monotonic, &t);
+
+                if (r < 0)
+                        r = sd_journal_get_monotonic_usec(j, &t, &boot_id);
+
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get monotonic timestamp: %m");
+
+                fprintf(f, "[%5llu.%06llu]",
+                        (unsigned long long) (t / USEC_PER_SEC),
+                        (unsigned long long) (t % USEC_PER_SEC));
+
+                n += 1 + 5 + 1 + 6 + 1;
+
+        } else {
+                char buf[64];
+                uint64_t x;
+                time_t t;
+                struct tm tm;
+                struct tm *(*gettime_r)(const time_t *, struct tm *);
+
+                r = -ENOENT;
+                gettime_r = (flags & OUTPUT_UTC) ? gmtime_r : localtime_r;
+
+                if (realtime)
+                        r = safe_atou64(realtime, &x);
+
+                if (r < 0)
+                        r = sd_journal_get_realtime_usec(j, &x);
+
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get realtime timestamp: %m");
+
+                t = (time_t) (x / USEC_PER_SEC);
+
+                switch (mode) {
+
+                case OUTPUT_SHORT_UNIX:
+                        r = snprintf(buf, sizeof(buf), "%10llu.%06llu", (unsigned long long) t, (unsigned long long) (x % USEC_PER_SEC));
+                        break;
+
+                case OUTPUT_SHORT_ISO:
+                        r = strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S%z", gettime_r(&t, &tm));
+                        break;
+
+                case OUTPUT_SHORT_PRECISE:
+                        r = strftime(buf, sizeof(buf), "%b %d %H:%M:%S", gettime_r(&t, &tm));
+                        if (r > 0)
+                                snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ".%06llu", (unsigned long long) (x % USEC_PER_SEC));
+                        break;
+
+                default:
+                        r = strftime(buf, sizeof(buf), "%b %d %H:%M:%S", gettime_r(&t, &tm));
+                }
+
+                if (r <= 0) {
+                        log_error("Failed to format time.");
+                        return -EINVAL;
+                }
+
+                fputs(buf, f);
+                n += strlen(buf);
+        }
+
+        if (hostname && (flags & OUTPUT_NO_HOSTNAME)) {
+                /* Suppress display of the hostname if this is requested. */
+                hostname = NULL;
+                hostname_len = 0;
+        }
+
+        if (hostname && shall_print(hostname, hostname_len, flags)) {
+                fprintf(f, " %.*s", (int) hostname_len, hostname);
+                n += hostname_len + 1;
+        }
+
+        if (identifier && shall_print(identifier, identifier_len, flags)) {
+                fprintf(f, " %.*s", (int) identifier_len, identifier);
+                n += identifier_len + 1;
+        } else if (comm && shall_print(comm, comm_len, flags)) {
+                fprintf(f, " %.*s", (int) comm_len, comm);
+                n += comm_len + 1;
+        } else
+                fputs(" unknown", f);
+
+        if (pid && shall_print(pid, pid_len, flags)) {
+                fprintf(f, "[%.*s]", (int) pid_len, pid);
+                n += pid_len + 2;
+        } else if (fake_pid && shall_print(fake_pid, fake_pid_len, flags)) {
+                fprintf(f, "[%.*s]", (int) fake_pid_len, fake_pid);
+                n += fake_pid_len + 2;
+        }
+
+        if (!(flags & OUTPUT_SHOW_ALL) && !utf8_is_printable(message, message_len)) {
+                char bytes[FORMAT_BYTES_MAX];
+                fprintf(f, ": [%s blob data]\n", format_bytes(bytes, sizeof(bytes), message_len));
+        } else {
+                fputs(": ", f);
+                ellipsized |=
+                        print_multiline(f, n + 2, n_columns, flags, p, message, message_len);
+        }
+
+        if (flags & OUTPUT_CATALOG)
+                print_catalog(f, j);
+
+        return ellipsized;
+}
+
+static int output_verbose(
+                FILE *f,
+                sd_journal *j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags) {
+
+        const void *data;
+        size_t length;
+        _cleanup_free_ char *cursor = NULL;
+        uint64_t realtime = 0;
+        char ts[FORMAT_TIMESTAMP_MAX + 7];
+        int r;
+
+        assert(f);
+        assert(j);
+
+        sd_journal_set_data_threshold(j, 0);
+
+        r = sd_journal_get_data(j, "_SOURCE_REALTIME_TIMESTAMP", &data, &length);
+        if (r == -ENOENT)
+                log_debug("Source realtime timestamp not found");
+        else if (r < 0)
+                return log_full_errno(r == -EADDRNOTAVAIL ? LOG_DEBUG : LOG_ERR, r, "Failed to get source realtime timestamp: %m");
+        else {
+                _cleanup_free_ char *value = NULL;
+
+                r = parse_field(data, length, "_SOURCE_REALTIME_TIMESTAMP=", &value, NULL);
+                if (r < 0)
+                        return r;
+                assert(r > 0);
+
+                r = safe_atou64(value, &realtime);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to parse realtime timestamp: %m");
+        }
+
+        if (r < 0) {
+                r = sd_journal_get_realtime_usec(j, &realtime);
+                if (r < 0)
+                        return log_full_errno(r == -EADDRNOTAVAIL ? LOG_DEBUG : LOG_ERR, r, "Failed to get realtime timestamp: %m");
+        }
+
+        r = sd_journal_get_cursor(j, &cursor);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get cursor: %m");
+
+        fprintf(f, "%s [%s]\n",
+                flags & OUTPUT_UTC ?
+                format_timestamp_us_utc(ts, sizeof(ts), realtime) :
+                format_timestamp_us(ts, sizeof(ts), realtime),
+                cursor);
+
+        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
+                const char *c;
+                int fieldlen;
+                const char *on = "", *off = "";
+
+                c = memchr(data, '=', length);
+                if (!c) {
+                        log_error("Invalid field.");
+                        return -EINVAL;
+                }
+                fieldlen = c - (const char*) data;
+
+                if (flags & OUTPUT_COLOR && startswith(data, "MESSAGE=")) {
+                        on = ANSI_HIGHLIGHT;
+                        off = ANSI_NORMAL;
+                }
+
+                if (flags & OUTPUT_SHOW_ALL ||
+                    (((length < PRINT_CHAR_THRESHOLD) || flags & OUTPUT_FULL_WIDTH)
+                     && utf8_is_printable(data, length))) {
+                        fprintf(f, "    %s%.*s=", on, fieldlen, (const char*)data);
+                        print_multiline(f, 4 + fieldlen + 1, 0, OUTPUT_FULL_WIDTH, 0, c + 1, length - fieldlen - 1);
+                        fputs(off, f);
+                } else {
+                        char bytes[FORMAT_BYTES_MAX];
+
+                        fprintf(f, "    %s%.*s=[%s blob data]%s\n",
+                                on,
+                                (int) (c - (const char*) data),
+                                (const char*) data,
+                                format_bytes(bytes, sizeof(bytes), length - (c - (const char *) data) - 1),
+                                off);
+                }
+        }
+
+        if (r < 0)
+                return r;
+
+        if (flags & OUTPUT_CATALOG)
+                print_catalog(f, j);
+
+        return 0;
+}
+
+static int output_export(
+                FILE *f,
+                sd_journal *j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags) {
+
+        sd_id128_t boot_id;
+        char sid[33];
+        int r;
+        usec_t realtime, monotonic;
+        _cleanup_free_ char *cursor = NULL;
+        const void *data;
+        size_t length;
+
+        assert(j);
+
+        sd_journal_set_data_threshold(j, 0);
+
+        r = sd_journal_get_realtime_usec(j, &realtime);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get realtime timestamp: %m");
+
+        r = sd_journal_get_monotonic_usec(j, &monotonic, &boot_id);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
+
+        r = sd_journal_get_cursor(j, &cursor);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get cursor: %m");
+
+        fprintf(f,
+                "__CURSOR=%s\n"
+                "__REALTIME_TIMESTAMP="USEC_FMT"\n"
+                "__MONOTONIC_TIMESTAMP="USEC_FMT"\n"
+                "_BOOT_ID=%s\n",
+                cursor,
+                realtime,
+                monotonic,
+                sd_id128_to_string(boot_id, sid));
+
+        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
+
+                /* We already printed the boot id, from the data in
+                 * the header, hence let's suppress it here */
+                if (length >= 9 &&
+                    startswith(data, "_BOOT_ID="))
+                        continue;
+
+                if (utf8_is_printable_newline(data, length, false))
+                        fwrite(data, length, 1, f);
+                else {
+                        const char *c;
+                        uint64_t le64;
+
+                        c = memchr(data, '=', length);
+                        if (!c) {
+                                log_error("Invalid field.");
+                                return -EINVAL;
+                        }
+
+                        fwrite(data, c - (const char*) data, 1, f);
+                        fputc('\n', f);
+                        le64 = htole64(length - (c - (const char*) data) - 1);
+                        fwrite(&le64, sizeof(le64), 1, f);
+                        fwrite(c + 1, length - (c - (const char*) data) - 1, 1, f);
+                }
+
+                fputc('\n', f);
+        }
+
+        if (r < 0)
+                return r;
+
+        fputc('\n', f);
+
+        return 0;
+}
+
+void json_escape(
+                FILE *f,
+                const char* p,
+                size_t l,
+                OutputFlags flags) {
+
+        assert(f);
+        assert(p);
+
+        if (!(flags & OUTPUT_SHOW_ALL) && l >= JSON_THRESHOLD)
+                fputs("null", f);
+
+        else if (!utf8_is_printable(p, l)) {
+                bool not_first = false;
+
+                fputs("[ ", f);
+
+                while (l > 0) {
+                        if (not_first)
+                                fprintf(f, ", %u", (uint8_t) *p);
+                        else {
+                                not_first = true;
+                                fprintf(f, "%u", (uint8_t) *p);
+                        }
+
+                        p++;
+                        l--;
+                }
+
+                fputs(" ]", f);
+        } else {
+                fputc('\"', f);
+
+                while (l > 0) {
+                        if (*p == '"' || *p == '\\') {
+                                fputc('\\', f);
+                                fputc(*p, f);
+                        } else if (*p == '\n')
+                                fputs("\\n", f);
+                        else if ((uint8_t) *p < ' ')
+                                fprintf(f, "\\u%04x", (uint8_t) *p);
+                        else
+                                fputc(*p, f);
+
+                        p++;
+                        l--;
+                }
+
+                fputc('\"', f);
+        }
+}
+
+static int output_json(
+                FILE *f,
+                sd_journal *j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags) {
+
+        uint64_t realtime, monotonic;
+        _cleanup_free_ char *cursor = NULL;
+        const void *data;
+        size_t length;
+        sd_id128_t boot_id;
+        char sid[33], *k;
+        int r;
+        Hashmap *h = NULL;
+        bool done, separator;
+
+        assert(j);
+
+        sd_journal_set_data_threshold(j, flags & OUTPUT_SHOW_ALL ? 0 : JSON_THRESHOLD);
+
+        r = sd_journal_get_realtime_usec(j, &realtime);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get realtime timestamp: %m");
+
+        r = sd_journal_get_monotonic_usec(j, &monotonic, &boot_id);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
+
+        r = sd_journal_get_cursor(j, &cursor);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get cursor: %m");
+
+        if (mode == OUTPUT_JSON_PRETTY)
+                fprintf(f,
+                        "{\n"
+                        "\t\"__CURSOR\" : \"%s\",\n"
+                        "\t\"__REALTIME_TIMESTAMP\" : \""USEC_FMT"\",\n"
+                        "\t\"__MONOTONIC_TIMESTAMP\" : \""USEC_FMT"\",\n"
+                        "\t\"_BOOT_ID\" : \"%s\"",
+                        cursor,
+                        realtime,
+                        monotonic,
+                        sd_id128_to_string(boot_id, sid));
+        else {
+                if (mode == OUTPUT_JSON_SSE)
+                        fputs("data: ", f);
+
+                fprintf(f,
+                        "{ \"__CURSOR\" : \"%s\", "
+                        "\"__REALTIME_TIMESTAMP\" : \""USEC_FMT"\", "
+                        "\"__MONOTONIC_TIMESTAMP\" : \""USEC_FMT"\", "
+                        "\"_BOOT_ID\" : \"%s\"",
+                        cursor,
+                        realtime,
+                        monotonic,
+                        sd_id128_to_string(boot_id, sid));
+        }
+
+        h = hashmap_new(&string_hash_ops);
+        if (!h)
+                return log_oom();
+
+        /* First round, iterate through the entry and count how often each field appears */
+        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
+                const char *eq;
+                char *n;
+                unsigned u;
+
+                if (length >= 9 &&
+                    memcmp(data, "_BOOT_ID=", 9) == 0)
+                        continue;
+
+                eq = memchr(data, '=', length);
+                if (!eq)
+                        continue;
+
+                n = strndup(data, eq - (const char*) data);
+                if (!n) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                u = PTR_TO_UINT(hashmap_get(h, n));
+                if (u == 0) {
+                        r = hashmap_put(h, n, UINT_TO_PTR(1));
+                        if (r < 0) {
+                                free(n);
+                                log_oom();
+                                goto finish;
+                        }
+                } else {
+                        r = hashmap_update(h, n, UINT_TO_PTR(u + 1));
+                        free(n);
+                        if (r < 0) {
+                                log_oom();
+                                goto finish;
+                        }
+                }
+        }
+
+        if (r < 0)
+                return r;
+
+        separator = true;
+        do {
+                done = true;
+
+                SD_JOURNAL_FOREACH_DATA(j, data, length) {
+                        const char *eq;
+                        char *kk, *n;
+                        size_t m;
+                        unsigned u;
+
+                        /* We already printed the boot id, from the data in
+                         * the header, hence let's suppress it here */
+                        if (length >= 9 &&
+                            memcmp(data, "_BOOT_ID=", 9) == 0)
+                                continue;
+
+                        eq = memchr(data, '=', length);
+                        if (!eq)
+                                continue;
+
+                        if (separator) {
+                                if (mode == OUTPUT_JSON_PRETTY)
+                                        fputs(",\n\t", f);
+                                else
+                                        fputs(", ", f);
+                        }
+
+                        m = eq - (const char*) data;
+
+                        n = strndup(data, m);
+                        if (!n) {
+                                r = log_oom();
+                                goto finish;
+                        }
+
+                        u = PTR_TO_UINT(hashmap_get2(h, n, (void**) &kk));
+                        if (u == 0) {
+                                /* We already printed this, let's jump to the next */
+                                free(n);
+                                separator = false;
+
+                                continue;
+                        } else if (u == 1) {
+                                /* Field only appears once, output it directly */
+
+                                json_escape(f, data, m, flags);
+                                fputs(" : ", f);
+
+                                json_escape(f, eq + 1, length - m - 1, flags);
+
+                                hashmap_remove(h, n);
+                                free(kk);
+                                free(n);
+
+                                separator = true;
+
+                                continue;
+
+                        } else {
+                                /* Field appears multiple times, output it as array */
+                                json_escape(f, data, m, flags);
+                                fputs(" : [ ", f);
+                                json_escape(f, eq + 1, length - m - 1, flags);
+
+                                /* Iterate through the end of the list */
+
+                                while (sd_journal_enumerate_data(j, &data, &length) > 0) {
+                                        if (length < m + 1)
+                                                continue;
+
+                                        if (memcmp(data, n, m) != 0)
+                                                continue;
+
+                                        if (((const char*) data)[m] != '=')
+                                                continue;
+
+                                        fputs(", ", f);
+                                        json_escape(f, (const char*) data + m + 1, length - m - 1, flags);
+                                }
+
+                                fputs(" ]", f);
+
+                                hashmap_remove(h, n);
+                                free(kk);
+                                free(n);
+
+                                /* Iterate data fields form the beginning */
+                                done = false;
+                                separator = true;
+
+                                break;
+                        }
+                }
+
+        } while (!done);
+
+        if (mode == OUTPUT_JSON_PRETTY)
+                fputs("\n}\n", f);
+        else if (mode == OUTPUT_JSON_SSE)
+                fputs("}\n\n", f);
+        else
+                fputs(" }\n", f);
+
+        r = 0;
+
+finish:
+        while ((k = hashmap_steal_first_key(h)))
+                free(k);
+
+        hashmap_free(h);
+
+        return r;
+}
+
+static int output_cat(
+                FILE *f,
+                sd_journal *j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags) {
+
+        const void *data;
+        size_t l;
+        int r;
+
+        assert(j);
+        assert(f);
+
+        sd_journal_set_data_threshold(j, 0);
+
+        r = sd_journal_get_data(j, "MESSAGE", &data, &l);
+        if (r < 0) {
+                /* An entry without MESSAGE=? */
+                if (r == -ENOENT)
+                        return 0;
+
+                return log_error_errno(r, "Failed to get data: %m");
+        }
+
+        assert(l >= 8);
+
+        fwrite((const char*) data + 8, 1, l - 8, f);
+        fputc('\n', f);
+
+        return 0;
+}
+
+static int (*output_funcs[_OUTPUT_MODE_MAX])(
+                FILE *f,
+                sd_journal*j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags) = {
+
+        [OUTPUT_SHORT] = output_short,
+        [OUTPUT_SHORT_ISO] = output_short,
+        [OUTPUT_SHORT_PRECISE] = output_short,
+        [OUTPUT_SHORT_MONOTONIC] = output_short,
+        [OUTPUT_SHORT_UNIX] = output_short,
+        [OUTPUT_VERBOSE] = output_verbose,
+        [OUTPUT_EXPORT] = output_export,
+        [OUTPUT_JSON] = output_json,
+        [OUTPUT_JSON_PRETTY] = output_json,
+        [OUTPUT_JSON_SSE] = output_json,
+        [OUTPUT_CAT] = output_cat
+};
+
+int output_journal(
+                FILE *f,
+                sd_journal *j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags,
+                bool *ellipsized) {
+
+        int ret;
+        assert(mode >= 0);
+        assert(mode < _OUTPUT_MODE_MAX);
+
+        if (n_columns <= 0)
+                n_columns = columns();
+
+        ret = output_funcs[mode](f, j, mode, n_columns, flags);
+        fflush(stdout);
+
+        if (ellipsized && ret > 0)
+                *ellipsized = true;
+
+        return ret;
+}
+
+static int maybe_print_begin_newline(FILE *f, OutputFlags *flags) {
+        assert(f);
+        assert(flags);
+
+        if (!(*flags & OUTPUT_BEGIN_NEWLINE))
+                return 0;
+
+        /* Print a beginning new line if that's request, but only once
+         * on the first line we print. */
+
+        fputc('\n', f);
+        *flags &= ~OUTPUT_BEGIN_NEWLINE;
+        return 0;
+}
+
+static int show_journal(FILE *f,
+                        sd_journal *j,
+                        OutputMode mode,
+                        unsigned n_columns,
+                        usec_t not_before,
+                        unsigned how_many,
+                        OutputFlags flags,
+                        bool *ellipsized) {
+
+        int r;
+        unsigned line = 0;
+        bool need_seek = false;
+        int warn_cutoff = flags & OUTPUT_WARN_CUTOFF;
+
+        assert(j);
+        assert(mode >= 0);
+        assert(mode < _OUTPUT_MODE_MAX);
+
+        /* Seek to end */
+        r = sd_journal_seek_tail(j);
+        if (r < 0)
+                return log_error_errno(r, "Failed to seek to tail: %m");
+
+        r = sd_journal_previous_skip(j, how_many);
+        if (r < 0)
+                return log_error_errno(r, "Failed to skip previous: %m");
+
+        for (;;) {
+                for (;;) {
+                        usec_t usec;
+
+                        if (need_seek) {
+                                r = sd_journal_next(j);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to iterate through journal: %m");
+                        }
+
+                        if (r == 0)
+                                break;
+
+                        need_seek = true;
+
+                        if (not_before > 0) {
+                                r = sd_journal_get_monotonic_usec(j, &usec, NULL);
+
+                                /* -ESTALE is returned if the
+                                   timestamp is not from this boot */
+                                if (r == -ESTALE)
+                                        continue;
+                                else if (r < 0)
+                                        return log_error_errno(r, "Failed to get journal time: %m");
+
+                                if (usec < not_before)
+                                        continue;
+                        }
+
+                        line++;
+                        maybe_print_begin_newline(f, &flags);
+
+                        r = output_journal(f, j, mode, n_columns, flags, ellipsized);
+                        if (r < 0)
+                                return r;
+                }
+
+                if (warn_cutoff && line < how_many && not_before > 0) {
+                        sd_id128_t boot_id;
+                        usec_t cutoff = 0;
+
+                        /* Check whether the cutoff line is too early */
+
+                        r = sd_id128_get_boot(&boot_id);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get boot id: %m");
+
+                        r = sd_journal_get_cutoff_monotonic_usec(j, boot_id, &cutoff, NULL);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to get journal cutoff time: %m");
+
+                        if (r > 0 && not_before < cutoff) {
+                                maybe_print_begin_newline(f, &flags);
+                                fprintf(f, "Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.\n");
+                        }
+
+                        warn_cutoff = false;
+                }
+
+                if (!(flags & OUTPUT_FOLLOW))
+                        break;
+
+                r = sd_journal_wait(j, USEC_INFINITY);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to wait for journal: %m");
+
+        }
+
+        return 0;
+}
+
+int add_matches_for_unit(sd_journal *j, const char *unit) {
+        const char *m1, *m2, *m3, *m4;
+        int r;
+
+        assert(j);
+        assert(unit);
+
+        m1 = strjoina("_SYSTEMD_UNIT=", unit);
+        m2 = strjoina("COREDUMP_UNIT=", unit);
+        m3 = strjoina("UNIT=", unit);
+        m4 = strjoina("OBJECT_SYSTEMD_UNIT=", unit);
+
+        (void)(
+            /* Look for messages from the service itself */
+            (r = sd_journal_add_match(j, m1, 0)) ||
+
+            /* Look for coredumps of the service */
+            (r = sd_journal_add_disjunction(j)) ||
+            (r = sd_journal_add_match(j, "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1", 0)) ||
+            (r = sd_journal_add_match(j, "_UID=0", 0)) ||
+            (r = sd_journal_add_match(j, m2, 0)) ||
+
+             /* Look for messages from PID 1 about this service */
+            (r = sd_journal_add_disjunction(j)) ||
+            (r = sd_journal_add_match(j, "_PID=1", 0)) ||
+            (r = sd_journal_add_match(j, m3, 0)) ||
+
+            /* Look for messages from authorized daemons about this service */
+            (r = sd_journal_add_disjunction(j)) ||
+            (r = sd_journal_add_match(j, "_UID=0", 0)) ||
+            (r = sd_journal_add_match(j, m4, 0))
+        );
+
+        if (r == 0 && endswith(unit, ".slice")) {
+                const char *m5;
+
+                m5 = strjoina("_SYSTEMD_SLICE=", unit);
+
+                /* Show all messages belonging to a slice */
+                (void)(
+                        (r = sd_journal_add_disjunction(j)) ||
+                        (r = sd_journal_add_match(j, m5, 0))
+                        );
+        }
+
+        return r;
+}
+
+int add_matches_for_user_unit(sd_journal *j, const char *unit, uid_t uid) {
+        int r;
+        char *m1, *m2, *m3, *m4;
+        char muid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)];
+
+        assert(j);
+        assert(unit);
+
+        m1 = strjoina("_SYSTEMD_USER_UNIT=", unit);
+        m2 = strjoina("USER_UNIT=", unit);
+        m3 = strjoina("COREDUMP_USER_UNIT=", unit);
+        m4 = strjoina("OBJECT_SYSTEMD_USER_UNIT=", unit);
+        sprintf(muid, "_UID="UID_FMT, uid);
+
+        (void) (
+                /* Look for messages from the user service itself */
+                (r = sd_journal_add_match(j, m1, 0)) ||
+                (r = sd_journal_add_match(j, muid, 0)) ||
+
+                /* Look for messages from systemd about this service */
+                (r = sd_journal_add_disjunction(j)) ||
+                (r = sd_journal_add_match(j, m2, 0)) ||
+                (r = sd_journal_add_match(j, muid, 0)) ||
+
+                /* Look for coredumps of the service */
+                (r = sd_journal_add_disjunction(j)) ||
+                (r = sd_journal_add_match(j, m3, 0)) ||
+                (r = sd_journal_add_match(j, muid, 0)) ||
+                (r = sd_journal_add_match(j, "_UID=0", 0)) ||
+
+                /* Look for messages from authorized daemons about this service */
+                (r = sd_journal_add_disjunction(j)) ||
+                (r = sd_journal_add_match(j, m4, 0)) ||
+                (r = sd_journal_add_match(j, muid, 0)) ||
+                (r = sd_journal_add_match(j, "_UID=0", 0))
+        );
+
+        if (r == 0 && endswith(unit, ".slice")) {
+                const char *m5;
+
+                m5 = strjoina("_SYSTEMD_SLICE=", unit);
+
+                /* Show all messages belonging to a slice */
+                (void)(
+                        (r = sd_journal_add_disjunction(j)) ||
+                        (r = sd_journal_add_match(j, m5, 0)) ||
+                        (r = sd_journal_add_match(j, muid, 0))
+                        );
+        }
+
+        return r;
+}
+
+static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) {
+        _cleanup_close_pair_ int pair[2] = { -1, -1 };
+        _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, rootfd = -1;
+        pid_t pid, child;
+        siginfo_t si;
+        char buf[37];
+        ssize_t k;
+        int r;
+
+        assert(machine);
+        assert(boot_id);
+
+        if (!machine_name_is_valid(machine))
+                return -EINVAL;
+
+        r = container_get_leader(machine, &pid);
+        if (r < 0)
+                return r;
+
+        r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, NULL, &rootfd);
+        if (r < 0)
+                return r;
+
+        if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
+                return -errno;
+
+        child = fork();
+        if (child < 0)
+                return -errno;
+
+        if (child == 0) {
+                int fd;
+
+                pair[0] = safe_close(pair[0]);
+
+                r = namespace_enter(pidnsfd, mntnsfd, -1, -1, rootfd);
+                if (r < 0)
+                        _exit(EXIT_FAILURE);
+
+                fd = open("/proc/sys/kernel/random/boot_id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
+                if (fd < 0)
+                        _exit(EXIT_FAILURE);
+
+                r = loop_read_exact(fd, buf, 36, false);
+                safe_close(fd);
+                if (r < 0)
+                        _exit(EXIT_FAILURE);
+
+                k = send(pair[1], buf, 36, MSG_NOSIGNAL);
+                if (k != 36)
+                        _exit(EXIT_FAILURE);
+
+                _exit(EXIT_SUCCESS);
+        }
+
+        pair[1] = safe_close(pair[1]);
+
+        r = wait_for_terminate(child, &si);
+        if (r < 0 || si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS)
+                return r < 0 ? r : -EIO;
+
+        k = recv(pair[0], buf, 36, 0);
+        if (k != 36)
+                return -EIO;
+
+        buf[36] = 0;
+        r = sd_id128_from_string(buf, boot_id);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int add_match_this_boot(sd_journal *j, const char *machine) {
+        char match[9+32+1] = "_BOOT_ID=";
+        sd_id128_t boot_id;
+        int r;
+
+        assert(j);
+
+        if (machine) {
+                r = get_boot_id_for_machine(machine, &boot_id);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get boot id of container %s: %m", machine);
+        } else {
+                r = sd_id128_get_boot(&boot_id);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get boot id: %m");
+        }
+
+        sd_id128_to_string(boot_id, match + 9);
+        r = sd_journal_add_match(j, match, strlen(match));
+        if (r < 0)
+                return log_error_errno(r, "Failed to add match: %m");
+
+        r = sd_journal_add_conjunction(j);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add conjunction: %m");
+
+        return 0;
+}
+
+int show_journal_by_unit(
+                FILE *f,
+                const char *unit,
+                OutputMode mode,
+                unsigned n_columns,
+                usec_t not_before,
+                unsigned how_many,
+                uid_t uid,
+                OutputFlags flags,
+                int journal_open_flags,
+                bool system_unit,
+                bool *ellipsized) {
+
+        _cleanup_(sd_journal_closep) sd_journal *j = NULL;
+        int r;
+
+        assert(mode >= 0);
+        assert(mode < _OUTPUT_MODE_MAX);
+        assert(unit);
+
+        if (how_many <= 0)
+                return 0;
+
+        r = sd_journal_open(&j, journal_open_flags);
+        if (r < 0)
+                return log_error_errno(r, "Failed to open journal: %m");
+
+        r = add_match_this_boot(j, NULL);
+        if (r < 0)
+                return r;
+
+        if (system_unit)
+                r = add_matches_for_unit(j, unit);
+        else
+                r = add_matches_for_user_unit(j, unit, uid);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add unit matches: %m");
+
+        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
+                _cleanup_free_ char *filter;
+
+                filter = journal_make_match_string(j);
+                if (!filter)
+                        return log_oom();
+
+                log_debug("Journal filter: %s", filter);
+        }
+
+        return show_journal(f, j, mode, n_columns, not_before, how_many, flags, ellipsized);
+}
diff --git a/src/libshared/logs-show.h b/src/libshared/logs-show.h
new file mode 100644
index 0000000000..15fe5b6e5c
--- /dev/null
+++ b/src/libshared/logs-show.h
@@ -0,0 +1,70 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <sys/types.h>
+
+#include <systemd/sd-journal.h>
+
+#include "macro.h"
+#include "output-mode.h"
+#include "time-util.h"
+#include "util.h"
+
+int output_journal(
+                FILE *f,
+                sd_journal *j,
+                OutputMode mode,
+                unsigned n_columns,
+                OutputFlags flags,
+                bool *ellipsized);
+
+int add_match_this_boot(sd_journal *j, const char *machine);
+
+int add_matches_for_unit(
+                sd_journal *j,
+                const char *unit);
+
+int add_matches_for_user_unit(
+                sd_journal *j,
+                const char *unit,
+                uid_t uid);
+
+int show_journal_by_unit(
+                FILE *f,
+                const char *unit,
+                OutputMode mode,
+                unsigned n_columns,
+                usec_t not_before,
+                unsigned how_many,
+                uid_t uid,
+                OutputFlags flags,
+                int journal_open_flags,
+                bool system_unit,
+                bool *ellipsized);
+
+void json_escape(
+                FILE *f,
+                const char* p,
+                size_t l,
+                OutputFlags flags);
diff --git a/src/shared/machine-image.c b/src/libshared/machine-image.c
index 529d89ee2a..529d89ee2a 100644
--- a/src/shared/machine-image.c
+++ b/src/libshared/machine-image.c
diff --git a/src/shared/machine-image.h b/src/libshared/machine-image.h
index 7410168c4f..7410168c4f 100644
--- a/src/shared/machine-image.h
+++ b/src/libshared/machine-image.h
diff --git a/src/libshared/machine-pool.c b/src/libshared/machine-pool.c
new file mode 100644
index 0000000000..c36efa0102
--- /dev/null
+++ b/src/libshared/machine-pool.c
@@ -0,0 +1,426 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/loop.h>
+#include <signal.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/file.h>
+#include <sys/ioctl.h>
+#include <sys/mount.h>
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <sys/statfs.h>
+#include <sys/statvfs.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus-protocol.h>
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "lockfile-util.h"
+#include "log.h"
+#include "machine-pool.h"
+#include "macro.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "mount-util.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "signal-util.h"
+#include "stat-util.h"
+#include "string-util.h"
+
+#define VAR_LIB_MACHINES_SIZE_START (1024UL*1024UL*500UL)
+#define VAR_LIB_MACHINES_FREE_MIN (1024UL*1024UL*750UL)
+
+static int check_btrfs(void) {
+        struct statfs sfs;
+
+        if (statfs("/var/lib/machines", &sfs) < 0) {
+                if (errno != ENOENT)
+                        return -errno;
+
+                if (statfs("/var/lib", &sfs) < 0)
+                        return -errno;
+        }
+
+        return F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC);
+}
+
+static int setup_machine_raw(uint64_t size, sd_bus_error *error) {
+        _cleanup_free_ char *tmp = NULL;
+        _cleanup_close_ int fd = -1;
+        struct statvfs ss;
+        pid_t pid = 0;
+        siginfo_t si;
+        int r;
+
+        /* We want to be able to make use of btrfs-specific file
+         * system features, in particular subvolumes, reflinks and
+         * quota. Hence, if we detect that /var/lib/machines.raw is
+         * not located on btrfs, let's create a loopback file, place a
+         * btrfs file system into it, and mount it to
+         * /var/lib/machines. */
+
+        fd = open("/var/lib/machines.raw", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
+        if (fd >= 0) {
+                r = fd;
+                fd = -1;
+                return r;
+        }
+
+        if (errno != ENOENT)
+                return sd_bus_error_set_errnof(error, errno, "Failed to open /var/lib/machines.raw: %m");
+
+        r = tempfn_xxxxxx("/var/lib/machines.raw", NULL, &tmp);
+        if (r < 0)
+                return r;
+
+        (void) mkdir_p_label("/var/lib", 0755);
+        fd = open(tmp, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0600);
+        if (fd < 0)
+                return sd_bus_error_set_errnof(error, errno, "Failed to create /var/lib/machines.raw: %m");
+
+        if (fstatvfs(fd, &ss) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to determine free space on /var/lib/machines.raw: %m");
+                goto fail;
+        }
+
+        if (ss.f_bsize * ss.f_bavail < VAR_LIB_MACHINES_FREE_MIN) {
+                r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Not enough free disk space to set up /var/lib/machines.");
+                goto fail;
+        }
+
+        if (ftruncate(fd, size) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to enlarge /var/lib/machines.raw: %m");
+                goto fail;
+        }
+
+        pid = fork();
+        if (pid < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to fork mkfs.btrfs: %m");
+                goto fail;
+        }
+
+        if (pid == 0) {
+
+                /* Child */
+
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
+
+                fd = safe_close(fd);
+
+                execlp("mkfs.btrfs", "-Lvar-lib-machines", tmp, NULL);
+                if (errno == ENOENT)
+                        _exit(99);
+
+                _exit(EXIT_FAILURE);
+        }
+
+        r = wait_for_terminate(pid, &si);
+        if (r < 0) {
+                sd_bus_error_set_errnof(error, r, "Failed to wait for mkfs.btrfs: %m");
+                goto fail;
+        }
+
+        pid = 0;
+
+        if (si.si_code != CLD_EXITED) {
+                r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "mkfs.btrfs died abnormally.");
+                goto fail;
+        }
+        if (si.si_status == 99) {
+                r = sd_bus_error_set_errnof(error, ENOENT, "Cannot set up /var/lib/machines, mkfs.btrfs is missing");
+                goto fail;
+        }
+        if (si.si_status != 0) {
+                r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "mkfs.btrfs failed with error code %i", si.si_status);
+                goto fail;
+        }
+
+        r = rename_noreplace(AT_FDCWD, tmp, AT_FDCWD, "/var/lib/machines.raw");
+        if (r < 0) {
+                sd_bus_error_set_errnof(error, r, "Failed to move /var/lib/machines.raw into place: %m");
+                goto fail;
+        }
+
+        r = fd;
+        fd = -1;
+
+        return r;
+
+fail:
+        unlink_noerrno(tmp);
+
+        if (pid > 1)
+                kill_and_sigcont(pid, SIGKILL);
+
+        return r;
+}
+
+int setup_machine_directory(uint64_t size, sd_bus_error *error) {
+        _cleanup_release_lock_file_ LockFile lock_file = LOCK_FILE_INIT;
+        struct loop_info64 info = {
+                .lo_flags = LO_FLAGS_AUTOCLEAR,
+        };
+        _cleanup_close_ int fd = -1, control = -1, loop = -1;
+        _cleanup_free_ char* loopdev = NULL;
+        char tmpdir[] = "/tmp/machine-pool.XXXXXX", *mntdir = NULL;
+        bool tmpdir_made = false, mntdir_made = false, mntdir_mounted = false;
+        char buf[FORMAT_BYTES_MAX];
+        int r, nr = -1;
+
+        /* btrfs cannot handle file systems < 16M, hence use this as minimum */
+        if (size == (uint64_t) -1)
+                size = VAR_LIB_MACHINES_SIZE_START;
+        else if (size < 16*1024*1024)
+                size = 16*1024*1024;
+
+        /* Make sure we only set the directory up once at a time */
+        r = make_lock_file("/run/systemd/machines.lock", LOCK_EX, &lock_file);
+        if (r < 0)
+                return r;
+
+        r = check_btrfs();
+        if (r < 0)
+                return sd_bus_error_set_errnof(error, r, "Failed to determine whether /var/lib/machines is located on btrfs: %m");
+        if (r > 0) {
+                (void) btrfs_subvol_make_label("/var/lib/machines");
+
+                r = btrfs_quota_enable("/var/lib/machines", true);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to enable quota for /var/lib/machines, ignoring: %m");
+
+                r = btrfs_subvol_auto_qgroup("/var/lib/machines", 0, true);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to set up default quota hierarchy for /var/lib/machines, ignoring: %m");
+
+                return 1;
+        }
+
+        if (path_is_mount_point("/var/lib/machines", AT_SYMLINK_FOLLOW) > 0) {
+                log_debug("/var/lib/machines is already a mount point, not creating loopback file for it.");
+                return 0;
+        }
+
+        r = dir_is_populated("/var/lib/machines");
+        if (r < 0 && r != -ENOENT)
+                return r;
+        if (r > 0) {
+                log_debug("/var/log/machines is already populated, not creating loopback file for it.");
+                return 0;
+        }
+
+        r = mkfs_exists("btrfs");
+        if (r == 0)
+                return sd_bus_error_set_errnof(error, ENOENT, "Cannot set up /var/lib/machines, mkfs.btrfs is missing");
+        if (r < 0)
+                return r;
+
+        fd = setup_machine_raw(size, error);
+        if (fd < 0)
+                return fd;
+
+        control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
+        if (control < 0)
+                return sd_bus_error_set_errnof(error, errno, "Failed to open /dev/loop-control: %m");
+
+        nr = ioctl(control, LOOP_CTL_GET_FREE);
+        if (nr < 0)
+                return sd_bus_error_set_errnof(error, errno, "Failed to allocate loop device: %m");
+
+        if (asprintf(&loopdev, "/dev/loop%i", nr) < 0) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        loop = open(loopdev, O_CLOEXEC|O_RDWR|O_NOCTTY|O_NONBLOCK);
+        if (loop < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to open loopback device: %m");
+                goto fail;
+        }
+
+        if (ioctl(loop, LOOP_SET_FD, fd) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to bind loopback device: %m");
+                goto fail;
+        }
+
+        if (ioctl(loop, LOOP_SET_STATUS64, &info) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to enable auto-clear for loopback device: %m");
+                goto fail;
+        }
+
+        /* We need to make sure the new /var/lib/machines directory
+         * has an access mode of 0700 at the time it is first made
+         * available. mkfs will create it with 0755 however. Hence,
+         * let's mount the directory into an inaccessible directory
+         * below /tmp first, fix the access mode, and move it to the
+         * public place then. */
+
+        if (!mkdtemp(tmpdir)) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to create temporary mount parent directory: %m");
+                goto fail;
+        }
+        tmpdir_made = true;
+
+        mntdir = strjoina(tmpdir, "/mnt");
+        if (mkdir(mntdir, 0700) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to create temporary mount directory: %m");
+                goto fail;
+        }
+        mntdir_made = true;
+
+        if (mount(loopdev, mntdir, "btrfs", 0, NULL) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to mount loopback device: %m");
+                goto fail;
+        }
+        mntdir_mounted = true;
+
+        r = btrfs_quota_enable(mntdir, true);
+        if (r < 0)
+                log_warning_errno(r, "Failed to enable quota, ignoring: %m");
+
+        r = btrfs_subvol_auto_qgroup(mntdir, 0, true);
+        if (r < 0)
+                log_warning_errno(r, "Failed to set up default quota hierarchy, ignoring: %m");
+
+        if (chmod(mntdir, 0700) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to fix owner: %m");
+                goto fail;
+        }
+
+        (void) mkdir_p_label("/var/lib/machines", 0700);
+
+        if (mount(mntdir, "/var/lib/machines", NULL, MS_BIND, NULL) < 0) {
+                r = sd_bus_error_set_errnof(error, errno, "Failed to mount directory into right place: %m");
+                goto fail;
+        }
+
+        (void) syncfs(fd);
+
+        log_info("Set up /var/lib/machines as btrfs loopback file system of size %s mounted on /var/lib/machines.raw.", format_bytes(buf, sizeof(buf), size));
+
+        (void) umount2(mntdir, MNT_DETACH);
+        (void) rmdir(mntdir);
+        (void) rmdir(tmpdir);
+
+        return 1;
+
+fail:
+        if (mntdir_mounted)
+                (void) umount2(mntdir, MNT_DETACH);
+
+        if (mntdir_made)
+                (void) rmdir(mntdir);
+        if (tmpdir_made)
+                (void) rmdir(tmpdir);
+
+        if (loop >= 0) {
+                (void) ioctl(loop, LOOP_CLR_FD);
+                loop = safe_close(loop);
+        }
+
+        if (control >= 0 && nr >= 0)
+                (void) ioctl(control, LOOP_CTL_REMOVE, nr);
+
+        return r;
+}
+
+static int sync_path(const char *p) {
+        _cleanup_close_ int fd = -1;
+
+        fd = open(p, O_RDONLY|O_CLOEXEC|O_NOCTTY);
+        if (fd < 0)
+                return -errno;
+
+        if (syncfs(fd) < 0)
+                return -errno;
+
+        return 0;
+}
+
+int grow_machine_directory(void) {
+        char buf[FORMAT_BYTES_MAX];
+        struct statvfs a, b;
+        uint64_t old_size, new_size, max_add;
+        int r;
+
+        /* Ensure the disk space data is accurate */
+        sync_path("/var/lib/machines");
+        sync_path("/var/lib/machines.raw");
+
+        if (statvfs("/var/lib/machines.raw", &a) < 0)
+                return -errno;
+
+        if (statvfs("/var/lib/machines", &b) < 0)
+                return -errno;
+
+        /* Don't grow if not enough disk space is available on the host */
+        if (((uint64_t) a.f_bavail * (uint64_t) a.f_bsize) <= VAR_LIB_MACHINES_FREE_MIN)
+                return 0;
+
+        /* Don't grow if at least 1/3th of the fs is still free */
+        if (b.f_bavail > b.f_blocks / 3)
+                return 0;
+
+        /* Calculate how much we are willing to add at most */
+        max_add = ((uint64_t) a.f_bavail * (uint64_t) a.f_bsize) - VAR_LIB_MACHINES_FREE_MIN;
+
+        /* Calculate the old size */
+        old_size = (uint64_t) b.f_blocks * (uint64_t) b.f_bsize;
+
+        /* Calculate the new size as three times the size of what is used right now */
+        new_size = ((uint64_t) b.f_blocks - (uint64_t) b.f_bavail) * (uint64_t) b.f_bsize * 3;
+
+        /* Always, grow at least to the start size */
+        if (new_size < VAR_LIB_MACHINES_SIZE_START)
+                new_size = VAR_LIB_MACHINES_SIZE_START;
+
+        /* If the new size is smaller than the old size, don't grow */
+        if (new_size < old_size)
+                return 0;
+
+        /* Ensure we never add more than the maximum */
+        if (new_size > old_size + max_add)
+                new_size = old_size + max_add;
+
+        r = btrfs_resize_loopback("/var/lib/machines", new_size, true);
+        if (r <= 0)
+                return r;
+
+        /* Also bump the quota, of both the subvolume leaf qgroup, as
+         * well as of any subtree quota group by the same id but a
+         * higher level, if it exists. */
+        (void) btrfs_qgroup_set_limit("/var/lib/machines", 0, new_size);
+        (void) btrfs_subvol_set_subtree_quota_limit("/var/lib/machines", 0, new_size);
+
+        log_info("Grew /var/lib/machines btrfs loopback file system to %s.", format_bytes(buf, sizeof(buf), new_size));
+        return 1;
+}
diff --git a/src/libshared/machine-pool.h b/src/libshared/machine-pool.h
new file mode 100644
index 0000000000..fe99b7e0ae
--- /dev/null
+++ b/src/libshared/machine-pool.h
@@ -0,0 +1,30 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdint.h>
+
+#include <systemd/sd-bus.h>
+
+/* Grow the /var/lib/machines directory after each 10MiB written */
+#define GROW_INTERVAL_BYTES (UINT64_C(10) * UINT64_C(1024) * UINT64_C(1024))
+
+int setup_machine_directory(uint64_t size, sd_bus_error *error);
+int grow_machine_directory(void);
diff --git a/src/shared/output-mode.c b/src/libshared/output-mode.c
index bec53ee0ae..bec53ee0ae 100644
--- a/src/shared/output-mode.c
+++ b/src/libshared/output-mode.c
diff --git a/src/shared/output-mode.h b/src/libshared/output-mode.h
index f37189e57f..f37189e57f 100644
--- a/src/shared/output-mode.h
+++ b/src/libshared/output-mode.h
diff --git a/src/shared/pager.c b/src/libshared/pager.c
index c16bc027be..c16bc027be 100644
--- a/src/shared/pager.c
+++ b/src/libshared/pager.c
diff --git a/src/shared/pager.h b/src/libshared/pager.h
index 893e1d2bb6..893e1d2bb6 100644
--- a/src/shared/pager.h
+++ b/src/libshared/pager.h
diff --git a/src/shared/path-lookup.c b/src/libshared/path-lookup.c
index ca593b6963..ca593b6963 100644
--- a/src/shared/path-lookup.c
+++ b/src/libshared/path-lookup.c
diff --git a/src/shared/path-lookup.h b/src/libshared/path-lookup.h
index f9bb2fe237..f9bb2fe237 100644
--- a/src/shared/path-lookup.h
+++ b/src/libshared/path-lookup.h
diff --git a/src/libshared/ptyfwd.c b/src/libshared/ptyfwd.c
new file mode 100644
index 0000000000..9629b50ed9
--- /dev/null
+++ b/src/libshared/ptyfwd.c
@@ -0,0 +1,484 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010-2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <limits.h>
+#include <signal.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/epoll.h>
+#include <sys/ioctl.h>
+#include <sys/time.h>
+#include <termios.h>
+#include <unistd.h>
+
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "log.h"
+#include "macro.h"
+#include "ptyfwd.h"
+#include "time-util.h"
+
+struct PTYForward {
+        sd_event *event;
+
+        int master;
+
+        PTYForwardFlags flags;
+
+        sd_event_source *stdin_event_source;
+        sd_event_source *stdout_event_source;
+        sd_event_source *master_event_source;
+
+        sd_event_source *sigwinch_event_source;
+
+        struct termios saved_stdin_attr;
+        struct termios saved_stdout_attr;
+
+        bool saved_stdin:1;
+        bool saved_stdout:1;
+
+        bool stdin_readable:1;
+        bool stdin_hangup:1;
+        bool stdout_writable:1;
+        bool stdout_hangup:1;
+        bool master_readable:1;
+        bool master_writable:1;
+        bool master_hangup:1;
+
+        bool read_from_master:1;
+
+        bool last_char_set:1;
+        char last_char;
+
+        char in_buffer[LINE_MAX], out_buffer[LINE_MAX];
+        size_t in_buffer_full, out_buffer_full;
+
+        usec_t escape_timestamp;
+        unsigned escape_counter;
+};
+
+#define ESCAPE_USEC (1*USEC_PER_SEC)
+
+static bool look_for_escape(PTYForward *f, const char *buffer, size_t n) {
+        const char *p;
+
+        assert(f);
+        assert(buffer);
+        assert(n > 0);
+
+        for (p = buffer; p < buffer + n; p++) {
+
+                /* Check for ^] */
+                if (*p == 0x1D) {
+                        usec_t nw = now(CLOCK_MONOTONIC);
+
+                        if (f->escape_counter == 0 || nw > f->escape_timestamp + ESCAPE_USEC)  {
+                                f->escape_timestamp = nw;
+                                f->escape_counter = 1;
+                        } else {
+                                (f->escape_counter)++;
+
+                                if (f->escape_counter >= 3)
+                                        return true;
+                        }
+                } else {
+                        f->escape_timestamp = 0;
+                        f->escape_counter = 0;
+                }
+        }
+
+        return false;
+}
+
+static bool ignore_vhangup(PTYForward *f) {
+        assert(f);
+
+        if (f->flags & PTY_FORWARD_IGNORE_VHANGUP)
+                return true;
+
+        if ((f->flags & PTY_FORWARD_IGNORE_INITIAL_VHANGUP) && !f->read_from_master)
+                return true;
+
+        return false;
+}
+
+static int shovel(PTYForward *f) {
+        ssize_t k;
+
+        assert(f);
+
+        while ((f->stdin_readable && f->in_buffer_full <= 0) ||
+               (f->master_writable && f->in_buffer_full > 0) ||
+               (f->master_readable && f->out_buffer_full <= 0) ||
+               (f->stdout_writable && f->out_buffer_full > 0)) {
+
+                if (f->stdin_readable && f->in_buffer_full < LINE_MAX) {
+
+                        k = read(STDIN_FILENO, f->in_buffer + f->in_buffer_full, LINE_MAX - f->in_buffer_full);
+                        if (k < 0) {
+
+                                if (errno == EAGAIN)
+                                        f->stdin_readable = false;
+                                else if (errno == EIO || errno == EPIPE || errno == ECONNRESET) {
+                                        f->stdin_readable = false;
+                                        f->stdin_hangup = true;
+
+                                        f->stdin_event_source = sd_event_source_unref(f->stdin_event_source);
+                                } else {
+                                        log_error_errno(errno, "read(): %m");
+                                        return sd_event_exit(f->event, EXIT_FAILURE);
+                                }
+                        } else if (k == 0) {
+                                /* EOF on stdin */
+                                f->stdin_readable = false;
+                                f->stdin_hangup = true;
+
+                                f->stdin_event_source = sd_event_source_unref(f->stdin_event_source);
+                        } else  {
+                                /* Check if ^] has been
+                                 * pressed three times within
+                                 * one second. If we get this
+                                 * we quite immediately. */
+                                if (look_for_escape(f, f->in_buffer + f->in_buffer_full, k))
+                                        return sd_event_exit(f->event, EXIT_FAILURE);
+
+                                f->in_buffer_full += (size_t) k;
+                        }
+                }
+
+                if (f->master_writable && f->in_buffer_full > 0) {
+
+                        k = write(f->master, f->in_buffer, f->in_buffer_full);
+                        if (k < 0) {
+
+                                if (errno == EAGAIN || errno == EIO)
+                                        f->master_writable = false;
+                                else if (errno == EPIPE || errno == ECONNRESET) {
+                                        f->master_writable = f->master_readable = false;
+                                        f->master_hangup = true;
+
+                                        f->master_event_source = sd_event_source_unref(f->master_event_source);
+                                } else {
+                                        log_error_errno(errno, "write(): %m");
+                                        return sd_event_exit(f->event, EXIT_FAILURE);
+                                }
+                        } else {
+                                assert(f->in_buffer_full >= (size_t) k);
+                                memmove(f->in_buffer, f->in_buffer + k, f->in_buffer_full - k);
+                                f->in_buffer_full -= k;
+                        }
+                }
+
+                if (f->master_readable && f->out_buffer_full < LINE_MAX) {
+
+                        k = read(f->master, f->out_buffer + f->out_buffer_full, LINE_MAX - f->out_buffer_full);
+                        if (k < 0) {
+
+                                /* Note that EIO on the master device
+                                 * might be caused by vhangup() or
+                                 * temporary closing of everything on
+                                 * the other side, we treat it like
+                                 * EAGAIN here and try again, unless
+                                 * ignore_vhangup is off. */
+
+                                if (errno == EAGAIN || (errno == EIO && ignore_vhangup(f)))
+                                        f->master_readable = false;
+                                else if (errno == EPIPE || errno == ECONNRESET || errno == EIO) {
+                                        f->master_readable = f->master_writable = false;
+                                        f->master_hangup = true;
+
+                                        f->master_event_source = sd_event_source_unref(f->master_event_source);
+                                } else {
+                                        log_error_errno(errno, "read(): %m");
+                                        return sd_event_exit(f->event, EXIT_FAILURE);
+                                }
+                        }  else {
+                                f->read_from_master = true;
+                                f->out_buffer_full += (size_t) k;
+                        }
+                }
+
+                if (f->stdout_writable && f->out_buffer_full > 0) {
+
+                        k = write(STDOUT_FILENO, f->out_buffer, f->out_buffer_full);
+                        if (k < 0) {
+
+                                if (errno == EAGAIN)
+                                        f->stdout_writable = false;
+                                else if (errno == EIO || errno == EPIPE || errno == ECONNRESET) {
+                                        f->stdout_writable = false;
+                                        f->stdout_hangup = true;
+                                        f->stdout_event_source = sd_event_source_unref(f->stdout_event_source);
+                                } else {
+                                        log_error_errno(errno, "write(): %m");
+                                        return sd_event_exit(f->event, EXIT_FAILURE);
+                                }
+
+                        } else {
+
+                                if (k > 0) {
+                                        f->last_char = f->out_buffer[k-1];
+                                        f->last_char_set = true;
+                                }
+
+                                assert(f->out_buffer_full >= (size_t) k);
+                                memmove(f->out_buffer, f->out_buffer + k, f->out_buffer_full - k);
+                                f->out_buffer_full -= k;
+                        }
+                }
+        }
+
+        if (f->stdin_hangup || f->stdout_hangup || f->master_hangup) {
+                /* Exit the loop if any side hung up and if there's
+                 * nothing more to write or nothing we could write. */
+
+                if ((f->out_buffer_full <= 0 || f->stdout_hangup) &&
+                    (f->in_buffer_full <= 0 || f->master_hangup))
+                        return sd_event_exit(f->event, EXIT_SUCCESS);
+        }
+
+        return 0;
+}
+
+static int on_master_event(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
+        PTYForward *f = userdata;
+
+        assert(f);
+        assert(e);
+        assert(e == f->master_event_source);
+        assert(fd >= 0);
+        assert(fd == f->master);
+
+        if (revents & (EPOLLIN|EPOLLHUP))
+                f->master_readable = true;
+
+        if (revents & (EPOLLOUT|EPOLLHUP))
+                f->master_writable = true;
+
+        return shovel(f);
+}
+
+static int on_stdin_event(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
+        PTYForward *f = userdata;
+
+        assert(f);
+        assert(e);
+        assert(e == f->stdin_event_source);
+        assert(fd >= 0);
+        assert(fd == STDIN_FILENO);
+
+        if (revents & (EPOLLIN|EPOLLHUP))
+                f->stdin_readable = true;
+
+        return shovel(f);
+}
+
+static int on_stdout_event(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
+        PTYForward *f = userdata;
+
+        assert(f);
+        assert(e);
+        assert(e == f->stdout_event_source);
+        assert(fd >= 0);
+        assert(fd == STDOUT_FILENO);
+
+        if (revents & (EPOLLOUT|EPOLLHUP))
+                f->stdout_writable = true;
+
+        return shovel(f);
+}
+
+static int on_sigwinch_event(sd_event_source *e, const struct signalfd_siginfo *si, void *userdata) {
+        PTYForward *f = userdata;
+        struct winsize ws;
+
+        assert(f);
+        assert(e);
+        assert(e == f->sigwinch_event_source);
+
+        /* The window size changed, let's forward that. */
+        if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &ws) >= 0)
+                (void) ioctl(f->master, TIOCSWINSZ, &ws);
+
+        return 0;
+}
+
+int pty_forward_new(
+                sd_event *event,
+                int master,
+                PTYForwardFlags flags,
+                PTYForward **ret) {
+
+        _cleanup_(pty_forward_freep) PTYForward *f = NULL;
+        struct winsize ws;
+        int r;
+
+        f = new0(PTYForward, 1);
+        if (!f)
+                return -ENOMEM;
+
+        f->flags = flags;
+
+        if (event)
+                f->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&f->event);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!(flags & PTY_FORWARD_READ_ONLY)) {
+                r = fd_nonblock(STDIN_FILENO, true);
+                if (r < 0)
+                        return r;
+
+                r = fd_nonblock(STDOUT_FILENO, true);
+                if (r < 0)
+                        return r;
+        }
+
+        r = fd_nonblock(master, true);
+        if (r < 0)
+                return r;
+
+        f->master = master;
+
+        if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &ws) >= 0)
+                (void) ioctl(master, TIOCSWINSZ, &ws);
+
+        if (!(flags & PTY_FORWARD_READ_ONLY)) {
+                if (tcgetattr(STDIN_FILENO, &f->saved_stdin_attr) >= 0) {
+                        struct termios raw_stdin_attr;
+
+                        f->saved_stdin = true;
+
+                        raw_stdin_attr = f->saved_stdin_attr;
+                        cfmakeraw(&raw_stdin_attr);
+                        raw_stdin_attr.c_oflag = f->saved_stdin_attr.c_oflag;
+                        tcsetattr(STDIN_FILENO, TCSANOW, &raw_stdin_attr);
+                }
+
+                if (tcgetattr(STDOUT_FILENO, &f->saved_stdout_attr) >= 0) {
+                        struct termios raw_stdout_attr;
+
+                        f->saved_stdout = true;
+
+                        raw_stdout_attr = f->saved_stdout_attr;
+                        cfmakeraw(&raw_stdout_attr);
+                        raw_stdout_attr.c_iflag = f->saved_stdout_attr.c_iflag;
+                        raw_stdout_attr.c_lflag = f->saved_stdout_attr.c_lflag;
+                        tcsetattr(STDOUT_FILENO, TCSANOW, &raw_stdout_attr);
+                }
+
+                r = sd_event_add_io(f->event, &f->stdin_event_source, STDIN_FILENO, EPOLLIN|EPOLLET, on_stdin_event, f);
+                if (r < 0 && r != -EPERM)
+                        return r;
+        }
+
+        r = sd_event_add_io(f->event, &f->stdout_event_source, STDOUT_FILENO, EPOLLOUT|EPOLLET, on_stdout_event, f);
+        if (r == -EPERM)
+                /* stdout without epoll support. Likely redirected to regular file. */
+                f->stdout_writable = true;
+        else if (r < 0)
+                return r;
+
+        r = sd_event_add_io(f->event, &f->master_event_source, master, EPOLLIN|EPOLLOUT|EPOLLET, on_master_event, f);
+        if (r < 0)
+                return r;
+
+        r = sd_event_add_signal(f->event, &f->sigwinch_event_source, SIGWINCH, on_sigwinch_event, f);
+        if (r < 0)
+                return r;
+
+        *ret = f;
+        f = NULL;
+
+        return 0;
+}
+
+PTYForward *pty_forward_free(PTYForward *f) {
+
+        if (f) {
+                sd_event_source_unref(f->stdin_event_source);
+                sd_event_source_unref(f->stdout_event_source);
+                sd_event_source_unref(f->master_event_source);
+                sd_event_source_unref(f->sigwinch_event_source);
+                sd_event_unref(f->event);
+
+                if (f->saved_stdout)
+                        tcsetattr(STDOUT_FILENO, TCSANOW, &f->saved_stdout_attr);
+                if (f->saved_stdin)
+                        tcsetattr(STDIN_FILENO, TCSANOW, &f->saved_stdin_attr);
+
+                free(f);
+        }
+
+        /* STDIN/STDOUT should not be nonblocking normally, so let's
+         * unconditionally reset it */
+        fd_nonblock(STDIN_FILENO, false);
+        fd_nonblock(STDOUT_FILENO, false);
+
+        return NULL;
+}
+
+int pty_forward_get_last_char(PTYForward *f, char *ch) {
+        assert(f);
+        assert(ch);
+
+        if (!f->last_char_set)
+                return -ENXIO;
+
+        *ch = f->last_char;
+        return 0;
+}
+
+int pty_forward_set_ignore_vhangup(PTYForward *f, bool b) {
+        int r;
+
+        assert(f);
+
+        if (!!(f->flags & PTY_FORWARD_IGNORE_VHANGUP) == b)
+                return 0;
+
+        SET_FLAG(f->flags, PTY_FORWARD_IGNORE_VHANGUP, b);
+
+        if (!ignore_vhangup(f)) {
+
+                /* We shall now react to vhangup()s? Let's check
+                 * immediately if we might be in one */
+
+                f->master_readable = true;
+                r = shovel(f);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+int pty_forward_get_ignore_vhangup(PTYForward *f) {
+        assert(f);
+
+        return !!(f->flags & PTY_FORWARD_IGNORE_VHANGUP);
+}
diff --git a/src/libshared/ptyfwd.h b/src/libshared/ptyfwd.h
new file mode 100644
index 0000000000..83c1f60970
--- /dev/null
+++ b/src/libshared/ptyfwd.h
@@ -0,0 +1,48 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010-2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-event.h>
+
+#include "macro.h"
+
+typedef struct PTYForward PTYForward;
+
+typedef enum PTYForwardFlags {
+        PTY_FORWARD_READ_ONLY = 1,
+
+        /* Continue reading after hangup? */
+        PTY_FORWARD_IGNORE_VHANGUP = 2,
+
+        /* Continue reading after hangup but only if we never read anything else? */
+        PTY_FORWARD_IGNORE_INITIAL_VHANGUP = 4,
+} PTYForwardFlags;
+
+int pty_forward_new(sd_event *event, int master, PTYForwardFlags flags, PTYForward **f);
+PTYForward *pty_forward_free(PTYForward *f);
+
+int pty_forward_get_last_char(PTYForward *f, char *ch);
+
+int pty_forward_set_ignore_vhangup(PTYForward *f, bool ignore_vhangup);
+int pty_forward_get_ignore_vhangup(PTYForward *f);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(PTYForward*, pty_forward_free);
diff --git a/src/shared/resolve-util.c b/src/libshared/resolve-util.c
index e2da81bab7..e2da81bab7 100644
--- a/src/shared/resolve-util.c
+++ b/src/libshared/resolve-util.c
diff --git a/src/shared/resolve-util.h b/src/libshared/resolve-util.h
index 8636a6c134..8636a6c134 100644
--- a/src/shared/resolve-util.h
+++ b/src/libshared/resolve-util.h
diff --git a/src/shared/seccomp-util.c b/src/libshared/seccomp-util.c
index cebe0fce2a..cebe0fce2a 100644
--- a/src/shared/seccomp-util.c
+++ b/src/libshared/seccomp-util.c
diff --git a/src/shared/seccomp-util.h b/src/libshared/seccomp-util.h
index 4ed2afc1b2..4ed2afc1b2 100644
--- a/src/shared/seccomp-util.h
+++ b/src/libshared/seccomp-util.h
diff --git a/src/shared/sleep-config.c b/src/libshared/sleep-config.c
index f00624d0f2..f00624d0f2 100644
--- a/src/shared/sleep-config.c
+++ b/src/libshared/sleep-config.c
diff --git a/src/shared/sleep-config.h b/src/libshared/sleep-config.h
index ad10039ff4..ad10039ff4 100644
--- a/src/shared/sleep-config.h
+++ b/src/libshared/sleep-config.h
diff --git a/src/shared/spawn-ask-password-agent.c b/src/libshared/spawn-ask-password-agent.c
index a46b7525f0..a46b7525f0 100644
--- a/src/shared/spawn-ask-password-agent.c
+++ b/src/libshared/spawn-ask-password-agent.c
diff --git a/src/shared/spawn-ask-password-agent.h b/src/libshared/spawn-ask-password-agent.h
index fb0749b13f..fb0749b13f 100644
--- a/src/shared/spawn-ask-password-agent.h
+++ b/src/libshared/spawn-ask-password-agent.h
diff --git a/src/shared/spawn-polkit-agent.c b/src/libshared/spawn-polkit-agent.c
index 7dae4d14fe..7dae4d14fe 100644
--- a/src/shared/spawn-polkit-agent.c
+++ b/src/libshared/spawn-polkit-agent.c
diff --git a/src/shared/spawn-polkit-agent.h b/src/libshared/spawn-polkit-agent.h
index 42b2989ded..42b2989ded 100644
--- a/src/shared/spawn-polkit-agent.h
+++ b/src/libshared/spawn-polkit-agent.h
diff --git a/src/libshared/specifier.c b/src/libshared/specifier.c
new file mode 100644
index 0000000000..303ddf0401
--- /dev/null
+++ b/src/libshared/specifier.c
@@ -0,0 +1,188 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/utsname.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "hostname-util.h"
+#include "macro.h"
+#include "specifier.h"
+#include "string-util.h"
+
+/*
+ * Generic infrastructure for replacing %x style specifiers in
+ * strings. Will call a callback for each replacement.
+ *
+ */
+
+int specifier_printf(const char *text, const Specifier table[], void *userdata, char **_ret) {
+        char *ret, *t;
+        const char *f;
+        bool percent = false;
+        size_t l;
+        int r;
+
+        assert(text);
+        assert(table);
+
+        l = strlen(text);
+        ret = new(char, l+1);
+        if (!ret)
+                return -ENOMEM;
+
+        t = ret;
+
+        for (f = text; *f; f++, l--) {
+
+                if (percent) {
+                        if (*f == '%')
+                                *(t++) = '%';
+                        else {
+                                const Specifier *i;
+
+                                for (i = table; i->specifier; i++)
+                                        if (i->specifier == *f)
+                                                break;
+
+                                if (i->lookup) {
+                                        _cleanup_free_ char *w = NULL;
+                                        char *n;
+                                        size_t k, j;
+
+                                        r = i->lookup(i->specifier, i->data, userdata, &w);
+                                        if (r < 0) {
+                                                free(ret);
+                                                return r;
+                                        }
+
+                                        j = t - ret;
+                                        k = strlen(w);
+
+                                        n = new(char, j + k + l + 1);
+                                        if (!n) {
+                                                free(ret);
+                                                return -ENOMEM;
+                                        }
+
+                                        memcpy(n, ret, j);
+                                        memcpy(n + j, w, k);
+
+                                        free(ret);
+
+                                        ret = n;
+                                        t = n + j + k;
+                                } else {
+                                        *(t++) = '%';
+                                        *(t++) = *f;
+                                }
+                        }
+
+                        percent = false;
+                } else if (*f == '%')
+                        percent = true;
+                else
+                        *(t++) = *f;
+        }
+
+        *t = 0;
+        *_ret = ret;
+        return 0;
+}
+
+/* Generic handler for simple string replacements */
+
+int specifier_string(char specifier, void *data, void *userdata, char **ret) {
+        char *n;
+
+        n = strdup(strempty(data));
+        if (!n)
+                return -ENOMEM;
+
+        *ret = n;
+        return 0;
+}
+
+int specifier_machine_id(char specifier, void *data, void *userdata, char **ret) {
+        sd_id128_t id;
+        char *n;
+        int r;
+
+        r = sd_id128_get_machine(&id);
+        if (r < 0)
+                return r;
+
+        n = new(char, 33);
+        if (!n)
+                return -ENOMEM;
+
+        *ret = sd_id128_to_string(id, n);
+        return 0;
+}
+
+int specifier_boot_id(char specifier, void *data, void *userdata, char **ret) {
+        sd_id128_t id;
+        char *n;
+        int r;
+
+        r = sd_id128_get_boot(&id);
+        if (r < 0)
+                return r;
+
+        n = new(char, 33);
+        if (!n)
+                return -ENOMEM;
+
+        *ret = sd_id128_to_string(id, n);
+        return 0;
+}
+
+int specifier_host_name(char specifier, void *data, void *userdata, char **ret) {
+        char *n;
+
+        n = gethostname_malloc();
+        if (!n)
+                return -ENOMEM;
+
+        *ret = n;
+        return 0;
+}
+
+int specifier_kernel_release(char specifier, void *data, void *userdata, char **ret) {
+        struct utsname uts;
+        char *n;
+        int r;
+
+        r = uname(&uts);
+        if (r < 0)
+                return -errno;
+
+        n = strdup(uts.release);
+        if (!n)
+                return -ENOMEM;
+
+        *ret = n;
+        return 0;
+}
diff --git a/src/shared/specifier.h b/src/libshared/specifier.h
index 6b1623ee61..6b1623ee61 100644
--- a/src/shared/specifier.h
+++ b/src/libshared/specifier.h
diff --git a/src/shared/switch-root.c b/src/libshared/switch-root.c
index 47d3a5a1fa..47d3a5a1fa 100644
--- a/src/shared/switch-root.c
+++ b/src/libshared/switch-root.c
diff --git a/src/shared/switch-root.h b/src/libshared/switch-root.h
index a7a080b3e8..a7a080b3e8 100644
--- a/src/shared/switch-root.h
+++ b/src/libshared/switch-root.h
diff --git a/src/shared/sysctl-util.c b/src/libshared/sysctl-util.c
index e1ccb3294c..e1ccb3294c 100644
--- a/src/shared/sysctl-util.c
+++ b/src/libshared/sysctl-util.c
diff --git a/src/shared/sysctl-util.h b/src/libshared/sysctl-util.h
index 2decb39f58..2decb39f58 100644
--- a/src/shared/sysctl-util.h
+++ b/src/libshared/sysctl-util.h
diff --git a/src/libsystemd/sd-netlink/test-local-addresses.c b/src/libshared/test-local-addresses.c
index e0e28cc0cc..e0e28cc0cc 100644
--- a/src/libsystemd/sd-netlink/test-local-addresses.c
+++ b/src/libshared/test-local-addresses.c
diff --git a/src/shared/test-tables.h b/src/libshared/test-tables.h
index 228e510104..228e510104 100644
--- a/src/shared/test-tables.h
+++ b/src/libshared/test-tables.h
diff --git a/src/shared/tests.c b/src/libshared/tests.c
index 409116290d..409116290d 100644
--- a/src/shared/tests.c
+++ b/src/libshared/tests.c
diff --git a/src/shared/tests.h b/src/libshared/tests.h
index 93f09013a1..93f09013a1 100644
--- a/src/shared/tests.h
+++ b/src/libshared/tests.h
diff --git a/src/shared/udev-util.h b/src/libshared/udev-util.h
index ca0889f8a6..ca0889f8a6 100644
--- a/src/shared/udev-util.h
+++ b/src/libshared/udev-util.h
diff --git a/src/shared/uid-range.c b/src/libshared/uid-range.c
index b6ec474390..b6ec474390 100644
--- a/src/shared/uid-range.c
+++ b/src/libshared/uid-range.c
diff --git a/src/shared/uid-range.h b/src/libshared/uid-range.h
index 4044eb4c9c..4044eb4c9c 100644
--- a/src/shared/uid-range.h
+++ b/src/libshared/uid-range.h
diff --git a/src/shared/utmp-wtmp.c b/src/libshared/utmp-wtmp.c
index 9750dcd817..9750dcd817 100644
--- a/src/shared/utmp-wtmp.c
+++ b/src/libshared/utmp-wtmp.c
diff --git a/src/shared/utmp-wtmp.h b/src/libshared/utmp-wtmp.h
index 438e270a26..438e270a26 100644
--- a/src/shared/utmp-wtmp.h
+++ b/src/libshared/utmp-wtmp.h
diff --git a/src/shared/watchdog.c b/src/libshared/watchdog.c
index 4f3e0125f3..4f3e0125f3 100644
--- a/src/shared/watchdog.c
+++ b/src/libshared/watchdog.c
diff --git a/src/shared/watchdog.h b/src/libshared/watchdog.h
index f6ec178ea1..f6ec178ea1 100644
--- a/src/shared/watchdog.h
+++ b/src/libshared/watchdog.h
diff --git a/src/libsystemd-network/Makefile b/src/libsystemd-network/Makefile
index d0b0e8e008..6b16906c17 120000..100644
--- a/src/libsystemd-network/Makefile
+++ b/src/libsystemd-network/Makefile
@@ -1 +1,173 @@
-../Makefile
-\ No newline at end of file
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+noinst_LTLIBRARIES += \
+	libsystemd-network.la
+
+libsystemd_network_la_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(KMOD_CFLAGS)
+
+libsystemd_network_la_SOURCES = \
+	src/systemd/sd-dhcp-client.h \
+	src/systemd/sd-dhcp-server.h \
+	src/systemd/sd-dhcp-lease.h \
+	src/systemd/sd-ipv4ll.h \
+	src/systemd/sd-ipv4acd.h \
+	src/systemd/sd-ndisc.h \
+	src/systemd/sd-dhcp6-client.h \
+	src/systemd/sd-dhcp6-lease.h \
+	src/systemd/sd-lldp.h \
+	src/libsystemd-network/sd-dhcp-client.c \
+	src/libsystemd-network/sd-dhcp-server.c \
+	src/libsystemd-network/dhcp-network.c \
+	src/libsystemd-network/dhcp-option.c \
+	src/libsystemd-network/dhcp-packet.c \
+	src/libsystemd-network/dhcp-internal.h \
+	src/libsystemd-network/dhcp-server-internal.h \
+	src/libsystemd-network/dhcp-protocol.h \
+	src/libsystemd-network/dhcp-lease-internal.h \
+	src/libsystemd-network/sd-dhcp-lease.c \
+	src/libsystemd-network/sd-ipv4ll.c \
+	src/libsystemd-network/sd-ipv4acd.c \
+	src/libsystemd-network/arp-util.h \
+	src/libsystemd-network/arp-util.c \
+	src/libsystemd-network/network-internal.c \
+	src/libsystemd-network/network-internal.h \
+	src/libsystemd-network/sd-ndisc.c \
+	src/libsystemd-network/icmp6-util.h \
+	src/libsystemd-network/icmp6-util.c \
+	src/libsystemd-network/sd-dhcp6-client.c \
+	src/libsystemd-network/dhcp6-internal.h \
+	src/libsystemd-network/dhcp6-protocol.h \
+	src/libsystemd-network/dhcp6-network.c \
+	src/libsystemd-network/dhcp6-option.c \
+	src/libsystemd-network/dhcp6-lease-internal.h \
+	src/libsystemd-network/sd-dhcp6-lease.c \
+	src/libsystemd-network/dhcp-identifier.h \
+	src/libsystemd-network/dhcp-identifier.c \
+	src/libsystemd-network/lldp-internal.h \
+	src/libsystemd-network/lldp-network.h \
+	src/libsystemd-network/lldp-network.c \
+	src/libsystemd-network/lldp-neighbor.h \
+	src/libsystemd-network/lldp-neighbor.c \
+	src/libsystemd-network/sd-lldp.c
+
+libsystemd_network_la_LIBADD = \
+	$(KMOD_LIBS)
+
+test_dhcp_option_SOURCES = \
+	src/libsystemd-network/dhcp-protocol.h \
+	src/libsystemd-network/dhcp-internal.h \
+	src/libsystemd-network/test-dhcp-option.c
+
+test_dhcp_option_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+test_dhcp_client_SOURCES = \
+	src/systemd/sd-dhcp-client.h \
+	src/libsystemd-network/dhcp-protocol.h \
+	src/libsystemd-network/dhcp-internal.h \
+	src/libsystemd-network/test-dhcp-client.c
+
+test_dhcp_client_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+test_dhcp_server_SOURCES = \
+	src/libsystemd-network/test-dhcp-server.c
+
+test_dhcp_server_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+test_ipv4ll_SOURCES = \
+	src/systemd/sd-ipv4ll.h \
+	src/libsystemd-network/arp-util.h \
+	src/libsystemd-network/test-ipv4ll.c
+
+test_ipv4ll_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+test_ipv4ll_manual_SOURCES = \
+	src/systemd/sd-ipv4ll.h \
+	src/libsystemd-network/test-ipv4ll-manual.c
+
+test_ipv4ll_manual_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+test_acd_SOURCES = \
+	src/systemd/sd-ipv4acd.h \
+	src/libsystemd-network/test-acd.c
+
+test_acd_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+test_ndisc_rs_SOURCES = \
+	src/systemd/sd-dhcp6-client.h \
+	src/systemd/sd-ndisc.h \
+	src/libsystemd-network/icmp6-util.h \
+	src/libsystemd-network/test-ndisc-rs.c \
+	src/libsystemd-network/dhcp-identifier.h \
+	src/libsystemd-network/dhcp-identifier.c
+
+test_ndisc_rs_LDADD = \
+	libsystemd-network.la \
+	libudev.la \
+	libshared.la
+
+test_dhcp6_client_SOURCES = \
+	src/systemd/sd-dhcp6-client.h \
+	src/libsystemd-network/dhcp6-internal.h \
+	src/libsystemd-network/test-dhcp6-client.c \
+	src/libsystemd-network/dhcp-identifier.h \
+	src/libsystemd-network/dhcp-identifier.c
+
+test_dhcp6_client_LDADD = \
+	libsystemd-network.la \
+	libudev.la \
+	libshared.la
+
+test_lldp_SOURCES = \
+	src/libsystemd-network/test-lldp.c
+
+test_lldp_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+tests += \
+	test-dhcp-option \
+	test-dhcp-client \
+	test-dhcp-server \
+	test-ipv4ll \
+	test-ndisc-rs \
+	test-dhcp6-client \
+	test-lldp
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/libsystemd-network/dhcp-identifier.c b/src/libsystemd-network/dhcp-identifier.c
index a21efc4d06..906d960171 100644
--- a/src/libsystemd-network/dhcp-identifier.c
+++ b/src/libsystemd-network/dhcp-identifier.c
@@ -18,7 +18,7 @@
 ***/
 
 #include "libudev.h"
-#include "sd-id128.h"
+#include <systemd/sd-id128.h>
 
 #include "dhcp-identifier.h"
 #include "dhcp6-protocol.h"
diff --git a/src/libsystemd-network/dhcp-identifier.h b/src/libsystemd-network/dhcp-identifier.h
index 1cc0f9fb71..802a0d6bc2 100644
--- a/src/libsystemd-network/dhcp-identifier.h
+++ b/src/libsystemd-network/dhcp-identifier.h
@@ -19,7 +19,7 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "sd-id128.h"
+#include <systemd/sd-id128.h>
 
 #include "macro.h"
 #include "sparse-endian.h"
diff --git a/src/libsystemd-network/dhcp-internal.h b/src/libsystemd-network/dhcp-internal.h
index 4662b0d847..dda4c13919 100644
--- a/src/libsystemd-network/dhcp-internal.h
+++ b/src/libsystemd-network/dhcp-internal.h
@@ -25,7 +25,7 @@
 #include <net/if_arp.h>
 #include <stdint.h>
 
-#include "sd-dhcp-client.h"
+#include <systemd/sd-dhcp-client.h>
 
 #include "dhcp-protocol.h"
 #include "socket-util.h"
diff --git a/src/libsystemd-network/dhcp-lease-internal.h b/src/libsystemd-network/dhcp-lease-internal.h
index 82cae2300a..646e612cee 100644
--- a/src/libsystemd-network/dhcp-lease-internal.h
+++ b/src/libsystemd-network/dhcp-lease-internal.h
@@ -23,7 +23,7 @@
 #include <stdint.h>
 #include <linux/if_packet.h>
 
-#include "sd-dhcp-client.h"
+#include <systemd/sd-dhcp-client.h>
 
 #include "dhcp-protocol.h"
 #include "list.h"
diff --git a/src/libsystemd-network/dhcp-server-internal.h b/src/libsystemd-network/dhcp-server-internal.h
index 0c76956fad..7ba1e72155 100644
--- a/src/libsystemd-network/dhcp-server-internal.h
+++ b/src/libsystemd-network/dhcp-server-internal.h
@@ -20,8 +20,8 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "sd-dhcp-server.h"
-#include "sd-event.h"
+#include <systemd/sd-dhcp-server.h>
+#include <systemd/sd-event.h>
 
 #include "dhcp-internal.h"
 #include "hashmap.h"
diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h
index 945c3b9721..4228053ade 100644
--- a/src/libsystemd-network/dhcp6-internal.h
+++ b/src/libsystemd-network/dhcp6-internal.h
@@ -22,7 +22,7 @@
 #include <net/ethernet.h>
 #include <netinet/in.h>
 
-#include "sd-event.h"
+#include <systemd/sd-event.h>
 
 #include "list.h"
 #include "macro.h"
diff --git a/src/libsystemd-network/dhcp6-lease-internal.h b/src/libsystemd-network/dhcp6-lease-internal.h
index 14e708ef63..8e9a6f8e8c 100644
--- a/src/libsystemd-network/dhcp6-lease-internal.h
+++ b/src/libsystemd-network/dhcp6-lease-internal.h
@@ -22,7 +22,7 @@
 
 #include <stdint.h>
 
-#include "sd-dhcp6-lease.h"
+#include <systemd/sd-dhcp6-lease.h>
 
 #include "dhcp6-internal.h"
 
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
index 5462e03476..0ae381ad22 100644
--- a/src/libsystemd-network/dhcp6-option.c
+++ b/src/libsystemd-network/dhcp6-option.c
@@ -21,7 +21,7 @@
 #include <netinet/in.h>
 #include <string.h>
 
-#include "sd-dhcp6-client.h"
+#include <systemd/sd-dhcp6-client.h>
 
 #include "alloc-util.h"
 #include "dhcp6-internal.h"
diff --git a/src/libsystemd-network/lldp-internal.h b/src/libsystemd-network/lldp-internal.h
index 7592bc4305..a6be995e3b 100644
--- a/src/libsystemd-network/lldp-internal.h
+++ b/src/libsystemd-network/lldp-internal.h
@@ -20,8 +20,8 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "sd-event.h"
-#include "sd-lldp.h"
+#include <systemd/sd-event.h>
+#include <systemd/sd-lldp.h>
 
 #include "hashmap.h"
 #include "log.h"
diff --git a/src/libsystemd-network/lldp-neighbor.h b/src/libsystemd-network/lldp-neighbor.h
index f203bfa604..050159ab73 100644
--- a/src/libsystemd-network/lldp-neighbor.h
+++ b/src/libsystemd-network/lldp-neighbor.h
@@ -23,7 +23,7 @@
 #include <stdbool.h>
 #include <sys/types.h>
 
-#include "sd-lldp.h"
+#include <systemd/sd-lldp.h>
 
 #include "hash-funcs.h"
 #include "lldp-internal.h"
diff --git a/src/libsystemd-network/lldp-network.h b/src/libsystemd-network/lldp-network.h
index c4cf8c79f1..43ed54b3b2 100644
--- a/src/libsystemd-network/lldp-network.h
+++ b/src/libsystemd-network/lldp-network.h
@@ -20,6 +20,6 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "sd-event.h"
+#include <systemd/sd-event.h>
 
 int lldp_network_bind_raw_socket(int ifindex);
diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c
index 046b0f9393..d57baf8fff 100644
--- a/src/libsystemd-network/network-internal.c
+++ b/src/libsystemd-network/network-internal.c
@@ -21,7 +21,7 @@
 #include <linux/if.h>
 #include <netinet/ether.h>
 
-#include "sd-ndisc.h"
+#include <systemd/sd-ndisc.h>
 
 #include "alloc-util.h"
 #include "condition.h"
diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h
index 5bcd577167..1cafb0747f 100644
--- a/src/libsystemd-network/network-internal.h
+++ b/src/libsystemd-network/network-internal.h
@@ -21,7 +21,7 @@
 
 #include <stdbool.h>
 
-#include "sd-dhcp-lease.h"
+#include <systemd/sd-dhcp-lease.h>
 
 #include "condition.h"
 #include "udev.h"
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index ad79c6cc2c..193f31880f 100644
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -26,7 +26,7 @@
 #include <sys/ioctl.h>
 #include <linux/if_infiniband.h>
 
-#include "sd-dhcp-client.h"
+#include <systemd/sd-dhcp-client.h>
 
 #include "alloc-util.h"
 #include "async.h"
diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c
index ef50ed17a1..d4c680d485 100644
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -24,7 +24,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "sd-dhcp-lease.h"
+#include <systemd/sd-dhcp-lease.h>
 
 #include "alloc-util.h"
 #include "dhcp-lease-internal.h"
diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index fb335337c4..5e8b4e4823 100644
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -20,7 +20,7 @@
 
 #include <sys/ioctl.h>
 
-#include "sd-dhcp-server.h"
+#include <systemd/sd-dhcp-server.h>
 
 #include "alloc-util.h"
 #include "dhcp-internal.h"
diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
index 05972e01c9..2760b039ba 100644
--- a/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/libsystemd-network/sd-dhcp6-client.c
@@ -22,7 +22,7 @@
 #include <sys/ioctl.h>
 #include <linux/if_infiniband.h>
 
-#include "sd-dhcp6-client.h"
+#include <systemd/sd-dhcp6-client.h>
 
 #include "alloc-util.h"
 #include "dhcp-identifier.h"
diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c
index cc7436db6b..f1ed7ca747 100644
--- a/src/libsystemd-network/sd-ipv4acd.c
+++ b/src/libsystemd-network/sd-ipv4acd.c
@@ -24,7 +24,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "sd-ipv4acd.h"
+#include <systemd/sd-ipv4acd.h>
 
 #include "alloc-util.h"
 #include "arp-util.h"
diff --git a/src/libsystemd-network/sd-ipv4ll.c b/src/libsystemd-network/sd-ipv4ll.c
index 2a06418c53..fc27408989 100644
--- a/src/libsystemd-network/sd-ipv4ll.c
+++ b/src/libsystemd-network/sd-ipv4ll.c
@@ -24,8 +24,8 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "sd-ipv4acd.h"
-#include "sd-ipv4ll.h"
+#include <systemd/sd-ipv4acd.h>
+#include <systemd/sd-ipv4ll.h>
 
 #include "alloc-util.h"
 #include "in-addr-util.h"
diff --git a/src/libsystemd-network/sd-lldp.c b/src/libsystemd-network/sd-lldp.c
index 9d4587c80e..5a7380cd3f 100644
--- a/src/libsystemd-network/sd-lldp.c
+++ b/src/libsystemd-network/sd-lldp.c
@@ -20,7 +20,7 @@
 
 #include <arpa/inet.h>
 
-#include "sd-lldp.h"
+#include <systemd/sd-lldp.h>
 
 #include "alloc-util.h"
 #include "fd-util.h"
diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c
index fb4ef55673..1c0d300cb3 100644
--- a/src/libsystemd-network/sd-ndisc.c
+++ b/src/libsystemd-network/sd-ndisc.c
@@ -24,7 +24,7 @@
 #include <string.h>
 #include <sys/ioctl.h>
 
-#include "sd-ndisc.h"
+#include <systemd/sd-ndisc.h>
 
 #include "alloc-util.h"
 #include "async.h"
diff --git a/src/libsystemd-network/test-acd.c b/src/libsystemd-network/test-acd.c
index 75564615b9..53ddfc3b62 100644
--- a/src/libsystemd-network/test-acd.c
+++ b/src/libsystemd-network/test-acd.c
@@ -24,9 +24,9 @@
 #include <linux/veth.h>
 #include <net/if.h>
 
-#include "sd-event.h"
-#include "sd-ipv4acd.h"
-#include "sd-netlink.h"
+#include <systemd/sd-event.h>
+#include <systemd/sd-ipv4acd.h>
+#include <systemd/sd-netlink.h>
 
 #include "in-addr-util.h"
 #include "netlink-util.h"
diff --git a/src/libsystemd-network/test-dhcp-client.c b/src/libsystemd-network/test-dhcp-client.c
index c3c08fef5e..478b370c4c 100644
--- a/src/libsystemd-network/test-dhcp-client.c
+++ b/src/libsystemd-network/test-dhcp-client.c
@@ -22,8 +22,8 @@
 #include <sys/socket.h>
 #include <unistd.h>
 
-#include "sd-dhcp-client.h"
-#include "sd-event.h"
+#include <systemd/sd-dhcp-client.h>
+#include <systemd/sd-event.h>
 
 #include "alloc-util.h"
 #include "dhcp-identifier.h"
diff --git a/src/libsystemd-network/test-dhcp-server.c b/src/libsystemd-network/test-dhcp-server.c
index e81c508c7f..7dc315c07f 100644
--- a/src/libsystemd-network/test-dhcp-server.c
+++ b/src/libsystemd-network/test-dhcp-server.c
@@ -20,8 +20,8 @@
 
 #include <errno.h>
 
-#include "sd-dhcp-server.h"
-#include "sd-event.h"
+#include <systemd/sd-dhcp-server.h>
+#include <systemd/sd-event.h>
 
 #include "dhcp-server-internal.h"
 
diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
index e74c8c72db..0548e8381e 100644
--- a/src/libsystemd-network/test-dhcp6-client.c
+++ b/src/libsystemd-network/test-dhcp6-client.c
@@ -24,8 +24,8 @@
 #include <sys/types.h>
 #include <unistd.h>
 
-#include "sd-dhcp6-client.h"
-#include "sd-event.h"
+#include <systemd/sd-dhcp6-client.h>
+#include <systemd/sd-event.h>
 
 #include "dhcp6-internal.h"
 #include "dhcp6-lease-internal.h"
diff --git a/src/libsystemd-network/test-ipv4ll-manual.c b/src/libsystemd-network/test-ipv4ll-manual.c
index 85dd61470d..caa315b210 100644
--- a/src/libsystemd-network/test-ipv4ll-manual.c
+++ b/src/libsystemd-network/test-ipv4ll-manual.c
@@ -23,9 +23,9 @@
 #include <unistd.h>
 #include <linux/veth.h>
 
-#include "sd-event.h"
-#include "sd-ipv4ll.h"
-#include "sd-netlink.h"
+#include <systemd/sd-event.h>
+#include <systemd/sd-ipv4ll.h>
+#include <systemd/sd-netlink.h>
 
 #include "alloc-util.h"
 #include "in-addr-util.h"
diff --git a/src/libsystemd-network/test-ipv4ll.c b/src/libsystemd-network/test-ipv4ll.c
index a233e0378c..b7278834f2 100644
--- a/src/libsystemd-network/test-ipv4ll.c
+++ b/src/libsystemd-network/test-ipv4ll.c
@@ -25,7 +25,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 
-#include "sd-ipv4ll.h"
+#include <systemd/sd-ipv4ll.h>
 
 #include "arp-util.h"
 #include "fd-util.h"
diff --git a/src/libsystemd-network/test-lldp.c b/src/libsystemd-network/test-lldp.c
index 1aae2253c0..8c6d214d6f 100644
--- a/src/libsystemd-network/test-lldp.c
+++ b/src/libsystemd-network/test-lldp.c
@@ -24,8 +24,8 @@
 #include <string.h>
 #include <unistd.h>
 
-#include "sd-event.h"
-#include "sd-lldp.h"
+#include <systemd/sd-event.h>
+#include <systemd/sd-lldp.h>
 
 #include "alloc-util.h"
 #include "fd-util.h"
diff --git a/src/libsystemd-network/test-ndisc-rs.c b/src/libsystemd-network/test-ndisc-rs.c
index f7b2eb8050..863a76637c 100644
--- a/src/libsystemd-network/test-ndisc-rs.c
+++ b/src/libsystemd-network/test-ndisc-rs.c
@@ -19,7 +19,7 @@
 
 #include <netinet/icmp6.h>
 
-#include "sd-ndisc.h"
+#include <systemd/sd-ndisc.h>
 
 #include "icmp6-util.h"
 #include "socket-util.h"
diff --git a/src/libsystemd/Makefile b/src/libsystemd/Makefile
index d0b0e8e008..2c6505918b 120000..100644
--- a/src/libsystemd/Makefile
+++ b/src/libsystemd/Makefile
@@ -1 +1,110 @@
-../Makefile
-\ No newline at end of file
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+LIBSYSTEMD_CURRENT=15
+LIBSYSTEMD_REVISION=0
+LIBSYSTEMD_AGE=15
+
+EXTRA_DIST += \
+	src/libsystemd/libsystemd.pc.in \
+	src/libsystemd/sd-bus/DIFFERENCES \
+	src/libsystemd/sd-bus/GVARIANT-SERIALIZATION
+
+libsystemd_la_SOURCES = \
+	$(libsystemd_internal_la_SOURCES) \
+	$(libsystemd_journal_internal_la_SOURCES)
+
+nodist_libsystemd_la_SOURCES = \
+	$(nodist_libsystemd_internal_la_SOURCES)
+
+libsystemd_la_CFLAGS = \
+	$(libsystemd_internal_la_CFLAGS) \
+	$(libsystemd_journal_internal_la_CFLAGS)
+
+libsystemd_la_LDFLAGS = \
+	$(AM_LDFLAGS) \
+	-version-info $(LIBSYSTEMD_CURRENT):$(LIBSYSTEMD_REVISION):$(LIBSYSTEMD_AGE) \
+	-Wl,--version-script=$(srcdir)/libsystemd.sym
+
+libsystemd_la_LIBADD = \
+	$(libsystemd_internal_la_LIBADD) \
+	$(libsystemd_journal_internal_la_LIBADD)
+
+pkgconfiglib_DATA += \
+	src/libsystemd/libsystemd.pc
+
+pkginclude_HEADERS += \
+	src/systemd/sd-bus.h \
+	src/systemd/sd-bus-protocol.h \
+	src/systemd/sd-bus-vtable.h \
+	src/systemd/sd-event.h \
+	src/systemd/sd-login.h \
+	src/systemd/sd-id128.h \
+	src/systemd/sd-daemon.h
+
+lib_LTLIBRARIES += \
+	libsystemd.la
+
+# ------------------------------------------------------------------------------
+
+tests += \
+	test-bus-marshal \
+	test-bus-signature \
+	test-bus-benchmark \
+	test-bus-chat \
+	test-bus-cleanup \
+	test-bus-server \
+	test-bus-match \
+	test-bus-kernel \
+	test-bus-kernel-bloom \
+	test-bus-zero-copy \
+	test-bus-introspect \
+	test-bus-objects \
+	test-bus-error \
+	test-bus-creds \
+	test-bus-gvariant \
+	test-event \
+	test-netlink \
+	test-local-addresses \
+	test-resolve
+
+test-libsystemd-sym.c: \
+		$(top_builddir)/src/libsystemd/libsystemd.sym \
+		src/systemd/sd-journal.h \
+		src/systemd/sd-daemon.h \
+		src/systemd/sd-login.h \
+		src/systemd/sd-bus.h \
+		src/systemd/sd-utf8.h \
+		src/systemd/sd-resolve.h \
+		src/systemd/sd-path.h \
+		src/systemd/sd-event.h
+	$(generate-sym-test)
+
+nodist_test_libsystemd_sym_SOURCES = \
+	test-libsystemd-sym.c
+test_libsystemd_sym_LDADD = \
+	libsystemd.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd/_sd-common.h b/src/libsystemd/include/systemd/_sd-common.h
index 3bb886be75..3bb886be75 100644
--- a/src/systemd/_sd-common.h
+++ b/src/libsystemd/include/systemd/_sd-common.h
diff --git a/src/systemd/sd-bus-protocol.h b/src/libsystemd/include/systemd/sd-bus-protocol.h
index 623cee0c50..623cee0c50 100644
--- a/src/systemd/sd-bus-protocol.h
+++ b/src/libsystemd/include/systemd/sd-bus-protocol.h
diff --git a/src/libsystemd/include/systemd/sd-bus-vtable.h b/src/libsystemd/include/systemd/sd-bus-vtable.h
new file mode 100644
index 0000000000..2b684b5678
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-bus-vtable.h
@@ -0,0 +1,141 @@
+#ifndef foosdbusvtablehfoo
+#define foosdbusvtablehfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+typedef struct sd_bus_vtable sd_bus_vtable;
+
+#include <systemd/sd-bus.h>
+
+enum {
+        _SD_BUS_VTABLE_START             = '<',
+        _SD_BUS_VTABLE_END               = '>',
+        _SD_BUS_VTABLE_METHOD            = 'M',
+        _SD_BUS_VTABLE_SIGNAL            = 'S',
+        _SD_BUS_VTABLE_PROPERTY          = 'P',
+        _SD_BUS_VTABLE_WRITABLE_PROPERTY = 'W'
+};
+
+enum {
+        SD_BUS_VTABLE_DEPRECATED                   = 1ULL << 0,
+        SD_BUS_VTABLE_HIDDEN                       = 1ULL << 1,
+        SD_BUS_VTABLE_UNPRIVILEGED                 = 1ULL << 2,
+        SD_BUS_VTABLE_METHOD_NO_REPLY              = 1ULL << 3,
+        SD_BUS_VTABLE_PROPERTY_CONST               = 1ULL << 4,
+        SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE        = 1ULL << 5,
+        SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION  = 1ULL << 6,
+        SD_BUS_VTABLE_PROPERTY_EXPLICIT            = 1ULL << 7,
+        _SD_BUS_VTABLE_CAPABILITY_MASK             = 0xFFFFULL << 40
+};
+
+#define SD_BUS_VTABLE_CAPABILITY(x) ((uint64_t) (((x)+1) & 0xFFFF) << 40)
+
+struct sd_bus_vtable {
+        /* Please do not initialize this structure directly, use the
+         * macros below instead */
+
+        uint8_t type:8;
+        uint64_t flags:56;
+        union {
+                struct {
+                        size_t element_size;
+                } start;
+                struct {
+                        const char *member;
+                        const char *signature;
+                        const char *result;
+                        sd_bus_message_handler_t handler;
+                        size_t offset;
+                } method;
+                struct {
+                        const char *member;
+                        const char *signature;
+                } signal;
+                struct {
+                        const char *member;
+                        const char *signature;
+                        sd_bus_property_get_t get;
+                        sd_bus_property_set_t set;
+                        size_t offset;
+                } property;
+        } x;
+};
+
+#define SD_BUS_VTABLE_START(_flags)                                     \
+        {                                                               \
+                .type = _SD_BUS_VTABLE_START,                           \
+                .flags = _flags,                                        \
+                .x.start.element_size = sizeof(sd_bus_vtable),          \
+        }
+
+#define SD_BUS_METHOD_WITH_OFFSET(_member, _signature, _result, _handler, _offset, _flags)   \
+        {                                                               \
+                .type = _SD_BUS_VTABLE_METHOD,                          \
+                .flags = _flags,                                        \
+                .x.method.member = _member,                             \
+                .x.method.signature = _signature,                       \
+                .x.method.result = _result,                             \
+                .x.method.handler = _handler,                           \
+                .x.method.offset = _offset,                             \
+        }
+#define SD_BUS_METHOD(_member, _signature, _result, _handler, _flags)   \
+        SD_BUS_METHOD_WITH_OFFSET(_member, _signature, _result, _handler, 0, _flags)
+
+#define SD_BUS_SIGNAL(_member, _signature, _flags)                      \
+        {                                                               \
+                .type = _SD_BUS_VTABLE_SIGNAL,                          \
+                .flags = _flags,                                        \
+                .x.signal.member = _member,                             \
+                .x.signal.signature = _signature,                       \
+        }
+
+#define SD_BUS_PROPERTY(_member, _signature, _get, _offset, _flags)     \
+        {                                                               \
+                .type = _SD_BUS_VTABLE_PROPERTY,                        \
+                .flags = _flags,                                        \
+                .x.property.member = _member,                           \
+                .x.property.signature = _signature,                     \
+                .x.property.get = _get,                                 \
+                .x.property.offset = _offset,                           \
+        }
+
+#define SD_BUS_WRITABLE_PROPERTY(_member, _signature, _get, _set, _offset, _flags) \
+        {                                                               \
+                .type = _SD_BUS_VTABLE_WRITABLE_PROPERTY,               \
+                .flags = _flags,                                        \
+                .x.property.member = _member,                           \
+                .x.property.signature = _signature,                     \
+                .x.property.get = _get,                                 \
+                .x.property.set = _set,                                 \
+                .x.property.offset = _offset,                           \
+        }
+
+#define SD_BUS_VTABLE_END                                               \
+        {                                                               \
+                .type = _SD_BUS_VTABLE_END,                             \
+        }
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/libsystemd/include/systemd/sd-bus.h b/src/libsystemd/include/systemd/sd-bus.h
new file mode 100644
index 0000000000..3c1b4b97a4
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-bus.h
@@ -0,0 +1,456 @@
+#ifndef foosdbushfoo
+#define foosdbushfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <sys/uio.h>
+
+#include <systemd/sd-event.h>
+#include <systemd/sd-id128.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+/* Types */
+
+typedef struct sd_bus sd_bus;
+typedef struct sd_bus_message sd_bus_message;
+typedef struct sd_bus_slot sd_bus_slot;
+typedef struct sd_bus_creds sd_bus_creds;
+typedef struct sd_bus_track sd_bus_track;
+
+typedef struct {
+        const char *name;
+        const char *message;
+        int _need_free;
+} sd_bus_error;
+
+typedef struct {
+        const char* name;
+        int code;
+} sd_bus_error_map;
+
+/* Flags */
+
+enum {
+        SD_BUS_CREDS_PID                = 1ULL << 0,
+        SD_BUS_CREDS_TID                = 1ULL << 1,
+        SD_BUS_CREDS_PPID               = 1ULL << 2,
+        SD_BUS_CREDS_UID                = 1ULL << 3,
+        SD_BUS_CREDS_EUID               = 1ULL << 4,
+        SD_BUS_CREDS_SUID               = 1ULL << 5,
+        SD_BUS_CREDS_FSUID              = 1ULL << 6,
+        SD_BUS_CREDS_GID                = 1ULL << 7,
+        SD_BUS_CREDS_EGID               = 1ULL << 8,
+        SD_BUS_CREDS_SGID               = 1ULL << 9,
+        SD_BUS_CREDS_FSGID              = 1ULL << 10,
+        SD_BUS_CREDS_SUPPLEMENTARY_GIDS = 1ULL << 11,
+        SD_BUS_CREDS_COMM               = 1ULL << 12,
+        SD_BUS_CREDS_TID_COMM           = 1ULL << 13,
+        SD_BUS_CREDS_EXE                = 1ULL << 14,
+        SD_BUS_CREDS_CMDLINE            = 1ULL << 15,
+        SD_BUS_CREDS_CGROUP             = 1ULL << 16,
+        SD_BUS_CREDS_UNIT               = 1ULL << 17,
+        SD_BUS_CREDS_SLICE              = 1ULL << 18,
+        SD_BUS_CREDS_USER_UNIT          = 1ULL << 19,
+        SD_BUS_CREDS_USER_SLICE         = 1ULL << 20,
+        SD_BUS_CREDS_SESSION            = 1ULL << 21,
+        SD_BUS_CREDS_OWNER_UID          = 1ULL << 22,
+        SD_BUS_CREDS_EFFECTIVE_CAPS     = 1ULL << 23,
+        SD_BUS_CREDS_PERMITTED_CAPS     = 1ULL << 24,
+        SD_BUS_CREDS_INHERITABLE_CAPS   = 1ULL << 25,
+        SD_BUS_CREDS_BOUNDING_CAPS      = 1ULL << 26,
+        SD_BUS_CREDS_SELINUX_CONTEXT    = 1ULL << 27,
+        SD_BUS_CREDS_AUDIT_SESSION_ID   = 1ULL << 28,
+        SD_BUS_CREDS_AUDIT_LOGIN_UID    = 1ULL << 29,
+        SD_BUS_CREDS_TTY                = 1ULL << 30,
+        SD_BUS_CREDS_UNIQUE_NAME        = 1ULL << 31,
+        SD_BUS_CREDS_WELL_KNOWN_NAMES   = 1ULL << 32,
+        SD_BUS_CREDS_DESCRIPTION        = 1ULL << 33,
+        SD_BUS_CREDS_AUGMENT            = 1ULL << 63, /* special flag, if on sd-bus will augment creds struct, in a potentially race-full way. */
+        _SD_BUS_CREDS_ALL               = (1ULL << 34) -1
+};
+
+enum {
+        SD_BUS_NAME_REPLACE_EXISTING  = 1ULL << 0,
+        SD_BUS_NAME_ALLOW_REPLACEMENT = 1ULL << 1,
+        SD_BUS_NAME_QUEUE             = 1ULL << 2
+};
+
+/* Callbacks */
+
+typedef int (*sd_bus_message_handler_t)(sd_bus_message *m, void *userdata, sd_bus_error *ret_error);
+typedef int (*sd_bus_property_get_t) (sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
+typedef int (*sd_bus_property_set_t) (sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *value, void *userdata, sd_bus_error *ret_error);
+typedef int (*sd_bus_object_find_t) (sd_bus *bus, const char *path, const char *interface, void *userdata, void **ret_found, sd_bus_error *ret_error);
+typedef int (*sd_bus_node_enumerator_t) (sd_bus *bus, const char *prefix, void *userdata, char ***ret_nodes, sd_bus_error *ret_error);
+typedef int (*sd_bus_track_handler_t) (sd_bus_track *track, void *userdata);
+
+#include <systemd/sd-bus-protocol.h>
+#include <systemd/sd-bus-vtable.h>
+
+/* Connections */
+
+int sd_bus_default(sd_bus **ret);
+int sd_bus_default_user(sd_bus **ret);
+int sd_bus_default_system(sd_bus **ret);
+
+int sd_bus_open(sd_bus **ret);
+int sd_bus_open_user(sd_bus **ret);
+int sd_bus_open_system(sd_bus **ret);
+int sd_bus_open_system_remote(sd_bus **ret, const char *host);
+int sd_bus_open_system_machine(sd_bus **ret, const char *machine);
+
+int sd_bus_new(sd_bus **ret);
+
+int sd_bus_set_address(sd_bus *bus, const char *address);
+int sd_bus_set_fd(sd_bus *bus, int input_fd, int output_fd);
+int sd_bus_set_exec(sd_bus *bus, const char *path, char *const argv[]);
+int sd_bus_get_address(sd_bus *bus, const char **address);
+int sd_bus_set_bus_client(sd_bus *bus, int b);
+int sd_bus_is_bus_client(sd_bus *bus);
+int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t bus_id);
+int sd_bus_is_server(sd_bus *bus);
+int sd_bus_set_anonymous(sd_bus *bus, int b);
+int sd_bus_is_anonymous(sd_bus *bus);
+int sd_bus_set_trusted(sd_bus *bus, int b);
+int sd_bus_is_trusted(sd_bus *bus);
+int sd_bus_set_monitor(sd_bus *bus, int b);
+int sd_bus_is_monitor(sd_bus *bus);
+int sd_bus_set_description(sd_bus *bus, const char *description);
+int sd_bus_get_description(sd_bus *bus, const char **description);
+int sd_bus_negotiate_creds(sd_bus *bus, int b, uint64_t creds_mask);
+int sd_bus_negotiate_timestamp(sd_bus *bus, int b);
+int sd_bus_negotiate_fds(sd_bus *bus, int b);
+int sd_bus_can_send(sd_bus *bus, char type);
+int sd_bus_get_creds_mask(sd_bus *bus, uint64_t *creds_mask);
+int sd_bus_set_allow_interactive_authorization(sd_bus *bus, int b);
+int sd_bus_get_allow_interactive_authorization(sd_bus *bus);
+
+int sd_bus_start(sd_bus *ret);
+
+int sd_bus_try_close(sd_bus *bus);
+void sd_bus_close(sd_bus *bus);
+
+sd_bus *sd_bus_ref(sd_bus *bus);
+sd_bus *sd_bus_unref(sd_bus *bus);
+sd_bus *sd_bus_flush_close_unref(sd_bus *bus);
+
+void sd_bus_default_flush_close(void);
+
+int sd_bus_is_open(sd_bus *bus);
+
+int sd_bus_get_bus_id(sd_bus *bus, sd_id128_t *id);
+int sd_bus_get_scope(sd_bus *bus, const char **scope);
+int sd_bus_get_tid(sd_bus *bus, pid_t *tid);
+int sd_bus_get_owner_creds(sd_bus *bus, uint64_t creds_mask, sd_bus_creds **ret);
+
+int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *cookie);
+int sd_bus_send_to(sd_bus *bus, sd_bus_message *m, const char *destination, uint64_t *cookie);
+int sd_bus_call(sd_bus *bus, sd_bus_message *m, uint64_t usec, sd_bus_error *ret_error, sd_bus_message **reply);
+int sd_bus_call_async(sd_bus *bus, sd_bus_slot **slot, sd_bus_message *m, sd_bus_message_handler_t callback, void *userdata, uint64_t usec);
+
+int sd_bus_get_fd(sd_bus *bus);
+int sd_bus_get_events(sd_bus *bus);
+int sd_bus_get_timeout(sd_bus *bus, uint64_t *timeout_usec);
+int sd_bus_process(sd_bus *bus, sd_bus_message **r);
+int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r);
+int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec);
+int sd_bus_flush(sd_bus *bus);
+
+sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus);
+sd_bus_message* sd_bus_get_current_message(sd_bus *bus);
+sd_bus_message_handler_t sd_bus_get_current_handler(sd_bus *bus);
+void* sd_bus_get_current_userdata(sd_bus *bus);
+
+int sd_bus_attach_event(sd_bus *bus, sd_event *e, int priority);
+int sd_bus_detach_event(sd_bus *bus);
+sd_event *sd_bus_get_event(sd_bus *bus);
+
+int sd_bus_add_filter(sd_bus *bus, sd_bus_slot **slot, sd_bus_message_handler_t callback, void *userdata);
+int sd_bus_add_match(sd_bus *bus, sd_bus_slot **slot, const char *match, sd_bus_message_handler_t callback, void *userdata);
+int sd_bus_add_object(sd_bus *bus, sd_bus_slot **slot, const char *path, sd_bus_message_handler_t callback, void *userdata);
+int sd_bus_add_fallback(sd_bus *bus, sd_bus_slot **slot, const char *prefix, sd_bus_message_handler_t callback, void *userdata);
+int sd_bus_add_object_vtable(sd_bus *bus, sd_bus_slot **slot, const char *path, const char *interface, const sd_bus_vtable *vtable, void *userdata);
+int sd_bus_add_fallback_vtable(sd_bus *bus, sd_bus_slot **slot, const char *prefix, const char *interface, const sd_bus_vtable *vtable, sd_bus_object_find_t find, void *userdata);
+int sd_bus_add_node_enumerator(sd_bus *bus, sd_bus_slot **slot, const char *path, sd_bus_node_enumerator_t callback, void *userdata);
+int sd_bus_add_object_manager(sd_bus *bus, sd_bus_slot **slot, const char *path);
+
+/* Slot object */
+
+sd_bus_slot* sd_bus_slot_ref(sd_bus_slot *slot);
+sd_bus_slot* sd_bus_slot_unref(sd_bus_slot *slot);
+
+sd_bus* sd_bus_slot_get_bus(sd_bus_slot *slot);
+void *sd_bus_slot_get_userdata(sd_bus_slot *slot);
+void *sd_bus_slot_set_userdata(sd_bus_slot *slot, void *userdata);
+int sd_bus_slot_set_description(sd_bus_slot *slot, const char *description);
+int sd_bus_slot_get_description(sd_bus_slot *slot, const char **description);
+
+sd_bus_message* sd_bus_slot_get_current_message(sd_bus_slot *slot);
+sd_bus_message_handler_t sd_bus_slot_get_current_handler(sd_bus_slot *bus);
+void *sd_bus_slot_get_current_userdata(sd_bus_slot *slot);
+
+/* Message object */
+
+int sd_bus_message_new_signal(sd_bus *bus, sd_bus_message **m, const char *path, const char *interface, const char *member);
+int sd_bus_message_new_method_call(sd_bus *bus, sd_bus_message **m, const char *destination, const char *path, const char *interface, const char *member);
+int sd_bus_message_new_method_return(sd_bus_message *call, sd_bus_message **m);
+int sd_bus_message_new_method_error(sd_bus_message *call, sd_bus_message **m, const sd_bus_error *e);
+int sd_bus_message_new_method_errorf(sd_bus_message *call, sd_bus_message **m, const char *name, const char *format, ...) _sd_printf_(4, 5);
+int sd_bus_message_new_method_errno(sd_bus_message *call, sd_bus_message **m, int error, const sd_bus_error *e);
+int sd_bus_message_new_method_errnof(sd_bus_message *call, sd_bus_message **m, int error, const char *format, ...) _sd_printf_(4, 5);
+
+sd_bus_message* sd_bus_message_ref(sd_bus_message *m);
+sd_bus_message* sd_bus_message_unref(sd_bus_message *m);
+
+int sd_bus_message_get_type(sd_bus_message *m, uint8_t *type);
+int sd_bus_message_get_cookie(sd_bus_message *m, uint64_t *cookie);
+int sd_bus_message_get_reply_cookie(sd_bus_message *m, uint64_t *cookie);
+int sd_bus_message_get_priority(sd_bus_message *m, int64_t *priority);
+
+int sd_bus_message_get_expect_reply(sd_bus_message *m);
+int sd_bus_message_get_auto_start(sd_bus_message *m);
+int sd_bus_message_get_allow_interactive_authorization(sd_bus_message *m);
+
+const char *sd_bus_message_get_signature(sd_bus_message *m, int complete);
+const char *sd_bus_message_get_path(sd_bus_message *m);
+const char *sd_bus_message_get_interface(sd_bus_message *m);
+const char *sd_bus_message_get_member(sd_bus_message *m);
+const char *sd_bus_message_get_destination(sd_bus_message *m);
+const char *sd_bus_message_get_sender(sd_bus_message *m);
+const sd_bus_error *sd_bus_message_get_error(sd_bus_message *m);
+int sd_bus_message_get_errno(sd_bus_message *m);
+
+int sd_bus_message_get_monotonic_usec(sd_bus_message *m, uint64_t *usec);
+int sd_bus_message_get_realtime_usec(sd_bus_message *m, uint64_t *usec);
+int sd_bus_message_get_seqnum(sd_bus_message *m, uint64_t* seqnum);
+
+sd_bus* sd_bus_message_get_bus(sd_bus_message *m);
+sd_bus_creds *sd_bus_message_get_creds(sd_bus_message *m); /* do not unref the result */
+
+int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member);
+int sd_bus_message_is_method_call(sd_bus_message *m, const char *interface, const char *member);
+int sd_bus_message_is_method_error(sd_bus_message *m, const char *name);
+int sd_bus_message_is_empty(sd_bus_message *m);
+int sd_bus_message_has_signature(sd_bus_message *m, const char *signature);
+
+int sd_bus_message_set_expect_reply(sd_bus_message *m, int b);
+int sd_bus_message_set_auto_start(sd_bus_message *m, int b);
+int sd_bus_message_set_allow_interactive_authorization(sd_bus_message *m, int b);
+
+int sd_bus_message_set_destination(sd_bus_message *m, const char *destination);
+int sd_bus_message_set_priority(sd_bus_message *m, int64_t priority);
+
+int sd_bus_message_append(sd_bus_message *m, const char *types, ...);
+int sd_bus_message_append_basic(sd_bus_message *m, char type, const void *p);
+int sd_bus_message_append_array(sd_bus_message *m, char type, const void *ptr, size_t size);
+int sd_bus_message_append_array_space(sd_bus_message *m, char type, size_t size, void **ptr);
+int sd_bus_message_append_array_iovec(sd_bus_message *m, char type, const struct iovec *iov, unsigned n);
+int sd_bus_message_append_array_memfd(sd_bus_message *m, char type, int memfd, uint64_t offset, uint64_t size);
+int sd_bus_message_append_string_space(sd_bus_message *m, size_t size, char **s);
+int sd_bus_message_append_string_iovec(sd_bus_message *m, const struct iovec *iov, unsigned n);
+int sd_bus_message_append_string_memfd(sd_bus_message *m, int memfd, uint64_t offset, uint64_t size);
+int sd_bus_message_append_strv(sd_bus_message *m, char **l);
+int sd_bus_message_open_container(sd_bus_message *m, char type, const char *contents);
+int sd_bus_message_close_container(sd_bus_message *m);
+int sd_bus_message_copy(sd_bus_message *m, sd_bus_message *source, int all);
+
+int sd_bus_message_read(sd_bus_message *m, const char *types, ...);
+int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p);
+int sd_bus_message_read_array(sd_bus_message *m, char type, const void **ptr, size_t *size);
+int sd_bus_message_read_strv(sd_bus_message *m, char ***l); /* free the result! */
+int sd_bus_message_skip(sd_bus_message *m, const char *types);
+int sd_bus_message_enter_container(sd_bus_message *m, char type, const char *contents);
+int sd_bus_message_exit_container(sd_bus_message *m);
+int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char **contents);
+int sd_bus_message_verify_type(sd_bus_message *m, char type, const char *contents);
+int sd_bus_message_at_end(sd_bus_message *m, int complete);
+int sd_bus_message_rewind(sd_bus_message *m, int complete);
+
+/* Bus management */
+
+int sd_bus_get_unique_name(sd_bus *bus, const char **unique);
+int sd_bus_request_name(sd_bus *bus, const char *name, uint64_t flags);
+int sd_bus_release_name(sd_bus *bus, const char *name);
+int sd_bus_list_names(sd_bus *bus, char ***acquired, char ***activatable); /* free the results */
+int sd_bus_get_name_creds(sd_bus *bus, const char *name, uint64_t mask, sd_bus_creds **creds); /* unref the result! */
+int sd_bus_get_name_machine_id(sd_bus *bus, const char *name, sd_id128_t *machine);
+
+/* Convenience calls */
+
+int sd_bus_call_method(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, sd_bus_message **reply, const char *types, ...);
+int sd_bus_call_method_async(sd_bus *bus, sd_bus_slot **slot, const char *destination, const char *path, const char *interface, const char *member, sd_bus_message_handler_t callback, void *userdata, const char *types, ...);
+int sd_bus_get_property(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, sd_bus_message **reply, const char *type);
+int sd_bus_get_property_trivial(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, char type, void *ret_ptr);
+int sd_bus_get_property_string(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, char **ret); /* free the result! */
+int sd_bus_get_property_strv(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, char ***ret); /* free the result! */
+int sd_bus_set_property(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, const char *type, ...);
+
+int sd_bus_reply_method_return(sd_bus_message *call, const char *types, ...);
+int sd_bus_reply_method_error(sd_bus_message *call, const sd_bus_error *e);
+int sd_bus_reply_method_errorf(sd_bus_message *call, const char *name, const char *format, ...) _sd_printf_(3, 4);
+int sd_bus_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *e);
+int sd_bus_reply_method_errnof(sd_bus_message *call, int error, const char *format, ...) _sd_printf_(3, 4);
+
+int sd_bus_emit_signal(sd_bus *bus, const char *path, const char *interface, const char *member, const char *types, ...);
+
+int sd_bus_emit_properties_changed_strv(sd_bus *bus, const char *path, const char *interface, char **names);
+int sd_bus_emit_properties_changed(sd_bus *bus, const char *path, const char *interface, const char *name, ...) _sd_sentinel_;
+
+int sd_bus_emit_object_added(sd_bus *bus, const char *path);
+int sd_bus_emit_object_removed(sd_bus *bus, const char *path);
+int sd_bus_emit_interfaces_added_strv(sd_bus *bus, const char *path, char **interfaces);
+int sd_bus_emit_interfaces_added(sd_bus *bus, const char *path, const char *interface, ...) _sd_sentinel_;
+int sd_bus_emit_interfaces_removed_strv(sd_bus *bus, const char *path, char **interfaces);
+int sd_bus_emit_interfaces_removed(sd_bus *bus, const char *path, const char *interface, ...) _sd_sentinel_;
+
+int sd_bus_query_sender_creds(sd_bus_message *call, uint64_t mask, sd_bus_creds **creds);
+int sd_bus_query_sender_privilege(sd_bus_message *call, int capability);
+
+/* Credential handling */
+
+int sd_bus_creds_new_from_pid(sd_bus_creds **ret, pid_t pid, uint64_t creds_mask);
+sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c);
+sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c);
+uint64_t sd_bus_creds_get_mask(const sd_bus_creds *c);
+uint64_t sd_bus_creds_get_augmented_mask(const sd_bus_creds *c);
+
+int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid);
+int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid);
+int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid);
+int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid);
+int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *euid);
+int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *suid);
+int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *fsuid);
+int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid);
+int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *egid);
+int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *sgid);
+int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *fsgid);
+int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c, const gid_t **gids);
+int sd_bus_creds_get_comm(sd_bus_creds *c, const char **comm);
+int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **comm);
+int sd_bus_creds_get_exe(sd_bus_creds *c, const char **exe);
+int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline);
+int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **cgroup);
+int sd_bus_creds_get_unit(sd_bus_creds *c, const char **unit);
+int sd_bus_creds_get_slice(sd_bus_creds *c, const char **slice);
+int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **unit);
+int sd_bus_creds_get_user_slice(sd_bus_creds *c, const char **slice);
+int sd_bus_creds_get_session(sd_bus_creds *c, const char **session);
+int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid);
+int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability);
+int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability);
+int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability);
+int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability);
+int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **context);
+int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid);
+int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *loginuid);
+int sd_bus_creds_get_tty(sd_bus_creds *c, const char **tty);
+int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **name);
+int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***names);
+int sd_bus_creds_get_description(sd_bus_creds *c, const char **name);
+
+/* Error structures */
+
+#define SD_BUS_ERROR_MAKE_CONST(name, message) ((const sd_bus_error) {(name), (message), 0})
+#define SD_BUS_ERROR_NULL SD_BUS_ERROR_MAKE_CONST(NULL, NULL)
+
+void sd_bus_error_free(sd_bus_error *e);
+int sd_bus_error_set(sd_bus_error *e, const char *name, const char *message);
+int sd_bus_error_setf(sd_bus_error *e, const char *name, const char *format, ...)  _sd_printf_(3, 4);
+int sd_bus_error_set_const(sd_bus_error *e, const char *name, const char *message);
+int sd_bus_error_set_errno(sd_bus_error *e, int error);
+int sd_bus_error_set_errnof(sd_bus_error *e, int error, const char *format, ...) _sd_printf_(3, 4);
+int sd_bus_error_set_errnofv(sd_bus_error *e, int error, const char *format, va_list ap) _sd_printf_(3,0);
+int sd_bus_error_get_errno(const sd_bus_error *e);
+int sd_bus_error_copy(sd_bus_error *dest, const sd_bus_error *e);
+int sd_bus_error_is_set(const sd_bus_error *e);
+int sd_bus_error_has_name(const sd_bus_error *e, const char *name);
+
+#define SD_BUS_ERROR_MAP(_name, _code)          \
+        {                                       \
+                .name = _name,                  \
+                .code = _code,                  \
+        }
+#define SD_BUS_ERROR_MAP_END                    \
+        {                                       \
+                .name = NULL,                   \
+                .code = - 'x',                  \
+        }
+
+int sd_bus_error_add_map(const sd_bus_error_map *map);
+
+/* Auxiliary macros */
+
+#define SD_BUS_MESSAGE_APPEND_ID128(x) 16,                              \
+                (x).bytes[0],  (x).bytes[1],  (x).bytes[2],  (x).bytes[3], \
+                (x).bytes[4],  (x).bytes[5],  (x).bytes[6],  (x).bytes[7], \
+                (x).bytes[8],  (x).bytes[9],  (x).bytes[10], (x).bytes[11], \
+                (x).bytes[12], (x).bytes[13], (x).bytes[14], (x).bytes[15]
+
+#define SD_BUS_MESSAGE_READ_ID128(x) 16,                                \
+                &(x).bytes[0],  &(x).bytes[1],  &(x).bytes[2],  &(x).bytes[3], \
+                &(x).bytes[4],  &(x).bytes[5],  &(x).bytes[6],  &(x).bytes[7], \
+                &(x).bytes[8],  &(x).bytes[9],  &(x).bytes[10], &(x).bytes[11], \
+                &(x).bytes[12], &(x).bytes[13], &(x).bytes[14], &(x).bytes[15]
+
+/* Label escaping */
+
+int sd_bus_path_encode(const char *prefix, const char *external_id, char **ret_path);
+int sd_bus_path_encode_many(char **out, const char *path_template, ...);
+int sd_bus_path_decode(const char *path, const char *prefix, char **ret_external_id);
+int sd_bus_path_decode_many(const char *path, const char *path_template, ...);
+
+/* Tracking peers */
+
+int sd_bus_track_new(sd_bus *bus, sd_bus_track **track, sd_bus_track_handler_t handler, void *userdata);
+sd_bus_track* sd_bus_track_ref(sd_bus_track *track);
+sd_bus_track* sd_bus_track_unref(sd_bus_track *track);
+
+sd_bus* sd_bus_track_get_bus(sd_bus_track *track);
+void *sd_bus_track_get_userdata(sd_bus_track *track);
+void *sd_bus_track_set_userdata(sd_bus_track *track, void *userdata);
+
+int sd_bus_track_add_sender(sd_bus_track *track, sd_bus_message *m);
+int sd_bus_track_remove_sender(sd_bus_track *track, sd_bus_message *m);
+int sd_bus_track_add_name(sd_bus_track *track, const char *name);
+int sd_bus_track_remove_name(sd_bus_track *track, const char *name);
+
+unsigned sd_bus_track_count(sd_bus_track *track);
+const char* sd_bus_track_contains(sd_bus_track *track, const char *names);
+const char* sd_bus_track_first(sd_bus_track *track);
+const char* sd_bus_track_next(sd_bus_track *track);
+
+/* Define helpers so that __attribute__((cleanup(sd_bus_unrefp))) and similar may be used. */
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus, sd_bus_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus, sd_bus_flush_close_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_slot, sd_bus_slot_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_message, sd_bus_message_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_creds, sd_bus_creds_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_track, sd_bus_track_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/systemd/sd-daemon.h b/src/libsystemd/include/systemd/sd-daemon.h
index e6787b0a64..e6787b0a64 100644
--- a/src/systemd/sd-daemon.h
+++ b/src/libsystemd/include/systemd/sd-daemon.h
diff --git a/src/systemd/sd-device.h b/src/libsystemd/include/systemd/sd-device.h
index c1d07561d7..c1d07561d7 100644
--- a/src/systemd/sd-device.h
+++ b/src/libsystemd/include/systemd/sd-device.h
diff --git a/src/libsystemd/include/systemd/sd-dhcp-client.h b/src/libsystemd/include/systemd/sd-dhcp-client.h
new file mode 100644
index 0000000000..f7bd5c4b7a
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-dhcp-client.h
@@ -0,0 +1,158 @@
+#ifndef foosddhcpclienthfoo
+#define foosddhcpclienthfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2013 Intel Corporation. All rights reserved.
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <net/ethernet.h>
+#include <netinet/in.h>
+#include <sys/types.h>
+
+#include <systemd/sd-dhcp-lease.h>
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+enum {
+        SD_DHCP_CLIENT_EVENT_STOP               = 0,
+        SD_DHCP_CLIENT_EVENT_IP_ACQUIRE         = 1,
+        SD_DHCP_CLIENT_EVENT_IP_CHANGE          = 2,
+        SD_DHCP_CLIENT_EVENT_EXPIRED            = 3,
+        SD_DHCP_CLIENT_EVENT_RENEW              = 4,
+};
+
+enum {
+        SD_DHCP_OPTION_PAD                         = 0,
+        SD_DHCP_OPTION_SUBNET_MASK                 = 1,
+        SD_DHCP_OPTION_TIME_OFFSET                 = 2,
+        SD_DHCP_OPTION_ROUTER                      = 3,
+        SD_DHCP_OPTION_DOMAIN_NAME_SERVER          = 6,
+        SD_DHCP_OPTION_HOST_NAME                   = 12,
+        SD_DHCP_OPTION_BOOT_FILE_SIZE              = 13,
+        SD_DHCP_OPTION_DOMAIN_NAME                 = 15,
+        SD_DHCP_OPTION_ROOT_PATH                   = 17,
+        SD_DHCP_OPTION_ENABLE_IP_FORWARDING        = 19,
+        SD_DHCP_OPTION_ENABLE_IP_FORWARDING_NL     = 20,
+        SD_DHCP_OPTION_POLICY_FILTER               = 21,
+        SD_DHCP_OPTION_INTERFACE_MDR               = 22,
+        SD_DHCP_OPTION_INTERFACE_TTL               = 23,
+        SD_DHCP_OPTION_INTERFACE_MTU_AGING_TIMEOUT = 24,
+        SD_DHCP_OPTION_INTERFACE_MTU               = 26,
+        SD_DHCP_OPTION_BROADCAST                   = 28,
+        SD_DHCP_OPTION_STATIC_ROUTE                = 33,
+        SD_DHCP_OPTION_NTP_SERVER                  = 42,
+        SD_DHCP_OPTION_VENDOR_SPECIFIC             = 43,
+        SD_DHCP_OPTION_REQUESTED_IP_ADDRESS        = 50,
+        SD_DHCP_OPTION_IP_ADDRESS_LEASE_TIME       = 51,
+        SD_DHCP_OPTION_OVERLOAD                    = 52,
+        SD_DHCP_OPTION_MESSAGE_TYPE                = 53,
+        SD_DHCP_OPTION_SERVER_IDENTIFIER           = 54,
+        SD_DHCP_OPTION_PARAMETER_REQUEST_LIST      = 55,
+        SD_DHCP_OPTION_ERROR_MESSAGE               = 56,
+        SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE        = 57,
+        SD_DHCP_OPTION_RENEWAL_T1_TIME             = 58,
+        SD_DHCP_OPTION_REBINDING_T2_TIME           = 59,
+        SD_DHCP_OPTION_VENDOR_CLASS_IDENTIFIER     = 60,
+        SD_DHCP_OPTION_CLIENT_IDENTIFIER           = 61,
+        SD_DHCP_OPTION_FQDN                        = 81,
+        SD_DHCP_OPTION_NEW_POSIX_TIMEZONE          = 100,
+        SD_DHCP_OPTION_NEW_TZDB_TIMEZONE           = 101,
+        SD_DHCP_OPTION_CLASSLESS_STATIC_ROUTE      = 121,
+        SD_DHCP_OPTION_PRIVATE_BASE                = 224,
+        SD_DHCP_OPTION_PRIVATE_LAST                = 254,
+        SD_DHCP_OPTION_END                         = 255,
+};
+
+typedef struct sd_dhcp_client sd_dhcp_client;
+
+typedef void (*sd_dhcp_client_callback_t)(sd_dhcp_client *client, int event, void *userdata);
+int sd_dhcp_client_set_callback(
+                sd_dhcp_client *client,
+                sd_dhcp_client_callback_t cb,
+                void *userdata);
+
+int sd_dhcp_client_set_request_option(
+                sd_dhcp_client *client,
+                uint8_t option);
+int sd_dhcp_client_set_request_address(
+                sd_dhcp_client *client,
+                const struct in_addr *last_address);
+int sd_dhcp_client_set_request_broadcast(
+                sd_dhcp_client *client,
+                int broadcast);
+int sd_dhcp_client_set_index(
+                sd_dhcp_client *client,
+                int interface_index);
+int sd_dhcp_client_set_mac(
+                sd_dhcp_client *client,
+                const uint8_t *addr,
+                size_t addr_len,
+                uint16_t arp_type);
+int sd_dhcp_client_set_client_id(
+                sd_dhcp_client *client,
+                uint8_t type,
+                const uint8_t *data,
+                size_t data_len);
+int sd_dhcp_client_set_iaid_duid(
+                sd_dhcp_client *client,
+                uint32_t iaid,
+                uint16_t duid_type,
+                const void *duid,
+                size_t duid_len);
+int sd_dhcp_client_get_client_id(
+                sd_dhcp_client *client,
+                uint8_t *type,
+                const uint8_t **data,
+                size_t *data_len);
+int sd_dhcp_client_set_mtu(
+                sd_dhcp_client *client,
+                uint32_t mtu);
+int sd_dhcp_client_set_hostname(
+                sd_dhcp_client *client,
+                const char *hostname);
+int sd_dhcp_client_set_vendor_class_identifier(
+                sd_dhcp_client *client,
+                const char *vci);
+int sd_dhcp_client_get_lease(
+                sd_dhcp_client *client,
+                sd_dhcp_lease **ret);
+
+int sd_dhcp_client_stop(sd_dhcp_client *client);
+int sd_dhcp_client_start(sd_dhcp_client *client);
+
+sd_dhcp_client *sd_dhcp_client_ref(sd_dhcp_client *client);
+sd_dhcp_client *sd_dhcp_client_unref(sd_dhcp_client *client);
+
+int sd_dhcp_client_new(sd_dhcp_client **ret);
+
+int sd_dhcp_client_attach_event(
+                sd_dhcp_client *client,
+                sd_event *event,
+                int64_t priority);
+int sd_dhcp_client_detach_event(sd_dhcp_client *client);
+sd_event *sd_dhcp_client_get_event(sd_dhcp_client *client);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_dhcp_client, sd_dhcp_client_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/systemd/sd-dhcp-lease.h b/src/libsystemd/include/systemd/sd-dhcp-lease.h
index 2f565ca825..2f565ca825 100644
--- a/src/systemd/sd-dhcp-lease.h
+++ b/src/libsystemd/include/systemd/sd-dhcp-lease.h
diff --git a/src/libsystemd/include/systemd/sd-dhcp-server.h b/src/libsystemd/include/systemd/sd-dhcp-server.h
new file mode 100644
index 0000000000..bbb2bb203c
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-dhcp-server.h
@@ -0,0 +1,65 @@
+#ifndef foosddhcpserverhfoo
+#define foosddhcpserverhfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2013 Intel Corporation. All rights reserved.
+  Copyright (C) 2014 Tom Gundersen
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <netinet/in.h>
+
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+typedef struct sd_dhcp_server sd_dhcp_server;
+
+int sd_dhcp_server_new(sd_dhcp_server **ret, int ifindex);
+
+sd_dhcp_server *sd_dhcp_server_ref(sd_dhcp_server *server);
+sd_dhcp_server *sd_dhcp_server_unref(sd_dhcp_server *server);
+
+int sd_dhcp_server_attach_event(sd_dhcp_server *client, sd_event *event, int64_t priority);
+int sd_dhcp_server_detach_event(sd_dhcp_server *client);
+sd_event *sd_dhcp_server_get_event(sd_dhcp_server *client);
+
+int sd_dhcp_server_is_running(sd_dhcp_server *server);
+
+int sd_dhcp_server_start(sd_dhcp_server *server);
+int sd_dhcp_server_stop(sd_dhcp_server *server);
+
+int sd_dhcp_server_configure_pool(sd_dhcp_server *server, struct in_addr *address, unsigned char prefixlen, uint32_t offset, uint32_t size);
+
+int sd_dhcp_server_set_timezone(sd_dhcp_server *server, const char *timezone);
+int sd_dhcp_server_set_dns(sd_dhcp_server *server, const struct in_addr ntp[], unsigned n);
+int sd_dhcp_server_set_ntp(sd_dhcp_server *server, const struct in_addr dns[], unsigned n);
+int sd_dhcp_server_set_emit_router(sd_dhcp_server *server, int enabled);
+
+int sd_dhcp_server_set_max_lease_time(sd_dhcp_server *server, uint32_t t);
+int sd_dhcp_server_set_default_lease_time(sd_dhcp_server *server, uint32_t t);
+
+int sd_dhcp_server_forcerenew(sd_dhcp_server *server);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_dhcp_server, sd_dhcp_server_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/libsystemd/include/systemd/sd-dhcp6-client.h b/src/libsystemd/include/systemd/sd-dhcp6-client.h
new file mode 100644
index 0000000000..6bcd9862c9
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-dhcp6-client.h
@@ -0,0 +1,135 @@
+#ifndef foosddhcp6clienthfoo
+#define foosddhcp6clienthfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2014 Intel Corporation. All rights reserved.
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <net/ethernet.h>
+#include <sys/types.h>
+
+#include <systemd/sd-dhcp6-lease.h>
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+enum {
+        SD_DHCP6_CLIENT_EVENT_STOP                      = 0,
+        SD_DHCP6_CLIENT_EVENT_RESEND_EXPIRE             = 10,
+        SD_DHCP6_CLIENT_EVENT_RETRANS_MAX               = 11,
+        SD_DHCP6_CLIENT_EVENT_IP_ACQUIRE                = 12,
+        SD_DHCP6_CLIENT_EVENT_INFORMATION_REQUEST       = 13,
+};
+
+enum {
+        SD_DHCP6_OPTION_CLIENTID                   = 1,
+        SD_DHCP6_OPTION_SERVERID                   = 2,
+        SD_DHCP6_OPTION_IA_NA                      = 3,
+        SD_DHCP6_OPTION_IA_TA                      = 4,
+        SD_DHCP6_OPTION_IAADDR                     = 5,
+        SD_DHCP6_OPTION_ORO                        = 6,
+        SD_DHCP6_OPTION_PREFERENCE                 = 7,
+        SD_DHCP6_OPTION_ELAPSED_TIME               = 8,
+        SD_DHCP6_OPTION_RELAY_MSG                  = 9,
+        /* option code 10 is unassigned */
+        SD_DHCP6_OPTION_AUTH                       = 11,
+        SD_DHCP6_OPTION_UNICAST                    = 12,
+        SD_DHCP6_OPTION_STATUS_CODE                = 13,
+        SD_DHCP6_OPTION_RAPID_COMMIT               = 14,
+        SD_DHCP6_OPTION_USER_CLASS                 = 15,
+        SD_DHCP6_OPTION_VENDOR_CLASS               = 16,
+        SD_DHCP6_OPTION_VENDOR_OPTS                = 17,
+        SD_DHCP6_OPTION_INTERFACE_ID               = 18,
+        SD_DHCP6_OPTION_RECONF_MSG                 = 19,
+        SD_DHCP6_OPTION_RECONF_ACCEPT              = 20,
+
+        SD_DHCP6_OPTION_DNS_SERVERS                = 23,  /* RFC 3646 */
+        SD_DHCP6_OPTION_DOMAIN_LIST                = 24,  /* RFC 3646 */
+
+        SD_DHCP6_OPTION_SNTP_SERVERS               = 31,  /* RFC 4075, deprecated */
+
+        /* option code 35 is unassigned */
+
+        SD_DHCP6_OPTION_NTP_SERVER                 = 56,  /* RFC 5908 */
+
+        /* option codes 89-142 are unassigned */
+        /* option codes 144-65535 are unassigned */
+};
+
+typedef struct sd_dhcp6_client sd_dhcp6_client;
+
+typedef void (*sd_dhcp6_client_callback_t)(sd_dhcp6_client *client, int event, void *userdata);
+int sd_dhcp6_client_set_callback(
+                sd_dhcp6_client *client,
+                sd_dhcp6_client_callback_t cb,
+                void *userdata);
+
+int sd_dhcp6_client_set_index(
+                sd_dhcp6_client *client,
+                int interface_index);
+int sd_dhcp6_client_set_local_address(
+                sd_dhcp6_client *client,
+                const struct in6_addr *local_address);
+int sd_dhcp6_client_set_mac(
+                sd_dhcp6_client *client,
+                const uint8_t *addr,
+                size_t addr_len,
+                uint16_t arp_type);
+int sd_dhcp6_client_set_duid(
+                sd_dhcp6_client *client,
+                uint16_t duid_type,
+                const void *duid,
+                size_t duid_len);
+int sd_dhcp6_client_set_iaid(
+                sd_dhcp6_client *client,
+                uint32_t iaid);
+int sd_dhcp6_client_set_information_request(
+                sd_dhcp6_client *client,
+                int enabled);
+int sd_dhcp6_client_get_information_request(
+                sd_dhcp6_client *client,
+                int *enabled);
+int sd_dhcp6_client_set_request_option(
+                sd_dhcp6_client *client,
+                uint16_t option);
+
+int sd_dhcp6_client_get_lease(
+                sd_dhcp6_client *client,
+                sd_dhcp6_lease **ret);
+
+int sd_dhcp6_client_stop(sd_dhcp6_client *client);
+int sd_dhcp6_client_start(sd_dhcp6_client *client);
+int sd_dhcp6_client_is_running(sd_dhcp6_client *client);
+int sd_dhcp6_client_attach_event(
+                sd_dhcp6_client *client,
+                sd_event *event,
+                int64_t priority);
+int sd_dhcp6_client_detach_event(sd_dhcp6_client *client);
+sd_event *sd_dhcp6_client_get_event(sd_dhcp6_client *client);
+sd_dhcp6_client *sd_dhcp6_client_ref(sd_dhcp6_client *client);
+sd_dhcp6_client *sd_dhcp6_client_unref(sd_dhcp6_client *client);
+int sd_dhcp6_client_new(sd_dhcp6_client **ret);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_dhcp6_client, sd_dhcp6_client_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/systemd/sd-dhcp6-lease.h b/src/libsystemd/include/systemd/sd-dhcp6-lease.h
index 184fbb8e0d..184fbb8e0d 100644
--- a/src/systemd/sd-dhcp6-lease.h
+++ b/src/libsystemd/include/systemd/sd-dhcp6-lease.h
diff --git a/src/systemd/sd-event.h b/src/libsystemd/include/systemd/sd-event.h
index 531ace1c34..531ace1c34 100644
--- a/src/systemd/sd-event.h
+++ b/src/libsystemd/include/systemd/sd-event.h
diff --git a/src/systemd/sd-hwdb.h b/src/libsystemd/include/systemd/sd-hwdb.h
index 7105920492..7105920492 100644
--- a/src/systemd/sd-hwdb.h
+++ b/src/libsystemd/include/systemd/sd-hwdb.h
diff --git a/src/systemd/sd-id128.h b/src/libsystemd/include/systemd/sd-id128.h
index 4dff0b9b81..4dff0b9b81 100644
--- a/src/systemd/sd-id128.h
+++ b/src/libsystemd/include/systemd/sd-id128.h
diff --git a/src/libsystemd/include/systemd/sd-ipv4acd.h b/src/libsystemd/include/systemd/sd-ipv4acd.h
new file mode 100644
index 0000000000..93db7a4a6c
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-ipv4acd.h
@@ -0,0 +1,60 @@
+#ifndef foosdipv4acdfoo
+#define foosdipv4acdfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2014 Axis Communications AB. All rights reserved.
+  Copyright (C) 2015 Tom Gundersen
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <net/ethernet.h>
+#include <netinet/in.h>
+
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+enum {
+        SD_IPV4ACD_EVENT_STOP           = 0,
+        SD_IPV4ACD_EVENT_BIND           = 1,
+        SD_IPV4ACD_EVENT_CONFLICT       = 2,
+};
+
+typedef struct sd_ipv4acd sd_ipv4acd;
+typedef void (*sd_ipv4acd_callback_t)(sd_ipv4acd *ll, int event, void *userdata);
+
+int sd_ipv4acd_detach_event(sd_ipv4acd *ll);
+int sd_ipv4acd_attach_event(sd_ipv4acd *ll, sd_event *event, int64_t priority);
+int sd_ipv4acd_get_address(sd_ipv4acd *ll, struct in_addr *address);
+int sd_ipv4acd_set_callback(sd_ipv4acd *ll, sd_ipv4acd_callback_t cb, void *userdata);
+int sd_ipv4acd_set_mac(sd_ipv4acd *ll, const struct ether_addr *addr);
+int sd_ipv4acd_set_index(sd_ipv4acd *ll, int interface_index);
+int sd_ipv4acd_set_address(sd_ipv4acd *ll, const struct in_addr *address);
+int sd_ipv4acd_is_running(sd_ipv4acd *ll);
+int sd_ipv4acd_start(sd_ipv4acd *ll);
+int sd_ipv4acd_stop(sd_ipv4acd *ll);
+sd_ipv4acd *sd_ipv4acd_ref(sd_ipv4acd *ll);
+sd_ipv4acd *sd_ipv4acd_unref(sd_ipv4acd *ll);
+int sd_ipv4acd_new(sd_ipv4acd **ret);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_ipv4acd, sd_ipv4acd_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/libsystemd/include/systemd/sd-ipv4ll.h b/src/libsystemd/include/systemd/sd-ipv4ll.h
new file mode 100644
index 0000000000..9167623167
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-ipv4ll.h
@@ -0,0 +1,60 @@
+#ifndef foosdipv4llfoo
+#define foosdipv4llfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2014 Axis Communications AB. All rights reserved.
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <net/ethernet.h>
+#include <netinet/in.h>
+
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+enum {
+        SD_IPV4LL_EVENT_STOP            = 0,
+        SD_IPV4LL_EVENT_BIND            = 1,
+        SD_IPV4LL_EVENT_CONFLICT        = 2,
+};
+
+typedef struct sd_ipv4ll sd_ipv4ll;
+typedef void (*sd_ipv4ll_callback_t)(sd_ipv4ll *ll, int event, void *userdata);
+
+int sd_ipv4ll_detach_event(sd_ipv4ll *ll);
+int sd_ipv4ll_attach_event(sd_ipv4ll *ll, sd_event *event, int64_t priority);
+int sd_ipv4ll_get_address(sd_ipv4ll *ll, struct in_addr *address);
+int sd_ipv4ll_set_callback(sd_ipv4ll *ll, sd_ipv4ll_callback_t cb, void *userdata);
+int sd_ipv4ll_set_mac(sd_ipv4ll *ll, const struct ether_addr *addr);
+int sd_ipv4ll_set_index(sd_ipv4ll *ll, int interface_index);
+int sd_ipv4ll_set_address(sd_ipv4ll *ll, const struct in_addr *address);
+int sd_ipv4ll_set_address_seed(sd_ipv4ll *ll, unsigned seed);
+int sd_ipv4ll_is_running(sd_ipv4ll *ll);
+int sd_ipv4ll_start(sd_ipv4ll *ll);
+int sd_ipv4ll_stop(sd_ipv4ll *ll);
+sd_ipv4ll *sd_ipv4ll_ref(sd_ipv4ll *ll);
+sd_ipv4ll *sd_ipv4ll_unref(sd_ipv4ll *ll);
+int sd_ipv4ll_new (sd_ipv4ll **ret);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_ipv4ll, sd_ipv4ll_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/libsystemd/include/systemd/sd-journal.h b/src/libsystemd/include/systemd/sd-journal.h
new file mode 100644
index 0000000000..3e61feb81f
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-journal.h
@@ -0,0 +1,175 @@
+#ifndef foosdjournalhfoo
+#define foosdjournalhfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <syslog.h>
+
+#include <systemd/sd-id128.h>
+
+#include "_sd-common.h"
+
+/* Journal APIs. See sd-journal(3) for more information. */
+
+_SD_BEGIN_DECLARATIONS;
+
+/* Write to daemon */
+int sd_journal_print(int priority, const char *format, ...) _sd_printf_(2, 3);
+int sd_journal_printv(int priority, const char *format, va_list ap) _sd_printf_(2, 0);
+int sd_journal_send(const char *format, ...) _sd_printf_(1, 0) _sd_sentinel_;
+int sd_journal_sendv(const struct iovec *iov, int n);
+int sd_journal_perror(const char *message);
+
+/* Used by the macros below. You probably don't want to call this directly. */
+int sd_journal_print_with_location(int priority, const char *file, const char *line, const char *func, const char *format, ...) _sd_printf_(5, 6);
+int sd_journal_printv_with_location(int priority, const char *file, const char *line, const char *func, const char *format, va_list ap) _sd_printf_(5, 0);
+int sd_journal_send_with_location(const char *file, const char *line, const char *func, const char *format, ...) _sd_printf_(4, 0) _sd_sentinel_;
+int sd_journal_sendv_with_location(const char *file, const char *line, const char *func, const struct iovec *iov, int n);
+int sd_journal_perror_with_location(const char *file, const char *line, const char *func, const char *message);
+
+/* implicitly add code location to messages sent, if this is enabled */
+#ifndef SD_JOURNAL_SUPPRESS_LOCATION
+
+#define sd_journal_print(priority, ...) sd_journal_print_with_location(priority, "CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, __VA_ARGS__)
+#define sd_journal_printv(priority, format, ap) sd_journal_printv_with_location(priority, "CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, format, ap)
+#define sd_journal_send(...) sd_journal_send_with_location("CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, __VA_ARGS__)
+#define sd_journal_sendv(iovec, n) sd_journal_sendv_with_location("CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, iovec, n)
+#define sd_journal_perror(message) sd_journal_perror_with_location("CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, message)
+
+#endif
+
+int sd_journal_stream_fd(const char *identifier, int priority, int level_prefix);
+
+/* Browse journal stream */
+
+typedef struct sd_journal sd_journal;
+
+/* Open flags */
+enum {
+        SD_JOURNAL_LOCAL_ONLY   = 1 << 0,
+        SD_JOURNAL_RUNTIME_ONLY = 1 << 1,
+        SD_JOURNAL_SYSTEM       = 1 << 2,
+        SD_JOURNAL_CURRENT_USER = 1 << 3,
+        SD_JOURNAL_OS_ROOT      = 1 << 4,
+
+        SD_JOURNAL_SYSTEM_ONLY = SD_JOURNAL_SYSTEM /* deprecated name */
+};
+
+/* Wakeup event types */
+enum {
+        SD_JOURNAL_NOP,
+        SD_JOURNAL_APPEND,
+        SD_JOURNAL_INVALIDATE
+};
+
+int sd_journal_open(sd_journal **ret, int flags);
+int sd_journal_open_directory(sd_journal **ret, const char *path, int flags);
+int sd_journal_open_directory_fd(sd_journal **ret, int fd, int flags);
+int sd_journal_open_files(sd_journal **ret, const char **paths, int flags);
+int sd_journal_open_files_fd(sd_journal **ret, int fds[], unsigned n_fds, int flags);
+int sd_journal_open_container(sd_journal **ret, const char *machine, int flags); /* deprecated */
+void sd_journal_close(sd_journal *j);
+
+int sd_journal_previous(sd_journal *j);
+int sd_journal_next(sd_journal *j);
+
+int sd_journal_previous_skip(sd_journal *j, uint64_t skip);
+int sd_journal_next_skip(sd_journal *j, uint64_t skip);
+
+int sd_journal_get_realtime_usec(sd_journal *j, uint64_t *ret);
+int sd_journal_get_monotonic_usec(sd_journal *j, uint64_t *ret, sd_id128_t *ret_boot_id);
+
+int sd_journal_set_data_threshold(sd_journal *j, size_t sz);
+int sd_journal_get_data_threshold(sd_journal *j, size_t *sz);
+
+int sd_journal_get_data(sd_journal *j, const char *field, const void **data, size_t *l);
+int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *l);
+void sd_journal_restart_data(sd_journal *j);
+
+int sd_journal_add_match(sd_journal *j, const void *data, size_t size);
+int sd_journal_add_disjunction(sd_journal *j);
+int sd_journal_add_conjunction(sd_journal *j);
+void sd_journal_flush_matches(sd_journal *j);
+
+int sd_journal_seek_head(sd_journal *j);
+int sd_journal_seek_tail(sd_journal *j);
+int sd_journal_seek_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t usec);
+int sd_journal_seek_realtime_usec(sd_journal *j, uint64_t usec);
+int sd_journal_seek_cursor(sd_journal *j, const char *cursor);
+
+int sd_journal_get_cursor(sd_journal *j, char **cursor);
+int sd_journal_test_cursor(sd_journal *j, const char *cursor);
+
+int sd_journal_get_cutoff_realtime_usec(sd_journal *j, uint64_t *from, uint64_t *to);
+int sd_journal_get_cutoff_monotonic_usec(sd_journal *j, const sd_id128_t boot_id, uint64_t *from, uint64_t *to);
+
+int sd_journal_get_usage(sd_journal *j, uint64_t *bytes);
+
+int sd_journal_query_unique(sd_journal *j, const char *field);
+int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_t *l);
+void sd_journal_restart_unique(sd_journal *j);
+
+int sd_journal_enumerate_fields(sd_journal *j, const char **field);
+void sd_journal_restart_fields(sd_journal *j);
+
+int sd_journal_get_fd(sd_journal *j);
+int sd_journal_get_events(sd_journal *j);
+int sd_journal_get_timeout(sd_journal *j, uint64_t *timeout_usec);
+int sd_journal_process(sd_journal *j);
+int sd_journal_wait(sd_journal *j, uint64_t timeout_usec);
+int sd_journal_reliable_fd(sd_journal *j);
+
+int sd_journal_get_catalog(sd_journal *j, char **text);
+int sd_journal_get_catalog_for_message_id(sd_id128_t id, char **text);
+
+int sd_journal_has_runtime_files(sd_journal *j);
+int sd_journal_has_persistent_files(sd_journal *j);
+
+/* The inverse condition avoids ambiguity of dangling 'else' after the macro */
+#define SD_JOURNAL_FOREACH(j)                                           \
+        if (sd_journal_seek_head(j) < 0) { }                            \
+        else while (sd_journal_next(j) > 0)
+
+/* The inverse condition avoids ambiguity of dangling 'else' after the macro */
+#define SD_JOURNAL_FOREACH_BACKWARDS(j)                                 \
+        if (sd_journal_seek_tail(j) < 0) { }                            \
+        else while (sd_journal_previous(j) > 0)
+
+/* Iterate through the data fields of the current journal entry */
+#define SD_JOURNAL_FOREACH_DATA(j, data, l)                             \
+        for (sd_journal_restart_data(j); sd_journal_enumerate_data((j), &(data), &(l)) > 0; )
+
+/* Iterate through the all known values of a specific field */
+#define SD_JOURNAL_FOREACH_UNIQUE(j, data, l)                           \
+        for (sd_journal_restart_unique(j); sd_journal_enumerate_unique((j), &(data), &(l)) > 0; )
+
+/* Iterate through all known field names */
+#define SD_JOURNAL_FOREACH_FIELD(j, field) \
+        for (sd_journal_restart_fields(j); sd_journal_enumerate_fields((j), &(field)) > 0; )
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_journal, sd_journal_close);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/libsystemd/include/systemd/sd-lldp.h b/src/libsystemd/include/systemd/sd-lldp.h
new file mode 100644
index 0000000000..391e7c2a2e
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-lldp.h
@@ -0,0 +1,177 @@
+#ifndef foosdlldphfoo
+#define foosdlldphfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2014 Tom Gundersen
+  Copyright (C) 2014 Susant Sahani
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <net/ethernet.h>
+
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+typedef struct sd_lldp sd_lldp;
+typedef struct sd_lldp_neighbor sd_lldp_neighbor;
+
+/* IEEE 802.3AB Clause 9: TLV Types */
+enum {
+        SD_LLDP_TYPE_END                 = 0,
+        SD_LLDP_TYPE_CHASSIS_ID          = 1,
+        SD_LLDP_TYPE_PORT_ID             = 2,
+        SD_LLDP_TYPE_TTL                 = 3,
+        SD_LLDP_TYPE_PORT_DESCRIPTION    = 4,
+        SD_LLDP_TYPE_SYSTEM_NAME         = 5,
+        SD_LLDP_TYPE_SYSTEM_DESCRIPTION  = 6,
+        SD_LLDP_TYPE_SYSTEM_CAPABILITIES = 7,
+        SD_LLDP_TYPE_MGMT_ADDRESS        = 8,
+        SD_LLDP_TYPE_PRIVATE             = 127,
+};
+
+/* IEEE 802.3AB Clause 9.5.2: Chassis subtypes */
+enum {
+        SD_LLDP_CHASSIS_SUBTYPE_RESERVED            = 0,
+        SD_LLDP_CHASSIS_SUBTYPE_CHASSIS_COMPONENT   = 1,
+        SD_LLDP_CHASSIS_SUBTYPE_INTERFACE_ALIAS     = 2,
+        SD_LLDP_CHASSIS_SUBTYPE_PORT_COMPONENT      = 3,
+        SD_LLDP_CHASSIS_SUBTYPE_MAC_ADDRESS         = 4,
+        SD_LLDP_CHASSIS_SUBTYPE_NETWORK_ADDRESS     = 5,
+        SD_LLDP_CHASSIS_SUBTYPE_INTERFACE_NAME      = 6,
+        SD_LLDP_CHASSIS_SUBTYPE_LOCALLY_ASSIGNED    = 7,
+};
+
+/* IEEE 802.3AB Clause 9.5.3: Port subtype */
+enum {
+        SD_LLDP_PORT_SUBTYPE_RESERVED         = 0,
+        SD_LLDP_PORT_SUBTYPE_INTERFACE_ALIAS  = 1,
+        SD_LLDP_PORT_SUBTYPE_PORT_COMPONENT   = 2,
+        SD_LLDP_PORT_SUBTYPE_MAC_ADDRESS      = 3,
+        SD_LLDP_PORT_SUBTYPE_NETWORK_ADDRESS  = 4,
+        SD_LLDP_PORT_SUBTYPE_INTERFACE_NAME   = 5,
+        SD_LLDP_PORT_SUBTYPE_AGENT_CIRCUIT_ID = 6,
+        SD_LLDP_PORT_SUBTYPE_LOCALLY_ASSIGNED = 7,
+};
+
+enum {
+        SD_LLDP_SYSTEM_CAPABILITIES_OTHER    = 1 << 0,
+        SD_LLDP_SYSTEM_CAPABILITIES_REPEATER = 1 << 1,
+        SD_LLDP_SYSTEM_CAPABILITIES_BRIDGE   = 1 << 2,
+        SD_LLDP_SYSTEM_CAPABILITIES_WLAN_AP  = 1 << 3,
+        SD_LLDP_SYSTEM_CAPABILITIES_ROUTER   = 1 << 4,
+        SD_LLDP_SYSTEM_CAPABILITIES_PHONE    = 1 << 5,
+        SD_LLDP_SYSTEM_CAPABILITIES_DOCSIS   = 1 << 6,
+        SD_LLDP_SYSTEM_CAPABILITIES_STATION  = 1 << 7,
+        SD_LLDP_SYSTEM_CAPABILITIES_CVLAN    = 1 << 8,
+        SD_LLDP_SYSTEM_CAPABILITIES_SVLAN    = 1 << 9,
+        SD_LLDP_SYSTEM_CAPABILITIES_TPMR     = 1 << 10,
+};
+
+#define SD_LLDP_SYSTEM_CAPABILITIES_ALL ((uint16_t) -1)
+
+#define SD_LLDP_SYSTEM_CAPABILITIES_ALL_ROUTERS                         \
+        ((uint16_t)                                                     \
+         (SD_LLDP_SYSTEM_CAPABILITIES_REPEATER|                         \
+          SD_LLDP_SYSTEM_CAPABILITIES_BRIDGE|                           \
+          SD_LLDP_SYSTEM_CAPABILITIES_WLAN_AP|                          \
+          SD_LLDP_SYSTEM_CAPABILITIES_ROUTER|                           \
+          SD_LLDP_SYSTEM_CAPABILITIES_DOCSIS|                           \
+          SD_LLDP_SYSTEM_CAPABILITIES_CVLAN|                            \
+          SD_LLDP_SYSTEM_CAPABILITIES_SVLAN|                            \
+          SD_LLDP_SYSTEM_CAPABILITIES_TPMR))
+
+#define SD_LLDP_OUI_802_1 (uint8_t[]) { 0x00, 0x80, 0xc2 }
+#define SD_LLDP_OUI_802_3 (uint8_t[]) { 0x00, 0x12, 0x0f }
+
+enum {
+        SD_LLDP_OUI_802_1_SUBTYPE_PORT_VLAN_ID          = 1,
+        SD_LLDP_OUI_802_1_SUBTYPE_PORT_PROTOCOL_VLAN_ID = 2,
+        SD_LLDP_OUI_802_1_SUBTYPE_VLAN_NAME             = 3,
+        SD_LLDP_OUI_802_1_SUBTYPE_PROTOCOL_IDENTITY     = 4,
+        SD_LLDP_OUI_802_1_SUBTYPE_VID_USAGE_DIGEST      = 5,
+        SD_LLDP_OUI_802_1_SUBTYPE_MANAGEMENT_VID        = 6,
+        SD_LLDP_OUI_802_1_SUBTYPE_LINK_AGGREGATION      = 7,
+};
+
+typedef enum sd_lldp_event {
+        SD_LLDP_EVENT_ADDED     = 'a',
+        SD_LLDP_EVENT_REMOVED   = 'r',
+        SD_LLDP_EVENT_UPDATED   = 'u',
+        SD_LLDP_EVENT_REFRESHED = 'f',
+} sd_lldp_event;
+
+typedef void (*sd_lldp_callback_t)(sd_lldp *lldp, sd_lldp_event event, sd_lldp_neighbor *n, void *userdata);
+
+int sd_lldp_new(sd_lldp **ret, int ifindex);
+sd_lldp* sd_lldp_unref(sd_lldp *lldp);
+
+int sd_lldp_start(sd_lldp *lldp);
+int sd_lldp_stop(sd_lldp *lldp);
+
+int sd_lldp_attach_event(sd_lldp *lldp, sd_event *event, int64_t priority);
+int sd_lldp_detach_event(sd_lldp *lldp);
+
+int sd_lldp_set_callback(sd_lldp *lldp, sd_lldp_callback_t cb, void *userdata);
+
+/* Controls how much and what to store in the neighbors database */
+int sd_lldp_set_neighbors_max(sd_lldp *lldp, uint64_t n);
+int sd_lldp_match_capabilities(sd_lldp *lldp, uint16_t mask);
+int sd_lldp_set_filter_address(sd_lldp *lldp, const struct ether_addr *address);
+
+int sd_lldp_get_neighbors(sd_lldp *lldp, sd_lldp_neighbor ***neighbors);
+
+int sd_lldp_neighbor_from_raw(sd_lldp_neighbor **ret, const void *raw, size_t raw_size);
+sd_lldp_neighbor *sd_lldp_neighbor_ref(sd_lldp_neighbor *n);
+sd_lldp_neighbor *sd_lldp_neighbor_unref(sd_lldp_neighbor *n);
+
+/* Access to LLDP frame metadata */
+int sd_lldp_neighbor_get_source_address(sd_lldp_neighbor *n, struct ether_addr* address);
+int sd_lldp_neighbor_get_destination_address(sd_lldp_neighbor *n, struct ether_addr* address);
+int sd_lldp_neighbor_get_raw(sd_lldp_neighbor *n, const void **ret, size_t *size);
+
+/* High-level, direct, parsed out field access. These fields exist at most once, hence may be queried directly. */
+int sd_lldp_neighbor_get_chassis_id(sd_lldp_neighbor *n, uint8_t *type, const void **ret, size_t *size);
+int sd_lldp_neighbor_get_chassis_id_as_string(sd_lldp_neighbor *n, const char **ret);
+int sd_lldp_neighbor_get_port_id(sd_lldp_neighbor *n, uint8_t *type, const void **ret, size_t *size);
+int sd_lldp_neighbor_get_port_id_as_string(sd_lldp_neighbor *n, const char **ret);
+int sd_lldp_neighbor_get_ttl(sd_lldp_neighbor *n, uint16_t *ret);
+int sd_lldp_neighbor_get_system_name(sd_lldp_neighbor *n, const char **ret);
+int sd_lldp_neighbor_get_system_description(sd_lldp_neighbor *n, const char **ret);
+int sd_lldp_neighbor_get_port_description(sd_lldp_neighbor *n, const char **ret);
+int sd_lldp_neighbor_get_system_capabilities(sd_lldp_neighbor *n, uint16_t *ret);
+int sd_lldp_neighbor_get_enabled_capabilities(sd_lldp_neighbor *n, uint16_t *ret);
+
+/* Low-level, iterative TLV access. This is for evertyhing else, it iteratively goes through all available TLVs
+ * (including the ones covered with the calls above), and allows multiple TLVs for the same fields. */
+int sd_lldp_neighbor_tlv_rewind(sd_lldp_neighbor *n);
+int sd_lldp_neighbor_tlv_next(sd_lldp_neighbor *n);
+int sd_lldp_neighbor_tlv_get_type(sd_lldp_neighbor *n, uint8_t *type);
+int sd_lldp_neighbor_tlv_is_type(sd_lldp_neighbor *n, uint8_t type);
+int sd_lldp_neighbor_tlv_get_oui(sd_lldp_neighbor *n, uint8_t oui[3], uint8_t *subtype);
+int sd_lldp_neighbor_tlv_is_oui(sd_lldp_neighbor *n, const uint8_t oui[3], uint8_t subtype);
+int sd_lldp_neighbor_tlv_get_raw(sd_lldp_neighbor *n, const void **ret, size_t *size);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_lldp, sd_lldp_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_lldp_neighbor, sd_lldp_neighbor_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/systemd/sd-login.h b/src/libsystemd/include/systemd/sd-login.h
index e3ecbd8378..e3ecbd8378 100644
--- a/src/systemd/sd-login.h
+++ b/src/libsystemd/include/systemd/sd-login.h
diff --git a/src/libsystemd/include/systemd/sd-messages.h b/src/libsystemd/include/systemd/sd-messages.h
new file mode 100644
index 0000000000..1865e0492f
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-messages.h
@@ -0,0 +1,91 @@
+#ifndef foosdmessageshfoo
+#define foosdmessageshfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-id128.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+/* Hey! If you add a new message here, you *must* also update the
+ * message catalog with an appropriate explanation */
+
+/* And if you add a new ID here, make sure to generate a random one
+ * with journalctl --new-id128. Do not use any other IDs, and do not
+ * count them up manually. */
+
+#define SD_MESSAGE_JOURNAL_START    SD_ID128_MAKE(f7,73,79,a8,49,0b,40,8b,be,5f,69,40,50,5a,77,7b)
+#define SD_MESSAGE_JOURNAL_STOP     SD_ID128_MAKE(d9,3f,b3,c9,c2,4d,45,1a,97,ce,a6,15,ce,59,c0,0b)
+#define SD_MESSAGE_JOURNAL_DROPPED  SD_ID128_MAKE(a5,96,d6,fe,7b,fa,49,94,82,8e,72,30,9e,95,d6,1e)
+#define SD_MESSAGE_JOURNAL_MISSED   SD_ID128_MAKE(e9,bf,28,e6,e8,34,48,1b,b6,f4,8f,54,8a,d1,36,06)
+#define SD_MESSAGE_JOURNAL_USAGE    SD_ID128_MAKE(ec,38,7f,57,7b,84,4b,8f,a9,48,f3,3c,ad,9a,75,e6)
+
+#define SD_MESSAGE_COREDUMP         SD_ID128_MAKE(fc,2e,22,bc,6e,e6,47,b6,b9,07,29,ab,34,a2,50,b1)
+
+#define SD_MESSAGE_SESSION_START    SD_ID128_MAKE(8d,45,62,0c,1a,43,48,db,b1,74,10,da,57,c6,0c,66)
+#define SD_MESSAGE_SESSION_STOP     SD_ID128_MAKE(33,54,93,94,24,b4,45,6d,98,02,ca,83,33,ed,42,4a)
+#define SD_MESSAGE_SEAT_START       SD_ID128_MAKE(fc,be,fc,5d,a2,3d,42,80,93,f9,7c,82,a9,29,0f,7b)
+#define SD_MESSAGE_SEAT_STOP        SD_ID128_MAKE(e7,85,2b,fe,46,78,4e,d0,ac,cd,e0,4b,c8,64,c2,d5)
+#define SD_MESSAGE_MACHINE_START    SD_ID128_MAKE(24,d8,d4,45,25,73,40,24,96,06,83,81,a6,31,2d,f2)
+#define SD_MESSAGE_MACHINE_STOP     SD_ID128_MAKE(58,43,2b,d3,ba,ce,47,7c,b5,14,b5,63,81,b8,a7,58)
+
+#define SD_MESSAGE_TIME_CHANGE      SD_ID128_MAKE(c7,a7,87,07,9b,35,4e,aa,a9,e7,7b,37,18,93,cd,27)
+#define SD_MESSAGE_TIMEZONE_CHANGE  SD_ID128_MAKE(45,f8,2f,4a,ef,7a,4b,bf,94,2c,e8,61,d1,f2,09,90)
+
+#define SD_MESSAGE_STARTUP_FINISHED SD_ID128_MAKE(b0,7a,24,9c,d0,24,41,4a,82,dd,00,cd,18,13,78,ff)
+
+#define SD_MESSAGE_SLEEP_START      SD_ID128_MAKE(6b,bd,95,ee,97,79,41,e4,97,c4,8b,e2,7c,25,41,28)
+#define SD_MESSAGE_SLEEP_STOP       SD_ID128_MAKE(88,11,e6,df,2a,8e,40,f5,8a,94,ce,a2,6f,8e,bf,14)
+
+#define SD_MESSAGE_SHUTDOWN         SD_ID128_MAKE(98,26,88,66,d1,d5,4a,49,9c,4e,98,92,1d,93,bc,40)
+
+#define SD_MESSAGE_UNIT_STARTING    SD_ID128_MAKE(7d,49,58,e8,42,da,4a,75,8f,6c,1c,dc,7b,36,dc,c5)
+#define SD_MESSAGE_UNIT_STARTED     SD_ID128_MAKE(39,f5,34,79,d3,a0,45,ac,8e,11,78,62,48,23,1f,bf)
+#define SD_MESSAGE_UNIT_STOPPING    SD_ID128_MAKE(de,5b,42,6a,63,be,47,a7,b6,ac,3e,aa,c8,2e,2f,6f)
+#define SD_MESSAGE_UNIT_STOPPED     SD_ID128_MAKE(9d,1a,aa,27,d6,01,40,bd,96,36,54,38,aa,d2,02,86)
+#define SD_MESSAGE_UNIT_FAILED      SD_ID128_MAKE(be,02,cf,68,55,d2,42,8b,a4,0d,f7,e9,d0,22,f0,3d)
+#define SD_MESSAGE_UNIT_RELOADING   SD_ID128_MAKE(d3,4d,03,7f,ff,18,47,e6,ae,66,9a,37,0e,69,47,25)
+#define SD_MESSAGE_UNIT_RELOADED    SD_ID128_MAKE(7b,05,eb,c6,68,38,42,22,ba,a8,88,11,79,cf,da,54)
+
+#define SD_MESSAGE_SPAWN_FAILED     SD_ID128_MAKE(64,12,57,65,1c,1b,4e,c9,a8,62,4d,7a,40,a9,e1,e7)
+
+#define SD_MESSAGE_FORWARD_SYSLOG_MISSED SD_ID128_MAKE(00,27,22,9c,a0,64,41,81,a7,6c,4e,92,45,8a,fa,2e)
+
+#define SD_MESSAGE_OVERMOUNTING     SD_ID128_MAKE(1d,ee,03,69,c7,fc,47,36,b7,09,9b,38,ec,b4,6e,e7)
+
+#define SD_MESSAGE_LID_OPENED       SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,6f)
+#define SD_MESSAGE_LID_CLOSED       SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,70)
+#define SD_MESSAGE_SYSTEM_DOCKED    SD_ID128_MAKE(f5,f4,16,b8,62,07,4b,28,92,7a,48,c3,ba,7d,51,ff)
+#define SD_MESSAGE_SYSTEM_UNDOCKED  SD_ID128_MAKE(51,e1,71,bd,58,52,48,56,81,10,14,4c,51,7c,ca,53)
+#define SD_MESSAGE_POWER_KEY        SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,71)
+#define SD_MESSAGE_SUSPEND_KEY      SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,72)
+#define SD_MESSAGE_HIBERNATE_KEY    SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,73)
+
+#define SD_MESSAGE_INVALID_CONFIGURATION SD_ID128_MAKE(c7,72,d2,4e,9a,88,4c,be,b9,ea,12,62,5c,30,6c,01)
+
+#define SD_MESSAGE_DNSSEC_FAILURE   SD_ID128_MAKE(16,75,d7,f1,72,17,40,98,b1,10,8b,f8,c7,dc,8f,5d)
+#define SD_MESSAGE_DNSSEC_TRUST_ANCHOR_REVOKED SD_ID128_MAKE(4d,44,08,cf,d0,d1,44,85,91,84,d1,e6,5d,7c,8a,65)
+#define SD_MESSAGE_DNSSEC_DOWNGRADE SD_ID128_MAKE(36,db,2d,fa,5a,90,45,e1,bd,4a,f5,f9,3e,1c,f0,57)
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/libsystemd/include/systemd/sd-ndisc.h b/src/libsystemd/include/systemd/sd-ndisc.h
new file mode 100644
index 0000000000..c77a435d17
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-ndisc.h
@@ -0,0 +1,84 @@
+#ifndef foosdndiscfoo
+#define foosdndiscfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright (C) 2014 Intel Corporation. All rights reserved.
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <net/ethernet.h>
+
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+enum {
+        SD_NDISC_EVENT_STOP     = 0,
+        SD_NDISC_EVENT_TIMEOUT  = 1,
+};
+
+typedef struct sd_ndisc sd_ndisc;
+
+typedef void(*sd_ndisc_router_callback_t)(sd_ndisc *nd, uint8_t flags, const struct in6_addr *gateway, unsigned lifetime, int pref, void *userdata);
+typedef void(*sd_ndisc_prefix_onlink_callback_t)(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen,
+                                                 unsigned lifetime, void *userdata);
+typedef void(*sd_ndisc_prefix_autonomous_callback_t)(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen,
+                                                     unsigned lifetime_prefered, unsigned lifetime_valid, void *userdata);
+typedef void(*sd_ndisc_callback_t)(sd_ndisc *nd, int event, void *userdata);
+
+int sd_ndisc_set_callback(sd_ndisc *nd,
+                          sd_ndisc_router_callback_t rcb,
+                          sd_ndisc_prefix_onlink_callback_t plcb,
+                          sd_ndisc_prefix_autonomous_callback_t pacb,
+                          sd_ndisc_callback_t cb,
+                          void *userdata);
+int sd_ndisc_set_index(sd_ndisc *nd, int interface_index);
+int sd_ndisc_set_mac(sd_ndisc *nd, const struct ether_addr *mac_addr);
+
+int sd_ndisc_attach_event(sd_ndisc *nd, sd_event *event, int64_t priority);
+int sd_ndisc_detach_event(sd_ndisc *nd);
+sd_event *sd_ndisc_get_event(sd_ndisc *nd);
+
+sd_ndisc *sd_ndisc_ref(sd_ndisc *nd);
+sd_ndisc *sd_ndisc_unref(sd_ndisc *nd);
+int sd_ndisc_new(sd_ndisc **ret);
+
+int sd_ndisc_get_mtu(sd_ndisc *nd, uint32_t *mtu);
+
+int sd_ndisc_stop(sd_ndisc *nd);
+int sd_ndisc_router_discovery_start(sd_ndisc *nd);
+
+#define SD_NDISC_ADDRESS_FORMAT_STR "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x"
+
+#define SD_NDISC_ADDRESS_FORMAT_VAL(address) \
+        be16toh((address).s6_addr16[0]),        \
+        be16toh((address).s6_addr16[1]),        \
+        be16toh((address).s6_addr16[2]),        \
+        be16toh((address).s6_addr16[3]),        \
+        be16toh((address).s6_addr16[4]),        \
+        be16toh((address).s6_addr16[5]),        \
+        be16toh((address).s6_addr16[6]),        \
+        be16toh((address).s6_addr16[7])
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_ndisc, sd_ndisc_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/libsystemd/include/systemd/sd-netlink.h b/src/libsystemd/include/systemd/sd-netlink.h
new file mode 100644
index 0000000000..c4cefe4e30
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-netlink.h
@@ -0,0 +1,163 @@
+#ifndef foosdnetlinkhfoo
+#define foosdnetlinkhfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <netinet/ether.h>
+#include <netinet/in.h>
+#include <linux/rtnetlink.h>
+#include <linux/neighbour.h>
+
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+typedef struct sd_netlink sd_netlink;
+typedef struct sd_netlink_message sd_netlink_message;
+
+/* callback */
+
+typedef int (*sd_netlink_message_handler_t)(sd_netlink *nl, sd_netlink_message *m, void *userdata);
+
+/* bus */
+int sd_netlink_new_from_netlink(sd_netlink **nl, int fd);
+int sd_netlink_open(sd_netlink **nl);
+int sd_netlink_open_fd(sd_netlink **nl, int fd);
+int sd_netlink_inc_rcvbuf(const sd_netlink *const rtnl, const int size);
+
+sd_netlink *sd_netlink_ref(sd_netlink *nl);
+sd_netlink *sd_netlink_unref(sd_netlink *nl);
+
+int sd_netlink_send(sd_netlink *nl, sd_netlink_message *message, uint32_t *serial);
+int sd_netlink_call_async(sd_netlink *nl, sd_netlink_message *message,
+                       sd_netlink_message_handler_t callback,
+                       void *userdata, uint64_t usec, uint32_t *serial);
+int sd_netlink_call_async_cancel(sd_netlink *nl, uint32_t serial);
+int sd_netlink_call(sd_netlink *nl, sd_netlink_message *message, uint64_t timeout,
+                 sd_netlink_message **reply);
+
+int sd_netlink_get_events(sd_netlink *nl);
+int sd_netlink_get_timeout(sd_netlink *nl, uint64_t *timeout);
+int sd_netlink_process(sd_netlink *nl, sd_netlink_message **ret);
+int sd_netlink_wait(sd_netlink *nl, uint64_t timeout);
+
+int sd_netlink_add_match(sd_netlink *nl, uint16_t match, sd_netlink_message_handler_t c, void *userdata);
+int sd_netlink_remove_match(sd_netlink *nl, uint16_t match, sd_netlink_message_handler_t c, void *userdata);
+
+int sd_netlink_attach_event(sd_netlink *nl, sd_event *e, int64_t priority);
+int sd_netlink_detach_event(sd_netlink *nl);
+
+int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, const char *data);
+int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type);
+int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data);
+int sd_netlink_message_append_u16(sd_netlink_message *m, unsigned short type, uint16_t data);
+int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, uint32_t data);
+int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len);
+int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data);
+int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data);
+int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data);
+int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info);
+
+int sd_netlink_message_open_container(sd_netlink_message *m, unsigned short type);
+int sd_netlink_message_open_container_union(sd_netlink_message *m, unsigned short type, const char *key);
+int sd_netlink_message_close_container(sd_netlink_message *m);
+
+int sd_netlink_message_read_string(sd_netlink_message *m, unsigned short type, const char **data);
+int sd_netlink_message_read_u8(sd_netlink_message *m, unsigned short type, uint8_t *data);
+int sd_netlink_message_read_u16(sd_netlink_message *m, unsigned short type, uint16_t *data);
+int sd_netlink_message_read_u32(sd_netlink_message *m, unsigned short type, uint32_t *data);
+int sd_netlink_message_read_ether_addr(sd_netlink_message *m, unsigned short type, struct ether_addr *data);
+int sd_netlink_message_read_cache_info(sd_netlink_message *m, unsigned short type, struct ifa_cacheinfo *info);
+int sd_netlink_message_read_in_addr(sd_netlink_message *m, unsigned short type, struct in_addr *data);
+int sd_netlink_message_read_in6_addr(sd_netlink_message *m, unsigned short type, struct in6_addr *data);
+int sd_netlink_message_enter_container(sd_netlink_message *m, unsigned short type);
+int sd_netlink_message_exit_container(sd_netlink_message *m);
+
+int sd_netlink_message_rewind(sd_netlink_message *m);
+
+sd_netlink_message *sd_netlink_message_next(sd_netlink_message *m);
+
+sd_netlink_message *sd_netlink_message_ref(sd_netlink_message *m);
+sd_netlink_message *sd_netlink_message_unref(sd_netlink_message *m);
+
+int sd_netlink_message_request_dump(sd_netlink_message *m, int dump);
+int sd_netlink_message_is_error(sd_netlink_message *m);
+int sd_netlink_message_get_errno(sd_netlink_message *m);
+int sd_netlink_message_get_type(sd_netlink_message *m, uint16_t *type);
+int sd_netlink_message_set_flags(sd_netlink_message *m, uint16_t flags);
+int sd_netlink_message_is_broadcast(sd_netlink_message *m);
+
+/* rtnl */
+
+int sd_rtnl_message_new_link(sd_netlink *nl, sd_netlink_message **ret, uint16_t msg_type, int index);
+int sd_rtnl_message_new_addr_update(sd_netlink *nl, sd_netlink_message **ret, int index, int family);
+int sd_rtnl_message_new_addr(sd_netlink *nl, sd_netlink_message **ret, uint16_t msg_type, int index, int family);
+int sd_rtnl_message_new_route(sd_netlink *nl, sd_netlink_message **ret, uint16_t nlmsg_type, int rtm_family, unsigned char rtm_protocol);
+int sd_rtnl_message_new_neigh(sd_netlink *nl, sd_netlink_message **ret, uint16_t msg_type, int index, int nda_family);
+
+int sd_rtnl_message_get_family(sd_netlink_message *m, int *family);
+
+int sd_rtnl_message_addr_set_prefixlen(sd_netlink_message *m, unsigned char prefixlen);
+int sd_rtnl_message_addr_set_scope(sd_netlink_message *m, unsigned char scope);
+int sd_rtnl_message_addr_set_flags(sd_netlink_message *m, unsigned char flags);
+int sd_rtnl_message_addr_get_family(sd_netlink_message *m, int *family);
+int sd_rtnl_message_addr_get_prefixlen(sd_netlink_message *m, unsigned char *prefixlen);
+int sd_rtnl_message_addr_get_scope(sd_netlink_message *m, unsigned char *scope);
+int sd_rtnl_message_addr_get_flags(sd_netlink_message *m, unsigned char *flags);
+int sd_rtnl_message_addr_get_ifindex(sd_netlink_message *m, int *ifindex);
+
+int sd_rtnl_message_link_set_flags(sd_netlink_message *m, unsigned flags, unsigned change);
+int sd_rtnl_message_link_set_type(sd_netlink_message *m, unsigned type);
+int sd_rtnl_message_link_set_family(sd_netlink_message *m, unsigned family);
+int sd_rtnl_message_link_get_ifindex(sd_netlink_message *m, int *ifindex);
+int sd_rtnl_message_link_get_flags(sd_netlink_message *m, unsigned *flags);
+int sd_rtnl_message_link_get_type(sd_netlink_message *m, unsigned short *type);
+
+int sd_rtnl_message_route_set_dst_prefixlen(sd_netlink_message *m, unsigned char prefixlen);
+int sd_rtnl_message_route_set_src_prefixlen(sd_netlink_message *m, unsigned char prefixlen);
+int sd_rtnl_message_route_set_scope(sd_netlink_message *m, unsigned char scope);
+int sd_rtnl_message_route_set_flags(sd_netlink_message *m, unsigned flags);
+int sd_rtnl_message_route_set_table(sd_netlink_message *m, unsigned char table);
+int sd_rtnl_message_route_get_flags(sd_netlink_message *m, unsigned *flags);
+int sd_rtnl_message_route_get_family(sd_netlink_message *m, int *family);
+int sd_rtnl_message_route_set_family(sd_netlink_message *m, int family);
+int sd_rtnl_message_route_get_protocol(sd_netlink_message *m, unsigned char *protocol);
+int sd_rtnl_message_route_get_scope(sd_netlink_message *m, unsigned char *scope);
+int sd_rtnl_message_route_get_tos(sd_netlink_message *m, unsigned char *tos);
+int sd_rtnl_message_route_get_table(sd_netlink_message *m, unsigned char *table);
+int sd_rtnl_message_route_get_dst_prefixlen(sd_netlink_message *m, unsigned char *dst_len);
+int sd_rtnl_message_route_get_src_prefixlen(sd_netlink_message *m, unsigned char *src_len);
+
+int sd_rtnl_message_neigh_set_flags(sd_netlink_message *m, uint8_t flags);
+int sd_rtnl_message_neigh_set_state(sd_netlink_message *m, uint16_t state);
+int sd_rtnl_message_neigh_get_family(sd_netlink_message *m, int *family);
+int sd_rtnl_message_neigh_get_ifindex(sd_netlink_message *m, int *family);
+int sd_rtnl_message_neigh_get_state(sd_netlink_message *m, uint16_t *state);
+int sd_rtnl_message_neigh_get_flags(sd_netlink_message *m, uint8_t *flags);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_netlink, sd_netlink_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_netlink_message, sd_netlink_message_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/systemd/sd-network.h b/src/libsystemd/include/systemd/sd-network.h
index 0f13e2bae7..0f13e2bae7 100644
--- a/src/systemd/sd-network.h
+++ b/src/libsystemd/include/systemd/sd-network.h
diff --git a/src/systemd/sd-path.h b/src/libsystemd/include/systemd/sd-path.h
index be6abdcd03..be6abdcd03 100644
--- a/src/systemd/sd-path.h
+++ b/src/libsystemd/include/systemd/sd-path.h
diff --git a/src/libsystemd/include/systemd/sd-resolve.h b/src/libsystemd/include/systemd/sd-resolve.h
new file mode 100644
index 0000000000..fe3b910671
--- /dev/null
+++ b/src/libsystemd/include/systemd/sd-resolve.h
@@ -0,0 +1,117 @@
+#ifndef foosdresolvehfoo
+#define foosdresolvehfoo
+
+/***
+  This file is part of systemd.
+
+  Copyright 2005-2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <netdb.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+
+#include <systemd/sd-event.h>
+
+#include "_sd-common.h"
+
+_SD_BEGIN_DECLARATIONS;
+
+/* An opaque sd-resolve session structure */
+typedef struct sd_resolve sd_resolve;
+
+/* An opaque sd-resolve query structure */
+typedef struct sd_resolve_query sd_resolve_query;
+
+/* A callback on completion */
+typedef int (*sd_resolve_getaddrinfo_handler_t)(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata);
+typedef int (*sd_resolve_getnameinfo_handler_t)(sd_resolve_query *q, int ret, const char *host, const char *serv, void *userdata);
+
+enum {
+        SD_RESOLVE_GET_HOST = UINT64_C(1),
+        SD_RESOLVE_GET_SERVICE = UINT64_C(2),
+        SD_RESOLVE_GET_BOTH = UINT64_C(3),
+};
+
+int sd_resolve_default(sd_resolve **ret);
+
+/* Allocate a new sd-resolve session. */
+int sd_resolve_new(sd_resolve **ret);
+
+/* Free a sd-resolve session. This destroys all attached
+ * sd_resolve_query objects automatically. */
+sd_resolve* sd_resolve_unref(sd_resolve *resolve);
+sd_resolve* sd_resolve_ref(sd_resolve *resolve);
+
+/* Return the UNIX file descriptor to poll() for events on. Use this
+ * function to integrate sd-resolve with your custom main loop. */
+int sd_resolve_get_fd(sd_resolve *resolve);
+
+/* Return the poll() events (a combination of flags like POLLIN,
+ * POLLOUT, ...) to check for. */
+int sd_resolve_get_events(sd_resolve *resolve);
+
+/* Return the poll() timeout to pass. Returns (uint64_t) -1 as
+ * timeout if no timeout is needed. */
+int sd_resolve_get_timeout(sd_resolve *resolve, uint64_t *timeout_usec);
+
+/* Process pending responses. After this function is called, you can
+ * get the next completed query object(s) using
+ * sd_resolve_get_next(). */
+int sd_resolve_process(sd_resolve *resolve);
+
+/* Wait for a resolve event to complete. */
+int sd_resolve_wait(sd_resolve *resolve, uint64_t timeout_usec);
+
+int sd_resolve_get_tid(sd_resolve *resolve, pid_t *tid);
+
+int sd_resolve_attach_event(sd_resolve *resolve, sd_event *e, int64_t priority);
+int sd_resolve_detach_event(sd_resolve *resolve);
+sd_event *sd_resolve_get_event(sd_resolve *resolve);
+
+/* Issue a name-to-address query on the specified session. The
+ * arguments are compatible with those of libc's
+ * getaddrinfo(3). The function returns a new query object. When the
+ * query is completed, you may retrieve the results using
+ * sd_resolve_getaddrinfo_done(). */
+int sd_resolve_getaddrinfo(sd_resolve *resolve, sd_resolve_query **q, const char *node, const char *service, const struct addrinfo *hints, sd_resolve_getaddrinfo_handler_t callback, void *userdata);
+
+/* Issue an address-to-name query on the specified session. The
+ * arguments are compatible with those of libc's
+ * getnameinfo(3). The function returns a new query object. When the
+ * query is completed, you may retrieve the results using
+ * sd_resolve_getnameinfo_done(). Set gethost (resp. getserv) to non-zero
+ * if you want to query the hostname (resp. the service name). */
+int sd_resolve_getnameinfo(sd_resolve *resolve, sd_resolve_query **q, const struct sockaddr *sa, socklen_t salen, int flags, uint64_t get, sd_resolve_getnameinfo_handler_t callback, void *userdata);
+
+sd_resolve_query *sd_resolve_query_ref(sd_resolve_query* q);
+sd_resolve_query *sd_resolve_query_unref(sd_resolve_query* q);
+
+/* Returns non-zero when the query operation specified by q has been completed. */
+int sd_resolve_query_is_done(sd_resolve_query*q);
+
+void *sd_resolve_query_get_userdata(sd_resolve_query *q);
+void *sd_resolve_query_set_userdata(sd_resolve_query *q, void *userdata);
+
+sd_resolve *sd_resolve_query_get_resolve(sd_resolve_query *q);
+
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_resolve, sd_resolve_unref);
+_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_resolve_query, sd_resolve_query_unref);
+
+_SD_END_DECLARATIONS;
+
+#endif
diff --git a/src/systemd/sd-utf8.h b/src/libsystemd/include/systemd/sd-utf8.h
index 6781983878..6781983878 100644
--- a/src/systemd/sd-utf8.h
+++ b/src/libsystemd/include/systemd/sd-utf8.h
diff --git a/src/libsystemd/libsystemd-internal/Makefile b/src/libsystemd/libsystemd-internal/Makefile
new file mode 100644
index 0000000000..6bf0488bf5
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/Makefile
@@ -0,0 +1,247 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+libsystemd_internal_la_SOURCES = \
+	src/systemd/sd-bus.h \
+	src/systemd/sd-bus-protocol.h \
+	src/systemd/sd-bus-vtable.h \
+	src/systemd/sd-utf8.h \
+	src/systemd/sd-event.h \
+	src/systemd/sd-netlink.h \
+	src/systemd/sd-resolve.h \
+	src/systemd/sd-login.h \
+	src/systemd/sd-id128.h \
+	src/systemd/sd-daemon.h \
+	src/systemd/sd-path.h \
+	src/systemd/sd-network.h \
+	src/systemd/sd-hwdb.h \
+	src/systemd/sd-device.h \
+	src/libsystemd/libsystemd.sym \
+	src/libsystemd/sd-bus/sd-bus.c \
+	src/libsystemd/sd-bus/bus-control.c \
+	src/libsystemd/sd-bus/bus-control.h \
+	src/libsystemd/sd-bus/bus-error.c \
+	src/libsystemd/sd-bus/bus-error.h \
+	src/libsystemd/sd-bus/bus-common-errors.h \
+	src/libsystemd/sd-bus/bus-common-errors.c \
+	src/libsystemd/sd-bus/bus-internal.c \
+	src/libsystemd/sd-bus/bus-internal.h \
+	src/libsystemd/sd-bus/bus-socket.c \
+	src/libsystemd/sd-bus/bus-socket.h \
+	src/libsystemd/sd-bus/bus-kernel.c \
+	src/libsystemd/sd-bus/bus-kernel.h \
+	src/libsystemd/sd-bus/bus-container.c \
+	src/libsystemd/sd-bus/bus-container.h \
+	src/libsystemd/sd-bus/bus-message.c \
+	src/libsystemd/sd-bus/bus-message.h \
+	src/libsystemd/sd-bus/bus-creds.c \
+	src/libsystemd/sd-bus/bus-creds.h \
+	src/libsystemd/sd-bus/bus-signature.c \
+	src/libsystemd/sd-bus/bus-signature.h \
+	src/libsystemd/sd-bus/bus-type.c \
+	src/libsystemd/sd-bus/bus-type.h \
+	src/libsystemd/sd-bus/bus-match.c \
+	src/libsystemd/sd-bus/bus-match.h \
+	src/libsystemd/sd-bus/bus-bloom.c \
+	src/libsystemd/sd-bus/bus-bloom.h \
+	src/libsystemd/sd-bus/bus-introspect.c \
+	src/libsystemd/sd-bus/bus-introspect.h \
+	src/libsystemd/sd-bus/bus-objects.c \
+	src/libsystemd/sd-bus/bus-objects.h \
+	src/libsystemd/sd-bus/bus-gvariant.c \
+	src/libsystemd/sd-bus/bus-gvariant.h \
+	src/libsystemd/sd-bus/bus-convenience.c \
+	src/libsystemd/sd-bus/bus-track.c \
+	src/libsystemd/sd-bus/bus-track.h \
+	src/libsystemd/sd-bus/bus-slot.c \
+	src/libsystemd/sd-bus/bus-slot.h \
+	src/libsystemd/sd-bus/bus-protocol.h \
+	src/libsystemd/sd-bus/kdbus.h \
+	src/libsystemd/sd-bus/bus-dump.c \
+	src/libsystemd/sd-bus/bus-dump.h \
+	src/libsystemd/sd-utf8/sd-utf8.c \
+	src/libsystemd/sd-event/sd-event.c \
+	src/libsystemd/sd-netlink/sd-netlink.c \
+	src/libsystemd/sd-netlink/netlink-internal.h \
+	src/libsystemd/sd-netlink/netlink-message.c \
+	src/libsystemd/sd-netlink/netlink-socket.c \
+	src/libsystemd/sd-netlink/rtnl-message.c \
+	src/libsystemd/sd-netlink/netlink-types.h \
+	src/libsystemd/sd-netlink/netlink-types.c \
+	src/libsystemd/sd-netlink/netlink-util.h \
+	src/libsystemd/sd-netlink/netlink-util.c \
+	src/libsystemd/sd-netlink/local-addresses.h \
+	src/libsystemd/sd-netlink/local-addresses.c \
+	src/libsystemd/sd-id128/sd-id128.c \
+	src/libsystemd/sd-daemon/sd-daemon.c \
+	src/libsystemd/sd-login/sd-login.c \
+	src/libsystemd/sd-path/sd-path.c \
+	src/libsystemd/sd-network/sd-network.c \
+	src/libsystemd/sd-network/network-util.h \
+	src/libsystemd/sd-network/network-util.c \
+	src/libsystemd/sd-hwdb/sd-hwdb.c \
+	src/libsystemd/sd-hwdb/hwdb-util.h \
+	src/libsystemd/sd-hwdb/hwdb-internal.h \
+	src/libsystemd/sd-device/device-internal.h \
+	src/libsystemd/sd-device/device-util.h \
+	src/libsystemd/sd-device/device-enumerator.c \
+	src/libsystemd/sd-device/device-enumerator-private.h \
+	src/libsystemd/sd-device/sd-device.c \
+	src/libsystemd/sd-device/device-private.c \
+	src/libsystemd/sd-device/device-private.h \
+	src/libsystemd/sd-resolve/sd-resolve.c
+
+libsystemd_internal_la_LIBADD = \
+	libbasic.la \
+	-lresolv
+
+noinst_LTLIBRARIES += \
+	libsystemd-internal.la
+
+test_bus_marshal_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-marshal.c
+
+test_bus_marshal_LDADD = \
+	libshared.la \
+	$(GLIB_LIBS) \
+	$(DBUS_LIBS)
+
+test_bus_marshal_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(GLIB_CFLAGS) \
+	$(DBUS_CFLAGS)
+
+test_bus_signature_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-signature.c
+
+test_bus_signature_LDADD = \
+	libshared.la
+
+test_bus_chat_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-chat.c
+
+test_bus_chat_LDADD = \
+	libshared.la
+
+test_bus_cleanup_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-cleanup.c
+
+test_bus_cleanup_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(SECCOMP_CFLAGS)
+
+test_bus_cleanup_LDADD = \
+	libshared.la
+
+test_bus_server_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-server.c
+
+test_bus_server_LDADD = \
+	libshared.la
+
+test_bus_objects_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-objects.c
+
+test_bus_objects_LDADD = \
+	libshared.la
+
+test_bus_error_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-error.c
+
+test_bus_error_LDADD = \
+	libshared.la
+
+test_bus_gvariant_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-gvariant.c
+
+test_bus_gvariant_LDADD = \
+	libshared.la \
+	$(GLIB_LIBS)
+
+test_bus_gvariant_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(GLIB_CFLAGS)
+
+test_bus_creds_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-creds.c
+
+test_bus_creds_LDADD = \
+	libshared.la
+
+test_bus_match_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-match.c
+
+test_bus_match_LDADD = \
+	libshared.la
+
+test_bus_kernel_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-kernel.c
+
+test_bus_kernel_LDADD = \
+	libshared.la
+
+test_bus_kernel_bloom_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-kernel-bloom.c
+
+test_bus_kernel_bloom_LDADD = \
+	libshared.la
+
+test_bus_benchmark_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-benchmark.c
+
+test_bus_benchmark_LDADD = \
+	libshared.la
+
+test_bus_zero_copy_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-zero-copy.c
+
+test_bus_zero_copy_LDADD = \
+	libshared.la
+
+test_bus_introspect_SOURCES = \
+	src/libsystemd/sd-bus/test-bus-introspect.c
+
+test_bus_introspect_LDADD = \
+	libshared.la
+
+test_event_SOURCES = \
+	src/libsystemd/sd-event/test-event.c
+
+test_event_LDADD = \
+	libshared.la
+
+test_netlink_SOURCES = \
+	src/libsystemd/sd-netlink/test-netlink.c
+
+test_netlink_LDADD = \
+	libshared.la
+
+test_resolve_SOURCES = \
+	src/libsystemd/sd-resolve/test-resolve.c
+
+test_resolve_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/libsystemd/sd-bus/DIFFERENCES b/src/libsystemd/libsystemd-internal/sd-bus/DIFFERENCES
index db269675a7..db269675a7 100644
--- a/src/libsystemd/sd-bus/DIFFERENCES
+++ b/src/libsystemd/libsystemd-internal/sd-bus/DIFFERENCES
diff --git a/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION b/src/libsystemd/libsystemd-internal/sd-bus/GVARIANT-SERIALIZATION
index 6aeb11364a..6aeb11364a 100644
--- a/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION
+++ b/src/libsystemd/libsystemd-internal/sd-bus/GVARIANT-SERIALIZATION
diff --git a/src/libsystemd/sd-bus/PORTING-DBUS1 b/src/libsystemd/libsystemd-internal/sd-bus/PORTING-DBUS1
index 2dedb28bcf..2dedb28bcf 100644
--- a/src/libsystemd/sd-bus/PORTING-DBUS1
+++ b/src/libsystemd/libsystemd-internal/sd-bus/PORTING-DBUS1
diff --git a/src/libsystemd/sd-bus/bus-bloom.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-bloom.c
index 112769fcb6..112769fcb6 100644
--- a/src/libsystemd/sd-bus/bus-bloom.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-bloom.c
diff --git a/src/libsystemd/sd-bus/bus-bloom.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-bloom.h
index c824622b95..c824622b95 100644
--- a/src/libsystemd/sd-bus/bus-bloom.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-bloom.h
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-common-errors.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-common-errors.c
new file mode 100644
index 0000000000..a19e98e94b
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-common-errors.c
@@ -0,0 +1,87 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-common-errors.h"
+#include "bus-error.h"
+
+BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_common_errors[] = {
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_UNIT,                 ENOENT),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_UNIT_FOR_PID,              ESRCH),
+        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_EXISTS,                  EEXIST),
+        SD_BUS_ERROR_MAP(BUS_ERROR_LOAD_FAILED,                  EIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_JOB_FAILED,                   EREMOTEIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_JOB,                  ENOENT),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NOT_SUBSCRIBED,               EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_ALREADY_SUBSCRIBED,           EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_ONLY_BY_DEPENDENCY,           EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSACTION_JOBS_CONFLICTING, EDEADLK),
+        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSACTION_ORDER_IS_CYCLIC,  EDEADLK),
+        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE,   EDEADLK),
+        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_MASKED,                  ESHUTDOWN),
+        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_GENERATED,               EADDRNOTAVAIL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_LINKED,                  ELOOP),
+        SD_BUS_ERROR_MAP(BUS_ERROR_JOB_TYPE_NOT_APPLICABLE,      EBADR),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_ISOLATION,                 EPERM),
+        SD_BUS_ERROR_MAP(BUS_ERROR_SHUTTING_DOWN,                ECANCELED),
+        SD_BUS_ERROR_MAP(BUS_ERROR_SCOPE_NOT_RUNNING,            EHOSTDOWN),
+
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_MACHINE,              ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_IMAGE,                ENOENT),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_MACHINE_FOR_PID,           ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_MACHINE_EXISTS,               EEXIST),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_PRIVATE_NETWORKING,        ENOSYS),
+
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_SESSION,              ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SESSION_FOR_PID,           ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_USER,                 ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_USER_FOR_PID,              ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_SEAT,                 ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_SESSION_NOT_ON_SEAT,          EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NOT_IN_CONTROL,               EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_DEVICE_IS_TAKEN,              EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_DEVICE_NOT_TAKEN,             EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_OPERATION_IN_PROGRESS,        EINPROGRESS),
+        SD_BUS_ERROR_MAP(BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED,     EOPNOTSUPP),
+
+        SD_BUS_ERROR_MAP(BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED,  EALREADY),
+
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_PROCESS,              ESRCH),
+
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_NAME_SERVERS,              ESRCH),
+        SD_BUS_ERROR_MAP(BUS_ERROR_INVALID_REPLY,                EINVAL),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_RR,                   ENOENT),
+        SD_BUS_ERROR_MAP(BUS_ERROR_CNAME_LOOP,                   EDEADLK),
+        SD_BUS_ERROR_MAP(BUS_ERROR_ABORTED,                      ECANCELED),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_SERVICE,              EUNATCH),
+        SD_BUS_ERROR_MAP(BUS_ERROR_DNSSEC_FAILED,                EHOSTUNREACH),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_TRUST_ANCHOR,              EHOSTUNREACH),
+        SD_BUS_ERROR_MAP(BUS_ERROR_RR_TYPE_UNSUPPORTED,          EOPNOTSUPP),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_LINK,                 ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_LINK_BUSY,                    EBUSY),
+        SD_BUS_ERROR_MAP(BUS_ERROR_NETWORK_DOWN,                 ENETDOWN),
+
+        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_TRANSFER,             ENXIO),
+        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSFER_IN_PROGRESS,         EBUSY),
+
+        SD_BUS_ERROR_MAP_END
+};
diff --git a/src/libsystemd/sd-bus/bus-common-errors.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-common-errors.h
index c8f369cb78..c8f369cb78 100644
--- a/src/libsystemd/sd-bus/bus-common-errors.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-common-errors.h
diff --git a/src/libsystemd/sd-bus/bus-container.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-container.c
index 3191d27ded..3191d27ded 100644
--- a/src/libsystemd/sd-bus/bus-container.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-container.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-container.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-container.h
new file mode 100644
index 0000000000..5cd6d15ede
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-container.h
@@ -0,0 +1,25 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+int bus_container_connect_socket(sd_bus *b);
+int bus_container_connect_kernel(sd_bus *b);
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-control.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-control.c
new file mode 100644
index 0000000000..00de530d58
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-control.c
@@ -0,0 +1,1588 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#ifdef HAVE_VALGRIND_MEMCHECK_H
+#include <valgrind/memcheck.h>
+#endif
+
+#include <errno.h>
+#include <stddef.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-bloom.h"
+#include "bus-control.h"
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "capability-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "user-util.h"
+
+_public_ int sd_bus_get_unique_name(sd_bus *bus, const char **unique) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(unique, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        r = bus_ensure_running(bus);
+        if (r < 0)
+                return r;
+
+        *unique = bus->unique_name;
+        return 0;
+}
+
+static int bus_request_name_kernel(sd_bus *bus, const char *name, uint64_t flags) {
+        struct kdbus_cmd *n;
+        size_t size, l;
+        int r;
+
+        assert(bus);
+        assert(name);
+
+        l = strlen(name) + 1;
+        size = offsetof(struct kdbus_cmd, items) + KDBUS_ITEM_SIZE(l);
+        n = alloca0_align(size, 8);
+        n->size = size;
+        n->flags = request_name_flags_to_kdbus(flags);
+
+        n->items[0].size = KDBUS_ITEM_HEADER_SIZE + l;
+        n->items[0].type = KDBUS_ITEM_NAME;
+        memcpy(n->items[0].str, name, l);
+
+#ifdef HAVE_VALGRIND_MEMCHECK_H
+        VALGRIND_MAKE_MEM_DEFINED(n, n->size);
+#endif
+
+        r = ioctl(bus->input_fd, KDBUS_CMD_NAME_ACQUIRE, n);
+        if (r < 0)
+                return -errno;
+
+        if (n->return_flags & KDBUS_NAME_IN_QUEUE)
+                return 0;
+
+        return 1;
+}
+
+static int bus_request_name_dbus1(sd_bus *bus, const char *name, uint64_t flags) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        uint32_t ret, param = 0;
+        int r;
+
+        assert(bus);
+        assert(name);
+
+        if (flags & SD_BUS_NAME_ALLOW_REPLACEMENT)
+                param |= BUS_NAME_ALLOW_REPLACEMENT;
+        if (flags & SD_BUS_NAME_REPLACE_EXISTING)
+                param |= BUS_NAME_REPLACE_EXISTING;
+        if (!(flags & SD_BUS_NAME_QUEUE))
+                param |= BUS_NAME_DO_NOT_QUEUE;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.DBus",
+                        "/org/freedesktop/DBus",
+                        "org.freedesktop.DBus",
+                        "RequestName",
+                        NULL,
+                        &reply,
+                        "su",
+                        name,
+                        param);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(reply, "u", &ret);
+        if (r < 0)
+                return r;
+
+        if (ret == BUS_NAME_ALREADY_OWNER)
+                return -EALREADY;
+        else if (ret == BUS_NAME_EXISTS)
+                return -EEXIST;
+        else if (ret == BUS_NAME_IN_QUEUE)
+                return 0;
+        else if (ret == BUS_NAME_PRIMARY_OWNER)
+                return 1;
+
+        return -EIO;
+}
+
+_public_ int sd_bus_request_name(sd_bus *bus, const char *name, uint64_t flags) {
+        assert_return(bus, -EINVAL);
+        assert_return(name, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+        assert_return(!(flags & ~(SD_BUS_NAME_ALLOW_REPLACEMENT|SD_BUS_NAME_REPLACE_EXISTING|SD_BUS_NAME_QUEUE)), -EINVAL);
+        assert_return(service_name_is_valid(name), -EINVAL);
+        assert_return(name[0] != ':', -EINVAL);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        /* Don't allow requesting the special driver and local names */
+        if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
+                return -EINVAL;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (bus->is_kernel)
+                return bus_request_name_kernel(bus, name, flags);
+        else
+                return bus_request_name_dbus1(bus, name, flags);
+}
+
+static int bus_release_name_kernel(sd_bus *bus, const char *name) {
+        struct kdbus_cmd *n;
+        size_t size, l;
+        int r;
+
+        assert(bus);
+        assert(name);
+
+        l = strlen(name) + 1;
+        size = offsetof(struct kdbus_cmd, items) + KDBUS_ITEM_SIZE(l);
+        n = alloca0_align(size, 8);
+        n->size = size;
+
+        n->items[0].size = KDBUS_ITEM_HEADER_SIZE + l;
+        n->items[0].type = KDBUS_ITEM_NAME;
+        memcpy(n->items[0].str, name, l);
+
+#ifdef HAVE_VALGRIND_MEMCHECK_H
+        VALGRIND_MAKE_MEM_DEFINED(n, n->size);
+#endif
+        r = ioctl(bus->input_fd, KDBUS_CMD_NAME_RELEASE, n);
+        if (r < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int bus_release_name_dbus1(sd_bus *bus, const char *name) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        uint32_t ret;
+        int r;
+
+        assert(bus);
+        assert(name);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.DBus",
+                        "/org/freedesktop/DBus",
+                        "org.freedesktop.DBus",
+                        "ReleaseName",
+                        NULL,
+                        &reply,
+                        "s",
+                        name);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(reply, "u", &ret);
+        if (r < 0)
+                return r;
+        if (ret == BUS_NAME_NON_EXISTENT)
+                return -ESRCH;
+        if (ret == BUS_NAME_NOT_OWNER)
+                return -EADDRINUSE;
+        if (ret == BUS_NAME_RELEASED)
+                return 0;
+
+        return -EINVAL;
+}
+
+_public_ int sd_bus_release_name(sd_bus *bus, const char *name) {
+        assert_return(bus, -EINVAL);
+        assert_return(name, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+        assert_return(service_name_is_valid(name), -EINVAL);
+        assert_return(name[0] != ':', -EINVAL);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        /* Don't allow releasing the special driver and local names */
+        if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
+                return -EINVAL;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (bus->is_kernel)
+                return bus_release_name_kernel(bus, name);
+        else
+                return bus_release_name_dbus1(bus, name);
+}
+
+static int kernel_get_list(sd_bus *bus, uint64_t flags, char ***x) {
+        struct kdbus_cmd_list cmd = {
+                .size = sizeof(cmd),
+                .flags = flags,
+        };
+        struct kdbus_info *name_list, *name;
+        uint64_t previous_id = 0;
+        int r;
+
+        /* Caller will free half-constructed list on failure... */
+
+        r = ioctl(bus->input_fd, KDBUS_CMD_LIST, &cmd);
+        if (r < 0)
+                return -errno;
+
+        name_list = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd.offset);
+
+        KDBUS_FOREACH(name, name_list, cmd.list_size) {
+                struct kdbus_item *item;
+
+                if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && !(name->flags & KDBUS_HELLO_ACTIVATOR)) {
+                        char *n;
+
+                        if (asprintf(&n, ":1.%llu", (unsigned long long) name->id) < 0) {
+                                r = -ENOMEM;
+                                goto fail;
+                        }
+
+                        r = strv_consume(x, n);
+                        if (r < 0)
+                                goto fail;
+
+                        previous_id = name->id;
+                }
+
+                KDBUS_ITEM_FOREACH(item, name, items) {
+                        if (item->type == KDBUS_ITEM_OWNED_NAME) {
+                                if (service_name_is_valid(item->name.name)) {
+                                        r = strv_extend(x, item->name.name);
+                                        if (r < 0) {
+                                                r = -ENOMEM;
+                                                goto fail;
+                                        }
+                                }
+                        }
+                }
+        }
+
+        r = 0;
+
+fail:
+        bus_kernel_cmd_free(bus, cmd.offset);
+        return r;
+}
+
+static int bus_list_names_kernel(sd_bus *bus, char ***acquired, char ***activatable) {
+        _cleanup_strv_free_ char **x = NULL, **y = NULL;
+        int r;
+
+        if (acquired) {
+                r = kernel_get_list(bus, KDBUS_LIST_UNIQUE | KDBUS_LIST_NAMES, &x);
+                if (r < 0)
+                        return r;
+        }
+
+        if (activatable) {
+                r = kernel_get_list(bus, KDBUS_LIST_ACTIVATORS, &y);
+                if (r < 0)
+                        return r;
+
+                *activatable = y;
+                y = NULL;
+        }
+
+        if (acquired) {
+                *acquired = x;
+                x = NULL;
+        }
+
+        return 0;
+}
+
+static int bus_list_names_dbus1(sd_bus *bus, char ***acquired, char ***activatable) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_strv_free_ char **x = NULL, **y = NULL;
+        int r;
+
+        if (acquired) {
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.DBus",
+                                "/org/freedesktop/DBus",
+                                "org.freedesktop.DBus",
+                                "ListNames",
+                                NULL,
+                                &reply,
+                                NULL);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_read_strv(reply, &x);
+                if (r < 0)
+                        return r;
+
+                reply = sd_bus_message_unref(reply);
+        }
+
+        if (activatable) {
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.DBus",
+                                "/org/freedesktop/DBus",
+                                "org.freedesktop.DBus",
+                                "ListActivatableNames",
+                                NULL,
+                                &reply,
+                                NULL);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_read_strv(reply, &y);
+                if (r < 0)
+                        return r;
+
+                *activatable = y;
+                y = NULL;
+        }
+
+        if (acquired) {
+                *acquired = x;
+                x = NULL;
+        }
+
+        return 0;
+}
+
+_public_ int sd_bus_list_names(sd_bus *bus, char ***acquired, char ***activatable) {
+        assert_return(bus, -EINVAL);
+        assert_return(acquired || activatable, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (bus->is_kernel)
+                return bus_list_names_kernel(bus, acquired, activatable);
+        else
+                return bus_list_names_dbus1(bus, acquired, activatable);
+}
+
+static int bus_populate_creds_from_items(
+                sd_bus *bus,
+                struct kdbus_info *info,
+                uint64_t mask,
+                sd_bus_creds *c) {
+
+        struct kdbus_item *item;
+        uint64_t m;
+        int r;
+
+        assert(bus);
+        assert(info);
+        assert(c);
+
+        KDBUS_ITEM_FOREACH(item, info, items) {
+
+                switch (item->type) {
+
+                case KDBUS_ITEM_PIDS:
+
+                        if (mask & SD_BUS_CREDS_PID && item->pids.pid > 0) {
+                                c->pid = (pid_t) item->pids.pid;
+                                c->mask |= SD_BUS_CREDS_PID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_TID && item->pids.tid > 0) {
+                                c->tid = (pid_t) item->pids.tid;
+                                c->mask |= SD_BUS_CREDS_TID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_PPID) {
+                                if (item->pids.ppid > 0) {
+                                        c->ppid = (pid_t) item->pids.ppid;
+                                        c->mask |= SD_BUS_CREDS_PPID;
+                                } else if (item->pids.pid == 1) {
+                                        /* The structure doesn't
+                                         * really distinguish the case
+                                         * where a process has no
+                                         * parent and where we don't
+                                         * know it because it could
+                                         * not be translated due to
+                                         * namespaces. However, we
+                                         * know that PID 1 has no
+                                         * parent process, hence let's
+                                         * patch that in, manually. */
+                                        c->ppid = 0;
+                                        c->mask |= SD_BUS_CREDS_PPID;
+                                }
+                        }
+
+                        break;
+
+                case KDBUS_ITEM_CREDS:
+
+                        if (mask & SD_BUS_CREDS_UID && (uid_t) item->creds.uid != UID_INVALID) {
+                                c->uid = (uid_t) item->creds.uid;
+                                c->mask |= SD_BUS_CREDS_UID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_EUID && (uid_t) item->creds.euid != UID_INVALID) {
+                                c->euid = (uid_t) item->creds.euid;
+                                c->mask |= SD_BUS_CREDS_EUID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_SUID && (uid_t) item->creds.suid != UID_INVALID) {
+                                c->suid = (uid_t) item->creds.suid;
+                                c->mask |= SD_BUS_CREDS_SUID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_FSUID && (uid_t) item->creds.fsuid != UID_INVALID) {
+                                c->fsuid = (uid_t) item->creds.fsuid;
+                                c->mask |= SD_BUS_CREDS_FSUID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_GID && (gid_t) item->creds.gid != GID_INVALID) {
+                                c->gid = (gid_t) item->creds.gid;
+                                c->mask |= SD_BUS_CREDS_GID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_EGID && (gid_t) item->creds.egid != GID_INVALID) {
+                                c->egid = (gid_t) item->creds.egid;
+                                c->mask |= SD_BUS_CREDS_EGID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_SGID && (gid_t) item->creds.sgid != GID_INVALID) {
+                                c->sgid = (gid_t) item->creds.sgid;
+                                c->mask |= SD_BUS_CREDS_SGID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_FSGID && (gid_t) item->creds.fsgid != GID_INVALID) {
+                                c->fsgid = (gid_t) item->creds.fsgid;
+                                c->mask |= SD_BUS_CREDS_FSGID;
+                        }
+
+                        break;
+
+                case KDBUS_ITEM_PID_COMM:
+                        if (mask & SD_BUS_CREDS_COMM) {
+                                r = free_and_strdup(&c->comm, item->str);
+                                if (r < 0)
+                                        return r;
+
+                                c->mask |= SD_BUS_CREDS_COMM;
+                        }
+                        break;
+
+                case KDBUS_ITEM_TID_COMM:
+                        if (mask & SD_BUS_CREDS_TID_COMM) {
+                                r = free_and_strdup(&c->tid_comm, item->str);
+                                if (r < 0)
+                                        return r;
+
+                                c->mask |= SD_BUS_CREDS_TID_COMM;
+                        }
+                        break;
+
+                case KDBUS_ITEM_EXE:
+                        if (mask & SD_BUS_CREDS_EXE) {
+                                r = free_and_strdup(&c->exe, item->str);
+                                if (r < 0)
+                                        return r;
+
+                                c->mask |= SD_BUS_CREDS_EXE;
+                        }
+                        break;
+
+                case KDBUS_ITEM_CMDLINE:
+                        if (mask & SD_BUS_CREDS_CMDLINE) {
+                                c->cmdline_size = item->size - offsetof(struct kdbus_item, data);
+                                c->cmdline = memdup(item->data, c->cmdline_size);
+                                if (!c->cmdline)
+                                        return -ENOMEM;
+
+                                c->mask |= SD_BUS_CREDS_CMDLINE;
+                        }
+                        break;
+
+                case KDBUS_ITEM_CGROUP:
+                        m = (SD_BUS_CREDS_CGROUP | SD_BUS_CREDS_UNIT |
+                             SD_BUS_CREDS_USER_UNIT | SD_BUS_CREDS_SLICE |
+                             SD_BUS_CREDS_SESSION | SD_BUS_CREDS_OWNER_UID) & mask;
+
+                        if (m) {
+                                r = free_and_strdup(&c->cgroup, item->str);
+                                if (r < 0)
+                                        return r;
+
+                                r = bus_get_root_path(bus);
+                                if (r < 0)
+                                        return r;
+
+                                r = free_and_strdup(&c->cgroup_root, bus->cgroup_root);
+                                if (r < 0)
+                                        return r;
+
+                                c->mask |= m;
+                        }
+                        break;
+
+                case KDBUS_ITEM_CAPS:
+                        m = (SD_BUS_CREDS_EFFECTIVE_CAPS | SD_BUS_CREDS_PERMITTED_CAPS |
+                             SD_BUS_CREDS_INHERITABLE_CAPS | SD_BUS_CREDS_BOUNDING_CAPS) & mask;
+
+                        if (m) {
+                                if (item->caps.last_cap != cap_last_cap() ||
+                                    item->size - offsetof(struct kdbus_item, caps.caps) < DIV_ROUND_UP(item->caps.last_cap, 32U) * 4 * 4)
+                                        return -EBADMSG;
+
+                                c->capability = memdup(item->caps.caps, item->size - offsetof(struct kdbus_item, caps.caps));
+                                if (!c->capability)
+                                        return -ENOMEM;
+
+                                c->mask |= m;
+                        }
+                        break;
+
+                case KDBUS_ITEM_SECLABEL:
+                        if (mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
+                                r = free_and_strdup(&c->label, item->str);
+                                if (r < 0)
+                                        return r;
+
+                                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
+                        }
+                        break;
+
+                case KDBUS_ITEM_AUDIT:
+                        if (mask & SD_BUS_CREDS_AUDIT_SESSION_ID) {
+                                c->audit_session_id = (uint32_t) item->audit.sessionid;
+                                c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
+                        }
+
+                        if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
+                                c->audit_login_uid = (uid_t) item->audit.loginuid;
+                                c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
+                        }
+                        break;
+
+                case KDBUS_ITEM_OWNED_NAME:
+                        if ((mask & SD_BUS_CREDS_WELL_KNOWN_NAMES) && service_name_is_valid(item->name.name)) {
+                                r = strv_extend(&c->well_known_names, item->name.name);
+                                if (r < 0)
+                                        return r;
+
+                                c->mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES;
+                        }
+                        break;
+
+                case KDBUS_ITEM_CONN_DESCRIPTION:
+                        if (mask & SD_BUS_CREDS_DESCRIPTION) {
+                                r = free_and_strdup(&c->description, item->str);
+                                if (r < 0)
+                                        return r;
+
+                                c->mask |= SD_BUS_CREDS_DESCRIPTION;
+                        }
+                        break;
+
+                case KDBUS_ITEM_AUXGROUPS:
+                        if (mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
+                                size_t i, n;
+                                uid_t *g;
+
+                                n = (item->size - offsetof(struct kdbus_item, data64)) / sizeof(uint64_t);
+                                g = new(gid_t, n);
+                                if (!g)
+                                        return -ENOMEM;
+
+                                for (i = 0; i < n; i++)
+                                        g[i] = item->data64[i];
+
+                                free(c->supplementary_gids);
+                                c->supplementary_gids = g;
+                                c->n_supplementary_gids = n;
+
+                                c->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
+                        }
+                        break;
+                }
+        }
+
+        return 0;
+}
+
+int bus_get_name_creds_kdbus(
+                sd_bus *bus,
+                const char *name,
+                uint64_t mask,
+                bool allow_activator,
+                sd_bus_creds **creds) {
+
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
+        struct kdbus_cmd_info *cmd;
+        struct kdbus_info *conn_info;
+        size_t size, l;
+        uint64_t id;
+        int r;
+
+        if (streq(name, "org.freedesktop.DBus"))
+                return -EOPNOTSUPP;
+
+        r = bus_kernel_parse_unique_name(name, &id);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                size = offsetof(struct kdbus_cmd_info, items);
+                cmd = alloca0_align(size, 8);
+                cmd->id = id;
+        } else {
+                l = strlen(name) + 1;
+                size = offsetof(struct kdbus_cmd_info, items) + KDBUS_ITEM_SIZE(l);
+                cmd = alloca0_align(size, 8);
+                cmd->items[0].size = KDBUS_ITEM_HEADER_SIZE + l;
+                cmd->items[0].type = KDBUS_ITEM_NAME;
+                memcpy(cmd->items[0].str, name, l);
+        }
+
+        /* If augmentation is on, and the bus didn't provide us
+         * the bits we want, then ask for the PID/TID so that we
+         * can read the rest from /proc. */
+        if ((mask & SD_BUS_CREDS_AUGMENT) &&
+            (mask & (SD_BUS_CREDS_PPID|
+                     SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
+                     SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
+                     SD_BUS_CREDS_SUPPLEMENTARY_GIDS|
+                     SD_BUS_CREDS_COMM|SD_BUS_CREDS_TID_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
+                     SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
+                     SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
+                     SD_BUS_CREDS_SELINUX_CONTEXT|
+                     SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))
+                mask |= SD_BUS_CREDS_PID;
+
+        cmd->size = size;
+        cmd->attach_flags = attach_flags_to_kdbus(mask);
+
+        r = ioctl(bus->input_fd, KDBUS_CMD_CONN_INFO, cmd);
+        if (r < 0)
+                return -errno;
+
+        conn_info = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd->offset);
+
+        /* Non-activated names are considered not available */
+        if (!allow_activator && (conn_info->flags & KDBUS_HELLO_ACTIVATOR)) {
+                if (name[0] == ':')
+                        r = -ENXIO;
+                else
+                        r = -ESRCH;
+                goto fail;
+        }
+
+        c = bus_creds_new();
+        if (!c) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        if (mask & SD_BUS_CREDS_UNIQUE_NAME) {
+                if (asprintf(&c->unique_name, ":1.%llu", (unsigned long long) conn_info->id) < 0) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
+        }
+
+        /* If KDBUS_ITEM_OWNED_NAME is requested then we'll get 0 of
+           them in case the service has no names. This does not mean
+           however that the list of owned names could not be
+           acquired. Hence, let's explicitly clarify that the data is
+           complete. */
+        c->mask |= mask & SD_BUS_CREDS_WELL_KNOWN_NAMES;
+
+        r = bus_populate_creds_from_items(bus, conn_info, mask, c);
+        if (r < 0)
+                goto fail;
+
+        r = bus_creds_add_more(c, mask, 0, 0);
+        if (r < 0)
+                goto fail;
+
+        if (creds) {
+                *creds = c;
+                c = NULL;
+        }
+
+        r = 0;
+
+fail:
+        bus_kernel_cmd_free(bus, cmd->offset);
+        return r;
+}
+
+static int bus_get_name_creds_dbus1(
+                sd_bus *bus,
+                const char *name,
+                uint64_t mask,
+                sd_bus_creds **creds) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply_unique = NULL, *reply = NULL;
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
+        const char *unique = NULL;
+        pid_t pid = 0;
+        int r;
+
+        /* Only query the owner if the caller wants to know it or if
+         * the caller just wants to check whether a name exists */
+        if ((mask & SD_BUS_CREDS_UNIQUE_NAME) || mask == 0) {
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.DBus",
+                                "/org/freedesktop/DBus",
+                                "org.freedesktop.DBus",
+                                "GetNameOwner",
+                                NULL,
+                                &reply_unique,
+                                "s",
+                                name);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_read(reply_unique, "s", &unique);
+                if (r < 0)
+                        return r;
+        }
+
+        if (mask != 0) {
+                c = bus_creds_new();
+                if (!c)
+                        return -ENOMEM;
+
+                if ((mask & SD_BUS_CREDS_UNIQUE_NAME) && unique) {
+                        c->unique_name = strdup(unique);
+                        if (!c->unique_name)
+                                return -ENOMEM;
+
+                        c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
+                }
+
+                if ((mask & SD_BUS_CREDS_PID) ||
+                    ((mask & SD_BUS_CREDS_AUGMENT) &&
+                     (mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
+                              SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
+                              SD_BUS_CREDS_SUPPLEMENTARY_GIDS|
+                              SD_BUS_CREDS_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
+                              SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
+                              SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
+                              SD_BUS_CREDS_SELINUX_CONTEXT|
+                              SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))) {
+
+                        uint32_t u;
+
+                        r = sd_bus_call_method(
+                                        bus,
+                                        "org.freedesktop.DBus",
+                                        "/org/freedesktop/DBus",
+                                        "org.freedesktop.DBus",
+                                        "GetConnectionUnixProcessID",
+                                        NULL,
+                                        &reply,
+                                        "s",
+                                        unique ? unique : name);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_read(reply, "u", &u);
+                        if (r < 0)
+                                return r;
+
+                        pid = u;
+                        if (mask & SD_BUS_CREDS_PID) {
+                                c->pid = u;
+                                c->mask |= SD_BUS_CREDS_PID;
+                        }
+
+                        reply = sd_bus_message_unref(reply);
+                }
+
+                if (mask & SD_BUS_CREDS_EUID) {
+                        uint32_t u;
+
+                        r = sd_bus_call_method(
+                                        bus,
+                                        "org.freedesktop.DBus",
+                                        "/org/freedesktop/DBus",
+                                        "org.freedesktop.DBus",
+                                        "GetConnectionUnixUser",
+                                        NULL,
+                                        &reply,
+                                        "s",
+                                        unique ? unique : name);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_read(reply, "u", &u);
+                        if (r < 0)
+                                return r;
+
+                        c->euid = u;
+                        c->mask |= SD_BUS_CREDS_EUID;
+
+                        reply = sd_bus_message_unref(reply);
+                }
+
+                if (mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
+                        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                        const void *p = NULL;
+                        size_t sz = 0;
+
+                        r = sd_bus_call_method(
+                                        bus,
+                                        "org.freedesktop.DBus",
+                                        "/org/freedesktop/DBus",
+                                        "org.freedesktop.DBus",
+                                        "GetConnectionSELinuxSecurityContext",
+                                        &error,
+                                        &reply,
+                                        "s",
+                                        unique ? unique : name);
+                        if (r < 0) {
+                                if (!sd_bus_error_has_name(&error, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown"))
+                                        return r;
+                        } else {
+                                r = sd_bus_message_read_array(reply, 'y', &p, &sz);
+                                if (r < 0)
+                                        return r;
+
+                                c->label = strndup(p, sz);
+                                if (!c->label)
+                                        return -ENOMEM;
+
+                                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
+                        }
+                }
+
+                r = bus_creds_add_more(c, mask, pid, 0);
+                if (r < 0)
+                        return r;
+        }
+
+        if (creds) {
+                *creds = c;
+                c = NULL;
+        }
+
+        return 0;
+}
+
+_public_ int sd_bus_get_name_creds(
+                sd_bus *bus,
+                const char *name,
+                uint64_t mask,
+                sd_bus_creds **creds) {
+
+        assert_return(bus, -EINVAL);
+        assert_return(name, -EINVAL);
+        assert_return((mask & ~SD_BUS_CREDS_AUGMENT) <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
+        assert_return(mask == 0 || creds, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+        assert_return(service_name_is_valid(name), -EINVAL);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        if (streq(name, "org.freedesktop.DBus.Local"))
+                return -EINVAL;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (bus->is_kernel)
+                return bus_get_name_creds_kdbus(bus, name, mask, false, creds);
+        else
+                return bus_get_name_creds_dbus1(bus, name, mask, creds);
+}
+
+static int bus_get_owner_creds_kdbus(sd_bus *bus, uint64_t mask, sd_bus_creds **ret) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
+        struct kdbus_cmd_info cmd = {
+                .size = sizeof(struct kdbus_cmd_info),
+        };
+        struct kdbus_info *creator_info;
+        pid_t pid = 0;
+        int r;
+
+        c = bus_creds_new();
+        if (!c)
+                return -ENOMEM;
+
+        /* If augmentation is on, and the bus doesn't didn't allow us
+         * to get the bits we want, then ask for the PID/TID so that we
+         * can read the rest from /proc. */
+        if ((mask & SD_BUS_CREDS_AUGMENT) &&
+            (mask & (SD_BUS_CREDS_PPID|
+                     SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
+                     SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
+                     SD_BUS_CREDS_SUPPLEMENTARY_GIDS|
+                     SD_BUS_CREDS_COMM|SD_BUS_CREDS_TID_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
+                     SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
+                     SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
+                     SD_BUS_CREDS_SELINUX_CONTEXT|
+                     SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))
+                mask |= SD_BUS_CREDS_PID;
+
+        cmd.attach_flags = attach_flags_to_kdbus(mask);
+
+        r = ioctl(bus->input_fd, KDBUS_CMD_BUS_CREATOR_INFO, &cmd);
+        if (r < 0)
+                return -errno;
+
+        creator_info = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd.offset);
+
+        r = bus_populate_creds_from_items(bus, creator_info, mask, c);
+        bus_kernel_cmd_free(bus, cmd.offset);
+        if (r < 0)
+                return r;
+
+        r = bus_creds_add_more(c, mask, pid, 0);
+        if (r < 0)
+                return r;
+
+        *ret = c;
+        c = NULL;
+        return 0;
+}
+
+static int bus_get_owner_creds_dbus1(sd_bus *bus, uint64_t mask, sd_bus_creds **ret) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
+        pid_t pid = 0;
+        bool do_label;
+        int r;
+
+        assert(bus);
+
+        do_label = bus->label && (mask & SD_BUS_CREDS_SELINUX_CONTEXT);
+
+        /* Avoid allocating anything if we have no chance of returning useful data */
+        if (!bus->ucred_valid && !do_label)
+                return -ENODATA;
+
+        c = bus_creds_new();
+        if (!c)
+                return -ENOMEM;
+
+        if (bus->ucred_valid) {
+                if (bus->ucred.pid > 0) {
+                        pid = c->pid = bus->ucred.pid;
+                        c->mask |= SD_BUS_CREDS_PID & mask;
+                }
+
+                if (bus->ucred.uid != UID_INVALID) {
+                        c->euid = bus->ucred.uid;
+                        c->mask |= SD_BUS_CREDS_EUID & mask;
+                }
+
+                if (bus->ucred.gid != GID_INVALID) {
+                        c->egid = bus->ucred.gid;
+                        c->mask |= SD_BUS_CREDS_EGID & mask;
+                }
+        }
+
+        if (do_label) {
+                c->label = strdup(bus->label);
+                if (!c->label)
+                        return -ENOMEM;
+
+                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
+        }
+
+        r = bus_creds_add_more(c, mask, pid, 0);
+        if (r < 0)
+                return r;
+
+        *ret = c;
+        c = NULL;
+        return 0;
+}
+
+_public_ int sd_bus_get_owner_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **ret) {
+        assert_return(bus, -EINVAL);
+        assert_return((mask & ~SD_BUS_CREDS_AUGMENT) <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
+        assert_return(ret, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (bus->is_kernel)
+                return bus_get_owner_creds_kdbus(bus, mask, ret);
+        else
+                return bus_get_owner_creds_dbus1(bus, mask, ret);
+}
+
+static int add_name_change_match(sd_bus *bus,
+                                 uint64_t cookie,
+                                 const char *name,
+                                 const char *old_owner,
+                                 const char *new_owner) {
+
+        uint64_t name_id = KDBUS_MATCH_ID_ANY, old_owner_id = 0, new_owner_id = 0;
+        int is_name_id = -1, r;
+        struct kdbus_item *item;
+
+        assert(bus);
+
+        /* If we encounter a match that could match against
+         * NameOwnerChanged messages, then we need to create
+         * KDBUS_ITEM_NAME_{ADD,REMOVE,CHANGE} and
+         * KDBUS_ITEM_ID_{ADD,REMOVE} matches for it, possibly
+         * multiple if the match is underspecified.
+         *
+         * The NameOwnerChanged signals take three parameters with
+         * unique or well-known names, but only some forms actually
+         * exist:
+         *
+         * WELLKNOWN, "", UNIQUE       → KDBUS_ITEM_NAME_ADD
+         * WELLKNOWN, UNIQUE, ""       → KDBUS_ITEM_NAME_REMOVE
+         * WELLKNOWN, UNIQUE, UNIQUE   → KDBUS_ITEM_NAME_CHANGE
+         * UNIQUE, "", UNIQUE          → KDBUS_ITEM_ID_ADD
+         * UNIQUE, UNIQUE, ""          → KDBUS_ITEM_ID_REMOVE
+         *
+         * For the latter two the two unique names must be identical.
+         *
+         * */
+
+        if (name) {
+                is_name_id = bus_kernel_parse_unique_name(name, &name_id);
+                if (is_name_id < 0)
+                        return 0;
+        }
+
+        if (!isempty(old_owner)) {
+                r = bus_kernel_parse_unique_name(old_owner, &old_owner_id);
+                if (r < 0)
+                        return 0;
+                if (r == 0)
+                        return 0;
+                if (is_name_id > 0 && old_owner_id != name_id)
+                        return 0;
+        } else
+                old_owner_id = KDBUS_MATCH_ID_ANY;
+
+        if (!isempty(new_owner)) {
+                r = bus_kernel_parse_unique_name(new_owner, &new_owner_id);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return 0;
+                if (is_name_id > 0 && new_owner_id != name_id)
+                        return 0;
+        } else
+                new_owner_id = KDBUS_MATCH_ID_ANY;
+
+        if (is_name_id <= 0) {
+                struct kdbus_cmd_match *m;
+                size_t sz, l;
+
+                /* If the name argument is missing or is a well-known
+                 * name, then add KDBUS_ITEM_NAME_{ADD,REMOVE,CHANGE}
+                 * matches for it */
+
+                l = name ? strlen(name) + 1 : 0;
+
+                sz = ALIGN8(offsetof(struct kdbus_cmd_match, items) +
+                            offsetof(struct kdbus_item, name_change) +
+                            offsetof(struct kdbus_notify_name_change, name) +
+                            l);
+
+                m = alloca0_align(sz, 8);
+                m->size = sz;
+                m->cookie = cookie;
+
+                item = m->items;
+                item->size =
+                        offsetof(struct kdbus_item, name_change) +
+                        offsetof(struct kdbus_notify_name_change, name) +
+                        l;
+
+                item->name_change.old_id.id = old_owner_id;
+                item->name_change.new_id.id = new_owner_id;
+
+                memcpy_safe(item->name_change.name, name, l);
+
+                /* If the old name is unset or empty, then
+                 * this can match against added names */
+                if (isempty(old_owner)) {
+                        item->type = KDBUS_ITEM_NAME_ADD;
+
+                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
+                        if (r < 0)
+                                return -errno;
+                }
+
+                /* If the new name is unset or empty, then
+                 * this can match against removed names */
+                if (isempty(new_owner)) {
+                        item->type = KDBUS_ITEM_NAME_REMOVE;
+
+                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
+                        if (r < 0)
+                                return -errno;
+                }
+
+                /* The CHANGE match we need in either case, because
+                 * what is reported as a name change by the kernel
+                 * might just be an owner change between starter and
+                 * normal clients. For userspace such a change should
+                 * be considered a removal/addition, hence let's
+                 * subscribe to this unconditionally. */
+                item->type = KDBUS_ITEM_NAME_CHANGE;
+                r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
+                if (r < 0)
+                        return -errno;
+        }
+
+        if (is_name_id != 0) {
+                struct kdbus_cmd_match *m;
+                uint64_t sz;
+
+                /* If the name argument is missing or is a unique
+                 * name, then add KDBUS_ITEM_ID_{ADD,REMOVE} matches
+                 * for it */
+
+                sz = ALIGN8(offsetof(struct kdbus_cmd_match, items) +
+                            offsetof(struct kdbus_item, id_change) +
+                            sizeof(struct kdbus_notify_id_change));
+
+                m = alloca0_align(sz, 8);
+                m->size = sz;
+                m->cookie = cookie;
+
+                item = m->items;
+                item->size =
+                        offsetof(struct kdbus_item, id_change) +
+                        sizeof(struct kdbus_notify_id_change);
+                item->id_change.id = name_id;
+
+                /* If the old name is unset or empty, then this can
+                 * match against added ids */
+                if (isempty(old_owner)) {
+                        item->type = KDBUS_ITEM_ID_ADD;
+                        if (!isempty(new_owner))
+                                item->id_change.id = new_owner_id;
+
+                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
+                        if (r < 0)
+                                return -errno;
+                }
+
+                /* If thew new name is unset or empty, then this can
+                 * match against removed ids */
+                if (isempty(new_owner)) {
+                        item->type = KDBUS_ITEM_ID_REMOVE;
+                        if (!isempty(old_owner))
+                                item->id_change.id = old_owner_id;
+
+                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
+                        if (r < 0)
+                                return -errno;
+                }
+        }
+
+        return 0;
+}
+
+int bus_add_match_internal_kernel(
+                sd_bus *bus,
+                struct bus_match_component *components,
+                unsigned n_components,
+                uint64_t cookie) {
+
+        struct kdbus_cmd_match *m;
+        struct kdbus_item *item;
+        uint64_t *bloom;
+        size_t sz;
+        const char *sender = NULL;
+        size_t sender_length = 0;
+        uint64_t src_id = KDBUS_MATCH_ID_ANY, dst_id = KDBUS_MATCH_ID_ANY;
+        bool using_bloom = false;
+        unsigned i;
+        bool matches_name_change = true;
+        const char *name_change_arg[3] = {};
+        int r;
+
+        assert(bus);
+
+        /* Monitor streams don't support matches, make this a NOP */
+        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
+                return 0;
+
+        bloom = alloca0(bus->bloom_size);
+
+        sz = ALIGN8(offsetof(struct kdbus_cmd_match, items));
+
+        for (i = 0; i < n_components; i++) {
+                struct bus_match_component *c = &components[i];
+
+                switch (c->type) {
+
+                case BUS_MATCH_SENDER:
+                        if (!streq(c->value_str, "org.freedesktop.DBus"))
+                                matches_name_change = false;
+
+                        r = bus_kernel_parse_unique_name(c->value_str, &src_id);
+                        if (r < 0)
+                                return r;
+                        else if (r > 0)
+                                sz += ALIGN8(offsetof(struct kdbus_item, id) + sizeof(uint64_t));
+                        else  {
+                                sender = c->value_str;
+                                sender_length = strlen(sender);
+                                sz += ALIGN8(offsetof(struct kdbus_item, str) + sender_length + 1);
+                        }
+
+                        break;
+
+                case BUS_MATCH_MESSAGE_TYPE:
+                        if (c->value_u8 != SD_BUS_MESSAGE_SIGNAL)
+                                matches_name_change = false;
+
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "message-type", bus_message_type_to_string(c->value_u8));
+                        using_bloom = true;
+                        break;
+
+                case BUS_MATCH_INTERFACE:
+                        if (!streq(c->value_str, "org.freedesktop.DBus"))
+                                matches_name_change = false;
+
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "interface", c->value_str);
+                        using_bloom = true;
+                        break;
+
+                case BUS_MATCH_MEMBER:
+                        if (!streq(c->value_str, "NameOwnerChanged"))
+                                matches_name_change = false;
+
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "member", c->value_str);
+                        using_bloom = true;
+                        break;
+
+                case BUS_MATCH_PATH:
+                        if (!streq(c->value_str, "/org/freedesktop/DBus"))
+                                matches_name_change = false;
+
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "path", c->value_str);
+                        using_bloom = true;
+                        break;
+
+                case BUS_MATCH_PATH_NAMESPACE:
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "path-slash-prefix", c->value_str);
+                        using_bloom = true;
+                        break;
+
+                case BUS_MATCH_ARG...BUS_MATCH_ARG_LAST: {
+                        char buf[sizeof("arg")-1 + 2 + 1];
+
+                        if (c->type - BUS_MATCH_ARG < 3)
+                                name_change_arg[c->type - BUS_MATCH_ARG] = c->value_str;
+
+                        xsprintf(buf, "arg%i", c->type - BUS_MATCH_ARG);
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, buf, c->value_str);
+                        using_bloom = true;
+                        break;
+                }
+
+                case BUS_MATCH_ARG_HAS...BUS_MATCH_ARG_HAS_LAST: {
+                        char buf[sizeof("arg")-1 + 2 + sizeof("-has")];
+
+                        xsprintf(buf, "arg%i-has", c->type - BUS_MATCH_ARG_HAS);
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, buf, c->value_str);
+                        using_bloom = true;
+                        break;
+                }
+
+                case BUS_MATCH_ARG_PATH...BUS_MATCH_ARG_PATH_LAST:
+                        /*
+                         * XXX: DBus spec defines arg[0..63]path= matching to be
+                         * a two-way glob. That is, if either string is a prefix
+                         * of the other, it matches.
+                         * This is really hard to realize in bloom-filters, as
+                         * we would have to create a bloom-match for each prefix
+                         * of @c->value_str. This is excessive, hence we just
+                         * ignore all those matches and accept everything from
+                         * the kernel. People should really avoid those matches.
+                         * If they're used in real-life some day, we will have
+                         * to properly support multiple-matches here.
+                         */
+                        break;
+
+                case BUS_MATCH_ARG_NAMESPACE...BUS_MATCH_ARG_NAMESPACE_LAST: {
+                        char buf[sizeof("arg")-1 + 2 + sizeof("-dot-prefix")];
+
+                        xsprintf(buf, "arg%i-dot-prefix", c->type - BUS_MATCH_ARG_NAMESPACE);
+                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, buf, c->value_str);
+                        using_bloom = true;
+                        break;
+                }
+
+                case BUS_MATCH_DESTINATION:
+                        /*
+                         * Kernel only supports matching on destination IDs, but
+                         * not on destination names. So just skip the
+                         * destination name restriction and verify it in
+                         * user-space on retrieval.
+                         */
+                        r = bus_kernel_parse_unique_name(c->value_str, &dst_id);
+                        if (r < 0)
+                                return r;
+                        else if (r > 0)
+                                sz += ALIGN8(offsetof(struct kdbus_item, id) + sizeof(uint64_t));
+
+                        /* if not a broadcast, it cannot be a name-change */
+                        if (r <= 0 || dst_id != KDBUS_DST_ID_BROADCAST)
+                                matches_name_change = false;
+
+                        break;
+
+                case BUS_MATCH_ROOT:
+                case BUS_MATCH_VALUE:
+                case BUS_MATCH_LEAF:
+                case _BUS_MATCH_NODE_TYPE_MAX:
+                case _BUS_MATCH_NODE_TYPE_INVALID:
+                        assert_not_reached("Invalid match type?");
+                }
+        }
+
+        if (using_bloom)
+                sz += ALIGN8(offsetof(struct kdbus_item, data64) + bus->bloom_size);
+
+        m = alloca0_align(sz, 8);
+        m->size = sz;
+        m->cookie = cookie;
+
+        item = m->items;
+
+        if (src_id != KDBUS_MATCH_ID_ANY) {
+                item->size = offsetof(struct kdbus_item, id) + sizeof(uint64_t);
+                item->type = KDBUS_ITEM_ID;
+                item->id = src_id;
+                item = KDBUS_ITEM_NEXT(item);
+        }
+
+        if (dst_id != KDBUS_MATCH_ID_ANY) {
+                item->size = offsetof(struct kdbus_item, id) + sizeof(uint64_t);
+                item->type = KDBUS_ITEM_DST_ID;
+                item->id = dst_id;
+                item = KDBUS_ITEM_NEXT(item);
+        }
+
+        if (using_bloom) {
+                item->size = offsetof(struct kdbus_item, data64) + bus->bloom_size;
+                item->type = KDBUS_ITEM_BLOOM_MASK;
+                memcpy(item->data64, bloom, bus->bloom_size);
+                item = KDBUS_ITEM_NEXT(item);
+        }
+
+        if (sender) {
+                item->size = offsetof(struct kdbus_item, str) + sender_length + 1;
+                item->type = KDBUS_ITEM_NAME;
+                memcpy(item->str, sender, sender_length + 1);
+        }
+
+        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
+        if (r < 0)
+                return -errno;
+
+        if (matches_name_change) {
+
+                /* If this match could theoretically match
+                 * NameOwnerChanged messages, we need to
+                 * install a second non-bloom filter explitly
+                 * for it */
+
+                r = add_name_change_match(bus, cookie, name_change_arg[0], name_change_arg[1], name_change_arg[2]);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+#define internal_match(bus, m)                                          \
+        ((bus)->hello_flags & KDBUS_HELLO_MONITOR                       \
+         ? (isempty(m) ? "eavesdrop='true'" : strjoina((m), ",eavesdrop='true'")) \
+         : (m))
+
+static int bus_add_match_internal_dbus1(
+                sd_bus *bus,
+                const char *match) {
+
+        const char *e;
+
+        assert(bus);
+        assert(match);
+
+        e = internal_match(bus, match);
+
+        return sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.DBus",
+                        "/org/freedesktop/DBus",
+                        "org.freedesktop.DBus",
+                        "AddMatch",
+                        NULL,
+                        NULL,
+                        "s",
+                        e);
+}
+
+int bus_add_match_internal(
+                sd_bus *bus,
+                const char *match,
+                struct bus_match_component *components,
+                unsigned n_components,
+                uint64_t cookie) {
+
+        assert(bus);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        if (bus->is_kernel)
+                return bus_add_match_internal_kernel(bus, components, n_components, cookie);
+        else
+                return bus_add_match_internal_dbus1(bus, match);
+}
+
+int bus_remove_match_internal_kernel(
+                sd_bus *bus,
+                uint64_t cookie) {
+
+        struct kdbus_cmd_match m = {
+                .size = offsetof(struct kdbus_cmd_match, items),
+                .cookie = cookie,
+        };
+        int r;
+
+        assert(bus);
+
+        /* Monitor streams don't support matches, make this a NOP */
+        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
+                return 0;
+
+        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_REMOVE, &m);
+        if (r < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int bus_remove_match_internal_dbus1(
+                sd_bus *bus,
+                const char *match) {
+
+        const char *e;
+
+        assert(bus);
+        assert(match);
+
+        e = internal_match(bus, match);
+
+        return sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.DBus",
+                        "/org/freedesktop/DBus",
+                        "org.freedesktop.DBus",
+                        "RemoveMatch",
+                        NULL,
+                        NULL,
+                        "s",
+                        e);
+}
+
+int bus_remove_match_internal(
+                sd_bus *bus,
+                const char *match,
+                uint64_t cookie) {
+
+        assert(bus);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        if (bus->is_kernel)
+                return bus_remove_match_internal_kernel(bus, cookie);
+        else
+                return bus_remove_match_internal_dbus1(bus, match);
+}
+
+_public_ int sd_bus_get_name_machine_id(sd_bus *bus, const char *name, sd_id128_t *machine) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
+        const char *mid;
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(name, -EINVAL);
+        assert_return(machine, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+        assert_return(service_name_is_valid(name), -EINVAL);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (streq_ptr(name, bus->unique_name))
+                return sd_id128_get_machine(machine);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        name,
+                        "/",
+                        "org.freedesktop.DBus.Peer",
+                        "GetMachineId");
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_set_auto_start(m, false);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call(bus, m, 0, NULL, &reply);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_read(reply, "s", &mid);
+        if (r < 0)
+                return r;
+
+        return sd_id128_from_string(mid, machine);
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-control.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-control.h
new file mode 100644
index 0000000000..229c95efb0
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-control.h
@@ -0,0 +1,32 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "bus-match.h"
+
+int bus_add_match_internal(sd_bus *bus, const char *match, struct bus_match_component *components, unsigned n_components, uint64_t cookie);
+int bus_remove_match_internal(sd_bus *bus, const char *match, uint64_t cookie);
+
+int bus_add_match_internal_kernel(sd_bus *bus, struct bus_match_component *components, unsigned n_components, uint64_t cookie);
+int bus_remove_match_internal_kernel(sd_bus *bus, uint64_t cookie);
+
+int bus_get_name_creds_kdbus(sd_bus *bus, const char *name, uint64_t mask, bool allow_activator, sd_bus_creds **creds);
diff --git a/src/libsystemd/sd-bus/bus-convenience.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-convenience.c
index 2d06bf541f..2d06bf541f 100644
--- a/src/libsystemd/sd-bus/bus-convenience.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-convenience.c
diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-creds.c
index c4f693dee9..c4f693dee9 100644
--- a/src/libsystemd/sd-bus/bus-creds.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-creds.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-creds.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-creds.h
new file mode 100644
index 0000000000..3e2311f91d
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-creds.h
@@ -0,0 +1,90 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-bus.h>
+
+struct sd_bus_creds {
+        bool allocated;
+        unsigned n_ref;
+
+        uint64_t mask;
+        uint64_t augmented;
+
+        uid_t uid;
+        uid_t euid;
+        uid_t suid;
+        uid_t fsuid;
+        gid_t gid;
+        gid_t egid;
+        gid_t sgid;
+        gid_t fsgid;
+
+        gid_t *supplementary_gids;
+        unsigned n_supplementary_gids;
+
+        pid_t ppid;
+        pid_t pid;
+        pid_t tid;
+
+        char *comm;
+        char *tid_comm;
+        char *exe;
+
+        char *cmdline;
+        size_t cmdline_size;
+        char **cmdline_array;
+
+        char *cgroup;
+        char *session;
+        char *unit;
+        char *user_unit;
+        char *slice;
+        char *user_slice;
+
+        char *tty;
+
+        uint32_t *capability;
+
+        uint32_t audit_session_id;
+        uid_t audit_login_uid;
+
+        char *label;
+
+        char *unique_name;
+
+        char **well_known_names;
+        bool well_known_names_driver:1;
+        bool well_known_names_local:1;
+
+        char *cgroup_root;
+
+        char *description, *unescaped_description;
+};
+
+sd_bus_creds* bus_creds_new(void);
+
+void bus_creds_done(sd_bus_creds *c);
+
+int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid);
+
+int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret);
diff --git a/src/libsystemd/sd-bus/bus-dump.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-dump.c
index 21a6b20a11..21a6b20a11 100644
--- a/src/libsystemd/sd-bus/bus-dump.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-dump.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-dump.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-dump.h
new file mode 100644
index 0000000000..68fa043786
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-dump.h
@@ -0,0 +1,37 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <systemd/sd-bus.h>
+
+enum {
+        BUS_MESSAGE_DUMP_WITH_HEADER = 1,
+        BUS_MESSAGE_DUMP_SUBTREE_ONLY = 2,
+};
+
+int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags);
+
+int bus_creds_dump(sd_bus_creds *c, FILE *f, bool terse);
+
+int bus_pcap_header(size_t snaplen, FILE *f);
+int bus_message_pcap_frame(sd_bus_message *m, size_t snaplen, FILE *f);
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-error.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-error.c
new file mode 100644
index 0000000000..b6bb0c4a83
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-error.c
@@ -0,0 +1,608 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "errno-list.h"
+#include "string-util.h"
+#include "util.h"
+
+BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_standard_errors[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.Failed",                           EACCES),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoMemory",                         ENOMEM),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.ServiceUnknown",                   EHOSTUNREACH),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NameHasNoOwner",                   ENXIO),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoReply",                          ETIMEDOUT),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.IOError",                          EIO),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.BadAddress",                       EADDRNOTAVAIL),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NotSupported",                     EOPNOTSUPP),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.LimitsExceeded",                   ENOBUFS),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.AccessDenied",                     EACCES),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.AuthFailed",                       EACCES),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InteractiveAuthorizationRequired", EACCES),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoServer",                         EHOSTDOWN),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.Timeout",                          ETIMEDOUT),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoNetwork",                        ENONET),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.AddressInUse",                     EADDRINUSE),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.Disconnected",                     ECONNRESET),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InvalidArgs",                      EINVAL),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.FileNotFound",                     ENOENT),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.FileExists",                       EEXIST),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownMethod",                    EBADR),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownObject",                    EBADR),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownInterface",                 EBADR),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownProperty",                  EBADR),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.PropertyReadOnly",                 EROFS),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnixProcessIdUnknown",             ESRCH),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InvalidSignature",                 EINVAL),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InconsistentMessage",              EBADMSG),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.TimedOut",                         ETIMEDOUT),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.MatchRuleInvalid",                 EINVAL),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InvalidFileContent",               EINVAL),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.MatchRuleNotFound",                ENOENT),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown",    ESRCH),
+        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.ObjectPathInUse",                  EBUSY),
+        SD_BUS_ERROR_MAP_END
+};
+
+/* GCC maps this magically to the beginning and end of the BUS_ERROR_MAP section.
+ * Hide them; for currently unknown reasons they get exported to the shared libries
+ * even without being listed in the sym file. */
+extern const sd_bus_error_map __start_BUS_ERROR_MAP[] _hidden_;
+extern const sd_bus_error_map __stop_BUS_ERROR_MAP[] _hidden_;
+
+/* Additional maps registered with sd_bus_error_add_map() are in this
+ * NULL terminated array */
+static const sd_bus_error_map **additional_error_maps = NULL;
+
+static int bus_error_name_to_errno(const char *name) {
+        const sd_bus_error_map **map, *m;
+        const char *p;
+        int r;
+
+        if (!name)
+                return EINVAL;
+
+        p = startswith(name, "System.Error.");
+        if (p) {
+                r = errno_from_name(p);
+                if (r < 0)
+                        return EIO;
+
+                return r;
+        }
+
+        if (additional_error_maps)
+                for (map = additional_error_maps; *map; map++)
+                        for (m = *map;; m++) {
+                                /* For additional error maps the end marker is actually the end marker */
+                                if (m->code == BUS_ERROR_MAP_END_MARKER)
+                                        break;
+
+                                if (streq(m->name, name))
+                                        return m->code;
+                        }
+
+        m = __start_BUS_ERROR_MAP;
+        while (m < __stop_BUS_ERROR_MAP) {
+                /* For magic ELF error maps, the end marker might
+                 * appear in the middle of things, since multiple maps
+                 * might appear in the same section. Hence, let's skip
+                 * over it, but realign the pointer to the next 8 byte
+                 * boundary, which is the selected alignment for the
+                 * arrays. */
+                if (m->code == BUS_ERROR_MAP_END_MARKER) {
+                        m = ALIGN8_PTR(m+1);
+                        continue;
+                }
+
+                if (streq(m->name, name))
+                        return m->code;
+
+                m++;
+        }
+
+        return EIO;
+}
+
+static sd_bus_error errno_to_bus_error_const(int error) {
+
+        if (error < 0)
+                error = -error;
+
+        switch (error) {
+
+        case ENOMEM:
+                return BUS_ERROR_OOM;
+
+        case EPERM:
+        case EACCES:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_ACCESS_DENIED, "Access denied");
+
+        case EINVAL:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid argument");
+
+        case ESRCH:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN, "No such process");
+
+        case ENOENT:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FILE_NOT_FOUND, "File not found");
+
+        case EEXIST:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FILE_EXISTS, "File exists");
+
+        case ETIMEDOUT:
+        case ETIME:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_TIMEOUT, "Timed out");
+
+        case EIO:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_IO_ERROR, "Input/output error");
+
+        case ENETRESET:
+        case ECONNABORTED:
+        case ECONNRESET:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_DISCONNECTED, "Disconnected");
+
+        case EOPNOTSUPP:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NOT_SUPPORTED, "Not supported");
+
+        case EADDRNOTAVAIL:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_BAD_ADDRESS, "Address not available");
+
+        case ENOBUFS:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_LIMITS_EXCEEDED, "Limits exceeded");
+
+        case EADDRINUSE:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_ADDRESS_IN_USE, "Address in use");
+
+        case EBADMSG:
+                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Inconsistent message");
+        }
+
+        return SD_BUS_ERROR_NULL;
+}
+
+static int errno_to_bus_error_name_new(int error, char **ret) {
+        const char *name;
+        char *n;
+
+        if (error < 0)
+                error = -error;
+
+        name = errno_to_name(error);
+        if (!name)
+                return 0;
+
+        n = strappend("System.Error.", name);
+        if (!n)
+                return -ENOMEM;
+
+        *ret = n;
+        return 1;
+}
+
+bool bus_error_is_dirty(sd_bus_error *e) {
+        if (!e)
+                return false;
+
+        return e->name || e->message || e->_need_free != 0;
+}
+
+_public_ void sd_bus_error_free(sd_bus_error *e) {
+        if (!e)
+                return;
+
+        if (e->_need_free > 0) {
+                free((void*) e->name);
+                free((void*) e->message);
+        }
+
+        e->name = e->message = NULL;
+        e->_need_free = 0;
+}
+
+_public_ int sd_bus_error_set(sd_bus_error *e, const char *name, const char *message) {
+
+        if (!name)
+                return 0;
+        if (!e)
+                goto finish;
+
+        assert_return(!bus_error_is_dirty(e), -EINVAL);
+
+        e->name = strdup(name);
+        if (!e->name) {
+                *e = BUS_ERROR_OOM;
+                return -ENOMEM;
+        }
+
+        if (message)
+                e->message = strdup(message);
+
+        e->_need_free = 1;
+
+finish:
+        return -bus_error_name_to_errno(name);
+}
+
+int bus_error_setfv(sd_bus_error *e, const char *name, const char *format, va_list ap) {
+
+        if (!name)
+                return 0;
+
+        if (e) {
+                assert_return(!bus_error_is_dirty(e), -EINVAL);
+
+                e->name = strdup(name);
+                if (!e->name) {
+                        *e = BUS_ERROR_OOM;
+                        return -ENOMEM;
+                }
+
+                /* If we hit OOM on formatting the pretty message, we ignore
+                 * this, since we at least managed to write the error name */
+                if (format)
+                        (void) vasprintf((char**) &e->message, format, ap);
+
+                e->_need_free = 1;
+        }
+
+        return -bus_error_name_to_errno(name);
+}
+
+_public_ int sd_bus_error_setf(sd_bus_error *e, const char *name, const char *format, ...) {
+
+        if (format) {
+                int r;
+                va_list ap;
+
+                va_start(ap, format);
+                r = bus_error_setfv(e, name, format, ap);
+                va_end(ap);
+
+                return r;
+        }
+
+        return sd_bus_error_set(e, name, NULL);
+}
+
+_public_ int sd_bus_error_copy(sd_bus_error *dest, const sd_bus_error *e) {
+
+        if (!sd_bus_error_is_set(e))
+                return 0;
+        if (!dest)
+                goto finish;
+
+        assert_return(!bus_error_is_dirty(dest), -EINVAL);
+
+        /*
+         * _need_free  < 0 indicates that the error is temporarily const, needs deep copying
+         * _need_free == 0 indicates that the error is perpetually const, needs no deep copying
+         * _need_free  > 0 indicates that the error is fully dynamic, needs deep copying
+         */
+
+        if (e->_need_free == 0)
+                *dest = *e;
+        else {
+                dest->name = strdup(e->name);
+                if (!dest->name) {
+                        *dest = BUS_ERROR_OOM;
+                        return -ENOMEM;
+                }
+
+                if (e->message)
+                        dest->message = strdup(e->message);
+
+                dest->_need_free = 1;
+        }
+
+finish:
+        return -bus_error_name_to_errno(e->name);
+}
+
+_public_ int sd_bus_error_set_const(sd_bus_error *e, const char *name, const char *message) {
+        if (!name)
+                return 0;
+        if (!e)
+                goto finish;
+
+        assert_return(!bus_error_is_dirty(e), -EINVAL);
+
+        *e = SD_BUS_ERROR_MAKE_CONST(name, message);
+
+finish:
+        return -bus_error_name_to_errno(name);
+}
+
+_public_ int sd_bus_error_is_set(const sd_bus_error *e) {
+        if (!e)
+                return 0;
+
+        return !!e->name;
+}
+
+_public_ int sd_bus_error_has_name(const sd_bus_error *e, const char *name) {
+        if (!e)
+                return 0;
+
+        return streq_ptr(e->name, name);
+}
+
+_public_ int sd_bus_error_get_errno(const sd_bus_error* e) {
+        if (!e)
+                return 0;
+
+        if (!e->name)
+                return 0;
+
+        return bus_error_name_to_errno(e->name);
+}
+
+static void bus_error_strerror(sd_bus_error *e, int error) {
+        size_t k = 64;
+        char *m;
+
+        assert(e);
+
+        for (;;) {
+                char *x;
+
+                m = new(char, k);
+                if (!m)
+                        return;
+
+                errno = 0;
+                x = strerror_r(error, m, k);
+                if (errno == ERANGE || strlen(x) >= k - 1) {
+                        free(m);
+                        k *= 2;
+                        continue;
+                }
+
+                if (errno) {
+                        free(m);
+                        return;
+                }
+
+                if (x == m) {
+                        if (e->_need_free > 0) {
+                                /* Error is already dynamic, let's just update the message */
+                                free((char*) e->message);
+                                e->message = x;
+
+                        } else {
+                                char *t;
+                                /* Error was const so far, let's make it dynamic, if we can */
+
+                                t = strdup(e->name);
+                                if (!t) {
+                                        free(m);
+                                        return;
+                                }
+
+                                e->_need_free = 1;
+                                e->name = t;
+                                e->message = x;
+                        }
+                } else {
+                        free(m);
+
+                        if (e->_need_free > 0) {
+                                char *t;
+
+                                /* Error is dynamic, let's hence make the message also dynamic */
+                                t = strdup(x);
+                                if (!t)
+                                        return;
+
+                                free((char*) e->message);
+                                e->message = t;
+                        } else {
+                                /* Error is const, hence we can just override */
+                                e->message = x;
+                        }
+                }
+
+                return;
+        }
+}
+
+_public_ int sd_bus_error_set_errno(sd_bus_error *e, int error) {
+
+        if (error < 0)
+                error = -error;
+
+        if (!e)
+                return -error;
+        if (error == 0)
+                return -error;
+
+        assert_return(!bus_error_is_dirty(e), -EINVAL);
+
+        /* First, try a const translation */
+        *e = errno_to_bus_error_const(error);
+
+        if (!sd_bus_error_is_set(e)) {
+                int k;
+
+                /* If that didn't work, try a dynamic one. */
+
+                k = errno_to_bus_error_name_new(error, (char**) &e->name);
+                if (k > 0)
+                        e->_need_free = 1;
+                else if (k < 0) {
+                        *e = BUS_ERROR_OOM;
+                        return -error;
+                } else
+                        *e = BUS_ERROR_FAILED;
+        }
+
+        /* Now, fill in the message from strerror() if we can */
+        bus_error_strerror(e, error);
+        return -error;
+}
+
+_public_ int sd_bus_error_set_errnofv(sd_bus_error *e, int error, const char *format, va_list ap) {
+        PROTECT_ERRNO;
+        int r;
+
+        if (error < 0)
+                error = -error;
+
+        if (!e)
+                return -error;
+        if (error == 0)
+                return 0;
+
+        assert_return(!bus_error_is_dirty(e), -EINVAL);
+
+        /* First, try a const translation */
+        *e = errno_to_bus_error_const(error);
+
+        if (!sd_bus_error_is_set(e)) {
+                int k;
+
+                /* If that didn't work, try a dynamic one */
+
+                k = errno_to_bus_error_name_new(error, (char**) &e->name);
+                if (k > 0)
+                        e->_need_free = 1;
+                else if (k < 0) {
+                        *e = BUS_ERROR_OOM;
+                        return -ENOMEM;
+                } else
+                        *e = BUS_ERROR_FAILED;
+        }
+
+        if (format) {
+                char *m;
+
+                /* Then, let's try to fill in the supplied message */
+
+                errno = error; /* Make sure that %m resolves to the specified error */
+                r = vasprintf(&m, format, ap);
+                if (r >= 0) {
+
+                        if (e->_need_free <= 0) {
+                                char *t;
+
+                                t = strdup(e->name);
+                                if (t) {
+                                        e->_need_free = 1;
+                                        e->name = t;
+                                        e->message = m;
+                                        return -error;
+                                }
+
+                                free(m);
+                        } else {
+                                free((char*) e->message);
+                                e->message = m;
+                                return -error;
+                        }
+                }
+        }
+
+        /* If that didn't work, use strerror() for the message */
+        bus_error_strerror(e, error);
+        return -error;
+}
+
+_public_ int sd_bus_error_set_errnof(sd_bus_error *e, int error, const char *format, ...) {
+        int r;
+
+        if (error < 0)
+                error = -error;
+
+        if (!e)
+                return -error;
+        if (error == 0)
+                return 0;
+
+        assert_return(!bus_error_is_dirty(e), -EINVAL);
+
+        if (format) {
+                va_list ap;
+
+                va_start(ap, format);
+                r = sd_bus_error_set_errnofv(e, error, format, ap);
+                va_end(ap);
+
+                return r;
+        }
+
+        return sd_bus_error_set_errno(e, error);
+}
+
+const char *bus_error_message(const sd_bus_error *e, int error) {
+
+        if (e) {
+                /* Sometimes, the D-Bus server is a little bit too verbose with
+                 * its error messages, so let's override them here */
+                if (sd_bus_error_has_name(e, SD_BUS_ERROR_ACCESS_DENIED))
+                        return "Access denied";
+
+                if (e->message)
+                        return e->message;
+        }
+
+        if (error < 0)
+                error = -error;
+
+        return strerror(error);
+}
+
+static bool map_ok(const sd_bus_error_map *map) {
+        for (; map->code != BUS_ERROR_MAP_END_MARKER; map++)
+                if (!map->name || map->code <=0)
+                        return false;
+        return true;
+}
+
+_public_ int sd_bus_error_add_map(const sd_bus_error_map *map) {
+        const sd_bus_error_map **maps = NULL;
+        unsigned n = 0;
+
+        assert_return(map, -EINVAL);
+        assert_return(map_ok(map), -EINVAL);
+
+        if (additional_error_maps)
+                for (; additional_error_maps[n] != NULL; n++)
+                        if (additional_error_maps[n] == map)
+                                return 0;
+
+        maps = realloc_multiply(additional_error_maps, sizeof(struct sd_bus_error_map*), n + 2);
+        if (!maps)
+                return -ENOMEM;
+
+        maps[n] = map;
+        maps[n+1] = NULL;
+
+        additional_error_maps = maps;
+        return 1;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-error.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-error.h
new file mode 100644
index 0000000000..b7aedf406d
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-error.h
@@ -0,0 +1,64 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-bus.h>
+
+#include "macro.h"
+
+bool bus_error_is_dirty(sd_bus_error *e);
+
+const char *bus_error_message(const sd_bus_error *e, int error);
+
+int bus_error_setfv(sd_bus_error *e, const char *name, const char *format, va_list ap) _printf_(3,0);
+int bus_error_set_errnofv(sd_bus_error *e, int error, const char *format, va_list ap) _printf_(3,0);
+
+#define BUS_ERROR_OOM SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NO_MEMORY, "Out of memory")
+#define BUS_ERROR_FAILED SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FAILED, "Operation failed")
+
+/*
+ * There are two ways to register error maps with the error translation
+ * logic: by using BUS_ERROR_MAP_ELF_REGISTER, which however only
+ * works when linked into the same ELF module, or via
+ * sd_bus_error_add_map() which is the official, external API, that
+ * works from any module.
+ *
+ * Note that BUS_ERROR_MAP_ELF_REGISTER has to be used as decorator in
+ * the bus error table, and BUS_ERROR_MAP_ELF_USE has to be used at
+ * least once per compilation unit (i.e. per library), to ensure that
+ * the error map is really added to the final binary.
+ */
+
+#define BUS_ERROR_MAP_ELF_REGISTER                                      \
+        __attribute__ ((__section__("BUS_ERROR_MAP")))                  \
+        __attribute__ ((__used__))                                      \
+        __attribute__ ((aligned(8)))
+
+#define BUS_ERROR_MAP_ELF_USE(errors)                                   \
+        extern const sd_bus_error_map errors[];                         \
+        __attribute__ ((used)) static const sd_bus_error_map * const CONCATENATE(errors ## _copy_, __COUNTER__) = errors;
+
+/* We use something exotic as end marker, to ensure people build the
+ * maps using the macsd-ros. */
+#define BUS_ERROR_MAP_END_MARKER -'x'
+
+BUS_ERROR_MAP_ELF_USE(bus_standard_errors);
diff --git a/src/libsystemd/sd-bus/bus-gvariant.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-gvariant.c
index 58782767fa..58782767fa 100644
--- a/src/libsystemd/sd-bus/bus-gvariant.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-gvariant.c
diff --git a/src/libsystemd/sd-bus/bus-gvariant.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-gvariant.h
index 6da637fb05..6da637fb05 100644
--- a/src/libsystemd/sd-bus/bus-gvariant.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-gvariant.h
diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-internal.c
index caca679086..caca679086 100644
--- a/src/libsystemd/sd-bus/bus-internal.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-internal.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-internal.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-internal.h
new file mode 100644
index 0000000000..8c4c6fa772
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-internal.h
@@ -0,0 +1,399 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <pthread.h>
+#include <sys/socket.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-error.h"
+#include "bus-kernel.h"
+#include "bus-match.h"
+#include "hashmap.h"
+#include "kdbus.h"
+#include "list.h"
+#include "prioq.h"
+#include "refcnt.h"
+#include "socket-util.h"
+#include "util.h"
+
+struct reply_callback {
+        sd_bus_message_handler_t callback;
+        usec_t timeout;
+        uint64_t cookie;
+        unsigned prioq_idx;
+};
+
+struct filter_callback {
+        sd_bus_message_handler_t callback;
+
+        unsigned last_iteration;
+
+        LIST_FIELDS(struct filter_callback, callbacks);
+};
+
+struct match_callback {
+        sd_bus_message_handler_t callback;
+
+        uint64_t cookie;
+        unsigned last_iteration;
+
+        char *match_string;
+
+        struct bus_match_node *match_node;
+};
+
+struct node {
+        char *path;
+        struct node *parent;
+        LIST_HEAD(struct node, child);
+        LIST_FIELDS(struct node, siblings);
+
+        LIST_HEAD(struct node_callback, callbacks);
+        LIST_HEAD(struct node_vtable, vtables);
+        LIST_HEAD(struct node_enumerator, enumerators);
+        LIST_HEAD(struct node_object_manager, object_managers);
+};
+
+struct node_callback {
+        struct node *node;
+
+        bool is_fallback;
+        sd_bus_message_handler_t callback;
+
+        unsigned last_iteration;
+
+        LIST_FIELDS(struct node_callback, callbacks);
+};
+
+struct node_enumerator {
+        struct node *node;
+
+        sd_bus_node_enumerator_t callback;
+
+        unsigned last_iteration;
+
+        LIST_FIELDS(struct node_enumerator, enumerators);
+};
+
+struct node_object_manager {
+        struct node *node;
+
+        LIST_FIELDS(struct node_object_manager, object_managers);
+};
+
+struct node_vtable {
+        struct node *node;
+
+        char *interface;
+        bool is_fallback;
+        const sd_bus_vtable *vtable;
+        sd_bus_object_find_t find;
+
+        unsigned last_iteration;
+
+        LIST_FIELDS(struct node_vtable, vtables);
+};
+
+struct vtable_member {
+        const char *path;
+        const char *interface;
+        const char *member;
+        struct node_vtable *parent;
+        unsigned last_iteration;
+        const sd_bus_vtable *vtable;
+};
+
+typedef enum BusSlotType {
+        BUS_REPLY_CALLBACK,
+        BUS_FILTER_CALLBACK,
+        BUS_MATCH_CALLBACK,
+        BUS_NODE_CALLBACK,
+        BUS_NODE_ENUMERATOR,
+        BUS_NODE_VTABLE,
+        BUS_NODE_OBJECT_MANAGER,
+        _BUS_SLOT_INVALID = -1,
+} BusSlotType;
+
+struct sd_bus_slot {
+        unsigned n_ref;
+        sd_bus *bus;
+        void *userdata;
+        BusSlotType type:5;
+        bool floating:1;
+        bool match_added:1;
+        char *description;
+
+        LIST_FIELDS(sd_bus_slot, slots);
+
+        union {
+                struct reply_callback reply_callback;
+                struct filter_callback filter_callback;
+                struct match_callback match_callback;
+                struct node_callback node_callback;
+                struct node_enumerator node_enumerator;
+                struct node_object_manager node_object_manager;
+                struct node_vtable node_vtable;
+        };
+};
+
+enum bus_state {
+        BUS_UNSET,
+        BUS_OPENING,
+        BUS_AUTHENTICATING,
+        BUS_HELLO,
+        BUS_RUNNING,
+        BUS_CLOSING,
+        BUS_CLOSED
+};
+
+static inline bool BUS_IS_OPEN(enum bus_state state) {
+        return state > BUS_UNSET && state < BUS_CLOSING;
+}
+
+enum bus_auth {
+        _BUS_AUTH_INVALID,
+        BUS_AUTH_EXTERNAL,
+        BUS_AUTH_ANONYMOUS
+};
+
+struct sd_bus {
+        /* We use atomic ref counting here since sd_bus_message
+           objects retain references to their originating sd_bus but
+           we want to allow them to be processed in a different
+           thread. We won't provide full thread safety, but only the
+           bare minimum that makes it possible to use sd_bus and
+           sd_bus_message objects independently and on different
+           threads as long as each object is used only once at the
+           same time. */
+        RefCount n_ref;
+
+        enum bus_state state;
+        int input_fd, output_fd;
+        int message_version;
+        int message_endian;
+
+        bool is_kernel:1;
+        bool can_fds:1;
+        bool bus_client:1;
+        bool ucred_valid:1;
+        bool is_server:1;
+        bool anonymous_auth:1;
+        bool prefer_readv:1;
+        bool prefer_writev:1;
+        bool match_callbacks_modified:1;
+        bool filter_callbacks_modified:1;
+        bool nodes_modified:1;
+        bool trusted:1;
+        bool fake_creds_valid:1;
+        bool fake_pids_valid:1;
+        bool manual_peer_interface:1;
+        bool is_system:1;
+        bool is_user:1;
+        bool allow_interactive_authorization:1;
+
+        int use_memfd;
+
+        void *rbuffer;
+        size_t rbuffer_size;
+
+        sd_bus_message **rqueue;
+        unsigned rqueue_size;
+        size_t rqueue_allocated;
+
+        sd_bus_message **wqueue;
+        unsigned wqueue_size;
+        size_t windex;
+        size_t wqueue_allocated;
+
+        uint64_t cookie;
+
+        char *unique_name;
+        uint64_t unique_id;
+
+        struct bus_match_node match_callbacks;
+        Prioq *reply_callbacks_prioq;
+        OrderedHashmap *reply_callbacks;
+        LIST_HEAD(struct filter_callback, filter_callbacks);
+
+        Hashmap *nodes;
+        Hashmap *vtable_methods;
+        Hashmap *vtable_properties;
+
+        union sockaddr_union sockaddr;
+        socklen_t sockaddr_size;
+
+        char *kernel;
+        char *machine;
+        pid_t nspid;
+
+        sd_id128_t server_id;
+
+        char *address;
+        unsigned address_index;
+
+        int last_connect_error;
+
+        enum bus_auth auth;
+        size_t auth_rbegin;
+        struct iovec auth_iovec[3];
+        unsigned auth_index;
+        char *auth_buffer;
+        usec_t auth_timeout;
+
+        struct ucred ucred;
+        char *label;
+
+        uint64_t creds_mask;
+
+        int *fds;
+        unsigned n_fds;
+
+        char *exec_path;
+        char **exec_argv;
+
+        unsigned iteration_counter;
+
+        void *kdbus_buffer;
+
+        /* We do locking around the memfd cache, since we want to
+         * allow people to process a sd_bus_message in a different
+         * thread then it was generated on and free it there. Since
+         * adding something to the memfd cache might happen when a
+         * message is released, we hence need to protect this bit with
+         * a mutex. */
+        pthread_mutex_t memfd_cache_mutex;
+        struct memfd_cache memfd_cache[MEMFD_CACHE_MAX];
+        unsigned n_memfd_cache;
+
+        pid_t original_pid;
+
+        uint64_t hello_flags;
+        uint64_t attach_flags;
+
+        uint64_t match_cookie;
+
+        sd_event_source *input_io_event_source;
+        sd_event_source *output_io_event_source;
+        sd_event_source *time_event_source;
+        sd_event_source *quit_event_source;
+        sd_event *event;
+        int event_priority;
+
+        sd_bus_message *current_message;
+        sd_bus_slot *current_slot;
+        sd_bus_message_handler_t current_handler;
+        void *current_userdata;
+
+        sd_bus **default_bus_ptr;
+        pid_t tid;
+
+        struct kdbus_creds fake_creds;
+        struct kdbus_pids fake_pids;
+        char *fake_label;
+
+        char *cgroup_root;
+
+        char *description;
+
+        size_t bloom_size;
+        unsigned bloom_n_hash;
+
+        sd_bus_track *track_queue;
+
+        LIST_HEAD(sd_bus_slot, slots);
+};
+
+#define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
+
+#define BUS_WQUEUE_MAX 1024
+#define BUS_RQUEUE_MAX 64*1024
+
+#define BUS_MESSAGE_SIZE_MAX (64*1024*1024)
+#define BUS_AUTH_SIZE_MAX (64*1024)
+
+#define BUS_CONTAINER_DEPTH 128
+
+/* Defined by the specification as maximum size of an array in
+ * bytes */
+#define BUS_ARRAY_MAX_SIZE 67108864
+
+#define BUS_FDS_MAX 1024
+
+#define BUS_EXEC_ARGV_MAX 256
+
+bool interface_name_is_valid(const char *p) _pure_;
+bool service_name_is_valid(const char *p) _pure_;
+char* service_name_startswith(const char *a, const char *b);
+bool member_name_is_valid(const char *p) _pure_;
+bool object_path_is_valid(const char *p) _pure_;
+char *object_path_startswith(const char *a, const char *b) _pure_;
+
+bool namespace_complex_pattern(const char *pattern, const char *value) _pure_;
+bool path_complex_pattern(const char *pattern, const char *value) _pure_;
+
+bool namespace_simple_pattern(const char *pattern, const char *value) _pure_;
+bool path_simple_pattern(const char *pattern, const char *value) _pure_;
+
+int bus_message_type_from_string(const char *s, uint8_t *u) _pure_;
+const char *bus_message_type_to_string(uint8_t u) _pure_;
+
+#define error_name_is_valid interface_name_is_valid
+
+int bus_ensure_running(sd_bus *bus);
+int bus_start_running(sd_bus *bus);
+int bus_next_address(sd_bus *bus);
+
+int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m);
+
+int bus_rqueue_make_room(sd_bus *bus);
+
+bool bus_pid_changed(sd_bus *bus);
+
+char *bus_address_escape(const char *v);
+
+#define OBJECT_PATH_FOREACH_PREFIX(prefix, path)                        \
+        for (char *_slash = ({ strcpy((prefix), (path)); streq((prefix), "/") ? NULL : strrchr((prefix), '/'); }) ; \
+             _slash && !(_slash[(_slash) == (prefix)] = 0);             \
+             _slash = streq((prefix), "/") ? NULL : strrchr((prefix), '/'))
+
+/* If we are invoking callbacks of a bus object, ensure unreffing the
+ * bus from the callback doesn't destroy the object we are working
+ * on */
+#define BUS_DONT_DESTROY(bus) \
+        _cleanup_(sd_bus_unrefp) _unused_ sd_bus *_dont_destroy_##bus = sd_bus_ref(bus)
+
+int bus_set_address_system(sd_bus *bus);
+int bus_set_address_user(sd_bus *bus);
+int bus_set_address_system_remote(sd_bus *b, const char *host);
+int bus_set_address_system_machine(sd_bus *b, const char *machine);
+
+int bus_remove_match_by_string(sd_bus *bus, const char *match, sd_bus_message_handler_t callback, void *userdata);
+
+int bus_get_root_path(sd_bus *bus);
+
+int bus_maybe_reply_error(sd_bus_message *m, int r, sd_bus_error *error);
+
+#define bus_assert_return(expr, r, error)                               \
+        do {                                                            \
+                if (!assert_log(expr, #expr))                           \
+                        return sd_bus_error_set_errno(error, r);        \
+        } while (false)
diff --git a/src/libsystemd/sd-bus/bus-introspect.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-introspect.c
index 8f93edb8da..8f93edb8da 100644
--- a/src/libsystemd/sd-bus/bus-introspect.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-introspect.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-introspect.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-introspect.h
new file mode 100644
index 0000000000..87ac03b26a
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-introspect.h
@@ -0,0 +1,40 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdio.h>
+
+#include <systemd/sd-bus.h>
+
+#include "set.h"
+
+struct introspect {
+        FILE *f;
+        char *introspection;
+        size_t size;
+        bool trusted;
+};
+
+int introspect_begin(struct introspect *i, bool trusted);
+int introspect_write_default_interfaces(struct introspect *i, bool object_manager);
+int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix);
+int introspect_write_interface(struct introspect *i, const sd_bus_vtable *v);
+int introspect_finish(struct introspect *i, sd_bus *bus, sd_bus_message *m, sd_bus_message **reply);
+void introspect_free(struct introspect *i);
diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-kernel.c
index 59398b841d..59398b841d 100644
--- a/src/libsystemd/sd-bus/bus-kernel.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-kernel.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-kernel.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-kernel.h
new file mode 100644
index 0000000000..2927ba26a5
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-kernel.h
@@ -0,0 +1,93 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-bus.h>
+
+#define KDBUS_ITEM_NEXT(item) \
+        (typeof(item))(((uint8_t *)item) + ALIGN8((item)->size))
+
+#define KDBUS_ITEM_FOREACH(part, head, first)                           \
+        for (part = (head)->first;                                      \
+             ((uint8_t *)(part) < (uint8_t *)(head) + (head)->size) &&  \
+                ((uint8_t *) part >= (uint8_t *) head);                 \
+             part = KDBUS_ITEM_NEXT(part))
+#define KDBUS_FOREACH(iter, first, _size)                               \
+        for (iter = (first);                                            \
+             ((uint8_t *)(iter) < (uint8_t *)(first) + (_size)) &&      \
+               ((uint8_t *)(iter) >= (uint8_t *)(first));               \
+             iter = (void*)(((uint8_t *)iter) + ALIGN8((iter)->size)))
+
+#define KDBUS_ITEM_HEADER_SIZE offsetof(struct kdbus_item, data)
+#define KDBUS_ITEM_SIZE(s) ALIGN8((s) + KDBUS_ITEM_HEADER_SIZE)
+
+#define MEMFD_CACHE_MAX 32
+
+/* When we cache a memfd block for reuse, we will truncate blocks
+ * longer than this in order not to keep too much data around. */
+#define MEMFD_CACHE_ITEM_SIZE_MAX (128*1024)
+
+/* This determines at which minimum size we prefer sending memfds over
+ * sending vectors */
+#define MEMFD_MIN_SIZE (512*1024)
+
+/* The size of the per-connection memory pool that we set up and where
+ * the kernel places our incoming messages */
+#define KDBUS_POOL_SIZE (16*1024*1024)
+
+struct memfd_cache {
+        int fd;
+        void *address;
+        size_t mapped;
+        size_t allocated;
+};
+
+int bus_kernel_connect(sd_bus *b);
+int bus_kernel_take_fd(sd_bus *b);
+
+int bus_kernel_write_message(sd_bus *bus, sd_bus_message *m, bool hint_sync_call);
+int bus_kernel_read_message(sd_bus *bus, bool hint_priority, int64_t priority);
+
+int bus_kernel_open_bus_fd(const char *bus, char **path);
+
+int bus_kernel_create_bus(const char *name, bool world, char **s);
+int bus_kernel_create_endpoint(const char *bus_name, const char *ep_name, char **path);
+
+int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *mapped, size_t *allocated);
+void bus_kernel_push_memfd(sd_bus *bus, int fd, void *address, size_t mapped, size_t allocated);
+
+void bus_kernel_flush_memfd(sd_bus *bus);
+
+int bus_kernel_parse_unique_name(const char *s, uint64_t *id);
+
+uint64_t request_name_flags_to_kdbus(uint64_t sd_bus_flags);
+uint64_t attach_flags_to_kdbus(uint64_t sd_bus_flags);
+
+int bus_kernel_try_close(sd_bus *bus);
+
+int bus_kernel_drop_one(int fd);
+
+int bus_kernel_realize_attach_flags(sd_bus *bus);
+
+int bus_kernel_get_bus_name(sd_bus *bus, char **name);
+
+int bus_kernel_cmd_free(sd_bus *bus, uint64_t offset);
diff --git a/src/libsystemd/sd-bus/bus-match.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-match.c
index 397baf6f33..397baf6f33 100644
--- a/src/libsystemd/sd-bus/bus-match.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-match.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-match.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-match.h
new file mode 100644
index 0000000000..3f71720185
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-match.h
@@ -0,0 +1,100 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "hashmap.h"
+
+enum bus_match_node_type {
+        BUS_MATCH_ROOT,
+        BUS_MATCH_VALUE,
+        BUS_MATCH_LEAF,
+
+        /* The following are all different kinds of compare nodes */
+        BUS_MATCH_SENDER,
+        BUS_MATCH_MESSAGE_TYPE,
+        BUS_MATCH_DESTINATION,
+        BUS_MATCH_INTERFACE,
+        BUS_MATCH_MEMBER,
+        BUS_MATCH_PATH,
+        BUS_MATCH_PATH_NAMESPACE,
+        BUS_MATCH_ARG,
+        BUS_MATCH_ARG_LAST = BUS_MATCH_ARG + 63,
+        BUS_MATCH_ARG_PATH,
+        BUS_MATCH_ARG_PATH_LAST = BUS_MATCH_ARG_PATH + 63,
+        BUS_MATCH_ARG_NAMESPACE,
+        BUS_MATCH_ARG_NAMESPACE_LAST = BUS_MATCH_ARG_NAMESPACE + 63,
+        BUS_MATCH_ARG_HAS,
+        BUS_MATCH_ARG_HAS_LAST = BUS_MATCH_ARG_HAS + 63,
+        _BUS_MATCH_NODE_TYPE_MAX,
+        _BUS_MATCH_NODE_TYPE_INVALID = -1
+};
+
+struct bus_match_node {
+        enum bus_match_node_type type;
+        struct bus_match_node *parent, *next, *prev, *child;
+
+        union {
+                struct {
+                        char *str;
+                        uint8_t u8;
+                } value;
+                struct {
+                        struct match_callback *callback;
+                } leaf;
+                struct {
+                        /* If this is set, then the child is NULL */
+                        Hashmap *children;
+                } compare;
+        };
+};
+
+struct bus_match_component {
+        enum bus_match_node_type type;
+        uint8_t value_u8;
+        char *value_str;
+};
+
+enum bus_match_scope {
+        BUS_MATCH_GENERIC,
+        BUS_MATCH_LOCAL,
+        BUS_MATCH_DRIVER,
+};
+
+int bus_match_run(sd_bus *bus, struct bus_match_node *root, sd_bus_message *m);
+
+int bus_match_add(struct bus_match_node *root, struct bus_match_component *components, unsigned n_components, struct match_callback *callback);
+int bus_match_remove(struct bus_match_node *root, struct match_callback *callback);
+
+int bus_match_find(struct bus_match_node *root, struct bus_match_component *components, unsigned n_components, sd_bus_message_handler_t callback, void *userdata, struct match_callback **ret);
+
+void bus_match_free(struct bus_match_node *node);
+
+void bus_match_dump(struct bus_match_node *node, unsigned level);
+
+const char* bus_match_node_type_to_string(enum bus_match_node_type t, char buf[], size_t l);
+enum bus_match_node_type bus_match_node_type_from_string(const char *k, size_t n);
+
+int bus_match_parse(const char *match, struct bus_match_component **_components, unsigned *_n_components);
+void bus_match_parse_free(struct bus_match_component *components, unsigned n_components);
+char *bus_match_to_string(struct bus_match_component *components, unsigned n_components);
+
+enum bus_match_scope bus_match_get_scope(const struct bus_match_component *components, unsigned n_components);
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-message.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-message.c
new file mode 100644
index 0000000000..a9359c1528
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-message.c
@@ -0,0 +1,5939 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-gvariant.h"
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-signature.h"
+#include "bus-type.h"
+#include "bus-util.h"
+#include "fd-util.h"
+#include "io-util.h"
+#include "memfd-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "time-util.h"
+#include "utf8.h"
+#include "util.h"
+
+static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored);
+
+static void *adjust_pointer(const void *p, void *old_base, size_t sz, void *new_base) {
+
+        if (p == NULL)
+                return NULL;
+
+        if (old_base == new_base)
+                return (void*) p;
+
+        if ((uint8_t*) p < (uint8_t*) old_base)
+                return (void*) p;
+
+        if ((uint8_t*) p >= (uint8_t*) old_base + sz)
+                return (void*) p;
+
+        return (uint8_t*) new_base + ((uint8_t*) p - (uint8_t*) old_base);
+}
+
+static void message_free_part(sd_bus_message *m, struct bus_body_part *part) {
+        assert(m);
+        assert(part);
+
+        if (part->memfd >= 0) {
+                /* If we can reuse the memfd, try that. For that it
+                 * can't be sealed yet. */
+
+                if (!part->sealed) {
+                        assert(part->memfd_offset == 0);
+                        assert(part->data == part->mmap_begin);
+                        bus_kernel_push_memfd(m->bus, part->memfd, part->data, part->mapped, part->allocated);
+                } else {
+                        if (part->mapped > 0)
+                                assert_se(munmap(part->mmap_begin, part->mapped) == 0);
+
+                        safe_close(part->memfd);
+                }
+
+        } else if (part->munmap_this)
+                munmap(part->mmap_begin, part->mapped);
+        else if (part->free_this)
+                free(part->data);
+
+        if (part != &m->body)
+                free(part);
+}
+
+static void message_reset_parts(sd_bus_message *m) {
+        struct bus_body_part *part;
+
+        assert(m);
+
+        part = &m->body;
+        while (m->n_body_parts > 0) {
+                struct bus_body_part *next = part->next;
+                message_free_part(m, part);
+                part = next;
+                m->n_body_parts--;
+        }
+
+        m->body_end = NULL;
+
+        m->cached_rindex_part = NULL;
+        m->cached_rindex_part_begin = 0;
+}
+
+static void message_reset_containers(sd_bus_message *m) {
+        unsigned i;
+
+        assert(m);
+
+        for (i = 0; i < m->n_containers; i++) {
+                free(m->containers[i].signature);
+                free(m->containers[i].offsets);
+        }
+
+        m->containers = mfree(m->containers);
+
+        m->n_containers = m->containers_allocated = 0;
+        m->root_container.index = 0;
+}
+
+static void message_free(sd_bus_message *m) {
+        assert(m);
+
+        if (m->free_header)
+                free(m->header);
+
+        message_reset_parts(m);
+
+        if (m->release_kdbus)
+                bus_kernel_cmd_free(m->bus, (uint8_t *) m->kdbus - (uint8_t *) m->bus->kdbus_buffer);
+
+        if (m->free_kdbus)
+                free(m->kdbus);
+
+        sd_bus_unref(m->bus);
+
+        if (m->free_fds) {
+                close_many(m->fds, m->n_fds);
+                free(m->fds);
+        }
+
+        if (m->iovec != m->iovec_fixed)
+                free(m->iovec);
+
+        m->destination_ptr = mfree(m->destination_ptr);
+        message_reset_containers(m);
+        free(m->root_container.signature);
+        free(m->root_container.offsets);
+
+        free(m->root_container.peeked_signature);
+
+        bus_creds_done(&m->creds);
+        free(m);
+}
+
+static void *message_extend_fields(sd_bus_message *m, size_t align, size_t sz, bool add_offset) {
+        void *op, *np;
+        size_t old_size, new_size, start;
+
+        assert(m);
+
+        if (m->poisoned)
+                return NULL;
+
+        old_size = sizeof(struct bus_header) + m->fields_size;
+        start = ALIGN_TO(old_size, align);
+        new_size = start + sz;
+
+        if (new_size < start ||
+            new_size > (size_t) ((uint32_t) -1))
+                goto poison;
+
+        if (old_size == new_size)
+                return (uint8_t*) m->header + old_size;
+
+        if (m->free_header) {
+                np = realloc(m->header, ALIGN8(new_size));
+                if (!np)
+                        goto poison;
+        } else {
+                /* Initially, the header is allocated as part of of
+                 * the sd_bus_message itself, let's replace it by
+                 * dynamic data */
+
+                np = malloc(ALIGN8(new_size));
+                if (!np)
+                        goto poison;
+
+                memcpy(np, m->header, sizeof(struct bus_header));
+        }
+
+        /* Zero out padding */
+        if (start > old_size)
+                memzero((uint8_t*) np + old_size, start - old_size);
+
+        op = m->header;
+        m->header = np;
+        m->fields_size = new_size - sizeof(struct bus_header);
+
+        /* Adjust quick access pointers */
+        m->path = adjust_pointer(m->path, op, old_size, m->header);
+        m->interface = adjust_pointer(m->interface, op, old_size, m->header);
+        m->member = adjust_pointer(m->member, op, old_size, m->header);
+        m->destination = adjust_pointer(m->destination, op, old_size, m->header);
+        m->sender = adjust_pointer(m->sender, op, old_size, m->header);
+        m->error.name = adjust_pointer(m->error.name, op, old_size, m->header);
+
+        m->free_header = true;
+
+        if (add_offset) {
+                if (m->n_header_offsets >= ELEMENTSOF(m->header_offsets))
+                        goto poison;
+
+                m->header_offsets[m->n_header_offsets++] = new_size - sizeof(struct bus_header);
+        }
+
+        return (uint8_t*) np + start;
+
+poison:
+        m->poisoned = true;
+        return NULL;
+}
+
+static int message_append_field_string(
+                sd_bus_message *m,
+                uint64_t h,
+                char type,
+                const char *s,
+                const char **ret) {
+
+        size_t l;
+        uint8_t *p;
+
+        assert(m);
+
+        /* dbus1 only allows 8bit header field ids */
+        if (h > 0xFF)
+                return -EINVAL;
+
+        /* dbus1 doesn't allow strings over 32bit, let's enforce this
+         * globally, to not risk convertability */
+        l = strlen(s);
+        if (l > (size_t) (uint32_t) -1)
+                return -EINVAL;
+
+        /* Signature "(yv)" where the variant contains "s" */
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+
+                /* (field id 64bit, ((string + NUL) + NUL + signature string 's') */
+                p = message_extend_fields(m, 8, 8 + l + 1 + 1 + 1, true);
+                if (!p)
+                        return -ENOMEM;
+
+                *((uint64_t*) p) = h;
+                memcpy(p+8, s, l);
+                p[8+l] = 0;
+                p[8+l+1] = 0;
+                p[8+l+2] = type;
+
+                if (ret)
+                        *ret = (char*) p + 8;
+
+        } else {
+                /* (field id byte + (signature length + signature 's' + NUL) + (string length + string + NUL)) */
+                p = message_extend_fields(m, 8, 4 + 4 + l + 1, false);
+                if (!p)
+                        return -ENOMEM;
+
+                p[0] = (uint8_t) h;
+                p[1] = 1;
+                p[2] = type;
+                p[3] = 0;
+
+                ((uint32_t*) p)[1] = l;
+                memcpy(p + 8, s, l + 1);
+
+                if (ret)
+                        *ret = (char*) p + 8;
+        }
+
+        return 0;
+}
+
+static int message_append_field_signature(
+                sd_bus_message *m,
+                uint64_t h,
+                const char *s,
+                const char **ret) {
+
+        size_t l;
+        uint8_t *p;
+
+        assert(m);
+
+        /* dbus1 only allows 8bit header field ids */
+        if (h > 0xFF)
+                return -EINVAL;
+
+        /* dbus1 doesn't allow signatures over 8bit, let's enforce
+         * this globally, to not risk convertability */
+        l = strlen(s);
+        if (l > 255)
+                return -EINVAL;
+
+        /* Signature "(yv)" where the variant contains "g" */
+
+        if (BUS_MESSAGE_IS_GVARIANT(m))
+                /* For gvariant the serialization is the same as for normal strings */
+                return message_append_field_string(m, h, 'g', s, ret);
+        else {
+                /* (field id byte + (signature length + signature 'g' + NUL) + (string length + string + NUL)) */
+                p = message_extend_fields(m, 8, 4 + 1 + l + 1, false);
+                if (!p)
+                        return -ENOMEM;
+
+                p[0] = (uint8_t) h;
+                p[1] = 1;
+                p[2] = SD_BUS_TYPE_SIGNATURE;
+                p[3] = 0;
+                p[4] = l;
+                memcpy(p + 5, s, l + 1);
+
+                if (ret)
+                        *ret = (const char*) p + 5;
+        }
+
+        return 0;
+}
+
+static int message_append_field_uint32(sd_bus_message *m, uint64_t h, uint32_t x) {
+        uint8_t *p;
+
+        assert(m);
+
+        /* dbus1 only allows 8bit header field ids */
+        if (h > 0xFF)
+                return -EINVAL;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                /* (field id 64bit + ((value + NUL + signature string 'u') */
+
+                p = message_extend_fields(m, 8, 8 + 4 + 1 + 1, true);
+                if (!p)
+                        return -ENOMEM;
+
+                *((uint64_t*) p) = h;
+                *((uint32_t*) (p + 8)) = x;
+                p[12] = 0;
+                p[13] = 'u';
+        } else {
+                /* (field id byte + (signature length + signature 'u' + NUL) + value) */
+                p = message_extend_fields(m, 8, 4 + 4, false);
+                if (!p)
+                        return -ENOMEM;
+
+                p[0] = (uint8_t) h;
+                p[1] = 1;
+                p[2] = 'u';
+                p[3] = 0;
+
+                ((uint32_t*) p)[1] = x;
+        }
+
+        return 0;
+}
+
+static int message_append_field_uint64(sd_bus_message *m, uint64_t h, uint64_t x) {
+        uint8_t *p;
+
+        assert(m);
+
+        /* dbus1 only allows 8bit header field ids */
+        if (h > 0xFF)
+                return -EINVAL;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                /* (field id 64bit + ((value + NUL + signature string 't') */
+
+                p = message_extend_fields(m, 8, 8 + 8 + 1 + 1, true);
+                if (!p)
+                        return -ENOMEM;
+
+                *((uint64_t*) p) = h;
+                *((uint64_t*) (p + 8)) = x;
+                p[16] = 0;
+                p[17] = 't';
+        } else {
+                /* (field id byte + (signature length + signature 't' + NUL) + 4 byte padding + value) */
+                p = message_extend_fields(m, 8, 4 + 4 + 8, false);
+                if (!p)
+                        return -ENOMEM;
+
+                p[0] = (uint8_t) h;
+                p[1] = 1;
+                p[2] = 't';
+                p[3] = 0;
+                p[4] = 0;
+                p[5] = 0;
+                p[6] = 0;
+                p[7] = 0;
+
+                ((uint64_t*) p)[1] = x;
+        }
+
+        return 0;
+}
+
+static int message_append_reply_cookie(sd_bus_message *m, uint64_t cookie) {
+        assert(m);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m))
+                return message_append_field_uint64(m, BUS_MESSAGE_HEADER_REPLY_SERIAL, cookie);
+        else {
+                /* 64bit cookies are not supported on dbus1 */
+                if (cookie > 0xffffffffUL)
+                        return -EOPNOTSUPP;
+
+                return message_append_field_uint32(m, BUS_MESSAGE_HEADER_REPLY_SERIAL, (uint32_t) cookie);
+        }
+}
+
+int bus_message_from_header(
+                sd_bus *bus,
+                void *header,
+                size_t header_accessible,
+                void *footer,
+                size_t footer_accessible,
+                size_t message_size,
+                int *fds,
+                unsigned n_fds,
+                const char *label,
+                size_t extra,
+                sd_bus_message **ret) {
+
+        _cleanup_free_ sd_bus_message *m = NULL;
+        struct bus_header *h;
+        size_t a, label_sz;
+
+        assert(bus);
+        assert(header || header_accessible <= 0);
+        assert(footer || footer_accessible <= 0);
+        assert(fds || n_fds <= 0);
+        assert(ret);
+
+        if (header_accessible < sizeof(struct bus_header))
+                return -EBADMSG;
+
+        if (header_accessible > message_size)
+                return -EBADMSG;
+        if (footer_accessible > message_size)
+                return -EBADMSG;
+
+        h = header;
+        if (!IN_SET(h->version, 1, 2))
+                return -EBADMSG;
+
+        if (h->type == _SD_BUS_MESSAGE_TYPE_INVALID)
+                return -EBADMSG;
+
+        if (!IN_SET(h->endian, BUS_LITTLE_ENDIAN, BUS_BIG_ENDIAN))
+                return -EBADMSG;
+
+        /* Note that we are happy with unknown flags in the flags header! */
+
+        a = ALIGN(sizeof(sd_bus_message)) + ALIGN(extra);
+
+        if (label) {
+                label_sz = strlen(label);
+                a += label_sz + 1;
+        }
+
+        m = malloc0(a);
+        if (!m)
+                return -ENOMEM;
+
+        m->n_ref = 1;
+        m->sealed = true;
+        m->header = header;
+        m->header_accessible = header_accessible;
+        m->footer = footer;
+        m->footer_accessible = footer_accessible;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                size_t ws;
+
+                if (h->dbus2.cookie == 0)
+                        return -EBADMSG;
+
+                /* dbus2 derives the sizes from the message size and
+                the offset table at the end, since it is formatted as
+                gvariant "yyyyuta{tv}v". Since the message itself is a
+                structure with precisely to variable sized entries,
+                there's only one offset in the table, which marks the
+                end of the fields array. */
+
+                ws = bus_gvariant_determine_word_size(message_size, 0);
+                if (footer_accessible < ws)
+                        return -EBADMSG;
+
+                m->fields_size = bus_gvariant_read_word_le((uint8_t*) footer + footer_accessible - ws, ws);
+                if (ALIGN8(m->fields_size) > message_size - ws)
+                        return -EBADMSG;
+                if (m->fields_size < sizeof(struct bus_header))
+                        return -EBADMSG;
+
+                m->fields_size -= sizeof(struct bus_header);
+                m->body_size = message_size - (sizeof(struct bus_header) + ALIGN8(m->fields_size));
+        } else {
+                if (h->dbus1.serial == 0)
+                        return -EBADMSG;
+
+                /* dbus1 has the sizes in the header */
+                m->fields_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.fields_size);
+                m->body_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.body_size);
+
+                if (sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size != message_size)
+                        return -EBADMSG;
+        }
+
+        m->fds = fds;
+        m->n_fds = n_fds;
+
+        if (label) {
+                m->creds.label = (char*) m + ALIGN(sizeof(sd_bus_message)) + ALIGN(extra);
+                memcpy(m->creds.label, label, label_sz + 1);
+
+                m->creds.mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
+        }
+
+        m->bus = sd_bus_ref(bus);
+        *ret = m;
+        m = NULL;
+
+        return 0;
+}
+
+int bus_message_from_malloc(
+                sd_bus *bus,
+                void *buffer,
+                size_t length,
+                int *fds,
+                unsigned n_fds,
+                const char *label,
+                sd_bus_message **ret) {
+
+        sd_bus_message *m;
+        size_t sz;
+        int r;
+
+        r = bus_message_from_header(
+                        bus,
+                        buffer, length, /* in this case the initial bytes and the final bytes are the same */
+                        buffer, length,
+                        length,
+                        fds, n_fds,
+                        label,
+                        0, &m);
+        if (r < 0)
+                return r;
+
+        sz = length - sizeof(struct bus_header) - ALIGN8(m->fields_size);
+        if (sz > 0) {
+                m->n_body_parts = 1;
+                m->body.data = (uint8_t*) buffer + sizeof(struct bus_header) + ALIGN8(m->fields_size);
+                m->body.size = sz;
+                m->body.sealed = true;
+                m->body.memfd = -1;
+        }
+
+        m->n_iovec = 1;
+        m->iovec = m->iovec_fixed;
+        m->iovec[0].iov_base = buffer;
+        m->iovec[0].iov_len = length;
+
+        r = bus_message_parse_fields(m);
+        if (r < 0)
+                goto fail;
+
+        /* We take possession of the memory and fds now */
+        m->free_header = true;
+        m->free_fds = true;
+
+        *ret = m;
+        return 0;
+
+fail:
+        message_free(m);
+        return r;
+}
+
+static sd_bus_message *message_new(sd_bus *bus, uint8_t type) {
+        sd_bus_message *m;
+
+        assert(bus);
+
+        m = malloc0(ALIGN(sizeof(sd_bus_message)) + sizeof(struct bus_header));
+        if (!m)
+                return NULL;
+
+        m->n_ref = 1;
+        m->header = (struct bus_header*) ((uint8_t*) m + ALIGN(sizeof(struct sd_bus_message)));
+        m->header->endian = BUS_NATIVE_ENDIAN;
+        m->header->type = type;
+        m->header->version = bus->message_version;
+        m->allow_fds = bus->can_fds || (bus->state != BUS_HELLO && bus->state != BUS_RUNNING);
+        m->root_container.need_offsets = BUS_MESSAGE_IS_GVARIANT(m);
+        m->bus = sd_bus_ref(bus);
+
+        if (bus->allow_interactive_authorization)
+                m->header->flags |= BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION;
+
+        return m;
+}
+
+_public_ int sd_bus_message_new_signal(
+                sd_bus *bus,
+                sd_bus_message **m,
+                const char *path,
+                const char *interface,
+                const char *member) {
+
+        sd_bus_message *t;
+        int r;
+
+        assert_return(bus, -ENOTCONN);
+        assert_return(bus->state != BUS_UNSET, -ENOTCONN);
+        assert_return(object_path_is_valid(path), -EINVAL);
+        assert_return(interface_name_is_valid(interface), -EINVAL);
+        assert_return(member_name_is_valid(member), -EINVAL);
+        assert_return(m, -EINVAL);
+
+        t = message_new(bus, SD_BUS_MESSAGE_SIGNAL);
+        if (!t)
+                return -ENOMEM;
+
+        t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
+
+        r = message_append_field_string(t, BUS_MESSAGE_HEADER_PATH, SD_BUS_TYPE_OBJECT_PATH, path, &t->path);
+        if (r < 0)
+                goto fail;
+        r = message_append_field_string(t, BUS_MESSAGE_HEADER_INTERFACE, SD_BUS_TYPE_STRING, interface, &t->interface);
+        if (r < 0)
+                goto fail;
+        r = message_append_field_string(t, BUS_MESSAGE_HEADER_MEMBER, SD_BUS_TYPE_STRING, member, &t->member);
+        if (r < 0)
+                goto fail;
+
+        *m = t;
+        return 0;
+
+fail:
+        sd_bus_message_unref(t);
+        return r;
+}
+
+_public_ int sd_bus_message_new_method_call(
+                sd_bus *bus,
+                sd_bus_message **m,
+                const char *destination,
+                const char *path,
+                const char *interface,
+                const char *member) {
+
+        sd_bus_message *t;
+        int r;
+
+        assert_return(bus, -ENOTCONN);
+        assert_return(bus->state != BUS_UNSET, -ENOTCONN);
+        assert_return(!destination || service_name_is_valid(destination), -EINVAL);
+        assert_return(object_path_is_valid(path), -EINVAL);
+        assert_return(!interface || interface_name_is_valid(interface), -EINVAL);
+        assert_return(member_name_is_valid(member), -EINVAL);
+        assert_return(m, -EINVAL);
+
+        t = message_new(bus, SD_BUS_MESSAGE_METHOD_CALL);
+        if (!t)
+                return -ENOMEM;
+
+        r = message_append_field_string(t, BUS_MESSAGE_HEADER_PATH, SD_BUS_TYPE_OBJECT_PATH, path, &t->path);
+        if (r < 0)
+                goto fail;
+        r = message_append_field_string(t, BUS_MESSAGE_HEADER_MEMBER, SD_BUS_TYPE_STRING, member, &t->member);
+        if (r < 0)
+                goto fail;
+
+        if (interface) {
+                r = message_append_field_string(t, BUS_MESSAGE_HEADER_INTERFACE, SD_BUS_TYPE_STRING, interface, &t->interface);
+                if (r < 0)
+                        goto fail;
+        }
+
+        if (destination) {
+                r = message_append_field_string(t, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, destination, &t->destination);
+                if (r < 0)
+                        goto fail;
+        }
+
+        *m = t;
+        return 0;
+
+fail:
+        message_free(t);
+        return r;
+}
+
+static int message_new_reply(
+                sd_bus_message *call,
+                uint8_t type,
+                sd_bus_message **m) {
+
+        sd_bus_message *t;
+        int r;
+
+        assert_return(call, -EINVAL);
+        assert_return(call->sealed, -EPERM);
+        assert_return(call->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
+        assert_return(call->bus->state != BUS_UNSET, -ENOTCONN);
+        assert_return(m, -EINVAL);
+
+        t = message_new(call->bus, type);
+        if (!t)
+                return -ENOMEM;
+
+        t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
+        t->reply_cookie = BUS_MESSAGE_COOKIE(call);
+        if (t->reply_cookie == 0)
+                return -EOPNOTSUPP;
+
+        r = message_append_reply_cookie(t, t->reply_cookie);
+        if (r < 0)
+                goto fail;
+
+        if (call->sender) {
+                r = message_append_field_string(t, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, call->sender, &t->destination);
+                if (r < 0)
+                        goto fail;
+        }
+
+        t->dont_send = !!(call->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED);
+        t->enforced_reply_signature = call->enforced_reply_signature;
+
+        *m = t;
+        return 0;
+
+fail:
+        message_free(t);
+        return r;
+}
+
+_public_ int sd_bus_message_new_method_return(
+                sd_bus_message *call,
+                sd_bus_message **m) {
+
+        return message_new_reply(call, SD_BUS_MESSAGE_METHOD_RETURN, m);
+}
+
+_public_ int sd_bus_message_new_method_error(
+                sd_bus_message *call,
+                sd_bus_message **m,
+                const sd_bus_error *e) {
+
+        sd_bus_message *t;
+        int r;
+
+        assert_return(sd_bus_error_is_set(e), -EINVAL);
+        assert_return(m, -EINVAL);
+
+        r = message_new_reply(call, SD_BUS_MESSAGE_METHOD_ERROR, &t);
+        if (r < 0)
+                return r;
+
+        r = message_append_field_string(t, BUS_MESSAGE_HEADER_ERROR_NAME, SD_BUS_TYPE_STRING, e->name, &t->error.name);
+        if (r < 0)
+                goto fail;
+
+        if (e->message) {
+                r = message_append_basic(t, SD_BUS_TYPE_STRING, e->message, (const void**) &t->error.message);
+                if (r < 0)
+                        goto fail;
+        }
+
+        t->error._need_free = -1;
+
+        *m = t;
+        return 0;
+
+fail:
+        message_free(t);
+        return r;
+}
+
+_public_ int sd_bus_message_new_method_errorf(
+                sd_bus_message *call,
+                sd_bus_message **m,
+                const char *name,
+                const char *format,
+                ...) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        va_list ap;
+
+        assert_return(name, -EINVAL);
+        assert_return(m, -EINVAL);
+
+        va_start(ap, format);
+        bus_error_setfv(&error, name, format, ap);
+        va_end(ap);
+
+        return sd_bus_message_new_method_error(call, m, &error);
+}
+
+_public_ int sd_bus_message_new_method_errno(
+                sd_bus_message *call,
+                sd_bus_message **m,
+                int error,
+                const sd_bus_error *p) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error berror = SD_BUS_ERROR_NULL;
+
+        if (sd_bus_error_is_set(p))
+                return sd_bus_message_new_method_error(call, m, p);
+
+        sd_bus_error_set_errno(&berror, error);
+
+        return sd_bus_message_new_method_error(call, m, &berror);
+}
+
+_public_ int sd_bus_message_new_method_errnof(
+                sd_bus_message *call,
+                sd_bus_message **m,
+                int error,
+                const char *format,
+                ...) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error berror = SD_BUS_ERROR_NULL;
+        va_list ap;
+
+        va_start(ap, format);
+        sd_bus_error_set_errnofv(&berror, error, format, ap);
+        va_end(ap);
+
+        return sd_bus_message_new_method_error(call, m, &berror);
+}
+
+void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m) {
+        assert(bus);
+        assert(m);
+
+        m->sender = m->creds.unique_name = (char*) "org.freedesktop.DBus.Local";
+        m->creds.well_known_names_local = true;
+        m->creds.mask |= (SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_WELL_KNOWN_NAMES) & bus->creds_mask;
+}
+
+void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m) {
+        assert(bus);
+        assert(m);
+
+        m->sender = m->creds.unique_name = (char*) "org.freedesktop.DBus";
+        m->creds.well_known_names_driver = true;
+        m->creds.mask |= (SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_WELL_KNOWN_NAMES) & bus->creds_mask;
+}
+
+int bus_message_new_synthetic_error(
+                sd_bus *bus,
+                uint64_t cookie,
+                const sd_bus_error *e,
+                sd_bus_message **m) {
+
+        sd_bus_message *t;
+        int r;
+
+        assert(bus);
+        assert(sd_bus_error_is_set(e));
+        assert(m);
+
+        t = message_new(bus, SD_BUS_MESSAGE_METHOD_ERROR);
+        if (!t)
+                return -ENOMEM;
+
+        t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
+        t->reply_cookie = cookie;
+
+        r = message_append_reply_cookie(t, t->reply_cookie);
+        if (r < 0)
+                goto fail;
+
+        if (bus && bus->unique_name) {
+                r = message_append_field_string(t, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, bus->unique_name, &t->destination);
+                if (r < 0)
+                        goto fail;
+        }
+
+        r = message_append_field_string(t, BUS_MESSAGE_HEADER_ERROR_NAME, SD_BUS_TYPE_STRING, e->name, &t->error.name);
+        if (r < 0)
+                goto fail;
+
+        if (e->message) {
+                r = message_append_basic(t, SD_BUS_TYPE_STRING, e->message, (const void**) &t->error.message);
+                if (r < 0)
+                        goto fail;
+        }
+
+        t->error._need_free = -1;
+
+        bus_message_set_sender_driver(bus, t);
+
+        *m = t;
+        return 0;
+
+fail:
+        message_free(t);
+        return r;
+}
+
+_public_ sd_bus_message* sd_bus_message_ref(sd_bus_message *m) {
+
+        if (!m)
+                return NULL;
+
+        assert(m->n_ref > 0);
+        m->n_ref++;
+
+        return m;
+}
+
+_public_ sd_bus_message* sd_bus_message_unref(sd_bus_message *m) {
+
+        if (!m)
+                return NULL;
+
+        assert(m->n_ref > 0);
+        m->n_ref--;
+
+        if (m->n_ref > 0)
+                return NULL;
+
+        message_free(m);
+        return NULL;
+}
+
+_public_ int sd_bus_message_get_type(sd_bus_message *m, uint8_t *type) {
+        assert_return(m, -EINVAL);
+        assert_return(type, -EINVAL);
+
+        *type = m->header->type;
+        return 0;
+}
+
+_public_ int sd_bus_message_get_cookie(sd_bus_message *m, uint64_t *cookie) {
+        uint64_t c;
+
+        assert_return(m, -EINVAL);
+        assert_return(cookie, -EINVAL);
+
+        c = BUS_MESSAGE_COOKIE(m);
+        if (c == 0)
+                return -ENODATA;
+
+        *cookie = BUS_MESSAGE_COOKIE(m);
+        return 0;
+}
+
+_public_ int sd_bus_message_get_reply_cookie(sd_bus_message *m, uint64_t *cookie) {
+        assert_return(m, -EINVAL);
+        assert_return(cookie, -EINVAL);
+
+        if (m->reply_cookie == 0)
+                return -ENODATA;
+
+        *cookie = m->reply_cookie;
+        return 0;
+}
+
+_public_ int sd_bus_message_get_expect_reply(sd_bus_message *m) {
+        assert_return(m, -EINVAL);
+
+        return m->header->type == SD_BUS_MESSAGE_METHOD_CALL &&
+                !(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED);
+}
+
+_public_ int sd_bus_message_get_auto_start(sd_bus_message *m) {
+        assert_return(m, -EINVAL);
+
+        return !(m->header->flags & BUS_MESSAGE_NO_AUTO_START);
+}
+
+_public_ int sd_bus_message_get_allow_interactive_authorization(sd_bus_message *m) {
+        assert_return(m, -EINVAL);
+
+        return m->header->type == SD_BUS_MESSAGE_METHOD_CALL &&
+                (m->header->flags & BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION);
+}
+
+_public_ const char *sd_bus_message_get_path(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        return m->path;
+}
+
+_public_ const char *sd_bus_message_get_interface(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        return m->interface;
+}
+
+_public_ const char *sd_bus_message_get_member(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        return m->member;
+}
+
+_public_ const char *sd_bus_message_get_destination(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        return m->destination;
+}
+
+_public_ const char *sd_bus_message_get_sender(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        return m->sender;
+}
+
+_public_ const sd_bus_error *sd_bus_message_get_error(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        if (!sd_bus_error_is_set(&m->error))
+                return NULL;
+
+        return &m->error;
+}
+
+_public_ int sd_bus_message_get_monotonic_usec(sd_bus_message *m, uint64_t *usec) {
+        assert_return(m, -EINVAL);
+        assert_return(usec, -EINVAL);
+
+        if (m->monotonic <= 0)
+                return -ENODATA;
+
+        *usec = m->monotonic;
+        return 0;
+}
+
+_public_ int sd_bus_message_get_realtime_usec(sd_bus_message *m, uint64_t *usec) {
+        assert_return(m, -EINVAL);
+        assert_return(usec, -EINVAL);
+
+        if (m->realtime <= 0)
+                return -ENODATA;
+
+        *usec = m->realtime;
+        return 0;
+}
+
+_public_ int sd_bus_message_get_seqnum(sd_bus_message *m, uint64_t *seqnum) {
+        assert_return(m, -EINVAL);
+        assert_return(seqnum, -EINVAL);
+
+        if (m->seqnum <= 0)
+                return -ENODATA;
+
+        *seqnum = m->seqnum;
+        return 0;
+}
+
+_public_ sd_bus_creds *sd_bus_message_get_creds(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        if (m->creds.mask == 0)
+                return NULL;
+
+        return &m->creds;
+}
+
+_public_ int sd_bus_message_is_signal(
+                sd_bus_message *m,
+                const char *interface,
+                const char *member) {
+
+        assert_return(m, -EINVAL);
+
+        if (m->header->type != SD_BUS_MESSAGE_SIGNAL)
+                return 0;
+
+        if (interface && (!m->interface || !streq(m->interface, interface)))
+                return 0;
+
+        if (member &&  (!m->member || !streq(m->member, member)))
+                return 0;
+
+        return 1;
+}
+
+_public_ int sd_bus_message_is_method_call(
+                sd_bus_message *m,
+                const char *interface,
+                const char *member) {
+
+        assert_return(m, -EINVAL);
+
+        if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
+                return 0;
+
+        if (interface && (!m->interface || !streq(m->interface, interface)))
+                return 0;
+
+        if (member &&  (!m->member || !streq(m->member, member)))
+                return 0;
+
+        return 1;
+}
+
+_public_ int sd_bus_message_is_method_error(sd_bus_message *m, const char *name) {
+        assert_return(m, -EINVAL);
+
+        if (m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
+                return 0;
+
+        if (name && (!m->error.name || !streq(m->error.name, name)))
+                return 0;
+
+        return 1;
+}
+
+_public_ int sd_bus_message_set_expect_reply(sd_bus_message *m, int b) {
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EPERM);
+
+        SET_FLAG(m->header->flags, BUS_MESSAGE_NO_REPLY_EXPECTED, !b);
+
+        return 0;
+}
+
+_public_ int sd_bus_message_set_auto_start(sd_bus_message *m, int b) {
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        SET_FLAG(m->header->flags, BUS_MESSAGE_NO_AUTO_START, !b);
+
+        return 0;
+}
+
+_public_ int sd_bus_message_set_allow_interactive_authorization(sd_bus_message *m, int b) {
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        SET_FLAG(m->header->flags, BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION, b);
+
+        return 0;
+}
+
+static struct bus_container *message_get_container(sd_bus_message *m) {
+        assert(m);
+
+        if (m->n_containers == 0)
+                return &m->root_container;
+
+        assert(m->containers);
+        return m->containers + m->n_containers - 1;
+}
+
+struct bus_body_part *message_append_part(sd_bus_message *m) {
+        struct bus_body_part *part;
+
+        assert(m);
+
+        if (m->poisoned)
+                return NULL;
+
+        if (m->n_body_parts <= 0) {
+                part = &m->body;
+                zero(*part);
+        } else {
+                assert(m->body_end);
+
+                part = new0(struct bus_body_part, 1);
+                if (!part) {
+                        m->poisoned = true;
+                        return NULL;
+                }
+
+                m->body_end->next = part;
+        }
+
+        part->memfd = -1;
+        m->body_end = part;
+        m->n_body_parts++;
+
+        return part;
+}
+
+static void part_zero(struct bus_body_part *part, size_t sz) {
+        assert(part);
+        assert(sz > 0);
+        assert(sz < 8);
+
+        /* All other fields can be left in their defaults */
+        assert(!part->data);
+        assert(part->memfd < 0);
+
+        part->size = sz;
+        part->is_zero = true;
+        part->sealed = true;
+}
+
+static int part_make_space(
+                struct sd_bus_message *m,
+                struct bus_body_part *part,
+                size_t sz,
+                void **q) {
+
+        void *n;
+        int r;
+
+        assert(m);
+        assert(part);
+        assert(!part->sealed);
+
+        if (m->poisoned)
+                return -ENOMEM;
+
+        if (!part->data && part->memfd < 0) {
+                part->memfd = bus_kernel_pop_memfd(m->bus, &part->data, &part->mapped, &part->allocated);
+                part->mmap_begin = part->data;
+        }
+
+        if (part->memfd >= 0) {
+
+                if (part->allocated == 0 || sz > part->allocated) {
+                        uint64_t new_allocated;
+
+                        new_allocated = PAGE_ALIGN(sz > 0 ? 2 * sz : 1);
+                        r = memfd_set_size(part->memfd, new_allocated);
+                        if (r < 0) {
+                                m->poisoned = true;
+                                return r;
+                        }
+
+                        part->allocated = new_allocated;
+                }
+
+                if (!part->data || sz > part->mapped) {
+                        size_t psz;
+
+                        psz = PAGE_ALIGN(sz > 0 ? sz : 1);
+                        if (part->mapped <= 0)
+                                n = mmap(NULL, psz, PROT_READ|PROT_WRITE, MAP_SHARED, part->memfd, 0);
+                        else
+                                n = mremap(part->mmap_begin, part->mapped, psz, MREMAP_MAYMOVE);
+
+                        if (n == MAP_FAILED) {
+                                m->poisoned = true;
+                                return -errno;
+                        }
+
+                        part->mmap_begin = part->data = n;
+                        part->mapped = psz;
+                        part->memfd_offset = 0;
+                }
+
+                part->munmap_this = true;
+        } else {
+                if (part->allocated == 0 || sz > part->allocated) {
+                        size_t new_allocated;
+
+                        new_allocated = sz > 0 ? 2 * sz : 64;
+                        n = realloc(part->data, new_allocated);
+                        if (!n) {
+                                m->poisoned = true;
+                                return -ENOMEM;
+                        }
+
+                        part->data = n;
+                        part->allocated = new_allocated;
+                        part->free_this = true;
+                }
+        }
+
+        if (q)
+                *q = part->data ? (uint8_t*) part->data + part->size : NULL;
+
+        part->size = sz;
+        return 0;
+}
+
+static int message_add_offset(sd_bus_message *m, size_t offset) {
+        struct bus_container *c;
+
+        assert(m);
+        assert(BUS_MESSAGE_IS_GVARIANT(m));
+
+        /* Add offset to current container, unless this is the first
+         * item in it, which will have the 0 offset, which we can
+         * ignore. */
+        c = message_get_container(m);
+
+        if (!c->need_offsets)
+                return 0;
+
+        if (!GREEDY_REALLOC(c->offsets, c->offsets_allocated, c->n_offsets + 1))
+                return -ENOMEM;
+
+        c->offsets[c->n_offsets++] = offset;
+        return 0;
+}
+
+static void message_extend_containers(sd_bus_message *m, size_t expand) {
+        struct bus_container *c;
+
+        assert(m);
+
+        if (expand <= 0)
+                return;
+
+        /* Update counters */
+        for (c = m->containers; c < m->containers + m->n_containers; c++) {
+
+                if (c->array_size)
+                        *c->array_size += expand;
+        }
+}
+
+static void *message_extend_body(
+                sd_bus_message *m,
+                size_t align,
+                size_t sz,
+                bool add_offset,
+                bool force_inline) {
+
+        size_t start_body, end_body, padding, added;
+        void *p;
+        int r;
+
+        assert(m);
+        assert(align > 0);
+        assert(!m->sealed);
+
+        if (m->poisoned)
+                return NULL;
+
+        start_body = ALIGN_TO((size_t) m->body_size, align);
+        end_body = start_body + sz;
+
+        padding = start_body - m->body_size;
+        added = padding + sz;
+
+        /* Check for 32bit overflows */
+        if (end_body > (size_t) ((uint32_t) -1) ||
+            end_body < start_body) {
+                m->poisoned = true;
+                return NULL;
+        }
+
+        if (added > 0) {
+                struct bus_body_part *part = NULL;
+                bool add_new_part;
+
+                add_new_part =
+                        m->n_body_parts <= 0 ||
+                        m->body_end->sealed ||
+                        (padding != ALIGN_TO(m->body_end->size, align) - m->body_end->size) ||
+                        (force_inline && m->body_end->size > MEMFD_MIN_SIZE); /* if this must be an inlined extension, let's create a new part if the previous part is large enough to be inlined */
+
+                if (add_new_part) {
+                        if (padding > 0) {
+                                part = message_append_part(m);
+                                if (!part)
+                                        return NULL;
+
+                                part_zero(part, padding);
+                        }
+
+                        part = message_append_part(m);
+                        if (!part)
+                                return NULL;
+
+                        r = part_make_space(m, part, sz, &p);
+                        if (r < 0)
+                                return NULL;
+                } else {
+                        struct bus_container *c;
+                        void *op;
+                        size_t os, start_part, end_part;
+
+                        part = m->body_end;
+                        op = part->data;
+                        os = part->size;
+
+                        start_part = ALIGN_TO(part->size, align);
+                        end_part = start_part + sz;
+
+                        r = part_make_space(m, part, end_part, &p);
+                        if (r < 0)
+                                return NULL;
+
+                        if (padding > 0) {
+                                memzero(p, padding);
+                                p = (uint8_t*) p + padding;
+                        }
+
+                        /* Readjust pointers */
+                        for (c = m->containers; c < m->containers + m->n_containers; c++)
+                                c->array_size = adjust_pointer(c->array_size, op, os, part->data);
+
+                        m->error.message = (const char*) adjust_pointer(m->error.message, op, os, part->data);
+                }
+        } else
+                /* Return something that is not NULL and is aligned */
+                p = (uint8_t *) NULL + align;
+
+        m->body_size = end_body;
+        message_extend_containers(m, added);
+
+        if (add_offset) {
+                r = message_add_offset(m, end_body);
+                if (r < 0) {
+                        m->poisoned = true;
+                        return NULL;
+                }
+        }
+
+        return p;
+}
+
+static int message_push_fd(sd_bus_message *m, int fd) {
+        int *f, copy;
+
+        assert(m);
+
+        if (fd < 0)
+                return -EINVAL;
+
+        if (!m->allow_fds)
+                return -EOPNOTSUPP;
+
+        copy = fcntl(fd, F_DUPFD_CLOEXEC, 3);
+        if (copy < 0)
+                return -errno;
+
+        f = realloc(m->fds, sizeof(int) * (m->n_fds + 1));
+        if (!f) {
+                m->poisoned = true;
+                safe_close(copy);
+                return -ENOMEM;
+        }
+
+        m->fds = f;
+        m->fds[m->n_fds] = copy;
+        m->free_fds = true;
+
+        return copy;
+}
+
+int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored) {
+        _cleanup_close_ int fd = -1;
+        struct bus_container *c;
+        ssize_t align, sz;
+        void *a;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(bus_type_is_basic(type), -EINVAL);
+        assert_return(!m->poisoned, -ESTALE);
+
+        c = message_get_container(m);
+
+        if (c->signature && c->signature[c->index]) {
+                /* Container signature is already set */
+
+                if (c->signature[c->index] != type)
+                        return -ENXIO;
+        } else {
+                char *e;
+
+                /* Maybe we can append to the signature? But only if this is the top-level container */
+                if (c->enclosing != 0)
+                        return -ENXIO;
+
+                e = strextend(&c->signature, CHAR_TO_STR(type), NULL);
+                if (!e) {
+                        m->poisoned = true;
+                        return -ENOMEM;
+                }
+        }
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                uint8_t u8;
+                uint32_t u32;
+
+                switch (type) {
+
+                case SD_BUS_TYPE_SIGNATURE:
+                case SD_BUS_TYPE_STRING:
+                        p = strempty(p);
+
+                        /* Fall through... */
+                case SD_BUS_TYPE_OBJECT_PATH:
+                        if (!p)
+                                return -EINVAL;
+
+                        align = 1;
+                        sz = strlen(p) + 1;
+                        break;
+
+                case SD_BUS_TYPE_BOOLEAN:
+
+                        u8 = p && *(int*) p;
+                        p = &u8;
+
+                        align = sz = 1;
+                        break;
+
+                case SD_BUS_TYPE_UNIX_FD:
+
+                        if (!p)
+                                return -EINVAL;
+
+                        fd = message_push_fd(m, *(int*) p);
+                        if (fd < 0)
+                                return fd;
+
+                        u32 = m->n_fds;
+                        p = &u32;
+
+                        align = sz = 4;
+                        break;
+
+                default:
+                        align = bus_gvariant_get_alignment(CHAR_TO_STR(type));
+                        sz = bus_gvariant_get_size(CHAR_TO_STR(type));
+                        break;
+                }
+
+                assert(align > 0);
+                assert(sz > 0);
+
+                a = message_extend_body(m, align, sz, true, false);
+                if (!a)
+                        return -ENOMEM;
+
+                memcpy(a, p, sz);
+
+                if (stored)
+                        *stored = (const uint8_t*) a;
+
+        } else {
+                uint32_t u32;
+
+                switch (type) {
+
+                case SD_BUS_TYPE_STRING:
+                        /* To make things easy we'll serialize a NULL string
+                         * into the empty string */
+                        p = strempty(p);
+
+                        /* Fall through... */
+                case SD_BUS_TYPE_OBJECT_PATH:
+
+                        if (!p)
+                                return -EINVAL;
+
+                        align = 4;
+                        sz = 4 + strlen(p) + 1;
+                        break;
+
+                case SD_BUS_TYPE_SIGNATURE:
+
+                        p = strempty(p);
+
+                        align = 1;
+                        sz = 1 + strlen(p) + 1;
+                        break;
+
+                case SD_BUS_TYPE_BOOLEAN:
+
+                        u32 = p && *(int*) p;
+                        p = &u32;
+
+                        align = sz = 4;
+                        break;
+
+                case SD_BUS_TYPE_UNIX_FD:
+
+                        if (!p)
+                                return -EINVAL;
+
+                        fd = message_push_fd(m, *(int*) p);
+                        if (fd < 0)
+                                return fd;
+
+                        u32 = m->n_fds;
+                        p = &u32;
+
+                        align = sz = 4;
+                        break;
+
+                default:
+                        align = bus_type_get_alignment(type);
+                        sz = bus_type_get_size(type);
+                        break;
+                }
+
+                assert(align > 0);
+                assert(sz > 0);
+
+                a = message_extend_body(m, align, sz, false, false);
+                if (!a)
+                        return -ENOMEM;
+
+                if (type == SD_BUS_TYPE_STRING || type == SD_BUS_TYPE_OBJECT_PATH) {
+                        *(uint32_t*) a = sz - 5;
+                        memcpy((uint8_t*) a + 4, p, sz - 4);
+
+                        if (stored)
+                                *stored = (const uint8_t*) a + 4;
+
+                } else if (type == SD_BUS_TYPE_SIGNATURE) {
+                        *(uint8_t*) a = sz - 2;
+                        memcpy((uint8_t*) a + 1, p, sz - 1);
+
+                        if (stored)
+                                *stored = (const uint8_t*) a + 1;
+                } else {
+                        memcpy(a, p, sz);
+
+                        if (stored)
+                                *stored = a;
+                }
+        }
+
+        if (type == SD_BUS_TYPE_UNIX_FD)
+                m->n_fds++;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index++;
+
+        fd = -1;
+        return 0;
+}
+
+_public_ int sd_bus_message_append_basic(sd_bus_message *m, char type, const void *p) {
+        return message_append_basic(m, type, p, NULL);
+}
+
+_public_ int sd_bus_message_append_string_space(
+                sd_bus_message *m,
+                size_t size,
+                char **s) {
+
+        struct bus_container *c;
+        void *a;
+
+        assert_return(m, -EINVAL);
+        assert_return(s, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(!m->poisoned, -ESTALE);
+
+        c = message_get_container(m);
+
+        if (c->signature && c->signature[c->index]) {
+                /* Container signature is already set */
+
+                if (c->signature[c->index] != SD_BUS_TYPE_STRING)
+                        return -ENXIO;
+        } else {
+                char *e;
+
+                /* Maybe we can append to the signature? But only if this is the top-level container */
+                if (c->enclosing != 0)
+                        return -ENXIO;
+
+                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRING), NULL);
+                if (!e) {
+                        m->poisoned = true;
+                        return -ENOMEM;
+                }
+        }
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                a = message_extend_body(m, 1, size + 1, true, false);
+                if (!a)
+                        return -ENOMEM;
+
+                *s = a;
+        } else {
+                a = message_extend_body(m, 4, 4 + size + 1, false, false);
+                if (!a)
+                        return -ENOMEM;
+
+                *(uint32_t*) a = size;
+                *s = (char*) a + 4;
+        }
+
+        (*s)[size] = 0;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index++;
+
+        return 0;
+}
+
+_public_ int sd_bus_message_append_string_iovec(
+                sd_bus_message *m,
+                const struct iovec *iov,
+                unsigned n) {
+
+        size_t size;
+        unsigned i;
+        char *p;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(iov || n == 0, -EINVAL);
+        assert_return(!m->poisoned, -ESTALE);
+
+        size = IOVEC_TOTAL_SIZE(iov, n);
+
+        r = sd_bus_message_append_string_space(m, size, &p);
+        if (r < 0)
+                return r;
+
+        for (i = 0; i < n; i++) {
+
+                if (iov[i].iov_base)
+                        memcpy(p, iov[i].iov_base, iov[i].iov_len);
+                else
+                        memset(p, ' ', iov[i].iov_len);
+
+                p += iov[i].iov_len;
+        }
+
+        return 0;
+}
+
+static int bus_message_open_array(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                uint32_t **array_size,
+                size_t *begin,
+                bool *need_offsets) {
+
+        unsigned nindex;
+        int alignment, r;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+        assert(array_size);
+        assert(begin);
+        assert(need_offsets);
+
+        if (!signature_is_single(contents, true))
+                return -EINVAL;
+
+        if (c->signature && c->signature[c->index]) {
+
+                /* Verify the existing signature */
+
+                if (c->signature[c->index] != SD_BUS_TYPE_ARRAY)
+                        return -ENXIO;
+
+                if (!startswith(c->signature + c->index + 1, contents))
+                        return -ENXIO;
+
+                nindex = c->index + 1 + strlen(contents);
+        } else {
+                char *e;
+
+                if (c->enclosing != 0)
+                        return -ENXIO;
+
+                /* Extend the existing signature */
+
+                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_ARRAY), contents, NULL);
+                if (!e) {
+                        m->poisoned = true;
+                        return -ENOMEM;
+                }
+
+                nindex = e - c->signature;
+        }
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                alignment = bus_gvariant_get_alignment(contents);
+                if (alignment < 0)
+                        return alignment;
+
+                /* Add alignment padding and add to offset list */
+                if (!message_extend_body(m, alignment, 0, false, false))
+                        return -ENOMEM;
+
+                r = bus_gvariant_is_fixed_size(contents);
+                if (r < 0)
+                        return r;
+
+                *begin = m->body_size;
+                *need_offsets = r == 0;
+        } else {
+                void *a, *op;
+                size_t os;
+                struct bus_body_part *o;
+
+                alignment = bus_type_get_alignment(contents[0]);
+                if (alignment < 0)
+                        return alignment;
+
+                a = message_extend_body(m, 4, 4, false, false);
+                if (!a)
+                        return -ENOMEM;
+
+                o = m->body_end;
+                op = m->body_end->data;
+                os = m->body_end->size;
+
+                /* Add alignment between size and first element */
+                if (!message_extend_body(m, alignment, 0, false, false))
+                        return -ENOMEM;
+
+                /* location of array size might have changed so let's readjust a */
+                if (o == m->body_end)
+                        a = adjust_pointer(a, op, os, m->body_end->data);
+
+                *(uint32_t*) a = 0;
+                *array_size = a;
+        }
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index = nindex;
+
+        return 0;
+}
+
+static int bus_message_open_variant(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents) {
+
+        assert(m);
+        assert(c);
+        assert(contents);
+
+        if (!signature_is_single(contents, false))
+                return -EINVAL;
+
+        if (*contents == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
+                return -EINVAL;
+
+        if (c->signature && c->signature[c->index]) {
+
+                if (c->signature[c->index] != SD_BUS_TYPE_VARIANT)
+                        return -ENXIO;
+
+        } else {
+                char *e;
+
+                if (c->enclosing != 0)
+                        return -ENXIO;
+
+                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_VARIANT), NULL);
+                if (!e) {
+                        m->poisoned = true;
+                        return -ENOMEM;
+                }
+        }
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                /* Variants are always aligned to 8 */
+
+                if (!message_extend_body(m, 8, 0, false, false))
+                        return -ENOMEM;
+
+        } else {
+                size_t l;
+                void *a;
+
+                l = strlen(contents);
+                a = message_extend_body(m, 1, 1 + l + 1, false, false);
+                if (!a)
+                        return -ENOMEM;
+
+                *(uint8_t*) a = l;
+                memcpy((uint8_t*) a + 1, contents, l + 1);
+        }
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index++;
+
+        return 0;
+}
+
+static int bus_message_open_struct(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                size_t *begin,
+                bool *need_offsets) {
+
+        size_t nindex;
+        int r;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+        assert(begin);
+        assert(need_offsets);
+
+        if (!signature_is_valid(contents, false))
+                return -EINVAL;
+
+        if (c->signature && c->signature[c->index]) {
+                size_t l;
+
+                l = strlen(contents);
+
+                if (c->signature[c->index] != SD_BUS_TYPE_STRUCT_BEGIN ||
+                    !startswith(c->signature + c->index + 1, contents) ||
+                    c->signature[c->index + 1 + l] != SD_BUS_TYPE_STRUCT_END)
+                        return -ENXIO;
+
+                nindex = c->index + 1 + l + 1;
+        } else {
+                char *e;
+
+                if (c->enclosing != 0)
+                        return -ENXIO;
+
+                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END), NULL);
+                if (!e) {
+                        m->poisoned = true;
+                        return -ENOMEM;
+                }
+
+                nindex = e - c->signature;
+        }
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                int alignment;
+
+                alignment = bus_gvariant_get_alignment(contents);
+                if (alignment < 0)
+                        return alignment;
+
+                if (!message_extend_body(m, alignment, 0, false, false))
+                        return -ENOMEM;
+
+                r = bus_gvariant_is_fixed_size(contents);
+                if (r < 0)
+                        return r;
+
+                *begin = m->body_size;
+                *need_offsets = r == 0;
+        } else {
+                /* Align contents to 8 byte boundary */
+                if (!message_extend_body(m, 8, 0, false, false))
+                        return -ENOMEM;
+        }
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index = nindex;
+
+        return 0;
+}
+
+static int bus_message_open_dict_entry(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                size_t *begin,
+                bool *need_offsets) {
+
+        int r;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+        assert(begin);
+        assert(need_offsets);
+
+        if (!signature_is_pair(contents))
+                return -EINVAL;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                return -ENXIO;
+
+        if (c->signature && c->signature[c->index]) {
+                size_t l;
+
+                l = strlen(contents);
+
+                if (c->signature[c->index] != SD_BUS_TYPE_DICT_ENTRY_BEGIN ||
+                    !startswith(c->signature + c->index + 1, contents) ||
+                    c->signature[c->index + 1 + l] != SD_BUS_TYPE_DICT_ENTRY_END)
+                        return -ENXIO;
+        } else
+                return -ENXIO;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                int alignment;
+
+                alignment = bus_gvariant_get_alignment(contents);
+                if (alignment < 0)
+                        return alignment;
+
+                if (!message_extend_body(m, alignment, 0, false, false))
+                        return -ENOMEM;
+
+                r = bus_gvariant_is_fixed_size(contents);
+                if (r < 0)
+                        return r;
+
+                *begin = m->body_size;
+                *need_offsets = r == 0;
+        } else {
+                /* Align contents to 8 byte boundary */
+                if (!message_extend_body(m, 8, 0, false, false))
+                        return -ENOMEM;
+        }
+
+        return 0;
+}
+
+_public_ int sd_bus_message_open_container(
+                sd_bus_message *m,
+                char type,
+                const char *contents) {
+
+        struct bus_container *c, *w;
+        uint32_t *array_size = NULL;
+        char *signature;
+        size_t before, begin = 0;
+        bool need_offsets = false;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(contents, -EINVAL);
+        assert_return(!m->poisoned, -ESTALE);
+
+        /* Make sure we have space for one more container */
+        if (!GREEDY_REALLOC(m->containers, m->containers_allocated, m->n_containers + 1)) {
+                m->poisoned = true;
+                return -ENOMEM;
+        }
+
+        c = message_get_container(m);
+
+        signature = strdup(contents);
+        if (!signature) {
+                m->poisoned = true;
+                return -ENOMEM;
+        }
+
+        /* Save old index in the parent container, in case we have to
+         * abort this container */
+        c->saved_index = c->index;
+        before = m->body_size;
+
+        if (type == SD_BUS_TYPE_ARRAY)
+                r = bus_message_open_array(m, c, contents, &array_size, &begin, &need_offsets);
+        else if (type == SD_BUS_TYPE_VARIANT)
+                r = bus_message_open_variant(m, c, contents);
+        else if (type == SD_BUS_TYPE_STRUCT)
+                r = bus_message_open_struct(m, c, contents, &begin, &need_offsets);
+        else if (type == SD_BUS_TYPE_DICT_ENTRY)
+                r = bus_message_open_dict_entry(m, c, contents, &begin, &need_offsets);
+        else
+                r = -EINVAL;
+
+        if (r < 0) {
+                free(signature);
+                return r;
+        }
+
+        /* OK, let's fill it in */
+        w = m->containers + m->n_containers++;
+        w->enclosing = type;
+        w->signature = signature;
+        w->index = 0;
+        w->array_size = array_size;
+        w->before = before;
+        w->begin = begin;
+        w->n_offsets = w->offsets_allocated = 0;
+        w->offsets = NULL;
+        w->need_offsets = need_offsets;
+
+        return 0;
+}
+
+static int bus_message_close_array(sd_bus_message *m, struct bus_container *c) {
+
+        assert(m);
+        assert(c);
+
+        if (!BUS_MESSAGE_IS_GVARIANT(m))
+                return 0;
+
+        if (c->need_offsets) {
+                size_t payload, sz, i;
+                uint8_t *a;
+
+                /* Variable-width arrays */
+
+                payload = c->n_offsets > 0 ? c->offsets[c->n_offsets-1] - c->begin : 0;
+                sz = bus_gvariant_determine_word_size(payload, c->n_offsets);
+
+                a = message_extend_body(m, 1, sz * c->n_offsets, true, false);
+                if (!a)
+                        return -ENOMEM;
+
+                for (i = 0; i < c->n_offsets; i++)
+                        bus_gvariant_write_word_le(a + sz*i, sz, c->offsets[i] - c->begin);
+        } else {
+                void *a;
+
+                /* Fixed-width or empty arrays */
+
+                a = message_extend_body(m, 1, 0, true, false); /* let's add offset to parent */
+                if (!a)
+                        return -ENOMEM;
+        }
+
+        return 0;
+}
+
+static int bus_message_close_variant(sd_bus_message *m, struct bus_container *c) {
+        uint8_t *a;
+        size_t l;
+
+        assert(m);
+        assert(c);
+        assert(c->signature);
+
+        if (!BUS_MESSAGE_IS_GVARIANT(m))
+                return 0;
+
+        l = strlen(c->signature);
+
+        a = message_extend_body(m, 1, 1 + l, true, false);
+        if (!a)
+                return -ENOMEM;
+
+        a[0] = 0;
+        memcpy(a+1, c->signature, l);
+
+        return 0;
+}
+
+static int bus_message_close_struct(sd_bus_message *m, struct bus_container *c, bool add_offset) {
+        bool fixed_size = true;
+        size_t n_variable = 0;
+        unsigned i = 0;
+        const char *p;
+        uint8_t *a;
+        int r;
+
+        assert(m);
+        assert(c);
+
+        if (!BUS_MESSAGE_IS_GVARIANT(m))
+                return 0;
+
+        p = strempty(c->signature);
+        while (*p != 0) {
+                size_t n;
+
+                r = signature_element_length(p, &n);
+                if (r < 0)
+                        return r;
+                else {
+                        char t[n+1];
+
+                        memcpy(t, p, n);
+                        t[n] = 0;
+
+                        r = bus_gvariant_is_fixed_size(t);
+                        if (r < 0)
+                                return r;
+                }
+
+                assert(!c->need_offsets || i <= c->n_offsets);
+
+                /* We need to add an offset for each item that has a
+                 * variable size and that is not the last one in the
+                 * list */
+                if (r == 0)
+                        fixed_size = false;
+                if (r == 0 && p[n] != 0)
+                        n_variable++;
+
+                i++;
+                p += n;
+        }
+
+        assert(!c->need_offsets || i == c->n_offsets);
+        assert(c->need_offsets || n_variable == 0);
+
+        if (isempty(c->signature)) {
+                /* The unary type is encoded as fixed 1 byte padding */
+                a = message_extend_body(m, 1, 1, add_offset, false);
+                if (!a)
+                        return -ENOMEM;
+
+                *a = 0;
+        } else if (n_variable <= 0) {
+                int alignment = 1;
+
+                /* Structures with fixed-size members only have to be
+                 * fixed-size themselves. But gvariant requires all fixed-size
+                 * elements to be sized a multiple of their alignment. Hence,
+                 * we must *always* add final padding after the last member so
+                 * the overall size of the structure is properly aligned. */
+                if (fixed_size)
+                        alignment = bus_gvariant_get_alignment(strempty(c->signature));
+
+                assert(alignment > 0);
+
+                a = message_extend_body(m, alignment, 0, add_offset, false);
+                if (!a)
+                        return -ENOMEM;
+        } else {
+                size_t sz;
+                unsigned j;
+
+                assert(c->offsets[c->n_offsets-1] == m->body_size);
+
+                sz = bus_gvariant_determine_word_size(m->body_size - c->begin, n_variable);
+
+                a = message_extend_body(m, 1, sz * n_variable, add_offset, false);
+                if (!a)
+                        return -ENOMEM;
+
+                p = strempty(c->signature);
+                for (i = 0, j = 0; i < c->n_offsets; i++) {
+                        unsigned k;
+                        size_t n;
+
+                        r = signature_element_length(p, &n);
+                        if (r < 0)
+                                return r;
+                        else {
+                                char t[n+1];
+
+                                memcpy(t, p, n);
+                                t[n] = 0;
+
+                                p += n;
+
+                                r = bus_gvariant_is_fixed_size(t);
+                                if (r < 0)
+                                        return r;
+                                if (r > 0 || p[0] == 0)
+                                        continue;
+                        }
+
+                        k = n_variable - 1 - j;
+
+                        bus_gvariant_write_word_le(a + k * sz, sz, c->offsets[i] - c->begin);
+
+                        j++;
+                }
+        }
+
+        return 0;
+}
+
+_public_ int sd_bus_message_close_container(sd_bus_message *m) {
+        struct bus_container *c;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(m->n_containers > 0, -EINVAL);
+        assert_return(!m->poisoned, -ESTALE);
+
+        c = message_get_container(m);
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                if (c->signature && c->signature[c->index] != 0)
+                        return -EINVAL;
+
+        m->n_containers--;
+
+        if (c->enclosing == SD_BUS_TYPE_ARRAY)
+                r = bus_message_close_array(m, c);
+        else if (c->enclosing == SD_BUS_TYPE_VARIANT)
+                r = bus_message_close_variant(m, c);
+        else if (c->enclosing == SD_BUS_TYPE_STRUCT || c->enclosing == SD_BUS_TYPE_DICT_ENTRY)
+                r = bus_message_close_struct(m, c, true);
+        else
+                assert_not_reached("Unknown container type");
+
+        free(c->signature);
+        free(c->offsets);
+
+        return r;
+}
+
+typedef struct {
+        const char *types;
+        unsigned n_struct;
+        unsigned n_array;
+} TypeStack;
+
+static int type_stack_push(TypeStack *stack, unsigned max, unsigned *i, const char *types, unsigned n_struct, unsigned n_array) {
+        assert(stack);
+        assert(max > 0);
+
+        if (*i >= max)
+                return -EINVAL;
+
+        stack[*i].types = types;
+        stack[*i].n_struct = n_struct;
+        stack[*i].n_array = n_array;
+        (*i)++;
+
+        return 0;
+}
+
+static int type_stack_pop(TypeStack *stack, unsigned max, unsigned *i, const char **types, unsigned *n_struct, unsigned *n_array) {
+        assert(stack);
+        assert(max > 0);
+        assert(types);
+        assert(n_struct);
+        assert(n_array);
+
+        if (*i <= 0)
+                return 0;
+
+        (*i)--;
+        *types = stack[*i].types;
+        *n_struct = stack[*i].n_struct;
+        *n_array = stack[*i].n_array;
+
+        return 1;
+}
+
+int bus_message_append_ap(
+                sd_bus_message *m,
+                const char *types,
+                va_list ap) {
+
+        unsigned n_array, n_struct;
+        TypeStack stack[BUS_CONTAINER_DEPTH];
+        unsigned stack_ptr = 0;
+        int r;
+
+        assert(m);
+
+        if (!types)
+                return 0;
+
+        n_array = (unsigned) -1;
+        n_struct = strlen(types);
+
+        for (;;) {
+                const char *t;
+
+                if (n_array == 0 || (n_array == (unsigned) -1 && n_struct == 0)) {
+                        r = type_stack_pop(stack, ELEMENTSOF(stack), &stack_ptr, &types, &n_struct, &n_array);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                break;
+
+                        r = sd_bus_message_close_container(m);
+                        if (r < 0)
+                                return r;
+
+                        continue;
+                }
+
+                t = types;
+                if (n_array != (unsigned) -1)
+                        n_array--;
+                else {
+                        types++;
+                        n_struct--;
+                }
+
+                switch (*t) {
+
+                case SD_BUS_TYPE_BYTE: {
+                        uint8_t x;
+
+                        x = (uint8_t) va_arg(ap, int);
+                        r = sd_bus_message_append_basic(m, *t, &x);
+                        break;
+                }
+
+                case SD_BUS_TYPE_BOOLEAN:
+                case SD_BUS_TYPE_INT32:
+                case SD_BUS_TYPE_UINT32:
+                case SD_BUS_TYPE_UNIX_FD: {
+                        uint32_t x;
+
+                        /* We assume a boolean is the same as int32_t */
+                        assert_cc(sizeof(int32_t) == sizeof(int));
+
+                        x = va_arg(ap, uint32_t);
+                        r = sd_bus_message_append_basic(m, *t, &x);
+                        break;
+                }
+
+                case SD_BUS_TYPE_INT16:
+                case SD_BUS_TYPE_UINT16: {
+                        uint16_t x;
+
+                        x = (uint16_t) va_arg(ap, int);
+                        r = sd_bus_message_append_basic(m, *t, &x);
+                        break;
+                }
+
+                case SD_BUS_TYPE_INT64:
+                case SD_BUS_TYPE_UINT64: {
+                        uint64_t x;
+
+                        x = va_arg(ap, uint64_t);
+                        r = sd_bus_message_append_basic(m, *t, &x);
+                        break;
+                }
+
+                case SD_BUS_TYPE_DOUBLE: {
+                        double x;
+
+                        x = va_arg(ap, double);
+                        r = sd_bus_message_append_basic(m, *t, &x);
+                        break;
+                }
+
+                case SD_BUS_TYPE_STRING:
+                case SD_BUS_TYPE_OBJECT_PATH:
+                case SD_BUS_TYPE_SIGNATURE: {
+                        const char *x;
+
+                        x = va_arg(ap, const char*);
+                        r = sd_bus_message_append_basic(m, *t, x);
+                        break;
+                }
+
+                case SD_BUS_TYPE_ARRAY: {
+                        size_t k;
+
+                        r = signature_element_length(t + 1, &k);
+                        if (r < 0)
+                                return r;
+
+                        {
+                                char s[k + 1];
+                                memcpy(s, t + 1, k);
+                                s[k] = 0;
+
+                                r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, s);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        if (n_array == (unsigned) -1) {
+                                types += k;
+                                n_struct -= k;
+                        }
+
+                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
+                        if (r < 0)
+                                return r;
+
+                        types = t + 1;
+                        n_struct = k;
+                        n_array = va_arg(ap, unsigned);
+
+                        break;
+                }
+
+                case SD_BUS_TYPE_VARIANT: {
+                        const char *s;
+
+                        s = va_arg(ap, const char*);
+                        if (!s)
+                                return -EINVAL;
+
+                        r = sd_bus_message_open_container(m, SD_BUS_TYPE_VARIANT, s);
+                        if (r < 0)
+                                return r;
+
+                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
+                        if (r < 0)
+                                return r;
+
+                        types = s;
+                        n_struct = strlen(s);
+                        n_array = (unsigned) -1;
+
+                        break;
+                }
+
+                case SD_BUS_TYPE_STRUCT_BEGIN:
+                case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
+                        size_t k;
+
+                        r = signature_element_length(t, &k);
+                        if (r < 0)
+                                return r;
+
+                        {
+                                char s[k - 1];
+
+                                memcpy(s, t + 1, k - 2);
+                                s[k - 2] = 0;
+
+                                r = sd_bus_message_open_container(m, *t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        if (n_array == (unsigned) -1) {
+                                types += k - 1;
+                                n_struct -= k - 1;
+                        }
+
+                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
+                        if (r < 0)
+                                return r;
+
+                        types = t + 1;
+                        n_struct = k - 2;
+                        n_array = (unsigned) -1;
+
+                        break;
+                }
+
+                default:
+                        r = -EINVAL;
+                }
+
+                if (r < 0)
+                        return r;
+        }
+
+        return 1;
+}
+
+_public_ int sd_bus_message_append(sd_bus_message *m, const char *types, ...) {
+        va_list ap;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(types, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(!m->poisoned, -ESTALE);
+
+        va_start(ap, types);
+        r = bus_message_append_ap(m, types, ap);
+        va_end(ap);
+
+        return r;
+}
+
+_public_ int sd_bus_message_append_array_space(
+                sd_bus_message *m,
+                char type,
+                size_t size,
+                void **ptr) {
+
+        ssize_t align, sz;
+        void *a;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(bus_type_is_trivial(type) && type != SD_BUS_TYPE_BOOLEAN, -EINVAL);
+        assert_return(ptr || size == 0, -EINVAL);
+        assert_return(!m->poisoned, -ESTALE);
+
+        /* alignment and size of the trivial types (except bool) is
+         * identical for gvariant and dbus1 marshalling */
+        align = bus_type_get_alignment(type);
+        sz = bus_type_get_size(type);
+
+        assert_se(align > 0);
+        assert_se(sz > 0);
+
+        if (size % sz != 0)
+                return -EINVAL;
+
+        r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
+        if (r < 0)
+                return r;
+
+        a = message_extend_body(m, align, size, false, false);
+        if (!a)
+                return -ENOMEM;
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return r;
+
+        *ptr = a;
+        return 0;
+}
+
+_public_ int sd_bus_message_append_array(
+                sd_bus_message *m,
+                char type,
+                const void *ptr,
+                size_t size) {
+        int r;
+        void *p;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(bus_type_is_trivial(type), -EINVAL);
+        assert_return(ptr || size == 0, -EINVAL);
+        assert_return(!m->poisoned, -ESTALE);
+
+        r = sd_bus_message_append_array_space(m, type, size, &p);
+        if (r < 0)
+                return r;
+
+        memcpy_safe(p, ptr, size);
+
+        return 0;
+}
+
+_public_ int sd_bus_message_append_array_iovec(
+                sd_bus_message *m,
+                char type,
+                const struct iovec *iov,
+                unsigned n) {
+
+        size_t size;
+        unsigned i;
+        void *p;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(bus_type_is_trivial(type), -EINVAL);
+        assert_return(iov || n == 0, -EINVAL);
+        assert_return(!m->poisoned, -ESTALE);
+
+        size = IOVEC_TOTAL_SIZE(iov, n);
+
+        r = sd_bus_message_append_array_space(m, type, size, &p);
+        if (r < 0)
+                return r;
+
+        for (i = 0; i < n; i++) {
+
+                if (iov[i].iov_base)
+                        memcpy(p, iov[i].iov_base, iov[i].iov_len);
+                else
+                        memzero(p, iov[i].iov_len);
+
+                p = (uint8_t*) p + iov[i].iov_len;
+        }
+
+        return 0;
+}
+
+_public_ int sd_bus_message_append_array_memfd(
+                sd_bus_message *m,
+                char type,
+                int memfd,
+                uint64_t offset,
+                uint64_t size) {
+
+        _cleanup_close_ int copy_fd = -1;
+        struct bus_body_part *part;
+        ssize_t align, sz;
+        uint64_t real_size;
+        void *a;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(memfd >= 0, -EBADF);
+        assert_return(bus_type_is_trivial(type), -EINVAL);
+        assert_return(size > 0, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(!m->poisoned, -ESTALE);
+
+        r = memfd_set_sealed(memfd);
+        if (r < 0)
+                return r;
+
+        copy_fd = dup(memfd);
+        if (copy_fd < 0)
+                return copy_fd;
+
+        r = memfd_get_size(memfd, &real_size);
+        if (r < 0)
+                return r;
+
+        if (offset == 0 && size == (uint64_t) -1)
+                size = real_size;
+        else if (offset + size > real_size)
+                return -EMSGSIZE;
+
+        align = bus_type_get_alignment(type);
+        sz = bus_type_get_size(type);
+
+        assert_se(align > 0);
+        assert_se(sz > 0);
+
+        if (offset % align != 0)
+                return -EINVAL;
+
+        if (size % sz != 0)
+                return -EINVAL;
+
+        if (size > (uint64_t) (uint32_t) -1)
+                return -EINVAL;
+
+        r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
+        if (r < 0)
+                return r;
+
+        a = message_extend_body(m, align, 0, false, false);
+        if (!a)
+                return -ENOMEM;
+
+        part = message_append_part(m);
+        if (!part)
+                return -ENOMEM;
+
+        part->memfd = copy_fd;
+        part->memfd_offset = offset;
+        part->sealed = true;
+        part->size = size;
+        copy_fd = -1;
+
+        m->body_size += size;
+        message_extend_containers(m, size);
+
+        return sd_bus_message_close_container(m);
+}
+
+_public_ int sd_bus_message_append_string_memfd(
+                sd_bus_message *m,
+                int memfd,
+                uint64_t offset,
+                uint64_t size) {
+
+        _cleanup_close_ int copy_fd = -1;
+        struct bus_body_part *part;
+        struct bus_container *c;
+        uint64_t real_size;
+        void *a;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(memfd >= 0, -EBADF);
+        assert_return(size > 0, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(!m->poisoned, -ESTALE);
+
+        r = memfd_set_sealed(memfd);
+        if (r < 0)
+                return r;
+
+        copy_fd = dup(memfd);
+        if (copy_fd < 0)
+                return copy_fd;
+
+        r = memfd_get_size(memfd, &real_size);
+        if (r < 0)
+                return r;
+
+        if (offset == 0 && size == (uint64_t) -1)
+                size = real_size;
+        else if (offset + size > real_size)
+                return -EMSGSIZE;
+
+        /* We require this to be NUL terminated */
+        if (size == 0)
+                return -EINVAL;
+
+        if (size > (uint64_t) (uint32_t) -1)
+                return -EINVAL;
+
+        c = message_get_container(m);
+        if (c->signature && c->signature[c->index]) {
+                /* Container signature is already set */
+
+                if (c->signature[c->index] != SD_BUS_TYPE_STRING)
+                        return -ENXIO;
+        } else {
+                char *e;
+
+                /* Maybe we can append to the signature? But only if this is the top-level container */
+                if (c->enclosing != 0)
+                        return -ENXIO;
+
+                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRING), NULL);
+                if (!e) {
+                        m->poisoned = true;
+                        return -ENOMEM;
+                }
+        }
+
+        if (!BUS_MESSAGE_IS_GVARIANT(m)) {
+                a = message_extend_body(m, 4, 4, false, false);
+                if (!a)
+                        return -ENOMEM;
+
+                *(uint32_t*) a = size - 1;
+        }
+
+        part = message_append_part(m);
+        if (!part)
+                return -ENOMEM;
+
+        part->memfd = copy_fd;
+        part->memfd_offset = offset;
+        part->sealed = true;
+        part->size = size;
+        copy_fd = -1;
+
+        m->body_size += size;
+        message_extend_containers(m, size);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                r = message_add_offset(m, m->body_size);
+                if (r < 0) {
+                        m->poisoned = true;
+                        return -ENOMEM;
+                }
+        }
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index++;
+
+        return 0;
+}
+
+_public_ int sd_bus_message_append_strv(sd_bus_message *m, char **l) {
+        char **i;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(!m->poisoned, -ESTALE);
+
+        r = sd_bus_message_open_container(m, 'a', "s");
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH(i, l) {
+                r = sd_bus_message_append_basic(m, 's', *i);
+                if (r < 0)
+                        return r;
+        }
+
+        return sd_bus_message_close_container(m);
+}
+
+static int bus_message_close_header(sd_bus_message *m) {
+
+        assert(m);
+
+        /* The actual user data is finished now, we just complete the
+           variant and struct now (at least on gvariant). Remember
+           this position, so that during parsing we know where to to
+           put the outer container end. */
+        m->user_body_size = m->body_size;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                const char *signature;
+                size_t sz, l;
+                void *d;
+
+                /* Add offset table to end of fields array */
+                if (m->n_header_offsets >= 1) {
+                        uint8_t *a;
+                        unsigned i;
+
+                        assert(m->fields_size == m->header_offsets[m->n_header_offsets-1]);
+
+                        sz = bus_gvariant_determine_word_size(m->fields_size, m->n_header_offsets);
+                        a = message_extend_fields(m, 1, sz * m->n_header_offsets, false);
+                        if (!a)
+                                return -ENOMEM;
+
+                        for (i = 0; i < m->n_header_offsets; i++)
+                                bus_gvariant_write_word_le(a + sz*i, sz, m->header_offsets[i]);
+                }
+
+                /* Add gvariant NUL byte plus signature to the end of
+                 * the body, followed by the final offset pointing to
+                 * the end of the fields array */
+
+                signature = strempty(m->root_container.signature);
+                l = strlen(signature);
+
+                sz = bus_gvariant_determine_word_size(sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size + 1 + l + 2, 1);
+                d = message_extend_body(m, 1, 1 + l + 2 + sz, false, true);
+                if (!d)
+                        return -ENOMEM;
+
+                *(uint8_t*) d = 0;
+                *((uint8_t*) d + 1) = SD_BUS_TYPE_STRUCT_BEGIN;
+                memcpy((uint8_t*) d + 2, signature, l);
+                *((uint8_t*) d + 1 + l + 1) = SD_BUS_TYPE_STRUCT_END;
+
+                bus_gvariant_write_word_le((uint8_t*) d + 1 + l + 2, sz, sizeof(struct bus_header) + m->fields_size);
+
+                m->footer = d;
+                m->footer_accessible = 1 + l + 2 + sz;
+        } else {
+                m->header->dbus1.fields_size = m->fields_size;
+                m->header->dbus1.body_size = m->body_size;
+        }
+
+        return 0;
+}
+
+int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) {
+        struct bus_body_part *part;
+        size_t a;
+        unsigned i;
+        int r;
+
+        assert(m);
+
+        if (m->sealed)
+                return -EPERM;
+
+        if (m->n_containers > 0)
+                return -EBADMSG;
+
+        if (m->poisoned)
+                return -ESTALE;
+
+        if (cookie > 0xffffffffULL &&
+            !BUS_MESSAGE_IS_GVARIANT(m))
+                return -EOPNOTSUPP;
+
+        /* In vtables the return signature of method calls is listed,
+         * let's check if they match if this is a response */
+        if (m->header->type == SD_BUS_MESSAGE_METHOD_RETURN &&
+            m->enforced_reply_signature &&
+            !streq(strempty(m->root_container.signature), m->enforced_reply_signature))
+                return -ENOMSG;
+
+        /* If gvariant marshalling is used we need to close the body structure */
+        r = bus_message_close_struct(m, &m->root_container, false);
+        if (r < 0)
+                return r;
+
+        /* If there's a non-trivial signature set, then add it in
+         * here, but only on dbus1 */
+        if (!isempty(m->root_container.signature) && !BUS_MESSAGE_IS_GVARIANT(m)) {
+                r = message_append_field_signature(m, BUS_MESSAGE_HEADER_SIGNATURE, m->root_container.signature, NULL);
+                if (r < 0)
+                        return r;
+        }
+
+        if (m->n_fds > 0) {
+                r = message_append_field_uint32(m, BUS_MESSAGE_HEADER_UNIX_FDS, m->n_fds);
+                if (r < 0)
+                        return r;
+        }
+
+        r = bus_message_close_header(m);
+        if (r < 0)
+                return r;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m))
+                m->header->dbus2.cookie = cookie;
+        else
+                m->header->dbus1.serial = (uint32_t) cookie;
+
+        m->timeout = m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED ? 0 : timeout;
+
+        /* Add padding at the end of the fields part, since we know
+         * the body needs to start at an 8 byte alignment. We made
+         * sure we allocated enough space for this, so all we need to
+         * do here is to zero it out. */
+        a = ALIGN8(m->fields_size) - m->fields_size;
+        if (a > 0)
+                memzero((uint8_t*) BUS_MESSAGE_FIELDS(m) + m->fields_size, a);
+
+        /* If this is something we can send as memfd, then let's seal
+        the memfd now. Note that we can send memfds as payload only
+        for directed messages, and not for broadcasts. */
+        if (m->destination && m->bus->use_memfd) {
+                MESSAGE_FOREACH_PART(part, i, m)
+                        if (part->memfd >= 0 &&
+                            !part->sealed &&
+                            (part->size > MEMFD_MIN_SIZE || m->bus->use_memfd < 0) &&
+                            part != m->body_end) { /* The last part may never be sent as memfd */
+                                uint64_t sz;
+
+                                /* Try to seal it if that makes
+                                 * sense. First, unmap our own map to
+                                 * make sure we don't keep it busy. */
+                                bus_body_part_unmap(part);
+
+                                /* Then, sync up real memfd size */
+                                sz = part->size;
+                                r = memfd_set_size(part->memfd, sz);
+                                if (r < 0)
+                                        return r;
+
+                                /* Finally, try to seal */
+                                if (memfd_set_sealed(part->memfd) >= 0)
+                                        part->sealed = true;
+                        }
+        }
+
+        m->root_container.end = m->user_body_size;
+        m->root_container.index = 0;
+        m->root_container.offset_index = 0;
+        m->root_container.item_size = m->root_container.n_offsets > 0 ? m->root_container.offsets[0] : 0;
+
+        m->sealed = true;
+
+        return 0;
+}
+
+int bus_body_part_map(struct bus_body_part *part) {
+        void *p;
+        size_t psz, shift;
+
+        assert_se(part);
+
+        if (part->data)
+                return 0;
+
+        if (part->size <= 0)
+                return 0;
+
+        /* For smaller zero parts (as used for padding) we don't need to map anything... */
+        if (part->memfd < 0 && part->is_zero && part->size < 8) {
+                static const uint8_t zeroes[7] = { };
+                part->data = (void*) zeroes;
+                return 0;
+        }
+
+        shift = part->memfd_offset - ((part->memfd_offset / page_size()) * page_size());
+        psz = PAGE_ALIGN(part->size + shift);
+
+        if (part->memfd >= 0)
+                p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE, part->memfd, part->memfd_offset - shift);
+        else if (part->is_zero)
+                p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+        else
+                return -EINVAL;
+
+        if (p == MAP_FAILED)
+                return -errno;
+
+        part->mapped = psz;
+        part->mmap_begin = p;
+        part->data = (uint8_t*) p + shift;
+        part->munmap_this = true;
+
+        return 0;
+}
+
+void bus_body_part_unmap(struct bus_body_part *part) {
+
+        assert_se(part);
+
+        if (part->memfd < 0)
+                return;
+
+        if (!part->mmap_begin)
+                return;
+
+        if (!part->munmap_this)
+                return;
+
+        assert_se(munmap(part->mmap_begin, part->mapped) == 0);
+
+        part->mmap_begin = NULL;
+        part->data = NULL;
+        part->mapped = 0;
+        part->munmap_this = false;
+
+        return;
+}
+
+static int buffer_peek(const void *p, uint32_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) {
+        size_t k, start, end;
+
+        assert(rindex);
+        assert(align > 0);
+
+        start = ALIGN_TO((size_t) *rindex, align);
+        end = start + nbytes;
+
+        if (end > sz)
+                return -EBADMSG;
+
+        /* Verify that padding is 0 */
+        for (k = *rindex; k < start; k++)
+                if (((const uint8_t*) p)[k] != 0)
+                        return -EBADMSG;
+
+        if (r)
+                *r = (uint8_t*) p + start;
+
+        *rindex = end;
+
+        return 1;
+}
+
+static bool message_end_of_signature(sd_bus_message *m) {
+        struct bus_container *c;
+
+        assert(m);
+
+        c = message_get_container(m);
+        return !c->signature || c->signature[c->index] == 0;
+}
+
+static bool message_end_of_array(sd_bus_message *m, size_t index) {
+        struct bus_container *c;
+
+        assert(m);
+
+        c = message_get_container(m);
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                return false;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m))
+                return index >= c->end;
+        else {
+                assert(c->array_size);
+                return index >= c->begin + BUS_MESSAGE_BSWAP32(m, *c->array_size);
+        }
+}
+
+_public_ int sd_bus_message_at_end(sd_bus_message *m, int complete) {
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+
+        if (complete && m->n_containers > 0)
+                return false;
+
+        if (message_end_of_signature(m))
+                return true;
+
+        if (message_end_of_array(m, m->rindex))
+                return true;
+
+        return false;
+}
+
+static struct bus_body_part* find_part(sd_bus_message *m, size_t index, size_t sz, void **p) {
+        struct bus_body_part *part;
+        size_t begin;
+        int r;
+
+        assert(m);
+
+        if (m->cached_rindex_part && index >= m->cached_rindex_part_begin) {
+                part = m->cached_rindex_part;
+                begin = m->cached_rindex_part_begin;
+        } else {
+                part = &m->body;
+                begin = 0;
+        }
+
+        while (part) {
+                if (index < begin)
+                        return NULL;
+
+                if (index + sz <= begin + part->size) {
+
+                        r = bus_body_part_map(part);
+                        if (r < 0)
+                                return NULL;
+
+                        if (p)
+                                *p = (uint8_t*) part->data + index - begin;
+
+                        m->cached_rindex_part = part;
+                        m->cached_rindex_part_begin = begin;
+
+                        return part;
+                }
+
+                begin += part->size;
+                part = part->next;
+        }
+
+        return NULL;
+}
+
+static int container_next_item(sd_bus_message *m, struct bus_container *c, size_t *rindex) {
+        int r;
+
+        assert(m);
+        assert(c);
+        assert(rindex);
+
+        if (!BUS_MESSAGE_IS_GVARIANT(m))
+                return 0;
+
+        if (c->enclosing == SD_BUS_TYPE_ARRAY) {
+                int sz;
+
+                sz = bus_gvariant_get_size(c->signature);
+                if (sz < 0) {
+                        int alignment;
+
+                        if (c->offset_index+1 >= c->n_offsets)
+                                goto end;
+
+                        /* Variable-size array */
+
+                        alignment = bus_gvariant_get_alignment(c->signature);
+                        assert(alignment > 0);
+
+                        *rindex = ALIGN_TO(c->offsets[c->offset_index], alignment);
+                        c->item_size = c->offsets[c->offset_index+1] - *rindex;
+                } else {
+
+                        if (c->offset_index+1 >= (c->end-c->begin)/sz)
+                                goto end;
+
+                        /* Fixed-size array */
+                        *rindex = c->begin + (c->offset_index+1) * sz;
+                        c->item_size = sz;
+                }
+
+                c->offset_index++;
+
+        } else if (c->enclosing == 0 ||
+                   c->enclosing == SD_BUS_TYPE_STRUCT ||
+                   c->enclosing == SD_BUS_TYPE_DICT_ENTRY) {
+
+                int alignment;
+                size_t n, j;
+
+                if (c->offset_index+1 >= c->n_offsets)
+                        goto end;
+
+                r = signature_element_length(c->signature + c->index, &n);
+                if (r < 0)
+                        return r;
+
+                r = signature_element_length(c->signature + c->index + n, &j);
+                if (r < 0)
+                        return r;
+                else {
+                        char t[j+1];
+                        memcpy(t, c->signature + c->index + n, j);
+                        t[j] = 0;
+
+                        alignment = bus_gvariant_get_alignment(t);
+                }
+
+                assert(alignment > 0);
+
+                *rindex = ALIGN_TO(c->offsets[c->offset_index], alignment);
+                c->item_size = c->offsets[c->offset_index+1] - *rindex;
+
+                c->offset_index++;
+
+        } else if (c->enclosing == SD_BUS_TYPE_VARIANT)
+                goto end;
+        else
+                assert_not_reached("Unknown container type");
+
+        return 0;
+
+end:
+        /* Reached the end */
+        *rindex = c->end;
+        c->item_size = 0;
+        return 0;
+}
+
+
+static int message_peek_body(
+                sd_bus_message *m,
+                size_t *rindex,
+                size_t align,
+                size_t nbytes,
+                void **ret) {
+
+        size_t k, start, end, padding;
+        struct bus_body_part *part;
+        uint8_t *q;
+
+        assert(m);
+        assert(rindex);
+        assert(align > 0);
+
+        start = ALIGN_TO((size_t) *rindex, align);
+        padding = start - *rindex;
+        end = start + nbytes;
+
+        if (end > m->user_body_size)
+                return -EBADMSG;
+
+        part = find_part(m, *rindex, padding, (void**) &q);
+        if (!part)
+                return -EBADMSG;
+
+        if (q) {
+                /* Verify padding */
+                for (k = 0; k < padding; k++)
+                        if (q[k] != 0)
+                                return -EBADMSG;
+        }
+
+        part = find_part(m, start, nbytes, (void**) &q);
+        if (!part || (nbytes > 0 && !q))
+                return -EBADMSG;
+
+        *rindex = end;
+
+        if (ret)
+                *ret = q;
+
+        return 0;
+}
+
+static bool validate_nul(const char *s, size_t l) {
+
+        /* Check for NUL chars in the string */
+        if (memchr(s, 0, l))
+                return false;
+
+        /* Check for NUL termination */
+        if (s[l] != 0)
+                return false;
+
+        return true;
+}
+
+static bool validate_string(const char *s, size_t l) {
+
+        if (!validate_nul(s, l))
+                return false;
+
+        /* Check if valid UTF8 */
+        if (!utf8_is_valid(s))
+                return false;
+
+        return true;
+}
+
+static bool validate_signature(const char *s, size_t l) {
+
+        if (!validate_nul(s, l))
+                return false;
+
+        /* Check if valid signature */
+        if (!signature_is_valid(s, true))
+                return false;
+
+        return true;
+}
+
+static bool validate_object_path(const char *s, size_t l) {
+
+        if (!validate_nul(s, l))
+                return false;
+
+        if (!object_path_is_valid(s))
+                return false;
+
+        return true;
+}
+
+_public_ int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p) {
+        struct bus_container *c;
+        size_t rindex;
+        void *q;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(bus_type_is_basic(type), -EINVAL);
+
+        if (message_end_of_signature(m))
+                return -ENXIO;
+
+        if (message_end_of_array(m, m->rindex))
+                return 0;
+
+        c = message_get_container(m);
+        if (c->signature[c->index] != type)
+                return -ENXIO;
+
+        rindex = m->rindex;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+
+                if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE)) {
+                        bool ok;
+
+                        r = message_peek_body(m, &rindex, 1, c->item_size, &q);
+                        if (r < 0)
+                                return r;
+
+                        if (type == SD_BUS_TYPE_STRING)
+                                ok = validate_string(q, c->item_size-1);
+                        else if (type == SD_BUS_TYPE_OBJECT_PATH)
+                                ok = validate_object_path(q, c->item_size-1);
+                        else
+                                ok = validate_signature(q, c->item_size-1);
+
+                        if (!ok)
+                                return -EBADMSG;
+
+                        if (p)
+                                *(const char**) p = q;
+                } else {
+                        int sz, align;
+
+                        sz = bus_gvariant_get_size(CHAR_TO_STR(type));
+                        assert(sz > 0);
+                        if ((size_t) sz != c->item_size)
+                                return -EBADMSG;
+
+                        align = bus_gvariant_get_alignment(CHAR_TO_STR(type));
+                        assert(align > 0);
+
+                        r = message_peek_body(m, &rindex, align, c->item_size, &q);
+                        if (r < 0)
+                                return r;
+
+                        switch (type) {
+
+                        case SD_BUS_TYPE_BYTE:
+                                if (p)
+                                        *(uint8_t*) p = *(uint8_t*) q;
+                                break;
+
+                        case SD_BUS_TYPE_BOOLEAN:
+                                if (p)
+                                        *(int*) p = !!*(uint8_t*) q;
+                                break;
+
+                        case SD_BUS_TYPE_INT16:
+                        case SD_BUS_TYPE_UINT16:
+                                if (p)
+                                        *(uint16_t*) p = BUS_MESSAGE_BSWAP16(m, *(uint16_t*) q);
+                                break;
+
+                        case SD_BUS_TYPE_INT32:
+                        case SD_BUS_TYPE_UINT32:
+                                if (p)
+                                        *(uint32_t*) p = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
+                                break;
+
+                        case SD_BUS_TYPE_INT64:
+                        case SD_BUS_TYPE_UINT64:
+                        case SD_BUS_TYPE_DOUBLE:
+                                if (p)
+                                        *(uint64_t*) p = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q);
+                                break;
+
+                        case SD_BUS_TYPE_UNIX_FD: {
+                                uint32_t j;
+
+                                j = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
+                                if (j >= m->n_fds)
+                                        return -EBADMSG;
+
+                                if (p)
+                                        *(int*) p = m->fds[j];
+
+                                break;
+                        }
+
+                        default:
+                                assert_not_reached("unexpected type");
+                        }
+                }
+
+                r = container_next_item(m, c, &rindex);
+                if (r < 0)
+                        return r;
+        } else {
+
+                if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH)) {
+                        uint32_t l;
+                        bool ok;
+
+                        r = message_peek_body(m, &rindex, 4, 4, &q);
+                        if (r < 0)
+                                return r;
+
+                        l = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
+                        r = message_peek_body(m, &rindex, 1, l+1, &q);
+                        if (r < 0)
+                                return r;
+
+                        if (type == SD_BUS_TYPE_OBJECT_PATH)
+                                ok = validate_object_path(q, l);
+                        else
+                                ok = validate_string(q, l);
+                        if (!ok)
+                                return -EBADMSG;
+
+                        if (p)
+                                *(const char**) p = q;
+
+                } else if (type == SD_BUS_TYPE_SIGNATURE) {
+                        uint8_t l;
+
+                        r = message_peek_body(m, &rindex, 1, 1, &q);
+                        if (r < 0)
+                                return r;
+
+                        l = *(uint8_t*) q;
+                        r = message_peek_body(m, &rindex, 1, l+1, &q);
+                        if (r < 0)
+                                return r;
+
+                        if (!validate_signature(q, l))
+                                return -EBADMSG;
+
+                        if (p)
+                                *(const char**) p = q;
+
+                } else {
+                        ssize_t sz, align;
+
+                        align = bus_type_get_alignment(type);
+                        assert(align > 0);
+
+                        sz = bus_type_get_size(type);
+                        assert(sz > 0);
+
+                        r = message_peek_body(m, &rindex, align, sz, &q);
+                        if (r < 0)
+                                return r;
+
+                        switch (type) {
+
+                        case SD_BUS_TYPE_BYTE:
+                                if (p)
+                                        *(uint8_t*) p = *(uint8_t*) q;
+                                break;
+
+                        case SD_BUS_TYPE_BOOLEAN:
+                                if (p)
+                                        *(int*) p = !!*(uint32_t*) q;
+                                break;
+
+                        case SD_BUS_TYPE_INT16:
+                        case SD_BUS_TYPE_UINT16:
+                                if (p)
+                                        *(uint16_t*) p = BUS_MESSAGE_BSWAP16(m, *(uint16_t*) q);
+                                break;
+
+                        case SD_BUS_TYPE_INT32:
+                        case SD_BUS_TYPE_UINT32:
+                                if (p)
+                                        *(uint32_t*) p = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
+                                break;
+
+                        case SD_BUS_TYPE_INT64:
+                        case SD_BUS_TYPE_UINT64:
+                        case SD_BUS_TYPE_DOUBLE:
+                                if (p)
+                                        *(uint64_t*) p = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q);
+                                break;
+
+                        case SD_BUS_TYPE_UNIX_FD: {
+                                uint32_t j;
+
+                                j = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
+                                if (j >= m->n_fds)
+                                        return -EBADMSG;
+
+                                if (p)
+                                        *(int*) p = m->fds[j];
+                                break;
+                        }
+
+                        default:
+                                assert_not_reached("Unknown basic type...");
+                        }
+                }
+        }
+
+        m->rindex = rindex;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index++;
+
+        return 1;
+}
+
+static int bus_message_enter_array(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                uint32_t **array_size,
+                size_t *item_size,
+                size_t **offsets,
+                size_t *n_offsets) {
+
+        size_t rindex;
+        void *q;
+        int r, alignment;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+        assert(array_size);
+        assert(item_size);
+        assert(offsets);
+        assert(n_offsets);
+
+        if (!signature_is_single(contents, true))
+                return -EINVAL;
+
+        if (!c->signature || c->signature[c->index] == 0)
+                return -ENXIO;
+
+        if (c->signature[c->index] != SD_BUS_TYPE_ARRAY)
+                return -ENXIO;
+
+        if (!startswith(c->signature + c->index + 1, contents))
+                return -ENXIO;
+
+        rindex = m->rindex;
+
+        if (!BUS_MESSAGE_IS_GVARIANT(m)) {
+                /* dbus1 */
+
+                r = message_peek_body(m, &rindex, 4, 4, &q);
+                if (r < 0)
+                        return r;
+
+                if (BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q) > BUS_ARRAY_MAX_SIZE)
+                        return -EBADMSG;
+
+                alignment = bus_type_get_alignment(contents[0]);
+                if (alignment < 0)
+                        return alignment;
+
+                r = message_peek_body(m, &rindex, alignment, 0, NULL);
+                if (r < 0)
+                        return r;
+
+                *array_size = (uint32_t*) q;
+
+        } else if (c->item_size <= 0) {
+
+                /* gvariant: empty array */
+                *item_size = 0;
+                *offsets = NULL;
+                *n_offsets = 0;
+
+        } else if (bus_gvariant_is_fixed_size(contents)) {
+
+                /* gvariant: fixed length array */
+                *item_size = bus_gvariant_get_size(contents);
+                *offsets = NULL;
+                *n_offsets = 0;
+
+        } else {
+                size_t where, p = 0, framing, sz;
+                unsigned i;
+
+                /* gvariant: variable length array */
+                sz = bus_gvariant_determine_word_size(c->item_size, 0);
+
+                where = rindex + c->item_size - sz;
+                r = message_peek_body(m, &where, 1, sz, &q);
+                if (r < 0)
+                        return r;
+
+                framing = bus_gvariant_read_word_le(q, sz);
+                if (framing > c->item_size - sz)
+                        return -EBADMSG;
+                if ((c->item_size - framing) % sz != 0)
+                        return -EBADMSG;
+
+                *n_offsets = (c->item_size - framing) / sz;
+
+                where = rindex + framing;
+                r = message_peek_body(m, &where, 1, *n_offsets * sz, &q);
+                if (r < 0)
+                        return r;
+
+                *offsets = new(size_t, *n_offsets);
+                if (!*offsets)
+                        return -ENOMEM;
+
+                for (i = 0; i < *n_offsets; i++) {
+                        size_t x;
+
+                        x = bus_gvariant_read_word_le((uint8_t*) q + i * sz, sz);
+                        if (x > c->item_size - sz)
+                                return -EBADMSG;
+                        if (x < p)
+                                return -EBADMSG;
+
+                        (*offsets)[i] = rindex + x;
+                        p = x;
+                }
+
+                *item_size = (*offsets)[0] - rindex;
+        }
+
+        m->rindex = rindex;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index += 1 + strlen(contents);
+
+        return 1;
+}
+
+static int bus_message_enter_variant(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                size_t *item_size) {
+
+        size_t rindex;
+        uint8_t l;
+        void *q;
+        int r;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+        assert(item_size);
+
+        if (!signature_is_single(contents, false))
+                return -EINVAL;
+
+        if (*contents == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
+                return -EINVAL;
+
+        if (!c->signature || c->signature[c->index] == 0)
+                return -ENXIO;
+
+        if (c->signature[c->index] != SD_BUS_TYPE_VARIANT)
+                return -ENXIO;
+
+        rindex = m->rindex;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                size_t k, where;
+
+                k = strlen(contents);
+                if (1+k > c->item_size)
+                        return -EBADMSG;
+
+                where = rindex + c->item_size - (1+k);
+                r = message_peek_body(m, &where, 1, 1+k, &q);
+                if (r < 0)
+                        return r;
+
+                if (*(char*) q != 0)
+                        return -EBADMSG;
+
+                if (memcmp((uint8_t*) q+1, contents, k))
+                        return -ENXIO;
+
+                *item_size = c->item_size - (1+k);
+
+        } else {
+                r = message_peek_body(m, &rindex, 1, 1, &q);
+                if (r < 0)
+                        return r;
+
+                l = *(uint8_t*) q;
+                r = message_peek_body(m, &rindex, 1, l+1, &q);
+                if (r < 0)
+                        return r;
+
+                if (!validate_signature(q, l))
+                        return -EBADMSG;
+
+                if (!streq(q, contents))
+                        return -ENXIO;
+        }
+
+        m->rindex = rindex;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index++;
+
+        return 1;
+}
+
+static int build_struct_offsets(
+                sd_bus_message *m,
+                const char *signature,
+                size_t size,
+                size_t *item_size,
+                size_t **offsets,
+                size_t *n_offsets) {
+
+        unsigned n_variable = 0, n_total = 0, v;
+        size_t previous = 0, where;
+        const char *p;
+        size_t sz;
+        void *q;
+        int r;
+
+        assert(m);
+        assert(item_size);
+        assert(offsets);
+        assert(n_offsets);
+
+        if (isempty(signature)) {
+                /* Unary type is encoded as *fixed* 1 byte padding */
+                r = message_peek_body(m, &m->rindex, 1, 1, &q);
+                if (r < 0)
+                        return r;
+
+                if (*(uint8_t *) q != 0)
+                        return -EBADMSG;
+
+                *item_size = 0;
+                *offsets = NULL;
+                *n_offsets = 0;
+                return 0;
+        }
+
+        sz = bus_gvariant_determine_word_size(size, 0);
+        if (sz <= 0)
+                return -EBADMSG;
+
+        /* First, loop over signature and count variable elements and
+         * elements in general. We use this to know how large the
+         * offset array is at the end of the structure. Note that
+         * GVariant only stores offsets for all variable size elements
+         * that are not the last item. */
+
+        p = signature;
+        while (*p != 0) {
+                size_t n;
+
+                r = signature_element_length(p, &n);
+                if (r < 0)
+                        return r;
+                else {
+                        char t[n+1];
+
+                        memcpy(t, p, n);
+                        t[n] = 0;
+
+                        r = bus_gvariant_is_fixed_size(t);
+                }
+
+                if (r < 0)
+                        return r;
+                if (r == 0 && p[n] != 0) /* except the last item */
+                        n_variable++;
+                n_total++;
+
+                p += n;
+        }
+
+        if (size < n_variable * sz)
+                return -EBADMSG;
+
+        where = m->rindex + size - (n_variable * sz);
+        r = message_peek_body(m, &where, 1, n_variable * sz, &q);
+        if (r < 0)
+                return r;
+
+        v = n_variable;
+
+        *offsets = new(size_t, n_total);
+        if (!*offsets)
+                return -ENOMEM;
+
+        *n_offsets = 0;
+
+        /* Second, loop again and build an offset table */
+        p = signature;
+        while (*p != 0) {
+                size_t n, offset;
+                int k;
+
+                r = signature_element_length(p, &n);
+                if (r < 0)
+                        return r;
+                else {
+                        char t[n+1];
+
+                        memcpy(t, p, n);
+                        t[n] = 0;
+
+                        k = bus_gvariant_get_size(t);
+                        if (k < 0) {
+                                size_t x;
+
+                                /* variable size */
+                                if (v > 0) {
+                                        v--;
+
+                                        x = bus_gvariant_read_word_le((uint8_t*) q + v*sz, sz);
+                                        if (x >= size)
+                                                return -EBADMSG;
+                                        if (m->rindex + x < previous)
+                                                return -EBADMSG;
+                                } else
+                                        /* The last item's end
+                                         * is determined from
+                                         * the start of the
+                                         * offset array */
+                                        x = size - (n_variable * sz);
+
+                                offset = m->rindex + x;
+
+                        } else {
+                                size_t align;
+
+                                /* fixed size */
+                                align = bus_gvariant_get_alignment(t);
+                                assert(align > 0);
+
+                                offset = (*n_offsets == 0 ? m->rindex  : ALIGN_TO((*offsets)[*n_offsets-1], align)) + k;
+                        }
+                }
+
+                previous = (*offsets)[(*n_offsets)++] = offset;
+                p += n;
+        }
+
+        assert(v == 0);
+        assert(*n_offsets == n_total);
+
+        *item_size = (*offsets)[0] - m->rindex;
+        return 0;
+}
+
+static int enter_struct_or_dict_entry(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                size_t *item_size,
+                size_t **offsets,
+                size_t *n_offsets) {
+
+        int r;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+        assert(item_size);
+        assert(offsets);
+        assert(n_offsets);
+
+        if (!BUS_MESSAGE_IS_GVARIANT(m)) {
+
+                /* dbus1 */
+                r = message_peek_body(m, &m->rindex, 8, 0, NULL);
+                if (r < 0)
+                        return r;
+
+        } else
+                /* gvariant with contents */
+                return build_struct_offsets(m, contents, c->item_size, item_size, offsets, n_offsets);
+
+        return 0;
+}
+
+static int bus_message_enter_struct(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                size_t *item_size,
+                size_t **offsets,
+                size_t *n_offsets) {
+
+        size_t l;
+        int r;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+        assert(item_size);
+        assert(offsets);
+        assert(n_offsets);
+
+        if (!signature_is_valid(contents, false))
+                return -EINVAL;
+
+        if (!c->signature || c->signature[c->index] == 0)
+                return -ENXIO;
+
+        l = strlen(contents);
+
+        if (c->signature[c->index] != SD_BUS_TYPE_STRUCT_BEGIN ||
+            !startswith(c->signature + c->index + 1, contents) ||
+            c->signature[c->index + 1 + l] != SD_BUS_TYPE_STRUCT_END)
+                return -ENXIO;
+
+        r = enter_struct_or_dict_entry(m, c, contents, item_size, offsets, n_offsets);
+        if (r < 0)
+                return r;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index += 1 + l + 1;
+
+        return 1;
+}
+
+static int bus_message_enter_dict_entry(
+                sd_bus_message *m,
+                struct bus_container *c,
+                const char *contents,
+                size_t *item_size,
+                size_t **offsets,
+                size_t *n_offsets) {
+
+        size_t l;
+        int r;
+
+        assert(m);
+        assert(c);
+        assert(contents);
+
+        if (!signature_is_pair(contents))
+                return -EINVAL;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                return -ENXIO;
+
+        if (!c->signature || c->signature[c->index] == 0)
+                return 0;
+
+        l = strlen(contents);
+
+        if (c->signature[c->index] != SD_BUS_TYPE_DICT_ENTRY_BEGIN ||
+            !startswith(c->signature + c->index + 1, contents) ||
+            c->signature[c->index + 1 + l] != SD_BUS_TYPE_DICT_ENTRY_END)
+                return -ENXIO;
+
+        r = enter_struct_or_dict_entry(m, c, contents, item_size, offsets, n_offsets);
+        if (r < 0)
+                return r;
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY)
+                c->index += 1 + l + 1;
+
+        return 1;
+}
+
+_public_ int sd_bus_message_enter_container(sd_bus_message *m,
+                                            char type,
+                                            const char *contents) {
+        struct bus_container *c, *w;
+        uint32_t *array_size = NULL;
+        char *signature;
+        size_t before;
+        size_t *offsets = NULL;
+        size_t n_offsets = 0, item_size = 0;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(type != 0 || !contents, -EINVAL);
+
+        if (type == 0 || !contents) {
+                const char *cc;
+                char tt;
+
+                /* Allow entering into anonymous containers */
+                r = sd_bus_message_peek_type(m, &tt, &cc);
+                if (r < 0)
+                        return r;
+
+                if (type != 0 && type != tt)
+                        return -ENXIO;
+
+                if (contents && !streq(contents, cc))
+                        return -ENXIO;
+
+                type = tt;
+                contents = cc;
+        }
+
+        /*
+         * We enforce a global limit on container depth, that is much
+         * higher than the 32 structs and 32 arrays the specification
+         * mandates. This is simpler to implement for us, and we need
+         * this only to ensure our container array doesn't grow
+         * without bounds. We are happy to return any data from a
+         * message as long as the data itself is valid, even if the
+         * overall message might be not.
+         *
+         * Note that the message signature is validated when
+         * parsing the headers, and that validation does check the
+         * 32/32 limit.
+         *
+         * Note that the specification defines no limits on the depth
+         * of stacked variants, but we do.
+         */
+        if (m->n_containers >= BUS_CONTAINER_DEPTH)
+                return -EBADMSG;
+
+        if (!GREEDY_REALLOC(m->containers, m->containers_allocated, m->n_containers + 1))
+                return -ENOMEM;
+
+        if (message_end_of_signature(m))
+                return -ENXIO;
+
+        if (message_end_of_array(m, m->rindex))
+                return 0;
+
+        c = message_get_container(m);
+
+        signature = strdup(contents);
+        if (!signature)
+                return -ENOMEM;
+
+        c->saved_index = c->index;
+        before = m->rindex;
+
+        if (type == SD_BUS_TYPE_ARRAY)
+                r = bus_message_enter_array(m, c, contents, &array_size, &item_size, &offsets, &n_offsets);
+        else if (type == SD_BUS_TYPE_VARIANT)
+                r = bus_message_enter_variant(m, c, contents, &item_size);
+        else if (type == SD_BUS_TYPE_STRUCT)
+                r = bus_message_enter_struct(m, c, contents, &item_size, &offsets, &n_offsets);
+        else if (type == SD_BUS_TYPE_DICT_ENTRY)
+                r = bus_message_enter_dict_entry(m, c, contents, &item_size, &offsets, &n_offsets);
+        else
+                r = -EINVAL;
+
+        if (r <= 0) {
+                free(signature);
+                free(offsets);
+                return r;
+        }
+
+        /* OK, let's fill it in */
+        w = m->containers + m->n_containers++;
+        w->enclosing = type;
+        w->signature = signature;
+        w->peeked_signature = NULL;
+        w->index = 0;
+
+        w->before = before;
+        w->begin = m->rindex;
+
+        /* Unary type has fixed size of 1, but virtual size of 0 */
+        if (BUS_MESSAGE_IS_GVARIANT(m) &&
+            type == SD_BUS_TYPE_STRUCT &&
+            isempty(signature))
+                w->end = m->rindex + 0;
+        else
+                w->end = m->rindex + c->item_size;
+
+        w->array_size = array_size;
+        w->item_size = item_size;
+        w->offsets = offsets;
+        w->n_offsets = n_offsets;
+        w->offset_index = 0;
+
+        return 1;
+}
+
+_public_ int sd_bus_message_exit_container(sd_bus_message *m) {
+        struct bus_container *c;
+        unsigned saved;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(m->n_containers > 0, -ENXIO);
+
+        c = message_get_container(m);
+
+        if (c->enclosing != SD_BUS_TYPE_ARRAY) {
+                if (c->signature && c->signature[c->index] != 0)
+                        return -EBUSY;
+        }
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                if (m->rindex < c->end)
+                        return -EBUSY;
+
+        } else if (c->enclosing == SD_BUS_TYPE_ARRAY) {
+                uint32_t l;
+
+                l = BUS_MESSAGE_BSWAP32(m, *c->array_size);
+                if (c->begin + l != m->rindex)
+                        return -EBUSY;
+        }
+
+        free(c->signature);
+        free(c->peeked_signature);
+        free(c->offsets);
+        m->n_containers--;
+
+        c = message_get_container(m);
+
+        saved = c->index;
+        c->index = c->saved_index;
+        r = container_next_item(m, c, &m->rindex);
+        c->index = saved;
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static void message_quit_container(sd_bus_message *m) {
+        struct bus_container *c;
+
+        assert(m);
+        assert(m->sealed);
+        assert(m->n_containers > 0);
+
+        c = message_get_container(m);
+
+        /* Undo seeks */
+        assert(m->rindex >= c->before);
+        m->rindex = c->before;
+
+        /* Free container */
+        free(c->signature);
+        free(c->offsets);
+        m->n_containers--;
+
+        /* Correct index of new top-level container */
+        c = message_get_container(m);
+        c->index = c->saved_index;
+}
+
+_public_ int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char **contents) {
+        struct bus_container *c;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+
+        if (message_end_of_signature(m))
+                goto eof;
+
+        if (message_end_of_array(m, m->rindex))
+                goto eof;
+
+        c = message_get_container(m);
+
+        if (bus_type_is_basic(c->signature[c->index])) {
+                if (contents)
+                        *contents = NULL;
+                if (type)
+                        *type = c->signature[c->index];
+                return 1;
+        }
+
+        if (c->signature[c->index] == SD_BUS_TYPE_ARRAY) {
+
+                if (contents) {
+                        size_t l;
+                        char *sig;
+
+                        r = signature_element_length(c->signature+c->index+1, &l);
+                        if (r < 0)
+                                return r;
+
+                        assert(l >= 1);
+
+                        sig = strndup(c->signature + c->index + 1, l);
+                        if (!sig)
+                                return -ENOMEM;
+
+                        free(c->peeked_signature);
+                        *contents = c->peeked_signature = sig;
+                }
+
+                if (type)
+                        *type = SD_BUS_TYPE_ARRAY;
+
+                return 1;
+        }
+
+        if (c->signature[c->index] == SD_BUS_TYPE_STRUCT_BEGIN ||
+            c->signature[c->index] == SD_BUS_TYPE_DICT_ENTRY_BEGIN) {
+
+                if (contents) {
+                        size_t l;
+                        char *sig;
+
+                        r = signature_element_length(c->signature+c->index, &l);
+                        if (r < 0)
+                                return r;
+
+                        assert(l >= 2);
+                        sig = strndup(c->signature + c->index + 1, l - 2);
+                        if (!sig)
+                                return -ENOMEM;
+
+                        free(c->peeked_signature);
+                        *contents = c->peeked_signature = sig;
+                }
+
+                if (type)
+                        *type = c->signature[c->index] == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY;
+
+                return 1;
+        }
+
+        if (c->signature[c->index] == SD_BUS_TYPE_VARIANT) {
+                if (contents) {
+                        void *q;
+
+                        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                                size_t k;
+
+                                if (c->item_size < 2)
+                                        return -EBADMSG;
+
+                                /* Look for the NUL delimiter that
+                                   separates the payload from the
+                                   signature. Since the body might be
+                                   in a different part that then the
+                                   signature we map byte by byte. */
+
+                                for (k = 2; k <= c->item_size; k++) {
+                                        size_t where;
+
+                                        where = m->rindex + c->item_size - k;
+                                        r = message_peek_body(m, &where, 1, k, &q);
+                                        if (r < 0)
+                                                return r;
+
+                                        if (*(char*) q == 0)
+                                                break;
+                                }
+
+                                if (k > c->item_size)
+                                        return -EBADMSG;
+
+                                free(c->peeked_signature);
+                                c->peeked_signature = strndup((char*) q + 1, k - 1);
+                                if (!c->peeked_signature)
+                                        return -ENOMEM;
+
+                                if (!signature_is_valid(c->peeked_signature, true))
+                                        return -EBADMSG;
+
+                                *contents = c->peeked_signature;
+                        } else {
+                                size_t rindex, l;
+
+                                rindex = m->rindex;
+                                r = message_peek_body(m, &rindex, 1, 1, &q);
+                                if (r < 0)
+                                        return r;
+
+                                l = *(uint8_t*) q;
+                                r = message_peek_body(m, &rindex, 1, l+1, &q);
+                                if (r < 0)
+                                        return r;
+
+                                if (!validate_signature(q, l))
+                                        return -EBADMSG;
+
+                                *contents = q;
+                        }
+                }
+
+                if (type)
+                        *type = SD_BUS_TYPE_VARIANT;
+
+                return 1;
+        }
+
+        return -EINVAL;
+
+eof:
+        if (type)
+                *type = 0;
+        if (contents)
+                *contents = NULL;
+        return 0;
+}
+
+_public_ int sd_bus_message_rewind(sd_bus_message *m, int complete) {
+        struct bus_container *c;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+
+        if (complete) {
+                message_reset_containers(m);
+                m->rindex = 0;
+
+                c = message_get_container(m);
+        } else {
+                c = message_get_container(m);
+
+                c->offset_index = 0;
+                c->index = 0;
+                m->rindex = c->begin;
+        }
+
+        c->offset_index = 0;
+        c->item_size = (c->n_offsets > 0 ? c->offsets[0] : c->end) - c->begin;
+
+        return !isempty(c->signature);
+}
+
+static int message_read_ap(
+                sd_bus_message *m,
+                const char *types,
+                va_list ap) {
+
+        unsigned n_array, n_struct;
+        TypeStack stack[BUS_CONTAINER_DEPTH];
+        unsigned stack_ptr = 0;
+        unsigned n_loop = 0;
+        int r;
+
+        assert(m);
+
+        if (isempty(types))
+                return 0;
+
+        /* Ideally, we'd just call ourselves recursively on every
+         * complex type. However, the state of a va_list that is
+         * passed to a function is undefined after that function
+         * returns. This means we need to docode the va_list linearly
+         * in a single stackframe. We hence implement our own
+         * home-grown stack in an array. */
+
+        n_array = (unsigned) -1; /* length of current array entries */
+        n_struct = strlen(types); /* length of current struct contents signature */
+
+        for (;;) {
+                const char *t;
+
+                n_loop++;
+
+                if (n_array == 0 || (n_array == (unsigned) -1 && n_struct == 0)) {
+                        r = type_stack_pop(stack, ELEMENTSOF(stack), &stack_ptr, &types, &n_struct, &n_array);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                break;
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return r;
+
+                        continue;
+                }
+
+                t = types;
+                if (n_array != (unsigned) -1)
+                        n_array--;
+                else {
+                        types++;
+                        n_struct--;
+                }
+
+                switch (*t) {
+
+                case SD_BUS_TYPE_BYTE:
+                case SD_BUS_TYPE_BOOLEAN:
+                case SD_BUS_TYPE_INT16:
+                case SD_BUS_TYPE_UINT16:
+                case SD_BUS_TYPE_INT32:
+                case SD_BUS_TYPE_UINT32:
+                case SD_BUS_TYPE_INT64:
+                case SD_BUS_TYPE_UINT64:
+                case SD_BUS_TYPE_DOUBLE:
+                case SD_BUS_TYPE_STRING:
+                case SD_BUS_TYPE_OBJECT_PATH:
+                case SD_BUS_TYPE_SIGNATURE:
+                case SD_BUS_TYPE_UNIX_FD: {
+                        void *p;
+
+                        p = va_arg(ap, void*);
+                        r = sd_bus_message_read_basic(m, *t, p);
+                        if (r < 0)
+                                return r;
+                        if (r == 0) {
+                                if (n_loop <= 1)
+                                        return 0;
+
+                                return -ENXIO;
+                        }
+
+                        break;
+                }
+
+                case SD_BUS_TYPE_ARRAY: {
+                        size_t k;
+
+                        r = signature_element_length(t + 1, &k);
+                        if (r < 0)
+                                return r;
+
+                        {
+                                char s[k + 1];
+                                memcpy(s, t + 1, k);
+                                s[k] = 0;
+
+                                r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, s);
+                                if (r < 0)
+                                        return r;
+                                if (r == 0) {
+                                        if (n_loop <= 1)
+                                                return 0;
+
+                                        return -ENXIO;
+                                }
+                        }
+
+                        if (n_array == (unsigned) -1) {
+                                types += k;
+                                n_struct -= k;
+                        }
+
+                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
+                        if (r < 0)
+                                return r;
+
+                        types = t + 1;
+                        n_struct = k;
+                        n_array = va_arg(ap, unsigned);
+
+                        break;
+                }
+
+                case SD_BUS_TYPE_VARIANT: {
+                        const char *s;
+
+                        s = va_arg(ap, const char *);
+                        if (!s)
+                                return -EINVAL;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, s);
+                        if (r < 0)
+                                return r;
+                        if (r == 0) {
+                                if (n_loop <= 1)
+                                        return 0;
+
+                                return -ENXIO;
+                        }
+
+                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
+                        if (r < 0)
+                                return r;
+
+                        types = s;
+                        n_struct = strlen(s);
+                        n_array = (unsigned) -1;
+
+                        break;
+                }
+
+                case SD_BUS_TYPE_STRUCT_BEGIN:
+                case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
+                        size_t k;
+
+                        r = signature_element_length(t, &k);
+                        if (r < 0)
+                                return r;
+
+                        {
+                                char s[k - 1];
+                                memcpy(s, t + 1, k - 2);
+                                s[k - 2] = 0;
+
+                                r = sd_bus_message_enter_container(m, *t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
+                                if (r < 0)
+                                        return r;
+                                if (r == 0) {
+                                        if (n_loop <= 1)
+                                                return 0;
+                                        return -ENXIO;
+                                }
+                        }
+
+                        if (n_array == (unsigned) -1) {
+                                types += k - 1;
+                                n_struct -= k - 1;
+                        }
+
+                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
+                        if (r < 0)
+                                return r;
+
+                        types = t + 1;
+                        n_struct = k - 2;
+                        n_array = (unsigned) -1;
+
+                        break;
+                }
+
+                default:
+                        return -EINVAL;
+                }
+        }
+
+        return 1;
+}
+
+_public_ int sd_bus_message_read(sd_bus_message *m, const char *types, ...) {
+        va_list ap;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(types, -EINVAL);
+
+        va_start(ap, types);
+        r = message_read_ap(m, types, ap);
+        va_end(ap);
+
+        return r;
+}
+
+_public_ int sd_bus_message_skip(sd_bus_message *m, const char *types) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+
+        /* If types is NULL, read exactly one element */
+        if (!types) {
+                struct bus_container *c;
+                size_t l;
+
+                if (message_end_of_signature(m))
+                        return -ENXIO;
+
+                if (message_end_of_array(m, m->rindex))
+                        return 0;
+
+                c = message_get_container(m);
+
+                r = signature_element_length(c->signature + c->index, &l);
+                if (r < 0)
+                        return r;
+
+                types = strndupa(c->signature + c->index, l);
+        }
+
+        switch (*types) {
+
+        case 0: /* Nothing to drop */
+                return 0;
+
+        case SD_BUS_TYPE_BYTE:
+        case SD_BUS_TYPE_BOOLEAN:
+        case SD_BUS_TYPE_INT16:
+        case SD_BUS_TYPE_UINT16:
+        case SD_BUS_TYPE_INT32:
+        case SD_BUS_TYPE_UINT32:
+        case SD_BUS_TYPE_INT64:
+        case SD_BUS_TYPE_UINT64:
+        case SD_BUS_TYPE_DOUBLE:
+        case SD_BUS_TYPE_STRING:
+        case SD_BUS_TYPE_OBJECT_PATH:
+        case SD_BUS_TYPE_SIGNATURE:
+        case SD_BUS_TYPE_UNIX_FD:
+
+                r = sd_bus_message_read_basic(m, *types, NULL);
+                if (r <= 0)
+                        return r;
+
+                r = sd_bus_message_skip(m, types + 1);
+                if (r < 0)
+                        return r;
+
+                return 1;
+
+        case SD_BUS_TYPE_ARRAY: {
+                size_t k;
+
+                r = signature_element_length(types + 1, &k);
+                if (r < 0)
+                        return r;
+
+                {
+                        char s[k+1];
+                        memcpy(s, types+1, k);
+                        s[k] = 0;
+
+                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, s);
+                        if (r <= 0)
+                                return r;
+
+                        for (;;) {
+                                r = sd_bus_message_skip(m, s);
+                                if (r < 0)
+                                        return r;
+                                if (r == 0)
+                                        break;
+                        }
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return r;
+                }
+
+                r = sd_bus_message_skip(m, types + 1 + k);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
+        case SD_BUS_TYPE_VARIANT: {
+                const char *contents;
+                char x;
+
+                r = sd_bus_message_peek_type(m, &x, &contents);
+                if (r <= 0)
+                        return r;
+
+                if (x != SD_BUS_TYPE_VARIANT)
+                        return -ENXIO;
+
+                r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, contents);
+                if (r <= 0)
+                        return r;
+
+                r = sd_bus_message_skip(m, contents);
+                if (r < 0)
+                        return r;
+                assert(r != 0);
+
+                r = sd_bus_message_exit_container(m);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_skip(m, types + 1);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
+        case SD_BUS_TYPE_STRUCT_BEGIN:
+        case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
+                size_t k;
+
+                r = signature_element_length(types, &k);
+                if (r < 0)
+                        return r;
+
+                {
+                        char s[k-1];
+                        memcpy(s, types+1, k-2);
+                        s[k-2] = 0;
+
+                        r = sd_bus_message_enter_container(m, *types == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
+                        if (r <= 0)
+                                return r;
+
+                        r = sd_bus_message_skip(m, s);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_exit_container(m);
+                        if (r < 0)
+                                return r;
+                }
+
+                r = sd_bus_message_skip(m, types + k);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
+        default:
+                return -EINVAL;
+        }
+}
+
+_public_ int sd_bus_message_read_array(
+                sd_bus_message *m,
+                char type,
+                const void **ptr,
+                size_t *size) {
+
+        struct bus_container *c;
+        void *p;
+        size_t sz;
+        ssize_t align;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(bus_type_is_trivial(type), -EINVAL);
+        assert_return(ptr, -EINVAL);
+        assert_return(size, -EINVAL);
+        assert_return(!BUS_MESSAGE_NEED_BSWAP(m), -EOPNOTSUPP);
+
+        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
+        if (r <= 0)
+                return r;
+
+        c = message_get_container(m);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                align = bus_gvariant_get_alignment(CHAR_TO_STR(type));
+                if (align < 0)
+                        return align;
+
+                sz = c->end - c->begin;
+        } else {
+                align = bus_type_get_alignment(type);
+                if (align < 0)
+                        return align;
+
+                sz = BUS_MESSAGE_BSWAP32(m, *c->array_size);
+        }
+
+        if (sz == 0)
+                /* Zero length array, let's return some aligned
+                 * pointer that is not NULL */
+                p = (uint8_t*) NULL + align;
+        else {
+                r = message_peek_body(m, &m->rindex, align, sz, &p);
+                if (r < 0)
+                        goto fail;
+        }
+
+        r = sd_bus_message_exit_container(m);
+        if (r < 0)
+                goto fail;
+
+        *ptr = (const void*) p;
+        *size = sz;
+
+        return 1;
+
+fail:
+        message_quit_container(m);
+        return r;
+}
+
+static int message_peek_fields(
+                sd_bus_message *m,
+                size_t *rindex,
+                size_t align,
+                size_t nbytes,
+                void **ret) {
+
+        assert(m);
+        assert(rindex);
+        assert(align > 0);
+
+        return buffer_peek(BUS_MESSAGE_FIELDS(m), m->fields_size, rindex, align, nbytes, ret);
+}
+
+static int message_peek_field_uint32(
+                sd_bus_message *m,
+                size_t *ri,
+                size_t item_size,
+                uint32_t *ret) {
+
+        int r;
+        void *q;
+
+        assert(m);
+        assert(ri);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m) && item_size != 4)
+                return -EBADMSG;
+
+        /* identical for gvariant and dbus1 */
+
+        r = message_peek_fields(m, ri, 4, 4, &q);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
+
+        return 0;
+}
+
+static int message_peek_field_uint64(
+                sd_bus_message *m,
+                size_t *ri,
+                size_t item_size,
+                uint64_t *ret) {
+
+        int r;
+        void *q;
+
+        assert(m);
+        assert(ri);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m) && item_size != 8)
+                return -EBADMSG;
+
+        /* identical for gvariant and dbus1 */
+
+        r = message_peek_fields(m, ri, 8, 8, &q);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q);
+
+        return 0;
+}
+
+static int message_peek_field_string(
+                sd_bus_message *m,
+                bool (*validate)(const char *p),
+                size_t *ri,
+                size_t item_size,
+                const char **ret) {
+
+        uint32_t l;
+        int r;
+        void *q;
+
+        assert(m);
+        assert(ri);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+
+                if (item_size <= 0)
+                        return -EBADMSG;
+
+                r = message_peek_fields(m, ri, 1, item_size, &q);
+                if (r < 0)
+                        return r;
+
+                l = item_size - 1;
+        } else {
+                r = message_peek_field_uint32(m, ri, 4, &l);
+                if (r < 0)
+                        return r;
+
+                r = message_peek_fields(m, ri, 1, l+1, &q);
+                if (r < 0)
+                        return r;
+        }
+
+        if (validate) {
+                if (!validate_nul(q, l))
+                        return -EBADMSG;
+
+                if (!validate(q))
+                        return -EBADMSG;
+        } else {
+                if (!validate_string(q, l))
+                        return -EBADMSG;
+        }
+
+        if (ret)
+                *ret = q;
+
+        return 0;
+}
+
+static int message_peek_field_signature(
+                sd_bus_message *m,
+                size_t *ri,
+                size_t item_size,
+                const char **ret) {
+
+        size_t l;
+        int r;
+        void *q;
+
+        assert(m);
+        assert(ri);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+
+                if (item_size <= 0)
+                        return -EBADMSG;
+
+                r = message_peek_fields(m, ri, 1, item_size, &q);
+                if (r < 0)
+                        return r;
+
+                l = item_size - 1;
+        } else {
+                r = message_peek_fields(m, ri, 1, 1, &q);
+                if (r < 0)
+                        return r;
+
+                l = *(uint8_t*) q;
+                r = message_peek_fields(m, ri, 1, l+1, &q);
+                if (r < 0)
+                        return r;
+        }
+
+        if (!validate_signature(q, l))
+                return -EBADMSG;
+
+        if (ret)
+                *ret = q;
+
+        return 0;
+}
+
+static int message_skip_fields(
+                sd_bus_message *m,
+                size_t *ri,
+                uint32_t array_size,
+                const char **signature) {
+
+        size_t original_index;
+        int r;
+
+        assert(m);
+        assert(ri);
+        assert(signature);
+        assert(!BUS_MESSAGE_IS_GVARIANT(m));
+
+        original_index = *ri;
+
+        for (;;) {
+                char t;
+                size_t l;
+
+                if (array_size != (uint32_t) -1 &&
+                    array_size <= *ri - original_index)
+                        return 0;
+
+                t = **signature;
+                if (!t)
+                        return 0;
+
+                if (t == SD_BUS_TYPE_STRING) {
+
+                        r = message_peek_field_string(m, NULL, ri, 0, NULL);
+                        if (r < 0)
+                                return r;
+
+                        (*signature)++;
+
+                } else if (t == SD_BUS_TYPE_OBJECT_PATH) {
+
+                        r = message_peek_field_string(m, object_path_is_valid, ri, 0, NULL);
+                        if (r < 0)
+                                return r;
+
+                        (*signature)++;
+
+                } else if (t == SD_BUS_TYPE_SIGNATURE) {
+
+                        r = message_peek_field_signature(m, ri, 0, NULL);
+                        if (r < 0)
+                                return r;
+
+                        (*signature)++;
+
+                } else if (bus_type_is_basic(t)) {
+                        ssize_t align, k;
+
+                        align = bus_type_get_alignment(t);
+                        k = bus_type_get_size(t);
+                        assert(align > 0 && k > 0);
+
+                        r = message_peek_fields(m, ri, align, k, NULL);
+                        if (r < 0)
+                                return r;
+
+                        (*signature)++;
+
+                } else if (t == SD_BUS_TYPE_ARRAY) {
+
+                        r = signature_element_length(*signature+1, &l);
+                        if (r < 0)
+                                return r;
+
+                        assert(l >= 1);
+                        {
+                                char sig[l-1], *s;
+                                uint32_t nas;
+                                int alignment;
+
+                                strncpy(sig, *signature + 1, l-1);
+                                s = sig;
+
+                                alignment = bus_type_get_alignment(sig[0]);
+                                if (alignment < 0)
+                                        return alignment;
+
+                                r = message_peek_field_uint32(m, ri, 0, &nas);
+                                if (r < 0)
+                                        return r;
+                                if (nas > BUS_ARRAY_MAX_SIZE)
+                                        return -EBADMSG;
+
+                                r = message_peek_fields(m, ri, alignment, 0, NULL);
+                                if (r < 0)
+                                        return r;
+
+                                r = message_skip_fields(m, ri, nas, (const char**) &s);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        (*signature) += 1 + l;
+
+                } else if (t == SD_BUS_TYPE_VARIANT) {
+                        const char *s;
+
+                        r = message_peek_field_signature(m, ri, 0, &s);
+                        if (r < 0)
+                                return r;
+
+                        r = message_skip_fields(m, ri, (uint32_t) -1, (const char**) &s);
+                        if (r < 0)
+                                return r;
+
+                        (*signature)++;
+
+                } else if (t == SD_BUS_TYPE_STRUCT ||
+                           t == SD_BUS_TYPE_DICT_ENTRY) {
+
+                        r = signature_element_length(*signature, &l);
+                        if (r < 0)
+                                return r;
+
+                        assert(l >= 2);
+                        {
+                                char sig[l-1], *s;
+                                strncpy(sig, *signature + 1, l-1);
+                                s = sig;
+
+                                r = message_skip_fields(m, ri, (uint32_t) -1, (const char**) &s);
+                                if (r < 0)
+                                        return r;
+                        }
+
+                        *signature += l;
+                } else
+                        return -EINVAL;
+        }
+}
+
+int bus_message_parse_fields(sd_bus_message *m) {
+        size_t ri;
+        int r;
+        uint32_t unix_fds = 0;
+        bool unix_fds_set = false;
+        void *offsets = NULL;
+        unsigned n_offsets = 0;
+        size_t sz = 0;
+        unsigned i = 0;
+
+        assert(m);
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                char *p;
+
+                /* Read the signature from the end of the body variant first */
+                sz = bus_gvariant_determine_word_size(BUS_MESSAGE_SIZE(m), 0);
+                if (m->footer_accessible < 1 + sz)
+                        return -EBADMSG;
+
+                p = (char*) m->footer + m->footer_accessible - (1 + sz);
+                for (;;) {
+                        if (p < (char*) m->footer)
+                                return -EBADMSG;
+
+                        if (*p == 0) {
+                                size_t l;
+                                char *c;
+
+                                /* We found the beginning of the signature
+                                 * string, yay! We require the body to be a
+                                 * structure, so verify it and then strip the
+                                 * opening/closing brackets. */
+
+                                l = ((char*) m->footer + m->footer_accessible) - p - (1 + sz);
+                                if (l < 2 ||
+                                    p[1] != SD_BUS_TYPE_STRUCT_BEGIN ||
+                                    p[1 + l - 1] != SD_BUS_TYPE_STRUCT_END)
+                                        return -EBADMSG;
+
+                                c = strndup(p + 1 + 1, l - 2);
+                                if (!c)
+                                        return -ENOMEM;
+
+                                free(m->root_container.signature);
+                                m->root_container.signature = c;
+                                break;
+                        }
+
+                        p--;
+                }
+
+                /* Calculate the actual user body size, by removing
+                 * the trailing variant signature and struct offset
+                 * table */
+                m->user_body_size = m->body_size - ((char*) m->footer + m->footer_accessible - p);
+
+                /* Pull out the offset table for the fields array */
+                sz = bus_gvariant_determine_word_size(m->fields_size, 0);
+                if (sz > 0) {
+                        size_t framing;
+                        void *q;
+
+                        ri = m->fields_size - sz;
+                        r = message_peek_fields(m, &ri, 1, sz, &q);
+                        if (r < 0)
+                                return r;
+
+                        framing = bus_gvariant_read_word_le(q, sz);
+                        if (framing >= m->fields_size - sz)
+                                return -EBADMSG;
+                        if ((m->fields_size - framing) % sz != 0)
+                                return -EBADMSG;
+
+                        ri = framing;
+                        r = message_peek_fields(m, &ri, 1, m->fields_size - framing, &offsets);
+                        if (r < 0)
+                                return r;
+
+                        n_offsets = (m->fields_size - framing) / sz;
+                }
+        } else
+                m->user_body_size = m->body_size;
+
+        ri = 0;
+        while (ri < m->fields_size) {
+                _cleanup_free_ char *sig = NULL;
+                const char *signature;
+                uint64_t field_type;
+                size_t item_size = (size_t) -1;
+
+                if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                        uint64_t *u64;
+
+                        if (i >= n_offsets)
+                                break;
+
+                        if (i == 0)
+                                ri = 0;
+                        else
+                                ri = ALIGN_TO(bus_gvariant_read_word_le((uint8_t*) offsets + (i-1)*sz, sz), 8);
+
+                        r = message_peek_fields(m, &ri, 8, 8, (void**) &u64);
+                        if (r < 0)
+                                return r;
+
+                        field_type = BUS_MESSAGE_BSWAP64(m, *u64);
+                } else {
+                        uint8_t *u8;
+
+                        r = message_peek_fields(m, &ri, 8, 1, (void**) &u8);
+                        if (r < 0)
+                                return r;
+
+                        field_type = *u8;
+                }
+
+                if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                        size_t where, end;
+                        char *b;
+                        void *q;
+
+                        end = bus_gvariant_read_word_le((uint8_t*) offsets + i*sz, sz);
+
+                        if (end < ri)
+                                return -EBADMSG;
+
+                        where = ri = ALIGN_TO(ri, 8);
+                        item_size = end - ri;
+                        r = message_peek_fields(m, &where, 1, item_size, &q);
+                        if (r < 0)
+                                return r;
+
+                        b = memrchr(q, 0, item_size);
+                        if (!b)
+                                return -EBADMSG;
+
+                        sig = strndup(b+1, item_size - (b+1-(char*) q));
+                        if (!sig)
+                                return -ENOMEM;
+
+                        signature = sig;
+                        item_size = b - (char*) q;
+                } else {
+                        r = message_peek_field_signature(m, &ri, 0, &signature);
+                        if (r < 0)
+                                return r;
+                }
+
+                switch (field_type) {
+
+                case _BUS_MESSAGE_HEADER_INVALID:
+                        return -EBADMSG;
+
+                case BUS_MESSAGE_HEADER_PATH:
+
+                        if (m->path)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "o"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_string(m, object_path_is_valid, &ri, item_size, &m->path);
+                        break;
+
+                case BUS_MESSAGE_HEADER_INTERFACE:
+
+                        if (m->interface)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "s"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_string(m, interface_name_is_valid, &ri, item_size, &m->interface);
+                        break;
+
+                case BUS_MESSAGE_HEADER_MEMBER:
+
+                        if (m->member)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "s"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_string(m, member_name_is_valid, &ri, item_size, &m->member);
+                        break;
+
+                case BUS_MESSAGE_HEADER_ERROR_NAME:
+
+                        if (m->error.name)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "s"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_string(m, error_name_is_valid, &ri, item_size, &m->error.name);
+                        if (r >= 0)
+                                m->error._need_free = -1;
+
+                        break;
+
+                case BUS_MESSAGE_HEADER_DESTINATION:
+
+                        if (m->destination)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "s"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_string(m, service_name_is_valid, &ri, item_size, &m->destination);
+                        break;
+
+                case BUS_MESSAGE_HEADER_SENDER:
+
+                        if (m->sender)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "s"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_string(m, service_name_is_valid, &ri, item_size, &m->sender);
+
+                        if (r >= 0 && m->sender[0] == ':' && m->bus->bus_client && !m->bus->is_kernel) {
+                                m->creds.unique_name = (char*) m->sender;
+                                m->creds.mask |= SD_BUS_CREDS_UNIQUE_NAME & m->bus->creds_mask;
+                        }
+
+                        break;
+
+
+                case BUS_MESSAGE_HEADER_SIGNATURE: {
+                        const char *s;
+                        char *c;
+
+                        if (BUS_MESSAGE_IS_GVARIANT(m)) /* only applies to dbus1 */
+                                return -EBADMSG;
+
+                        if (m->root_container.signature)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "g"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_signature(m, &ri, item_size, &s);
+                        if (r < 0)
+                                return r;
+
+                        c = strdup(s);
+                        if (!c)
+                                return -ENOMEM;
+
+                        free(m->root_container.signature);
+                        m->root_container.signature = c;
+                        break;
+                }
+
+                case BUS_MESSAGE_HEADER_REPLY_SERIAL:
+
+                        if (m->reply_cookie != 0)
+                                return -EBADMSG;
+
+                        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                                /* 64bit on dbus2 */
+
+                                if (!streq(signature, "t"))
+                                        return -EBADMSG;
+
+                                r = message_peek_field_uint64(m, &ri, item_size, &m->reply_cookie);
+                                if (r < 0)
+                                        return r;
+                        } else {
+                                /* 32bit on dbus1 */
+                                uint32_t serial;
+
+                                if (!streq(signature, "u"))
+                                        return -EBADMSG;
+
+                                r = message_peek_field_uint32(m, &ri, item_size, &serial);
+                                if (r < 0)
+                                        return r;
+
+                                m->reply_cookie = serial;
+                        }
+
+                        if (m->reply_cookie == 0)
+                                return -EBADMSG;
+
+                        break;
+
+                case BUS_MESSAGE_HEADER_UNIX_FDS:
+                        if (unix_fds_set)
+                                return -EBADMSG;
+
+                        if (!streq(signature, "u"))
+                                return -EBADMSG;
+
+                        r = message_peek_field_uint32(m, &ri, item_size, &unix_fds);
+                        if (r < 0)
+                                return -EBADMSG;
+
+                        unix_fds_set = true;
+                        break;
+
+                default:
+                        if (!BUS_MESSAGE_IS_GVARIANT(m))
+                                r = message_skip_fields(m, &ri, (uint32_t) -1, (const char **) &signature);
+                }
+
+                if (r < 0)
+                        return r;
+
+                i++;
+        }
+
+        if (m->n_fds != unix_fds)
+                return -EBADMSG;
+
+        switch (m->header->type) {
+
+        case SD_BUS_MESSAGE_SIGNAL:
+                if (!m->path || !m->interface || !m->member)
+                        return -EBADMSG;
+
+                if (m->reply_cookie != 0)
+                        return -EBADMSG;
+
+                break;
+
+        case SD_BUS_MESSAGE_METHOD_CALL:
+
+                if (!m->path || !m->member)
+                        return -EBADMSG;
+
+                if (m->reply_cookie != 0)
+                        return -EBADMSG;
+
+                break;
+
+        case SD_BUS_MESSAGE_METHOD_RETURN:
+
+                if (m->reply_cookie == 0)
+                        return -EBADMSG;
+                break;
+
+        case SD_BUS_MESSAGE_METHOD_ERROR:
+
+                if (m->reply_cookie == 0 || !m->error.name)
+                        return -EBADMSG;
+                break;
+        }
+
+        /* Refuse non-local messages that claim they are local */
+        if (streq_ptr(m->path, "/org/freedesktop/DBus/Local"))
+                return -EBADMSG;
+        if (streq_ptr(m->interface, "org.freedesktop.DBus.Local"))
+                return -EBADMSG;
+        if (streq_ptr(m->sender, "org.freedesktop.DBus.Local"))
+                return -EBADMSG;
+
+        m->root_container.end = m->user_body_size;
+
+        if (BUS_MESSAGE_IS_GVARIANT(m)) {
+                r = build_struct_offsets(
+                                m,
+                                m->root_container.signature,
+                                m->user_body_size,
+                                &m->root_container.item_size,
+                                &m->root_container.offsets,
+                                &m->root_container.n_offsets);
+                if (r < 0)
+                        return r;
+        }
+
+        /* Try to read the error message, but if we can't it's a non-issue */
+        if (m->header->type == SD_BUS_MESSAGE_METHOD_ERROR)
+                (void) sd_bus_message_read(m, "s", &m->error.message);
+
+        return 0;
+}
+
+_public_ int sd_bus_message_set_destination(sd_bus_message *m, const char *destination) {
+        assert_return(m, -EINVAL);
+        assert_return(destination, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(!m->destination, -EEXIST);
+
+        return message_append_field_string(m, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, destination, &m->destination);
+}
+
+int bus_message_get_blob(sd_bus_message *m, void **buffer, size_t *sz) {
+        size_t total;
+        void *p, *e;
+        unsigned i;
+        struct bus_body_part *part;
+
+        assert(m);
+        assert(buffer);
+        assert(sz);
+
+        total = BUS_MESSAGE_SIZE(m);
+
+        p = malloc(total);
+        if (!p)
+                return -ENOMEM;
+
+        e = mempcpy(p, m->header, BUS_MESSAGE_BODY_BEGIN(m));
+        MESSAGE_FOREACH_PART(part, i, m)
+                e = mempcpy(e, part->data, part->size);
+
+        assert(total == (size_t) ((uint8_t*) e - (uint8_t*) p));
+
+        *buffer = p;
+        *sz = total;
+
+        return 0;
+}
+
+int bus_message_read_strv_extend(sd_bus_message *m, char ***l) {
+        const char *s;
+        int r;
+
+        assert(m);
+        assert(l);
+
+        r = sd_bus_message_enter_container(m, 'a', "s");
+        if (r <= 0)
+                return r;
+
+        while ((r = sd_bus_message_read_basic(m, 's', &s)) > 0) {
+                r = strv_extend(l, s);
+                if (r < 0)
+                        return r;
+        }
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_exit_container(m);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+_public_ int sd_bus_message_read_strv(sd_bus_message *m, char ***l) {
+        char **strv = NULL;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(l, -EINVAL);
+
+        r = bus_message_read_strv_extend(m, &strv);
+        if (r <= 0) {
+                strv_free(strv);
+                return r;
+        }
+
+        *l = strv;
+        return 1;
+}
+
+static int bus_message_get_arg_skip(
+                sd_bus_message *m,
+                unsigned i,
+                char *_type,
+                const char **_contents) {
+
+        unsigned j;
+        int r;
+
+        r = sd_bus_message_rewind(m, true);
+        if (r < 0)
+                return r;
+
+        for (j = 0;; j++) {
+                const char *contents;
+                char type;
+
+                r = sd_bus_message_peek_type(m, &type, &contents);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return -ENXIO;
+
+                /* Don't match against arguments after the first one we don't understand */
+                if (!IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE) &&
+                    !(type == SD_BUS_TYPE_ARRAY && STR_IN_SET(contents, "s", "o", "g")))
+                        return -ENXIO;
+
+                if (j >= i) {
+                        if (_contents)
+                                *_contents = contents;
+                        if (_type)
+                                *_type = type;
+                        return 0;
+                }
+
+                r = sd_bus_message_skip(m, NULL);
+                if (r < 0)
+                        return r;
+        }
+
+}
+
+int bus_message_get_arg(sd_bus_message *m, unsigned i, const char **str) {
+        char type;
+        int r;
+
+        assert(m);
+        assert(str);
+
+        r = bus_message_get_arg_skip(m, i, &type, NULL);
+        if (r < 0)
+                return r;
+
+        if (!IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE))
+                return -ENXIO;
+
+        return sd_bus_message_read_basic(m, type, str);
+}
+
+int bus_message_get_arg_strv(sd_bus_message *m, unsigned i, char ***strv) {
+        const char *contents;
+        char type;
+        int r;
+
+        assert(m);
+        assert(strv);
+
+        r = bus_message_get_arg_skip(m, i, &type, &contents);
+        if (r < 0)
+                return r;
+
+        if (type != SD_BUS_TYPE_ARRAY)
+                return -ENXIO;
+        if (!STR_IN_SET(contents, "s", "o", "g"))
+                return -ENXIO;
+
+        return sd_bus_message_read_strv(m, strv);
+}
+
+_public_ int sd_bus_message_get_errno(sd_bus_message *m) {
+        assert_return(m, EINVAL);
+
+        if (m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
+                return 0;
+
+        return sd_bus_error_get_errno(&m->error);
+}
+
+_public_ const char* sd_bus_message_get_signature(sd_bus_message *m, int complete) {
+        struct bus_container *c;
+
+        assert_return(m, NULL);
+
+        c = complete ? &m->root_container : message_get_container(m);
+        return strempty(c->signature);
+}
+
+_public_ int sd_bus_message_is_empty(sd_bus_message *m) {
+        assert_return(m, -EINVAL);
+
+        return isempty(m->root_container.signature);
+}
+
+_public_ int sd_bus_message_has_signature(sd_bus_message *m, const char *signature) {
+        assert_return(m, -EINVAL);
+
+        return streq(strempty(m->root_container.signature), strempty(signature));
+}
+
+_public_ int sd_bus_message_copy(sd_bus_message *m, sd_bus_message *source, int all) {
+        bool done_something = false;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(source, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(source->sealed, -EPERM);
+
+        do {
+                const char *contents;
+                char type;
+                union {
+                        uint8_t u8;
+                        uint16_t u16;
+                        int16_t s16;
+                        uint32_t u32;
+                        int32_t s32;
+                        uint64_t u64;
+                        int64_t s64;
+                        double d64;
+                        const char *string;
+                        int i;
+                } basic;
+
+                r = sd_bus_message_peek_type(source, &type, &contents);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                done_something = true;
+
+                if (bus_type_is_container(type) > 0) {
+
+                        r = sd_bus_message_enter_container(source, type, contents);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_open_container(m, type, contents);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_copy(m, source, true);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_close_container(m);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_bus_message_exit_container(source);
+                        if (r < 0)
+                                return r;
+
+                        continue;
+                }
+
+                r = sd_bus_message_read_basic(source, type, &basic);
+                if (r < 0)
+                        return r;
+
+                assert(r > 0);
+
+                if (type == SD_BUS_TYPE_OBJECT_PATH ||
+                    type == SD_BUS_TYPE_SIGNATURE ||
+                    type == SD_BUS_TYPE_STRING)
+                        r = sd_bus_message_append_basic(m, type, basic.string);
+                else
+                        r = sd_bus_message_append_basic(m, type, &basic);
+
+                if (r < 0)
+                        return r;
+
+        } while (all);
+
+        return done_something;
+}
+
+_public_ int sd_bus_message_verify_type(sd_bus_message *m, char type, const char *contents) {
+        const char *c;
+        char t;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(!type || bus_type_is_valid(type), -EINVAL);
+        assert_return(!contents || signature_is_valid(contents, true), -EINVAL);
+        assert_return(type || contents, -EINVAL);
+        assert_return(!contents || !type || bus_type_is_container(type), -EINVAL);
+
+        r = sd_bus_message_peek_type(m, &t, &c);
+        if (r <= 0)
+                return r;
+
+        if (type != 0 && type != t)
+                return 0;
+
+        if (contents && !streq_ptr(contents, c))
+                return 0;
+
+        return 1;
+}
+
+_public_ sd_bus *sd_bus_message_get_bus(sd_bus_message *m) {
+        assert_return(m, NULL);
+
+        return m->bus;
+}
+
+int bus_message_remarshal(sd_bus *bus, sd_bus_message **m) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *n = NULL;
+        usec_t timeout;
+        int r;
+
+        assert(bus);
+        assert(m);
+        assert(*m);
+
+        switch ((*m)->header->type) {
+
+        case SD_BUS_MESSAGE_SIGNAL:
+                r = sd_bus_message_new_signal(bus, &n, (*m)->path, (*m)->interface, (*m)->member);
+                if (r < 0)
+                        return r;
+
+                break;
+
+        case SD_BUS_MESSAGE_METHOD_CALL:
+                r = sd_bus_message_new_method_call(bus, &n, (*m)->destination, (*m)->path, (*m)->interface, (*m)->member);
+                if (r < 0)
+                        return r;
+
+                break;
+
+        case SD_BUS_MESSAGE_METHOD_RETURN:
+        case SD_BUS_MESSAGE_METHOD_ERROR:
+
+                n = message_new(bus, (*m)->header->type);
+                if (!n)
+                        return -ENOMEM;
+
+                n->reply_cookie = (*m)->reply_cookie;
+
+                r = message_append_reply_cookie(n, n->reply_cookie);
+                if (r < 0)
+                        return r;
+
+                if ((*m)->header->type == SD_BUS_MESSAGE_METHOD_ERROR && (*m)->error.name) {
+                        r = message_append_field_string(n, BUS_MESSAGE_HEADER_ERROR_NAME, SD_BUS_TYPE_STRING, (*m)->error.name, &n->error.message);
+                        if (r < 0)
+                                return r;
+
+                        n->error._need_free = -1;
+                }
+
+                break;
+
+        default:
+                return -EINVAL;
+        }
+
+        if ((*m)->destination && !n->destination) {
+                r = message_append_field_string(n, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, (*m)->destination, &n->destination);
+                if (r < 0)
+                        return r;
+        }
+
+        if ((*m)->sender && !n->sender) {
+                r = message_append_field_string(n, BUS_MESSAGE_HEADER_SENDER, SD_BUS_TYPE_STRING, (*m)->sender, &n->sender);
+                if (r < 0)
+                        return r;
+        }
+
+        n->header->flags |= (*m)->header->flags & (BUS_MESSAGE_NO_REPLY_EXPECTED|BUS_MESSAGE_NO_AUTO_START);
+
+        r = sd_bus_message_copy(n, *m, true);
+        if (r < 0)
+                return r;
+
+        timeout = (*m)->timeout;
+        if (timeout == 0 && !((*m)->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED))
+                timeout = BUS_DEFAULT_TIMEOUT;
+
+        r = bus_message_seal(n, BUS_MESSAGE_COOKIE(*m), timeout);
+        if (r < 0)
+                return r;
+
+        sd_bus_message_unref(*m);
+        *m = n;
+        n = NULL;
+
+        return 0;
+}
+
+int bus_message_append_sender(sd_bus_message *m, const char *sender) {
+        assert(m);
+        assert(sender);
+
+        assert_return(!m->sealed, -EPERM);
+        assert_return(!m->sender, -EPERM);
+
+        return message_append_field_string(m, BUS_MESSAGE_HEADER_SENDER, SD_BUS_TYPE_STRING, sender, &m->sender);
+}
+
+_public_ int sd_bus_message_get_priority(sd_bus_message *m, int64_t *priority) {
+        assert_return(m, -EINVAL);
+        assert_return(priority, -EINVAL);
+
+        *priority = m->priority;
+        return 0;
+}
+
+_public_ int sd_bus_message_set_priority(sd_bus_message *m, int64_t priority) {
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        m->priority = priority;
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-message.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-message.h
new file mode 100644
index 0000000000..6a2c2d533c
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-message.h
@@ -0,0 +1,244 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <byteswap.h>
+#include <stdbool.h>
+#include <sys/socket.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-creds.h"
+#include "bus-protocol.h"
+#include "macro.h"
+#include "time-util.h"
+
+struct bus_container {
+        char enclosing;
+        bool need_offsets:1;
+
+        /* Indexes into the signature  string */
+        unsigned index, saved_index;
+        char *signature;
+
+        size_t before, begin, end;
+
+        /* dbus1: pointer to the array size value, if this is a value */
+        uint32_t *array_size;
+
+        /* gvariant: list of offsets to end of children if this is struct/dict entry/array */
+        size_t *offsets, n_offsets, offsets_allocated, offset_index;
+        size_t item_size;
+
+        char *peeked_signature;
+};
+
+struct bus_body_part {
+        struct bus_body_part *next;
+        void *data;
+        void *mmap_begin;
+        size_t size;
+        size_t mapped;
+        size_t allocated;
+        uint64_t memfd_offset;
+        int memfd;
+        bool free_this:1;
+        bool munmap_this:1;
+        bool sealed:1;
+        bool is_zero:1;
+};
+
+struct sd_bus_message {
+        unsigned n_ref;
+
+        sd_bus *bus;
+
+        uint64_t reply_cookie;
+
+        const char *path;
+        const char *interface;
+        const char *member;
+        const char *destination;
+        const char *sender;
+
+        sd_bus_error error;
+
+        sd_bus_creds creds;
+
+        usec_t monotonic;
+        usec_t realtime;
+        uint64_t seqnum;
+        int64_t priority;
+        uint64_t verify_destination_id;
+
+        bool sealed:1;
+        bool dont_send:1;
+        bool allow_fds:1;
+        bool free_header:1;
+        bool free_kdbus:1;
+        bool free_fds:1;
+        bool release_kdbus:1;
+        bool poisoned:1;
+
+        /* The first and last bytes of the message */
+        struct bus_header *header;
+        void *footer;
+
+        /* How many bytes are accessible in the above pointers */
+        size_t header_accessible;
+        size_t footer_accessible;
+
+        size_t fields_size;
+        size_t body_size;
+        size_t user_body_size;
+
+        struct bus_body_part body;
+        struct bus_body_part *body_end;
+        unsigned n_body_parts;
+
+        size_t rindex;
+        struct bus_body_part *cached_rindex_part;
+        size_t cached_rindex_part_begin;
+
+        uint32_t n_fds;
+        int *fds;
+
+        struct bus_container root_container, *containers;
+        size_t n_containers;
+        size_t containers_allocated;
+
+        struct iovec *iovec;
+        struct iovec iovec_fixed[2];
+        unsigned n_iovec;
+
+        struct kdbus_msg *kdbus;
+
+        char *peeked_signature;
+
+        /* If set replies to this message must carry the signature
+         * specified here to successfully seal. This is initialized
+         * from the vtable data */
+        const char *enforced_reply_signature;
+
+        usec_t timeout;
+
+        char sender_buffer[3 + DECIMAL_STR_MAX(uint64_t) + 1];
+        char destination_buffer[3 + DECIMAL_STR_MAX(uint64_t) + 1];
+        char *destination_ptr;
+
+        size_t header_offsets[_BUS_MESSAGE_HEADER_MAX];
+        unsigned n_header_offsets;
+};
+
+static inline bool BUS_MESSAGE_NEED_BSWAP(sd_bus_message *m) {
+        return m->header->endian != BUS_NATIVE_ENDIAN;
+}
+
+static inline uint16_t BUS_MESSAGE_BSWAP16(sd_bus_message *m, uint16_t u) {
+        return BUS_MESSAGE_NEED_BSWAP(m) ? bswap_16(u) : u;
+}
+
+static inline uint32_t BUS_MESSAGE_BSWAP32(sd_bus_message *m, uint32_t u) {
+        return BUS_MESSAGE_NEED_BSWAP(m) ? bswap_32(u) : u;
+}
+
+static inline uint64_t BUS_MESSAGE_BSWAP64(sd_bus_message *m, uint64_t u) {
+        return BUS_MESSAGE_NEED_BSWAP(m) ? bswap_64(u) : u;
+}
+
+static inline uint64_t BUS_MESSAGE_COOKIE(sd_bus_message *m) {
+        if (m->header->version == 2)
+                return BUS_MESSAGE_BSWAP64(m, m->header->dbus2.cookie);
+
+        return BUS_MESSAGE_BSWAP32(m, m->header->dbus1.serial);
+}
+
+static inline size_t BUS_MESSAGE_SIZE(sd_bus_message *m) {
+        return
+                sizeof(struct bus_header) +
+                ALIGN8(m->fields_size) +
+                m->body_size;
+}
+
+static inline size_t BUS_MESSAGE_BODY_BEGIN(sd_bus_message *m) {
+        return
+                sizeof(struct bus_header) +
+                ALIGN8(m->fields_size);
+}
+
+static inline void* BUS_MESSAGE_FIELDS(sd_bus_message *m) {
+        return (uint8_t*) m->header + sizeof(struct bus_header);
+}
+
+static inline bool BUS_MESSAGE_IS_GVARIANT(sd_bus_message *m) {
+        return m->header->version == 2;
+}
+
+int bus_message_seal(sd_bus_message *m, uint64_t serial, usec_t timeout);
+int bus_message_get_blob(sd_bus_message *m, void **buffer, size_t *sz);
+int bus_message_read_strv_extend(sd_bus_message *m, char ***l);
+
+int bus_message_from_header(
+                sd_bus *bus,
+                void *header,
+                size_t header_accessible,
+                void *footer,
+                size_t footer_accessible,
+                size_t message_size,
+                int *fds,
+                unsigned n_fds,
+                const char *label,
+                size_t extra,
+                sd_bus_message **ret);
+
+int bus_message_from_malloc(
+                sd_bus *bus,
+                void *buffer,
+                size_t length,
+                int *fds,
+                unsigned n_fds,
+                const char *label,
+                sd_bus_message **ret);
+
+int bus_message_get_arg(sd_bus_message *m, unsigned i, const char **str);
+int bus_message_get_arg_strv(sd_bus_message *m, unsigned i, char ***strv);
+
+int bus_message_append_ap(sd_bus_message *m, const char *types, va_list ap);
+
+int bus_message_parse_fields(sd_bus_message *m);
+
+struct bus_body_part *message_append_part(sd_bus_message *m);
+
+#define MESSAGE_FOREACH_PART(part, i, m) \
+        for ((i) = 0, (part) = &(m)->body; (i) < (m)->n_body_parts; (i)++, (part) = (part)->next)
+
+int bus_body_part_map(struct bus_body_part *part);
+void bus_body_part_unmap(struct bus_body_part *part);
+
+int bus_message_to_errno(sd_bus_message *m);
+
+int bus_message_new_synthetic_error(sd_bus *bus, uint64_t serial, const sd_bus_error *e, sd_bus_message **m);
+
+int bus_message_remarshal(sd_bus *bus, sd_bus_message **m);
+
+int bus_message_append_sender(sd_bus_message *m, const char *sender);
+
+void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m);
+void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m);
diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-objects.c
index 9bd07ffcab..9bd07ffcab 100644
--- a/src/libsystemd/sd-bus/bus-objects.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-objects.c
diff --git a/src/libsystemd/sd-bus/bus-objects.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-objects.h
index e0b8c534ed..e0b8c534ed 100644
--- a/src/libsystemd/sd-bus/bus-objects.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-objects.h
diff --git a/src/libsystemd/sd-bus/bus-protocol.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-protocol.h
index 9d180cb284..9d180cb284 100644
--- a/src/libsystemd/sd-bus/bus-protocol.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-protocol.h
diff --git a/src/libsystemd/sd-bus/bus-signature.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-signature.c
index 7bc243494a..7bc243494a 100644
--- a/src/libsystemd/sd-bus/bus-signature.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-signature.c
diff --git a/src/libsystemd/sd-bus/bus-signature.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-signature.h
index 1e0cd7f587..1e0cd7f587 100644
--- a/src/libsystemd/sd-bus/bus-signature.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-signature.h
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-slot.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-slot.c
new file mode 100644
index 0000000000..75c1692bf5
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-slot.c
@@ -0,0 +1,286 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-control.h"
+#include "bus-objects.h"
+#include "bus-slot.h"
+#include "string-util.h"
+
+sd_bus_slot *bus_slot_allocate(
+                sd_bus *bus,
+                bool floating,
+                BusSlotType type,
+                size_t extra,
+                void *userdata) {
+
+        sd_bus_slot *slot;
+
+        assert(bus);
+
+        slot = malloc0(offsetof(sd_bus_slot, reply_callback) + extra);
+        if (!slot)
+                return NULL;
+
+        slot->n_ref = 1;
+        slot->type = type;
+        slot->bus = bus;
+        slot->floating = floating;
+        slot->userdata = userdata;
+
+        if (!floating)
+                sd_bus_ref(bus);
+
+        LIST_PREPEND(slots, bus->slots, slot);
+
+        return slot;
+}
+
+_public_ sd_bus_slot* sd_bus_slot_ref(sd_bus_slot *slot) {
+
+        if (!slot)
+                return NULL;
+
+        assert(slot->n_ref > 0);
+
+        slot->n_ref++;
+        return slot;
+}
+
+void bus_slot_disconnect(sd_bus_slot *slot) {
+        sd_bus *bus;
+
+        assert(slot);
+
+        if (!slot->bus)
+                return;
+
+        switch (slot->type) {
+
+        case BUS_REPLY_CALLBACK:
+
+                if (slot->reply_callback.cookie != 0)
+                        ordered_hashmap_remove(slot->bus->reply_callbacks, &slot->reply_callback.cookie);
+
+                if (slot->reply_callback.timeout != 0)
+                        prioq_remove(slot->bus->reply_callbacks_prioq, &slot->reply_callback, &slot->reply_callback.prioq_idx);
+
+                break;
+
+        case BUS_FILTER_CALLBACK:
+                slot->bus->filter_callbacks_modified = true;
+                LIST_REMOVE(callbacks, slot->bus->filter_callbacks, &slot->filter_callback);
+                break;
+
+        case BUS_MATCH_CALLBACK:
+
+                if (slot->match_added)
+                        bus_remove_match_internal(slot->bus, slot->match_callback.match_string, slot->match_callback.cookie);
+
+                slot->bus->match_callbacks_modified = true;
+                bus_match_remove(&slot->bus->match_callbacks, &slot->match_callback);
+
+                free(slot->match_callback.match_string);
+
+                break;
+
+        case BUS_NODE_CALLBACK:
+
+                if (slot->node_callback.node) {
+                        LIST_REMOVE(callbacks, slot->node_callback.node->callbacks, &slot->node_callback);
+                        slot->bus->nodes_modified = true;
+
+                        bus_node_gc(slot->bus, slot->node_callback.node);
+                }
+
+                break;
+
+        case BUS_NODE_ENUMERATOR:
+
+                if (slot->node_enumerator.node) {
+                        LIST_REMOVE(enumerators, slot->node_enumerator.node->enumerators, &slot->node_enumerator);
+                        slot->bus->nodes_modified = true;
+
+                        bus_node_gc(slot->bus, slot->node_enumerator.node);
+                }
+
+                break;
+
+        case BUS_NODE_OBJECT_MANAGER:
+
+                if (slot->node_object_manager.node) {
+                        LIST_REMOVE(object_managers, slot->node_object_manager.node->object_managers, &slot->node_object_manager);
+                        slot->bus->nodes_modified = true;
+
+                        bus_node_gc(slot->bus, slot->node_object_manager.node);
+                }
+
+                break;
+
+        case BUS_NODE_VTABLE:
+
+                if (slot->node_vtable.node && slot->node_vtable.interface && slot->node_vtable.vtable) {
+                        const sd_bus_vtable *v;
+
+                        for (v = slot->node_vtable.vtable; v->type != _SD_BUS_VTABLE_END; v++) {
+                                struct vtable_member *x = NULL;
+
+                                switch (v->type) {
+
+                                case _SD_BUS_VTABLE_METHOD: {
+                                        struct vtable_member key;
+
+                                        key.path = slot->node_vtable.node->path;
+                                        key.interface = slot->node_vtable.interface;
+                                        key.member = v->x.method.member;
+
+                                        x = hashmap_remove(slot->bus->vtable_methods, &key);
+                                        break;
+                                }
+
+                                case _SD_BUS_VTABLE_PROPERTY:
+                                case _SD_BUS_VTABLE_WRITABLE_PROPERTY: {
+                                        struct vtable_member key;
+
+                                        key.path = slot->node_vtable.node->path;
+                                        key.interface = slot->node_vtable.interface;
+                                        key.member = v->x.method.member;
+
+
+                                        x = hashmap_remove(slot->bus->vtable_properties, &key);
+                                        break;
+                                }}
+
+                                free(x);
+                        }
+                }
+
+                free(slot->node_vtable.interface);
+
+                if (slot->node_vtable.node) {
+                        LIST_REMOVE(vtables, slot->node_vtable.node->vtables, &slot->node_vtable);
+                        slot->bus->nodes_modified = true;
+
+                        bus_node_gc(slot->bus, slot->node_vtable.node);
+                }
+
+                break;
+
+        default:
+                assert_not_reached("Wut? Unknown slot type?");
+        }
+
+        bus = slot->bus;
+
+        slot->type = _BUS_SLOT_INVALID;
+        slot->bus = NULL;
+        LIST_REMOVE(slots, bus->slots, slot);
+
+        if (!slot->floating)
+                sd_bus_unref(bus);
+}
+
+_public_ sd_bus_slot* sd_bus_slot_unref(sd_bus_slot *slot) {
+
+        if (!slot)
+                return NULL;
+
+        assert(slot->n_ref > 0);
+
+        if (slot->n_ref > 1) {
+                slot->n_ref--;
+                return NULL;
+        }
+
+        bus_slot_disconnect(slot);
+        free(slot->description);
+        free(slot);
+
+        return NULL;
+}
+
+_public_ sd_bus* sd_bus_slot_get_bus(sd_bus_slot *slot) {
+        assert_return(slot, NULL);
+
+        return slot->bus;
+}
+
+_public_ void *sd_bus_slot_get_userdata(sd_bus_slot *slot) {
+        assert_return(slot, NULL);
+
+        return slot->userdata;
+}
+
+_public_ void *sd_bus_slot_set_userdata(sd_bus_slot *slot, void *userdata) {
+        void *ret;
+
+        assert_return(slot, NULL);
+
+        ret = slot->userdata;
+        slot->userdata = userdata;
+
+        return ret;
+}
+
+_public_ sd_bus_message *sd_bus_slot_get_current_message(sd_bus_slot *slot) {
+        assert_return(slot, NULL);
+        assert_return(slot->type >= 0, NULL);
+
+        if (slot->bus->current_slot != slot)
+                return NULL;
+
+        return slot->bus->current_message;
+}
+
+_public_ sd_bus_message_handler_t sd_bus_slot_get_current_handler(sd_bus_slot *slot) {
+        assert_return(slot, NULL);
+        assert_return(slot->type >= 0, NULL);
+
+        if (slot->bus->current_slot != slot)
+                return NULL;
+
+        return slot->bus->current_handler;
+}
+
+_public_ void* sd_bus_slot_get_current_userdata(sd_bus_slot *slot) {
+        assert_return(slot, NULL);
+        assert_return(slot->type >= 0, NULL);
+
+        if (slot->bus->current_slot != slot)
+                return NULL;
+
+        return slot->bus->current_userdata;
+}
+
+_public_ int sd_bus_slot_set_description(sd_bus_slot *slot, const char *description) {
+        assert_return(slot, -EINVAL);
+
+        return free_and_strdup(&slot->description, description);
+}
+
+_public_ int sd_bus_slot_get_description(sd_bus_slot *slot, const char **description) {
+        assert_return(slot, -EINVAL);
+        assert_return(description, -EINVAL);
+        assert_return(slot->description, -ENXIO);
+
+        *description = slot->description;
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-slot.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-slot.h
new file mode 100644
index 0000000000..b862799d1c
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-slot.h
@@ -0,0 +1,28 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "bus-internal.h"
+
+sd_bus_slot *bus_slot_allocate(sd_bus *bus, bool floating, BusSlotType type, size_t extra, void *userdata);
+
+void bus_slot_disconnect(sd_bus_slot *slot);
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-socket.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-socket.c
new file mode 100644
index 0000000000..1486d7cd55
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-socket.c
@@ -0,0 +1,1064 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <endian.h>
+#include <poll.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-socket.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "hexdecoct.h"
+#include "macro.h"
+#include "missing.h"
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "user-util.h"
+#include "utf8.h"
+#include "util.h"
+
+#define SNDBUF_SIZE (8*1024*1024)
+
+static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
+
+        while (size > 0) {
+                struct iovec *i = iov + *idx;
+
+                if (i->iov_len > size) {
+                        i->iov_base = (uint8_t*) i->iov_base + size;
+                        i->iov_len -= size;
+                        return;
+                }
+
+                size -= i->iov_len;
+
+                i->iov_base = NULL;
+                i->iov_len = 0;
+
+                (*idx)++;
+        }
+}
+
+static int append_iovec(sd_bus_message *m, const void *p, size_t sz) {
+        assert(m);
+        assert(p);
+        assert(sz > 0);
+
+        m->iovec[m->n_iovec].iov_base = (void*) p;
+        m->iovec[m->n_iovec].iov_len = sz;
+        m->n_iovec++;
+
+        return 0;
+}
+
+static int bus_message_setup_iovec(sd_bus_message *m) {
+        struct bus_body_part *part;
+        unsigned n, i;
+        int r;
+
+        assert(m);
+        assert(m->sealed);
+
+        if (m->n_iovec > 0)
+                return 0;
+
+        assert(!m->iovec);
+
+        n = 1 + m->n_body_parts;
+        if (n < ELEMENTSOF(m->iovec_fixed))
+                m->iovec = m->iovec_fixed;
+        else {
+                m->iovec = new(struct iovec, n);
+                if (!m->iovec) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        r = append_iovec(m, m->header, BUS_MESSAGE_BODY_BEGIN(m));
+        if (r < 0)
+                goto fail;
+
+        MESSAGE_FOREACH_PART(part, i, m)  {
+                r = bus_body_part_map(part);
+                if (r < 0)
+                        goto fail;
+
+                r = append_iovec(m, part->data, part->size);
+                if (r < 0)
+                        goto fail;
+        }
+
+        assert(n == m->n_iovec);
+
+        return 0;
+
+fail:
+        m->poisoned = true;
+        return r;
+}
+
+bool bus_socket_auth_needs_write(sd_bus *b) {
+
+        unsigned i;
+
+        if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
+                return false;
+
+        for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
+                struct iovec *j = b->auth_iovec + i;
+
+                if (j->iov_len > 0)
+                        return true;
+        }
+
+        return false;
+}
+
+static int bus_socket_write_auth(sd_bus *b) {
+        ssize_t k;
+
+        assert(b);
+        assert(b->state == BUS_AUTHENTICATING);
+
+        if (!bus_socket_auth_needs_write(b))
+                return 0;
+
+        if (b->prefer_writev)
+                k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
+        else {
+                struct msghdr mh;
+                zero(mh);
+
+                mh.msg_iov = b->auth_iovec + b->auth_index;
+                mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
+
+                k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
+                if (k < 0 && errno == ENOTSOCK) {
+                        b->prefer_writev = true;
+                        k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
+                }
+        }
+
+        if (k < 0)
+                return errno == EAGAIN ? 0 : -errno;
+
+        iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
+        return 1;
+}
+
+static int bus_socket_auth_verify_client(sd_bus *b) {
+        char *e, *f, *start;
+        sd_id128_t peer;
+        unsigned i;
+        int r;
+
+        assert(b);
+
+        /* We expect two response lines: "OK" and possibly
+         * "AGREE_UNIX_FD" */
+
+        e = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2);
+        if (!e)
+                return 0;
+
+        if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
+                f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
+                if (!f)
+                        return 0;
+
+                start = f + 2;
+        } else {
+                f = NULL;
+                start = e + 2;
+        }
+
+        /* Nice! We got all the lines we need. First check the OK
+         * line */
+
+        if (e - (char*) b->rbuffer != 3 + 32)
+                return -EPERM;
+
+        if (memcmp(b->rbuffer, "OK ", 3))
+                return -EPERM;
+
+        b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
+
+        for (i = 0; i < 32; i += 2) {
+                int x, y;
+
+                x = unhexchar(((char*) b->rbuffer)[3 + i]);
+                y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
+
+                if (x < 0 || y < 0)
+                        return -EINVAL;
+
+                peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
+        }
+
+        if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
+            !sd_id128_equal(b->server_id, peer))
+                return -EPERM;
+
+        b->server_id = peer;
+
+        /* And possibly check the second line, too */
+
+        if (f)
+                b->can_fds =
+                        (f - e == strlen("\r\nAGREE_UNIX_FD")) &&
+                        memcmp(e + 2, "AGREE_UNIX_FD", strlen("AGREE_UNIX_FD")) == 0;
+
+        b->rbuffer_size -= (start - (char*) b->rbuffer);
+        memmove(b->rbuffer, start, b->rbuffer_size);
+
+        r = bus_start_running(b);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static bool line_equals(const char *s, size_t m, const char *line) {
+        size_t l;
+
+        l = strlen(line);
+        if (l != m)
+                return false;
+
+        return memcmp(s, line, l) == 0;
+}
+
+static bool line_begins(const char *s, size_t m, const char *word) {
+        size_t l;
+
+        l = strlen(word);
+        if (m < l)
+                return false;
+
+        if (memcmp(s, word, l) != 0)
+                return false;
+
+        return m == l || (m > l && s[l] == ' ');
+}
+
+static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
+        _cleanup_free_ char *token = NULL;
+        size_t len;
+        int r;
+
+        if (!b->anonymous_auth)
+                return 0;
+
+        if (l <= 0)
+                return 1;
+
+        assert(p[0] == ' ');
+        p++; l--;
+
+        if (l % 2 != 0)
+                return 0;
+
+        r = unhexmem(p, l, (void **) &token, &len);
+        if (r < 0)
+                return 0;
+
+        if (memchr(token, 0, len))
+                return 0;
+
+        return !!utf8_is_valid(token);
+}
+
+static int verify_external_token(sd_bus *b, const char *p, size_t l) {
+        _cleanup_free_ char *token = NULL;
+        size_t len;
+        uid_t u;
+        int r;
+
+        /* We don't do any real authentication here. Instead, we if
+         * the owner of this bus wanted authentication he should have
+         * checked SO_PEERCRED before even creating the bus object. */
+
+        if (!b->anonymous_auth && !b->ucred_valid)
+                return 0;
+
+        if (l <= 0)
+                return 1;
+
+        assert(p[0] == ' ');
+        p++; l--;
+
+        if (l % 2 != 0)
+                return 0;
+
+        r = unhexmem(p, l, (void**) &token, &len);
+        if (r < 0)
+                return 0;
+
+        if (memchr(token, 0, len))
+                return 0;
+
+        r = parse_uid(token, &u);
+        if (r < 0)
+                return 0;
+
+        /* We ignore the passed value if anonymous authentication is
+         * on anyway. */
+        if (!b->anonymous_auth && u != b->ucred.uid)
+                return 0;
+
+        return 1;
+}
+
+static int bus_socket_auth_write(sd_bus *b, const char *t) {
+        char *p;
+        size_t l;
+
+        assert(b);
+        assert(t);
+
+        /* We only make use of the first iovec */
+        assert(b->auth_index == 0 || b->auth_index == 1);
+
+        l = strlen(t);
+        p = malloc(b->auth_iovec[0].iov_len + l);
+        if (!p)
+                return -ENOMEM;
+
+        memcpy_safe(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
+        memcpy(p + b->auth_iovec[0].iov_len, t, l);
+
+        b->auth_iovec[0].iov_base = p;
+        b->auth_iovec[0].iov_len += l;
+
+        free(b->auth_buffer);
+        b->auth_buffer = p;
+        b->auth_index = 0;
+        return 0;
+}
+
+static int bus_socket_auth_write_ok(sd_bus *b) {
+        char t[3 + 32 + 2 + 1];
+
+        assert(b);
+
+        xsprintf(t, "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
+
+        return bus_socket_auth_write(b, t);
+}
+
+static int bus_socket_auth_verify_server(sd_bus *b) {
+        char *e;
+        const char *line;
+        size_t l;
+        bool processed = false;
+        int r;
+
+        assert(b);
+
+        if (b->rbuffer_size < 1)
+                return 0;
+
+        /* First char must be a NUL byte */
+        if (*(char*) b->rbuffer != 0)
+                return -EIO;
+
+        if (b->rbuffer_size < 3)
+                return 0;
+
+        /* Begin with the first line */
+        if (b->auth_rbegin <= 0)
+                b->auth_rbegin = 1;
+
+        for (;;) {
+                /* Check if line is complete */
+                line = (char*) b->rbuffer + b->auth_rbegin;
+                e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
+                if (!e)
+                        return processed;
+
+                l = e - line;
+
+                if (line_begins(line, l, "AUTH ANONYMOUS")) {
+
+                        r = verify_anonymous_token(b, line + 14, l - 14);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                r = bus_socket_auth_write(b, "REJECTED\r\n");
+                        else {
+                                b->auth = BUS_AUTH_ANONYMOUS;
+                                r = bus_socket_auth_write_ok(b);
+                        }
+
+                } else if (line_begins(line, l, "AUTH EXTERNAL")) {
+
+                        r = verify_external_token(b, line + 13, l - 13);
+                        if (r < 0)
+                                return r;
+                        if (r == 0)
+                                r = bus_socket_auth_write(b, "REJECTED\r\n");
+                        else {
+                                b->auth = BUS_AUTH_EXTERNAL;
+                                r = bus_socket_auth_write_ok(b);
+                        }
+
+                } else if (line_begins(line, l, "AUTH"))
+                        r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
+                else if (line_equals(line, l, "CANCEL") ||
+                         line_begins(line, l, "ERROR")) {
+
+                        b->auth = _BUS_AUTH_INVALID;
+                        r = bus_socket_auth_write(b, "REJECTED\r\n");
+
+                } else if (line_equals(line, l, "BEGIN")) {
+
+                        if (b->auth == _BUS_AUTH_INVALID)
+                                r = bus_socket_auth_write(b, "ERROR\r\n");
+                        else {
+                                /* We can't leave from the auth phase
+                                 * before we haven't written
+                                 * everything queued, so let's check
+                                 * that */
+
+                                if (bus_socket_auth_needs_write(b))
+                                        return 1;
+
+                                b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
+                                memmove(b->rbuffer, e + 2, b->rbuffer_size);
+                                return bus_start_running(b);
+                        }
+
+                } else if (line_begins(line, l, "DATA")) {
+
+                        if (b->auth == _BUS_AUTH_INVALID)
+                                r = bus_socket_auth_write(b, "ERROR\r\n");
+                        else {
+                                if (b->auth == BUS_AUTH_ANONYMOUS)
+                                        r = verify_anonymous_token(b, line + 4, l - 4);
+                                else
+                                        r = verify_external_token(b, line + 4, l - 4);
+
+                                if (r < 0)
+                                        return r;
+                                if (r == 0) {
+                                        b->auth = _BUS_AUTH_INVALID;
+                                        r = bus_socket_auth_write(b, "REJECTED\r\n");
+                                } else
+                                        r = bus_socket_auth_write_ok(b);
+                        }
+                } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
+                        if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
+                                r = bus_socket_auth_write(b, "ERROR\r\n");
+                        else {
+                                b->can_fds = true;
+                                r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
+                        }
+                } else
+                        r = bus_socket_auth_write(b, "ERROR\r\n");
+
+                if (r < 0)
+                        return r;
+
+                b->auth_rbegin = e + 2 - (char*) b->rbuffer;
+
+                processed = true;
+        }
+}
+
+static int bus_socket_auth_verify(sd_bus *b) {
+        assert(b);
+
+        if (b->is_server)
+                return bus_socket_auth_verify_server(b);
+        else
+                return bus_socket_auth_verify_client(b);
+}
+
+static int bus_socket_read_auth(sd_bus *b) {
+        struct msghdr mh;
+        struct iovec iov = {};
+        size_t n;
+        ssize_t k;
+        int r;
+        void *p;
+        union {
+                struct cmsghdr cmsghdr;
+                uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
+        } control;
+        bool handle_cmsg = false;
+
+        assert(b);
+        assert(b->state == BUS_AUTHENTICATING);
+
+        r = bus_socket_auth_verify(b);
+        if (r != 0)
+                return r;
+
+        n = MAX(256u, b->rbuffer_size * 2);
+
+        if (n > BUS_AUTH_SIZE_MAX)
+                n = BUS_AUTH_SIZE_MAX;
+
+        if (b->rbuffer_size >= n)
+                return -ENOBUFS;
+
+        p = realloc(b->rbuffer, n);
+        if (!p)
+                return -ENOMEM;
+
+        b->rbuffer = p;
+
+        iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
+        iov.iov_len = n - b->rbuffer_size;
+
+        if (b->prefer_readv)
+                k = readv(b->input_fd, &iov, 1);
+        else {
+                zero(mh);
+                mh.msg_iov = &iov;
+                mh.msg_iovlen = 1;
+                mh.msg_control = &control;
+                mh.msg_controllen = sizeof(control);
+
+                k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
+                if (k < 0 && errno == ENOTSOCK) {
+                        b->prefer_readv = true;
+                        k = readv(b->input_fd, &iov, 1);
+                } else
+                        handle_cmsg = true;
+        }
+        if (k < 0)
+                return errno == EAGAIN ? 0 : -errno;
+        if (k == 0)
+                return -ECONNRESET;
+
+        b->rbuffer_size += k;
+
+        if (handle_cmsg) {
+                struct cmsghdr *cmsg;
+
+                CMSG_FOREACH(cmsg, &mh)
+                        if (cmsg->cmsg_level == SOL_SOCKET &&
+                            cmsg->cmsg_type == SCM_RIGHTS) {
+                                int j;
+
+                                /* Whut? We received fds during the auth
+                                 * protocol? Somebody is playing games with
+                                 * us. Close them all, and fail */
+                                j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
+                                close_many((int*) CMSG_DATA(cmsg), j);
+                                return -EIO;
+                        } else
+                                log_debug("Got unexpected auxiliary data with level=%d and type=%d",
+                                          cmsg->cmsg_level, cmsg->cmsg_type);
+        }
+
+        r = bus_socket_auth_verify(b);
+        if (r != 0)
+                return r;
+
+        return 1;
+}
+
+void bus_socket_setup(sd_bus *b) {
+        assert(b);
+
+        /* Increase the buffers to 8 MB */
+        fd_inc_rcvbuf(b->input_fd, SNDBUF_SIZE);
+        fd_inc_sndbuf(b->output_fd, SNDBUF_SIZE);
+
+        b->is_kernel = false;
+        b->message_version = 1;
+        b->message_endian = 0;
+}
+
+static void bus_get_peercred(sd_bus *b) {
+        int r;
+
+        assert(b);
+
+        /* Get the peer for socketpair() sockets */
+        b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
+
+        /* Get the SELinux context of the peer */
+        if (mac_selinux_have()) {
+                r = getpeersec(b->input_fd, &b->label);
+                if (r < 0 && r != -EOPNOTSUPP)
+                        log_debug_errno(r, "Failed to determine peer security context: %m");
+        }
+}
+
+static int bus_socket_start_auth_client(sd_bus *b) {
+        size_t l;
+        const char *auth_suffix, *auth_prefix;
+
+        assert(b);
+
+        if (b->anonymous_auth) {
+                auth_prefix = "\0AUTH ANONYMOUS ";
+
+                /* For ANONYMOUS auth we send some arbitrary "trace" string */
+                l = 9;
+                b->auth_buffer = hexmem("anonymous", l);
+        } else {
+                char text[DECIMAL_STR_MAX(uid_t) + 1];
+
+                auth_prefix = "\0AUTH EXTERNAL ";
+
+                xsprintf(text, UID_FMT, geteuid());
+
+                l = strlen(text);
+                b->auth_buffer = hexmem(text, l);
+        }
+
+        if (!b->auth_buffer)
+                return -ENOMEM;
+
+        if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
+                auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
+        else
+                auth_suffix = "\r\nBEGIN\r\n";
+
+        b->auth_iovec[0].iov_base = (void*) auth_prefix;
+        b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
+        b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
+        b->auth_iovec[1].iov_len = l * 2;
+        b->auth_iovec[2].iov_base = (void*) auth_suffix;
+        b->auth_iovec[2].iov_len = strlen(auth_suffix);
+
+        return bus_socket_write_auth(b);
+}
+
+int bus_socket_start_auth(sd_bus *b) {
+        assert(b);
+
+        bus_get_peercred(b);
+
+        b->state = BUS_AUTHENTICATING;
+        b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
+
+        if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
+                b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
+
+        if (b->output_fd != b->input_fd)
+                if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
+                        b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
+
+        if (b->is_server)
+                return bus_socket_read_auth(b);
+        else
+                return bus_socket_start_auth_client(b);
+}
+
+int bus_socket_connect(sd_bus *b) {
+        int r;
+
+        assert(b);
+        assert(b->input_fd < 0);
+        assert(b->output_fd < 0);
+        assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
+
+        b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+        if (b->input_fd < 0)
+                return -errno;
+
+        b->output_fd = b->input_fd;
+
+        bus_socket_setup(b);
+
+        r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
+        if (r < 0) {
+                if (errno == EINPROGRESS)
+                        return 1;
+
+                return -errno;
+        }
+
+        return bus_socket_start_auth(b);
+}
+
+int bus_socket_exec(sd_bus *b) {
+        int s[2], r;
+        pid_t pid;
+
+        assert(b);
+        assert(b->input_fd < 0);
+        assert(b->output_fd < 0);
+        assert(b->exec_path);
+
+        r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
+        if (r < 0)
+                return -errno;
+
+        pid = fork();
+        if (pid < 0) {
+                safe_close_pair(s);
+                return -errno;
+        }
+        if (pid == 0) {
+                /* Child */
+
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+
+                close_all_fds(s+1, 1);
+
+                assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
+                assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
+
+                if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
+                        safe_close(s[1]);
+
+                fd_cloexec(STDIN_FILENO, false);
+                fd_cloexec(STDOUT_FILENO, false);
+                fd_nonblock(STDIN_FILENO, false);
+                fd_nonblock(STDOUT_FILENO, false);
+
+                if (b->exec_argv)
+                        execvp(b->exec_path, b->exec_argv);
+                else {
+                        const char *argv[] = { b->exec_path, NULL };
+                        execvp(b->exec_path, (char**) argv);
+                }
+
+                _exit(EXIT_FAILURE);
+        }
+
+        safe_close(s[1]);
+        b->output_fd = b->input_fd = s[0];
+
+        bus_socket_setup(b);
+
+        return bus_socket_start_auth(b);
+}
+
+int bus_socket_take_fd(sd_bus *b) {
+        assert(b);
+
+        bus_socket_setup(b);
+
+        return bus_socket_start_auth(b);
+}
+
+int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
+        struct iovec *iov;
+        ssize_t k;
+        size_t n;
+        unsigned j;
+        int r;
+
+        assert(bus);
+        assert(m);
+        assert(idx);
+        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
+
+        if (*idx >= BUS_MESSAGE_SIZE(m))
+                return 0;
+
+        r = bus_message_setup_iovec(m);
+        if (r < 0)
+                return r;
+
+        n = m->n_iovec * sizeof(struct iovec);
+        iov = alloca(n);
+        memcpy_safe(iov, m->iovec, n);
+
+        j = 0;
+        iovec_advance(iov, &j, *idx);
+
+        if (bus->prefer_writev)
+                k = writev(bus->output_fd, iov, m->n_iovec);
+        else {
+                struct msghdr mh = {
+                        .msg_iov = iov,
+                        .msg_iovlen = m->n_iovec,
+                };
+
+                if (m->n_fds > 0) {
+                        struct cmsghdr *control;
+
+                        mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
+                        mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
+                        control->cmsg_level = SOL_SOCKET;
+                        control->cmsg_type = SCM_RIGHTS;
+                        memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
+                }
+
+                k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
+                if (k < 0 && errno == ENOTSOCK) {
+                        bus->prefer_writev = true;
+                        k = writev(bus->output_fd, iov, m->n_iovec);
+                }
+        }
+
+        if (k < 0)
+                return errno == EAGAIN ? 0 : -errno;
+
+        *idx += (size_t) k;
+        return 1;
+}
+
+static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
+        uint32_t a, b;
+        uint8_t e;
+        uint64_t sum;
+
+        assert(bus);
+        assert(need);
+        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
+
+        if (bus->rbuffer_size < sizeof(struct bus_header)) {
+                *need = sizeof(struct bus_header) + 8;
+
+                /* Minimum message size:
+                 *
+                 * Header +
+                 *
+                 *  Method Call: +2 string headers
+                 *       Signal: +3 string headers
+                 * Method Error: +1 string headers
+                 *               +1 uint32 headers
+                 * Method Reply: +1 uint32 headers
+                 *
+                 * A string header is at least 9 bytes
+                 * A uint32 header is at least 8 bytes
+                 *
+                 * Hence the minimum message size of a valid message
+                 * is header + 8 bytes */
+
+                return 0;
+        }
+
+        a = ((const uint32_t*) bus->rbuffer)[1];
+        b = ((const uint32_t*) bus->rbuffer)[3];
+
+        e = ((const uint8_t*) bus->rbuffer)[0];
+        if (e == BUS_LITTLE_ENDIAN) {
+                a = le32toh(a);
+                b = le32toh(b);
+        } else if (e == BUS_BIG_ENDIAN) {
+                a = be32toh(a);
+                b = be32toh(b);
+        } else
+                return -EBADMSG;
+
+        sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
+        if (sum >= BUS_MESSAGE_SIZE_MAX)
+                return -ENOBUFS;
+
+        *need = (size_t) sum;
+        return 0;
+}
+
+static int bus_socket_make_message(sd_bus *bus, size_t size) {
+        sd_bus_message *t;
+        void *b;
+        int r;
+
+        assert(bus);
+        assert(bus->rbuffer_size >= size);
+        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
+
+        r = bus_rqueue_make_room(bus);
+        if (r < 0)
+                return r;
+
+        if (bus->rbuffer_size > size) {
+                b = memdup((const uint8_t*) bus->rbuffer + size,
+                           bus->rbuffer_size - size);
+                if (!b)
+                        return -ENOMEM;
+        } else
+                b = NULL;
+
+        r = bus_message_from_malloc(bus,
+                                    bus->rbuffer, size,
+                                    bus->fds, bus->n_fds,
+                                    NULL,
+                                    &t);
+        if (r < 0) {
+                free(b);
+                return r;
+        }
+
+        bus->rbuffer = b;
+        bus->rbuffer_size -= size;
+
+        bus->fds = NULL;
+        bus->n_fds = 0;
+
+        bus->rqueue[bus->rqueue_size++] = t;
+
+        return 1;
+}
+
+int bus_socket_read_message(sd_bus *bus) {
+        struct msghdr mh;
+        struct iovec iov = {};
+        ssize_t k;
+        size_t need;
+        int r;
+        void *b;
+        union {
+                struct cmsghdr cmsghdr;
+                uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
+        } control;
+        bool handle_cmsg = false;
+
+        assert(bus);
+        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
+
+        r = bus_socket_read_message_need(bus, &need);
+        if (r < 0)
+                return r;
+
+        if (bus->rbuffer_size >= need)
+                return bus_socket_make_message(bus, need);
+
+        b = realloc(bus->rbuffer, need);
+        if (!b)
+                return -ENOMEM;
+
+        bus->rbuffer = b;
+
+        iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
+        iov.iov_len = need - bus->rbuffer_size;
+
+        if (bus->prefer_readv)
+                k = readv(bus->input_fd, &iov, 1);
+        else {
+                zero(mh);
+                mh.msg_iov = &iov;
+                mh.msg_iovlen = 1;
+                mh.msg_control = &control;
+                mh.msg_controllen = sizeof(control);
+
+                k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
+                if (k < 0 && errno == ENOTSOCK) {
+                        bus->prefer_readv = true;
+                        k = readv(bus->input_fd, &iov, 1);
+                } else
+                        handle_cmsg = true;
+        }
+        if (k < 0)
+                return errno == EAGAIN ? 0 : -errno;
+        if (k == 0)
+                return -ECONNRESET;
+
+        bus->rbuffer_size += k;
+
+        if (handle_cmsg) {
+                struct cmsghdr *cmsg;
+
+                CMSG_FOREACH(cmsg, &mh)
+                        if (cmsg->cmsg_level == SOL_SOCKET &&
+                            cmsg->cmsg_type == SCM_RIGHTS) {
+                                int n, *f;
+
+                                n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
+
+                                if (!bus->can_fds) {
+                                        /* Whut? We received fds but this
+                                         * isn't actually enabled? Close them,
+                                         * and fail */
+
+                                        close_many((int*) CMSG_DATA(cmsg), n);
+                                        return -EIO;
+                                }
+
+                                f = realloc(bus->fds, sizeof(int) * (bus->n_fds + n));
+                                if (!f) {
+                                        close_many((int*) CMSG_DATA(cmsg), n);
+                                        return -ENOMEM;
+                                }
+
+                                memcpy_safe(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
+                                bus->fds = f;
+                                bus->n_fds += n;
+                        } else
+                                log_debug("Got unexpected auxiliary data with level=%d and type=%d",
+                                          cmsg->cmsg_level, cmsg->cmsg_type);
+        }
+
+        r = bus_socket_read_message_need(bus, &need);
+        if (r < 0)
+                return r;
+
+        if (bus->rbuffer_size >= need)
+                return bus_socket_make_message(bus, need);
+
+        return 1;
+}
+
+int bus_socket_process_opening(sd_bus *b) {
+        int error = 0;
+        socklen_t slen = sizeof(error);
+        struct pollfd p = {
+                .fd = b->output_fd,
+                .events = POLLOUT,
+        };
+        int r;
+
+        assert(b->state == BUS_OPENING);
+
+        r = poll(&p, 1, 0);
+        if (r < 0)
+                return -errno;
+
+        if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
+                return 0;
+
+        r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
+        if (r < 0)
+                b->last_connect_error = errno;
+        else if (error != 0)
+                b->last_connect_error = error;
+        else if (p.revents & (POLLERR|POLLHUP))
+                b->last_connect_error = ECONNREFUSED;
+        else
+                return bus_socket_start_auth(b);
+
+        return bus_next_address(b);
+}
+
+int bus_socket_process_authenticating(sd_bus *b) {
+        int r;
+
+        assert(b);
+        assert(b->state == BUS_AUTHENTICATING);
+
+        if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
+                return -ETIMEDOUT;
+
+        r = bus_socket_write_auth(b);
+        if (r != 0)
+                return r;
+
+        return bus_socket_read_auth(b);
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-socket.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-socket.h
new file mode 100644
index 0000000000..6e1d32e6a7
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-socket.h
@@ -0,0 +1,37 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+void bus_socket_setup(sd_bus *b);
+
+int bus_socket_connect(sd_bus *b);
+int bus_socket_exec(sd_bus *b);
+int bus_socket_take_fd(sd_bus *b);
+int bus_socket_start_auth(sd_bus *b);
+
+int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx);
+int bus_socket_read_message(sd_bus *bus);
+
+int bus_socket_process_opening(sd_bus *b);
+int bus_socket_process_authenticating(sd_bus *b);
+
+bool bus_socket_auth_needs_write(sd_bus *b);
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-track.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-track.c
new file mode 100644
index 0000000000..81e6d22816
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-track.c
@@ -0,0 +1,337 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-internal.h"
+#include "bus-track.h"
+#include "bus-util.h"
+
+struct sd_bus_track {
+        unsigned n_ref;
+        sd_bus *bus;
+        sd_bus_track_handler_t handler;
+        void *userdata;
+        Hashmap *names;
+        LIST_FIELDS(sd_bus_track, queue);
+        Iterator iterator;
+        bool in_queue;
+        bool modified;
+};
+
+#define MATCH_PREFIX                                        \
+        "type='signal',"                                    \
+        "sender='org.freedesktop.DBus',"                    \
+        "path='/org/freedesktop/DBus',"                     \
+        "interface='org.freedesktop.DBus',"                 \
+        "member='NameOwnerChanged',"                        \
+        "arg0='"
+
+#define MATCH_SUFFIX \
+        "'"
+
+#define MATCH_FOR_NAME(name)                                            \
+        ({                                                              \
+                char *_x;                                               \
+                size_t _l = strlen(name);                               \
+                _x = alloca(strlen(MATCH_PREFIX)+_l+strlen(MATCH_SUFFIX)+1); \
+                strcpy(stpcpy(stpcpy(_x, MATCH_PREFIX), name), MATCH_SUFFIX); \
+                _x;                                                     \
+        })
+
+static void bus_track_add_to_queue(sd_bus_track *track) {
+        assert(track);
+
+        if (track->in_queue)
+                return;
+
+        if (!track->handler)
+                return;
+
+        LIST_PREPEND(queue, track->bus->track_queue, track);
+        track->in_queue = true;
+}
+
+static void bus_track_remove_from_queue(sd_bus_track *track) {
+        assert(track);
+
+        if (!track->in_queue)
+                return;
+
+        LIST_REMOVE(queue, track->bus->track_queue, track);
+        track->in_queue = false;
+}
+
+_public_ int sd_bus_track_new(
+                sd_bus *bus,
+                sd_bus_track **track,
+                sd_bus_track_handler_t handler,
+                void *userdata) {
+
+        sd_bus_track *t;
+
+        assert_return(bus, -EINVAL);
+        assert_return(track, -EINVAL);
+
+        if (!bus->bus_client)
+                return -EINVAL;
+
+        t = new0(sd_bus_track, 1);
+        if (!t)
+                return -ENOMEM;
+
+        t->n_ref = 1;
+        t->handler = handler;
+        t->userdata = userdata;
+        t->bus = sd_bus_ref(bus);
+
+        bus_track_add_to_queue(t);
+
+        *track = t;
+        return 0;
+}
+
+_public_ sd_bus_track* sd_bus_track_ref(sd_bus_track *track) {
+
+        if (!track)
+                return NULL;
+
+        assert(track->n_ref > 0);
+
+        track->n_ref++;
+
+        return track;
+}
+
+_public_ sd_bus_track* sd_bus_track_unref(sd_bus_track *track) {
+        const char *n;
+
+        if (!track)
+                return NULL;
+
+        assert(track->n_ref > 0);
+
+        if (track->n_ref > 1) {
+                track->n_ref--;
+                return NULL;
+        }
+
+        while ((n = hashmap_first_key(track->names)))
+                sd_bus_track_remove_name(track, n);
+
+        bus_track_remove_from_queue(track);
+        hashmap_free(track->names);
+        sd_bus_unref(track->bus);
+        free(track);
+
+        return NULL;
+}
+
+static int on_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        sd_bus_track *track = userdata;
+        const char *name, *old, *new;
+        int r;
+
+        assert(message);
+        assert(track);
+
+        r = sd_bus_message_read(message, "sss", &name, &old, &new);
+        if (r < 0)
+                return 0;
+
+        sd_bus_track_remove_name(track, name);
+        return 0;
+}
+
+_public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
+        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
+        _cleanup_free_ char *n = NULL;
+        const char *match;
+        int r;
+
+        assert_return(track, -EINVAL);
+        assert_return(service_name_is_valid(name), -EINVAL);
+
+        r = hashmap_ensure_allocated(&track->names, &string_hash_ops);
+        if (r < 0)
+                return r;
+
+        n = strdup(name);
+        if (!n)
+                return -ENOMEM;
+
+        /* First, subscribe to this name */
+        match = MATCH_FOR_NAME(n);
+        r = sd_bus_add_match(track->bus, &slot, match, on_name_owner_changed, track);
+        if (r < 0)
+                return r;
+
+        r = hashmap_put(track->names, n, slot);
+        if (r == -EEXIST)
+                return 0;
+        if (r < 0)
+                return r;
+
+        /* Second, check if it is currently existing, or maybe
+         * doesn't, or maybe disappeared already. */
+        r = sd_bus_get_name_creds(track->bus, n, 0, NULL);
+        if (r < 0) {
+                hashmap_remove(track->names, n);
+                return r;
+        }
+
+        n = NULL;
+        slot = NULL;
+
+        bus_track_remove_from_queue(track);
+        track->modified = true;
+
+        return 1;
+}
+
+_public_ int sd_bus_track_remove_name(sd_bus_track *track, const char *name) {
+        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
+        _cleanup_free_ char *n = NULL;
+
+        assert_return(name, -EINVAL);
+
+        if (!track)
+                return 0;
+
+        slot = hashmap_remove2(track->names, (char*) name, (void**) &n);
+        if (!slot)
+                return 0;
+
+        if (hashmap_isempty(track->names))
+                bus_track_add_to_queue(track);
+
+        track->modified = true;
+
+        return 1;
+}
+
+_public_ unsigned sd_bus_track_count(sd_bus_track *track) {
+        if (!track)
+                return 0;
+
+        return hashmap_size(track->names);
+}
+
+_public_ const char* sd_bus_track_contains(sd_bus_track *track, const char *name) {
+        assert_return(track, NULL);
+        assert_return(name, NULL);
+
+        return hashmap_get(track->names, (void*) name) ? name : NULL;
+}
+
+_public_ const char* sd_bus_track_first(sd_bus_track *track) {
+        const char *n = NULL;
+
+        if (!track)
+                return NULL;
+
+        track->modified = false;
+        track->iterator = ITERATOR_FIRST;
+
+        hashmap_iterate(track->names, &track->iterator, NULL, (const void**) &n);
+        return n;
+}
+
+_public_ const char* sd_bus_track_next(sd_bus_track *track) {
+        const char *n = NULL;
+
+        if (!track)
+                return NULL;
+
+        if (track->modified)
+                return NULL;
+
+        hashmap_iterate(track->names, &track->iterator, NULL, (const void**) &n);
+        return n;
+}
+
+_public_ int sd_bus_track_add_sender(sd_bus_track *track, sd_bus_message *m) {
+        const char *sender;
+
+        assert_return(track, -EINVAL);
+        assert_return(m, -EINVAL);
+
+        sender = sd_bus_message_get_sender(m);
+        if (!sender)
+                return -EINVAL;
+
+        return sd_bus_track_add_name(track, sender);
+}
+
+_public_ int sd_bus_track_remove_sender(sd_bus_track *track, sd_bus_message *m) {
+        const char *sender;
+
+        assert_return(track, -EINVAL);
+        assert_return(m, -EINVAL);
+
+        sender = sd_bus_message_get_sender(m);
+        if (!sender)
+                return -EINVAL;
+
+        return sd_bus_track_remove_name(track, sender);
+}
+
+_public_ sd_bus* sd_bus_track_get_bus(sd_bus_track *track) {
+        assert_return(track, NULL);
+
+        return track->bus;
+}
+
+void bus_track_dispatch(sd_bus_track *track) {
+        int r;
+
+        assert(track);
+        assert(track->in_queue);
+        assert(track->handler);
+
+        bus_track_remove_from_queue(track);
+
+        sd_bus_track_ref(track);
+
+        r = track->handler(track, track->userdata);
+        if (r < 0)
+                log_debug_errno(r, "Failed to process track handler: %m");
+        else if (r == 0)
+                bus_track_add_to_queue(track);
+
+        sd_bus_track_unref(track);
+}
+
+_public_ void *sd_bus_track_get_userdata(sd_bus_track *track) {
+        assert_return(track, NULL);
+
+        return track->userdata;
+}
+
+_public_ void *sd_bus_track_set_userdata(sd_bus_track *track, void *userdata) {
+        void *ret;
+
+        assert_return(track, NULL);
+
+        ret = track->userdata;
+        track->userdata = userdata;
+
+        return ret;
+}
diff --git a/src/libsystemd/sd-bus/bus-track.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-track.h
index 7d93a727d6..7d93a727d6 100644
--- a/src/libsystemd/sd-bus/bus-track.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-track.h
diff --git a/src/libsystemd/sd-bus/bus-type.c b/src/libsystemd/libsystemd-internal/sd-bus/bus-type.c
index c692afc580..c692afc580 100644
--- a/src/libsystemd/sd-bus/bus-type.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-type.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/bus-type.h b/src/libsystemd/libsystemd-internal/sd-bus/bus-type.h
new file mode 100644
index 0000000000..7169b0f765
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/bus-type.h
@@ -0,0 +1,37 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-bus.h>
+
+#include "macro.h"
+
+bool bus_type_is_valid(char c) _const_;
+bool bus_type_is_valid_in_signature(char c) _const_;
+bool bus_type_is_basic(char c) _const_;
+/* "trivial" is systemd's term for what the D-Bus Specification calls
+ * a "fixed type": that is, a basic type of fixed length */
+bool bus_type_is_trivial(char c) _const_;
+bool bus_type_is_container(char c) _const_;
+
+int bus_type_get_alignment(char c) _const_;
+int bus_type_get_size(char c) _const_;
diff --git a/src/libsystemd/sd-bus/kdbus.h b/src/libsystemd/libsystemd-internal/sd-bus/kdbus.h
index ecffc6b13c..ecffc6b13c 100644
--- a/src/libsystemd/sd-bus/kdbus.h
+++ b/src/libsystemd/libsystemd-internal/sd-bus/kdbus.h
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/sd-bus.c b/src/libsystemd/libsystemd-internal/sd-bus/sd-bus.c
new file mode 100644
index 0000000000..d3c194e135
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/sd-bus.c
@@ -0,0 +1,3791 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <endian.h>
+#include <netdb.h>
+#include <poll.h>
+#include <pthread.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-container.h"
+#include "bus-control.h"
+#include "bus-internal.h"
+#include "bus-kernel.h"
+#include "bus-label.h"
+#include "bus-message.h"
+#include "bus-objects.h"
+#include "bus-protocol.h"
+#include "bus-slot.h"
+#include "bus-socket.h"
+#include "bus-track.h"
+#include "bus-type.h"
+#include "bus-util.h"
+#include "cgroup-util.h"
+#include "def.h"
+#include "fd-util.h"
+#include "hexdecoct.h"
+#include "hostname-util.h"
+#include "macro.h"
+#include "missing.h"
+#include "parse-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+#define log_debug_bus_message(m)                                         \
+        do {                                                             \
+                sd_bus_message *_mm = (m);                               \
+                log_debug("Got message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " error=%s", \
+                          bus_message_type_to_string(_mm->header->type), \
+                          strna(sd_bus_message_get_sender(_mm)),         \
+                          strna(sd_bus_message_get_destination(_mm)),    \
+                          strna(sd_bus_message_get_path(_mm)),           \
+                          strna(sd_bus_message_get_interface(_mm)),      \
+                          strna(sd_bus_message_get_member(_mm)),         \
+                          BUS_MESSAGE_COOKIE(_mm),                       \
+                          _mm->reply_cookie,                             \
+                          strna(_mm->error.message));                    \
+        } while (false)
+
+static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
+static int attach_io_events(sd_bus *b);
+static void detach_io_events(sd_bus *b);
+
+static thread_local sd_bus *default_system_bus = NULL;
+static thread_local sd_bus *default_user_bus = NULL;
+static thread_local sd_bus *default_starter_bus = NULL;
+
+static void bus_close_fds(sd_bus *b) {
+        assert(b);
+
+        detach_io_events(b);
+
+        if (b->input_fd != b->output_fd)
+                safe_close(b->output_fd);
+        b->output_fd = b->input_fd = safe_close(b->input_fd);
+}
+
+static void bus_reset_queues(sd_bus *b) {
+        assert(b);
+
+        while (b->rqueue_size > 0)
+                sd_bus_message_unref(b->rqueue[--b->rqueue_size]);
+
+        b->rqueue = mfree(b->rqueue);
+        b->rqueue_allocated = 0;
+
+        while (b->wqueue_size > 0)
+                sd_bus_message_unref(b->wqueue[--b->wqueue_size]);
+
+        b->wqueue = mfree(b->wqueue);
+        b->wqueue_allocated = 0;
+}
+
+static void bus_free(sd_bus *b) {
+        sd_bus_slot *s;
+
+        assert(b);
+        assert(!b->track_queue);
+
+        b->state = BUS_CLOSED;
+
+        sd_bus_detach_event(b);
+
+        while ((s = b->slots)) {
+                /* At this point only floating slots can still be
+                 * around, because the non-floating ones keep a
+                 * reference to the bus, and we thus couldn't be
+                 * destructing right now... We forcibly disconnect the
+                 * slots here, so that they still can be referenced by
+                 * apps, but are dead. */
+
+                assert(s->floating);
+                bus_slot_disconnect(s);
+                sd_bus_slot_unref(s);
+        }
+
+        if (b->default_bus_ptr)
+                *b->default_bus_ptr = NULL;
+
+        bus_close_fds(b);
+
+        if (b->kdbus_buffer)
+                munmap(b->kdbus_buffer, KDBUS_POOL_SIZE);
+
+        free(b->label);
+        free(b->rbuffer);
+        free(b->unique_name);
+        free(b->auth_buffer);
+        free(b->address);
+        free(b->kernel);
+        free(b->machine);
+        free(b->fake_label);
+        free(b->cgroup_root);
+        free(b->description);
+
+        free(b->exec_path);
+        strv_free(b->exec_argv);
+
+        close_many(b->fds, b->n_fds);
+        free(b->fds);
+
+        bus_reset_queues(b);
+
+        ordered_hashmap_free_free(b->reply_callbacks);
+        prioq_free(b->reply_callbacks_prioq);
+
+        assert(b->match_callbacks.type == BUS_MATCH_ROOT);
+        bus_match_free(&b->match_callbacks);
+
+        hashmap_free_free(b->vtable_methods);
+        hashmap_free_free(b->vtable_properties);
+
+        assert(hashmap_isempty(b->nodes));
+        hashmap_free(b->nodes);
+
+        bus_kernel_flush_memfd(b);
+
+        assert_se(pthread_mutex_destroy(&b->memfd_cache_mutex) == 0);
+
+        free(b);
+}
+
+_public_ int sd_bus_new(sd_bus **ret) {
+        sd_bus *r;
+
+        assert_return(ret, -EINVAL);
+
+        r = new0(sd_bus, 1);
+        if (!r)
+                return -ENOMEM;
+
+        r->n_ref = REFCNT_INIT;
+        r->input_fd = r->output_fd = -1;
+        r->message_version = 1;
+        r->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
+        r->hello_flags |= KDBUS_HELLO_ACCEPT_FD;
+        r->attach_flags |= KDBUS_ATTACH_NAMES;
+        r->original_pid = getpid();
+
+        assert_se(pthread_mutex_init(&r->memfd_cache_mutex, NULL) == 0);
+
+        /* We guarantee that wqueue always has space for at least one
+         * entry */
+        if (!GREEDY_REALLOC(r->wqueue, r->wqueue_allocated, 1)) {
+                free(r);
+                return -ENOMEM;
+        }
+
+        *ret = r;
+        return 0;
+}
+
+_public_ int sd_bus_set_address(sd_bus *bus, const char *address) {
+        char *a;
+
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(address, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        a = strdup(address);
+        if (!a)
+                return -ENOMEM;
+
+        free(bus->address);
+        bus->address = a;
+
+        return 0;
+}
+
+_public_ int sd_bus_set_fd(sd_bus *bus, int input_fd, int output_fd) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(input_fd >= 0, -EBADF);
+        assert_return(output_fd >= 0, -EBADF);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->input_fd = input_fd;
+        bus->output_fd = output_fd;
+        return 0;
+}
+
+_public_ int sd_bus_set_exec(sd_bus *bus, const char *path, char *const argv[]) {
+        char *p, **a;
+
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(path, -EINVAL);
+        assert_return(!strv_isempty(argv), -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        p = strdup(path);
+        if (!p)
+                return -ENOMEM;
+
+        a = strv_copy(argv);
+        if (!a) {
+                free(p);
+                return -ENOMEM;
+        }
+
+        free(bus->exec_path);
+        strv_free(bus->exec_argv);
+
+        bus->exec_path = p;
+        bus->exec_argv = a;
+
+        return 0;
+}
+
+_public_ int sd_bus_set_bus_client(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->bus_client = !!b;
+        return 0;
+}
+
+_public_ int sd_bus_set_monitor(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        SET_FLAG(bus->hello_flags, KDBUS_HELLO_MONITOR, b);
+        return 0;
+}
+
+_public_ int sd_bus_negotiate_fds(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        SET_FLAG(bus->hello_flags, KDBUS_HELLO_ACCEPT_FD, b);
+        return 0;
+}
+
+_public_ int sd_bus_negotiate_timestamp(sd_bus *bus, int b) {
+        uint64_t new_flags;
+        assert_return(bus, -EINVAL);
+        assert_return(!IN_SET(bus->state, BUS_CLOSING, BUS_CLOSED), -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        new_flags = bus->attach_flags;
+        SET_FLAG(new_flags, KDBUS_ATTACH_TIMESTAMP, b);
+
+        if (bus->attach_flags == new_flags)
+                return 0;
+
+        bus->attach_flags = new_flags;
+        if (bus->state != BUS_UNSET && bus->is_kernel)
+                bus_kernel_realize_attach_flags(bus);
+
+        return 0;
+}
+
+_public_ int sd_bus_negotiate_creds(sd_bus *bus, int b, uint64_t mask) {
+        uint64_t new_flags;
+
+        assert_return(bus, -EINVAL);
+        assert_return(mask <= _SD_BUS_CREDS_ALL, -EINVAL);
+        assert_return(!IN_SET(bus->state, BUS_CLOSING, BUS_CLOSED), -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        SET_FLAG(bus->creds_mask, mask, b);
+
+        /* The well knowns we need unconditionally, so that matches can work */
+        bus->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
+
+        /* Make sure we don't lose the timestamp flag */
+        new_flags = (bus->attach_flags & KDBUS_ATTACH_TIMESTAMP) | attach_flags_to_kdbus(bus->creds_mask);
+        if (bus->attach_flags == new_flags)
+                return 0;
+
+        bus->attach_flags = new_flags;
+        if (bus->state != BUS_UNSET && bus->is_kernel)
+                bus_kernel_realize_attach_flags(bus);
+
+        return 0;
+}
+
+_public_ int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id) {
+        assert_return(bus, -EINVAL);
+        assert_return(b || sd_id128_equal(server_id, SD_ID128_NULL), -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->is_server = !!b;
+        bus->server_id = server_id;
+        return 0;
+}
+
+_public_ int sd_bus_set_anonymous(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->anonymous_auth = !!b;
+        return 0;
+}
+
+_public_ int sd_bus_set_trusted(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->trusted = !!b;
+        return 0;
+}
+
+_public_ int sd_bus_set_description(sd_bus *bus, const char *description) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return free_and_strdup(&bus->description, description);
+}
+
+_public_ int sd_bus_set_allow_interactive_authorization(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->allow_interactive_authorization = !!b;
+        return 0;
+}
+
+_public_ int sd_bus_get_allow_interactive_authorization(sd_bus *bus) {
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return bus->allow_interactive_authorization;
+}
+
+static int hello_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
+        const char *s;
+        sd_bus *bus;
+        int r;
+
+        assert(reply);
+        bus = reply->bus;
+        assert(bus);
+        assert(bus->state == BUS_HELLO || bus->state == BUS_CLOSING);
+
+        r = sd_bus_message_get_errno(reply);
+        if (r > 0)
+                return -r;
+
+        r = sd_bus_message_read(reply, "s", &s);
+        if (r < 0)
+                return r;
+
+        if (!service_name_is_valid(s) || s[0] != ':')
+                return -EBADMSG;
+
+        bus->unique_name = strdup(s);
+        if (!bus->unique_name)
+                return -ENOMEM;
+
+        if (bus->state == BUS_HELLO)
+                bus->state = BUS_RUNNING;
+
+        return 1;
+}
+
+static int bus_send_hello(sd_bus *bus) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        int r;
+
+        assert(bus);
+
+        if (!bus->bus_client || bus->is_kernel)
+                return 0;
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.DBus",
+                        "/org/freedesktop/DBus",
+                        "org.freedesktop.DBus",
+                        "Hello");
+        if (r < 0)
+                return r;
+
+        return sd_bus_call_async(bus, NULL, m, hello_callback, NULL, 0);
+}
+
+int bus_start_running(sd_bus *bus) {
+        assert(bus);
+
+        if (bus->bus_client && !bus->is_kernel) {
+                bus->state = BUS_HELLO;
+                return 1;
+        }
+
+        bus->state = BUS_RUNNING;
+        return 1;
+}
+
+static int parse_address_key(const char **p, const char *key, char **value) {
+        size_t l, n = 0, allocated = 0;
+        const char *a;
+        char *r = NULL;
+
+        assert(p);
+        assert(*p);
+        assert(value);
+
+        if (key) {
+                l = strlen(key);
+                if (strncmp(*p, key, l) != 0)
+                        return 0;
+
+                if ((*p)[l] != '=')
+                        return 0;
+
+                if (*value)
+                        return -EINVAL;
+
+                a = *p + l + 1;
+        } else
+                a = *p;
+
+        while (*a != ';' && *a != ',' && *a != 0) {
+                char c;
+
+                if (*a == '%') {
+                        int x, y;
+
+                        x = unhexchar(a[1]);
+                        if (x < 0) {
+                                free(r);
+                                return x;
+                        }
+
+                        y = unhexchar(a[2]);
+                        if (y < 0) {
+                                free(r);
+                                return y;
+                        }
+
+                        c = (char) ((x << 4) | y);
+                        a += 3;
+                } else {
+                        c = *a;
+                        a++;
+                }
+
+                if (!GREEDY_REALLOC(r, allocated, n + 2))
+                        return -ENOMEM;
+
+                r[n++] = c;
+        }
+
+        if (!r) {
+                r = strdup("");
+                if (!r)
+                        return -ENOMEM;
+        } else
+                r[n] = 0;
+
+        if (*a == ',')
+                a++;
+
+        *p = a;
+
+        free(*value);
+        *value = r;
+
+        return 1;
+}
+
+static void skip_address_key(const char **p) {
+        assert(p);
+        assert(*p);
+
+        *p += strcspn(*p, ",");
+
+        if (**p == ',')
+                (*p)++;
+}
+
+static int parse_unix_address(sd_bus *b, const char **p, char **guid) {
+        _cleanup_free_ char *path = NULL, *abstract = NULL;
+        size_t l;
+        int r;
+
+        assert(b);
+        assert(p);
+        assert(*p);
+        assert(guid);
+
+        while (**p != 0 && **p != ';') {
+                r = parse_address_key(p, "guid", guid);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "path", &path);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "abstract", &abstract);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                skip_address_key(p);
+        }
+
+        if (!path && !abstract)
+                return -EINVAL;
+
+        if (path && abstract)
+                return -EINVAL;
+
+        if (path) {
+                l = strlen(path);
+                if (l > sizeof(b->sockaddr.un.sun_path))
+                        return -E2BIG;
+
+                b->sockaddr.un.sun_family = AF_UNIX;
+                strncpy(b->sockaddr.un.sun_path, path, sizeof(b->sockaddr.un.sun_path));
+                b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + l;
+        } else if (abstract) {
+                l = strlen(abstract);
+                if (l > sizeof(b->sockaddr.un.sun_path) - 1)
+                        return -E2BIG;
+
+                b->sockaddr.un.sun_family = AF_UNIX;
+                b->sockaddr.un.sun_path[0] = 0;
+                strncpy(b->sockaddr.un.sun_path+1, abstract, sizeof(b->sockaddr.un.sun_path)-1);
+                b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
+        }
+
+        return 0;
+}
+
+static int parse_tcp_address(sd_bus *b, const char **p, char **guid) {
+        _cleanup_free_ char *host = NULL, *port = NULL, *family = NULL;
+        int r;
+        struct addrinfo *result, hints = {
+                .ai_socktype = SOCK_STREAM,
+                .ai_flags = AI_ADDRCONFIG,
+        };
+
+        assert(b);
+        assert(p);
+        assert(*p);
+        assert(guid);
+
+        while (**p != 0 && **p != ';') {
+                r = parse_address_key(p, "guid", guid);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "host", &host);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "port", &port);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "family", &family);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                skip_address_key(p);
+        }
+
+        if (!host || !port)
+                return -EINVAL;
+
+        if (family) {
+                if (streq(family, "ipv4"))
+                        hints.ai_family = AF_INET;
+                else if (streq(family, "ipv6"))
+                        hints.ai_family = AF_INET6;
+                else
+                        return -EINVAL;
+        }
+
+        r = getaddrinfo(host, port, &hints, &result);
+        if (r == EAI_SYSTEM)
+                return -errno;
+        else if (r != 0)
+                return -EADDRNOTAVAIL;
+
+        memcpy(&b->sockaddr, result->ai_addr, result->ai_addrlen);
+        b->sockaddr_size = result->ai_addrlen;
+
+        freeaddrinfo(result);
+
+        return 0;
+}
+
+static int parse_exec_address(sd_bus *b, const char **p, char **guid) {
+        char *path = NULL;
+        unsigned n_argv = 0, j;
+        char **argv = NULL;
+        size_t allocated = 0;
+        int r;
+
+        assert(b);
+        assert(p);
+        assert(*p);
+        assert(guid);
+
+        while (**p != 0 && **p != ';') {
+                r = parse_address_key(p, "guid", guid);
+                if (r < 0)
+                        goto fail;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "path", &path);
+                if (r < 0)
+                        goto fail;
+                else if (r > 0)
+                        continue;
+
+                if (startswith(*p, "argv")) {
+                        unsigned ul;
+
+                        errno = 0;
+                        ul = strtoul(*p + 4, (char**) p, 10);
+                        if (errno > 0 || **p != '=' || ul > 256) {
+                                r = -EINVAL;
+                                goto fail;
+                        }
+
+                        (*p)++;
+
+                        if (ul >= n_argv) {
+                                if (!GREEDY_REALLOC0(argv, allocated, ul + 2)) {
+                                        r = -ENOMEM;
+                                        goto fail;
+                                }
+
+                                n_argv = ul + 1;
+                        }
+
+                        r = parse_address_key(p, NULL, argv + ul);
+                        if (r < 0)
+                                goto fail;
+
+                        continue;
+                }
+
+                skip_address_key(p);
+        }
+
+        if (!path) {
+                r = -EINVAL;
+                goto fail;
+        }
+
+        /* Make sure there are no holes in the array, with the
+         * exception of argv[0] */
+        for (j = 1; j < n_argv; j++)
+                if (!argv[j]) {
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+        if (argv && argv[0] == NULL) {
+                argv[0] = strdup(path);
+                if (!argv[0]) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        b->exec_path = path;
+        b->exec_argv = argv;
+        return 0;
+
+fail:
+        for (j = 0; j < n_argv; j++)
+                free(argv[j]);
+
+        free(argv);
+        free(path);
+        return r;
+}
+
+static int parse_kernel_address(sd_bus *b, const char **p, char **guid) {
+        _cleanup_free_ char *path = NULL;
+        int r;
+
+        assert(b);
+        assert(p);
+        assert(*p);
+        assert(guid);
+
+        while (**p != 0 && **p != ';') {
+                r = parse_address_key(p, "guid", guid);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "path", &path);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                skip_address_key(p);
+        }
+
+        if (!path)
+                return -EINVAL;
+
+        free(b->kernel);
+        b->kernel = path;
+        path = NULL;
+
+        return 0;
+}
+
+static int parse_container_unix_address(sd_bus *b, const char **p, char **guid) {
+        _cleanup_free_ char *machine = NULL, *pid = NULL;
+        int r;
+
+        assert(b);
+        assert(p);
+        assert(*p);
+        assert(guid);
+
+        while (**p != 0 && **p != ';') {
+                r = parse_address_key(p, "guid", guid);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "machine", &machine);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "pid", &pid);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                skip_address_key(p);
+        }
+
+        if (!machine == !pid)
+                return -EINVAL;
+
+        if (machine) {
+                if (!machine_name_is_valid(machine))
+                        return -EINVAL;
+
+                free(b->machine);
+                b->machine = machine;
+                machine = NULL;
+        } else {
+                b->machine = mfree(b->machine);
+        }
+
+        if (pid) {
+                r = parse_pid(pid, &b->nspid);
+                if (r < 0)
+                        return r;
+        } else
+                b->nspid = 0;
+
+        b->sockaddr.un.sun_family = AF_UNIX;
+        strncpy(b->sockaddr.un.sun_path, "/var/run/dbus/system_bus_socket", sizeof(b->sockaddr.un.sun_path));
+        b->sockaddr_size = SOCKADDR_UN_LEN(b->sockaddr.un);
+
+        return 0;
+}
+
+static int parse_container_kernel_address(sd_bus *b, const char **p, char **guid) {
+        _cleanup_free_ char *machine = NULL, *pid = NULL;
+        int r;
+
+        assert(b);
+        assert(p);
+        assert(*p);
+        assert(guid);
+
+        while (**p != 0 && **p != ';') {
+                r = parse_address_key(p, "guid", guid);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "machine", &machine);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                r = parse_address_key(p, "pid", &pid);
+                if (r < 0)
+                        return r;
+                else if (r > 0)
+                        continue;
+
+                skip_address_key(p);
+        }
+
+        if (!machine == !pid)
+                return -EINVAL;
+
+        if (machine) {
+                if (!machine_name_is_valid(machine))
+                        return -EINVAL;
+
+                free(b->machine);
+                b->machine = machine;
+                machine = NULL;
+        } else {
+                b->machine = mfree(b->machine);
+        }
+
+        if (pid) {
+                r = parse_pid(pid, &b->nspid);
+                if (r < 0)
+                        return r;
+        } else
+                b->nspid = 0;
+
+        r = free_and_strdup(&b->kernel, "/sys/fs/kdbus/0-system/bus");
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static void bus_reset_parsed_address(sd_bus *b) {
+        assert(b);
+
+        zero(b->sockaddr);
+        b->sockaddr_size = 0;
+        b->exec_argv = strv_free(b->exec_argv);
+        b->exec_path = mfree(b->exec_path);
+        b->server_id = SD_ID128_NULL;
+        b->kernel = mfree(b->kernel);
+        b->machine = mfree(b->machine);
+        b->nspid = 0;
+}
+
+static int bus_parse_next_address(sd_bus *b) {
+        _cleanup_free_ char *guid = NULL;
+        const char *a;
+        int r;
+
+        assert(b);
+
+        if (!b->address)
+                return 0;
+        if (b->address[b->address_index] == 0)
+                return 0;
+
+        bus_reset_parsed_address(b);
+
+        a = b->address + b->address_index;
+
+        while (*a != 0) {
+
+                if (*a == ';') {
+                        a++;
+                        continue;
+                }
+
+                if (startswith(a, "unix:")) {
+                        a += 5;
+
+                        r = parse_unix_address(b, &a, &guid);
+                        if (r < 0)
+                                return r;
+                        break;
+
+                } else if (startswith(a, "tcp:")) {
+
+                        a += 4;
+                        r = parse_tcp_address(b, &a, &guid);
+                        if (r < 0)
+                                return r;
+
+                        break;
+
+                } else if (startswith(a, "unixexec:")) {
+
+                        a += 9;
+                        r = parse_exec_address(b, &a, &guid);
+                        if (r < 0)
+                                return r;
+
+                        break;
+
+                } else if (startswith(a, "kernel:")) {
+
+                        a += 7;
+                        r = parse_kernel_address(b, &a, &guid);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                } else if (startswith(a, "x-machine-unix:")) {
+
+                        a += 15;
+                        r = parse_container_unix_address(b, &a, &guid);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                } else if (startswith(a, "x-machine-kernel:")) {
+
+                        a += 17;
+                        r = parse_container_kernel_address(b, &a, &guid);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                }
+
+                a = strchr(a, ';');
+                if (!a)
+                        return 0;
+        }
+
+        if (guid) {
+                r = sd_id128_from_string(guid, &b->server_id);
+                if (r < 0)
+                        return r;
+        }
+
+        b->address_index = a - b->address;
+        return 1;
+}
+
+static int bus_start_address(sd_bus *b) {
+        bool container_kdbus_available = false;
+        bool kdbus_available = false;
+        int r;
+
+        assert(b);
+
+        for (;;) {
+                bool skipped = false;
+
+                bus_close_fds(b);
+
+                /*
+                 * Usually, if you provide multiple different bus-addresses, we
+                 * try all of them in order. We use the first one that
+                 * succeeds. However, if you mix kernel and unix addresses, we
+                 * never try unix-addresses if a previous kernel address was
+                 * tried and kdbus was available. This is required to prevent
+                 * clients to fallback to the bus-proxy if kdbus is available
+                 * but failed (eg., too many connections).
+                 */
+
+                if (b->exec_path)
+                        r = bus_socket_exec(b);
+                else if ((b->nspid > 0 || b->machine) && b->kernel) {
+                        r = bus_container_connect_kernel(b);
+                        if (r < 0 && !IN_SET(r, -ENOENT, -ESOCKTNOSUPPORT))
+                                container_kdbus_available = true;
+
+                } else if ((b->nspid > 0 || b->machine) && b->sockaddr.sa.sa_family != AF_UNSPEC) {
+                        if (!container_kdbus_available)
+                                r = bus_container_connect_socket(b);
+                        else
+                                skipped = true;
+
+                } else if (b->kernel) {
+                        r = bus_kernel_connect(b);
+                        if (r < 0 && !IN_SET(r, -ENOENT, -ESOCKTNOSUPPORT))
+                                kdbus_available = true;
+
+                } else if (b->sockaddr.sa.sa_family != AF_UNSPEC) {
+                        if (!kdbus_available)
+                                r = bus_socket_connect(b);
+                        else
+                                skipped = true;
+                } else
+                        skipped = true;
+
+                if (!skipped) {
+                        if (r >= 0) {
+                                r = attach_io_events(b);
+                                if (r >= 0)
+                                        return r;
+                        }
+
+                        b->last_connect_error = -r;
+                }
+
+                r = bus_parse_next_address(b);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return b->last_connect_error ? -b->last_connect_error : -ECONNREFUSED;
+        }
+}
+
+int bus_next_address(sd_bus *b) {
+        assert(b);
+
+        bus_reset_parsed_address(b);
+        return bus_start_address(b);
+}
+
+static int bus_start_fd(sd_bus *b) {
+        struct stat st;
+        int r;
+
+        assert(b);
+        assert(b->input_fd >= 0);
+        assert(b->output_fd >= 0);
+
+        r = fd_nonblock(b->input_fd, true);
+        if (r < 0)
+                return r;
+
+        r = fd_cloexec(b->input_fd, true);
+        if (r < 0)
+                return r;
+
+        if (b->input_fd != b->output_fd) {
+                r = fd_nonblock(b->output_fd, true);
+                if (r < 0)
+                        return r;
+
+                r = fd_cloexec(b->output_fd, true);
+                if (r < 0)
+                        return r;
+        }
+
+        if (fstat(b->input_fd, &st) < 0)
+                return -errno;
+
+        if (S_ISCHR(b->input_fd))
+                return bus_kernel_take_fd(b);
+        else
+                return bus_socket_take_fd(b);
+}
+
+_public_ int sd_bus_start(sd_bus *bus) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->state = BUS_OPENING;
+
+        if (bus->is_server && bus->bus_client)
+                return -EINVAL;
+
+        if (bus->input_fd >= 0)
+                r = bus_start_fd(bus);
+        else if (bus->address || bus->sockaddr.sa.sa_family != AF_UNSPEC || bus->exec_path || bus->kernel || bus->machine)
+                r = bus_start_address(bus);
+        else
+                return -EINVAL;
+
+        if (r < 0) {
+                sd_bus_close(bus);
+                return r;
+        }
+
+        return bus_send_hello(bus);
+}
+
+_public_ int sd_bus_open(sd_bus **ret) {
+        const char *e;
+        sd_bus *b;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        /* Let's connect to the starter bus if it is set, and
+         * otherwise to the bus that is appropropriate for the scope
+         * we are running in */
+
+        e = secure_getenv("DBUS_STARTER_BUS_TYPE");
+        if (e) {
+                if (streq(e, "system"))
+                        return sd_bus_open_system(ret);
+                else if (STR_IN_SET(e, "session", "user"))
+                        return sd_bus_open_user(ret);
+        }
+
+        e = secure_getenv("DBUS_STARTER_ADDRESS");
+        if (!e) {
+                if (cg_pid_get_owner_uid(0, NULL) >= 0)
+                        return sd_bus_open_user(ret);
+                else
+                        return sd_bus_open_system(ret);
+        }
+
+        r = sd_bus_new(&b);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_set_address(b, e);
+        if (r < 0)
+                goto fail;
+
+        b->bus_client = true;
+
+        /* We don't know whether the bus is trusted or not, so better
+         * be safe, and authenticate everything */
+        b->trusted = false;
+        b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
+        b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
+
+        r = sd_bus_start(b);
+        if (r < 0)
+                goto fail;
+
+        *ret = b;
+        return 0;
+
+fail:
+        bus_free(b);
+        return r;
+}
+
+int bus_set_address_system(sd_bus *b) {
+        const char *e;
+        assert(b);
+
+        e = secure_getenv("DBUS_SYSTEM_BUS_ADDRESS");
+        if (e)
+                return sd_bus_set_address(b, e);
+
+        return sd_bus_set_address(b, DEFAULT_SYSTEM_BUS_ADDRESS);
+}
+
+_public_ int sd_bus_open_system(sd_bus **ret) {
+        sd_bus *b;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        r = sd_bus_new(&b);
+        if (r < 0)
+                return r;
+
+        r = bus_set_address_system(b);
+        if (r < 0)
+                goto fail;
+
+        b->bus_client = true;
+        b->is_system = true;
+
+        /* Let's do per-method access control on the system bus. We
+         * need the caller's UID and capability set for that. */
+        b->trusted = false;
+        b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
+        b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
+
+        r = sd_bus_start(b);
+        if (r < 0)
+                goto fail;
+
+        *ret = b;
+        return 0;
+
+fail:
+        bus_free(b);
+        return r;
+}
+
+int bus_set_address_user(sd_bus *b) {
+        const char *e;
+        uid_t uid;
+        int r;
+
+        assert(b);
+
+        e = secure_getenv("DBUS_SESSION_BUS_ADDRESS");
+        if (e)
+                return sd_bus_set_address(b, e);
+
+        r = cg_pid_get_owner_uid(0, &uid);
+        if (r < 0)
+                uid = getuid();
+
+        e = secure_getenv("XDG_RUNTIME_DIR");
+        if (e) {
+                _cleanup_free_ char *ee = NULL;
+
+                ee = bus_address_escape(e);
+                if (!ee)
+                        return -ENOMEM;
+
+                (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, ee);
+        } else
+                (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT, uid);
+
+        if (!b->address)
+                return -ENOMEM;
+
+        return 0;
+}
+
+_public_ int sd_bus_open_user(sd_bus **ret) {
+        sd_bus *b;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        r = sd_bus_new(&b);
+        if (r < 0)
+                return r;
+
+        r = bus_set_address_user(b);
+        if (r < 0)
+                return r;
+
+        b->bus_client = true;
+        b->is_user = true;
+
+        /* We don't do any per-method access control on the user
+         * bus. */
+        b->trusted = true;
+
+        r = sd_bus_start(b);
+        if (r < 0)
+                goto fail;
+
+        *ret = b;
+        return 0;
+
+fail:
+        bus_free(b);
+        return r;
+}
+
+int bus_set_address_system_remote(sd_bus *b, const char *host) {
+        _cleanup_free_ char *e = NULL;
+        char *m = NULL, *c = NULL;
+
+        assert(b);
+        assert(host);
+
+        /* Let's see if we shall enter some container */
+        m = strchr(host, ':');
+        if (m) {
+                m++;
+
+                /* Let's make sure this is not a port of some kind,
+                 * and is a valid machine name. */
+                if (!in_charset(m, "0123456789") && machine_name_is_valid(m)) {
+                        char *t;
+
+                        /* Cut out the host part */
+                        t = strndupa(host, m - host - 1);
+                        e = bus_address_escape(t);
+                        if (!e)
+                                return -ENOMEM;
+
+                        c = strjoina(",argv4=--machine=", m);
+                }
+        }
+
+        if (!e) {
+                e = bus_address_escape(host);
+                if (!e)
+                        return -ENOMEM;
+        }
+
+        b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=", e, ",argv3=systemd-stdio-bridge", c, NULL);
+        if (!b->address)
+                return -ENOMEM;
+
+        return 0;
+ }
+
+_public_ int sd_bus_open_system_remote(sd_bus **ret, const char *host) {
+        sd_bus *bus;
+        int r;
+
+        assert_return(host, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        r = sd_bus_new(&bus);
+        if (r < 0)
+                return r;
+
+        r = bus_set_address_system_remote(bus, host);
+        if (r < 0)
+                goto fail;
+
+        bus->bus_client = true;
+        bus->trusted = false;
+        bus->is_system = true;
+
+        r = sd_bus_start(bus);
+        if (r < 0)
+                goto fail;
+
+        *ret = bus;
+        return 0;
+
+fail:
+        bus_free(bus);
+        return r;
+}
+
+int bus_set_address_system_machine(sd_bus *b, const char *machine) {
+        _cleanup_free_ char *e = NULL;
+
+        assert(b);
+        assert(machine);
+
+        e = bus_address_escape(machine);
+        if (!e)
+                return -ENOMEM;
+
+        b->address = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL);
+        if (!b->address)
+                return -ENOMEM;
+
+        return 0;
+}
+
+_public_ int sd_bus_open_system_machine(sd_bus **ret, const char *machine) {
+        sd_bus *bus;
+        int r;
+
+        assert_return(machine, -EINVAL);
+        assert_return(ret, -EINVAL);
+        assert_return(machine_name_is_valid(machine), -EINVAL);
+
+        r = sd_bus_new(&bus);
+        if (r < 0)
+                return r;
+
+        r = bus_set_address_system_machine(bus, machine);
+        if (r < 0)
+                goto fail;
+
+        bus->bus_client = true;
+        bus->trusted = false;
+        bus->is_system = true;
+
+        r = sd_bus_start(bus);
+        if (r < 0)
+                goto fail;
+
+        *ret = bus;
+        return 0;
+
+fail:
+        bus_free(bus);
+        return r;
+}
+
+_public_ void sd_bus_close(sd_bus *bus) {
+
+        if (!bus)
+                return;
+        if (bus->state == BUS_CLOSED)
+                return;
+        if (bus_pid_changed(bus))
+                return;
+
+        bus->state = BUS_CLOSED;
+
+        sd_bus_detach_event(bus);
+
+        /* Drop all queued messages so that they drop references to
+         * the bus object and the bus may be freed */
+        bus_reset_queues(bus);
+
+        if (!bus->is_kernel)
+                bus_close_fds(bus);
+
+        /* We'll leave the fd open in case this is a kernel bus, since
+         * there might still be memblocks around that reference this
+         * bus, and they might need to invoke the KDBUS_CMD_FREE
+         * ioctl on the fd when they are freed. */
+}
+
+_public_ sd_bus* sd_bus_flush_close_unref(sd_bus *bus) {
+
+        if (!bus)
+                return NULL;
+
+        sd_bus_flush(bus);
+        sd_bus_close(bus);
+
+        return sd_bus_unref(bus);
+}
+
+static void bus_enter_closing(sd_bus *bus) {
+        assert(bus);
+
+        if (bus->state != BUS_OPENING &&
+            bus->state != BUS_AUTHENTICATING &&
+            bus->state != BUS_HELLO &&
+            bus->state != BUS_RUNNING)
+                return;
+
+        bus->state = BUS_CLOSING;
+}
+
+_public_ sd_bus *sd_bus_ref(sd_bus *bus) {
+
+        if (!bus)
+                return NULL;
+
+        assert_se(REFCNT_INC(bus->n_ref) >= 2);
+
+        return bus;
+}
+
+_public_ sd_bus *sd_bus_unref(sd_bus *bus) {
+        unsigned i;
+
+        if (!bus)
+                return NULL;
+
+        i = REFCNT_DEC(bus->n_ref);
+        if (i > 0)
+                return NULL;
+
+        bus_free(bus);
+        return NULL;
+}
+
+_public_ int sd_bus_is_open(sd_bus *bus) {
+
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return BUS_IS_OPEN(bus->state);
+}
+
+_public_ int sd_bus_can_send(sd_bus *bus, char type) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state != BUS_UNSET, -ENOTCONN);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
+                return 0;
+
+        if (type == SD_BUS_TYPE_UNIX_FD) {
+                if (!(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD))
+                        return 0;
+
+                r = bus_ensure_running(bus);
+                if (r < 0)
+                        return r;
+
+                return bus->can_fds;
+        }
+
+        return bus_type_is_valid(type);
+}
+
+_public_ int sd_bus_get_bus_id(sd_bus *bus, sd_id128_t *id) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(id, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        r = bus_ensure_running(bus);
+        if (r < 0)
+                return r;
+
+        *id = bus->server_id;
+        return 0;
+}
+
+static int bus_seal_message(sd_bus *b, sd_bus_message *m, usec_t timeout) {
+        assert(b);
+        assert(m);
+
+        if (m->sealed) {
+                /* If we copy the same message to multiple
+                 * destinations, avoid using the same cookie
+                 * numbers. */
+                b->cookie = MAX(b->cookie, BUS_MESSAGE_COOKIE(m));
+                return 0;
+        }
+
+        if (timeout == 0)
+                timeout = BUS_DEFAULT_TIMEOUT;
+
+        return bus_message_seal(m, ++b->cookie, timeout);
+}
+
+static int bus_remarshal_message(sd_bus *b, sd_bus_message **m) {
+        bool remarshal = false;
+
+        assert(b);
+
+        /* wrong packet version */
+        if (b->message_version != 0 && b->message_version != (*m)->header->version)
+                remarshal = true;
+
+        /* wrong packet endianness */
+        if (b->message_endian != 0 && b->message_endian != (*m)->header->endian)
+                remarshal = true;
+
+        /* TODO: kdbus-messages received from the kernel contain data which is
+         * not allowed to be passed to KDBUS_CMD_SEND. Therefore, we have to
+         * force remarshaling of the message. Technically, we could just
+         * recreate the kdbus message, but that is non-trivial as other parts of
+         * the message refer to m->kdbus already. This should be fixed! */
+        if ((*m)->kdbus && (*m)->release_kdbus)
+                remarshal = true;
+
+        return remarshal ? bus_message_remarshal(b, m) : 0;
+}
+
+int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m) {
+        assert(b);
+        assert(m);
+
+        /* Fake some timestamps, if they were requested, and not
+         * already initialized */
+        if (b->attach_flags & KDBUS_ATTACH_TIMESTAMP) {
+                if (m->realtime <= 0)
+                        m->realtime = now(CLOCK_REALTIME);
+
+                if (m->monotonic <= 0)
+                        m->monotonic = now(CLOCK_MONOTONIC);
+        }
+
+        /* The bus specification says the serial number cannot be 0,
+         * hence let's fill something in for synthetic messages. Since
+         * synthetic messages might have a fake sender and we don't
+         * want to interfere with the real sender's serial numbers we
+         * pick a fixed, artificial one. We use (uint32_t) -1 rather
+         * than (uint64_t) -1 since dbus1 only had 32bit identifiers,
+         * even though kdbus can do 64bit. */
+        return bus_message_seal(m, 0xFFFFFFFFULL, 0);
+}
+
+static int bus_write_message(sd_bus *bus, sd_bus_message *m, bool hint_sync_call, size_t *idx) {
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        if (bus->is_kernel)
+                r = bus_kernel_write_message(bus, m, hint_sync_call);
+        else
+                r = bus_socket_write_message(bus, m, idx);
+
+        if (r <= 0)
+                return r;
+
+        if (bus->is_kernel || *idx >= BUS_MESSAGE_SIZE(m))
+                log_debug("Sent message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " error=%s",
+                          bus_message_type_to_string(m->header->type),
+                          strna(sd_bus_message_get_sender(m)),
+                          strna(sd_bus_message_get_destination(m)),
+                          strna(sd_bus_message_get_path(m)),
+                          strna(sd_bus_message_get_interface(m)),
+                          strna(sd_bus_message_get_member(m)),
+                          BUS_MESSAGE_COOKIE(m),
+                          m->reply_cookie,
+                          strna(m->error.message));
+
+        return r;
+}
+
+static int dispatch_wqueue(sd_bus *bus) {
+        int r, ret = 0;
+
+        assert(bus);
+        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
+
+        while (bus->wqueue_size > 0) {
+
+                r = bus_write_message(bus, bus->wqueue[0], false, &bus->windex);
+                if (r < 0)
+                        return r;
+                else if (r == 0)
+                        /* Didn't do anything this time */
+                        return ret;
+                else if (bus->is_kernel || bus->windex >= BUS_MESSAGE_SIZE(bus->wqueue[0])) {
+                        /* Fully written. Let's drop the entry from
+                         * the queue.
+                         *
+                         * This isn't particularly optimized, but
+                         * well, this is supposed to be our worst-case
+                         * buffer only, and the socket buffer is
+                         * supposed to be our primary buffer, and if
+                         * it got full, then all bets are off
+                         * anyway. */
+
+                        bus->wqueue_size--;
+                        sd_bus_message_unref(bus->wqueue[0]);
+                        memmove(bus->wqueue, bus->wqueue + 1, sizeof(sd_bus_message*) * bus->wqueue_size);
+                        bus->windex = 0;
+
+                        ret = 1;
+                }
+        }
+
+        return ret;
+}
+
+static int bus_read_message(sd_bus *bus, bool hint_priority, int64_t priority) {
+        assert(bus);
+
+        if (bus->is_kernel)
+                return bus_kernel_read_message(bus, hint_priority, priority);
+        else
+                return bus_socket_read_message(bus);
+}
+
+int bus_rqueue_make_room(sd_bus *bus) {
+        assert(bus);
+
+        if (bus->rqueue_size >= BUS_RQUEUE_MAX)
+                return -ENOBUFS;
+
+        if (!GREEDY_REALLOC(bus->rqueue, bus->rqueue_allocated, bus->rqueue_size + 1))
+                return -ENOMEM;
+
+        return 0;
+}
+
+static int dispatch_rqueue(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **m) {
+        int r, ret = 0;
+
+        assert(bus);
+        assert(m);
+        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
+
+        /* Note that the priority logic is only available on kdbus,
+         * where the rqueue is unused. We check the rqueue here
+         * anyway, because it's simple... */
+
+        for (;;) {
+                if (bus->rqueue_size > 0) {
+                        /* Dispatch a queued message */
+
+                        *m = bus->rqueue[0];
+                        bus->rqueue_size--;
+                        memmove(bus->rqueue, bus->rqueue + 1, sizeof(sd_bus_message*) * bus->rqueue_size);
+                        return 1;
+                }
+
+                /* Try to read a new message */
+                r = bus_read_message(bus, hint_priority, priority);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return ret;
+
+                ret = 1;
+        }
+}
+
+static int bus_send_internal(sd_bus *bus, sd_bus_message *_m, uint64_t *cookie, bool hint_sync_call) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = sd_bus_message_ref(_m);
+        int r;
+
+        assert_return(m, -EINVAL);
+
+        if (!bus)
+                bus = m->bus;
+
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+        assert_return(!bus->is_kernel || !(bus->hello_flags & KDBUS_HELLO_MONITOR), -EROFS);
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (m->n_fds > 0) {
+                r = sd_bus_can_send(bus, SD_BUS_TYPE_UNIX_FD);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return -EOPNOTSUPP;
+        }
+
+        /* If the cookie number isn't kept, then we know that no reply
+         * is expected */
+        if (!cookie && !m->sealed)
+                m->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
+
+        r = bus_seal_message(bus, m, 0);
+        if (r < 0)
+                return r;
+
+        /* Remarshall if we have to. This will possibly unref the
+         * message and place a replacement in m */
+        r = bus_remarshal_message(bus, &m);
+        if (r < 0)
+                return r;
+
+        /* If this is a reply and no reply was requested, then let's
+         * suppress this, if we can */
+        if (m->dont_send)
+                goto finish;
+
+        if ((bus->state == BUS_RUNNING || bus->state == BUS_HELLO) && bus->wqueue_size <= 0) {
+                size_t idx = 0;
+
+                r = bus_write_message(bus, m, hint_sync_call, &idx);
+                if (r < 0) {
+                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
+                                bus_enter_closing(bus);
+                                return -ECONNRESET;
+                        }
+
+                        return r;
+                }
+
+                if (!bus->is_kernel && idx < BUS_MESSAGE_SIZE(m))  {
+                        /* Wasn't fully written. So let's remember how
+                         * much was written. Note that the first entry
+                         * of the wqueue array is always allocated so
+                         * that we always can remember how much was
+                         * written. */
+                        bus->wqueue[0] = sd_bus_message_ref(m);
+                        bus->wqueue_size = 1;
+                        bus->windex = idx;
+                }
+
+        } else {
+                /* Just append it to the queue. */
+
+                if (bus->wqueue_size >= BUS_WQUEUE_MAX)
+                        return -ENOBUFS;
+
+                if (!GREEDY_REALLOC(bus->wqueue, bus->wqueue_allocated, bus->wqueue_size + 1))
+                        return -ENOMEM;
+
+                bus->wqueue[bus->wqueue_size++] = sd_bus_message_ref(m);
+        }
+
+finish:
+        if (cookie)
+                *cookie = BUS_MESSAGE_COOKIE(m);
+
+        return 1;
+}
+
+_public_ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *cookie) {
+        return bus_send_internal(bus, m, cookie, false);
+}
+
+_public_ int sd_bus_send_to(sd_bus *bus, sd_bus_message *m, const char *destination, uint64_t *cookie) {
+        int r;
+
+        assert_return(m, -EINVAL);
+
+        if (!bus)
+                bus = m->bus;
+
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (!streq_ptr(m->destination, destination)) {
+
+                if (!destination)
+                        return -EEXIST;
+
+                r = sd_bus_message_set_destination(m, destination);
+                if (r < 0)
+                        return r;
+        }
+
+        return sd_bus_send(bus, m, cookie);
+}
+
+static usec_t calc_elapse(uint64_t usec) {
+        if (usec == (uint64_t) -1)
+                return 0;
+
+        return now(CLOCK_MONOTONIC) + usec;
+}
+
+static int timeout_compare(const void *a, const void *b) {
+        const struct reply_callback *x = a, *y = b;
+
+        if (x->timeout != 0 && y->timeout == 0)
+                return -1;
+
+        if (x->timeout == 0 && y->timeout != 0)
+                return 1;
+
+        if (x->timeout < y->timeout)
+                return -1;
+
+        if (x->timeout > y->timeout)
+                return 1;
+
+        return 0;
+}
+
+_public_ int sd_bus_call_async(
+                sd_bus *bus,
+                sd_bus_slot **slot,
+                sd_bus_message *_m,
+                sd_bus_message_handler_t callback,
+                void *userdata,
+                uint64_t usec) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = sd_bus_message_ref(_m);
+        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *s = NULL;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
+        assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
+        assert_return(callback, -EINVAL);
+
+        if (!bus)
+                bus = m->bus;
+
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+        assert_return(!bus->is_kernel || !(bus->hello_flags & KDBUS_HELLO_MONITOR), -EROFS);
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        r = ordered_hashmap_ensure_allocated(&bus->reply_callbacks, &uint64_hash_ops);
+        if (r < 0)
+                return r;
+
+        r = prioq_ensure_allocated(&bus->reply_callbacks_prioq, timeout_compare);
+        if (r < 0)
+                return r;
+
+        r = bus_seal_message(bus, m, usec);
+        if (r < 0)
+                return r;
+
+        r = bus_remarshal_message(bus, &m);
+        if (r < 0)
+                return r;
+
+        s = bus_slot_allocate(bus, !slot, BUS_REPLY_CALLBACK, sizeof(struct reply_callback), userdata);
+        if (!s)
+                return -ENOMEM;
+
+        s->reply_callback.callback = callback;
+
+        s->reply_callback.cookie = BUS_MESSAGE_COOKIE(m);
+        r = ordered_hashmap_put(bus->reply_callbacks, &s->reply_callback.cookie, &s->reply_callback);
+        if (r < 0) {
+                s->reply_callback.cookie = 0;
+                return r;
+        }
+
+        s->reply_callback.timeout = calc_elapse(m->timeout);
+        if (s->reply_callback.timeout != 0) {
+                r = prioq_put(bus->reply_callbacks_prioq, &s->reply_callback, &s->reply_callback.prioq_idx);
+                if (r < 0) {
+                        s->reply_callback.timeout = 0;
+                        return r;
+                }
+        }
+
+        r = sd_bus_send(bus, m, &s->reply_callback.cookie);
+        if (r < 0)
+                return r;
+
+        if (slot)
+                *slot = s;
+        s = NULL;
+
+        return r;
+}
+
+int bus_ensure_running(sd_bus *bus) {
+        int r;
+
+        assert(bus);
+
+        if (bus->state == BUS_UNSET || bus->state == BUS_CLOSED || bus->state == BUS_CLOSING)
+                return -ENOTCONN;
+        if (bus->state == BUS_RUNNING)
+                return 1;
+
+        for (;;) {
+                r = sd_bus_process(bus, NULL);
+                if (r < 0)
+                        return r;
+                if (bus->state == BUS_RUNNING)
+                        return 1;
+                if (r > 0)
+                        continue;
+
+                r = sd_bus_wait(bus, (uint64_t) -1);
+                if (r < 0)
+                        return r;
+        }
+}
+
+_public_ int sd_bus_call(
+                sd_bus *bus,
+                sd_bus_message *_m,
+                uint64_t usec,
+                sd_bus_error *error,
+                sd_bus_message **reply) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = sd_bus_message_ref(_m);
+        usec_t timeout;
+        uint64_t cookie;
+        unsigned i;
+        int r;
+
+        bus_assert_return(m, -EINVAL, error);
+        bus_assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL, error);
+        bus_assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL, error);
+        bus_assert_return(!bus_error_is_dirty(error), -EINVAL, error);
+
+        if (!bus)
+                bus = m->bus;
+
+        bus_assert_return(!bus_pid_changed(bus), -ECHILD, error);
+        bus_assert_return(!bus->is_kernel || !(bus->hello_flags & KDBUS_HELLO_MONITOR), -EROFS, error);
+
+        if (!BUS_IS_OPEN(bus->state)) {
+                r = -ENOTCONN;
+                goto fail;
+        }
+
+        r = bus_ensure_running(bus);
+        if (r < 0)
+                goto fail;
+
+        i = bus->rqueue_size;
+
+        r = bus_seal_message(bus, m, usec);
+        if (r < 0)
+                goto fail;
+
+        r = bus_remarshal_message(bus, &m);
+        if (r < 0)
+                goto fail;
+
+        r = bus_send_internal(bus, m, &cookie, true);
+        if (r < 0)
+                goto fail;
+
+        timeout = calc_elapse(m->timeout);
+
+        for (;;) {
+                usec_t left;
+
+                while (i < bus->rqueue_size) {
+                        sd_bus_message *incoming = NULL;
+
+                        incoming = bus->rqueue[i];
+
+                        if (incoming->reply_cookie == cookie) {
+                                /* Found a match! */
+
+                                memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1));
+                                bus->rqueue_size--;
+                                log_debug_bus_message(incoming);
+
+                                if (incoming->header->type == SD_BUS_MESSAGE_METHOD_RETURN) {
+
+                                        if (incoming->n_fds <= 0 || (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
+                                                if (reply)
+                                                        *reply = incoming;
+                                                else
+                                                        sd_bus_message_unref(incoming);
+
+                                                return 1;
+                                        }
+
+                                        r = sd_bus_error_setf(error, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptors which I couldn't accept. Sorry.");
+                                        sd_bus_message_unref(incoming);
+                                        return r;
+
+                                } else if (incoming->header->type == SD_BUS_MESSAGE_METHOD_ERROR) {
+                                        r = sd_bus_error_copy(error, &incoming->error);
+                                        sd_bus_message_unref(incoming);
+                                        return r;
+                                } else {
+                                        r = -EIO;
+                                        goto fail;
+                                }
+
+                        } else if (BUS_MESSAGE_COOKIE(incoming) == cookie &&
+                                   bus->unique_name &&
+                                   incoming->sender &&
+                                   streq(bus->unique_name, incoming->sender)) {
+
+                                memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1));
+                                bus->rqueue_size--;
+
+                                /* Our own message? Somebody is trying
+                                 * to send its own client a message,
+                                 * let's not dead-lock, let's fail
+                                 * immediately. */
+
+                                sd_bus_message_unref(incoming);
+                                r = -ELOOP;
+                                goto fail;
+                        }
+
+                        /* Try to read more, right-away */
+                        i++;
+                }
+
+                r = bus_read_message(bus, false, 0);
+                if (r < 0) {
+                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
+                                bus_enter_closing(bus);
+                                r = -ECONNRESET;
+                        }
+
+                        goto fail;
+                }
+                if (r > 0)
+                        continue;
+
+                if (timeout > 0) {
+                        usec_t n;
+
+                        n = now(CLOCK_MONOTONIC);
+                        if (n >= timeout) {
+                                r = -ETIMEDOUT;
+                                goto fail;
+                        }
+
+                        left = timeout - n;
+                } else
+                        left = (uint64_t) -1;
+
+                r = bus_poll(bus, true, left);
+                if (r < 0)
+                        goto fail;
+                if (r == 0) {
+                        r = -ETIMEDOUT;
+                        goto fail;
+                }
+
+                r = dispatch_wqueue(bus);
+                if (r < 0) {
+                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
+                                bus_enter_closing(bus);
+                                r = -ECONNRESET;
+                        }
+
+                        goto fail;
+                }
+        }
+
+fail:
+        return sd_bus_error_set_errno(error, r);
+}
+
+_public_ int sd_bus_get_fd(sd_bus *bus) {
+
+        assert_return(bus, -EINVAL);
+        assert_return(bus->input_fd == bus->output_fd, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return bus->input_fd;
+}
+
+_public_ int sd_bus_get_events(sd_bus *bus) {
+        int flags = 0;
+
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!BUS_IS_OPEN(bus->state) && bus->state != BUS_CLOSING)
+                return -ENOTCONN;
+
+        if (bus->state == BUS_OPENING)
+                flags |= POLLOUT;
+        else if (bus->state == BUS_AUTHENTICATING) {
+
+                if (bus_socket_auth_needs_write(bus))
+                        flags |= POLLOUT;
+
+                flags |= POLLIN;
+
+        } else if (bus->state == BUS_RUNNING || bus->state == BUS_HELLO) {
+                if (bus->rqueue_size <= 0)
+                        flags |= POLLIN;
+                if (bus->wqueue_size > 0)
+                        flags |= POLLOUT;
+        }
+
+        return flags;
+}
+
+_public_ int sd_bus_get_timeout(sd_bus *bus, uint64_t *timeout_usec) {
+        struct reply_callback *c;
+
+        assert_return(bus, -EINVAL);
+        assert_return(timeout_usec, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!BUS_IS_OPEN(bus->state) && bus->state != BUS_CLOSING)
+                return -ENOTCONN;
+
+        if (bus->track_queue) {
+                *timeout_usec = 0;
+                return 1;
+        }
+
+        if (bus->state == BUS_CLOSING) {
+                *timeout_usec = 0;
+                return 1;
+        }
+
+        if (bus->state == BUS_AUTHENTICATING) {
+                *timeout_usec = bus->auth_timeout;
+                return 1;
+        }
+
+        if (bus->state != BUS_RUNNING && bus->state != BUS_HELLO) {
+                *timeout_usec = (uint64_t) -1;
+                return 0;
+        }
+
+        if (bus->rqueue_size > 0) {
+                *timeout_usec = 0;
+                return 1;
+        }
+
+        c = prioq_peek(bus->reply_callbacks_prioq);
+        if (!c) {
+                *timeout_usec = (uint64_t) -1;
+                return 0;
+        }
+
+        if (c->timeout == 0) {
+                *timeout_usec = (uint64_t) -1;
+                return 0;
+        }
+
+        *timeout_usec = c->timeout;
+        return 1;
+}
+
+static int process_timeout(sd_bus *bus) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message* m = NULL;
+        struct reply_callback *c;
+        sd_bus_slot *slot;
+        usec_t n;
+        int r;
+
+        assert(bus);
+
+        c = prioq_peek(bus->reply_callbacks_prioq);
+        if (!c)
+                return 0;
+
+        n = now(CLOCK_MONOTONIC);
+        if (c->timeout > n)
+                return 0;
+
+        r = bus_message_new_synthetic_error(
+                        bus,
+                        c->cookie,
+                        &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NO_REPLY, "Method call timed out"),
+                        &m);
+        if (r < 0)
+                return r;
+
+        r = bus_seal_synthetic_message(bus, m);
+        if (r < 0)
+                return r;
+
+        assert_se(prioq_pop(bus->reply_callbacks_prioq) == c);
+        c->timeout = 0;
+
+        ordered_hashmap_remove(bus->reply_callbacks, &c->cookie);
+        c->cookie = 0;
+
+        slot = container_of(c, sd_bus_slot, reply_callback);
+
+        bus->iteration_counter++;
+
+        bus->current_message = m;
+        bus->current_slot = sd_bus_slot_ref(slot);
+        bus->current_handler = c->callback;
+        bus->current_userdata = slot->userdata;
+        r = c->callback(m, slot->userdata, &error_buffer);
+        bus->current_userdata = NULL;
+        bus->current_handler = NULL;
+        bus->current_slot = NULL;
+        bus->current_message = NULL;
+
+        if (slot->floating) {
+                bus_slot_disconnect(slot);
+                sd_bus_slot_unref(slot);
+        }
+
+        sd_bus_slot_unref(slot);
+
+        return bus_maybe_reply_error(m, r, &error_buffer);
+}
+
+static int process_hello(sd_bus *bus, sd_bus_message *m) {
+        assert(bus);
+        assert(m);
+
+        if (bus->state != BUS_HELLO)
+                return 0;
+
+        /* Let's make sure the first message on the bus is the HELLO
+         * reply. But note that we don't actually parse the message
+         * here (we leave that to the usual handling), we just verify
+         * we don't let any earlier msg through. */
+
+        if (m->header->type != SD_BUS_MESSAGE_METHOD_RETURN &&
+            m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
+                return -EIO;
+
+        if (m->reply_cookie != 1)
+                return -EIO;
+
+        return 0;
+}
+
+static int process_reply(sd_bus *bus, sd_bus_message *m) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *synthetic_reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
+        struct reply_callback *c;
+        sd_bus_slot *slot;
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        if (m->header->type != SD_BUS_MESSAGE_METHOD_RETURN &&
+            m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
+                return 0;
+
+        if (bus->is_kernel && (bus->hello_flags & KDBUS_HELLO_MONITOR))
+                return 0;
+
+        if (m->destination && bus->unique_name && !streq_ptr(m->destination, bus->unique_name))
+                return 0;
+
+        c = ordered_hashmap_remove(bus->reply_callbacks, &m->reply_cookie);
+        if (!c)
+                return 0;
+
+        c->cookie = 0;
+
+        slot = container_of(c, sd_bus_slot, reply_callback);
+
+        if (m->n_fds > 0 && !(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
+
+                /* If the reply contained a file descriptor which we
+                 * didn't want we pass an error instead. */
+
+                r = bus_message_new_synthetic_error(
+                                bus,
+                                m->reply_cookie,
+                                &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptor"),
+                                &synthetic_reply);
+                if (r < 0)
+                        return r;
+
+                /* Copy over original timestamp */
+                synthetic_reply->realtime = m->realtime;
+                synthetic_reply->monotonic = m->monotonic;
+                synthetic_reply->seqnum = m->seqnum;
+
+                r = bus_seal_synthetic_message(bus, synthetic_reply);
+                if (r < 0)
+                        return r;
+
+                m = synthetic_reply;
+        } else {
+                r = sd_bus_message_rewind(m, true);
+                if (r < 0)
+                        return r;
+        }
+
+        if (c->timeout != 0) {
+                prioq_remove(bus->reply_callbacks_prioq, c, &c->prioq_idx);
+                c->timeout = 0;
+        }
+
+        bus->current_slot = sd_bus_slot_ref(slot);
+        bus->current_handler = c->callback;
+        bus->current_userdata = slot->userdata;
+        r = c->callback(m, slot->userdata, &error_buffer);
+        bus->current_userdata = NULL;
+        bus->current_handler = NULL;
+        bus->current_slot = NULL;
+
+        if (slot->floating) {
+                bus_slot_disconnect(slot);
+                sd_bus_slot_unref(slot);
+        }
+
+        sd_bus_slot_unref(slot);
+
+        return bus_maybe_reply_error(m, r, &error_buffer);
+}
+
+static int process_filter(sd_bus *bus, sd_bus_message *m) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
+        struct filter_callback *l;
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        do {
+                bus->filter_callbacks_modified = false;
+
+                LIST_FOREACH(callbacks, l, bus->filter_callbacks) {
+                        sd_bus_slot *slot;
+
+                        if (bus->filter_callbacks_modified)
+                                break;
+
+                        /* Don't run this more than once per iteration */
+                        if (l->last_iteration == bus->iteration_counter)
+                                continue;
+
+                        l->last_iteration = bus->iteration_counter;
+
+                        r = sd_bus_message_rewind(m, true);
+                        if (r < 0)
+                                return r;
+
+                        slot = container_of(l, sd_bus_slot, filter_callback);
+
+                        bus->current_slot = sd_bus_slot_ref(slot);
+                        bus->current_handler = l->callback;
+                        bus->current_userdata = slot->userdata;
+                        r = l->callback(m, slot->userdata, &error_buffer);
+                        bus->current_userdata = NULL;
+                        bus->current_handler = NULL;
+                        bus->current_slot = sd_bus_slot_unref(slot);
+
+                        r = bus_maybe_reply_error(m, r, &error_buffer);
+                        if (r != 0)
+                                return r;
+
+                }
+
+        } while (bus->filter_callbacks_modified);
+
+        return 0;
+}
+
+static int process_match(sd_bus *bus, sd_bus_message *m) {
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        do {
+                bus->match_callbacks_modified = false;
+
+                r = bus_match_run(bus, &bus->match_callbacks, m);
+                if (r != 0)
+                        return r;
+
+        } while (bus->match_callbacks_modified);
+
+        return 0;
+}
+
+static int process_builtin(sd_bus *bus, sd_bus_message *m) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
+                return 0;
+
+        if (bus->manual_peer_interface)
+                return 0;
+
+        if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
+                return 0;
+
+        if (!streq_ptr(m->interface, "org.freedesktop.DBus.Peer"))
+                return 0;
+
+        if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED)
+                return 1;
+
+        if (streq_ptr(m->member, "Ping"))
+                r = sd_bus_message_new_method_return(m, &reply);
+        else if (streq_ptr(m->member, "GetMachineId")) {
+                sd_id128_t id;
+                char sid[33];
+
+                r = sd_id128_get_machine(&id);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_new_method_return(m, &reply);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(reply, "s", sd_id128_to_string(id, sid));
+        } else {
+                r = sd_bus_message_new_method_errorf(
+                                m, &reply,
+                                SD_BUS_ERROR_UNKNOWN_METHOD,
+                                 "Unknown method '%s' on interface '%s'.", m->member, m->interface);
+        }
+
+        if (r < 0)
+                return r;
+
+        r = sd_bus_send(bus, reply, NULL);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int process_fd_check(sd_bus *bus, sd_bus_message *m) {
+        assert(bus);
+        assert(m);
+
+        /* If we got a message with a file descriptor which we didn't
+         * want to accept, then let's drop it. How can this even
+         * happen? For example, when the kernel queues a message into
+         * an activatable names's queue which allows fds, and then is
+         * delivered to us later even though we ourselves did not
+         * negotiate it. */
+
+        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
+                return 0;
+
+        if (m->n_fds <= 0)
+                return 0;
+
+        if (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)
+                return 0;
+
+        if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
+                return 1; /* just eat it up */
+
+        return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Message contains file descriptors, which I cannot accept. Sorry.");
+}
+
+static int process_message(sd_bus *bus, sd_bus_message *m) {
+        int r;
+
+        assert(bus);
+        assert(m);
+
+        bus->current_message = m;
+        bus->iteration_counter++;
+
+        log_debug_bus_message(m);
+
+        r = process_hello(bus, m);
+        if (r != 0)
+                goto finish;
+
+        r = process_reply(bus, m);
+        if (r != 0)
+                goto finish;
+
+        r = process_fd_check(bus, m);
+        if (r != 0)
+                goto finish;
+
+        r = process_filter(bus, m);
+        if (r != 0)
+                goto finish;
+
+        r = process_match(bus, m);
+        if (r != 0)
+                goto finish;
+
+        r = process_builtin(bus, m);
+        if (r != 0)
+                goto finish;
+
+        r = bus_process_object(bus, m);
+
+finish:
+        bus->current_message = NULL;
+        return r;
+}
+
+static int dispatch_track(sd_bus *bus) {
+        assert(bus);
+
+        if (!bus->track_queue)
+                return 0;
+
+        bus_track_dispatch(bus->track_queue);
+        return 1;
+}
+
+static int process_running(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **ret) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        int r;
+
+        assert(bus);
+        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
+
+        r = process_timeout(bus);
+        if (r != 0)
+                goto null_message;
+
+        r = dispatch_wqueue(bus);
+        if (r != 0)
+                goto null_message;
+
+        r = dispatch_track(bus);
+        if (r != 0)
+                goto null_message;
+
+        r = dispatch_rqueue(bus, hint_priority, priority, &m);
+        if (r < 0)
+                return r;
+        if (!m)
+                goto null_message;
+
+        r = process_message(bus, m);
+        if (r != 0)
+                goto null_message;
+
+        if (ret) {
+                r = sd_bus_message_rewind(m, true);
+                if (r < 0)
+                        return r;
+
+                *ret = m;
+                m = NULL;
+                return 1;
+        }
+
+        if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL) {
+
+                log_debug("Unprocessed message call sender=%s object=%s interface=%s member=%s",
+                          strna(sd_bus_message_get_sender(m)),
+                          strna(sd_bus_message_get_path(m)),
+                          strna(sd_bus_message_get_interface(m)),
+                          strna(sd_bus_message_get_member(m)));
+
+                r = sd_bus_reply_method_errorf(
+                                m,
+                                SD_BUS_ERROR_UNKNOWN_OBJECT,
+                                "Unknown object '%s'.", m->path);
+                if (r < 0)
+                        return r;
+        }
+
+        return 1;
+
+null_message:
+        if (r >= 0 && ret)
+                *ret = NULL;
+
+        return r;
+}
+
+static int process_closing(sd_bus *bus, sd_bus_message **ret) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        struct reply_callback *c;
+        int r;
+
+        assert(bus);
+        assert(bus->state == BUS_CLOSING);
+
+        c = ordered_hashmap_first(bus->reply_callbacks);
+        if (c) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
+                sd_bus_slot *slot;
+
+                /* First, fail all outstanding method calls */
+                r = bus_message_new_synthetic_error(
+                                bus,
+                                c->cookie,
+                                &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NO_REPLY, "Connection terminated"),
+                                &m);
+                if (r < 0)
+                        return r;
+
+                r = bus_seal_synthetic_message(bus, m);
+                if (r < 0)
+                        return r;
+
+                if (c->timeout != 0) {
+                        prioq_remove(bus->reply_callbacks_prioq, c, &c->prioq_idx);
+                        c->timeout = 0;
+                }
+
+                ordered_hashmap_remove(bus->reply_callbacks, &c->cookie);
+                c->cookie = 0;
+
+                slot = container_of(c, sd_bus_slot, reply_callback);
+
+                bus->iteration_counter++;
+
+                bus->current_message = m;
+                bus->current_slot = sd_bus_slot_ref(slot);
+                bus->current_handler = c->callback;
+                bus->current_userdata = slot->userdata;
+                r = c->callback(m, slot->userdata, &error_buffer);
+                bus->current_userdata = NULL;
+                bus->current_handler = NULL;
+                bus->current_slot = NULL;
+                bus->current_message = NULL;
+
+                if (slot->floating) {
+                        bus_slot_disconnect(slot);
+                        sd_bus_slot_unref(slot);
+                }
+
+                sd_bus_slot_unref(slot);
+
+                return bus_maybe_reply_error(m, r, &error_buffer);
+        }
+
+        /* Then, synthesize a Disconnected message */
+        r = sd_bus_message_new_signal(
+                        bus,
+                        &m,
+                        "/org/freedesktop/DBus/Local",
+                        "org.freedesktop.DBus.Local",
+                        "Disconnected");
+        if (r < 0)
+                return r;
+
+        bus_message_set_sender_local(bus, m);
+
+        r = bus_seal_synthetic_message(bus, m);
+        if (r < 0)
+                return r;
+
+        sd_bus_close(bus);
+
+        bus->current_message = m;
+        bus->iteration_counter++;
+
+        r = process_filter(bus, m);
+        if (r != 0)
+                goto finish;
+
+        r = process_match(bus, m);
+        if (r != 0)
+                goto finish;
+
+        if (ret) {
+                *ret = m;
+                m = NULL;
+        }
+
+        r = 1;
+
+finish:
+        bus->current_message = NULL;
+
+        return r;
+}
+
+static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **ret) {
+        BUS_DONT_DESTROY(bus);
+        int r;
+
+        /* Returns 0 when we didn't do anything. This should cause the
+         * caller to invoke sd_bus_wait() before returning the next
+         * time. Returns > 0 when we did something, which possibly
+         * means *ret is filled in with an unprocessed message. */
+
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        /* We don't allow recursively invoking sd_bus_process(). */
+        assert_return(!bus->current_message, -EBUSY);
+        assert(!bus->current_slot);
+
+        switch (bus->state) {
+
+        case BUS_UNSET:
+                return -ENOTCONN;
+
+        case BUS_CLOSED:
+                return -ECONNRESET;
+
+        case BUS_OPENING:
+                r = bus_socket_process_opening(bus);
+                if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
+                        bus_enter_closing(bus);
+                        r = 1;
+                } else if (r < 0)
+                        return r;
+                if (ret)
+                        *ret = NULL;
+                return r;
+
+        case BUS_AUTHENTICATING:
+                r = bus_socket_process_authenticating(bus);
+                if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
+                        bus_enter_closing(bus);
+                        r = 1;
+                } else if (r < 0)
+                        return r;
+
+                if (ret)
+                        *ret = NULL;
+
+                return r;
+
+        case BUS_RUNNING:
+        case BUS_HELLO:
+                r = process_running(bus, hint_priority, priority, ret);
+                if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
+                        bus_enter_closing(bus);
+                        r = 1;
+
+                        if (ret)
+                                *ret = NULL;
+                }
+
+                return r;
+
+        case BUS_CLOSING:
+                return process_closing(bus, ret);
+        }
+
+        assert_not_reached("Unknown state");
+}
+
+_public_ int sd_bus_process(sd_bus *bus, sd_bus_message **ret) {
+        return bus_process_internal(bus, false, 0, ret);
+}
+
+_public_ int sd_bus_process_priority(sd_bus *bus, int64_t priority, sd_bus_message **ret) {
+        return bus_process_internal(bus, true, priority, ret);
+}
+
+static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) {
+        struct pollfd p[2] = {};
+        int r, e, n;
+        struct timespec ts;
+        usec_t m = USEC_INFINITY;
+
+        assert(bus);
+
+        if (bus->state == BUS_CLOSING)
+                return 1;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        e = sd_bus_get_events(bus);
+        if (e < 0)
+                return e;
+
+        if (need_more)
+                /* The caller really needs some more data, he doesn't
+                 * care about what's already read, or any timeouts
+                 * except its own. */
+                e |= POLLIN;
+        else {
+                usec_t until;
+                /* The caller wants to process if there's something to
+                 * process, but doesn't care otherwise */
+
+                r = sd_bus_get_timeout(bus, &until);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        usec_t nw;
+                        nw = now(CLOCK_MONOTONIC);
+                        m = until > nw ? until - nw : 0;
+                }
+        }
+
+        if (timeout_usec != (uint64_t) -1 && (m == (uint64_t) -1 || timeout_usec < m))
+                m = timeout_usec;
+
+        p[0].fd = bus->input_fd;
+        if (bus->output_fd == bus->input_fd) {
+                p[0].events = e;
+                n = 1;
+        } else {
+                p[0].events = e & POLLIN;
+                p[1].fd = bus->output_fd;
+                p[1].events = e & POLLOUT;
+                n = 2;
+        }
+
+        r = ppoll(p, n, m == (uint64_t) -1 ? NULL : timespec_store(&ts, m), NULL);
+        if (r < 0)
+                return -errno;
+
+        return r > 0 ? 1 : 0;
+}
+
+_public_ int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec) {
+
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (bus->state == BUS_CLOSING)
+                return 0;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (bus->rqueue_size > 0)
+                return 0;
+
+        return bus_poll(bus, false, timeout_usec);
+}
+
+_public_ int sd_bus_flush(sd_bus *bus) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (bus->state == BUS_CLOSING)
+                return 0;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        r = bus_ensure_running(bus);
+        if (r < 0)
+                return r;
+
+        if (bus->wqueue_size <= 0)
+                return 0;
+
+        for (;;) {
+                r = dispatch_wqueue(bus);
+                if (r < 0) {
+                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
+                                bus_enter_closing(bus);
+                                return -ECONNRESET;
+                        }
+
+                        return r;
+                }
+
+                if (bus->wqueue_size <= 0)
+                        return 0;
+
+                r = bus_poll(bus, false, (uint64_t) -1);
+                if (r < 0)
+                        return r;
+        }
+}
+
+_public_ int sd_bus_add_filter(
+                sd_bus *bus,
+                sd_bus_slot **slot,
+                sd_bus_message_handler_t callback,
+                void *userdata) {
+
+        sd_bus_slot *s;
+
+        assert_return(bus, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        s = bus_slot_allocate(bus, !slot, BUS_FILTER_CALLBACK, sizeof(struct filter_callback), userdata);
+        if (!s)
+                return -ENOMEM;
+
+        s->filter_callback.callback = callback;
+
+        bus->filter_callbacks_modified = true;
+        LIST_PREPEND(callbacks, bus->filter_callbacks, &s->filter_callback);
+
+        if (slot)
+                *slot = s;
+
+        return 0;
+}
+
+_public_ int sd_bus_add_match(
+                sd_bus *bus,
+                sd_bus_slot **slot,
+                const char *match,
+                sd_bus_message_handler_t callback,
+                void *userdata) {
+
+        struct bus_match_component *components = NULL;
+        unsigned n_components = 0;
+        sd_bus_slot *s = NULL;
+        int r = 0;
+
+        assert_return(bus, -EINVAL);
+        assert_return(match, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        r = bus_match_parse(match, &components, &n_components);
+        if (r < 0)
+                goto finish;
+
+        s = bus_slot_allocate(bus, !slot, BUS_MATCH_CALLBACK, sizeof(struct match_callback), userdata);
+        if (!s) {
+                r = -ENOMEM;
+                goto finish;
+        }
+
+        s->match_callback.callback = callback;
+        s->match_callback.cookie = ++bus->match_cookie;
+
+        if (bus->bus_client) {
+                enum bus_match_scope scope;
+
+                scope = bus_match_get_scope(components, n_components);
+
+                /* Do not install server-side matches for matches
+                 * against the local service, interface or bus
+                 * path. */
+                if (scope != BUS_MATCH_LOCAL) {
+
+                        if (!bus->is_kernel) {
+                                /* When this is not a kernel transport, we
+                                 * store the original match string, so that we
+                                 * can use it to remove the match again */
+
+                                s->match_callback.match_string = strdup(match);
+                                if (!s->match_callback.match_string) {
+                                        r = -ENOMEM;
+                                        goto finish;
+                                }
+                        }
+
+                        r = bus_add_match_internal(bus, s->match_callback.match_string, components, n_components, s->match_callback.cookie);
+                        if (r < 0)
+                                goto finish;
+
+                        s->match_added = true;
+                }
+        }
+
+        bus->match_callbacks_modified = true;
+        r = bus_match_add(&bus->match_callbacks, components, n_components, &s->match_callback);
+        if (r < 0)
+                goto finish;
+
+        if (slot)
+                *slot = s;
+        s = NULL;
+
+finish:
+        bus_match_parse_free(components, n_components);
+        sd_bus_slot_unref(s);
+
+        return r;
+}
+
+int bus_remove_match_by_string(
+                sd_bus *bus,
+                const char *match,
+                sd_bus_message_handler_t callback,
+                void *userdata) {
+
+        struct bus_match_component *components = NULL;
+        unsigned n_components = 0;
+        struct match_callback *c;
+        int r = 0;
+
+        assert_return(bus, -EINVAL);
+        assert_return(match, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        r = bus_match_parse(match, &components, &n_components);
+        if (r < 0)
+                goto finish;
+
+        r = bus_match_find(&bus->match_callbacks, components, n_components, NULL, NULL, &c);
+        if (r <= 0)
+                goto finish;
+
+        sd_bus_slot_unref(container_of(c, sd_bus_slot, match_callback));
+
+finish:
+        bus_match_parse_free(components, n_components);
+
+        return r;
+}
+
+bool bus_pid_changed(sd_bus *bus) {
+        assert(bus);
+
+        /* We don't support people creating a bus connection and
+         * keeping it around over a fork(). Let's complain. */
+
+        return bus->original_pid != getpid();
+}
+
+static int io_callback(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        r = sd_bus_process(bus, NULL);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int time_callback(sd_event_source *s, uint64_t usec, void *userdata) {
+        sd_bus *bus = userdata;
+        int r;
+
+        assert(bus);
+
+        r = sd_bus_process(bus, NULL);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int prepare_callback(sd_event_source *s, void *userdata) {
+        sd_bus *bus = userdata;
+        int r, e;
+        usec_t until;
+
+        assert(s);
+        assert(bus);
+
+        e = sd_bus_get_events(bus);
+        if (e < 0)
+                return e;
+
+        if (bus->output_fd != bus->input_fd) {
+
+                r = sd_event_source_set_io_events(bus->input_io_event_source, e & POLLIN);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_io_events(bus->output_io_event_source, e & POLLOUT);
+                if (r < 0)
+                        return r;
+        } else {
+                r = sd_event_source_set_io_events(bus->input_io_event_source, e);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_get_timeout(bus, &until);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                int j;
+
+                j = sd_event_source_set_time(bus->time_event_source, until);
+                if (j < 0)
+                        return j;
+        }
+
+        r = sd_event_source_set_enabled(bus->time_event_source, r > 0);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int quit_callback(sd_event_source *event, void *userdata) {
+        sd_bus *bus = userdata;
+
+        assert(event);
+
+        sd_bus_flush(bus);
+        sd_bus_close(bus);
+
+        return 1;
+}
+
+static int attach_io_events(sd_bus *bus) {
+        int r;
+
+        assert(bus);
+
+        if (bus->input_fd < 0)
+                return 0;
+
+        if (!bus->event)
+                return 0;
+
+        if (!bus->input_io_event_source) {
+                r = sd_event_add_io(bus->event, &bus->input_io_event_source, bus->input_fd, 0, io_callback, bus);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_prepare(bus->input_io_event_source, prepare_callback);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_priority(bus->input_io_event_source, bus->event_priority);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_description(bus->input_io_event_source, "bus-input");
+        } else
+                r = sd_event_source_set_io_fd(bus->input_io_event_source, bus->input_fd);
+
+        if (r < 0)
+                return r;
+
+        if (bus->output_fd != bus->input_fd) {
+                assert(bus->output_fd >= 0);
+
+                if (!bus->output_io_event_source) {
+                        r = sd_event_add_io(bus->event, &bus->output_io_event_source, bus->output_fd, 0, io_callback, bus);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_event_source_set_priority(bus->output_io_event_source, bus->event_priority);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_event_source_set_description(bus->input_io_event_source, "bus-output");
+                } else
+                        r = sd_event_source_set_io_fd(bus->output_io_event_source, bus->output_fd);
+
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static void detach_io_events(sd_bus *bus) {
+        assert(bus);
+
+        if (bus->input_io_event_source) {
+                sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF);
+                bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source);
+        }
+
+        if (bus->output_io_event_source) {
+                sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF);
+                bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source);
+        }
+}
+
+_public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(!bus->event, -EBUSY);
+
+        assert(!bus->input_io_event_source);
+        assert(!bus->output_io_event_source);
+        assert(!bus->time_event_source);
+
+        if (event)
+                bus->event = sd_event_ref(event);
+        else  {
+                r = sd_event_default(&bus->event);
+                if (r < 0)
+                        return r;
+        }
+
+        bus->event_priority = priority;
+
+        r = sd_event_add_time(bus->event, &bus->time_event_source, CLOCK_MONOTONIC, 0, 0, time_callback, bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_priority(bus->time_event_source, priority);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_description(bus->time_event_source, "bus-time");
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_add_exit(bus->event, &bus->quit_event_source, quit_callback, bus);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_description(bus->quit_event_source, "bus-exit");
+        if (r < 0)
+                goto fail;
+
+        r = attach_io_events(bus);
+        if (r < 0)
+                goto fail;
+
+        return 0;
+
+fail:
+        sd_bus_detach_event(bus);
+        return r;
+}
+
+_public_ int sd_bus_detach_event(sd_bus *bus) {
+        assert_return(bus, -EINVAL);
+
+        if (!bus->event)
+                return 0;
+
+        detach_io_events(bus);
+
+        if (bus->time_event_source) {
+                sd_event_source_set_enabled(bus->time_event_source, SD_EVENT_OFF);
+                bus->time_event_source = sd_event_source_unref(bus->time_event_source);
+        }
+
+        if (bus->quit_event_source) {
+                sd_event_source_set_enabled(bus->quit_event_source, SD_EVENT_OFF);
+                bus->quit_event_source = sd_event_source_unref(bus->quit_event_source);
+        }
+
+        bus->event = sd_event_unref(bus->event);
+        return 1;
+}
+
+_public_ sd_event* sd_bus_get_event(sd_bus *bus) {
+        assert_return(bus, NULL);
+
+        return bus->event;
+}
+
+_public_ sd_bus_message* sd_bus_get_current_message(sd_bus *bus) {
+        assert_return(bus, NULL);
+
+        return bus->current_message;
+}
+
+_public_ sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus) {
+        assert_return(bus, NULL);
+
+        return bus->current_slot;
+}
+
+_public_ sd_bus_message_handler_t sd_bus_get_current_handler(sd_bus *bus) {
+        assert_return(bus, NULL);
+
+        return bus->current_handler;
+}
+
+_public_ void* sd_bus_get_current_userdata(sd_bus *bus) {
+        assert_return(bus, NULL);
+
+        return bus->current_userdata;
+}
+
+static int bus_default(int (*bus_open)(sd_bus **), sd_bus **default_bus, sd_bus **ret) {
+        sd_bus *b = NULL;
+        int r;
+
+        assert(bus_open);
+        assert(default_bus);
+
+        if (!ret)
+                return !!*default_bus;
+
+        if (*default_bus) {
+                *ret = sd_bus_ref(*default_bus);
+                return 0;
+        }
+
+        r = bus_open(&b);
+        if (r < 0)
+                return r;
+
+        b->default_bus_ptr = default_bus;
+        b->tid = gettid();
+        *default_bus = b;
+
+        *ret = b;
+        return 1;
+}
+
+_public_ int sd_bus_default_system(sd_bus **ret) {
+        return bus_default(sd_bus_open_system, &default_system_bus, ret);
+}
+
+
+_public_ int sd_bus_default_user(sd_bus **ret) {
+        return bus_default(sd_bus_open_user, &default_user_bus, ret);
+}
+
+_public_ int sd_bus_default(sd_bus **ret) {
+
+        const char *e;
+
+        /* Let's try our best to reuse another cached connection. If
+         * the starter bus type is set, connect via our normal
+         * connection logic, ignoring $DBUS_STARTER_ADDRESS, so that
+         * we can share the connection with the user/system default
+         * bus. */
+
+        e = secure_getenv("DBUS_STARTER_BUS_TYPE");
+        if (e) {
+                if (streq(e, "system"))
+                        return sd_bus_default_system(ret);
+                else if (STR_IN_SET(e, "user", "session"))
+                        return sd_bus_default_user(ret);
+        }
+
+        /* No type is specified, so we have not other option than to
+         * use the starter address if it is set. */
+
+        e = secure_getenv("DBUS_STARTER_ADDRESS");
+        if (e) {
+
+                return bus_default(sd_bus_open, &default_starter_bus, ret);
+        }
+
+        /* Finally, if nothing is set use the cached connection for
+         * the right scope */
+
+        if (cg_pid_get_owner_uid(0, NULL) >= 0)
+                return sd_bus_default_user(ret);
+        else
+                return sd_bus_default_system(ret);
+}
+
+_public_ int sd_bus_get_tid(sd_bus *b, pid_t *tid) {
+        assert_return(b, -EINVAL);
+        assert_return(tid, -EINVAL);
+        assert_return(!bus_pid_changed(b), -ECHILD);
+
+        if (b->tid != 0) {
+                *tid = b->tid;
+                return 0;
+        }
+
+        if (b->event)
+                return sd_event_get_tid(b->event, tid);
+
+        return -ENXIO;
+}
+
+_public_ int sd_bus_path_encode(const char *prefix, const char *external_id, char **ret_path) {
+        _cleanup_free_ char *e = NULL;
+        char *ret;
+
+        assert_return(object_path_is_valid(prefix), -EINVAL);
+        assert_return(external_id, -EINVAL);
+        assert_return(ret_path, -EINVAL);
+
+        e = bus_label_escape(external_id);
+        if (!e)
+                return -ENOMEM;
+
+        ret = strjoin(prefix, "/", e, NULL);
+        if (!ret)
+                return -ENOMEM;
+
+        *ret_path = ret;
+        return 0;
+}
+
+_public_ int sd_bus_path_decode(const char *path, const char *prefix, char **external_id) {
+        const char *e;
+        char *ret;
+
+        assert_return(object_path_is_valid(path), -EINVAL);
+        assert_return(object_path_is_valid(prefix), -EINVAL);
+        assert_return(external_id, -EINVAL);
+
+        e = object_path_startswith(path, prefix);
+        if (!e) {
+                *external_id = NULL;
+                return 0;
+        }
+
+        ret = bus_label_unescape(e);
+        if (!ret)
+                return -ENOMEM;
+
+        *external_id = ret;
+        return 1;
+}
+
+_public_ int sd_bus_path_encode_many(char **out, const char *path_template, ...) {
+        _cleanup_strv_free_ char **labels = NULL;
+        char *path, *path_pos, **label_pos;
+        const char *sep, *template_pos;
+        size_t path_length;
+        va_list list;
+        int r;
+
+        assert_return(out, -EINVAL);
+        assert_return(path_template, -EINVAL);
+
+        path_length = strlen(path_template);
+
+        va_start(list, path_template);
+        for (sep = strchr(path_template, '%'); sep; sep = strchr(sep + 1, '%')) {
+                const char *arg;
+                char *label;
+
+                arg = va_arg(list, const char *);
+                if (!arg) {
+                        va_end(list);
+                        return -EINVAL;
+                }
+
+                label = bus_label_escape(arg);
+                if (!label) {
+                        va_end(list);
+                        return -ENOMEM;
+                }
+
+                r = strv_consume(&labels, label);
+                if (r < 0) {
+                        va_end(list);
+                        return r;
+                }
+
+                /* add label length, but account for the format character */
+                path_length += strlen(label) - 1;
+        }
+        va_end(list);
+
+        path = malloc(path_length + 1);
+        if (!path)
+                return -ENOMEM;
+
+        path_pos = path;
+        label_pos = labels;
+
+        for (template_pos = path_template; *template_pos; ) {
+                sep = strchrnul(template_pos, '%');
+                path_pos = mempcpy(path_pos, template_pos, sep - template_pos);
+                if (!*sep)
+                        break;
+
+                path_pos = stpcpy(path_pos, *label_pos++);
+                template_pos = sep + 1;
+        }
+
+        *path_pos = 0;
+        *out = path;
+        return 0;
+}
+
+_public_ int sd_bus_path_decode_many(const char *path, const char *path_template, ...) {
+        _cleanup_strv_free_ char **labels = NULL;
+        const char *template_pos, *path_pos;
+        char **label_pos;
+        va_list list;
+        int r;
+
+        /*
+         * This decodes an object-path based on a template argument. The
+         * template consists of a verbatim path, optionally including special
+         * directives:
+         *
+         *   - Each occurrence of '%' in the template matches an arbitrary
+         *     substring of a label in the given path. At most one such
+         *     directive is allowed per label. For each such directive, the
+         *     caller must provide an output parameter (char **) via va_arg. If
+         *     NULL is passed, the given label is verified, but not returned.
+         *     For each matched label, the *decoded* label is stored in the
+         *     passed output argument, and the caller is responsible to free
+         *     it. Note that the output arguments are only modified if the
+         *     actualy path matched the template. Otherwise, they're left
+         *     untouched.
+         *
+         * This function returns <0 on error, 0 if the path does not match the
+         * template, 1 if it matched.
+         */
+
+        assert_return(path, -EINVAL);
+        assert_return(path_template, -EINVAL);
+
+        path_pos = path;
+
+        for (template_pos = path_template; *template_pos; ) {
+                const char *sep;
+                size_t length;
+                char *label;
+
+                /* verify everything until the next '%' matches verbatim */
+                sep = strchrnul(template_pos, '%');
+                length = sep - template_pos;
+                if (strncmp(path_pos, template_pos, length))
+                        return 0;
+
+                path_pos += length;
+                template_pos += length;
+
+                if (!*template_pos)
+                        break;
+
+                /* We found the next '%' character. Everything up until here
+                 * matched. We now skip ahead to the end of this label and make
+                 * sure it matches the tail of the label in the path. Then we
+                 * decode the string in-between and save it for later use. */
+
+                ++template_pos; /* skip over '%' */
+
+                sep = strchrnul(template_pos, '/');
+                length = sep - template_pos; /* length of suffix to match verbatim */
+
+                /* verify the suffixes match */
+                sep = strchrnul(path_pos, '/');
+                if (sep - path_pos < (ssize_t)length ||
+                    strncmp(sep - length, template_pos, length))
+                        return 0;
+
+                template_pos += length; /* skip over matched label */
+                length = sep - path_pos - length; /* length of sub-label to decode */
+
+                /* store unescaped label for later use */
+                label = bus_label_unescape_n(path_pos, length);
+                if (!label)
+                        return -ENOMEM;
+
+                r = strv_consume(&labels, label);
+                if (r < 0)
+                        return r;
+
+                path_pos = sep; /* skip decoded label and suffix */
+        }
+
+        /* end of template must match end of path */
+        if (*path_pos)
+                return 0;
+
+        /* copy the labels over to the caller */
+        va_start(list, path_template);
+        for (label_pos = labels; label_pos && *label_pos; ++label_pos) {
+                char **arg;
+
+                arg = va_arg(list, char **);
+                if (arg)
+                        *arg = *label_pos;
+                else
+                        free(*label_pos);
+        }
+        va_end(list);
+
+        free(labels);
+        labels = NULL;
+        return 1;
+}
+
+_public_ int sd_bus_try_close(sd_bus *bus) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!bus->is_kernel)
+                return -EOPNOTSUPP;
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        if (bus->rqueue_size > 0)
+                return -EBUSY;
+
+        if (bus->wqueue_size > 0)
+                return -EBUSY;
+
+        r = bus_kernel_try_close(bus);
+        if (r < 0)
+                return r;
+
+        sd_bus_close(bus);
+        return 0;
+}
+
+_public_ int sd_bus_get_description(sd_bus *bus, const char **description) {
+        assert_return(bus, -EINVAL);
+        assert_return(description, -EINVAL);
+        assert_return(bus->description, -ENXIO);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        *description = bus->description;
+        return 0;
+}
+
+int bus_get_root_path(sd_bus *bus) {
+        int r;
+
+        if (bus->cgroup_root)
+                return 0;
+
+        r = cg_get_root_path(&bus->cgroup_root);
+        if (r == -ENOENT) {
+                bus->cgroup_root = strdup("/");
+                if (!bus->cgroup_root)
+                        return -ENOMEM;
+
+                r = 0;
+        }
+
+        return r;
+}
+
+_public_ int sd_bus_get_scope(sd_bus *bus, const char **scope) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(scope, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (bus->is_kernel) {
+                _cleanup_free_ char *n = NULL;
+                const char *dash;
+
+                r = bus_kernel_get_bus_name(bus, &n);
+                if (r < 0)
+                        return r;
+
+                if (streq(n, "0-system")) {
+                        *scope = "system";
+                        return 0;
+                }
+
+                dash = strchr(n, '-');
+                if (streq_ptr(dash, "-user")) {
+                        *scope = "user";
+                        return 0;
+                }
+        }
+
+        if (bus->is_user) {
+                *scope = "user";
+                return 0;
+        }
+
+        if (bus->is_system) {
+                *scope = "system";
+                return 0;
+        }
+
+        return -ENODATA;
+}
+
+_public_ int sd_bus_get_address(sd_bus *bus, const char **address) {
+
+        assert_return(bus, -EINVAL);
+        assert_return(address, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (bus->address) {
+                *address = bus->address;
+                return 0;
+        }
+
+        return -ENODATA;
+}
+
+_public_ int sd_bus_get_creds_mask(sd_bus *bus, uint64_t *mask) {
+        assert_return(bus, -EINVAL);
+        assert_return(mask, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        *mask = bus->creds_mask;
+        return 0;
+}
+
+_public_ int sd_bus_is_bus_client(sd_bus *bus) {
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return bus->bus_client;
+}
+
+_public_ int sd_bus_is_server(sd_bus *bus) {
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return bus->is_server;
+}
+
+_public_ int sd_bus_is_anonymous(sd_bus *bus) {
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return bus->anonymous_auth;
+}
+
+_public_ int sd_bus_is_trusted(sd_bus *bus) {
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return bus->trusted;
+}
+
+_public_ int sd_bus_is_monitor(sd_bus *bus) {
+        assert_return(bus, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        return !!(bus->hello_flags & KDBUS_HELLO_MONITOR);
+}
+
+static void flush_close(sd_bus *bus) {
+        if (!bus)
+                return;
+
+        /* Flushes and closes the specified bus. We take a ref before,
+         * to ensure the flushing does not cause the bus to be
+         * unreferenced. */
+
+        sd_bus_flush_close_unref(sd_bus_ref(bus));
+}
+
+_public_ void sd_bus_default_flush_close(void) {
+        flush_close(default_starter_bus);
+        flush_close(default_user_bus);
+        flush_close(default_system_bus);
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-benchmark.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-benchmark.c
new file mode 100644
index 0000000000..a222d36bb4
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-benchmark.c
@@ -0,0 +1,371 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/wait.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-internal.h"
+#include "bus-kernel.h"
+#include "bus-util.h"
+#include "def.h"
+#include "fd-util.h"
+#include "time-util.h"
+#include "util.h"
+
+#define MAX_SIZE (2*1024*1024)
+
+static usec_t arg_loop_usec = 100 * USEC_PER_MSEC;
+
+typedef enum Type {
+        TYPE_KDBUS,
+        TYPE_LEGACY,
+        TYPE_DIRECT,
+} Type;
+
+static void server(sd_bus *b, size_t *result) {
+        int r;
+
+        for (;;) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+
+                r = sd_bus_process(b, &m);
+                assert_se(r >= 0);
+
+                if (r == 0)
+                        assert_se(sd_bus_wait(b, USEC_INFINITY) >= 0);
+                if (!m)
+                        continue;
+
+                if (sd_bus_message_is_method_call(m, "benchmark.server", "Ping"))
+                        assert_se(sd_bus_reply_method_return(m, NULL) >= 0);
+                else if (sd_bus_message_is_method_call(m, "benchmark.server", "Work")) {
+                        const void *p;
+                        size_t sz;
+
+                        /* Make sure the mmap is mapped */
+                        assert_se(sd_bus_message_read_array(m, 'y', &p, &sz) > 0);
+
+                        r = sd_bus_reply_method_return(m, NULL);
+                        assert_se(r >= 0);
+                } else if (sd_bus_message_is_method_call(m, "benchmark.server", "Exit")) {
+                        uint64_t res;
+                        assert_se(sd_bus_message_read(m, "t", &res) > 0);
+
+                        *result = res;
+                        return;
+
+                } else if (!sd_bus_message_is_signal(m, NULL, NULL))
+                        assert_not_reached("Unknown method");
+        }
+}
+
+static void transaction(sd_bus *b, size_t sz, const char *server_name) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        uint8_t *p;
+
+        assert_se(sd_bus_message_new_method_call(b, &m, server_name, "/", "benchmark.server", "Work") >= 0);
+        assert_se(sd_bus_message_append_array_space(m, 'y', sz, (void**) &p) >= 0);
+
+        memset(p, 0x80, sz);
+
+        assert_se(sd_bus_call(b, m, 0, NULL, &reply) >= 0);
+}
+
+static void client_bisect(const char *address, const char *server_name) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *x = NULL;
+        size_t lsize, rsize, csize;
+        sd_bus *b;
+        int r;
+
+        r = sd_bus_new(&b);
+        assert_se(r >= 0);
+
+        r = sd_bus_set_address(b, address);
+        assert_se(r >= 0);
+
+        r = sd_bus_start(b);
+        assert_se(r >= 0);
+
+        r = sd_bus_call_method(b, server_name, "/", "benchmark.server", "Ping", NULL, NULL, NULL);
+        assert_se(r >= 0);
+
+        lsize = 1;
+        rsize = MAX_SIZE;
+
+        printf("SIZE\tCOPY\tMEMFD\n");
+
+        for (;;) {
+                usec_t t;
+                unsigned n_copying, n_memfd;
+
+                csize = (lsize + rsize) / 2;
+
+                if (csize <= lsize)
+                        break;
+
+                if (csize <= 0)
+                        break;
+
+                printf("%zu\t", csize);
+
+                b->use_memfd = 0;
+
+                t = now(CLOCK_MONOTONIC);
+                for (n_copying = 0;; n_copying++) {
+                        transaction(b, csize, server_name);
+                        if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
+                                break;
+                }
+                printf("%u\t", (unsigned) ((n_copying * USEC_PER_SEC) / arg_loop_usec));
+
+                b->use_memfd = -1;
+
+                t = now(CLOCK_MONOTONIC);
+                for (n_memfd = 0;; n_memfd++) {
+                        transaction(b, csize, server_name);
+                        if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
+                                break;
+                }
+                printf("%u\n", (unsigned) ((n_memfd * USEC_PER_SEC) / arg_loop_usec));
+
+                if (n_copying == n_memfd)
+                        break;
+
+                if (n_copying > n_memfd)
+                        lsize = csize;
+                else
+                        rsize = csize;
+        }
+
+        b->use_memfd = 1;
+        assert_se(sd_bus_message_new_method_call(b, &x, server_name, "/", "benchmark.server", "Exit") >= 0);
+        assert_se(sd_bus_message_append(x, "t", csize) >= 0);
+        assert_se(sd_bus_send(b, x, NULL) >= 0);
+
+        sd_bus_unref(b);
+}
+
+static void client_chart(Type type, const char *address, const char *server_name, int fd) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *x = NULL;
+        size_t csize;
+        sd_bus *b;
+        int r;
+
+        r = sd_bus_new(&b);
+        assert_se(r >= 0);
+
+        if (type == TYPE_DIRECT) {
+                r = sd_bus_set_fd(b, fd, fd);
+                assert_se(r >= 0);
+        } else {
+                r = sd_bus_set_address(b, address);
+                assert_se(r >= 0);
+
+                r = sd_bus_set_bus_client(b, true);
+                assert_se(r >= 0);
+        }
+
+        r = sd_bus_start(b);
+        assert_se(r >= 0);
+
+        r = sd_bus_call_method(b, server_name, "/", "benchmark.server", "Ping", NULL, NULL, NULL);
+        assert_se(r >= 0);
+
+        switch (type) {
+        case TYPE_KDBUS:
+                printf("SIZE\tCOPY\tMEMFD\n");
+                break;
+        case TYPE_LEGACY:
+                printf("SIZE\tLEGACY\n");
+                break;
+        case TYPE_DIRECT:
+                printf("SIZE\tDIRECT\n");
+                break;
+        }
+
+        for (csize = 1; csize <= MAX_SIZE; csize *= 2) {
+                usec_t t;
+                unsigned n_copying, n_memfd;
+
+                printf("%zu\t", csize);
+
+                if (type == TYPE_KDBUS) {
+                        b->use_memfd = 0;
+
+                        t = now(CLOCK_MONOTONIC);
+                        for (n_copying = 0;; n_copying++) {
+                                transaction(b, csize, server_name);
+                                if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
+                                        break;
+                        }
+
+                        printf("%u\t", (unsigned) ((n_copying * USEC_PER_SEC) / arg_loop_usec));
+
+                        b->use_memfd = -1;
+                }
+
+                t = now(CLOCK_MONOTONIC);
+                for (n_memfd = 0;; n_memfd++) {
+                        transaction(b, csize, server_name);
+                        if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
+                                break;
+                }
+
+                printf("%u\n", (unsigned) ((n_memfd * USEC_PER_SEC) / arg_loop_usec));
+        }
+
+        b->use_memfd = 1;
+        assert_se(sd_bus_message_new_method_call(b, &x, server_name, "/", "benchmark.server", "Exit") >= 0);
+        assert_se(sd_bus_message_append(x, "t", csize) >= 0);
+        assert_se(sd_bus_send(b, x, NULL) >= 0);
+
+        sd_bus_unref(b);
+}
+
+int main(int argc, char *argv[]) {
+        enum {
+                MODE_BISECT,
+                MODE_CHART,
+        } mode = MODE_BISECT;
+        Type type = TYPE_KDBUS;
+        int i, pair[2] = { -1, -1 };
+        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL, *server_name = NULL;
+        _cleanup_close_ int bus_ref = -1;
+        const char *unique;
+        cpu_set_t cpuset;
+        size_t result;
+        sd_bus *b;
+        pid_t pid;
+        int r;
+
+        for (i = 1; i < argc; i++) {
+                if (streq(argv[i], "chart")) {
+                        mode = MODE_CHART;
+                        continue;
+                } else if (streq(argv[i], "legacy")) {
+                        type = TYPE_LEGACY;
+                        continue;
+                } else if (streq(argv[i], "direct")) {
+                        type = TYPE_DIRECT;
+                        continue;
+                }
+
+                assert_se(parse_sec(argv[i], &arg_loop_usec) >= 0);
+        }
+
+        assert_se(!MODE_BISECT || TYPE_KDBUS);
+
+        assert_se(arg_loop_usec > 0);
+
+        if (type == TYPE_KDBUS) {
+                assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
+
+                bus_ref = bus_kernel_create_bus(name, false, &bus_name);
+                if (bus_ref == -ENOENT)
+                        exit(EXIT_TEST_SKIP);
+
+                assert_se(bus_ref >= 0);
+
+                address = strappend("kernel:path=", bus_name);
+                assert_se(address);
+        } else if (type == TYPE_LEGACY) {
+                const char *e;
+
+                e = secure_getenv("DBUS_SESSION_BUS_ADDRESS");
+                assert_se(e);
+
+                address = strdup(e);
+                assert_se(address);
+        }
+
+        r = sd_bus_new(&b);
+        assert_se(r >= 0);
+
+        if (type == TYPE_DIRECT) {
+                assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) >= 0);
+
+                r = sd_bus_set_fd(b, pair[0], pair[0]);
+                assert_se(r >= 0);
+
+                r = sd_bus_set_server(b, true, SD_ID128_NULL);
+                assert_se(r >= 0);
+        } else {
+                r = sd_bus_set_address(b, address);
+                assert_se(r >= 0);
+
+                r = sd_bus_set_bus_client(b, true);
+                assert_se(r >= 0);
+        }
+
+        r = sd_bus_start(b);
+        assert_se(r >= 0);
+
+        if (type != TYPE_DIRECT) {
+                r = sd_bus_get_unique_name(b, &unique);
+                assert_se(r >= 0);
+
+                server_name = strdup(unique);
+                assert_se(server_name);
+        }
+
+        sync();
+        setpriority(PRIO_PROCESS, 0, -19);
+
+        pid = fork();
+        assert_se(pid >= 0);
+
+        if (pid == 0) {
+                CPU_ZERO(&cpuset);
+                CPU_SET(0, &cpuset);
+                pthread_setaffinity_np(pthread_self(), sizeof(cpu_set_t), &cpuset);
+
+                safe_close(bus_ref);
+                sd_bus_unref(b);
+
+                switch (mode) {
+                case MODE_BISECT:
+                        client_bisect(address, server_name);
+                        break;
+
+                case MODE_CHART:
+                        client_chart(type, address, server_name, pair[1]);
+                        break;
+                }
+
+                _exit(0);
+        }
+
+        CPU_ZERO(&cpuset);
+        CPU_SET(1, &cpuset);
+        pthread_setaffinity_np(pthread_self(), sizeof(cpu_set_t), &cpuset);
+
+        server(b, &result);
+
+        if (mode == MODE_BISECT)
+                printf("Copying/memfd are equally fast at %zu bytes\n", result);
+
+        assert_se(waitpid(pid, NULL, 0) == pid);
+
+        safe_close(pair[1]);
+        sd_bus_unref(b);
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-chat.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-chat.c
new file mode 100644
index 0000000000..1f028d2b23
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-chat.c
@@ -0,0 +1,560 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <pthread.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-internal.h"
+#include "bus-match.h"
+#include "bus-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "log.h"
+#include "macro.h"
+#include "util.h"
+
+static int match_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+        log_info("Match triggered! interface=%s member=%s", strna(sd_bus_message_get_interface(m)), strna(sd_bus_message_get_member(m)));
+        return 0;
+}
+
+static int object_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+        int r;
+
+        if (sd_bus_message_is_method_error(m, NULL))
+                return 0;
+
+        if (sd_bus_message_is_method_call(m, "org.object.test", "Foobar")) {
+                log_info("Invoked Foobar() on %s", sd_bus_message_get_path(m));
+
+                r = sd_bus_reply_method_return(m, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to send reply: %m");
+
+                return 1;
+        }
+
+        return 0;
+}
+
+static int server_init(sd_bus **_bus) {
+        sd_bus *bus = NULL;
+        sd_id128_t id;
+        int r;
+        const char *unique;
+
+        assert_se(_bus);
+
+        r = sd_bus_open_user(&bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to connect to user bus: %m");
+                goto fail;
+        }
+
+        r = sd_bus_get_bus_id(bus, &id);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get server ID: %m");
+                goto fail;
+        }
+
+        r = sd_bus_get_unique_name(bus, &unique);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get unique name: %m");
+                goto fail;
+        }
+
+        log_info("Peer ID is " SD_ID128_FORMAT_STR ".", SD_ID128_FORMAT_VAL(id));
+        log_info("Unique ID: %s", unique);
+        log_info("Can send file handles: %i", sd_bus_can_send(bus, 'h'));
+
+        r = sd_bus_request_name(bus, "org.freedesktop.systemd.test", 0);
+        if (r < 0) {
+                log_error_errno(r, "Failed to acquire name: %m");
+                goto fail;
+        }
+
+        r = sd_bus_add_fallback(bus, NULL, "/foo/bar", object_callback, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add object: %m");
+                goto fail;
+        }
+
+        r = sd_bus_add_match(bus, NULL, "type='signal',interface='foo.bar',member='Notify'", match_callback, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add match: %m");
+                goto fail;
+        }
+
+        r = sd_bus_add_match(bus, NULL, "type='signal',interface='org.freedesktop.DBus',member='NameOwnerChanged'", match_callback, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add match: %m");
+                goto fail;
+        }
+
+        bus_match_dump(&bus->match_callbacks, 0);
+
+        *_bus = bus;
+        return 0;
+
+fail:
+        sd_bus_unref(bus);
+        return r;
+}
+
+static int server(sd_bus *bus) {
+        int r;
+        bool client1_gone = false, client2_gone = false;
+
+        while (!client1_gone || !client2_gone) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+                pid_t pid = 0;
+                const char *label = NULL;
+
+                r = sd_bus_process(bus, &m);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to process requests: %m");
+                        goto fail;
+                }
+
+                if (r == 0) {
+                        r = sd_bus_wait(bus, (uint64_t) -1);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to wait: %m");
+                                goto fail;
+                        }
+
+                        continue;
+                }
+
+                if (!m)
+                        continue;
+
+                sd_bus_creds_get_pid(sd_bus_message_get_creds(m), &pid);
+                sd_bus_creds_get_selinux_context(sd_bus_message_get_creds(m), &label);
+                log_info("Got message! member=%s pid="PID_FMT" label=%s",
+                         strna(sd_bus_message_get_member(m)),
+                         pid,
+                         strna(label));
+                /* bus_message_dump(m); */
+                /* sd_bus_message_rewind(m, true); */
+
+                if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "LowerCase")) {
+                        const char *hello;
+                        _cleanup_free_ char *lowercase = NULL;
+
+                        r = sd_bus_message_read(m, "s", &hello);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to get parameter: %m");
+                                goto fail;
+                        }
+
+                        lowercase = strdup(hello);
+                        if (!lowercase) {
+                                r = log_oom();
+                                goto fail;
+                        }
+
+                        ascii_strlower(lowercase);
+
+                        r = sd_bus_reply_method_return(m, "s", lowercase);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send reply: %m");
+                                goto fail;
+                        }
+                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "ExitClient1")) {
+
+                        r = sd_bus_reply_method_return(m, NULL);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send reply: %m");
+                                goto fail;
+                        }
+
+                        client1_gone = true;
+                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "ExitClient2")) {
+
+                        r = sd_bus_reply_method_return(m, NULL);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send reply: %m");
+                                goto fail;
+                        }
+
+                        client2_gone = true;
+                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "Slow")) {
+
+                        sleep(1);
+
+                        r = sd_bus_reply_method_return(m, NULL);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send reply: %m");
+                                goto fail;
+                        }
+
+                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "FileDescriptor")) {
+                        int fd;
+                        static const char x = 'X';
+
+                        r = sd_bus_message_read(m, "h", &fd);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to get parameter: %m");
+                                goto fail;
+                        }
+
+                        log_info("Received fd=%d", fd);
+
+                        if (write(fd, &x, 1) < 0) {
+                                log_error_errno(errno, "Failed to write to fd: %m");
+                                safe_close(fd);
+                                goto fail;
+                        }
+
+                        r = sd_bus_reply_method_return(m, NULL);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send reply: %m");
+                                goto fail;
+                        }
+
+                } else if (sd_bus_message_is_method_call(m, NULL, NULL)) {
+
+                        r = sd_bus_reply_method_error(
+                                        m,
+                                        &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_UNKNOWN_METHOD, "Unknown method."));
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send reply: %m");
+                                goto fail;
+                        }
+                }
+        }
+
+        r = 0;
+
+fail:
+        if (bus) {
+                sd_bus_flush(bus);
+                sd_bus_unref(bus);
+        }
+
+        return r;
+}
+
+static void* client1(void*p) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *hello;
+        int r;
+        _cleanup_close_pair_ int pp[2] = { -1, -1 };
+        char x;
+
+        r = sd_bus_open_user(&bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to connect to user bus: %m");
+                goto finish;
+        }
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd.test",
+                        "/",
+                        "org.freedesktop.systemd.test",
+                        "LowerCase",
+                        &error,
+                        &reply,
+                        "s",
+                        "HELLO");
+        if (r < 0) {
+                log_error_errno(r, "Failed to issue method call: %m");
+                goto finish;
+        }
+
+        r = sd_bus_message_read(reply, "s", &hello);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get string: %m");
+                goto finish;
+        }
+
+        assert_se(streq(hello, "hello"));
+
+        if (pipe2(pp, O_CLOEXEC|O_NONBLOCK) < 0) {
+                log_error_errno(errno, "Failed to allocate pipe: %m");
+                r = -errno;
+                goto finish;
+        }
+
+        log_info("Sending fd=%d", pp[1]);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd.test",
+                        "/",
+                        "org.freedesktop.systemd.test",
+                        "FileDescriptor",
+                        &error,
+                        NULL,
+                        "h",
+                        pp[1]);
+        if (r < 0) {
+                log_error_errno(r, "Failed to issue method call: %m");
+                goto finish;
+        }
+
+        errno = 0;
+        if (read(pp[0], &x, 1) <= 0) {
+                log_error("Failed to read from pipe: %s", errno ? strerror(errno) : "early read");
+                goto finish;
+        }
+
+        r = 0;
+
+finish:
+        if (bus) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *q;
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &q,
+                                "org.freedesktop.systemd.test",
+                                "/",
+                                "org.freedesktop.systemd.test",
+                                "ExitClient1");
+                if (r < 0)
+                        log_error_errno(r, "Failed to allocate method call: %m");
+                else
+                        sd_bus_send(bus, q, NULL);
+
+        }
+
+        return INT_TO_PTR(r);
+}
+
+static int quit_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+        bool *x = userdata;
+
+        log_error("Quit callback: %s", strerror(sd_bus_message_get_errno(m)));
+
+        *x = 1;
+        return 1;
+}
+
+static void* client2(void*p) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        bool quit = false;
+        const char *mid;
+        int r;
+
+        r = sd_bus_open_user(&bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to connect to user bus: %m");
+                goto finish;
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd.test",
+                        "/foo/bar/waldo/piep",
+                        "org.object.test",
+                        "Foobar");
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate method call: %m");
+                goto finish;
+        }
+
+        r = sd_bus_send(bus, m, NULL);
+        if (r < 0) {
+                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
+                goto finish;
+        }
+
+        m = sd_bus_message_unref(m);
+
+        r = sd_bus_message_new_signal(
+                        bus,
+                        &m,
+                        "/foobar",
+                        "foo.bar",
+                        "Notify");
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate signal: %m");
+                goto finish;
+        }
+
+        r = sd_bus_send(bus, m, NULL);
+        if (r < 0) {
+                log_error("Failed to issue signal: %s", bus_error_message(&error, -r));
+                goto finish;
+        }
+
+        m = sd_bus_message_unref(m);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd.test",
+                        "/",
+                        "org.freedesktop.DBus.Peer",
+                        "GetMachineId");
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate method call: %m");
+                goto finish;
+        }
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0) {
+                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
+                goto finish;
+        }
+
+        r = sd_bus_message_read(reply, "s", &mid);
+        if (r < 0) {
+                log_error_errno(r, "Failed to parse machine ID: %m");
+                goto finish;
+        }
+
+        log_info("Machine ID is %s.", mid);
+
+        m = sd_bus_message_unref(m);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd.test",
+                        "/",
+                        "org.freedesktop.systemd.test",
+                        "Slow");
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate method call: %m");
+                goto finish;
+        }
+
+        reply = sd_bus_message_unref(reply);
+
+        r = sd_bus_call(bus, m, 200 * USEC_PER_MSEC, &error, &reply);
+        if (r < 0)
+                log_info("Failed to issue method call: %s", bus_error_message(&error, -r));
+        else
+                log_info("Slow call succeed.");
+
+        m = sd_bus_message_unref(m);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd.test",
+                        "/",
+                        "org.freedesktop.systemd.test",
+                        "Slow");
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate method call: %m");
+                goto finish;
+        }
+
+        r = sd_bus_call_async(bus, NULL, m, quit_callback, &quit, 200 * USEC_PER_MSEC);
+        if (r < 0) {
+                log_info("Failed to issue method call: %s", bus_error_message(&error, -r));
+                goto finish;
+        }
+
+        while (!quit) {
+                r = sd_bus_process(bus, NULL);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to process requests: %m");
+                        goto finish;
+                }
+                if (r == 0) {
+                        r = sd_bus_wait(bus, (uint64_t) -1);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to wait: %m");
+                                goto finish;
+                        }
+                }
+        }
+
+        r = 0;
+
+finish:
+        if (bus) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *q;
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &q,
+                                "org.freedesktop.systemd.test",
+                                "/",
+                                "org.freedesktop.systemd.test",
+                                "ExitClient2");
+                if (r < 0) {
+                        log_error_errno(r, "Failed to allocate method call: %m");
+                        goto finish;
+                }
+
+                (void) sd_bus_send(bus, q, NULL);
+        }
+
+        return INT_TO_PTR(r);
+}
+
+int main(int argc, char *argv[]) {
+        pthread_t c1, c2;
+        sd_bus *bus;
+        void *p;
+        int q, r;
+
+        r = server_init(&bus);
+        if (r < 0) {
+                log_info("Failed to connect to bus, skipping tests.");
+                return EXIT_TEST_SKIP;
+        }
+
+        log_info("Initialized...");
+
+        r = pthread_create(&c1, NULL, client1, bus);
+        if (r != 0)
+                return EXIT_FAILURE;
+
+        r = pthread_create(&c2, NULL, client2, bus);
+        if (r != 0)
+                return EXIT_FAILURE;
+
+        r = server(bus);
+
+        q = pthread_join(c1, &p);
+        if (q != 0)
+                return EXIT_FAILURE;
+        if (PTR_TO_INT(p) < 0)
+                return EXIT_FAILURE;
+
+        q = pthread_join(c2, &p);
+        if (q != 0)
+                return EXIT_FAILURE;
+        if (PTR_TO_INT(p) < 0)
+                return EXIT_FAILURE;
+
+        if (r < 0)
+                return EXIT_FAILURE;
+
+        return EXIT_SUCCESS;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-cleanup.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-cleanup.c
new file mode 100644
index 0000000000..bd4a3fbf34
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-cleanup.c
@@ -0,0 +1,95 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdio.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "refcnt.h"
+
+static void test_bus_new(void) {
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+
+        assert_se(sd_bus_new(&bus) == 0);
+        printf("after new: refcount %u\n", REFCNT_GET(bus->n_ref));
+}
+
+static int test_bus_open(void) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        r = sd_bus_open_system(&bus);
+        if (r == -ECONNREFUSED || r == -ENOENT)
+                return r;
+
+        assert_se(r >= 0);
+        printf("after open: refcount %u\n", REFCNT_GET(bus->n_ref));
+
+        return 0;
+}
+
+static void test_bus_new_method_call(void) {
+        sd_bus *bus = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+
+        assert_se(sd_bus_open_system(&bus) >= 0);
+
+        assert_se(sd_bus_message_new_method_call(bus, &m, "a.service.name", "/an/object/path", "an.interface.name", "AMethodName") >= 0);
+
+        printf("after message_new_method_call: refcount %u\n", REFCNT_GET(bus->n_ref));
+
+        sd_bus_flush_close_unref(bus);
+        printf("after bus_flush_close_unref: refcount %u\n", m->n_ref);
+}
+
+static void test_bus_new_signal(void) {
+        sd_bus *bus = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+
+        assert_se(sd_bus_open_system(&bus) >= 0);
+
+        assert_se(sd_bus_message_new_signal(bus, &m, "/an/object/path", "an.interface.name", "Name") >= 0);
+
+        printf("after message_new_signal: refcount %u\n", REFCNT_GET(bus->n_ref));
+
+        sd_bus_flush_close_unref(bus);
+        printf("after bus_flush_close_unref: refcount %u\n", m->n_ref);
+}
+
+int main(int argc, char **argv) {
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        test_bus_new();
+        r = test_bus_open();
+        if (r < 0) {
+                log_info("Failed to connect to bus, skipping tests.");
+                return EXIT_TEST_SKIP;
+        }
+
+        test_bus_new_method_call();
+        test_bus_new_signal();
+
+        return EXIT_SUCCESS;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-creds.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-creds.c
new file mode 100644
index 0000000000..c58b76c258
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-creds.c
@@ -0,0 +1,50 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "bus-dump.h"
+#include "bus-util.h"
+#include "cgroup-util.h"
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+        int r;
+
+        if (cg_unified() == -ENOMEDIUM) {
+                puts("Skipping test: /sys/fs/cgroup/ not available");
+                return EXIT_TEST_SKIP;
+        }
+
+        r = sd_bus_creds_new_from_pid(&creds, 0, _SD_BUS_CREDS_ALL);
+        assert_se(r >= 0);
+
+        bus_creds_dump(creds, NULL, true);
+
+        creds = sd_bus_creds_unref(creds);
+
+        r = sd_bus_creds_new_from_pid(&creds, 1, _SD_BUS_CREDS_ALL);
+        if (r != -EACCES) {
+                assert_se(r >= 0);
+                putchar('\n');
+                bus_creds_dump(creds, NULL, true);
+        }
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-error.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-error.c
new file mode 100644
index 0000000000..bce3cc31c9
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-error.c
@@ -0,0 +1,232 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "errno-list.h"
+
+static void test_error(void) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL, second = SD_BUS_ERROR_NULL;
+        const sd_bus_error const_error = SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FILE_EXISTS, "const error");
+        const sd_bus_error temporarily_const_error = {
+                .name = SD_BUS_ERROR_ACCESS_DENIED,
+                .message = "oh! no",
+                ._need_free = -1
+        };
+
+        assert_se(!sd_bus_error_is_set(&error));
+        assert_se(sd_bus_error_set(&error, SD_BUS_ERROR_NOT_SUPPORTED, "xxx") == -EOPNOTSUPP);
+        assert_se(streq(error.name, SD_BUS_ERROR_NOT_SUPPORTED));
+        assert_se(streq(error.message, "xxx"));
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_NOT_SUPPORTED));
+        assert_se(sd_bus_error_get_errno(&error) == EOPNOTSUPP);
+        assert_se(sd_bus_error_is_set(&error));
+        sd_bus_error_free(&error);
+
+        /* Check with no error */
+        assert_se(!sd_bus_error_is_set(&error));
+        assert_se(sd_bus_error_setf(&error, NULL, "yyy %i", -1) == 0);
+        assert_se(error.name == NULL);
+        assert_se(error.message == NULL);
+        assert_se(!sd_bus_error_has_name(&error, SD_BUS_ERROR_FILE_NOT_FOUND));
+        assert_se(sd_bus_error_get_errno(&error) == 0);
+        assert_se(!sd_bus_error_is_set(&error));
+
+        assert_se(sd_bus_error_setf(&error, SD_BUS_ERROR_FILE_NOT_FOUND, "yyy %i", -1) == -ENOENT);
+        assert_se(streq(error.name, SD_BUS_ERROR_FILE_NOT_FOUND));
+        assert_se(streq(error.message, "yyy -1"));
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_FILE_NOT_FOUND));
+        assert_se(sd_bus_error_get_errno(&error) == ENOENT);
+        assert_se(sd_bus_error_is_set(&error));
+
+        assert_se(!sd_bus_error_is_set(&second));
+        assert_se(second._need_free == 0);
+        assert_se(error._need_free > 0);
+        assert_se(sd_bus_error_copy(&second, &error) == -ENOENT);
+        assert_se(second._need_free > 0);
+        assert_se(streq(error.name, second.name));
+        assert_se(streq(error.message, second.message));
+        assert_se(sd_bus_error_get_errno(&second) == ENOENT);
+        assert_se(sd_bus_error_has_name(&second, SD_BUS_ERROR_FILE_NOT_FOUND));
+        assert_se(sd_bus_error_is_set(&second));
+
+        sd_bus_error_free(&error);
+        sd_bus_error_free(&second);
+
+        assert_se(!sd_bus_error_is_set(&second));
+        assert_se(const_error._need_free == 0);
+        assert_se(sd_bus_error_copy(&second, &const_error) == -EEXIST);
+        assert_se(second._need_free == 0);
+        assert_se(streq(const_error.name, second.name));
+        assert_se(streq(const_error.message, second.message));
+        assert_se(sd_bus_error_get_errno(&second) == EEXIST);
+        assert_se(sd_bus_error_has_name(&second, SD_BUS_ERROR_FILE_EXISTS));
+        assert_se(sd_bus_error_is_set(&second));
+        sd_bus_error_free(&second);
+
+        assert_se(!sd_bus_error_is_set(&second));
+        assert_se(temporarily_const_error._need_free < 0);
+        assert_se(sd_bus_error_copy(&second, &temporarily_const_error) == -EACCES);
+        assert_se(second._need_free > 0);
+        assert_se(streq(temporarily_const_error.name, second.name));
+        assert_se(streq(temporarily_const_error.message, second.message));
+        assert_se(sd_bus_error_get_errno(&second) == EACCES);
+        assert_se(sd_bus_error_has_name(&second, SD_BUS_ERROR_ACCESS_DENIED));
+        assert_se(sd_bus_error_is_set(&second));
+
+        assert_se(!sd_bus_error_is_set(&error));
+        assert_se(sd_bus_error_set_const(&error, "System.Error.EUCLEAN", "Hallo") == -EUCLEAN);
+        assert_se(streq(error.name, "System.Error.EUCLEAN"));
+        assert_se(streq(error.message, "Hallo"));
+        assert_se(sd_bus_error_has_name(&error, "System.Error.EUCLEAN"));
+        assert_se(sd_bus_error_get_errno(&error) == EUCLEAN);
+        assert_se(sd_bus_error_is_set(&error));
+        sd_bus_error_free(&error);
+
+        assert_se(!sd_bus_error_is_set(&error));
+        assert_se(sd_bus_error_set_errno(&error, EBUSY) == -EBUSY);
+        assert_se(streq(error.name, "System.Error.EBUSY"));
+        assert_se(streq(error.message, strerror(EBUSY)));
+        assert_se(sd_bus_error_has_name(&error, "System.Error.EBUSY"));
+        assert_se(sd_bus_error_get_errno(&error) == EBUSY);
+        assert_se(sd_bus_error_is_set(&error));
+        sd_bus_error_free(&error);
+
+        assert_se(!sd_bus_error_is_set(&error));
+        assert_se(sd_bus_error_set_errnof(&error, EIO, "Waldi %c", 'X') == -EIO);
+        assert_se(streq(error.name, SD_BUS_ERROR_IO_ERROR));
+        assert_se(streq(error.message, "Waldi X"));
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_IO_ERROR));
+        assert_se(sd_bus_error_get_errno(&error) == EIO);
+        assert_se(sd_bus_error_is_set(&error));
+        sd_bus_error_free(&error);
+
+        /* Check with no error */
+        assert_se(!sd_bus_error_is_set(&error));
+        assert_se(sd_bus_error_set_errnof(&error, 0, "Waldi %c", 'X') == 0);
+        assert_se(error.name == NULL);
+        assert_se(error.message == NULL);
+        assert_se(!sd_bus_error_has_name(&error, SD_BUS_ERROR_IO_ERROR));
+        assert_se(sd_bus_error_get_errno(&error) == 0);
+        assert_se(!sd_bus_error_is_set(&error));
+}
+
+extern const sd_bus_error_map __start_BUS_ERROR_MAP[];
+extern const sd_bus_error_map __stop_BUS_ERROR_MAP[];
+
+static void dump_mapping_table(void) {
+        const sd_bus_error_map *m;
+
+        printf("----- errno mappings ------\n");
+        m = __start_BUS_ERROR_MAP;
+        while (m < __stop_BUS_ERROR_MAP) {
+
+                if (m->code == BUS_ERROR_MAP_END_MARKER) {
+                        m = ALIGN8_PTR(m+1);
+                        continue;
+                }
+
+                printf("%s -> %i/%s\n", strna(m->name), m->code, strna(errno_to_name(m->code)));
+                m++;
+        }
+        printf("---------------------------\n");
+}
+
+static void test_errno_mapping_standard(void) {
+        assert_se(sd_bus_error_set(NULL, "System.Error.EUCLEAN", NULL) == -EUCLEAN);
+        assert_se(sd_bus_error_set(NULL, "System.Error.EBUSY", NULL) == -EBUSY);
+        assert_se(sd_bus_error_set(NULL, "System.Error.EINVAL", NULL) == -EINVAL);
+        assert_se(sd_bus_error_set(NULL, "System.Error.WHATSIT", NULL) == -EIO);
+}
+
+BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map test_errors[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error", 5),
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-2", 52),
+        SD_BUS_ERROR_MAP_END
+};
+
+BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map test_errors2[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-3", 33),
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-4", 44),
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-33", 333),
+        SD_BUS_ERROR_MAP_END
+};
+
+static const sd_bus_error_map test_errors3[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-88", 888),
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-99", 999),
+        SD_BUS_ERROR_MAP_END
+};
+
+static const sd_bus_error_map test_errors4[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-77", 777),
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-78", 778),
+        SD_BUS_ERROR_MAP_END
+};
+
+static const sd_bus_error_map test_errors_bad1[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-1", 0),
+        SD_BUS_ERROR_MAP_END
+};
+
+static const sd_bus_error_map test_errors_bad2[] = {
+        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-1", -1),
+        SD_BUS_ERROR_MAP_END
+};
+
+static void test_errno_mapping_custom(void) {
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error", NULL) == -5);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-2", NULL) == -52);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-x", NULL) == -EIO);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-33", NULL) == -333);
+
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-88", NULL) == -EIO);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-99", NULL) == -EIO);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-77", NULL) == -EIO);
+
+        assert_se(sd_bus_error_add_map(test_errors3) > 0);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-88", NULL) == -888);
+        assert_se(sd_bus_error_add_map(test_errors4) > 0);
+        assert_se(sd_bus_error_add_map(test_errors4) == 0);
+        assert_se(sd_bus_error_add_map(test_errors3) == 0);
+
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-99", NULL) == -999);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-77", NULL) == -777);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-78", NULL) == -778);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-2", NULL) == -52);
+        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-y", NULL) == -EIO);
+
+        assert_se(sd_bus_error_set(NULL, BUS_ERROR_NO_SUCH_UNIT, NULL) == -ENOENT);
+
+        assert_se(sd_bus_error_add_map(test_errors_bad1) == -EINVAL);
+        assert_se(sd_bus_error_add_map(test_errors_bad2) == -EINVAL);
+}
+
+int main(int argc, char *argv[]) {
+        dump_mapping_table();
+
+        test_error();
+        test_errno_mapping_standard();
+        test_errno_mapping_custom();
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-gvariant.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-gvariant.c
new file mode 100644
index 0000000000..3c9ec9fef0
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-gvariant.c
@@ -0,0 +1,224 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#ifdef HAVE_GLIB
+#include <glib.h>
+#endif
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-dump.h"
+#include "bus-gvariant.h"
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "macro.h"
+#include "util.h"
+
+static void test_bus_gvariant_is_fixed_size(void) {
+        assert_se(bus_gvariant_is_fixed_size("") > 0);
+        assert_se(bus_gvariant_is_fixed_size("()") > 0);
+        assert_se(bus_gvariant_is_fixed_size("y") > 0);
+        assert_se(bus_gvariant_is_fixed_size("u") > 0);
+        assert_se(bus_gvariant_is_fixed_size("b") > 0);
+        assert_se(bus_gvariant_is_fixed_size("n") > 0);
+        assert_se(bus_gvariant_is_fixed_size("q") > 0);
+        assert_se(bus_gvariant_is_fixed_size("i") > 0);
+        assert_se(bus_gvariant_is_fixed_size("t") > 0);
+        assert_se(bus_gvariant_is_fixed_size("d") > 0);
+        assert_se(bus_gvariant_is_fixed_size("s") == 0);
+        assert_se(bus_gvariant_is_fixed_size("o") == 0);
+        assert_se(bus_gvariant_is_fixed_size("g") == 0);
+        assert_se(bus_gvariant_is_fixed_size("h") > 0);
+        assert_se(bus_gvariant_is_fixed_size("ay") == 0);
+        assert_se(bus_gvariant_is_fixed_size("v") == 0);
+        assert_se(bus_gvariant_is_fixed_size("(u)") > 0);
+        assert_se(bus_gvariant_is_fixed_size("(uuuuy)") > 0);
+        assert_se(bus_gvariant_is_fixed_size("(uusuuy)") == 0);
+        assert_se(bus_gvariant_is_fixed_size("a{ss}") == 0);
+        assert_se(bus_gvariant_is_fixed_size("((u)yyy(b(iiii)))") > 0);
+        assert_se(bus_gvariant_is_fixed_size("((u)yyy(b(iiivi)))") == 0);
+}
+
+static void test_bus_gvariant_get_size(void) {
+        assert_se(bus_gvariant_get_size("") == 0);
+        assert_se(bus_gvariant_get_size("()") == 1);
+        assert_se(bus_gvariant_get_size("y") == 1);
+        assert_se(bus_gvariant_get_size("u") == 4);
+        assert_se(bus_gvariant_get_size("b") == 1);
+        assert_se(bus_gvariant_get_size("n") == 2);
+        assert_se(bus_gvariant_get_size("q") == 2);
+        assert_se(bus_gvariant_get_size("i") == 4);
+        assert_se(bus_gvariant_get_size("t") == 8);
+        assert_se(bus_gvariant_get_size("d") == 8);
+        assert_se(bus_gvariant_get_size("s") < 0);
+        assert_se(bus_gvariant_get_size("o") < 0);
+        assert_se(bus_gvariant_get_size("g") < 0);
+        assert_se(bus_gvariant_get_size("h") == 4);
+        assert_se(bus_gvariant_get_size("ay") < 0);
+        assert_se(bus_gvariant_get_size("v") < 0);
+        assert_se(bus_gvariant_get_size("(u)") == 4);
+        assert_se(bus_gvariant_get_size("(uuuuy)") == 20);
+        assert_se(bus_gvariant_get_size("(uusuuy)") < 0);
+        assert_se(bus_gvariant_get_size("a{ss}") < 0);
+        assert_se(bus_gvariant_get_size("((u)yyy(b(iiii)))") == 28);
+        assert_se(bus_gvariant_get_size("((u)yyy(b(iiivi)))") < 0);
+        assert_se(bus_gvariant_get_size("((b)(t))") == 16);
+        assert_se(bus_gvariant_get_size("((b)(b)(t))") == 16);
+        assert_se(bus_gvariant_get_size("(bt)") == 16);
+        assert_se(bus_gvariant_get_size("((t)(b))") == 16);
+        assert_se(bus_gvariant_get_size("(tb)") == 16);
+        assert_se(bus_gvariant_get_size("((b)(b))") == 2);
+        assert_se(bus_gvariant_get_size("((t)(t))") == 16);
+}
+
+static void test_bus_gvariant_get_alignment(void) {
+        assert_se(bus_gvariant_get_alignment("") == 1);
+        assert_se(bus_gvariant_get_alignment("()") == 1);
+        assert_se(bus_gvariant_get_alignment("y") == 1);
+        assert_se(bus_gvariant_get_alignment("b") == 1);
+        assert_se(bus_gvariant_get_alignment("u") == 4);
+        assert_se(bus_gvariant_get_alignment("s") == 1);
+        assert_se(bus_gvariant_get_alignment("o") == 1);
+        assert_se(bus_gvariant_get_alignment("g") == 1);
+        assert_se(bus_gvariant_get_alignment("v") == 8);
+        assert_se(bus_gvariant_get_alignment("h") == 4);
+        assert_se(bus_gvariant_get_alignment("i") == 4);
+        assert_se(bus_gvariant_get_alignment("t") == 8);
+        assert_se(bus_gvariant_get_alignment("x") == 8);
+        assert_se(bus_gvariant_get_alignment("q") == 2);
+        assert_se(bus_gvariant_get_alignment("n") == 2);
+        assert_se(bus_gvariant_get_alignment("d") == 8);
+        assert_se(bus_gvariant_get_alignment("ay") == 1);
+        assert_se(bus_gvariant_get_alignment("as") == 1);
+        assert_se(bus_gvariant_get_alignment("au") == 4);
+        assert_se(bus_gvariant_get_alignment("an") == 2);
+        assert_se(bus_gvariant_get_alignment("ans") == 2);
+        assert_se(bus_gvariant_get_alignment("ant") == 8);
+        assert_se(bus_gvariant_get_alignment("(ss)") == 1);
+        assert_se(bus_gvariant_get_alignment("(ssu)") == 4);
+        assert_se(bus_gvariant_get_alignment("a(ssu)") == 4);
+        assert_se(bus_gvariant_get_alignment("(u)") == 4);
+        assert_se(bus_gvariant_get_alignment("(uuuuy)") == 4);
+        assert_se(bus_gvariant_get_alignment("(uusuuy)") == 4);
+        assert_se(bus_gvariant_get_alignment("a{ss}") == 1);
+        assert_se(bus_gvariant_get_alignment("((u)yyy(b(iiii)))") == 4);
+        assert_se(bus_gvariant_get_alignment("((u)yyy(b(iiivi)))") == 8);
+        assert_se(bus_gvariant_get_alignment("((b)(t))") == 8);
+        assert_se(bus_gvariant_get_alignment("((b)(b)(t))") == 8);
+        assert_se(bus_gvariant_get_alignment("(bt)") == 8);
+        assert_se(bus_gvariant_get_alignment("((t)(b))") == 8);
+        assert_se(bus_gvariant_get_alignment("(tb)") == 8);
+        assert_se(bus_gvariant_get_alignment("((b)(b))") == 1);
+        assert_se(bus_gvariant_get_alignment("((t)(t))") == 8);
+}
+
+static void test_marshal(void) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *n = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ void *blob;
+        size_t sz;
+        int r;
+
+        r = sd_bus_open_system(&bus);
+        if (r < 0)
+                exit(EXIT_TEST_SKIP);
+
+        bus->message_version = 2; /* dirty hack to enable gvariant */
+
+        assert_se(sd_bus_message_new_method_call(bus, &m, "a.service.name", "/an/object/path/which/is/really/really/long/so/that/we/hit/the/eight/bit/boundary/by/quite/some/margin/to/test/this/stuff/that/it/really/works", "an.interface.name", "AMethodName") >= 0);
+
+        assert_cc(sizeof(struct bus_header) == 16);
+
+        assert_se(sd_bus_message_append(m,
+                                        "a(usv)", 3,
+                                        4711, "first-string-parameter", "(st)", "X", (uint64_t) 1111,
+                                        4712, "second-string-parameter", "(a(si))", 2, "Y", 5, "Z", 6,
+                                        4713, "third-string-parameter", "(uu)", 1, 2) >= 0);
+
+        assert_se(bus_message_seal(m, 4711, 0) >= 0);
+
+#ifdef HAVE_GLIB
+        {
+                GVariant *v;
+                char *t;
+
+#if !defined(GLIB_VERSION_2_36)
+                g_type_init();
+#endif
+
+                v = g_variant_new_from_data(G_VARIANT_TYPE("(yyyyuta{tv})"), m->header, sizeof(struct bus_header) + m->fields_size, false, NULL, NULL);
+                assert_se(g_variant_is_normal_form(v));
+                t = g_variant_print(v, TRUE);
+                printf("%s\n", t);
+                g_free(t);
+                g_variant_unref(v);
+
+                v = g_variant_new_from_data(G_VARIANT_TYPE("(a(usv))"), m->body.data, m->user_body_size, false, NULL, NULL);
+                assert_se(g_variant_is_normal_form(v));
+                t = g_variant_print(v, TRUE);
+                printf("%s\n", t);
+                g_free(t);
+                g_variant_unref(v);
+        }
+#endif
+
+        assert_se(bus_message_dump(m, NULL, BUS_MESSAGE_DUMP_WITH_HEADER) >= 0);
+
+        assert_se(bus_message_get_blob(m, &blob, &sz) >= 0);
+
+#ifdef HAVE_GLIB
+        {
+                GVariant *v;
+                char *t;
+
+                v = g_variant_new_from_data(G_VARIANT_TYPE("(yyyyuta{tv}v)"), blob, sz, false, NULL, NULL);
+                assert_se(g_variant_is_normal_form(v));
+                t = g_variant_print(v, TRUE);
+                printf("%s\n", t);
+                g_free(t);
+                g_variant_unref(v);
+        }
+#endif
+
+        assert_se(bus_message_from_malloc(bus, blob, sz, NULL, 0, NULL, &n) >= 0);
+        blob = NULL;
+
+        assert_se(bus_message_dump(n, NULL, BUS_MESSAGE_DUMP_WITH_HEADER) >= 0);
+
+        m = sd_bus_message_unref(m);
+
+        assert_se(sd_bus_message_new_method_call(bus, &m, "a.x", "/a/x", "a.x", "Ax") >= 0);
+
+        assert_se(sd_bus_message_append(m, "as", 0) >= 0);
+
+        assert_se(bus_message_seal(m, 4712, 0) >= 0);
+        assert_se(bus_message_dump(m, NULL, BUS_MESSAGE_DUMP_WITH_HEADER) >= 0);
+}
+
+int main(int argc, char *argv[]) {
+
+        test_bus_gvariant_is_fixed_size();
+        test_bus_gvariant_get_size();
+        test_bus_gvariant_get_alignment();
+        test_marshal();
+
+        return 0;
+}
diff --git a/src/libsystemd/sd-bus/test-bus-introspect.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-introspect.c
index 4425cfae26..4425cfae26 100644
--- a/src/libsystemd/sd-bus/test-bus-introspect.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-introspect.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-kernel-bloom.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-kernel-bloom.c
new file mode 100644
index 0000000000..f16e14a310
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-kernel-bloom.c
@@ -0,0 +1,141 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-kernel.h"
+#include "bus-util.h"
+#include "fd-util.h"
+#include "log.h"
+#include "util.h"
+
+static int test_match(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+        int *found = userdata;
+
+        *found = 1;
+
+        return 0;
+}
+
+static void test_one(
+                const char *path,
+                const char *interface,
+                const char *member,
+                bool as_list,
+                const char *arg0,
+                const char *match,
+                bool good) {
+
+        _cleanup_close_ int bus_ref = -1;
+        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        sd_bus *a, *b;
+        int r, found = 0;
+
+        assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
+
+        bus_ref = bus_kernel_create_bus(name, false, &bus_name);
+        if (bus_ref == -ENOENT)
+                exit(EXIT_TEST_SKIP);
+
+        assert_se(bus_ref >= 0);
+
+        address = strappend("kernel:path=", bus_name);
+        assert_se(address);
+
+        r = sd_bus_new(&a);
+        assert_se(r >= 0);
+
+        r = sd_bus_new(&b);
+        assert_se(r >= 0);
+
+        r = sd_bus_set_address(a, address);
+        assert_se(r >= 0);
+
+        r = sd_bus_set_address(b, address);
+        assert_se(r >= 0);
+
+        r = sd_bus_start(a);
+        assert_se(r >= 0);
+
+        r = sd_bus_start(b);
+        assert_se(r >= 0);
+
+        log_debug("match");
+        r = sd_bus_add_match(b, NULL, match, test_match, &found);
+        assert_se(r >= 0);
+
+        log_debug("signal");
+
+        if (as_list)
+                r = sd_bus_emit_signal(a, path, interface, member, "as", 1, arg0);
+        else
+                r = sd_bus_emit_signal(a, path, interface, member, "s", arg0);
+        assert_se(r >= 0);
+
+        r = sd_bus_process(b, &m);
+        assert_se(r >= 0 && good == !!found);
+
+        sd_bus_unref(a);
+        sd_bus_unref(b);
+}
+
+int main(int argc, char *argv[]) {
+        log_set_max_level(LOG_DEBUG);
+
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo/tuut'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "interface='waldo.com'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "member='Piep'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "member='Pi_ep'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "arg0='foobar'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "arg0='foo_bar'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0='foobar'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0='foo_bar'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0has='foobar'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0has='foo_bar'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo',interface='waldo.com',member='Piep',arg0='foobar'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo',interface='waldo.com',member='Piep',arg0='foobar2'", false);
+
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo/quux'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/bar/waldo'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/bar'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/quux'", false);
+        test_one("/", "waldo.com", "Piep", false, "foobar", "path_namespace='/'", true);
+
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo/'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/bar/waldo/'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/'", true);
+
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo/bar/waldo", "arg0path='/foo/'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo", "arg0path='/foo'", true);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo", "arg0path='/foo/bar/waldo'", false);
+        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo/", "arg0path='/foo/bar/waldo'", true);
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-kernel.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-kernel.c
new file mode 100644
index 0000000000..2a5ba60cc9
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-kernel.c
@@ -0,0 +1,190 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-dump.h"
+#include "bus-kernel.h"
+#include "bus-util.h"
+#include "fd-util.h"
+#include "log.h"
+#include "util.h"
+
+int main(int argc, char *argv[]) {
+        _cleanup_close_ int bus_ref = -1;
+        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL, *bname = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *ua = NULL, *ub = NULL, *the_string = NULL;
+        sd_bus *a, *b;
+        int r, pipe_fds[2];
+        const char *nn;
+
+        log_set_max_level(LOG_DEBUG);
+
+        assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
+
+        bus_ref = bus_kernel_create_bus(name, false, &bus_name);
+        if (bus_ref == -ENOENT)
+                return EXIT_TEST_SKIP;
+
+        assert_se(bus_ref >= 0);
+
+        address = strappend("kernel:path=", bus_name);
+        assert_se(address);
+
+        r = sd_bus_new(&a);
+        assert_se(r >= 0);
+
+        r = sd_bus_new(&b);
+        assert_se(r >= 0);
+
+        r = sd_bus_set_description(a, "a");
+        assert_se(r >= 0);
+
+        r = sd_bus_set_address(a, address);
+        assert_se(r >= 0);
+
+        r = sd_bus_set_address(b, address);
+        assert_se(r >= 0);
+
+        assert_se(sd_bus_negotiate_timestamp(a, 1) >= 0);
+        assert_se(sd_bus_negotiate_creds(a, true, _SD_BUS_CREDS_ALL) >= 0);
+
+        assert_se(sd_bus_negotiate_timestamp(b, 0) >= 0);
+        assert_se(sd_bus_negotiate_creds(b, true, 0) >= 0);
+
+        r = sd_bus_start(a);
+        assert_se(r >= 0);
+
+        r = sd_bus_start(b);
+        assert_se(r >= 0);
+
+        assert_se(sd_bus_negotiate_timestamp(b, 1) >= 0);
+        assert_se(sd_bus_negotiate_creds(b, true, _SD_BUS_CREDS_ALL) >= 0);
+
+        r = sd_bus_get_unique_name(a, &ua);
+        assert_se(r >= 0);
+        printf("unique a: %s\n", ua);
+
+        r = sd_bus_get_description(a, &nn);
+        assert_se(r >= 0);
+        printf("name of a: %s\n", nn);
+
+        r = sd_bus_get_unique_name(b, &ub);
+        assert_se(r >= 0);
+        printf("unique b: %s\n", ub);
+
+        r = sd_bus_get_description(b, &nn);
+        assert_se(r >= 0);
+        printf("name of b: %s\n", nn);
+
+        assert_se(bus_kernel_get_bus_name(b, &bname) >= 0);
+        assert_se(endswith(bname, name));
+
+        r = sd_bus_call_method(a, "this.doesnt.exist", "/foo", "meh.mah", "muh", &error, NULL, "s", "yayayay");
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_SERVICE_UNKNOWN));
+        assert_se(r == -EHOSTUNREACH);
+
+        r = sd_bus_add_match(b, NULL, "interface='waldo.com',member='Piep'", NULL, NULL);
+        assert_se(r >= 0);
+
+        r = sd_bus_emit_signal(a, "/foo/bar/waldo", "waldo.com", "Piep", "sss", "I am a string", "/this/is/a/path", "and.this.a.domain.name");
+        assert_se(r >= 0);
+
+        r = sd_bus_try_close(b);
+        assert_se(r == -EBUSY);
+
+        r = sd_bus_process_priority(b, -10, &m);
+        assert_se(r == 0);
+
+        r = sd_bus_process(b, &m);
+        assert_se(r > 0);
+        assert_se(m);
+
+        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+        assert_se(sd_bus_message_rewind(m, true) >= 0);
+
+        r = sd_bus_message_read(m, "s", &the_string);
+        assert_se(r >= 0);
+        assert_se(streq(the_string, "I am a string"));
+
+        sd_bus_message_unref(m);
+        m = NULL;
+
+        r = sd_bus_request_name(a, "net.x0pointer.foobar", 0);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_new_method_call(b, &m, "net.x0pointer.foobar", "/a/path", "an.inter.face", "AMethod");
+        assert_se(r >= 0);
+
+        assert_se(pipe2(pipe_fds, O_CLOEXEC) >= 0);
+
+        assert_se(write(pipe_fds[1], "x", 1) == 1);
+
+        pipe_fds[1] = safe_close(pipe_fds[1]);
+
+        r = sd_bus_message_append(m, "h", pipe_fds[0]);
+        assert_se(r >= 0);
+
+        pipe_fds[0] = safe_close(pipe_fds[0]);
+
+        r = sd_bus_send(b, m, NULL);
+        assert_se(r >= 0);
+
+        for (;;) {
+                sd_bus_message_unref(m);
+                m = NULL;
+                r = sd_bus_process(a, &m);
+                assert_se(r > 0);
+                assert_se(m);
+
+                bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+                assert_se(sd_bus_message_rewind(m, true) >= 0);
+
+                if (sd_bus_message_is_method_call(m, "an.inter.face", "AMethod")) {
+                        int fd;
+                        char x;
+
+                        r = sd_bus_message_read(m, "h", &fd);
+                        assert_se(r >= 0);
+
+                        assert_se(read(fd, &x, 1) == 1);
+                        assert_se(x == 'x');
+                        break;
+                }
+        }
+
+        r = sd_bus_release_name(a, "net.x0pointer.foobar");
+        assert_se(r >= 0);
+
+        r = sd_bus_release_name(a, "net.x0pointer.foobar");
+        assert_se(r == -ESRCH);
+
+        r = sd_bus_try_close(a);
+        assert_se(r >= 0);
+
+        sd_bus_unref(a);
+        sd_bus_unref(b);
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-marshal.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-marshal.c
new file mode 100644
index 0000000000..45db4764a0
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-marshal.c
@@ -0,0 +1,432 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <math.h>
+#include <stdlib.h>
+
+#ifdef HAVE_GLIB
+#include <gio/gio.h>
+#endif
+
+#ifdef HAVE_DBUS
+#include <dbus/dbus.h>
+#endif
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-dump.h"
+#include "bus-label.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "fd-util.h"
+#include "hexdecoct.h"
+#include "log.h"
+#include "util.h"
+
+static void test_bus_path_encode_unique(void) {
+        _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL;
+
+        assert_se(bus_path_encode_unique(NULL, "/foo/bar", "some.sender", "a.suffix", &a) >= 0 && streq_ptr(a, "/foo/bar/some_2esender/a_2esuffix"));
+        assert_se(bus_path_decode_unique(a, "/foo/bar", &b, &c) > 0 && streq_ptr(b, "some.sender") && streq_ptr(c, "a.suffix"));
+        assert_se(bus_path_decode_unique(a, "/bar/foo", &d, &d) == 0 && !d);
+        assert_se(bus_path_decode_unique("/foo/bar/onlyOneSuffix", "/foo/bar", &d, &d) == 0 && !d);
+        assert_se(bus_path_decode_unique("/foo/bar/_/_", "/foo/bar", &d, &e) > 0 && streq_ptr(d, "") && streq_ptr(e, ""));
+}
+
+static void test_bus_path_encode(void) {
+        _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *f = NULL;
+
+        assert_se(sd_bus_path_encode("/foo/bar", "waldo", &a) >= 0 && streq(a, "/foo/bar/waldo"));
+        assert_se(sd_bus_path_decode(a, "/waldo", &b) == 0 && b == NULL);
+        assert_se(sd_bus_path_decode(a, "/foo/bar", &b) > 0 && streq(b, "waldo"));
+
+        assert_se(sd_bus_path_encode("xxxx", "waldo", &c) < 0);
+        assert_se(sd_bus_path_encode("/foo/", "waldo", &c) < 0);
+
+        assert_se(sd_bus_path_encode("/foo/bar", "", &c) >= 0 && streq(c, "/foo/bar/_"));
+        assert_se(sd_bus_path_decode(c, "/foo/bar", &d) > 0 && streq(d, ""));
+
+        assert_se(sd_bus_path_encode("/foo/bar", "foo.bar", &e) >= 0 && streq(e, "/foo/bar/foo_2ebar"));
+        assert_se(sd_bus_path_decode(e, "/foo/bar", &f) > 0 && streq(f, "foo.bar"));
+}
+
+static void test_bus_path_encode_many(void) {
+        _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *f = NULL;
+
+        assert_se(sd_bus_path_decode_many("/foo/bar", "/prefix/%", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/prefix/bar", "/prefix/%bar", NULL) == 1);
+        assert_se(sd_bus_path_decode_many("/foo/bar", "/prefix/%/suffix", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/prefix/foobar/suffix", "/prefix/%/suffix", &a) == 1 && streq_ptr(a, "foobar"));
+        assert_se(sd_bus_path_decode_many("/prefix/one_foo_two/mid/three_bar_four/suffix", "/prefix/one_%_two/mid/three_%_four/suffix", &b, &c) == 1 && streq_ptr(b, "foo") && streq_ptr(c, "bar"));
+        assert_se(sd_bus_path_decode_many("/prefix/one_foo_two/mid/three_bar_four/suffix", "/prefix/one_%_two/mid/three_%_four/suffix", NULL, &d) == 1 && streq_ptr(d, "bar"));
+
+        assert_se(sd_bus_path_decode_many("/foo/bar", "/foo/bar/%", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/bar%", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/bar", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%bar", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/bar/suffix") == 1);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%%/suffix", NULL, NULL) == 0); /* multiple '%' are treated verbatim */
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/suffi", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/suffix", &e) == 1 && streq_ptr(e, "bar"));
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/%", NULL, NULL) == 1);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/%/%", NULL, NULL, NULL) == 1);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "%/%/%", NULL, NULL, NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/%", NULL, NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/%/", NULL, NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%", NULL) == 0);
+        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "%", NULL) == 0);
+
+        assert_se(sd_bus_path_encode_many(&f, "/prefix/one_%_two/mid/three_%_four/suffix", "foo", "bar") >= 0 && streq_ptr(f, "/prefix/one_foo_two/mid/three_bar_four/suffix"));
+}
+
+static void test_bus_label_escape_one(const char *a, const char *b) {
+        _cleanup_free_ char *t = NULL, *x = NULL, *y = NULL;
+
+        assert_se(t = bus_label_escape(a));
+        assert_se(streq(t, b));
+
+        assert_se(x = bus_label_unescape(t));
+        assert_se(streq(a, x));
+
+        assert_se(y = bus_label_unescape(b));
+        assert_se(streq(a, y));
+}
+
+static void test_bus_label_escape(void) {
+        test_bus_label_escape_one("foo123bar", "foo123bar");
+        test_bus_label_escape_one("foo.bar", "foo_2ebar");
+        test_bus_label_escape_one("foo_2ebar", "foo_5f2ebar");
+        test_bus_label_escape_one("", "_");
+        test_bus_label_escape_one("_", "_5f");
+        test_bus_label_escape_one("1", "_31");
+        test_bus_label_escape_one(":1", "_3a1");
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *copy = NULL;
+        int r, boolean;
+        const char *x, *x2, *y, *z, *a, *b, *c, *d, *a_signature;
+        uint8_t u, v;
+        void *buffer = NULL;
+        size_t sz;
+        char *h;
+        const int32_t integer_array[] = { -1, -2, 0, 1, 2 }, *return_array;
+        char *s;
+        _cleanup_free_ char *first = NULL, *second = NULL, *third = NULL;
+        _cleanup_fclose_ FILE *ms = NULL;
+        size_t first_size = 0, second_size = 0, third_size = 0;
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        double dbl;
+        uint64_t u64;
+
+        r = sd_bus_default_system(&bus);
+        if (r < 0)
+                return EXIT_TEST_SKIP;
+
+        r = sd_bus_message_new_method_call(bus, &m, "foobar.waldo", "/", "foobar.waldo", "Piep");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "s", "a string");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "s", NULL);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "asg", 2, "string #1", "string #2", "sba(tt)ss");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "sass", "foobar", 5, "foo", "bar", "waldo", "piep", "pap", "after");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "a{yv}", 2, 3, "s", "foo", 5, "s", "waldo");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "y(ty)y(yt)y", 8, 777ULL, 7, 9, 77, 7777ULL, 10);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "()");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "ba(ss)", 255, 3, "aaa", "1", "bbb", "2", "ccc", "3");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_open_container(m, 'a', "s");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append_basic(m, 's', "foobar");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append_basic(m, 's', "waldo");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_close_container(m);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append_string_space(m, 5, &s);
+        assert_se(r >= 0);
+        strcpy(s, "hallo");
+
+        r = sd_bus_message_append_array(m, 'i', integer_array, sizeof(integer_array));
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append_array(m, 'u', NULL, 0);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "a(stdo)", 1, "foo", 815ULL, 47.0, "/");
+        assert_se(r >= 0);
+
+        r = bus_message_seal(m, 4711, 0);
+        assert_se(r >= 0);
+
+        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        ms = open_memstream(&first, &first_size);
+        bus_message_dump(m, ms, 0);
+        fflush(ms);
+        assert_se(!ferror(ms));
+
+        r = bus_message_get_blob(m, &buffer, &sz);
+        assert_se(r >= 0);
+
+        h = hexmem(buffer, sz);
+        assert_se(h);
+
+        log_info("message size = %zu, contents =\n%s", sz, h);
+        free(h);
+
+#ifdef HAVE_GLIB
+        {
+                GDBusMessage *g;
+                char *p;
+
+#if !defined(GLIB_VERSION_2_36)
+                g_type_init();
+#endif
+
+                g = g_dbus_message_new_from_blob(buffer, sz, 0, NULL);
+                p = g_dbus_message_print(g, 0);
+                log_info("%s", p);
+                g_free(p);
+                g_object_unref(g);
+        }
+#endif
+
+#ifdef HAVE_DBUS
+        {
+                DBusMessage *w;
+                DBusError error;
+
+                dbus_error_init(&error);
+
+                w = dbus_message_demarshal(buffer, sz, &error);
+                if (!w)
+                        log_error("%s", error.message);
+                else
+                        dbus_message_unref(w);
+
+                dbus_error_free(&error);
+        }
+#endif
+
+        m = sd_bus_message_unref(m);
+
+        r = bus_message_from_malloc(bus, buffer, sz, NULL, 0, NULL, &m);
+        assert_se(r >= 0);
+
+        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        fclose(ms);
+        ms = open_memstream(&second, &second_size);
+        bus_message_dump(m, ms, 0);
+        fflush(ms);
+        assert_se(!ferror(ms));
+        assert_se(first_size == second_size);
+        assert_se(memcmp(first, second, first_size) == 0);
+
+        assert_se(sd_bus_message_rewind(m, true) >= 0);
+
+        r = sd_bus_message_read(m, "ssasg", &x, &x2, 2, &y, &z, &a_signature);
+        assert_se(r > 0);
+        assert_se(streq(x, "a string"));
+        assert_se(streq(x2, ""));
+        assert_se(streq(y, "string #1"));
+        assert_se(streq(z, "string #2"));
+        assert_se(streq(a_signature, "sba(tt)ss"));
+
+        r = sd_bus_message_read(m, "sass", &x, 5, &y, &z, &a, &b, &c, &d);
+        assert_se(r > 0);
+        assert_se(streq(x, "foobar"));
+        assert_se(streq(y, "foo"));
+        assert_se(streq(z, "bar"));
+        assert_se(streq(a, "waldo"));
+        assert_se(streq(b, "piep"));
+        assert_se(streq(c, "pap"));
+        assert_se(streq(d, "after"));
+
+        r = sd_bus_message_read(m, "a{yv}", 2, &u, "s", &x, &v, "s", &y);
+        assert_se(r > 0);
+        assert_se(u == 3);
+        assert_se(streq(x, "foo"));
+        assert_se(v == 5);
+        assert_se(streq(y, "waldo"));
+
+        r = sd_bus_message_read(m, "y(ty)", &v, &u64, &u);
+        assert_se(r > 0);
+        assert_se(v == 8);
+        assert_se(u64 == 777);
+        assert_se(u == 7);
+
+        r = sd_bus_message_read(m, "y(yt)", &v, &u, &u64);
+        assert_se(r > 0);
+        assert_se(v == 9);
+        assert_se(u == 77);
+        assert_se(u64 == 7777);
+
+        r = sd_bus_message_read(m, "y", &v);
+        assert_se(r > 0);
+        assert_se(v == 10);
+
+        r = sd_bus_message_read(m, "()");
+        assert_se(r > 0);
+
+        r = sd_bus_message_read(m, "ba(ss)", &boolean, 3, &x, &y, &a, &b, &c, &d);
+        assert_se(r > 0);
+        assert_se(boolean);
+        assert_se(streq(x, "aaa"));
+        assert_se(streq(y, "1"));
+        assert_se(streq(a, "bbb"));
+        assert_se(streq(b, "2"));
+        assert_se(streq(c, "ccc"));
+        assert_se(streq(d, "3"));
+
+        assert_se(sd_bus_message_verify_type(m, 'a', "s") > 0);
+
+        r = sd_bus_message_read(m, "as", 2, &x, &y);
+        assert_se(r > 0);
+        assert_se(streq(x, "foobar"));
+        assert_se(streq(y, "waldo"));
+
+        r = sd_bus_message_read_basic(m, 's', &s);
+        assert_se(r > 0);
+        assert_se(streq(s, "hallo"));
+
+        r = sd_bus_message_read_array(m, 'i', (const void**) &return_array, &sz);
+        assert_se(r > 0);
+        assert_se(sz == sizeof(integer_array));
+        assert_se(memcmp(integer_array, return_array, sz) == 0);
+
+        r = sd_bus_message_read_array(m, 'u', (const void**) &return_array, &sz);
+        assert_se(r > 0);
+        assert_se(sz == 0);
+
+        r = sd_bus_message_read(m, "a(stdo)", 1, &x, &u64, &dbl, &y);
+        assert_se(r > 0);
+        assert_se(streq(x, "foo"));
+        assert_se(u64 == 815ULL);
+        assert_se(fabs(dbl - 47.0) < 0.1);
+        assert_se(streq(y, "/"));
+
+        r = sd_bus_message_peek_type(m, NULL, NULL);
+        assert_se(r == 0);
+
+        r = sd_bus_message_new_method_call(bus, &copy, "foobar.waldo", "/", "foobar.waldo", "Piep");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_rewind(m, true);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_copy(copy, m, true);
+        assert_se(r >= 0);
+
+        r = bus_message_seal(copy, 4712, 0);
+        assert_se(r >= 0);
+
+        fclose(ms);
+        ms = open_memstream(&third, &third_size);
+        bus_message_dump(copy, ms, 0);
+        fflush(ms);
+        assert_se(!ferror(ms));
+
+        printf("<%.*s>\n", (int) first_size, first);
+        printf("<%.*s>\n", (int) third_size, third);
+
+        assert_se(first_size == third_size);
+        assert_se(memcmp(first, third, third_size) == 0);
+
+        r = sd_bus_message_rewind(m, true);
+        assert_se(r >= 0);
+
+        assert_se(sd_bus_message_verify_type(m, 's', NULL) > 0);
+
+        r = sd_bus_message_skip(m, "ssasg");
+        assert_se(r > 0);
+
+        assert_se(sd_bus_message_verify_type(m, 's', NULL) > 0);
+
+        r = sd_bus_message_skip(m, "sass");
+        assert_se(r >= 0);
+
+        assert_se(sd_bus_message_verify_type(m, 'a', "{yv}") > 0);
+
+        r = sd_bus_message_skip(m, "a{yv}y(ty)y(yt)y()");
+        assert_se(r >= 0);
+
+        assert_se(sd_bus_message_verify_type(m, 'b', NULL) > 0);
+
+        r = sd_bus_message_read(m, "b", &boolean);
+        assert_se(r > 0);
+        assert_se(boolean);
+
+        r = sd_bus_message_enter_container(m, 0, NULL);
+        assert_se(r > 0);
+
+        r = sd_bus_message_read(m, "(ss)", &x, &y);
+        assert_se(r > 0);
+
+        r = sd_bus_message_read(m, "(ss)", &a, &b);
+        assert_se(r > 0);
+
+        r = sd_bus_message_read(m, "(ss)", &c, &d);
+        assert_se(r > 0);
+
+        r = sd_bus_message_read(m, "(ss)", &x, &y);
+        assert_se(r == 0);
+
+        r = sd_bus_message_exit_container(m);
+        assert_se(r >= 0);
+
+        assert_se(streq(x, "aaa"));
+        assert_se(streq(y, "1"));
+        assert_se(streq(a, "bbb"));
+        assert_se(streq(b, "2"));
+        assert_se(streq(c, "ccc"));
+        assert_se(streq(d, "3"));
+
+        test_bus_label_escape();
+        test_bus_path_encode();
+        test_bus_path_encode_unique();
+        test_bus_path_encode_many();
+
+        return 0;
+}
diff --git a/src/libsystemd/sd-bus/test-bus-match.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-match.c
index 29c4529f95..29c4529f95 100644
--- a/src/libsystemd/sd-bus/test-bus-match.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-match.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-objects.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-objects.c
new file mode 100644
index 0000000000..e9bb655665
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-objects.c
@@ -0,0 +1,555 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <pthread.h>
+#include <stdlib.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-dump.h"
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "log.h"
+#include "macro.h"
+#include "strv.h"
+#include "util.h"
+
+struct context {
+        int fds[2];
+        bool quit;
+        char *something;
+        char *automatic_string_property;
+        uint32_t automatic_integer_property;
+};
+
+static int something_handler(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        struct context *c = userdata;
+        const char *s;
+        char *n = NULL;
+        int r;
+
+        r = sd_bus_message_read(m, "s", &s);
+        assert_se(r > 0);
+
+        n = strjoin("<<<", s, ">>>", NULL);
+        assert_se(n);
+
+        free(c->something);
+        c->something = n;
+
+        log_info("AlterSomething() called, got %s, returning %s", s, n);
+
+        /* This should fail, since the return type doesn't match */
+        assert_se(sd_bus_reply_method_return(m, "u", 4711) == -ENOMSG);
+
+        r = sd_bus_reply_method_return(m, "s", n);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int exit_handler(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        struct context *c = userdata;
+        int r;
+
+        c->quit = true;
+
+        log_info("Exit called");
+
+        r = sd_bus_reply_method_return(m, "");
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int get_handler(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
+        struct context *c = userdata;
+        int r;
+
+        log_info("property get for %s called, returning \"%s\".", property, c->something);
+
+        r = sd_bus_message_append(reply, "s", c->something);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int set_handler(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *value, void *userdata, sd_bus_error *error) {
+        struct context *c = userdata;
+        const char *s;
+        char *n;
+        int r;
+
+        log_info("property set for %s called", property);
+
+        r = sd_bus_message_read(value, "s", &s);
+        assert_se(r >= 0);
+
+        n = strdup(s);
+        assert_se(n);
+
+        free(c->something);
+        c->something = n;
+
+        return 1;
+}
+
+static int value_handler(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
+        _cleanup_free_ char *s = NULL;
+        const char *x;
+        int r;
+
+        assert_se(asprintf(&s, "object %p, path %s", userdata, path) >= 0);
+        r = sd_bus_message_append(reply, "s", s);
+        assert_se(r >= 0);
+
+        assert_se(x = startswith(path, "/value/"));
+
+        assert_se(PTR_TO_UINT(userdata) == 30);
+
+        return 1;
+}
+
+static int notify_test(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int r;
+
+        assert_se(sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), m->path, "org.freedesktop.systemd.ValueTest", "Value", NULL) >= 0);
+
+        r = sd_bus_reply_method_return(m, NULL);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int notify_test2(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int r;
+
+        assert_se(sd_bus_emit_properties_changed_strv(sd_bus_message_get_bus(m), m->path, "org.freedesktop.systemd.ValueTest", NULL) >= 0);
+
+        r = sd_bus_reply_method_return(m, NULL);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int emit_interfaces_added(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int r;
+
+        assert_se(sd_bus_emit_interfaces_added(sd_bus_message_get_bus(m), "/value/a/x", "org.freedesktop.systemd.ValueTest", NULL) >= 0);
+
+        r = sd_bus_reply_method_return(m, NULL);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int emit_interfaces_removed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int r;
+
+        assert_se(sd_bus_emit_interfaces_removed(sd_bus_message_get_bus(m), "/value/a/x", "org.freedesktop.systemd.ValueTest", NULL) >= 0);
+
+        r = sd_bus_reply_method_return(m, NULL);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int emit_object_added(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int r;
+
+        assert_se(sd_bus_emit_object_added(sd_bus_message_get_bus(m), "/value/a/x") >= 0);
+
+        r = sd_bus_reply_method_return(m, NULL);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static int emit_object_removed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        int r;
+
+        assert_se(sd_bus_emit_object_removed(sd_bus_message_get_bus(m), "/value/a/x") >= 0);
+
+        r = sd_bus_reply_method_return(m, NULL);
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static const sd_bus_vtable vtable[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_METHOD("AlterSomething", "s", "s", something_handler, 0),
+        SD_BUS_METHOD("Exit", "", "", exit_handler, 0),
+        SD_BUS_WRITABLE_PROPERTY("Something", "s", get_handler, set_handler, 0, 0),
+        SD_BUS_WRITABLE_PROPERTY("AutomaticStringProperty", "s", NULL, NULL, offsetof(struct context, automatic_string_property), 0),
+        SD_BUS_WRITABLE_PROPERTY("AutomaticIntegerProperty", "u", NULL, NULL, offsetof(struct context, automatic_integer_property), 0),
+        SD_BUS_METHOD("NoOperation", NULL, NULL, NULL, 0),
+        SD_BUS_METHOD("EmitInterfacesAdded", NULL, NULL, emit_interfaces_added, 0),
+        SD_BUS_METHOD("EmitInterfacesRemoved", NULL, NULL, emit_interfaces_removed, 0),
+        SD_BUS_METHOD("EmitObjectAdded", NULL, NULL, emit_object_added, 0),
+        SD_BUS_METHOD("EmitObjectRemoved", NULL, NULL, emit_object_removed, 0),
+        SD_BUS_VTABLE_END
+};
+
+static const sd_bus_vtable vtable2[] = {
+        SD_BUS_VTABLE_START(0),
+        SD_BUS_METHOD("NotifyTest", "", "", notify_test, 0),
+        SD_BUS_METHOD("NotifyTest2", "", "", notify_test2, 0),
+        SD_BUS_PROPERTY("Value", "s", value_handler, 10, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+        SD_BUS_PROPERTY("Value2", "s", value_handler, 10, SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
+        SD_BUS_PROPERTY("Value3", "s", value_handler, 10, SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("Value4", "s", value_handler, 10, 0),
+        SD_BUS_PROPERTY("AnExplicitProperty", "s", NULL, offsetof(struct context, something), SD_BUS_VTABLE_PROPERTY_EXPLICIT|SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
+        SD_BUS_VTABLE_END
+};
+
+static int enumerator_callback(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
+
+        if (object_path_startswith("/value", path))
+                assert_se(*nodes = strv_new("/value/a", "/value/b", "/value/c", NULL));
+
+        return 1;
+}
+
+static int enumerator2_callback(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
+
+        if (object_path_startswith("/value/a", path))
+                assert_se(*nodes = strv_new("/value/a/x", "/value/a/y", "/value/a/z", NULL));
+
+        return 1;
+}
+
+static void *server(void *p) {
+        struct context *c = p;
+        sd_bus *bus = NULL;
+        sd_id128_t id;
+        int r;
+
+        c->quit = false;
+
+        assert_se(sd_id128_randomize(&id) >= 0);
+
+        assert_se(sd_bus_new(&bus) >= 0);
+        assert_se(sd_bus_set_fd(bus, c->fds[0], c->fds[0]) >= 0);
+        assert_se(sd_bus_set_server(bus, 1, id) >= 0);
+
+        assert_se(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.test", vtable, c) >= 0);
+        assert_se(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.test2", vtable, c) >= 0);
+        assert_se(sd_bus_add_fallback_vtable(bus, NULL, "/value", "org.freedesktop.systemd.ValueTest", vtable2, NULL, UINT_TO_PTR(20)) >= 0);
+        assert_se(sd_bus_add_node_enumerator(bus, NULL, "/value", enumerator_callback, NULL) >= 0);
+        assert_se(sd_bus_add_node_enumerator(bus, NULL, "/value/a", enumerator2_callback, NULL) >= 0);
+        assert_se(sd_bus_add_object_manager(bus, NULL, "/value") >= 0);
+        assert_se(sd_bus_add_object_manager(bus, NULL, "/value/a") >= 0);
+
+        assert_se(sd_bus_start(bus) >= 0);
+
+        log_error("Entering event loop on server");
+
+        while (!c->quit) {
+                log_error("Loop!");
+
+                r = sd_bus_process(bus, NULL);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to process requests: %m");
+                        goto fail;
+                }
+
+                if (r == 0) {
+                        r = sd_bus_wait(bus, (uint64_t) -1);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to wait: %m");
+                                goto fail;
+                        }
+
+                        continue;
+                }
+        }
+
+        r = 0;
+
+fail:
+        if (bus) {
+                sd_bus_flush(bus);
+                sd_bus_unref(bus);
+        }
+
+        return INT_TO_PTR(r);
+}
+
+static int client(struct context *c) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *s;
+        int r;
+
+        assert_se(sd_bus_new(&bus) >= 0);
+        assert_se(sd_bus_set_fd(bus, c->fds[1], c->fds[1]) >= 0);
+        assert_se(sd_bus_start(bus) >= 0);
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "NoOperation", &error, NULL, NULL);
+        assert_se(r >= 0);
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AlterSomething", &error, &reply, "s", "hallo");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        assert_se(streq(s, "<<<hallo>>>"));
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Doesntexist", &error, &reply, "");
+        assert_se(r < 0);
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD));
+
+        sd_bus_error_free(&error);
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AlterSomething", &error, &reply, "as", 1, "hallo");
+        assert_se(r < 0);
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_INVALID_ARGS));
+
+        sd_bus_error_free(&error);
+
+        r = sd_bus_get_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Something", &error, &reply, "s");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        assert_se(streq(s, "<<<hallo>>>"));
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_set_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Something", &error, "s", "test");
+        assert_se(r >= 0);
+
+        r = sd_bus_get_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Something", &error, &reply, "s");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        assert_se(streq(s, "test"));
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_set_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AutomaticIntegerProperty", &error, "u", 815);
+        assert_se(r >= 0);
+
+        assert_se(c->automatic_integer_property == 815);
+
+        r = sd_bus_set_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AutomaticStringProperty", &error, "s", "Du Dödel, Du!");
+        assert_se(r >= 0);
+
+        assert_se(streq(c->automatic_string_property, "Du Dödel, Du!"));
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        fputs(s, stdout);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_get_property(bus, "org.freedesktop.systemd.test", "/value/xuzz", "org.freedesktop.systemd.ValueTest", "Value", &error, &reply, "s");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        log_info("read %s", s);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        fputs(s, stdout);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        fputs(s, stdout);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_read(reply, "s", &s);
+        assert_se(r >= 0);
+        fputs(s, stdout);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", "");
+        assert_se(r >= 0);
+
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", "org.freedesktop.systemd.ValueTest2");
+        assert_se(r < 0);
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_INTERFACE));
+        sd_bus_error_free(&error);
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.DBus.ObjectManager", "GetManagedObjects", &error, &reply, "");
+        assert_se(r < 0);
+        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD));
+        sd_bus_error_free(&error);
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value", "org.freedesktop.DBus.ObjectManager", "GetManagedObjects", &error, &reply, "");
+        assert_se(r >= 0);
+
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.systemd.ValueTest", "NotifyTest", &error, NULL, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_process(bus, &reply);
+        assert_se(r > 0);
+
+        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.Properties", "PropertiesChanged"));
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.systemd.ValueTest", "NotifyTest2", &error, NULL, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_process(bus, &reply);
+        assert_se(r > 0);
+
+        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.Properties", "PropertiesChanged"));
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitInterfacesAdded", &error, NULL, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_process(bus, &reply);
+        assert_se(r > 0);
+
+        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesAdded"));
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitInterfacesRemoved", &error, NULL, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_process(bus, &reply);
+        assert_se(r > 0);
+
+        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesRemoved"));
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitObjectAdded", &error, NULL, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_process(bus, &reply);
+        assert_se(r > 0);
+
+        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesAdded"));
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitObjectRemoved", &error, NULL, "");
+        assert_se(r >= 0);
+
+        r = sd_bus_process(bus, &reply);
+        assert_se(r > 0);
+
+        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesRemoved"));
+        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        sd_bus_message_unref(reply);
+        reply = NULL;
+
+        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Exit", &error, NULL, "");
+        assert_se(r >= 0);
+
+        sd_bus_flush(bus);
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        struct context c = {};
+        pthread_t s;
+        void *p;
+        int r, q;
+
+        zero(c);
+
+        c.automatic_integer_property = 4711;
+        assert_se(c.automatic_string_property = strdup("dudeldu"));
+
+        assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, c.fds) >= 0);
+
+        r = pthread_create(&s, NULL, server, &c);
+        if (r != 0)
+                return -r;
+
+        r = client(&c);
+
+        q = pthread_join(s, &p);
+        if (q != 0)
+                return -q;
+
+        if (r < 0)
+                return r;
+
+        if (PTR_TO_INT(p) < 0)
+                return PTR_TO_INT(p);
+
+        free(c.something);
+        free(c.automatic_string_property);
+
+        return EXIT_SUCCESS;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-server.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-server.c
new file mode 100644
index 0000000000..190410674b
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-server.c
@@ -0,0 +1,216 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <pthread.h>
+#include <stdlib.h>
+
+#include <systemd/sd-bus.h>
+
+#include "bus-internal.h"
+#include "bus-util.h"
+#include "log.h"
+#include "macro.h"
+#include "util.h"
+
+struct context {
+        int fds[2];
+
+        bool client_negotiate_unix_fds;
+        bool server_negotiate_unix_fds;
+
+        bool client_anonymous_auth;
+        bool server_anonymous_auth;
+};
+
+static void *server(void *p) {
+        struct context *c = p;
+        sd_bus *bus = NULL;
+        sd_id128_t id;
+        bool quit = false;
+        int r;
+
+        assert_se(sd_id128_randomize(&id) >= 0);
+
+        assert_se(sd_bus_new(&bus) >= 0);
+        assert_se(sd_bus_set_fd(bus, c->fds[0], c->fds[0]) >= 0);
+        assert_se(sd_bus_set_server(bus, 1, id) >= 0);
+        assert_se(sd_bus_set_anonymous(bus, c->server_anonymous_auth) >= 0);
+        assert_se(sd_bus_negotiate_fds(bus, c->server_negotiate_unix_fds) >= 0);
+        assert_se(sd_bus_start(bus) >= 0);
+
+        while (!quit) {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+
+                r = sd_bus_process(bus, &m);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to process requests: %m");
+                        goto fail;
+                }
+
+                if (r == 0) {
+                        r = sd_bus_wait(bus, (uint64_t) -1);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to wait: %m");
+                                goto fail;
+                        }
+
+                        continue;
+                }
+
+                if (!m)
+                        continue;
+
+                log_info("Got message! member=%s", strna(sd_bus_message_get_member(m)));
+
+                if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "Exit")) {
+
+                        assert_se((sd_bus_can_send(bus, 'h') >= 1) == (c->server_negotiate_unix_fds && c->client_negotiate_unix_fds));
+
+                        r = sd_bus_message_new_method_return(m, &reply);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to allocate return: %m");
+                                goto fail;
+                        }
+
+                        quit = true;
+
+                } else if (sd_bus_message_is_method_call(m, NULL, NULL)) {
+                        r = sd_bus_message_new_method_error(
+                                        m,
+                                        &reply,
+                                        &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_UNKNOWN_METHOD, "Unknown method."));
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to allocate return: %m");
+                                goto fail;
+                        }
+                }
+
+                if (reply) {
+                        r = sd_bus_send(bus, reply, NULL);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send reply: %m");
+                                goto fail;
+                        }
+                }
+        }
+
+        r = 0;
+
+fail:
+        if (bus) {
+                sd_bus_flush(bus);
+                sd_bus_unref(bus);
+        }
+
+        return INT_TO_PTR(r);
+}
+
+static int client(struct context *c) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert_se(sd_bus_new(&bus) >= 0);
+        assert_se(sd_bus_set_fd(bus, c->fds[1], c->fds[1]) >= 0);
+        assert_se(sd_bus_negotiate_fds(bus, c->client_negotiate_unix_fds) >= 0);
+        assert_se(sd_bus_set_anonymous(bus, c->client_anonymous_auth) >= 0);
+        assert_se(sd_bus_start(bus) >= 0);
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd.test",
+                        "/",
+                        "org.freedesktop.systemd.test",
+                        "Exit");
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate method call: %m");
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0) {
+                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int test_one(bool client_negotiate_unix_fds, bool server_negotiate_unix_fds,
+                    bool client_anonymous_auth, bool server_anonymous_auth) {
+
+        struct context c;
+        pthread_t s;
+        void *p;
+        int r, q;
+
+        zero(c);
+
+        assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, c.fds) >= 0);
+
+        c.client_negotiate_unix_fds = client_negotiate_unix_fds;
+        c.server_negotiate_unix_fds = server_negotiate_unix_fds;
+        c.client_anonymous_auth = client_anonymous_auth;
+        c.server_anonymous_auth = server_anonymous_auth;
+
+        r = pthread_create(&s, NULL, server, &c);
+        if (r != 0)
+                return -r;
+
+        r = client(&c);
+
+        q = pthread_join(s, &p);
+        if (q != 0)
+                return -q;
+
+        if (r < 0)
+                return r;
+
+        if (PTR_TO_INT(p) < 0)
+                return PTR_TO_INT(p);
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+
+        r = test_one(true, true, false, false);
+        assert_se(r >= 0);
+
+        r = test_one(true, false, false, false);
+        assert_se(r >= 0);
+
+        r = test_one(false, true, false, false);
+        assert_se(r >= 0);
+
+        r = test_one(false, false, false, false);
+        assert_se(r >= 0);
+
+        r = test_one(true, true, true, true);
+        assert_se(r >= 0);
+
+        r = test_one(true, true, false, true);
+        assert_se(r >= 0);
+
+        r = test_one(true, true, true, false);
+        assert_se(r == -EPERM);
+
+        return EXIT_SUCCESS;
+}
diff --git a/src/libsystemd/sd-bus/test-bus-signature.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-signature.c
index 4f4fd093bf..4f4fd093bf 100644
--- a/src/libsystemd/sd-bus/test-bus-signature.c
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-signature.c
diff --git a/src/libsystemd/libsystemd-internal/sd-bus/test-bus-zero-copy.c b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-zero-copy.c
new file mode 100644
index 0000000000..9e20d67670
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-bus/test-bus-zero-copy.c
@@ -0,0 +1,210 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/mman.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-dump.h"
+#include "bus-kernel.h"
+#include "bus-message.h"
+#include "fd-util.h"
+#include "log.h"
+#include "memfd-util.h"
+#include "string-util.h"
+#include "util.h"
+
+#define FIRST_ARRAY 17
+#define SECOND_ARRAY 33
+
+#define STRING_SIZE 123
+
+int main(int argc, char *argv[]) {
+        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL;
+        const char *unique;
+        uint8_t *p;
+        sd_bus *a, *b;
+        int r, bus_ref;
+        sd_bus_message *m;
+        int f;
+        uint64_t sz;
+        uint32_t u32;
+        size_t i, l;
+        char *s;
+        _cleanup_close_ int sfd = -1;
+
+        log_set_max_level(LOG_DEBUG);
+
+        assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
+
+        bus_ref = bus_kernel_create_bus(name, false, &bus_name);
+        if (bus_ref == -ENOENT)
+                return EXIT_TEST_SKIP;
+
+        assert_se(bus_ref >= 0);
+
+        address = strappend("kernel:path=", bus_name);
+        assert_se(address);
+
+        r = sd_bus_new(&a);
+        assert_se(r >= 0);
+
+        r = sd_bus_new(&b);
+        assert_se(r >= 0);
+
+        r = sd_bus_set_address(a, address);
+        assert_se(r >= 0);
+
+        r = sd_bus_set_address(b, address);
+        assert_se(r >= 0);
+
+        r = sd_bus_start(a);
+        assert_se(r >= 0);
+
+        r = sd_bus_start(b);
+        assert_se(r >= 0);
+
+        r = sd_bus_get_unique_name(a, &unique);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_new_method_call(b, &m, unique, "/a/path", "an.inter.face", "AMethod");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_open_container(m, 'r', "aysay");
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append_array_space(m, 'y', FIRST_ARRAY, (void**) &p);
+        assert_se(r >= 0);
+
+        p[0] = '<';
+        memset(p+1, 'L', FIRST_ARRAY-2);
+        p[FIRST_ARRAY-1] = '>';
+
+        f = memfd_new_and_map(NULL, STRING_SIZE, (void**) &s);
+        assert_se(f >= 0);
+
+        s[0] = '<';
+        for (i = 1; i < STRING_SIZE-2; i++)
+                s[i] = '0' + (i % 10);
+        s[STRING_SIZE-2] = '>';
+        s[STRING_SIZE-1] = 0;
+        munmap(s, STRING_SIZE);
+
+        r = memfd_get_size(f, &sz);
+        assert_se(r >= 0);
+        assert_se(sz == STRING_SIZE);
+
+        r = sd_bus_message_append_string_memfd(m, f, 0, (uint64_t) -1);
+        assert_se(r >= 0);
+
+        close(f);
+
+        f = memfd_new_and_map(NULL, SECOND_ARRAY, (void**) &p);
+        assert_se(f >= 0);
+
+        p[0] = '<';
+        memset(p+1, 'P', SECOND_ARRAY-2);
+        p[SECOND_ARRAY-1] = '>';
+        munmap(p, SECOND_ARRAY);
+
+        r = memfd_get_size(f, &sz);
+        assert_se(r >= 0);
+        assert_se(sz == SECOND_ARRAY);
+
+        r = sd_bus_message_append_array_memfd(m, 'y', f, 0, (uint64_t) -1);
+        assert_se(r >= 0);
+
+        close(f);
+
+        r = sd_bus_message_close_container(m);
+        assert_se(r >= 0);
+
+        r = sd_bus_message_append(m, "u", 4711);
+        assert_se(r >= 0);
+
+        assert_se((sfd = memfd_new_and_map(NULL, 6, (void**) &p)) >= 0);
+        memcpy(p, "abcd\0", 6);
+        munmap(p, 6);
+        assert_se(sd_bus_message_append_string_memfd(m, sfd, 1, 4) >= 0);
+
+        r = bus_message_seal(m, 55, 99*USEC_PER_SEC);
+        assert_se(r >= 0);
+
+        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        r = sd_bus_send(b, m, NULL);
+        assert_se(r >= 0);
+
+        sd_bus_message_unref(m);
+
+        r = sd_bus_process(a, &m);
+        assert_se(r > 0);
+
+        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+        sd_bus_message_rewind(m, true);
+
+        r = sd_bus_message_enter_container(m, 'r', "aysay");
+        assert_se(r > 0);
+
+        r = sd_bus_message_read_array(m, 'y', (const void**) &p, &l);
+        assert_se(r > 0);
+        assert_se(l == FIRST_ARRAY);
+
+        assert_se(p[0] == '<');
+        for (i = 1; i < l-1; i++)
+                assert_se(p[i] == 'L');
+        assert_se(p[l-1] == '>');
+
+        r = sd_bus_message_read(m, "s", &s);
+        assert_se(r > 0);
+
+        assert_se(s[0] == '<');
+        for (i = 1; i < STRING_SIZE-2; i++)
+                assert_se(s[i] == (char) ('0' + (i % 10)));
+        assert_se(s[STRING_SIZE-2] == '>');
+        assert_se(s[STRING_SIZE-1] == 0);
+
+        r = sd_bus_message_read_array(m, 'y', (const void**) &p, &l);
+        assert_se(r > 0);
+        assert_se(l == SECOND_ARRAY);
+
+        assert_se(p[0] == '<');
+        for (i = 1; i < l-1; i++)
+                assert_se(p[i] == 'P');
+        assert_se(p[l-1] == '>');
+
+        r = sd_bus_message_exit_container(m);
+        assert_se(r > 0);
+
+        r = sd_bus_message_read(m, "u", &u32);
+        assert_se(r > 0);
+        assert_se(u32 == 4711);
+
+        r = sd_bus_message_read(m, "s", &s);
+        assert_se(r > 0);
+        assert_se(streq_ptr(s, "bcd"));
+
+        sd_bus_message_unref(m);
+
+        sd_bus_unref(a);
+        sd_bus_unref(b);
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-daemon/sd-daemon.c b/src/libsystemd/libsystemd-internal/sd-daemon/sd-daemon.c
new file mode 100644
index 0000000000..fa92199c43
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-daemon/sd-daemon.c
@@ -0,0 +1,622 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <limits.h>
+#include <mqueue.h>
+#include <netinet/in.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fs-util.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "socket-util.h"
+#include "strv.h"
+#include "util.h"
+
+#define SNDBUF_SIZE (8*1024*1024)
+
+static void unsetenv_all(bool unset_environment) {
+
+        if (!unset_environment)
+                return;
+
+        unsetenv("LISTEN_PID");
+        unsetenv("LISTEN_FDS");
+        unsetenv("LISTEN_FDNAMES");
+}
+
+_public_ int sd_listen_fds(int unset_environment) {
+        const char *e;
+        int n, r, fd;
+        pid_t pid;
+
+        e = getenv("LISTEN_PID");
+        if (!e) {
+                r = 0;
+                goto finish;
+        }
+
+        r = parse_pid(e, &pid);
+        if (r < 0)
+                goto finish;
+
+        /* Is this for us? */
+        if (getpid() != pid) {
+                r = 0;
+                goto finish;
+        }
+
+        e = getenv("LISTEN_FDS");
+        if (!e) {
+                r = 0;
+                goto finish;
+        }
+
+        r = safe_atoi(e, &n);
+        if (r < 0)
+                goto finish;
+
+        assert_cc(SD_LISTEN_FDS_START < INT_MAX);
+        if (n <= 0 || n > INT_MAX - SD_LISTEN_FDS_START) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
+                r = fd_cloexec(fd, true);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = n;
+
+finish:
+        unsetenv_all(unset_environment);
+        return r;
+}
+
+_public_ int sd_listen_fds_with_names(int unset_environment, char ***names) {
+        _cleanup_strv_free_ char **l = NULL;
+        bool have_names;
+        int n_names = 0, n_fds;
+        const char *e;
+        int r;
+
+        if (!names)
+                return sd_listen_fds(unset_environment);
+
+        e = getenv("LISTEN_FDNAMES");
+        if (e) {
+                n_names = strv_split_extract(&l, e, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+                if (n_names < 0) {
+                        unsetenv_all(unset_environment);
+                        return n_names;
+                }
+
+                have_names = true;
+        } else
+                have_names = false;
+
+        n_fds = sd_listen_fds(unset_environment);
+        if (n_fds <= 0)
+                return n_fds;
+
+        if (have_names) {
+                if (n_names != n_fds)
+                        return -EINVAL;
+        } else {
+                r = strv_extend_n(&l, "unknown", n_fds);
+                if (r < 0)
+                        return r;
+        }
+
+        *names = l;
+        l = NULL;
+
+        return n_fds;
+}
+
+_public_ int sd_is_fifo(int fd, const char *path) {
+        struct stat st_fd;
+
+        assert_return(fd >= 0, -EBADF);
+
+        if (fstat(fd, &st_fd) < 0)
+                return -errno;
+
+        if (!S_ISFIFO(st_fd.st_mode))
+                return 0;
+
+        if (path) {
+                struct stat st_path;
+
+                if (stat(path, &st_path) < 0) {
+
+                        if (errno == ENOENT || errno == ENOTDIR)
+                                return 0;
+
+                        return -errno;
+                }
+
+                return
+                        st_path.st_dev == st_fd.st_dev &&
+                        st_path.st_ino == st_fd.st_ino;
+        }
+
+        return 1;
+}
+
+_public_ int sd_is_special(int fd, const char *path) {
+        struct stat st_fd;
+
+        assert_return(fd >= 0, -EBADF);
+
+        if (fstat(fd, &st_fd) < 0)
+                return -errno;
+
+        if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode))
+                return 0;
+
+        if (path) {
+                struct stat st_path;
+
+                if (stat(path, &st_path) < 0) {
+
+                        if (errno == ENOENT || errno == ENOTDIR)
+                                return 0;
+
+                        return -errno;
+                }
+
+                if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode))
+                        return
+                                st_path.st_dev == st_fd.st_dev &&
+                                st_path.st_ino == st_fd.st_ino;
+                else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode))
+                        return st_path.st_rdev == st_fd.st_rdev;
+                else
+                        return 0;
+        }
+
+        return 1;
+}
+
+static int sd_is_socket_internal(int fd, int type, int listening) {
+        struct stat st_fd;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(type >= 0, -EINVAL);
+
+        if (fstat(fd, &st_fd) < 0)
+                return -errno;
+
+        if (!S_ISSOCK(st_fd.st_mode))
+                return 0;
+
+        if (type != 0) {
+                int other_type = 0;
+                socklen_t l = sizeof(other_type);
+
+                if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0)
+                        return -errno;
+
+                if (l != sizeof(other_type))
+                        return -EINVAL;
+
+                if (other_type != type)
+                        return 0;
+        }
+
+        if (listening >= 0) {
+                int accepting = 0;
+                socklen_t l = sizeof(accepting);
+
+                if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0)
+                        return -errno;
+
+                if (l != sizeof(accepting))
+                        return -EINVAL;
+
+                if (!accepting != !listening)
+                        return 0;
+        }
+
+        return 1;
+}
+
+_public_ int sd_is_socket(int fd, int family, int type, int listening) {
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(family >= 0, -EINVAL);
+
+        r = sd_is_socket_internal(fd, type, listening);
+        if (r <= 0)
+                return r;
+
+        if (family > 0) {
+                union sockaddr_union sockaddr = {};
+                socklen_t l = sizeof(sockaddr);
+
+                if (getsockname(fd, &sockaddr.sa, &l) < 0)
+                        return -errno;
+
+                if (l < sizeof(sa_family_t))
+                        return -EINVAL;
+
+                return sockaddr.sa.sa_family == family;
+        }
+
+        return 1;
+}
+
+_public_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) {
+        union sockaddr_union sockaddr = {};
+        socklen_t l = sizeof(sockaddr);
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(IN_SET(family, 0, AF_INET, AF_INET6), -EINVAL);
+
+        r = sd_is_socket_internal(fd, type, listening);
+        if (r <= 0)
+                return r;
+
+        if (getsockname(fd, &sockaddr.sa, &l) < 0)
+                return -errno;
+
+        if (l < sizeof(sa_family_t))
+                return -EINVAL;
+
+        if (sockaddr.sa.sa_family != AF_INET &&
+            sockaddr.sa.sa_family != AF_INET6)
+                return 0;
+
+        if (family != 0)
+                if (sockaddr.sa.sa_family != family)
+                        return 0;
+
+        if (port > 0) {
+                if (sockaddr.sa.sa_family == AF_INET) {
+                        if (l < sizeof(struct sockaddr_in))
+                                return -EINVAL;
+
+                        return htons(port) == sockaddr.in.sin_port;
+                } else {
+                        if (l < sizeof(struct sockaddr_in6))
+                                return -EINVAL;
+
+                        return htons(port) == sockaddr.in6.sin6_port;
+                }
+        }
+
+        return 1;
+}
+
+_public_ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) {
+        union sockaddr_union sockaddr = {};
+        socklen_t l = sizeof(sockaddr);
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+
+        r = sd_is_socket_internal(fd, type, listening);
+        if (r <= 0)
+                return r;
+
+        if (getsockname(fd, &sockaddr.sa, &l) < 0)
+                return -errno;
+
+        if (l < sizeof(sa_family_t))
+                return -EINVAL;
+
+        if (sockaddr.sa.sa_family != AF_UNIX)
+                return 0;
+
+        if (path) {
+                if (length == 0)
+                        length = strlen(path);
+
+                if (length == 0)
+                        /* Unnamed socket */
+                        return l == offsetof(struct sockaddr_un, sun_path);
+
+                if (path[0])
+                        /* Normal path socket */
+                        return
+                                (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) &&
+                                memcmp(path, sockaddr.un.sun_path, length+1) == 0;
+                else
+                        /* Abstract namespace socket */
+                        return
+                                (l == offsetof(struct sockaddr_un, sun_path) + length) &&
+                                memcmp(path, sockaddr.un.sun_path, length) == 0;
+        }
+
+        return 1;
+}
+
+_public_ int sd_is_mq(int fd, const char *path) {
+        struct mq_attr attr;
+
+        /* Check that the fd is valid */
+        assert_return(fcntl(fd, F_GETFD) >= 0, -errno);
+
+        if (mq_getattr(fd, &attr) < 0) {
+                if (errno == EBADF)
+                        /* A non-mq fd (or an invalid one, but we ruled that out above) */
+                        return 0;
+                return -errno;
+        }
+
+        if (path) {
+                char fpath[PATH_MAX];
+                struct stat a, b;
+
+                assert_return(path_is_absolute(path), -EINVAL);
+
+                if (fstat(fd, &a) < 0)
+                        return -errno;
+
+                strncpy(stpcpy(fpath, "/dev/mqueue"), path, sizeof(fpath) - 12);
+                fpath[sizeof(fpath)-1] = 0;
+
+                if (stat(fpath, &b) < 0)
+                        return -errno;
+
+                if (a.st_dev != b.st_dev ||
+                    a.st_ino != b.st_ino)
+                        return 0;
+        }
+
+        return 1;
+}
+
+_public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char *state, const int *fds, unsigned n_fds) {
+        union sockaddr_union sockaddr = {
+                .sa.sa_family = AF_UNIX,
+        };
+        struct iovec iovec = {
+                .iov_base = (char*) state,
+        };
+        struct msghdr msghdr = {
+                .msg_iov = &iovec,
+                .msg_iovlen = 1,
+                .msg_name = &sockaddr,
+        };
+        _cleanup_close_ int fd = -1;
+        struct cmsghdr *cmsg = NULL;
+        const char *e;
+        bool have_pid;
+        int r;
+
+        if (!state) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        if (n_fds > 0 && !fds) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        e = getenv("NOTIFY_SOCKET");
+        if (!e)
+                return 0;
+
+        /* Must be an abstract socket, or an absolute path */
+        if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        if (strlen(e) > sizeof(sockaddr.un.sun_path)) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
+        if (fd < 0) {
+                r = -errno;
+                goto finish;
+        }
+
+        fd_inc_sndbuf(fd, SNDBUF_SIZE);
+
+        iovec.iov_len = strlen(state);
+
+        strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
+        if (sockaddr.un.sun_path[0] == '@')
+                sockaddr.un.sun_path[0] = 0;
+
+        msghdr.msg_namelen = SOCKADDR_UN_LEN(sockaddr.un);
+
+        have_pid = pid != 0 && pid != getpid();
+
+        if (n_fds > 0 || have_pid) {
+                /* CMSG_SPACE(0) may return value different than zero, which results in miscalculated controllen. */
+                msghdr.msg_controllen =
+                        (n_fds > 0 ? CMSG_SPACE(sizeof(int) * n_fds) : 0) +
+                        (have_pid ? CMSG_SPACE(sizeof(struct ucred)) : 0);
+
+                msghdr.msg_control = alloca0(msghdr.msg_controllen);
+
+                cmsg = CMSG_FIRSTHDR(&msghdr);
+                if (n_fds > 0) {
+                        cmsg->cmsg_level = SOL_SOCKET;
+                        cmsg->cmsg_type = SCM_RIGHTS;
+                        cmsg->cmsg_len = CMSG_LEN(sizeof(int) * n_fds);
+
+                        memcpy(CMSG_DATA(cmsg), fds, sizeof(int) * n_fds);
+
+                        if (have_pid)
+                                assert_se(cmsg = CMSG_NXTHDR(&msghdr, cmsg));
+                }
+
+                if (have_pid) {
+                        struct ucred *ucred;
+
+                        cmsg->cmsg_level = SOL_SOCKET;
+                        cmsg->cmsg_type = SCM_CREDENTIALS;
+                        cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
+
+                        ucred = (struct ucred*) CMSG_DATA(cmsg);
+                        ucred->pid = pid;
+                        ucred->uid = getuid();
+                        ucred->gid = getgid();
+                }
+        }
+
+        /* First try with fake ucred data, as requested */
+        if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) {
+                r = 1;
+                goto finish;
+        }
+
+        /* If that failed, try with our own ucred instead */
+        if (have_pid) {
+                msghdr.msg_controllen -= CMSG_SPACE(sizeof(struct ucred));
+                if (msghdr.msg_controllen == 0)
+                        msghdr.msg_control = NULL;
+
+                if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) {
+                        r = 1;
+                        goto finish;
+                }
+        }
+
+        r = -errno;
+
+finish:
+        if (unset_environment)
+                unsetenv("NOTIFY_SOCKET");
+
+        return r;
+}
+
+_public_ int sd_pid_notify(pid_t pid, int unset_environment, const char *state) {
+        return sd_pid_notify_with_fds(pid, unset_environment, state, NULL, 0);
+}
+
+_public_ int sd_notify(int unset_environment, const char *state) {
+        return sd_pid_notify_with_fds(0, unset_environment, state, NULL, 0);
+}
+
+_public_ int sd_pid_notifyf(pid_t pid, int unset_environment, const char *format, ...) {
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        if (format) {
+                va_list ap;
+
+                va_start(ap, format);
+                r = vasprintf(&p, format, ap);
+                va_end(ap);
+
+                if (r < 0 || !p)
+                        return -ENOMEM;
+        }
+
+        return sd_pid_notify(pid, unset_environment, p);
+}
+
+_public_ int sd_notifyf(int unset_environment, const char *format, ...) {
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        if (format) {
+                va_list ap;
+
+                va_start(ap, format);
+                r = vasprintf(&p, format, ap);
+                va_end(ap);
+
+                if (r < 0 || !p)
+                        return -ENOMEM;
+        }
+
+        return sd_pid_notify(0, unset_environment, p);
+}
+
+_public_ int sd_booted(void) {
+        /* We test whether the runtime unit file directory has been
+         * created. This takes place in mount-setup.c, so is
+         * guaranteed to happen very early during boot. */
+
+        return laccess("/run/systemd/system/", F_OK) >= 0;
+}
+
+_public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
+        const char *s, *p = ""; /* p is set to dummy value to do unsetting */
+        uint64_t u;
+        int r = 0;
+
+        s = getenv("WATCHDOG_USEC");
+        if (!s)
+                goto finish;
+
+        r = safe_atou64(s, &u);
+        if (r < 0)
+                goto finish;
+        if (u <= 0 || u >= USEC_INFINITY) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        p = getenv("WATCHDOG_PID");
+        if (p) {
+                pid_t pid;
+
+                r = parse_pid(p, &pid);
+                if (r < 0)
+                        goto finish;
+
+                /* Is this for us? */
+                if (getpid() != pid) {
+                        r = 0;
+                        goto finish;
+                }
+        }
+
+        if (usec)
+                *usec = u;
+
+        r = 1;
+
+finish:
+        if (unset_environment && s)
+                unsetenv("WATCHDOG_USEC");
+        if (unset_environment && p)
+                unsetenv("WATCHDOG_PID");
+
+        return r;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-device/device-enumerator-private.h b/src/libsystemd/libsystemd-internal/sd-device/device-enumerator-private.h
new file mode 100644
index 0000000000..d46e26b56e
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-device/device-enumerator-private.h
@@ -0,0 +1,34 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-device.h>
+
+int device_enumerator_scan_devices(sd_device_enumerator *enumeartor);
+int device_enumerator_scan_subsystems(sd_device_enumerator *enumeartor);
+int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *device);
+int device_enumerator_add_match_is_initialized(sd_device_enumerator *enumerator);
+sd_device *device_enumerator_get_first(sd_device_enumerator *enumerator);
+sd_device *device_enumerator_get_next(sd_device_enumerator *enumerator);
+
+#define FOREACH_DEVICE_AND_SUBSYSTEM(enumerator, device)       \
+        for (device = device_enumerator_get_first(enumerator); \
+             device;                                           \
+             device = device_enumerator_get_next(enumerator))
diff --git a/src/libsystemd/libsystemd-internal/sd-device/device-enumerator.c b/src/libsystemd/libsystemd-internal/sd-device/device-enumerator.c
new file mode 100644
index 0000000000..796728ee0e
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-device/device-enumerator.c
@@ -0,0 +1,986 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
+  Copyright 2014-2015 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-device.h>
+
+#include "alloc-util.h"
+#include "device-enumerator-private.h"
+#include "device-util.h"
+#include "dirent-util.h"
+#include "fd-util.h"
+#include "prioq.h"
+#include "set.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+#define DEVICE_ENUMERATE_MAX_DEPTH 256
+
+typedef enum DeviceEnumerationType {
+        DEVICE_ENUMERATION_TYPE_DEVICES,
+        DEVICE_ENUMERATION_TYPE_SUBSYSTEMS,
+        _DEVICE_ENUMERATION_TYPE_MAX,
+        _DEVICE_ENUMERATION_TYPE_INVALID = -1,
+} DeviceEnumerationType;
+
+struct sd_device_enumerator {
+        unsigned n_ref;
+
+        DeviceEnumerationType type;
+        Prioq *devices;
+        bool scan_uptodate;
+
+        Set *match_subsystem;
+        Set *nomatch_subsystem;
+        Hashmap *match_sysattr;
+        Hashmap *nomatch_sysattr;
+        Hashmap *match_property;
+        Set *match_sysname;
+        Set *match_tag;
+        sd_device *match_parent;
+        bool match_allow_uninitialized;
+};
+
+_public_ int sd_device_enumerator_new(sd_device_enumerator **ret) {
+        _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *enumerator = NULL;
+
+        assert(ret);
+
+        enumerator = new0(sd_device_enumerator, 1);
+        if (!enumerator)
+                return -ENOMEM;
+
+        enumerator->n_ref = 1;
+        enumerator->type = _DEVICE_ENUMERATION_TYPE_INVALID;
+
+        *ret = enumerator;
+        enumerator = NULL;
+
+        return 0;
+}
+
+_public_ sd_device_enumerator *sd_device_enumerator_ref(sd_device_enumerator *enumerator) {
+        assert_return(enumerator, NULL);
+
+        assert_se((++ enumerator->n_ref) >= 2);
+
+        return enumerator;
+}
+
+_public_ sd_device_enumerator *sd_device_enumerator_unref(sd_device_enumerator *enumerator) {
+        if (enumerator && (-- enumerator->n_ref) == 0) {
+                sd_device *device;
+
+                while ((device = prioq_pop(enumerator->devices)))
+                        sd_device_unref(device);
+
+                prioq_free(enumerator->devices);
+
+                set_free_free(enumerator->match_subsystem);
+                set_free_free(enumerator->nomatch_subsystem);
+                hashmap_free_free_free(enumerator->match_sysattr);
+                hashmap_free_free_free(enumerator->nomatch_sysattr);
+                hashmap_free_free_free(enumerator->match_property);
+                set_free_free(enumerator->match_sysname);
+                set_free_free(enumerator->match_tag);
+                sd_device_unref(enumerator->match_parent);
+
+                free(enumerator);
+        }
+
+        return NULL;
+}
+
+_public_ int sd_device_enumerator_add_match_subsystem(sd_device_enumerator *enumerator, const char *subsystem, int match) {
+        Set **set;
+        int r;
+
+        assert_return(enumerator, -EINVAL);
+        assert_return(subsystem, -EINVAL);
+
+        if (match)
+                set = &enumerator->match_subsystem;
+        else
+                set = &enumerator->nomatch_subsystem;
+
+        r = set_ensure_allocated(set, NULL);
+        if (r < 0)
+                return r;
+
+        r = set_put_strdup(*set, subsystem);
+        if (r < 0)
+                return r;
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+_public_ int sd_device_enumerator_add_match_sysattr(sd_device_enumerator *enumerator, const char *_sysattr, const char *_value, int match) {
+        _cleanup_free_ char *sysattr = NULL, *value = NULL;
+        Hashmap **hashmap;
+        int r;
+
+        assert_return(enumerator, -EINVAL);
+        assert_return(_sysattr, -EINVAL);
+
+        if (match)
+                hashmap = &enumerator->match_sysattr;
+        else
+                hashmap = &enumerator->nomatch_sysattr;
+
+        r = hashmap_ensure_allocated(hashmap, NULL);
+        if (r < 0)
+                return r;
+
+        sysattr = strdup(_sysattr);
+        if (!sysattr)
+                return -ENOMEM;
+
+        if (_value) {
+                value = strdup(_value);
+                if (!value)
+                        return -ENOMEM;
+        }
+
+        r = hashmap_put(*hashmap, sysattr, value);
+        if (r < 0)
+                return r;
+
+        sysattr = NULL;
+        value = NULL;
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+_public_ int sd_device_enumerator_add_match_property(sd_device_enumerator *enumerator, const char *_property, const char *_value) {
+        _cleanup_free_ char *property = NULL, *value = NULL;
+        int r;
+
+        assert_return(enumerator, -EINVAL);
+        assert_return(_property, -EINVAL);
+
+        r = hashmap_ensure_allocated(&enumerator->match_property, NULL);
+        if (r < 0)
+                return r;
+
+        property = strdup(_property);
+        if (!property)
+                return -ENOMEM;
+
+        if (_value) {
+                value = strdup(_value);
+                if (!value)
+                        return -ENOMEM;
+        }
+
+        r = hashmap_put(enumerator->match_property, property, value);
+        if (r < 0)
+                return r;
+
+        property = NULL;
+        value = NULL;
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+_public_ int sd_device_enumerator_add_match_sysname(sd_device_enumerator *enumerator, const char *sysname) {
+        int r;
+
+        assert_return(enumerator, -EINVAL);
+        assert_return(sysname, -EINVAL);
+
+        r = set_ensure_allocated(&enumerator->match_sysname, NULL);
+        if (r < 0)
+                return r;
+
+        r = set_put_strdup(enumerator->match_sysname, sysname);
+        if (r < 0)
+                return r;
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+_public_ int sd_device_enumerator_add_match_tag(sd_device_enumerator *enumerator, const char *tag) {
+        int r;
+
+        assert_return(enumerator, -EINVAL);
+        assert_return(tag, -EINVAL);
+
+        r = set_ensure_allocated(&enumerator->match_tag, NULL);
+        if (r < 0)
+                return r;
+
+        r = set_put_strdup(enumerator->match_tag, tag);
+        if (r < 0)
+                return r;
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+_public_ int sd_device_enumerator_add_match_parent(sd_device_enumerator *enumerator, sd_device *parent) {
+        assert_return(enumerator, -EINVAL);
+        assert_return(parent, -EINVAL);
+
+        sd_device_unref(enumerator->match_parent);
+        enumerator->match_parent = sd_device_ref(parent);
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+_public_ int sd_device_enumerator_allow_uninitialized(sd_device_enumerator *enumerator) {
+        assert_return(enumerator, -EINVAL);
+
+        enumerator->match_allow_uninitialized = true;
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+int device_enumerator_add_match_is_initialized(sd_device_enumerator *enumerator) {
+        assert_return(enumerator, -EINVAL);
+
+        enumerator->match_allow_uninitialized = false;
+
+        enumerator->scan_uptodate = false;
+
+        return 0;
+}
+
+static int device_compare(const void *_a, const void *_b) {
+        sd_device *a = (sd_device *)_a, *b = (sd_device *)_b;
+        const char *devpath_a, *devpath_b, *sound_a;
+        bool delay_a, delay_b;
+
+        assert_se(sd_device_get_devpath(a, &devpath_a) >= 0);
+        assert_se(sd_device_get_devpath(b, &devpath_b) >= 0);
+
+        sound_a = strstr(devpath_a, "/sound/card");
+        if (sound_a) {
+                /* For sound cards the control device must be enumerated last to
+                 * make sure it's the final device node that gets ACLs applied.
+                 * Applications rely on this fact and use ACL changes on the
+                 * control node as an indicator that the ACL change of the
+                 * entire sound card completed. The kernel makes this guarantee
+                 * when creating those devices, and hence we should too when
+                 * enumerating them. */
+                sound_a += strlen("/sound/card");
+                sound_a = strchr(sound_a, '/');
+
+                if (sound_a) {
+                        unsigned prefix_len;
+
+                        prefix_len = sound_a - devpath_a;
+
+                        if (strncmp(devpath_a, devpath_b, prefix_len) == 0) {
+                                const char *sound_b;
+
+                                sound_b = devpath_b + prefix_len;
+
+                                if (startswith(sound_a, "/controlC") &&
+                                    !startswith(sound_b, "/contolC"))
+                                        return 1;
+
+                                if (!startswith(sound_a, "/controlC") &&
+                                    startswith(sound_b, "/controlC"))
+                                        return -1;
+                        }
+                }
+        }
+
+        /* md and dm devices are enumerated after all other devices */
+        delay_a = strstr(devpath_a, "/block/md") || strstr(devpath_a, "/block/dm-");
+        delay_b = strstr(devpath_b, "/block/md") || strstr(devpath_b, "/block/dm-");
+        if (delay_a != delay_b)
+                return delay_a - delay_b;
+
+        return strcmp(devpath_a, devpath_b);
+}
+
+int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *device) {
+        int r;
+
+        assert_return(enumerator, -EINVAL);
+        assert_return(device, -EINVAL);
+
+        r = prioq_ensure_allocated(&enumerator->devices, device_compare);
+        if (r < 0)
+                return r;
+
+        r = prioq_put(enumerator->devices, device, NULL);
+        if (r < 0)
+                return r;
+
+        sd_device_ref(device);
+
+        return 0;
+}
+
+static bool match_sysattr_value(sd_device *device, const char *sysattr, const char *match_value) {
+        const char *value;
+        int r;
+
+        assert(device);
+        assert(sysattr);
+
+        r = sd_device_get_sysattr_value(device, sysattr, &value);
+        if (r < 0)
+                return false;
+
+        if (!match_value)
+                return true;
+
+        if (fnmatch(match_value, value, 0) == 0)
+                return true;
+
+        return false;
+}
+
+static bool match_sysattr(sd_device_enumerator *enumerator, sd_device *device) {
+        const char *sysattr;
+        const char *value;
+        Iterator i;
+
+        assert(enumerator);
+        assert(device);
+
+        HASHMAP_FOREACH_KEY(value, sysattr, enumerator->nomatch_sysattr, i)
+                if (match_sysattr_value(device, sysattr, value))
+                        return false;
+
+        HASHMAP_FOREACH_KEY(value, sysattr, enumerator->match_sysattr, i)
+                if (!match_sysattr_value(device, sysattr, value))
+                        return false;
+
+        return true;
+}
+
+static bool match_property(sd_device_enumerator *enumerator, sd_device *device) {
+        const char *property;
+        const char *value;
+        Iterator i;
+
+        assert(enumerator);
+        assert(device);
+
+        if (hashmap_isempty(enumerator->match_property))
+                return true;
+
+        HASHMAP_FOREACH_KEY(value, property, enumerator->match_property, i) {
+                const char *property_dev, *value_dev;
+
+                FOREACH_DEVICE_PROPERTY(device, property_dev, value_dev) {
+                        if (fnmatch(property, property_dev, 0) != 0)
+                                continue;
+
+                        if (!value && !value_dev)
+                                return true;
+
+                        if (!value || !value_dev)
+                                continue;
+
+                        if (fnmatch(value, value_dev, 0) == 0)
+                                return true;
+                }
+        }
+
+        return false;
+}
+
+static bool match_tag(sd_device_enumerator *enumerator, sd_device *device) {
+        const char *tag;
+        Iterator i;
+
+        assert(enumerator);
+        assert(device);
+
+        SET_FOREACH(tag, enumerator->match_tag, i)
+                if (!sd_device_has_tag(device, tag))
+                        return false;
+
+        return true;
+}
+
+static bool match_parent(sd_device_enumerator *enumerator, sd_device *device) {
+        const char *devpath, *devpath_dev;
+        int r;
+
+        assert(enumerator);
+        assert(device);
+
+        if (!enumerator->match_parent)
+                return true;
+
+        r = sd_device_get_devpath(enumerator->match_parent, &devpath);
+        assert(r >= 0);
+
+        r = sd_device_get_devpath(device, &devpath_dev);
+        assert(r >= 0);
+
+        return startswith(devpath_dev, devpath);
+}
+
+static bool match_sysname(sd_device_enumerator *enumerator, const char *sysname) {
+        const char *sysname_match;
+        Iterator i;
+
+        assert(enumerator);
+        assert(sysname);
+
+        if (set_isempty(enumerator->match_sysname))
+                return true;
+
+        SET_FOREACH(sysname_match, enumerator->match_sysname, i)
+                if (fnmatch(sysname_match, sysname, 0) == 0)
+                        return true;
+
+        return false;
+}
+
+static int enumerator_scan_dir_and_add_devices(sd_device_enumerator *enumerator, const char *basedir, const char *subdir1, const char *subdir2) {
+        _cleanup_closedir_ DIR *dir = NULL;
+        char *path;
+        struct dirent *dent;
+        int r = 0;
+
+        assert(enumerator);
+        assert(basedir);
+
+        path = strjoina("/sys/", basedir, "/");
+
+        if (subdir1)
+                path = strjoina(path, subdir1, "/");
+
+        if (subdir2)
+                path = strjoina(path, subdir2, "/");
+
+        dir = opendir(path);
+        if (!dir)
+                return -errno;
+
+        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
+                _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+                char syspath[strlen(path) + 1 + strlen(dent->d_name) + 1];
+                dev_t devnum;
+                int ifindex, initialized, k;
+
+                if (dent->d_name[0] == '.')
+                        continue;
+
+                if (!match_sysname(enumerator, dent->d_name))
+                        continue;
+
+                (void)sprintf(syspath, "%s%s", path, dent->d_name);
+
+                k = sd_device_new_from_syspath(&device, syspath);
+                if (k < 0) {
+                        if (k != -ENODEV)
+                                /* this is necessarily racey, so ignore missing devices */
+                                r = k;
+
+                        continue;
+                }
+
+                k = sd_device_get_devnum(device, &devnum);
+                if (k < 0) {
+                        r = k;
+                        continue;
+                }
+
+                k = sd_device_get_ifindex(device, &ifindex);
+                if (k < 0) {
+                        r = k;
+                        continue;
+                }
+
+                k = sd_device_get_is_initialized(device, &initialized);
+                if (k < 0) {
+                        r = k;
+                        continue;
+                }
+
+                /*
+                 * All devices with a device node or network interfaces
+                 * possibly need udev to adjust the device node permission
+                 * or context, or rename the interface before it can be
+                 * reliably used from other processes.
+                 *
+                 * For now, we can only check these types of devices, we
+                 * might not store a database, and have no way to find out
+                 * for all other types of devices.
+                 */
+                if (!enumerator->match_allow_uninitialized &&
+                    !initialized &&
+                    (major(devnum) > 0 || ifindex > 0))
+                        continue;
+
+                if (!match_parent(enumerator, device))
+                        continue;
+
+                if (!match_tag(enumerator, device))
+                        continue;
+
+                if (!match_property(enumerator, device))
+                        continue;
+
+                if (!match_sysattr(enumerator, device))
+                        continue;
+
+                k = device_enumerator_add_device(enumerator, device);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static bool match_subsystem(sd_device_enumerator *enumerator, const char *subsystem) {
+        const char *subsystem_match;
+        Iterator i;
+
+        assert(enumerator);
+
+        if (!subsystem)
+                return false;
+
+        SET_FOREACH(subsystem_match, enumerator->nomatch_subsystem, i)
+                if (fnmatch(subsystem_match, subsystem, 0) == 0)
+                        return false;
+
+        if (set_isempty(enumerator->match_subsystem))
+                return true;
+
+        SET_FOREACH(subsystem_match, enumerator->match_subsystem, i)
+                if (fnmatch(subsystem_match, subsystem, 0) == 0)
+                        return true;
+
+        return false;
+}
+
+static int enumerator_scan_dir(sd_device_enumerator *enumerator, const char *basedir, const char *subdir, const char *subsystem) {
+        _cleanup_closedir_ DIR *dir = NULL;
+        char *path;
+        struct dirent *dent;
+        int r = 0;
+
+        path = strjoina("/sys/", basedir);
+
+        dir = opendir(path);
+        if (!dir)
+                return -errno;
+
+        log_debug("  device-enumerator: scanning %s", path);
+
+        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
+                int k;
+
+                if (dent->d_name[0] == '.')
+                        continue;
+
+                if (!match_subsystem(enumerator, subsystem ? : dent->d_name))
+                        continue;
+
+                k = enumerator_scan_dir_and_add_devices(enumerator, basedir, dent->d_name, subdir);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int enumerator_scan_devices_tag(sd_device_enumerator *enumerator, const char *tag) {
+        _cleanup_closedir_ DIR *dir = NULL;
+        char *path;
+        struct dirent *dent;
+        int r = 0;
+
+        assert(enumerator);
+        assert(tag);
+
+        path = strjoina("/run/udev/tags/", tag);
+
+        dir = opendir(path);
+        if (!dir) {
+                if (errno == ENOENT)
+                        return 0;
+                else {
+                        log_error("sd-device-enumerator: could not open tags directory %s: %m", path);
+                        return -errno;
+                }
+        }
+
+        /* TODO: filter away subsystems? */
+
+        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
+                _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+                const char *subsystem, *sysname;
+                int k;
+
+                if (dent->d_name[0] == '.')
+                        continue;
+
+                k = sd_device_new_from_device_id(&device, dent->d_name);
+                if (k < 0) {
+                        if (k != -ENODEV)
+                                /* this is necessarily racy, so ignore missing devices */
+                                r = k;
+
+                        continue;
+                }
+
+                k = sd_device_get_subsystem(device, &subsystem);
+                if (k < 0) {
+                        r = k;
+                        continue;
+                }
+
+                if (!match_subsystem(enumerator, subsystem))
+                        continue;
+
+                k = sd_device_get_sysname(device, &sysname);
+                if (k < 0) {
+                        r = k;
+                        continue;
+                }
+
+                if (!match_sysname(enumerator, sysname))
+                        continue;
+
+                if (!match_parent(enumerator, device))
+                        continue;
+
+                if (!match_property(enumerator, device))
+                        continue;
+
+                if (!match_sysattr(enumerator, device))
+                        continue;
+
+                k = device_enumerator_add_device(enumerator, device);
+                if (k < 0) {
+                        r = k;
+                        continue;
+                }
+        }
+
+        return r;
+}
+
+static int enumerator_scan_devices_tags(sd_device_enumerator *enumerator) {
+        const char *tag;
+        Iterator i;
+        int r;
+
+        assert(enumerator);
+
+        SET_FOREACH(tag, enumerator->match_tag, i) {
+                r = enumerator_scan_devices_tag(enumerator, tag);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int parent_add_child(sd_device_enumerator *enumerator, const char *path) {
+        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+        const char *subsystem, *sysname;
+        int r;
+
+        r = sd_device_new_from_syspath(&device, path);
+        if (r == -ENODEV)
+                /* this is necessarily racy, so ignore missing devices */
+                return 0;
+        else if (r < 0)
+                return r;
+
+        r = sd_device_get_subsystem(device, &subsystem);
+        if (r == -ENOENT)
+                return 0;
+        if (r < 0)
+                return r;
+
+        if (!match_subsystem(enumerator, subsystem))
+                return 0;
+
+        r = sd_device_get_sysname(device, &sysname);
+        if (r < 0)
+                return r;
+
+        if (!match_sysname(enumerator, sysname))
+                return 0;
+
+        if (!match_property(enumerator, device))
+                return 0;
+
+        if (!match_sysattr(enumerator, device))
+                return 0;
+
+        r = device_enumerator_add_device(enumerator, device);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int parent_crawl_children(sd_device_enumerator *enumerator, const char *path, unsigned maxdepth) {
+        _cleanup_closedir_ DIR *dir = NULL;
+        struct dirent *dent;
+        int r = 0;
+
+        dir = opendir(path);
+        if (!dir) {
+                log_debug("sd-device-enumerate: could not open parent directory %s: %m", path);
+                return -errno;
+        }
+
+        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
+                _cleanup_free_ char *child = NULL;
+                int k;
+
+                if (dent->d_name[0] == '.')
+                        continue;
+
+                if (dent->d_type != DT_DIR)
+                        continue;
+
+                child = strjoin(path, "/", dent->d_name, NULL);
+                if (!child)
+                        return -ENOMEM;
+
+                k = parent_add_child(enumerator, child);
+                if (k < 0)
+                        r = k;
+
+                if (maxdepth > 0)
+                        parent_crawl_children(enumerator, child, maxdepth - 1);
+                else
+                        log_debug("device-enumerate: max depth reached, %s: ignoring devices", child);
+        }
+
+        return r;
+}
+
+static int enumerator_scan_devices_children(sd_device_enumerator *enumerator) {
+        const char *path;
+        int r = 0, k;
+
+        r = sd_device_get_syspath(enumerator->match_parent, &path);
+        if (r < 0)
+                return r;
+
+        k = parent_add_child(enumerator, path);
+        if (k < 0)
+                r = k;
+
+        k = parent_crawl_children(enumerator, path, DEVICE_ENUMERATE_MAX_DEPTH);
+        if (k < 0)
+                r = k;
+
+        return r;
+}
+
+static int enumerator_scan_devices_all(sd_device_enumerator *enumerator) {
+        int r = 0;
+
+        log_debug("device-enumerator: scan all dirs");
+
+        if (access("/sys/subsystem", F_OK) >= 0) {
+                /* we have /subsystem/, forget all the old stuff */
+                r = enumerator_scan_dir(enumerator, "subsystem", "devices", NULL);
+                if (r < 0)
+                        return log_debug_errno(r, "device-enumerator: failed to scan /sys/subsystem: %m");
+        } else {
+                int k;
+
+                k = enumerator_scan_dir(enumerator, "bus", "devices", NULL);
+                if (k < 0) {
+                        log_debug_errno(k, "device-enumerator: failed to scan /sys/bus: %m");
+                        r = k;
+                }
+
+                k = enumerator_scan_dir(enumerator, "class", NULL, NULL);
+                if (k < 0) {
+                        log_debug_errno(k, "device-enumerator: failed to scan /sys/class: %m");
+                        r = k;
+                }
+        }
+
+        return r;
+}
+
+int device_enumerator_scan_devices(sd_device_enumerator *enumerator) {
+        sd_device *device;
+        int r;
+
+        assert(enumerator);
+
+        if (enumerator->scan_uptodate &&
+            enumerator->type == DEVICE_ENUMERATION_TYPE_DEVICES)
+                return 0;
+
+        while ((device = prioq_pop(enumerator->devices)))
+                sd_device_unref(device);
+
+        if (!set_isempty(enumerator->match_tag)) {
+                r = enumerator_scan_devices_tags(enumerator);
+                if (r < 0)
+                        return r;
+        } else if (enumerator->match_parent) {
+                r = enumerator_scan_devices_children(enumerator);
+                if (r < 0)
+                        return r;
+        } else {
+                r = enumerator_scan_devices_all(enumerator);
+                if (r < 0)
+                        return r;
+        }
+
+        enumerator->scan_uptodate = true;
+
+        return 0;
+}
+
+_public_ sd_device *sd_device_enumerator_get_device_first(sd_device_enumerator *enumerator) {
+        int r;
+
+        assert_return(enumerator, NULL);
+
+        r = device_enumerator_scan_devices(enumerator);
+        if (r < 0)
+                return NULL;
+
+        enumerator->type = DEVICE_ENUMERATION_TYPE_DEVICES;
+
+        return prioq_peek(enumerator->devices);
+}
+
+_public_ sd_device *sd_device_enumerator_get_device_next(sd_device_enumerator *enumerator) {
+        assert_return(enumerator, NULL);
+
+        if (!enumerator->scan_uptodate ||
+            enumerator->type != DEVICE_ENUMERATION_TYPE_DEVICES)
+                return NULL;
+
+        sd_device_unref(prioq_pop(enumerator->devices));
+
+        return prioq_peek(enumerator->devices);
+}
+
+int device_enumerator_scan_subsystems(sd_device_enumerator *enumerator) {
+        sd_device *device;
+        const char *subsysdir;
+        int r = 0, k;
+
+        assert(enumerator);
+
+        if (enumerator->scan_uptodate &&
+            enumerator->type == DEVICE_ENUMERATION_TYPE_SUBSYSTEMS)
+                return 0;
+
+        while ((device = prioq_pop(enumerator->devices)))
+                sd_device_unref(device);
+
+        /* modules */
+        if (match_subsystem(enumerator, "module")) {
+                k = enumerator_scan_dir_and_add_devices(enumerator, "module", NULL, NULL);
+                if (k < 0) {
+                        log_debug_errno(k, "device-enumerator: failed to scan modules: %m");
+                        r = k;
+                }
+        }
+
+        if (access("/sys/subsystem", F_OK) >= 0)
+                subsysdir = "subsystem";
+        else
+                subsysdir = "bus";
+
+        /* subsystems (only buses support coldplug) */
+        if (match_subsystem(enumerator, "subsystem")) {
+                k = enumerator_scan_dir_and_add_devices(enumerator, subsysdir, NULL, NULL);
+                if (k < 0) {
+                        log_debug_errno(k, "device-enumerator: failed to scan subsystems: %m");
+                        r = k;
+                }
+        }
+
+        /* subsystem drivers */
+        if (match_subsystem(enumerator, "drivers")) {
+                k = enumerator_scan_dir(enumerator, subsysdir, "drivers", "drivers");
+                if (k < 0) {
+                        log_debug_errno(k, "device-enumerator: failed to scan drivers: %m");
+                        r = k;
+                }
+        }
+
+        enumerator->scan_uptodate = true;
+
+        return r;
+}
+
+_public_ sd_device *sd_device_enumerator_get_subsystem_first(sd_device_enumerator *enumerator) {
+        int r;
+
+        assert_return(enumerator, NULL);
+
+        r = device_enumerator_scan_subsystems(enumerator);
+        if (r < 0)
+                return NULL;
+
+        enumerator->type = DEVICE_ENUMERATION_TYPE_SUBSYSTEMS;
+
+        return prioq_peek(enumerator->devices);
+}
+
+_public_ sd_device *sd_device_enumerator_get_subsystem_next(sd_device_enumerator *enumerator) {
+        assert_return(enumerator, NULL);
+
+        if (enumerator->scan_uptodate ||
+            enumerator->type != DEVICE_ENUMERATION_TYPE_SUBSYSTEMS)
+                return NULL;
+
+        sd_device_unref(prioq_pop(enumerator->devices));
+
+        return prioq_peek(enumerator->devices);
+}
+
+sd_device *device_enumerator_get_first(sd_device_enumerator *enumerator) {
+        assert_return(enumerator, NULL);
+
+        return prioq_peek(enumerator->devices);
+}
+
+sd_device *device_enumerator_get_next(sd_device_enumerator *enumerator) {
+        assert_return(enumerator, NULL);
+
+        sd_device_unref(prioq_pop(enumerator->devices));
+
+        return prioq_peek(enumerator->devices);
+}
diff --git a/src/libsystemd/sd-device/device-internal.h b/src/libsystemd/libsystemd-internal/sd-device/device-internal.h
index ab222e27de..ab222e27de 100644
--- a/src/libsystemd/sd-device/device-internal.h
+++ b/src/libsystemd/libsystemd-internal/sd-device/device-internal.h
diff --git a/src/libsystemd/libsystemd-internal/sd-device/device-private.c b/src/libsystemd/libsystemd-internal/sd-device/device-private.c
new file mode 100644
index 0000000000..51cabcb048
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-device/device-private.c
@@ -0,0 +1,1119 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <ctype.h>
+#include <net/if.h>
+#include <sys/types.h>
+
+#include <systemd/sd-device.h>
+
+#include "alloc-util.h"
+#include "device-internal.h"
+#include "device-private.h"
+#include "device-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hashmap.h"
+#include "macro.h"
+#include "mkdir.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "refcnt.h"
+#include "set.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "strv.h"
+#include "strxcpyx.h"
+#include "user-util.h"
+#include "util.h"
+
+int device_add_property(sd_device *device, const char *key, const char *value) {
+        int r;
+
+        assert(device);
+        assert(key);
+
+        r = device_add_property_aux(device, key, value, false);
+        if (r < 0)
+                return r;
+
+        if (key[0] != '.') {
+                r = device_add_property_aux(device, key, value, true);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int device_add_property_internal_from_string(sd_device *device, const char *str) {
+        _cleanup_free_ char *key = NULL;
+        char *value;
+
+        assert(device);
+        assert(str);
+
+        key = strdup(str);
+        if (!key)
+                return -ENOMEM;
+
+        value = strchr(key, '=');
+        if (!value)
+                return -EINVAL;
+
+        *value = '\0';
+
+        if (isempty(++value))
+                value = NULL;
+
+        return device_add_property_internal(device, key, value);
+}
+
+static int handle_db_line(sd_device *device, char key, const char *value) {
+        char *path;
+        int r;
+
+        assert(device);
+        assert(value);
+
+        switch (key) {
+        case 'S':
+                path = strjoina("/dev/", value);
+                r = device_add_devlink(device, path);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'L':
+                r = safe_atoi(value, &device->devlink_priority);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'E':
+                r = device_add_property_internal_from_string(device, value);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'G':
+                r = device_add_tag(device, value);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'W':
+                r = safe_atoi(value, &device->watch_handle);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'I':
+                r = device_set_usec_initialized(device, value);
+                if (r < 0)
+                        return r;
+
+                break;
+        default:
+                log_debug("device db: unknown key '%c'", key);
+        }
+
+        return 0;
+}
+
+void device_set_devlink_priority(sd_device *device, int priority) {
+        assert(device);
+
+        device->devlink_priority = priority;
+}
+
+void device_set_is_initialized(sd_device *device) {
+        assert(device);
+
+        device->is_initialized = true;
+}
+
+int device_ensure_usec_initialized(sd_device *device, sd_device *device_old) {
+        char num[DECIMAL_STR_MAX(usec_t)];
+        usec_t usec_initialized;
+        int r;
+
+        assert(device);
+
+        if (device_old && device_old->usec_initialized > 0)
+                usec_initialized = device_old->usec_initialized;
+        else
+                usec_initialized = now(CLOCK_MONOTONIC);
+
+        r = snprintf(num, sizeof(num), USEC_FMT, usec_initialized);
+        if (r < 0)
+                return -errno;
+
+        r = device_set_usec_initialized(device, num);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int device_read_db(sd_device *device) {
+        _cleanup_free_ char *db = NULL;
+        char *path;
+        const char *id, *value;
+        char key;
+        size_t db_len;
+        unsigned i;
+        int r;
+
+        enum {
+                PRE_KEY,
+                KEY,
+                PRE_VALUE,
+                VALUE,
+                INVALID_LINE,
+        } state = PRE_KEY;
+
+        assert(device);
+
+        if (device->db_loaded || device->sealed)
+                return 0;
+
+        r = device_get_id_filename(device, &id);
+        if (r < 0)
+                return r;
+
+        path = strjoina("/run/udev/data/", id);
+
+        r = read_full_file(path, &db, &db_len);
+        if (r < 0) {
+                if (r == -ENOENT)
+                        return 0;
+                else
+                        return log_debug_errno(r, "sd-device: failed to read db '%s': %m", path);
+        }
+
+        /* devices with a database entry are initialized */
+        device_set_is_initialized(device);
+
+        for (i = 0; i < db_len; i++) {
+                switch (state) {
+                case PRE_KEY:
+                        if (!strchr(NEWLINE, db[i])) {
+                                key = db[i];
+
+                                state = KEY;
+                        }
+
+                        break;
+                case KEY:
+                        if (db[i] != ':') {
+                                log_debug("sd-device: ignoring invalid db entry with key '%c'", key);
+
+                                state = INVALID_LINE;
+                        } else {
+                                db[i] = '\0';
+
+                                state = PRE_VALUE;
+                        }
+
+                        break;
+                case PRE_VALUE:
+                        value = &db[i];
+
+                        state = VALUE;
+
+                        break;
+                case INVALID_LINE:
+                        if (strchr(NEWLINE, db[i]))
+                                state = PRE_KEY;
+
+                        break;
+                case VALUE:
+                        if (strchr(NEWLINE, db[i])) {
+                                db[i] = '\0';
+                                r = handle_db_line(device, key, value);
+                                if (r < 0)
+                                        log_debug_errno(r, "sd-device: failed to handle db entry '%c:%s': %m", key, value);
+
+                                state = PRE_KEY;
+                        }
+
+                        break;
+                default:
+                        assert_not_reached("invalid state when parsing db");
+                }
+        }
+
+        device->db_loaded = true;
+
+        return 0;
+}
+
+uint64_t device_get_properties_generation(sd_device *device) {
+        assert(device);
+
+        return device->properties_generation;
+}
+
+uint64_t device_get_tags_generation(sd_device *device) {
+        assert(device);
+
+        return device->tags_generation;
+}
+
+uint64_t device_get_devlinks_generation(sd_device *device) {
+        assert(device);
+
+        return device->devlinks_generation;
+}
+
+int device_get_devnode_mode(sd_device *device, mode_t *mode) {
+        int r;
+
+        assert(device);
+        assert(mode);
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        *mode = device->devmode;
+
+        return 0;
+}
+
+int device_get_devnode_uid(sd_device *device, uid_t *uid) {
+        int r;
+
+        assert(device);
+        assert(uid);
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        *uid = device->devuid;
+
+        return 0;
+}
+
+static int device_set_devuid(sd_device *device, const char *uid) {
+        unsigned u;
+        int r;
+
+        assert(device);
+        assert(uid);
+
+        r = safe_atou(uid, &u);
+        if (r < 0)
+                return r;
+
+        r = device_add_property_internal(device, "DEVUID", uid);
+        if (r < 0)
+                return r;
+
+        device->devuid = u;
+
+        return 0;
+}
+
+int device_get_devnode_gid(sd_device *device, gid_t *gid) {
+        int r;
+
+        assert(device);
+        assert(gid);
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        *gid = device->devgid;
+
+        return 0;
+}
+
+static int device_set_devgid(sd_device *device, const char *gid) {
+        unsigned g;
+        int r;
+
+        assert(device);
+        assert(gid);
+
+        r = safe_atou(gid, &g);
+        if (r < 0)
+                return r;
+
+        r = device_add_property_internal(device, "DEVGID", gid);
+        if (r < 0)
+                return r;
+
+        device->devgid = g;
+
+        return 0;
+}
+
+static int device_amend(sd_device *device, const char *key, const char *value) {
+        int r;
+
+        assert(device);
+        assert(key);
+        assert(value);
+
+        if (streq(key, "DEVPATH")) {
+                char *path;
+
+                path = strjoina("/sys", value);
+
+                /* the caller must verify or trust this data (e.g., if it comes from the kernel) */
+                r = device_set_syspath(device, path, false);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set syspath to '%s': %m", path);
+        } else if (streq(key, "SUBSYSTEM")) {
+                r = device_set_subsystem(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set subsystem to '%s': %m", value);
+        } else if (streq(key, "DEVTYPE")) {
+                r = device_set_devtype(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set devtype to '%s': %m", value);
+        } else if (streq(key, "DEVNAME")) {
+                r = device_set_devname(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set devname to '%s': %m", value);
+        } else if (streq(key, "USEC_INITIALIZED")) {
+                r = device_set_usec_initialized(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set usec-initialized to '%s': %m", value);
+        } else if (streq(key, "DRIVER")) {
+                r = device_set_driver(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set driver to '%s': %m", value);
+        } else if (streq(key, "IFINDEX")) {
+                r = device_set_ifindex(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set ifindex to '%s': %m", value);
+        } else if (streq(key, "DEVMODE")) {
+                r = device_set_devmode(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set devmode to '%s': %m", value);
+        } else if (streq(key, "DEVUID")) {
+                r = device_set_devuid(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set devuid to '%s': %m", value);
+        } else if (streq(key, "DEVGID")) {
+                r = device_set_devgid(device, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set devgid to '%s': %m", value);
+        } else if (streq(key, "DEVLINKS")) {
+                const char *word, *state;
+                size_t l;
+
+                FOREACH_WORD(word, l, value, state) {
+                        char devlink[l + 1];
+
+                        strncpy(devlink, word, l);
+                        devlink[l] = '\0';
+
+                        r = device_add_devlink(device, devlink);
+                        if (r < 0)
+                                return log_debug_errno(r, "sd-device: could not add devlink '%s': %m", devlink);
+                }
+        } else if (streq(key, "TAGS")) {
+                const char *word, *state;
+                size_t l;
+
+                FOREACH_WORD_SEPARATOR(word, l, value, ":", state) {
+                        char tag[l + 1];
+
+                        (void)strncpy(tag, word, l);
+                        tag[l] = '\0';
+
+                        r = device_add_tag(device, tag);
+                        if (r < 0)
+                                return log_debug_errno(r, "sd-device: could not add tag '%s': %m", tag);
+                }
+        } else {
+                r = device_add_property_internal(device, key, value);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not add property '%s=%s': %m", key, value);
+        }
+
+        return 0;
+}
+
+static const char* const device_action_table[_DEVICE_ACTION_MAX] = {
+        [DEVICE_ACTION_ADD] = "add",
+        [DEVICE_ACTION_REMOVE] = "remove",
+        [DEVICE_ACTION_CHANGE] = "change",
+        [DEVICE_ACTION_MOVE] = "move",
+        [DEVICE_ACTION_ONLINE] = "online",
+        [DEVICE_ACTION_OFFLINE] = "offline",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(device_action, DeviceAction);
+
+static int device_append(sd_device *device, char *key, const char **_major, const char **_minor, uint64_t *_seqnum,
+                         DeviceAction *_action) {
+        DeviceAction action = _DEVICE_ACTION_INVALID;
+        uint64_t seqnum = 0;
+        const char *major = NULL, *minor = NULL;
+        char *value;
+        int r;
+
+        assert(device);
+        assert(key);
+        assert(_major);
+        assert(_minor);
+        assert(_seqnum);
+        assert(_action);
+
+        value = strchr(key, '=');
+        if (!value) {
+                log_debug("sd-device: not a key-value pair: '%s'", key);
+                return -EINVAL;
+        }
+
+        *value = '\0';
+
+        value++;
+
+        if (streq(key, "MAJOR"))
+                major = value;
+        else if (streq(key, "MINOR"))
+                minor = value;
+        else {
+                if (streq(key, "ACTION")) {
+                        action = device_action_from_string(value);
+                        if (action == _DEVICE_ACTION_INVALID)
+                                return -EINVAL;
+                } else if (streq(key, "SEQNUM")) {
+                        r = safe_atou64(value, &seqnum);
+                        if (r < 0)
+                                return r;
+                        else if (seqnum == 0)
+                                 /* kernel only sends seqnum > 0 */
+                                return -EINVAL;
+                }
+
+                r = device_amend(device, key, value);
+                if (r < 0)
+                        return r;
+        }
+
+        if (major != 0)
+                *_major = major;
+
+        if (minor != 0)
+                *_minor = minor;
+
+        if (action != _DEVICE_ACTION_INVALID)
+                *_action = action;
+
+        if (seqnum > 0)
+                *_seqnum = seqnum;
+
+        return 0;
+}
+
+void device_seal(sd_device *device) {
+        assert(device);
+
+        device->sealed = true;
+}
+
+static int device_verify(sd_device *device, DeviceAction action, uint64_t seqnum) {
+        assert(device);
+
+        if (!device->devpath || !device->subsystem || action == _DEVICE_ACTION_INVALID || seqnum == 0) {
+                log_debug("sd-device: device created from strv lacks devpath, subsystem, action or seqnum");
+                return -EINVAL;
+        }
+
+        device->sealed = true;
+
+        return 0;
+}
+
+int device_new_from_strv(sd_device **ret, char **strv) {
+        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+        char **key;
+        const char *major = NULL, *minor = NULL;
+        DeviceAction action = _DEVICE_ACTION_INVALID;
+        uint64_t seqnum;
+        int r;
+
+        assert(ret);
+        assert(strv);
+
+        r = device_new_aux(&device);
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH(key, strv) {
+                r = device_append(device, *key, &major, &minor, &seqnum, &action);
+                if (r < 0)
+                        return r;
+        }
+
+        if (major) {
+                r = device_set_devnum(device, major, minor);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set devnum %s:%s: %m", major, minor);
+        }
+
+        r = device_verify(device, action, seqnum);
+        if (r < 0)
+                return r;
+
+        *ret = device;
+        device = NULL;
+
+        return 0;
+}
+
+int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len) {
+        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+        const char *major = NULL, *minor = NULL;
+        DeviceAction action = _DEVICE_ACTION_INVALID;
+        uint64_t seqnum;
+        unsigned i = 0;
+        int r;
+
+        assert(ret);
+        assert(nulstr);
+        assert(len);
+
+        r = device_new_aux(&device);
+        if (r < 0)
+                return r;
+
+        while (i < len) {
+                char *key;
+                const char *end;
+
+                key = (char*)&nulstr[i];
+                end = memchr(key, '\0', len - i);
+                if (!end) {
+                        log_debug("sd-device: failed to parse nulstr");
+                        return -EINVAL;
+                }
+                i += end - key + 1;
+
+                r = device_append(device, key, &major, &minor, &seqnum, &action);
+                if (r < 0)
+                        return r;
+        }
+
+        if (major) {
+                r = device_set_devnum(device, major, minor);
+                if (r < 0)
+                        return log_debug_errno(r, "sd-device: could not set devnum %s:%s: %m", major, minor);
+        }
+
+        r = device_verify(device, action, seqnum);
+        if (r < 0)
+                return r;
+
+        *ret = device;
+        device = NULL;
+
+        return 0;
+}
+
+static int device_update_properties_bufs(sd_device *device) {
+        const char *val, *prop;
+        _cleanup_free_ char **buf_strv = NULL;
+        _cleanup_free_ uint8_t *buf_nulstr = NULL;
+        size_t allocated_nulstr = 0;
+        size_t nulstr_len = 0, num = 0, i = 0;
+
+        assert(device);
+
+        if (!device->properties_buf_outdated)
+                return 0;
+
+        FOREACH_DEVICE_PROPERTY(device, prop, val) {
+                size_t len = 0;
+
+                len = strlen(prop) + 1 + strlen(val);
+
+                buf_nulstr = GREEDY_REALLOC0(buf_nulstr, allocated_nulstr, nulstr_len + len + 2);
+                if (!buf_nulstr)
+                        return -ENOMEM;
+
+                strscpyl((char *)buf_nulstr + nulstr_len, len + 1, prop, "=", val, NULL);
+                nulstr_len += len + 1;
+                ++num;
+        }
+
+        /* build buf_strv from buf_nulstr */
+        buf_strv = new0(char *, num + 1);
+        if (!buf_strv)
+                return -ENOMEM;
+
+        NULSTR_FOREACH(val, (char*) buf_nulstr) {
+                buf_strv[i] = (char *) val;
+                assert(i < num);
+                i++;
+        }
+
+        free(device->properties_nulstr);
+        device->properties_nulstr = buf_nulstr;
+        buf_nulstr = NULL;
+        device->properties_nulstr_len = nulstr_len;
+        free(device->properties_strv);
+        device->properties_strv = buf_strv;
+        buf_strv = NULL;
+
+        device->properties_buf_outdated = false;
+
+        return 0;
+}
+
+int device_get_properties_nulstr(sd_device *device, const uint8_t **nulstr, size_t *len) {
+        int r;
+
+        assert(device);
+        assert(nulstr);
+        assert(len);
+
+        r = device_update_properties_bufs(device);
+        if (r < 0)
+                return r;
+
+        *nulstr = device->properties_nulstr;
+        *len = device->properties_nulstr_len;
+
+        return 0;
+}
+
+int device_get_properties_strv(sd_device *device, char ***strv) {
+        int r;
+
+        assert(device);
+        assert(strv);
+
+        r = device_update_properties_bufs(device);
+        if (r < 0)
+                return r;
+
+        *strv = device->properties_strv;
+
+        return 0;
+}
+
+int device_get_devlink_priority(sd_device *device, int *priority) {
+        int r;
+
+        assert(device);
+        assert(priority);
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        *priority = device->devlink_priority;
+
+        return 0;
+}
+
+int device_get_watch_handle(sd_device *device, int *handle) {
+        int r;
+
+        assert(device);
+        assert(handle);
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        *handle = device->watch_handle;
+
+        return 0;
+}
+
+void device_set_watch_handle(sd_device *device, int handle) {
+        assert(device);
+
+        device->watch_handle = handle;
+}
+
+int device_rename(sd_device *device, const char *name) {
+        _cleanup_free_ char *dirname = NULL;
+        char *new_syspath;
+        const char *interface;
+        int r;
+
+        assert(device);
+        assert(name);
+
+        dirname = dirname_malloc(device->syspath);
+        if (!dirname)
+                return -ENOMEM;
+
+        new_syspath = strjoina(dirname, "/", name);
+
+        /* the user must trust that the new name is correct */
+        r = device_set_syspath(device, new_syspath, false);
+        if (r < 0)
+                return r;
+
+        r = sd_device_get_property_value(device, "INTERFACE", &interface);
+        if (r >= 0) {
+                r = device_add_property_internal(device, "INTERFACE", name);
+                if (r < 0)
+                        return r;
+
+                /* like DEVPATH_OLD, INTERFACE_OLD is not saved to the db, but only stays around for the current event */
+                r = device_add_property_internal(device, "INTERFACE_OLD", interface);
+                if (r < 0)
+                        return r;
+        } else if (r != -ENOENT)
+                return r;
+
+        return 0;
+}
+
+int device_shallow_clone(sd_device *old_device, sd_device **new_device) {
+        _cleanup_(sd_device_unrefp) sd_device *ret = NULL;
+        int r;
+
+        assert(old_device);
+        assert(new_device);
+
+        r = device_new_aux(&ret);
+        if (r < 0)
+                return r;
+
+        r = device_set_syspath(ret, old_device->syspath, false);
+        if (r < 0)
+                return r;
+
+        r = device_set_subsystem(ret, old_device->subsystem);
+        if (r < 0)
+                return r;
+
+        ret->devnum = old_device->devnum;
+
+        *new_device = ret;
+        ret = NULL;
+
+        return 0;
+}
+
+int device_clone_with_db(sd_device *old_device, sd_device **new_device) {
+        _cleanup_(sd_device_unrefp) sd_device *ret = NULL;
+        int r;
+
+        assert(old_device);
+        assert(new_device);
+
+        r = device_shallow_clone(old_device, &ret);
+        if (r < 0)
+                return r;
+
+        r = device_read_db(ret);
+        if (r < 0)
+                return r;
+
+        ret->sealed = true;
+
+        *new_device = ret;
+        ret = NULL;
+
+        return 0;
+}
+
+int device_new_from_synthetic_event(sd_device **new_device, const char *syspath, const char *action) {
+        _cleanup_(sd_device_unrefp) sd_device *ret = NULL;
+        int r;
+
+        assert(new_device);
+        assert(syspath);
+        assert(action);
+
+        r = sd_device_new_from_syspath(&ret, syspath);
+        if (r < 0)
+                return r;
+
+        r = device_read_uevent_file(ret);
+        if (r < 0)
+                return r;
+
+        r = device_add_property_internal(ret, "ACTION", action);
+        if (r < 0)
+                return r;
+
+        *new_device = ret;
+        ret = NULL;
+
+        return 0;
+}
+
+int device_copy_properties(sd_device *device_dst, sd_device *device_src) {
+        const char *property, *value;
+        int r;
+
+        assert(device_dst);
+        assert(device_src);
+
+        FOREACH_DEVICE_PROPERTY(device_src, property, value) {
+                r = device_add_property(device_dst, property, value);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+void device_cleanup_tags(sd_device *device) {
+        assert(device);
+
+        set_free_free(device->tags);
+        device->tags = NULL;
+        device->property_tags_outdated = true;
+        device->tags_generation++;
+}
+
+void device_cleanup_devlinks(sd_device *device) {
+        assert(device);
+
+        set_free_free(device->devlinks);
+        device->devlinks = NULL;
+        device->property_devlinks_outdated = true;
+        device->devlinks_generation++;
+}
+
+void device_remove_tag(sd_device *device, const char *tag) {
+        assert(device);
+        assert(tag);
+
+        free(set_remove(device->tags, tag));
+        device->property_tags_outdated = true;
+        device->tags_generation++;
+}
+
+static int device_tag(sd_device *device, const char *tag, bool add) {
+        const char *id;
+        char *path;
+        int r;
+
+        assert(device);
+        assert(tag);
+
+        r = device_get_id_filename(device, &id);
+        if (r < 0)
+                return r;
+
+        path = strjoina("/run/udev/tags/", tag, "/", id);
+
+        if (add) {
+                r = touch_file(path, true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0444);
+                if (r < 0)
+                        return r;
+        } else {
+                r = unlink(path);
+                if (r < 0 && errno != ENOENT)
+                        return -errno;
+        }
+
+        return 0;
+}
+
+int device_tag_index(sd_device *device, sd_device *device_old, bool add) {
+        const char *tag;
+        int r = 0, k;
+
+        if (add && device_old) {
+                /* delete possible left-over tags */
+                FOREACH_DEVICE_TAG(device_old, tag) {
+                        if (!sd_device_has_tag(device, tag)) {
+                                k = device_tag(device_old, tag, false);
+                                if (r >= 0 && k < 0)
+                                        r = k;
+                        }
+                }
+        }
+
+        FOREACH_DEVICE_TAG(device, tag) {
+                k = device_tag(device, tag, add);
+                if (r >= 0 && k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static bool device_has_info(sd_device *device) {
+        assert(device);
+
+        if (!set_isempty(device->devlinks))
+                return true;
+
+        if (device->devlink_priority != 0)
+                return true;
+
+        if (!ordered_hashmap_isempty(device->properties_db))
+                return true;
+
+        if (!set_isempty(device->tags))
+                return true;
+
+        if (device->watch_handle >= 0)
+                return true;
+
+        return false;
+}
+
+void device_set_db_persist(sd_device *device) {
+        assert(device);
+
+        device->db_persist = true;
+}
+
+int device_update_db(sd_device *device) {
+        const char *id;
+        char *path;
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_free_ char *path_tmp = NULL;
+        bool has_info;
+        int r;
+
+        assert(device);
+
+        has_info = device_has_info(device);
+
+        r = device_get_id_filename(device, &id);
+        if (r < 0)
+                return r;
+
+        path = strjoina("/run/udev/data/", id);
+
+        /* do not store anything for otherwise empty devices */
+        if (!has_info && major(device->devnum) == 0 && device->ifindex == 0) {
+                r = unlink(path);
+                if (r < 0 && errno != ENOENT)
+                        return -errno;
+
+                return 0;
+        }
+
+        /* write a database file */
+        r = mkdir_parents(path, 0755);
+        if (r < 0)
+                return r;
+
+        r = fopen_temporary(path, &f, &path_tmp);
+        if (r < 0)
+                return r;
+
+        /*
+         * set 'sticky' bit to indicate that we should not clean the
+         * database when we transition from initramfs to the real root
+         */
+        if (device->db_persist) {
+                r = fchmod(fileno(f), 01644);
+                if (r < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+        } else {
+                r = fchmod(fileno(f), 0644);
+                if (r < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+        }
+
+        if (has_info) {
+                const char *property, *value, *tag;
+                Iterator i;
+
+                if (major(device->devnum) > 0) {
+                        const char *devlink;
+
+                        FOREACH_DEVICE_DEVLINK(device, devlink)
+                                fprintf(f, "S:%s\n", devlink + strlen("/dev/"));
+
+                        if (device->devlink_priority != 0)
+                                fprintf(f, "L:%i\n", device->devlink_priority);
+
+                        if (device->watch_handle >= 0)
+                                fprintf(f, "W:%i\n", device->watch_handle);
+                }
+
+                if (device->usec_initialized > 0)
+                        fprintf(f, "I:"USEC_FMT"\n", device->usec_initialized);
+
+                ORDERED_HASHMAP_FOREACH_KEY(value, property, device->properties_db, i)
+                        fprintf(f, "E:%s=%s\n", property, value);
+
+                FOREACH_DEVICE_TAG(device, tag)
+                        fprintf(f, "G:%s\n", tag);
+        }
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                goto fail;
+
+        r = rename(path_tmp, path);
+        if (r < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        log_debug("created %s file '%s' for '%s'", has_info ? "db" : "empty",
+                  path, device->devpath);
+
+        return 0;
+
+fail:
+        (void) unlink(path);
+        (void) unlink(path_tmp);
+
+        return log_error_errno(r, "failed to create %s file '%s' for '%s'", has_info ? "db" : "empty", path, device->devpath);
+}
+
+int device_delete_db(sd_device *device) {
+        const char *id;
+        char *path;
+        int r;
+
+        assert(device);
+
+        r = device_get_id_filename(device, &id);
+        if (r < 0)
+                return r;
+
+        path = strjoina("/run/udev/data/", id);
+
+        r = unlink(path);
+        if (r < 0 && errno != ENOENT)
+                return -errno;
+
+        return 0;
+}
+
+int device_read_db_force(sd_device *device) {
+        assert(device);
+
+        return device_read_db_aux(device, true);
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-device/device-private.h b/src/libsystemd/libsystemd-internal/sd-device/device-private.h
new file mode 100644
index 0000000000..d6add2f7b2
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-device/device-private.h
@@ -0,0 +1,68 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include <sys/types.h>
+
+#include <systemd/sd-device.h>
+
+int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len);
+int device_new_from_strv(sd_device **ret, char **strv);
+
+int device_get_id_filename(sd_device *device, const char **ret);
+
+int device_get_devlink_priority(sd_device *device, int *priority);
+int device_get_watch_handle(sd_device *device, int *handle);
+int device_get_devnode_mode(sd_device *device, mode_t *mode);
+int device_get_devnode_uid(sd_device *device, uid_t *uid);
+int device_get_devnode_gid(sd_device *device, gid_t *gid);
+
+void device_seal(sd_device *device);
+void device_set_is_initialized(sd_device *device);
+void device_set_watch_handle(sd_device *device, int fd);
+void device_set_db_persist(sd_device *device);
+void device_set_devlink_priority(sd_device *device, int priority);
+int device_ensure_usec_initialized(sd_device *device, sd_device *device_old);
+int device_add_devlink(sd_device *device, const char *devlink);
+int device_add_property(sd_device *device, const char *property, const char *value);
+int device_add_tag(sd_device *device, const char *tag);
+void device_remove_tag(sd_device *device, const char *tag);
+void device_cleanup_tags(sd_device *device);
+void device_cleanup_devlinks(sd_device *device);
+
+uint64_t device_get_properties_generation(sd_device *device);
+uint64_t device_get_tags_generation(sd_device *device);
+uint64_t device_get_devlinks_generation(sd_device *device);
+
+int device_get_properties_nulstr(sd_device *device, const uint8_t **nulstr, size_t *len);
+int device_get_properties_strv(sd_device *device, char ***strv);
+
+int device_rename(sd_device *device, const char *name);
+int device_shallow_clone(sd_device *old_device, sd_device **new_device);
+int device_clone_with_db(sd_device *old_device, sd_device **new_device);
+int device_copy_properties(sd_device *device_dst, sd_device *device_src);
+int device_new_from_synthetic_event(sd_device **new_device, const char *syspath, const char *action);
+
+int device_tag_index(sd_device *dev, sd_device *dev_old, bool add);
+int device_update_db(sd_device *device);
+int device_delete_db(sd_device *device);
+int device_read_db_force(sd_device *device);
diff --git a/src/libsystemd/sd-device/device-util.h b/src/libsystemd/libsystemd-internal/sd-device/device-util.h
index 5b42e11de6..5b42e11de6 100644
--- a/src/libsystemd/sd-device/device-util.h
+++ b/src/libsystemd/libsystemd-internal/sd-device/device-util.h
diff --git a/src/libsystemd/libsystemd-internal/sd-device/sd-device.c b/src/libsystemd/libsystemd-internal/sd-device/sd-device.c
new file mode 100644
index 0000000000..d21a67cd4c
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-device/sd-device.c
@@ -0,0 +1,1884 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <ctype.h>
+#include <net/if.h>
+#include <sys/types.h>
+
+#include <systemd/sd-device.h>
+
+#include "alloc-util.h"
+#include "device-internal.h"
+#include "device-private.h"
+#include "device-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "hashmap.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "set.h"
+#include "stat-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "strxcpyx.h"
+#include "util.h"
+
+int device_new_aux(sd_device **ret) {
+        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+
+        assert(ret);
+
+        device = new0(sd_device, 1);
+        if (!device)
+                return -ENOMEM;
+
+        device->n_ref = 1;
+        device->watch_handle = -1;
+
+        *ret = device;
+        device = NULL;
+
+        return 0;
+}
+
+_public_ sd_device *sd_device_ref(sd_device *device) {
+        if (device)
+                assert_se(++ device->n_ref >= 2);
+
+        return device;
+}
+
+_public_ sd_device *sd_device_unref(sd_device *device) {
+        if (device && -- device->n_ref == 0) {
+                sd_device_unref(device->parent);
+                free(device->syspath);
+                free(device->sysname);
+                free(device->devtype);
+                free(device->devname);
+                free(device->subsystem);
+                free(device->driver);
+                free(device->id_filename);
+                free(device->properties_strv);
+                free(device->properties_nulstr);
+
+                ordered_hashmap_free_free_free(device->properties);
+                ordered_hashmap_free_free_free(device->properties_db);
+                hashmap_free_free_free(device->sysattr_values);
+                set_free_free(device->sysattrs);
+                set_free_free(device->tags);
+                set_free_free(device->devlinks);
+
+                free(device);
+        }
+
+        return NULL;
+}
+
+int device_add_property_aux(sd_device *device, const char *_key, const char *_value, bool db) {
+        OrderedHashmap **properties;
+
+        assert(device);
+        assert(_key);
+
+        if (db)
+                properties = &device->properties_db;
+        else
+                properties = &device->properties;
+
+        if (_value) {
+                _cleanup_free_ char *key = NULL, *value = NULL, *old_key = NULL, *old_value = NULL;
+                int r;
+
+                r = ordered_hashmap_ensure_allocated(properties, &string_hash_ops);
+                if (r < 0)
+                        return r;
+
+                key = strdup(_key);
+                if (!key)
+                        return -ENOMEM;
+
+                value = strdup(_value);
+                if (!value)
+                        return -ENOMEM;
+
+                old_value = ordered_hashmap_get2(*properties, key, (void**) &old_key);
+
+                r = ordered_hashmap_replace(*properties, key, value);
+                if (r < 0)
+                        return r;
+
+                key = NULL;
+                value = NULL;
+        } else {
+                _cleanup_free_ char *key = NULL;
+                _cleanup_free_ char *value = NULL;
+
+                value = ordered_hashmap_remove2(*properties, _key, (void**) &key);
+        }
+
+        if (!db) {
+                device->properties_generation++;
+                device->properties_buf_outdated = true;
+        }
+
+        return 0;
+}
+
+int device_add_property_internal(sd_device *device, const char *key, const char *value) {
+        return device_add_property_aux(device, key, value, false);
+}
+
+int device_set_syspath(sd_device *device, const char *_syspath, bool verify) {
+        _cleanup_free_ char *syspath = NULL;
+        const char *devpath;
+        int r;
+
+        assert(device);
+        assert(_syspath);
+
+        /* must be a subdirectory of /sys */
+        if (!path_startswith(_syspath, "/sys/")) {
+                log_debug("sd-device: syspath '%s' is not a subdirectory of /sys", _syspath);
+                return -EINVAL;
+        }
+
+        if (verify) {
+                r = readlink_and_canonicalize(_syspath, &syspath);
+                if (r == -ENOENT)
+                        /* the device does not exist (any more?) */
+                        return -ENODEV;
+                else if (r == -EINVAL) {
+                        /* not a symlink */
+                        syspath = canonicalize_file_name(_syspath);
+                        if (!syspath) {
+                                if (errno == ENOENT)
+                                        /* the device does not exist (any more?) */
+                                        return -ENODEV;
+
+                                return log_debug_errno(errno, "sd-device: could not canonicalize '%s': %m", _syspath);
+                        }
+                } else if (r < 0) {
+                        log_debug_errno(r, "sd-device: could not get target of '%s': %m", _syspath);
+                        return r;
+                }
+
+                if (path_startswith(syspath,  "/sys/devices/")) {
+                        char *path;
+
+                        /* all 'devices' require an 'uevent' file */
+                        path = strjoina(syspath, "/uevent");
+                        r = access(path, F_OK);
+                        if (r < 0) {
+                                if (errno == ENOENT)
+                                        /* this is not a valid device */
+                                        return -ENODEV;
+
+                                log_debug("sd-device: %s does not have an uevent file: %m", syspath);
+                                return -errno;
+                        }
+                } else {
+                        /* everything else just just needs to be a directory */
+                        if (!is_dir(syspath, false))
+                                return -ENODEV;
+                }
+        } else {
+                syspath = strdup(_syspath);
+                if (!syspath)
+                        return -ENOMEM;
+        }
+
+        devpath = syspath + strlen("/sys");
+
+        r = device_add_property_internal(device, "DEVPATH", devpath);
+        if (r < 0)
+                return r;
+
+        free(device->syspath);
+        device->syspath = syspath;
+        syspath = NULL;
+
+        device->devpath = devpath;
+
+        return 0;
+}
+
+_public_ int sd_device_new_from_syspath(sd_device **ret, const char *syspath) {
+        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return(syspath, -EINVAL);
+
+        r = device_new_aux(&device);
+        if (r < 0)
+                return r;
+
+        r = device_set_syspath(device, syspath, true);
+        if (r < 0)
+                return r;
+
+        *ret = device;
+        device = NULL;
+
+        return 0;
+}
+
+_public_ int sd_device_new_from_devnum(sd_device **ret, char type, dev_t devnum) {
+        char *syspath;
+        char id[DECIMAL_STR_MAX(unsigned) * 2 + 1];
+
+        assert_return(ret, -EINVAL);
+        assert_return(type == 'b' || type == 'c', -EINVAL);
+
+        /* use /sys/dev/{block,char}/<maj>:<min> link */
+        snprintf(id, sizeof(id), "%u:%u", major(devnum), minor(devnum));
+
+        syspath = strjoina("/sys/dev/", (type == 'b' ? "block" : "char"), "/", id);
+
+        return sd_device_new_from_syspath(ret, syspath);
+}
+
+_public_ int sd_device_new_from_subsystem_sysname(sd_device **ret, const char *subsystem, const char *sysname) {
+        char *syspath;
+
+        assert_return(ret, -EINVAL);
+        assert_return(subsystem, -EINVAL);
+        assert_return(sysname, -EINVAL);
+
+        if (streq(subsystem, "subsystem")) {
+                syspath = strjoina("/sys/subsystem/", sysname);
+                if (access(syspath, F_OK) >= 0)
+                        return sd_device_new_from_syspath(ret, syspath);
+
+                syspath = strjoina("/sys/bus/", sysname);
+                if (access(syspath, F_OK) >= 0)
+                        return sd_device_new_from_syspath(ret, syspath);
+
+                syspath = strjoina("/sys/class/", sysname);
+                if (access(syspath, F_OK) >= 0)
+                        return sd_device_new_from_syspath(ret, syspath);
+        } else  if (streq(subsystem, "module")) {
+                syspath = strjoina("/sys/module/", sysname);
+                if (access(syspath, F_OK) >= 0)
+                        return sd_device_new_from_syspath(ret, syspath);
+        } else if (streq(subsystem, "drivers")) {
+                char subsys[PATH_MAX];
+                char *driver;
+
+                strscpy(subsys, sizeof(subsys), sysname);
+                driver = strchr(subsys, ':');
+                if (driver) {
+                        driver[0] = '\0';
+                        driver++;
+
+                        syspath = strjoina("/sys/subsystem/", subsys, "/drivers/", driver);
+                        if (access(syspath, F_OK) >= 0)
+                                return sd_device_new_from_syspath(ret, syspath);
+
+                        syspath = strjoina("/sys/bus/", subsys, "/drivers/", driver);
+                        if (access(syspath, F_OK) >= 0)
+                                return sd_device_new_from_syspath(ret, syspath);
+                } else
+                        return -EINVAL;
+        } else {
+                char *name;
+                size_t len = 0;
+
+                /* translate sysname back to sysfs filename */
+                name = strdupa(sysname);
+                while (name[len] != '\0') {
+                        if (name[len] == '/')
+                                name[len] = '!';
+
+                        len++;
+                }
+
+                syspath = strjoina("/sys/subsystem/", subsystem, "/devices/", name);
+                if (access(syspath, F_OK) >= 0)
+                        return sd_device_new_from_syspath(ret, syspath);
+
+                syspath = strjoina("/sys/bus/", subsystem, "/devices/", name);
+                if (access(syspath, F_OK) >= 0)
+                        return sd_device_new_from_syspath(ret, syspath);
+
+                syspath = strjoina("/sys/class/", subsystem, "/", name);
+                if (access(syspath, F_OK) >= 0)
+                        return sd_device_new_from_syspath(ret, syspath);
+        }
+
+        return -ENODEV;
+}
+
+int device_set_devtype(sd_device *device, const char *_devtype) {
+        _cleanup_free_ char *devtype = NULL;
+        int r;
+
+        assert(device);
+        assert(_devtype);
+
+        devtype = strdup(_devtype);
+        if (!devtype)
+                return -ENOMEM;
+
+        r = device_add_property_internal(device, "DEVTYPE", devtype);
+        if (r < 0)
+                return r;
+
+        free(device->devtype);
+        device->devtype = devtype;
+        devtype = NULL;
+
+        return 0;
+}
+
+int device_set_ifindex(sd_device *device, const char *_ifindex) {
+        int ifindex, r;
+
+        assert(device);
+        assert(_ifindex);
+
+        r = parse_ifindex(_ifindex, &ifindex);
+        if (r < 0)
+                return r;
+
+        r = device_add_property_internal(device, "IFINDEX", _ifindex);
+        if (r < 0)
+                return r;
+
+        device->ifindex = ifindex;
+
+        return 0;
+}
+
+int device_set_devname(sd_device *device, const char *_devname) {
+        _cleanup_free_ char *devname = NULL;
+        int r;
+
+        assert(device);
+        assert(_devname);
+
+        if (_devname[0] != '/') {
+                r = asprintf(&devname, "/dev/%s", _devname);
+                if (r < 0)
+                        return -ENOMEM;
+        } else {
+                devname = strdup(_devname);
+                if (!devname)
+                        return -ENOMEM;
+        }
+
+        r = device_add_property_internal(device, "DEVNAME", devname);
+        if (r < 0)
+                return r;
+
+        free(device->devname);
+        device->devname = devname;
+        devname = NULL;
+
+        return 0;
+}
+
+int device_set_devmode(sd_device *device, const char *_devmode) {
+        unsigned devmode;
+        int r;
+
+        assert(device);
+        assert(_devmode);
+
+        r = safe_atou(_devmode, &devmode);
+        if (r < 0)
+                return r;
+
+        if (devmode > 07777)
+                return -EINVAL;
+
+        r = device_add_property_internal(device, "DEVMODE", _devmode);
+        if (r < 0)
+                return r;
+
+        device->devmode = devmode;
+
+        return 0;
+}
+
+int device_set_devnum(sd_device *device, const char *major, const char *minor) {
+        unsigned maj = 0, min = 0;
+        int r;
+
+        assert(device);
+        assert(major);
+
+        r = safe_atou(major, &maj);
+        if (r < 0)
+                return r;
+        if (!maj)
+                return 0;
+
+        if (minor) {
+                r = safe_atou(minor, &min);
+                if (r < 0)
+                        return r;
+        }
+
+        r = device_add_property_internal(device, "MAJOR", major);
+        if (r < 0)
+                return r;
+
+        if (minor) {
+                r = device_add_property_internal(device, "MINOR", minor);
+                if (r < 0)
+                        return r;
+        }
+
+        device->devnum = makedev(maj, min);
+
+        return 0;
+}
+
+static int handle_uevent_line(sd_device *device, const char *key, const char *value, const char **major, const char **minor) {
+        int r;
+
+        assert(device);
+        assert(key);
+        assert(value);
+        assert(major);
+        assert(minor);
+
+        if (streq(key, "DEVTYPE")) {
+                r = device_set_devtype(device, value);
+                if (r < 0)
+                        return r;
+        } else if (streq(key, "IFINDEX")) {
+                r = device_set_ifindex(device, value);
+                if (r < 0)
+                        return r;
+        } else if (streq(key, "DEVNAME")) {
+                r = device_set_devname(device, value);
+                if (r < 0)
+                        return r;
+        } else if (streq(key, "DEVMODE")) {
+                r = device_set_devmode(device, value);
+                if (r < 0)
+                        return r;
+        } else if (streq(key, "MAJOR"))
+                *major = value;
+        else if (streq(key, "MINOR"))
+                *minor = value;
+        else {
+                r = device_add_property_internal(device, key, value);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+int device_read_uevent_file(sd_device *device) {
+        _cleanup_free_ char *uevent = NULL;
+        const char *syspath, *key = NULL, *value = NULL, *major = NULL, *minor = NULL;
+        char *path;
+        size_t uevent_len;
+        unsigned i;
+        int r;
+
+        enum {
+                PRE_KEY,
+                KEY,
+                PRE_VALUE,
+                VALUE,
+                INVALID_LINE,
+        } state = PRE_KEY;
+
+        assert(device);
+
+        if (device->uevent_loaded || device->sealed)
+                return 0;
+
+        device->uevent_loaded = true;
+
+        r = sd_device_get_syspath(device, &syspath);
+        if (r < 0)
+                return r;
+
+        path = strjoina(syspath, "/uevent");
+
+        r = read_full_file(path, &uevent, &uevent_len);
+        if (r == -EACCES)
+                /* empty uevent files may be write-only */
+                return 0;
+        else if (r == -ENOENT)
+                /* some devices may not have uevent files, see set_syspath() */
+                return 0;
+        else if (r < 0) {
+                log_debug_errno(r, "sd-device: failed to read uevent file '%s': %m", path);
+                return r;
+        }
+
+        for (i = 0; i < uevent_len; i++) {
+                switch (state) {
+                case PRE_KEY:
+                        if (!strchr(NEWLINE, uevent[i])) {
+                                key = &uevent[i];
+
+                                state = KEY;
+                        }
+
+                        break;
+                case KEY:
+                        if (uevent[i] == '=') {
+                                uevent[i] = '\0';
+
+                                state = PRE_VALUE;
+                        } else if (strchr(NEWLINE, uevent[i])) {
+                                uevent[i] = '\0';
+                                log_debug("sd-device: ignoring invalid uevent line '%s'", key);
+
+                                state = PRE_KEY;
+                        }
+
+                        break;
+                case PRE_VALUE:
+                        value = &uevent[i];
+
+                        state = VALUE;
+
+                        break;
+                case VALUE:
+                        if (strchr(NEWLINE, uevent[i])) {
+                                uevent[i] = '\0';
+
+                                r = handle_uevent_line(device, key, value, &major, &minor);
+                                if (r < 0)
+                                        log_debug_errno(r, "sd-device: failed to handle uevent entry '%s=%s': %m", key, value);
+
+                                state = PRE_KEY;
+                        }
+
+                        break;
+                default:
+                        assert_not_reached("invalid state when parsing uevent file");
+                }
+        }
+
+        if (major) {
+                r = device_set_devnum(device, major, minor);
+                if (r < 0)
+                        log_debug_errno(r, "sd-device: could not set 'MAJOR=%s' or 'MINOR=%s' from '%s': %m", major, minor, path);
+        }
+
+        return 0;
+}
+
+_public_ int sd_device_get_ifindex(sd_device *device, int *ifindex) {
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(ifindex, -EINVAL);
+
+        r = device_read_uevent_file(device);
+        if (r < 0)
+                return r;
+
+        *ifindex = device->ifindex;
+
+        return 0;
+}
+
+_public_ int sd_device_new_from_device_id(sd_device **ret, const char *id) {
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return(id, -EINVAL);
+
+        switch (id[0]) {
+        case 'b':
+        case 'c':
+        {
+                char type;
+                int maj, min;
+
+                r = sscanf(id, "%c%i:%i", &type, &maj, &min);
+                if (r != 3)
+                        return -EINVAL;
+
+                return sd_device_new_from_devnum(ret, type, makedev(maj, min));
+        }
+        case 'n':
+        {
+                _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+                _cleanup_close_ int sk = -1;
+                struct ifreq ifr = {};
+                int ifindex;
+
+                r = parse_ifindex(&id[1], &ifr.ifr_ifindex);
+                if (r < 0)
+                        return r;
+
+                sk = socket(PF_INET, SOCK_DGRAM, 0);
+                if (sk < 0)
+                        return -errno;
+
+                r = ioctl(sk, SIOCGIFNAME, &ifr);
+                if (r < 0)
+                        return -errno;
+
+                r = sd_device_new_from_subsystem_sysname(&device, "net", ifr.ifr_name);
+                if (r < 0)
+                        return r;
+
+                r = sd_device_get_ifindex(device, &ifindex);
+                if (r < 0)
+                        return r;
+
+                /* this is racey, so we might end up with the wrong device */
+                if (ifr.ifr_ifindex != ifindex)
+                        return -ENODEV;
+
+                *ret = device;
+                device = NULL;
+
+                return 0;
+        }
+        case '+':
+        {
+                char subsys[PATH_MAX];
+                char *sysname;
+
+                (void)strscpy(subsys, sizeof(subsys), id + 1);
+                sysname = strchr(subsys, ':');
+                if (!sysname)
+                        return -EINVAL;
+
+                sysname[0] = '\0';
+                sysname++;
+
+                return sd_device_new_from_subsystem_sysname(ret, subsys, sysname);
+        }
+        default:
+                return -EINVAL;
+        }
+}
+
+_public_ int sd_device_get_syspath(sd_device *device, const char **ret) {
+        assert_return(device, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        assert(path_startswith(device->syspath, "/sys/"));
+
+        *ret = device->syspath;
+
+        return 0;
+}
+
+static int device_new_from_child(sd_device **ret, sd_device *child) {
+        _cleanup_free_ char *path = NULL;
+        const char *subdir, *syspath;
+        int r;
+
+        assert(ret);
+        assert(child);
+
+        r = sd_device_get_syspath(child, &syspath);
+        if (r < 0)
+                return r;
+
+        path = strdup(syspath);
+        if (!path)
+                return -ENOMEM;
+        subdir = path + strlen("/sys");
+
+        for (;;) {
+                char *pos;
+
+                pos = strrchr(subdir, '/');
+                if (!pos || pos < subdir + 2)
+                        break;
+
+                *pos = '\0';
+
+                r = sd_device_new_from_syspath(ret, path);
+                if (r < 0)
+                        continue;
+
+                return 0;
+        }
+
+        return -ENODEV;
+}
+
+_public_ int sd_device_get_parent(sd_device *child, sd_device **ret) {
+
+        assert_return(ret, -EINVAL);
+        assert_return(child, -EINVAL);
+
+        if (!child->parent_set) {
+                child->parent_set = true;
+
+                (void)device_new_from_child(&child->parent, child);
+        }
+
+        if (!child->parent)
+                return -ENOENT;
+
+        *ret = child->parent;
+
+        return 0;
+}
+
+int device_set_subsystem(sd_device *device, const char *_subsystem) {
+        _cleanup_free_ char *subsystem = NULL;
+        int r;
+
+        assert(device);
+        assert(_subsystem);
+
+        subsystem = strdup(_subsystem);
+        if (!subsystem)
+                return -ENOMEM;
+
+        r = device_add_property_internal(device, "SUBSYSTEM", subsystem);
+        if (r < 0)
+                return r;
+
+        free(device->subsystem);
+        device->subsystem = subsystem;
+        subsystem = NULL;
+
+        device->subsystem_set = true;
+
+        return 0;
+}
+
+_public_ int sd_device_get_subsystem(sd_device *device, const char **ret) {
+        assert_return(ret, -EINVAL);
+        assert_return(device, -EINVAL);
+
+        if (!device->subsystem_set) {
+                _cleanup_free_ char *subsystem = NULL;
+                const char *syspath;
+                char *path;
+                int r;
+
+                /* read 'subsystem' link */
+                r = sd_device_get_syspath(device, &syspath);
+                if (r < 0)
+                        return r;
+
+                path = strjoina(syspath, "/subsystem");
+                r = readlink_value(path, &subsystem);
+                if (r >= 0)
+                        r = device_set_subsystem(device, subsystem);
+                /* use implicit names */
+                else if (path_startswith(device->devpath, "/module/"))
+                        r = device_set_subsystem(device, "module");
+                else if (strstr(device->devpath, "/drivers/"))
+                        r = device_set_subsystem(device, "drivers");
+                else if (path_startswith(device->devpath, "/subsystem/") ||
+                         path_startswith(device->devpath, "/class/") ||
+                         path_startswith(device->devpath, "/bus/"))
+                        r = device_set_subsystem(device, "subsystem");
+                if (r < 0 && r != -ENOENT)
+                        return log_debug_errno(r, "sd-device: could not set subsystem for %s: %m", device->devpath);
+
+                device->subsystem_set = true;
+        }
+
+        if (!device->subsystem)
+                return -ENOENT;
+
+        *ret = device->subsystem;
+
+        return 0;
+}
+
+_public_ int sd_device_get_devtype(sd_device *device, const char **devtype) {
+        int r;
+
+        assert(devtype);
+        assert(device);
+
+        r = device_read_uevent_file(device);
+        if (r < 0)
+                return r;
+
+        *devtype = device->devtype;
+
+        return 0;
+}
+
+_public_ int sd_device_get_parent_with_subsystem_devtype(sd_device *child, const char *subsystem, const char *devtype, sd_device **ret) {
+        sd_device *parent = NULL;
+        int r;
+
+        assert_return(child, -EINVAL);
+        assert_return(subsystem, -EINVAL);
+
+        r = sd_device_get_parent(child, &parent);
+        while (r >= 0) {
+                const char *parent_subsystem = NULL;
+                const char *parent_devtype = NULL;
+
+                (void)sd_device_get_subsystem(parent, &parent_subsystem);
+                if (streq_ptr(parent_subsystem, subsystem)) {
+                        if (!devtype)
+                                break;
+
+                        (void)sd_device_get_devtype(parent, &parent_devtype);
+                        if (streq_ptr(parent_devtype, devtype))
+                                break;
+                }
+                r = sd_device_get_parent(parent, &parent);
+        }
+
+        if (r < 0)
+                return r;
+
+        *ret = parent;
+
+        return 0;
+}
+
+_public_ int sd_device_get_devnum(sd_device *device, dev_t *devnum) {
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(devnum, -EINVAL);
+
+        r = device_read_uevent_file(device);
+        if (r < 0)
+                return r;
+
+        *devnum = device->devnum;
+
+        return 0;
+}
+
+int device_set_driver(sd_device *device, const char *_driver) {
+        _cleanup_free_ char *driver = NULL;
+        int r;
+
+        assert(device);
+        assert(_driver);
+
+        driver = strdup(_driver);
+        if (!driver)
+                return -ENOMEM;
+
+        r = device_add_property_internal(device, "DRIVER", driver);
+        if (r < 0)
+                return r;
+
+        free(device->driver);
+        device->driver = driver;
+        driver = NULL;
+
+        device->driver_set = true;
+
+        return 0;
+}
+
+_public_ int sd_device_get_driver(sd_device *device, const char **ret) {
+        assert_return(device, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        if (!device->driver_set) {
+                _cleanup_free_ char *driver = NULL;
+                const char *syspath;
+                char *path;
+                int r;
+
+                r = sd_device_get_syspath(device, &syspath);
+                if (r < 0)
+                        return r;
+
+                path = strjoina(syspath, "/driver");
+                r = readlink_value(path, &driver);
+                if (r >= 0) {
+                        r = device_set_driver(device, driver);
+                        if (r < 0)
+                                return log_debug_errno(r, "sd-device: could not set driver for %s: %m", device->devpath);
+                } else if (r == -ENOENT)
+                        device->driver_set = true;
+                else
+                        return log_debug_errno(r, "sd-device: could not set driver for %s: %m", device->devpath);
+        }
+
+        if (!device->driver)
+                return -ENOENT;
+
+        *ret = device->driver;
+
+        return 0;
+}
+
+_public_ int sd_device_get_devpath(sd_device *device, const char **devpath) {
+        assert_return(device, -EINVAL);
+        assert_return(devpath, -EINVAL);
+
+        assert(device->devpath);
+        assert(device->devpath[0] == '/');
+
+        *devpath = device->devpath;
+
+        return 0;
+}
+
+_public_ int sd_device_get_devname(sd_device *device, const char **devname) {
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(devname, -EINVAL);
+
+        r = device_read_uevent_file(device);
+        if (r < 0)
+                return r;
+
+        if (!device->devname)
+                return -ENOENT;
+
+        assert(path_startswith(device->devname, "/dev/"));
+
+        *devname = device->devname;
+
+        return 0;
+}
+
+static int device_set_sysname(sd_device *device) {
+        _cleanup_free_ char *sysname = NULL;
+        const char *sysnum = NULL;
+        const char *pos;
+        size_t len = 0;
+
+        pos = strrchr(device->devpath, '/');
+        if (!pos)
+                return -EINVAL;
+        pos++;
+
+        /* devpath is not a root directory */
+        if (*pos == '\0' || pos <= device->devpath)
+                return -EINVAL;
+
+        sysname = strdup(pos);
+        if (!sysname)
+                return -ENOMEM;
+
+        /* some devices have '!' in their name, change that to '/' */
+        while (sysname[len] != '\0') {
+                if (sysname[len] == '!')
+                        sysname[len] = '/';
+
+                len++;
+        }
+
+        /* trailing number */
+        while (len > 0 && isdigit(sysname[--len]))
+                sysnum = &sysname[len];
+
+        if (len == 0)
+                sysnum = NULL;
+
+        free(device->sysname);
+        device->sysname = sysname;
+        sysname = NULL;
+
+        device->sysnum = sysnum;
+
+        device->sysname_set = true;
+
+        return 0;
+}
+
+_public_ int sd_device_get_sysname(sd_device *device, const char **ret) {
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        if (!device->sysname_set) {
+                r = device_set_sysname(device);
+                if (r < 0)
+                        return r;
+        }
+
+        assert_return(device->sysname, -ENOENT);
+
+        *ret = device->sysname;
+
+        return 0;
+}
+
+_public_ int sd_device_get_sysnum(sd_device *device, const char **ret) {
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        if (!device->sysname_set) {
+                r = device_set_sysname(device);
+                if (r < 0)
+                        return r;
+        }
+
+        *ret = device->sysnum;
+
+        return 0;
+}
+
+static bool is_valid_tag(const char *tag) {
+        assert(tag);
+
+        return !strchr(tag, ':') && !strchr(tag, ' ');
+}
+
+int device_add_tag(sd_device *device, const char *tag) {
+        int r;
+
+        assert(device);
+        assert(tag);
+
+        if (!is_valid_tag(tag))
+                return -EINVAL;
+
+        r = set_ensure_allocated(&device->tags, &string_hash_ops);
+        if (r < 0)
+                return r;
+
+        r = set_put_strdup(device->tags, tag);
+        if (r < 0)
+                return r;
+
+        device->tags_generation++;
+        device->property_tags_outdated = true;
+
+        return 0;
+}
+
+int device_add_devlink(sd_device *device, const char *devlink) {
+        int r;
+
+        assert(device);
+        assert(devlink);
+
+        r = set_ensure_allocated(&device->devlinks, &string_hash_ops);
+        if (r < 0)
+                return r;
+
+        r = set_put_strdup(device->devlinks, devlink);
+        if (r < 0)
+                return r;
+
+        device->devlinks_generation++;
+        device->property_devlinks_outdated = true;
+
+        return 0;
+}
+
+static int device_add_property_internal_from_string(sd_device *device, const char *str) {
+        _cleanup_free_ char *key = NULL;
+        char *value;
+
+        assert(device);
+        assert(str);
+
+        key = strdup(str);
+        if (!key)
+                return -ENOMEM;
+
+        value = strchr(key, '=');
+        if (!value)
+                return -EINVAL;
+
+        *value = '\0';
+
+        if (isempty(++value))
+                value = NULL;
+
+        return device_add_property_internal(device, key, value);
+}
+
+int device_set_usec_initialized(sd_device *device, const char *initialized) {
+        uint64_t usec_initialized;
+        int r;
+
+        assert(device);
+        assert(initialized);
+
+        r = safe_atou64(initialized, &usec_initialized);
+        if (r < 0)
+                return r;
+
+        r = device_add_property_internal(device, "USEC_INITIALIZED", initialized);
+        if (r < 0)
+                return r;
+
+        device->usec_initialized = usec_initialized;
+
+        return 0;
+}
+
+static int handle_db_line(sd_device *device, char key, const char *value) {
+        char *path;
+        int r;
+
+        assert(device);
+        assert(value);
+
+        switch (key) {
+        case 'G':
+                r = device_add_tag(device, value);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'S':
+                path = strjoina("/dev/", value);
+                r = device_add_devlink(device, path);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'E':
+                r = device_add_property_internal_from_string(device, value);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'I':
+                r = device_set_usec_initialized(device, value);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'L':
+                r = safe_atoi(value, &device->devlink_priority);
+                if (r < 0)
+                        return r;
+
+                break;
+        case 'W':
+                r = safe_atoi(value, &device->watch_handle);
+                if (r < 0)
+                        return r;
+
+                break;
+        default:
+                log_debug("device db: unknown key '%c'", key);
+        }
+
+        return 0;
+}
+
+int device_get_id_filename(sd_device *device, const char **ret) {
+        assert(device);
+        assert(ret);
+
+        if (!device->id_filename) {
+                _cleanup_free_ char *id = NULL;
+                const char *subsystem;
+                dev_t devnum;
+                int ifindex, r;
+
+                r = sd_device_get_subsystem(device, &subsystem);
+                if (r < 0)
+                        return r;
+
+                r = sd_device_get_devnum(device, &devnum);
+                if (r < 0)
+                        return r;
+
+                r = sd_device_get_ifindex(device, &ifindex);
+                if (r < 0)
+                        return r;
+
+                if (major(devnum) > 0) {
+                        assert(subsystem);
+
+                        /* use dev_t — b259:131072, c254:0 */
+                        r = asprintf(&id, "%c%u:%u",
+                                     streq(subsystem, "block") ? 'b' : 'c',
+                                     major(devnum), minor(devnum));
+                        if (r < 0)
+                                return -ENOMEM;
+                } else if (ifindex > 0) {
+                        /* use netdev ifindex — n3 */
+                        r = asprintf(&id, "n%u", ifindex);
+                        if (r < 0)
+                                return -ENOMEM;
+                } else {
+                        /* use $subsys:$sysname — pci:0000:00:1f.2
+                         * sysname() has '!' translated, get it from devpath
+                         */
+                        const char *sysname;
+
+                        sysname = basename(device->devpath);
+                        if (!sysname)
+                                return -EINVAL;
+
+                        if (!subsystem)
+                                return -EINVAL;
+
+                        r = asprintf(&id, "+%s:%s", subsystem, sysname);
+                        if (r < 0)
+                                return -ENOMEM;
+                }
+
+                device->id_filename = id;
+                id = NULL;
+        }
+
+        *ret = device->id_filename;
+
+        return 0;
+}
+
+int device_read_db_aux(sd_device *device, bool force) {
+        _cleanup_free_ char *db = NULL;
+        char *path;
+        const char *id, *value;
+        char key;
+        size_t db_len;
+        unsigned i;
+        int r;
+
+        enum {
+                PRE_KEY,
+                KEY,
+                PRE_VALUE,
+                VALUE,
+                INVALID_LINE,
+        } state = PRE_KEY;
+
+        if (device->db_loaded || (!force && device->sealed))
+                return 0;
+
+        device->db_loaded = true;
+
+        r = device_get_id_filename(device, &id);
+        if (r < 0)
+                return r;
+
+        path = strjoina("/run/udev/data/", id);
+
+        r = read_full_file(path, &db, &db_len);
+        if (r < 0) {
+                if (r == -ENOENT)
+                        return 0;
+                else
+                        return log_debug_errno(r, "sd-device: failed to read db '%s': %m", path);
+        }
+
+        /* devices with a database entry are initialized */
+        device->is_initialized = true;
+
+        for (i = 0; i < db_len; i++) {
+                switch (state) {
+                case PRE_KEY:
+                        if (!strchr(NEWLINE, db[i])) {
+                                key = db[i];
+
+                                state = KEY;
+                        }
+
+                        break;
+                case KEY:
+                        if (db[i] != ':') {
+                                log_debug("sd-device: ignoring invalid db entry with key '%c'", key);
+
+                                state = INVALID_LINE;
+                        } else {
+                                db[i] = '\0';
+
+                                state = PRE_VALUE;
+                        }
+
+                        break;
+                case PRE_VALUE:
+                        value = &db[i];
+
+                        state = VALUE;
+
+                        break;
+                case INVALID_LINE:
+                        if (strchr(NEWLINE, db[i]))
+                                state = PRE_KEY;
+
+                        break;
+                case VALUE:
+                        if (strchr(NEWLINE, db[i])) {
+                                db[i] = '\0';
+                                r = handle_db_line(device, key, value);
+                                if (r < 0)
+                                        log_debug_errno(r, "sd-device: failed to handle db entry '%c:%s': %m", key, value);
+
+                                state = PRE_KEY;
+                        }
+
+                        break;
+                default:
+                        assert_not_reached("invalid state when parsing db");
+                }
+        }
+
+        return 0;
+}
+
+static int device_read_db(sd_device *device) {
+        return device_read_db_aux(device, false);
+}
+
+_public_ int sd_device_get_is_initialized(sd_device *device, int *initialized) {
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(initialized, -EINVAL);
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        *initialized = device->is_initialized;
+
+        return 0;
+}
+
+_public_ int sd_device_get_usec_since_initialized(sd_device *device, uint64_t *usec) {
+        usec_t now_ts;
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(usec, -EINVAL);
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        if (!device->is_initialized)
+                return -EBUSY;
+
+        if (!device->usec_initialized)
+                return -ENODATA;
+
+        now_ts = now(clock_boottime_or_monotonic());
+
+        if (now_ts < device->usec_initialized)
+                return -EIO;
+
+        *usec = now_ts - device->usec_initialized;
+
+        return 0;
+}
+
+_public_ const char *sd_device_get_tag_first(sd_device *device) {
+        void *v;
+
+        assert_return(device, NULL);
+
+        (void) device_read_db(device);
+
+        device->tags_iterator_generation = device->tags_generation;
+        device->tags_iterator = ITERATOR_FIRST;
+
+        (void) set_iterate(device->tags, &device->tags_iterator, &v);
+        return v;
+}
+
+_public_ const char *sd_device_get_tag_next(sd_device *device) {
+        void *v;
+
+        assert_return(device, NULL);
+
+        (void) device_read_db(device);
+
+        if (device->tags_iterator_generation != device->tags_generation)
+                return NULL;
+
+        (void) set_iterate(device->tags, &device->tags_iterator, &v);
+        return v;
+}
+
+_public_ const char *sd_device_get_devlink_first(sd_device *device) {
+        void *v;
+
+        assert_return(device, NULL);
+
+        (void) device_read_db(device);
+
+        device->devlinks_iterator_generation = device->devlinks_generation;
+        device->devlinks_iterator = ITERATOR_FIRST;
+
+        (void) set_iterate(device->devlinks, &device->devlinks_iterator, &v);
+        return v;
+}
+
+_public_ const char *sd_device_get_devlink_next(sd_device *device) {
+        void *v;
+
+        assert_return(device, NULL);
+
+        (void) device_read_db(device);
+
+        if (device->devlinks_iterator_generation != device->devlinks_generation)
+                return NULL;
+
+        (void) set_iterate(device->devlinks, &device->devlinks_iterator, &v);
+        return v;
+}
+
+static int device_properties_prepare(sd_device *device) {
+        int r;
+
+        assert(device);
+
+        r = device_read_uevent_file(device);
+        if (r < 0)
+                return r;
+
+        r = device_read_db(device);
+        if (r < 0)
+                return r;
+
+        if (device->property_devlinks_outdated) {
+                _cleanup_free_ char *devlinks = NULL;
+                size_t devlinks_allocated = 0, devlinks_len = 0;
+                const char *devlink;
+
+                for (devlink = sd_device_get_devlink_first(device); devlink; devlink = sd_device_get_devlink_next(device)) {
+                        char *e;
+
+                        if (!GREEDY_REALLOC(devlinks, devlinks_allocated, devlinks_len + strlen(devlink) + 2))
+                                return -ENOMEM;
+                        if (devlinks_len > 0)
+                                stpcpy(devlinks + devlinks_len++, " ");
+                        e = stpcpy(devlinks + devlinks_len, devlink);
+                        devlinks_len = e - devlinks;
+                }
+
+                r = device_add_property_internal(device, "DEVLINKS", devlinks);
+                if (r < 0)
+                        return r;
+
+                device->property_devlinks_outdated = false;
+        }
+
+        if (device->property_tags_outdated) {
+                _cleanup_free_ char *tags = NULL;
+                size_t tags_allocated = 0, tags_len = 0;
+                const char *tag;
+
+                if (!GREEDY_REALLOC(tags, tags_allocated, 2))
+                        return -ENOMEM;
+                stpcpy(tags, ":");
+                tags_len++;
+
+                for (tag = sd_device_get_tag_first(device); tag; tag = sd_device_get_tag_next(device)) {
+                        char *e;
+
+                        if (!GREEDY_REALLOC(tags, tags_allocated, tags_len + strlen(tag) + 2))
+                                return -ENOMEM;
+                        e = stpcpy(stpcpy(tags + tags_len, tag), ":");
+                        tags_len = e - tags;
+                }
+
+                r = device_add_property_internal(device, "TAGS", tags);
+                if (r < 0)
+                        return r;
+
+                device->property_tags_outdated = false;
+        }
+
+        return 0;
+}
+
+_public_ const char *sd_device_get_property_first(sd_device *device, const char **_value) {
+        const char *key;
+        const char *value;
+        int r;
+
+        assert_return(device, NULL);
+
+        r = device_properties_prepare(device);
+        if (r < 0)
+                return NULL;
+
+        device->properties_iterator_generation = device->properties_generation;
+        device->properties_iterator = ITERATOR_FIRST;
+
+        ordered_hashmap_iterate(device->properties, &device->properties_iterator, (void**)&value, (const void**)&key);
+
+        if (_value)
+                *_value = value;
+
+        return key;
+}
+
+_public_ const char *sd_device_get_property_next(sd_device *device, const char **_value) {
+        const char *key;
+        const char *value;
+        int r;
+
+        assert_return(device, NULL);
+
+        r = device_properties_prepare(device);
+        if (r < 0)
+                return NULL;
+
+        if (device->properties_iterator_generation != device->properties_generation)
+                return NULL;
+
+        ordered_hashmap_iterate(device->properties, &device->properties_iterator, (void**)&value, (const void**)&key);
+
+        if (_value)
+                *_value = value;
+
+        return key;
+}
+
+static int device_sysattrs_read_all(sd_device *device) {
+        _cleanup_closedir_ DIR *dir = NULL;
+        const char *syspath;
+        struct dirent *dent;
+        int r;
+
+        assert(device);
+
+        if (device->sysattrs_read)
+                return 0;
+
+        r = sd_device_get_syspath(device, &syspath);
+        if (r < 0)
+                return r;
+
+        dir = opendir(syspath);
+        if (!dir)
+                return -errno;
+
+        r = set_ensure_allocated(&device->sysattrs, &string_hash_ops);
+        if (r < 0)
+                return r;
+
+        for (dent = readdir(dir); dent != NULL; dent = readdir(dir)) {
+                char *path;
+                struct stat statbuf;
+
+                /* only handle symlinks and regular files */
+                if (dent->d_type != DT_LNK && dent->d_type != DT_REG)
+                        continue;
+
+                path = strjoina(syspath, "/", dent->d_name);
+
+                if (lstat(path, &statbuf) != 0)
+                        continue;
+
+                if (!(statbuf.st_mode & S_IRUSR))
+                        continue;
+
+                r = set_put_strdup(device->sysattrs, dent->d_name);
+                if (r < 0)
+                        return r;
+        }
+
+        device->sysattrs_read = true;
+
+        return 0;
+}
+
+_public_ const char *sd_device_get_sysattr_first(sd_device *device) {
+        void *v;
+        int r;
+
+        assert_return(device, NULL);
+
+        if (!device->sysattrs_read) {
+                r = device_sysattrs_read_all(device);
+                if (r < 0) {
+                        errno = -r;
+                        return NULL;
+                }
+        }
+
+        device->sysattrs_iterator = ITERATOR_FIRST;
+
+        (void) set_iterate(device->sysattrs, &device->sysattrs_iterator, &v);
+        return v;
+}
+
+_public_ const char *sd_device_get_sysattr_next(sd_device *device) {
+        void *v;
+
+        assert_return(device, NULL);
+
+        if (!device->sysattrs_read)
+                return NULL;
+
+        (void) set_iterate(device->sysattrs, &device->sysattrs_iterator, &v);
+        return v;
+}
+
+_public_ int sd_device_has_tag(sd_device *device, const char *tag) {
+        assert_return(device, -EINVAL);
+        assert_return(tag, -EINVAL);
+
+        (void) device_read_db(device);
+
+        return !!set_contains(device->tags, tag);
+}
+
+_public_ int sd_device_get_property_value(sd_device *device, const char *key, const char **_value) {
+        char *value;
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(key, -EINVAL);
+        assert_return(_value, -EINVAL);
+
+        r = device_properties_prepare(device);
+        if (r < 0)
+                return r;
+
+        value = ordered_hashmap_get(device->properties, key);
+        if (!value)
+                return -ENOENT;
+
+        *_value = value;
+
+        return 0;
+}
+
+/* replaces the value if it already exists */
+static int device_add_sysattr_value(sd_device *device, const char *_key, char *value) {
+        _cleanup_free_ char *key = NULL;
+        _cleanup_free_ char *value_old = NULL;
+        int r;
+
+        assert(device);
+        assert(_key);
+
+        r = hashmap_ensure_allocated(&device->sysattr_values, &string_hash_ops);
+        if (r < 0)
+                return r;
+
+        value_old = hashmap_remove2(device->sysattr_values, _key, (void **)&key);
+        if (!key) {
+                key = strdup(_key);
+                if (!key)
+                        return -ENOMEM;
+        }
+
+        r = hashmap_put(device->sysattr_values, key, value);
+        if (r < 0)
+                return r;
+
+        key = NULL;
+
+        return 0;
+}
+
+static int device_get_sysattr_value(sd_device *device, const char *_key, const char **_value) {
+        const char *key = NULL, *value;
+
+        assert(device);
+        assert(_key);
+
+        value = hashmap_get2(device->sysattr_values, _key, (void **) &key);
+        if (!key)
+                return -ENOENT;
+
+        if (_value)
+                *_value = value;
+
+        return 0;
+}
+
+/* We cache all sysattr lookups. If an attribute does not exist, it is stored
+ * with a NULL value in the cache, otherwise the returned string is stored */
+_public_ int sd_device_get_sysattr_value(sd_device *device, const char *sysattr, const char **_value) {
+        _cleanup_free_ char *value = NULL;
+        const char *syspath, *cached_value = NULL;
+        char *path;
+        struct stat statbuf;
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(sysattr, -EINVAL);
+
+        /* look for possibly already cached result */
+        r = device_get_sysattr_value(device, sysattr, &cached_value);
+        if (r != -ENOENT) {
+                if (r < 0)
+                        return r;
+
+                if (!cached_value)
+                        /* we looked up the sysattr before and it did not exist */
+                        return -ENOENT;
+
+                if (_value)
+                        *_value = cached_value;
+
+                return 0;
+        }
+
+        r = sd_device_get_syspath(device, &syspath);
+        if (r < 0)
+                return r;
+
+        path = strjoina(syspath, "/", sysattr);
+        r = lstat(path, &statbuf);
+        if (r < 0) {
+                /* remember that we could not access the sysattr */
+                r = device_add_sysattr_value(device, sysattr, NULL);
+                if (r < 0)
+                        return r;
+
+                return -ENOENT;
+        } else if (S_ISLNK(statbuf.st_mode)) {
+                /* Some core links return only the last element of the target path,
+                 * these are just values, the paths should not be exposed. */
+                if (STR_IN_SET(sysattr, "driver", "subsystem", "module")) {
+                        r = readlink_value(path, &value);
+                        if (r < 0)
+                                return r;
+                } else
+                        return -EINVAL;
+        } else if (S_ISDIR(statbuf.st_mode)) {
+                /* skip directories */
+                return -EINVAL;
+        } else if (!(statbuf.st_mode & S_IRUSR)) {
+                /* skip non-readable files */
+                return -EPERM;
+        } else {
+                size_t size;
+
+                /* read attribute value */
+                r = read_full_file(path, &value, &size);
+                if (r < 0)
+                        return r;
+
+                /* drop trailing newlines */
+                while (size > 0 && value[--size] == '\n')
+                        value[size] = '\0';
+        }
+
+        r = device_add_sysattr_value(device, sysattr, value);
+        if (r < 0)
+                return r;
+
+        *_value = value;
+        value = NULL;
+
+        return 0;
+}
+
+static void device_remove_sysattr_value(sd_device *device, const char *_key) {
+        _cleanup_free_ char *key = NULL;
+        _cleanup_free_ char *value = NULL;
+
+        assert(device);
+        assert(_key);
+
+        value = hashmap_remove2(device->sysattr_values, _key, (void **) &key);
+
+        return;
+}
+
+/* set the attribute and save it in the cache. If a NULL value is passed the
+ * attribute is cleared from the cache */
+_public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, char *_value) {
+        _cleanup_close_ int fd = -1;
+        _cleanup_free_ char *value = NULL;
+        const char *syspath;
+        char *path;
+        struct stat statbuf;
+        size_t value_len = 0;
+        ssize_t size;
+        int r;
+
+        assert_return(device, -EINVAL);
+        assert_return(sysattr, -EINVAL);
+
+        if (!_value) {
+                device_remove_sysattr_value(device, sysattr);
+
+                return 0;
+        }
+
+        r = sd_device_get_syspath(device, &syspath);
+        if (r < 0)
+                return r;
+
+        path = strjoina(syspath, "/", sysattr);
+        r = lstat(path, &statbuf);
+        if (r < 0) {
+                value = strdup("");
+                if (!value)
+                        return -ENOMEM;
+
+                r = device_add_sysattr_value(device, sysattr, value);
+                if (r < 0)
+                        return r;
+
+                return -ENXIO;
+        }
+
+        if (S_ISLNK(statbuf.st_mode))
+                return -EINVAL;
+
+        /* skip directories */
+        if (S_ISDIR(statbuf.st_mode))
+                return -EISDIR;
+
+        /* skip non-readable files */
+        if ((statbuf.st_mode & S_IRUSR) == 0)
+                return -EACCES;
+
+        value_len = strlen(_value);
+
+        /* drop trailing newlines */
+        while (value_len > 0 && _value[value_len - 1] == '\n')
+                _value[--value_len] = '\0';
+
+        /* value length is limited to 4k */
+        if (value_len > 4096)
+                return -EINVAL;
+
+        fd = open(path, O_WRONLY | O_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        value = strdup(_value);
+        if (!value)
+                return -ENOMEM;
+
+        size = write(fd, value, value_len);
+        if (size < 0)
+                return -errno;
+
+        if ((size_t)size != value_len)
+                return -EIO;
+
+        r = device_add_sysattr_value(device, sysattr, value);
+        if (r < 0)
+                return r;
+
+        value = NULL;
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-event/sd-event.c b/src/libsystemd/libsystemd-internal/sd-event/sd-event.c
new file mode 100644
index 0000000000..7f6f485353
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-event/sd-event.c
@@ -0,0 +1,2898 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/epoll.h>
+#include <sys/timerfd.h>
+#include <sys/wait.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "hashmap.h"
+#include "list.h"
+#include "macro.h"
+#include "missing.h"
+#include "prioq.h"
+#include "process-util.h"
+#include "set.h"
+#include "signal-util.h"
+#include "string-table.h"
+#include "string-util.h"
+#include "time-util.h"
+#include "util.h"
+
+#define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC)
+
+typedef enum EventSourceType {
+        SOURCE_IO,
+        SOURCE_TIME_REALTIME,
+        SOURCE_TIME_BOOTTIME,
+        SOURCE_TIME_MONOTONIC,
+        SOURCE_TIME_REALTIME_ALARM,
+        SOURCE_TIME_BOOTTIME_ALARM,
+        SOURCE_SIGNAL,
+        SOURCE_CHILD,
+        SOURCE_DEFER,
+        SOURCE_POST,
+        SOURCE_EXIT,
+        SOURCE_WATCHDOG,
+        _SOURCE_EVENT_SOURCE_TYPE_MAX,
+        _SOURCE_EVENT_SOURCE_TYPE_INVALID = -1
+} EventSourceType;
+
+static const char* const event_source_type_table[_SOURCE_EVENT_SOURCE_TYPE_MAX] = {
+        [SOURCE_IO] = "io",
+        [SOURCE_TIME_REALTIME] = "realtime",
+        [SOURCE_TIME_BOOTTIME] = "bootime",
+        [SOURCE_TIME_MONOTONIC] = "monotonic",
+        [SOURCE_TIME_REALTIME_ALARM] = "realtime-alarm",
+        [SOURCE_TIME_BOOTTIME_ALARM] = "boottime-alarm",
+        [SOURCE_SIGNAL] = "signal",
+        [SOURCE_CHILD] = "child",
+        [SOURCE_DEFER] = "defer",
+        [SOURCE_POST] = "post",
+        [SOURCE_EXIT] = "exit",
+        [SOURCE_WATCHDOG] = "watchdog",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(event_source_type, int);
+
+/* All objects we use in epoll events start with this value, so that
+ * we know how to dispatch it */
+typedef enum WakeupType {
+        WAKEUP_NONE,
+        WAKEUP_EVENT_SOURCE,
+        WAKEUP_CLOCK_DATA,
+        WAKEUP_SIGNAL_DATA,
+        _WAKEUP_TYPE_MAX,
+        _WAKEUP_TYPE_INVALID = -1,
+} WakeupType;
+
+#define EVENT_SOURCE_IS_TIME(t) IN_SET((t), SOURCE_TIME_REALTIME, SOURCE_TIME_BOOTTIME, SOURCE_TIME_MONOTONIC, SOURCE_TIME_REALTIME_ALARM, SOURCE_TIME_BOOTTIME_ALARM)
+
+struct sd_event_source {
+        WakeupType wakeup;
+
+        unsigned n_ref;
+
+        sd_event *event;
+        void *userdata;
+        sd_event_handler_t prepare;
+
+        char *description;
+
+        EventSourceType type:5;
+        int enabled:3;
+        bool pending:1;
+        bool dispatching:1;
+        bool floating:1;
+
+        int64_t priority;
+        unsigned pending_index;
+        unsigned prepare_index;
+        unsigned pending_iteration;
+        unsigned prepare_iteration;
+
+        LIST_FIELDS(sd_event_source, sources);
+
+        union {
+                struct {
+                        sd_event_io_handler_t callback;
+                        int fd;
+                        uint32_t events;
+                        uint32_t revents;
+                        bool registered:1;
+                } io;
+                struct {
+                        sd_event_time_handler_t callback;
+                        usec_t next, accuracy;
+                        unsigned earliest_index;
+                        unsigned latest_index;
+                } time;
+                struct {
+                        sd_event_signal_handler_t callback;
+                        struct signalfd_siginfo siginfo;
+                        int sig;
+                } signal;
+                struct {
+                        sd_event_child_handler_t callback;
+                        siginfo_t siginfo;
+                        pid_t pid;
+                        int options;
+                } child;
+                struct {
+                        sd_event_handler_t callback;
+                } defer;
+                struct {
+                        sd_event_handler_t callback;
+                } post;
+                struct {
+                        sd_event_handler_t callback;
+                        unsigned prioq_index;
+                } exit;
+        };
+};
+
+struct clock_data {
+        WakeupType wakeup;
+        int fd;
+
+        /* For all clocks we maintain two priority queues each, one
+         * ordered for the earliest times the events may be
+         * dispatched, and one ordered by the latest times they must
+         * have been dispatched. The range between the top entries in
+         * the two prioqs is the time window we can freely schedule
+         * wakeups in */
+
+        Prioq *earliest;
+        Prioq *latest;
+        usec_t next;
+
+        bool needs_rearm:1;
+};
+
+struct signal_data {
+        WakeupType wakeup;
+
+        /* For each priority we maintain one signal fd, so that we
+         * only have to dequeue a single event per priority at a
+         * time. */
+
+        int fd;
+        int64_t priority;
+        sigset_t sigset;
+        sd_event_source *current;
+};
+
+struct sd_event {
+        unsigned n_ref;
+
+        int epoll_fd;
+        int watchdog_fd;
+
+        Prioq *pending;
+        Prioq *prepare;
+
+        /* timerfd_create() only supports these five clocks so far. We
+         * can add support for more clocks when the kernel learns to
+         * deal with them, too. */
+        struct clock_data realtime;
+        struct clock_data boottime;
+        struct clock_data monotonic;
+        struct clock_data realtime_alarm;
+        struct clock_data boottime_alarm;
+
+        usec_t perturb;
+
+        sd_event_source **signal_sources; /* indexed by signal number */
+        Hashmap *signal_data; /* indexed by priority */
+
+        Hashmap *child_sources;
+        unsigned n_enabled_child_sources;
+
+        Set *post_sources;
+
+        Prioq *exit;
+
+        pid_t original_pid;
+
+        unsigned iteration;
+        dual_timestamp timestamp;
+        usec_t timestamp_boottime;
+        int state;
+
+        bool exit_requested:1;
+        bool need_process_child:1;
+        bool watchdog:1;
+        bool profile_delays:1;
+
+        int exit_code;
+
+        pid_t tid;
+        sd_event **default_event_ptr;
+
+        usec_t watchdog_last, watchdog_period;
+
+        unsigned n_sources;
+
+        LIST_HEAD(sd_event_source, sources);
+
+        usec_t last_run, last_log;
+        unsigned delays[sizeof(usec_t) * 8];
+};
+
+static void source_disconnect(sd_event_source *s);
+
+static int pending_prioq_compare(const void *a, const void *b) {
+        const sd_event_source *x = a, *y = b;
+
+        assert(x->pending);
+        assert(y->pending);
+
+        /* Enabled ones first */
+        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
+                return -1;
+        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
+                return 1;
+
+        /* Lower priority values first */
+        if (x->priority < y->priority)
+                return -1;
+        if (x->priority > y->priority)
+                return 1;
+
+        /* Older entries first */
+        if (x->pending_iteration < y->pending_iteration)
+                return -1;
+        if (x->pending_iteration > y->pending_iteration)
+                return 1;
+
+        return 0;
+}
+
+static int prepare_prioq_compare(const void *a, const void *b) {
+        const sd_event_source *x = a, *y = b;
+
+        assert(x->prepare);
+        assert(y->prepare);
+
+        /* Enabled ones first */
+        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
+                return -1;
+        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
+                return 1;
+
+        /* Move most recently prepared ones last, so that we can stop
+         * preparing as soon as we hit one that has already been
+         * prepared in the current iteration */
+        if (x->prepare_iteration < y->prepare_iteration)
+                return -1;
+        if (x->prepare_iteration > y->prepare_iteration)
+                return 1;
+
+        /* Lower priority values first */
+        if (x->priority < y->priority)
+                return -1;
+        if (x->priority > y->priority)
+                return 1;
+
+        return 0;
+}
+
+static int earliest_time_prioq_compare(const void *a, const void *b) {
+        const sd_event_source *x = a, *y = b;
+
+        assert(EVENT_SOURCE_IS_TIME(x->type));
+        assert(x->type == y->type);
+
+        /* Enabled ones first */
+        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
+                return -1;
+        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
+                return 1;
+
+        /* Move the pending ones to the end */
+        if (!x->pending && y->pending)
+                return -1;
+        if (x->pending && !y->pending)
+                return 1;
+
+        /* Order by time */
+        if (x->time.next < y->time.next)
+                return -1;
+        if (x->time.next > y->time.next)
+                return 1;
+
+        return 0;
+}
+
+static usec_t time_event_source_latest(const sd_event_source *s) {
+        return usec_add(s->time.next, s->time.accuracy);
+}
+
+static int latest_time_prioq_compare(const void *a, const void *b) {
+        const sd_event_source *x = a, *y = b;
+
+        assert(EVENT_SOURCE_IS_TIME(x->type));
+        assert(x->type == y->type);
+
+        /* Enabled ones first */
+        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
+                return -1;
+        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
+                return 1;
+
+        /* Move the pending ones to the end */
+        if (!x->pending && y->pending)
+                return -1;
+        if (x->pending && !y->pending)
+                return 1;
+
+        /* Order by time */
+        if (time_event_source_latest(x) < time_event_source_latest(y))
+                return -1;
+        if (time_event_source_latest(x) > time_event_source_latest(y))
+                return 1;
+
+        return 0;
+}
+
+static int exit_prioq_compare(const void *a, const void *b) {
+        const sd_event_source *x = a, *y = b;
+
+        assert(x->type == SOURCE_EXIT);
+        assert(y->type == SOURCE_EXIT);
+
+        /* Enabled ones first */
+        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
+                return -1;
+        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
+                return 1;
+
+        /* Lower priority values first */
+        if (x->priority < y->priority)
+                return -1;
+        if (x->priority > y->priority)
+                return 1;
+
+        return 0;
+}
+
+static void free_clock_data(struct clock_data *d) {
+        assert(d);
+        assert(d->wakeup == WAKEUP_CLOCK_DATA);
+
+        safe_close(d->fd);
+        prioq_free(d->earliest);
+        prioq_free(d->latest);
+}
+
+static void event_free(sd_event *e) {
+        sd_event_source *s;
+
+        assert(e);
+
+        while ((s = e->sources)) {
+                assert(s->floating);
+                source_disconnect(s);
+                sd_event_source_unref(s);
+        }
+
+        assert(e->n_sources == 0);
+
+        if (e->default_event_ptr)
+                *(e->default_event_ptr) = NULL;
+
+        safe_close(e->epoll_fd);
+        safe_close(e->watchdog_fd);
+
+        free_clock_data(&e->realtime);
+        free_clock_data(&e->boottime);
+        free_clock_data(&e->monotonic);
+        free_clock_data(&e->realtime_alarm);
+        free_clock_data(&e->boottime_alarm);
+
+        prioq_free(e->pending);
+        prioq_free(e->prepare);
+        prioq_free(e->exit);
+
+        free(e->signal_sources);
+        hashmap_free(e->signal_data);
+
+        hashmap_free(e->child_sources);
+        set_free(e->post_sources);
+        free(e);
+}
+
+_public_ int sd_event_new(sd_event** ret) {
+        sd_event *e;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        e = new0(sd_event, 1);
+        if (!e)
+                return -ENOMEM;
+
+        e->n_ref = 1;
+        e->watchdog_fd = e->epoll_fd = e->realtime.fd = e->boottime.fd = e->monotonic.fd = e->realtime_alarm.fd = e->boottime_alarm.fd = -1;
+        e->realtime.next = e->boottime.next = e->monotonic.next = e->realtime_alarm.next = e->boottime_alarm.next = USEC_INFINITY;
+        e->realtime.wakeup = e->boottime.wakeup = e->monotonic.wakeup = e->realtime_alarm.wakeup = e->boottime_alarm.wakeup = WAKEUP_CLOCK_DATA;
+        e->original_pid = getpid();
+        e->perturb = USEC_INFINITY;
+
+        r = prioq_ensure_allocated(&e->pending, pending_prioq_compare);
+        if (r < 0)
+                goto fail;
+
+        e->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
+        if (e->epoll_fd < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        if (secure_getenv("SD_EVENT_PROFILE_DELAYS")) {
+                log_debug("Event loop profiling enabled. Logarithmic histogram of event loop iterations in the range 2^0 ... 2^63 us will be logged every 5s.");
+                e->profile_delays = true;
+        }
+
+        *ret = e;
+        return 0;
+
+fail:
+        event_free(e);
+        return r;
+}
+
+_public_ sd_event* sd_event_ref(sd_event *e) {
+
+        if (!e)
+                return NULL;
+
+        assert(e->n_ref >= 1);
+        e->n_ref++;
+
+        return e;
+}
+
+_public_ sd_event* sd_event_unref(sd_event *e) {
+
+        if (!e)
+                return NULL;
+
+        assert(e->n_ref >= 1);
+        e->n_ref--;
+
+        if (e->n_ref <= 0)
+                event_free(e);
+
+        return NULL;
+}
+
+static bool event_pid_changed(sd_event *e) {
+        assert(e);
+
+        /* We don't support people creating an event loop and keeping
+         * it around over a fork(). Let's complain. */
+
+        return e->original_pid != getpid();
+}
+
+static void source_io_unregister(sd_event_source *s) {
+        int r;
+
+        assert(s);
+        assert(s->type == SOURCE_IO);
+
+        if (event_pid_changed(s->event))
+                return;
+
+        if (!s->io.registered)
+                return;
+
+        r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, s->io.fd, NULL);
+        if (r < 0)
+                log_debug_errno(errno, "Failed to remove source %s (type %s) from epoll: %m",
+                                strna(s->description), event_source_type_to_string(s->type));
+
+        s->io.registered = false;
+}
+
+static int source_io_register(
+                sd_event_source *s,
+                int enabled,
+                uint32_t events) {
+
+        struct epoll_event ev = {};
+        int r;
+
+        assert(s);
+        assert(s->type == SOURCE_IO);
+        assert(enabled != SD_EVENT_OFF);
+
+        ev.events = events;
+        ev.data.ptr = s;
+
+        if (enabled == SD_EVENT_ONESHOT)
+                ev.events |= EPOLLONESHOT;
+
+        if (s->io.registered)
+                r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_MOD, s->io.fd, &ev);
+        else
+                r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_ADD, s->io.fd, &ev);
+        if (r < 0)
+                return -errno;
+
+        s->io.registered = true;
+
+        return 0;
+}
+
+static clockid_t event_source_type_to_clock(EventSourceType t) {
+
+        switch (t) {
+
+        case SOURCE_TIME_REALTIME:
+                return CLOCK_REALTIME;
+
+        case SOURCE_TIME_BOOTTIME:
+                return CLOCK_BOOTTIME;
+
+        case SOURCE_TIME_MONOTONIC:
+                return CLOCK_MONOTONIC;
+
+        case SOURCE_TIME_REALTIME_ALARM:
+                return CLOCK_REALTIME_ALARM;
+
+        case SOURCE_TIME_BOOTTIME_ALARM:
+                return CLOCK_BOOTTIME_ALARM;
+
+        default:
+                return (clockid_t) -1;
+        }
+}
+
+static EventSourceType clock_to_event_source_type(clockid_t clock) {
+
+        switch (clock) {
+
+        case CLOCK_REALTIME:
+                return SOURCE_TIME_REALTIME;
+
+        case CLOCK_BOOTTIME:
+                return SOURCE_TIME_BOOTTIME;
+
+        case CLOCK_MONOTONIC:
+                return SOURCE_TIME_MONOTONIC;
+
+        case CLOCK_REALTIME_ALARM:
+                return SOURCE_TIME_REALTIME_ALARM;
+
+        case CLOCK_BOOTTIME_ALARM:
+                return SOURCE_TIME_BOOTTIME_ALARM;
+
+        default:
+                return _SOURCE_EVENT_SOURCE_TYPE_INVALID;
+        }
+}
+
+static struct clock_data* event_get_clock_data(sd_event *e, EventSourceType t) {
+        assert(e);
+
+        switch (t) {
+
+        case SOURCE_TIME_REALTIME:
+                return &e->realtime;
+
+        case SOURCE_TIME_BOOTTIME:
+                return &e->boottime;
+
+        case SOURCE_TIME_MONOTONIC:
+                return &e->monotonic;
+
+        case SOURCE_TIME_REALTIME_ALARM:
+                return &e->realtime_alarm;
+
+        case SOURCE_TIME_BOOTTIME_ALARM:
+                return &e->boottime_alarm;
+
+        default:
+                return NULL;
+        }
+}
+
+static int event_make_signal_data(
+                sd_event *e,
+                int sig,
+                struct signal_data **ret) {
+
+        struct epoll_event ev = {};
+        struct signal_data *d;
+        bool added = false;
+        sigset_t ss_copy;
+        int64_t priority;
+        int r;
+
+        assert(e);
+
+        if (event_pid_changed(e))
+                return -ECHILD;
+
+        if (e->signal_sources && e->signal_sources[sig])
+                priority = e->signal_sources[sig]->priority;
+        else
+                priority = 0;
+
+        d = hashmap_get(e->signal_data, &priority);
+        if (d) {
+                if (sigismember(&d->sigset, sig) > 0) {
+                        if (ret)
+                                *ret = d;
+                        return 0;
+                }
+        } else {
+                r = hashmap_ensure_allocated(&e->signal_data, &uint64_hash_ops);
+                if (r < 0)
+                        return r;
+
+                d = new0(struct signal_data, 1);
+                if (!d)
+                        return -ENOMEM;
+
+                d->wakeup = WAKEUP_SIGNAL_DATA;
+                d->fd  = -1;
+                d->priority = priority;
+
+                r = hashmap_put(e->signal_data, &d->priority, d);
+                if (r < 0) {
+                        free(d);
+                        return r;
+                }
+
+                added = true;
+        }
+
+        ss_copy = d->sigset;
+        assert_se(sigaddset(&ss_copy, sig) >= 0);
+
+        r = signalfd(d->fd, &ss_copy, SFD_NONBLOCK|SFD_CLOEXEC);
+        if (r < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        d->sigset = ss_copy;
+
+        if (d->fd >= 0) {
+                if (ret)
+                        *ret = d;
+                return 0;
+        }
+
+        d->fd = r;
+
+        ev.events = EPOLLIN;
+        ev.data.ptr = d;
+
+        r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, d->fd, &ev);
+        if (r < 0)  {
+                r = -errno;
+                goto fail;
+        }
+
+        if (ret)
+                *ret = d;
+
+        return 0;
+
+fail:
+        if (added) {
+                d->fd = safe_close(d->fd);
+                hashmap_remove(e->signal_data, &d->priority);
+                free(d);
+        }
+
+        return r;
+}
+
+static void event_unmask_signal_data(sd_event *e, struct signal_data *d, int sig) {
+        assert(e);
+        assert(d);
+
+        /* Turns off the specified signal in the signal data
+         * object. If the signal mask of the object becomes empty that
+         * way removes it. */
+
+        if (sigismember(&d->sigset, sig) == 0)
+                return;
+
+        assert_se(sigdelset(&d->sigset, sig) >= 0);
+
+        if (sigisemptyset(&d->sigset)) {
+
+                /* If all the mask is all-zero we can get rid of the structure */
+                hashmap_remove(e->signal_data, &d->priority);
+                assert(!d->current);
+                safe_close(d->fd);
+                free(d);
+                return;
+        }
+
+        assert(d->fd >= 0);
+
+        if (signalfd(d->fd, &d->sigset, SFD_NONBLOCK|SFD_CLOEXEC) < 0)
+                log_debug_errno(errno, "Failed to unset signal bit, ignoring: %m");
+}
+
+static void event_gc_signal_data(sd_event *e, const int64_t *priority, int sig) {
+        struct signal_data *d;
+        static const int64_t zero_priority = 0;
+
+        assert(e);
+
+        /* Rechecks if the specified signal is still something we are
+         * interested in. If not, we'll unmask it, and possibly drop
+         * the signalfd for it. */
+
+        if (sig == SIGCHLD &&
+            e->n_enabled_child_sources > 0)
+                return;
+
+        if (e->signal_sources &&
+            e->signal_sources[sig] &&
+            e->signal_sources[sig]->enabled != SD_EVENT_OFF)
+                return;
+
+        /*
+         * The specified signal might be enabled in three different queues:
+         *
+         * 1) the one that belongs to the priority passed (if it is non-NULL)
+         * 2) the one that belongs to the priority of the event source of the signal (if there is one)
+         * 3) the 0 priority (to cover the SIGCHLD case)
+         *
+         * Hence, let's remove it from all three here.
+         */
+
+        if (priority) {
+                d = hashmap_get(e->signal_data, priority);
+                if (d)
+                        event_unmask_signal_data(e, d, sig);
+        }
+
+        if (e->signal_sources && e->signal_sources[sig]) {
+                d = hashmap_get(e->signal_data, &e->signal_sources[sig]->priority);
+                if (d)
+                        event_unmask_signal_data(e, d, sig);
+        }
+
+        d = hashmap_get(e->signal_data, &zero_priority);
+        if (d)
+                event_unmask_signal_data(e, d, sig);
+}
+
+static void source_disconnect(sd_event_source *s) {
+        sd_event *event;
+
+        assert(s);
+
+        if (!s->event)
+                return;
+
+        assert(s->event->n_sources > 0);
+
+        switch (s->type) {
+
+        case SOURCE_IO:
+                if (s->io.fd >= 0)
+                        source_io_unregister(s);
+
+                break;
+
+        case SOURCE_TIME_REALTIME:
+        case SOURCE_TIME_BOOTTIME:
+        case SOURCE_TIME_MONOTONIC:
+        case SOURCE_TIME_REALTIME_ALARM:
+        case SOURCE_TIME_BOOTTIME_ALARM: {
+                struct clock_data *d;
+
+                d = event_get_clock_data(s->event, s->type);
+                assert(d);
+
+                prioq_remove(d->earliest, s, &s->time.earliest_index);
+                prioq_remove(d->latest, s, &s->time.latest_index);
+                d->needs_rearm = true;
+                break;
+        }
+
+        case SOURCE_SIGNAL:
+                if (s->signal.sig > 0) {
+
+                        if (s->event->signal_sources)
+                                s->event->signal_sources[s->signal.sig] = NULL;
+
+                        event_gc_signal_data(s->event, &s->priority, s->signal.sig);
+                }
+
+                break;
+
+        case SOURCE_CHILD:
+                if (s->child.pid > 0) {
+                        if (s->enabled != SD_EVENT_OFF) {
+                                assert(s->event->n_enabled_child_sources > 0);
+                                s->event->n_enabled_child_sources--;
+                        }
+
+                        (void) hashmap_remove(s->event->child_sources, PID_TO_PTR(s->child.pid));
+                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
+                }
+
+                break;
+
+        case SOURCE_DEFER:
+                /* nothing */
+                break;
+
+        case SOURCE_POST:
+                set_remove(s->event->post_sources, s);
+                break;
+
+        case SOURCE_EXIT:
+                prioq_remove(s->event->exit, s, &s->exit.prioq_index);
+                break;
+
+        default:
+                assert_not_reached("Wut? I shouldn't exist.");
+        }
+
+        if (s->pending)
+                prioq_remove(s->event->pending, s, &s->pending_index);
+
+        if (s->prepare)
+                prioq_remove(s->event->prepare, s, &s->prepare_index);
+
+        event = s->event;
+
+        s->type = _SOURCE_EVENT_SOURCE_TYPE_INVALID;
+        s->event = NULL;
+        LIST_REMOVE(sources, event->sources, s);
+        event->n_sources--;
+
+        if (!s->floating)
+                sd_event_unref(event);
+}
+
+static void source_free(sd_event_source *s) {
+        assert(s);
+
+        source_disconnect(s);
+        free(s->description);
+        free(s);
+}
+
+static int source_set_pending(sd_event_source *s, bool b) {
+        int r;
+
+        assert(s);
+        assert(s->type != SOURCE_EXIT);
+
+        if (s->pending == b)
+                return 0;
+
+        s->pending = b;
+
+        if (b) {
+                s->pending_iteration = s->event->iteration;
+
+                r = prioq_put(s->event->pending, s, &s->pending_index);
+                if (r < 0) {
+                        s->pending = false;
+                        return r;
+                }
+        } else
+                assert_se(prioq_remove(s->event->pending, s, &s->pending_index));
+
+        if (EVENT_SOURCE_IS_TIME(s->type)) {
+                struct clock_data *d;
+
+                d = event_get_clock_data(s->event, s->type);
+                assert(d);
+
+                prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
+                prioq_reshuffle(d->latest, s, &s->time.latest_index);
+                d->needs_rearm = true;
+        }
+
+        if (s->type == SOURCE_SIGNAL && !b) {
+                struct signal_data *d;
+
+                d = hashmap_get(s->event->signal_data, &s->priority);
+                if (d && d->current == s)
+                        d->current = NULL;
+        }
+
+        return 0;
+}
+
+static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType type) {
+        sd_event_source *s;
+
+        assert(e);
+
+        s = new0(sd_event_source, 1);
+        if (!s)
+                return NULL;
+
+        s->n_ref = 1;
+        s->event = e;
+        s->floating = floating;
+        s->type = type;
+        s->pending_index = s->prepare_index = PRIOQ_IDX_NULL;
+
+        if (!floating)
+                sd_event_ref(e);
+
+        LIST_PREPEND(sources, e->sources, s);
+        e->n_sources++;
+
+        return s;
+}
+
+_public_ int sd_event_add_io(
+                sd_event *e,
+                sd_event_source **ret,
+                int fd,
+                uint32_t events,
+                sd_event_io_handler_t callback,
+                void *userdata) {
+
+        sd_event_source *s;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(fd >= 0, -EBADF);
+        assert_return(!(events & ~(EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLPRI|EPOLLERR|EPOLLHUP|EPOLLET)), -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        s = source_new(e, !ret, SOURCE_IO);
+        if (!s)
+                return -ENOMEM;
+
+        s->wakeup = WAKEUP_EVENT_SOURCE;
+        s->io.fd = fd;
+        s->io.events = events;
+        s->io.callback = callback;
+        s->userdata = userdata;
+        s->enabled = SD_EVENT_ON;
+
+        r = source_io_register(s, s->enabled, events);
+        if (r < 0) {
+                source_free(s);
+                return r;
+        }
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+}
+
+static void initialize_perturb(sd_event *e) {
+        sd_id128_t bootid = {};
+
+        /* When we sleep for longer, we try to realign the wakeup to
+           the same time wihtin each minute/second/250ms, so that
+           events all across the system can be coalesced into a single
+           CPU wakeup. However, let's take some system-specific
+           randomness for this value, so that in a network of systems
+           with synced clocks timer events are distributed a
+           bit. Here, we calculate a perturbation usec offset from the
+           boot ID. */
+
+        if (_likely_(e->perturb != USEC_INFINITY))
+                return;
+
+        if (sd_id128_get_boot(&bootid) >= 0)
+                e->perturb = (bootid.qwords[0] ^ bootid.qwords[1]) % USEC_PER_MINUTE;
+}
+
+static int event_setup_timer_fd(
+                sd_event *e,
+                struct clock_data *d,
+                clockid_t clock) {
+
+        struct epoll_event ev = {};
+        int r, fd;
+
+        assert(e);
+        assert(d);
+
+        if (_likely_(d->fd >= 0))
+                return 0;
+
+        fd = timerfd_create(clock, TFD_NONBLOCK|TFD_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        ev.events = EPOLLIN;
+        ev.data.ptr = d;
+
+        r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, fd, &ev);
+        if (r < 0) {
+                safe_close(fd);
+                return -errno;
+        }
+
+        d->fd = fd;
+        return 0;
+}
+
+static int time_exit_callback(sd_event_source *s, uint64_t usec, void *userdata) {
+        assert(s);
+
+        return sd_event_exit(sd_event_source_get_event(s), PTR_TO_INT(userdata));
+}
+
+_public_ int sd_event_add_time(
+                sd_event *e,
+                sd_event_source **ret,
+                clockid_t clock,
+                uint64_t usec,
+                uint64_t accuracy,
+                sd_event_time_handler_t callback,
+                void *userdata) {
+
+        EventSourceType type;
+        sd_event_source *s;
+        struct clock_data *d;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(accuracy != (uint64_t) -1, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        if (IN_SET(clock, CLOCK_BOOTTIME, CLOCK_BOOTTIME_ALARM) &&
+            !clock_boottime_supported())
+                return -EOPNOTSUPP;
+
+        if (!callback)
+                callback = time_exit_callback;
+
+        type = clock_to_event_source_type(clock);
+        assert_return(type >= 0, -EOPNOTSUPP);
+
+        d = event_get_clock_data(e, type);
+        assert(d);
+
+        r = prioq_ensure_allocated(&d->earliest, earliest_time_prioq_compare);
+        if (r < 0)
+                return r;
+
+        r = prioq_ensure_allocated(&d->latest, latest_time_prioq_compare);
+        if (r < 0)
+                return r;
+
+        if (d->fd < 0) {
+                r = event_setup_timer_fd(e, d, clock);
+                if (r < 0)
+                        return r;
+        }
+
+        s = source_new(e, !ret, type);
+        if (!s)
+                return -ENOMEM;
+
+        s->time.next = usec;
+        s->time.accuracy = accuracy == 0 ? DEFAULT_ACCURACY_USEC : accuracy;
+        s->time.callback = callback;
+        s->time.earliest_index = s->time.latest_index = PRIOQ_IDX_NULL;
+        s->userdata = userdata;
+        s->enabled = SD_EVENT_ONESHOT;
+
+        d->needs_rearm = true;
+
+        r = prioq_put(d->earliest, s, &s->time.earliest_index);
+        if (r < 0)
+                goto fail;
+
+        r = prioq_put(d->latest, s, &s->time.latest_index);
+        if (r < 0)
+                goto fail;
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+
+fail:
+        source_free(s);
+        return r;
+}
+
+static int signal_exit_callback(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        assert(s);
+
+        return sd_event_exit(sd_event_source_get_event(s), PTR_TO_INT(userdata));
+}
+
+_public_ int sd_event_add_signal(
+                sd_event *e,
+                sd_event_source **ret,
+                int sig,
+                sd_event_signal_handler_t callback,
+                void *userdata) {
+
+        sd_event_source *s;
+        struct signal_data *d;
+        sigset_t ss;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(SIGNAL_VALID(sig), -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        if (!callback)
+                callback = signal_exit_callback;
+
+        r = pthread_sigmask(SIG_SETMASK, NULL, &ss);
+        if (r != 0)
+                return -r;
+
+        if (!sigismember(&ss, sig))
+                return -EBUSY;
+
+        if (!e->signal_sources) {
+                e->signal_sources = new0(sd_event_source*, _NSIG);
+                if (!e->signal_sources)
+                        return -ENOMEM;
+        } else if (e->signal_sources[sig])
+                return -EBUSY;
+
+        s = source_new(e, !ret, SOURCE_SIGNAL);
+        if (!s)
+                return -ENOMEM;
+
+        s->signal.sig = sig;
+        s->signal.callback = callback;
+        s->userdata = userdata;
+        s->enabled = SD_EVENT_ON;
+
+        e->signal_sources[sig] = s;
+
+        r = event_make_signal_data(e, sig, &d);
+        if (r < 0) {
+                source_free(s);
+                return r;
+        }
+
+        /* Use the signal name as description for the event source by default */
+        (void) sd_event_source_set_description(s, signal_to_string(sig));
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+}
+
+_public_ int sd_event_add_child(
+                sd_event *e,
+                sd_event_source **ret,
+                pid_t pid,
+                int options,
+                sd_event_child_handler_t callback,
+                void *userdata) {
+
+        sd_event_source *s;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(pid > 1, -EINVAL);
+        assert_return(!(options & ~(WEXITED|WSTOPPED|WCONTINUED)), -EINVAL);
+        assert_return(options != 0, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        r = hashmap_ensure_allocated(&e->child_sources, NULL);
+        if (r < 0)
+                return r;
+
+        if (hashmap_contains(e->child_sources, PID_TO_PTR(pid)))
+                return -EBUSY;
+
+        s = source_new(e, !ret, SOURCE_CHILD);
+        if (!s)
+                return -ENOMEM;
+
+        s->child.pid = pid;
+        s->child.options = options;
+        s->child.callback = callback;
+        s->userdata = userdata;
+        s->enabled = SD_EVENT_ONESHOT;
+
+        r = hashmap_put(e->child_sources, PID_TO_PTR(pid), s);
+        if (r < 0) {
+                source_free(s);
+                return r;
+        }
+
+        e->n_enabled_child_sources++;
+
+        r = event_make_signal_data(e, SIGCHLD, NULL);
+        if (r < 0) {
+                e->n_enabled_child_sources--;
+                source_free(s);
+                return r;
+        }
+
+        e->need_process_child = true;
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+}
+
+_public_ int sd_event_add_defer(
+                sd_event *e,
+                sd_event_source **ret,
+                sd_event_handler_t callback,
+                void *userdata) {
+
+        sd_event_source *s;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        s = source_new(e, !ret, SOURCE_DEFER);
+        if (!s)
+                return -ENOMEM;
+
+        s->defer.callback = callback;
+        s->userdata = userdata;
+        s->enabled = SD_EVENT_ONESHOT;
+
+        r = source_set_pending(s, true);
+        if (r < 0) {
+                source_free(s);
+                return r;
+        }
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+}
+
+_public_ int sd_event_add_post(
+                sd_event *e,
+                sd_event_source **ret,
+                sd_event_handler_t callback,
+                void *userdata) {
+
+        sd_event_source *s;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        r = set_ensure_allocated(&e->post_sources, NULL);
+        if (r < 0)
+                return r;
+
+        s = source_new(e, !ret, SOURCE_POST);
+        if (!s)
+                return -ENOMEM;
+
+        s->post.callback = callback;
+        s->userdata = userdata;
+        s->enabled = SD_EVENT_ON;
+
+        r = set_put(e->post_sources, s);
+        if (r < 0) {
+                source_free(s);
+                return r;
+        }
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+}
+
+_public_ int sd_event_add_exit(
+                sd_event *e,
+                sd_event_source **ret,
+                sd_event_handler_t callback,
+                void *userdata) {
+
+        sd_event_source *s;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        r = prioq_ensure_allocated(&e->exit, exit_prioq_compare);
+        if (r < 0)
+                return r;
+
+        s = source_new(e, !ret, SOURCE_EXIT);
+        if (!s)
+                return -ENOMEM;
+
+        s->exit.callback = callback;
+        s->userdata = userdata;
+        s->exit.prioq_index = PRIOQ_IDX_NULL;
+        s->enabled = SD_EVENT_ONESHOT;
+
+        r = prioq_put(s->event->exit, s, &s->exit.prioq_index);
+        if (r < 0) {
+                source_free(s);
+                return r;
+        }
+
+        if (ret)
+                *ret = s;
+
+        return 0;
+}
+
+_public_ sd_event_source* sd_event_source_ref(sd_event_source *s) {
+
+        if (!s)
+                return NULL;
+
+        assert(s->n_ref >= 1);
+        s->n_ref++;
+
+        return s;
+}
+
+_public_ sd_event_source* sd_event_source_unref(sd_event_source *s) {
+
+        if (!s)
+                return NULL;
+
+        assert(s->n_ref >= 1);
+        s->n_ref--;
+
+        if (s->n_ref <= 0) {
+                /* Here's a special hack: when we are called from a
+                 * dispatch handler we won't free the event source
+                 * immediately, but we will detach the fd from the
+                 * epoll. This way it is safe for the caller to unref
+                 * the event source and immediately close the fd, but
+                 * we still retain a valid event source object after
+                 * the callback. */
+
+                if (s->dispatching) {
+                        if (s->type == SOURCE_IO)
+                                source_io_unregister(s);
+
+                        source_disconnect(s);
+                } else
+                        source_free(s);
+        }
+
+        return NULL;
+}
+
+_public_ int sd_event_source_set_description(sd_event_source *s, const char *description) {
+        assert_return(s, -EINVAL);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        return free_and_strdup(&s->description, description);
+}
+
+_public_ int sd_event_source_get_description(sd_event_source *s, const char **description) {
+        assert_return(s, -EINVAL);
+        assert_return(description, -EINVAL);
+        assert_return(s->description, -ENXIO);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *description = s->description;
+        return 0;
+}
+
+_public_ sd_event *sd_event_source_get_event(sd_event_source *s) {
+        assert_return(s, NULL);
+
+        return s->event;
+}
+
+_public_ int sd_event_source_get_pending(sd_event_source *s) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type != SOURCE_EXIT, -EDOM);
+        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        return s->pending;
+}
+
+_public_ int sd_event_source_get_io_fd(sd_event_source *s) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_IO, -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        return s->io.fd;
+}
+
+_public_ int sd_event_source_set_io_fd(sd_event_source *s, int fd) {
+        int r;
+
+        assert_return(s, -EINVAL);
+        assert_return(fd >= 0, -EBADF);
+        assert_return(s->type == SOURCE_IO, -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        if (s->io.fd == fd)
+                return 0;
+
+        if (s->enabled == SD_EVENT_OFF) {
+                s->io.fd = fd;
+                s->io.registered = false;
+        } else {
+                int saved_fd;
+
+                saved_fd = s->io.fd;
+                assert(s->io.registered);
+
+                s->io.fd = fd;
+                s->io.registered = false;
+
+                r = source_io_register(s, s->enabled, s->io.events);
+                if (r < 0) {
+                        s->io.fd = saved_fd;
+                        s->io.registered = true;
+                        return r;
+                }
+
+                epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, saved_fd, NULL);
+        }
+
+        return 0;
+}
+
+_public_ int sd_event_source_get_io_events(sd_event_source *s, uint32_t* events) {
+        assert_return(s, -EINVAL);
+        assert_return(events, -EINVAL);
+        assert_return(s->type == SOURCE_IO, -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *events = s->io.events;
+        return 0;
+}
+
+_public_ int sd_event_source_set_io_events(sd_event_source *s, uint32_t events) {
+        int r;
+
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_IO, -EDOM);
+        assert_return(!(events & ~(EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLPRI|EPOLLERR|EPOLLHUP|EPOLLET)), -EINVAL);
+        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        /* edge-triggered updates are never skipped, so we can reset edges */
+        if (s->io.events == events && !(events & EPOLLET))
+                return 0;
+
+        if (s->enabled != SD_EVENT_OFF) {
+                r = source_io_register(s, s->enabled, events);
+                if (r < 0)
+                        return r;
+        }
+
+        s->io.events = events;
+        source_set_pending(s, false);
+
+        return 0;
+}
+
+_public_ int sd_event_source_get_io_revents(sd_event_source *s, uint32_t* revents) {
+        assert_return(s, -EINVAL);
+        assert_return(revents, -EINVAL);
+        assert_return(s->type == SOURCE_IO, -EDOM);
+        assert_return(s->pending, -ENODATA);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *revents = s->io.revents;
+        return 0;
+}
+
+_public_ int sd_event_source_get_signal(sd_event_source *s) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_SIGNAL, -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        return s->signal.sig;
+}
+
+_public_ int sd_event_source_get_priority(sd_event_source *s, int64_t *priority) {
+        assert_return(s, -EINVAL);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        return s->priority;
+}
+
+_public_ int sd_event_source_set_priority(sd_event_source *s, int64_t priority) {
+        int r;
+
+        assert_return(s, -EINVAL);
+        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        if (s->priority == priority)
+                return 0;
+
+        if (s->type == SOURCE_SIGNAL && s->enabled != SD_EVENT_OFF) {
+                struct signal_data *old, *d;
+
+                /* Move us from the signalfd belonging to the old
+                 * priority to the signalfd of the new priority */
+
+                assert_se(old = hashmap_get(s->event->signal_data, &s->priority));
+
+                s->priority = priority;
+
+                r = event_make_signal_data(s->event, s->signal.sig, &d);
+                if (r < 0) {
+                        s->priority = old->priority;
+                        return r;
+                }
+
+                event_unmask_signal_data(s->event, old, s->signal.sig);
+        } else
+                s->priority = priority;
+
+        if (s->pending)
+                prioq_reshuffle(s->event->pending, s, &s->pending_index);
+
+        if (s->prepare)
+                prioq_reshuffle(s->event->prepare, s, &s->prepare_index);
+
+        if (s->type == SOURCE_EXIT)
+                prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
+
+        return 0;
+}
+
+_public_ int sd_event_source_get_enabled(sd_event_source *s, int *m) {
+        assert_return(s, -EINVAL);
+        assert_return(m, -EINVAL);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *m = s->enabled;
+        return 0;
+}
+
+_public_ int sd_event_source_set_enabled(sd_event_source *s, int m) {
+        int r;
+
+        assert_return(s, -EINVAL);
+        assert_return(m == SD_EVENT_OFF || m == SD_EVENT_ON || m == SD_EVENT_ONESHOT, -EINVAL);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        /* If we are dead anyway, we are fine with turning off
+         * sources, but everything else needs to fail. */
+        if (s->event->state == SD_EVENT_FINISHED)
+                return m == SD_EVENT_OFF ? 0 : -ESTALE;
+
+        if (s->enabled == m)
+                return 0;
+
+        if (m == SD_EVENT_OFF) {
+
+                switch (s->type) {
+
+                case SOURCE_IO:
+                        source_io_unregister(s);
+                        s->enabled = m;
+                        break;
+
+                case SOURCE_TIME_REALTIME:
+                case SOURCE_TIME_BOOTTIME:
+                case SOURCE_TIME_MONOTONIC:
+                case SOURCE_TIME_REALTIME_ALARM:
+                case SOURCE_TIME_BOOTTIME_ALARM: {
+                        struct clock_data *d;
+
+                        s->enabled = m;
+                        d = event_get_clock_data(s->event, s->type);
+                        assert(d);
+
+                        prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
+                        prioq_reshuffle(d->latest, s, &s->time.latest_index);
+                        d->needs_rearm = true;
+                        break;
+                }
+
+                case SOURCE_SIGNAL:
+                        s->enabled = m;
+
+                        event_gc_signal_data(s->event, &s->priority, s->signal.sig);
+                        break;
+
+                case SOURCE_CHILD:
+                        s->enabled = m;
+
+                        assert(s->event->n_enabled_child_sources > 0);
+                        s->event->n_enabled_child_sources--;
+
+                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
+                        break;
+
+                case SOURCE_EXIT:
+                        s->enabled = m;
+                        prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
+                        break;
+
+                case SOURCE_DEFER:
+                case SOURCE_POST:
+                        s->enabled = m;
+                        break;
+
+                default:
+                        assert_not_reached("Wut? I shouldn't exist.");
+                }
+
+        } else {
+                switch (s->type) {
+
+                case SOURCE_IO:
+                        r = source_io_register(s, m, s->io.events);
+                        if (r < 0)
+                                return r;
+
+                        s->enabled = m;
+                        break;
+
+                case SOURCE_TIME_REALTIME:
+                case SOURCE_TIME_BOOTTIME:
+                case SOURCE_TIME_MONOTONIC:
+                case SOURCE_TIME_REALTIME_ALARM:
+                case SOURCE_TIME_BOOTTIME_ALARM: {
+                        struct clock_data *d;
+
+                        s->enabled = m;
+                        d = event_get_clock_data(s->event, s->type);
+                        assert(d);
+
+                        prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
+                        prioq_reshuffle(d->latest, s, &s->time.latest_index);
+                        d->needs_rearm = true;
+                        break;
+                }
+
+                case SOURCE_SIGNAL:
+
+                        s->enabled = m;
+
+                        r = event_make_signal_data(s->event, s->signal.sig, NULL);
+                        if (r < 0) {
+                                s->enabled = SD_EVENT_OFF;
+                                event_gc_signal_data(s->event, &s->priority, s->signal.sig);
+                                return r;
+                        }
+
+                        break;
+
+                case SOURCE_CHILD:
+
+                        if (s->enabled == SD_EVENT_OFF)
+                                s->event->n_enabled_child_sources++;
+
+                        s->enabled = m;
+
+                        r = event_make_signal_data(s->event, SIGCHLD, NULL);
+                        if (r < 0) {
+                                s->enabled = SD_EVENT_OFF;
+                                s->event->n_enabled_child_sources--;
+                                event_gc_signal_data(s->event, &s->priority, SIGCHLD);
+                                return r;
+                        }
+
+                        break;
+
+                case SOURCE_EXIT:
+                        s->enabled = m;
+                        prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
+                        break;
+
+                case SOURCE_DEFER:
+                case SOURCE_POST:
+                        s->enabled = m;
+                        break;
+
+                default:
+                        assert_not_reached("Wut? I shouldn't exist.");
+                }
+        }
+
+        if (s->pending)
+                prioq_reshuffle(s->event->pending, s, &s->pending_index);
+
+        if (s->prepare)
+                prioq_reshuffle(s->event->prepare, s, &s->prepare_index);
+
+        return 0;
+}
+
+_public_ int sd_event_source_get_time(sd_event_source *s, uint64_t *usec) {
+        assert_return(s, -EINVAL);
+        assert_return(usec, -EINVAL);
+        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *usec = s->time.next;
+        return 0;
+}
+
+_public_ int sd_event_source_set_time(sd_event_source *s, uint64_t usec) {
+        struct clock_data *d;
+
+        assert_return(s, -EINVAL);
+        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
+        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        s->time.next = usec;
+
+        source_set_pending(s, false);
+
+        d = event_get_clock_data(s->event, s->type);
+        assert(d);
+
+        prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
+        prioq_reshuffle(d->latest, s, &s->time.latest_index);
+        d->needs_rearm = true;
+
+        return 0;
+}
+
+_public_ int sd_event_source_get_time_accuracy(sd_event_source *s, uint64_t *usec) {
+        assert_return(s, -EINVAL);
+        assert_return(usec, -EINVAL);
+        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *usec = s->time.accuracy;
+        return 0;
+}
+
+_public_ int sd_event_source_set_time_accuracy(sd_event_source *s, uint64_t usec) {
+        struct clock_data *d;
+
+        assert_return(s, -EINVAL);
+        assert_return(usec != (uint64_t) -1, -EINVAL);
+        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
+        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        if (usec == 0)
+                usec = DEFAULT_ACCURACY_USEC;
+
+        s->time.accuracy = usec;
+
+        source_set_pending(s, false);
+
+        d = event_get_clock_data(s->event, s->type);
+        assert(d);
+
+        prioq_reshuffle(d->latest, s, &s->time.latest_index);
+        d->needs_rearm = true;
+
+        return 0;
+}
+
+_public_ int sd_event_source_get_time_clock(sd_event_source *s, clockid_t *clock) {
+        assert_return(s, -EINVAL);
+        assert_return(clock, -EINVAL);
+        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *clock = event_source_type_to_clock(s->type);
+        return 0;
+}
+
+_public_ int sd_event_source_get_child_pid(sd_event_source *s, pid_t *pid) {
+        assert_return(s, -EINVAL);
+        assert_return(pid, -EINVAL);
+        assert_return(s->type == SOURCE_CHILD, -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        *pid = s->child.pid;
+        return 0;
+}
+
+_public_ int sd_event_source_set_prepare(sd_event_source *s, sd_event_handler_t callback) {
+        int r;
+
+        assert_return(s, -EINVAL);
+        assert_return(s->type != SOURCE_EXIT, -EDOM);
+        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        if (s->prepare == callback)
+                return 0;
+
+        if (callback && s->prepare) {
+                s->prepare = callback;
+                return 0;
+        }
+
+        r = prioq_ensure_allocated(&s->event->prepare, prepare_prioq_compare);
+        if (r < 0)
+                return r;
+
+        s->prepare = callback;
+
+        if (callback) {
+                r = prioq_put(s->event->prepare, s, &s->prepare_index);
+                if (r < 0)
+                        return r;
+        } else
+                prioq_remove(s->event->prepare, s, &s->prepare_index);
+
+        return 0;
+}
+
+_public_ void* sd_event_source_get_userdata(sd_event_source *s) {
+        assert_return(s, NULL);
+
+        return s->userdata;
+}
+
+_public_ void *sd_event_source_set_userdata(sd_event_source *s, void *userdata) {
+        void *ret;
+
+        assert_return(s, NULL);
+
+        ret = s->userdata;
+        s->userdata = userdata;
+
+        return ret;
+}
+
+static usec_t sleep_between(sd_event *e, usec_t a, usec_t b) {
+        usec_t c;
+        assert(e);
+        assert(a <= b);
+
+        if (a <= 0)
+                return 0;
+        if (a >= USEC_INFINITY)
+                return USEC_INFINITY;
+
+        if (b <= a + 1)
+                return a;
+
+        initialize_perturb(e);
+
+        /*
+          Find a good time to wake up again between times a and b. We
+          have two goals here:
+
+          a) We want to wake up as seldom as possible, hence prefer
+             later times over earlier times.
+
+          b) But if we have to wake up, then let's make sure to
+             dispatch as much as possible on the entire system.
+
+          We implement this by waking up everywhere at the same time
+          within any given minute if we can, synchronised via the
+          perturbation value determined from the boot ID. If we can't,
+          then we try to find the same spot in every 10s, then 1s and
+          then 250ms step. Otherwise, we pick the last possible time
+          to wake up.
+        */
+
+        c = (b / USEC_PER_MINUTE) * USEC_PER_MINUTE + e->perturb;
+        if (c >= b) {
+                if (_unlikely_(c < USEC_PER_MINUTE))
+                        return b;
+
+                c -= USEC_PER_MINUTE;
+        }
+
+        if (c >= a)
+                return c;
+
+        c = (b / (USEC_PER_SEC*10)) * (USEC_PER_SEC*10) + (e->perturb % (USEC_PER_SEC*10));
+        if (c >= b) {
+                if (_unlikely_(c < USEC_PER_SEC*10))
+                        return b;
+
+                c -= USEC_PER_SEC*10;
+        }
+
+        if (c >= a)
+                return c;
+
+        c = (b / USEC_PER_SEC) * USEC_PER_SEC + (e->perturb % USEC_PER_SEC);
+        if (c >= b) {
+                if (_unlikely_(c < USEC_PER_SEC))
+                        return b;
+
+                c -= USEC_PER_SEC;
+        }
+
+        if (c >= a)
+                return c;
+
+        c = (b / (USEC_PER_MSEC*250)) * (USEC_PER_MSEC*250) + (e->perturb % (USEC_PER_MSEC*250));
+        if (c >= b) {
+                if (_unlikely_(c < USEC_PER_MSEC*250))
+                        return b;
+
+                c -= USEC_PER_MSEC*250;
+        }
+
+        if (c >= a)
+                return c;
+
+        return b;
+}
+
+static int event_arm_timer(
+                sd_event *e,
+                struct clock_data *d) {
+
+        struct itimerspec its = {};
+        sd_event_source *a, *b;
+        usec_t t;
+        int r;
+
+        assert(e);
+        assert(d);
+
+        if (!d->needs_rearm)
+                return 0;
+        else
+                d->needs_rearm = false;
+
+        a = prioq_peek(d->earliest);
+        if (!a || a->enabled == SD_EVENT_OFF || a->time.next == USEC_INFINITY) {
+
+                if (d->fd < 0)
+                        return 0;
+
+                if (d->next == USEC_INFINITY)
+                        return 0;
+
+                /* disarm */
+                r = timerfd_settime(d->fd, TFD_TIMER_ABSTIME, &its, NULL);
+                if (r < 0)
+                        return r;
+
+                d->next = USEC_INFINITY;
+                return 0;
+        }
+
+        b = prioq_peek(d->latest);
+        assert_se(b && b->enabled != SD_EVENT_OFF);
+
+        t = sleep_between(e, a->time.next, time_event_source_latest(b));
+        if (d->next == t)
+                return 0;
+
+        assert_se(d->fd >= 0);
+
+        if (t == 0) {
+                /* We don' want to disarm here, just mean some time looooong ago. */
+                its.it_value.tv_sec = 0;
+                its.it_value.tv_nsec = 1;
+        } else
+                timespec_store(&its.it_value, t);
+
+        r = timerfd_settime(d->fd, TFD_TIMER_ABSTIME, &its, NULL);
+        if (r < 0)
+                return -errno;
+
+        d->next = t;
+        return 0;
+}
+
+static int process_io(sd_event *e, sd_event_source *s, uint32_t revents) {
+        assert(e);
+        assert(s);
+        assert(s->type == SOURCE_IO);
+
+        /* If the event source was already pending, we just OR in the
+         * new revents, otherwise we reset the value. The ORing is
+         * necessary to handle EPOLLONESHOT events properly where
+         * readability might happen independently of writability, and
+         * we need to keep track of both */
+
+        if (s->pending)
+                s->io.revents |= revents;
+        else
+                s->io.revents = revents;
+
+        return source_set_pending(s, true);
+}
+
+static int flush_timer(sd_event *e, int fd, uint32_t events, usec_t *next) {
+        uint64_t x;
+        ssize_t ss;
+
+        assert(e);
+        assert(fd >= 0);
+
+        assert_return(events == EPOLLIN, -EIO);
+
+        ss = read(fd, &x, sizeof(x));
+        if (ss < 0) {
+                if (errno == EAGAIN || errno == EINTR)
+                        return 0;
+
+                return -errno;
+        }
+
+        if (_unlikely_(ss != sizeof(x)))
+                return -EIO;
+
+        if (next)
+                *next = USEC_INFINITY;
+
+        return 0;
+}
+
+static int process_timer(
+                sd_event *e,
+                usec_t n,
+                struct clock_data *d) {
+
+        sd_event_source *s;
+        int r;
+
+        assert(e);
+        assert(d);
+
+        for (;;) {
+                s = prioq_peek(d->earliest);
+                if (!s ||
+                    s->time.next > n ||
+                    s->enabled == SD_EVENT_OFF ||
+                    s->pending)
+                        break;
+
+                r = source_set_pending(s, true);
+                if (r < 0)
+                        return r;
+
+                prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
+                prioq_reshuffle(d->latest, s, &s->time.latest_index);
+                d->needs_rearm = true;
+        }
+
+        return 0;
+}
+
+static int process_child(sd_event *e) {
+        sd_event_source *s;
+        Iterator i;
+        int r;
+
+        assert(e);
+
+        e->need_process_child = false;
+
+        /*
+           So, this is ugly. We iteratively invoke waitid() with P_PID
+           + WNOHANG for each PID we wait for, instead of using
+           P_ALL. This is because we only want to get child
+           information of very specific child processes, and not all
+           of them. We might not have processed the SIGCHLD even of a
+           previous invocation and we don't want to maintain a
+           unbounded *per-child* event queue, hence we really don't
+           want anything flushed out of the kernel's queue that we
+           don't care about. Since this is O(n) this means that if you
+           have a lot of processes you probably want to handle SIGCHLD
+           yourself.
+
+           We do not reap the children here (by using WNOWAIT), this
+           is only done after the event source is dispatched so that
+           the callback still sees the process as a zombie.
+        */
+
+        HASHMAP_FOREACH(s, e->child_sources, i) {
+                assert(s->type == SOURCE_CHILD);
+
+                if (s->pending)
+                        continue;
+
+                if (s->enabled == SD_EVENT_OFF)
+                        continue;
+
+                zero(s->child.siginfo);
+                r = waitid(P_PID, s->child.pid, &s->child.siginfo,
+                           WNOHANG | (s->child.options & WEXITED ? WNOWAIT : 0) | s->child.options);
+                if (r < 0)
+                        return -errno;
+
+                if (s->child.siginfo.si_pid != 0) {
+                        bool zombie =
+                                s->child.siginfo.si_code == CLD_EXITED ||
+                                s->child.siginfo.si_code == CLD_KILLED ||
+                                s->child.siginfo.si_code == CLD_DUMPED;
+
+                        if (!zombie && (s->child.options & WEXITED)) {
+                                /* If the child isn't dead then let's
+                                 * immediately remove the state change
+                                 * from the queue, since there's no
+                                 * benefit in leaving it queued */
+
+                                assert(s->child.options & (WSTOPPED|WCONTINUED));
+                                waitid(P_PID, s->child.pid, &s->child.siginfo, WNOHANG|(s->child.options & (WSTOPPED|WCONTINUED)));
+                        }
+
+                        r = source_set_pending(s, true);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        return 0;
+}
+
+static int process_signal(sd_event *e, struct signal_data *d, uint32_t events) {
+        bool read_one = false;
+        int r;
+
+        assert(e);
+        assert_return(events == EPOLLIN, -EIO);
+
+        /* If there's a signal queued on this priority and SIGCHLD is
+           on this priority too, then make sure to recheck the
+           children we watch. This is because we only ever dequeue
+           the first signal per priority, and if we dequeue one, and
+           SIGCHLD might be enqueued later we wouldn't know, but we
+           might have higher priority children we care about hence we
+           need to check that explicitly. */
+
+        if (sigismember(&d->sigset, SIGCHLD))
+                e->need_process_child = true;
+
+        /* If there's already an event source pending for this
+         * priority we don't read another */
+        if (d->current)
+                return 0;
+
+        for (;;) {
+                struct signalfd_siginfo si;
+                ssize_t n;
+                sd_event_source *s = NULL;
+
+                n = read(d->fd, &si, sizeof(si));
+                if (n < 0) {
+                        if (errno == EAGAIN || errno == EINTR)
+                                return read_one;
+
+                        return -errno;
+                }
+
+                if (_unlikely_(n != sizeof(si)))
+                        return -EIO;
+
+                assert(SIGNAL_VALID(si.ssi_signo));
+
+                read_one = true;
+
+                if (e->signal_sources)
+                        s = e->signal_sources[si.ssi_signo];
+                if (!s)
+                        continue;
+                if (s->pending)
+                        continue;
+
+                s->signal.siginfo = si;
+                d->current = s;
+
+                r = source_set_pending(s, true);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+}
+
+static int source_dispatch(sd_event_source *s) {
+        int r = 0;
+
+        assert(s);
+        assert(s->pending || s->type == SOURCE_EXIT);
+
+        if (s->type != SOURCE_DEFER && s->type != SOURCE_EXIT) {
+                r = source_set_pending(s, false);
+                if (r < 0)
+                        return r;
+        }
+
+        if (s->type != SOURCE_POST) {
+                sd_event_source *z;
+                Iterator i;
+
+                /* If we execute a non-post source, let's mark all
+                 * post sources as pending */
+
+                SET_FOREACH(z, s->event->post_sources, i) {
+                        if (z->enabled == SD_EVENT_OFF)
+                                continue;
+
+                        r = source_set_pending(z, true);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        if (s->enabled == SD_EVENT_ONESHOT) {
+                r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
+                if (r < 0)
+                        return r;
+        }
+
+        s->dispatching = true;
+
+        switch (s->type) {
+
+        case SOURCE_IO:
+                r = s->io.callback(s, s->io.fd, s->io.revents, s->userdata);
+                break;
+
+        case SOURCE_TIME_REALTIME:
+        case SOURCE_TIME_BOOTTIME:
+        case SOURCE_TIME_MONOTONIC:
+        case SOURCE_TIME_REALTIME_ALARM:
+        case SOURCE_TIME_BOOTTIME_ALARM:
+                r = s->time.callback(s, s->time.next, s->userdata);
+                break;
+
+        case SOURCE_SIGNAL:
+                r = s->signal.callback(s, &s->signal.siginfo, s->userdata);
+                break;
+
+        case SOURCE_CHILD: {
+                bool zombie;
+
+                zombie = s->child.siginfo.si_code == CLD_EXITED ||
+                         s->child.siginfo.si_code == CLD_KILLED ||
+                         s->child.siginfo.si_code == CLD_DUMPED;
+
+                r = s->child.callback(s, &s->child.siginfo, s->userdata);
+
+                /* Now, reap the PID for good. */
+                if (zombie)
+                        waitid(P_PID, s->child.pid, &s->child.siginfo, WNOHANG|WEXITED);
+
+                break;
+        }
+
+        case SOURCE_DEFER:
+                r = s->defer.callback(s, s->userdata);
+                break;
+
+        case SOURCE_POST:
+                r = s->post.callback(s, s->userdata);
+                break;
+
+        case SOURCE_EXIT:
+                r = s->exit.callback(s, s->userdata);
+                break;
+
+        case SOURCE_WATCHDOG:
+        case _SOURCE_EVENT_SOURCE_TYPE_MAX:
+        case _SOURCE_EVENT_SOURCE_TYPE_INVALID:
+                assert_not_reached("Wut? I shouldn't exist.");
+        }
+
+        s->dispatching = false;
+
+        if (r < 0)
+                log_debug_errno(r, "Event source %s (type %s) returned error, disabling: %m",
+                                strna(s->description), event_source_type_to_string(s->type));
+
+        if (s->n_ref == 0)
+                source_free(s);
+        else if (r < 0)
+                sd_event_source_set_enabled(s, SD_EVENT_OFF);
+
+        return 1;
+}
+
+static int event_prepare(sd_event *e) {
+        int r;
+
+        assert(e);
+
+        for (;;) {
+                sd_event_source *s;
+
+                s = prioq_peek(e->prepare);
+                if (!s || s->prepare_iteration == e->iteration || s->enabled == SD_EVENT_OFF)
+                        break;
+
+                s->prepare_iteration = e->iteration;
+                r = prioq_reshuffle(e->prepare, s, &s->prepare_index);
+                if (r < 0)
+                        return r;
+
+                assert(s->prepare);
+
+                s->dispatching = true;
+                r = s->prepare(s, s->userdata);
+                s->dispatching = false;
+
+                if (r < 0)
+                        log_debug_errno(r, "Prepare callback of event source %s (type %s) returned error, disabling: %m",
+                                        strna(s->description), event_source_type_to_string(s->type));
+
+                if (s->n_ref == 0)
+                        source_free(s);
+                else if (r < 0)
+                        sd_event_source_set_enabled(s, SD_EVENT_OFF);
+        }
+
+        return 0;
+}
+
+static int dispatch_exit(sd_event *e) {
+        sd_event_source *p;
+        int r;
+
+        assert(e);
+
+        p = prioq_peek(e->exit);
+        if (!p || p->enabled == SD_EVENT_OFF) {
+                e->state = SD_EVENT_FINISHED;
+                return 0;
+        }
+
+        sd_event_ref(e);
+        e->iteration++;
+        e->state = SD_EVENT_EXITING;
+
+        r = source_dispatch(p);
+
+        e->state = SD_EVENT_INITIAL;
+        sd_event_unref(e);
+
+        return r;
+}
+
+static sd_event_source* event_next_pending(sd_event *e) {
+        sd_event_source *p;
+
+        assert(e);
+
+        p = prioq_peek(e->pending);
+        if (!p)
+                return NULL;
+
+        if (p->enabled == SD_EVENT_OFF)
+                return NULL;
+
+        return p;
+}
+
+static int arm_watchdog(sd_event *e) {
+        struct itimerspec its = {};
+        usec_t t;
+        int r;
+
+        assert(e);
+        assert(e->watchdog_fd >= 0);
+
+        t = sleep_between(e,
+                          e->watchdog_last + (e->watchdog_period / 2),
+                          e->watchdog_last + (e->watchdog_period * 3 / 4));
+
+        timespec_store(&its.it_value, t);
+
+        /* Make sure we never set the watchdog to 0, which tells the
+         * kernel to disable it. */
+        if (its.it_value.tv_sec == 0 && its.it_value.tv_nsec == 0)
+                its.it_value.tv_nsec = 1;
+
+        r = timerfd_settime(e->watchdog_fd, TFD_TIMER_ABSTIME, &its, NULL);
+        if (r < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int process_watchdog(sd_event *e) {
+        assert(e);
+
+        if (!e->watchdog)
+                return 0;
+
+        /* Don't notify watchdog too often */
+        if (e->watchdog_last + e->watchdog_period / 4 > e->timestamp.monotonic)
+                return 0;
+
+        sd_notify(false, "WATCHDOG=1");
+        e->watchdog_last = e->timestamp.monotonic;
+
+        return arm_watchdog(e);
+}
+
+_public_ int sd_event_prepare(sd_event *e) {
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
+
+        if (e->exit_requested)
+                goto pending;
+
+        e->iteration++;
+
+        e->state = SD_EVENT_PREPARING;
+        r = event_prepare(e);
+        e->state = SD_EVENT_INITIAL;
+        if (r < 0)
+                return r;
+
+        r = event_arm_timer(e, &e->realtime);
+        if (r < 0)
+                return r;
+
+        r = event_arm_timer(e, &e->boottime);
+        if (r < 0)
+                return r;
+
+        r = event_arm_timer(e, &e->monotonic);
+        if (r < 0)
+                return r;
+
+        r = event_arm_timer(e, &e->realtime_alarm);
+        if (r < 0)
+                return r;
+
+        r = event_arm_timer(e, &e->boottime_alarm);
+        if (r < 0)
+                return r;
+
+        if (event_next_pending(e) || e->need_process_child)
+                goto pending;
+
+        e->state = SD_EVENT_ARMED;
+
+        return 0;
+
+pending:
+        e->state = SD_EVENT_ARMED;
+        r = sd_event_wait(e, 0);
+        if (r == 0)
+                e->state = SD_EVENT_ARMED;
+
+        return r;
+}
+
+_public_ int sd_event_wait(sd_event *e, uint64_t timeout) {
+        struct epoll_event *ev_queue;
+        unsigned ev_queue_max;
+        int r, m, i;
+
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(e->state == SD_EVENT_ARMED, -EBUSY);
+
+        if (e->exit_requested) {
+                e->state = SD_EVENT_PENDING;
+                return 1;
+        }
+
+        ev_queue_max = MAX(e->n_sources, 1u);
+        ev_queue = newa(struct epoll_event, ev_queue_max);
+
+        m = epoll_wait(e->epoll_fd, ev_queue, ev_queue_max,
+                       timeout == (uint64_t) -1 ? -1 : (int) ((timeout + USEC_PER_MSEC - 1) / USEC_PER_MSEC));
+        if (m < 0) {
+                if (errno == EINTR) {
+                        e->state = SD_EVENT_PENDING;
+                        return 1;
+                }
+
+                r = -errno;
+                goto finish;
+        }
+
+        dual_timestamp_get(&e->timestamp);
+        if (clock_boottime_supported())
+                e->timestamp_boottime = now(CLOCK_BOOTTIME);
+
+        for (i = 0; i < m; i++) {
+
+                if (ev_queue[i].data.ptr == INT_TO_PTR(SOURCE_WATCHDOG))
+                        r = flush_timer(e, e->watchdog_fd, ev_queue[i].events, NULL);
+                else {
+                        WakeupType *t = ev_queue[i].data.ptr;
+
+                        switch (*t) {
+
+                        case WAKEUP_EVENT_SOURCE:
+                                r = process_io(e, ev_queue[i].data.ptr, ev_queue[i].events);
+                                break;
+
+                        case WAKEUP_CLOCK_DATA: {
+                                struct clock_data *d = ev_queue[i].data.ptr;
+                                r = flush_timer(e, d->fd, ev_queue[i].events, &d->next);
+                                break;
+                        }
+
+                        case WAKEUP_SIGNAL_DATA:
+                                r = process_signal(e, ev_queue[i].data.ptr, ev_queue[i].events);
+                                break;
+
+                        default:
+                                assert_not_reached("Invalid wake-up pointer");
+                        }
+                }
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = process_watchdog(e);
+        if (r < 0)
+                goto finish;
+
+        r = process_timer(e, e->timestamp.realtime, &e->realtime);
+        if (r < 0)
+                goto finish;
+
+        r = process_timer(e, e->timestamp_boottime, &e->boottime);
+        if (r < 0)
+                goto finish;
+
+        r = process_timer(e, e->timestamp.monotonic, &e->monotonic);
+        if (r < 0)
+                goto finish;
+
+        r = process_timer(e, e->timestamp.realtime, &e->realtime_alarm);
+        if (r < 0)
+                goto finish;
+
+        r = process_timer(e, e->timestamp_boottime, &e->boottime_alarm);
+        if (r < 0)
+                goto finish;
+
+        if (e->need_process_child) {
+                r = process_child(e);
+                if (r < 0)
+                        goto finish;
+        }
+
+        if (event_next_pending(e)) {
+                e->state = SD_EVENT_PENDING;
+
+                return 1;
+        }
+
+        r = 0;
+
+finish:
+        e->state = SD_EVENT_INITIAL;
+
+        return r;
+}
+
+_public_ int sd_event_dispatch(sd_event *e) {
+        sd_event_source *p;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(e->state == SD_EVENT_PENDING, -EBUSY);
+
+        if (e->exit_requested)
+                return dispatch_exit(e);
+
+        p = event_next_pending(e);
+        if (p) {
+                sd_event_ref(e);
+
+                e->state = SD_EVENT_RUNNING;
+                r = source_dispatch(p);
+                e->state = SD_EVENT_INITIAL;
+
+                sd_event_unref(e);
+
+                return r;
+        }
+
+        e->state = SD_EVENT_INITIAL;
+
+        return 1;
+}
+
+static void event_log_delays(sd_event *e) {
+        char b[ELEMENTSOF(e->delays) * DECIMAL_STR_MAX(unsigned) + 1];
+        unsigned i;
+        int o;
+
+        for (i = o = 0; i < ELEMENTSOF(e->delays); i++) {
+                o += snprintf(&b[o], sizeof(b) - o, "%u ", e->delays[i]);
+                e->delays[i] = 0;
+        }
+        log_debug("Event loop iterations: %.*s", o, b);
+}
+
+_public_ int sd_event_run(sd_event *e, uint64_t timeout) {
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
+
+        if (e->profile_delays && e->last_run) {
+                usec_t this_run;
+                unsigned l;
+
+                this_run = now(CLOCK_MONOTONIC);
+
+                l = u64log2(this_run - e->last_run);
+                assert(l < sizeof(e->delays));
+                e->delays[l]++;
+
+                if (this_run - e->last_log >= 5*USEC_PER_SEC) {
+                        event_log_delays(e);
+                        e->last_log = this_run;
+                }
+        }
+
+        r = sd_event_prepare(e);
+        if (r == 0)
+                /* There was nothing? Then wait... */
+                r = sd_event_wait(e, timeout);
+
+        if (e->profile_delays)
+                e->last_run = now(CLOCK_MONOTONIC);
+
+        if (r > 0) {
+                /* There's something now, then let's dispatch it */
+                r = sd_event_dispatch(e);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+
+        return r;
+}
+
+_public_ int sd_event_loop(sd_event *e) {
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+        assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
+
+        sd_event_ref(e);
+
+        while (e->state != SD_EVENT_FINISHED) {
+                r = sd_event_run(e, (uint64_t) -1);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = e->exit_code;
+
+finish:
+        sd_event_unref(e);
+        return r;
+}
+
+_public_ int sd_event_get_fd(sd_event *e) {
+
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        return e->epoll_fd;
+}
+
+_public_ int sd_event_get_state(sd_event *e) {
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        return e->state;
+}
+
+_public_ int sd_event_get_exit_code(sd_event *e, int *code) {
+        assert_return(e, -EINVAL);
+        assert_return(code, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        if (!e->exit_requested)
+                return -ENODATA;
+
+        *code = e->exit_code;
+        return 0;
+}
+
+_public_ int sd_event_exit(sd_event *e, int code) {
+        assert_return(e, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        e->exit_requested = true;
+        e->exit_code = code;
+
+        return 0;
+}
+
+_public_ int sd_event_now(sd_event *e, clockid_t clock, uint64_t *usec) {
+        assert_return(e, -EINVAL);
+        assert_return(usec, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+        assert_return(IN_SET(clock,
+                             CLOCK_REALTIME,
+                             CLOCK_REALTIME_ALARM,
+                             CLOCK_MONOTONIC,
+                             CLOCK_BOOTTIME,
+                             CLOCK_BOOTTIME_ALARM), -EOPNOTSUPP);
+
+        if (IN_SET(clock, CLOCK_BOOTTIME, CLOCK_BOOTTIME_ALARM) && !clock_boottime_supported())
+                return -EOPNOTSUPP;
+
+        if (!dual_timestamp_is_set(&e->timestamp)) {
+                /* Implicitly fall back to now() if we never ran
+                 * before and thus have no cached time. */
+                *usec = now(clock);
+                return 1;
+        }
+
+        switch (clock) {
+
+        case CLOCK_REALTIME:
+        case CLOCK_REALTIME_ALARM:
+                *usec = e->timestamp.realtime;
+                break;
+
+        case CLOCK_MONOTONIC:
+                *usec = e->timestamp.monotonic;
+                break;
+
+        case CLOCK_BOOTTIME:
+        case CLOCK_BOOTTIME_ALARM:
+                *usec = e->timestamp_boottime;
+                break;
+
+        default:
+                assert_not_reached("Unknown clock?");
+        }
+
+        return 0;
+}
+
+_public_ int sd_event_default(sd_event **ret) {
+
+        static thread_local sd_event *default_event = NULL;
+        sd_event *e = NULL;
+        int r;
+
+        if (!ret)
+                return !!default_event;
+
+        if (default_event) {
+                *ret = sd_event_ref(default_event);
+                return 0;
+        }
+
+        r = sd_event_new(&e);
+        if (r < 0)
+                return r;
+
+        e->default_event_ptr = &default_event;
+        e->tid = gettid();
+        default_event = e;
+
+        *ret = e;
+        return 1;
+}
+
+_public_ int sd_event_get_tid(sd_event *e, pid_t *tid) {
+        assert_return(e, -EINVAL);
+        assert_return(tid, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        if (e->tid != 0) {
+                *tid = e->tid;
+                return 0;
+        }
+
+        return -ENXIO;
+}
+
+_public_ int sd_event_set_watchdog(sd_event *e, int b) {
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        if (e->watchdog == !!b)
+                return e->watchdog;
+
+        if (b) {
+                struct epoll_event ev = {};
+
+                r = sd_watchdog_enabled(false, &e->watchdog_period);
+                if (r <= 0)
+                        return r;
+
+                /* Issue first ping immediately */
+                sd_notify(false, "WATCHDOG=1");
+                e->watchdog_last = now(CLOCK_MONOTONIC);
+
+                e->watchdog_fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK|TFD_CLOEXEC);
+                if (e->watchdog_fd < 0)
+                        return -errno;
+
+                r = arm_watchdog(e);
+                if (r < 0)
+                        goto fail;
+
+                ev.events = EPOLLIN;
+                ev.data.ptr = INT_TO_PTR(SOURCE_WATCHDOG);
+
+                r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, e->watchdog_fd, &ev);
+                if (r < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+
+        } else {
+                if (e->watchdog_fd >= 0) {
+                        epoll_ctl(e->epoll_fd, EPOLL_CTL_DEL, e->watchdog_fd, NULL);
+                        e->watchdog_fd = safe_close(e->watchdog_fd);
+                }
+        }
+
+        e->watchdog = !!b;
+        return e->watchdog;
+
+fail:
+        e->watchdog_fd = safe_close(e->watchdog_fd);
+        return r;
+}
+
+_public_ int sd_event_get_watchdog(sd_event *e) {
+        assert_return(e, -EINVAL);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        return e->watchdog;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-event/test-event.c b/src/libsystemd/libsystemd-internal/sd-event/test-event.c
new file mode 100644
index 0000000000..324ad7ee02
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-event/test-event.c
@@ -0,0 +1,361 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+
+#include "fd-util.h"
+#include "log.h"
+#include "macro.h"
+#include "signal-util.h"
+#include "util.h"
+
+static int prepare_handler(sd_event_source *s, void *userdata) {
+        log_info("preparing %c", PTR_TO_INT(userdata));
+        return 1;
+}
+
+static bool got_a, got_b, got_c, got_unref;
+static unsigned got_d;
+
+static int unref_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        sd_event_source_unref(s);
+        got_unref = true;
+        return 0;
+}
+
+static int io_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+
+        log_info("got IO on %c", PTR_TO_INT(userdata));
+
+        if (userdata == INT_TO_PTR('a')) {
+                assert_se(sd_event_source_set_enabled(s, SD_EVENT_OFF) >= 0);
+                assert_se(!got_a);
+                got_a = true;
+        } else if (userdata == INT_TO_PTR('b')) {
+                assert_se(!got_b);
+                got_b = true;
+        } else if (userdata == INT_TO_PTR('d')) {
+                got_d++;
+                if (got_d < 2)
+                        assert_se(sd_event_source_set_enabled(s, SD_EVENT_ONESHOT) >= 0);
+                else
+                        assert_se(sd_event_source_set_enabled(s, SD_EVENT_OFF) >= 0);
+        } else
+                assert_not_reached("Yuck!");
+
+        return 1;
+}
+
+static int child_handler(sd_event_source *s, const siginfo_t *si, void *userdata) {
+
+        assert_se(s);
+        assert_se(si);
+
+        log_info("got child on %c", PTR_TO_INT(userdata));
+
+        assert_se(userdata == INT_TO_PTR('f'));
+
+        assert_se(sd_event_exit(sd_event_source_get_event(s), 0) >= 0);
+        sd_event_source_unref(s);
+
+        return 1;
+}
+
+static int signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        sd_event_source *p = NULL;
+        pid_t pid;
+
+        assert_se(s);
+        assert_se(si);
+
+        log_info("got signal on %c", PTR_TO_INT(userdata));
+
+        assert_se(userdata == INT_TO_PTR('e'));
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, -1) >= 0);
+
+        pid = fork();
+        assert_se(pid >= 0);
+
+        if (pid == 0)
+                _exit(0);
+
+        assert_se(sd_event_add_child(sd_event_source_get_event(s), &p, pid, WEXITED, child_handler, INT_TO_PTR('f')) >= 0);
+        assert_se(sd_event_source_set_enabled(p, SD_EVENT_ONESHOT) >= 0);
+
+        sd_event_source_unref(s);
+
+        return 1;
+}
+
+static int defer_handler(sd_event_source *s, void *userdata) {
+        sd_event_source *p = NULL;
+
+        assert_se(s);
+
+        log_info("got defer on %c", PTR_TO_INT(userdata));
+
+        assert_se(userdata == INT_TO_PTR('d'));
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGUSR1, -1) >= 0);
+
+        assert_se(sd_event_add_signal(sd_event_source_get_event(s), &p, SIGUSR1, signal_handler, INT_TO_PTR('e')) >= 0);
+        assert_se(sd_event_source_set_enabled(p, SD_EVENT_ONESHOT) >= 0);
+        raise(SIGUSR1);
+
+        sd_event_source_unref(s);
+
+        return 1;
+}
+
+static bool do_quit = false;
+
+static int time_handler(sd_event_source *s, uint64_t usec, void *userdata) {
+        log_info("got timer on %c", PTR_TO_INT(userdata));
+
+        if (userdata == INT_TO_PTR('c')) {
+
+                if (do_quit) {
+                        sd_event_source *p;
+
+                        assert_se(sd_event_add_defer(sd_event_source_get_event(s), &p, defer_handler, INT_TO_PTR('d')) >= 0);
+                        assert_se(sd_event_source_set_enabled(p, SD_EVENT_ONESHOT) >= 0);
+                } else {
+                        assert_se(!got_c);
+                        got_c = true;
+                }
+        } else
+                assert_not_reached("Huh?");
+
+        return 2;
+}
+
+static bool got_exit = false;
+
+static int exit_handler(sd_event_source *s, void *userdata) {
+        log_info("got quit handler on %c", PTR_TO_INT(userdata));
+
+        got_exit = true;
+
+        return 3;
+}
+
+static bool got_post = false;
+
+static int post_handler(sd_event_source *s, void *userdata) {
+        log_info("got post handler");
+
+        got_post = true;
+
+        return 2;
+}
+
+static void test_basic(void) {
+        sd_event *e = NULL;
+        sd_event_source *w = NULL, *x = NULL, *y = NULL, *z = NULL, *q = NULL, *t = NULL;
+        static const char ch = 'x';
+        int a[2] = { -1, -1 }, b[2] = { -1, -1}, d[2] = { -1, -1}, k[2] = { -1, -1 };
+        uint64_t event_now;
+
+        assert_se(pipe(a) >= 0);
+        assert_se(pipe(b) >= 0);
+        assert_se(pipe(d) >= 0);
+        assert_se(pipe(k) >= 0);
+
+        assert_se(sd_event_default(&e) >= 0);
+        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) > 0);
+
+        assert_se(sd_event_set_watchdog(e, true) >= 0);
+
+        /* Test whether we cleanly can destroy an io event source from its own handler */
+        got_unref = false;
+        assert_se(sd_event_add_io(e, &t, k[0], EPOLLIN, unref_handler, NULL) >= 0);
+        assert_se(write(k[1], &ch, 1) == 1);
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+        assert_se(got_unref);
+
+        got_a = false, got_b = false, got_c = false, got_d = 0;
+
+        /* Add a oneshot handler, trigger it, re-enable it, and trigger
+         * it again. */
+        assert_se(sd_event_add_io(e, &w, d[0], EPOLLIN, io_handler, INT_TO_PTR('d')) >= 0);
+        assert_se(sd_event_source_set_enabled(w, SD_EVENT_ONESHOT) >= 0);
+        assert_se(write(d[1], &ch, 1) >= 0);
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+        assert_se(got_d == 1);
+        assert_se(write(d[1], &ch, 1) >= 0);
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+        assert_se(got_d == 2);
+
+        assert_se(sd_event_add_io(e, &x, a[0], EPOLLIN, io_handler, INT_TO_PTR('a')) >= 0);
+        assert_se(sd_event_add_io(e, &y, b[0], EPOLLIN, io_handler, INT_TO_PTR('b')) >= 0);
+        assert_se(sd_event_add_time(e, &z, CLOCK_MONOTONIC, 0, 0, time_handler, INT_TO_PTR('c')) >= 0);
+        assert_se(sd_event_add_exit(e, &q, exit_handler, INT_TO_PTR('g')) >= 0);
+
+        assert_se(sd_event_source_set_priority(x, 99) >= 0);
+        assert_se(sd_event_source_set_enabled(y, SD_EVENT_ONESHOT) >= 0);
+        assert_se(sd_event_source_set_prepare(x, prepare_handler) >= 0);
+        assert_se(sd_event_source_set_priority(z, 50) >= 0);
+        assert_se(sd_event_source_set_enabled(z, SD_EVENT_ONESHOT) >= 0);
+        assert_se(sd_event_source_set_prepare(z, prepare_handler) >= 0);
+
+        /* Test for floating event sources */
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGRTMIN+1, -1) >= 0);
+        assert_se(sd_event_add_signal(e, NULL, SIGRTMIN+1, NULL, NULL) >= 0);
+
+        assert_se(write(a[1], &ch, 1) >= 0);
+        assert_se(write(b[1], &ch, 1) >= 0);
+
+        assert_se(!got_a && !got_b && !got_c);
+
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+
+        assert_se(!got_a && got_b && !got_c);
+
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+
+        assert_se(!got_a && got_b && got_c);
+
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+
+        assert_se(got_a && got_b && got_c);
+
+        sd_event_source_unref(x);
+        sd_event_source_unref(y);
+
+        do_quit = true;
+        assert_se(sd_event_add_post(e, NULL, post_handler, NULL) >= 0);
+        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) == 0);
+        assert_se(sd_event_source_set_time(z, event_now + 200 * USEC_PER_MSEC) >= 0);
+        assert_se(sd_event_source_set_enabled(z, SD_EVENT_ONESHOT) >= 0);
+
+        assert_se(sd_event_loop(e) >= 0);
+        assert_se(got_post);
+        assert_se(got_exit);
+
+        sd_event_source_unref(z);
+        sd_event_source_unref(q);
+
+        sd_event_source_unref(w);
+
+        sd_event_unref(e);
+
+        safe_close_pair(a);
+        safe_close_pair(b);
+        safe_close_pair(d);
+        safe_close_pair(k);
+}
+
+static void test_sd_event_now(void) {
+        _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+        uint64_t event_now;
+
+        assert_se(sd_event_new(&e) >= 0);
+        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) > 0);
+        assert_se(sd_event_now(e, CLOCK_REALTIME, &event_now) > 0);
+        assert_se(sd_event_now(e, CLOCK_REALTIME_ALARM, &event_now) > 0);
+        if (clock_boottime_supported()) {
+                assert_se(sd_event_now(e, CLOCK_BOOTTIME, &event_now) > 0);
+                assert_se(sd_event_now(e, CLOCK_BOOTTIME_ALARM, &event_now) > 0);
+        }
+        assert_se(sd_event_now(e, -1, &event_now) == -EOPNOTSUPP);
+        assert_se(sd_event_now(e, 900 /* arbitrary big number */, &event_now) == -EOPNOTSUPP);
+
+        assert_se(sd_event_run(e, 0) == 0);
+
+        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) == 0);
+        assert_se(sd_event_now(e, CLOCK_REALTIME, &event_now) == 0);
+        assert_se(sd_event_now(e, CLOCK_REALTIME_ALARM, &event_now) == 0);
+        if (clock_boottime_supported()) {
+                assert_se(sd_event_now(e, CLOCK_BOOTTIME, &event_now) == 0);
+                assert_se(sd_event_now(e, CLOCK_BOOTTIME_ALARM, &event_now) == 0);
+        }
+        assert_se(sd_event_now(e, -1, &event_now) == -EOPNOTSUPP);
+        assert_se(sd_event_now(e, 900 /* arbitrary big number */, &event_now) == -EOPNOTSUPP);
+}
+
+static int last_rtqueue_sigval = 0;
+static int n_rtqueue = 0;
+
+static int rtqueue_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        last_rtqueue_sigval = si->ssi_int;
+        n_rtqueue++;
+        return 0;
+}
+
+static void test_rtqueue(void) {
+        sd_event_source *u = NULL, *v = NULL, *s = NULL;
+        sd_event *e = NULL;
+
+        assert_se(sd_event_default(&e) >= 0);
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGRTMIN+2, SIGRTMIN+3, SIGUSR2, -1) >= 0);
+        assert_se(sd_event_add_signal(e, &u, SIGRTMIN+2, rtqueue_handler, NULL) >= 0);
+        assert_se(sd_event_add_signal(e, &v, SIGRTMIN+3, rtqueue_handler, NULL) >= 0);
+        assert_se(sd_event_add_signal(e, &s, SIGUSR2, rtqueue_handler, NULL) >= 0);
+
+        assert_se(sd_event_source_set_priority(v, -10) >= 0);
+
+        assert(sigqueue(getpid(), SIGRTMIN+2, (union sigval) { .sival_int = 1 }) >= 0);
+        assert(sigqueue(getpid(), SIGRTMIN+3, (union sigval) { .sival_int = 2 }) >= 0);
+        assert(sigqueue(getpid(), SIGUSR2, (union sigval) { .sival_int = 3 }) >= 0);
+        assert(sigqueue(getpid(), SIGRTMIN+3, (union sigval) { .sival_int = 4 }) >= 0);
+        assert(sigqueue(getpid(), SIGUSR2, (union sigval) { .sival_int = 5 }) >= 0);
+
+        assert_se(n_rtqueue == 0);
+        assert_se(last_rtqueue_sigval == 0);
+
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+        assert_se(n_rtqueue == 1);
+        assert_se(last_rtqueue_sigval == 2); /* first SIGRTMIN+3 */
+
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+        assert_se(n_rtqueue == 2);
+        assert_se(last_rtqueue_sigval == 4); /* second SIGRTMIN+3 */
+
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+        assert_se(n_rtqueue == 3);
+        assert_se(last_rtqueue_sigval == 3); /* first SIGUSR2 */
+
+        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
+        assert_se(n_rtqueue == 4);
+        assert_se(last_rtqueue_sigval == 1); /* SIGRTMIN+2 */
+
+        assert_se(sd_event_run(e, 0) == 0); /* the other SIGUSR2 is dropped, because the first one was still queued */
+        assert_se(n_rtqueue == 4);
+        assert_se(last_rtqueue_sigval == 1);
+
+        sd_event_source_unref(u);
+        sd_event_source_unref(v);
+        sd_event_source_unref(s);
+
+        sd_event_unref(e);
+}
+
+int main(int argc, char *argv[]) {
+
+        log_set_max_level(LOG_DEBUG);
+        log_parse_environment();
+
+        test_basic();
+        test_sd_event_now();
+        test_rtqueue();
+
+        return 0;
+}
diff --git a/src/libsystemd/sd-hwdb/hwdb-internal.h b/src/libsystemd/libsystemd-internal/sd-hwdb/hwdb-internal.h
index 8ffb5e5c74..8ffb5e5c74 100644
--- a/src/libsystemd/sd-hwdb/hwdb-internal.h
+++ b/src/libsystemd/libsystemd-internal/sd-hwdb/hwdb-internal.h
diff --git a/src/libsystemd/libsystemd-internal/sd-hwdb/hwdb-util.h b/src/libsystemd/libsystemd-internal/sd-hwdb/hwdb-util.h
new file mode 100644
index 0000000000..05dc47962b
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-hwdb/hwdb-util.h
@@ -0,0 +1,26 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-hwdb.h>
+
+#include "util.h"
+
+bool hwdb_validate(sd_hwdb *hwdb);
diff --git a/src/libsystemd/libsystemd-internal/sd-hwdb/sd-hwdb.c b/src/libsystemd/libsystemd-internal/sd-hwdb/sd-hwdb.c
new file mode 100644
index 0000000000..7dcfe95b87
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-hwdb/sd-hwdb.c
@@ -0,0 +1,470 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Kay Sievers <kay@vrfy.org>
+  Copyright 2008 Alan Jenkins <alan.christopher.jenkins@googlemail.com>
+  Copyright 2014 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fnmatch.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+
+#include <systemd/sd-hwdb.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "hashmap.h"
+#include "hwdb-internal.h"
+#include "hwdb-util.h"
+#include "refcnt.h"
+#include "string-util.h"
+
+struct sd_hwdb {
+        RefCount n_ref;
+        int refcount;
+
+        FILE *f;
+        struct stat st;
+        union {
+                struct trie_header_f *head;
+                const char *map;
+        };
+
+        char *modalias;
+
+        OrderedHashmap *properties;
+        Iterator properties_iterator;
+        bool properties_modified;
+};
+
+struct linebuf {
+        char bytes[LINE_MAX];
+        size_t size;
+        size_t len;
+};
+
+static void linebuf_init(struct linebuf *buf) {
+        buf->size = 0;
+        buf->len = 0;
+}
+
+static const char *linebuf_get(struct linebuf *buf) {
+        if (buf->len + 1 >= sizeof(buf->bytes))
+                return NULL;
+        buf->bytes[buf->len] = '\0';
+        return buf->bytes;
+}
+
+static bool linebuf_add(struct linebuf *buf, const char *s, size_t len) {
+        if (buf->len + len >= sizeof(buf->bytes))
+                return false;
+        memcpy(buf->bytes + buf->len, s, len);
+        buf->len += len;
+        return true;
+}
+
+static bool linebuf_add_char(struct linebuf *buf, char c) {
+        if (buf->len + 1 >= sizeof(buf->bytes))
+                return false;
+        buf->bytes[buf->len++] = c;
+        return true;
+}
+
+static void linebuf_rem(struct linebuf *buf, size_t count) {
+        assert(buf->len >= count);
+        buf->len -= count;
+}
+
+static void linebuf_rem_char(struct linebuf *buf) {
+        linebuf_rem(buf, 1);
+}
+
+static const struct trie_child_entry_f *trie_node_children(sd_hwdb *hwdb, const struct trie_node_f *node) {
+        return (const struct trie_child_entry_f *)((const char *)node + le64toh(hwdb->head->node_size));
+}
+
+static const struct trie_value_entry_f *trie_node_values(sd_hwdb *hwdb, const struct trie_node_f *node) {
+        const char *base = (const char *)node;
+
+        base += le64toh(hwdb->head->node_size);
+        base += node->children_count * le64toh(hwdb->head->child_entry_size);
+        return (const struct trie_value_entry_f *)base;
+}
+
+static const struct trie_node_f *trie_node_from_off(sd_hwdb *hwdb, le64_t off) {
+        return (const struct trie_node_f *)(hwdb->map + le64toh(off));
+}
+
+static const char *trie_string(sd_hwdb *hwdb, le64_t off) {
+        return hwdb->map + le64toh(off);
+}
+
+static int trie_children_cmp_f(const void *v1, const void *v2) {
+        const struct trie_child_entry_f *n1 = v1;
+        const struct trie_child_entry_f *n2 = v2;
+
+        return n1->c - n2->c;
+}
+
+static const struct trie_node_f *node_lookup_f(sd_hwdb *hwdb, const struct trie_node_f *node, uint8_t c) {
+        struct trie_child_entry_f *child;
+        struct trie_child_entry_f search;
+
+        search.c = c;
+        child = bsearch(&search, trie_node_children(hwdb, node), node->children_count,
+                        le64toh(hwdb->head->child_entry_size), trie_children_cmp_f);
+        if (child)
+                return trie_node_from_off(hwdb, child->child_off);
+        return NULL;
+}
+
+static int hwdb_add_property(sd_hwdb *hwdb, const char *key, const char *value) {
+        int r;
+
+        assert(hwdb);
+        assert(key);
+        assert(value);
+
+        /*
+         * Silently ignore all properties which do not start with a
+         * space; future extensions might use additional prefixes.
+         */
+        if (key[0] != ' ')
+                return 0;
+
+        key++;
+
+        r = ordered_hashmap_ensure_allocated(&hwdb->properties, &string_hash_ops);
+        if (r < 0)
+                return r;
+
+        r = ordered_hashmap_replace(hwdb->properties, key, (char*)value);
+        if (r < 0)
+                return r;
+
+        hwdb->properties_modified = true;
+
+        return 0;
+}
+
+static int trie_fnmatch_f(sd_hwdb *hwdb, const struct trie_node_f *node, size_t p,
+                          struct linebuf *buf, const char *search) {
+        size_t len;
+        size_t i;
+        const char *prefix;
+        int err;
+
+        prefix = trie_string(hwdb, node->prefix_off);
+        len = strlen(prefix + p);
+        linebuf_add(buf, prefix + p, len);
+
+        for (i = 0; i < node->children_count; i++) {
+                const struct trie_child_entry_f *child = &trie_node_children(hwdb, node)[i];
+
+                linebuf_add_char(buf, child->c);
+                err = trie_fnmatch_f(hwdb, trie_node_from_off(hwdb, child->child_off), 0, buf, search);
+                if (err < 0)
+                        return err;
+                linebuf_rem_char(buf);
+        }
+
+        if (le64toh(node->values_count) && fnmatch(linebuf_get(buf), search, 0) == 0)
+                for (i = 0; i < le64toh(node->values_count); i++) {
+                        err = hwdb_add_property(hwdb, trie_string(hwdb, trie_node_values(hwdb, node)[i].key_off),
+                                                trie_string(hwdb, trie_node_values(hwdb, node)[i].value_off));
+                        if (err < 0)
+                                return err;
+                }
+
+        linebuf_rem(buf, len);
+        return 0;
+}
+
+static int trie_search_f(sd_hwdb *hwdb, const char *search) {
+        struct linebuf buf;
+        const struct trie_node_f *node;
+        size_t i = 0;
+        int err;
+
+        linebuf_init(&buf);
+
+        node = trie_node_from_off(hwdb, hwdb->head->nodes_root_off);
+        while (node) {
+                const struct trie_node_f *child;
+                size_t p = 0;
+
+                if (node->prefix_off) {
+                        uint8_t c;
+
+                        for (; (c = trie_string(hwdb, node->prefix_off)[p]); p++) {
+                                if (c == '*' || c == '?' || c == '[')
+                                        return trie_fnmatch_f(hwdb, node, p, &buf, search + i + p);
+                                if (c != search[i + p])
+                                        return 0;
+                        }
+                        i += p;
+                }
+
+                child = node_lookup_f(hwdb, node, '*');
+                if (child) {
+                        linebuf_add_char(&buf, '*');
+                        err = trie_fnmatch_f(hwdb, child, 0, &buf, search + i);
+                        if (err < 0)
+                                return err;
+                        linebuf_rem_char(&buf);
+                }
+
+                child = node_lookup_f(hwdb, node, '?');
+                if (child) {
+                        linebuf_add_char(&buf, '?');
+                        err = trie_fnmatch_f(hwdb, child, 0, &buf, search + i);
+                        if (err < 0)
+                                return err;
+                        linebuf_rem_char(&buf);
+                }
+
+                child = node_lookup_f(hwdb, node, '[');
+                if (child) {
+                        linebuf_add_char(&buf, '[');
+                        err = trie_fnmatch_f(hwdb, child, 0, &buf, search + i);
+                        if (err < 0)
+                                return err;
+                        linebuf_rem_char(&buf);
+                }
+
+                if (search[i] == '\0') {
+                        size_t n;
+
+                        for (n = 0; n < le64toh(node->values_count); n++) {
+                                err = hwdb_add_property(hwdb, trie_string(hwdb, trie_node_values(hwdb, node)[n].key_off),
+                                                        trie_string(hwdb, trie_node_values(hwdb, node)[n].value_off));
+                                if (err < 0)
+                                        return err;
+                        }
+                        return 0;
+                }
+
+                child = node_lookup_f(hwdb, node, search[i]);
+                node = child;
+                i++;
+        }
+        return 0;
+}
+
+static const char hwdb_bin_paths[] =
+        "/etc/systemd/hwdb/hwdb.bin\0"
+        "/etc/udev/hwdb.bin\0"
+        "/usr/lib/systemd/hwdb/hwdb.bin\0"
+#ifdef HAVE_SPLIT_USR
+        "/lib/systemd/hwdb/hwdb.bin\0"
+#endif
+        UDEVLIBEXECDIR "/hwdb.bin\0";
+
+_public_ int sd_hwdb_new(sd_hwdb **ret) {
+        _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
+        const char *hwdb_bin_path;
+        const char sig[] = HWDB_SIG;
+
+        assert_return(ret, -EINVAL);
+
+        hwdb = new0(sd_hwdb, 1);
+        if (!hwdb)
+                return -ENOMEM;
+
+        hwdb->n_ref = REFCNT_INIT;
+
+        /* find hwdb.bin in hwdb_bin_paths */
+        NULSTR_FOREACH(hwdb_bin_path, hwdb_bin_paths) {
+                hwdb->f = fopen(hwdb_bin_path, "re");
+                if (hwdb->f)
+                        break;
+                else if (errno == ENOENT)
+                        continue;
+                else
+                        return log_debug_errno(errno, "error reading %s: %m", hwdb_bin_path);
+        }
+
+        if (!hwdb->f) {
+                log_debug("hwdb.bin does not exist, please run udevadm hwdb --update");
+                return -ENOENT;
+        }
+
+        if (fstat(fileno(hwdb->f), &hwdb->st) < 0 ||
+            (size_t)hwdb->st.st_size < offsetof(struct trie_header_f, strings_len) + 8)
+                return log_debug_errno(errno, "error reading %s: %m", hwdb_bin_path);
+
+        hwdb->map = mmap(0, hwdb->st.st_size, PROT_READ, MAP_SHARED, fileno(hwdb->f), 0);
+        if (hwdb->map == MAP_FAILED)
+                return log_debug_errno(errno, "error mapping %s: %m", hwdb_bin_path);
+
+        if (memcmp(hwdb->map, sig, sizeof(hwdb->head->signature)) != 0 ||
+            (size_t)hwdb->st.st_size != le64toh(hwdb->head->file_size)) {
+                log_debug("error recognizing the format of %s", hwdb_bin_path);
+                return -EINVAL;
+        }
+
+        log_debug("=== trie on-disk ===");
+        log_debug("tool version:          %"PRIu64, le64toh(hwdb->head->tool_version));
+        log_debug("file size:        %8"PRIi64" bytes", hwdb->st.st_size);
+        log_debug("header size       %8"PRIu64" bytes", le64toh(hwdb->head->header_size));
+        log_debug("strings           %8"PRIu64" bytes", le64toh(hwdb->head->strings_len));
+        log_debug("nodes             %8"PRIu64" bytes", le64toh(hwdb->head->nodes_len));
+
+        *ret = hwdb;
+        hwdb = NULL;
+
+        return 0;
+}
+
+_public_ sd_hwdb *sd_hwdb_ref(sd_hwdb *hwdb) {
+        assert_return(hwdb, NULL);
+
+        assert_se(REFCNT_INC(hwdb->n_ref) >= 2);
+
+        return hwdb;
+}
+
+_public_ sd_hwdb *sd_hwdb_unref(sd_hwdb *hwdb) {
+        if (hwdb && REFCNT_DEC(hwdb->n_ref) == 0) {
+                if (hwdb->map)
+                        munmap((void *)hwdb->map, hwdb->st.st_size);
+                safe_fclose(hwdb->f);
+                free(hwdb->modalias);
+                ordered_hashmap_free(hwdb->properties);
+                free(hwdb);
+        }
+
+        return NULL;
+}
+
+bool hwdb_validate(sd_hwdb *hwdb) {
+        bool found = false;
+        const char* p;
+        struct stat st;
+
+        if (!hwdb)
+                return false;
+        if (!hwdb->f)
+                return false;
+
+        /* if hwdb.bin doesn't exist anywhere, we need to update */
+        NULSTR_FOREACH(p, hwdb_bin_paths) {
+                if (stat(p, &st) >= 0) {
+                        found = true;
+                        break;
+                }
+        }
+        if (!found)
+                return true;
+
+        if (timespec_load(&hwdb->st.st_mtim) != timespec_load(&st.st_mtim))
+                return true;
+        return false;
+}
+
+static int properties_prepare(sd_hwdb *hwdb, const char *modalias) {
+        _cleanup_free_ char *mod = NULL;
+        int r;
+
+        assert(hwdb);
+        assert(modalias);
+
+        if (streq_ptr(modalias, hwdb->modalias))
+                return 0;
+
+        mod = strdup(modalias);
+        if (!mod)
+                return -ENOMEM;
+
+        ordered_hashmap_clear(hwdb->properties);
+
+        hwdb->properties_modified = true;
+
+        r = trie_search_f(hwdb, modalias);
+        if (r < 0)
+                return r;
+
+        free(hwdb->modalias);
+        hwdb->modalias = mod;
+        mod = NULL;
+
+        return 0;
+}
+
+_public_ int sd_hwdb_get(sd_hwdb *hwdb, const char *modalias, const char *key, const char **_value) {
+        const char *value;
+        int r;
+
+        assert_return(hwdb, -EINVAL);
+        assert_return(hwdb->f, -EINVAL);
+        assert_return(modalias, -EINVAL);
+        assert_return(_value, -EINVAL);
+
+        r = properties_prepare(hwdb, modalias);
+        if (r < 0)
+                return r;
+
+        value = ordered_hashmap_get(hwdb->properties, key);
+        if (!value)
+                return -ENOENT;
+
+        *_value = value;
+
+        return 0;
+}
+
+_public_ int sd_hwdb_seek(sd_hwdb *hwdb, const char *modalias) {
+        int r;
+
+        assert_return(hwdb, -EINVAL);
+        assert_return(hwdb->f, -EINVAL);
+        assert_return(modalias, -EINVAL);
+
+        r = properties_prepare(hwdb, modalias);
+        if (r < 0)
+                return r;
+
+        hwdb->properties_modified = false;
+        hwdb->properties_iterator = ITERATOR_FIRST;
+
+        return 0;
+}
+
+_public_ int sd_hwdb_enumerate(sd_hwdb *hwdb, const char **key, const char **value) {
+        const void *k;
+        void *v;
+
+        assert_return(hwdb, -EINVAL);
+        assert_return(key, -EINVAL);
+        assert_return(value, -EINVAL);
+
+        if (hwdb->properties_modified)
+                return -EAGAIN;
+
+        ordered_hashmap_iterate(hwdb->properties, &hwdb->properties_iterator, &v, &k);
+        if (!k)
+                return 0;
+
+        *key = k;
+        *value = v;
+
+        return 1;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-id128/sd-id128.c b/src/libsystemd/libsystemd-internal/sd-id128/sd-id128.c
new file mode 100644
index 0000000000..cda3e9f0df
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-id128/sd-id128.c
@@ -0,0 +1,225 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+
+#include "fd-util.h"
+#include "hexdecoct.h"
+#include "io-util.h"
+#include "macro.h"
+#include "random-util.h"
+#include "util.h"
+
+_public_ char *sd_id128_to_string(sd_id128_t id, char s[SD_ID128_STRING_MAX]) {
+        unsigned n;
+
+        assert_return(s, NULL);
+
+        for (n = 0; n < 16; n++) {
+                s[n*2] = hexchar(id.bytes[n] >> 4);
+                s[n*2+1] = hexchar(id.bytes[n] & 0xF);
+        }
+
+        s[32] = 0;
+
+        return s;
+}
+
+_public_ int sd_id128_from_string(const char s[], sd_id128_t *ret) {
+        unsigned n, i;
+        sd_id128_t t;
+        bool is_guid = false;
+
+        assert_return(s, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        for (n = 0, i = 0; n < 16;) {
+                int a, b;
+
+                if (s[i] == '-') {
+                        /* Is this a GUID? Then be nice, and skip over
+                         * the dashes */
+
+                        if (i == 8)
+                                is_guid = true;
+                        else if (i == 13 || i == 18 || i == 23) {
+                                if (!is_guid)
+                                        return -EINVAL;
+                        } else
+                                return -EINVAL;
+
+                        i++;
+                        continue;
+                }
+
+                a = unhexchar(s[i++]);
+                if (a < 0)
+                        return -EINVAL;
+
+                b = unhexchar(s[i++]);
+                if (b < 0)
+                        return -EINVAL;
+
+                t.bytes[n++] = (a << 4) | b;
+        }
+
+        if (i != (is_guid ? 36 : 32))
+                return -EINVAL;
+
+        if (s[i] != 0)
+                return -EINVAL;
+
+        *ret = t;
+        return 0;
+}
+
+static sd_id128_t make_v4_uuid(sd_id128_t id) {
+        /* Stolen from generate_random_uuid() of drivers/char/random.c
+         * in the kernel sources */
+
+        /* Set UUID version to 4 --- truly random generation */
+        id.bytes[6] = (id.bytes[6] & 0x0F) | 0x40;
+
+        /* Set the UUID variant to DCE */
+        id.bytes[8] = (id.bytes[8] & 0x3F) | 0x80;
+
+        return id;
+}
+
+_public_ int sd_id128_get_machine(sd_id128_t *ret) {
+        static thread_local sd_id128_t saved_machine_id;
+        static thread_local bool saved_machine_id_valid = false;
+        _cleanup_close_ int fd = -1;
+        char buf[33];
+        unsigned j;
+        sd_id128_t t;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        if (saved_machine_id_valid) {
+                *ret = saved_machine_id;
+                return 0;
+        }
+
+        fd = open("/etc/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
+        if (fd < 0)
+                return -errno;
+
+        r = loop_read_exact(fd, buf, 33, false);
+        if (r < 0)
+                return r;
+        if (buf[32] !='\n')
+                return -EIO;
+
+        for (j = 0; j < 16; j++) {
+                int a, b;
+
+                a = unhexchar(buf[j*2]);
+                b = unhexchar(buf[j*2+1]);
+
+                if (a < 0 || b < 0)
+                        return -EIO;
+
+                t.bytes[j] = a << 4 | b;
+        }
+
+        saved_machine_id = t;
+        saved_machine_id_valid = true;
+
+        *ret = t;
+        return 0;
+}
+
+_public_ int sd_id128_get_boot(sd_id128_t *ret) {
+        static thread_local sd_id128_t saved_boot_id;
+        static thread_local bool saved_boot_id_valid = false;
+        _cleanup_close_ int fd = -1;
+        char buf[36];
+        unsigned j;
+        sd_id128_t t;
+        char *p;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        if (saved_boot_id_valid) {
+                *ret = saved_boot_id;
+                return 0;
+        }
+
+        fd = open("/proc/sys/kernel/random/boot_id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
+        if (fd < 0)
+                return -errno;
+
+        r = loop_read_exact(fd, buf, 36, false);
+        if (r < 0)
+                return r;
+
+        for (j = 0, p = buf; j < 16; j++) {
+                int a, b;
+
+                if (p >= buf + 35)
+                        return -EIO;
+
+                if (*p == '-') {
+                        p++;
+                        if (p >= buf + 35)
+                                return -EIO;
+                }
+
+                a = unhexchar(p[0]);
+                b = unhexchar(p[1]);
+
+                if (a < 0 || b < 0)
+                        return -EIO;
+
+                t.bytes[j] = a << 4 | b;
+
+                p += 2;
+        }
+
+        saved_boot_id = t;
+        saved_boot_id_valid = true;
+
+        *ret = t;
+        return 0;
+}
+
+_public_ int sd_id128_randomize(sd_id128_t *ret) {
+        sd_id128_t t;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        r = dev_urandom(&t, sizeof(t));
+        if (r < 0)
+                return r;
+
+        /* Turn this into a valid v4 UUID, to be nice. Note that we
+         * only guarantee this for newly generated UUIDs, not for
+         * pre-existing ones. */
+
+        *ret = make_v4_uuid(t);
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-login/sd-login.c b/src/libsystemd/libsystemd-internal/sd-login/sd-login.c
new file mode 100644
index 0000000000..84831d5e95
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-login/sd-login.c
@@ -0,0 +1,1062 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <poll.h>
+#include <string.h>
+#include <sys/inotify.h>
+#include <unistd.h>
+
+#include <systemd/sd-login.h>
+
+#include "alloc-util.h"
+#include "cgroup-util.h"
+#include "dirent-util.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "hostname-util.h"
+#include "io-util.h"
+#include "login-util.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "socket-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "user-util.h"
+#include "util.h"
+
+/* Error codes:
+ *
+ *    invalid input parameters                → -EINVAL
+ *    invalid fd                              → -EBADF
+ *    process does not exist                  → -ESRCH
+ *    cgroup does not exist                   → -ENOENT
+ *    machine, session does not exist         → -ENXIO
+ *    requested metadata on object is missing → -ENODATA
+ */
+
+_public_ int sd_pid_get_session(pid_t pid, char **session) {
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(session, -EINVAL);
+
+        return cg_pid_get_session(pid, session);
+}
+
+_public_ int sd_pid_get_unit(pid_t pid, char **unit) {
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(unit, -EINVAL);
+
+        return cg_pid_get_unit(pid, unit);
+}
+
+_public_ int sd_pid_get_user_unit(pid_t pid, char **unit) {
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(unit, -EINVAL);
+
+        return cg_pid_get_user_unit(pid, unit);
+}
+
+_public_ int sd_pid_get_machine_name(pid_t pid, char **name) {
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(name, -EINVAL);
+
+        return cg_pid_get_machine_name(pid, name);
+}
+
+_public_ int sd_pid_get_slice(pid_t pid, char **slice) {
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(slice, -EINVAL);
+
+        return cg_pid_get_slice(pid, slice);
+}
+
+_public_ int sd_pid_get_user_slice(pid_t pid, char **slice) {
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(slice, -EINVAL);
+
+        return cg_pid_get_user_slice(pid, slice);
+}
+
+_public_ int sd_pid_get_owner_uid(pid_t pid, uid_t *uid) {
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(uid, -EINVAL);
+
+        return cg_pid_get_owner_uid(pid, uid);
+}
+
+_public_ int sd_pid_get_cgroup(pid_t pid, char **cgroup) {
+        char *c;
+        int r;
+
+        assert_return(pid >= 0, -EINVAL);
+        assert_return(cgroup, -EINVAL);
+
+        r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &c);
+        if (r < 0)
+                return r;
+
+        /* The internal APIs return the empty string for the root
+         * cgroup, let's return the "/" in the public APIs instead, as
+         * that's easier and less ambigious for people to grok. */
+        if (isempty(c)) {
+                free(c);
+                c = strdup("/");
+                if (!c)
+                        return -ENOMEM;
+
+        }
+
+        *cgroup = c;
+        return 0;
+}
+
+_public_ int sd_peer_get_session(int fd, char **session) {
+        struct ucred ucred = {};
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(session, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_session(ucred.pid, session);
+}
+
+_public_ int sd_peer_get_owner_uid(int fd, uid_t *uid) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(uid, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_owner_uid(ucred.pid, uid);
+}
+
+_public_ int sd_peer_get_unit(int fd, char **unit) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(unit, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_unit(ucred.pid, unit);
+}
+
+_public_ int sd_peer_get_user_unit(int fd, char **unit) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(unit, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_user_unit(ucred.pid, unit);
+}
+
+_public_ int sd_peer_get_machine_name(int fd, char **machine) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(machine, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_machine_name(ucred.pid, machine);
+}
+
+_public_ int sd_peer_get_slice(int fd, char **slice) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(slice, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_slice(ucred.pid, slice);
+}
+
+_public_ int sd_peer_get_user_slice(int fd, char **slice) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(slice, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_user_slice(ucred.pid, slice);
+}
+
+_public_ int sd_peer_get_cgroup(int fd, char **cgroup) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EBADF);
+        assert_return(cgroup, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return sd_pid_get_cgroup(ucred.pid, cgroup);
+}
+
+static int file_of_uid(uid_t uid, char **p) {
+
+        assert_return(uid_is_valid(uid), -EINVAL);
+        assert(p);
+
+        if (asprintf(p, "/run/systemd/users/" UID_FMT, uid) < 0)
+                return -ENOMEM;
+
+        return 0;
+}
+
+_public_ int sd_uid_get_state(uid_t uid, char**state) {
+        _cleanup_free_ char *p = NULL;
+        char *s = NULL;
+        int r;
+
+        assert_return(state, -EINVAL);
+
+        r = file_of_uid(uid, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, "STATE", &s, NULL);
+        if (r == -ENOENT) {
+                free(s);
+                s = strdup("offline");
+                if (!s)
+                        return -ENOMEM;
+
+        }
+        if (r < 0) {
+                free(s);
+                return r;
+        }
+        if (isempty(s)) {
+                free(s);
+                return -EIO;
+        }
+
+        *state = s;
+        return 0;
+}
+
+_public_ int sd_uid_get_display(uid_t uid, char **session) {
+        _cleanup_free_ char *p = NULL, *s = NULL;
+        int r;
+
+        assert_return(session, -EINVAL);
+
+        r = file_of_uid(uid, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, "DISPLAY", &s, NULL);
+        if (r == -ENOENT)
+                return -ENODATA;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -ENODATA;
+
+        *session = s;
+        s = NULL;
+
+        return 0;
+}
+
+static int file_of_seat(const char *seat, char **_p) {
+        char *p;
+        int r;
+
+        assert(_p);
+
+        if (seat) {
+                if (!filename_is_valid(seat))
+                        return -EINVAL;
+
+                p = strappend("/run/systemd/seats/", seat);
+        } else {
+                _cleanup_free_ char *buf = NULL;
+
+                r = sd_session_get_seat(NULL, &buf);
+                if (r < 0)
+                        return r;
+
+                p = strappend("/run/systemd/seats/", buf);
+        }
+
+        if (!p)
+                return -ENOMEM;
+
+        *_p = p;
+        p = NULL;
+        return 0;
+}
+
+_public_ int sd_uid_is_on_seat(uid_t uid, int require_active, const char *seat) {
+        _cleanup_free_ char *t = NULL, *s = NULL, *p = NULL;
+        size_t l;
+        int r;
+        const char *word, *variable, *state;
+
+        assert_return(uid_is_valid(uid), -EINVAL);
+
+        r = file_of_seat(seat, &p);
+        if (r < 0)
+                return r;
+
+        variable = require_active ? "ACTIVE_UID" : "UIDS";
+
+        r = parse_env_file(p, NEWLINE, variable, &s, NULL);
+        if (r == -ENOENT)
+                return 0;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return 0;
+
+        if (asprintf(&t, UID_FMT, uid) < 0)
+                return -ENOMEM;
+
+        FOREACH_WORD(word, l, s, state)
+                if (strneq(t, word, l))
+                        return 1;
+
+        return 0;
+}
+
+static int uid_get_array(uid_t uid, const char *variable, char ***array) {
+        _cleanup_free_ char *p = NULL, *s = NULL;
+        char **a;
+        int r;
+
+        assert(variable);
+
+        r = file_of_uid(uid, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, variable, &s, NULL);
+        if (r == -ENOENT || (r >= 0 && isempty(s))) {
+                if (array)
+                        *array = NULL;
+                return 0;
+        }
+        if (r < 0)
+                return r;
+
+        a = strv_split(s, " ");
+        if (!a)
+                return -ENOMEM;
+
+        strv_uniq(a);
+        r = strv_length(a);
+
+        if (array)
+                *array = a;
+        else
+                strv_free(a);
+
+        return r;
+}
+
+_public_ int sd_uid_get_sessions(uid_t uid, int require_active, char ***sessions) {
+        return uid_get_array(
+                        uid,
+                        require_active == 0 ? "ONLINE_SESSIONS" :
+                        require_active > 0  ? "ACTIVE_SESSIONS" :
+                                              "SESSIONS",
+                        sessions);
+}
+
+_public_ int sd_uid_get_seats(uid_t uid, int require_active, char ***seats) {
+        return uid_get_array(
+                        uid,
+                        require_active == 0 ? "ONLINE_SEATS" :
+                        require_active > 0  ? "ACTIVE_SEATS" :
+                                              "SEATS",
+                        seats);
+}
+
+static int file_of_session(const char *session, char **_p) {
+        char *p;
+        int r;
+
+        assert(_p);
+
+        if (session) {
+                if (!session_id_valid(session))
+                        return -EINVAL;
+
+                p = strappend("/run/systemd/sessions/", session);
+        } else {
+                _cleanup_free_ char *buf = NULL;
+
+                r = sd_pid_get_session(0, &buf);
+                if (r < 0)
+                        return r;
+
+                p = strappend("/run/systemd/sessions/", buf);
+        }
+
+        if (!p)
+                return -ENOMEM;
+
+        *_p = p;
+        return 0;
+}
+
+_public_ int sd_session_is_active(const char *session) {
+        _cleanup_free_ char *p = NULL, *s = NULL;
+        int r;
+
+        r = file_of_session(session, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, "ACTIVE", &s, NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -EIO;
+
+        return parse_boolean(s);
+}
+
+_public_ int sd_session_is_remote(const char *session) {
+        _cleanup_free_ char *p = NULL, *s = NULL;
+        int r;
+
+        r = file_of_session(session, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, "REMOTE", &s, NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -ENODATA;
+
+        return parse_boolean(s);
+}
+
+_public_ int sd_session_get_state(const char *session, char **state) {
+        _cleanup_free_ char *p = NULL, *s = NULL;
+        int r;
+
+        assert_return(state, -EINVAL);
+
+        r = file_of_session(session, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, "STATE", &s, NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -EIO;
+
+        *state = s;
+        s = NULL;
+
+        return 0;
+}
+
+_public_ int sd_session_get_uid(const char *session, uid_t *uid) {
+        int r;
+        _cleanup_free_ char *p = NULL, *s = NULL;
+
+        assert_return(uid, -EINVAL);
+
+        r = file_of_session(session, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, "UID", &s, NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -EIO;
+
+        return parse_uid(s, uid);
+}
+
+static int session_get_string(const char *session, const char *field, char **value) {
+        _cleanup_free_ char *p = NULL, *s = NULL;
+        int r;
+
+        assert_return(value, -EINVAL);
+        assert(field);
+
+        r = file_of_session(session, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, field, &s, NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -ENODATA;
+
+        *value = s;
+        s = NULL;
+        return 0;
+}
+
+_public_ int sd_session_get_seat(const char *session, char **seat) {
+        return session_get_string(session, "SEAT", seat);
+}
+
+_public_ int sd_session_get_tty(const char *session, char **tty) {
+        return session_get_string(session, "TTY", tty);
+}
+
+_public_ int sd_session_get_vt(const char *session, unsigned *vtnr) {
+        _cleanup_free_ char *vtnr_string = NULL;
+        unsigned u;
+        int r;
+
+        assert_return(vtnr, -EINVAL);
+
+        r = session_get_string(session, "VTNR", &vtnr_string);
+        if (r < 0)
+                return r;
+
+        r = safe_atou(vtnr_string, &u);
+        if (r < 0)
+                return r;
+
+        *vtnr = u;
+        return 0;
+}
+
+_public_ int sd_session_get_service(const char *session, char **service) {
+        return session_get_string(session, "SERVICE", service);
+}
+
+_public_ int sd_session_get_type(const char *session, char **type) {
+        return session_get_string(session, "TYPE", type);
+}
+
+_public_ int sd_session_get_class(const char *session, char **class) {
+        return session_get_string(session, "CLASS", class);
+}
+
+_public_ int sd_session_get_desktop(const char *session, char **desktop) {
+        _cleanup_free_ char *escaped = NULL;
+        char *t;
+        int r;
+
+        assert_return(desktop, -EINVAL);
+
+        r = session_get_string(session, "DESKTOP", &escaped);
+        if (r < 0)
+                return r;
+
+        r = cunescape(escaped, 0, &t);
+        if (r < 0)
+                return r;
+
+        *desktop = t;
+        return 0;
+}
+
+_public_ int sd_session_get_display(const char *session, char **display) {
+        return session_get_string(session, "DISPLAY", display);
+}
+
+_public_ int sd_session_get_remote_user(const char *session, char **remote_user) {
+        return session_get_string(session, "REMOTE_USER", remote_user);
+}
+
+_public_ int sd_session_get_remote_host(const char *session, char **remote_host) {
+        return session_get_string(session, "REMOTE_HOST", remote_host);
+}
+
+_public_ int sd_seat_get_active(const char *seat, char **session, uid_t *uid) {
+        _cleanup_free_ char *p = NULL, *s = NULL, *t = NULL;
+        int r;
+
+        assert_return(session || uid, -EINVAL);
+
+        r = file_of_seat(seat, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE,
+                           "ACTIVE", &s,
+                           "ACTIVE_UID", &t,
+                           NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+
+        if (session && !s)
+                return -ENODATA;
+
+        if (uid && !t)
+                return -ENODATA;
+
+        if (uid && t) {
+                r = parse_uid(t, uid);
+                if (r < 0)
+                        return r;
+        }
+
+        if (session && s) {
+                *session = s;
+                s = NULL;
+        }
+
+        return 0;
+}
+
+_public_ int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uids, unsigned *n_uids) {
+        _cleanup_free_ char *p = NULL, *s = NULL, *t = NULL;
+        _cleanup_strv_free_ char **a = NULL;
+        _cleanup_free_ uid_t *b = NULL;
+        unsigned n = 0;
+        int r;
+
+        r = file_of_seat(seat, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE,
+                           "SESSIONS", &s,
+                           "ACTIVE_SESSIONS", &t,
+                           NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+
+        if (s) {
+                a = strv_split(s, " ");
+                if (!a)
+                        return -ENOMEM;
+        }
+
+        if (uids && t) {
+                const char *word, *state;
+                size_t l;
+
+                FOREACH_WORD(word, l, t, state)
+                        n++;
+
+                if (n > 0) {
+                        unsigned i = 0;
+
+                        b = new(uid_t, n);
+                        if (!b)
+                                return -ENOMEM;
+
+                        FOREACH_WORD(word, l, t, state) {
+                                _cleanup_free_ char *k = NULL;
+
+                                k = strndup(word, l);
+                                if (!k)
+                                        return -ENOMEM;
+
+                                r = parse_uid(k, b + i);
+                                if (r < 0)
+                                        continue;
+
+                                i++;
+                        }
+                }
+        }
+
+        r = strv_length(a);
+
+        if (sessions) {
+                *sessions = a;
+                a = NULL;
+        }
+
+        if (uids) {
+                *uids = b;
+                b = NULL;
+        }
+
+        if (n_uids)
+                *n_uids = n;
+
+        return r;
+}
+
+static int seat_get_can(const char *seat, const char *variable) {
+        _cleanup_free_ char *p = NULL, *s = NULL;
+        int r;
+
+        assert(variable);
+
+        r = file_of_seat(seat, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE,
+                           variable, &s,
+                           NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -ENODATA;
+
+        return parse_boolean(s);
+}
+
+_public_ int sd_seat_can_multi_session(const char *seat) {
+        return seat_get_can(seat, "CAN_MULTI_SESSION");
+}
+
+_public_ int sd_seat_can_tty(const char *seat) {
+        return seat_get_can(seat, "CAN_TTY");
+}
+
+_public_ int sd_seat_can_graphical(const char *seat) {
+        return seat_get_can(seat, "CAN_GRAPHICAL");
+}
+
+_public_ int sd_get_seats(char ***seats) {
+        return get_files_in_directory("/run/systemd/seats/", seats);
+}
+
+_public_ int sd_get_sessions(char ***sessions) {
+        return get_files_in_directory("/run/systemd/sessions/", sessions);
+}
+
+_public_ int sd_get_uids(uid_t **users) {
+        _cleanup_closedir_ DIR *d;
+        int r = 0;
+        unsigned n = 0;
+        _cleanup_free_ uid_t *l = NULL;
+
+        d = opendir("/run/systemd/users/");
+        if (!d)
+                return -errno;
+
+        for (;;) {
+                struct dirent *de;
+                int k;
+                uid_t uid;
+
+                errno = 0;
+                de = readdir(d);
+                if (!de && errno > 0)
+                        return -errno;
+
+                if (!de)
+                        break;
+
+                dirent_ensure_type(d, de);
+
+                if (!dirent_is_file(de))
+                        continue;
+
+                k = parse_uid(de->d_name, &uid);
+                if (k < 0)
+                        continue;
+
+                if (users) {
+                        if ((unsigned) r >= n) {
+                                uid_t *t;
+
+                                n = MAX(16, 2*r);
+                                t = realloc(l, sizeof(uid_t) * n);
+                                if (!t)
+                                        return -ENOMEM;
+
+                                l = t;
+                        }
+
+                        assert((unsigned) r < n);
+                        l[r++] = uid;
+                } else
+                        r++;
+        }
+
+        if (users) {
+                *users = l;
+                l = NULL;
+        }
+
+        return r;
+}
+
+_public_ int sd_get_machine_names(char ***machines) {
+        char **l = NULL, **a, **b;
+        int r;
+
+        assert_return(machines, -EINVAL);
+
+        r = get_files_in_directory("/run/systemd/machines/", &l);
+        if (r < 0)
+                return r;
+
+        if (l) {
+                r = 0;
+
+                /* Filter out the unit: symlinks */
+                for (a = l, b = l; *a; a++) {
+                        if (startswith(*a, "unit:") || !machine_name_is_valid(*a))
+                                free(*a);
+                        else {
+                                *b = *a;
+                                b++;
+                                r++;
+                        }
+                }
+
+                *b = NULL;
+        }
+
+        *machines = l;
+        return r;
+}
+
+_public_ int sd_machine_get_class(const char *machine, char **class) {
+        _cleanup_free_ char *c = NULL;
+        const char *p;
+        int r;
+
+        assert_return(machine_name_is_valid(machine), -EINVAL);
+        assert_return(class, -EINVAL);
+
+        p = strjoina("/run/systemd/machines/", machine);
+        r = parse_env_file(p, NEWLINE, "CLASS", &c, NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (!c)
+                return -EIO;
+
+        *class = c;
+        c = NULL;
+
+        return 0;
+}
+
+_public_ int sd_machine_get_ifindices(const char *machine, int **ifindices) {
+        _cleanup_free_ char *netif = NULL;
+        size_t l, allocated = 0, nr = 0;
+        int *ni = NULL;
+        const char *p, *word, *state;
+        int r;
+
+        assert_return(machine_name_is_valid(machine), -EINVAL);
+        assert_return(ifindices, -EINVAL);
+
+        p = strjoina("/run/systemd/machines/", machine);
+        r = parse_env_file(p, NEWLINE, "NETIF", &netif, NULL);
+        if (r == -ENOENT)
+                return -ENXIO;
+        if (r < 0)
+                return r;
+        if (!netif) {
+                *ifindices = NULL;
+                return 0;
+        }
+
+        FOREACH_WORD(word, l, netif, state) {
+                char buf[l+1];
+                int ifi;
+
+                *(char*) (mempcpy(buf, word, l)) = 0;
+
+                if (parse_ifindex(buf, &ifi) < 0)
+                        continue;
+
+                if (!GREEDY_REALLOC(ni, allocated, nr+1)) {
+                        free(ni);
+                        return -ENOMEM;
+                }
+
+                ni[nr++] = ifi;
+        }
+
+        *ifindices = ni;
+        return nr;
+}
+
+static inline int MONITOR_TO_FD(sd_login_monitor *m) {
+        return (int) (unsigned long) m - 1;
+}
+
+static inline sd_login_monitor* FD_TO_MONITOR(int fd) {
+        return (sd_login_monitor*) (unsigned long) (fd + 1);
+}
+
+_public_ int sd_login_monitor_new(const char *category, sd_login_monitor **m) {
+        int fd, k;
+        bool good = false;
+
+        assert_return(m, -EINVAL);
+
+        fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        if (!category || streq(category, "seat")) {
+                k = inotify_add_watch(fd, "/run/systemd/seats/", IN_MOVED_TO|IN_DELETE);
+                if (k < 0) {
+                        safe_close(fd);
+                        return -errno;
+                }
+
+                good = true;
+        }
+
+        if (!category || streq(category, "session")) {
+                k = inotify_add_watch(fd, "/run/systemd/sessions/", IN_MOVED_TO|IN_DELETE);
+                if (k < 0) {
+                        safe_close(fd);
+                        return -errno;
+                }
+
+                good = true;
+        }
+
+        if (!category || streq(category, "uid")) {
+                k = inotify_add_watch(fd, "/run/systemd/users/", IN_MOVED_TO|IN_DELETE);
+                if (k < 0) {
+                        safe_close(fd);
+                        return -errno;
+                }
+
+                good = true;
+        }
+
+        if (!category || streq(category, "machine")) {
+                k = inotify_add_watch(fd, "/run/systemd/machines/", IN_MOVED_TO|IN_DELETE);
+                if (k < 0) {
+                        safe_close(fd);
+                        return -errno;
+                }
+
+                good = true;
+        }
+
+        if (!good) {
+                close_nointr(fd);
+                return -EINVAL;
+        }
+
+        *m = FD_TO_MONITOR(fd);
+        return 0;
+}
+
+_public_ sd_login_monitor* sd_login_monitor_unref(sd_login_monitor *m) {
+        int fd;
+
+        if (!m)
+                return NULL;
+
+        fd = MONITOR_TO_FD(m);
+        close_nointr(fd);
+
+        return NULL;
+}
+
+_public_ int sd_login_monitor_flush(sd_login_monitor *m) {
+
+        assert_return(m, -EINVAL);
+
+        return flush_fd(MONITOR_TO_FD(m));
+}
+
+_public_ int sd_login_monitor_get_fd(sd_login_monitor *m) {
+
+        assert_return(m, -EINVAL);
+
+        return MONITOR_TO_FD(m);
+}
+
+_public_ int sd_login_monitor_get_events(sd_login_monitor *m) {
+
+        assert_return(m, -EINVAL);
+
+        /* For now we will only return POLLIN here, since we don't
+         * need anything else ever for inotify.  However, let's have
+         * this API to keep our options open should we later on need
+         * it. */
+        return POLLIN;
+}
+
+_public_ int sd_login_monitor_get_timeout(sd_login_monitor *m, uint64_t *timeout_usec) {
+
+        assert_return(m, -EINVAL);
+        assert_return(timeout_usec, -EINVAL);
+
+        /* For now we will only return (uint64_t) -1, since we don't
+         * need any timeout. However, let's have this API to keep our
+         * options open should we later on need it. */
+        *timeout_usec = (uint64_t) -1;
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-login/test-login.c b/src/libsystemd/libsystemd-internal/sd-login/test-login.c
new file mode 100644
index 0000000000..994c76df4a
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-login/test-login.c
@@ -0,0 +1,264 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <poll.h>
+#include <string.h>
+
+#include <systemd/sd-login.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+static void test_login(void) {
+        _cleanup_close_pair_ int pair[2] = { -1, -1 };
+        _cleanup_free_ char *pp = NULL, *qq = NULL;
+        int r, k;
+        uid_t u, u2;
+        char *seat, *type, *class, *display, *remote_user, *remote_host, *display_session, *cgroup;
+        char *session;
+        char *state;
+        char *session2;
+        char *t;
+        char **seats, **sessions, **machines;
+        uid_t *uids;
+        unsigned n;
+        struct pollfd pollfd;
+        sd_login_monitor *m = NULL;
+
+        assert_se(sd_pid_get_session(0, &session) == 0);
+        printf("session = %s\n", session);
+
+        assert_se(sd_pid_get_owner_uid(0, &u2) == 0);
+        printf("user = "UID_FMT"\n", u2);
+
+        assert_se(sd_pid_get_cgroup(0, &cgroup) == 0);
+        printf("cgroup = %s\n", cgroup);
+        free(cgroup);
+
+        display_session = NULL;
+        r = sd_uid_get_display(u2, &display_session);
+        assert_se(r >= 0 || r == -ENODATA);
+        printf("user's display session = %s\n", strna(display_session));
+        free(display_session);
+
+        assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0);
+        sd_peer_get_session(pair[0], &pp);
+        sd_peer_get_session(pair[1], &qq);
+        assert_se(streq_ptr(pp, qq));
+
+        r = sd_uid_get_sessions(u2, false, &sessions);
+        assert_se(r >= 0);
+        assert_se(r == (int) strv_length(sessions));
+        assert_se(t = strv_join(sessions, ", "));
+        strv_free(sessions);
+        printf("sessions = %s\n", t);
+        free(t);
+
+        assert_se(r == sd_uid_get_sessions(u2, false, NULL));
+
+        r = sd_uid_get_seats(u2, false, &seats);
+        assert_se(r >= 0);
+        assert_se(r == (int) strv_length(seats));
+        assert_se(t = strv_join(seats, ", "));
+        strv_free(seats);
+        printf("seats = %s\n", t);
+        free(t);
+
+        assert_se(r == sd_uid_get_seats(u2, false, NULL));
+
+        r = sd_session_is_active(session);
+        assert_se(r >= 0);
+        printf("active = %s\n", yes_no(r));
+
+        r = sd_session_is_remote(session);
+        assert_se(r >= 0);
+        printf("remote = %s\n", yes_no(r));
+
+        r = sd_session_get_state(session, &state);
+        assert_se(r >= 0);
+        printf("state = %s\n", state);
+        free(state);
+
+        assert_se(sd_session_get_uid(session, &u) >= 0);
+        printf("uid = "UID_FMT"\n", u);
+        assert_se(u == u2);
+
+        assert_se(sd_session_get_type(session, &type) >= 0);
+        printf("type = %s\n", type);
+        free(type);
+
+        assert_se(sd_session_get_class(session, &class) >= 0);
+        printf("class = %s\n", class);
+        free(class);
+
+        display = NULL;
+        r = sd_session_get_display(session, &display);
+        assert_se(r >= 0 || r == -ENODATA);
+        printf("display = %s\n", strna(display));
+        free(display);
+
+        remote_user = NULL;
+        r = sd_session_get_remote_user(session, &remote_user);
+        assert_se(r >= 0 || r == -ENODATA);
+        printf("remote_user = %s\n", strna(remote_user));
+        free(remote_user);
+
+        remote_host = NULL;
+        r = sd_session_get_remote_host(session, &remote_host);
+        assert_se(r >= 0 || r == -ENODATA);
+        printf("remote_host = %s\n", strna(remote_host));
+        free(remote_host);
+
+        assert_se(sd_session_get_seat(session, &seat) >= 0);
+        printf("seat = %s\n", seat);
+
+        r = sd_seat_can_multi_session(seat);
+        assert_se(r >= 0);
+        printf("can do multi session = %s\n", yes_no(r));
+
+        r = sd_seat_can_tty(seat);
+        assert_se(r >= 0);
+        printf("can do tty = %s\n", yes_no(r));
+
+        r = sd_seat_can_graphical(seat);
+        assert_se(r >= 0);
+        printf("can do graphical = %s\n", yes_no(r));
+
+        assert_se(sd_uid_get_state(u, &state) >= 0);
+        printf("state = %s\n", state);
+
+        assert_se(sd_uid_is_on_seat(u, 0, seat) > 0);
+
+        k = sd_uid_is_on_seat(u, 1, seat);
+        assert_se(k >= 0);
+        assert_se(!!r == !!r);
+
+        assert_se(sd_seat_get_active(seat, &session2, &u2) >= 0);
+        printf("session2 = %s\n", session2);
+        printf("uid2 = "UID_FMT"\n", u2);
+
+        r = sd_seat_get_sessions(seat, &sessions, &uids, &n);
+        assert_se(r >= 0);
+        printf("n_sessions = %i\n", r);
+        assert_se(r == (int) strv_length(sessions));
+        assert_se(t = strv_join(sessions, ", "));
+        strv_free(sessions);
+        printf("sessions = %s\n", t);
+        free(t);
+        printf("uids =");
+        for (k = 0; k < (int) n; k++)
+                printf(" "UID_FMT, uids[k]);
+        printf("\n");
+        free(uids);
+
+        assert_se(sd_seat_get_sessions(seat, NULL, NULL, NULL) == r);
+
+        free(session);
+        free(state);
+        free(session2);
+        free(seat);
+
+        r = sd_get_seats(&seats);
+        assert_se(r >= 0);
+        assert_se(r == (int) strv_length(seats));
+        assert_se(t = strv_join(seats, ", "));
+        strv_free(seats);
+        printf("n_seats = %i\n", r);
+        printf("seats = %s\n", t);
+        free(t);
+
+        assert_se(sd_get_seats(NULL) == r);
+
+        r = sd_seat_get_active(NULL, &t, NULL);
+        assert_se(r >= 0);
+        printf("active session on current seat = %s\n", t);
+        free(t);
+
+        r = sd_get_sessions(&sessions);
+        assert_se(r >= 0);
+        assert_se(r == (int) strv_length(sessions));
+        assert_se(t = strv_join(sessions, ", "));
+        strv_free(sessions);
+        printf("n_sessions = %i\n", r);
+        printf("sessions = %s\n", t);
+        free(t);
+
+        assert_se(sd_get_sessions(NULL) == r);
+
+        r = sd_get_uids(&uids);
+        assert_se(r >= 0);
+
+        printf("uids =");
+        for (k = 0; k < r; k++)
+                printf(" "UID_FMT, uids[k]);
+        printf("\n");
+        free(uids);
+
+        printf("n_uids = %i\n", r);
+        assert_se(sd_get_uids(NULL) == r);
+
+        r = sd_get_machine_names(&machines);
+        assert_se(r >= 0);
+        assert_se(r == (int) strv_length(machines));
+        assert_se(t = strv_join(machines, ", "));
+        strv_free(machines);
+        printf("n_machines = %i\n", r);
+        printf("machines = %s\n", t);
+        free(t);
+
+        r = sd_login_monitor_new("session", &m);
+        assert_se(r >= 0);
+
+        for (n = 0; n < 5; n++) {
+                usec_t timeout, nw;
+
+                zero(pollfd);
+                assert_se((pollfd.fd = sd_login_monitor_get_fd(m)) >= 0);
+                assert_se((pollfd.events = sd_login_monitor_get_events(m)) >= 0);
+
+                assert_se(sd_login_monitor_get_timeout(m, &timeout) >= 0);
+
+                nw = now(CLOCK_MONOTONIC);
+
+                r = poll(&pollfd, 1,
+                         timeout == (uint64_t) -1 ? -1 :
+                         timeout > nw ? (int) ((timeout - nw) / 1000) :
+                         0);
+
+                assert_se(r >= 0);
+
+                sd_login_monitor_flush(m);
+                printf("Wake!\n");
+        }
+
+        sd_login_monitor_unref(m);
+}
+
+int main(int argc, char* argv[]) {
+        log_parse_environment();
+        log_open();
+
+        test_login();
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/netlink-internal.h b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-internal.h
new file mode 100644
index 0000000000..1d29c3a369
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-internal.h
@@ -0,0 +1,137 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <linux/netlink.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "list.h"
+#include "netlink-types.h"
+#include "prioq.h"
+#include "refcnt.h"
+
+#define RTNL_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
+
+#define RTNL_WQUEUE_MAX 1024
+#define RTNL_RQUEUE_MAX 64*1024
+
+#define RTNL_CONTAINER_DEPTH 32
+
+struct reply_callback {
+        sd_netlink_message_handler_t callback;
+        void *userdata;
+        usec_t timeout;
+        uint64_t serial;
+        unsigned prioq_idx;
+};
+
+struct match_callback {
+        sd_netlink_message_handler_t callback;
+        uint16_t type;
+        void *userdata;
+
+        LIST_FIELDS(struct match_callback, match_callbacks);
+};
+
+struct sd_netlink {
+        RefCount n_ref;
+
+        int fd;
+
+        union {
+                struct sockaddr sa;
+                struct sockaddr_nl nl;
+        } sockaddr;
+
+        Hashmap *broadcast_group_refs;
+        bool broadcast_group_dont_leave:1; /* until we can rely on 4.2 */
+
+        sd_netlink_message **rqueue;
+        unsigned rqueue_size;
+        size_t rqueue_allocated;
+
+        sd_netlink_message **rqueue_partial;
+        unsigned rqueue_partial_size;
+        size_t rqueue_partial_allocated;
+
+        struct nlmsghdr *rbuffer;
+        size_t rbuffer_allocated;
+
+        bool processing:1;
+
+        uint32_t serial;
+
+        struct Prioq *reply_callbacks_prioq;
+        Hashmap *reply_callbacks;
+
+        LIST_HEAD(struct match_callback, match_callbacks);
+
+        pid_t original_pid;
+
+        sd_event_source *io_event_source;
+        sd_event_source *time_event_source;
+        sd_event_source *exit_event_source;
+        sd_event *event;
+};
+
+struct netlink_attribute {
+        size_t offset; /* offset from hdr to attribute */
+        bool nested:1;
+        bool net_byteorder:1;
+};
+
+struct netlink_container {
+        const struct NLTypeSystem *type_system; /* the type system of the container */
+        size_t offset; /* offset from hdr to the start of the container */
+        struct netlink_attribute *attributes;
+        unsigned short n_attributes; /* number of attributes in container */
+};
+
+struct sd_netlink_message {
+        RefCount n_ref;
+
+        sd_netlink *rtnl;
+
+        struct nlmsghdr *hdr;
+        struct netlink_container containers[RTNL_CONTAINER_DEPTH];
+        unsigned n_containers; /* number of containers */
+        bool sealed:1;
+        bool broadcast:1;
+
+        sd_netlink_message *next; /* next in a chain of multi-part messages */
+};
+
+int message_new(sd_netlink *rtnl, sd_netlink_message **ret, uint16_t type);
+int message_new_empty(sd_netlink *rtnl, sd_netlink_message **ret);
+
+int socket_open(int family);
+int socket_bind(sd_netlink *nl);
+int socket_broadcast_group_ref(sd_netlink *nl, unsigned group);
+int socket_broadcast_group_unref(sd_netlink *nl, unsigned group);
+int socket_write_message(sd_netlink *nl, sd_netlink_message *m);
+int socket_read_message(sd_netlink *nl);
+
+int rtnl_rqueue_make_room(sd_netlink *rtnl);
+int rtnl_rqueue_partial_make_room(sd_netlink *rtnl);
+
+/* Make sure callbacks don't destroy the rtnl connection */
+#define NETLINK_DONT_DESTROY(rtnl) \
+        _cleanup_(sd_netlink_unrefp) _unused_ sd_netlink *_dont_destroy_##rtnl = sd_netlink_ref(rtnl)
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/netlink-message.c b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-message.c
new file mode 100644
index 0000000000..c00785ea41
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-message.c
@@ -0,0 +1,961 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/in.h>
+#include <stdbool.h>
+#include <unistd.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "formats-util.h"
+#include "missing.h"
+#include "netlink-internal.h"
+#include "netlink-types.h"
+#include "netlink-util.h"
+#include "refcnt.h"
+#include "socket-util.h"
+#include "util.h"
+
+#define GET_CONTAINER(m, i) ((i) < (m)->n_containers ? (struct rtattr*)((uint8_t*)(m)->hdr + (m)->containers[i].offset) : NULL)
+#define PUSH_CONTAINER(m, new) (m)->container_offsets[(m)->n_containers++] = (uint8_t*)(new) - (uint8_t*)(m)->hdr;
+
+#define RTA_TYPE(rta) ((rta)->rta_type & NLA_TYPE_MASK)
+#define RTA_FLAGS(rta) ((rta)->rta_type & ~NLA_TYPE_MASK)
+
+int message_new_empty(sd_netlink *rtnl, sd_netlink_message **ret) {
+        sd_netlink_message *m;
+
+        assert_return(ret, -EINVAL);
+
+        /* Note that 'rtnl' is currently unused, if we start using it internally
+           we must take care to avoid problems due to mutual references between
+           buses and their queued messages. See sd-bus.
+         */
+
+        m = new0(sd_netlink_message, 1);
+        if (!m)
+                return -ENOMEM;
+
+        m->n_ref = REFCNT_INIT;
+
+        m->sealed = false;
+
+        *ret = m;
+
+        return 0;
+}
+
+int message_new(sd_netlink *rtnl, sd_netlink_message **ret, uint16_t type) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        const NLType *nl_type;
+        size_t size;
+        int r;
+
+        r = type_system_get_type(&type_system_root, &nl_type, type);
+        if (r < 0)
+                return r;
+
+        if (type_get_type(nl_type) != NETLINK_TYPE_NESTED)
+                return -EINVAL;
+
+        r = message_new_empty(rtnl, &m);
+        if (r < 0)
+                return r;
+
+        size = NLMSG_SPACE(type_get_size(nl_type));
+
+        assert(size >= sizeof(struct nlmsghdr));
+        m->hdr = malloc0(size);
+        if (!m->hdr)
+                return -ENOMEM;
+
+        m->hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+
+        type_get_type_system(nl_type, &m->containers[0].type_system);
+        m->hdr->nlmsg_len = size;
+        m->hdr->nlmsg_type = type;
+
+        *ret = m;
+        m = NULL;
+
+        return 0;
+}
+
+int sd_netlink_message_request_dump(sd_netlink_message *m, int dump) {
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(m->hdr->nlmsg_type == RTM_GETLINK  ||
+                      m->hdr->nlmsg_type == RTM_GETADDR  ||
+                      m->hdr->nlmsg_type == RTM_GETROUTE ||
+                      m->hdr->nlmsg_type == RTM_GETNEIGH,
+                      -EINVAL);
+
+        SET_FLAG(m->hdr->nlmsg_flags, NLM_F_DUMP, dump);
+
+        return 0;
+}
+
+sd_netlink_message *sd_netlink_message_ref(sd_netlink_message *m) {
+        if (m)
+                assert_se(REFCNT_INC(m->n_ref) >= 2);
+
+        return m;
+}
+
+sd_netlink_message *sd_netlink_message_unref(sd_netlink_message *m) {
+        if (m && REFCNT_DEC(m->n_ref) == 0) {
+                unsigned i;
+
+                free(m->hdr);
+
+                for (i = 0; i <= m->n_containers; i++)
+                        free(m->containers[i].attributes);
+
+                sd_netlink_message_unref(m->next);
+
+                free(m);
+        }
+
+        return NULL;
+}
+
+int sd_netlink_message_get_type(sd_netlink_message *m, uint16_t *type) {
+        assert_return(m, -EINVAL);
+        assert_return(type, -EINVAL);
+
+        *type = m->hdr->nlmsg_type;
+
+        return 0;
+}
+
+int sd_netlink_message_set_flags(sd_netlink_message *m, uint16_t flags) {
+        assert_return(m, -EINVAL);
+        assert_return(flags, -EINVAL);
+
+        m->hdr->nlmsg_flags = flags;
+
+        return 0;
+}
+
+int sd_netlink_message_is_broadcast(sd_netlink_message *m) {
+        assert_return(m, -EINVAL);
+
+        return m->broadcast;
+}
+
+/* If successful the updated message will be correctly aligned, if
+   unsuccessful the old message is untouched. */
+static int add_rtattr(sd_netlink_message *m, unsigned short type, const void *data, size_t data_length) {
+        uint32_t rta_length;
+        size_t message_length, padding_length;
+        struct nlmsghdr *new_hdr;
+        struct rtattr *rta;
+        char *padding;
+        unsigned i;
+        int offset;
+
+        assert(m);
+        assert(m->hdr);
+        assert(!m->sealed);
+        assert(NLMSG_ALIGN(m->hdr->nlmsg_len) == m->hdr->nlmsg_len);
+        assert(!data || data_length);
+
+        /* get offset of the new attribute */
+        offset = m->hdr->nlmsg_len;
+
+        /* get the size of the new rta attribute (with padding at the end) */
+        rta_length = RTA_LENGTH(data_length);
+
+        /* get the new message size (with padding at the end) */
+        message_length = offset + RTA_ALIGN(rta_length);
+
+        /* realloc to fit the new attribute */
+        new_hdr = realloc(m->hdr, message_length);
+        if (!new_hdr)
+                return -ENOMEM;
+        m->hdr = new_hdr;
+
+        /* get pointer to the attribute we are about to add */
+        rta = (struct rtattr *) ((uint8_t *) m->hdr + offset);
+
+        /* if we are inside containers, extend them */
+        for (i = 0; i < m->n_containers; i++)
+                GET_CONTAINER(m, i)->rta_len += message_length - offset;
+
+        /* fill in the attribute */
+        rta->rta_type = type;
+        rta->rta_len = rta_length;
+        if (data)
+                /* we don't deal with the case where the user lies about the type
+                 * and gives us too little data (so don't do that)
+                 */
+                padding = mempcpy(RTA_DATA(rta), data, data_length);
+
+        else
+                /* if no data was passed, make sure we still initialize the padding
+                   note that we can have data_length > 0 (used by some containers) */
+                padding = RTA_DATA(rta);
+
+        /* make sure also the padding at the end of the message is initialized */
+        padding_length = (uint8_t*)m->hdr + message_length - (uint8_t*)padding;
+        memzero(padding, padding_length);
+
+        /* update message size */
+        m->hdr->nlmsg_len = message_length;
+
+        return offset;
+}
+
+static int message_attribute_has_type(sd_netlink_message *m, size_t *out_size, uint16_t attribute_type, uint16_t data_type) {
+        const NLType *type;
+        int r;
+
+        assert(m);
+
+        r = type_system_get_type(m->containers[m->n_containers].type_system, &type, attribute_type);
+        if (r < 0)
+                return r;
+
+        if (type_get_type(type) != data_type)
+                return -EINVAL;
+
+        if (out_size)
+                *out_size = type_get_size(type);
+        return 0;
+}
+
+int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, const char *data) {
+        size_t length, size;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(data, -EINVAL);
+
+        r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_STRING);
+        if (r < 0)
+                return r;
+
+        if (size) {
+                length = strnlen(data, size+1);
+                if (length > size)
+                        return -EINVAL;
+        } else
+                length = strlen(data);
+
+        r = add_rtattr(m, type, data, length + 1);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type) {
+        size_t size;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_FLAG);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, NULL, 0);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U8);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, &data, sizeof(uint8_t));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+
+int sd_netlink_message_append_u16(sd_netlink_message *m, unsigned short type, uint16_t data) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U16);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, &data, sizeof(uint16_t));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, uint32_t data) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U32);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, &data, sizeof(uint32_t));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        r = add_rtattr(m, type, data, len);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(data, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, data, sizeof(struct in_addr));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(data, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, data, sizeof(struct in6_addr));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(data, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_ETHER_ADDR);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, data, ETH_ALEN);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info) {
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(info, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_CACHE_INFO);
+        if (r < 0)
+                return r;
+
+        r = add_rtattr(m, type, info, sizeof(struct ifa_cacheinfo));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int sd_netlink_message_open_container(sd_netlink_message *m, unsigned short type) {
+        size_t size;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -ERANGE);
+
+        r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_NESTED);
+        if (r < 0) {
+                const NLTypeSystemUnion *type_system_union;
+                int family;
+
+                r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_UNION);
+                if (r < 0)
+                        return r;
+
+                r = sd_rtnl_message_get_family(m, &family);
+                if (r < 0)
+                        return r;
+
+                r = type_system_get_type_system_union(m->containers[m->n_containers].type_system, &type_system_union, type);
+                if (r < 0)
+                        return r;
+
+                r = type_system_union_protocol_get_type_system(type_system_union,
+                                                               &m->containers[m->n_containers + 1].type_system,
+                                                               family);
+                if (r < 0)
+                        return r;
+        } else {
+                r = type_system_get_type_system(m->containers[m->n_containers].type_system,
+                                                &m->containers[m->n_containers + 1].type_system,
+                                                type);
+                if (r < 0)
+                        return r;
+        }
+
+        r = add_rtattr(m, type | NLA_F_NESTED, NULL, size);
+        if (r < 0)
+                return r;
+
+        m->containers[m->n_containers++].offset = r;
+
+        return 0;
+}
+
+int sd_netlink_message_open_container_union(sd_netlink_message *m, unsigned short type, const char *key) {
+        const NLTypeSystemUnion *type_system_union;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+
+        r = type_system_get_type_system_union(m->containers[m->n_containers].type_system, &type_system_union, type);
+        if (r < 0)
+                return r;
+
+        r = type_system_union_get_type_system(type_system_union,
+                                              &m->containers[m->n_containers + 1].type_system,
+                                              key);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_append_string(m, type_system_union->match, key);
+        if (r < 0)
+                return r;
+
+        /* do we evere need non-null size */
+        r = add_rtattr(m, type | NLA_F_NESTED, NULL, 0);
+        if (r < 0)
+                return r;
+
+        m->containers[m->n_containers++].offset = r;
+
+        return 0;
+}
+
+
+int sd_netlink_message_close_container(sd_netlink_message *m) {
+        assert_return(m, -EINVAL);
+        assert_return(!m->sealed, -EPERM);
+        assert_return(m->n_containers > 0, -EINVAL);
+
+        m->containers[m->n_containers].type_system = NULL;
+        m->n_containers--;
+
+        return 0;
+}
+
+static int netlink_message_read_internal(sd_netlink_message *m, unsigned short type, void **data, bool *net_byteorder) {
+        struct netlink_attribute *attribute;
+        struct rtattr *rta;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EPERM);
+        assert_return(data, -EINVAL);
+        assert(m->n_containers < RTNL_CONTAINER_DEPTH);
+        assert(m->containers[m->n_containers].attributes);
+        assert(type < m->containers[m->n_containers].n_attributes);
+
+        attribute = &m->containers[m->n_containers].attributes[type];
+
+        if (!attribute->offset)
+                return -ENODATA;
+
+        rta = (struct rtattr*)((uint8_t *) m->hdr + attribute->offset);
+
+        *data = RTA_DATA(rta);
+
+        if (net_byteorder)
+                *net_byteorder = attribute->net_byteorder;
+
+        return RTA_PAYLOAD(rta);
+}
+
+int sd_netlink_message_read_string(sd_netlink_message *m, unsigned short type, const char **data) {
+        int r;
+        void *attr_data;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_STRING);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, NULL);
+        if (r < 0)
+                return r;
+        else if (strnlen(attr_data, r) >= (size_t) r)
+                return -EIO;
+
+        if (data)
+                *data = (const char *) attr_data;
+
+        return 0;
+}
+
+int sd_netlink_message_read_u8(sd_netlink_message *m, unsigned short type, uint8_t *data) {
+        int r;
+        void *attr_data;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U8);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, NULL);
+        if (r < 0)
+                return r;
+        else if ((size_t) r < sizeof(uint8_t))
+                return -EIO;
+
+        if (data)
+                *data = *(uint8_t *) attr_data;
+
+        return 0;
+}
+
+int sd_netlink_message_read_u16(sd_netlink_message *m, unsigned short type, uint16_t *data) {
+        void *attr_data;
+        bool net_byteorder;
+        int r;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U16);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, &net_byteorder);
+        if (r < 0)
+                return r;
+        else if ((size_t) r < sizeof(uint16_t))
+                return -EIO;
+
+        if (data) {
+                if (net_byteorder)
+                        *data = be16toh(*(uint16_t *) attr_data);
+                else
+                        *data = *(uint16_t *) attr_data;
+        }
+
+        return 0;
+}
+
+int sd_netlink_message_read_u32(sd_netlink_message *m, unsigned short type, uint32_t *data) {
+        void *attr_data;
+        bool net_byteorder;
+        int r;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U32);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, &net_byteorder);
+        if (r < 0)
+                return r;
+        else if ((size_t)r < sizeof(uint32_t))
+                return -EIO;
+
+        if (data) {
+                if (net_byteorder)
+                        *data = be32toh(*(uint32_t *) attr_data);
+                else
+                        *data = *(uint32_t *) attr_data;
+        }
+
+        return 0;
+}
+
+int sd_netlink_message_read_ether_addr(sd_netlink_message *m, unsigned short type, struct ether_addr *data) {
+        int r;
+        void *attr_data;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_ETHER_ADDR);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, NULL);
+        if (r < 0)
+                return r;
+        else if ((size_t)r < sizeof(struct ether_addr))
+                return -EIO;
+
+        if (data)
+                memcpy(data, attr_data, sizeof(struct ether_addr));
+
+        return 0;
+}
+
+int sd_netlink_message_read_cache_info(sd_netlink_message *m, unsigned short type, struct ifa_cacheinfo *info) {
+        int r;
+        void *attr_data;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_CACHE_INFO);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, NULL);
+        if (r < 0)
+                return r;
+        else if ((size_t)r < sizeof(struct ifa_cacheinfo))
+                return -EIO;
+
+        if (info)
+                memcpy(info, attr_data, sizeof(struct ifa_cacheinfo));
+
+        return 0;
+}
+
+int sd_netlink_message_read_in_addr(sd_netlink_message *m, unsigned short type, struct in_addr *data) {
+        int r;
+        void *attr_data;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, NULL);
+        if (r < 0)
+                return r;
+        else if ((size_t)r < sizeof(struct in_addr))
+                return -EIO;
+
+        if (data)
+                memcpy(data, attr_data, sizeof(struct in_addr));
+
+        return 0;
+}
+
+int sd_netlink_message_read_in6_addr(sd_netlink_message *m, unsigned short type, struct in6_addr *data) {
+        int r;
+        void *attr_data;
+
+        assert_return(m, -EINVAL);
+
+        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
+        if (r < 0)
+                return r;
+
+        r = netlink_message_read_internal(m, type, &attr_data, NULL);
+        if (r < 0)
+                return r;
+        else if ((size_t)r < sizeof(struct in6_addr))
+                return -EIO;
+
+        if (data)
+                memcpy(data, attr_data, sizeof(struct in6_addr));
+
+        return 0;
+}
+
+static int netlink_container_parse(sd_netlink_message *m,
+                                   struct netlink_container *container,
+                                   int count,
+                                   struct rtattr *rta,
+                                   unsigned int rt_len) {
+        _cleanup_free_ struct netlink_attribute *attributes = NULL;
+
+        attributes = new0(struct netlink_attribute, count);
+        if (!attributes)
+                return -ENOMEM;
+
+        for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
+                unsigned short type;
+
+                type = RTA_TYPE(rta);
+
+                /* if the kernel is newer than the headers we used
+                   when building, we ignore out-of-range attributes */
+                if (type >= count)
+                        continue;
+
+                if (attributes[type].offset)
+                        log_debug("rtnl: message parse - overwriting repeated attribute");
+
+                attributes[type].offset = (uint8_t *) rta - (uint8_t *) m->hdr;
+                attributes[type].nested = RTA_FLAGS(rta) & NLA_F_NESTED;
+                attributes[type].net_byteorder = RTA_FLAGS(rta) & NLA_F_NET_BYTEORDER;
+        }
+
+        container->attributes = attributes;
+        attributes = NULL;
+        container->n_attributes = count;
+
+        return 0;
+}
+
+int sd_netlink_message_enter_container(sd_netlink_message *m, unsigned short type_id) {
+        const NLType *nl_type;
+        const NLTypeSystem *type_system;
+        void *container;
+        uint16_t type;
+        size_t size;
+        int r;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -EINVAL);
+
+        r = type_system_get_type(m->containers[m->n_containers].type_system,
+                                 &nl_type,
+                                 type_id);
+        if (r < 0)
+                return r;
+
+        type = type_get_type(nl_type);
+
+        if (type == NETLINK_TYPE_NESTED) {
+                r = type_system_get_type_system(m->containers[m->n_containers].type_system,
+                                                &type_system,
+                                                type_id);
+                if (r < 0)
+                        return r;
+        } else if (type == NETLINK_TYPE_UNION) {
+                const NLTypeSystemUnion *type_system_union;
+
+                r = type_system_get_type_system_union(m->containers[m->n_containers].type_system,
+                                                      &type_system_union,
+                                                      type_id);
+                if (r < 0)
+                        return r;
+
+                switch (type_system_union->match_type) {
+                case NL_MATCH_SIBLING:
+                {
+                        const char *key;
+
+                        r = sd_netlink_message_read_string(m, type_system_union->match, &key);
+                        if (r < 0)
+                                return r;
+
+                        r = type_system_union_get_type_system(type_system_union,
+                                                              &type_system,
+                                                              key);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                }
+                case NL_MATCH_PROTOCOL:
+                {
+                        int family;
+
+                        r = sd_rtnl_message_get_family(m, &family);
+                        if (r < 0)
+                                return r;
+
+                        r = type_system_union_protocol_get_type_system(type_system_union,
+                                                                       &type_system,
+                                                                       family);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                }
+                default:
+                        assert_not_reached("sd-netlink: invalid type system union type");
+                }
+        } else
+                return -EINVAL;
+
+        r = netlink_message_read_internal(m, type_id, &container, NULL);
+        if (r < 0)
+                return r;
+        else
+                size = (size_t)r;
+
+        m->n_containers++;
+
+        r = netlink_container_parse(m,
+                                    &m->containers[m->n_containers],
+                                    type_system_get_count(type_system),
+                                    container,
+                                    size);
+        if (r < 0) {
+                m->n_containers--;
+                return r;
+        }
+
+        m->containers[m->n_containers].type_system = type_system;
+
+        return 0;
+}
+
+int sd_netlink_message_exit_container(sd_netlink_message *m) {
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EINVAL);
+        assert_return(m->n_containers > 0, -EINVAL);
+
+        m->containers[m->n_containers].attributes = mfree(m->containers[m->n_containers].attributes);
+        m->containers[m->n_containers].type_system = NULL;
+
+        m->n_containers--;
+
+        return 0;
+}
+
+uint32_t rtnl_message_get_serial(sd_netlink_message *m) {
+        assert(m);
+        assert(m->hdr);
+
+        return m->hdr->nlmsg_seq;
+}
+
+int sd_netlink_message_is_error(sd_netlink_message *m) {
+        assert_return(m, 0);
+        assert_return(m->hdr, 0);
+
+        return m->hdr->nlmsg_type == NLMSG_ERROR;
+}
+
+int sd_netlink_message_get_errno(sd_netlink_message *m) {
+        struct nlmsgerr *err;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+
+        if (!sd_netlink_message_is_error(m))
+                return 0;
+
+        err = NLMSG_DATA(m->hdr);
+
+        return err->error;
+}
+
+int sd_netlink_message_rewind(sd_netlink_message *m) {
+        const NLType *nl_type;
+        uint16_t type;
+        size_t size;
+        unsigned i;
+        int r;
+
+        assert_return(m, -EINVAL);
+
+        /* don't allow appending to message once parsed */
+        if (!m->sealed)
+                rtnl_message_seal(m);
+
+        for (i = 1; i <= m->n_containers; i++)
+                m->containers[i].attributes = mfree(m->containers[i].attributes);
+
+        m->n_containers = 0;
+
+        if (m->containers[0].attributes)
+                /* top-level attributes have already been parsed */
+                return 0;
+
+        assert(m->hdr);
+
+        r = type_system_get_type(&type_system_root, &nl_type, m->hdr->nlmsg_type);
+        if (r < 0)
+                return r;
+
+        type = type_get_type(nl_type);
+        size = type_get_size(nl_type);
+
+        if (type == NETLINK_TYPE_NESTED) {
+                const NLTypeSystem *type_system;
+
+                type_get_type_system(nl_type, &type_system);
+
+                m->containers[0].type_system = type_system;
+
+                r = netlink_container_parse(m,
+                                            &m->containers[m->n_containers],
+                                            type_system_get_count(type_system),
+                                            (struct rtattr*)((uint8_t*)NLMSG_DATA(m->hdr) + NLMSG_ALIGN(size)),
+                                            NLMSG_PAYLOAD(m->hdr, size));
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+void rtnl_message_seal(sd_netlink_message *m) {
+        assert(m);
+        assert(!m->sealed);
+
+        m->sealed = true;
+}
+
+sd_netlink_message *sd_netlink_message_next(sd_netlink_message *m) {
+        assert_return(m, NULL);
+
+        return m->next;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/netlink-socket.c b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-socket.c
new file mode 100644
index 0000000000..d28a413c65
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-socket.c
@@ -0,0 +1,474 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/in.h>
+#include <stdbool.h>
+#include <unistd.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "formats-util.h"
+#include "missing.h"
+#include "netlink-internal.h"
+#include "netlink-types.h"
+#include "netlink-util.h"
+#include "refcnt.h"
+#include "socket-util.h"
+#include "util.h"
+
+int socket_open(int family) {
+        int fd;
+
+        fd = socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, family);
+        if (fd < 0)
+                return -errno;
+
+        return fd;
+}
+
+static int broadcast_groups_get(sd_netlink *nl) {
+        _cleanup_free_ uint32_t *groups = NULL;
+        socklen_t len = 0, old_len;
+        unsigned i, j;
+        int r;
+
+        assert(nl);
+        assert(nl->fd >= 0);
+
+        r = getsockopt(nl->fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, NULL, &len);
+        if (r < 0) {
+                if (errno == ENOPROTOOPT) {
+                        nl->broadcast_group_dont_leave = true;
+                        return 0;
+                } else
+                        return -errno;
+        }
+
+        if (len == 0)
+                return 0;
+
+        groups = new0(uint32_t, len);
+        if (!groups)
+                return -ENOMEM;
+
+        old_len = len;
+
+        r = getsockopt(nl->fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, groups, &len);
+        if (r < 0)
+                return -errno;
+
+        if (old_len != len)
+                return -EIO;
+
+        r = hashmap_ensure_allocated(&nl->broadcast_group_refs, NULL);
+        if (r < 0)
+                return r;
+
+        for (i = 0; i < len; i++) {
+                for (j = 0; j < sizeof(uint32_t) * 8; j++) {
+                        uint32_t offset;
+                        unsigned group;
+
+                        offset = 1U << j;
+
+                        if (!(groups[i] & offset))
+                                continue;
+
+                        group = i * sizeof(uint32_t) * 8 + j + 1;
+
+                        r = hashmap_put(nl->broadcast_group_refs, UINT_TO_PTR(group), UINT_TO_PTR(1));
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        return 0;
+}
+
+int socket_bind(sd_netlink *nl) {
+        socklen_t addrlen;
+        int r, one = 1;
+
+        r = setsockopt(nl->fd, SOL_NETLINK, NETLINK_PKTINFO, &one, sizeof(one));
+        if (r < 0)
+                return -errno;
+
+        addrlen = sizeof(nl->sockaddr);
+
+        r = bind(nl->fd, &nl->sockaddr.sa, addrlen);
+        /* ignore EINVAL to allow opening an already bound socket */
+        if (r < 0 && errno != EINVAL)
+                return -errno;
+
+        r = getsockname(nl->fd, &nl->sockaddr.sa, &addrlen);
+        if (r < 0)
+                return -errno;
+
+        r = broadcast_groups_get(nl);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static unsigned broadcast_group_get_ref(sd_netlink *nl, unsigned group) {
+        assert(nl);
+
+        return PTR_TO_UINT(hashmap_get(nl->broadcast_group_refs, UINT_TO_PTR(group)));
+}
+
+static int broadcast_group_set_ref(sd_netlink *nl, unsigned group, unsigned n_ref) {
+        int r;
+
+        assert(nl);
+
+        r = hashmap_replace(nl->broadcast_group_refs, UINT_TO_PTR(group), UINT_TO_PTR(n_ref));
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int broadcast_group_join(sd_netlink *nl, unsigned group) {
+        int r;
+
+        assert(nl);
+        assert(nl->fd >= 0);
+        assert(group > 0);
+
+        r = setsockopt(nl->fd, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP, &group, sizeof(group));
+        if (r < 0)
+                return -errno;
+
+        return 0;
+}
+
+int socket_broadcast_group_ref(sd_netlink *nl, unsigned group) {
+        unsigned n_ref;
+        int r;
+
+        assert(nl);
+
+        n_ref = broadcast_group_get_ref(nl, group);
+
+        n_ref++;
+
+        r = hashmap_ensure_allocated(&nl->broadcast_group_refs, NULL);
+        if (r < 0)
+                return r;
+
+        r = broadcast_group_set_ref(nl, group, n_ref);
+        if (r < 0)
+                return r;
+
+        if (n_ref > 1)
+                /* not yet in the group */
+                return 0;
+
+        r = broadcast_group_join(nl, group);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int broadcast_group_leave(sd_netlink *nl, unsigned group) {
+        int r;
+
+        assert(nl);
+        assert(nl->fd >= 0);
+        assert(group > 0);
+
+        if (nl->broadcast_group_dont_leave)
+                return 0;
+
+        r = setsockopt(nl->fd, SOL_NETLINK, NETLINK_DROP_MEMBERSHIP, &group, sizeof(group));
+        if (r < 0)
+                return -errno;
+
+        return 0;
+}
+
+int socket_broadcast_group_unref(sd_netlink *nl, unsigned group) {
+        unsigned n_ref;
+        int r;
+
+        assert(nl);
+
+        n_ref = broadcast_group_get_ref(nl, group);
+
+        assert(n_ref > 0);
+
+        n_ref--;
+
+        r = broadcast_group_set_ref(nl, group, n_ref);
+        if (r < 0)
+                return r;
+
+        if (n_ref > 0)
+                /* still refs left */
+                return 0;
+
+        r = broadcast_group_leave(nl, group);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+/* returns the number of bytes sent, or a negative error code */
+int socket_write_message(sd_netlink *nl, sd_netlink_message *m) {
+        union {
+                struct sockaddr sa;
+                struct sockaddr_nl nl;
+        } addr = {
+                .nl.nl_family = AF_NETLINK,
+        };
+        ssize_t k;
+
+        assert(nl);
+        assert(m);
+        assert(m->hdr);
+
+        k = sendto(nl->fd, m->hdr, m->hdr->nlmsg_len,
+                        0, &addr.sa, sizeof(addr));
+        if (k < 0)
+                return -errno;
+
+        return k;
+}
+
+static int socket_recv_message(int fd, struct iovec *iov, uint32_t *_group, bool peek) {
+        union sockaddr_union sender;
+        uint8_t cmsg_buffer[CMSG_SPACE(sizeof(struct nl_pktinfo))];
+        struct msghdr msg = {
+                .msg_iov = iov,
+                .msg_iovlen = 1,
+                .msg_name = &sender,
+                .msg_namelen = sizeof(sender),
+                .msg_control = cmsg_buffer,
+                .msg_controllen = sizeof(cmsg_buffer),
+        };
+        struct cmsghdr *cmsg;
+        uint32_t group = 0;
+        int r;
+
+        assert(fd >= 0);
+        assert(iov);
+
+        r = recvmsg(fd, &msg, MSG_TRUNC | (peek ? MSG_PEEK : 0));
+        if (r < 0) {
+                /* no data */
+                if (errno == ENOBUFS)
+                        log_debug("rtnl: kernel receive buffer overrun");
+                else if (errno == EAGAIN)
+                        log_debug("rtnl: no data in socket");
+
+                return (errno == EAGAIN || errno == EINTR) ? 0 : -errno;
+        }
+
+        if (sender.nl.nl_pid != 0) {
+                /* not from the kernel, ignore */
+                log_debug("rtnl: ignoring message from portid %"PRIu32, sender.nl.nl_pid);
+
+                if (peek) {
+                        /* drop the message */
+                        r = recvmsg(fd, &msg, 0);
+                        if (r < 0)
+                                return (errno == EAGAIN || errno == EINTR) ? 0 : -errno;
+                }
+
+                return 0;
+        }
+
+        CMSG_FOREACH(cmsg, &msg) {
+                if (cmsg->cmsg_level == SOL_NETLINK &&
+                    cmsg->cmsg_type == NETLINK_PKTINFO &&
+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct nl_pktinfo))) {
+                        struct nl_pktinfo *pktinfo = (void *)CMSG_DATA(cmsg);
+
+                        /* multi-cast group */
+                        group = pktinfo->group;
+                }
+        }
+
+        if (_group)
+                *_group = group;
+
+        return r;
+}
+
+/* On success, the number of bytes received is returned and *ret points to the received message
+ * which has a valid header and the correct size.
+ * If nothing useful was received 0 is returned.
+ * On failure, a negative error code is returned.
+ */
+int socket_read_message(sd_netlink *rtnl) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *first = NULL;
+        struct iovec iov = {};
+        uint32_t group = 0;
+        bool multi_part = false, done = false;
+        struct nlmsghdr *new_msg;
+        size_t len;
+        int r;
+        unsigned i = 0;
+
+        assert(rtnl);
+        assert(rtnl->rbuffer);
+        assert(rtnl->rbuffer_allocated >= sizeof(struct nlmsghdr));
+
+        /* read nothing, just get the pending message size */
+        r = socket_recv_message(rtnl->fd, &iov, NULL, true);
+        if (r <= 0)
+                return r;
+        else
+                len = (size_t)r;
+
+        /* make room for the pending message */
+        if (!greedy_realloc((void **)&rtnl->rbuffer,
+                            &rtnl->rbuffer_allocated,
+                            len, sizeof(uint8_t)))
+                return -ENOMEM;
+
+        iov.iov_base = rtnl->rbuffer;
+        iov.iov_len = rtnl->rbuffer_allocated;
+
+        /* read the pending message */
+        r = socket_recv_message(rtnl->fd, &iov, &group, false);
+        if (r <= 0)
+                return r;
+        else
+                len = (size_t)r;
+
+        if (len > rtnl->rbuffer_allocated)
+                /* message did not fit in read buffer */
+                return -EIO;
+
+        if (NLMSG_OK(rtnl->rbuffer, len) && rtnl->rbuffer->nlmsg_flags & NLM_F_MULTI) {
+                multi_part = true;
+
+                for (i = 0; i < rtnl->rqueue_partial_size; i++) {
+                        if (rtnl_message_get_serial(rtnl->rqueue_partial[i]) ==
+                            rtnl->rbuffer->nlmsg_seq) {
+                                first = rtnl->rqueue_partial[i];
+                                break;
+                        }
+                }
+        }
+
+        for (new_msg = rtnl->rbuffer; NLMSG_OK(new_msg, len) && !done; new_msg = NLMSG_NEXT(new_msg, len)) {
+                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+                const NLType *nl_type;
+
+                if (!group && new_msg->nlmsg_pid != rtnl->sockaddr.nl.nl_pid)
+                        /* not broadcast and not for us */
+                        continue;
+
+                if (new_msg->nlmsg_type == NLMSG_NOOP)
+                        /* silently drop noop messages */
+                        continue;
+
+                if (new_msg->nlmsg_type == NLMSG_DONE) {
+                        /* finished reading multi-part message */
+                        done = true;
+
+                        /* if first is not defined, put NLMSG_DONE into the receive queue. */
+                        if (first)
+                                continue;
+                }
+
+                /* check that we support this message type */
+                r = type_system_get_type(&type_system_root, &nl_type, new_msg->nlmsg_type);
+                if (r < 0) {
+                        if (r == -EOPNOTSUPP)
+                                log_debug("sd-netlink: ignored message with unknown type: %i",
+                                          new_msg->nlmsg_type);
+
+                        continue;
+                }
+
+                /* check that the size matches the message type */
+                if (new_msg->nlmsg_len < NLMSG_LENGTH(type_get_size(nl_type))) {
+                        log_debug("sd-netlink: message larger than expected, dropping");
+                        continue;
+                }
+
+                r = message_new_empty(rtnl, &m);
+                if (r < 0)
+                        return r;
+
+                m->broadcast = !!group;
+
+                m->hdr = memdup(new_msg, new_msg->nlmsg_len);
+                if (!m->hdr)
+                        return -ENOMEM;
+
+                /* seal and parse the top-level message */
+                r = sd_netlink_message_rewind(m);
+                if (r < 0)
+                        return r;
+
+                /* push the message onto the multi-part message stack */
+                if (first)
+                        m->next = first;
+                first = m;
+                m = NULL;
+        }
+
+        if (len)
+                log_debug("sd-netlink: discarding %zu bytes of incoming message", len);
+
+        if (!first)
+                return 0;
+
+        if (!multi_part || done) {
+                /* we got a complete message, push it on the read queue */
+                r = rtnl_rqueue_make_room(rtnl);
+                if (r < 0)
+                        return r;
+
+                rtnl->rqueue[rtnl->rqueue_size++] = first;
+                first = NULL;
+
+                if (multi_part && (i < rtnl->rqueue_partial_size)) {
+                        /* remove the message form the partial read queue */
+                        memmove(rtnl->rqueue_partial + i,rtnl->rqueue_partial + i + 1,
+                                sizeof(sd_netlink_message*) * (rtnl->rqueue_partial_size - i - 1));
+                        rtnl->rqueue_partial_size--;
+                }
+
+                return 1;
+        } else {
+                /* we only got a partial multi-part message, push it on the
+                   partial read queue */
+                if (i < rtnl->rqueue_partial_size) {
+                        rtnl->rqueue_partial[i] = first;
+                } else {
+                        r = rtnl_rqueue_partial_make_room(rtnl);
+                        if (r < 0)
+                                return r;
+
+                        rtnl->rqueue_partial[rtnl->rqueue_partial_size++] = first;
+                }
+                first = NULL;
+
+                return 0;
+        }
+}
diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-types.c
index 3a4bac2ced..3a4bac2ced 100644
--- a/src/libsystemd/sd-netlink/netlink-types.c
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-types.c
diff --git a/src/libsystemd/sd-netlink/netlink-types.h b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-types.h
index ecb20bfcdc..ecb20bfcdc 100644
--- a/src/libsystemd/sd-netlink/netlink-types.h
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-types.h
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/netlink-util.c b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-util.c
new file mode 100644
index 0000000000..828ae7db7f
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-util.c
@@ -0,0 +1,170 @@
+/***
+ This file is part of systemd.
+
+ Copyright (C) 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-netlink.h>
+
+#include "netlink-internal.h"
+#include "netlink-util.h"
+
+int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+        int r;
+
+        assert(rtnl);
+        assert(ifindex > 0);
+        assert(name);
+
+        if (!*rtnl) {
+                r = sd_netlink_open(rtnl);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_append_string(message, IFLA_IFNAME, name);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(*rtnl, message, 0, NULL);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias,
+                             const struct ether_addr *mac, unsigned mtu) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+        int r;
+
+        assert(rtnl);
+        assert(ifindex > 0);
+
+        if (!alias && !mac && mtu == 0)
+                return 0;
+
+        if (!*rtnl) {
+                r = sd_netlink_open(rtnl);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
+        if (r < 0)
+                return r;
+
+        if (alias) {
+                r = sd_netlink_message_append_string(message, IFLA_IFALIAS, alias);
+                if (r < 0)
+                        return r;
+        }
+
+        if (mac) {
+                r = sd_netlink_message_append_ether_addr(message, IFLA_ADDRESS, mac);
+                if (r < 0)
+                        return r;
+        }
+
+        if (mtu > 0) {
+                r = sd_netlink_message_append_u32(message, IFLA_MTU, mtu);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_netlink_call(*rtnl, message, 0, NULL);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int rtnl_message_new_synthetic_error(int error, uint32_t serial, sd_netlink_message **ret) {
+        struct nlmsgerr *err;
+        int r;
+
+        assert(error <= 0);
+
+        r = message_new(NULL, ret, NLMSG_ERROR);
+        if (r < 0)
+                return r;
+
+        (*ret)->hdr->nlmsg_seq = serial;
+
+        err = NLMSG_DATA((*ret)->hdr);
+
+        err->error = error;
+
+        return 0;
+}
+
+bool rtnl_message_type_is_neigh(uint16_t type) {
+        switch (type) {
+                case RTM_NEWNEIGH:
+                case RTM_GETNEIGH:
+                case RTM_DELNEIGH:
+                        return true;
+                default:
+                        return false;
+        }
+}
+
+bool rtnl_message_type_is_route(uint16_t type) {
+        switch (type) {
+                case RTM_NEWROUTE:
+                case RTM_GETROUTE:
+                case RTM_DELROUTE:
+                        return true;
+                default:
+                        return false;
+        }
+}
+
+bool rtnl_message_type_is_link(uint16_t type) {
+        switch (type) {
+                case RTM_NEWLINK:
+                case RTM_SETLINK:
+                case RTM_GETLINK:
+                case RTM_DELLINK:
+                        return true;
+                default:
+                        return false;
+        }
+}
+
+bool rtnl_message_type_is_addr(uint16_t type) {
+        switch (type) {
+                case RTM_NEWADDR:
+                case RTM_GETADDR:
+                case RTM_DELADDR:
+                        return true;
+                default:
+                        return false;
+        }
+}
+
+int rtnl_log_parse_error(int r) {
+        return log_error_errno(r, "Failed to parse netlink message: %m");
+}
+
+int rtnl_log_create_error(int r) {
+        return log_error_errno(r, "Failed to create netlink message: %m");
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/netlink-util.h b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-util.h
new file mode 100644
index 0000000000..e8f932549f
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/netlink-util.h
@@ -0,0 +1,39 @@
+#pragma once
+
+/***
+ This file is part of systemd.
+
+ Copyright (C) 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-netlink.h>
+
+#include "util.h"
+
+int rtnl_message_new_synthetic_error(int error, uint32_t serial, sd_netlink_message **ret);
+uint32_t rtnl_message_get_serial(sd_netlink_message *m);
+void rtnl_message_seal(sd_netlink_message *m);
+
+bool rtnl_message_type_is_link(uint16_t type);
+bool rtnl_message_type_is_addr(uint16_t type);
+bool rtnl_message_type_is_route(uint16_t type);
+bool rtnl_message_type_is_neigh(uint16_t type);
+
+int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
+int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, unsigned mtu);
+
+int rtnl_log_parse_error(int r);
+int rtnl_log_create_error(int r);
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/rtnl-message.c b/src/libsystemd/libsystemd-internal/sd-netlink/rtnl-message.c
new file mode 100644
index 0000000000..f6482a6157
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/rtnl-message.c
@@ -0,0 +1,702 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/in.h>
+#include <stdbool.h>
+#include <unistd.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "formats-util.h"
+#include "missing.h"
+#include "netlink-internal.h"
+#include "netlink-types.h"
+#include "netlink-util.h"
+#include "refcnt.h"
+#include "socket-util.h"
+#include "util.h"
+
+int sd_rtnl_message_route_set_dst_prefixlen(sd_netlink_message *m, unsigned char prefixlen) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        if ((rtm->rtm_family == AF_INET && prefixlen > 32) ||
+            (rtm->rtm_family == AF_INET6 && prefixlen > 128))
+                return -ERANGE;
+
+        rtm->rtm_dst_len = prefixlen;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_set_src_prefixlen(sd_netlink_message *m, unsigned char prefixlen) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        if ((rtm->rtm_family == AF_INET && prefixlen > 32) ||
+            (rtm->rtm_family == AF_INET6 && prefixlen > 128))
+                return -ERANGE;
+
+        rtm->rtm_src_len = prefixlen;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_set_scope(sd_netlink_message *m, unsigned char scope) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        rtm->rtm_scope = scope;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_set_flags(sd_netlink_message *m, unsigned flags) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        rtm->rtm_flags = flags;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_flags(sd_netlink_message *m, unsigned *flags) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(flags, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *flags = rtm->rtm_flags;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_set_table(sd_netlink_message *m, unsigned char table) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        rtm->rtm_table = table;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_family(sd_netlink_message *m, int *family) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(family, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *family = rtm->rtm_family;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_set_family(sd_netlink_message *m, int family) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        rtm->rtm_family = family;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_protocol(sd_netlink_message *m, unsigned char *protocol) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(protocol, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *protocol = rtm->rtm_protocol;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_scope(sd_netlink_message *m, unsigned char *scope) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(scope, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *scope = rtm->rtm_scope;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_tos(sd_netlink_message *m, unsigned char *tos) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(tos, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *tos = rtm->rtm_tos;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_table(sd_netlink_message *m, unsigned char *table) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(table, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *table = rtm->rtm_table;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_dst_prefixlen(sd_netlink_message *m, unsigned char *dst_len) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(dst_len, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *dst_len = rtm->rtm_dst_len;
+
+        return 0;
+}
+
+int sd_rtnl_message_route_get_src_prefixlen(sd_netlink_message *m, unsigned char *src_len) {
+        struct rtmsg *rtm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(src_len, -EINVAL);
+
+        rtm = NLMSG_DATA(m->hdr);
+
+        *src_len = rtm->rtm_src_len;
+
+        return 0;
+}
+
+int sd_rtnl_message_new_route(sd_netlink *rtnl, sd_netlink_message **ret,
+                              uint16_t nlmsg_type, int rtm_family,
+                              unsigned char rtm_protocol) {
+        struct rtmsg *rtm;
+        int r;
+
+        assert_return(rtnl_message_type_is_route(nlmsg_type), -EINVAL);
+        assert_return((nlmsg_type == RTM_GETROUTE && rtm_family == AF_UNSPEC) ||
+                      rtm_family == AF_INET || rtm_family == AF_INET6, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        r = message_new(rtnl, ret, nlmsg_type);
+        if (r < 0)
+                return r;
+
+        if (nlmsg_type == RTM_NEWROUTE)
+                (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_APPEND;
+
+        rtm = NLMSG_DATA((*ret)->hdr);
+
+        rtm->rtm_family = rtm_family;
+        rtm->rtm_scope = RT_SCOPE_UNIVERSE;
+        rtm->rtm_type = RTN_UNICAST;
+        rtm->rtm_table = RT_TABLE_MAIN;
+        rtm->rtm_protocol = rtm_protocol;
+
+        return 0;
+}
+
+int sd_rtnl_message_neigh_set_flags(sd_netlink_message *m, uint8_t flags) {
+        struct ndmsg *ndm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
+
+        ndm = NLMSG_DATA(m->hdr);
+        ndm->ndm_flags |= flags;
+
+        return 0;
+}
+
+int sd_rtnl_message_neigh_set_state(sd_netlink_message *m, uint16_t state) {
+        struct ndmsg *ndm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
+
+        ndm = NLMSG_DATA(m->hdr);
+        ndm->ndm_state |= state;
+
+        return 0;
+}
+
+int sd_rtnl_message_neigh_get_flags(sd_netlink_message *m, uint8_t *flags) {
+        struct ndmsg *ndm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
+
+        ndm = NLMSG_DATA(m->hdr);
+        *flags = ndm->ndm_flags;
+
+        return 0;
+}
+
+int sd_rtnl_message_neigh_get_state(sd_netlink_message *m, uint16_t *state) {
+        struct ndmsg *ndm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
+
+        ndm = NLMSG_DATA(m->hdr);
+        *state = ndm->ndm_state;
+
+        return 0;
+}
+
+int sd_rtnl_message_neigh_get_family(sd_netlink_message *m, int *family) {
+        struct ndmsg *ndm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(family, -EINVAL);
+
+        ndm = NLMSG_DATA(m->hdr);
+
+        *family = ndm->ndm_family;
+
+        return 0;
+}
+
+int sd_rtnl_message_neigh_get_ifindex(sd_netlink_message *m, int *index) {
+        struct ndmsg *ndm;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(index, -EINVAL);
+
+        ndm = NLMSG_DATA(m->hdr);
+
+        *index = ndm->ndm_ifindex;
+
+        return 0;
+}
+
+int sd_rtnl_message_new_neigh(sd_netlink *rtnl, sd_netlink_message **ret, uint16_t nlmsg_type, int index, int ndm_family) {
+        struct ndmsg *ndm;
+        int r;
+
+        assert_return(rtnl_message_type_is_neigh(nlmsg_type), -EINVAL);
+        assert_return(ndm_family == AF_INET  ||
+                      ndm_family == AF_INET6 ||
+                      ndm_family == PF_BRIDGE, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        r = message_new(rtnl, ret, nlmsg_type);
+        if (r < 0)
+                return r;
+
+        if (nlmsg_type == RTM_NEWNEIGH)
+                (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_APPEND;
+
+        ndm = NLMSG_DATA((*ret)->hdr);
+
+        ndm->ndm_family = ndm_family;
+        ndm->ndm_ifindex = index;
+
+        return 0;
+}
+
+int sd_rtnl_message_link_set_flags(sd_netlink_message *m, unsigned flags, unsigned change) {
+        struct ifinfomsg *ifi;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(change, -EINVAL);
+
+        ifi = NLMSG_DATA(m->hdr);
+
+        ifi->ifi_flags = flags;
+        ifi->ifi_change = change;
+
+        return 0;
+}
+
+int sd_rtnl_message_link_set_type(sd_netlink_message *m, unsigned type) {
+        struct ifinfomsg *ifi;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
+
+        ifi = NLMSG_DATA(m->hdr);
+
+        ifi->ifi_type = type;
+
+        return 0;
+}
+
+int sd_rtnl_message_link_set_family(sd_netlink_message *m, unsigned family) {
+        struct ifinfomsg *ifi;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
+
+        ifi = NLMSG_DATA(m->hdr);
+
+        ifi->ifi_family = family;
+
+        return 0;
+}
+
+int sd_rtnl_message_new_link(sd_netlink *rtnl, sd_netlink_message **ret,
+                             uint16_t nlmsg_type, int index) {
+        struct ifinfomsg *ifi;
+        int r;
+
+        assert_return(rtnl_message_type_is_link(nlmsg_type), -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        r = message_new(rtnl, ret, nlmsg_type);
+        if (r < 0)
+                return r;
+
+        if (nlmsg_type == RTM_NEWLINK)
+                (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
+
+        ifi = NLMSG_DATA((*ret)->hdr);
+
+        ifi->ifi_family = AF_UNSPEC;
+        ifi->ifi_index = index;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_set_prefixlen(sd_netlink_message *m, unsigned char prefixlen) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        if ((ifa->ifa_family == AF_INET && prefixlen > 32) ||
+            (ifa->ifa_family == AF_INET6 && prefixlen > 128))
+                return -ERANGE;
+
+        ifa->ifa_prefixlen = prefixlen;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_set_flags(sd_netlink_message *m, unsigned char flags) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        ifa->ifa_flags = flags;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_set_scope(sd_netlink_message *m, unsigned char scope) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        ifa->ifa_scope = scope;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_get_family(sd_netlink_message *m, int *family) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(family, -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        *family = ifa->ifa_family;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_get_prefixlen(sd_netlink_message *m, unsigned char *prefixlen) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(prefixlen, -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        *prefixlen = ifa->ifa_prefixlen;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_get_scope(sd_netlink_message *m, unsigned char *scope) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(scope, -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        *scope = ifa->ifa_scope;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_get_flags(sd_netlink_message *m, unsigned char *flags) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(flags, -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        *flags = ifa->ifa_flags;
+
+        return 0;
+}
+
+int sd_rtnl_message_addr_get_ifindex(sd_netlink_message *m, int *ifindex) {
+        struct ifaddrmsg *ifa;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(ifindex, -EINVAL);
+
+        ifa = NLMSG_DATA(m->hdr);
+
+        *ifindex = ifa->ifa_index;
+
+        return 0;
+}
+
+int sd_rtnl_message_new_addr(sd_netlink *rtnl, sd_netlink_message **ret,
+                             uint16_t nlmsg_type, int index,
+                             int family) {
+        struct ifaddrmsg *ifa;
+        int r;
+
+        assert_return(rtnl_message_type_is_addr(nlmsg_type), -EINVAL);
+        assert_return((nlmsg_type == RTM_GETADDR && index == 0) ||
+                      index > 0, -EINVAL);
+        assert_return((nlmsg_type == RTM_GETADDR && family == AF_UNSPEC) ||
+                      family == AF_INET || family == AF_INET6, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        r = message_new(rtnl, ret, nlmsg_type);
+        if (r < 0)
+                return r;
+
+        if (nlmsg_type == RTM_GETADDR)
+                (*ret)->hdr->nlmsg_flags |= NLM_F_DUMP;
+
+        ifa = NLMSG_DATA((*ret)->hdr);
+
+        ifa->ifa_index = index;
+        ifa->ifa_family = family;
+        if (family == AF_INET)
+                ifa->ifa_prefixlen = 32;
+        else if (family == AF_INET6)
+                ifa->ifa_prefixlen = 128;
+
+        return 0;
+}
+
+int sd_rtnl_message_new_addr_update(sd_netlink *rtnl, sd_netlink_message **ret,
+                             int index, int family) {
+        int r;
+
+        r = sd_rtnl_message_new_addr(rtnl, ret, RTM_NEWADDR, index, family);
+        if (r < 0)
+                return r;
+
+        (*ret)->hdr->nlmsg_flags |= NLM_F_REPLACE;
+
+        return 0;
+}
+
+int sd_rtnl_message_link_get_ifindex(sd_netlink_message *m, int *ifindex) {
+        struct ifinfomsg *ifi;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(ifindex, -EINVAL);
+
+        ifi = NLMSG_DATA(m->hdr);
+
+        *ifindex = ifi->ifi_index;
+
+        return 0;
+}
+
+int sd_rtnl_message_link_get_flags(sd_netlink_message *m, unsigned *flags) {
+        struct ifinfomsg *ifi;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(flags, -EINVAL);
+
+        ifi = NLMSG_DATA(m->hdr);
+
+        *flags = ifi->ifi_flags;
+
+        return 0;
+}
+
+int sd_rtnl_message_link_get_type(sd_netlink_message *m, unsigned short *type) {
+        struct ifinfomsg *ifi;
+
+        assert_return(m, -EINVAL);
+        assert_return(m->hdr, -EINVAL);
+        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
+        assert_return(type, -EINVAL);
+
+        ifi = NLMSG_DATA(m->hdr);
+
+        *type = ifi->ifi_type;
+
+        return 0;
+}
+
+int sd_rtnl_message_get_family(sd_netlink_message *m, int *family) {
+        assert_return(m, -EINVAL);
+        assert_return(family, -EINVAL);
+
+        assert(m->hdr);
+
+        if (rtnl_message_type_is_link(m->hdr->nlmsg_type)) {
+                struct ifinfomsg *ifi;
+
+                ifi = NLMSG_DATA(m->hdr);
+
+                *family = ifi->ifi_family;
+
+                return 0;
+        } else if (rtnl_message_type_is_route(m->hdr->nlmsg_type)) {
+                struct rtmsg *rtm;
+
+                rtm = NLMSG_DATA(m->hdr);
+
+                *family = rtm->rtm_family;
+
+                return 0;
+        } else if (rtnl_message_type_is_neigh(m->hdr->nlmsg_type)) {
+                struct ndmsg *ndm;
+
+                ndm = NLMSG_DATA(m->hdr);
+
+                *family = ndm->ndm_family;
+
+                return 0;
+        } else if (rtnl_message_type_is_addr(m->hdr->nlmsg_type)) {
+                struct ifaddrmsg *ifa;
+
+                ifa = NLMSG_DATA(m->hdr);
+
+                *family = ifa->ifa_family;
+
+                return 0;
+        }
+
+        return -EOPNOTSUPP;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/sd-netlink.c b/src/libsystemd/libsystemd-internal/sd-netlink/sd-netlink.c
new file mode 100644
index 0000000000..3c7488463c
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/sd-netlink.c
@@ -0,0 +1,954 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <poll.h>
+#include <sys/socket.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "hashmap.h"
+#include "macro.h"
+#include "missing.h"
+#include "netlink-internal.h"
+#include "netlink-util.h"
+#include "socket-util.h"
+#include "util.h"
+
+static int sd_netlink_new(sd_netlink **ret) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+
+        assert_return(ret, -EINVAL);
+
+        rtnl = new0(sd_netlink, 1);
+        if (!rtnl)
+                return -ENOMEM;
+
+        rtnl->n_ref = REFCNT_INIT;
+        rtnl->fd = -1;
+        rtnl->sockaddr.nl.nl_family = AF_NETLINK;
+        rtnl->original_pid = getpid();
+
+        LIST_HEAD_INIT(rtnl->match_callbacks);
+
+        /* We guarantee that the read buffer has at least space for
+         * a message header */
+        if (!greedy_realloc((void**)&rtnl->rbuffer, &rtnl->rbuffer_allocated,
+                            sizeof(struct nlmsghdr), sizeof(uint8_t)))
+                return -ENOMEM;
+
+        /* Change notification responses have sequence 0, so we must
+         * start our request sequence numbers at 1, or we may confuse our
+         * responses with notifications from the kernel */
+        rtnl->serial = 1;
+
+        *ret = rtnl;
+        rtnl = NULL;
+
+        return 0;
+}
+
+int sd_netlink_new_from_netlink(sd_netlink **ret, int fd) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        socklen_t addrlen;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        r = sd_netlink_new(&rtnl);
+        if (r < 0)
+                return r;
+
+        addrlen = sizeof(rtnl->sockaddr);
+
+        r = getsockname(fd, &rtnl->sockaddr.sa, &addrlen);
+        if (r < 0)
+                return -errno;
+
+        if (rtnl->sockaddr.nl.nl_family != AF_NETLINK)
+                return -EINVAL;
+
+        rtnl->fd = fd;
+
+        *ret = rtnl;
+        rtnl = NULL;
+
+        return 0;
+}
+
+static bool rtnl_pid_changed(sd_netlink *rtnl) {
+        assert(rtnl);
+
+        /* We don't support people creating an rtnl connection and
+         * keeping it around over a fork(). Let's complain. */
+
+        return rtnl->original_pid != getpid();
+}
+
+int sd_netlink_open_fd(sd_netlink **ret, int fd) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return(fd >= 0, -EBADF);
+
+        r = sd_netlink_new(&rtnl);
+        if (r < 0)
+                return r;
+
+        rtnl->fd = fd;
+
+        r = socket_bind(rtnl);
+        if (r < 0) {
+                rtnl->fd = -1; /* on failure, the caller remains owner of the fd, hence don't close it here */
+                return r;
+        }
+
+        *ret = rtnl;
+        rtnl = NULL;
+
+        return 0;
+}
+
+int sd_netlink_open(sd_netlink **ret) {
+        _cleanup_close_ int fd = -1;
+        int r;
+
+        fd = socket_open(NETLINK_ROUTE);
+        if (fd < 0)
+                return fd;
+
+        r = sd_netlink_open_fd(ret, fd);
+        if (r < 0)
+                return r;
+
+        fd = -1;
+
+        return 0;
+}
+
+int sd_netlink_inc_rcvbuf(const sd_netlink *const rtnl, const int size) {
+        return fd_inc_rcvbuf(rtnl->fd, size);
+}
+
+sd_netlink *sd_netlink_ref(sd_netlink *rtnl) {
+        assert_return(rtnl, NULL);
+        assert_return(!rtnl_pid_changed(rtnl), NULL);
+
+        if (rtnl)
+                assert_se(REFCNT_INC(rtnl->n_ref) >= 2);
+
+        return rtnl;
+}
+
+sd_netlink *sd_netlink_unref(sd_netlink *rtnl) {
+        if (!rtnl)
+                return NULL;
+
+        assert_return(!rtnl_pid_changed(rtnl), NULL);
+
+        if (REFCNT_DEC(rtnl->n_ref) == 0) {
+                struct match_callback *f;
+                unsigned i;
+
+                for (i = 0; i < rtnl->rqueue_size; i++)
+                        sd_netlink_message_unref(rtnl->rqueue[i]);
+                free(rtnl->rqueue);
+
+                for (i = 0; i < rtnl->rqueue_partial_size; i++)
+                        sd_netlink_message_unref(rtnl->rqueue_partial[i]);
+                free(rtnl->rqueue_partial);
+
+                free(rtnl->rbuffer);
+
+                hashmap_free_free(rtnl->reply_callbacks);
+                prioq_free(rtnl->reply_callbacks_prioq);
+
+                sd_event_source_unref(rtnl->io_event_source);
+                sd_event_source_unref(rtnl->time_event_source);
+                sd_event_unref(rtnl->event);
+
+                while ((f = rtnl->match_callbacks)) {
+                        sd_netlink_remove_match(rtnl, f->type, f->callback, f->userdata);
+                }
+
+                hashmap_free(rtnl->broadcast_group_refs);
+
+                safe_close(rtnl->fd);
+                free(rtnl);
+        }
+
+        return NULL;
+}
+
+static void rtnl_seal_message(sd_netlink *rtnl, sd_netlink_message *m) {
+        assert(rtnl);
+        assert(!rtnl_pid_changed(rtnl));
+        assert(m);
+        assert(m->hdr);
+
+        /* don't use seq == 0, as that is used for broadcasts, so we
+           would get confused by replies to such messages */
+        m->hdr->nlmsg_seq = rtnl->serial++ ? : rtnl->serial++;
+
+        rtnl_message_seal(m);
+
+        return;
+}
+
+int sd_netlink_send(sd_netlink *nl,
+                 sd_netlink_message *message,
+                 uint32_t *serial) {
+        int r;
+
+        assert_return(nl, -EINVAL);
+        assert_return(!rtnl_pid_changed(nl), -ECHILD);
+        assert_return(message, -EINVAL);
+        assert_return(!message->sealed, -EPERM);
+
+        rtnl_seal_message(nl, message);
+
+        r = socket_write_message(nl, message);
+        if (r < 0)
+                return r;
+
+        if (serial)
+                *serial = rtnl_message_get_serial(message);
+
+        return 1;
+}
+
+int rtnl_rqueue_make_room(sd_netlink *rtnl) {
+        assert(rtnl);
+
+        if (rtnl->rqueue_size >= RTNL_RQUEUE_MAX) {
+                log_debug("rtnl: exhausted the read queue size (%d)", RTNL_RQUEUE_MAX);
+                return -ENOBUFS;
+        }
+
+        if (!GREEDY_REALLOC(rtnl->rqueue, rtnl->rqueue_allocated, rtnl->rqueue_size + 1))
+                return -ENOMEM;
+
+        return 0;
+}
+
+int rtnl_rqueue_partial_make_room(sd_netlink *rtnl) {
+        assert(rtnl);
+
+        if (rtnl->rqueue_partial_size >= RTNL_RQUEUE_MAX) {
+                log_debug("rtnl: exhausted the partial read queue size (%d)", RTNL_RQUEUE_MAX);
+                return -ENOBUFS;
+        }
+
+        if (!GREEDY_REALLOC(rtnl->rqueue_partial, rtnl->rqueue_partial_allocated,
+                            rtnl->rqueue_partial_size + 1))
+                return -ENOMEM;
+
+        return 0;
+}
+
+static int dispatch_rqueue(sd_netlink *rtnl, sd_netlink_message **message) {
+        int r;
+
+        assert(rtnl);
+        assert(message);
+
+        if (rtnl->rqueue_size <= 0) {
+                /* Try to read a new message */
+                r = socket_read_message(rtnl);
+                if (r <= 0)
+                        return r;
+        }
+
+        /* Dispatch a queued message */
+        *message = rtnl->rqueue[0];
+        rtnl->rqueue_size--;
+        memmove(rtnl->rqueue, rtnl->rqueue + 1, sizeof(sd_netlink_message*) * rtnl->rqueue_size);
+
+        return 1;
+}
+
+static int process_timeout(sd_netlink *rtnl) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        struct reply_callback *c;
+        usec_t n;
+        int r;
+
+        assert(rtnl);
+
+        c = prioq_peek(rtnl->reply_callbacks_prioq);
+        if (!c)
+                return 0;
+
+        n = now(CLOCK_MONOTONIC);
+        if (c->timeout > n)
+                return 0;
+
+        r = rtnl_message_new_synthetic_error(-ETIMEDOUT, c->serial, &m);
+        if (r < 0)
+                return r;
+
+        assert_se(prioq_pop(rtnl->reply_callbacks_prioq) == c);
+        hashmap_remove(rtnl->reply_callbacks, &c->serial);
+
+        r = c->callback(rtnl, m, c->userdata);
+        if (r < 0)
+                log_debug_errno(r, "sd-netlink: timedout callback failed: %m");
+
+        free(c);
+
+        return 1;
+}
+
+static int process_reply(sd_netlink *rtnl, sd_netlink_message *m) {
+        _cleanup_free_ struct reply_callback *c = NULL;
+        uint64_t serial;
+        uint16_t type;
+        int r;
+
+        assert(rtnl);
+        assert(m);
+
+        serial = rtnl_message_get_serial(m);
+        c = hashmap_remove(rtnl->reply_callbacks, &serial);
+        if (!c)
+                return 0;
+
+        if (c->timeout != 0)
+                prioq_remove(rtnl->reply_callbacks_prioq, c, &c->prioq_idx);
+
+        r = sd_netlink_message_get_type(m, &type);
+        if (r < 0)
+                return 0;
+
+        if (type == NLMSG_DONE)
+                m = NULL;
+
+        r = c->callback(rtnl, m, c->userdata);
+        if (r < 0)
+                log_debug_errno(r, "sd-netlink: callback failed: %m");
+
+        return 1;
+}
+
+static int process_match(sd_netlink *rtnl, sd_netlink_message *m) {
+        struct match_callback *c;
+        uint16_t type;
+        int r;
+
+        assert(rtnl);
+        assert(m);
+
+        r = sd_netlink_message_get_type(m, &type);
+        if (r < 0)
+                return r;
+
+        LIST_FOREACH(match_callbacks, c, rtnl->match_callbacks) {
+                if (type == c->type) {
+                        r = c->callback(rtnl, m, c->userdata);
+                        if (r != 0) {
+                                if (r < 0)
+                                        log_debug_errno(r, "sd-netlink: match callback failed: %m");
+
+                                break;
+                        }
+                }
+        }
+
+        return 1;
+}
+
+static int process_running(sd_netlink *rtnl, sd_netlink_message **ret) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        int r;
+
+        assert(rtnl);
+
+        r = process_timeout(rtnl);
+        if (r != 0)
+                goto null_message;
+
+        r = dispatch_rqueue(rtnl, &m);
+        if (r < 0)
+                return r;
+        if (!m)
+                goto null_message;
+
+        if (sd_netlink_message_is_broadcast(m)) {
+                r = process_match(rtnl, m);
+                if (r != 0)
+                        goto null_message;
+        } else {
+                r = process_reply(rtnl, m);
+                if (r != 0)
+                        goto null_message;
+        }
+
+        if (ret) {
+                *ret = m;
+                m = NULL;
+
+                return 1;
+        }
+
+        return 1;
+
+null_message:
+        if (r >= 0 && ret)
+                *ret = NULL;
+
+        return r;
+}
+
+int sd_netlink_process(sd_netlink *rtnl, sd_netlink_message **ret) {
+        NETLINK_DONT_DESTROY(rtnl);
+        int r;
+
+        assert_return(rtnl, -EINVAL);
+        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
+        assert_return(!rtnl->processing, -EBUSY);
+
+        rtnl->processing = true;
+        r = process_running(rtnl, ret);
+        rtnl->processing = false;
+
+        return r;
+}
+
+static usec_t calc_elapse(uint64_t usec) {
+        if (usec == (uint64_t) -1)
+                return 0;
+
+        if (usec == 0)
+                usec = RTNL_DEFAULT_TIMEOUT;
+
+        return now(CLOCK_MONOTONIC) + usec;
+}
+
+static int rtnl_poll(sd_netlink *rtnl, bool need_more, uint64_t timeout_usec) {
+        struct pollfd p[1] = {};
+        struct timespec ts;
+        usec_t m = USEC_INFINITY;
+        int r, e;
+
+        assert(rtnl);
+
+        e = sd_netlink_get_events(rtnl);
+        if (e < 0)
+                return e;
+
+        if (need_more)
+                /* Caller wants more data, and doesn't care about
+                 * what's been read or any other timeouts. */
+                e |= POLLIN;
+        else {
+                usec_t until;
+                /* Caller wants to process if there is something to
+                 * process, but doesn't care otherwise */
+
+                r = sd_netlink_get_timeout(rtnl, &until);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        usec_t nw;
+                        nw = now(CLOCK_MONOTONIC);
+                        m = until > nw ? until - nw : 0;
+                }
+        }
+
+        if (timeout_usec != (uint64_t) -1 && (m == (uint64_t) -1 || timeout_usec < m))
+                m = timeout_usec;
+
+        p[0].fd = rtnl->fd;
+        p[0].events = e;
+
+        r = ppoll(p, 1, m == (uint64_t) -1 ? NULL : timespec_store(&ts, m), NULL);
+        if (r < 0)
+                return -errno;
+
+        return r > 0 ? 1 : 0;
+}
+
+int sd_netlink_wait(sd_netlink *nl, uint64_t timeout_usec) {
+        assert_return(nl, -EINVAL);
+        assert_return(!rtnl_pid_changed(nl), -ECHILD);
+
+        if (nl->rqueue_size > 0)
+                return 0;
+
+        return rtnl_poll(nl, false, timeout_usec);
+}
+
+static int timeout_compare(const void *a, const void *b) {
+        const struct reply_callback *x = a, *y = b;
+
+        if (x->timeout != 0 && y->timeout == 0)
+                return -1;
+
+        if (x->timeout == 0 && y->timeout != 0)
+                return 1;
+
+        if (x->timeout < y->timeout)
+                return -1;
+
+        if (x->timeout > y->timeout)
+                return 1;
+
+        return 0;
+}
+
+int sd_netlink_call_async(sd_netlink *nl,
+                       sd_netlink_message *m,
+                       sd_netlink_message_handler_t callback,
+                       void *userdata,
+                       uint64_t usec,
+                       uint32_t *serial) {
+        struct reply_callback *c;
+        uint32_t s;
+        int r, k;
+
+        assert_return(nl, -EINVAL);
+        assert_return(m, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(!rtnl_pid_changed(nl), -ECHILD);
+
+        r = hashmap_ensure_allocated(&nl->reply_callbacks, &uint64_hash_ops);
+        if (r < 0)
+                return r;
+
+        if (usec != (uint64_t) -1) {
+                r = prioq_ensure_allocated(&nl->reply_callbacks_prioq, timeout_compare);
+                if (r < 0)
+                        return r;
+        }
+
+        c = new0(struct reply_callback, 1);
+        if (!c)
+                return -ENOMEM;
+
+        c->callback = callback;
+        c->userdata = userdata;
+        c->timeout = calc_elapse(usec);
+
+        k = sd_netlink_send(nl, m, &s);
+        if (k < 0) {
+                free(c);
+                return k;
+        }
+
+        c->serial = s;
+
+        r = hashmap_put(nl->reply_callbacks, &c->serial, c);
+        if (r < 0) {
+                free(c);
+                return r;
+        }
+
+        if (c->timeout != 0) {
+                r = prioq_put(nl->reply_callbacks_prioq, c, &c->prioq_idx);
+                if (r > 0) {
+                        c->timeout = 0;
+                        sd_netlink_call_async_cancel(nl, c->serial);
+                        return r;
+                }
+        }
+
+        if (serial)
+                *serial = s;
+
+        return k;
+}
+
+int sd_netlink_call_async_cancel(sd_netlink *nl, uint32_t serial) {
+        struct reply_callback *c;
+        uint64_t s = serial;
+
+        assert_return(nl, -EINVAL);
+        assert_return(serial != 0, -EINVAL);
+        assert_return(!rtnl_pid_changed(nl), -ECHILD);
+
+        c = hashmap_remove(nl->reply_callbacks, &s);
+        if (!c)
+                return 0;
+
+        if (c->timeout != 0)
+                prioq_remove(nl->reply_callbacks_prioq, c, &c->prioq_idx);
+
+        free(c);
+        return 1;
+}
+
+int sd_netlink_call(sd_netlink *rtnl,
+                sd_netlink_message *message,
+                uint64_t usec,
+                sd_netlink_message **ret) {
+        usec_t timeout;
+        uint32_t serial;
+        int r;
+
+        assert_return(rtnl, -EINVAL);
+        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
+        assert_return(message, -EINVAL);
+
+        r = sd_netlink_send(rtnl, message, &serial);
+        if (r < 0)
+                return r;
+
+        timeout = calc_elapse(usec);
+
+        for (;;) {
+                usec_t left;
+                unsigned i;
+
+                for (i = 0; i < rtnl->rqueue_size; i++) {
+                        uint32_t received_serial;
+
+                        received_serial = rtnl_message_get_serial(rtnl->rqueue[i]);
+
+                        if (received_serial == serial) {
+                                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *incoming = NULL;
+                                uint16_t type;
+
+                                incoming = rtnl->rqueue[i];
+
+                                /* found a match, remove from rqueue and return it */
+                                memmove(rtnl->rqueue + i,rtnl->rqueue + i + 1,
+                                        sizeof(sd_netlink_message*) * (rtnl->rqueue_size - i - 1));
+                                rtnl->rqueue_size--;
+
+                                r = sd_netlink_message_get_errno(incoming);
+                                if (r < 0)
+                                        return r;
+
+                                r = sd_netlink_message_get_type(incoming, &type);
+                                if (r < 0)
+                                        return r;
+
+                                if (type == NLMSG_DONE) {
+                                        *ret = NULL;
+                                        return 0;
+                                }
+
+                                if (ret) {
+                                        *ret = incoming;
+                                        incoming = NULL;
+                                }
+
+                                return 1;
+                        }
+                }
+
+                r = socket_read_message(rtnl);
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        /* received message, so try to process straight away */
+                        continue;
+
+                if (timeout > 0) {
+                        usec_t n;
+
+                        n = now(CLOCK_MONOTONIC);
+                        if (n >= timeout)
+                                return -ETIMEDOUT;
+
+                        left = timeout - n;
+                } else
+                        left = (uint64_t) -1;
+
+                r = rtnl_poll(rtnl, true, left);
+                if (r < 0)
+                        return r;
+                else if (r == 0)
+                        return -ETIMEDOUT;
+        }
+}
+
+int sd_netlink_get_events(sd_netlink *rtnl) {
+        assert_return(rtnl, -EINVAL);
+        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
+
+        if (rtnl->rqueue_size == 0)
+                return POLLIN;
+        else
+                return 0;
+}
+
+int sd_netlink_get_timeout(sd_netlink *rtnl, uint64_t *timeout_usec) {
+        struct reply_callback *c;
+
+        assert_return(rtnl, -EINVAL);
+        assert_return(timeout_usec, -EINVAL);
+        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
+
+        if (rtnl->rqueue_size > 0) {
+                *timeout_usec = 0;
+                return 1;
+        }
+
+        c = prioq_peek(rtnl->reply_callbacks_prioq);
+        if (!c) {
+                *timeout_usec = (uint64_t) -1;
+                return 0;
+        }
+
+        *timeout_usec = c->timeout;
+
+        return 1;
+}
+
+static int io_callback(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        sd_netlink *rtnl = userdata;
+        int r;
+
+        assert(rtnl);
+
+        r = sd_netlink_process(rtnl, NULL);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int time_callback(sd_event_source *s, uint64_t usec, void *userdata) {
+        sd_netlink *rtnl = userdata;
+        int r;
+
+        assert(rtnl);
+
+        r = sd_netlink_process(rtnl, NULL);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+static int prepare_callback(sd_event_source *s, void *userdata) {
+        sd_netlink *rtnl = userdata;
+        int r, e;
+        usec_t until;
+
+        assert(s);
+        assert(rtnl);
+
+        e = sd_netlink_get_events(rtnl);
+        if (e < 0)
+                return e;
+
+        r = sd_event_source_set_io_events(rtnl->io_event_source, e);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_get_timeout(rtnl, &until);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                int j;
+
+                j = sd_event_source_set_time(rtnl->time_event_source, until);
+                if (j < 0)
+                        return j;
+        }
+
+        r = sd_event_source_set_enabled(rtnl->time_event_source, r > 0);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+int sd_netlink_attach_event(sd_netlink *rtnl, sd_event *event, int64_t priority) {
+        int r;
+
+        assert_return(rtnl, -EINVAL);
+        assert_return(!rtnl->event, -EBUSY);
+
+        assert(!rtnl->io_event_source);
+        assert(!rtnl->time_event_source);
+
+        if (event)
+                rtnl->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&rtnl->event);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_event_add_io(rtnl->event, &rtnl->io_event_source, rtnl->fd, 0, io_callback, rtnl);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_priority(rtnl->io_event_source, priority);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_description(rtnl->io_event_source, "rtnl-receive-message");
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_prepare(rtnl->io_event_source, prepare_callback);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_add_time(rtnl->event, &rtnl->time_event_source, CLOCK_MONOTONIC, 0, 0, time_callback, rtnl);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_priority(rtnl->time_event_source, priority);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_description(rtnl->time_event_source, "rtnl-timer");
+        if (r < 0)
+                goto fail;
+
+        return 0;
+
+fail:
+        sd_netlink_detach_event(rtnl);
+        return r;
+}
+
+int sd_netlink_detach_event(sd_netlink *rtnl) {
+        assert_return(rtnl, -EINVAL);
+        assert_return(rtnl->event, -ENXIO);
+
+        rtnl->io_event_source = sd_event_source_unref(rtnl->io_event_source);
+
+        rtnl->time_event_source = sd_event_source_unref(rtnl->time_event_source);
+
+        rtnl->event = sd_event_unref(rtnl->event);
+
+        return 0;
+}
+
+int sd_netlink_add_match(sd_netlink *rtnl,
+                      uint16_t type,
+                      sd_netlink_message_handler_t callback,
+                      void *userdata) {
+        _cleanup_free_ struct match_callback *c = NULL;
+        int r;
+
+        assert_return(rtnl, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
+
+        c = new0(struct match_callback, 1);
+        if (!c)
+                return -ENOMEM;
+
+        c->callback = callback;
+        c->type = type;
+        c->userdata = userdata;
+
+        switch (type) {
+                case RTM_NEWLINK:
+                case RTM_DELLINK:
+                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_LINK);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                case RTM_NEWADDR:
+                case RTM_DELADDR:
+                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV4_IFADDR);
+                        if (r < 0)
+                                return r;
+
+                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV6_IFADDR);
+                        if (r < 0)
+                                return r;
+
+                        break;
+                case RTM_NEWROUTE:
+                case RTM_DELROUTE:
+                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV4_ROUTE);
+                        if (r < 0)
+                                return r;
+
+                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV6_ROUTE);
+                        if (r < 0)
+                                return r;
+                        break;
+                default:
+                        return -EOPNOTSUPP;
+        }
+
+        LIST_PREPEND(match_callbacks, rtnl->match_callbacks, c);
+
+        c = NULL;
+
+        return 0;
+}
+
+int sd_netlink_remove_match(sd_netlink *rtnl,
+                         uint16_t type,
+                         sd_netlink_message_handler_t callback,
+                         void *userdata) {
+        struct match_callback *c;
+        int r;
+
+        assert_return(rtnl, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
+
+        LIST_FOREACH(match_callbacks, c, rtnl->match_callbacks)
+                if (c->callback == callback && c->type == type && c->userdata == userdata) {
+                        LIST_REMOVE(match_callbacks, rtnl->match_callbacks, c);
+                        free(c);
+
+                        switch (type) {
+                                case RTM_NEWLINK:
+                                case RTM_DELLINK:
+                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_LINK);
+                                        if (r < 0)
+                                                return r;
+
+                                        break;
+                                case RTM_NEWADDR:
+                                case RTM_DELADDR:
+                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV4_IFADDR);
+                                        if (r < 0)
+                                                return r;
+
+                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV6_IFADDR);
+                                        if (r < 0)
+                                                return r;
+
+                                        break;
+                                case RTM_NEWROUTE:
+                                case RTM_DELROUTE:
+                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV4_ROUTE);
+                                        if (r < 0)
+                                                return r;
+
+                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV6_ROUTE);
+                                        if (r < 0)
+                                                return r;
+                                        break;
+                                default:
+                                        return -EOPNOTSUPP;
+                        }
+
+                        return 1;
+                }
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-netlink/test-netlink.c b/src/libsystemd/libsystemd-internal/sd-netlink/test-netlink.c
new file mode 100644
index 0000000000..aadd0f06a8
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-netlink/test-netlink.c
@@ -0,0 +1,440 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <net/if.h>
+#include <netinet/ether.h>
+
+#include <systemd/sd-netlink.h>
+
+#include "ether-addr-util.h"
+#include "macro.h"
+#include "missing.h"
+#include "netlink-util.h"
+#include "socket-util.h"
+#include "string-util.h"
+#include "util.h"
+
+static void test_message_link_bridge(sd_netlink *rtnl) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+        uint32_t cost;
+
+        assert_se(sd_rtnl_message_new_link(rtnl, &message, RTM_NEWLINK, 1) >= 0);
+        assert_se(sd_rtnl_message_link_set_family(message, PF_BRIDGE) >= 0);
+        assert_se(sd_netlink_message_open_container(message, IFLA_PROTINFO) >= 0);
+        assert_se(sd_netlink_message_append_u32(message, IFLA_BRPORT_COST, 10) >= 0);
+        assert_se(sd_netlink_message_close_container(message) >= 0);
+
+        assert_se(sd_netlink_message_rewind(message) >= 0);
+
+        assert_se(sd_netlink_message_enter_container(message, IFLA_PROTINFO) >= 0);
+        assert_se(sd_netlink_message_read_u32(message, IFLA_BRPORT_COST, &cost) >= 0);
+        assert_se(cost == 10);
+        assert_se(sd_netlink_message_exit_container(message) >= 0);
+}
+
+static void test_link_configure(sd_netlink *rtnl, int ifindex) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+        const char *mac = "98:fe:94:3f:c6:18", *name = "test";
+        char buffer[ETHER_ADDR_TO_STRING_MAX];
+        unsigned int mtu = 1450, mtu_out;
+        const char *name_out;
+        struct ether_addr mac_out;
+
+        /* we'd really like to test NEWLINK, but let's not mess with the running kernel */
+        assert_se(sd_rtnl_message_new_link(rtnl, &message, RTM_GETLINK, ifindex) >= 0);
+        assert_se(sd_netlink_message_append_string(message, IFLA_IFNAME, name) >= 0);
+        assert_se(sd_netlink_message_append_ether_addr(message, IFLA_ADDRESS, ether_aton(mac)) >= 0);
+        assert_se(sd_netlink_message_append_u32(message, IFLA_MTU, mtu) >= 0);
+
+        assert_se(sd_netlink_call(rtnl, message, 0, NULL) == 1);
+        assert_se(sd_netlink_message_rewind(message) >= 0);
+
+        assert_se(sd_netlink_message_read_string(message, IFLA_IFNAME, &name_out) >= 0);
+        assert_se(streq(name, name_out));
+
+        assert_se(sd_netlink_message_read_ether_addr(message, IFLA_ADDRESS, &mac_out) >= 0);
+        assert_se(streq(mac, ether_addr_to_string(&mac_out, buffer)));
+
+        assert_se(sd_netlink_message_read_u32(message, IFLA_MTU, &mtu_out) >= 0);
+        assert_se(mtu == mtu_out);
+}
+
+static void test_link_get(sd_netlink *rtnl, int ifindex) {
+        sd_netlink_message *m;
+        sd_netlink_message *r;
+        unsigned int mtu = 1500;
+        const char *str_data;
+        uint8_t u8_data;
+        uint32_t u32_data;
+        struct ether_addr eth_data;
+
+        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, ifindex) >= 0);
+        assert_se(m);
+
+        /* u8 test cases  */
+        assert_se(sd_netlink_message_append_u8(m, IFLA_CARRIER, 0) >= 0);
+        assert_se(sd_netlink_message_append_u8(m, IFLA_OPERSTATE, 0) >= 0);
+        assert_se(sd_netlink_message_append_u8(m, IFLA_LINKMODE, 0) >= 0);
+
+        /* u32 test cases */
+        assert_se(sd_netlink_message_append_u32(m, IFLA_MTU, mtu) >= 0);
+        assert_se(sd_netlink_message_append_u32(m, IFLA_GROUP, 0) >= 0);
+        assert_se(sd_netlink_message_append_u32(m, IFLA_TXQLEN, 0) >= 0);
+        assert_se(sd_netlink_message_append_u32(m, IFLA_NUM_TX_QUEUES, 0) >= 0);
+        assert_se(sd_netlink_message_append_u32(m, IFLA_NUM_RX_QUEUES, 0) >= 0);
+
+        assert_se(sd_netlink_call(rtnl, m, -1, &r) == 1);
+
+        assert_se(sd_netlink_message_read_string(r, IFLA_IFNAME, &str_data) == 0);
+
+        assert_se(sd_netlink_message_read_u8(r, IFLA_CARRIER, &u8_data) == 0);
+        assert_se(sd_netlink_message_read_u8(r, IFLA_OPERSTATE, &u8_data) == 0);
+        assert_se(sd_netlink_message_read_u8(r, IFLA_LINKMODE, &u8_data) == 0);
+
+        assert_se(sd_netlink_message_read_u32(r, IFLA_MTU, &u32_data) == 0);
+        assert_se(sd_netlink_message_read_u32(r, IFLA_GROUP, &u32_data) == 0);
+        assert_se(sd_netlink_message_read_u32(r, IFLA_TXQLEN, &u32_data) == 0);
+        assert_se(sd_netlink_message_read_u32(r, IFLA_NUM_TX_QUEUES, &u32_data) == 0);
+        assert_se(sd_netlink_message_read_u32(r, IFLA_NUM_RX_QUEUES, &u32_data) == 0);
+
+        assert_se(sd_netlink_message_read_ether_addr(r, IFLA_ADDRESS, &eth_data) == 0);
+
+        assert_se((m = sd_netlink_message_unref(m)) == NULL);
+        assert_se((r = sd_netlink_message_unref(r)) == NULL);
+}
+
+
+static void test_address_get(sd_netlink *rtnl, int ifindex) {
+        sd_netlink_message *m;
+        sd_netlink_message *r;
+        struct in_addr in_data;
+        struct ifa_cacheinfo cache;
+        const char *label;
+
+        assert_se(sd_rtnl_message_new_addr(rtnl, &m, RTM_GETADDR, ifindex, AF_INET) >= 0);
+        assert_se(m);
+
+        assert_se(sd_netlink_call(rtnl, m, -1, &r) == 1);
+
+        assert_se(sd_netlink_message_read_in_addr(r, IFA_LOCAL, &in_data) == 0);
+        assert_se(sd_netlink_message_read_in_addr(r, IFA_ADDRESS, &in_data) == 0);
+        assert_se(sd_netlink_message_read_string(r, IFA_LABEL, &label) == 0);
+        assert_se(sd_netlink_message_read_cache_info(r, IFA_CACHEINFO, &cache) == 0);
+
+        assert_se((m = sd_netlink_message_unref(m)) == NULL);
+        assert_se((r = sd_netlink_message_unref(r)) == NULL);
+
+}
+
+static void test_route(void) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req;
+        struct in_addr addr, addr_data;
+        uint32_t index = 2, u32_data;
+        int r;
+
+        r = sd_rtnl_message_new_route(NULL, &req, RTM_NEWROUTE, AF_INET, RTPROT_STATIC);
+        if (r < 0) {
+                log_error_errno(r, "Could not create RTM_NEWROUTE message: %m");
+                return;
+        }
+
+        addr.s_addr = htonl(INADDR_LOOPBACK);
+
+        r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &addr);
+        if (r < 0) {
+                log_error_errno(r, "Could not append RTA_GATEWAY attribute: %m");
+                return;
+        }
+
+        r = sd_netlink_message_append_u32(req, RTA_OIF, index);
+        if (r < 0) {
+                log_error_errno(r, "Could not append RTA_OIF attribute: %m");
+                return;
+        }
+
+        assert_se(sd_netlink_message_rewind(req) >= 0);
+
+        assert_se(sd_netlink_message_read_in_addr(req, RTA_GATEWAY, &addr_data) >= 0);
+        assert_se(addr_data.s_addr == addr.s_addr);
+
+        assert_se(sd_netlink_message_read_u32(req, RTA_OIF, &u32_data) >= 0);
+        assert_se(u32_data == index);
+
+        assert_se((req = sd_netlink_message_unref(req)) == NULL);
+}
+
+static void test_multiple(void) {
+        sd_netlink *rtnl1, *rtnl2;
+
+        assert_se(sd_netlink_open(&rtnl1) >= 0);
+        assert_se(sd_netlink_open(&rtnl2) >= 0);
+
+        rtnl1 = sd_netlink_unref(rtnl1);
+        rtnl2 = sd_netlink_unref(rtnl2);
+}
+
+static int link_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
+        char *ifname = userdata;
+        const char *data;
+
+        assert_se(rtnl);
+        assert_se(m);
+
+        log_info("got link info about %s", ifname);
+        free(ifname);
+
+        assert_se(sd_netlink_message_read_string(m, IFLA_IFNAME, &data) >= 0);
+        assert_se(streq(data, "lo"));
+
+        return 1;
+}
+
+static void test_event_loop(int ifindex) {
+        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        char *ifname;
+
+        ifname = strdup("lo2");
+        assert_se(ifname);
+
+        assert_se(sd_netlink_open(&rtnl) >= 0);
+        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, ifindex) >= 0);
+
+        assert_se(sd_netlink_call_async(rtnl, m, link_handler, ifname, 0, NULL) >= 0);
+
+        assert_se(sd_event_default(&event) >= 0);
+
+        assert_se(sd_netlink_attach_event(rtnl, event, 0) >= 0);
+
+        assert_se(sd_event_run(event, 0) >= 0);
+
+        assert_se(sd_netlink_detach_event(rtnl) >= 0);
+
+        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
+}
+
+static int pipe_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
+        int *counter = userdata;
+        int r;
+
+        (*counter)--;
+
+        r = sd_netlink_message_get_errno(m);
+
+        log_info_errno(r, "%d left in pipe. got reply: %m", *counter);
+
+        assert_se(r >= 0);
+
+        return 1;
+}
+
+static void test_async(int ifindex) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL, *r = NULL;
+        uint32_t serial;
+        char *ifname;
+
+        ifname = strdup("lo");
+        assert_se(ifname);
+
+        assert_se(sd_netlink_open(&rtnl) >= 0);
+
+        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, ifindex) >= 0);
+
+        assert_se(sd_netlink_call_async(rtnl, m, link_handler, ifname, 0, &serial) >= 0);
+
+        assert_se(sd_netlink_wait(rtnl, 0) >= 0);
+        assert_se(sd_netlink_process(rtnl, &r) >= 0);
+
+        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
+}
+
+static void test_pipe(int ifindex) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m1 = NULL, *m2 = NULL;
+        int counter = 0;
+
+        assert_se(sd_netlink_open(&rtnl) >= 0);
+
+        assert_se(sd_rtnl_message_new_link(rtnl, &m1, RTM_GETLINK, ifindex) >= 0);
+        assert_se(sd_rtnl_message_new_link(rtnl, &m2, RTM_GETLINK, ifindex) >= 0);
+
+        counter++;
+        assert_se(sd_netlink_call_async(rtnl, m1, pipe_handler, &counter, 0, NULL) >= 0);
+
+        counter++;
+        assert_se(sd_netlink_call_async(rtnl, m2, pipe_handler, &counter, 0, NULL) >= 0);
+
+        while (counter > 0) {
+                assert_se(sd_netlink_wait(rtnl, 0) >= 0);
+                assert_se(sd_netlink_process(rtnl, NULL) >= 0);
+        }
+
+        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
+}
+
+static void test_container(void) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        uint16_t u16_data;
+        uint32_t u32_data;
+        const char *string_data;
+
+        assert_se(sd_rtnl_message_new_link(NULL, &m, RTM_NEWLINK, 0) >= 0);
+
+        assert_se(sd_netlink_message_open_container(m, IFLA_LINKINFO) >= 0);
+        assert_se(sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "vlan") >= 0);
+        assert_se(sd_netlink_message_append_u16(m, IFLA_VLAN_ID, 100) >= 0);
+        assert_se(sd_netlink_message_close_container(m) >= 0);
+        assert_se(sd_netlink_message_append_string(m, IFLA_INFO_KIND, "vlan") >= 0);
+        assert_se(sd_netlink_message_close_container(m) >= 0);
+        assert_se(sd_netlink_message_close_container(m) == -EINVAL);
+
+        assert_se(sd_netlink_message_rewind(m) >= 0);
+
+        assert_se(sd_netlink_message_enter_container(m, IFLA_LINKINFO) >= 0);
+        assert_se(sd_netlink_message_read_string(m, IFLA_INFO_KIND, &string_data) >= 0);
+        assert_se(streq("vlan", string_data));
+
+        assert_se(sd_netlink_message_enter_container(m, IFLA_INFO_DATA) >= 0);
+        assert_se(sd_netlink_message_read_u16(m, IFLA_VLAN_ID, &u16_data) >= 0);
+        assert_se(sd_netlink_message_exit_container(m) >= 0);
+
+        assert_se(sd_netlink_message_read_string(m, IFLA_INFO_KIND, &string_data) >= 0);
+        assert_se(streq("vlan", string_data));
+        assert_se(sd_netlink_message_exit_container(m) >= 0);
+
+        assert_se(sd_netlink_message_read_u32(m, IFLA_LINKINFO, &u32_data) < 0);
+
+        assert_se(sd_netlink_message_exit_container(m) == -EINVAL);
+}
+
+static void test_match(void) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+
+        assert_se(sd_netlink_open(&rtnl) >= 0);
+
+        assert_se(sd_netlink_add_match(rtnl, RTM_NEWLINK, link_handler, NULL) >= 0);
+        assert_se(sd_netlink_add_match(rtnl, RTM_NEWLINK, link_handler, NULL) >= 0);
+
+        assert_se(sd_netlink_remove_match(rtnl, RTM_NEWLINK, link_handler, NULL) == 1);
+        assert_se(sd_netlink_remove_match(rtnl, RTM_NEWLINK, link_handler, NULL) == 1);
+        assert_se(sd_netlink_remove_match(rtnl, RTM_NEWLINK, link_handler, NULL) == 0);
+
+        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
+}
+
+static void test_get_addresses(sd_netlink *rtnl) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
+        sd_netlink_message *m;
+
+        assert_se(sd_rtnl_message_new_addr(rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC) >= 0);
+
+        assert_se(sd_netlink_call(rtnl, req, 0, &reply) >= 0);
+
+        for (m = reply; m; m = sd_netlink_message_next(m)) {
+                uint16_t type;
+                unsigned char scope, flags;
+                int family, ifindex;
+
+                assert_se(sd_netlink_message_get_type(m, &type) >= 0);
+                assert_se(type == RTM_NEWADDR);
+
+                assert_se(sd_rtnl_message_addr_get_ifindex(m, &ifindex) >= 0);
+                assert_se(sd_rtnl_message_addr_get_family(m, &family) >= 0);
+                assert_se(sd_rtnl_message_addr_get_scope(m, &scope) >= 0);
+                assert_se(sd_rtnl_message_addr_get_flags(m, &flags) >= 0);
+
+                assert_se(ifindex > 0);
+                assert_se(family == AF_INET || family == AF_INET6);
+
+                log_info("got IPv%u address on ifindex %i", family == AF_INET ? 4: 6, ifindex);
+        }
+}
+
+static void test_message(void) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+
+        assert_se(rtnl_message_new_synthetic_error(-ETIMEDOUT, 1, &m) >= 0);
+        assert_se(sd_netlink_message_get_errno(m) == -ETIMEDOUT);
+}
+
+int main(void) {
+        sd_netlink *rtnl;
+        sd_netlink_message *m;
+        sd_netlink_message *r;
+        const char *string_data;
+        int if_loopback;
+        uint16_t type;
+
+        test_message();
+
+        test_match();
+
+        test_multiple();
+
+        test_route();
+
+        test_container();
+
+        assert_se(sd_netlink_open(&rtnl) >= 0);
+        assert_se(rtnl);
+
+        if_loopback = (int) if_nametoindex("lo");
+        assert_se(if_loopback > 0);
+
+        test_async(if_loopback);
+
+        test_pipe(if_loopback);
+
+        test_event_loop(if_loopback);
+
+        test_link_configure(rtnl, if_loopback);
+
+        test_get_addresses(rtnl);
+
+        test_message_link_bridge(rtnl);
+
+        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, if_loopback) >= 0);
+        assert_se(m);
+
+        assert_se(sd_netlink_message_get_type(m, &type) >= 0);
+        assert_se(type == RTM_GETLINK);
+
+        assert_se(sd_netlink_message_read_string(m, IFLA_IFNAME, &string_data) == -EPERM);
+
+        assert_se(sd_netlink_call(rtnl, m, 0, &r) == 1);
+        assert_se(sd_netlink_message_get_type(r, &type) >= 0);
+        assert_se(type == RTM_NEWLINK);
+
+        assert_se((r = sd_netlink_message_unref(r)) == NULL);
+
+        assert_se(sd_netlink_call(rtnl, m, -1, &r) == -EPERM);
+        assert_se((m = sd_netlink_message_unref(m)) == NULL);
+        assert_se((r = sd_netlink_message_unref(r)) == NULL);
+
+        test_link_get(rtnl, if_loopback);
+        test_address_get(rtnl, if_loopback);
+
+        assert_se((m = sd_netlink_message_unref(m)) == NULL);
+        assert_se((r = sd_netlink_message_unref(r)) == NULL);
+        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
+
+        return EXIT_SUCCESS;
+}
diff --git a/src/libsystemd/sd-network/network-util.c b/src/libsystemd/libsystemd-internal/sd-network/network-util.c
index a0d9b5f1a4..a0d9b5f1a4 100644
--- a/src/libsystemd/sd-network/network-util.c
+++ b/src/libsystemd/libsystemd-internal/sd-network/network-util.c
diff --git a/src/libsystemd/libsystemd-internal/sd-network/network-util.h b/src/libsystemd/libsystemd-internal/sd-network/network-util.h
new file mode 100644
index 0000000000..8c4dbc68b1
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-network/network-util.h
@@ -0,0 +1,24 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Thomas Hindø Paabøl Andersen
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-network.h>
+
+bool network_is_online(void);
diff --git a/src/libsystemd/libsystemd-internal/sd-network/sd-network.c b/src/libsystemd/libsystemd-internal/sd-network/sd-network.c
new file mode 100644
index 0000000000..70083213f9
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-network/sd-network.c
@@ -0,0 +1,400 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+  Copyright 2014 Tom Gundersen
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <poll.h>
+#include <string.h>
+#include <sys/inotify.h>
+
+#include <systemd/sd-network.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "macro.h"
+#include "parse-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+_public_ int sd_network_get_operational_state(char **state) {
+        _cleanup_free_ char *s = NULL;
+        int r;
+
+        assert_return(state, -EINVAL);
+
+        r = parse_env_file("/run/systemd/netif/state", NEWLINE, "OPER_STATE", &s, NULL);
+        if (r == -ENOENT)
+                return -ENODATA;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -ENODATA;
+
+        *state = s;
+        s = NULL;
+
+        return 0;
+}
+
+static int network_get_strv(const char *key, char ***ret) {
+        _cleanup_strv_free_ char **a = NULL;
+        _cleanup_free_ char *s = NULL;
+        int r;
+
+        assert_return(ret, -EINVAL);
+
+        r = parse_env_file("/run/systemd/netif/state", NEWLINE, key, &s, NULL);
+        if (r == -ENOENT)
+                return -ENODATA;
+        if (r < 0)
+                return r;
+        if (isempty(s)) {
+                *ret = NULL;
+                return 0;
+        }
+
+        a = strv_split(s, " ");
+        if (!a)
+                return -ENOMEM;
+
+        strv_uniq(a);
+        r = strv_length(a);
+
+        *ret = a;
+        a = NULL;
+
+        return r;
+}
+
+_public_ int sd_network_get_dns(char ***ret) {
+        return network_get_strv("DNS", ret);
+}
+
+_public_ int sd_network_get_ntp(char ***ret) {
+        return network_get_strv("NTP", ret);
+}
+
+_public_ int sd_network_get_search_domains(char ***ret) {
+        return network_get_strv("DOMAINS", ret);
+}
+
+_public_ int sd_network_get_route_domains(char ***ret) {
+        return network_get_strv("ROUTE_DOMAINS", ret);
+}
+
+static int network_link_get_string(int ifindex, const char *field, char **ret) {
+        char path[strlen("/run/systemd/netif/links/") + DECIMAL_STR_MAX(ifindex) + 1];
+        _cleanup_free_ char *s = NULL;
+        int r;
+
+        assert_return(ifindex > 0, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        xsprintf(path, "/run/systemd/netif/links/%i", ifindex);
+
+        r = parse_env_file(path, NEWLINE, field, &s, NULL);
+        if (r == -ENOENT)
+                return -ENODATA;
+        if (r < 0)
+                return r;
+        if (isempty(s))
+                return -ENODATA;
+
+        *ret = s;
+        s = NULL;
+
+        return 0;
+}
+
+static int network_link_get_strv(int ifindex, const char *key, char ***ret) {
+        char path[strlen("/run/systemd/netif/links/") + DECIMAL_STR_MAX(ifindex) + 1];
+        _cleanup_strv_free_ char **a = NULL;
+        _cleanup_free_ char *s = NULL;
+        int r;
+
+        assert_return(ifindex > 0, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        xsprintf(path, "/run/systemd/netif/links/%i", ifindex);
+        r = parse_env_file(path, NEWLINE, key, &s, NULL);
+        if (r == -ENOENT)
+                return -ENODATA;
+        if (r < 0)
+                return r;
+        if (isempty(s)) {
+                *ret = NULL;
+                return 0;
+        }
+
+        a = strv_split(s, " ");
+        if (!a)
+                return -ENOMEM;
+
+        strv_uniq(a);
+        r = strv_length(a);
+
+        *ret = a;
+        a = NULL;
+
+        return r;
+}
+
+_public_ int sd_network_link_get_setup_state(int ifindex, char **state) {
+        return network_link_get_string(ifindex, "ADMIN_STATE", state);
+}
+
+_public_ int sd_network_link_get_network_file(int ifindex, char **filename) {
+        return network_link_get_string(ifindex, "NETWORK_FILE", filename);
+}
+
+_public_ int sd_network_link_get_operational_state(int ifindex, char **state) {
+        return network_link_get_string(ifindex, "OPER_STATE", state);
+}
+
+_public_ int sd_network_link_get_llmnr(int ifindex, char **llmnr) {
+        return network_link_get_string(ifindex, "LLMNR", llmnr);
+}
+
+_public_ int sd_network_link_get_mdns(int ifindex, char **mdns) {
+        return network_link_get_string(ifindex, "MDNS", mdns);
+}
+
+_public_ int sd_network_link_get_dnssec(int ifindex, char **dnssec) {
+        return network_link_get_string(ifindex, "DNSSEC", dnssec);
+}
+
+_public_ int sd_network_link_get_dnssec_negative_trust_anchors(int ifindex, char ***nta) {
+        return network_link_get_strv(ifindex, "DNSSEC_NTA", nta);
+}
+
+_public_ int sd_network_link_get_timezone(int ifindex, char **ret) {
+        return network_link_get_string(ifindex, "TIMEZONE", ret);
+}
+
+_public_ int sd_network_link_get_dns(int ifindex, char ***ret) {
+        return network_link_get_strv(ifindex, "DNS", ret);
+}
+
+_public_ int sd_network_link_get_ntp(int ifindex, char ***ret) {
+        return network_link_get_strv(ifindex, "NTP", ret);
+}
+
+_public_ int sd_network_link_get_search_domains(int ifindex, char ***ret) {
+        return network_link_get_strv(ifindex, "DOMAINS", ret);
+}
+
+_public_ int sd_network_link_get_route_domains(int ifindex, char ***ret) {
+        return network_link_get_strv(ifindex, "ROUTE_DOMAINS", ret);
+}
+
+static int network_link_get_ifindexes(int ifindex, const char *key, int **ret) {
+        char path[strlen("/run/systemd/netif/links/") + DECIMAL_STR_MAX(ifindex) + 1];
+        _cleanup_free_ int *ifis = NULL;
+        _cleanup_free_ char *s = NULL;
+        size_t allocated = 0, c = 0;
+        const char *x;
+        int r;
+
+        assert_return(ifindex > 0, -EINVAL);
+        assert_return(ret, -EINVAL);
+
+        xsprintf(path, "/run/systemd/netif/links/%i", ifindex);
+        r = parse_env_file(path, NEWLINE, key, &s, NULL);
+        if (r == -ENOENT)
+                return -ENODATA;
+        if (r < 0)
+                return r;
+        if (isempty(s)) {
+                *ret = NULL;
+                return 0;
+        }
+
+        x = s;
+        for (;;) {
+                _cleanup_free_ char *word = NULL;
+
+                r = extract_first_word(&x, &word, NULL, 0);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                r = parse_ifindex(word, &ifindex);
+                if (r < 0)
+                        return r;
+
+                if (!GREEDY_REALLOC(ifis, allocated, c + 1))
+                        return -ENOMEM;
+
+                ifis[c++] = ifindex;
+        }
+
+        if (!GREEDY_REALLOC(ifis, allocated, c + 1))
+                return -ENOMEM;
+        ifis[c] = 0; /* Let's add a 0 ifindex to the end, to be nice*/
+
+        *ret = ifis;
+        ifis = NULL;
+
+        return c;
+}
+
+_public_ int sd_network_link_get_carrier_bound_to(int ifindex, int **ret) {
+        return network_link_get_ifindexes(ifindex, "CARRIER_BOUND_TO", ret);
+}
+
+_public_ int sd_network_link_get_carrier_bound_by(int ifindex, int **ret) {
+        return network_link_get_ifindexes(ifindex, "CARRIER_BOUND_BY", ret);
+}
+
+static inline int MONITOR_TO_FD(sd_network_monitor *m) {
+        return (int) (unsigned long) m - 1;
+}
+
+static inline sd_network_monitor* FD_TO_MONITOR(int fd) {
+        return (sd_network_monitor*) (unsigned long) (fd + 1);
+}
+
+static int monitor_add_inotify_watch(int fd) {
+        int k;
+
+        k = inotify_add_watch(fd, "/run/systemd/netif/links/", IN_MOVED_TO|IN_DELETE);
+        if (k >= 0)
+                return 0;
+        else if (errno != ENOENT)
+                return -errno;
+
+        k = inotify_add_watch(fd, "/run/systemd/netif/", IN_CREATE|IN_ISDIR);
+        if (k >= 0)
+                return 0;
+        else if (errno != ENOENT)
+                return -errno;
+
+        k = inotify_add_watch(fd, "/run/systemd/", IN_CREATE|IN_ISDIR);
+        if (k < 0)
+                return -errno;
+
+        return 0;
+}
+
+_public_ int sd_network_monitor_new(sd_network_monitor **m, const char *category) {
+        _cleanup_close_ int fd = -1;
+        int k;
+        bool good = false;
+
+        assert_return(m, -EINVAL);
+
+        fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        if (!category || streq(category, "links")) {
+                k = monitor_add_inotify_watch(fd);
+                if (k < 0)
+                        return k;
+
+                good = true;
+        }
+
+        if (!good)
+                return -EINVAL;
+
+        *m = FD_TO_MONITOR(fd);
+        fd = -1;
+
+        return 0;
+}
+
+_public_ sd_network_monitor* sd_network_monitor_unref(sd_network_monitor *m) {
+        int fd;
+
+        if (m) {
+                fd = MONITOR_TO_FD(m);
+                close_nointr(fd);
+        }
+
+        return NULL;
+}
+
+_public_ int sd_network_monitor_flush(sd_network_monitor *m) {
+        union inotify_event_buffer buffer;
+        struct inotify_event *e;
+        ssize_t l;
+        int fd, k;
+
+        assert_return(m, -EINVAL);
+
+        fd = MONITOR_TO_FD(m);
+
+        l = read(fd, &buffer, sizeof(buffer));
+        if (l < 0) {
+                if (errno == EAGAIN || errno == EINTR)
+                        return 0;
+
+                return -errno;
+        }
+
+        FOREACH_INOTIFY_EVENT(e, buffer, l) {
+                if (e->mask & IN_ISDIR) {
+                        k = monitor_add_inotify_watch(fd);
+                        if (k < 0)
+                                return k;
+
+                        k = inotify_rm_watch(fd, e->wd);
+                        if (k < 0)
+                                return -errno;
+                }
+        }
+
+        return 0;
+}
+
+_public_ int sd_network_monitor_get_fd(sd_network_monitor *m) {
+
+        assert_return(m, -EINVAL);
+
+        return MONITOR_TO_FD(m);
+}
+
+_public_ int sd_network_monitor_get_events(sd_network_monitor *m) {
+
+        assert_return(m, -EINVAL);
+
+        /* For now we will only return POLLIN here, since we don't
+         * need anything else ever for inotify.  However, let's have
+         * this API to keep our options open should we later on need
+         * it. */
+        return POLLIN;
+}
+
+_public_ int sd_network_monitor_get_timeout(sd_network_monitor *m, uint64_t *timeout_usec) {
+
+        assert_return(m, -EINVAL);
+        assert_return(timeout_usec, -EINVAL);
+
+        /* For now we will only return (uint64_t) -1, since we don't
+         * need any timeout. However, let's have this API to keep our
+         * options open should we later on need it. */
+        *timeout_usec = (uint64_t) -1;
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-path/sd-path.c b/src/libsystemd/libsystemd-internal/sd-path/sd-path.c
new file mode 100644
index 0000000000..6d9f3e2a61
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-path/sd-path.c
@@ -0,0 +1,638 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-path.h>
+
+#include "alloc-util.h"
+#include "architecture.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "missing.h"
+#include "path-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "user-util.h"
+#include "util.h"
+
+static int from_environment(const char *envname, const char *fallback, const char **ret) {
+        assert(ret);
+
+        if (envname) {
+                const char *e;
+
+                e = secure_getenv(envname);
+                if (e && path_is_absolute(e)) {
+                        *ret = e;
+                        return 0;
+                }
+        }
+
+        if (fallback) {
+                *ret = fallback;
+                return 0;
+        }
+
+        return -ENXIO;
+}
+
+static int from_home_dir(const char *envname, const char *suffix, char **buffer, const char **ret) {
+        _cleanup_free_ char *h = NULL;
+        char *cc = NULL;
+        int r;
+
+        assert(suffix);
+        assert(buffer);
+        assert(ret);
+
+        if (envname) {
+                const char *e = NULL;
+
+                e = secure_getenv(envname);
+                if (e && path_is_absolute(e)) {
+                        *ret = e;
+                        return 0;
+                }
+        }
+
+        r = get_home_dir(&h);
+        if (r < 0)
+                return r;
+
+        if (endswith(h, "/"))
+                cc = strappend(h, suffix);
+        else
+                cc = strjoin(h, "/", suffix, NULL);
+        if (!cc)
+                return -ENOMEM;
+
+        *buffer = cc;
+        *ret = cc;
+        return 0;
+}
+
+static int from_user_dir(const char *field, char **buffer, const char **ret) {
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_free_ char *b = NULL;
+        _cleanup_free_ const char *fn = NULL;
+        const char *c = NULL;
+        char line[LINE_MAX];
+        size_t n;
+        int r;
+
+        assert(field);
+        assert(buffer);
+        assert(ret);
+
+        r = from_home_dir("XDG_CONFIG_HOME", ".config", &b, &c);
+        if (r < 0)
+                return r;
+
+        fn = strappend(c, "/user-dirs.dirs");
+        if (!fn)
+                return -ENOMEM;
+
+        f = fopen(fn, "re");
+        if (!f) {
+                if (errno == ENOENT)
+                        goto fallback;
+
+                return -errno;
+        }
+
+        /* This is an awful parse, but it follows closely what
+         * xdg-user-dirs does upstream */
+
+        n = strlen(field);
+        FOREACH_LINE(line, f, return -errno) {
+                char *l, *p, *e;
+
+                l = strstrip(line);
+
+                if (!strneq(l, field, n))
+                        continue;
+
+                p = l + n;
+                p += strspn(p, WHITESPACE);
+
+                if (*p != '=')
+                        continue;
+                p++;
+
+                p += strspn(p, WHITESPACE);
+
+                if (*p != '"')
+                        continue;
+                p++;
+
+                e = strrchr(p, '"');
+                if (!e)
+                        continue;
+                *e = 0;
+
+                /* Three syntaxes permitted: relative to $HOME, $HOME itself, and absolute path */
+                if (startswith(p, "$HOME/")) {
+                        _cleanup_free_ char *h = NULL;
+                        char *cc;
+
+                        r = get_home_dir(&h);
+                        if (r < 0)
+                                return r;
+
+                        cc = strappend(h, p+5);
+                        if (!cc)
+                                return -ENOMEM;
+
+                        *buffer = cc;
+                        *ret = cc;
+                        return 0;
+                } else if (streq(p, "$HOME")) {
+
+                        r = get_home_dir(buffer);
+                        if (r < 0)
+                                return r;
+
+                        *ret = *buffer;
+                        return 0;
+                } else if (path_is_absolute(p)) {
+                        char *copy;
+
+                        copy = strdup(p);
+                        if (!copy)
+                                return -ENOMEM;
+
+                        *buffer = copy;
+                        *ret = copy;
+                        return 0;
+                }
+        }
+
+fallback:
+        /* The desktop directory defaults to $HOME/Desktop, the others to $HOME */
+        if (streq(field, "XDG_DESKTOP_DIR")) {
+                _cleanup_free_ char *h = NULL;
+                char *cc;
+
+                r = get_home_dir(&h);
+                if (r < 0)
+                        return r;
+
+                cc = strappend(h, "/Desktop");
+                if (!cc)
+                        return -ENOMEM;
+
+                *buffer = cc;
+                *ret = cc;
+        } else {
+
+                r = get_home_dir(buffer);
+                if (r < 0)
+                        return r;
+
+                *ret = *buffer;
+        }
+
+        return 0;
+}
+
+static int get_path(uint64_t type, char **buffer, const char **ret) {
+        int r;
+
+        assert(buffer);
+        assert(ret);
+
+        switch (type) {
+
+        case SD_PATH_TEMPORARY:
+                return from_environment("TMPDIR", "/tmp", ret);
+
+        case SD_PATH_TEMPORARY_LARGE:
+                return from_environment("TMPDIR", "/var/tmp", ret);
+
+        case SD_PATH_SYSTEM_BINARIES:
+                *ret = "/usr/bin";
+                return 0;
+
+        case SD_PATH_SYSTEM_INCLUDE:
+                *ret = "/usr/include";
+                return 0;
+
+        case SD_PATH_SYSTEM_LIBRARY_PRIVATE:
+                *ret = "/usr/lib";
+                return 0;
+
+        case SD_PATH_SYSTEM_LIBRARY_ARCH:
+                *ret = LIBDIR;
+                return 0;
+
+        case SD_PATH_SYSTEM_SHARED:
+                *ret = "/usr/share";
+                return 0;
+
+        case SD_PATH_SYSTEM_CONFIGURATION_FACTORY:
+                *ret = "/usr/share/factory/etc";
+                return 0;
+
+        case SD_PATH_SYSTEM_STATE_FACTORY:
+                *ret = "/usr/share/factory/var";
+                return 0;
+
+        case SD_PATH_SYSTEM_CONFIGURATION:
+                *ret = "/etc";
+                return 0;
+
+        case SD_PATH_SYSTEM_RUNTIME:
+                *ret = "/run";
+                return 0;
+
+        case SD_PATH_SYSTEM_RUNTIME_LOGS:
+                *ret = "/run/log";
+                return 0;
+
+        case SD_PATH_SYSTEM_STATE_PRIVATE:
+                *ret = "/var/lib";
+                return 0;
+
+        case SD_PATH_SYSTEM_STATE_LOGS:
+                *ret = "/var/log";
+                return 0;
+
+        case SD_PATH_SYSTEM_STATE_CACHE:
+                *ret = "/var/cache";
+                return 0;
+
+        case SD_PATH_SYSTEM_STATE_SPOOL:
+                *ret = "/var/spool";
+                return 0;
+
+        case SD_PATH_USER_BINARIES:
+                return from_home_dir(NULL, ".local/bin", buffer, ret);
+
+        case SD_PATH_USER_LIBRARY_PRIVATE:
+                return from_home_dir(NULL, ".local/lib", buffer, ret);
+
+        case SD_PATH_USER_LIBRARY_ARCH:
+                return from_home_dir(NULL, ".local/lib/" LIB_ARCH_TUPLE, buffer, ret);
+
+        case SD_PATH_USER_SHARED:
+                return from_home_dir("XDG_DATA_HOME", ".local/share", buffer, ret);
+
+        case SD_PATH_USER_CONFIGURATION:
+                return from_home_dir("XDG_CONFIG_HOME", ".config", buffer, ret);
+
+        case SD_PATH_USER_RUNTIME:
+                return from_environment("XDG_RUNTIME_DIR", NULL, ret);
+
+        case SD_PATH_USER_STATE_CACHE:
+                return from_home_dir("XDG_CACHE_HOME", ".cache", buffer, ret);
+
+        case SD_PATH_USER:
+                r = get_home_dir(buffer);
+                if (r < 0)
+                        return r;
+
+                *ret = *buffer;
+                return 0;
+
+        case SD_PATH_USER_DOCUMENTS:
+                return from_user_dir("XDG_DOCUMENTS_DIR", buffer, ret);
+
+        case SD_PATH_USER_MUSIC:
+                return from_user_dir("XDG_MUSIC_DIR", buffer, ret);
+
+        case SD_PATH_USER_PICTURES:
+                return from_user_dir("XDG_PICTURES_DIR", buffer, ret);
+
+        case SD_PATH_USER_VIDEOS:
+                return from_user_dir("XDG_VIDEOS_DIR", buffer, ret);
+
+        case SD_PATH_USER_DOWNLOAD:
+                return from_user_dir("XDG_DOWNLOAD_DIR", buffer, ret);
+
+        case SD_PATH_USER_PUBLIC:
+                return from_user_dir("XDG_PUBLICSHARE_DIR", buffer, ret);
+
+        case SD_PATH_USER_TEMPLATES:
+                return from_user_dir("XDG_TEMPLATES_DIR", buffer, ret);
+
+        case SD_PATH_USER_DESKTOP:
+                return from_user_dir("XDG_DESKTOP_DIR", buffer, ret);
+        }
+
+        return -EOPNOTSUPP;
+}
+
+_public_ int sd_path_home(uint64_t type, const char *suffix, char **path) {
+        char *buffer = NULL, *cc;
+        const char *ret;
+        int r;
+
+        assert_return(path, -EINVAL);
+
+        if (IN_SET(type,
+                   SD_PATH_SEARCH_BINARIES,
+                   SD_PATH_SEARCH_LIBRARY_PRIVATE,
+                   SD_PATH_SEARCH_LIBRARY_ARCH,
+                   SD_PATH_SEARCH_SHARED,
+                   SD_PATH_SEARCH_CONFIGURATION_FACTORY,
+                   SD_PATH_SEARCH_STATE_FACTORY,
+                   SD_PATH_SEARCH_CONFIGURATION)) {
+
+                _cleanup_strv_free_ char **l = NULL;
+
+                r = sd_path_search(type, suffix, &l);
+                if (r < 0)
+                        return r;
+
+                buffer = strv_join(l, ":");
+                if (!buffer)
+                        return -ENOMEM;
+
+                *path = buffer;
+                return 0;
+        }
+
+        r = get_path(type, &buffer, &ret);
+        if (r < 0)
+                return r;
+
+        if (!suffix) {
+                if (!buffer) {
+                        buffer = strdup(ret);
+                        if (!buffer)
+                                return -ENOMEM;
+                }
+
+                *path = buffer;
+                return 0;
+        }
+
+        suffix += strspn(suffix, "/");
+
+        if (endswith(ret, "/"))
+                cc = strappend(ret, suffix);
+        else
+                cc = strjoin(ret, "/", suffix, NULL);
+
+        free(buffer);
+
+        if (!cc)
+                return -ENOMEM;
+
+        *path = cc;
+        return 0;
+}
+
+static int search_from_environment(
+                char ***list,
+                const char *env_home,
+                const char *home_suffix,
+                const char *env_search,
+                bool env_search_sufficient,
+                const char *first, ...) {
+
+        const char *e;
+        char *h = NULL;
+        char **l = NULL;
+        int r;
+
+        assert(list);
+
+        if (env_search) {
+                e = secure_getenv(env_search);
+                if (e) {
+                        l = strv_split(e, ":");
+                        if (!l)
+                                return -ENOMEM;
+
+                        if (env_search_sufficient) {
+                                *list = l;
+                                return 0;
+                        }
+                }
+        }
+
+        if (!l && first) {
+                va_list ap;
+
+                va_start(ap, first);
+                l = strv_new_ap(first, ap);
+                va_end(ap);
+
+                if (!l)
+                        return -ENOMEM;
+        }
+
+        if (env_home) {
+                e = secure_getenv(env_home);
+                if (e && path_is_absolute(e)) {
+                        h = strdup(e);
+                        if (!h) {
+                                strv_free(l);
+                                return -ENOMEM;
+                        }
+                }
+        }
+
+        if (!h && home_suffix) {
+                e = secure_getenv("HOME");
+                if (e && path_is_absolute(e)) {
+                        if (endswith(e, "/"))
+                                h = strappend(e, home_suffix);
+                        else
+                                h = strjoin(e, "/", home_suffix, NULL);
+
+                        if (!h) {
+                                strv_free(l);
+                                return -ENOMEM;
+                        }
+                }
+        }
+
+        if (h) {
+                r = strv_consume_prepend(&l, h);
+                if (r < 0) {
+                        strv_free(l);
+                        return -ENOMEM;
+                }
+        }
+
+        *list = l;
+        return 0;
+}
+
+static int get_search(uint64_t type, char ***list) {
+
+        assert(list);
+
+        switch(type) {
+
+        case SD_PATH_SEARCH_BINARIES:
+                return search_from_environment(list,
+                                               NULL,
+                                               ".local/bin",
+                                               "PATH",
+                                               true,
+                                               "/usr/local/sbin",
+                                               "/usr/local/bin",
+                                               "/usr/sbin",
+                                               "/usr/bin",
+#ifdef HAVE_SPLIT_USR
+                                               "/sbin",
+                                               "/bin",
+#endif
+                                               NULL);
+
+        case SD_PATH_SEARCH_LIBRARY_PRIVATE:
+                return search_from_environment(list,
+                                               NULL,
+                                               ".local/lib",
+                                               NULL,
+                                               false,
+                                               "/usr/local/lib",
+                                               "/usr/lib",
+#ifdef HAVE_SPLIT_USR
+                                               "/lib",
+#endif
+                                               NULL);
+
+        case SD_PATH_SEARCH_LIBRARY_ARCH:
+                return search_from_environment(list,
+                                               NULL,
+                                               ".local/lib/" LIB_ARCH_TUPLE,
+                                               "LD_LIBRARY_PATH",
+                                               true,
+                                               LIBDIR,
+#ifdef HAVE_SPLIT_USR
+                                               ROOTLIBDIR,
+#endif
+                                               NULL);
+
+        case SD_PATH_SEARCH_SHARED:
+                return search_from_environment(list,
+                                               "XDG_DATA_HOME",
+                                               ".local/share",
+                                               "XDG_DATA_DIRS",
+                                               false,
+                                               "/usr/local/share",
+                                               "/usr/share",
+                                               NULL);
+
+        case SD_PATH_SEARCH_CONFIGURATION_FACTORY:
+                return search_from_environment(list,
+                                               NULL,
+                                               NULL,
+                                               NULL,
+                                               false,
+                                               "/usr/local/share/factory/etc",
+                                               "/usr/share/factory/etc",
+                                               NULL);
+
+        case SD_PATH_SEARCH_STATE_FACTORY:
+                return search_from_environment(list,
+                                               NULL,
+                                               NULL,
+                                               NULL,
+                                               false,
+                                               "/usr/local/share/factory/var",
+                                               "/usr/share/factory/var",
+                                               NULL);
+
+        case SD_PATH_SEARCH_CONFIGURATION:
+                return search_from_environment(list,
+                                               "XDG_CONFIG_HOME",
+                                               ".config",
+                                               "XDG_CONFIG_DIRS",
+                                               false,
+                                               "/etc",
+                                               NULL);
+        }
+
+        return -EOPNOTSUPP;
+}
+
+_public_ int sd_path_search(uint64_t type, const char *suffix, char ***paths) {
+        char **l, **i, **j, **n;
+        int r;
+
+        assert_return(paths, -EINVAL);
+
+        if (!IN_SET(type,
+                    SD_PATH_SEARCH_BINARIES,
+                    SD_PATH_SEARCH_LIBRARY_PRIVATE,
+                    SD_PATH_SEARCH_LIBRARY_ARCH,
+                    SD_PATH_SEARCH_SHARED,
+                    SD_PATH_SEARCH_CONFIGURATION_FACTORY,
+                    SD_PATH_SEARCH_STATE_FACTORY,
+                    SD_PATH_SEARCH_CONFIGURATION)) {
+
+                char *p;
+
+                r = sd_path_home(type, suffix, &p);
+                if (r < 0)
+                        return r;
+
+                l = new(char*, 2);
+                if (!l) {
+                        free(p);
+                        return -ENOMEM;
+                }
+
+                l[0] = p;
+                l[1] = NULL;
+
+                *paths = l;
+                return 0;
+        }
+
+        r = get_search(type, &l);
+        if (r < 0)
+                return r;
+
+        if (!suffix) {
+                *paths = l;
+                return 0;
+        }
+
+        n = new(char*, strv_length(l)+1);
+        if (!n) {
+                strv_free(l);
+                return -ENOMEM;
+        }
+
+        j = n;
+        STRV_FOREACH(i, l) {
+
+                if (endswith(*i, "/"))
+                        *j = strappend(*i, suffix);
+                else
+                        *j = strjoin(*i, "/", suffix, NULL);
+
+                if (!*j) {
+                        strv_free(l);
+                        strv_free(n);
+                        return -ENOMEM;
+                }
+
+                j++;
+        }
+
+        *j = NULL;
+        *paths = n;
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-resolve/sd-resolve.c b/src/libsystemd/libsystemd-internal/sd-resolve/sd-resolve.c
new file mode 100644
index 0000000000..6eacf2b69a
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-resolve/sd-resolve.c
@@ -0,0 +1,1245 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2005-2008 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <poll.h>
+#include <pthread.h>
+#include <resolv.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/prctl.h>
+#include <unistd.h>
+
+#include <systemd/sd-resolve.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "io-util.h"
+#include "list.h"
+#include "missing.h"
+#include "socket-util.h"
+#include "util.h"
+
+#define WORKERS_MIN 1U
+#define WORKERS_MAX 16U
+#define QUERIES_MAX 256U
+#define BUFSIZE 10240U
+
+typedef enum {
+        REQUEST_ADDRINFO,
+        RESPONSE_ADDRINFO,
+        REQUEST_NAMEINFO,
+        RESPONSE_NAMEINFO,
+        REQUEST_TERMINATE,
+        RESPONSE_DIED
+} QueryType;
+
+enum {
+        REQUEST_RECV_FD,
+        REQUEST_SEND_FD,
+        RESPONSE_RECV_FD,
+        RESPONSE_SEND_FD,
+        _FD_MAX
+};
+
+struct sd_resolve {
+        unsigned n_ref;
+
+        bool dead:1;
+        pid_t original_pid;
+
+        int fds[_FD_MAX];
+
+        pthread_t workers[WORKERS_MAX];
+        unsigned n_valid_workers;
+
+        unsigned current_id;
+        sd_resolve_query* query_array[QUERIES_MAX];
+        unsigned n_queries, n_done, n_outstanding;
+
+        sd_event_source *event_source;
+        sd_event *event;
+
+        sd_resolve_query *current;
+
+        sd_resolve **default_resolve_ptr;
+        pid_t tid;
+
+        LIST_HEAD(sd_resolve_query, queries);
+};
+
+struct sd_resolve_query {
+        unsigned n_ref;
+
+        sd_resolve *resolve;
+
+        QueryType type:4;
+        bool done:1;
+        bool floating:1;
+        unsigned id;
+
+        int ret;
+        int _errno;
+        int _h_errno;
+        struct addrinfo *addrinfo;
+        char *serv, *host;
+
+        union {
+                sd_resolve_getaddrinfo_handler_t getaddrinfo_handler;
+                sd_resolve_getnameinfo_handler_t getnameinfo_handler;
+        };
+
+        void *userdata;
+
+        LIST_FIELDS(sd_resolve_query, queries);
+};
+
+typedef struct RHeader {
+        QueryType type;
+        unsigned id;
+        size_t length;
+} RHeader;
+
+typedef struct AddrInfoRequest {
+        struct RHeader header;
+        bool hints_valid;
+        int ai_flags;
+        int ai_family;
+        int ai_socktype;
+        int ai_protocol;
+        size_t node_len, service_len;
+} AddrInfoRequest;
+
+typedef struct AddrInfoResponse {
+        struct RHeader header;
+        int ret;
+        int _errno;
+        int _h_errno;
+        /* followed by addrinfo_serialization[] */
+} AddrInfoResponse;
+
+typedef struct AddrInfoSerialization {
+        int ai_flags;
+        int ai_family;
+        int ai_socktype;
+        int ai_protocol;
+        size_t ai_addrlen;
+        size_t canonname_len;
+        /* Followed by ai_addr amd ai_canonname with variable lengths */
+} AddrInfoSerialization;
+
+typedef struct NameInfoRequest {
+        struct RHeader header;
+        int flags;
+        socklen_t sockaddr_len;
+        bool gethost:1, getserv:1;
+} NameInfoRequest;
+
+typedef struct NameInfoResponse {
+        struct RHeader header;
+        size_t hostlen, servlen;
+        int ret;
+        int _errno;
+        int _h_errno;
+} NameInfoResponse;
+
+typedef union Packet {
+        RHeader rheader;
+        AddrInfoRequest addrinfo_request;
+        AddrInfoResponse addrinfo_response;
+        NameInfoRequest nameinfo_request;
+        NameInfoResponse nameinfo_response;
+} Packet;
+
+static int getaddrinfo_done(sd_resolve_query* q);
+static int getnameinfo_done(sd_resolve_query *q);
+
+static void resolve_query_disconnect(sd_resolve_query *q);
+
+#define RESOLVE_DONT_DESTROY(resolve) \
+        _cleanup_(sd_resolve_unrefp) _unused_ sd_resolve *_dont_destroy_##resolve = sd_resolve_ref(resolve)
+
+static int send_died(int out_fd) {
+
+        RHeader rh = {
+                .type = RESPONSE_DIED,
+                .length = sizeof(RHeader),
+        };
+
+        assert(out_fd >= 0);
+
+        if (send(out_fd, &rh, rh.length, MSG_NOSIGNAL) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static void *serialize_addrinfo(void *p, const struct addrinfo *ai, size_t *length, size_t maxlength) {
+        AddrInfoSerialization s;
+        size_t cnl, l;
+
+        assert(p);
+        assert(ai);
+        assert(length);
+        assert(*length <= maxlength);
+
+        cnl = ai->ai_canonname ? strlen(ai->ai_canonname)+1 : 0;
+        l = sizeof(AddrInfoSerialization) + ai->ai_addrlen + cnl;
+
+        if (*length + l > maxlength)
+                return NULL;
+
+        s.ai_flags = ai->ai_flags;
+        s.ai_family = ai->ai_family;
+        s.ai_socktype = ai->ai_socktype;
+        s.ai_protocol = ai->ai_protocol;
+        s.ai_addrlen = ai->ai_addrlen;
+        s.canonname_len = cnl;
+
+        memcpy((uint8_t*) p, &s, sizeof(AddrInfoSerialization));
+        memcpy((uint8_t*) p + sizeof(AddrInfoSerialization), ai->ai_addr, ai->ai_addrlen);
+        memcpy_safe((char*) p + sizeof(AddrInfoSerialization) + ai->ai_addrlen,
+                    ai->ai_canonname, cnl);
+
+        *length += l;
+        return (uint8_t*) p + l;
+}
+
+static int send_addrinfo_reply(
+                int out_fd,
+                unsigned id,
+                int ret,
+                struct addrinfo *ai,
+                int _errno,
+                int _h_errno) {
+
+        AddrInfoResponse resp = {
+                .header.type = RESPONSE_ADDRINFO,
+                .header.id = id,
+                .header.length = sizeof(AddrInfoResponse),
+                .ret = ret,
+                ._errno = _errno,
+                ._h_errno = _h_errno,
+        };
+
+        struct msghdr mh = {};
+        struct iovec iov[2];
+        union {
+                AddrInfoSerialization ais;
+                uint8_t space[BUFSIZE];
+        } buffer;
+
+        assert(out_fd >= 0);
+
+        if (ret == 0 && ai) {
+                void *p = &buffer;
+                struct addrinfo *k;
+
+                for (k = ai; k; k = k->ai_next) {
+                        p = serialize_addrinfo(p, k, &resp.header.length, (uint8_t*) &buffer + BUFSIZE - (uint8_t*) p);
+                        if (!p) {
+                                freeaddrinfo(ai);
+                                return -ENOBUFS;
+                        }
+                }
+        }
+
+        if (ai)
+                freeaddrinfo(ai);
+
+        iov[0] = (struct iovec) { .iov_base = &resp, .iov_len = sizeof(AddrInfoResponse) };
+        iov[1] = (struct iovec) { .iov_base = &buffer, .iov_len = resp.header.length - sizeof(AddrInfoResponse) };
+
+        mh.msg_iov = iov;
+        mh.msg_iovlen = ELEMENTSOF(iov);
+
+        if (sendmsg(out_fd, &mh, MSG_NOSIGNAL) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int send_nameinfo_reply(
+                int out_fd,
+                unsigned id,
+                int ret,
+                const char *host,
+                const char *serv,
+                int _errno,
+                int _h_errno) {
+
+        NameInfoResponse resp = {
+                .header.type = RESPONSE_NAMEINFO,
+                .header.id = id,
+                .ret = ret,
+                ._errno = _errno,
+                ._h_errno = _h_errno,
+        };
+
+        struct msghdr mh = {};
+        struct iovec iov[3];
+        size_t hl, sl;
+
+        assert(out_fd >= 0);
+
+        sl = serv ? strlen(serv)+1 : 0;
+        hl = host ? strlen(host)+1 : 0;
+
+        resp.header.length = sizeof(NameInfoResponse) + hl + sl;
+        resp.hostlen = hl;
+        resp.servlen = sl;
+
+        iov[0] = (struct iovec) { .iov_base = &resp, .iov_len = sizeof(NameInfoResponse) };
+        iov[1] = (struct iovec) { .iov_base = (void*) host, .iov_len = hl };
+        iov[2] = (struct iovec) { .iov_base = (void*) serv, .iov_len = sl };
+
+        mh.msg_iov = iov;
+        mh.msg_iovlen = ELEMENTSOF(iov);
+
+        if (sendmsg(out_fd, &mh, MSG_NOSIGNAL) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int handle_request(int out_fd, const Packet *packet, size_t length) {
+        const RHeader *req;
+
+        assert(out_fd >= 0);
+        assert(packet);
+
+        req = &packet->rheader;
+
+        assert(length >= sizeof(RHeader));
+        assert(length == req->length);
+
+        switch (req->type) {
+
+        case REQUEST_ADDRINFO: {
+               const AddrInfoRequest *ai_req = &packet->addrinfo_request;
+               struct addrinfo hints = {}, *result = NULL;
+               const char *node, *service;
+               int ret;
+
+               assert(length >= sizeof(AddrInfoRequest));
+               assert(length == sizeof(AddrInfoRequest) + ai_req->node_len + ai_req->service_len);
+
+               hints.ai_flags = ai_req->ai_flags;
+               hints.ai_family = ai_req->ai_family;
+               hints.ai_socktype = ai_req->ai_socktype;
+               hints.ai_protocol = ai_req->ai_protocol;
+
+               node = ai_req->node_len ? (const char*) ai_req + sizeof(AddrInfoRequest) : NULL;
+               service = ai_req->service_len ? (const char*) ai_req + sizeof(AddrInfoRequest) + ai_req->node_len : NULL;
+
+               ret = getaddrinfo(
+                               node, service,
+                               ai_req->hints_valid ? &hints : NULL,
+                               &result);
+
+               /* send_addrinfo_reply() frees result */
+               return send_addrinfo_reply(out_fd, req->id, ret, result, errno, h_errno);
+        }
+
+        case REQUEST_NAMEINFO: {
+               const NameInfoRequest *ni_req = &packet->nameinfo_request;
+               char hostbuf[NI_MAXHOST], servbuf[NI_MAXSERV];
+               union sockaddr_union sa;
+               int ret;
+
+               assert(length >= sizeof(NameInfoRequest));
+               assert(length == sizeof(NameInfoRequest) + ni_req->sockaddr_len);
+               assert(sizeof(sa) >= ni_req->sockaddr_len);
+
+               memcpy(&sa, (const uint8_t *) ni_req + sizeof(NameInfoRequest), ni_req->sockaddr_len);
+
+               ret = getnameinfo(&sa.sa, ni_req->sockaddr_len,
+                               ni_req->gethost ? hostbuf : NULL, ni_req->gethost ? sizeof(hostbuf) : 0,
+                               ni_req->getserv ? servbuf : NULL, ni_req->getserv ? sizeof(servbuf) : 0,
+                               ni_req->flags);
+
+               return send_nameinfo_reply(out_fd, req->id, ret,
+                               ret == 0 && ni_req->gethost ? hostbuf : NULL,
+                               ret == 0 && ni_req->getserv ? servbuf : NULL,
+                               errno, h_errno);
+        }
+
+        case REQUEST_TERMINATE:
+                 /* Quit */
+                 return -ECONNRESET;
+
+        default:
+                assert_not_reached("Unknown request");
+        }
+
+        return 0;
+}
+
+static void* thread_worker(void *p) {
+        sd_resolve *resolve = p;
+        sigset_t fullset;
+
+        /* No signals in this thread please */
+        assert_se(sigfillset(&fullset) == 0);
+        assert_se(pthread_sigmask(SIG_BLOCK, &fullset, NULL) == 0);
+
+        /* Assign a pretty name to this thread */
+        (void) prctl(PR_SET_NAME, (unsigned long) "sd-resolve");
+
+        while (!resolve->dead) {
+                union {
+                        Packet packet;
+                        uint8_t space[BUFSIZE];
+                } buf;
+                ssize_t length;
+
+                length = recv(resolve->fds[REQUEST_RECV_FD], &buf, sizeof(buf), 0);
+                if (length < 0) {
+                        if (errno == EINTR)
+                                continue;
+
+                        break;
+                }
+                if (length == 0)
+                        break;
+
+                if (resolve->dead)
+                        break;
+
+                if (handle_request(resolve->fds[RESPONSE_SEND_FD], &buf.packet, (size_t) length) < 0)
+                        break;
+        }
+
+        send_died(resolve->fds[RESPONSE_SEND_FD]);
+
+        return NULL;
+}
+
+static int start_threads(sd_resolve *resolve, unsigned extra) {
+        unsigned n;
+        int r;
+
+        n = resolve->n_outstanding + extra;
+        n = CLAMP(n, WORKERS_MIN, WORKERS_MAX);
+
+        while (resolve->n_valid_workers < n) {
+
+                r = pthread_create(&resolve->workers[resolve->n_valid_workers], NULL, thread_worker, resolve);
+                if (r != 0)
+                        return -r;
+
+                resolve->n_valid_workers++;
+        }
+
+        return 0;
+}
+
+static bool resolve_pid_changed(sd_resolve *r) {
+        assert(r);
+
+        /* We don't support people creating a resolver and keeping it
+         * around after fork(). Let's complain. */
+
+        return r->original_pid != getpid();
+}
+
+_public_ int sd_resolve_new(sd_resolve **ret) {
+        sd_resolve *resolve = NULL;
+        int i, r;
+
+        assert_return(ret, -EINVAL);
+
+        resolve = new0(sd_resolve, 1);
+        if (!resolve)
+                return -ENOMEM;
+
+        resolve->n_ref = 1;
+        resolve->original_pid = getpid();
+
+        for (i = 0; i < _FD_MAX; i++)
+                resolve->fds[i] = -1;
+
+        r = socketpair(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + REQUEST_RECV_FD);
+        if (r < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        r = socketpair(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + RESPONSE_RECV_FD);
+        if (r < 0) {
+                r = -errno;
+                goto fail;
+        }
+
+        fd_inc_sndbuf(resolve->fds[REQUEST_SEND_FD], QUERIES_MAX * BUFSIZE);
+        fd_inc_rcvbuf(resolve->fds[REQUEST_RECV_FD], QUERIES_MAX * BUFSIZE);
+        fd_inc_sndbuf(resolve->fds[RESPONSE_SEND_FD], QUERIES_MAX * BUFSIZE);
+        fd_inc_rcvbuf(resolve->fds[RESPONSE_RECV_FD], QUERIES_MAX * BUFSIZE);
+
+        fd_nonblock(resolve->fds[RESPONSE_RECV_FD], true);
+
+        *ret = resolve;
+        return 0;
+
+fail:
+        sd_resolve_unref(resolve);
+        return r;
+}
+
+_public_ int sd_resolve_default(sd_resolve **ret) {
+
+        static thread_local sd_resolve *default_resolve = NULL;
+        sd_resolve *e = NULL;
+        int r;
+
+        if (!ret)
+                return !!default_resolve;
+
+        if (default_resolve) {
+                *ret = sd_resolve_ref(default_resolve);
+                return 0;
+        }
+
+        r = sd_resolve_new(&e);
+        if (r < 0)
+                return r;
+
+        e->default_resolve_ptr = &default_resolve;
+        e->tid = gettid();
+        default_resolve = e;
+
+        *ret = e;
+        return 1;
+}
+
+_public_ int sd_resolve_get_tid(sd_resolve *resolve, pid_t *tid) {
+        assert_return(resolve, -EINVAL);
+        assert_return(tid, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        if (resolve->tid != 0) {
+                *tid = resolve->tid;
+                return 0;
+        }
+
+        if (resolve->event)
+                return sd_event_get_tid(resolve->event, tid);
+
+        return -ENXIO;
+}
+
+static void resolve_free(sd_resolve *resolve) {
+        PROTECT_ERRNO;
+        sd_resolve_query *q;
+        unsigned i;
+
+        assert(resolve);
+
+        while ((q = resolve->queries)) {
+                assert(q->floating);
+                resolve_query_disconnect(q);
+                sd_resolve_query_unref(q);
+        }
+
+        if (resolve->default_resolve_ptr)
+                *(resolve->default_resolve_ptr) = NULL;
+
+        resolve->dead = true;
+
+        sd_resolve_detach_event(resolve);
+
+        if (resolve->fds[REQUEST_SEND_FD] >= 0) {
+
+                RHeader req = {
+                        .type = REQUEST_TERMINATE,
+                        .length = sizeof(req)
+                };
+
+                /* Send one termination packet for each worker */
+                for (i = 0; i < resolve->n_valid_workers; i++)
+                        (void) send(resolve->fds[REQUEST_SEND_FD], &req, req.length, MSG_NOSIGNAL);
+        }
+
+        /* Now terminate them and wait until they are gone.
+           If we get an error than most likely the thread already exited. */
+        for (i = 0; i < resolve->n_valid_workers; i++)
+                (void) pthread_join(resolve->workers[i], NULL);
+
+        /* Close all communication channels */
+        for (i = 0; i < _FD_MAX; i++)
+                safe_close(resolve->fds[i]);
+
+        free(resolve);
+}
+
+_public_ sd_resolve* sd_resolve_ref(sd_resolve *resolve) {
+        assert_return(resolve, NULL);
+
+        assert(resolve->n_ref >= 1);
+        resolve->n_ref++;
+
+        return resolve;
+}
+
+_public_ sd_resolve* sd_resolve_unref(sd_resolve *resolve) {
+
+        if (!resolve)
+                return NULL;
+
+        assert(resolve->n_ref >= 1);
+        resolve->n_ref--;
+
+        if (resolve->n_ref <= 0)
+                resolve_free(resolve);
+
+        return NULL;
+}
+
+_public_ int sd_resolve_get_fd(sd_resolve *resolve) {
+        assert_return(resolve, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        return resolve->fds[RESPONSE_RECV_FD];
+}
+
+_public_ int sd_resolve_get_events(sd_resolve *resolve) {
+        assert_return(resolve, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        return resolve->n_queries > resolve->n_done ? POLLIN : 0;
+}
+
+_public_ int sd_resolve_get_timeout(sd_resolve *resolve, uint64_t *usec) {
+        assert_return(resolve, -EINVAL);
+        assert_return(usec, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        *usec = (uint64_t) -1;
+        return 0;
+}
+
+static sd_resolve_query *lookup_query(sd_resolve *resolve, unsigned id) {
+        sd_resolve_query *q;
+
+        assert(resolve);
+
+        q = resolve->query_array[id % QUERIES_MAX];
+        if (q)
+                if (q->id == id)
+                        return q;
+
+        return NULL;
+}
+
+static int complete_query(sd_resolve *resolve, sd_resolve_query *q) {
+        int r;
+
+        assert(q);
+        assert(!q->done);
+        assert(q->resolve == resolve);
+
+        q->done = true;
+        resolve->n_done++;
+
+        resolve->current = sd_resolve_query_ref(q);
+
+        switch (q->type) {
+
+        case REQUEST_ADDRINFO:
+                r = getaddrinfo_done(q);
+                break;
+
+        case REQUEST_NAMEINFO:
+                r = getnameinfo_done(q);
+                break;
+
+        default:
+                assert_not_reached("Cannot complete unknown query type");
+        }
+
+        resolve->current = NULL;
+
+        if (q->floating) {
+                resolve_query_disconnect(q);
+                sd_resolve_query_unref(q);
+        }
+
+        sd_resolve_query_unref(q);
+
+        return r;
+}
+
+static int unserialize_addrinfo(const void **p, size_t *length, struct addrinfo **ret_ai) {
+        AddrInfoSerialization s;
+        size_t l;
+        struct addrinfo *ai;
+
+        assert(p);
+        assert(*p);
+        assert(ret_ai);
+        assert(length);
+
+        if (*length < sizeof(AddrInfoSerialization))
+                return -EBADMSG;
+
+        memcpy(&s, *p, sizeof(s));
+
+        l = sizeof(AddrInfoSerialization) + s.ai_addrlen + s.canonname_len;
+        if (*length < l)
+                return -EBADMSG;
+
+        ai = new0(struct addrinfo, 1);
+        if (!ai)
+                return -ENOMEM;
+
+        ai->ai_flags = s.ai_flags;
+        ai->ai_family = s.ai_family;
+        ai->ai_socktype = s.ai_socktype;
+        ai->ai_protocol = s.ai_protocol;
+        ai->ai_addrlen = s.ai_addrlen;
+
+        if (s.ai_addrlen > 0) {
+                ai->ai_addr = memdup((const uint8_t*) *p + sizeof(AddrInfoSerialization), s.ai_addrlen);
+                if (!ai->ai_addr) {
+                        free(ai);
+                        return -ENOMEM;
+                }
+        }
+
+        if (s.canonname_len > 0) {
+                ai->ai_canonname = memdup((const uint8_t*) *p + sizeof(AddrInfoSerialization) + s.ai_addrlen, s.canonname_len);
+                if (!ai->ai_canonname) {
+                        free(ai->ai_addr);
+                        free(ai);
+                        return -ENOMEM;
+                }
+        }
+
+        *length -= l;
+        *ret_ai = ai;
+        *p = ((const uint8_t*) *p) + l;
+
+        return 0;
+}
+
+static int handle_response(sd_resolve *resolve, const Packet *packet, size_t length) {
+        const RHeader *resp;
+        sd_resolve_query *q;
+        int r;
+
+        assert(resolve);
+
+        resp = &packet->rheader;
+        assert(resp);
+        assert(length >= sizeof(RHeader));
+        assert(length == resp->length);
+
+        if (resp->type == RESPONSE_DIED) {
+                resolve->dead = true;
+                return 0;
+        }
+
+        assert(resolve->n_outstanding > 0);
+        resolve->n_outstanding--;
+
+        q = lookup_query(resolve, resp->id);
+        if (!q)
+                return 0;
+
+        switch (resp->type) {
+
+        case RESPONSE_ADDRINFO: {
+                const AddrInfoResponse *ai_resp = &packet->addrinfo_response;
+                const void *p;
+                size_t l;
+                struct addrinfo *prev = NULL;
+
+                assert(length >= sizeof(AddrInfoResponse));
+                assert(q->type == REQUEST_ADDRINFO);
+
+                q->ret = ai_resp->ret;
+                q->_errno = ai_resp->_errno;
+                q->_h_errno = ai_resp->_h_errno;
+
+                l = length - sizeof(AddrInfoResponse);
+                p = (const uint8_t*) resp + sizeof(AddrInfoResponse);
+
+                while (l > 0 && p) {
+                        struct addrinfo *ai = NULL;
+
+                        r = unserialize_addrinfo(&p, &l, &ai);
+                        if (r < 0) {
+                                q->ret = EAI_SYSTEM;
+                                q->_errno = -r;
+                                q->_h_errno = 0;
+                                freeaddrinfo(q->addrinfo);
+                                q->addrinfo = NULL;
+                                break;
+                        }
+
+                        if (prev)
+                                prev->ai_next = ai;
+                        else
+                                q->addrinfo = ai;
+
+                        prev = ai;
+                }
+
+                return complete_query(resolve, q);
+        }
+
+        case RESPONSE_NAMEINFO: {
+                const NameInfoResponse *ni_resp = &packet->nameinfo_response;
+
+                assert(length >= sizeof(NameInfoResponse));
+                assert(q->type == REQUEST_NAMEINFO);
+
+                q->ret = ni_resp->ret;
+                q->_errno = ni_resp->_errno;
+                q->_h_errno = ni_resp->_h_errno;
+
+                if (ni_resp->hostlen > 0) {
+                        q->host = strndup((const char*) ni_resp + sizeof(NameInfoResponse), ni_resp->hostlen-1);
+                        if (!q->host) {
+                                q->ret = EAI_MEMORY;
+                                q->_errno = ENOMEM;
+                                q->_h_errno = 0;
+                        }
+                }
+
+                if (ni_resp->servlen > 0) {
+                        q->serv = strndup((const char*) ni_resp + sizeof(NameInfoResponse) + ni_resp->hostlen, ni_resp->servlen-1);
+                        if (!q->serv) {
+                                q->ret = EAI_MEMORY;
+                                q->_errno = ENOMEM;
+                                q->_h_errno = 0;
+                        }
+                }
+
+                return complete_query(resolve, q);
+        }
+
+        default:
+                return 0;
+        }
+}
+
+_public_ int sd_resolve_process(sd_resolve *resolve) {
+        RESOLVE_DONT_DESTROY(resolve);
+
+        union {
+                Packet packet;
+                uint8_t space[BUFSIZE];
+        } buf;
+        ssize_t l;
+        int r;
+
+        assert_return(resolve, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        /* We don't allow recursively invoking sd_resolve_process(). */
+        assert_return(!resolve->current, -EBUSY);
+
+        l = recv(resolve->fds[RESPONSE_RECV_FD], &buf, sizeof(buf), 0);
+        if (l < 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                return -errno;
+        }
+        if (l == 0)
+                return -ECONNREFUSED;
+
+        r = handle_response(resolve, &buf.packet, (size_t) l);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+_public_ int sd_resolve_wait(sd_resolve *resolve, uint64_t timeout_usec) {
+        int r;
+
+        assert_return(resolve, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        if (resolve->n_done >= resolve->n_queries)
+                return 0;
+
+        do {
+                r = fd_wait_for_event(resolve->fds[RESPONSE_RECV_FD], POLLIN, timeout_usec);
+        } while (r == -EINTR);
+
+        if (r < 0)
+                return r;
+
+        return sd_resolve_process(resolve);
+}
+
+static int alloc_query(sd_resolve *resolve, bool floating, sd_resolve_query **_q) {
+        sd_resolve_query *q;
+        int r;
+
+        assert(resolve);
+        assert(_q);
+
+        if (resolve->n_queries >= QUERIES_MAX)
+                return -ENOBUFS;
+
+        r = start_threads(resolve, 1);
+        if (r < 0)
+                return r;
+
+        while (resolve->query_array[resolve->current_id % QUERIES_MAX])
+                resolve->current_id++;
+
+        q = resolve->query_array[resolve->current_id % QUERIES_MAX] = new0(sd_resolve_query, 1);
+        if (!q)
+                return -ENOMEM;
+
+        q->n_ref = 1;
+        q->resolve = resolve;
+        q->floating = floating;
+        q->id = resolve->current_id++;
+
+        if (!floating)
+                sd_resolve_ref(resolve);
+
+        LIST_PREPEND(queries, resolve->queries, q);
+        resolve->n_queries++;
+
+        *_q = q;
+        return 0;
+}
+
+_public_ int sd_resolve_getaddrinfo(
+                sd_resolve *resolve,
+                sd_resolve_query **_q,
+                const char *node, const char *service,
+                const struct addrinfo *hints,
+                sd_resolve_getaddrinfo_handler_t callback, void *userdata) {
+
+        AddrInfoRequest req = {};
+        struct msghdr mh = {};
+        struct iovec iov[3];
+        sd_resolve_query *q;
+        int r;
+
+        assert_return(resolve, -EINVAL);
+        assert_return(node || service, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        r = alloc_query(resolve, !_q, &q);
+        if (r < 0)
+                return r;
+
+        q->type = REQUEST_ADDRINFO;
+        q->getaddrinfo_handler = callback;
+        q->userdata = userdata;
+
+        req.node_len = node ? strlen(node)+1 : 0;
+        req.service_len = service ? strlen(service)+1 : 0;
+
+        req.header.id = q->id;
+        req.header.type = REQUEST_ADDRINFO;
+        req.header.length = sizeof(AddrInfoRequest) + req.node_len + req.service_len;
+
+        if (hints) {
+                req.hints_valid = true;
+                req.ai_flags = hints->ai_flags;
+                req.ai_family = hints->ai_family;
+                req.ai_socktype = hints->ai_socktype;
+                req.ai_protocol = hints->ai_protocol;
+        }
+
+        iov[mh.msg_iovlen++] = (struct iovec) { .iov_base = &req, .iov_len = sizeof(AddrInfoRequest) };
+        if (node)
+                iov[mh.msg_iovlen++] = (struct iovec) { .iov_base = (void*) node, .iov_len = req.node_len };
+        if (service)
+                iov[mh.msg_iovlen++] = (struct iovec) { .iov_base = (void*) service, .iov_len = req.service_len };
+        mh.msg_iov = iov;
+
+        if (sendmsg(resolve->fds[REQUEST_SEND_FD], &mh, MSG_NOSIGNAL) < 0) {
+                sd_resolve_query_unref(q);
+                return -errno;
+        }
+
+        resolve->n_outstanding++;
+
+        if (_q)
+                *_q = q;
+
+        return 0;
+}
+
+static int getaddrinfo_done(sd_resolve_query* q) {
+        assert(q);
+        assert(q->done);
+        assert(q->getaddrinfo_handler);
+
+        errno = q->_errno;
+        h_errno = q->_h_errno;
+
+        return q->getaddrinfo_handler(q, q->ret, q->addrinfo, q->userdata);
+}
+
+_public_ int sd_resolve_getnameinfo(
+                sd_resolve *resolve,
+                sd_resolve_query**_q,
+                const struct sockaddr *sa, socklen_t salen,
+                int flags,
+                uint64_t get,
+                sd_resolve_getnameinfo_handler_t callback,
+                void *userdata) {
+
+        NameInfoRequest req = {};
+        struct msghdr mh = {};
+        struct iovec iov[2];
+        sd_resolve_query *q;
+        int r;
+
+        assert_return(resolve, -EINVAL);
+        assert_return(sa, -EINVAL);
+        assert_return(salen >= sizeof(struct sockaddr), -EINVAL);
+        assert_return(salen <= sizeof(union sockaddr_union), -EINVAL);
+        assert_return((get & ~SD_RESOLVE_GET_BOTH) == 0, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(!resolve_pid_changed(resolve), -ECHILD);
+
+        r = alloc_query(resolve, !_q, &q);
+        if (r < 0)
+                return r;
+
+        q->type = REQUEST_NAMEINFO;
+        q->getnameinfo_handler = callback;
+        q->userdata = userdata;
+
+        req.header.id = q->id;
+        req.header.type = REQUEST_NAMEINFO;
+        req.header.length = sizeof(NameInfoRequest) + salen;
+
+        req.flags = flags;
+        req.sockaddr_len = salen;
+        req.gethost = !!(get & SD_RESOLVE_GET_HOST);
+        req.getserv = !!(get & SD_RESOLVE_GET_SERVICE);
+
+        iov[0] = (struct iovec) { .iov_base = &req, .iov_len = sizeof(NameInfoRequest) };
+        iov[1] = (struct iovec) { .iov_base = (void*) sa, .iov_len = salen };
+
+        mh.msg_iov = iov;
+        mh.msg_iovlen = 2;
+
+        if (sendmsg(resolve->fds[REQUEST_SEND_FD], &mh, MSG_NOSIGNAL) < 0) {
+                sd_resolve_query_unref(q);
+                return -errno;
+        }
+
+        resolve->n_outstanding++;
+
+        if (_q)
+                *_q = q;
+
+        return 0;
+}
+
+static int getnameinfo_done(sd_resolve_query *q) {
+
+        assert(q);
+        assert(q->done);
+        assert(q->getnameinfo_handler);
+
+        errno = q->_errno;
+        h_errno= q->_h_errno;
+
+        return q->getnameinfo_handler(q, q->ret, q->host, q->serv, q->userdata);
+}
+
+_public_ sd_resolve_query* sd_resolve_query_ref(sd_resolve_query *q) {
+        assert_return(q, NULL);
+
+        assert(q->n_ref >= 1);
+        q->n_ref++;
+
+        return q;
+}
+
+static void resolve_freeaddrinfo(struct addrinfo *ai) {
+        while (ai) {
+                struct addrinfo *next = ai->ai_next;
+
+                free(ai->ai_addr);
+                free(ai->ai_canonname);
+                free(ai);
+                ai = next;
+        }
+}
+
+static void resolve_query_disconnect(sd_resolve_query *q) {
+        sd_resolve *resolve;
+        unsigned i;
+
+        assert(q);
+
+        if (!q->resolve)
+                return;
+
+        resolve = q->resolve;
+        assert(resolve->n_queries > 0);
+
+        if (q->done) {
+                assert(resolve->n_done > 0);
+                resolve->n_done--;
+        }
+
+        i = q->id % QUERIES_MAX;
+        assert(resolve->query_array[i] == q);
+        resolve->query_array[i] = NULL;
+        LIST_REMOVE(queries, resolve->queries, q);
+        resolve->n_queries--;
+
+        q->resolve = NULL;
+        if (!q->floating)
+                sd_resolve_unref(resolve);
+}
+
+static void resolve_query_free(sd_resolve_query *q) {
+        assert(q);
+
+        resolve_query_disconnect(q);
+
+        resolve_freeaddrinfo(q->addrinfo);
+        free(q->host);
+        free(q->serv);
+        free(q);
+}
+
+_public_ sd_resolve_query* sd_resolve_query_unref(sd_resolve_query* q) {
+        if (!q)
+                return NULL;
+
+        assert(q->n_ref >= 1);
+        q->n_ref--;
+
+        if (q->n_ref <= 0)
+                resolve_query_free(q);
+
+        return NULL;
+}
+
+_public_ int sd_resolve_query_is_done(sd_resolve_query *q) {
+        assert_return(q, -EINVAL);
+        assert_return(!resolve_pid_changed(q->resolve), -ECHILD);
+
+        return q->done;
+}
+
+_public_ void* sd_resolve_query_set_userdata(sd_resolve_query *q, void *userdata) {
+        void *ret;
+
+        assert_return(q, NULL);
+        assert_return(!resolve_pid_changed(q->resolve), NULL);
+
+        ret = q->userdata;
+        q->userdata = userdata;
+
+        return ret;
+}
+
+_public_ void* sd_resolve_query_get_userdata(sd_resolve_query *q) {
+        assert_return(q, NULL);
+        assert_return(!resolve_pid_changed(q->resolve), NULL);
+
+        return q->userdata;
+}
+
+_public_ sd_resolve *sd_resolve_query_get_resolve(sd_resolve_query *q) {
+        assert_return(q, NULL);
+        assert_return(!resolve_pid_changed(q->resolve), NULL);
+
+        return q->resolve;
+}
+
+static int io_callback(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        sd_resolve *resolve = userdata;
+        int r;
+
+        assert(resolve);
+
+        r = sd_resolve_process(resolve);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+_public_ int sd_resolve_attach_event(sd_resolve *resolve, sd_event *event, int64_t priority) {
+        int r;
+
+        assert_return(resolve, -EINVAL);
+        assert_return(!resolve->event, -EBUSY);
+
+        assert(!resolve->event_source);
+
+        if (event)
+                resolve->event = sd_event_ref(event);
+        else {
+                r = sd_event_default(&resolve->event);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_event_add_io(resolve->event, &resolve->event_source, resolve->fds[RESPONSE_RECV_FD], POLLIN, io_callback, resolve);
+        if (r < 0)
+                goto fail;
+
+        r = sd_event_source_set_priority(resolve->event_source, priority);
+        if (r < 0)
+                goto fail;
+
+        return 0;
+
+fail:
+        sd_resolve_detach_event(resolve);
+        return r;
+}
+
+_public_  int sd_resolve_detach_event(sd_resolve *resolve) {
+        assert_return(resolve, -EINVAL);
+
+        if (!resolve->event)
+                return 0;
+
+        if (resolve->event_source) {
+                sd_event_source_set_enabled(resolve->event_source, SD_EVENT_OFF);
+                resolve->event_source = sd_event_source_unref(resolve->event_source);
+        }
+
+        resolve->event = sd_event_unref(resolve->event);
+        return 1;
+}
+
+_public_ sd_event *sd_resolve_get_event(sd_resolve *resolve) {
+        assert_return(resolve, NULL);
+
+        return resolve->event;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-resolve/test-resolve.c b/src/libsystemd/libsystemd-internal/sd-resolve/test-resolve.c
new file mode 100644
index 0000000000..0209cc77e7
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-resolve/test-resolve.c
@@ -0,0 +1,114 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2005-2008 Lennart Poettering
+  Copyright 2014 Daniel Buch
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <arpa/inet.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <resolv.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/socket.h>
+
+#include <systemd/sd-resolve.h>
+
+#include "alloc-util.h"
+#include "macro.h"
+#include "socket-util.h"
+#include "string-util.h"
+
+static int getaddrinfo_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
+        const struct addrinfo *i;
+
+        assert_se(q);
+
+        if (ret != 0) {
+                log_error("getaddrinfo error: %s %i", gai_strerror(ret), ret);
+                return 0;
+        }
+
+        for (i = ai; i; i = i->ai_next) {
+                _cleanup_free_ char *addr = NULL;
+
+                assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, true, &addr) == 0);
+                puts(addr);
+        }
+
+        printf("canonical name: %s\n", strna(ai->ai_canonname));
+
+        return 0;
+}
+
+static int getnameinfo_handler(sd_resolve_query *q, int ret, const char *host, const char *serv, void *userdata) {
+        assert_se(q);
+
+        if (ret != 0) {
+                log_error("getnameinfo error: %s %i", gai_strerror(ret), ret);
+                return 0;
+        }
+
+        printf("Host: %s — Serv: %s\n", strna(host), strna(serv));
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_resolve_query_unrefp) sd_resolve_query *q1 = NULL, *q2 = NULL;
+        _cleanup_(sd_resolve_unrefp) sd_resolve *resolve = NULL;
+        int r = 0;
+
+        struct addrinfo hints = {
+                .ai_family = PF_UNSPEC,
+                .ai_socktype = SOCK_STREAM,
+                .ai_flags = AI_CANONNAME
+        };
+
+        struct sockaddr_in sa = {
+                .sin_family = AF_INET,
+                .sin_port = htons(80)
+        };
+
+        assert_se(sd_resolve_default(&resolve) >= 0);
+
+        /* Test a floating resolver query */
+        sd_resolve_getaddrinfo(resolve, NULL, "redhat.com", "http", NULL, getaddrinfo_handler, NULL);
+
+        /* Make a name -> address query */
+        r = sd_resolve_getaddrinfo(resolve, &q1, argc >= 2 ? argv[1] : "www.heise.de", NULL, &hints, getaddrinfo_handler, NULL);
+        if (r < 0)
+                log_error_errno(r, "sd_resolve_getaddrinfo(): %m");
+
+        /* Make an address -> name query */
+        sa.sin_addr.s_addr = inet_addr(argc >= 3 ? argv[2] : "193.99.144.71");
+        r = sd_resolve_getnameinfo(resolve, &q2, (struct sockaddr*) &sa, sizeof(sa), 0, SD_RESOLVE_GET_BOTH, getnameinfo_handler, NULL);
+        if (r < 0)
+                log_error_errno(r, "sd_resolve_getnameinfo(): %m");
+
+        /* Wait until all queries are completed */
+        for (;;) {
+                r = sd_resolve_wait(resolve, (uint64_t) -1);
+                if (r == 0)
+                        break;
+                if (r < 0) {
+                        log_error_errno(r, "sd_resolve_wait(): %m");
+                        assert_not_reached("sd_resolve_wait() failed");
+                }
+        }
+
+        return 0;
+}
diff --git a/src/libsystemd/libsystemd-internal/sd-utf8/sd-utf8.c b/src/libsystemd/libsystemd-internal/sd-utf8/sd-utf8.c
new file mode 100644
index 0000000000..77be8e1996
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/sd-utf8/sd-utf8.c
@@ -0,0 +1,35 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-utf8.h>
+
+#include "utf8.h"
+#include "util.h"
+
+_public_ const char *sd_utf8_is_valid(const char *s) {
+        assert_return(s, NULL);
+
+        return utf8_is_valid(s);
+}
+
+_public_ const char *sd_ascii_is_valid(const char *s) {
+        assert_return(s, NULL);
+
+        return ascii_is_valid(s);
+}
diff --git a/src/libsystemd/libsystemd-internal/subdir.mk b/src/libsystemd/libsystemd-internal/subdir.mk
new file mode 100644
index 0000000000..35def00fdc
--- /dev/null
+++ b/src/libsystemd/libsystemd-internal/subdir.mk
@@ -0,0 +1,29 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemd.CPPFLAGS += -DLIBDIR=\"$(libdir)\"
+systemd.CPPFLAGS += -DUDEVLIBEXECDIR=\"$(udevlibexecdir)\"
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/libsystemd/libsystemd-journal-internal/Makefile b/src/libsystemd/libsystemd-journal-internal/Makefile
new file mode 100644
index 0000000000..964e1b5b4f
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/Makefile
@@ -0,0 +1,113 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+audit_list_includes = -include linux/audit.h -include missing.h
+ifneq ($(HAVE_AUDIT),)
+audit_list_includes += -include libaudit.h
+endif # HAVE_AUDIT
+
+$(outdir)/audit_type-list.txt:
+	$(AM_V_GEN)$(CPP) $(ALL_CPPFLAGS) -dM $(audit_list_includes) - </dev/null | grep -vE 'AUDIT_.*(FIRST|LAST)_' | $(SED) -r -n 's/^#define\s+AUDIT_(\w+)\s+([0-9]{4})\s*$$/\1\t\2/p' | sort -k2 >$@
+
+$(outdir)/audit_type-to-name.h: $(outdir)/audit_type-list.txt
+	$(AM_V_GEN)$(AWK) 'BEGIN{ print "const char *audit_type_to_string(int type) {\n\tswitch(type) {" } {printf "        case AUDIT_%s: return \"%s\";\n", $$1, $$1 } END{ print "        default: return NULL;\n\t}\n}\n" }' <$< >$@
+
+pkginclude_HEADERS += \
+	src/systemd/sd-journal.h \
+	src/systemd/sd-messages.h \
+	src/systemd/_sd-common.h
+
+libsystemd_journal_internal_la_SOURCES = \
+	src/journal/sd-journal.c \
+	src/systemd/sd-journal.h \
+	src/systemd/_sd-common.h \
+	src/journal/journal-file.c \
+	src/journal/journal-file.h \
+	src/journal/journal-vacuum.c \
+	src/journal/journal-vacuum.h \
+	src/journal/journal-verify.c \
+	src/journal/journal-verify.h \
+	src/journal/lookup3.c \
+	src/journal/lookup3.h \
+	src/journal/journal-send.c \
+	src/journal/journal-def.h \
+	src/journal/compress.h \
+	src/journal/catalog.c \
+	src/journal/catalog.h \
+	src/journal/mmap-cache.c \
+	src/journal/mmap-cache.h \
+	src/journal/compress.c \
+	src/journal/audit-type.h \
+	src/journal/audit-type.c \
+	src/shared/gcrypt-util.h \
+	src/shared/gcrypt-util.c
+
+nodist_libsystemd_journal_internal_la_SOURCES = \
+	src/journal/audit_type-to-name.h
+
+gperf_txt_sources += \
+	src/journal/audit_type-list.txt
+
+# using _CFLAGS = in the conditional below would suppress AM_CFLAGS
+libsystemd_journal_internal_la_CFLAGS = \
+	$(AM_CFLAGS)
+
+libsystemd_journal_internal_la_LIBADD =
+
+ifneq ($(HAVE_XZ),)
+libsystemd_journal_internal_la_CFLAGS += \
+	$(XZ_CFLAGS)
+
+libsystemd_journal_internal_la_LIBADD += \
+	$(XZ_LIBS)
+endif # HAVE_XZ
+
+ifneq ($(HAVE_LZ4),)
+libsystemd_journal_internal_la_CFLAGS += \
+	$(LZ4_CFLAGS)
+
+libsystemd_journal_internal_la_LIBADD += \
+	$(LZ4_LIBS)
+endif # HAVE_LZ4
+
+ifneq ($(HAVE_GCRYPT),)
+libsystemd_journal_internal_la_SOURCES += \
+	src/journal/journal-authenticate.c \
+	src/journal/journal-authenticate.h \
+	src/journal/fsprg.c \
+	src/journal/fsprg.h
+
+libsystemd_journal_internal_la_LIBADD += \
+	$(GCRYPT_LIBS)
+
+# fsprg.c is a drop-in file using void pointer arithmetic
+libsystemd_journal_internal_la_CFLAGS += \
+	$(GCRYPT_CFLAGS) \
+	-Wno-pointer-arith
+endif # HAVE_GCRYPT
+
+noinst_LTLIBRARIES += \
+	libsystemd-journal-internal.la
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/journal/audit-type.c b/src/libsystemd/libsystemd-journal-internal/audit-type.c
index 71e8790ca8..71e8790ca8 100644
--- a/src/journal/audit-type.c
+++ b/src/libsystemd/libsystemd-journal-internal/audit-type.c
diff --git a/src/journal/audit-type.h b/src/libsystemd/libsystemd-journal-internal/audit-type.h
index 1dd2163707..1dd2163707 100644
--- a/src/journal/audit-type.h
+++ b/src/libsystemd/libsystemd-journal-internal/audit-type.h
diff --git a/src/libsystemd/libsystemd-journal-internal/catalog.c b/src/libsystemd/libsystemd-journal-internal/catalog.c
new file mode 100644
index 0000000000..70838d958c
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/catalog.c
@@ -0,0 +1,767 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <locale.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "catalog.h"
+#include "conf-files.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "hashmap.h"
+#include "log.h"
+#include "mkdir.h"
+#include "path-util.h"
+#include "siphash24.h"
+#include "sparse-endian.h"
+#include "strbuf.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+const char * const catalog_file_dirs[] = {
+        "/usr/local/lib/systemd/catalog/",
+        "/usr/lib/systemd/catalog/",
+        NULL
+};
+
+#define CATALOG_SIGNATURE (uint8_t[]) { 'R', 'H', 'H', 'H', 'K', 'S', 'L', 'P' }
+
+typedef struct CatalogHeader {
+        uint8_t signature[8];  /* "RHHHKSLP" */
+        le32_t compatible_flags;
+        le32_t incompatible_flags;
+        le64_t header_size;
+        le64_t n_items;
+        le64_t catalog_item_size;
+} CatalogHeader;
+
+typedef struct CatalogItem {
+        sd_id128_t id;
+        char language[32];
+        le64_t offset;
+} CatalogItem;
+
+static void catalog_hash_func(const void *p, struct siphash *state) {
+        const CatalogItem *i = p;
+
+        siphash24_compress(&i->id, sizeof(i->id), state);
+        siphash24_compress(i->language, strlen(i->language), state);
+}
+
+static int catalog_compare_func(const void *a, const void *b) {
+        const CatalogItem *i = a, *j = b;
+        unsigned k;
+
+        for (k = 0; k < ELEMENTSOF(j->id.bytes); k++) {
+                 if (i->id.bytes[k] < j->id.bytes[k])
+                        return -1;
+                 if (i->id.bytes[k] > j->id.bytes[k])
+                        return 1;
+        }
+
+        return strcmp(i->language, j->language);
+}
+
+const struct hash_ops catalog_hash_ops = {
+        .hash = catalog_hash_func,
+        .compare = catalog_compare_func
+};
+
+static bool next_header(const char **s) {
+        const char *e;
+
+        e = strchr(*s, '\n');
+
+        /* Unexpected end */
+        if (!e)
+                return false;
+
+        /* End of headers */
+        if (e == *s)
+                return false;
+
+        *s = e + 1;
+        return true;
+}
+
+static const char *skip_header(const char *s) {
+        while (next_header(&s))
+                ;
+        return s;
+}
+
+static char *combine_entries(const char *one, const char *two) {
+        const char *b1, *b2;
+        size_t l1, l2, n;
+        char *dest, *p;
+
+        /* Find split point of headers to body */
+        b1 = skip_header(one);
+        b2 = skip_header(two);
+
+        l1 = strlen(one);
+        l2 = strlen(two);
+        dest = new(char, l1 + l2 + 1);
+        if (!dest) {
+                log_oom();
+                return NULL;
+        }
+
+        p = dest;
+
+        /* Headers from @one */
+        n = b1 - one;
+        p = mempcpy(p, one, n);
+
+        /* Headers from @two, these will only be found if not present above */
+        n = b2 - two;
+        p = mempcpy(p, two, n);
+
+        /* Body from @one */
+        n = l1 - (b1 - one);
+        if (n > 0) {
+                memcpy(p, b1, n);
+                p += n;
+
+        /* Body from @two */
+        } else {
+                n = l2 - (b2 - two);
+                memcpy(p, b2, n);
+                p += n;
+        }
+
+        assert(p - dest <= (ptrdiff_t)(l1 + l2));
+        p[0] = '\0';
+        return dest;
+}
+
+static int finish_item(
+                Hashmap *h,
+                sd_id128_t id,
+                const char *language,
+                char *payload, size_t payload_size) {
+
+        _cleanup_free_ CatalogItem *i = NULL;
+        _cleanup_free_ char *prev = NULL, *combined = NULL;
+
+        assert(h);
+        assert(payload);
+        assert(payload_size > 0);
+
+        i = new0(CatalogItem, 1);
+        if (!i)
+                return log_oom();
+
+        i->id = id;
+        if (language) {
+                assert(strlen(language) > 1 && strlen(language) < 32);
+                strcpy(i->language, language);
+        }
+
+        prev = hashmap_get(h, i);
+        if (prev) {
+                /* Already have such an item, combine them */
+                combined = combine_entries(payload, prev);
+                if (!combined)
+                        return log_oom();
+
+                if (hashmap_update(h, i, combined) < 0)
+                        return log_oom();
+                combined = NULL;
+        } else {
+                /* A new item */
+                combined = memdup(payload, payload_size + 1);
+                if (!combined)
+                        return log_oom();
+
+                if (hashmap_put(h, i, combined) < 0)
+                        return log_oom();
+                i = NULL;
+                combined = NULL;
+        }
+
+        return 0;
+}
+
+int catalog_file_lang(const char* filename, char **lang) {
+        char *beg, *end, *_lang;
+
+        end = endswith(filename, ".catalog");
+        if (!end)
+                return 0;
+
+        beg = end - 1;
+        while (beg > filename && *beg != '.' && *beg != '/' && end - beg < 32)
+                beg--;
+
+        if (*beg != '.' || end <= beg + 1)
+                return 0;
+
+        _lang = strndup(beg + 1, end - beg - 1);
+        if (!_lang)
+                return -ENOMEM;
+
+        *lang = _lang;
+        return 1;
+}
+
+static int catalog_entry_lang(const char* filename, int line,
+                              const char* t, const char* deflang, char **lang) {
+        size_t c;
+
+        c = strlen(t);
+        if (c == 0) {
+                log_error("[%s:%u] Language too short.", filename, line);
+                return -EINVAL;
+        }
+        if (c > 31) {
+                log_error("[%s:%u] language too long.", filename, line);
+                return -EINVAL;
+        }
+
+        if (deflang) {
+                if (streq(t, deflang)) {
+                        log_warning("[%s:%u] language specified unnecessarily",
+                                    filename, line);
+                        return 0;
+                } else
+                        log_warning("[%s:%u] language differs from default for file",
+                                    filename, line);
+        }
+
+        *lang = strdup(t);
+        if (!*lang)
+                        return -ENOMEM;
+
+        return 0;
+}
+
+int catalog_import_file(Hashmap *h, const char *path) {
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_free_ char *payload = NULL;
+        size_t payload_size = 0, payload_allocated = 0;
+        unsigned n = 0;
+        sd_id128_t id;
+        _cleanup_free_ char *deflang = NULL, *lang = NULL;
+        bool got_id = false, empty_line = true;
+        int r;
+
+        assert(h);
+        assert(path);
+
+        f = fopen(path, "re");
+        if (!f)
+                return log_error_errno(errno, "Failed to open file %s: %m", path);
+
+        r = catalog_file_lang(path, &deflang);
+        if (r < 0)
+                log_error_errno(r, "Failed to determine language for file %s: %m", path);
+        if (r == 1)
+                log_debug("File %s has language %s.", path, deflang);
+
+        for (;;) {
+                char line[LINE_MAX];
+                size_t line_len;
+
+                if (!fgets(line, sizeof(line), f)) {
+                        if (feof(f))
+                                break;
+
+                        return log_error_errno(errno, "Failed to read file %s: %m", path);
+                }
+
+                n++;
+
+                truncate_nl(line);
+
+                if (line[0] == 0) {
+                        empty_line = true;
+                        continue;
+                }
+
+                if (strchr(COMMENTS "\n", line[0]))
+                        continue;
+
+                if (empty_line &&
+                    strlen(line) >= 2+1+32 &&
+                    line[0] == '-' &&
+                    line[1] == '-' &&
+                    line[2] == ' ' &&
+                    (line[2+1+32] == ' ' || line[2+1+32] == '\0')) {
+
+                        bool with_language;
+                        sd_id128_t jd;
+
+                        /* New entry */
+
+                        with_language = line[2+1+32] != '\0';
+                        line[2+1+32] = '\0';
+
+                        if (sd_id128_from_string(line + 2 + 1, &jd) >= 0) {
+
+                                if (got_id) {
+                                        if (payload_size == 0) {
+                                                log_error("[%s:%u] No payload text.", path, n);
+                                                return -EINVAL;
+                                        }
+
+                                        r = finish_item(h, id, lang ?: deflang, payload, payload_size);
+                                        if (r < 0)
+                                                return r;
+
+                                        lang = mfree(lang);
+                                        payload_size = 0;
+                                }
+
+                                if (with_language) {
+                                        char *t;
+
+                                        t = strstrip(line + 2 + 1 + 32 + 1);
+                                        r = catalog_entry_lang(path, n, t, deflang, &lang);
+                                        if (r < 0)
+                                                return r;
+                                }
+
+                                got_id = true;
+                                empty_line = false;
+                                id = jd;
+
+                                continue;
+                        }
+                }
+
+                /* Payload */
+                if (!got_id) {
+                        log_error("[%s:%u] Got payload before ID.", path, n);
+                        return -EINVAL;
+                }
+
+                line_len = strlen(line);
+                if (!GREEDY_REALLOC(payload, payload_allocated,
+                                    payload_size + (empty_line ? 1 : 0) + line_len + 1 + 1))
+                        return log_oom();
+
+                if (empty_line)
+                        payload[payload_size++] = '\n';
+                memcpy(payload + payload_size, line, line_len);
+                payload_size += line_len;
+                payload[payload_size++] = '\n';
+                payload[payload_size] = '\0';
+
+                empty_line = false;
+        }
+
+        if (got_id) {
+                if (payload_size == 0) {
+                        log_error("[%s:%u] No payload text.", path, n);
+                        return -EINVAL;
+                }
+
+                r = finish_item(h, id, lang ?: deflang, payload, payload_size);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int64_t write_catalog(const char *database, struct strbuf *sb,
+                             CatalogItem *items, size_t n) {
+        CatalogHeader header;
+        _cleanup_fclose_ FILE *w = NULL;
+        int r;
+        _cleanup_free_ char *d, *p = NULL;
+        size_t k;
+
+        d = dirname_malloc(database);
+        if (!d)
+                return log_oom();
+
+        r = mkdir_p(d, 0775);
+        if (r < 0)
+                return log_error_errno(r, "Recursive mkdir %s: %m", d);
+
+        r = fopen_temporary(database, &w, &p);
+        if (r < 0)
+                return log_error_errno(r, "Failed to open database for writing: %s: %m",
+                                       database);
+
+        zero(header);
+        memcpy(header.signature, CATALOG_SIGNATURE, sizeof(header.signature));
+        header.header_size = htole64(ALIGN_TO(sizeof(CatalogHeader), 8));
+        header.catalog_item_size = htole64(sizeof(CatalogItem));
+        header.n_items = htole64(n);
+
+        r = -EIO;
+
+        k = fwrite(&header, 1, sizeof(header), w);
+        if (k != sizeof(header)) {
+                log_error("%s: failed to write header.", p);
+                goto error;
+        }
+
+        k = fwrite(items, 1, n * sizeof(CatalogItem), w);
+        if (k != n * sizeof(CatalogItem)) {
+                log_error("%s: failed to write database.", p);
+                goto error;
+        }
+
+        k = fwrite(sb->buf, 1, sb->len, w);
+        if (k != sb->len) {
+                log_error("%s: failed to write strings.", p);
+                goto error;
+        }
+
+        r = fflush_and_check(w);
+        if (r < 0) {
+                log_error_errno(r, "%s: failed to write database: %m", p);
+                goto error;
+        }
+
+        fchmod(fileno(w), 0644);
+
+        if (rename(p, database) < 0) {
+                r = log_error_errno(errno, "rename (%s -> %s) failed: %m", p, database);
+                goto error;
+        }
+
+        return ftello(w);
+
+error:
+        (void) unlink(p);
+        return r;
+}
+
+int catalog_update(const char* database, const char* root, const char* const* dirs) {
+        _cleanup_strv_free_ char **files = NULL;
+        char **f;
+        struct strbuf *sb = NULL;
+        _cleanup_hashmap_free_free_free_ Hashmap *h = NULL;
+        _cleanup_free_ CatalogItem *items = NULL;
+        ssize_t offset;
+        char *payload;
+        CatalogItem *i;
+        Iterator j;
+        unsigned n;
+        int r;
+        int64_t sz;
+
+        h = hashmap_new(&catalog_hash_ops);
+        sb = strbuf_new();
+
+        if (!h || !sb) {
+                r = log_oom();
+                goto finish;
+        }
+
+        r = conf_files_list_strv(&files, ".catalog", root, dirs);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get catalog files: %m");
+                goto finish;
+        }
+
+        STRV_FOREACH(f, files) {
+                log_debug("Reading file '%s'", *f);
+                r = catalog_import_file(h, *f);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to import file '%s': %m", *f);
+                        goto finish;
+                }
+        }
+
+        if (hashmap_size(h) <= 0) {
+                log_info("No items in catalog.");
+                goto finish;
+        } else
+                log_debug("Found %u items in catalog.", hashmap_size(h));
+
+        items = new(CatalogItem, hashmap_size(h));
+        if (!items) {
+                r = log_oom();
+                goto finish;
+        }
+
+        n = 0;
+        HASHMAP_FOREACH_KEY(payload, i, h, j) {
+                log_debug("Found " SD_ID128_FORMAT_STR ", language %s",
+                          SD_ID128_FORMAT_VAL(i->id),
+                          isempty(i->language) ? "C" : i->language);
+
+                offset = strbuf_add_string(sb, payload, strlen(payload));
+                if (offset < 0) {
+                        r = log_oom();
+                        goto finish;
+                }
+                i->offset = htole64((uint64_t) offset);
+                items[n++] = *i;
+        }
+
+        assert(n == hashmap_size(h));
+        qsort_safe(items, n, sizeof(CatalogItem), catalog_compare_func);
+
+        strbuf_complete(sb);
+
+        sz = write_catalog(database, sb, items, n);
+        if (sz < 0)
+                r = log_error_errno(sz, "Failed to write %s: %m", database);
+        else {
+                r = 0;
+                log_debug("%s: wrote %u items, with %zu bytes of strings, %"PRIi64" total size.",
+                          database, n, sb->len, sz);
+        }
+
+finish:
+        strbuf_cleanup(sb);
+
+        return r;
+}
+
+static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p) {
+        const CatalogHeader *h;
+        int fd;
+        void *p;
+        struct stat st;
+
+        assert(_fd);
+        assert(_st);
+        assert(_p);
+
+        fd = open(database, O_RDONLY|O_CLOEXEC);
+        if (fd < 0)
+                return -errno;
+
+        if (fstat(fd, &st) < 0) {
+                safe_close(fd);
+                return -errno;
+        }
+
+        if (st.st_size < (off_t) sizeof(CatalogHeader)) {
+                safe_close(fd);
+                return -EINVAL;
+        }
+
+        p = mmap(NULL, PAGE_ALIGN(st.st_size), PROT_READ, MAP_SHARED, fd, 0);
+        if (p == MAP_FAILED) {
+                safe_close(fd);
+                return -errno;
+        }
+
+        h = p;
+        if (memcmp(h->signature, CATALOG_SIGNATURE, sizeof(h->signature)) != 0 ||
+            le64toh(h->header_size) < sizeof(CatalogHeader) ||
+            le64toh(h->catalog_item_size) < sizeof(CatalogItem) ||
+            h->incompatible_flags != 0 ||
+            le64toh(h->n_items) <= 0 ||
+            st.st_size < (off_t) (le64toh(h->header_size) + le64toh(h->catalog_item_size) * le64toh(h->n_items))) {
+                safe_close(fd);
+                munmap(p, st.st_size);
+                return -EBADMSG;
+        }
+
+        *_fd = fd;
+        *_st = st;
+        *_p = p;
+
+        return 0;
+}
+
+static const char *find_id(void *p, sd_id128_t id) {
+        CatalogItem key, *f = NULL;
+        const CatalogHeader *h = p;
+        const char *loc;
+
+        zero(key);
+        key.id = id;
+
+        loc = setlocale(LC_MESSAGES, NULL);
+        if (loc && loc[0] && !streq(loc, "C") && !streq(loc, "POSIX")) {
+                strncpy(key.language, loc, sizeof(key.language));
+                key.language[strcspn(key.language, ".@")] = 0;
+
+                f = bsearch(&key, (const uint8_t*) p + le64toh(h->header_size), le64toh(h->n_items), le64toh(h->catalog_item_size), catalog_compare_func);
+                if (!f) {
+                        char *e;
+
+                        e = strchr(key.language, '_');
+                        if (e) {
+                                *e = 0;
+                                f = bsearch(&key, (const uint8_t*) p + le64toh(h->header_size), le64toh(h->n_items), le64toh(h->catalog_item_size), catalog_compare_func);
+                        }
+                }
+        }
+
+        if (!f) {
+                zero(key.language);
+                f = bsearch(&key, (const uint8_t*) p + le64toh(h->header_size), le64toh(h->n_items), le64toh(h->catalog_item_size), catalog_compare_func);
+        }
+
+        if (!f)
+                return NULL;
+
+        return (const char*) p +
+                le64toh(h->header_size) +
+                le64toh(h->n_items) * le64toh(h->catalog_item_size) +
+                le64toh(f->offset);
+}
+
+int catalog_get(const char* database, sd_id128_t id, char **_text) {
+        _cleanup_close_ int fd = -1;
+        void *p = NULL;
+        struct stat st = {};
+        char *text = NULL;
+        int r;
+        const char *s;
+
+        assert(_text);
+
+        r = open_mmap(database, &fd, &st, &p);
+        if (r < 0)
+                return r;
+
+        s = find_id(p, id);
+        if (!s) {
+                r = -ENOENT;
+                goto finish;
+        }
+
+        text = strdup(s);
+        if (!text) {
+                r = -ENOMEM;
+                goto finish;
+        }
+
+        *_text = text;
+        r = 0;
+
+finish:
+        if (p)
+                munmap(p, st.st_size);
+
+        return r;
+}
+
+static char *find_header(const char *s, const char *header) {
+
+        for (;;) {
+                const char *v;
+
+                v = startswith(s, header);
+                if (v) {
+                        v += strspn(v, WHITESPACE);
+                        return strndup(v, strcspn(v, NEWLINE));
+                }
+
+                if (!next_header(&s))
+                        return NULL;
+        }
+}
+
+static void dump_catalog_entry(FILE *f, sd_id128_t id, const char *s, bool oneline) {
+        if (oneline) {
+                _cleanup_free_ char *subject = NULL, *defined_by = NULL;
+
+                subject = find_header(s, "Subject:");
+                defined_by = find_header(s, "Defined-By:");
+
+                fprintf(f, SD_ID128_FORMAT_STR " %s: %s\n",
+                        SD_ID128_FORMAT_VAL(id),
+                        strna(defined_by), strna(subject));
+        } else
+                fprintf(f, "-- " SD_ID128_FORMAT_STR "\n%s\n",
+                        SD_ID128_FORMAT_VAL(id), s);
+}
+
+
+int catalog_list(FILE *f, const char *database, bool oneline) {
+        _cleanup_close_ int fd = -1;
+        void *p = NULL;
+        struct stat st;
+        const CatalogHeader *h;
+        const CatalogItem *items;
+        int r;
+        unsigned n;
+        sd_id128_t last_id;
+        bool last_id_set = false;
+
+        r = open_mmap(database, &fd, &st, &p);
+        if (r < 0)
+                return r;
+
+        h = p;
+        items = (const CatalogItem*) ((const uint8_t*) p + le64toh(h->header_size));
+
+        for (n = 0; n < le64toh(h->n_items); n++) {
+                const char *s;
+
+                if (last_id_set && sd_id128_equal(last_id, items[n].id))
+                        continue;
+
+                assert_se(s = find_id(p, items[n].id));
+
+                dump_catalog_entry(f, items[n].id, s, oneline);
+
+                last_id_set = true;
+                last_id = items[n].id;
+        }
+
+        munmap(p, st.st_size);
+
+        return 0;
+}
+
+int catalog_list_items(FILE *f, const char *database, bool oneline, char **items) {
+        char **item;
+        int r = 0;
+
+        STRV_FOREACH(item, items) {
+                sd_id128_t id;
+                int k;
+                _cleanup_free_ char *msg = NULL;
+
+                k = sd_id128_from_string(*item, &id);
+                if (k < 0) {
+                        log_error_errno(k, "Failed to parse id128 '%s': %m", *item);
+                        if (r == 0)
+                                r = k;
+                        continue;
+                }
+
+                k = catalog_get(database, id, &msg);
+                if (k < 0) {
+                        log_full_errno(k == -ENOENT ? LOG_NOTICE : LOG_ERR, k,
+                                       "Failed to retrieve catalog entry for '%s': %m", *item);
+                        if (r == 0)
+                                r = k;
+                        continue;
+                }
+
+                dump_catalog_entry(f, id, msg, oneline);
+        }
+
+        return r;
+}
diff --git a/src/libsystemd/libsystemd-journal-internal/catalog.h b/src/libsystemd/libsystemd-journal-internal/catalog.h
new file mode 100644
index 0000000000..b621de3068
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/catalog.h
@@ -0,0 +1,36 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+#include <systemd/sd-id128.h>
+
+#include "hashmap.h"
+#include "strbuf.h"
+
+int catalog_import_file(Hashmap *h, const char *path);
+int catalog_update(const char* database, const char* root, const char* const* dirs);
+int catalog_get(const char* database, sd_id128_t id, char **data);
+int catalog_list(FILE *f, const char* database, bool oneline);
+int catalog_list_items(FILE *f, const char* database, bool oneline, char **items);
+int catalog_file_lang(const char *filename, char **lang);
+extern const char * const catalog_file_dirs[];
+extern const struct hash_ops catalog_hash_ops;
diff --git a/src/journal/compress.c b/src/libsystemd/libsystemd-journal-internal/compress.c
index ba734b5561..ba734b5561 100644
--- a/src/journal/compress.c
+++ b/src/libsystemd/libsystemd-journal-internal/compress.c
diff --git a/src/journal/compress.h b/src/libsystemd/libsystemd-journal-internal/compress.h
index c138099d9a..c138099d9a 100644
--- a/src/journal/compress.h
+++ b/src/libsystemd/libsystemd-journal-internal/compress.h
diff --git a/src/journal/fsprg.c b/src/libsystemd/libsystemd-journal-internal/fsprg.c
index 612b10f3a9..612b10f3a9 100644
--- a/src/journal/fsprg.c
+++ b/src/libsystemd/libsystemd-journal-internal/fsprg.c
diff --git a/src/journal/fsprg.h b/src/libsystemd/libsystemd-journal-internal/fsprg.h
index 829b56e240..829b56e240 100644
--- a/src/journal/fsprg.h
+++ b/src/libsystemd/libsystemd-journal-internal/fsprg.h
diff --git a/src/journal/journal-authenticate.c b/src/libsystemd/libsystemd-journal-internal/journal-authenticate.c
index d8af113d3f..d8af113d3f 100644
--- a/src/journal/journal-authenticate.c
+++ b/src/libsystemd/libsystemd-journal-internal/journal-authenticate.c
diff --git a/src/journal/journal-authenticate.h b/src/libsystemd/libsystemd-journal-internal/journal-authenticate.h
index 6c87319ede..6c87319ede 100644
--- a/src/journal/journal-authenticate.h
+++ b/src/libsystemd/libsystemd-journal-internal/journal-authenticate.h
diff --git a/src/libsystemd/libsystemd-journal-internal/journal-def.h b/src/libsystemd/libsystemd-journal-internal/journal-def.h
new file mode 100644
index 0000000000..a0a052ce4f
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/journal-def.h
@@ -0,0 +1,237 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-id128.h>
+
+#include "macro.h"
+#include "sparse-endian.h"
+
+/*
+ * If you change this file you probably should also change its documentation:
+ *
+ * http://www.freedesktop.org/wiki/Software/systemd/journal-files
+ *
+ */
+
+typedef struct Header Header;
+
+typedef struct ObjectHeader ObjectHeader;
+typedef union Object Object;
+
+typedef struct DataObject DataObject;
+typedef struct FieldObject FieldObject;
+typedef struct EntryObject EntryObject;
+typedef struct HashTableObject HashTableObject;
+typedef struct EntryArrayObject EntryArrayObject;
+typedef struct TagObject TagObject;
+
+typedef struct EntryItem EntryItem;
+typedef struct HashItem HashItem;
+
+typedef struct FSSHeader FSSHeader;
+
+/* Object types */
+typedef enum ObjectType {
+        OBJECT_UNUSED, /* also serves as "any type" or "additional context" */
+        OBJECT_DATA,
+        OBJECT_FIELD,
+        OBJECT_ENTRY,
+        OBJECT_DATA_HASH_TABLE,
+        OBJECT_FIELD_HASH_TABLE,
+        OBJECT_ENTRY_ARRAY,
+        OBJECT_TAG,
+        _OBJECT_TYPE_MAX
+} ObjectType;
+
+/* Object flags */
+enum {
+        OBJECT_COMPRESSED_XZ = 1 << 0,
+        OBJECT_COMPRESSED_LZ4 = 1 << 1,
+        _OBJECT_COMPRESSED_MAX
+};
+
+#define OBJECT_COMPRESSION_MASK (OBJECT_COMPRESSED_XZ | OBJECT_COMPRESSED_LZ4)
+
+struct ObjectHeader {
+        uint8_t type;
+        uint8_t flags;
+        uint8_t reserved[6];
+        le64_t size;
+        uint8_t payload[];
+} _packed_;
+
+struct DataObject {
+        ObjectHeader object;
+        le64_t hash;
+        le64_t next_hash_offset;
+        le64_t next_field_offset;
+        le64_t entry_offset; /* the first array entry we store inline */
+        le64_t entry_array_offset;
+        le64_t n_entries;
+        uint8_t payload[];
+} _packed_;
+
+struct FieldObject {
+        ObjectHeader object;
+        le64_t hash;
+        le64_t next_hash_offset;
+        le64_t head_data_offset;
+        uint8_t payload[];
+} _packed_;
+
+struct EntryItem {
+        le64_t object_offset;
+        le64_t hash;
+} _packed_;
+
+struct EntryObject {
+        ObjectHeader object;
+        le64_t seqnum;
+        le64_t realtime;
+        le64_t monotonic;
+        sd_id128_t boot_id;
+        le64_t xor_hash;
+        EntryItem items[];
+} _packed_;
+
+struct HashItem {
+        le64_t head_hash_offset;
+        le64_t tail_hash_offset;
+} _packed_;
+
+struct HashTableObject {
+        ObjectHeader object;
+        HashItem items[];
+} _packed_;
+
+struct EntryArrayObject {
+        ObjectHeader object;
+        le64_t next_entry_array_offset;
+        le64_t items[];
+} _packed_;
+
+#define TAG_LENGTH (256/8)
+
+struct TagObject {
+        ObjectHeader object;
+        le64_t seqnum;
+        le64_t epoch;
+        uint8_t tag[TAG_LENGTH]; /* SHA-256 HMAC */
+} _packed_;
+
+union Object {
+        ObjectHeader object;
+        DataObject data;
+        FieldObject field;
+        EntryObject entry;
+        HashTableObject hash_table;
+        EntryArrayObject entry_array;
+        TagObject tag;
+};
+
+enum {
+        STATE_OFFLINE = 0,
+        STATE_ONLINE = 1,
+        STATE_ARCHIVED = 2,
+        _STATE_MAX
+};
+
+/* Header flags */
+enum {
+        HEADER_INCOMPATIBLE_COMPRESSED_XZ = 1 << 0,
+        HEADER_INCOMPATIBLE_COMPRESSED_LZ4 = 1 << 1,
+};
+
+#define HEADER_INCOMPATIBLE_ANY (HEADER_INCOMPATIBLE_COMPRESSED_XZ|HEADER_INCOMPATIBLE_COMPRESSED_LZ4)
+
+#if defined(HAVE_XZ) && defined(HAVE_LZ4)
+#  define HEADER_INCOMPATIBLE_SUPPORTED HEADER_INCOMPATIBLE_ANY
+#elif defined(HAVE_XZ)
+#  define HEADER_INCOMPATIBLE_SUPPORTED HEADER_INCOMPATIBLE_COMPRESSED_XZ
+#elif defined(HAVE_LZ4)
+#  define HEADER_INCOMPATIBLE_SUPPORTED HEADER_INCOMPATIBLE_COMPRESSED_LZ4
+#else
+#  define HEADER_INCOMPATIBLE_SUPPORTED 0
+#endif
+
+enum {
+        HEADER_COMPATIBLE_SEALED = 1
+};
+
+#define HEADER_COMPATIBLE_ANY HEADER_COMPATIBLE_SEALED
+#ifdef HAVE_GCRYPT
+#  define HEADER_COMPATIBLE_SUPPORTED HEADER_COMPATIBLE_SEALED
+#else
+#  define HEADER_COMPATIBLE_SUPPORTED 0
+#endif
+
+#define HEADER_SIGNATURE ((char[]) { 'L', 'P', 'K', 'S', 'H', 'H', 'R', 'H' })
+
+struct Header {
+        uint8_t signature[8]; /* "LPKSHHRH" */
+        le32_t compatible_flags;
+        le32_t incompatible_flags;
+        uint8_t state;
+        uint8_t reserved[7];
+        sd_id128_t file_id;
+        sd_id128_t machine_id;
+        sd_id128_t boot_id;    /* last writer */
+        sd_id128_t seqnum_id;
+        le64_t header_size;
+        le64_t arena_size;
+        le64_t data_hash_table_offset;
+        le64_t data_hash_table_size;
+        le64_t field_hash_table_offset;
+        le64_t field_hash_table_size;
+        le64_t tail_object_offset;
+        le64_t n_objects;
+        le64_t n_entries;
+        le64_t tail_entry_seqnum;
+        le64_t head_entry_seqnum;
+        le64_t entry_array_offset;
+        le64_t head_entry_realtime;
+        le64_t tail_entry_realtime;
+        le64_t tail_entry_monotonic;
+        /* Added in 187 */
+        le64_t n_data;
+        le64_t n_fields;
+        /* Added in 189 */
+        le64_t n_tags;
+        le64_t n_entry_arrays;
+
+        /* Size: 240 */
+} _packed_;
+
+#define FSS_HEADER_SIGNATURE ((char[]) { 'K', 'S', 'H', 'H', 'R', 'H', 'L', 'P' })
+
+struct FSSHeader {
+        uint8_t signature[8]; /* "KSHHRHLP" */
+        le32_t compatible_flags;
+        le32_t incompatible_flags;
+        sd_id128_t machine_id;
+        sd_id128_t boot_id;    /* last writer */
+        le64_t header_size;
+        le64_t start_usec;
+        le64_t interval_usec;
+        le16_t fsprg_secpar;
+        le16_t reserved[3];
+        le64_t fsprg_state_size;
+} _packed_;
diff --git a/src/libsystemd/libsystemd-journal-internal/journal-file.c b/src/libsystemd/libsystemd-journal-internal/journal-file.c
new file mode 100644
index 0000000000..13db5c53de
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/journal-file.c
@@ -0,0 +1,3616 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/fs.h>
+#include <pthread.h>
+#include <stddef.h>
+#include <sys/mman.h>
+#include <sys/statvfs.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+#include "alloc-util.h"
+#include "btrfs-util.h"
+#include "chattr-util.h"
+#include "compress.h"
+#include "fd-util.h"
+#include "journal-authenticate.h"
+#include "journal-def.h"
+#include "journal-file.h"
+#include "lookup3.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "random-util.h"
+#include <systemd/sd-event.h>
+#include "set.h"
+#include "string-util.h"
+#include "xattr-util.h"
+
+#define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem))
+#define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem))
+
+#define COMPRESSION_SIZE_THRESHOLD (512ULL)
+
+/* This is the minimum journal file size */
+#define JOURNAL_FILE_SIZE_MIN (512ULL*1024ULL)                 /* 512 KiB */
+
+/* These are the lower and upper bounds if we deduce the max_use value
+ * from the file system size */
+#define DEFAULT_MAX_USE_LOWER (1ULL*1024ULL*1024ULL)           /* 1 MiB */
+#define DEFAULT_MAX_USE_UPPER (4ULL*1024ULL*1024ULL*1024ULL)   /* 4 GiB */
+
+/* This is the default minimal use limit, how much we'll use even if keep_free suggests otherwise. */
+#define DEFAULT_MIN_USE (1ULL*1024ULL*1024ULL)                 /* 1 MiB */
+
+/* This is the upper bound if we deduce max_size from max_use */
+#define DEFAULT_MAX_SIZE_UPPER (128ULL*1024ULL*1024ULL)        /* 128 MiB */
+
+/* This is the upper bound if we deduce the keep_free value from the
+ * file system size */
+#define DEFAULT_KEEP_FREE_UPPER (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */
+
+/* This is the keep_free value when we can't determine the system
+ * size */
+#define DEFAULT_KEEP_FREE (1024ULL*1024ULL)                    /* 1 MB */
+
+/* This is the default maximum number of journal files to keep around. */
+#define DEFAULT_N_MAX_FILES (100)
+
+/* n_data was the first entry we added after the initial file format design */
+#define HEADER_SIZE_MIN ALIGN64(offsetof(Header, n_data))
+
+/* How many entries to keep in the entry array chain cache at max */
+#define CHAIN_CACHE_MAX 20
+
+/* How much to increase the journal file size at once each time we allocate something new. */
+#define FILE_SIZE_INCREASE (8ULL*1024ULL*1024ULL)              /* 8MB */
+
+/* Reread fstat() of the file for detecting deletions at least this often */
+#define LAST_STAT_REFRESH_USEC (5*USEC_PER_SEC)
+
+/* The mmap context to use for the header we pick as one above the last defined typed */
+#define CONTEXT_HEADER _OBJECT_TYPE_MAX
+
+/* This may be called from a separate thread to prevent blocking the caller for the duration of fsync().
+ * As a result we use atomic operations on f->offline_state for inter-thread communications with
+ * journal_file_set_offline() and journal_file_set_online(). */
+static void journal_file_set_offline_internal(JournalFile *f) {
+        assert(f);
+        assert(f->fd >= 0);
+        assert(f->header);
+
+        for (;;) {
+                switch (f->offline_state) {
+                case OFFLINE_CANCEL:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_CANCEL, OFFLINE_DONE))
+                                continue;
+                        return;
+
+                case OFFLINE_AGAIN_FROM_SYNCING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_SYNCING, OFFLINE_SYNCING))
+                                continue;
+                        break;
+
+                case OFFLINE_AGAIN_FROM_OFFLINING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_OFFLINING, OFFLINE_SYNCING))
+                                continue;
+                        break;
+
+                case OFFLINE_SYNCING:
+                        (void) fsync(f->fd);
+
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_SYNCING, OFFLINE_OFFLINING))
+                                continue;
+
+                        f->header->state = f->archive ? STATE_ARCHIVED : STATE_OFFLINE;
+                        (void) fsync(f->fd);
+                        break;
+
+                case OFFLINE_OFFLINING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_OFFLINING, OFFLINE_DONE))
+                                continue;
+                        /* fall through */
+
+                case OFFLINE_DONE:
+                        return;
+
+                case OFFLINE_JOINED:
+                        log_debug("OFFLINE_JOINED unexpected offline state for journal_file_set_offline_internal()");
+                        return;
+                }
+        }
+}
+
+static void * journal_file_set_offline_thread(void *arg) {
+        JournalFile *f = arg;
+
+        journal_file_set_offline_internal(f);
+
+        return NULL;
+}
+
+static int journal_file_set_offline_thread_join(JournalFile *f) {
+        int r;
+
+        assert(f);
+
+        if (f->offline_state == OFFLINE_JOINED)
+                return 0;
+
+        r = pthread_join(f->offline_thread, NULL);
+        if (r)
+                return -r;
+
+        f->offline_state = OFFLINE_JOINED;
+
+        if (mmap_cache_got_sigbus(f->mmap, f->fd))
+                return -EIO;
+
+        return 0;
+}
+
+/* Trigger a restart if the offline thread is mid-flight in a restartable state. */
+static bool journal_file_set_offline_try_restart(JournalFile *f) {
+        for (;;) {
+                switch (f->offline_state) {
+                case OFFLINE_AGAIN_FROM_SYNCING:
+                case OFFLINE_AGAIN_FROM_OFFLINING:
+                        return true;
+
+                case OFFLINE_CANCEL:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_CANCEL, OFFLINE_AGAIN_FROM_SYNCING))
+                                continue;
+                        return true;
+
+                case OFFLINE_SYNCING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_SYNCING, OFFLINE_AGAIN_FROM_SYNCING))
+                                continue;
+                        return true;
+
+                case OFFLINE_OFFLINING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_OFFLINING, OFFLINE_AGAIN_FROM_OFFLINING))
+                                continue;
+                        return true;
+
+                default:
+                        return false;
+                }
+        }
+}
+
+/* Sets a journal offline.
+ *
+ * If wait is false then an offline is dispatched in a separate thread for a
+ * subsequent journal_file_set_offline() or journal_file_set_online() of the
+ * same journal to synchronize with.
+ *
+ * If wait is true, then either an existing offline thread will be restarted
+ * and joined, or if none exists the offline is simply performed in this
+ * context without involving another thread.
+ */
+int journal_file_set_offline(JournalFile *f, bool wait) {
+        bool restarted;
+        int r;
+
+        assert(f);
+
+        if (!f->writable)
+                return -EPERM;
+
+        if (!(f->fd >= 0 && f->header))
+                return -EINVAL;
+
+        /* An offlining journal is implicitly online and may modify f->header->state,
+         * we must also join any potentially lingering offline thread when not online. */
+        if (!journal_file_is_offlining(f) && f->header->state != STATE_ONLINE)
+                return journal_file_set_offline_thread_join(f);
+
+        /* Restart an in-flight offline thread and wait if needed, or join a lingering done one. */
+        restarted = journal_file_set_offline_try_restart(f);
+        if ((restarted && wait) || !restarted) {
+                r = journal_file_set_offline_thread_join(f);
+                if (r < 0)
+                        return r;
+        }
+
+        if (restarted)
+                return 0;
+
+        /* Initiate a new offline. */
+        f->offline_state = OFFLINE_SYNCING;
+
+        if (wait) /* Without using a thread if waiting. */
+                journal_file_set_offline_internal(f);
+        else {
+                r = pthread_create(&f->offline_thread, NULL, journal_file_set_offline_thread, f);
+                if (r > 0) {
+                        f->offline_state = OFFLINE_JOINED;
+                        return -r;
+                }
+        }
+
+        return 0;
+}
+
+static int journal_file_set_online(JournalFile *f) {
+        bool joined = false;
+
+        assert(f);
+
+        if (!f->writable)
+                return -EPERM;
+
+        if (!(f->fd >= 0 && f->header))
+                return -EINVAL;
+
+        while (!joined) {
+                switch (f->offline_state) {
+                case OFFLINE_JOINED:
+                        /* No offline thread, no need to wait. */
+                        joined = true;
+                        break;
+
+                case OFFLINE_SYNCING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_SYNCING, OFFLINE_CANCEL))
+                                continue;
+                        /* Canceled syncing prior to offlining, no need to wait. */
+                        break;
+
+                case OFFLINE_AGAIN_FROM_SYNCING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_SYNCING, OFFLINE_CANCEL))
+                                continue;
+                        /* Canceled restart from syncing, no need to wait. */
+                        break;
+
+                case OFFLINE_AGAIN_FROM_OFFLINING:
+                        if (!__sync_bool_compare_and_swap(&f->offline_state, OFFLINE_AGAIN_FROM_OFFLINING, OFFLINE_CANCEL))
+                                continue;
+                        /* Canceled restart from offlining, must wait for offlining to complete however. */
+
+                        /* fall through to wait */
+                default: {
+                        int r;
+
+                        r = journal_file_set_offline_thread_join(f);
+                        if (r < 0)
+                                return r;
+
+                        joined = true;
+                        break;
+                }
+                }
+        }
+
+        if (mmap_cache_got_sigbus(f->mmap, f->fd))
+                return -EIO;
+
+        switch (f->header->state) {
+                case STATE_ONLINE:
+                        return 0;
+
+                case STATE_OFFLINE:
+                        f->header->state = STATE_ONLINE;
+                        (void) fsync(f->fd);
+                        return 0;
+
+                default:
+                        return -EINVAL;
+        }
+}
+
+bool journal_file_is_offlining(JournalFile *f) {
+        assert(f);
+
+        __sync_synchronize();
+
+        if (f->offline_state == OFFLINE_DONE ||
+            f->offline_state == OFFLINE_JOINED)
+                return false;
+
+        return true;
+}
+
+JournalFile* journal_file_close(JournalFile *f) {
+        assert(f);
+
+#ifdef HAVE_GCRYPT
+        /* Write the final tag */
+        if (f->seal && f->writable)
+                journal_file_append_tag(f);
+#endif
+
+        if (f->post_change_timer) {
+                int enabled;
+
+                if (sd_event_source_get_enabled(f->post_change_timer, &enabled) >= 0)
+                        if (enabled == SD_EVENT_ONESHOT)
+                                journal_file_post_change(f);
+
+                (void) sd_event_source_set_enabled(f->post_change_timer, SD_EVENT_OFF);
+                sd_event_source_unref(f->post_change_timer);
+        }
+
+        journal_file_set_offline(f, true);
+
+        if (f->mmap && f->fd >= 0)
+                mmap_cache_close_fd(f->mmap, f->fd);
+
+        if (f->fd >= 0 && f->defrag_on_close) {
+
+                /* Be friendly to btrfs: turn COW back on again now,
+                 * and defragment the file. We won't write to the file
+                 * ever again, hence remove all fragmentation, and
+                 * reenable all the good bits COW usually provides
+                 * (such as data checksumming). */
+
+                (void) chattr_fd(f->fd, 0, FS_NOCOW_FL);
+                (void) btrfs_defrag_fd(f->fd);
+        }
+
+        if (f->close_fd)
+                safe_close(f->fd);
+        free(f->path);
+
+        mmap_cache_unref(f->mmap);
+
+        ordered_hashmap_free_free(f->chain_cache);
+
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+        free(f->compress_buffer);
+#endif
+
+#ifdef HAVE_GCRYPT
+        if (f->fss_file)
+                munmap(f->fss_file, PAGE_ALIGN(f->fss_file_size));
+        else
+                free(f->fsprg_state);
+
+        free(f->fsprg_seed);
+
+        if (f->hmac)
+                gcry_md_close(f->hmac);
+#endif
+
+        free(f);
+        return NULL;
+}
+
+void journal_file_close_set(Set *s) {
+        JournalFile *f;
+
+        assert(s);
+
+        while ((f = set_steal_first(s)))
+                (void) journal_file_close(f);
+}
+
+static int journal_file_init_header(JournalFile *f, JournalFile *template) {
+        Header h = {};
+        ssize_t k;
+        int r;
+
+        assert(f);
+
+        memcpy(h.signature, HEADER_SIGNATURE, 8);
+        h.header_size = htole64(ALIGN64(sizeof(h)));
+
+        h.incompatible_flags |= htole32(
+                f->compress_xz * HEADER_INCOMPATIBLE_COMPRESSED_XZ |
+                f->compress_lz4 * HEADER_INCOMPATIBLE_COMPRESSED_LZ4);
+
+        h.compatible_flags = htole32(
+                f->seal * HEADER_COMPATIBLE_SEALED);
+
+        r = sd_id128_randomize(&h.file_id);
+        if (r < 0)
+                return r;
+
+        if (template) {
+                h.seqnum_id = template->header->seqnum_id;
+                h.tail_entry_seqnum = template->header->tail_entry_seqnum;
+        } else
+                h.seqnum_id = h.file_id;
+
+        k = pwrite(f->fd, &h, sizeof(h), 0);
+        if (k < 0)
+                return -errno;
+
+        if (k != sizeof(h))
+                return -EIO;
+
+        return 0;
+}
+
+static int fsync_directory_of_file(int fd) {
+        _cleanup_free_ char *path = NULL, *dn = NULL;
+        _cleanup_close_ int dfd = -1;
+        struct stat st;
+        int r;
+
+        if (fstat(fd, &st) < 0)
+                return -errno;
+
+        if (!S_ISREG(st.st_mode))
+                return -EBADFD;
+
+        r = fd_get_path(fd, &path);
+        if (r < 0)
+                return r;
+
+        if (!path_is_absolute(path))
+                return -EINVAL;
+
+        dn = dirname_malloc(path);
+        if (!dn)
+                return -ENOMEM;
+
+        dfd = open(dn, O_RDONLY|O_CLOEXEC|O_DIRECTORY);
+        if (dfd < 0)
+                return -errno;
+
+        if (fsync(dfd) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int journal_file_refresh_header(JournalFile *f) {
+        sd_id128_t boot_id;
+        int r;
+
+        assert(f);
+        assert(f->header);
+
+        r = sd_id128_get_machine(&f->header->machine_id);
+        if (r < 0)
+                return r;
+
+        r = sd_id128_get_boot(&boot_id);
+        if (r < 0)
+                return r;
+
+        if (sd_id128_equal(boot_id, f->header->boot_id))
+                f->tail_entry_monotonic_valid = true;
+
+        f->header->boot_id = boot_id;
+
+        r = journal_file_set_online(f);
+
+        /* Sync the online state to disk */
+        (void) fsync(f->fd);
+
+        /* We likely just created a new file, also sync the directory this file is located in. */
+        (void) fsync_directory_of_file(f->fd);
+
+        return r;
+}
+
+static int journal_file_verify_header(JournalFile *f) {
+        uint32_t flags;
+
+        assert(f);
+        assert(f->header);
+
+        if (memcmp(f->header->signature, HEADER_SIGNATURE, 8))
+                return -EBADMSG;
+
+        /* In both read and write mode we refuse to open files with
+         * incompatible flags we don't know */
+        flags = le32toh(f->header->incompatible_flags);
+        if (flags & ~HEADER_INCOMPATIBLE_SUPPORTED) {
+                if (flags & ~HEADER_INCOMPATIBLE_ANY)
+                        log_debug("Journal file %s has unknown incompatible flags %"PRIx32,
+                                  f->path, flags & ~HEADER_INCOMPATIBLE_ANY);
+                flags = (flags & HEADER_INCOMPATIBLE_ANY) & ~HEADER_INCOMPATIBLE_SUPPORTED;
+                if (flags)
+                        log_debug("Journal file %s uses incompatible flags %"PRIx32
+                                  " disabled at compilation time.", f->path, flags);
+                return -EPROTONOSUPPORT;
+        }
+
+        /* When open for writing we refuse to open files with
+         * compatible flags, too */
+        flags = le32toh(f->header->compatible_flags);
+        if (f->writable && (flags & ~HEADER_COMPATIBLE_SUPPORTED)) {
+                if (flags & ~HEADER_COMPATIBLE_ANY)
+                        log_debug("Journal file %s has unknown compatible flags %"PRIx32,
+                                  f->path, flags & ~HEADER_COMPATIBLE_ANY);
+                flags = (flags & HEADER_COMPATIBLE_ANY) & ~HEADER_COMPATIBLE_SUPPORTED;
+                if (flags)
+                        log_debug("Journal file %s uses compatible flags %"PRIx32
+                                  " disabled at compilation time.", f->path, flags);
+                return -EPROTONOSUPPORT;
+        }
+
+        if (f->header->state >= _STATE_MAX)
+                return -EBADMSG;
+
+        /* The first addition was n_data, so check that we are at least this large */
+        if (le64toh(f->header->header_size) < HEADER_SIZE_MIN)
+                return -EBADMSG;
+
+        if (JOURNAL_HEADER_SEALED(f->header) && !JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
+                return -EBADMSG;
+
+        if ((le64toh(f->header->header_size) + le64toh(f->header->arena_size)) > (uint64_t) f->last_stat.st_size)
+                return -ENODATA;
+
+        if (le64toh(f->header->tail_object_offset) > (le64toh(f->header->header_size) + le64toh(f->header->arena_size)))
+                return -ENODATA;
+
+        if (!VALID64(le64toh(f->header->data_hash_table_offset)) ||
+            !VALID64(le64toh(f->header->field_hash_table_offset)) ||
+            !VALID64(le64toh(f->header->tail_object_offset)) ||
+            !VALID64(le64toh(f->header->entry_array_offset)))
+                return -ENODATA;
+
+        if (f->writable) {
+                uint8_t state;
+                sd_id128_t machine_id;
+                int r;
+
+                r = sd_id128_get_machine(&machine_id);
+                if (r < 0)
+                        return r;
+
+                if (!sd_id128_equal(machine_id, f->header->machine_id))
+                        return -EHOSTDOWN;
+
+                state = f->header->state;
+
+                if (state == STATE_ONLINE) {
+                        log_debug("Journal file %s is already online. Assuming unclean closing.", f->path);
+                        return -EBUSY;
+                } else if (state == STATE_ARCHIVED)
+                        return -ESHUTDOWN;
+                else if (state != STATE_OFFLINE) {
+                        log_debug("Journal file %s has unknown state %i.", f->path, state);
+                        return -EBUSY;
+                }
+        }
+
+        f->compress_xz = JOURNAL_HEADER_COMPRESSED_XZ(f->header);
+        f->compress_lz4 = JOURNAL_HEADER_COMPRESSED_LZ4(f->header);
+
+        f->seal = JOURNAL_HEADER_SEALED(f->header);
+
+        return 0;
+}
+
+static int journal_file_fstat(JournalFile *f) {
+        assert(f);
+        assert(f->fd >= 0);
+
+        if (fstat(f->fd, &f->last_stat) < 0)
+                return -errno;
+
+        f->last_stat_usec = now(CLOCK_MONOTONIC);
+
+        /* Refuse appending to files that are already deleted */
+        if (f->last_stat.st_nlink <= 0)
+                return -EIDRM;
+
+        return 0;
+}
+
+static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size) {
+        uint64_t old_size, new_size;
+        int r;
+
+        assert(f);
+        assert(f->header);
+
+        /* We assume that this file is not sparse, and we know that
+         * for sure, since we always call posix_fallocate()
+         * ourselves */
+
+        if (mmap_cache_got_sigbus(f->mmap, f->fd))
+                return -EIO;
+
+        old_size =
+                le64toh(f->header->header_size) +
+                le64toh(f->header->arena_size);
+
+        new_size = PAGE_ALIGN(offset + size);
+        if (new_size < le64toh(f->header->header_size))
+                new_size = le64toh(f->header->header_size);
+
+        if (new_size <= old_size) {
+
+                /* We already pre-allocated enough space, but before
+                 * we write to it, let's check with fstat() if the
+                 * file got deleted, in order make sure we don't throw
+                 * away the data immediately. Don't check fstat() for
+                 * all writes though, but only once ever 10s. */
+
+                if (f->last_stat_usec + LAST_STAT_REFRESH_USEC > now(CLOCK_MONOTONIC))
+                        return 0;
+
+                return journal_file_fstat(f);
+        }
+
+        /* Allocate more space. */
+
+        if (f->metrics.max_size > 0 && new_size > f->metrics.max_size)
+                return -E2BIG;
+
+        if (new_size > f->metrics.min_size && f->metrics.keep_free > 0) {
+                struct statvfs svfs;
+
+                if (fstatvfs(f->fd, &svfs) >= 0) {
+                        uint64_t available;
+
+                        available = LESS_BY((uint64_t) svfs.f_bfree * (uint64_t) svfs.f_bsize, f->metrics.keep_free);
+
+                        if (new_size - old_size > available)
+                                return -E2BIG;
+                }
+        }
+
+        /* Increase by larger blocks at once */
+        new_size = ((new_size+FILE_SIZE_INCREASE-1) / FILE_SIZE_INCREASE) * FILE_SIZE_INCREASE;
+        if (f->metrics.max_size > 0 && new_size > f->metrics.max_size)
+                new_size = f->metrics.max_size;
+
+        /* Note that the glibc fallocate() fallback is very
+           inefficient, hence we try to minimize the allocation area
+           as we can. */
+        r = posix_fallocate(f->fd, old_size, new_size - old_size);
+        if (r != 0)
+                return -r;
+
+        f->header->arena_size = htole64(new_size - le64toh(f->header->header_size));
+
+        return journal_file_fstat(f);
+}
+
+static unsigned type_to_context(ObjectType type) {
+        /* One context for each type, plus one catch-all for the rest */
+        assert_cc(_OBJECT_TYPE_MAX <= MMAP_CACHE_MAX_CONTEXTS);
+        assert_cc(CONTEXT_HEADER < MMAP_CACHE_MAX_CONTEXTS);
+        return type > OBJECT_UNUSED && type < _OBJECT_TYPE_MAX ? type : 0;
+}
+
+static int journal_file_move_to(JournalFile *f, ObjectType type, bool keep_always, uint64_t offset, uint64_t size, void **ret) {
+        int r;
+
+        assert(f);
+        assert(ret);
+
+        if (size <= 0)
+                return -EINVAL;
+
+        /* Avoid SIGBUS on invalid accesses */
+        if (offset + size > (uint64_t) f->last_stat.st_size) {
+                /* Hmm, out of range? Let's refresh the fstat() data
+                 * first, before we trust that check. */
+
+                r = journal_file_fstat(f);
+                if (r < 0)
+                        return r;
+
+                if (offset + size > (uint64_t) f->last_stat.st_size)
+                        return -EADDRNOTAVAIL;
+        }
+
+        return mmap_cache_get(f->mmap, f->fd, f->prot, type_to_context(type), keep_always, offset, size, &f->last_stat, ret);
+}
+
+static uint64_t minimum_header_size(Object *o) {
+
+        static const uint64_t table[] = {
+                [OBJECT_DATA] = sizeof(DataObject),
+                [OBJECT_FIELD] = sizeof(FieldObject),
+                [OBJECT_ENTRY] = sizeof(EntryObject),
+                [OBJECT_DATA_HASH_TABLE] = sizeof(HashTableObject),
+                [OBJECT_FIELD_HASH_TABLE] = sizeof(HashTableObject),
+                [OBJECT_ENTRY_ARRAY] = sizeof(EntryArrayObject),
+                [OBJECT_TAG] = sizeof(TagObject),
+        };
+
+        if (o->object.type >= ELEMENTSOF(table) || table[o->object.type] <= 0)
+                return sizeof(ObjectHeader);
+
+        return table[o->object.type];
+}
+
+int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset, Object **ret) {
+        int r;
+        void *t;
+        Object *o;
+        uint64_t s;
+
+        assert(f);
+        assert(ret);
+
+        /* Objects may only be located at multiple of 64 bit */
+        if (!VALID64(offset))
+                return -EBADMSG;
+
+        /* Object may not be located in the file header */
+        if (offset < le64toh(f->header->header_size))
+                return -EBADMSG;
+
+        r = journal_file_move_to(f, type, false, offset, sizeof(ObjectHeader), &t);
+        if (r < 0)
+                return r;
+
+        o = (Object*) t;
+        s = le64toh(o->object.size);
+
+        if (s < sizeof(ObjectHeader))
+                return -EBADMSG;
+
+        if (o->object.type <= OBJECT_UNUSED)
+                return -EBADMSG;
+
+        if (s < minimum_header_size(o))
+                return -EBADMSG;
+
+        if (type > OBJECT_UNUSED && o->object.type != type)
+                return -EBADMSG;
+
+        if (s > sizeof(ObjectHeader)) {
+                r = journal_file_move_to(f, type, false, offset, s, &t);
+                if (r < 0)
+                        return r;
+
+                o = (Object*) t;
+        }
+
+        *ret = o;
+        return 0;
+}
+
+static uint64_t journal_file_entry_seqnum(JournalFile *f, uint64_t *seqnum) {
+        uint64_t r;
+
+        assert(f);
+        assert(f->header);
+
+        r = le64toh(f->header->tail_entry_seqnum) + 1;
+
+        if (seqnum) {
+                /* If an external seqnum counter was passed, we update
+                 * both the local and the external one, and set it to
+                 * the maximum of both */
+
+                if (*seqnum + 1 > r)
+                        r = *seqnum + 1;
+
+                *seqnum = r;
+        }
+
+        f->header->tail_entry_seqnum = htole64(r);
+
+        if (f->header->head_entry_seqnum == 0)
+                f->header->head_entry_seqnum = htole64(r);
+
+        return r;
+}
+
+int journal_file_append_object(JournalFile *f, ObjectType type, uint64_t size, Object **ret, uint64_t *offset) {
+        int r;
+        uint64_t p;
+        Object *tail, *o;
+        void *t;
+
+        assert(f);
+        assert(f->header);
+        assert(type > OBJECT_UNUSED && type < _OBJECT_TYPE_MAX);
+        assert(size >= sizeof(ObjectHeader));
+        assert(offset);
+        assert(ret);
+
+        r = journal_file_set_online(f);
+        if (r < 0)
+                return r;
+
+        p = le64toh(f->header->tail_object_offset);
+        if (p == 0)
+                p = le64toh(f->header->header_size);
+        else {
+                r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &tail);
+                if (r < 0)
+                        return r;
+
+                p += ALIGN64(le64toh(tail->object.size));
+        }
+
+        r = journal_file_allocate(f, p, size);
+        if (r < 0)
+                return r;
+
+        r = journal_file_move_to(f, type, false, p, size, &t);
+        if (r < 0)
+                return r;
+
+        o = (Object*) t;
+
+        zero(o->object);
+        o->object.type = type;
+        o->object.size = htole64(size);
+
+        f->header->tail_object_offset = htole64(p);
+        f->header->n_objects = htole64(le64toh(f->header->n_objects) + 1);
+
+        *ret = o;
+        *offset = p;
+
+        return 0;
+}
+
+static int journal_file_setup_data_hash_table(JournalFile *f) {
+        uint64_t s, p;
+        Object *o;
+        int r;
+
+        assert(f);
+        assert(f->header);
+
+        /* We estimate that we need 1 hash table entry per 768 bytes
+           of journal file and we want to make sure we never get
+           beyond 75% fill level. Calculate the hash table size for
+           the maximum file size based on these metrics. */
+
+        s = (f->metrics.max_size * 4 / 768 / 3) * sizeof(HashItem);
+        if (s < DEFAULT_DATA_HASH_TABLE_SIZE)
+                s = DEFAULT_DATA_HASH_TABLE_SIZE;
+
+        log_debug("Reserving %"PRIu64" entries in hash table.", s / sizeof(HashItem));
+
+        r = journal_file_append_object(f,
+                                       OBJECT_DATA_HASH_TABLE,
+                                       offsetof(Object, hash_table.items) + s,
+                                       &o, &p);
+        if (r < 0)
+                return r;
+
+        memzero(o->hash_table.items, s);
+
+        f->header->data_hash_table_offset = htole64(p + offsetof(Object, hash_table.items));
+        f->header->data_hash_table_size = htole64(s);
+
+        return 0;
+}
+
+static int journal_file_setup_field_hash_table(JournalFile *f) {
+        uint64_t s, p;
+        Object *o;
+        int r;
+
+        assert(f);
+        assert(f->header);
+
+        /* We use a fixed size hash table for the fields as this
+         * number should grow very slowly only */
+
+        s = DEFAULT_FIELD_HASH_TABLE_SIZE;
+        r = journal_file_append_object(f,
+                                       OBJECT_FIELD_HASH_TABLE,
+                                       offsetof(Object, hash_table.items) + s,
+                                       &o, &p);
+        if (r < 0)
+                return r;
+
+        memzero(o->hash_table.items, s);
+
+        f->header->field_hash_table_offset = htole64(p + offsetof(Object, hash_table.items));
+        f->header->field_hash_table_size = htole64(s);
+
+        return 0;
+}
+
+int journal_file_map_data_hash_table(JournalFile *f) {
+        uint64_t s, p;
+        void *t;
+        int r;
+
+        assert(f);
+        assert(f->header);
+
+        if (f->data_hash_table)
+                return 0;
+
+        p = le64toh(f->header->data_hash_table_offset);
+        s = le64toh(f->header->data_hash_table_size);
+
+        r = journal_file_move_to(f,
+                                 OBJECT_DATA_HASH_TABLE,
+                                 true,
+                                 p, s,
+                                 &t);
+        if (r < 0)
+                return r;
+
+        f->data_hash_table = t;
+        return 0;
+}
+
+int journal_file_map_field_hash_table(JournalFile *f) {
+        uint64_t s, p;
+        void *t;
+        int r;
+
+        assert(f);
+        assert(f->header);
+
+        if (f->field_hash_table)
+                return 0;
+
+        p = le64toh(f->header->field_hash_table_offset);
+        s = le64toh(f->header->field_hash_table_size);
+
+        r = journal_file_move_to(f,
+                                 OBJECT_FIELD_HASH_TABLE,
+                                 true,
+                                 p, s,
+                                 &t);
+        if (r < 0)
+                return r;
+
+        f->field_hash_table = t;
+        return 0;
+}
+
+static int journal_file_link_field(
+                JournalFile *f,
+                Object *o,
+                uint64_t offset,
+                uint64_t hash) {
+
+        uint64_t p, h, m;
+        int r;
+
+        assert(f);
+        assert(f->header);
+        assert(f->field_hash_table);
+        assert(o);
+        assert(offset > 0);
+
+        if (o->object.type != OBJECT_FIELD)
+                return -EINVAL;
+
+        m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
+        if (m <= 0)
+                return -EBADMSG;
+
+        /* This might alter the window we are looking at */
+        o->field.next_hash_offset = o->field.head_data_offset = 0;
+
+        h = hash % m;
+        p = le64toh(f->field_hash_table[h].tail_hash_offset);
+        if (p == 0)
+                f->field_hash_table[h].head_hash_offset = htole64(offset);
+        else {
+                r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o);
+                if (r < 0)
+                        return r;
+
+                o->field.next_hash_offset = htole64(offset);
+        }
+
+        f->field_hash_table[h].tail_hash_offset = htole64(offset);
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
+                f->header->n_fields = htole64(le64toh(f->header->n_fields) + 1);
+
+        return 0;
+}
+
+static int journal_file_link_data(
+                JournalFile *f,
+                Object *o,
+                uint64_t offset,
+                uint64_t hash) {
+
+        uint64_t p, h, m;
+        int r;
+
+        assert(f);
+        assert(f->header);
+        assert(f->data_hash_table);
+        assert(o);
+        assert(offset > 0);
+
+        if (o->object.type != OBJECT_DATA)
+                return -EINVAL;
+
+        m = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
+        if (m <= 0)
+                return -EBADMSG;
+
+        /* This might alter the window we are looking at */
+        o->data.next_hash_offset = o->data.next_field_offset = 0;
+        o->data.entry_offset = o->data.entry_array_offset = 0;
+        o->data.n_entries = 0;
+
+        h = hash % m;
+        p = le64toh(f->data_hash_table[h].tail_hash_offset);
+        if (p == 0)
+                /* Only entry in the hash table is easy */
+                f->data_hash_table[h].head_hash_offset = htole64(offset);
+        else {
+                /* Move back to the previous data object, to patch in
+                 * pointer */
+
+                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
+                if (r < 0)
+                        return r;
+
+                o->data.next_hash_offset = htole64(offset);
+        }
+
+        f->data_hash_table[h].tail_hash_offset = htole64(offset);
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
+                f->header->n_data = htole64(le64toh(f->header->n_data) + 1);
+
+        return 0;
+}
+
+int journal_file_find_field_object_with_hash(
+                JournalFile *f,
+                const void *field, uint64_t size, uint64_t hash,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t p, osize, h, m;
+        int r;
+
+        assert(f);
+        assert(f->header);
+        assert(field && size > 0);
+
+        /* If the field hash table is empty, we can't find anything */
+        if (le64toh(f->header->field_hash_table_size) <= 0)
+                return 0;
+
+        /* Map the field hash table, if it isn't mapped yet. */
+        r = journal_file_map_field_hash_table(f);
+        if (r < 0)
+                return r;
+
+        osize = offsetof(Object, field.payload) + size;
+
+        m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
+        if (m <= 0)
+                return -EBADMSG;
+
+        h = hash % m;
+        p = le64toh(f->field_hash_table[h].head_hash_offset);
+
+        while (p > 0) {
+                Object *o;
+
+                r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o);
+                if (r < 0)
+                        return r;
+
+                if (le64toh(o->field.hash) == hash &&
+                    le64toh(o->object.size) == osize &&
+                    memcmp(o->field.payload, field, size) == 0) {
+
+                        if (ret)
+                                *ret = o;
+                        if (offset)
+                                *offset = p;
+
+                        return 1;
+                }
+
+                p = le64toh(o->field.next_hash_offset);
+        }
+
+        return 0;
+}
+
+int journal_file_find_field_object(
+                JournalFile *f,
+                const void *field, uint64_t size,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t hash;
+
+        assert(f);
+        assert(field && size > 0);
+
+        hash = hash64(field, size);
+
+        return journal_file_find_field_object_with_hash(f,
+                                                        field, size, hash,
+                                                        ret, offset);
+}
+
+int journal_file_find_data_object_with_hash(
+                JournalFile *f,
+                const void *data, uint64_t size, uint64_t hash,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t p, osize, h, m;
+        int r;
+
+        assert(f);
+        assert(f->header);
+        assert(data || size == 0);
+
+        /* If there's no data hash table, then there's no entry. */
+        if (le64toh(f->header->data_hash_table_size) <= 0)
+                return 0;
+
+        /* Map the data hash table, if it isn't mapped yet. */
+        r = journal_file_map_data_hash_table(f);
+        if (r < 0)
+                return r;
+
+        osize = offsetof(Object, data.payload) + size;
+
+        m = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
+        if (m <= 0)
+                return -EBADMSG;
+
+        h = hash % m;
+        p = le64toh(f->data_hash_table[h].head_hash_offset);
+
+        while (p > 0) {
+                Object *o;
+
+                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
+                if (r < 0)
+                        return r;
+
+                if (le64toh(o->data.hash) != hash)
+                        goto next;
+
+                if (o->object.flags & OBJECT_COMPRESSION_MASK) {
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+                        uint64_t l;
+                        size_t rsize = 0;
+
+                        l = le64toh(o->object.size);
+                        if (l <= offsetof(Object, data.payload))
+                                return -EBADMSG;
+
+                        l -= offsetof(Object, data.payload);
+
+                        r = decompress_blob(o->object.flags & OBJECT_COMPRESSION_MASK,
+                                            o->data.payload, l, &f->compress_buffer, &f->compress_buffer_size, &rsize, 0);
+                        if (r < 0)
+                                return r;
+
+                        if (rsize == size &&
+                            memcmp(f->compress_buffer, data, size) == 0) {
+
+                                if (ret)
+                                        *ret = o;
+
+                                if (offset)
+                                        *offset = p;
+
+                                return 1;
+                        }
+#else
+                        return -EPROTONOSUPPORT;
+#endif
+                } else if (le64toh(o->object.size) == osize &&
+                           memcmp(o->data.payload, data, size) == 0) {
+
+                        if (ret)
+                                *ret = o;
+
+                        if (offset)
+                                *offset = p;
+
+                        return 1;
+                }
+
+        next:
+                p = le64toh(o->data.next_hash_offset);
+        }
+
+        return 0;
+}
+
+int journal_file_find_data_object(
+                JournalFile *f,
+                const void *data, uint64_t size,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t hash;
+
+        assert(f);
+        assert(data || size == 0);
+
+        hash = hash64(data, size);
+
+        return journal_file_find_data_object_with_hash(f,
+                                                       data, size, hash,
+                                                       ret, offset);
+}
+
+static int journal_file_append_field(
+                JournalFile *f,
+                const void *field, uint64_t size,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t hash, p;
+        uint64_t osize;
+        Object *o;
+        int r;
+
+        assert(f);
+        assert(field && size > 0);
+
+        hash = hash64(field, size);
+
+        r = journal_file_find_field_object_with_hash(f, field, size, hash, &o, &p);
+        if (r < 0)
+                return r;
+        else if (r > 0) {
+
+                if (ret)
+                        *ret = o;
+
+                if (offset)
+                        *offset = p;
+
+                return 0;
+        }
+
+        osize = offsetof(Object, field.payload) + size;
+        r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p);
+        if (r < 0)
+                return r;
+
+        o->field.hash = htole64(hash);
+        memcpy(o->field.payload, field, size);
+
+        r = journal_file_link_field(f, o, p, hash);
+        if (r < 0)
+                return r;
+
+        /* The linking might have altered the window, so let's
+         * refresh our pointer */
+        r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o);
+        if (r < 0)
+                return r;
+
+#ifdef HAVE_GCRYPT
+        r = journal_file_hmac_put_object(f, OBJECT_FIELD, o, p);
+        if (r < 0)
+                return r;
+#endif
+
+        if (ret)
+                *ret = o;
+
+        if (offset)
+                *offset = p;
+
+        return 0;
+}
+
+static int journal_file_append_data(
+                JournalFile *f,
+                const void *data, uint64_t size,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t hash, p;
+        uint64_t osize;
+        Object *o;
+        int r, compression = 0;
+        const void *eq;
+
+        assert(f);
+        assert(data || size == 0);
+
+        hash = hash64(data, size);
+
+        r = journal_file_find_data_object_with_hash(f, data, size, hash, &o, &p);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+
+                if (ret)
+                        *ret = o;
+
+                if (offset)
+                        *offset = p;
+
+                return 0;
+        }
+
+        osize = offsetof(Object, data.payload) + size;
+        r = journal_file_append_object(f, OBJECT_DATA, osize, &o, &p);
+        if (r < 0)
+                return r;
+
+        o->data.hash = htole64(hash);
+
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+        if (JOURNAL_FILE_COMPRESS(f) && size >= COMPRESSION_SIZE_THRESHOLD) {
+                size_t rsize = 0;
+
+                compression = compress_blob(data, size, o->data.payload, size - 1, &rsize);
+
+                if (compression >= 0) {
+                        o->object.size = htole64(offsetof(Object, data.payload) + rsize);
+                        o->object.flags |= compression;
+
+                        log_debug("Compressed data object %"PRIu64" -> %zu using %s",
+                                  size, rsize, object_compressed_to_string(compression));
+                } else
+                        /* Compression didn't work, we don't really care why, let's continue without compression */
+                        compression = 0;
+        }
+#endif
+
+        if (compression == 0)
+                memcpy_safe(o->data.payload, data, size);
+
+        r = journal_file_link_data(f, o, p, hash);
+        if (r < 0)
+                return r;
+
+        /* The linking might have altered the window, so let's
+         * refresh our pointer */
+        r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
+        if (r < 0)
+                return r;
+
+        if (!data)
+                eq = NULL;
+        else
+                eq = memchr(data, '=', size);
+        if (eq && eq > data) {
+                Object *fo = NULL;
+                uint64_t fp;
+
+                /* Create field object ... */
+                r = journal_file_append_field(f, data, (uint8_t*) eq - (uint8_t*) data, &fo, &fp);
+                if (r < 0)
+                        return r;
+
+                /* ... and link it in. */
+                o->data.next_field_offset = fo->field.head_data_offset;
+                fo->field.head_data_offset = le64toh(p);
+        }
+
+#ifdef HAVE_GCRYPT
+        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
+        if (r < 0)
+                return r;
+#endif
+
+        if (ret)
+                *ret = o;
+
+        if (offset)
+                *offset = p;
+
+        return 0;
+}
+
+uint64_t journal_file_entry_n_items(Object *o) {
+        assert(o);
+
+        if (o->object.type != OBJECT_ENTRY)
+                return 0;
+
+        return (le64toh(o->object.size) - offsetof(Object, entry.items)) / sizeof(EntryItem);
+}
+
+uint64_t journal_file_entry_array_n_items(Object *o) {
+        assert(o);
+
+        if (o->object.type != OBJECT_ENTRY_ARRAY)
+                return 0;
+
+        return (le64toh(o->object.size) - offsetof(Object, entry_array.items)) / sizeof(uint64_t);
+}
+
+uint64_t journal_file_hash_table_n_items(Object *o) {
+        assert(o);
+
+        if (o->object.type != OBJECT_DATA_HASH_TABLE &&
+            o->object.type != OBJECT_FIELD_HASH_TABLE)
+                return 0;
+
+        return (le64toh(o->object.size) - offsetof(Object, hash_table.items)) / sizeof(HashItem);
+}
+
+static int link_entry_into_array(JournalFile *f,
+                                 le64_t *first,
+                                 le64_t *idx,
+                                 uint64_t p) {
+        int r;
+        uint64_t n = 0, ap = 0, q, i, a, hidx;
+        Object *o;
+
+        assert(f);
+        assert(f->header);
+        assert(first);
+        assert(idx);
+        assert(p > 0);
+
+        a = le64toh(*first);
+        i = hidx = le64toh(*idx);
+        while (a > 0) {
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
+                if (r < 0)
+                        return r;
+
+                n = journal_file_entry_array_n_items(o);
+                if (i < n) {
+                        o->entry_array.items[i] = htole64(p);
+                        *idx = htole64(hidx + 1);
+                        return 0;
+                }
+
+                i -= n;
+                ap = a;
+                a = le64toh(o->entry_array.next_entry_array_offset);
+        }
+
+        if (hidx > n)
+                n = (hidx+1) * 2;
+        else
+                n = n * 2;
+
+        if (n < 4)
+                n = 4;
+
+        r = journal_file_append_object(f, OBJECT_ENTRY_ARRAY,
+                                       offsetof(Object, entry_array.items) + n * sizeof(uint64_t),
+                                       &o, &q);
+        if (r < 0)
+                return r;
+
+#ifdef HAVE_GCRYPT
+        r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, o, q);
+        if (r < 0)
+                return r;
+#endif
+
+        o->entry_array.items[i] = htole64(p);
+
+        if (ap == 0)
+                *first = htole64(q);
+        else {
+                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, ap, &o);
+                if (r < 0)
+                        return r;
+
+                o->entry_array.next_entry_array_offset = htole64(q);
+        }
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
+                f->header->n_entry_arrays = htole64(le64toh(f->header->n_entry_arrays) + 1);
+
+        *idx = htole64(hidx + 1);
+
+        return 0;
+}
+
+static int link_entry_into_array_plus_one(JournalFile *f,
+                                          le64_t *extra,
+                                          le64_t *first,
+                                          le64_t *idx,
+                                          uint64_t p) {
+
+        int r;
+
+        assert(f);
+        assert(extra);
+        assert(first);
+        assert(idx);
+        assert(p > 0);
+
+        if (*idx == 0)
+                *extra = htole64(p);
+        else {
+                le64_t i;
+
+                i = htole64(le64toh(*idx) - 1);
+                r = link_entry_into_array(f, first, &i, p);
+                if (r < 0)
+                        return r;
+        }
+
+        *idx = htole64(le64toh(*idx) + 1);
+        return 0;
+}
+
+static int journal_file_link_entry_item(JournalFile *f, Object *o, uint64_t offset, uint64_t i) {
+        uint64_t p;
+        int r;
+        assert(f);
+        assert(o);
+        assert(offset > 0);
+
+        p = le64toh(o->entry.items[i].object_offset);
+        if (p == 0)
+                return -EINVAL;
+
+        r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
+        if (r < 0)
+                return r;
+
+        return link_entry_into_array_plus_one(f,
+                                              &o->data.entry_offset,
+                                              &o->data.entry_array_offset,
+                                              &o->data.n_entries,
+                                              offset);
+}
+
+static int journal_file_link_entry(JournalFile *f, Object *o, uint64_t offset) {
+        uint64_t n, i;
+        int r;
+
+        assert(f);
+        assert(f->header);
+        assert(o);
+        assert(offset > 0);
+
+        if (o->object.type != OBJECT_ENTRY)
+                return -EINVAL;
+
+        __sync_synchronize();
+
+        /* Link up the entry itself */
+        r = link_entry_into_array(f,
+                                  &f->header->entry_array_offset,
+                                  &f->header->n_entries,
+                                  offset);
+        if (r < 0)
+                return r;
+
+        /* log_debug("=> %s seqnr=%"PRIu64" n_entries=%"PRIu64, f->path, o->entry.seqnum, f->header->n_entries); */
+
+        if (f->header->head_entry_realtime == 0)
+                f->header->head_entry_realtime = o->entry.realtime;
+
+        f->header->tail_entry_realtime = o->entry.realtime;
+        f->header->tail_entry_monotonic = o->entry.monotonic;
+
+        f->tail_entry_monotonic_valid = true;
+
+        /* Link up the items */
+        n = journal_file_entry_n_items(o);
+        for (i = 0; i < n; i++) {
+                r = journal_file_link_entry_item(f, o, offset, i);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int journal_file_append_entry_internal(
+                JournalFile *f,
+                const dual_timestamp *ts,
+                uint64_t xor_hash,
+                const EntryItem items[], unsigned n_items,
+                uint64_t *seqnum,
+                Object **ret, uint64_t *offset) {
+        uint64_t np;
+        uint64_t osize;
+        Object *o;
+        int r;
+
+        assert(f);
+        assert(f->header);
+        assert(items || n_items == 0);
+        assert(ts);
+
+        osize = offsetof(Object, entry.items) + (n_items * sizeof(EntryItem));
+
+        r = journal_file_append_object(f, OBJECT_ENTRY, osize, &o, &np);
+        if (r < 0)
+                return r;
+
+        o->entry.seqnum = htole64(journal_file_entry_seqnum(f, seqnum));
+        memcpy_safe(o->entry.items, items, n_items * sizeof(EntryItem));
+        o->entry.realtime = htole64(ts->realtime);
+        o->entry.monotonic = htole64(ts->monotonic);
+        o->entry.xor_hash = htole64(xor_hash);
+        o->entry.boot_id = f->header->boot_id;
+
+#ifdef HAVE_GCRYPT
+        r = journal_file_hmac_put_object(f, OBJECT_ENTRY, o, np);
+        if (r < 0)
+                return r;
+#endif
+
+        r = journal_file_link_entry(f, o, np);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = o;
+
+        if (offset)
+                *offset = np;
+
+        return 0;
+}
+
+void journal_file_post_change(JournalFile *f) {
+        assert(f);
+
+        /* inotify() does not receive IN_MODIFY events from file
+         * accesses done via mmap(). After each access we hence
+         * trigger IN_MODIFY by truncating the journal file to its
+         * current size which triggers IN_MODIFY. */
+
+        __sync_synchronize();
+
+        if (ftruncate(f->fd, f->last_stat.st_size) < 0)
+                log_debug_errno(errno, "Failed to truncate file to its own size: %m");
+}
+
+static int post_change_thunk(sd_event_source *timer, uint64_t usec, void *userdata) {
+        assert(userdata);
+
+        journal_file_post_change(userdata);
+
+        return 1;
+}
+
+static void schedule_post_change(JournalFile *f) {
+        sd_event_source *timer;
+        int enabled, r;
+        uint64_t now;
+
+        assert(f);
+        assert(f->post_change_timer);
+
+        timer = f->post_change_timer;
+
+        r = sd_event_source_get_enabled(timer, &enabled);
+        if (r < 0) {
+                log_debug_errno(r, "Failed to get ftruncate timer state: %m");
+                goto fail;
+        }
+
+        if (enabled == SD_EVENT_ONESHOT)
+                return;
+
+        r = sd_event_now(sd_event_source_get_event(timer), CLOCK_MONOTONIC, &now);
+        if (r < 0) {
+                log_debug_errno(r, "Failed to get clock's now for scheduling ftruncate: %m");
+                goto fail;
+        }
+
+        r = sd_event_source_set_time(timer, now+f->post_change_timer_period);
+        if (r < 0) {
+                log_debug_errno(r, "Failed to set time for scheduling ftruncate: %m");
+                goto fail;
+        }
+
+        r = sd_event_source_set_enabled(timer, SD_EVENT_ONESHOT);
+        if (r < 0) {
+                log_debug_errno(r, "Failed to enable scheduled ftruncate: %m");
+                goto fail;
+        }
+
+        return;
+
+fail:
+        /* On failure, let's simply post the change immediately. */
+        journal_file_post_change(f);
+}
+
+/* Enable coalesced change posting in a timer on the provided sd_event instance */
+int journal_file_enable_post_change_timer(JournalFile *f, sd_event *e, usec_t t) {
+        _cleanup_(sd_event_source_unrefp) sd_event_source *timer = NULL;
+        int r;
+
+        assert(f);
+        assert_return(!f->post_change_timer, -EINVAL);
+        assert(e);
+        assert(t);
+
+        r = sd_event_add_time(e, &timer, CLOCK_MONOTONIC, 0, 0, post_change_thunk, f);
+        if (r < 0)
+                return r;
+
+        r = sd_event_source_set_enabled(timer, SD_EVENT_OFF);
+        if (r < 0)
+                return r;
+
+        f->post_change_timer = timer;
+        timer = NULL;
+        f->post_change_timer_period = t;
+
+        return r;
+}
+
+static int entry_item_cmp(const void *_a, const void *_b) {
+        const EntryItem *a = _a, *b = _b;
+
+        if (le64toh(a->object_offset) < le64toh(b->object_offset))
+                return -1;
+        if (le64toh(a->object_offset) > le64toh(b->object_offset))
+                return 1;
+        return 0;
+}
+
+int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const struct iovec iovec[], unsigned n_iovec, uint64_t *seqnum, Object **ret, uint64_t *offset) {
+        unsigned i;
+        EntryItem *items;
+        int r;
+        uint64_t xor_hash = 0;
+        struct dual_timestamp _ts;
+
+        assert(f);
+        assert(f->header);
+        assert(iovec || n_iovec == 0);
+
+        if (!ts) {
+                dual_timestamp_get(&_ts);
+                ts = &_ts;
+        }
+
+#ifdef HAVE_GCRYPT
+        r = journal_file_maybe_append_tag(f, ts->realtime);
+        if (r < 0)
+                return r;
+#endif
+
+        /* alloca() can't take 0, hence let's allocate at least one */
+        items = alloca(sizeof(EntryItem) * MAX(1u, n_iovec));
+
+        for (i = 0; i < n_iovec; i++) {
+                uint64_t p;
+                Object *o;
+
+                r = journal_file_append_data(f, iovec[i].iov_base, iovec[i].iov_len, &o, &p);
+                if (r < 0)
+                        return r;
+
+                xor_hash ^= le64toh(o->data.hash);
+                items[i].object_offset = htole64(p);
+                items[i].hash = o->data.hash;
+        }
+
+        /* Order by the position on disk, in order to improve seek
+         * times for rotating media. */
+        qsort_safe(items, n_iovec, sizeof(EntryItem), entry_item_cmp);
+
+        r = journal_file_append_entry_internal(f, ts, xor_hash, items, n_iovec, seqnum, ret, offset);
+
+        /* If the memory mapping triggered a SIGBUS then we return an
+         * IO error and ignore the error code passed down to us, since
+         * it is very likely just an effect of a nullified replacement
+         * mapping page */
+
+        if (mmap_cache_got_sigbus(f->mmap, f->fd))
+                r = -EIO;
+
+        if (f->post_change_timer)
+                schedule_post_change(f);
+        else
+                journal_file_post_change(f);
+
+        return r;
+}
+
+typedef struct ChainCacheItem {
+        uint64_t first; /* the array at the beginning of the chain */
+        uint64_t array; /* the cached array */
+        uint64_t begin; /* the first item in the cached array */
+        uint64_t total; /* the total number of items in all arrays before this one in the chain */
+        uint64_t last_index; /* the last index we looked at, to optimize locality when bisecting */
+} ChainCacheItem;
+
+static void chain_cache_put(
+                OrderedHashmap *h,
+                ChainCacheItem *ci,
+                uint64_t first,
+                uint64_t array,
+                uint64_t begin,
+                uint64_t total,
+                uint64_t last_index) {
+
+        if (!ci) {
+                /* If the chain item to cache for this chain is the
+                 * first one it's not worth caching anything */
+                if (array == first)
+                        return;
+
+                if (ordered_hashmap_size(h) >= CHAIN_CACHE_MAX) {
+                        ci = ordered_hashmap_steal_first(h);
+                        assert(ci);
+                } else {
+                        ci = new(ChainCacheItem, 1);
+                        if (!ci)
+                                return;
+                }
+
+                ci->first = first;
+
+                if (ordered_hashmap_put(h, &ci->first, ci) < 0) {
+                        free(ci);
+                        return;
+                }
+        } else
+                assert(ci->first == first);
+
+        ci->array = array;
+        ci->begin = begin;
+        ci->total = total;
+        ci->last_index = last_index;
+}
+
+static int generic_array_get(
+                JournalFile *f,
+                uint64_t first,
+                uint64_t i,
+                Object **ret, uint64_t *offset) {
+
+        Object *o;
+        uint64_t p = 0, a, t = 0;
+        int r;
+        ChainCacheItem *ci;
+
+        assert(f);
+
+        a = first;
+
+        /* Try the chain cache first */
+        ci = ordered_hashmap_get(f->chain_cache, &first);
+        if (ci && i > ci->total) {
+                a = ci->array;
+                i -= ci->total;
+                t = ci->total;
+        }
+
+        while (a > 0) {
+                uint64_t k;
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
+                if (r < 0)
+                        return r;
+
+                k = journal_file_entry_array_n_items(o);
+                if (i < k) {
+                        p = le64toh(o->entry_array.items[i]);
+                        goto found;
+                }
+
+                i -= k;
+                t += k;
+                a = le64toh(o->entry_array.next_entry_array_offset);
+        }
+
+        return 0;
+
+found:
+        /* Let's cache this item for the next invocation */
+        chain_cache_put(f->chain_cache, ci, first, a, le64toh(o->entry_array.items[0]), t, i);
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = o;
+
+        if (offset)
+                *offset = p;
+
+        return 1;
+}
+
+static int generic_array_get_plus_one(
+                JournalFile *f,
+                uint64_t extra,
+                uint64_t first,
+                uint64_t i,
+                Object **ret, uint64_t *offset) {
+
+        Object *o;
+
+        assert(f);
+
+        if (i == 0) {
+                int r;
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o);
+                if (r < 0)
+                        return r;
+
+                if (ret)
+                        *ret = o;
+
+                if (offset)
+                        *offset = extra;
+
+                return 1;
+        }
+
+        return generic_array_get(f, first, i-1, ret, offset);
+}
+
+enum {
+        TEST_FOUND,
+        TEST_LEFT,
+        TEST_RIGHT
+};
+
+static int generic_array_bisect(
+                JournalFile *f,
+                uint64_t first,
+                uint64_t n,
+                uint64_t needle,
+                int (*test_object)(JournalFile *f, uint64_t p, uint64_t needle),
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset,
+                uint64_t *idx) {
+
+        uint64_t a, p, t = 0, i = 0, last_p = 0, last_index = (uint64_t) -1;
+        bool subtract_one = false;
+        Object *o, *array = NULL;
+        int r;
+        ChainCacheItem *ci;
+
+        assert(f);
+        assert(test_object);
+
+        /* Start with the first array in the chain */
+        a = first;
+
+        ci = ordered_hashmap_get(f->chain_cache, &first);
+        if (ci && n > ci->total) {
+                /* Ah, we have iterated this bisection array chain
+                 * previously! Let's see if we can skip ahead in the
+                 * chain, as far as the last time. But we can't jump
+                 * backwards in the chain, so let's check that
+                 * first. */
+
+                r = test_object(f, ci->begin, needle);
+                if (r < 0)
+                        return r;
+
+                if (r == TEST_LEFT) {
+                        /* OK, what we are looking for is right of the
+                         * begin of this EntryArray, so let's jump
+                         * straight to previously cached array in the
+                         * chain */
+
+                        a = ci->array;
+                        n -= ci->total;
+                        t = ci->total;
+                        last_index = ci->last_index;
+                }
+        }
+
+        while (a > 0) {
+                uint64_t left, right, k, lp;
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &array);
+                if (r < 0)
+                        return r;
+
+                k = journal_file_entry_array_n_items(array);
+                right = MIN(k, n);
+                if (right <= 0)
+                        return 0;
+
+                i = right - 1;
+                lp = p = le64toh(array->entry_array.items[i]);
+                if (p <= 0)
+                        r = -EBADMSG;
+                else
+                        r = test_object(f, p, needle);
+                if (r == -EBADMSG) {
+                        log_debug_errno(r, "Encountered invalid entry while bisecting, cutting algorithm short. (1)");
+                        n = i;
+                        continue;
+                }
+                if (r < 0)
+                        return r;
+
+                if (r == TEST_FOUND)
+                        r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
+
+                if (r == TEST_RIGHT) {
+                        left = 0;
+                        right -= 1;
+
+                        if (last_index != (uint64_t) -1) {
+                                assert(last_index <= right);
+
+                                /* If we cached the last index we
+                                 * looked at, let's try to not to jump
+                                 * too wildly around and see if we can
+                                 * limit the range to look at early to
+                                 * the immediate neighbors of the last
+                                 * index we looked at. */
+
+                                if (last_index > 0) {
+                                        uint64_t x = last_index - 1;
+
+                                        p = le64toh(array->entry_array.items[x]);
+                                        if (p <= 0)
+                                                return -EBADMSG;
+
+                                        r = test_object(f, p, needle);
+                                        if (r < 0)
+                                                return r;
+
+                                        if (r == TEST_FOUND)
+                                                r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
+
+                                        if (r == TEST_RIGHT)
+                                                right = x;
+                                        else
+                                                left = x + 1;
+                                }
+
+                                if (last_index < right) {
+                                        uint64_t y = last_index + 1;
+
+                                        p = le64toh(array->entry_array.items[y]);
+                                        if (p <= 0)
+                                                return -EBADMSG;
+
+                                        r = test_object(f, p, needle);
+                                        if (r < 0)
+                                                return r;
+
+                                        if (r == TEST_FOUND)
+                                                r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
+
+                                        if (r == TEST_RIGHT)
+                                                right = y;
+                                        else
+                                                left = y + 1;
+                                }
+                        }
+
+                        for (;;) {
+                                if (left == right) {
+                                        if (direction == DIRECTION_UP)
+                                                subtract_one = true;
+
+                                        i = left;
+                                        goto found;
+                                }
+
+                                assert(left < right);
+                                i = (left + right) / 2;
+
+                                p = le64toh(array->entry_array.items[i]);
+                                if (p <= 0)
+                                        r = -EBADMSG;
+                                else
+                                        r = test_object(f, p, needle);
+                                if (r == -EBADMSG) {
+                                        log_debug_errno(r, "Encountered invalid entry while bisecting, cutting algorithm short. (2)");
+                                        right = n = i;
+                                        continue;
+                                }
+                                if (r < 0)
+                                        return r;
+
+                                if (r == TEST_FOUND)
+                                        r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
+
+                                if (r == TEST_RIGHT)
+                                        right = i;
+                                else
+                                        left = i + 1;
+                        }
+                }
+
+                if (k >= n) {
+                        if (direction == DIRECTION_UP) {
+                                i = n;
+                                subtract_one = true;
+                                goto found;
+                        }
+
+                        return 0;
+                }
+
+                last_p = lp;
+
+                n -= k;
+                t += k;
+                last_index = (uint64_t) -1;
+                a = le64toh(array->entry_array.next_entry_array_offset);
+        }
+
+        return 0;
+
+found:
+        if (subtract_one && t == 0 && i == 0)
+                return 0;
+
+        /* Let's cache this item for the next invocation */
+        chain_cache_put(f->chain_cache, ci, first, a, le64toh(array->entry_array.items[0]), t, subtract_one ? (i > 0 ? i-1 : (uint64_t) -1) : i);
+
+        if (subtract_one && i == 0)
+                p = last_p;
+        else if (subtract_one)
+                p = le64toh(array->entry_array.items[i-1]);
+        else
+                p = le64toh(array->entry_array.items[i]);
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = o;
+
+        if (offset)
+                *offset = p;
+
+        if (idx)
+                *idx = t + i + (subtract_one ? -1 : 0);
+
+        return 1;
+}
+
+static int generic_array_bisect_plus_one(
+                JournalFile *f,
+                uint64_t extra,
+                uint64_t first,
+                uint64_t n,
+                uint64_t needle,
+                int (*test_object)(JournalFile *f, uint64_t p, uint64_t needle),
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset,
+                uint64_t *idx) {
+
+        int r;
+        bool step_back = false;
+        Object *o;
+
+        assert(f);
+        assert(test_object);
+
+        if (n <= 0)
+                return 0;
+
+        /* This bisects the array in object 'first', but first checks
+         * an extra  */
+        r = test_object(f, extra, needle);
+        if (r < 0)
+                return r;
+
+        if (r == TEST_FOUND)
+                r = direction == DIRECTION_DOWN ? TEST_RIGHT : TEST_LEFT;
+
+        /* if we are looking with DIRECTION_UP then we need to first
+           see if in the actual array there is a matching entry, and
+           return the last one of that. But if there isn't any we need
+           to return this one. Hence remember this, and return it
+           below. */
+        if (r == TEST_LEFT)
+                step_back = direction == DIRECTION_UP;
+
+        if (r == TEST_RIGHT) {
+                if (direction == DIRECTION_DOWN)
+                        goto found;
+                else
+                        return 0;
+        }
+
+        r = generic_array_bisect(f, first, n-1, needle, test_object, direction, ret, offset, idx);
+
+        if (r == 0 && step_back)
+                goto found;
+
+        if (r > 0 && idx)
+                (*idx)++;
+
+        return r;
+
+found:
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = o;
+
+        if (offset)
+                *offset = extra;
+
+        if (idx)
+                *idx = 0;
+
+        return 1;
+}
+
+_pure_ static int test_object_offset(JournalFile *f, uint64_t p, uint64_t needle) {
+        assert(f);
+        assert(p > 0);
+
+        if (p == needle)
+                return TEST_FOUND;
+        else if (p < needle)
+                return TEST_LEFT;
+        else
+                return TEST_RIGHT;
+}
+
+static int test_object_seqnum(JournalFile *f, uint64_t p, uint64_t needle) {
+        Object *o;
+        int r;
+
+        assert(f);
+        assert(p > 0);
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
+        if (r < 0)
+                return r;
+
+        if (le64toh(o->entry.seqnum) == needle)
+                return TEST_FOUND;
+        else if (le64toh(o->entry.seqnum) < needle)
+                return TEST_LEFT;
+        else
+                return TEST_RIGHT;
+}
+
+int journal_file_move_to_entry_by_seqnum(
+                JournalFile *f,
+                uint64_t seqnum,
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset) {
+        assert(f);
+        assert(f->header);
+
+        return generic_array_bisect(f,
+                                    le64toh(f->header->entry_array_offset),
+                                    le64toh(f->header->n_entries),
+                                    seqnum,
+                                    test_object_seqnum,
+                                    direction,
+                                    ret, offset, NULL);
+}
+
+static int test_object_realtime(JournalFile *f, uint64_t p, uint64_t needle) {
+        Object *o;
+        int r;
+
+        assert(f);
+        assert(p > 0);
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
+        if (r < 0)
+                return r;
+
+        if (le64toh(o->entry.realtime) == needle)
+                return TEST_FOUND;
+        else if (le64toh(o->entry.realtime) < needle)
+                return TEST_LEFT;
+        else
+                return TEST_RIGHT;
+}
+
+int journal_file_move_to_entry_by_realtime(
+                JournalFile *f,
+                uint64_t realtime,
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset) {
+        assert(f);
+        assert(f->header);
+
+        return generic_array_bisect(f,
+                                    le64toh(f->header->entry_array_offset),
+                                    le64toh(f->header->n_entries),
+                                    realtime,
+                                    test_object_realtime,
+                                    direction,
+                                    ret, offset, NULL);
+}
+
+static int test_object_monotonic(JournalFile *f, uint64_t p, uint64_t needle) {
+        Object *o;
+        int r;
+
+        assert(f);
+        assert(p > 0);
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
+        if (r < 0)
+                return r;
+
+        if (le64toh(o->entry.monotonic) == needle)
+                return TEST_FOUND;
+        else if (le64toh(o->entry.monotonic) < needle)
+                return TEST_LEFT;
+        else
+                return TEST_RIGHT;
+}
+
+static int find_data_object_by_boot_id(
+                JournalFile *f,
+                sd_id128_t boot_id,
+                Object **o,
+                uint64_t *b) {
+
+        char t[sizeof("_BOOT_ID=")-1 + 32 + 1] = "_BOOT_ID=";
+
+        sd_id128_to_string(boot_id, t + 9);
+        return journal_file_find_data_object(f, t, sizeof(t) - 1, o, b);
+}
+
+int journal_file_move_to_entry_by_monotonic(
+                JournalFile *f,
+                sd_id128_t boot_id,
+                uint64_t monotonic,
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset) {
+
+        Object *o;
+        int r;
+
+        assert(f);
+
+        r = find_data_object_by_boot_id(f, boot_id, &o, NULL);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return -ENOENT;
+
+        return generic_array_bisect_plus_one(f,
+                                             le64toh(o->data.entry_offset),
+                                             le64toh(o->data.entry_array_offset),
+                                             le64toh(o->data.n_entries),
+                                             monotonic,
+                                             test_object_monotonic,
+                                             direction,
+                                             ret, offset, NULL);
+}
+
+void journal_file_reset_location(JournalFile *f) {
+        f->location_type = LOCATION_HEAD;
+        f->current_offset = 0;
+        f->current_seqnum = 0;
+        f->current_realtime = 0;
+        f->current_monotonic = 0;
+        zero(f->current_boot_id);
+        f->current_xor_hash = 0;
+}
+
+void journal_file_save_location(JournalFile *f, Object *o, uint64_t offset) {
+        f->location_type = LOCATION_SEEK;
+        f->current_offset = offset;
+        f->current_seqnum = le64toh(o->entry.seqnum);
+        f->current_realtime = le64toh(o->entry.realtime);
+        f->current_monotonic = le64toh(o->entry.monotonic);
+        f->current_boot_id = o->entry.boot_id;
+        f->current_xor_hash = le64toh(o->entry.xor_hash);
+}
+
+int journal_file_compare_locations(JournalFile *af, JournalFile *bf) {
+        assert(af);
+        assert(af->header);
+        assert(bf);
+        assert(bf->header);
+        assert(af->location_type == LOCATION_SEEK);
+        assert(bf->location_type == LOCATION_SEEK);
+
+        /* If contents and timestamps match, these entries are
+         * identical, even if the seqnum does not match */
+        if (sd_id128_equal(af->current_boot_id, bf->current_boot_id) &&
+            af->current_monotonic == bf->current_monotonic &&
+            af->current_realtime == bf->current_realtime &&
+            af->current_xor_hash == bf->current_xor_hash)
+                return 0;
+
+        if (sd_id128_equal(af->header->seqnum_id, bf->header->seqnum_id)) {
+
+                /* If this is from the same seqnum source, compare
+                 * seqnums */
+                if (af->current_seqnum < bf->current_seqnum)
+                        return -1;
+                if (af->current_seqnum > bf->current_seqnum)
+                        return 1;
+
+                /* Wow! This is weird, different data but the same
+                 * seqnums? Something is borked, but let's make the
+                 * best of it and compare by time. */
+        }
+
+        if (sd_id128_equal(af->current_boot_id, bf->current_boot_id)) {
+
+                /* If the boot id matches, compare monotonic time */
+                if (af->current_monotonic < bf->current_monotonic)
+                        return -1;
+                if (af->current_monotonic > bf->current_monotonic)
+                        return 1;
+        }
+
+        /* Otherwise, compare UTC time */
+        if (af->current_realtime < bf->current_realtime)
+                return -1;
+        if (af->current_realtime > bf->current_realtime)
+                return 1;
+
+        /* Finally, compare by contents */
+        if (af->current_xor_hash < bf->current_xor_hash)
+                return -1;
+        if (af->current_xor_hash > bf->current_xor_hash)
+                return 1;
+
+        return 0;
+}
+
+int journal_file_next_entry(
+                JournalFile *f,
+                uint64_t p,
+                direction_t direction,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t i, n, ofs;
+        int r;
+
+        assert(f);
+        assert(f->header);
+
+        n = le64toh(f->header->n_entries);
+        if (n <= 0)
+                return 0;
+
+        if (p == 0)
+                i = direction == DIRECTION_DOWN ? 0 : n - 1;
+        else {
+                r = generic_array_bisect(f,
+                                         le64toh(f->header->entry_array_offset),
+                                         le64toh(f->header->n_entries),
+                                         p,
+                                         test_object_offset,
+                                         DIRECTION_DOWN,
+                                         NULL, NULL,
+                                         &i);
+                if (r <= 0)
+                        return r;
+
+                if (direction == DIRECTION_DOWN) {
+                        if (i >= n - 1)
+                                return 0;
+
+                        i++;
+                } else {
+                        if (i <= 0)
+                                return 0;
+
+                        i--;
+                }
+        }
+
+        /* And jump to it */
+        r = generic_array_get(f,
+                              le64toh(f->header->entry_array_offset),
+                              i,
+                              ret, &ofs);
+        if (r == -EBADMSG && direction == DIRECTION_DOWN) {
+                /* Special case: when we iterate throught the journal file linearly, and hit an entry we can't read,
+                 * consider this the end of the journal file. */
+                log_debug_errno(r, "Encountered entry we can't read while iterating through journal file. Considering this the end of the file.");
+                return 0;
+        }
+        if (r <= 0)
+                return r;
+
+        if (p > 0 &&
+            (direction == DIRECTION_DOWN ? ofs <= p : ofs >= p)) {
+                log_debug("%s: entry array corrupted at entry %" PRIu64, f->path, i);
+                return -EBADMSG;
+        }
+
+        if (offset)
+                *offset = ofs;
+
+        return 1;
+}
+
+int journal_file_next_entry_for_data(
+                JournalFile *f,
+                Object *o, uint64_t p,
+                uint64_t data_offset,
+                direction_t direction,
+                Object **ret, uint64_t *offset) {
+
+        uint64_t n, i;
+        int r;
+        Object *d;
+
+        assert(f);
+        assert(p > 0 || !o);
+
+        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
+        if (r < 0)
+                return r;
+
+        n = le64toh(d->data.n_entries);
+        if (n <= 0)
+                return n;
+
+        if (!o)
+                i = direction == DIRECTION_DOWN ? 0 : n - 1;
+        else {
+                if (o->object.type != OBJECT_ENTRY)
+                        return -EINVAL;
+
+                r = generic_array_bisect_plus_one(f,
+                                                  le64toh(d->data.entry_offset),
+                                                  le64toh(d->data.entry_array_offset),
+                                                  le64toh(d->data.n_entries),
+                                                  p,
+                                                  test_object_offset,
+                                                  DIRECTION_DOWN,
+                                                  NULL, NULL,
+                                                  &i);
+
+                if (r <= 0)
+                        return r;
+
+                if (direction == DIRECTION_DOWN) {
+                        if (i >= n - 1)
+                                return 0;
+
+                        i++;
+                } else {
+                        if (i <= 0)
+                                return 0;
+
+                        i--;
+                }
+
+        }
+
+        return generic_array_get_plus_one(f,
+                                          le64toh(d->data.entry_offset),
+                                          le64toh(d->data.entry_array_offset),
+                                          i,
+                                          ret, offset);
+}
+
+int journal_file_move_to_entry_by_offset_for_data(
+                JournalFile *f,
+                uint64_t data_offset,
+                uint64_t p,
+                direction_t direction,
+                Object **ret, uint64_t *offset) {
+
+        int r;
+        Object *d;
+
+        assert(f);
+
+        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
+        if (r < 0)
+                return r;
+
+        return generic_array_bisect_plus_one(f,
+                                             le64toh(d->data.entry_offset),
+                                             le64toh(d->data.entry_array_offset),
+                                             le64toh(d->data.n_entries),
+                                             p,
+                                             test_object_offset,
+                                             direction,
+                                             ret, offset, NULL);
+}
+
+int journal_file_move_to_entry_by_monotonic_for_data(
+                JournalFile *f,
+                uint64_t data_offset,
+                sd_id128_t boot_id,
+                uint64_t monotonic,
+                direction_t direction,
+                Object **ret, uint64_t *offset) {
+
+        Object *o, *d;
+        int r;
+        uint64_t b, z;
+
+        assert(f);
+
+        /* First, seek by time */
+        r = find_data_object_by_boot_id(f, boot_id, &o, &b);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return -ENOENT;
+
+        r = generic_array_bisect_plus_one(f,
+                                          le64toh(o->data.entry_offset),
+                                          le64toh(o->data.entry_array_offset),
+                                          le64toh(o->data.n_entries),
+                                          monotonic,
+                                          test_object_monotonic,
+                                          direction,
+                                          NULL, &z, NULL);
+        if (r <= 0)
+                return r;
+
+        /* And now, continue seeking until we find an entry that
+         * exists in both bisection arrays */
+
+        for (;;) {
+                Object *qo;
+                uint64_t p, q;
+
+                r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
+                if (r < 0)
+                        return r;
+
+                r = generic_array_bisect_plus_one(f,
+                                                  le64toh(d->data.entry_offset),
+                                                  le64toh(d->data.entry_array_offset),
+                                                  le64toh(d->data.n_entries),
+                                                  z,
+                                                  test_object_offset,
+                                                  direction,
+                                                  NULL, &p, NULL);
+                if (r <= 0)
+                        return r;
+
+                r = journal_file_move_to_object(f, OBJECT_DATA, b, &o);
+                if (r < 0)
+                        return r;
+
+                r = generic_array_bisect_plus_one(f,
+                                                  le64toh(o->data.entry_offset),
+                                                  le64toh(o->data.entry_array_offset),
+                                                  le64toh(o->data.n_entries),
+                                                  p,
+                                                  test_object_offset,
+                                                  direction,
+                                                  &qo, &q, NULL);
+
+                if (r <= 0)
+                        return r;
+
+                if (p == q) {
+                        if (ret)
+                                *ret = qo;
+                        if (offset)
+                                *offset = q;
+
+                        return 1;
+                }
+
+                z = q;
+        }
+}
+
+int journal_file_move_to_entry_by_seqnum_for_data(
+                JournalFile *f,
+                uint64_t data_offset,
+                uint64_t seqnum,
+                direction_t direction,
+                Object **ret, uint64_t *offset) {
+
+        Object *d;
+        int r;
+
+        assert(f);
+
+        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
+        if (r < 0)
+                return r;
+
+        return generic_array_bisect_plus_one(f,
+                                             le64toh(d->data.entry_offset),
+                                             le64toh(d->data.entry_array_offset),
+                                             le64toh(d->data.n_entries),
+                                             seqnum,
+                                             test_object_seqnum,
+                                             direction,
+                                             ret, offset, NULL);
+}
+
+int journal_file_move_to_entry_by_realtime_for_data(
+                JournalFile *f,
+                uint64_t data_offset,
+                uint64_t realtime,
+                direction_t direction,
+                Object **ret, uint64_t *offset) {
+
+        Object *d;
+        int r;
+
+        assert(f);
+
+        r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d);
+        if (r < 0)
+                return r;
+
+        return generic_array_bisect_plus_one(f,
+                                             le64toh(d->data.entry_offset),
+                                             le64toh(d->data.entry_array_offset),
+                                             le64toh(d->data.n_entries),
+                                             realtime,
+                                             test_object_realtime,
+                                             direction,
+                                             ret, offset, NULL);
+}
+
+void journal_file_dump(JournalFile *f) {
+        Object *o;
+        int r;
+        uint64_t p;
+
+        assert(f);
+        assert(f->header);
+
+        journal_file_print_header(f);
+
+        p = le64toh(f->header->header_size);
+        while (p != 0) {
+                r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o);
+                if (r < 0)
+                        goto fail;
+
+                switch (o->object.type) {
+
+                case OBJECT_UNUSED:
+                        printf("Type: OBJECT_UNUSED\n");
+                        break;
+
+                case OBJECT_DATA:
+                        printf("Type: OBJECT_DATA\n");
+                        break;
+
+                case OBJECT_FIELD:
+                        printf("Type: OBJECT_FIELD\n");
+                        break;
+
+                case OBJECT_ENTRY:
+                        printf("Type: OBJECT_ENTRY seqnum=%"PRIu64" monotonic=%"PRIu64" realtime=%"PRIu64"\n",
+                               le64toh(o->entry.seqnum),
+                               le64toh(o->entry.monotonic),
+                               le64toh(o->entry.realtime));
+                        break;
+
+                case OBJECT_FIELD_HASH_TABLE:
+                        printf("Type: OBJECT_FIELD_HASH_TABLE\n");
+                        break;
+
+                case OBJECT_DATA_HASH_TABLE:
+                        printf("Type: OBJECT_DATA_HASH_TABLE\n");
+                        break;
+
+                case OBJECT_ENTRY_ARRAY:
+                        printf("Type: OBJECT_ENTRY_ARRAY\n");
+                        break;
+
+                case OBJECT_TAG:
+                        printf("Type: OBJECT_TAG seqnum=%"PRIu64" epoch=%"PRIu64"\n",
+                               le64toh(o->tag.seqnum),
+                               le64toh(o->tag.epoch));
+                        break;
+
+                default:
+                        printf("Type: unknown (%i)\n", o->object.type);
+                        break;
+                }
+
+                if (o->object.flags & OBJECT_COMPRESSION_MASK)
+                        printf("Flags: %s\n",
+                               object_compressed_to_string(o->object.flags & OBJECT_COMPRESSION_MASK));
+
+                if (p == le64toh(f->header->tail_object_offset))
+                        p = 0;
+                else
+                        p = p + ALIGN64(le64toh(o->object.size));
+        }
+
+        return;
+fail:
+        log_error("File corrupt");
+}
+
+static const char* format_timestamp_safe(char *buf, size_t l, usec_t t) {
+        const char *x;
+
+        x = format_timestamp(buf, l, t);
+        if (x)
+                return x;
+        return " --- ";
+}
+
+void journal_file_print_header(JournalFile *f) {
+        char a[33], b[33], c[33], d[33];
+        char x[FORMAT_TIMESTAMP_MAX], y[FORMAT_TIMESTAMP_MAX], z[FORMAT_TIMESTAMP_MAX];
+        struct stat st;
+        char bytes[FORMAT_BYTES_MAX];
+
+        assert(f);
+        assert(f->header);
+
+        printf("File Path: %s\n"
+               "File ID: %s\n"
+               "Machine ID: %s\n"
+               "Boot ID: %s\n"
+               "Sequential Number ID: %s\n"
+               "State: %s\n"
+               "Compatible Flags:%s%s\n"
+               "Incompatible Flags:%s%s%s\n"
+               "Header size: %"PRIu64"\n"
+               "Arena size: %"PRIu64"\n"
+               "Data Hash Table Size: %"PRIu64"\n"
+               "Field Hash Table Size: %"PRIu64"\n"
+               "Rotate Suggested: %s\n"
+               "Head Sequential Number: %"PRIu64" (%"PRIx64")\n"
+               "Tail Sequential Number: %"PRIu64" (%"PRIx64")\n"
+               "Head Realtime Timestamp: %s (%"PRIx64")\n"
+               "Tail Realtime Timestamp: %s (%"PRIx64")\n"
+               "Tail Monotonic Timestamp: %s (%"PRIx64")\n"
+               "Objects: %"PRIu64"\n"
+               "Entry Objects: %"PRIu64"\n",
+               f->path,
+               sd_id128_to_string(f->header->file_id, a),
+               sd_id128_to_string(f->header->machine_id, b),
+               sd_id128_to_string(f->header->boot_id, c),
+               sd_id128_to_string(f->header->seqnum_id, d),
+               f->header->state == STATE_OFFLINE ? "OFFLINE" :
+               f->header->state == STATE_ONLINE ? "ONLINE" :
+               f->header->state == STATE_ARCHIVED ? "ARCHIVED" : "UNKNOWN",
+               JOURNAL_HEADER_SEALED(f->header) ? " SEALED" : "",
+               (le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_ANY) ? " ???" : "",
+               JOURNAL_HEADER_COMPRESSED_XZ(f->header) ? " COMPRESSED-XZ" : "",
+               JOURNAL_HEADER_COMPRESSED_LZ4(f->header) ? " COMPRESSED-LZ4" : "",
+               (le32toh(f->header->incompatible_flags) & ~HEADER_INCOMPATIBLE_ANY) ? " ???" : "",
+               le64toh(f->header->header_size),
+               le64toh(f->header->arena_size),
+               le64toh(f->header->data_hash_table_size) / sizeof(HashItem),
+               le64toh(f->header->field_hash_table_size) / sizeof(HashItem),
+               yes_no(journal_file_rotate_suggested(f, 0)),
+               le64toh(f->header->head_entry_seqnum), le64toh(f->header->head_entry_seqnum),
+               le64toh(f->header->tail_entry_seqnum), le64toh(f->header->tail_entry_seqnum),
+               format_timestamp_safe(x, sizeof(x), le64toh(f->header->head_entry_realtime)), le64toh(f->header->head_entry_realtime),
+               format_timestamp_safe(y, sizeof(y), le64toh(f->header->tail_entry_realtime)), le64toh(f->header->tail_entry_realtime),
+               format_timespan(z, sizeof(z), le64toh(f->header->tail_entry_monotonic), USEC_PER_MSEC), le64toh(f->header->tail_entry_monotonic),
+               le64toh(f->header->n_objects),
+               le64toh(f->header->n_entries));
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
+                printf("Data Objects: %"PRIu64"\n"
+                       "Data Hash Table Fill: %.1f%%\n",
+                       le64toh(f->header->n_data),
+                       100.0 * (double) le64toh(f->header->n_data) / ((double) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem))));
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
+                printf("Field Objects: %"PRIu64"\n"
+                       "Field Hash Table Fill: %.1f%%\n",
+                       le64toh(f->header->n_fields),
+                       100.0 * (double) le64toh(f->header->n_fields) / ((double) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem))));
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_tags))
+                printf("Tag Objects: %"PRIu64"\n",
+                       le64toh(f->header->n_tags));
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
+                printf("Entry Array Objects: %"PRIu64"\n",
+                       le64toh(f->header->n_entry_arrays));
+
+        if (fstat(f->fd, &st) >= 0)
+                printf("Disk usage: %s\n", format_bytes(bytes, sizeof(bytes), (uint64_t) st.st_blocks * 512ULL));
+}
+
+static int journal_file_warn_btrfs(JournalFile *f) {
+        unsigned attrs;
+        int r;
+
+        assert(f);
+
+        /* Before we write anything, check if the COW logic is turned
+         * off on btrfs. Given our write pattern that is quite
+         * unfriendly to COW file systems this should greatly improve
+         * performance on COW file systems, such as btrfs, at the
+         * expense of data integrity features (which shouldn't be too
+         * bad, given that we do our own checksumming). */
+
+        r = btrfs_is_filesystem(f->fd);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to determine if journal is on btrfs: %m");
+        if (!r)
+                return 0;
+
+        r = read_attr_fd(f->fd, &attrs);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to read file attributes: %m");
+
+        if (attrs & FS_NOCOW_FL) {
+                log_debug("Detected btrfs file system with copy-on-write disabled, all is good.");
+                return 0;
+        }
+
+        log_notice("Creating journal file %s on a btrfs file system, and copy-on-write is enabled. "
+                   "This is likely to slow down journal access substantially, please consider turning "
+                   "off the copy-on-write file attribute on the journal directory, using chattr +C.", f->path);
+
+        return 1;
+}
+
+int journal_file_open(
+                int fd,
+                const char *fname,
+                int flags,
+                mode_t mode,
+                bool compress,
+                bool seal,
+                JournalMetrics *metrics,
+                MMapCache *mmap_cache,
+                Set *deferred_closes,
+                JournalFile *template,
+                JournalFile **ret) {
+
+        bool newly_created = false;
+        JournalFile *f;
+        void *h;
+        int r;
+
+        assert(ret);
+        assert(fd >= 0 || fname);
+
+        if ((flags & O_ACCMODE) != O_RDONLY &&
+            (flags & O_ACCMODE) != O_RDWR)
+                return -EINVAL;
+
+        if (fname) {
+                if (!endswith(fname, ".journal") &&
+                    !endswith(fname, ".journal~"))
+                        return -EINVAL;
+        }
+
+        f = new0(JournalFile, 1);
+        if (!f)
+                return -ENOMEM;
+
+        f->fd = fd;
+        f->mode = mode;
+
+        f->flags = flags;
+        f->prot = prot_from_flags(flags);
+        f->writable = (flags & O_ACCMODE) != O_RDONLY;
+#if defined(HAVE_LZ4)
+        f->compress_lz4 = compress;
+#elif defined(HAVE_XZ)
+        f->compress_xz = compress;
+#endif
+#ifdef HAVE_GCRYPT
+        f->seal = seal;
+#endif
+
+        if (mmap_cache)
+                f->mmap = mmap_cache_ref(mmap_cache);
+        else {
+                f->mmap = mmap_cache_new();
+                if (!f->mmap) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+        }
+
+        if (fname)
+                f->path = strdup(fname);
+        else /* If we don't know the path, fill in something explanatory and vaguely useful */
+                asprintf(&f->path, "/proc/self/%i", fd);
+        if (!f->path) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        f->chain_cache = ordered_hashmap_new(&uint64_hash_ops);
+        if (!f->chain_cache) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        if (f->fd < 0) {
+                f->fd = open(f->path, f->flags|O_CLOEXEC, f->mode);
+                if (f->fd < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+
+                /* fds we opened here by us should also be closed by us. */
+                f->close_fd = true;
+        }
+
+        r = journal_file_fstat(f);
+        if (r < 0)
+                goto fail;
+
+        if (f->last_stat.st_size == 0 && f->writable) {
+
+                (void) journal_file_warn_btrfs(f);
+
+                /* Let's attach the creation time to the journal file,
+                 * so that the vacuuming code knows the age of this
+                 * file even if the file might end up corrupted one
+                 * day... Ideally we'd just use the creation time many
+                 * file systems maintain for each file, but there is
+                 * currently no usable API to query this, hence let's
+                 * emulate this via extended attributes. If extended
+                 * attributes are not supported we'll just skip this,
+                 * and rely solely on mtime/atime/ctime of the file. */
+
+                fd_setcrtime(f->fd, 0);
+
+#ifdef HAVE_GCRYPT
+                /* Try to load the FSPRG state, and if we can't, then
+                 * just don't do sealing */
+                if (f->seal) {
+                        r = journal_file_fss_load(f);
+                        if (r < 0)
+                                f->seal = false;
+                }
+#endif
+
+                r = journal_file_init_header(f, template);
+                if (r < 0)
+                        goto fail;
+
+                r = journal_file_fstat(f);
+                if (r < 0)
+                        goto fail;
+
+                newly_created = true;
+        }
+
+        if (f->last_stat.st_size < (off_t) HEADER_SIZE_MIN) {
+                r = -ENODATA;
+                goto fail;
+        }
+
+        r = mmap_cache_get(f->mmap, f->fd, f->prot, CONTEXT_HEADER, true, 0, PAGE_ALIGN(sizeof(Header)), &f->last_stat, &h);
+        if (r < 0)
+                goto fail;
+
+        f->header = h;
+
+        if (!newly_created) {
+                if (deferred_closes)
+                        journal_file_close_set(deferred_closes);
+
+                r = journal_file_verify_header(f);
+                if (r < 0)
+                        goto fail;
+        }
+
+#ifdef HAVE_GCRYPT
+        if (!newly_created && f->writable) {
+                r = journal_file_fss_load(f);
+                if (r < 0)
+                        goto fail;
+        }
+#endif
+
+        if (f->writable) {
+                if (metrics) {
+                        journal_default_metrics(metrics, f->fd);
+                        f->metrics = *metrics;
+                } else if (template)
+                        f->metrics = template->metrics;
+
+                r = journal_file_refresh_header(f);
+                if (r < 0)
+                        goto fail;
+        }
+
+#ifdef HAVE_GCRYPT
+        r = journal_file_hmac_setup(f);
+        if (r < 0)
+                goto fail;
+#endif
+
+        if (newly_created) {
+                r = journal_file_setup_field_hash_table(f);
+                if (r < 0)
+                        goto fail;
+
+                r = journal_file_setup_data_hash_table(f);
+                if (r < 0)
+                        goto fail;
+
+#ifdef HAVE_GCRYPT
+                r = journal_file_append_first_tag(f);
+                if (r < 0)
+                        goto fail;
+#endif
+        }
+
+        if (mmap_cache_got_sigbus(f->mmap, f->fd)) {
+                r = -EIO;
+                goto fail;
+        }
+
+        if (template && template->post_change_timer) {
+                r = journal_file_enable_post_change_timer(
+                                f,
+                                sd_event_source_get_event(template->post_change_timer),
+                                template->post_change_timer_period);
+
+                if (r < 0)
+                        goto fail;
+        }
+
+        /* The file is opened now successfully, thus we take possession of any passed in fd. */
+        f->close_fd = true;
+
+        *ret = f;
+        return 0;
+
+fail:
+        if (f->fd >= 0 && mmap_cache_got_sigbus(f->mmap, f->fd))
+                r = -EIO;
+
+        (void) journal_file_close(f);
+
+        return r;
+}
+
+int journal_file_rotate(JournalFile **f, bool compress, bool seal, Set *deferred_closes) {
+        _cleanup_free_ char *p = NULL;
+        size_t l;
+        JournalFile *old_file, *new_file = NULL;
+        int r;
+
+        assert(f);
+        assert(*f);
+
+        old_file = *f;
+
+        if (!old_file->writable)
+                return -EINVAL;
+
+        /* Is this a journal file that was passed to us as fd? If so, we synthesized a path name for it, and we refuse
+         * rotation, since we don't know the actual path, and couldn't rename the file hence.*/
+        if (path_startswith(old_file->path, "/proc/self/fd"))
+                return -EINVAL;
+
+        if (!endswith(old_file->path, ".journal"))
+                return -EINVAL;
+
+        l = strlen(old_file->path);
+        r = asprintf(&p, "%.*s@" SD_ID128_FORMAT_STR "-%016"PRIx64"-%016"PRIx64".journal",
+                     (int) l - 8, old_file->path,
+                     SD_ID128_FORMAT_VAL(old_file->header->seqnum_id),
+                     le64toh((*f)->header->head_entry_seqnum),
+                     le64toh((*f)->header->head_entry_realtime));
+        if (r < 0)
+                return -ENOMEM;
+
+        /* Try to rename the file to the archived version. If the file
+         * already was deleted, we'll get ENOENT, let's ignore that
+         * case. */
+        r = rename(old_file->path, p);
+        if (r < 0 && errno != ENOENT)
+                return -errno;
+
+        /* Sync the rename to disk */
+        (void) fsync_directory_of_file(old_file->fd);
+
+        /* Set as archive so offlining commits w/state=STATE_ARCHIVED.
+         * Previously we would set old_file->header->state to STATE_ARCHIVED directly here,
+         * but journal_file_set_offline() short-circuits when state != STATE_ONLINE, which
+         * would result in the rotated journal never getting fsync() called before closing.
+         * Now we simply queue the archive state by setting an archive bit, leaving the state
+         * as STATE_ONLINE so proper offlining occurs. */
+        old_file->archive = true;
+
+        /* Currently, btrfs is not very good with out write patterns
+         * and fragments heavily. Let's defrag our journal files when
+         * we archive them */
+        old_file->defrag_on_close = true;
+
+        r = journal_file_open(-1, old_file->path, old_file->flags, old_file->mode, compress, seal, NULL, old_file->mmap, deferred_closes, old_file, &new_file);
+
+        if (deferred_closes &&
+            set_put(deferred_closes, old_file) >= 0)
+                (void) journal_file_set_offline(old_file, false);
+        else
+                (void) journal_file_close(old_file);
+
+        *f = new_file;
+        return r;
+}
+
+int journal_file_open_reliably(
+                const char *fname,
+                int flags,
+                mode_t mode,
+                bool compress,
+                bool seal,
+                JournalMetrics *metrics,
+                MMapCache *mmap_cache,
+                Set *deferred_closes,
+                JournalFile *template,
+                JournalFile **ret) {
+
+        int r;
+        size_t l;
+        _cleanup_free_ char *p = NULL;
+
+        r = journal_file_open(-1, fname, flags, mode, compress, seal, metrics, mmap_cache, deferred_closes, template, ret);
+        if (!IN_SET(r,
+                    -EBADMSG,           /* corrupted */
+                    -ENODATA,           /* truncated */
+                    -EHOSTDOWN,         /* other machine */
+                    -EPROTONOSUPPORT,   /* incompatible feature */
+                    -EBUSY,             /* unclean shutdown */
+                    -ESHUTDOWN,         /* already archived */
+                    -EIO,               /* IO error, including SIGBUS on mmap */
+                    -EIDRM              /* File has been deleted */))
+                return r;
+
+        if ((flags & O_ACCMODE) == O_RDONLY)
+                return r;
+
+        if (!(flags & O_CREAT))
+                return r;
+
+        if (!endswith(fname, ".journal"))
+                return r;
+
+        /* The file is corrupted. Rotate it away and try it again (but only once) */
+
+        l = strlen(fname);
+        if (asprintf(&p, "%.*s@%016"PRIx64 "-%016"PRIx64 ".journal~",
+                     (int) l - 8, fname,
+                     now(CLOCK_REALTIME),
+                     random_u64()) < 0)
+                return -ENOMEM;
+
+        if (rename(fname, p) < 0)
+                return -errno;
+
+        /* btrfs doesn't cope well with our write pattern and
+         * fragments heavily. Let's defrag all files we rotate */
+
+        (void) chattr_path(p, 0, FS_NOCOW_FL);
+        (void) btrfs_defrag(p);
+
+        log_warning_errno(r, "File %s corrupted or uncleanly shut down, renaming and replacing.", fname);
+
+        return journal_file_open(-1, fname, flags, mode, compress, seal, metrics, mmap_cache, deferred_closes, template, ret);
+}
+
+int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p, uint64_t *seqnum, Object **ret, uint64_t *offset) {
+        uint64_t i, n;
+        uint64_t q, xor_hash = 0;
+        int r;
+        EntryItem *items;
+        dual_timestamp ts;
+
+        assert(from);
+        assert(to);
+        assert(o);
+        assert(p);
+
+        if (!to->writable)
+                return -EPERM;
+
+        ts.monotonic = le64toh(o->entry.monotonic);
+        ts.realtime = le64toh(o->entry.realtime);
+
+        n = journal_file_entry_n_items(o);
+        /* alloca() can't take 0, hence let's allocate at least one */
+        items = alloca(sizeof(EntryItem) * MAX(1u, n));
+
+        for (i = 0; i < n; i++) {
+                uint64_t l, h;
+                le64_t le_hash;
+                size_t t;
+                void *data;
+                Object *u;
+
+                q = le64toh(o->entry.items[i].object_offset);
+                le_hash = o->entry.items[i].hash;
+
+                r = journal_file_move_to_object(from, OBJECT_DATA, q, &o);
+                if (r < 0)
+                        return r;
+
+                if (le_hash != o->data.hash)
+                        return -EBADMSG;
+
+                l = le64toh(o->object.size) - offsetof(Object, data.payload);
+                t = (size_t) l;
+
+                /* We hit the limit on 32bit machines */
+                if ((uint64_t) t != l)
+                        return -E2BIG;
+
+                if (o->object.flags & OBJECT_COMPRESSION_MASK) {
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+                        size_t rsize = 0;
+
+                        r = decompress_blob(o->object.flags & OBJECT_COMPRESSION_MASK,
+                                            o->data.payload, l, &from->compress_buffer, &from->compress_buffer_size, &rsize, 0);
+                        if (r < 0)
+                                return r;
+
+                        data = from->compress_buffer;
+                        l = rsize;
+#else
+                        return -EPROTONOSUPPORT;
+#endif
+                } else
+                        data = o->data.payload;
+
+                r = journal_file_append_data(to, data, l, &u, &h);
+                if (r < 0)
+                        return r;
+
+                xor_hash ^= le64toh(u->data.hash);
+                items[i].object_offset = htole64(h);
+                items[i].hash = u->data.hash;
+
+                r = journal_file_move_to_object(from, OBJECT_ENTRY, p, &o);
+                if (r < 0)
+                        return r;
+        }
+
+        r = journal_file_append_entry_internal(to, &ts, xor_hash, items, n, seqnum, ret, offset);
+
+        if (mmap_cache_got_sigbus(to->mmap, to->fd))
+                return -EIO;
+
+        return r;
+}
+
+void journal_reset_metrics(JournalMetrics *m) {
+        assert(m);
+
+        /* Set everything to "pick automatic values". */
+
+        *m = (JournalMetrics) {
+                .min_use = (uint64_t) -1,
+                .max_use = (uint64_t) -1,
+                .min_size = (uint64_t) -1,
+                .max_size = (uint64_t) -1,
+                .keep_free = (uint64_t) -1,
+                .n_max_files = (uint64_t) -1,
+        };
+}
+
+void journal_default_metrics(JournalMetrics *m, int fd) {
+        char a[FORMAT_BYTES_MAX], b[FORMAT_BYTES_MAX], c[FORMAT_BYTES_MAX], d[FORMAT_BYTES_MAX], e[FORMAT_BYTES_MAX];
+        struct statvfs ss;
+        uint64_t fs_size;
+
+        assert(m);
+        assert(fd >= 0);
+
+        if (fstatvfs(fd, &ss) >= 0)
+                fs_size = ss.f_frsize * ss.f_blocks;
+        else {
+                log_debug_errno(errno, "Failed to detremine disk size: %m");
+                fs_size = 0;
+        }
+
+        if (m->max_use == (uint64_t) -1) {
+
+                if (fs_size > 0) {
+                        m->max_use = PAGE_ALIGN(fs_size / 10); /* 10% of file system size */
+
+                        if (m->max_use > DEFAULT_MAX_USE_UPPER)
+                                m->max_use = DEFAULT_MAX_USE_UPPER;
+
+                        if (m->max_use < DEFAULT_MAX_USE_LOWER)
+                                m->max_use = DEFAULT_MAX_USE_LOWER;
+                } else
+                        m->max_use = DEFAULT_MAX_USE_LOWER;
+        } else {
+                m->max_use = PAGE_ALIGN(m->max_use);
+
+                if (m->max_use != 0 && m->max_use < JOURNAL_FILE_SIZE_MIN*2)
+                        m->max_use = JOURNAL_FILE_SIZE_MIN*2;
+        }
+
+        if (m->min_use == (uint64_t) -1)
+                m->min_use = DEFAULT_MIN_USE;
+
+        if (m->min_use > m->max_use)
+                m->min_use = m->max_use;
+
+        if (m->max_size == (uint64_t) -1) {
+                m->max_size = PAGE_ALIGN(m->max_use / 8); /* 8 chunks */
+
+                if (m->max_size > DEFAULT_MAX_SIZE_UPPER)
+                        m->max_size = DEFAULT_MAX_SIZE_UPPER;
+        } else
+                m->max_size = PAGE_ALIGN(m->max_size);
+
+        if (m->max_size != 0) {
+                if (m->max_size < JOURNAL_FILE_SIZE_MIN)
+                        m->max_size = JOURNAL_FILE_SIZE_MIN;
+
+                if (m->max_use != 0 && m->max_size*2 > m->max_use)
+                        m->max_use = m->max_size*2;
+        }
+
+        if (m->min_size == (uint64_t) -1)
+                m->min_size = JOURNAL_FILE_SIZE_MIN;
+        else {
+                m->min_size = PAGE_ALIGN(m->min_size);
+
+                if (m->min_size < JOURNAL_FILE_SIZE_MIN)
+                        m->min_size = JOURNAL_FILE_SIZE_MIN;
+
+                if (m->max_size != 0 && m->min_size > m->max_size)
+                        m->max_size = m->min_size;
+        }
+
+        if (m->keep_free == (uint64_t) -1) {
+
+                if (fs_size > 0) {
+                        m->keep_free = PAGE_ALIGN(fs_size * 3 / 20); /* 15% of file system size */
+
+                        if (m->keep_free > DEFAULT_KEEP_FREE_UPPER)
+                                m->keep_free = DEFAULT_KEEP_FREE_UPPER;
+
+                } else
+                        m->keep_free = DEFAULT_KEEP_FREE;
+        }
+
+        if (m->n_max_files == (uint64_t) -1)
+                m->n_max_files = DEFAULT_N_MAX_FILES;
+
+        log_debug("Fixed min_use=%s max_use=%s max_size=%s min_size=%s keep_free=%s n_max_files=%" PRIu64,
+                  format_bytes(a, sizeof(a), m->min_use),
+                  format_bytes(b, sizeof(b), m->max_use),
+                  format_bytes(c, sizeof(c), m->max_size),
+                  format_bytes(d, sizeof(d), m->min_size),
+                  format_bytes(e, sizeof(e), m->keep_free),
+                  m->n_max_files);
+}
+
+int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *to) {
+        assert(f);
+        assert(f->header);
+        assert(from || to);
+
+        if (from) {
+                if (f->header->head_entry_realtime == 0)
+                        return -ENOENT;
+
+                *from = le64toh(f->header->head_entry_realtime);
+        }
+
+        if (to) {
+                if (f->header->tail_entry_realtime == 0)
+                        return -ENOENT;
+
+                *to = le64toh(f->header->tail_entry_realtime);
+        }
+
+        return 1;
+}
+
+int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot_id, usec_t *from, usec_t *to) {
+        Object *o;
+        uint64_t p;
+        int r;
+
+        assert(f);
+        assert(from || to);
+
+        r = find_data_object_by_boot_id(f, boot_id, &o, &p);
+        if (r <= 0)
+                return r;
+
+        if (le64toh(o->data.n_entries) <= 0)
+                return 0;
+
+        if (from) {
+                r = journal_file_move_to_object(f, OBJECT_ENTRY, le64toh(o->data.entry_offset), &o);
+                if (r < 0)
+                        return r;
+
+                *from = le64toh(o->entry.monotonic);
+        }
+
+        if (to) {
+                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
+                if (r < 0)
+                        return r;
+
+                r = generic_array_get_plus_one(f,
+                                               le64toh(o->data.entry_offset),
+                                               le64toh(o->data.entry_array_offset),
+                                               le64toh(o->data.n_entries)-1,
+                                               &o, NULL);
+                if (r <= 0)
+                        return r;
+
+                *to = le64toh(o->entry.monotonic);
+        }
+
+        return 1;
+}
+
+bool journal_file_rotate_suggested(JournalFile *f, usec_t max_file_usec) {
+        assert(f);
+        assert(f->header);
+
+        /* If we gained new header fields we gained new features,
+         * hence suggest a rotation */
+        if (le64toh(f->header->header_size) < sizeof(Header)) {
+                log_debug("%s uses an outdated header, suggesting rotation.", f->path);
+                return true;
+        }
+
+        /* Let's check if the hash tables grew over a certain fill
+         * level (75%, borrowing this value from Java's hash table
+         * implementation), and if so suggest a rotation. To calculate
+         * the fill level we need the n_data field, which only exists
+         * in newer versions. */
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
+                if (le64toh(f->header->n_data) * 4ULL > (le64toh(f->header->data_hash_table_size) / sizeof(HashItem)) * 3ULL) {
+                        log_debug("Data hash table of %s has a fill level at %.1f (%"PRIu64" of %"PRIu64" items, %llu file size, %"PRIu64" bytes per hash table item), suggesting rotation.",
+                                  f->path,
+                                  100.0 * (double) le64toh(f->header->n_data) / ((double) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem))),
+                                  le64toh(f->header->n_data),
+                                  le64toh(f->header->data_hash_table_size) / sizeof(HashItem),
+                                  (unsigned long long) f->last_stat.st_size,
+                                  f->last_stat.st_size / le64toh(f->header->n_data));
+                        return true;
+                }
+
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
+                if (le64toh(f->header->n_fields) * 4ULL > (le64toh(f->header->field_hash_table_size) / sizeof(HashItem)) * 3ULL) {
+                        log_debug("Field hash table of %s has a fill level at %.1f (%"PRIu64" of %"PRIu64" items), suggesting rotation.",
+                                  f->path,
+                                  100.0 * (double) le64toh(f->header->n_fields) / ((double) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem))),
+                                  le64toh(f->header->n_fields),
+                                  le64toh(f->header->field_hash_table_size) / sizeof(HashItem));
+                        return true;
+                }
+
+        /* Are the data objects properly indexed by field objects? */
+        if (JOURNAL_HEADER_CONTAINS(f->header, n_data) &&
+            JOURNAL_HEADER_CONTAINS(f->header, n_fields) &&
+            le64toh(f->header->n_data) > 0 &&
+            le64toh(f->header->n_fields) == 0)
+                return true;
+
+        if (max_file_usec > 0) {
+                usec_t t, h;
+
+                h = le64toh(f->header->head_entry_realtime);
+                t = now(CLOCK_REALTIME);
+
+                if (h > 0 && t > h + max_file_usec)
+                        return true;
+        }
+
+        return false;
+}
diff --git a/src/libsystemd/libsystemd-journal-internal/journal-file.h b/src/libsystemd/libsystemd-journal-internal/journal-file.h
new file mode 100644
index 0000000000..e48e98f424
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/journal-file.h
@@ -0,0 +1,265 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+
+#ifdef HAVE_GCRYPT
+#include <gcrypt.h>
+#endif
+
+#include <systemd/sd-id128.h>
+
+#include "hashmap.h"
+#include "journal-def.h"
+#include "macro.h"
+#include "mmap-cache.h"
+#include <systemd/sd-event.h>
+#include "sparse-endian.h"
+
+typedef struct JournalMetrics {
+        /* For all these: -1 means "pick automatically", and 0 means "no limit enforced" */
+        uint64_t max_size;     /* how large journal files grow at max */
+        uint64_t min_size;     /* how large journal files grow at least */
+        uint64_t max_use;      /* how much disk space to use in total at max, keep_free permitting */
+        uint64_t min_use;      /* how much disk space to use in total at least, even if keep_free says not to */
+        uint64_t keep_free;    /* how much to keep free on disk */
+        uint64_t n_max_files;  /* how many files to keep around at max */
+} JournalMetrics;
+
+typedef enum direction {
+        DIRECTION_UP,
+        DIRECTION_DOWN
+} direction_t;
+
+typedef enum LocationType {
+        /* The first and last entries, resp. */
+        LOCATION_HEAD,
+        LOCATION_TAIL,
+
+        /* We already read the entry we currently point to, and the
+         * next one to read should probably not be this one again. */
+        LOCATION_DISCRETE,
+
+        /* We should seek to the precise location specified, and
+         * return it, as we haven't read it yet. */
+        LOCATION_SEEK
+} LocationType;
+
+typedef enum OfflineState {
+        OFFLINE_JOINED,
+        OFFLINE_SYNCING,
+        OFFLINE_OFFLINING,
+        OFFLINE_CANCEL,
+        OFFLINE_AGAIN_FROM_SYNCING,
+        OFFLINE_AGAIN_FROM_OFFLINING,
+        OFFLINE_DONE
+} OfflineState;
+
+typedef struct JournalFile {
+        int fd;
+
+        mode_t mode;
+
+        int flags;
+        int prot;
+        bool writable:1;
+        bool compress_xz:1;
+        bool compress_lz4:1;
+        bool seal:1;
+        bool defrag_on_close:1;
+        bool close_fd:1;
+        bool archive:1;
+
+        bool tail_entry_monotonic_valid:1;
+
+        direction_t last_direction;
+        LocationType location_type;
+        uint64_t last_n_entries;
+
+        char *path;
+        struct stat last_stat;
+        usec_t last_stat_usec;
+
+        Header *header;
+        HashItem *data_hash_table;
+        HashItem *field_hash_table;
+
+        uint64_t current_offset;
+        uint64_t current_seqnum;
+        uint64_t current_realtime;
+        uint64_t current_monotonic;
+        sd_id128_t current_boot_id;
+        uint64_t current_xor_hash;
+
+        JournalMetrics metrics;
+        MMapCache *mmap;
+
+        sd_event_source *post_change_timer;
+        usec_t post_change_timer_period;
+
+        OrderedHashmap *chain_cache;
+
+        pthread_t offline_thread;
+        volatile OfflineState offline_state;
+
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+        void *compress_buffer;
+        size_t compress_buffer_size;
+#endif
+
+#ifdef HAVE_GCRYPT
+        gcry_md_hd_t hmac;
+        bool hmac_running;
+
+        FSSHeader *fss_file;
+        size_t fss_file_size;
+
+        uint64_t fss_start_usec;
+        uint64_t fss_interval_usec;
+
+        void *fsprg_state;
+        size_t fsprg_state_size;
+
+        void *fsprg_seed;
+        size_t fsprg_seed_size;
+#endif
+} JournalFile;
+
+int journal_file_open(
+                int fd,
+                const char *fname,
+                int flags,
+                mode_t mode,
+                bool compress,
+                bool seal,
+                JournalMetrics *metrics,
+                MMapCache *mmap_cache,
+                Set *deferred_closes,
+                JournalFile *template,
+                JournalFile **ret);
+
+int journal_file_set_offline(JournalFile *f, bool wait);
+bool journal_file_is_offlining(JournalFile *f);
+JournalFile* journal_file_close(JournalFile *j);
+void journal_file_close_set(Set *s);
+
+int journal_file_open_reliably(
+                const char *fname,
+                int flags,
+                mode_t mode,
+                bool compress,
+                bool seal,
+                JournalMetrics *metrics,
+                MMapCache *mmap_cache,
+                Set *deferred_closes,
+                JournalFile *template,
+                JournalFile **ret);
+
+#define ALIGN64(x) (((x) + 7ULL) & ~7ULL)
+#define VALID64(x) (((x) & 7ULL) == 0ULL)
+
+/* Use six characters to cover the offsets common in smallish journal
+ * files without adding too many zeros. */
+#define OFSfmt "%06"PRIx64
+
+static inline bool VALID_REALTIME(uint64_t u) {
+        /* This considers timestamps until the year 3112 valid. That should be plenty room... */
+        return u > 0 && u < (1ULL << 55);
+}
+
+static inline bool VALID_MONOTONIC(uint64_t u) {
+        /* This considers timestamps until 1142 years of runtime valid. */
+        return u < (1ULL << 55);
+}
+
+static inline bool VALID_EPOCH(uint64_t u) {
+        /* This allows changing the key for 1142 years, every usec. */
+        return u < (1ULL << 55);
+}
+
+#define JOURNAL_HEADER_CONTAINS(h, field) \
+        (le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))
+
+#define JOURNAL_HEADER_SEALED(h) \
+        (!!(le32toh((h)->compatible_flags) & HEADER_COMPATIBLE_SEALED))
+
+#define JOURNAL_HEADER_COMPRESSED_XZ(h) \
+        (!!(le32toh((h)->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED_XZ))
+
+#define JOURNAL_HEADER_COMPRESSED_LZ4(h) \
+        (!!(le32toh((h)->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED_LZ4))
+
+int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset, Object **ret);
+
+uint64_t journal_file_entry_n_items(Object *o) _pure_;
+uint64_t journal_file_entry_array_n_items(Object *o) _pure_;
+uint64_t journal_file_hash_table_n_items(Object *o) _pure_;
+
+int journal_file_append_object(JournalFile *f, ObjectType type, uint64_t size, Object **ret, uint64_t *offset);
+int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const struct iovec iovec[], unsigned n_iovec, uint64_t *seqno, Object **ret, uint64_t *offset);
+
+int journal_file_find_data_object(JournalFile *f, const void *data, uint64_t size, Object **ret, uint64_t *offset);
+int journal_file_find_data_object_with_hash(JournalFile *f, const void *data, uint64_t size, uint64_t hash, Object **ret, uint64_t *offset);
+
+int journal_file_find_field_object(JournalFile *f, const void *field, uint64_t size, Object **ret, uint64_t *offset);
+int journal_file_find_field_object_with_hash(JournalFile *f, const void *field, uint64_t size, uint64_t hash, Object **ret, uint64_t *offset);
+
+void journal_file_reset_location(JournalFile *f);
+void journal_file_save_location(JournalFile *f, Object *o, uint64_t offset);
+int journal_file_compare_locations(JournalFile *af, JournalFile *bf);
+int journal_file_next_entry(JournalFile *f, uint64_t p, direction_t direction, Object **ret, uint64_t *offset);
+
+int journal_file_next_entry_for_data(JournalFile *f, Object *o, uint64_t p, uint64_t data_offset, direction_t direction, Object **ret, uint64_t *offset);
+
+int journal_file_move_to_entry_by_seqnum(JournalFile *f, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset);
+int journal_file_move_to_entry_by_realtime(JournalFile *f, uint64_t realtime, direction_t direction, Object **ret, uint64_t *offset);
+int journal_file_move_to_entry_by_monotonic(JournalFile *f, sd_id128_t boot_id, uint64_t monotonic, direction_t direction, Object **ret, uint64_t *offset);
+
+int journal_file_move_to_entry_by_offset_for_data(JournalFile *f, uint64_t data_offset, uint64_t p, direction_t direction, Object **ret, uint64_t *offset);
+int journal_file_move_to_entry_by_seqnum_for_data(JournalFile *f, uint64_t data_offset, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset);
+int journal_file_move_to_entry_by_realtime_for_data(JournalFile *f, uint64_t data_offset, uint64_t realtime, direction_t direction, Object **ret, uint64_t *offset);
+int journal_file_move_to_entry_by_monotonic_for_data(JournalFile *f, uint64_t data_offset, sd_id128_t boot_id, uint64_t monotonic, direction_t direction, Object **ret, uint64_t *offset);
+
+int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p, uint64_t *seqnum, Object **ret, uint64_t *offset);
+
+void journal_file_dump(JournalFile *f);
+void journal_file_print_header(JournalFile *f);
+
+int journal_file_rotate(JournalFile **f, bool compress, bool seal, Set *deferred_closes);
+
+void journal_file_post_change(JournalFile *f);
+int journal_file_enable_post_change_timer(JournalFile *f, sd_event *e, usec_t t);
+
+void journal_reset_metrics(JournalMetrics *m);
+void journal_default_metrics(JournalMetrics *m, int fd);
+
+int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *to);
+int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot, usec_t *from, usec_t *to);
+
+bool journal_file_rotate_suggested(JournalFile *f, usec_t max_file_usec);
+
+int journal_file_map_data_hash_table(JournalFile *f);
+int journal_file_map_field_hash_table(JournalFile *f);
+
+static inline bool JOURNAL_FILE_COMPRESS(JournalFile *f) {
+        assert(f);
+        return f->compress_xz || f->compress_lz4;
+}
diff --git a/src/libsystemd/libsystemd-journal-internal/journal-internal.h b/src/libsystemd/libsystemd-journal-internal/journal-internal.h
new file mode 100644
index 0000000000..d8eb11ad06
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/journal-internal.h
@@ -0,0 +1,143 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include <sys/types.h>
+
+#include <systemd/sd-id128.h>
+#include <systemd/sd-journal.h>
+
+#include "hashmap.h"
+#include "journal-def.h"
+#include "journal-file.h"
+#include "list.h"
+#include "set.h"
+
+typedef struct Match Match;
+typedef struct Location Location;
+typedef struct Directory Directory;
+
+typedef enum MatchType {
+        MATCH_DISCRETE,
+        MATCH_OR_TERM,
+        MATCH_AND_TERM
+} MatchType;
+
+struct Match {
+        MatchType type;
+        Match *parent;
+        LIST_FIELDS(Match, matches);
+
+        /* For concrete matches */
+        char *data;
+        size_t size;
+        le64_t le_hash;
+
+        /* For terms */
+        LIST_HEAD(Match, matches);
+};
+
+struct Location {
+        LocationType type;
+
+        bool seqnum_set;
+        bool realtime_set;
+        bool monotonic_set;
+        bool xor_hash_set;
+
+        uint64_t seqnum;
+        sd_id128_t seqnum_id;
+
+        uint64_t realtime;
+
+        uint64_t monotonic;
+        sd_id128_t boot_id;
+
+        uint64_t xor_hash;
+};
+
+struct Directory {
+        char *path;
+        int wd;
+        bool is_root;
+};
+
+struct sd_journal {
+        int toplevel_fd;
+
+        char *path;
+        char *prefix;
+
+        OrderedHashmap *files;
+        MMapCache *mmap;
+
+        Location current_location;
+
+        JournalFile *current_file;
+        uint64_t current_field;
+
+        Match *level0, *level1, *level2;
+
+        pid_t original_pid;
+
+        int inotify_fd;
+        unsigned current_invalidate_counter, last_invalidate_counter;
+        usec_t last_process_usec;
+
+        /* Iterating through unique fields and their data values */
+        char *unique_field;
+        JournalFile *unique_file;
+        uint64_t unique_offset;
+
+        /* Iterating through known fields */
+        JournalFile *fields_file;
+        uint64_t fields_offset;
+        uint64_t fields_hash_table_index;
+        char *fields_buffer;
+        size_t fields_buffer_allocated;
+
+        int flags;
+
+        bool on_network:1;
+        bool no_new_files:1;
+        bool no_inotify:1;
+        bool unique_file_lost:1; /* File we were iterating over got
+                                    removed, and there were no more
+                                    files, so sd_j_enumerate_unique
+                                    will return a value equal to 0. */
+        bool fields_file_lost:1;
+        bool has_runtime_files:1;
+        bool has_persistent_files:1;
+
+        size_t data_threshold;
+
+        Hashmap *directories_by_path;
+        Hashmap *directories_by_wd;
+
+        Hashmap *errors;
+};
+
+char *journal_make_match_string(sd_journal *j);
+void journal_print_header(sd_journal *j);
+
+#define JOURNAL_FOREACH_DATA_RETVAL(j, data, l, retval)                     \
+        for (sd_journal_restart_data(j); ((retval) = sd_journal_enumerate_data((j), &(data), &(l))) > 0; )
diff --git a/src/libsystemd/libsystemd-journal-internal/journal-send.c b/src/libsystemd/libsystemd-journal-internal/journal-send.c
new file mode 100644
index 0000000000..5a49211f85
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/journal-send.c
@@ -0,0 +1,559 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <printf.h>
+#include <stddef.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#define SD_JOURNAL_SUPPRESS_LOCATION
+
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "io-util.h"
+#include "memfd-util.h"
+#include "socket-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "util.h"
+
+#define SNDBUF_SIZE (8*1024*1024)
+
+#define ALLOCA_CODE_FUNC(f, func)                 \
+        do {                                      \
+                size_t _fl;                       \
+                const char *_func = (func);       \
+                char **_f = &(f);                 \
+                _fl = strlen(_func) + 1;          \
+                *_f = alloca(_fl + 10);           \
+                memcpy(*_f, "CODE_FUNC=", 10);    \
+                memcpy(*_f + 10, _func, _fl);     \
+        } while (false)
+
+/* We open a single fd, and we'll share it with the current process,
+ * all its threads, and all its subprocesses. This means we need to
+ * initialize it atomically, and need to operate on it atomically
+ * never assuming we are the only user */
+
+static int journal_fd(void) {
+        int fd;
+        static int fd_plus_one = 0;
+
+retry:
+        if (fd_plus_one > 0)
+                return fd_plus_one - 1;
+
+        fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
+        if (fd < 0)
+                return -errno;
+
+        fd_inc_sndbuf(fd, SNDBUF_SIZE);
+
+        if (!__sync_bool_compare_and_swap(&fd_plus_one, 0, fd+1)) {
+                safe_close(fd);
+                goto retry;
+        }
+
+        return fd;
+}
+
+_public_ int sd_journal_print(int priority, const char *format, ...) {
+        int r;
+        va_list ap;
+
+        va_start(ap, format);
+        r = sd_journal_printv(priority, format, ap);
+        va_end(ap);
+
+        return r;
+}
+
+_public_ int sd_journal_printv(int priority, const char *format, va_list ap) {
+
+        /* FIXME: Instead of limiting things to LINE_MAX we could do a
+           C99 variable-length array on the stack here in a loop. */
+
+        char buffer[8 + LINE_MAX], p[sizeof("PRIORITY=")-1 + DECIMAL_STR_MAX(int) + 1];
+        struct iovec iov[2];
+
+        assert_return(priority >= 0, -EINVAL);
+        assert_return(priority <= 7, -EINVAL);
+        assert_return(format, -EINVAL);
+
+        xsprintf(p, "PRIORITY=%i", priority & LOG_PRIMASK);
+
+        memcpy(buffer, "MESSAGE=", 8);
+        vsnprintf(buffer+8, sizeof(buffer) - 8, format, ap);
+
+        zero(iov);
+        IOVEC_SET_STRING(iov[0], buffer);
+        IOVEC_SET_STRING(iov[1], p);
+
+        return sd_journal_sendv(iov, 2);
+}
+
+_printf_(1, 0) static int fill_iovec_sprintf(const char *format, va_list ap, int extra, struct iovec **_iov) {
+        PROTECT_ERRNO;
+        int r, n = 0, i = 0, j;
+        struct iovec *iov = NULL;
+
+        assert(_iov);
+
+        if (extra > 0) {
+                n = MAX(extra * 2, extra + 4);
+                iov = malloc0(n * sizeof(struct iovec));
+                if (!iov) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                i = extra;
+        }
+
+        while (format) {
+                struct iovec *c;
+                char *buffer;
+                va_list aq;
+
+                if (i >= n) {
+                        n = MAX(i*2, 4);
+                        c = realloc(iov, n * sizeof(struct iovec));
+                        if (!c) {
+                                r = -ENOMEM;
+                                goto fail;
+                        }
+
+                        iov = c;
+                }
+
+                va_copy(aq, ap);
+                if (vasprintf(&buffer, format, aq) < 0) {
+                        va_end(aq);
+                        r = -ENOMEM;
+                        goto fail;
+                }
+                va_end(aq);
+
+                VA_FORMAT_ADVANCE(format, ap);
+
+                IOVEC_SET_STRING(iov[i++], buffer);
+
+                format = va_arg(ap, char *);
+        }
+
+        *_iov = iov;
+
+        return i;
+
+fail:
+        for (j = 0; j < i; j++)
+                free(iov[j].iov_base);
+
+        free(iov);
+
+        return r;
+}
+
+_public_ int sd_journal_send(const char *format, ...) {
+        int r, i, j;
+        va_list ap;
+        struct iovec *iov = NULL;
+
+        va_start(ap, format);
+        i = fill_iovec_sprintf(format, ap, 0, &iov);
+        va_end(ap);
+
+        if (_unlikely_(i < 0)) {
+                r = i;
+                goto finish;
+        }
+
+        r = sd_journal_sendv(iov, i);
+
+finish:
+        for (j = 0; j < i; j++)
+                free(iov[j].iov_base);
+
+        free(iov);
+
+        return r;
+}
+
+_public_ int sd_journal_sendv(const struct iovec *iov, int n) {
+        PROTECT_ERRNO;
+        int fd, r;
+        _cleanup_close_ int buffer_fd = -1;
+        struct iovec *w;
+        uint64_t *l;
+        int i, j = 0;
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/journal/socket",
+        };
+        struct msghdr mh = {
+                .msg_name = (struct sockaddr*) &sa.sa,
+                .msg_namelen = SOCKADDR_UN_LEN(sa.un),
+        };
+        ssize_t k;
+        bool have_syslog_identifier = false;
+        bool seal = true;
+
+        assert_return(iov, -EINVAL);
+        assert_return(n > 0, -EINVAL);
+
+        w = newa(struct iovec, n * 5 + 3);
+        l = newa(uint64_t, n);
+
+        for (i = 0; i < n; i++) {
+                char *c, *nl;
+
+                if (_unlikely_(!iov[i].iov_base || iov[i].iov_len <= 1))
+                        return -EINVAL;
+
+                c = memchr(iov[i].iov_base, '=', iov[i].iov_len);
+                if (_unlikely_(!c || c == iov[i].iov_base))
+                        return -EINVAL;
+
+                have_syslog_identifier = have_syslog_identifier ||
+                        (c == (char *) iov[i].iov_base + 17 &&
+                         startswith(iov[i].iov_base, "SYSLOG_IDENTIFIER"));
+
+                nl = memchr(iov[i].iov_base, '\n', iov[i].iov_len);
+                if (nl) {
+                        if (_unlikely_(nl < c))
+                                return -EINVAL;
+
+                        /* Already includes a newline? Bummer, then
+                         * let's write the variable name, then a
+                         * newline, then the size (64bit LE), followed
+                         * by the data and a final newline */
+
+                        w[j].iov_base = iov[i].iov_base;
+                        w[j].iov_len = c - (char*) iov[i].iov_base;
+                        j++;
+
+                        IOVEC_SET_STRING(w[j++], "\n");
+
+                        l[i] = htole64(iov[i].iov_len - (c - (char*) iov[i].iov_base) - 1);
+                        w[j].iov_base = &l[i];
+                        w[j].iov_len = sizeof(uint64_t);
+                        j++;
+
+                        w[j].iov_base = c + 1;
+                        w[j].iov_len = iov[i].iov_len - (c - (char*) iov[i].iov_base) - 1;
+                        j++;
+
+                } else
+                        /* Nothing special? Then just add the line and
+                         * append a newline */
+                        w[j++] = iov[i];
+
+                IOVEC_SET_STRING(w[j++], "\n");
+        }
+
+        if (!have_syslog_identifier &&
+            string_is_safe(program_invocation_short_name)) {
+
+                /* Implicitly add program_invocation_short_name, if it
+                 * is not set explicitly. We only do this for
+                 * program_invocation_short_name, and nothing else
+                 * since everything else is much nicer to retrieve
+                 * from the outside. */
+
+                IOVEC_SET_STRING(w[j++], "SYSLOG_IDENTIFIER=");
+                IOVEC_SET_STRING(w[j++], program_invocation_short_name);
+                IOVEC_SET_STRING(w[j++], "\n");
+        }
+
+        fd = journal_fd();
+        if (_unlikely_(fd < 0))
+                return fd;
+
+        mh.msg_iov = w;
+        mh.msg_iovlen = j;
+
+        k = sendmsg(fd, &mh, MSG_NOSIGNAL);
+        if (k >= 0)
+                return 0;
+
+        /* Fail silently if the journal is not available */
+        if (errno == ENOENT)
+                return 0;
+
+        if (errno != EMSGSIZE && errno != ENOBUFS)
+                return -errno;
+
+        /* Message doesn't fit... Let's dump the data in a memfd or
+         * temporary file and just pass a file descriptor of it to the
+         * other side.
+         *
+         * For the temporary files we use /dev/shm instead of /tmp
+         * here, since we want this to be a tmpfs, and one that is
+         * available from early boot on and where unprivileged users
+         * can create files. */
+        buffer_fd = memfd_new(NULL);
+        if (buffer_fd < 0) {
+                if (buffer_fd == -ENOSYS) {
+                        buffer_fd = open_tmpfile_unlinkable("/dev/shm", O_RDWR | O_CLOEXEC);
+                        if (buffer_fd < 0)
+                                return buffer_fd;
+
+                        seal = false;
+                } else
+                        return buffer_fd;
+        }
+
+        n = writev(buffer_fd, w, j);
+        if (n < 0)
+                return -errno;
+
+        if (seal) {
+                r = memfd_set_sealed(buffer_fd);
+                if (r < 0)
+                        return r;
+        }
+
+        r = send_one_fd_sa(fd, buffer_fd, mh.msg_name, mh.msg_namelen, 0);
+        if (r == -ENOENT)
+                /* Fail silently if the journal is not available */
+                return 0;
+        return r;
+}
+
+static int fill_iovec_perror_and_send(const char *message, int skip, struct iovec iov[]) {
+        PROTECT_ERRNO;
+        size_t n, k;
+
+        k = isempty(message) ? 0 : strlen(message) + 2;
+        n = 8 + k + 256 + 1;
+
+        for (;;) {
+                char buffer[n];
+                char* j;
+
+                errno = 0;
+                j = strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k);
+                if (errno == 0) {
+                        char error[sizeof("ERRNO=")-1 + DECIMAL_STR_MAX(int) + 1];
+
+                        if (j != buffer + 8 + k)
+                                memmove(buffer + 8 + k, j, strlen(j)+1);
+
+                        memcpy(buffer, "MESSAGE=", 8);
+
+                        if (k > 0) {
+                                memcpy(buffer + 8, message, k - 2);
+                                memcpy(buffer + 8 + k - 2, ": ", 2);
+                        }
+
+                        xsprintf(error, "ERRNO=%i", _saved_errno_);
+
+                        assert_cc(3 == LOG_ERR);
+                        IOVEC_SET_STRING(iov[skip+0], "PRIORITY=3");
+                        IOVEC_SET_STRING(iov[skip+1], buffer);
+                        IOVEC_SET_STRING(iov[skip+2], error);
+
+                        return sd_journal_sendv(iov, skip + 3);
+                }
+
+                if (errno != ERANGE)
+                        return -errno;
+
+                n *= 2;
+        }
+}
+
+_public_ int sd_journal_perror(const char *message) {
+        struct iovec iovec[3];
+
+        return fill_iovec_perror_and_send(message, 0, iovec);
+}
+
+_public_ int sd_journal_stream_fd(const char *identifier, int priority, int level_prefix) {
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/journal/stdout",
+        };
+        _cleanup_close_ int fd = -1;
+        char *header;
+        size_t l;
+        int r;
+
+        assert_return(priority >= 0, -EINVAL);
+        assert_return(priority <= 7, -EINVAL);
+
+        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
+        if (fd < 0)
+                return -errno;
+
+        r = connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+        if (r < 0)
+                return -errno;
+
+        if (shutdown(fd, SHUT_RD) < 0)
+                return -errno;
+
+        fd_inc_sndbuf(fd, SNDBUF_SIZE);
+
+        if (!identifier)
+                identifier = "";
+
+        l = strlen(identifier);
+        header = alloca(l + 1 + 1 + 2 + 2 + 2 + 2 + 2);
+
+        memcpy(header, identifier, l);
+        header[l++] = '\n';
+        header[l++] = '\n'; /* unit id */
+        header[l++] = '0' + priority;
+        header[l++] = '\n';
+        header[l++] = '0' + !!level_prefix;
+        header[l++] = '\n';
+        header[l++] = '0';
+        header[l++] = '\n';
+        header[l++] = '0';
+        header[l++] = '\n';
+        header[l++] = '0';
+        header[l++] = '\n';
+
+        r = loop_write(fd, header, l, false);
+        if (r < 0)
+                return r;
+
+        r = fd;
+        fd = -1;
+        return r;
+}
+
+_public_ int sd_journal_print_with_location(int priority, const char *file, const char *line, const char *func, const char *format, ...) {
+        int r;
+        va_list ap;
+
+        va_start(ap, format);
+        r = sd_journal_printv_with_location(priority, file, line, func, format, ap);
+        va_end(ap);
+
+        return r;
+}
+
+_public_ int sd_journal_printv_with_location(int priority, const char *file, const char *line, const char *func, const char *format, va_list ap) {
+        char buffer[8 + LINE_MAX], p[sizeof("PRIORITY=")-1 + DECIMAL_STR_MAX(int) + 1];
+        struct iovec iov[5];
+        char *f;
+
+        assert_return(priority >= 0, -EINVAL);
+        assert_return(priority <= 7, -EINVAL);
+        assert_return(format, -EINVAL);
+
+        xsprintf(p, "PRIORITY=%i", priority & LOG_PRIMASK);
+
+        memcpy(buffer, "MESSAGE=", 8);
+        vsnprintf(buffer+8, sizeof(buffer) - 8, format, ap);
+
+        /* func is initialized from __func__ which is not a macro, but
+         * a static const char[], hence cannot easily be prefixed with
+         * CODE_FUNC=, hence let's do it manually here. */
+        ALLOCA_CODE_FUNC(f, func);
+
+        zero(iov);
+        IOVEC_SET_STRING(iov[0], buffer);
+        IOVEC_SET_STRING(iov[1], p);
+        IOVEC_SET_STRING(iov[2], file);
+        IOVEC_SET_STRING(iov[3], line);
+        IOVEC_SET_STRING(iov[4], f);
+
+        return sd_journal_sendv(iov, ELEMENTSOF(iov));
+}
+
+_public_ int sd_journal_send_with_location(const char *file, const char *line, const char *func, const char *format, ...) {
+        int r, i, j;
+        va_list ap;
+        struct iovec *iov = NULL;
+        char *f;
+
+        va_start(ap, format);
+        i = fill_iovec_sprintf(format, ap, 3, &iov);
+        va_end(ap);
+
+        if (_unlikely_(i < 0)) {
+                r = i;
+                goto finish;
+        }
+
+        ALLOCA_CODE_FUNC(f, func);
+
+        IOVEC_SET_STRING(iov[0], file);
+        IOVEC_SET_STRING(iov[1], line);
+        IOVEC_SET_STRING(iov[2], f);
+
+        r = sd_journal_sendv(iov, i);
+
+finish:
+        for (j = 3; j < i; j++)
+                free(iov[j].iov_base);
+
+        free(iov);
+
+        return r;
+}
+
+_public_ int sd_journal_sendv_with_location(
+                const char *file, const char *line,
+                const char *func,
+                const struct iovec *iov, int n) {
+
+        struct iovec *niov;
+        char *f;
+
+        assert_return(iov, -EINVAL);
+        assert_return(n > 0, -EINVAL);
+
+        niov = alloca(sizeof(struct iovec) * (n + 3));
+        memcpy(niov, iov, sizeof(struct iovec) * n);
+
+        ALLOCA_CODE_FUNC(f, func);
+
+        IOVEC_SET_STRING(niov[n++], file);
+        IOVEC_SET_STRING(niov[n++], line);
+        IOVEC_SET_STRING(niov[n++], f);
+
+        return sd_journal_sendv(niov, n);
+}
+
+_public_ int sd_journal_perror_with_location(
+                const char *file, const char *line,
+                const char *func,
+                const char *message) {
+
+        struct iovec iov[6];
+        char *f;
+
+        ALLOCA_CODE_FUNC(f, func);
+
+        IOVEC_SET_STRING(iov[0], file);
+        IOVEC_SET_STRING(iov[1], line);
+        IOVEC_SET_STRING(iov[2], f);
+
+        return fill_iovec_perror_and_send(message, 3, iov);
+}
diff --git a/src/libsystemd/libsystemd-journal-internal/journal-vacuum.c b/src/libsystemd/libsystemd-journal-internal/journal-vacuum.c
new file mode 100644
index 0000000000..cd2676ab63
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/journal-vacuum.c
@@ -0,0 +1,349 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "dirent-util.h"
+#include "fd-util.h"
+#include "journal-def.h"
+#include "journal-file.h"
+#include "journal-vacuum.h"
+#include "parse-util.h"
+#include "string-util.h"
+#include "util.h"
+#include "xattr-util.h"
+
+struct vacuum_info {
+        uint64_t usage;
+        char *filename;
+
+        uint64_t realtime;
+
+        sd_id128_t seqnum_id;
+        uint64_t seqnum;
+        bool have_seqnum;
+};
+
+static int vacuum_compare(const void *_a, const void *_b) {
+        const struct vacuum_info *a, *b;
+
+        a = _a;
+        b = _b;
+
+        if (a->have_seqnum && b->have_seqnum &&
+            sd_id128_equal(a->seqnum_id, b->seqnum_id)) {
+                if (a->seqnum < b->seqnum)
+                        return -1;
+                else if (a->seqnum > b->seqnum)
+                        return 1;
+                else
+                        return 0;
+        }
+
+        if (a->realtime < b->realtime)
+                return -1;
+        else if (a->realtime > b->realtime)
+                return 1;
+        else if (a->have_seqnum && b->have_seqnum)
+                return memcmp(&a->seqnum_id, &b->seqnum_id, 16);
+        else
+                return strcmp(a->filename, b->filename);
+}
+
+static void patch_realtime(
+                int fd,
+                const char *fn,
+                const struct stat *st,
+                unsigned long long *realtime) {
+
+        usec_t x, crtime = 0;
+
+        /* The timestamp was determined by the file name, but let's
+         * see if the file might actually be older than the file name
+         * suggested... */
+
+        assert(fd >= 0);
+        assert(fn);
+        assert(st);
+        assert(realtime);
+
+        x = timespec_load(&st->st_ctim);
+        if (x > 0 && x != USEC_INFINITY && x < *realtime)
+                *realtime = x;
+
+        x = timespec_load(&st->st_atim);
+        if (x > 0 && x != USEC_INFINITY && x < *realtime)
+                *realtime = x;
+
+        x = timespec_load(&st->st_mtim);
+        if (x > 0 && x != USEC_INFINITY && x < *realtime)
+                *realtime = x;
+
+        /* Let's read the original creation time, if possible. Ideally
+         * we'd just query the creation time the FS might provide, but
+         * unfortunately there's currently no sane API to query
+         * it. Hence let's implement this manually... */
+
+        if (fd_getcrtime_at(fd, fn, &crtime, 0) >= 0) {
+                if (crtime < *realtime)
+                        *realtime = crtime;
+        }
+}
+
+static int journal_file_empty(int dir_fd, const char *name) {
+        _cleanup_close_ int fd;
+        struct stat st;
+        le64_t n_entries;
+        ssize_t n;
+
+        fd = openat(dir_fd, name, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK|O_NOATIME);
+        if (fd < 0) {
+                /* Maybe failed due to O_NOATIME and lack of privileges? */
+                fd = openat(dir_fd, name, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK);
+                if (fd < 0)
+                        return -errno;
+        }
+
+        if (fstat(fd, &st) < 0)
+                return -errno;
+
+        /* If an offline file doesn't even have a header we consider it empty */
+        if (st.st_size < (off_t) sizeof(Header))
+                return 1;
+
+        /* If the number of entries is empty, we consider it empty, too */
+        n = pread(fd, &n_entries, sizeof(n_entries), offsetof(Header, n_entries));
+        if (n < 0)
+                return -errno;
+        if (n != sizeof(n_entries))
+                return -EIO;
+
+        return le64toh(n_entries) <= 0;
+}
+
+int journal_directory_vacuum(
+                const char *directory,
+                uint64_t max_use,
+                uint64_t n_max_files,
+                usec_t max_retention_usec,
+                usec_t *oldest_usec,
+                bool verbose) {
+
+        _cleanup_closedir_ DIR *d = NULL;
+        struct vacuum_info *list = NULL;
+        unsigned n_list = 0, i, n_active_files = 0;
+        size_t n_allocated = 0;
+        uint64_t sum = 0, freed = 0;
+        usec_t retention_limit = 0;
+        char sbytes[FORMAT_BYTES_MAX];
+        struct dirent *de;
+        int r;
+
+        assert(directory);
+
+        if (max_use <= 0 && max_retention_usec <= 0 && n_max_files <= 0)
+                return 0;
+
+        if (max_retention_usec > 0) {
+                retention_limit = now(CLOCK_REALTIME);
+                if (retention_limit > max_retention_usec)
+                        retention_limit -= max_retention_usec;
+                else
+                        max_retention_usec = retention_limit = 0;
+        }
+
+        d = opendir(directory);
+        if (!d)
+                return -errno;
+
+        FOREACH_DIRENT_ALL(de, d, r = -errno; goto finish) {
+
+                unsigned long long seqnum = 0, realtime;
+                _cleanup_free_ char *p = NULL;
+                sd_id128_t seqnum_id;
+                bool have_seqnum;
+                uint64_t size;
+                struct stat st;
+                size_t q;
+
+                if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
+                        log_debug_errno(errno, "Failed to stat file %s while vacuuming, ignoring: %m", de->d_name);
+                        continue;
+                }
+
+                if (!S_ISREG(st.st_mode))
+                        continue;
+
+                q = strlen(de->d_name);
+
+                if (endswith(de->d_name, ".journal")) {
+
+                        /* Vacuum archived files. Active files are
+                         * left around */
+
+                        if (q < 1 + 32 + 1 + 16 + 1 + 16 + 8) {
+                                n_active_files++;
+                                continue;
+                        }
+
+                        if (de->d_name[q-8-16-1] != '-' ||
+                            de->d_name[q-8-16-1-16-1] != '-' ||
+                            de->d_name[q-8-16-1-16-1-32-1] != '@') {
+                                n_active_files++;
+                                continue;
+                        }
+
+                        p = strdup(de->d_name);
+                        if (!p) {
+                                r = -ENOMEM;
+                                goto finish;
+                        }
+
+                        de->d_name[q-8-16-1-16-1] = 0;
+                        if (sd_id128_from_string(de->d_name + q-8-16-1-16-1-32, &seqnum_id) < 0) {
+                                n_active_files++;
+                                continue;
+                        }
+
+                        if (sscanf(de->d_name + q-8-16-1-16, "%16llx-%16llx.journal", &seqnum, &realtime) != 2) {
+                                n_active_files++;
+                                continue;
+                        }
+
+                        have_seqnum = true;
+
+                } else if (endswith(de->d_name, ".journal~")) {
+                        unsigned long long tmp;
+
+                        /* Vacuum corrupted files */
+
+                        if (q < 1 + 16 + 1 + 16 + 8 + 1) {
+                                n_active_files++;
+                                continue;
+                        }
+
+                        if (de->d_name[q-1-8-16-1] != '-' ||
+                            de->d_name[q-1-8-16-1-16-1] != '@') {
+                                n_active_files++;
+                                continue;
+                        }
+
+                        p = strdup(de->d_name);
+                        if (!p) {
+                                r = -ENOMEM;
+                                goto finish;
+                        }
+
+                        if (sscanf(de->d_name + q-1-8-16-1-16, "%16llx-%16llx.journal~", &realtime, &tmp) != 2) {
+                                n_active_files++;
+                                continue;
+                        }
+
+                        have_seqnum = false;
+                } else {
+                        /* We do not vacuum unknown files! */
+                        log_debug("Not vacuuming unknown file %s.", de->d_name);
+                        continue;
+                }
+
+                size = 512UL * (uint64_t) st.st_blocks;
+
+                r = journal_file_empty(dirfd(d), p);
+                if (r < 0) {
+                        log_debug_errno(r, "Failed check if %s is empty, ignoring: %m", p);
+                        continue;
+                }
+                if (r > 0) {
+                        /* Always vacuum empty non-online files. */
+
+                        if (unlinkat(dirfd(d), p, 0) >= 0) {
+
+                                log_full(verbose ? LOG_INFO : LOG_DEBUG,
+                                         "Deleted empty archived journal %s/%s (%s).", directory, p, format_bytes(sbytes, sizeof(sbytes), size));
+
+                                freed += size;
+                        } else if (errno != ENOENT)
+                                log_warning_errno(errno, "Failed to delete empty archived journal %s/%s: %m", directory, p);
+
+                        continue;
+                }
+
+                patch_realtime(dirfd(d), p, &st, &realtime);
+
+                if (!GREEDY_REALLOC(list, n_allocated, n_list + 1)) {
+                        r = -ENOMEM;
+                        goto finish;
+                }
+
+                list[n_list].filename = p;
+                list[n_list].usage = size;
+                list[n_list].seqnum = seqnum;
+                list[n_list].realtime = realtime;
+                list[n_list].seqnum_id = seqnum_id;
+                list[n_list].have_seqnum = have_seqnum;
+                n_list++;
+
+                p = NULL;
+                sum += size;
+        }
+
+        qsort_safe(list, n_list, sizeof(struct vacuum_info), vacuum_compare);
+
+        for (i = 0; i < n_list; i++) {
+                unsigned left;
+
+                left = n_active_files + n_list - i;
+
+                if ((max_retention_usec <= 0 || list[i].realtime >= retention_limit) &&
+                    (max_use <= 0 || sum <= max_use) &&
+                    (n_max_files <= 0 || left <= n_max_files))
+                        break;
+
+                if (unlinkat(dirfd(d), list[i].filename, 0) >= 0) {
+                        log_full(verbose ? LOG_INFO : LOG_DEBUG, "Deleted archived journal %s/%s (%s).", directory, list[i].filename, format_bytes(sbytes, sizeof(sbytes), list[i].usage));
+                        freed += list[i].usage;
+
+                        if (list[i].usage < sum)
+                                sum -= list[i].usage;
+                        else
+                                sum = 0;
+
+                } else if (errno != ENOENT)
+                        log_warning_errno(errno, "Failed to delete archived journal %s/%s: %m", directory, list[i].filename);
+        }
+
+        if (oldest_usec && i < n_list && (*oldest_usec == 0 || list[i].realtime < *oldest_usec))
+                *oldest_usec = list[i].realtime;
+
+        r = 0;
+
+finish:
+        for (i = 0; i < n_list; i++)
+                free(list[i].filename);
+        free(list);
+
+        log_full(verbose ? LOG_INFO : LOG_DEBUG, "Vacuuming done, freed %s of archived journals on disk.", format_bytes(sbytes, sizeof(sbytes), freed));
+
+        return r;
+}
diff --git a/src/journal/journal-vacuum.h b/src/libsystemd/libsystemd-journal-internal/journal-vacuum.h
index 1e750a2170..1e750a2170 100644
--- a/src/journal/journal-vacuum.h
+++ b/src/libsystemd/libsystemd-journal-internal/journal-vacuum.h
diff --git a/src/journal/journal-verify.c b/src/libsystemd/libsystemd-journal-internal/journal-verify.c
index 26572ddd76..26572ddd76 100644
--- a/src/journal/journal-verify.c
+++ b/src/libsystemd/libsystemd-journal-internal/journal-verify.c
diff --git a/src/journal/journal-verify.h b/src/libsystemd/libsystemd-journal-internal/journal-verify.h
index 8f0eaf6daa..8f0eaf6daa 100644
--- a/src/journal/journal-verify.h
+++ b/src/libsystemd/libsystemd-journal-internal/journal-verify.h
diff --git a/src/journal/lookup3.c b/src/libsystemd/libsystemd-journal-internal/lookup3.c
index 3d791234f4..3d791234f4 100644
--- a/src/journal/lookup3.c
+++ b/src/libsystemd/libsystemd-journal-internal/lookup3.c
diff --git a/src/journal/lookup3.h b/src/libsystemd/libsystemd-journal-internal/lookup3.h
index 787921ffbf..787921ffbf 100644
--- a/src/journal/lookup3.h
+++ b/src/libsystemd/libsystemd-journal-internal/lookup3.h
diff --git a/src/journal/mmap-cache.c b/src/libsystemd/libsystemd-journal-internal/mmap-cache.c
index 6bcd9b6ac8..6bcd9b6ac8 100644
--- a/src/journal/mmap-cache.c
+++ b/src/libsystemd/libsystemd-journal-internal/mmap-cache.c
diff --git a/src/journal/mmap-cache.h b/src/libsystemd/libsystemd-journal-internal/mmap-cache.h
index 199d944647..199d944647 100644
--- a/src/journal/mmap-cache.h
+++ b/src/libsystemd/libsystemd-journal-internal/mmap-cache.h
diff --git a/src/libsystemd/libsystemd-journal-internal/sd-journal.c b/src/libsystemd/libsystemd-journal-internal/sd-journal.c
new file mode 100644
index 0000000000..930486d65f
--- /dev/null
+++ b/src/libsystemd/libsystemd-journal-internal/sd-journal.c
@@ -0,0 +1,2985 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <linux/magic.h>
+#include <poll.h>
+#include <stddef.h>
+#include <sys/inotify.h>
+#include <sys/vfs.h>
+#include <unistd.h>
+
+#include <systemd/sd-journal.h>
+
+#include "alloc-util.h"
+#include "catalog.h"
+#include "compress.h"
+#include "dirent-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "hashmap.h"
+#include "hostname-util.h"
+#include "io-util.h"
+#include "journal-def.h"
+#include "journal-file.h"
+#include "journal-internal.h"
+#include "list.h"
+#include "lookup3.h"
+#include "missing.h"
+#include "path-util.h"
+#include "replace-var.h"
+#include "stat-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "strv.h"
+
+#define JOURNAL_FILES_MAX 7168
+
+#define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC)
+
+#define REPLACE_VAR_MAX 256
+
+#define DEFAULT_DATA_THRESHOLD (64*1024)
+
+static void remove_file_real(sd_journal *j, JournalFile *f);
+
+static bool journal_pid_changed(sd_journal *j) {
+        assert(j);
+
+        /* We don't support people creating a journal object and
+         * keeping it around over a fork(). Let's complain. */
+
+        return j->original_pid != getpid();
+}
+
+static int journal_put_error(sd_journal *j, int r, const char *path) {
+        char *copy;
+        int k;
+
+        /* Memorize an error we encountered, and store which
+         * file/directory it was generated from. Note that we store
+         * only *one* path per error code, as the error code is the
+         * key into the hashmap, and the path is the value. This means
+         * we keep track only of all error kinds, but not of all error
+         * locations. This has the benefit that the hashmap cannot
+         * grow beyond bounds.
+         *
+         * We return an error here only if we didn't manage to
+         * memorize the real error. */
+
+        if (r >= 0)
+                return r;
+
+        k = hashmap_ensure_allocated(&j->errors, NULL);
+        if (k < 0)
+                return k;
+
+        if (path) {
+                copy = strdup(path);
+                if (!copy)
+                        return -ENOMEM;
+        } else
+                copy = NULL;
+
+        k = hashmap_put(j->errors, INT_TO_PTR(r), copy);
+        if (k < 0) {
+                free(copy);
+
+                if (k == -EEXIST)
+                        return 0;
+
+                return k;
+        }
+
+        return 0;
+}
+
+static void detach_location(sd_journal *j) {
+        Iterator i;
+        JournalFile *f;
+
+        assert(j);
+
+        j->current_file = NULL;
+        j->current_field = 0;
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i)
+                journal_file_reset_location(f);
+}
+
+static void reset_location(sd_journal *j) {
+        assert(j);
+
+        detach_location(j);
+        zero(j->current_location);
+}
+
+static void init_location(Location *l, LocationType type, JournalFile *f, Object *o) {
+        assert(l);
+        assert(type == LOCATION_DISCRETE || type == LOCATION_SEEK);
+        assert(f);
+        assert(o->object.type == OBJECT_ENTRY);
+
+        l->type = type;
+        l->seqnum = le64toh(o->entry.seqnum);
+        l->seqnum_id = f->header->seqnum_id;
+        l->realtime = le64toh(o->entry.realtime);
+        l->monotonic = le64toh(o->entry.monotonic);
+        l->boot_id = o->entry.boot_id;
+        l->xor_hash = le64toh(o->entry.xor_hash);
+
+        l->seqnum_set = l->realtime_set = l->monotonic_set = l->xor_hash_set = true;
+}
+
+static void set_location(sd_journal *j, JournalFile *f, Object *o) {
+        assert(j);
+        assert(f);
+        assert(o);
+
+        init_location(&j->current_location, LOCATION_DISCRETE, f, o);
+
+        j->current_file = f;
+        j->current_field = 0;
+
+        /* Let f know its candidate entry was picked. */
+        assert(f->location_type == LOCATION_SEEK);
+        f->location_type = LOCATION_DISCRETE;
+}
+
+static int match_is_valid(const void *data, size_t size) {
+        const char *b, *p;
+
+        assert(data);
+
+        if (size < 2)
+                return false;
+
+        if (startswith(data, "__"))
+                return false;
+
+        b = data;
+        for (p = b; p < b + size; p++) {
+
+                if (*p == '=')
+                        return p > b;
+
+                if (*p == '_')
+                        continue;
+
+                if (*p >= 'A' && *p <= 'Z')
+                        continue;
+
+                if (*p >= '0' && *p <= '9')
+                        continue;
+
+                return false;
+        }
+
+        return false;
+}
+
+static bool same_field(const void *_a, size_t s, const void *_b, size_t t) {
+        const uint8_t *a = _a, *b = _b;
+        size_t j;
+
+        for (j = 0; j < s && j < t; j++) {
+
+                if (a[j] != b[j])
+                        return false;
+
+                if (a[j] == '=')
+                        return true;
+        }
+
+        assert_not_reached("\"=\" not found");
+}
+
+static Match *match_new(Match *p, MatchType t) {
+        Match *m;
+
+        m = new0(Match, 1);
+        if (!m)
+                return NULL;
+
+        m->type = t;
+
+        if (p) {
+                m->parent = p;
+                LIST_PREPEND(matches, p->matches, m);
+        }
+
+        return m;
+}
+
+static void match_free(Match *m) {
+        assert(m);
+
+        while (m->matches)
+                match_free(m->matches);
+
+        if (m->parent)
+                LIST_REMOVE(matches, m->parent->matches, m);
+
+        free(m->data);
+        free(m);
+}
+
+static void match_free_if_empty(Match *m) {
+        if (!m || m->matches)
+                return;
+
+        match_free(m);
+}
+
+_public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) {
+        Match *l3, *l4, *add_here = NULL, *m;
+        le64_t le_hash;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(data, -EINVAL);
+
+        if (size == 0)
+                size = strlen(data);
+
+        assert_return(match_is_valid(data, size), -EINVAL);
+
+        /* level 0: AND term
+         * level 1: OR terms
+         * level 2: AND terms
+         * level 3: OR terms
+         * level 4: concrete matches */
+
+        if (!j->level0) {
+                j->level0 = match_new(NULL, MATCH_AND_TERM);
+                if (!j->level0)
+                        return -ENOMEM;
+        }
+
+        if (!j->level1) {
+                j->level1 = match_new(j->level0, MATCH_OR_TERM);
+                if (!j->level1)
+                        return -ENOMEM;
+        }
+
+        if (!j->level2) {
+                j->level2 = match_new(j->level1, MATCH_AND_TERM);
+                if (!j->level2)
+                        return -ENOMEM;
+        }
+
+        assert(j->level0->type == MATCH_AND_TERM);
+        assert(j->level1->type == MATCH_OR_TERM);
+        assert(j->level2->type == MATCH_AND_TERM);
+
+        le_hash = htole64(hash64(data, size));
+
+        LIST_FOREACH(matches, l3, j->level2->matches) {
+                assert(l3->type == MATCH_OR_TERM);
+
+                LIST_FOREACH(matches, l4, l3->matches) {
+                        assert(l4->type == MATCH_DISCRETE);
+
+                        /* Exactly the same match already? Then ignore
+                         * this addition */
+                        if (l4->le_hash == le_hash &&
+                            l4->size == size &&
+                            memcmp(l4->data, data, size) == 0)
+                                return 0;
+
+                        /* Same field? Then let's add this to this OR term */
+                        if (same_field(data, size, l4->data, l4->size)) {
+                                add_here = l3;
+                                break;
+                        }
+                }
+
+                if (add_here)
+                        break;
+        }
+
+        if (!add_here) {
+                add_here = match_new(j->level2, MATCH_OR_TERM);
+                if (!add_here)
+                        goto fail;
+        }
+
+        m = match_new(add_here, MATCH_DISCRETE);
+        if (!m)
+                goto fail;
+
+        m->le_hash = le_hash;
+        m->size = size;
+        m->data = memdup(data, size);
+        if (!m->data)
+                goto fail;
+
+        detach_location(j);
+
+        return 0;
+
+fail:
+        match_free_if_empty(add_here);
+        match_free_if_empty(j->level2);
+        match_free_if_empty(j->level1);
+        match_free_if_empty(j->level0);
+
+        return -ENOMEM;
+}
+
+_public_ int sd_journal_add_conjunction(sd_journal *j) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        if (!j->level0)
+                return 0;
+
+        if (!j->level1)
+                return 0;
+
+        if (!j->level1->matches)
+                return 0;
+
+        j->level1 = NULL;
+        j->level2 = NULL;
+
+        return 0;
+}
+
+_public_ int sd_journal_add_disjunction(sd_journal *j) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        if (!j->level0)
+                return 0;
+
+        if (!j->level1)
+                return 0;
+
+        if (!j->level2)
+                return 0;
+
+        if (!j->level2->matches)
+                return 0;
+
+        j->level2 = NULL;
+        return 0;
+}
+
+static char *match_make_string(Match *m) {
+        char *p, *r;
+        Match *i;
+        bool enclose = false;
+
+        if (!m)
+                return strdup("none");
+
+        if (m->type == MATCH_DISCRETE)
+                return strndup(m->data, m->size);
+
+        p = NULL;
+        LIST_FOREACH(matches, i, m->matches) {
+                char *t, *k;
+
+                t = match_make_string(i);
+                if (!t) {
+                        free(p);
+                        return NULL;
+                }
+
+                if (p) {
+                        k = strjoin(p, m->type == MATCH_OR_TERM ? " OR " : " AND ", t, NULL);
+                        free(p);
+                        free(t);
+
+                        if (!k)
+                                return NULL;
+
+                        p = k;
+
+                        enclose = true;
+                } else
+                        p = t;
+        }
+
+        if (enclose) {
+                r = strjoin("(", p, ")", NULL);
+                free(p);
+                return r;
+        }
+
+        return p;
+}
+
+char *journal_make_match_string(sd_journal *j) {
+        assert(j);
+
+        return match_make_string(j->level0);
+}
+
+_public_ void sd_journal_flush_matches(sd_journal *j) {
+        if (!j)
+                return;
+
+        if (j->level0)
+                match_free(j->level0);
+
+        j->level0 = j->level1 = j->level2 = NULL;
+
+        detach_location(j);
+}
+
+_pure_ static int compare_with_location(JournalFile *f, Location *l) {
+        assert(f);
+        assert(l);
+        assert(f->location_type == LOCATION_SEEK);
+        assert(l->type == LOCATION_DISCRETE || l->type == LOCATION_SEEK);
+
+        if (l->monotonic_set &&
+            sd_id128_equal(f->current_boot_id, l->boot_id) &&
+            l->realtime_set &&
+            f->current_realtime == l->realtime &&
+            l->xor_hash_set &&
+            f->current_xor_hash == l->xor_hash)
+                return 0;
+
+        if (l->seqnum_set &&
+            sd_id128_equal(f->header->seqnum_id, l->seqnum_id)) {
+
+                if (f->current_seqnum < l->seqnum)
+                        return -1;
+                if (f->current_seqnum > l->seqnum)
+                        return 1;
+        }
+
+        if (l->monotonic_set &&
+            sd_id128_equal(f->current_boot_id, l->boot_id)) {
+
+                if (f->current_monotonic < l->monotonic)
+                        return -1;
+                if (f->current_monotonic > l->monotonic)
+                        return 1;
+        }
+
+        if (l->realtime_set) {
+
+                if (f->current_realtime < l->realtime)
+                        return -1;
+                if (f->current_realtime > l->realtime)
+                        return 1;
+        }
+
+        if (l->xor_hash_set) {
+
+                if (f->current_xor_hash < l->xor_hash)
+                        return -1;
+                if (f->current_xor_hash > l->xor_hash)
+                        return 1;
+        }
+
+        return 0;
+}
+
+static int next_for_match(
+                sd_journal *j,
+                Match *m,
+                JournalFile *f,
+                uint64_t after_offset,
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset) {
+
+        int r;
+        uint64_t np = 0;
+        Object *n;
+
+        assert(j);
+        assert(m);
+        assert(f);
+
+        if (m->type == MATCH_DISCRETE) {
+                uint64_t dp;
+
+                r = journal_file_find_data_object_with_hash(f, m->data, m->size, le64toh(m->le_hash), NULL, &dp);
+                if (r <= 0)
+                        return r;
+
+                return journal_file_move_to_entry_by_offset_for_data(f, dp, after_offset, direction, ret, offset);
+
+        } else if (m->type == MATCH_OR_TERM) {
+                Match *i;
+
+                /* Find the earliest match beyond after_offset */
+
+                LIST_FOREACH(matches, i, m->matches) {
+                        uint64_t cp;
+
+                        r = next_for_match(j, i, f, after_offset, direction, NULL, &cp);
+                        if (r < 0)
+                                return r;
+                        else if (r > 0) {
+                                if (np == 0 || (direction == DIRECTION_DOWN ? cp < np : cp > np))
+                                        np = cp;
+                        }
+                }
+
+                if (np == 0)
+                        return 0;
+
+        } else if (m->type == MATCH_AND_TERM) {
+                Match *i, *last_moved;
+
+                /* Always jump to the next matching entry and repeat
+                 * this until we find an offset that matches for all
+                 * matches. */
+
+                if (!m->matches)
+                        return 0;
+
+                r = next_for_match(j, m->matches, f, after_offset, direction, NULL, &np);
+                if (r <= 0)
+                        return r;
+
+                assert(direction == DIRECTION_DOWN ? np >= after_offset : np <= after_offset);
+                last_moved = m->matches;
+
+                LIST_LOOP_BUT_ONE(matches, i, m->matches, last_moved) {
+                        uint64_t cp;
+
+                        r = next_for_match(j, i, f, np, direction, NULL, &cp);
+                        if (r <= 0)
+                                return r;
+
+                        assert(direction == DIRECTION_DOWN ? cp >= np : cp <= np);
+                        if (direction == DIRECTION_DOWN ? cp > np : cp < np) {
+                                np = cp;
+                                last_moved = i;
+                        }
+                }
+        }
+
+        assert(np > 0);
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, np, &n);
+        if (r < 0)
+                return r;
+
+        if (ret)
+                *ret = n;
+        if (offset)
+                *offset = np;
+
+        return 1;
+}
+
+static int find_location_for_match(
+                sd_journal *j,
+                Match *m,
+                JournalFile *f,
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset) {
+
+        int r;
+
+        assert(j);
+        assert(m);
+        assert(f);
+
+        if (m->type == MATCH_DISCRETE) {
+                uint64_t dp;
+
+                r = journal_file_find_data_object_with_hash(f, m->data, m->size, le64toh(m->le_hash), NULL, &dp);
+                if (r <= 0)
+                        return r;
+
+                /* FIXME: missing: find by monotonic */
+
+                if (j->current_location.type == LOCATION_HEAD)
+                        return journal_file_next_entry_for_data(f, NULL, 0, dp, DIRECTION_DOWN, ret, offset);
+                if (j->current_location.type == LOCATION_TAIL)
+                        return journal_file_next_entry_for_data(f, NULL, 0, dp, DIRECTION_UP, ret, offset);
+                if (j->current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id))
+                        return journal_file_move_to_entry_by_seqnum_for_data(f, dp, j->current_location.seqnum, direction, ret, offset);
+                if (j->current_location.monotonic_set) {
+                        r = journal_file_move_to_entry_by_monotonic_for_data(f, dp, j->current_location.boot_id, j->current_location.monotonic, direction, ret, offset);
+                        if (r != -ENOENT)
+                                return r;
+                }
+                if (j->current_location.realtime_set)
+                        return journal_file_move_to_entry_by_realtime_for_data(f, dp, j->current_location.realtime, direction, ret, offset);
+
+                return journal_file_next_entry_for_data(f, NULL, 0, dp, direction, ret, offset);
+
+        } else if (m->type == MATCH_OR_TERM) {
+                uint64_t np = 0;
+                Object *n;
+                Match *i;
+
+                /* Find the earliest match */
+
+                LIST_FOREACH(matches, i, m->matches) {
+                        uint64_t cp;
+
+                        r = find_location_for_match(j, i, f, direction, NULL, &cp);
+                        if (r < 0)
+                                return r;
+                        else if (r > 0) {
+                                if (np == 0 || (direction == DIRECTION_DOWN ? np > cp : np < cp))
+                                        np = cp;
+                        }
+                }
+
+                if (np == 0)
+                        return 0;
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY, np, &n);
+                if (r < 0)
+                        return r;
+
+                if (ret)
+                        *ret = n;
+                if (offset)
+                        *offset = np;
+
+                return 1;
+
+        } else {
+                Match *i;
+                uint64_t np = 0;
+
+                assert(m->type == MATCH_AND_TERM);
+
+                /* First jump to the last match, and then find the
+                 * next one where all matches match */
+
+                if (!m->matches)
+                        return 0;
+
+                LIST_FOREACH(matches, i, m->matches) {
+                        uint64_t cp;
+
+                        r = find_location_for_match(j, i, f, direction, NULL, &cp);
+                        if (r <= 0)
+                                return r;
+
+                        if (np == 0 || (direction == DIRECTION_DOWN ? cp > np : cp < np))
+                                np = cp;
+                }
+
+                return next_for_match(j, m, f, np, direction, ret, offset);
+        }
+}
+
+static int find_location_with_matches(
+                sd_journal *j,
+                JournalFile *f,
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset) {
+
+        int r;
+
+        assert(j);
+        assert(f);
+        assert(ret);
+        assert(offset);
+
+        if (!j->level0) {
+                /* No matches is simple */
+
+                if (j->current_location.type == LOCATION_HEAD)
+                        return journal_file_next_entry(f, 0, DIRECTION_DOWN, ret, offset);
+                if (j->current_location.type == LOCATION_TAIL)
+                        return journal_file_next_entry(f, 0, DIRECTION_UP, ret, offset);
+                if (j->current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id))
+                        return journal_file_move_to_entry_by_seqnum(f, j->current_location.seqnum, direction, ret, offset);
+                if (j->current_location.monotonic_set) {
+                        r = journal_file_move_to_entry_by_monotonic(f, j->current_location.boot_id, j->current_location.monotonic, direction, ret, offset);
+                        if (r != -ENOENT)
+                                return r;
+                }
+                if (j->current_location.realtime_set)
+                        return journal_file_move_to_entry_by_realtime(f, j->current_location.realtime, direction, ret, offset);
+
+                return journal_file_next_entry(f, 0, direction, ret, offset);
+        } else
+                return find_location_for_match(j, j->level0, f, direction, ret, offset);
+}
+
+static int next_with_matches(
+                sd_journal *j,
+                JournalFile *f,
+                direction_t direction,
+                Object **ret,
+                uint64_t *offset) {
+
+        assert(j);
+        assert(f);
+        assert(ret);
+        assert(offset);
+
+        /* No matches is easy. We simple advance the file
+         * pointer by one. */
+        if (!j->level0)
+                return journal_file_next_entry(f, f->current_offset, direction, ret, offset);
+
+        /* If we have a match then we look for the next matching entry
+         * with an offset at least one step larger */
+        return next_for_match(j, j->level0, f,
+                              direction == DIRECTION_DOWN ? f->current_offset + 1
+                                                          : f->current_offset - 1,
+                              direction, ret, offset);
+}
+
+static int next_beyond_location(sd_journal *j, JournalFile *f, direction_t direction) {
+        Object *c;
+        uint64_t cp, n_entries;
+        int r;
+
+        assert(j);
+        assert(f);
+
+        n_entries = le64toh(f->header->n_entries);
+
+        /* If we hit EOF before, we don't need to look into this file again
+         * unless direction changed or new entries appeared. */
+        if (f->last_direction == direction && f->location_type == LOCATION_TAIL &&
+            n_entries == f->last_n_entries)
+                return 0;
+
+        f->last_n_entries = n_entries;
+
+        if (f->last_direction == direction && f->current_offset > 0) {
+                /* LOCATION_SEEK here means we did the work in a previous
+                 * iteration and the current location already points to a
+                 * candidate entry. */
+                if (f->location_type != LOCATION_SEEK) {
+                        r = next_with_matches(j, f, direction, &c, &cp);
+                        if (r <= 0)
+                                return r;
+
+                        journal_file_save_location(f, c, cp);
+                }
+        } else {
+                f->last_direction = direction;
+
+                r = find_location_with_matches(j, f, direction, &c, &cp);
+                if (r <= 0)
+                        return r;
+
+                journal_file_save_location(f, c, cp);
+        }
+
+        /* OK, we found the spot, now let's advance until an entry
+         * that is actually different from what we were previously
+         * looking at. This is necessary to handle entries which exist
+         * in two (or more) journal files, and which shall all be
+         * suppressed but one. */
+
+        for (;;) {
+                bool found;
+
+                if (j->current_location.type == LOCATION_DISCRETE) {
+                        int k;
+
+                        k = compare_with_location(f, &j->current_location);
+
+                        found = direction == DIRECTION_DOWN ? k > 0 : k < 0;
+                } else
+                        found = true;
+
+                if (found)
+                        return 1;
+
+                r = next_with_matches(j, f, direction, &c, &cp);
+                if (r <= 0)
+                        return r;
+
+                journal_file_save_location(f, c, cp);
+        }
+}
+
+static int real_journal_next(sd_journal *j, direction_t direction) {
+        JournalFile *f, *new_file = NULL;
+        Iterator i;
+        Object *o;
+        int r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+                bool found;
+
+                r = next_beyond_location(j, f, direction);
+                if (r < 0) {
+                        log_debug_errno(r, "Can't iterate through %s, ignoring: %m", f->path);
+                        remove_file_real(j, f);
+                        continue;
+                } else if (r == 0) {
+                        f->location_type = LOCATION_TAIL;
+                        continue;
+                }
+
+                if (!new_file)
+                        found = true;
+                else {
+                        int k;
+
+                        k = journal_file_compare_locations(f, new_file);
+
+                        found = direction == DIRECTION_DOWN ? k < 0 : k > 0;
+                }
+
+                if (found)
+                        new_file = f;
+        }
+
+        if (!new_file)
+                return 0;
+
+        r = journal_file_move_to_object(new_file, OBJECT_ENTRY, new_file->current_offset, &o);
+        if (r < 0)
+                return r;
+
+        set_location(j, new_file, o);
+
+        return 1;
+}
+
+_public_ int sd_journal_next(sd_journal *j) {
+        return real_journal_next(j, DIRECTION_DOWN);
+}
+
+_public_ int sd_journal_previous(sd_journal *j) {
+        return real_journal_next(j, DIRECTION_UP);
+}
+
+static int real_journal_next_skip(sd_journal *j, direction_t direction, uint64_t skip) {
+        int c = 0, r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        if (skip == 0) {
+                /* If this is not a discrete skip, then at least
+                 * resolve the current location */
+                if (j->current_location.type != LOCATION_DISCRETE)
+                        return real_journal_next(j, direction);
+
+                return 0;
+        }
+
+        do {
+                r = real_journal_next(j, direction);
+                if (r < 0)
+                        return r;
+
+                if (r == 0)
+                        return c;
+
+                skip--;
+                c++;
+        } while (skip > 0);
+
+        return c;
+}
+
+_public_ int sd_journal_next_skip(sd_journal *j, uint64_t skip) {
+        return real_journal_next_skip(j, DIRECTION_DOWN, skip);
+}
+
+_public_ int sd_journal_previous_skip(sd_journal *j, uint64_t skip) {
+        return real_journal_next_skip(j, DIRECTION_UP, skip);
+}
+
+_public_ int sd_journal_get_cursor(sd_journal *j, char **cursor) {
+        Object *o;
+        int r;
+        char bid[33], sid[33];
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(cursor, -EINVAL);
+
+        if (!j->current_file || j->current_file->current_offset <= 0)
+                return -EADDRNOTAVAIL;
+
+        r = journal_file_move_to_object(j->current_file, OBJECT_ENTRY, j->current_file->current_offset, &o);
+        if (r < 0)
+                return r;
+
+        sd_id128_to_string(j->current_file->header->seqnum_id, sid);
+        sd_id128_to_string(o->entry.boot_id, bid);
+
+        if (asprintf(cursor,
+                     "s=%s;i=%"PRIx64";b=%s;m=%"PRIx64";t=%"PRIx64";x=%"PRIx64,
+                     sid, le64toh(o->entry.seqnum),
+                     bid, le64toh(o->entry.monotonic),
+                     le64toh(o->entry.realtime),
+                     le64toh(o->entry.xor_hash)) < 0)
+                return -ENOMEM;
+
+        return 0;
+}
+
+_public_ int sd_journal_seek_cursor(sd_journal *j, const char *cursor) {
+        const char *word, *state;
+        size_t l;
+        unsigned long long seqnum, monotonic, realtime, xor_hash;
+        bool
+                seqnum_id_set = false,
+                seqnum_set = false,
+                boot_id_set = false,
+                monotonic_set = false,
+                realtime_set = false,
+                xor_hash_set = false;
+        sd_id128_t seqnum_id, boot_id;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(!isempty(cursor), -EINVAL);
+
+        FOREACH_WORD_SEPARATOR(word, l, cursor, ";", state) {
+                char *item;
+                int k = 0;
+
+                if (l < 2 || word[1] != '=')
+                        return -EINVAL;
+
+                item = strndup(word, l);
+                if (!item)
+                        return -ENOMEM;
+
+                switch (word[0]) {
+
+                case 's':
+                        seqnum_id_set = true;
+                        k = sd_id128_from_string(item+2, &seqnum_id);
+                        break;
+
+                case 'i':
+                        seqnum_set = true;
+                        if (sscanf(item+2, "%llx", &seqnum) != 1)
+                                k = -EINVAL;
+                        break;
+
+                case 'b':
+                        boot_id_set = true;
+                        k = sd_id128_from_string(item+2, &boot_id);
+                        break;
+
+                case 'm':
+                        monotonic_set = true;
+                        if (sscanf(item+2, "%llx", &monotonic) != 1)
+                                k = -EINVAL;
+                        break;
+
+                case 't':
+                        realtime_set = true;
+                        if (sscanf(item+2, "%llx", &realtime) != 1)
+                                k = -EINVAL;
+                        break;
+
+                case 'x':
+                        xor_hash_set = true;
+                        if (sscanf(item+2, "%llx", &xor_hash) != 1)
+                                k = -EINVAL;
+                        break;
+                }
+
+                free(item);
+
+                if (k < 0)
+                        return k;
+        }
+
+        if ((!seqnum_set || !seqnum_id_set) &&
+            (!monotonic_set || !boot_id_set) &&
+            !realtime_set)
+                return -EINVAL;
+
+        reset_location(j);
+
+        j->current_location.type = LOCATION_SEEK;
+
+        if (realtime_set) {
+                j->current_location.realtime = (uint64_t) realtime;
+                j->current_location.realtime_set = true;
+        }
+
+        if (seqnum_set && seqnum_id_set) {
+                j->current_location.seqnum = (uint64_t) seqnum;
+                j->current_location.seqnum_id = seqnum_id;
+                j->current_location.seqnum_set = true;
+        }
+
+        if (monotonic_set && boot_id_set) {
+                j->current_location.monotonic = (uint64_t) monotonic;
+                j->current_location.boot_id = boot_id;
+                j->current_location.monotonic_set = true;
+        }
+
+        if (xor_hash_set) {
+                j->current_location.xor_hash = (uint64_t) xor_hash;
+                j->current_location.xor_hash_set = true;
+        }
+
+        return 0;
+}
+
+_public_ int sd_journal_test_cursor(sd_journal *j, const char *cursor) {
+        int r;
+        Object *o;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(!isempty(cursor), -EINVAL);
+
+        if (!j->current_file || j->current_file->current_offset <= 0)
+                return -EADDRNOTAVAIL;
+
+        r = journal_file_move_to_object(j->current_file, OBJECT_ENTRY, j->current_file->current_offset, &o);
+        if (r < 0)
+                return r;
+
+        for (;;) {
+                _cleanup_free_ char *item = NULL;
+                unsigned long long ll;
+                sd_id128_t id;
+                int k = 0;
+
+                r = extract_first_word(&cursor, &item, ";", EXTRACT_DONT_COALESCE_SEPARATORS);
+                if (r < 0)
+                        return r;
+
+                if (r == 0)
+                        break;
+
+                if (strlen(item) < 2 || item[1] != '=')
+                        return -EINVAL;
+
+                switch (item[0]) {
+
+                case 's':
+                        k = sd_id128_from_string(item+2, &id);
+                        if (k < 0)
+                                return k;
+                        if (!sd_id128_equal(id, j->current_file->header->seqnum_id))
+                                return 0;
+                        break;
+
+                case 'i':
+                        if (sscanf(item+2, "%llx", &ll) != 1)
+                                return -EINVAL;
+                        if (ll != le64toh(o->entry.seqnum))
+                                return 0;
+                        break;
+
+                case 'b':
+                        k = sd_id128_from_string(item+2, &id);
+                        if (k < 0)
+                                return k;
+                        if (!sd_id128_equal(id, o->entry.boot_id))
+                                return 0;
+                        break;
+
+                case 'm':
+                        if (sscanf(item+2, "%llx", &ll) != 1)
+                                return -EINVAL;
+                        if (ll != le64toh(o->entry.monotonic))
+                                return 0;
+                        break;
+
+                case 't':
+                        if (sscanf(item+2, "%llx", &ll) != 1)
+                                return -EINVAL;
+                        if (ll != le64toh(o->entry.realtime))
+                                return 0;
+                        break;
+
+                case 'x':
+                        if (sscanf(item+2, "%llx", &ll) != 1)
+                                return -EINVAL;
+                        if (ll != le64toh(o->entry.xor_hash))
+                                return 0;
+                        break;
+                }
+        }
+
+        return 1;
+}
+
+
+_public_ int sd_journal_seek_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t usec) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        reset_location(j);
+        j->current_location.type = LOCATION_SEEK;
+        j->current_location.boot_id = boot_id;
+        j->current_location.monotonic = usec;
+        j->current_location.monotonic_set = true;
+
+        return 0;
+}
+
+_public_ int sd_journal_seek_realtime_usec(sd_journal *j, uint64_t usec) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        reset_location(j);
+        j->current_location.type = LOCATION_SEEK;
+        j->current_location.realtime = usec;
+        j->current_location.realtime_set = true;
+
+        return 0;
+}
+
+_public_ int sd_journal_seek_head(sd_journal *j) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        reset_location(j);
+        j->current_location.type = LOCATION_HEAD;
+
+        return 0;
+}
+
+_public_ int sd_journal_seek_tail(sd_journal *j) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        reset_location(j);
+        j->current_location.type = LOCATION_TAIL;
+
+        return 0;
+}
+
+static void check_network(sd_journal *j, int fd) {
+        struct statfs sfs;
+
+        assert(j);
+
+        if (j->on_network)
+                return;
+
+        if (fstatfs(fd, &sfs) < 0)
+                return;
+
+        j->on_network =
+                F_TYPE_EQUAL(sfs.f_type, CIFS_MAGIC_NUMBER) ||
+                F_TYPE_EQUAL(sfs.f_type, CODA_SUPER_MAGIC) ||
+                F_TYPE_EQUAL(sfs.f_type, NCP_SUPER_MAGIC) ||
+                F_TYPE_EQUAL(sfs.f_type, NFS_SUPER_MAGIC) ||
+                F_TYPE_EQUAL(sfs.f_type, SMB_SUPER_MAGIC);
+}
+
+static bool file_has_type_prefix(const char *prefix, const char *filename) {
+        const char *full, *tilded, *atted;
+
+        full = strjoina(prefix, ".journal");
+        tilded = strjoina(full, "~");
+        atted = strjoina(prefix, "@");
+
+        return streq(filename, full) ||
+               streq(filename, tilded) ||
+               startswith(filename, atted);
+}
+
+static bool file_type_wanted(int flags, const char *filename) {
+        assert(filename);
+
+        if (!endswith(filename, ".journal") && !endswith(filename, ".journal~"))
+                return false;
+
+        /* no flags set → every type is OK */
+        if (!(flags & (SD_JOURNAL_SYSTEM | SD_JOURNAL_CURRENT_USER)))
+                return true;
+
+        if (flags & SD_JOURNAL_SYSTEM && file_has_type_prefix("system", filename))
+                return true;
+
+        if (flags & SD_JOURNAL_CURRENT_USER) {
+                char prefix[5 + DECIMAL_STR_MAX(uid_t) + 1];
+
+                xsprintf(prefix, "user-"UID_FMT, getuid());
+
+                if (file_has_type_prefix(prefix, filename))
+                        return true;
+        }
+
+        return false;
+}
+
+static bool path_has_prefix(sd_journal *j, const char *path, const char *prefix) {
+        assert(j);
+        assert(path);
+        assert(prefix);
+
+        if (j->toplevel_fd >= 0)
+                return false;
+
+        return path_startswith(path, prefix);
+}
+
+static const char *skip_slash(const char *p) {
+
+        if (!p)
+                return NULL;
+
+        while (*p == '/')
+                p++;
+
+        return p;
+}
+
+static int add_any_file(sd_journal *j, int fd, const char *path) {
+        JournalFile *f = NULL;
+        bool close_fd = false;
+        int r, k;
+
+        assert(j);
+        assert(fd >= 0 || path);
+
+        if (path && ordered_hashmap_get(j->files, path))
+                return 0;
+
+        if (ordered_hashmap_size(j->files) >= JOURNAL_FILES_MAX) {
+                log_debug("Too many open journal files, not adding %s.", path);
+                r = -ETOOMANYREFS;
+                goto fail;
+        }
+
+        if (fd < 0 && j->toplevel_fd >= 0) {
+
+                /* If there's a top-level fd defined, open the file relative to this now. (Make the path relative,
+                 * explicitly, since otherwise openat() ignores the first argument.) */
+
+                fd = openat(j->toplevel_fd, skip_slash(path), O_RDONLY|O_CLOEXEC);
+                if (fd < 0) {
+                        r = log_debug_errno(errno, "Failed to open journal file %s: %m", path);
+                        goto fail;
+                }
+
+                close_fd = true;
+        }
+
+        r = journal_file_open(fd, path, O_RDONLY, 0, false, false, NULL, j->mmap, NULL, NULL, &f);
+        if (r < 0) {
+                if (close_fd)
+                        safe_close(fd);
+                log_debug_errno(r, "Failed to open journal file %s: %m", path);
+                goto fail;
+        }
+
+        /* journal_file_dump(f); */
+
+        r = ordered_hashmap_put(j->files, f->path, f);
+        if (r < 0) {
+                f->close_fd = close_fd;
+                (void) journal_file_close(f);
+                goto fail;
+        }
+
+        if (!j->has_runtime_files && path_has_prefix(j, f->path, "/run"))
+                j->has_runtime_files = true;
+        else if (!j->has_persistent_files && path_has_prefix(j, f->path, "/var"))
+                j->has_persistent_files = true;
+
+        log_debug("File %s added.", f->path);
+
+        check_network(j, f->fd);
+
+        j->current_invalidate_counter++;
+
+        return 0;
+
+fail:
+        k = journal_put_error(j, r, path);
+        if (k < 0)
+                return k;
+
+        return r;
+}
+
+static int add_file(sd_journal *j, const char *prefix, const char *filename) {
+        const char *path;
+
+        assert(j);
+        assert(prefix);
+        assert(filename);
+
+        if (j->no_new_files)
+                return 0;
+
+        if (!file_type_wanted(j->flags, filename))
+                return 0;
+
+        path = strjoina(prefix, "/", filename);
+        return add_any_file(j, -1, path);
+}
+
+static void remove_file(sd_journal *j, const char *prefix, const char *filename) {
+        const char *path;
+        JournalFile *f;
+
+        assert(j);
+        assert(prefix);
+        assert(filename);
+
+        path = strjoina(prefix, "/", filename);
+        f = ordered_hashmap_get(j->files, path);
+        if (!f)
+                return;
+
+        remove_file_real(j, f);
+}
+
+static void remove_file_real(sd_journal *j, JournalFile *f) {
+        assert(j);
+        assert(f);
+
+        ordered_hashmap_remove(j->files, f->path);
+
+        log_debug("File %s removed.", f->path);
+
+        if (j->current_file == f) {
+                j->current_file = NULL;
+                j->current_field = 0;
+        }
+
+        if (j->unique_file == f) {
+                /* Jump to the next unique_file or NULL if that one was last */
+                j->unique_file = ordered_hashmap_next(j->files, j->unique_file->path);
+                j->unique_offset = 0;
+                if (!j->unique_file)
+                        j->unique_file_lost = true;
+        }
+
+        if (j->fields_file == f) {
+                j->fields_file = ordered_hashmap_next(j->files, j->fields_file->path);
+                j->fields_offset = 0;
+                if (!j->fields_file)
+                        j->fields_file_lost = true;
+        }
+
+        (void) journal_file_close(f);
+
+        j->current_invalidate_counter++;
+}
+
+static int dirname_is_machine_id(const char *fn) {
+        sd_id128_t id, machine;
+        int r;
+
+        r = sd_id128_get_machine(&machine);
+        if (r < 0)
+                return r;
+
+        r = sd_id128_from_string(fn, &id);
+        if (r < 0)
+                return r;
+
+        return sd_id128_equal(id, machine);
+}
+
+static int add_directory(sd_journal *j, const char *prefix, const char *dirname) {
+        _cleanup_free_ char *path = NULL;
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de = NULL;
+        Directory *m;
+        int r, k;
+
+        assert(j);
+        assert(prefix);
+
+        /* Adds a journal file directory to watch. If the directory is already tracked this updates the inotify watch
+         * and reenumerates directory contents */
+
+        if (dirname)
+                path = strjoin(prefix, "/", dirname, NULL);
+        else
+                path = strdup(prefix);
+        if (!path) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        log_debug("Considering directory %s.", path);
+
+        /* We consider everything local that is in a directory for the local machine ID, or that is stored in /run */
+        if ((j->flags & SD_JOURNAL_LOCAL_ONLY) &&
+            !((dirname && dirname_is_machine_id(dirname) > 0) || path_has_prefix(j, path, "/run")))
+            return 0;
+
+
+        if (j->toplevel_fd < 0)
+                d = opendir(path);
+        else
+                /* Open the specified directory relative to the the toplevel fd. Enforce that the path specified is
+                 * relative, by dropping the initial slash */
+                d = xopendirat(j->toplevel_fd, skip_slash(path), 0);
+        if (!d) {
+                r = log_debug_errno(errno, "Failed to open directory %s: %m", path);
+                goto fail;
+        }
+
+        m = hashmap_get(j->directories_by_path, path);
+        if (!m) {
+                m = new0(Directory, 1);
+                if (!m) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                m->is_root = false;
+                m->path = path;
+
+                if (hashmap_put(j->directories_by_path, m->path, m) < 0) {
+                        free(m);
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                path = NULL; /* avoid freeing in cleanup */
+                j->current_invalidate_counter++;
+
+                log_debug("Directory %s added.", m->path);
+
+        } else if (m->is_root)
+                return 0;
+
+        if (m->wd <= 0 && j->inotify_fd >= 0) {
+                /* Watch this directory, if it not being watched yet. */
+
+                m->wd = inotify_add_watch_fd(j->inotify_fd, dirfd(d),
+                                             IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB|IN_DELETE|
+                                             IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT|IN_MOVED_FROM|
+                                             IN_ONLYDIR);
+
+                if (m->wd > 0 && hashmap_put(j->directories_by_wd, INT_TO_PTR(m->wd), m) < 0)
+                        inotify_rm_watch(j->inotify_fd, m->wd);
+        }
+
+        FOREACH_DIRENT_ALL(de, d, r = log_debug_errno(errno, "Failed to read directory %s: %m", m->path); goto fail) {
+
+                if (dirent_is_file_with_suffix(de, ".journal") ||
+                    dirent_is_file_with_suffix(de, ".journal~"))
+                        (void) add_file(j, m->path, de->d_name);
+        }
+
+        check_network(j, dirfd(d));
+
+        return 0;
+
+fail:
+        k = journal_put_error(j, r, path ?: prefix);
+        if (k < 0)
+                return k;
+
+        return r;
+}
+
+static int add_root_directory(sd_journal *j, const char *p, bool missing_ok) {
+
+        _cleanup_closedir_ DIR *d = NULL;
+        struct dirent *de;
+        Directory *m;
+        int r, k;
+
+        assert(j);
+
+        /* Adds a root directory to our set of directories to use. If the root directory is already in the set, we
+         * update the inotify logic, and renumerate the directory entries. This call may hence be called to initially
+         * populate the set, as well as to update it later. */
+
+        if (p) {
+                /* If there's a path specified, use it. */
+
+                if ((j->flags & SD_JOURNAL_RUNTIME_ONLY) &&
+                    !path_has_prefix(j, p, "/run"))
+                        return -EINVAL;
+
+                if (j->prefix)
+                        p = strjoina(j->prefix, p);
+
+                if (j->toplevel_fd < 0)
+                        d = opendir(p);
+                else
+                        d = xopendirat(j->toplevel_fd, skip_slash(p), 0);
+
+                if (!d) {
+                        if (errno == ENOENT && missing_ok)
+                                return 0;
+
+                        r = log_debug_errno(errno, "Failed to open root directory %s: %m", p);
+                        goto fail;
+                }
+        } else {
+                int dfd;
+
+                /* If there's no path specified, then we use the top-level fd itself. We duplicate the fd here, since
+                 * opendir() will take possession of the fd, and close it, which we don't want. */
+
+                p = "."; /* store this as "." in the directories hashmap */
+
+                dfd = fcntl(j->toplevel_fd, F_DUPFD_CLOEXEC, 3);
+                if (dfd < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+
+                d = fdopendir(dfd);
+                if (!d) {
+                        r = -errno;
+                        safe_close(dfd);
+                        goto fail;
+                }
+
+                rewinddir(d);
+        }
+
+        m = hashmap_get(j->directories_by_path, p);
+        if (!m) {
+                m = new0(Directory, 1);
+                if (!m) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                m->is_root = true;
+
+                m->path = strdup(p);
+                if (!m->path) {
+                        free(m);
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                if (hashmap_put(j->directories_by_path, m->path, m) < 0) {
+                        free(m->path);
+                        free(m);
+                        r = -ENOMEM;
+                        goto fail;
+                }
+
+                j->current_invalidate_counter++;
+
+                log_debug("Root directory %s added.", m->path);
+
+        } else if (!m->is_root)
+                return 0;
+
+        if (m->wd <= 0 && j->inotify_fd >= 0) {
+
+                m->wd = inotify_add_watch_fd(j->inotify_fd, dirfd(d),
+                                          IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB|IN_DELETE|
+                                          IN_ONLYDIR);
+
+                if (m->wd > 0 && hashmap_put(j->directories_by_wd, INT_TO_PTR(m->wd), m) < 0)
+                        inotify_rm_watch(j->inotify_fd, m->wd);
+        }
+
+        if (j->no_new_files)
+                return 0;
+
+        FOREACH_DIRENT_ALL(de, d, r = log_debug_errno(errno, "Failed to read directory %s: %m", m->path); goto fail) {
+                sd_id128_t id;
+
+                if (dirent_is_file_with_suffix(de, ".journal") ||
+                    dirent_is_file_with_suffix(de, ".journal~"))
+                        (void) add_file(j, m->path, de->d_name);
+                else if (IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN) &&
+                         sd_id128_from_string(de->d_name, &id) >= 0)
+                        (void) add_directory(j, m->path, de->d_name);
+        }
+
+        check_network(j, dirfd(d));
+
+        return 0;
+
+fail:
+        k = journal_put_error(j, r, p);
+        if (k < 0)
+                return k;
+
+        return r;
+}
+
+static void remove_directory(sd_journal *j, Directory *d) {
+        assert(j);
+
+        if (d->wd > 0) {
+                hashmap_remove(j->directories_by_wd, INT_TO_PTR(d->wd));
+
+                if (j->inotify_fd >= 0)
+                        inotify_rm_watch(j->inotify_fd, d->wd);
+        }
+
+        hashmap_remove(j->directories_by_path, d->path);
+
+        if (d->is_root)
+                log_debug("Root directory %s removed.", d->path);
+        else
+                log_debug("Directory %s removed.", d->path);
+
+        free(d->path);
+        free(d);
+}
+
+static int add_search_paths(sd_journal *j) {
+
+        static const char search_paths[] =
+                "/run/log/journal\0"
+                "/var/log/journal\0";
+        const char *p;
+
+        assert(j);
+
+        /* We ignore most errors here, since the idea is to only open
+         * what's actually accessible, and ignore the rest. */
+
+        NULSTR_FOREACH(p, search_paths)
+                (void) add_root_directory(j, p, true);
+
+        return 0;
+}
+
+static int add_current_paths(sd_journal *j) {
+        Iterator i;
+        JournalFile *f;
+
+        assert(j);
+        assert(j->no_new_files);
+
+        /* Simply adds all directories for files we have open as directories. We don't expect errors here, so we
+         * treat them as fatal. */
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+                _cleanup_free_ char *dir;
+                int r;
+
+                dir = dirname_malloc(f->path);
+                if (!dir)
+                        return -ENOMEM;
+
+                r = add_directory(j, dir, NULL);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int allocate_inotify(sd_journal *j) {
+        assert(j);
+
+        if (j->inotify_fd < 0) {
+                j->inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
+                if (j->inotify_fd < 0)
+                        return -errno;
+        }
+
+        return hashmap_ensure_allocated(&j->directories_by_wd, NULL);
+}
+
+static sd_journal *journal_new(int flags, const char *path) {
+        sd_journal *j;
+
+        j = new0(sd_journal, 1);
+        if (!j)
+                return NULL;
+
+        j->original_pid = getpid();
+        j->toplevel_fd = -1;
+        j->inotify_fd = -1;
+        j->flags = flags;
+        j->data_threshold = DEFAULT_DATA_THRESHOLD;
+
+        if (path) {
+                j->path = strdup(path);
+                if (!j->path)
+                        goto fail;
+        }
+
+        j->files = ordered_hashmap_new(&string_hash_ops);
+        j->directories_by_path = hashmap_new(&string_hash_ops);
+        j->mmap = mmap_cache_new();
+        if (!j->files || !j->directories_by_path || !j->mmap)
+                goto fail;
+
+        return j;
+
+fail:
+        sd_journal_close(j);
+        return NULL;
+}
+
+_public_ int sd_journal_open(sd_journal **ret, int flags) {
+        sd_journal *j;
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return((flags & ~(SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_RUNTIME_ONLY|SD_JOURNAL_SYSTEM|SD_JOURNAL_CURRENT_USER)) == 0, -EINVAL);
+
+        j = journal_new(flags, NULL);
+        if (!j)
+                return -ENOMEM;
+
+        r = add_search_paths(j);
+        if (r < 0)
+                goto fail;
+
+        *ret = j;
+        return 0;
+
+fail:
+        sd_journal_close(j);
+
+        return r;
+}
+
+_public_ int sd_journal_open_container(sd_journal **ret, const char *machine, int flags) {
+        _cleanup_free_ char *root = NULL, *class = NULL;
+        sd_journal *j;
+        char *p;
+        int r;
+
+        /* This is pretty much deprecated, people should use machined's OpenMachineRootDirectory() call instead in
+         * combination with sd_journal_open_directory_fd(). */
+
+        assert_return(machine, -EINVAL);
+        assert_return(ret, -EINVAL);
+        assert_return((flags & ~(SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM)) == 0, -EINVAL);
+        assert_return(machine_name_is_valid(machine), -EINVAL);
+
+        p = strjoina("/run/systemd/machines/", machine);
+        r = parse_env_file(p, NEWLINE, "ROOT", &root, "CLASS", &class, NULL);
+        if (r == -ENOENT)
+                return -EHOSTDOWN;
+        if (r < 0)
+                return r;
+        if (!root)
+                return -ENODATA;
+
+        if (!streq_ptr(class, "container"))
+                return -EIO;
+
+        j = journal_new(flags, NULL);
+        if (!j)
+                return -ENOMEM;
+
+        j->prefix = root;
+        root = NULL;
+
+        r = add_search_paths(j);
+        if (r < 0)
+                goto fail;
+
+        *ret = j;
+        return 0;
+
+fail:
+        sd_journal_close(j);
+        return r;
+}
+
+_public_ int sd_journal_open_directory(sd_journal **ret, const char *path, int flags) {
+        sd_journal *j;
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return(path, -EINVAL);
+        assert_return((flags & ~SD_JOURNAL_OS_ROOT) == 0, -EINVAL);
+
+        j = journal_new(flags, path);
+        if (!j)
+                return -ENOMEM;
+
+        if (flags & SD_JOURNAL_OS_ROOT)
+                r = add_search_paths(j);
+        else
+                r = add_root_directory(j, path, false);
+        if (r < 0)
+                goto fail;
+
+        *ret = j;
+        return 0;
+
+fail:
+        sd_journal_close(j);
+        return r;
+}
+
+_public_ int sd_journal_open_files(sd_journal **ret, const char **paths, int flags) {
+        sd_journal *j;
+        const char **path;
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return(flags == 0, -EINVAL);
+
+        j = journal_new(flags, NULL);
+        if (!j)
+                return -ENOMEM;
+
+        STRV_FOREACH(path, paths) {
+                r = add_any_file(j, -1, *path);
+                if (r < 0)
+                        goto fail;
+        }
+
+        j->no_new_files = true;
+
+        *ret = j;
+        return 0;
+
+fail:
+        sd_journal_close(j);
+        return r;
+}
+
+_public_ int sd_journal_open_directory_fd(sd_journal **ret, int fd, int flags) {
+        sd_journal *j;
+        struct stat st;
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return(fd >= 0, -EBADF);
+        assert_return((flags & ~SD_JOURNAL_OS_ROOT) == 0, -EINVAL);
+
+        if (fstat(fd, &st) < 0)
+                return -errno;
+
+        if (!S_ISDIR(st.st_mode))
+                return -EBADFD;
+
+        j = journal_new(flags, NULL);
+        if (!j)
+                return -ENOMEM;
+
+        j->toplevel_fd = fd;
+
+        if (flags & SD_JOURNAL_OS_ROOT)
+                r = add_search_paths(j);
+        else
+                r = add_root_directory(j, NULL, false);
+        if (r < 0)
+                goto fail;
+
+        *ret = j;
+        return 0;
+
+fail:
+        sd_journal_close(j);
+        return r;
+}
+
+_public_ int sd_journal_open_files_fd(sd_journal **ret, int fds[], unsigned n_fds, int flags) {
+        Iterator iterator;
+        JournalFile *f;
+        sd_journal *j;
+        unsigned i;
+        int r;
+
+        assert_return(ret, -EINVAL);
+        assert_return(n_fds > 0, -EBADF);
+        assert_return(flags == 0, -EINVAL);
+
+        j = journal_new(flags, NULL);
+        if (!j)
+                return -ENOMEM;
+
+        for (i = 0; i < n_fds; i++) {
+                struct stat st;
+
+                if (fds[i] < 0) {
+                        r = -EBADF;
+                        goto fail;
+                }
+
+                if (fstat(fds[i], &st) < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+
+                if (!S_ISREG(st.st_mode)) {
+                        r = -EBADFD;
+                        goto fail;
+                }
+
+                r = add_any_file(j, fds[i], NULL);
+                if (r < 0)
+                        goto fail;
+        }
+
+        j->no_new_files = true;
+        j->no_inotify = true;
+
+        *ret = j;
+        return 0;
+
+fail:
+        /* If we fail, make sure we don't take possession of the files we managed to make use of successfully, and they
+         * remain open */
+        ORDERED_HASHMAP_FOREACH(f, j->files, iterator)
+                f->close_fd = false;
+
+        sd_journal_close(j);
+        return r;
+}
+
+_public_ void sd_journal_close(sd_journal *j) {
+        Directory *d;
+        JournalFile *f;
+        char *p;
+
+        if (!j)
+                return;
+
+        sd_journal_flush_matches(j);
+
+        while ((f = ordered_hashmap_steal_first(j->files)))
+                (void) journal_file_close(f);
+
+        ordered_hashmap_free(j->files);
+
+        while ((d = hashmap_first(j->directories_by_path)))
+                remove_directory(j, d);
+
+        while ((d = hashmap_first(j->directories_by_wd)))
+                remove_directory(j, d);
+
+        hashmap_free(j->directories_by_path);
+        hashmap_free(j->directories_by_wd);
+
+        safe_close(j->inotify_fd);
+
+        if (j->mmap) {
+                log_debug("mmap cache statistics: %u hit, %u miss", mmap_cache_get_hit(j->mmap), mmap_cache_get_missed(j->mmap));
+                mmap_cache_unref(j->mmap);
+        }
+
+        while ((p = hashmap_steal_first(j->errors)))
+                free(p);
+        hashmap_free(j->errors);
+
+        free(j->path);
+        free(j->prefix);
+        free(j->unique_field);
+        free(j->fields_buffer);
+        free(j);
+}
+
+_public_ int sd_journal_get_realtime_usec(sd_journal *j, uint64_t *ret) {
+        Object *o;
+        JournalFile *f;
+        int r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(ret, -EINVAL);
+
+        f = j->current_file;
+        if (!f)
+                return -EADDRNOTAVAIL;
+
+        if (f->current_offset <= 0)
+                return -EADDRNOTAVAIL;
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
+        if (r < 0)
+                return r;
+
+        *ret = le64toh(o->entry.realtime);
+        return 0;
+}
+
+_public_ int sd_journal_get_monotonic_usec(sd_journal *j, uint64_t *ret, sd_id128_t *ret_boot_id) {
+        Object *o;
+        JournalFile *f;
+        int r;
+        sd_id128_t id;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        f = j->current_file;
+        if (!f)
+                return -EADDRNOTAVAIL;
+
+        if (f->current_offset <= 0)
+                return -EADDRNOTAVAIL;
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
+        if (r < 0)
+                return r;
+
+        if (ret_boot_id)
+                *ret_boot_id = o->entry.boot_id;
+        else {
+                r = sd_id128_get_boot(&id);
+                if (r < 0)
+                        return r;
+
+                if (!sd_id128_equal(id, o->entry.boot_id))
+                        return -ESTALE;
+        }
+
+        if (ret)
+                *ret = le64toh(o->entry.monotonic);
+
+        return 0;
+}
+
+static bool field_is_valid(const char *field) {
+        const char *p;
+
+        assert(field);
+
+        if (isempty(field))
+                return false;
+
+        if (startswith(field, "__"))
+                return false;
+
+        for (p = field; *p; p++) {
+
+                if (*p == '_')
+                        continue;
+
+                if (*p >= 'A' && *p <= 'Z')
+                        continue;
+
+                if (*p >= '0' && *p <= '9')
+                        continue;
+
+                return false;
+        }
+
+        return true;
+}
+
+_public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **data, size_t *size) {
+        JournalFile *f;
+        uint64_t i, n;
+        size_t field_length;
+        int r;
+        Object *o;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(field, -EINVAL);
+        assert_return(data, -EINVAL);
+        assert_return(size, -EINVAL);
+        assert_return(field_is_valid(field), -EINVAL);
+
+        f = j->current_file;
+        if (!f)
+                return -EADDRNOTAVAIL;
+
+        if (f->current_offset <= 0)
+                return -EADDRNOTAVAIL;
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
+        if (r < 0)
+                return r;
+
+        field_length = strlen(field);
+
+        n = journal_file_entry_n_items(o);
+        for (i = 0; i < n; i++) {
+                uint64_t p, l;
+                le64_t le_hash;
+                size_t t;
+                int compression;
+
+                p = le64toh(o->entry.items[i].object_offset);
+                le_hash = o->entry.items[i].hash;
+                r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
+                if (r < 0)
+                        return r;
+
+                if (le_hash != o->data.hash)
+                        return -EBADMSG;
+
+                l = le64toh(o->object.size) - offsetof(Object, data.payload);
+
+                compression = o->object.flags & OBJECT_COMPRESSION_MASK;
+                if (compression) {
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+                        r = decompress_startswith(compression,
+                                                  o->data.payload, l,
+                                                  &f->compress_buffer, &f->compress_buffer_size,
+                                                  field, field_length, '=');
+                        if (r < 0)
+                                log_debug_errno(r, "Cannot decompress %s object of length %"PRIu64" at offset "OFSfmt": %m",
+                                                object_compressed_to_string(compression), l, p);
+                        else if (r > 0) {
+
+                                size_t rsize;
+
+                                r = decompress_blob(compression,
+                                                    o->data.payload, l,
+                                                    &f->compress_buffer, &f->compress_buffer_size, &rsize,
+                                                    j->data_threshold);
+                                if (r < 0)
+                                        return r;
+
+                                *data = f->compress_buffer;
+                                *size = (size_t) rsize;
+
+                                return 0;
+                        }
+#else
+                        return -EPROTONOSUPPORT;
+#endif
+                } else if (l >= field_length+1 &&
+                           memcmp(o->data.payload, field, field_length) == 0 &&
+                           o->data.payload[field_length] == '=') {
+
+                        t = (size_t) l;
+
+                        if ((uint64_t) t != l)
+                                return -E2BIG;
+
+                        *data = o->data.payload;
+                        *size = t;
+
+                        return 0;
+                }
+
+                r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
+                if (r < 0)
+                        return r;
+        }
+
+        return -ENOENT;
+}
+
+static int return_data(sd_journal *j, JournalFile *f, Object *o, const void **data, size_t *size) {
+        size_t t;
+        uint64_t l;
+        int compression;
+
+        l = le64toh(o->object.size) - offsetof(Object, data.payload);
+        t = (size_t) l;
+
+        /* We can't read objects larger than 4G on a 32bit machine */
+        if ((uint64_t) t != l)
+                return -E2BIG;
+
+        compression = o->object.flags & OBJECT_COMPRESSION_MASK;
+        if (compression) {
+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
+                size_t rsize;
+                int r;
+
+                r = decompress_blob(compression,
+                                    o->data.payload, l, &f->compress_buffer,
+                                    &f->compress_buffer_size, &rsize, j->data_threshold);
+                if (r < 0)
+                        return r;
+
+                *data = f->compress_buffer;
+                *size = (size_t) rsize;
+#else
+                return -EPROTONOSUPPORT;
+#endif
+        } else {
+                *data = o->data.payload;
+                *size = t;
+        }
+
+        return 0;
+}
+
+_public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *size) {
+        JournalFile *f;
+        uint64_t p, n;
+        le64_t le_hash;
+        int r;
+        Object *o;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(data, -EINVAL);
+        assert_return(size, -EINVAL);
+
+        f = j->current_file;
+        if (!f)
+                return -EADDRNOTAVAIL;
+
+        if (f->current_offset <= 0)
+                return -EADDRNOTAVAIL;
+
+        r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
+        if (r < 0)
+                return r;
+
+        n = journal_file_entry_n_items(o);
+        if (j->current_field >= n)
+                return 0;
+
+        p = le64toh(o->entry.items[j->current_field].object_offset);
+        le_hash = o->entry.items[j->current_field].hash;
+        r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
+        if (r < 0)
+                return r;
+
+        if (le_hash != o->data.hash)
+                return -EBADMSG;
+
+        r = return_data(j, f, o, data, size);
+        if (r < 0)
+                return r;
+
+        j->current_field++;
+
+        return 1;
+}
+
+_public_ void sd_journal_restart_data(sd_journal *j) {
+        if (!j)
+                return;
+
+        j->current_field = 0;
+}
+
+_public_ int sd_journal_get_fd(sd_journal *j) {
+        int r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        if (j->no_inotify)
+                return -EMEDIUMTYPE;
+
+        if (j->inotify_fd >= 0)
+                return j->inotify_fd;
+
+        r = allocate_inotify(j);
+        if (r < 0)
+                return r;
+
+        log_debug("Reiterating files to get inotify watches established");
+
+        /* Iterate through all dirs again, to add them to the
+         * inotify */
+        if (j->no_new_files)
+                r = add_current_paths(j);
+        else if (j->toplevel_fd >= 0)
+                r = add_root_directory(j, NULL, false);
+        else if (j->path)
+                r = add_root_directory(j, j->path, true);
+        else
+                r = add_search_paths(j);
+        if (r < 0)
+                return r;
+
+        return j->inotify_fd;
+}
+
+_public_ int sd_journal_get_events(sd_journal *j) {
+        int fd;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        fd = sd_journal_get_fd(j);
+        if (fd < 0)
+                return fd;
+
+        return POLLIN;
+}
+
+_public_ int sd_journal_get_timeout(sd_journal *j, uint64_t *timeout_usec) {
+        int fd;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(timeout_usec, -EINVAL);
+
+        fd = sd_journal_get_fd(j);
+        if (fd < 0)
+                return fd;
+
+        if (!j->on_network) {
+                *timeout_usec = (uint64_t) -1;
+                return 0;
+        }
+
+        /* If we are on the network we need to regularly check for
+         * changes manually */
+
+        *timeout_usec = j->last_process_usec + JOURNAL_FILES_RECHECK_USEC;
+        return 1;
+}
+
+static void process_inotify_event(sd_journal *j, struct inotify_event *e) {
+        Directory *d;
+
+        assert(j);
+        assert(e);
+
+        /* Is this a subdirectory we watch? */
+        d = hashmap_get(j->directories_by_wd, INT_TO_PTR(e->wd));
+        if (d) {
+                sd_id128_t id;
+
+                if (!(e->mask & IN_ISDIR) && e->len > 0 &&
+                    (endswith(e->name, ".journal") ||
+                     endswith(e->name, ".journal~"))) {
+
+                        /* Event for a journal file */
+
+                        if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB))
+                                (void) add_file(j, d->path, e->name);
+                        else if (e->mask & (IN_DELETE|IN_MOVED_FROM|IN_UNMOUNT))
+                                remove_file(j, d->path, e->name);
+
+                } else if (!d->is_root && e->len == 0) {
+
+                        /* Event for a subdirectory */
+
+                        if (e->mask & (IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT))
+                                remove_directory(j, d);
+
+                } else if (d->is_root && (e->mask & IN_ISDIR) && e->len > 0 && sd_id128_from_string(e->name, &id) >= 0) {
+
+                        /* Event for root directory */
+
+                        if (e->mask & (IN_CREATE|IN_MOVED_TO|IN_MODIFY|IN_ATTRIB))
+                                (void) add_directory(j, d->path, e->name);
+                }
+
+                return;
+        }
+
+        if (e->mask & IN_IGNORED)
+                return;
+
+        log_debug("Unknown inotify event.");
+}
+
+static int determine_change(sd_journal *j) {
+        bool b;
+
+        assert(j);
+
+        b = j->current_invalidate_counter != j->last_invalidate_counter;
+        j->last_invalidate_counter = j->current_invalidate_counter;
+
+        return b ? SD_JOURNAL_INVALIDATE : SD_JOURNAL_APPEND;
+}
+
+_public_ int sd_journal_process(sd_journal *j) {
+        bool got_something = false;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        j->last_process_usec = now(CLOCK_MONOTONIC);
+
+        for (;;) {
+                union inotify_event_buffer buffer;
+                struct inotify_event *e;
+                ssize_t l;
+
+                l = read(j->inotify_fd, &buffer, sizeof(buffer));
+                if (l < 0) {
+                        if (errno == EAGAIN || errno == EINTR)
+                                return got_something ? determine_change(j) : SD_JOURNAL_NOP;
+
+                        return -errno;
+                }
+
+                got_something = true;
+
+                FOREACH_INOTIFY_EVENT(e, buffer, l)
+                        process_inotify_event(j, e);
+        }
+}
+
+_public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) {
+        int r;
+        uint64_t t;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        if (j->inotify_fd < 0) {
+
+                /* This is the first invocation, hence create the
+                 * inotify watch */
+                r = sd_journal_get_fd(j);
+                if (r < 0)
+                        return r;
+
+                /* The journal might have changed since the context
+                 * object was created and we weren't watching before,
+                 * hence don't wait for anything, and return
+                 * immediately. */
+                return determine_change(j);
+        }
+
+        r = sd_journal_get_timeout(j, &t);
+        if (r < 0)
+                return r;
+
+        if (t != (uint64_t) -1) {
+                usec_t n;
+
+                n = now(CLOCK_MONOTONIC);
+                t = t > n ? t - n : 0;
+
+                if (timeout_usec == (uint64_t) -1 || timeout_usec > t)
+                        timeout_usec = t;
+        }
+
+        do {
+                r = fd_wait_for_event(j->inotify_fd, POLLIN, timeout_usec);
+        } while (r == -EINTR);
+
+        if (r < 0)
+                return r;
+
+        return sd_journal_process(j);
+}
+
+_public_ int sd_journal_get_cutoff_realtime_usec(sd_journal *j, uint64_t *from, uint64_t *to) {
+        Iterator i;
+        JournalFile *f;
+        bool first = true;
+        uint64_t fmin = 0, tmax = 0;
+        int r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(from || to, -EINVAL);
+        assert_return(from != to, -EINVAL);
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+                usec_t fr, t;
+
+                r = journal_file_get_cutoff_realtime_usec(f, &fr, &t);
+                if (r == -ENOENT)
+                        continue;
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                if (first) {
+                        fmin = fr;
+                        tmax = t;
+                        first = false;
+                } else {
+                        fmin = MIN(fr, fmin);
+                        tmax = MAX(t, tmax);
+                }
+        }
+
+        if (from)
+                *from = fmin;
+        if (to)
+                *to = tmax;
+
+        return first ? 0 : 1;
+}
+
+_public_ int sd_journal_get_cutoff_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t *from, uint64_t *to) {
+        Iterator i;
+        JournalFile *f;
+        bool found = false;
+        int r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(from || to, -EINVAL);
+        assert_return(from != to, -EINVAL);
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+                usec_t fr, t;
+
+                r = journal_file_get_cutoff_monotonic_usec(f, boot_id, &fr, &t);
+                if (r == -ENOENT)
+                        continue;
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
+                if (found) {
+                        if (from)
+                                *from = MIN(fr, *from);
+                        if (to)
+                                *to = MAX(t, *to);
+                } else {
+                        if (from)
+                                *from = fr;
+                        if (to)
+                                *to = t;
+                        found = true;
+                }
+        }
+
+        return found;
+}
+
+void journal_print_header(sd_journal *j) {
+        Iterator i;
+        JournalFile *f;
+        bool newline = false;
+
+        assert(j);
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+                if (newline)
+                        putchar('\n');
+                else
+                        newline = true;
+
+                journal_file_print_header(f);
+        }
+}
+
+_public_ int sd_journal_get_usage(sd_journal *j, uint64_t *bytes) {
+        Iterator i;
+        JournalFile *f;
+        uint64_t sum = 0;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(bytes, -EINVAL);
+
+        ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+                struct stat st;
+
+                if (fstat(f->fd, &st) < 0)
+                        return -errno;
+
+                sum += (uint64_t) st.st_blocks * 512ULL;
+        }
+
+        *bytes = sum;
+        return 0;
+}
+
+_public_ int sd_journal_query_unique(sd_journal *j, const char *field) {
+        char *f;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(!isempty(field), -EINVAL);
+        assert_return(field_is_valid(field), -EINVAL);
+
+        f = strdup(field);
+        if (!f)
+                return -ENOMEM;
+
+        free(j->unique_field);
+        j->unique_field = f;
+        j->unique_file = NULL;
+        j->unique_offset = 0;
+        j->unique_file_lost = false;
+
+        return 0;
+}
+
+_public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_t *l) {
+        size_t k;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(data, -EINVAL);
+        assert_return(l, -EINVAL);
+        assert_return(j->unique_field, -EINVAL);
+
+        k = strlen(j->unique_field);
+
+        if (!j->unique_file) {
+                if (j->unique_file_lost)
+                        return 0;
+
+                j->unique_file = ordered_hashmap_first(j->files);
+                if (!j->unique_file)
+                        return 0;
+
+                j->unique_offset = 0;
+        }
+
+        for (;;) {
+                JournalFile *of;
+                Iterator i;
+                Object *o;
+                const void *odata;
+                size_t ol;
+                bool found;
+                int r;
+
+                /* Proceed to next data object in the field's linked list */
+                if (j->unique_offset == 0) {
+                        r = journal_file_find_field_object(j->unique_file, j->unique_field, k, &o, NULL);
+                        if (r < 0)
+                                return r;
+
+                        j->unique_offset = r > 0 ? le64toh(o->field.head_data_offset) : 0;
+                } else {
+                        r = journal_file_move_to_object(j->unique_file, OBJECT_DATA, j->unique_offset, &o);
+                        if (r < 0)
+                                return r;
+
+                        j->unique_offset = le64toh(o->data.next_field_offset);
+                }
+
+                /* We reached the end of the list? Then start again, with the next file */
+                if (j->unique_offset == 0) {
+                        j->unique_file = ordered_hashmap_next(j->files, j->unique_file->path);
+                        if (!j->unique_file)
+                                return 0;
+
+                        continue;
+                }
+
+                /* We do not use OBJECT_DATA context here, but OBJECT_UNUSED
+                 * instead, so that we can look at this data object at the same
+                 * time as one on another file */
+                r = journal_file_move_to_object(j->unique_file, OBJECT_UNUSED, j->unique_offset, &o);
+                if (r < 0)
+                        return r;
+
+                /* Let's do the type check by hand, since we used 0 context above. */
+                if (o->object.type != OBJECT_DATA) {
+                        log_debug("%s:offset " OFSfmt ": object has type %d, expected %d",
+                                  j->unique_file->path, j->unique_offset,
+                                  o->object.type, OBJECT_DATA);
+                        return -EBADMSG;
+                }
+
+                r = return_data(j, j->unique_file, o, &odata, &ol);
+                if (r < 0)
+                        return r;
+
+                /* Check if we have at least the field name and "=". */
+                if (ol <= k) {
+                        log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu",
+                                  j->unique_file->path, j->unique_offset,
+                                  ol, k + 1);
+                        return -EBADMSG;
+                }
+
+                if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') {
+                        log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"",
+                                  j->unique_file->path, j->unique_offset,
+                                  j->unique_field);
+                        return -EBADMSG;
+                }
+
+                /* OK, now let's see if we already returned this data
+                 * object by checking if it exists in the earlier
+                 * traversed files. */
+                found = false;
+                ORDERED_HASHMAP_FOREACH(of, j->files, i) {
+                        if (of == j->unique_file)
+                                break;
+
+                        /* Skip this file it didn't have any fields indexed */
+                        if (JOURNAL_HEADER_CONTAINS(of->header, n_fields) && le64toh(of->header->n_fields) <= 0)
+                                continue;
+
+                        r = journal_file_find_data_object_with_hash(of, odata, ol, le64toh(o->data.hash), NULL, NULL);
+                        if (r < 0)
+                                return r;
+                        if (r > 0) {
+                                found = true;
+                                break;
+                        }
+                }
+
+                if (found)
+                        continue;
+
+                r = return_data(j, j->unique_file, o, data, l);
+                if (r < 0)
+                        return r;
+
+                return 1;
+        }
+}
+
+_public_ void sd_journal_restart_unique(sd_journal *j) {
+        if (!j)
+                return;
+
+        j->unique_file = NULL;
+        j->unique_offset = 0;
+        j->unique_file_lost = false;
+}
+
+_public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) {
+        int r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(field, -EINVAL);
+
+        if (!j->fields_file) {
+                if (j->fields_file_lost)
+                        return 0;
+
+                j->fields_file = ordered_hashmap_first(j->files);
+                if (!j->fields_file)
+                        return 0;
+
+                j->fields_hash_table_index = 0;
+                j->fields_offset = 0;
+        }
+
+        for (;;) {
+                JournalFile *f, *of;
+                Iterator i;
+                uint64_t m;
+                Object *o;
+                size_t sz;
+                bool found;
+
+                f = j->fields_file;
+
+                if (j->fields_offset == 0) {
+                        bool eof = false;
+
+                        /* We are not yet positioned at any field. Let's pick the first one */
+                        r = journal_file_map_field_hash_table(f);
+                        if (r < 0)
+                                return r;
+
+                        m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
+                        for (;;) {
+                                if (j->fields_hash_table_index >= m) {
+                                        /* Reached the end of the hash table, go to the next file. */
+                                        eof = true;
+                                        break;
+                                }
+
+                                j->fields_offset = le64toh(f->field_hash_table[j->fields_hash_table_index].head_hash_offset);
+
+                                if (j->fields_offset != 0)
+                                        break;
+
+                                /* Empty hash table bucket, go to next one */
+                                j->fields_hash_table_index++;
+                        }
+
+                        if (eof) {
+                                /* Proceed with next file */
+                                j->fields_file = ordered_hashmap_next(j->files, f->path);
+                                if (!j->fields_file) {
+                                        *field = NULL;
+                                        return 0;
+                                }
+
+                                j->fields_offset = 0;
+                                j->fields_hash_table_index = 0;
+                                continue;
+                        }
+
+                } else {
+                        /* We are already positioned at a field. If so, let's figure out the next field from it */
+
+                        r = journal_file_move_to_object(f, OBJECT_FIELD, j->fields_offset, &o);
+                        if (r < 0)
+                                return r;
+
+                        j->fields_offset = le64toh(o->field.next_hash_offset);
+                        if (j->fields_offset == 0) {
+                                /* Reached the end of the hash table chain */
+                                j->fields_hash_table_index++;
+                                continue;
+                        }
+                }
+
+                /* We use OBJECT_UNUSED here, so that the iterator below doesn't remove our mmap window */
+                r = journal_file_move_to_object(f, OBJECT_UNUSED, j->fields_offset, &o);
+                if (r < 0)
+                        return r;
+
+                /* Because we used OBJECT_UNUSED above, we need to do our type check manually */
+                if (o->object.type != OBJECT_FIELD) {
+                        log_debug("%s:offset " OFSfmt ": object has type %i, expected %i", f->path, j->fields_offset, o->object.type, OBJECT_FIELD);
+                        return -EBADMSG;
+                }
+
+                sz = le64toh(o->object.size) - offsetof(Object, field.payload);
+
+                /* Let's see if we already returned this field name before. */
+                found = false;
+                ORDERED_HASHMAP_FOREACH(of, j->files, i) {
+                        if (of == f)
+                                break;
+
+                        /* Skip this file it didn't have any fields indexed */
+                        if (JOURNAL_HEADER_CONTAINS(of->header, n_fields) && le64toh(of->header->n_fields) <= 0)
+                                continue;
+
+                        r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, le64toh(o->field.hash), NULL, NULL);
+                        if (r < 0)
+                                return r;
+                        if (r > 0) {
+                                found = true;
+                                break;
+                        }
+                }
+
+                if (found)
+                        continue;
+
+                /* Check if this is really a valid string containing no NUL byte */
+                if (memchr(o->field.payload, 0, sz))
+                        return -EBADMSG;
+
+                if (sz > j->data_threshold)
+                        sz = j->data_threshold;
+
+                if (!GREEDY_REALLOC(j->fields_buffer, j->fields_buffer_allocated, sz + 1))
+                        return -ENOMEM;
+
+                memcpy(j->fields_buffer, o->field.payload, sz);
+                j->fields_buffer[sz] = 0;
+
+                if (!field_is_valid(j->fields_buffer))
+                        return -EBADMSG;
+
+                *field = j->fields_buffer;
+                return 1;
+        }
+}
+
+_public_ void sd_journal_restart_fields(sd_journal *j) {
+        if (!j)
+                return;
+
+        j->fields_file = NULL;
+        j->fields_hash_table_index = 0;
+        j->fields_offset = 0;
+        j->fields_file_lost = false;
+}
+
+_public_ int sd_journal_reliable_fd(sd_journal *j) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        return !j->on_network;
+}
+
+static char *lookup_field(const char *field, void *userdata) {
+        sd_journal *j = userdata;
+        const void *data;
+        size_t size, d;
+        int r;
+
+        assert(field);
+        assert(j);
+
+        r = sd_journal_get_data(j, field, &data, &size);
+        if (r < 0 ||
+            size > REPLACE_VAR_MAX)
+                return strdup(field);
+
+        d = strlen(field) + 1;
+
+        return strndup((const char*) data + d, size - d);
+}
+
+_public_ int sd_journal_get_catalog(sd_journal *j, char **ret) {
+        const void *data;
+        size_t size;
+        sd_id128_t id;
+        _cleanup_free_ char *text = NULL, *cid = NULL;
+        char *t;
+        int r;
+
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(ret, -EINVAL);
+
+        r = sd_journal_get_data(j, "MESSAGE_ID", &data, &size);
+        if (r < 0)
+                return r;
+
+        cid = strndup((const char*) data + 11, size - 11);
+        if (!cid)
+                return -ENOMEM;
+
+        r = sd_id128_from_string(cid, &id);
+        if (r < 0)
+                return r;
+
+        r = catalog_get(CATALOG_DATABASE, id, &text);
+        if (r < 0)
+                return r;
+
+        t = replace_var(text, lookup_field, j);
+        if (!t)
+                return -ENOMEM;
+
+        *ret = t;
+        return 0;
+}
+
+_public_ int sd_journal_get_catalog_for_message_id(sd_id128_t id, char **ret) {
+        assert_return(ret, -EINVAL);
+
+        return catalog_get(CATALOG_DATABASE, id, ret);
+}
+
+_public_ int sd_journal_set_data_threshold(sd_journal *j, size_t sz) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+
+        j->data_threshold = sz;
+        return 0;
+}
+
+_public_ int sd_journal_get_data_threshold(sd_journal *j, size_t *sz) {
+        assert_return(j, -EINVAL);
+        assert_return(!journal_pid_changed(j), -ECHILD);
+        assert_return(sz, -EINVAL);
+
+        *sz = j->data_threshold;
+        return 0;
+}
+
+_public_ int sd_journal_has_runtime_files(sd_journal *j) {
+        assert_return(j, -EINVAL);
+
+        return j->has_runtime_files;
+}
+
+_public_ int sd_journal_has_persistent_files(sd_journal *j) {
+        assert_return(j, -EINVAL);
+
+        return j->has_persistent_files;
+}
diff --git a/src/libsystemd/sd-bus/Makefile b/src/libsystemd/sd-bus/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/libsystemd/sd-bus/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-bus/bus-common-errors.c b/src/libsystemd/sd-bus/bus-common-errors.c
deleted file mode 100644
index 02e3bf904c..0000000000
--- a/src/libsystemd/sd-bus/bus-common-errors.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-
-#include "sd-bus.h"
-
-#include "bus-common-errors.h"
-#include "bus-error.h"
-
-BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_common_errors[] = {
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_UNIT,                 ENOENT),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_UNIT_FOR_PID,              ESRCH),
-        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_EXISTS,                  EEXIST),
-        SD_BUS_ERROR_MAP(BUS_ERROR_LOAD_FAILED,                  EIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_JOB_FAILED,                   EREMOTEIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_JOB,                  ENOENT),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NOT_SUBSCRIBED,               EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_ALREADY_SUBSCRIBED,           EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_ONLY_BY_DEPENDENCY,           EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSACTION_JOBS_CONFLICTING, EDEADLK),
-        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSACTION_ORDER_IS_CYCLIC,  EDEADLK),
-        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE,   EDEADLK),
-        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_MASKED,                  ESHUTDOWN),
-        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_GENERATED,               EADDRNOTAVAIL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_LINKED,                  ELOOP),
-        SD_BUS_ERROR_MAP(BUS_ERROR_JOB_TYPE_NOT_APPLICABLE,      EBADR),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_ISOLATION,                 EPERM),
-        SD_BUS_ERROR_MAP(BUS_ERROR_SHUTTING_DOWN,                ECANCELED),
-        SD_BUS_ERROR_MAP(BUS_ERROR_SCOPE_NOT_RUNNING,            EHOSTDOWN),
-
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_MACHINE,              ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_IMAGE,                ENOENT),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_MACHINE_FOR_PID,           ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_MACHINE_EXISTS,               EEXIST),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_PRIVATE_NETWORKING,        ENOSYS),
-
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_SESSION,              ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SESSION_FOR_PID,           ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_USER,                 ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_USER_FOR_PID,              ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_SEAT,                 ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_SESSION_NOT_ON_SEAT,          EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NOT_IN_CONTROL,               EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_DEVICE_IS_TAKEN,              EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_DEVICE_NOT_TAKEN,             EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_OPERATION_IN_PROGRESS,        EINPROGRESS),
-        SD_BUS_ERROR_MAP(BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED,     EOPNOTSUPP),
-
-        SD_BUS_ERROR_MAP(BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED,  EALREADY),
-
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_PROCESS,              ESRCH),
-
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_NAME_SERVERS,              ESRCH),
-        SD_BUS_ERROR_MAP(BUS_ERROR_INVALID_REPLY,                EINVAL),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_RR,                   ENOENT),
-        SD_BUS_ERROR_MAP(BUS_ERROR_CNAME_LOOP,                   EDEADLK),
-        SD_BUS_ERROR_MAP(BUS_ERROR_ABORTED,                      ECANCELED),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_SERVICE,              EUNATCH),
-        SD_BUS_ERROR_MAP(BUS_ERROR_DNSSEC_FAILED,                EHOSTUNREACH),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_TRUST_ANCHOR,              EHOSTUNREACH),
-        SD_BUS_ERROR_MAP(BUS_ERROR_RR_TYPE_UNSUPPORTED,          EOPNOTSUPP),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_LINK,                 ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_LINK_BUSY,                    EBUSY),
-        SD_BUS_ERROR_MAP(BUS_ERROR_NETWORK_DOWN,                 ENETDOWN),
-
-        SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_TRANSFER,             ENXIO),
-        SD_BUS_ERROR_MAP(BUS_ERROR_TRANSFER_IN_PROGRESS,         EBUSY),
-
-        SD_BUS_ERROR_MAP_END
-};
diff --git a/src/libsystemd/sd-bus/bus-container.h b/src/libsystemd/sd-bus/bus-container.h
deleted file mode 100644
index 509ef45624..0000000000
--- a/src/libsystemd/sd-bus/bus-container.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-int bus_container_connect_socket(sd_bus *b);
-int bus_container_connect_kernel(sd_bus *b);
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
deleted file mode 100644
index 52128e7b5c..0000000000
--- a/src/libsystemd/sd-bus/bus-control.c
+++ /dev/null
@@ -1,1588 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#ifdef HAVE_VALGRIND_MEMCHECK_H
-#include <valgrind/memcheck.h>
-#endif
-
-#include <errno.h>
-#include <stddef.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-bloom.h"
-#include "bus-control.h"
-#include "bus-internal.h"
-#include "bus-message.h"
-#include "bus-util.h"
-#include "capability-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "user-util.h"
-
-_public_ int sd_bus_get_unique_name(sd_bus *bus, const char **unique) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(unique, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        r = bus_ensure_running(bus);
-        if (r < 0)
-                return r;
-
-        *unique = bus->unique_name;
-        return 0;
-}
-
-static int bus_request_name_kernel(sd_bus *bus, const char *name, uint64_t flags) {
-        struct kdbus_cmd *n;
-        size_t size, l;
-        int r;
-
-        assert(bus);
-        assert(name);
-
-        l = strlen(name) + 1;
-        size = offsetof(struct kdbus_cmd, items) + KDBUS_ITEM_SIZE(l);
-        n = alloca0_align(size, 8);
-        n->size = size;
-        n->flags = request_name_flags_to_kdbus(flags);
-
-        n->items[0].size = KDBUS_ITEM_HEADER_SIZE + l;
-        n->items[0].type = KDBUS_ITEM_NAME;
-        memcpy(n->items[0].str, name, l);
-
-#ifdef HAVE_VALGRIND_MEMCHECK_H
-        VALGRIND_MAKE_MEM_DEFINED(n, n->size);
-#endif
-
-        r = ioctl(bus->input_fd, KDBUS_CMD_NAME_ACQUIRE, n);
-        if (r < 0)
-                return -errno;
-
-        if (n->return_flags & KDBUS_NAME_IN_QUEUE)
-                return 0;
-
-        return 1;
-}
-
-static int bus_request_name_dbus1(sd_bus *bus, const char *name, uint64_t flags) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        uint32_t ret, param = 0;
-        int r;
-
-        assert(bus);
-        assert(name);
-
-        if (flags & SD_BUS_NAME_ALLOW_REPLACEMENT)
-                param |= BUS_NAME_ALLOW_REPLACEMENT;
-        if (flags & SD_BUS_NAME_REPLACE_EXISTING)
-                param |= BUS_NAME_REPLACE_EXISTING;
-        if (!(flags & SD_BUS_NAME_QUEUE))
-                param |= BUS_NAME_DO_NOT_QUEUE;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.DBus",
-                        "/org/freedesktop/DBus",
-                        "org.freedesktop.DBus",
-                        "RequestName",
-                        NULL,
-                        &reply,
-                        "su",
-                        name,
-                        param);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(reply, "u", &ret);
-        if (r < 0)
-                return r;
-
-        if (ret == BUS_NAME_ALREADY_OWNER)
-                return -EALREADY;
-        else if (ret == BUS_NAME_EXISTS)
-                return -EEXIST;
-        else if (ret == BUS_NAME_IN_QUEUE)
-                return 0;
-        else if (ret == BUS_NAME_PRIMARY_OWNER)
-                return 1;
-
-        return -EIO;
-}
-
-_public_ int sd_bus_request_name(sd_bus *bus, const char *name, uint64_t flags) {
-        assert_return(bus, -EINVAL);
-        assert_return(name, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-        assert_return(!(flags & ~(SD_BUS_NAME_ALLOW_REPLACEMENT|SD_BUS_NAME_REPLACE_EXISTING|SD_BUS_NAME_QUEUE)), -EINVAL);
-        assert_return(service_name_is_valid(name), -EINVAL);
-        assert_return(name[0] != ':', -EINVAL);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        /* Don't allow requesting the special driver and local names */
-        if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
-                return -EINVAL;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (bus->is_kernel)
-                return bus_request_name_kernel(bus, name, flags);
-        else
-                return bus_request_name_dbus1(bus, name, flags);
-}
-
-static int bus_release_name_kernel(sd_bus *bus, const char *name) {
-        struct kdbus_cmd *n;
-        size_t size, l;
-        int r;
-
-        assert(bus);
-        assert(name);
-
-        l = strlen(name) + 1;
-        size = offsetof(struct kdbus_cmd, items) + KDBUS_ITEM_SIZE(l);
-        n = alloca0_align(size, 8);
-        n->size = size;
-
-        n->items[0].size = KDBUS_ITEM_HEADER_SIZE + l;
-        n->items[0].type = KDBUS_ITEM_NAME;
-        memcpy(n->items[0].str, name, l);
-
-#ifdef HAVE_VALGRIND_MEMCHECK_H
-        VALGRIND_MAKE_MEM_DEFINED(n, n->size);
-#endif
-        r = ioctl(bus->input_fd, KDBUS_CMD_NAME_RELEASE, n);
-        if (r < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int bus_release_name_dbus1(sd_bus *bus, const char *name) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        uint32_t ret;
-        int r;
-
-        assert(bus);
-        assert(name);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.DBus",
-                        "/org/freedesktop/DBus",
-                        "org.freedesktop.DBus",
-                        "ReleaseName",
-                        NULL,
-                        &reply,
-                        "s",
-                        name);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(reply, "u", &ret);
-        if (r < 0)
-                return r;
-        if (ret == BUS_NAME_NON_EXISTENT)
-                return -ESRCH;
-        if (ret == BUS_NAME_NOT_OWNER)
-                return -EADDRINUSE;
-        if (ret == BUS_NAME_RELEASED)
-                return 0;
-
-        return -EINVAL;
-}
-
-_public_ int sd_bus_release_name(sd_bus *bus, const char *name) {
-        assert_return(bus, -EINVAL);
-        assert_return(name, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-        assert_return(service_name_is_valid(name), -EINVAL);
-        assert_return(name[0] != ':', -EINVAL);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        /* Don't allow releasing the special driver and local names */
-        if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
-                return -EINVAL;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (bus->is_kernel)
-                return bus_release_name_kernel(bus, name);
-        else
-                return bus_release_name_dbus1(bus, name);
-}
-
-static int kernel_get_list(sd_bus *bus, uint64_t flags, char ***x) {
-        struct kdbus_cmd_list cmd = {
-                .size = sizeof(cmd),
-                .flags = flags,
-        };
-        struct kdbus_info *name_list, *name;
-        uint64_t previous_id = 0;
-        int r;
-
-        /* Caller will free half-constructed list on failure... */
-
-        r = ioctl(bus->input_fd, KDBUS_CMD_LIST, &cmd);
-        if (r < 0)
-                return -errno;
-
-        name_list = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd.offset);
-
-        KDBUS_FOREACH(name, name_list, cmd.list_size) {
-                struct kdbus_item *item;
-
-                if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && !(name->flags & KDBUS_HELLO_ACTIVATOR)) {
-                        char *n;
-
-                        if (asprintf(&n, ":1.%llu", (unsigned long long) name->id) < 0) {
-                                r = -ENOMEM;
-                                goto fail;
-                        }
-
-                        r = strv_consume(x, n);
-                        if (r < 0)
-                                goto fail;
-
-                        previous_id = name->id;
-                }
-
-                KDBUS_ITEM_FOREACH(item, name, items) {
-                        if (item->type == KDBUS_ITEM_OWNED_NAME) {
-                                if (service_name_is_valid(item->name.name)) {
-                                        r = strv_extend(x, item->name.name);
-                                        if (r < 0) {
-                                                r = -ENOMEM;
-                                                goto fail;
-                                        }
-                                }
-                        }
-                }
-        }
-
-        r = 0;
-
-fail:
-        bus_kernel_cmd_free(bus, cmd.offset);
-        return r;
-}
-
-static int bus_list_names_kernel(sd_bus *bus, char ***acquired, char ***activatable) {
-        _cleanup_strv_free_ char **x = NULL, **y = NULL;
-        int r;
-
-        if (acquired) {
-                r = kernel_get_list(bus, KDBUS_LIST_UNIQUE | KDBUS_LIST_NAMES, &x);
-                if (r < 0)
-                        return r;
-        }
-
-        if (activatable) {
-                r = kernel_get_list(bus, KDBUS_LIST_ACTIVATORS, &y);
-                if (r < 0)
-                        return r;
-
-                *activatable = y;
-                y = NULL;
-        }
-
-        if (acquired) {
-                *acquired = x;
-                x = NULL;
-        }
-
-        return 0;
-}
-
-static int bus_list_names_dbus1(sd_bus *bus, char ***acquired, char ***activatable) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_strv_free_ char **x = NULL, **y = NULL;
-        int r;
-
-        if (acquired) {
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.DBus",
-                                "/org/freedesktop/DBus",
-                                "org.freedesktop.DBus",
-                                "ListNames",
-                                NULL,
-                                &reply,
-                                NULL);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_read_strv(reply, &x);
-                if (r < 0)
-                        return r;
-
-                reply = sd_bus_message_unref(reply);
-        }
-
-        if (activatable) {
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.DBus",
-                                "/org/freedesktop/DBus",
-                                "org.freedesktop.DBus",
-                                "ListActivatableNames",
-                                NULL,
-                                &reply,
-                                NULL);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_read_strv(reply, &y);
-                if (r < 0)
-                        return r;
-
-                *activatable = y;
-                y = NULL;
-        }
-
-        if (acquired) {
-                *acquired = x;
-                x = NULL;
-        }
-
-        return 0;
-}
-
-_public_ int sd_bus_list_names(sd_bus *bus, char ***acquired, char ***activatable) {
-        assert_return(bus, -EINVAL);
-        assert_return(acquired || activatable, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (bus->is_kernel)
-                return bus_list_names_kernel(bus, acquired, activatable);
-        else
-                return bus_list_names_dbus1(bus, acquired, activatable);
-}
-
-static int bus_populate_creds_from_items(
-                sd_bus *bus,
-                struct kdbus_info *info,
-                uint64_t mask,
-                sd_bus_creds *c) {
-
-        struct kdbus_item *item;
-        uint64_t m;
-        int r;
-
-        assert(bus);
-        assert(info);
-        assert(c);
-
-        KDBUS_ITEM_FOREACH(item, info, items) {
-
-                switch (item->type) {
-
-                case KDBUS_ITEM_PIDS:
-
-                        if (mask & SD_BUS_CREDS_PID && item->pids.pid > 0) {
-                                c->pid = (pid_t) item->pids.pid;
-                                c->mask |= SD_BUS_CREDS_PID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_TID && item->pids.tid > 0) {
-                                c->tid = (pid_t) item->pids.tid;
-                                c->mask |= SD_BUS_CREDS_TID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_PPID) {
-                                if (item->pids.ppid > 0) {
-                                        c->ppid = (pid_t) item->pids.ppid;
-                                        c->mask |= SD_BUS_CREDS_PPID;
-                                } else if (item->pids.pid == 1) {
-                                        /* The structure doesn't
-                                         * really distinguish the case
-                                         * where a process has no
-                                         * parent and where we don't
-                                         * know it because it could
-                                         * not be translated due to
-                                         * namespaces. However, we
-                                         * know that PID 1 has no
-                                         * parent process, hence let's
-                                         * patch that in, manually. */
-                                        c->ppid = 0;
-                                        c->mask |= SD_BUS_CREDS_PPID;
-                                }
-                        }
-
-                        break;
-
-                case KDBUS_ITEM_CREDS:
-
-                        if (mask & SD_BUS_CREDS_UID && (uid_t) item->creds.uid != UID_INVALID) {
-                                c->uid = (uid_t) item->creds.uid;
-                                c->mask |= SD_BUS_CREDS_UID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_EUID && (uid_t) item->creds.euid != UID_INVALID) {
-                                c->euid = (uid_t) item->creds.euid;
-                                c->mask |= SD_BUS_CREDS_EUID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_SUID && (uid_t) item->creds.suid != UID_INVALID) {
-                                c->suid = (uid_t) item->creds.suid;
-                                c->mask |= SD_BUS_CREDS_SUID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_FSUID && (uid_t) item->creds.fsuid != UID_INVALID) {
-                                c->fsuid = (uid_t) item->creds.fsuid;
-                                c->mask |= SD_BUS_CREDS_FSUID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_GID && (gid_t) item->creds.gid != GID_INVALID) {
-                                c->gid = (gid_t) item->creds.gid;
-                                c->mask |= SD_BUS_CREDS_GID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_EGID && (gid_t) item->creds.egid != GID_INVALID) {
-                                c->egid = (gid_t) item->creds.egid;
-                                c->mask |= SD_BUS_CREDS_EGID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_SGID && (gid_t) item->creds.sgid != GID_INVALID) {
-                                c->sgid = (gid_t) item->creds.sgid;
-                                c->mask |= SD_BUS_CREDS_SGID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_FSGID && (gid_t) item->creds.fsgid != GID_INVALID) {
-                                c->fsgid = (gid_t) item->creds.fsgid;
-                                c->mask |= SD_BUS_CREDS_FSGID;
-                        }
-
-                        break;
-
-                case KDBUS_ITEM_PID_COMM:
-                        if (mask & SD_BUS_CREDS_COMM) {
-                                r = free_and_strdup(&c->comm, item->str);
-                                if (r < 0)
-                                        return r;
-
-                                c->mask |= SD_BUS_CREDS_COMM;
-                        }
-                        break;
-
-                case KDBUS_ITEM_TID_COMM:
-                        if (mask & SD_BUS_CREDS_TID_COMM) {
-                                r = free_and_strdup(&c->tid_comm, item->str);
-                                if (r < 0)
-                                        return r;
-
-                                c->mask |= SD_BUS_CREDS_TID_COMM;
-                        }
-                        break;
-
-                case KDBUS_ITEM_EXE:
-                        if (mask & SD_BUS_CREDS_EXE) {
-                                r = free_and_strdup(&c->exe, item->str);
-                                if (r < 0)
-                                        return r;
-
-                                c->mask |= SD_BUS_CREDS_EXE;
-                        }
-                        break;
-
-                case KDBUS_ITEM_CMDLINE:
-                        if (mask & SD_BUS_CREDS_CMDLINE) {
-                                c->cmdline_size = item->size - offsetof(struct kdbus_item, data);
-                                c->cmdline = memdup(item->data, c->cmdline_size);
-                                if (!c->cmdline)
-                                        return -ENOMEM;
-
-                                c->mask |= SD_BUS_CREDS_CMDLINE;
-                        }
-                        break;
-
-                case KDBUS_ITEM_CGROUP:
-                        m = (SD_BUS_CREDS_CGROUP | SD_BUS_CREDS_UNIT |
-                             SD_BUS_CREDS_USER_UNIT | SD_BUS_CREDS_SLICE |
-                             SD_BUS_CREDS_SESSION | SD_BUS_CREDS_OWNER_UID) & mask;
-
-                        if (m) {
-                                r = free_and_strdup(&c->cgroup, item->str);
-                                if (r < 0)
-                                        return r;
-
-                                r = bus_get_root_path(bus);
-                                if (r < 0)
-                                        return r;
-
-                                r = free_and_strdup(&c->cgroup_root, bus->cgroup_root);
-                                if (r < 0)
-                                        return r;
-
-                                c->mask |= m;
-                        }
-                        break;
-
-                case KDBUS_ITEM_CAPS:
-                        m = (SD_BUS_CREDS_EFFECTIVE_CAPS | SD_BUS_CREDS_PERMITTED_CAPS |
-                             SD_BUS_CREDS_INHERITABLE_CAPS | SD_BUS_CREDS_BOUNDING_CAPS) & mask;
-
-                        if (m) {
-                                if (item->caps.last_cap != cap_last_cap() ||
-                                    item->size - offsetof(struct kdbus_item, caps.caps) < DIV_ROUND_UP(item->caps.last_cap, 32U) * 4 * 4)
-                                        return -EBADMSG;
-
-                                c->capability = memdup(item->caps.caps, item->size - offsetof(struct kdbus_item, caps.caps));
-                                if (!c->capability)
-                                        return -ENOMEM;
-
-                                c->mask |= m;
-                        }
-                        break;
-
-                case KDBUS_ITEM_SECLABEL:
-                        if (mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
-                                r = free_and_strdup(&c->label, item->str);
-                                if (r < 0)
-                                        return r;
-
-                                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
-                        }
-                        break;
-
-                case KDBUS_ITEM_AUDIT:
-                        if (mask & SD_BUS_CREDS_AUDIT_SESSION_ID) {
-                                c->audit_session_id = (uint32_t) item->audit.sessionid;
-                                c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
-                        }
-
-                        if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
-                                c->audit_login_uid = (uid_t) item->audit.loginuid;
-                                c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
-                        }
-                        break;
-
-                case KDBUS_ITEM_OWNED_NAME:
-                        if ((mask & SD_BUS_CREDS_WELL_KNOWN_NAMES) && service_name_is_valid(item->name.name)) {
-                                r = strv_extend(&c->well_known_names, item->name.name);
-                                if (r < 0)
-                                        return r;
-
-                                c->mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES;
-                        }
-                        break;
-
-                case KDBUS_ITEM_CONN_DESCRIPTION:
-                        if (mask & SD_BUS_CREDS_DESCRIPTION) {
-                                r = free_and_strdup(&c->description, item->str);
-                                if (r < 0)
-                                        return r;
-
-                                c->mask |= SD_BUS_CREDS_DESCRIPTION;
-                        }
-                        break;
-
-                case KDBUS_ITEM_AUXGROUPS:
-                        if (mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
-                                size_t i, n;
-                                uid_t *g;
-
-                                n = (item->size - offsetof(struct kdbus_item, data64)) / sizeof(uint64_t);
-                                g = new(gid_t, n);
-                                if (!g)
-                                        return -ENOMEM;
-
-                                for (i = 0; i < n; i++)
-                                        g[i] = item->data64[i];
-
-                                free(c->supplementary_gids);
-                                c->supplementary_gids = g;
-                                c->n_supplementary_gids = n;
-
-                                c->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
-                        }
-                        break;
-                }
-        }
-
-        return 0;
-}
-
-int bus_get_name_creds_kdbus(
-                sd_bus *bus,
-                const char *name,
-                uint64_t mask,
-                bool allow_activator,
-                sd_bus_creds **creds) {
-
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
-        struct kdbus_cmd_info *cmd;
-        struct kdbus_info *conn_info;
-        size_t size, l;
-        uint64_t id;
-        int r;
-
-        if (streq(name, "org.freedesktop.DBus"))
-                return -EOPNOTSUPP;
-
-        r = bus_kernel_parse_unique_name(name, &id);
-        if (r < 0)
-                return r;
-        if (r > 0) {
-                size = offsetof(struct kdbus_cmd_info, items);
-                cmd = alloca0_align(size, 8);
-                cmd->id = id;
-        } else {
-                l = strlen(name) + 1;
-                size = offsetof(struct kdbus_cmd_info, items) + KDBUS_ITEM_SIZE(l);
-                cmd = alloca0_align(size, 8);
-                cmd->items[0].size = KDBUS_ITEM_HEADER_SIZE + l;
-                cmd->items[0].type = KDBUS_ITEM_NAME;
-                memcpy(cmd->items[0].str, name, l);
-        }
-
-        /* If augmentation is on, and the bus didn't provide us
-         * the bits we want, then ask for the PID/TID so that we
-         * can read the rest from /proc. */
-        if ((mask & SD_BUS_CREDS_AUGMENT) &&
-            (mask & (SD_BUS_CREDS_PPID|
-                     SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
-                     SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
-                     SD_BUS_CREDS_SUPPLEMENTARY_GIDS|
-                     SD_BUS_CREDS_COMM|SD_BUS_CREDS_TID_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
-                     SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
-                     SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
-                     SD_BUS_CREDS_SELINUX_CONTEXT|
-                     SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))
-                mask |= SD_BUS_CREDS_PID;
-
-        cmd->size = size;
-        cmd->attach_flags = attach_flags_to_kdbus(mask);
-
-        r = ioctl(bus->input_fd, KDBUS_CMD_CONN_INFO, cmd);
-        if (r < 0)
-                return -errno;
-
-        conn_info = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd->offset);
-
-        /* Non-activated names are considered not available */
-        if (!allow_activator && (conn_info->flags & KDBUS_HELLO_ACTIVATOR)) {
-                if (name[0] == ':')
-                        r = -ENXIO;
-                else
-                        r = -ESRCH;
-                goto fail;
-        }
-
-        c = bus_creds_new();
-        if (!c) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        if (mask & SD_BUS_CREDS_UNIQUE_NAME) {
-                if (asprintf(&c->unique_name, ":1.%llu", (unsigned long long) conn_info->id) < 0) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
-        }
-
-        /* If KDBUS_ITEM_OWNED_NAME is requested then we'll get 0 of
-           them in case the service has no names. This does not mean
-           however that the list of owned names could not be
-           acquired. Hence, let's explicitly clarify that the data is
-           complete. */
-        c->mask |= mask & SD_BUS_CREDS_WELL_KNOWN_NAMES;
-
-        r = bus_populate_creds_from_items(bus, conn_info, mask, c);
-        if (r < 0)
-                goto fail;
-
-        r = bus_creds_add_more(c, mask, 0, 0);
-        if (r < 0)
-                goto fail;
-
-        if (creds) {
-                *creds = c;
-                c = NULL;
-        }
-
-        r = 0;
-
-fail:
-        bus_kernel_cmd_free(bus, cmd->offset);
-        return r;
-}
-
-static int bus_get_name_creds_dbus1(
-                sd_bus *bus,
-                const char *name,
-                uint64_t mask,
-                sd_bus_creds **creds) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply_unique = NULL, *reply = NULL;
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
-        const char *unique = NULL;
-        pid_t pid = 0;
-        int r;
-
-        /* Only query the owner if the caller wants to know it or if
-         * the caller just wants to check whether a name exists */
-        if ((mask & SD_BUS_CREDS_UNIQUE_NAME) || mask == 0) {
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.DBus",
-                                "/org/freedesktop/DBus",
-                                "org.freedesktop.DBus",
-                                "GetNameOwner",
-                                NULL,
-                                &reply_unique,
-                                "s",
-                                name);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_read(reply_unique, "s", &unique);
-                if (r < 0)
-                        return r;
-        }
-
-        if (mask != 0) {
-                c = bus_creds_new();
-                if (!c)
-                        return -ENOMEM;
-
-                if ((mask & SD_BUS_CREDS_UNIQUE_NAME) && unique) {
-                        c->unique_name = strdup(unique);
-                        if (!c->unique_name)
-                                return -ENOMEM;
-
-                        c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
-                }
-
-                if ((mask & SD_BUS_CREDS_PID) ||
-                    ((mask & SD_BUS_CREDS_AUGMENT) &&
-                     (mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
-                              SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
-                              SD_BUS_CREDS_SUPPLEMENTARY_GIDS|
-                              SD_BUS_CREDS_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
-                              SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
-                              SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
-                              SD_BUS_CREDS_SELINUX_CONTEXT|
-                              SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))) {
-
-                        uint32_t u;
-
-                        r = sd_bus_call_method(
-                                        bus,
-                                        "org.freedesktop.DBus",
-                                        "/org/freedesktop/DBus",
-                                        "org.freedesktop.DBus",
-                                        "GetConnectionUnixProcessID",
-                                        NULL,
-                                        &reply,
-                                        "s",
-                                        unique ? unique : name);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_read(reply, "u", &u);
-                        if (r < 0)
-                                return r;
-
-                        pid = u;
-                        if (mask & SD_BUS_CREDS_PID) {
-                                c->pid = u;
-                                c->mask |= SD_BUS_CREDS_PID;
-                        }
-
-                        reply = sd_bus_message_unref(reply);
-                }
-
-                if (mask & SD_BUS_CREDS_EUID) {
-                        uint32_t u;
-
-                        r = sd_bus_call_method(
-                                        bus,
-                                        "org.freedesktop.DBus",
-                                        "/org/freedesktop/DBus",
-                                        "org.freedesktop.DBus",
-                                        "GetConnectionUnixUser",
-                                        NULL,
-                                        &reply,
-                                        "s",
-                                        unique ? unique : name);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_read(reply, "u", &u);
-                        if (r < 0)
-                                return r;
-
-                        c->euid = u;
-                        c->mask |= SD_BUS_CREDS_EUID;
-
-                        reply = sd_bus_message_unref(reply);
-                }
-
-                if (mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
-                        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                        const void *p = NULL;
-                        size_t sz = 0;
-
-                        r = sd_bus_call_method(
-                                        bus,
-                                        "org.freedesktop.DBus",
-                                        "/org/freedesktop/DBus",
-                                        "org.freedesktop.DBus",
-                                        "GetConnectionSELinuxSecurityContext",
-                                        &error,
-                                        &reply,
-                                        "s",
-                                        unique ? unique : name);
-                        if (r < 0) {
-                                if (!sd_bus_error_has_name(&error, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown"))
-                                        return r;
-                        } else {
-                                r = sd_bus_message_read_array(reply, 'y', &p, &sz);
-                                if (r < 0)
-                                        return r;
-
-                                c->label = strndup(p, sz);
-                                if (!c->label)
-                                        return -ENOMEM;
-
-                                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
-                        }
-                }
-
-                r = bus_creds_add_more(c, mask, pid, 0);
-                if (r < 0)
-                        return r;
-        }
-
-        if (creds) {
-                *creds = c;
-                c = NULL;
-        }
-
-        return 0;
-}
-
-_public_ int sd_bus_get_name_creds(
-                sd_bus *bus,
-                const char *name,
-                uint64_t mask,
-                sd_bus_creds **creds) {
-
-        assert_return(bus, -EINVAL);
-        assert_return(name, -EINVAL);
-        assert_return((mask & ~SD_BUS_CREDS_AUGMENT) <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
-        assert_return(mask == 0 || creds, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-        assert_return(service_name_is_valid(name), -EINVAL);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        if (streq(name, "org.freedesktop.DBus.Local"))
-                return -EINVAL;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (bus->is_kernel)
-                return bus_get_name_creds_kdbus(bus, name, mask, false, creds);
-        else
-                return bus_get_name_creds_dbus1(bus, name, mask, creds);
-}
-
-static int bus_get_owner_creds_kdbus(sd_bus *bus, uint64_t mask, sd_bus_creds **ret) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
-        struct kdbus_cmd_info cmd = {
-                .size = sizeof(struct kdbus_cmd_info),
-        };
-        struct kdbus_info *creator_info;
-        pid_t pid = 0;
-        int r;
-
-        c = bus_creds_new();
-        if (!c)
-                return -ENOMEM;
-
-        /* If augmentation is on, and the bus doesn't didn't allow us
-         * to get the bits we want, then ask for the PID/TID so that we
-         * can read the rest from /proc. */
-        if ((mask & SD_BUS_CREDS_AUGMENT) &&
-            (mask & (SD_BUS_CREDS_PPID|
-                     SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
-                     SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
-                     SD_BUS_CREDS_SUPPLEMENTARY_GIDS|
-                     SD_BUS_CREDS_COMM|SD_BUS_CREDS_TID_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
-                     SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
-                     SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
-                     SD_BUS_CREDS_SELINUX_CONTEXT|
-                     SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))
-                mask |= SD_BUS_CREDS_PID;
-
-        cmd.attach_flags = attach_flags_to_kdbus(mask);
-
-        r = ioctl(bus->input_fd, KDBUS_CMD_BUS_CREATOR_INFO, &cmd);
-        if (r < 0)
-                return -errno;
-
-        creator_info = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd.offset);
-
-        r = bus_populate_creds_from_items(bus, creator_info, mask, c);
-        bus_kernel_cmd_free(bus, cmd.offset);
-        if (r < 0)
-                return r;
-
-        r = bus_creds_add_more(c, mask, pid, 0);
-        if (r < 0)
-                return r;
-
-        *ret = c;
-        c = NULL;
-        return 0;
-}
-
-static int bus_get_owner_creds_dbus1(sd_bus *bus, uint64_t mask, sd_bus_creds **ret) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
-        pid_t pid = 0;
-        bool do_label;
-        int r;
-
-        assert(bus);
-
-        do_label = bus->label && (mask & SD_BUS_CREDS_SELINUX_CONTEXT);
-
-        /* Avoid allocating anything if we have no chance of returning useful data */
-        if (!bus->ucred_valid && !do_label)
-                return -ENODATA;
-
-        c = bus_creds_new();
-        if (!c)
-                return -ENOMEM;
-
-        if (bus->ucred_valid) {
-                if (bus->ucred.pid > 0) {
-                        pid = c->pid = bus->ucred.pid;
-                        c->mask |= SD_BUS_CREDS_PID & mask;
-                }
-
-                if (bus->ucred.uid != UID_INVALID) {
-                        c->euid = bus->ucred.uid;
-                        c->mask |= SD_BUS_CREDS_EUID & mask;
-                }
-
-                if (bus->ucred.gid != GID_INVALID) {
-                        c->egid = bus->ucred.gid;
-                        c->mask |= SD_BUS_CREDS_EGID & mask;
-                }
-        }
-
-        if (do_label) {
-                c->label = strdup(bus->label);
-                if (!c->label)
-                        return -ENOMEM;
-
-                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
-        }
-
-        r = bus_creds_add_more(c, mask, pid, 0);
-        if (r < 0)
-                return r;
-
-        *ret = c;
-        c = NULL;
-        return 0;
-}
-
-_public_ int sd_bus_get_owner_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **ret) {
-        assert_return(bus, -EINVAL);
-        assert_return((mask & ~SD_BUS_CREDS_AUGMENT) <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
-        assert_return(ret, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (bus->is_kernel)
-                return bus_get_owner_creds_kdbus(bus, mask, ret);
-        else
-                return bus_get_owner_creds_dbus1(bus, mask, ret);
-}
-
-static int add_name_change_match(sd_bus *bus,
-                                 uint64_t cookie,
-                                 const char *name,
-                                 const char *old_owner,
-                                 const char *new_owner) {
-
-        uint64_t name_id = KDBUS_MATCH_ID_ANY, old_owner_id = 0, new_owner_id = 0;
-        int is_name_id = -1, r;
-        struct kdbus_item *item;
-
-        assert(bus);
-
-        /* If we encounter a match that could match against
-         * NameOwnerChanged messages, then we need to create
-         * KDBUS_ITEM_NAME_{ADD,REMOVE,CHANGE} and
-         * KDBUS_ITEM_ID_{ADD,REMOVE} matches for it, possibly
-         * multiple if the match is underspecified.
-         *
-         * The NameOwnerChanged signals take three parameters with
-         * unique or well-known names, but only some forms actually
-         * exist:
-         *
-         * WELLKNOWN, "", UNIQUE       → KDBUS_ITEM_NAME_ADD
-         * WELLKNOWN, UNIQUE, ""       → KDBUS_ITEM_NAME_REMOVE
-         * WELLKNOWN, UNIQUE, UNIQUE   → KDBUS_ITEM_NAME_CHANGE
-         * UNIQUE, "", UNIQUE          → KDBUS_ITEM_ID_ADD
-         * UNIQUE, UNIQUE, ""          → KDBUS_ITEM_ID_REMOVE
-         *
-         * For the latter two the two unique names must be identical.
-         *
-         * */
-
-        if (name) {
-                is_name_id = bus_kernel_parse_unique_name(name, &name_id);
-                if (is_name_id < 0)
-                        return 0;
-        }
-
-        if (!isempty(old_owner)) {
-                r = bus_kernel_parse_unique_name(old_owner, &old_owner_id);
-                if (r < 0)
-                        return 0;
-                if (r == 0)
-                        return 0;
-                if (is_name_id > 0 && old_owner_id != name_id)
-                        return 0;
-        } else
-                old_owner_id = KDBUS_MATCH_ID_ANY;
-
-        if (!isempty(new_owner)) {
-                r = bus_kernel_parse_unique_name(new_owner, &new_owner_id);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 0;
-                if (is_name_id > 0 && new_owner_id != name_id)
-                        return 0;
-        } else
-                new_owner_id = KDBUS_MATCH_ID_ANY;
-
-        if (is_name_id <= 0) {
-                struct kdbus_cmd_match *m;
-                size_t sz, l;
-
-                /* If the name argument is missing or is a well-known
-                 * name, then add KDBUS_ITEM_NAME_{ADD,REMOVE,CHANGE}
-                 * matches for it */
-
-                l = name ? strlen(name) + 1 : 0;
-
-                sz = ALIGN8(offsetof(struct kdbus_cmd_match, items) +
-                            offsetof(struct kdbus_item, name_change) +
-                            offsetof(struct kdbus_notify_name_change, name) +
-                            l);
-
-                m = alloca0_align(sz, 8);
-                m->size = sz;
-                m->cookie = cookie;
-
-                item = m->items;
-                item->size =
-                        offsetof(struct kdbus_item, name_change) +
-                        offsetof(struct kdbus_notify_name_change, name) +
-                        l;
-
-                item->name_change.old_id.id = old_owner_id;
-                item->name_change.new_id.id = new_owner_id;
-
-                memcpy_safe(item->name_change.name, name, l);
-
-                /* If the old name is unset or empty, then
-                 * this can match against added names */
-                if (isempty(old_owner)) {
-                        item->type = KDBUS_ITEM_NAME_ADD;
-
-                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
-                        if (r < 0)
-                                return -errno;
-                }
-
-                /* If the new name is unset or empty, then
-                 * this can match against removed names */
-                if (isempty(new_owner)) {
-                        item->type = KDBUS_ITEM_NAME_REMOVE;
-
-                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
-                        if (r < 0)
-                                return -errno;
-                }
-
-                /* The CHANGE match we need in either case, because
-                 * what is reported as a name change by the kernel
-                 * might just be an owner change between starter and
-                 * normal clients. For userspace such a change should
-                 * be considered a removal/addition, hence let's
-                 * subscribe to this unconditionally. */
-                item->type = KDBUS_ITEM_NAME_CHANGE;
-                r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
-                if (r < 0)
-                        return -errno;
-        }
-
-        if (is_name_id != 0) {
-                struct kdbus_cmd_match *m;
-                uint64_t sz;
-
-                /* If the name argument is missing or is a unique
-                 * name, then add KDBUS_ITEM_ID_{ADD,REMOVE} matches
-                 * for it */
-
-                sz = ALIGN8(offsetof(struct kdbus_cmd_match, items) +
-                            offsetof(struct kdbus_item, id_change) +
-                            sizeof(struct kdbus_notify_id_change));
-
-                m = alloca0_align(sz, 8);
-                m->size = sz;
-                m->cookie = cookie;
-
-                item = m->items;
-                item->size =
-                        offsetof(struct kdbus_item, id_change) +
-                        sizeof(struct kdbus_notify_id_change);
-                item->id_change.id = name_id;
-
-                /* If the old name is unset or empty, then this can
-                 * match against added ids */
-                if (isempty(old_owner)) {
-                        item->type = KDBUS_ITEM_ID_ADD;
-                        if (!isempty(new_owner))
-                                item->id_change.id = new_owner_id;
-
-                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
-                        if (r < 0)
-                                return -errno;
-                }
-
-                /* If thew new name is unset or empty, then this can
-                 * match against removed ids */
-                if (isempty(new_owner)) {
-                        item->type = KDBUS_ITEM_ID_REMOVE;
-                        if (!isempty(old_owner))
-                                item->id_change.id = old_owner_id;
-
-                        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
-                        if (r < 0)
-                                return -errno;
-                }
-        }
-
-        return 0;
-}
-
-int bus_add_match_internal_kernel(
-                sd_bus *bus,
-                struct bus_match_component *components,
-                unsigned n_components,
-                uint64_t cookie) {
-
-        struct kdbus_cmd_match *m;
-        struct kdbus_item *item;
-        uint64_t *bloom;
-        size_t sz;
-        const char *sender = NULL;
-        size_t sender_length = 0;
-        uint64_t src_id = KDBUS_MATCH_ID_ANY, dst_id = KDBUS_MATCH_ID_ANY;
-        bool using_bloom = false;
-        unsigned i;
-        bool matches_name_change = true;
-        const char *name_change_arg[3] = {};
-        int r;
-
-        assert(bus);
-
-        /* Monitor streams don't support matches, make this a NOP */
-        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
-                return 0;
-
-        bloom = alloca0(bus->bloom_size);
-
-        sz = ALIGN8(offsetof(struct kdbus_cmd_match, items));
-
-        for (i = 0; i < n_components; i++) {
-                struct bus_match_component *c = &components[i];
-
-                switch (c->type) {
-
-                case BUS_MATCH_SENDER:
-                        if (!streq(c->value_str, "org.freedesktop.DBus"))
-                                matches_name_change = false;
-
-                        r = bus_kernel_parse_unique_name(c->value_str, &src_id);
-                        if (r < 0)
-                                return r;
-                        else if (r > 0)
-                                sz += ALIGN8(offsetof(struct kdbus_item, id) + sizeof(uint64_t));
-                        else  {
-                                sender = c->value_str;
-                                sender_length = strlen(sender);
-                                sz += ALIGN8(offsetof(struct kdbus_item, str) + sender_length + 1);
-                        }
-
-                        break;
-
-                case BUS_MATCH_MESSAGE_TYPE:
-                        if (c->value_u8 != SD_BUS_MESSAGE_SIGNAL)
-                                matches_name_change = false;
-
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "message-type", bus_message_type_to_string(c->value_u8));
-                        using_bloom = true;
-                        break;
-
-                case BUS_MATCH_INTERFACE:
-                        if (!streq(c->value_str, "org.freedesktop.DBus"))
-                                matches_name_change = false;
-
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "interface", c->value_str);
-                        using_bloom = true;
-                        break;
-
-                case BUS_MATCH_MEMBER:
-                        if (!streq(c->value_str, "NameOwnerChanged"))
-                                matches_name_change = false;
-
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "member", c->value_str);
-                        using_bloom = true;
-                        break;
-
-                case BUS_MATCH_PATH:
-                        if (!streq(c->value_str, "/org/freedesktop/DBus"))
-                                matches_name_change = false;
-
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "path", c->value_str);
-                        using_bloom = true;
-                        break;
-
-                case BUS_MATCH_PATH_NAMESPACE:
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "path-slash-prefix", c->value_str);
-                        using_bloom = true;
-                        break;
-
-                case BUS_MATCH_ARG...BUS_MATCH_ARG_LAST: {
-                        char buf[sizeof("arg")-1 + 2 + 1];
-
-                        if (c->type - BUS_MATCH_ARG < 3)
-                                name_change_arg[c->type - BUS_MATCH_ARG] = c->value_str;
-
-                        xsprintf(buf, "arg%i", c->type - BUS_MATCH_ARG);
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, buf, c->value_str);
-                        using_bloom = true;
-                        break;
-                }
-
-                case BUS_MATCH_ARG_HAS...BUS_MATCH_ARG_HAS_LAST: {
-                        char buf[sizeof("arg")-1 + 2 + sizeof("-has")];
-
-                        xsprintf(buf, "arg%i-has", c->type - BUS_MATCH_ARG_HAS);
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, buf, c->value_str);
-                        using_bloom = true;
-                        break;
-                }
-
-                case BUS_MATCH_ARG_PATH...BUS_MATCH_ARG_PATH_LAST:
-                        /*
-                         * XXX: DBus spec defines arg[0..63]path= matching to be
-                         * a two-way glob. That is, if either string is a prefix
-                         * of the other, it matches.
-                         * This is really hard to realize in bloom-filters, as
-                         * we would have to create a bloom-match for each prefix
-                         * of @c->value_str. This is excessive, hence we just
-                         * ignore all those matches and accept everything from
-                         * the kernel. People should really avoid those matches.
-                         * If they're used in real-life some day, we will have
-                         * to properly support multiple-matches here.
-                         */
-                        break;
-
-                case BUS_MATCH_ARG_NAMESPACE...BUS_MATCH_ARG_NAMESPACE_LAST: {
-                        char buf[sizeof("arg")-1 + 2 + sizeof("-dot-prefix")];
-
-                        xsprintf(buf, "arg%i-dot-prefix", c->type - BUS_MATCH_ARG_NAMESPACE);
-                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, buf, c->value_str);
-                        using_bloom = true;
-                        break;
-                }
-
-                case BUS_MATCH_DESTINATION:
-                        /*
-                         * Kernel only supports matching on destination IDs, but
-                         * not on destination names. So just skip the
-                         * destination name restriction and verify it in
-                         * user-space on retrieval.
-                         */
-                        r = bus_kernel_parse_unique_name(c->value_str, &dst_id);
-                        if (r < 0)
-                                return r;
-                        else if (r > 0)
-                                sz += ALIGN8(offsetof(struct kdbus_item, id) + sizeof(uint64_t));
-
-                        /* if not a broadcast, it cannot be a name-change */
-                        if (r <= 0 || dst_id != KDBUS_DST_ID_BROADCAST)
-                                matches_name_change = false;
-
-                        break;
-
-                case BUS_MATCH_ROOT:
-                case BUS_MATCH_VALUE:
-                case BUS_MATCH_LEAF:
-                case _BUS_MATCH_NODE_TYPE_MAX:
-                case _BUS_MATCH_NODE_TYPE_INVALID:
-                        assert_not_reached("Invalid match type?");
-                }
-        }
-
-        if (using_bloom)
-                sz += ALIGN8(offsetof(struct kdbus_item, data64) + bus->bloom_size);
-
-        m = alloca0_align(sz, 8);
-        m->size = sz;
-        m->cookie = cookie;
-
-        item = m->items;
-
-        if (src_id != KDBUS_MATCH_ID_ANY) {
-                item->size = offsetof(struct kdbus_item, id) + sizeof(uint64_t);
-                item->type = KDBUS_ITEM_ID;
-                item->id = src_id;
-                item = KDBUS_ITEM_NEXT(item);
-        }
-
-        if (dst_id != KDBUS_MATCH_ID_ANY) {
-                item->size = offsetof(struct kdbus_item, id) + sizeof(uint64_t);
-                item->type = KDBUS_ITEM_DST_ID;
-                item->id = dst_id;
-                item = KDBUS_ITEM_NEXT(item);
-        }
-
-        if (using_bloom) {
-                item->size = offsetof(struct kdbus_item, data64) + bus->bloom_size;
-                item->type = KDBUS_ITEM_BLOOM_MASK;
-                memcpy(item->data64, bloom, bus->bloom_size);
-                item = KDBUS_ITEM_NEXT(item);
-        }
-
-        if (sender) {
-                item->size = offsetof(struct kdbus_item, str) + sender_length + 1;
-                item->type = KDBUS_ITEM_NAME;
-                memcpy(item->str, sender, sender_length + 1);
-        }
-
-        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_ADD, m);
-        if (r < 0)
-                return -errno;
-
-        if (matches_name_change) {
-
-                /* If this match could theoretically match
-                 * NameOwnerChanged messages, we need to
-                 * install a second non-bloom filter explitly
-                 * for it */
-
-                r = add_name_change_match(bus, cookie, name_change_arg[0], name_change_arg[1], name_change_arg[2]);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-#define internal_match(bus, m)                                          \
-        ((bus)->hello_flags & KDBUS_HELLO_MONITOR                       \
-         ? (isempty(m) ? "eavesdrop='true'" : strjoina((m), ",eavesdrop='true'")) \
-         : (m))
-
-static int bus_add_match_internal_dbus1(
-                sd_bus *bus,
-                const char *match) {
-
-        const char *e;
-
-        assert(bus);
-        assert(match);
-
-        e = internal_match(bus, match);
-
-        return sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.DBus",
-                        "/org/freedesktop/DBus",
-                        "org.freedesktop.DBus",
-                        "AddMatch",
-                        NULL,
-                        NULL,
-                        "s",
-                        e);
-}
-
-int bus_add_match_internal(
-                sd_bus *bus,
-                const char *match,
-                struct bus_match_component *components,
-                unsigned n_components,
-                uint64_t cookie) {
-
-        assert(bus);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        if (bus->is_kernel)
-                return bus_add_match_internal_kernel(bus, components, n_components, cookie);
-        else
-                return bus_add_match_internal_dbus1(bus, match);
-}
-
-int bus_remove_match_internal_kernel(
-                sd_bus *bus,
-                uint64_t cookie) {
-
-        struct kdbus_cmd_match m = {
-                .size = offsetof(struct kdbus_cmd_match, items),
-                .cookie = cookie,
-        };
-        int r;
-
-        assert(bus);
-
-        /* Monitor streams don't support matches, make this a NOP */
-        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
-                return 0;
-
-        r = ioctl(bus->input_fd, KDBUS_CMD_MATCH_REMOVE, &m);
-        if (r < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int bus_remove_match_internal_dbus1(
-                sd_bus *bus,
-                const char *match) {
-
-        const char *e;
-
-        assert(bus);
-        assert(match);
-
-        e = internal_match(bus, match);
-
-        return sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.DBus",
-                        "/org/freedesktop/DBus",
-                        "org.freedesktop.DBus",
-                        "RemoveMatch",
-                        NULL,
-                        NULL,
-                        "s",
-                        e);
-}
-
-int bus_remove_match_internal(
-                sd_bus *bus,
-                const char *match,
-                uint64_t cookie) {
-
-        assert(bus);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        if (bus->is_kernel)
-                return bus_remove_match_internal_kernel(bus, cookie);
-        else
-                return bus_remove_match_internal_dbus1(bus, match);
-}
-
-_public_ int sd_bus_get_name_machine_id(sd_bus *bus, const char *name, sd_id128_t *machine) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
-        const char *mid;
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(name, -EINVAL);
-        assert_return(machine, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-        assert_return(service_name_is_valid(name), -EINVAL);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (streq_ptr(name, bus->unique_name))
-                return sd_id128_get_machine(machine);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        name,
-                        "/",
-                        "org.freedesktop.DBus.Peer",
-                        "GetMachineId");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_set_auto_start(m, false);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call(bus, m, 0, NULL, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(reply, "s", &mid);
-        if (r < 0)
-                return r;
-
-        return sd_id128_from_string(mid, machine);
-}
diff --git a/src/libsystemd/sd-bus/bus-control.h b/src/libsystemd/sd-bus/bus-control.h
deleted file mode 100644
index c181aa7959..0000000000
--- a/src/libsystemd/sd-bus/bus-control.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "bus-match.h"
-
-int bus_add_match_internal(sd_bus *bus, const char *match, struct bus_match_component *components, unsigned n_components, uint64_t cookie);
-int bus_remove_match_internal(sd_bus *bus, const char *match, uint64_t cookie);
-
-int bus_add_match_internal_kernel(sd_bus *bus, struct bus_match_component *components, unsigned n_components, uint64_t cookie);
-int bus_remove_match_internal_kernel(sd_bus *bus, uint64_t cookie);
-
-int bus_get_name_creds_kdbus(sd_bus *bus, const char *name, uint64_t mask, bool allow_activator, sd_bus_creds **creds);
diff --git a/src/libsystemd/sd-bus/bus-creds.h b/src/libsystemd/sd-bus/bus-creds.h
deleted file mode 100644
index df8a1f1005..0000000000
--- a/src/libsystemd/sd-bus/bus-creds.h
+++ /dev/null
@@ -1,90 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-bus.h"
-
-struct sd_bus_creds {
-        bool allocated;
-        unsigned n_ref;
-
-        uint64_t mask;
-        uint64_t augmented;
-
-        uid_t uid;
-        uid_t euid;
-        uid_t suid;
-        uid_t fsuid;
-        gid_t gid;
-        gid_t egid;
-        gid_t sgid;
-        gid_t fsgid;
-
-        gid_t *supplementary_gids;
-        unsigned n_supplementary_gids;
-
-        pid_t ppid;
-        pid_t pid;
-        pid_t tid;
-
-        char *comm;
-        char *tid_comm;
-        char *exe;
-
-        char *cmdline;
-        size_t cmdline_size;
-        char **cmdline_array;
-
-        char *cgroup;
-        char *session;
-        char *unit;
-        char *user_unit;
-        char *slice;
-        char *user_slice;
-
-        char *tty;
-
-        uint32_t *capability;
-
-        uint32_t audit_session_id;
-        uid_t audit_login_uid;
-
-        char *label;
-
-        char *unique_name;
-
-        char **well_known_names;
-        bool well_known_names_driver:1;
-        bool well_known_names_local:1;
-
-        char *cgroup_root;
-
-        char *description, *unescaped_description;
-};
-
-sd_bus_creds* bus_creds_new(void);
-
-void bus_creds_done(sd_bus_creds *c);
-
-int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid);
-
-int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret);
diff --git a/src/libsystemd/sd-bus/bus-dump.h b/src/libsystemd/sd-bus/bus-dump.h
deleted file mode 100644
index 874e86d09c..0000000000
--- a/src/libsystemd/sd-bus/bus-dump.h
+++ /dev/null
@@ -1,37 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-#include <stdio.h>
-
-#include "sd-bus.h"
-
-enum {
-        BUS_MESSAGE_DUMP_WITH_HEADER = 1,
-        BUS_MESSAGE_DUMP_SUBTREE_ONLY = 2,
-};
-
-int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags);
-
-int bus_creds_dump(sd_bus_creds *c, FILE *f, bool terse);
-
-int bus_pcap_header(size_t snaplen, FILE *f);
-int bus_message_pcap_frame(sd_bus_message *m, size_t snaplen, FILE *f);
diff --git a/src/libsystemd/sd-bus/bus-error.c b/src/libsystemd/sd-bus/bus-error.c
deleted file mode 100644
index 26219bdeed..0000000000
--- a/src/libsystemd/sd-bus/bus-error.c
+++ /dev/null
@@ -1,608 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "errno-list.h"
-#include "string-util.h"
-#include "util.h"
-
-BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_standard_errors[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.Failed",                           EACCES),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoMemory",                         ENOMEM),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.ServiceUnknown",                   EHOSTUNREACH),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NameHasNoOwner",                   ENXIO),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoReply",                          ETIMEDOUT),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.IOError",                          EIO),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.BadAddress",                       EADDRNOTAVAIL),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NotSupported",                     EOPNOTSUPP),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.LimitsExceeded",                   ENOBUFS),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.AccessDenied",                     EACCES),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.AuthFailed",                       EACCES),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InteractiveAuthorizationRequired", EACCES),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoServer",                         EHOSTDOWN),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.Timeout",                          ETIMEDOUT),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.NoNetwork",                        ENONET),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.AddressInUse",                     EADDRINUSE),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.Disconnected",                     ECONNRESET),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InvalidArgs",                      EINVAL),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.FileNotFound",                     ENOENT),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.FileExists",                       EEXIST),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownMethod",                    EBADR),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownObject",                    EBADR),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownInterface",                 EBADR),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnknownProperty",                  EBADR),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.PropertyReadOnly",                 EROFS),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.UnixProcessIdUnknown",             ESRCH),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InvalidSignature",                 EINVAL),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InconsistentMessage",              EBADMSG),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.TimedOut",                         ETIMEDOUT),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.MatchRuleInvalid",                 EINVAL),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.InvalidFileContent",               EINVAL),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.MatchRuleNotFound",                ENOENT),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown",    ESRCH),
-        SD_BUS_ERROR_MAP("org.freedesktop.DBus.Error.ObjectPathInUse",                  EBUSY),
-        SD_BUS_ERROR_MAP_END
-};
-
-/* GCC maps this magically to the beginning and end of the BUS_ERROR_MAP section.
- * Hide them; for currently unknown reasons they get exported to the shared libries
- * even without being listed in the sym file. */
-extern const sd_bus_error_map __start_BUS_ERROR_MAP[] _hidden_;
-extern const sd_bus_error_map __stop_BUS_ERROR_MAP[] _hidden_;
-
-/* Additional maps registered with sd_bus_error_add_map() are in this
- * NULL terminated array */
-static const sd_bus_error_map **additional_error_maps = NULL;
-
-static int bus_error_name_to_errno(const char *name) {
-        const sd_bus_error_map **map, *m;
-        const char *p;
-        int r;
-
-        if (!name)
-                return EINVAL;
-
-        p = startswith(name, "System.Error.");
-        if (p) {
-                r = errno_from_name(p);
-                if (r < 0)
-                        return EIO;
-
-                return r;
-        }
-
-        if (additional_error_maps)
-                for (map = additional_error_maps; *map; map++)
-                        for (m = *map;; m++) {
-                                /* For additional error maps the end marker is actually the end marker */
-                                if (m->code == BUS_ERROR_MAP_END_MARKER)
-                                        break;
-
-                                if (streq(m->name, name))
-                                        return m->code;
-                        }
-
-        m = __start_BUS_ERROR_MAP;
-        while (m < __stop_BUS_ERROR_MAP) {
-                /* For magic ELF error maps, the end marker might
-                 * appear in the middle of things, since multiple maps
-                 * might appear in the same section. Hence, let's skip
-                 * over it, but realign the pointer to the next 8 byte
-                 * boundary, which is the selected alignment for the
-                 * arrays. */
-                if (m->code == BUS_ERROR_MAP_END_MARKER) {
-                        m = ALIGN8_PTR(m+1);
-                        continue;
-                }
-
-                if (streq(m->name, name))
-                        return m->code;
-
-                m++;
-        }
-
-        return EIO;
-}
-
-static sd_bus_error errno_to_bus_error_const(int error) {
-
-        if (error < 0)
-                error = -error;
-
-        switch (error) {
-
-        case ENOMEM:
-                return BUS_ERROR_OOM;
-
-        case EPERM:
-        case EACCES:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_ACCESS_DENIED, "Access denied");
-
-        case EINVAL:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid argument");
-
-        case ESRCH:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN, "No such process");
-
-        case ENOENT:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FILE_NOT_FOUND, "File not found");
-
-        case EEXIST:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FILE_EXISTS, "File exists");
-
-        case ETIMEDOUT:
-        case ETIME:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_TIMEOUT, "Timed out");
-
-        case EIO:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_IO_ERROR, "Input/output error");
-
-        case ENETRESET:
-        case ECONNABORTED:
-        case ECONNRESET:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_DISCONNECTED, "Disconnected");
-
-        case EOPNOTSUPP:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NOT_SUPPORTED, "Not supported");
-
-        case EADDRNOTAVAIL:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_BAD_ADDRESS, "Address not available");
-
-        case ENOBUFS:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_LIMITS_EXCEEDED, "Limits exceeded");
-
-        case EADDRINUSE:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_ADDRESS_IN_USE, "Address in use");
-
-        case EBADMSG:
-                return SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Inconsistent message");
-        }
-
-        return SD_BUS_ERROR_NULL;
-}
-
-static int errno_to_bus_error_name_new(int error, char **ret) {
-        const char *name;
-        char *n;
-
-        if (error < 0)
-                error = -error;
-
-        name = errno_to_name(error);
-        if (!name)
-                return 0;
-
-        n = strappend("System.Error.", name);
-        if (!n)
-                return -ENOMEM;
-
-        *ret = n;
-        return 1;
-}
-
-bool bus_error_is_dirty(sd_bus_error *e) {
-        if (!e)
-                return false;
-
-        return e->name || e->message || e->_need_free != 0;
-}
-
-_public_ void sd_bus_error_free(sd_bus_error *e) {
-        if (!e)
-                return;
-
-        if (e->_need_free > 0) {
-                free((void*) e->name);
-                free((void*) e->message);
-        }
-
-        e->name = e->message = NULL;
-        e->_need_free = 0;
-}
-
-_public_ int sd_bus_error_set(sd_bus_error *e, const char *name, const char *message) {
-
-        if (!name)
-                return 0;
-        if (!e)
-                goto finish;
-
-        assert_return(!bus_error_is_dirty(e), -EINVAL);
-
-        e->name = strdup(name);
-        if (!e->name) {
-                *e = BUS_ERROR_OOM;
-                return -ENOMEM;
-        }
-
-        if (message)
-                e->message = strdup(message);
-
-        e->_need_free = 1;
-
-finish:
-        return -bus_error_name_to_errno(name);
-}
-
-int bus_error_setfv(sd_bus_error *e, const char *name, const char *format, va_list ap) {
-
-        if (!name)
-                return 0;
-
-        if (e) {
-                assert_return(!bus_error_is_dirty(e), -EINVAL);
-
-                e->name = strdup(name);
-                if (!e->name) {
-                        *e = BUS_ERROR_OOM;
-                        return -ENOMEM;
-                }
-
-                /* If we hit OOM on formatting the pretty message, we ignore
-                 * this, since we at least managed to write the error name */
-                if (format)
-                        (void) vasprintf((char**) &e->message, format, ap);
-
-                e->_need_free = 1;
-        }
-
-        return -bus_error_name_to_errno(name);
-}
-
-_public_ int sd_bus_error_setf(sd_bus_error *e, const char *name, const char *format, ...) {
-
-        if (format) {
-                int r;
-                va_list ap;
-
-                va_start(ap, format);
-                r = bus_error_setfv(e, name, format, ap);
-                va_end(ap);
-
-                return r;
-        }
-
-        return sd_bus_error_set(e, name, NULL);
-}
-
-_public_ int sd_bus_error_copy(sd_bus_error *dest, const sd_bus_error *e) {
-
-        if (!sd_bus_error_is_set(e))
-                return 0;
-        if (!dest)
-                goto finish;
-
-        assert_return(!bus_error_is_dirty(dest), -EINVAL);
-
-        /*
-         * _need_free  < 0 indicates that the error is temporarily const, needs deep copying
-         * _need_free == 0 indicates that the error is perpetually const, needs no deep copying
-         * _need_free  > 0 indicates that the error is fully dynamic, needs deep copying
-         */
-
-        if (e->_need_free == 0)
-                *dest = *e;
-        else {
-                dest->name = strdup(e->name);
-                if (!dest->name) {
-                        *dest = BUS_ERROR_OOM;
-                        return -ENOMEM;
-                }
-
-                if (e->message)
-                        dest->message = strdup(e->message);
-
-                dest->_need_free = 1;
-        }
-
-finish:
-        return -bus_error_name_to_errno(e->name);
-}
-
-_public_ int sd_bus_error_set_const(sd_bus_error *e, const char *name, const char *message) {
-        if (!name)
-                return 0;
-        if (!e)
-                goto finish;
-
-        assert_return(!bus_error_is_dirty(e), -EINVAL);
-
-        *e = SD_BUS_ERROR_MAKE_CONST(name, message);
-
-finish:
-        return -bus_error_name_to_errno(name);
-}
-
-_public_ int sd_bus_error_is_set(const sd_bus_error *e) {
-        if (!e)
-                return 0;
-
-        return !!e->name;
-}
-
-_public_ int sd_bus_error_has_name(const sd_bus_error *e, const char *name) {
-        if (!e)
-                return 0;
-
-        return streq_ptr(e->name, name);
-}
-
-_public_ int sd_bus_error_get_errno(const sd_bus_error* e) {
-        if (!e)
-                return 0;
-
-        if (!e->name)
-                return 0;
-
-        return bus_error_name_to_errno(e->name);
-}
-
-static void bus_error_strerror(sd_bus_error *e, int error) {
-        size_t k = 64;
-        char *m;
-
-        assert(e);
-
-        for (;;) {
-                char *x;
-
-                m = new(char, k);
-                if (!m)
-                        return;
-
-                errno = 0;
-                x = strerror_r(error, m, k);
-                if (errno == ERANGE || strlen(x) >= k - 1) {
-                        free(m);
-                        k *= 2;
-                        continue;
-                }
-
-                if (errno) {
-                        free(m);
-                        return;
-                }
-
-                if (x == m) {
-                        if (e->_need_free > 0) {
-                                /* Error is already dynamic, let's just update the message */
-                                free((char*) e->message);
-                                e->message = x;
-
-                        } else {
-                                char *t;
-                                /* Error was const so far, let's make it dynamic, if we can */
-
-                                t = strdup(e->name);
-                                if (!t) {
-                                        free(m);
-                                        return;
-                                }
-
-                                e->_need_free = 1;
-                                e->name = t;
-                                e->message = x;
-                        }
-                } else {
-                        free(m);
-
-                        if (e->_need_free > 0) {
-                                char *t;
-
-                                /* Error is dynamic, let's hence make the message also dynamic */
-                                t = strdup(x);
-                                if (!t)
-                                        return;
-
-                                free((char*) e->message);
-                                e->message = t;
-                        } else {
-                                /* Error is const, hence we can just override */
-                                e->message = x;
-                        }
-                }
-
-                return;
-        }
-}
-
-_public_ int sd_bus_error_set_errno(sd_bus_error *e, int error) {
-
-        if (error < 0)
-                error = -error;
-
-        if (!e)
-                return -error;
-        if (error == 0)
-                return -error;
-
-        assert_return(!bus_error_is_dirty(e), -EINVAL);
-
-        /* First, try a const translation */
-        *e = errno_to_bus_error_const(error);
-
-        if (!sd_bus_error_is_set(e)) {
-                int k;
-
-                /* If that didn't work, try a dynamic one. */
-
-                k = errno_to_bus_error_name_new(error, (char**) &e->name);
-                if (k > 0)
-                        e->_need_free = 1;
-                else if (k < 0) {
-                        *e = BUS_ERROR_OOM;
-                        return -error;
-                } else
-                        *e = BUS_ERROR_FAILED;
-        }
-
-        /* Now, fill in the message from strerror() if we can */
-        bus_error_strerror(e, error);
-        return -error;
-}
-
-_public_ int sd_bus_error_set_errnofv(sd_bus_error *e, int error, const char *format, va_list ap) {
-        PROTECT_ERRNO;
-        int r;
-
-        if (error < 0)
-                error = -error;
-
-        if (!e)
-                return -error;
-        if (error == 0)
-                return 0;
-
-        assert_return(!bus_error_is_dirty(e), -EINVAL);
-
-        /* First, try a const translation */
-        *e = errno_to_bus_error_const(error);
-
-        if (!sd_bus_error_is_set(e)) {
-                int k;
-
-                /* If that didn't work, try a dynamic one */
-
-                k = errno_to_bus_error_name_new(error, (char**) &e->name);
-                if (k > 0)
-                        e->_need_free = 1;
-                else if (k < 0) {
-                        *e = BUS_ERROR_OOM;
-                        return -ENOMEM;
-                } else
-                        *e = BUS_ERROR_FAILED;
-        }
-
-        if (format) {
-                char *m;
-
-                /* Then, let's try to fill in the supplied message */
-
-                errno = error; /* Make sure that %m resolves to the specified error */
-                r = vasprintf(&m, format, ap);
-                if (r >= 0) {
-
-                        if (e->_need_free <= 0) {
-                                char *t;
-
-                                t = strdup(e->name);
-                                if (t) {
-                                        e->_need_free = 1;
-                                        e->name = t;
-                                        e->message = m;
-                                        return -error;
-                                }
-
-                                free(m);
-                        } else {
-                                free((char*) e->message);
-                                e->message = m;
-                                return -error;
-                        }
-                }
-        }
-
-        /* If that didn't work, use strerror() for the message */
-        bus_error_strerror(e, error);
-        return -error;
-}
-
-_public_ int sd_bus_error_set_errnof(sd_bus_error *e, int error, const char *format, ...) {
-        int r;
-
-        if (error < 0)
-                error = -error;
-
-        if (!e)
-                return -error;
-        if (error == 0)
-                return 0;
-
-        assert_return(!bus_error_is_dirty(e), -EINVAL);
-
-        if (format) {
-                va_list ap;
-
-                va_start(ap, format);
-                r = sd_bus_error_set_errnofv(e, error, format, ap);
-                va_end(ap);
-
-                return r;
-        }
-
-        return sd_bus_error_set_errno(e, error);
-}
-
-const char *bus_error_message(const sd_bus_error *e, int error) {
-
-        if (e) {
-                /* Sometimes, the D-Bus server is a little bit too verbose with
-                 * its error messages, so let's override them here */
-                if (sd_bus_error_has_name(e, SD_BUS_ERROR_ACCESS_DENIED))
-                        return "Access denied";
-
-                if (e->message)
-                        return e->message;
-        }
-
-        if (error < 0)
-                error = -error;
-
-        return strerror(error);
-}
-
-static bool map_ok(const sd_bus_error_map *map) {
-        for (; map->code != BUS_ERROR_MAP_END_MARKER; map++)
-                if (!map->name || map->code <=0)
-                        return false;
-        return true;
-}
-
-_public_ int sd_bus_error_add_map(const sd_bus_error_map *map) {
-        const sd_bus_error_map **maps = NULL;
-        unsigned n = 0;
-
-        assert_return(map, -EINVAL);
-        assert_return(map_ok(map), -EINVAL);
-
-        if (additional_error_maps)
-                for (; additional_error_maps[n] != NULL; n++)
-                        if (additional_error_maps[n] == map)
-                                return 0;
-
-        maps = realloc_multiply(additional_error_maps, sizeof(struct sd_bus_error_map*), n + 2);
-        if (!maps)
-                return -ENOMEM;
-
-        maps[n] = map;
-        maps[n+1] = NULL;
-
-        additional_error_maps = maps;
-        return 1;
-}
diff --git a/src/libsystemd/sd-bus/bus-error.h b/src/libsystemd/sd-bus/bus-error.h
deleted file mode 100644
index e2c4cf4b3f..0000000000
--- a/src/libsystemd/sd-bus/bus-error.h
+++ /dev/null
@@ -1,64 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-bus.h"
-
-#include "macro.h"
-
-bool bus_error_is_dirty(sd_bus_error *e);
-
-const char *bus_error_message(const sd_bus_error *e, int error);
-
-int bus_error_setfv(sd_bus_error *e, const char *name, const char *format, va_list ap) _printf_(3,0);
-int bus_error_set_errnofv(sd_bus_error *e, int error, const char *format, va_list ap) _printf_(3,0);
-
-#define BUS_ERROR_OOM SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NO_MEMORY, "Out of memory")
-#define BUS_ERROR_FAILED SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FAILED, "Operation failed")
-
-/*
- * There are two ways to register error maps with the error translation
- * logic: by using BUS_ERROR_MAP_ELF_REGISTER, which however only
- * works when linked into the same ELF module, or via
- * sd_bus_error_add_map() which is the official, external API, that
- * works from any module.
- *
- * Note that BUS_ERROR_MAP_ELF_REGISTER has to be used as decorator in
- * the bus error table, and BUS_ERROR_MAP_ELF_USE has to be used at
- * least once per compilation unit (i.e. per library), to ensure that
- * the error map is really added to the final binary.
- */
-
-#define BUS_ERROR_MAP_ELF_REGISTER                                      \
-        __attribute__ ((__section__("BUS_ERROR_MAP")))                  \
-        __attribute__ ((__used__))                                      \
-        __attribute__ ((aligned(8)))
-
-#define BUS_ERROR_MAP_ELF_USE(errors)                                   \
-        extern const sd_bus_error_map errors[];                         \
-        __attribute__ ((used)) static const sd_bus_error_map * const CONCATENATE(errors ## _copy_, __COUNTER__) = errors;
-
-/* We use something exotic as end marker, to ensure people build the
- * maps using the macsd-ros. */
-#define BUS_ERROR_MAP_END_MARKER -'x'
-
-BUS_ERROR_MAP_ELF_USE(bus_standard_errors);
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
deleted file mode 100644
index 216d9f62bc..0000000000
--- a/src/libsystemd/sd-bus/bus-internal.h
+++ /dev/null
@@ -1,399 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <pthread.h>
-#include <sys/socket.h>
-
-#include "sd-bus.h"
-
-#include "bus-error.h"
-#include "bus-kernel.h"
-#include "bus-match.h"
-#include "hashmap.h"
-#include "kdbus.h"
-#include "list.h"
-#include "prioq.h"
-#include "refcnt.h"
-#include "socket-util.h"
-#include "util.h"
-
-struct reply_callback {
-        sd_bus_message_handler_t callback;
-        usec_t timeout;
-        uint64_t cookie;
-        unsigned prioq_idx;
-};
-
-struct filter_callback {
-        sd_bus_message_handler_t callback;
-
-        unsigned last_iteration;
-
-        LIST_FIELDS(struct filter_callback, callbacks);
-};
-
-struct match_callback {
-        sd_bus_message_handler_t callback;
-
-        uint64_t cookie;
-        unsigned last_iteration;
-
-        char *match_string;
-
-        struct bus_match_node *match_node;
-};
-
-struct node {
-        char *path;
-        struct node *parent;
-        LIST_HEAD(struct node, child);
-        LIST_FIELDS(struct node, siblings);
-
-        LIST_HEAD(struct node_callback, callbacks);
-        LIST_HEAD(struct node_vtable, vtables);
-        LIST_HEAD(struct node_enumerator, enumerators);
-        LIST_HEAD(struct node_object_manager, object_managers);
-};
-
-struct node_callback {
-        struct node *node;
-
-        bool is_fallback;
-        sd_bus_message_handler_t callback;
-
-        unsigned last_iteration;
-
-        LIST_FIELDS(struct node_callback, callbacks);
-};
-
-struct node_enumerator {
-        struct node *node;
-
-        sd_bus_node_enumerator_t callback;
-
-        unsigned last_iteration;
-
-        LIST_FIELDS(struct node_enumerator, enumerators);
-};
-
-struct node_object_manager {
-        struct node *node;
-
-        LIST_FIELDS(struct node_object_manager, object_managers);
-};
-
-struct node_vtable {
-        struct node *node;
-
-        char *interface;
-        bool is_fallback;
-        const sd_bus_vtable *vtable;
-        sd_bus_object_find_t find;
-
-        unsigned last_iteration;
-
-        LIST_FIELDS(struct node_vtable, vtables);
-};
-
-struct vtable_member {
-        const char *path;
-        const char *interface;
-        const char *member;
-        struct node_vtable *parent;
-        unsigned last_iteration;
-        const sd_bus_vtable *vtable;
-};
-
-typedef enum BusSlotType {
-        BUS_REPLY_CALLBACK,
-        BUS_FILTER_CALLBACK,
-        BUS_MATCH_CALLBACK,
-        BUS_NODE_CALLBACK,
-        BUS_NODE_ENUMERATOR,
-        BUS_NODE_VTABLE,
-        BUS_NODE_OBJECT_MANAGER,
-        _BUS_SLOT_INVALID = -1,
-} BusSlotType;
-
-struct sd_bus_slot {
-        unsigned n_ref;
-        sd_bus *bus;
-        void *userdata;
-        BusSlotType type:5;
-        bool floating:1;
-        bool match_added:1;
-        char *description;
-
-        LIST_FIELDS(sd_bus_slot, slots);
-
-        union {
-                struct reply_callback reply_callback;
-                struct filter_callback filter_callback;
-                struct match_callback match_callback;
-                struct node_callback node_callback;
-                struct node_enumerator node_enumerator;
-                struct node_object_manager node_object_manager;
-                struct node_vtable node_vtable;
-        };
-};
-
-enum bus_state {
-        BUS_UNSET,
-        BUS_OPENING,
-        BUS_AUTHENTICATING,
-        BUS_HELLO,
-        BUS_RUNNING,
-        BUS_CLOSING,
-        BUS_CLOSED
-};
-
-static inline bool BUS_IS_OPEN(enum bus_state state) {
-        return state > BUS_UNSET && state < BUS_CLOSING;
-}
-
-enum bus_auth {
-        _BUS_AUTH_INVALID,
-        BUS_AUTH_EXTERNAL,
-        BUS_AUTH_ANONYMOUS
-};
-
-struct sd_bus {
-        /* We use atomic ref counting here since sd_bus_message
-           objects retain references to their originating sd_bus but
-           we want to allow them to be processed in a different
-           thread. We won't provide full thread safety, but only the
-           bare minimum that makes it possible to use sd_bus and
-           sd_bus_message objects independently and on different
-           threads as long as each object is used only once at the
-           same time. */
-        RefCount n_ref;
-
-        enum bus_state state;
-        int input_fd, output_fd;
-        int message_version;
-        int message_endian;
-
-        bool is_kernel:1;
-        bool can_fds:1;
-        bool bus_client:1;
-        bool ucred_valid:1;
-        bool is_server:1;
-        bool anonymous_auth:1;
-        bool prefer_readv:1;
-        bool prefer_writev:1;
-        bool match_callbacks_modified:1;
-        bool filter_callbacks_modified:1;
-        bool nodes_modified:1;
-        bool trusted:1;
-        bool fake_creds_valid:1;
-        bool fake_pids_valid:1;
-        bool manual_peer_interface:1;
-        bool is_system:1;
-        bool is_user:1;
-        bool allow_interactive_authorization:1;
-
-        int use_memfd;
-
-        void *rbuffer;
-        size_t rbuffer_size;
-
-        sd_bus_message **rqueue;
-        unsigned rqueue_size;
-        size_t rqueue_allocated;
-
-        sd_bus_message **wqueue;
-        unsigned wqueue_size;
-        size_t windex;
-        size_t wqueue_allocated;
-
-        uint64_t cookie;
-
-        char *unique_name;
-        uint64_t unique_id;
-
-        struct bus_match_node match_callbacks;
-        Prioq *reply_callbacks_prioq;
-        OrderedHashmap *reply_callbacks;
-        LIST_HEAD(struct filter_callback, filter_callbacks);
-
-        Hashmap *nodes;
-        Hashmap *vtable_methods;
-        Hashmap *vtable_properties;
-
-        union sockaddr_union sockaddr;
-        socklen_t sockaddr_size;
-
-        char *kernel;
-        char *machine;
-        pid_t nspid;
-
-        sd_id128_t server_id;
-
-        char *address;
-        unsigned address_index;
-
-        int last_connect_error;
-
-        enum bus_auth auth;
-        size_t auth_rbegin;
-        struct iovec auth_iovec[3];
-        unsigned auth_index;
-        char *auth_buffer;
-        usec_t auth_timeout;
-
-        struct ucred ucred;
-        char *label;
-
-        uint64_t creds_mask;
-
-        int *fds;
-        unsigned n_fds;
-
-        char *exec_path;
-        char **exec_argv;
-
-        unsigned iteration_counter;
-
-        void *kdbus_buffer;
-
-        /* We do locking around the memfd cache, since we want to
-         * allow people to process a sd_bus_message in a different
-         * thread then it was generated on and free it there. Since
-         * adding something to the memfd cache might happen when a
-         * message is released, we hence need to protect this bit with
-         * a mutex. */
-        pthread_mutex_t memfd_cache_mutex;
-        struct memfd_cache memfd_cache[MEMFD_CACHE_MAX];
-        unsigned n_memfd_cache;
-
-        pid_t original_pid;
-
-        uint64_t hello_flags;
-        uint64_t attach_flags;
-
-        uint64_t match_cookie;
-
-        sd_event_source *input_io_event_source;
-        sd_event_source *output_io_event_source;
-        sd_event_source *time_event_source;
-        sd_event_source *quit_event_source;
-        sd_event *event;
-        int event_priority;
-
-        sd_bus_message *current_message;
-        sd_bus_slot *current_slot;
-        sd_bus_message_handler_t current_handler;
-        void *current_userdata;
-
-        sd_bus **default_bus_ptr;
-        pid_t tid;
-
-        struct kdbus_creds fake_creds;
-        struct kdbus_pids fake_pids;
-        char *fake_label;
-
-        char *cgroup_root;
-
-        char *description;
-
-        size_t bloom_size;
-        unsigned bloom_n_hash;
-
-        sd_bus_track *track_queue;
-
-        LIST_HEAD(sd_bus_slot, slots);
-};
-
-#define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
-
-#define BUS_WQUEUE_MAX 1024
-#define BUS_RQUEUE_MAX 64*1024
-
-#define BUS_MESSAGE_SIZE_MAX (64*1024*1024)
-#define BUS_AUTH_SIZE_MAX (64*1024)
-
-#define BUS_CONTAINER_DEPTH 128
-
-/* Defined by the specification as maximum size of an array in
- * bytes */
-#define BUS_ARRAY_MAX_SIZE 67108864
-
-#define BUS_FDS_MAX 1024
-
-#define BUS_EXEC_ARGV_MAX 256
-
-bool interface_name_is_valid(const char *p) _pure_;
-bool service_name_is_valid(const char *p) _pure_;
-char* service_name_startswith(const char *a, const char *b);
-bool member_name_is_valid(const char *p) _pure_;
-bool object_path_is_valid(const char *p) _pure_;
-char *object_path_startswith(const char *a, const char *b) _pure_;
-
-bool namespace_complex_pattern(const char *pattern, const char *value) _pure_;
-bool path_complex_pattern(const char *pattern, const char *value) _pure_;
-
-bool namespace_simple_pattern(const char *pattern, const char *value) _pure_;
-bool path_simple_pattern(const char *pattern, const char *value) _pure_;
-
-int bus_message_type_from_string(const char *s, uint8_t *u) _pure_;
-const char *bus_message_type_to_string(uint8_t u) _pure_;
-
-#define error_name_is_valid interface_name_is_valid
-
-int bus_ensure_running(sd_bus *bus);
-int bus_start_running(sd_bus *bus);
-int bus_next_address(sd_bus *bus);
-
-int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m);
-
-int bus_rqueue_make_room(sd_bus *bus);
-
-bool bus_pid_changed(sd_bus *bus);
-
-char *bus_address_escape(const char *v);
-
-#define OBJECT_PATH_FOREACH_PREFIX(prefix, path)                        \
-        for (char *_slash = ({ strcpy((prefix), (path)); streq((prefix), "/") ? NULL : strrchr((prefix), '/'); }) ; \
-             _slash && !(_slash[(_slash) == (prefix)] = 0);             \
-             _slash = streq((prefix), "/") ? NULL : strrchr((prefix), '/'))
-
-/* If we are invoking callbacks of a bus object, ensure unreffing the
- * bus from the callback doesn't destroy the object we are working
- * on */
-#define BUS_DONT_DESTROY(bus) \
-        _cleanup_(sd_bus_unrefp) _unused_ sd_bus *_dont_destroy_##bus = sd_bus_ref(bus)
-
-int bus_set_address_system(sd_bus *bus);
-int bus_set_address_user(sd_bus *bus);
-int bus_set_address_system_remote(sd_bus *b, const char *host);
-int bus_set_address_system_machine(sd_bus *b, const char *machine);
-
-int bus_remove_match_by_string(sd_bus *bus, const char *match, sd_bus_message_handler_t callback, void *userdata);
-
-int bus_get_root_path(sd_bus *bus);
-
-int bus_maybe_reply_error(sd_bus_message *m, int r, sd_bus_error *error);
-
-#define bus_assert_return(expr, r, error)                               \
-        do {                                                            \
-                if (!assert_log(expr, #expr))                           \
-                        return sd_bus_error_set_errno(error, r);        \
-        } while (false)
diff --git a/src/libsystemd/sd-bus/bus-introspect.h b/src/libsystemd/sd-bus/bus-introspect.h
deleted file mode 100644
index 8e2f3800ca..0000000000
--- a/src/libsystemd/sd-bus/bus-introspect.h
+++ /dev/null
@@ -1,40 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdio.h>
-
-#include "sd-bus.h"
-
-#include "set.h"
-
-struct introspect {
-        FILE *f;
-        char *introspection;
-        size_t size;
-        bool trusted;
-};
-
-int introspect_begin(struct introspect *i, bool trusted);
-int introspect_write_default_interfaces(struct introspect *i, bool object_manager);
-int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix);
-int introspect_write_interface(struct introspect *i, const sd_bus_vtable *v);
-int introspect_finish(struct introspect *i, sd_bus *bus, sd_bus_message *m, sd_bus_message **reply);
-void introspect_free(struct introspect *i);
diff --git a/src/libsystemd/sd-bus/bus-kernel.h b/src/libsystemd/sd-bus/bus-kernel.h
deleted file mode 100644
index 53ba3bdcf3..0000000000
--- a/src/libsystemd/sd-bus/bus-kernel.h
+++ /dev/null
@@ -1,93 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-bus.h"
-
-#define KDBUS_ITEM_NEXT(item) \
-        (typeof(item))(((uint8_t *)item) + ALIGN8((item)->size))
-
-#define KDBUS_ITEM_FOREACH(part, head, first)                           \
-        for (part = (head)->first;                                      \
-             ((uint8_t *)(part) < (uint8_t *)(head) + (head)->size) &&  \
-                ((uint8_t *) part >= (uint8_t *) head);                 \
-             part = KDBUS_ITEM_NEXT(part))
-#define KDBUS_FOREACH(iter, first, _size)                               \
-        for (iter = (first);                                            \
-             ((uint8_t *)(iter) < (uint8_t *)(first) + (_size)) &&      \
-               ((uint8_t *)(iter) >= (uint8_t *)(first));               \
-             iter = (void*)(((uint8_t *)iter) + ALIGN8((iter)->size)))
-
-#define KDBUS_ITEM_HEADER_SIZE offsetof(struct kdbus_item, data)
-#define KDBUS_ITEM_SIZE(s) ALIGN8((s) + KDBUS_ITEM_HEADER_SIZE)
-
-#define MEMFD_CACHE_MAX 32
-
-/* When we cache a memfd block for reuse, we will truncate blocks
- * longer than this in order not to keep too much data around. */
-#define MEMFD_CACHE_ITEM_SIZE_MAX (128*1024)
-
-/* This determines at which minimum size we prefer sending memfds over
- * sending vectors */
-#define MEMFD_MIN_SIZE (512*1024)
-
-/* The size of the per-connection memory pool that we set up and where
- * the kernel places our incoming messages */
-#define KDBUS_POOL_SIZE (16*1024*1024)
-
-struct memfd_cache {
-        int fd;
-        void *address;
-        size_t mapped;
-        size_t allocated;
-};
-
-int bus_kernel_connect(sd_bus *b);
-int bus_kernel_take_fd(sd_bus *b);
-
-int bus_kernel_write_message(sd_bus *bus, sd_bus_message *m, bool hint_sync_call);
-int bus_kernel_read_message(sd_bus *bus, bool hint_priority, int64_t priority);
-
-int bus_kernel_open_bus_fd(const char *bus, char **path);
-
-int bus_kernel_create_bus(const char *name, bool world, char **s);
-int bus_kernel_create_endpoint(const char *bus_name, const char *ep_name, char **path);
-
-int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *mapped, size_t *allocated);
-void bus_kernel_push_memfd(sd_bus *bus, int fd, void *address, size_t mapped, size_t allocated);
-
-void bus_kernel_flush_memfd(sd_bus *bus);
-
-int bus_kernel_parse_unique_name(const char *s, uint64_t *id);
-
-uint64_t request_name_flags_to_kdbus(uint64_t sd_bus_flags);
-uint64_t attach_flags_to_kdbus(uint64_t sd_bus_flags);
-
-int bus_kernel_try_close(sd_bus *bus);
-
-int bus_kernel_drop_one(int fd);
-
-int bus_kernel_realize_attach_flags(sd_bus *bus);
-
-int bus_kernel_get_bus_name(sd_bus *bus, char **name);
-
-int bus_kernel_cmd_free(sd_bus *bus, uint64_t offset);
diff --git a/src/libsystemd/sd-bus/bus-match.h b/src/libsystemd/sd-bus/bus-match.h
deleted file mode 100644
index 8cbbb63b11..0000000000
--- a/src/libsystemd/sd-bus/bus-match.h
+++ /dev/null
@@ -1,100 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "hashmap.h"
-
-enum bus_match_node_type {
-        BUS_MATCH_ROOT,
-        BUS_MATCH_VALUE,
-        BUS_MATCH_LEAF,
-
-        /* The following are all different kinds of compare nodes */
-        BUS_MATCH_SENDER,
-        BUS_MATCH_MESSAGE_TYPE,
-        BUS_MATCH_DESTINATION,
-        BUS_MATCH_INTERFACE,
-        BUS_MATCH_MEMBER,
-        BUS_MATCH_PATH,
-        BUS_MATCH_PATH_NAMESPACE,
-        BUS_MATCH_ARG,
-        BUS_MATCH_ARG_LAST = BUS_MATCH_ARG + 63,
-        BUS_MATCH_ARG_PATH,
-        BUS_MATCH_ARG_PATH_LAST = BUS_MATCH_ARG_PATH + 63,
-        BUS_MATCH_ARG_NAMESPACE,
-        BUS_MATCH_ARG_NAMESPACE_LAST = BUS_MATCH_ARG_NAMESPACE + 63,
-        BUS_MATCH_ARG_HAS,
-        BUS_MATCH_ARG_HAS_LAST = BUS_MATCH_ARG_HAS + 63,
-        _BUS_MATCH_NODE_TYPE_MAX,
-        _BUS_MATCH_NODE_TYPE_INVALID = -1
-};
-
-struct bus_match_node {
-        enum bus_match_node_type type;
-        struct bus_match_node *parent, *next, *prev, *child;
-
-        union {
-                struct {
-                        char *str;
-                        uint8_t u8;
-                } value;
-                struct {
-                        struct match_callback *callback;
-                } leaf;
-                struct {
-                        /* If this is set, then the child is NULL */
-                        Hashmap *children;
-                } compare;
-        };
-};
-
-struct bus_match_component {
-        enum bus_match_node_type type;
-        uint8_t value_u8;
-        char *value_str;
-};
-
-enum bus_match_scope {
-        BUS_MATCH_GENERIC,
-        BUS_MATCH_LOCAL,
-        BUS_MATCH_DRIVER,
-};
-
-int bus_match_run(sd_bus *bus, struct bus_match_node *root, sd_bus_message *m);
-
-int bus_match_add(struct bus_match_node *root, struct bus_match_component *components, unsigned n_components, struct match_callback *callback);
-int bus_match_remove(struct bus_match_node *root, struct match_callback *callback);
-
-int bus_match_find(struct bus_match_node *root, struct bus_match_component *components, unsigned n_components, sd_bus_message_handler_t callback, void *userdata, struct match_callback **ret);
-
-void bus_match_free(struct bus_match_node *node);
-
-void bus_match_dump(struct bus_match_node *node, unsigned level);
-
-const char* bus_match_node_type_to_string(enum bus_match_node_type t, char buf[], size_t l);
-enum bus_match_node_type bus_match_node_type_from_string(const char *k, size_t n);
-
-int bus_match_parse(const char *match, struct bus_match_component **_components, unsigned *_n_components);
-void bus_match_parse_free(struct bus_match_component *components, unsigned n_components);
-char *bus_match_to_string(struct bus_match_component *components, unsigned n_components);
-
-enum bus_match_scope bus_match_get_scope(const struct bus_match_component *components, unsigned n_components);
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
deleted file mode 100644
index b8958ec7bb..0000000000
--- a/src/libsystemd/sd-bus/bus-message.c
+++ /dev/null
@@ -1,5939 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/mman.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-gvariant.h"
-#include "bus-internal.h"
-#include "bus-message.h"
-#include "bus-signature.h"
-#include "bus-type.h"
-#include "bus-util.h"
-#include "fd-util.h"
-#include "io-util.h"
-#include "memfd-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "time-util.h"
-#include "utf8.h"
-#include "util.h"
-
-static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored);
-
-static void *adjust_pointer(const void *p, void *old_base, size_t sz, void *new_base) {
-
-        if (p == NULL)
-                return NULL;
-
-        if (old_base == new_base)
-                return (void*) p;
-
-        if ((uint8_t*) p < (uint8_t*) old_base)
-                return (void*) p;
-
-        if ((uint8_t*) p >= (uint8_t*) old_base + sz)
-                return (void*) p;
-
-        return (uint8_t*) new_base + ((uint8_t*) p - (uint8_t*) old_base);
-}
-
-static void message_free_part(sd_bus_message *m, struct bus_body_part *part) {
-        assert(m);
-        assert(part);
-
-        if (part->memfd >= 0) {
-                /* If we can reuse the memfd, try that. For that it
-                 * can't be sealed yet. */
-
-                if (!part->sealed) {
-                        assert(part->memfd_offset == 0);
-                        assert(part->data == part->mmap_begin);
-                        bus_kernel_push_memfd(m->bus, part->memfd, part->data, part->mapped, part->allocated);
-                } else {
-                        if (part->mapped > 0)
-                                assert_se(munmap(part->mmap_begin, part->mapped) == 0);
-
-                        safe_close(part->memfd);
-                }
-
-        } else if (part->munmap_this)
-                munmap(part->mmap_begin, part->mapped);
-        else if (part->free_this)
-                free(part->data);
-
-        if (part != &m->body)
-                free(part);
-}
-
-static void message_reset_parts(sd_bus_message *m) {
-        struct bus_body_part *part;
-
-        assert(m);
-
-        part = &m->body;
-        while (m->n_body_parts > 0) {
-                struct bus_body_part *next = part->next;
-                message_free_part(m, part);
-                part = next;
-                m->n_body_parts--;
-        }
-
-        m->body_end = NULL;
-
-        m->cached_rindex_part = NULL;
-        m->cached_rindex_part_begin = 0;
-}
-
-static void message_reset_containers(sd_bus_message *m) {
-        unsigned i;
-
-        assert(m);
-
-        for (i = 0; i < m->n_containers; i++) {
-                free(m->containers[i].signature);
-                free(m->containers[i].offsets);
-        }
-
-        m->containers = mfree(m->containers);
-
-        m->n_containers = m->containers_allocated = 0;
-        m->root_container.index = 0;
-}
-
-static void message_free(sd_bus_message *m) {
-        assert(m);
-
-        if (m->free_header)
-                free(m->header);
-
-        message_reset_parts(m);
-
-        if (m->release_kdbus)
-                bus_kernel_cmd_free(m->bus, (uint8_t *) m->kdbus - (uint8_t *) m->bus->kdbus_buffer);
-
-        if (m->free_kdbus)
-                free(m->kdbus);
-
-        sd_bus_unref(m->bus);
-
-        if (m->free_fds) {
-                close_many(m->fds, m->n_fds);
-                free(m->fds);
-        }
-
-        if (m->iovec != m->iovec_fixed)
-                free(m->iovec);
-
-        m->destination_ptr = mfree(m->destination_ptr);
-        message_reset_containers(m);
-        free(m->root_container.signature);
-        free(m->root_container.offsets);
-
-        free(m->root_container.peeked_signature);
-
-        bus_creds_done(&m->creds);
-        free(m);
-}
-
-static void *message_extend_fields(sd_bus_message *m, size_t align, size_t sz, bool add_offset) {
-        void *op, *np;
-        size_t old_size, new_size, start;
-
-        assert(m);
-
-        if (m->poisoned)
-                return NULL;
-
-        old_size = sizeof(struct bus_header) + m->fields_size;
-        start = ALIGN_TO(old_size, align);
-        new_size = start + sz;
-
-        if (new_size < start ||
-            new_size > (size_t) ((uint32_t) -1))
-                goto poison;
-
-        if (old_size == new_size)
-                return (uint8_t*) m->header + old_size;
-
-        if (m->free_header) {
-                np = realloc(m->header, ALIGN8(new_size));
-                if (!np)
-                        goto poison;
-        } else {
-                /* Initially, the header is allocated as part of of
-                 * the sd_bus_message itself, let's replace it by
-                 * dynamic data */
-
-                np = malloc(ALIGN8(new_size));
-                if (!np)
-                        goto poison;
-
-                memcpy(np, m->header, sizeof(struct bus_header));
-        }
-
-        /* Zero out padding */
-        if (start > old_size)
-                memzero((uint8_t*) np + old_size, start - old_size);
-
-        op = m->header;
-        m->header = np;
-        m->fields_size = new_size - sizeof(struct bus_header);
-
-        /* Adjust quick access pointers */
-        m->path = adjust_pointer(m->path, op, old_size, m->header);
-        m->interface = adjust_pointer(m->interface, op, old_size, m->header);
-        m->member = adjust_pointer(m->member, op, old_size, m->header);
-        m->destination = adjust_pointer(m->destination, op, old_size, m->header);
-        m->sender = adjust_pointer(m->sender, op, old_size, m->header);
-        m->error.name = adjust_pointer(m->error.name, op, old_size, m->header);
-
-        m->free_header = true;
-
-        if (add_offset) {
-                if (m->n_header_offsets >= ELEMENTSOF(m->header_offsets))
-                        goto poison;
-
-                m->header_offsets[m->n_header_offsets++] = new_size - sizeof(struct bus_header);
-        }
-
-        return (uint8_t*) np + start;
-
-poison:
-        m->poisoned = true;
-        return NULL;
-}
-
-static int message_append_field_string(
-                sd_bus_message *m,
-                uint64_t h,
-                char type,
-                const char *s,
-                const char **ret) {
-
-        size_t l;
-        uint8_t *p;
-
-        assert(m);
-
-        /* dbus1 only allows 8bit header field ids */
-        if (h > 0xFF)
-                return -EINVAL;
-
-        /* dbus1 doesn't allow strings over 32bit, let's enforce this
-         * globally, to not risk convertability */
-        l = strlen(s);
-        if (l > (size_t) (uint32_t) -1)
-                return -EINVAL;
-
-        /* Signature "(yv)" where the variant contains "s" */
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-
-                /* (field id 64bit, ((string + NUL) + NUL + signature string 's') */
-                p = message_extend_fields(m, 8, 8 + l + 1 + 1 + 1, true);
-                if (!p)
-                        return -ENOMEM;
-
-                *((uint64_t*) p) = h;
-                memcpy(p+8, s, l);
-                p[8+l] = 0;
-                p[8+l+1] = 0;
-                p[8+l+2] = type;
-
-                if (ret)
-                        *ret = (char*) p + 8;
-
-        } else {
-                /* (field id byte + (signature length + signature 's' + NUL) + (string length + string + NUL)) */
-                p = message_extend_fields(m, 8, 4 + 4 + l + 1, false);
-                if (!p)
-                        return -ENOMEM;
-
-                p[0] = (uint8_t) h;
-                p[1] = 1;
-                p[2] = type;
-                p[3] = 0;
-
-                ((uint32_t*) p)[1] = l;
-                memcpy(p + 8, s, l + 1);
-
-                if (ret)
-                        *ret = (char*) p + 8;
-        }
-
-        return 0;
-}
-
-static int message_append_field_signature(
-                sd_bus_message *m,
-                uint64_t h,
-                const char *s,
-                const char **ret) {
-
-        size_t l;
-        uint8_t *p;
-
-        assert(m);
-
-        /* dbus1 only allows 8bit header field ids */
-        if (h > 0xFF)
-                return -EINVAL;
-
-        /* dbus1 doesn't allow signatures over 8bit, let's enforce
-         * this globally, to not risk convertability */
-        l = strlen(s);
-        if (l > 255)
-                return -EINVAL;
-
-        /* Signature "(yv)" where the variant contains "g" */
-
-        if (BUS_MESSAGE_IS_GVARIANT(m))
-                /* For gvariant the serialization is the same as for normal strings */
-                return message_append_field_string(m, h, 'g', s, ret);
-        else {
-                /* (field id byte + (signature length + signature 'g' + NUL) + (string length + string + NUL)) */
-                p = message_extend_fields(m, 8, 4 + 1 + l + 1, false);
-                if (!p)
-                        return -ENOMEM;
-
-                p[0] = (uint8_t) h;
-                p[1] = 1;
-                p[2] = SD_BUS_TYPE_SIGNATURE;
-                p[3] = 0;
-                p[4] = l;
-                memcpy(p + 5, s, l + 1);
-
-                if (ret)
-                        *ret = (const char*) p + 5;
-        }
-
-        return 0;
-}
-
-static int message_append_field_uint32(sd_bus_message *m, uint64_t h, uint32_t x) {
-        uint8_t *p;
-
-        assert(m);
-
-        /* dbus1 only allows 8bit header field ids */
-        if (h > 0xFF)
-                return -EINVAL;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                /* (field id 64bit + ((value + NUL + signature string 'u') */
-
-                p = message_extend_fields(m, 8, 8 + 4 + 1 + 1, true);
-                if (!p)
-                        return -ENOMEM;
-
-                *((uint64_t*) p) = h;
-                *((uint32_t*) (p + 8)) = x;
-                p[12] = 0;
-                p[13] = 'u';
-        } else {
-                /* (field id byte + (signature length + signature 'u' + NUL) + value) */
-                p = message_extend_fields(m, 8, 4 + 4, false);
-                if (!p)
-                        return -ENOMEM;
-
-                p[0] = (uint8_t) h;
-                p[1] = 1;
-                p[2] = 'u';
-                p[3] = 0;
-
-                ((uint32_t*) p)[1] = x;
-        }
-
-        return 0;
-}
-
-static int message_append_field_uint64(sd_bus_message *m, uint64_t h, uint64_t x) {
-        uint8_t *p;
-
-        assert(m);
-
-        /* dbus1 only allows 8bit header field ids */
-        if (h > 0xFF)
-                return -EINVAL;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                /* (field id 64bit + ((value + NUL + signature string 't') */
-
-                p = message_extend_fields(m, 8, 8 + 8 + 1 + 1, true);
-                if (!p)
-                        return -ENOMEM;
-
-                *((uint64_t*) p) = h;
-                *((uint64_t*) (p + 8)) = x;
-                p[16] = 0;
-                p[17] = 't';
-        } else {
-                /* (field id byte + (signature length + signature 't' + NUL) + 4 byte padding + value) */
-                p = message_extend_fields(m, 8, 4 + 4 + 8, false);
-                if (!p)
-                        return -ENOMEM;
-
-                p[0] = (uint8_t) h;
-                p[1] = 1;
-                p[2] = 't';
-                p[3] = 0;
-                p[4] = 0;
-                p[5] = 0;
-                p[6] = 0;
-                p[7] = 0;
-
-                ((uint64_t*) p)[1] = x;
-        }
-
-        return 0;
-}
-
-static int message_append_reply_cookie(sd_bus_message *m, uint64_t cookie) {
-        assert(m);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m))
-                return message_append_field_uint64(m, BUS_MESSAGE_HEADER_REPLY_SERIAL, cookie);
-        else {
-                /* 64bit cookies are not supported on dbus1 */
-                if (cookie > 0xffffffffUL)
-                        return -EOPNOTSUPP;
-
-                return message_append_field_uint32(m, BUS_MESSAGE_HEADER_REPLY_SERIAL, (uint32_t) cookie);
-        }
-}
-
-int bus_message_from_header(
-                sd_bus *bus,
-                void *header,
-                size_t header_accessible,
-                void *footer,
-                size_t footer_accessible,
-                size_t message_size,
-                int *fds,
-                unsigned n_fds,
-                const char *label,
-                size_t extra,
-                sd_bus_message **ret) {
-
-        _cleanup_free_ sd_bus_message *m = NULL;
-        struct bus_header *h;
-        size_t a, label_sz;
-
-        assert(bus);
-        assert(header || header_accessible <= 0);
-        assert(footer || footer_accessible <= 0);
-        assert(fds || n_fds <= 0);
-        assert(ret);
-
-        if (header_accessible < sizeof(struct bus_header))
-                return -EBADMSG;
-
-        if (header_accessible > message_size)
-                return -EBADMSG;
-        if (footer_accessible > message_size)
-                return -EBADMSG;
-
-        h = header;
-        if (!IN_SET(h->version, 1, 2))
-                return -EBADMSG;
-
-        if (h->type == _SD_BUS_MESSAGE_TYPE_INVALID)
-                return -EBADMSG;
-
-        if (!IN_SET(h->endian, BUS_LITTLE_ENDIAN, BUS_BIG_ENDIAN))
-                return -EBADMSG;
-
-        /* Note that we are happy with unknown flags in the flags header! */
-
-        a = ALIGN(sizeof(sd_bus_message)) + ALIGN(extra);
-
-        if (label) {
-                label_sz = strlen(label);
-                a += label_sz + 1;
-        }
-
-        m = malloc0(a);
-        if (!m)
-                return -ENOMEM;
-
-        m->n_ref = 1;
-        m->sealed = true;
-        m->header = header;
-        m->header_accessible = header_accessible;
-        m->footer = footer;
-        m->footer_accessible = footer_accessible;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                size_t ws;
-
-                if (h->dbus2.cookie == 0)
-                        return -EBADMSG;
-
-                /* dbus2 derives the sizes from the message size and
-                the offset table at the end, since it is formatted as
-                gvariant "yyyyuta{tv}v". Since the message itself is a
-                structure with precisely to variable sized entries,
-                there's only one offset in the table, which marks the
-                end of the fields array. */
-
-                ws = bus_gvariant_determine_word_size(message_size, 0);
-                if (footer_accessible < ws)
-                        return -EBADMSG;
-
-                m->fields_size = bus_gvariant_read_word_le((uint8_t*) footer + footer_accessible - ws, ws);
-                if (ALIGN8(m->fields_size) > message_size - ws)
-                        return -EBADMSG;
-                if (m->fields_size < sizeof(struct bus_header))
-                        return -EBADMSG;
-
-                m->fields_size -= sizeof(struct bus_header);
-                m->body_size = message_size - (sizeof(struct bus_header) + ALIGN8(m->fields_size));
-        } else {
-                if (h->dbus1.serial == 0)
-                        return -EBADMSG;
-
-                /* dbus1 has the sizes in the header */
-                m->fields_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.fields_size);
-                m->body_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.body_size);
-
-                if (sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size != message_size)
-                        return -EBADMSG;
-        }
-
-        m->fds = fds;
-        m->n_fds = n_fds;
-
-        if (label) {
-                m->creds.label = (char*) m + ALIGN(sizeof(sd_bus_message)) + ALIGN(extra);
-                memcpy(m->creds.label, label, label_sz + 1);
-
-                m->creds.mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
-        }
-
-        m->bus = sd_bus_ref(bus);
-        *ret = m;
-        m = NULL;
-
-        return 0;
-}
-
-int bus_message_from_malloc(
-                sd_bus *bus,
-                void *buffer,
-                size_t length,
-                int *fds,
-                unsigned n_fds,
-                const char *label,
-                sd_bus_message **ret) {
-
-        sd_bus_message *m;
-        size_t sz;
-        int r;
-
-        r = bus_message_from_header(
-                        bus,
-                        buffer, length, /* in this case the initial bytes and the final bytes are the same */
-                        buffer, length,
-                        length,
-                        fds, n_fds,
-                        label,
-                        0, &m);
-        if (r < 0)
-                return r;
-
-        sz = length - sizeof(struct bus_header) - ALIGN8(m->fields_size);
-        if (sz > 0) {
-                m->n_body_parts = 1;
-                m->body.data = (uint8_t*) buffer + sizeof(struct bus_header) + ALIGN8(m->fields_size);
-                m->body.size = sz;
-                m->body.sealed = true;
-                m->body.memfd = -1;
-        }
-
-        m->n_iovec = 1;
-        m->iovec = m->iovec_fixed;
-        m->iovec[0].iov_base = buffer;
-        m->iovec[0].iov_len = length;
-
-        r = bus_message_parse_fields(m);
-        if (r < 0)
-                goto fail;
-
-        /* We take possession of the memory and fds now */
-        m->free_header = true;
-        m->free_fds = true;
-
-        *ret = m;
-        return 0;
-
-fail:
-        message_free(m);
-        return r;
-}
-
-static sd_bus_message *message_new(sd_bus *bus, uint8_t type) {
-        sd_bus_message *m;
-
-        assert(bus);
-
-        m = malloc0(ALIGN(sizeof(sd_bus_message)) + sizeof(struct bus_header));
-        if (!m)
-                return NULL;
-
-        m->n_ref = 1;
-        m->header = (struct bus_header*) ((uint8_t*) m + ALIGN(sizeof(struct sd_bus_message)));
-        m->header->endian = BUS_NATIVE_ENDIAN;
-        m->header->type = type;
-        m->header->version = bus->message_version;
-        m->allow_fds = bus->can_fds || (bus->state != BUS_HELLO && bus->state != BUS_RUNNING);
-        m->root_container.need_offsets = BUS_MESSAGE_IS_GVARIANT(m);
-        m->bus = sd_bus_ref(bus);
-
-        if (bus->allow_interactive_authorization)
-                m->header->flags |= BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION;
-
-        return m;
-}
-
-_public_ int sd_bus_message_new_signal(
-                sd_bus *bus,
-                sd_bus_message **m,
-                const char *path,
-                const char *interface,
-                const char *member) {
-
-        sd_bus_message *t;
-        int r;
-
-        assert_return(bus, -ENOTCONN);
-        assert_return(bus->state != BUS_UNSET, -ENOTCONN);
-        assert_return(object_path_is_valid(path), -EINVAL);
-        assert_return(interface_name_is_valid(interface), -EINVAL);
-        assert_return(member_name_is_valid(member), -EINVAL);
-        assert_return(m, -EINVAL);
-
-        t = message_new(bus, SD_BUS_MESSAGE_SIGNAL);
-        if (!t)
-                return -ENOMEM;
-
-        t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
-
-        r = message_append_field_string(t, BUS_MESSAGE_HEADER_PATH, SD_BUS_TYPE_OBJECT_PATH, path, &t->path);
-        if (r < 0)
-                goto fail;
-        r = message_append_field_string(t, BUS_MESSAGE_HEADER_INTERFACE, SD_BUS_TYPE_STRING, interface, &t->interface);
-        if (r < 0)
-                goto fail;
-        r = message_append_field_string(t, BUS_MESSAGE_HEADER_MEMBER, SD_BUS_TYPE_STRING, member, &t->member);
-        if (r < 0)
-                goto fail;
-
-        *m = t;
-        return 0;
-
-fail:
-        sd_bus_message_unref(t);
-        return r;
-}
-
-_public_ int sd_bus_message_new_method_call(
-                sd_bus *bus,
-                sd_bus_message **m,
-                const char *destination,
-                const char *path,
-                const char *interface,
-                const char *member) {
-
-        sd_bus_message *t;
-        int r;
-
-        assert_return(bus, -ENOTCONN);
-        assert_return(bus->state != BUS_UNSET, -ENOTCONN);
-        assert_return(!destination || service_name_is_valid(destination), -EINVAL);
-        assert_return(object_path_is_valid(path), -EINVAL);
-        assert_return(!interface || interface_name_is_valid(interface), -EINVAL);
-        assert_return(member_name_is_valid(member), -EINVAL);
-        assert_return(m, -EINVAL);
-
-        t = message_new(bus, SD_BUS_MESSAGE_METHOD_CALL);
-        if (!t)
-                return -ENOMEM;
-
-        r = message_append_field_string(t, BUS_MESSAGE_HEADER_PATH, SD_BUS_TYPE_OBJECT_PATH, path, &t->path);
-        if (r < 0)
-                goto fail;
-        r = message_append_field_string(t, BUS_MESSAGE_HEADER_MEMBER, SD_BUS_TYPE_STRING, member, &t->member);
-        if (r < 0)
-                goto fail;
-
-        if (interface) {
-                r = message_append_field_string(t, BUS_MESSAGE_HEADER_INTERFACE, SD_BUS_TYPE_STRING, interface, &t->interface);
-                if (r < 0)
-                        goto fail;
-        }
-
-        if (destination) {
-                r = message_append_field_string(t, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, destination, &t->destination);
-                if (r < 0)
-                        goto fail;
-        }
-
-        *m = t;
-        return 0;
-
-fail:
-        message_free(t);
-        return r;
-}
-
-static int message_new_reply(
-                sd_bus_message *call,
-                uint8_t type,
-                sd_bus_message **m) {
-
-        sd_bus_message *t;
-        int r;
-
-        assert_return(call, -EINVAL);
-        assert_return(call->sealed, -EPERM);
-        assert_return(call->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
-        assert_return(call->bus->state != BUS_UNSET, -ENOTCONN);
-        assert_return(m, -EINVAL);
-
-        t = message_new(call->bus, type);
-        if (!t)
-                return -ENOMEM;
-
-        t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
-        t->reply_cookie = BUS_MESSAGE_COOKIE(call);
-        if (t->reply_cookie == 0)
-                return -EOPNOTSUPP;
-
-        r = message_append_reply_cookie(t, t->reply_cookie);
-        if (r < 0)
-                goto fail;
-
-        if (call->sender) {
-                r = message_append_field_string(t, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, call->sender, &t->destination);
-                if (r < 0)
-                        goto fail;
-        }
-
-        t->dont_send = !!(call->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED);
-        t->enforced_reply_signature = call->enforced_reply_signature;
-
-        *m = t;
-        return 0;
-
-fail:
-        message_free(t);
-        return r;
-}
-
-_public_ int sd_bus_message_new_method_return(
-                sd_bus_message *call,
-                sd_bus_message **m) {
-
-        return message_new_reply(call, SD_BUS_MESSAGE_METHOD_RETURN, m);
-}
-
-_public_ int sd_bus_message_new_method_error(
-                sd_bus_message *call,
-                sd_bus_message **m,
-                const sd_bus_error *e) {
-
-        sd_bus_message *t;
-        int r;
-
-        assert_return(sd_bus_error_is_set(e), -EINVAL);
-        assert_return(m, -EINVAL);
-
-        r = message_new_reply(call, SD_BUS_MESSAGE_METHOD_ERROR, &t);
-        if (r < 0)
-                return r;
-
-        r = message_append_field_string(t, BUS_MESSAGE_HEADER_ERROR_NAME, SD_BUS_TYPE_STRING, e->name, &t->error.name);
-        if (r < 0)
-                goto fail;
-
-        if (e->message) {
-                r = message_append_basic(t, SD_BUS_TYPE_STRING, e->message, (const void**) &t->error.message);
-                if (r < 0)
-                        goto fail;
-        }
-
-        t->error._need_free = -1;
-
-        *m = t;
-        return 0;
-
-fail:
-        message_free(t);
-        return r;
-}
-
-_public_ int sd_bus_message_new_method_errorf(
-                sd_bus_message *call,
-                sd_bus_message **m,
-                const char *name,
-                const char *format,
-                ...) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        va_list ap;
-
-        assert_return(name, -EINVAL);
-        assert_return(m, -EINVAL);
-
-        va_start(ap, format);
-        bus_error_setfv(&error, name, format, ap);
-        va_end(ap);
-
-        return sd_bus_message_new_method_error(call, m, &error);
-}
-
-_public_ int sd_bus_message_new_method_errno(
-                sd_bus_message *call,
-                sd_bus_message **m,
-                int error,
-                const sd_bus_error *p) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error berror = SD_BUS_ERROR_NULL;
-
-        if (sd_bus_error_is_set(p))
-                return sd_bus_message_new_method_error(call, m, p);
-
-        sd_bus_error_set_errno(&berror, error);
-
-        return sd_bus_message_new_method_error(call, m, &berror);
-}
-
-_public_ int sd_bus_message_new_method_errnof(
-                sd_bus_message *call,
-                sd_bus_message **m,
-                int error,
-                const char *format,
-                ...) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error berror = SD_BUS_ERROR_NULL;
-        va_list ap;
-
-        va_start(ap, format);
-        sd_bus_error_set_errnofv(&berror, error, format, ap);
-        va_end(ap);
-
-        return sd_bus_message_new_method_error(call, m, &berror);
-}
-
-void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m) {
-        assert(bus);
-        assert(m);
-
-        m->sender = m->creds.unique_name = (char*) "org.freedesktop.DBus.Local";
-        m->creds.well_known_names_local = true;
-        m->creds.mask |= (SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_WELL_KNOWN_NAMES) & bus->creds_mask;
-}
-
-void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m) {
-        assert(bus);
-        assert(m);
-
-        m->sender = m->creds.unique_name = (char*) "org.freedesktop.DBus";
-        m->creds.well_known_names_driver = true;
-        m->creds.mask |= (SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_WELL_KNOWN_NAMES) & bus->creds_mask;
-}
-
-int bus_message_new_synthetic_error(
-                sd_bus *bus,
-                uint64_t cookie,
-                const sd_bus_error *e,
-                sd_bus_message **m) {
-
-        sd_bus_message *t;
-        int r;
-
-        assert(bus);
-        assert(sd_bus_error_is_set(e));
-        assert(m);
-
-        t = message_new(bus, SD_BUS_MESSAGE_METHOD_ERROR);
-        if (!t)
-                return -ENOMEM;
-
-        t->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
-        t->reply_cookie = cookie;
-
-        r = message_append_reply_cookie(t, t->reply_cookie);
-        if (r < 0)
-                goto fail;
-
-        if (bus && bus->unique_name) {
-                r = message_append_field_string(t, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, bus->unique_name, &t->destination);
-                if (r < 0)
-                        goto fail;
-        }
-
-        r = message_append_field_string(t, BUS_MESSAGE_HEADER_ERROR_NAME, SD_BUS_TYPE_STRING, e->name, &t->error.name);
-        if (r < 0)
-                goto fail;
-
-        if (e->message) {
-                r = message_append_basic(t, SD_BUS_TYPE_STRING, e->message, (const void**) &t->error.message);
-                if (r < 0)
-                        goto fail;
-        }
-
-        t->error._need_free = -1;
-
-        bus_message_set_sender_driver(bus, t);
-
-        *m = t;
-        return 0;
-
-fail:
-        message_free(t);
-        return r;
-}
-
-_public_ sd_bus_message* sd_bus_message_ref(sd_bus_message *m) {
-
-        if (!m)
-                return NULL;
-
-        assert(m->n_ref > 0);
-        m->n_ref++;
-
-        return m;
-}
-
-_public_ sd_bus_message* sd_bus_message_unref(sd_bus_message *m) {
-
-        if (!m)
-                return NULL;
-
-        assert(m->n_ref > 0);
-        m->n_ref--;
-
-        if (m->n_ref > 0)
-                return NULL;
-
-        message_free(m);
-        return NULL;
-}
-
-_public_ int sd_bus_message_get_type(sd_bus_message *m, uint8_t *type) {
-        assert_return(m, -EINVAL);
-        assert_return(type, -EINVAL);
-
-        *type = m->header->type;
-        return 0;
-}
-
-_public_ int sd_bus_message_get_cookie(sd_bus_message *m, uint64_t *cookie) {
-        uint64_t c;
-
-        assert_return(m, -EINVAL);
-        assert_return(cookie, -EINVAL);
-
-        c = BUS_MESSAGE_COOKIE(m);
-        if (c == 0)
-                return -ENODATA;
-
-        *cookie = BUS_MESSAGE_COOKIE(m);
-        return 0;
-}
-
-_public_ int sd_bus_message_get_reply_cookie(sd_bus_message *m, uint64_t *cookie) {
-        assert_return(m, -EINVAL);
-        assert_return(cookie, -EINVAL);
-
-        if (m->reply_cookie == 0)
-                return -ENODATA;
-
-        *cookie = m->reply_cookie;
-        return 0;
-}
-
-_public_ int sd_bus_message_get_expect_reply(sd_bus_message *m) {
-        assert_return(m, -EINVAL);
-
-        return m->header->type == SD_BUS_MESSAGE_METHOD_CALL &&
-                !(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED);
-}
-
-_public_ int sd_bus_message_get_auto_start(sd_bus_message *m) {
-        assert_return(m, -EINVAL);
-
-        return !(m->header->flags & BUS_MESSAGE_NO_AUTO_START);
-}
-
-_public_ int sd_bus_message_get_allow_interactive_authorization(sd_bus_message *m) {
-        assert_return(m, -EINVAL);
-
-        return m->header->type == SD_BUS_MESSAGE_METHOD_CALL &&
-                (m->header->flags & BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION);
-}
-
-_public_ const char *sd_bus_message_get_path(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        return m->path;
-}
-
-_public_ const char *sd_bus_message_get_interface(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        return m->interface;
-}
-
-_public_ const char *sd_bus_message_get_member(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        return m->member;
-}
-
-_public_ const char *sd_bus_message_get_destination(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        return m->destination;
-}
-
-_public_ const char *sd_bus_message_get_sender(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        return m->sender;
-}
-
-_public_ const sd_bus_error *sd_bus_message_get_error(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        if (!sd_bus_error_is_set(&m->error))
-                return NULL;
-
-        return &m->error;
-}
-
-_public_ int sd_bus_message_get_monotonic_usec(sd_bus_message *m, uint64_t *usec) {
-        assert_return(m, -EINVAL);
-        assert_return(usec, -EINVAL);
-
-        if (m->monotonic <= 0)
-                return -ENODATA;
-
-        *usec = m->monotonic;
-        return 0;
-}
-
-_public_ int sd_bus_message_get_realtime_usec(sd_bus_message *m, uint64_t *usec) {
-        assert_return(m, -EINVAL);
-        assert_return(usec, -EINVAL);
-
-        if (m->realtime <= 0)
-                return -ENODATA;
-
-        *usec = m->realtime;
-        return 0;
-}
-
-_public_ int sd_bus_message_get_seqnum(sd_bus_message *m, uint64_t *seqnum) {
-        assert_return(m, -EINVAL);
-        assert_return(seqnum, -EINVAL);
-
-        if (m->seqnum <= 0)
-                return -ENODATA;
-
-        *seqnum = m->seqnum;
-        return 0;
-}
-
-_public_ sd_bus_creds *sd_bus_message_get_creds(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        if (m->creds.mask == 0)
-                return NULL;
-
-        return &m->creds;
-}
-
-_public_ int sd_bus_message_is_signal(
-                sd_bus_message *m,
-                const char *interface,
-                const char *member) {
-
-        assert_return(m, -EINVAL);
-
-        if (m->header->type != SD_BUS_MESSAGE_SIGNAL)
-                return 0;
-
-        if (interface && (!m->interface || !streq(m->interface, interface)))
-                return 0;
-
-        if (member &&  (!m->member || !streq(m->member, member)))
-                return 0;
-
-        return 1;
-}
-
-_public_ int sd_bus_message_is_method_call(
-                sd_bus_message *m,
-                const char *interface,
-                const char *member) {
-
-        assert_return(m, -EINVAL);
-
-        if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
-                return 0;
-
-        if (interface && (!m->interface || !streq(m->interface, interface)))
-                return 0;
-
-        if (member &&  (!m->member || !streq(m->member, member)))
-                return 0;
-
-        return 1;
-}
-
-_public_ int sd_bus_message_is_method_error(sd_bus_message *m, const char *name) {
-        assert_return(m, -EINVAL);
-
-        if (m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
-                return 0;
-
-        if (name && (!m->error.name || !streq(m->error.name, name)))
-                return 0;
-
-        return 1;
-}
-
-_public_ int sd_bus_message_set_expect_reply(sd_bus_message *m, int b) {
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EPERM);
-
-        SET_FLAG(m->header->flags, BUS_MESSAGE_NO_REPLY_EXPECTED, !b);
-
-        return 0;
-}
-
-_public_ int sd_bus_message_set_auto_start(sd_bus_message *m, int b) {
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        SET_FLAG(m->header->flags, BUS_MESSAGE_NO_AUTO_START, !b);
-
-        return 0;
-}
-
-_public_ int sd_bus_message_set_allow_interactive_authorization(sd_bus_message *m, int b) {
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        SET_FLAG(m->header->flags, BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION, b);
-
-        return 0;
-}
-
-static struct bus_container *message_get_container(sd_bus_message *m) {
-        assert(m);
-
-        if (m->n_containers == 0)
-                return &m->root_container;
-
-        assert(m->containers);
-        return m->containers + m->n_containers - 1;
-}
-
-struct bus_body_part *message_append_part(sd_bus_message *m) {
-        struct bus_body_part *part;
-
-        assert(m);
-
-        if (m->poisoned)
-                return NULL;
-
-        if (m->n_body_parts <= 0) {
-                part = &m->body;
-                zero(*part);
-        } else {
-                assert(m->body_end);
-
-                part = new0(struct bus_body_part, 1);
-                if (!part) {
-                        m->poisoned = true;
-                        return NULL;
-                }
-
-                m->body_end->next = part;
-        }
-
-        part->memfd = -1;
-        m->body_end = part;
-        m->n_body_parts++;
-
-        return part;
-}
-
-static void part_zero(struct bus_body_part *part, size_t sz) {
-        assert(part);
-        assert(sz > 0);
-        assert(sz < 8);
-
-        /* All other fields can be left in their defaults */
-        assert(!part->data);
-        assert(part->memfd < 0);
-
-        part->size = sz;
-        part->is_zero = true;
-        part->sealed = true;
-}
-
-static int part_make_space(
-                struct sd_bus_message *m,
-                struct bus_body_part *part,
-                size_t sz,
-                void **q) {
-
-        void *n;
-        int r;
-
-        assert(m);
-        assert(part);
-        assert(!part->sealed);
-
-        if (m->poisoned)
-                return -ENOMEM;
-
-        if (!part->data && part->memfd < 0) {
-                part->memfd = bus_kernel_pop_memfd(m->bus, &part->data, &part->mapped, &part->allocated);
-                part->mmap_begin = part->data;
-        }
-
-        if (part->memfd >= 0) {
-
-                if (part->allocated == 0 || sz > part->allocated) {
-                        uint64_t new_allocated;
-
-                        new_allocated = PAGE_ALIGN(sz > 0 ? 2 * sz : 1);
-                        r = memfd_set_size(part->memfd, new_allocated);
-                        if (r < 0) {
-                                m->poisoned = true;
-                                return r;
-                        }
-
-                        part->allocated = new_allocated;
-                }
-
-                if (!part->data || sz > part->mapped) {
-                        size_t psz;
-
-                        psz = PAGE_ALIGN(sz > 0 ? sz : 1);
-                        if (part->mapped <= 0)
-                                n = mmap(NULL, psz, PROT_READ|PROT_WRITE, MAP_SHARED, part->memfd, 0);
-                        else
-                                n = mremap(part->mmap_begin, part->mapped, psz, MREMAP_MAYMOVE);
-
-                        if (n == MAP_FAILED) {
-                                m->poisoned = true;
-                                return -errno;
-                        }
-
-                        part->mmap_begin = part->data = n;
-                        part->mapped = psz;
-                        part->memfd_offset = 0;
-                }
-
-                part->munmap_this = true;
-        } else {
-                if (part->allocated == 0 || sz > part->allocated) {
-                        size_t new_allocated;
-
-                        new_allocated = sz > 0 ? 2 * sz : 64;
-                        n = realloc(part->data, new_allocated);
-                        if (!n) {
-                                m->poisoned = true;
-                                return -ENOMEM;
-                        }
-
-                        part->data = n;
-                        part->allocated = new_allocated;
-                        part->free_this = true;
-                }
-        }
-
-        if (q)
-                *q = part->data ? (uint8_t*) part->data + part->size : NULL;
-
-        part->size = sz;
-        return 0;
-}
-
-static int message_add_offset(sd_bus_message *m, size_t offset) {
-        struct bus_container *c;
-
-        assert(m);
-        assert(BUS_MESSAGE_IS_GVARIANT(m));
-
-        /* Add offset to current container, unless this is the first
-         * item in it, which will have the 0 offset, which we can
-         * ignore. */
-        c = message_get_container(m);
-
-        if (!c->need_offsets)
-                return 0;
-
-        if (!GREEDY_REALLOC(c->offsets, c->offsets_allocated, c->n_offsets + 1))
-                return -ENOMEM;
-
-        c->offsets[c->n_offsets++] = offset;
-        return 0;
-}
-
-static void message_extend_containers(sd_bus_message *m, size_t expand) {
-        struct bus_container *c;
-
-        assert(m);
-
-        if (expand <= 0)
-                return;
-
-        /* Update counters */
-        for (c = m->containers; c < m->containers + m->n_containers; c++) {
-
-                if (c->array_size)
-                        *c->array_size += expand;
-        }
-}
-
-static void *message_extend_body(
-                sd_bus_message *m,
-                size_t align,
-                size_t sz,
-                bool add_offset,
-                bool force_inline) {
-
-        size_t start_body, end_body, padding, added;
-        void *p;
-        int r;
-
-        assert(m);
-        assert(align > 0);
-        assert(!m->sealed);
-
-        if (m->poisoned)
-                return NULL;
-
-        start_body = ALIGN_TO((size_t) m->body_size, align);
-        end_body = start_body + sz;
-
-        padding = start_body - m->body_size;
-        added = padding + sz;
-
-        /* Check for 32bit overflows */
-        if (end_body > (size_t) ((uint32_t) -1) ||
-            end_body < start_body) {
-                m->poisoned = true;
-                return NULL;
-        }
-
-        if (added > 0) {
-                struct bus_body_part *part = NULL;
-                bool add_new_part;
-
-                add_new_part =
-                        m->n_body_parts <= 0 ||
-                        m->body_end->sealed ||
-                        (padding != ALIGN_TO(m->body_end->size, align) - m->body_end->size) ||
-                        (force_inline && m->body_end->size > MEMFD_MIN_SIZE); /* if this must be an inlined extension, let's create a new part if the previous part is large enough to be inlined */
-
-                if (add_new_part) {
-                        if (padding > 0) {
-                                part = message_append_part(m);
-                                if (!part)
-                                        return NULL;
-
-                                part_zero(part, padding);
-                        }
-
-                        part = message_append_part(m);
-                        if (!part)
-                                return NULL;
-
-                        r = part_make_space(m, part, sz, &p);
-                        if (r < 0)
-                                return NULL;
-                } else {
-                        struct bus_container *c;
-                        void *op;
-                        size_t os, start_part, end_part;
-
-                        part = m->body_end;
-                        op = part->data;
-                        os = part->size;
-
-                        start_part = ALIGN_TO(part->size, align);
-                        end_part = start_part + sz;
-
-                        r = part_make_space(m, part, end_part, &p);
-                        if (r < 0)
-                                return NULL;
-
-                        if (padding > 0) {
-                                memzero(p, padding);
-                                p = (uint8_t*) p + padding;
-                        }
-
-                        /* Readjust pointers */
-                        for (c = m->containers; c < m->containers + m->n_containers; c++)
-                                c->array_size = adjust_pointer(c->array_size, op, os, part->data);
-
-                        m->error.message = (const char*) adjust_pointer(m->error.message, op, os, part->data);
-                }
-        } else
-                /* Return something that is not NULL and is aligned */
-                p = (uint8_t *) NULL + align;
-
-        m->body_size = end_body;
-        message_extend_containers(m, added);
-
-        if (add_offset) {
-                r = message_add_offset(m, end_body);
-                if (r < 0) {
-                        m->poisoned = true;
-                        return NULL;
-                }
-        }
-
-        return p;
-}
-
-static int message_push_fd(sd_bus_message *m, int fd) {
-        int *f, copy;
-
-        assert(m);
-
-        if (fd < 0)
-                return -EINVAL;
-
-        if (!m->allow_fds)
-                return -EOPNOTSUPP;
-
-        copy = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-        if (copy < 0)
-                return -errno;
-
-        f = realloc(m->fds, sizeof(int) * (m->n_fds + 1));
-        if (!f) {
-                m->poisoned = true;
-                safe_close(copy);
-                return -ENOMEM;
-        }
-
-        m->fds = f;
-        m->fds[m->n_fds] = copy;
-        m->free_fds = true;
-
-        return copy;
-}
-
-int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored) {
-        _cleanup_close_ int fd = -1;
-        struct bus_container *c;
-        ssize_t align, sz;
-        void *a;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(bus_type_is_basic(type), -EINVAL);
-        assert_return(!m->poisoned, -ESTALE);
-
-        c = message_get_container(m);
-
-        if (c->signature && c->signature[c->index]) {
-                /* Container signature is already set */
-
-                if (c->signature[c->index] != type)
-                        return -ENXIO;
-        } else {
-                char *e;
-
-                /* Maybe we can append to the signature? But only if this is the top-level container */
-                if (c->enclosing != 0)
-                        return -ENXIO;
-
-                e = strextend(&c->signature, CHAR_TO_STR(type), NULL);
-                if (!e) {
-                        m->poisoned = true;
-                        return -ENOMEM;
-                }
-        }
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                uint8_t u8;
-                uint32_t u32;
-
-                switch (type) {
-
-                case SD_BUS_TYPE_SIGNATURE:
-                case SD_BUS_TYPE_STRING:
-                        p = strempty(p);
-
-                        /* Fall through... */
-                case SD_BUS_TYPE_OBJECT_PATH:
-                        if (!p)
-                                return -EINVAL;
-
-                        align = 1;
-                        sz = strlen(p) + 1;
-                        break;
-
-                case SD_BUS_TYPE_BOOLEAN:
-
-                        u8 = p && *(int*) p;
-                        p = &u8;
-
-                        align = sz = 1;
-                        break;
-
-                case SD_BUS_TYPE_UNIX_FD:
-
-                        if (!p)
-                                return -EINVAL;
-
-                        fd = message_push_fd(m, *(int*) p);
-                        if (fd < 0)
-                                return fd;
-
-                        u32 = m->n_fds;
-                        p = &u32;
-
-                        align = sz = 4;
-                        break;
-
-                default:
-                        align = bus_gvariant_get_alignment(CHAR_TO_STR(type));
-                        sz = bus_gvariant_get_size(CHAR_TO_STR(type));
-                        break;
-                }
-
-                assert(align > 0);
-                assert(sz > 0);
-
-                a = message_extend_body(m, align, sz, true, false);
-                if (!a)
-                        return -ENOMEM;
-
-                memcpy(a, p, sz);
-
-                if (stored)
-                        *stored = (const uint8_t*) a;
-
-        } else {
-                uint32_t u32;
-
-                switch (type) {
-
-                case SD_BUS_TYPE_STRING:
-                        /* To make things easy we'll serialize a NULL string
-                         * into the empty string */
-                        p = strempty(p);
-
-                        /* Fall through... */
-                case SD_BUS_TYPE_OBJECT_PATH:
-
-                        if (!p)
-                                return -EINVAL;
-
-                        align = 4;
-                        sz = 4 + strlen(p) + 1;
-                        break;
-
-                case SD_BUS_TYPE_SIGNATURE:
-
-                        p = strempty(p);
-
-                        align = 1;
-                        sz = 1 + strlen(p) + 1;
-                        break;
-
-                case SD_BUS_TYPE_BOOLEAN:
-
-                        u32 = p && *(int*) p;
-                        p = &u32;
-
-                        align = sz = 4;
-                        break;
-
-                case SD_BUS_TYPE_UNIX_FD:
-
-                        if (!p)
-                                return -EINVAL;
-
-                        fd = message_push_fd(m, *(int*) p);
-                        if (fd < 0)
-                                return fd;
-
-                        u32 = m->n_fds;
-                        p = &u32;
-
-                        align = sz = 4;
-                        break;
-
-                default:
-                        align = bus_type_get_alignment(type);
-                        sz = bus_type_get_size(type);
-                        break;
-                }
-
-                assert(align > 0);
-                assert(sz > 0);
-
-                a = message_extend_body(m, align, sz, false, false);
-                if (!a)
-                        return -ENOMEM;
-
-                if (type == SD_BUS_TYPE_STRING || type == SD_BUS_TYPE_OBJECT_PATH) {
-                        *(uint32_t*) a = sz - 5;
-                        memcpy((uint8_t*) a + 4, p, sz - 4);
-
-                        if (stored)
-                                *stored = (const uint8_t*) a + 4;
-
-                } else if (type == SD_BUS_TYPE_SIGNATURE) {
-                        *(uint8_t*) a = sz - 2;
-                        memcpy((uint8_t*) a + 1, p, sz - 1);
-
-                        if (stored)
-                                *stored = (const uint8_t*) a + 1;
-                } else {
-                        memcpy(a, p, sz);
-
-                        if (stored)
-                                *stored = a;
-                }
-        }
-
-        if (type == SD_BUS_TYPE_UNIX_FD)
-                m->n_fds++;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index++;
-
-        fd = -1;
-        return 0;
-}
-
-_public_ int sd_bus_message_append_basic(sd_bus_message *m, char type, const void *p) {
-        return message_append_basic(m, type, p, NULL);
-}
-
-_public_ int sd_bus_message_append_string_space(
-                sd_bus_message *m,
-                size_t size,
-                char **s) {
-
-        struct bus_container *c;
-        void *a;
-
-        assert_return(m, -EINVAL);
-        assert_return(s, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(!m->poisoned, -ESTALE);
-
-        c = message_get_container(m);
-
-        if (c->signature && c->signature[c->index]) {
-                /* Container signature is already set */
-
-                if (c->signature[c->index] != SD_BUS_TYPE_STRING)
-                        return -ENXIO;
-        } else {
-                char *e;
-
-                /* Maybe we can append to the signature? But only if this is the top-level container */
-                if (c->enclosing != 0)
-                        return -ENXIO;
-
-                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRING), NULL);
-                if (!e) {
-                        m->poisoned = true;
-                        return -ENOMEM;
-                }
-        }
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                a = message_extend_body(m, 1, size + 1, true, false);
-                if (!a)
-                        return -ENOMEM;
-
-                *s = a;
-        } else {
-                a = message_extend_body(m, 4, 4 + size + 1, false, false);
-                if (!a)
-                        return -ENOMEM;
-
-                *(uint32_t*) a = size;
-                *s = (char*) a + 4;
-        }
-
-        (*s)[size] = 0;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index++;
-
-        return 0;
-}
-
-_public_ int sd_bus_message_append_string_iovec(
-                sd_bus_message *m,
-                const struct iovec *iov,
-                unsigned n) {
-
-        size_t size;
-        unsigned i;
-        char *p;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(iov || n == 0, -EINVAL);
-        assert_return(!m->poisoned, -ESTALE);
-
-        size = IOVEC_TOTAL_SIZE(iov, n);
-
-        r = sd_bus_message_append_string_space(m, size, &p);
-        if (r < 0)
-                return r;
-
-        for (i = 0; i < n; i++) {
-
-                if (iov[i].iov_base)
-                        memcpy(p, iov[i].iov_base, iov[i].iov_len);
-                else
-                        memset(p, ' ', iov[i].iov_len);
-
-                p += iov[i].iov_len;
-        }
-
-        return 0;
-}
-
-static int bus_message_open_array(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                uint32_t **array_size,
-                size_t *begin,
-                bool *need_offsets) {
-
-        unsigned nindex;
-        int alignment, r;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-        assert(array_size);
-        assert(begin);
-        assert(need_offsets);
-
-        if (!signature_is_single(contents, true))
-                return -EINVAL;
-
-        if (c->signature && c->signature[c->index]) {
-
-                /* Verify the existing signature */
-
-                if (c->signature[c->index] != SD_BUS_TYPE_ARRAY)
-                        return -ENXIO;
-
-                if (!startswith(c->signature + c->index + 1, contents))
-                        return -ENXIO;
-
-                nindex = c->index + 1 + strlen(contents);
-        } else {
-                char *e;
-
-                if (c->enclosing != 0)
-                        return -ENXIO;
-
-                /* Extend the existing signature */
-
-                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_ARRAY), contents, NULL);
-                if (!e) {
-                        m->poisoned = true;
-                        return -ENOMEM;
-                }
-
-                nindex = e - c->signature;
-        }
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                alignment = bus_gvariant_get_alignment(contents);
-                if (alignment < 0)
-                        return alignment;
-
-                /* Add alignment padding and add to offset list */
-                if (!message_extend_body(m, alignment, 0, false, false))
-                        return -ENOMEM;
-
-                r = bus_gvariant_is_fixed_size(contents);
-                if (r < 0)
-                        return r;
-
-                *begin = m->body_size;
-                *need_offsets = r == 0;
-        } else {
-                void *a, *op;
-                size_t os;
-                struct bus_body_part *o;
-
-                alignment = bus_type_get_alignment(contents[0]);
-                if (alignment < 0)
-                        return alignment;
-
-                a = message_extend_body(m, 4, 4, false, false);
-                if (!a)
-                        return -ENOMEM;
-
-                o = m->body_end;
-                op = m->body_end->data;
-                os = m->body_end->size;
-
-                /* Add alignment between size and first element */
-                if (!message_extend_body(m, alignment, 0, false, false))
-                        return -ENOMEM;
-
-                /* location of array size might have changed so let's readjust a */
-                if (o == m->body_end)
-                        a = adjust_pointer(a, op, os, m->body_end->data);
-
-                *(uint32_t*) a = 0;
-                *array_size = a;
-        }
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index = nindex;
-
-        return 0;
-}
-
-static int bus_message_open_variant(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents) {
-
-        assert(m);
-        assert(c);
-        assert(contents);
-
-        if (!signature_is_single(contents, false))
-                return -EINVAL;
-
-        if (*contents == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
-                return -EINVAL;
-
-        if (c->signature && c->signature[c->index]) {
-
-                if (c->signature[c->index] != SD_BUS_TYPE_VARIANT)
-                        return -ENXIO;
-
-        } else {
-                char *e;
-
-                if (c->enclosing != 0)
-                        return -ENXIO;
-
-                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_VARIANT), NULL);
-                if (!e) {
-                        m->poisoned = true;
-                        return -ENOMEM;
-                }
-        }
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                /* Variants are always aligned to 8 */
-
-                if (!message_extend_body(m, 8, 0, false, false))
-                        return -ENOMEM;
-
-        } else {
-                size_t l;
-                void *a;
-
-                l = strlen(contents);
-                a = message_extend_body(m, 1, 1 + l + 1, false, false);
-                if (!a)
-                        return -ENOMEM;
-
-                *(uint8_t*) a = l;
-                memcpy((uint8_t*) a + 1, contents, l + 1);
-        }
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index++;
-
-        return 0;
-}
-
-static int bus_message_open_struct(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                size_t *begin,
-                bool *need_offsets) {
-
-        size_t nindex;
-        int r;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-        assert(begin);
-        assert(need_offsets);
-
-        if (!signature_is_valid(contents, false))
-                return -EINVAL;
-
-        if (c->signature && c->signature[c->index]) {
-                size_t l;
-
-                l = strlen(contents);
-
-                if (c->signature[c->index] != SD_BUS_TYPE_STRUCT_BEGIN ||
-                    !startswith(c->signature + c->index + 1, contents) ||
-                    c->signature[c->index + 1 + l] != SD_BUS_TYPE_STRUCT_END)
-                        return -ENXIO;
-
-                nindex = c->index + 1 + l + 1;
-        } else {
-                char *e;
-
-                if (c->enclosing != 0)
-                        return -ENXIO;
-
-                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END), NULL);
-                if (!e) {
-                        m->poisoned = true;
-                        return -ENOMEM;
-                }
-
-                nindex = e - c->signature;
-        }
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                int alignment;
-
-                alignment = bus_gvariant_get_alignment(contents);
-                if (alignment < 0)
-                        return alignment;
-
-                if (!message_extend_body(m, alignment, 0, false, false))
-                        return -ENOMEM;
-
-                r = bus_gvariant_is_fixed_size(contents);
-                if (r < 0)
-                        return r;
-
-                *begin = m->body_size;
-                *need_offsets = r == 0;
-        } else {
-                /* Align contents to 8 byte boundary */
-                if (!message_extend_body(m, 8, 0, false, false))
-                        return -ENOMEM;
-        }
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index = nindex;
-
-        return 0;
-}
-
-static int bus_message_open_dict_entry(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                size_t *begin,
-                bool *need_offsets) {
-
-        int r;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-        assert(begin);
-        assert(need_offsets);
-
-        if (!signature_is_pair(contents))
-                return -EINVAL;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                return -ENXIO;
-
-        if (c->signature && c->signature[c->index]) {
-                size_t l;
-
-                l = strlen(contents);
-
-                if (c->signature[c->index] != SD_BUS_TYPE_DICT_ENTRY_BEGIN ||
-                    !startswith(c->signature + c->index + 1, contents) ||
-                    c->signature[c->index + 1 + l] != SD_BUS_TYPE_DICT_ENTRY_END)
-                        return -ENXIO;
-        } else
-                return -ENXIO;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                int alignment;
-
-                alignment = bus_gvariant_get_alignment(contents);
-                if (alignment < 0)
-                        return alignment;
-
-                if (!message_extend_body(m, alignment, 0, false, false))
-                        return -ENOMEM;
-
-                r = bus_gvariant_is_fixed_size(contents);
-                if (r < 0)
-                        return r;
-
-                *begin = m->body_size;
-                *need_offsets = r == 0;
-        } else {
-                /* Align contents to 8 byte boundary */
-                if (!message_extend_body(m, 8, 0, false, false))
-                        return -ENOMEM;
-        }
-
-        return 0;
-}
-
-_public_ int sd_bus_message_open_container(
-                sd_bus_message *m,
-                char type,
-                const char *contents) {
-
-        struct bus_container *c, *w;
-        uint32_t *array_size = NULL;
-        char *signature;
-        size_t before, begin = 0;
-        bool need_offsets = false;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(contents, -EINVAL);
-        assert_return(!m->poisoned, -ESTALE);
-
-        /* Make sure we have space for one more container */
-        if (!GREEDY_REALLOC(m->containers, m->containers_allocated, m->n_containers + 1)) {
-                m->poisoned = true;
-                return -ENOMEM;
-        }
-
-        c = message_get_container(m);
-
-        signature = strdup(contents);
-        if (!signature) {
-                m->poisoned = true;
-                return -ENOMEM;
-        }
-
-        /* Save old index in the parent container, in case we have to
-         * abort this container */
-        c->saved_index = c->index;
-        before = m->body_size;
-
-        if (type == SD_BUS_TYPE_ARRAY)
-                r = bus_message_open_array(m, c, contents, &array_size, &begin, &need_offsets);
-        else if (type == SD_BUS_TYPE_VARIANT)
-                r = bus_message_open_variant(m, c, contents);
-        else if (type == SD_BUS_TYPE_STRUCT)
-                r = bus_message_open_struct(m, c, contents, &begin, &need_offsets);
-        else if (type == SD_BUS_TYPE_DICT_ENTRY)
-                r = bus_message_open_dict_entry(m, c, contents, &begin, &need_offsets);
-        else
-                r = -EINVAL;
-
-        if (r < 0) {
-                free(signature);
-                return r;
-        }
-
-        /* OK, let's fill it in */
-        w = m->containers + m->n_containers++;
-        w->enclosing = type;
-        w->signature = signature;
-        w->index = 0;
-        w->array_size = array_size;
-        w->before = before;
-        w->begin = begin;
-        w->n_offsets = w->offsets_allocated = 0;
-        w->offsets = NULL;
-        w->need_offsets = need_offsets;
-
-        return 0;
-}
-
-static int bus_message_close_array(sd_bus_message *m, struct bus_container *c) {
-
-        assert(m);
-        assert(c);
-
-        if (!BUS_MESSAGE_IS_GVARIANT(m))
-                return 0;
-
-        if (c->need_offsets) {
-                size_t payload, sz, i;
-                uint8_t *a;
-
-                /* Variable-width arrays */
-
-                payload = c->n_offsets > 0 ? c->offsets[c->n_offsets-1] - c->begin : 0;
-                sz = bus_gvariant_determine_word_size(payload, c->n_offsets);
-
-                a = message_extend_body(m, 1, sz * c->n_offsets, true, false);
-                if (!a)
-                        return -ENOMEM;
-
-                for (i = 0; i < c->n_offsets; i++)
-                        bus_gvariant_write_word_le(a + sz*i, sz, c->offsets[i] - c->begin);
-        } else {
-                void *a;
-
-                /* Fixed-width or empty arrays */
-
-                a = message_extend_body(m, 1, 0, true, false); /* let's add offset to parent */
-                if (!a)
-                        return -ENOMEM;
-        }
-
-        return 0;
-}
-
-static int bus_message_close_variant(sd_bus_message *m, struct bus_container *c) {
-        uint8_t *a;
-        size_t l;
-
-        assert(m);
-        assert(c);
-        assert(c->signature);
-
-        if (!BUS_MESSAGE_IS_GVARIANT(m))
-                return 0;
-
-        l = strlen(c->signature);
-
-        a = message_extend_body(m, 1, 1 + l, true, false);
-        if (!a)
-                return -ENOMEM;
-
-        a[0] = 0;
-        memcpy(a+1, c->signature, l);
-
-        return 0;
-}
-
-static int bus_message_close_struct(sd_bus_message *m, struct bus_container *c, bool add_offset) {
-        bool fixed_size = true;
-        size_t n_variable = 0;
-        unsigned i = 0;
-        const char *p;
-        uint8_t *a;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        if (!BUS_MESSAGE_IS_GVARIANT(m))
-                return 0;
-
-        p = strempty(c->signature);
-        while (*p != 0) {
-                size_t n;
-
-                r = signature_element_length(p, &n);
-                if (r < 0)
-                        return r;
-                else {
-                        char t[n+1];
-
-                        memcpy(t, p, n);
-                        t[n] = 0;
-
-                        r = bus_gvariant_is_fixed_size(t);
-                        if (r < 0)
-                                return r;
-                }
-
-                assert(!c->need_offsets || i <= c->n_offsets);
-
-                /* We need to add an offset for each item that has a
-                 * variable size and that is not the last one in the
-                 * list */
-                if (r == 0)
-                        fixed_size = false;
-                if (r == 0 && p[n] != 0)
-                        n_variable++;
-
-                i++;
-                p += n;
-        }
-
-        assert(!c->need_offsets || i == c->n_offsets);
-        assert(c->need_offsets || n_variable == 0);
-
-        if (isempty(c->signature)) {
-                /* The unary type is encoded as fixed 1 byte padding */
-                a = message_extend_body(m, 1, 1, add_offset, false);
-                if (!a)
-                        return -ENOMEM;
-
-                *a = 0;
-        } else if (n_variable <= 0) {
-                int alignment = 1;
-
-                /* Structures with fixed-size members only have to be
-                 * fixed-size themselves. But gvariant requires all fixed-size
-                 * elements to be sized a multiple of their alignment. Hence,
-                 * we must *always* add final padding after the last member so
-                 * the overall size of the structure is properly aligned. */
-                if (fixed_size)
-                        alignment = bus_gvariant_get_alignment(strempty(c->signature));
-
-                assert(alignment > 0);
-
-                a = message_extend_body(m, alignment, 0, add_offset, false);
-                if (!a)
-                        return -ENOMEM;
-        } else {
-                size_t sz;
-                unsigned j;
-
-                assert(c->offsets[c->n_offsets-1] == m->body_size);
-
-                sz = bus_gvariant_determine_word_size(m->body_size - c->begin, n_variable);
-
-                a = message_extend_body(m, 1, sz * n_variable, add_offset, false);
-                if (!a)
-                        return -ENOMEM;
-
-                p = strempty(c->signature);
-                for (i = 0, j = 0; i < c->n_offsets; i++) {
-                        unsigned k;
-                        size_t n;
-
-                        r = signature_element_length(p, &n);
-                        if (r < 0)
-                                return r;
-                        else {
-                                char t[n+1];
-
-                                memcpy(t, p, n);
-                                t[n] = 0;
-
-                                p += n;
-
-                                r = bus_gvariant_is_fixed_size(t);
-                                if (r < 0)
-                                        return r;
-                                if (r > 0 || p[0] == 0)
-                                        continue;
-                        }
-
-                        k = n_variable - 1 - j;
-
-                        bus_gvariant_write_word_le(a + k * sz, sz, c->offsets[i] - c->begin);
-
-                        j++;
-                }
-        }
-
-        return 0;
-}
-
-_public_ int sd_bus_message_close_container(sd_bus_message *m) {
-        struct bus_container *c;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(m->n_containers > 0, -EINVAL);
-        assert_return(!m->poisoned, -ESTALE);
-
-        c = message_get_container(m);
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                if (c->signature && c->signature[c->index] != 0)
-                        return -EINVAL;
-
-        m->n_containers--;
-
-        if (c->enclosing == SD_BUS_TYPE_ARRAY)
-                r = bus_message_close_array(m, c);
-        else if (c->enclosing == SD_BUS_TYPE_VARIANT)
-                r = bus_message_close_variant(m, c);
-        else if (c->enclosing == SD_BUS_TYPE_STRUCT || c->enclosing == SD_BUS_TYPE_DICT_ENTRY)
-                r = bus_message_close_struct(m, c, true);
-        else
-                assert_not_reached("Unknown container type");
-
-        free(c->signature);
-        free(c->offsets);
-
-        return r;
-}
-
-typedef struct {
-        const char *types;
-        unsigned n_struct;
-        unsigned n_array;
-} TypeStack;
-
-static int type_stack_push(TypeStack *stack, unsigned max, unsigned *i, const char *types, unsigned n_struct, unsigned n_array) {
-        assert(stack);
-        assert(max > 0);
-
-        if (*i >= max)
-                return -EINVAL;
-
-        stack[*i].types = types;
-        stack[*i].n_struct = n_struct;
-        stack[*i].n_array = n_array;
-        (*i)++;
-
-        return 0;
-}
-
-static int type_stack_pop(TypeStack *stack, unsigned max, unsigned *i, const char **types, unsigned *n_struct, unsigned *n_array) {
-        assert(stack);
-        assert(max > 0);
-        assert(types);
-        assert(n_struct);
-        assert(n_array);
-
-        if (*i <= 0)
-                return 0;
-
-        (*i)--;
-        *types = stack[*i].types;
-        *n_struct = stack[*i].n_struct;
-        *n_array = stack[*i].n_array;
-
-        return 1;
-}
-
-int bus_message_append_ap(
-                sd_bus_message *m,
-                const char *types,
-                va_list ap) {
-
-        unsigned n_array, n_struct;
-        TypeStack stack[BUS_CONTAINER_DEPTH];
-        unsigned stack_ptr = 0;
-        int r;
-
-        assert(m);
-
-        if (!types)
-                return 0;
-
-        n_array = (unsigned) -1;
-        n_struct = strlen(types);
-
-        for (;;) {
-                const char *t;
-
-                if (n_array == 0 || (n_array == (unsigned) -1 && n_struct == 0)) {
-                        r = type_stack_pop(stack, ELEMENTSOF(stack), &stack_ptr, &types, &n_struct, &n_array);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                break;
-
-                        r = sd_bus_message_close_container(m);
-                        if (r < 0)
-                                return r;
-
-                        continue;
-                }
-
-                t = types;
-                if (n_array != (unsigned) -1)
-                        n_array--;
-                else {
-                        types++;
-                        n_struct--;
-                }
-
-                switch (*t) {
-
-                case SD_BUS_TYPE_BYTE: {
-                        uint8_t x;
-
-                        x = (uint8_t) va_arg(ap, int);
-                        r = sd_bus_message_append_basic(m, *t, &x);
-                        break;
-                }
-
-                case SD_BUS_TYPE_BOOLEAN:
-                case SD_BUS_TYPE_INT32:
-                case SD_BUS_TYPE_UINT32:
-                case SD_BUS_TYPE_UNIX_FD: {
-                        uint32_t x;
-
-                        /* We assume a boolean is the same as int32_t */
-                        assert_cc(sizeof(int32_t) == sizeof(int));
-
-                        x = va_arg(ap, uint32_t);
-                        r = sd_bus_message_append_basic(m, *t, &x);
-                        break;
-                }
-
-                case SD_BUS_TYPE_INT16:
-                case SD_BUS_TYPE_UINT16: {
-                        uint16_t x;
-
-                        x = (uint16_t) va_arg(ap, int);
-                        r = sd_bus_message_append_basic(m, *t, &x);
-                        break;
-                }
-
-                case SD_BUS_TYPE_INT64:
-                case SD_BUS_TYPE_UINT64: {
-                        uint64_t x;
-
-                        x = va_arg(ap, uint64_t);
-                        r = sd_bus_message_append_basic(m, *t, &x);
-                        break;
-                }
-
-                case SD_BUS_TYPE_DOUBLE: {
-                        double x;
-
-                        x = va_arg(ap, double);
-                        r = sd_bus_message_append_basic(m, *t, &x);
-                        break;
-                }
-
-                case SD_BUS_TYPE_STRING:
-                case SD_BUS_TYPE_OBJECT_PATH:
-                case SD_BUS_TYPE_SIGNATURE: {
-                        const char *x;
-
-                        x = va_arg(ap, const char*);
-                        r = sd_bus_message_append_basic(m, *t, x);
-                        break;
-                }
-
-                case SD_BUS_TYPE_ARRAY: {
-                        size_t k;
-
-                        r = signature_element_length(t + 1, &k);
-                        if (r < 0)
-                                return r;
-
-                        {
-                                char s[k + 1];
-                                memcpy(s, t + 1, k);
-                                s[k] = 0;
-
-                                r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, s);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        if (n_array == (unsigned) -1) {
-                                types += k;
-                                n_struct -= k;
-                        }
-
-                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
-                        if (r < 0)
-                                return r;
-
-                        types = t + 1;
-                        n_struct = k;
-                        n_array = va_arg(ap, unsigned);
-
-                        break;
-                }
-
-                case SD_BUS_TYPE_VARIANT: {
-                        const char *s;
-
-                        s = va_arg(ap, const char*);
-                        if (!s)
-                                return -EINVAL;
-
-                        r = sd_bus_message_open_container(m, SD_BUS_TYPE_VARIANT, s);
-                        if (r < 0)
-                                return r;
-
-                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
-                        if (r < 0)
-                                return r;
-
-                        types = s;
-                        n_struct = strlen(s);
-                        n_array = (unsigned) -1;
-
-                        break;
-                }
-
-                case SD_BUS_TYPE_STRUCT_BEGIN:
-                case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
-                        size_t k;
-
-                        r = signature_element_length(t, &k);
-                        if (r < 0)
-                                return r;
-
-                        {
-                                char s[k - 1];
-
-                                memcpy(s, t + 1, k - 2);
-                                s[k - 2] = 0;
-
-                                r = sd_bus_message_open_container(m, *t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        if (n_array == (unsigned) -1) {
-                                types += k - 1;
-                                n_struct -= k - 1;
-                        }
-
-                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
-                        if (r < 0)
-                                return r;
-
-                        types = t + 1;
-                        n_struct = k - 2;
-                        n_array = (unsigned) -1;
-
-                        break;
-                }
-
-                default:
-                        r = -EINVAL;
-                }
-
-                if (r < 0)
-                        return r;
-        }
-
-        return 1;
-}
-
-_public_ int sd_bus_message_append(sd_bus_message *m, const char *types, ...) {
-        va_list ap;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(types, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(!m->poisoned, -ESTALE);
-
-        va_start(ap, types);
-        r = bus_message_append_ap(m, types, ap);
-        va_end(ap);
-
-        return r;
-}
-
-_public_ int sd_bus_message_append_array_space(
-                sd_bus_message *m,
-                char type,
-                size_t size,
-                void **ptr) {
-
-        ssize_t align, sz;
-        void *a;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(bus_type_is_trivial(type) && type != SD_BUS_TYPE_BOOLEAN, -EINVAL);
-        assert_return(ptr || size == 0, -EINVAL);
-        assert_return(!m->poisoned, -ESTALE);
-
-        /* alignment and size of the trivial types (except bool) is
-         * identical for gvariant and dbus1 marshalling */
-        align = bus_type_get_alignment(type);
-        sz = bus_type_get_size(type);
-
-        assert_se(align > 0);
-        assert_se(sz > 0);
-
-        if (size % sz != 0)
-                return -EINVAL;
-
-        r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
-        if (r < 0)
-                return r;
-
-        a = message_extend_body(m, align, size, false, false);
-        if (!a)
-                return -ENOMEM;
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return r;
-
-        *ptr = a;
-        return 0;
-}
-
-_public_ int sd_bus_message_append_array(
-                sd_bus_message *m,
-                char type,
-                const void *ptr,
-                size_t size) {
-        int r;
-        void *p;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(bus_type_is_trivial(type), -EINVAL);
-        assert_return(ptr || size == 0, -EINVAL);
-        assert_return(!m->poisoned, -ESTALE);
-
-        r = sd_bus_message_append_array_space(m, type, size, &p);
-        if (r < 0)
-                return r;
-
-        memcpy_safe(p, ptr, size);
-
-        return 0;
-}
-
-_public_ int sd_bus_message_append_array_iovec(
-                sd_bus_message *m,
-                char type,
-                const struct iovec *iov,
-                unsigned n) {
-
-        size_t size;
-        unsigned i;
-        void *p;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(bus_type_is_trivial(type), -EINVAL);
-        assert_return(iov || n == 0, -EINVAL);
-        assert_return(!m->poisoned, -ESTALE);
-
-        size = IOVEC_TOTAL_SIZE(iov, n);
-
-        r = sd_bus_message_append_array_space(m, type, size, &p);
-        if (r < 0)
-                return r;
-
-        for (i = 0; i < n; i++) {
-
-                if (iov[i].iov_base)
-                        memcpy(p, iov[i].iov_base, iov[i].iov_len);
-                else
-                        memzero(p, iov[i].iov_len);
-
-                p = (uint8_t*) p + iov[i].iov_len;
-        }
-
-        return 0;
-}
-
-_public_ int sd_bus_message_append_array_memfd(
-                sd_bus_message *m,
-                char type,
-                int memfd,
-                uint64_t offset,
-                uint64_t size) {
-
-        _cleanup_close_ int copy_fd = -1;
-        struct bus_body_part *part;
-        ssize_t align, sz;
-        uint64_t real_size;
-        void *a;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(memfd >= 0, -EBADF);
-        assert_return(bus_type_is_trivial(type), -EINVAL);
-        assert_return(size > 0, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(!m->poisoned, -ESTALE);
-
-        r = memfd_set_sealed(memfd);
-        if (r < 0)
-                return r;
-
-        copy_fd = dup(memfd);
-        if (copy_fd < 0)
-                return copy_fd;
-
-        r = memfd_get_size(memfd, &real_size);
-        if (r < 0)
-                return r;
-
-        if (offset == 0 && size == (uint64_t) -1)
-                size = real_size;
-        else if (offset + size > real_size)
-                return -EMSGSIZE;
-
-        align = bus_type_get_alignment(type);
-        sz = bus_type_get_size(type);
-
-        assert_se(align > 0);
-        assert_se(sz > 0);
-
-        if (offset % align != 0)
-                return -EINVAL;
-
-        if (size % sz != 0)
-                return -EINVAL;
-
-        if (size > (uint64_t) (uint32_t) -1)
-                return -EINVAL;
-
-        r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
-        if (r < 0)
-                return r;
-
-        a = message_extend_body(m, align, 0, false, false);
-        if (!a)
-                return -ENOMEM;
-
-        part = message_append_part(m);
-        if (!part)
-                return -ENOMEM;
-
-        part->memfd = copy_fd;
-        part->memfd_offset = offset;
-        part->sealed = true;
-        part->size = size;
-        copy_fd = -1;
-
-        m->body_size += size;
-        message_extend_containers(m, size);
-
-        return sd_bus_message_close_container(m);
-}
-
-_public_ int sd_bus_message_append_string_memfd(
-                sd_bus_message *m,
-                int memfd,
-                uint64_t offset,
-                uint64_t size) {
-
-        _cleanup_close_ int copy_fd = -1;
-        struct bus_body_part *part;
-        struct bus_container *c;
-        uint64_t real_size;
-        void *a;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(memfd >= 0, -EBADF);
-        assert_return(size > 0, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(!m->poisoned, -ESTALE);
-
-        r = memfd_set_sealed(memfd);
-        if (r < 0)
-                return r;
-
-        copy_fd = dup(memfd);
-        if (copy_fd < 0)
-                return copy_fd;
-
-        r = memfd_get_size(memfd, &real_size);
-        if (r < 0)
-                return r;
-
-        if (offset == 0 && size == (uint64_t) -1)
-                size = real_size;
-        else if (offset + size > real_size)
-                return -EMSGSIZE;
-
-        /* We require this to be NUL terminated */
-        if (size == 0)
-                return -EINVAL;
-
-        if (size > (uint64_t) (uint32_t) -1)
-                return -EINVAL;
-
-        c = message_get_container(m);
-        if (c->signature && c->signature[c->index]) {
-                /* Container signature is already set */
-
-                if (c->signature[c->index] != SD_BUS_TYPE_STRING)
-                        return -ENXIO;
-        } else {
-                char *e;
-
-                /* Maybe we can append to the signature? But only if this is the top-level container */
-                if (c->enclosing != 0)
-                        return -ENXIO;
-
-                e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRING), NULL);
-                if (!e) {
-                        m->poisoned = true;
-                        return -ENOMEM;
-                }
-        }
-
-        if (!BUS_MESSAGE_IS_GVARIANT(m)) {
-                a = message_extend_body(m, 4, 4, false, false);
-                if (!a)
-                        return -ENOMEM;
-
-                *(uint32_t*) a = size - 1;
-        }
-
-        part = message_append_part(m);
-        if (!part)
-                return -ENOMEM;
-
-        part->memfd = copy_fd;
-        part->memfd_offset = offset;
-        part->sealed = true;
-        part->size = size;
-        copy_fd = -1;
-
-        m->body_size += size;
-        message_extend_containers(m, size);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                r = message_add_offset(m, m->body_size);
-                if (r < 0) {
-                        m->poisoned = true;
-                        return -ENOMEM;
-                }
-        }
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index++;
-
-        return 0;
-}
-
-_public_ int sd_bus_message_append_strv(sd_bus_message *m, char **l) {
-        char **i;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(!m->poisoned, -ESTALE);
-
-        r = sd_bus_message_open_container(m, 'a', "s");
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH(i, l) {
-                r = sd_bus_message_append_basic(m, 's', *i);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_message_close_container(m);
-}
-
-static int bus_message_close_header(sd_bus_message *m) {
-
-        assert(m);
-
-        /* The actual user data is finished now, we just complete the
-           variant and struct now (at least on gvariant). Remember
-           this position, so that during parsing we know where to to
-           put the outer container end. */
-        m->user_body_size = m->body_size;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                const char *signature;
-                size_t sz, l;
-                void *d;
-
-                /* Add offset table to end of fields array */
-                if (m->n_header_offsets >= 1) {
-                        uint8_t *a;
-                        unsigned i;
-
-                        assert(m->fields_size == m->header_offsets[m->n_header_offsets-1]);
-
-                        sz = bus_gvariant_determine_word_size(m->fields_size, m->n_header_offsets);
-                        a = message_extend_fields(m, 1, sz * m->n_header_offsets, false);
-                        if (!a)
-                                return -ENOMEM;
-
-                        for (i = 0; i < m->n_header_offsets; i++)
-                                bus_gvariant_write_word_le(a + sz*i, sz, m->header_offsets[i]);
-                }
-
-                /* Add gvariant NUL byte plus signature to the end of
-                 * the body, followed by the final offset pointing to
-                 * the end of the fields array */
-
-                signature = strempty(m->root_container.signature);
-                l = strlen(signature);
-
-                sz = bus_gvariant_determine_word_size(sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size + 1 + l + 2, 1);
-                d = message_extend_body(m, 1, 1 + l + 2 + sz, false, true);
-                if (!d)
-                        return -ENOMEM;
-
-                *(uint8_t*) d = 0;
-                *((uint8_t*) d + 1) = SD_BUS_TYPE_STRUCT_BEGIN;
-                memcpy((uint8_t*) d + 2, signature, l);
-                *((uint8_t*) d + 1 + l + 1) = SD_BUS_TYPE_STRUCT_END;
-
-                bus_gvariant_write_word_le((uint8_t*) d + 1 + l + 2, sz, sizeof(struct bus_header) + m->fields_size);
-
-                m->footer = d;
-                m->footer_accessible = 1 + l + 2 + sz;
-        } else {
-                m->header->dbus1.fields_size = m->fields_size;
-                m->header->dbus1.body_size = m->body_size;
-        }
-
-        return 0;
-}
-
-int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) {
-        struct bus_body_part *part;
-        size_t a;
-        unsigned i;
-        int r;
-
-        assert(m);
-
-        if (m->sealed)
-                return -EPERM;
-
-        if (m->n_containers > 0)
-                return -EBADMSG;
-
-        if (m->poisoned)
-                return -ESTALE;
-
-        if (cookie > 0xffffffffULL &&
-            !BUS_MESSAGE_IS_GVARIANT(m))
-                return -EOPNOTSUPP;
-
-        /* In vtables the return signature of method calls is listed,
-         * let's check if they match if this is a response */
-        if (m->header->type == SD_BUS_MESSAGE_METHOD_RETURN &&
-            m->enforced_reply_signature &&
-            !streq(strempty(m->root_container.signature), m->enforced_reply_signature))
-                return -ENOMSG;
-
-        /* If gvariant marshalling is used we need to close the body structure */
-        r = bus_message_close_struct(m, &m->root_container, false);
-        if (r < 0)
-                return r;
-
-        /* If there's a non-trivial signature set, then add it in
-         * here, but only on dbus1 */
-        if (!isempty(m->root_container.signature) && !BUS_MESSAGE_IS_GVARIANT(m)) {
-                r = message_append_field_signature(m, BUS_MESSAGE_HEADER_SIGNATURE, m->root_container.signature, NULL);
-                if (r < 0)
-                        return r;
-        }
-
-        if (m->n_fds > 0) {
-                r = message_append_field_uint32(m, BUS_MESSAGE_HEADER_UNIX_FDS, m->n_fds);
-                if (r < 0)
-                        return r;
-        }
-
-        r = bus_message_close_header(m);
-        if (r < 0)
-                return r;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m))
-                m->header->dbus2.cookie = cookie;
-        else
-                m->header->dbus1.serial = (uint32_t) cookie;
-
-        m->timeout = m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED ? 0 : timeout;
-
-        /* Add padding at the end of the fields part, since we know
-         * the body needs to start at an 8 byte alignment. We made
-         * sure we allocated enough space for this, so all we need to
-         * do here is to zero it out. */
-        a = ALIGN8(m->fields_size) - m->fields_size;
-        if (a > 0)
-                memzero((uint8_t*) BUS_MESSAGE_FIELDS(m) + m->fields_size, a);
-
-        /* If this is something we can send as memfd, then let's seal
-        the memfd now. Note that we can send memfds as payload only
-        for directed messages, and not for broadcasts. */
-        if (m->destination && m->bus->use_memfd) {
-                MESSAGE_FOREACH_PART(part, i, m)
-                        if (part->memfd >= 0 &&
-                            !part->sealed &&
-                            (part->size > MEMFD_MIN_SIZE || m->bus->use_memfd < 0) &&
-                            part != m->body_end) { /* The last part may never be sent as memfd */
-                                uint64_t sz;
-
-                                /* Try to seal it if that makes
-                                 * sense. First, unmap our own map to
-                                 * make sure we don't keep it busy. */
-                                bus_body_part_unmap(part);
-
-                                /* Then, sync up real memfd size */
-                                sz = part->size;
-                                r = memfd_set_size(part->memfd, sz);
-                                if (r < 0)
-                                        return r;
-
-                                /* Finally, try to seal */
-                                if (memfd_set_sealed(part->memfd) >= 0)
-                                        part->sealed = true;
-                        }
-        }
-
-        m->root_container.end = m->user_body_size;
-        m->root_container.index = 0;
-        m->root_container.offset_index = 0;
-        m->root_container.item_size = m->root_container.n_offsets > 0 ? m->root_container.offsets[0] : 0;
-
-        m->sealed = true;
-
-        return 0;
-}
-
-int bus_body_part_map(struct bus_body_part *part) {
-        void *p;
-        size_t psz, shift;
-
-        assert_se(part);
-
-        if (part->data)
-                return 0;
-
-        if (part->size <= 0)
-                return 0;
-
-        /* For smaller zero parts (as used for padding) we don't need to map anything... */
-        if (part->memfd < 0 && part->is_zero && part->size < 8) {
-                static const uint8_t zeroes[7] = { };
-                part->data = (void*) zeroes;
-                return 0;
-        }
-
-        shift = part->memfd_offset - ((part->memfd_offset / page_size()) * page_size());
-        psz = PAGE_ALIGN(part->size + shift);
-
-        if (part->memfd >= 0)
-                p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE, part->memfd, part->memfd_offset - shift);
-        else if (part->is_zero)
-                p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
-        else
-                return -EINVAL;
-
-        if (p == MAP_FAILED)
-                return -errno;
-
-        part->mapped = psz;
-        part->mmap_begin = p;
-        part->data = (uint8_t*) p + shift;
-        part->munmap_this = true;
-
-        return 0;
-}
-
-void bus_body_part_unmap(struct bus_body_part *part) {
-
-        assert_se(part);
-
-        if (part->memfd < 0)
-                return;
-
-        if (!part->mmap_begin)
-                return;
-
-        if (!part->munmap_this)
-                return;
-
-        assert_se(munmap(part->mmap_begin, part->mapped) == 0);
-
-        part->mmap_begin = NULL;
-        part->data = NULL;
-        part->mapped = 0;
-        part->munmap_this = false;
-
-        return;
-}
-
-static int buffer_peek(const void *p, uint32_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) {
-        size_t k, start, end;
-
-        assert(rindex);
-        assert(align > 0);
-
-        start = ALIGN_TO((size_t) *rindex, align);
-        end = start + nbytes;
-
-        if (end > sz)
-                return -EBADMSG;
-
-        /* Verify that padding is 0 */
-        for (k = *rindex; k < start; k++)
-                if (((const uint8_t*) p)[k] != 0)
-                        return -EBADMSG;
-
-        if (r)
-                *r = (uint8_t*) p + start;
-
-        *rindex = end;
-
-        return 1;
-}
-
-static bool message_end_of_signature(sd_bus_message *m) {
-        struct bus_container *c;
-
-        assert(m);
-
-        c = message_get_container(m);
-        return !c->signature || c->signature[c->index] == 0;
-}
-
-static bool message_end_of_array(sd_bus_message *m, size_t index) {
-        struct bus_container *c;
-
-        assert(m);
-
-        c = message_get_container(m);
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                return false;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m))
-                return index >= c->end;
-        else {
-                assert(c->array_size);
-                return index >= c->begin + BUS_MESSAGE_BSWAP32(m, *c->array_size);
-        }
-}
-
-_public_ int sd_bus_message_at_end(sd_bus_message *m, int complete) {
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-
-        if (complete && m->n_containers > 0)
-                return false;
-
-        if (message_end_of_signature(m))
-                return true;
-
-        if (message_end_of_array(m, m->rindex))
-                return true;
-
-        return false;
-}
-
-static struct bus_body_part* find_part(sd_bus_message *m, size_t index, size_t sz, void **p) {
-        struct bus_body_part *part;
-        size_t begin;
-        int r;
-
-        assert(m);
-
-        if (m->cached_rindex_part && index >= m->cached_rindex_part_begin) {
-                part = m->cached_rindex_part;
-                begin = m->cached_rindex_part_begin;
-        } else {
-                part = &m->body;
-                begin = 0;
-        }
-
-        while (part) {
-                if (index < begin)
-                        return NULL;
-
-                if (index + sz <= begin + part->size) {
-
-                        r = bus_body_part_map(part);
-                        if (r < 0)
-                                return NULL;
-
-                        if (p)
-                                *p = (uint8_t*) part->data + index - begin;
-
-                        m->cached_rindex_part = part;
-                        m->cached_rindex_part_begin = begin;
-
-                        return part;
-                }
-
-                begin += part->size;
-                part = part->next;
-        }
-
-        return NULL;
-}
-
-static int container_next_item(sd_bus_message *m, struct bus_container *c, size_t *rindex) {
-        int r;
-
-        assert(m);
-        assert(c);
-        assert(rindex);
-
-        if (!BUS_MESSAGE_IS_GVARIANT(m))
-                return 0;
-
-        if (c->enclosing == SD_BUS_TYPE_ARRAY) {
-                int sz;
-
-                sz = bus_gvariant_get_size(c->signature);
-                if (sz < 0) {
-                        int alignment;
-
-                        if (c->offset_index+1 >= c->n_offsets)
-                                goto end;
-
-                        /* Variable-size array */
-
-                        alignment = bus_gvariant_get_alignment(c->signature);
-                        assert(alignment > 0);
-
-                        *rindex = ALIGN_TO(c->offsets[c->offset_index], alignment);
-                        c->item_size = c->offsets[c->offset_index+1] - *rindex;
-                } else {
-
-                        if (c->offset_index+1 >= (c->end-c->begin)/sz)
-                                goto end;
-
-                        /* Fixed-size array */
-                        *rindex = c->begin + (c->offset_index+1) * sz;
-                        c->item_size = sz;
-                }
-
-                c->offset_index++;
-
-        } else if (c->enclosing == 0 ||
-                   c->enclosing == SD_BUS_TYPE_STRUCT ||
-                   c->enclosing == SD_BUS_TYPE_DICT_ENTRY) {
-
-                int alignment;
-                size_t n, j;
-
-                if (c->offset_index+1 >= c->n_offsets)
-                        goto end;
-
-                r = signature_element_length(c->signature + c->index, &n);
-                if (r < 0)
-                        return r;
-
-                r = signature_element_length(c->signature + c->index + n, &j);
-                if (r < 0)
-                        return r;
-                else {
-                        char t[j+1];
-                        memcpy(t, c->signature + c->index + n, j);
-                        t[j] = 0;
-
-                        alignment = bus_gvariant_get_alignment(t);
-                }
-
-                assert(alignment > 0);
-
-                *rindex = ALIGN_TO(c->offsets[c->offset_index], alignment);
-                c->item_size = c->offsets[c->offset_index+1] - *rindex;
-
-                c->offset_index++;
-
-        } else if (c->enclosing == SD_BUS_TYPE_VARIANT)
-                goto end;
-        else
-                assert_not_reached("Unknown container type");
-
-        return 0;
-
-end:
-        /* Reached the end */
-        *rindex = c->end;
-        c->item_size = 0;
-        return 0;
-}
-
-
-static int message_peek_body(
-                sd_bus_message *m,
-                size_t *rindex,
-                size_t align,
-                size_t nbytes,
-                void **ret) {
-
-        size_t k, start, end, padding;
-        struct bus_body_part *part;
-        uint8_t *q;
-
-        assert(m);
-        assert(rindex);
-        assert(align > 0);
-
-        start = ALIGN_TO((size_t) *rindex, align);
-        padding = start - *rindex;
-        end = start + nbytes;
-
-        if (end > m->user_body_size)
-                return -EBADMSG;
-
-        part = find_part(m, *rindex, padding, (void**) &q);
-        if (!part)
-                return -EBADMSG;
-
-        if (q) {
-                /* Verify padding */
-                for (k = 0; k < padding; k++)
-                        if (q[k] != 0)
-                                return -EBADMSG;
-        }
-
-        part = find_part(m, start, nbytes, (void**) &q);
-        if (!part || (nbytes > 0 && !q))
-                return -EBADMSG;
-
-        *rindex = end;
-
-        if (ret)
-                *ret = q;
-
-        return 0;
-}
-
-static bool validate_nul(const char *s, size_t l) {
-
-        /* Check for NUL chars in the string */
-        if (memchr(s, 0, l))
-                return false;
-
-        /* Check for NUL termination */
-        if (s[l] != 0)
-                return false;
-
-        return true;
-}
-
-static bool validate_string(const char *s, size_t l) {
-
-        if (!validate_nul(s, l))
-                return false;
-
-        /* Check if valid UTF8 */
-        if (!utf8_is_valid(s))
-                return false;
-
-        return true;
-}
-
-static bool validate_signature(const char *s, size_t l) {
-
-        if (!validate_nul(s, l))
-                return false;
-
-        /* Check if valid signature */
-        if (!signature_is_valid(s, true))
-                return false;
-
-        return true;
-}
-
-static bool validate_object_path(const char *s, size_t l) {
-
-        if (!validate_nul(s, l))
-                return false;
-
-        if (!object_path_is_valid(s))
-                return false;
-
-        return true;
-}
-
-_public_ int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p) {
-        struct bus_container *c;
-        size_t rindex;
-        void *q;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(bus_type_is_basic(type), -EINVAL);
-
-        if (message_end_of_signature(m))
-                return -ENXIO;
-
-        if (message_end_of_array(m, m->rindex))
-                return 0;
-
-        c = message_get_container(m);
-        if (c->signature[c->index] != type)
-                return -ENXIO;
-
-        rindex = m->rindex;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-
-                if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE)) {
-                        bool ok;
-
-                        r = message_peek_body(m, &rindex, 1, c->item_size, &q);
-                        if (r < 0)
-                                return r;
-
-                        if (type == SD_BUS_TYPE_STRING)
-                                ok = validate_string(q, c->item_size-1);
-                        else if (type == SD_BUS_TYPE_OBJECT_PATH)
-                                ok = validate_object_path(q, c->item_size-1);
-                        else
-                                ok = validate_signature(q, c->item_size-1);
-
-                        if (!ok)
-                                return -EBADMSG;
-
-                        if (p)
-                                *(const char**) p = q;
-                } else {
-                        int sz, align;
-
-                        sz = bus_gvariant_get_size(CHAR_TO_STR(type));
-                        assert(sz > 0);
-                        if ((size_t) sz != c->item_size)
-                                return -EBADMSG;
-
-                        align = bus_gvariant_get_alignment(CHAR_TO_STR(type));
-                        assert(align > 0);
-
-                        r = message_peek_body(m, &rindex, align, c->item_size, &q);
-                        if (r < 0)
-                                return r;
-
-                        switch (type) {
-
-                        case SD_BUS_TYPE_BYTE:
-                                if (p)
-                                        *(uint8_t*) p = *(uint8_t*) q;
-                                break;
-
-                        case SD_BUS_TYPE_BOOLEAN:
-                                if (p)
-                                        *(int*) p = !!*(uint8_t*) q;
-                                break;
-
-                        case SD_BUS_TYPE_INT16:
-                        case SD_BUS_TYPE_UINT16:
-                                if (p)
-                                        *(uint16_t*) p = BUS_MESSAGE_BSWAP16(m, *(uint16_t*) q);
-                                break;
-
-                        case SD_BUS_TYPE_INT32:
-                        case SD_BUS_TYPE_UINT32:
-                                if (p)
-                                        *(uint32_t*) p = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
-                                break;
-
-                        case SD_BUS_TYPE_INT64:
-                        case SD_BUS_TYPE_UINT64:
-                        case SD_BUS_TYPE_DOUBLE:
-                                if (p)
-                                        *(uint64_t*) p = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q);
-                                break;
-
-                        case SD_BUS_TYPE_UNIX_FD: {
-                                uint32_t j;
-
-                                j = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
-                                if (j >= m->n_fds)
-                                        return -EBADMSG;
-
-                                if (p)
-                                        *(int*) p = m->fds[j];
-
-                                break;
-                        }
-
-                        default:
-                                assert_not_reached("unexpected type");
-                        }
-                }
-
-                r = container_next_item(m, c, &rindex);
-                if (r < 0)
-                        return r;
-        } else {
-
-                if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH)) {
-                        uint32_t l;
-                        bool ok;
-
-                        r = message_peek_body(m, &rindex, 4, 4, &q);
-                        if (r < 0)
-                                return r;
-
-                        l = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
-                        r = message_peek_body(m, &rindex, 1, l+1, &q);
-                        if (r < 0)
-                                return r;
-
-                        if (type == SD_BUS_TYPE_OBJECT_PATH)
-                                ok = validate_object_path(q, l);
-                        else
-                                ok = validate_string(q, l);
-                        if (!ok)
-                                return -EBADMSG;
-
-                        if (p)
-                                *(const char**) p = q;
-
-                } else if (type == SD_BUS_TYPE_SIGNATURE) {
-                        uint8_t l;
-
-                        r = message_peek_body(m, &rindex, 1, 1, &q);
-                        if (r < 0)
-                                return r;
-
-                        l = *(uint8_t*) q;
-                        r = message_peek_body(m, &rindex, 1, l+1, &q);
-                        if (r < 0)
-                                return r;
-
-                        if (!validate_signature(q, l))
-                                return -EBADMSG;
-
-                        if (p)
-                                *(const char**) p = q;
-
-                } else {
-                        ssize_t sz, align;
-
-                        align = bus_type_get_alignment(type);
-                        assert(align > 0);
-
-                        sz = bus_type_get_size(type);
-                        assert(sz > 0);
-
-                        r = message_peek_body(m, &rindex, align, sz, &q);
-                        if (r < 0)
-                                return r;
-
-                        switch (type) {
-
-                        case SD_BUS_TYPE_BYTE:
-                                if (p)
-                                        *(uint8_t*) p = *(uint8_t*) q;
-                                break;
-
-                        case SD_BUS_TYPE_BOOLEAN:
-                                if (p)
-                                        *(int*) p = !!*(uint32_t*) q;
-                                break;
-
-                        case SD_BUS_TYPE_INT16:
-                        case SD_BUS_TYPE_UINT16:
-                                if (p)
-                                        *(uint16_t*) p = BUS_MESSAGE_BSWAP16(m, *(uint16_t*) q);
-                                break;
-
-                        case SD_BUS_TYPE_INT32:
-                        case SD_BUS_TYPE_UINT32:
-                                if (p)
-                                        *(uint32_t*) p = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
-                                break;
-
-                        case SD_BUS_TYPE_INT64:
-                        case SD_BUS_TYPE_UINT64:
-                        case SD_BUS_TYPE_DOUBLE:
-                                if (p)
-                                        *(uint64_t*) p = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q);
-                                break;
-
-                        case SD_BUS_TYPE_UNIX_FD: {
-                                uint32_t j;
-
-                                j = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
-                                if (j >= m->n_fds)
-                                        return -EBADMSG;
-
-                                if (p)
-                                        *(int*) p = m->fds[j];
-                                break;
-                        }
-
-                        default:
-                                assert_not_reached("Unknown basic type...");
-                        }
-                }
-        }
-
-        m->rindex = rindex;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index++;
-
-        return 1;
-}
-
-static int bus_message_enter_array(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                uint32_t **array_size,
-                size_t *item_size,
-                size_t **offsets,
-                size_t *n_offsets) {
-
-        size_t rindex;
-        void *q;
-        int r, alignment;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-        assert(array_size);
-        assert(item_size);
-        assert(offsets);
-        assert(n_offsets);
-
-        if (!signature_is_single(contents, true))
-                return -EINVAL;
-
-        if (!c->signature || c->signature[c->index] == 0)
-                return -ENXIO;
-
-        if (c->signature[c->index] != SD_BUS_TYPE_ARRAY)
-                return -ENXIO;
-
-        if (!startswith(c->signature + c->index + 1, contents))
-                return -ENXIO;
-
-        rindex = m->rindex;
-
-        if (!BUS_MESSAGE_IS_GVARIANT(m)) {
-                /* dbus1 */
-
-                r = message_peek_body(m, &rindex, 4, 4, &q);
-                if (r < 0)
-                        return r;
-
-                if (BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q) > BUS_ARRAY_MAX_SIZE)
-                        return -EBADMSG;
-
-                alignment = bus_type_get_alignment(contents[0]);
-                if (alignment < 0)
-                        return alignment;
-
-                r = message_peek_body(m, &rindex, alignment, 0, NULL);
-                if (r < 0)
-                        return r;
-
-                *array_size = (uint32_t*) q;
-
-        } else if (c->item_size <= 0) {
-
-                /* gvariant: empty array */
-                *item_size = 0;
-                *offsets = NULL;
-                *n_offsets = 0;
-
-        } else if (bus_gvariant_is_fixed_size(contents)) {
-
-                /* gvariant: fixed length array */
-                *item_size = bus_gvariant_get_size(contents);
-                *offsets = NULL;
-                *n_offsets = 0;
-
-        } else {
-                size_t where, p = 0, framing, sz;
-                unsigned i;
-
-                /* gvariant: variable length array */
-                sz = bus_gvariant_determine_word_size(c->item_size, 0);
-
-                where = rindex + c->item_size - sz;
-                r = message_peek_body(m, &where, 1, sz, &q);
-                if (r < 0)
-                        return r;
-
-                framing = bus_gvariant_read_word_le(q, sz);
-                if (framing > c->item_size - sz)
-                        return -EBADMSG;
-                if ((c->item_size - framing) % sz != 0)
-                        return -EBADMSG;
-
-                *n_offsets = (c->item_size - framing) / sz;
-
-                where = rindex + framing;
-                r = message_peek_body(m, &where, 1, *n_offsets * sz, &q);
-                if (r < 0)
-                        return r;
-
-                *offsets = new(size_t, *n_offsets);
-                if (!*offsets)
-                        return -ENOMEM;
-
-                for (i = 0; i < *n_offsets; i++) {
-                        size_t x;
-
-                        x = bus_gvariant_read_word_le((uint8_t*) q + i * sz, sz);
-                        if (x > c->item_size - sz)
-                                return -EBADMSG;
-                        if (x < p)
-                                return -EBADMSG;
-
-                        (*offsets)[i] = rindex + x;
-                        p = x;
-                }
-
-                *item_size = (*offsets)[0] - rindex;
-        }
-
-        m->rindex = rindex;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index += 1 + strlen(contents);
-
-        return 1;
-}
-
-static int bus_message_enter_variant(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                size_t *item_size) {
-
-        size_t rindex;
-        uint8_t l;
-        void *q;
-        int r;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-        assert(item_size);
-
-        if (!signature_is_single(contents, false))
-                return -EINVAL;
-
-        if (*contents == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
-                return -EINVAL;
-
-        if (!c->signature || c->signature[c->index] == 0)
-                return -ENXIO;
-
-        if (c->signature[c->index] != SD_BUS_TYPE_VARIANT)
-                return -ENXIO;
-
-        rindex = m->rindex;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                size_t k, where;
-
-                k = strlen(contents);
-                if (1+k > c->item_size)
-                        return -EBADMSG;
-
-                where = rindex + c->item_size - (1+k);
-                r = message_peek_body(m, &where, 1, 1+k, &q);
-                if (r < 0)
-                        return r;
-
-                if (*(char*) q != 0)
-                        return -EBADMSG;
-
-                if (memcmp((uint8_t*) q+1, contents, k))
-                        return -ENXIO;
-
-                *item_size = c->item_size - (1+k);
-
-        } else {
-                r = message_peek_body(m, &rindex, 1, 1, &q);
-                if (r < 0)
-                        return r;
-
-                l = *(uint8_t*) q;
-                r = message_peek_body(m, &rindex, 1, l+1, &q);
-                if (r < 0)
-                        return r;
-
-                if (!validate_signature(q, l))
-                        return -EBADMSG;
-
-                if (!streq(q, contents))
-                        return -ENXIO;
-        }
-
-        m->rindex = rindex;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index++;
-
-        return 1;
-}
-
-static int build_struct_offsets(
-                sd_bus_message *m,
-                const char *signature,
-                size_t size,
-                size_t *item_size,
-                size_t **offsets,
-                size_t *n_offsets) {
-
-        unsigned n_variable = 0, n_total = 0, v;
-        size_t previous = 0, where;
-        const char *p;
-        size_t sz;
-        void *q;
-        int r;
-
-        assert(m);
-        assert(item_size);
-        assert(offsets);
-        assert(n_offsets);
-
-        if (isempty(signature)) {
-                /* Unary type is encoded as *fixed* 1 byte padding */
-                r = message_peek_body(m, &m->rindex, 1, 1, &q);
-                if (r < 0)
-                        return r;
-
-                if (*(uint8_t *) q != 0)
-                        return -EBADMSG;
-
-                *item_size = 0;
-                *offsets = NULL;
-                *n_offsets = 0;
-                return 0;
-        }
-
-        sz = bus_gvariant_determine_word_size(size, 0);
-        if (sz <= 0)
-                return -EBADMSG;
-
-        /* First, loop over signature and count variable elements and
-         * elements in general. We use this to know how large the
-         * offset array is at the end of the structure. Note that
-         * GVariant only stores offsets for all variable size elements
-         * that are not the last item. */
-
-        p = signature;
-        while (*p != 0) {
-                size_t n;
-
-                r = signature_element_length(p, &n);
-                if (r < 0)
-                        return r;
-                else {
-                        char t[n+1];
-
-                        memcpy(t, p, n);
-                        t[n] = 0;
-
-                        r = bus_gvariant_is_fixed_size(t);
-                }
-
-                if (r < 0)
-                        return r;
-                if (r == 0 && p[n] != 0) /* except the last item */
-                        n_variable++;
-                n_total++;
-
-                p += n;
-        }
-
-        if (size < n_variable * sz)
-                return -EBADMSG;
-
-        where = m->rindex + size - (n_variable * sz);
-        r = message_peek_body(m, &where, 1, n_variable * sz, &q);
-        if (r < 0)
-                return r;
-
-        v = n_variable;
-
-        *offsets = new(size_t, n_total);
-        if (!*offsets)
-                return -ENOMEM;
-
-        *n_offsets = 0;
-
-        /* Second, loop again and build an offset table */
-        p = signature;
-        while (*p != 0) {
-                size_t n, offset;
-                int k;
-
-                r = signature_element_length(p, &n);
-                if (r < 0)
-                        return r;
-                else {
-                        char t[n+1];
-
-                        memcpy(t, p, n);
-                        t[n] = 0;
-
-                        k = bus_gvariant_get_size(t);
-                        if (k < 0) {
-                                size_t x;
-
-                                /* variable size */
-                                if (v > 0) {
-                                        v--;
-
-                                        x = bus_gvariant_read_word_le((uint8_t*) q + v*sz, sz);
-                                        if (x >= size)
-                                                return -EBADMSG;
-                                        if (m->rindex + x < previous)
-                                                return -EBADMSG;
-                                } else
-                                        /* The last item's end
-                                         * is determined from
-                                         * the start of the
-                                         * offset array */
-                                        x = size - (n_variable * sz);
-
-                                offset = m->rindex + x;
-
-                        } else {
-                                size_t align;
-
-                                /* fixed size */
-                                align = bus_gvariant_get_alignment(t);
-                                assert(align > 0);
-
-                                offset = (*n_offsets == 0 ? m->rindex  : ALIGN_TO((*offsets)[*n_offsets-1], align)) + k;
-                        }
-                }
-
-                previous = (*offsets)[(*n_offsets)++] = offset;
-                p += n;
-        }
-
-        assert(v == 0);
-        assert(*n_offsets == n_total);
-
-        *item_size = (*offsets)[0] - m->rindex;
-        return 0;
-}
-
-static int enter_struct_or_dict_entry(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                size_t *item_size,
-                size_t **offsets,
-                size_t *n_offsets) {
-
-        int r;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-        assert(item_size);
-        assert(offsets);
-        assert(n_offsets);
-
-        if (!BUS_MESSAGE_IS_GVARIANT(m)) {
-
-                /* dbus1 */
-                r = message_peek_body(m, &m->rindex, 8, 0, NULL);
-                if (r < 0)
-                        return r;
-
-        } else
-                /* gvariant with contents */
-                return build_struct_offsets(m, contents, c->item_size, item_size, offsets, n_offsets);
-
-        return 0;
-}
-
-static int bus_message_enter_struct(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                size_t *item_size,
-                size_t **offsets,
-                size_t *n_offsets) {
-
-        size_t l;
-        int r;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-        assert(item_size);
-        assert(offsets);
-        assert(n_offsets);
-
-        if (!signature_is_valid(contents, false))
-                return -EINVAL;
-
-        if (!c->signature || c->signature[c->index] == 0)
-                return -ENXIO;
-
-        l = strlen(contents);
-
-        if (c->signature[c->index] != SD_BUS_TYPE_STRUCT_BEGIN ||
-            !startswith(c->signature + c->index + 1, contents) ||
-            c->signature[c->index + 1 + l] != SD_BUS_TYPE_STRUCT_END)
-                return -ENXIO;
-
-        r = enter_struct_or_dict_entry(m, c, contents, item_size, offsets, n_offsets);
-        if (r < 0)
-                return r;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index += 1 + l + 1;
-
-        return 1;
-}
-
-static int bus_message_enter_dict_entry(
-                sd_bus_message *m,
-                struct bus_container *c,
-                const char *contents,
-                size_t *item_size,
-                size_t **offsets,
-                size_t *n_offsets) {
-
-        size_t l;
-        int r;
-
-        assert(m);
-        assert(c);
-        assert(contents);
-
-        if (!signature_is_pair(contents))
-                return -EINVAL;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                return -ENXIO;
-
-        if (!c->signature || c->signature[c->index] == 0)
-                return 0;
-
-        l = strlen(contents);
-
-        if (c->signature[c->index] != SD_BUS_TYPE_DICT_ENTRY_BEGIN ||
-            !startswith(c->signature + c->index + 1, contents) ||
-            c->signature[c->index + 1 + l] != SD_BUS_TYPE_DICT_ENTRY_END)
-                return -ENXIO;
-
-        r = enter_struct_or_dict_entry(m, c, contents, item_size, offsets, n_offsets);
-        if (r < 0)
-                return r;
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY)
-                c->index += 1 + l + 1;
-
-        return 1;
-}
-
-_public_ int sd_bus_message_enter_container(sd_bus_message *m,
-                                            char type,
-                                            const char *contents) {
-        struct bus_container *c, *w;
-        uint32_t *array_size = NULL;
-        char *signature;
-        size_t before;
-        size_t *offsets = NULL;
-        size_t n_offsets = 0, item_size = 0;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(type != 0 || !contents, -EINVAL);
-
-        if (type == 0 || !contents) {
-                const char *cc;
-                char tt;
-
-                /* Allow entering into anonymous containers */
-                r = sd_bus_message_peek_type(m, &tt, &cc);
-                if (r < 0)
-                        return r;
-
-                if (type != 0 && type != tt)
-                        return -ENXIO;
-
-                if (contents && !streq(contents, cc))
-                        return -ENXIO;
-
-                type = tt;
-                contents = cc;
-        }
-
-        /*
-         * We enforce a global limit on container depth, that is much
-         * higher than the 32 structs and 32 arrays the specification
-         * mandates. This is simpler to implement for us, and we need
-         * this only to ensure our container array doesn't grow
-         * without bounds. We are happy to return any data from a
-         * message as long as the data itself is valid, even if the
-         * overall message might be not.
-         *
-         * Note that the message signature is validated when
-         * parsing the headers, and that validation does check the
-         * 32/32 limit.
-         *
-         * Note that the specification defines no limits on the depth
-         * of stacked variants, but we do.
-         */
-        if (m->n_containers >= BUS_CONTAINER_DEPTH)
-                return -EBADMSG;
-
-        if (!GREEDY_REALLOC(m->containers, m->containers_allocated, m->n_containers + 1))
-                return -ENOMEM;
-
-        if (message_end_of_signature(m))
-                return -ENXIO;
-
-        if (message_end_of_array(m, m->rindex))
-                return 0;
-
-        c = message_get_container(m);
-
-        signature = strdup(contents);
-        if (!signature)
-                return -ENOMEM;
-
-        c->saved_index = c->index;
-        before = m->rindex;
-
-        if (type == SD_BUS_TYPE_ARRAY)
-                r = bus_message_enter_array(m, c, contents, &array_size, &item_size, &offsets, &n_offsets);
-        else if (type == SD_BUS_TYPE_VARIANT)
-                r = bus_message_enter_variant(m, c, contents, &item_size);
-        else if (type == SD_BUS_TYPE_STRUCT)
-                r = bus_message_enter_struct(m, c, contents, &item_size, &offsets, &n_offsets);
-        else if (type == SD_BUS_TYPE_DICT_ENTRY)
-                r = bus_message_enter_dict_entry(m, c, contents, &item_size, &offsets, &n_offsets);
-        else
-                r = -EINVAL;
-
-        if (r <= 0) {
-                free(signature);
-                free(offsets);
-                return r;
-        }
-
-        /* OK, let's fill it in */
-        w = m->containers + m->n_containers++;
-        w->enclosing = type;
-        w->signature = signature;
-        w->peeked_signature = NULL;
-        w->index = 0;
-
-        w->before = before;
-        w->begin = m->rindex;
-
-        /* Unary type has fixed size of 1, but virtual size of 0 */
-        if (BUS_MESSAGE_IS_GVARIANT(m) &&
-            type == SD_BUS_TYPE_STRUCT &&
-            isempty(signature))
-                w->end = m->rindex + 0;
-        else
-                w->end = m->rindex + c->item_size;
-
-        w->array_size = array_size;
-        w->item_size = item_size;
-        w->offsets = offsets;
-        w->n_offsets = n_offsets;
-        w->offset_index = 0;
-
-        return 1;
-}
-
-_public_ int sd_bus_message_exit_container(sd_bus_message *m) {
-        struct bus_container *c;
-        unsigned saved;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(m->n_containers > 0, -ENXIO);
-
-        c = message_get_container(m);
-
-        if (c->enclosing != SD_BUS_TYPE_ARRAY) {
-                if (c->signature && c->signature[c->index] != 0)
-                        return -EBUSY;
-        }
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                if (m->rindex < c->end)
-                        return -EBUSY;
-
-        } else if (c->enclosing == SD_BUS_TYPE_ARRAY) {
-                uint32_t l;
-
-                l = BUS_MESSAGE_BSWAP32(m, *c->array_size);
-                if (c->begin + l != m->rindex)
-                        return -EBUSY;
-        }
-
-        free(c->signature);
-        free(c->peeked_signature);
-        free(c->offsets);
-        m->n_containers--;
-
-        c = message_get_container(m);
-
-        saved = c->index;
-        c->index = c->saved_index;
-        r = container_next_item(m, c, &m->rindex);
-        c->index = saved;
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static void message_quit_container(sd_bus_message *m) {
-        struct bus_container *c;
-
-        assert(m);
-        assert(m->sealed);
-        assert(m->n_containers > 0);
-
-        c = message_get_container(m);
-
-        /* Undo seeks */
-        assert(m->rindex >= c->before);
-        m->rindex = c->before;
-
-        /* Free container */
-        free(c->signature);
-        free(c->offsets);
-        m->n_containers--;
-
-        /* Correct index of new top-level container */
-        c = message_get_container(m);
-        c->index = c->saved_index;
-}
-
-_public_ int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char **contents) {
-        struct bus_container *c;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-
-        if (message_end_of_signature(m))
-                goto eof;
-
-        if (message_end_of_array(m, m->rindex))
-                goto eof;
-
-        c = message_get_container(m);
-
-        if (bus_type_is_basic(c->signature[c->index])) {
-                if (contents)
-                        *contents = NULL;
-                if (type)
-                        *type = c->signature[c->index];
-                return 1;
-        }
-
-        if (c->signature[c->index] == SD_BUS_TYPE_ARRAY) {
-
-                if (contents) {
-                        size_t l;
-                        char *sig;
-
-                        r = signature_element_length(c->signature+c->index+1, &l);
-                        if (r < 0)
-                                return r;
-
-                        assert(l >= 1);
-
-                        sig = strndup(c->signature + c->index + 1, l);
-                        if (!sig)
-                                return -ENOMEM;
-
-                        free(c->peeked_signature);
-                        *contents = c->peeked_signature = sig;
-                }
-
-                if (type)
-                        *type = SD_BUS_TYPE_ARRAY;
-
-                return 1;
-        }
-
-        if (c->signature[c->index] == SD_BUS_TYPE_STRUCT_BEGIN ||
-            c->signature[c->index] == SD_BUS_TYPE_DICT_ENTRY_BEGIN) {
-
-                if (contents) {
-                        size_t l;
-                        char *sig;
-
-                        r = signature_element_length(c->signature+c->index, &l);
-                        if (r < 0)
-                                return r;
-
-                        assert(l >= 2);
-                        sig = strndup(c->signature + c->index + 1, l - 2);
-                        if (!sig)
-                                return -ENOMEM;
-
-                        free(c->peeked_signature);
-                        *contents = c->peeked_signature = sig;
-                }
-
-                if (type)
-                        *type = c->signature[c->index] == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY;
-
-                return 1;
-        }
-
-        if (c->signature[c->index] == SD_BUS_TYPE_VARIANT) {
-                if (contents) {
-                        void *q;
-
-                        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                                size_t k;
-
-                                if (c->item_size < 2)
-                                        return -EBADMSG;
-
-                                /* Look for the NUL delimiter that
-                                   separates the payload from the
-                                   signature. Since the body might be
-                                   in a different part that then the
-                                   signature we map byte by byte. */
-
-                                for (k = 2; k <= c->item_size; k++) {
-                                        size_t where;
-
-                                        where = m->rindex + c->item_size - k;
-                                        r = message_peek_body(m, &where, 1, k, &q);
-                                        if (r < 0)
-                                                return r;
-
-                                        if (*(char*) q == 0)
-                                                break;
-                                }
-
-                                if (k > c->item_size)
-                                        return -EBADMSG;
-
-                                free(c->peeked_signature);
-                                c->peeked_signature = strndup((char*) q + 1, k - 1);
-                                if (!c->peeked_signature)
-                                        return -ENOMEM;
-
-                                if (!signature_is_valid(c->peeked_signature, true))
-                                        return -EBADMSG;
-
-                                *contents = c->peeked_signature;
-                        } else {
-                                size_t rindex, l;
-
-                                rindex = m->rindex;
-                                r = message_peek_body(m, &rindex, 1, 1, &q);
-                                if (r < 0)
-                                        return r;
-
-                                l = *(uint8_t*) q;
-                                r = message_peek_body(m, &rindex, 1, l+1, &q);
-                                if (r < 0)
-                                        return r;
-
-                                if (!validate_signature(q, l))
-                                        return -EBADMSG;
-
-                                *contents = q;
-                        }
-                }
-
-                if (type)
-                        *type = SD_BUS_TYPE_VARIANT;
-
-                return 1;
-        }
-
-        return -EINVAL;
-
-eof:
-        if (type)
-                *type = 0;
-        if (contents)
-                *contents = NULL;
-        return 0;
-}
-
-_public_ int sd_bus_message_rewind(sd_bus_message *m, int complete) {
-        struct bus_container *c;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-
-        if (complete) {
-                message_reset_containers(m);
-                m->rindex = 0;
-
-                c = message_get_container(m);
-        } else {
-                c = message_get_container(m);
-
-                c->offset_index = 0;
-                c->index = 0;
-                m->rindex = c->begin;
-        }
-
-        c->offset_index = 0;
-        c->item_size = (c->n_offsets > 0 ? c->offsets[0] : c->end) - c->begin;
-
-        return !isempty(c->signature);
-}
-
-static int message_read_ap(
-                sd_bus_message *m,
-                const char *types,
-                va_list ap) {
-
-        unsigned n_array, n_struct;
-        TypeStack stack[BUS_CONTAINER_DEPTH];
-        unsigned stack_ptr = 0;
-        unsigned n_loop = 0;
-        int r;
-
-        assert(m);
-
-        if (isempty(types))
-                return 0;
-
-        /* Ideally, we'd just call ourselves recursively on every
-         * complex type. However, the state of a va_list that is
-         * passed to a function is undefined after that function
-         * returns. This means we need to docode the va_list linearly
-         * in a single stackframe. We hence implement our own
-         * home-grown stack in an array. */
-
-        n_array = (unsigned) -1; /* length of current array entries */
-        n_struct = strlen(types); /* length of current struct contents signature */
-
-        for (;;) {
-                const char *t;
-
-                n_loop++;
-
-                if (n_array == 0 || (n_array == (unsigned) -1 && n_struct == 0)) {
-                        r = type_stack_pop(stack, ELEMENTSOF(stack), &stack_ptr, &types, &n_struct, &n_array);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                break;
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return r;
-
-                        continue;
-                }
-
-                t = types;
-                if (n_array != (unsigned) -1)
-                        n_array--;
-                else {
-                        types++;
-                        n_struct--;
-                }
-
-                switch (*t) {
-
-                case SD_BUS_TYPE_BYTE:
-                case SD_BUS_TYPE_BOOLEAN:
-                case SD_BUS_TYPE_INT16:
-                case SD_BUS_TYPE_UINT16:
-                case SD_BUS_TYPE_INT32:
-                case SD_BUS_TYPE_UINT32:
-                case SD_BUS_TYPE_INT64:
-                case SD_BUS_TYPE_UINT64:
-                case SD_BUS_TYPE_DOUBLE:
-                case SD_BUS_TYPE_STRING:
-                case SD_BUS_TYPE_OBJECT_PATH:
-                case SD_BUS_TYPE_SIGNATURE:
-                case SD_BUS_TYPE_UNIX_FD: {
-                        void *p;
-
-                        p = va_arg(ap, void*);
-                        r = sd_bus_message_read_basic(m, *t, p);
-                        if (r < 0)
-                                return r;
-                        if (r == 0) {
-                                if (n_loop <= 1)
-                                        return 0;
-
-                                return -ENXIO;
-                        }
-
-                        break;
-                }
-
-                case SD_BUS_TYPE_ARRAY: {
-                        size_t k;
-
-                        r = signature_element_length(t + 1, &k);
-                        if (r < 0)
-                                return r;
-
-                        {
-                                char s[k + 1];
-                                memcpy(s, t + 1, k);
-                                s[k] = 0;
-
-                                r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, s);
-                                if (r < 0)
-                                        return r;
-                                if (r == 0) {
-                                        if (n_loop <= 1)
-                                                return 0;
-
-                                        return -ENXIO;
-                                }
-                        }
-
-                        if (n_array == (unsigned) -1) {
-                                types += k;
-                                n_struct -= k;
-                        }
-
-                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
-                        if (r < 0)
-                                return r;
-
-                        types = t + 1;
-                        n_struct = k;
-                        n_array = va_arg(ap, unsigned);
-
-                        break;
-                }
-
-                case SD_BUS_TYPE_VARIANT: {
-                        const char *s;
-
-                        s = va_arg(ap, const char *);
-                        if (!s)
-                                return -EINVAL;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, s);
-                        if (r < 0)
-                                return r;
-                        if (r == 0) {
-                                if (n_loop <= 1)
-                                        return 0;
-
-                                return -ENXIO;
-                        }
-
-                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
-                        if (r < 0)
-                                return r;
-
-                        types = s;
-                        n_struct = strlen(s);
-                        n_array = (unsigned) -1;
-
-                        break;
-                }
-
-                case SD_BUS_TYPE_STRUCT_BEGIN:
-                case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
-                        size_t k;
-
-                        r = signature_element_length(t, &k);
-                        if (r < 0)
-                                return r;
-
-                        {
-                                char s[k - 1];
-                                memcpy(s, t + 1, k - 2);
-                                s[k - 2] = 0;
-
-                                r = sd_bus_message_enter_container(m, *t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
-                                if (r < 0)
-                                        return r;
-                                if (r == 0) {
-                                        if (n_loop <= 1)
-                                                return 0;
-                                        return -ENXIO;
-                                }
-                        }
-
-                        if (n_array == (unsigned) -1) {
-                                types += k - 1;
-                                n_struct -= k - 1;
-                        }
-
-                        r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
-                        if (r < 0)
-                                return r;
-
-                        types = t + 1;
-                        n_struct = k - 2;
-                        n_array = (unsigned) -1;
-
-                        break;
-                }
-
-                default:
-                        return -EINVAL;
-                }
-        }
-
-        return 1;
-}
-
-_public_ int sd_bus_message_read(sd_bus_message *m, const char *types, ...) {
-        va_list ap;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(types, -EINVAL);
-
-        va_start(ap, types);
-        r = message_read_ap(m, types, ap);
-        va_end(ap);
-
-        return r;
-}
-
-_public_ int sd_bus_message_skip(sd_bus_message *m, const char *types) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-
-        /* If types is NULL, read exactly one element */
-        if (!types) {
-                struct bus_container *c;
-                size_t l;
-
-                if (message_end_of_signature(m))
-                        return -ENXIO;
-
-                if (message_end_of_array(m, m->rindex))
-                        return 0;
-
-                c = message_get_container(m);
-
-                r = signature_element_length(c->signature + c->index, &l);
-                if (r < 0)
-                        return r;
-
-                types = strndupa(c->signature + c->index, l);
-        }
-
-        switch (*types) {
-
-        case 0: /* Nothing to drop */
-                return 0;
-
-        case SD_BUS_TYPE_BYTE:
-        case SD_BUS_TYPE_BOOLEAN:
-        case SD_BUS_TYPE_INT16:
-        case SD_BUS_TYPE_UINT16:
-        case SD_BUS_TYPE_INT32:
-        case SD_BUS_TYPE_UINT32:
-        case SD_BUS_TYPE_INT64:
-        case SD_BUS_TYPE_UINT64:
-        case SD_BUS_TYPE_DOUBLE:
-        case SD_BUS_TYPE_STRING:
-        case SD_BUS_TYPE_OBJECT_PATH:
-        case SD_BUS_TYPE_SIGNATURE:
-        case SD_BUS_TYPE_UNIX_FD:
-
-                r = sd_bus_message_read_basic(m, *types, NULL);
-                if (r <= 0)
-                        return r;
-
-                r = sd_bus_message_skip(m, types + 1);
-                if (r < 0)
-                        return r;
-
-                return 1;
-
-        case SD_BUS_TYPE_ARRAY: {
-                size_t k;
-
-                r = signature_element_length(types + 1, &k);
-                if (r < 0)
-                        return r;
-
-                {
-                        char s[k+1];
-                        memcpy(s, types+1, k);
-                        s[k] = 0;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, s);
-                        if (r <= 0)
-                                return r;
-
-                        for (;;) {
-                                r = sd_bus_message_skip(m, s);
-                                if (r < 0)
-                                        return r;
-                                if (r == 0)
-                                        break;
-                        }
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return r;
-                }
-
-                r = sd_bus_message_skip(m, types + 1 + k);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-
-        case SD_BUS_TYPE_VARIANT: {
-                const char *contents;
-                char x;
-
-                r = sd_bus_message_peek_type(m, &x, &contents);
-                if (r <= 0)
-                        return r;
-
-                if (x != SD_BUS_TYPE_VARIANT)
-                        return -ENXIO;
-
-                r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, contents);
-                if (r <= 0)
-                        return r;
-
-                r = sd_bus_message_skip(m, contents);
-                if (r < 0)
-                        return r;
-                assert(r != 0);
-
-                r = sd_bus_message_exit_container(m);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_skip(m, types + 1);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-
-        case SD_BUS_TYPE_STRUCT_BEGIN:
-        case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
-                size_t k;
-
-                r = signature_element_length(types, &k);
-                if (r < 0)
-                        return r;
-
-                {
-                        char s[k-1];
-                        memcpy(s, types+1, k-2);
-                        s[k-2] = 0;
-
-                        r = sd_bus_message_enter_container(m, *types == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
-                        if (r <= 0)
-                                return r;
-
-                        r = sd_bus_message_skip(m, s);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return r;
-                }
-
-                r = sd_bus_message_skip(m, types + k);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-
-        default:
-                return -EINVAL;
-        }
-}
-
-_public_ int sd_bus_message_read_array(
-                sd_bus_message *m,
-                char type,
-                const void **ptr,
-                size_t *size) {
-
-        struct bus_container *c;
-        void *p;
-        size_t sz;
-        ssize_t align;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(bus_type_is_trivial(type), -EINVAL);
-        assert_return(ptr, -EINVAL);
-        assert_return(size, -EINVAL);
-        assert_return(!BUS_MESSAGE_NEED_BSWAP(m), -EOPNOTSUPP);
-
-        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
-        if (r <= 0)
-                return r;
-
-        c = message_get_container(m);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                align = bus_gvariant_get_alignment(CHAR_TO_STR(type));
-                if (align < 0)
-                        return align;
-
-                sz = c->end - c->begin;
-        } else {
-                align = bus_type_get_alignment(type);
-                if (align < 0)
-                        return align;
-
-                sz = BUS_MESSAGE_BSWAP32(m, *c->array_size);
-        }
-
-        if (sz == 0)
-                /* Zero length array, let's return some aligned
-                 * pointer that is not NULL */
-                p = (uint8_t*) NULL + align;
-        else {
-                r = message_peek_body(m, &m->rindex, align, sz, &p);
-                if (r < 0)
-                        goto fail;
-        }
-
-        r = sd_bus_message_exit_container(m);
-        if (r < 0)
-                goto fail;
-
-        *ptr = (const void*) p;
-        *size = sz;
-
-        return 1;
-
-fail:
-        message_quit_container(m);
-        return r;
-}
-
-static int message_peek_fields(
-                sd_bus_message *m,
-                size_t *rindex,
-                size_t align,
-                size_t nbytes,
-                void **ret) {
-
-        assert(m);
-        assert(rindex);
-        assert(align > 0);
-
-        return buffer_peek(BUS_MESSAGE_FIELDS(m), m->fields_size, rindex, align, nbytes, ret);
-}
-
-static int message_peek_field_uint32(
-                sd_bus_message *m,
-                size_t *ri,
-                size_t item_size,
-                uint32_t *ret) {
-
-        int r;
-        void *q;
-
-        assert(m);
-        assert(ri);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m) && item_size != 4)
-                return -EBADMSG;
-
-        /* identical for gvariant and dbus1 */
-
-        r = message_peek_fields(m, ri, 4, 4, &q);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
-
-        return 0;
-}
-
-static int message_peek_field_uint64(
-                sd_bus_message *m,
-                size_t *ri,
-                size_t item_size,
-                uint64_t *ret) {
-
-        int r;
-        void *q;
-
-        assert(m);
-        assert(ri);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m) && item_size != 8)
-                return -EBADMSG;
-
-        /* identical for gvariant and dbus1 */
-
-        r = message_peek_fields(m, ri, 8, 8, &q);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q);
-
-        return 0;
-}
-
-static int message_peek_field_string(
-                sd_bus_message *m,
-                bool (*validate)(const char *p),
-                size_t *ri,
-                size_t item_size,
-                const char **ret) {
-
-        uint32_t l;
-        int r;
-        void *q;
-
-        assert(m);
-        assert(ri);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-
-                if (item_size <= 0)
-                        return -EBADMSG;
-
-                r = message_peek_fields(m, ri, 1, item_size, &q);
-                if (r < 0)
-                        return r;
-
-                l = item_size - 1;
-        } else {
-                r = message_peek_field_uint32(m, ri, 4, &l);
-                if (r < 0)
-                        return r;
-
-                r = message_peek_fields(m, ri, 1, l+1, &q);
-                if (r < 0)
-                        return r;
-        }
-
-        if (validate) {
-                if (!validate_nul(q, l))
-                        return -EBADMSG;
-
-                if (!validate(q))
-                        return -EBADMSG;
-        } else {
-                if (!validate_string(q, l))
-                        return -EBADMSG;
-        }
-
-        if (ret)
-                *ret = q;
-
-        return 0;
-}
-
-static int message_peek_field_signature(
-                sd_bus_message *m,
-                size_t *ri,
-                size_t item_size,
-                const char **ret) {
-
-        size_t l;
-        int r;
-        void *q;
-
-        assert(m);
-        assert(ri);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-
-                if (item_size <= 0)
-                        return -EBADMSG;
-
-                r = message_peek_fields(m, ri, 1, item_size, &q);
-                if (r < 0)
-                        return r;
-
-                l = item_size - 1;
-        } else {
-                r = message_peek_fields(m, ri, 1, 1, &q);
-                if (r < 0)
-                        return r;
-
-                l = *(uint8_t*) q;
-                r = message_peek_fields(m, ri, 1, l+1, &q);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!validate_signature(q, l))
-                return -EBADMSG;
-
-        if (ret)
-                *ret = q;
-
-        return 0;
-}
-
-static int message_skip_fields(
-                sd_bus_message *m,
-                size_t *ri,
-                uint32_t array_size,
-                const char **signature) {
-
-        size_t original_index;
-        int r;
-
-        assert(m);
-        assert(ri);
-        assert(signature);
-        assert(!BUS_MESSAGE_IS_GVARIANT(m));
-
-        original_index = *ri;
-
-        for (;;) {
-                char t;
-                size_t l;
-
-                if (array_size != (uint32_t) -1 &&
-                    array_size <= *ri - original_index)
-                        return 0;
-
-                t = **signature;
-                if (!t)
-                        return 0;
-
-                if (t == SD_BUS_TYPE_STRING) {
-
-                        r = message_peek_field_string(m, NULL, ri, 0, NULL);
-                        if (r < 0)
-                                return r;
-
-                        (*signature)++;
-
-                } else if (t == SD_BUS_TYPE_OBJECT_PATH) {
-
-                        r = message_peek_field_string(m, object_path_is_valid, ri, 0, NULL);
-                        if (r < 0)
-                                return r;
-
-                        (*signature)++;
-
-                } else if (t == SD_BUS_TYPE_SIGNATURE) {
-
-                        r = message_peek_field_signature(m, ri, 0, NULL);
-                        if (r < 0)
-                                return r;
-
-                        (*signature)++;
-
-                } else if (bus_type_is_basic(t)) {
-                        ssize_t align, k;
-
-                        align = bus_type_get_alignment(t);
-                        k = bus_type_get_size(t);
-                        assert(align > 0 && k > 0);
-
-                        r = message_peek_fields(m, ri, align, k, NULL);
-                        if (r < 0)
-                                return r;
-
-                        (*signature)++;
-
-                } else if (t == SD_BUS_TYPE_ARRAY) {
-
-                        r = signature_element_length(*signature+1, &l);
-                        if (r < 0)
-                                return r;
-
-                        assert(l >= 1);
-                        {
-                                char sig[l-1], *s;
-                                uint32_t nas;
-                                int alignment;
-
-                                strncpy(sig, *signature + 1, l-1);
-                                s = sig;
-
-                                alignment = bus_type_get_alignment(sig[0]);
-                                if (alignment < 0)
-                                        return alignment;
-
-                                r = message_peek_field_uint32(m, ri, 0, &nas);
-                                if (r < 0)
-                                        return r;
-                                if (nas > BUS_ARRAY_MAX_SIZE)
-                                        return -EBADMSG;
-
-                                r = message_peek_fields(m, ri, alignment, 0, NULL);
-                                if (r < 0)
-                                        return r;
-
-                                r = message_skip_fields(m, ri, nas, (const char**) &s);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        (*signature) += 1 + l;
-
-                } else if (t == SD_BUS_TYPE_VARIANT) {
-                        const char *s;
-
-                        r = message_peek_field_signature(m, ri, 0, &s);
-                        if (r < 0)
-                                return r;
-
-                        r = message_skip_fields(m, ri, (uint32_t) -1, (const char**) &s);
-                        if (r < 0)
-                                return r;
-
-                        (*signature)++;
-
-                } else if (t == SD_BUS_TYPE_STRUCT ||
-                           t == SD_BUS_TYPE_DICT_ENTRY) {
-
-                        r = signature_element_length(*signature, &l);
-                        if (r < 0)
-                                return r;
-
-                        assert(l >= 2);
-                        {
-                                char sig[l-1], *s;
-                                strncpy(sig, *signature + 1, l-1);
-                                s = sig;
-
-                                r = message_skip_fields(m, ri, (uint32_t) -1, (const char**) &s);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        *signature += l;
-                } else
-                        return -EINVAL;
-        }
-}
-
-int bus_message_parse_fields(sd_bus_message *m) {
-        size_t ri;
-        int r;
-        uint32_t unix_fds = 0;
-        bool unix_fds_set = false;
-        void *offsets = NULL;
-        unsigned n_offsets = 0;
-        size_t sz = 0;
-        unsigned i = 0;
-
-        assert(m);
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                char *p;
-
-                /* Read the signature from the end of the body variant first */
-                sz = bus_gvariant_determine_word_size(BUS_MESSAGE_SIZE(m), 0);
-                if (m->footer_accessible < 1 + sz)
-                        return -EBADMSG;
-
-                p = (char*) m->footer + m->footer_accessible - (1 + sz);
-                for (;;) {
-                        if (p < (char*) m->footer)
-                                return -EBADMSG;
-
-                        if (*p == 0) {
-                                size_t l;
-                                char *c;
-
-                                /* We found the beginning of the signature
-                                 * string, yay! We require the body to be a
-                                 * structure, so verify it and then strip the
-                                 * opening/closing brackets. */
-
-                                l = ((char*) m->footer + m->footer_accessible) - p - (1 + sz);
-                                if (l < 2 ||
-                                    p[1] != SD_BUS_TYPE_STRUCT_BEGIN ||
-                                    p[1 + l - 1] != SD_BUS_TYPE_STRUCT_END)
-                                        return -EBADMSG;
-
-                                c = strndup(p + 1 + 1, l - 2);
-                                if (!c)
-                                        return -ENOMEM;
-
-                                free(m->root_container.signature);
-                                m->root_container.signature = c;
-                                break;
-                        }
-
-                        p--;
-                }
-
-                /* Calculate the actual user body size, by removing
-                 * the trailing variant signature and struct offset
-                 * table */
-                m->user_body_size = m->body_size - ((char*) m->footer + m->footer_accessible - p);
-
-                /* Pull out the offset table for the fields array */
-                sz = bus_gvariant_determine_word_size(m->fields_size, 0);
-                if (sz > 0) {
-                        size_t framing;
-                        void *q;
-
-                        ri = m->fields_size - sz;
-                        r = message_peek_fields(m, &ri, 1, sz, &q);
-                        if (r < 0)
-                                return r;
-
-                        framing = bus_gvariant_read_word_le(q, sz);
-                        if (framing >= m->fields_size - sz)
-                                return -EBADMSG;
-                        if ((m->fields_size - framing) % sz != 0)
-                                return -EBADMSG;
-
-                        ri = framing;
-                        r = message_peek_fields(m, &ri, 1, m->fields_size - framing, &offsets);
-                        if (r < 0)
-                                return r;
-
-                        n_offsets = (m->fields_size - framing) / sz;
-                }
-        } else
-                m->user_body_size = m->body_size;
-
-        ri = 0;
-        while (ri < m->fields_size) {
-                _cleanup_free_ char *sig = NULL;
-                const char *signature;
-                uint64_t field_type;
-                size_t item_size = (size_t) -1;
-
-                if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                        uint64_t *u64;
-
-                        if (i >= n_offsets)
-                                break;
-
-                        if (i == 0)
-                                ri = 0;
-                        else
-                                ri = ALIGN_TO(bus_gvariant_read_word_le((uint8_t*) offsets + (i-1)*sz, sz), 8);
-
-                        r = message_peek_fields(m, &ri, 8, 8, (void**) &u64);
-                        if (r < 0)
-                                return r;
-
-                        field_type = BUS_MESSAGE_BSWAP64(m, *u64);
-                } else {
-                        uint8_t *u8;
-
-                        r = message_peek_fields(m, &ri, 8, 1, (void**) &u8);
-                        if (r < 0)
-                                return r;
-
-                        field_type = *u8;
-                }
-
-                if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                        size_t where, end;
-                        char *b;
-                        void *q;
-
-                        end = bus_gvariant_read_word_le((uint8_t*) offsets + i*sz, sz);
-
-                        if (end < ri)
-                                return -EBADMSG;
-
-                        where = ri = ALIGN_TO(ri, 8);
-                        item_size = end - ri;
-                        r = message_peek_fields(m, &where, 1, item_size, &q);
-                        if (r < 0)
-                                return r;
-
-                        b = memrchr(q, 0, item_size);
-                        if (!b)
-                                return -EBADMSG;
-
-                        sig = strndup(b+1, item_size - (b+1-(char*) q));
-                        if (!sig)
-                                return -ENOMEM;
-
-                        signature = sig;
-                        item_size = b - (char*) q;
-                } else {
-                        r = message_peek_field_signature(m, &ri, 0, &signature);
-                        if (r < 0)
-                                return r;
-                }
-
-                switch (field_type) {
-
-                case _BUS_MESSAGE_HEADER_INVALID:
-                        return -EBADMSG;
-
-                case BUS_MESSAGE_HEADER_PATH:
-
-                        if (m->path)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "o"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_string(m, object_path_is_valid, &ri, item_size, &m->path);
-                        break;
-
-                case BUS_MESSAGE_HEADER_INTERFACE:
-
-                        if (m->interface)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "s"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_string(m, interface_name_is_valid, &ri, item_size, &m->interface);
-                        break;
-
-                case BUS_MESSAGE_HEADER_MEMBER:
-
-                        if (m->member)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "s"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_string(m, member_name_is_valid, &ri, item_size, &m->member);
-                        break;
-
-                case BUS_MESSAGE_HEADER_ERROR_NAME:
-
-                        if (m->error.name)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "s"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_string(m, error_name_is_valid, &ri, item_size, &m->error.name);
-                        if (r >= 0)
-                                m->error._need_free = -1;
-
-                        break;
-
-                case BUS_MESSAGE_HEADER_DESTINATION:
-
-                        if (m->destination)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "s"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_string(m, service_name_is_valid, &ri, item_size, &m->destination);
-                        break;
-
-                case BUS_MESSAGE_HEADER_SENDER:
-
-                        if (m->sender)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "s"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_string(m, service_name_is_valid, &ri, item_size, &m->sender);
-
-                        if (r >= 0 && m->sender[0] == ':' && m->bus->bus_client && !m->bus->is_kernel) {
-                                m->creds.unique_name = (char*) m->sender;
-                                m->creds.mask |= SD_BUS_CREDS_UNIQUE_NAME & m->bus->creds_mask;
-                        }
-
-                        break;
-
-
-                case BUS_MESSAGE_HEADER_SIGNATURE: {
-                        const char *s;
-                        char *c;
-
-                        if (BUS_MESSAGE_IS_GVARIANT(m)) /* only applies to dbus1 */
-                                return -EBADMSG;
-
-                        if (m->root_container.signature)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "g"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_signature(m, &ri, item_size, &s);
-                        if (r < 0)
-                                return r;
-
-                        c = strdup(s);
-                        if (!c)
-                                return -ENOMEM;
-
-                        free(m->root_container.signature);
-                        m->root_container.signature = c;
-                        break;
-                }
-
-                case BUS_MESSAGE_HEADER_REPLY_SERIAL:
-
-                        if (m->reply_cookie != 0)
-                                return -EBADMSG;
-
-                        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                                /* 64bit on dbus2 */
-
-                                if (!streq(signature, "t"))
-                                        return -EBADMSG;
-
-                                r = message_peek_field_uint64(m, &ri, item_size, &m->reply_cookie);
-                                if (r < 0)
-                                        return r;
-                        } else {
-                                /* 32bit on dbus1 */
-                                uint32_t serial;
-
-                                if (!streq(signature, "u"))
-                                        return -EBADMSG;
-
-                                r = message_peek_field_uint32(m, &ri, item_size, &serial);
-                                if (r < 0)
-                                        return r;
-
-                                m->reply_cookie = serial;
-                        }
-
-                        if (m->reply_cookie == 0)
-                                return -EBADMSG;
-
-                        break;
-
-                case BUS_MESSAGE_HEADER_UNIX_FDS:
-                        if (unix_fds_set)
-                                return -EBADMSG;
-
-                        if (!streq(signature, "u"))
-                                return -EBADMSG;
-
-                        r = message_peek_field_uint32(m, &ri, item_size, &unix_fds);
-                        if (r < 0)
-                                return -EBADMSG;
-
-                        unix_fds_set = true;
-                        break;
-
-                default:
-                        if (!BUS_MESSAGE_IS_GVARIANT(m))
-                                r = message_skip_fields(m, &ri, (uint32_t) -1, (const char **) &signature);
-                }
-
-                if (r < 0)
-                        return r;
-
-                i++;
-        }
-
-        if (m->n_fds != unix_fds)
-                return -EBADMSG;
-
-        switch (m->header->type) {
-
-        case SD_BUS_MESSAGE_SIGNAL:
-                if (!m->path || !m->interface || !m->member)
-                        return -EBADMSG;
-
-                if (m->reply_cookie != 0)
-                        return -EBADMSG;
-
-                break;
-
-        case SD_BUS_MESSAGE_METHOD_CALL:
-
-                if (!m->path || !m->member)
-                        return -EBADMSG;
-
-                if (m->reply_cookie != 0)
-                        return -EBADMSG;
-
-                break;
-
-        case SD_BUS_MESSAGE_METHOD_RETURN:
-
-                if (m->reply_cookie == 0)
-                        return -EBADMSG;
-                break;
-
-        case SD_BUS_MESSAGE_METHOD_ERROR:
-
-                if (m->reply_cookie == 0 || !m->error.name)
-                        return -EBADMSG;
-                break;
-        }
-
-        /* Refuse non-local messages that claim they are local */
-        if (streq_ptr(m->path, "/org/freedesktop/DBus/Local"))
-                return -EBADMSG;
-        if (streq_ptr(m->interface, "org.freedesktop.DBus.Local"))
-                return -EBADMSG;
-        if (streq_ptr(m->sender, "org.freedesktop.DBus.Local"))
-                return -EBADMSG;
-
-        m->root_container.end = m->user_body_size;
-
-        if (BUS_MESSAGE_IS_GVARIANT(m)) {
-                r = build_struct_offsets(
-                                m,
-                                m->root_container.signature,
-                                m->user_body_size,
-                                &m->root_container.item_size,
-                                &m->root_container.offsets,
-                                &m->root_container.n_offsets);
-                if (r < 0)
-                        return r;
-        }
-
-        /* Try to read the error message, but if we can't it's a non-issue */
-        if (m->header->type == SD_BUS_MESSAGE_METHOD_ERROR)
-                (void) sd_bus_message_read(m, "s", &m->error.message);
-
-        return 0;
-}
-
-_public_ int sd_bus_message_set_destination(sd_bus_message *m, const char *destination) {
-        assert_return(m, -EINVAL);
-        assert_return(destination, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(!m->destination, -EEXIST);
-
-        return message_append_field_string(m, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, destination, &m->destination);
-}
-
-int bus_message_get_blob(sd_bus_message *m, void **buffer, size_t *sz) {
-        size_t total;
-        void *p, *e;
-        unsigned i;
-        struct bus_body_part *part;
-
-        assert(m);
-        assert(buffer);
-        assert(sz);
-
-        total = BUS_MESSAGE_SIZE(m);
-
-        p = malloc(total);
-        if (!p)
-                return -ENOMEM;
-
-        e = mempcpy(p, m->header, BUS_MESSAGE_BODY_BEGIN(m));
-        MESSAGE_FOREACH_PART(part, i, m)
-                e = mempcpy(e, part->data, part->size);
-
-        assert(total == (size_t) ((uint8_t*) e - (uint8_t*) p));
-
-        *buffer = p;
-        *sz = total;
-
-        return 0;
-}
-
-int bus_message_read_strv_extend(sd_bus_message *m, char ***l) {
-        const char *s;
-        int r;
-
-        assert(m);
-        assert(l);
-
-        r = sd_bus_message_enter_container(m, 'a', "s");
-        if (r <= 0)
-                return r;
-
-        while ((r = sd_bus_message_read_basic(m, 's', &s)) > 0) {
-                r = strv_extend(l, s);
-                if (r < 0)
-                        return r;
-        }
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_exit_container(m);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-_public_ int sd_bus_message_read_strv(sd_bus_message *m, char ***l) {
-        char **strv = NULL;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(l, -EINVAL);
-
-        r = bus_message_read_strv_extend(m, &strv);
-        if (r <= 0) {
-                strv_free(strv);
-                return r;
-        }
-
-        *l = strv;
-        return 1;
-}
-
-static int bus_message_get_arg_skip(
-                sd_bus_message *m,
-                unsigned i,
-                char *_type,
-                const char **_contents) {
-
-        unsigned j;
-        int r;
-
-        r = sd_bus_message_rewind(m, true);
-        if (r < 0)
-                return r;
-
-        for (j = 0;; j++) {
-                const char *contents;
-                char type;
-
-                r = sd_bus_message_peek_type(m, &type, &contents);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return -ENXIO;
-
-                /* Don't match against arguments after the first one we don't understand */
-                if (!IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE) &&
-                    !(type == SD_BUS_TYPE_ARRAY && STR_IN_SET(contents, "s", "o", "g")))
-                        return -ENXIO;
-
-                if (j >= i) {
-                        if (_contents)
-                                *_contents = contents;
-                        if (_type)
-                                *_type = type;
-                        return 0;
-                }
-
-                r = sd_bus_message_skip(m, NULL);
-                if (r < 0)
-                        return r;
-        }
-
-}
-
-int bus_message_get_arg(sd_bus_message *m, unsigned i, const char **str) {
-        char type;
-        int r;
-
-        assert(m);
-        assert(str);
-
-        r = bus_message_get_arg_skip(m, i, &type, NULL);
-        if (r < 0)
-                return r;
-
-        if (!IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE))
-                return -ENXIO;
-
-        return sd_bus_message_read_basic(m, type, str);
-}
-
-int bus_message_get_arg_strv(sd_bus_message *m, unsigned i, char ***strv) {
-        const char *contents;
-        char type;
-        int r;
-
-        assert(m);
-        assert(strv);
-
-        r = bus_message_get_arg_skip(m, i, &type, &contents);
-        if (r < 0)
-                return r;
-
-        if (type != SD_BUS_TYPE_ARRAY)
-                return -ENXIO;
-        if (!STR_IN_SET(contents, "s", "o", "g"))
-                return -ENXIO;
-
-        return sd_bus_message_read_strv(m, strv);
-}
-
-_public_ int sd_bus_message_get_errno(sd_bus_message *m) {
-        assert_return(m, EINVAL);
-
-        if (m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
-                return 0;
-
-        return sd_bus_error_get_errno(&m->error);
-}
-
-_public_ const char* sd_bus_message_get_signature(sd_bus_message *m, int complete) {
-        struct bus_container *c;
-
-        assert_return(m, NULL);
-
-        c = complete ? &m->root_container : message_get_container(m);
-        return strempty(c->signature);
-}
-
-_public_ int sd_bus_message_is_empty(sd_bus_message *m) {
-        assert_return(m, -EINVAL);
-
-        return isempty(m->root_container.signature);
-}
-
-_public_ int sd_bus_message_has_signature(sd_bus_message *m, const char *signature) {
-        assert_return(m, -EINVAL);
-
-        return streq(strempty(m->root_container.signature), strempty(signature));
-}
-
-_public_ int sd_bus_message_copy(sd_bus_message *m, sd_bus_message *source, int all) {
-        bool done_something = false;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(source, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(source->sealed, -EPERM);
-
-        do {
-                const char *contents;
-                char type;
-                union {
-                        uint8_t u8;
-                        uint16_t u16;
-                        int16_t s16;
-                        uint32_t u32;
-                        int32_t s32;
-                        uint64_t u64;
-                        int64_t s64;
-                        double d64;
-                        const char *string;
-                        int i;
-                } basic;
-
-                r = sd_bus_message_peek_type(source, &type, &contents);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                done_something = true;
-
-                if (bus_type_is_container(type) > 0) {
-
-                        r = sd_bus_message_enter_container(source, type, contents);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_open_container(m, type, contents);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_copy(m, source, true);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_close_container(m);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_exit_container(source);
-                        if (r < 0)
-                                return r;
-
-                        continue;
-                }
-
-                r = sd_bus_message_read_basic(source, type, &basic);
-                if (r < 0)
-                        return r;
-
-                assert(r > 0);
-
-                if (type == SD_BUS_TYPE_OBJECT_PATH ||
-                    type == SD_BUS_TYPE_SIGNATURE ||
-                    type == SD_BUS_TYPE_STRING)
-                        r = sd_bus_message_append_basic(m, type, basic.string);
-                else
-                        r = sd_bus_message_append_basic(m, type, &basic);
-
-                if (r < 0)
-                        return r;
-
-        } while (all);
-
-        return done_something;
-}
-
-_public_ int sd_bus_message_verify_type(sd_bus_message *m, char type, const char *contents) {
-        const char *c;
-        char t;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(!type || bus_type_is_valid(type), -EINVAL);
-        assert_return(!contents || signature_is_valid(contents, true), -EINVAL);
-        assert_return(type || contents, -EINVAL);
-        assert_return(!contents || !type || bus_type_is_container(type), -EINVAL);
-
-        r = sd_bus_message_peek_type(m, &t, &c);
-        if (r <= 0)
-                return r;
-
-        if (type != 0 && type != t)
-                return 0;
-
-        if (contents && !streq_ptr(contents, c))
-                return 0;
-
-        return 1;
-}
-
-_public_ sd_bus *sd_bus_message_get_bus(sd_bus_message *m) {
-        assert_return(m, NULL);
-
-        return m->bus;
-}
-
-int bus_message_remarshal(sd_bus *bus, sd_bus_message **m) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *n = NULL;
-        usec_t timeout;
-        int r;
-
-        assert(bus);
-        assert(m);
-        assert(*m);
-
-        switch ((*m)->header->type) {
-
-        case SD_BUS_MESSAGE_SIGNAL:
-                r = sd_bus_message_new_signal(bus, &n, (*m)->path, (*m)->interface, (*m)->member);
-                if (r < 0)
-                        return r;
-
-                break;
-
-        case SD_BUS_MESSAGE_METHOD_CALL:
-                r = sd_bus_message_new_method_call(bus, &n, (*m)->destination, (*m)->path, (*m)->interface, (*m)->member);
-                if (r < 0)
-                        return r;
-
-                break;
-
-        case SD_BUS_MESSAGE_METHOD_RETURN:
-        case SD_BUS_MESSAGE_METHOD_ERROR:
-
-                n = message_new(bus, (*m)->header->type);
-                if (!n)
-                        return -ENOMEM;
-
-                n->reply_cookie = (*m)->reply_cookie;
-
-                r = message_append_reply_cookie(n, n->reply_cookie);
-                if (r < 0)
-                        return r;
-
-                if ((*m)->header->type == SD_BUS_MESSAGE_METHOD_ERROR && (*m)->error.name) {
-                        r = message_append_field_string(n, BUS_MESSAGE_HEADER_ERROR_NAME, SD_BUS_TYPE_STRING, (*m)->error.name, &n->error.message);
-                        if (r < 0)
-                                return r;
-
-                        n->error._need_free = -1;
-                }
-
-                break;
-
-        default:
-                return -EINVAL;
-        }
-
-        if ((*m)->destination && !n->destination) {
-                r = message_append_field_string(n, BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, (*m)->destination, &n->destination);
-                if (r < 0)
-                        return r;
-        }
-
-        if ((*m)->sender && !n->sender) {
-                r = message_append_field_string(n, BUS_MESSAGE_HEADER_SENDER, SD_BUS_TYPE_STRING, (*m)->sender, &n->sender);
-                if (r < 0)
-                        return r;
-        }
-
-        n->header->flags |= (*m)->header->flags & (BUS_MESSAGE_NO_REPLY_EXPECTED|BUS_MESSAGE_NO_AUTO_START);
-
-        r = sd_bus_message_copy(n, *m, true);
-        if (r < 0)
-                return r;
-
-        timeout = (*m)->timeout;
-        if (timeout == 0 && !((*m)->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED))
-                timeout = BUS_DEFAULT_TIMEOUT;
-
-        r = bus_message_seal(n, BUS_MESSAGE_COOKIE(*m), timeout);
-        if (r < 0)
-                return r;
-
-        sd_bus_message_unref(*m);
-        *m = n;
-        n = NULL;
-
-        return 0;
-}
-
-int bus_message_append_sender(sd_bus_message *m, const char *sender) {
-        assert(m);
-        assert(sender);
-
-        assert_return(!m->sealed, -EPERM);
-        assert_return(!m->sender, -EPERM);
-
-        return message_append_field_string(m, BUS_MESSAGE_HEADER_SENDER, SD_BUS_TYPE_STRING, sender, &m->sender);
-}
-
-_public_ int sd_bus_message_get_priority(sd_bus_message *m, int64_t *priority) {
-        assert_return(m, -EINVAL);
-        assert_return(priority, -EINVAL);
-
-        *priority = m->priority;
-        return 0;
-}
-
-_public_ int sd_bus_message_set_priority(sd_bus_message *m, int64_t priority) {
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        m->priority = priority;
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h
deleted file mode 100644
index 4710c106b9..0000000000
--- a/src/libsystemd/sd-bus/bus-message.h
+++ /dev/null
@@ -1,244 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <byteswap.h>
-#include <stdbool.h>
-#include <sys/socket.h>
-
-#include "sd-bus.h"
-
-#include "bus-creds.h"
-#include "bus-protocol.h"
-#include "macro.h"
-#include "time-util.h"
-
-struct bus_container {
-        char enclosing;
-        bool need_offsets:1;
-
-        /* Indexes into the signature  string */
-        unsigned index, saved_index;
-        char *signature;
-
-        size_t before, begin, end;
-
-        /* dbus1: pointer to the array size value, if this is a value */
-        uint32_t *array_size;
-
-        /* gvariant: list of offsets to end of children if this is struct/dict entry/array */
-        size_t *offsets, n_offsets, offsets_allocated, offset_index;
-        size_t item_size;
-
-        char *peeked_signature;
-};
-
-struct bus_body_part {
-        struct bus_body_part *next;
-        void *data;
-        void *mmap_begin;
-        size_t size;
-        size_t mapped;
-        size_t allocated;
-        uint64_t memfd_offset;
-        int memfd;
-        bool free_this:1;
-        bool munmap_this:1;
-        bool sealed:1;
-        bool is_zero:1;
-};
-
-struct sd_bus_message {
-        unsigned n_ref;
-
-        sd_bus *bus;
-
-        uint64_t reply_cookie;
-
-        const char *path;
-        const char *interface;
-        const char *member;
-        const char *destination;
-        const char *sender;
-
-        sd_bus_error error;
-
-        sd_bus_creds creds;
-
-        usec_t monotonic;
-        usec_t realtime;
-        uint64_t seqnum;
-        int64_t priority;
-        uint64_t verify_destination_id;
-
-        bool sealed:1;
-        bool dont_send:1;
-        bool allow_fds:1;
-        bool free_header:1;
-        bool free_kdbus:1;
-        bool free_fds:1;
-        bool release_kdbus:1;
-        bool poisoned:1;
-
-        /* The first and last bytes of the message */
-        struct bus_header *header;
-        void *footer;
-
-        /* How many bytes are accessible in the above pointers */
-        size_t header_accessible;
-        size_t footer_accessible;
-
-        size_t fields_size;
-        size_t body_size;
-        size_t user_body_size;
-
-        struct bus_body_part body;
-        struct bus_body_part *body_end;
-        unsigned n_body_parts;
-
-        size_t rindex;
-        struct bus_body_part *cached_rindex_part;
-        size_t cached_rindex_part_begin;
-
-        uint32_t n_fds;
-        int *fds;
-
-        struct bus_container root_container, *containers;
-        size_t n_containers;
-        size_t containers_allocated;
-
-        struct iovec *iovec;
-        struct iovec iovec_fixed[2];
-        unsigned n_iovec;
-
-        struct kdbus_msg *kdbus;
-
-        char *peeked_signature;
-
-        /* If set replies to this message must carry the signature
-         * specified here to successfully seal. This is initialized
-         * from the vtable data */
-        const char *enforced_reply_signature;
-
-        usec_t timeout;
-
-        char sender_buffer[3 + DECIMAL_STR_MAX(uint64_t) + 1];
-        char destination_buffer[3 + DECIMAL_STR_MAX(uint64_t) + 1];
-        char *destination_ptr;
-
-        size_t header_offsets[_BUS_MESSAGE_HEADER_MAX];
-        unsigned n_header_offsets;
-};
-
-static inline bool BUS_MESSAGE_NEED_BSWAP(sd_bus_message *m) {
-        return m->header->endian != BUS_NATIVE_ENDIAN;
-}
-
-static inline uint16_t BUS_MESSAGE_BSWAP16(sd_bus_message *m, uint16_t u) {
-        return BUS_MESSAGE_NEED_BSWAP(m) ? bswap_16(u) : u;
-}
-
-static inline uint32_t BUS_MESSAGE_BSWAP32(sd_bus_message *m, uint32_t u) {
-        return BUS_MESSAGE_NEED_BSWAP(m) ? bswap_32(u) : u;
-}
-
-static inline uint64_t BUS_MESSAGE_BSWAP64(sd_bus_message *m, uint64_t u) {
-        return BUS_MESSAGE_NEED_BSWAP(m) ? bswap_64(u) : u;
-}
-
-static inline uint64_t BUS_MESSAGE_COOKIE(sd_bus_message *m) {
-        if (m->header->version == 2)
-                return BUS_MESSAGE_BSWAP64(m, m->header->dbus2.cookie);
-
-        return BUS_MESSAGE_BSWAP32(m, m->header->dbus1.serial);
-}
-
-static inline size_t BUS_MESSAGE_SIZE(sd_bus_message *m) {
-        return
-                sizeof(struct bus_header) +
-                ALIGN8(m->fields_size) +
-                m->body_size;
-}
-
-static inline size_t BUS_MESSAGE_BODY_BEGIN(sd_bus_message *m) {
-        return
-                sizeof(struct bus_header) +
-                ALIGN8(m->fields_size);
-}
-
-static inline void* BUS_MESSAGE_FIELDS(sd_bus_message *m) {
-        return (uint8_t*) m->header + sizeof(struct bus_header);
-}
-
-static inline bool BUS_MESSAGE_IS_GVARIANT(sd_bus_message *m) {
-        return m->header->version == 2;
-}
-
-int bus_message_seal(sd_bus_message *m, uint64_t serial, usec_t timeout);
-int bus_message_get_blob(sd_bus_message *m, void **buffer, size_t *sz);
-int bus_message_read_strv_extend(sd_bus_message *m, char ***l);
-
-int bus_message_from_header(
-                sd_bus *bus,
-                void *header,
-                size_t header_accessible,
-                void *footer,
-                size_t footer_accessible,
-                size_t message_size,
-                int *fds,
-                unsigned n_fds,
-                const char *label,
-                size_t extra,
-                sd_bus_message **ret);
-
-int bus_message_from_malloc(
-                sd_bus *bus,
-                void *buffer,
-                size_t length,
-                int *fds,
-                unsigned n_fds,
-                const char *label,
-                sd_bus_message **ret);
-
-int bus_message_get_arg(sd_bus_message *m, unsigned i, const char **str);
-int bus_message_get_arg_strv(sd_bus_message *m, unsigned i, char ***strv);
-
-int bus_message_append_ap(sd_bus_message *m, const char *types, va_list ap);
-
-int bus_message_parse_fields(sd_bus_message *m);
-
-struct bus_body_part *message_append_part(sd_bus_message *m);
-
-#define MESSAGE_FOREACH_PART(part, i, m) \
-        for ((i) = 0, (part) = &(m)->body; (i) < (m)->n_body_parts; (i)++, (part) = (part)->next)
-
-int bus_body_part_map(struct bus_body_part *part);
-void bus_body_part_unmap(struct bus_body_part *part);
-
-int bus_message_to_errno(sd_bus_message *m);
-
-int bus_message_new_synthetic_error(sd_bus *bus, uint64_t serial, const sd_bus_error *e, sd_bus_message **m);
-
-int bus_message_remarshal(sd_bus *bus, sd_bus_message **m);
-
-int bus_message_append_sender(sd_bus_message *m, const char *sender);
-
-void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m);
-void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m);
diff --git a/src/libsystemd/sd-bus/bus-slot.c b/src/libsystemd/sd-bus/bus-slot.c
deleted file mode 100644
index 8e9074c7df..0000000000
--- a/src/libsystemd/sd-bus/bus-slot.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-control.h"
-#include "bus-objects.h"
-#include "bus-slot.h"
-#include "string-util.h"
-
-sd_bus_slot *bus_slot_allocate(
-                sd_bus *bus,
-                bool floating,
-                BusSlotType type,
-                size_t extra,
-                void *userdata) {
-
-        sd_bus_slot *slot;
-
-        assert(bus);
-
-        slot = malloc0(offsetof(sd_bus_slot, reply_callback) + extra);
-        if (!slot)
-                return NULL;
-
-        slot->n_ref = 1;
-        slot->type = type;
-        slot->bus = bus;
-        slot->floating = floating;
-        slot->userdata = userdata;
-
-        if (!floating)
-                sd_bus_ref(bus);
-
-        LIST_PREPEND(slots, bus->slots, slot);
-
-        return slot;
-}
-
-_public_ sd_bus_slot* sd_bus_slot_ref(sd_bus_slot *slot) {
-
-        if (!slot)
-                return NULL;
-
-        assert(slot->n_ref > 0);
-
-        slot->n_ref++;
-        return slot;
-}
-
-void bus_slot_disconnect(sd_bus_slot *slot) {
-        sd_bus *bus;
-
-        assert(slot);
-
-        if (!slot->bus)
-                return;
-
-        switch (slot->type) {
-
-        case BUS_REPLY_CALLBACK:
-
-                if (slot->reply_callback.cookie != 0)
-                        ordered_hashmap_remove(slot->bus->reply_callbacks, &slot->reply_callback.cookie);
-
-                if (slot->reply_callback.timeout != 0)
-                        prioq_remove(slot->bus->reply_callbacks_prioq, &slot->reply_callback, &slot->reply_callback.prioq_idx);
-
-                break;
-
-        case BUS_FILTER_CALLBACK:
-                slot->bus->filter_callbacks_modified = true;
-                LIST_REMOVE(callbacks, slot->bus->filter_callbacks, &slot->filter_callback);
-                break;
-
-        case BUS_MATCH_CALLBACK:
-
-                if (slot->match_added)
-                        bus_remove_match_internal(slot->bus, slot->match_callback.match_string, slot->match_callback.cookie);
-
-                slot->bus->match_callbacks_modified = true;
-                bus_match_remove(&slot->bus->match_callbacks, &slot->match_callback);
-
-                free(slot->match_callback.match_string);
-
-                break;
-
-        case BUS_NODE_CALLBACK:
-
-                if (slot->node_callback.node) {
-                        LIST_REMOVE(callbacks, slot->node_callback.node->callbacks, &slot->node_callback);
-                        slot->bus->nodes_modified = true;
-
-                        bus_node_gc(slot->bus, slot->node_callback.node);
-                }
-
-                break;
-
-        case BUS_NODE_ENUMERATOR:
-
-                if (slot->node_enumerator.node) {
-                        LIST_REMOVE(enumerators, slot->node_enumerator.node->enumerators, &slot->node_enumerator);
-                        slot->bus->nodes_modified = true;
-
-                        bus_node_gc(slot->bus, slot->node_enumerator.node);
-                }
-
-                break;
-
-        case BUS_NODE_OBJECT_MANAGER:
-
-                if (slot->node_object_manager.node) {
-                        LIST_REMOVE(object_managers, slot->node_object_manager.node->object_managers, &slot->node_object_manager);
-                        slot->bus->nodes_modified = true;
-
-                        bus_node_gc(slot->bus, slot->node_object_manager.node);
-                }
-
-                break;
-
-        case BUS_NODE_VTABLE:
-
-                if (slot->node_vtable.node && slot->node_vtable.interface && slot->node_vtable.vtable) {
-                        const sd_bus_vtable *v;
-
-                        for (v = slot->node_vtable.vtable; v->type != _SD_BUS_VTABLE_END; v++) {
-                                struct vtable_member *x = NULL;
-
-                                switch (v->type) {
-
-                                case _SD_BUS_VTABLE_METHOD: {
-                                        struct vtable_member key;
-
-                                        key.path = slot->node_vtable.node->path;
-                                        key.interface = slot->node_vtable.interface;
-                                        key.member = v->x.method.member;
-
-                                        x = hashmap_remove(slot->bus->vtable_methods, &key);
-                                        break;
-                                }
-
-                                case _SD_BUS_VTABLE_PROPERTY:
-                                case _SD_BUS_VTABLE_WRITABLE_PROPERTY: {
-                                        struct vtable_member key;
-
-                                        key.path = slot->node_vtable.node->path;
-                                        key.interface = slot->node_vtable.interface;
-                                        key.member = v->x.method.member;
-
-
-                                        x = hashmap_remove(slot->bus->vtable_properties, &key);
-                                        break;
-                                }}
-
-                                free(x);
-                        }
-                }
-
-                free(slot->node_vtable.interface);
-
-                if (slot->node_vtable.node) {
-                        LIST_REMOVE(vtables, slot->node_vtable.node->vtables, &slot->node_vtable);
-                        slot->bus->nodes_modified = true;
-
-                        bus_node_gc(slot->bus, slot->node_vtable.node);
-                }
-
-                break;
-
-        default:
-                assert_not_reached("Wut? Unknown slot type?");
-        }
-
-        bus = slot->bus;
-
-        slot->type = _BUS_SLOT_INVALID;
-        slot->bus = NULL;
-        LIST_REMOVE(slots, bus->slots, slot);
-
-        if (!slot->floating)
-                sd_bus_unref(bus);
-}
-
-_public_ sd_bus_slot* sd_bus_slot_unref(sd_bus_slot *slot) {
-
-        if (!slot)
-                return NULL;
-
-        assert(slot->n_ref > 0);
-
-        if (slot->n_ref > 1) {
-                slot->n_ref--;
-                return NULL;
-        }
-
-        bus_slot_disconnect(slot);
-        free(slot->description);
-        free(slot);
-
-        return NULL;
-}
-
-_public_ sd_bus* sd_bus_slot_get_bus(sd_bus_slot *slot) {
-        assert_return(slot, NULL);
-
-        return slot->bus;
-}
-
-_public_ void *sd_bus_slot_get_userdata(sd_bus_slot *slot) {
-        assert_return(slot, NULL);
-
-        return slot->userdata;
-}
-
-_public_ void *sd_bus_slot_set_userdata(sd_bus_slot *slot, void *userdata) {
-        void *ret;
-
-        assert_return(slot, NULL);
-
-        ret = slot->userdata;
-        slot->userdata = userdata;
-
-        return ret;
-}
-
-_public_ sd_bus_message *sd_bus_slot_get_current_message(sd_bus_slot *slot) {
-        assert_return(slot, NULL);
-        assert_return(slot->type >= 0, NULL);
-
-        if (slot->bus->current_slot != slot)
-                return NULL;
-
-        return slot->bus->current_message;
-}
-
-_public_ sd_bus_message_handler_t sd_bus_slot_get_current_handler(sd_bus_slot *slot) {
-        assert_return(slot, NULL);
-        assert_return(slot->type >= 0, NULL);
-
-        if (slot->bus->current_slot != slot)
-                return NULL;
-
-        return slot->bus->current_handler;
-}
-
-_public_ void* sd_bus_slot_get_current_userdata(sd_bus_slot *slot) {
-        assert_return(slot, NULL);
-        assert_return(slot->type >= 0, NULL);
-
-        if (slot->bus->current_slot != slot)
-                return NULL;
-
-        return slot->bus->current_userdata;
-}
-
-_public_ int sd_bus_slot_set_description(sd_bus_slot *slot, const char *description) {
-        assert_return(slot, -EINVAL);
-
-        return free_and_strdup(&slot->description, description);
-}
-
-_public_ int sd_bus_slot_get_description(sd_bus_slot *slot, const char **description) {
-        assert_return(slot, -EINVAL);
-        assert_return(description, -EINVAL);
-        assert_return(slot->description, -ENXIO);
-
-        *description = slot->description;
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/bus-slot.h b/src/libsystemd/sd-bus/bus-slot.h
deleted file mode 100644
index 3b8b94dc6b..0000000000
--- a/src/libsystemd/sd-bus/bus-slot.h
+++ /dev/null
@@ -1,28 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "bus-internal.h"
-
-sd_bus_slot *bus_slot_allocate(sd_bus *bus, bool floating, BusSlotType type, size_t extra, void *userdata);
-
-void bus_slot_disconnect(sd_bus_slot *slot);
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
deleted file mode 100644
index f1e2a06050..0000000000
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ /dev/null
@@ -1,1064 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <endian.h>
-#include <poll.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "bus-internal.h"
-#include "bus-message.h"
-#include "bus-socket.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "hexdecoct.h"
-#include "macro.h"
-#include "missing.h"
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "user-util.h"
-#include "utf8.h"
-#include "util.h"
-
-#define SNDBUF_SIZE (8*1024*1024)
-
-static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
-
-        while (size > 0) {
-                struct iovec *i = iov + *idx;
-
-                if (i->iov_len > size) {
-                        i->iov_base = (uint8_t*) i->iov_base + size;
-                        i->iov_len -= size;
-                        return;
-                }
-
-                size -= i->iov_len;
-
-                i->iov_base = NULL;
-                i->iov_len = 0;
-
-                (*idx)++;
-        }
-}
-
-static int append_iovec(sd_bus_message *m, const void *p, size_t sz) {
-        assert(m);
-        assert(p);
-        assert(sz > 0);
-
-        m->iovec[m->n_iovec].iov_base = (void*) p;
-        m->iovec[m->n_iovec].iov_len = sz;
-        m->n_iovec++;
-
-        return 0;
-}
-
-static int bus_message_setup_iovec(sd_bus_message *m) {
-        struct bus_body_part *part;
-        unsigned n, i;
-        int r;
-
-        assert(m);
-        assert(m->sealed);
-
-        if (m->n_iovec > 0)
-                return 0;
-
-        assert(!m->iovec);
-
-        n = 1 + m->n_body_parts;
-        if (n < ELEMENTSOF(m->iovec_fixed))
-                m->iovec = m->iovec_fixed;
-        else {
-                m->iovec = new(struct iovec, n);
-                if (!m->iovec) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        r = append_iovec(m, m->header, BUS_MESSAGE_BODY_BEGIN(m));
-        if (r < 0)
-                goto fail;
-
-        MESSAGE_FOREACH_PART(part, i, m)  {
-                r = bus_body_part_map(part);
-                if (r < 0)
-                        goto fail;
-
-                r = append_iovec(m, part->data, part->size);
-                if (r < 0)
-                        goto fail;
-        }
-
-        assert(n == m->n_iovec);
-
-        return 0;
-
-fail:
-        m->poisoned = true;
-        return r;
-}
-
-bool bus_socket_auth_needs_write(sd_bus *b) {
-
-        unsigned i;
-
-        if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
-                return false;
-
-        for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
-                struct iovec *j = b->auth_iovec + i;
-
-                if (j->iov_len > 0)
-                        return true;
-        }
-
-        return false;
-}
-
-static int bus_socket_write_auth(sd_bus *b) {
-        ssize_t k;
-
-        assert(b);
-        assert(b->state == BUS_AUTHENTICATING);
-
-        if (!bus_socket_auth_needs_write(b))
-                return 0;
-
-        if (b->prefer_writev)
-                k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
-        else {
-                struct msghdr mh;
-                zero(mh);
-
-                mh.msg_iov = b->auth_iovec + b->auth_index;
-                mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
-
-                k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
-                if (k < 0 && errno == ENOTSOCK) {
-                        b->prefer_writev = true;
-                        k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
-                }
-        }
-
-        if (k < 0)
-                return errno == EAGAIN ? 0 : -errno;
-
-        iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
-        return 1;
-}
-
-static int bus_socket_auth_verify_client(sd_bus *b) {
-        char *e, *f, *start;
-        sd_id128_t peer;
-        unsigned i;
-        int r;
-
-        assert(b);
-
-        /* We expect two response lines: "OK" and possibly
-         * "AGREE_UNIX_FD" */
-
-        e = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2);
-        if (!e)
-                return 0;
-
-        if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
-                f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
-                if (!f)
-                        return 0;
-
-                start = f + 2;
-        } else {
-                f = NULL;
-                start = e + 2;
-        }
-
-        /* Nice! We got all the lines we need. First check the OK
-         * line */
-
-        if (e - (char*) b->rbuffer != 3 + 32)
-                return -EPERM;
-
-        if (memcmp(b->rbuffer, "OK ", 3))
-                return -EPERM;
-
-        b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
-
-        for (i = 0; i < 32; i += 2) {
-                int x, y;
-
-                x = unhexchar(((char*) b->rbuffer)[3 + i]);
-                y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
-
-                if (x < 0 || y < 0)
-                        return -EINVAL;
-
-                peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
-        }
-
-        if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
-            !sd_id128_equal(b->server_id, peer))
-                return -EPERM;
-
-        b->server_id = peer;
-
-        /* And possibly check the second line, too */
-
-        if (f)
-                b->can_fds =
-                        (f - e == strlen("\r\nAGREE_UNIX_FD")) &&
-                        memcmp(e + 2, "AGREE_UNIX_FD", strlen("AGREE_UNIX_FD")) == 0;
-
-        b->rbuffer_size -= (start - (char*) b->rbuffer);
-        memmove(b->rbuffer, start, b->rbuffer_size);
-
-        r = bus_start_running(b);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static bool line_equals(const char *s, size_t m, const char *line) {
-        size_t l;
-
-        l = strlen(line);
-        if (l != m)
-                return false;
-
-        return memcmp(s, line, l) == 0;
-}
-
-static bool line_begins(const char *s, size_t m, const char *word) {
-        size_t l;
-
-        l = strlen(word);
-        if (m < l)
-                return false;
-
-        if (memcmp(s, word, l) != 0)
-                return false;
-
-        return m == l || (m > l && s[l] == ' ');
-}
-
-static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
-        _cleanup_free_ char *token = NULL;
-        size_t len;
-        int r;
-
-        if (!b->anonymous_auth)
-                return 0;
-
-        if (l <= 0)
-                return 1;
-
-        assert(p[0] == ' ');
-        p++; l--;
-
-        if (l % 2 != 0)
-                return 0;
-
-        r = unhexmem(p, l, (void **) &token, &len);
-        if (r < 0)
-                return 0;
-
-        if (memchr(token, 0, len))
-                return 0;
-
-        return !!utf8_is_valid(token);
-}
-
-static int verify_external_token(sd_bus *b, const char *p, size_t l) {
-        _cleanup_free_ char *token = NULL;
-        size_t len;
-        uid_t u;
-        int r;
-
-        /* We don't do any real authentication here. Instead, we if
-         * the owner of this bus wanted authentication he should have
-         * checked SO_PEERCRED before even creating the bus object. */
-
-        if (!b->anonymous_auth && !b->ucred_valid)
-                return 0;
-
-        if (l <= 0)
-                return 1;
-
-        assert(p[0] == ' ');
-        p++; l--;
-
-        if (l % 2 != 0)
-                return 0;
-
-        r = unhexmem(p, l, (void**) &token, &len);
-        if (r < 0)
-                return 0;
-
-        if (memchr(token, 0, len))
-                return 0;
-
-        r = parse_uid(token, &u);
-        if (r < 0)
-                return 0;
-
-        /* We ignore the passed value if anonymous authentication is
-         * on anyway. */
-        if (!b->anonymous_auth && u != b->ucred.uid)
-                return 0;
-
-        return 1;
-}
-
-static int bus_socket_auth_write(sd_bus *b, const char *t) {
-        char *p;
-        size_t l;
-
-        assert(b);
-        assert(t);
-
-        /* We only make use of the first iovec */
-        assert(b->auth_index == 0 || b->auth_index == 1);
-
-        l = strlen(t);
-        p = malloc(b->auth_iovec[0].iov_len + l);
-        if (!p)
-                return -ENOMEM;
-
-        memcpy_safe(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
-        memcpy(p + b->auth_iovec[0].iov_len, t, l);
-
-        b->auth_iovec[0].iov_base = p;
-        b->auth_iovec[0].iov_len += l;
-
-        free(b->auth_buffer);
-        b->auth_buffer = p;
-        b->auth_index = 0;
-        return 0;
-}
-
-static int bus_socket_auth_write_ok(sd_bus *b) {
-        char t[3 + 32 + 2 + 1];
-
-        assert(b);
-
-        xsprintf(t, "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
-
-        return bus_socket_auth_write(b, t);
-}
-
-static int bus_socket_auth_verify_server(sd_bus *b) {
-        char *e;
-        const char *line;
-        size_t l;
-        bool processed = false;
-        int r;
-
-        assert(b);
-
-        if (b->rbuffer_size < 1)
-                return 0;
-
-        /* First char must be a NUL byte */
-        if (*(char*) b->rbuffer != 0)
-                return -EIO;
-
-        if (b->rbuffer_size < 3)
-                return 0;
-
-        /* Begin with the first line */
-        if (b->auth_rbegin <= 0)
-                b->auth_rbegin = 1;
-
-        for (;;) {
-                /* Check if line is complete */
-                line = (char*) b->rbuffer + b->auth_rbegin;
-                e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
-                if (!e)
-                        return processed;
-
-                l = e - line;
-
-                if (line_begins(line, l, "AUTH ANONYMOUS")) {
-
-                        r = verify_anonymous_token(b, line + 14, l - 14);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                r = bus_socket_auth_write(b, "REJECTED\r\n");
-                        else {
-                                b->auth = BUS_AUTH_ANONYMOUS;
-                                r = bus_socket_auth_write_ok(b);
-                        }
-
-                } else if (line_begins(line, l, "AUTH EXTERNAL")) {
-
-                        r = verify_external_token(b, line + 13, l - 13);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                r = bus_socket_auth_write(b, "REJECTED\r\n");
-                        else {
-                                b->auth = BUS_AUTH_EXTERNAL;
-                                r = bus_socket_auth_write_ok(b);
-                        }
-
-                } else if (line_begins(line, l, "AUTH"))
-                        r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
-                else if (line_equals(line, l, "CANCEL") ||
-                         line_begins(line, l, "ERROR")) {
-
-                        b->auth = _BUS_AUTH_INVALID;
-                        r = bus_socket_auth_write(b, "REJECTED\r\n");
-
-                } else if (line_equals(line, l, "BEGIN")) {
-
-                        if (b->auth == _BUS_AUTH_INVALID)
-                                r = bus_socket_auth_write(b, "ERROR\r\n");
-                        else {
-                                /* We can't leave from the auth phase
-                                 * before we haven't written
-                                 * everything queued, so let's check
-                                 * that */
-
-                                if (bus_socket_auth_needs_write(b))
-                                        return 1;
-
-                                b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
-                                memmove(b->rbuffer, e + 2, b->rbuffer_size);
-                                return bus_start_running(b);
-                        }
-
-                } else if (line_begins(line, l, "DATA")) {
-
-                        if (b->auth == _BUS_AUTH_INVALID)
-                                r = bus_socket_auth_write(b, "ERROR\r\n");
-                        else {
-                                if (b->auth == BUS_AUTH_ANONYMOUS)
-                                        r = verify_anonymous_token(b, line + 4, l - 4);
-                                else
-                                        r = verify_external_token(b, line + 4, l - 4);
-
-                                if (r < 0)
-                                        return r;
-                                if (r == 0) {
-                                        b->auth = _BUS_AUTH_INVALID;
-                                        r = bus_socket_auth_write(b, "REJECTED\r\n");
-                                } else
-                                        r = bus_socket_auth_write_ok(b);
-                        }
-                } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
-                        if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
-                                r = bus_socket_auth_write(b, "ERROR\r\n");
-                        else {
-                                b->can_fds = true;
-                                r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
-                        }
-                } else
-                        r = bus_socket_auth_write(b, "ERROR\r\n");
-
-                if (r < 0)
-                        return r;
-
-                b->auth_rbegin = e + 2 - (char*) b->rbuffer;
-
-                processed = true;
-        }
-}
-
-static int bus_socket_auth_verify(sd_bus *b) {
-        assert(b);
-
-        if (b->is_server)
-                return bus_socket_auth_verify_server(b);
-        else
-                return bus_socket_auth_verify_client(b);
-}
-
-static int bus_socket_read_auth(sd_bus *b) {
-        struct msghdr mh;
-        struct iovec iov = {};
-        size_t n;
-        ssize_t k;
-        int r;
-        void *p;
-        union {
-                struct cmsghdr cmsghdr;
-                uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
-        } control;
-        bool handle_cmsg = false;
-
-        assert(b);
-        assert(b->state == BUS_AUTHENTICATING);
-
-        r = bus_socket_auth_verify(b);
-        if (r != 0)
-                return r;
-
-        n = MAX(256u, b->rbuffer_size * 2);
-
-        if (n > BUS_AUTH_SIZE_MAX)
-                n = BUS_AUTH_SIZE_MAX;
-
-        if (b->rbuffer_size >= n)
-                return -ENOBUFS;
-
-        p = realloc(b->rbuffer, n);
-        if (!p)
-                return -ENOMEM;
-
-        b->rbuffer = p;
-
-        iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
-        iov.iov_len = n - b->rbuffer_size;
-
-        if (b->prefer_readv)
-                k = readv(b->input_fd, &iov, 1);
-        else {
-                zero(mh);
-                mh.msg_iov = &iov;
-                mh.msg_iovlen = 1;
-                mh.msg_control = &control;
-                mh.msg_controllen = sizeof(control);
-
-                k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
-                if (k < 0 && errno == ENOTSOCK) {
-                        b->prefer_readv = true;
-                        k = readv(b->input_fd, &iov, 1);
-                } else
-                        handle_cmsg = true;
-        }
-        if (k < 0)
-                return errno == EAGAIN ? 0 : -errno;
-        if (k == 0)
-                return -ECONNRESET;
-
-        b->rbuffer_size += k;
-
-        if (handle_cmsg) {
-                struct cmsghdr *cmsg;
-
-                CMSG_FOREACH(cmsg, &mh)
-                        if (cmsg->cmsg_level == SOL_SOCKET &&
-                            cmsg->cmsg_type == SCM_RIGHTS) {
-                                int j;
-
-                                /* Whut? We received fds during the auth
-                                 * protocol? Somebody is playing games with
-                                 * us. Close them all, and fail */
-                                j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
-                                close_many((int*) CMSG_DATA(cmsg), j);
-                                return -EIO;
-                        } else
-                                log_debug("Got unexpected auxiliary data with level=%d and type=%d",
-                                          cmsg->cmsg_level, cmsg->cmsg_type);
-        }
-
-        r = bus_socket_auth_verify(b);
-        if (r != 0)
-                return r;
-
-        return 1;
-}
-
-void bus_socket_setup(sd_bus *b) {
-        assert(b);
-
-        /* Increase the buffers to 8 MB */
-        fd_inc_rcvbuf(b->input_fd, SNDBUF_SIZE);
-        fd_inc_sndbuf(b->output_fd, SNDBUF_SIZE);
-
-        b->is_kernel = false;
-        b->message_version = 1;
-        b->message_endian = 0;
-}
-
-static void bus_get_peercred(sd_bus *b) {
-        int r;
-
-        assert(b);
-
-        /* Get the peer for socketpair() sockets */
-        b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
-
-        /* Get the SELinux context of the peer */
-        if (mac_selinux_have()) {
-                r = getpeersec(b->input_fd, &b->label);
-                if (r < 0 && r != -EOPNOTSUPP)
-                        log_debug_errno(r, "Failed to determine peer security context: %m");
-        }
-}
-
-static int bus_socket_start_auth_client(sd_bus *b) {
-        size_t l;
-        const char *auth_suffix, *auth_prefix;
-
-        assert(b);
-
-        if (b->anonymous_auth) {
-                auth_prefix = "\0AUTH ANONYMOUS ";
-
-                /* For ANONYMOUS auth we send some arbitrary "trace" string */
-                l = 9;
-                b->auth_buffer = hexmem("anonymous", l);
-        } else {
-                char text[DECIMAL_STR_MAX(uid_t) + 1];
-
-                auth_prefix = "\0AUTH EXTERNAL ";
-
-                xsprintf(text, UID_FMT, geteuid());
-
-                l = strlen(text);
-                b->auth_buffer = hexmem(text, l);
-        }
-
-        if (!b->auth_buffer)
-                return -ENOMEM;
-
-        if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
-                auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
-        else
-                auth_suffix = "\r\nBEGIN\r\n";
-
-        b->auth_iovec[0].iov_base = (void*) auth_prefix;
-        b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
-        b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
-        b->auth_iovec[1].iov_len = l * 2;
-        b->auth_iovec[2].iov_base = (void*) auth_suffix;
-        b->auth_iovec[2].iov_len = strlen(auth_suffix);
-
-        return bus_socket_write_auth(b);
-}
-
-int bus_socket_start_auth(sd_bus *b) {
-        assert(b);
-
-        bus_get_peercred(b);
-
-        b->state = BUS_AUTHENTICATING;
-        b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
-
-        if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
-                b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
-
-        if (b->output_fd != b->input_fd)
-                if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
-                        b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
-
-        if (b->is_server)
-                return bus_socket_read_auth(b);
-        else
-                return bus_socket_start_auth_client(b);
-}
-
-int bus_socket_connect(sd_bus *b) {
-        int r;
-
-        assert(b);
-        assert(b->input_fd < 0);
-        assert(b->output_fd < 0);
-        assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
-
-        b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-        if (b->input_fd < 0)
-                return -errno;
-
-        b->output_fd = b->input_fd;
-
-        bus_socket_setup(b);
-
-        r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
-        if (r < 0) {
-                if (errno == EINPROGRESS)
-                        return 1;
-
-                return -errno;
-        }
-
-        return bus_socket_start_auth(b);
-}
-
-int bus_socket_exec(sd_bus *b) {
-        int s[2], r;
-        pid_t pid;
-
-        assert(b);
-        assert(b->input_fd < 0);
-        assert(b->output_fd < 0);
-        assert(b->exec_path);
-
-        r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
-        if (r < 0)
-                return -errno;
-
-        pid = fork();
-        if (pid < 0) {
-                safe_close_pair(s);
-                return -errno;
-        }
-        if (pid == 0) {
-                /* Child */
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-
-                close_all_fds(s+1, 1);
-
-                assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
-                assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
-
-                if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
-                        safe_close(s[1]);
-
-                fd_cloexec(STDIN_FILENO, false);
-                fd_cloexec(STDOUT_FILENO, false);
-                fd_nonblock(STDIN_FILENO, false);
-                fd_nonblock(STDOUT_FILENO, false);
-
-                if (b->exec_argv)
-                        execvp(b->exec_path, b->exec_argv);
-                else {
-                        const char *argv[] = { b->exec_path, NULL };
-                        execvp(b->exec_path, (char**) argv);
-                }
-
-                _exit(EXIT_FAILURE);
-        }
-
-        safe_close(s[1]);
-        b->output_fd = b->input_fd = s[0];
-
-        bus_socket_setup(b);
-
-        return bus_socket_start_auth(b);
-}
-
-int bus_socket_take_fd(sd_bus *b) {
-        assert(b);
-
-        bus_socket_setup(b);
-
-        return bus_socket_start_auth(b);
-}
-
-int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
-        struct iovec *iov;
-        ssize_t k;
-        size_t n;
-        unsigned j;
-        int r;
-
-        assert(bus);
-        assert(m);
-        assert(idx);
-        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
-
-        if (*idx >= BUS_MESSAGE_SIZE(m))
-                return 0;
-
-        r = bus_message_setup_iovec(m);
-        if (r < 0)
-                return r;
-
-        n = m->n_iovec * sizeof(struct iovec);
-        iov = alloca(n);
-        memcpy_safe(iov, m->iovec, n);
-
-        j = 0;
-        iovec_advance(iov, &j, *idx);
-
-        if (bus->prefer_writev)
-                k = writev(bus->output_fd, iov, m->n_iovec);
-        else {
-                struct msghdr mh = {
-                        .msg_iov = iov,
-                        .msg_iovlen = m->n_iovec,
-                };
-
-                if (m->n_fds > 0) {
-                        struct cmsghdr *control;
-
-                        mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
-                        mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
-                        control->cmsg_level = SOL_SOCKET;
-                        control->cmsg_type = SCM_RIGHTS;
-                        memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
-                }
-
-                k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
-                if (k < 0 && errno == ENOTSOCK) {
-                        bus->prefer_writev = true;
-                        k = writev(bus->output_fd, iov, m->n_iovec);
-                }
-        }
-
-        if (k < 0)
-                return errno == EAGAIN ? 0 : -errno;
-
-        *idx += (size_t) k;
-        return 1;
-}
-
-static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
-        uint32_t a, b;
-        uint8_t e;
-        uint64_t sum;
-
-        assert(bus);
-        assert(need);
-        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
-
-        if (bus->rbuffer_size < sizeof(struct bus_header)) {
-                *need = sizeof(struct bus_header) + 8;
-
-                /* Minimum message size:
-                 *
-                 * Header +
-                 *
-                 *  Method Call: +2 string headers
-                 *       Signal: +3 string headers
-                 * Method Error: +1 string headers
-                 *               +1 uint32 headers
-                 * Method Reply: +1 uint32 headers
-                 *
-                 * A string header is at least 9 bytes
-                 * A uint32 header is at least 8 bytes
-                 *
-                 * Hence the minimum message size of a valid message
-                 * is header + 8 bytes */
-
-                return 0;
-        }
-
-        a = ((const uint32_t*) bus->rbuffer)[1];
-        b = ((const uint32_t*) bus->rbuffer)[3];
-
-        e = ((const uint8_t*) bus->rbuffer)[0];
-        if (e == BUS_LITTLE_ENDIAN) {
-                a = le32toh(a);
-                b = le32toh(b);
-        } else if (e == BUS_BIG_ENDIAN) {
-                a = be32toh(a);
-                b = be32toh(b);
-        } else
-                return -EBADMSG;
-
-        sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
-        if (sum >= BUS_MESSAGE_SIZE_MAX)
-                return -ENOBUFS;
-
-        *need = (size_t) sum;
-        return 0;
-}
-
-static int bus_socket_make_message(sd_bus *bus, size_t size) {
-        sd_bus_message *t;
-        void *b;
-        int r;
-
-        assert(bus);
-        assert(bus->rbuffer_size >= size);
-        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
-
-        r = bus_rqueue_make_room(bus);
-        if (r < 0)
-                return r;
-
-        if (bus->rbuffer_size > size) {
-                b = memdup((const uint8_t*) bus->rbuffer + size,
-                           bus->rbuffer_size - size);
-                if (!b)
-                        return -ENOMEM;
-        } else
-                b = NULL;
-
-        r = bus_message_from_malloc(bus,
-                                    bus->rbuffer, size,
-                                    bus->fds, bus->n_fds,
-                                    NULL,
-                                    &t);
-        if (r < 0) {
-                free(b);
-                return r;
-        }
-
-        bus->rbuffer = b;
-        bus->rbuffer_size -= size;
-
-        bus->fds = NULL;
-        bus->n_fds = 0;
-
-        bus->rqueue[bus->rqueue_size++] = t;
-
-        return 1;
-}
-
-int bus_socket_read_message(sd_bus *bus) {
-        struct msghdr mh;
-        struct iovec iov = {};
-        ssize_t k;
-        size_t need;
-        int r;
-        void *b;
-        union {
-                struct cmsghdr cmsghdr;
-                uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
-        } control;
-        bool handle_cmsg = false;
-
-        assert(bus);
-        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
-
-        r = bus_socket_read_message_need(bus, &need);
-        if (r < 0)
-                return r;
-
-        if (bus->rbuffer_size >= need)
-                return bus_socket_make_message(bus, need);
-
-        b = realloc(bus->rbuffer, need);
-        if (!b)
-                return -ENOMEM;
-
-        bus->rbuffer = b;
-
-        iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
-        iov.iov_len = need - bus->rbuffer_size;
-
-        if (bus->prefer_readv)
-                k = readv(bus->input_fd, &iov, 1);
-        else {
-                zero(mh);
-                mh.msg_iov = &iov;
-                mh.msg_iovlen = 1;
-                mh.msg_control = &control;
-                mh.msg_controllen = sizeof(control);
-
-                k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
-                if (k < 0 && errno == ENOTSOCK) {
-                        bus->prefer_readv = true;
-                        k = readv(bus->input_fd, &iov, 1);
-                } else
-                        handle_cmsg = true;
-        }
-        if (k < 0)
-                return errno == EAGAIN ? 0 : -errno;
-        if (k == 0)
-                return -ECONNRESET;
-
-        bus->rbuffer_size += k;
-
-        if (handle_cmsg) {
-                struct cmsghdr *cmsg;
-
-                CMSG_FOREACH(cmsg, &mh)
-                        if (cmsg->cmsg_level == SOL_SOCKET &&
-                            cmsg->cmsg_type == SCM_RIGHTS) {
-                                int n, *f;
-
-                                n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
-
-                                if (!bus->can_fds) {
-                                        /* Whut? We received fds but this
-                                         * isn't actually enabled? Close them,
-                                         * and fail */
-
-                                        close_many((int*) CMSG_DATA(cmsg), n);
-                                        return -EIO;
-                                }
-
-                                f = realloc(bus->fds, sizeof(int) * (bus->n_fds + n));
-                                if (!f) {
-                                        close_many((int*) CMSG_DATA(cmsg), n);
-                                        return -ENOMEM;
-                                }
-
-                                memcpy_safe(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
-                                bus->fds = f;
-                                bus->n_fds += n;
-                        } else
-                                log_debug("Got unexpected auxiliary data with level=%d and type=%d",
-                                          cmsg->cmsg_level, cmsg->cmsg_type);
-        }
-
-        r = bus_socket_read_message_need(bus, &need);
-        if (r < 0)
-                return r;
-
-        if (bus->rbuffer_size >= need)
-                return bus_socket_make_message(bus, need);
-
-        return 1;
-}
-
-int bus_socket_process_opening(sd_bus *b) {
-        int error = 0;
-        socklen_t slen = sizeof(error);
-        struct pollfd p = {
-                .fd = b->output_fd,
-                .events = POLLOUT,
-        };
-        int r;
-
-        assert(b->state == BUS_OPENING);
-
-        r = poll(&p, 1, 0);
-        if (r < 0)
-                return -errno;
-
-        if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
-                return 0;
-
-        r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
-        if (r < 0)
-                b->last_connect_error = errno;
-        else if (error != 0)
-                b->last_connect_error = error;
-        else if (p.revents & (POLLERR|POLLHUP))
-                b->last_connect_error = ECONNREFUSED;
-        else
-                return bus_socket_start_auth(b);
-
-        return bus_next_address(b);
-}
-
-int bus_socket_process_authenticating(sd_bus *b) {
-        int r;
-
-        assert(b);
-        assert(b->state == BUS_AUTHENTICATING);
-
-        if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
-                return -ETIMEDOUT;
-
-        r = bus_socket_write_auth(b);
-        if (r != 0)
-                return r;
-
-        return bus_socket_read_auth(b);
-}
diff --git a/src/libsystemd/sd-bus/bus-socket.h b/src/libsystemd/sd-bus/bus-socket.h
deleted file mode 100644
index 684feead74..0000000000
--- a/src/libsystemd/sd-bus/bus-socket.h
+++ /dev/null
@@ -1,37 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-void bus_socket_setup(sd_bus *b);
-
-int bus_socket_connect(sd_bus *b);
-int bus_socket_exec(sd_bus *b);
-int bus_socket_take_fd(sd_bus *b);
-int bus_socket_start_auth(sd_bus *b);
-
-int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx);
-int bus_socket_read_message(sd_bus *bus);
-
-int bus_socket_process_opening(sd_bus *b);
-int bus_socket_process_authenticating(sd_bus *b);
-
-bool bus_socket_auth_needs_write(sd_bus *b);
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
deleted file mode 100644
index 1f436fe560..0000000000
--- a/src/libsystemd/sd-bus/bus-track.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-internal.h"
-#include "bus-track.h"
-#include "bus-util.h"
-
-struct sd_bus_track {
-        unsigned n_ref;
-        sd_bus *bus;
-        sd_bus_track_handler_t handler;
-        void *userdata;
-        Hashmap *names;
-        LIST_FIELDS(sd_bus_track, queue);
-        Iterator iterator;
-        bool in_queue;
-        bool modified;
-};
-
-#define MATCH_PREFIX                                        \
-        "type='signal',"                                    \
-        "sender='org.freedesktop.DBus',"                    \
-        "path='/org/freedesktop/DBus',"                     \
-        "interface='org.freedesktop.DBus',"                 \
-        "member='NameOwnerChanged',"                        \
-        "arg0='"
-
-#define MATCH_SUFFIX \
-        "'"
-
-#define MATCH_FOR_NAME(name)                                            \
-        ({                                                              \
-                char *_x;                                               \
-                size_t _l = strlen(name);                               \
-                _x = alloca(strlen(MATCH_PREFIX)+_l+strlen(MATCH_SUFFIX)+1); \
-                strcpy(stpcpy(stpcpy(_x, MATCH_PREFIX), name), MATCH_SUFFIX); \
-                _x;                                                     \
-        })
-
-static void bus_track_add_to_queue(sd_bus_track *track) {
-        assert(track);
-
-        if (track->in_queue)
-                return;
-
-        if (!track->handler)
-                return;
-
-        LIST_PREPEND(queue, track->bus->track_queue, track);
-        track->in_queue = true;
-}
-
-static void bus_track_remove_from_queue(sd_bus_track *track) {
-        assert(track);
-
-        if (!track->in_queue)
-                return;
-
-        LIST_REMOVE(queue, track->bus->track_queue, track);
-        track->in_queue = false;
-}
-
-_public_ int sd_bus_track_new(
-                sd_bus *bus,
-                sd_bus_track **track,
-                sd_bus_track_handler_t handler,
-                void *userdata) {
-
-        sd_bus_track *t;
-
-        assert_return(bus, -EINVAL);
-        assert_return(track, -EINVAL);
-
-        if (!bus->bus_client)
-                return -EINVAL;
-
-        t = new0(sd_bus_track, 1);
-        if (!t)
-                return -ENOMEM;
-
-        t->n_ref = 1;
-        t->handler = handler;
-        t->userdata = userdata;
-        t->bus = sd_bus_ref(bus);
-
-        bus_track_add_to_queue(t);
-
-        *track = t;
-        return 0;
-}
-
-_public_ sd_bus_track* sd_bus_track_ref(sd_bus_track *track) {
-
-        if (!track)
-                return NULL;
-
-        assert(track->n_ref > 0);
-
-        track->n_ref++;
-
-        return track;
-}
-
-_public_ sd_bus_track* sd_bus_track_unref(sd_bus_track *track) {
-        const char *n;
-
-        if (!track)
-                return NULL;
-
-        assert(track->n_ref > 0);
-
-        if (track->n_ref > 1) {
-                track->n_ref--;
-                return NULL;
-        }
-
-        while ((n = hashmap_first_key(track->names)))
-                sd_bus_track_remove_name(track, n);
-
-        bus_track_remove_from_queue(track);
-        hashmap_free(track->names);
-        sd_bus_unref(track->bus);
-        free(track);
-
-        return NULL;
-}
-
-static int on_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        sd_bus_track *track = userdata;
-        const char *name, *old, *new;
-        int r;
-
-        assert(message);
-        assert(track);
-
-        r = sd_bus_message_read(message, "sss", &name, &old, &new);
-        if (r < 0)
-                return 0;
-
-        sd_bus_track_remove_name(track, name);
-        return 0;
-}
-
-_public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
-        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
-        _cleanup_free_ char *n = NULL;
-        const char *match;
-        int r;
-
-        assert_return(track, -EINVAL);
-        assert_return(service_name_is_valid(name), -EINVAL);
-
-        r = hashmap_ensure_allocated(&track->names, &string_hash_ops);
-        if (r < 0)
-                return r;
-
-        n = strdup(name);
-        if (!n)
-                return -ENOMEM;
-
-        /* First, subscribe to this name */
-        match = MATCH_FOR_NAME(n);
-        r = sd_bus_add_match(track->bus, &slot, match, on_name_owner_changed, track);
-        if (r < 0)
-                return r;
-
-        r = hashmap_put(track->names, n, slot);
-        if (r == -EEXIST)
-                return 0;
-        if (r < 0)
-                return r;
-
-        /* Second, check if it is currently existing, or maybe
-         * doesn't, or maybe disappeared already. */
-        r = sd_bus_get_name_creds(track->bus, n, 0, NULL);
-        if (r < 0) {
-                hashmap_remove(track->names, n);
-                return r;
-        }
-
-        n = NULL;
-        slot = NULL;
-
-        bus_track_remove_from_queue(track);
-        track->modified = true;
-
-        return 1;
-}
-
-_public_ int sd_bus_track_remove_name(sd_bus_track *track, const char *name) {
-        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
-        _cleanup_free_ char *n = NULL;
-
-        assert_return(name, -EINVAL);
-
-        if (!track)
-                return 0;
-
-        slot = hashmap_remove2(track->names, (char*) name, (void**) &n);
-        if (!slot)
-                return 0;
-
-        if (hashmap_isempty(track->names))
-                bus_track_add_to_queue(track);
-
-        track->modified = true;
-
-        return 1;
-}
-
-_public_ unsigned sd_bus_track_count(sd_bus_track *track) {
-        if (!track)
-                return 0;
-
-        return hashmap_size(track->names);
-}
-
-_public_ const char* sd_bus_track_contains(sd_bus_track *track, const char *name) {
-        assert_return(track, NULL);
-        assert_return(name, NULL);
-
-        return hashmap_get(track->names, (void*) name) ? name : NULL;
-}
-
-_public_ const char* sd_bus_track_first(sd_bus_track *track) {
-        const char *n = NULL;
-
-        if (!track)
-                return NULL;
-
-        track->modified = false;
-        track->iterator = ITERATOR_FIRST;
-
-        hashmap_iterate(track->names, &track->iterator, NULL, (const void**) &n);
-        return n;
-}
-
-_public_ const char* sd_bus_track_next(sd_bus_track *track) {
-        const char *n = NULL;
-
-        if (!track)
-                return NULL;
-
-        if (track->modified)
-                return NULL;
-
-        hashmap_iterate(track->names, &track->iterator, NULL, (const void**) &n);
-        return n;
-}
-
-_public_ int sd_bus_track_add_sender(sd_bus_track *track, sd_bus_message *m) {
-        const char *sender;
-
-        assert_return(track, -EINVAL);
-        assert_return(m, -EINVAL);
-
-        sender = sd_bus_message_get_sender(m);
-        if (!sender)
-                return -EINVAL;
-
-        return sd_bus_track_add_name(track, sender);
-}
-
-_public_ int sd_bus_track_remove_sender(sd_bus_track *track, sd_bus_message *m) {
-        const char *sender;
-
-        assert_return(track, -EINVAL);
-        assert_return(m, -EINVAL);
-
-        sender = sd_bus_message_get_sender(m);
-        if (!sender)
-                return -EINVAL;
-
-        return sd_bus_track_remove_name(track, sender);
-}
-
-_public_ sd_bus* sd_bus_track_get_bus(sd_bus_track *track) {
-        assert_return(track, NULL);
-
-        return track->bus;
-}
-
-void bus_track_dispatch(sd_bus_track *track) {
-        int r;
-
-        assert(track);
-        assert(track->in_queue);
-        assert(track->handler);
-
-        bus_track_remove_from_queue(track);
-
-        sd_bus_track_ref(track);
-
-        r = track->handler(track, track->userdata);
-        if (r < 0)
-                log_debug_errno(r, "Failed to process track handler: %m");
-        else if (r == 0)
-                bus_track_add_to_queue(track);
-
-        sd_bus_track_unref(track);
-}
-
-_public_ void *sd_bus_track_get_userdata(sd_bus_track *track) {
-        assert_return(track, NULL);
-
-        return track->userdata;
-}
-
-_public_ void *sd_bus_track_set_userdata(sd_bus_track *track, void *userdata) {
-        void *ret;
-
-        assert_return(track, NULL);
-
-        ret = track->userdata;
-        track->userdata = userdata;
-
-        return ret;
-}
diff --git a/src/libsystemd/sd-bus/bus-type.h b/src/libsystemd/sd-bus/bus-type.h
deleted file mode 100644
index 5c87eb5f08..0000000000
--- a/src/libsystemd/sd-bus/bus-type.h
+++ /dev/null
@@ -1,37 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-bus.h"
-
-#include "macro.h"
-
-bool bus_type_is_valid(char c) _const_;
-bool bus_type_is_valid_in_signature(char c) _const_;
-bool bus_type_is_basic(char c) _const_;
-/* "trivial" is systemd's term for what the D-Bus Specification calls
- * a "fixed type": that is, a basic type of fixed length */
-bool bus_type_is_trivial(char c) _const_;
-bool bus_type_is_container(char c) _const_;
-
-int bus_type_get_alignment(char c) _const_;
-int bus_type_get_size(char c) _const_;
diff --git a/src/libsystemd/sd-bus/busctl-introspect.c b/src/libsystemd/sd-bus/busctl-introspect.c
deleted file mode 100644
index b09509f8e1..0000000000
--- a/src/libsystemd/sd-bus/busctl-introspect.c
+++ /dev/null
@@ -1,790 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "busctl-introspect.h"
-#include "string-util.h"
-#include "util.h"
-#include "xml.h"
-
-#define NODE_DEPTH_MAX 16
-
-typedef struct Context {
-        const XMLIntrospectOps *ops;
-        void *userdata;
-
-        char *interface_name;
-        uint64_t interface_flags;
-
-        char *member_name;
-        char *member_signature;
-        char *member_result;
-        uint64_t member_flags;
-        bool member_writable;
-
-        const char *current;
-        void *xml_state;
-} Context;
-
-static void context_reset_member(Context *c) {
-        free(c->member_name);
-        free(c->member_signature);
-        free(c->member_result);
-
-        c->member_name = c->member_signature = c->member_result = NULL;
-        c->member_flags = 0;
-        c->member_writable = false;
-}
-
-static void context_reset_interface(Context *c) {
-        c->interface_name = mfree(c->interface_name);
-        c->interface_flags = 0;
-
-        context_reset_member(c);
-}
-
-static int parse_xml_annotation(Context *context, uint64_t *flags) {
-
-        enum {
-                STATE_ANNOTATION,
-                STATE_NAME,
-                STATE_VALUE
-        } state = STATE_ANNOTATION;
-
-        _cleanup_free_ char *field = NULL, *value = NULL;
-
-        assert(context);
-
-        for (;;) {
-                _cleanup_free_ char *name = NULL;
-
-                int t;
-
-                t = xml_tokenize(&context->current, &name, &context->xml_state, NULL);
-                if (t < 0) {
-                        log_error("XML parse error.");
-                        return t;
-                }
-
-                if (t == XML_END) {
-                        log_error("Premature end of XML data.");
-                        return -EBADMSG;
-                }
-
-                switch (state) {
-
-                case STATE_ANNOTATION:
-
-                        if (t == XML_ATTRIBUTE_NAME) {
-
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_NAME;
-
-                                else if (streq_ptr(name, "value"))
-                                        state = STATE_VALUE;
-
-                                else {
-                                        log_error("Unexpected <annotation> attribute %s.", name);
-                                        return -EBADMSG;
-                                }
-
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "annotation"))) {
-
-                                if (flags) {
-                                        if (streq_ptr(field, "org.freedesktop.DBus.Deprecated")) {
-
-                                                if (streq_ptr(value, "true"))
-                                                        *flags |= SD_BUS_VTABLE_DEPRECATED;
-
-                                        } else if (streq_ptr(field, "org.freedesktop.DBus.Method.NoReply")) {
-
-                                                if (streq_ptr(value, "true"))
-                                                        *flags |= SD_BUS_VTABLE_METHOD_NO_REPLY;
-
-                                        } else if (streq_ptr(field, "org.freedesktop.DBus.Property.EmitsChangedSignal")) {
-
-                                                if (streq_ptr(value, "const"))
-                                                        *flags = (*flags & ~(SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION|SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE)) | SD_BUS_VTABLE_PROPERTY_CONST;
-                                                else if (streq_ptr(value, "invalidates"))
-                                                        *flags = (*flags & ~(SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_CONST)) | SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION;
-                                                else if (streq_ptr(value, "false"))
-                                                        *flags = *flags & ~(SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION);
-                                        }
-                                }
-
-                                return 0;
-
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in <annotation>. (1)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-                                free(field);
-                                field = name;
-                                name = NULL;
-
-                                state = STATE_ANNOTATION;
-                        } else {
-                                log_error("Unexpected token in <annotation>. (2)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_VALUE:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-                                free(value);
-                                value = name;
-                                name = NULL;
-
-                                state = STATE_ANNOTATION;
-                        } else {
-                                log_error("Unexpected token in <annotation>. (3)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                default:
-                        assert_not_reached("Bad state");
-                }
-        }
-}
-
-static int parse_xml_node(Context *context, const char *prefix, unsigned n_depth) {
-
-        enum {
-                STATE_NODE,
-                STATE_NODE_NAME,
-                STATE_INTERFACE,
-                STATE_INTERFACE_NAME,
-                STATE_METHOD,
-                STATE_METHOD_NAME,
-                STATE_METHOD_ARG,
-                STATE_METHOD_ARG_NAME,
-                STATE_METHOD_ARG_TYPE,
-                STATE_METHOD_ARG_DIRECTION,
-                STATE_SIGNAL,
-                STATE_SIGNAL_NAME,
-                STATE_SIGNAL_ARG,
-                STATE_SIGNAL_ARG_NAME,
-                STATE_SIGNAL_ARG_TYPE,
-                STATE_PROPERTY,
-                STATE_PROPERTY_NAME,
-                STATE_PROPERTY_TYPE,
-                STATE_PROPERTY_ACCESS,
-        } state = STATE_NODE;
-
-        _cleanup_free_ char *node_path = NULL, *argument_type = NULL, *argument_direction = NULL;
-        const char *np = prefix;
-        int r;
-
-        assert(context);
-        assert(prefix);
-
-        if (n_depth > NODE_DEPTH_MAX) {
-                log_error("<node> depth too high.");
-                return -EINVAL;
-        }
-
-        for (;;) {
-                _cleanup_free_ char *name = NULL;
-                int t;
-
-                t = xml_tokenize(&context->current, &name, &context->xml_state, NULL);
-                if (t < 0) {
-                        log_error("XML parse error.");
-                        return t;
-                }
-
-                if (t == XML_END) {
-                        log_error("Premature end of XML data.");
-                        return -EBADMSG;
-                }
-
-                switch (state) {
-
-                case STATE_NODE:
-                        if (t == XML_ATTRIBUTE_NAME) {
-
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_NODE_NAME;
-                                else {
-                                        log_error("Unexpected <node> attribute %s.", name);
-                                        return -EBADMSG;
-                                }
-
-                        } else if (t == XML_TAG_OPEN) {
-
-                                if (streq_ptr(name, "interface"))
-                                        state = STATE_INTERFACE;
-                                else if (streq_ptr(name, "node")) {
-
-                                        r = parse_xml_node(context, np, n_depth+1);
-                                        if (r < 0)
-                                                return r;
-                                } else {
-                                        log_error("Unexpected <node> tag %s.", name);
-                                        return -EBADMSG;
-                                }
-
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "node"))) {
-
-                                if (context->ops->on_path) {
-                                        r = context->ops->on_path(node_path ? node_path : np, context->userdata);
-                                        if (r < 0)
-                                                return r;
-                                }
-
-                                return 0;
-
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in <node>. (1)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_NODE_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-
-                                free(node_path);
-
-                                if (name[0] == '/') {
-                                        node_path = name;
-                                        name = NULL;
-                                } else {
-
-                                        if (endswith(prefix, "/"))
-                                                node_path = strappend(prefix, name);
-                                        else
-                                                node_path = strjoin(prefix, "/", name, NULL);
-                                        if (!node_path)
-                                                return log_oom();
-                                }
-
-                                np = node_path;
-                                state = STATE_NODE;
-                        } else {
-                                log_error("Unexpected token in <node>. (2)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_INTERFACE:
-
-                        if (t == XML_ATTRIBUTE_NAME) {
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_INTERFACE_NAME;
-                                else {
-                                        log_error("Unexpected <interface> attribute %s.", name);
-                                        return -EBADMSG;
-                                }
-
-                        } else if (t == XML_TAG_OPEN) {
-                                if (streq_ptr(name, "method"))
-                                        state = STATE_METHOD;
-                                else if (streq_ptr(name, "signal"))
-                                        state = STATE_SIGNAL;
-                                else if (streq_ptr(name, "property")) {
-                                        context->member_flags |= SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE;
-                                        state = STATE_PROPERTY;
-                                } else if (streq_ptr(name, "annotation")) {
-                                        r = parse_xml_annotation(context, &context->interface_flags);
-                                        if (r < 0)
-                                                return r;
-                                } else {
-                                        log_error("Unexpected <interface> tag %s.", name);
-                                        return -EINVAL;
-                                }
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "interface"))) {
-
-                                if (n_depth == 0) {
-                                        if (context->ops->on_interface) {
-                                                r = context->ops->on_interface(context->interface_name, context->interface_flags, context->userdata);
-                                                if (r < 0)
-                                                        return r;
-                                        }
-
-                                        context_reset_interface(context);
-                                }
-
-                                state = STATE_NODE;
-
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in <interface>. (1)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_INTERFACE_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-                                if (n_depth == 0) {
-                                        free(context->interface_name);
-                                        context->interface_name = name;
-                                        name = NULL;
-                                }
-
-                                state = STATE_INTERFACE;
-                        } else {
-                                log_error("Unexpected token in <interface>. (2)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_METHOD:
-
-                        if (t == XML_ATTRIBUTE_NAME) {
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_METHOD_NAME;
-                                else {
-                                        log_error("Unexpected <method> attribute %s", name);
-                                        return -EBADMSG;
-                                }
-                        } else if (t == XML_TAG_OPEN) {
-                                if (streq_ptr(name, "arg"))
-                                        state = STATE_METHOD_ARG;
-                                else if (streq_ptr(name, "annotation")) {
-                                        r = parse_xml_annotation(context, &context->member_flags);
-                                        if (r < 0)
-                                                return r;
-                                } else {
-                                        log_error("Unexpected <method> tag %s.", name);
-                                        return -EINVAL;
-                                }
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "method"))) {
-
-                                if (n_depth == 0) {
-                                        if (context->ops->on_method) {
-                                                r = context->ops->on_method(context->interface_name, context->member_name, context->member_signature, context->member_result, context->member_flags, context->userdata);
-                                                if (r < 0)
-                                                        return r;
-                                        }
-
-                                        context_reset_member(context);
-                                }
-
-                                state = STATE_INTERFACE;
-
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in <method> (1).");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_METHOD_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-
-                                if (n_depth == 0) {
-                                        free(context->member_name);
-                                        context->member_name = name;
-                                        name = NULL;
-                                }
-
-                                state = STATE_METHOD;
-                        } else {
-                                log_error("Unexpected token in <method> (2).");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_METHOD_ARG:
-
-                        if (t == XML_ATTRIBUTE_NAME) {
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_METHOD_ARG_NAME;
-                                else if (streq_ptr(name, "type"))
-                                        state = STATE_METHOD_ARG_TYPE;
-                                else if (streq_ptr(name, "direction"))
-                                         state = STATE_METHOD_ARG_DIRECTION;
-                                else {
-                                        log_error("Unexpected method <arg> attribute %s.", name);
-                                        return -EBADMSG;
-                                }
-                        } else if (t == XML_TAG_OPEN) {
-                                if (streq_ptr(name, "annotation")) {
-                                        r = parse_xml_annotation(context, NULL);
-                                        if (r < 0)
-                                                return r;
-                                } else {
-                                        log_error("Unexpected method <arg> tag %s.", name);
-                                        return -EINVAL;
-                                }
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "arg"))) {
-
-                                if (n_depth == 0) {
-
-                                        if (argument_type) {
-                                                if (!argument_direction || streq(argument_direction, "in")) {
-                                                        if (!strextend(&context->member_signature, argument_type, NULL))
-                                                                return log_oom();
-                                                } else if (streq(argument_direction, "out")) {
-                                                        if (!strextend(&context->member_result, argument_type, NULL))
-                                                                return log_oom();
-                                                }
-                                        }
-
-                                        argument_type = mfree(argument_type);
-                                        argument_direction = mfree(argument_direction);
-                                }
-
-                                state = STATE_METHOD;
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in method <arg>. (1)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_METHOD_ARG_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE)
-                                state = STATE_METHOD_ARG;
-                        else {
-                                log_error("Unexpected token in method <arg>. (2)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_METHOD_ARG_TYPE:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-                                free(argument_type);
-                                argument_type = name;
-                                name = NULL;
-
-                                state = STATE_METHOD_ARG;
-                        } else {
-                                log_error("Unexpected token in method <arg>. (3)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_METHOD_ARG_DIRECTION:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-                                free(argument_direction);
-                                argument_direction = name;
-                                name = NULL;
-
-                                state = STATE_METHOD_ARG;
-                        } else {
-                                log_error("Unexpected token in method <arg>. (4)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_SIGNAL:
-
-                        if (t == XML_ATTRIBUTE_NAME) {
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_SIGNAL_NAME;
-                                else {
-                                        log_error("Unexpected <signal> attribute %s.", name);
-                                        return -EBADMSG;
-                                }
-                        } else if (t == XML_TAG_OPEN) {
-                                if (streq_ptr(name, "arg"))
-                                        state = STATE_SIGNAL_ARG;
-                                else if (streq_ptr(name, "annotation")) {
-                                        r = parse_xml_annotation(context, &context->member_flags);
-                                        if (r < 0)
-                                                return r;
-                                } else {
-                                        log_error("Unexpected <signal> tag %s.", name);
-                                        return -EINVAL;
-                                }
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "signal"))) {
-
-                                if (n_depth == 0) {
-                                        if (context->ops->on_signal) {
-                                                r = context->ops->on_signal(context->interface_name, context->member_name, context->member_signature, context->member_flags, context->userdata);
-                                                if (r < 0)
-                                                        return r;
-                                        }
-
-                                        context_reset_member(context);
-                                }
-
-                                state = STATE_INTERFACE;
-
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in <signal>. (1)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_SIGNAL_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-
-                                if (n_depth == 0) {
-                                        free(context->member_name);
-                                        context->member_name = name;
-                                        name = NULL;
-                                }
-
-                                state = STATE_SIGNAL;
-                        } else {
-                                log_error("Unexpected token in <signal>. (2)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-
-                case STATE_SIGNAL_ARG:
-
-                        if (t == XML_ATTRIBUTE_NAME) {
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_SIGNAL_ARG_NAME;
-                                else if (streq_ptr(name, "type"))
-                                        state = STATE_SIGNAL_ARG_TYPE;
-                                else {
-                                        log_error("Unexpected signal <arg> attribute %s.", name);
-                                        return -EBADMSG;
-                                }
-                        } else if (t == XML_TAG_OPEN) {
-                                if (streq_ptr(name, "annotation")) {
-                                        r = parse_xml_annotation(context, NULL);
-                                        if (r < 0)
-                                                return r;
-                                } else {
-                                        log_error("Unexpected signal <arg> tag %s.", name);
-                                        return -EINVAL;
-                                }
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "arg"))) {
-
-                                if (argument_type) {
-                                        if (!strextend(&context->member_signature, argument_type, NULL))
-                                                return log_oom();
-
-                                        argument_type = mfree(argument_type);
-                                }
-
-                                state = STATE_SIGNAL;
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in signal <arg> (1).");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_SIGNAL_ARG_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE)
-                                state = STATE_SIGNAL_ARG;
-                        else {
-                                log_error("Unexpected token in signal <arg> (2).");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_SIGNAL_ARG_TYPE:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-                                free(argument_type);
-                                argument_type = name;
-                                name = NULL;
-
-                                state = STATE_SIGNAL_ARG;
-                        } else {
-                                log_error("Unexpected token in signal <arg> (3).");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_PROPERTY:
-
-                        if (t == XML_ATTRIBUTE_NAME) {
-                                if (streq_ptr(name, "name"))
-                                        state = STATE_PROPERTY_NAME;
-                                else if (streq_ptr(name, "type"))
-                                        state  = STATE_PROPERTY_TYPE;
-                                else if (streq_ptr(name, "access"))
-                                        state  = STATE_PROPERTY_ACCESS;
-                                else {
-                                        log_error("Unexpected <property> attribute %s.", name);
-                                        return -EBADMSG;
-                                }
-                        } else if (t == XML_TAG_OPEN) {
-
-                                if (streq_ptr(name, "annotation")) {
-                                        r = parse_xml_annotation(context, &context->member_flags);
-                                        if (r < 0)
-                                                return r;
-                                } else {
-                                        log_error("Unexpected <property> tag %s.", name);
-                                        return -EINVAL;
-                                }
-
-                        } else if (t == XML_TAG_CLOSE_EMPTY ||
-                                   (t == XML_TAG_CLOSE && streq_ptr(name, "property"))) {
-
-                                if (n_depth == 0) {
-                                        if (context->ops->on_property) {
-                                                r = context->ops->on_property(context->interface_name, context->member_name, context->member_signature, context->member_writable, context->member_flags, context->userdata);
-                                                if (r < 0)
-                                                        return r;
-                                        }
-
-                                        context_reset_member(context);
-                                }
-
-                                state = STATE_INTERFACE;
-
-                        } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                                log_error("Unexpected token in <property>. (1)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_PROPERTY_NAME:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-
-                                if (n_depth == 0) {
-                                        free(context->member_name);
-                                        context->member_name = name;
-                                        name = NULL;
-                                }
-                                state = STATE_PROPERTY;
-                        } else {
-                                log_error("Unexpected token in <property>. (2)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_PROPERTY_TYPE:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-
-                                if (n_depth == 0) {
-                                        free(context->member_signature);
-                                        context->member_signature = name;
-                                        name = NULL;
-                                }
-
-                                state = STATE_PROPERTY;
-                        } else {
-                                log_error("Unexpected token in <property>. (3)");
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case STATE_PROPERTY_ACCESS:
-
-                        if (t == XML_ATTRIBUTE_VALUE) {
-
-                                if (streq(name, "readwrite") || streq(name, "write"))
-                                        context->member_writable = true;
-
-                                state = STATE_PROPERTY;
-                        } else {
-                                log_error("Unexpected token in <property>. (4)");
-                                return -EINVAL;
-                        }
-
-                        break;
-                }
-        }
-}
-
-int parse_xml_introspect(const char *prefix, const char *xml, const XMLIntrospectOps *ops, void *userdata) {
-        Context context = {
-                .ops = ops,
-                .userdata = userdata,
-                .current = xml,
-        };
-
-        int r;
-
-        assert(prefix);
-        assert(xml);
-        assert(ops);
-
-        for (;;) {
-                _cleanup_free_ char *name = NULL;
-
-                r = xml_tokenize(&context.current, &name, &context.xml_state, NULL);
-                if (r < 0) {
-                        log_error("XML parse error");
-                        goto finish;
-                }
-
-                if (r == XML_END) {
-                        r = 0;
-                        break;
-                }
-
-                if (r == XML_TAG_OPEN) {
-
-                        if (streq(name, "node")) {
-                                r = parse_xml_node(&context, prefix, 0);
-                                if (r < 0)
-                                        goto finish;
-                        } else {
-                                log_error("Unexpected tag '%s' in introspection data.", name);
-                                r = -EBADMSG;
-                                goto finish;
-                        }
-                } else if (r != XML_TEXT || !in_charset(name, WHITESPACE)) {
-                        log_error("Unexpected token.");
-                        r = -EBADMSG;
-                        goto finish;
-                }
-        }
-
-finish:
-        context_reset_interface(&context);
-
-        return r;
-}
diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c
deleted file mode 100644
index bfe967bfb0..0000000000
--- a/src/libsystemd/sd-bus/busctl.c
+++ /dev/null
@@ -1,2086 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-dump.h"
-#include "bus-internal.h"
-#include "bus-signature.h"
-#include "bus-type.h"
-#include "bus-util.h"
-#include "busctl-introspect.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "locale-util.h"
-#include "log.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "set.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "user-util.h"
-#include "util.h"
-
-static bool arg_no_pager = false;
-static bool arg_legend = true;
-static char *arg_address = NULL;
-static bool arg_unique = false;
-static bool arg_acquired = false;
-static bool arg_activatable = false;
-static bool arg_show_machine = false;
-static char **arg_matches = NULL;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static char *arg_host = NULL;
-static bool arg_user = false;
-static size_t arg_snaplen = 4096;
-static bool arg_list = false;
-static bool arg_quiet = false;
-static bool arg_verbose = false;
-static bool arg_expect_reply = true;
-static bool arg_auto_start = true;
-static bool arg_allow_interactive_authorization = true;
-static bool arg_augment_creds = true;
-static usec_t arg_timeout = 0;
-
-#define NAME_IS_ACQUIRED INT_TO_PTR(1)
-#define NAME_IS_ACTIVATABLE INT_TO_PTR(2)
-
-static int list_bus_names(sd_bus *bus, char **argv) {
-        _cleanup_strv_free_ char **acquired = NULL, **activatable = NULL;
-        _cleanup_free_ char **merged = NULL;
-        _cleanup_hashmap_free_ Hashmap *names = NULL;
-        char **i;
-        int r;
-        size_t max_i = 0;
-        unsigned n = 0;
-        void *v;
-        char *k;
-        Iterator iterator;
-
-        assert(bus);
-
-        if (!arg_unique && !arg_acquired && !arg_activatable)
-                arg_unique = arg_acquired = arg_activatable = true;
-
-        r = sd_bus_list_names(bus, (arg_acquired || arg_unique) ? &acquired : NULL, arg_activatable ? &activatable : NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to list names: %m");
-
-        pager_open(arg_no_pager, false);
-
-        names = hashmap_new(&string_hash_ops);
-        if (!names)
-                return log_oom();
-
-        STRV_FOREACH(i, acquired) {
-                max_i = MAX(max_i, strlen(*i));
-
-                r = hashmap_put(names, *i, NAME_IS_ACQUIRED);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add to hashmap: %m");
-        }
-
-        STRV_FOREACH(i, activatable) {
-                max_i = MAX(max_i, strlen(*i));
-
-                r = hashmap_put(names, *i, NAME_IS_ACTIVATABLE);
-                if (r < 0 && r != -EEXIST)
-                        return log_error_errno(r, "Failed to add to hashmap: %m");
-        }
-
-        merged = new(char*, hashmap_size(names) + 1);
-        HASHMAP_FOREACH_KEY(v, k, names, iterator)
-                merged[n++] = k;
-
-        merged[n] = NULL;
-        strv_sort(merged);
-
-        if (arg_legend) {
-                printf("%-*s %*s %-*s %-*s %-*s %-*s %-*s %-*s",
-                       (int) max_i, "NAME", 10, "PID", 15, "PROCESS", 16, "USER", 13, "CONNECTION", 25, "UNIT", 10, "SESSION", 19, "DESCRIPTION");
-
-                if (arg_show_machine)
-                        puts(" MACHINE");
-                else
-                        putchar('\n');
-        }
-
-        STRV_FOREACH(i, merged) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-                sd_id128_t mid;
-
-                if (hashmap_get(names, *i) == NAME_IS_ACTIVATABLE) {
-                        /* Activatable */
-
-                        printf("%-*s", (int) max_i, *i);
-                        printf("          - -               -                (activatable) -                         -         ");
-                        if (arg_show_machine)
-                                puts(" -");
-                        else
-                                putchar('\n');
-                        continue;
-
-                }
-
-                if (!arg_unique && (*i)[0] == ':')
-                        continue;
-
-                if (!arg_acquired && (*i)[0] != ':')
-                        continue;
-
-                printf("%-*s", (int) max_i, *i);
-
-                r = sd_bus_get_name_creds(
-                                bus, *i,
-                                (arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) |
-                                SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_COMM|
-                                SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_SESSION|
-                                SD_BUS_CREDS_DESCRIPTION, &creds);
-                if (r >= 0) {
-                        const char *unique, *session, *unit, *cn;
-                        pid_t pid;
-                        uid_t uid;
-
-                        r = sd_bus_creds_get_pid(creds, &pid);
-                        if (r >= 0) {
-                                const char *comm = NULL;
-
-                                sd_bus_creds_get_comm(creds, &comm);
-
-                                printf(" %10lu %-15s", (unsigned long) pid, strna(comm));
-                        } else
-                                fputs("          - -              ", stdout);
-
-                        r = sd_bus_creds_get_euid(creds, &uid);
-                        if (r >= 0) {
-                                _cleanup_free_ char *u = NULL;
-
-                                u = uid_to_name(uid);
-                                if (!u)
-                                        return log_oom();
-
-                                if (strlen(u) > 16)
-                                        u[16] = 0;
-
-                                printf(" %-16s", u);
-                        } else
-                                fputs(" -               ", stdout);
-
-                        r = sd_bus_creds_get_unique_name(creds, &unique);
-                        if (r >= 0)
-                                printf(" %-13s", unique);
-                        else
-                                fputs(" -            ", stdout);
-
-                        r = sd_bus_creds_get_unit(creds, &unit);
-                        if (r >= 0) {
-                                _cleanup_free_ char *e;
-
-                                e = ellipsize(unit, 25, 100);
-                                if (!e)
-                                        return log_oom();
-
-                                printf(" %-25s", e);
-                        } else
-                                fputs(" -                        ", stdout);
-
-                        r = sd_bus_creds_get_session(creds, &session);
-                        if (r >= 0)
-                                printf(" %-10s", session);
-                        else
-                                fputs(" -         ", stdout);
-
-                        r = sd_bus_creds_get_description(creds, &cn);
-                        if (r >= 0)
-                                printf(" %-19s", cn);
-                        else
-                                fputs(" -                  ", stdout);
-
-                } else
-                        printf("          - -               -                -             -                         -          -                  ");
-
-                if (arg_show_machine) {
-                        r = sd_bus_get_name_machine_id(bus, *i, &mid);
-                        if (r >= 0) {
-                                char m[SD_ID128_STRING_MAX];
-                                printf(" %s\n", sd_id128_to_string(mid, m));
-                        } else
-                                puts(" -");
-                } else
-                        putchar('\n');
-        }
-
-        return 0;
-}
-
-static void print_subtree(const char *prefix, const char *path, char **l) {
-        const char *vertical, *space;
-        char **n;
-
-        /* We assume the list is sorted. Let's first skip over the
-         * entry we are looking at. */
-        for (;;) {
-                if (!*l)
-                        return;
-
-                if (!streq(*l, path))
-                        break;
-
-                l++;
-        }
-
-        vertical = strjoina(prefix, special_glyph(TREE_VERTICAL));
-        space = strjoina(prefix, special_glyph(TREE_SPACE));
-
-        for (;;) {
-                bool has_more = false;
-
-                if (!*l || !path_startswith(*l, path))
-                        break;
-
-                n = l + 1;
-                for (;;) {
-                        if (!*n || !path_startswith(*n, path))
-                                break;
-
-                        if (!path_startswith(*n, *l)) {
-                                has_more = true;
-                                break;
-                        }
-
-                        n++;
-                }
-
-                printf("%s%s%s\n", prefix, special_glyph(has_more ? TREE_BRANCH : TREE_RIGHT), *l);
-
-                print_subtree(has_more ? vertical : space, *l, l);
-                l = n;
-        }
-}
-
-static void print_tree(const char *prefix, char **l) {
-
-        pager_open(arg_no_pager, false);
-
-        prefix = strempty(prefix);
-
-        if (arg_list) {
-                char **i;
-
-                STRV_FOREACH(i, l)
-                        printf("%s%s\n", prefix, *i);
-                return;
-        }
-
-        if (strv_isempty(l)) {
-                printf("No objects discovered.\n");
-                return;
-        }
-
-        if (streq(l[0], "/") && !l[1]) {
-                printf("Only root object discovered.\n");
-                return;
-        }
-
-        print_subtree(prefix, "/", l);
-}
-
-static int on_path(const char *path, void *userdata) {
-        Set *paths = userdata;
-        int r;
-
-        assert(paths);
-
-        r = set_put_strdup(paths, path);
-        if (r < 0)
-                return log_oom();
-
-        return 0;
-}
-
-static int find_nodes(sd_bus *bus, const char *service, const char *path, Set *paths, bool many) {
-        static const XMLIntrospectOps ops = {
-                .on_path = on_path,
-        };
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *xml;
-        int r;
-
-        r = sd_bus_call_method(bus, service, path, "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
-        if (r < 0) {
-                if (many)
-                        printf("Failed to introspect object %s of service %s: %s\n", path, service, bus_error_message(&error, r));
-                else
-                        log_error("Failed to introspect object %s of service %s: %s", path, service, bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "s", &xml);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return parse_xml_introspect(path, xml, &ops, paths);
-}
-
-static int tree_one(sd_bus *bus, const char *service, const char *prefix, bool many) {
-        _cleanup_set_free_free_ Set *paths = NULL, *done = NULL, *failed = NULL;
-        _cleanup_free_ char **l = NULL;
-        char *m;
-        int r;
-
-        paths = set_new(&string_hash_ops);
-        if (!paths)
-                return log_oom();
-
-        done = set_new(&string_hash_ops);
-        if (!done)
-                return log_oom();
-
-        failed = set_new(&string_hash_ops);
-        if (!failed)
-                return log_oom();
-
-        m = strdup("/");
-        if (!m)
-                return log_oom();
-
-        r = set_put(paths, m);
-        if (r < 0) {
-                free(m);
-                return log_oom();
-        }
-
-        for (;;) {
-                _cleanup_free_ char *p = NULL;
-                int q;
-
-                p = set_steal_first(paths);
-                if (!p)
-                        break;
-
-                if (set_contains(done, p) ||
-                    set_contains(failed, p))
-                        continue;
-
-                q = find_nodes(bus, service, p, paths, many);
-                if (q < 0) {
-                        if (r >= 0)
-                                r = q;
-
-                        q = set_put(failed, p);
-                } else
-                        q = set_put(done, p);
-
-                if (q < 0)
-                        return log_oom();
-
-                assert(q != 0);
-                p = NULL;
-        }
-
-        pager_open(arg_no_pager, false);
-
-        l = set_get_strv(done);
-        if (!l)
-                return log_oom();
-
-        strv_sort(l);
-        print_tree(prefix, l);
-
-        fflush(stdout);
-
-        return r;
-}
-
-static int tree(sd_bus *bus, char **argv) {
-        char **i;
-        int r = 0;
-
-        if (!arg_unique && !arg_acquired)
-                arg_acquired = true;
-
-        if (strv_length(argv) <= 1) {
-                _cleanup_strv_free_ char **names = NULL;
-                bool not_first = false;
-
-                r = sd_bus_list_names(bus, &names, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get name list: %m");
-
-                pager_open(arg_no_pager, false);
-
-                STRV_FOREACH(i, names) {
-                        int q;
-
-                        if (!arg_unique && (*i)[0] == ':')
-                                continue;
-
-                        if (!arg_acquired && (*i)[0] == ':')
-                                continue;
-
-                        if (not_first)
-                                printf("\n");
-
-                        printf("Service %s%s%s:\n", ansi_highlight(), *i, ansi_normal());
-
-                        q = tree_one(bus, *i, NULL, true);
-                        if (q < 0 && r >= 0)
-                                r = q;
-
-                        not_first = true;
-                }
-        } else {
-                STRV_FOREACH(i, argv+1) {
-                        int q;
-
-                        if (i > argv+1)
-                                printf("\n");
-
-                        if (argv[2]) {
-                                pager_open(arg_no_pager, false);
-                                printf("Service %s%s%s:\n", ansi_highlight(), *i, ansi_normal());
-                        }
-
-                        q = tree_one(bus, *i, NULL, !!argv[2]);
-                        if (q < 0 && r >= 0)
-                                r = q;
-                }
-        }
-
-        return r;
-}
-
-static int format_cmdline(sd_bus_message *m, FILE *f, bool needs_space) {
-        int r;
-
-        for (;;) {
-                const char *contents = NULL;
-                char type;
-                union {
-                        uint8_t u8;
-                        uint16_t u16;
-                        int16_t s16;
-                        uint32_t u32;
-                        int32_t s32;
-                        uint64_t u64;
-                        int64_t s64;
-                        double d64;
-                        const char *string;
-                        int i;
-                } basic;
-
-                r = sd_bus_message_peek_type(m, &type, &contents);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return needs_space;
-
-                if (bus_type_is_container(type) > 0) {
-
-                        r = sd_bus_message_enter_container(m, type, contents);
-                        if (r < 0)
-                                return r;
-
-                        if (type == SD_BUS_TYPE_ARRAY) {
-                                unsigned n = 0;
-
-                                /* count array entries */
-                                for (;;) {
-
-                                        r = sd_bus_message_skip(m, contents);
-                                        if (r < 0)
-                                                return r;
-                                        if (r == 0)
-                                                break;
-
-                                        n++;
-                                }
-
-                                r = sd_bus_message_rewind(m, false);
-                                if (r < 0)
-                                        return r;
-
-                                if (needs_space)
-                                        fputc(' ', f);
-
-                                fprintf(f, "%u", n);
-                                needs_space = true;
-
-                        } else if (type == SD_BUS_TYPE_VARIANT) {
-
-                                if (needs_space)
-                                        fputc(' ', f);
-
-                                fprintf(f, "%s", contents);
-                                needs_space = true;
-                        }
-
-                        r = format_cmdline(m, f, needs_space);
-                        if (r < 0)
-                                return r;
-
-                        needs_space = r > 0;
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return r;
-
-                        continue;
-                }
-
-                r = sd_bus_message_read_basic(m, type, &basic);
-                if (r < 0)
-                        return r;
-
-                if (needs_space)
-                        fputc(' ', f);
-
-                switch (type) {
-                case SD_BUS_TYPE_BYTE:
-                        fprintf(f, "%u", basic.u8);
-                        break;
-
-                case SD_BUS_TYPE_BOOLEAN:
-                        fputs(true_false(basic.i), f);
-                        break;
-
-                case SD_BUS_TYPE_INT16:
-                        fprintf(f, "%i", basic.s16);
-                        break;
-
-                case SD_BUS_TYPE_UINT16:
-                        fprintf(f, "%u", basic.u16);
-                        break;
-
-                case SD_BUS_TYPE_INT32:
-                        fprintf(f, "%i", basic.s32);
-                        break;
-
-                case SD_BUS_TYPE_UINT32:
-                        fprintf(f, "%u", basic.u32);
-                        break;
-
-                case SD_BUS_TYPE_INT64:
-                        fprintf(f, "%" PRIi64, basic.s64);
-                        break;
-
-                case SD_BUS_TYPE_UINT64:
-                        fprintf(f, "%" PRIu64, basic.u64);
-                        break;
-
-                case SD_BUS_TYPE_DOUBLE:
-                        fprintf(f, "%g", basic.d64);
-                        break;
-
-                case SD_BUS_TYPE_STRING:
-                case SD_BUS_TYPE_OBJECT_PATH:
-                case SD_BUS_TYPE_SIGNATURE: {
-                        _cleanup_free_ char *b = NULL;
-
-                        b = cescape(basic.string);
-                        if (!b)
-                                return -ENOMEM;
-
-                        fprintf(f, "\"%s\"", b);
-                        break;
-                }
-
-                case SD_BUS_TYPE_UNIX_FD:
-                        fprintf(f, "%i", basic.i);
-                        break;
-
-                default:
-                        assert_not_reached("Unknown basic type.");
-                }
-
-                needs_space = true;
-        }
-}
-
-typedef struct Member {
-        const char *type;
-        char *interface;
-        char *name;
-        char *signature;
-        char *result;
-        char *value;
-        bool writable;
-        uint64_t flags;
-} Member;
-
-static void member_hash_func(const void *p, struct siphash *state) {
-        const Member *m = p;
-        uint64_t arity = 1;
-
-        assert(m);
-        assert(m->type);
-
-        string_hash_func(m->type, state);
-
-        arity += !!m->name + !!m->interface;
-
-        uint64_hash_func(&arity, state);
-
-        if (m->name)
-                string_hash_func(m->name, state);
-
-        if (m->interface)
-                string_hash_func(m->interface, state);
-}
-
-static int member_compare_func(const void *a, const void *b) {
-        const Member *x = a, *y = b;
-        int d;
-
-        assert(x);
-        assert(y);
-        assert(x->type);
-        assert(y->type);
-
-        d = strcmp_ptr(x->interface, y->interface);
-        if (d != 0)
-                return d;
-
-        d = strcmp(x->type, y->type);
-        if (d != 0)
-                return d;
-
-        return strcmp_ptr(x->name, y->name);
-}
-
-static int member_compare_funcp(const void *a, const void *b) {
-        const Member *const * x = (const Member *const *) a, * const *y = (const Member *const *) b;
-
-        return member_compare_func(*x, *y);
-}
-
-static void member_free(Member *m) {
-        if (!m)
-                return;
-
-        free(m->interface);
-        free(m->name);
-        free(m->signature);
-        free(m->result);
-        free(m->value);
-        free(m);
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Member*, member_free);
-
-static void member_set_free(Set *s) {
-        Member *m;
-
-        while ((m = set_steal_first(s)))
-                member_free(m);
-
-        set_free(s);
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, member_set_free);
-
-static int on_interface(const char *interface, uint64_t flags, void *userdata) {
-        _cleanup_(member_freep) Member *m;
-        Set *members = userdata;
-        int r;
-
-        assert(interface);
-        assert(members);
-
-        m = new0(Member, 1);
-        if (!m)
-                return log_oom();
-
-        m->type = "interface";
-        m->flags = flags;
-
-        r = free_and_strdup(&m->interface, interface);
-        if (r < 0)
-                return log_oom();
-
-        r = set_put(members, m);
-        if (r <= 0) {
-                log_error("Duplicate interface");
-                return -EINVAL;
-        }
-
-        m = NULL;
-        return 0;
-}
-
-static int on_method(const char *interface, const char *name, const char *signature, const char *result, uint64_t flags, void *userdata) {
-        _cleanup_(member_freep) Member *m;
-        Set *members = userdata;
-        int r;
-
-        assert(interface);
-        assert(name);
-
-        m = new0(Member, 1);
-        if (!m)
-                return log_oom();
-
-        m->type = "method";
-        m->flags = flags;
-
-        r = free_and_strdup(&m->interface, interface);
-        if (r < 0)
-                return log_oom();
-
-        r = free_and_strdup(&m->name, name);
-        if (r < 0)
-                return log_oom();
-
-        r = free_and_strdup(&m->signature, signature);
-        if (r < 0)
-                return log_oom();
-
-        r = free_and_strdup(&m->result, result);
-        if (r < 0)
-                return log_oom();
-
-        r = set_put(members, m);
-        if (r <= 0) {
-                log_error("Duplicate method");
-                return -EINVAL;
-        }
-
-        m = NULL;
-        return 0;
-}
-
-static int on_signal(const char *interface, const char *name, const char *signature, uint64_t flags, void *userdata) {
-        _cleanup_(member_freep) Member *m;
-        Set *members = userdata;
-        int r;
-
-        assert(interface);
-        assert(name);
-
-        m = new0(Member, 1);
-        if (!m)
-                return log_oom();
-
-        m->type = "signal";
-        m->flags = flags;
-
-        r = free_and_strdup(&m->interface, interface);
-        if (r < 0)
-                return log_oom();
-
-        r = free_and_strdup(&m->name, name);
-        if (r < 0)
-                return log_oom();
-
-        r = free_and_strdup(&m->signature, signature);
-        if (r < 0)
-                return log_oom();
-
-        r = set_put(members, m);
-        if (r <= 0) {
-                log_error("Duplicate signal");
-                return -EINVAL;
-        }
-
-        m = NULL;
-        return 0;
-}
-
-static int on_property(const char *interface, const char *name, const char *signature, bool writable, uint64_t flags, void *userdata) {
-        _cleanup_(member_freep) Member *m;
-        Set *members = userdata;
-        int r;
-
-        assert(interface);
-        assert(name);
-
-        m = new0(Member, 1);
-        if (!m)
-                return log_oom();
-
-        m->type = "property";
-        m->flags = flags;
-        m->writable = writable;
-
-        r = free_and_strdup(&m->interface, interface);
-        if (r < 0)
-                return log_oom();
-
-        r = free_and_strdup(&m->name, name);
-        if (r < 0)
-                return log_oom();
-
-        r = free_and_strdup(&m->signature, signature);
-        if (r < 0)
-                return log_oom();
-
-        r = set_put(members, m);
-        if (r <= 0) {
-                log_error("Duplicate property");
-                return -EINVAL;
-        }
-
-        m = NULL;
-        return 0;
-}
-
-static const char *strdash(const char *x) {
-        return isempty(x) ? "-" : x;
-}
-
-static int introspect(sd_bus *bus, char **argv) {
-        static const struct hash_ops member_hash_ops = {
-                .hash = member_hash_func,
-                .compare = member_compare_func,
-        };
-
-        static const XMLIntrospectOps ops = {
-                .on_interface = on_interface,
-                .on_method = on_method,
-                .on_signal = on_signal,
-                .on_property = on_property,
-        };
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(member_set_freep) Set *members = NULL;
-        Iterator i;
-        Member *m;
-        const char *xml;
-        int r;
-        unsigned name_width,  type_width, signature_width, result_width;
-        Member **sorted = NULL;
-        unsigned k = 0, j, n_args;
-
-        n_args = strv_length(argv);
-        if (n_args < 3) {
-                log_error("Requires service and object path argument.");
-                return -EINVAL;
-        }
-
-        if (n_args > 4) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        members = set_new(&member_hash_ops);
-        if (!members)
-                return log_oom();
-
-        r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
-        if (r < 0) {
-                log_error("Failed to introspect object %s of service %s: %s", argv[2], argv[1], bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "s", &xml);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        /* First, get list of all properties */
-        r = parse_xml_introspect(argv[2], xml, &ops, members);
-        if (r < 0)
-                return r;
-
-        /* Second, find the current values for them */
-        SET_FOREACH(m, members, i) {
-
-                if (!streq(m->type, "property"))
-                        continue;
-
-                if (m->value)
-                        continue;
-
-                if (argv[3] && !streq(argv[3], m->interface))
-                        continue;
-
-                r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", m->interface);
-                if (r < 0) {
-                        log_error("%s", bus_error_message(&error, r));
-                        return r;
-                }
-
-                r = sd_bus_message_enter_container(reply, 'a', "{sv}");
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                for (;;) {
-                        Member *z;
-                        _cleanup_free_ char *buf = NULL;
-                        _cleanup_fclose_ FILE *mf = NULL;
-                        size_t sz = 0;
-                        const char *name;
-
-                        r = sd_bus_message_enter_container(reply, 'e', "sv");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (r == 0)
-                                break;
-
-                        r = sd_bus_message_read(reply, "s", &name);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_enter_container(reply, 'v', NULL);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        mf = open_memstream(&buf, &sz);
-                        if (!mf)
-                                return log_oom();
-
-                        r = format_cmdline(reply, mf, false);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        fclose(mf);
-                        mf = NULL;
-
-                        z = set_get(members, &((Member) {
-                                                .type = "property",
-                                                .interface = m->interface,
-                                                .name = (char*) name }));
-                        if (z) {
-                                free(z->value);
-                                z->value = buf;
-                                buf = NULL;
-                        }
-
-                        r = sd_bus_message_exit_container(reply);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(reply);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-                }
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-        }
-
-        pager_open(arg_no_pager, false);
-
-        name_width = strlen("NAME");
-        type_width = strlen("TYPE");
-        signature_width = strlen("SIGNATURE");
-        result_width = strlen("RESULT/VALUE");
-
-        sorted = newa(Member*, set_size(members));
-
-        SET_FOREACH(m, members, i) {
-
-                if (argv[3] && !streq(argv[3], m->interface))
-                        continue;
-
-                if (m->interface)
-                        name_width = MAX(name_width, strlen(m->interface));
-                if (m->name)
-                        name_width = MAX(name_width, strlen(m->name) + 1);
-                if (m->type)
-                        type_width = MAX(type_width, strlen(m->type));
-                if (m->signature)
-                        signature_width = MAX(signature_width, strlen(m->signature));
-                if (m->result)
-                        result_width = MAX(result_width, strlen(m->result));
-                if (m->value)
-                        result_width = MAX(result_width, strlen(m->value));
-
-                sorted[k++] = m;
-        }
-
-        if (result_width > 40)
-                result_width = 40;
-
-        qsort(sorted, k, sizeof(Member*), member_compare_funcp);
-
-        if (arg_legend) {
-                printf("%-*s %-*s %-*s %-*s %s\n",
-                       (int) name_width, "NAME",
-                       (int) type_width, "TYPE",
-                       (int) signature_width, "SIGNATURE",
-                       (int) result_width, "RESULT/VALUE",
-                       "FLAGS");
-        }
-
-        for (j = 0; j < k; j++) {
-                _cleanup_free_ char *ellipsized = NULL;
-                const char *rv;
-                bool is_interface;
-
-                m = sorted[j];
-
-                if (argv[3] && !streq(argv[3], m->interface))
-                        continue;
-
-                is_interface = streq(m->type, "interface");
-
-                if (argv[3] && is_interface)
-                        continue;
-
-                if (m->value) {
-                        ellipsized = ellipsize(m->value, result_width, 100);
-                        if (!ellipsized)
-                                return log_oom();
-
-                        rv = ellipsized;
-                } else
-                        rv = strdash(m->result);
-
-                printf("%s%s%-*s%s %-*s %-*s %-*s%s%s%s%s%s%s\n",
-                       is_interface ? ansi_highlight() : "",
-                       is_interface ? "" : ".",
-                       - !is_interface + (int) name_width, strdash(streq_ptr(m->type, "interface") ? m->interface : m->name),
-                       is_interface ? ansi_normal() : "",
-                       (int) type_width, strdash(m->type),
-                       (int) signature_width, strdash(m->signature),
-                       (int) result_width, rv,
-                       (m->flags & SD_BUS_VTABLE_DEPRECATED) ? " deprecated" : (m->flags || m->writable ? "" : " -"),
-                       (m->flags & SD_BUS_VTABLE_METHOD_NO_REPLY) ? " no-reply" : "",
-                       (m->flags & SD_BUS_VTABLE_PROPERTY_CONST) ? " const" : "",
-                       (m->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE) ? " emits-change" : "",
-                       (m->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION) ? " emits-invalidation" : "",
-                       m->writable ? " writable" : "");
-        }
-
-        return 0;
-}
-
-static int message_dump(sd_bus_message *m, FILE *f) {
-        return bus_message_dump(m, f, BUS_MESSAGE_DUMP_WITH_HEADER);
-}
-
-static int message_pcap(sd_bus_message *m, FILE *f) {
-        return bus_message_pcap_frame(m, arg_snaplen, f);
-}
-
-static int monitor(sd_bus *bus, char *argv[], int (*dump)(sd_bus_message *m, FILE *f)) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *message = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char **i;
-        uint32_t flags = 0;
-        int r;
-
-        /* upgrade connection; it's not used for anything else after this call */
-        r = sd_bus_message_new_method_call(bus, &message, "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus.Monitoring", "BecomeMonitor");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_open_container(message, 'a', "s");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        STRV_FOREACH(i, argv+1) {
-                _cleanup_free_ char *m = NULL;
-
-                if (!service_name_is_valid(*i)) {
-                        log_error("Invalid service name '%s'", *i);
-                        return -EINVAL;
-                }
-
-                m = strjoin("sender='", *i, "'", NULL);
-                if (!m)
-                        return log_oom();
-
-                r = sd_bus_message_append_basic(message, 's', m);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                free(m);
-                m = strjoin("destination='", *i, "'", NULL);
-                if (!m)
-                        return log_oom();
-
-                r = sd_bus_message_append_basic(message, 's', m);
-                if (r < 0)
-                        return bus_log_create_error(r);
-        }
-
-        STRV_FOREACH(i, arg_matches) {
-                r = sd_bus_message_append_basic(message, 's', *i);
-                if (r < 0)
-                        return bus_log_create_error(r);
-        }
-
-        r = sd_bus_message_close_container(message);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_basic(message, 'u', &flags);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, message, arg_timeout, &error, NULL);
-        if (r < 0) {
-                log_error("%s", bus_error_message(&error, r));
-                return r;
-        }
-
-        log_info("Monitoring bus message stream.");
-
-        for (;;) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-
-                r = sd_bus_process(bus, &m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to process bus: %m");
-
-                if (m) {
-                        dump(m, stdout);
-                        fflush(stdout);
-
-                        if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected") > 0) {
-                                log_info("Connection terminated, exiting.");
-                                return 0;
-                        }
-
-                        continue;
-                }
-
-                if (r > 0)
-                        continue;
-
-                r = sd_bus_wait(bus, (uint64_t) -1);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to wait for bus: %m");
-        }
-}
-
-static int capture(sd_bus *bus, char *argv[]) {
-        int r;
-
-        if (isatty(fileno(stdout)) > 0) {
-                log_error("Refusing to write message data to console, please redirect output to a file.");
-                return -EINVAL;
-        }
-
-        bus_pcap_header(arg_snaplen, stdout);
-
-        r = monitor(bus, argv, message_pcap);
-        if (r < 0)
-                return r;
-
-        if (ferror(stdout)) {
-                log_error("Couldn't write capture file.");
-                return -EIO;
-        }
-
-        return r;
-}
-
-static int status(sd_bus *bus, char *argv[]) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        pid_t pid;
-        int r;
-
-        assert(bus);
-
-        if (strv_length(argv) > 2) {
-                log_error("Expects no or one argument.");
-                return -EINVAL;
-        }
-
-        if (argv[1]) {
-                r = parse_pid(argv[1], &pid);
-                if (r < 0)
-                        r = sd_bus_get_name_creds(
-                                        bus,
-                                        argv[1],
-                                        (arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) | _SD_BUS_CREDS_ALL,
-                                        &creds);
-                else
-                        r = sd_bus_creds_new_from_pid(
-                                        &creds,
-                                        pid,
-                                        _SD_BUS_CREDS_ALL);
-        } else {
-                const char *scope, *address;
-                sd_id128_t bus_id;
-
-                r = sd_bus_get_address(bus, &address);
-                if (r >= 0)
-                        printf("BusAddress=%s%s%s\n", ansi_highlight(), address, ansi_normal());
-
-                r = sd_bus_get_scope(bus, &scope);
-                if (r >= 0)
-                        printf("BusScope=%s%s%s\n", ansi_highlight(), scope, ansi_normal());
-
-                r = sd_bus_get_bus_id(bus, &bus_id);
-                if (r >= 0)
-                        printf("BusID=%s" SD_ID128_FORMAT_STR "%s\n", ansi_highlight(), SD_ID128_FORMAT_VAL(bus_id), ansi_normal());
-
-                r = sd_bus_get_owner_creds(
-                                bus,
-                                (arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) | _SD_BUS_CREDS_ALL,
-                                &creds);
-        }
-
-        if (r < 0)
-                return log_error_errno(r, "Failed to get credentials: %m");
-
-        bus_creds_dump(creds, NULL, false);
-        return 0;
-}
-
-static int message_append_cmdline(sd_bus_message *m, const char *signature, char ***x) {
-        char **p;
-        int r;
-
-        assert(m);
-        assert(signature);
-        assert(x);
-
-        p = *x;
-
-        for (;;) {
-                const char *v;
-                char t;
-
-                t = *signature;
-                v = *p;
-
-                if (t == 0)
-                        break;
-                if (!v) {
-                        log_error("Too few parameters for signature.");
-                        return -EINVAL;
-                }
-
-                signature++;
-                p++;
-
-                switch (t) {
-
-                case SD_BUS_TYPE_BOOLEAN:
-
-                        r = parse_boolean(v);
-                        if (r < 0) {
-                                log_error("Failed to parse as boolean: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &r);
-                        break;
-
-                case SD_BUS_TYPE_BYTE: {
-                        uint8_t z;
-
-                        r = safe_atou8(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as byte (unsigned 8bit integer): %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-                case SD_BUS_TYPE_INT16: {
-                        int16_t z;
-
-                        r = safe_atoi16(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as signed 16bit integer: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-                case SD_BUS_TYPE_UINT16: {
-                        uint16_t z;
-
-                        r = safe_atou16(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as unsigned 16bit integer: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-                case SD_BUS_TYPE_INT32: {
-                        int32_t z;
-
-                        r = safe_atoi32(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as signed 32bit integer: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-                case SD_BUS_TYPE_UINT32: {
-                        uint32_t z;
-
-                        r = safe_atou32(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as unsigned 32bit integer: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-                case SD_BUS_TYPE_INT64: {
-                        int64_t z;
-
-                        r = safe_atoi64(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as signed 64bit integer: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-                case SD_BUS_TYPE_UINT64: {
-                        uint64_t z;
-
-                        r = safe_atou64(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as unsigned 64bit integer: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-
-                case SD_BUS_TYPE_DOUBLE: {
-                        double z;
-
-                        r = safe_atod(v, &z);
-                        if (r < 0) {
-                                log_error("Failed to parse as double precision floating point: %s", v);
-                                return r;
-                        }
-
-                        r = sd_bus_message_append_basic(m, t, &z);
-                        break;
-                }
-
-                case SD_BUS_TYPE_STRING:
-                case SD_BUS_TYPE_OBJECT_PATH:
-                case SD_BUS_TYPE_SIGNATURE:
-
-                        r = sd_bus_message_append_basic(m, t, v);
-                        break;
-
-                case SD_BUS_TYPE_ARRAY: {
-                        uint32_t n;
-                        size_t k;
-
-                        r = safe_atou32(v, &n);
-                        if (r < 0) {
-                                log_error("Failed to parse number of array entries: %s", v);
-                                return r;
-                        }
-
-                        r = signature_element_length(signature, &k);
-                        if (r < 0) {
-                                log_error("Invalid array signature.");
-                                return r;
-                        }
-
-                        {
-                                unsigned i;
-                                char s[k + 1];
-                                memcpy(s, signature, k);
-                                s[k] = 0;
-
-                                r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, s);
-                                if (r < 0)
-                                        return bus_log_create_error(r);
-
-                                for (i = 0; i < n; i++) {
-                                        r = message_append_cmdline(m, s, &p);
-                                        if (r < 0)
-                                                return r;
-                                }
-                        }
-
-                        signature += k;
-
-                        r = sd_bus_message_close_container(m);
-                        break;
-                }
-
-                case SD_BUS_TYPE_VARIANT:
-                        r = sd_bus_message_open_container(m, SD_BUS_TYPE_VARIANT, v);
-                        if (r < 0)
-                                return bus_log_create_error(r);
-
-                        r = message_append_cmdline(m, v, &p);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_close_container(m);
-                        break;
-
-                case SD_BUS_TYPE_STRUCT_BEGIN:
-                case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
-                        size_t k;
-
-                        signature--;
-                        p--;
-
-                        r = signature_element_length(signature, &k);
-                        if (r < 0) {
-                                log_error("Invalid struct/dict entry signature.");
-                                return r;
-                        }
-
-                        {
-                                char s[k-1];
-                                memcpy(s, signature + 1, k - 2);
-                                s[k - 2] = 0;
-
-                                r = sd_bus_message_open_container(m, t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
-                                if (r < 0)
-                                        return bus_log_create_error(r);
-
-                                r = message_append_cmdline(m, s, &p);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        signature += k;
-
-                        r = sd_bus_message_close_container(m);
-                        break;
-                }
-
-                case SD_BUS_TYPE_UNIX_FD:
-                        log_error("UNIX file descriptor not supported as type.");
-                        return -EINVAL;
-
-                default:
-                        log_error("Unknown signature type %c.", t);
-                        return -EINVAL;
-                }
-
-                if (r < 0)
-                        return bus_log_create_error(r);
-        }
-
-        *x = p;
-        return 0;
-}
-
-static int call(sd_bus *bus, char *argv[]) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        int r;
-
-        assert(bus);
-
-        if (strv_length(argv) < 5) {
-                log_error("Expects at least four arguments.");
-                return -EINVAL;
-        }
-
-        r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2], argv[3], argv[4]);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_set_expect_reply(m, arg_expect_reply);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_set_auto_start(m, arg_auto_start);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_set_allow_interactive_authorization(m, arg_allow_interactive_authorization);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        if (!isempty(argv[5])) {
-                char **p;
-
-                p = argv+6;
-
-                r = message_append_cmdline(m, argv[5], &p);
-                if (r < 0)
-                        return r;
-
-                if (*p) {
-                        log_error("Too many parameters for signature.");
-                        return -EINVAL;
-                }
-        }
-
-        if (!arg_expect_reply) {
-                r = sd_bus_send(bus, m, NULL);
-                if (r < 0) {
-                        log_error("Failed to send message.");
-                        return r;
-                }
-
-                return 0;
-        }
-
-        r = sd_bus_call(bus, m, arg_timeout, &error, &reply);
-        if (r < 0) {
-                log_error("%s", bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_message_is_empty(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (r == 0 && !arg_quiet) {
-
-                if (arg_verbose) {
-                        pager_open(arg_no_pager, false);
-
-                        r = bus_message_dump(reply, stdout, 0);
-                        if (r < 0)
-                                return r;
-                } else {
-
-                        fputs(sd_bus_message_get_signature(reply, true), stdout);
-                        fputc(' ', stdout);
-
-                        r = format_cmdline(reply, stdout, false);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        fputc('\n', stdout);
-                }
-        }
-
-        return 0;
-}
-
-static int get_property(sd_bus *bus, char *argv[]) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        unsigned n;
-        char **i;
-        int r;
-
-        assert(bus);
-
-        n = strv_length(argv);
-        if (n < 5) {
-                log_error("Expects at least four arguments.");
-                return -EINVAL;
-        }
-
-        STRV_FOREACH(i, argv + 4) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                const char *contents = NULL;
-                char type;
-
-                r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Get", &error, &reply, "ss", argv[3], *i);
-                if (r < 0) {
-                        log_error("%s", bus_error_message(&error, r));
-                        return r;
-                }
-
-                r = sd_bus_message_peek_type(reply, &type, &contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_enter_container(reply, 'v', contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (arg_verbose)  {
-                        pager_open(arg_no_pager, false);
-
-                        r = bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_SUBTREE_ONLY);
-                        if (r < 0)
-                                return r;
-                } else {
-                        fputs(contents, stdout);
-                        fputc(' ', stdout);
-
-                        r = format_cmdline(reply, stdout, false);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        fputc('\n', stdout);
-                }
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-        }
-
-        return 0;
-}
-
-static int set_property(sd_bus *bus, char *argv[]) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        unsigned n;
-        char **p;
-        int r;
-
-        assert(bus);
-
-        n = strv_length(argv);
-        if (n < 6) {
-                log_error("Expects at least five arguments.");
-                return -EINVAL;
-        }
-
-        r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Set");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(m, "ss", argv[3], argv[4]);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_open_container(m, 'v', argv[5]);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        p = argv+6;
-        r = message_append_cmdline(m, argv[5], &p);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        if (*p) {
-                log_error("Too many parameters for signature.");
-                return -EINVAL;
-        }
-
-        r = sd_bus_call(bus, m, arg_timeout, &error, NULL);
-        if (r < 0) {
-                log_error("%s", bus_error_message(&error, r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int help(void) {
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Introspect the bus.\n\n"
-               "  -h --help               Show this help\n"
-               "     --version            Show package version\n"
-               "     --no-pager           Do not pipe output into a pager\n"
-               "     --no-legend          Do not show the headers and footers\n"
-               "     --system             Connect to system bus\n"
-               "     --user               Connect to user bus\n"
-               "  -H --host=[USER@]HOST   Operate on remote host\n"
-               "  -M --machine=CONTAINER  Operate on local container\n"
-               "     --address=ADDRESS    Connect to bus specified by address\n"
-               "     --show-machine       Show machine ID column in list\n"
-               "     --unique             Only show unique names\n"
-               "     --acquired           Only show acquired names\n"
-               "     --activatable        Only show activatable names\n"
-               "     --match=MATCH        Only show matching messages\n"
-               "     --size=SIZE          Maximum length of captured packet\n"
-               "     --list               Don't show tree, but simple object path list\n"
-               "     --quiet              Don't show method call reply\n"
-               "     --verbose            Show result values in long format\n"
-               "     --expect-reply=BOOL  Expect a method call reply\n"
-               "     --auto-start=BOOL    Auto-start destination service\n"
-               "     --allow-interactive-authorization=BOOL\n"
-               "                          Allow interactive authorization for operation\n"
-               "     --timeout=SECS       Maximum time to wait for method call completion\n"
-               "     --augment-creds=BOOL Extend credential data with data read from /proc/$PID\n\n"
-               "Commands:\n"
-               "  list                    List bus names\n"
-               "  status [SERVICE]        Show bus service, process or bus owner credentials\n"
-               "  monitor [SERVICE...]    Show bus traffic\n"
-               "  capture [SERVICE...]    Capture bus traffic as pcap\n"
-               "  tree [SERVICE...]       Show object tree of service\n"
-               "  introspect SERVICE OBJECT [INTERFACE]\n"
-               "  call SERVICE OBJECT INTERFACE METHOD [SIGNATURE [ARGUMENT...]]\n"
-               "                          Call a method\n"
-               "  get-property SERVICE OBJECT INTERFACE PROPERTY...\n"
-               "                          Get property value\n"
-               "  set-property SERVICE OBJECT INTERFACE PROPERTY SIGNATURE ARGUMENT...\n"
-               "                          Set property value\n"
-               "  help                    Show this help\n"
-               , program_invocation_short_name);
-
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_PAGER,
-                ARG_NO_LEGEND,
-                ARG_SYSTEM,
-                ARG_USER,
-                ARG_ADDRESS,
-                ARG_MATCH,
-                ARG_SHOW_MACHINE,
-                ARG_UNIQUE,
-                ARG_ACQUIRED,
-                ARG_ACTIVATABLE,
-                ARG_SIZE,
-                ARG_LIST,
-                ARG_VERBOSE,
-                ARG_EXPECT_REPLY,
-                ARG_AUTO_START,
-                ARG_ALLOW_INTERACTIVE_AUTHORIZATION,
-                ARG_TIMEOUT,
-                ARG_AUGMENT_CREDS,
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'              },
-                { "version",      no_argument,       NULL, ARG_VERSION      },
-                { "no-pager",     no_argument,       NULL, ARG_NO_PAGER     },
-                { "no-legend",    no_argument,       NULL, ARG_NO_LEGEND    },
-                { "system",       no_argument,       NULL, ARG_SYSTEM       },
-                { "user",         no_argument,       NULL, ARG_USER         },
-                { "address",      required_argument, NULL, ARG_ADDRESS      },
-                { "show-machine", no_argument,       NULL, ARG_SHOW_MACHINE },
-                { "unique",       no_argument,       NULL, ARG_UNIQUE       },
-                { "acquired",     no_argument,       NULL, ARG_ACQUIRED     },
-                { "activatable",  no_argument,       NULL, ARG_ACTIVATABLE  },
-                { "match",        required_argument, NULL, ARG_MATCH        },
-                { "host",         required_argument, NULL, 'H'              },
-                { "machine",      required_argument, NULL, 'M'              },
-                { "size",         required_argument, NULL, ARG_SIZE         },
-                { "list",         no_argument,       NULL, ARG_LIST         },
-                { "quiet",        no_argument,       NULL, 'q'              },
-                { "verbose",      no_argument,       NULL, ARG_VERBOSE      },
-                { "expect-reply", required_argument, NULL, ARG_EXPECT_REPLY },
-                { "auto-start",   required_argument, NULL, ARG_AUTO_START   },
-                { "allow-interactive-authorization", required_argument, NULL, ARG_ALLOW_INTERACTIVE_AUTHORIZATION },
-                { "timeout",      required_argument, NULL, ARG_TIMEOUT      },
-                { "augment-creds",required_argument, NULL, ARG_AUGMENT_CREDS},
-                {},
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hH:M:q", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        return help();
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_NO_LEGEND:
-                        arg_legend = false;
-                        break;
-
-                case ARG_USER:
-                        arg_user = true;
-                        break;
-
-                case ARG_SYSTEM:
-                        arg_user = false;
-                        break;
-
-                case ARG_ADDRESS:
-                        arg_address = optarg;
-                        break;
-
-                case ARG_SHOW_MACHINE:
-                        arg_show_machine = true;
-                        break;
-
-                case ARG_UNIQUE:
-                        arg_unique = true;
-                        break;
-
-                case ARG_ACQUIRED:
-                        arg_acquired = true;
-                        break;
-
-                case ARG_ACTIVATABLE:
-                        arg_activatable = true;
-                        break;
-
-                case ARG_MATCH:
-                        if (strv_extend(&arg_matches, optarg) < 0)
-                                return log_oom();
-                        break;
-
-                case ARG_SIZE: {
-                        uint64_t sz;
-
-                        r = parse_size(optarg, 1024, &sz);
-                        if (r < 0) {
-                                log_error("Failed to parse size: %s", optarg);
-                                return r;
-                        }
-
-                        if ((uint64_t) (size_t) sz !=  sz) {
-                                log_error("Size out of range.");
-                                return -E2BIG;
-                        }
-
-                        arg_snaplen = (size_t) sz;
-                        break;
-                }
-
-                case ARG_LIST:
-                        arg_list = true;
-                        break;
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case 'q':
-                        arg_quiet = true;
-                        break;
-
-                case ARG_VERBOSE:
-                        arg_verbose = true;
-                        break;
-
-                case ARG_EXPECT_REPLY:
-                        r = parse_boolean(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse --expect-reply= parameter.");
-                                return r;
-                        }
-
-                        arg_expect_reply = !!r;
-                        break;
-
-
-                case ARG_AUTO_START:
-                        r = parse_boolean(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse --auto-start= parameter.");
-                                return r;
-                        }
-
-                        arg_auto_start = !!r;
-                        break;
-
-
-                case ARG_ALLOW_INTERACTIVE_AUTHORIZATION:
-                        r = parse_boolean(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse --allow-interactive-authorization= parameter.");
-                                return r;
-                        }
-
-                        arg_allow_interactive_authorization = !!r;
-                        break;
-
-                case ARG_TIMEOUT:
-                        r = parse_sec(optarg, &arg_timeout);
-                        if (r < 0) {
-                                log_error("Failed to parse --timeout= parameter.");
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_AUGMENT_CREDS:
-                        r = parse_boolean(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse --augment-creds= parameter.");
-                                return r;
-                        }
-
-                        arg_augment_creds = !!r;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int busctl_main(sd_bus *bus, int argc, char *argv[]) {
-        assert(bus);
-
-        if (optind >= argc ||
-            streq(argv[optind], "list"))
-                return list_bus_names(bus, argv + optind);
-
-        if (streq(argv[optind], "monitor"))
-                return monitor(bus, argv + optind, message_dump);
-
-        if (streq(argv[optind], "capture"))
-                return capture(bus, argv + optind);
-
-        if (streq(argv[optind], "status"))
-                return status(bus, argv + optind);
-
-        if (streq(argv[optind], "tree"))
-                return tree(bus, argv + optind);
-
-        if (streq(argv[optind], "introspect"))
-                return introspect(bus, argv + optind);
-
-        if (streq(argv[optind], "call"))
-                return call(bus, argv + optind);
-
-        if (streq(argv[optind], "get-property"))
-                return get_property(bus, argv + optind);
-
-        if (streq(argv[optind], "set-property"))
-                return set_property(bus, argv + optind);
-
-        if (streq(argv[optind], "help"))
-                return help();
-
-        log_error("Unknown command '%s'", argv[optind]);
-        return -EINVAL;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = sd_bus_new(&bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate bus: %m");
-                goto finish;
-        }
-
-        if (streq_ptr(argv[optind], "monitor") ||
-            streq_ptr(argv[optind], "capture")) {
-
-                r = sd_bus_set_monitor(bus, true);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to set monitor mode: %m");
-                        goto finish;
-                }
-
-                r = sd_bus_negotiate_creds(bus, true, _SD_BUS_CREDS_ALL);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to enable credentials: %m");
-                        goto finish;
-                }
-
-                r = sd_bus_negotiate_timestamp(bus, true);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to enable timestamps: %m");
-                        goto finish;
-                }
-
-                r = sd_bus_negotiate_fds(bus, true);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to enable fds: %m");
-                        goto finish;
-                }
-        }
-
-        r = sd_bus_set_bus_client(bus, true);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set bus client: %m");
-                goto finish;
-        }
-
-        if (arg_address)
-                r = sd_bus_set_address(bus, arg_address);
-        else {
-                switch (arg_transport) {
-
-                case BUS_TRANSPORT_LOCAL:
-                        if (arg_user) {
-                                bus->is_user = true;
-                                r = bus_set_address_user(bus);
-                        } else {
-                                bus->is_system = true;
-                                r = bus_set_address_system(bus);
-                        }
-                        break;
-
-                case BUS_TRANSPORT_REMOTE:
-                        r = bus_set_address_system_remote(bus, arg_host);
-                        break;
-
-                case BUS_TRANSPORT_MACHINE:
-                        r = bus_set_address_system_machine(bus, arg_host);
-                        break;
-
-                default:
-                        assert_not_reached("Hmm, unknown transport type.");
-                }
-        }
-        if (r < 0) {
-                log_error_errno(r, "Failed to set address: %m");
-                goto finish;
-        }
-
-        r = sd_bus_start(bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to connect to bus: %m");
-                goto finish;
-        }
-
-        r = busctl_main(bus, argc, argv);
-
-finish:
-        pager_close();
-
-        strv_free(arg_matches);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
deleted file mode 100644
index ed5f94e136..0000000000
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ /dev/null
@@ -1,3791 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <endian.h>
-#include <netdb.h>
-#include <poll.h>
-#include <pthread.h>
-#include <stdlib.h>
-#include <sys/mman.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-container.h"
-#include "bus-control.h"
-#include "bus-internal.h"
-#include "bus-kernel.h"
-#include "bus-label.h"
-#include "bus-message.h"
-#include "bus-objects.h"
-#include "bus-protocol.h"
-#include "bus-slot.h"
-#include "bus-socket.h"
-#include "bus-track.h"
-#include "bus-type.h"
-#include "bus-util.h"
-#include "cgroup-util.h"
-#include "def.h"
-#include "fd-util.h"
-#include "hexdecoct.h"
-#include "hostname-util.h"
-#include "macro.h"
-#include "missing.h"
-#include "parse-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-#define log_debug_bus_message(m)                                         \
-        do {                                                             \
-                sd_bus_message *_mm = (m);                               \
-                log_debug("Got message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " error=%s", \
-                          bus_message_type_to_string(_mm->header->type), \
-                          strna(sd_bus_message_get_sender(_mm)),         \
-                          strna(sd_bus_message_get_destination(_mm)),    \
-                          strna(sd_bus_message_get_path(_mm)),           \
-                          strna(sd_bus_message_get_interface(_mm)),      \
-                          strna(sd_bus_message_get_member(_mm)),         \
-                          BUS_MESSAGE_COOKIE(_mm),                       \
-                          _mm->reply_cookie,                             \
-                          strna(_mm->error.message));                    \
-        } while (false)
-
-static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
-static int attach_io_events(sd_bus *b);
-static void detach_io_events(sd_bus *b);
-
-static thread_local sd_bus *default_system_bus = NULL;
-static thread_local sd_bus *default_user_bus = NULL;
-static thread_local sd_bus *default_starter_bus = NULL;
-
-static void bus_close_fds(sd_bus *b) {
-        assert(b);
-
-        detach_io_events(b);
-
-        if (b->input_fd != b->output_fd)
-                safe_close(b->output_fd);
-        b->output_fd = b->input_fd = safe_close(b->input_fd);
-}
-
-static void bus_reset_queues(sd_bus *b) {
-        assert(b);
-
-        while (b->rqueue_size > 0)
-                sd_bus_message_unref(b->rqueue[--b->rqueue_size]);
-
-        b->rqueue = mfree(b->rqueue);
-        b->rqueue_allocated = 0;
-
-        while (b->wqueue_size > 0)
-                sd_bus_message_unref(b->wqueue[--b->wqueue_size]);
-
-        b->wqueue = mfree(b->wqueue);
-        b->wqueue_allocated = 0;
-}
-
-static void bus_free(sd_bus *b) {
-        sd_bus_slot *s;
-
-        assert(b);
-        assert(!b->track_queue);
-
-        b->state = BUS_CLOSED;
-
-        sd_bus_detach_event(b);
-
-        while ((s = b->slots)) {
-                /* At this point only floating slots can still be
-                 * around, because the non-floating ones keep a
-                 * reference to the bus, and we thus couldn't be
-                 * destructing right now... We forcibly disconnect the
-                 * slots here, so that they still can be referenced by
-                 * apps, but are dead. */
-
-                assert(s->floating);
-                bus_slot_disconnect(s);
-                sd_bus_slot_unref(s);
-        }
-
-        if (b->default_bus_ptr)
-                *b->default_bus_ptr = NULL;
-
-        bus_close_fds(b);
-
-        if (b->kdbus_buffer)
-                munmap(b->kdbus_buffer, KDBUS_POOL_SIZE);
-
-        free(b->label);
-        free(b->rbuffer);
-        free(b->unique_name);
-        free(b->auth_buffer);
-        free(b->address);
-        free(b->kernel);
-        free(b->machine);
-        free(b->fake_label);
-        free(b->cgroup_root);
-        free(b->description);
-
-        free(b->exec_path);
-        strv_free(b->exec_argv);
-
-        close_many(b->fds, b->n_fds);
-        free(b->fds);
-
-        bus_reset_queues(b);
-
-        ordered_hashmap_free_free(b->reply_callbacks);
-        prioq_free(b->reply_callbacks_prioq);
-
-        assert(b->match_callbacks.type == BUS_MATCH_ROOT);
-        bus_match_free(&b->match_callbacks);
-
-        hashmap_free_free(b->vtable_methods);
-        hashmap_free_free(b->vtable_properties);
-
-        assert(hashmap_isempty(b->nodes));
-        hashmap_free(b->nodes);
-
-        bus_kernel_flush_memfd(b);
-
-        assert_se(pthread_mutex_destroy(&b->memfd_cache_mutex) == 0);
-
-        free(b);
-}
-
-_public_ int sd_bus_new(sd_bus **ret) {
-        sd_bus *r;
-
-        assert_return(ret, -EINVAL);
-
-        r = new0(sd_bus, 1);
-        if (!r)
-                return -ENOMEM;
-
-        r->n_ref = REFCNT_INIT;
-        r->input_fd = r->output_fd = -1;
-        r->message_version = 1;
-        r->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
-        r->hello_flags |= KDBUS_HELLO_ACCEPT_FD;
-        r->attach_flags |= KDBUS_ATTACH_NAMES;
-        r->original_pid = getpid();
-
-        assert_se(pthread_mutex_init(&r->memfd_cache_mutex, NULL) == 0);
-
-        /* We guarantee that wqueue always has space for at least one
-         * entry */
-        if (!GREEDY_REALLOC(r->wqueue, r->wqueue_allocated, 1)) {
-                free(r);
-                return -ENOMEM;
-        }
-
-        *ret = r;
-        return 0;
-}
-
-_public_ int sd_bus_set_address(sd_bus *bus, const char *address) {
-        char *a;
-
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(address, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        a = strdup(address);
-        if (!a)
-                return -ENOMEM;
-
-        free(bus->address);
-        bus->address = a;
-
-        return 0;
-}
-
-_public_ int sd_bus_set_fd(sd_bus *bus, int input_fd, int output_fd) {
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(input_fd >= 0, -EBADF);
-        assert_return(output_fd >= 0, -EBADF);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        bus->input_fd = input_fd;
-        bus->output_fd = output_fd;
-        return 0;
-}
-
-_public_ int sd_bus_set_exec(sd_bus *bus, const char *path, char *const argv[]) {
-        char *p, **a;
-
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(path, -EINVAL);
-        assert_return(!strv_isempty(argv), -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        p = strdup(path);
-        if (!p)
-                return -ENOMEM;
-
-        a = strv_copy(argv);
-        if (!a) {
-                free(p);
-                return -ENOMEM;
-        }
-
-        free(bus->exec_path);
-        strv_free(bus->exec_argv);
-
-        bus->exec_path = p;
-        bus->exec_argv = a;
-
-        return 0;
-}
-
-_public_ int sd_bus_set_bus_client(sd_bus *bus, int b) {
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        bus->bus_client = !!b;
-        return 0;
-}
-
-_public_ int sd_bus_set_monitor(sd_bus *bus, int b) {
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        SET_FLAG(bus->hello_flags, KDBUS_HELLO_MONITOR, b);
-        return 0;
-}
-
-_public_ int sd_bus_negotiate_fds(sd_bus *bus, int b) {
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        SET_FLAG(bus->hello_flags, KDBUS_HELLO_ACCEPT_FD, b);
-        return 0;
-}
-
-_public_ int sd_bus_negotiate_timestamp(sd_bus *bus, int b) {
-        uint64_t new_flags;
-        assert_return(bus, -EINVAL);
-        assert_return(!IN_SET(bus->state, BUS_CLOSING, BUS_CLOSED), -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        new_flags = bus->attach_flags;
-        SET_FLAG(new_flags, KDBUS_ATTACH_TIMESTAMP, b);
-
-        if (bus->attach_flags == new_flags)
-                return 0;
-
-        bus->attach_flags = new_flags;
-        if (bus->state != BUS_UNSET && bus->is_kernel)
-                bus_kernel_realize_attach_flags(bus);
-
-        return 0;
-}
-
-_public_ int sd_bus_negotiate_creds(sd_bus *bus, int b, uint64_t mask) {
-        uint64_t new_flags;
-
-        assert_return(bus, -EINVAL);
-        assert_return(mask <= _SD_BUS_CREDS_ALL, -EINVAL);
-        assert_return(!IN_SET(bus->state, BUS_CLOSING, BUS_CLOSED), -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        SET_FLAG(bus->creds_mask, mask, b);
-
-        /* The well knowns we need unconditionally, so that matches can work */
-        bus->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
-
-        /* Make sure we don't lose the timestamp flag */
-        new_flags = (bus->attach_flags & KDBUS_ATTACH_TIMESTAMP) | attach_flags_to_kdbus(bus->creds_mask);
-        if (bus->attach_flags == new_flags)
-                return 0;
-
-        bus->attach_flags = new_flags;
-        if (bus->state != BUS_UNSET && bus->is_kernel)
-                bus_kernel_realize_attach_flags(bus);
-
-        return 0;
-}
-
-_public_ int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id) {
-        assert_return(bus, -EINVAL);
-        assert_return(b || sd_id128_equal(server_id, SD_ID128_NULL), -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        bus->is_server = !!b;
-        bus->server_id = server_id;
-        return 0;
-}
-
-_public_ int sd_bus_set_anonymous(sd_bus *bus, int b) {
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        bus->anonymous_auth = !!b;
-        return 0;
-}
-
-_public_ int sd_bus_set_trusted(sd_bus *bus, int b) {
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        bus->trusted = !!b;
-        return 0;
-}
-
-_public_ int sd_bus_set_description(sd_bus *bus, const char *description) {
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return free_and_strdup(&bus->description, description);
-}
-
-_public_ int sd_bus_set_allow_interactive_authorization(sd_bus *bus, int b) {
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        bus->allow_interactive_authorization = !!b;
-        return 0;
-}
-
-_public_ int sd_bus_get_allow_interactive_authorization(sd_bus *bus) {
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return bus->allow_interactive_authorization;
-}
-
-static int hello_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
-        const char *s;
-        sd_bus *bus;
-        int r;
-
-        assert(reply);
-        bus = reply->bus;
-        assert(bus);
-        assert(bus->state == BUS_HELLO || bus->state == BUS_CLOSING);
-
-        r = sd_bus_message_get_errno(reply);
-        if (r > 0)
-                return -r;
-
-        r = sd_bus_message_read(reply, "s", &s);
-        if (r < 0)
-                return r;
-
-        if (!service_name_is_valid(s) || s[0] != ':')
-                return -EBADMSG;
-
-        bus->unique_name = strdup(s);
-        if (!bus->unique_name)
-                return -ENOMEM;
-
-        if (bus->state == BUS_HELLO)
-                bus->state = BUS_RUNNING;
-
-        return 1;
-}
-
-static int bus_send_hello(sd_bus *bus) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        int r;
-
-        assert(bus);
-
-        if (!bus->bus_client || bus->is_kernel)
-                return 0;
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.DBus",
-                        "/org/freedesktop/DBus",
-                        "org.freedesktop.DBus",
-                        "Hello");
-        if (r < 0)
-                return r;
-
-        return sd_bus_call_async(bus, NULL, m, hello_callback, NULL, 0);
-}
-
-int bus_start_running(sd_bus *bus) {
-        assert(bus);
-
-        if (bus->bus_client && !bus->is_kernel) {
-                bus->state = BUS_HELLO;
-                return 1;
-        }
-
-        bus->state = BUS_RUNNING;
-        return 1;
-}
-
-static int parse_address_key(const char **p, const char *key, char **value) {
-        size_t l, n = 0, allocated = 0;
-        const char *a;
-        char *r = NULL;
-
-        assert(p);
-        assert(*p);
-        assert(value);
-
-        if (key) {
-                l = strlen(key);
-                if (strncmp(*p, key, l) != 0)
-                        return 0;
-
-                if ((*p)[l] != '=')
-                        return 0;
-
-                if (*value)
-                        return -EINVAL;
-
-                a = *p + l + 1;
-        } else
-                a = *p;
-
-        while (*a != ';' && *a != ',' && *a != 0) {
-                char c;
-
-                if (*a == '%') {
-                        int x, y;
-
-                        x = unhexchar(a[1]);
-                        if (x < 0) {
-                                free(r);
-                                return x;
-                        }
-
-                        y = unhexchar(a[2]);
-                        if (y < 0) {
-                                free(r);
-                                return y;
-                        }
-
-                        c = (char) ((x << 4) | y);
-                        a += 3;
-                } else {
-                        c = *a;
-                        a++;
-                }
-
-                if (!GREEDY_REALLOC(r, allocated, n + 2))
-                        return -ENOMEM;
-
-                r[n++] = c;
-        }
-
-        if (!r) {
-                r = strdup("");
-                if (!r)
-                        return -ENOMEM;
-        } else
-                r[n] = 0;
-
-        if (*a == ',')
-                a++;
-
-        *p = a;
-
-        free(*value);
-        *value = r;
-
-        return 1;
-}
-
-static void skip_address_key(const char **p) {
-        assert(p);
-        assert(*p);
-
-        *p += strcspn(*p, ",");
-
-        if (**p == ',')
-                (*p)++;
-}
-
-static int parse_unix_address(sd_bus *b, const char **p, char **guid) {
-        _cleanup_free_ char *path = NULL, *abstract = NULL;
-        size_t l;
-        int r;
-
-        assert(b);
-        assert(p);
-        assert(*p);
-        assert(guid);
-
-        while (**p != 0 && **p != ';') {
-                r = parse_address_key(p, "guid", guid);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "path", &path);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "abstract", &abstract);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                skip_address_key(p);
-        }
-
-        if (!path && !abstract)
-                return -EINVAL;
-
-        if (path && abstract)
-                return -EINVAL;
-
-        if (path) {
-                l = strlen(path);
-                if (l > sizeof(b->sockaddr.un.sun_path))
-                        return -E2BIG;
-
-                b->sockaddr.un.sun_family = AF_UNIX;
-                strncpy(b->sockaddr.un.sun_path, path, sizeof(b->sockaddr.un.sun_path));
-                b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + l;
-        } else if (abstract) {
-                l = strlen(abstract);
-                if (l > sizeof(b->sockaddr.un.sun_path) - 1)
-                        return -E2BIG;
-
-                b->sockaddr.un.sun_family = AF_UNIX;
-                b->sockaddr.un.sun_path[0] = 0;
-                strncpy(b->sockaddr.un.sun_path+1, abstract, sizeof(b->sockaddr.un.sun_path)-1);
-                b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
-        }
-
-        return 0;
-}
-
-static int parse_tcp_address(sd_bus *b, const char **p, char **guid) {
-        _cleanup_free_ char *host = NULL, *port = NULL, *family = NULL;
-        int r;
-        struct addrinfo *result, hints = {
-                .ai_socktype = SOCK_STREAM,
-                .ai_flags = AI_ADDRCONFIG,
-        };
-
-        assert(b);
-        assert(p);
-        assert(*p);
-        assert(guid);
-
-        while (**p != 0 && **p != ';') {
-                r = parse_address_key(p, "guid", guid);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "host", &host);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "port", &port);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "family", &family);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                skip_address_key(p);
-        }
-
-        if (!host || !port)
-                return -EINVAL;
-
-        if (family) {
-                if (streq(family, "ipv4"))
-                        hints.ai_family = AF_INET;
-                else if (streq(family, "ipv6"))
-                        hints.ai_family = AF_INET6;
-                else
-                        return -EINVAL;
-        }
-
-        r = getaddrinfo(host, port, &hints, &result);
-        if (r == EAI_SYSTEM)
-                return -errno;
-        else if (r != 0)
-                return -EADDRNOTAVAIL;
-
-        memcpy(&b->sockaddr, result->ai_addr, result->ai_addrlen);
-        b->sockaddr_size = result->ai_addrlen;
-
-        freeaddrinfo(result);
-
-        return 0;
-}
-
-static int parse_exec_address(sd_bus *b, const char **p, char **guid) {
-        char *path = NULL;
-        unsigned n_argv = 0, j;
-        char **argv = NULL;
-        size_t allocated = 0;
-        int r;
-
-        assert(b);
-        assert(p);
-        assert(*p);
-        assert(guid);
-
-        while (**p != 0 && **p != ';') {
-                r = parse_address_key(p, "guid", guid);
-                if (r < 0)
-                        goto fail;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "path", &path);
-                if (r < 0)
-                        goto fail;
-                else if (r > 0)
-                        continue;
-
-                if (startswith(*p, "argv")) {
-                        unsigned ul;
-
-                        errno = 0;
-                        ul = strtoul(*p + 4, (char**) p, 10);
-                        if (errno > 0 || **p != '=' || ul > 256) {
-                                r = -EINVAL;
-                                goto fail;
-                        }
-
-                        (*p)++;
-
-                        if (ul >= n_argv) {
-                                if (!GREEDY_REALLOC0(argv, allocated, ul + 2)) {
-                                        r = -ENOMEM;
-                                        goto fail;
-                                }
-
-                                n_argv = ul + 1;
-                        }
-
-                        r = parse_address_key(p, NULL, argv + ul);
-                        if (r < 0)
-                                goto fail;
-
-                        continue;
-                }
-
-                skip_address_key(p);
-        }
-
-        if (!path) {
-                r = -EINVAL;
-                goto fail;
-        }
-
-        /* Make sure there are no holes in the array, with the
-         * exception of argv[0] */
-        for (j = 1; j < n_argv; j++)
-                if (!argv[j]) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-        if (argv && argv[0] == NULL) {
-                argv[0] = strdup(path);
-                if (!argv[0]) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        b->exec_path = path;
-        b->exec_argv = argv;
-        return 0;
-
-fail:
-        for (j = 0; j < n_argv; j++)
-                free(argv[j]);
-
-        free(argv);
-        free(path);
-        return r;
-}
-
-static int parse_kernel_address(sd_bus *b, const char **p, char **guid) {
-        _cleanup_free_ char *path = NULL;
-        int r;
-
-        assert(b);
-        assert(p);
-        assert(*p);
-        assert(guid);
-
-        while (**p != 0 && **p != ';') {
-                r = parse_address_key(p, "guid", guid);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "path", &path);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                skip_address_key(p);
-        }
-
-        if (!path)
-                return -EINVAL;
-
-        free(b->kernel);
-        b->kernel = path;
-        path = NULL;
-
-        return 0;
-}
-
-static int parse_container_unix_address(sd_bus *b, const char **p, char **guid) {
-        _cleanup_free_ char *machine = NULL, *pid = NULL;
-        int r;
-
-        assert(b);
-        assert(p);
-        assert(*p);
-        assert(guid);
-
-        while (**p != 0 && **p != ';') {
-                r = parse_address_key(p, "guid", guid);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "machine", &machine);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "pid", &pid);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                skip_address_key(p);
-        }
-
-        if (!machine == !pid)
-                return -EINVAL;
-
-        if (machine) {
-                if (!machine_name_is_valid(machine))
-                        return -EINVAL;
-
-                free(b->machine);
-                b->machine = machine;
-                machine = NULL;
-        } else {
-                b->machine = mfree(b->machine);
-        }
-
-        if (pid) {
-                r = parse_pid(pid, &b->nspid);
-                if (r < 0)
-                        return r;
-        } else
-                b->nspid = 0;
-
-        b->sockaddr.un.sun_family = AF_UNIX;
-        strncpy(b->sockaddr.un.sun_path, "/var/run/dbus/system_bus_socket", sizeof(b->sockaddr.un.sun_path));
-        b->sockaddr_size = SOCKADDR_UN_LEN(b->sockaddr.un);
-
-        return 0;
-}
-
-static int parse_container_kernel_address(sd_bus *b, const char **p, char **guid) {
-        _cleanup_free_ char *machine = NULL, *pid = NULL;
-        int r;
-
-        assert(b);
-        assert(p);
-        assert(*p);
-        assert(guid);
-
-        while (**p != 0 && **p != ';') {
-                r = parse_address_key(p, "guid", guid);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "machine", &machine);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_address_key(p, "pid", &pid);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                skip_address_key(p);
-        }
-
-        if (!machine == !pid)
-                return -EINVAL;
-
-        if (machine) {
-                if (!machine_name_is_valid(machine))
-                        return -EINVAL;
-
-                free(b->machine);
-                b->machine = machine;
-                machine = NULL;
-        } else {
-                b->machine = mfree(b->machine);
-        }
-
-        if (pid) {
-                r = parse_pid(pid, &b->nspid);
-                if (r < 0)
-                        return r;
-        } else
-                b->nspid = 0;
-
-        r = free_and_strdup(&b->kernel, "/sys/fs/kdbus/0-system/bus");
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static void bus_reset_parsed_address(sd_bus *b) {
-        assert(b);
-
-        zero(b->sockaddr);
-        b->sockaddr_size = 0;
-        b->exec_argv = strv_free(b->exec_argv);
-        b->exec_path = mfree(b->exec_path);
-        b->server_id = SD_ID128_NULL;
-        b->kernel = mfree(b->kernel);
-        b->machine = mfree(b->machine);
-        b->nspid = 0;
-}
-
-static int bus_parse_next_address(sd_bus *b) {
-        _cleanup_free_ char *guid = NULL;
-        const char *a;
-        int r;
-
-        assert(b);
-
-        if (!b->address)
-                return 0;
-        if (b->address[b->address_index] == 0)
-                return 0;
-
-        bus_reset_parsed_address(b);
-
-        a = b->address + b->address_index;
-
-        while (*a != 0) {
-
-                if (*a == ';') {
-                        a++;
-                        continue;
-                }
-
-                if (startswith(a, "unix:")) {
-                        a += 5;
-
-                        r = parse_unix_address(b, &a, &guid);
-                        if (r < 0)
-                                return r;
-                        break;
-
-                } else if (startswith(a, "tcp:")) {
-
-                        a += 4;
-                        r = parse_tcp_address(b, &a, &guid);
-                        if (r < 0)
-                                return r;
-
-                        break;
-
-                } else if (startswith(a, "unixexec:")) {
-
-                        a += 9;
-                        r = parse_exec_address(b, &a, &guid);
-                        if (r < 0)
-                                return r;
-
-                        break;
-
-                } else if (startswith(a, "kernel:")) {
-
-                        a += 7;
-                        r = parse_kernel_address(b, &a, &guid);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                } else if (startswith(a, "x-machine-unix:")) {
-
-                        a += 15;
-                        r = parse_container_unix_address(b, &a, &guid);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                } else if (startswith(a, "x-machine-kernel:")) {
-
-                        a += 17;
-                        r = parse_container_kernel_address(b, &a, &guid);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                }
-
-                a = strchr(a, ';');
-                if (!a)
-                        return 0;
-        }
-
-        if (guid) {
-                r = sd_id128_from_string(guid, &b->server_id);
-                if (r < 0)
-                        return r;
-        }
-
-        b->address_index = a - b->address;
-        return 1;
-}
-
-static int bus_start_address(sd_bus *b) {
-        bool container_kdbus_available = false;
-        bool kdbus_available = false;
-        int r;
-
-        assert(b);
-
-        for (;;) {
-                bool skipped = false;
-
-                bus_close_fds(b);
-
-                /*
-                 * Usually, if you provide multiple different bus-addresses, we
-                 * try all of them in order. We use the first one that
-                 * succeeds. However, if you mix kernel and unix addresses, we
-                 * never try unix-addresses if a previous kernel address was
-                 * tried and kdbus was available. This is required to prevent
-                 * clients to fallback to the bus-proxy if kdbus is available
-                 * but failed (eg., too many connections).
-                 */
-
-                if (b->exec_path)
-                        r = bus_socket_exec(b);
-                else if ((b->nspid > 0 || b->machine) && b->kernel) {
-                        r = bus_container_connect_kernel(b);
-                        if (r < 0 && !IN_SET(r, -ENOENT, -ESOCKTNOSUPPORT))
-                                container_kdbus_available = true;
-
-                } else if ((b->nspid > 0 || b->machine) && b->sockaddr.sa.sa_family != AF_UNSPEC) {
-                        if (!container_kdbus_available)
-                                r = bus_container_connect_socket(b);
-                        else
-                                skipped = true;
-
-                } else if (b->kernel) {
-                        r = bus_kernel_connect(b);
-                        if (r < 0 && !IN_SET(r, -ENOENT, -ESOCKTNOSUPPORT))
-                                kdbus_available = true;
-
-                } else if (b->sockaddr.sa.sa_family != AF_UNSPEC) {
-                        if (!kdbus_available)
-                                r = bus_socket_connect(b);
-                        else
-                                skipped = true;
-                } else
-                        skipped = true;
-
-                if (!skipped) {
-                        if (r >= 0) {
-                                r = attach_io_events(b);
-                                if (r >= 0)
-                                        return r;
-                        }
-
-                        b->last_connect_error = -r;
-                }
-
-                r = bus_parse_next_address(b);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return b->last_connect_error ? -b->last_connect_error : -ECONNREFUSED;
-        }
-}
-
-int bus_next_address(sd_bus *b) {
-        assert(b);
-
-        bus_reset_parsed_address(b);
-        return bus_start_address(b);
-}
-
-static int bus_start_fd(sd_bus *b) {
-        struct stat st;
-        int r;
-
-        assert(b);
-        assert(b->input_fd >= 0);
-        assert(b->output_fd >= 0);
-
-        r = fd_nonblock(b->input_fd, true);
-        if (r < 0)
-                return r;
-
-        r = fd_cloexec(b->input_fd, true);
-        if (r < 0)
-                return r;
-
-        if (b->input_fd != b->output_fd) {
-                r = fd_nonblock(b->output_fd, true);
-                if (r < 0)
-                        return r;
-
-                r = fd_cloexec(b->output_fd, true);
-                if (r < 0)
-                        return r;
-        }
-
-        if (fstat(b->input_fd, &st) < 0)
-                return -errno;
-
-        if (S_ISCHR(b->input_fd))
-                return bus_kernel_take_fd(b);
-        else
-                return bus_socket_take_fd(b);
-}
-
-_public_ int sd_bus_start(sd_bus *bus) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state == BUS_UNSET, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        bus->state = BUS_OPENING;
-
-        if (bus->is_server && bus->bus_client)
-                return -EINVAL;
-
-        if (bus->input_fd >= 0)
-                r = bus_start_fd(bus);
-        else if (bus->address || bus->sockaddr.sa.sa_family != AF_UNSPEC || bus->exec_path || bus->kernel || bus->machine)
-                r = bus_start_address(bus);
-        else
-                return -EINVAL;
-
-        if (r < 0) {
-                sd_bus_close(bus);
-                return r;
-        }
-
-        return bus_send_hello(bus);
-}
-
-_public_ int sd_bus_open(sd_bus **ret) {
-        const char *e;
-        sd_bus *b;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        /* Let's connect to the starter bus if it is set, and
-         * otherwise to the bus that is appropropriate for the scope
-         * we are running in */
-
-        e = secure_getenv("DBUS_STARTER_BUS_TYPE");
-        if (e) {
-                if (streq(e, "system"))
-                        return sd_bus_open_system(ret);
-                else if (STR_IN_SET(e, "session", "user"))
-                        return sd_bus_open_user(ret);
-        }
-
-        e = secure_getenv("DBUS_STARTER_ADDRESS");
-        if (!e) {
-                if (cg_pid_get_owner_uid(0, NULL) >= 0)
-                        return sd_bus_open_user(ret);
-                else
-                        return sd_bus_open_system(ret);
-        }
-
-        r = sd_bus_new(&b);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_set_address(b, e);
-        if (r < 0)
-                goto fail;
-
-        b->bus_client = true;
-
-        /* We don't know whether the bus is trusted or not, so better
-         * be safe, and authenticate everything */
-        b->trusted = false;
-        b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
-        b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
-
-        r = sd_bus_start(b);
-        if (r < 0)
-                goto fail;
-
-        *ret = b;
-        return 0;
-
-fail:
-        bus_free(b);
-        return r;
-}
-
-int bus_set_address_system(sd_bus *b) {
-        const char *e;
-        assert(b);
-
-        e = secure_getenv("DBUS_SYSTEM_BUS_ADDRESS");
-        if (e)
-                return sd_bus_set_address(b, e);
-
-        return sd_bus_set_address(b, DEFAULT_SYSTEM_BUS_ADDRESS);
-}
-
-_public_ int sd_bus_open_system(sd_bus **ret) {
-        sd_bus *b;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        r = sd_bus_new(&b);
-        if (r < 0)
-                return r;
-
-        r = bus_set_address_system(b);
-        if (r < 0)
-                goto fail;
-
-        b->bus_client = true;
-        b->is_system = true;
-
-        /* Let's do per-method access control on the system bus. We
-         * need the caller's UID and capability set for that. */
-        b->trusted = false;
-        b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
-        b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
-
-        r = sd_bus_start(b);
-        if (r < 0)
-                goto fail;
-
-        *ret = b;
-        return 0;
-
-fail:
-        bus_free(b);
-        return r;
-}
-
-int bus_set_address_user(sd_bus *b) {
-        const char *e;
-        uid_t uid;
-        int r;
-
-        assert(b);
-
-        e = secure_getenv("DBUS_SESSION_BUS_ADDRESS");
-        if (e)
-                return sd_bus_set_address(b, e);
-
-        r = cg_pid_get_owner_uid(0, &uid);
-        if (r < 0)
-                uid = getuid();
-
-        e = secure_getenv("XDG_RUNTIME_DIR");
-        if (e) {
-                _cleanup_free_ char *ee = NULL;
-
-                ee = bus_address_escape(e);
-                if (!ee)
-                        return -ENOMEM;
-
-                (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, ee);
-        } else
-                (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT, uid);
-
-        if (!b->address)
-                return -ENOMEM;
-
-        return 0;
-}
-
-_public_ int sd_bus_open_user(sd_bus **ret) {
-        sd_bus *b;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        r = sd_bus_new(&b);
-        if (r < 0)
-                return r;
-
-        r = bus_set_address_user(b);
-        if (r < 0)
-                return r;
-
-        b->bus_client = true;
-        b->is_user = true;
-
-        /* We don't do any per-method access control on the user
-         * bus. */
-        b->trusted = true;
-
-        r = sd_bus_start(b);
-        if (r < 0)
-                goto fail;
-
-        *ret = b;
-        return 0;
-
-fail:
-        bus_free(b);
-        return r;
-}
-
-int bus_set_address_system_remote(sd_bus *b, const char *host) {
-        _cleanup_free_ char *e = NULL;
-        char *m = NULL, *c = NULL;
-
-        assert(b);
-        assert(host);
-
-        /* Let's see if we shall enter some container */
-        m = strchr(host, ':');
-        if (m) {
-                m++;
-
-                /* Let's make sure this is not a port of some kind,
-                 * and is a valid machine name. */
-                if (!in_charset(m, "0123456789") && machine_name_is_valid(m)) {
-                        char *t;
-
-                        /* Cut out the host part */
-                        t = strndupa(host, m - host - 1);
-                        e = bus_address_escape(t);
-                        if (!e)
-                                return -ENOMEM;
-
-                        c = strjoina(",argv4=--machine=", m);
-                }
-        }
-
-        if (!e) {
-                e = bus_address_escape(host);
-                if (!e)
-                        return -ENOMEM;
-        }
-
-        b->address = strjoin("unixexec:path=ssh,argv1=-xT,argv2=", e, ",argv3=systemd-stdio-bridge", c, NULL);
-        if (!b->address)
-                return -ENOMEM;
-
-        return 0;
- }
-
-_public_ int sd_bus_open_system_remote(sd_bus **ret, const char *host) {
-        sd_bus *bus;
-        int r;
-
-        assert_return(host, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        r = sd_bus_new(&bus);
-        if (r < 0)
-                return r;
-
-        r = bus_set_address_system_remote(bus, host);
-        if (r < 0)
-                goto fail;
-
-        bus->bus_client = true;
-        bus->trusted = false;
-        bus->is_system = true;
-
-        r = sd_bus_start(bus);
-        if (r < 0)
-                goto fail;
-
-        *ret = bus;
-        return 0;
-
-fail:
-        bus_free(bus);
-        return r;
-}
-
-int bus_set_address_system_machine(sd_bus *b, const char *machine) {
-        _cleanup_free_ char *e = NULL;
-
-        assert(b);
-        assert(machine);
-
-        e = bus_address_escape(machine);
-        if (!e)
-                return -ENOMEM;
-
-        b->address = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL);
-        if (!b->address)
-                return -ENOMEM;
-
-        return 0;
-}
-
-_public_ int sd_bus_open_system_machine(sd_bus **ret, const char *machine) {
-        sd_bus *bus;
-        int r;
-
-        assert_return(machine, -EINVAL);
-        assert_return(ret, -EINVAL);
-        assert_return(machine_name_is_valid(machine), -EINVAL);
-
-        r = sd_bus_new(&bus);
-        if (r < 0)
-                return r;
-
-        r = bus_set_address_system_machine(bus, machine);
-        if (r < 0)
-                goto fail;
-
-        bus->bus_client = true;
-        bus->trusted = false;
-        bus->is_system = true;
-
-        r = sd_bus_start(bus);
-        if (r < 0)
-                goto fail;
-
-        *ret = bus;
-        return 0;
-
-fail:
-        bus_free(bus);
-        return r;
-}
-
-_public_ void sd_bus_close(sd_bus *bus) {
-
-        if (!bus)
-                return;
-        if (bus->state == BUS_CLOSED)
-                return;
-        if (bus_pid_changed(bus))
-                return;
-
-        bus->state = BUS_CLOSED;
-
-        sd_bus_detach_event(bus);
-
-        /* Drop all queued messages so that they drop references to
-         * the bus object and the bus may be freed */
-        bus_reset_queues(bus);
-
-        if (!bus->is_kernel)
-                bus_close_fds(bus);
-
-        /* We'll leave the fd open in case this is a kernel bus, since
-         * there might still be memblocks around that reference this
-         * bus, and they might need to invoke the KDBUS_CMD_FREE
-         * ioctl on the fd when they are freed. */
-}
-
-_public_ sd_bus* sd_bus_flush_close_unref(sd_bus *bus) {
-
-        if (!bus)
-                return NULL;
-
-        sd_bus_flush(bus);
-        sd_bus_close(bus);
-
-        return sd_bus_unref(bus);
-}
-
-static void bus_enter_closing(sd_bus *bus) {
-        assert(bus);
-
-        if (bus->state != BUS_OPENING &&
-            bus->state != BUS_AUTHENTICATING &&
-            bus->state != BUS_HELLO &&
-            bus->state != BUS_RUNNING)
-                return;
-
-        bus->state = BUS_CLOSING;
-}
-
-_public_ sd_bus *sd_bus_ref(sd_bus *bus) {
-
-        if (!bus)
-                return NULL;
-
-        assert_se(REFCNT_INC(bus->n_ref) >= 2);
-
-        return bus;
-}
-
-_public_ sd_bus *sd_bus_unref(sd_bus *bus) {
-        unsigned i;
-
-        if (!bus)
-                return NULL;
-
-        i = REFCNT_DEC(bus->n_ref);
-        if (i > 0)
-                return NULL;
-
-        bus_free(bus);
-        return NULL;
-}
-
-_public_ int sd_bus_is_open(sd_bus *bus) {
-
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return BUS_IS_OPEN(bus->state);
-}
-
-_public_ int sd_bus_can_send(sd_bus *bus, char type) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(bus->state != BUS_UNSET, -ENOTCONN);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
-                return 0;
-
-        if (type == SD_BUS_TYPE_UNIX_FD) {
-                if (!(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD))
-                        return 0;
-
-                r = bus_ensure_running(bus);
-                if (r < 0)
-                        return r;
-
-                return bus->can_fds;
-        }
-
-        return bus_type_is_valid(type);
-}
-
-_public_ int sd_bus_get_bus_id(sd_bus *bus, sd_id128_t *id) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(id, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        r = bus_ensure_running(bus);
-        if (r < 0)
-                return r;
-
-        *id = bus->server_id;
-        return 0;
-}
-
-static int bus_seal_message(sd_bus *b, sd_bus_message *m, usec_t timeout) {
-        assert(b);
-        assert(m);
-
-        if (m->sealed) {
-                /* If we copy the same message to multiple
-                 * destinations, avoid using the same cookie
-                 * numbers. */
-                b->cookie = MAX(b->cookie, BUS_MESSAGE_COOKIE(m));
-                return 0;
-        }
-
-        if (timeout == 0)
-                timeout = BUS_DEFAULT_TIMEOUT;
-
-        return bus_message_seal(m, ++b->cookie, timeout);
-}
-
-static int bus_remarshal_message(sd_bus *b, sd_bus_message **m) {
-        bool remarshal = false;
-
-        assert(b);
-
-        /* wrong packet version */
-        if (b->message_version != 0 && b->message_version != (*m)->header->version)
-                remarshal = true;
-
-        /* wrong packet endianness */
-        if (b->message_endian != 0 && b->message_endian != (*m)->header->endian)
-                remarshal = true;
-
-        /* TODO: kdbus-messages received from the kernel contain data which is
-         * not allowed to be passed to KDBUS_CMD_SEND. Therefore, we have to
-         * force remarshaling of the message. Technically, we could just
-         * recreate the kdbus message, but that is non-trivial as other parts of
-         * the message refer to m->kdbus already. This should be fixed! */
-        if ((*m)->kdbus && (*m)->release_kdbus)
-                remarshal = true;
-
-        return remarshal ? bus_message_remarshal(b, m) : 0;
-}
-
-int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m) {
-        assert(b);
-        assert(m);
-
-        /* Fake some timestamps, if they were requested, and not
-         * already initialized */
-        if (b->attach_flags & KDBUS_ATTACH_TIMESTAMP) {
-                if (m->realtime <= 0)
-                        m->realtime = now(CLOCK_REALTIME);
-
-                if (m->monotonic <= 0)
-                        m->monotonic = now(CLOCK_MONOTONIC);
-        }
-
-        /* The bus specification says the serial number cannot be 0,
-         * hence let's fill something in for synthetic messages. Since
-         * synthetic messages might have a fake sender and we don't
-         * want to interfere with the real sender's serial numbers we
-         * pick a fixed, artificial one. We use (uint32_t) -1 rather
-         * than (uint64_t) -1 since dbus1 only had 32bit identifiers,
-         * even though kdbus can do 64bit. */
-        return bus_message_seal(m, 0xFFFFFFFFULL, 0);
-}
-
-static int bus_write_message(sd_bus *bus, sd_bus_message *m, bool hint_sync_call, size_t *idx) {
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        if (bus->is_kernel)
-                r = bus_kernel_write_message(bus, m, hint_sync_call);
-        else
-                r = bus_socket_write_message(bus, m, idx);
-
-        if (r <= 0)
-                return r;
-
-        if (bus->is_kernel || *idx >= BUS_MESSAGE_SIZE(m))
-                log_debug("Sent message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " error=%s",
-                          bus_message_type_to_string(m->header->type),
-                          strna(sd_bus_message_get_sender(m)),
-                          strna(sd_bus_message_get_destination(m)),
-                          strna(sd_bus_message_get_path(m)),
-                          strna(sd_bus_message_get_interface(m)),
-                          strna(sd_bus_message_get_member(m)),
-                          BUS_MESSAGE_COOKIE(m),
-                          m->reply_cookie,
-                          strna(m->error.message));
-
-        return r;
-}
-
-static int dispatch_wqueue(sd_bus *bus) {
-        int r, ret = 0;
-
-        assert(bus);
-        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
-
-        while (bus->wqueue_size > 0) {
-
-                r = bus_write_message(bus, bus->wqueue[0], false, &bus->windex);
-                if (r < 0)
-                        return r;
-                else if (r == 0)
-                        /* Didn't do anything this time */
-                        return ret;
-                else if (bus->is_kernel || bus->windex >= BUS_MESSAGE_SIZE(bus->wqueue[0])) {
-                        /* Fully written. Let's drop the entry from
-                         * the queue.
-                         *
-                         * This isn't particularly optimized, but
-                         * well, this is supposed to be our worst-case
-                         * buffer only, and the socket buffer is
-                         * supposed to be our primary buffer, and if
-                         * it got full, then all bets are off
-                         * anyway. */
-
-                        bus->wqueue_size--;
-                        sd_bus_message_unref(bus->wqueue[0]);
-                        memmove(bus->wqueue, bus->wqueue + 1, sizeof(sd_bus_message*) * bus->wqueue_size);
-                        bus->windex = 0;
-
-                        ret = 1;
-                }
-        }
-
-        return ret;
-}
-
-static int bus_read_message(sd_bus *bus, bool hint_priority, int64_t priority) {
-        assert(bus);
-
-        if (bus->is_kernel)
-                return bus_kernel_read_message(bus, hint_priority, priority);
-        else
-                return bus_socket_read_message(bus);
-}
-
-int bus_rqueue_make_room(sd_bus *bus) {
-        assert(bus);
-
-        if (bus->rqueue_size >= BUS_RQUEUE_MAX)
-                return -ENOBUFS;
-
-        if (!GREEDY_REALLOC(bus->rqueue, bus->rqueue_allocated, bus->rqueue_size + 1))
-                return -ENOMEM;
-
-        return 0;
-}
-
-static int dispatch_rqueue(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **m) {
-        int r, ret = 0;
-
-        assert(bus);
-        assert(m);
-        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
-
-        /* Note that the priority logic is only available on kdbus,
-         * where the rqueue is unused. We check the rqueue here
-         * anyway, because it's simple... */
-
-        for (;;) {
-                if (bus->rqueue_size > 0) {
-                        /* Dispatch a queued message */
-
-                        *m = bus->rqueue[0];
-                        bus->rqueue_size--;
-                        memmove(bus->rqueue, bus->rqueue + 1, sizeof(sd_bus_message*) * bus->rqueue_size);
-                        return 1;
-                }
-
-                /* Try to read a new message */
-                r = bus_read_message(bus, hint_priority, priority);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return ret;
-
-                ret = 1;
-        }
-}
-
-static int bus_send_internal(sd_bus *bus, sd_bus_message *_m, uint64_t *cookie, bool hint_sync_call) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = sd_bus_message_ref(_m);
-        int r;
-
-        assert_return(m, -EINVAL);
-
-        if (!bus)
-                bus = m->bus;
-
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-        assert_return(!bus->is_kernel || !(bus->hello_flags & KDBUS_HELLO_MONITOR), -EROFS);
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (m->n_fds > 0) {
-                r = sd_bus_can_send(bus, SD_BUS_TYPE_UNIX_FD);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return -EOPNOTSUPP;
-        }
-
-        /* If the cookie number isn't kept, then we know that no reply
-         * is expected */
-        if (!cookie && !m->sealed)
-                m->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
-
-        r = bus_seal_message(bus, m, 0);
-        if (r < 0)
-                return r;
-
-        /* Remarshall if we have to. This will possibly unref the
-         * message and place a replacement in m */
-        r = bus_remarshal_message(bus, &m);
-        if (r < 0)
-                return r;
-
-        /* If this is a reply and no reply was requested, then let's
-         * suppress this, if we can */
-        if (m->dont_send)
-                goto finish;
-
-        if ((bus->state == BUS_RUNNING || bus->state == BUS_HELLO) && bus->wqueue_size <= 0) {
-                size_t idx = 0;
-
-                r = bus_write_message(bus, m, hint_sync_call, &idx);
-                if (r < 0) {
-                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
-                                bus_enter_closing(bus);
-                                return -ECONNRESET;
-                        }
-
-                        return r;
-                }
-
-                if (!bus->is_kernel && idx < BUS_MESSAGE_SIZE(m))  {
-                        /* Wasn't fully written. So let's remember how
-                         * much was written. Note that the first entry
-                         * of the wqueue array is always allocated so
-                         * that we always can remember how much was
-                         * written. */
-                        bus->wqueue[0] = sd_bus_message_ref(m);
-                        bus->wqueue_size = 1;
-                        bus->windex = idx;
-                }
-
-        } else {
-                /* Just append it to the queue. */
-
-                if (bus->wqueue_size >= BUS_WQUEUE_MAX)
-                        return -ENOBUFS;
-
-                if (!GREEDY_REALLOC(bus->wqueue, bus->wqueue_allocated, bus->wqueue_size + 1))
-                        return -ENOMEM;
-
-                bus->wqueue[bus->wqueue_size++] = sd_bus_message_ref(m);
-        }
-
-finish:
-        if (cookie)
-                *cookie = BUS_MESSAGE_COOKIE(m);
-
-        return 1;
-}
-
-_public_ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *cookie) {
-        return bus_send_internal(bus, m, cookie, false);
-}
-
-_public_ int sd_bus_send_to(sd_bus *bus, sd_bus_message *m, const char *destination, uint64_t *cookie) {
-        int r;
-
-        assert_return(m, -EINVAL);
-
-        if (!bus)
-                bus = m->bus;
-
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (!streq_ptr(m->destination, destination)) {
-
-                if (!destination)
-                        return -EEXIST;
-
-                r = sd_bus_message_set_destination(m, destination);
-                if (r < 0)
-                        return r;
-        }
-
-        return sd_bus_send(bus, m, cookie);
-}
-
-static usec_t calc_elapse(uint64_t usec) {
-        if (usec == (uint64_t) -1)
-                return 0;
-
-        return now(CLOCK_MONOTONIC) + usec;
-}
-
-static int timeout_compare(const void *a, const void *b) {
-        const struct reply_callback *x = a, *y = b;
-
-        if (x->timeout != 0 && y->timeout == 0)
-                return -1;
-
-        if (x->timeout == 0 && y->timeout != 0)
-                return 1;
-
-        if (x->timeout < y->timeout)
-                return -1;
-
-        if (x->timeout > y->timeout)
-                return 1;
-
-        return 0;
-}
-
-_public_ int sd_bus_call_async(
-                sd_bus *bus,
-                sd_bus_slot **slot,
-                sd_bus_message *_m,
-                sd_bus_message_handler_t callback,
-                void *userdata,
-                uint64_t usec) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = sd_bus_message_ref(_m);
-        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *s = NULL;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
-        assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
-        assert_return(callback, -EINVAL);
-
-        if (!bus)
-                bus = m->bus;
-
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-        assert_return(!bus->is_kernel || !(bus->hello_flags & KDBUS_HELLO_MONITOR), -EROFS);
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        r = ordered_hashmap_ensure_allocated(&bus->reply_callbacks, &uint64_hash_ops);
-        if (r < 0)
-                return r;
-
-        r = prioq_ensure_allocated(&bus->reply_callbacks_prioq, timeout_compare);
-        if (r < 0)
-                return r;
-
-        r = bus_seal_message(bus, m, usec);
-        if (r < 0)
-                return r;
-
-        r = bus_remarshal_message(bus, &m);
-        if (r < 0)
-                return r;
-
-        s = bus_slot_allocate(bus, !slot, BUS_REPLY_CALLBACK, sizeof(struct reply_callback), userdata);
-        if (!s)
-                return -ENOMEM;
-
-        s->reply_callback.callback = callback;
-
-        s->reply_callback.cookie = BUS_MESSAGE_COOKIE(m);
-        r = ordered_hashmap_put(bus->reply_callbacks, &s->reply_callback.cookie, &s->reply_callback);
-        if (r < 0) {
-                s->reply_callback.cookie = 0;
-                return r;
-        }
-
-        s->reply_callback.timeout = calc_elapse(m->timeout);
-        if (s->reply_callback.timeout != 0) {
-                r = prioq_put(bus->reply_callbacks_prioq, &s->reply_callback, &s->reply_callback.prioq_idx);
-                if (r < 0) {
-                        s->reply_callback.timeout = 0;
-                        return r;
-                }
-        }
-
-        r = sd_bus_send(bus, m, &s->reply_callback.cookie);
-        if (r < 0)
-                return r;
-
-        if (slot)
-                *slot = s;
-        s = NULL;
-
-        return r;
-}
-
-int bus_ensure_running(sd_bus *bus) {
-        int r;
-
-        assert(bus);
-
-        if (bus->state == BUS_UNSET || bus->state == BUS_CLOSED || bus->state == BUS_CLOSING)
-                return -ENOTCONN;
-        if (bus->state == BUS_RUNNING)
-                return 1;
-
-        for (;;) {
-                r = sd_bus_process(bus, NULL);
-                if (r < 0)
-                        return r;
-                if (bus->state == BUS_RUNNING)
-                        return 1;
-                if (r > 0)
-                        continue;
-
-                r = sd_bus_wait(bus, (uint64_t) -1);
-                if (r < 0)
-                        return r;
-        }
-}
-
-_public_ int sd_bus_call(
-                sd_bus *bus,
-                sd_bus_message *_m,
-                uint64_t usec,
-                sd_bus_error *error,
-                sd_bus_message **reply) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = sd_bus_message_ref(_m);
-        usec_t timeout;
-        uint64_t cookie;
-        unsigned i;
-        int r;
-
-        bus_assert_return(m, -EINVAL, error);
-        bus_assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL, error);
-        bus_assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL, error);
-        bus_assert_return(!bus_error_is_dirty(error), -EINVAL, error);
-
-        if (!bus)
-                bus = m->bus;
-
-        bus_assert_return(!bus_pid_changed(bus), -ECHILD, error);
-        bus_assert_return(!bus->is_kernel || !(bus->hello_flags & KDBUS_HELLO_MONITOR), -EROFS, error);
-
-        if (!BUS_IS_OPEN(bus->state)) {
-                r = -ENOTCONN;
-                goto fail;
-        }
-
-        r = bus_ensure_running(bus);
-        if (r < 0)
-                goto fail;
-
-        i = bus->rqueue_size;
-
-        r = bus_seal_message(bus, m, usec);
-        if (r < 0)
-                goto fail;
-
-        r = bus_remarshal_message(bus, &m);
-        if (r < 0)
-                goto fail;
-
-        r = bus_send_internal(bus, m, &cookie, true);
-        if (r < 0)
-                goto fail;
-
-        timeout = calc_elapse(m->timeout);
-
-        for (;;) {
-                usec_t left;
-
-                while (i < bus->rqueue_size) {
-                        sd_bus_message *incoming = NULL;
-
-                        incoming = bus->rqueue[i];
-
-                        if (incoming->reply_cookie == cookie) {
-                                /* Found a match! */
-
-                                memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1));
-                                bus->rqueue_size--;
-                                log_debug_bus_message(incoming);
-
-                                if (incoming->header->type == SD_BUS_MESSAGE_METHOD_RETURN) {
-
-                                        if (incoming->n_fds <= 0 || (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
-                                                if (reply)
-                                                        *reply = incoming;
-                                                else
-                                                        sd_bus_message_unref(incoming);
-
-                                                return 1;
-                                        }
-
-                                        r = sd_bus_error_setf(error, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptors which I couldn't accept. Sorry.");
-                                        sd_bus_message_unref(incoming);
-                                        return r;
-
-                                } else if (incoming->header->type == SD_BUS_MESSAGE_METHOD_ERROR) {
-                                        r = sd_bus_error_copy(error, &incoming->error);
-                                        sd_bus_message_unref(incoming);
-                                        return r;
-                                } else {
-                                        r = -EIO;
-                                        goto fail;
-                                }
-
-                        } else if (BUS_MESSAGE_COOKIE(incoming) == cookie &&
-                                   bus->unique_name &&
-                                   incoming->sender &&
-                                   streq(bus->unique_name, incoming->sender)) {
-
-                                memmove(bus->rqueue + i, bus->rqueue + i + 1, sizeof(sd_bus_message*) * (bus->rqueue_size - i - 1));
-                                bus->rqueue_size--;
-
-                                /* Our own message? Somebody is trying
-                                 * to send its own client a message,
-                                 * let's not dead-lock, let's fail
-                                 * immediately. */
-
-                                sd_bus_message_unref(incoming);
-                                r = -ELOOP;
-                                goto fail;
-                        }
-
-                        /* Try to read more, right-away */
-                        i++;
-                }
-
-                r = bus_read_message(bus, false, 0);
-                if (r < 0) {
-                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
-                                bus_enter_closing(bus);
-                                r = -ECONNRESET;
-                        }
-
-                        goto fail;
-                }
-                if (r > 0)
-                        continue;
-
-                if (timeout > 0) {
-                        usec_t n;
-
-                        n = now(CLOCK_MONOTONIC);
-                        if (n >= timeout) {
-                                r = -ETIMEDOUT;
-                                goto fail;
-                        }
-
-                        left = timeout - n;
-                } else
-                        left = (uint64_t) -1;
-
-                r = bus_poll(bus, true, left);
-                if (r < 0)
-                        goto fail;
-                if (r == 0) {
-                        r = -ETIMEDOUT;
-                        goto fail;
-                }
-
-                r = dispatch_wqueue(bus);
-                if (r < 0) {
-                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
-                                bus_enter_closing(bus);
-                                r = -ECONNRESET;
-                        }
-
-                        goto fail;
-                }
-        }
-
-fail:
-        return sd_bus_error_set_errno(error, r);
-}
-
-_public_ int sd_bus_get_fd(sd_bus *bus) {
-
-        assert_return(bus, -EINVAL);
-        assert_return(bus->input_fd == bus->output_fd, -EPERM);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return bus->input_fd;
-}
-
-_public_ int sd_bus_get_events(sd_bus *bus) {
-        int flags = 0;
-
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (!BUS_IS_OPEN(bus->state) && bus->state != BUS_CLOSING)
-                return -ENOTCONN;
-
-        if (bus->state == BUS_OPENING)
-                flags |= POLLOUT;
-        else if (bus->state == BUS_AUTHENTICATING) {
-
-                if (bus_socket_auth_needs_write(bus))
-                        flags |= POLLOUT;
-
-                flags |= POLLIN;
-
-        } else if (bus->state == BUS_RUNNING || bus->state == BUS_HELLO) {
-                if (bus->rqueue_size <= 0)
-                        flags |= POLLIN;
-                if (bus->wqueue_size > 0)
-                        flags |= POLLOUT;
-        }
-
-        return flags;
-}
-
-_public_ int sd_bus_get_timeout(sd_bus *bus, uint64_t *timeout_usec) {
-        struct reply_callback *c;
-
-        assert_return(bus, -EINVAL);
-        assert_return(timeout_usec, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (!BUS_IS_OPEN(bus->state) && bus->state != BUS_CLOSING)
-                return -ENOTCONN;
-
-        if (bus->track_queue) {
-                *timeout_usec = 0;
-                return 1;
-        }
-
-        if (bus->state == BUS_CLOSING) {
-                *timeout_usec = 0;
-                return 1;
-        }
-
-        if (bus->state == BUS_AUTHENTICATING) {
-                *timeout_usec = bus->auth_timeout;
-                return 1;
-        }
-
-        if (bus->state != BUS_RUNNING && bus->state != BUS_HELLO) {
-                *timeout_usec = (uint64_t) -1;
-                return 0;
-        }
-
-        if (bus->rqueue_size > 0) {
-                *timeout_usec = 0;
-                return 1;
-        }
-
-        c = prioq_peek(bus->reply_callbacks_prioq);
-        if (!c) {
-                *timeout_usec = (uint64_t) -1;
-                return 0;
-        }
-
-        if (c->timeout == 0) {
-                *timeout_usec = (uint64_t) -1;
-                return 0;
-        }
-
-        *timeout_usec = c->timeout;
-        return 1;
-}
-
-static int process_timeout(sd_bus *bus) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message* m = NULL;
-        struct reply_callback *c;
-        sd_bus_slot *slot;
-        usec_t n;
-        int r;
-
-        assert(bus);
-
-        c = prioq_peek(bus->reply_callbacks_prioq);
-        if (!c)
-                return 0;
-
-        n = now(CLOCK_MONOTONIC);
-        if (c->timeout > n)
-                return 0;
-
-        r = bus_message_new_synthetic_error(
-                        bus,
-                        c->cookie,
-                        &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NO_REPLY, "Method call timed out"),
-                        &m);
-        if (r < 0)
-                return r;
-
-        r = bus_seal_synthetic_message(bus, m);
-        if (r < 0)
-                return r;
-
-        assert_se(prioq_pop(bus->reply_callbacks_prioq) == c);
-        c->timeout = 0;
-
-        ordered_hashmap_remove(bus->reply_callbacks, &c->cookie);
-        c->cookie = 0;
-
-        slot = container_of(c, sd_bus_slot, reply_callback);
-
-        bus->iteration_counter++;
-
-        bus->current_message = m;
-        bus->current_slot = sd_bus_slot_ref(slot);
-        bus->current_handler = c->callback;
-        bus->current_userdata = slot->userdata;
-        r = c->callback(m, slot->userdata, &error_buffer);
-        bus->current_userdata = NULL;
-        bus->current_handler = NULL;
-        bus->current_slot = NULL;
-        bus->current_message = NULL;
-
-        if (slot->floating) {
-                bus_slot_disconnect(slot);
-                sd_bus_slot_unref(slot);
-        }
-
-        sd_bus_slot_unref(slot);
-
-        return bus_maybe_reply_error(m, r, &error_buffer);
-}
-
-static int process_hello(sd_bus *bus, sd_bus_message *m) {
-        assert(bus);
-        assert(m);
-
-        if (bus->state != BUS_HELLO)
-                return 0;
-
-        /* Let's make sure the first message on the bus is the HELLO
-         * reply. But note that we don't actually parse the message
-         * here (we leave that to the usual handling), we just verify
-         * we don't let any earlier msg through. */
-
-        if (m->header->type != SD_BUS_MESSAGE_METHOD_RETURN &&
-            m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
-                return -EIO;
-
-        if (m->reply_cookie != 1)
-                return -EIO;
-
-        return 0;
-}
-
-static int process_reply(sd_bus *bus, sd_bus_message *m) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *synthetic_reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
-        struct reply_callback *c;
-        sd_bus_slot *slot;
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        if (m->header->type != SD_BUS_MESSAGE_METHOD_RETURN &&
-            m->header->type != SD_BUS_MESSAGE_METHOD_ERROR)
-                return 0;
-
-        if (bus->is_kernel && (bus->hello_flags & KDBUS_HELLO_MONITOR))
-                return 0;
-
-        if (m->destination && bus->unique_name && !streq_ptr(m->destination, bus->unique_name))
-                return 0;
-
-        c = ordered_hashmap_remove(bus->reply_callbacks, &m->reply_cookie);
-        if (!c)
-                return 0;
-
-        c->cookie = 0;
-
-        slot = container_of(c, sd_bus_slot, reply_callback);
-
-        if (m->n_fds > 0 && !(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
-
-                /* If the reply contained a file descriptor which we
-                 * didn't want we pass an error instead. */
-
-                r = bus_message_new_synthetic_error(
-                                bus,
-                                m->reply_cookie,
-                                &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptor"),
-                                &synthetic_reply);
-                if (r < 0)
-                        return r;
-
-                /* Copy over original timestamp */
-                synthetic_reply->realtime = m->realtime;
-                synthetic_reply->monotonic = m->monotonic;
-                synthetic_reply->seqnum = m->seqnum;
-
-                r = bus_seal_synthetic_message(bus, synthetic_reply);
-                if (r < 0)
-                        return r;
-
-                m = synthetic_reply;
-        } else {
-                r = sd_bus_message_rewind(m, true);
-                if (r < 0)
-                        return r;
-        }
-
-        if (c->timeout != 0) {
-                prioq_remove(bus->reply_callbacks_prioq, c, &c->prioq_idx);
-                c->timeout = 0;
-        }
-
-        bus->current_slot = sd_bus_slot_ref(slot);
-        bus->current_handler = c->callback;
-        bus->current_userdata = slot->userdata;
-        r = c->callback(m, slot->userdata, &error_buffer);
-        bus->current_userdata = NULL;
-        bus->current_handler = NULL;
-        bus->current_slot = NULL;
-
-        if (slot->floating) {
-                bus_slot_disconnect(slot);
-                sd_bus_slot_unref(slot);
-        }
-
-        sd_bus_slot_unref(slot);
-
-        return bus_maybe_reply_error(m, r, &error_buffer);
-}
-
-static int process_filter(sd_bus *bus, sd_bus_message *m) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
-        struct filter_callback *l;
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        do {
-                bus->filter_callbacks_modified = false;
-
-                LIST_FOREACH(callbacks, l, bus->filter_callbacks) {
-                        sd_bus_slot *slot;
-
-                        if (bus->filter_callbacks_modified)
-                                break;
-
-                        /* Don't run this more than once per iteration */
-                        if (l->last_iteration == bus->iteration_counter)
-                                continue;
-
-                        l->last_iteration = bus->iteration_counter;
-
-                        r = sd_bus_message_rewind(m, true);
-                        if (r < 0)
-                                return r;
-
-                        slot = container_of(l, sd_bus_slot, filter_callback);
-
-                        bus->current_slot = sd_bus_slot_ref(slot);
-                        bus->current_handler = l->callback;
-                        bus->current_userdata = slot->userdata;
-                        r = l->callback(m, slot->userdata, &error_buffer);
-                        bus->current_userdata = NULL;
-                        bus->current_handler = NULL;
-                        bus->current_slot = sd_bus_slot_unref(slot);
-
-                        r = bus_maybe_reply_error(m, r, &error_buffer);
-                        if (r != 0)
-                                return r;
-
-                }
-
-        } while (bus->filter_callbacks_modified);
-
-        return 0;
-}
-
-static int process_match(sd_bus *bus, sd_bus_message *m) {
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        do {
-                bus->match_callbacks_modified = false;
-
-                r = bus_match_run(bus, &bus->match_callbacks, m);
-                if (r != 0)
-                        return r;
-
-        } while (bus->match_callbacks_modified);
-
-        return 0;
-}
-
-static int process_builtin(sd_bus *bus, sd_bus_message *m) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
-                return 0;
-
-        if (bus->manual_peer_interface)
-                return 0;
-
-        if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
-                return 0;
-
-        if (!streq_ptr(m->interface, "org.freedesktop.DBus.Peer"))
-                return 0;
-
-        if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED)
-                return 1;
-
-        if (streq_ptr(m->member, "Ping"))
-                r = sd_bus_message_new_method_return(m, &reply);
-        else if (streq_ptr(m->member, "GetMachineId")) {
-                sd_id128_t id;
-                char sid[33];
-
-                r = sd_id128_get_machine(&id);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_new_method_return(m, &reply);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(reply, "s", sd_id128_to_string(id, sid));
-        } else {
-                r = sd_bus_message_new_method_errorf(
-                                m, &reply,
-                                SD_BUS_ERROR_UNKNOWN_METHOD,
-                                 "Unknown method '%s' on interface '%s'.", m->member, m->interface);
-        }
-
-        if (r < 0)
-                return r;
-
-        r = sd_bus_send(bus, reply, NULL);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int process_fd_check(sd_bus *bus, sd_bus_message *m) {
-        assert(bus);
-        assert(m);
-
-        /* If we got a message with a file descriptor which we didn't
-         * want to accept, then let's drop it. How can this even
-         * happen? For example, when the kernel queues a message into
-         * an activatable names's queue which allows fds, and then is
-         * delivered to us later even though we ourselves did not
-         * negotiate it. */
-
-        if (bus->hello_flags & KDBUS_HELLO_MONITOR)
-                return 0;
-
-        if (m->n_fds <= 0)
-                return 0;
-
-        if (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)
-                return 0;
-
-        if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
-                return 1; /* just eat it up */
-
-        return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Message contains file descriptors, which I cannot accept. Sorry.");
-}
-
-static int process_message(sd_bus *bus, sd_bus_message *m) {
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        bus->current_message = m;
-        bus->iteration_counter++;
-
-        log_debug_bus_message(m);
-
-        r = process_hello(bus, m);
-        if (r != 0)
-                goto finish;
-
-        r = process_reply(bus, m);
-        if (r != 0)
-                goto finish;
-
-        r = process_fd_check(bus, m);
-        if (r != 0)
-                goto finish;
-
-        r = process_filter(bus, m);
-        if (r != 0)
-                goto finish;
-
-        r = process_match(bus, m);
-        if (r != 0)
-                goto finish;
-
-        r = process_builtin(bus, m);
-        if (r != 0)
-                goto finish;
-
-        r = bus_process_object(bus, m);
-
-finish:
-        bus->current_message = NULL;
-        return r;
-}
-
-static int dispatch_track(sd_bus *bus) {
-        assert(bus);
-
-        if (!bus->track_queue)
-                return 0;
-
-        bus_track_dispatch(bus->track_queue);
-        return 1;
-}
-
-static int process_running(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **ret) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        int r;
-
-        assert(bus);
-        assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
-
-        r = process_timeout(bus);
-        if (r != 0)
-                goto null_message;
-
-        r = dispatch_wqueue(bus);
-        if (r != 0)
-                goto null_message;
-
-        r = dispatch_track(bus);
-        if (r != 0)
-                goto null_message;
-
-        r = dispatch_rqueue(bus, hint_priority, priority, &m);
-        if (r < 0)
-                return r;
-        if (!m)
-                goto null_message;
-
-        r = process_message(bus, m);
-        if (r != 0)
-                goto null_message;
-
-        if (ret) {
-                r = sd_bus_message_rewind(m, true);
-                if (r < 0)
-                        return r;
-
-                *ret = m;
-                m = NULL;
-                return 1;
-        }
-
-        if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL) {
-
-                log_debug("Unprocessed message call sender=%s object=%s interface=%s member=%s",
-                          strna(sd_bus_message_get_sender(m)),
-                          strna(sd_bus_message_get_path(m)),
-                          strna(sd_bus_message_get_interface(m)),
-                          strna(sd_bus_message_get_member(m)));
-
-                r = sd_bus_reply_method_errorf(
-                                m,
-                                SD_BUS_ERROR_UNKNOWN_OBJECT,
-                                "Unknown object '%s'.", m->path);
-                if (r < 0)
-                        return r;
-        }
-
-        return 1;
-
-null_message:
-        if (r >= 0 && ret)
-                *ret = NULL;
-
-        return r;
-}
-
-static int process_closing(sd_bus *bus, sd_bus_message **ret) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        struct reply_callback *c;
-        int r;
-
-        assert(bus);
-        assert(bus->state == BUS_CLOSING);
-
-        c = ordered_hashmap_first(bus->reply_callbacks);
-        if (c) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
-                sd_bus_slot *slot;
-
-                /* First, fail all outstanding method calls */
-                r = bus_message_new_synthetic_error(
-                                bus,
-                                c->cookie,
-                                &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_NO_REPLY, "Connection terminated"),
-                                &m);
-                if (r < 0)
-                        return r;
-
-                r = bus_seal_synthetic_message(bus, m);
-                if (r < 0)
-                        return r;
-
-                if (c->timeout != 0) {
-                        prioq_remove(bus->reply_callbacks_prioq, c, &c->prioq_idx);
-                        c->timeout = 0;
-                }
-
-                ordered_hashmap_remove(bus->reply_callbacks, &c->cookie);
-                c->cookie = 0;
-
-                slot = container_of(c, sd_bus_slot, reply_callback);
-
-                bus->iteration_counter++;
-
-                bus->current_message = m;
-                bus->current_slot = sd_bus_slot_ref(slot);
-                bus->current_handler = c->callback;
-                bus->current_userdata = slot->userdata;
-                r = c->callback(m, slot->userdata, &error_buffer);
-                bus->current_userdata = NULL;
-                bus->current_handler = NULL;
-                bus->current_slot = NULL;
-                bus->current_message = NULL;
-
-                if (slot->floating) {
-                        bus_slot_disconnect(slot);
-                        sd_bus_slot_unref(slot);
-                }
-
-                sd_bus_slot_unref(slot);
-
-                return bus_maybe_reply_error(m, r, &error_buffer);
-        }
-
-        /* Then, synthesize a Disconnected message */
-        r = sd_bus_message_new_signal(
-                        bus,
-                        &m,
-                        "/org/freedesktop/DBus/Local",
-                        "org.freedesktop.DBus.Local",
-                        "Disconnected");
-        if (r < 0)
-                return r;
-
-        bus_message_set_sender_local(bus, m);
-
-        r = bus_seal_synthetic_message(bus, m);
-        if (r < 0)
-                return r;
-
-        sd_bus_close(bus);
-
-        bus->current_message = m;
-        bus->iteration_counter++;
-
-        r = process_filter(bus, m);
-        if (r != 0)
-                goto finish;
-
-        r = process_match(bus, m);
-        if (r != 0)
-                goto finish;
-
-        if (ret) {
-                *ret = m;
-                m = NULL;
-        }
-
-        r = 1;
-
-finish:
-        bus->current_message = NULL;
-
-        return r;
-}
-
-static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **ret) {
-        BUS_DONT_DESTROY(bus);
-        int r;
-
-        /* Returns 0 when we didn't do anything. This should cause the
-         * caller to invoke sd_bus_wait() before returning the next
-         * time. Returns > 0 when we did something, which possibly
-         * means *ret is filled in with an unprocessed message. */
-
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        /* We don't allow recursively invoking sd_bus_process(). */
-        assert_return(!bus->current_message, -EBUSY);
-        assert(!bus->current_slot);
-
-        switch (bus->state) {
-
-        case BUS_UNSET:
-                return -ENOTCONN;
-
-        case BUS_CLOSED:
-                return -ECONNRESET;
-
-        case BUS_OPENING:
-                r = bus_socket_process_opening(bus);
-                if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
-                        bus_enter_closing(bus);
-                        r = 1;
-                } else if (r < 0)
-                        return r;
-                if (ret)
-                        *ret = NULL;
-                return r;
-
-        case BUS_AUTHENTICATING:
-                r = bus_socket_process_authenticating(bus);
-                if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
-                        bus_enter_closing(bus);
-                        r = 1;
-                } else if (r < 0)
-                        return r;
-
-                if (ret)
-                        *ret = NULL;
-
-                return r;
-
-        case BUS_RUNNING:
-        case BUS_HELLO:
-                r = process_running(bus, hint_priority, priority, ret);
-                if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
-                        bus_enter_closing(bus);
-                        r = 1;
-
-                        if (ret)
-                                *ret = NULL;
-                }
-
-                return r;
-
-        case BUS_CLOSING:
-                return process_closing(bus, ret);
-        }
-
-        assert_not_reached("Unknown state");
-}
-
-_public_ int sd_bus_process(sd_bus *bus, sd_bus_message **ret) {
-        return bus_process_internal(bus, false, 0, ret);
-}
-
-_public_ int sd_bus_process_priority(sd_bus *bus, int64_t priority, sd_bus_message **ret) {
-        return bus_process_internal(bus, true, priority, ret);
-}
-
-static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) {
-        struct pollfd p[2] = {};
-        int r, e, n;
-        struct timespec ts;
-        usec_t m = USEC_INFINITY;
-
-        assert(bus);
-
-        if (bus->state == BUS_CLOSING)
-                return 1;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        e = sd_bus_get_events(bus);
-        if (e < 0)
-                return e;
-
-        if (need_more)
-                /* The caller really needs some more data, he doesn't
-                 * care about what's already read, or any timeouts
-                 * except its own. */
-                e |= POLLIN;
-        else {
-                usec_t until;
-                /* The caller wants to process if there's something to
-                 * process, but doesn't care otherwise */
-
-                r = sd_bus_get_timeout(bus, &until);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        usec_t nw;
-                        nw = now(CLOCK_MONOTONIC);
-                        m = until > nw ? until - nw : 0;
-                }
-        }
-
-        if (timeout_usec != (uint64_t) -1 && (m == (uint64_t) -1 || timeout_usec < m))
-                m = timeout_usec;
-
-        p[0].fd = bus->input_fd;
-        if (bus->output_fd == bus->input_fd) {
-                p[0].events = e;
-                n = 1;
-        } else {
-                p[0].events = e & POLLIN;
-                p[1].fd = bus->output_fd;
-                p[1].events = e & POLLOUT;
-                n = 2;
-        }
-
-        r = ppoll(p, n, m == (uint64_t) -1 ? NULL : timespec_store(&ts, m), NULL);
-        if (r < 0)
-                return -errno;
-
-        return r > 0 ? 1 : 0;
-}
-
-_public_ int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec) {
-
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (bus->state == BUS_CLOSING)
-                return 0;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (bus->rqueue_size > 0)
-                return 0;
-
-        return bus_poll(bus, false, timeout_usec);
-}
-
-_public_ int sd_bus_flush(sd_bus *bus) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (bus->state == BUS_CLOSING)
-                return 0;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        r = bus_ensure_running(bus);
-        if (r < 0)
-                return r;
-
-        if (bus->wqueue_size <= 0)
-                return 0;
-
-        for (;;) {
-                r = dispatch_wqueue(bus);
-                if (r < 0) {
-                        if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
-                                bus_enter_closing(bus);
-                                return -ECONNRESET;
-                        }
-
-                        return r;
-                }
-
-                if (bus->wqueue_size <= 0)
-                        return 0;
-
-                r = bus_poll(bus, false, (uint64_t) -1);
-                if (r < 0)
-                        return r;
-        }
-}
-
-_public_ int sd_bus_add_filter(
-                sd_bus *bus,
-                sd_bus_slot **slot,
-                sd_bus_message_handler_t callback,
-                void *userdata) {
-
-        sd_bus_slot *s;
-
-        assert_return(bus, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        s = bus_slot_allocate(bus, !slot, BUS_FILTER_CALLBACK, sizeof(struct filter_callback), userdata);
-        if (!s)
-                return -ENOMEM;
-
-        s->filter_callback.callback = callback;
-
-        bus->filter_callbacks_modified = true;
-        LIST_PREPEND(callbacks, bus->filter_callbacks, &s->filter_callback);
-
-        if (slot)
-                *slot = s;
-
-        return 0;
-}
-
-_public_ int sd_bus_add_match(
-                sd_bus *bus,
-                sd_bus_slot **slot,
-                const char *match,
-                sd_bus_message_handler_t callback,
-                void *userdata) {
-
-        struct bus_match_component *components = NULL;
-        unsigned n_components = 0;
-        sd_bus_slot *s = NULL;
-        int r = 0;
-
-        assert_return(bus, -EINVAL);
-        assert_return(match, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        r = bus_match_parse(match, &components, &n_components);
-        if (r < 0)
-                goto finish;
-
-        s = bus_slot_allocate(bus, !slot, BUS_MATCH_CALLBACK, sizeof(struct match_callback), userdata);
-        if (!s) {
-                r = -ENOMEM;
-                goto finish;
-        }
-
-        s->match_callback.callback = callback;
-        s->match_callback.cookie = ++bus->match_cookie;
-
-        if (bus->bus_client) {
-                enum bus_match_scope scope;
-
-                scope = bus_match_get_scope(components, n_components);
-
-                /* Do not install server-side matches for matches
-                 * against the local service, interface or bus
-                 * path. */
-                if (scope != BUS_MATCH_LOCAL) {
-
-                        if (!bus->is_kernel) {
-                                /* When this is not a kernel transport, we
-                                 * store the original match string, so that we
-                                 * can use it to remove the match again */
-
-                                s->match_callback.match_string = strdup(match);
-                                if (!s->match_callback.match_string) {
-                                        r = -ENOMEM;
-                                        goto finish;
-                                }
-                        }
-
-                        r = bus_add_match_internal(bus, s->match_callback.match_string, components, n_components, s->match_callback.cookie);
-                        if (r < 0)
-                                goto finish;
-
-                        s->match_added = true;
-                }
-        }
-
-        bus->match_callbacks_modified = true;
-        r = bus_match_add(&bus->match_callbacks, components, n_components, &s->match_callback);
-        if (r < 0)
-                goto finish;
-
-        if (slot)
-                *slot = s;
-        s = NULL;
-
-finish:
-        bus_match_parse_free(components, n_components);
-        sd_bus_slot_unref(s);
-
-        return r;
-}
-
-int bus_remove_match_by_string(
-                sd_bus *bus,
-                const char *match,
-                sd_bus_message_handler_t callback,
-                void *userdata) {
-
-        struct bus_match_component *components = NULL;
-        unsigned n_components = 0;
-        struct match_callback *c;
-        int r = 0;
-
-        assert_return(bus, -EINVAL);
-        assert_return(match, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        r = bus_match_parse(match, &components, &n_components);
-        if (r < 0)
-                goto finish;
-
-        r = bus_match_find(&bus->match_callbacks, components, n_components, NULL, NULL, &c);
-        if (r <= 0)
-                goto finish;
-
-        sd_bus_slot_unref(container_of(c, sd_bus_slot, match_callback));
-
-finish:
-        bus_match_parse_free(components, n_components);
-
-        return r;
-}
-
-bool bus_pid_changed(sd_bus *bus) {
-        assert(bus);
-
-        /* We don't support people creating a bus connection and
-         * keeping it around over a fork(). Let's complain. */
-
-        return bus->original_pid != getpid();
-}
-
-static int io_callback(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        r = sd_bus_process(bus, NULL);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int time_callback(sd_event_source *s, uint64_t usec, void *userdata) {
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        r = sd_bus_process(bus, NULL);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int prepare_callback(sd_event_source *s, void *userdata) {
-        sd_bus *bus = userdata;
-        int r, e;
-        usec_t until;
-
-        assert(s);
-        assert(bus);
-
-        e = sd_bus_get_events(bus);
-        if (e < 0)
-                return e;
-
-        if (bus->output_fd != bus->input_fd) {
-
-                r = sd_event_source_set_io_events(bus->input_io_event_source, e & POLLIN);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_io_events(bus->output_io_event_source, e & POLLOUT);
-                if (r < 0)
-                        return r;
-        } else {
-                r = sd_event_source_set_io_events(bus->input_io_event_source, e);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_get_timeout(bus, &until);
-        if (r < 0)
-                return r;
-        if (r > 0) {
-                int j;
-
-                j = sd_event_source_set_time(bus->time_event_source, until);
-                if (j < 0)
-                        return j;
-        }
-
-        r = sd_event_source_set_enabled(bus->time_event_source, r > 0);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int quit_callback(sd_event_source *event, void *userdata) {
-        sd_bus *bus = userdata;
-
-        assert(event);
-
-        sd_bus_flush(bus);
-        sd_bus_close(bus);
-
-        return 1;
-}
-
-static int attach_io_events(sd_bus *bus) {
-        int r;
-
-        assert(bus);
-
-        if (bus->input_fd < 0)
-                return 0;
-
-        if (!bus->event)
-                return 0;
-
-        if (!bus->input_io_event_source) {
-                r = sd_event_add_io(bus->event, &bus->input_io_event_source, bus->input_fd, 0, io_callback, bus);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_prepare(bus->input_io_event_source, prepare_callback);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_priority(bus->input_io_event_source, bus->event_priority);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_source_set_description(bus->input_io_event_source, "bus-input");
-        } else
-                r = sd_event_source_set_io_fd(bus->input_io_event_source, bus->input_fd);
-
-        if (r < 0)
-                return r;
-
-        if (bus->output_fd != bus->input_fd) {
-                assert(bus->output_fd >= 0);
-
-                if (!bus->output_io_event_source) {
-                        r = sd_event_add_io(bus->event, &bus->output_io_event_source, bus->output_fd, 0, io_callback, bus);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_event_source_set_priority(bus->output_io_event_source, bus->event_priority);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_event_source_set_description(bus->input_io_event_source, "bus-output");
-                } else
-                        r = sd_event_source_set_io_fd(bus->output_io_event_source, bus->output_fd);
-
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static void detach_io_events(sd_bus *bus) {
-        assert(bus);
-
-        if (bus->input_io_event_source) {
-                sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF);
-                bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source);
-        }
-
-        if (bus->output_io_event_source) {
-                sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF);
-                bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source);
-        }
-}
-
-_public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(!bus->event, -EBUSY);
-
-        assert(!bus->input_io_event_source);
-        assert(!bus->output_io_event_source);
-        assert(!bus->time_event_source);
-
-        if (event)
-                bus->event = sd_event_ref(event);
-        else  {
-                r = sd_event_default(&bus->event);
-                if (r < 0)
-                        return r;
-        }
-
-        bus->event_priority = priority;
-
-        r = sd_event_add_time(bus->event, &bus->time_event_source, CLOCK_MONOTONIC, 0, 0, time_callback, bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_priority(bus->time_event_source, priority);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_description(bus->time_event_source, "bus-time");
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_add_exit(bus->event, &bus->quit_event_source, quit_callback, bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_description(bus->quit_event_source, "bus-exit");
-        if (r < 0)
-                goto fail;
-
-        r = attach_io_events(bus);
-        if (r < 0)
-                goto fail;
-
-        return 0;
-
-fail:
-        sd_bus_detach_event(bus);
-        return r;
-}
-
-_public_ int sd_bus_detach_event(sd_bus *bus) {
-        assert_return(bus, -EINVAL);
-
-        if (!bus->event)
-                return 0;
-
-        detach_io_events(bus);
-
-        if (bus->time_event_source) {
-                sd_event_source_set_enabled(bus->time_event_source, SD_EVENT_OFF);
-                bus->time_event_source = sd_event_source_unref(bus->time_event_source);
-        }
-
-        if (bus->quit_event_source) {
-                sd_event_source_set_enabled(bus->quit_event_source, SD_EVENT_OFF);
-                bus->quit_event_source = sd_event_source_unref(bus->quit_event_source);
-        }
-
-        bus->event = sd_event_unref(bus->event);
-        return 1;
-}
-
-_public_ sd_event* sd_bus_get_event(sd_bus *bus) {
-        assert_return(bus, NULL);
-
-        return bus->event;
-}
-
-_public_ sd_bus_message* sd_bus_get_current_message(sd_bus *bus) {
-        assert_return(bus, NULL);
-
-        return bus->current_message;
-}
-
-_public_ sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus) {
-        assert_return(bus, NULL);
-
-        return bus->current_slot;
-}
-
-_public_ sd_bus_message_handler_t sd_bus_get_current_handler(sd_bus *bus) {
-        assert_return(bus, NULL);
-
-        return bus->current_handler;
-}
-
-_public_ void* sd_bus_get_current_userdata(sd_bus *bus) {
-        assert_return(bus, NULL);
-
-        return bus->current_userdata;
-}
-
-static int bus_default(int (*bus_open)(sd_bus **), sd_bus **default_bus, sd_bus **ret) {
-        sd_bus *b = NULL;
-        int r;
-
-        assert(bus_open);
-        assert(default_bus);
-
-        if (!ret)
-                return !!*default_bus;
-
-        if (*default_bus) {
-                *ret = sd_bus_ref(*default_bus);
-                return 0;
-        }
-
-        r = bus_open(&b);
-        if (r < 0)
-                return r;
-
-        b->default_bus_ptr = default_bus;
-        b->tid = gettid();
-        *default_bus = b;
-
-        *ret = b;
-        return 1;
-}
-
-_public_ int sd_bus_default_system(sd_bus **ret) {
-        return bus_default(sd_bus_open_system, &default_system_bus, ret);
-}
-
-
-_public_ int sd_bus_default_user(sd_bus **ret) {
-        return bus_default(sd_bus_open_user, &default_user_bus, ret);
-}
-
-_public_ int sd_bus_default(sd_bus **ret) {
-
-        const char *e;
-
-        /* Let's try our best to reuse another cached connection. If
-         * the starter bus type is set, connect via our normal
-         * connection logic, ignoring $DBUS_STARTER_ADDRESS, so that
-         * we can share the connection with the user/system default
-         * bus. */
-
-        e = secure_getenv("DBUS_STARTER_BUS_TYPE");
-        if (e) {
-                if (streq(e, "system"))
-                        return sd_bus_default_system(ret);
-                else if (STR_IN_SET(e, "user", "session"))
-                        return sd_bus_default_user(ret);
-        }
-
-        /* No type is specified, so we have not other option than to
-         * use the starter address if it is set. */
-
-        e = secure_getenv("DBUS_STARTER_ADDRESS");
-        if (e) {
-
-                return bus_default(sd_bus_open, &default_starter_bus, ret);
-        }
-
-        /* Finally, if nothing is set use the cached connection for
-         * the right scope */
-
-        if (cg_pid_get_owner_uid(0, NULL) >= 0)
-                return sd_bus_default_user(ret);
-        else
-                return sd_bus_default_system(ret);
-}
-
-_public_ int sd_bus_get_tid(sd_bus *b, pid_t *tid) {
-        assert_return(b, -EINVAL);
-        assert_return(tid, -EINVAL);
-        assert_return(!bus_pid_changed(b), -ECHILD);
-
-        if (b->tid != 0) {
-                *tid = b->tid;
-                return 0;
-        }
-
-        if (b->event)
-                return sd_event_get_tid(b->event, tid);
-
-        return -ENXIO;
-}
-
-_public_ int sd_bus_path_encode(const char *prefix, const char *external_id, char **ret_path) {
-        _cleanup_free_ char *e = NULL;
-        char *ret;
-
-        assert_return(object_path_is_valid(prefix), -EINVAL);
-        assert_return(external_id, -EINVAL);
-        assert_return(ret_path, -EINVAL);
-
-        e = bus_label_escape(external_id);
-        if (!e)
-                return -ENOMEM;
-
-        ret = strjoin(prefix, "/", e, NULL);
-        if (!ret)
-                return -ENOMEM;
-
-        *ret_path = ret;
-        return 0;
-}
-
-_public_ int sd_bus_path_decode(const char *path, const char *prefix, char **external_id) {
-        const char *e;
-        char *ret;
-
-        assert_return(object_path_is_valid(path), -EINVAL);
-        assert_return(object_path_is_valid(prefix), -EINVAL);
-        assert_return(external_id, -EINVAL);
-
-        e = object_path_startswith(path, prefix);
-        if (!e) {
-                *external_id = NULL;
-                return 0;
-        }
-
-        ret = bus_label_unescape(e);
-        if (!ret)
-                return -ENOMEM;
-
-        *external_id = ret;
-        return 1;
-}
-
-_public_ int sd_bus_path_encode_many(char **out, const char *path_template, ...) {
-        _cleanup_strv_free_ char **labels = NULL;
-        char *path, *path_pos, **label_pos;
-        const char *sep, *template_pos;
-        size_t path_length;
-        va_list list;
-        int r;
-
-        assert_return(out, -EINVAL);
-        assert_return(path_template, -EINVAL);
-
-        path_length = strlen(path_template);
-
-        va_start(list, path_template);
-        for (sep = strchr(path_template, '%'); sep; sep = strchr(sep + 1, '%')) {
-                const char *arg;
-                char *label;
-
-                arg = va_arg(list, const char *);
-                if (!arg) {
-                        va_end(list);
-                        return -EINVAL;
-                }
-
-                label = bus_label_escape(arg);
-                if (!label) {
-                        va_end(list);
-                        return -ENOMEM;
-                }
-
-                r = strv_consume(&labels, label);
-                if (r < 0) {
-                        va_end(list);
-                        return r;
-                }
-
-                /* add label length, but account for the format character */
-                path_length += strlen(label) - 1;
-        }
-        va_end(list);
-
-        path = malloc(path_length + 1);
-        if (!path)
-                return -ENOMEM;
-
-        path_pos = path;
-        label_pos = labels;
-
-        for (template_pos = path_template; *template_pos; ) {
-                sep = strchrnul(template_pos, '%');
-                path_pos = mempcpy(path_pos, template_pos, sep - template_pos);
-                if (!*sep)
-                        break;
-
-                path_pos = stpcpy(path_pos, *label_pos++);
-                template_pos = sep + 1;
-        }
-
-        *path_pos = 0;
-        *out = path;
-        return 0;
-}
-
-_public_ int sd_bus_path_decode_many(const char *path, const char *path_template, ...) {
-        _cleanup_strv_free_ char **labels = NULL;
-        const char *template_pos, *path_pos;
-        char **label_pos;
-        va_list list;
-        int r;
-
-        /*
-         * This decodes an object-path based on a template argument. The
-         * template consists of a verbatim path, optionally including special
-         * directives:
-         *
-         *   - Each occurrence of '%' in the template matches an arbitrary
-         *     substring of a label in the given path. At most one such
-         *     directive is allowed per label. For each such directive, the
-         *     caller must provide an output parameter (char **) via va_arg. If
-         *     NULL is passed, the given label is verified, but not returned.
-         *     For each matched label, the *decoded* label is stored in the
-         *     passed output argument, and the caller is responsible to free
-         *     it. Note that the output arguments are only modified if the
-         *     actualy path matched the template. Otherwise, they're left
-         *     untouched.
-         *
-         * This function returns <0 on error, 0 if the path does not match the
-         * template, 1 if it matched.
-         */
-
-        assert_return(path, -EINVAL);
-        assert_return(path_template, -EINVAL);
-
-        path_pos = path;
-
-        for (template_pos = path_template; *template_pos; ) {
-                const char *sep;
-                size_t length;
-                char *label;
-
-                /* verify everything until the next '%' matches verbatim */
-                sep = strchrnul(template_pos, '%');
-                length = sep - template_pos;
-                if (strncmp(path_pos, template_pos, length))
-                        return 0;
-
-                path_pos += length;
-                template_pos += length;
-
-                if (!*template_pos)
-                        break;
-
-                /* We found the next '%' character. Everything up until here
-                 * matched. We now skip ahead to the end of this label and make
-                 * sure it matches the tail of the label in the path. Then we
-                 * decode the string in-between and save it for later use. */
-
-                ++template_pos; /* skip over '%' */
-
-                sep = strchrnul(template_pos, '/');
-                length = sep - template_pos; /* length of suffix to match verbatim */
-
-                /* verify the suffixes match */
-                sep = strchrnul(path_pos, '/');
-                if (sep - path_pos < (ssize_t)length ||
-                    strncmp(sep - length, template_pos, length))
-                        return 0;
-
-                template_pos += length; /* skip over matched label */
-                length = sep - path_pos - length; /* length of sub-label to decode */
-
-                /* store unescaped label for later use */
-                label = bus_label_unescape_n(path_pos, length);
-                if (!label)
-                        return -ENOMEM;
-
-                r = strv_consume(&labels, label);
-                if (r < 0)
-                        return r;
-
-                path_pos = sep; /* skip decoded label and suffix */
-        }
-
-        /* end of template must match end of path */
-        if (*path_pos)
-                return 0;
-
-        /* copy the labels over to the caller */
-        va_start(list, path_template);
-        for (label_pos = labels; label_pos && *label_pos; ++label_pos) {
-                char **arg;
-
-                arg = va_arg(list, char **);
-                if (arg)
-                        *arg = *label_pos;
-                else
-                        free(*label_pos);
-        }
-        va_end(list);
-
-        free(labels);
-        labels = NULL;
-        return 1;
-}
-
-_public_ int sd_bus_try_close(sd_bus *bus) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (!bus->is_kernel)
-                return -EOPNOTSUPP;
-
-        if (!BUS_IS_OPEN(bus->state))
-                return -ENOTCONN;
-
-        if (bus->rqueue_size > 0)
-                return -EBUSY;
-
-        if (bus->wqueue_size > 0)
-                return -EBUSY;
-
-        r = bus_kernel_try_close(bus);
-        if (r < 0)
-                return r;
-
-        sd_bus_close(bus);
-        return 0;
-}
-
-_public_ int sd_bus_get_description(sd_bus *bus, const char **description) {
-        assert_return(bus, -EINVAL);
-        assert_return(description, -EINVAL);
-        assert_return(bus->description, -ENXIO);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        *description = bus->description;
-        return 0;
-}
-
-int bus_get_root_path(sd_bus *bus) {
-        int r;
-
-        if (bus->cgroup_root)
-                return 0;
-
-        r = cg_get_root_path(&bus->cgroup_root);
-        if (r == -ENOENT) {
-                bus->cgroup_root = strdup("/");
-                if (!bus->cgroup_root)
-                        return -ENOMEM;
-
-                r = 0;
-        }
-
-        return r;
-}
-
-_public_ int sd_bus_get_scope(sd_bus *bus, const char **scope) {
-        int r;
-
-        assert_return(bus, -EINVAL);
-        assert_return(scope, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (bus->is_kernel) {
-                _cleanup_free_ char *n = NULL;
-                const char *dash;
-
-                r = bus_kernel_get_bus_name(bus, &n);
-                if (r < 0)
-                        return r;
-
-                if (streq(n, "0-system")) {
-                        *scope = "system";
-                        return 0;
-                }
-
-                dash = strchr(n, '-');
-                if (streq_ptr(dash, "-user")) {
-                        *scope = "user";
-                        return 0;
-                }
-        }
-
-        if (bus->is_user) {
-                *scope = "user";
-                return 0;
-        }
-
-        if (bus->is_system) {
-                *scope = "system";
-                return 0;
-        }
-
-        return -ENODATA;
-}
-
-_public_ int sd_bus_get_address(sd_bus *bus, const char **address) {
-
-        assert_return(bus, -EINVAL);
-        assert_return(address, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        if (bus->address) {
-                *address = bus->address;
-                return 0;
-        }
-
-        return -ENODATA;
-}
-
-_public_ int sd_bus_get_creds_mask(sd_bus *bus, uint64_t *mask) {
-        assert_return(bus, -EINVAL);
-        assert_return(mask, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        *mask = bus->creds_mask;
-        return 0;
-}
-
-_public_ int sd_bus_is_bus_client(sd_bus *bus) {
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return bus->bus_client;
-}
-
-_public_ int sd_bus_is_server(sd_bus *bus) {
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return bus->is_server;
-}
-
-_public_ int sd_bus_is_anonymous(sd_bus *bus) {
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return bus->anonymous_auth;
-}
-
-_public_ int sd_bus_is_trusted(sd_bus *bus) {
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return bus->trusted;
-}
-
-_public_ int sd_bus_is_monitor(sd_bus *bus) {
-        assert_return(bus, -EINVAL);
-        assert_return(!bus_pid_changed(bus), -ECHILD);
-
-        return !!(bus->hello_flags & KDBUS_HELLO_MONITOR);
-}
-
-static void flush_close(sd_bus *bus) {
-        if (!bus)
-                return;
-
-        /* Flushes and closes the specified bus. We take a ref before,
-         * to ensure the flushing does not cause the bus to be
-         * unreferenced. */
-
-        sd_bus_flush_close_unref(sd_bus_ref(bus));
-}
-
-_public_ void sd_bus_default_flush_close(void) {
-        flush_close(default_starter_bus);
-        flush_close(default_user_bus);
-        flush_close(default_system_bus);
-}
diff --git a/src/libsystemd/sd-bus/test-bus-benchmark.c b/src/libsystemd/sd-bus/test-bus-benchmark.c
deleted file mode 100644
index 56ac2ab3dd..0000000000
--- a/src/libsystemd/sd-bus/test-bus-benchmark.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sys/wait.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-internal.h"
-#include "bus-kernel.h"
-#include "bus-util.h"
-#include "def.h"
-#include "fd-util.h"
-#include "time-util.h"
-#include "util.h"
-
-#define MAX_SIZE (2*1024*1024)
-
-static usec_t arg_loop_usec = 100 * USEC_PER_MSEC;
-
-typedef enum Type {
-        TYPE_KDBUS,
-        TYPE_LEGACY,
-        TYPE_DIRECT,
-} Type;
-
-static void server(sd_bus *b, size_t *result) {
-        int r;
-
-        for (;;) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-
-                r = sd_bus_process(b, &m);
-                assert_se(r >= 0);
-
-                if (r == 0)
-                        assert_se(sd_bus_wait(b, USEC_INFINITY) >= 0);
-                if (!m)
-                        continue;
-
-                if (sd_bus_message_is_method_call(m, "benchmark.server", "Ping"))
-                        assert_se(sd_bus_reply_method_return(m, NULL) >= 0);
-                else if (sd_bus_message_is_method_call(m, "benchmark.server", "Work")) {
-                        const void *p;
-                        size_t sz;
-
-                        /* Make sure the mmap is mapped */
-                        assert_se(sd_bus_message_read_array(m, 'y', &p, &sz) > 0);
-
-                        r = sd_bus_reply_method_return(m, NULL);
-                        assert_se(r >= 0);
-                } else if (sd_bus_message_is_method_call(m, "benchmark.server", "Exit")) {
-                        uint64_t res;
-                        assert_se(sd_bus_message_read(m, "t", &res) > 0);
-
-                        *result = res;
-                        return;
-
-                } else if (!sd_bus_message_is_signal(m, NULL, NULL))
-                        assert_not_reached("Unknown method");
-        }
-}
-
-static void transaction(sd_bus *b, size_t sz, const char *server_name) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        uint8_t *p;
-
-        assert_se(sd_bus_message_new_method_call(b, &m, server_name, "/", "benchmark.server", "Work") >= 0);
-        assert_se(sd_bus_message_append_array_space(m, 'y', sz, (void**) &p) >= 0);
-
-        memset(p, 0x80, sz);
-
-        assert_se(sd_bus_call(b, m, 0, NULL, &reply) >= 0);
-}
-
-static void client_bisect(const char *address, const char *server_name) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *x = NULL;
-        size_t lsize, rsize, csize;
-        sd_bus *b;
-        int r;
-
-        r = sd_bus_new(&b);
-        assert_se(r >= 0);
-
-        r = sd_bus_set_address(b, address);
-        assert_se(r >= 0);
-
-        r = sd_bus_start(b);
-        assert_se(r >= 0);
-
-        r = sd_bus_call_method(b, server_name, "/", "benchmark.server", "Ping", NULL, NULL, NULL);
-        assert_se(r >= 0);
-
-        lsize = 1;
-        rsize = MAX_SIZE;
-
-        printf("SIZE\tCOPY\tMEMFD\n");
-
-        for (;;) {
-                usec_t t;
-                unsigned n_copying, n_memfd;
-
-                csize = (lsize + rsize) / 2;
-
-                if (csize <= lsize)
-                        break;
-
-                if (csize <= 0)
-                        break;
-
-                printf("%zu\t", csize);
-
-                b->use_memfd = 0;
-
-                t = now(CLOCK_MONOTONIC);
-                for (n_copying = 0;; n_copying++) {
-                        transaction(b, csize, server_name);
-                        if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
-                                break;
-                }
-                printf("%u\t", (unsigned) ((n_copying * USEC_PER_SEC) / arg_loop_usec));
-
-                b->use_memfd = -1;
-
-                t = now(CLOCK_MONOTONIC);
-                for (n_memfd = 0;; n_memfd++) {
-                        transaction(b, csize, server_name);
-                        if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
-                                break;
-                }
-                printf("%u\n", (unsigned) ((n_memfd * USEC_PER_SEC) / arg_loop_usec));
-
-                if (n_copying == n_memfd)
-                        break;
-
-                if (n_copying > n_memfd)
-                        lsize = csize;
-                else
-                        rsize = csize;
-        }
-
-        b->use_memfd = 1;
-        assert_se(sd_bus_message_new_method_call(b, &x, server_name, "/", "benchmark.server", "Exit") >= 0);
-        assert_se(sd_bus_message_append(x, "t", csize) >= 0);
-        assert_se(sd_bus_send(b, x, NULL) >= 0);
-
-        sd_bus_unref(b);
-}
-
-static void client_chart(Type type, const char *address, const char *server_name, int fd) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *x = NULL;
-        size_t csize;
-        sd_bus *b;
-        int r;
-
-        r = sd_bus_new(&b);
-        assert_se(r >= 0);
-
-        if (type == TYPE_DIRECT) {
-                r = sd_bus_set_fd(b, fd, fd);
-                assert_se(r >= 0);
-        } else {
-                r = sd_bus_set_address(b, address);
-                assert_se(r >= 0);
-
-                r = sd_bus_set_bus_client(b, true);
-                assert_se(r >= 0);
-        }
-
-        r = sd_bus_start(b);
-        assert_se(r >= 0);
-
-        r = sd_bus_call_method(b, server_name, "/", "benchmark.server", "Ping", NULL, NULL, NULL);
-        assert_se(r >= 0);
-
-        switch (type) {
-        case TYPE_KDBUS:
-                printf("SIZE\tCOPY\tMEMFD\n");
-                break;
-        case TYPE_LEGACY:
-                printf("SIZE\tLEGACY\n");
-                break;
-        case TYPE_DIRECT:
-                printf("SIZE\tDIRECT\n");
-                break;
-        }
-
-        for (csize = 1; csize <= MAX_SIZE; csize *= 2) {
-                usec_t t;
-                unsigned n_copying, n_memfd;
-
-                printf("%zu\t", csize);
-
-                if (type == TYPE_KDBUS) {
-                        b->use_memfd = 0;
-
-                        t = now(CLOCK_MONOTONIC);
-                        for (n_copying = 0;; n_copying++) {
-                                transaction(b, csize, server_name);
-                                if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
-                                        break;
-                        }
-
-                        printf("%u\t", (unsigned) ((n_copying * USEC_PER_SEC) / arg_loop_usec));
-
-                        b->use_memfd = -1;
-                }
-
-                t = now(CLOCK_MONOTONIC);
-                for (n_memfd = 0;; n_memfd++) {
-                        transaction(b, csize, server_name);
-                        if (now(CLOCK_MONOTONIC) >= t + arg_loop_usec)
-                                break;
-                }
-
-                printf("%u\n", (unsigned) ((n_memfd * USEC_PER_SEC) / arg_loop_usec));
-        }
-
-        b->use_memfd = 1;
-        assert_se(sd_bus_message_new_method_call(b, &x, server_name, "/", "benchmark.server", "Exit") >= 0);
-        assert_se(sd_bus_message_append(x, "t", csize) >= 0);
-        assert_se(sd_bus_send(b, x, NULL) >= 0);
-
-        sd_bus_unref(b);
-}
-
-int main(int argc, char *argv[]) {
-        enum {
-                MODE_BISECT,
-                MODE_CHART,
-        } mode = MODE_BISECT;
-        Type type = TYPE_KDBUS;
-        int i, pair[2] = { -1, -1 };
-        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL, *server_name = NULL;
-        _cleanup_close_ int bus_ref = -1;
-        const char *unique;
-        cpu_set_t cpuset;
-        size_t result;
-        sd_bus *b;
-        pid_t pid;
-        int r;
-
-        for (i = 1; i < argc; i++) {
-                if (streq(argv[i], "chart")) {
-                        mode = MODE_CHART;
-                        continue;
-                } else if (streq(argv[i], "legacy")) {
-                        type = TYPE_LEGACY;
-                        continue;
-                } else if (streq(argv[i], "direct")) {
-                        type = TYPE_DIRECT;
-                        continue;
-                }
-
-                assert_se(parse_sec(argv[i], &arg_loop_usec) >= 0);
-        }
-
-        assert_se(!MODE_BISECT || TYPE_KDBUS);
-
-        assert_se(arg_loop_usec > 0);
-
-        if (type == TYPE_KDBUS) {
-                assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
-
-                bus_ref = bus_kernel_create_bus(name, false, &bus_name);
-                if (bus_ref == -ENOENT)
-                        exit(EXIT_TEST_SKIP);
-
-                assert_se(bus_ref >= 0);
-
-                address = strappend("kernel:path=", bus_name);
-                assert_se(address);
-        } else if (type == TYPE_LEGACY) {
-                const char *e;
-
-                e = secure_getenv("DBUS_SESSION_BUS_ADDRESS");
-                assert_se(e);
-
-                address = strdup(e);
-                assert_se(address);
-        }
-
-        r = sd_bus_new(&b);
-        assert_se(r >= 0);
-
-        if (type == TYPE_DIRECT) {
-                assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) >= 0);
-
-                r = sd_bus_set_fd(b, pair[0], pair[0]);
-                assert_se(r >= 0);
-
-                r = sd_bus_set_server(b, true, SD_ID128_NULL);
-                assert_se(r >= 0);
-        } else {
-                r = sd_bus_set_address(b, address);
-                assert_se(r >= 0);
-
-                r = sd_bus_set_bus_client(b, true);
-                assert_se(r >= 0);
-        }
-
-        r = sd_bus_start(b);
-        assert_se(r >= 0);
-
-        if (type != TYPE_DIRECT) {
-                r = sd_bus_get_unique_name(b, &unique);
-                assert_se(r >= 0);
-
-                server_name = strdup(unique);
-                assert_se(server_name);
-        }
-
-        sync();
-        setpriority(PRIO_PROCESS, 0, -19);
-
-        pid = fork();
-        assert_se(pid >= 0);
-
-        if (pid == 0) {
-                CPU_ZERO(&cpuset);
-                CPU_SET(0, &cpuset);
-                pthread_setaffinity_np(pthread_self(), sizeof(cpu_set_t), &cpuset);
-
-                safe_close(bus_ref);
-                sd_bus_unref(b);
-
-                switch (mode) {
-                case MODE_BISECT:
-                        client_bisect(address, server_name);
-                        break;
-
-                case MODE_CHART:
-                        client_chart(type, address, server_name, pair[1]);
-                        break;
-                }
-
-                _exit(0);
-        }
-
-        CPU_ZERO(&cpuset);
-        CPU_SET(1, &cpuset);
-        pthread_setaffinity_np(pthread_self(), sizeof(cpu_set_t), &cpuset);
-
-        server(b, &result);
-
-        if (mode == MODE_BISECT)
-                printf("Copying/memfd are equally fast at %zu bytes\n", result);
-
-        assert_se(waitpid(pid, NULL, 0) == pid);
-
-        safe_close(pair[1]);
-        sd_bus_unref(b);
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-chat.c b/src/libsystemd/sd-bus/test-bus-chat.c
deleted file mode 100644
index 048c0d19e2..0000000000
--- a/src/libsystemd/sd-bus/test-bus-chat.c
+++ /dev/null
@@ -1,560 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <pthread.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-internal.h"
-#include "bus-match.h"
-#include "bus-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "log.h"
-#include "macro.h"
-#include "util.h"
-
-static int match_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
-        log_info("Match triggered! interface=%s member=%s", strna(sd_bus_message_get_interface(m)), strna(sd_bus_message_get_member(m)));
-        return 0;
-}
-
-static int object_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
-        int r;
-
-        if (sd_bus_message_is_method_error(m, NULL))
-                return 0;
-
-        if (sd_bus_message_is_method_call(m, "org.object.test", "Foobar")) {
-                log_info("Invoked Foobar() on %s", sd_bus_message_get_path(m));
-
-                r = sd_bus_reply_method_return(m, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to send reply: %m");
-
-                return 1;
-        }
-
-        return 0;
-}
-
-static int server_init(sd_bus **_bus) {
-        sd_bus *bus = NULL;
-        sd_id128_t id;
-        int r;
-        const char *unique;
-
-        assert_se(_bus);
-
-        r = sd_bus_open_user(&bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to connect to user bus: %m");
-                goto fail;
-        }
-
-        r = sd_bus_get_bus_id(bus, &id);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get server ID: %m");
-                goto fail;
-        }
-
-        r = sd_bus_get_unique_name(bus, &unique);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get unique name: %m");
-                goto fail;
-        }
-
-        log_info("Peer ID is " SD_ID128_FORMAT_STR ".", SD_ID128_FORMAT_VAL(id));
-        log_info("Unique ID: %s", unique);
-        log_info("Can send file handles: %i", sd_bus_can_send(bus, 'h'));
-
-        r = sd_bus_request_name(bus, "org.freedesktop.systemd.test", 0);
-        if (r < 0) {
-                log_error_errno(r, "Failed to acquire name: %m");
-                goto fail;
-        }
-
-        r = sd_bus_add_fallback(bus, NULL, "/foo/bar", object_callback, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add object: %m");
-                goto fail;
-        }
-
-        r = sd_bus_add_match(bus, NULL, "type='signal',interface='foo.bar',member='Notify'", match_callback, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add match: %m");
-                goto fail;
-        }
-
-        r = sd_bus_add_match(bus, NULL, "type='signal',interface='org.freedesktop.DBus',member='NameOwnerChanged'", match_callback, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add match: %m");
-                goto fail;
-        }
-
-        bus_match_dump(&bus->match_callbacks, 0);
-
-        *_bus = bus;
-        return 0;
-
-fail:
-        sd_bus_unref(bus);
-        return r;
-}
-
-static int server(sd_bus *bus) {
-        int r;
-        bool client1_gone = false, client2_gone = false;
-
-        while (!client1_gone || !client2_gone) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-                pid_t pid = 0;
-                const char *label = NULL;
-
-                r = sd_bus_process(bus, &m);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to process requests: %m");
-                        goto fail;
-                }
-
-                if (r == 0) {
-                        r = sd_bus_wait(bus, (uint64_t) -1);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to wait: %m");
-                                goto fail;
-                        }
-
-                        continue;
-                }
-
-                if (!m)
-                        continue;
-
-                sd_bus_creds_get_pid(sd_bus_message_get_creds(m), &pid);
-                sd_bus_creds_get_selinux_context(sd_bus_message_get_creds(m), &label);
-                log_info("Got message! member=%s pid="PID_FMT" label=%s",
-                         strna(sd_bus_message_get_member(m)),
-                         pid,
-                         strna(label));
-                /* bus_message_dump(m); */
-                /* sd_bus_message_rewind(m, true); */
-
-                if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "LowerCase")) {
-                        const char *hello;
-                        _cleanup_free_ char *lowercase = NULL;
-
-                        r = sd_bus_message_read(m, "s", &hello);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to get parameter: %m");
-                                goto fail;
-                        }
-
-                        lowercase = strdup(hello);
-                        if (!lowercase) {
-                                r = log_oom();
-                                goto fail;
-                        }
-
-                        ascii_strlower(lowercase);
-
-                        r = sd_bus_reply_method_return(m, "s", lowercase);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send reply: %m");
-                                goto fail;
-                        }
-                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "ExitClient1")) {
-
-                        r = sd_bus_reply_method_return(m, NULL);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send reply: %m");
-                                goto fail;
-                        }
-
-                        client1_gone = true;
-                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "ExitClient2")) {
-
-                        r = sd_bus_reply_method_return(m, NULL);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send reply: %m");
-                                goto fail;
-                        }
-
-                        client2_gone = true;
-                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "Slow")) {
-
-                        sleep(1);
-
-                        r = sd_bus_reply_method_return(m, NULL);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send reply: %m");
-                                goto fail;
-                        }
-
-                } else if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "FileDescriptor")) {
-                        int fd;
-                        static const char x = 'X';
-
-                        r = sd_bus_message_read(m, "h", &fd);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to get parameter: %m");
-                                goto fail;
-                        }
-
-                        log_info("Received fd=%d", fd);
-
-                        if (write(fd, &x, 1) < 0) {
-                                log_error_errno(errno, "Failed to write to fd: %m");
-                                safe_close(fd);
-                                goto fail;
-                        }
-
-                        r = sd_bus_reply_method_return(m, NULL);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send reply: %m");
-                                goto fail;
-                        }
-
-                } else if (sd_bus_message_is_method_call(m, NULL, NULL)) {
-
-                        r = sd_bus_reply_method_error(
-                                        m,
-                                        &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_UNKNOWN_METHOD, "Unknown method."));
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send reply: %m");
-                                goto fail;
-                        }
-                }
-        }
-
-        r = 0;
-
-fail:
-        if (bus) {
-                sd_bus_flush(bus);
-                sd_bus_unref(bus);
-        }
-
-        return r;
-}
-
-static void* client1(void*p) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *hello;
-        int r;
-        _cleanup_close_pair_ int pp[2] = { -1, -1 };
-        char x;
-
-        r = sd_bus_open_user(&bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to connect to user bus: %m");
-                goto finish;
-        }
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd.test",
-                        "/",
-                        "org.freedesktop.systemd.test",
-                        "LowerCase",
-                        &error,
-                        &reply,
-                        "s",
-                        "HELLO");
-        if (r < 0) {
-                log_error_errno(r, "Failed to issue method call: %m");
-                goto finish;
-        }
-
-        r = sd_bus_message_read(reply, "s", &hello);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get string: %m");
-                goto finish;
-        }
-
-        assert_se(streq(hello, "hello"));
-
-        if (pipe2(pp, O_CLOEXEC|O_NONBLOCK) < 0) {
-                log_error_errno(errno, "Failed to allocate pipe: %m");
-                r = -errno;
-                goto finish;
-        }
-
-        log_info("Sending fd=%d", pp[1]);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd.test",
-                        "/",
-                        "org.freedesktop.systemd.test",
-                        "FileDescriptor",
-                        &error,
-                        NULL,
-                        "h",
-                        pp[1]);
-        if (r < 0) {
-                log_error_errno(r, "Failed to issue method call: %m");
-                goto finish;
-        }
-
-        errno = 0;
-        if (read(pp[0], &x, 1) <= 0) {
-                log_error("Failed to read from pipe: %s", errno ? strerror(errno) : "early read");
-                goto finish;
-        }
-
-        r = 0;
-
-finish:
-        if (bus) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *q;
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &q,
-                                "org.freedesktop.systemd.test",
-                                "/",
-                                "org.freedesktop.systemd.test",
-                                "ExitClient1");
-                if (r < 0)
-                        log_error_errno(r, "Failed to allocate method call: %m");
-                else
-                        sd_bus_send(bus, q, NULL);
-
-        }
-
-        return INT_TO_PTR(r);
-}
-
-static int quit_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
-        bool *x = userdata;
-
-        log_error("Quit callback: %s", strerror(sd_bus_message_get_errno(m)));
-
-        *x = 1;
-        return 1;
-}
-
-static void* client2(void*p) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        bool quit = false;
-        const char *mid;
-        int r;
-
-        r = sd_bus_open_user(&bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to connect to user bus: %m");
-                goto finish;
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd.test",
-                        "/foo/bar/waldo/piep",
-                        "org.object.test",
-                        "Foobar");
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate method call: %m");
-                goto finish;
-        }
-
-        r = sd_bus_send(bus, m, NULL);
-        if (r < 0) {
-                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
-                goto finish;
-        }
-
-        m = sd_bus_message_unref(m);
-
-        r = sd_bus_message_new_signal(
-                        bus,
-                        &m,
-                        "/foobar",
-                        "foo.bar",
-                        "Notify");
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate signal: %m");
-                goto finish;
-        }
-
-        r = sd_bus_send(bus, m, NULL);
-        if (r < 0) {
-                log_error("Failed to issue signal: %s", bus_error_message(&error, -r));
-                goto finish;
-        }
-
-        m = sd_bus_message_unref(m);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd.test",
-                        "/",
-                        "org.freedesktop.DBus.Peer",
-                        "GetMachineId");
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate method call: %m");
-                goto finish;
-        }
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0) {
-                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
-                goto finish;
-        }
-
-        r = sd_bus_message_read(reply, "s", &mid);
-        if (r < 0) {
-                log_error_errno(r, "Failed to parse machine ID: %m");
-                goto finish;
-        }
-
-        log_info("Machine ID is %s.", mid);
-
-        m = sd_bus_message_unref(m);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd.test",
-                        "/",
-                        "org.freedesktop.systemd.test",
-                        "Slow");
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate method call: %m");
-                goto finish;
-        }
-
-        reply = sd_bus_message_unref(reply);
-
-        r = sd_bus_call(bus, m, 200 * USEC_PER_MSEC, &error, &reply);
-        if (r < 0)
-                log_info("Failed to issue method call: %s", bus_error_message(&error, -r));
-        else
-                log_info("Slow call succeed.");
-
-        m = sd_bus_message_unref(m);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd.test",
-                        "/",
-                        "org.freedesktop.systemd.test",
-                        "Slow");
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate method call: %m");
-                goto finish;
-        }
-
-        r = sd_bus_call_async(bus, NULL, m, quit_callback, &quit, 200 * USEC_PER_MSEC);
-        if (r < 0) {
-                log_info("Failed to issue method call: %s", bus_error_message(&error, -r));
-                goto finish;
-        }
-
-        while (!quit) {
-                r = sd_bus_process(bus, NULL);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to process requests: %m");
-                        goto finish;
-                }
-                if (r == 0) {
-                        r = sd_bus_wait(bus, (uint64_t) -1);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to wait: %m");
-                                goto finish;
-                        }
-                }
-        }
-
-        r = 0;
-
-finish:
-        if (bus) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *q;
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &q,
-                                "org.freedesktop.systemd.test",
-                                "/",
-                                "org.freedesktop.systemd.test",
-                                "ExitClient2");
-                if (r < 0) {
-                        log_error_errno(r, "Failed to allocate method call: %m");
-                        goto finish;
-                }
-
-                (void) sd_bus_send(bus, q, NULL);
-        }
-
-        return INT_TO_PTR(r);
-}
-
-int main(int argc, char *argv[]) {
-        pthread_t c1, c2;
-        sd_bus *bus;
-        void *p;
-        int q, r;
-
-        r = server_init(&bus);
-        if (r < 0) {
-                log_info("Failed to connect to bus, skipping tests.");
-                return EXIT_TEST_SKIP;
-        }
-
-        log_info("Initialized...");
-
-        r = pthread_create(&c1, NULL, client1, bus);
-        if (r != 0)
-                return EXIT_FAILURE;
-
-        r = pthread_create(&c2, NULL, client2, bus);
-        if (r != 0)
-                return EXIT_FAILURE;
-
-        r = server(bus);
-
-        q = pthread_join(c1, &p);
-        if (q != 0)
-                return EXIT_FAILURE;
-        if (PTR_TO_INT(p) < 0)
-                return EXIT_FAILURE;
-
-        q = pthread_join(c2, &p);
-        if (q != 0)
-                return EXIT_FAILURE;
-        if (PTR_TO_INT(p) < 0)
-                return EXIT_FAILURE;
-
-        if (r < 0)
-                return EXIT_FAILURE;
-
-        return EXIT_SUCCESS;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-cleanup.c b/src/libsystemd/sd-bus/test-bus-cleanup.c
deleted file mode 100644
index 250a5b2908..0000000000
--- a/src/libsystemd/sd-bus/test-bus-cleanup.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdio.h>
-
-#include "sd-bus.h"
-
-#include "bus-internal.h"
-#include "bus-message.h"
-#include "bus-util.h"
-#include "refcnt.h"
-
-static void test_bus_new(void) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-
-        assert_se(sd_bus_new(&bus) == 0);
-        printf("after new: refcount %u\n", REFCNT_GET(bus->n_ref));
-}
-
-static int test_bus_open(void) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        r = sd_bus_open_system(&bus);
-        if (r == -ECONNREFUSED || r == -ENOENT)
-                return r;
-
-        assert_se(r >= 0);
-        printf("after open: refcount %u\n", REFCNT_GET(bus->n_ref));
-
-        return 0;
-}
-
-static void test_bus_new_method_call(void) {
-        sd_bus *bus = NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-
-        assert_se(sd_bus_open_system(&bus) >= 0);
-
-        assert_se(sd_bus_message_new_method_call(bus, &m, "a.service.name", "/an/object/path", "an.interface.name", "AMethodName") >= 0);
-
-        printf("after message_new_method_call: refcount %u\n", REFCNT_GET(bus->n_ref));
-
-        sd_bus_flush_close_unref(bus);
-        printf("after bus_flush_close_unref: refcount %u\n", m->n_ref);
-}
-
-static void test_bus_new_signal(void) {
-        sd_bus *bus = NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-
-        assert_se(sd_bus_open_system(&bus) >= 0);
-
-        assert_se(sd_bus_message_new_signal(bus, &m, "/an/object/path", "an.interface.name", "Name") >= 0);
-
-        printf("after message_new_signal: refcount %u\n", REFCNT_GET(bus->n_ref));
-
-        sd_bus_flush_close_unref(bus);
-        printf("after bus_flush_close_unref: refcount %u\n", m->n_ref);
-}
-
-int main(int argc, char **argv) {
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        test_bus_new();
-        r = test_bus_open();
-        if (r < 0) {
-                log_info("Failed to connect to bus, skipping tests.");
-                return EXIT_TEST_SKIP;
-        }
-
-        test_bus_new_method_call();
-        test_bus_new_signal();
-
-        return EXIT_SUCCESS;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-creds.c b/src/libsystemd/sd-bus/test-bus-creds.c
deleted file mode 100644
index e9ef483bdd..0000000000
--- a/src/libsystemd/sd-bus/test-bus-creds.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "bus-dump.h"
-#include "bus-util.h"
-#include "cgroup-util.h"
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        int r;
-
-        if (cg_unified() == -ENOMEDIUM) {
-                puts("Skipping test: /sys/fs/cgroup/ not available");
-                return EXIT_TEST_SKIP;
-        }
-
-        r = sd_bus_creds_new_from_pid(&creds, 0, _SD_BUS_CREDS_ALL);
-        assert_se(r >= 0);
-
-        bus_creds_dump(creds, NULL, true);
-
-        creds = sd_bus_creds_unref(creds);
-
-        r = sd_bus_creds_new_from_pid(&creds, 1, _SD_BUS_CREDS_ALL);
-        if (r != -EACCES) {
-                assert_se(r >= 0);
-                putchar('\n');
-                bus_creds_dump(creds, NULL, true);
-        }
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-error.c b/src/libsystemd/sd-bus/test-bus-error.c
deleted file mode 100644
index 66a3874f10..0000000000
--- a/src/libsystemd/sd-bus/test-bus-error.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "errno-list.h"
-
-static void test_error(void) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL, second = SD_BUS_ERROR_NULL;
-        const sd_bus_error const_error = SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_FILE_EXISTS, "const error");
-        const sd_bus_error temporarily_const_error = {
-                .name = SD_BUS_ERROR_ACCESS_DENIED,
-                .message = "oh! no",
-                ._need_free = -1
-        };
-
-        assert_se(!sd_bus_error_is_set(&error));
-        assert_se(sd_bus_error_set(&error, SD_BUS_ERROR_NOT_SUPPORTED, "xxx") == -EOPNOTSUPP);
-        assert_se(streq(error.name, SD_BUS_ERROR_NOT_SUPPORTED));
-        assert_se(streq(error.message, "xxx"));
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_NOT_SUPPORTED));
-        assert_se(sd_bus_error_get_errno(&error) == EOPNOTSUPP);
-        assert_se(sd_bus_error_is_set(&error));
-        sd_bus_error_free(&error);
-
-        /* Check with no error */
-        assert_se(!sd_bus_error_is_set(&error));
-        assert_se(sd_bus_error_setf(&error, NULL, "yyy %i", -1) == 0);
-        assert_se(error.name == NULL);
-        assert_se(error.message == NULL);
-        assert_se(!sd_bus_error_has_name(&error, SD_BUS_ERROR_FILE_NOT_FOUND));
-        assert_se(sd_bus_error_get_errno(&error) == 0);
-        assert_se(!sd_bus_error_is_set(&error));
-
-        assert_se(sd_bus_error_setf(&error, SD_BUS_ERROR_FILE_NOT_FOUND, "yyy %i", -1) == -ENOENT);
-        assert_se(streq(error.name, SD_BUS_ERROR_FILE_NOT_FOUND));
-        assert_se(streq(error.message, "yyy -1"));
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_FILE_NOT_FOUND));
-        assert_se(sd_bus_error_get_errno(&error) == ENOENT);
-        assert_se(sd_bus_error_is_set(&error));
-
-        assert_se(!sd_bus_error_is_set(&second));
-        assert_se(second._need_free == 0);
-        assert_se(error._need_free > 0);
-        assert_se(sd_bus_error_copy(&second, &error) == -ENOENT);
-        assert_se(second._need_free > 0);
-        assert_se(streq(error.name, second.name));
-        assert_se(streq(error.message, second.message));
-        assert_se(sd_bus_error_get_errno(&second) == ENOENT);
-        assert_se(sd_bus_error_has_name(&second, SD_BUS_ERROR_FILE_NOT_FOUND));
-        assert_se(sd_bus_error_is_set(&second));
-
-        sd_bus_error_free(&error);
-        sd_bus_error_free(&second);
-
-        assert_se(!sd_bus_error_is_set(&second));
-        assert_se(const_error._need_free == 0);
-        assert_se(sd_bus_error_copy(&second, &const_error) == -EEXIST);
-        assert_se(second._need_free == 0);
-        assert_se(streq(const_error.name, second.name));
-        assert_se(streq(const_error.message, second.message));
-        assert_se(sd_bus_error_get_errno(&second) == EEXIST);
-        assert_se(sd_bus_error_has_name(&second, SD_BUS_ERROR_FILE_EXISTS));
-        assert_se(sd_bus_error_is_set(&second));
-        sd_bus_error_free(&second);
-
-        assert_se(!sd_bus_error_is_set(&second));
-        assert_se(temporarily_const_error._need_free < 0);
-        assert_se(sd_bus_error_copy(&second, &temporarily_const_error) == -EACCES);
-        assert_se(second._need_free > 0);
-        assert_se(streq(temporarily_const_error.name, second.name));
-        assert_se(streq(temporarily_const_error.message, second.message));
-        assert_se(sd_bus_error_get_errno(&second) == EACCES);
-        assert_se(sd_bus_error_has_name(&second, SD_BUS_ERROR_ACCESS_DENIED));
-        assert_se(sd_bus_error_is_set(&second));
-
-        assert_se(!sd_bus_error_is_set(&error));
-        assert_se(sd_bus_error_set_const(&error, "System.Error.EUCLEAN", "Hallo") == -EUCLEAN);
-        assert_se(streq(error.name, "System.Error.EUCLEAN"));
-        assert_se(streq(error.message, "Hallo"));
-        assert_se(sd_bus_error_has_name(&error, "System.Error.EUCLEAN"));
-        assert_se(sd_bus_error_get_errno(&error) == EUCLEAN);
-        assert_se(sd_bus_error_is_set(&error));
-        sd_bus_error_free(&error);
-
-        assert_se(!sd_bus_error_is_set(&error));
-        assert_se(sd_bus_error_set_errno(&error, EBUSY) == -EBUSY);
-        assert_se(streq(error.name, "System.Error.EBUSY"));
-        assert_se(streq(error.message, strerror(EBUSY)));
-        assert_se(sd_bus_error_has_name(&error, "System.Error.EBUSY"));
-        assert_se(sd_bus_error_get_errno(&error) == EBUSY);
-        assert_se(sd_bus_error_is_set(&error));
-        sd_bus_error_free(&error);
-
-        assert_se(!sd_bus_error_is_set(&error));
-        assert_se(sd_bus_error_set_errnof(&error, EIO, "Waldi %c", 'X') == -EIO);
-        assert_se(streq(error.name, SD_BUS_ERROR_IO_ERROR));
-        assert_se(streq(error.message, "Waldi X"));
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_IO_ERROR));
-        assert_se(sd_bus_error_get_errno(&error) == EIO);
-        assert_se(sd_bus_error_is_set(&error));
-        sd_bus_error_free(&error);
-
-        /* Check with no error */
-        assert_se(!sd_bus_error_is_set(&error));
-        assert_se(sd_bus_error_set_errnof(&error, 0, "Waldi %c", 'X') == 0);
-        assert_se(error.name == NULL);
-        assert_se(error.message == NULL);
-        assert_se(!sd_bus_error_has_name(&error, SD_BUS_ERROR_IO_ERROR));
-        assert_se(sd_bus_error_get_errno(&error) == 0);
-        assert_se(!sd_bus_error_is_set(&error));
-}
-
-extern const sd_bus_error_map __start_BUS_ERROR_MAP[];
-extern const sd_bus_error_map __stop_BUS_ERROR_MAP[];
-
-static void dump_mapping_table(void) {
-        const sd_bus_error_map *m;
-
-        printf("----- errno mappings ------\n");
-        m = __start_BUS_ERROR_MAP;
-        while (m < __stop_BUS_ERROR_MAP) {
-
-                if (m->code == BUS_ERROR_MAP_END_MARKER) {
-                        m = ALIGN8_PTR(m+1);
-                        continue;
-                }
-
-                printf("%s -> %i/%s\n", strna(m->name), m->code, strna(errno_to_name(m->code)));
-                m++;
-        }
-        printf("---------------------------\n");
-}
-
-static void test_errno_mapping_standard(void) {
-        assert_se(sd_bus_error_set(NULL, "System.Error.EUCLEAN", NULL) == -EUCLEAN);
-        assert_se(sd_bus_error_set(NULL, "System.Error.EBUSY", NULL) == -EBUSY);
-        assert_se(sd_bus_error_set(NULL, "System.Error.EINVAL", NULL) == -EINVAL);
-        assert_se(sd_bus_error_set(NULL, "System.Error.WHATSIT", NULL) == -EIO);
-}
-
-BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map test_errors[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error", 5),
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-2", 52),
-        SD_BUS_ERROR_MAP_END
-};
-
-BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map test_errors2[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-3", 33),
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-4", 44),
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-33", 333),
-        SD_BUS_ERROR_MAP_END
-};
-
-static const sd_bus_error_map test_errors3[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-88", 888),
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-99", 999),
-        SD_BUS_ERROR_MAP_END
-};
-
-static const sd_bus_error_map test_errors4[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-77", 777),
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-78", 778),
-        SD_BUS_ERROR_MAP_END
-};
-
-static const sd_bus_error_map test_errors_bad1[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-1", 0),
-        SD_BUS_ERROR_MAP_END
-};
-
-static const sd_bus_error_map test_errors_bad2[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.custom-dbus-error-1", -1),
-        SD_BUS_ERROR_MAP_END
-};
-
-static void test_errno_mapping_custom(void) {
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error", NULL) == -5);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-2", NULL) == -52);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-x", NULL) == -EIO);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-33", NULL) == -333);
-
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-88", NULL) == -EIO);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-99", NULL) == -EIO);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-77", NULL) == -EIO);
-
-        assert_se(sd_bus_error_add_map(test_errors3) > 0);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-88", NULL) == -888);
-        assert_se(sd_bus_error_add_map(test_errors4) > 0);
-        assert_se(sd_bus_error_add_map(test_errors4) == 0);
-        assert_se(sd_bus_error_add_map(test_errors3) == 0);
-
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-99", NULL) == -999);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-77", NULL) == -777);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-78", NULL) == -778);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-2", NULL) == -52);
-        assert_se(sd_bus_error_set(NULL, "org.freedesktop.custom-dbus-error-y", NULL) == -EIO);
-
-        assert_se(sd_bus_error_set(NULL, BUS_ERROR_NO_SUCH_UNIT, NULL) == -ENOENT);
-
-        assert_se(sd_bus_error_add_map(test_errors_bad1) == -EINVAL);
-        assert_se(sd_bus_error_add_map(test_errors_bad2) == -EINVAL);
-}
-
-int main(int argc, char *argv[]) {
-        dump_mapping_table();
-
-        test_error();
-        test_errno_mapping_standard();
-        test_errno_mapping_custom();
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-gvariant.c b/src/libsystemd/sd-bus/test-bus-gvariant.c
deleted file mode 100644
index 83f114a0fe..0000000000
--- a/src/libsystemd/sd-bus/test-bus-gvariant.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#ifdef HAVE_GLIB
-#include <glib.h>
-#endif
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-dump.h"
-#include "bus-gvariant.h"
-#include "bus-internal.h"
-#include "bus-message.h"
-#include "bus-util.h"
-#include "macro.h"
-#include "util.h"
-
-static void test_bus_gvariant_is_fixed_size(void) {
-        assert_se(bus_gvariant_is_fixed_size("") > 0);
-        assert_se(bus_gvariant_is_fixed_size("()") > 0);
-        assert_se(bus_gvariant_is_fixed_size("y") > 0);
-        assert_se(bus_gvariant_is_fixed_size("u") > 0);
-        assert_se(bus_gvariant_is_fixed_size("b") > 0);
-        assert_se(bus_gvariant_is_fixed_size("n") > 0);
-        assert_se(bus_gvariant_is_fixed_size("q") > 0);
-        assert_se(bus_gvariant_is_fixed_size("i") > 0);
-        assert_se(bus_gvariant_is_fixed_size("t") > 0);
-        assert_se(bus_gvariant_is_fixed_size("d") > 0);
-        assert_se(bus_gvariant_is_fixed_size("s") == 0);
-        assert_se(bus_gvariant_is_fixed_size("o") == 0);
-        assert_se(bus_gvariant_is_fixed_size("g") == 0);
-        assert_se(bus_gvariant_is_fixed_size("h") > 0);
-        assert_se(bus_gvariant_is_fixed_size("ay") == 0);
-        assert_se(bus_gvariant_is_fixed_size("v") == 0);
-        assert_se(bus_gvariant_is_fixed_size("(u)") > 0);
-        assert_se(bus_gvariant_is_fixed_size("(uuuuy)") > 0);
-        assert_se(bus_gvariant_is_fixed_size("(uusuuy)") == 0);
-        assert_se(bus_gvariant_is_fixed_size("a{ss}") == 0);
-        assert_se(bus_gvariant_is_fixed_size("((u)yyy(b(iiii)))") > 0);
-        assert_se(bus_gvariant_is_fixed_size("((u)yyy(b(iiivi)))") == 0);
-}
-
-static void test_bus_gvariant_get_size(void) {
-        assert_se(bus_gvariant_get_size("") == 0);
-        assert_se(bus_gvariant_get_size("()") == 1);
-        assert_se(bus_gvariant_get_size("y") == 1);
-        assert_se(bus_gvariant_get_size("u") == 4);
-        assert_se(bus_gvariant_get_size("b") == 1);
-        assert_se(bus_gvariant_get_size("n") == 2);
-        assert_se(bus_gvariant_get_size("q") == 2);
-        assert_se(bus_gvariant_get_size("i") == 4);
-        assert_se(bus_gvariant_get_size("t") == 8);
-        assert_se(bus_gvariant_get_size("d") == 8);
-        assert_se(bus_gvariant_get_size("s") < 0);
-        assert_se(bus_gvariant_get_size("o") < 0);
-        assert_se(bus_gvariant_get_size("g") < 0);
-        assert_se(bus_gvariant_get_size("h") == 4);
-        assert_se(bus_gvariant_get_size("ay") < 0);
-        assert_se(bus_gvariant_get_size("v") < 0);
-        assert_se(bus_gvariant_get_size("(u)") == 4);
-        assert_se(bus_gvariant_get_size("(uuuuy)") == 20);
-        assert_se(bus_gvariant_get_size("(uusuuy)") < 0);
-        assert_se(bus_gvariant_get_size("a{ss}") < 0);
-        assert_se(bus_gvariant_get_size("((u)yyy(b(iiii)))") == 28);
-        assert_se(bus_gvariant_get_size("((u)yyy(b(iiivi)))") < 0);
-        assert_se(bus_gvariant_get_size("((b)(t))") == 16);
-        assert_se(bus_gvariant_get_size("((b)(b)(t))") == 16);
-        assert_se(bus_gvariant_get_size("(bt)") == 16);
-        assert_se(bus_gvariant_get_size("((t)(b))") == 16);
-        assert_se(bus_gvariant_get_size("(tb)") == 16);
-        assert_se(bus_gvariant_get_size("((b)(b))") == 2);
-        assert_se(bus_gvariant_get_size("((t)(t))") == 16);
-}
-
-static void test_bus_gvariant_get_alignment(void) {
-        assert_se(bus_gvariant_get_alignment("") == 1);
-        assert_se(bus_gvariant_get_alignment("()") == 1);
-        assert_se(bus_gvariant_get_alignment("y") == 1);
-        assert_se(bus_gvariant_get_alignment("b") == 1);
-        assert_se(bus_gvariant_get_alignment("u") == 4);
-        assert_se(bus_gvariant_get_alignment("s") == 1);
-        assert_se(bus_gvariant_get_alignment("o") == 1);
-        assert_se(bus_gvariant_get_alignment("g") == 1);
-        assert_se(bus_gvariant_get_alignment("v") == 8);
-        assert_se(bus_gvariant_get_alignment("h") == 4);
-        assert_se(bus_gvariant_get_alignment("i") == 4);
-        assert_se(bus_gvariant_get_alignment("t") == 8);
-        assert_se(bus_gvariant_get_alignment("x") == 8);
-        assert_se(bus_gvariant_get_alignment("q") == 2);
-        assert_se(bus_gvariant_get_alignment("n") == 2);
-        assert_se(bus_gvariant_get_alignment("d") == 8);
-        assert_se(bus_gvariant_get_alignment("ay") == 1);
-        assert_se(bus_gvariant_get_alignment("as") == 1);
-        assert_se(bus_gvariant_get_alignment("au") == 4);
-        assert_se(bus_gvariant_get_alignment("an") == 2);
-        assert_se(bus_gvariant_get_alignment("ans") == 2);
-        assert_se(bus_gvariant_get_alignment("ant") == 8);
-        assert_se(bus_gvariant_get_alignment("(ss)") == 1);
-        assert_se(bus_gvariant_get_alignment("(ssu)") == 4);
-        assert_se(bus_gvariant_get_alignment("a(ssu)") == 4);
-        assert_se(bus_gvariant_get_alignment("(u)") == 4);
-        assert_se(bus_gvariant_get_alignment("(uuuuy)") == 4);
-        assert_se(bus_gvariant_get_alignment("(uusuuy)") == 4);
-        assert_se(bus_gvariant_get_alignment("a{ss}") == 1);
-        assert_se(bus_gvariant_get_alignment("((u)yyy(b(iiii)))") == 4);
-        assert_se(bus_gvariant_get_alignment("((u)yyy(b(iiivi)))") == 8);
-        assert_se(bus_gvariant_get_alignment("((b)(t))") == 8);
-        assert_se(bus_gvariant_get_alignment("((b)(b)(t))") == 8);
-        assert_se(bus_gvariant_get_alignment("(bt)") == 8);
-        assert_se(bus_gvariant_get_alignment("((t)(b))") == 8);
-        assert_se(bus_gvariant_get_alignment("(tb)") == 8);
-        assert_se(bus_gvariant_get_alignment("((b)(b))") == 1);
-        assert_se(bus_gvariant_get_alignment("((t)(t))") == 8);
-}
-
-static void test_marshal(void) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *n = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_free_ void *blob;
-        size_t sz;
-        int r;
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                exit(EXIT_TEST_SKIP);
-
-        bus->message_version = 2; /* dirty hack to enable gvariant */
-
-        assert_se(sd_bus_message_new_method_call(bus, &m, "a.service.name", "/an/object/path/which/is/really/really/long/so/that/we/hit/the/eight/bit/boundary/by/quite/some/margin/to/test/this/stuff/that/it/really/works", "an.interface.name", "AMethodName") >= 0);
-
-        assert_cc(sizeof(struct bus_header) == 16);
-
-        assert_se(sd_bus_message_append(m,
-                                        "a(usv)", 3,
-                                        4711, "first-string-parameter", "(st)", "X", (uint64_t) 1111,
-                                        4712, "second-string-parameter", "(a(si))", 2, "Y", 5, "Z", 6,
-                                        4713, "third-string-parameter", "(uu)", 1, 2) >= 0);
-
-        assert_se(bus_message_seal(m, 4711, 0) >= 0);
-
-#ifdef HAVE_GLIB
-        {
-                GVariant *v;
-                char *t;
-
-#if !defined(GLIB_VERSION_2_36)
-                g_type_init();
-#endif
-
-                v = g_variant_new_from_data(G_VARIANT_TYPE("(yyyyuta{tv})"), m->header, sizeof(struct bus_header) + m->fields_size, false, NULL, NULL);
-                assert_se(g_variant_is_normal_form(v));
-                t = g_variant_print(v, TRUE);
-                printf("%s\n", t);
-                g_free(t);
-                g_variant_unref(v);
-
-                v = g_variant_new_from_data(G_VARIANT_TYPE("(a(usv))"), m->body.data, m->user_body_size, false, NULL, NULL);
-                assert_se(g_variant_is_normal_form(v));
-                t = g_variant_print(v, TRUE);
-                printf("%s\n", t);
-                g_free(t);
-                g_variant_unref(v);
-        }
-#endif
-
-        assert_se(bus_message_dump(m, NULL, BUS_MESSAGE_DUMP_WITH_HEADER) >= 0);
-
-        assert_se(bus_message_get_blob(m, &blob, &sz) >= 0);
-
-#ifdef HAVE_GLIB
-        {
-                GVariant *v;
-                char *t;
-
-                v = g_variant_new_from_data(G_VARIANT_TYPE("(yyyyuta{tv}v)"), blob, sz, false, NULL, NULL);
-                assert_se(g_variant_is_normal_form(v));
-                t = g_variant_print(v, TRUE);
-                printf("%s\n", t);
-                g_free(t);
-                g_variant_unref(v);
-        }
-#endif
-
-        assert_se(bus_message_from_malloc(bus, blob, sz, NULL, 0, NULL, &n) >= 0);
-        blob = NULL;
-
-        assert_se(bus_message_dump(n, NULL, BUS_MESSAGE_DUMP_WITH_HEADER) >= 0);
-
-        m = sd_bus_message_unref(m);
-
-        assert_se(sd_bus_message_new_method_call(bus, &m, "a.x", "/a/x", "a.x", "Ax") >= 0);
-
-        assert_se(sd_bus_message_append(m, "as", 0) >= 0);
-
-        assert_se(bus_message_seal(m, 4712, 0) >= 0);
-        assert_se(bus_message_dump(m, NULL, BUS_MESSAGE_DUMP_WITH_HEADER) >= 0);
-}
-
-int main(int argc, char *argv[]) {
-
-        test_bus_gvariant_is_fixed_size();
-        test_bus_gvariant_get_size();
-        test_bus_gvariant_get_alignment();
-        test_marshal();
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-kernel-bloom.c b/src/libsystemd/sd-bus/test-bus-kernel-bloom.c
deleted file mode 100644
index eb6179d7d2..0000000000
--- a/src/libsystemd/sd-bus/test-bus-kernel-bloom.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-kernel.h"
-#include "bus-util.h"
-#include "fd-util.h"
-#include "log.h"
-#include "util.h"
-
-static int test_match(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
-        int *found = userdata;
-
-        *found = 1;
-
-        return 0;
-}
-
-static void test_one(
-                const char *path,
-                const char *interface,
-                const char *member,
-                bool as_list,
-                const char *arg0,
-                const char *match,
-                bool good) {
-
-        _cleanup_close_ int bus_ref = -1;
-        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        sd_bus *a, *b;
-        int r, found = 0;
-
-        assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
-
-        bus_ref = bus_kernel_create_bus(name, false, &bus_name);
-        if (bus_ref == -ENOENT)
-                exit(EXIT_TEST_SKIP);
-
-        assert_se(bus_ref >= 0);
-
-        address = strappend("kernel:path=", bus_name);
-        assert_se(address);
-
-        r = sd_bus_new(&a);
-        assert_se(r >= 0);
-
-        r = sd_bus_new(&b);
-        assert_se(r >= 0);
-
-        r = sd_bus_set_address(a, address);
-        assert_se(r >= 0);
-
-        r = sd_bus_set_address(b, address);
-        assert_se(r >= 0);
-
-        r = sd_bus_start(a);
-        assert_se(r >= 0);
-
-        r = sd_bus_start(b);
-        assert_se(r >= 0);
-
-        log_debug("match");
-        r = sd_bus_add_match(b, NULL, match, test_match, &found);
-        assert_se(r >= 0);
-
-        log_debug("signal");
-
-        if (as_list)
-                r = sd_bus_emit_signal(a, path, interface, member, "as", 1, arg0);
-        else
-                r = sd_bus_emit_signal(a, path, interface, member, "s", arg0);
-        assert_se(r >= 0);
-
-        r = sd_bus_process(b, &m);
-        assert_se(r >= 0 && good == !!found);
-
-        sd_bus_unref(a);
-        sd_bus_unref(b);
-}
-
-int main(int argc, char *argv[]) {
-        log_set_max_level(LOG_DEBUG);
-
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo/tuut'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "interface='waldo.com'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "member='Piep'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "member='Pi_ep'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "arg0='foobar'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "arg0='foo_bar'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0='foobar'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0='foo_bar'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0has='foobar'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", true, "foobar", "arg0has='foo_bar'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo',interface='waldo.com',member='Piep',arg0='foobar'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo',interface='waldo.com',member='Piep',arg0='foobar2'", false);
-
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo/quux'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/bar/waldo'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/bar'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/quux'", false);
-        test_one("/", "waldo.com", "Piep", false, "foobar", "path_namespace='/'", true);
-
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo/'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/bar/waldo/'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/'", true);
-
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo/bar/waldo", "arg0path='/foo/'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo", "arg0path='/foo'", true);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo", "arg0path='/foo/bar/waldo'", false);
-        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo/", "arg0path='/foo/bar/waldo'", true);
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-kernel.c b/src/libsystemd/sd-bus/test-bus-kernel.c
deleted file mode 100644
index 2214817312..0000000000
--- a/src/libsystemd/sd-bus/test-bus-kernel.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-dump.h"
-#include "bus-kernel.h"
-#include "bus-util.h"
-#include "fd-util.h"
-#include "log.h"
-#include "util.h"
-
-int main(int argc, char *argv[]) {
-        _cleanup_close_ int bus_ref = -1;
-        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL, *bname = NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *ua = NULL, *ub = NULL, *the_string = NULL;
-        sd_bus *a, *b;
-        int r, pipe_fds[2];
-        const char *nn;
-
-        log_set_max_level(LOG_DEBUG);
-
-        assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
-
-        bus_ref = bus_kernel_create_bus(name, false, &bus_name);
-        if (bus_ref == -ENOENT)
-                return EXIT_TEST_SKIP;
-
-        assert_se(bus_ref >= 0);
-
-        address = strappend("kernel:path=", bus_name);
-        assert_se(address);
-
-        r = sd_bus_new(&a);
-        assert_se(r >= 0);
-
-        r = sd_bus_new(&b);
-        assert_se(r >= 0);
-
-        r = sd_bus_set_description(a, "a");
-        assert_se(r >= 0);
-
-        r = sd_bus_set_address(a, address);
-        assert_se(r >= 0);
-
-        r = sd_bus_set_address(b, address);
-        assert_se(r >= 0);
-
-        assert_se(sd_bus_negotiate_timestamp(a, 1) >= 0);
-        assert_se(sd_bus_negotiate_creds(a, true, _SD_BUS_CREDS_ALL) >= 0);
-
-        assert_se(sd_bus_negotiate_timestamp(b, 0) >= 0);
-        assert_se(sd_bus_negotiate_creds(b, true, 0) >= 0);
-
-        r = sd_bus_start(a);
-        assert_se(r >= 0);
-
-        r = sd_bus_start(b);
-        assert_se(r >= 0);
-
-        assert_se(sd_bus_negotiate_timestamp(b, 1) >= 0);
-        assert_se(sd_bus_negotiate_creds(b, true, _SD_BUS_CREDS_ALL) >= 0);
-
-        r = sd_bus_get_unique_name(a, &ua);
-        assert_se(r >= 0);
-        printf("unique a: %s\n", ua);
-
-        r = sd_bus_get_description(a, &nn);
-        assert_se(r >= 0);
-        printf("name of a: %s\n", nn);
-
-        r = sd_bus_get_unique_name(b, &ub);
-        assert_se(r >= 0);
-        printf("unique b: %s\n", ub);
-
-        r = sd_bus_get_description(b, &nn);
-        assert_se(r >= 0);
-        printf("name of b: %s\n", nn);
-
-        assert_se(bus_kernel_get_bus_name(b, &bname) >= 0);
-        assert_se(endswith(bname, name));
-
-        r = sd_bus_call_method(a, "this.doesnt.exist", "/foo", "meh.mah", "muh", &error, NULL, "s", "yayayay");
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_SERVICE_UNKNOWN));
-        assert_se(r == -EHOSTUNREACH);
-
-        r = sd_bus_add_match(b, NULL, "interface='waldo.com',member='Piep'", NULL, NULL);
-        assert_se(r >= 0);
-
-        r = sd_bus_emit_signal(a, "/foo/bar/waldo", "waldo.com", "Piep", "sss", "I am a string", "/this/is/a/path", "and.this.a.domain.name");
-        assert_se(r >= 0);
-
-        r = sd_bus_try_close(b);
-        assert_se(r == -EBUSY);
-
-        r = sd_bus_process_priority(b, -10, &m);
-        assert_se(r == 0);
-
-        r = sd_bus_process(b, &m);
-        assert_se(r > 0);
-        assert_se(m);
-
-        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-        assert_se(sd_bus_message_rewind(m, true) >= 0);
-
-        r = sd_bus_message_read(m, "s", &the_string);
-        assert_se(r >= 0);
-        assert_se(streq(the_string, "I am a string"));
-
-        sd_bus_message_unref(m);
-        m = NULL;
-
-        r = sd_bus_request_name(a, "net.x0pointer.foobar", 0);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_new_method_call(b, &m, "net.x0pointer.foobar", "/a/path", "an.inter.face", "AMethod");
-        assert_se(r >= 0);
-
-        assert_se(pipe2(pipe_fds, O_CLOEXEC) >= 0);
-
-        assert_se(write(pipe_fds[1], "x", 1) == 1);
-
-        pipe_fds[1] = safe_close(pipe_fds[1]);
-
-        r = sd_bus_message_append(m, "h", pipe_fds[0]);
-        assert_se(r >= 0);
-
-        pipe_fds[0] = safe_close(pipe_fds[0]);
-
-        r = sd_bus_send(b, m, NULL);
-        assert_se(r >= 0);
-
-        for (;;) {
-                sd_bus_message_unref(m);
-                m = NULL;
-                r = sd_bus_process(a, &m);
-                assert_se(r > 0);
-                assert_se(m);
-
-                bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-                assert_se(sd_bus_message_rewind(m, true) >= 0);
-
-                if (sd_bus_message_is_method_call(m, "an.inter.face", "AMethod")) {
-                        int fd;
-                        char x;
-
-                        r = sd_bus_message_read(m, "h", &fd);
-                        assert_se(r >= 0);
-
-                        assert_se(read(fd, &x, 1) == 1);
-                        assert_se(x == 'x');
-                        break;
-                }
-        }
-
-        r = sd_bus_release_name(a, "net.x0pointer.foobar");
-        assert_se(r >= 0);
-
-        r = sd_bus_release_name(a, "net.x0pointer.foobar");
-        assert_se(r == -ESRCH);
-
-        r = sd_bus_try_close(a);
-        assert_se(r >= 0);
-
-        sd_bus_unref(a);
-        sd_bus_unref(b);
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-marshal.c b/src/libsystemd/sd-bus/test-bus-marshal.c
deleted file mode 100644
index a28cc5b79e..0000000000
--- a/src/libsystemd/sd-bus/test-bus-marshal.c
+++ /dev/null
@@ -1,432 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <math.h>
-#include <stdlib.h>
-
-#ifdef HAVE_GLIB
-#include <gio/gio.h>
-#endif
-
-#ifdef HAVE_DBUS
-#include <dbus/dbus.h>
-#endif
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-dump.h"
-#include "bus-label.h"
-#include "bus-message.h"
-#include "bus-util.h"
-#include "fd-util.h"
-#include "hexdecoct.h"
-#include "log.h"
-#include "util.h"
-
-static void test_bus_path_encode_unique(void) {
-        _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL;
-
-        assert_se(bus_path_encode_unique(NULL, "/foo/bar", "some.sender", "a.suffix", &a) >= 0 && streq_ptr(a, "/foo/bar/some_2esender/a_2esuffix"));
-        assert_se(bus_path_decode_unique(a, "/foo/bar", &b, &c) > 0 && streq_ptr(b, "some.sender") && streq_ptr(c, "a.suffix"));
-        assert_se(bus_path_decode_unique(a, "/bar/foo", &d, &d) == 0 && !d);
-        assert_se(bus_path_decode_unique("/foo/bar/onlyOneSuffix", "/foo/bar", &d, &d) == 0 && !d);
-        assert_se(bus_path_decode_unique("/foo/bar/_/_", "/foo/bar", &d, &e) > 0 && streq_ptr(d, "") && streq_ptr(e, ""));
-}
-
-static void test_bus_path_encode(void) {
-        _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *f = NULL;
-
-        assert_se(sd_bus_path_encode("/foo/bar", "waldo", &a) >= 0 && streq(a, "/foo/bar/waldo"));
-        assert_se(sd_bus_path_decode(a, "/waldo", &b) == 0 && b == NULL);
-        assert_se(sd_bus_path_decode(a, "/foo/bar", &b) > 0 && streq(b, "waldo"));
-
-        assert_se(sd_bus_path_encode("xxxx", "waldo", &c) < 0);
-        assert_se(sd_bus_path_encode("/foo/", "waldo", &c) < 0);
-
-        assert_se(sd_bus_path_encode("/foo/bar", "", &c) >= 0 && streq(c, "/foo/bar/_"));
-        assert_se(sd_bus_path_decode(c, "/foo/bar", &d) > 0 && streq(d, ""));
-
-        assert_se(sd_bus_path_encode("/foo/bar", "foo.bar", &e) >= 0 && streq(e, "/foo/bar/foo_2ebar"));
-        assert_se(sd_bus_path_decode(e, "/foo/bar", &f) > 0 && streq(f, "foo.bar"));
-}
-
-static void test_bus_path_encode_many(void) {
-        _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *f = NULL;
-
-        assert_se(sd_bus_path_decode_many("/foo/bar", "/prefix/%", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/prefix/bar", "/prefix/%bar", NULL) == 1);
-        assert_se(sd_bus_path_decode_many("/foo/bar", "/prefix/%/suffix", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/prefix/foobar/suffix", "/prefix/%/suffix", &a) == 1 && streq_ptr(a, "foobar"));
-        assert_se(sd_bus_path_decode_many("/prefix/one_foo_two/mid/three_bar_four/suffix", "/prefix/one_%_two/mid/three_%_four/suffix", &b, &c) == 1 && streq_ptr(b, "foo") && streq_ptr(c, "bar"));
-        assert_se(sd_bus_path_decode_many("/prefix/one_foo_two/mid/three_bar_four/suffix", "/prefix/one_%_two/mid/three_%_four/suffix", NULL, &d) == 1 && streq_ptr(d, "bar"));
-
-        assert_se(sd_bus_path_decode_many("/foo/bar", "/foo/bar/%", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/bar%", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/bar", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%bar", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/bar/suffix") == 1);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%%/suffix", NULL, NULL) == 0); /* multiple '%' are treated verbatim */
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/suffi", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/suffix", &e) == 1 && streq_ptr(e, "bar"));
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/foo/%/%", NULL, NULL) == 1);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/%/%", NULL, NULL, NULL) == 1);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "%/%/%", NULL, NULL, NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/%", NULL, NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/%/", NULL, NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%/", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "/%", NULL) == 0);
-        assert_se(sd_bus_path_decode_many("/foo/bar/suffix", "%", NULL) == 0);
-
-        assert_se(sd_bus_path_encode_many(&f, "/prefix/one_%_two/mid/three_%_four/suffix", "foo", "bar") >= 0 && streq_ptr(f, "/prefix/one_foo_two/mid/three_bar_four/suffix"));
-}
-
-static void test_bus_label_escape_one(const char *a, const char *b) {
-        _cleanup_free_ char *t = NULL, *x = NULL, *y = NULL;
-
-        assert_se(t = bus_label_escape(a));
-        assert_se(streq(t, b));
-
-        assert_se(x = bus_label_unescape(t));
-        assert_se(streq(a, x));
-
-        assert_se(y = bus_label_unescape(b));
-        assert_se(streq(a, y));
-}
-
-static void test_bus_label_escape(void) {
-        test_bus_label_escape_one("foo123bar", "foo123bar");
-        test_bus_label_escape_one("foo.bar", "foo_2ebar");
-        test_bus_label_escape_one("foo_2ebar", "foo_5f2ebar");
-        test_bus_label_escape_one("", "_");
-        test_bus_label_escape_one("_", "_5f");
-        test_bus_label_escape_one("1", "_31");
-        test_bus_label_escape_one(":1", "_3a1");
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *copy = NULL;
-        int r, boolean;
-        const char *x, *x2, *y, *z, *a, *b, *c, *d, *a_signature;
-        uint8_t u, v;
-        void *buffer = NULL;
-        size_t sz;
-        char *h;
-        const int32_t integer_array[] = { -1, -2, 0, 1, 2 }, *return_array;
-        char *s;
-        _cleanup_free_ char *first = NULL, *second = NULL, *third = NULL;
-        _cleanup_fclose_ FILE *ms = NULL;
-        size_t first_size = 0, second_size = 0, third_size = 0;
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        double dbl;
-        uint64_t u64;
-
-        r = sd_bus_default_system(&bus);
-        if (r < 0)
-                return EXIT_TEST_SKIP;
-
-        r = sd_bus_message_new_method_call(bus, &m, "foobar.waldo", "/", "foobar.waldo", "Piep");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "s", "a string");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "s", NULL);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "asg", 2, "string #1", "string #2", "sba(tt)ss");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "sass", "foobar", 5, "foo", "bar", "waldo", "piep", "pap", "after");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "a{yv}", 2, 3, "s", "foo", 5, "s", "waldo");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "y(ty)y(yt)y", 8, 777ULL, 7, 9, 77, 7777ULL, 10);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "()");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "ba(ss)", 255, 3, "aaa", "1", "bbb", "2", "ccc", "3");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_open_container(m, 'a', "s");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append_basic(m, 's', "foobar");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append_basic(m, 's', "waldo");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_close_container(m);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append_string_space(m, 5, &s);
-        assert_se(r >= 0);
-        strcpy(s, "hallo");
-
-        r = sd_bus_message_append_array(m, 'i', integer_array, sizeof(integer_array));
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append_array(m, 'u', NULL, 0);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "a(stdo)", 1, "foo", 815ULL, 47.0, "/");
-        assert_se(r >= 0);
-
-        r = bus_message_seal(m, 4711, 0);
-        assert_se(r >= 0);
-
-        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        ms = open_memstream(&first, &first_size);
-        bus_message_dump(m, ms, 0);
-        fflush(ms);
-        assert_se(!ferror(ms));
-
-        r = bus_message_get_blob(m, &buffer, &sz);
-        assert_se(r >= 0);
-
-        h = hexmem(buffer, sz);
-        assert_se(h);
-
-        log_info("message size = %zu, contents =\n%s", sz, h);
-        free(h);
-
-#ifdef HAVE_GLIB
-        {
-                GDBusMessage *g;
-                char *p;
-
-#if !defined(GLIB_VERSION_2_36)
-                g_type_init();
-#endif
-
-                g = g_dbus_message_new_from_blob(buffer, sz, 0, NULL);
-                p = g_dbus_message_print(g, 0);
-                log_info("%s", p);
-                g_free(p);
-                g_object_unref(g);
-        }
-#endif
-
-#ifdef HAVE_DBUS
-        {
-                DBusMessage *w;
-                DBusError error;
-
-                dbus_error_init(&error);
-
-                w = dbus_message_demarshal(buffer, sz, &error);
-                if (!w)
-                        log_error("%s", error.message);
-                else
-                        dbus_message_unref(w);
-
-                dbus_error_free(&error);
-        }
-#endif
-
-        m = sd_bus_message_unref(m);
-
-        r = bus_message_from_malloc(bus, buffer, sz, NULL, 0, NULL, &m);
-        assert_se(r >= 0);
-
-        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        fclose(ms);
-        ms = open_memstream(&second, &second_size);
-        bus_message_dump(m, ms, 0);
-        fflush(ms);
-        assert_se(!ferror(ms));
-        assert_se(first_size == second_size);
-        assert_se(memcmp(first, second, first_size) == 0);
-
-        assert_se(sd_bus_message_rewind(m, true) >= 0);
-
-        r = sd_bus_message_read(m, "ssasg", &x, &x2, 2, &y, &z, &a_signature);
-        assert_se(r > 0);
-        assert_se(streq(x, "a string"));
-        assert_se(streq(x2, ""));
-        assert_se(streq(y, "string #1"));
-        assert_se(streq(z, "string #2"));
-        assert_se(streq(a_signature, "sba(tt)ss"));
-
-        r = sd_bus_message_read(m, "sass", &x, 5, &y, &z, &a, &b, &c, &d);
-        assert_se(r > 0);
-        assert_se(streq(x, "foobar"));
-        assert_se(streq(y, "foo"));
-        assert_se(streq(z, "bar"));
-        assert_se(streq(a, "waldo"));
-        assert_se(streq(b, "piep"));
-        assert_se(streq(c, "pap"));
-        assert_se(streq(d, "after"));
-
-        r = sd_bus_message_read(m, "a{yv}", 2, &u, "s", &x, &v, "s", &y);
-        assert_se(r > 0);
-        assert_se(u == 3);
-        assert_se(streq(x, "foo"));
-        assert_se(v == 5);
-        assert_se(streq(y, "waldo"));
-
-        r = sd_bus_message_read(m, "y(ty)", &v, &u64, &u);
-        assert_se(r > 0);
-        assert_se(v == 8);
-        assert_se(u64 == 777);
-        assert_se(u == 7);
-
-        r = sd_bus_message_read(m, "y(yt)", &v, &u, &u64);
-        assert_se(r > 0);
-        assert_se(v == 9);
-        assert_se(u == 77);
-        assert_se(u64 == 7777);
-
-        r = sd_bus_message_read(m, "y", &v);
-        assert_se(r > 0);
-        assert_se(v == 10);
-
-        r = sd_bus_message_read(m, "()");
-        assert_se(r > 0);
-
-        r = sd_bus_message_read(m, "ba(ss)", &boolean, 3, &x, &y, &a, &b, &c, &d);
-        assert_se(r > 0);
-        assert_se(boolean);
-        assert_se(streq(x, "aaa"));
-        assert_se(streq(y, "1"));
-        assert_se(streq(a, "bbb"));
-        assert_se(streq(b, "2"));
-        assert_se(streq(c, "ccc"));
-        assert_se(streq(d, "3"));
-
-        assert_se(sd_bus_message_verify_type(m, 'a', "s") > 0);
-
-        r = sd_bus_message_read(m, "as", 2, &x, &y);
-        assert_se(r > 0);
-        assert_se(streq(x, "foobar"));
-        assert_se(streq(y, "waldo"));
-
-        r = sd_bus_message_read_basic(m, 's', &s);
-        assert_se(r > 0);
-        assert_se(streq(s, "hallo"));
-
-        r = sd_bus_message_read_array(m, 'i', (const void**) &return_array, &sz);
-        assert_se(r > 0);
-        assert_se(sz == sizeof(integer_array));
-        assert_se(memcmp(integer_array, return_array, sz) == 0);
-
-        r = sd_bus_message_read_array(m, 'u', (const void**) &return_array, &sz);
-        assert_se(r > 0);
-        assert_se(sz == 0);
-
-        r = sd_bus_message_read(m, "a(stdo)", 1, &x, &u64, &dbl, &y);
-        assert_se(r > 0);
-        assert_se(streq(x, "foo"));
-        assert_se(u64 == 815ULL);
-        assert_se(fabs(dbl - 47.0) < 0.1);
-        assert_se(streq(y, "/"));
-
-        r = sd_bus_message_peek_type(m, NULL, NULL);
-        assert_se(r == 0);
-
-        r = sd_bus_message_new_method_call(bus, &copy, "foobar.waldo", "/", "foobar.waldo", "Piep");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_rewind(m, true);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_copy(copy, m, true);
-        assert_se(r >= 0);
-
-        r = bus_message_seal(copy, 4712, 0);
-        assert_se(r >= 0);
-
-        fclose(ms);
-        ms = open_memstream(&third, &third_size);
-        bus_message_dump(copy, ms, 0);
-        fflush(ms);
-        assert_se(!ferror(ms));
-
-        printf("<%.*s>\n", (int) first_size, first);
-        printf("<%.*s>\n", (int) third_size, third);
-
-        assert_se(first_size == third_size);
-        assert_se(memcmp(first, third, third_size) == 0);
-
-        r = sd_bus_message_rewind(m, true);
-        assert_se(r >= 0);
-
-        assert_se(sd_bus_message_verify_type(m, 's', NULL) > 0);
-
-        r = sd_bus_message_skip(m, "ssasg");
-        assert_se(r > 0);
-
-        assert_se(sd_bus_message_verify_type(m, 's', NULL) > 0);
-
-        r = sd_bus_message_skip(m, "sass");
-        assert_se(r >= 0);
-
-        assert_se(sd_bus_message_verify_type(m, 'a', "{yv}") > 0);
-
-        r = sd_bus_message_skip(m, "a{yv}y(ty)y(yt)y()");
-        assert_se(r >= 0);
-
-        assert_se(sd_bus_message_verify_type(m, 'b', NULL) > 0);
-
-        r = sd_bus_message_read(m, "b", &boolean);
-        assert_se(r > 0);
-        assert_se(boolean);
-
-        r = sd_bus_message_enter_container(m, 0, NULL);
-        assert_se(r > 0);
-
-        r = sd_bus_message_read(m, "(ss)", &x, &y);
-        assert_se(r > 0);
-
-        r = sd_bus_message_read(m, "(ss)", &a, &b);
-        assert_se(r > 0);
-
-        r = sd_bus_message_read(m, "(ss)", &c, &d);
-        assert_se(r > 0);
-
-        r = sd_bus_message_read(m, "(ss)", &x, &y);
-        assert_se(r == 0);
-
-        r = sd_bus_message_exit_container(m);
-        assert_se(r >= 0);
-
-        assert_se(streq(x, "aaa"));
-        assert_se(streq(y, "1"));
-        assert_se(streq(a, "bbb"));
-        assert_se(streq(b, "2"));
-        assert_se(streq(c, "ccc"));
-        assert_se(streq(d, "3"));
-
-        test_bus_label_escape();
-        test_bus_path_encode();
-        test_bus_path_encode_unique();
-        test_bus_path_encode_many();
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-objects.c b/src/libsystemd/sd-bus/test-bus-objects.c
deleted file mode 100644
index f11cafd888..0000000000
--- a/src/libsystemd/sd-bus/test-bus-objects.c
+++ /dev/null
@@ -1,555 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <pthread.h>
-#include <stdlib.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-dump.h"
-#include "bus-internal.h"
-#include "bus-message.h"
-#include "bus-util.h"
-#include "log.h"
-#include "macro.h"
-#include "strv.h"
-#include "util.h"
-
-struct context {
-        int fds[2];
-        bool quit;
-        char *something;
-        char *automatic_string_property;
-        uint32_t automatic_integer_property;
-};
-
-static int something_handler(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        struct context *c = userdata;
-        const char *s;
-        char *n = NULL;
-        int r;
-
-        r = sd_bus_message_read(m, "s", &s);
-        assert_se(r > 0);
-
-        n = strjoin("<<<", s, ">>>", NULL);
-        assert_se(n);
-
-        free(c->something);
-        c->something = n;
-
-        log_info("AlterSomething() called, got %s, returning %s", s, n);
-
-        /* This should fail, since the return type doesn't match */
-        assert_se(sd_bus_reply_method_return(m, "u", 4711) == -ENOMSG);
-
-        r = sd_bus_reply_method_return(m, "s", n);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int exit_handler(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        struct context *c = userdata;
-        int r;
-
-        c->quit = true;
-
-        log_info("Exit called");
-
-        r = sd_bus_reply_method_return(m, "");
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int get_handler(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
-        struct context *c = userdata;
-        int r;
-
-        log_info("property get for %s called, returning \"%s\".", property, c->something);
-
-        r = sd_bus_message_append(reply, "s", c->something);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int set_handler(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *value, void *userdata, sd_bus_error *error) {
-        struct context *c = userdata;
-        const char *s;
-        char *n;
-        int r;
-
-        log_info("property set for %s called", property);
-
-        r = sd_bus_message_read(value, "s", &s);
-        assert_se(r >= 0);
-
-        n = strdup(s);
-        assert_se(n);
-
-        free(c->something);
-        c->something = n;
-
-        return 1;
-}
-
-static int value_handler(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *s = NULL;
-        const char *x;
-        int r;
-
-        assert_se(asprintf(&s, "object %p, path %s", userdata, path) >= 0);
-        r = sd_bus_message_append(reply, "s", s);
-        assert_se(r >= 0);
-
-        assert_se(x = startswith(path, "/value/"));
-
-        assert_se(PTR_TO_UINT(userdata) == 30);
-
-        return 1;
-}
-
-static int notify_test(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int r;
-
-        assert_se(sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), m->path, "org.freedesktop.systemd.ValueTest", "Value", NULL) >= 0);
-
-        r = sd_bus_reply_method_return(m, NULL);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int notify_test2(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int r;
-
-        assert_se(sd_bus_emit_properties_changed_strv(sd_bus_message_get_bus(m), m->path, "org.freedesktop.systemd.ValueTest", NULL) >= 0);
-
-        r = sd_bus_reply_method_return(m, NULL);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int emit_interfaces_added(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int r;
-
-        assert_se(sd_bus_emit_interfaces_added(sd_bus_message_get_bus(m), "/value/a/x", "org.freedesktop.systemd.ValueTest", NULL) >= 0);
-
-        r = sd_bus_reply_method_return(m, NULL);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int emit_interfaces_removed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int r;
-
-        assert_se(sd_bus_emit_interfaces_removed(sd_bus_message_get_bus(m), "/value/a/x", "org.freedesktop.systemd.ValueTest", NULL) >= 0);
-
-        r = sd_bus_reply_method_return(m, NULL);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int emit_object_added(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int r;
-
-        assert_se(sd_bus_emit_object_added(sd_bus_message_get_bus(m), "/value/a/x") >= 0);
-
-        r = sd_bus_reply_method_return(m, NULL);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static int emit_object_removed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int r;
-
-        assert_se(sd_bus_emit_object_removed(sd_bus_message_get_bus(m), "/value/a/x") >= 0);
-
-        r = sd_bus_reply_method_return(m, NULL);
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static const sd_bus_vtable vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_METHOD("AlterSomething", "s", "s", something_handler, 0),
-        SD_BUS_METHOD("Exit", "", "", exit_handler, 0),
-        SD_BUS_WRITABLE_PROPERTY("Something", "s", get_handler, set_handler, 0, 0),
-        SD_BUS_WRITABLE_PROPERTY("AutomaticStringProperty", "s", NULL, NULL, offsetof(struct context, automatic_string_property), 0),
-        SD_BUS_WRITABLE_PROPERTY("AutomaticIntegerProperty", "u", NULL, NULL, offsetof(struct context, automatic_integer_property), 0),
-        SD_BUS_METHOD("NoOperation", NULL, NULL, NULL, 0),
-        SD_BUS_METHOD("EmitInterfacesAdded", NULL, NULL, emit_interfaces_added, 0),
-        SD_BUS_METHOD("EmitInterfacesRemoved", NULL, NULL, emit_interfaces_removed, 0),
-        SD_BUS_METHOD("EmitObjectAdded", NULL, NULL, emit_object_added, 0),
-        SD_BUS_METHOD("EmitObjectRemoved", NULL, NULL, emit_object_removed, 0),
-        SD_BUS_VTABLE_END
-};
-
-static const sd_bus_vtable vtable2[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_METHOD("NotifyTest", "", "", notify_test, 0),
-        SD_BUS_METHOD("NotifyTest2", "", "", notify_test2, 0),
-        SD_BUS_PROPERTY("Value", "s", value_handler, 10, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("Value2", "s", value_handler, 10, SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
-        SD_BUS_PROPERTY("Value3", "s", value_handler, 10, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("Value4", "s", value_handler, 10, 0),
-        SD_BUS_PROPERTY("AnExplicitProperty", "s", NULL, offsetof(struct context, something), SD_BUS_VTABLE_PROPERTY_EXPLICIT|SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
-        SD_BUS_VTABLE_END
-};
-
-static int enumerator_callback(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
-
-        if (object_path_startswith("/value", path))
-                assert_se(*nodes = strv_new("/value/a", "/value/b", "/value/c", NULL));
-
-        return 1;
-}
-
-static int enumerator2_callback(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
-
-        if (object_path_startswith("/value/a", path))
-                assert_se(*nodes = strv_new("/value/a/x", "/value/a/y", "/value/a/z", NULL));
-
-        return 1;
-}
-
-static void *server(void *p) {
-        struct context *c = p;
-        sd_bus *bus = NULL;
-        sd_id128_t id;
-        int r;
-
-        c->quit = false;
-
-        assert_se(sd_id128_randomize(&id) >= 0);
-
-        assert_se(sd_bus_new(&bus) >= 0);
-        assert_se(sd_bus_set_fd(bus, c->fds[0], c->fds[0]) >= 0);
-        assert_se(sd_bus_set_server(bus, 1, id) >= 0);
-
-        assert_se(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.test", vtable, c) >= 0);
-        assert_se(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.test2", vtable, c) >= 0);
-        assert_se(sd_bus_add_fallback_vtable(bus, NULL, "/value", "org.freedesktop.systemd.ValueTest", vtable2, NULL, UINT_TO_PTR(20)) >= 0);
-        assert_se(sd_bus_add_node_enumerator(bus, NULL, "/value", enumerator_callback, NULL) >= 0);
-        assert_se(sd_bus_add_node_enumerator(bus, NULL, "/value/a", enumerator2_callback, NULL) >= 0);
-        assert_se(sd_bus_add_object_manager(bus, NULL, "/value") >= 0);
-        assert_se(sd_bus_add_object_manager(bus, NULL, "/value/a") >= 0);
-
-        assert_se(sd_bus_start(bus) >= 0);
-
-        log_error("Entering event loop on server");
-
-        while (!c->quit) {
-                log_error("Loop!");
-
-                r = sd_bus_process(bus, NULL);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to process requests: %m");
-                        goto fail;
-                }
-
-                if (r == 0) {
-                        r = sd_bus_wait(bus, (uint64_t) -1);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to wait: %m");
-                                goto fail;
-                        }
-
-                        continue;
-                }
-        }
-
-        r = 0;
-
-fail:
-        if (bus) {
-                sd_bus_flush(bus);
-                sd_bus_unref(bus);
-        }
-
-        return INT_TO_PTR(r);
-}
-
-static int client(struct context *c) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *s;
-        int r;
-
-        assert_se(sd_bus_new(&bus) >= 0);
-        assert_se(sd_bus_set_fd(bus, c->fds[1], c->fds[1]) >= 0);
-        assert_se(sd_bus_start(bus) >= 0);
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "NoOperation", &error, NULL, NULL);
-        assert_se(r >= 0);
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AlterSomething", &error, &reply, "s", "hallo");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        assert_se(streq(s, "<<<hallo>>>"));
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Doesntexist", &error, &reply, "");
-        assert_se(r < 0);
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD));
-
-        sd_bus_error_free(&error);
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AlterSomething", &error, &reply, "as", 1, "hallo");
-        assert_se(r < 0);
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_INVALID_ARGS));
-
-        sd_bus_error_free(&error);
-
-        r = sd_bus_get_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Something", &error, &reply, "s");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        assert_se(streq(s, "<<<hallo>>>"));
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_set_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Something", &error, "s", "test");
-        assert_se(r >= 0);
-
-        r = sd_bus_get_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Something", &error, &reply, "s");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        assert_se(streq(s, "test"));
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_set_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AutomaticIntegerProperty", &error, "u", 815);
-        assert_se(r >= 0);
-
-        assert_se(c->automatic_integer_property == 815);
-
-        r = sd_bus_set_property(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "AutomaticStringProperty", &error, "s", "Du Dödel, Du!");
-        assert_se(r >= 0);
-
-        assert_se(streq(c->automatic_string_property, "Du Dödel, Du!"));
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        fputs(s, stdout);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_get_property(bus, "org.freedesktop.systemd.test", "/value/xuzz", "org.freedesktop.systemd.ValueTest", "Value", &error, &reply, "s");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        log_info("read %s", s);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        fputs(s, stdout);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        fputs(s, stdout);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read(reply, "s", &s);
-        assert_se(r >= 0);
-        fputs(s, stdout);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", "");
-        assert_se(r >= 0);
-
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", "org.freedesktop.systemd.ValueTest2");
-        assert_se(r < 0);
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_INTERFACE));
-        sd_bus_error_free(&error);
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.DBus.ObjectManager", "GetManagedObjects", &error, &reply, "");
-        assert_se(r < 0);
-        assert_se(sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD));
-        sd_bus_error_free(&error);
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value", "org.freedesktop.DBus.ObjectManager", "GetManagedObjects", &error, &reply, "");
-        assert_se(r >= 0);
-
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.systemd.ValueTest", "NotifyTest", &error, NULL, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_process(bus, &reply);
-        assert_se(r > 0);
-
-        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.Properties", "PropertiesChanged"));
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/value/a", "org.freedesktop.systemd.ValueTest", "NotifyTest2", &error, NULL, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_process(bus, &reply);
-        assert_se(r > 0);
-
-        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.Properties", "PropertiesChanged"));
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitInterfacesAdded", &error, NULL, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_process(bus, &reply);
-        assert_se(r > 0);
-
-        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesAdded"));
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitInterfacesRemoved", &error, NULL, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_process(bus, &reply);
-        assert_se(r > 0);
-
-        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesRemoved"));
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitObjectAdded", &error, NULL, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_process(bus, &reply);
-        assert_se(r > 0);
-
-        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesAdded"));
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "EmitObjectRemoved", &error, NULL, "");
-        assert_se(r >= 0);
-
-        r = sd_bus_process(bus, &reply);
-        assert_se(r > 0);
-
-        assert_se(sd_bus_message_is_signal(reply, "org.freedesktop.DBus.ObjectManager", "InterfacesRemoved"));
-        bus_message_dump(reply, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        sd_bus_message_unref(reply);
-        reply = NULL;
-
-        r = sd_bus_call_method(bus, "org.freedesktop.systemd.test", "/foo", "org.freedesktop.systemd.test", "Exit", &error, NULL, "");
-        assert_se(r >= 0);
-
-        sd_bus_flush(bus);
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        struct context c = {};
-        pthread_t s;
-        void *p;
-        int r, q;
-
-        zero(c);
-
-        c.automatic_integer_property = 4711;
-        assert_se(c.automatic_string_property = strdup("dudeldu"));
-
-        assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, c.fds) >= 0);
-
-        r = pthread_create(&s, NULL, server, &c);
-        if (r != 0)
-                return -r;
-
-        r = client(&c);
-
-        q = pthread_join(s, &p);
-        if (q != 0)
-                return -q;
-
-        if (r < 0)
-                return r;
-
-        if (PTR_TO_INT(p) < 0)
-                return PTR_TO_INT(p);
-
-        free(c.something);
-        free(c.automatic_string_property);
-
-        return EXIT_SUCCESS;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-server.c b/src/libsystemd/sd-bus/test-bus-server.c
deleted file mode 100644
index b6272efc30..0000000000
--- a/src/libsystemd/sd-bus/test-bus-server.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <pthread.h>
-#include <stdlib.h>
-
-#include "sd-bus.h"
-
-#include "bus-internal.h"
-#include "bus-util.h"
-#include "log.h"
-#include "macro.h"
-#include "util.h"
-
-struct context {
-        int fds[2];
-
-        bool client_negotiate_unix_fds;
-        bool server_negotiate_unix_fds;
-
-        bool client_anonymous_auth;
-        bool server_anonymous_auth;
-};
-
-static void *server(void *p) {
-        struct context *c = p;
-        sd_bus *bus = NULL;
-        sd_id128_t id;
-        bool quit = false;
-        int r;
-
-        assert_se(sd_id128_randomize(&id) >= 0);
-
-        assert_se(sd_bus_new(&bus) >= 0);
-        assert_se(sd_bus_set_fd(bus, c->fds[0], c->fds[0]) >= 0);
-        assert_se(sd_bus_set_server(bus, 1, id) >= 0);
-        assert_se(sd_bus_set_anonymous(bus, c->server_anonymous_auth) >= 0);
-        assert_se(sd_bus_negotiate_fds(bus, c->server_negotiate_unix_fds) >= 0);
-        assert_se(sd_bus_start(bus) >= 0);
-
-        while (!quit) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-
-                r = sd_bus_process(bus, &m);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to process requests: %m");
-                        goto fail;
-                }
-
-                if (r == 0) {
-                        r = sd_bus_wait(bus, (uint64_t) -1);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to wait: %m");
-                                goto fail;
-                        }
-
-                        continue;
-                }
-
-                if (!m)
-                        continue;
-
-                log_info("Got message! member=%s", strna(sd_bus_message_get_member(m)));
-
-                if (sd_bus_message_is_method_call(m, "org.freedesktop.systemd.test", "Exit")) {
-
-                        assert_se((sd_bus_can_send(bus, 'h') >= 1) == (c->server_negotiate_unix_fds && c->client_negotiate_unix_fds));
-
-                        r = sd_bus_message_new_method_return(m, &reply);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to allocate return: %m");
-                                goto fail;
-                        }
-
-                        quit = true;
-
-                } else if (sd_bus_message_is_method_call(m, NULL, NULL)) {
-                        r = sd_bus_message_new_method_error(
-                                        m,
-                                        &reply,
-                                        &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_UNKNOWN_METHOD, "Unknown method."));
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to allocate return: %m");
-                                goto fail;
-                        }
-                }
-
-                if (reply) {
-                        r = sd_bus_send(bus, reply, NULL);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send reply: %m");
-                                goto fail;
-                        }
-                }
-        }
-
-        r = 0;
-
-fail:
-        if (bus) {
-                sd_bus_flush(bus);
-                sd_bus_unref(bus);
-        }
-
-        return INT_TO_PTR(r);
-}
-
-static int client(struct context *c) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert_se(sd_bus_new(&bus) >= 0);
-        assert_se(sd_bus_set_fd(bus, c->fds[1], c->fds[1]) >= 0);
-        assert_se(sd_bus_negotiate_fds(bus, c->client_negotiate_unix_fds) >= 0);
-        assert_se(sd_bus_set_anonymous(bus, c->client_anonymous_auth) >= 0);
-        assert_se(sd_bus_start(bus) >= 0);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd.test",
-                        "/",
-                        "org.freedesktop.systemd.test",
-                        "Exit");
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate method call: %m");
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0) {
-                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int test_one(bool client_negotiate_unix_fds, bool server_negotiate_unix_fds,
-                    bool client_anonymous_auth, bool server_anonymous_auth) {
-
-        struct context c;
-        pthread_t s;
-        void *p;
-        int r, q;
-
-        zero(c);
-
-        assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, c.fds) >= 0);
-
-        c.client_negotiate_unix_fds = client_negotiate_unix_fds;
-        c.server_negotiate_unix_fds = server_negotiate_unix_fds;
-        c.client_anonymous_auth = client_anonymous_auth;
-        c.server_anonymous_auth = server_anonymous_auth;
-
-        r = pthread_create(&s, NULL, server, &c);
-        if (r != 0)
-                return -r;
-
-        r = client(&c);
-
-        q = pthread_join(s, &p);
-        if (q != 0)
-                return -q;
-
-        if (r < 0)
-                return r;
-
-        if (PTR_TO_INT(p) < 0)
-                return PTR_TO_INT(p);
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        int r;
-
-        r = test_one(true, true, false, false);
-        assert_se(r >= 0);
-
-        r = test_one(true, false, false, false);
-        assert_se(r >= 0);
-
-        r = test_one(false, true, false, false);
-        assert_se(r >= 0);
-
-        r = test_one(false, false, false, false);
-        assert_se(r >= 0);
-
-        r = test_one(true, true, true, true);
-        assert_se(r >= 0);
-
-        r = test_one(true, true, false, true);
-        assert_se(r >= 0);
-
-        r = test_one(true, true, true, false);
-        assert_se(r == -EPERM);
-
-        return EXIT_SUCCESS;
-}
diff --git a/src/libsystemd/sd-bus/test-bus-zero-copy.c b/src/libsystemd/sd-bus/test-bus-zero-copy.c
deleted file mode 100644
index 3380e8500a..0000000000
--- a/src/libsystemd/sd-bus/test-bus-zero-copy.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sys/mman.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-dump.h"
-#include "bus-kernel.h"
-#include "bus-message.h"
-#include "fd-util.h"
-#include "log.h"
-#include "memfd-util.h"
-#include "string-util.h"
-#include "util.h"
-
-#define FIRST_ARRAY 17
-#define SECOND_ARRAY 33
-
-#define STRING_SIZE 123
-
-int main(int argc, char *argv[]) {
-        _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL;
-        const char *unique;
-        uint8_t *p;
-        sd_bus *a, *b;
-        int r, bus_ref;
-        sd_bus_message *m;
-        int f;
-        uint64_t sz;
-        uint32_t u32;
-        size_t i, l;
-        char *s;
-        _cleanup_close_ int sfd = -1;
-
-        log_set_max_level(LOG_DEBUG);
-
-        assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0);
-
-        bus_ref = bus_kernel_create_bus(name, false, &bus_name);
-        if (bus_ref == -ENOENT)
-                return EXIT_TEST_SKIP;
-
-        assert_se(bus_ref >= 0);
-
-        address = strappend("kernel:path=", bus_name);
-        assert_se(address);
-
-        r = sd_bus_new(&a);
-        assert_se(r >= 0);
-
-        r = sd_bus_new(&b);
-        assert_se(r >= 0);
-
-        r = sd_bus_set_address(a, address);
-        assert_se(r >= 0);
-
-        r = sd_bus_set_address(b, address);
-        assert_se(r >= 0);
-
-        r = sd_bus_start(a);
-        assert_se(r >= 0);
-
-        r = sd_bus_start(b);
-        assert_se(r >= 0);
-
-        r = sd_bus_get_unique_name(a, &unique);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_new_method_call(b, &m, unique, "/a/path", "an.inter.face", "AMethod");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_open_container(m, 'r', "aysay");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append_array_space(m, 'y', FIRST_ARRAY, (void**) &p);
-        assert_se(r >= 0);
-
-        p[0] = '<';
-        memset(p+1, 'L', FIRST_ARRAY-2);
-        p[FIRST_ARRAY-1] = '>';
-
-        f = memfd_new_and_map(NULL, STRING_SIZE, (void**) &s);
-        assert_se(f >= 0);
-
-        s[0] = '<';
-        for (i = 1; i < STRING_SIZE-2; i++)
-                s[i] = '0' + (i % 10);
-        s[STRING_SIZE-2] = '>';
-        s[STRING_SIZE-1] = 0;
-        munmap(s, STRING_SIZE);
-
-        r = memfd_get_size(f, &sz);
-        assert_se(r >= 0);
-        assert_se(sz == STRING_SIZE);
-
-        r = sd_bus_message_append_string_memfd(m, f, 0, (uint64_t) -1);
-        assert_se(r >= 0);
-
-        close(f);
-
-        f = memfd_new_and_map(NULL, SECOND_ARRAY, (void**) &p);
-        assert_se(f >= 0);
-
-        p[0] = '<';
-        memset(p+1, 'P', SECOND_ARRAY-2);
-        p[SECOND_ARRAY-1] = '>';
-        munmap(p, SECOND_ARRAY);
-
-        r = memfd_get_size(f, &sz);
-        assert_se(r >= 0);
-        assert_se(sz == SECOND_ARRAY);
-
-        r = sd_bus_message_append_array_memfd(m, 'y', f, 0, (uint64_t) -1);
-        assert_se(r >= 0);
-
-        close(f);
-
-        r = sd_bus_message_close_container(m);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_append(m, "u", 4711);
-        assert_se(r >= 0);
-
-        assert_se((sfd = memfd_new_and_map(NULL, 6, (void**) &p)) >= 0);
-        memcpy(p, "abcd\0", 6);
-        munmap(p, 6);
-        assert_se(sd_bus_message_append_string_memfd(m, sfd, 1, 4) >= 0);
-
-        r = bus_message_seal(m, 55, 99*USEC_PER_SEC);
-        assert_se(r >= 0);
-
-        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-
-        r = sd_bus_send(b, m, NULL);
-        assert_se(r >= 0);
-
-        sd_bus_message_unref(m);
-
-        r = sd_bus_process(a, &m);
-        assert_se(r > 0);
-
-        bus_message_dump(m, stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
-        sd_bus_message_rewind(m, true);
-
-        r = sd_bus_message_enter_container(m, 'r', "aysay");
-        assert_se(r > 0);
-
-        r = sd_bus_message_read_array(m, 'y', (const void**) &p, &l);
-        assert_se(r > 0);
-        assert_se(l == FIRST_ARRAY);
-
-        assert_se(p[0] == '<');
-        for (i = 1; i < l-1; i++)
-                assert_se(p[i] == 'L');
-        assert_se(p[l-1] == '>');
-
-        r = sd_bus_message_read(m, "s", &s);
-        assert_se(r > 0);
-
-        assert_se(s[0] == '<');
-        for (i = 1; i < STRING_SIZE-2; i++)
-                assert_se(s[i] == (char) ('0' + (i % 10)));
-        assert_se(s[STRING_SIZE-2] == '>');
-        assert_se(s[STRING_SIZE-1] == 0);
-
-        r = sd_bus_message_read_array(m, 'y', (const void**) &p, &l);
-        assert_se(r > 0);
-        assert_se(l == SECOND_ARRAY);
-
-        assert_se(p[0] == '<');
-        for (i = 1; i < l-1; i++)
-                assert_se(p[i] == 'P');
-        assert_se(p[l-1] == '>');
-
-        r = sd_bus_message_exit_container(m);
-        assert_se(r > 0);
-
-        r = sd_bus_message_read(m, "u", &u32);
-        assert_se(r > 0);
-        assert_se(u32 == 4711);
-
-        r = sd_bus_message_read(m, "s", &s);
-        assert_se(r > 0);
-        assert_se(streq_ptr(s, "bcd"));
-
-        sd_bus_message_unref(m);
-
-        sd_bus_unref(a);
-        sd_bus_unref(b);
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-daemon/Makefile b/src/libsystemd/sd-daemon/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/libsystemd/sd-daemon/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c
deleted file mode 100644
index 4da9dbfd63..0000000000
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <limits.h>
-#include <mqueue.h>
-#include <netinet/in.h>
-#include <stdarg.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/un.h>
-#include <unistd.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "fs-util.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "socket-util.h"
-#include "strv.h"
-#include "util.h"
-
-#define SNDBUF_SIZE (8*1024*1024)
-
-static void unsetenv_all(bool unset_environment) {
-
-        if (!unset_environment)
-                return;
-
-        unsetenv("LISTEN_PID");
-        unsetenv("LISTEN_FDS");
-        unsetenv("LISTEN_FDNAMES");
-}
-
-_public_ int sd_listen_fds(int unset_environment) {
-        const char *e;
-        int n, r, fd;
-        pid_t pid;
-
-        e = getenv("LISTEN_PID");
-        if (!e) {
-                r = 0;
-                goto finish;
-        }
-
-        r = parse_pid(e, &pid);
-        if (r < 0)
-                goto finish;
-
-        /* Is this for us? */
-        if (getpid() != pid) {
-                r = 0;
-                goto finish;
-        }
-
-        e = getenv("LISTEN_FDS");
-        if (!e) {
-                r = 0;
-                goto finish;
-        }
-
-        r = safe_atoi(e, &n);
-        if (r < 0)
-                goto finish;
-
-        assert_cc(SD_LISTEN_FDS_START < INT_MAX);
-        if (n <= 0 || n > INT_MAX - SD_LISTEN_FDS_START) {
-                r = -EINVAL;
-                goto finish;
-        }
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
-                r = fd_cloexec(fd, true);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = n;
-
-finish:
-        unsetenv_all(unset_environment);
-        return r;
-}
-
-_public_ int sd_listen_fds_with_names(int unset_environment, char ***names) {
-        _cleanup_strv_free_ char **l = NULL;
-        bool have_names;
-        int n_names = 0, n_fds;
-        const char *e;
-        int r;
-
-        if (!names)
-                return sd_listen_fds(unset_environment);
-
-        e = getenv("LISTEN_FDNAMES");
-        if (e) {
-                n_names = strv_split_extract(&l, e, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
-                if (n_names < 0) {
-                        unsetenv_all(unset_environment);
-                        return n_names;
-                }
-
-                have_names = true;
-        } else
-                have_names = false;
-
-        n_fds = sd_listen_fds(unset_environment);
-        if (n_fds <= 0)
-                return n_fds;
-
-        if (have_names) {
-                if (n_names != n_fds)
-                        return -EINVAL;
-        } else {
-                r = strv_extend_n(&l, "unknown", n_fds);
-                if (r < 0)
-                        return r;
-        }
-
-        *names = l;
-        l = NULL;
-
-        return n_fds;
-}
-
-_public_ int sd_is_fifo(int fd, const char *path) {
-        struct stat st_fd;
-
-        assert_return(fd >= 0, -EBADF);
-
-        if (fstat(fd, &st_fd) < 0)
-                return -errno;
-
-        if (!S_ISFIFO(st_fd.st_mode))
-                return 0;
-
-        if (path) {
-                struct stat st_path;
-
-                if (stat(path, &st_path) < 0) {
-
-                        if (errno == ENOENT || errno == ENOTDIR)
-                                return 0;
-
-                        return -errno;
-                }
-
-                return
-                        st_path.st_dev == st_fd.st_dev &&
-                        st_path.st_ino == st_fd.st_ino;
-        }
-
-        return 1;
-}
-
-_public_ int sd_is_special(int fd, const char *path) {
-        struct stat st_fd;
-
-        assert_return(fd >= 0, -EBADF);
-
-        if (fstat(fd, &st_fd) < 0)
-                return -errno;
-
-        if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode))
-                return 0;
-
-        if (path) {
-                struct stat st_path;
-
-                if (stat(path, &st_path) < 0) {
-
-                        if (errno == ENOENT || errno == ENOTDIR)
-                                return 0;
-
-                        return -errno;
-                }
-
-                if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode))
-                        return
-                                st_path.st_dev == st_fd.st_dev &&
-                                st_path.st_ino == st_fd.st_ino;
-                else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode))
-                        return st_path.st_rdev == st_fd.st_rdev;
-                else
-                        return 0;
-        }
-
-        return 1;
-}
-
-static int sd_is_socket_internal(int fd, int type, int listening) {
-        struct stat st_fd;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(type >= 0, -EINVAL);
-
-        if (fstat(fd, &st_fd) < 0)
-                return -errno;
-
-        if (!S_ISSOCK(st_fd.st_mode))
-                return 0;
-
-        if (type != 0) {
-                int other_type = 0;
-                socklen_t l = sizeof(other_type);
-
-                if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0)
-                        return -errno;
-
-                if (l != sizeof(other_type))
-                        return -EINVAL;
-
-                if (other_type != type)
-                        return 0;
-        }
-
-        if (listening >= 0) {
-                int accepting = 0;
-                socklen_t l = sizeof(accepting);
-
-                if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0)
-                        return -errno;
-
-                if (l != sizeof(accepting))
-                        return -EINVAL;
-
-                if (!accepting != !listening)
-                        return 0;
-        }
-
-        return 1;
-}
-
-_public_ int sd_is_socket(int fd, int family, int type, int listening) {
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(family >= 0, -EINVAL);
-
-        r = sd_is_socket_internal(fd, type, listening);
-        if (r <= 0)
-                return r;
-
-        if (family > 0) {
-                union sockaddr_union sockaddr = {};
-                socklen_t l = sizeof(sockaddr);
-
-                if (getsockname(fd, &sockaddr.sa, &l) < 0)
-                        return -errno;
-
-                if (l < sizeof(sa_family_t))
-                        return -EINVAL;
-
-                return sockaddr.sa.sa_family == family;
-        }
-
-        return 1;
-}
-
-_public_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) {
-        union sockaddr_union sockaddr = {};
-        socklen_t l = sizeof(sockaddr);
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(IN_SET(family, 0, AF_INET, AF_INET6), -EINVAL);
-
-        r = sd_is_socket_internal(fd, type, listening);
-        if (r <= 0)
-                return r;
-
-        if (getsockname(fd, &sockaddr.sa, &l) < 0)
-                return -errno;
-
-        if (l < sizeof(sa_family_t))
-                return -EINVAL;
-
-        if (sockaddr.sa.sa_family != AF_INET &&
-            sockaddr.sa.sa_family != AF_INET6)
-                return 0;
-
-        if (family != 0)
-                if (sockaddr.sa.sa_family != family)
-                        return 0;
-
-        if (port > 0) {
-                if (sockaddr.sa.sa_family == AF_INET) {
-                        if (l < sizeof(struct sockaddr_in))
-                                return -EINVAL;
-
-                        return htons(port) == sockaddr.in.sin_port;
-                } else {
-                        if (l < sizeof(struct sockaddr_in6))
-                                return -EINVAL;
-
-                        return htons(port) == sockaddr.in6.sin6_port;
-                }
-        }
-
-        return 1;
-}
-
-_public_ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) {
-        union sockaddr_union sockaddr = {};
-        socklen_t l = sizeof(sockaddr);
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-
-        r = sd_is_socket_internal(fd, type, listening);
-        if (r <= 0)
-                return r;
-
-        if (getsockname(fd, &sockaddr.sa, &l) < 0)
-                return -errno;
-
-        if (l < sizeof(sa_family_t))
-                return -EINVAL;
-
-        if (sockaddr.sa.sa_family != AF_UNIX)
-                return 0;
-
-        if (path) {
-                if (length == 0)
-                        length = strlen(path);
-
-                if (length == 0)
-                        /* Unnamed socket */
-                        return l == offsetof(struct sockaddr_un, sun_path);
-
-                if (path[0])
-                        /* Normal path socket */
-                        return
-                                (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) &&
-                                memcmp(path, sockaddr.un.sun_path, length+1) == 0;
-                else
-                        /* Abstract namespace socket */
-                        return
-                                (l == offsetof(struct sockaddr_un, sun_path) + length) &&
-                                memcmp(path, sockaddr.un.sun_path, length) == 0;
-        }
-
-        return 1;
-}
-
-_public_ int sd_is_mq(int fd, const char *path) {
-        struct mq_attr attr;
-
-        /* Check that the fd is valid */
-        assert_return(fcntl(fd, F_GETFD) >= 0, -errno);
-
-        if (mq_getattr(fd, &attr) < 0) {
-                if (errno == EBADF)
-                        /* A non-mq fd (or an invalid one, but we ruled that out above) */
-                        return 0;
-                return -errno;
-        }
-
-        if (path) {
-                char fpath[PATH_MAX];
-                struct stat a, b;
-
-                assert_return(path_is_absolute(path), -EINVAL);
-
-                if (fstat(fd, &a) < 0)
-                        return -errno;
-
-                strncpy(stpcpy(fpath, "/dev/mqueue"), path, sizeof(fpath) - 12);
-                fpath[sizeof(fpath)-1] = 0;
-
-                if (stat(fpath, &b) < 0)
-                        return -errno;
-
-                if (a.st_dev != b.st_dev ||
-                    a.st_ino != b.st_ino)
-                        return 0;
-        }
-
-        return 1;
-}
-
-_public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char *state, const int *fds, unsigned n_fds) {
-        union sockaddr_union sockaddr = {
-                .sa.sa_family = AF_UNIX,
-        };
-        struct iovec iovec = {
-                .iov_base = (char*) state,
-        };
-        struct msghdr msghdr = {
-                .msg_iov = &iovec,
-                .msg_iovlen = 1,
-                .msg_name = &sockaddr,
-        };
-        _cleanup_close_ int fd = -1;
-        struct cmsghdr *cmsg = NULL;
-        const char *e;
-        bool have_pid;
-        int r;
-
-        if (!state) {
-                r = -EINVAL;
-                goto finish;
-        }
-
-        if (n_fds > 0 && !fds) {
-                r = -EINVAL;
-                goto finish;
-        }
-
-        e = getenv("NOTIFY_SOCKET");
-        if (!e)
-                return 0;
-
-        /* Must be an abstract socket, or an absolute path */
-        if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
-                r = -EINVAL;
-                goto finish;
-        }
-
-        if (strlen(e) > sizeof(sockaddr.un.sun_path)) {
-                r = -EINVAL;
-                goto finish;
-        }
-
-        fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
-        if (fd < 0) {
-                r = -errno;
-                goto finish;
-        }
-
-        fd_inc_sndbuf(fd, SNDBUF_SIZE);
-
-        iovec.iov_len = strlen(state);
-
-        strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
-        if (sockaddr.un.sun_path[0] == '@')
-                sockaddr.un.sun_path[0] = 0;
-
-        msghdr.msg_namelen = SOCKADDR_UN_LEN(sockaddr.un);
-
-        have_pid = pid != 0 && pid != getpid();
-
-        if (n_fds > 0 || have_pid) {
-                /* CMSG_SPACE(0) may return value different than zero, which results in miscalculated controllen. */
-                msghdr.msg_controllen =
-                        (n_fds > 0 ? CMSG_SPACE(sizeof(int) * n_fds) : 0) +
-                        (have_pid ? CMSG_SPACE(sizeof(struct ucred)) : 0);
-
-                msghdr.msg_control = alloca0(msghdr.msg_controllen);
-
-                cmsg = CMSG_FIRSTHDR(&msghdr);
-                if (n_fds > 0) {
-                        cmsg->cmsg_level = SOL_SOCKET;
-                        cmsg->cmsg_type = SCM_RIGHTS;
-                        cmsg->cmsg_len = CMSG_LEN(sizeof(int) * n_fds);
-
-                        memcpy(CMSG_DATA(cmsg), fds, sizeof(int) * n_fds);
-
-                        if (have_pid)
-                                assert_se(cmsg = CMSG_NXTHDR(&msghdr, cmsg));
-                }
-
-                if (have_pid) {
-                        struct ucred *ucred;
-
-                        cmsg->cmsg_level = SOL_SOCKET;
-                        cmsg->cmsg_type = SCM_CREDENTIALS;
-                        cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
-
-                        ucred = (struct ucred*) CMSG_DATA(cmsg);
-                        ucred->pid = pid;
-                        ucred->uid = getuid();
-                        ucred->gid = getgid();
-                }
-        }
-
-        /* First try with fake ucred data, as requested */
-        if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) {
-                r = 1;
-                goto finish;
-        }
-
-        /* If that failed, try with our own ucred instead */
-        if (have_pid) {
-                msghdr.msg_controllen -= CMSG_SPACE(sizeof(struct ucred));
-                if (msghdr.msg_controllen == 0)
-                        msghdr.msg_control = NULL;
-
-                if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) >= 0) {
-                        r = 1;
-                        goto finish;
-                }
-        }
-
-        r = -errno;
-
-finish:
-        if (unset_environment)
-                unsetenv("NOTIFY_SOCKET");
-
-        return r;
-}
-
-_public_ int sd_pid_notify(pid_t pid, int unset_environment, const char *state) {
-        return sd_pid_notify_with_fds(pid, unset_environment, state, NULL, 0);
-}
-
-_public_ int sd_notify(int unset_environment, const char *state) {
-        return sd_pid_notify_with_fds(0, unset_environment, state, NULL, 0);
-}
-
-_public_ int sd_pid_notifyf(pid_t pid, int unset_environment, const char *format, ...) {
-        _cleanup_free_ char *p = NULL;
-        int r;
-
-        if (format) {
-                va_list ap;
-
-                va_start(ap, format);
-                r = vasprintf(&p, format, ap);
-                va_end(ap);
-
-                if (r < 0 || !p)
-                        return -ENOMEM;
-        }
-
-        return sd_pid_notify(pid, unset_environment, p);
-}
-
-_public_ int sd_notifyf(int unset_environment, const char *format, ...) {
-        _cleanup_free_ char *p = NULL;
-        int r;
-
-        if (format) {
-                va_list ap;
-
-                va_start(ap, format);
-                r = vasprintf(&p, format, ap);
-                va_end(ap);
-
-                if (r < 0 || !p)
-                        return -ENOMEM;
-        }
-
-        return sd_pid_notify(0, unset_environment, p);
-}
-
-_public_ int sd_booted(void) {
-        /* We test whether the runtime unit file directory has been
-         * created. This takes place in mount-setup.c, so is
-         * guaranteed to happen very early during boot. */
-
-        return laccess("/run/systemd/system/", F_OK) >= 0;
-}
-
-_public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
-        const char *s, *p = ""; /* p is set to dummy value to do unsetting */
-        uint64_t u;
-        int r = 0;
-
-        s = getenv("WATCHDOG_USEC");
-        if (!s)
-                goto finish;
-
-        r = safe_atou64(s, &u);
-        if (r < 0)
-                goto finish;
-        if (u <= 0 || u >= USEC_INFINITY) {
-                r = -EINVAL;
-                goto finish;
-        }
-
-        p = getenv("WATCHDOG_PID");
-        if (p) {
-                pid_t pid;
-
-                r = parse_pid(p, &pid);
-                if (r < 0)
-                        goto finish;
-
-                /* Is this for us? */
-                if (getpid() != pid) {
-                        r = 0;
-                        goto finish;
-                }
-        }
-
-        if (usec)
-                *usec = u;
-
-        r = 1;
-
-finish:
-        if (unset_environment && s)
-                unsetenv("WATCHDOG_USEC");
-        if (unset_environment && p)
-                unsetenv("WATCHDOG_PID");
-
-        return r;
-}
diff --git a/src/libsystemd/sd-device/Makefile b/src/libsystemd/sd-device/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/libsystemd/sd-device/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-device/device-enumerator-private.h b/src/libsystemd/sd-device/device-enumerator-private.h
deleted file mode 100644
index eb06f9542d..0000000000
--- a/src/libsystemd/sd-device/device-enumerator-private.h
+++ /dev/null
@@ -1,34 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-device.h"
-
-int device_enumerator_scan_devices(sd_device_enumerator *enumeartor);
-int device_enumerator_scan_subsystems(sd_device_enumerator *enumeartor);
-int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *device);
-int device_enumerator_add_match_is_initialized(sd_device_enumerator *enumerator);
-sd_device *device_enumerator_get_first(sd_device_enumerator *enumerator);
-sd_device *device_enumerator_get_next(sd_device_enumerator *enumerator);
-
-#define FOREACH_DEVICE_AND_SUBSYSTEM(enumerator, device)       \
-        for (device = device_enumerator_get_first(enumerator); \
-             device;                                           \
-             device = device_enumerator_get_next(enumerator))
diff --git a/src/libsystemd/sd-device/device-enumerator.c b/src/libsystemd/sd-device/device-enumerator.c
deleted file mode 100644
index 4a7a8b1f9e..0000000000
--- a/src/libsystemd/sd-device/device-enumerator.c
+++ /dev/null
@@ -1,986 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
-  Copyright 2014-2015 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-device.h"
-
-#include "alloc-util.h"
-#include "device-enumerator-private.h"
-#include "device-util.h"
-#include "dirent-util.h"
-#include "fd-util.h"
-#include "prioq.h"
-#include "set.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-#define DEVICE_ENUMERATE_MAX_DEPTH 256
-
-typedef enum DeviceEnumerationType {
-        DEVICE_ENUMERATION_TYPE_DEVICES,
-        DEVICE_ENUMERATION_TYPE_SUBSYSTEMS,
-        _DEVICE_ENUMERATION_TYPE_MAX,
-        _DEVICE_ENUMERATION_TYPE_INVALID = -1,
-} DeviceEnumerationType;
-
-struct sd_device_enumerator {
-        unsigned n_ref;
-
-        DeviceEnumerationType type;
-        Prioq *devices;
-        bool scan_uptodate;
-
-        Set *match_subsystem;
-        Set *nomatch_subsystem;
-        Hashmap *match_sysattr;
-        Hashmap *nomatch_sysattr;
-        Hashmap *match_property;
-        Set *match_sysname;
-        Set *match_tag;
-        sd_device *match_parent;
-        bool match_allow_uninitialized;
-};
-
-_public_ int sd_device_enumerator_new(sd_device_enumerator **ret) {
-        _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *enumerator = NULL;
-
-        assert(ret);
-
-        enumerator = new0(sd_device_enumerator, 1);
-        if (!enumerator)
-                return -ENOMEM;
-
-        enumerator->n_ref = 1;
-        enumerator->type = _DEVICE_ENUMERATION_TYPE_INVALID;
-
-        *ret = enumerator;
-        enumerator = NULL;
-
-        return 0;
-}
-
-_public_ sd_device_enumerator *sd_device_enumerator_ref(sd_device_enumerator *enumerator) {
-        assert_return(enumerator, NULL);
-
-        assert_se((++ enumerator->n_ref) >= 2);
-
-        return enumerator;
-}
-
-_public_ sd_device_enumerator *sd_device_enumerator_unref(sd_device_enumerator *enumerator) {
-        if (enumerator && (-- enumerator->n_ref) == 0) {
-                sd_device *device;
-
-                while ((device = prioq_pop(enumerator->devices)))
-                        sd_device_unref(device);
-
-                prioq_free(enumerator->devices);
-
-                set_free_free(enumerator->match_subsystem);
-                set_free_free(enumerator->nomatch_subsystem);
-                hashmap_free_free_free(enumerator->match_sysattr);
-                hashmap_free_free_free(enumerator->nomatch_sysattr);
-                hashmap_free_free_free(enumerator->match_property);
-                set_free_free(enumerator->match_sysname);
-                set_free_free(enumerator->match_tag);
-                sd_device_unref(enumerator->match_parent);
-
-                free(enumerator);
-        }
-
-        return NULL;
-}
-
-_public_ int sd_device_enumerator_add_match_subsystem(sd_device_enumerator *enumerator, const char *subsystem, int match) {
-        Set **set;
-        int r;
-
-        assert_return(enumerator, -EINVAL);
-        assert_return(subsystem, -EINVAL);
-
-        if (match)
-                set = &enumerator->match_subsystem;
-        else
-                set = &enumerator->nomatch_subsystem;
-
-        r = set_ensure_allocated(set, NULL);
-        if (r < 0)
-                return r;
-
-        r = set_put_strdup(*set, subsystem);
-        if (r < 0)
-                return r;
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-_public_ int sd_device_enumerator_add_match_sysattr(sd_device_enumerator *enumerator, const char *_sysattr, const char *_value, int match) {
-        _cleanup_free_ char *sysattr = NULL, *value = NULL;
-        Hashmap **hashmap;
-        int r;
-
-        assert_return(enumerator, -EINVAL);
-        assert_return(_sysattr, -EINVAL);
-
-        if (match)
-                hashmap = &enumerator->match_sysattr;
-        else
-                hashmap = &enumerator->nomatch_sysattr;
-
-        r = hashmap_ensure_allocated(hashmap, NULL);
-        if (r < 0)
-                return r;
-
-        sysattr = strdup(_sysattr);
-        if (!sysattr)
-                return -ENOMEM;
-
-        if (_value) {
-                value = strdup(_value);
-                if (!value)
-                        return -ENOMEM;
-        }
-
-        r = hashmap_put(*hashmap, sysattr, value);
-        if (r < 0)
-                return r;
-
-        sysattr = NULL;
-        value = NULL;
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-_public_ int sd_device_enumerator_add_match_property(sd_device_enumerator *enumerator, const char *_property, const char *_value) {
-        _cleanup_free_ char *property = NULL, *value = NULL;
-        int r;
-
-        assert_return(enumerator, -EINVAL);
-        assert_return(_property, -EINVAL);
-
-        r = hashmap_ensure_allocated(&enumerator->match_property, NULL);
-        if (r < 0)
-                return r;
-
-        property = strdup(_property);
-        if (!property)
-                return -ENOMEM;
-
-        if (_value) {
-                value = strdup(_value);
-                if (!value)
-                        return -ENOMEM;
-        }
-
-        r = hashmap_put(enumerator->match_property, property, value);
-        if (r < 0)
-                return r;
-
-        property = NULL;
-        value = NULL;
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-_public_ int sd_device_enumerator_add_match_sysname(sd_device_enumerator *enumerator, const char *sysname) {
-        int r;
-
-        assert_return(enumerator, -EINVAL);
-        assert_return(sysname, -EINVAL);
-
-        r = set_ensure_allocated(&enumerator->match_sysname, NULL);
-        if (r < 0)
-                return r;
-
-        r = set_put_strdup(enumerator->match_sysname, sysname);
-        if (r < 0)
-                return r;
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-_public_ int sd_device_enumerator_add_match_tag(sd_device_enumerator *enumerator, const char *tag) {
-        int r;
-
-        assert_return(enumerator, -EINVAL);
-        assert_return(tag, -EINVAL);
-
-        r = set_ensure_allocated(&enumerator->match_tag, NULL);
-        if (r < 0)
-                return r;
-
-        r = set_put_strdup(enumerator->match_tag, tag);
-        if (r < 0)
-                return r;
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-_public_ int sd_device_enumerator_add_match_parent(sd_device_enumerator *enumerator, sd_device *parent) {
-        assert_return(enumerator, -EINVAL);
-        assert_return(parent, -EINVAL);
-
-        sd_device_unref(enumerator->match_parent);
-        enumerator->match_parent = sd_device_ref(parent);
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-_public_ int sd_device_enumerator_allow_uninitialized(sd_device_enumerator *enumerator) {
-        assert_return(enumerator, -EINVAL);
-
-        enumerator->match_allow_uninitialized = true;
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-int device_enumerator_add_match_is_initialized(sd_device_enumerator *enumerator) {
-        assert_return(enumerator, -EINVAL);
-
-        enumerator->match_allow_uninitialized = false;
-
-        enumerator->scan_uptodate = false;
-
-        return 0;
-}
-
-static int device_compare(const void *_a, const void *_b) {
-        sd_device *a = (sd_device *)_a, *b = (sd_device *)_b;
-        const char *devpath_a, *devpath_b, *sound_a;
-        bool delay_a, delay_b;
-
-        assert_se(sd_device_get_devpath(a, &devpath_a) >= 0);
-        assert_se(sd_device_get_devpath(b, &devpath_b) >= 0);
-
-        sound_a = strstr(devpath_a, "/sound/card");
-        if (sound_a) {
-                /* For sound cards the control device must be enumerated last to
-                 * make sure it's the final device node that gets ACLs applied.
-                 * Applications rely on this fact and use ACL changes on the
-                 * control node as an indicator that the ACL change of the
-                 * entire sound card completed. The kernel makes this guarantee
-                 * when creating those devices, and hence we should too when
-                 * enumerating them. */
-                sound_a += strlen("/sound/card");
-                sound_a = strchr(sound_a, '/');
-
-                if (sound_a) {
-                        unsigned prefix_len;
-
-                        prefix_len = sound_a - devpath_a;
-
-                        if (strncmp(devpath_a, devpath_b, prefix_len) == 0) {
-                                const char *sound_b;
-
-                                sound_b = devpath_b + prefix_len;
-
-                                if (startswith(sound_a, "/controlC") &&
-                                    !startswith(sound_b, "/contolC"))
-                                        return 1;
-
-                                if (!startswith(sound_a, "/controlC") &&
-                                    startswith(sound_b, "/controlC"))
-                                        return -1;
-                        }
-                }
-        }
-
-        /* md and dm devices are enumerated after all other devices */
-        delay_a = strstr(devpath_a, "/block/md") || strstr(devpath_a, "/block/dm-");
-        delay_b = strstr(devpath_b, "/block/md") || strstr(devpath_b, "/block/dm-");
-        if (delay_a != delay_b)
-                return delay_a - delay_b;
-
-        return strcmp(devpath_a, devpath_b);
-}
-
-int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *device) {
-        int r;
-
-        assert_return(enumerator, -EINVAL);
-        assert_return(device, -EINVAL);
-
-        r = prioq_ensure_allocated(&enumerator->devices, device_compare);
-        if (r < 0)
-                return r;
-
-        r = prioq_put(enumerator->devices, device, NULL);
-        if (r < 0)
-                return r;
-
-        sd_device_ref(device);
-
-        return 0;
-}
-
-static bool match_sysattr_value(sd_device *device, const char *sysattr, const char *match_value) {
-        const char *value;
-        int r;
-
-        assert(device);
-        assert(sysattr);
-
-        r = sd_device_get_sysattr_value(device, sysattr, &value);
-        if (r < 0)
-                return false;
-
-        if (!match_value)
-                return true;
-
-        if (fnmatch(match_value, value, 0) == 0)
-                return true;
-
-        return false;
-}
-
-static bool match_sysattr(sd_device_enumerator *enumerator, sd_device *device) {
-        const char *sysattr;
-        const char *value;
-        Iterator i;
-
-        assert(enumerator);
-        assert(device);
-
-        HASHMAP_FOREACH_KEY(value, sysattr, enumerator->nomatch_sysattr, i)
-                if (match_sysattr_value(device, sysattr, value))
-                        return false;
-
-        HASHMAP_FOREACH_KEY(value, sysattr, enumerator->match_sysattr, i)
-                if (!match_sysattr_value(device, sysattr, value))
-                        return false;
-
-        return true;
-}
-
-static bool match_property(sd_device_enumerator *enumerator, sd_device *device) {
-        const char *property;
-        const char *value;
-        Iterator i;
-
-        assert(enumerator);
-        assert(device);
-
-        if (hashmap_isempty(enumerator->match_property))
-                return true;
-
-        HASHMAP_FOREACH_KEY(value, property, enumerator->match_property, i) {
-                const char *property_dev, *value_dev;
-
-                FOREACH_DEVICE_PROPERTY(device, property_dev, value_dev) {
-                        if (fnmatch(property, property_dev, 0) != 0)
-                                continue;
-
-                        if (!value && !value_dev)
-                                return true;
-
-                        if (!value || !value_dev)
-                                continue;
-
-                        if (fnmatch(value, value_dev, 0) == 0)
-                                return true;
-                }
-        }
-
-        return false;
-}
-
-static bool match_tag(sd_device_enumerator *enumerator, sd_device *device) {
-        const char *tag;
-        Iterator i;
-
-        assert(enumerator);
-        assert(device);
-
-        SET_FOREACH(tag, enumerator->match_tag, i)
-                if (!sd_device_has_tag(device, tag))
-                        return false;
-
-        return true;
-}
-
-static bool match_parent(sd_device_enumerator *enumerator, sd_device *device) {
-        const char *devpath, *devpath_dev;
-        int r;
-
-        assert(enumerator);
-        assert(device);
-
-        if (!enumerator->match_parent)
-                return true;
-
-        r = sd_device_get_devpath(enumerator->match_parent, &devpath);
-        assert(r >= 0);
-
-        r = sd_device_get_devpath(device, &devpath_dev);
-        assert(r >= 0);
-
-        return startswith(devpath_dev, devpath);
-}
-
-static bool match_sysname(sd_device_enumerator *enumerator, const char *sysname) {
-        const char *sysname_match;
-        Iterator i;
-
-        assert(enumerator);
-        assert(sysname);
-
-        if (set_isempty(enumerator->match_sysname))
-                return true;
-
-        SET_FOREACH(sysname_match, enumerator->match_sysname, i)
-                if (fnmatch(sysname_match, sysname, 0) == 0)
-                        return true;
-
-        return false;
-}
-
-static int enumerator_scan_dir_and_add_devices(sd_device_enumerator *enumerator, const char *basedir, const char *subdir1, const char *subdir2) {
-        _cleanup_closedir_ DIR *dir = NULL;
-        char *path;
-        struct dirent *dent;
-        int r = 0;
-
-        assert(enumerator);
-        assert(basedir);
-
-        path = strjoina("/sys/", basedir, "/");
-
-        if (subdir1)
-                path = strjoina(path, subdir1, "/");
-
-        if (subdir2)
-                path = strjoina(path, subdir2, "/");
-
-        dir = opendir(path);
-        if (!dir)
-                return -errno;
-
-        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
-                _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-                char syspath[strlen(path) + 1 + strlen(dent->d_name) + 1];
-                dev_t devnum;
-                int ifindex, initialized, k;
-
-                if (dent->d_name[0] == '.')
-                        continue;
-
-                if (!match_sysname(enumerator, dent->d_name))
-                        continue;
-
-                (void)sprintf(syspath, "%s%s", path, dent->d_name);
-
-                k = sd_device_new_from_syspath(&device, syspath);
-                if (k < 0) {
-                        if (k != -ENODEV)
-                                /* this is necessarily racey, so ignore missing devices */
-                                r = k;
-
-                        continue;
-                }
-
-                k = sd_device_get_devnum(device, &devnum);
-                if (k < 0) {
-                        r = k;
-                        continue;
-                }
-
-                k = sd_device_get_ifindex(device, &ifindex);
-                if (k < 0) {
-                        r = k;
-                        continue;
-                }
-
-                k = sd_device_get_is_initialized(device, &initialized);
-                if (k < 0) {
-                        r = k;
-                        continue;
-                }
-
-                /*
-                 * All devices with a device node or network interfaces
-                 * possibly need udev to adjust the device node permission
-                 * or context, or rename the interface before it can be
-                 * reliably used from other processes.
-                 *
-                 * For now, we can only check these types of devices, we
-                 * might not store a database, and have no way to find out
-                 * for all other types of devices.
-                 */
-                if (!enumerator->match_allow_uninitialized &&
-                    !initialized &&
-                    (major(devnum) > 0 || ifindex > 0))
-                        continue;
-
-                if (!match_parent(enumerator, device))
-                        continue;
-
-                if (!match_tag(enumerator, device))
-                        continue;
-
-                if (!match_property(enumerator, device))
-                        continue;
-
-                if (!match_sysattr(enumerator, device))
-                        continue;
-
-                k = device_enumerator_add_device(enumerator, device);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static bool match_subsystem(sd_device_enumerator *enumerator, const char *subsystem) {
-        const char *subsystem_match;
-        Iterator i;
-
-        assert(enumerator);
-
-        if (!subsystem)
-                return false;
-
-        SET_FOREACH(subsystem_match, enumerator->nomatch_subsystem, i)
-                if (fnmatch(subsystem_match, subsystem, 0) == 0)
-                        return false;
-
-        if (set_isempty(enumerator->match_subsystem))
-                return true;
-
-        SET_FOREACH(subsystem_match, enumerator->match_subsystem, i)
-                if (fnmatch(subsystem_match, subsystem, 0) == 0)
-                        return true;
-
-        return false;
-}
-
-static int enumerator_scan_dir(sd_device_enumerator *enumerator, const char *basedir, const char *subdir, const char *subsystem) {
-        _cleanup_closedir_ DIR *dir = NULL;
-        char *path;
-        struct dirent *dent;
-        int r = 0;
-
-        path = strjoina("/sys/", basedir);
-
-        dir = opendir(path);
-        if (!dir)
-                return -errno;
-
-        log_debug("  device-enumerator: scanning %s", path);
-
-        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
-                int k;
-
-                if (dent->d_name[0] == '.')
-                        continue;
-
-                if (!match_subsystem(enumerator, subsystem ? : dent->d_name))
-                        continue;
-
-                k = enumerator_scan_dir_and_add_devices(enumerator, basedir, dent->d_name, subdir);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int enumerator_scan_devices_tag(sd_device_enumerator *enumerator, const char *tag) {
-        _cleanup_closedir_ DIR *dir = NULL;
-        char *path;
-        struct dirent *dent;
-        int r = 0;
-
-        assert(enumerator);
-        assert(tag);
-
-        path = strjoina("/run/udev/tags/", tag);
-
-        dir = opendir(path);
-        if (!dir) {
-                if (errno == ENOENT)
-                        return 0;
-                else {
-                        log_error("sd-device-enumerator: could not open tags directory %s: %m", path);
-                        return -errno;
-                }
-        }
-
-        /* TODO: filter away subsystems? */
-
-        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
-                _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-                const char *subsystem, *sysname;
-                int k;
-
-                if (dent->d_name[0] == '.')
-                        continue;
-
-                k = sd_device_new_from_device_id(&device, dent->d_name);
-                if (k < 0) {
-                        if (k != -ENODEV)
-                                /* this is necessarily racy, so ignore missing devices */
-                                r = k;
-
-                        continue;
-                }
-
-                k = sd_device_get_subsystem(device, &subsystem);
-                if (k < 0) {
-                        r = k;
-                        continue;
-                }
-
-                if (!match_subsystem(enumerator, subsystem))
-                        continue;
-
-                k = sd_device_get_sysname(device, &sysname);
-                if (k < 0) {
-                        r = k;
-                        continue;
-                }
-
-                if (!match_sysname(enumerator, sysname))
-                        continue;
-
-                if (!match_parent(enumerator, device))
-                        continue;
-
-                if (!match_property(enumerator, device))
-                        continue;
-
-                if (!match_sysattr(enumerator, device))
-                        continue;
-
-                k = device_enumerator_add_device(enumerator, device);
-                if (k < 0) {
-                        r = k;
-                        continue;
-                }
-        }
-
-        return r;
-}
-
-static int enumerator_scan_devices_tags(sd_device_enumerator *enumerator) {
-        const char *tag;
-        Iterator i;
-        int r;
-
-        assert(enumerator);
-
-        SET_FOREACH(tag, enumerator->match_tag, i) {
-                r = enumerator_scan_devices_tag(enumerator, tag);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int parent_add_child(sd_device_enumerator *enumerator, const char *path) {
-        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-        const char *subsystem, *sysname;
-        int r;
-
-        r = sd_device_new_from_syspath(&device, path);
-        if (r == -ENODEV)
-                /* this is necessarily racy, so ignore missing devices */
-                return 0;
-        else if (r < 0)
-                return r;
-
-        r = sd_device_get_subsystem(device, &subsystem);
-        if (r == -ENOENT)
-                return 0;
-        if (r < 0)
-                return r;
-
-        if (!match_subsystem(enumerator, subsystem))
-                return 0;
-
-        r = sd_device_get_sysname(device, &sysname);
-        if (r < 0)
-                return r;
-
-        if (!match_sysname(enumerator, sysname))
-                return 0;
-
-        if (!match_property(enumerator, device))
-                return 0;
-
-        if (!match_sysattr(enumerator, device))
-                return 0;
-
-        r = device_enumerator_add_device(enumerator, device);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int parent_crawl_children(sd_device_enumerator *enumerator, const char *path, unsigned maxdepth) {
-        _cleanup_closedir_ DIR *dir = NULL;
-        struct dirent *dent;
-        int r = 0;
-
-        dir = opendir(path);
-        if (!dir) {
-                log_debug("sd-device-enumerate: could not open parent directory %s: %m", path);
-                return -errno;
-        }
-
-        FOREACH_DIRENT_ALL(dent, dir, return -errno) {
-                _cleanup_free_ char *child = NULL;
-                int k;
-
-                if (dent->d_name[0] == '.')
-                        continue;
-
-                if (dent->d_type != DT_DIR)
-                        continue;
-
-                child = strjoin(path, "/", dent->d_name, NULL);
-                if (!child)
-                        return -ENOMEM;
-
-                k = parent_add_child(enumerator, child);
-                if (k < 0)
-                        r = k;
-
-                if (maxdepth > 0)
-                        parent_crawl_children(enumerator, child, maxdepth - 1);
-                else
-                        log_debug("device-enumerate: max depth reached, %s: ignoring devices", child);
-        }
-
-        return r;
-}
-
-static int enumerator_scan_devices_children(sd_device_enumerator *enumerator) {
-        const char *path;
-        int r = 0, k;
-
-        r = sd_device_get_syspath(enumerator->match_parent, &path);
-        if (r < 0)
-                return r;
-
-        k = parent_add_child(enumerator, path);
-        if (k < 0)
-                r = k;
-
-        k = parent_crawl_children(enumerator, path, DEVICE_ENUMERATE_MAX_DEPTH);
-        if (k < 0)
-                r = k;
-
-        return r;
-}
-
-static int enumerator_scan_devices_all(sd_device_enumerator *enumerator) {
-        int r = 0;
-
-        log_debug("device-enumerator: scan all dirs");
-
-        if (access("/sys/subsystem", F_OK) >= 0) {
-                /* we have /subsystem/, forget all the old stuff */
-                r = enumerator_scan_dir(enumerator, "subsystem", "devices", NULL);
-                if (r < 0)
-                        return log_debug_errno(r, "device-enumerator: failed to scan /sys/subsystem: %m");
-        } else {
-                int k;
-
-                k = enumerator_scan_dir(enumerator, "bus", "devices", NULL);
-                if (k < 0) {
-                        log_debug_errno(k, "device-enumerator: failed to scan /sys/bus: %m");
-                        r = k;
-                }
-
-                k = enumerator_scan_dir(enumerator, "class", NULL, NULL);
-                if (k < 0) {
-                        log_debug_errno(k, "device-enumerator: failed to scan /sys/class: %m");
-                        r = k;
-                }
-        }
-
-        return r;
-}
-
-int device_enumerator_scan_devices(sd_device_enumerator *enumerator) {
-        sd_device *device;
-        int r;
-
-        assert(enumerator);
-
-        if (enumerator->scan_uptodate &&
-            enumerator->type == DEVICE_ENUMERATION_TYPE_DEVICES)
-                return 0;
-
-        while ((device = prioq_pop(enumerator->devices)))
-                sd_device_unref(device);
-
-        if (!set_isempty(enumerator->match_tag)) {
-                r = enumerator_scan_devices_tags(enumerator);
-                if (r < 0)
-                        return r;
-        } else if (enumerator->match_parent) {
-                r = enumerator_scan_devices_children(enumerator);
-                if (r < 0)
-                        return r;
-        } else {
-                r = enumerator_scan_devices_all(enumerator);
-                if (r < 0)
-                        return r;
-        }
-
-        enumerator->scan_uptodate = true;
-
-        return 0;
-}
-
-_public_ sd_device *sd_device_enumerator_get_device_first(sd_device_enumerator *enumerator) {
-        int r;
-
-        assert_return(enumerator, NULL);
-
-        r = device_enumerator_scan_devices(enumerator);
-        if (r < 0)
-                return NULL;
-
-        enumerator->type = DEVICE_ENUMERATION_TYPE_DEVICES;
-
-        return prioq_peek(enumerator->devices);
-}
-
-_public_ sd_device *sd_device_enumerator_get_device_next(sd_device_enumerator *enumerator) {
-        assert_return(enumerator, NULL);
-
-        if (!enumerator->scan_uptodate ||
-            enumerator->type != DEVICE_ENUMERATION_TYPE_DEVICES)
-                return NULL;
-
-        sd_device_unref(prioq_pop(enumerator->devices));
-
-        return prioq_peek(enumerator->devices);
-}
-
-int device_enumerator_scan_subsystems(sd_device_enumerator *enumerator) {
-        sd_device *device;
-        const char *subsysdir;
-        int r = 0, k;
-
-        assert(enumerator);
-
-        if (enumerator->scan_uptodate &&
-            enumerator->type == DEVICE_ENUMERATION_TYPE_SUBSYSTEMS)
-                return 0;
-
-        while ((device = prioq_pop(enumerator->devices)))
-                sd_device_unref(device);
-
-        /* modules */
-        if (match_subsystem(enumerator, "module")) {
-                k = enumerator_scan_dir_and_add_devices(enumerator, "module", NULL, NULL);
-                if (k < 0) {
-                        log_debug_errno(k, "device-enumerator: failed to scan modules: %m");
-                        r = k;
-                }
-        }
-
-        if (access("/sys/subsystem", F_OK) >= 0)
-                subsysdir = "subsystem";
-        else
-                subsysdir = "bus";
-
-        /* subsystems (only buses support coldplug) */
-        if (match_subsystem(enumerator, "subsystem")) {
-                k = enumerator_scan_dir_and_add_devices(enumerator, subsysdir, NULL, NULL);
-                if (k < 0) {
-                        log_debug_errno(k, "device-enumerator: failed to scan subsystems: %m");
-                        r = k;
-                }
-        }
-
-        /* subsystem drivers */
-        if (match_subsystem(enumerator, "drivers")) {
-                k = enumerator_scan_dir(enumerator, subsysdir, "drivers", "drivers");
-                if (k < 0) {
-                        log_debug_errno(k, "device-enumerator: failed to scan drivers: %m");
-                        r = k;
-                }
-        }
-
-        enumerator->scan_uptodate = true;
-
-        return r;
-}
-
-_public_ sd_device *sd_device_enumerator_get_subsystem_first(sd_device_enumerator *enumerator) {
-        int r;
-
-        assert_return(enumerator, NULL);
-
-        r = device_enumerator_scan_subsystems(enumerator);
-        if (r < 0)
-                return NULL;
-
-        enumerator->type = DEVICE_ENUMERATION_TYPE_SUBSYSTEMS;
-
-        return prioq_peek(enumerator->devices);
-}
-
-_public_ sd_device *sd_device_enumerator_get_subsystem_next(sd_device_enumerator *enumerator) {
-        assert_return(enumerator, NULL);
-
-        if (enumerator->scan_uptodate ||
-            enumerator->type != DEVICE_ENUMERATION_TYPE_SUBSYSTEMS)
-                return NULL;
-
-        sd_device_unref(prioq_pop(enumerator->devices));
-
-        return prioq_peek(enumerator->devices);
-}
-
-sd_device *device_enumerator_get_first(sd_device_enumerator *enumerator) {
-        assert_return(enumerator, NULL);
-
-        return prioq_peek(enumerator->devices);
-}
-
-sd_device *device_enumerator_get_next(sd_device_enumerator *enumerator) {
-        assert_return(enumerator, NULL);
-
-        sd_device_unref(prioq_pop(enumerator->devices));
-
-        return prioq_peek(enumerator->devices);
-}
diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c
deleted file mode 100644
index 9082d377f4..0000000000
--- a/src/libsystemd/sd-device/device-private.c
+++ /dev/null
@@ -1,1119 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <ctype.h>
-#include <net/if.h>
-#include <sys/types.h>
-
-#include "sd-device.h"
-
-#include "alloc-util.h"
-#include "device-internal.h"
-#include "device-private.h"
-#include "device-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hashmap.h"
-#include "macro.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "refcnt.h"
-#include "set.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "strxcpyx.h"
-#include "user-util.h"
-#include "util.h"
-
-int device_add_property(sd_device *device, const char *key, const char *value) {
-        int r;
-
-        assert(device);
-        assert(key);
-
-        r = device_add_property_aux(device, key, value, false);
-        if (r < 0)
-                return r;
-
-        if (key[0] != '.') {
-                r = device_add_property_aux(device, key, value, true);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int device_add_property_internal_from_string(sd_device *device, const char *str) {
-        _cleanup_free_ char *key = NULL;
-        char *value;
-
-        assert(device);
-        assert(str);
-
-        key = strdup(str);
-        if (!key)
-                return -ENOMEM;
-
-        value = strchr(key, '=');
-        if (!value)
-                return -EINVAL;
-
-        *value = '\0';
-
-        if (isempty(++value))
-                value = NULL;
-
-        return device_add_property_internal(device, key, value);
-}
-
-static int handle_db_line(sd_device *device, char key, const char *value) {
-        char *path;
-        int r;
-
-        assert(device);
-        assert(value);
-
-        switch (key) {
-        case 'S':
-                path = strjoina("/dev/", value);
-                r = device_add_devlink(device, path);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'L':
-                r = safe_atoi(value, &device->devlink_priority);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'E':
-                r = device_add_property_internal_from_string(device, value);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'G':
-                r = device_add_tag(device, value);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'W':
-                r = safe_atoi(value, &device->watch_handle);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'I':
-                r = device_set_usec_initialized(device, value);
-                if (r < 0)
-                        return r;
-
-                break;
-        default:
-                log_debug("device db: unknown key '%c'", key);
-        }
-
-        return 0;
-}
-
-void device_set_devlink_priority(sd_device *device, int priority) {
-        assert(device);
-
-        device->devlink_priority = priority;
-}
-
-void device_set_is_initialized(sd_device *device) {
-        assert(device);
-
-        device->is_initialized = true;
-}
-
-int device_ensure_usec_initialized(sd_device *device, sd_device *device_old) {
-        char num[DECIMAL_STR_MAX(usec_t)];
-        usec_t usec_initialized;
-        int r;
-
-        assert(device);
-
-        if (device_old && device_old->usec_initialized > 0)
-                usec_initialized = device_old->usec_initialized;
-        else
-                usec_initialized = now(CLOCK_MONOTONIC);
-
-        r = snprintf(num, sizeof(num), USEC_FMT, usec_initialized);
-        if (r < 0)
-                return -errno;
-
-        r = device_set_usec_initialized(device, num);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int device_read_db(sd_device *device) {
-        _cleanup_free_ char *db = NULL;
-        char *path;
-        const char *id, *value;
-        char key;
-        size_t db_len;
-        unsigned i;
-        int r;
-
-        enum {
-                PRE_KEY,
-                KEY,
-                PRE_VALUE,
-                VALUE,
-                INVALID_LINE,
-        } state = PRE_KEY;
-
-        assert(device);
-
-        if (device->db_loaded || device->sealed)
-                return 0;
-
-        r = device_get_id_filename(device, &id);
-        if (r < 0)
-                return r;
-
-        path = strjoina("/run/udev/data/", id);
-
-        r = read_full_file(path, &db, &db_len);
-        if (r < 0) {
-                if (r == -ENOENT)
-                        return 0;
-                else
-                        return log_debug_errno(r, "sd-device: failed to read db '%s': %m", path);
-        }
-
-        /* devices with a database entry are initialized */
-        device_set_is_initialized(device);
-
-        for (i = 0; i < db_len; i++) {
-                switch (state) {
-                case PRE_KEY:
-                        if (!strchr(NEWLINE, db[i])) {
-                                key = db[i];
-
-                                state = KEY;
-                        }
-
-                        break;
-                case KEY:
-                        if (db[i] != ':') {
-                                log_debug("sd-device: ignoring invalid db entry with key '%c'", key);
-
-                                state = INVALID_LINE;
-                        } else {
-                                db[i] = '\0';
-
-                                state = PRE_VALUE;
-                        }
-
-                        break;
-                case PRE_VALUE:
-                        value = &db[i];
-
-                        state = VALUE;
-
-                        break;
-                case INVALID_LINE:
-                        if (strchr(NEWLINE, db[i]))
-                                state = PRE_KEY;
-
-                        break;
-                case VALUE:
-                        if (strchr(NEWLINE, db[i])) {
-                                db[i] = '\0';
-                                r = handle_db_line(device, key, value);
-                                if (r < 0)
-                                        log_debug_errno(r, "sd-device: failed to handle db entry '%c:%s': %m", key, value);
-
-                                state = PRE_KEY;
-                        }
-
-                        break;
-                default:
-                        assert_not_reached("invalid state when parsing db");
-                }
-        }
-
-        device->db_loaded = true;
-
-        return 0;
-}
-
-uint64_t device_get_properties_generation(sd_device *device) {
-        assert(device);
-
-        return device->properties_generation;
-}
-
-uint64_t device_get_tags_generation(sd_device *device) {
-        assert(device);
-
-        return device->tags_generation;
-}
-
-uint64_t device_get_devlinks_generation(sd_device *device) {
-        assert(device);
-
-        return device->devlinks_generation;
-}
-
-int device_get_devnode_mode(sd_device *device, mode_t *mode) {
-        int r;
-
-        assert(device);
-        assert(mode);
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        *mode = device->devmode;
-
-        return 0;
-}
-
-int device_get_devnode_uid(sd_device *device, uid_t *uid) {
-        int r;
-
-        assert(device);
-        assert(uid);
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        *uid = device->devuid;
-
-        return 0;
-}
-
-static int device_set_devuid(sd_device *device, const char *uid) {
-        unsigned u;
-        int r;
-
-        assert(device);
-        assert(uid);
-
-        r = safe_atou(uid, &u);
-        if (r < 0)
-                return r;
-
-        r = device_add_property_internal(device, "DEVUID", uid);
-        if (r < 0)
-                return r;
-
-        device->devuid = u;
-
-        return 0;
-}
-
-int device_get_devnode_gid(sd_device *device, gid_t *gid) {
-        int r;
-
-        assert(device);
-        assert(gid);
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        *gid = device->devgid;
-
-        return 0;
-}
-
-static int device_set_devgid(sd_device *device, const char *gid) {
-        unsigned g;
-        int r;
-
-        assert(device);
-        assert(gid);
-
-        r = safe_atou(gid, &g);
-        if (r < 0)
-                return r;
-
-        r = device_add_property_internal(device, "DEVGID", gid);
-        if (r < 0)
-                return r;
-
-        device->devgid = g;
-
-        return 0;
-}
-
-static int device_amend(sd_device *device, const char *key, const char *value) {
-        int r;
-
-        assert(device);
-        assert(key);
-        assert(value);
-
-        if (streq(key, "DEVPATH")) {
-                char *path;
-
-                path = strjoina("/sys", value);
-
-                /* the caller must verify or trust this data (e.g., if it comes from the kernel) */
-                r = device_set_syspath(device, path, false);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set syspath to '%s': %m", path);
-        } else if (streq(key, "SUBSYSTEM")) {
-                r = device_set_subsystem(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set subsystem to '%s': %m", value);
-        } else if (streq(key, "DEVTYPE")) {
-                r = device_set_devtype(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set devtype to '%s': %m", value);
-        } else if (streq(key, "DEVNAME")) {
-                r = device_set_devname(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set devname to '%s': %m", value);
-        } else if (streq(key, "USEC_INITIALIZED")) {
-                r = device_set_usec_initialized(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set usec-initialized to '%s': %m", value);
-        } else if (streq(key, "DRIVER")) {
-                r = device_set_driver(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set driver to '%s': %m", value);
-        } else if (streq(key, "IFINDEX")) {
-                r = device_set_ifindex(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set ifindex to '%s': %m", value);
-        } else if (streq(key, "DEVMODE")) {
-                r = device_set_devmode(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set devmode to '%s': %m", value);
-        } else if (streq(key, "DEVUID")) {
-                r = device_set_devuid(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set devuid to '%s': %m", value);
-        } else if (streq(key, "DEVGID")) {
-                r = device_set_devgid(device, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set devgid to '%s': %m", value);
-        } else if (streq(key, "DEVLINKS")) {
-                const char *word, *state;
-                size_t l;
-
-                FOREACH_WORD(word, l, value, state) {
-                        char devlink[l + 1];
-
-                        strncpy(devlink, word, l);
-                        devlink[l] = '\0';
-
-                        r = device_add_devlink(device, devlink);
-                        if (r < 0)
-                                return log_debug_errno(r, "sd-device: could not add devlink '%s': %m", devlink);
-                }
-        } else if (streq(key, "TAGS")) {
-                const char *word, *state;
-                size_t l;
-
-                FOREACH_WORD_SEPARATOR(word, l, value, ":", state) {
-                        char tag[l + 1];
-
-                        (void)strncpy(tag, word, l);
-                        tag[l] = '\0';
-
-                        r = device_add_tag(device, tag);
-                        if (r < 0)
-                                return log_debug_errno(r, "sd-device: could not add tag '%s': %m", tag);
-                }
-        } else {
-                r = device_add_property_internal(device, key, value);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not add property '%s=%s': %m", key, value);
-        }
-
-        return 0;
-}
-
-static const char* const device_action_table[_DEVICE_ACTION_MAX] = {
-        [DEVICE_ACTION_ADD] = "add",
-        [DEVICE_ACTION_REMOVE] = "remove",
-        [DEVICE_ACTION_CHANGE] = "change",
-        [DEVICE_ACTION_MOVE] = "move",
-        [DEVICE_ACTION_ONLINE] = "online",
-        [DEVICE_ACTION_OFFLINE] = "offline",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(device_action, DeviceAction);
-
-static int device_append(sd_device *device, char *key, const char **_major, const char **_minor, uint64_t *_seqnum,
-                         DeviceAction *_action) {
-        DeviceAction action = _DEVICE_ACTION_INVALID;
-        uint64_t seqnum = 0;
-        const char *major = NULL, *minor = NULL;
-        char *value;
-        int r;
-
-        assert(device);
-        assert(key);
-        assert(_major);
-        assert(_minor);
-        assert(_seqnum);
-        assert(_action);
-
-        value = strchr(key, '=');
-        if (!value) {
-                log_debug("sd-device: not a key-value pair: '%s'", key);
-                return -EINVAL;
-        }
-
-        *value = '\0';
-
-        value++;
-
-        if (streq(key, "MAJOR"))
-                major = value;
-        else if (streq(key, "MINOR"))
-                minor = value;
-        else {
-                if (streq(key, "ACTION")) {
-                        action = device_action_from_string(value);
-                        if (action == _DEVICE_ACTION_INVALID)
-                                return -EINVAL;
-                } else if (streq(key, "SEQNUM")) {
-                        r = safe_atou64(value, &seqnum);
-                        if (r < 0)
-                                return r;
-                        else if (seqnum == 0)
-                                 /* kernel only sends seqnum > 0 */
-                                return -EINVAL;
-                }
-
-                r = device_amend(device, key, value);
-                if (r < 0)
-                        return r;
-        }
-
-        if (major != 0)
-                *_major = major;
-
-        if (minor != 0)
-                *_minor = minor;
-
-        if (action != _DEVICE_ACTION_INVALID)
-                *_action = action;
-
-        if (seqnum > 0)
-                *_seqnum = seqnum;
-
-        return 0;
-}
-
-void device_seal(sd_device *device) {
-        assert(device);
-
-        device->sealed = true;
-}
-
-static int device_verify(sd_device *device, DeviceAction action, uint64_t seqnum) {
-        assert(device);
-
-        if (!device->devpath || !device->subsystem || action == _DEVICE_ACTION_INVALID || seqnum == 0) {
-                log_debug("sd-device: device created from strv lacks devpath, subsystem, action or seqnum");
-                return -EINVAL;
-        }
-
-        device->sealed = true;
-
-        return 0;
-}
-
-int device_new_from_strv(sd_device **ret, char **strv) {
-        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-        char **key;
-        const char *major = NULL, *minor = NULL;
-        DeviceAction action = _DEVICE_ACTION_INVALID;
-        uint64_t seqnum;
-        int r;
-
-        assert(ret);
-        assert(strv);
-
-        r = device_new_aux(&device);
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH(key, strv) {
-                r = device_append(device, *key, &major, &minor, &seqnum, &action);
-                if (r < 0)
-                        return r;
-        }
-
-        if (major) {
-                r = device_set_devnum(device, major, minor);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set devnum %s:%s: %m", major, minor);
-        }
-
-        r = device_verify(device, action, seqnum);
-        if (r < 0)
-                return r;
-
-        *ret = device;
-        device = NULL;
-
-        return 0;
-}
-
-int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len) {
-        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-        const char *major = NULL, *minor = NULL;
-        DeviceAction action = _DEVICE_ACTION_INVALID;
-        uint64_t seqnum;
-        unsigned i = 0;
-        int r;
-
-        assert(ret);
-        assert(nulstr);
-        assert(len);
-
-        r = device_new_aux(&device);
-        if (r < 0)
-                return r;
-
-        while (i < len) {
-                char *key;
-                const char *end;
-
-                key = (char*)&nulstr[i];
-                end = memchr(key, '\0', len - i);
-                if (!end) {
-                        log_debug("sd-device: failed to parse nulstr");
-                        return -EINVAL;
-                }
-                i += end - key + 1;
-
-                r = device_append(device, key, &major, &minor, &seqnum, &action);
-                if (r < 0)
-                        return r;
-        }
-
-        if (major) {
-                r = device_set_devnum(device, major, minor);
-                if (r < 0)
-                        return log_debug_errno(r, "sd-device: could not set devnum %s:%s: %m", major, minor);
-        }
-
-        r = device_verify(device, action, seqnum);
-        if (r < 0)
-                return r;
-
-        *ret = device;
-        device = NULL;
-
-        return 0;
-}
-
-static int device_update_properties_bufs(sd_device *device) {
-        const char *val, *prop;
-        _cleanup_free_ char **buf_strv = NULL;
-        _cleanup_free_ uint8_t *buf_nulstr = NULL;
-        size_t allocated_nulstr = 0;
-        size_t nulstr_len = 0, num = 0, i = 0;
-
-        assert(device);
-
-        if (!device->properties_buf_outdated)
-                return 0;
-
-        FOREACH_DEVICE_PROPERTY(device, prop, val) {
-                size_t len = 0;
-
-                len = strlen(prop) + 1 + strlen(val);
-
-                buf_nulstr = GREEDY_REALLOC0(buf_nulstr, allocated_nulstr, nulstr_len + len + 2);
-                if (!buf_nulstr)
-                        return -ENOMEM;
-
-                strscpyl((char *)buf_nulstr + nulstr_len, len + 1, prop, "=", val, NULL);
-                nulstr_len += len + 1;
-                ++num;
-        }
-
-        /* build buf_strv from buf_nulstr */
-        buf_strv = new0(char *, num + 1);
-        if (!buf_strv)
-                return -ENOMEM;
-
-        NULSTR_FOREACH(val, (char*) buf_nulstr) {
-                buf_strv[i] = (char *) val;
-                assert(i < num);
-                i++;
-        }
-
-        free(device->properties_nulstr);
-        device->properties_nulstr = buf_nulstr;
-        buf_nulstr = NULL;
-        device->properties_nulstr_len = nulstr_len;
-        free(device->properties_strv);
-        device->properties_strv = buf_strv;
-        buf_strv = NULL;
-
-        device->properties_buf_outdated = false;
-
-        return 0;
-}
-
-int device_get_properties_nulstr(sd_device *device, const uint8_t **nulstr, size_t *len) {
-        int r;
-
-        assert(device);
-        assert(nulstr);
-        assert(len);
-
-        r = device_update_properties_bufs(device);
-        if (r < 0)
-                return r;
-
-        *nulstr = device->properties_nulstr;
-        *len = device->properties_nulstr_len;
-
-        return 0;
-}
-
-int device_get_properties_strv(sd_device *device, char ***strv) {
-        int r;
-
-        assert(device);
-        assert(strv);
-
-        r = device_update_properties_bufs(device);
-        if (r < 0)
-                return r;
-
-        *strv = device->properties_strv;
-
-        return 0;
-}
-
-int device_get_devlink_priority(sd_device *device, int *priority) {
-        int r;
-
-        assert(device);
-        assert(priority);
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        *priority = device->devlink_priority;
-
-        return 0;
-}
-
-int device_get_watch_handle(sd_device *device, int *handle) {
-        int r;
-
-        assert(device);
-        assert(handle);
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        *handle = device->watch_handle;
-
-        return 0;
-}
-
-void device_set_watch_handle(sd_device *device, int handle) {
-        assert(device);
-
-        device->watch_handle = handle;
-}
-
-int device_rename(sd_device *device, const char *name) {
-        _cleanup_free_ char *dirname = NULL;
-        char *new_syspath;
-        const char *interface;
-        int r;
-
-        assert(device);
-        assert(name);
-
-        dirname = dirname_malloc(device->syspath);
-        if (!dirname)
-                return -ENOMEM;
-
-        new_syspath = strjoina(dirname, "/", name);
-
-        /* the user must trust that the new name is correct */
-        r = device_set_syspath(device, new_syspath, false);
-        if (r < 0)
-                return r;
-
-        r = sd_device_get_property_value(device, "INTERFACE", &interface);
-        if (r >= 0) {
-                r = device_add_property_internal(device, "INTERFACE", name);
-                if (r < 0)
-                        return r;
-
-                /* like DEVPATH_OLD, INTERFACE_OLD is not saved to the db, but only stays around for the current event */
-                r = device_add_property_internal(device, "INTERFACE_OLD", interface);
-                if (r < 0)
-                        return r;
-        } else if (r != -ENOENT)
-                return r;
-
-        return 0;
-}
-
-int device_shallow_clone(sd_device *old_device, sd_device **new_device) {
-        _cleanup_(sd_device_unrefp) sd_device *ret = NULL;
-        int r;
-
-        assert(old_device);
-        assert(new_device);
-
-        r = device_new_aux(&ret);
-        if (r < 0)
-                return r;
-
-        r = device_set_syspath(ret, old_device->syspath, false);
-        if (r < 0)
-                return r;
-
-        r = device_set_subsystem(ret, old_device->subsystem);
-        if (r < 0)
-                return r;
-
-        ret->devnum = old_device->devnum;
-
-        *new_device = ret;
-        ret = NULL;
-
-        return 0;
-}
-
-int device_clone_with_db(sd_device *old_device, sd_device **new_device) {
-        _cleanup_(sd_device_unrefp) sd_device *ret = NULL;
-        int r;
-
-        assert(old_device);
-        assert(new_device);
-
-        r = device_shallow_clone(old_device, &ret);
-        if (r < 0)
-                return r;
-
-        r = device_read_db(ret);
-        if (r < 0)
-                return r;
-
-        ret->sealed = true;
-
-        *new_device = ret;
-        ret = NULL;
-
-        return 0;
-}
-
-int device_new_from_synthetic_event(sd_device **new_device, const char *syspath, const char *action) {
-        _cleanup_(sd_device_unrefp) sd_device *ret = NULL;
-        int r;
-
-        assert(new_device);
-        assert(syspath);
-        assert(action);
-
-        r = sd_device_new_from_syspath(&ret, syspath);
-        if (r < 0)
-                return r;
-
-        r = device_read_uevent_file(ret);
-        if (r < 0)
-                return r;
-
-        r = device_add_property_internal(ret, "ACTION", action);
-        if (r < 0)
-                return r;
-
-        *new_device = ret;
-        ret = NULL;
-
-        return 0;
-}
-
-int device_copy_properties(sd_device *device_dst, sd_device *device_src) {
-        const char *property, *value;
-        int r;
-
-        assert(device_dst);
-        assert(device_src);
-
-        FOREACH_DEVICE_PROPERTY(device_src, property, value) {
-                r = device_add_property(device_dst, property, value);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-void device_cleanup_tags(sd_device *device) {
-        assert(device);
-
-        set_free_free(device->tags);
-        device->tags = NULL;
-        device->property_tags_outdated = true;
-        device->tags_generation++;
-}
-
-void device_cleanup_devlinks(sd_device *device) {
-        assert(device);
-
-        set_free_free(device->devlinks);
-        device->devlinks = NULL;
-        device->property_devlinks_outdated = true;
-        device->devlinks_generation++;
-}
-
-void device_remove_tag(sd_device *device, const char *tag) {
-        assert(device);
-        assert(tag);
-
-        free(set_remove(device->tags, tag));
-        device->property_tags_outdated = true;
-        device->tags_generation++;
-}
-
-static int device_tag(sd_device *device, const char *tag, bool add) {
-        const char *id;
-        char *path;
-        int r;
-
-        assert(device);
-        assert(tag);
-
-        r = device_get_id_filename(device, &id);
-        if (r < 0)
-                return r;
-
-        path = strjoina("/run/udev/tags/", tag, "/", id);
-
-        if (add) {
-                r = touch_file(path, true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0444);
-                if (r < 0)
-                        return r;
-        } else {
-                r = unlink(path);
-                if (r < 0 && errno != ENOENT)
-                        return -errno;
-        }
-
-        return 0;
-}
-
-int device_tag_index(sd_device *device, sd_device *device_old, bool add) {
-        const char *tag;
-        int r = 0, k;
-
-        if (add && device_old) {
-                /* delete possible left-over tags */
-                FOREACH_DEVICE_TAG(device_old, tag) {
-                        if (!sd_device_has_tag(device, tag)) {
-                                k = device_tag(device_old, tag, false);
-                                if (r >= 0 && k < 0)
-                                        r = k;
-                        }
-                }
-        }
-
-        FOREACH_DEVICE_TAG(device, tag) {
-                k = device_tag(device, tag, add);
-                if (r >= 0 && k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static bool device_has_info(sd_device *device) {
-        assert(device);
-
-        if (!set_isempty(device->devlinks))
-                return true;
-
-        if (device->devlink_priority != 0)
-                return true;
-
-        if (!ordered_hashmap_isempty(device->properties_db))
-                return true;
-
-        if (!set_isempty(device->tags))
-                return true;
-
-        if (device->watch_handle >= 0)
-                return true;
-
-        return false;
-}
-
-void device_set_db_persist(sd_device *device) {
-        assert(device);
-
-        device->db_persist = true;
-}
-
-int device_update_db(sd_device *device) {
-        const char *id;
-        char *path;
-        _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_free_ char *path_tmp = NULL;
-        bool has_info;
-        int r;
-
-        assert(device);
-
-        has_info = device_has_info(device);
-
-        r = device_get_id_filename(device, &id);
-        if (r < 0)
-                return r;
-
-        path = strjoina("/run/udev/data/", id);
-
-        /* do not store anything for otherwise empty devices */
-        if (!has_info && major(device->devnum) == 0 && device->ifindex == 0) {
-                r = unlink(path);
-                if (r < 0 && errno != ENOENT)
-                        return -errno;
-
-                return 0;
-        }
-
-        /* write a database file */
-        r = mkdir_parents(path, 0755);
-        if (r < 0)
-                return r;
-
-        r = fopen_temporary(path, &f, &path_tmp);
-        if (r < 0)
-                return r;
-
-        /*
-         * set 'sticky' bit to indicate that we should not clean the
-         * database when we transition from initramfs to the real root
-         */
-        if (device->db_persist) {
-                r = fchmod(fileno(f), 01644);
-                if (r < 0) {
-                        r = -errno;
-                        goto fail;
-                }
-        } else {
-                r = fchmod(fileno(f), 0644);
-                if (r < 0) {
-                        r = -errno;
-                        goto fail;
-                }
-        }
-
-        if (has_info) {
-                const char *property, *value, *tag;
-                Iterator i;
-
-                if (major(device->devnum) > 0) {
-                        const char *devlink;
-
-                        FOREACH_DEVICE_DEVLINK(device, devlink)
-                                fprintf(f, "S:%s\n", devlink + strlen("/dev/"));
-
-                        if (device->devlink_priority != 0)
-                                fprintf(f, "L:%i\n", device->devlink_priority);
-
-                        if (device->watch_handle >= 0)
-                                fprintf(f, "W:%i\n", device->watch_handle);
-                }
-
-                if (device->usec_initialized > 0)
-                        fprintf(f, "I:"USEC_FMT"\n", device->usec_initialized);
-
-                ORDERED_HASHMAP_FOREACH_KEY(value, property, device->properties_db, i)
-                        fprintf(f, "E:%s=%s\n", property, value);
-
-                FOREACH_DEVICE_TAG(device, tag)
-                        fprintf(f, "G:%s\n", tag);
-        }
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        r = rename(path_tmp, path);
-        if (r < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        log_debug("created %s file '%s' for '%s'", has_info ? "db" : "empty",
-                  path, device->devpath);
-
-        return 0;
-
-fail:
-        (void) unlink(path);
-        (void) unlink(path_tmp);
-
-        return log_error_errno(r, "failed to create %s file '%s' for '%s'", has_info ? "db" : "empty", path, device->devpath);
-}
-
-int device_delete_db(sd_device *device) {
-        const char *id;
-        char *path;
-        int r;
-
-        assert(device);
-
-        r = device_get_id_filename(device, &id);
-        if (r < 0)
-                return r;
-
-        path = strjoina("/run/udev/data/", id);
-
-        r = unlink(path);
-        if (r < 0 && errno != ENOENT)
-                return -errno;
-
-        return 0;
-}
-
-int device_read_db_force(sd_device *device) {
-        assert(device);
-
-        return device_read_db_aux(device, true);
-}
diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h
deleted file mode 100644
index 29b3e155fb..0000000000
--- a/src/libsystemd/sd-device/device-private.h
+++ /dev/null
@@ -1,68 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <stdbool.h>
-#include <sys/types.h>
-
-#include "sd-device.h"
-
-int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len);
-int device_new_from_strv(sd_device **ret, char **strv);
-
-int device_get_id_filename(sd_device *device, const char **ret);
-
-int device_get_devlink_priority(sd_device *device, int *priority);
-int device_get_watch_handle(sd_device *device, int *handle);
-int device_get_devnode_mode(sd_device *device, mode_t *mode);
-int device_get_devnode_uid(sd_device *device, uid_t *uid);
-int device_get_devnode_gid(sd_device *device, gid_t *gid);
-
-void device_seal(sd_device *device);
-void device_set_is_initialized(sd_device *device);
-void device_set_watch_handle(sd_device *device, int fd);
-void device_set_db_persist(sd_device *device);
-void device_set_devlink_priority(sd_device *device, int priority);
-int device_ensure_usec_initialized(sd_device *device, sd_device *device_old);
-int device_add_devlink(sd_device *device, const char *devlink);
-int device_add_property(sd_device *device, const char *property, const char *value);
-int device_add_tag(sd_device *device, const char *tag);
-void device_remove_tag(sd_device *device, const char *tag);
-void device_cleanup_tags(sd_device *device);
-void device_cleanup_devlinks(sd_device *device);
-
-uint64_t device_get_properties_generation(sd_device *device);
-uint64_t device_get_tags_generation(sd_device *device);
-uint64_t device_get_devlinks_generation(sd_device *device);
-
-int device_get_properties_nulstr(sd_device *device, const uint8_t **nulstr, size_t *len);
-int device_get_properties_strv(sd_device *device, char ***strv);
-
-int device_rename(sd_device *device, const char *name);
-int device_shallow_clone(sd_device *old_device, sd_device **new_device);
-int device_clone_with_db(sd_device *old_device, sd_device **new_device);
-int device_copy_properties(sd_device *device_dst, sd_device *device_src);
-int device_new_from_synthetic_event(sd_device **new_device, const char *syspath, const char *action);
-
-int device_tag_index(sd_device *dev, sd_device *dev_old, bool add);
-int device_update_db(sd_device *device);
-int device_delete_db(sd_device *device);
-int device_read_db_force(sd_device *device);
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
deleted file mode 100644
index b1c3d5f228..0000000000
--- a/src/libsystemd/sd-device/sd-device.c
+++ /dev/null
@@ -1,1884 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <ctype.h>
-#include <net/if.h>
-#include <sys/types.h>
-
-#include "sd-device.h"
-
-#include "alloc-util.h"
-#include "device-internal.h"
-#include "device-private.h"
-#include "device-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "hashmap.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "set.h"
-#include "stat-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "strxcpyx.h"
-#include "util.h"
-
-int device_new_aux(sd_device **ret) {
-        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-
-        assert(ret);
-
-        device = new0(sd_device, 1);
-        if (!device)
-                return -ENOMEM;
-
-        device->n_ref = 1;
-        device->watch_handle = -1;
-
-        *ret = device;
-        device = NULL;
-
-        return 0;
-}
-
-_public_ sd_device *sd_device_ref(sd_device *device) {
-        if (device)
-                assert_se(++ device->n_ref >= 2);
-
-        return device;
-}
-
-_public_ sd_device *sd_device_unref(sd_device *device) {
-        if (device && -- device->n_ref == 0) {
-                sd_device_unref(device->parent);
-                free(device->syspath);
-                free(device->sysname);
-                free(device->devtype);
-                free(device->devname);
-                free(device->subsystem);
-                free(device->driver);
-                free(device->id_filename);
-                free(device->properties_strv);
-                free(device->properties_nulstr);
-
-                ordered_hashmap_free_free_free(device->properties);
-                ordered_hashmap_free_free_free(device->properties_db);
-                hashmap_free_free_free(device->sysattr_values);
-                set_free_free(device->sysattrs);
-                set_free_free(device->tags);
-                set_free_free(device->devlinks);
-
-                free(device);
-        }
-
-        return NULL;
-}
-
-int device_add_property_aux(sd_device *device, const char *_key, const char *_value, bool db) {
-        OrderedHashmap **properties;
-
-        assert(device);
-        assert(_key);
-
-        if (db)
-                properties = &device->properties_db;
-        else
-                properties = &device->properties;
-
-        if (_value) {
-                _cleanup_free_ char *key = NULL, *value = NULL, *old_key = NULL, *old_value = NULL;
-                int r;
-
-                r = ordered_hashmap_ensure_allocated(properties, &string_hash_ops);
-                if (r < 0)
-                        return r;
-
-                key = strdup(_key);
-                if (!key)
-                        return -ENOMEM;
-
-                value = strdup(_value);
-                if (!value)
-                        return -ENOMEM;
-
-                old_value = ordered_hashmap_get2(*properties, key, (void**) &old_key);
-
-                r = ordered_hashmap_replace(*properties, key, value);
-                if (r < 0)
-                        return r;
-
-                key = NULL;
-                value = NULL;
-        } else {
-                _cleanup_free_ char *key = NULL;
-                _cleanup_free_ char *value = NULL;
-
-                value = ordered_hashmap_remove2(*properties, _key, (void**) &key);
-        }
-
-        if (!db) {
-                device->properties_generation++;
-                device->properties_buf_outdated = true;
-        }
-
-        return 0;
-}
-
-int device_add_property_internal(sd_device *device, const char *key, const char *value) {
-        return device_add_property_aux(device, key, value, false);
-}
-
-int device_set_syspath(sd_device *device, const char *_syspath, bool verify) {
-        _cleanup_free_ char *syspath = NULL;
-        const char *devpath;
-        int r;
-
-        assert(device);
-        assert(_syspath);
-
-        /* must be a subdirectory of /sys */
-        if (!path_startswith(_syspath, "/sys/")) {
-                log_debug("sd-device: syspath '%s' is not a subdirectory of /sys", _syspath);
-                return -EINVAL;
-        }
-
-        if (verify) {
-                r = readlink_and_canonicalize(_syspath, &syspath);
-                if (r == -ENOENT)
-                        /* the device does not exist (any more?) */
-                        return -ENODEV;
-                else if (r == -EINVAL) {
-                        /* not a symlink */
-                        syspath = canonicalize_file_name(_syspath);
-                        if (!syspath) {
-                                if (errno == ENOENT)
-                                        /* the device does not exist (any more?) */
-                                        return -ENODEV;
-
-                                return log_debug_errno(errno, "sd-device: could not canonicalize '%s': %m", _syspath);
-                        }
-                } else if (r < 0) {
-                        log_debug_errno(r, "sd-device: could not get target of '%s': %m", _syspath);
-                        return r;
-                }
-
-                if (path_startswith(syspath,  "/sys/devices/")) {
-                        char *path;
-
-                        /* all 'devices' require an 'uevent' file */
-                        path = strjoina(syspath, "/uevent");
-                        r = access(path, F_OK);
-                        if (r < 0) {
-                                if (errno == ENOENT)
-                                        /* this is not a valid device */
-                                        return -ENODEV;
-
-                                log_debug("sd-device: %s does not have an uevent file: %m", syspath);
-                                return -errno;
-                        }
-                } else {
-                        /* everything else just just needs to be a directory */
-                        if (!is_dir(syspath, false))
-                                return -ENODEV;
-                }
-        } else {
-                syspath = strdup(_syspath);
-                if (!syspath)
-                        return -ENOMEM;
-        }
-
-        devpath = syspath + strlen("/sys");
-
-        r = device_add_property_internal(device, "DEVPATH", devpath);
-        if (r < 0)
-                return r;
-
-        free(device->syspath);
-        device->syspath = syspath;
-        syspath = NULL;
-
-        device->devpath = devpath;
-
-        return 0;
-}
-
-_public_ int sd_device_new_from_syspath(sd_device **ret, const char *syspath) {
-        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return(syspath, -EINVAL);
-
-        r = device_new_aux(&device);
-        if (r < 0)
-                return r;
-
-        r = device_set_syspath(device, syspath, true);
-        if (r < 0)
-                return r;
-
-        *ret = device;
-        device = NULL;
-
-        return 0;
-}
-
-_public_ int sd_device_new_from_devnum(sd_device **ret, char type, dev_t devnum) {
-        char *syspath;
-        char id[DECIMAL_STR_MAX(unsigned) * 2 + 1];
-
-        assert_return(ret, -EINVAL);
-        assert_return(type == 'b' || type == 'c', -EINVAL);
-
-        /* use /sys/dev/{block,char}/<maj>:<min> link */
-        snprintf(id, sizeof(id), "%u:%u", major(devnum), minor(devnum));
-
-        syspath = strjoina("/sys/dev/", (type == 'b' ? "block" : "char"), "/", id);
-
-        return sd_device_new_from_syspath(ret, syspath);
-}
-
-_public_ int sd_device_new_from_subsystem_sysname(sd_device **ret, const char *subsystem, const char *sysname) {
-        char *syspath;
-
-        assert_return(ret, -EINVAL);
-        assert_return(subsystem, -EINVAL);
-        assert_return(sysname, -EINVAL);
-
-        if (streq(subsystem, "subsystem")) {
-                syspath = strjoina("/sys/subsystem/", sysname);
-                if (access(syspath, F_OK) >= 0)
-                        return sd_device_new_from_syspath(ret, syspath);
-
-                syspath = strjoina("/sys/bus/", sysname);
-                if (access(syspath, F_OK) >= 0)
-                        return sd_device_new_from_syspath(ret, syspath);
-
-                syspath = strjoina("/sys/class/", sysname);
-                if (access(syspath, F_OK) >= 0)
-                        return sd_device_new_from_syspath(ret, syspath);
-        } else  if (streq(subsystem, "module")) {
-                syspath = strjoina("/sys/module/", sysname);
-                if (access(syspath, F_OK) >= 0)
-                        return sd_device_new_from_syspath(ret, syspath);
-        } else if (streq(subsystem, "drivers")) {
-                char subsys[PATH_MAX];
-                char *driver;
-
-                strscpy(subsys, sizeof(subsys), sysname);
-                driver = strchr(subsys, ':');
-                if (driver) {
-                        driver[0] = '\0';
-                        driver++;
-
-                        syspath = strjoina("/sys/subsystem/", subsys, "/drivers/", driver);
-                        if (access(syspath, F_OK) >= 0)
-                                return sd_device_new_from_syspath(ret, syspath);
-
-                        syspath = strjoina("/sys/bus/", subsys, "/drivers/", driver);
-                        if (access(syspath, F_OK) >= 0)
-                                return sd_device_new_from_syspath(ret, syspath);
-                } else
-                        return -EINVAL;
-        } else {
-                char *name;
-                size_t len = 0;
-
-                /* translate sysname back to sysfs filename */
-                name = strdupa(sysname);
-                while (name[len] != '\0') {
-                        if (name[len] == '/')
-                                name[len] = '!';
-
-                        len++;
-                }
-
-                syspath = strjoina("/sys/subsystem/", subsystem, "/devices/", name);
-                if (access(syspath, F_OK) >= 0)
-                        return sd_device_new_from_syspath(ret, syspath);
-
-                syspath = strjoina("/sys/bus/", subsystem, "/devices/", name);
-                if (access(syspath, F_OK) >= 0)
-                        return sd_device_new_from_syspath(ret, syspath);
-
-                syspath = strjoina("/sys/class/", subsystem, "/", name);
-                if (access(syspath, F_OK) >= 0)
-                        return sd_device_new_from_syspath(ret, syspath);
-        }
-
-        return -ENODEV;
-}
-
-int device_set_devtype(sd_device *device, const char *_devtype) {
-        _cleanup_free_ char *devtype = NULL;
-        int r;
-
-        assert(device);
-        assert(_devtype);
-
-        devtype = strdup(_devtype);
-        if (!devtype)
-                return -ENOMEM;
-
-        r = device_add_property_internal(device, "DEVTYPE", devtype);
-        if (r < 0)
-                return r;
-
-        free(device->devtype);
-        device->devtype = devtype;
-        devtype = NULL;
-
-        return 0;
-}
-
-int device_set_ifindex(sd_device *device, const char *_ifindex) {
-        int ifindex, r;
-
-        assert(device);
-        assert(_ifindex);
-
-        r = parse_ifindex(_ifindex, &ifindex);
-        if (r < 0)
-                return r;
-
-        r = device_add_property_internal(device, "IFINDEX", _ifindex);
-        if (r < 0)
-                return r;
-
-        device->ifindex = ifindex;
-
-        return 0;
-}
-
-int device_set_devname(sd_device *device, const char *_devname) {
-        _cleanup_free_ char *devname = NULL;
-        int r;
-
-        assert(device);
-        assert(_devname);
-
-        if (_devname[0] != '/') {
-                r = asprintf(&devname, "/dev/%s", _devname);
-                if (r < 0)
-                        return -ENOMEM;
-        } else {
-                devname = strdup(_devname);
-                if (!devname)
-                        return -ENOMEM;
-        }
-
-        r = device_add_property_internal(device, "DEVNAME", devname);
-        if (r < 0)
-                return r;
-
-        free(device->devname);
-        device->devname = devname;
-        devname = NULL;
-
-        return 0;
-}
-
-int device_set_devmode(sd_device *device, const char *_devmode) {
-        unsigned devmode;
-        int r;
-
-        assert(device);
-        assert(_devmode);
-
-        r = safe_atou(_devmode, &devmode);
-        if (r < 0)
-                return r;
-
-        if (devmode > 07777)
-                return -EINVAL;
-
-        r = device_add_property_internal(device, "DEVMODE", _devmode);
-        if (r < 0)
-                return r;
-
-        device->devmode = devmode;
-
-        return 0;
-}
-
-int device_set_devnum(sd_device *device, const char *major, const char *minor) {
-        unsigned maj = 0, min = 0;
-        int r;
-
-        assert(device);
-        assert(major);
-
-        r = safe_atou(major, &maj);
-        if (r < 0)
-                return r;
-        if (!maj)
-                return 0;
-
-        if (minor) {
-                r = safe_atou(minor, &min);
-                if (r < 0)
-                        return r;
-        }
-
-        r = device_add_property_internal(device, "MAJOR", major);
-        if (r < 0)
-                return r;
-
-        if (minor) {
-                r = device_add_property_internal(device, "MINOR", minor);
-                if (r < 0)
-                        return r;
-        }
-
-        device->devnum = makedev(maj, min);
-
-        return 0;
-}
-
-static int handle_uevent_line(sd_device *device, const char *key, const char *value, const char **major, const char **minor) {
-        int r;
-
-        assert(device);
-        assert(key);
-        assert(value);
-        assert(major);
-        assert(minor);
-
-        if (streq(key, "DEVTYPE")) {
-                r = device_set_devtype(device, value);
-                if (r < 0)
-                        return r;
-        } else if (streq(key, "IFINDEX")) {
-                r = device_set_ifindex(device, value);
-                if (r < 0)
-                        return r;
-        } else if (streq(key, "DEVNAME")) {
-                r = device_set_devname(device, value);
-                if (r < 0)
-                        return r;
-        } else if (streq(key, "DEVMODE")) {
-                r = device_set_devmode(device, value);
-                if (r < 0)
-                        return r;
-        } else if (streq(key, "MAJOR"))
-                *major = value;
-        else if (streq(key, "MINOR"))
-                *minor = value;
-        else {
-                r = device_add_property_internal(device, key, value);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-int device_read_uevent_file(sd_device *device) {
-        _cleanup_free_ char *uevent = NULL;
-        const char *syspath, *key = NULL, *value = NULL, *major = NULL, *minor = NULL;
-        char *path;
-        size_t uevent_len;
-        unsigned i;
-        int r;
-
-        enum {
-                PRE_KEY,
-                KEY,
-                PRE_VALUE,
-                VALUE,
-                INVALID_LINE,
-        } state = PRE_KEY;
-
-        assert(device);
-
-        if (device->uevent_loaded || device->sealed)
-                return 0;
-
-        device->uevent_loaded = true;
-
-        r = sd_device_get_syspath(device, &syspath);
-        if (r < 0)
-                return r;
-
-        path = strjoina(syspath, "/uevent");
-
-        r = read_full_file(path, &uevent, &uevent_len);
-        if (r == -EACCES)
-                /* empty uevent files may be write-only */
-                return 0;
-        else if (r == -ENOENT)
-                /* some devices may not have uevent files, see set_syspath() */
-                return 0;
-        else if (r < 0) {
-                log_debug_errno(r, "sd-device: failed to read uevent file '%s': %m", path);
-                return r;
-        }
-
-        for (i = 0; i < uevent_len; i++) {
-                switch (state) {
-                case PRE_KEY:
-                        if (!strchr(NEWLINE, uevent[i])) {
-                                key = &uevent[i];
-
-                                state = KEY;
-                        }
-
-                        break;
-                case KEY:
-                        if (uevent[i] == '=') {
-                                uevent[i] = '\0';
-
-                                state = PRE_VALUE;
-                        } else if (strchr(NEWLINE, uevent[i])) {
-                                uevent[i] = '\0';
-                                log_debug("sd-device: ignoring invalid uevent line '%s'", key);
-
-                                state = PRE_KEY;
-                        }
-
-                        break;
-                case PRE_VALUE:
-                        value = &uevent[i];
-
-                        state = VALUE;
-
-                        break;
-                case VALUE:
-                        if (strchr(NEWLINE, uevent[i])) {
-                                uevent[i] = '\0';
-
-                                r = handle_uevent_line(device, key, value, &major, &minor);
-                                if (r < 0)
-                                        log_debug_errno(r, "sd-device: failed to handle uevent entry '%s=%s': %m", key, value);
-
-                                state = PRE_KEY;
-                        }
-
-                        break;
-                default:
-                        assert_not_reached("invalid state when parsing uevent file");
-                }
-        }
-
-        if (major) {
-                r = device_set_devnum(device, major, minor);
-                if (r < 0)
-                        log_debug_errno(r, "sd-device: could not set 'MAJOR=%s' or 'MINOR=%s' from '%s': %m", major, minor, path);
-        }
-
-        return 0;
-}
-
-_public_ int sd_device_get_ifindex(sd_device *device, int *ifindex) {
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(ifindex, -EINVAL);
-
-        r = device_read_uevent_file(device);
-        if (r < 0)
-                return r;
-
-        *ifindex = device->ifindex;
-
-        return 0;
-}
-
-_public_ int sd_device_new_from_device_id(sd_device **ret, const char *id) {
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return(id, -EINVAL);
-
-        switch (id[0]) {
-        case 'b':
-        case 'c':
-        {
-                char type;
-                int maj, min;
-
-                r = sscanf(id, "%c%i:%i", &type, &maj, &min);
-                if (r != 3)
-                        return -EINVAL;
-
-                return sd_device_new_from_devnum(ret, type, makedev(maj, min));
-        }
-        case 'n':
-        {
-                _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-                _cleanup_close_ int sk = -1;
-                struct ifreq ifr = {};
-                int ifindex;
-
-                r = parse_ifindex(&id[1], &ifr.ifr_ifindex);
-                if (r < 0)
-                        return r;
-
-                sk = socket(PF_INET, SOCK_DGRAM, 0);
-                if (sk < 0)
-                        return -errno;
-
-                r = ioctl(sk, SIOCGIFNAME, &ifr);
-                if (r < 0)
-                        return -errno;
-
-                r = sd_device_new_from_subsystem_sysname(&device, "net", ifr.ifr_name);
-                if (r < 0)
-                        return r;
-
-                r = sd_device_get_ifindex(device, &ifindex);
-                if (r < 0)
-                        return r;
-
-                /* this is racey, so we might end up with the wrong device */
-                if (ifr.ifr_ifindex != ifindex)
-                        return -ENODEV;
-
-                *ret = device;
-                device = NULL;
-
-                return 0;
-        }
-        case '+':
-        {
-                char subsys[PATH_MAX];
-                char *sysname;
-
-                (void)strscpy(subsys, sizeof(subsys), id + 1);
-                sysname = strchr(subsys, ':');
-                if (!sysname)
-                        return -EINVAL;
-
-                sysname[0] = '\0';
-                sysname++;
-
-                return sd_device_new_from_subsystem_sysname(ret, subsys, sysname);
-        }
-        default:
-                return -EINVAL;
-        }
-}
-
-_public_ int sd_device_get_syspath(sd_device *device, const char **ret) {
-        assert_return(device, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        assert(path_startswith(device->syspath, "/sys/"));
-
-        *ret = device->syspath;
-
-        return 0;
-}
-
-static int device_new_from_child(sd_device **ret, sd_device *child) {
-        _cleanup_free_ char *path = NULL;
-        const char *subdir, *syspath;
-        int r;
-
-        assert(ret);
-        assert(child);
-
-        r = sd_device_get_syspath(child, &syspath);
-        if (r < 0)
-                return r;
-
-        path = strdup(syspath);
-        if (!path)
-                return -ENOMEM;
-        subdir = path + strlen("/sys");
-
-        for (;;) {
-                char *pos;
-
-                pos = strrchr(subdir, '/');
-                if (!pos || pos < subdir + 2)
-                        break;
-
-                *pos = '\0';
-
-                r = sd_device_new_from_syspath(ret, path);
-                if (r < 0)
-                        continue;
-
-                return 0;
-        }
-
-        return -ENODEV;
-}
-
-_public_ int sd_device_get_parent(sd_device *child, sd_device **ret) {
-
-        assert_return(ret, -EINVAL);
-        assert_return(child, -EINVAL);
-
-        if (!child->parent_set) {
-                child->parent_set = true;
-
-                (void)device_new_from_child(&child->parent, child);
-        }
-
-        if (!child->parent)
-                return -ENOENT;
-
-        *ret = child->parent;
-
-        return 0;
-}
-
-int device_set_subsystem(sd_device *device, const char *_subsystem) {
-        _cleanup_free_ char *subsystem = NULL;
-        int r;
-
-        assert(device);
-        assert(_subsystem);
-
-        subsystem = strdup(_subsystem);
-        if (!subsystem)
-                return -ENOMEM;
-
-        r = device_add_property_internal(device, "SUBSYSTEM", subsystem);
-        if (r < 0)
-                return r;
-
-        free(device->subsystem);
-        device->subsystem = subsystem;
-        subsystem = NULL;
-
-        device->subsystem_set = true;
-
-        return 0;
-}
-
-_public_ int sd_device_get_subsystem(sd_device *device, const char **ret) {
-        assert_return(ret, -EINVAL);
-        assert_return(device, -EINVAL);
-
-        if (!device->subsystem_set) {
-                _cleanup_free_ char *subsystem = NULL;
-                const char *syspath;
-                char *path;
-                int r;
-
-                /* read 'subsystem' link */
-                r = sd_device_get_syspath(device, &syspath);
-                if (r < 0)
-                        return r;
-
-                path = strjoina(syspath, "/subsystem");
-                r = readlink_value(path, &subsystem);
-                if (r >= 0)
-                        r = device_set_subsystem(device, subsystem);
-                /* use implicit names */
-                else if (path_startswith(device->devpath, "/module/"))
-                        r = device_set_subsystem(device, "module");
-                else if (strstr(device->devpath, "/drivers/"))
-                        r = device_set_subsystem(device, "drivers");
-                else if (path_startswith(device->devpath, "/subsystem/") ||
-                         path_startswith(device->devpath, "/class/") ||
-                         path_startswith(device->devpath, "/bus/"))
-                        r = device_set_subsystem(device, "subsystem");
-                if (r < 0 && r != -ENOENT)
-                        return log_debug_errno(r, "sd-device: could not set subsystem for %s: %m", device->devpath);
-
-                device->subsystem_set = true;
-        }
-
-        if (!device->subsystem)
-                return -ENOENT;
-
-        *ret = device->subsystem;
-
-        return 0;
-}
-
-_public_ int sd_device_get_devtype(sd_device *device, const char **devtype) {
-        int r;
-
-        assert(devtype);
-        assert(device);
-
-        r = device_read_uevent_file(device);
-        if (r < 0)
-                return r;
-
-        *devtype = device->devtype;
-
-        return 0;
-}
-
-_public_ int sd_device_get_parent_with_subsystem_devtype(sd_device *child, const char *subsystem, const char *devtype, sd_device **ret) {
-        sd_device *parent = NULL;
-        int r;
-
-        assert_return(child, -EINVAL);
-        assert_return(subsystem, -EINVAL);
-
-        r = sd_device_get_parent(child, &parent);
-        while (r >= 0) {
-                const char *parent_subsystem = NULL;
-                const char *parent_devtype = NULL;
-
-                (void)sd_device_get_subsystem(parent, &parent_subsystem);
-                if (streq_ptr(parent_subsystem, subsystem)) {
-                        if (!devtype)
-                                break;
-
-                        (void)sd_device_get_devtype(parent, &parent_devtype);
-                        if (streq_ptr(parent_devtype, devtype))
-                                break;
-                }
-                r = sd_device_get_parent(parent, &parent);
-        }
-
-        if (r < 0)
-                return r;
-
-        *ret = parent;
-
-        return 0;
-}
-
-_public_ int sd_device_get_devnum(sd_device *device, dev_t *devnum) {
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(devnum, -EINVAL);
-
-        r = device_read_uevent_file(device);
-        if (r < 0)
-                return r;
-
-        *devnum = device->devnum;
-
-        return 0;
-}
-
-int device_set_driver(sd_device *device, const char *_driver) {
-        _cleanup_free_ char *driver = NULL;
-        int r;
-
-        assert(device);
-        assert(_driver);
-
-        driver = strdup(_driver);
-        if (!driver)
-                return -ENOMEM;
-
-        r = device_add_property_internal(device, "DRIVER", driver);
-        if (r < 0)
-                return r;
-
-        free(device->driver);
-        device->driver = driver;
-        driver = NULL;
-
-        device->driver_set = true;
-
-        return 0;
-}
-
-_public_ int sd_device_get_driver(sd_device *device, const char **ret) {
-        assert_return(device, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        if (!device->driver_set) {
-                _cleanup_free_ char *driver = NULL;
-                const char *syspath;
-                char *path;
-                int r;
-
-                r = sd_device_get_syspath(device, &syspath);
-                if (r < 0)
-                        return r;
-
-                path = strjoina(syspath, "/driver");
-                r = readlink_value(path, &driver);
-                if (r >= 0) {
-                        r = device_set_driver(device, driver);
-                        if (r < 0)
-                                return log_debug_errno(r, "sd-device: could not set driver for %s: %m", device->devpath);
-                } else if (r == -ENOENT)
-                        device->driver_set = true;
-                else
-                        return log_debug_errno(r, "sd-device: could not set driver for %s: %m", device->devpath);
-        }
-
-        if (!device->driver)
-                return -ENOENT;
-
-        *ret = device->driver;
-
-        return 0;
-}
-
-_public_ int sd_device_get_devpath(sd_device *device, const char **devpath) {
-        assert_return(device, -EINVAL);
-        assert_return(devpath, -EINVAL);
-
-        assert(device->devpath);
-        assert(device->devpath[0] == '/');
-
-        *devpath = device->devpath;
-
-        return 0;
-}
-
-_public_ int sd_device_get_devname(sd_device *device, const char **devname) {
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(devname, -EINVAL);
-
-        r = device_read_uevent_file(device);
-        if (r < 0)
-                return r;
-
-        if (!device->devname)
-                return -ENOENT;
-
-        assert(path_startswith(device->devname, "/dev/"));
-
-        *devname = device->devname;
-
-        return 0;
-}
-
-static int device_set_sysname(sd_device *device) {
-        _cleanup_free_ char *sysname = NULL;
-        const char *sysnum = NULL;
-        const char *pos;
-        size_t len = 0;
-
-        pos = strrchr(device->devpath, '/');
-        if (!pos)
-                return -EINVAL;
-        pos++;
-
-        /* devpath is not a root directory */
-        if (*pos == '\0' || pos <= device->devpath)
-                return -EINVAL;
-
-        sysname = strdup(pos);
-        if (!sysname)
-                return -ENOMEM;
-
-        /* some devices have '!' in their name, change that to '/' */
-        while (sysname[len] != '\0') {
-                if (sysname[len] == '!')
-                        sysname[len] = '/';
-
-                len++;
-        }
-
-        /* trailing number */
-        while (len > 0 && isdigit(sysname[--len]))
-                sysnum = &sysname[len];
-
-        if (len == 0)
-                sysnum = NULL;
-
-        free(device->sysname);
-        device->sysname = sysname;
-        sysname = NULL;
-
-        device->sysnum = sysnum;
-
-        device->sysname_set = true;
-
-        return 0;
-}
-
-_public_ int sd_device_get_sysname(sd_device *device, const char **ret) {
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        if (!device->sysname_set) {
-                r = device_set_sysname(device);
-                if (r < 0)
-                        return r;
-        }
-
-        assert_return(device->sysname, -ENOENT);
-
-        *ret = device->sysname;
-
-        return 0;
-}
-
-_public_ int sd_device_get_sysnum(sd_device *device, const char **ret) {
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        if (!device->sysname_set) {
-                r = device_set_sysname(device);
-                if (r < 0)
-                        return r;
-        }
-
-        *ret = device->sysnum;
-
-        return 0;
-}
-
-static bool is_valid_tag(const char *tag) {
-        assert(tag);
-
-        return !strchr(tag, ':') && !strchr(tag, ' ');
-}
-
-int device_add_tag(sd_device *device, const char *tag) {
-        int r;
-
-        assert(device);
-        assert(tag);
-
-        if (!is_valid_tag(tag))
-                return -EINVAL;
-
-        r = set_ensure_allocated(&device->tags, &string_hash_ops);
-        if (r < 0)
-                return r;
-
-        r = set_put_strdup(device->tags, tag);
-        if (r < 0)
-                return r;
-
-        device->tags_generation++;
-        device->property_tags_outdated = true;
-
-        return 0;
-}
-
-int device_add_devlink(sd_device *device, const char *devlink) {
-        int r;
-
-        assert(device);
-        assert(devlink);
-
-        r = set_ensure_allocated(&device->devlinks, &string_hash_ops);
-        if (r < 0)
-                return r;
-
-        r = set_put_strdup(device->devlinks, devlink);
-        if (r < 0)
-                return r;
-
-        device->devlinks_generation++;
-        device->property_devlinks_outdated = true;
-
-        return 0;
-}
-
-static int device_add_property_internal_from_string(sd_device *device, const char *str) {
-        _cleanup_free_ char *key = NULL;
-        char *value;
-
-        assert(device);
-        assert(str);
-
-        key = strdup(str);
-        if (!key)
-                return -ENOMEM;
-
-        value = strchr(key, '=');
-        if (!value)
-                return -EINVAL;
-
-        *value = '\0';
-
-        if (isempty(++value))
-                value = NULL;
-
-        return device_add_property_internal(device, key, value);
-}
-
-int device_set_usec_initialized(sd_device *device, const char *initialized) {
-        uint64_t usec_initialized;
-        int r;
-
-        assert(device);
-        assert(initialized);
-
-        r = safe_atou64(initialized, &usec_initialized);
-        if (r < 0)
-                return r;
-
-        r = device_add_property_internal(device, "USEC_INITIALIZED", initialized);
-        if (r < 0)
-                return r;
-
-        device->usec_initialized = usec_initialized;
-
-        return 0;
-}
-
-static int handle_db_line(sd_device *device, char key, const char *value) {
-        char *path;
-        int r;
-
-        assert(device);
-        assert(value);
-
-        switch (key) {
-        case 'G':
-                r = device_add_tag(device, value);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'S':
-                path = strjoina("/dev/", value);
-                r = device_add_devlink(device, path);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'E':
-                r = device_add_property_internal_from_string(device, value);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'I':
-                r = device_set_usec_initialized(device, value);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'L':
-                r = safe_atoi(value, &device->devlink_priority);
-                if (r < 0)
-                        return r;
-
-                break;
-        case 'W':
-                r = safe_atoi(value, &device->watch_handle);
-                if (r < 0)
-                        return r;
-
-                break;
-        default:
-                log_debug("device db: unknown key '%c'", key);
-        }
-
-        return 0;
-}
-
-int device_get_id_filename(sd_device *device, const char **ret) {
-        assert(device);
-        assert(ret);
-
-        if (!device->id_filename) {
-                _cleanup_free_ char *id = NULL;
-                const char *subsystem;
-                dev_t devnum;
-                int ifindex, r;
-
-                r = sd_device_get_subsystem(device, &subsystem);
-                if (r < 0)
-                        return r;
-
-                r = sd_device_get_devnum(device, &devnum);
-                if (r < 0)
-                        return r;
-
-                r = sd_device_get_ifindex(device, &ifindex);
-                if (r < 0)
-                        return r;
-
-                if (major(devnum) > 0) {
-                        assert(subsystem);
-
-                        /* use dev_t — b259:131072, c254:0 */
-                        r = asprintf(&id, "%c%u:%u",
-                                     streq(subsystem, "block") ? 'b' : 'c',
-                                     major(devnum), minor(devnum));
-                        if (r < 0)
-                                return -ENOMEM;
-                } else if (ifindex > 0) {
-                        /* use netdev ifindex — n3 */
-                        r = asprintf(&id, "n%u", ifindex);
-                        if (r < 0)
-                                return -ENOMEM;
-                } else {
-                        /* use $subsys:$sysname — pci:0000:00:1f.2
-                         * sysname() has '!' translated, get it from devpath
-                         */
-                        const char *sysname;
-
-                        sysname = basename(device->devpath);
-                        if (!sysname)
-                                return -EINVAL;
-
-                        if (!subsystem)
-                                return -EINVAL;
-
-                        r = asprintf(&id, "+%s:%s", subsystem, sysname);
-                        if (r < 0)
-                                return -ENOMEM;
-                }
-
-                device->id_filename = id;
-                id = NULL;
-        }
-
-        *ret = device->id_filename;
-
-        return 0;
-}
-
-int device_read_db_aux(sd_device *device, bool force) {
-        _cleanup_free_ char *db = NULL;
-        char *path;
-        const char *id, *value;
-        char key;
-        size_t db_len;
-        unsigned i;
-        int r;
-
-        enum {
-                PRE_KEY,
-                KEY,
-                PRE_VALUE,
-                VALUE,
-                INVALID_LINE,
-        } state = PRE_KEY;
-
-        if (device->db_loaded || (!force && device->sealed))
-                return 0;
-
-        device->db_loaded = true;
-
-        r = device_get_id_filename(device, &id);
-        if (r < 0)
-                return r;
-
-        path = strjoina("/run/udev/data/", id);
-
-        r = read_full_file(path, &db, &db_len);
-        if (r < 0) {
-                if (r == -ENOENT)
-                        return 0;
-                else
-                        return log_debug_errno(r, "sd-device: failed to read db '%s': %m", path);
-        }
-
-        /* devices with a database entry are initialized */
-        device->is_initialized = true;
-
-        for (i = 0; i < db_len; i++) {
-                switch (state) {
-                case PRE_KEY:
-                        if (!strchr(NEWLINE, db[i])) {
-                                key = db[i];
-
-                                state = KEY;
-                        }
-
-                        break;
-                case KEY:
-                        if (db[i] != ':') {
-                                log_debug("sd-device: ignoring invalid db entry with key '%c'", key);
-
-                                state = INVALID_LINE;
-                        } else {
-                                db[i] = '\0';
-
-                                state = PRE_VALUE;
-                        }
-
-                        break;
-                case PRE_VALUE:
-                        value = &db[i];
-
-                        state = VALUE;
-
-                        break;
-                case INVALID_LINE:
-                        if (strchr(NEWLINE, db[i]))
-                                state = PRE_KEY;
-
-                        break;
-                case VALUE:
-                        if (strchr(NEWLINE, db[i])) {
-                                db[i] = '\0';
-                                r = handle_db_line(device, key, value);
-                                if (r < 0)
-                                        log_debug_errno(r, "sd-device: failed to handle db entry '%c:%s': %m", key, value);
-
-                                state = PRE_KEY;
-                        }
-
-                        break;
-                default:
-                        assert_not_reached("invalid state when parsing db");
-                }
-        }
-
-        return 0;
-}
-
-static int device_read_db(sd_device *device) {
-        return device_read_db_aux(device, false);
-}
-
-_public_ int sd_device_get_is_initialized(sd_device *device, int *initialized) {
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(initialized, -EINVAL);
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        *initialized = device->is_initialized;
-
-        return 0;
-}
-
-_public_ int sd_device_get_usec_since_initialized(sd_device *device, uint64_t *usec) {
-        usec_t now_ts;
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(usec, -EINVAL);
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        if (!device->is_initialized)
-                return -EBUSY;
-
-        if (!device->usec_initialized)
-                return -ENODATA;
-
-        now_ts = now(clock_boottime_or_monotonic());
-
-        if (now_ts < device->usec_initialized)
-                return -EIO;
-
-        *usec = now_ts - device->usec_initialized;
-
-        return 0;
-}
-
-_public_ const char *sd_device_get_tag_first(sd_device *device) {
-        void *v;
-
-        assert_return(device, NULL);
-
-        (void) device_read_db(device);
-
-        device->tags_iterator_generation = device->tags_generation;
-        device->tags_iterator = ITERATOR_FIRST;
-
-        (void) set_iterate(device->tags, &device->tags_iterator, &v);
-        return v;
-}
-
-_public_ const char *sd_device_get_tag_next(sd_device *device) {
-        void *v;
-
-        assert_return(device, NULL);
-
-        (void) device_read_db(device);
-
-        if (device->tags_iterator_generation != device->tags_generation)
-                return NULL;
-
-        (void) set_iterate(device->tags, &device->tags_iterator, &v);
-        return v;
-}
-
-_public_ const char *sd_device_get_devlink_first(sd_device *device) {
-        void *v;
-
-        assert_return(device, NULL);
-
-        (void) device_read_db(device);
-
-        device->devlinks_iterator_generation = device->devlinks_generation;
-        device->devlinks_iterator = ITERATOR_FIRST;
-
-        (void) set_iterate(device->devlinks, &device->devlinks_iterator, &v);
-        return v;
-}
-
-_public_ const char *sd_device_get_devlink_next(sd_device *device) {
-        void *v;
-
-        assert_return(device, NULL);
-
-        (void) device_read_db(device);
-
-        if (device->devlinks_iterator_generation != device->devlinks_generation)
-                return NULL;
-
-        (void) set_iterate(device->devlinks, &device->devlinks_iterator, &v);
-        return v;
-}
-
-static int device_properties_prepare(sd_device *device) {
-        int r;
-
-        assert(device);
-
-        r = device_read_uevent_file(device);
-        if (r < 0)
-                return r;
-
-        r = device_read_db(device);
-        if (r < 0)
-                return r;
-
-        if (device->property_devlinks_outdated) {
-                _cleanup_free_ char *devlinks = NULL;
-                size_t devlinks_allocated = 0, devlinks_len = 0;
-                const char *devlink;
-
-                for (devlink = sd_device_get_devlink_first(device); devlink; devlink = sd_device_get_devlink_next(device)) {
-                        char *e;
-
-                        if (!GREEDY_REALLOC(devlinks, devlinks_allocated, devlinks_len + strlen(devlink) + 2))
-                                return -ENOMEM;
-                        if (devlinks_len > 0)
-                                stpcpy(devlinks + devlinks_len++, " ");
-                        e = stpcpy(devlinks + devlinks_len, devlink);
-                        devlinks_len = e - devlinks;
-                }
-
-                r = device_add_property_internal(device, "DEVLINKS", devlinks);
-                if (r < 0)
-                        return r;
-
-                device->property_devlinks_outdated = false;
-        }
-
-        if (device->property_tags_outdated) {
-                _cleanup_free_ char *tags = NULL;
-                size_t tags_allocated = 0, tags_len = 0;
-                const char *tag;
-
-                if (!GREEDY_REALLOC(tags, tags_allocated, 2))
-                        return -ENOMEM;
-                stpcpy(tags, ":");
-                tags_len++;
-
-                for (tag = sd_device_get_tag_first(device); tag; tag = sd_device_get_tag_next(device)) {
-                        char *e;
-
-                        if (!GREEDY_REALLOC(tags, tags_allocated, tags_len + strlen(tag) + 2))
-                                return -ENOMEM;
-                        e = stpcpy(stpcpy(tags + tags_len, tag), ":");
-                        tags_len = e - tags;
-                }
-
-                r = device_add_property_internal(device, "TAGS", tags);
-                if (r < 0)
-                        return r;
-
-                device->property_tags_outdated = false;
-        }
-
-        return 0;
-}
-
-_public_ const char *sd_device_get_property_first(sd_device *device, const char **_value) {
-        const char *key;
-        const char *value;
-        int r;
-
-        assert_return(device, NULL);
-
-        r = device_properties_prepare(device);
-        if (r < 0)
-                return NULL;
-
-        device->properties_iterator_generation = device->properties_generation;
-        device->properties_iterator = ITERATOR_FIRST;
-
-        ordered_hashmap_iterate(device->properties, &device->properties_iterator, (void**)&value, (const void**)&key);
-
-        if (_value)
-                *_value = value;
-
-        return key;
-}
-
-_public_ const char *sd_device_get_property_next(sd_device *device, const char **_value) {
-        const char *key;
-        const char *value;
-        int r;
-
-        assert_return(device, NULL);
-
-        r = device_properties_prepare(device);
-        if (r < 0)
-                return NULL;
-
-        if (device->properties_iterator_generation != device->properties_generation)
-                return NULL;
-
-        ordered_hashmap_iterate(device->properties, &device->properties_iterator, (void**)&value, (const void**)&key);
-
-        if (_value)
-                *_value = value;
-
-        return key;
-}
-
-static int device_sysattrs_read_all(sd_device *device) {
-        _cleanup_closedir_ DIR *dir = NULL;
-        const char *syspath;
-        struct dirent *dent;
-        int r;
-
-        assert(device);
-
-        if (device->sysattrs_read)
-                return 0;
-
-        r = sd_device_get_syspath(device, &syspath);
-        if (r < 0)
-                return r;
-
-        dir = opendir(syspath);
-        if (!dir)
-                return -errno;
-
-        r = set_ensure_allocated(&device->sysattrs, &string_hash_ops);
-        if (r < 0)
-                return r;
-
-        for (dent = readdir(dir); dent != NULL; dent = readdir(dir)) {
-                char *path;
-                struct stat statbuf;
-
-                /* only handle symlinks and regular files */
-                if (dent->d_type != DT_LNK && dent->d_type != DT_REG)
-                        continue;
-
-                path = strjoina(syspath, "/", dent->d_name);
-
-                if (lstat(path, &statbuf) != 0)
-                        continue;
-
-                if (!(statbuf.st_mode & S_IRUSR))
-                        continue;
-
-                r = set_put_strdup(device->sysattrs, dent->d_name);
-                if (r < 0)
-                        return r;
-        }
-
-        device->sysattrs_read = true;
-
-        return 0;
-}
-
-_public_ const char *sd_device_get_sysattr_first(sd_device *device) {
-        void *v;
-        int r;
-
-        assert_return(device, NULL);
-
-        if (!device->sysattrs_read) {
-                r = device_sysattrs_read_all(device);
-                if (r < 0) {
-                        errno = -r;
-                        return NULL;
-                }
-        }
-
-        device->sysattrs_iterator = ITERATOR_FIRST;
-
-        (void) set_iterate(device->sysattrs, &device->sysattrs_iterator, &v);
-        return v;
-}
-
-_public_ const char *sd_device_get_sysattr_next(sd_device *device) {
-        void *v;
-
-        assert_return(device, NULL);
-
-        if (!device->sysattrs_read)
-                return NULL;
-
-        (void) set_iterate(device->sysattrs, &device->sysattrs_iterator, &v);
-        return v;
-}
-
-_public_ int sd_device_has_tag(sd_device *device, const char *tag) {
-        assert_return(device, -EINVAL);
-        assert_return(tag, -EINVAL);
-
-        (void) device_read_db(device);
-
-        return !!set_contains(device->tags, tag);
-}
-
-_public_ int sd_device_get_property_value(sd_device *device, const char *key, const char **_value) {
-        char *value;
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(key, -EINVAL);
-        assert_return(_value, -EINVAL);
-
-        r = device_properties_prepare(device);
-        if (r < 0)
-                return r;
-
-        value = ordered_hashmap_get(device->properties, key);
-        if (!value)
-                return -ENOENT;
-
-        *_value = value;
-
-        return 0;
-}
-
-/* replaces the value if it already exists */
-static int device_add_sysattr_value(sd_device *device, const char *_key, char *value) {
-        _cleanup_free_ char *key = NULL;
-        _cleanup_free_ char *value_old = NULL;
-        int r;
-
-        assert(device);
-        assert(_key);
-
-        r = hashmap_ensure_allocated(&device->sysattr_values, &string_hash_ops);
-        if (r < 0)
-                return r;
-
-        value_old = hashmap_remove2(device->sysattr_values, _key, (void **)&key);
-        if (!key) {
-                key = strdup(_key);
-                if (!key)
-                        return -ENOMEM;
-        }
-
-        r = hashmap_put(device->sysattr_values, key, value);
-        if (r < 0)
-                return r;
-
-        key = NULL;
-
-        return 0;
-}
-
-static int device_get_sysattr_value(sd_device *device, const char *_key, const char **_value) {
-        const char *key = NULL, *value;
-
-        assert(device);
-        assert(_key);
-
-        value = hashmap_get2(device->sysattr_values, _key, (void **) &key);
-        if (!key)
-                return -ENOENT;
-
-        if (_value)
-                *_value = value;
-
-        return 0;
-}
-
-/* We cache all sysattr lookups. If an attribute does not exist, it is stored
- * with a NULL value in the cache, otherwise the returned string is stored */
-_public_ int sd_device_get_sysattr_value(sd_device *device, const char *sysattr, const char **_value) {
-        _cleanup_free_ char *value = NULL;
-        const char *syspath, *cached_value = NULL;
-        char *path;
-        struct stat statbuf;
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(sysattr, -EINVAL);
-
-        /* look for possibly already cached result */
-        r = device_get_sysattr_value(device, sysattr, &cached_value);
-        if (r != -ENOENT) {
-                if (r < 0)
-                        return r;
-
-                if (!cached_value)
-                        /* we looked up the sysattr before and it did not exist */
-                        return -ENOENT;
-
-                if (_value)
-                        *_value = cached_value;
-
-                return 0;
-        }
-
-        r = sd_device_get_syspath(device, &syspath);
-        if (r < 0)
-                return r;
-
-        path = strjoina(syspath, "/", sysattr);
-        r = lstat(path, &statbuf);
-        if (r < 0) {
-                /* remember that we could not access the sysattr */
-                r = device_add_sysattr_value(device, sysattr, NULL);
-                if (r < 0)
-                        return r;
-
-                return -ENOENT;
-        } else if (S_ISLNK(statbuf.st_mode)) {
-                /* Some core links return only the last element of the target path,
-                 * these are just values, the paths should not be exposed. */
-                if (STR_IN_SET(sysattr, "driver", "subsystem", "module")) {
-                        r = readlink_value(path, &value);
-                        if (r < 0)
-                                return r;
-                } else
-                        return -EINVAL;
-        } else if (S_ISDIR(statbuf.st_mode)) {
-                /* skip directories */
-                return -EINVAL;
-        } else if (!(statbuf.st_mode & S_IRUSR)) {
-                /* skip non-readable files */
-                return -EPERM;
-        } else {
-                size_t size;
-
-                /* read attribute value */
-                r = read_full_file(path, &value, &size);
-                if (r < 0)
-                        return r;
-
-                /* drop trailing newlines */
-                while (size > 0 && value[--size] == '\n')
-                        value[size] = '\0';
-        }
-
-        r = device_add_sysattr_value(device, sysattr, value);
-        if (r < 0)
-                return r;
-
-        *_value = value;
-        value = NULL;
-
-        return 0;
-}
-
-static void device_remove_sysattr_value(sd_device *device, const char *_key) {
-        _cleanup_free_ char *key = NULL;
-        _cleanup_free_ char *value = NULL;
-
-        assert(device);
-        assert(_key);
-
-        value = hashmap_remove2(device->sysattr_values, _key, (void **) &key);
-
-        return;
-}
-
-/* set the attribute and save it in the cache. If a NULL value is passed the
- * attribute is cleared from the cache */
-_public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, char *_value) {
-        _cleanup_close_ int fd = -1;
-        _cleanup_free_ char *value = NULL;
-        const char *syspath;
-        char *path;
-        struct stat statbuf;
-        size_t value_len = 0;
-        ssize_t size;
-        int r;
-
-        assert_return(device, -EINVAL);
-        assert_return(sysattr, -EINVAL);
-
-        if (!_value) {
-                device_remove_sysattr_value(device, sysattr);
-
-                return 0;
-        }
-
-        r = sd_device_get_syspath(device, &syspath);
-        if (r < 0)
-                return r;
-
-        path = strjoina(syspath, "/", sysattr);
-        r = lstat(path, &statbuf);
-        if (r < 0) {
-                value = strdup("");
-                if (!value)
-                        return -ENOMEM;
-
-                r = device_add_sysattr_value(device, sysattr, value);
-                if (r < 0)
-                        return r;
-
-                return -ENXIO;
-        }
-
-        if (S_ISLNK(statbuf.st_mode))
-                return -EINVAL;
-
-        /* skip directories */
-        if (S_ISDIR(statbuf.st_mode))
-                return -EISDIR;
-
-        /* skip non-readable files */
-        if ((statbuf.st_mode & S_IRUSR) == 0)
-                return -EACCES;
-
-        value_len = strlen(_value);
-
-        /* drop trailing newlines */
-        while (value_len > 0 && _value[value_len - 1] == '\n')
-                _value[--value_len] = '\0';
-
-        /* value length is limited to 4k */
-        if (value_len > 4096)
-                return -EINVAL;
-
-        fd = open(path, O_WRONLY | O_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        value = strdup(_value);
-        if (!value)
-                return -ENOMEM;
-
-        size = write(fd, value, value_len);
-        if (size < 0)
-                return -errno;
-
-        if ((size_t)size != value_len)
-                return -EIO;
-
-        r = device_add_sysattr_value(device, sysattr, value);
-        if (r < 0)
-                return r;
-
-        value = NULL;
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-event/Makefile b/src/libsystemd/sd-event/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/libsystemd/sd-event/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
deleted file mode 100644
index 7ba6527f63..0000000000
--- a/src/libsystemd/sd-event/sd-event.c
+++ /dev/null
@@ -1,2898 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sys/epoll.h>
-#include <sys/timerfd.h>
-#include <sys/wait.h>
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "hashmap.h"
-#include "list.h"
-#include "macro.h"
-#include "missing.h"
-#include "prioq.h"
-#include "process-util.h"
-#include "set.h"
-#include "signal-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "time-util.h"
-#include "util.h"
-
-#define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC)
-
-typedef enum EventSourceType {
-        SOURCE_IO,
-        SOURCE_TIME_REALTIME,
-        SOURCE_TIME_BOOTTIME,
-        SOURCE_TIME_MONOTONIC,
-        SOURCE_TIME_REALTIME_ALARM,
-        SOURCE_TIME_BOOTTIME_ALARM,
-        SOURCE_SIGNAL,
-        SOURCE_CHILD,
-        SOURCE_DEFER,
-        SOURCE_POST,
-        SOURCE_EXIT,
-        SOURCE_WATCHDOG,
-        _SOURCE_EVENT_SOURCE_TYPE_MAX,
-        _SOURCE_EVENT_SOURCE_TYPE_INVALID = -1
-} EventSourceType;
-
-static const char* const event_source_type_table[_SOURCE_EVENT_SOURCE_TYPE_MAX] = {
-        [SOURCE_IO] = "io",
-        [SOURCE_TIME_REALTIME] = "realtime",
-        [SOURCE_TIME_BOOTTIME] = "bootime",
-        [SOURCE_TIME_MONOTONIC] = "monotonic",
-        [SOURCE_TIME_REALTIME_ALARM] = "realtime-alarm",
-        [SOURCE_TIME_BOOTTIME_ALARM] = "boottime-alarm",
-        [SOURCE_SIGNAL] = "signal",
-        [SOURCE_CHILD] = "child",
-        [SOURCE_DEFER] = "defer",
-        [SOURCE_POST] = "post",
-        [SOURCE_EXIT] = "exit",
-        [SOURCE_WATCHDOG] = "watchdog",
-};
-
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(event_source_type, int);
-
-/* All objects we use in epoll events start with this value, so that
- * we know how to dispatch it */
-typedef enum WakeupType {
-        WAKEUP_NONE,
-        WAKEUP_EVENT_SOURCE,
-        WAKEUP_CLOCK_DATA,
-        WAKEUP_SIGNAL_DATA,
-        _WAKEUP_TYPE_MAX,
-        _WAKEUP_TYPE_INVALID = -1,
-} WakeupType;
-
-#define EVENT_SOURCE_IS_TIME(t) IN_SET((t), SOURCE_TIME_REALTIME, SOURCE_TIME_BOOTTIME, SOURCE_TIME_MONOTONIC, SOURCE_TIME_REALTIME_ALARM, SOURCE_TIME_BOOTTIME_ALARM)
-
-struct sd_event_source {
-        WakeupType wakeup;
-
-        unsigned n_ref;
-
-        sd_event *event;
-        void *userdata;
-        sd_event_handler_t prepare;
-
-        char *description;
-
-        EventSourceType type:5;
-        int enabled:3;
-        bool pending:1;
-        bool dispatching:1;
-        bool floating:1;
-
-        int64_t priority;
-        unsigned pending_index;
-        unsigned prepare_index;
-        unsigned pending_iteration;
-        unsigned prepare_iteration;
-
-        LIST_FIELDS(sd_event_source, sources);
-
-        union {
-                struct {
-                        sd_event_io_handler_t callback;
-                        int fd;
-                        uint32_t events;
-                        uint32_t revents;
-                        bool registered:1;
-                } io;
-                struct {
-                        sd_event_time_handler_t callback;
-                        usec_t next, accuracy;
-                        unsigned earliest_index;
-                        unsigned latest_index;
-                } time;
-                struct {
-                        sd_event_signal_handler_t callback;
-                        struct signalfd_siginfo siginfo;
-                        int sig;
-                } signal;
-                struct {
-                        sd_event_child_handler_t callback;
-                        siginfo_t siginfo;
-                        pid_t pid;
-                        int options;
-                } child;
-                struct {
-                        sd_event_handler_t callback;
-                } defer;
-                struct {
-                        sd_event_handler_t callback;
-                } post;
-                struct {
-                        sd_event_handler_t callback;
-                        unsigned prioq_index;
-                } exit;
-        };
-};
-
-struct clock_data {
-        WakeupType wakeup;
-        int fd;
-
-        /* For all clocks we maintain two priority queues each, one
-         * ordered for the earliest times the events may be
-         * dispatched, and one ordered by the latest times they must
-         * have been dispatched. The range between the top entries in
-         * the two prioqs is the time window we can freely schedule
-         * wakeups in */
-
-        Prioq *earliest;
-        Prioq *latest;
-        usec_t next;
-
-        bool needs_rearm:1;
-};
-
-struct signal_data {
-        WakeupType wakeup;
-
-        /* For each priority we maintain one signal fd, so that we
-         * only have to dequeue a single event per priority at a
-         * time. */
-
-        int fd;
-        int64_t priority;
-        sigset_t sigset;
-        sd_event_source *current;
-};
-
-struct sd_event {
-        unsigned n_ref;
-
-        int epoll_fd;
-        int watchdog_fd;
-
-        Prioq *pending;
-        Prioq *prepare;
-
-        /* timerfd_create() only supports these five clocks so far. We
-         * can add support for more clocks when the kernel learns to
-         * deal with them, too. */
-        struct clock_data realtime;
-        struct clock_data boottime;
-        struct clock_data monotonic;
-        struct clock_data realtime_alarm;
-        struct clock_data boottime_alarm;
-
-        usec_t perturb;
-
-        sd_event_source **signal_sources; /* indexed by signal number */
-        Hashmap *signal_data; /* indexed by priority */
-
-        Hashmap *child_sources;
-        unsigned n_enabled_child_sources;
-
-        Set *post_sources;
-
-        Prioq *exit;
-
-        pid_t original_pid;
-
-        unsigned iteration;
-        dual_timestamp timestamp;
-        usec_t timestamp_boottime;
-        int state;
-
-        bool exit_requested:1;
-        bool need_process_child:1;
-        bool watchdog:1;
-        bool profile_delays:1;
-
-        int exit_code;
-
-        pid_t tid;
-        sd_event **default_event_ptr;
-
-        usec_t watchdog_last, watchdog_period;
-
-        unsigned n_sources;
-
-        LIST_HEAD(sd_event_source, sources);
-
-        usec_t last_run, last_log;
-        unsigned delays[sizeof(usec_t) * 8];
-};
-
-static void source_disconnect(sd_event_source *s);
-
-static int pending_prioq_compare(const void *a, const void *b) {
-        const sd_event_source *x = a, *y = b;
-
-        assert(x->pending);
-        assert(y->pending);
-
-        /* Enabled ones first */
-        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
-                return -1;
-        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
-                return 1;
-
-        /* Lower priority values first */
-        if (x->priority < y->priority)
-                return -1;
-        if (x->priority > y->priority)
-                return 1;
-
-        /* Older entries first */
-        if (x->pending_iteration < y->pending_iteration)
-                return -1;
-        if (x->pending_iteration > y->pending_iteration)
-                return 1;
-
-        return 0;
-}
-
-static int prepare_prioq_compare(const void *a, const void *b) {
-        const sd_event_source *x = a, *y = b;
-
-        assert(x->prepare);
-        assert(y->prepare);
-
-        /* Enabled ones first */
-        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
-                return -1;
-        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
-                return 1;
-
-        /* Move most recently prepared ones last, so that we can stop
-         * preparing as soon as we hit one that has already been
-         * prepared in the current iteration */
-        if (x->prepare_iteration < y->prepare_iteration)
-                return -1;
-        if (x->prepare_iteration > y->prepare_iteration)
-                return 1;
-
-        /* Lower priority values first */
-        if (x->priority < y->priority)
-                return -1;
-        if (x->priority > y->priority)
-                return 1;
-
-        return 0;
-}
-
-static int earliest_time_prioq_compare(const void *a, const void *b) {
-        const sd_event_source *x = a, *y = b;
-
-        assert(EVENT_SOURCE_IS_TIME(x->type));
-        assert(x->type == y->type);
-
-        /* Enabled ones first */
-        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
-                return -1;
-        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
-                return 1;
-
-        /* Move the pending ones to the end */
-        if (!x->pending && y->pending)
-                return -1;
-        if (x->pending && !y->pending)
-                return 1;
-
-        /* Order by time */
-        if (x->time.next < y->time.next)
-                return -1;
-        if (x->time.next > y->time.next)
-                return 1;
-
-        return 0;
-}
-
-static usec_t time_event_source_latest(const sd_event_source *s) {
-        return usec_add(s->time.next, s->time.accuracy);
-}
-
-static int latest_time_prioq_compare(const void *a, const void *b) {
-        const sd_event_source *x = a, *y = b;
-
-        assert(EVENT_SOURCE_IS_TIME(x->type));
-        assert(x->type == y->type);
-
-        /* Enabled ones first */
-        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
-                return -1;
-        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
-                return 1;
-
-        /* Move the pending ones to the end */
-        if (!x->pending && y->pending)
-                return -1;
-        if (x->pending && !y->pending)
-                return 1;
-
-        /* Order by time */
-        if (time_event_source_latest(x) < time_event_source_latest(y))
-                return -1;
-        if (time_event_source_latest(x) > time_event_source_latest(y))
-                return 1;
-
-        return 0;
-}
-
-static int exit_prioq_compare(const void *a, const void *b) {
-        const sd_event_source *x = a, *y = b;
-
-        assert(x->type == SOURCE_EXIT);
-        assert(y->type == SOURCE_EXIT);
-
-        /* Enabled ones first */
-        if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
-                return -1;
-        if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
-                return 1;
-
-        /* Lower priority values first */
-        if (x->priority < y->priority)
-                return -1;
-        if (x->priority > y->priority)
-                return 1;
-
-        return 0;
-}
-
-static void free_clock_data(struct clock_data *d) {
-        assert(d);
-        assert(d->wakeup == WAKEUP_CLOCK_DATA);
-
-        safe_close(d->fd);
-        prioq_free(d->earliest);
-        prioq_free(d->latest);
-}
-
-static void event_free(sd_event *e) {
-        sd_event_source *s;
-
-        assert(e);
-
-        while ((s = e->sources)) {
-                assert(s->floating);
-                source_disconnect(s);
-                sd_event_source_unref(s);
-        }
-
-        assert(e->n_sources == 0);
-
-        if (e->default_event_ptr)
-                *(e->default_event_ptr) = NULL;
-
-        safe_close(e->epoll_fd);
-        safe_close(e->watchdog_fd);
-
-        free_clock_data(&e->realtime);
-        free_clock_data(&e->boottime);
-        free_clock_data(&e->monotonic);
-        free_clock_data(&e->realtime_alarm);
-        free_clock_data(&e->boottime_alarm);
-
-        prioq_free(e->pending);
-        prioq_free(e->prepare);
-        prioq_free(e->exit);
-
-        free(e->signal_sources);
-        hashmap_free(e->signal_data);
-
-        hashmap_free(e->child_sources);
-        set_free(e->post_sources);
-        free(e);
-}
-
-_public_ int sd_event_new(sd_event** ret) {
-        sd_event *e;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        e = new0(sd_event, 1);
-        if (!e)
-                return -ENOMEM;
-
-        e->n_ref = 1;
-        e->watchdog_fd = e->epoll_fd = e->realtime.fd = e->boottime.fd = e->monotonic.fd = e->realtime_alarm.fd = e->boottime_alarm.fd = -1;
-        e->realtime.next = e->boottime.next = e->monotonic.next = e->realtime_alarm.next = e->boottime_alarm.next = USEC_INFINITY;
-        e->realtime.wakeup = e->boottime.wakeup = e->monotonic.wakeup = e->realtime_alarm.wakeup = e->boottime_alarm.wakeup = WAKEUP_CLOCK_DATA;
-        e->original_pid = getpid();
-        e->perturb = USEC_INFINITY;
-
-        r = prioq_ensure_allocated(&e->pending, pending_prioq_compare);
-        if (r < 0)
-                goto fail;
-
-        e->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
-        if (e->epoll_fd < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        if (secure_getenv("SD_EVENT_PROFILE_DELAYS")) {
-                log_debug("Event loop profiling enabled. Logarithmic histogram of event loop iterations in the range 2^0 ... 2^63 us will be logged every 5s.");
-                e->profile_delays = true;
-        }
-
-        *ret = e;
-        return 0;
-
-fail:
-        event_free(e);
-        return r;
-}
-
-_public_ sd_event* sd_event_ref(sd_event *e) {
-
-        if (!e)
-                return NULL;
-
-        assert(e->n_ref >= 1);
-        e->n_ref++;
-
-        return e;
-}
-
-_public_ sd_event* sd_event_unref(sd_event *e) {
-
-        if (!e)
-                return NULL;
-
-        assert(e->n_ref >= 1);
-        e->n_ref--;
-
-        if (e->n_ref <= 0)
-                event_free(e);
-
-        return NULL;
-}
-
-static bool event_pid_changed(sd_event *e) {
-        assert(e);
-
-        /* We don't support people creating an event loop and keeping
-         * it around over a fork(). Let's complain. */
-
-        return e->original_pid != getpid();
-}
-
-static void source_io_unregister(sd_event_source *s) {
-        int r;
-
-        assert(s);
-        assert(s->type == SOURCE_IO);
-
-        if (event_pid_changed(s->event))
-                return;
-
-        if (!s->io.registered)
-                return;
-
-        r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, s->io.fd, NULL);
-        if (r < 0)
-                log_debug_errno(errno, "Failed to remove source %s (type %s) from epoll: %m",
-                                strna(s->description), event_source_type_to_string(s->type));
-
-        s->io.registered = false;
-}
-
-static int source_io_register(
-                sd_event_source *s,
-                int enabled,
-                uint32_t events) {
-
-        struct epoll_event ev = {};
-        int r;
-
-        assert(s);
-        assert(s->type == SOURCE_IO);
-        assert(enabled != SD_EVENT_OFF);
-
-        ev.events = events;
-        ev.data.ptr = s;
-
-        if (enabled == SD_EVENT_ONESHOT)
-                ev.events |= EPOLLONESHOT;
-
-        if (s->io.registered)
-                r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_MOD, s->io.fd, &ev);
-        else
-                r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_ADD, s->io.fd, &ev);
-        if (r < 0)
-                return -errno;
-
-        s->io.registered = true;
-
-        return 0;
-}
-
-static clockid_t event_source_type_to_clock(EventSourceType t) {
-
-        switch (t) {
-
-        case SOURCE_TIME_REALTIME:
-                return CLOCK_REALTIME;
-
-        case SOURCE_TIME_BOOTTIME:
-                return CLOCK_BOOTTIME;
-
-        case SOURCE_TIME_MONOTONIC:
-                return CLOCK_MONOTONIC;
-
-        case SOURCE_TIME_REALTIME_ALARM:
-                return CLOCK_REALTIME_ALARM;
-
-        case SOURCE_TIME_BOOTTIME_ALARM:
-                return CLOCK_BOOTTIME_ALARM;
-
-        default:
-                return (clockid_t) -1;
-        }
-}
-
-static EventSourceType clock_to_event_source_type(clockid_t clock) {
-
-        switch (clock) {
-
-        case CLOCK_REALTIME:
-                return SOURCE_TIME_REALTIME;
-
-        case CLOCK_BOOTTIME:
-                return SOURCE_TIME_BOOTTIME;
-
-        case CLOCK_MONOTONIC:
-                return SOURCE_TIME_MONOTONIC;
-
-        case CLOCK_REALTIME_ALARM:
-                return SOURCE_TIME_REALTIME_ALARM;
-
-        case CLOCK_BOOTTIME_ALARM:
-                return SOURCE_TIME_BOOTTIME_ALARM;
-
-        default:
-                return _SOURCE_EVENT_SOURCE_TYPE_INVALID;
-        }
-}
-
-static struct clock_data* event_get_clock_data(sd_event *e, EventSourceType t) {
-        assert(e);
-
-        switch (t) {
-
-        case SOURCE_TIME_REALTIME:
-                return &e->realtime;
-
-        case SOURCE_TIME_BOOTTIME:
-                return &e->boottime;
-
-        case SOURCE_TIME_MONOTONIC:
-                return &e->monotonic;
-
-        case SOURCE_TIME_REALTIME_ALARM:
-                return &e->realtime_alarm;
-
-        case SOURCE_TIME_BOOTTIME_ALARM:
-                return &e->boottime_alarm;
-
-        default:
-                return NULL;
-        }
-}
-
-static int event_make_signal_data(
-                sd_event *e,
-                int sig,
-                struct signal_data **ret) {
-
-        struct epoll_event ev = {};
-        struct signal_data *d;
-        bool added = false;
-        sigset_t ss_copy;
-        int64_t priority;
-        int r;
-
-        assert(e);
-
-        if (event_pid_changed(e))
-                return -ECHILD;
-
-        if (e->signal_sources && e->signal_sources[sig])
-                priority = e->signal_sources[sig]->priority;
-        else
-                priority = 0;
-
-        d = hashmap_get(e->signal_data, &priority);
-        if (d) {
-                if (sigismember(&d->sigset, sig) > 0) {
-                        if (ret)
-                                *ret = d;
-                        return 0;
-                }
-        } else {
-                r = hashmap_ensure_allocated(&e->signal_data, &uint64_hash_ops);
-                if (r < 0)
-                        return r;
-
-                d = new0(struct signal_data, 1);
-                if (!d)
-                        return -ENOMEM;
-
-                d->wakeup = WAKEUP_SIGNAL_DATA;
-                d->fd  = -1;
-                d->priority = priority;
-
-                r = hashmap_put(e->signal_data, &d->priority, d);
-                if (r < 0) {
-                        free(d);
-                        return r;
-                }
-
-                added = true;
-        }
-
-        ss_copy = d->sigset;
-        assert_se(sigaddset(&ss_copy, sig) >= 0);
-
-        r = signalfd(d->fd, &ss_copy, SFD_NONBLOCK|SFD_CLOEXEC);
-        if (r < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        d->sigset = ss_copy;
-
-        if (d->fd >= 0) {
-                if (ret)
-                        *ret = d;
-                return 0;
-        }
-
-        d->fd = r;
-
-        ev.events = EPOLLIN;
-        ev.data.ptr = d;
-
-        r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, d->fd, &ev);
-        if (r < 0)  {
-                r = -errno;
-                goto fail;
-        }
-
-        if (ret)
-                *ret = d;
-
-        return 0;
-
-fail:
-        if (added) {
-                d->fd = safe_close(d->fd);
-                hashmap_remove(e->signal_data, &d->priority);
-                free(d);
-        }
-
-        return r;
-}
-
-static void event_unmask_signal_data(sd_event *e, struct signal_data *d, int sig) {
-        assert(e);
-        assert(d);
-
-        /* Turns off the specified signal in the signal data
-         * object. If the signal mask of the object becomes empty that
-         * way removes it. */
-
-        if (sigismember(&d->sigset, sig) == 0)
-                return;
-
-        assert_se(sigdelset(&d->sigset, sig) >= 0);
-
-        if (sigisemptyset(&d->sigset)) {
-
-                /* If all the mask is all-zero we can get rid of the structure */
-                hashmap_remove(e->signal_data, &d->priority);
-                assert(!d->current);
-                safe_close(d->fd);
-                free(d);
-                return;
-        }
-
-        assert(d->fd >= 0);
-
-        if (signalfd(d->fd, &d->sigset, SFD_NONBLOCK|SFD_CLOEXEC) < 0)
-                log_debug_errno(errno, "Failed to unset signal bit, ignoring: %m");
-}
-
-static void event_gc_signal_data(sd_event *e, const int64_t *priority, int sig) {
-        struct signal_data *d;
-        static const int64_t zero_priority = 0;
-
-        assert(e);
-
-        /* Rechecks if the specified signal is still something we are
-         * interested in. If not, we'll unmask it, and possibly drop
-         * the signalfd for it. */
-
-        if (sig == SIGCHLD &&
-            e->n_enabled_child_sources > 0)
-                return;
-
-        if (e->signal_sources &&
-            e->signal_sources[sig] &&
-            e->signal_sources[sig]->enabled != SD_EVENT_OFF)
-                return;
-
-        /*
-         * The specified signal might be enabled in three different queues:
-         *
-         * 1) the one that belongs to the priority passed (if it is non-NULL)
-         * 2) the one that belongs to the priority of the event source of the signal (if there is one)
-         * 3) the 0 priority (to cover the SIGCHLD case)
-         *
-         * Hence, let's remove it from all three here.
-         */
-
-        if (priority) {
-                d = hashmap_get(e->signal_data, priority);
-                if (d)
-                        event_unmask_signal_data(e, d, sig);
-        }
-
-        if (e->signal_sources && e->signal_sources[sig]) {
-                d = hashmap_get(e->signal_data, &e->signal_sources[sig]->priority);
-                if (d)
-                        event_unmask_signal_data(e, d, sig);
-        }
-
-        d = hashmap_get(e->signal_data, &zero_priority);
-        if (d)
-                event_unmask_signal_data(e, d, sig);
-}
-
-static void source_disconnect(sd_event_source *s) {
-        sd_event *event;
-
-        assert(s);
-
-        if (!s->event)
-                return;
-
-        assert(s->event->n_sources > 0);
-
-        switch (s->type) {
-
-        case SOURCE_IO:
-                if (s->io.fd >= 0)
-                        source_io_unregister(s);
-
-                break;
-
-        case SOURCE_TIME_REALTIME:
-        case SOURCE_TIME_BOOTTIME:
-        case SOURCE_TIME_MONOTONIC:
-        case SOURCE_TIME_REALTIME_ALARM:
-        case SOURCE_TIME_BOOTTIME_ALARM: {
-                struct clock_data *d;
-
-                d = event_get_clock_data(s->event, s->type);
-                assert(d);
-
-                prioq_remove(d->earliest, s, &s->time.earliest_index);
-                prioq_remove(d->latest, s, &s->time.latest_index);
-                d->needs_rearm = true;
-                break;
-        }
-
-        case SOURCE_SIGNAL:
-                if (s->signal.sig > 0) {
-
-                        if (s->event->signal_sources)
-                                s->event->signal_sources[s->signal.sig] = NULL;
-
-                        event_gc_signal_data(s->event, &s->priority, s->signal.sig);
-                }
-
-                break;
-
-        case SOURCE_CHILD:
-                if (s->child.pid > 0) {
-                        if (s->enabled != SD_EVENT_OFF) {
-                                assert(s->event->n_enabled_child_sources > 0);
-                                s->event->n_enabled_child_sources--;
-                        }
-
-                        (void) hashmap_remove(s->event->child_sources, PID_TO_PTR(s->child.pid));
-                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
-                }
-
-                break;
-
-        case SOURCE_DEFER:
-                /* nothing */
-                break;
-
-        case SOURCE_POST:
-                set_remove(s->event->post_sources, s);
-                break;
-
-        case SOURCE_EXIT:
-                prioq_remove(s->event->exit, s, &s->exit.prioq_index);
-                break;
-
-        default:
-                assert_not_reached("Wut? I shouldn't exist.");
-        }
-
-        if (s->pending)
-                prioq_remove(s->event->pending, s, &s->pending_index);
-
-        if (s->prepare)
-                prioq_remove(s->event->prepare, s, &s->prepare_index);
-
-        event = s->event;
-
-        s->type = _SOURCE_EVENT_SOURCE_TYPE_INVALID;
-        s->event = NULL;
-        LIST_REMOVE(sources, event->sources, s);
-        event->n_sources--;
-
-        if (!s->floating)
-                sd_event_unref(event);
-}
-
-static void source_free(sd_event_source *s) {
-        assert(s);
-
-        source_disconnect(s);
-        free(s->description);
-        free(s);
-}
-
-static int source_set_pending(sd_event_source *s, bool b) {
-        int r;
-
-        assert(s);
-        assert(s->type != SOURCE_EXIT);
-
-        if (s->pending == b)
-                return 0;
-
-        s->pending = b;
-
-        if (b) {
-                s->pending_iteration = s->event->iteration;
-
-                r = prioq_put(s->event->pending, s, &s->pending_index);
-                if (r < 0) {
-                        s->pending = false;
-                        return r;
-                }
-        } else
-                assert_se(prioq_remove(s->event->pending, s, &s->pending_index));
-
-        if (EVENT_SOURCE_IS_TIME(s->type)) {
-                struct clock_data *d;
-
-                d = event_get_clock_data(s->event, s->type);
-                assert(d);
-
-                prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
-                prioq_reshuffle(d->latest, s, &s->time.latest_index);
-                d->needs_rearm = true;
-        }
-
-        if (s->type == SOURCE_SIGNAL && !b) {
-                struct signal_data *d;
-
-                d = hashmap_get(s->event->signal_data, &s->priority);
-                if (d && d->current == s)
-                        d->current = NULL;
-        }
-
-        return 0;
-}
-
-static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType type) {
-        sd_event_source *s;
-
-        assert(e);
-
-        s = new0(sd_event_source, 1);
-        if (!s)
-                return NULL;
-
-        s->n_ref = 1;
-        s->event = e;
-        s->floating = floating;
-        s->type = type;
-        s->pending_index = s->prepare_index = PRIOQ_IDX_NULL;
-
-        if (!floating)
-                sd_event_ref(e);
-
-        LIST_PREPEND(sources, e->sources, s);
-        e->n_sources++;
-
-        return s;
-}
-
-_public_ int sd_event_add_io(
-                sd_event *e,
-                sd_event_source **ret,
-                int fd,
-                uint32_t events,
-                sd_event_io_handler_t callback,
-                void *userdata) {
-
-        sd_event_source *s;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(fd >= 0, -EBADF);
-        assert_return(!(events & ~(EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLPRI|EPOLLERR|EPOLLHUP|EPOLLET)), -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        s = source_new(e, !ret, SOURCE_IO);
-        if (!s)
-                return -ENOMEM;
-
-        s->wakeup = WAKEUP_EVENT_SOURCE;
-        s->io.fd = fd;
-        s->io.events = events;
-        s->io.callback = callback;
-        s->userdata = userdata;
-        s->enabled = SD_EVENT_ON;
-
-        r = source_io_register(s, s->enabled, events);
-        if (r < 0) {
-                source_free(s);
-                return r;
-        }
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-}
-
-static void initialize_perturb(sd_event *e) {
-        sd_id128_t bootid = {};
-
-        /* When we sleep for longer, we try to realign the wakeup to
-           the same time wihtin each minute/second/250ms, so that
-           events all across the system can be coalesced into a single
-           CPU wakeup. However, let's take some system-specific
-           randomness for this value, so that in a network of systems
-           with synced clocks timer events are distributed a
-           bit. Here, we calculate a perturbation usec offset from the
-           boot ID. */
-
-        if (_likely_(e->perturb != USEC_INFINITY))
-                return;
-
-        if (sd_id128_get_boot(&bootid) >= 0)
-                e->perturb = (bootid.qwords[0] ^ bootid.qwords[1]) % USEC_PER_MINUTE;
-}
-
-static int event_setup_timer_fd(
-                sd_event *e,
-                struct clock_data *d,
-                clockid_t clock) {
-
-        struct epoll_event ev = {};
-        int r, fd;
-
-        assert(e);
-        assert(d);
-
-        if (_likely_(d->fd >= 0))
-                return 0;
-
-        fd = timerfd_create(clock, TFD_NONBLOCK|TFD_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        ev.events = EPOLLIN;
-        ev.data.ptr = d;
-
-        r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, fd, &ev);
-        if (r < 0) {
-                safe_close(fd);
-                return -errno;
-        }
-
-        d->fd = fd;
-        return 0;
-}
-
-static int time_exit_callback(sd_event_source *s, uint64_t usec, void *userdata) {
-        assert(s);
-
-        return sd_event_exit(sd_event_source_get_event(s), PTR_TO_INT(userdata));
-}
-
-_public_ int sd_event_add_time(
-                sd_event *e,
-                sd_event_source **ret,
-                clockid_t clock,
-                uint64_t usec,
-                uint64_t accuracy,
-                sd_event_time_handler_t callback,
-                void *userdata) {
-
-        EventSourceType type;
-        sd_event_source *s;
-        struct clock_data *d;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(accuracy != (uint64_t) -1, -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        if (IN_SET(clock, CLOCK_BOOTTIME, CLOCK_BOOTTIME_ALARM) &&
-            !clock_boottime_supported())
-                return -EOPNOTSUPP;
-
-        if (!callback)
-                callback = time_exit_callback;
-
-        type = clock_to_event_source_type(clock);
-        assert_return(type >= 0, -EOPNOTSUPP);
-
-        d = event_get_clock_data(e, type);
-        assert(d);
-
-        r = prioq_ensure_allocated(&d->earliest, earliest_time_prioq_compare);
-        if (r < 0)
-                return r;
-
-        r = prioq_ensure_allocated(&d->latest, latest_time_prioq_compare);
-        if (r < 0)
-                return r;
-
-        if (d->fd < 0) {
-                r = event_setup_timer_fd(e, d, clock);
-                if (r < 0)
-                        return r;
-        }
-
-        s = source_new(e, !ret, type);
-        if (!s)
-                return -ENOMEM;
-
-        s->time.next = usec;
-        s->time.accuracy = accuracy == 0 ? DEFAULT_ACCURACY_USEC : accuracy;
-        s->time.callback = callback;
-        s->time.earliest_index = s->time.latest_index = PRIOQ_IDX_NULL;
-        s->userdata = userdata;
-        s->enabled = SD_EVENT_ONESHOT;
-
-        d->needs_rearm = true;
-
-        r = prioq_put(d->earliest, s, &s->time.earliest_index);
-        if (r < 0)
-                goto fail;
-
-        r = prioq_put(d->latest, s, &s->time.latest_index);
-        if (r < 0)
-                goto fail;
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-
-fail:
-        source_free(s);
-        return r;
-}
-
-static int signal_exit_callback(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        assert(s);
-
-        return sd_event_exit(sd_event_source_get_event(s), PTR_TO_INT(userdata));
-}
-
-_public_ int sd_event_add_signal(
-                sd_event *e,
-                sd_event_source **ret,
-                int sig,
-                sd_event_signal_handler_t callback,
-                void *userdata) {
-
-        sd_event_source *s;
-        struct signal_data *d;
-        sigset_t ss;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(SIGNAL_VALID(sig), -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        if (!callback)
-                callback = signal_exit_callback;
-
-        r = pthread_sigmask(SIG_SETMASK, NULL, &ss);
-        if (r != 0)
-                return -r;
-
-        if (!sigismember(&ss, sig))
-                return -EBUSY;
-
-        if (!e->signal_sources) {
-                e->signal_sources = new0(sd_event_source*, _NSIG);
-                if (!e->signal_sources)
-                        return -ENOMEM;
-        } else if (e->signal_sources[sig])
-                return -EBUSY;
-
-        s = source_new(e, !ret, SOURCE_SIGNAL);
-        if (!s)
-                return -ENOMEM;
-
-        s->signal.sig = sig;
-        s->signal.callback = callback;
-        s->userdata = userdata;
-        s->enabled = SD_EVENT_ON;
-
-        e->signal_sources[sig] = s;
-
-        r = event_make_signal_data(e, sig, &d);
-        if (r < 0) {
-                source_free(s);
-                return r;
-        }
-
-        /* Use the signal name as description for the event source by default */
-        (void) sd_event_source_set_description(s, signal_to_string(sig));
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-}
-
-_public_ int sd_event_add_child(
-                sd_event *e,
-                sd_event_source **ret,
-                pid_t pid,
-                int options,
-                sd_event_child_handler_t callback,
-                void *userdata) {
-
-        sd_event_source *s;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(pid > 1, -EINVAL);
-        assert_return(!(options & ~(WEXITED|WSTOPPED|WCONTINUED)), -EINVAL);
-        assert_return(options != 0, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        r = hashmap_ensure_allocated(&e->child_sources, NULL);
-        if (r < 0)
-                return r;
-
-        if (hashmap_contains(e->child_sources, PID_TO_PTR(pid)))
-                return -EBUSY;
-
-        s = source_new(e, !ret, SOURCE_CHILD);
-        if (!s)
-                return -ENOMEM;
-
-        s->child.pid = pid;
-        s->child.options = options;
-        s->child.callback = callback;
-        s->userdata = userdata;
-        s->enabled = SD_EVENT_ONESHOT;
-
-        r = hashmap_put(e->child_sources, PID_TO_PTR(pid), s);
-        if (r < 0) {
-                source_free(s);
-                return r;
-        }
-
-        e->n_enabled_child_sources++;
-
-        r = event_make_signal_data(e, SIGCHLD, NULL);
-        if (r < 0) {
-                e->n_enabled_child_sources--;
-                source_free(s);
-                return r;
-        }
-
-        e->need_process_child = true;
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-}
-
-_public_ int sd_event_add_defer(
-                sd_event *e,
-                sd_event_source **ret,
-                sd_event_handler_t callback,
-                void *userdata) {
-
-        sd_event_source *s;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        s = source_new(e, !ret, SOURCE_DEFER);
-        if (!s)
-                return -ENOMEM;
-
-        s->defer.callback = callback;
-        s->userdata = userdata;
-        s->enabled = SD_EVENT_ONESHOT;
-
-        r = source_set_pending(s, true);
-        if (r < 0) {
-                source_free(s);
-                return r;
-        }
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-}
-
-_public_ int sd_event_add_post(
-                sd_event *e,
-                sd_event_source **ret,
-                sd_event_handler_t callback,
-                void *userdata) {
-
-        sd_event_source *s;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        r = set_ensure_allocated(&e->post_sources, NULL);
-        if (r < 0)
-                return r;
-
-        s = source_new(e, !ret, SOURCE_POST);
-        if (!s)
-                return -ENOMEM;
-
-        s->post.callback = callback;
-        s->userdata = userdata;
-        s->enabled = SD_EVENT_ON;
-
-        r = set_put(e->post_sources, s);
-        if (r < 0) {
-                source_free(s);
-                return r;
-        }
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-}
-
-_public_ int sd_event_add_exit(
-                sd_event *e,
-                sd_event_source **ret,
-                sd_event_handler_t callback,
-                void *userdata) {
-
-        sd_event_source *s;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        r = prioq_ensure_allocated(&e->exit, exit_prioq_compare);
-        if (r < 0)
-                return r;
-
-        s = source_new(e, !ret, SOURCE_EXIT);
-        if (!s)
-                return -ENOMEM;
-
-        s->exit.callback = callback;
-        s->userdata = userdata;
-        s->exit.prioq_index = PRIOQ_IDX_NULL;
-        s->enabled = SD_EVENT_ONESHOT;
-
-        r = prioq_put(s->event->exit, s, &s->exit.prioq_index);
-        if (r < 0) {
-                source_free(s);
-                return r;
-        }
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-}
-
-_public_ sd_event_source* sd_event_source_ref(sd_event_source *s) {
-
-        if (!s)
-                return NULL;
-
-        assert(s->n_ref >= 1);
-        s->n_ref++;
-
-        return s;
-}
-
-_public_ sd_event_source* sd_event_source_unref(sd_event_source *s) {
-
-        if (!s)
-                return NULL;
-
-        assert(s->n_ref >= 1);
-        s->n_ref--;
-
-        if (s->n_ref <= 0) {
-                /* Here's a special hack: when we are called from a
-                 * dispatch handler we won't free the event source
-                 * immediately, but we will detach the fd from the
-                 * epoll. This way it is safe for the caller to unref
-                 * the event source and immediately close the fd, but
-                 * we still retain a valid event source object after
-                 * the callback. */
-
-                if (s->dispatching) {
-                        if (s->type == SOURCE_IO)
-                                source_io_unregister(s);
-
-                        source_disconnect(s);
-                } else
-                        source_free(s);
-        }
-
-        return NULL;
-}
-
-_public_ int sd_event_source_set_description(sd_event_source *s, const char *description) {
-        assert_return(s, -EINVAL);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        return free_and_strdup(&s->description, description);
-}
-
-_public_ int sd_event_source_get_description(sd_event_source *s, const char **description) {
-        assert_return(s, -EINVAL);
-        assert_return(description, -EINVAL);
-        assert_return(s->description, -ENXIO);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *description = s->description;
-        return 0;
-}
-
-_public_ sd_event *sd_event_source_get_event(sd_event_source *s) {
-        assert_return(s, NULL);
-
-        return s->event;
-}
-
-_public_ int sd_event_source_get_pending(sd_event_source *s) {
-        assert_return(s, -EINVAL);
-        assert_return(s->type != SOURCE_EXIT, -EDOM);
-        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        return s->pending;
-}
-
-_public_ int sd_event_source_get_io_fd(sd_event_source *s) {
-        assert_return(s, -EINVAL);
-        assert_return(s->type == SOURCE_IO, -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        return s->io.fd;
-}
-
-_public_ int sd_event_source_set_io_fd(sd_event_source *s, int fd) {
-        int r;
-
-        assert_return(s, -EINVAL);
-        assert_return(fd >= 0, -EBADF);
-        assert_return(s->type == SOURCE_IO, -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        if (s->io.fd == fd)
-                return 0;
-
-        if (s->enabled == SD_EVENT_OFF) {
-                s->io.fd = fd;
-                s->io.registered = false;
-        } else {
-                int saved_fd;
-
-                saved_fd = s->io.fd;
-                assert(s->io.registered);
-
-                s->io.fd = fd;
-                s->io.registered = false;
-
-                r = source_io_register(s, s->enabled, s->io.events);
-                if (r < 0) {
-                        s->io.fd = saved_fd;
-                        s->io.registered = true;
-                        return r;
-                }
-
-                epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, saved_fd, NULL);
-        }
-
-        return 0;
-}
-
-_public_ int sd_event_source_get_io_events(sd_event_source *s, uint32_t* events) {
-        assert_return(s, -EINVAL);
-        assert_return(events, -EINVAL);
-        assert_return(s->type == SOURCE_IO, -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *events = s->io.events;
-        return 0;
-}
-
-_public_ int sd_event_source_set_io_events(sd_event_source *s, uint32_t events) {
-        int r;
-
-        assert_return(s, -EINVAL);
-        assert_return(s->type == SOURCE_IO, -EDOM);
-        assert_return(!(events & ~(EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLPRI|EPOLLERR|EPOLLHUP|EPOLLET)), -EINVAL);
-        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        /* edge-triggered updates are never skipped, so we can reset edges */
-        if (s->io.events == events && !(events & EPOLLET))
-                return 0;
-
-        if (s->enabled != SD_EVENT_OFF) {
-                r = source_io_register(s, s->enabled, events);
-                if (r < 0)
-                        return r;
-        }
-
-        s->io.events = events;
-        source_set_pending(s, false);
-
-        return 0;
-}
-
-_public_ int sd_event_source_get_io_revents(sd_event_source *s, uint32_t* revents) {
-        assert_return(s, -EINVAL);
-        assert_return(revents, -EINVAL);
-        assert_return(s->type == SOURCE_IO, -EDOM);
-        assert_return(s->pending, -ENODATA);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *revents = s->io.revents;
-        return 0;
-}
-
-_public_ int sd_event_source_get_signal(sd_event_source *s) {
-        assert_return(s, -EINVAL);
-        assert_return(s->type == SOURCE_SIGNAL, -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        return s->signal.sig;
-}
-
-_public_ int sd_event_source_get_priority(sd_event_source *s, int64_t *priority) {
-        assert_return(s, -EINVAL);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        return s->priority;
-}
-
-_public_ int sd_event_source_set_priority(sd_event_source *s, int64_t priority) {
-        int r;
-
-        assert_return(s, -EINVAL);
-        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        if (s->priority == priority)
-                return 0;
-
-        if (s->type == SOURCE_SIGNAL && s->enabled != SD_EVENT_OFF) {
-                struct signal_data *old, *d;
-
-                /* Move us from the signalfd belonging to the old
-                 * priority to the signalfd of the new priority */
-
-                assert_se(old = hashmap_get(s->event->signal_data, &s->priority));
-
-                s->priority = priority;
-
-                r = event_make_signal_data(s->event, s->signal.sig, &d);
-                if (r < 0) {
-                        s->priority = old->priority;
-                        return r;
-                }
-
-                event_unmask_signal_data(s->event, old, s->signal.sig);
-        } else
-                s->priority = priority;
-
-        if (s->pending)
-                prioq_reshuffle(s->event->pending, s, &s->pending_index);
-
-        if (s->prepare)
-                prioq_reshuffle(s->event->prepare, s, &s->prepare_index);
-
-        if (s->type == SOURCE_EXIT)
-                prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
-
-        return 0;
-}
-
-_public_ int sd_event_source_get_enabled(sd_event_source *s, int *m) {
-        assert_return(s, -EINVAL);
-        assert_return(m, -EINVAL);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *m = s->enabled;
-        return 0;
-}
-
-_public_ int sd_event_source_set_enabled(sd_event_source *s, int m) {
-        int r;
-
-        assert_return(s, -EINVAL);
-        assert_return(m == SD_EVENT_OFF || m == SD_EVENT_ON || m == SD_EVENT_ONESHOT, -EINVAL);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        /* If we are dead anyway, we are fine with turning off
-         * sources, but everything else needs to fail. */
-        if (s->event->state == SD_EVENT_FINISHED)
-                return m == SD_EVENT_OFF ? 0 : -ESTALE;
-
-        if (s->enabled == m)
-                return 0;
-
-        if (m == SD_EVENT_OFF) {
-
-                switch (s->type) {
-
-                case SOURCE_IO:
-                        source_io_unregister(s);
-                        s->enabled = m;
-                        break;
-
-                case SOURCE_TIME_REALTIME:
-                case SOURCE_TIME_BOOTTIME:
-                case SOURCE_TIME_MONOTONIC:
-                case SOURCE_TIME_REALTIME_ALARM:
-                case SOURCE_TIME_BOOTTIME_ALARM: {
-                        struct clock_data *d;
-
-                        s->enabled = m;
-                        d = event_get_clock_data(s->event, s->type);
-                        assert(d);
-
-                        prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
-                        prioq_reshuffle(d->latest, s, &s->time.latest_index);
-                        d->needs_rearm = true;
-                        break;
-                }
-
-                case SOURCE_SIGNAL:
-                        s->enabled = m;
-
-                        event_gc_signal_data(s->event, &s->priority, s->signal.sig);
-                        break;
-
-                case SOURCE_CHILD:
-                        s->enabled = m;
-
-                        assert(s->event->n_enabled_child_sources > 0);
-                        s->event->n_enabled_child_sources--;
-
-                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
-                        break;
-
-                case SOURCE_EXIT:
-                        s->enabled = m;
-                        prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
-                        break;
-
-                case SOURCE_DEFER:
-                case SOURCE_POST:
-                        s->enabled = m;
-                        break;
-
-                default:
-                        assert_not_reached("Wut? I shouldn't exist.");
-                }
-
-        } else {
-                switch (s->type) {
-
-                case SOURCE_IO:
-                        r = source_io_register(s, m, s->io.events);
-                        if (r < 0)
-                                return r;
-
-                        s->enabled = m;
-                        break;
-
-                case SOURCE_TIME_REALTIME:
-                case SOURCE_TIME_BOOTTIME:
-                case SOURCE_TIME_MONOTONIC:
-                case SOURCE_TIME_REALTIME_ALARM:
-                case SOURCE_TIME_BOOTTIME_ALARM: {
-                        struct clock_data *d;
-
-                        s->enabled = m;
-                        d = event_get_clock_data(s->event, s->type);
-                        assert(d);
-
-                        prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
-                        prioq_reshuffle(d->latest, s, &s->time.latest_index);
-                        d->needs_rearm = true;
-                        break;
-                }
-
-                case SOURCE_SIGNAL:
-
-                        s->enabled = m;
-
-                        r = event_make_signal_data(s->event, s->signal.sig, NULL);
-                        if (r < 0) {
-                                s->enabled = SD_EVENT_OFF;
-                                event_gc_signal_data(s->event, &s->priority, s->signal.sig);
-                                return r;
-                        }
-
-                        break;
-
-                case SOURCE_CHILD:
-
-                        if (s->enabled == SD_EVENT_OFF)
-                                s->event->n_enabled_child_sources++;
-
-                        s->enabled = m;
-
-                        r = event_make_signal_data(s->event, SIGCHLD, NULL);
-                        if (r < 0) {
-                                s->enabled = SD_EVENT_OFF;
-                                s->event->n_enabled_child_sources--;
-                                event_gc_signal_data(s->event, &s->priority, SIGCHLD);
-                                return r;
-                        }
-
-                        break;
-
-                case SOURCE_EXIT:
-                        s->enabled = m;
-                        prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
-                        break;
-
-                case SOURCE_DEFER:
-                case SOURCE_POST:
-                        s->enabled = m;
-                        break;
-
-                default:
-                        assert_not_reached("Wut? I shouldn't exist.");
-                }
-        }
-
-        if (s->pending)
-                prioq_reshuffle(s->event->pending, s, &s->pending_index);
-
-        if (s->prepare)
-                prioq_reshuffle(s->event->prepare, s, &s->prepare_index);
-
-        return 0;
-}
-
-_public_ int sd_event_source_get_time(sd_event_source *s, uint64_t *usec) {
-        assert_return(s, -EINVAL);
-        assert_return(usec, -EINVAL);
-        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *usec = s->time.next;
-        return 0;
-}
-
-_public_ int sd_event_source_set_time(sd_event_source *s, uint64_t usec) {
-        struct clock_data *d;
-
-        assert_return(s, -EINVAL);
-        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
-        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        s->time.next = usec;
-
-        source_set_pending(s, false);
-
-        d = event_get_clock_data(s->event, s->type);
-        assert(d);
-
-        prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
-        prioq_reshuffle(d->latest, s, &s->time.latest_index);
-        d->needs_rearm = true;
-
-        return 0;
-}
-
-_public_ int sd_event_source_get_time_accuracy(sd_event_source *s, uint64_t *usec) {
-        assert_return(s, -EINVAL);
-        assert_return(usec, -EINVAL);
-        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *usec = s->time.accuracy;
-        return 0;
-}
-
-_public_ int sd_event_source_set_time_accuracy(sd_event_source *s, uint64_t usec) {
-        struct clock_data *d;
-
-        assert_return(s, -EINVAL);
-        assert_return(usec != (uint64_t) -1, -EINVAL);
-        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
-        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        if (usec == 0)
-                usec = DEFAULT_ACCURACY_USEC;
-
-        s->time.accuracy = usec;
-
-        source_set_pending(s, false);
-
-        d = event_get_clock_data(s->event, s->type);
-        assert(d);
-
-        prioq_reshuffle(d->latest, s, &s->time.latest_index);
-        d->needs_rearm = true;
-
-        return 0;
-}
-
-_public_ int sd_event_source_get_time_clock(sd_event_source *s, clockid_t *clock) {
-        assert_return(s, -EINVAL);
-        assert_return(clock, -EINVAL);
-        assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *clock = event_source_type_to_clock(s->type);
-        return 0;
-}
-
-_public_ int sd_event_source_get_child_pid(sd_event_source *s, pid_t *pid) {
-        assert_return(s, -EINVAL);
-        assert_return(pid, -EINVAL);
-        assert_return(s->type == SOURCE_CHILD, -EDOM);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        *pid = s->child.pid;
-        return 0;
-}
-
-_public_ int sd_event_source_set_prepare(sd_event_source *s, sd_event_handler_t callback) {
-        int r;
-
-        assert_return(s, -EINVAL);
-        assert_return(s->type != SOURCE_EXIT, -EDOM);
-        assert_return(s->event->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(s->event), -ECHILD);
-
-        if (s->prepare == callback)
-                return 0;
-
-        if (callback && s->prepare) {
-                s->prepare = callback;
-                return 0;
-        }
-
-        r = prioq_ensure_allocated(&s->event->prepare, prepare_prioq_compare);
-        if (r < 0)
-                return r;
-
-        s->prepare = callback;
-
-        if (callback) {
-                r = prioq_put(s->event->prepare, s, &s->prepare_index);
-                if (r < 0)
-                        return r;
-        } else
-                prioq_remove(s->event->prepare, s, &s->prepare_index);
-
-        return 0;
-}
-
-_public_ void* sd_event_source_get_userdata(sd_event_source *s) {
-        assert_return(s, NULL);
-
-        return s->userdata;
-}
-
-_public_ void *sd_event_source_set_userdata(sd_event_source *s, void *userdata) {
-        void *ret;
-
-        assert_return(s, NULL);
-
-        ret = s->userdata;
-        s->userdata = userdata;
-
-        return ret;
-}
-
-static usec_t sleep_between(sd_event *e, usec_t a, usec_t b) {
-        usec_t c;
-        assert(e);
-        assert(a <= b);
-
-        if (a <= 0)
-                return 0;
-        if (a >= USEC_INFINITY)
-                return USEC_INFINITY;
-
-        if (b <= a + 1)
-                return a;
-
-        initialize_perturb(e);
-
-        /*
-          Find a good time to wake up again between times a and b. We
-          have two goals here:
-
-          a) We want to wake up as seldom as possible, hence prefer
-             later times over earlier times.
-
-          b) But if we have to wake up, then let's make sure to
-             dispatch as much as possible on the entire system.
-
-          We implement this by waking up everywhere at the same time
-          within any given minute if we can, synchronised via the
-          perturbation value determined from the boot ID. If we can't,
-          then we try to find the same spot in every 10s, then 1s and
-          then 250ms step. Otherwise, we pick the last possible time
-          to wake up.
-        */
-
-        c = (b / USEC_PER_MINUTE) * USEC_PER_MINUTE + e->perturb;
-        if (c >= b) {
-                if (_unlikely_(c < USEC_PER_MINUTE))
-                        return b;
-
-                c -= USEC_PER_MINUTE;
-        }
-
-        if (c >= a)
-                return c;
-
-        c = (b / (USEC_PER_SEC*10)) * (USEC_PER_SEC*10) + (e->perturb % (USEC_PER_SEC*10));
-        if (c >= b) {
-                if (_unlikely_(c < USEC_PER_SEC*10))
-                        return b;
-
-                c -= USEC_PER_SEC*10;
-        }
-
-        if (c >= a)
-                return c;
-
-        c = (b / USEC_PER_SEC) * USEC_PER_SEC + (e->perturb % USEC_PER_SEC);
-        if (c >= b) {
-                if (_unlikely_(c < USEC_PER_SEC))
-                        return b;
-
-                c -= USEC_PER_SEC;
-        }
-
-        if (c >= a)
-                return c;
-
-        c = (b / (USEC_PER_MSEC*250)) * (USEC_PER_MSEC*250) + (e->perturb % (USEC_PER_MSEC*250));
-        if (c >= b) {
-                if (_unlikely_(c < USEC_PER_MSEC*250))
-                        return b;
-
-                c -= USEC_PER_MSEC*250;
-        }
-
-        if (c >= a)
-                return c;
-
-        return b;
-}
-
-static int event_arm_timer(
-                sd_event *e,
-                struct clock_data *d) {
-
-        struct itimerspec its = {};
-        sd_event_source *a, *b;
-        usec_t t;
-        int r;
-
-        assert(e);
-        assert(d);
-
-        if (!d->needs_rearm)
-                return 0;
-        else
-                d->needs_rearm = false;
-
-        a = prioq_peek(d->earliest);
-        if (!a || a->enabled == SD_EVENT_OFF || a->time.next == USEC_INFINITY) {
-
-                if (d->fd < 0)
-                        return 0;
-
-                if (d->next == USEC_INFINITY)
-                        return 0;
-
-                /* disarm */
-                r = timerfd_settime(d->fd, TFD_TIMER_ABSTIME, &its, NULL);
-                if (r < 0)
-                        return r;
-
-                d->next = USEC_INFINITY;
-                return 0;
-        }
-
-        b = prioq_peek(d->latest);
-        assert_se(b && b->enabled != SD_EVENT_OFF);
-
-        t = sleep_between(e, a->time.next, time_event_source_latest(b));
-        if (d->next == t)
-                return 0;
-
-        assert_se(d->fd >= 0);
-
-        if (t == 0) {
-                /* We don' want to disarm here, just mean some time looooong ago. */
-                its.it_value.tv_sec = 0;
-                its.it_value.tv_nsec = 1;
-        } else
-                timespec_store(&its.it_value, t);
-
-        r = timerfd_settime(d->fd, TFD_TIMER_ABSTIME, &its, NULL);
-        if (r < 0)
-                return -errno;
-
-        d->next = t;
-        return 0;
-}
-
-static int process_io(sd_event *e, sd_event_source *s, uint32_t revents) {
-        assert(e);
-        assert(s);
-        assert(s->type == SOURCE_IO);
-
-        /* If the event source was already pending, we just OR in the
-         * new revents, otherwise we reset the value. The ORing is
-         * necessary to handle EPOLLONESHOT events properly where
-         * readability might happen independently of writability, and
-         * we need to keep track of both */
-
-        if (s->pending)
-                s->io.revents |= revents;
-        else
-                s->io.revents = revents;
-
-        return source_set_pending(s, true);
-}
-
-static int flush_timer(sd_event *e, int fd, uint32_t events, usec_t *next) {
-        uint64_t x;
-        ssize_t ss;
-
-        assert(e);
-        assert(fd >= 0);
-
-        assert_return(events == EPOLLIN, -EIO);
-
-        ss = read(fd, &x, sizeof(x));
-        if (ss < 0) {
-                if (errno == EAGAIN || errno == EINTR)
-                        return 0;
-
-                return -errno;
-        }
-
-        if (_unlikely_(ss != sizeof(x)))
-                return -EIO;
-
-        if (next)
-                *next = USEC_INFINITY;
-
-        return 0;
-}
-
-static int process_timer(
-                sd_event *e,
-                usec_t n,
-                struct clock_data *d) {
-
-        sd_event_source *s;
-        int r;
-
-        assert(e);
-        assert(d);
-
-        for (;;) {
-                s = prioq_peek(d->earliest);
-                if (!s ||
-                    s->time.next > n ||
-                    s->enabled == SD_EVENT_OFF ||
-                    s->pending)
-                        break;
-
-                r = source_set_pending(s, true);
-                if (r < 0)
-                        return r;
-
-                prioq_reshuffle(d->earliest, s, &s->time.earliest_index);
-                prioq_reshuffle(d->latest, s, &s->time.latest_index);
-                d->needs_rearm = true;
-        }
-
-        return 0;
-}
-
-static int process_child(sd_event *e) {
-        sd_event_source *s;
-        Iterator i;
-        int r;
-
-        assert(e);
-
-        e->need_process_child = false;
-
-        /*
-           So, this is ugly. We iteratively invoke waitid() with P_PID
-           + WNOHANG for each PID we wait for, instead of using
-           P_ALL. This is because we only want to get child
-           information of very specific child processes, and not all
-           of them. We might not have processed the SIGCHLD even of a
-           previous invocation and we don't want to maintain a
-           unbounded *per-child* event queue, hence we really don't
-           want anything flushed out of the kernel's queue that we
-           don't care about. Since this is O(n) this means that if you
-           have a lot of processes you probably want to handle SIGCHLD
-           yourself.
-
-           We do not reap the children here (by using WNOWAIT), this
-           is only done after the event source is dispatched so that
-           the callback still sees the process as a zombie.
-        */
-
-        HASHMAP_FOREACH(s, e->child_sources, i) {
-                assert(s->type == SOURCE_CHILD);
-
-                if (s->pending)
-                        continue;
-
-                if (s->enabled == SD_EVENT_OFF)
-                        continue;
-
-                zero(s->child.siginfo);
-                r = waitid(P_PID, s->child.pid, &s->child.siginfo,
-                           WNOHANG | (s->child.options & WEXITED ? WNOWAIT : 0) | s->child.options);
-                if (r < 0)
-                        return -errno;
-
-                if (s->child.siginfo.si_pid != 0) {
-                        bool zombie =
-                                s->child.siginfo.si_code == CLD_EXITED ||
-                                s->child.siginfo.si_code == CLD_KILLED ||
-                                s->child.siginfo.si_code == CLD_DUMPED;
-
-                        if (!zombie && (s->child.options & WEXITED)) {
-                                /* If the child isn't dead then let's
-                                 * immediately remove the state change
-                                 * from the queue, since there's no
-                                 * benefit in leaving it queued */
-
-                                assert(s->child.options & (WSTOPPED|WCONTINUED));
-                                waitid(P_PID, s->child.pid, &s->child.siginfo, WNOHANG|(s->child.options & (WSTOPPED|WCONTINUED)));
-                        }
-
-                        r = source_set_pending(s, true);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        return 0;
-}
-
-static int process_signal(sd_event *e, struct signal_data *d, uint32_t events) {
-        bool read_one = false;
-        int r;
-
-        assert(e);
-        assert_return(events == EPOLLIN, -EIO);
-
-        /* If there's a signal queued on this priority and SIGCHLD is
-           on this priority too, then make sure to recheck the
-           children we watch. This is because we only ever dequeue
-           the first signal per priority, and if we dequeue one, and
-           SIGCHLD might be enqueued later we wouldn't know, but we
-           might have higher priority children we care about hence we
-           need to check that explicitly. */
-
-        if (sigismember(&d->sigset, SIGCHLD))
-                e->need_process_child = true;
-
-        /* If there's already an event source pending for this
-         * priority we don't read another */
-        if (d->current)
-                return 0;
-
-        for (;;) {
-                struct signalfd_siginfo si;
-                ssize_t n;
-                sd_event_source *s = NULL;
-
-                n = read(d->fd, &si, sizeof(si));
-                if (n < 0) {
-                        if (errno == EAGAIN || errno == EINTR)
-                                return read_one;
-
-                        return -errno;
-                }
-
-                if (_unlikely_(n != sizeof(si)))
-                        return -EIO;
-
-                assert(SIGNAL_VALID(si.ssi_signo));
-
-                read_one = true;
-
-                if (e->signal_sources)
-                        s = e->signal_sources[si.ssi_signo];
-                if (!s)
-                        continue;
-                if (s->pending)
-                        continue;
-
-                s->signal.siginfo = si;
-                d->current = s;
-
-                r = source_set_pending(s, true);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-}
-
-static int source_dispatch(sd_event_source *s) {
-        int r = 0;
-
-        assert(s);
-        assert(s->pending || s->type == SOURCE_EXIT);
-
-        if (s->type != SOURCE_DEFER && s->type != SOURCE_EXIT) {
-                r = source_set_pending(s, false);
-                if (r < 0)
-                        return r;
-        }
-
-        if (s->type != SOURCE_POST) {
-                sd_event_source *z;
-                Iterator i;
-
-                /* If we execute a non-post source, let's mark all
-                 * post sources as pending */
-
-                SET_FOREACH(z, s->event->post_sources, i) {
-                        if (z->enabled == SD_EVENT_OFF)
-                                continue;
-
-                        r = source_set_pending(z, true);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        if (s->enabled == SD_EVENT_ONESHOT) {
-                r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
-                if (r < 0)
-                        return r;
-        }
-
-        s->dispatching = true;
-
-        switch (s->type) {
-
-        case SOURCE_IO:
-                r = s->io.callback(s, s->io.fd, s->io.revents, s->userdata);
-                break;
-
-        case SOURCE_TIME_REALTIME:
-        case SOURCE_TIME_BOOTTIME:
-        case SOURCE_TIME_MONOTONIC:
-        case SOURCE_TIME_REALTIME_ALARM:
-        case SOURCE_TIME_BOOTTIME_ALARM:
-                r = s->time.callback(s, s->time.next, s->userdata);
-                break;
-
-        case SOURCE_SIGNAL:
-                r = s->signal.callback(s, &s->signal.siginfo, s->userdata);
-                break;
-
-        case SOURCE_CHILD: {
-                bool zombie;
-
-                zombie = s->child.siginfo.si_code == CLD_EXITED ||
-                         s->child.siginfo.si_code == CLD_KILLED ||
-                         s->child.siginfo.si_code == CLD_DUMPED;
-
-                r = s->child.callback(s, &s->child.siginfo, s->userdata);
-
-                /* Now, reap the PID for good. */
-                if (zombie)
-                        waitid(P_PID, s->child.pid, &s->child.siginfo, WNOHANG|WEXITED);
-
-                break;
-        }
-
-        case SOURCE_DEFER:
-                r = s->defer.callback(s, s->userdata);
-                break;
-
-        case SOURCE_POST:
-                r = s->post.callback(s, s->userdata);
-                break;
-
-        case SOURCE_EXIT:
-                r = s->exit.callback(s, s->userdata);
-                break;
-
-        case SOURCE_WATCHDOG:
-        case _SOURCE_EVENT_SOURCE_TYPE_MAX:
-        case _SOURCE_EVENT_SOURCE_TYPE_INVALID:
-                assert_not_reached("Wut? I shouldn't exist.");
-        }
-
-        s->dispatching = false;
-
-        if (r < 0)
-                log_debug_errno(r, "Event source %s (type %s) returned error, disabling: %m",
-                                strna(s->description), event_source_type_to_string(s->type));
-
-        if (s->n_ref == 0)
-                source_free(s);
-        else if (r < 0)
-                sd_event_source_set_enabled(s, SD_EVENT_OFF);
-
-        return 1;
-}
-
-static int event_prepare(sd_event *e) {
-        int r;
-
-        assert(e);
-
-        for (;;) {
-                sd_event_source *s;
-
-                s = prioq_peek(e->prepare);
-                if (!s || s->prepare_iteration == e->iteration || s->enabled == SD_EVENT_OFF)
-                        break;
-
-                s->prepare_iteration = e->iteration;
-                r = prioq_reshuffle(e->prepare, s, &s->prepare_index);
-                if (r < 0)
-                        return r;
-
-                assert(s->prepare);
-
-                s->dispatching = true;
-                r = s->prepare(s, s->userdata);
-                s->dispatching = false;
-
-                if (r < 0)
-                        log_debug_errno(r, "Prepare callback of event source %s (type %s) returned error, disabling: %m",
-                                        strna(s->description), event_source_type_to_string(s->type));
-
-                if (s->n_ref == 0)
-                        source_free(s);
-                else if (r < 0)
-                        sd_event_source_set_enabled(s, SD_EVENT_OFF);
-        }
-
-        return 0;
-}
-
-static int dispatch_exit(sd_event *e) {
-        sd_event_source *p;
-        int r;
-
-        assert(e);
-
-        p = prioq_peek(e->exit);
-        if (!p || p->enabled == SD_EVENT_OFF) {
-                e->state = SD_EVENT_FINISHED;
-                return 0;
-        }
-
-        sd_event_ref(e);
-        e->iteration++;
-        e->state = SD_EVENT_EXITING;
-
-        r = source_dispatch(p);
-
-        e->state = SD_EVENT_INITIAL;
-        sd_event_unref(e);
-
-        return r;
-}
-
-static sd_event_source* event_next_pending(sd_event *e) {
-        sd_event_source *p;
-
-        assert(e);
-
-        p = prioq_peek(e->pending);
-        if (!p)
-                return NULL;
-
-        if (p->enabled == SD_EVENT_OFF)
-                return NULL;
-
-        return p;
-}
-
-static int arm_watchdog(sd_event *e) {
-        struct itimerspec its = {};
-        usec_t t;
-        int r;
-
-        assert(e);
-        assert(e->watchdog_fd >= 0);
-
-        t = sleep_between(e,
-                          e->watchdog_last + (e->watchdog_period / 2),
-                          e->watchdog_last + (e->watchdog_period * 3 / 4));
-
-        timespec_store(&its.it_value, t);
-
-        /* Make sure we never set the watchdog to 0, which tells the
-         * kernel to disable it. */
-        if (its.it_value.tv_sec == 0 && its.it_value.tv_nsec == 0)
-                its.it_value.tv_nsec = 1;
-
-        r = timerfd_settime(e->watchdog_fd, TFD_TIMER_ABSTIME, &its, NULL);
-        if (r < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int process_watchdog(sd_event *e) {
-        assert(e);
-
-        if (!e->watchdog)
-                return 0;
-
-        /* Don't notify watchdog too often */
-        if (e->watchdog_last + e->watchdog_period / 4 > e->timestamp.monotonic)
-                return 0;
-
-        sd_notify(false, "WATCHDOG=1");
-        e->watchdog_last = e->timestamp.monotonic;
-
-        return arm_watchdog(e);
-}
-
-_public_ int sd_event_prepare(sd_event *e) {
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
-
-        if (e->exit_requested)
-                goto pending;
-
-        e->iteration++;
-
-        e->state = SD_EVENT_PREPARING;
-        r = event_prepare(e);
-        e->state = SD_EVENT_INITIAL;
-        if (r < 0)
-                return r;
-
-        r = event_arm_timer(e, &e->realtime);
-        if (r < 0)
-                return r;
-
-        r = event_arm_timer(e, &e->boottime);
-        if (r < 0)
-                return r;
-
-        r = event_arm_timer(e, &e->monotonic);
-        if (r < 0)
-                return r;
-
-        r = event_arm_timer(e, &e->realtime_alarm);
-        if (r < 0)
-                return r;
-
-        r = event_arm_timer(e, &e->boottime_alarm);
-        if (r < 0)
-                return r;
-
-        if (event_next_pending(e) || e->need_process_child)
-                goto pending;
-
-        e->state = SD_EVENT_ARMED;
-
-        return 0;
-
-pending:
-        e->state = SD_EVENT_ARMED;
-        r = sd_event_wait(e, 0);
-        if (r == 0)
-                e->state = SD_EVENT_ARMED;
-
-        return r;
-}
-
-_public_ int sd_event_wait(sd_event *e, uint64_t timeout) {
-        struct epoll_event *ev_queue;
-        unsigned ev_queue_max;
-        int r, m, i;
-
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(e->state == SD_EVENT_ARMED, -EBUSY);
-
-        if (e->exit_requested) {
-                e->state = SD_EVENT_PENDING;
-                return 1;
-        }
-
-        ev_queue_max = MAX(e->n_sources, 1u);
-        ev_queue = newa(struct epoll_event, ev_queue_max);
-
-        m = epoll_wait(e->epoll_fd, ev_queue, ev_queue_max,
-                       timeout == (uint64_t) -1 ? -1 : (int) ((timeout + USEC_PER_MSEC - 1) / USEC_PER_MSEC));
-        if (m < 0) {
-                if (errno == EINTR) {
-                        e->state = SD_EVENT_PENDING;
-                        return 1;
-                }
-
-                r = -errno;
-                goto finish;
-        }
-
-        dual_timestamp_get(&e->timestamp);
-        if (clock_boottime_supported())
-                e->timestamp_boottime = now(CLOCK_BOOTTIME);
-
-        for (i = 0; i < m; i++) {
-
-                if (ev_queue[i].data.ptr == INT_TO_PTR(SOURCE_WATCHDOG))
-                        r = flush_timer(e, e->watchdog_fd, ev_queue[i].events, NULL);
-                else {
-                        WakeupType *t = ev_queue[i].data.ptr;
-
-                        switch (*t) {
-
-                        case WAKEUP_EVENT_SOURCE:
-                                r = process_io(e, ev_queue[i].data.ptr, ev_queue[i].events);
-                                break;
-
-                        case WAKEUP_CLOCK_DATA: {
-                                struct clock_data *d = ev_queue[i].data.ptr;
-                                r = flush_timer(e, d->fd, ev_queue[i].events, &d->next);
-                                break;
-                        }
-
-                        case WAKEUP_SIGNAL_DATA:
-                                r = process_signal(e, ev_queue[i].data.ptr, ev_queue[i].events);
-                                break;
-
-                        default:
-                                assert_not_reached("Invalid wake-up pointer");
-                        }
-                }
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = process_watchdog(e);
-        if (r < 0)
-                goto finish;
-
-        r = process_timer(e, e->timestamp.realtime, &e->realtime);
-        if (r < 0)
-                goto finish;
-
-        r = process_timer(e, e->timestamp_boottime, &e->boottime);
-        if (r < 0)
-                goto finish;
-
-        r = process_timer(e, e->timestamp.monotonic, &e->monotonic);
-        if (r < 0)
-                goto finish;
-
-        r = process_timer(e, e->timestamp.realtime, &e->realtime_alarm);
-        if (r < 0)
-                goto finish;
-
-        r = process_timer(e, e->timestamp_boottime, &e->boottime_alarm);
-        if (r < 0)
-                goto finish;
-
-        if (e->need_process_child) {
-                r = process_child(e);
-                if (r < 0)
-                        goto finish;
-        }
-
-        if (event_next_pending(e)) {
-                e->state = SD_EVENT_PENDING;
-
-                return 1;
-        }
-
-        r = 0;
-
-finish:
-        e->state = SD_EVENT_INITIAL;
-
-        return r;
-}
-
-_public_ int sd_event_dispatch(sd_event *e) {
-        sd_event_source *p;
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(e->state == SD_EVENT_PENDING, -EBUSY);
-
-        if (e->exit_requested)
-                return dispatch_exit(e);
-
-        p = event_next_pending(e);
-        if (p) {
-                sd_event_ref(e);
-
-                e->state = SD_EVENT_RUNNING;
-                r = source_dispatch(p);
-                e->state = SD_EVENT_INITIAL;
-
-                sd_event_unref(e);
-
-                return r;
-        }
-
-        e->state = SD_EVENT_INITIAL;
-
-        return 1;
-}
-
-static void event_log_delays(sd_event *e) {
-        char b[ELEMENTSOF(e->delays) * DECIMAL_STR_MAX(unsigned) + 1];
-        unsigned i;
-        int o;
-
-        for (i = o = 0; i < ELEMENTSOF(e->delays); i++) {
-                o += snprintf(&b[o], sizeof(b) - o, "%u ", e->delays[i]);
-                e->delays[i] = 0;
-        }
-        log_debug("Event loop iterations: %.*s", o, b);
-}
-
-_public_ int sd_event_run(sd_event *e, uint64_t timeout) {
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
-
-        if (e->profile_delays && e->last_run) {
-                usec_t this_run;
-                unsigned l;
-
-                this_run = now(CLOCK_MONOTONIC);
-
-                l = u64log2(this_run - e->last_run);
-                assert(l < sizeof(e->delays));
-                e->delays[l]++;
-
-                if (this_run - e->last_log >= 5*USEC_PER_SEC) {
-                        event_log_delays(e);
-                        e->last_log = this_run;
-                }
-        }
-
-        r = sd_event_prepare(e);
-        if (r == 0)
-                /* There was nothing? Then wait... */
-                r = sd_event_wait(e, timeout);
-
-        if (e->profile_delays)
-                e->last_run = now(CLOCK_MONOTONIC);
-
-        if (r > 0) {
-                /* There's something now, then let's dispatch it */
-                r = sd_event_dispatch(e);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-
-        return r;
-}
-
-_public_ int sd_event_loop(sd_event *e) {
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-        assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
-
-        sd_event_ref(e);
-
-        while (e->state != SD_EVENT_FINISHED) {
-                r = sd_event_run(e, (uint64_t) -1);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = e->exit_code;
-
-finish:
-        sd_event_unref(e);
-        return r;
-}
-
-_public_ int sd_event_get_fd(sd_event *e) {
-
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        return e->epoll_fd;
-}
-
-_public_ int sd_event_get_state(sd_event *e) {
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        return e->state;
-}
-
-_public_ int sd_event_get_exit_code(sd_event *e, int *code) {
-        assert_return(e, -EINVAL);
-        assert_return(code, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        if (!e->exit_requested)
-                return -ENODATA;
-
-        *code = e->exit_code;
-        return 0;
-}
-
-_public_ int sd_event_exit(sd_event *e, int code) {
-        assert_return(e, -EINVAL);
-        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        e->exit_requested = true;
-        e->exit_code = code;
-
-        return 0;
-}
-
-_public_ int sd_event_now(sd_event *e, clockid_t clock, uint64_t *usec) {
-        assert_return(e, -EINVAL);
-        assert_return(usec, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-        assert_return(IN_SET(clock,
-                             CLOCK_REALTIME,
-                             CLOCK_REALTIME_ALARM,
-                             CLOCK_MONOTONIC,
-                             CLOCK_BOOTTIME,
-                             CLOCK_BOOTTIME_ALARM), -EOPNOTSUPP);
-
-        if (IN_SET(clock, CLOCK_BOOTTIME, CLOCK_BOOTTIME_ALARM) && !clock_boottime_supported())
-                return -EOPNOTSUPP;
-
-        if (!dual_timestamp_is_set(&e->timestamp)) {
-                /* Implicitly fall back to now() if we never ran
-                 * before and thus have no cached time. */
-                *usec = now(clock);
-                return 1;
-        }
-
-        switch (clock) {
-
-        case CLOCK_REALTIME:
-        case CLOCK_REALTIME_ALARM:
-                *usec = e->timestamp.realtime;
-                break;
-
-        case CLOCK_MONOTONIC:
-                *usec = e->timestamp.monotonic;
-                break;
-
-        case CLOCK_BOOTTIME:
-        case CLOCK_BOOTTIME_ALARM:
-                *usec = e->timestamp_boottime;
-                break;
-
-        default:
-                assert_not_reached("Unknown clock?");
-        }
-
-        return 0;
-}
-
-_public_ int sd_event_default(sd_event **ret) {
-
-        static thread_local sd_event *default_event = NULL;
-        sd_event *e = NULL;
-        int r;
-
-        if (!ret)
-                return !!default_event;
-
-        if (default_event) {
-                *ret = sd_event_ref(default_event);
-                return 0;
-        }
-
-        r = sd_event_new(&e);
-        if (r < 0)
-                return r;
-
-        e->default_event_ptr = &default_event;
-        e->tid = gettid();
-        default_event = e;
-
-        *ret = e;
-        return 1;
-}
-
-_public_ int sd_event_get_tid(sd_event *e, pid_t *tid) {
-        assert_return(e, -EINVAL);
-        assert_return(tid, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        if (e->tid != 0) {
-                *tid = e->tid;
-                return 0;
-        }
-
-        return -ENXIO;
-}
-
-_public_ int sd_event_set_watchdog(sd_event *e, int b) {
-        int r;
-
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        if (e->watchdog == !!b)
-                return e->watchdog;
-
-        if (b) {
-                struct epoll_event ev = {};
-
-                r = sd_watchdog_enabled(false, &e->watchdog_period);
-                if (r <= 0)
-                        return r;
-
-                /* Issue first ping immediately */
-                sd_notify(false, "WATCHDOG=1");
-                e->watchdog_last = now(CLOCK_MONOTONIC);
-
-                e->watchdog_fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK|TFD_CLOEXEC);
-                if (e->watchdog_fd < 0)
-                        return -errno;
-
-                r = arm_watchdog(e);
-                if (r < 0)
-                        goto fail;
-
-                ev.events = EPOLLIN;
-                ev.data.ptr = INT_TO_PTR(SOURCE_WATCHDOG);
-
-                r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, e->watchdog_fd, &ev);
-                if (r < 0) {
-                        r = -errno;
-                        goto fail;
-                }
-
-        } else {
-                if (e->watchdog_fd >= 0) {
-                        epoll_ctl(e->epoll_fd, EPOLL_CTL_DEL, e->watchdog_fd, NULL);
-                        e->watchdog_fd = safe_close(e->watchdog_fd);
-                }
-        }
-
-        e->watchdog = !!b;
-        return e->watchdog;
-
-fail:
-        e->watchdog_fd = safe_close(e->watchdog_fd);
-        return r;
-}
-
-_public_ int sd_event_get_watchdog(sd_event *e) {
-        assert_return(e, -EINVAL);
-        assert_return(!event_pid_changed(e), -ECHILD);
-
-        return e->watchdog;
-}
diff --git a/src/libsystemd/sd-event/test-event.c b/src/libsystemd/sd-event/test-event.c
deleted file mode 100644
index 289114490c..0000000000
--- a/src/libsystemd/sd-event/test-event.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-
-#include "fd-util.h"
-#include "log.h"
-#include "macro.h"
-#include "signal-util.h"
-#include "util.h"
-
-static int prepare_handler(sd_event_source *s, void *userdata) {
-        log_info("preparing %c", PTR_TO_INT(userdata));
-        return 1;
-}
-
-static bool got_a, got_b, got_c, got_unref;
-static unsigned got_d;
-
-static int unref_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        sd_event_source_unref(s);
-        got_unref = true;
-        return 0;
-}
-
-static int io_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-
-        log_info("got IO on %c", PTR_TO_INT(userdata));
-
-        if (userdata == INT_TO_PTR('a')) {
-                assert_se(sd_event_source_set_enabled(s, SD_EVENT_OFF) >= 0);
-                assert_se(!got_a);
-                got_a = true;
-        } else if (userdata == INT_TO_PTR('b')) {
-                assert_se(!got_b);
-                got_b = true;
-        } else if (userdata == INT_TO_PTR('d')) {
-                got_d++;
-                if (got_d < 2)
-                        assert_se(sd_event_source_set_enabled(s, SD_EVENT_ONESHOT) >= 0);
-                else
-                        assert_se(sd_event_source_set_enabled(s, SD_EVENT_OFF) >= 0);
-        } else
-                assert_not_reached("Yuck!");
-
-        return 1;
-}
-
-static int child_handler(sd_event_source *s, const siginfo_t *si, void *userdata) {
-
-        assert_se(s);
-        assert_se(si);
-
-        log_info("got child on %c", PTR_TO_INT(userdata));
-
-        assert_se(userdata == INT_TO_PTR('f'));
-
-        assert_se(sd_event_exit(sd_event_source_get_event(s), 0) >= 0);
-        sd_event_source_unref(s);
-
-        return 1;
-}
-
-static int signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        sd_event_source *p = NULL;
-        pid_t pid;
-
-        assert_se(s);
-        assert_se(si);
-
-        log_info("got signal on %c", PTR_TO_INT(userdata));
-
-        assert_se(userdata == INT_TO_PTR('e'));
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, -1) >= 0);
-
-        pid = fork();
-        assert_se(pid >= 0);
-
-        if (pid == 0)
-                _exit(0);
-
-        assert_se(sd_event_add_child(sd_event_source_get_event(s), &p, pid, WEXITED, child_handler, INT_TO_PTR('f')) >= 0);
-        assert_se(sd_event_source_set_enabled(p, SD_EVENT_ONESHOT) >= 0);
-
-        sd_event_source_unref(s);
-
-        return 1;
-}
-
-static int defer_handler(sd_event_source *s, void *userdata) {
-        sd_event_source *p = NULL;
-
-        assert_se(s);
-
-        log_info("got defer on %c", PTR_TO_INT(userdata));
-
-        assert_se(userdata == INT_TO_PTR('d'));
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGUSR1, -1) >= 0);
-
-        assert_se(sd_event_add_signal(sd_event_source_get_event(s), &p, SIGUSR1, signal_handler, INT_TO_PTR('e')) >= 0);
-        assert_se(sd_event_source_set_enabled(p, SD_EVENT_ONESHOT) >= 0);
-        raise(SIGUSR1);
-
-        sd_event_source_unref(s);
-
-        return 1;
-}
-
-static bool do_quit = false;
-
-static int time_handler(sd_event_source *s, uint64_t usec, void *userdata) {
-        log_info("got timer on %c", PTR_TO_INT(userdata));
-
-        if (userdata == INT_TO_PTR('c')) {
-
-                if (do_quit) {
-                        sd_event_source *p;
-
-                        assert_se(sd_event_add_defer(sd_event_source_get_event(s), &p, defer_handler, INT_TO_PTR('d')) >= 0);
-                        assert_se(sd_event_source_set_enabled(p, SD_EVENT_ONESHOT) >= 0);
-                } else {
-                        assert_se(!got_c);
-                        got_c = true;
-                }
-        } else
-                assert_not_reached("Huh?");
-
-        return 2;
-}
-
-static bool got_exit = false;
-
-static int exit_handler(sd_event_source *s, void *userdata) {
-        log_info("got quit handler on %c", PTR_TO_INT(userdata));
-
-        got_exit = true;
-
-        return 3;
-}
-
-static bool got_post = false;
-
-static int post_handler(sd_event_source *s, void *userdata) {
-        log_info("got post handler");
-
-        got_post = true;
-
-        return 2;
-}
-
-static void test_basic(void) {
-        sd_event *e = NULL;
-        sd_event_source *w = NULL, *x = NULL, *y = NULL, *z = NULL, *q = NULL, *t = NULL;
-        static const char ch = 'x';
-        int a[2] = { -1, -1 }, b[2] = { -1, -1}, d[2] = { -1, -1}, k[2] = { -1, -1 };
-        uint64_t event_now;
-
-        assert_se(pipe(a) >= 0);
-        assert_se(pipe(b) >= 0);
-        assert_se(pipe(d) >= 0);
-        assert_se(pipe(k) >= 0);
-
-        assert_se(sd_event_default(&e) >= 0);
-        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) > 0);
-
-        assert_se(sd_event_set_watchdog(e, true) >= 0);
-
-        /* Test whether we cleanly can destroy an io event source from its own handler */
-        got_unref = false;
-        assert_se(sd_event_add_io(e, &t, k[0], EPOLLIN, unref_handler, NULL) >= 0);
-        assert_se(write(k[1], &ch, 1) == 1);
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-        assert_se(got_unref);
-
-        got_a = false, got_b = false, got_c = false, got_d = 0;
-
-        /* Add a oneshot handler, trigger it, re-enable it, and trigger
-         * it again. */
-        assert_se(sd_event_add_io(e, &w, d[0], EPOLLIN, io_handler, INT_TO_PTR('d')) >= 0);
-        assert_se(sd_event_source_set_enabled(w, SD_EVENT_ONESHOT) >= 0);
-        assert_se(write(d[1], &ch, 1) >= 0);
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-        assert_se(got_d == 1);
-        assert_se(write(d[1], &ch, 1) >= 0);
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-        assert_se(got_d == 2);
-
-        assert_se(sd_event_add_io(e, &x, a[0], EPOLLIN, io_handler, INT_TO_PTR('a')) >= 0);
-        assert_se(sd_event_add_io(e, &y, b[0], EPOLLIN, io_handler, INT_TO_PTR('b')) >= 0);
-        assert_se(sd_event_add_time(e, &z, CLOCK_MONOTONIC, 0, 0, time_handler, INT_TO_PTR('c')) >= 0);
-        assert_se(sd_event_add_exit(e, &q, exit_handler, INT_TO_PTR('g')) >= 0);
-
-        assert_se(sd_event_source_set_priority(x, 99) >= 0);
-        assert_se(sd_event_source_set_enabled(y, SD_EVENT_ONESHOT) >= 0);
-        assert_se(sd_event_source_set_prepare(x, prepare_handler) >= 0);
-        assert_se(sd_event_source_set_priority(z, 50) >= 0);
-        assert_se(sd_event_source_set_enabled(z, SD_EVENT_ONESHOT) >= 0);
-        assert_se(sd_event_source_set_prepare(z, prepare_handler) >= 0);
-
-        /* Test for floating event sources */
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGRTMIN+1, -1) >= 0);
-        assert_se(sd_event_add_signal(e, NULL, SIGRTMIN+1, NULL, NULL) >= 0);
-
-        assert_se(write(a[1], &ch, 1) >= 0);
-        assert_se(write(b[1], &ch, 1) >= 0);
-
-        assert_se(!got_a && !got_b && !got_c);
-
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-
-        assert_se(!got_a && got_b && !got_c);
-
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-
-        assert_se(!got_a && got_b && got_c);
-
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-
-        assert_se(got_a && got_b && got_c);
-
-        sd_event_source_unref(x);
-        sd_event_source_unref(y);
-
-        do_quit = true;
-        assert_se(sd_event_add_post(e, NULL, post_handler, NULL) >= 0);
-        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) == 0);
-        assert_se(sd_event_source_set_time(z, event_now + 200 * USEC_PER_MSEC) >= 0);
-        assert_se(sd_event_source_set_enabled(z, SD_EVENT_ONESHOT) >= 0);
-
-        assert_se(sd_event_loop(e) >= 0);
-        assert_se(got_post);
-        assert_se(got_exit);
-
-        sd_event_source_unref(z);
-        sd_event_source_unref(q);
-
-        sd_event_source_unref(w);
-
-        sd_event_unref(e);
-
-        safe_close_pair(a);
-        safe_close_pair(b);
-        safe_close_pair(d);
-        safe_close_pair(k);
-}
-
-static void test_sd_event_now(void) {
-        _cleanup_(sd_event_unrefp) sd_event *e = NULL;
-        uint64_t event_now;
-
-        assert_se(sd_event_new(&e) >= 0);
-        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) > 0);
-        assert_se(sd_event_now(e, CLOCK_REALTIME, &event_now) > 0);
-        assert_se(sd_event_now(e, CLOCK_REALTIME_ALARM, &event_now) > 0);
-        if (clock_boottime_supported()) {
-                assert_se(sd_event_now(e, CLOCK_BOOTTIME, &event_now) > 0);
-                assert_se(sd_event_now(e, CLOCK_BOOTTIME_ALARM, &event_now) > 0);
-        }
-        assert_se(sd_event_now(e, -1, &event_now) == -EOPNOTSUPP);
-        assert_se(sd_event_now(e, 900 /* arbitrary big number */, &event_now) == -EOPNOTSUPP);
-
-        assert_se(sd_event_run(e, 0) == 0);
-
-        assert_se(sd_event_now(e, CLOCK_MONOTONIC, &event_now) == 0);
-        assert_se(sd_event_now(e, CLOCK_REALTIME, &event_now) == 0);
-        assert_se(sd_event_now(e, CLOCK_REALTIME_ALARM, &event_now) == 0);
-        if (clock_boottime_supported()) {
-                assert_se(sd_event_now(e, CLOCK_BOOTTIME, &event_now) == 0);
-                assert_se(sd_event_now(e, CLOCK_BOOTTIME_ALARM, &event_now) == 0);
-        }
-        assert_se(sd_event_now(e, -1, &event_now) == -EOPNOTSUPP);
-        assert_se(sd_event_now(e, 900 /* arbitrary big number */, &event_now) == -EOPNOTSUPP);
-}
-
-static int last_rtqueue_sigval = 0;
-static int n_rtqueue = 0;
-
-static int rtqueue_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        last_rtqueue_sigval = si->ssi_int;
-        n_rtqueue++;
-        return 0;
-}
-
-static void test_rtqueue(void) {
-        sd_event_source *u = NULL, *v = NULL, *s = NULL;
-        sd_event *e = NULL;
-
-        assert_se(sd_event_default(&e) >= 0);
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGRTMIN+2, SIGRTMIN+3, SIGUSR2, -1) >= 0);
-        assert_se(sd_event_add_signal(e, &u, SIGRTMIN+2, rtqueue_handler, NULL) >= 0);
-        assert_se(sd_event_add_signal(e, &v, SIGRTMIN+3, rtqueue_handler, NULL) >= 0);
-        assert_se(sd_event_add_signal(e, &s, SIGUSR2, rtqueue_handler, NULL) >= 0);
-
-        assert_se(sd_event_source_set_priority(v, -10) >= 0);
-
-        assert(sigqueue(getpid(), SIGRTMIN+2, (union sigval) { .sival_int = 1 }) >= 0);
-        assert(sigqueue(getpid(), SIGRTMIN+3, (union sigval) { .sival_int = 2 }) >= 0);
-        assert(sigqueue(getpid(), SIGUSR2, (union sigval) { .sival_int = 3 }) >= 0);
-        assert(sigqueue(getpid(), SIGRTMIN+3, (union sigval) { .sival_int = 4 }) >= 0);
-        assert(sigqueue(getpid(), SIGUSR2, (union sigval) { .sival_int = 5 }) >= 0);
-
-        assert_se(n_rtqueue == 0);
-        assert_se(last_rtqueue_sigval == 0);
-
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-        assert_se(n_rtqueue == 1);
-        assert_se(last_rtqueue_sigval == 2); /* first SIGRTMIN+3 */
-
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-        assert_se(n_rtqueue == 2);
-        assert_se(last_rtqueue_sigval == 4); /* second SIGRTMIN+3 */
-
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-        assert_se(n_rtqueue == 3);
-        assert_se(last_rtqueue_sigval == 3); /* first SIGUSR2 */
-
-        assert_se(sd_event_run(e, (uint64_t) -1) >= 1);
-        assert_se(n_rtqueue == 4);
-        assert_se(last_rtqueue_sigval == 1); /* SIGRTMIN+2 */
-
-        assert_se(sd_event_run(e, 0) == 0); /* the other SIGUSR2 is dropped, because the first one was still queued */
-        assert_se(n_rtqueue == 4);
-        assert_se(last_rtqueue_sigval == 1);
-
-        sd_event_source_unref(u);
-        sd_event_source_unref(v);
-        sd_event_source_unref(s);
-
-        sd_event_unref(e);
-}
-
-int main(int argc, char *argv[]) {
-
-        log_set_max_level(LOG_DEBUG);
-        log_parse_environment();
-
-        test_basic();
-        test_sd_event_now();
-        test_rtqueue();
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-hwdb/Makefile b/src/libsystemd/sd-hwdb/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/libsystemd/sd-hwdb/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-hwdb/hwdb-util.h b/src/libsystemd/sd-hwdb/hwdb-util.h
deleted file mode 100644
index 5e21e5008b..0000000000
--- a/src/libsystemd/sd-hwdb/hwdb-util.h
+++ /dev/null
@@ -1,26 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-hwdb.h"
-
-#include "util.h"
-
-bool hwdb_validate(sd_hwdb *hwdb);
diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c
deleted file mode 100644
index 062fa97b17..0000000000
--- a/src/libsystemd/sd-hwdb/sd-hwdb.c
+++ /dev/null
@@ -1,470 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Kay Sievers <kay@vrfy.org>
-  Copyright 2008 Alan Jenkins <alan.christopher.jenkins@googlemail.com>
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fnmatch.h>
-#include <inttypes.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-
-#include "sd-hwdb.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "hashmap.h"
-#include "hwdb-internal.h"
-#include "hwdb-util.h"
-#include "refcnt.h"
-#include "string-util.h"
-
-struct sd_hwdb {
-        RefCount n_ref;
-        int refcount;
-
-        FILE *f;
-        struct stat st;
-        union {
-                struct trie_header_f *head;
-                const char *map;
-        };
-
-        char *modalias;
-
-        OrderedHashmap *properties;
-        Iterator properties_iterator;
-        bool properties_modified;
-};
-
-struct linebuf {
-        char bytes[LINE_MAX];
-        size_t size;
-        size_t len;
-};
-
-static void linebuf_init(struct linebuf *buf) {
-        buf->size = 0;
-        buf->len = 0;
-}
-
-static const char *linebuf_get(struct linebuf *buf) {
-        if (buf->len + 1 >= sizeof(buf->bytes))
-                return NULL;
-        buf->bytes[buf->len] = '\0';
-        return buf->bytes;
-}
-
-static bool linebuf_add(struct linebuf *buf, const char *s, size_t len) {
-        if (buf->len + len >= sizeof(buf->bytes))
-                return false;
-        memcpy(buf->bytes + buf->len, s, len);
-        buf->len += len;
-        return true;
-}
-
-static bool linebuf_add_char(struct linebuf *buf, char c) {
-        if (buf->len + 1 >= sizeof(buf->bytes))
-                return false;
-        buf->bytes[buf->len++] = c;
-        return true;
-}
-
-static void linebuf_rem(struct linebuf *buf, size_t count) {
-        assert(buf->len >= count);
-        buf->len -= count;
-}
-
-static void linebuf_rem_char(struct linebuf *buf) {
-        linebuf_rem(buf, 1);
-}
-
-static const struct trie_child_entry_f *trie_node_children(sd_hwdb *hwdb, const struct trie_node_f *node) {
-        return (const struct trie_child_entry_f *)((const char *)node + le64toh(hwdb->head->node_size));
-}
-
-static const struct trie_value_entry_f *trie_node_values(sd_hwdb *hwdb, const struct trie_node_f *node) {
-        const char *base = (const char *)node;
-
-        base += le64toh(hwdb->head->node_size);
-        base += node->children_count * le64toh(hwdb->head->child_entry_size);
-        return (const struct trie_value_entry_f *)base;
-}
-
-static const struct trie_node_f *trie_node_from_off(sd_hwdb *hwdb, le64_t off) {
-        return (const struct trie_node_f *)(hwdb->map + le64toh(off));
-}
-
-static const char *trie_string(sd_hwdb *hwdb, le64_t off) {
-        return hwdb->map + le64toh(off);
-}
-
-static int trie_children_cmp_f(const void *v1, const void *v2) {
-        const struct trie_child_entry_f *n1 = v1;
-        const struct trie_child_entry_f *n2 = v2;
-
-        return n1->c - n2->c;
-}
-
-static const struct trie_node_f *node_lookup_f(sd_hwdb *hwdb, const struct trie_node_f *node, uint8_t c) {
-        struct trie_child_entry_f *child;
-        struct trie_child_entry_f search;
-
-        search.c = c;
-        child = bsearch(&search, trie_node_children(hwdb, node), node->children_count,
-                        le64toh(hwdb->head->child_entry_size), trie_children_cmp_f);
-        if (child)
-                return trie_node_from_off(hwdb, child->child_off);
-        return NULL;
-}
-
-static int hwdb_add_property(sd_hwdb *hwdb, const char *key, const char *value) {
-        int r;
-
-        assert(hwdb);
-        assert(key);
-        assert(value);
-
-        /*
-         * Silently ignore all properties which do not start with a
-         * space; future extensions might use additional prefixes.
-         */
-        if (key[0] != ' ')
-                return 0;
-
-        key++;
-
-        r = ordered_hashmap_ensure_allocated(&hwdb->properties, &string_hash_ops);
-        if (r < 0)
-                return r;
-
-        r = ordered_hashmap_replace(hwdb->properties, key, (char*)value);
-        if (r < 0)
-                return r;
-
-        hwdb->properties_modified = true;
-
-        return 0;
-}
-
-static int trie_fnmatch_f(sd_hwdb *hwdb, const struct trie_node_f *node, size_t p,
-                          struct linebuf *buf, const char *search) {
-        size_t len;
-        size_t i;
-        const char *prefix;
-        int err;
-
-        prefix = trie_string(hwdb, node->prefix_off);
-        len = strlen(prefix + p);
-        linebuf_add(buf, prefix + p, len);
-
-        for (i = 0; i < node->children_count; i++) {
-                const struct trie_child_entry_f *child = &trie_node_children(hwdb, node)[i];
-
-                linebuf_add_char(buf, child->c);
-                err = trie_fnmatch_f(hwdb, trie_node_from_off(hwdb, child->child_off), 0, buf, search);
-                if (err < 0)
-                        return err;
-                linebuf_rem_char(buf);
-        }
-
-        if (le64toh(node->values_count) && fnmatch(linebuf_get(buf), search, 0) == 0)
-                for (i = 0; i < le64toh(node->values_count); i++) {
-                        err = hwdb_add_property(hwdb, trie_string(hwdb, trie_node_values(hwdb, node)[i].key_off),
-                                                trie_string(hwdb, trie_node_values(hwdb, node)[i].value_off));
-                        if (err < 0)
-                                return err;
-                }
-
-        linebuf_rem(buf, len);
-        return 0;
-}
-
-static int trie_search_f(sd_hwdb *hwdb, const char *search) {
-        struct linebuf buf;
-        const struct trie_node_f *node;
-        size_t i = 0;
-        int err;
-
-        linebuf_init(&buf);
-
-        node = trie_node_from_off(hwdb, hwdb->head->nodes_root_off);
-        while (node) {
-                const struct trie_node_f *child;
-                size_t p = 0;
-
-                if (node->prefix_off) {
-                        uint8_t c;
-
-                        for (; (c = trie_string(hwdb, node->prefix_off)[p]); p++) {
-                                if (c == '*' || c == '?' || c == '[')
-                                        return trie_fnmatch_f(hwdb, node, p, &buf, search + i + p);
-                                if (c != search[i + p])
-                                        return 0;
-                        }
-                        i += p;
-                }
-
-                child = node_lookup_f(hwdb, node, '*');
-                if (child) {
-                        linebuf_add_char(&buf, '*');
-                        err = trie_fnmatch_f(hwdb, child, 0, &buf, search + i);
-                        if (err < 0)
-                                return err;
-                        linebuf_rem_char(&buf);
-                }
-
-                child = node_lookup_f(hwdb, node, '?');
-                if (child) {
-                        linebuf_add_char(&buf, '?');
-                        err = trie_fnmatch_f(hwdb, child, 0, &buf, search + i);
-                        if (err < 0)
-                                return err;
-                        linebuf_rem_char(&buf);
-                }
-
-                child = node_lookup_f(hwdb, node, '[');
-                if (child) {
-                        linebuf_add_char(&buf, '[');
-                        err = trie_fnmatch_f(hwdb, child, 0, &buf, search + i);
-                        if (err < 0)
-                                return err;
-                        linebuf_rem_char(&buf);
-                }
-
-                if (search[i] == '\0') {
-                        size_t n;
-
-                        for (n = 0; n < le64toh(node->values_count); n++) {
-                                err = hwdb_add_property(hwdb, trie_string(hwdb, trie_node_values(hwdb, node)[n].key_off),
-                                                        trie_string(hwdb, trie_node_values(hwdb, node)[n].value_off));
-                                if (err < 0)
-                                        return err;
-                        }
-                        return 0;
-                }
-
-                child = node_lookup_f(hwdb, node, search[i]);
-                node = child;
-                i++;
-        }
-        return 0;
-}
-
-static const char hwdb_bin_paths[] =
-        "/etc/systemd/hwdb/hwdb.bin\0"
-        "/etc/udev/hwdb.bin\0"
-        "/usr/lib/systemd/hwdb/hwdb.bin\0"
-#ifdef HAVE_SPLIT_USR
-        "/lib/systemd/hwdb/hwdb.bin\0"
-#endif
-        UDEVLIBEXECDIR "/hwdb.bin\0";
-
-_public_ int sd_hwdb_new(sd_hwdb **ret) {
-        _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
-        const char *hwdb_bin_path;
-        const char sig[] = HWDB_SIG;
-
-        assert_return(ret, -EINVAL);
-
-        hwdb = new0(sd_hwdb, 1);
-        if (!hwdb)
-                return -ENOMEM;
-
-        hwdb->n_ref = REFCNT_INIT;
-
-        /* find hwdb.bin in hwdb_bin_paths */
-        NULSTR_FOREACH(hwdb_bin_path, hwdb_bin_paths) {
-                hwdb->f = fopen(hwdb_bin_path, "re");
-                if (hwdb->f)
-                        break;
-                else if (errno == ENOENT)
-                        continue;
-                else
-                        return log_debug_errno(errno, "error reading %s: %m", hwdb_bin_path);
-        }
-
-        if (!hwdb->f) {
-                log_debug("hwdb.bin does not exist, please run udevadm hwdb --update");
-                return -ENOENT;
-        }
-
-        if (fstat(fileno(hwdb->f), &hwdb->st) < 0 ||
-            (size_t)hwdb->st.st_size < offsetof(struct trie_header_f, strings_len) + 8)
-                return log_debug_errno(errno, "error reading %s: %m", hwdb_bin_path);
-
-        hwdb->map = mmap(0, hwdb->st.st_size, PROT_READ, MAP_SHARED, fileno(hwdb->f), 0);
-        if (hwdb->map == MAP_FAILED)
-                return log_debug_errno(errno, "error mapping %s: %m", hwdb_bin_path);
-
-        if (memcmp(hwdb->map, sig, sizeof(hwdb->head->signature)) != 0 ||
-            (size_t)hwdb->st.st_size != le64toh(hwdb->head->file_size)) {
-                log_debug("error recognizing the format of %s", hwdb_bin_path);
-                return -EINVAL;
-        }
-
-        log_debug("=== trie on-disk ===");
-        log_debug("tool version:          %"PRIu64, le64toh(hwdb->head->tool_version));
-        log_debug("file size:        %8"PRIi64" bytes", hwdb->st.st_size);
-        log_debug("header size       %8"PRIu64" bytes", le64toh(hwdb->head->header_size));
-        log_debug("strings           %8"PRIu64" bytes", le64toh(hwdb->head->strings_len));
-        log_debug("nodes             %8"PRIu64" bytes", le64toh(hwdb->head->nodes_len));
-
-        *ret = hwdb;
-        hwdb = NULL;
-
-        return 0;
-}
-
-_public_ sd_hwdb *sd_hwdb_ref(sd_hwdb *hwdb) {
-        assert_return(hwdb, NULL);
-
-        assert_se(REFCNT_INC(hwdb->n_ref) >= 2);
-
-        return hwdb;
-}
-
-_public_ sd_hwdb *sd_hwdb_unref(sd_hwdb *hwdb) {
-        if (hwdb && REFCNT_DEC(hwdb->n_ref) == 0) {
-                if (hwdb->map)
-                        munmap((void *)hwdb->map, hwdb->st.st_size);
-                safe_fclose(hwdb->f);
-                free(hwdb->modalias);
-                ordered_hashmap_free(hwdb->properties);
-                free(hwdb);
-        }
-
-        return NULL;
-}
-
-bool hwdb_validate(sd_hwdb *hwdb) {
-        bool found = false;
-        const char* p;
-        struct stat st;
-
-        if (!hwdb)
-                return false;
-        if (!hwdb->f)
-                return false;
-
-        /* if hwdb.bin doesn't exist anywhere, we need to update */
-        NULSTR_FOREACH(p, hwdb_bin_paths) {
-                if (stat(p, &st) >= 0) {
-                        found = true;
-                        break;
-                }
-        }
-        if (!found)
-                return true;
-
-        if (timespec_load(&hwdb->st.st_mtim) != timespec_load(&st.st_mtim))
-                return true;
-        return false;
-}
-
-static int properties_prepare(sd_hwdb *hwdb, const char *modalias) {
-        _cleanup_free_ char *mod = NULL;
-        int r;
-
-        assert(hwdb);
-        assert(modalias);
-
-        if (streq_ptr(modalias, hwdb->modalias))
-                return 0;
-
-        mod = strdup(modalias);
-        if (!mod)
-                return -ENOMEM;
-
-        ordered_hashmap_clear(hwdb->properties);
-
-        hwdb->properties_modified = true;
-
-        r = trie_search_f(hwdb, modalias);
-        if (r < 0)
-                return r;
-
-        free(hwdb->modalias);
-        hwdb->modalias = mod;
-        mod = NULL;
-
-        return 0;
-}
-
-_public_ int sd_hwdb_get(sd_hwdb *hwdb, const char *modalias, const char *key, const char **_value) {
-        const char *value;
-        int r;
-
-        assert_return(hwdb, -EINVAL);
-        assert_return(hwdb->f, -EINVAL);
-        assert_return(modalias, -EINVAL);
-        assert_return(_value, -EINVAL);
-
-        r = properties_prepare(hwdb, modalias);
-        if (r < 0)
-                return r;
-
-        value = ordered_hashmap_get(hwdb->properties, key);
-        if (!value)
-                return -ENOENT;
-
-        *_value = value;
-
-        return 0;
-}
-
-_public_ int sd_hwdb_seek(sd_hwdb *hwdb, const char *modalias) {
-        int r;
-
-        assert_return(hwdb, -EINVAL);
-        assert_return(hwdb->f, -EINVAL);
-        assert_return(modalias, -EINVAL);
-
-        r = properties_prepare(hwdb, modalias);
-        if (r < 0)
-                return r;
-
-        hwdb->properties_modified = false;
-        hwdb->properties_iterator = ITERATOR_FIRST;
-
-        return 0;
-}
-
-_public_ int sd_hwdb_enumerate(sd_hwdb *hwdb, const char **key, const char **value) {
-        const void *k;
-        void *v;
-
-        assert_return(hwdb, -EINVAL);
-        assert_return(key, -EINVAL);
-        assert_return(value, -EINVAL);
-
-        if (hwdb->properties_modified)
-                return -EAGAIN;
-
-        ordered_hashmap_iterate(hwdb->properties, &hwdb->properties_iterator, &v, &k);
-        if (!k)
-                return 0;
-
-        *key = k;
-        *value = v;
-
-        return 1;
-}
diff --git a/src/libsystemd/sd-id128/Makefile b/src/libsystemd/sd-id128/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/libsystemd/sd-id128/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c
deleted file mode 100644
index d9c0116f60..0000000000
--- a/src/libsystemd/sd-id128/sd-id128.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-
-#include "fd-util.h"
-#include "hexdecoct.h"
-#include "io-util.h"
-#include "macro.h"
-#include "random-util.h"
-#include "util.h"
-
-_public_ char *sd_id128_to_string(sd_id128_t id, char s[SD_ID128_STRING_MAX]) {
-        unsigned n;
-
-        assert_return(s, NULL);
-
-        for (n = 0; n < 16; n++) {
-                s[n*2] = hexchar(id.bytes[n] >> 4);
-                s[n*2+1] = hexchar(id.bytes[n] & 0xF);
-        }
-
-        s[32] = 0;
-
-        return s;
-}
-
-_public_ int sd_id128_from_string(const char s[], sd_id128_t *ret) {
-        unsigned n, i;
-        sd_id128_t t;
-        bool is_guid = false;
-
-        assert_return(s, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        for (n = 0, i = 0; n < 16;) {
-                int a, b;
-
-                if (s[i] == '-') {
-                        /* Is this a GUID? Then be nice, and skip over
-                         * the dashes */
-
-                        if (i == 8)
-                                is_guid = true;
-                        else if (i == 13 || i == 18 || i == 23) {
-                                if (!is_guid)
-                                        return -EINVAL;
-                        } else
-                                return -EINVAL;
-
-                        i++;
-                        continue;
-                }
-
-                a = unhexchar(s[i++]);
-                if (a < 0)
-                        return -EINVAL;
-
-                b = unhexchar(s[i++]);
-                if (b < 0)
-                        return -EINVAL;
-
-                t.bytes[n++] = (a << 4) | b;
-        }
-
-        if (i != (is_guid ? 36 : 32))
-                return -EINVAL;
-
-        if (s[i] != 0)
-                return -EINVAL;
-
-        *ret = t;
-        return 0;
-}
-
-static sd_id128_t make_v4_uuid(sd_id128_t id) {
-        /* Stolen from generate_random_uuid() of drivers/char/random.c
-         * in the kernel sources */
-
-        /* Set UUID version to 4 --- truly random generation */
-        id.bytes[6] = (id.bytes[6] & 0x0F) | 0x40;
-
-        /* Set the UUID variant to DCE */
-        id.bytes[8] = (id.bytes[8] & 0x3F) | 0x80;
-
-        return id;
-}
-
-_public_ int sd_id128_get_machine(sd_id128_t *ret) {
-        static thread_local sd_id128_t saved_machine_id;
-        static thread_local bool saved_machine_id_valid = false;
-        _cleanup_close_ int fd = -1;
-        char buf[33];
-        unsigned j;
-        sd_id128_t t;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        if (saved_machine_id_valid) {
-                *ret = saved_machine_id;
-                return 0;
-        }
-
-        fd = open("/etc/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
-        if (fd < 0)
-                return -errno;
-
-        r = loop_read_exact(fd, buf, 33, false);
-        if (r < 0)
-                return r;
-        if (buf[32] !='\n')
-                return -EIO;
-
-        for (j = 0; j < 16; j++) {
-                int a, b;
-
-                a = unhexchar(buf[j*2]);
-                b = unhexchar(buf[j*2+1]);
-
-                if (a < 0 || b < 0)
-                        return -EIO;
-
-                t.bytes[j] = a << 4 | b;
-        }
-
-        saved_machine_id = t;
-        saved_machine_id_valid = true;
-
-        *ret = t;
-        return 0;
-}
-
-_public_ int sd_id128_get_boot(sd_id128_t *ret) {
-        static thread_local sd_id128_t saved_boot_id;
-        static thread_local bool saved_boot_id_valid = false;
-        _cleanup_close_ int fd = -1;
-        char buf[36];
-        unsigned j;
-        sd_id128_t t;
-        char *p;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        if (saved_boot_id_valid) {
-                *ret = saved_boot_id;
-                return 0;
-        }
-
-        fd = open("/proc/sys/kernel/random/boot_id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
-        if (fd < 0)
-                return -errno;
-
-        r = loop_read_exact(fd, buf, 36, false);
-        if (r < 0)
-                return r;
-
-        for (j = 0, p = buf; j < 16; j++) {
-                int a, b;
-
-                if (p >= buf + 35)
-                        return -EIO;
-
-                if (*p == '-') {
-                        p++;
-                        if (p >= buf + 35)
-                                return -EIO;
-                }
-
-                a = unhexchar(p[0]);
-                b = unhexchar(p[1]);
-
-                if (a < 0 || b < 0)
-                        return -EIO;
-
-                t.bytes[j] = a << 4 | b;
-
-                p += 2;
-        }
-
-        saved_boot_id = t;
-        saved_boot_id_valid = true;
-
-        *ret = t;
-        return 0;
-}
-
-_public_ int sd_id128_randomize(sd_id128_t *ret) {
-        sd_id128_t t;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        r = dev_urandom(&t, sizeof(t));
-        if (r < 0)
-                return r;
-
-        /* Turn this into a valid v4 UUID, to be nice. Note that we
-         * only guarantee this for newly generated UUIDs, not for
-         * pre-existing ones. */
-
-        *ret = make_v4_uuid(t);
-        return 0;
-}
diff --git a/src/libsystemd/sd-login/Makefile b/src/libsystemd/sd-login/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/libsystemd/sd-login/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-login/sd-login.c b/src/libsystemd/sd-login/sd-login.c
deleted file mode 100644
index 9d4f187502..0000000000
--- a/src/libsystemd/sd-login/sd-login.c
+++ /dev/null
@@ -1,1062 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <poll.h>
-#include <string.h>
-#include <sys/inotify.h>
-#include <unistd.h>
-
-#include "sd-login.h"
-
-#include "alloc-util.h"
-#include "cgroup-util.h"
-#include "dirent-util.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "hostname-util.h"
-#include "io-util.h"
-#include "login-util.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "socket-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "user-util.h"
-#include "util.h"
-
-/* Error codes:
- *
- *    invalid input parameters                → -EINVAL
- *    invalid fd                              → -EBADF
- *    process does not exist                  → -ESRCH
- *    cgroup does not exist                   → -ENOENT
- *    machine, session does not exist         → -ENXIO
- *    requested metadata on object is missing → -ENODATA
- */
-
-_public_ int sd_pid_get_session(pid_t pid, char **session) {
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(session, -EINVAL);
-
-        return cg_pid_get_session(pid, session);
-}
-
-_public_ int sd_pid_get_unit(pid_t pid, char **unit) {
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(unit, -EINVAL);
-
-        return cg_pid_get_unit(pid, unit);
-}
-
-_public_ int sd_pid_get_user_unit(pid_t pid, char **unit) {
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(unit, -EINVAL);
-
-        return cg_pid_get_user_unit(pid, unit);
-}
-
-_public_ int sd_pid_get_machine_name(pid_t pid, char **name) {
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(name, -EINVAL);
-
-        return cg_pid_get_machine_name(pid, name);
-}
-
-_public_ int sd_pid_get_slice(pid_t pid, char **slice) {
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(slice, -EINVAL);
-
-        return cg_pid_get_slice(pid, slice);
-}
-
-_public_ int sd_pid_get_user_slice(pid_t pid, char **slice) {
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(slice, -EINVAL);
-
-        return cg_pid_get_user_slice(pid, slice);
-}
-
-_public_ int sd_pid_get_owner_uid(pid_t pid, uid_t *uid) {
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(uid, -EINVAL);
-
-        return cg_pid_get_owner_uid(pid, uid);
-}
-
-_public_ int sd_pid_get_cgroup(pid_t pid, char **cgroup) {
-        char *c;
-        int r;
-
-        assert_return(pid >= 0, -EINVAL);
-        assert_return(cgroup, -EINVAL);
-
-        r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &c);
-        if (r < 0)
-                return r;
-
-        /* The internal APIs return the empty string for the root
-         * cgroup, let's return the "/" in the public APIs instead, as
-         * that's easier and less ambigious for people to grok. */
-        if (isempty(c)) {
-                free(c);
-                c = strdup("/");
-                if (!c)
-                        return -ENOMEM;
-
-        }
-
-        *cgroup = c;
-        return 0;
-}
-
-_public_ int sd_peer_get_session(int fd, char **session) {
-        struct ucred ucred = {};
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(session, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return cg_pid_get_session(ucred.pid, session);
-}
-
-_public_ int sd_peer_get_owner_uid(int fd, uid_t *uid) {
-        struct ucred ucred;
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(uid, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return cg_pid_get_owner_uid(ucred.pid, uid);
-}
-
-_public_ int sd_peer_get_unit(int fd, char **unit) {
-        struct ucred ucred;
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(unit, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return cg_pid_get_unit(ucred.pid, unit);
-}
-
-_public_ int sd_peer_get_user_unit(int fd, char **unit) {
-        struct ucred ucred;
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(unit, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return cg_pid_get_user_unit(ucred.pid, unit);
-}
-
-_public_ int sd_peer_get_machine_name(int fd, char **machine) {
-        struct ucred ucred;
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(machine, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return cg_pid_get_machine_name(ucred.pid, machine);
-}
-
-_public_ int sd_peer_get_slice(int fd, char **slice) {
-        struct ucred ucred;
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(slice, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return cg_pid_get_slice(ucred.pid, slice);
-}
-
-_public_ int sd_peer_get_user_slice(int fd, char **slice) {
-        struct ucred ucred;
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(slice, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return cg_pid_get_user_slice(ucred.pid, slice);
-}
-
-_public_ int sd_peer_get_cgroup(int fd, char **cgroup) {
-        struct ucred ucred;
-        int r;
-
-        assert_return(fd >= 0, -EBADF);
-        assert_return(cgroup, -EINVAL);
-
-        r = getpeercred(fd, &ucred);
-        if (r < 0)
-                return r;
-
-        return sd_pid_get_cgroup(ucred.pid, cgroup);
-}
-
-static int file_of_uid(uid_t uid, char **p) {
-
-        assert_return(uid_is_valid(uid), -EINVAL);
-        assert(p);
-
-        if (asprintf(p, "/run/systemd/users/" UID_FMT, uid) < 0)
-                return -ENOMEM;
-
-        return 0;
-}
-
-_public_ int sd_uid_get_state(uid_t uid, char**state) {
-        _cleanup_free_ char *p = NULL;
-        char *s = NULL;
-        int r;
-
-        assert_return(state, -EINVAL);
-
-        r = file_of_uid(uid, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, "STATE", &s, NULL);
-        if (r == -ENOENT) {
-                free(s);
-                s = strdup("offline");
-                if (!s)
-                        return -ENOMEM;
-
-        }
-        if (r < 0) {
-                free(s);
-                return r;
-        }
-        if (isempty(s)) {
-                free(s);
-                return -EIO;
-        }
-
-        *state = s;
-        return 0;
-}
-
-_public_ int sd_uid_get_display(uid_t uid, char **session) {
-        _cleanup_free_ char *p = NULL, *s = NULL;
-        int r;
-
-        assert_return(session, -EINVAL);
-
-        r = file_of_uid(uid, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, "DISPLAY", &s, NULL);
-        if (r == -ENOENT)
-                return -ENODATA;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -ENODATA;
-
-        *session = s;
-        s = NULL;
-
-        return 0;
-}
-
-static int file_of_seat(const char *seat, char **_p) {
-        char *p;
-        int r;
-
-        assert(_p);
-
-        if (seat) {
-                if (!filename_is_valid(seat))
-                        return -EINVAL;
-
-                p = strappend("/run/systemd/seats/", seat);
-        } else {
-                _cleanup_free_ char *buf = NULL;
-
-                r = sd_session_get_seat(NULL, &buf);
-                if (r < 0)
-                        return r;
-
-                p = strappend("/run/systemd/seats/", buf);
-        }
-
-        if (!p)
-                return -ENOMEM;
-
-        *_p = p;
-        p = NULL;
-        return 0;
-}
-
-_public_ int sd_uid_is_on_seat(uid_t uid, int require_active, const char *seat) {
-        _cleanup_free_ char *t = NULL, *s = NULL, *p = NULL;
-        size_t l;
-        int r;
-        const char *word, *variable, *state;
-
-        assert_return(uid_is_valid(uid), -EINVAL);
-
-        r = file_of_seat(seat, &p);
-        if (r < 0)
-                return r;
-
-        variable = require_active ? "ACTIVE_UID" : "UIDS";
-
-        r = parse_env_file(p, NEWLINE, variable, &s, NULL);
-        if (r == -ENOENT)
-                return 0;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return 0;
-
-        if (asprintf(&t, UID_FMT, uid) < 0)
-                return -ENOMEM;
-
-        FOREACH_WORD(word, l, s, state)
-                if (strneq(t, word, l))
-                        return 1;
-
-        return 0;
-}
-
-static int uid_get_array(uid_t uid, const char *variable, char ***array) {
-        _cleanup_free_ char *p = NULL, *s = NULL;
-        char **a;
-        int r;
-
-        assert(variable);
-
-        r = file_of_uid(uid, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, variable, &s, NULL);
-        if (r == -ENOENT || (r >= 0 && isempty(s))) {
-                if (array)
-                        *array = NULL;
-                return 0;
-        }
-        if (r < 0)
-                return r;
-
-        a = strv_split(s, " ");
-        if (!a)
-                return -ENOMEM;
-
-        strv_uniq(a);
-        r = strv_length(a);
-
-        if (array)
-                *array = a;
-        else
-                strv_free(a);
-
-        return r;
-}
-
-_public_ int sd_uid_get_sessions(uid_t uid, int require_active, char ***sessions) {
-        return uid_get_array(
-                        uid,
-                        require_active == 0 ? "ONLINE_SESSIONS" :
-                        require_active > 0  ? "ACTIVE_SESSIONS" :
-                                              "SESSIONS",
-                        sessions);
-}
-
-_public_ int sd_uid_get_seats(uid_t uid, int require_active, char ***seats) {
-        return uid_get_array(
-                        uid,
-                        require_active == 0 ? "ONLINE_SEATS" :
-                        require_active > 0  ? "ACTIVE_SEATS" :
-                                              "SEATS",
-                        seats);
-}
-
-static int file_of_session(const char *session, char **_p) {
-        char *p;
-        int r;
-
-        assert(_p);
-
-        if (session) {
-                if (!session_id_valid(session))
-                        return -EINVAL;
-
-                p = strappend("/run/systemd/sessions/", session);
-        } else {
-                _cleanup_free_ char *buf = NULL;
-
-                r = sd_pid_get_session(0, &buf);
-                if (r < 0)
-                        return r;
-
-                p = strappend("/run/systemd/sessions/", buf);
-        }
-
-        if (!p)
-                return -ENOMEM;
-
-        *_p = p;
-        return 0;
-}
-
-_public_ int sd_session_is_active(const char *session) {
-        _cleanup_free_ char *p = NULL, *s = NULL;
-        int r;
-
-        r = file_of_session(session, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, "ACTIVE", &s, NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -EIO;
-
-        return parse_boolean(s);
-}
-
-_public_ int sd_session_is_remote(const char *session) {
-        _cleanup_free_ char *p = NULL, *s = NULL;
-        int r;
-
-        r = file_of_session(session, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, "REMOTE", &s, NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -ENODATA;
-
-        return parse_boolean(s);
-}
-
-_public_ int sd_session_get_state(const char *session, char **state) {
-        _cleanup_free_ char *p = NULL, *s = NULL;
-        int r;
-
-        assert_return(state, -EINVAL);
-
-        r = file_of_session(session, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, "STATE", &s, NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -EIO;
-
-        *state = s;
-        s = NULL;
-
-        return 0;
-}
-
-_public_ int sd_session_get_uid(const char *session, uid_t *uid) {
-        int r;
-        _cleanup_free_ char *p = NULL, *s = NULL;
-
-        assert_return(uid, -EINVAL);
-
-        r = file_of_session(session, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, "UID", &s, NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -EIO;
-
-        return parse_uid(s, uid);
-}
-
-static int session_get_string(const char *session, const char *field, char **value) {
-        _cleanup_free_ char *p = NULL, *s = NULL;
-        int r;
-
-        assert_return(value, -EINVAL);
-        assert(field);
-
-        r = file_of_session(session, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE, field, &s, NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -ENODATA;
-
-        *value = s;
-        s = NULL;
-        return 0;
-}
-
-_public_ int sd_session_get_seat(const char *session, char **seat) {
-        return session_get_string(session, "SEAT", seat);
-}
-
-_public_ int sd_session_get_tty(const char *session, char **tty) {
-        return session_get_string(session, "TTY", tty);
-}
-
-_public_ int sd_session_get_vt(const char *session, unsigned *vtnr) {
-        _cleanup_free_ char *vtnr_string = NULL;
-        unsigned u;
-        int r;
-
-        assert_return(vtnr, -EINVAL);
-
-        r = session_get_string(session, "VTNR", &vtnr_string);
-        if (r < 0)
-                return r;
-
-        r = safe_atou(vtnr_string, &u);
-        if (r < 0)
-                return r;
-
-        *vtnr = u;
-        return 0;
-}
-
-_public_ int sd_session_get_service(const char *session, char **service) {
-        return session_get_string(session, "SERVICE", service);
-}
-
-_public_ int sd_session_get_type(const char *session, char **type) {
-        return session_get_string(session, "TYPE", type);
-}
-
-_public_ int sd_session_get_class(const char *session, char **class) {
-        return session_get_string(session, "CLASS", class);
-}
-
-_public_ int sd_session_get_desktop(const char *session, char **desktop) {
-        _cleanup_free_ char *escaped = NULL;
-        char *t;
-        int r;
-
-        assert_return(desktop, -EINVAL);
-
-        r = session_get_string(session, "DESKTOP", &escaped);
-        if (r < 0)
-                return r;
-
-        r = cunescape(escaped, 0, &t);
-        if (r < 0)
-                return r;
-
-        *desktop = t;
-        return 0;
-}
-
-_public_ int sd_session_get_display(const char *session, char **display) {
-        return session_get_string(session, "DISPLAY", display);
-}
-
-_public_ int sd_session_get_remote_user(const char *session, char **remote_user) {
-        return session_get_string(session, "REMOTE_USER", remote_user);
-}
-
-_public_ int sd_session_get_remote_host(const char *session, char **remote_host) {
-        return session_get_string(session, "REMOTE_HOST", remote_host);
-}
-
-_public_ int sd_seat_get_active(const char *seat, char **session, uid_t *uid) {
-        _cleanup_free_ char *p = NULL, *s = NULL, *t = NULL;
-        int r;
-
-        assert_return(session || uid, -EINVAL);
-
-        r = file_of_seat(seat, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE,
-                           "ACTIVE", &s,
-                           "ACTIVE_UID", &t,
-                           NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-
-        if (session && !s)
-                return -ENODATA;
-
-        if (uid && !t)
-                return -ENODATA;
-
-        if (uid && t) {
-                r = parse_uid(t, uid);
-                if (r < 0)
-                        return r;
-        }
-
-        if (session && s) {
-                *session = s;
-                s = NULL;
-        }
-
-        return 0;
-}
-
-_public_ int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uids, unsigned *n_uids) {
-        _cleanup_free_ char *p = NULL, *s = NULL, *t = NULL;
-        _cleanup_strv_free_ char **a = NULL;
-        _cleanup_free_ uid_t *b = NULL;
-        unsigned n = 0;
-        int r;
-
-        r = file_of_seat(seat, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE,
-                           "SESSIONS", &s,
-                           "ACTIVE_SESSIONS", &t,
-                           NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-
-        if (s) {
-                a = strv_split(s, " ");
-                if (!a)
-                        return -ENOMEM;
-        }
-
-        if (uids && t) {
-                const char *word, *state;
-                size_t l;
-
-                FOREACH_WORD(word, l, t, state)
-                        n++;
-
-                if (n > 0) {
-                        unsigned i = 0;
-
-                        b = new(uid_t, n);
-                        if (!b)
-                                return -ENOMEM;
-
-                        FOREACH_WORD(word, l, t, state) {
-                                _cleanup_free_ char *k = NULL;
-
-                                k = strndup(word, l);
-                                if (!k)
-                                        return -ENOMEM;
-
-                                r = parse_uid(k, b + i);
-                                if (r < 0)
-                                        continue;
-
-                                i++;
-                        }
-                }
-        }
-
-        r = strv_length(a);
-
-        if (sessions) {
-                *sessions = a;
-                a = NULL;
-        }
-
-        if (uids) {
-                *uids = b;
-                b = NULL;
-        }
-
-        if (n_uids)
-                *n_uids = n;
-
-        return r;
-}
-
-static int seat_get_can(const char *seat, const char *variable) {
-        _cleanup_free_ char *p = NULL, *s = NULL;
-        int r;
-
-        assert(variable);
-
-        r = file_of_seat(seat, &p);
-        if (r < 0)
-                return r;
-
-        r = parse_env_file(p, NEWLINE,
-                           variable, &s,
-                           NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -ENODATA;
-
-        return parse_boolean(s);
-}
-
-_public_ int sd_seat_can_multi_session(const char *seat) {
-        return seat_get_can(seat, "CAN_MULTI_SESSION");
-}
-
-_public_ int sd_seat_can_tty(const char *seat) {
-        return seat_get_can(seat, "CAN_TTY");
-}
-
-_public_ int sd_seat_can_graphical(const char *seat) {
-        return seat_get_can(seat, "CAN_GRAPHICAL");
-}
-
-_public_ int sd_get_seats(char ***seats) {
-        return get_files_in_directory("/run/systemd/seats/", seats);
-}
-
-_public_ int sd_get_sessions(char ***sessions) {
-        return get_files_in_directory("/run/systemd/sessions/", sessions);
-}
-
-_public_ int sd_get_uids(uid_t **users) {
-        _cleanup_closedir_ DIR *d;
-        int r = 0;
-        unsigned n = 0;
-        _cleanup_free_ uid_t *l = NULL;
-
-        d = opendir("/run/systemd/users/");
-        if (!d)
-                return -errno;
-
-        for (;;) {
-                struct dirent *de;
-                int k;
-                uid_t uid;
-
-                errno = 0;
-                de = readdir(d);
-                if (!de && errno > 0)
-                        return -errno;
-
-                if (!de)
-                        break;
-
-                dirent_ensure_type(d, de);
-
-                if (!dirent_is_file(de))
-                        continue;
-
-                k = parse_uid(de->d_name, &uid);
-                if (k < 0)
-                        continue;
-
-                if (users) {
-                        if ((unsigned) r >= n) {
-                                uid_t *t;
-
-                                n = MAX(16, 2*r);
-                                t = realloc(l, sizeof(uid_t) * n);
-                                if (!t)
-                                        return -ENOMEM;
-
-                                l = t;
-                        }
-
-                        assert((unsigned) r < n);
-                        l[r++] = uid;
-                } else
-                        r++;
-        }
-
-        if (users) {
-                *users = l;
-                l = NULL;
-        }
-
-        return r;
-}
-
-_public_ int sd_get_machine_names(char ***machines) {
-        char **l = NULL, **a, **b;
-        int r;
-
-        assert_return(machines, -EINVAL);
-
-        r = get_files_in_directory("/run/systemd/machines/", &l);
-        if (r < 0)
-                return r;
-
-        if (l) {
-                r = 0;
-
-                /* Filter out the unit: symlinks */
-                for (a = l, b = l; *a; a++) {
-                        if (startswith(*a, "unit:") || !machine_name_is_valid(*a))
-                                free(*a);
-                        else {
-                                *b = *a;
-                                b++;
-                                r++;
-                        }
-                }
-
-                *b = NULL;
-        }
-
-        *machines = l;
-        return r;
-}
-
-_public_ int sd_machine_get_class(const char *machine, char **class) {
-        _cleanup_free_ char *c = NULL;
-        const char *p;
-        int r;
-
-        assert_return(machine_name_is_valid(machine), -EINVAL);
-        assert_return(class, -EINVAL);
-
-        p = strjoina("/run/systemd/machines/", machine);
-        r = parse_env_file(p, NEWLINE, "CLASS", &c, NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (!c)
-                return -EIO;
-
-        *class = c;
-        c = NULL;
-
-        return 0;
-}
-
-_public_ int sd_machine_get_ifindices(const char *machine, int **ifindices) {
-        _cleanup_free_ char *netif = NULL;
-        size_t l, allocated = 0, nr = 0;
-        int *ni = NULL;
-        const char *p, *word, *state;
-        int r;
-
-        assert_return(machine_name_is_valid(machine), -EINVAL);
-        assert_return(ifindices, -EINVAL);
-
-        p = strjoina("/run/systemd/machines/", machine);
-        r = parse_env_file(p, NEWLINE, "NETIF", &netif, NULL);
-        if (r == -ENOENT)
-                return -ENXIO;
-        if (r < 0)
-                return r;
-        if (!netif) {
-                *ifindices = NULL;
-                return 0;
-        }
-
-        FOREACH_WORD(word, l, netif, state) {
-                char buf[l+1];
-                int ifi;
-
-                *(char*) (mempcpy(buf, word, l)) = 0;
-
-                if (parse_ifindex(buf, &ifi) < 0)
-                        continue;
-
-                if (!GREEDY_REALLOC(ni, allocated, nr+1)) {
-                        free(ni);
-                        return -ENOMEM;
-                }
-
-                ni[nr++] = ifi;
-        }
-
-        *ifindices = ni;
-        return nr;
-}
-
-static inline int MONITOR_TO_FD(sd_login_monitor *m) {
-        return (int) (unsigned long) m - 1;
-}
-
-static inline sd_login_monitor* FD_TO_MONITOR(int fd) {
-        return (sd_login_monitor*) (unsigned long) (fd + 1);
-}
-
-_public_ int sd_login_monitor_new(const char *category, sd_login_monitor **m) {
-        int fd, k;
-        bool good = false;
-
-        assert_return(m, -EINVAL);
-
-        fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        if (!category || streq(category, "seat")) {
-                k = inotify_add_watch(fd, "/run/systemd/seats/", IN_MOVED_TO|IN_DELETE);
-                if (k < 0) {
-                        safe_close(fd);
-                        return -errno;
-                }
-
-                good = true;
-        }
-
-        if (!category || streq(category, "session")) {
-                k = inotify_add_watch(fd, "/run/systemd/sessions/", IN_MOVED_TO|IN_DELETE);
-                if (k < 0) {
-                        safe_close(fd);
-                        return -errno;
-                }
-
-                good = true;
-        }
-
-        if (!category || streq(category, "uid")) {
-                k = inotify_add_watch(fd, "/run/systemd/users/", IN_MOVED_TO|IN_DELETE);
-                if (k < 0) {
-                        safe_close(fd);
-                        return -errno;
-                }
-
-                good = true;
-        }
-
-        if (!category || streq(category, "machine")) {
-                k = inotify_add_watch(fd, "/run/systemd/machines/", IN_MOVED_TO|IN_DELETE);
-                if (k < 0) {
-                        safe_close(fd);
-                        return -errno;
-                }
-
-                good = true;
-        }
-
-        if (!good) {
-                close_nointr(fd);
-                return -EINVAL;
-        }
-
-        *m = FD_TO_MONITOR(fd);
-        return 0;
-}
-
-_public_ sd_login_monitor* sd_login_monitor_unref(sd_login_monitor *m) {
-        int fd;
-
-        if (!m)
-                return NULL;
-
-        fd = MONITOR_TO_FD(m);
-        close_nointr(fd);
-
-        return NULL;
-}
-
-_public_ int sd_login_monitor_flush(sd_login_monitor *m) {
-
-        assert_return(m, -EINVAL);
-
-        return flush_fd(MONITOR_TO_FD(m));
-}
-
-_public_ int sd_login_monitor_get_fd(sd_login_monitor *m) {
-
-        assert_return(m, -EINVAL);
-
-        return MONITOR_TO_FD(m);
-}
-
-_public_ int sd_login_monitor_get_events(sd_login_monitor *m) {
-
-        assert_return(m, -EINVAL);
-
-        /* For now we will only return POLLIN here, since we don't
-         * need anything else ever for inotify.  However, let's have
-         * this API to keep our options open should we later on need
-         * it. */
-        return POLLIN;
-}
-
-_public_ int sd_login_monitor_get_timeout(sd_login_monitor *m, uint64_t *timeout_usec) {
-
-        assert_return(m, -EINVAL);
-        assert_return(timeout_usec, -EINVAL);
-
-        /* For now we will only return (uint64_t) -1, since we don't
-         * need any timeout. However, let's have this API to keep our
-         * options open should we later on need it. */
-        *timeout_usec = (uint64_t) -1;
-        return 0;
-}
diff --git a/src/libsystemd/sd-login/test-login.c b/src/libsystemd/sd-login/test-login.c
deleted file mode 100644
index c1fd7dd33e..0000000000
--- a/src/libsystemd/sd-login/test-login.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <poll.h>
-#include <string.h>
-
-#include "sd-login.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-static void test_login(void) {
-        _cleanup_close_pair_ int pair[2] = { -1, -1 };
-        _cleanup_free_ char *pp = NULL, *qq = NULL;
-        int r, k;
-        uid_t u, u2;
-        char *seat, *type, *class, *display, *remote_user, *remote_host, *display_session, *cgroup;
-        char *session;
-        char *state;
-        char *session2;
-        char *t;
-        char **seats, **sessions, **machines;
-        uid_t *uids;
-        unsigned n;
-        struct pollfd pollfd;
-        sd_login_monitor *m = NULL;
-
-        assert_se(sd_pid_get_session(0, &session) == 0);
-        printf("session = %s\n", session);
-
-        assert_se(sd_pid_get_owner_uid(0, &u2) == 0);
-        printf("user = "UID_FMT"\n", u2);
-
-        assert_se(sd_pid_get_cgroup(0, &cgroup) == 0);
-        printf("cgroup = %s\n", cgroup);
-        free(cgroup);
-
-        display_session = NULL;
-        r = sd_uid_get_display(u2, &display_session);
-        assert_se(r >= 0 || r == -ENODATA);
-        printf("user's display session = %s\n", strna(display_session));
-        free(display_session);
-
-        assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0);
-        sd_peer_get_session(pair[0], &pp);
-        sd_peer_get_session(pair[1], &qq);
-        assert_se(streq_ptr(pp, qq));
-
-        r = sd_uid_get_sessions(u2, false, &sessions);
-        assert_se(r >= 0);
-        assert_se(r == (int) strv_length(sessions));
-        assert_se(t = strv_join(sessions, ", "));
-        strv_free(sessions);
-        printf("sessions = %s\n", t);
-        free(t);
-
-        assert_se(r == sd_uid_get_sessions(u2, false, NULL));
-
-        r = sd_uid_get_seats(u2, false, &seats);
-        assert_se(r >= 0);
-        assert_se(r == (int) strv_length(seats));
-        assert_se(t = strv_join(seats, ", "));
-        strv_free(seats);
-        printf("seats = %s\n", t);
-        free(t);
-
-        assert_se(r == sd_uid_get_seats(u2, false, NULL));
-
-        r = sd_session_is_active(session);
-        assert_se(r >= 0);
-        printf("active = %s\n", yes_no(r));
-
-        r = sd_session_is_remote(session);
-        assert_se(r >= 0);
-        printf("remote = %s\n", yes_no(r));
-
-        r = sd_session_get_state(session, &state);
-        assert_se(r >= 0);
-        printf("state = %s\n", state);
-        free(state);
-
-        assert_se(sd_session_get_uid(session, &u) >= 0);
-        printf("uid = "UID_FMT"\n", u);
-        assert_se(u == u2);
-
-        assert_se(sd_session_get_type(session, &type) >= 0);
-        printf("type = %s\n", type);
-        free(type);
-
-        assert_se(sd_session_get_class(session, &class) >= 0);
-        printf("class = %s\n", class);
-        free(class);
-
-        display = NULL;
-        r = sd_session_get_display(session, &display);
-        assert_se(r >= 0 || r == -ENODATA);
-        printf("display = %s\n", strna(display));
-        free(display);
-
-        remote_user = NULL;
-        r = sd_session_get_remote_user(session, &remote_user);
-        assert_se(r >= 0 || r == -ENODATA);
-        printf("remote_user = %s\n", strna(remote_user));
-        free(remote_user);
-
-        remote_host = NULL;
-        r = sd_session_get_remote_host(session, &remote_host);
-        assert_se(r >= 0 || r == -ENODATA);
-        printf("remote_host = %s\n", strna(remote_host));
-        free(remote_host);
-
-        assert_se(sd_session_get_seat(session, &seat) >= 0);
-        printf("seat = %s\n", seat);
-
-        r = sd_seat_can_multi_session(seat);
-        assert_se(r >= 0);
-        printf("can do multi session = %s\n", yes_no(r));
-
-        r = sd_seat_can_tty(seat);
-        assert_se(r >= 0);
-        printf("can do tty = %s\n", yes_no(r));
-
-        r = sd_seat_can_graphical(seat);
-        assert_se(r >= 0);
-        printf("can do graphical = %s\n", yes_no(r));
-
-        assert_se(sd_uid_get_state(u, &state) >= 0);
-        printf("state = %s\n", state);
-
-        assert_se(sd_uid_is_on_seat(u, 0, seat) > 0);
-
-        k = sd_uid_is_on_seat(u, 1, seat);
-        assert_se(k >= 0);
-        assert_se(!!r == !!r);
-
-        assert_se(sd_seat_get_active(seat, &session2, &u2) >= 0);
-        printf("session2 = %s\n", session2);
-        printf("uid2 = "UID_FMT"\n", u2);
-
-        r = sd_seat_get_sessions(seat, &sessions, &uids, &n);
-        assert_se(r >= 0);
-        printf("n_sessions = %i\n", r);
-        assert_se(r == (int) strv_length(sessions));
-        assert_se(t = strv_join(sessions, ", "));
-        strv_free(sessions);
-        printf("sessions = %s\n", t);
-        free(t);
-        printf("uids =");
-        for (k = 0; k < (int) n; k++)
-                printf(" "UID_FMT, uids[k]);
-        printf("\n");
-        free(uids);
-
-        assert_se(sd_seat_get_sessions(seat, NULL, NULL, NULL) == r);
-
-        free(session);
-        free(state);
-        free(session2);
-        free(seat);
-
-        r = sd_get_seats(&seats);
-        assert_se(r >= 0);
-        assert_se(r == (int) strv_length(seats));
-        assert_se(t = strv_join(seats, ", "));
-        strv_free(seats);
-        printf("n_seats = %i\n", r);
-        printf("seats = %s\n", t);
-        free(t);
-
-        assert_se(sd_get_seats(NULL) == r);
-
-        r = sd_seat_get_active(NULL, &t, NULL);
-        assert_se(r >= 0);
-        printf("active session on current seat = %s\n", t);
-        free(t);
-
-        r = sd_get_sessions(&sessions);
-        assert_se(r >= 0);
-        assert_se(r == (int) strv_length(sessions));
-        assert_se(t = strv_join(sessions, ", "));
-        strv_free(sessions);
-        printf("n_sessions = %i\n", r);
-        printf("sessions = %s\n", t);
-        free(t);
-
-        assert_se(sd_get_sessions(NULL) == r);
-
-        r = sd_get_uids(&uids);
-        assert_se(r >= 0);
-
-        printf("uids =");
-        for (k = 0; k < r; k++)
-                printf(" "UID_FMT, uids[k]);
-        printf("\n");
-        free(uids);
-
-        printf("n_uids = %i\n", r);
-        assert_se(sd_get_uids(NULL) == r);
-
-        r = sd_get_machine_names(&machines);
-        assert_se(r >= 0);
-        assert_se(r == (int) strv_length(machines));
-        assert_se(t = strv_join(machines, ", "));
-        strv_free(machines);
-        printf("n_machines = %i\n", r);
-        printf("machines = %s\n", t);
-        free(t);
-
-        r = sd_login_monitor_new("session", &m);
-        assert_se(r >= 0);
-
-        for (n = 0; n < 5; n++) {
-                usec_t timeout, nw;
-
-                zero(pollfd);
-                assert_se((pollfd.fd = sd_login_monitor_get_fd(m)) >= 0);
-                assert_se((pollfd.events = sd_login_monitor_get_events(m)) >= 0);
-
-                assert_se(sd_login_monitor_get_timeout(m, &timeout) >= 0);
-
-                nw = now(CLOCK_MONOTONIC);
-
-                r = poll(&pollfd, 1,
-                         timeout == (uint64_t) -1 ? -1 :
-                         timeout > nw ? (int) ((timeout - nw) / 1000) :
-                         0);
-
-                assert_se(r >= 0);
-
-                sd_login_monitor_flush(m);
-                printf("Wake!\n");
-        }
-
-        sd_login_monitor_unref(m);
-}
-
-int main(int argc, char* argv[]) {
-        log_parse_environment();
-        log_open();
-
-        test_login();
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-netlink/Makefile b/src/libsystemd/sd-netlink/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/libsystemd/sd-netlink/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-netlink/local-addresses.c b/src/libsystemd/sd-netlink/local-addresses.c
deleted file mode 100644
index ed9ee041ab..0000000000
--- a/src/libsystemd/sd-netlink/local-addresses.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2011 Lennart Poettering
-  Copyright 2014 Tom Gundersen
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "local-addresses.h"
-#include "macro.h"
-#include "netlink-util.h"
-
-static int address_compare(const void *_a, const void *_b) {
-        const struct local_address *a = _a, *b = _b;
-
-        /* Order lowest scope first, IPv4 before IPv6, lowest interface index first */
-
-        if (a->family == AF_INET && b->family == AF_INET6)
-                return -1;
-        if (a->family == AF_INET6 && b->family == AF_INET)
-                return 1;
-
-        if (a->scope < b->scope)
-                return -1;
-        if (a->scope > b->scope)
-                return 1;
-
-        if (a->metric < b->metric)
-                return -1;
-        if (a->metric > b->metric)
-                return 1;
-
-        if (a->ifindex < b->ifindex)
-                return -1;
-        if (a->ifindex > b->ifindex)
-                return 1;
-
-        return memcmp(&a->address, &b->address, FAMILY_ADDRESS_SIZE(a->family));
-}
-
-int local_addresses(sd_netlink *context, int ifindex, int af, struct local_address **ret) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_free_ struct local_address *list = NULL;
-        size_t n_list = 0, n_allocated = 0;
-        sd_netlink_message *m;
-        int r;
-
-        assert(ret);
-
-        if (context)
-                rtnl = sd_netlink_ref(context);
-        else {
-                r = sd_netlink_open(&rtnl);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_rtnl_message_new_addr(rtnl, &req, RTM_GETADDR, 0, af);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(rtnl, req, 0, &reply);
-        if (r < 0)
-                return r;
-
-        for (m = reply; m; m = sd_netlink_message_next(m)) {
-                struct local_address *a;
-                unsigned char flags;
-                uint16_t type;
-                int ifi, family;
-
-                r = sd_netlink_message_get_errno(m);
-                if (r < 0)
-                        return r;
-
-                r = sd_netlink_message_get_type(m, &type);
-                if (r < 0)
-                        return r;
-                if (type != RTM_NEWADDR)
-                        continue;
-
-                r = sd_rtnl_message_addr_get_ifindex(m, &ifi);
-                if (r < 0)
-                        return r;
-                if (ifindex > 0 && ifi != ifindex)
-                        continue;
-
-                r = sd_rtnl_message_addr_get_family(m, &family);
-                if (r < 0)
-                        return r;
-                if (af != AF_UNSPEC && af != family)
-                        continue;
-
-                r = sd_rtnl_message_addr_get_flags(m, &flags);
-                if (r < 0)
-                        return r;
-                if (flags & IFA_F_DEPRECATED)
-                        continue;
-
-                if (!GREEDY_REALLOC0(list, n_allocated, n_list+1))
-                        return -ENOMEM;
-
-                a = list + n_list;
-
-                r = sd_rtnl_message_addr_get_scope(m, &a->scope);
-                if (r < 0)
-                        return r;
-
-                if (ifindex == 0 && (a->scope == RT_SCOPE_HOST || a->scope == RT_SCOPE_NOWHERE))
-                        continue;
-
-                switch (family) {
-
-                case AF_INET:
-                        r = sd_netlink_message_read_in_addr(m, IFA_LOCAL, &a->address.in);
-                        if (r < 0) {
-                                r = sd_netlink_message_read_in_addr(m, IFA_ADDRESS, &a->address.in);
-                                if (r < 0)
-                                        continue;
-                        }
-                        break;
-
-                case AF_INET6:
-                        r = sd_netlink_message_read_in6_addr(m, IFA_LOCAL, &a->address.in6);
-                        if (r < 0) {
-                                r = sd_netlink_message_read_in6_addr(m, IFA_ADDRESS, &a->address.in6);
-                                if (r < 0)
-                                        continue;
-                        }
-                        break;
-
-                default:
-                        continue;
-                }
-
-                a->ifindex = ifi;
-                a->family = family;
-
-                n_list++;
-        };
-
-        qsort_safe(list, n_list, sizeof(struct local_address), address_compare);
-
-        *ret = list;
-        list = NULL;
-
-        return (int) n_list;
-}
-
-int local_gateways(sd_netlink *context, int ifindex, int af, struct local_address **ret) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_free_ struct local_address *list = NULL;
-        sd_netlink_message *m = NULL;
-        size_t n_list = 0, n_allocated = 0;
-        int r;
-
-        assert(ret);
-
-        if (context)
-                rtnl = sd_netlink_ref(context);
-        else {
-                r = sd_netlink_open(&rtnl);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_rtnl_message_new_route(rtnl, &req, RTM_GETROUTE, af, RTPROT_UNSPEC);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_request_dump(req, true);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(rtnl, req, 0, &reply);
-        if (r < 0)
-                return r;
-
-        for (m = reply; m; m = sd_netlink_message_next(m)) {
-                struct local_address *a;
-                uint16_t type;
-                unsigned char dst_len, src_len;
-                uint32_t ifi;
-                int family;
-
-                r = sd_netlink_message_get_errno(m);
-                if (r < 0)
-                        return r;
-
-                r = sd_netlink_message_get_type(m, &type);
-                if (r < 0)
-                        return r;
-                if (type != RTM_NEWROUTE)
-                        continue;
-
-                /* We only care for default routes */
-                r = sd_rtnl_message_route_get_dst_prefixlen(m, &dst_len);
-                if (r < 0)
-                        return r;
-                if (dst_len != 0)
-                        continue;
-
-                r = sd_rtnl_message_route_get_src_prefixlen(m, &src_len);
-                if (r < 0)
-                        return r;
-                if (src_len != 0)
-                        continue;
-
-                r = sd_netlink_message_read_u32(m, RTA_OIF, &ifi);
-                if (r < 0)
-                        return r;
-                if (ifindex > 0 && (int) ifi != ifindex)
-                        continue;
-
-                r = sd_rtnl_message_route_get_family(m, &family);
-                if (r < 0)
-                        return r;
-                if (af != AF_UNSPEC && af != family)
-                        continue;
-
-                if (!GREEDY_REALLOC0(list, n_allocated, n_list + 1))
-                        return -ENOMEM;
-
-                a = list + n_list;
-
-                switch (family) {
-                case AF_INET:
-                        r = sd_netlink_message_read_in_addr(m, RTA_GATEWAY, &a->address.in);
-                        if (r < 0)
-                                continue;
-
-                        break;
-                case AF_INET6:
-                        r = sd_netlink_message_read_in6_addr(m, RTA_GATEWAY, &a->address.in6);
-                        if (r < 0)
-                                continue;
-
-                        break;
-                default:
-                        continue;
-                }
-
-                sd_netlink_message_read_u32(m, RTA_PRIORITY, &a->metric);
-
-                a->ifindex = ifi;
-                a->family = family;
-
-                n_list++;
-        }
-
-        if (n_list > 0)
-                qsort(list, n_list, sizeof(struct local_address), address_compare);
-
-        *ret = list;
-        list = NULL;
-
-        return (int) n_list;
-}
diff --git a/src/libsystemd/sd-netlink/local-addresses.h b/src/libsystemd/sd-netlink/local-addresses.h
deleted file mode 100644
index 18d71e797e..0000000000
--- a/src/libsystemd/sd-netlink/local-addresses.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-
-#include "sd-netlink.h"
-
-#include "in-addr-util.h"
-
-struct local_address {
-        int family, ifindex;
-        unsigned char scope;
-        uint32_t metric;
-        union in_addr_union address;
-};
-
-int local_addresses(sd_netlink *rtnl, int ifindex, int af, struct local_address **ret);
-
-int local_gateways(sd_netlink *rtnl, int ifindex, int af, struct local_address **ret);
diff --git a/src/libsystemd/sd-netlink/netlink-internal.h b/src/libsystemd/sd-netlink/netlink-internal.h
deleted file mode 100644
index dcfb080ad3..0000000000
--- a/src/libsystemd/sd-netlink/netlink-internal.h
+++ /dev/null
@@ -1,137 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <linux/netlink.h>
-
-#include "sd-netlink.h"
-
-#include "list.h"
-#include "netlink-types.h"
-#include "prioq.h"
-#include "refcnt.h"
-
-#define RTNL_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
-
-#define RTNL_WQUEUE_MAX 1024
-#define RTNL_RQUEUE_MAX 64*1024
-
-#define RTNL_CONTAINER_DEPTH 32
-
-struct reply_callback {
-        sd_netlink_message_handler_t callback;
-        void *userdata;
-        usec_t timeout;
-        uint64_t serial;
-        unsigned prioq_idx;
-};
-
-struct match_callback {
-        sd_netlink_message_handler_t callback;
-        uint16_t type;
-        void *userdata;
-
-        LIST_FIELDS(struct match_callback, match_callbacks);
-};
-
-struct sd_netlink {
-        RefCount n_ref;
-
-        int fd;
-
-        union {
-                struct sockaddr sa;
-                struct sockaddr_nl nl;
-        } sockaddr;
-
-        Hashmap *broadcast_group_refs;
-        bool broadcast_group_dont_leave:1; /* until we can rely on 4.2 */
-
-        sd_netlink_message **rqueue;
-        unsigned rqueue_size;
-        size_t rqueue_allocated;
-
-        sd_netlink_message **rqueue_partial;
-        unsigned rqueue_partial_size;
-        size_t rqueue_partial_allocated;
-
-        struct nlmsghdr *rbuffer;
-        size_t rbuffer_allocated;
-
-        bool processing:1;
-
-        uint32_t serial;
-
-        struct Prioq *reply_callbacks_prioq;
-        Hashmap *reply_callbacks;
-
-        LIST_HEAD(struct match_callback, match_callbacks);
-
-        pid_t original_pid;
-
-        sd_event_source *io_event_source;
-        sd_event_source *time_event_source;
-        sd_event_source *exit_event_source;
-        sd_event *event;
-};
-
-struct netlink_attribute {
-        size_t offset; /* offset from hdr to attribute */
-        bool nested:1;
-        bool net_byteorder:1;
-};
-
-struct netlink_container {
-        const struct NLTypeSystem *type_system; /* the type system of the container */
-        size_t offset; /* offset from hdr to the start of the container */
-        struct netlink_attribute *attributes;
-        unsigned short n_attributes; /* number of attributes in container */
-};
-
-struct sd_netlink_message {
-        RefCount n_ref;
-
-        sd_netlink *rtnl;
-
-        struct nlmsghdr *hdr;
-        struct netlink_container containers[RTNL_CONTAINER_DEPTH];
-        unsigned n_containers; /* number of containers */
-        bool sealed:1;
-        bool broadcast:1;
-
-        sd_netlink_message *next; /* next in a chain of multi-part messages */
-};
-
-int message_new(sd_netlink *rtnl, sd_netlink_message **ret, uint16_t type);
-int message_new_empty(sd_netlink *rtnl, sd_netlink_message **ret);
-
-int socket_open(int family);
-int socket_bind(sd_netlink *nl);
-int socket_broadcast_group_ref(sd_netlink *nl, unsigned group);
-int socket_broadcast_group_unref(sd_netlink *nl, unsigned group);
-int socket_write_message(sd_netlink *nl, sd_netlink_message *m);
-int socket_read_message(sd_netlink *nl);
-
-int rtnl_rqueue_make_room(sd_netlink *rtnl);
-int rtnl_rqueue_partial_make_room(sd_netlink *rtnl);
-
-/* Make sure callbacks don't destroy the rtnl connection */
-#define NETLINK_DONT_DESTROY(rtnl) \
-        _cleanup_(sd_netlink_unrefp) _unused_ sd_netlink *_dont_destroy_##rtnl = sd_netlink_ref(rtnl)
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c
deleted file mode 100644
index 86d8dee867..0000000000
--- a/src/libsystemd/sd-netlink/netlink-message.c
+++ /dev/null
@@ -1,961 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/in.h>
-#include <stdbool.h>
-#include <unistd.h>
-
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "formats-util.h"
-#include "missing.h"
-#include "netlink-internal.h"
-#include "netlink-types.h"
-#include "netlink-util.h"
-#include "refcnt.h"
-#include "socket-util.h"
-#include "util.h"
-
-#define GET_CONTAINER(m, i) ((i) < (m)->n_containers ? (struct rtattr*)((uint8_t*)(m)->hdr + (m)->containers[i].offset) : NULL)
-#define PUSH_CONTAINER(m, new) (m)->container_offsets[(m)->n_containers++] = (uint8_t*)(new) - (uint8_t*)(m)->hdr;
-
-#define RTA_TYPE(rta) ((rta)->rta_type & NLA_TYPE_MASK)
-#define RTA_FLAGS(rta) ((rta)->rta_type & ~NLA_TYPE_MASK)
-
-int message_new_empty(sd_netlink *rtnl, sd_netlink_message **ret) {
-        sd_netlink_message *m;
-
-        assert_return(ret, -EINVAL);
-
-        /* Note that 'rtnl' is currently unused, if we start using it internally
-           we must take care to avoid problems due to mutual references between
-           buses and their queued messages. See sd-bus.
-         */
-
-        m = new0(sd_netlink_message, 1);
-        if (!m)
-                return -ENOMEM;
-
-        m->n_ref = REFCNT_INIT;
-
-        m->sealed = false;
-
-        *ret = m;
-
-        return 0;
-}
-
-int message_new(sd_netlink *rtnl, sd_netlink_message **ret, uint16_t type) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        const NLType *nl_type;
-        size_t size;
-        int r;
-
-        r = type_system_get_type(&type_system_root, &nl_type, type);
-        if (r < 0)
-                return r;
-
-        if (type_get_type(nl_type) != NETLINK_TYPE_NESTED)
-                return -EINVAL;
-
-        r = message_new_empty(rtnl, &m);
-        if (r < 0)
-                return r;
-
-        size = NLMSG_SPACE(type_get_size(nl_type));
-
-        assert(size >= sizeof(struct nlmsghdr));
-        m->hdr = malloc0(size);
-        if (!m->hdr)
-                return -ENOMEM;
-
-        m->hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
-
-        type_get_type_system(nl_type, &m->containers[0].type_system);
-        m->hdr->nlmsg_len = size;
-        m->hdr->nlmsg_type = type;
-
-        *ret = m;
-        m = NULL;
-
-        return 0;
-}
-
-int sd_netlink_message_request_dump(sd_netlink_message *m, int dump) {
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(m->hdr->nlmsg_type == RTM_GETLINK  ||
-                      m->hdr->nlmsg_type == RTM_GETADDR  ||
-                      m->hdr->nlmsg_type == RTM_GETROUTE ||
-                      m->hdr->nlmsg_type == RTM_GETNEIGH,
-                      -EINVAL);
-
-        SET_FLAG(m->hdr->nlmsg_flags, NLM_F_DUMP, dump);
-
-        return 0;
-}
-
-sd_netlink_message *sd_netlink_message_ref(sd_netlink_message *m) {
-        if (m)
-                assert_se(REFCNT_INC(m->n_ref) >= 2);
-
-        return m;
-}
-
-sd_netlink_message *sd_netlink_message_unref(sd_netlink_message *m) {
-        if (m && REFCNT_DEC(m->n_ref) == 0) {
-                unsigned i;
-
-                free(m->hdr);
-
-                for (i = 0; i <= m->n_containers; i++)
-                        free(m->containers[i].attributes);
-
-                sd_netlink_message_unref(m->next);
-
-                free(m);
-        }
-
-        return NULL;
-}
-
-int sd_netlink_message_get_type(sd_netlink_message *m, uint16_t *type) {
-        assert_return(m, -EINVAL);
-        assert_return(type, -EINVAL);
-
-        *type = m->hdr->nlmsg_type;
-
-        return 0;
-}
-
-int sd_netlink_message_set_flags(sd_netlink_message *m, uint16_t flags) {
-        assert_return(m, -EINVAL);
-        assert_return(flags, -EINVAL);
-
-        m->hdr->nlmsg_flags = flags;
-
-        return 0;
-}
-
-int sd_netlink_message_is_broadcast(sd_netlink_message *m) {
-        assert_return(m, -EINVAL);
-
-        return m->broadcast;
-}
-
-/* If successful the updated message will be correctly aligned, if
-   unsuccessful the old message is untouched. */
-static int add_rtattr(sd_netlink_message *m, unsigned short type, const void *data, size_t data_length) {
-        uint32_t rta_length;
-        size_t message_length, padding_length;
-        struct nlmsghdr *new_hdr;
-        struct rtattr *rta;
-        char *padding;
-        unsigned i;
-        int offset;
-
-        assert(m);
-        assert(m->hdr);
-        assert(!m->sealed);
-        assert(NLMSG_ALIGN(m->hdr->nlmsg_len) == m->hdr->nlmsg_len);
-        assert(!data || data_length);
-
-        /* get offset of the new attribute */
-        offset = m->hdr->nlmsg_len;
-
-        /* get the size of the new rta attribute (with padding at the end) */
-        rta_length = RTA_LENGTH(data_length);
-
-        /* get the new message size (with padding at the end) */
-        message_length = offset + RTA_ALIGN(rta_length);
-
-        /* realloc to fit the new attribute */
-        new_hdr = realloc(m->hdr, message_length);
-        if (!new_hdr)
-                return -ENOMEM;
-        m->hdr = new_hdr;
-
-        /* get pointer to the attribute we are about to add */
-        rta = (struct rtattr *) ((uint8_t *) m->hdr + offset);
-
-        /* if we are inside containers, extend them */
-        for (i = 0; i < m->n_containers; i++)
-                GET_CONTAINER(m, i)->rta_len += message_length - offset;
-
-        /* fill in the attribute */
-        rta->rta_type = type;
-        rta->rta_len = rta_length;
-        if (data)
-                /* we don't deal with the case where the user lies about the type
-                 * and gives us too little data (so don't do that)
-                 */
-                padding = mempcpy(RTA_DATA(rta), data, data_length);
-
-        else
-                /* if no data was passed, make sure we still initialize the padding
-                   note that we can have data_length > 0 (used by some containers) */
-                padding = RTA_DATA(rta);
-
-        /* make sure also the padding at the end of the message is initialized */
-        padding_length = (uint8_t*)m->hdr + message_length - (uint8_t*)padding;
-        memzero(padding, padding_length);
-
-        /* update message size */
-        m->hdr->nlmsg_len = message_length;
-
-        return offset;
-}
-
-static int message_attribute_has_type(sd_netlink_message *m, size_t *out_size, uint16_t attribute_type, uint16_t data_type) {
-        const NLType *type;
-        int r;
-
-        assert(m);
-
-        r = type_system_get_type(m->containers[m->n_containers].type_system, &type, attribute_type);
-        if (r < 0)
-                return r;
-
-        if (type_get_type(type) != data_type)
-                return -EINVAL;
-
-        if (out_size)
-                *out_size = type_get_size(type);
-        return 0;
-}
-
-int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, const char *data) {
-        size_t length, size;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(data, -EINVAL);
-
-        r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_STRING);
-        if (r < 0)
-                return r;
-
-        if (size) {
-                length = strnlen(data, size+1);
-                if (length > size)
-                        return -EINVAL;
-        } else
-                length = strlen(data);
-
-        r = add_rtattr(m, type, data, length + 1);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type) {
-        size_t size;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_FLAG);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, NULL, 0);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U8);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, &data, sizeof(uint8_t));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-
-int sd_netlink_message_append_u16(sd_netlink_message *m, unsigned short type, uint16_t data) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U16);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, &data, sizeof(uint16_t));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, uint32_t data) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U32);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, &data, sizeof(uint32_t));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        r = add_rtattr(m, type, data, len);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(data, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, data, sizeof(struct in_addr));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(data, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, data, sizeof(struct in6_addr));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(data, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_ETHER_ADDR);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, data, ETH_ALEN);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info) {
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(info, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_CACHE_INFO);
-        if (r < 0)
-                return r;
-
-        r = add_rtattr(m, type, info, sizeof(struct ifa_cacheinfo));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int sd_netlink_message_open_container(sd_netlink_message *m, unsigned short type) {
-        size_t size;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -ERANGE);
-
-        r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_NESTED);
-        if (r < 0) {
-                const NLTypeSystemUnion *type_system_union;
-                int family;
-
-                r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_UNION);
-                if (r < 0)
-                        return r;
-
-                r = sd_rtnl_message_get_family(m, &family);
-                if (r < 0)
-                        return r;
-
-                r = type_system_get_type_system_union(m->containers[m->n_containers].type_system, &type_system_union, type);
-                if (r < 0)
-                        return r;
-
-                r = type_system_union_protocol_get_type_system(type_system_union,
-                                                               &m->containers[m->n_containers + 1].type_system,
-                                                               family);
-                if (r < 0)
-                        return r;
-        } else {
-                r = type_system_get_type_system(m->containers[m->n_containers].type_system,
-                                                &m->containers[m->n_containers + 1].type_system,
-                                                type);
-                if (r < 0)
-                        return r;
-        }
-
-        r = add_rtattr(m, type | NLA_F_NESTED, NULL, size);
-        if (r < 0)
-                return r;
-
-        m->containers[m->n_containers++].offset = r;
-
-        return 0;
-}
-
-int sd_netlink_message_open_container_union(sd_netlink_message *m, unsigned short type, const char *key) {
-        const NLTypeSystemUnion *type_system_union;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-
-        r = type_system_get_type_system_union(m->containers[m->n_containers].type_system, &type_system_union, type);
-        if (r < 0)
-                return r;
-
-        r = type_system_union_get_type_system(type_system_union,
-                                              &m->containers[m->n_containers + 1].type_system,
-                                              key);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_append_string(m, type_system_union->match, key);
-        if (r < 0)
-                return r;
-
-        /* do we evere need non-null size */
-        r = add_rtattr(m, type | NLA_F_NESTED, NULL, 0);
-        if (r < 0)
-                return r;
-
-        m->containers[m->n_containers++].offset = r;
-
-        return 0;
-}
-
-
-int sd_netlink_message_close_container(sd_netlink_message *m) {
-        assert_return(m, -EINVAL);
-        assert_return(!m->sealed, -EPERM);
-        assert_return(m->n_containers > 0, -EINVAL);
-
-        m->containers[m->n_containers].type_system = NULL;
-        m->n_containers--;
-
-        return 0;
-}
-
-static int netlink_message_read_internal(sd_netlink_message *m, unsigned short type, void **data, bool *net_byteorder) {
-        struct netlink_attribute *attribute;
-        struct rtattr *rta;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EPERM);
-        assert_return(data, -EINVAL);
-        assert(m->n_containers < RTNL_CONTAINER_DEPTH);
-        assert(m->containers[m->n_containers].attributes);
-        assert(type < m->containers[m->n_containers].n_attributes);
-
-        attribute = &m->containers[m->n_containers].attributes[type];
-
-        if (!attribute->offset)
-                return -ENODATA;
-
-        rta = (struct rtattr*)((uint8_t *) m->hdr + attribute->offset);
-
-        *data = RTA_DATA(rta);
-
-        if (net_byteorder)
-                *net_byteorder = attribute->net_byteorder;
-
-        return RTA_PAYLOAD(rta);
-}
-
-int sd_netlink_message_read_string(sd_netlink_message *m, unsigned short type, const char **data) {
-        int r;
-        void *attr_data;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_STRING);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, NULL);
-        if (r < 0)
-                return r;
-        else if (strnlen(attr_data, r) >= (size_t) r)
-                return -EIO;
-
-        if (data)
-                *data = (const char *) attr_data;
-
-        return 0;
-}
-
-int sd_netlink_message_read_u8(sd_netlink_message *m, unsigned short type, uint8_t *data) {
-        int r;
-        void *attr_data;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U8);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, NULL);
-        if (r < 0)
-                return r;
-        else if ((size_t) r < sizeof(uint8_t))
-                return -EIO;
-
-        if (data)
-                *data = *(uint8_t *) attr_data;
-
-        return 0;
-}
-
-int sd_netlink_message_read_u16(sd_netlink_message *m, unsigned short type, uint16_t *data) {
-        void *attr_data;
-        bool net_byteorder;
-        int r;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U16);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, &net_byteorder);
-        if (r < 0)
-                return r;
-        else if ((size_t) r < sizeof(uint16_t))
-                return -EIO;
-
-        if (data) {
-                if (net_byteorder)
-                        *data = be16toh(*(uint16_t *) attr_data);
-                else
-                        *data = *(uint16_t *) attr_data;
-        }
-
-        return 0;
-}
-
-int sd_netlink_message_read_u32(sd_netlink_message *m, unsigned short type, uint32_t *data) {
-        void *attr_data;
-        bool net_byteorder;
-        int r;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_U32);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, &net_byteorder);
-        if (r < 0)
-                return r;
-        else if ((size_t)r < sizeof(uint32_t))
-                return -EIO;
-
-        if (data) {
-                if (net_byteorder)
-                        *data = be32toh(*(uint32_t *) attr_data);
-                else
-                        *data = *(uint32_t *) attr_data;
-        }
-
-        return 0;
-}
-
-int sd_netlink_message_read_ether_addr(sd_netlink_message *m, unsigned short type, struct ether_addr *data) {
-        int r;
-        void *attr_data;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_ETHER_ADDR);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, NULL);
-        if (r < 0)
-                return r;
-        else if ((size_t)r < sizeof(struct ether_addr))
-                return -EIO;
-
-        if (data)
-                memcpy(data, attr_data, sizeof(struct ether_addr));
-
-        return 0;
-}
-
-int sd_netlink_message_read_cache_info(sd_netlink_message *m, unsigned short type, struct ifa_cacheinfo *info) {
-        int r;
-        void *attr_data;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_CACHE_INFO);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, NULL);
-        if (r < 0)
-                return r;
-        else if ((size_t)r < sizeof(struct ifa_cacheinfo))
-                return -EIO;
-
-        if (info)
-                memcpy(info, attr_data, sizeof(struct ifa_cacheinfo));
-
-        return 0;
-}
-
-int sd_netlink_message_read_in_addr(sd_netlink_message *m, unsigned short type, struct in_addr *data) {
-        int r;
-        void *attr_data;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, NULL);
-        if (r < 0)
-                return r;
-        else if ((size_t)r < sizeof(struct in_addr))
-                return -EIO;
-
-        if (data)
-                memcpy(data, attr_data, sizeof(struct in_addr));
-
-        return 0;
-}
-
-int sd_netlink_message_read_in6_addr(sd_netlink_message *m, unsigned short type, struct in6_addr *data) {
-        int r;
-        void *attr_data;
-
-        assert_return(m, -EINVAL);
-
-        r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_IN_ADDR);
-        if (r < 0)
-                return r;
-
-        r = netlink_message_read_internal(m, type, &attr_data, NULL);
-        if (r < 0)
-                return r;
-        else if ((size_t)r < sizeof(struct in6_addr))
-                return -EIO;
-
-        if (data)
-                memcpy(data, attr_data, sizeof(struct in6_addr));
-
-        return 0;
-}
-
-static int netlink_container_parse(sd_netlink_message *m,
-                                   struct netlink_container *container,
-                                   int count,
-                                   struct rtattr *rta,
-                                   unsigned int rt_len) {
-        _cleanup_free_ struct netlink_attribute *attributes = NULL;
-
-        attributes = new0(struct netlink_attribute, count);
-        if (!attributes)
-                return -ENOMEM;
-
-        for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
-                unsigned short type;
-
-                type = RTA_TYPE(rta);
-
-                /* if the kernel is newer than the headers we used
-                   when building, we ignore out-of-range attributes */
-                if (type >= count)
-                        continue;
-
-                if (attributes[type].offset)
-                        log_debug("rtnl: message parse - overwriting repeated attribute");
-
-                attributes[type].offset = (uint8_t *) rta - (uint8_t *) m->hdr;
-                attributes[type].nested = RTA_FLAGS(rta) & NLA_F_NESTED;
-                attributes[type].net_byteorder = RTA_FLAGS(rta) & NLA_F_NET_BYTEORDER;
-        }
-
-        container->attributes = attributes;
-        attributes = NULL;
-        container->n_attributes = count;
-
-        return 0;
-}
-
-int sd_netlink_message_enter_container(sd_netlink_message *m, unsigned short type_id) {
-        const NLType *nl_type;
-        const NLTypeSystem *type_system;
-        void *container;
-        uint16_t type;
-        size_t size;
-        int r;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -EINVAL);
-
-        r = type_system_get_type(m->containers[m->n_containers].type_system,
-                                 &nl_type,
-                                 type_id);
-        if (r < 0)
-                return r;
-
-        type = type_get_type(nl_type);
-
-        if (type == NETLINK_TYPE_NESTED) {
-                r = type_system_get_type_system(m->containers[m->n_containers].type_system,
-                                                &type_system,
-                                                type_id);
-                if (r < 0)
-                        return r;
-        } else if (type == NETLINK_TYPE_UNION) {
-                const NLTypeSystemUnion *type_system_union;
-
-                r = type_system_get_type_system_union(m->containers[m->n_containers].type_system,
-                                                      &type_system_union,
-                                                      type_id);
-                if (r < 0)
-                        return r;
-
-                switch (type_system_union->match_type) {
-                case NL_MATCH_SIBLING:
-                {
-                        const char *key;
-
-                        r = sd_netlink_message_read_string(m, type_system_union->match, &key);
-                        if (r < 0)
-                                return r;
-
-                        r = type_system_union_get_type_system(type_system_union,
-                                                              &type_system,
-                                                              key);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                }
-                case NL_MATCH_PROTOCOL:
-                {
-                        int family;
-
-                        r = sd_rtnl_message_get_family(m, &family);
-                        if (r < 0)
-                                return r;
-
-                        r = type_system_union_protocol_get_type_system(type_system_union,
-                                                                       &type_system,
-                                                                       family);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                }
-                default:
-                        assert_not_reached("sd-netlink: invalid type system union type");
-                }
-        } else
-                return -EINVAL;
-
-        r = netlink_message_read_internal(m, type_id, &container, NULL);
-        if (r < 0)
-                return r;
-        else
-                size = (size_t)r;
-
-        m->n_containers++;
-
-        r = netlink_container_parse(m,
-                                    &m->containers[m->n_containers],
-                                    type_system_get_count(type_system),
-                                    container,
-                                    size);
-        if (r < 0) {
-                m->n_containers--;
-                return r;
-        }
-
-        m->containers[m->n_containers].type_system = type_system;
-
-        return 0;
-}
-
-int sd_netlink_message_exit_container(sd_netlink_message *m) {
-        assert_return(m, -EINVAL);
-        assert_return(m->sealed, -EINVAL);
-        assert_return(m->n_containers > 0, -EINVAL);
-
-        m->containers[m->n_containers].attributes = mfree(m->containers[m->n_containers].attributes);
-        m->containers[m->n_containers].type_system = NULL;
-
-        m->n_containers--;
-
-        return 0;
-}
-
-uint32_t rtnl_message_get_serial(sd_netlink_message *m) {
-        assert(m);
-        assert(m->hdr);
-
-        return m->hdr->nlmsg_seq;
-}
-
-int sd_netlink_message_is_error(sd_netlink_message *m) {
-        assert_return(m, 0);
-        assert_return(m->hdr, 0);
-
-        return m->hdr->nlmsg_type == NLMSG_ERROR;
-}
-
-int sd_netlink_message_get_errno(sd_netlink_message *m) {
-        struct nlmsgerr *err;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-
-        if (!sd_netlink_message_is_error(m))
-                return 0;
-
-        err = NLMSG_DATA(m->hdr);
-
-        return err->error;
-}
-
-int sd_netlink_message_rewind(sd_netlink_message *m) {
-        const NLType *nl_type;
-        uint16_t type;
-        size_t size;
-        unsigned i;
-        int r;
-
-        assert_return(m, -EINVAL);
-
-        /* don't allow appending to message once parsed */
-        if (!m->sealed)
-                rtnl_message_seal(m);
-
-        for (i = 1; i <= m->n_containers; i++)
-                m->containers[i].attributes = mfree(m->containers[i].attributes);
-
-        m->n_containers = 0;
-
-        if (m->containers[0].attributes)
-                /* top-level attributes have already been parsed */
-                return 0;
-
-        assert(m->hdr);
-
-        r = type_system_get_type(&type_system_root, &nl_type, m->hdr->nlmsg_type);
-        if (r < 0)
-                return r;
-
-        type = type_get_type(nl_type);
-        size = type_get_size(nl_type);
-
-        if (type == NETLINK_TYPE_NESTED) {
-                const NLTypeSystem *type_system;
-
-                type_get_type_system(nl_type, &type_system);
-
-                m->containers[0].type_system = type_system;
-
-                r = netlink_container_parse(m,
-                                            &m->containers[m->n_containers],
-                                            type_system_get_count(type_system),
-                                            (struct rtattr*)((uint8_t*)NLMSG_DATA(m->hdr) + NLMSG_ALIGN(size)),
-                                            NLMSG_PAYLOAD(m->hdr, size));
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-void rtnl_message_seal(sd_netlink_message *m) {
-        assert(m);
-        assert(!m->sealed);
-
-        m->sealed = true;
-}
-
-sd_netlink_message *sd_netlink_message_next(sd_netlink_message *m) {
-        assert_return(m, NULL);
-
-        return m->next;
-}
diff --git a/src/libsystemd/sd-netlink/netlink-socket.c b/src/libsystemd/sd-netlink/netlink-socket.c
deleted file mode 100644
index c165fa3359..0000000000
--- a/src/libsystemd/sd-netlink/netlink-socket.c
+++ /dev/null
@@ -1,474 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/in.h>
-#include <stdbool.h>
-#include <unistd.h>
-
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "formats-util.h"
-#include "missing.h"
-#include "netlink-internal.h"
-#include "netlink-types.h"
-#include "netlink-util.h"
-#include "refcnt.h"
-#include "socket-util.h"
-#include "util.h"
-
-int socket_open(int family) {
-        int fd;
-
-        fd = socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, family);
-        if (fd < 0)
-                return -errno;
-
-        return fd;
-}
-
-static int broadcast_groups_get(sd_netlink *nl) {
-        _cleanup_free_ uint32_t *groups = NULL;
-        socklen_t len = 0, old_len;
-        unsigned i, j;
-        int r;
-
-        assert(nl);
-        assert(nl->fd >= 0);
-
-        r = getsockopt(nl->fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, NULL, &len);
-        if (r < 0) {
-                if (errno == ENOPROTOOPT) {
-                        nl->broadcast_group_dont_leave = true;
-                        return 0;
-                } else
-                        return -errno;
-        }
-
-        if (len == 0)
-                return 0;
-
-        groups = new0(uint32_t, len);
-        if (!groups)
-                return -ENOMEM;
-
-        old_len = len;
-
-        r = getsockopt(nl->fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, groups, &len);
-        if (r < 0)
-                return -errno;
-
-        if (old_len != len)
-                return -EIO;
-
-        r = hashmap_ensure_allocated(&nl->broadcast_group_refs, NULL);
-        if (r < 0)
-                return r;
-
-        for (i = 0; i < len; i++) {
-                for (j = 0; j < sizeof(uint32_t) * 8; j++) {
-                        uint32_t offset;
-                        unsigned group;
-
-                        offset = 1U << j;
-
-                        if (!(groups[i] & offset))
-                                continue;
-
-                        group = i * sizeof(uint32_t) * 8 + j + 1;
-
-                        r = hashmap_put(nl->broadcast_group_refs, UINT_TO_PTR(group), UINT_TO_PTR(1));
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        return 0;
-}
-
-int socket_bind(sd_netlink *nl) {
-        socklen_t addrlen;
-        int r, one = 1;
-
-        r = setsockopt(nl->fd, SOL_NETLINK, NETLINK_PKTINFO, &one, sizeof(one));
-        if (r < 0)
-                return -errno;
-
-        addrlen = sizeof(nl->sockaddr);
-
-        r = bind(nl->fd, &nl->sockaddr.sa, addrlen);
-        /* ignore EINVAL to allow opening an already bound socket */
-        if (r < 0 && errno != EINVAL)
-                return -errno;
-
-        r = getsockname(nl->fd, &nl->sockaddr.sa, &addrlen);
-        if (r < 0)
-                return -errno;
-
-        r = broadcast_groups_get(nl);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static unsigned broadcast_group_get_ref(sd_netlink *nl, unsigned group) {
-        assert(nl);
-
-        return PTR_TO_UINT(hashmap_get(nl->broadcast_group_refs, UINT_TO_PTR(group)));
-}
-
-static int broadcast_group_set_ref(sd_netlink *nl, unsigned group, unsigned n_ref) {
-        int r;
-
-        assert(nl);
-
-        r = hashmap_replace(nl->broadcast_group_refs, UINT_TO_PTR(group), UINT_TO_PTR(n_ref));
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int broadcast_group_join(sd_netlink *nl, unsigned group) {
-        int r;
-
-        assert(nl);
-        assert(nl->fd >= 0);
-        assert(group > 0);
-
-        r = setsockopt(nl->fd, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP, &group, sizeof(group));
-        if (r < 0)
-                return -errno;
-
-        return 0;
-}
-
-int socket_broadcast_group_ref(sd_netlink *nl, unsigned group) {
-        unsigned n_ref;
-        int r;
-
-        assert(nl);
-
-        n_ref = broadcast_group_get_ref(nl, group);
-
-        n_ref++;
-
-        r = hashmap_ensure_allocated(&nl->broadcast_group_refs, NULL);
-        if (r < 0)
-                return r;
-
-        r = broadcast_group_set_ref(nl, group, n_ref);
-        if (r < 0)
-                return r;
-
-        if (n_ref > 1)
-                /* not yet in the group */
-                return 0;
-
-        r = broadcast_group_join(nl, group);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int broadcast_group_leave(sd_netlink *nl, unsigned group) {
-        int r;
-
-        assert(nl);
-        assert(nl->fd >= 0);
-        assert(group > 0);
-
-        if (nl->broadcast_group_dont_leave)
-                return 0;
-
-        r = setsockopt(nl->fd, SOL_NETLINK, NETLINK_DROP_MEMBERSHIP, &group, sizeof(group));
-        if (r < 0)
-                return -errno;
-
-        return 0;
-}
-
-int socket_broadcast_group_unref(sd_netlink *nl, unsigned group) {
-        unsigned n_ref;
-        int r;
-
-        assert(nl);
-
-        n_ref = broadcast_group_get_ref(nl, group);
-
-        assert(n_ref > 0);
-
-        n_ref--;
-
-        r = broadcast_group_set_ref(nl, group, n_ref);
-        if (r < 0)
-                return r;
-
-        if (n_ref > 0)
-                /* still refs left */
-                return 0;
-
-        r = broadcast_group_leave(nl, group);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-/* returns the number of bytes sent, or a negative error code */
-int socket_write_message(sd_netlink *nl, sd_netlink_message *m) {
-        union {
-                struct sockaddr sa;
-                struct sockaddr_nl nl;
-        } addr = {
-                .nl.nl_family = AF_NETLINK,
-        };
-        ssize_t k;
-
-        assert(nl);
-        assert(m);
-        assert(m->hdr);
-
-        k = sendto(nl->fd, m->hdr, m->hdr->nlmsg_len,
-                        0, &addr.sa, sizeof(addr));
-        if (k < 0)
-                return -errno;
-
-        return k;
-}
-
-static int socket_recv_message(int fd, struct iovec *iov, uint32_t *_group, bool peek) {
-        union sockaddr_union sender;
-        uint8_t cmsg_buffer[CMSG_SPACE(sizeof(struct nl_pktinfo))];
-        struct msghdr msg = {
-                .msg_iov = iov,
-                .msg_iovlen = 1,
-                .msg_name = &sender,
-                .msg_namelen = sizeof(sender),
-                .msg_control = cmsg_buffer,
-                .msg_controllen = sizeof(cmsg_buffer),
-        };
-        struct cmsghdr *cmsg;
-        uint32_t group = 0;
-        int r;
-
-        assert(fd >= 0);
-        assert(iov);
-
-        r = recvmsg(fd, &msg, MSG_TRUNC | (peek ? MSG_PEEK : 0));
-        if (r < 0) {
-                /* no data */
-                if (errno == ENOBUFS)
-                        log_debug("rtnl: kernel receive buffer overrun");
-                else if (errno == EAGAIN)
-                        log_debug("rtnl: no data in socket");
-
-                return (errno == EAGAIN || errno == EINTR) ? 0 : -errno;
-        }
-
-        if (sender.nl.nl_pid != 0) {
-                /* not from the kernel, ignore */
-                log_debug("rtnl: ignoring message from portid %"PRIu32, sender.nl.nl_pid);
-
-                if (peek) {
-                        /* drop the message */
-                        r = recvmsg(fd, &msg, 0);
-                        if (r < 0)
-                                return (errno == EAGAIN || errno == EINTR) ? 0 : -errno;
-                }
-
-                return 0;
-        }
-
-        CMSG_FOREACH(cmsg, &msg) {
-                if (cmsg->cmsg_level == SOL_NETLINK &&
-                    cmsg->cmsg_type == NETLINK_PKTINFO &&
-                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct nl_pktinfo))) {
-                        struct nl_pktinfo *pktinfo = (void *)CMSG_DATA(cmsg);
-
-                        /* multi-cast group */
-                        group = pktinfo->group;
-                }
-        }
-
-        if (_group)
-                *_group = group;
-
-        return r;
-}
-
-/* On success, the number of bytes received is returned and *ret points to the received message
- * which has a valid header and the correct size.
- * If nothing useful was received 0 is returned.
- * On failure, a negative error code is returned.
- */
-int socket_read_message(sd_netlink *rtnl) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *first = NULL;
-        struct iovec iov = {};
-        uint32_t group = 0;
-        bool multi_part = false, done = false;
-        struct nlmsghdr *new_msg;
-        size_t len;
-        int r;
-        unsigned i = 0;
-
-        assert(rtnl);
-        assert(rtnl->rbuffer);
-        assert(rtnl->rbuffer_allocated >= sizeof(struct nlmsghdr));
-
-        /* read nothing, just get the pending message size */
-        r = socket_recv_message(rtnl->fd, &iov, NULL, true);
-        if (r <= 0)
-                return r;
-        else
-                len = (size_t)r;
-
-        /* make room for the pending message */
-        if (!greedy_realloc((void **)&rtnl->rbuffer,
-                            &rtnl->rbuffer_allocated,
-                            len, sizeof(uint8_t)))
-                return -ENOMEM;
-
-        iov.iov_base = rtnl->rbuffer;
-        iov.iov_len = rtnl->rbuffer_allocated;
-
-        /* read the pending message */
-        r = socket_recv_message(rtnl->fd, &iov, &group, false);
-        if (r <= 0)
-                return r;
-        else
-                len = (size_t)r;
-
-        if (len > rtnl->rbuffer_allocated)
-                /* message did not fit in read buffer */
-                return -EIO;
-
-        if (NLMSG_OK(rtnl->rbuffer, len) && rtnl->rbuffer->nlmsg_flags & NLM_F_MULTI) {
-                multi_part = true;
-
-                for (i = 0; i < rtnl->rqueue_partial_size; i++) {
-                        if (rtnl_message_get_serial(rtnl->rqueue_partial[i]) ==
-                            rtnl->rbuffer->nlmsg_seq) {
-                                first = rtnl->rqueue_partial[i];
-                                break;
-                        }
-                }
-        }
-
-        for (new_msg = rtnl->rbuffer; NLMSG_OK(new_msg, len) && !done; new_msg = NLMSG_NEXT(new_msg, len)) {
-                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-                const NLType *nl_type;
-
-                if (!group && new_msg->nlmsg_pid != rtnl->sockaddr.nl.nl_pid)
-                        /* not broadcast and not for us */
-                        continue;
-
-                if (new_msg->nlmsg_type == NLMSG_NOOP)
-                        /* silently drop noop messages */
-                        continue;
-
-                if (new_msg->nlmsg_type == NLMSG_DONE) {
-                        /* finished reading multi-part message */
-                        done = true;
-
-                        /* if first is not defined, put NLMSG_DONE into the receive queue. */
-                        if (first)
-                                continue;
-                }
-
-                /* check that we support this message type */
-                r = type_system_get_type(&type_system_root, &nl_type, new_msg->nlmsg_type);
-                if (r < 0) {
-                        if (r == -EOPNOTSUPP)
-                                log_debug("sd-netlink: ignored message with unknown type: %i",
-                                          new_msg->nlmsg_type);
-
-                        continue;
-                }
-
-                /* check that the size matches the message type */
-                if (new_msg->nlmsg_len < NLMSG_LENGTH(type_get_size(nl_type))) {
-                        log_debug("sd-netlink: message larger than expected, dropping");
-                        continue;
-                }
-
-                r = message_new_empty(rtnl, &m);
-                if (r < 0)
-                        return r;
-
-                m->broadcast = !!group;
-
-                m->hdr = memdup(new_msg, new_msg->nlmsg_len);
-                if (!m->hdr)
-                        return -ENOMEM;
-
-                /* seal and parse the top-level message */
-                r = sd_netlink_message_rewind(m);
-                if (r < 0)
-                        return r;
-
-                /* push the message onto the multi-part message stack */
-                if (first)
-                        m->next = first;
-                first = m;
-                m = NULL;
-        }
-
-        if (len)
-                log_debug("sd-netlink: discarding %zu bytes of incoming message", len);
-
-        if (!first)
-                return 0;
-
-        if (!multi_part || done) {
-                /* we got a complete message, push it on the read queue */
-                r = rtnl_rqueue_make_room(rtnl);
-                if (r < 0)
-                        return r;
-
-                rtnl->rqueue[rtnl->rqueue_size++] = first;
-                first = NULL;
-
-                if (multi_part && (i < rtnl->rqueue_partial_size)) {
-                        /* remove the message form the partial read queue */
-                        memmove(rtnl->rqueue_partial + i,rtnl->rqueue_partial + i + 1,
-                                sizeof(sd_netlink_message*) * (rtnl->rqueue_partial_size - i - 1));
-                        rtnl->rqueue_partial_size--;
-                }
-
-                return 1;
-        } else {
-                /* we only got a partial multi-part message, push it on the
-                   partial read queue */
-                if (i < rtnl->rqueue_partial_size) {
-                        rtnl->rqueue_partial[i] = first;
-                } else {
-                        r = rtnl_rqueue_partial_make_room(rtnl);
-                        if (r < 0)
-                                return r;
-
-                        rtnl->rqueue_partial[rtnl->rqueue_partial_size++] = first;
-                }
-                first = NULL;
-
-                return 0;
-        }
-}
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
deleted file mode 100644
index 73b9ac0258..0000000000
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/***
- This file is part of systemd.
-
- Copyright (C) 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-netlink.h"
-
-#include "netlink-internal.h"
-#include "netlink-util.h"
-
-int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
-        int r;
-
-        assert(rtnl);
-        assert(ifindex > 0);
-        assert(name);
-
-        if (!*rtnl) {
-                r = sd_netlink_open(rtnl);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_append_string(message, IFLA_IFNAME, name);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(*rtnl, message, 0, NULL);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias,
-                             const struct ether_addr *mac, unsigned mtu) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
-        int r;
-
-        assert(rtnl);
-        assert(ifindex > 0);
-
-        if (!alias && !mac && mtu == 0)
-                return 0;
-
-        if (!*rtnl) {
-                r = sd_netlink_open(rtnl);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
-        if (r < 0)
-                return r;
-
-        if (alias) {
-                r = sd_netlink_message_append_string(message, IFLA_IFALIAS, alias);
-                if (r < 0)
-                        return r;
-        }
-
-        if (mac) {
-                r = sd_netlink_message_append_ether_addr(message, IFLA_ADDRESS, mac);
-                if (r < 0)
-                        return r;
-        }
-
-        if (mtu > 0) {
-                r = sd_netlink_message_append_u32(message, IFLA_MTU, mtu);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_netlink_call(*rtnl, message, 0, NULL);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int rtnl_message_new_synthetic_error(int error, uint32_t serial, sd_netlink_message **ret) {
-        struct nlmsgerr *err;
-        int r;
-
-        assert(error <= 0);
-
-        r = message_new(NULL, ret, NLMSG_ERROR);
-        if (r < 0)
-                return r;
-
-        (*ret)->hdr->nlmsg_seq = serial;
-
-        err = NLMSG_DATA((*ret)->hdr);
-
-        err->error = error;
-
-        return 0;
-}
-
-bool rtnl_message_type_is_neigh(uint16_t type) {
-        switch (type) {
-                case RTM_NEWNEIGH:
-                case RTM_GETNEIGH:
-                case RTM_DELNEIGH:
-                        return true;
-                default:
-                        return false;
-        }
-}
-
-bool rtnl_message_type_is_route(uint16_t type) {
-        switch (type) {
-                case RTM_NEWROUTE:
-                case RTM_GETROUTE:
-                case RTM_DELROUTE:
-                        return true;
-                default:
-                        return false;
-        }
-}
-
-bool rtnl_message_type_is_link(uint16_t type) {
-        switch (type) {
-                case RTM_NEWLINK:
-                case RTM_SETLINK:
-                case RTM_GETLINK:
-                case RTM_DELLINK:
-                        return true;
-                default:
-                        return false;
-        }
-}
-
-bool rtnl_message_type_is_addr(uint16_t type) {
-        switch (type) {
-                case RTM_NEWADDR:
-                case RTM_GETADDR:
-                case RTM_DELADDR:
-                        return true;
-                default:
-                        return false;
-        }
-}
-
-int rtnl_log_parse_error(int r) {
-        return log_error_errno(r, "Failed to parse netlink message: %m");
-}
-
-int rtnl_log_create_error(int r) {
-        return log_error_errno(r, "Failed to create netlink message: %m");
-}
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
deleted file mode 100644
index f49bf4eaa6..0000000000
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ /dev/null
@@ -1,39 +0,0 @@
-#pragma once
-
-/***
- This file is part of systemd.
-
- Copyright (C) 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-netlink.h"
-
-#include "util.h"
-
-int rtnl_message_new_synthetic_error(int error, uint32_t serial, sd_netlink_message **ret);
-uint32_t rtnl_message_get_serial(sd_netlink_message *m);
-void rtnl_message_seal(sd_netlink_message *m);
-
-bool rtnl_message_type_is_link(uint16_t type);
-bool rtnl_message_type_is_addr(uint16_t type);
-bool rtnl_message_type_is_route(uint16_t type);
-bool rtnl_message_type_is_neigh(uint16_t type);
-
-int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
-int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, unsigned mtu);
-
-int rtnl_log_parse_error(int r);
-int rtnl_log_create_error(int r);
diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c
deleted file mode 100644
index 09240c7b2a..0000000000
--- a/src/libsystemd/sd-netlink/rtnl-message.c
+++ /dev/null
@@ -1,702 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/in.h>
-#include <stdbool.h>
-#include <unistd.h>
-
-#include "sd-netlink.h"
-
-#include "formats-util.h"
-#include "missing.h"
-#include "netlink-internal.h"
-#include "netlink-types.h"
-#include "netlink-util.h"
-#include "refcnt.h"
-#include "socket-util.h"
-#include "util.h"
-
-int sd_rtnl_message_route_set_dst_prefixlen(sd_netlink_message *m, unsigned char prefixlen) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        if ((rtm->rtm_family == AF_INET && prefixlen > 32) ||
-            (rtm->rtm_family == AF_INET6 && prefixlen > 128))
-                return -ERANGE;
-
-        rtm->rtm_dst_len = prefixlen;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_set_src_prefixlen(sd_netlink_message *m, unsigned char prefixlen) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        if ((rtm->rtm_family == AF_INET && prefixlen > 32) ||
-            (rtm->rtm_family == AF_INET6 && prefixlen > 128))
-                return -ERANGE;
-
-        rtm->rtm_src_len = prefixlen;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_set_scope(sd_netlink_message *m, unsigned char scope) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        rtm->rtm_scope = scope;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_set_flags(sd_netlink_message *m, unsigned flags) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        rtm->rtm_flags = flags;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_flags(sd_netlink_message *m, unsigned *flags) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(flags, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *flags = rtm->rtm_flags;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_set_table(sd_netlink_message *m, unsigned char table) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        rtm->rtm_table = table;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_family(sd_netlink_message *m, int *family) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(family, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *family = rtm->rtm_family;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_set_family(sd_netlink_message *m, int family) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        rtm->rtm_family = family;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_protocol(sd_netlink_message *m, unsigned char *protocol) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(protocol, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *protocol = rtm->rtm_protocol;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_scope(sd_netlink_message *m, unsigned char *scope) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(scope, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *scope = rtm->rtm_scope;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_tos(sd_netlink_message *m, unsigned char *tos) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(tos, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *tos = rtm->rtm_tos;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_table(sd_netlink_message *m, unsigned char *table) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(table, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *table = rtm->rtm_table;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_dst_prefixlen(sd_netlink_message *m, unsigned char *dst_len) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(dst_len, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *dst_len = rtm->rtm_dst_len;
-
-        return 0;
-}
-
-int sd_rtnl_message_route_get_src_prefixlen(sd_netlink_message *m, unsigned char *src_len) {
-        struct rtmsg *rtm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_route(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(src_len, -EINVAL);
-
-        rtm = NLMSG_DATA(m->hdr);
-
-        *src_len = rtm->rtm_src_len;
-
-        return 0;
-}
-
-int sd_rtnl_message_new_route(sd_netlink *rtnl, sd_netlink_message **ret,
-                              uint16_t nlmsg_type, int rtm_family,
-                              unsigned char rtm_protocol) {
-        struct rtmsg *rtm;
-        int r;
-
-        assert_return(rtnl_message_type_is_route(nlmsg_type), -EINVAL);
-        assert_return((nlmsg_type == RTM_GETROUTE && rtm_family == AF_UNSPEC) ||
-                      rtm_family == AF_INET || rtm_family == AF_INET6, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        r = message_new(rtnl, ret, nlmsg_type);
-        if (r < 0)
-                return r;
-
-        if (nlmsg_type == RTM_NEWROUTE)
-                (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_APPEND;
-
-        rtm = NLMSG_DATA((*ret)->hdr);
-
-        rtm->rtm_family = rtm_family;
-        rtm->rtm_scope = RT_SCOPE_UNIVERSE;
-        rtm->rtm_type = RTN_UNICAST;
-        rtm->rtm_table = RT_TABLE_MAIN;
-        rtm->rtm_protocol = rtm_protocol;
-
-        return 0;
-}
-
-int sd_rtnl_message_neigh_set_flags(sd_netlink_message *m, uint8_t flags) {
-        struct ndmsg *ndm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
-
-        ndm = NLMSG_DATA(m->hdr);
-        ndm->ndm_flags |= flags;
-
-        return 0;
-}
-
-int sd_rtnl_message_neigh_set_state(sd_netlink_message *m, uint16_t state) {
-        struct ndmsg *ndm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
-
-        ndm = NLMSG_DATA(m->hdr);
-        ndm->ndm_state |= state;
-
-        return 0;
-}
-
-int sd_rtnl_message_neigh_get_flags(sd_netlink_message *m, uint8_t *flags) {
-        struct ndmsg *ndm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
-
-        ndm = NLMSG_DATA(m->hdr);
-        *flags = ndm->ndm_flags;
-
-        return 0;
-}
-
-int sd_rtnl_message_neigh_get_state(sd_netlink_message *m, uint16_t *state) {
-        struct ndmsg *ndm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
-
-        ndm = NLMSG_DATA(m->hdr);
-        *state = ndm->ndm_state;
-
-        return 0;
-}
-
-int sd_rtnl_message_neigh_get_family(sd_netlink_message *m, int *family) {
-        struct ndmsg *ndm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(family, -EINVAL);
-
-        ndm = NLMSG_DATA(m->hdr);
-
-        *family = ndm->ndm_family;
-
-        return 0;
-}
-
-int sd_rtnl_message_neigh_get_ifindex(sd_netlink_message *m, int *index) {
-        struct ndmsg *ndm;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_neigh(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(index, -EINVAL);
-
-        ndm = NLMSG_DATA(m->hdr);
-
-        *index = ndm->ndm_ifindex;
-
-        return 0;
-}
-
-int sd_rtnl_message_new_neigh(sd_netlink *rtnl, sd_netlink_message **ret, uint16_t nlmsg_type, int index, int ndm_family) {
-        struct ndmsg *ndm;
-        int r;
-
-        assert_return(rtnl_message_type_is_neigh(nlmsg_type), -EINVAL);
-        assert_return(ndm_family == AF_INET  ||
-                      ndm_family == AF_INET6 ||
-                      ndm_family == PF_BRIDGE, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        r = message_new(rtnl, ret, nlmsg_type);
-        if (r < 0)
-                return r;
-
-        if (nlmsg_type == RTM_NEWNEIGH)
-                (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_APPEND;
-
-        ndm = NLMSG_DATA((*ret)->hdr);
-
-        ndm->ndm_family = ndm_family;
-        ndm->ndm_ifindex = index;
-
-        return 0;
-}
-
-int sd_rtnl_message_link_set_flags(sd_netlink_message *m, unsigned flags, unsigned change) {
-        struct ifinfomsg *ifi;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(change, -EINVAL);
-
-        ifi = NLMSG_DATA(m->hdr);
-
-        ifi->ifi_flags = flags;
-        ifi->ifi_change = change;
-
-        return 0;
-}
-
-int sd_rtnl_message_link_set_type(sd_netlink_message *m, unsigned type) {
-        struct ifinfomsg *ifi;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
-
-        ifi = NLMSG_DATA(m->hdr);
-
-        ifi->ifi_type = type;
-
-        return 0;
-}
-
-int sd_rtnl_message_link_set_family(sd_netlink_message *m, unsigned family) {
-        struct ifinfomsg *ifi;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
-
-        ifi = NLMSG_DATA(m->hdr);
-
-        ifi->ifi_family = family;
-
-        return 0;
-}
-
-int sd_rtnl_message_new_link(sd_netlink *rtnl, sd_netlink_message **ret,
-                             uint16_t nlmsg_type, int index) {
-        struct ifinfomsg *ifi;
-        int r;
-
-        assert_return(rtnl_message_type_is_link(nlmsg_type), -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        r = message_new(rtnl, ret, nlmsg_type);
-        if (r < 0)
-                return r;
-
-        if (nlmsg_type == RTM_NEWLINK)
-                (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
-
-        ifi = NLMSG_DATA((*ret)->hdr);
-
-        ifi->ifi_family = AF_UNSPEC;
-        ifi->ifi_index = index;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_set_prefixlen(sd_netlink_message *m, unsigned char prefixlen) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        if ((ifa->ifa_family == AF_INET && prefixlen > 32) ||
-            (ifa->ifa_family == AF_INET6 && prefixlen > 128))
-                return -ERANGE;
-
-        ifa->ifa_prefixlen = prefixlen;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_set_flags(sd_netlink_message *m, unsigned char flags) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        ifa->ifa_flags = flags;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_set_scope(sd_netlink_message *m, unsigned char scope) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        ifa->ifa_scope = scope;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_get_family(sd_netlink_message *m, int *family) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(family, -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        *family = ifa->ifa_family;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_get_prefixlen(sd_netlink_message *m, unsigned char *prefixlen) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(prefixlen, -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        *prefixlen = ifa->ifa_prefixlen;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_get_scope(sd_netlink_message *m, unsigned char *scope) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(scope, -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        *scope = ifa->ifa_scope;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_get_flags(sd_netlink_message *m, unsigned char *flags) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(flags, -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        *flags = ifa->ifa_flags;
-
-        return 0;
-}
-
-int sd_rtnl_message_addr_get_ifindex(sd_netlink_message *m, int *ifindex) {
-        struct ifaddrmsg *ifa;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_addr(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(ifindex, -EINVAL);
-
-        ifa = NLMSG_DATA(m->hdr);
-
-        *ifindex = ifa->ifa_index;
-
-        return 0;
-}
-
-int sd_rtnl_message_new_addr(sd_netlink *rtnl, sd_netlink_message **ret,
-                             uint16_t nlmsg_type, int index,
-                             int family) {
-        struct ifaddrmsg *ifa;
-        int r;
-
-        assert_return(rtnl_message_type_is_addr(nlmsg_type), -EINVAL);
-        assert_return((nlmsg_type == RTM_GETADDR && index == 0) ||
-                      index > 0, -EINVAL);
-        assert_return((nlmsg_type == RTM_GETADDR && family == AF_UNSPEC) ||
-                      family == AF_INET || family == AF_INET6, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        r = message_new(rtnl, ret, nlmsg_type);
-        if (r < 0)
-                return r;
-
-        if (nlmsg_type == RTM_GETADDR)
-                (*ret)->hdr->nlmsg_flags |= NLM_F_DUMP;
-
-        ifa = NLMSG_DATA((*ret)->hdr);
-
-        ifa->ifa_index = index;
-        ifa->ifa_family = family;
-        if (family == AF_INET)
-                ifa->ifa_prefixlen = 32;
-        else if (family == AF_INET6)
-                ifa->ifa_prefixlen = 128;
-
-        return 0;
-}
-
-int sd_rtnl_message_new_addr_update(sd_netlink *rtnl, sd_netlink_message **ret,
-                             int index, int family) {
-        int r;
-
-        r = sd_rtnl_message_new_addr(rtnl, ret, RTM_NEWADDR, index, family);
-        if (r < 0)
-                return r;
-
-        (*ret)->hdr->nlmsg_flags |= NLM_F_REPLACE;
-
-        return 0;
-}
-
-int sd_rtnl_message_link_get_ifindex(sd_netlink_message *m, int *ifindex) {
-        struct ifinfomsg *ifi;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(ifindex, -EINVAL);
-
-        ifi = NLMSG_DATA(m->hdr);
-
-        *ifindex = ifi->ifi_index;
-
-        return 0;
-}
-
-int sd_rtnl_message_link_get_flags(sd_netlink_message *m, unsigned *flags) {
-        struct ifinfomsg *ifi;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(flags, -EINVAL);
-
-        ifi = NLMSG_DATA(m->hdr);
-
-        *flags = ifi->ifi_flags;
-
-        return 0;
-}
-
-int sd_rtnl_message_link_get_type(sd_netlink_message *m, unsigned short *type) {
-        struct ifinfomsg *ifi;
-
-        assert_return(m, -EINVAL);
-        assert_return(m->hdr, -EINVAL);
-        assert_return(rtnl_message_type_is_link(m->hdr->nlmsg_type), -EINVAL);
-        assert_return(type, -EINVAL);
-
-        ifi = NLMSG_DATA(m->hdr);
-
-        *type = ifi->ifi_type;
-
-        return 0;
-}
-
-int sd_rtnl_message_get_family(sd_netlink_message *m, int *family) {
-        assert_return(m, -EINVAL);
-        assert_return(family, -EINVAL);
-
-        assert(m->hdr);
-
-        if (rtnl_message_type_is_link(m->hdr->nlmsg_type)) {
-                struct ifinfomsg *ifi;
-
-                ifi = NLMSG_DATA(m->hdr);
-
-                *family = ifi->ifi_family;
-
-                return 0;
-        } else if (rtnl_message_type_is_route(m->hdr->nlmsg_type)) {
-                struct rtmsg *rtm;
-
-                rtm = NLMSG_DATA(m->hdr);
-
-                *family = rtm->rtm_family;
-
-                return 0;
-        } else if (rtnl_message_type_is_neigh(m->hdr->nlmsg_type)) {
-                struct ndmsg *ndm;
-
-                ndm = NLMSG_DATA(m->hdr);
-
-                *family = ndm->ndm_family;
-
-                return 0;
-        } else if (rtnl_message_type_is_addr(m->hdr->nlmsg_type)) {
-                struct ifaddrmsg *ifa;
-
-                ifa = NLMSG_DATA(m->hdr);
-
-                *family = ifa->ifa_family;
-
-                return 0;
-        }
-
-        return -EOPNOTSUPP;
-}
diff --git a/src/libsystemd/sd-netlink/sd-netlink.c b/src/libsystemd/sd-netlink/sd-netlink.c
deleted file mode 100644
index 91701405a5..0000000000
--- a/src/libsystemd/sd-netlink/sd-netlink.c
+++ /dev/null
@@ -1,954 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <poll.h>
-#include <sys/socket.h>
-
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "hashmap.h"
-#include "macro.h"
-#include "missing.h"
-#include "netlink-internal.h"
-#include "netlink-util.h"
-#include "socket-util.h"
-#include "util.h"
-
-static int sd_netlink_new(sd_netlink **ret) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-
-        assert_return(ret, -EINVAL);
-
-        rtnl = new0(sd_netlink, 1);
-        if (!rtnl)
-                return -ENOMEM;
-
-        rtnl->n_ref = REFCNT_INIT;
-        rtnl->fd = -1;
-        rtnl->sockaddr.nl.nl_family = AF_NETLINK;
-        rtnl->original_pid = getpid();
-
-        LIST_HEAD_INIT(rtnl->match_callbacks);
-
-        /* We guarantee that the read buffer has at least space for
-         * a message header */
-        if (!greedy_realloc((void**)&rtnl->rbuffer, &rtnl->rbuffer_allocated,
-                            sizeof(struct nlmsghdr), sizeof(uint8_t)))
-                return -ENOMEM;
-
-        /* Change notification responses have sequence 0, so we must
-         * start our request sequence numbers at 1, or we may confuse our
-         * responses with notifications from the kernel */
-        rtnl->serial = 1;
-
-        *ret = rtnl;
-        rtnl = NULL;
-
-        return 0;
-}
-
-int sd_netlink_new_from_netlink(sd_netlink **ret, int fd) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        socklen_t addrlen;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        r = sd_netlink_new(&rtnl);
-        if (r < 0)
-                return r;
-
-        addrlen = sizeof(rtnl->sockaddr);
-
-        r = getsockname(fd, &rtnl->sockaddr.sa, &addrlen);
-        if (r < 0)
-                return -errno;
-
-        if (rtnl->sockaddr.nl.nl_family != AF_NETLINK)
-                return -EINVAL;
-
-        rtnl->fd = fd;
-
-        *ret = rtnl;
-        rtnl = NULL;
-
-        return 0;
-}
-
-static bool rtnl_pid_changed(sd_netlink *rtnl) {
-        assert(rtnl);
-
-        /* We don't support people creating an rtnl connection and
-         * keeping it around over a fork(). Let's complain. */
-
-        return rtnl->original_pid != getpid();
-}
-
-int sd_netlink_open_fd(sd_netlink **ret, int fd) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        int r;
-
-        assert_return(ret, -EINVAL);
-        assert_return(fd >= 0, -EBADF);
-
-        r = sd_netlink_new(&rtnl);
-        if (r < 0)
-                return r;
-
-        rtnl->fd = fd;
-
-        r = socket_bind(rtnl);
-        if (r < 0) {
-                rtnl->fd = -1; /* on failure, the caller remains owner of the fd, hence don't close it here */
-                return r;
-        }
-
-        *ret = rtnl;
-        rtnl = NULL;
-
-        return 0;
-}
-
-int sd_netlink_open(sd_netlink **ret) {
-        _cleanup_close_ int fd = -1;
-        int r;
-
-        fd = socket_open(NETLINK_ROUTE);
-        if (fd < 0)
-                return fd;
-
-        r = sd_netlink_open_fd(ret, fd);
-        if (r < 0)
-                return r;
-
-        fd = -1;
-
-        return 0;
-}
-
-int sd_netlink_inc_rcvbuf(const sd_netlink *const rtnl, const int size) {
-        return fd_inc_rcvbuf(rtnl->fd, size);
-}
-
-sd_netlink *sd_netlink_ref(sd_netlink *rtnl) {
-        assert_return(rtnl, NULL);
-        assert_return(!rtnl_pid_changed(rtnl), NULL);
-
-        if (rtnl)
-                assert_se(REFCNT_INC(rtnl->n_ref) >= 2);
-
-        return rtnl;
-}
-
-sd_netlink *sd_netlink_unref(sd_netlink *rtnl) {
-        if (!rtnl)
-                return NULL;
-
-        assert_return(!rtnl_pid_changed(rtnl), NULL);
-
-        if (REFCNT_DEC(rtnl->n_ref) == 0) {
-                struct match_callback *f;
-                unsigned i;
-
-                for (i = 0; i < rtnl->rqueue_size; i++)
-                        sd_netlink_message_unref(rtnl->rqueue[i]);
-                free(rtnl->rqueue);
-
-                for (i = 0; i < rtnl->rqueue_partial_size; i++)
-                        sd_netlink_message_unref(rtnl->rqueue_partial[i]);
-                free(rtnl->rqueue_partial);
-
-                free(rtnl->rbuffer);
-
-                hashmap_free_free(rtnl->reply_callbacks);
-                prioq_free(rtnl->reply_callbacks_prioq);
-
-                sd_event_source_unref(rtnl->io_event_source);
-                sd_event_source_unref(rtnl->time_event_source);
-                sd_event_unref(rtnl->event);
-
-                while ((f = rtnl->match_callbacks)) {
-                        sd_netlink_remove_match(rtnl, f->type, f->callback, f->userdata);
-                }
-
-                hashmap_free(rtnl->broadcast_group_refs);
-
-                safe_close(rtnl->fd);
-                free(rtnl);
-        }
-
-        return NULL;
-}
-
-static void rtnl_seal_message(sd_netlink *rtnl, sd_netlink_message *m) {
-        assert(rtnl);
-        assert(!rtnl_pid_changed(rtnl));
-        assert(m);
-        assert(m->hdr);
-
-        /* don't use seq == 0, as that is used for broadcasts, so we
-           would get confused by replies to such messages */
-        m->hdr->nlmsg_seq = rtnl->serial++ ? : rtnl->serial++;
-
-        rtnl_message_seal(m);
-
-        return;
-}
-
-int sd_netlink_send(sd_netlink *nl,
-                 sd_netlink_message *message,
-                 uint32_t *serial) {
-        int r;
-
-        assert_return(nl, -EINVAL);
-        assert_return(!rtnl_pid_changed(nl), -ECHILD);
-        assert_return(message, -EINVAL);
-        assert_return(!message->sealed, -EPERM);
-
-        rtnl_seal_message(nl, message);
-
-        r = socket_write_message(nl, message);
-        if (r < 0)
-                return r;
-
-        if (serial)
-                *serial = rtnl_message_get_serial(message);
-
-        return 1;
-}
-
-int rtnl_rqueue_make_room(sd_netlink *rtnl) {
-        assert(rtnl);
-
-        if (rtnl->rqueue_size >= RTNL_RQUEUE_MAX) {
-                log_debug("rtnl: exhausted the read queue size (%d)", RTNL_RQUEUE_MAX);
-                return -ENOBUFS;
-        }
-
-        if (!GREEDY_REALLOC(rtnl->rqueue, rtnl->rqueue_allocated, rtnl->rqueue_size + 1))
-                return -ENOMEM;
-
-        return 0;
-}
-
-int rtnl_rqueue_partial_make_room(sd_netlink *rtnl) {
-        assert(rtnl);
-
-        if (rtnl->rqueue_partial_size >= RTNL_RQUEUE_MAX) {
-                log_debug("rtnl: exhausted the partial read queue size (%d)", RTNL_RQUEUE_MAX);
-                return -ENOBUFS;
-        }
-
-        if (!GREEDY_REALLOC(rtnl->rqueue_partial, rtnl->rqueue_partial_allocated,
-                            rtnl->rqueue_partial_size + 1))
-                return -ENOMEM;
-
-        return 0;
-}
-
-static int dispatch_rqueue(sd_netlink *rtnl, sd_netlink_message **message) {
-        int r;
-
-        assert(rtnl);
-        assert(message);
-
-        if (rtnl->rqueue_size <= 0) {
-                /* Try to read a new message */
-                r = socket_read_message(rtnl);
-                if (r <= 0)
-                        return r;
-        }
-
-        /* Dispatch a queued message */
-        *message = rtnl->rqueue[0];
-        rtnl->rqueue_size--;
-        memmove(rtnl->rqueue, rtnl->rqueue + 1, sizeof(sd_netlink_message*) * rtnl->rqueue_size);
-
-        return 1;
-}
-
-static int process_timeout(sd_netlink *rtnl) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        struct reply_callback *c;
-        usec_t n;
-        int r;
-
-        assert(rtnl);
-
-        c = prioq_peek(rtnl->reply_callbacks_prioq);
-        if (!c)
-                return 0;
-
-        n = now(CLOCK_MONOTONIC);
-        if (c->timeout > n)
-                return 0;
-
-        r = rtnl_message_new_synthetic_error(-ETIMEDOUT, c->serial, &m);
-        if (r < 0)
-                return r;
-
-        assert_se(prioq_pop(rtnl->reply_callbacks_prioq) == c);
-        hashmap_remove(rtnl->reply_callbacks, &c->serial);
-
-        r = c->callback(rtnl, m, c->userdata);
-        if (r < 0)
-                log_debug_errno(r, "sd-netlink: timedout callback failed: %m");
-
-        free(c);
-
-        return 1;
-}
-
-static int process_reply(sd_netlink *rtnl, sd_netlink_message *m) {
-        _cleanup_free_ struct reply_callback *c = NULL;
-        uint64_t serial;
-        uint16_t type;
-        int r;
-
-        assert(rtnl);
-        assert(m);
-
-        serial = rtnl_message_get_serial(m);
-        c = hashmap_remove(rtnl->reply_callbacks, &serial);
-        if (!c)
-                return 0;
-
-        if (c->timeout != 0)
-                prioq_remove(rtnl->reply_callbacks_prioq, c, &c->prioq_idx);
-
-        r = sd_netlink_message_get_type(m, &type);
-        if (r < 0)
-                return 0;
-
-        if (type == NLMSG_DONE)
-                m = NULL;
-
-        r = c->callback(rtnl, m, c->userdata);
-        if (r < 0)
-                log_debug_errno(r, "sd-netlink: callback failed: %m");
-
-        return 1;
-}
-
-static int process_match(sd_netlink *rtnl, sd_netlink_message *m) {
-        struct match_callback *c;
-        uint16_t type;
-        int r;
-
-        assert(rtnl);
-        assert(m);
-
-        r = sd_netlink_message_get_type(m, &type);
-        if (r < 0)
-                return r;
-
-        LIST_FOREACH(match_callbacks, c, rtnl->match_callbacks) {
-                if (type == c->type) {
-                        r = c->callback(rtnl, m, c->userdata);
-                        if (r != 0) {
-                                if (r < 0)
-                                        log_debug_errno(r, "sd-netlink: match callback failed: %m");
-
-                                break;
-                        }
-                }
-        }
-
-        return 1;
-}
-
-static int process_running(sd_netlink *rtnl, sd_netlink_message **ret) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        int r;
-
-        assert(rtnl);
-
-        r = process_timeout(rtnl);
-        if (r != 0)
-                goto null_message;
-
-        r = dispatch_rqueue(rtnl, &m);
-        if (r < 0)
-                return r;
-        if (!m)
-                goto null_message;
-
-        if (sd_netlink_message_is_broadcast(m)) {
-                r = process_match(rtnl, m);
-                if (r != 0)
-                        goto null_message;
-        } else {
-                r = process_reply(rtnl, m);
-                if (r != 0)
-                        goto null_message;
-        }
-
-        if (ret) {
-                *ret = m;
-                m = NULL;
-
-                return 1;
-        }
-
-        return 1;
-
-null_message:
-        if (r >= 0 && ret)
-                *ret = NULL;
-
-        return r;
-}
-
-int sd_netlink_process(sd_netlink *rtnl, sd_netlink_message **ret) {
-        NETLINK_DONT_DESTROY(rtnl);
-        int r;
-
-        assert_return(rtnl, -EINVAL);
-        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
-        assert_return(!rtnl->processing, -EBUSY);
-
-        rtnl->processing = true;
-        r = process_running(rtnl, ret);
-        rtnl->processing = false;
-
-        return r;
-}
-
-static usec_t calc_elapse(uint64_t usec) {
-        if (usec == (uint64_t) -1)
-                return 0;
-
-        if (usec == 0)
-                usec = RTNL_DEFAULT_TIMEOUT;
-
-        return now(CLOCK_MONOTONIC) + usec;
-}
-
-static int rtnl_poll(sd_netlink *rtnl, bool need_more, uint64_t timeout_usec) {
-        struct pollfd p[1] = {};
-        struct timespec ts;
-        usec_t m = USEC_INFINITY;
-        int r, e;
-
-        assert(rtnl);
-
-        e = sd_netlink_get_events(rtnl);
-        if (e < 0)
-                return e;
-
-        if (need_more)
-                /* Caller wants more data, and doesn't care about
-                 * what's been read or any other timeouts. */
-                e |= POLLIN;
-        else {
-                usec_t until;
-                /* Caller wants to process if there is something to
-                 * process, but doesn't care otherwise */
-
-                r = sd_netlink_get_timeout(rtnl, &until);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        usec_t nw;
-                        nw = now(CLOCK_MONOTONIC);
-                        m = until > nw ? until - nw : 0;
-                }
-        }
-
-        if (timeout_usec != (uint64_t) -1 && (m == (uint64_t) -1 || timeout_usec < m))
-                m = timeout_usec;
-
-        p[0].fd = rtnl->fd;
-        p[0].events = e;
-
-        r = ppoll(p, 1, m == (uint64_t) -1 ? NULL : timespec_store(&ts, m), NULL);
-        if (r < 0)
-                return -errno;
-
-        return r > 0 ? 1 : 0;
-}
-
-int sd_netlink_wait(sd_netlink *nl, uint64_t timeout_usec) {
-        assert_return(nl, -EINVAL);
-        assert_return(!rtnl_pid_changed(nl), -ECHILD);
-
-        if (nl->rqueue_size > 0)
-                return 0;
-
-        return rtnl_poll(nl, false, timeout_usec);
-}
-
-static int timeout_compare(const void *a, const void *b) {
-        const struct reply_callback *x = a, *y = b;
-
-        if (x->timeout != 0 && y->timeout == 0)
-                return -1;
-
-        if (x->timeout == 0 && y->timeout != 0)
-                return 1;
-
-        if (x->timeout < y->timeout)
-                return -1;
-
-        if (x->timeout > y->timeout)
-                return 1;
-
-        return 0;
-}
-
-int sd_netlink_call_async(sd_netlink *nl,
-                       sd_netlink_message *m,
-                       sd_netlink_message_handler_t callback,
-                       void *userdata,
-                       uint64_t usec,
-                       uint32_t *serial) {
-        struct reply_callback *c;
-        uint32_t s;
-        int r, k;
-
-        assert_return(nl, -EINVAL);
-        assert_return(m, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(!rtnl_pid_changed(nl), -ECHILD);
-
-        r = hashmap_ensure_allocated(&nl->reply_callbacks, &uint64_hash_ops);
-        if (r < 0)
-                return r;
-
-        if (usec != (uint64_t) -1) {
-                r = prioq_ensure_allocated(&nl->reply_callbacks_prioq, timeout_compare);
-                if (r < 0)
-                        return r;
-        }
-
-        c = new0(struct reply_callback, 1);
-        if (!c)
-                return -ENOMEM;
-
-        c->callback = callback;
-        c->userdata = userdata;
-        c->timeout = calc_elapse(usec);
-
-        k = sd_netlink_send(nl, m, &s);
-        if (k < 0) {
-                free(c);
-                return k;
-        }
-
-        c->serial = s;
-
-        r = hashmap_put(nl->reply_callbacks, &c->serial, c);
-        if (r < 0) {
-                free(c);
-                return r;
-        }
-
-        if (c->timeout != 0) {
-                r = prioq_put(nl->reply_callbacks_prioq, c, &c->prioq_idx);
-                if (r > 0) {
-                        c->timeout = 0;
-                        sd_netlink_call_async_cancel(nl, c->serial);
-                        return r;
-                }
-        }
-
-        if (serial)
-                *serial = s;
-
-        return k;
-}
-
-int sd_netlink_call_async_cancel(sd_netlink *nl, uint32_t serial) {
-        struct reply_callback *c;
-        uint64_t s = serial;
-
-        assert_return(nl, -EINVAL);
-        assert_return(serial != 0, -EINVAL);
-        assert_return(!rtnl_pid_changed(nl), -ECHILD);
-
-        c = hashmap_remove(nl->reply_callbacks, &s);
-        if (!c)
-                return 0;
-
-        if (c->timeout != 0)
-                prioq_remove(nl->reply_callbacks_prioq, c, &c->prioq_idx);
-
-        free(c);
-        return 1;
-}
-
-int sd_netlink_call(sd_netlink *rtnl,
-                sd_netlink_message *message,
-                uint64_t usec,
-                sd_netlink_message **ret) {
-        usec_t timeout;
-        uint32_t serial;
-        int r;
-
-        assert_return(rtnl, -EINVAL);
-        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
-        assert_return(message, -EINVAL);
-
-        r = sd_netlink_send(rtnl, message, &serial);
-        if (r < 0)
-                return r;
-
-        timeout = calc_elapse(usec);
-
-        for (;;) {
-                usec_t left;
-                unsigned i;
-
-                for (i = 0; i < rtnl->rqueue_size; i++) {
-                        uint32_t received_serial;
-
-                        received_serial = rtnl_message_get_serial(rtnl->rqueue[i]);
-
-                        if (received_serial == serial) {
-                                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *incoming = NULL;
-                                uint16_t type;
-
-                                incoming = rtnl->rqueue[i];
-
-                                /* found a match, remove from rqueue and return it */
-                                memmove(rtnl->rqueue + i,rtnl->rqueue + i + 1,
-                                        sizeof(sd_netlink_message*) * (rtnl->rqueue_size - i - 1));
-                                rtnl->rqueue_size--;
-
-                                r = sd_netlink_message_get_errno(incoming);
-                                if (r < 0)
-                                        return r;
-
-                                r = sd_netlink_message_get_type(incoming, &type);
-                                if (r < 0)
-                                        return r;
-
-                                if (type == NLMSG_DONE) {
-                                        *ret = NULL;
-                                        return 0;
-                                }
-
-                                if (ret) {
-                                        *ret = incoming;
-                                        incoming = NULL;
-                                }
-
-                                return 1;
-                        }
-                }
-
-                r = socket_read_message(rtnl);
-                if (r < 0)
-                        return r;
-                if (r > 0)
-                        /* received message, so try to process straight away */
-                        continue;
-
-                if (timeout > 0) {
-                        usec_t n;
-
-                        n = now(CLOCK_MONOTONIC);
-                        if (n >= timeout)
-                                return -ETIMEDOUT;
-
-                        left = timeout - n;
-                } else
-                        left = (uint64_t) -1;
-
-                r = rtnl_poll(rtnl, true, left);
-                if (r < 0)
-                        return r;
-                else if (r == 0)
-                        return -ETIMEDOUT;
-        }
-}
-
-int sd_netlink_get_events(sd_netlink *rtnl) {
-        assert_return(rtnl, -EINVAL);
-        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
-
-        if (rtnl->rqueue_size == 0)
-                return POLLIN;
-        else
-                return 0;
-}
-
-int sd_netlink_get_timeout(sd_netlink *rtnl, uint64_t *timeout_usec) {
-        struct reply_callback *c;
-
-        assert_return(rtnl, -EINVAL);
-        assert_return(timeout_usec, -EINVAL);
-        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
-
-        if (rtnl->rqueue_size > 0) {
-                *timeout_usec = 0;
-                return 1;
-        }
-
-        c = prioq_peek(rtnl->reply_callbacks_prioq);
-        if (!c) {
-                *timeout_usec = (uint64_t) -1;
-                return 0;
-        }
-
-        *timeout_usec = c->timeout;
-
-        return 1;
-}
-
-static int io_callback(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        sd_netlink *rtnl = userdata;
-        int r;
-
-        assert(rtnl);
-
-        r = sd_netlink_process(rtnl, NULL);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int time_callback(sd_event_source *s, uint64_t usec, void *userdata) {
-        sd_netlink *rtnl = userdata;
-        int r;
-
-        assert(rtnl);
-
-        r = sd_netlink_process(rtnl, NULL);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int prepare_callback(sd_event_source *s, void *userdata) {
-        sd_netlink *rtnl = userdata;
-        int r, e;
-        usec_t until;
-
-        assert(s);
-        assert(rtnl);
-
-        e = sd_netlink_get_events(rtnl);
-        if (e < 0)
-                return e;
-
-        r = sd_event_source_set_io_events(rtnl->io_event_source, e);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_get_timeout(rtnl, &until);
-        if (r < 0)
-                return r;
-        if (r > 0) {
-                int j;
-
-                j = sd_event_source_set_time(rtnl->time_event_source, until);
-                if (j < 0)
-                        return j;
-        }
-
-        r = sd_event_source_set_enabled(rtnl->time_event_source, r > 0);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-int sd_netlink_attach_event(sd_netlink *rtnl, sd_event *event, int64_t priority) {
-        int r;
-
-        assert_return(rtnl, -EINVAL);
-        assert_return(!rtnl->event, -EBUSY);
-
-        assert(!rtnl->io_event_source);
-        assert(!rtnl->time_event_source);
-
-        if (event)
-                rtnl->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&rtnl->event);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_event_add_io(rtnl->event, &rtnl->io_event_source, rtnl->fd, 0, io_callback, rtnl);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_priority(rtnl->io_event_source, priority);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_description(rtnl->io_event_source, "rtnl-receive-message");
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_prepare(rtnl->io_event_source, prepare_callback);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_add_time(rtnl->event, &rtnl->time_event_source, CLOCK_MONOTONIC, 0, 0, time_callback, rtnl);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_priority(rtnl->time_event_source, priority);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_description(rtnl->time_event_source, "rtnl-timer");
-        if (r < 0)
-                goto fail;
-
-        return 0;
-
-fail:
-        sd_netlink_detach_event(rtnl);
-        return r;
-}
-
-int sd_netlink_detach_event(sd_netlink *rtnl) {
-        assert_return(rtnl, -EINVAL);
-        assert_return(rtnl->event, -ENXIO);
-
-        rtnl->io_event_source = sd_event_source_unref(rtnl->io_event_source);
-
-        rtnl->time_event_source = sd_event_source_unref(rtnl->time_event_source);
-
-        rtnl->event = sd_event_unref(rtnl->event);
-
-        return 0;
-}
-
-int sd_netlink_add_match(sd_netlink *rtnl,
-                      uint16_t type,
-                      sd_netlink_message_handler_t callback,
-                      void *userdata) {
-        _cleanup_free_ struct match_callback *c = NULL;
-        int r;
-
-        assert_return(rtnl, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
-
-        c = new0(struct match_callback, 1);
-        if (!c)
-                return -ENOMEM;
-
-        c->callback = callback;
-        c->type = type;
-        c->userdata = userdata;
-
-        switch (type) {
-                case RTM_NEWLINK:
-                case RTM_DELLINK:
-                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_LINK);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                case RTM_NEWADDR:
-                case RTM_DELADDR:
-                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV4_IFADDR);
-                        if (r < 0)
-                                return r;
-
-                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV6_IFADDR);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                case RTM_NEWROUTE:
-                case RTM_DELROUTE:
-                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV4_ROUTE);
-                        if (r < 0)
-                                return r;
-
-                        r = socket_broadcast_group_ref(rtnl, RTNLGRP_IPV6_ROUTE);
-                        if (r < 0)
-                                return r;
-                        break;
-                default:
-                        return -EOPNOTSUPP;
-        }
-
-        LIST_PREPEND(match_callbacks, rtnl->match_callbacks, c);
-
-        c = NULL;
-
-        return 0;
-}
-
-int sd_netlink_remove_match(sd_netlink *rtnl,
-                         uint16_t type,
-                         sd_netlink_message_handler_t callback,
-                         void *userdata) {
-        struct match_callback *c;
-        int r;
-
-        assert_return(rtnl, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(!rtnl_pid_changed(rtnl), -ECHILD);
-
-        LIST_FOREACH(match_callbacks, c, rtnl->match_callbacks)
-                if (c->callback == callback && c->type == type && c->userdata == userdata) {
-                        LIST_REMOVE(match_callbacks, rtnl->match_callbacks, c);
-                        free(c);
-
-                        switch (type) {
-                                case RTM_NEWLINK:
-                                case RTM_DELLINK:
-                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_LINK);
-                                        if (r < 0)
-                                                return r;
-
-                                        break;
-                                case RTM_NEWADDR:
-                                case RTM_DELADDR:
-                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV4_IFADDR);
-                                        if (r < 0)
-                                                return r;
-
-                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV6_IFADDR);
-                                        if (r < 0)
-                                                return r;
-
-                                        break;
-                                case RTM_NEWROUTE:
-                                case RTM_DELROUTE:
-                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV4_ROUTE);
-                                        if (r < 0)
-                                                return r;
-
-                                        r = socket_broadcast_group_unref(rtnl, RTNLGRP_IPV6_ROUTE);
-                                        if (r < 0)
-                                                return r;
-                                        break;
-                                default:
-                                        return -EOPNOTSUPP;
-                        }
-
-                        return 1;
-                }
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-netlink/test-netlink.c b/src/libsystemd/sd-netlink/test-netlink.c
deleted file mode 100644
index 58c2e892f5..0000000000
--- a/src/libsystemd/sd-netlink/test-netlink.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/if.h>
-#include <netinet/ether.h>
-
-#include "sd-netlink.h"
-
-#include "ether-addr-util.h"
-#include "macro.h"
-#include "missing.h"
-#include "netlink-util.h"
-#include "socket-util.h"
-#include "string-util.h"
-#include "util.h"
-
-static void test_message_link_bridge(sd_netlink *rtnl) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
-        uint32_t cost;
-
-        assert_se(sd_rtnl_message_new_link(rtnl, &message, RTM_NEWLINK, 1) >= 0);
-        assert_se(sd_rtnl_message_link_set_family(message, PF_BRIDGE) >= 0);
-        assert_se(sd_netlink_message_open_container(message, IFLA_PROTINFO) >= 0);
-        assert_se(sd_netlink_message_append_u32(message, IFLA_BRPORT_COST, 10) >= 0);
-        assert_se(sd_netlink_message_close_container(message) >= 0);
-
-        assert_se(sd_netlink_message_rewind(message) >= 0);
-
-        assert_se(sd_netlink_message_enter_container(message, IFLA_PROTINFO) >= 0);
-        assert_se(sd_netlink_message_read_u32(message, IFLA_BRPORT_COST, &cost) >= 0);
-        assert_se(cost == 10);
-        assert_se(sd_netlink_message_exit_container(message) >= 0);
-}
-
-static void test_link_configure(sd_netlink *rtnl, int ifindex) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
-        const char *mac = "98:fe:94:3f:c6:18", *name = "test";
-        char buffer[ETHER_ADDR_TO_STRING_MAX];
-        unsigned int mtu = 1450, mtu_out;
-        const char *name_out;
-        struct ether_addr mac_out;
-
-        /* we'd really like to test NEWLINK, but let's not mess with the running kernel */
-        assert_se(sd_rtnl_message_new_link(rtnl, &message, RTM_GETLINK, ifindex) >= 0);
-        assert_se(sd_netlink_message_append_string(message, IFLA_IFNAME, name) >= 0);
-        assert_se(sd_netlink_message_append_ether_addr(message, IFLA_ADDRESS, ether_aton(mac)) >= 0);
-        assert_se(sd_netlink_message_append_u32(message, IFLA_MTU, mtu) >= 0);
-
-        assert_se(sd_netlink_call(rtnl, message, 0, NULL) == 1);
-        assert_se(sd_netlink_message_rewind(message) >= 0);
-
-        assert_se(sd_netlink_message_read_string(message, IFLA_IFNAME, &name_out) >= 0);
-        assert_se(streq(name, name_out));
-
-        assert_se(sd_netlink_message_read_ether_addr(message, IFLA_ADDRESS, &mac_out) >= 0);
-        assert_se(streq(mac, ether_addr_to_string(&mac_out, buffer)));
-
-        assert_se(sd_netlink_message_read_u32(message, IFLA_MTU, &mtu_out) >= 0);
-        assert_se(mtu == mtu_out);
-}
-
-static void test_link_get(sd_netlink *rtnl, int ifindex) {
-        sd_netlink_message *m;
-        sd_netlink_message *r;
-        unsigned int mtu = 1500;
-        const char *str_data;
-        uint8_t u8_data;
-        uint32_t u32_data;
-        struct ether_addr eth_data;
-
-        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, ifindex) >= 0);
-        assert_se(m);
-
-        /* u8 test cases  */
-        assert_se(sd_netlink_message_append_u8(m, IFLA_CARRIER, 0) >= 0);
-        assert_se(sd_netlink_message_append_u8(m, IFLA_OPERSTATE, 0) >= 0);
-        assert_se(sd_netlink_message_append_u8(m, IFLA_LINKMODE, 0) >= 0);
-
-        /* u32 test cases */
-        assert_se(sd_netlink_message_append_u32(m, IFLA_MTU, mtu) >= 0);
-        assert_se(sd_netlink_message_append_u32(m, IFLA_GROUP, 0) >= 0);
-        assert_se(sd_netlink_message_append_u32(m, IFLA_TXQLEN, 0) >= 0);
-        assert_se(sd_netlink_message_append_u32(m, IFLA_NUM_TX_QUEUES, 0) >= 0);
-        assert_se(sd_netlink_message_append_u32(m, IFLA_NUM_RX_QUEUES, 0) >= 0);
-
-        assert_se(sd_netlink_call(rtnl, m, -1, &r) == 1);
-
-        assert_se(sd_netlink_message_read_string(r, IFLA_IFNAME, &str_data) == 0);
-
-        assert_se(sd_netlink_message_read_u8(r, IFLA_CARRIER, &u8_data) == 0);
-        assert_se(sd_netlink_message_read_u8(r, IFLA_OPERSTATE, &u8_data) == 0);
-        assert_se(sd_netlink_message_read_u8(r, IFLA_LINKMODE, &u8_data) == 0);
-
-        assert_se(sd_netlink_message_read_u32(r, IFLA_MTU, &u32_data) == 0);
-        assert_se(sd_netlink_message_read_u32(r, IFLA_GROUP, &u32_data) == 0);
-        assert_se(sd_netlink_message_read_u32(r, IFLA_TXQLEN, &u32_data) == 0);
-        assert_se(sd_netlink_message_read_u32(r, IFLA_NUM_TX_QUEUES, &u32_data) == 0);
-        assert_se(sd_netlink_message_read_u32(r, IFLA_NUM_RX_QUEUES, &u32_data) == 0);
-
-        assert_se(sd_netlink_message_read_ether_addr(r, IFLA_ADDRESS, &eth_data) == 0);
-
-        assert_se((m = sd_netlink_message_unref(m)) == NULL);
-        assert_se((r = sd_netlink_message_unref(r)) == NULL);
-}
-
-
-static void test_address_get(sd_netlink *rtnl, int ifindex) {
-        sd_netlink_message *m;
-        sd_netlink_message *r;
-        struct in_addr in_data;
-        struct ifa_cacheinfo cache;
-        const char *label;
-
-        assert_se(sd_rtnl_message_new_addr(rtnl, &m, RTM_GETADDR, ifindex, AF_INET) >= 0);
-        assert_se(m);
-
-        assert_se(sd_netlink_call(rtnl, m, -1, &r) == 1);
-
-        assert_se(sd_netlink_message_read_in_addr(r, IFA_LOCAL, &in_data) == 0);
-        assert_se(sd_netlink_message_read_in_addr(r, IFA_ADDRESS, &in_data) == 0);
-        assert_se(sd_netlink_message_read_string(r, IFA_LABEL, &label) == 0);
-        assert_se(sd_netlink_message_read_cache_info(r, IFA_CACHEINFO, &cache) == 0);
-
-        assert_se((m = sd_netlink_message_unref(m)) == NULL);
-        assert_se((r = sd_netlink_message_unref(r)) == NULL);
-
-}
-
-static void test_route(void) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req;
-        struct in_addr addr, addr_data;
-        uint32_t index = 2, u32_data;
-        int r;
-
-        r = sd_rtnl_message_new_route(NULL, &req, RTM_NEWROUTE, AF_INET, RTPROT_STATIC);
-        if (r < 0) {
-                log_error_errno(r, "Could not create RTM_NEWROUTE message: %m");
-                return;
-        }
-
-        addr.s_addr = htonl(INADDR_LOOPBACK);
-
-        r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &addr);
-        if (r < 0) {
-                log_error_errno(r, "Could not append RTA_GATEWAY attribute: %m");
-                return;
-        }
-
-        r = sd_netlink_message_append_u32(req, RTA_OIF, index);
-        if (r < 0) {
-                log_error_errno(r, "Could not append RTA_OIF attribute: %m");
-                return;
-        }
-
-        assert_se(sd_netlink_message_rewind(req) >= 0);
-
-        assert_se(sd_netlink_message_read_in_addr(req, RTA_GATEWAY, &addr_data) >= 0);
-        assert_se(addr_data.s_addr == addr.s_addr);
-
-        assert_se(sd_netlink_message_read_u32(req, RTA_OIF, &u32_data) >= 0);
-        assert_se(u32_data == index);
-
-        assert_se((req = sd_netlink_message_unref(req)) == NULL);
-}
-
-static void test_multiple(void) {
-        sd_netlink *rtnl1, *rtnl2;
-
-        assert_se(sd_netlink_open(&rtnl1) >= 0);
-        assert_se(sd_netlink_open(&rtnl2) >= 0);
-
-        rtnl1 = sd_netlink_unref(rtnl1);
-        rtnl2 = sd_netlink_unref(rtnl2);
-}
-
-static int link_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
-        char *ifname = userdata;
-        const char *data;
-
-        assert_se(rtnl);
-        assert_se(m);
-
-        log_info("got link info about %s", ifname);
-        free(ifname);
-
-        assert_se(sd_netlink_message_read_string(m, IFLA_IFNAME, &data) >= 0);
-        assert_se(streq(data, "lo"));
-
-        return 1;
-}
-
-static void test_event_loop(int ifindex) {
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        char *ifname;
-
-        ifname = strdup("lo2");
-        assert_se(ifname);
-
-        assert_se(sd_netlink_open(&rtnl) >= 0);
-        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, ifindex) >= 0);
-
-        assert_se(sd_netlink_call_async(rtnl, m, link_handler, ifname, 0, NULL) >= 0);
-
-        assert_se(sd_event_default(&event) >= 0);
-
-        assert_se(sd_netlink_attach_event(rtnl, event, 0) >= 0);
-
-        assert_se(sd_event_run(event, 0) >= 0);
-
-        assert_se(sd_netlink_detach_event(rtnl) >= 0);
-
-        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
-}
-
-static int pipe_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
-        int *counter = userdata;
-        int r;
-
-        (*counter)--;
-
-        r = sd_netlink_message_get_errno(m);
-
-        log_info_errno(r, "%d left in pipe. got reply: %m", *counter);
-
-        assert_se(r >= 0);
-
-        return 1;
-}
-
-static void test_async(int ifindex) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL, *r = NULL;
-        uint32_t serial;
-        char *ifname;
-
-        ifname = strdup("lo");
-        assert_se(ifname);
-
-        assert_se(sd_netlink_open(&rtnl) >= 0);
-
-        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, ifindex) >= 0);
-
-        assert_se(sd_netlink_call_async(rtnl, m, link_handler, ifname, 0, &serial) >= 0);
-
-        assert_se(sd_netlink_wait(rtnl, 0) >= 0);
-        assert_se(sd_netlink_process(rtnl, &r) >= 0);
-
-        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
-}
-
-static void test_pipe(int ifindex) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m1 = NULL, *m2 = NULL;
-        int counter = 0;
-
-        assert_se(sd_netlink_open(&rtnl) >= 0);
-
-        assert_se(sd_rtnl_message_new_link(rtnl, &m1, RTM_GETLINK, ifindex) >= 0);
-        assert_se(sd_rtnl_message_new_link(rtnl, &m2, RTM_GETLINK, ifindex) >= 0);
-
-        counter++;
-        assert_se(sd_netlink_call_async(rtnl, m1, pipe_handler, &counter, 0, NULL) >= 0);
-
-        counter++;
-        assert_se(sd_netlink_call_async(rtnl, m2, pipe_handler, &counter, 0, NULL) >= 0);
-
-        while (counter > 0) {
-                assert_se(sd_netlink_wait(rtnl, 0) >= 0);
-                assert_se(sd_netlink_process(rtnl, NULL) >= 0);
-        }
-
-        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
-}
-
-static void test_container(void) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        uint16_t u16_data;
-        uint32_t u32_data;
-        const char *string_data;
-
-        assert_se(sd_rtnl_message_new_link(NULL, &m, RTM_NEWLINK, 0) >= 0);
-
-        assert_se(sd_netlink_message_open_container(m, IFLA_LINKINFO) >= 0);
-        assert_se(sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "vlan") >= 0);
-        assert_se(sd_netlink_message_append_u16(m, IFLA_VLAN_ID, 100) >= 0);
-        assert_se(sd_netlink_message_close_container(m) >= 0);
-        assert_se(sd_netlink_message_append_string(m, IFLA_INFO_KIND, "vlan") >= 0);
-        assert_se(sd_netlink_message_close_container(m) >= 0);
-        assert_se(sd_netlink_message_close_container(m) == -EINVAL);
-
-        assert_se(sd_netlink_message_rewind(m) >= 0);
-
-        assert_se(sd_netlink_message_enter_container(m, IFLA_LINKINFO) >= 0);
-        assert_se(sd_netlink_message_read_string(m, IFLA_INFO_KIND, &string_data) >= 0);
-        assert_se(streq("vlan", string_data));
-
-        assert_se(sd_netlink_message_enter_container(m, IFLA_INFO_DATA) >= 0);
-        assert_se(sd_netlink_message_read_u16(m, IFLA_VLAN_ID, &u16_data) >= 0);
-        assert_se(sd_netlink_message_exit_container(m) >= 0);
-
-        assert_se(sd_netlink_message_read_string(m, IFLA_INFO_KIND, &string_data) >= 0);
-        assert_se(streq("vlan", string_data));
-        assert_se(sd_netlink_message_exit_container(m) >= 0);
-
-        assert_se(sd_netlink_message_read_u32(m, IFLA_LINKINFO, &u32_data) < 0);
-
-        assert_se(sd_netlink_message_exit_container(m) == -EINVAL);
-}
-
-static void test_match(void) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-
-        assert_se(sd_netlink_open(&rtnl) >= 0);
-
-        assert_se(sd_netlink_add_match(rtnl, RTM_NEWLINK, link_handler, NULL) >= 0);
-        assert_se(sd_netlink_add_match(rtnl, RTM_NEWLINK, link_handler, NULL) >= 0);
-
-        assert_se(sd_netlink_remove_match(rtnl, RTM_NEWLINK, link_handler, NULL) == 1);
-        assert_se(sd_netlink_remove_match(rtnl, RTM_NEWLINK, link_handler, NULL) == 1);
-        assert_se(sd_netlink_remove_match(rtnl, RTM_NEWLINK, link_handler, NULL) == 0);
-
-        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
-}
-
-static void test_get_addresses(sd_netlink *rtnl) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        sd_netlink_message *m;
-
-        assert_se(sd_rtnl_message_new_addr(rtnl, &req, RTM_GETADDR, 0, AF_UNSPEC) >= 0);
-
-        assert_se(sd_netlink_call(rtnl, req, 0, &reply) >= 0);
-
-        for (m = reply; m; m = sd_netlink_message_next(m)) {
-                uint16_t type;
-                unsigned char scope, flags;
-                int family, ifindex;
-
-                assert_se(sd_netlink_message_get_type(m, &type) >= 0);
-                assert_se(type == RTM_NEWADDR);
-
-                assert_se(sd_rtnl_message_addr_get_ifindex(m, &ifindex) >= 0);
-                assert_se(sd_rtnl_message_addr_get_family(m, &family) >= 0);
-                assert_se(sd_rtnl_message_addr_get_scope(m, &scope) >= 0);
-                assert_se(sd_rtnl_message_addr_get_flags(m, &flags) >= 0);
-
-                assert_se(ifindex > 0);
-                assert_se(family == AF_INET || family == AF_INET6);
-
-                log_info("got IPv%u address on ifindex %i", family == AF_INET ? 4: 6, ifindex);
-        }
-}
-
-static void test_message(void) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-
-        assert_se(rtnl_message_new_synthetic_error(-ETIMEDOUT, 1, &m) >= 0);
-        assert_se(sd_netlink_message_get_errno(m) == -ETIMEDOUT);
-}
-
-int main(void) {
-        sd_netlink *rtnl;
-        sd_netlink_message *m;
-        sd_netlink_message *r;
-        const char *string_data;
-        int if_loopback;
-        uint16_t type;
-
-        test_message();
-
-        test_match();
-
-        test_multiple();
-
-        test_route();
-
-        test_container();
-
-        assert_se(sd_netlink_open(&rtnl) >= 0);
-        assert_se(rtnl);
-
-        if_loopback = (int) if_nametoindex("lo");
-        assert_se(if_loopback > 0);
-
-        test_async(if_loopback);
-
-        test_pipe(if_loopback);
-
-        test_event_loop(if_loopback);
-
-        test_link_configure(rtnl, if_loopback);
-
-        test_get_addresses(rtnl);
-
-        test_message_link_bridge(rtnl);
-
-        assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_GETLINK, if_loopback) >= 0);
-        assert_se(m);
-
-        assert_se(sd_netlink_message_get_type(m, &type) >= 0);
-        assert_se(type == RTM_GETLINK);
-
-        assert_se(sd_netlink_message_read_string(m, IFLA_IFNAME, &string_data) == -EPERM);
-
-        assert_se(sd_netlink_call(rtnl, m, 0, &r) == 1);
-        assert_se(sd_netlink_message_get_type(r, &type) >= 0);
-        assert_se(type == RTM_NEWLINK);
-
-        assert_se((r = sd_netlink_message_unref(r)) == NULL);
-
-        assert_se(sd_netlink_call(rtnl, m, -1, &r) == -EPERM);
-        assert_se((m = sd_netlink_message_unref(m)) == NULL);
-        assert_se((r = sd_netlink_message_unref(r)) == NULL);
-
-        test_link_get(rtnl, if_loopback);
-        test_address_get(rtnl, if_loopback);
-
-        assert_se((m = sd_netlink_message_unref(m)) == NULL);
-        assert_se((r = sd_netlink_message_unref(r)) == NULL);
-        assert_se((rtnl = sd_netlink_unref(rtnl)) == NULL);
-
-        return EXIT_SUCCESS;
-}
diff --git a/src/libsystemd/sd-network/Makefile b/src/libsystemd/sd-network/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/libsystemd/sd-network/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-network/network-util.h b/src/libsystemd/sd-network/network-util.h
deleted file mode 100644
index 26780dce28..0000000000
--- a/src/libsystemd/sd-network/network-util.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Thomas Hindø Paabøl Andersen
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-network.h"
-
-bool network_is_online(void);
diff --git a/src/libsystemd/sd-network/sd-network.c b/src/libsystemd/sd-network/sd-network.c
deleted file mode 100644
index f8e18f23fd..0000000000
--- a/src/libsystemd/sd-network/sd-network.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-  Copyright 2014 Tom Gundersen
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <poll.h>
-#include <string.h>
-#include <sys/inotify.h>
-
-#include "sd-network.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-_public_ int sd_network_get_operational_state(char **state) {
-        _cleanup_free_ char *s = NULL;
-        int r;
-
-        assert_return(state, -EINVAL);
-
-        r = parse_env_file("/run/systemd/netif/state", NEWLINE, "OPER_STATE", &s, NULL);
-        if (r == -ENOENT)
-                return -ENODATA;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -ENODATA;
-
-        *state = s;
-        s = NULL;
-
-        return 0;
-}
-
-static int network_get_strv(const char *key, char ***ret) {
-        _cleanup_strv_free_ char **a = NULL;
-        _cleanup_free_ char *s = NULL;
-        int r;
-
-        assert_return(ret, -EINVAL);
-
-        r = parse_env_file("/run/systemd/netif/state", NEWLINE, key, &s, NULL);
-        if (r == -ENOENT)
-                return -ENODATA;
-        if (r < 0)
-                return r;
-        if (isempty(s)) {
-                *ret = NULL;
-                return 0;
-        }
-
-        a = strv_split(s, " ");
-        if (!a)
-                return -ENOMEM;
-
-        strv_uniq(a);
-        r = strv_length(a);
-
-        *ret = a;
-        a = NULL;
-
-        return r;
-}
-
-_public_ int sd_network_get_dns(char ***ret) {
-        return network_get_strv("DNS", ret);
-}
-
-_public_ int sd_network_get_ntp(char ***ret) {
-        return network_get_strv("NTP", ret);
-}
-
-_public_ int sd_network_get_search_domains(char ***ret) {
-        return network_get_strv("DOMAINS", ret);
-}
-
-_public_ int sd_network_get_route_domains(char ***ret) {
-        return network_get_strv("ROUTE_DOMAINS", ret);
-}
-
-static int network_link_get_string(int ifindex, const char *field, char **ret) {
-        char path[strlen("/run/systemd/netif/links/") + DECIMAL_STR_MAX(ifindex) + 1];
-        _cleanup_free_ char *s = NULL;
-        int r;
-
-        assert_return(ifindex > 0, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        xsprintf(path, "/run/systemd/netif/links/%i", ifindex);
-
-        r = parse_env_file(path, NEWLINE, field, &s, NULL);
-        if (r == -ENOENT)
-                return -ENODATA;
-        if (r < 0)
-                return r;
-        if (isempty(s))
-                return -ENODATA;
-
-        *ret = s;
-        s = NULL;
-
-        return 0;
-}
-
-static int network_link_get_strv(int ifindex, const char *key, char ***ret) {
-        char path[strlen("/run/systemd/netif/links/") + DECIMAL_STR_MAX(ifindex) + 1];
-        _cleanup_strv_free_ char **a = NULL;
-        _cleanup_free_ char *s = NULL;
-        int r;
-
-        assert_return(ifindex > 0, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        xsprintf(path, "/run/systemd/netif/links/%i", ifindex);
-        r = parse_env_file(path, NEWLINE, key, &s, NULL);
-        if (r == -ENOENT)
-                return -ENODATA;
-        if (r < 0)
-                return r;
-        if (isempty(s)) {
-                *ret = NULL;
-                return 0;
-        }
-
-        a = strv_split(s, " ");
-        if (!a)
-                return -ENOMEM;
-
-        strv_uniq(a);
-        r = strv_length(a);
-
-        *ret = a;
-        a = NULL;
-
-        return r;
-}
-
-_public_ int sd_network_link_get_setup_state(int ifindex, char **state) {
-        return network_link_get_string(ifindex, "ADMIN_STATE", state);
-}
-
-_public_ int sd_network_link_get_network_file(int ifindex, char **filename) {
-        return network_link_get_string(ifindex, "NETWORK_FILE", filename);
-}
-
-_public_ int sd_network_link_get_operational_state(int ifindex, char **state) {
-        return network_link_get_string(ifindex, "OPER_STATE", state);
-}
-
-_public_ int sd_network_link_get_llmnr(int ifindex, char **llmnr) {
-        return network_link_get_string(ifindex, "LLMNR", llmnr);
-}
-
-_public_ int sd_network_link_get_mdns(int ifindex, char **mdns) {
-        return network_link_get_string(ifindex, "MDNS", mdns);
-}
-
-_public_ int sd_network_link_get_dnssec(int ifindex, char **dnssec) {
-        return network_link_get_string(ifindex, "DNSSEC", dnssec);
-}
-
-_public_ int sd_network_link_get_dnssec_negative_trust_anchors(int ifindex, char ***nta) {
-        return network_link_get_strv(ifindex, "DNSSEC_NTA", nta);
-}
-
-_public_ int sd_network_link_get_timezone(int ifindex, char **ret) {
-        return network_link_get_string(ifindex, "TIMEZONE", ret);
-}
-
-_public_ int sd_network_link_get_dns(int ifindex, char ***ret) {
-        return network_link_get_strv(ifindex, "DNS", ret);
-}
-
-_public_ int sd_network_link_get_ntp(int ifindex, char ***ret) {
-        return network_link_get_strv(ifindex, "NTP", ret);
-}
-
-_public_ int sd_network_link_get_search_domains(int ifindex, char ***ret) {
-        return network_link_get_strv(ifindex, "DOMAINS", ret);
-}
-
-_public_ int sd_network_link_get_route_domains(int ifindex, char ***ret) {
-        return network_link_get_strv(ifindex, "ROUTE_DOMAINS", ret);
-}
-
-static int network_link_get_ifindexes(int ifindex, const char *key, int **ret) {
-        char path[strlen("/run/systemd/netif/links/") + DECIMAL_STR_MAX(ifindex) + 1];
-        _cleanup_free_ int *ifis = NULL;
-        _cleanup_free_ char *s = NULL;
-        size_t allocated = 0, c = 0;
-        const char *x;
-        int r;
-
-        assert_return(ifindex > 0, -EINVAL);
-        assert_return(ret, -EINVAL);
-
-        xsprintf(path, "/run/systemd/netif/links/%i", ifindex);
-        r = parse_env_file(path, NEWLINE, key, &s, NULL);
-        if (r == -ENOENT)
-                return -ENODATA;
-        if (r < 0)
-                return r;
-        if (isempty(s)) {
-                *ret = NULL;
-                return 0;
-        }
-
-        x = s;
-        for (;;) {
-                _cleanup_free_ char *word = NULL;
-
-                r = extract_first_word(&x, &word, NULL, 0);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                r = parse_ifindex(word, &ifindex);
-                if (r < 0)
-                        return r;
-
-                if (!GREEDY_REALLOC(ifis, allocated, c + 1))
-                        return -ENOMEM;
-
-                ifis[c++] = ifindex;
-        }
-
-        if (!GREEDY_REALLOC(ifis, allocated, c + 1))
-                return -ENOMEM;
-        ifis[c] = 0; /* Let's add a 0 ifindex to the end, to be nice*/
-
-        *ret = ifis;
-        ifis = NULL;
-
-        return c;
-}
-
-_public_ int sd_network_link_get_carrier_bound_to(int ifindex, int **ret) {
-        return network_link_get_ifindexes(ifindex, "CARRIER_BOUND_TO", ret);
-}
-
-_public_ int sd_network_link_get_carrier_bound_by(int ifindex, int **ret) {
-        return network_link_get_ifindexes(ifindex, "CARRIER_BOUND_BY", ret);
-}
-
-static inline int MONITOR_TO_FD(sd_network_monitor *m) {
-        return (int) (unsigned long) m - 1;
-}
-
-static inline sd_network_monitor* FD_TO_MONITOR(int fd) {
-        return (sd_network_monitor*) (unsigned long) (fd + 1);
-}
-
-static int monitor_add_inotify_watch(int fd) {
-        int k;
-
-        k = inotify_add_watch(fd, "/run/systemd/netif/links/", IN_MOVED_TO|IN_DELETE);
-        if (k >= 0)
-                return 0;
-        else if (errno != ENOENT)
-                return -errno;
-
-        k = inotify_add_watch(fd, "/run/systemd/netif/", IN_CREATE|IN_ISDIR);
-        if (k >= 0)
-                return 0;
-        else if (errno != ENOENT)
-                return -errno;
-
-        k = inotify_add_watch(fd, "/run/systemd/", IN_CREATE|IN_ISDIR);
-        if (k < 0)
-                return -errno;
-
-        return 0;
-}
-
-_public_ int sd_network_monitor_new(sd_network_monitor **m, const char *category) {
-        _cleanup_close_ int fd = -1;
-        int k;
-        bool good = false;
-
-        assert_return(m, -EINVAL);
-
-        fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        if (!category || streq(category, "links")) {
-                k = monitor_add_inotify_watch(fd);
-                if (k < 0)
-                        return k;
-
-                good = true;
-        }
-
-        if (!good)
-                return -EINVAL;
-
-        *m = FD_TO_MONITOR(fd);
-        fd = -1;
-
-        return 0;
-}
-
-_public_ sd_network_monitor* sd_network_monitor_unref(sd_network_monitor *m) {
-        int fd;
-
-        if (m) {
-                fd = MONITOR_TO_FD(m);
-                close_nointr(fd);
-        }
-
-        return NULL;
-}
-
-_public_ int sd_network_monitor_flush(sd_network_monitor *m) {
-        union inotify_event_buffer buffer;
-        struct inotify_event *e;
-        ssize_t l;
-        int fd, k;
-
-        assert_return(m, -EINVAL);
-
-        fd = MONITOR_TO_FD(m);
-
-        l = read(fd, &buffer, sizeof(buffer));
-        if (l < 0) {
-                if (errno == EAGAIN || errno == EINTR)
-                        return 0;
-
-                return -errno;
-        }
-
-        FOREACH_INOTIFY_EVENT(e, buffer, l) {
-                if (e->mask & IN_ISDIR) {
-                        k = monitor_add_inotify_watch(fd);
-                        if (k < 0)
-                                return k;
-
-                        k = inotify_rm_watch(fd, e->wd);
-                        if (k < 0)
-                                return -errno;
-                }
-        }
-
-        return 0;
-}
-
-_public_ int sd_network_monitor_get_fd(sd_network_monitor *m) {
-
-        assert_return(m, -EINVAL);
-
-        return MONITOR_TO_FD(m);
-}
-
-_public_ int sd_network_monitor_get_events(sd_network_monitor *m) {
-
-        assert_return(m, -EINVAL);
-
-        /* For now we will only return POLLIN here, since we don't
-         * need anything else ever for inotify.  However, let's have
-         * this API to keep our options open should we later on need
-         * it. */
-        return POLLIN;
-}
-
-_public_ int sd_network_monitor_get_timeout(sd_network_monitor *m, uint64_t *timeout_usec) {
-
-        assert_return(m, -EINVAL);
-        assert_return(timeout_usec, -EINVAL);
-
-        /* For now we will only return (uint64_t) -1, since we don't
-         * need any timeout. However, let's have this API to keep our
-         * options open should we later on need it. */
-        *timeout_usec = (uint64_t) -1;
-        return 0;
-}
diff --git a/src/libsystemd/sd-path/Makefile b/src/libsystemd/sd-path/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/libsystemd/sd-path/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c
deleted file mode 100644
index b7aec1f20a..0000000000
--- a/src/libsystemd/sd-path/sd-path.c
+++ /dev/null
@@ -1,638 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-path.h"
-
-#include "alloc-util.h"
-#include "architecture.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "missing.h"
-#include "path-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "user-util.h"
-#include "util.h"
-
-static int from_environment(const char *envname, const char *fallback, const char **ret) {
-        assert(ret);
-
-        if (envname) {
-                const char *e;
-
-                e = secure_getenv(envname);
-                if (e && path_is_absolute(e)) {
-                        *ret = e;
-                        return 0;
-                }
-        }
-
-        if (fallback) {
-                *ret = fallback;
-                return 0;
-        }
-
-        return -ENXIO;
-}
-
-static int from_home_dir(const char *envname, const char *suffix, char **buffer, const char **ret) {
-        _cleanup_free_ char *h = NULL;
-        char *cc = NULL;
-        int r;
-
-        assert(suffix);
-        assert(buffer);
-        assert(ret);
-
-        if (envname) {
-                const char *e = NULL;
-
-                e = secure_getenv(envname);
-                if (e && path_is_absolute(e)) {
-                        *ret = e;
-                        return 0;
-                }
-        }
-
-        r = get_home_dir(&h);
-        if (r < 0)
-                return r;
-
-        if (endswith(h, "/"))
-                cc = strappend(h, suffix);
-        else
-                cc = strjoin(h, "/", suffix, NULL);
-        if (!cc)
-                return -ENOMEM;
-
-        *buffer = cc;
-        *ret = cc;
-        return 0;
-}
-
-static int from_user_dir(const char *field, char **buffer, const char **ret) {
-        _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_free_ char *b = NULL;
-        _cleanup_free_ const char *fn = NULL;
-        const char *c = NULL;
-        char line[LINE_MAX];
-        size_t n;
-        int r;
-
-        assert(field);
-        assert(buffer);
-        assert(ret);
-
-        r = from_home_dir("XDG_CONFIG_HOME", ".config", &b, &c);
-        if (r < 0)
-                return r;
-
-        fn = strappend(c, "/user-dirs.dirs");
-        if (!fn)
-                return -ENOMEM;
-
-        f = fopen(fn, "re");
-        if (!f) {
-                if (errno == ENOENT)
-                        goto fallback;
-
-                return -errno;
-        }
-
-        /* This is an awful parse, but it follows closely what
-         * xdg-user-dirs does upstream */
-
-        n = strlen(field);
-        FOREACH_LINE(line, f, return -errno) {
-                char *l, *p, *e;
-
-                l = strstrip(line);
-
-                if (!strneq(l, field, n))
-                        continue;
-
-                p = l + n;
-                p += strspn(p, WHITESPACE);
-
-                if (*p != '=')
-                        continue;
-                p++;
-
-                p += strspn(p, WHITESPACE);
-
-                if (*p != '"')
-                        continue;
-                p++;
-
-                e = strrchr(p, '"');
-                if (!e)
-                        continue;
-                *e = 0;
-
-                /* Three syntaxes permitted: relative to $HOME, $HOME itself, and absolute path */
-                if (startswith(p, "$HOME/")) {
-                        _cleanup_free_ char *h = NULL;
-                        char *cc;
-
-                        r = get_home_dir(&h);
-                        if (r < 0)
-                                return r;
-
-                        cc = strappend(h, p+5);
-                        if (!cc)
-                                return -ENOMEM;
-
-                        *buffer = cc;
-                        *ret = cc;
-                        return 0;
-                } else if (streq(p, "$HOME")) {
-
-                        r = get_home_dir(buffer);
-                        if (r < 0)
-                                return r;
-
-                        *ret = *buffer;
-                        return 0;
-                } else if (path_is_absolute(p)) {
-                        char *copy;
-
-                        copy = strdup(p);
-                        if (!copy)
-                                return -ENOMEM;
-
-                        *buffer = copy;
-                        *ret = copy;
-                        return 0;
-                }
-        }
-
-fallback:
-        /* The desktop directory defaults to $HOME/Desktop, the others to $HOME */
-        if (streq(field, "XDG_DESKTOP_DIR")) {
-                _cleanup_free_ char *h = NULL;
-                char *cc;
-
-                r = get_home_dir(&h);
-                if (r < 0)
-                        return r;
-
-                cc = strappend(h, "/Desktop");
-                if (!cc)
-                        return -ENOMEM;
-
-                *buffer = cc;
-                *ret = cc;
-        } else {
-
-                r = get_home_dir(buffer);
-                if (r < 0)
-                        return r;
-
-                *ret = *buffer;
-        }
-
-        return 0;
-}
-
-static int get_path(uint64_t type, char **buffer, const char **ret) {
-        int r;
-
-        assert(buffer);
-        assert(ret);
-
-        switch (type) {
-
-        case SD_PATH_TEMPORARY:
-                return from_environment("TMPDIR", "/tmp", ret);
-
-        case SD_PATH_TEMPORARY_LARGE:
-                return from_environment("TMPDIR", "/var/tmp", ret);
-
-        case SD_PATH_SYSTEM_BINARIES:
-                *ret = "/usr/bin";
-                return 0;
-
-        case SD_PATH_SYSTEM_INCLUDE:
-                *ret = "/usr/include";
-                return 0;
-
-        case SD_PATH_SYSTEM_LIBRARY_PRIVATE:
-                *ret = "/usr/lib";
-                return 0;
-
-        case SD_PATH_SYSTEM_LIBRARY_ARCH:
-                *ret = LIBDIR;
-                return 0;
-
-        case SD_PATH_SYSTEM_SHARED:
-                *ret = "/usr/share";
-                return 0;
-
-        case SD_PATH_SYSTEM_CONFIGURATION_FACTORY:
-                *ret = "/usr/share/factory/etc";
-                return 0;
-
-        case SD_PATH_SYSTEM_STATE_FACTORY:
-                *ret = "/usr/share/factory/var";
-                return 0;
-
-        case SD_PATH_SYSTEM_CONFIGURATION:
-                *ret = "/etc";
-                return 0;
-
-        case SD_PATH_SYSTEM_RUNTIME:
-                *ret = "/run";
-                return 0;
-
-        case SD_PATH_SYSTEM_RUNTIME_LOGS:
-                *ret = "/run/log";
-                return 0;
-
-        case SD_PATH_SYSTEM_STATE_PRIVATE:
-                *ret = "/var/lib";
-                return 0;
-
-        case SD_PATH_SYSTEM_STATE_LOGS:
-                *ret = "/var/log";
-                return 0;
-
-        case SD_PATH_SYSTEM_STATE_CACHE:
-                *ret = "/var/cache";
-                return 0;
-
-        case SD_PATH_SYSTEM_STATE_SPOOL:
-                *ret = "/var/spool";
-                return 0;
-
-        case SD_PATH_USER_BINARIES:
-                return from_home_dir(NULL, ".local/bin", buffer, ret);
-
-        case SD_PATH_USER_LIBRARY_PRIVATE:
-                return from_home_dir(NULL, ".local/lib", buffer, ret);
-
-        case SD_PATH_USER_LIBRARY_ARCH:
-                return from_home_dir(NULL, ".local/lib/" LIB_ARCH_TUPLE, buffer, ret);
-
-        case SD_PATH_USER_SHARED:
-                return from_home_dir("XDG_DATA_HOME", ".local/share", buffer, ret);
-
-        case SD_PATH_USER_CONFIGURATION:
-                return from_home_dir("XDG_CONFIG_HOME", ".config", buffer, ret);
-
-        case SD_PATH_USER_RUNTIME:
-                return from_environment("XDG_RUNTIME_DIR", NULL, ret);
-
-        case SD_PATH_USER_STATE_CACHE:
-                return from_home_dir("XDG_CACHE_HOME", ".cache", buffer, ret);
-
-        case SD_PATH_USER:
-                r = get_home_dir(buffer);
-                if (r < 0)
-                        return r;
-
-                *ret = *buffer;
-                return 0;
-
-        case SD_PATH_USER_DOCUMENTS:
-                return from_user_dir("XDG_DOCUMENTS_DIR", buffer, ret);
-
-        case SD_PATH_USER_MUSIC:
-                return from_user_dir("XDG_MUSIC_DIR", buffer, ret);
-
-        case SD_PATH_USER_PICTURES:
-                return from_user_dir("XDG_PICTURES_DIR", buffer, ret);
-
-        case SD_PATH_USER_VIDEOS:
-                return from_user_dir("XDG_VIDEOS_DIR", buffer, ret);
-
-        case SD_PATH_USER_DOWNLOAD:
-                return from_user_dir("XDG_DOWNLOAD_DIR", buffer, ret);
-
-        case SD_PATH_USER_PUBLIC:
-                return from_user_dir("XDG_PUBLICSHARE_DIR", buffer, ret);
-
-        case SD_PATH_USER_TEMPLATES:
-                return from_user_dir("XDG_TEMPLATES_DIR", buffer, ret);
-
-        case SD_PATH_USER_DESKTOP:
-                return from_user_dir("XDG_DESKTOP_DIR", buffer, ret);
-        }
-
-        return -EOPNOTSUPP;
-}
-
-_public_ int sd_path_home(uint64_t type, const char *suffix, char **path) {
-        char *buffer = NULL, *cc;
-        const char *ret;
-        int r;
-
-        assert_return(path, -EINVAL);
-
-        if (IN_SET(type,
-                   SD_PATH_SEARCH_BINARIES,
-                   SD_PATH_SEARCH_LIBRARY_PRIVATE,
-                   SD_PATH_SEARCH_LIBRARY_ARCH,
-                   SD_PATH_SEARCH_SHARED,
-                   SD_PATH_SEARCH_CONFIGURATION_FACTORY,
-                   SD_PATH_SEARCH_STATE_FACTORY,
-                   SD_PATH_SEARCH_CONFIGURATION)) {
-
-                _cleanup_strv_free_ char **l = NULL;
-
-                r = sd_path_search(type, suffix, &l);
-                if (r < 0)
-                        return r;
-
-                buffer = strv_join(l, ":");
-                if (!buffer)
-                        return -ENOMEM;
-
-                *path = buffer;
-                return 0;
-        }
-
-        r = get_path(type, &buffer, &ret);
-        if (r < 0)
-                return r;
-
-        if (!suffix) {
-                if (!buffer) {
-                        buffer = strdup(ret);
-                        if (!buffer)
-                                return -ENOMEM;
-                }
-
-                *path = buffer;
-                return 0;
-        }
-
-        suffix += strspn(suffix, "/");
-
-        if (endswith(ret, "/"))
-                cc = strappend(ret, suffix);
-        else
-                cc = strjoin(ret, "/", suffix, NULL);
-
-        free(buffer);
-
-        if (!cc)
-                return -ENOMEM;
-
-        *path = cc;
-        return 0;
-}
-
-static int search_from_environment(
-                char ***list,
-                const char *env_home,
-                const char *home_suffix,
-                const char *env_search,
-                bool env_search_sufficient,
-                const char *first, ...) {
-
-        const char *e;
-        char *h = NULL;
-        char **l = NULL;
-        int r;
-
-        assert(list);
-
-        if (env_search) {
-                e = secure_getenv(env_search);
-                if (e) {
-                        l = strv_split(e, ":");
-                        if (!l)
-                                return -ENOMEM;
-
-                        if (env_search_sufficient) {
-                                *list = l;
-                                return 0;
-                        }
-                }
-        }
-
-        if (!l && first) {
-                va_list ap;
-
-                va_start(ap, first);
-                l = strv_new_ap(first, ap);
-                va_end(ap);
-
-                if (!l)
-                        return -ENOMEM;
-        }
-
-        if (env_home) {
-                e = secure_getenv(env_home);
-                if (e && path_is_absolute(e)) {
-                        h = strdup(e);
-                        if (!h) {
-                                strv_free(l);
-                                return -ENOMEM;
-                        }
-                }
-        }
-
-        if (!h && home_suffix) {
-                e = secure_getenv("HOME");
-                if (e && path_is_absolute(e)) {
-                        if (endswith(e, "/"))
-                                h = strappend(e, home_suffix);
-                        else
-                                h = strjoin(e, "/", home_suffix, NULL);
-
-                        if (!h) {
-                                strv_free(l);
-                                return -ENOMEM;
-                        }
-                }
-        }
-
-        if (h) {
-                r = strv_consume_prepend(&l, h);
-                if (r < 0) {
-                        strv_free(l);
-                        return -ENOMEM;
-                }
-        }
-
-        *list = l;
-        return 0;
-}
-
-static int get_search(uint64_t type, char ***list) {
-
-        assert(list);
-
-        switch(type) {
-
-        case SD_PATH_SEARCH_BINARIES:
-                return search_from_environment(list,
-                                               NULL,
-                                               ".local/bin",
-                                               "PATH",
-                                               true,
-                                               "/usr/local/sbin",
-                                               "/usr/local/bin",
-                                               "/usr/sbin",
-                                               "/usr/bin",
-#ifdef HAVE_SPLIT_USR
-                                               "/sbin",
-                                               "/bin",
-#endif
-                                               NULL);
-
-        case SD_PATH_SEARCH_LIBRARY_PRIVATE:
-                return search_from_environment(list,
-                                               NULL,
-                                               ".local/lib",
-                                               NULL,
-                                               false,
-                                               "/usr/local/lib",
-                                               "/usr/lib",
-#ifdef HAVE_SPLIT_USR
-                                               "/lib",
-#endif
-                                               NULL);
-
-        case SD_PATH_SEARCH_LIBRARY_ARCH:
-                return search_from_environment(list,
-                                               NULL,
-                                               ".local/lib/" LIB_ARCH_TUPLE,
-                                               "LD_LIBRARY_PATH",
-                                               true,
-                                               LIBDIR,
-#ifdef HAVE_SPLIT_USR
-                                               ROOTLIBDIR,
-#endif
-                                               NULL);
-
-        case SD_PATH_SEARCH_SHARED:
-                return search_from_environment(list,
-                                               "XDG_DATA_HOME",
-                                               ".local/share",
-                                               "XDG_DATA_DIRS",
-                                               false,
-                                               "/usr/local/share",
-                                               "/usr/share",
-                                               NULL);
-
-        case SD_PATH_SEARCH_CONFIGURATION_FACTORY:
-                return search_from_environment(list,
-                                               NULL,
-                                               NULL,
-                                               NULL,
-                                               false,
-                                               "/usr/local/share/factory/etc",
-                                               "/usr/share/factory/etc",
-                                               NULL);
-
-        case SD_PATH_SEARCH_STATE_FACTORY:
-                return search_from_environment(list,
-                                               NULL,
-                                               NULL,
-                                               NULL,
-                                               false,
-                                               "/usr/local/share/factory/var",
-                                               "/usr/share/factory/var",
-                                               NULL);
-
-        case SD_PATH_SEARCH_CONFIGURATION:
-                return search_from_environment(list,
-                                               "XDG_CONFIG_HOME",
-                                               ".config",
-                                               "XDG_CONFIG_DIRS",
-                                               false,
-                                               "/etc",
-                                               NULL);
-        }
-
-        return -EOPNOTSUPP;
-}
-
-_public_ int sd_path_search(uint64_t type, const char *suffix, char ***paths) {
-        char **l, **i, **j, **n;
-        int r;
-
-        assert_return(paths, -EINVAL);
-
-        if (!IN_SET(type,
-                    SD_PATH_SEARCH_BINARIES,
-                    SD_PATH_SEARCH_LIBRARY_PRIVATE,
-                    SD_PATH_SEARCH_LIBRARY_ARCH,
-                    SD_PATH_SEARCH_SHARED,
-                    SD_PATH_SEARCH_CONFIGURATION_FACTORY,
-                    SD_PATH_SEARCH_STATE_FACTORY,
-                    SD_PATH_SEARCH_CONFIGURATION)) {
-
-                char *p;
-
-                r = sd_path_home(type, suffix, &p);
-                if (r < 0)
-                        return r;
-
-                l = new(char*, 2);
-                if (!l) {
-                        free(p);
-                        return -ENOMEM;
-                }
-
-                l[0] = p;
-                l[1] = NULL;
-
-                *paths = l;
-                return 0;
-        }
-
-        r = get_search(type, &l);
-        if (r < 0)
-                return r;
-
-        if (!suffix) {
-                *paths = l;
-                return 0;
-        }
-
-        n = new(char*, strv_length(l)+1);
-        if (!n) {
-                strv_free(l);
-                return -ENOMEM;
-        }
-
-        j = n;
-        STRV_FOREACH(i, l) {
-
-                if (endswith(*i, "/"))
-                        *j = strappend(*i, suffix);
-                else
-                        *j = strjoin(*i, "/", suffix, NULL);
-
-                if (!*j) {
-                        strv_free(l);
-                        strv_free(n);
-                        return -ENOMEM;
-                }
-
-                j++;
-        }
-
-        *j = NULL;
-        *paths = n;
-        return 0;
-}
diff --git a/src/libsystemd/sd-resolve/Makefile b/src/libsystemd/sd-resolve/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/libsystemd/sd-resolve/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-resolve/sd-resolve.c b/src/libsystemd/sd-resolve/sd-resolve.c
deleted file mode 100644
index d8303e2e69..0000000000
--- a/src/libsystemd/sd-resolve/sd-resolve.c
+++ /dev/null
@@ -1,1245 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2005-2008 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <poll.h>
-#include <pthread.h>
-#include <resolv.h>
-#include <signal.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/prctl.h>
-#include <unistd.h>
-
-#include "sd-resolve.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "io-util.h"
-#include "list.h"
-#include "missing.h"
-#include "socket-util.h"
-#include "util.h"
-
-#define WORKERS_MIN 1U
-#define WORKERS_MAX 16U
-#define QUERIES_MAX 256U
-#define BUFSIZE 10240U
-
-typedef enum {
-        REQUEST_ADDRINFO,
-        RESPONSE_ADDRINFO,
-        REQUEST_NAMEINFO,
-        RESPONSE_NAMEINFO,
-        REQUEST_TERMINATE,
-        RESPONSE_DIED
-} QueryType;
-
-enum {
-        REQUEST_RECV_FD,
-        REQUEST_SEND_FD,
-        RESPONSE_RECV_FD,
-        RESPONSE_SEND_FD,
-        _FD_MAX
-};
-
-struct sd_resolve {
-        unsigned n_ref;
-
-        bool dead:1;
-        pid_t original_pid;
-
-        int fds[_FD_MAX];
-
-        pthread_t workers[WORKERS_MAX];
-        unsigned n_valid_workers;
-
-        unsigned current_id;
-        sd_resolve_query* query_array[QUERIES_MAX];
-        unsigned n_queries, n_done, n_outstanding;
-
-        sd_event_source *event_source;
-        sd_event *event;
-
-        sd_resolve_query *current;
-
-        sd_resolve **default_resolve_ptr;
-        pid_t tid;
-
-        LIST_HEAD(sd_resolve_query, queries);
-};
-
-struct sd_resolve_query {
-        unsigned n_ref;
-
-        sd_resolve *resolve;
-
-        QueryType type:4;
-        bool done:1;
-        bool floating:1;
-        unsigned id;
-
-        int ret;
-        int _errno;
-        int _h_errno;
-        struct addrinfo *addrinfo;
-        char *serv, *host;
-
-        union {
-                sd_resolve_getaddrinfo_handler_t getaddrinfo_handler;
-                sd_resolve_getnameinfo_handler_t getnameinfo_handler;
-        };
-
-        void *userdata;
-
-        LIST_FIELDS(sd_resolve_query, queries);
-};
-
-typedef struct RHeader {
-        QueryType type;
-        unsigned id;
-        size_t length;
-} RHeader;
-
-typedef struct AddrInfoRequest {
-        struct RHeader header;
-        bool hints_valid;
-        int ai_flags;
-        int ai_family;
-        int ai_socktype;
-        int ai_protocol;
-        size_t node_len, service_len;
-} AddrInfoRequest;
-
-typedef struct AddrInfoResponse {
-        struct RHeader header;
-        int ret;
-        int _errno;
-        int _h_errno;
-        /* followed by addrinfo_serialization[] */
-} AddrInfoResponse;
-
-typedef struct AddrInfoSerialization {
-        int ai_flags;
-        int ai_family;
-        int ai_socktype;
-        int ai_protocol;
-        size_t ai_addrlen;
-        size_t canonname_len;
-        /* Followed by ai_addr amd ai_canonname with variable lengths */
-} AddrInfoSerialization;
-
-typedef struct NameInfoRequest {
-        struct RHeader header;
-        int flags;
-        socklen_t sockaddr_len;
-        bool gethost:1, getserv:1;
-} NameInfoRequest;
-
-typedef struct NameInfoResponse {
-        struct RHeader header;
-        size_t hostlen, servlen;
-        int ret;
-        int _errno;
-        int _h_errno;
-} NameInfoResponse;
-
-typedef union Packet {
-        RHeader rheader;
-        AddrInfoRequest addrinfo_request;
-        AddrInfoResponse addrinfo_response;
-        NameInfoRequest nameinfo_request;
-        NameInfoResponse nameinfo_response;
-} Packet;
-
-static int getaddrinfo_done(sd_resolve_query* q);
-static int getnameinfo_done(sd_resolve_query *q);
-
-static void resolve_query_disconnect(sd_resolve_query *q);
-
-#define RESOLVE_DONT_DESTROY(resolve) \
-        _cleanup_(sd_resolve_unrefp) _unused_ sd_resolve *_dont_destroy_##resolve = sd_resolve_ref(resolve)
-
-static int send_died(int out_fd) {
-
-        RHeader rh = {
-                .type = RESPONSE_DIED,
-                .length = sizeof(RHeader),
-        };
-
-        assert(out_fd >= 0);
-
-        if (send(out_fd, &rh, rh.length, MSG_NOSIGNAL) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static void *serialize_addrinfo(void *p, const struct addrinfo *ai, size_t *length, size_t maxlength) {
-        AddrInfoSerialization s;
-        size_t cnl, l;
-
-        assert(p);
-        assert(ai);
-        assert(length);
-        assert(*length <= maxlength);
-
-        cnl = ai->ai_canonname ? strlen(ai->ai_canonname)+1 : 0;
-        l = sizeof(AddrInfoSerialization) + ai->ai_addrlen + cnl;
-
-        if (*length + l > maxlength)
-                return NULL;
-
-        s.ai_flags = ai->ai_flags;
-        s.ai_family = ai->ai_family;
-        s.ai_socktype = ai->ai_socktype;
-        s.ai_protocol = ai->ai_protocol;
-        s.ai_addrlen = ai->ai_addrlen;
-        s.canonname_len = cnl;
-
-        memcpy((uint8_t*) p, &s, sizeof(AddrInfoSerialization));
-        memcpy((uint8_t*) p + sizeof(AddrInfoSerialization), ai->ai_addr, ai->ai_addrlen);
-        memcpy_safe((char*) p + sizeof(AddrInfoSerialization) + ai->ai_addrlen,
-                    ai->ai_canonname, cnl);
-
-        *length += l;
-        return (uint8_t*) p + l;
-}
-
-static int send_addrinfo_reply(
-                int out_fd,
-                unsigned id,
-                int ret,
-                struct addrinfo *ai,
-                int _errno,
-                int _h_errno) {
-
-        AddrInfoResponse resp = {
-                .header.type = RESPONSE_ADDRINFO,
-                .header.id = id,
-                .header.length = sizeof(AddrInfoResponse),
-                .ret = ret,
-                ._errno = _errno,
-                ._h_errno = _h_errno,
-        };
-
-        struct msghdr mh = {};
-        struct iovec iov[2];
-        union {
-                AddrInfoSerialization ais;
-                uint8_t space[BUFSIZE];
-        } buffer;
-
-        assert(out_fd >= 0);
-
-        if (ret == 0 && ai) {
-                void *p = &buffer;
-                struct addrinfo *k;
-
-                for (k = ai; k; k = k->ai_next) {
-                        p = serialize_addrinfo(p, k, &resp.header.length, (uint8_t*) &buffer + BUFSIZE - (uint8_t*) p);
-                        if (!p) {
-                                freeaddrinfo(ai);
-                                return -ENOBUFS;
-                        }
-                }
-        }
-
-        if (ai)
-                freeaddrinfo(ai);
-
-        iov[0] = (struct iovec) { .iov_base = &resp, .iov_len = sizeof(AddrInfoResponse) };
-        iov[1] = (struct iovec) { .iov_base = &buffer, .iov_len = resp.header.length - sizeof(AddrInfoResponse) };
-
-        mh.msg_iov = iov;
-        mh.msg_iovlen = ELEMENTSOF(iov);
-
-        if (sendmsg(out_fd, &mh, MSG_NOSIGNAL) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int send_nameinfo_reply(
-                int out_fd,
-                unsigned id,
-                int ret,
-                const char *host,
-                const char *serv,
-                int _errno,
-                int _h_errno) {
-
-        NameInfoResponse resp = {
-                .header.type = RESPONSE_NAMEINFO,
-                .header.id = id,
-                .ret = ret,
-                ._errno = _errno,
-                ._h_errno = _h_errno,
-        };
-
-        struct msghdr mh = {};
-        struct iovec iov[3];
-        size_t hl, sl;
-
-        assert(out_fd >= 0);
-
-        sl = serv ? strlen(serv)+1 : 0;
-        hl = host ? strlen(host)+1 : 0;
-
-        resp.header.length = sizeof(NameInfoResponse) + hl + sl;
-        resp.hostlen = hl;
-        resp.servlen = sl;
-
-        iov[0] = (struct iovec) { .iov_base = &resp, .iov_len = sizeof(NameInfoResponse) };
-        iov[1] = (struct iovec) { .iov_base = (void*) host, .iov_len = hl };
-        iov[2] = (struct iovec) { .iov_base = (void*) serv, .iov_len = sl };
-
-        mh.msg_iov = iov;
-        mh.msg_iovlen = ELEMENTSOF(iov);
-
-        if (sendmsg(out_fd, &mh, MSG_NOSIGNAL) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int handle_request(int out_fd, const Packet *packet, size_t length) {
-        const RHeader *req;
-
-        assert(out_fd >= 0);
-        assert(packet);
-
-        req = &packet->rheader;
-
-        assert(length >= sizeof(RHeader));
-        assert(length == req->length);
-
-        switch (req->type) {
-
-        case REQUEST_ADDRINFO: {
-               const AddrInfoRequest *ai_req = &packet->addrinfo_request;
-               struct addrinfo hints = {}, *result = NULL;
-               const char *node, *service;
-               int ret;
-
-               assert(length >= sizeof(AddrInfoRequest));
-               assert(length == sizeof(AddrInfoRequest) + ai_req->node_len + ai_req->service_len);
-
-               hints.ai_flags = ai_req->ai_flags;
-               hints.ai_family = ai_req->ai_family;
-               hints.ai_socktype = ai_req->ai_socktype;
-               hints.ai_protocol = ai_req->ai_protocol;
-
-               node = ai_req->node_len ? (const char*) ai_req + sizeof(AddrInfoRequest) : NULL;
-               service = ai_req->service_len ? (const char*) ai_req + sizeof(AddrInfoRequest) + ai_req->node_len : NULL;
-
-               ret = getaddrinfo(
-                               node, service,
-                               ai_req->hints_valid ? &hints : NULL,
-                               &result);
-
-               /* send_addrinfo_reply() frees result */
-               return send_addrinfo_reply(out_fd, req->id, ret, result, errno, h_errno);
-        }
-
-        case REQUEST_NAMEINFO: {
-               const NameInfoRequest *ni_req = &packet->nameinfo_request;
-               char hostbuf[NI_MAXHOST], servbuf[NI_MAXSERV];
-               union sockaddr_union sa;
-               int ret;
-
-               assert(length >= sizeof(NameInfoRequest));
-               assert(length == sizeof(NameInfoRequest) + ni_req->sockaddr_len);
-               assert(sizeof(sa) >= ni_req->sockaddr_len);
-
-               memcpy(&sa, (const uint8_t *) ni_req + sizeof(NameInfoRequest), ni_req->sockaddr_len);
-
-               ret = getnameinfo(&sa.sa, ni_req->sockaddr_len,
-                               ni_req->gethost ? hostbuf : NULL, ni_req->gethost ? sizeof(hostbuf) : 0,
-                               ni_req->getserv ? servbuf : NULL, ni_req->getserv ? sizeof(servbuf) : 0,
-                               ni_req->flags);
-
-               return send_nameinfo_reply(out_fd, req->id, ret,
-                               ret == 0 && ni_req->gethost ? hostbuf : NULL,
-                               ret == 0 && ni_req->getserv ? servbuf : NULL,
-                               errno, h_errno);
-        }
-
-        case REQUEST_TERMINATE:
-                 /* Quit */
-                 return -ECONNRESET;
-
-        default:
-                assert_not_reached("Unknown request");
-        }
-
-        return 0;
-}
-
-static void* thread_worker(void *p) {
-        sd_resolve *resolve = p;
-        sigset_t fullset;
-
-        /* No signals in this thread please */
-        assert_se(sigfillset(&fullset) == 0);
-        assert_se(pthread_sigmask(SIG_BLOCK, &fullset, NULL) == 0);
-
-        /* Assign a pretty name to this thread */
-        (void) prctl(PR_SET_NAME, (unsigned long) "sd-resolve");
-
-        while (!resolve->dead) {
-                union {
-                        Packet packet;
-                        uint8_t space[BUFSIZE];
-                } buf;
-                ssize_t length;
-
-                length = recv(resolve->fds[REQUEST_RECV_FD], &buf, sizeof(buf), 0);
-                if (length < 0) {
-                        if (errno == EINTR)
-                                continue;
-
-                        break;
-                }
-                if (length == 0)
-                        break;
-
-                if (resolve->dead)
-                        break;
-
-                if (handle_request(resolve->fds[RESPONSE_SEND_FD], &buf.packet, (size_t) length) < 0)
-                        break;
-        }
-
-        send_died(resolve->fds[RESPONSE_SEND_FD]);
-
-        return NULL;
-}
-
-static int start_threads(sd_resolve *resolve, unsigned extra) {
-        unsigned n;
-        int r;
-
-        n = resolve->n_outstanding + extra;
-        n = CLAMP(n, WORKERS_MIN, WORKERS_MAX);
-
-        while (resolve->n_valid_workers < n) {
-
-                r = pthread_create(&resolve->workers[resolve->n_valid_workers], NULL, thread_worker, resolve);
-                if (r != 0)
-                        return -r;
-
-                resolve->n_valid_workers++;
-        }
-
-        return 0;
-}
-
-static bool resolve_pid_changed(sd_resolve *r) {
-        assert(r);
-
-        /* We don't support people creating a resolver and keeping it
-         * around after fork(). Let's complain. */
-
-        return r->original_pid != getpid();
-}
-
-_public_ int sd_resolve_new(sd_resolve **ret) {
-        sd_resolve *resolve = NULL;
-        int i, r;
-
-        assert_return(ret, -EINVAL);
-
-        resolve = new0(sd_resolve, 1);
-        if (!resolve)
-                return -ENOMEM;
-
-        resolve->n_ref = 1;
-        resolve->original_pid = getpid();
-
-        for (i = 0; i < _FD_MAX; i++)
-                resolve->fds[i] = -1;
-
-        r = socketpair(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + REQUEST_RECV_FD);
-        if (r < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        r = socketpair(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, resolve->fds + RESPONSE_RECV_FD);
-        if (r < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        fd_inc_sndbuf(resolve->fds[REQUEST_SEND_FD], QUERIES_MAX * BUFSIZE);
-        fd_inc_rcvbuf(resolve->fds[REQUEST_RECV_FD], QUERIES_MAX * BUFSIZE);
-        fd_inc_sndbuf(resolve->fds[RESPONSE_SEND_FD], QUERIES_MAX * BUFSIZE);
-        fd_inc_rcvbuf(resolve->fds[RESPONSE_RECV_FD], QUERIES_MAX * BUFSIZE);
-
-        fd_nonblock(resolve->fds[RESPONSE_RECV_FD], true);
-
-        *ret = resolve;
-        return 0;
-
-fail:
-        sd_resolve_unref(resolve);
-        return r;
-}
-
-_public_ int sd_resolve_default(sd_resolve **ret) {
-
-        static thread_local sd_resolve *default_resolve = NULL;
-        sd_resolve *e = NULL;
-        int r;
-
-        if (!ret)
-                return !!default_resolve;
-
-        if (default_resolve) {
-                *ret = sd_resolve_ref(default_resolve);
-                return 0;
-        }
-
-        r = sd_resolve_new(&e);
-        if (r < 0)
-                return r;
-
-        e->default_resolve_ptr = &default_resolve;
-        e->tid = gettid();
-        default_resolve = e;
-
-        *ret = e;
-        return 1;
-}
-
-_public_ int sd_resolve_get_tid(sd_resolve *resolve, pid_t *tid) {
-        assert_return(resolve, -EINVAL);
-        assert_return(tid, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        if (resolve->tid != 0) {
-                *tid = resolve->tid;
-                return 0;
-        }
-
-        if (resolve->event)
-                return sd_event_get_tid(resolve->event, tid);
-
-        return -ENXIO;
-}
-
-static void resolve_free(sd_resolve *resolve) {
-        PROTECT_ERRNO;
-        sd_resolve_query *q;
-        unsigned i;
-
-        assert(resolve);
-
-        while ((q = resolve->queries)) {
-                assert(q->floating);
-                resolve_query_disconnect(q);
-                sd_resolve_query_unref(q);
-        }
-
-        if (resolve->default_resolve_ptr)
-                *(resolve->default_resolve_ptr) = NULL;
-
-        resolve->dead = true;
-
-        sd_resolve_detach_event(resolve);
-
-        if (resolve->fds[REQUEST_SEND_FD] >= 0) {
-
-                RHeader req = {
-                        .type = REQUEST_TERMINATE,
-                        .length = sizeof(req)
-                };
-
-                /* Send one termination packet for each worker */
-                for (i = 0; i < resolve->n_valid_workers; i++)
-                        (void) send(resolve->fds[REQUEST_SEND_FD], &req, req.length, MSG_NOSIGNAL);
-        }
-
-        /* Now terminate them and wait until they are gone.
-           If we get an error than most likely the thread already exited. */
-        for (i = 0; i < resolve->n_valid_workers; i++)
-                (void) pthread_join(resolve->workers[i], NULL);
-
-        /* Close all communication channels */
-        for (i = 0; i < _FD_MAX; i++)
-                safe_close(resolve->fds[i]);
-
-        free(resolve);
-}
-
-_public_ sd_resolve* sd_resolve_ref(sd_resolve *resolve) {
-        assert_return(resolve, NULL);
-
-        assert(resolve->n_ref >= 1);
-        resolve->n_ref++;
-
-        return resolve;
-}
-
-_public_ sd_resolve* sd_resolve_unref(sd_resolve *resolve) {
-
-        if (!resolve)
-                return NULL;
-
-        assert(resolve->n_ref >= 1);
-        resolve->n_ref--;
-
-        if (resolve->n_ref <= 0)
-                resolve_free(resolve);
-
-        return NULL;
-}
-
-_public_ int sd_resolve_get_fd(sd_resolve *resolve) {
-        assert_return(resolve, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        return resolve->fds[RESPONSE_RECV_FD];
-}
-
-_public_ int sd_resolve_get_events(sd_resolve *resolve) {
-        assert_return(resolve, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        return resolve->n_queries > resolve->n_done ? POLLIN : 0;
-}
-
-_public_ int sd_resolve_get_timeout(sd_resolve *resolve, uint64_t *usec) {
-        assert_return(resolve, -EINVAL);
-        assert_return(usec, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        *usec = (uint64_t) -1;
-        return 0;
-}
-
-static sd_resolve_query *lookup_query(sd_resolve *resolve, unsigned id) {
-        sd_resolve_query *q;
-
-        assert(resolve);
-
-        q = resolve->query_array[id % QUERIES_MAX];
-        if (q)
-                if (q->id == id)
-                        return q;
-
-        return NULL;
-}
-
-static int complete_query(sd_resolve *resolve, sd_resolve_query *q) {
-        int r;
-
-        assert(q);
-        assert(!q->done);
-        assert(q->resolve == resolve);
-
-        q->done = true;
-        resolve->n_done++;
-
-        resolve->current = sd_resolve_query_ref(q);
-
-        switch (q->type) {
-
-        case REQUEST_ADDRINFO:
-                r = getaddrinfo_done(q);
-                break;
-
-        case REQUEST_NAMEINFO:
-                r = getnameinfo_done(q);
-                break;
-
-        default:
-                assert_not_reached("Cannot complete unknown query type");
-        }
-
-        resolve->current = NULL;
-
-        if (q->floating) {
-                resolve_query_disconnect(q);
-                sd_resolve_query_unref(q);
-        }
-
-        sd_resolve_query_unref(q);
-
-        return r;
-}
-
-static int unserialize_addrinfo(const void **p, size_t *length, struct addrinfo **ret_ai) {
-        AddrInfoSerialization s;
-        size_t l;
-        struct addrinfo *ai;
-
-        assert(p);
-        assert(*p);
-        assert(ret_ai);
-        assert(length);
-
-        if (*length < sizeof(AddrInfoSerialization))
-                return -EBADMSG;
-
-        memcpy(&s, *p, sizeof(s));
-
-        l = sizeof(AddrInfoSerialization) + s.ai_addrlen + s.canonname_len;
-        if (*length < l)
-                return -EBADMSG;
-
-        ai = new0(struct addrinfo, 1);
-        if (!ai)
-                return -ENOMEM;
-
-        ai->ai_flags = s.ai_flags;
-        ai->ai_family = s.ai_family;
-        ai->ai_socktype = s.ai_socktype;
-        ai->ai_protocol = s.ai_protocol;
-        ai->ai_addrlen = s.ai_addrlen;
-
-        if (s.ai_addrlen > 0) {
-                ai->ai_addr = memdup((const uint8_t*) *p + sizeof(AddrInfoSerialization), s.ai_addrlen);
-                if (!ai->ai_addr) {
-                        free(ai);
-                        return -ENOMEM;
-                }
-        }
-
-        if (s.canonname_len > 0) {
-                ai->ai_canonname = memdup((const uint8_t*) *p + sizeof(AddrInfoSerialization) + s.ai_addrlen, s.canonname_len);
-                if (!ai->ai_canonname) {
-                        free(ai->ai_addr);
-                        free(ai);
-                        return -ENOMEM;
-                }
-        }
-
-        *length -= l;
-        *ret_ai = ai;
-        *p = ((const uint8_t*) *p) + l;
-
-        return 0;
-}
-
-static int handle_response(sd_resolve *resolve, const Packet *packet, size_t length) {
-        const RHeader *resp;
-        sd_resolve_query *q;
-        int r;
-
-        assert(resolve);
-
-        resp = &packet->rheader;
-        assert(resp);
-        assert(length >= sizeof(RHeader));
-        assert(length == resp->length);
-
-        if (resp->type == RESPONSE_DIED) {
-                resolve->dead = true;
-                return 0;
-        }
-
-        assert(resolve->n_outstanding > 0);
-        resolve->n_outstanding--;
-
-        q = lookup_query(resolve, resp->id);
-        if (!q)
-                return 0;
-
-        switch (resp->type) {
-
-        case RESPONSE_ADDRINFO: {
-                const AddrInfoResponse *ai_resp = &packet->addrinfo_response;
-                const void *p;
-                size_t l;
-                struct addrinfo *prev = NULL;
-
-                assert(length >= sizeof(AddrInfoResponse));
-                assert(q->type == REQUEST_ADDRINFO);
-
-                q->ret = ai_resp->ret;
-                q->_errno = ai_resp->_errno;
-                q->_h_errno = ai_resp->_h_errno;
-
-                l = length - sizeof(AddrInfoResponse);
-                p = (const uint8_t*) resp + sizeof(AddrInfoResponse);
-
-                while (l > 0 && p) {
-                        struct addrinfo *ai = NULL;
-
-                        r = unserialize_addrinfo(&p, &l, &ai);
-                        if (r < 0) {
-                                q->ret = EAI_SYSTEM;
-                                q->_errno = -r;
-                                q->_h_errno = 0;
-                                freeaddrinfo(q->addrinfo);
-                                q->addrinfo = NULL;
-                                break;
-                        }
-
-                        if (prev)
-                                prev->ai_next = ai;
-                        else
-                                q->addrinfo = ai;
-
-                        prev = ai;
-                }
-
-                return complete_query(resolve, q);
-        }
-
-        case RESPONSE_NAMEINFO: {
-                const NameInfoResponse *ni_resp = &packet->nameinfo_response;
-
-                assert(length >= sizeof(NameInfoResponse));
-                assert(q->type == REQUEST_NAMEINFO);
-
-                q->ret = ni_resp->ret;
-                q->_errno = ni_resp->_errno;
-                q->_h_errno = ni_resp->_h_errno;
-
-                if (ni_resp->hostlen > 0) {
-                        q->host = strndup((const char*) ni_resp + sizeof(NameInfoResponse), ni_resp->hostlen-1);
-                        if (!q->host) {
-                                q->ret = EAI_MEMORY;
-                                q->_errno = ENOMEM;
-                                q->_h_errno = 0;
-                        }
-                }
-
-                if (ni_resp->servlen > 0) {
-                        q->serv = strndup((const char*) ni_resp + sizeof(NameInfoResponse) + ni_resp->hostlen, ni_resp->servlen-1);
-                        if (!q->serv) {
-                                q->ret = EAI_MEMORY;
-                                q->_errno = ENOMEM;
-                                q->_h_errno = 0;
-                        }
-                }
-
-                return complete_query(resolve, q);
-        }
-
-        default:
-                return 0;
-        }
-}
-
-_public_ int sd_resolve_process(sd_resolve *resolve) {
-        RESOLVE_DONT_DESTROY(resolve);
-
-        union {
-                Packet packet;
-                uint8_t space[BUFSIZE];
-        } buf;
-        ssize_t l;
-        int r;
-
-        assert_return(resolve, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        /* We don't allow recursively invoking sd_resolve_process(). */
-        assert_return(!resolve->current, -EBUSY);
-
-        l = recv(resolve->fds[RESPONSE_RECV_FD], &buf, sizeof(buf), 0);
-        if (l < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                return -errno;
-        }
-        if (l == 0)
-                return -ECONNREFUSED;
-
-        r = handle_response(resolve, &buf.packet, (size_t) l);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-_public_ int sd_resolve_wait(sd_resolve *resolve, uint64_t timeout_usec) {
-        int r;
-
-        assert_return(resolve, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        if (resolve->n_done >= resolve->n_queries)
-                return 0;
-
-        do {
-                r = fd_wait_for_event(resolve->fds[RESPONSE_RECV_FD], POLLIN, timeout_usec);
-        } while (r == -EINTR);
-
-        if (r < 0)
-                return r;
-
-        return sd_resolve_process(resolve);
-}
-
-static int alloc_query(sd_resolve *resolve, bool floating, sd_resolve_query **_q) {
-        sd_resolve_query *q;
-        int r;
-
-        assert(resolve);
-        assert(_q);
-
-        if (resolve->n_queries >= QUERIES_MAX)
-                return -ENOBUFS;
-
-        r = start_threads(resolve, 1);
-        if (r < 0)
-                return r;
-
-        while (resolve->query_array[resolve->current_id % QUERIES_MAX])
-                resolve->current_id++;
-
-        q = resolve->query_array[resolve->current_id % QUERIES_MAX] = new0(sd_resolve_query, 1);
-        if (!q)
-                return -ENOMEM;
-
-        q->n_ref = 1;
-        q->resolve = resolve;
-        q->floating = floating;
-        q->id = resolve->current_id++;
-
-        if (!floating)
-                sd_resolve_ref(resolve);
-
-        LIST_PREPEND(queries, resolve->queries, q);
-        resolve->n_queries++;
-
-        *_q = q;
-        return 0;
-}
-
-_public_ int sd_resolve_getaddrinfo(
-                sd_resolve *resolve,
-                sd_resolve_query **_q,
-                const char *node, const char *service,
-                const struct addrinfo *hints,
-                sd_resolve_getaddrinfo_handler_t callback, void *userdata) {
-
-        AddrInfoRequest req = {};
-        struct msghdr mh = {};
-        struct iovec iov[3];
-        sd_resolve_query *q;
-        int r;
-
-        assert_return(resolve, -EINVAL);
-        assert_return(node || service, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        r = alloc_query(resolve, !_q, &q);
-        if (r < 0)
-                return r;
-
-        q->type = REQUEST_ADDRINFO;
-        q->getaddrinfo_handler = callback;
-        q->userdata = userdata;
-
-        req.node_len = node ? strlen(node)+1 : 0;
-        req.service_len = service ? strlen(service)+1 : 0;
-
-        req.header.id = q->id;
-        req.header.type = REQUEST_ADDRINFO;
-        req.header.length = sizeof(AddrInfoRequest) + req.node_len + req.service_len;
-
-        if (hints) {
-                req.hints_valid = true;
-                req.ai_flags = hints->ai_flags;
-                req.ai_family = hints->ai_family;
-                req.ai_socktype = hints->ai_socktype;
-                req.ai_protocol = hints->ai_protocol;
-        }
-
-        iov[mh.msg_iovlen++] = (struct iovec) { .iov_base = &req, .iov_len = sizeof(AddrInfoRequest) };
-        if (node)
-                iov[mh.msg_iovlen++] = (struct iovec) { .iov_base = (void*) node, .iov_len = req.node_len };
-        if (service)
-                iov[mh.msg_iovlen++] = (struct iovec) { .iov_base = (void*) service, .iov_len = req.service_len };
-        mh.msg_iov = iov;
-
-        if (sendmsg(resolve->fds[REQUEST_SEND_FD], &mh, MSG_NOSIGNAL) < 0) {
-                sd_resolve_query_unref(q);
-                return -errno;
-        }
-
-        resolve->n_outstanding++;
-
-        if (_q)
-                *_q = q;
-
-        return 0;
-}
-
-static int getaddrinfo_done(sd_resolve_query* q) {
-        assert(q);
-        assert(q->done);
-        assert(q->getaddrinfo_handler);
-
-        errno = q->_errno;
-        h_errno = q->_h_errno;
-
-        return q->getaddrinfo_handler(q, q->ret, q->addrinfo, q->userdata);
-}
-
-_public_ int sd_resolve_getnameinfo(
-                sd_resolve *resolve,
-                sd_resolve_query**_q,
-                const struct sockaddr *sa, socklen_t salen,
-                int flags,
-                uint64_t get,
-                sd_resolve_getnameinfo_handler_t callback,
-                void *userdata) {
-
-        NameInfoRequest req = {};
-        struct msghdr mh = {};
-        struct iovec iov[2];
-        sd_resolve_query *q;
-        int r;
-
-        assert_return(resolve, -EINVAL);
-        assert_return(sa, -EINVAL);
-        assert_return(salen >= sizeof(struct sockaddr), -EINVAL);
-        assert_return(salen <= sizeof(union sockaddr_union), -EINVAL);
-        assert_return((get & ~SD_RESOLVE_GET_BOTH) == 0, -EINVAL);
-        assert_return(callback, -EINVAL);
-        assert_return(!resolve_pid_changed(resolve), -ECHILD);
-
-        r = alloc_query(resolve, !_q, &q);
-        if (r < 0)
-                return r;
-
-        q->type = REQUEST_NAMEINFO;
-        q->getnameinfo_handler = callback;
-        q->userdata = userdata;
-
-        req.header.id = q->id;
-        req.header.type = REQUEST_NAMEINFO;
-        req.header.length = sizeof(NameInfoRequest) + salen;
-
-        req.flags = flags;
-        req.sockaddr_len = salen;
-        req.gethost = !!(get & SD_RESOLVE_GET_HOST);
-        req.getserv = !!(get & SD_RESOLVE_GET_SERVICE);
-
-        iov[0] = (struct iovec) { .iov_base = &req, .iov_len = sizeof(NameInfoRequest) };
-        iov[1] = (struct iovec) { .iov_base = (void*) sa, .iov_len = salen };
-
-        mh.msg_iov = iov;
-        mh.msg_iovlen = 2;
-
-        if (sendmsg(resolve->fds[REQUEST_SEND_FD], &mh, MSG_NOSIGNAL) < 0) {
-                sd_resolve_query_unref(q);
-                return -errno;
-        }
-
-        resolve->n_outstanding++;
-
-        if (_q)
-                *_q = q;
-
-        return 0;
-}
-
-static int getnameinfo_done(sd_resolve_query *q) {
-
-        assert(q);
-        assert(q->done);
-        assert(q->getnameinfo_handler);
-
-        errno = q->_errno;
-        h_errno= q->_h_errno;
-
-        return q->getnameinfo_handler(q, q->ret, q->host, q->serv, q->userdata);
-}
-
-_public_ sd_resolve_query* sd_resolve_query_ref(sd_resolve_query *q) {
-        assert_return(q, NULL);
-
-        assert(q->n_ref >= 1);
-        q->n_ref++;
-
-        return q;
-}
-
-static void resolve_freeaddrinfo(struct addrinfo *ai) {
-        while (ai) {
-                struct addrinfo *next = ai->ai_next;
-
-                free(ai->ai_addr);
-                free(ai->ai_canonname);
-                free(ai);
-                ai = next;
-        }
-}
-
-static void resolve_query_disconnect(sd_resolve_query *q) {
-        sd_resolve *resolve;
-        unsigned i;
-
-        assert(q);
-
-        if (!q->resolve)
-                return;
-
-        resolve = q->resolve;
-        assert(resolve->n_queries > 0);
-
-        if (q->done) {
-                assert(resolve->n_done > 0);
-                resolve->n_done--;
-        }
-
-        i = q->id % QUERIES_MAX;
-        assert(resolve->query_array[i] == q);
-        resolve->query_array[i] = NULL;
-        LIST_REMOVE(queries, resolve->queries, q);
-        resolve->n_queries--;
-
-        q->resolve = NULL;
-        if (!q->floating)
-                sd_resolve_unref(resolve);
-}
-
-static void resolve_query_free(sd_resolve_query *q) {
-        assert(q);
-
-        resolve_query_disconnect(q);
-
-        resolve_freeaddrinfo(q->addrinfo);
-        free(q->host);
-        free(q->serv);
-        free(q);
-}
-
-_public_ sd_resolve_query* sd_resolve_query_unref(sd_resolve_query* q) {
-        if (!q)
-                return NULL;
-
-        assert(q->n_ref >= 1);
-        q->n_ref--;
-
-        if (q->n_ref <= 0)
-                resolve_query_free(q);
-
-        return NULL;
-}
-
-_public_ int sd_resolve_query_is_done(sd_resolve_query *q) {
-        assert_return(q, -EINVAL);
-        assert_return(!resolve_pid_changed(q->resolve), -ECHILD);
-
-        return q->done;
-}
-
-_public_ void* sd_resolve_query_set_userdata(sd_resolve_query *q, void *userdata) {
-        void *ret;
-
-        assert_return(q, NULL);
-        assert_return(!resolve_pid_changed(q->resolve), NULL);
-
-        ret = q->userdata;
-        q->userdata = userdata;
-
-        return ret;
-}
-
-_public_ void* sd_resolve_query_get_userdata(sd_resolve_query *q) {
-        assert_return(q, NULL);
-        assert_return(!resolve_pid_changed(q->resolve), NULL);
-
-        return q->userdata;
-}
-
-_public_ sd_resolve *sd_resolve_query_get_resolve(sd_resolve_query *q) {
-        assert_return(q, NULL);
-        assert_return(!resolve_pid_changed(q->resolve), NULL);
-
-        return q->resolve;
-}
-
-static int io_callback(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        sd_resolve *resolve = userdata;
-        int r;
-
-        assert(resolve);
-
-        r = sd_resolve_process(resolve);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-_public_ int sd_resolve_attach_event(sd_resolve *resolve, sd_event *event, int64_t priority) {
-        int r;
-
-        assert_return(resolve, -EINVAL);
-        assert_return(!resolve->event, -EBUSY);
-
-        assert(!resolve->event_source);
-
-        if (event)
-                resolve->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&resolve->event);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_event_add_io(resolve->event, &resolve->event_source, resolve->fds[RESPONSE_RECV_FD], POLLIN, io_callback, resolve);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_priority(resolve->event_source, priority);
-        if (r < 0)
-                goto fail;
-
-        return 0;
-
-fail:
-        sd_resolve_detach_event(resolve);
-        return r;
-}
-
-_public_  int sd_resolve_detach_event(sd_resolve *resolve) {
-        assert_return(resolve, -EINVAL);
-
-        if (!resolve->event)
-                return 0;
-
-        if (resolve->event_source) {
-                sd_event_source_set_enabled(resolve->event_source, SD_EVENT_OFF);
-                resolve->event_source = sd_event_source_unref(resolve->event_source);
-        }
-
-        resolve->event = sd_event_unref(resolve->event);
-        return 1;
-}
-
-_public_ sd_event *sd_resolve_get_event(sd_resolve *resolve) {
-        assert_return(resolve, NULL);
-
-        return resolve->event;
-}
diff --git a/src/libsystemd/sd-resolve/test-resolve.c b/src/libsystemd/sd-resolve/test-resolve.c
deleted file mode 100644
index 1be1a7f8a7..0000000000
--- a/src/libsystemd/sd-resolve/test-resolve.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2005-2008 Lennart Poettering
-  Copyright 2014 Daniel Buch
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <arpa/inet.h>
-#include <errno.h>
-#include <netinet/in.h>
-#include <resolv.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/socket.h>
-
-#include "sd-resolve.h"
-
-#include "alloc-util.h"
-#include "macro.h"
-#include "socket-util.h"
-#include "string-util.h"
-
-static int getaddrinfo_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
-        const struct addrinfo *i;
-
-        assert_se(q);
-
-        if (ret != 0) {
-                log_error("getaddrinfo error: %s %i", gai_strerror(ret), ret);
-                return 0;
-        }
-
-        for (i = ai; i; i = i->ai_next) {
-                _cleanup_free_ char *addr = NULL;
-
-                assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, true, &addr) == 0);
-                puts(addr);
-        }
-
-        printf("canonical name: %s\n", strna(ai->ai_canonname));
-
-        return 0;
-}
-
-static int getnameinfo_handler(sd_resolve_query *q, int ret, const char *host, const char *serv, void *userdata) {
-        assert_se(q);
-
-        if (ret != 0) {
-                log_error("getnameinfo error: %s %i", gai_strerror(ret), ret);
-                return 0;
-        }
-
-        printf("Host: %s — Serv: %s\n", strna(host), strna(serv));
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_resolve_query_unrefp) sd_resolve_query *q1 = NULL, *q2 = NULL;
-        _cleanup_(sd_resolve_unrefp) sd_resolve *resolve = NULL;
-        int r = 0;
-
-        struct addrinfo hints = {
-                .ai_family = PF_UNSPEC,
-                .ai_socktype = SOCK_STREAM,
-                .ai_flags = AI_CANONNAME
-        };
-
-        struct sockaddr_in sa = {
-                .sin_family = AF_INET,
-                .sin_port = htons(80)
-        };
-
-        assert_se(sd_resolve_default(&resolve) >= 0);
-
-        /* Test a floating resolver query */
-        sd_resolve_getaddrinfo(resolve, NULL, "redhat.com", "http", NULL, getaddrinfo_handler, NULL);
-
-        /* Make a name -> address query */
-        r = sd_resolve_getaddrinfo(resolve, &q1, argc >= 2 ? argv[1] : "www.heise.de", NULL, &hints, getaddrinfo_handler, NULL);
-        if (r < 0)
-                log_error_errno(r, "sd_resolve_getaddrinfo(): %m");
-
-        /* Make an address -> name query */
-        sa.sin_addr.s_addr = inet_addr(argc >= 3 ? argv[2] : "193.99.144.71");
-        r = sd_resolve_getnameinfo(resolve, &q2, (struct sockaddr*) &sa, sizeof(sa), 0, SD_RESOLVE_GET_BOTH, getnameinfo_handler, NULL);
-        if (r < 0)
-                log_error_errno(r, "sd_resolve_getnameinfo(): %m");
-
-        /* Wait until all queries are completed */
-        for (;;) {
-                r = sd_resolve_wait(resolve, (uint64_t) -1);
-                if (r == 0)
-                        break;
-                if (r < 0) {
-                        log_error_errno(r, "sd_resolve_wait(): %m");
-                        assert_not_reached("sd_resolve_wait() failed");
-                }
-        }
-
-        return 0;
-}
diff --git a/src/libsystemd/sd-utf8/Makefile b/src/libsystemd/sd-utf8/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/libsystemd/sd-utf8/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/libsystemd/sd-utf8/sd-utf8.c b/src/libsystemd/sd-utf8/sd-utf8.c
deleted file mode 100644
index 33a5a04ea1..0000000000
--- a/src/libsystemd/sd-utf8/sd-utf8.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-utf8.h"
-
-#include "utf8.h"
-#include "util.h"
-
-_public_ const char *sd_utf8_is_valid(const char *s) {
-        assert_return(s, NULL);
-
-        return utf8_is_valid(s);
-}
-
-_public_ const char *sd_ascii_is_valid(const char *s) {
-        assert_return(s, NULL);
-
-        return ascii_is_valid(s);
-}
diff --git a/src/libudev/Makefile b/src/libudev/Makefile
index d0b0e8e008..8d9fecb1fb 120000..100644
--- a/src/libudev/Makefile
+++ b/src/libudev/Makefile
@@ -1 +1,28 @@
-../Makefile
-\ No newline at end of file
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+at.subdirs += src
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/libudev/libudev.h b/src/libudev/include/libudev.h
index 3f6d0ed16c..3f6d0ed16c 100644
--- a/src/libudev/libudev.h
+++ b/src/libudev/include/libudev.h
diff --git a/src/libudev/libudev-device-internal.h b/src/libudev/libudev-device-internal.h
deleted file mode 100644
index 0e9af8ec09..0000000000
--- a/src/libudev/libudev-device-internal.h
+++ /dev/null
@@ -1,58 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
-  Copyright 2015 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "libudev.h"
-#include "sd-device.h"
-
-#include "libudev-private.h"
-
-/**
- * udev_device:
- *
- * Opaque object representing one kernel sys device.
- */
-struct udev_device {
-        struct udev *udev;
-
-        /* real device object */
-        sd_device *device;
-
-        /* legacy */
-        int refcount;
-
-        struct udev_device *parent;
-        bool parent_set;
-
-        struct udev_list properties;
-        uint64_t properties_generation;
-        struct udev_list tags;
-        uint64_t tags_generation;
-        struct udev_list devlinks;
-        uint64_t devlinks_generation;
-        bool properties_read:1;
-        bool tags_read:1;
-        bool devlinks_read:1;
-        struct udev_list sysattrs;
-        bool sysattrs_read;
-};
-
-struct udev_device *udev_device_new(struct udev *udev);
diff --git a/src/libudev/libudev-device.c b/src/libudev/libudev-device.c
deleted file mode 100644
index 814e016800..0000000000
--- a/src/libudev/libudev-device.c
+++ /dev/null
@@ -1,958 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
-  Copyright 2015 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <ctype.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/sockios.h>
-#include <net/if.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "libudev.h"
-#include "sd-device.h"
-
-#include "alloc-util.h"
-#include "device-private.h"
-#include "device-util.h"
-#include "libudev-device-internal.h"
-#include "libudev-private.h"
-#include "parse-util.h"
-
-/**
- * SECTION:libudev-device
- * @short_description: kernel sys devices
- *
- * Representation of kernel sys devices. Devices are uniquely identified
- * by their syspath, every device has exactly one path in the kernel sys
- * filesystem. Devices usually belong to a kernel subsystem, and have
- * a unique name inside that subsystem.
- */
-
-/**
- * udev_device_get_seqnum:
- * @udev_device: udev device
- *
- * This is only valid if the device was received through a monitor. Devices read from
- * sys do not have a sequence number.
- *
- * Returns: the kernel event sequence number, or 0 if there is no sequence number available.
- **/
-_public_ unsigned long long int udev_device_get_seqnum(struct udev_device *udev_device)
-{
-        const char *seqnum;
-        unsigned long long ret;
-        int r;
-
-        assert_return_errno(udev_device, 0, EINVAL);
-
-        r = sd_device_get_property_value(udev_device->device, "SEQNUM", &seqnum);
-        if (r == -ENOENT)
-                return 0;
-        else if (r < 0) {
-                errno = -r;
-                return 0;
-        }
-
-        r = safe_atollu(seqnum, &ret);
-        if (r < 0) {
-                errno = -r;
-                return 0;
-        }
-
-        return ret;
-}
-
-/**
- * udev_device_get_devnum:
- * @udev_device: udev device
- *
- * Get the device major/minor number.
- *
- * Returns: the dev_t number.
- **/
-_public_ dev_t udev_device_get_devnum(struct udev_device *udev_device)
-{
-        dev_t devnum;
-        int r;
-
-        assert_return_errno(udev_device, makedev(0, 0), EINVAL);
-
-        r = sd_device_get_devnum(udev_device->device, &devnum);
-        if (r < 0) {
-                errno = -r;
-                return makedev(0, 0);
-        }
-
-        return devnum;
-}
-
-/**
- * udev_device_get_driver:
- * @udev_device: udev device
- *
- * Get the kernel driver name.
- *
- * Returns: the driver name string, or #NULL if there is no driver attached.
- **/
-_public_ const char *udev_device_get_driver(struct udev_device *udev_device)
-{
-        const char *driver;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_driver(udev_device->device, &driver);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return driver;
-}
-
-/**
- * udev_device_get_devtype:
- * @udev_device: udev device
- *
- * Retrieve the devtype string of the udev device.
- *
- * Returns: the devtype name of the udev device, or #NULL if it can not be determined
- **/
-_public_ const char *udev_device_get_devtype(struct udev_device *udev_device)
-{
-        const char *devtype;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_devtype(udev_device->device, &devtype);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return devtype;
-}
-
-/**
- * udev_device_get_subsystem:
- * @udev_device: udev device
- *
- * Retrieve the subsystem string of the udev device. The string does not
- * contain any "/".
- *
- * Returns: the subsystem name of the udev device, or #NULL if it can not be determined
- **/
-_public_ const char *udev_device_get_subsystem(struct udev_device *udev_device)
-{
-        const char *subsystem;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_subsystem(udev_device->device, &subsystem);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        } else if (!subsystem)
-                errno = ENODATA;
-
-        return subsystem;
-}
-
-/**
- * udev_device_get_property_value:
- * @udev_device: udev device
- * @key: property name
- *
- * Get the value of a given property.
- *
- * Returns: the property string, or #NULL if there is no such property.
- **/
-_public_ const char *udev_device_get_property_value(struct udev_device *udev_device, const char *key)
-{
-        const char *value = NULL;
-        int r;
-
-        assert_return_errno(udev_device && key, NULL, EINVAL);
-
-        r = sd_device_get_property_value(udev_device->device, key, &value);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return value;
-}
-
-struct udev_device *udev_device_new(struct udev *udev) {
-        struct udev_device *udev_device;
-
-        assert_return_errno(udev, NULL, EINVAL);
-
-        udev_device = new0(struct udev_device, 1);
-        if (!udev_device) {
-                errno = ENOMEM;
-                return NULL;
-        }
-        udev_device->refcount = 1;
-        udev_device->udev = udev;
-        udev_list_init(udev, &udev_device->properties, true);
-        udev_list_init(udev, &udev_device->tags, true);
-        udev_list_init(udev, &udev_device->sysattrs, true);
-        udev_list_init(udev, &udev_device->devlinks, true);
-
-        return udev_device;
-}
-
-/**
- * udev_device_new_from_syspath:
- * @udev: udev library context
- * @syspath: sys device path including sys directory
- *
- * Create new udev device, and fill in information from the sys
- * device and the udev database entry. The syspath is the absolute
- * path to the device, including the sys mount point.
- *
- * The initial refcount is 1, and needs to be decremented to
- * release the resources of the udev device.
- *
- * Returns: a new udev device, or #NULL, if it does not exist
- **/
-_public_ struct udev_device *udev_device_new_from_syspath(struct udev *udev, const char *syspath) {
-        struct udev_device *udev_device;
-        int r;
-
-        udev_device = udev_device_new(udev);
-        if (!udev_device)
-                return NULL;
-
-        r = sd_device_new_from_syspath(&udev_device->device, syspath);
-        if (r < 0) {
-                errno = -r;
-                udev_device_unref(udev_device);
-                return NULL;
-        }
-
-        return udev_device;
-}
-
-/**
- * udev_device_new_from_devnum:
- * @udev: udev library context
- * @type: char or block device
- * @devnum: device major/minor number
- *
- * Create new udev device, and fill in information from the sys
- * device and the udev database entry. The device is looked-up
- * by its major/minor number and type. Character and block device
- * numbers are not unique across the two types.
- *
- * The initial refcount is 1, and needs to be decremented to
- * release the resources of the udev device.
- *
- * Returns: a new udev device, or #NULL, if it does not exist
- **/
-_public_ struct udev_device *udev_device_new_from_devnum(struct udev *udev, char type, dev_t devnum)
-{
-        struct udev_device *udev_device;
-        int r;
-
-        udev_device = udev_device_new(udev);
-        if (!udev_device)
-                return NULL;
-
-        r = sd_device_new_from_devnum(&udev_device->device, type, devnum);
-        if (r < 0) {
-                errno = -r;
-                udev_device_unref(udev_device);
-                return NULL;
-        }
-
-        return udev_device;
-}
-
-/**
- * udev_device_new_from_device_id:
- * @udev: udev library context
- * @id: text string identifying a kernel device
- *
- * Create new udev device, and fill in information from the sys
- * device and the udev database entry. The device is looked-up
- * by a special string:
- *   b8:2          - block device major:minor
- *   c128:1        - char device major:minor
- *   n3            - network device ifindex
- *   +sound:card29 - kernel driver core subsystem:device name
- *
- * The initial refcount is 1, and needs to be decremented to
- * release the resources of the udev device.
- *
- * Returns: a new udev device, or #NULL, if it does not exist
- **/
-_public_ struct udev_device *udev_device_new_from_device_id(struct udev *udev, const char *id)
-{
-        struct udev_device *udev_device;
-        int r;
-
-        udev_device = udev_device_new(udev);
-        if (!udev_device)
-                return NULL;
-
-        r = sd_device_new_from_device_id(&udev_device->device, id);
-        if (r < 0) {
-                errno = -r;
-                udev_device_unref(udev_device);
-                return NULL;
-        }
-
-        return udev_device;
-}
-
-/**
- * udev_device_new_from_subsystem_sysname:
- * @udev: udev library context
- * @subsystem: the subsystem of the device
- * @sysname: the name of the device
- *
- * Create new udev device, and fill in information from the sys device
- * and the udev database entry. The device is looked up by the subsystem
- * and name string of the device, like "mem" / "zero", or "block" / "sda".
- *
- * The initial refcount is 1, and needs to be decremented to
- * release the resources of the udev device.
- *
- * Returns: a new udev device, or #NULL, if it does not exist
- **/
-_public_ struct udev_device *udev_device_new_from_subsystem_sysname(struct udev *udev, const char *subsystem, const char *sysname)
-{
-        struct udev_device *udev_device;
-        int r;
-
-        udev_device = udev_device_new(udev);
-        if (!udev_device)
-                return NULL;
-
-        r = sd_device_new_from_subsystem_sysname(&udev_device->device, subsystem, sysname);
-        if (r < 0) {
-                errno = -r;
-                udev_device_unref(udev_device);
-                return NULL;
-        }
-
-        return udev_device;
-}
-
-/**
- * udev_device_new_from_environment
- * @udev: udev library context
- *
- * Create new udev device, and fill in information from the
- * current process environment. This only works reliable if
- * the process is called from a udev rule. It is usually used
- * for tools executed from IMPORT= rules.
- *
- * The initial refcount is 1, and needs to be decremented to
- * release the resources of the udev device.
- *
- * Returns: a new udev device, or #NULL, if it does not exist
- **/
-_public_ struct udev_device *udev_device_new_from_environment(struct udev *udev)
-{
-        struct udev_device *udev_device;
-        int r;
-
-        udev_device = udev_device_new(udev);
-        if (!udev_device)
-                return NULL;
-
-        r = device_new_from_strv(&udev_device->device, environ);
-        if (r < 0) {
-                errno = -r;
-                udev_device_unref(udev_device);
-                return NULL;
-        }
-
-        return udev_device;
-}
-
-static struct udev_device *device_new_from_parent(struct udev_device *child)
-{
-        struct udev_device *parent;
-        int r;
-
-        assert_return_errno(child, NULL, EINVAL);
-
-        parent = udev_device_new(child->udev);
-        if (!parent)
-                return NULL;
-
-        r = sd_device_get_parent(child->device, &parent->device);
-        if (r < 0) {
-                errno = -r;
-                udev_device_unref(parent);
-                return NULL;
-        }
-
-        /* the parent is unref'ed with the child, so take a ref from libudev as well */
-        sd_device_ref(parent->device);
-
-        return parent;
-}
-
-/**
- * udev_device_get_parent:
- * @udev_device: the device to start searching from
- *
- * Find the next parent device, and fill in information from the sys
- * device and the udev database entry.
- *
- * Returned device is not referenced. It is attached to the child
- * device, and will be cleaned up when the child device is cleaned up.
- *
- * It is not necessarily just the upper level directory, empty or not
- * recognized sys directories are ignored.
- *
- * It can be called as many times as needed, without caring about
- * references.
- *
- * Returns: a new udev device, or #NULL, if it no parent exist.
- **/
-_public_ struct udev_device *udev_device_get_parent(struct udev_device *udev_device)
-{
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        if (!udev_device->parent_set) {
-                udev_device->parent_set = true;
-                udev_device->parent = device_new_from_parent(udev_device);
-        }
-
-        /* TODO: errno will differ here in case parent == NULL */
-        return udev_device->parent;
-}
-
-/**
- * udev_device_get_parent_with_subsystem_devtype:
- * @udev_device: udev device to start searching from
- * @subsystem: the subsystem of the device
- * @devtype: the type (DEVTYPE) of the device
- *
- * Find the next parent device, with a matching subsystem and devtype
- * value, and fill in information from the sys device and the udev
- * database entry.
- *
- * If devtype is #NULL, only subsystem is checked, and any devtype will
- * match.
- *
- * Returned device is not referenced. It is attached to the child
- * device, and will be cleaned up when the child device is cleaned up.
- *
- * It can be called as many times as needed, without caring about
- * references.
- *
- * Returns: a new udev device, or #NULL if no matching parent exists.
- **/
-_public_ struct udev_device *udev_device_get_parent_with_subsystem_devtype(struct udev_device *udev_device, const char *subsystem, const char *devtype)
-{
-        sd_device *parent;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        /* this relies on the fact that finding the subdevice of a parent or the
-           parent of a subdevice commute */
-
-        /* first find the correct sd_device */
-        r = sd_device_get_parent_with_subsystem_devtype(udev_device->device, subsystem, devtype, &parent);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        /* then walk the chain of udev_device parents until the correspanding
-           one is found */
-        while ((udev_device = udev_device_get_parent(udev_device))) {
-                if (udev_device->device == parent)
-                        return udev_device;
-        }
-
-        errno = ENOENT;
-        return NULL;
-}
-
-/**
- * udev_device_get_udev:
- * @udev_device: udev device
- *
- * Retrieve the udev library context the device was created with.
- *
- * Returns: the udev library context
- **/
-_public_ struct udev *udev_device_get_udev(struct udev_device *udev_device)
-{
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        return udev_device->udev;
-}
-
-/**
- * udev_device_ref:
- * @udev_device: udev device
- *
- * Take a reference of a udev device.
- *
- * Returns: the passed udev device
- **/
-_public_ struct udev_device *udev_device_ref(struct udev_device *udev_device)
-{
-        if (udev_device)
-                udev_device->refcount++;
-
-        return udev_device;
-}
-
-/**
- * udev_device_unref:
- * @udev_device: udev device
- *
- * Drop a reference of a udev device. If the refcount reaches zero,
- * the resources of the device will be released.
- *
- * Returns: #NULL
- **/
-_public_ struct udev_device *udev_device_unref(struct udev_device *udev_device)
-{
-        if (udev_device && (-- udev_device->refcount) == 0) {
-                sd_device_unref(udev_device->device);
-                udev_device_unref(udev_device->parent);
-
-                udev_list_cleanup(&udev_device->properties);
-                udev_list_cleanup(&udev_device->sysattrs);
-                udev_list_cleanup(&udev_device->tags);
-                udev_list_cleanup(&udev_device->devlinks);
-
-                free(udev_device);
-        }
-
-        return NULL;
-}
-
-/**
- * udev_device_get_devpath:
- * @udev_device: udev device
- *
- * Retrieve the kernel devpath value of the udev device. The path
- * does not contain the sys mount point, and starts with a '/'.
- *
- * Returns: the devpath of the udev device
- **/
-_public_ const char *udev_device_get_devpath(struct udev_device *udev_device)
-{
-        const char *devpath;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_devpath(udev_device->device, &devpath);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return devpath;
-}
-
-/**
- * udev_device_get_syspath:
- * @udev_device: udev device
- *
- * Retrieve the sys path of the udev device. The path is an
- * absolute path and starts with the sys mount point.
- *
- * Returns: the sys path of the udev device
- **/
-_public_ const char *udev_device_get_syspath(struct udev_device *udev_device)
-{
-        const char *syspath;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_syspath(udev_device->device, &syspath);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return syspath;
-}
-
-/**
- * udev_device_get_sysname:
- * @udev_device: udev device
- *
- * Get the kernel device name in /sys.
- *
- * Returns: the name string of the device device
- **/
-_public_ const char *udev_device_get_sysname(struct udev_device *udev_device)
-{
-        const char *sysname;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_sysname(udev_device->device, &sysname);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return sysname;
-}
-
-/**
- * udev_device_get_sysnum:
- * @udev_device: udev device
- *
- * Get the instance number of the device.
- *
- * Returns: the trailing number string of the device name
- **/
-_public_ const char *udev_device_get_sysnum(struct udev_device *udev_device)
-{
-        const char *sysnum;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_sysnum(udev_device->device, &sysnum);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return sysnum;
-}
-
-/**
- * udev_device_get_devnode:
- * @udev_device: udev device
- *
- * Retrieve the device node file name belonging to the udev device.
- * The path is an absolute path, and starts with the device directory.
- *
- * Returns: the device node file name of the udev device, or #NULL if no device node exists
- **/
-_public_ const char *udev_device_get_devnode(struct udev_device *udev_device)
-{
-        const char *devnode;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_devname(udev_device->device, &devnode);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return devnode;
-}
-
-/**
- * udev_device_get_devlinks_list_entry:
- * @udev_device: udev device
- *
- * Retrieve the list of device links pointing to the device file of
- * the udev device. The next list entry can be retrieved with
- * udev_list_entry_get_next(), which returns #NULL if no more entries exist.
- * The devlink path can be retrieved from the list entry by
- * udev_list_entry_get_name(). The path is an absolute path, and starts with
- * the device directory.
- *
- * Returns: the first entry of the device node link list
- **/
-_public_ struct udev_list_entry *udev_device_get_devlinks_list_entry(struct udev_device *udev_device)
-{
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        if (device_get_devlinks_generation(udev_device->device) != udev_device->devlinks_generation ||
-            !udev_device->devlinks_read) {
-                const char *devlink;
-
-                udev_list_cleanup(&udev_device->devlinks);
-
-                FOREACH_DEVICE_DEVLINK(udev_device->device, devlink)
-                        udev_list_entry_add(&udev_device->devlinks, devlink, NULL);
-
-                udev_device->devlinks_read = true;
-                udev_device->devlinks_generation = device_get_devlinks_generation(udev_device->device);
-        }
-
-        return udev_list_get_entry(&udev_device->devlinks);
-}
-
-/**
- * udev_device_get_event_properties_entry:
- * @udev_device: udev device
- *
- * Retrieve the list of key/value device properties of the udev
- * device. The next list entry can be retrieved with udev_list_entry_get_next(),
- * which returns #NULL if no more entries exist. The property name
- * can be retrieved from the list entry by udev_list_entry_get_name(),
- * the property value by udev_list_entry_get_value().
- *
- * Returns: the first entry of the property list
- **/
-_public_ struct udev_list_entry *udev_device_get_properties_list_entry(struct udev_device *udev_device)
-{
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        if (device_get_properties_generation(udev_device->device) != udev_device->properties_generation ||
-            !udev_device->properties_read) {
-                const char *key, *value;
-
-                udev_list_cleanup(&udev_device->properties);
-
-                FOREACH_DEVICE_PROPERTY(udev_device->device, key, value)
-                        udev_list_entry_add(&udev_device->properties, key, value);
-
-                udev_device->properties_read = true;
-                udev_device->properties_generation = device_get_properties_generation(udev_device->device);
-        }
-
-        return udev_list_get_entry(&udev_device->properties);
-}
-
-/**
- * udev_device_get_action:
- * @udev_device: udev device
- *
- * This is only valid if the device was received through a monitor. Devices read from
- * sys do not have an action string. Usual actions are: add, remove, change, online,
- * offline.
- *
- * Returns: the kernel action value, or #NULL if there is no action value available.
- **/
-_public_ const char *udev_device_get_action(struct udev_device *udev_device) {
-        const char *action = NULL;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_property_value(udev_device->device, "ACTION", &action);
-        if (r < 0 && r != -ENOENT) {
-                errno = -r;
-                return NULL;
-        }
-
-        return action;
-}
-
-/**
- * udev_device_get_usec_since_initialized:
- * @udev_device: udev device
- *
- * Return the number of microseconds passed since udev set up the
- * device for the first time.
- *
- * This is only implemented for devices with need to store properties
- * in the udev database. All other devices return 0 here.
- *
- * Returns: the number of microseconds since the device was first seen.
- **/
-_public_ unsigned long long int udev_device_get_usec_since_initialized(struct udev_device *udev_device)
-{
-        usec_t ts;
-        int r;
-
-        assert_return(udev_device, -EINVAL);
-
-        r = sd_device_get_usec_since_initialized(udev_device->device, &ts);
-        if (r < 0) {
-                errno = EINVAL;
-                return 0;
-        }
-
-        return ts;
-}
-
-/**
- * udev_device_get_sysattr_value:
- * @udev_device: udev device
- * @sysattr: attribute name
- *
- * The retrieved value is cached in the device. Repeated calls will return the same
- * value and not open the attribute again.
- *
- * Returns: the content of a sys attribute file, or #NULL if there is no sys attribute value.
- **/
-_public_ const char *udev_device_get_sysattr_value(struct udev_device *udev_device, const char *sysattr)
-{
-        const char *value;
-        int r;
-
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        r = sd_device_get_sysattr_value(udev_device->device, sysattr, &value);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        return value;
-}
-
-/**
- * udev_device_set_sysattr_value:
- * @udev_device: udev device
- * @sysattr: attribute name
- * @value: new value to be set
- *
- * Update the contents of the sys attribute and the cached value of the device.
- *
- * Returns: Negative error code on failure or 0 on success.
- **/
-_public_ int udev_device_set_sysattr_value(struct udev_device *udev_device, const char *sysattr, char *value)
-{
-        int r;
-
-        assert_return(udev_device, -EINVAL);
-
-        r = sd_device_set_sysattr_value(udev_device->device, sysattr, value);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-/**
- * udev_device_get_sysattr_list_entry:
- * @udev_device: udev device
- *
- * Retrieve the list of available sysattrs, with value being empty;
- * This just return all available sysfs attributes for a particular
- * device without reading their values.
- *
- * Returns: the first entry of the property list
- **/
-_public_ struct udev_list_entry *udev_device_get_sysattr_list_entry(struct udev_device *udev_device)
-{
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        if (!udev_device->sysattrs_read) {
-                const char *sysattr;
-
-                udev_list_cleanup(&udev_device->sysattrs);
-
-                FOREACH_DEVICE_SYSATTR(udev_device->device, sysattr)
-                        udev_list_entry_add(&udev_device->sysattrs, sysattr, NULL);
-
-                udev_device->sysattrs_read = true;
-        }
-
-        return udev_list_get_entry(&udev_device->sysattrs);
-}
-
-/**
- * udev_device_get_is_initialized:
- * @udev_device: udev device
- *
- * Check if udev has already handled the device and has set up
- * device node permissions and context, or has renamed a network
- * device.
- *
- * This is only implemented for devices with a device node
- * or network interfaces. All other devices return 1 here.
- *
- * Returns: 1 if the device is set up. 0 otherwise.
- **/
-_public_ int udev_device_get_is_initialized(struct udev_device *udev_device)
-{
-        int r, initialized;
-
-        assert_return(udev_device, -EINVAL);
-
-        r = sd_device_get_is_initialized(udev_device->device, &initialized);
-        if (r < 0) {
-                errno = -r;
-
-                return 0;
-        }
-
-        return initialized;
-}
-
-/**
- * udev_device_get_tags_list_entry:
- * @udev_device: udev device
- *
- * Retrieve the list of tags attached to the udev device. The next
- * list entry can be retrieved with udev_list_entry_get_next(),
- * which returns #NULL if no more entries exist. The tag string
- * can be retrieved from the list entry by udev_list_entry_get_name().
- *
- * Returns: the first entry of the tag list
- **/
-_public_ struct udev_list_entry *udev_device_get_tags_list_entry(struct udev_device *udev_device)
-{
-        assert_return_errno(udev_device, NULL, EINVAL);
-
-        if (device_get_tags_generation(udev_device->device) != udev_device->tags_generation ||
-            !udev_device->tags_read) {
-                const char *tag;
-
-                udev_list_cleanup(&udev_device->tags);
-
-                FOREACH_DEVICE_TAG(udev_device->device, tag)
-                        udev_list_entry_add(&udev_device->tags, tag, NULL);
-
-                udev_device->tags_read = true;
-                udev_device->tags_generation = device_get_tags_generation(udev_device->device);
-        }
-
-        return udev_list_get_entry(&udev_device->tags);
-}
-
-/**
- * udev_device_has_tag:
- * @udev_device: udev device
- * @tag: tag name
- *
- * Check if a given device has a certain tag associated.
- *
- * Returns: 1 if the tag is found. 0 otherwise.
- **/
-_public_ int udev_device_has_tag(struct udev_device *udev_device, const char *tag)
-{
-        assert_return(udev_device, 0);
-
-        return sd_device_has_tag(udev_device->device, tag);
-}
diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
deleted file mode 100644
index 3b8abfb260..0000000000
--- a/src/libudev/libudev-enumerate.c
+++ /dev/null
@@ -1,419 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
-  Copyright 2015 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <dirent.h>
-#include <errno.h>
-#include <fnmatch.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-
-#include "libudev.h"
-#include "sd-device.h"
-
-#include "alloc-util.h"
-#include "device-enumerator-private.h"
-#include "device-util.h"
-#include "libudev-device-internal.h"
-
-/**
- * SECTION:libudev-enumerate
- * @short_description: lookup and sort sys devices
- *
- * Lookup devices in the sys filesystem, filter devices by properties,
- * and return a sorted list of devices.
- */
-
-/**
- * udev_enumerate:
- *
- * Opaque object representing one device lookup/sort context.
- */
-struct udev_enumerate {
-        struct udev *udev;
-        int refcount;
-        struct udev_list devices_list;
-        bool devices_uptodate:1;
-
-        sd_device_enumerator *enumerator;
-};
-
-/**
- * udev_enumerate_new:
- * @udev: udev library context
- *
- * Create an enumeration context to scan /sys.
- *
- * Returns: an enumeration context.
- **/
-_public_ struct udev_enumerate *udev_enumerate_new(struct udev *udev) {
-        _cleanup_free_ struct udev_enumerate *udev_enumerate = NULL;
-        struct udev_enumerate *ret;
-        int r;
-
-        assert_return_errno(udev, NULL, EINVAL);
-
-        udev_enumerate = new0(struct udev_enumerate, 1);
-        if (!udev_enumerate) {
-                errno = ENOMEM;
-                return NULL;
-        }
-
-        r = sd_device_enumerator_new(&udev_enumerate->enumerator);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        r = sd_device_enumerator_allow_uninitialized(udev_enumerate->enumerator);
-        if (r < 0) {
-                errno = -r;
-                return NULL;
-        }
-
-        udev_enumerate->refcount = 1;
-        udev_enumerate->udev = udev;
-
-        udev_list_init(udev, &udev_enumerate->devices_list, false);
-
-        ret = udev_enumerate;
-        udev_enumerate = NULL;
-
-        return ret;
-}
-
-/**
- * udev_enumerate_ref:
- * @udev_enumerate: context
- *
- * Take a reference of a enumeration context.
- *
- * Returns: the passed enumeration context
- **/
-_public_ struct udev_enumerate *udev_enumerate_ref(struct udev_enumerate *udev_enumerate) {
-        if (udev_enumerate)
-                udev_enumerate->refcount++;
-
-        return udev_enumerate;
-}
-
-/**
- * udev_enumerate_unref:
- * @udev_enumerate: context
- *
- * Drop a reference of an enumeration context. If the refcount reaches zero,
- * all resources of the enumeration context will be released.
- *
- * Returns: #NULL
- **/
-_public_ struct udev_enumerate *udev_enumerate_unref(struct udev_enumerate *udev_enumerate) {
-        if (udev_enumerate && (-- udev_enumerate->refcount) == 0) {
-                udev_list_cleanup(&udev_enumerate->devices_list);
-                sd_device_enumerator_unref(udev_enumerate->enumerator);
-                free(udev_enumerate);
-        }
-
-        return NULL;
-}
-
-/**
- * udev_enumerate_get_udev:
- * @udev_enumerate: context
- *
- * Get the udev library context.
- *
- * Returns: a pointer to the context.
- */
-_public_ struct udev *udev_enumerate_get_udev(struct udev_enumerate *udev_enumerate) {
-        assert_return_errno(udev_enumerate, NULL, EINVAL);
-
-        return udev_enumerate->udev;
-}
-
-/**
- * udev_enumerate_get_list_entry:
- * @udev_enumerate: context
- *
- * Get the first entry of the sorted list of device paths.
- *
- * Returns: a udev_list_entry.
- */
-_public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enumerate *udev_enumerate) {
-        assert_return_errno(udev_enumerate, NULL, EINVAL);
-
-        if (!udev_enumerate->devices_uptodate) {
-                sd_device *device;
-
-                udev_list_cleanup(&udev_enumerate->devices_list);
-
-                FOREACH_DEVICE_AND_SUBSYSTEM(udev_enumerate->enumerator, device) {
-                        const char *syspath;
-                        int r;
-
-                        r = sd_device_get_syspath(device, &syspath);
-                        if (r < 0) {
-                                errno = -r;
-                                return NULL;
-                        }
-
-                        udev_list_entry_add(&udev_enumerate->devices_list, syspath, NULL);
-                }
-
-                udev_enumerate->devices_uptodate = true;
-        }
-
-        return udev_list_get_entry(&udev_enumerate->devices_list);
-}
-
-/**
- * udev_enumerate_add_match_subsystem:
- * @udev_enumerate: context
- * @subsystem: filter for a subsystem of the device to include in the list
- *
- * Match only devices belonging to a certain kernel subsystem.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_match_subsystem(struct udev_enumerate *udev_enumerate, const char *subsystem) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!subsystem)
-                return 0;
-
-        return sd_device_enumerator_add_match_subsystem(udev_enumerate->enumerator, subsystem, true);
-}
-
-/**
- * udev_enumerate_add_nomatch_subsystem:
- * @udev_enumerate: context
- * @subsystem: filter for a subsystem of the device to exclude from the list
- *
- * Match only devices not belonging to a certain kernel subsystem.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_nomatch_subsystem(struct udev_enumerate *udev_enumerate, const char *subsystem) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!subsystem)
-                return 0;
-
-        return sd_device_enumerator_add_match_subsystem(udev_enumerate->enumerator, subsystem, false);
-}
-
-/**
- * udev_enumerate_add_match_sysattr:
- * @udev_enumerate: context
- * @sysattr: filter for a sys attribute at the device to include in the list
- * @value: optional value of the sys attribute
- *
- * Match only devices with a certain /sys device attribute.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_match_sysattr(struct udev_enumerate *udev_enumerate, const char *sysattr, const char *value) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!sysattr)
-                return 0;
-
-        return sd_device_enumerator_add_match_sysattr(udev_enumerate->enumerator, sysattr, value, true);
-}
-
-/**
- * udev_enumerate_add_nomatch_sysattr:
- * @udev_enumerate: context
- * @sysattr: filter for a sys attribute at the device to exclude from the list
- * @value: optional value of the sys attribute
- *
- * Match only devices not having a certain /sys device attribute.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_nomatch_sysattr(struct udev_enumerate *udev_enumerate, const char *sysattr, const char *value) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!sysattr)
-                return 0;
-
-        return sd_device_enumerator_add_match_sysattr(udev_enumerate->enumerator, sysattr, value, false);
-}
-
-/**
- * udev_enumerate_add_match_property:
- * @udev_enumerate: context
- * @property: filter for a property of the device to include in the list
- * @value: value of the property
- *
- * Match only devices with a certain property.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_match_property(struct udev_enumerate *udev_enumerate, const char *property, const char *value) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!property)
-                return 0;
-
-        return sd_device_enumerator_add_match_property(udev_enumerate->enumerator, property, value);
-}
-
-/**
- * udev_enumerate_add_match_tag:
- * @udev_enumerate: context
- * @tag: filter for a tag of the device to include in the list
- *
- * Match only devices with a certain tag.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_match_tag(struct udev_enumerate *udev_enumerate, const char *tag) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!tag)
-                return 0;
-
-        return sd_device_enumerator_add_match_tag(udev_enumerate->enumerator, tag);
-}
-
-/**
- * udev_enumerate_add_match_parent:
- * @udev_enumerate: context
- * @parent: parent device where to start searching
- *
- * Return the devices on the subtree of one given device. The parent
- * itself is included in the list.
- *
- * A reference for the device is held until the udev_enumerate context
- * is cleaned up.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_match_parent(struct udev_enumerate *udev_enumerate, struct udev_device *parent) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!parent)
-                return 0;
-
-        return sd_device_enumerator_add_match_parent(udev_enumerate->enumerator, parent->device);
-}
-
-/**
- * udev_enumerate_add_match_is_initialized:
- * @udev_enumerate: context
- *
- * Match only devices which udev has set up already. This makes
- * sure, that the device node permissions and context are properly set
- * and that network devices are fully renamed.
- *
- * Usually, devices which are found in the kernel but not already
- * handled by udev, have still pending events. Services should subscribe
- * to monitor events and wait for these devices to become ready, instead
- * of using uninitialized devices.
- *
- * For now, this will not affect devices which do not have a device node
- * and are not network interfaces.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_match_is_initialized(struct udev_enumerate *udev_enumerate) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        return device_enumerator_add_match_is_initialized(udev_enumerate->enumerator);
-}
-
-/**
- * udev_enumerate_add_match_sysname:
- * @udev_enumerate: context
- * @sysname: filter for the name of the device to include in the list
- *
- * Match only devices with a given /sys device name.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_match_sysname(struct udev_enumerate *udev_enumerate, const char *sysname) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!sysname)
-                return 0;
-
-        return sd_device_enumerator_add_match_sysname(udev_enumerate->enumerator, sysname);
-}
-
-/**
- * udev_enumerate_add_syspath:
- * @udev_enumerate: context
- * @syspath: path of a device
- *
- * Add a device to the list of devices, to retrieve it back sorted in dependency order.
- *
- * Returns: 0 on success, otherwise a negative error value.
- */
-_public_ int udev_enumerate_add_syspath(struct udev_enumerate *udev_enumerate, const char *syspath) {
-        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
-        int r;
-
-        assert_return(udev_enumerate, -EINVAL);
-
-        if (!syspath)
-                return 0;
-
-        r = sd_device_new_from_syspath(&device, syspath);
-        if (r < 0)
-                return r;
-
-        r = device_enumerator_add_device(udev_enumerate->enumerator, device);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-/**
- * udev_enumerate_scan_devices:
- * @udev_enumerate: udev enumeration context
- *
- * Scan /sys for all devices which match the given filters. No matches
- * will return all currently available devices.
- *
- * Returns: 0 on success, otherwise a negative error value.
- **/
-_public_ int udev_enumerate_scan_devices(struct udev_enumerate *udev_enumerate) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        return device_enumerator_scan_devices(udev_enumerate->enumerator);
-}
-
-/**
- * udev_enumerate_scan_subsystems:
- * @udev_enumerate: udev enumeration context
- *
- * Scan /sys for all kernel subsystems, including buses, classes, drivers.
- *
- * Returns: 0 on success, otherwise a negative error value.
- **/
-_public_ int udev_enumerate_scan_subsystems(struct udev_enumerate *udev_enumerate) {
-        assert_return(udev_enumerate, -EINVAL);
-
-        return device_enumerator_scan_subsystems(udev_enumerate->enumerator);
-}
diff --git a/src/libudev/libudev-hwdb.c b/src/libudev/libudev-hwdb.c
deleted file mode 100644
index a53f000015..0000000000
--- a/src/libudev/libudev-hwdb.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-hwdb.h"
-
-#include "alloc-util.h"
-#include "hwdb-util.h"
-#include "libudev-private.h"
-
-/**
- * SECTION:libudev-hwdb
- * @short_description: retrieve properties from the hardware database
- *
- * Libudev hardware database interface.
- */
-
-/**
- * udev_hwdb:
- *
- * Opaque object representing the hardware database.
- */
-struct udev_hwdb {
-        struct udev *udev;
-        int refcount;
-
-        sd_hwdb *hwdb;
-
-        struct udev_list properties_list;
-};
-
-/**
- * udev_hwdb_new:
- * @udev: udev library context
- *
- * Create a hardware database context to query properties for devices.
- *
- * Returns: a hwdb context.
- **/
-_public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) {
-        _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb_internal = NULL;
-        struct udev_hwdb *hwdb;
-        int r;
-
-        assert_return(udev, NULL);
-
-        r = sd_hwdb_new(&hwdb_internal);
-        if (r < 0)
-                return NULL;
-
-        hwdb = new0(struct udev_hwdb, 1);
-        if (!hwdb)
-                return NULL;
-
-        hwdb->refcount = 1;
-        hwdb->hwdb = hwdb_internal;
-        hwdb_internal = NULL;
-
-        udev_list_init(udev, &hwdb->properties_list, true);
-
-        return hwdb;
-}
-
-/**
- * udev_hwdb_ref:
- * @hwdb: context
- *
- * Take a reference of a hwdb context.
- *
- * Returns: the passed enumeration context
- **/
-_public_ struct udev_hwdb *udev_hwdb_ref(struct udev_hwdb *hwdb) {
-        if (!hwdb)
-                return NULL;
-        hwdb->refcount++;
-        return hwdb;
-}
-
-/**
- * udev_hwdb_unref:
- * @hwdb: context
- *
- * Drop a reference of a hwdb context. If the refcount reaches zero,
- * all resources of the hwdb context will be released.
- *
- * Returns: #NULL
- **/
-_public_ struct udev_hwdb *udev_hwdb_unref(struct udev_hwdb *hwdb) {
-        if (!hwdb)
-                return NULL;
-        hwdb->refcount--;
-        if (hwdb->refcount > 0)
-                return NULL;
-        sd_hwdb_unref(hwdb->hwdb);
-        udev_list_cleanup(&hwdb->properties_list);
-        free(hwdb);
-        return NULL;
-}
-
-/**
- * udev_hwdb_get_properties_list_entry:
- * @hwdb: context
- * @modalias: modalias string
- * @flags: (unused)
- *
- * Lookup a matching device in the hardware database. The lookup key is a
- * modalias string, whose formats are defined for the Linux kernel modules.
- * Examples are: pci:v00008086d00001C2D*, usb:v04F2pB221*. The first entry
- * of a list of retrieved properties is returned.
- *
- * Returns: a udev_list_entry.
- */
-_public_ struct udev_list_entry *udev_hwdb_get_properties_list_entry(struct udev_hwdb *hwdb, const char *modalias, unsigned int flags) {
-        const char *key, *value;
-
-        if (!hwdb || !modalias) {
-                errno = EINVAL;
-                return NULL;
-        }
-
-        udev_list_cleanup(&hwdb->properties_list);
-
-        SD_HWDB_FOREACH_PROPERTY(hwdb->hwdb, modalias, key, value) {
-                if (udev_list_entry_add(&hwdb->properties_list, key, value) == NULL) {
-                        errno = ENOMEM;
-                        return NULL;
-                }
-        }
-
-        return udev_list_get_entry(&hwdb->properties_list);
-}
diff --git a/src/libudev/.gitignore b/src/libudev/src/.gitignore
index 0c8a5d5231..0c8a5d5231 100644
--- a/src/libudev/.gitignore
+++ b/src/libudev/src/.gitignore
diff --git a/src/libudev/src/Makefile b/src/libudev/src/Makefile
new file mode 100644
index 0000000000..ed606315e1
--- /dev/null
+++ b/src/libudev/src/Makefile
@@ -0,0 +1,83 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+LIBUDEV_CURRENT=7
+LIBUDEV_REVISION=4
+LIBUDEV_AGE=6
+
+include_HEADERS += \
+	src/libudev/libudev.h
+
+lib_LTLIBRARIES += \
+	libudev.la
+
+libudev_la_SOURCES =\
+	src/libudev/libudev.sym \
+	src/libudev/libudev-private.h \
+	src/libudev/libudev-device-internal.h \
+	src/libudev/libudev.c \
+	src/libudev/libudev-list.c \
+	src/libudev/libudev-util.c \
+	src/libudev/libudev-device.c \
+	src/libudev/libudev-device-private.c \
+	src/libudev/libudev-enumerate.c \
+	src/libudev/libudev-monitor.c \
+	src/libudev/libudev-queue.c \
+	src/libudev/libudev-hwdb.c
+
+libudev_la_LDFLAGS = \
+	$(AM_LDFLAGS) \
+	-version-info $(LIBUDEV_CURRENT):$(LIBUDEV_REVISION):$(LIBUDEV_AGE) \
+	-Wl,--version-script=$(srcdir)/libudev.sym
+
+libudev_la_LIBADD = \
+	libsystemd-internal.la
+
+pkgconfiglib_DATA += \
+	src/libudev/libudev.pc
+
+EXTRA_DIST += \
+	src/libudev/libudev.pc.in
+
+noinst_LTLIBRARIES += \
+	libudev-internal.la
+
+libudev_internal_la_SOURCES =\
+	$(libudev_la_SOURCES)
+
+test-libudev-sym.c: \
+		src/libudev/libudev.sym \
+		src/udev/udev.h
+	$(generate-sym-test)
+
+nodist_test_libudev_sym_SOURCES = \
+	test-libudev-sym.c
+test_libudev_sym_CFLAGS = \
+	$(AM_CFLAGS) \
+	-Wno-deprecated-declarations
+test_libudev_sym_LDADD = \
+	libudev.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/libudev/src/libudev-device-internal.h b/src/libudev/src/libudev-device-internal.h
new file mode 100644
index 0000000000..f76da09407
--- /dev/null
+++ b/src/libudev/src/libudev-device-internal.h
@@ -0,0 +1,58 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
+  Copyright 2015 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include "libudev.h"
+#include <systemd/sd-device.h>
+
+#include "libudev-private.h"
+
+/**
+ * udev_device:
+ *
+ * Opaque object representing one kernel sys device.
+ */
+struct udev_device {
+        struct udev *udev;
+
+        /* real device object */
+        sd_device *device;
+
+        /* legacy */
+        int refcount;
+
+        struct udev_device *parent;
+        bool parent_set;
+
+        struct udev_list properties;
+        uint64_t properties_generation;
+        struct udev_list tags;
+        uint64_t tags_generation;
+        struct udev_list devlinks;
+        uint64_t devlinks_generation;
+        bool properties_read:1;
+        bool tags_read:1;
+        bool devlinks_read:1;
+        struct udev_list sysattrs;
+        bool sysattrs_read;
+};
+
+struct udev_device *udev_device_new(struct udev *udev);
diff --git a/src/libudev/libudev-device-private.c b/src/libudev/src/libudev-device-private.c
index 2aae0726c1..2aae0726c1 100644
--- a/src/libudev/libudev-device-private.c
+++ b/src/libudev/src/libudev-device-private.c
diff --git a/src/libudev/src/libudev-device.c b/src/libudev/src/libudev-device.c
new file mode 100644
index 0000000000..6536f4cfbb
--- /dev/null
+++ b/src/libudev/src/libudev-device.c
@@ -0,0 +1,958 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
+  Copyright 2015 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <ctype.h>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/sockios.h>
+#include <net/if.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "libudev.h"
+#include <systemd/sd-device.h>
+
+#include "alloc-util.h"
+#include "device-private.h"
+#include "device-util.h"
+#include "libudev-device-internal.h"
+#include "libudev-private.h"
+#include "parse-util.h"
+
+/**
+ * SECTION:libudev-device
+ * @short_description: kernel sys devices
+ *
+ * Representation of kernel sys devices. Devices are uniquely identified
+ * by their syspath, every device has exactly one path in the kernel sys
+ * filesystem. Devices usually belong to a kernel subsystem, and have
+ * a unique name inside that subsystem.
+ */
+
+/**
+ * udev_device_get_seqnum:
+ * @udev_device: udev device
+ *
+ * This is only valid if the device was received through a monitor. Devices read from
+ * sys do not have a sequence number.
+ *
+ * Returns: the kernel event sequence number, or 0 if there is no sequence number available.
+ **/
+_public_ unsigned long long int udev_device_get_seqnum(struct udev_device *udev_device)
+{
+        const char *seqnum;
+        unsigned long long ret;
+        int r;
+
+        assert_return_errno(udev_device, 0, EINVAL);
+
+        r = sd_device_get_property_value(udev_device->device, "SEQNUM", &seqnum);
+        if (r == -ENOENT)
+                return 0;
+        else if (r < 0) {
+                errno = -r;
+                return 0;
+        }
+
+        r = safe_atollu(seqnum, &ret);
+        if (r < 0) {
+                errno = -r;
+                return 0;
+        }
+
+        return ret;
+}
+
+/**
+ * udev_device_get_devnum:
+ * @udev_device: udev device
+ *
+ * Get the device major/minor number.
+ *
+ * Returns: the dev_t number.
+ **/
+_public_ dev_t udev_device_get_devnum(struct udev_device *udev_device)
+{
+        dev_t devnum;
+        int r;
+
+        assert_return_errno(udev_device, makedev(0, 0), EINVAL);
+
+        r = sd_device_get_devnum(udev_device->device, &devnum);
+        if (r < 0) {
+                errno = -r;
+                return makedev(0, 0);
+        }
+
+        return devnum;
+}
+
+/**
+ * udev_device_get_driver:
+ * @udev_device: udev device
+ *
+ * Get the kernel driver name.
+ *
+ * Returns: the driver name string, or #NULL if there is no driver attached.
+ **/
+_public_ const char *udev_device_get_driver(struct udev_device *udev_device)
+{
+        const char *driver;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_driver(udev_device->device, &driver);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return driver;
+}
+
+/**
+ * udev_device_get_devtype:
+ * @udev_device: udev device
+ *
+ * Retrieve the devtype string of the udev device.
+ *
+ * Returns: the devtype name of the udev device, or #NULL if it can not be determined
+ **/
+_public_ const char *udev_device_get_devtype(struct udev_device *udev_device)
+{
+        const char *devtype;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_devtype(udev_device->device, &devtype);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return devtype;
+}
+
+/**
+ * udev_device_get_subsystem:
+ * @udev_device: udev device
+ *
+ * Retrieve the subsystem string of the udev device. The string does not
+ * contain any "/".
+ *
+ * Returns: the subsystem name of the udev device, or #NULL if it can not be determined
+ **/
+_public_ const char *udev_device_get_subsystem(struct udev_device *udev_device)
+{
+        const char *subsystem;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_subsystem(udev_device->device, &subsystem);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        } else if (!subsystem)
+                errno = ENODATA;
+
+        return subsystem;
+}
+
+/**
+ * udev_device_get_property_value:
+ * @udev_device: udev device
+ * @key: property name
+ *
+ * Get the value of a given property.
+ *
+ * Returns: the property string, or #NULL if there is no such property.
+ **/
+_public_ const char *udev_device_get_property_value(struct udev_device *udev_device, const char *key)
+{
+        const char *value = NULL;
+        int r;
+
+        assert_return_errno(udev_device && key, NULL, EINVAL);
+
+        r = sd_device_get_property_value(udev_device->device, key, &value);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return value;
+}
+
+struct udev_device *udev_device_new(struct udev *udev) {
+        struct udev_device *udev_device;
+
+        assert_return_errno(udev, NULL, EINVAL);
+
+        udev_device = new0(struct udev_device, 1);
+        if (!udev_device) {
+                errno = ENOMEM;
+                return NULL;
+        }
+        udev_device->refcount = 1;
+        udev_device->udev = udev;
+        udev_list_init(udev, &udev_device->properties, true);
+        udev_list_init(udev, &udev_device->tags, true);
+        udev_list_init(udev, &udev_device->sysattrs, true);
+        udev_list_init(udev, &udev_device->devlinks, true);
+
+        return udev_device;
+}
+
+/**
+ * udev_device_new_from_syspath:
+ * @udev: udev library context
+ * @syspath: sys device path including sys directory
+ *
+ * Create new udev device, and fill in information from the sys
+ * device and the udev database entry. The syspath is the absolute
+ * path to the device, including the sys mount point.
+ *
+ * The initial refcount is 1, and needs to be decremented to
+ * release the resources of the udev device.
+ *
+ * Returns: a new udev device, or #NULL, if it does not exist
+ **/
+_public_ struct udev_device *udev_device_new_from_syspath(struct udev *udev, const char *syspath) {
+        struct udev_device *udev_device;
+        int r;
+
+        udev_device = udev_device_new(udev);
+        if (!udev_device)
+                return NULL;
+
+        r = sd_device_new_from_syspath(&udev_device->device, syspath);
+        if (r < 0) {
+                errno = -r;
+                udev_device_unref(udev_device);
+                return NULL;
+        }
+
+        return udev_device;
+}
+
+/**
+ * udev_device_new_from_devnum:
+ * @udev: udev library context
+ * @type: char or block device
+ * @devnum: device major/minor number
+ *
+ * Create new udev device, and fill in information from the sys
+ * device and the udev database entry. The device is looked-up
+ * by its major/minor number and type. Character and block device
+ * numbers are not unique across the two types.
+ *
+ * The initial refcount is 1, and needs to be decremented to
+ * release the resources of the udev device.
+ *
+ * Returns: a new udev device, or #NULL, if it does not exist
+ **/
+_public_ struct udev_device *udev_device_new_from_devnum(struct udev *udev, char type, dev_t devnum)
+{
+        struct udev_device *udev_device;
+        int r;
+
+        udev_device = udev_device_new(udev);
+        if (!udev_device)
+                return NULL;
+
+        r = sd_device_new_from_devnum(&udev_device->device, type, devnum);
+        if (r < 0) {
+                errno = -r;
+                udev_device_unref(udev_device);
+                return NULL;
+        }
+
+        return udev_device;
+}
+
+/**
+ * udev_device_new_from_device_id:
+ * @udev: udev library context
+ * @id: text string identifying a kernel device
+ *
+ * Create new udev device, and fill in information from the sys
+ * device and the udev database entry. The device is looked-up
+ * by a special string:
+ *   b8:2          - block device major:minor
+ *   c128:1        - char device major:minor
+ *   n3            - network device ifindex
+ *   +sound:card29 - kernel driver core subsystem:device name
+ *
+ * The initial refcount is 1, and needs to be decremented to
+ * release the resources of the udev device.
+ *
+ * Returns: a new udev device, or #NULL, if it does not exist
+ **/
+_public_ struct udev_device *udev_device_new_from_device_id(struct udev *udev, const char *id)
+{
+        struct udev_device *udev_device;
+        int r;
+
+        udev_device = udev_device_new(udev);
+        if (!udev_device)
+                return NULL;
+
+        r = sd_device_new_from_device_id(&udev_device->device, id);
+        if (r < 0) {
+                errno = -r;
+                udev_device_unref(udev_device);
+                return NULL;
+        }
+
+        return udev_device;
+}
+
+/**
+ * udev_device_new_from_subsystem_sysname:
+ * @udev: udev library context
+ * @subsystem: the subsystem of the device
+ * @sysname: the name of the device
+ *
+ * Create new udev device, and fill in information from the sys device
+ * and the udev database entry. The device is looked up by the subsystem
+ * and name string of the device, like "mem" / "zero", or "block" / "sda".
+ *
+ * The initial refcount is 1, and needs to be decremented to
+ * release the resources of the udev device.
+ *
+ * Returns: a new udev device, or #NULL, if it does not exist
+ **/
+_public_ struct udev_device *udev_device_new_from_subsystem_sysname(struct udev *udev, const char *subsystem, const char *sysname)
+{
+        struct udev_device *udev_device;
+        int r;
+
+        udev_device = udev_device_new(udev);
+        if (!udev_device)
+                return NULL;
+
+        r = sd_device_new_from_subsystem_sysname(&udev_device->device, subsystem, sysname);
+        if (r < 0) {
+                errno = -r;
+                udev_device_unref(udev_device);
+                return NULL;
+        }
+
+        return udev_device;
+}
+
+/**
+ * udev_device_new_from_environment
+ * @udev: udev library context
+ *
+ * Create new udev device, and fill in information from the
+ * current process environment. This only works reliable if
+ * the process is called from a udev rule. It is usually used
+ * for tools executed from IMPORT= rules.
+ *
+ * The initial refcount is 1, and needs to be decremented to
+ * release the resources of the udev device.
+ *
+ * Returns: a new udev device, or #NULL, if it does not exist
+ **/
+_public_ struct udev_device *udev_device_new_from_environment(struct udev *udev)
+{
+        struct udev_device *udev_device;
+        int r;
+
+        udev_device = udev_device_new(udev);
+        if (!udev_device)
+                return NULL;
+
+        r = device_new_from_strv(&udev_device->device, environ);
+        if (r < 0) {
+                errno = -r;
+                udev_device_unref(udev_device);
+                return NULL;
+        }
+
+        return udev_device;
+}
+
+static struct udev_device *device_new_from_parent(struct udev_device *child)
+{
+        struct udev_device *parent;
+        int r;
+
+        assert_return_errno(child, NULL, EINVAL);
+
+        parent = udev_device_new(child->udev);
+        if (!parent)
+                return NULL;
+
+        r = sd_device_get_parent(child->device, &parent->device);
+        if (r < 0) {
+                errno = -r;
+                udev_device_unref(parent);
+                return NULL;
+        }
+
+        /* the parent is unref'ed with the child, so take a ref from libudev as well */
+        sd_device_ref(parent->device);
+
+        return parent;
+}
+
+/**
+ * udev_device_get_parent:
+ * @udev_device: the device to start searching from
+ *
+ * Find the next parent device, and fill in information from the sys
+ * device and the udev database entry.
+ *
+ * Returned device is not referenced. It is attached to the child
+ * device, and will be cleaned up when the child device is cleaned up.
+ *
+ * It is not necessarily just the upper level directory, empty or not
+ * recognized sys directories are ignored.
+ *
+ * It can be called as many times as needed, without caring about
+ * references.
+ *
+ * Returns: a new udev device, or #NULL, if it no parent exist.
+ **/
+_public_ struct udev_device *udev_device_get_parent(struct udev_device *udev_device)
+{
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        if (!udev_device->parent_set) {
+                udev_device->parent_set = true;
+                udev_device->parent = device_new_from_parent(udev_device);
+        }
+
+        /* TODO: errno will differ here in case parent == NULL */
+        return udev_device->parent;
+}
+
+/**
+ * udev_device_get_parent_with_subsystem_devtype:
+ * @udev_device: udev device to start searching from
+ * @subsystem: the subsystem of the device
+ * @devtype: the type (DEVTYPE) of the device
+ *
+ * Find the next parent device, with a matching subsystem and devtype
+ * value, and fill in information from the sys device and the udev
+ * database entry.
+ *
+ * If devtype is #NULL, only subsystem is checked, and any devtype will
+ * match.
+ *
+ * Returned device is not referenced. It is attached to the child
+ * device, and will be cleaned up when the child device is cleaned up.
+ *
+ * It can be called as many times as needed, without caring about
+ * references.
+ *
+ * Returns: a new udev device, or #NULL if no matching parent exists.
+ **/
+_public_ struct udev_device *udev_device_get_parent_with_subsystem_devtype(struct udev_device *udev_device, const char *subsystem, const char *devtype)
+{
+        sd_device *parent;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        /* this relies on the fact that finding the subdevice of a parent or the
+           parent of a subdevice commute */
+
+        /* first find the correct sd_device */
+        r = sd_device_get_parent_with_subsystem_devtype(udev_device->device, subsystem, devtype, &parent);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        /* then walk the chain of udev_device parents until the correspanding
+           one is found */
+        while ((udev_device = udev_device_get_parent(udev_device))) {
+                if (udev_device->device == parent)
+                        return udev_device;
+        }
+
+        errno = ENOENT;
+        return NULL;
+}
+
+/**
+ * udev_device_get_udev:
+ * @udev_device: udev device
+ *
+ * Retrieve the udev library context the device was created with.
+ *
+ * Returns: the udev library context
+ **/
+_public_ struct udev *udev_device_get_udev(struct udev_device *udev_device)
+{
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        return udev_device->udev;
+}
+
+/**
+ * udev_device_ref:
+ * @udev_device: udev device
+ *
+ * Take a reference of a udev device.
+ *
+ * Returns: the passed udev device
+ **/
+_public_ struct udev_device *udev_device_ref(struct udev_device *udev_device)
+{
+        if (udev_device)
+                udev_device->refcount++;
+
+        return udev_device;
+}
+
+/**
+ * udev_device_unref:
+ * @udev_device: udev device
+ *
+ * Drop a reference of a udev device. If the refcount reaches zero,
+ * the resources of the device will be released.
+ *
+ * Returns: #NULL
+ **/
+_public_ struct udev_device *udev_device_unref(struct udev_device *udev_device)
+{
+        if (udev_device && (-- udev_device->refcount) == 0) {
+                sd_device_unref(udev_device->device);
+                udev_device_unref(udev_device->parent);
+
+                udev_list_cleanup(&udev_device->properties);
+                udev_list_cleanup(&udev_device->sysattrs);
+                udev_list_cleanup(&udev_device->tags);
+                udev_list_cleanup(&udev_device->devlinks);
+
+                free(udev_device);
+        }
+
+        return NULL;
+}
+
+/**
+ * udev_device_get_devpath:
+ * @udev_device: udev device
+ *
+ * Retrieve the kernel devpath value of the udev device. The path
+ * does not contain the sys mount point, and starts with a '/'.
+ *
+ * Returns: the devpath of the udev device
+ **/
+_public_ const char *udev_device_get_devpath(struct udev_device *udev_device)
+{
+        const char *devpath;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_devpath(udev_device->device, &devpath);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return devpath;
+}
+
+/**
+ * udev_device_get_syspath:
+ * @udev_device: udev device
+ *
+ * Retrieve the sys path of the udev device. The path is an
+ * absolute path and starts with the sys mount point.
+ *
+ * Returns: the sys path of the udev device
+ **/
+_public_ const char *udev_device_get_syspath(struct udev_device *udev_device)
+{
+        const char *syspath;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_syspath(udev_device->device, &syspath);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return syspath;
+}
+
+/**
+ * udev_device_get_sysname:
+ * @udev_device: udev device
+ *
+ * Get the kernel device name in /sys.
+ *
+ * Returns: the name string of the device device
+ **/
+_public_ const char *udev_device_get_sysname(struct udev_device *udev_device)
+{
+        const char *sysname;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_sysname(udev_device->device, &sysname);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return sysname;
+}
+
+/**
+ * udev_device_get_sysnum:
+ * @udev_device: udev device
+ *
+ * Get the instance number of the device.
+ *
+ * Returns: the trailing number string of the device name
+ **/
+_public_ const char *udev_device_get_sysnum(struct udev_device *udev_device)
+{
+        const char *sysnum;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_sysnum(udev_device->device, &sysnum);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return sysnum;
+}
+
+/**
+ * udev_device_get_devnode:
+ * @udev_device: udev device
+ *
+ * Retrieve the device node file name belonging to the udev device.
+ * The path is an absolute path, and starts with the device directory.
+ *
+ * Returns: the device node file name of the udev device, or #NULL if no device node exists
+ **/
+_public_ const char *udev_device_get_devnode(struct udev_device *udev_device)
+{
+        const char *devnode;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_devname(udev_device->device, &devnode);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return devnode;
+}
+
+/**
+ * udev_device_get_devlinks_list_entry:
+ * @udev_device: udev device
+ *
+ * Retrieve the list of device links pointing to the device file of
+ * the udev device. The next list entry can be retrieved with
+ * udev_list_entry_get_next(), which returns #NULL if no more entries exist.
+ * The devlink path can be retrieved from the list entry by
+ * udev_list_entry_get_name(). The path is an absolute path, and starts with
+ * the device directory.
+ *
+ * Returns: the first entry of the device node link list
+ **/
+_public_ struct udev_list_entry *udev_device_get_devlinks_list_entry(struct udev_device *udev_device)
+{
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        if (device_get_devlinks_generation(udev_device->device) != udev_device->devlinks_generation ||
+            !udev_device->devlinks_read) {
+                const char *devlink;
+
+                udev_list_cleanup(&udev_device->devlinks);
+
+                FOREACH_DEVICE_DEVLINK(udev_device->device, devlink)
+                        udev_list_entry_add(&udev_device->devlinks, devlink, NULL);
+
+                udev_device->devlinks_read = true;
+                udev_device->devlinks_generation = device_get_devlinks_generation(udev_device->device);
+        }
+
+        return udev_list_get_entry(&udev_device->devlinks);
+}
+
+/**
+ * udev_device_get_event_properties_entry:
+ * @udev_device: udev device
+ *
+ * Retrieve the list of key/value device properties of the udev
+ * device. The next list entry can be retrieved with udev_list_entry_get_next(),
+ * which returns #NULL if no more entries exist. The property name
+ * can be retrieved from the list entry by udev_list_entry_get_name(),
+ * the property value by udev_list_entry_get_value().
+ *
+ * Returns: the first entry of the property list
+ **/
+_public_ struct udev_list_entry *udev_device_get_properties_list_entry(struct udev_device *udev_device)
+{
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        if (device_get_properties_generation(udev_device->device) != udev_device->properties_generation ||
+            !udev_device->properties_read) {
+                const char *key, *value;
+
+                udev_list_cleanup(&udev_device->properties);
+
+                FOREACH_DEVICE_PROPERTY(udev_device->device, key, value)
+                        udev_list_entry_add(&udev_device->properties, key, value);
+
+                udev_device->properties_read = true;
+                udev_device->properties_generation = device_get_properties_generation(udev_device->device);
+        }
+
+        return udev_list_get_entry(&udev_device->properties);
+}
+
+/**
+ * udev_device_get_action:
+ * @udev_device: udev device
+ *
+ * This is only valid if the device was received through a monitor. Devices read from
+ * sys do not have an action string. Usual actions are: add, remove, change, online,
+ * offline.
+ *
+ * Returns: the kernel action value, or #NULL if there is no action value available.
+ **/
+_public_ const char *udev_device_get_action(struct udev_device *udev_device) {
+        const char *action = NULL;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_property_value(udev_device->device, "ACTION", &action);
+        if (r < 0 && r != -ENOENT) {
+                errno = -r;
+                return NULL;
+        }
+
+        return action;
+}
+
+/**
+ * udev_device_get_usec_since_initialized:
+ * @udev_device: udev device
+ *
+ * Return the number of microseconds passed since udev set up the
+ * device for the first time.
+ *
+ * This is only implemented for devices with need to store properties
+ * in the udev database. All other devices return 0 here.
+ *
+ * Returns: the number of microseconds since the device was first seen.
+ **/
+_public_ unsigned long long int udev_device_get_usec_since_initialized(struct udev_device *udev_device)
+{
+        usec_t ts;
+        int r;
+
+        assert_return(udev_device, -EINVAL);
+
+        r = sd_device_get_usec_since_initialized(udev_device->device, &ts);
+        if (r < 0) {
+                errno = EINVAL;
+                return 0;
+        }
+
+        return ts;
+}
+
+/**
+ * udev_device_get_sysattr_value:
+ * @udev_device: udev device
+ * @sysattr: attribute name
+ *
+ * The retrieved value is cached in the device. Repeated calls will return the same
+ * value and not open the attribute again.
+ *
+ * Returns: the content of a sys attribute file, or #NULL if there is no sys attribute value.
+ **/
+_public_ const char *udev_device_get_sysattr_value(struct udev_device *udev_device, const char *sysattr)
+{
+        const char *value;
+        int r;
+
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        r = sd_device_get_sysattr_value(udev_device->device, sysattr, &value);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        return value;
+}
+
+/**
+ * udev_device_set_sysattr_value:
+ * @udev_device: udev device
+ * @sysattr: attribute name
+ * @value: new value to be set
+ *
+ * Update the contents of the sys attribute and the cached value of the device.
+ *
+ * Returns: Negative error code on failure or 0 on success.
+ **/
+_public_ int udev_device_set_sysattr_value(struct udev_device *udev_device, const char *sysattr, char *value)
+{
+        int r;
+
+        assert_return(udev_device, -EINVAL);
+
+        r = sd_device_set_sysattr_value(udev_device->device, sysattr, value);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+/**
+ * udev_device_get_sysattr_list_entry:
+ * @udev_device: udev device
+ *
+ * Retrieve the list of available sysattrs, with value being empty;
+ * This just return all available sysfs attributes for a particular
+ * device without reading their values.
+ *
+ * Returns: the first entry of the property list
+ **/
+_public_ struct udev_list_entry *udev_device_get_sysattr_list_entry(struct udev_device *udev_device)
+{
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        if (!udev_device->sysattrs_read) {
+                const char *sysattr;
+
+                udev_list_cleanup(&udev_device->sysattrs);
+
+                FOREACH_DEVICE_SYSATTR(udev_device->device, sysattr)
+                        udev_list_entry_add(&udev_device->sysattrs, sysattr, NULL);
+
+                udev_device->sysattrs_read = true;
+        }
+
+        return udev_list_get_entry(&udev_device->sysattrs);
+}
+
+/**
+ * udev_device_get_is_initialized:
+ * @udev_device: udev device
+ *
+ * Check if udev has already handled the device and has set up
+ * device node permissions and context, or has renamed a network
+ * device.
+ *
+ * This is only implemented for devices with a device node
+ * or network interfaces. All other devices return 1 here.
+ *
+ * Returns: 1 if the device is set up. 0 otherwise.
+ **/
+_public_ int udev_device_get_is_initialized(struct udev_device *udev_device)
+{
+        int r, initialized;
+
+        assert_return(udev_device, -EINVAL);
+
+        r = sd_device_get_is_initialized(udev_device->device, &initialized);
+        if (r < 0) {
+                errno = -r;
+
+                return 0;
+        }
+
+        return initialized;
+}
+
+/**
+ * udev_device_get_tags_list_entry:
+ * @udev_device: udev device
+ *
+ * Retrieve the list of tags attached to the udev device. The next
+ * list entry can be retrieved with udev_list_entry_get_next(),
+ * which returns #NULL if no more entries exist. The tag string
+ * can be retrieved from the list entry by udev_list_entry_get_name().
+ *
+ * Returns: the first entry of the tag list
+ **/
+_public_ struct udev_list_entry *udev_device_get_tags_list_entry(struct udev_device *udev_device)
+{
+        assert_return_errno(udev_device, NULL, EINVAL);
+
+        if (device_get_tags_generation(udev_device->device) != udev_device->tags_generation ||
+            !udev_device->tags_read) {
+                const char *tag;
+
+                udev_list_cleanup(&udev_device->tags);
+
+                FOREACH_DEVICE_TAG(udev_device->device, tag)
+                        udev_list_entry_add(&udev_device->tags, tag, NULL);
+
+                udev_device->tags_read = true;
+                udev_device->tags_generation = device_get_tags_generation(udev_device->device);
+        }
+
+        return udev_list_get_entry(&udev_device->tags);
+}
+
+/**
+ * udev_device_has_tag:
+ * @udev_device: udev device
+ * @tag: tag name
+ *
+ * Check if a given device has a certain tag associated.
+ *
+ * Returns: 1 if the tag is found. 0 otherwise.
+ **/
+_public_ int udev_device_has_tag(struct udev_device *udev_device, const char *tag)
+{
+        assert_return(udev_device, 0);
+
+        return sd_device_has_tag(udev_device->device, tag);
+}
diff --git a/src/libudev/src/libudev-enumerate.c b/src/libudev/src/libudev-enumerate.c
new file mode 100644
index 0000000000..9910cea957
--- /dev/null
+++ b/src/libudev/src/libudev-enumerate.c
@@ -0,0 +1,419 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2008-2012 Kay Sievers <kay@vrfy.org>
+  Copyright 2015 Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <dirent.h>
+#include <errno.h>
+#include <fnmatch.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include "libudev.h"
+#include <systemd/sd-device.h>
+
+#include "alloc-util.h"
+#include "device-enumerator-private.h"
+#include "device-util.h"
+#include "libudev-device-internal.h"
+
+/**
+ * SECTION:libudev-enumerate
+ * @short_description: lookup and sort sys devices
+ *
+ * Lookup devices in the sys filesystem, filter devices by properties,
+ * and return a sorted list of devices.
+ */
+
+/**
+ * udev_enumerate:
+ *
+ * Opaque object representing one device lookup/sort context.
+ */
+struct udev_enumerate {
+        struct udev *udev;
+        int refcount;
+        struct udev_list devices_list;
+        bool devices_uptodate:1;
+
+        sd_device_enumerator *enumerator;
+};
+
+/**
+ * udev_enumerate_new:
+ * @udev: udev library context
+ *
+ * Create an enumeration context to scan /sys.
+ *
+ * Returns: an enumeration context.
+ **/
+_public_ struct udev_enumerate *udev_enumerate_new(struct udev *udev) {
+        _cleanup_free_ struct udev_enumerate *udev_enumerate = NULL;
+        struct udev_enumerate *ret;
+        int r;
+
+        assert_return_errno(udev, NULL, EINVAL);
+
+        udev_enumerate = new0(struct udev_enumerate, 1);
+        if (!udev_enumerate) {
+                errno = ENOMEM;
+                return NULL;
+        }
+
+        r = sd_device_enumerator_new(&udev_enumerate->enumerator);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        r = sd_device_enumerator_allow_uninitialized(udev_enumerate->enumerator);
+        if (r < 0) {
+                errno = -r;
+                return NULL;
+        }
+
+        udev_enumerate->refcount = 1;
+        udev_enumerate->udev = udev;
+
+        udev_list_init(udev, &udev_enumerate->devices_list, false);
+
+        ret = udev_enumerate;
+        udev_enumerate = NULL;
+
+        return ret;
+}
+
+/**
+ * udev_enumerate_ref:
+ * @udev_enumerate: context
+ *
+ * Take a reference of a enumeration context.
+ *
+ * Returns: the passed enumeration context
+ **/
+_public_ struct udev_enumerate *udev_enumerate_ref(struct udev_enumerate *udev_enumerate) {
+        if (udev_enumerate)
+                udev_enumerate->refcount++;
+
+        return udev_enumerate;
+}
+
+/**
+ * udev_enumerate_unref:
+ * @udev_enumerate: context
+ *
+ * Drop a reference of an enumeration context. If the refcount reaches zero,
+ * all resources of the enumeration context will be released.
+ *
+ * Returns: #NULL
+ **/
+_public_ struct udev_enumerate *udev_enumerate_unref(struct udev_enumerate *udev_enumerate) {
+        if (udev_enumerate && (-- udev_enumerate->refcount) == 0) {
+                udev_list_cleanup(&udev_enumerate->devices_list);
+                sd_device_enumerator_unref(udev_enumerate->enumerator);
+                free(udev_enumerate);
+        }
+
+        return NULL;
+}
+
+/**
+ * udev_enumerate_get_udev:
+ * @udev_enumerate: context
+ *
+ * Get the udev library context.
+ *
+ * Returns: a pointer to the context.
+ */
+_public_ struct udev *udev_enumerate_get_udev(struct udev_enumerate *udev_enumerate) {
+        assert_return_errno(udev_enumerate, NULL, EINVAL);
+
+        return udev_enumerate->udev;
+}
+
+/**
+ * udev_enumerate_get_list_entry:
+ * @udev_enumerate: context
+ *
+ * Get the first entry of the sorted list of device paths.
+ *
+ * Returns: a udev_list_entry.
+ */
+_public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enumerate *udev_enumerate) {
+        assert_return_errno(udev_enumerate, NULL, EINVAL);
+
+        if (!udev_enumerate->devices_uptodate) {
+                sd_device *device;
+
+                udev_list_cleanup(&udev_enumerate->devices_list);
+
+                FOREACH_DEVICE_AND_SUBSYSTEM(udev_enumerate->enumerator, device) {
+                        const char *syspath;
+                        int r;
+
+                        r = sd_device_get_syspath(device, &syspath);
+                        if (r < 0) {
+                                errno = -r;
+                                return NULL;
+                        }
+
+                        udev_list_entry_add(&udev_enumerate->devices_list, syspath, NULL);
+                }
+
+                udev_enumerate->devices_uptodate = true;
+        }
+
+        return udev_list_get_entry(&udev_enumerate->devices_list);
+}
+
+/**
+ * udev_enumerate_add_match_subsystem:
+ * @udev_enumerate: context
+ * @subsystem: filter for a subsystem of the device to include in the list
+ *
+ * Match only devices belonging to a certain kernel subsystem.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_match_subsystem(struct udev_enumerate *udev_enumerate, const char *subsystem) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!subsystem)
+                return 0;
+
+        return sd_device_enumerator_add_match_subsystem(udev_enumerate->enumerator, subsystem, true);
+}
+
+/**
+ * udev_enumerate_add_nomatch_subsystem:
+ * @udev_enumerate: context
+ * @subsystem: filter for a subsystem of the device to exclude from the list
+ *
+ * Match only devices not belonging to a certain kernel subsystem.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_nomatch_subsystem(struct udev_enumerate *udev_enumerate, const char *subsystem) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!subsystem)
+                return 0;
+
+        return sd_device_enumerator_add_match_subsystem(udev_enumerate->enumerator, subsystem, false);
+}
+
+/**
+ * udev_enumerate_add_match_sysattr:
+ * @udev_enumerate: context
+ * @sysattr: filter for a sys attribute at the device to include in the list
+ * @value: optional value of the sys attribute
+ *
+ * Match only devices with a certain /sys device attribute.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_match_sysattr(struct udev_enumerate *udev_enumerate, const char *sysattr, const char *value) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!sysattr)
+                return 0;
+
+        return sd_device_enumerator_add_match_sysattr(udev_enumerate->enumerator, sysattr, value, true);
+}
+
+/**
+ * udev_enumerate_add_nomatch_sysattr:
+ * @udev_enumerate: context
+ * @sysattr: filter for a sys attribute at the device to exclude from the list
+ * @value: optional value of the sys attribute
+ *
+ * Match only devices not having a certain /sys device attribute.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_nomatch_sysattr(struct udev_enumerate *udev_enumerate, const char *sysattr, const char *value) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!sysattr)
+                return 0;
+
+        return sd_device_enumerator_add_match_sysattr(udev_enumerate->enumerator, sysattr, value, false);
+}
+
+/**
+ * udev_enumerate_add_match_property:
+ * @udev_enumerate: context
+ * @property: filter for a property of the device to include in the list
+ * @value: value of the property
+ *
+ * Match only devices with a certain property.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_match_property(struct udev_enumerate *udev_enumerate, const char *property, const char *value) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!property)
+                return 0;
+
+        return sd_device_enumerator_add_match_property(udev_enumerate->enumerator, property, value);
+}
+
+/**
+ * udev_enumerate_add_match_tag:
+ * @udev_enumerate: context
+ * @tag: filter for a tag of the device to include in the list
+ *
+ * Match only devices with a certain tag.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_match_tag(struct udev_enumerate *udev_enumerate, const char *tag) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!tag)
+                return 0;
+
+        return sd_device_enumerator_add_match_tag(udev_enumerate->enumerator, tag);
+}
+
+/**
+ * udev_enumerate_add_match_parent:
+ * @udev_enumerate: context
+ * @parent: parent device where to start searching
+ *
+ * Return the devices on the subtree of one given device. The parent
+ * itself is included in the list.
+ *
+ * A reference for the device is held until the udev_enumerate context
+ * is cleaned up.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_match_parent(struct udev_enumerate *udev_enumerate, struct udev_device *parent) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!parent)
+                return 0;
+
+        return sd_device_enumerator_add_match_parent(udev_enumerate->enumerator, parent->device);
+}
+
+/**
+ * udev_enumerate_add_match_is_initialized:
+ * @udev_enumerate: context
+ *
+ * Match only devices which udev has set up already. This makes
+ * sure, that the device node permissions and context are properly set
+ * and that network devices are fully renamed.
+ *
+ * Usually, devices which are found in the kernel but not already
+ * handled by udev, have still pending events. Services should subscribe
+ * to monitor events and wait for these devices to become ready, instead
+ * of using uninitialized devices.
+ *
+ * For now, this will not affect devices which do not have a device node
+ * and are not network interfaces.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_match_is_initialized(struct udev_enumerate *udev_enumerate) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        return device_enumerator_add_match_is_initialized(udev_enumerate->enumerator);
+}
+
+/**
+ * udev_enumerate_add_match_sysname:
+ * @udev_enumerate: context
+ * @sysname: filter for the name of the device to include in the list
+ *
+ * Match only devices with a given /sys device name.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_match_sysname(struct udev_enumerate *udev_enumerate, const char *sysname) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!sysname)
+                return 0;
+
+        return sd_device_enumerator_add_match_sysname(udev_enumerate->enumerator, sysname);
+}
+
+/**
+ * udev_enumerate_add_syspath:
+ * @udev_enumerate: context
+ * @syspath: path of a device
+ *
+ * Add a device to the list of devices, to retrieve it back sorted in dependency order.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ */
+_public_ int udev_enumerate_add_syspath(struct udev_enumerate *udev_enumerate, const char *syspath) {
+        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+        int r;
+
+        assert_return(udev_enumerate, -EINVAL);
+
+        if (!syspath)
+                return 0;
+
+        r = sd_device_new_from_syspath(&device, syspath);
+        if (r < 0)
+                return r;
+
+        r = device_enumerator_add_device(udev_enumerate->enumerator, device);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+/**
+ * udev_enumerate_scan_devices:
+ * @udev_enumerate: udev enumeration context
+ *
+ * Scan /sys for all devices which match the given filters. No matches
+ * will return all currently available devices.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ **/
+_public_ int udev_enumerate_scan_devices(struct udev_enumerate *udev_enumerate) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        return device_enumerator_scan_devices(udev_enumerate->enumerator);
+}
+
+/**
+ * udev_enumerate_scan_subsystems:
+ * @udev_enumerate: udev enumeration context
+ *
+ * Scan /sys for all kernel subsystems, including buses, classes, drivers.
+ *
+ * Returns: 0 on success, otherwise a negative error value.
+ **/
+_public_ int udev_enumerate_scan_subsystems(struct udev_enumerate *udev_enumerate) {
+        assert_return(udev_enumerate, -EINVAL);
+
+        return device_enumerator_scan_subsystems(udev_enumerate->enumerator);
+}
diff --git a/src/libudev/src/libudev-hwdb.c b/src/libudev/src/libudev-hwdb.c
new file mode 100644
index 0000000000..8c4b488086
--- /dev/null
+++ b/src/libudev/src/libudev-hwdb.c
@@ -0,0 +1,146 @@
+/***
+  This file is part of systemd.
+
+  Copyright Tom Gundersen <teg@jklm.no>
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-hwdb.h>
+
+#include "alloc-util.h"
+#include "hwdb-util.h"
+#include "libudev-private.h"
+
+/**
+ * SECTION:libudev-hwdb
+ * @short_description: retrieve properties from the hardware database
+ *
+ * Libudev hardware database interface.
+ */
+
+/**
+ * udev_hwdb:
+ *
+ * Opaque object representing the hardware database.
+ */
+struct udev_hwdb {
+        struct udev *udev;
+        int refcount;
+
+        sd_hwdb *hwdb;
+
+        struct udev_list properties_list;
+};
+
+/**
+ * udev_hwdb_new:
+ * @udev: udev library context
+ *
+ * Create a hardware database context to query properties for devices.
+ *
+ * Returns: a hwdb context.
+ **/
+_public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) {
+        _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb_internal = NULL;
+        struct udev_hwdb *hwdb;
+        int r;
+
+        assert_return(udev, NULL);
+
+        r = sd_hwdb_new(&hwdb_internal);
+        if (r < 0)
+                return NULL;
+
+        hwdb = new0(struct udev_hwdb, 1);
+        if (!hwdb)
+                return NULL;
+
+        hwdb->refcount = 1;
+        hwdb->hwdb = hwdb_internal;
+        hwdb_internal = NULL;
+
+        udev_list_init(udev, &hwdb->properties_list, true);
+
+        return hwdb;
+}
+
+/**
+ * udev_hwdb_ref:
+ * @hwdb: context
+ *
+ * Take a reference of a hwdb context.
+ *
+ * Returns: the passed enumeration context
+ **/
+_public_ struct udev_hwdb *udev_hwdb_ref(struct udev_hwdb *hwdb) {
+        if (!hwdb)
+                return NULL;
+        hwdb->refcount++;
+        return hwdb;
+}
+
+/**
+ * udev_hwdb_unref:
+ * @hwdb: context
+ *
+ * Drop a reference of a hwdb context. If the refcount reaches zero,
+ * all resources of the hwdb context will be released.
+ *
+ * Returns: #NULL
+ **/
+_public_ struct udev_hwdb *udev_hwdb_unref(struct udev_hwdb *hwdb) {
+        if (!hwdb)
+                return NULL;
+        hwdb->refcount--;
+        if (hwdb->refcount > 0)
+                return NULL;
+        sd_hwdb_unref(hwdb->hwdb);
+        udev_list_cleanup(&hwdb->properties_list);
+        free(hwdb);
+        return NULL;
+}
+
+/**
+ * udev_hwdb_get_properties_list_entry:
+ * @hwdb: context
+ * @modalias: modalias string
+ * @flags: (unused)
+ *
+ * Lookup a matching device in the hardware database. The lookup key is a
+ * modalias string, whose formats are defined for the Linux kernel modules.
+ * Examples are: pci:v00008086d00001C2D*, usb:v04F2pB221*. The first entry
+ * of a list of retrieved properties is returned.
+ *
+ * Returns: a udev_list_entry.
+ */
+_public_ struct udev_list_entry *udev_hwdb_get_properties_list_entry(struct udev_hwdb *hwdb, const char *modalias, unsigned int flags) {
+        const char *key, *value;
+
+        if (!hwdb || !modalias) {
+                errno = EINVAL;
+                return NULL;
+        }
+
+        udev_list_cleanup(&hwdb->properties_list);
+
+        SD_HWDB_FOREACH_PROPERTY(hwdb->hwdb, modalias, key, value) {
+                if (udev_list_entry_add(&hwdb->properties_list, key, value) == NULL) {
+                        errno = ENOMEM;
+                        return NULL;
+                }
+        }
+
+        return udev_list_get_entry(&hwdb->properties_list);
+}
diff --git a/src/libudev/libudev-list.c b/src/libudev/src/libudev-list.c
index da496ed456..da496ed456 100644
--- a/src/libudev/libudev-list.c
+++ b/src/libudev/src/libudev-list.c
diff --git a/src/libudev/libudev-monitor.c b/src/libudev/src/libudev-monitor.c
index f870eba9eb..f870eba9eb 100644
--- a/src/libudev/libudev-monitor.c
+++ b/src/libudev/src/libudev-monitor.c
diff --git a/src/libudev/libudev-private.h b/src/libudev/src/libudev-private.h
index 52c5075110..52c5075110 100644
--- a/src/libudev/libudev-private.h
+++ b/src/libudev/src/libudev-private.h
diff --git a/src/libudev/libudev-queue.c b/src/libudev/src/libudev-queue.c
index e3dffa6925..e3dffa6925 100644
--- a/src/libudev/libudev-queue.c
+++ b/src/libudev/src/libudev-queue.c
diff --git a/src/libudev/libudev-util.c b/src/libudev/src/libudev-util.c
index 574cfeac85..574cfeac85 100644
--- a/src/libudev/libudev-util.c
+++ b/src/libudev/src/libudev-util.c
diff --git a/src/libudev/libudev.c b/src/libudev/src/libudev.c
index 63fb05547d..63fb05547d 100644
--- a/src/libudev/libudev.c
+++ b/src/libudev/src/libudev.c
diff --git a/src/libudev/libudev.pc.in b/src/libudev/src/libudev.pc.in
index a0f3f524e0..a0f3f524e0 100644
--- a/src/libudev/libudev.pc.in
+++ b/src/libudev/src/libudev.pc.in
diff --git a/src/libudev/libudev.sym b/src/libudev/src/libudev.sym
index 76726fca77..76726fca77 100644
--- a/src/libudev/libudev.sym
+++ b/src/libudev/src/libudev.sym
diff --git a/src/libudev/src/udev.h b/src/libudev/src/udev.h
new file mode 100644
index 0000000000..00de88972a
--- /dev/null
+++ b/src/libudev/src/udev.h
@@ -0,0 +1,216 @@
+#pragma once
+
+/*
+ * Copyright (C) 2003 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2003-2010 Kay Sievers <kay@vrfy.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/param.h>
+#include <sys/sysmacros.h>
+#include <sys/types.h>
+
+#include "libudev.h"
+#include <systemd/sd-netlink.h>
+
+#include "label.h"
+#include "libudev-private.h"
+#include "macro.h"
+#include "strv.h"
+#include "util.h"
+
+struct udev_event {
+        struct udev *udev;
+        struct udev_device *dev;
+        struct udev_device *dev_parent;
+        struct udev_device *dev_db;
+        char *name;
+        char *program_result;
+        mode_t mode;
+        uid_t uid;
+        gid_t gid;
+        struct udev_list seclabel_list;
+        struct udev_list run_list;
+        int exec_delay;
+        usec_t birth_usec;
+        sd_netlink *rtnl;
+        unsigned int builtin_run;
+        unsigned int builtin_ret;
+        bool inotify_watch;
+        bool inotify_watch_final;
+        bool group_set;
+        bool group_final;
+        bool owner_set;
+        bool owner_final;
+        bool mode_set;
+        bool mode_final;
+        bool name_final;
+        bool devlink_final;
+        bool run_final;
+};
+
+struct udev_watch {
+        struct udev_list_node node;
+        int handle;
+        char *name;
+};
+
+/* udev-rules.c */
+struct udev_rules;
+struct udev_rules *udev_rules_new(struct udev *udev, int resolve_names);
+struct udev_rules *udev_rules_unref(struct udev_rules *rules);
+bool udev_rules_check_timestamp(struct udev_rules *rules);
+void udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event,
+                               usec_t timeout_usec, usec_t timeout_warn_usec,
+                               struct udev_list *properties_list);
+int udev_rules_apply_static_dev_perms(struct udev_rules *rules);
+
+/* udev-event.c */
+struct udev_event *udev_event_new(struct udev_device *dev);
+void udev_event_unref(struct udev_event *event);
+size_t udev_event_apply_format(struct udev_event *event, const char *src, char *dest, size_t size);
+int udev_event_apply_subsys_kernel(struct udev_event *event, const char *string,
+                                   char *result, size_t maxsize, int read_value);
+int udev_event_spawn(struct udev_event *event,
+                     usec_t timeout_usec,
+                     usec_t timeout_warn_usec,
+                     bool accept_failure,
+                     const char *cmd, char *result, size_t ressize);
+void udev_event_execute_rules(struct udev_event *event,
+                              usec_t timeout_usec, usec_t timeout_warn_usec,
+                              struct udev_list *properties_list,
+                              struct udev_rules *rules);
+void udev_event_execute_run(struct udev_event *event, usec_t timeout_usec, usec_t timeout_warn_usec);
+int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]);
+
+/* udev-watch.c */
+int udev_watch_init(struct udev *udev);
+void udev_watch_restore(struct udev *udev);
+void udev_watch_begin(struct udev *udev, struct udev_device *dev);
+void udev_watch_end(struct udev *udev, struct udev_device *dev);
+struct udev_device *udev_watch_lookup(struct udev *udev, int wd);
+
+/* udev-node.c */
+void udev_node_add(struct udev_device *dev, bool apply,
+                   mode_t mode, uid_t uid, gid_t gid,
+                   struct udev_list *seclabel_list);
+void udev_node_remove(struct udev_device *dev);
+void udev_node_update_old_links(struct udev_device *dev, struct udev_device *dev_old);
+
+/* udev-ctrl.c */
+struct udev_ctrl;
+struct udev_ctrl *udev_ctrl_new(struct udev *udev);
+struct udev_ctrl *udev_ctrl_new_from_fd(struct udev *udev, int fd);
+int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl);
+struct udev_ctrl *udev_ctrl_unref(struct udev_ctrl *uctrl);
+int udev_ctrl_cleanup(struct udev_ctrl *uctrl);
+struct udev *udev_ctrl_get_udev(struct udev_ctrl *uctrl);
+int udev_ctrl_get_fd(struct udev_ctrl *uctrl);
+int udev_ctrl_send_set_log_level(struct udev_ctrl *uctrl, int priority, int timeout);
+int udev_ctrl_send_stop_exec_queue(struct udev_ctrl *uctrl, int timeout);
+int udev_ctrl_send_start_exec_queue(struct udev_ctrl *uctrl, int timeout);
+int udev_ctrl_send_reload(struct udev_ctrl *uctrl, int timeout);
+int udev_ctrl_send_ping(struct udev_ctrl *uctrl, int timeout);
+int udev_ctrl_send_exit(struct udev_ctrl *uctrl, int timeout);
+int udev_ctrl_send_set_env(struct udev_ctrl *uctrl, const char *key, int timeout);
+int udev_ctrl_send_set_children_max(struct udev_ctrl *uctrl, int count, int timeout);
+struct udev_ctrl_connection;
+struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl);
+struct udev_ctrl_connection *udev_ctrl_connection_ref(struct udev_ctrl_connection *conn);
+struct udev_ctrl_connection *udev_ctrl_connection_unref(struct udev_ctrl_connection *conn);
+struct udev_ctrl_msg;
+struct udev_ctrl_msg *udev_ctrl_receive_msg(struct udev_ctrl_connection *conn);
+struct udev_ctrl_msg *udev_ctrl_msg_unref(struct udev_ctrl_msg *ctrl_msg);
+int udev_ctrl_get_set_log_level(struct udev_ctrl_msg *ctrl_msg);
+int udev_ctrl_get_stop_exec_queue(struct udev_ctrl_msg *ctrl_msg);
+int udev_ctrl_get_start_exec_queue(struct udev_ctrl_msg *ctrl_msg);
+int udev_ctrl_get_reload(struct udev_ctrl_msg *ctrl_msg);
+int udev_ctrl_get_ping(struct udev_ctrl_msg *ctrl_msg);
+int udev_ctrl_get_exit(struct udev_ctrl_msg *ctrl_msg);
+const char *udev_ctrl_get_set_env(struct udev_ctrl_msg *ctrl_msg);
+int udev_ctrl_get_set_children_max(struct udev_ctrl_msg *ctrl_msg);
+
+/* built-in commands */
+enum udev_builtin_cmd {
+#ifdef HAVE_BLKID
+        UDEV_BUILTIN_BLKID,
+#endif
+        UDEV_BUILTIN_BTRFS,
+        UDEV_BUILTIN_HWDB,
+        UDEV_BUILTIN_INPUT_ID,
+        UDEV_BUILTIN_KEYBOARD,
+#ifdef HAVE_KMOD
+        UDEV_BUILTIN_KMOD,
+#endif
+        UDEV_BUILTIN_NET_ID,
+        UDEV_BUILTIN_NET_LINK,
+        UDEV_BUILTIN_PATH_ID,
+        UDEV_BUILTIN_USB_ID,
+#ifdef HAVE_ACL
+        UDEV_BUILTIN_UACCESS,
+#endif
+        UDEV_BUILTIN_MAX
+};
+struct udev_builtin {
+        const char *name;
+        int (*cmd)(struct udev_device *dev, int argc, char *argv[], bool test);
+        const char *help;
+        int (*init)(struct udev *udev);
+        void (*exit)(struct udev *udev);
+        bool (*validate)(struct udev *udev);
+        bool run_once;
+};
+#ifdef HAVE_BLKID
+extern const struct udev_builtin udev_builtin_blkid;
+#endif
+extern const struct udev_builtin udev_builtin_btrfs;
+extern const struct udev_builtin udev_builtin_hwdb;
+extern const struct udev_builtin udev_builtin_input_id;
+extern const struct udev_builtin udev_builtin_keyboard;
+#ifdef HAVE_KMOD
+extern const struct udev_builtin udev_builtin_kmod;
+#endif
+extern const struct udev_builtin udev_builtin_net_id;
+extern const struct udev_builtin udev_builtin_net_setup_link;
+extern const struct udev_builtin udev_builtin_path_id;
+extern const struct udev_builtin udev_builtin_usb_id;
+extern const struct udev_builtin udev_builtin_uaccess;
+void udev_builtin_init(struct udev *udev);
+void udev_builtin_exit(struct udev *udev);
+enum udev_builtin_cmd udev_builtin_lookup(const char *command);
+const char *udev_builtin_name(enum udev_builtin_cmd cmd);
+bool udev_builtin_run_once(enum udev_builtin_cmd cmd);
+int udev_builtin_run(struct udev_device *dev, enum udev_builtin_cmd cmd, const char *command, bool test);
+void udev_builtin_list(struct udev *udev);
+bool udev_builtin_validate(struct udev *udev);
+int udev_builtin_add_property(struct udev_device *dev, bool test, const char *key, const char *val);
+int udev_builtin_hwdb_lookup(struct udev_device *dev, const char *prefix, const char *modalias,
+                             const char *filter, bool test);
+
+/* udevadm commands */
+struct udevadm_cmd {
+        const char *name;
+        int (*cmd)(struct udev *udev, int argc, char *argv[]);
+        const char *help;
+        int debug;
+};
+extern const struct udevadm_cmd udevadm_info;
+extern const struct udevadm_cmd udevadm_trigger;
+extern const struct udevadm_cmd udevadm_settle;
+extern const struct udevadm_cmd udevadm_control;
+extern const struct udevadm_cmd udevadm_monitor;
+extern const struct udevadm_cmd udevadm_hwdb;
+extern const struct udevadm_cmd udevadm_test;
+extern const struct udevadm_cmd udevadm_test_builtin;
diff --git a/src/locale/Makefile b/src/locale/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/locale/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/locale/localectl.c b/src/locale/localectl.c
deleted file mode 100644
index 4865335349..0000000000
--- a/src/locale/localectl.c
+++ /dev/null
@@ -1,682 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-  Copyright 2013 Kay Sievers
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <ftw.h>
-#include <getopt.h>
-#include <locale.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "sd-bus.h"
-
-#include "bus-error.h"
-#include "bus-util.h"
-#include "def.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "locale-util.h"
-#include "pager.h"
-#include "set.h"
-#include "spawn-polkit-agent.h"
-#include "strv.h"
-#include "util.h"
-#include "virt.h"
-
-static bool arg_no_pager = false;
-static bool arg_ask_password = true;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static char *arg_host = NULL;
-static bool arg_convert = true;
-
-static void polkit_agent_open_if_enabled(void) {
-
-        /* Open the polkit agent as a child process if necessary */
-        if (!arg_ask_password)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        polkit_agent_open();
-}
-
-typedef struct StatusInfo {
-        char **locale;
-        char *vconsole_keymap;
-        char *vconsole_keymap_toggle;
-        char *x11_layout;
-        char *x11_model;
-        char *x11_variant;
-        char *x11_options;
-} StatusInfo;
-
-static void status_info_clear(StatusInfo *info) {
-        if (info) {
-                strv_free(info->locale);
-                free(info->vconsole_keymap);
-                free(info->vconsole_keymap_toggle);
-                free(info->x11_layout);
-                free(info->x11_model);
-                free(info->x11_variant);
-                free(info->x11_options);
-                zero(*info);
-        }
-}
-
-static void print_overridden_variables(void) {
-        int r;
-        char *variables[_VARIABLE_LC_MAX] = {};
-        LocaleVariable j;
-        bool print_warning = true;
-
-        if (detect_container() > 0 || arg_host)
-                return;
-
-        r = parse_env_file("/proc/cmdline", WHITESPACE,
-                           "locale.LANG",              &variables[VARIABLE_LANG],
-                           "locale.LANGUAGE",          &variables[VARIABLE_LANGUAGE],
-                           "locale.LC_CTYPE",          &variables[VARIABLE_LC_CTYPE],
-                           "locale.LC_NUMERIC",        &variables[VARIABLE_LC_NUMERIC],
-                           "locale.LC_TIME",           &variables[VARIABLE_LC_TIME],
-                           "locale.LC_COLLATE",        &variables[VARIABLE_LC_COLLATE],
-                           "locale.LC_MONETARY",       &variables[VARIABLE_LC_MONETARY],
-                           "locale.LC_MESSAGES",       &variables[VARIABLE_LC_MESSAGES],
-                           "locale.LC_PAPER",          &variables[VARIABLE_LC_PAPER],
-                           "locale.LC_NAME",           &variables[VARIABLE_LC_NAME],
-                           "locale.LC_ADDRESS",        &variables[VARIABLE_LC_ADDRESS],
-                           "locale.LC_TELEPHONE",      &variables[VARIABLE_LC_TELEPHONE],
-                           "locale.LC_MEASUREMENT",    &variables[VARIABLE_LC_MEASUREMENT],
-                           "locale.LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION],
-                           NULL);
-
-        if (r < 0 && r != -ENOENT) {
-                log_warning_errno(r, "Failed to read /proc/cmdline: %m");
-                goto finish;
-        }
-
-        for (j = 0; j < _VARIABLE_LC_MAX; j++)
-                if (variables[j]) {
-                        if (print_warning) {
-                                log_warning("Warning: Settings on kernel command line override system locale settings in /etc/locale.conf.\n"
-                                            "    Command Line: %s=%s", locale_variable_to_string(j), variables[j]);
-
-                                print_warning = false;
-                        } else
-                                log_warning("                  %s=%s", locale_variable_to_string(j), variables[j]);
-                }
- finish:
-        for (j = 0; j < _VARIABLE_LC_MAX; j++)
-                free(variables[j]);
-}
-
-static void print_status_info(StatusInfo *i) {
-        assert(i);
-
-        if (strv_isempty(i->locale))
-                puts("   System Locale: n/a");
-        else {
-                char **j;
-
-                printf("   System Locale: %s\n", i->locale[0]);
-                STRV_FOREACH(j, i->locale + 1)
-                        printf("                  %s\n", *j);
-        }
-
-        printf("       VC Keymap: %s\n", strna(i->vconsole_keymap));
-        if (!isempty(i->vconsole_keymap_toggle))
-                printf("VC Toggle Keymap: %s\n", i->vconsole_keymap_toggle);
-
-        printf("      X11 Layout: %s\n", strna(i->x11_layout));
-        if (!isempty(i->x11_model))
-                printf("       X11 Model: %s\n", i->x11_model);
-        if (!isempty(i->x11_variant))
-                printf("     X11 Variant: %s\n", i->x11_variant);
-        if (!isempty(i->x11_options))
-                printf("     X11 Options: %s\n", i->x11_options);
-}
-
-static int show_status(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(status_info_clear) StatusInfo info = {};
-        static const struct bus_properties_map map[]  = {
-                { "VConsoleKeymap",       "s",  NULL, offsetof(StatusInfo, vconsole_keymap) },
-                { "VConsoleKeymap",       "s",  NULL, offsetof(StatusInfo, vconsole_keymap) },
-                { "VConsoleKeymapToggle", "s",  NULL, offsetof(StatusInfo, vconsole_keymap_toggle) },
-                { "X11Layout",            "s",  NULL, offsetof(StatusInfo, x11_layout) },
-                { "X11Model",             "s",  NULL, offsetof(StatusInfo, x11_model) },
-                { "X11Variant",           "s",  NULL, offsetof(StatusInfo, x11_variant) },
-                { "X11Options",           "s",  NULL, offsetof(StatusInfo, x11_options) },
-                { "Locale",               "as", NULL, offsetof(StatusInfo, locale) },
-                {}
-        };
-        int r;
-
-        assert(bus);
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.locale1",
-                                   "/org/freedesktop/locale1",
-                                   map,
-                                   &info);
-        if (r < 0)
-                return log_error_errno(r, "Could not get properties: %m");
-
-        print_overridden_variables();
-        print_status_info(&info);
-
-        return r;
-}
-
-static int set_locale(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(args);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.locale1",
-                        "/org/freedesktop/locale1",
-                        "org.freedesktop.locale1",
-                        "SetLocale");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_strv(m, args + 1);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(m, "b", arg_ask_password);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, m, 0, &error, NULL);
-        if (r < 0) {
-                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int list_locales(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_strv_free_ char **l = NULL;
-        int r;
-
-        assert(args);
-
-        r = get_locales(&l);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read list of locales: %m");
-
-        pager_open(arg_no_pager, false);
-        strv_print(l);
-
-        return 0;
-}
-
-static int set_vconsole_keymap(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *map, *toggle_map;
-        int r;
-
-        assert(bus);
-        assert(args);
-
-        if (n > 3) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        polkit_agent_open_if_enabled();
-
-        map = args[1];
-        toggle_map = n > 2 ? args[2] : "";
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.locale1",
-                        "/org/freedesktop/locale1",
-                        "org.freedesktop.locale1",
-                        "SetVConsoleKeyboard",
-                        &error,
-                        NULL,
-                        "ssbb", map, toggle_map, arg_convert, arg_ask_password);
-        if (r < 0)
-                log_error("Failed to set keymap: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static Set *keymaps = NULL;
-
-static int nftw_cb(
-                const char *fpath,
-                const struct stat *sb,
-                int tflag,
-                struct FTW *ftwbuf) {
-
-        char *p, *e;
-        int r;
-
-        if (tflag != FTW_F)
-                return 0;
-
-        if (!endswith(fpath, ".map") &&
-            !endswith(fpath, ".map.gz"))
-                return 0;
-
-        p = strdup(basename(fpath));
-        if (!p)
-                return log_oom();
-
-        e = endswith(p, ".map");
-        if (e)
-                *e = 0;
-
-        e = endswith(p, ".map.gz");
-        if (e)
-                *e = 0;
-
-        r = set_consume(keymaps, p);
-        if (r < 0 && r != -EEXIST)
-                return log_error_errno(r, "Can't add keymap: %m");
-
-        return 0;
-}
-
-static int list_vconsole_keymaps(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_strv_free_ char **l = NULL;
-        const char *dir;
-
-        keymaps = set_new(&string_hash_ops);
-        if (!keymaps)
-                return log_oom();
-
-        NULSTR_FOREACH(dir, KBD_KEYMAP_DIRS)
-                nftw(dir, nftw_cb, 20, FTW_MOUNT|FTW_PHYS);
-
-        l = set_get_strv(keymaps);
-        if (!l) {
-                set_free_free(keymaps);
-                return log_oom();
-        }
-
-        set_free(keymaps);
-
-        if (strv_isempty(l)) {
-                log_error("Couldn't find any console keymaps.");
-                return -ENOENT;
-        }
-
-        strv_sort(l);
-
-        pager_open(arg_no_pager, false);
-
-        strv_print(l);
-
-        return 0;
-}
-
-static int set_x11_keymap(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *layout, *model, *variant, *options;
-        int r;
-
-        assert(bus);
-        assert(args);
-
-        if (n > 5) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        polkit_agent_open_if_enabled();
-
-        layout = args[1];
-        model = n > 2 ? args[2] : "";
-        variant = n > 3 ? args[3] : "";
-        options = n > 4 ? args[4] : "";
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.locale1",
-                        "/org/freedesktop/locale1",
-                        "org.freedesktop.locale1",
-                        "SetX11Keyboard",
-                        &error,
-                        NULL,
-                        "ssssbb", layout, model, variant, options,
-                                  arg_convert, arg_ask_password);
-        if (r < 0)
-                log_error("Failed to set keymap: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static int list_x11_keymaps(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_strv_free_ char **list = NULL;
-        char line[LINE_MAX];
-        enum {
-                NONE,
-                MODELS,
-                LAYOUTS,
-                VARIANTS,
-                OPTIONS
-        } state = NONE, look_for;
-        int r;
-
-        if (n > 2) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        f = fopen("/usr/share/X11/xkb/rules/base.lst", "re");
-        if (!f)
-                return log_error_errno(errno, "Failed to open keyboard mapping list. %m");
-
-        if (streq(args[0], "list-x11-keymap-models"))
-                look_for = MODELS;
-        else if (streq(args[0], "list-x11-keymap-layouts"))
-                look_for = LAYOUTS;
-        else if (streq(args[0], "list-x11-keymap-variants"))
-                look_for = VARIANTS;
-        else if (streq(args[0], "list-x11-keymap-options"))
-                look_for = OPTIONS;
-        else
-                assert_not_reached("Wrong parameter");
-
-        FOREACH_LINE(line, f, break) {
-                char *l, *w;
-
-                l = strstrip(line);
-
-                if (isempty(l))
-                        continue;
-
-                if (l[0] == '!') {
-                        if (startswith(l, "! model"))
-                                state = MODELS;
-                        else if (startswith(l, "! layout"))
-                                state = LAYOUTS;
-                        else if (startswith(l, "! variant"))
-                                state = VARIANTS;
-                        else if (startswith(l, "! option"))
-                                state = OPTIONS;
-                        else
-                                state = NONE;
-
-                        continue;
-                }
-
-                if (state != look_for)
-                        continue;
-
-                w = l + strcspn(l, WHITESPACE);
-
-                if (n > 1) {
-                        char *e;
-
-                        if (*w == 0)
-                                continue;
-
-                        *w = 0;
-                        w++;
-                        w += strspn(w, WHITESPACE);
-
-                        e = strchr(w, ':');
-                        if (!e)
-                                continue;
-
-                        *e = 0;
-
-                        if (!streq(w, args[1]))
-                                continue;
-                } else
-                        *w = 0;
-
-                r = strv_extend(&list, l);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        if (strv_isempty(list)) {
-                log_error("Couldn't find any entries.");
-                return -ENOENT;
-        }
-
-        strv_sort(list);
-        strv_uniq(list);
-
-        pager_open(arg_no_pager, false);
-
-        strv_print(list);
-        return 0;
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] COMMAND ...\n\n"
-               "Query or change system locale and keyboard settings.\n\n"
-               "  -h --help                Show this help\n"
-               "     --version             Show package version\n"
-               "     --no-pager            Do not pipe output into a pager\n"
-               "     --no-ask-password     Do not prompt for password\n"
-               "  -H --host=[USER@]HOST    Operate on remote host\n"
-               "  -M --machine=CONTAINER   Operate on local container\n"
-               "     --no-convert          Don't convert keyboard mappings\n\n"
-               "Commands:\n"
-               "  status                   Show current locale settings\n"
-               "  set-locale LOCALE...     Set system locale\n"
-               "  list-locales             Show known locales\n"
-               "  set-keymap MAP [MAP]     Set console and X11 keyboard mappings\n"
-               "  list-keymaps             Show known virtual console keyboard mappings\n"
-               "  set-x11-keymap LAYOUT [MODEL [VARIANT [OPTIONS]]]\n"
-               "                           Set X11 and console keyboard mappings\n"
-               "  list-x11-keymap-models   Show known X11 keyboard mapping models\n"
-               "  list-x11-keymap-layouts  Show known X11 keyboard mapping layouts\n"
-               "  list-x11-keymap-variants [LAYOUT]\n"
-               "                           Show known X11 keyboard mapping variants\n"
-               "  list-x11-keymap-options  Show known X11 keyboard mapping options\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_PAGER,
-                ARG_NO_CONVERT,
-                ARG_NO_ASK_PASSWORD
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'                 },
-                { "version",         no_argument,       NULL, ARG_VERSION         },
-                { "no-pager",        no_argument,       NULL, ARG_NO_PAGER        },
-                { "host",            required_argument, NULL, 'H'                 },
-                { "machine",         required_argument, NULL, 'M'                 },
-                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
-                { "no-convert",      no_argument,       NULL, ARG_NO_CONVERT      },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_NO_CONVERT:
-                        arg_convert = false;
-                        break;
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_NO_ASK_PASSWORD:
-                        arg_ask_password = false;
-                        break;
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int localectl_main(sd_bus *bus, int argc, char *argv[]) {
-
-        static const struct {
-                const char* verb;
-                const enum {
-                        MORE,
-                        LESS,
-                        EQUAL
-                } argc_cmp;
-                const int argc;
-                int (* const dispatch)(sd_bus *bus, char **args, unsigned n);
-        } verbs[] = {
-                { "status",                   LESS,   1, show_status           },
-                { "set-locale",               MORE,   2, set_locale            },
-                { "list-locales",             EQUAL,  1, list_locales          },
-                { "set-keymap",               MORE,   2, set_vconsole_keymap   },
-                { "list-keymaps",             EQUAL,  1, list_vconsole_keymaps },
-                { "set-x11-keymap",           MORE,   2, set_x11_keymap        },
-                { "list-x11-keymap-models",   EQUAL,  1, list_x11_keymaps      },
-                { "list-x11-keymap-layouts",  EQUAL,  1, list_x11_keymaps      },
-                { "list-x11-keymap-variants", LESS,   2, list_x11_keymaps      },
-                { "list-x11-keymap-options",  EQUAL,  1, list_x11_keymaps      },
-        };
-
-        int left;
-        unsigned i;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        left = argc - optind;
-
-        if (left <= 0)
-                /* Special rule: no arguments means "status" */
-                i = 0;
-        else {
-                if (streq(argv[optind], "help")) {
-                        help();
-                        return 0;
-                }
-
-                for (i = 0; i < ELEMENTSOF(verbs); i++)
-                        if (streq(argv[optind], verbs[i].verb))
-                                break;
-
-                if (i >= ELEMENTSOF(verbs)) {
-                        log_error("Unknown operation %s", argv[optind]);
-                        return -EINVAL;
-                }
-        }
-
-        switch (verbs[i].argc_cmp) {
-
-        case EQUAL:
-                if (left != verbs[i].argc) {
-                        log_error("Invalid number of arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        case MORE:
-                if (left < verbs[i].argc) {
-                        log_error("Too few arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        case LESS:
-                if (left > verbs[i].argc) {
-                        log_error("Too many arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        default:
-                assert_not_reached("Unknown comparison operator.");
-        }
-
-        return verbs[i].dispatch(bus, argv + optind, left);
-}
-
-int main(int argc, char*argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create bus connection: %m");
-                goto finish;
-        }
-
-        r = localectl_main(bus, argc, argv);
-
-finish:
-        pager_close();
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/locale/localed.c b/src/locale/localed.c
deleted file mode 100644
index 3b22a582ac..0000000000
--- a/src/locale/localed.c
+++ /dev/null
@@ -1,1389 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-  Copyright 2013 Kay Sievers
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#ifdef HAVE_XKBCOMMON
-#include <xkbcommon/xkbcommon.h>
-#include <dlfcn.h>
-#endif
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-message.h"
-#include "bus-util.h"
-#include "def.h"
-#include "env-util.h"
-#include "fd-util.h"
-#include "fileio-label.h"
-#include "fileio.h"
-#include "locale-util.h"
-#include "mkdir.h"
-#include "path-util.h"
-#include "selinux-util.h"
-#include "strv.h"
-#include "user-util.h"
-#include "util.h"
-
-enum {
-        /* We don't list LC_ALL here on purpose. People should be
-         * using LANG instead. */
-        LOCALE_LANG,
-        LOCALE_LANGUAGE,
-        LOCALE_LC_CTYPE,
-        LOCALE_LC_NUMERIC,
-        LOCALE_LC_TIME,
-        LOCALE_LC_COLLATE,
-        LOCALE_LC_MONETARY,
-        LOCALE_LC_MESSAGES,
-        LOCALE_LC_PAPER,
-        LOCALE_LC_NAME,
-        LOCALE_LC_ADDRESS,
-        LOCALE_LC_TELEPHONE,
-        LOCALE_LC_MEASUREMENT,
-        LOCALE_LC_IDENTIFICATION,
-        _LOCALE_MAX
-};
-
-static const char * const names[_LOCALE_MAX] = {
-        [LOCALE_LANG] = "LANG",
-        [LOCALE_LANGUAGE] = "LANGUAGE",
-        [LOCALE_LC_CTYPE] = "LC_CTYPE",
-        [LOCALE_LC_NUMERIC] = "LC_NUMERIC",
-        [LOCALE_LC_TIME] = "LC_TIME",
-        [LOCALE_LC_COLLATE] = "LC_COLLATE",
-        [LOCALE_LC_MONETARY] = "LC_MONETARY",
-        [LOCALE_LC_MESSAGES] = "LC_MESSAGES",
-        [LOCALE_LC_PAPER] = "LC_PAPER",
-        [LOCALE_LC_NAME] = "LC_NAME",
-        [LOCALE_LC_ADDRESS] = "LC_ADDRESS",
-        [LOCALE_LC_TELEPHONE] = "LC_TELEPHONE",
-        [LOCALE_LC_MEASUREMENT] = "LC_MEASUREMENT",
-        [LOCALE_LC_IDENTIFICATION] = "LC_IDENTIFICATION"
-};
-
-typedef struct Context {
-        char *locale[_LOCALE_MAX];
-
-        char *x11_layout;
-        char *x11_model;
-        char *x11_variant;
-        char *x11_options;
-
-        char *vc_keymap;
-        char *vc_keymap_toggle;
-
-        Hashmap *polkit_registry;
-} Context;
-
-static const char* nonempty(const char *s) {
-        return isempty(s) ? NULL : s;
-}
-
-static bool startswith_comma(const char *s, const char *prefix) {
-        const char *t;
-
-        return s && (t = startswith(s, prefix)) && (*t == ',');
-}
-
-static void context_free_x11(Context *c) {
-        c->x11_layout = mfree(c->x11_layout);
-        c->x11_options = mfree(c->x11_options);
-        c->x11_model = mfree(c->x11_model);
-        c->x11_variant = mfree(c->x11_variant);
-}
-
-static void context_free_vconsole(Context *c) {
-        c->vc_keymap = mfree(c->vc_keymap);
-        c->vc_keymap_toggle = mfree(c->vc_keymap_toggle);
-}
-
-static void context_free_locale(Context *c) {
-        int p;
-
-        for (p = 0; p < _LOCALE_MAX; p++)
-                c->locale[p] = mfree(c->locale[p]);
-}
-
-static void context_free(Context *c) {
-        context_free_locale(c);
-        context_free_x11(c);
-        context_free_vconsole(c);
-
-        bus_verify_polkit_async_registry_free(c->polkit_registry);
-};
-
-static void locale_simplify(Context *c) {
-        int p;
-
-        for (p = LOCALE_LANG+1; p < _LOCALE_MAX; p++)
-                if (isempty(c->locale[p]) || streq_ptr(c->locale[LOCALE_LANG], c->locale[p]))
-                        c->locale[p] = mfree(c->locale[p]);
-}
-
-static int locale_read_data(Context *c) {
-        int r;
-
-        context_free_locale(c);
-
-        r = parse_env_file("/etc/locale.conf", NEWLINE,
-                           "LANG",              &c->locale[LOCALE_LANG],
-                           "LANGUAGE",          &c->locale[LOCALE_LANGUAGE],
-                           "LC_CTYPE",          &c->locale[LOCALE_LC_CTYPE],
-                           "LC_NUMERIC",        &c->locale[LOCALE_LC_NUMERIC],
-                           "LC_TIME",           &c->locale[LOCALE_LC_TIME],
-                           "LC_COLLATE",        &c->locale[LOCALE_LC_COLLATE],
-                           "LC_MONETARY",       &c->locale[LOCALE_LC_MONETARY],
-                           "LC_MESSAGES",       &c->locale[LOCALE_LC_MESSAGES],
-                           "LC_PAPER",          &c->locale[LOCALE_LC_PAPER],
-                           "LC_NAME",           &c->locale[LOCALE_LC_NAME],
-                           "LC_ADDRESS",        &c->locale[LOCALE_LC_ADDRESS],
-                           "LC_TELEPHONE",      &c->locale[LOCALE_LC_TELEPHONE],
-                           "LC_MEASUREMENT",    &c->locale[LOCALE_LC_MEASUREMENT],
-                           "LC_IDENTIFICATION", &c->locale[LOCALE_LC_IDENTIFICATION],
-                           NULL);
-
-        if (r == -ENOENT) {
-                int p;
-
-                /* Fill in what we got passed from systemd. */
-                for (p = 0; p < _LOCALE_MAX; p++) {
-                        assert(names[p]);
-
-                        r = free_and_strdup(&c->locale[p],
-                                            nonempty(getenv(names[p])));
-                        if (r < 0)
-                                return r;
-                }
-
-                r = 0;
-        }
-
-        locale_simplify(c);
-        return r;
-}
-
-static int vconsole_read_data(Context *c) {
-        int r;
-
-        context_free_vconsole(c);
-
-        r = parse_env_file("/etc/vconsole.conf", NEWLINE,
-                           "KEYMAP",        &c->vc_keymap,
-                           "KEYMAP_TOGGLE", &c->vc_keymap_toggle,
-                           NULL);
-
-        if (r < 0 && r != -ENOENT)
-                return r;
-
-        return 0;
-}
-
-static int x11_read_data(Context *c) {
-        _cleanup_fclose_ FILE *f;
-        char line[LINE_MAX];
-        bool in_section = false;
-        int r;
-
-        context_free_x11(c);
-
-        f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re");
-        if (!f)
-                return errno == ENOENT ? 0 : -errno;
-
-        while (fgets(line, sizeof(line), f)) {
-                char *l;
-
-                char_array_0(line);
-                l = strstrip(line);
-
-                if (l[0] == 0 || l[0] == '#')
-                        continue;
-
-                if (in_section && first_word(l, "Option")) {
-                        _cleanup_strv_free_ char **a = NULL;
-
-                        r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
-                        if (r < 0)
-                                return r;
-
-                        if (strv_length(a) == 3) {
-                                char **p = NULL;
-
-                                if (streq(a[1], "XkbLayout"))
-                                        p = &c->x11_layout;
-                                else if (streq(a[1], "XkbModel"))
-                                        p = &c->x11_model;
-                                else if (streq(a[1], "XkbVariant"))
-                                        p = &c->x11_variant;
-                                else if (streq(a[1], "XkbOptions"))
-                                        p = &c->x11_options;
-
-                                if (p) {
-                                        free(*p);
-                                        *p = a[2];
-                                        a[2] = NULL;
-                                }
-                        }
-
-                } else if (!in_section && first_word(l, "Section")) {
-                        _cleanup_strv_free_ char **a = NULL;
-
-                        r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
-                        if (r < 0)
-                                return -ENOMEM;
-
-                        if (strv_length(a) == 2 && streq(a[1], "InputClass"))
-                                in_section = true;
-
-                } else if (in_section && first_word(l, "EndSection"))
-                        in_section = false;
-        }
-
-        return 0;
-}
-
-static int context_read_data(Context *c) {
-        int r, q, p;
-
-        r = locale_read_data(c);
-        q = vconsole_read_data(c);
-        p = x11_read_data(c);
-
-        return r < 0 ? r : q < 0 ? q : p;
-}
-
-static int locale_write_data(Context *c, char ***settings) {
-        int r, p;
-        _cleanup_strv_free_ char **l = NULL;
-
-        /* Set values will be returned as strv in *settings on success. */
-
-        r = load_env_file(NULL, "/etc/locale.conf", NULL, &l);
-        if (r < 0 && r != -ENOENT)
-                return r;
-
-        for (p = 0; p < _LOCALE_MAX; p++) {
-                _cleanup_free_ char *t = NULL;
-                char **u;
-
-                assert(names[p]);
-
-                if (isempty(c->locale[p])) {
-                        l = strv_env_unset(l, names[p]);
-                        continue;
-                }
-
-                if (asprintf(&t, "%s=%s", names[p], c->locale[p]) < 0)
-                        return -ENOMEM;
-
-                u = strv_env_set(l, t);
-                if (!u)
-                        return -ENOMEM;
-
-                strv_free(l);
-                l = u;
-        }
-
-        if (strv_isempty(l)) {
-                if (unlink("/etc/locale.conf") < 0)
-                        return errno == ENOENT ? 0 : -errno;
-
-                return 0;
-        }
-
-        r = write_env_file_label("/etc/locale.conf", l);
-        if (r < 0)
-                return r;
-
-        *settings = l;
-        l = NULL;
-        return 0;
-}
-
-static int locale_update_system_manager(Context *c, sd_bus *bus) {
-        _cleanup_free_ char **l_unset = NULL;
-        _cleanup_strv_free_ char **l_set = NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        sd_bus_error error = SD_BUS_ERROR_NULL;
-        unsigned c_set, c_unset, p;
-        int r;
-
-        assert(bus);
-
-        l_unset = new0(char*, _LOCALE_MAX);
-        if (!l_unset)
-                return -ENOMEM;
-
-        l_set = new0(char*, _LOCALE_MAX);
-        if (!l_set)
-                return -ENOMEM;
-
-        for (p = 0, c_set = 0, c_unset = 0; p < _LOCALE_MAX; p++) {
-                assert(names[p]);
-
-                if (isempty(c->locale[p]))
-                        l_unset[c_set++] = (char*) names[p];
-                else {
-                        char *s;
-
-                        if (asprintf(&s, "%s=%s", names[p], c->locale[p]) < 0)
-                                return -ENOMEM;
-
-                        l_set[c_unset++] = s;
-                }
-        }
-
-        assert(c_set + c_unset == _LOCALE_MAX);
-        r = sd_bus_message_new_method_call(bus, &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "UnsetAndSetEnvironment");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append_strv(m, l_unset);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append_strv(m, l_set);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call(bus, m, 0, &error, NULL);
-        if (r < 0)
-                log_error_errno(r, "Failed to update the manager environment: %m");
-
-        return 0;
-}
-
-static int vconsole_write_data(Context *c) {
-        int r;
-        _cleanup_strv_free_ char **l = NULL;
-
-        r = load_env_file(NULL, "/etc/vconsole.conf", NULL, &l);
-        if (r < 0 && r != -ENOENT)
-                return r;
-
-        if (isempty(c->vc_keymap))
-                l = strv_env_unset(l, "KEYMAP");
-        else {
-                _cleanup_free_ char *s = NULL;
-                char **u;
-
-                s = strappend("KEYMAP=", c->vc_keymap);
-                if (!s)
-                        return -ENOMEM;
-
-                u = strv_env_set(l, s);
-                if (!u)
-                        return -ENOMEM;
-
-                strv_free(l);
-                l = u;
-        }
-
-        if (isempty(c->vc_keymap_toggle))
-                l = strv_env_unset(l, "KEYMAP_TOGGLE");
-        else  {
-                _cleanup_free_ char *s = NULL;
-                char **u;
-
-                s = strappend("KEYMAP_TOGGLE=", c->vc_keymap_toggle);
-                if (!s)
-                        return -ENOMEM;
-
-                u = strv_env_set(l, s);
-                if (!u)
-                        return -ENOMEM;
-
-                strv_free(l);
-                l = u;
-        }
-
-        if (strv_isempty(l)) {
-                if (unlink("/etc/vconsole.conf") < 0)
-                        return errno == ENOENT ? 0 : -errno;
-
-                return 0;
-        }
-
-        return write_env_file_label("/etc/vconsole.conf", l);
-}
-
-static int x11_write_data(Context *c) {
-        _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_free_ char *temp_path = NULL;
-        int r;
-
-        if (isempty(c->x11_layout) &&
-            isempty(c->x11_model) &&
-            isempty(c->x11_variant) &&
-            isempty(c->x11_options)) {
-
-                if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
-                        return errno == ENOENT ? 0 : -errno;
-
-                return 0;
-        }
-
-        mkdir_p_label("/etc/X11/xorg.conf.d", 0755);
-
-        r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
-        if (r < 0)
-                return r;
-
-        fchmod(fileno(f), 0644);
-
-        fputs("# Read and parsed by systemd-localed. It's probably wise not to edit this file\n"
-              "# manually too freely.\n"
-              "Section \"InputClass\"\n"
-              "        Identifier \"system-keyboard\"\n"
-              "        MatchIsKeyboard \"on\"\n", f);
-
-        if (!isempty(c->x11_layout))
-                fprintf(f, "        Option \"XkbLayout\" \"%s\"\n", c->x11_layout);
-
-        if (!isempty(c->x11_model))
-                fprintf(f, "        Option \"XkbModel\" \"%s\"\n", c->x11_model);
-
-        if (!isempty(c->x11_variant))
-                fprintf(f, "        Option \"XkbVariant\" \"%s\"\n", c->x11_variant);
-
-        if (!isempty(c->x11_options))
-                fprintf(f, "        Option \"XkbOptions\" \"%s\"\n", c->x11_options);
-
-        fputs("EndSection\n", f);
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        (void) unlink("/etc/X11/xorg.conf.d/00-keyboard.conf");
-
-        if (temp_path)
-                (void) unlink(temp_path);
-
-        return r;
-}
-
-static int vconsole_reload(sd_bus *bus) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-
-        r = sd_bus_call_method(bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "RestartUnit",
-                        &error,
-                        NULL,
-                        "ss", "systemd-vconsole-setup.service", "replace");
-
-        if (r < 0)
-                log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
-        return r;
-}
-
-static const char* strnulldash(const char *s) {
-        return isempty(s) || streq(s, "-") ? NULL : s;
-}
-
-static int read_next_mapping(const char* filename,
-                             unsigned min_fields, unsigned max_fields,
-                             FILE *f, unsigned *n, char ***a) {
-        assert(f);
-        assert(n);
-        assert(a);
-
-        for (;;) {
-                char line[LINE_MAX];
-                char *l, **b;
-                int r;
-                size_t length;
-
-                errno = 0;
-                if (!fgets(line, sizeof(line), f)) {
-
-                        if (ferror(f))
-                                return errno > 0 ? -errno : -EIO;
-
-                        return 0;
-                }
-
-                (*n)++;
-
-                l = strstrip(line);
-                if (l[0] == 0 || l[0] == '#')
-                        continue;
-
-                r = strv_split_extract(&b, l, WHITESPACE, EXTRACT_QUOTES);
-                if (r < 0)
-                        return r;
-
-                length = strv_length(b);
-                if (length < min_fields || length > max_fields) {
-                        log_error("Invalid line %s:%u, ignoring.", filename, *n);
-                        strv_free(b);
-                        continue;
-
-                }
-
-                *a = b;
-                return 1;
-        }
-}
-
-static int vconsole_convert_to_x11(Context *c, sd_bus *bus) {
-        bool modified = false;
-
-        assert(bus);
-
-        if (isempty(c->vc_keymap)) {
-
-                modified =
-                        !isempty(c->x11_layout) ||
-                        !isempty(c->x11_model) ||
-                        !isempty(c->x11_variant) ||
-                        !isempty(c->x11_options);
-
-                context_free_x11(c);
-        } else {
-                _cleanup_fclose_ FILE *f = NULL;
-                unsigned n = 0;
-
-                f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
-                if (!f)
-                        return -errno;
-
-                for (;;) {
-                        _cleanup_strv_free_ char **a = NULL;
-                        int r;
-
-                        r = read_next_mapping(SYSTEMD_KBD_MODEL_MAP, 5, UINT_MAX, f, &n, &a);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                break;
-
-                        if (!streq(c->vc_keymap, a[0]))
-                                continue;
-
-                        if (!streq_ptr(c->x11_layout, strnulldash(a[1])) ||
-                            !streq_ptr(c->x11_model, strnulldash(a[2])) ||
-                            !streq_ptr(c->x11_variant, strnulldash(a[3])) ||
-                            !streq_ptr(c->x11_options, strnulldash(a[4]))) {
-
-                                if (free_and_strdup(&c->x11_layout, strnulldash(a[1])) < 0 ||
-                                    free_and_strdup(&c->x11_model, strnulldash(a[2])) < 0 ||
-                                    free_and_strdup(&c->x11_variant, strnulldash(a[3])) < 0 ||
-                                    free_and_strdup(&c->x11_options, strnulldash(a[4])) < 0)
-                                        return -ENOMEM;
-
-                                modified = true;
-                        }
-
-                        break;
-                }
-        }
-
-        if (modified) {
-                int r;
-
-                r = x11_write_data(c);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to set X11 keyboard layout: %m");
-
-                log_info("Changed X11 keyboard layout to '%s' model '%s' variant '%s' options '%s'",
-                         strempty(c->x11_layout),
-                         strempty(c->x11_model),
-                         strempty(c->x11_variant),
-                         strempty(c->x11_options));
-
-                sd_bus_emit_properties_changed(bus,
-                                "/org/freedesktop/locale1",
-                                "org.freedesktop.locale1",
-                                "X11Layout", "X11Model", "X11Variant", "X11Options", NULL);
-        } else
-                log_debug("X11 keyboard layout was not modified.");
-
-        return 0;
-}
-
-static int find_converted_keymap(const char *x11_layout, const char *x11_variant, char **new_keymap) {
-        const char *dir;
-        _cleanup_free_ char *n;
-
-        if (x11_variant)
-                n = strjoin(x11_layout, "-", x11_variant, NULL);
-        else
-                n = strdup(x11_layout);
-        if (!n)
-                return -ENOMEM;
-
-        NULSTR_FOREACH(dir, KBD_KEYMAP_DIRS) {
-                _cleanup_free_ char *p = NULL, *pz = NULL;
-                bool uncompressed;
-
-                p = strjoin(dir, "xkb/", n, ".map", NULL);
-                pz = strjoin(dir, "xkb/", n, ".map.gz", NULL);
-                if (!p || !pz)
-                        return -ENOMEM;
-
-                uncompressed = access(p, F_OK) == 0;
-                if (uncompressed || access(pz, F_OK) == 0) {
-                        log_debug("Found converted keymap %s at %s",
-                                  n, uncompressed ? p : pz);
-
-                        *new_keymap = n;
-                        n = NULL;
-                        return 1;
-                }
-        }
-
-        return 0;
-}
-
-static int find_legacy_keymap(Context *c, char **new_keymap) {
-        _cleanup_fclose_ FILE *f;
-        unsigned n = 0;
-        unsigned best_matching = 0;
-        int r;
-
-        f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
-        if (!f)
-                return -errno;
-
-        for (;;) {
-                _cleanup_strv_free_ char **a = NULL;
-                unsigned matching = 0;
-
-                r = read_next_mapping(SYSTEMD_KBD_MODEL_MAP, 5, UINT_MAX, f, &n, &a);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                /* Determine how well matching this entry is */
-                if (streq_ptr(c->x11_layout, a[1]))
-                        /* If we got an exact match, this is best */
-                        matching = 10;
-                else {
-                        /* We have multiple X layouts, look for an
-                         * entry that matches our key with everything
-                         * but the first layout stripped off. */
-                        if (startswith_comma(c->x11_layout, a[1]))
-                                matching = 5;
-                        else  {
-                                char *x;
-
-                                /* If that didn't work, strip off the
-                                 * other layouts from the entry, too */
-                                x = strndupa(a[1], strcspn(a[1], ","));
-                                if (startswith_comma(c->x11_layout, x))
-                                        matching = 1;
-                        }
-                }
-
-                if (matching > 0) {
-                        if (isempty(c->x11_model) || streq_ptr(c->x11_model, a[2])) {
-                                matching++;
-
-                                if (streq_ptr(c->x11_variant, a[3])) {
-                                        matching++;
-
-                                        if (streq_ptr(c->x11_options, a[4]))
-                                                matching++;
-                                }
-                        }
-                }
-
-                /* The best matching entry so far, then let's save that */
-                if (matching >= MAX(best_matching, 1u)) {
-                        log_debug("Found legacy keymap %s with score %u",
-                                  a[0], matching);
-
-                        if (matching > best_matching) {
-                                best_matching = matching;
-
-                                r = free_and_strdup(new_keymap, a[0]);
-                                if (r < 0)
-                                        return r;
-                        }
-                }
-        }
-
-        if (best_matching < 10 && c->x11_layout) {
-                /* The best match is only the first part of the X11
-                 * keymap. Check if we have a converted map which
-                 * matches just the first layout.
-                 */
-                char *l, *v = NULL, *converted;
-
-                l = strndupa(c->x11_layout, strcspn(c->x11_layout, ","));
-                if (c->x11_variant)
-                        v = strndupa(c->x11_variant, strcspn(c->x11_variant, ","));
-                r = find_converted_keymap(l, v, &converted);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        free(*new_keymap);
-                        *new_keymap = converted;
-                }
-        }
-
-        return 0;
-}
-
-static int find_language_fallback(const char *lang, char **language) {
-        _cleanup_fclose_ FILE *f = NULL;
-        unsigned n = 0;
-
-        assert(language);
-
-        f = fopen(SYSTEMD_LANGUAGE_FALLBACK_MAP, "re");
-        if (!f)
-                return -errno;
-
-        for (;;) {
-                _cleanup_strv_free_ char **a = NULL;
-                int r;
-
-                r = read_next_mapping(SYSTEMD_LANGUAGE_FALLBACK_MAP, 2, 2, f, &n, &a);
-                if (r <= 0)
-                        return r;
-
-                if (streq(lang, a[0])) {
-                        assert(strv_length(a) == 2);
-                        *language = a[1];
-                        a[1] = NULL;
-                        return 1;
-                }
-        }
-
-        assert_not_reached("should not be here");
-}
-
-static int x11_convert_to_vconsole(Context *c, sd_bus *bus) {
-        bool modified = false;
-        int r;
-
-        assert(bus);
-
-        if (isempty(c->x11_layout)) {
-
-                modified =
-                        !isempty(c->vc_keymap) ||
-                        !isempty(c->vc_keymap_toggle);
-
-                context_free_x11(c);
-        } else {
-                char *new_keymap = NULL;
-
-                r = find_converted_keymap(c->x11_layout, c->x11_variant, &new_keymap);
-                if (r < 0)
-                        return r;
-                else if (r == 0) {
-                        r = find_legacy_keymap(c, &new_keymap);
-                        if (r < 0)
-                                return r;
-                }
-
-                if (!streq_ptr(c->vc_keymap, new_keymap)) {
-                        free(c->vc_keymap);
-                        c->vc_keymap = new_keymap;
-                        c->vc_keymap_toggle = mfree(c->vc_keymap_toggle);
-                        modified = true;
-                } else
-                        free(new_keymap);
-        }
-
-        if (modified) {
-                r = vconsole_write_data(c);
-                if (r < 0)
-                        log_error_errno(r, "Failed to set virtual console keymap: %m");
-
-                log_info("Changed virtual console keymap to '%s' toggle '%s'",
-                         strempty(c->vc_keymap), strempty(c->vc_keymap_toggle));
-
-                sd_bus_emit_properties_changed(bus,
-                                "/org/freedesktop/locale1",
-                                "org.freedesktop.locale1",
-                                "VConsoleKeymap", "VConsoleKeymapToggle", NULL);
-
-                return vconsole_reload(bus);
-        } else
-                log_debug("Virtual console keymap was not modified.");
-
-        return 0;
-}
-
-static int property_get_locale(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Context *c = userdata;
-        _cleanup_strv_free_ char **l = NULL;
-        int p, q;
-
-        l = new0(char*, _LOCALE_MAX+1);
-        if (!l)
-                return -ENOMEM;
-
-        for (p = 0, q = 0; p < _LOCALE_MAX; p++) {
-                char *t;
-
-                if (isempty(c->locale[p]))
-                        continue;
-
-                if (asprintf(&t, "%s=%s", names[p], c->locale[p]) < 0)
-                        return -ENOMEM;
-
-                l[q++] = t;
-        }
-
-        return sd_bus_message_append_strv(reply, l);
-}
-
-static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        Context *c = userdata;
-        _cleanup_strv_free_ char **l = NULL;
-        char **i;
-        const char *lang = NULL;
-        int interactive;
-        bool modified = false;
-        bool have[_LOCALE_MAX] = {};
-        int p;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        r = bus_message_read_strv_extend(m, &l);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read_basic(m, 'b', &interactive);
-        if (r < 0)
-                return r;
-
-        /* Check whether a variable changed and if it is valid */
-        STRV_FOREACH(i, l) {
-                bool valid = false;
-
-                for (p = 0; p < _LOCALE_MAX; p++) {
-                        size_t k;
-
-                        k = strlen(names[p]);
-                        if (startswith(*i, names[p]) &&
-                            (*i)[k] == '=' &&
-                            locale_is_valid((*i) + k + 1)) {
-                                valid = true;
-                                have[p] = true;
-
-                                if (p == LOCALE_LANG)
-                                        lang = (*i) + k + 1;
-
-                                if (!streq_ptr(*i + k + 1, c->locale[p]))
-                                        modified = true;
-
-                                break;
-                        }
-                }
-
-                if (!valid)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid Locale data.");
-        }
-
-        /* If LANG was specified, but not LANGUAGE, check if we should
-         * set it based on the language fallback table. */
-        if (have[LOCALE_LANG] && !have[LOCALE_LANGUAGE]) {
-                _cleanup_free_ char *language = NULL;
-
-                assert(lang);
-
-                (void) find_language_fallback(lang, &language);
-                if (language) {
-                        log_debug("Converted LANG=%s to LANGUAGE=%s", lang, language);
-                        if (!streq_ptr(language, c->locale[LOCALE_LANGUAGE])) {
-                                r = strv_extendf(&l, "LANGUAGE=%s", language);
-                                if (r < 0)
-                                        return r;
-
-                                have[LOCALE_LANGUAGE] = true;
-                                modified = true;
-                        }
-                }
-        }
-
-        /* Check whether a variable is unset */
-        if (!modified)
-                for (p = 0; p < _LOCALE_MAX; p++)
-                        if (!isempty(c->locale[p]) && !have[p]) {
-                                modified = true;
-                                break;
-                        }
-
-        if (modified) {
-                _cleanup_strv_free_ char **settings = NULL;
-
-                r = bus_verify_polkit_async(
-                                m,
-                                CAP_SYS_ADMIN,
-                                "org.freedesktop.locale1.set-locale",
-                                NULL,
-                                interactive,
-                                UID_INVALID,
-                                &c->polkit_registry,
-                                error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-                STRV_FOREACH(i, l)
-                        for (p = 0; p < _LOCALE_MAX; p++) {
-                                size_t k;
-
-                                k = strlen(names[p]);
-                                if (startswith(*i, names[p]) && (*i)[k] == '=') {
-                                        r = free_and_strdup(&c->locale[p], *i + k + 1);
-                                        if (r < 0)
-                                                return r;
-                                        break;
-                                }
-                        }
-
-                for (p = 0; p < _LOCALE_MAX; p++) {
-                        if (have[p])
-                                continue;
-
-                        c->locale[p] = mfree(c->locale[p]);
-                }
-
-                locale_simplify(c);
-
-                r = locale_write_data(c, &settings);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to set locale: %m");
-                        return sd_bus_error_set_errnof(error, r, "Failed to set locale: %s", strerror(-r));
-                }
-
-                locale_update_system_manager(c, sd_bus_message_get_bus(m));
-
-                if (settings) {
-                        _cleanup_free_ char *line;
-
-                        line = strv_join(settings, ", ");
-                        log_info("Changed locale to %s.", strnull(line));
-                } else
-                        log_info("Changed locale to unset.");
-
-                (void) sd_bus_emit_properties_changed(
-                                sd_bus_message_get_bus(m),
-                                "/org/freedesktop/locale1",
-                                "org.freedesktop.locale1",
-                                "Locale", NULL);
-        } else
-                log_debug("Locale settings were not modified.");
-
-
-        return sd_bus_reply_method_return(m, NULL);
-}
-
-static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        Context *c = userdata;
-        const char *keymap, *keymap_toggle;
-        int convert, interactive;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        r = sd_bus_message_read(m, "ssbb", &keymap, &keymap_toggle, &convert, &interactive);
-        if (r < 0)
-                return r;
-
-        if (isempty(keymap))
-                keymap = NULL;
-
-        if (isempty(keymap_toggle))
-                keymap_toggle = NULL;
-
-        if (!streq_ptr(keymap, c->vc_keymap) ||
-            !streq_ptr(keymap_toggle, c->vc_keymap_toggle)) {
-
-                if ((keymap && (!filename_is_valid(keymap) || !string_is_safe(keymap))) ||
-                    (keymap_toggle && (!filename_is_valid(keymap_toggle) || !string_is_safe(keymap_toggle))))
-                        return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keymap data");
-
-                r = bus_verify_polkit_async(
-                                m,
-                                CAP_SYS_ADMIN,
-                                "org.freedesktop.locale1.set-keyboard",
-                                NULL,
-                                interactive,
-                                UID_INVALID,
-                                &c->polkit_registry,
-                                error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-                if (free_and_strdup(&c->vc_keymap, keymap) < 0 ||
-                    free_and_strdup(&c->vc_keymap_toggle, keymap_toggle) < 0)
-                        return -ENOMEM;
-
-                r = vconsole_write_data(c);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to set virtual console keymap: %m");
-                        return sd_bus_error_set_errnof(error, r, "Failed to set virtual console keymap: %s", strerror(-r));
-                }
-
-                log_info("Changed virtual console keymap to '%s' toggle '%s'",
-                         strempty(c->vc_keymap), strempty(c->vc_keymap_toggle));
-
-                r = vconsole_reload(sd_bus_message_get_bus(m));
-                if (r < 0)
-                        log_error_errno(r, "Failed to request keymap reload: %m");
-
-                (void) sd_bus_emit_properties_changed(
-                                sd_bus_message_get_bus(m),
-                                "/org/freedesktop/locale1",
-                                "org.freedesktop.locale1",
-                                "VConsoleKeymap", "VConsoleKeymapToggle", NULL);
-
-                if (convert) {
-                        r = vconsole_convert_to_x11(c, sd_bus_message_get_bus(m));
-                        if (r < 0)
-                                log_error_errno(r, "Failed to convert keymap data: %m");
-                }
-        }
-
-        return sd_bus_reply_method_return(m, NULL);
-}
-
-#ifdef HAVE_XKBCOMMON
-
-_printf_(3, 0)
-static void log_xkb(struct xkb_context *ctx, enum xkb_log_level lvl, const char *format, va_list args) {
-        const char *fmt;
-
-        fmt = strjoina("libxkbcommon: ", format);
-        log_internalv(LOG_DEBUG, 0, __FILE__, __LINE__, __func__, fmt, args);
-}
-
-#define LOAD_SYMBOL(symbol, dl, name)                                   \
-        ({                                                              \
-                (symbol) = (typeof(symbol)) dlvsym((dl), (name), "V_0.5.0"); \
-                (symbol) ? 0 : -EOPNOTSUPP;                             \
-        })
-
-static int verify_xkb_rmlvo(const char *model, const char *layout, const char *variant, const char *options) {
-
-        /* We dlopen() the library in order to make the dependency soft. The library (and what it pulls in) is huge
-         * after all, hence let's support XKB maps when the library is around, and refuse otherwise. The function
-         * pointers to the shared library are below: */
-
-        struct xkb_context* (*symbol_xkb_context_new)(enum xkb_context_flags flags) = NULL;
-        void (*symbol_xkb_context_unref)(struct xkb_context *context) = NULL;
-        void (*symbol_xkb_context_set_log_fn)(struct xkb_context *context, void (*log_fn)(struct xkb_context *context, enum xkb_log_level level, const char *format, va_list args)) = NULL;
-        struct xkb_keymap* (*symbol_xkb_keymap_new_from_names)(struct xkb_context *context, const struct xkb_rule_names *names, enum xkb_keymap_compile_flags flags) = NULL;
-        void (*symbol_xkb_keymap_unref)(struct xkb_keymap *keymap) = NULL;
-
-        const struct xkb_rule_names rmlvo = {
-                .model          = model,
-                .layout         = layout,
-                .variant        = variant,
-                .options        = options,
-        };
-        struct xkb_context *ctx = NULL;
-        struct xkb_keymap *km = NULL;
-        void *dl;
-        int r;
-
-        /* Compile keymap from RMLVO information to check out its validity */
-
-        dl = dlopen("libxkbcommon.so.0", RTLD_LAZY);
-        if (!dl)
-                return -EOPNOTSUPP;
-
-        r = LOAD_SYMBOL(symbol_xkb_context_new, dl, "xkb_context_new");
-        if (r < 0)
-                goto finish;
-
-        r = LOAD_SYMBOL(symbol_xkb_context_unref, dl, "xkb_context_unref");
-        if (r < 0)
-                goto finish;
-
-        r = LOAD_SYMBOL(symbol_xkb_context_set_log_fn, dl, "xkb_context_set_log_fn");
-        if (r < 0)
-                goto finish;
-
-        r = LOAD_SYMBOL(symbol_xkb_keymap_new_from_names, dl, "xkb_keymap_new_from_names");
-        if (r < 0)
-                goto finish;
-
-        r = LOAD_SYMBOL(symbol_xkb_keymap_unref, dl, "xkb_keymap_unref");
-        if (r < 0)
-                goto finish;
-
-        ctx = symbol_xkb_context_new(XKB_CONTEXT_NO_ENVIRONMENT_NAMES);
-        if (!ctx) {
-                r = -ENOMEM;
-                goto finish;
-        }
-
-        symbol_xkb_context_set_log_fn(ctx, log_xkb);
-
-        km = symbol_xkb_keymap_new_from_names(ctx, &rmlvo, XKB_KEYMAP_COMPILE_NO_FLAGS);
-        if (!km) {
-                r = -EINVAL;
-                goto finish;
-        }
-
-        r = 0;
-
-finish:
-        if (symbol_xkb_keymap_unref && km)
-                symbol_xkb_keymap_unref(km);
-
-        if (symbol_xkb_context_unref && ctx)
-                symbol_xkb_context_unref(ctx);
-
-        (void) dlclose(dl);
-        return r;
-}
-
-#else
-
-static int verify_xkb_rmlvo(const char *model, const char *layout, const char *variant, const char *options) {
-        return 0;
-}
-
-#endif
-
-static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        Context *c = userdata;
-        const char *layout, *model, *variant, *options;
-        int convert, interactive;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        r = sd_bus_message_read(m, "ssssbb", &layout, &model, &variant, &options, &convert, &interactive);
-        if (r < 0)
-                return r;
-
-        if (isempty(layout))
-                layout = NULL;
-
-        if (isempty(model))
-                model = NULL;
-
-        if (isempty(variant))
-                variant = NULL;
-
-        if (isempty(options))
-                options = NULL;
-
-        if (!streq_ptr(layout, c->x11_layout) ||
-            !streq_ptr(model, c->x11_model) ||
-            !streq_ptr(variant, c->x11_variant) ||
-            !streq_ptr(options, c->x11_options)) {
-
-                if ((layout && !string_is_safe(layout)) ||
-                    (model && !string_is_safe(model)) ||
-                    (variant && !string_is_safe(variant)) ||
-                    (options && !string_is_safe(options)))
-                        return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keyboard data");
-
-                r = bus_verify_polkit_async(
-                                m,
-                                CAP_SYS_ADMIN,
-                                "org.freedesktop.locale1.set-keyboard",
-                                NULL,
-                                interactive,
-                                UID_INVALID,
-                                &c->polkit_registry,
-                                error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-                r = verify_xkb_rmlvo(model, layout, variant, options);
-                if (r < 0) {
-                        log_error_errno(r, "Cannot compile XKB keymap for new x11 keyboard layout ('%s' / '%s' / '%s' / '%s'): %m",
-                                        strempty(model), strempty(layout), strempty(variant), strempty(options));
-
-                        if (r == -EOPNOTSUPP)
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Local keyboard configuration not supported on this system.");
-
-                        return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Specified keymap cannot be compiled, refusing as invalid.");
-                }
-
-                if (free_and_strdup(&c->x11_layout, layout) < 0 ||
-                    free_and_strdup(&c->x11_model, model) < 0 ||
-                    free_and_strdup(&c->x11_variant, variant) < 0 ||
-                    free_and_strdup(&c->x11_options, options) < 0)
-                        return -ENOMEM;
-
-                r = x11_write_data(c);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to set X11 keyboard layout: %m");
-                        return sd_bus_error_set_errnof(error, r, "Failed to set X11 keyboard layout: %s", strerror(-r));
-                }
-
-                log_info("Changed X11 keyboard layout to '%s' model '%s' variant '%s' options '%s'",
-                         strempty(c->x11_layout),
-                         strempty(c->x11_model),
-                         strempty(c->x11_variant),
-                         strempty(c->x11_options));
-
-                (void) sd_bus_emit_properties_changed(
-                                sd_bus_message_get_bus(m),
-                                "/org/freedesktop/locale1",
-                                "org.freedesktop.locale1",
-                                "X11Layout", "X11Model", "X11Variant", "X11Options", NULL);
-
-                if (convert) {
-                        r = x11_convert_to_vconsole(c, sd_bus_message_get_bus(m));
-                        if (r < 0)
-                                log_error_errno(r, "Failed to convert keymap data: %m");
-                }
-        }
-
-        return sd_bus_reply_method_return(m, NULL);
-}
-
-static const sd_bus_vtable locale_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_PROPERTY("Locale", "as", property_get_locale, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("X11Layout", "s", NULL, offsetof(Context, x11_layout), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("X11Model", "s", NULL, offsetof(Context, x11_model), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("X11Variant", "s", NULL, offsetof(Context, x11_variant), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("X11Options", "s", NULL, offsetof(Context, x11_options), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("VConsoleKeymap", "s", NULL, offsetof(Context, vc_keymap), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("VConsoleKeymapToggle", "s", NULL, offsetof(Context, vc_keymap_toggle), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_METHOD("SetLocale", "asb", NULL, method_set_locale, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetVConsoleKeyboard", "ssbb", NULL, method_set_vc_keyboard, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetX11Keyboard", "ssssbb", NULL, method_set_x11_keyboard, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_VTABLE_END
-};
-
-static int connect_bus(Context *c, sd_event *event, sd_bus **_bus) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        assert(c);
-        assert(event);
-        assert(_bus);
-
-        r = sd_bus_default_system(&bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get system bus connection: %m");
-
-        r = sd_bus_add_object_vtable(bus, NULL, "/org/freedesktop/locale1", "org.freedesktop.locale1", locale_vtable, c);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register object: %m");
-
-        r = sd_bus_request_name(bus, "org.freedesktop.locale1", 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register name: %m");
-
-        r = sd_bus_attach_event(bus, event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        *_bus = bus;
-        bus = NULL;
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(context_free) Context context = {};
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-        mac_selinux_init();
-
-        if (argc != 1) {
-                log_error("This program takes no arguments.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        r = sd_event_default(&event);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate event loop: %m");
-                goto finish;
-        }
-
-        sd_event_set_watchdog(event, true);
-
-        r = connect_bus(&context, event, &bus);
-        if (r < 0)
-                goto finish;
-
-        r = context_read_data(&context);
-        if (r < 0) {
-                log_error_errno(r, "Failed to read locale data: %m");
-                goto finish;
-        }
-
-        r = bus_event_loop_with_idle(event, bus, "org.freedesktop.locale1", DEFAULT_EXIT_USEC, NULL, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Failed to run event loop: %m");
-                goto finish;
-        }
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/login/Makefile b/src/login/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/login/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/login/inhibit.c b/src/login/inhibit.c
deleted file mode 100644
index f2c37a8623..0000000000
--- a/src/login/inhibit.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fcntl.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "process-util.h"
-#include "signal-util.h"
-#include "strv.h"
-#include "user-util.h"
-#include "util.h"
-
-static const char* arg_what = "idle:sleep:shutdown";
-static const char* arg_who = NULL;
-static const char* arg_why = "Unknown reason";
-static const char* arg_mode = NULL;
-
-static enum {
-        ACTION_INHIBIT,
-        ACTION_LIST
-} arg_action = ACTION_INHIBIT;
-
-static int inhibit(sd_bus *bus, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-        int fd;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "Inhibit",
-                        error,
-                        &reply,
-                        "ssss", arg_what, arg_who, arg_why, arg_mode);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_UNIX_FD, &fd);
-        if (r < 0)
-                return r;
-
-        r = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-        if (r < 0)
-                return -errno;
-
-        return r;
-}
-
-static int print_inhibitors(sd_bus *bus, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *what, *who, *why, *mode;
-        unsigned int uid, pid;
-        unsigned n = 0;
-        int r;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "ListInhibitors",
-                        error,
-                        &reply,
-                        "");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssuu)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(ssssuu)", &what, &who, &why, &mode, &uid, &pid)) > 0) {
-                _cleanup_free_ char *comm = NULL, *u = NULL;
-
-                if (arg_mode && !streq(mode, arg_mode))
-                        continue;
-
-                get_process_comm(pid, &comm);
-                u = uid_to_name(uid);
-
-                printf("     Who: %s (UID "UID_FMT"/%s, PID "PID_FMT"/%s)\n"
-                       "    What: %s\n"
-                       "     Why: %s\n"
-                       "    Mode: %s\n\n",
-                       who, uid, strna(u), pid, strna(comm),
-                       what,
-                       why,
-                       mode);
-
-                n++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        printf("%u inhibitors listed.\n", n);
-        return 0;
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Execute a process while inhibiting shutdown/sleep/idle.\n\n"
-               "  -h --help               Show this help\n"
-               "     --version            Show package version\n"
-               "     --what=WHAT          Operations to inhibit, colon separated list of:\n"
-               "                          shutdown, sleep, idle, handle-power-key,\n"
-               "                          handle-suspend-key, handle-hibernate-key,\n"
-               "                          handle-lid-switch\n"
-               "     --who=STRING         A descriptive string who is inhibiting\n"
-               "     --why=STRING         A descriptive string why is being inhibited\n"
-               "     --mode=MODE          One of block or delay\n"
-               "     --list               List active inhibitors\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_WHAT,
-                ARG_WHO,
-                ARG_WHY,
-                ARG_MODE,
-                ARG_LIST,
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'              },
-                { "version",      no_argument,       NULL, ARG_VERSION      },
-                { "what",         required_argument, NULL, ARG_WHAT         },
-                { "who",          required_argument, NULL, ARG_WHO          },
-                { "why",          required_argument, NULL, ARG_WHY          },
-                { "mode",         required_argument, NULL, ARG_MODE         },
-                { "list",         no_argument,       NULL, ARG_LIST         },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "+h", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_WHAT:
-                        arg_what = optarg;
-                        break;
-
-                case ARG_WHO:
-                        arg_who = optarg;
-                        break;
-
-                case ARG_WHY:
-                        arg_why = optarg;
-                        break;
-
-                case ARG_MODE:
-                        arg_mode = optarg;
-                        break;
-
-                case ARG_LIST:
-                        arg_action = ACTION_LIST;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (arg_action == ACTION_INHIBIT && optind == argc)
-                arg_action = ACTION_LIST;
-
-        else if (arg_action == ACTION_INHIBIT && optind >= argc) {
-                log_error("Missing command line to execute.");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r < 0)
-                return EXIT_FAILURE;
-        if (r == 0)
-                return EXIT_SUCCESS;
-
-        r = sd_bus_default_system(&bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to connect to bus: %m");
-                return EXIT_FAILURE;
-        }
-
-        if (arg_action == ACTION_LIST) {
-
-                r = print_inhibitors(bus, &error);
-                if (r < 0) {
-                        log_error("Failed to list inhibitors: %s", bus_error_message(&error, -r));
-                        return EXIT_FAILURE;
-                }
-
-        } else {
-                _cleanup_close_ int fd = -1;
-                _cleanup_free_ char *w = NULL;
-                pid_t pid;
-
-                if (!arg_who)
-                        arg_who = w = strv_join(argv + optind, " ");
-
-                if (!arg_mode)
-                        arg_mode = "block";
-
-                fd = inhibit(bus, &error);
-                if (fd < 0) {
-                        log_error("Failed to inhibit: %s", bus_error_message(&error, fd));
-                        return EXIT_FAILURE;
-                }
-
-                pid = fork();
-                if (pid < 0) {
-                        log_error_errno(errno, "Failed to fork: %m");
-                        return EXIT_FAILURE;
-                }
-
-                if (pid == 0) {
-                        /* Child */
-
-                        (void) reset_all_signal_handlers();
-                        (void) reset_signal_mask();
-
-                        close_all_fds(NULL, 0);
-
-                        execvp(argv[optind], argv + optind);
-                        log_error_errno(errno, "Failed to execute %s: %m", argv[optind]);
-                        _exit(EXIT_FAILURE);
-                }
-
-                r = wait_for_terminate_and_warn(argv[optind], pid, true);
-                return r < 0 ? EXIT_FAILURE : r;
-        }
-
-        return 0;
-}
diff --git a/src/login/loginctl.c b/src/login/loginctl.c
deleted file mode 100644
index 1c75565636..0000000000
--- a/src/login/loginctl.c
+++ /dev/null
@@ -1,1585 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <getopt.h>
-#include <locale.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-unit-util.h"
-#include "bus-util.h"
-#include "cgroup-show.h"
-#include "cgroup-util.h"
-#include "log.h"
-#include "logs-show.h"
-#include "macro.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "process-util.h"
-#include "signal-util.h"
-#include "spawn-polkit-agent.h"
-#include "strv.h"
-#include "sysfs-show.h"
-#include "terminal-util.h"
-#include "unit-name.h"
-#include "user-util.h"
-#include "util.h"
-#include "verbs.h"
-
-static char **arg_property = NULL;
-static bool arg_all = false;
-static bool arg_value = false;
-static bool arg_full = false;
-static bool arg_no_pager = false;
-static bool arg_legend = true;
-static const char *arg_kill_who = NULL;
-static int arg_signal = SIGTERM;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static char *arg_host = NULL;
-static bool arg_ask_password = true;
-static unsigned arg_lines = 10;
-static OutputMode arg_output = OUTPUT_SHORT;
-
-static void polkit_agent_open_if_enabled(void) {
-
-        /* Open the polkit agent as a child process if necessary */
-
-        if (!arg_ask_password)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        polkit_agent_open();
-}
-
-static OutputFlags get_output_flags(void) {
-
-        return
-                arg_all * OUTPUT_SHOW_ALL |
-                arg_full * OUTPUT_FULL_WIDTH |
-                (!on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
-                colors_enabled() * OUTPUT_COLOR;
-}
-
-static int list_sessions(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *id, *user, *seat, *object;
-        sd_bus *bus = userdata;
-        unsigned k = 0;
-        uint32_t uid;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "ListSessions",
-                        &error, &reply,
-                        "");
-        if (r < 0) {
-                log_error("Failed to list sessions: %s", bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_message_enter_container(reply, 'a', "(susso)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (arg_legend)
-                printf("%10s %10s %-16s %-16s\n", "SESSION", "UID", "USER", "SEAT");
-
-        while ((r = sd_bus_message_read(reply, "(susso)", &id, &uid, &user, &seat, &object)) > 0) {
-                printf("%10s %10u %-16s %-16s\n", id, (unsigned) uid, user, seat);
-                k++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (arg_legend)
-                printf("\n%u sessions listed.\n", k);
-
-        return 0;
-}
-
-static int list_users(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *user, *object;
-        sd_bus *bus = userdata;
-        unsigned k = 0;
-        uint32_t uid;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "ListUsers",
-                        &error, &reply,
-                        "");
-        if (r < 0) {
-                log_error("Failed to list users: %s", bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_message_enter_container(reply, 'a', "(uso)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (arg_legend)
-                printf("%10s %-16s\n", "UID", "USER");
-
-        while ((r = sd_bus_message_read(reply, "(uso)", &uid, &user, &object)) > 0) {
-                printf("%10u %-16s\n", (unsigned) uid, user);
-                k++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (arg_legend)
-                printf("\n%u users listed.\n", k);
-
-        return 0;
-}
-
-static int list_seats(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *seat, *object;
-        sd_bus *bus = userdata;
-        unsigned k = 0;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "ListSeats",
-                        &error, &reply,
-                        "");
-        if (r < 0) {
-                log_error("Failed to list seats: %s", bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_message_enter_container(reply, 'a', "(so)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (arg_legend)
-                printf("%-16s\n", "SEAT");
-
-        while ((r = sd_bus_message_read(reply, "(so)", &seat, &object)) > 0) {
-                printf("%-16s\n", seat);
-                k++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (arg_legend)
-                printf("\n%u seats listed.\n", k);
-
-        return 0;
-}
-
-static int show_unit_cgroup(sd_bus *bus, const char *interface, const char *unit, pid_t leader) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ char *path = NULL;
-        const char *cgroup;
-        unsigned c;
-        int r;
-
-        assert(bus);
-        assert(unit);
-
-        path = unit_dbus_path_from_name(unit);
-        if (!path)
-                return log_oom();
-
-        r = sd_bus_get_property(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        interface,
-                        "ControlGroup",
-                        &error,
-                        &reply,
-                        "s");
-        if (r < 0)
-                return log_error_errno(r, "Failed to query ControlGroup: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_read(reply, "s", &cgroup);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (isempty(cgroup))
-                return 0;
-
-        c = columns();
-        if (c > 18)
-                c -= 18;
-        else
-                c = 0;
-
-        r = unit_show_processes(bus, unit, cgroup, "\t\t  ", c, get_output_flags(), &error);
-        if (r == -EBADR) {
-
-                if (arg_transport == BUS_TRANSPORT_REMOTE)
-                        return 0;
-
-                /* Fallback for older systemd versions where the GetUnitProcesses() call is not yet available */
-
-                if (cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) != 0 && leader <= 0)
-                        return 0;
-
-                show_cgroup_and_extra(SYSTEMD_CGROUP_CONTROLLER, cgroup, "\t\t  ", c, &leader, leader > 0, get_output_flags());
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to dump process list: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-typedef struct SessionStatusInfo {
-        char *id;
-        uid_t uid;
-        char *name;
-        struct dual_timestamp timestamp;
-        unsigned int vtnr;
-        char *seat;
-        char *tty;
-        char *display;
-        bool remote;
-        char *remote_host;
-        char *remote_user;
-        char *service;
-        pid_t leader;
-        char *type;
-        char *class;
-        char *state;
-        char *scope;
-        char *desktop;
-} SessionStatusInfo;
-
-typedef struct UserStatusInfo {
-        uid_t uid;
-        bool linger;
-        char *name;
-        struct dual_timestamp timestamp;
-        char *state;
-        char **sessions;
-        char *display;
-        char *slice;
-} UserStatusInfo;
-
-typedef struct SeatStatusInfo {
-        char *id;
-        char *active_session;
-        char **sessions;
-} SeatStatusInfo;
-
-static void session_status_info_clear(SessionStatusInfo *info) {
-        if (info) {
-                free(info->id);
-                free(info->name);
-                free(info->seat);
-                free(info->tty);
-                free(info->display);
-                free(info->remote_host);
-                free(info->remote_user);
-                free(info->service);
-                free(info->type);
-                free(info->class);
-                free(info->state);
-                free(info->scope);
-                free(info->desktop);
-                zero(*info);
-        }
-}
-
-static void user_status_info_clear(UserStatusInfo *info) {
-        if (info) {
-                free(info->name);
-                free(info->state);
-                strv_free(info->sessions);
-                free(info->display);
-                free(info->slice);
-                zero(*info);
-        }
-}
-
-static void seat_status_info_clear(SeatStatusInfo *info) {
-        if (info) {
-                free(info->id);
-                free(info->active_session);
-                strv_free(info->sessions);
-                zero(*info);
-        }
-}
-
-static int prop_map_first_of_struct(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
-        const char *contents;
-        int r;
-
-        r = sd_bus_message_peek_type(m, NULL, &contents);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_STRUCT, contents);
-        if (r < 0)
-                return r;
-
-        if (contents[0] == 's' || contents[0] == 'o') {
-                const char *s;
-                char **p = (char **) userdata;
-
-                r = sd_bus_message_read_basic(m, contents[0], &s);
-                if (r < 0)
-                        return r;
-
-                r = free_and_strdup(p, s);
-                if (r < 0)
-                        return r;
-        } else {
-                r = sd_bus_message_read_basic(m, contents[0], userdata);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_skip(m, contents+1);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_exit_container(m);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int prop_map_sessions_strv(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
-        const char *name;
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        r = sd_bus_message_enter_container(m, 'a', "(so)");
-        if (r < 0)
-                return r;
-
-        while ((r = sd_bus_message_read(m, "(so)", &name, NULL)) > 0) {
-                r = strv_extend(userdata, name);
-                if (r < 0)
-                        return r;
-        }
-        if (r < 0)
-                return r;
-
-        return sd_bus_message_exit_container(m);
-}
-
-static int print_session_status_info(sd_bus *bus, const char *path, bool *new_line) {
-
-        static const struct bus_properties_map map[]  = {
-                { "Id",                  "s",    NULL,                     offsetof(SessionStatusInfo, id)                  },
-                { "Name",                "s",    NULL,                     offsetof(SessionStatusInfo, name)                },
-                { "TTY",                 "s",    NULL,                     offsetof(SessionStatusInfo, tty)                 },
-                { "Display",             "s",    NULL,                     offsetof(SessionStatusInfo, display)             },
-                { "RemoteHost",          "s",    NULL,                     offsetof(SessionStatusInfo, remote_host)         },
-                { "RemoteUser",          "s",    NULL,                     offsetof(SessionStatusInfo, remote_user)         },
-                { "Service",             "s",    NULL,                     offsetof(SessionStatusInfo, service)             },
-                { "Desktop",             "s",    NULL,                     offsetof(SessionStatusInfo, desktop)             },
-                { "Type",                "s",    NULL,                     offsetof(SessionStatusInfo, type)                },
-                { "Class",               "s",    NULL,                     offsetof(SessionStatusInfo, class)               },
-                { "Scope",               "s",    NULL,                     offsetof(SessionStatusInfo, scope)               },
-                { "State",               "s",    NULL,                     offsetof(SessionStatusInfo, state)               },
-                { "VTNr",                "u",    NULL,                     offsetof(SessionStatusInfo, vtnr)                },
-                { "Leader",              "u",    NULL,                     offsetof(SessionStatusInfo, leader)              },
-                { "Remote",              "b",    NULL,                     offsetof(SessionStatusInfo, remote)              },
-                { "Timestamp",           "t",    NULL,                     offsetof(SessionStatusInfo, timestamp.realtime)  },
-                { "TimestampMonotonic",  "t",    NULL,                     offsetof(SessionStatusInfo, timestamp.monotonic) },
-                { "User",                "(uo)", prop_map_first_of_struct, offsetof(SessionStatusInfo, uid)                 },
-                { "Seat",                "(so)", prop_map_first_of_struct, offsetof(SessionStatusInfo, seat)                },
-                {}
-        };
-
-        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
-        char since2[FORMAT_TIMESTAMP_MAX], *s2;
-        _cleanup_(session_status_info_clear) SessionStatusInfo i = {};
-        int r;
-
-        r = bus_map_all_properties(bus, "org.freedesktop.login1", path, map, &i);
-        if (r < 0)
-                return log_error_errno(r, "Could not get properties: %m");
-
-        if (*new_line)
-                printf("\n");
-
-        *new_line = true;
-
-        printf("%s - ", strna(i.id));
-
-        if (i.name)
-                printf("%s (%u)\n", i.name, (unsigned) i.uid);
-        else
-                printf("%u\n", (unsigned) i.uid);
-
-        s1 = format_timestamp_relative(since1, sizeof(since1), i.timestamp.realtime);
-        s2 = format_timestamp(since2, sizeof(since2), i.timestamp.realtime);
-
-        if (s1)
-                printf("\t   Since: %s; %s\n", s2, s1);
-        else if (s2)
-                printf("\t   Since: %s\n", s2);
-
-        if (i.leader > 0) {
-                _cleanup_free_ char *t = NULL;
-
-                printf("\t  Leader: %u", (unsigned) i.leader);
-
-                get_process_comm(i.leader, &t);
-                if (t)
-                        printf(" (%s)", t);
-
-                printf("\n");
-        }
-
-        if (!isempty(i.seat)) {
-                printf("\t    Seat: %s", i.seat);
-
-                if (i.vtnr > 0)
-                        printf("; vc%u", i.vtnr);
-
-                printf("\n");
-        }
-
-        if (i.tty)
-                printf("\t     TTY: %s\n", i.tty);
-        else if (i.display)
-                printf("\t Display: %s\n", i.display);
-
-        if (i.remote_host && i.remote_user)
-                printf("\t  Remote: %s@%s\n", i.remote_user, i.remote_host);
-        else if (i.remote_host)
-                printf("\t  Remote: %s\n", i.remote_host);
-        else if (i.remote_user)
-                printf("\t  Remote: user %s\n", i.remote_user);
-        else if (i.remote)
-                printf("\t  Remote: Yes\n");
-
-        if (i.service) {
-                printf("\t Service: %s", i.service);
-
-                if (i.type)
-                        printf("; type %s", i.type);
-
-                if (i.class)
-                        printf("; class %s", i.class);
-
-                printf("\n");
-        } else if (i.type) {
-                printf("\t    Type: %s", i.type);
-
-                if (i.class)
-                        printf("; class %s", i.class);
-
-                printf("\n");
-        } else if (i.class)
-                printf("\t   Class: %s\n", i.class);
-
-        if (!isempty(i.desktop))
-                printf("\t Desktop: %s\n", i.desktop);
-
-        if (i.state)
-                printf("\t   State: %s\n", i.state);
-
-        if (i.scope) {
-                printf("\t    Unit: %s\n", i.scope);
-                show_unit_cgroup(bus, "org.freedesktop.systemd1.Scope", i.scope, i.leader);
-
-                if (arg_transport == BUS_TRANSPORT_LOCAL) {
-
-                        show_journal_by_unit(
-                                        stdout,
-                                        i.scope,
-                                        arg_output,
-                                        0,
-                                        i.timestamp.monotonic,
-                                        arg_lines,
-                                        0,
-                                        get_output_flags() | OUTPUT_BEGIN_NEWLINE,
-                                        SD_JOURNAL_LOCAL_ONLY,
-                                        true,
-                                        NULL);
-                }
-        }
-
-        return 0;
-}
-
-static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) {
-
-        static const struct bus_properties_map map[]  = {
-                { "Name",               "s",     NULL,                     offsetof(UserStatusInfo, name)                },
-                { "Linger",             "b",     NULL,                     offsetof(UserStatusInfo, linger)              },
-                { "Slice",              "s",     NULL,                     offsetof(UserStatusInfo, slice)               },
-                { "State",              "s",     NULL,                     offsetof(UserStatusInfo, state)               },
-                { "UID",                "u",     NULL,                     offsetof(UserStatusInfo, uid)                 },
-                { "Timestamp",          "t",     NULL,                     offsetof(UserStatusInfo, timestamp.realtime)  },
-                { "TimestampMonotonic", "t",     NULL,                     offsetof(UserStatusInfo, timestamp.monotonic) },
-                { "Display",            "(so)",  prop_map_first_of_struct, offsetof(UserStatusInfo, display)             },
-                { "Sessions",           "a(so)", prop_map_sessions_strv,   offsetof(UserStatusInfo, sessions)            },
-                {}
-        };
-
-        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
-        char since2[FORMAT_TIMESTAMP_MAX], *s2;
-        _cleanup_(user_status_info_clear) UserStatusInfo i = {};
-        int r;
-
-        r = bus_map_all_properties(bus, "org.freedesktop.login1", path, map, &i);
-        if (r < 0)
-                return log_error_errno(r, "Could not get properties: %m");
-
-        if (*new_line)
-                printf("\n");
-
-        *new_line = true;
-
-        if (i.name)
-                printf("%s (%u)\n", i.name, (unsigned) i.uid);
-        else
-                printf("%u\n", (unsigned) i.uid);
-
-        s1 = format_timestamp_relative(since1, sizeof(since1), i.timestamp.realtime);
-        s2 = format_timestamp(since2, sizeof(since2), i.timestamp.realtime);
-
-        if (s1)
-                printf("\t   Since: %s; %s\n", s2, s1);
-        else if (s2)
-                printf("\t   Since: %s\n", s2);
-
-        if (!isempty(i.state))
-                printf("\t   State: %s\n", i.state);
-
-        if (!strv_isempty(i.sessions)) {
-                char **l;
-                printf("\tSessions:");
-
-                STRV_FOREACH(l, i.sessions)
-                        printf(" %s%s",
-                               streq_ptr(*l, i.display) ? "*" : "",
-                               *l);
-
-                printf("\n");
-        }
-
-        printf("\t  Linger: %s\n", yes_no(i.linger));
-
-        if (i.slice) {
-                printf("\t    Unit: %s\n", i.slice);
-                show_unit_cgroup(bus, "org.freedesktop.systemd1.Slice", i.slice, 0);
-
-                show_journal_by_unit(
-                                stdout,
-                                i.slice,
-                                arg_output,
-                                0,
-                                i.timestamp.monotonic,
-                                arg_lines,
-                                0,
-                                get_output_flags() | OUTPUT_BEGIN_NEWLINE,
-                                SD_JOURNAL_LOCAL_ONLY,
-                                true,
-                                NULL);
-        }
-
-        return 0;
-}
-
-static int print_seat_status_info(sd_bus *bus, const char *path, bool *new_line) {
-
-        static const struct bus_properties_map map[]  = {
-                { "Id",            "s",     NULL, offsetof(SeatStatusInfo, id) },
-                { "ActiveSession", "(so)",  prop_map_first_of_struct, offsetof(SeatStatusInfo, active_session) },
-                { "Sessions",      "a(so)", prop_map_sessions_strv, offsetof(SeatStatusInfo, sessions) },
-                {}
-        };
-
-        _cleanup_(seat_status_info_clear) SeatStatusInfo i = {};
-        int r;
-
-        r = bus_map_all_properties(bus, "org.freedesktop.login1", path, map, &i);
-        if (r < 0)
-                return log_error_errno(r, "Could not get properties: %m");
-
-        if (*new_line)
-                printf("\n");
-
-        *new_line = true;
-
-        printf("%s\n", strna(i.id));
-
-        if (!strv_isempty(i.sessions)) {
-                char **l;
-                printf("\tSessions:");
-
-                STRV_FOREACH(l, i.sessions) {
-                        if (streq_ptr(*l, i.active_session))
-                                printf(" *%s", *l);
-                        else
-                                printf(" %s", *l);
-                }
-
-                printf("\n");
-        }
-
-        if (arg_transport == BUS_TRANSPORT_LOCAL) {
-                unsigned c;
-
-                c = columns();
-                if (c > 21)
-                        c -= 21;
-                else
-                        c = 0;
-
-                printf("\t Devices:\n");
-
-                show_sysfs(i.id, "\t\t  ", c);
-        }
-
-        return 0;
-}
-
-#define property(name, fmt, ...)                                        \
-        do {                                                            \
-                if (arg_value)                                          \
-                        printf(fmt "\n", __VA_ARGS__);                  \
-                else                                                    \
-                        printf("%s=" fmt "\n", name, __VA_ARGS__);      \
-        } while(0)
-
-static int print_property(const char *name, sd_bus_message *m, const char *contents) {
-        int r;
-
-        assert(name);
-        assert(m);
-        assert(contents);
-
-        if (arg_property && !strv_find(arg_property, name))
-                /* skip what we didn't read */
-                return sd_bus_message_skip(m, contents);
-
-        switch (contents[0]) {
-
-        case SD_BUS_TYPE_STRUCT_BEGIN:
-
-                if (contents[1] == SD_BUS_TYPE_STRING && STR_IN_SET(name, "Display", "Seat", "ActiveSession")) {
-                        const char *s;
-
-                        r = sd_bus_message_read(m, "(so)", &s, NULL);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (arg_all || !isempty(s))
-                                property(name, "%s", s);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_UINT32 && streq(name, "User")) {
-                        uint32_t uid;
-
-                        r = sd_bus_message_read(m, "(uo)", &uid, NULL);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (!uid_is_valid(uid)) {
-                                log_error("Invalid user ID: " UID_FMT, uid);
-                                return -EINVAL;
-                        }
-
-                        property(name, UID_FMT, uid);
-                        return 0;
-                }
-
-                break;
-
-        case SD_BUS_TYPE_ARRAY:
-
-                if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Sessions")) {
-                        const char *s;
-                        bool space = false;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(so)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (!arg_value)
-                                printf("%s=", name);
-
-                        while ((r = sd_bus_message_read(m, "(so)", &s, NULL)) > 0) {
-                                printf("%s%s", space ? " " : "", s);
-                                space = true;
-                        }
-
-                        if (space || !arg_value)
-                                printf("\n");
-
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-                }
-
-                break;
-        }
-
-        r = bus_print_property(name, m, arg_value, arg_all);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (r == 0) {
-                r = sd_bus_message_skip(m, contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (arg_all)
-                        printf("%s=[unprintable]\n", name);
-        }
-
-        return 0;
-}
-
-static int show_properties(sd_bus *bus, const char *path, bool *new_line) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(new_line);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        path,
-                        "org.freedesktop.DBus.Properties",
-                        "GetAll",
-                        &error,
-                        &reply,
-                        "s", "");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get properties: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (*new_line)
-                printf("\n");
-
-        *new_line = true;
-
-        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
-                const char *name, *contents;
-
-                r = sd_bus_message_read(reply, "s", &name);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_peek_type(reply, NULL, &contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = print_property(name, reply, contents);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return 0;
-}
-
-static int show_session(int argc, char *argv[], void *userdata) {
-        bool properties, new_line = false;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        properties = !strstr(argv[0], "status");
-
-        pager_open(arg_no_pager, false);
-
-        if (argc <= 1) {
-                /* If not argument is specified inspect the manager
-                 * itself */
-                if (properties)
-                        return show_properties(bus, "/org/freedesktop/login1", &new_line);
-
-                /* And in the pretty case, show data of the calling session */
-                return print_session_status_info(bus, "/org/freedesktop/login1/session/self", &new_line);
-        }
-
-        for (i = 1; i < argc; i++) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message * reply = NULL;
-                const char *path = NULL;
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.login1",
-                                "/org/freedesktop/login1",
-                                "org.freedesktop.login1.Manager",
-                                "GetSession",
-                                &error, &reply,
-                                "s", argv[i]);
-                if (r < 0) {
-                        log_error("Failed to get session: %s", bus_error_message(&error, r));
-                        return r;
-                }
-
-                r = sd_bus_message_read(reply, "o", &path);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (properties)
-                        r = show_properties(bus, path, &new_line);
-                else
-                        r = print_session_status_info(bus, path, &new_line);
-
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int show_user(int argc, char *argv[], void *userdata) {
-        bool properties, new_line = false;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        properties = !strstr(argv[0], "status");
-
-        pager_open(arg_no_pager, false);
-
-        if (argc <= 1) {
-                /* If not argument is specified inspect the manager
-                 * itself */
-                if (properties)
-                        return show_properties(bus, "/org/freedesktop/login1", &new_line);
-
-                return print_user_status_info(bus, "/org/freedesktop/login1/user/self", &new_line);
-        }
-
-        for (i = 1; i < argc; i++) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message * reply = NULL;
-                const char *path = NULL;
-                uid_t uid;
-
-                r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.login1",
-                                "/org/freedesktop/login1",
-                                "org.freedesktop.login1.Manager",
-                                "GetUser",
-                                &error, &reply,
-                                "u", (uint32_t) uid);
-                if (r < 0) {
-                        log_error("Failed to get user: %s", bus_error_message(&error, r));
-                        return r;
-                }
-
-                r = sd_bus_message_read(reply, "o", &path);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (properties)
-                        r = show_properties(bus, path, &new_line);
-                else
-                        r = print_user_status_info(bus, path, &new_line);
-
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int show_seat(int argc, char *argv[], void *userdata) {
-        bool properties, new_line = false;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        properties = !strstr(argv[0], "status");
-
-        pager_open(arg_no_pager, false);
-
-        if (argc <= 1) {
-                /* If not argument is specified inspect the manager
-                 * itself */
-                if (properties)
-                        return show_properties(bus, "/org/freedesktop/login1", &new_line);
-
-                return print_seat_status_info(bus, "/org/freedesktop/login1/seat/self", &new_line);
-        }
-
-        for (i = 1; i < argc; i++) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message * reply = NULL;
-                const char *path = NULL;
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.login1",
-                                "/org/freedesktop/login1",
-                                "org.freedesktop.login1.Manager",
-                                "GetSeat",
-                                &error, &reply,
-                                "s", argv[i]);
-                if (r < 0) {
-                        log_error("Failed to get seat: %s", bus_error_message(&error, r));
-                        return r;
-                }
-
-                r = sd_bus_message_read(reply, "o", &path);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (properties)
-                        r = show_properties(bus, path, &new_line);
-                else
-                        r = print_seat_status_info(bus, path, &new_line);
-
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int activate(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        char *short_argv[3];
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        if (argc < 2) {
-                /* No argument? Let's convert this into the empty
-                 * session name, which the calls will then resolve to
-                 * the caller's session. */
-
-                short_argv[0] = argv[0];
-                short_argv[1] = (char*) "";
-                short_argv[2] = NULL;
-
-                argv = short_argv;
-                argc = 2;
-        }
-
-        for (i = 1; i < argc; i++) {
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.login1",
-                                "/org/freedesktop/login1",
-                                "org.freedesktop.login1.Manager",
-                                streq(argv[0], "lock-session")      ? "LockSession" :
-                                streq(argv[0], "unlock-session")    ? "UnlockSession" :
-                                streq(argv[0], "terminate-session") ? "TerminateSession" :
-                                                                      "ActivateSession",
-                                &error, NULL,
-                                "s", argv[i]);
-                if (r < 0) {
-                        log_error("Failed to issue method call: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int kill_session(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        if (!arg_kill_who)
-                arg_kill_who = "all";
-
-        for (i = 1; i < argc; i++) {
-
-                r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "KillSession",
-                        &error, NULL,
-                        "ssi", argv[i], arg_kill_who, arg_signal);
-                if (r < 0) {
-                        log_error("Could not kill session: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int enable_linger(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        char* short_argv[3];
-        bool b;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        b = streq(argv[0], "enable-linger");
-
-        if (argc < 2) {
-                short_argv[0] = argv[0];
-                short_argv[1] = (char*) "";
-                short_argv[2] = NULL;
-                argv = short_argv;
-                argc = 2;
-        }
-
-        for (i = 1; i < argc; i++) {
-                uid_t uid;
-
-                if (isempty(argv[i]))
-                        uid = UID_INVALID;
-                else {
-                        r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
-                }
-
-                r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "SetUserLinger",
-                        &error, NULL,
-                        "ubb", (uint32_t) uid, b, true);
-                if (r < 0) {
-                        log_error("Could not enable linger: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int terminate_user(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        for (i = 1; i < argc; i++) {
-                uid_t uid;
-
-                r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
-
-                r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "TerminateUser",
-                        &error, NULL,
-                        "u", (uint32_t) uid);
-                if (r < 0) {
-                        log_error("Could not terminate user: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int kill_user(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        if (!arg_kill_who)
-                arg_kill_who = "all";
-
-        for (i = 1; i < argc; i++) {
-                uid_t uid;
-
-                r = get_user_creds((const char**) (argv+i), &uid, NULL, NULL, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to look up user %s: %m", argv[i]);
-
-                r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "KillUser",
-                        &error, NULL,
-                        "ui", (uint32_t) uid, arg_signal);
-                if (r < 0) {
-                        log_error("Could not kill user: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int attach(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        for (i = 2; i < argc; i++) {
-
-                r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "AttachDevice",
-                        &error, NULL,
-                        "ssb", argv[1], argv[i], true);
-
-                if (r < 0) {
-                        log_error("Could not attach device: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int flush_devices(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "FlushDevices",
-                        &error, NULL,
-                        "b", true);
-        if (r < 0)
-                log_error("Could not flush devices: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static int lock_sessions(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        streq(argv[0], "lock-sessions") ? "LockSessions" : "UnlockSessions",
-                        &error, NULL,
-                        NULL);
-        if (r < 0)
-                log_error("Could not lock sessions: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static int terminate_seat(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        for (i = 1; i < argc; i++) {
-
-                r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "TerminateSeat",
-                        &error, NULL,
-                        "s", argv[i]);
-                if (r < 0) {
-                        log_error("Could not terminate seat: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int help(int argc, char *argv[], void *userdata) {
-
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Send control commands to or query the login manager.\n\n"
-               "  -h --help                Show this help\n"
-               "     --version             Show package version\n"
-               "     --no-pager            Do not pipe output into a pager\n"
-               "     --no-legend           Do not show the headers and footers\n"
-               "     --no-ask-password     Don't prompt for password\n"
-               "  -H --host=[USER@]HOST    Operate on remote host\n"
-               "  -M --machine=CONTAINER   Operate on local container\n"
-               "  -p --property=NAME       Show only properties by this name\n"
-               "  -a --all                 Show all properties, including empty ones\n"
-               "     --value               When showing properties, only print the value\n"
-               "  -l --full                Do not ellipsize output\n"
-               "     --kill-who=WHO        Who to send signal to\n"
-               "  -s --signal=SIGNAL       Which signal to send\n"
-               "  -n --lines=INTEGER       Number of journal entries to show\n"
-               "  -o --output=STRING       Change journal output mode (short, short-monotonic,\n"
-               "                           verbose, export, json, json-pretty, json-sse, cat)\n\n"
-               "Session Commands:\n"
-               "  list-sessions            List sessions\n"
-               "  session-status [ID...]   Show session status\n"
-               "  show-session [ID...]     Show properties of sessions or the manager\n"
-               "  activate [ID]            Activate a session\n"
-               "  lock-session [ID...]     Screen lock one or more sessions\n"
-               "  unlock-session [ID...]   Screen unlock one or more sessions\n"
-               "  lock-sessions            Screen lock all current sessions\n"
-               "  unlock-sessions          Screen unlock all current sessions\n"
-               "  terminate-session ID...  Terminate one or more sessions\n"
-               "  kill-session ID...       Send signal to processes of a session\n\n"
-               "User Commands:\n"
-               "  list-users               List users\n"
-               "  user-status [USER...]    Show user status\n"
-               "  show-user [USER...]      Show properties of users or the manager\n"
-               "  enable-linger [USER...]  Enable linger state of one or more users\n"
-               "  disable-linger [USER...] Disable linger state of one or more users\n"
-               "  terminate-user USER...   Terminate all sessions of one or more users\n"
-               "  kill-user USER...        Send signal to processes of a user\n\n"
-               "Seat Commands:\n"
-               "  list-seats               List seats\n"
-               "  seat-status [NAME...]    Show seat status\n"
-               "  show-seat [NAME...]      Show properties of seats or the manager\n"
-               "  attach NAME DEVICE...    Attach one or more devices to a seat\n"
-               "  flush-devices            Flush all device associations\n"
-               "  terminate-seat NAME...   Terminate all sessions on one or more seats\n"
-               , program_invocation_short_name);
-
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_VALUE,
-                ARG_NO_PAGER,
-                ARG_NO_LEGEND,
-                ARG_KILL_WHO,
-                ARG_NO_ASK_PASSWORD,
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'                 },
-                { "version",         no_argument,       NULL, ARG_VERSION         },
-                { "property",        required_argument, NULL, 'p'                 },
-                { "all",             no_argument,       NULL, 'a'                 },
-                { "value",           no_argument,       NULL, ARG_VALUE           },
-                { "full",            no_argument,       NULL, 'l'                 },
-                { "no-pager",        no_argument,       NULL, ARG_NO_PAGER        },
-                { "no-legend",       no_argument,       NULL, ARG_NO_LEGEND       },
-                { "kill-who",        required_argument, NULL, ARG_KILL_WHO        },
-                { "signal",          required_argument, NULL, 's'                 },
-                { "host",            required_argument, NULL, 'H'                 },
-                { "machine",         required_argument, NULL, 'M'                 },
-                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
-                { "lines",           required_argument, NULL, 'n'                 },
-                { "output",          required_argument, NULL, 'o'                 },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hp:als:H:M:n:o:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help(0, NULL, NULL);
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'p': {
-                        r = strv_extend(&arg_property, optarg);
-                        if (r < 0)
-                                return log_oom();
-
-                        /* If the user asked for a particular
-                         * property, show it to him, even if it is
-                         * empty. */
-                        arg_all = true;
-                        break;
-                }
-
-                case 'a':
-                        arg_all = true;
-                        break;
-
-                case ARG_VALUE:
-                        arg_value = true;
-                        break;
-
-                case 'l':
-                        arg_full = true;
-                        break;
-
-                case 'n':
-                        if (safe_atou(optarg, &arg_lines) < 0) {
-                                log_error("Failed to parse lines '%s'", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case 'o':
-                        arg_output = output_mode_from_string(optarg);
-                        if (arg_output < 0) {
-                                log_error("Unknown output '%s'.", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_NO_LEGEND:
-                        arg_legend = false;
-                        break;
-
-                case ARG_NO_ASK_PASSWORD:
-                        arg_ask_password = false;
-                        break;
-
-                case ARG_KILL_WHO:
-                        arg_kill_who = optarg;
-                        break;
-
-                case 's':
-                        arg_signal = signal_from_string_try_harder(optarg);
-                        if (arg_signal < 0) {
-                                log_error("Failed to parse signal string %s.", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
-
-        static const Verb verbs[] = {
-                { "help",              VERB_ANY, VERB_ANY, 0,            help              },
-                { "list-sessions",     VERB_ANY, 1,        VERB_DEFAULT, list_sessions     },
-                { "session-status",    VERB_ANY, VERB_ANY, 0,            show_session      },
-                { "show-session",      VERB_ANY, VERB_ANY, 0,            show_session      },
-                { "activate",          VERB_ANY, 2,        0,            activate          },
-                { "lock-session",      VERB_ANY, VERB_ANY, 0,            activate          },
-                { "unlock-session",    VERB_ANY, VERB_ANY, 0,            activate          },
-                { "lock-sessions",     VERB_ANY, 1,        0,            lock_sessions     },
-                { "unlock-sessions",   VERB_ANY, 1,        0,            lock_sessions     },
-                { "terminate-session", 2,        VERB_ANY, 0,            activate          },
-                { "kill-session",      2,        VERB_ANY, 0,            kill_session      },
-                { "list-users",        VERB_ANY, 1,        0,            list_users        },
-                { "user-status",       VERB_ANY, VERB_ANY, 0,            show_user         },
-                { "show-user",         VERB_ANY, VERB_ANY, 0,            show_user         },
-                { "enable-linger",     VERB_ANY, VERB_ANY, 0,            enable_linger     },
-                { "disable-linger",    VERB_ANY, VERB_ANY, 0,            enable_linger     },
-                { "terminate-user",    2,        VERB_ANY, 0,            terminate_user    },
-                { "kill-user",         2,        VERB_ANY, 0,            kill_user         },
-                { "list-seats",        VERB_ANY, 1,        0,            list_seats        },
-                { "seat-status",       VERB_ANY, VERB_ANY, 0,            show_seat         },
-                { "show-seat",         VERB_ANY, VERB_ANY, 0,            show_seat         },
-                { "attach",            3,        VERB_ANY, 0,            attach            },
-                { "flush-devices",     VERB_ANY, 1,        0,            flush_devices     },
-                { "terminate-seat",    2,        VERB_ANY, 0,            terminate_seat    },
-                {}
-        };
-
-        return dispatch_verb(argc, argv, verbs, bus);
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create bus connection: %m");
-                goto finish;
-        }
-
-        sd_bus_set_allow_interactive_authorization(bus, arg_ask_password);
-
-        r = loginctl_main(argc, argv, bus);
-
-finish:
-        pager_close();
-        polkit_agent_close();
-
-        strv_free(arg_property);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/login/logind-button.c b/src/login/logind-button.c
deleted file mode 100644
index baa6b7113c..0000000000
--- a/src/login/logind-button.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <unistd.h>
-#include <linux/input.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "logind-button.h"
-#include "string-util.h"
-#include "util.h"
-
-Button* button_new(Manager *m, const char *name) {
-        Button *b;
-
-        assert(m);
-        assert(name);
-
-        b = new0(Button, 1);
-        if (!b)
-                return NULL;
-
-        b->name = strdup(name);
-        if (!b->name) {
-                free(b);
-                return NULL;
-        }
-
-        if (hashmap_put(m->buttons, b->name, b) < 0) {
-                free(b->name);
-                free(b);
-                return NULL;
-        }
-
-        b->manager = m;
-        b->fd = -1;
-
-        return b;
-}
-
-void button_free(Button *b) {
-        assert(b);
-
-        hashmap_remove(b->manager->buttons, b->name);
-
-        sd_event_source_unref(b->io_event_source);
-        sd_event_source_unref(b->check_event_source);
-
-        if (b->fd >= 0)
-                /* If the device has been unplugged close() returns
-                 * ENODEV, let's ignore this, hence we don't use
-                 * safe_close() */
-                (void) close(b->fd);
-
-        free(b->name);
-        free(b->seat);
-        free(b);
-}
-
-int button_set_seat(Button *b, const char *sn) {
-        char *s;
-
-        assert(b);
-        assert(sn);
-
-        s = strdup(sn);
-        if (!s)
-                return -ENOMEM;
-
-        free(b->seat);
-        b->seat = s;
-
-        return 0;
-}
-
-static void button_lid_switch_handle_action(Manager *manager, bool is_edge) {
-        HandleAction handle_action;
-
-        assert(manager);
-
-        /* If we are docked, handle the lid switch differently */
-        if (manager_is_docked_or_external_displays(manager))
-                handle_action = manager->handle_lid_switch_docked;
-        else
-                handle_action = manager->handle_lid_switch;
-
-        manager_handle_action(manager, INHIBIT_HANDLE_LID_SWITCH, handle_action, manager->lid_switch_ignore_inhibited, is_edge);
-}
-
-static int button_recheck(sd_event_source *e, void *userdata) {
-        Button *b = userdata;
-
-        assert(b);
-        assert(b->lid_closed);
-
-        button_lid_switch_handle_action(b->manager, false);
-        return 1;
-}
-
-static int button_install_check_event_source(Button *b) {
-        int r;
-        assert(b);
-
-        /* Install a post handler, so that we keep rechecking as long as the lid is closed. */
-
-        if (b->check_event_source)
-                return 0;
-
-        r = sd_event_add_post(b->manager->event, &b->check_event_source, button_recheck, b);
-        if (r < 0)
-                return r;
-
-        return sd_event_source_set_priority(b->check_event_source, SD_EVENT_PRIORITY_IDLE+1);
-}
-
-static int button_dispatch(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Button *b = userdata;
-        struct input_event ev;
-        ssize_t l;
-
-        assert(s);
-        assert(fd == b->fd);
-        assert(b);
-
-        l = read(b->fd, &ev, sizeof(ev));
-        if (l < 0)
-                return errno != EAGAIN ? -errno : 0;
-        if ((size_t) l < sizeof(ev))
-                return -EIO;
-
-        if (ev.type == EV_KEY && ev.value > 0) {
-
-                switch (ev.code) {
-
-                case KEY_POWER:
-                case KEY_POWER2:
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE("Power key pressed."),
-                                   LOG_MESSAGE_ID(SD_MESSAGE_POWER_KEY),
-                                   NULL);
-
-                        manager_handle_action(b->manager, INHIBIT_HANDLE_POWER_KEY, b->manager->handle_power_key, b->manager->power_key_ignore_inhibited, true);
-                        break;
-
-                /* The kernel is a bit confused here:
-
-                   KEY_SLEEP   = suspend-to-ram, which everybody else calls "suspend"
-                   KEY_SUSPEND = suspend-to-disk, which everybody else calls "hibernate"
-                */
-
-                case KEY_SLEEP:
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE("Suspend key pressed."),
-                                   LOG_MESSAGE_ID(SD_MESSAGE_SUSPEND_KEY),
-                                   NULL);
-
-                        manager_handle_action(b->manager, INHIBIT_HANDLE_SUSPEND_KEY, b->manager->handle_suspend_key, b->manager->suspend_key_ignore_inhibited, true);
-                        break;
-
-                case KEY_SUSPEND:
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE("Hibernate key pressed."),
-                                   LOG_MESSAGE_ID(SD_MESSAGE_HIBERNATE_KEY),
-                                   NULL);
-
-                        manager_handle_action(b->manager, INHIBIT_HANDLE_HIBERNATE_KEY, b->manager->handle_hibernate_key, b->manager->hibernate_key_ignore_inhibited, true);
-                        break;
-                }
-
-        } else if (ev.type == EV_SW && ev.value > 0) {
-
-                if (ev.code == SW_LID) {
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE("Lid closed."),
-                                   LOG_MESSAGE_ID(SD_MESSAGE_LID_CLOSED),
-                                   NULL);
-
-                        b->lid_closed = true;
-                        button_lid_switch_handle_action(b->manager, true);
-                        button_install_check_event_source(b);
-
-                } else if (ev.code == SW_DOCK) {
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE("System docked."),
-                                   LOG_MESSAGE_ID(SD_MESSAGE_SYSTEM_DOCKED),
-                                   NULL);
-
-                        b->docked = true;
-                }
-
-        } else if (ev.type == EV_SW && ev.value == 0) {
-
-                if (ev.code == SW_LID) {
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE("Lid opened."),
-                                   LOG_MESSAGE_ID(SD_MESSAGE_LID_OPENED),
-                                   NULL);
-
-                        b->lid_closed = false;
-                        b->check_event_source = sd_event_source_unref(b->check_event_source);
-
-                } else if (ev.code == SW_DOCK) {
-                        log_struct(LOG_INFO,
-                                   LOG_MESSAGE("System undocked."),
-                                   LOG_MESSAGE_ID(SD_MESSAGE_SYSTEM_UNDOCKED),
-                                   NULL);
-
-                        b->docked = false;
-                }
-        }
-
-        return 0;
-}
-
-int button_open(Button *b) {
-        char *p, name[256];
-        int r;
-
-        assert(b);
-
-        b->fd = safe_close(b->fd);
-
-        p = strjoina("/dev/input/", b->name);
-
-        b->fd = open(p, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
-        if (b->fd < 0)
-                return log_warning_errno(errno, "Failed to open %s: %m", b->name);
-
-        if (ioctl(b->fd, EVIOCGNAME(sizeof(name)), name) < 0) {
-                r = log_error_errno(errno, "Failed to get input name: %m");
-                goto fail;
-        }
-
-        r = sd_event_add_io(b->manager->event, &b->io_event_source, b->fd, EPOLLIN, button_dispatch, b);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add button event: %m");
-                goto fail;
-        }
-
-        log_info("Watching system buttons on /dev/input/%s (%s)", b->name, name);
-
-        return 0;
-
-fail:
-        b->fd = safe_close(b->fd);
-        return r;
-}
-
-int button_check_switches(Button *b) {
-        uint8_t switches[SW_MAX/8+1] = {};
-        assert(b);
-
-        if (b->fd < 0)
-                return -EINVAL;
-
-        if (ioctl(b->fd, EVIOCGSW(sizeof(switches)), switches) < 0)
-                return -errno;
-
-        b->lid_closed = (switches[SW_LID/8] >> (SW_LID % 8)) & 1;
-        b->docked = (switches[SW_DOCK/8] >> (SW_DOCK % 8)) & 1;
-
-        if (b->lid_closed)
-                button_install_check_event_source(b);
-
-        return 0;
-}
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
deleted file mode 100644
index 0a84d75e24..0000000000
--- a/src/login/logind-dbus.c
+++ /dev/null
@@ -1,3169 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <pwd.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "audit-util.h"
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "dirent-util.h"
-#include "efivars.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "fileio-label.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "logind.h"
-#include "mkdir.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "selinux-util.h"
-#include "sleep-config.h"
-#include "special.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "udev-util.h"
-#include "unit-name.h"
-#include "user-util.h"
-#include "utmp-wtmp.h"
-
-int manager_get_session_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Session **ret) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        Session *session;
-        int r;
-
-        assert(m);
-        assert(message);
-        assert(ret);
-
-        if (isempty(name)) {
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_SESSION|SD_BUS_CREDS_AUGMENT, &creds);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_creds_get_session(creds, &name);
-                if (r < 0)
-                        return r;
-        }
-
-        session = hashmap_get(m->sessions, name);
-        if (!session)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name);
-
-        *ret = session;
-        return 0;
-}
-
-int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret) {
-        User *user;
-        int r;
-
-        assert(m);
-        assert(message);
-        assert(ret);
-
-        if (uid == UID_INVALID) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-
-                /* Note that we get the owner UID of the session, not the actual client UID here! */
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_creds_get_owner_uid(creds, &uid);
-                if (r < 0)
-                        return r;
-        }
-
-        user = hashmap_get(m->users, UID_TO_PTR(uid));
-        if (!user)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER, "No user "UID_FMT" known or logged in", uid);
-
-        *ret = user;
-        return 0;
-}
-
-int manager_get_seat_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Seat **ret) {
-        Seat *seat;
-        int r;
-
-        assert(m);
-        assert(message);
-        assert(ret);
-
-        if (isempty(name)) {
-                Session *session;
-
-                r = manager_get_session_from_creds(m, message, NULL, error, &session);
-                if (r < 0)
-                        return r;
-
-                seat = session->seat;
-                if (!seat)
-                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "Session has no seat.");
-        } else {
-                seat = hashmap_get(m->seats, name);
-                if (!seat)
-                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", name);
-        }
-
-        *ret = seat;
-        return 0;
-}
-
-static int property_get_idle_hint(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        return sd_bus_message_append(reply, "b", manager_get_idle_hint(m, NULL) > 0);
-}
-
-static int property_get_idle_since_hint(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-        dual_timestamp t = DUAL_TIMESTAMP_NULL;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        manager_get_idle_hint(m, &t);
-
-        return sd_bus_message_append(reply, "t", streq(property, "IdleSinceHint") ? t.realtime : t.monotonic);
-}
-
-static int property_get_inhibited(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-        InhibitWhat w;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        w = manager_inhibit_what(m, streq(property, "BlockInhibited") ? INHIBIT_BLOCK : INHIBIT_DELAY);
-
-        return sd_bus_message_append(reply, "s", inhibit_what_to_string(w));
-}
-
-static int property_get_preparing(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-        bool b;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        if (streq(property, "PreparingForShutdown"))
-                b = !!(m->action_what & INHIBIT_SHUTDOWN);
-        else
-                b = !!(m->action_what & INHIBIT_SLEEP);
-
-        return sd_bus_message_append(reply, "b", b);
-}
-
-static int property_get_scheduled_shutdown(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        r = sd_bus_message_open_container(reply, 'r', "st");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(reply, "st", m->scheduled_shutdown_type, m->scheduled_shutdown_timeout);
-        if (r < 0)
-                return r;
-
-        return sd_bus_message_close_container(reply);
-}
-
-static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction);
-
-static int property_get_docked(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        return sd_bus_message_append(reply, "b", manager_is_docked_or_external_displays(m));
-}
-
-static int property_get_current_sessions(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        return sd_bus_message_append(reply, "t", (uint64_t) hashmap_size(m->sessions));
-}
-
-static int property_get_current_inhibitors(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        Manager *m = userdata;
-
-        assert(bus);
-        assert(reply);
-        assert(m);
-
-        return sd_bus_message_append(reply, "t", (uint64_t) hashmap_size(m->inhibitors));
-}
-
-static int method_get_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Manager *m = userdata;
-        const char *name;
-        Session *session;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_session_from_creds(m, message, name, error, &session);
-        if (r < 0)
-                return r;
-
-        p = session_bus_path(session);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_get_session_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Session *session = NULL;
-        Manager *m = userdata;
-        pid_t pid;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
-
-        r = sd_bus_message_read(message, "u", &pid);
-        if (r < 0)
-                return r;
-        if (pid < 0)
-                return -EINVAL;
-
-        if (pid == 0) {
-                r = manager_get_session_from_creds(m, message, NULL, error, &session);
-                if (r < 0)
-                        return r;
-        } else {
-                r = manager_get_session_by_pid(m, pid, &session);
-                if (r < 0)
-                        return r;
-
-                if (!session)
-                        return sd_bus_error_setf(error, BUS_ERROR_NO_SESSION_FOR_PID, "PID "PID_FMT" does not belong to any known session", pid);
-        }
-
-        p = session_bus_path(session);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_get_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Manager *m = userdata;
-        uint32_t uid;
-        User *user;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "u", &uid);
-        if (r < 0)
-                return r;
-
-        r = manager_get_user_from_creds(m, message, uid, error, &user);
-        if (r < 0)
-                return r;
-
-        p = user_bus_path(user);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_get_user_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Manager *m = userdata;
-        User *user = NULL;
-        pid_t pid;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
-
-        r = sd_bus_message_read(message, "u", &pid);
-        if (r < 0)
-                return r;
-        if (pid < 0)
-                return -EINVAL;
-
-        if (pid == 0) {
-                r = manager_get_user_from_creds(m, message, UID_INVALID, error, &user);
-                if (r < 0)
-                        return r;
-        } else {
-                r = manager_get_user_by_pid(m, pid, &user);
-                if (r < 0)
-                        return r;
-                if (!user)
-                        return sd_bus_error_setf(error, BUS_ERROR_NO_USER_FOR_PID, "PID "PID_FMT" does not belong to any known or logged in user", pid);
-        }
-
-        p = user_bus_path(user);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_get_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Manager *m = userdata;
-        const char *name;
-        Seat *seat;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_seat_from_creds(m, message, name, error, &seat);
-        if (r < 0)
-                return r;
-
-        p = seat_bus_path(seat);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_list_sessions(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        Manager *m = userdata;
-        Session *session;
-        Iterator i;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(susso)");
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH(session, m->sessions, i) {
-                _cleanup_free_ char *p = NULL;
-
-                p = session_bus_path(session);
-                if (!p)
-                        return -ENOMEM;
-
-                r = sd_bus_message_append(reply, "(susso)",
-                                          session->id,
-                                          (uint32_t) session->user->uid,
-                                          session->user->name,
-                                          session->seat ? session->seat->id : "",
-                                          p);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_list_users(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        Manager *m = userdata;
-        User *user;
-        Iterator i;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(uso)");
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH(user, m->users, i) {
-                _cleanup_free_ char *p = NULL;
-
-                p = user_bus_path(user);
-                if (!p)
-                        return -ENOMEM;
-
-                r = sd_bus_message_append(reply, "(uso)",
-                                          (uint32_t) user->uid,
-                                          user->name,
-                                          p);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_list_seats(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        Manager *m = userdata;
-        Seat *seat;
-        Iterator i;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(so)");
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH(seat, m->seats, i) {
-                _cleanup_free_ char *p = NULL;
-
-                p = seat_bus_path(seat);
-                if (!p)
-                        return -ENOMEM;
-
-                r = sd_bus_message_append(reply, "(so)", seat->id, p);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_list_inhibitors(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        Manager *m = userdata;
-        Inhibitor *inhibitor;
-        Iterator i;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(ssssuu)");
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH(inhibitor, m->inhibitors, i) {
-
-                r = sd_bus_message_append(reply, "(ssssuu)",
-                                          strempty(inhibit_what_to_string(inhibitor->what)),
-                                          strempty(inhibitor->who),
-                                          strempty(inhibitor->why),
-                                          strempty(inhibit_mode_to_string(inhibitor->mode)),
-                                          (uint32_t) inhibitor->uid,
-                                          (uint32_t) inhibitor->pid);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_create_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *service, *type, *class, *cseat, *tty, *display, *remote_user, *remote_host, *desktop;
-        uint32_t audit_id = 0;
-        _cleanup_free_ char *id = NULL;
-        Session *session = NULL;
-        Manager *m = userdata;
-        User *user = NULL;
-        Seat *seat = NULL;
-        pid_t leader;
-        uid_t uid;
-        int remote;
-        uint32_t vtnr = 0;
-        SessionType t;
-        SessionClass c;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
-        assert_cc(sizeof(uid_t) == sizeof(uint32_t));
-
-        r = sd_bus_message_read(message, "uusssssussbss", &uid, &leader, &service, &type, &class, &desktop, &cseat, &vtnr, &tty, &display, &remote, &remote_user, &remote_host);
-        if (r < 0)
-                return r;
-
-        if (!uid_is_valid(uid))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid UID");
-        if (leader < 0 || leader == 1)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
-
-        if (isempty(type))
-                t = _SESSION_TYPE_INVALID;
-        else {
-                t = session_type_from_string(type);
-                if (t < 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid session type %s", type);
-        }
-
-        if (isempty(class))
-                c = _SESSION_CLASS_INVALID;
-        else {
-                c = session_class_from_string(class);
-                if (c < 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid session class %s", class);
-        }
-
-        if (isempty(desktop))
-                desktop = NULL;
-        else {
-                if (!string_is_safe(desktop))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid desktop string %s", desktop);
-        }
-
-        if (isempty(cseat))
-                seat = NULL;
-        else {
-                seat = hashmap_get(m->seats, cseat);
-                if (!seat)
-                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", cseat);
-        }
-
-        if (tty_is_vc(tty)) {
-                int v;
-
-                if (!seat)
-                        seat = m->seat0;
-                else if (seat != m->seat0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "TTY %s is virtual console but seat %s is not seat0", tty, seat->id);
-
-                v = vtnr_from_tty(tty);
-                if (v <= 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot determine VT number from virtual console TTY %s", tty);
-
-                if (!vtnr)
-                        vtnr = (uint32_t) v;
-                else if (vtnr != (uint32_t) v)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified TTY and VT number do not match");
-
-        } else if (tty_is_console(tty)) {
-
-                if (!seat)
-                        seat = m->seat0;
-                else if (seat != m->seat0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Console TTY specified but seat is not seat0");
-
-                if (vtnr != 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Console TTY specified but VT number is not 0");
-        }
-
-        if (seat) {
-                if (seat_has_vts(seat)) {
-                        if (!vtnr || vtnr > 63)
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "VT number out of range");
-                } else {
-                        if (vtnr != 0)
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Seat has no VTs but VT number not 0");
-                }
-        }
-
-        r = sd_bus_message_enter_container(message, 'a', "(sv)");
-        if (r < 0)
-                return r;
-
-        if (t == _SESSION_TYPE_INVALID) {
-                if (!isempty(display))
-                        t = SESSION_X11;
-                else if (!isempty(tty))
-                        t = SESSION_TTY;
-                else
-                        t = SESSION_UNSPECIFIED;
-        }
-
-        if (c == _SESSION_CLASS_INVALID) {
-                if (t == SESSION_UNSPECIFIED)
-                        c = SESSION_BACKGROUND;
-                else
-                        c = SESSION_USER;
-        }
-
-        if (leader == 0) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_creds_get_pid(creds, (pid_t*) &leader);
-                if (r < 0)
-                        return r;
-        }
-
-        r = manager_get_session_by_pid(m, leader, NULL);
-        if (r > 0)
-                return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already running in a session");
-
-        /*
-         * Old gdm and lightdm start the user-session on the same VT as
-         * the greeter session. But they destroy the greeter session
-         * after the user-session and want the user-session to take
-         * over the VT. We need to support this for
-         * backwards-compatibility, so make sure we allow new sessions
-         * on a VT that a greeter is running on. Furthermore, to allow
-         * re-logins, we have to allow a greeter to take over a used VT for
-         * the exact same reasons.
-         */
-        if (c != SESSION_GREETER &&
-            vtnr > 0 &&
-            vtnr < m->seat0->position_count &&
-            m->seat0->positions[vtnr] &&
-            m->seat0->positions[vtnr]->class != SESSION_GREETER)
-                return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already occupied by a session");
-
-        if (hashmap_size(m->sessions) >= m->sessions_max)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.", m->sessions_max);
-
-        audit_session_from_pid(leader, &audit_id);
-        if (audit_id > 0) {
-                /* Keep our session IDs and the audit session IDs in sync */
-
-                if (asprintf(&id, "%"PRIu32, audit_id) < 0)
-                        return -ENOMEM;
-
-                /* Wut? There's already a session by this name and we
-                 * didn't find it above? Weird, then let's not trust
-                 * the audit data and let's better register a new
-                 * ID */
-                if (hashmap_get(m->sessions, id)) {
-                        log_warning("Existing logind session ID %s used by new audit session, ignoring", id);
-                        audit_id = 0;
-
-                        id = mfree(id);
-                }
-        }
-
-        if (!id) {
-                do {
-                        id = mfree(id);
-
-                        if (asprintf(&id, "c%lu", ++m->session_counter) < 0)
-                                return -ENOMEM;
-
-                } while (hashmap_get(m->sessions, id));
-        }
-
-        r = manager_add_user_by_uid(m, uid, &user);
-        if (r < 0)
-                goto fail;
-
-        r = manager_add_session(m, id, &session);
-        if (r < 0)
-                goto fail;
-
-        session_set_user(session, user);
-
-        session->leader = leader;
-        session->audit_id = audit_id;
-        session->type = t;
-        session->class = c;
-        session->remote = remote;
-        session->vtnr = vtnr;
-
-        if (!isempty(tty)) {
-                session->tty = strdup(tty);
-                if (!session->tty) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (!isempty(display)) {
-                session->display = strdup(display);
-                if (!session->display) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (!isempty(remote_user)) {
-                session->remote_user = strdup(remote_user);
-                if (!session->remote_user) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (!isempty(remote_host)) {
-                session->remote_host = strdup(remote_host);
-                if (!session->remote_host) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (!isempty(service)) {
-                session->service = strdup(service);
-                if (!session->service) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (!isempty(desktop)) {
-                session->desktop = strdup(desktop);
-                if (!session->desktop) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (seat) {
-                r = seat_attach_session(seat, session);
-                if (r < 0)
-                        goto fail;
-        }
-
-        r = session_start(session);
-        if (r < 0)
-                goto fail;
-
-        session->create_message = sd_bus_message_ref(message);
-
-        /* Now, let's wait until the slice unit and stuff got
-         * created. We send the reply back from
-         * session_send_create_reply(). */
-
-        return 1;
-
-fail:
-        if (session)
-                session_add_to_gc_queue(session);
-
-        if (user)
-                user_add_to_gc_queue(user);
-
-        return r;
-}
-
-static int method_release_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Session *session;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_session_from_creds(m, message, name, error, &session);
-        if (r < 0)
-                return r;
-
-        r = session_release(session);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_activate_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Session *session;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_session_from_creds(m, message, name, error, &session);
-        if (r < 0)
-                return r;
-
-        return bus_session_method_activate(message, session, error);
-}
-
-static int method_activate_session_on_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *session_name, *seat_name;
-        Manager *m = userdata;
-        Session *session;
-        Seat *seat;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        /* Same as ActivateSession() but refuses to work if
-         * the seat doesn't match */
-
-        r = sd_bus_message_read(message, "ss", &session_name, &seat_name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_session_from_creds(m, message, session_name, error, &session);
-        if (r < 0)
-                return r;
-
-        r = manager_get_seat_from_creds(m, message, seat_name, error, &seat);
-        if (r < 0)
-                return r;
-
-        if (session->seat != seat)
-                return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT, "Session %s not on seat %s", session_name, seat_name);
-
-        r = session_activate(session);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_lock_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Session *session;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_session_from_creds(m, message, name, error, &session);
-        if (r < 0)
-                return r;
-
-        return bus_session_method_lock(message, session, error);
-}
-
-static int method_lock_sessions(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = bus_verify_polkit_async(
-                        message,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.login1.lock-sessions",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        r = session_send_lock_all(m, streq(sd_bus_message_get_member(message), "LockSessions"));
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_kill_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *name;
-        Manager *m = userdata;
-        Session *session;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_session_from_creds(m, message, name, error, &session);
-        if (r < 0)
-                return r;
-
-        return bus_session_method_kill(message, session, error);
-}
-
-static int method_kill_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        uint32_t uid;
-        User *user;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "u", &uid);
-        if (r < 0)
-                return r;
-
-        r = manager_get_user_from_creds(m, message, uid, error, &user);
-        if (r < 0)
-                return r;
-
-        return bus_user_method_kill(message, user, error);
-}
-
-static int method_terminate_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        const char *name;
-        Session *session;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_session_from_creds(m, message, name, error, &session);
-        if (r < 0)
-                return r;
-
-        return bus_session_method_terminate(message, session, error);
-}
-
-static int method_terminate_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        uint32_t uid;
-        User *user;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "u", &uid);
-        if (r < 0)
-                return r;
-
-        r = manager_get_user_from_creds(m, message, uid, error, &user);
-        if (r < 0)
-                return r;
-
-        return bus_user_method_terminate(message, user, error);
-}
-
-static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        const char *name;
-        Seat *seat;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = manager_get_seat_from_creds(m, message, name, error, &seat);
-        if (r < 0)
-                return r;
-
-        return bus_seat_method_terminate(message, seat, error);
-}
-
-static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *cc = NULL;
-        Manager *m = userdata;
-        int r, b, interactive;
-        struct passwd *pw;
-        const char *path;
-        uint32_t uid;
-        bool self = false;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "ubb", &uid, &b, &interactive);
-        if (r < 0)
-                return r;
-
-        if (uid == UID_INVALID) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-
-                /* Note that we get the owner UID of the session, not the actual client UID here! */
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_creds_get_owner_uid(creds, &uid);
-                if (r < 0)
-                        return r;
-
-                self = true;
-
-        } else if (!uid_is_valid(uid))
-                return -EINVAL;
-
-        errno = 0;
-        pw = getpwuid(uid);
-        if (!pw)
-                return errno > 0 ? -errno : -ENOENT;
-
-        r = bus_verify_polkit_async(
-                        message,
-                        CAP_SYS_ADMIN,
-                        self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger",
-                        NULL,
-                        interactive,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        mkdir_p_label("/var/lib/systemd", 0755);
-
-        r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0);
-        if (r < 0)
-                return r;
-
-        cc = cescape(pw->pw_name);
-        if (!cc)
-                return -ENOMEM;
-
-        path = strjoina("/var/lib/systemd/linger/", cc);
-        if (b) {
-                User *u;
-
-                r = touch(path);
-                if (r < 0)
-                        return r;
-
-                if (manager_add_user_by_uid(m, uid, &u) >= 0)
-                        user_start(u);
-
-        } else {
-                User *u;
-
-                r = unlink(path);
-                if (r < 0 && errno != ENOENT)
-                        return -errno;
-
-                u = hashmap_get(m->users, UID_TO_PTR(uid));
-                if (u)
-                        user_add_to_gc_queue(u);
-        }
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int trigger_device(Manager *m, struct udev_device *d) {
-        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
-        struct udev_list_entry *first, *item;
-        int r;
-
-        assert(m);
-
-        e = udev_enumerate_new(m->udev);
-        if (!e)
-                return -ENOMEM;
-
-        if (d) {
-                r = udev_enumerate_add_match_parent(e, d);
-                if (r < 0)
-                        return r;
-        }
-
-        r = udev_enumerate_scan_devices(e);
-        if (r < 0)
-                return r;
-
-        first = udev_enumerate_get_list_entry(e);
-        udev_list_entry_foreach(item, first) {
-                _cleanup_free_ char *t = NULL;
-                const char *p;
-
-                p = udev_list_entry_get_name(item);
-
-                t = strappend(p, "/uevent");
-                if (!t)
-                        return -ENOMEM;
-
-                write_string_file(t, "change", WRITE_STRING_FILE_CREATE);
-        }
-
-        return 0;
-}
-
-static int attach_device(Manager *m, const char *seat, const char *sysfs) {
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        _cleanup_free_ char *rule = NULL, *file = NULL;
-        const char *id_for_seat;
-        int r;
-
-        assert(m);
-        assert(seat);
-        assert(sysfs);
-
-        d = udev_device_new_from_syspath(m->udev, sysfs);
-        if (!d)
-                return -ENODEV;
-
-        if (!udev_device_has_tag(d, "seat"))
-                return -ENODEV;
-
-        id_for_seat = udev_device_get_property_value(d, "ID_FOR_SEAT");
-        if (!id_for_seat)
-                return -ENODEV;
-
-        if (asprintf(&file, "/etc/udev/rules.d/72-seat-%s.rules", id_for_seat) < 0)
-                return -ENOMEM;
-
-        if (asprintf(&rule, "TAG==\"seat\", ENV{ID_FOR_SEAT}==\"%s\", ENV{ID_SEAT}=\"%s\"", id_for_seat, seat) < 0)
-                return -ENOMEM;
-
-        mkdir_p_label("/etc/udev/rules.d", 0755);
-        r = write_string_file_atomic_label(file, rule);
-        if (r < 0)
-                return r;
-
-        return trigger_device(m, d);
-}
-
-static int flush_devices(Manager *m) {
-        _cleanup_closedir_ DIR *d;
-
-        assert(m);
-
-        d = opendir("/etc/udev/rules.d");
-        if (!d) {
-                if (errno != ENOENT)
-                        log_warning_errno(errno, "Failed to open /etc/udev/rules.d: %m");
-        } else {
-                struct dirent *de;
-
-                while ((de = readdir(d))) {
-
-                        if (!dirent_is_file(de))
-                                continue;
-
-                        if (!startswith(de->d_name, "72-seat-"))
-                                continue;
-
-                        if (!endswith(de->d_name, ".rules"))
-                                continue;
-
-                        if (unlinkat(dirfd(d), de->d_name, 0) < 0)
-                                log_warning_errno(errno, "Failed to unlink %s: %m", de->d_name);
-                }
-        }
-
-        return trigger_device(m, NULL);
-}
-
-static int method_attach_device(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *sysfs, *seat;
-        Manager *m = userdata;
-        int interactive, r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "ssb", &seat, &sysfs, &interactive);
-        if (r < 0)
-                return r;
-
-        if (!path_startswith(sysfs, "/sys"))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not in /sys", sysfs);
-
-        if (!seat_name_is_valid(seat))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Seat %s is not valid", seat);
-
-        r = bus_verify_polkit_async(
-                        message,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.login1.attach-device",
-                        NULL,
-                        interactive,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        r = attach_device(m, seat, sysfs);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_flush_devices(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        int interactive, r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "b", &interactive);
-        if (r < 0)
-                return r;
-
-        r = bus_verify_polkit_async(
-                        message,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.login1.flush-devices",
-                        NULL,
-                        interactive,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        r = flush_devices(m);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int have_multiple_sessions(
-                Manager *m,
-                uid_t uid) {
-
-        Session *session;
-        Iterator i;
-
-        assert(m);
-
-        /* Check for other users' sessions. Greeter sessions do not
-         * count, and non-login sessions do not count either. */
-        HASHMAP_FOREACH(session, m->sessions, i)
-                if (session->class == SESSION_USER &&
-                    session->user->uid != uid)
-                        return true;
-
-        return false;
-}
-
-static int bus_manager_log_shutdown(
-                Manager *m,
-                InhibitWhat w,
-                const char *unit_name) {
-
-        const char *p, *q;
-
-        assert(m);
-        assert(unit_name);
-
-        if (w != INHIBIT_SHUTDOWN)
-                return 0;
-
-        if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) {
-                p = "MESSAGE=System is powering down";
-                q = "SHUTDOWN=power-off";
-        } else if (streq(unit_name, SPECIAL_HALT_TARGET)) {
-                p = "MESSAGE=System is halting";
-                q = "SHUTDOWN=halt";
-        } else if (streq(unit_name, SPECIAL_REBOOT_TARGET)) {
-                p = "MESSAGE=System is rebooting";
-                q = "SHUTDOWN=reboot";
-        } else if (streq(unit_name, SPECIAL_KEXEC_TARGET)) {
-                p = "MESSAGE=System is rebooting with kexec";
-                q = "SHUTDOWN=kexec";
-        } else {
-                p = "MESSAGE=System is shutting down";
-                q = NULL;
-        }
-
-        if (isempty(m->wall_message))
-                p = strjoina(p, ".");
-        else
-                p = strjoina(p, " (", m->wall_message, ").");
-
-        return log_struct(LOG_NOTICE,
-                          LOG_MESSAGE_ID(SD_MESSAGE_SHUTDOWN),
-                          p,
-                          q,
-                          NULL);
-}
-
-static int lid_switch_ignore_handler(sd_event_source *e, uint64_t usec, void *userdata) {
-        Manager *m = userdata;
-
-        assert(e);
-        assert(m);
-
-        m->lid_switch_ignore_event_source = sd_event_source_unref(m->lid_switch_ignore_event_source);
-        return 0;
-}
-
-int manager_set_lid_switch_ignore(Manager *m, usec_t until) {
-        int r;
-
-        assert(m);
-
-        if (until <= now(CLOCK_MONOTONIC))
-                return 0;
-
-        /* We want to ignore the lid switch for a while after each
-         * suspend, and after boot-up. Hence let's install a timer for
-         * this. As long as the event source exists we ignore the lid
-         * switch. */
-
-        if (m->lid_switch_ignore_event_source) {
-                usec_t u;
-
-                r = sd_event_source_get_time(m->lid_switch_ignore_event_source, &u);
-                if (r < 0)
-                        return r;
-
-                if (until <= u)
-                        return 0;
-
-                r = sd_event_source_set_time(m->lid_switch_ignore_event_source, until);
-        } else
-                r = sd_event_add_time(
-                                m->event,
-                                &m->lid_switch_ignore_event_source,
-                                CLOCK_MONOTONIC,
-                                until, 0,
-                                lid_switch_ignore_handler, m);
-
-        return r;
-}
-
-static void reset_scheduled_shutdown(Manager *m) {
-        m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
-        m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source);
-        m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source);
-        m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type);
-        m->scheduled_shutdown_timeout = 0;
-        m->shutdown_dry_run = false;
-
-        if (m->unlink_nologin) {
-                (void) unlink("/run/nologin");
-                m->unlink_nologin = false;
-        }
-}
-
-static int execute_shutdown_or_sleep(
-                Manager *m,
-                InhibitWhat w,
-                const char *unit_name,
-                sd_bus_error *error) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        char *c = NULL;
-        const char *p;
-        int r;
-
-        assert(m);
-        assert(w >= 0);
-        assert(w < _INHIBIT_WHAT_MAX);
-        assert(unit_name);
-
-        bus_manager_log_shutdown(m, w, unit_name);
-
-        if (m->shutdown_dry_run) {
-                log_info("Running in dry run, suppressing action.");
-                reset_scheduled_shutdown(m);
-        } else {
-                r = sd_bus_call_method(
-                                m->bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "StartUnit",
-                                error,
-                                &reply,
-                                "ss", unit_name, "replace-irreversibly");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_read(reply, "o", &p);
-                if (r < 0)
-                        return r;
-
-                c = strdup(p);
-                if (!c)
-                        return -ENOMEM;
-        }
-
-        m->action_unit = unit_name;
-        free(m->action_job);
-        m->action_job = c;
-        m->action_what = w;
-
-        /* Make sure the lid switch is ignored for a while */
-        manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec);
-
-        return 0;
-}
-
-int manager_dispatch_delayed(Manager *manager, bool timeout) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        Inhibitor *offending = NULL;
-        int r;
-
-        assert(manager);
-
-        if (manager->action_what == 0 || manager->action_job)
-                return 0;
-
-        if (manager_is_inhibited(manager, manager->action_what, INHIBIT_DELAY, NULL, false, false, 0, &offending)) {
-                _cleanup_free_ char *comm = NULL, *u = NULL;
-
-                if (!timeout)
-                        return 0;
-
-                (void) get_process_comm(offending->pid, &comm);
-                u = uid_to_name(offending->uid);
-
-                log_notice("Delay lock is active (UID "UID_FMT"/%s, PID "PID_FMT"/%s) but inhibitor timeout is reached.",
-                           offending->uid, strna(u),
-                           offending->pid, strna(comm));
-        }
-
-        /* Actually do the operation */
-        r = execute_shutdown_or_sleep(manager, manager->action_what, manager->action_unit, &error);
-        if (r < 0) {
-                log_warning("Failed to send delayed message: %s", bus_error_message(&error, r));
-
-                manager->action_unit = NULL;
-                manager->action_what = 0;
-                return r;
-        }
-
-        return 1;
-}
-
-static int manager_inhibit_timeout_handler(
-                        sd_event_source *s,
-                        uint64_t usec,
-                        void *userdata) {
-
-        Manager *manager = userdata;
-        int r;
-
-        assert(manager);
-        assert(manager->inhibit_timeout_source == s);
-
-        r = manager_dispatch_delayed(manager, true);
-        return (r < 0) ? r : 0;
-}
-
-static int delay_shutdown_or_sleep(
-                Manager *m,
-                InhibitWhat w,
-                const char *unit_name) {
-
-        int r;
-        usec_t timeout_val;
-
-        assert(m);
-        assert(w >= 0);
-        assert(w < _INHIBIT_WHAT_MAX);
-        assert(unit_name);
-
-        timeout_val = now(CLOCK_MONOTONIC) + m->inhibit_delay_max;
-
-        if (m->inhibit_timeout_source) {
-                r = sd_event_source_set_time(m->inhibit_timeout_source, timeout_val);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_time() failed: %m");
-
-                r = sd_event_source_set_enabled(m->inhibit_timeout_source, SD_EVENT_ONESHOT);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
-        } else {
-                r = sd_event_add_time(m->event, &m->inhibit_timeout_source, CLOCK_MONOTONIC,
-                                      timeout_val, 0, manager_inhibit_timeout_handler, m);
-                if (r < 0)
-                        return r;
-        }
-
-        m->action_unit = unit_name;
-        m->action_what = w;
-
-        return 0;
-}
-
-static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) {
-
-        static const char * const signal_name[_INHIBIT_WHAT_MAX] = {
-                [INHIBIT_SHUTDOWN] = "PrepareForShutdown",
-                [INHIBIT_SLEEP] = "PrepareForSleep"
-        };
-
-        int active = _active;
-
-        assert(m);
-        assert(w >= 0);
-        assert(w < _INHIBIT_WHAT_MAX);
-        assert(signal_name[w]);
-
-        return sd_bus_emit_signal(m->bus,
-                                  "/org/freedesktop/login1",
-                                  "org.freedesktop.login1.Manager",
-                                  signal_name[w],
-                                  "b",
-                                  active);
-}
-
-int bus_manager_shutdown_or_sleep_now_or_later(
-                Manager *m,
-                const char *unit_name,
-                InhibitWhat w,
-                sd_bus_error *error) {
-
-        bool delayed;
-        int r;
-
-        assert(m);
-        assert(unit_name);
-        assert(w >= 0);
-        assert(w <= _INHIBIT_WHAT_MAX);
-        assert(!m->action_job);
-
-        /* Tell everybody to prepare for shutdown/sleep */
-        send_prepare_for(m, w, true);
-
-        delayed =
-                m->inhibit_delay_max > 0 &&
-                manager_is_inhibited(m, w, INHIBIT_DELAY, NULL, false, false, 0, NULL);
-
-        if (delayed)
-                /* Shutdown is delayed, keep in mind what we
-                 * want to do, and start a timeout */
-                r = delay_shutdown_or_sleep(m, w, unit_name);
-        else
-                /* Shutdown is not delayed, execute it
-                 * immediately */
-                r = execute_shutdown_or_sleep(m, w, unit_name, error);
-
-        return r;
-}
-
-static int verify_shutdown_creds(
-                Manager *m,
-                sd_bus_message *message,
-                InhibitWhat w,
-                bool interactive,
-                const char *action,
-                const char *action_multiple_sessions,
-                const char *action_ignore_inhibit,
-                sd_bus_error *error) {
-
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        bool multiple_sessions, blocked;
-        uid_t uid;
-        int r;
-
-        assert(m);
-        assert(message);
-        assert(w >= 0);
-        assert(w <= _INHIBIT_WHAT_MAX);
-
-        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_creds_get_euid(creds, &uid);
-        if (r < 0)
-                return r;
-
-        r = have_multiple_sessions(m, uid);
-        if (r < 0)
-                return r;
-
-        multiple_sessions = r > 0;
-        blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
-
-        if (multiple_sessions && action_multiple_sessions) {
-                r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-        }
-
-        if (blocked && action_ignore_inhibit) {
-                r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-        }
-
-        if (!multiple_sessions && !blocked && action) {
-                r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-        }
-
-        return 0;
-}
-
-static int method_do_shutdown_or_sleep(
-                Manager *m,
-                sd_bus_message *message,
-                const char *unit_name,
-                InhibitWhat w,
-                const char *action,
-                const char *action_multiple_sessions,
-                const char *action_ignore_inhibit,
-                const char *sleep_verb,
-                sd_bus_error *error) {
-
-        int interactive, r;
-
-        assert(m);
-        assert(message);
-        assert(unit_name);
-        assert(w >= 0);
-        assert(w <= _INHIBIT_WHAT_MAX);
-
-        r = sd_bus_message_read(message, "b", &interactive);
-        if (r < 0)
-                return r;
-
-        /* Don't allow multiple jobs being executed at the same time */
-        if (m->action_what)
-                return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS, "There's already a shutdown or sleep operation in progress");
-
-        if (sleep_verb) {
-                r = can_sleep(sleep_verb);
-                if (r < 0)
-                        return r;
-
-                if (r == 0)
-                        return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported");
-        }
-
-        r = verify_shutdown_creds(m, message, w, interactive, action, action_multiple_sessions,
-                                  action_ignore_inhibit, error);
-        if (r != 0)
-                return r;
-
-        r = bus_manager_shutdown_or_sleep_now_or_later(m, unit_name, w, error);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_poweroff(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_do_shutdown_or_sleep(
-                        m, message,
-                        SPECIAL_POWEROFF_TARGET,
-                        INHIBIT_SHUTDOWN,
-                        "org.freedesktop.login1.power-off",
-                        "org.freedesktop.login1.power-off-multiple-sessions",
-                        "org.freedesktop.login1.power-off-ignore-inhibit",
-                        NULL,
-                        error);
-}
-
-static int method_reboot(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_do_shutdown_or_sleep(
-                        m, message,
-                        SPECIAL_REBOOT_TARGET,
-                        INHIBIT_SHUTDOWN,
-                        "org.freedesktop.login1.reboot",
-                        "org.freedesktop.login1.reboot-multiple-sessions",
-                        "org.freedesktop.login1.reboot-ignore-inhibit",
-                        NULL,
-                        error);
-}
-
-static int method_suspend(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_do_shutdown_or_sleep(
-                        m, message,
-                        SPECIAL_SUSPEND_TARGET,
-                        INHIBIT_SLEEP,
-                        "org.freedesktop.login1.suspend",
-                        "org.freedesktop.login1.suspend-multiple-sessions",
-                        "org.freedesktop.login1.suspend-ignore-inhibit",
-                        "suspend",
-                        error);
-}
-
-static int nologin_timeout_handler(
-                        sd_event_source *s,
-                        uint64_t usec,
-                        void *userdata) {
-
-        Manager *m = userdata;
-        int r;
-
-        log_info("Creating /run/nologin, blocking further logins...");
-
-        r = write_string_file_atomic_label("/run/nologin", "System is going down.");
-        if (r < 0)
-                log_error_errno(r, "Failed to create /run/nologin: %m");
-        else
-                m->unlink_nologin = true;
-
-        return 0;
-}
-
-static int update_schedule_file(Manager *m) {
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(m);
-
-        r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
-
-        r = fopen_temporary("/run/systemd/shutdown/scheduled", &f, &temp_path);
-        if (r < 0)
-                return log_error_errno(r, "Failed to save information about scheduled shutdowns: %m");
-
-        (void) fchmod(fileno(f), 0644);
-
-        fprintf(f,
-                "USEC="USEC_FMT"\n"
-                "WARN_WALL=%i\n"
-                "MODE=%s\n",
-                m->scheduled_shutdown_timeout,
-                m->enable_wall_messages,
-                m->scheduled_shutdown_type);
-
-        if (!isempty(m->wall_message)) {
-                _cleanup_free_ char *t;
-
-                t = cescape(m->wall_message);
-                if (!t) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "WALL_MESSAGE=%s\n", t);
-        }
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, "/run/systemd/shutdown/scheduled") < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        (void) unlink(temp_path);
-        (void) unlink("/run/systemd/shutdown/scheduled");
-
-        return log_error_errno(r, "Failed to write information about scheduled shutdowns: %m");
-}
-
-static int manager_scheduled_shutdown_handler(
-                        sd_event_source *s,
-                        uint64_t usec,
-                        void *userdata) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        Manager *m = userdata;
-        const char *target;
-        int r;
-
-        assert(m);
-
-        if (isempty(m->scheduled_shutdown_type))
-                return 0;
-
-        if (streq(m->scheduled_shutdown_type, "halt"))
-                target = SPECIAL_HALT_TARGET;
-        else if (streq(m->scheduled_shutdown_type, "poweroff"))
-                target = SPECIAL_POWEROFF_TARGET;
-        else
-                target = SPECIAL_REBOOT_TARGET;
-
-        r = execute_shutdown_or_sleep(m, 0, target, &error);
-        if (r < 0)
-                return log_error_errno(r, "Unable to execute transition to %s: %m", target);
-
-        return 0;
-}
-
-static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        const char *action_multiple_sessions = NULL;
-        const char *action_ignore_inhibit = NULL;
-        const char *action = NULL;
-        uint64_t elapse;
-        char *type;
-        int r;
-
-        assert(m);
-        assert(message);
-
-        r = sd_bus_message_read(message, "st", &type, &elapse);
-        if (r < 0)
-                return r;
-
-        if (startswith(type, "dry-")) {
-                type += 4;
-                m->shutdown_dry_run = true;
-        }
-
-        if (streq(type, "reboot")) {
-                action = "org.freedesktop.login1.reboot";
-                action_multiple_sessions = "org.freedesktop.login1.reboot-multiple-sessions";
-                action_ignore_inhibit = "org.freedesktop.login1.reboot-ignore-inhibit";
-        } else if (streq(type, "halt")) {
-                action = "org.freedesktop.login1.halt";
-                action_multiple_sessions = "org.freedesktop.login1.halt-multiple-sessions";
-                action_ignore_inhibit = "org.freedesktop.login1.halt-ignore-inhibit";
-        } else if (streq(type, "poweroff")) {
-                action = "org.freedesktop.login1.power-off";
-                action_multiple_sessions = "org.freedesktop.login1.power-off-multiple-sessions";
-                action_ignore_inhibit = "org.freedesktop.login1.power-off-ignore-inhibit";
-        } else
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unsupported shutdown type");
-
-        r = verify_shutdown_creds(m, message, INHIBIT_SHUTDOWN, false,
-                                  action, action_multiple_sessions, action_ignore_inhibit, error);
-        if (r != 0)
-                return r;
-
-        if (m->scheduled_shutdown_timeout_source) {
-                r = sd_event_source_set_time(m->scheduled_shutdown_timeout_source, elapse);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_time() failed: %m");
-
-                r = sd_event_source_set_enabled(m->scheduled_shutdown_timeout_source, SD_EVENT_ONESHOT);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
-        } else {
-                r = sd_event_add_time(m->event, &m->scheduled_shutdown_timeout_source,
-                                      CLOCK_REALTIME, elapse, 0, manager_scheduled_shutdown_handler, m);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_add_time() failed: %m");
-        }
-
-        r = free_and_strdup(&m->scheduled_shutdown_type, type);
-        if (r < 0) {
-                m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
-                return log_oom();
-        }
-
-        if (m->nologin_timeout_source) {
-                r = sd_event_source_set_time(m->nologin_timeout_source, elapse);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_time() failed: %m");
-
-                r = sd_event_source_set_enabled(m->nologin_timeout_source, SD_EVENT_ONESHOT);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
-        } else {
-                r = sd_event_add_time(m->event, &m->nologin_timeout_source,
-                                      CLOCK_REALTIME, elapse - 5 * USEC_PER_MINUTE, 0, nologin_timeout_handler, m);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_add_time() failed: %m");
-        }
-
-        m->scheduled_shutdown_timeout = elapse;
-
-        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_TTY|SD_BUS_CREDS_UID, &creds);
-        if (r >= 0) {
-                const char *tty = NULL;
-
-                (void) sd_bus_creds_get_uid(creds, &m->scheduled_shutdown_uid);
-                (void) sd_bus_creds_get_tty(creds, &tty);
-
-                r = free_and_strdup(&m->scheduled_shutdown_tty, tty);
-                if (r < 0) {
-                        m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
-                        return log_oom();
-                }
-        }
-
-        r = manager_setup_wall_message_timer(m);
-        if (r < 0)
-                return r;
-
-        if (!isempty(type)) {
-                r = update_schedule_file(m);
-                if (r < 0)
-                        return r;
-        } else
-                (void) unlink("/run/systemd/shutdown/scheduled");
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_cancel_scheduled_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        bool cancelled;
-
-        assert(m);
-        assert(message);
-
-        cancelled = m->scheduled_shutdown_type != NULL;
-        reset_scheduled_shutdown(m);
-
-        if (cancelled) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-                const char *tty = NULL;
-                uid_t uid = 0;
-                int r;
-
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_TTY|SD_BUS_CREDS_UID, &creds);
-                if (r >= 0) {
-                        (void) sd_bus_creds_get_uid(creds, &uid);
-                        (void) sd_bus_creds_get_tty(creds, &tty);
-                }
-
-                utmp_wall("The system shutdown has been cancelled",
-                          uid_to_name(uid), tty, logind_wall_tty_filter, m);
-        }
-
-        return sd_bus_reply_method_return(message, "b", cancelled);
-}
-
-static int method_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_do_shutdown_or_sleep(
-                        m, message,
-                        SPECIAL_HIBERNATE_TARGET,
-                        INHIBIT_SLEEP,
-                        "org.freedesktop.login1.hibernate",
-                        "org.freedesktop.login1.hibernate-multiple-sessions",
-                        "org.freedesktop.login1.hibernate-ignore-inhibit",
-                        "hibernate",
-                        error);
-}
-
-static int method_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_do_shutdown_or_sleep(
-                        m, message,
-                        SPECIAL_HYBRID_SLEEP_TARGET,
-                        INHIBIT_SLEEP,
-                        "org.freedesktop.login1.hibernate",
-                        "org.freedesktop.login1.hibernate-multiple-sessions",
-                        "org.freedesktop.login1.hibernate-ignore-inhibit",
-                        "hybrid-sleep",
-                        error);
-}
-
-static int method_can_shutdown_or_sleep(
-                Manager *m,
-                sd_bus_message *message,
-                InhibitWhat w,
-                const char *action,
-                const char *action_multiple_sessions,
-                const char *action_ignore_inhibit,
-                const char *sleep_verb,
-                sd_bus_error *error) {
-
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        bool multiple_sessions, challenge, blocked;
-        const char *result = NULL;
-        uid_t uid;
-        int r;
-
-        assert(m);
-        assert(message);
-        assert(w >= 0);
-        assert(w <= _INHIBIT_WHAT_MAX);
-        assert(action);
-        assert(action_multiple_sessions);
-        assert(action_ignore_inhibit);
-
-        if (sleep_verb) {
-                r = can_sleep(sleep_verb);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return sd_bus_reply_method_return(message, "s", "na");
-        }
-
-        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_creds_get_euid(creds, &uid);
-        if (r < 0)
-                return r;
-
-        r = have_multiple_sessions(m, uid);
-        if (r < 0)
-                return r;
-
-        multiple_sessions = r > 0;
-        blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
-
-        if (multiple_sessions) {
-                r = bus_test_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, UID_INVALID, &challenge, error);
-                if (r < 0)
-                        return r;
-
-                if (r > 0)
-                        result = "yes";
-                else if (challenge)
-                        result = "challenge";
-                else
-                        result = "no";
-        }
-
-        if (blocked) {
-                r = bus_test_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, UID_INVALID, &challenge, error);
-                if (r < 0)
-                        return r;
-
-                if (r > 0 && !result)
-                        result = "yes";
-                else if (challenge && (!result || streq(result, "yes")))
-                        result = "challenge";
-                else
-                        result = "no";
-        }
-
-        if (!multiple_sessions && !blocked) {
-                /* If neither inhibit nor multiple sessions
-                 * apply then just check the normal policy */
-
-                r = bus_test_polkit(message, CAP_SYS_BOOT, action, NULL, UID_INVALID, &challenge, error);
-                if (r < 0)
-                        return r;
-
-                if (r > 0)
-                        result = "yes";
-                else if (challenge)
-                        result = "challenge";
-                else
-                        result = "no";
-        }
-
-        return sd_bus_reply_method_return(message, "s", result);
-}
-
-static int method_can_poweroff(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_can_shutdown_or_sleep(
-                        m, message,
-                        INHIBIT_SHUTDOWN,
-                        "org.freedesktop.login1.power-off",
-                        "org.freedesktop.login1.power-off-multiple-sessions",
-                        "org.freedesktop.login1.power-off-ignore-inhibit",
-                        NULL,
-                        error);
-}
-
-static int method_can_reboot(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_can_shutdown_or_sleep(
-                        m, message,
-                        INHIBIT_SHUTDOWN,
-                        "org.freedesktop.login1.reboot",
-                        "org.freedesktop.login1.reboot-multiple-sessions",
-                        "org.freedesktop.login1.reboot-ignore-inhibit",
-                        NULL,
-                        error);
-}
-
-static int method_can_suspend(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_can_shutdown_or_sleep(
-                        m, message,
-                        INHIBIT_SLEEP,
-                        "org.freedesktop.login1.suspend",
-                        "org.freedesktop.login1.suspend-multiple-sessions",
-                        "org.freedesktop.login1.suspend-ignore-inhibit",
-                        "suspend",
-                        error);
-}
-
-static int method_can_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_can_shutdown_or_sleep(
-                        m, message,
-                        INHIBIT_SLEEP,
-                        "org.freedesktop.login1.hibernate",
-                        "org.freedesktop.login1.hibernate-multiple-sessions",
-                        "org.freedesktop.login1.hibernate-ignore-inhibit",
-                        "hibernate",
-                        error);
-}
-
-static int method_can_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-
-        return method_can_shutdown_or_sleep(
-                        m, message,
-                        INHIBIT_SLEEP,
-                        "org.freedesktop.login1.hibernate",
-                        "org.freedesktop.login1.hibernate-multiple-sessions",
-                        "org.freedesktop.login1.hibernate-ignore-inhibit",
-                        "hybrid-sleep",
-                        error);
-}
-
-static int property_get_reboot_to_firmware_setup(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-        int r;
-
-        assert(bus);
-        assert(reply);
-        assert(userdata);
-
-        r = efi_get_reboot_to_firmware();
-        if (r < 0 && r != -EOPNOTSUPP)
-                return r;
-
-        return sd_bus_message_append(reply, "b", r > 0);
-}
-
-static int method_set_reboot_to_firmware_setup(
-                sd_bus_message *message,
-                void *userdata,
-                sd_bus_error *error) {
-
-        int b, r;
-        Manager *m = userdata;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "b", &b);
-        if (r < 0)
-                return r;
-
-        r = bus_verify_polkit_async(message,
-                                    CAP_SYS_ADMIN,
-                                    "org.freedesktop.login1.set-reboot-to-firmware-setup",
-                                    NULL,
-                                    false,
-                                    UID_INVALID,
-                                    &m->polkit_registry,
-                                    error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        r = efi_set_reboot_to_firmware(b);
-        if (r < 0)
-                return r;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_can_reboot_to_firmware_setup(
-                sd_bus_message *message,
-                void *userdata,
-                sd_bus_error *error) {
-
-        int r;
-        bool challenge;
-        const char *result;
-        Manager *m = userdata;
-
-        assert(message);
-        assert(m);
-
-        r = efi_reboot_to_firmware_supported();
-        if (r == -EOPNOTSUPP)
-                return sd_bus_reply_method_return(message, "s", "na");
-        else if (r < 0)
-                return r;
-
-        r = bus_test_polkit(message,
-                            CAP_SYS_ADMIN,
-                            "org.freedesktop.login1.set-reboot-to-firmware-setup",
-                            NULL,
-                            UID_INVALID,
-                            &challenge,
-                            error);
-        if (r < 0)
-                return r;
-
-        if (r > 0)
-                result = "yes";
-        else if (challenge)
-                result = "challenge";
-        else
-                result = "no";
-
-        return sd_bus_reply_method_return(message, "s", result);
-}
-
-static int method_set_wall_message(
-                sd_bus_message *message,
-                void *userdata,
-                sd_bus_error *error) {
-
-        int r;
-        Manager *m = userdata;
-        char *wall_message;
-        int enable_wall_messages;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "sb", &wall_message, &enable_wall_messages);
-        if (r < 0)
-                return r;
-
-        r = bus_verify_polkit_async(message,
-                                    CAP_SYS_ADMIN,
-                                    "org.freedesktop.login1.set-wall-message",
-                                    NULL,
-                                    false,
-                                    UID_INVALID,
-                                    &m->polkit_registry,
-                                    error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        if (isempty(wall_message))
-                m->wall_message = mfree(m->wall_message);
-        else {
-                r = free_and_strdup(&m->wall_message, wall_message);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        m->enable_wall_messages = enable_wall_messages;
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_inhibit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        const char *who, *why, *what, *mode;
-        _cleanup_free_ char *id = NULL;
-        _cleanup_close_ int fifo_fd = -1;
-        Manager *m = userdata;
-        Inhibitor *i = NULL;
-        InhibitMode mm;
-        InhibitWhat w;
-        pid_t pid;
-        uid_t uid;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "ssss", &what, &who, &why, &mode);
-        if (r < 0)
-                return r;
-
-        w = inhibit_what_from_string(what);
-        if (w <= 0)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid what specification %s", what);
-
-        mm = inhibit_mode_from_string(mode);
-        if (mm < 0)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid mode specification %s", mode);
-
-        /* Delay is only supported for shutdown/sleep */
-        if (mm == INHIBIT_DELAY && (w & ~(INHIBIT_SHUTDOWN|INHIBIT_SLEEP)))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Delay inhibitors only supported for shutdown and sleep");
-
-        /* Don't allow taking delay locks while we are already
-         * executing the operation. We shouldn't create the impression
-         * that the lock was successful if the machine is about to go
-         * down/suspend any moment. */
-        if (m->action_what & w)
-                return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS, "The operation inhibition has been requested for is already running");
-
-        r = bus_verify_polkit_async(
-                        message,
-                        CAP_SYS_BOOT,
-                        w == INHIBIT_SHUTDOWN             ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-shutdown" : "org.freedesktop.login1.inhibit-delay-shutdown") :
-                        w == INHIBIT_SLEEP                ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-sleep"    : "org.freedesktop.login1.inhibit-delay-sleep") :
-                        w == INHIBIT_IDLE                 ? "org.freedesktop.login1.inhibit-block-idle" :
-                        w == INHIBIT_HANDLE_POWER_KEY     ? "org.freedesktop.login1.inhibit-handle-power-key" :
-                        w == INHIBIT_HANDLE_SUSPEND_KEY   ? "org.freedesktop.login1.inhibit-handle-suspend-key" :
-                        w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" :
-                                                            "org.freedesktop.login1.inhibit-handle-lid-switch",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID, &creds);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_creds_get_euid(creds, &uid);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_creds_get_pid(creds, &pid);
-        if (r < 0)
-                return r;
-
-        if (hashmap_size(m->inhibitors) >= m->inhibitors_max)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of inhibitors (%" PRIu64 ") reached, refusing further inhibitors.", m->inhibitors_max);
-
-        do {
-                id = mfree(id);
-
-                if (asprintf(&id, "%lu", ++m->inhibit_counter) < 0)
-                        return -ENOMEM;
-
-        } while (hashmap_get(m->inhibitors, id));
-
-        r = manager_add_inhibitor(m, id, &i);
-        if (r < 0)
-                return r;
-
-        i->what = w;
-        i->mode = mm;
-        i->pid = pid;
-        i->uid = uid;
-        i->why = strdup(why);
-        i->who = strdup(who);
-
-        if (!i->why || !i->who) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        fifo_fd = inhibitor_create_fifo(i);
-        if (fifo_fd < 0) {
-                r = fifo_fd;
-                goto fail;
-        }
-
-        inhibitor_start(i);
-
-        return sd_bus_reply_method_return(message, "h", fifo_fd);
-
-fail:
-        if (i)
-                inhibitor_free(i);
-
-        return r;
-}
-
-const sd_bus_vtable manager_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-
-        SD_BUS_WRITABLE_PROPERTY("EnableWallMessages", "b", NULL, NULL, offsetof(Manager, enable_wall_messages), 0),
-        SD_BUS_WRITABLE_PROPERTY("WallMessage", "s", NULL, NULL, offsetof(Manager, wall_message), 0),
-
-        SD_BUS_PROPERTY("NAutoVTs", "u", NULL, offsetof(Manager, n_autovts), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("KillOnlyUsers", "as", NULL, offsetof(Manager, kill_only_users), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("KillExcludeUsers", "as", NULL, offsetof(Manager, kill_exclude_users), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("KillUserProcesses", "b", NULL, offsetof(Manager, kill_user_processes), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RebootToFirmwareSetup", "b", property_get_reboot_to_firmware_setup, 0, SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("IdleHint", "b", property_get_idle_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("IdleSinceHint", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("IdleSinceHintMonotonic", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("BlockInhibited", "s", property_get_inhibited, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("DelayInhibited", "s", property_get_inhibited, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("InhibitDelayMaxUSec", "t", NULL, offsetof(Manager, inhibit_delay_max), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("HandlePowerKey", "s", property_get_handle_action, offsetof(Manager, handle_power_key), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("HandleSuspendKey", "s", property_get_handle_action, offsetof(Manager, handle_suspend_key), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("HandleHibernateKey", "s", property_get_handle_action, offsetof(Manager, handle_hibernate_key), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("HandleLidSwitch", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("HandleLidSwitchDocked", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch_docked), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("HoldoffTimeoutUSec", "t", NULL, offsetof(Manager, holdoff_timeout_usec), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("IdleAction", "s", property_get_handle_action, offsetof(Manager, idle_action), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("IdleActionUSec", "t", NULL, offsetof(Manager, idle_action_usec), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("PreparingForShutdown", "b", property_get_preparing, 0, 0),
-        SD_BUS_PROPERTY("PreparingForSleep", "b", property_get_preparing, 0, 0),
-        SD_BUS_PROPERTY("ScheduledShutdown", "(st)", property_get_scheduled_shutdown, 0, 0),
-        SD_BUS_PROPERTY("Docked", "b", property_get_docked, 0, 0),
-        SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool, offsetof(Manager, remove_ipc), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("RuntimeDirectorySize", "t", bus_property_get_size, offsetof(Manager, runtime_dir_size), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("InhibitorsMax", "t", NULL, offsetof(Manager, inhibitors_max), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("NCurrentInhibitors", "t", property_get_current_inhibitors, 0, 0),
-        SD_BUS_PROPERTY("SessionsMax", "t", NULL, offsetof(Manager, sessions_max), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("NCurrentSessions", "t", property_get_current_sessions, 0, 0),
-        SD_BUS_PROPERTY("UserTasksMax", "t", NULL, offsetof(Manager, user_tasks_max), SD_BUS_VTABLE_PROPERTY_CONST),
-
-        SD_BUS_METHOD("GetSession", "s", "o", method_get_session, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetSessionByPID", "u", "o", method_get_session_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetUser", "u", "o", method_get_user, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetUserByPID", "u", "o", method_get_user_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetSeat", "s", "o", method_get_seat, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ListSessions", NULL, "a(susso)", method_list_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ListUsers", NULL, "a(uso)", method_list_users, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ListSeats", NULL, "a(so)", method_list_seats, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ListInhibitors", NULL, "a(ssssuu)", method_list_inhibitors, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CreateSession", "uusssssussbssa(sv)", "soshusub", method_create_session, 0),
-        SD_BUS_METHOD("ReleaseSession", "s", NULL, method_release_session, 0),
-        SD_BUS_METHOD("ActivateSession", "s", NULL, method_activate_session, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ActivateSessionOnSeat", "ss", NULL, method_activate_session_on_seat, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("LockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("UnlockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("LockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("UnlockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("KillSession", "ssi", NULL, method_kill_session, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("KillUser", "ui", NULL, method_kill_user, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("TerminateSession", "s", NULL, method_terminate_session, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("TerminateUser", "u", NULL, method_terminate_user, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("TerminateSeat", "s", NULL, method_terminate_seat, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("PowerOff", "b", NULL, method_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Reboot", "b", NULL, method_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CanPowerOff", NULL, "s", method_can_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CanReboot", NULL, "s", method_can_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CanSuspend", NULL, "s", method_can_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CanHibernate", NULL, "s", method_can_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CanHybridSleep", NULL, "s", method_can_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ScheduleShutdown", "st", NULL, method_schedule_shutdown, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CancelScheduledShutdown", NULL, "b", method_cancel_scheduled_shutdown, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Inhibit", "ssss", "h", method_inhibit, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CanRebootToFirmwareSetup", NULL, "s", method_can_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetRebootToFirmwareSetup", "b", NULL, method_set_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetWallMessage", "sb", NULL, method_set_wall_message, SD_BUS_VTABLE_UNPRIVILEGED),
-
-        SD_BUS_SIGNAL("SessionNew", "so", 0),
-        SD_BUS_SIGNAL("SessionRemoved", "so", 0),
-        SD_BUS_SIGNAL("UserNew", "uo", 0),
-        SD_BUS_SIGNAL("UserRemoved", "uo", 0),
-        SD_BUS_SIGNAL("SeatNew", "so", 0),
-        SD_BUS_SIGNAL("SeatRemoved", "so", 0),
-        SD_BUS_SIGNAL("PrepareForShutdown", "b", 0),
-        SD_BUS_SIGNAL("PrepareForSleep", "b", 0),
-
-        SD_BUS_VTABLE_END
-};
-
-static int session_jobs_reply(Session *s, const char *unit, const char *result) {
-        int r = 0;
-
-        assert(s);
-        assert(unit);
-
-        if (!s->started)
-                return r;
-
-        if (streq(result, "done"))
-                r = session_send_create_reply(s, NULL);
-        else {
-                _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
-
-                sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED, "Start job for unit %s failed with '%s'", unit, result);
-                r = session_send_create_reply(s, &e);
-        }
-
-        return r;
-}
-
-int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *path, *result, *unit;
-        Manager *m = userdata;
-        Session *session;
-        uint32_t id;
-        User *user;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "uoss", &id, &path, &unit, &result);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        if (m->action_job && streq(m->action_job, path)) {
-                log_info("Operation '%s' finished.", inhibit_what_to_string(m->action_what));
-
-                /* Tell people that they now may take a lock again */
-                send_prepare_for(m, m->action_what, false);
-
-                m->action_job = mfree(m->action_job);
-                m->action_unit = NULL;
-                m->action_what = 0;
-                return 0;
-        }
-
-        session = hashmap_get(m->session_units, unit);
-        if (session && streq_ptr(path, session->scope_job)) {
-                session->scope_job = mfree(session->scope_job);
-                session_jobs_reply(session, unit, result);
-
-                session_save(session);
-                user_save(session->user);
-                session_add_to_gc_queue(session);
-        }
-
-        user = hashmap_get(m->user_units, unit);
-        if (user &&
-            (streq_ptr(path, user->service_job) ||
-             streq_ptr(path, user->slice_job))) {
-
-                if (streq_ptr(path, user->service_job))
-                        user->service_job = mfree(user->service_job);
-
-                if (streq_ptr(path, user->slice_job))
-                        user->slice_job = mfree(user->slice_job);
-
-                LIST_FOREACH(sessions_by_user, session, user->sessions)
-                        session_jobs_reply(session, unit, result);
-
-                user_save(user);
-                user_add_to_gc_queue(user);
-        }
-
-        return 0;
-}
-
-int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *path, *unit;
-        Manager *m = userdata;
-        Session *session;
-        User *user;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "so", &unit, &path);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        session = hashmap_get(m->session_units, unit);
-        if (session)
-                session_add_to_gc_queue(session);
-
-        user = hashmap_get(m->user_units, unit);
-        if (user)
-                user_add_to_gc_queue(user);
-
-        return 0;
-}
-
-int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *unit = NULL;
-        Manager *m = userdata;
-        const char *path;
-        Session *session;
-        User *user;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        path = sd_bus_message_get_path(message);
-        if (!path)
-                return 0;
-
-        r = unit_name_from_dbus_path(path, &unit);
-        if (r == -EINVAL) /* not a unit */
-                return 0;
-        if (r < 0) {
-                log_oom();
-                return 0;
-        }
-
-        session = hashmap_get(m->session_units, unit);
-        if (session)
-                session_add_to_gc_queue(session);
-
-        user = hashmap_get(m->user_units, unit);
-        if (user)
-                user_add_to_gc_queue(user);
-
-        return 0;
-}
-
-int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Session *session;
-        Iterator i;
-        int b, r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "b", &b);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        if (b)
-                return 0;
-
-        /* systemd finished reloading, let's recheck all our sessions */
-        log_debug("System manager has been reloaded, rechecking sessions...");
-
-        HASHMAP_FOREACH(session, m->sessions, i)
-                session_add_to_gc_queue(session);
-
-        return 0;
-}
-
-int manager_send_changed(Manager *manager, const char *property, ...) {
-        char **l;
-
-        assert(manager);
-
-        l = strv_from_stdarg_alloca(property);
-
-        return sd_bus_emit_properties_changed_strv(
-                        manager->bus,
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        l);
-}
-
-static int strdup_job(sd_bus_message *reply, char **job) {
-        const char *j;
-        char *copy;
-        int r;
-
-        r = sd_bus_message_read(reply, "o", &j);
-        if (r < 0)
-                return r;
-
-        copy = strdup(j);
-        if (!copy)
-                return -ENOMEM;
-
-        *job = copy;
-        return 1;
-}
-
-int manager_start_slice(
-                Manager *manager,
-                const char *slice,
-                const char *description,
-                const char *after,
-                const char *after2,
-                uint64_t tasks_max,
-                sd_bus_error *error,
-                char **job) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(slice);
-        assert(job);
-
-        r = sd_bus_message_new_method_call(
-                        manager->bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartTransientUnit");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "ss", strempty(slice), "fail");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(m, 'a', "(sv)");
-        if (r < 0)
-                return r;
-
-        if (!isempty(description)) {
-                r = sd_bus_message_append(m, "(sv)", "Description", "s", description);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!isempty(after)) {
-                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!isempty(after2)) {
-                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after2);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", tasks_max);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "a(sa(sv))", 0);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call(manager->bus, m, 0, error, &reply);
-        if (r < 0)
-                return r;
-
-        return strdup_job(reply, job);
-}
-
-int manager_start_scope(
-                Manager *manager,
-                const char *scope,
-                pid_t pid,
-                const char *slice,
-                const char *description,
-                const char *after,
-                const char *after2,
-                uint64_t tasks_max,
-                sd_bus_error *error,
-                char **job) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(scope);
-        assert(pid > 1);
-        assert(job);
-
-        r = sd_bus_message_new_method_call(
-                        manager->bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartTransientUnit");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "ss", strempty(scope), "fail");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(m, 'a', "(sv)");
-        if (r < 0)
-                return r;
-
-        if (!isempty(slice)) {
-                r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!isempty(description)) {
-                r = sd_bus_message_append(m, "(sv)", "Description", "s", description);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!isempty(after)) {
-                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!isempty(after2)) {
-                r = sd_bus_message_append(m, "(sv)", "After", "as", 1, after2);
-                if (r < 0)
-                        return r;
-        }
-
-        /* cgroup empty notification is not available in containers
-         * currently. To make this less problematic, let's shorten the
-         * stop timeout for sessions, so that we don't wait
-         * forever. */
-
-        /* Make sure that the session shells are terminated with
-         * SIGHUP since bash and friends tend to ignore SIGTERM */
-        r = sd_bus_message_append(m, "(sv)", "SendSIGHUP", "b", true);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "(sv)", "PIDs", "au", 1, pid);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", tasks_max);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "a(sa(sv))", 0);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call(manager->bus, m, 0, error, &reply);
-        if (r < 0)
-                return r;
-
-        return strdup_job(reply, job);
-}
-
-int manager_start_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(unit);
-        assert(job);
-
-        r = sd_bus_call_method(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartUnit",
-                        error,
-                        &reply,
-                        "ss", unit, "replace");
-        if (r < 0)
-                return r;
-
-        return strdup_job(reply, job);
-}
-
-int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(unit);
-        assert(job);
-
-        r = sd_bus_call_method(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StopUnit",
-                        error,
-                        &reply,
-                        "ss", unit, "fail");
-        if (r < 0) {
-                if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
-                    sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED)) {
-
-                        *job = NULL;
-                        sd_bus_error_free(error);
-                        return 0;
-                }
-
-                return r;
-        }
-
-        return strdup_job(reply, job);
-}
-
-int manager_abandon_scope(Manager *manager, const char *scope, sd_bus_error *error) {
-        _cleanup_free_ char *path = NULL;
-        int r;
-
-        assert(manager);
-        assert(scope);
-
-        path = unit_dbus_path_from_name(scope);
-        if (!path)
-                return -ENOMEM;
-
-        r = sd_bus_call_method(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Scope",
-                        "Abandon",
-                        error,
-                        NULL,
-                        NULL);
-        if (r < 0) {
-                if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
-                    sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED) ||
-                    sd_bus_error_has_name(error, BUS_ERROR_SCOPE_NOT_RUNNING)) {
-                        sd_bus_error_free(error);
-                        return 0;
-                }
-
-                return r;
-        }
-
-        return 1;
-}
-
-int manager_kill_unit(Manager *manager, const char *unit, KillWho who, int signo, sd_bus_error *error) {
-        assert(manager);
-        assert(unit);
-
-        return sd_bus_call_method(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "KillUnit",
-                        error,
-                        NULL,
-                        "ssi", unit, who == KILL_LEADER ? "main" : "all", signo);
-}
-
-int manager_unit_is_active(Manager *manager, const char *unit) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ char *path = NULL;
-        const char *state;
-        int r;
-
-        assert(manager);
-        assert(unit);
-
-        path = unit_dbus_path_from_name(unit);
-        if (!path)
-                return -ENOMEM;
-
-        r = sd_bus_get_property(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        "ActiveState",
-                        &error,
-                        &reply,
-                        "s");
-        if (r < 0) {
-                /* systemd might have droppped off momentarily, let's
-                 * not make this an error */
-                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
-                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
-                        return true;
-
-                /* If the unit is already unloaded then it's not
-                 * active */
-                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
-                    sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED))
-                        return false;
-
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "s", &state);
-        if (r < 0)
-                return -EINVAL;
-
-        return !streq(state, "inactive") && !streq(state, "failed");
-}
-
-int manager_job_is_active(Manager *manager, const char *path) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(path);
-
-        r = sd_bus_get_property(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Job",
-                        "State",
-                        &error,
-                        &reply,
-                        "s");
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
-                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
-                        return true;
-
-                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT))
-                        return false;
-
-                return r;
-        }
-
-        /* We don't actually care about the state really. The fact
-         * that we could read the job state is enough for us */
-
-        return true;
-}
diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
deleted file mode 100644
index b5192320e4..0000000000
--- a/src/login/logind-seat.c
+++ /dev/null
@@ -1,695 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "logind-acl.h"
-#include "logind-seat.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "terminal-util.h"
-#include "util.h"
-
-Seat *seat_new(Manager *m, const char *id) {
-        Seat *s;
-
-        assert(m);
-        assert(id);
-
-        s = new0(Seat, 1);
-        if (!s)
-                return NULL;
-
-        s->state_file = strappend("/run/systemd/seats/", id);
-        if (!s->state_file) {
-                free(s);
-                return NULL;
-        }
-
-        s->id = basename(s->state_file);
-        s->manager = m;
-
-        if (hashmap_put(m->seats, s->id, s) < 0) {
-                free(s->state_file);
-                free(s);
-                return NULL;
-        }
-
-        return s;
-}
-
-void seat_free(Seat *s) {
-        assert(s);
-
-        if (s->in_gc_queue)
-                LIST_REMOVE(gc_queue, s->manager->seat_gc_queue, s);
-
-        while (s->sessions)
-                session_free(s->sessions);
-
-        assert(!s->active);
-
-        while (s->devices)
-                device_free(s->devices);
-
-        hashmap_remove(s->manager->seats, s->id);
-
-        free(s->positions);
-        free(s->state_file);
-        free(s);
-}
-
-int seat_save(Seat *s) {
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(s);
-
-        if (!s->started)
-                return 0;
-
-        r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0);
-        if (r < 0)
-                goto fail;
-
-        r = fopen_temporary(s->state_file, &f, &temp_path);
-        if (r < 0)
-                goto fail;
-
-        fchmod(fileno(f), 0644);
-
-        fprintf(f,
-                "# This is private data. Do not parse.\n"
-                "IS_SEAT0=%i\n"
-                "CAN_MULTI_SESSION=%i\n"
-                "CAN_TTY=%i\n"
-                "CAN_GRAPHICAL=%i\n",
-                seat_is_seat0(s),
-                seat_can_multi_session(s),
-                seat_can_tty(s),
-                seat_can_graphical(s));
-
-        if (s->active) {
-                assert(s->active->user);
-
-                fprintf(f,
-                        "ACTIVE=%s\n"
-                        "ACTIVE_UID="UID_FMT"\n",
-                        s->active->id,
-                        s->active->user->uid);
-        }
-
-        if (s->sessions) {
-                Session *i;
-
-                fputs("SESSIONS=", f);
-                LIST_FOREACH(sessions_by_seat, i, s->sessions) {
-                        fprintf(f,
-                                "%s%c",
-                                i->id,
-                                i->sessions_by_seat_next ? ' ' : '\n');
-                }
-
-                fputs("UIDS=", f);
-                LIST_FOREACH(sessions_by_seat, i, s->sessions)
-                        fprintf(f,
-                                UID_FMT"%c",
-                                i->user->uid,
-                                i->sessions_by_seat_next ? ' ' : '\n');
-        }
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, s->state_file) < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        (void) unlink(s->state_file);
-
-        if (temp_path)
-                (void) unlink(temp_path);
-
-        return log_error_errno(r, "Failed to save seat data %s: %m", s->state_file);
-}
-
-int seat_load(Seat *s) {
-        assert(s);
-
-        /* There isn't actually anything to read here ... */
-
-        return 0;
-}
-
-static int vt_allocate(unsigned int vtnr) {
-        char p[sizeof("/dev/tty") + DECIMAL_STR_MAX(unsigned int)];
-        _cleanup_close_ int fd = -1;
-
-        assert(vtnr >= 1);
-
-        xsprintf(p, "/dev/tty%u", vtnr);
-        fd = open_terminal(p, O_RDWR|O_NOCTTY|O_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        return 0;
-}
-
-int seat_preallocate_vts(Seat *s) {
-        int r = 0;
-        unsigned i;
-
-        assert(s);
-        assert(s->manager);
-
-        log_debug("Preallocating VTs...");
-
-        if (s->manager->n_autovts <= 0)
-                return 0;
-
-        if (!seat_has_vts(s))
-                return 0;
-
-        for (i = 1; i <= s->manager->n_autovts; i++) {
-                int q;
-
-                q = vt_allocate(i);
-                if (q < 0) {
-                        log_error_errno(q, "Failed to preallocate VT %u: %m", i);
-                        r = q;
-                }
-        }
-
-        return r;
-}
-
-int seat_apply_acls(Seat *s, Session *old_active) {
-        int r;
-
-        assert(s);
-
-        r = devnode_acl_all(s->manager->udev,
-                            s->id,
-                            false,
-                            !!old_active, old_active ? old_active->user->uid : 0,
-                            !!s->active, s->active ? s->active->user->uid : 0);
-
-        if (r < 0)
-                log_error_errno(r, "Failed to apply ACLs: %m");
-
-        return r;
-}
-
-int seat_set_active(Seat *s, Session *session) {
-        Session *old_active;
-
-        assert(s);
-        assert(!session || session->seat == s);
-
-        if (session == s->active)
-                return 0;
-
-        old_active = s->active;
-        s->active = session;
-
-        if (old_active) {
-                session_device_pause_all(old_active);
-                session_send_changed(old_active, "Active", NULL);
-        }
-
-        seat_apply_acls(s, old_active);
-
-        if (session && session->started) {
-                session_send_changed(session, "Active", NULL);
-                session_device_resume_all(session);
-        }
-
-        if (!session || session->started)
-                seat_send_changed(s, "ActiveSession", NULL);
-
-        seat_save(s);
-
-        if (session) {
-                session_save(session);
-                user_save(session->user);
-        }
-
-        if (old_active) {
-                session_save(old_active);
-                if (!session || session->user != old_active->user)
-                        user_save(old_active->user);
-        }
-
-        return 0;
-}
-
-int seat_switch_to(Seat *s, unsigned int num) {
-        /* Public session positions skip 0 (there is only F1-F12). Maybe it
-         * will get reassigned in the future, so return error for now. */
-        if (num == 0)
-                return -EINVAL;
-
-        if (num >= s->position_count || !s->positions[num]) {
-                /* allow switching to unused VTs to trigger auto-activate */
-                if (seat_has_vts(s) && num < 64)
-                        return chvt(num);
-
-                return -EINVAL;
-        }
-
-        return session_activate(s->positions[num]);
-}
-
-int seat_switch_to_next(Seat *s) {
-        unsigned int start, i;
-
-        if (s->position_count == 0)
-                return -EINVAL;
-
-        start = 1;
-        if (s->active && s->active->position > 0)
-                start = s->active->position;
-
-        for (i = start + 1; i < s->position_count; ++i)
-                if (s->positions[i])
-                        return session_activate(s->positions[i]);
-
-        for (i = 1; i < start; ++i)
-                if (s->positions[i])
-                        return session_activate(s->positions[i]);
-
-        return -EINVAL;
-}
-
-int seat_switch_to_previous(Seat *s) {
-        unsigned int start, i;
-
-        if (s->position_count == 0)
-                return -EINVAL;
-
-        start = 1;
-        if (s->active && s->active->position > 0)
-                start = s->active->position;
-
-        for (i = start - 1; i > 0; --i)
-                if (s->positions[i])
-                        return session_activate(s->positions[i]);
-
-        for (i = s->position_count - 1; i > start; --i)
-                if (s->positions[i])
-                        return session_activate(s->positions[i]);
-
-        return -EINVAL;
-}
-
-int seat_active_vt_changed(Seat *s, unsigned int vtnr) {
-        Session *i, *new_active = NULL;
-        int r;
-
-        assert(s);
-        assert(vtnr >= 1);
-
-        if (!seat_has_vts(s))
-                return -EINVAL;
-
-        log_debug("VT changed to %u", vtnr);
-
-        /* we might have earlier closing sessions on the same VT, so try to
-         * find a running one first */
-        LIST_FOREACH(sessions_by_seat, i, s->sessions)
-                if (i->vtnr == vtnr && !i->stopping) {
-                        new_active = i;
-                        break;
-                }
-
-        if (!new_active) {
-                /* no running one? then we can't decide which one is the
-                 * active one, let the first one win */
-                LIST_FOREACH(sessions_by_seat, i, s->sessions)
-                        if (i->vtnr == vtnr) {
-                                new_active = i;
-                                break;
-                        }
-        }
-
-        r = seat_set_active(s, new_active);
-        manager_spawn_autovt(s->manager, vtnr);
-
-        return r;
-}
-
-int seat_read_active_vt(Seat *s) {
-        char t[64];
-        ssize_t k;
-        unsigned int vtnr;
-        int r;
-
-        assert(s);
-
-        if (!seat_has_vts(s))
-                return 0;
-
-        lseek(s->manager->console_active_fd, SEEK_SET, 0);
-
-        k = read(s->manager->console_active_fd, t, sizeof(t)-1);
-        if (k <= 0) {
-                log_error("Failed to read current console: %s", k < 0 ? strerror(-errno) : "EOF");
-                return k < 0 ? -errno : -EIO;
-        }
-
-        t[k] = 0;
-        truncate_nl(t);
-
-        if (!startswith(t, "tty")) {
-                log_error("Hm, /sys/class/tty/tty0/active is badly formatted.");
-                return -EIO;
-        }
-
-        r = safe_atou(t+3, &vtnr);
-        if (r < 0) {
-                log_error("Failed to parse VT number %s", t+3);
-                return r;
-        }
-
-        if (!vtnr) {
-                log_error("VT number invalid: %s", t+3);
-                return -EIO;
-        }
-
-        return seat_active_vt_changed(s, vtnr);
-}
-
-int seat_start(Seat *s) {
-        assert(s);
-
-        if (s->started)
-                return 0;
-
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_SEAT_START),
-                   "SEAT_ID=%s", s->id,
-                   LOG_MESSAGE("New seat %s.", s->id),
-                   NULL);
-
-        /* Initialize VT magic stuff */
-        seat_preallocate_vts(s);
-
-        /* Read current VT */
-        seat_read_active_vt(s);
-
-        s->started = true;
-
-        /* Save seat data */
-        seat_save(s);
-
-        seat_send_signal(s, true);
-
-        return 0;
-}
-
-int seat_stop(Seat *s, bool force) {
-        int r = 0;
-
-        assert(s);
-
-        if (s->started)
-                log_struct(LOG_INFO,
-                           LOG_MESSAGE_ID(SD_MESSAGE_SEAT_STOP),
-                           "SEAT_ID=%s", s->id,
-                           LOG_MESSAGE("Removed seat %s.", s->id),
-                           NULL);
-
-        seat_stop_sessions(s, force);
-
-        unlink(s->state_file);
-        seat_add_to_gc_queue(s);
-
-        if (s->started)
-                seat_send_signal(s, false);
-
-        s->started = false;
-
-        return r;
-}
-
-int seat_stop_sessions(Seat *s, bool force) {
-        Session *session;
-        int r = 0, k;
-
-        assert(s);
-
-        LIST_FOREACH(sessions_by_seat, session, s->sessions) {
-                k = session_stop(session, force);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-void seat_evict_position(Seat *s, Session *session) {
-        Session *iter;
-        unsigned int pos = session->position;
-
-        session->position = 0;
-
-        if (pos == 0)
-                return;
-
-        if (pos < s->position_count && s->positions[pos] == session) {
-                s->positions[pos] = NULL;
-
-                /* There might be another session claiming the same
-                 * position (eg., during gdm->session transition), so let's look
-                 * for it and set it on the free slot. */
-                LIST_FOREACH(sessions_by_seat, iter, s->sessions) {
-                        if (iter->position == pos && session_get_state(iter) != SESSION_CLOSING) {
-                                s->positions[pos] = iter;
-                                break;
-                        }
-                }
-        }
-}
-
-void seat_claim_position(Seat *s, Session *session, unsigned int pos) {
-        /* with VTs, the position is always the same as the VTnr */
-        if (seat_has_vts(s))
-                pos = session->vtnr;
-
-        if (!GREEDY_REALLOC0(s->positions, s->position_count, pos + 1))
-                return;
-
-        seat_evict_position(s, session);
-
-        session->position = pos;
-        if (pos > 0)
-                s->positions[pos] = session;
-}
-
-static void seat_assign_position(Seat *s, Session *session) {
-        unsigned int pos;
-
-        if (session->position > 0)
-                return;
-
-        for (pos = 1; pos < s->position_count; ++pos)
-                if (!s->positions[pos])
-                        break;
-
-        seat_claim_position(s, session, pos);
-}
-
-int seat_attach_session(Seat *s, Session *session) {
-        assert(s);
-        assert(session);
-        assert(!session->seat);
-
-        if (!seat_has_vts(s) != !session->vtnr)
-                return -EINVAL;
-
-        session->seat = s;
-        LIST_PREPEND(sessions_by_seat, s->sessions, session);
-        seat_assign_position(s, session);
-
-        seat_send_changed(s, "Sessions", NULL);
-
-        /* On seats with VTs, the VT logic defines which session is active. On
-         * seats without VTs, we automatically activate new sessions. */
-        if (!seat_has_vts(s))
-                seat_set_active(s, session);
-
-        return 0;
-}
-
-void seat_complete_switch(Seat *s) {
-        Session *session;
-
-        assert(s);
-
-        /* if no session-switch is pending or if it got canceled, do nothing */
-        if (!s->pending_switch)
-                return;
-
-        session = s->pending_switch;
-        s->pending_switch = NULL;
-
-        seat_set_active(s, session);
-}
-
-bool seat_has_vts(Seat *s) {
-        assert(s);
-
-        return seat_is_seat0(s) && s->manager->console_active_fd >= 0;
-}
-
-bool seat_is_seat0(Seat *s) {
-        assert(s);
-
-        return s->manager->seat0 == s;
-}
-
-bool seat_can_multi_session(Seat *s) {
-        assert(s);
-
-        return seat_has_vts(s);
-}
-
-bool seat_can_tty(Seat *s) {
-        assert(s);
-
-        return seat_has_vts(s);
-}
-
-bool seat_has_master_device(Seat *s) {
-        assert(s);
-
-        /* device list is ordered by "master" flag */
-        return !!s->devices && s->devices->master;
-}
-
-bool seat_can_graphical(Seat *s) {
-        assert(s);
-
-        return seat_has_master_device(s);
-}
-
-int seat_get_idle_hint(Seat *s, dual_timestamp *t) {
-        Session *session;
-        bool idle_hint = true;
-        dual_timestamp ts = DUAL_TIMESTAMP_NULL;
-
-        assert(s);
-
-        LIST_FOREACH(sessions_by_seat, session, s->sessions) {
-                dual_timestamp k;
-                int ih;
-
-                ih = session_get_idle_hint(session, &k);
-                if (ih < 0)
-                        return ih;
-
-                if (!ih) {
-                        if (!idle_hint) {
-                                if (k.monotonic > ts.monotonic)
-                                        ts = k;
-                        } else {
-                                idle_hint = false;
-                                ts = k;
-                        }
-                } else if (idle_hint) {
-
-                        if (k.monotonic > ts.monotonic)
-                                ts = k;
-                }
-        }
-
-        if (t)
-                *t = ts;
-
-        return idle_hint;
-}
-
-bool seat_check_gc(Seat *s, bool drop_not_started) {
-        assert(s);
-
-        if (drop_not_started && !s->started)
-                return false;
-
-        if (seat_is_seat0(s))
-                return true;
-
-        return seat_has_master_device(s);
-}
-
-void seat_add_to_gc_queue(Seat *s) {
-        assert(s);
-
-        if (s->in_gc_queue)
-                return;
-
-        LIST_PREPEND(gc_queue, s->manager->seat_gc_queue, s);
-        s->in_gc_queue = true;
-}
-
-static bool seat_name_valid_char(char c) {
-        return
-                (c >= 'a' && c <= 'z') ||
-                (c >= 'A' && c <= 'Z') ||
-                (c >= '0' && c <= '9') ||
-                c == '-' ||
-                c == '_';
-}
-
-bool seat_name_is_valid(const char *name) {
-        const char *p;
-
-        assert(name);
-
-        if (!startswith(name, "seat"))
-                return false;
-
-        if (!name[4])
-                return false;
-
-        for (p = name; *p; p++)
-                if (!seat_name_valid_char(*p))
-                        return false;
-
-        if (strlen(name) > 255)
-                return false;
-
-        return true;
-}
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
deleted file mode 100644
index 1e0666884a..0000000000
--- a/src/login/logind-session.c
+++ /dev/null
@@ -1,1271 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/kd.h>
-#include <linux/vt.h>
-#include <signal.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "audit-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "io-util.h"
-#include "logind-session.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "string-table.h"
-#include "terminal-util.h"
-#include "user-util.h"
-#include "util.h"
-
-#define RELEASE_USEC (20*USEC_PER_SEC)
-
-static void session_remove_fifo(Session *s);
-
-Session* session_new(Manager *m, const char *id) {
-        Session *s;
-
-        assert(m);
-        assert(id);
-        assert(session_id_valid(id));
-
-        s = new0(Session, 1);
-        if (!s)
-                return NULL;
-
-        s->state_file = strappend("/run/systemd/sessions/", id);
-        if (!s->state_file) {
-                free(s);
-                return NULL;
-        }
-
-        s->devices = hashmap_new(&devt_hash_ops);
-        if (!s->devices) {
-                free(s->state_file);
-                free(s);
-                return NULL;
-        }
-
-        s->id = basename(s->state_file);
-
-        if (hashmap_put(m->sessions, s->id, s) < 0) {
-                hashmap_free(s->devices);
-                free(s->state_file);
-                free(s);
-                return NULL;
-        }
-
-        s->manager = m;
-        s->fifo_fd = -1;
-        s->vtfd = -1;
-
-        return s;
-}
-
-void session_free(Session *s) {
-        SessionDevice *sd;
-
-        assert(s);
-
-        if (s->in_gc_queue)
-                LIST_REMOVE(gc_queue, s->manager->session_gc_queue, s);
-
-        s->timer_event_source = sd_event_source_unref(s->timer_event_source);
-
-        session_remove_fifo(s);
-
-        session_drop_controller(s);
-
-        while ((sd = hashmap_first(s->devices)))
-                session_device_free(sd);
-
-        hashmap_free(s->devices);
-
-        if (s->user) {
-                LIST_REMOVE(sessions_by_user, s->user->sessions, s);
-
-                if (s->user->display == s)
-                        s->user->display = NULL;
-        }
-
-        if (s->seat) {
-                if (s->seat->active == s)
-                        s->seat->active = NULL;
-                if (s->seat->pending_switch == s)
-                        s->seat->pending_switch = NULL;
-
-                seat_evict_position(s->seat, s);
-                LIST_REMOVE(sessions_by_seat, s->seat->sessions, s);
-        }
-
-        if (s->scope) {
-                hashmap_remove(s->manager->session_units, s->scope);
-                free(s->scope);
-        }
-
-        free(s->scope_job);
-
-        sd_bus_message_unref(s->create_message);
-
-        free(s->tty);
-        free(s->display);
-        free(s->remote_host);
-        free(s->remote_user);
-        free(s->service);
-        free(s->desktop);
-
-        hashmap_remove(s->manager->sessions, s->id);
-
-        free(s->state_file);
-        free(s);
-}
-
-void session_set_user(Session *s, User *u) {
-        assert(s);
-        assert(!s->user);
-
-        s->user = u;
-        LIST_PREPEND(sessions_by_user, u->sessions, s);
-}
-
-int session_save(Session *s) {
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r = 0;
-
-        assert(s);
-
-        if (!s->user)
-                return -ESTALE;
-
-        if (!s->started)
-                return 0;
-
-        r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
-        if (r < 0)
-                goto fail;
-
-        r = fopen_temporary(s->state_file, &f, &temp_path);
-        if (r < 0)
-                goto fail;
-
-        assert(s->user);
-
-        fchmod(fileno(f), 0644);
-
-        fprintf(f,
-                "# This is private data. Do not parse.\n"
-                "UID="UID_FMT"\n"
-                "USER=%s\n"
-                "ACTIVE=%i\n"
-                "STATE=%s\n"
-                "REMOTE=%i\n",
-                s->user->uid,
-                s->user->name,
-                session_is_active(s),
-                session_state_to_string(session_get_state(s)),
-                s->remote);
-
-        if (s->type >= 0)
-                fprintf(f, "TYPE=%s\n", session_type_to_string(s->type));
-
-        if (s->class >= 0)
-                fprintf(f, "CLASS=%s\n", session_class_to_string(s->class));
-
-        if (s->scope)
-                fprintf(f, "SCOPE=%s\n", s->scope);
-        if (s->scope_job)
-                fprintf(f, "SCOPE_JOB=%s\n", s->scope_job);
-
-        if (s->fifo_path)
-                fprintf(f, "FIFO=%s\n", s->fifo_path);
-
-        if (s->seat)
-                fprintf(f, "SEAT=%s\n", s->seat->id);
-
-        if (s->tty)
-                fprintf(f, "TTY=%s\n", s->tty);
-
-        if (s->display)
-                fprintf(f, "DISPLAY=%s\n", s->display);
-
-        if (s->remote_host) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(s->remote_host);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "REMOTE_HOST=%s\n", escaped);
-        }
-
-        if (s->remote_user) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(s->remote_user);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "REMOTE_USER=%s\n", escaped);
-        }
-
-        if (s->service) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(s->service);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "SERVICE=%s\n", escaped);
-        }
-
-        if (s->desktop) {
-                _cleanup_free_ char *escaped;
-
-
-                escaped = cescape(s->desktop);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "DESKTOP=%s\n", escaped);
-        }
-
-        if (s->seat && seat_has_vts(s->seat))
-                fprintf(f, "VTNR=%u\n", s->vtnr);
-
-        if (!s->vtnr)
-                fprintf(f, "POSITION=%u\n", s->position);
-
-        if (s->leader > 0)
-                fprintf(f, "LEADER="PID_FMT"\n", s->leader);
-
-        if (s->audit_id > 0)
-                fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id);
-
-        if (dual_timestamp_is_set(&s->timestamp))
-                fprintf(f,
-                        "REALTIME="USEC_FMT"\n"
-                        "MONOTONIC="USEC_FMT"\n",
-                        s->timestamp.realtime,
-                        s->timestamp.monotonic);
-
-        if (s->controller)
-                fprintf(f, "CONTROLLER=%s\n", s->controller);
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, s->state_file) < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        (void) unlink(s->state_file);
-
-        if (temp_path)
-                (void) unlink(temp_path);
-
-        return log_error_errno(r, "Failed to save session data %s: %m", s->state_file);
-}
-
-
-int session_load(Session *s) {
-        _cleanup_free_ char *remote = NULL,
-                *seat = NULL,
-                *vtnr = NULL,
-                *state = NULL,
-                *position = NULL,
-                *leader = NULL,
-                *type = NULL,
-                *class = NULL,
-                *uid = NULL,
-                *realtime = NULL,
-                *monotonic = NULL,
-                *controller = NULL;
-
-        int k, r;
-
-        assert(s);
-
-        r = parse_env_file(s->state_file, NEWLINE,
-                           "REMOTE",         &remote,
-                           "SCOPE",          &s->scope,
-                           "SCOPE_JOB",      &s->scope_job,
-                           "FIFO",           &s->fifo_path,
-                           "SEAT",           &seat,
-                           "TTY",            &s->tty,
-                           "DISPLAY",        &s->display,
-                           "REMOTE_HOST",    &s->remote_host,
-                           "REMOTE_USER",    &s->remote_user,
-                           "SERVICE",        &s->service,
-                           "DESKTOP",        &s->desktop,
-                           "VTNR",           &vtnr,
-                           "STATE",          &state,
-                           "POSITION",       &position,
-                           "LEADER",         &leader,
-                           "TYPE",           &type,
-                           "CLASS",          &class,
-                           "UID",            &uid,
-                           "REALTIME",       &realtime,
-                           "MONOTONIC",      &monotonic,
-                           "CONTROLLER",     &controller,
-                           NULL);
-
-        if (r < 0)
-                return log_error_errno(r, "Failed to read %s: %m", s->state_file);
-
-        if (!s->user) {
-                uid_t u;
-                User *user;
-
-                if (!uid) {
-                        log_error("UID not specified for session %s", s->id);
-                        return -ENOENT;
-                }
-
-                r = parse_uid(uid, &u);
-                if (r < 0)  {
-                        log_error("Failed to parse UID value %s for session %s.", uid, s->id);
-                        return r;
-                }
-
-                user = hashmap_get(s->manager->users, UID_TO_PTR(u));
-                if (!user) {
-                        log_error("User of session %s not known.", s->id);
-                        return -ENOENT;
-                }
-
-                session_set_user(s, user);
-        }
-
-        if (remote) {
-                k = parse_boolean(remote);
-                if (k >= 0)
-                        s->remote = k;
-        }
-
-        if (vtnr)
-                safe_atou(vtnr, &s->vtnr);
-
-        if (seat && !s->seat) {
-                Seat *o;
-
-                o = hashmap_get(s->manager->seats, seat);
-                if (o)
-                        r = seat_attach_session(o, s);
-                if (!o || r < 0)
-                        log_error("Cannot attach session %s to seat %s", s->id, seat);
-        }
-
-        if (!s->seat || !seat_has_vts(s->seat))
-                s->vtnr = 0;
-
-        if (position && s->seat) {
-                unsigned int npos;
-
-                safe_atou(position, &npos);
-                seat_claim_position(s->seat, s, npos);
-        }
-
-        if (leader) {
-                k = parse_pid(leader, &s->leader);
-                if (k >= 0)
-                        audit_session_from_pid(s->leader, &s->audit_id);
-        }
-
-        if (type) {
-                SessionType t;
-
-                t = session_type_from_string(type);
-                if (t >= 0)
-                        s->type = t;
-        }
-
-        if (class) {
-                SessionClass c;
-
-                c = session_class_from_string(class);
-                if (c >= 0)
-                        s->class = c;
-        }
-
-        if (state && streq(state, "closing"))
-                s->stopping = true;
-
-        if (s->fifo_path) {
-                int fd;
-
-                /* If we open an unopened pipe for reading we will not
-                   get an EOF. to trigger an EOF we hence open it for
-                   writing, but close it right away which then will
-                   trigger the EOF. This will happen immediately if no
-                   other process has the FIFO open for writing, i. e.
-                   when the session died before logind (re)started. */
-
-                fd = session_create_fifo(s);
-                safe_close(fd);
-        }
-
-        if (realtime)
-                timestamp_deserialize(realtime, &s->timestamp.realtime);
-        if (monotonic)
-                timestamp_deserialize(monotonic, &s->timestamp.monotonic);
-
-        if (controller) {
-                if (bus_name_has_owner(s->manager->bus, controller, NULL) > 0)
-                        session_set_controller(s, controller, false);
-                else
-                        session_restore_vt(s);
-        }
-
-        return r;
-}
-
-int session_activate(Session *s) {
-        unsigned int num_pending;
-
-        assert(s);
-        assert(s->user);
-
-        if (!s->seat)
-                return -EOPNOTSUPP;
-
-        if (s->seat->active == s)
-                return 0;
-
-        /* on seats with VTs, we let VTs manage session-switching */
-        if (seat_has_vts(s->seat)) {
-                if (!s->vtnr)
-                        return -EOPNOTSUPP;
-
-                return chvt(s->vtnr);
-        }
-
-        /* On seats without VTs, we implement session-switching in logind. We
-         * try to pause all session-devices and wait until the session
-         * controller acknowledged them. Once all devices are asleep, we simply
-         * switch the active session and be done.
-         * We save the session we want to switch to in seat->pending_switch and
-         * seat_complete_switch() will perform the final switch. */
-
-        s->seat->pending_switch = s;
-
-        /* if no devices are running, immediately perform the session switch */
-        num_pending = session_device_try_pause_all(s);
-        if (!num_pending)
-                seat_complete_switch(s->seat);
-
-        return 0;
-}
-
-static int session_start_scope(Session *s) {
-        int r;
-
-        assert(s);
-        assert(s->user);
-
-        if (!s->scope) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                char *scope, *job = NULL;
-                const char *description;
-
-                scope = strjoin("session-", s->id, ".scope", NULL);
-                if (!scope)
-                        return log_oom();
-
-                description = strjoina("Session ", s->id, " of user ", s->user->name);
-
-                r = manager_start_scope(
-                                s->manager,
-                                scope,
-                                s->leader,
-                                s->user->slice,
-                                description,
-                                "systemd-logind.service",
-                                "systemd-user-sessions.service",
-                                (uint64_t) -1, /* disable TasksMax= for the scope, rely on the slice setting for it */
-                                &error,
-                                &job);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to start session scope %s: %s", scope, bus_error_message(&error, r));
-                        free(scope);
-                        return r;
-                } else {
-                        s->scope = scope;
-
-                        free(s->scope_job);
-                        s->scope_job = job;
-                }
-        }
-
-        if (s->scope)
-                (void) hashmap_put(s->manager->session_units, s->scope, s);
-
-        return 0;
-}
-
-int session_start(Session *s) {
-        int r;
-
-        assert(s);
-
-        if (!s->user)
-                return -ESTALE;
-
-        if (s->started)
-                return 0;
-
-        r = user_start(s->user);
-        if (r < 0)
-                return r;
-
-        /* Create cgroup */
-        r = session_start_scope(s);
-        if (r < 0)
-                return r;
-
-        log_struct(s->class == SESSION_BACKGROUND ? LOG_DEBUG : LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_SESSION_START),
-                   "SESSION_ID=%s", s->id,
-                   "USER_ID=%s", s->user->name,
-                   "LEADER="PID_FMT, s->leader,
-                   LOG_MESSAGE("New session %s of user %s.", s->id, s->user->name),
-                   NULL);
-
-        if (!dual_timestamp_is_set(&s->timestamp))
-                dual_timestamp_get(&s->timestamp);
-
-        if (s->seat)
-                seat_read_active_vt(s->seat);
-
-        s->started = true;
-
-        user_elect_display(s->user);
-
-        /* Save data */
-        session_save(s);
-        user_save(s->user);
-        if (s->seat)
-                seat_save(s->seat);
-
-        /* Send signals */
-        session_send_signal(s, true);
-        user_send_changed(s->user, "Sessions", "Display", NULL);
-        if (s->seat) {
-                if (s->seat->active == s)
-                        seat_send_changed(s->seat, "Sessions", "ActiveSession", NULL);
-                else
-                        seat_send_changed(s->seat, "Sessions", NULL);
-        }
-
-        return 0;
-}
-
-static int session_stop_scope(Session *s, bool force) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char *job = NULL;
-        int r;
-
-        assert(s);
-
-        if (!s->scope)
-                return 0;
-
-        if (force || manager_shall_kill(s->manager, s->user->name)) {
-                r = manager_stop_unit(s->manager, s->scope, &error, &job);
-                if (r < 0) {
-                        log_error("Failed to stop session scope: %s", bus_error_message(&error, r));
-                        return r;
-                }
-
-                free(s->scope_job);
-                s->scope_job = job;
-        } else {
-                r = manager_abandon_scope(s->manager, s->scope, &error);
-                if (r < 0) {
-                        log_error("Failed to abandon session scope: %s", bus_error_message(&error, r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-int session_stop(Session *s, bool force) {
-        int r;
-
-        assert(s);
-
-        if (!s->user)
-                return -ESTALE;
-
-        s->timer_event_source = sd_event_source_unref(s->timer_event_source);
-
-        if (s->seat)
-                seat_evict_position(s->seat, s);
-
-        /* We are going down, don't care about FIFOs anymore */
-        session_remove_fifo(s);
-
-        /* Kill cgroup */
-        r = session_stop_scope(s, force);
-
-        s->stopping = true;
-
-        user_elect_display(s->user);
-
-        session_save(s);
-        user_save(s->user);
-
-        return r;
-}
-
-int session_finalize(Session *s) {
-        SessionDevice *sd;
-
-        assert(s);
-
-        if (!s->user)
-                return -ESTALE;
-
-        if (s->started)
-                log_struct(s->class == SESSION_BACKGROUND ? LOG_DEBUG : LOG_INFO,
-                           LOG_MESSAGE_ID(SD_MESSAGE_SESSION_STOP),
-                           "SESSION_ID=%s", s->id,
-                           "USER_ID=%s", s->user->name,
-                           "LEADER="PID_FMT, s->leader,
-                           LOG_MESSAGE("Removed session %s.", s->id),
-                           NULL);
-
-        s->timer_event_source = sd_event_source_unref(s->timer_event_source);
-
-        if (s->seat)
-                seat_evict_position(s->seat, s);
-
-        /* Kill session devices */
-        while ((sd = hashmap_first(s->devices)))
-                session_device_free(sd);
-
-        (void) unlink(s->state_file);
-        session_add_to_gc_queue(s);
-        user_add_to_gc_queue(s->user);
-
-        if (s->started) {
-                session_send_signal(s, false);
-                s->started = false;
-        }
-
-        if (s->seat) {
-                if (s->seat->active == s)
-                        seat_set_active(s->seat, NULL);
-
-                seat_save(s->seat);
-                seat_send_changed(s->seat, "Sessions", NULL);
-        }
-
-        user_save(s->user);
-        user_send_changed(s->user, "Sessions", "Display", NULL);
-
-        return 0;
-}
-
-static int release_timeout_callback(sd_event_source *es, uint64_t usec, void *userdata) {
-        Session *s = userdata;
-
-        assert(es);
-        assert(s);
-
-        session_stop(s, false);
-        return 0;
-}
-
-int session_release(Session *s) {
-        assert(s);
-
-        if (!s->started || s->stopping)
-                return 0;
-
-        if (s->timer_event_source)
-                return 0;
-
-        return sd_event_add_time(s->manager->event,
-                                 &s->timer_event_source,
-                                 CLOCK_MONOTONIC,
-                                 now(CLOCK_MONOTONIC) + RELEASE_USEC, 0,
-                                 release_timeout_callback, s);
-}
-
-bool session_is_active(Session *s) {
-        assert(s);
-
-        if (!s->seat)
-                return true;
-
-        return s->seat->active == s;
-}
-
-static int get_tty_atime(const char *tty, usec_t *atime) {
-        _cleanup_free_ char *p = NULL;
-        struct stat st;
-
-        assert(tty);
-        assert(atime);
-
-        if (!path_is_absolute(tty)) {
-                p = strappend("/dev/", tty);
-                if (!p)
-                        return -ENOMEM;
-
-                tty = p;
-        } else if (!path_startswith(tty, "/dev/"))
-                return -ENOENT;
-
-        if (lstat(tty, &st) < 0)
-                return -errno;
-
-        *atime = timespec_load(&st.st_atim);
-        return 0;
-}
-
-static int get_process_ctty_atime(pid_t pid, usec_t *atime) {
-        _cleanup_free_ char *p = NULL;
-        int r;
-
-        assert(pid > 0);
-        assert(atime);
-
-        r = get_ctty(pid, NULL, &p);
-        if (r < 0)
-                return r;
-
-        return get_tty_atime(p, atime);
-}
-
-int session_get_idle_hint(Session *s, dual_timestamp *t) {
-        usec_t atime = 0, n;
-        int r;
-
-        assert(s);
-
-        /* Explicit idle hint is set */
-        if (s->idle_hint) {
-                if (t)
-                        *t = s->idle_hint_timestamp;
-
-                return s->idle_hint;
-        }
-
-        /* Graphical sessions should really implement a real
-         * idle hint logic */
-        if (SESSION_TYPE_IS_GRAPHICAL(s->type))
-                goto dont_know;
-
-        /* For sessions with an explicitly configured tty, let's check
-         * its atime */
-        if (s->tty) {
-                r = get_tty_atime(s->tty, &atime);
-                if (r >= 0)
-                        goto found_atime;
-        }
-
-        /* For sessions with a leader but no explicitly configured
-         * tty, let's check the controlling tty of the leader */
-        if (s->leader > 0) {
-                r = get_process_ctty_atime(s->leader, &atime);
-                if (r >= 0)
-                        goto found_atime;
-        }
-
-dont_know:
-        if (t)
-                *t = s->idle_hint_timestamp;
-
-        return 0;
-
-found_atime:
-        if (t)
-                dual_timestamp_from_realtime(t, atime);
-
-        n = now(CLOCK_REALTIME);
-
-        if (s->manager->idle_action_usec <= 0)
-                return 0;
-
-        return atime + s->manager->idle_action_usec <= n;
-}
-
-void session_set_idle_hint(Session *s, bool b) {
-        assert(s);
-
-        if (s->idle_hint == b)
-                return;
-
-        s->idle_hint = b;
-        dual_timestamp_get(&s->idle_hint_timestamp);
-
-        session_send_changed(s, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
-
-        if (s->seat)
-                seat_send_changed(s->seat, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
-
-        user_send_changed(s->user, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
-        manager_send_changed(s->manager, "IdleHint", "IdleSinceHint", "IdleSinceHintMonotonic", NULL);
-}
-
-int session_get_locked_hint(Session *s) {
-        assert(s);
-
-        return s->locked_hint;
-}
-
-void session_set_locked_hint(Session *s, bool b) {
-        assert(s);
-
-        if (s->locked_hint == b)
-                return;
-
-        s->locked_hint = b;
-
-        session_send_changed(s, "LockedHint", NULL);
-}
-
-static int session_dispatch_fifo(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
-        Session *s = userdata;
-
-        assert(s);
-        assert(s->fifo_fd == fd);
-
-        /* EOF on the FIFO means the session died abnormally. */
-
-        session_remove_fifo(s);
-        session_stop(s, false);
-
-        return 1;
-}
-
-int session_create_fifo(Session *s) {
-        int r;
-
-        assert(s);
-
-        /* Create FIFO */
-        if (!s->fifo_path) {
-                r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
-                if (r < 0)
-                        return r;
-
-                if (asprintf(&s->fifo_path, "/run/systemd/sessions/%s.ref", s->id) < 0)
-                        return -ENOMEM;
-
-                if (mkfifo(s->fifo_path, 0600) < 0 && errno != EEXIST)
-                        return -errno;
-        }
-
-        /* Open reading side */
-        if (s->fifo_fd < 0) {
-                s->fifo_fd = open(s->fifo_path, O_RDONLY|O_CLOEXEC|O_NDELAY);
-                if (s->fifo_fd < 0)
-                        return -errno;
-
-        }
-
-        if (!s->fifo_event_source) {
-                r = sd_event_add_io(s->manager->event, &s->fifo_event_source, s->fifo_fd, 0, session_dispatch_fifo, s);
-                if (r < 0)
-                        return r;
-
-                /* Let's make sure we noticed dead sessions before we process new bus requests (which might create new
-                 * sessions). */
-                r = sd_event_source_set_priority(s->fifo_event_source, SD_EVENT_PRIORITY_NORMAL-10);
-                if (r < 0)
-                        return r;
-        }
-
-        /* Open writing side */
-        r = open(s->fifo_path, O_WRONLY|O_CLOEXEC|O_NDELAY);
-        if (r < 0)
-                return -errno;
-
-        return r;
-}
-
-static void session_remove_fifo(Session *s) {
-        assert(s);
-
-        s->fifo_event_source = sd_event_source_unref(s->fifo_event_source);
-        s->fifo_fd = safe_close(s->fifo_fd);
-
-        if (s->fifo_path) {
-                unlink(s->fifo_path);
-                s->fifo_path = mfree(s->fifo_path);
-        }
-}
-
-bool session_check_gc(Session *s, bool drop_not_started) {
-        assert(s);
-
-        if (drop_not_started && !s->started)
-                return false;
-
-        if (!s->user)
-                return false;
-
-        if (s->fifo_fd >= 0) {
-                if (pipe_eof(s->fifo_fd) <= 0)
-                        return true;
-        }
-
-        if (s->scope_job && manager_job_is_active(s->manager, s->scope_job))
-                return true;
-
-        if (s->scope && manager_unit_is_active(s->manager, s->scope))
-                return true;
-
-        return false;
-}
-
-void session_add_to_gc_queue(Session *s) {
-        assert(s);
-
-        if (s->in_gc_queue)
-                return;
-
-        LIST_PREPEND(gc_queue, s->manager->session_gc_queue, s);
-        s->in_gc_queue = true;
-}
-
-SessionState session_get_state(Session *s) {
-        assert(s);
-
-        /* always check closing first */
-        if (s->stopping || s->timer_event_source)
-                return SESSION_CLOSING;
-
-        if (s->scope_job || s->fifo_fd < 0)
-                return SESSION_OPENING;
-
-        if (session_is_active(s))
-                return SESSION_ACTIVE;
-
-        return SESSION_ONLINE;
-}
-
-int session_kill(Session *s, KillWho who, int signo) {
-        assert(s);
-
-        if (!s->scope)
-                return -ESRCH;
-
-        return manager_kill_unit(s->manager, s->scope, who, signo, NULL);
-}
-
-static int session_open_vt(Session *s) {
-        char path[sizeof("/dev/tty") + DECIMAL_STR_MAX(s->vtnr)];
-
-        if (s->vtnr < 1)
-                return -ENODEV;
-
-        if (s->vtfd >= 0)
-                return s->vtfd;
-
-        sprintf(path, "/dev/tty%u", s->vtnr);
-        s->vtfd = open_terminal(path, O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY);
-        if (s->vtfd < 0)
-                return log_error_errno(s->vtfd, "cannot open VT %s of session %s: %m", path, s->id);
-
-        return s->vtfd;
-}
-
-int session_prepare_vt(Session *s) {
-        int vt, r;
-        struct vt_mode mode = { 0 };
-
-        if (s->vtnr < 1)
-                return 0;
-
-        vt = session_open_vt(s);
-        if (vt < 0)
-                return vt;
-
-        r = fchown(vt, s->user->uid, -1);
-        if (r < 0) {
-                r = log_error_errno(errno,
-                                    "Cannot change owner of /dev/tty%u: %m",
-                                    s->vtnr);
-                goto error;
-        }
-
-        r = ioctl(vt, KDSKBMODE, K_OFF);
-        if (r < 0) {
-                r = log_error_errno(errno,
-                                    "Cannot set K_OFF on /dev/tty%u: %m",
-                                    s->vtnr);
-                goto error;
-        }
-
-        r = ioctl(vt, KDSETMODE, KD_GRAPHICS);
-        if (r < 0) {
-                r = log_error_errno(errno,
-                                    "Cannot set KD_GRAPHICS on /dev/tty%u: %m",
-                                    s->vtnr);
-                goto error;
-        }
-
-        /* Oh, thanks to the VT layer, VT_AUTO does not work with KD_GRAPHICS.
-         * So we need a dummy handler here which just acknowledges *all* VT
-         * switch requests. */
-        mode.mode = VT_PROCESS;
-        mode.relsig = SIGRTMIN;
-        mode.acqsig = SIGRTMIN + 1;
-        r = ioctl(vt, VT_SETMODE, &mode);
-        if (r < 0) {
-                r = log_error_errno(errno,
-                                    "Cannot set VT_PROCESS on /dev/tty%u: %m",
-                                    s->vtnr);
-                goto error;
-        }
-
-        return 0;
-
-error:
-        session_restore_vt(s);
-        return r;
-}
-
-void session_restore_vt(Session *s) {
-
-        static const struct vt_mode mode = {
-                .mode = VT_AUTO,
-        };
-
-        _cleanup_free_ char *utf8 = NULL;
-        int vt, kb, old_fd;
-
-        /* We need to get a fresh handle to the virtual terminal,
-         * since the old file-descriptor is potentially in a hung-up
-         * state after the controlling process exited; we do a
-         * little dance to avoid having the terminal be available
-         * for reuse before we've cleaned it up.
-         */
-        old_fd = s->vtfd;
-        s->vtfd = -1;
-
-        vt = session_open_vt(s);
-        safe_close(old_fd);
-
-        if (vt < 0)
-                return;
-
-        (void) ioctl(vt, KDSETMODE, KD_TEXT);
-
-        if (read_one_line_file("/sys/module/vt/parameters/default_utf8", &utf8) >= 0 && *utf8 == '1')
-                kb = K_UNICODE;
-        else
-                kb = K_XLATE;
-
-        (void) ioctl(vt, KDSKBMODE, kb);
-
-        (void) ioctl(vt, VT_SETMODE, &mode);
-        (void) fchown(vt, 0, (gid_t) -1);
-
-        s->vtfd = safe_close(s->vtfd);
-}
-
-void session_leave_vt(Session *s) {
-        int r;
-
-        assert(s);
-
-        /* This is called whenever we get a VT-switch signal from the kernel.
-         * We acknowledge all of them unconditionally. Note that session are
-         * free to overwrite those handlers and we only register them for
-         * sessions with controllers. Legacy sessions are not affected.
-         * However, if we switch from a non-legacy to a legacy session, we must
-         * make sure to pause all device before acknowledging the switch. We
-         * process the real switch only after we are notified via sysfs, so the
-         * legacy session might have already started using the devices. If we
-         * don't pause the devices before the switch, we might confuse the
-         * session we switch to. */
-
-        if (s->vtfd < 0)
-                return;
-
-        session_device_pause_all(s);
-        r = ioctl(s->vtfd, VT_RELDISP, 1);
-        if (r < 0)
-                log_debug_errno(errno, "Cannot release VT of session %s: %m", s->id);
-}
-
-bool session_is_controller(Session *s, const char *sender) {
-        assert(s);
-
-        return streq_ptr(s->controller, sender);
-}
-
-static void session_release_controller(Session *s, bool notify) {
-        _cleanup_free_ char *name = NULL;
-        SessionDevice *sd;
-
-        if (!s->controller)
-                return;
-
-        name = s->controller;
-
-        /* By resetting the controller before releasing the devices, we won't
-         * send notification signals. This avoids sending useless notifications
-         * if the controller is released on disconnects. */
-        if (!notify)
-                s->controller = NULL;
-
-        while ((sd = hashmap_first(s->devices)))
-                session_device_free(sd);
-
-        s->controller = NULL;
-        s->track = sd_bus_track_unref(s->track);
-}
-
-static int on_bus_track(sd_bus_track *track, void *userdata) {
-        Session *s = userdata;
-
-        assert(track);
-        assert(s);
-
-        session_drop_controller(s);
-
-        return 0;
-}
-
-int session_set_controller(Session *s, const char *sender, bool force) {
-        _cleanup_free_ char *name = NULL;
-        int r;
-
-        assert(s);
-        assert(sender);
-
-        if (session_is_controller(s, sender))
-                return 0;
-        if (s->controller && !force)
-                return -EBUSY;
-
-        name = strdup(sender);
-        if (!name)
-                return -ENOMEM;
-
-        s->track = sd_bus_track_unref(s->track);
-        r = sd_bus_track_new(s->manager->bus, &s->track, on_bus_track, s);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_track_add_name(s->track, name);
-        if (r < 0)
-                return r;
-
-        /* When setting a session controller, we forcibly mute the VT and set
-         * it into graphics-mode. Applications can override that by changing
-         * VT state after calling TakeControl(). However, this serves as a good
-         * default and well-behaving controllers can now ignore VTs entirely.
-         * Note that we reset the VT on ReleaseControl() and if the controller
-         * exits.
-         * If logind crashes/restarts, we restore the controller during restart
-         * or reset the VT in case it crashed/exited, too. */
-        r = session_prepare_vt(s);
-        if (r < 0) {
-                s->track = sd_bus_track_unref(s->track);
-                return r;
-        }
-
-        session_release_controller(s, true);
-        s->controller = name;
-        name = NULL;
-        session_save(s);
-
-        return 0;
-}
-
-void session_drop_controller(Session *s) {
-        assert(s);
-
-        if (!s->controller)
-                return;
-
-        s->track = sd_bus_track_unref(s->track);
-        session_release_controller(s, false);
-        session_save(s);
-        session_restore_vt(s);
-}
-
-static const char* const session_state_table[_SESSION_STATE_MAX] = {
-        [SESSION_OPENING] = "opening",
-        [SESSION_ONLINE] = "online",
-        [SESSION_ACTIVE] = "active",
-        [SESSION_CLOSING] = "closing"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(session_state, SessionState);
-
-static const char* const session_type_table[_SESSION_TYPE_MAX] = {
-        [SESSION_UNSPECIFIED] = "unspecified",
-        [SESSION_TTY] = "tty",
-        [SESSION_X11] = "x11",
-        [SESSION_WAYLAND] = "wayland",
-        [SESSION_MIR] = "mir",
-        [SESSION_WEB] = "web",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
-
-static const char* const session_class_table[_SESSION_CLASS_MAX] = {
-        [SESSION_USER] = "user",
-        [SESSION_GREETER] = "greeter",
-        [SESSION_LOCK_SCREEN] = "lock-screen",
-        [SESSION_BACKGROUND] = "background"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
-
-static const char* const kill_who_table[_KILL_WHO_MAX] = {
-        [KILL_LEADER] = "leader",
-        [KILL_ALL] = "all"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);
diff --git a/src/login/logind-utmp.c b/src/login/logind-utmp.c
deleted file mode 100644
index 29ab00eb1f..0000000000
--- a/src/login/logind-utmp.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Daniel Mack
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <pwd.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "audit-util.h"
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "formats-util.h"
-#include "logind.h"
-#include "special.h"
-#include "strv.h"
-#include "unit-name.h"
-#include "user-util.h"
-#include "utmp-wtmp.h"
-
-_const_ static usec_t when_wall(usec_t n, usec_t elapse) {
-
-        usec_t left;
-        unsigned int i;
-        static const int wall_timers[] = {
-                0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
-                25, 40, 55, 70, 100, 130, 150, 180,
-        };
-
-        /* If the time is already passed, then don't announce */
-        if (n >= elapse)
-                return 0;
-
-        left = elapse - n;
-
-        for (i = 1; i < ELEMENTSOF(wall_timers); i++)
-                if (wall_timers[i] * USEC_PER_MINUTE >= left)
-                        return left - wall_timers[i-1] * USEC_PER_MINUTE;
-
-        return left % USEC_PER_HOUR;
-}
-
-bool logind_wall_tty_filter(const char *tty, void *userdata) {
-
-        Manager *m = userdata;
-
-        assert(m);
-
-        if (!startswith(tty, "/dev/") || !m->scheduled_shutdown_tty)
-                return true;
-
-        return !streq(tty + 5, m->scheduled_shutdown_tty);
-}
-
-static int warn_wall(Manager *m, usec_t n) {
-        char date[FORMAT_TIMESTAMP_MAX] = {};
-        _cleanup_free_ char *l = NULL;
-        usec_t left;
-        int r;
-
-        assert(m);
-
-        if (!m->enable_wall_messages)
-                return 0;
-
-        left = m->scheduled_shutdown_timeout > n;
-
-        r = asprintf(&l, "%s%sThe system is going down for %s %s%s!",
-                     strempty(m->wall_message),
-                     isempty(m->wall_message) ? "" : "\n",
-                     m->scheduled_shutdown_type,
-                     left ? "at " : "NOW",
-                     left ? format_timestamp(date, sizeof(date), m->scheduled_shutdown_timeout) : "");
-        if (r < 0) {
-                log_oom();
-                return 0;
-        }
-
-        utmp_wall(l, uid_to_name(m->scheduled_shutdown_uid),
-                  m->scheduled_shutdown_tty, logind_wall_tty_filter, m);
-
-        return 1;
-}
-
-static int wall_message_timeout_handler(
-                        sd_event_source *s,
-                        uint64_t usec,
-                        void *userdata) {
-
-        Manager *m = userdata;
-        usec_t n, next;
-        int r;
-
-        assert(m);
-        assert(s == m->wall_message_timeout_source);
-
-        n = now(CLOCK_REALTIME);
-
-        r = warn_wall(m, n);
-        if (r == 0)
-                return 0;
-
-        next = when_wall(n, m->scheduled_shutdown_timeout);
-        if (next > 0) {
-                r = sd_event_source_set_time(s, n + next);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_time() failed. %m");
-
-                r = sd_event_source_set_enabled(s, SD_EVENT_ONESHOT);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_enabled() failed. %m");
-        }
-
-        return 0;
-}
-
-int manager_setup_wall_message_timer(Manager *m) {
-
-        usec_t n, elapse;
-        int r;
-
-        assert(m);
-
-        n = now(CLOCK_REALTIME);
-        elapse = m->scheduled_shutdown_timeout;
-
-        /* wall message handling */
-
-        if (isempty(m->scheduled_shutdown_type)) {
-                warn_wall(m, n);
-                return 0;
-        }
-
-        if (elapse < n)
-                return 0;
-
-        /* Warn immediately if less than 15 minutes are left */
-        if (elapse - n < 15 * USEC_PER_MINUTE) {
-                r = warn_wall(m, n);
-                if (r == 0)
-                        return 0;
-        }
-
-        elapse = when_wall(n, elapse);
-        if (elapse == 0)
-                return 0;
-
-        if (m->wall_message_timeout_source) {
-                r = sd_event_source_set_time(m->wall_message_timeout_source, n + elapse);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_time() failed. %m");
-
-                r = sd_event_source_set_enabled(m->wall_message_timeout_source, SD_EVENT_ONESHOT);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_source_set_enabled() failed. %m");
-        } else {
-                r = sd_event_add_time(m->event, &m->wall_message_timeout_source,
-                                      CLOCK_REALTIME, n + elapse, 0, wall_message_timeout_handler, m);
-                if (r < 0)
-                        return log_error_errno(r, "sd_event_add_time() failed. %m");
-        }
-
-        return 0;
-}
diff --git a/src/login/logind.c b/src/login/logind.c
deleted file mode 100644
index caf149cfb7..0000000000
--- a/src/login/logind.c
+++ /dev/null
@@ -1,1208 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "libudev.h"
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "conf-parser.h"
-#include "def.h"
-#include "dirent-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "logind.h"
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "strv.h"
-#include "udev-util.h"
-
-static void manager_free(Manager *m);
-
-static void manager_reset_config(Manager *m) {
-        m->n_autovts = 6;
-        m->reserve_vt = 6;
-        m->remove_ipc = true;
-        m->inhibit_delay_max = 5 * USEC_PER_SEC;
-        m->handle_power_key = HANDLE_POWEROFF;
-        m->handle_suspend_key = HANDLE_SUSPEND;
-        m->handle_hibernate_key = HANDLE_HIBERNATE;
-        m->handle_lid_switch = HANDLE_SUSPEND;
-        m->handle_lid_switch_docked = HANDLE_IGNORE;
-        m->power_key_ignore_inhibited = false;
-        m->suspend_key_ignore_inhibited = false;
-        m->hibernate_key_ignore_inhibited = false;
-        m->lid_switch_ignore_inhibited = true;
-
-        m->holdoff_timeout_usec = 30 * USEC_PER_SEC;
-
-        m->idle_action_usec = 30 * USEC_PER_MINUTE;
-        m->idle_action = HANDLE_IGNORE;
-
-        m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */
-        m->user_tasks_max = 12288;
-        m->sessions_max = 8192;
-        m->inhibitors_max = 8192;
-
-        m->kill_user_processes = KILL_USER_PROCESSES;
-
-        m->kill_only_users = strv_free(m->kill_only_users);
-        m->kill_exclude_users = strv_free(m->kill_exclude_users);
-}
-
-static Manager *manager_new(void) {
-        Manager *m;
-        int r;
-
-        m = new0(Manager, 1);
-        if (!m)
-                return NULL;
-
-        m->console_active_fd = -1;
-        m->reserve_vt_fd = -1;
-
-        m->idle_action_not_before_usec = now(CLOCK_MONOTONIC);
-
-        m->devices = hashmap_new(&string_hash_ops);
-        m->seats = hashmap_new(&string_hash_ops);
-        m->sessions = hashmap_new(&string_hash_ops);
-        m->users = hashmap_new(NULL);
-        m->inhibitors = hashmap_new(&string_hash_ops);
-        m->buttons = hashmap_new(&string_hash_ops);
-
-        m->user_units = hashmap_new(&string_hash_ops);
-        m->session_units = hashmap_new(&string_hash_ops);
-
-        if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units)
-                goto fail;
-
-        m->udev = udev_new();
-        if (!m->udev)
-                goto fail;
-
-        r = sd_event_default(&m->event);
-        if (r < 0)
-                goto fail;
-
-        sd_event_set_watchdog(m->event, true);
-
-        manager_reset_config(m);
-
-        return m;
-
-fail:
-        manager_free(m);
-        return NULL;
-}
-
-static void manager_free(Manager *m) {
-        Session *session;
-        User *u;
-        Device *d;
-        Seat *s;
-        Inhibitor *i;
-        Button *b;
-
-        assert(m);
-
-        while ((session = hashmap_first(m->sessions)))
-                session_free(session);
-
-        while ((u = hashmap_first(m->users)))
-                user_free(u);
-
-        while ((d = hashmap_first(m->devices)))
-                device_free(d);
-
-        while ((s = hashmap_first(m->seats)))
-                seat_free(s);
-
-        while ((i = hashmap_first(m->inhibitors)))
-                inhibitor_free(i);
-
-        while ((b = hashmap_first(m->buttons)))
-                button_free(b);
-
-        hashmap_free(m->devices);
-        hashmap_free(m->seats);
-        hashmap_free(m->sessions);
-        hashmap_free(m->users);
-        hashmap_free(m->inhibitors);
-        hashmap_free(m->buttons);
-
-        hashmap_free(m->user_units);
-        hashmap_free(m->session_units);
-
-        sd_event_source_unref(m->idle_action_event_source);
-        sd_event_source_unref(m->inhibit_timeout_source);
-        sd_event_source_unref(m->scheduled_shutdown_timeout_source);
-        sd_event_source_unref(m->nologin_timeout_source);
-        sd_event_source_unref(m->wall_message_timeout_source);
-
-        sd_event_source_unref(m->console_active_event_source);
-        sd_event_source_unref(m->udev_seat_event_source);
-        sd_event_source_unref(m->udev_device_event_source);
-        sd_event_source_unref(m->udev_vcsa_event_source);
-        sd_event_source_unref(m->udev_button_event_source);
-        sd_event_source_unref(m->lid_switch_ignore_event_source);
-
-        safe_close(m->console_active_fd);
-
-        udev_monitor_unref(m->udev_seat_monitor);
-        udev_monitor_unref(m->udev_device_monitor);
-        udev_monitor_unref(m->udev_vcsa_monitor);
-        udev_monitor_unref(m->udev_button_monitor);
-
-        udev_unref(m->udev);
-
-        if (m->unlink_nologin)
-                (void) unlink("/run/nologin");
-
-        bus_verify_polkit_async_registry_free(m->polkit_registry);
-
-        sd_bus_unref(m->bus);
-        sd_event_unref(m->event);
-
-        safe_close(m->reserve_vt_fd);
-
-        strv_free(m->kill_only_users);
-        strv_free(m->kill_exclude_users);
-
-        free(m->scheduled_shutdown_type);
-        free(m->scheduled_shutdown_tty);
-        free(m->wall_message);
-        free(m->action_job);
-        free(m);
-}
-
-static int manager_enumerate_devices(Manager *m) {
-        struct udev_list_entry *item = NULL, *first = NULL;
-        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
-        int r;
-
-        assert(m);
-
-        /* Loads devices from udev and creates seats for them as
-         * necessary */
-
-        e = udev_enumerate_new(m->udev);
-        if (!e)
-                return -ENOMEM;
-
-        r = udev_enumerate_add_match_tag(e, "master-of-seat");
-        if (r < 0)
-                return r;
-
-        r = udev_enumerate_add_match_is_initialized(e);
-        if (r < 0)
-                return r;
-
-        r = udev_enumerate_scan_devices(e);
-        if (r < 0)
-                return r;
-
-        first = udev_enumerate_get_list_entry(e);
-        udev_list_entry_foreach(item, first) {
-                _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-                int k;
-
-                d = udev_device_new_from_syspath(m->udev, udev_list_entry_get_name(item));
-                if (!d)
-                        return -ENOMEM;
-
-                k = manager_process_seat_device(m, d);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int manager_enumerate_buttons(Manager *m) {
-        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
-        struct udev_list_entry *item = NULL, *first = NULL;
-        int r;
-
-        assert(m);
-
-        /* Loads buttons from udev */
-
-        if (m->handle_power_key == HANDLE_IGNORE &&
-            m->handle_suspend_key == HANDLE_IGNORE &&
-            m->handle_hibernate_key == HANDLE_IGNORE &&
-            m->handle_lid_switch == HANDLE_IGNORE &&
-            m->handle_lid_switch_docked == HANDLE_IGNORE)
-                return 0;
-
-        e = udev_enumerate_new(m->udev);
-        if (!e)
-                return -ENOMEM;
-
-        r = udev_enumerate_add_match_subsystem(e, "input");
-        if (r < 0)
-                return r;
-
-        r = udev_enumerate_add_match_tag(e, "power-switch");
-        if (r < 0)
-                return r;
-
-        r = udev_enumerate_add_match_is_initialized(e);
-        if (r < 0)
-                return r;
-
-        r = udev_enumerate_scan_devices(e);
-        if (r < 0)
-                return r;
-
-        first = udev_enumerate_get_list_entry(e);
-        udev_list_entry_foreach(item, first) {
-                _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-                int k;
-
-                d = udev_device_new_from_syspath(m->udev, udev_list_entry_get_name(item));
-                if (!d)
-                        return -ENOMEM;
-
-                k = manager_process_button_device(m, d);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int manager_enumerate_seats(Manager *m) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r = 0;
-
-        assert(m);
-
-        /* This loads data about seats stored on disk, but does not
-         * actually create any seats. Removes data of seats that no
-         * longer exist. */
-
-        d = opendir("/run/systemd/seats");
-        if (!d) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open /run/systemd/seats: %m");
-        }
-
-        FOREACH_DIRENT(de, d, return -errno) {
-                Seat *s;
-                int k;
-
-                if (!dirent_is_file(de))
-                        continue;
-
-                s = hashmap_get(m->seats, de->d_name);
-                if (!s) {
-                        unlinkat(dirfd(d), de->d_name, 0);
-                        continue;
-                }
-
-                k = seat_load(s);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int manager_enumerate_linger_users(Manager *m) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r = 0;
-
-        assert(m);
-
-        d = opendir("/var/lib/systemd/linger");
-        if (!d) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open /var/lib/systemd/linger/: %m");
-        }
-
-        FOREACH_DIRENT(de, d, return -errno) {
-                int k;
-
-                if (!dirent_is_file(de))
-                        continue;
-
-                k = manager_add_user_by_name(m, de->d_name, NULL);
-                if (k < 0) {
-                        log_notice_errno(k, "Couldn't add lingering user %s: %m", de->d_name);
-                        r = k;
-                }
-        }
-
-        return r;
-}
-
-static int manager_enumerate_users(Manager *m) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r, k;
-
-        assert(m);
-
-        /* Add lingering users */
-        r = manager_enumerate_linger_users(m);
-
-        /* Read in user data stored on disk */
-        d = opendir("/run/systemd/users");
-        if (!d) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open /run/systemd/users: %m");
-        }
-
-        FOREACH_DIRENT(de, d, return -errno) {
-                User *u;
-
-                if (!dirent_is_file(de))
-                        continue;
-
-                k = manager_add_user_by_name(m, de->d_name, &u);
-                if (k < 0) {
-                        log_error_errno(k, "Failed to add user by file name %s: %m", de->d_name);
-
-                        r = k;
-                        continue;
-                }
-
-                user_add_to_gc_queue(u);
-
-                k = user_load(u);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int manager_enumerate_sessions(Manager *m) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r = 0;
-
-        assert(m);
-
-        /* Read in session data stored on disk */
-        d = opendir("/run/systemd/sessions");
-        if (!d) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open /run/systemd/sessions: %m");
-        }
-
-        FOREACH_DIRENT(de, d, return -errno) {
-                struct Session *s;
-                int k;
-
-                if (!dirent_is_file(de))
-                        continue;
-
-                if (!session_id_valid(de->d_name)) {
-                        log_warning("Invalid session file name '%s', ignoring.", de->d_name);
-                        r = -EINVAL;
-                        continue;
-                }
-
-                k = manager_add_session(m, de->d_name, &s);
-                if (k < 0) {
-                        log_error_errno(k, "Failed to add session by file name %s: %m", de->d_name);
-
-                        r = k;
-                        continue;
-                }
-
-                session_add_to_gc_queue(s);
-
-                k = session_load(s);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int manager_enumerate_inhibitors(Manager *m) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r = 0;
-
-        assert(m);
-
-        d = opendir("/run/systemd/inhibit");
-        if (!d) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open /run/systemd/inhibit: %m");
-        }
-
-        FOREACH_DIRENT(de, d, return -errno) {
-                int k;
-                Inhibitor *i;
-
-                if (!dirent_is_file(de))
-                        continue;
-
-                k = manager_add_inhibitor(m, de->d_name, &i);
-                if (k < 0) {
-                        log_notice_errno(k, "Couldn't add inhibitor %s: %m", de->d_name);
-                        r = k;
-                        continue;
-                }
-
-                k = inhibitor_load(i);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int manager_dispatch_seat_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        Manager *m = userdata;
-
-        assert(m);
-
-        d = udev_monitor_receive_device(m->udev_seat_monitor);
-        if (!d)
-                return -ENOMEM;
-
-        manager_process_seat_device(m, d);
-        return 0;
-}
-
-static int manager_dispatch_device_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        Manager *m = userdata;
-
-        assert(m);
-
-        d = udev_monitor_receive_device(m->udev_device_monitor);
-        if (!d)
-                return -ENOMEM;
-
-        manager_process_seat_device(m, d);
-        return 0;
-}
-
-static int manager_dispatch_vcsa_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        Manager *m = userdata;
-        const char *name;
-
-        assert(m);
-
-        d = udev_monitor_receive_device(m->udev_vcsa_monitor);
-        if (!d)
-                return -ENOMEM;
-
-        name = udev_device_get_sysname(d);
-
-        /* Whenever a VCSA device is removed try to reallocate our
-         * VTs, to make sure our auto VTs never go away. */
-
-        if (name && startswith(name, "vcsa") && streq_ptr(udev_device_get_action(d), "remove"))
-                seat_preallocate_vts(m->seat0);
-
-        return 0;
-}
-
-static int manager_dispatch_button_udev(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        Manager *m = userdata;
-
-        assert(m);
-
-        d = udev_monitor_receive_device(m->udev_button_monitor);
-        if (!d)
-                return -ENOMEM;
-
-        manager_process_button_device(m, d);
-        return 0;
-}
-
-static int manager_dispatch_console(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-
-        assert(m);
-        assert(m->seat0);
-        assert(m->console_active_fd == fd);
-
-        seat_read_active_vt(m->seat0);
-        return 0;
-}
-
-static int manager_reserve_vt(Manager *m) {
-        _cleanup_free_ char *p = NULL;
-
-        assert(m);
-
-        if (m->reserve_vt <= 0)
-                return 0;
-
-        if (asprintf(&p, "/dev/tty%u", m->reserve_vt) < 0)
-                return log_oom();
-
-        m->reserve_vt_fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC|O_NONBLOCK);
-        if (m->reserve_vt_fd < 0) {
-
-                /* Don't complain on VT-less systems */
-                if (errno != ENOENT)
-                        log_warning_errno(errno, "Failed to pin reserved VT: %m");
-                return -errno;
-        }
-
-        return 0;
-}
-
-static int manager_connect_bus(Manager *m) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(m);
-        assert(!m->bus);
-
-        r = sd_bus_default_system(&m->bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to system bus: %m");
-
-        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/login1", "org.freedesktop.login1.Manager", manager_vtable, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add manager object vtable: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/login1/seat", "org.freedesktop.login1.Seat", seat_vtable, seat_object_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add seat object vtable: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/login1/seat", seat_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add seat enumerator: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/login1/session", "org.freedesktop.login1.Session", session_vtable, session_object_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add session object vtable: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/login1/session", session_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add session enumerator: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/login1/user", "org.freedesktop.login1.User", user_vtable, user_object_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add user object vtable: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/login1/user", user_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add user enumerator: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.systemd1.Manager',"
-                             "member='JobRemoved',"
-                             "path='/org/freedesktop/systemd1'",
-                             match_job_removed, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for JobRemoved: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.systemd1.Manager',"
-                             "member='UnitRemoved',"
-                             "path='/org/freedesktop/systemd1'",
-                             match_unit_removed, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for UnitRemoved: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.DBus.Properties',"
-                             "member='PropertiesChanged'",
-                             match_properties_changed, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for PropertiesChanged: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.systemd1.Manager',"
-                             "member='Reloading',"
-                             "path='/org/freedesktop/systemd1'",
-                             match_reloading, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for Reloading: %m");
-
-        r = sd_bus_call_method(
-                        m->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "Subscribe",
-                        &error,
-                        NULL, NULL);
-        if (r < 0) {
-                log_error("Failed to enable subscription: %s", bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_request_name(m->bus, "org.freedesktop.login1", 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register name: %m");
-
-        r = sd_bus_attach_event(m->bus, m->event, SD_EVENT_PRIORITY_NORMAL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        return 0;
-}
-
-static int manager_vt_switch(sd_event_source *src, const struct signalfd_siginfo *si, void *data) {
-        Manager *m = data;
-        Session *active, *iter;
-
-        /*
-         * We got a VT-switch signal and we have to acknowledge it immediately.
-         * Preferably, we'd just use m->seat0->active->vtfd, but unfortunately,
-         * old user-space might run multiple sessions on a single VT, *sigh*.
-         * Therefore, we have to iterate all sessions and find one with a vtfd
-         * on the requested VT.
-         * As only VTs with active controllers have VT_PROCESS set, our current
-         * notion of the active VT might be wrong (for instance if the switch
-         * happens while we setup VT_PROCESS). Therefore, read the current VT
-         * first and then use s->active->vtnr as reference. Note that this is
-         * not racy, as no further VT-switch can happen as long as we're in
-         * synchronous VT_PROCESS mode.
-         */
-
-        assert(m->seat0);
-        seat_read_active_vt(m->seat0);
-
-        active = m->seat0->active;
-        if (!active || active->vtnr < 1) {
-                log_warning("Received VT_PROCESS signal without a registered session on that VT.");
-                return 0;
-        }
-
-        if (active->vtfd >= 0) {
-                session_leave_vt(active);
-        } else {
-                LIST_FOREACH(sessions_by_seat, iter, m->seat0->sessions) {
-                        if (iter->vtnr == active->vtnr && iter->vtfd >= 0) {
-                                session_leave_vt(iter);
-                                break;
-                        }
-                }
-        }
-
-        return 0;
-}
-
-static int manager_connect_console(Manager *m) {
-        int r;
-
-        assert(m);
-        assert(m->console_active_fd < 0);
-
-        /* On certain architectures (S390 and Xen, and containers),
-           /dev/tty0 does not exist, so don't fail if we can't open
-           it. */
-        if (access("/dev/tty0", F_OK) < 0)
-                return 0;
-
-        m->console_active_fd = open("/sys/class/tty/tty0/active", O_RDONLY|O_NOCTTY|O_CLOEXEC);
-        if (m->console_active_fd < 0) {
-
-                /* On some systems the device node /dev/tty0 may exist
-                 * even though /sys/class/tty/tty0 does not. */
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open /sys/class/tty/tty0/active: %m");
-        }
-
-        r = sd_event_add_io(m->event, &m->console_active_event_source, m->console_active_fd, 0, manager_dispatch_console, m);
-        if (r < 0) {
-                log_error("Failed to watch foreground console");
-                return r;
-        }
-
-        /*
-         * SIGRTMIN is used as global VT-release signal, SIGRTMIN + 1 is used
-         * as VT-acquire signal. We ignore any acquire-events (yes, we still
-         * have to provide a valid signal-number for it!) and acknowledge all
-         * release events immediately.
-         */
-
-        if (SIGRTMIN + 1 > SIGRTMAX) {
-                log_error("Not enough real-time signals available: %u-%u", SIGRTMIN, SIGRTMAX);
-                return -EINVAL;
-        }
-
-        assert_se(ignore_signals(SIGRTMIN + 1, -1) >= 0);
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGRTMIN, -1) >= 0);
-
-        r = sd_event_add_signal(m->event, NULL, SIGRTMIN, manager_vt_switch, m);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int manager_connect_udev(Manager *m) {
-        int r;
-
-        assert(m);
-        assert(!m->udev_seat_monitor);
-        assert(!m->udev_device_monitor);
-        assert(!m->udev_vcsa_monitor);
-        assert(!m->udev_button_monitor);
-
-        m->udev_seat_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
-        if (!m->udev_seat_monitor)
-                return -ENOMEM;
-
-        r = udev_monitor_filter_add_match_tag(m->udev_seat_monitor, "master-of-seat");
-        if (r < 0)
-                return r;
-
-        r = udev_monitor_enable_receiving(m->udev_seat_monitor);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_io(m->event, &m->udev_seat_event_source, udev_monitor_get_fd(m->udev_seat_monitor), EPOLLIN, manager_dispatch_seat_udev, m);
-        if (r < 0)
-                return r;
-
-        m->udev_device_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
-        if (!m->udev_device_monitor)
-                return -ENOMEM;
-
-        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_device_monitor, "input", NULL);
-        if (r < 0)
-                return r;
-
-        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_device_monitor, "graphics", NULL);
-        if (r < 0)
-                return r;
-
-        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_device_monitor, "drm", NULL);
-        if (r < 0)
-                return r;
-
-        r = udev_monitor_enable_receiving(m->udev_device_monitor);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_io(m->event, &m->udev_device_event_source, udev_monitor_get_fd(m->udev_device_monitor), EPOLLIN, manager_dispatch_device_udev, m);
-        if (r < 0)
-                return r;
-
-        /* Don't watch keys if nobody cares */
-        if (m->handle_power_key != HANDLE_IGNORE ||
-            m->handle_suspend_key != HANDLE_IGNORE ||
-            m->handle_hibernate_key != HANDLE_IGNORE ||
-            m->handle_lid_switch != HANDLE_IGNORE ||
-            m->handle_lid_switch_docked != HANDLE_IGNORE) {
-
-                m->udev_button_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
-                if (!m->udev_button_monitor)
-                        return -ENOMEM;
-
-                r = udev_monitor_filter_add_match_tag(m->udev_button_monitor, "power-switch");
-                if (r < 0)
-                        return r;
-
-                r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_button_monitor, "input", NULL);
-                if (r < 0)
-                        return r;
-
-                r = udev_monitor_enable_receiving(m->udev_button_monitor);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_add_io(m->event, &m->udev_button_event_source, udev_monitor_get_fd(m->udev_button_monitor), EPOLLIN, manager_dispatch_button_udev, m);
-                if (r < 0)
-                        return r;
-        }
-
-        /* Don't bother watching VCSA devices, if nobody cares */
-        if (m->n_autovts > 0 && m->console_active_fd >= 0) {
-
-                m->udev_vcsa_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
-                if (!m->udev_vcsa_monitor)
-                        return -ENOMEM;
-
-                r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_vcsa_monitor, "vc", NULL);
-                if (r < 0)
-                        return r;
-
-                r = udev_monitor_enable_receiving(m->udev_vcsa_monitor);
-                if (r < 0)
-                        return r;
-
-                r = sd_event_add_io(m->event, &m->udev_vcsa_event_source, udev_monitor_get_fd(m->udev_vcsa_monitor), EPOLLIN, manager_dispatch_vcsa_udev, m);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static void manager_gc(Manager *m, bool drop_not_started) {
-        Seat *seat;
-        Session *session;
-        User *user;
-
-        assert(m);
-
-        while ((seat = m->seat_gc_queue)) {
-                LIST_REMOVE(gc_queue, m->seat_gc_queue, seat);
-                seat->in_gc_queue = false;
-
-                if (!seat_check_gc(seat, drop_not_started)) {
-                        seat_stop(seat, false);
-                        seat_free(seat);
-                }
-        }
-
-        while ((session = m->session_gc_queue)) {
-                LIST_REMOVE(gc_queue, m->session_gc_queue, session);
-                session->in_gc_queue = false;
-
-                /* First, if we are not closing yet, initiate stopping */
-                if (!session_check_gc(session, drop_not_started) &&
-                    session_get_state(session) != SESSION_CLOSING)
-                        session_stop(session, false);
-
-                /* Normally, this should make the session referenced
-                 * again, if it doesn't then let's get rid of it
-                 * immediately */
-                if (!session_check_gc(session, drop_not_started)) {
-                        session_finalize(session);
-                        session_free(session);
-                }
-        }
-
-        while ((user = m->user_gc_queue)) {
-                LIST_REMOVE(gc_queue, m->user_gc_queue, user);
-                user->in_gc_queue = false;
-
-                /* First step: queue stop jobs */
-                if (!user_check_gc(user, drop_not_started))
-                        user_stop(user, false);
-
-                /* Second step: finalize user */
-                if (!user_check_gc(user, drop_not_started)) {
-                        user_finalize(user);
-                        user_free(user);
-                }
-        }
-}
-
-static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *userdata) {
-        Manager *m = userdata;
-        struct dual_timestamp since;
-        usec_t n, elapse;
-        int r;
-
-        assert(m);
-
-        if (m->idle_action == HANDLE_IGNORE ||
-            m->idle_action_usec <= 0)
-                return 0;
-
-        n = now(CLOCK_MONOTONIC);
-
-        r = manager_get_idle_hint(m, &since);
-        if (r <= 0)
-                /* Not idle. Let's check if after a timeout it might be idle then. */
-                elapse = n + m->idle_action_usec;
-        else {
-                /* Idle! Let's see if it's time to do something, or if
-                 * we shall sleep for longer. */
-
-                if (n >= since.monotonic + m->idle_action_usec &&
-                    (m->idle_action_not_before_usec <= 0 || n >= m->idle_action_not_before_usec + m->idle_action_usec)) {
-                        log_info("System idle. Taking action.");
-
-                        manager_handle_action(m, 0, m->idle_action, false, false);
-                        m->idle_action_not_before_usec = n;
-                }
-
-                elapse = MAX(since.monotonic, m->idle_action_not_before_usec) + m->idle_action_usec;
-        }
-
-        if (!m->idle_action_event_source) {
-
-                r = sd_event_add_time(
-                                m->event,
-                                &m->idle_action_event_source,
-                                CLOCK_MONOTONIC,
-                                elapse, USEC_PER_SEC*30,
-                                manager_dispatch_idle_action, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add idle event source: %m");
-
-                r = sd_event_source_set_priority(m->idle_action_event_source, SD_EVENT_PRIORITY_IDLE+10);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to set idle event source priority: %m");
-        } else {
-                r = sd_event_source_set_time(m->idle_action_event_source, elapse);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to set idle event timer: %m");
-
-                r = sd_event_source_set_enabled(m->idle_action_event_source, SD_EVENT_ONESHOT);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to enable idle event timer: %m");
-        }
-
-        return 0;
-}
-
-static int manager_parse_config_file(Manager *m) {
-        assert(m);
-
-        return config_parse_many(PKGSYSCONFDIR "/logind.conf",
-                                 CONF_PATHS_NULSTR("systemd/logind.conf.d"),
-                                 "Login\0",
-                                 config_item_perf_lookup, logind_gperf_lookup,
-                                 false, m);
-}
-
-static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        Manager *m = userdata;
-        int r;
-
-        manager_reset_config(m);
-        r = manager_parse_config_file(m);
-        if (r < 0)
-                log_warning_errno(r, "Failed to parse config file, using defaults: %m");
-        else
-                log_info("Config file reloaded.");
-
-        return 0;
-}
-
-static int manager_startup(Manager *m) {
-        int r;
-        Seat *seat;
-        Session *session;
-        User *user;
-        Button *button;
-        Inhibitor *inhibitor;
-        Iterator i;
-
-        assert(m);
-
-        assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGHUP, -1) >= 0);
-
-        r = sd_event_add_signal(m->event, NULL, SIGHUP, manager_dispatch_reload_signal, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register SIGHUP handler: %m");
-
-        /* Connect to console */
-        r = manager_connect_console(m);
-        if (r < 0)
-                return r;
-
-        /* Connect to udev */
-        r = manager_connect_udev(m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create udev watchers: %m");
-
-        /* Connect to the bus */
-        r = manager_connect_bus(m);
-        if (r < 0)
-                return r;
-
-        /* Instantiate magic seat 0 */
-        r = manager_add_seat(m, "seat0", &m->seat0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add seat0: %m");
-
-        r = manager_set_lid_switch_ignore(m, 0 + m->holdoff_timeout_usec);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set up lid switch ignore event source: %m");
-
-        /* Deserialize state */
-        r = manager_enumerate_devices(m);
-        if (r < 0)
-                log_warning_errno(r, "Device enumeration failed: %m");
-
-        r = manager_enumerate_seats(m);
-        if (r < 0)
-                log_warning_errno(r, "Seat enumeration failed: %m");
-
-        r = manager_enumerate_users(m);
-        if (r < 0)
-                log_warning_errno(r, "User enumeration failed: %m");
-
-        r = manager_enumerate_sessions(m);
-        if (r < 0)
-                log_warning_errno(r, "Session enumeration failed: %m");
-
-        r = manager_enumerate_inhibitors(m);
-        if (r < 0)
-                log_warning_errno(r, "Inhibitor enumeration failed: %m");
-
-        r = manager_enumerate_buttons(m);
-        if (r < 0)
-                log_warning_errno(r, "Button enumeration failed: %m");
-
-        /* Remove stale objects before we start them */
-        manager_gc(m, false);
-
-        /* Reserve the special reserved VT */
-        manager_reserve_vt(m);
-
-        /* And start everything */
-        HASHMAP_FOREACH(seat, m->seats, i)
-                seat_start(seat);
-
-        HASHMAP_FOREACH(user, m->users, i)
-                user_start(user);
-
-        HASHMAP_FOREACH(session, m->sessions, i)
-                session_start(session);
-
-        HASHMAP_FOREACH(inhibitor, m->inhibitors, i)
-                inhibitor_start(inhibitor);
-
-        HASHMAP_FOREACH(button, m->buttons, i)
-                button_check_switches(button);
-
-        manager_dispatch_idle_action(NULL, 0, m);
-
-        return 0;
-}
-
-static int manager_run(Manager *m) {
-        int r;
-
-        assert(m);
-
-        for (;;) {
-                r = sd_event_get_state(m->event);
-                if (r < 0)
-                        return r;
-                if (r == SD_EVENT_FINISHED)
-                        return 0;
-
-                manager_gc(m, true);
-
-                r = manager_dispatch_delayed(m, false);
-                if (r < 0)
-                        return r;
-                if (r > 0)
-                        continue;
-
-                r = sd_event_run(m->event, (uint64_t) -1);
-                if (r < 0)
-                        return r;
-        }
-}
-
-int main(int argc, char *argv[]) {
-        Manager *m = NULL;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_set_facility(LOG_AUTH);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (argc != 1) {
-                log_error("This program takes no arguments.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        r = mac_selinux_init();
-        if (r < 0) {
-                log_error_errno(r, "Could not initialize labelling: %m");
-                goto finish;
-        }
-
-        /* Always create the directories people can create inotify
-         * watches in. Note that some applications might check for the
-         * existence of /run/systemd/seats/ to determine whether
-         * logind is available, so please always make sure this check
-         * stays in. */
-        mkdir_label("/run/systemd/seats", 0755);
-        mkdir_label("/run/systemd/users", 0755);
-        mkdir_label("/run/systemd/sessions", 0755);
-
-        m = manager_new();
-        if (!m) {
-                r = log_oom();
-                goto finish;
-        }
-
-        manager_parse_config_file(m);
-
-        r = manager_startup(m);
-        if (r < 0) {
-                log_error_errno(r, "Failed to fully start up daemon: %m");
-                goto finish;
-        }
-
-        log_debug("systemd-logind running as pid "PID_FMT, getpid());
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing requests...");
-
-        r = manager_run(m);
-
-        log_debug("systemd-logind stopped as pid "PID_FMT, getpid());
-
-finish:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Shutting down...");
-
-        manager_free(m);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/login/logind.h b/src/login/logind.h
deleted file mode 100644
index 90431eb4b0..0000000000
--- a/src/login/logind.h
+++ /dev/null
@@ -1,198 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "libudev.h"
-#include "sd-bus.h"
-#include "sd-event.h"
-
-#include "hashmap.h"
-#include "list.h"
-#include "set.h"
-
-typedef struct Manager Manager;
-
-#include "logind-action.h"
-#include "logind-button.h"
-#include "logind-device.h"
-#include "logind-inhibit.h"
-
-struct Manager {
-        sd_event *event;
-        sd_bus *bus;
-
-        Hashmap *devices;
-        Hashmap *seats;
-        Hashmap *sessions;
-        Hashmap *users;
-        Hashmap *inhibitors;
-        Hashmap *buttons;
-
-        LIST_HEAD(Seat, seat_gc_queue);
-        LIST_HEAD(Session, session_gc_queue);
-        LIST_HEAD(User, user_gc_queue);
-
-        struct udev *udev;
-        struct udev_monitor *udev_seat_monitor, *udev_device_monitor, *udev_vcsa_monitor, *udev_button_monitor;
-
-        sd_event_source *console_active_event_source;
-        sd_event_source *udev_seat_event_source;
-        sd_event_source *udev_device_event_source;
-        sd_event_source *udev_vcsa_event_source;
-        sd_event_source *udev_button_event_source;
-
-        int console_active_fd;
-
-        unsigned n_autovts;
-
-        unsigned reserve_vt;
-        int reserve_vt_fd;
-
-        Seat *seat0;
-
-        char **kill_only_users, **kill_exclude_users;
-        bool kill_user_processes;
-
-        unsigned long session_counter;
-        unsigned long inhibit_counter;
-
-        Hashmap *session_units;
-        Hashmap *user_units;
-
-        usec_t inhibit_delay_max;
-
-        /* If an action is currently being executed or is delayed,
-         * this is != 0 and encodes what is being done */
-        InhibitWhat action_what;
-
-        /* If a shutdown/suspend was delayed due to a inhibitor this
-           contains the unit name we are supposed to start after the
-           delay is over */
-        const char *action_unit;
-
-        /* If a shutdown/suspend is currently executed, then this is
-         * the job of it */
-        char *action_job;
-        sd_event_source *inhibit_timeout_source;
-
-        char *scheduled_shutdown_type;
-        usec_t scheduled_shutdown_timeout;
-        sd_event_source *scheduled_shutdown_timeout_source;
-        uid_t scheduled_shutdown_uid;
-        char *scheduled_shutdown_tty;
-        sd_event_source *nologin_timeout_source;
-        bool unlink_nologin;
-
-        char *wall_message;
-        unsigned enable_wall_messages;
-        sd_event_source *wall_message_timeout_source;
-
-        bool shutdown_dry_run;
-
-        sd_event_source *idle_action_event_source;
-        usec_t idle_action_usec;
-        usec_t idle_action_not_before_usec;
-        HandleAction idle_action;
-
-        HandleAction handle_power_key;
-        HandleAction handle_suspend_key;
-        HandleAction handle_hibernate_key;
-        HandleAction handle_lid_switch;
-        HandleAction handle_lid_switch_docked;
-
-        bool power_key_ignore_inhibited;
-        bool suspend_key_ignore_inhibited;
-        bool hibernate_key_ignore_inhibited;
-        bool lid_switch_ignore_inhibited;
-
-        bool remove_ipc;
-
-        Hashmap *polkit_registry;
-
-        usec_t holdoff_timeout_usec;
-        sd_event_source *lid_switch_ignore_event_source;
-
-        size_t runtime_dir_size;
-        uint64_t user_tasks_max;
-        uint64_t sessions_max;
-        uint64_t inhibitors_max;
-};
-
-int manager_add_device(Manager *m, const char *sysfs, bool master, Device **_device);
-int manager_add_button(Manager *m, const char *name, Button **_button);
-int manager_add_seat(Manager *m, const char *id, Seat **_seat);
-int manager_add_session(Manager *m, const char *id, Session **_session);
-int manager_add_user(Manager *m, uid_t uid, gid_t gid, const char *name, User **_user);
-int manager_add_user_by_name(Manager *m, const char *name, User **_user);
-int manager_add_user_by_uid(Manager *m, uid_t uid, User **_user);
-int manager_add_inhibitor(Manager *m, const char* id, Inhibitor **_inhibitor);
-
-int manager_process_seat_device(Manager *m, struct udev_device *d);
-int manager_process_button_device(Manager *m, struct udev_device *d);
-
-int manager_spawn_autovt(Manager *m, unsigned int vtnr);
-
-bool manager_shall_kill(Manager *m, const char *user);
-
-int manager_get_idle_hint(Manager *m, dual_timestamp *t);
-
-int manager_get_user_by_pid(Manager *m, pid_t pid, User **user);
-int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session);
-
-bool manager_is_docked_or_external_displays(Manager *m);
-
-extern const sd_bus_vtable manager_vtable[];
-
-int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int match_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-
-int bus_manager_shutdown_or_sleep_now_or_later(Manager *m, const char *unit_name, InhibitWhat w, sd_bus_error *error);
-
-int manager_send_changed(Manager *manager, const char *property, ...) _sentinel_;
-
-int manager_start_slice(Manager *manager, const char *slice, const char *description, const char *after, const char *after2, uint64_t tasks_max, sd_bus_error *error, char **job);
-int manager_start_scope(Manager *manager, const char *scope, pid_t pid, const char *slice, const char *description, const char *after, const char *after2, uint64_t tasks_max, sd_bus_error *error, char **job);
-int manager_start_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job);
-int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job);
-int manager_abandon_scope(Manager *manager, const char *scope, sd_bus_error *error);
-int manager_kill_unit(Manager *manager, const char *unit, KillWho who, int signo, sd_bus_error *error);
-int manager_unit_is_active(Manager *manager, const char *unit);
-int manager_job_is_active(Manager *manager, const char *path);
-
-/* gperf lookup function */
-const struct ConfigPerfItem* logind_gperf_lookup(const char *key, unsigned length);
-
-int manager_set_lid_switch_ignore(Manager *m, usec_t until);
-
-int config_parse_tmpfs_size(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-
-int manager_get_session_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Session **ret);
-int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret);
-int manager_get_seat_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Seat **ret);
-
-int manager_setup_wall_message_timer(Manager *m);
-bool logind_wall_tty_filter(const char *tty, void *userdata);
-
-int manager_dispatch_delayed(Manager *manager, bool timeout);
diff --git a/src/login/test-inhibit.c b/src/login/test-inhibit.c
deleted file mode 100644
index a3cf9d293b..0000000000
--- a/src/login/test-inhibit.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "bus-util.h"
-#include "fd-util.h"
-#include "macro.h"
-#include "util.h"
-
-static int inhibit(sd_bus *bus, const char *what) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *who = "Test Tool", *reason = "Just because!", *mode = "block";
-        int fd;
-        int r;
-
-        r = sd_bus_call_method(bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "Inhibit",
-                        &error,
-                        &reply,
-                        "ssss", what, who, reason, mode);
-        assert_se(r >= 0);
-
-        r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_UNIX_FD, &fd);
-        assert_se(r >= 0);
-        assert_se(fd >= 0);
-
-        return dup(fd);
-}
-
-static void print_inhibitors(sd_bus *bus) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *what, *who, *why, *mode;
-        uint32_t uid, pid;
-        unsigned n = 0;
-        int r;
-
-        r = sd_bus_call_method(bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "ListInhibitors",
-                        &error,
-                        &reply,
-                        "");
-        assert_se(r >= 0);
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssuu)");
-        assert_se(r >= 0);
-
-        while ((r = sd_bus_message_read(reply, "(ssssuu)", &what, &who, &why, &mode, &uid, &pid)) > 0) {
-                printf("what=<%s> who=<%s> why=<%s> mode=<%s> uid=<%"PRIu32"> pid=<%"PRIu32">\n",
-                       what, who, why, mode, uid, pid);
-
-                n++;
-        }
-        assert_se(r >= 0);
-
-        printf("%u inhibitors\n", n);
-}
-
-int main(int argc, char*argv[]) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        int fd1, fd2;
-        int r;
-
-        r = sd_bus_open_system(&bus);
-        assert_se(r >= 0);
-
-        print_inhibitors(bus);
-
-        fd1 = inhibit(bus, "sleep");
-        assert_se(fd1 >= 0);
-        print_inhibitors(bus);
-
-        fd2 = inhibit(bus, "idle:shutdown");
-        assert_se(fd2 >= 0);
-        print_inhibitors(bus);
-
-        safe_close(fd1);
-        sleep(1);
-        print_inhibitors(bus);
-
-        safe_close(fd2);
-        sleep(1);
-        print_inhibitors(bus);
-
-        return 0;
-}
diff --git a/src/machine-id-setup/Makefile b/src/machine-id-setup/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/machine-id-setup/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/machine/Makefile b/src/machine/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/machine/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/machine/machine-dbus.h b/src/machine/machine-dbus.h
deleted file mode 100644
index 241b23c7ec..0000000000
--- a/src/machine/machine-dbus.h
+++ /dev/null
@@ -1,44 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "machine.h"
-
-extern const sd_bus_vtable machine_vtable[];
-
-char *machine_bus_path(Machine *s);
-int machine_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
-int machine_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
-
-int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_get_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_open_pty(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_open_login(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_machine_method_open_root_directory(sd_bus_message *message, void *userdata, sd_bus_error *error);
-
-int machine_send_signal(Machine *m, bool new_machine);
-int machine_send_create_reply(Machine *m, sd_bus_error *error);
diff --git a/src/machine/machine.c b/src/machine/machine.c
deleted file mode 100644
index c1fae57084..0000000000
--- a/src/machine/machine.c
+++ /dev/null
@@ -1,630 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "escape.h"
-#include "extract-word.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "hashmap.h"
-#include "machine-dbus.h"
-#include "machine.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "process-util.h"
-#include "special.h"
-#include "string-table.h"
-#include "terminal-util.h"
-#include "unit-name.h"
-#include "util.h"
-
-Machine* machine_new(Manager *manager, MachineClass class, const char *name) {
-        Machine *m;
-
-        assert(manager);
-        assert(class < _MACHINE_CLASS_MAX);
-        assert(name);
-
-        /* Passing class == _MACHINE_CLASS_INVALID here is fine. It
-         * means as much as "we don't know yet", and that we'll figure
-         * it out later when loading the state file. */
-
-        m = new0(Machine, 1);
-        if (!m)
-                return NULL;
-
-        m->name = strdup(name);
-        if (!m->name)
-                goto fail;
-
-        if (class != MACHINE_HOST) {
-                m->state_file = strappend("/run/systemd/machines/", m->name);
-                if (!m->state_file)
-                        goto fail;
-        }
-
-        m->class = class;
-
-        if (hashmap_put(manager->machines, m->name, m) < 0)
-                goto fail;
-
-        m->manager = manager;
-
-        return m;
-
-fail:
-        free(m->state_file);
-        free(m->name);
-        free(m);
-
-        return NULL;
-}
-
-void machine_free(Machine *m) {
-        assert(m);
-
-        while (m->operations)
-                operation_free(m->operations);
-
-        if (m->in_gc_queue)
-                LIST_REMOVE(gc_queue, m->manager->machine_gc_queue, m);
-
-        machine_release_unit(m);
-
-        free(m->scope_job);
-
-        (void) hashmap_remove(m->manager->machines, m->name);
-
-        if (m->manager->host_machine == m)
-                m->manager->host_machine = NULL;
-
-        if (m->leader > 0)
-                (void) hashmap_remove_value(m->manager->machine_leaders, PID_TO_PTR(m->leader), m);
-
-        sd_bus_message_unref(m->create_message);
-
-        free(m->name);
-        free(m->state_file);
-        free(m->service);
-        free(m->root_directory);
-        free(m->netif);
-        free(m);
-}
-
-int machine_save(Machine *m) {
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        int r;
-
-        assert(m);
-
-        if (!m->state_file)
-                return 0;
-
-        if (!m->started)
-                return 0;
-
-        r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0);
-        if (r < 0)
-                goto fail;
-
-        r = fopen_temporary(m->state_file, &f, &temp_path);
-        if (r < 0)
-                goto fail;
-
-        (void) fchmod(fileno(f), 0644);
-
-        fprintf(f,
-                "# This is private data. Do not parse.\n"
-                "NAME=%s\n",
-                m->name);
-
-        if (m->unit) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(m->unit);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                fprintf(f, "SCOPE=%s\n", escaped); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */
-        }
-
-        if (m->scope_job)
-                fprintf(f, "SCOPE_JOB=%s\n", m->scope_job);
-
-        if (m->service) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(m->service);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-                fprintf(f, "SERVICE=%s\n", escaped);
-        }
-
-        if (m->root_directory) {
-                _cleanup_free_ char *escaped;
-
-                escaped = cescape(m->root_directory);
-                if (!escaped) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-                fprintf(f, "ROOT=%s\n", escaped);
-        }
-
-        if (!sd_id128_equal(m->id, SD_ID128_NULL))
-                fprintf(f, "ID=" SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->id));
-
-        if (m->leader != 0)
-                fprintf(f, "LEADER="PID_FMT"\n", m->leader);
-
-        if (m->class != _MACHINE_CLASS_INVALID)
-                fprintf(f, "CLASS=%s\n", machine_class_to_string(m->class));
-
-        if (dual_timestamp_is_set(&m->timestamp))
-                fprintf(f,
-                        "REALTIME="USEC_FMT"\n"
-                        "MONOTONIC="USEC_FMT"\n",
-                        m->timestamp.realtime,
-                        m->timestamp.monotonic);
-
-        if (m->n_netif > 0) {
-                unsigned i;
-
-                fputs("NETIF=", f);
-
-                for (i = 0; i < m->n_netif; i++) {
-                        if (i != 0)
-                                fputc(' ', f);
-
-                        fprintf(f, "%i", m->netif[i]);
-                }
-
-                fputc('\n', f);
-        }
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, m->state_file) < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        if (m->unit) {
-                char *sl;
-
-                /* Create a symlink from the unit name to the machine
-                 * name, so that we can quickly find the machine for
-                 * each given unit. Ignore error. */
-                sl = strjoina("/run/systemd/machines/unit:", m->unit);
-                (void) symlink(m->name, sl);
-        }
-
-        return 0;
-
-fail:
-        (void) unlink(m->state_file);
-
-        if (temp_path)
-                (void) unlink(temp_path);
-
-        return log_error_errno(r, "Failed to save machine data %s: %m", m->state_file);
-}
-
-static void machine_unlink(Machine *m) {
-        assert(m);
-
-        if (m->unit) {
-
-                char *sl;
-
-                sl = strjoina("/run/systemd/machines/unit:", m->unit);
-                (void) unlink(sl);
-        }
-
-        if (m->state_file)
-                (void) unlink(m->state_file);
-}
-
-int machine_load(Machine *m) {
-        _cleanup_free_ char *realtime = NULL, *monotonic = NULL, *id = NULL, *leader = NULL, *class = NULL, *netif = NULL;
-        int r;
-
-        assert(m);
-
-        if (!m->state_file)
-                return 0;
-
-        r = parse_env_file(m->state_file, NEWLINE,
-                           "SCOPE",     &m->unit,
-                           "SCOPE_JOB", &m->scope_job,
-                           "SERVICE",   &m->service,
-                           "ROOT",      &m->root_directory,
-                           "ID",        &id,
-                           "LEADER",    &leader,
-                           "CLASS",     &class,
-                           "REALTIME",  &realtime,
-                           "MONOTONIC", &monotonic,
-                           "NETIF",     &netif,
-                           NULL);
-        if (r < 0) {
-                if (r == -ENOENT)
-                        return 0;
-
-                return log_error_errno(r, "Failed to read %s: %m", m->state_file);
-        }
-
-        if (id)
-                sd_id128_from_string(id, &m->id);
-
-        if (leader)
-                parse_pid(leader, &m->leader);
-
-        if (class) {
-                MachineClass c;
-
-                c = machine_class_from_string(class);
-                if (c >= 0)
-                        m->class = c;
-        }
-
-        if (realtime)
-                timestamp_deserialize(realtime, &m->timestamp.realtime);
-        if (monotonic)
-                timestamp_deserialize(monotonic, &m->timestamp.monotonic);
-
-        if (netif) {
-                size_t allocated = 0, nr = 0;
-                const char *p;
-                int *ni = NULL;
-
-                p = netif;
-                for (;;) {
-                        _cleanup_free_ char *word = NULL;
-                        int ifi;
-
-                        r = extract_first_word(&p, &word, NULL, 0);
-                        if (r == 0)
-                                break;
-                        if (r == -ENOMEM)
-                                return log_oom();
-                        if (r < 0) {
-                                log_warning_errno(r, "Failed to parse NETIF: %s", netif);
-                                break;
-                        }
-
-                        if (parse_ifindex(word, &ifi) < 0)
-                                continue;
-
-                        if (!GREEDY_REALLOC(ni, allocated, nr+1)) {
-                                free(ni);
-                                return log_oom();
-                        }
-
-                        ni[nr++] = ifi;
-                }
-
-                free(m->netif);
-                m->netif = ni;
-                m->n_netif = nr;
-        }
-
-        return r;
-}
-
-static int machine_start_scope(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
-        int r = 0;
-
-        assert(m);
-        assert(m->class != MACHINE_HOST);
-
-        if (!m->unit) {
-                _cleanup_free_ char *escaped = NULL;
-                char *scope, *description, *job = NULL;
-
-                escaped = unit_name_escape(m->name);
-                if (!escaped)
-                        return log_oom();
-
-                scope = strjoin("machine-", escaped, ".scope", NULL);
-                if (!scope)
-                        return log_oom();
-
-                description = strjoina(m->class == MACHINE_VM ? "Virtual Machine " : "Container ", m->name);
-
-                r = manager_start_scope(m->manager, scope, m->leader, SPECIAL_MACHINE_SLICE, description, properties, error, &job);
-                if (r < 0) {
-                        log_error("Failed to start machine scope: %s", bus_error_message(error, r));
-                        free(scope);
-                        return r;
-                } else {
-                        m->unit = scope;
-
-                        free(m->scope_job);
-                        m->scope_job = job;
-                }
-        }
-
-        if (m->unit)
-                hashmap_put(m->manager->machine_units, m->unit, m);
-
-        return r;
-}
-
-int machine_start(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
-        int r;
-
-        assert(m);
-
-        if (!IN_SET(m->class, MACHINE_CONTAINER, MACHINE_VM))
-                return -EOPNOTSUPP;
-
-        if (m->started)
-                return 0;
-
-        r = hashmap_put(m->manager->machine_leaders, PID_TO_PTR(m->leader), m);
-        if (r < 0)
-                return r;
-
-        /* Create cgroup */
-        r = machine_start_scope(m, properties, error);
-        if (r < 0)
-                return r;
-
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_MACHINE_START),
-                   "NAME=%s", m->name,
-                   "LEADER="PID_FMT, m->leader,
-                   LOG_MESSAGE("New machine %s.", m->name),
-                   NULL);
-
-        if (!dual_timestamp_is_set(&m->timestamp))
-                dual_timestamp_get(&m->timestamp);
-
-        m->started = true;
-
-        /* Save new machine data */
-        machine_save(m);
-
-        machine_send_signal(m, true);
-
-        return 0;
-}
-
-static int machine_stop_scope(Machine *m) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char *job = NULL;
-        int r;
-
-        assert(m);
-        assert(m->class != MACHINE_HOST);
-
-        if (!m->unit)
-                return 0;
-
-        r = manager_stop_unit(m->manager, m->unit, &error, &job);
-        if (r < 0) {
-                log_error("Failed to stop machine scope: %s", bus_error_message(&error, r));
-                return r;
-        }
-
-        free(m->scope_job);
-        m->scope_job = job;
-
-        return 0;
-}
-
-int machine_stop(Machine *m) {
-        int r;
-        assert(m);
-
-        if (!IN_SET(m->class, MACHINE_CONTAINER, MACHINE_VM))
-                return -EOPNOTSUPP;
-
-        r = machine_stop_scope(m);
-
-        m->stopping = true;
-
-        machine_save(m);
-
-        return r;
-}
-
-int machine_finalize(Machine *m) {
-        assert(m);
-
-        if (m->started)
-                log_struct(LOG_INFO,
-                           LOG_MESSAGE_ID(SD_MESSAGE_MACHINE_STOP),
-                           "NAME=%s", m->name,
-                           "LEADER="PID_FMT, m->leader,
-                           LOG_MESSAGE("Machine %s terminated.", m->name),
-                           NULL);
-
-        machine_unlink(m);
-        machine_add_to_gc_queue(m);
-
-        if (m->started) {
-                machine_send_signal(m, false);
-                m->started = false;
-        }
-
-        return 0;
-}
-
-bool machine_check_gc(Machine *m, bool drop_not_started) {
-        assert(m);
-
-        if (m->class == MACHINE_HOST)
-                return true;
-
-        if (drop_not_started && !m->started)
-                return false;
-
-        if (m->scope_job && manager_job_is_active(m->manager, m->scope_job))
-                return true;
-
-        if (m->unit && manager_unit_is_active(m->manager, m->unit))
-                return true;
-
-        return false;
-}
-
-void machine_add_to_gc_queue(Machine *m) {
-        assert(m);
-
-        if (m->in_gc_queue)
-                return;
-
-        LIST_PREPEND(gc_queue, m->manager->machine_gc_queue, m);
-        m->in_gc_queue = true;
-}
-
-MachineState machine_get_state(Machine *s) {
-        assert(s);
-
-        if (s->class == MACHINE_HOST)
-                return MACHINE_RUNNING;
-
-        if (s->stopping)
-                return MACHINE_CLOSING;
-
-        if (s->scope_job)
-                return MACHINE_OPENING;
-
-        return MACHINE_RUNNING;
-}
-
-int machine_kill(Machine *m, KillWho who, int signo) {
-        assert(m);
-
-        if (!IN_SET(m->class, MACHINE_VM, MACHINE_CONTAINER))
-                return -EOPNOTSUPP;
-
-        if (!m->unit)
-                return -ESRCH;
-
-        if (who == KILL_LEADER) {
-                /* If we shall simply kill the leader, do so directly */
-
-                if (kill(m->leader, signo) < 0)
-                        return -errno;
-
-                return 0;
-        }
-
-        /* Otherwise, make PID 1 do it for us, for the entire cgroup */
-        return manager_kill_unit(m->manager, m->unit, signo, NULL);
-}
-
-int machine_openpt(Machine *m, int flags) {
-        assert(m);
-
-        switch (m->class) {
-
-        case MACHINE_HOST: {
-                int fd;
-
-                fd = posix_openpt(flags);
-                if (fd < 0)
-                        return -errno;
-
-                if (unlockpt(fd) < 0)
-                        return -errno;
-
-                return fd;
-        }
-
-        case MACHINE_CONTAINER:
-                if (m->leader <= 0)
-                        return -EINVAL;
-
-                return openpt_in_namespace(m->leader, flags);
-
-        default:
-                return -EOPNOTSUPP;
-        }
-}
-
-int machine_open_terminal(Machine *m, const char *path, int mode) {
-        assert(m);
-
-        switch (m->class) {
-
-        case MACHINE_HOST:
-                return open_terminal(path, mode);
-
-        case MACHINE_CONTAINER:
-                if (m->leader <= 0)
-                        return -EINVAL;
-
-                return open_terminal_in_namespace(m->leader, path, mode);
-
-        default:
-                return -EOPNOTSUPP;
-        }
-}
-
-void machine_release_unit(Machine *m) {
-        assert(m);
-
-        if (!m->unit)
-                return;
-
-        (void) hashmap_remove(m->manager->machine_units, m->unit);
-        m->unit = mfree(m->unit);
-}
-
-static const char* const machine_class_table[_MACHINE_CLASS_MAX] = {
-        [MACHINE_CONTAINER] = "container",
-        [MACHINE_VM] = "vm",
-        [MACHINE_HOST] = "host",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(machine_class, MachineClass);
-
-static const char* const machine_state_table[_MACHINE_STATE_MAX] = {
-        [MACHINE_OPENING] = "opening",
-        [MACHINE_RUNNING] = "running",
-        [MACHINE_CLOSING] = "closing"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(machine_state, MachineState);
-
-static const char* const kill_who_table[_KILL_WHO_MAX] = {
-        [KILL_LEADER] = "leader",
-        [KILL_ALL] = "all"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);
diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
deleted file mode 100644
index 8e4ffa9a39..0000000000
--- a/src/machine/machinectl.c
+++ /dev/null
@@ -1,2782 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <arpa/inet.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <locale.h>
-#include <net/if.h>
-#include <netinet/in.h>
-#include <string.h>
-#include <sys/mount.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-unit-util.h"
-#include "bus-util.h"
-#include "cgroup-show.h"
-#include "cgroup-util.h"
-#include "copy.h"
-#include "env-util.h"
-#include "fd-util.h"
-#include "hostname-util.h"
-#include "import-util.h"
-#include "log.h"
-#include "logs-show.h"
-#include "macro.h"
-#include "mkdir.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "ptyfwd.h"
-#include "signal-util.h"
-#include "spawn-polkit-agent.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "unit-name.h"
-#include "util.h"
-#include "verbs.h"
-#include "web-util.h"
-
-static char **arg_property = NULL;
-static bool arg_all = false;
-static bool arg_value = false;
-static bool arg_full = false;
-static bool arg_no_pager = false;
-static bool arg_legend = true;
-static const char *arg_kill_who = NULL;
-static int arg_signal = SIGTERM;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static char *arg_host = NULL;
-static bool arg_read_only = false;
-static bool arg_mkdir = false;
-static bool arg_quiet = false;
-static bool arg_ask_password = true;
-static unsigned arg_lines = 10;
-static OutputMode arg_output = OUTPUT_SHORT;
-static bool arg_force = false;
-static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
-static const char* arg_format = NULL;
-static const char *arg_uid = NULL;
-static char **arg_setenv = NULL;
-
-static void polkit_agent_open_if_enabled(void) {
-
-        /* Open the polkit agent as a child process if necessary */
-
-        if (!arg_ask_password)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        polkit_agent_open();
-}
-
-static OutputFlags get_output_flags(void) {
-        return
-                arg_all * OUTPUT_SHOW_ALL |
-                arg_full * OUTPUT_FULL_WIDTH |
-                (!on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
-                colors_enabled() * OUTPUT_COLOR |
-                !arg_quiet * OUTPUT_WARN_CUTOFF;
-}
-
-typedef struct MachineInfo {
-        const char *name;
-        const char *class;
-        const char *service;
-} MachineInfo;
-
-static int compare_machine_info(const void *a, const void *b) {
-        const MachineInfo *x = a, *y = b;
-
-        return strcmp(x->name, y->name);
-}
-
-static int list_machines(int argc, char *argv[], void *userdata) {
-
-        size_t max_name = strlen("MACHINE"), max_class = strlen("CLASS"), max_service = strlen("SERVICE");
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ MachineInfo *machines = NULL;
-        const char *name, *class, *service, *object;
-        size_t n_machines = 0, n_allocated = 0, j;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "ListMachines",
-                               &error,
-                               &reply,
-                               NULL);
-        if (r < 0) {
-                log_error("Could not get machines: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_enter_container(reply, 'a', "(ssso)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(ssso)", &name, &class, &service, &object)) > 0) {
-                size_t l;
-
-                if (name[0] == '.' && !arg_all)
-                        continue;
-
-                if (!GREEDY_REALLOC(machines, n_allocated, n_machines + 1))
-                        return log_oom();
-
-                machines[n_machines].name = name;
-                machines[n_machines].class = class;
-                machines[n_machines].service = service;
-
-                l = strlen(name);
-                if (l > max_name)
-                        max_name = l;
-
-                l = strlen(class);
-                if (l > max_class)
-                        max_class = l;
-
-                l = strlen(service);
-                if (l > max_service)
-                        max_service = l;
-
-                n_machines++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        qsort_safe(machines, n_machines, sizeof(MachineInfo), compare_machine_info);
-
-        if (arg_legend)
-                printf("%-*s %-*s %-*s\n",
-                       (int) max_name, "MACHINE",
-                       (int) max_class, "CLASS",
-                       (int) max_service, "SERVICE");
-
-        for (j = 0; j < n_machines; j++)
-                printf("%-*s %-*s %-*s\n",
-                       (int) max_name, machines[j].name,
-                       (int) max_class, machines[j].class,
-                       (int) max_service, machines[j].service);
-
-        if (arg_legend)
-                printf("\n%zu machines listed.\n", n_machines);
-
-        return 0;
-}
-
-typedef struct ImageInfo {
-        const char *name;
-        const char *type;
-        bool read_only;
-        usec_t crtime;
-        usec_t mtime;
-        uint64_t size;
-} ImageInfo;
-
-static int compare_image_info(const void *a, const void *b) {
-        const ImageInfo *x = a, *y = b;
-
-        return strcmp(x->name, y->name);
-}
-
-static int list_images(int argc, char *argv[], void *userdata) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        size_t max_name = strlen("NAME"), max_type = strlen("TYPE"), max_size = strlen("USAGE"), max_crtime = strlen("CREATED"), max_mtime = strlen("MODIFIED");
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ ImageInfo *images = NULL;
-        size_t n_images = 0, n_allocated = 0, j;
-        const char *name, *type, *object;
-        sd_bus *bus = userdata;
-        uint64_t crtime, mtime, size;
-        int read_only, r;
-
-        assert(bus);
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "ListImages",
-                               &error,
-                               &reply,
-                               "");
-        if (r < 0) {
-                log_error("Could not get images: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssbttto)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(ssbttto)", &name, &type, &read_only, &crtime, &mtime, &size, &object)) > 0) {
-                char buf[MAX(FORMAT_TIMESTAMP_MAX, FORMAT_BYTES_MAX)];
-                size_t l;
-
-                if (name[0] == '.' && !arg_all)
-                        continue;
-
-                if (!GREEDY_REALLOC(images, n_allocated, n_images + 1))
-                        return log_oom();
-
-                images[n_images].name = name;
-                images[n_images].type = type;
-                images[n_images].read_only = read_only;
-                images[n_images].crtime = crtime;
-                images[n_images].mtime = mtime;
-                images[n_images].size = size;
-
-                l = strlen(name);
-                if (l > max_name)
-                        max_name = l;
-
-                l = strlen(type);
-                if (l > max_type)
-                        max_type = l;
-
-                if (crtime != 0) {
-                        l = strlen(strna(format_timestamp(buf, sizeof(buf), crtime)));
-                        if (l > max_crtime)
-                                max_crtime = l;
-                }
-
-                if (mtime != 0) {
-                        l = strlen(strna(format_timestamp(buf, sizeof(buf), mtime)));
-                        if (l > max_mtime)
-                                max_mtime = l;
-                }
-
-                if (size != (uint64_t) -1) {
-                        l = strlen(strna(format_bytes(buf, sizeof(buf), size)));
-                        if (l > max_size)
-                                max_size = l;
-                }
-
-                n_images++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        qsort_safe(images, n_images, sizeof(ImageInfo), compare_image_info);
-
-        if (arg_legend)
-                printf("%-*s %-*s %-3s %-*s %-*s %-*s\n",
-                       (int) max_name, "NAME",
-                       (int) max_type, "TYPE",
-                       "RO",
-                       (int) max_size, "USAGE",
-                       (int) max_crtime, "CREATED",
-                       (int) max_mtime, "MODIFIED");
-
-        for (j = 0; j < n_images; j++) {
-                char crtime_buf[FORMAT_TIMESTAMP_MAX], mtime_buf[FORMAT_TIMESTAMP_MAX], size_buf[FORMAT_BYTES_MAX];
-
-                printf("%-*s %-*s %s%-3s%s %-*s %-*s %-*s\n",
-                       (int) max_name, images[j].name,
-                       (int) max_type, images[j].type,
-                       images[j].read_only ? ansi_highlight_red() : "", yes_no(images[j].read_only), images[j].read_only ? ansi_normal() : "",
-                       (int) max_size, strna(format_bytes(size_buf, sizeof(size_buf), images[j].size)),
-                       (int) max_crtime, strna(format_timestamp(crtime_buf, sizeof(crtime_buf), images[j].crtime)),
-                       (int) max_mtime, strna(format_timestamp(mtime_buf, sizeof(mtime_buf), images[j].mtime)));
-        }
-
-        if (arg_legend)
-                printf("\n%zu images listed.\n", n_images);
-
-        return 0;
-}
-
-static int show_unit_cgroup(sd_bus *bus, const char *unit, pid_t leader) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ char *path = NULL;
-        const char *cgroup;
-        int r;
-        unsigned c;
-
-        assert(bus);
-        assert(unit);
-
-        path = unit_dbus_path_from_name(unit);
-        if (!path)
-                return log_oom();
-
-        r = sd_bus_get_property(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        unit_dbus_interface_from_name(unit),
-                        "ControlGroup",
-                        &error,
-                        &reply,
-                        "s");
-        if (r < 0)
-                return log_error_errno(r, "Failed to query ControlGroup: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_read(reply, "s", &cgroup);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (isempty(cgroup))
-                return 0;
-
-        c = columns();
-        if (c > 18)
-                c -= 18;
-        else
-                c = 0;
-
-        r = unit_show_processes(bus, unit, cgroup, "\t\t  ", c, get_output_flags(), &error);
-        if (r == -EBADR) {
-
-                if (arg_transport == BUS_TRANSPORT_REMOTE)
-                        return 0;
-
-                /* Fallback for older systemd versions where the GetUnitProcesses() call is not yet available */
-
-                if (cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) != 0 && leader <= 0)
-                        return 0;
-
-                show_cgroup_and_extra(SYSTEMD_CGROUP_CONTROLLER, cgroup, "\t\t  ", c, &leader, leader > 0, get_output_flags());
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to dump process list: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int print_addresses(sd_bus *bus, const char *name, int ifi, const char *prefix, const char *prefix2) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-
-        assert(bus);
-        assert(name);
-        assert(prefix);
-        assert(prefix2);
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "GetMachineAddresses",
-                               NULL,
-                               &reply,
-                               "s", name);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(iay)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
-                int family;
-                const void *a;
-                size_t sz;
-                char buffer[MAX(INET6_ADDRSTRLEN, INET_ADDRSTRLEN)];
-
-                r = sd_bus_message_read(reply, "i", &family);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                fputs(prefix, stdout);
-                fputs(inet_ntop(family, a, buffer, sizeof(buffer)), stdout);
-                if (family == AF_INET6 && ifi > 0)
-                        printf("%%%i", ifi);
-                fputc('\n', stdout);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (prefix != prefix2)
-                        prefix = prefix2;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return 0;
-}
-
-static int print_os_release(sd_bus *bus, const char *name, const char *prefix) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *k, *v, *pretty = NULL;
-        int r;
-
-        assert(bus);
-        assert(name);
-        assert(prefix);
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "GetMachineOSRelease",
-                               NULL,
-                               &reply,
-                               "s", name);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_enter_container(reply, 'a', "{ss}");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "{ss}", &k, &v)) > 0) {
-                if (streq(k, "PRETTY_NAME"))
-                        pretty = v;
-
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (pretty)
-                printf("%s%s\n", prefix, pretty);
-
-        return 0;
-}
-
-typedef struct MachineStatusInfo {
-        char *name;
-        sd_id128_t id;
-        char *class;
-        char *service;
-        char *unit;
-        char *root_directory;
-        pid_t leader;
-        struct dual_timestamp timestamp;
-        int *netif;
-        unsigned n_netif;
-} MachineStatusInfo;
-
-static void machine_status_info_clear(MachineStatusInfo *info) {
-        if (info) {
-                free(info->name);
-                free(info->class);
-                free(info->service);
-                free(info->unit);
-                free(info->root_directory);
-                free(info->netif);
-                zero(*info);
-        }
-}
-
-static void print_machine_status_info(sd_bus *bus, MachineStatusInfo *i) {
-        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
-        char since2[FORMAT_TIMESTAMP_MAX], *s2;
-        int ifi = -1;
-
-        assert(bus);
-        assert(i);
-
-        fputs(strna(i->name), stdout);
-
-        if (!sd_id128_equal(i->id, SD_ID128_NULL))
-                printf("(" SD_ID128_FORMAT_STR ")\n", SD_ID128_FORMAT_VAL(i->id));
-        else
-                putchar('\n');
-
-        s1 = format_timestamp_relative(since1, sizeof(since1), i->timestamp.realtime);
-        s2 = format_timestamp(since2, sizeof(since2), i->timestamp.realtime);
-
-        if (s1)
-                printf("\t   Since: %s; %s\n", s2, s1);
-        else if (s2)
-                printf("\t   Since: %s\n", s2);
-
-        if (i->leader > 0) {
-                _cleanup_free_ char *t = NULL;
-
-                printf("\t  Leader: %u", (unsigned) i->leader);
-
-                get_process_comm(i->leader, &t);
-                if (t)
-                        printf(" (%s)", t);
-
-                putchar('\n');
-        }
-
-        if (i->service) {
-                printf("\t Service: %s", i->service);
-
-                if (i->class)
-                        printf("; class %s", i->class);
-
-                putchar('\n');
-        } else if (i->class)
-                printf("\t   Class: %s\n", i->class);
-
-        if (i->root_directory)
-                printf("\t    Root: %s\n", i->root_directory);
-
-        if (i->n_netif > 0) {
-                unsigned c;
-
-                fputs("\t   Iface:", stdout);
-
-                for (c = 0; c < i->n_netif; c++) {
-                        char name[IF_NAMESIZE+1] = "";
-
-                        if (if_indextoname(i->netif[c], name)) {
-                                fputc(' ', stdout);
-                                fputs(name, stdout);
-
-                                if (ifi < 0)
-                                        ifi = i->netif[c];
-                                else
-                                        ifi = 0;
-                        } else
-                                printf(" %i", i->netif[c]);
-                }
-
-                fputc('\n', stdout);
-        }
-
-        print_addresses(bus, i->name, ifi,
-                       "\t Address: ",
-                       "\t          ");
-
-        print_os_release(bus, i->name, "\t      OS: ");
-
-        if (i->unit) {
-                printf("\t    Unit: %s\n", i->unit);
-                show_unit_cgroup(bus, i->unit, i->leader);
-
-                if (arg_transport == BUS_TRANSPORT_LOCAL)
-
-                        show_journal_by_unit(
-                                        stdout,
-                                        i->unit,
-                                        arg_output,
-                                        0,
-                                        i->timestamp.monotonic,
-                                        arg_lines,
-                                        0,
-                                        get_output_flags() | OUTPUT_BEGIN_NEWLINE,
-                                        SD_JOURNAL_LOCAL_ONLY,
-                                        true,
-                                        NULL);
-        }
-}
-
-static int map_netif(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
-        MachineStatusInfo *i = userdata;
-        size_t l;
-        const void *v;
-        int r;
-
-        assert_cc(sizeof(int32_t) == sizeof(int));
-        r = sd_bus_message_read_array(m, SD_BUS_TYPE_INT32, &v, &l);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return -EBADMSG;
-
-        i->n_netif = l / sizeof(int32_t);
-        i->netif = memdup(v, l);
-        if (!i->netif)
-                return -ENOMEM;
-
-        return 0;
-}
-
-static int show_machine_info(const char *verb, sd_bus *bus, const char *path, bool *new_line) {
-
-        static const struct bus_properties_map map[]  = {
-                { "Name",               "s",  NULL,          offsetof(MachineStatusInfo, name)                },
-                { "Class",              "s",  NULL,          offsetof(MachineStatusInfo, class)               },
-                { "Service",            "s",  NULL,          offsetof(MachineStatusInfo, service)             },
-                { "Unit",               "s",  NULL,          offsetof(MachineStatusInfo, unit)                },
-                { "RootDirectory",      "s",  NULL,          offsetof(MachineStatusInfo, root_directory)      },
-                { "Leader",             "u",  NULL,          offsetof(MachineStatusInfo, leader)              },
-                { "Timestamp",          "t",  NULL,          offsetof(MachineStatusInfo, timestamp.realtime)  },
-                { "TimestampMonotonic", "t",  NULL,          offsetof(MachineStatusInfo, timestamp.monotonic) },
-                { "Id",                 "ay", bus_map_id128, offsetof(MachineStatusInfo, id)                  },
-                { "NetworkInterfaces",  "ai", map_netif,     0                                                },
-                {}
-        };
-
-        _cleanup_(machine_status_info_clear) MachineStatusInfo info = {};
-        int r;
-
-        assert(verb);
-        assert(bus);
-        assert(path);
-        assert(new_line);
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.machine1",
-                                   path,
-                                   map,
-                                   &info);
-        if (r < 0)
-                return log_error_errno(r, "Could not get properties: %m");
-
-        if (*new_line)
-                printf("\n");
-        *new_line = true;
-
-        print_machine_status_info(bus, &info);
-
-        return r;
-}
-
-static int show_machine_properties(sd_bus *bus, const char *path, bool *new_line) {
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(new_line);
-
-        if (*new_line)
-                printf("\n");
-
-        *new_line = true;
-
-        r = bus_print_all_properties(bus, "org.freedesktop.machine1", path, arg_property, arg_value, arg_all);
-        if (r < 0)
-                log_error_errno(r, "Could not get properties: %m");
-
-        return r;
-}
-
-static int show_machine(int argc, char *argv[], void *userdata) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        bool properties, new_line = false;
-        sd_bus *bus = userdata;
-        int r = 0, i;
-
-        assert(bus);
-
-        properties = !strstr(argv[0], "status");
-
-        pager_open(arg_no_pager, false);
-
-        if (properties && argc <= 1) {
-
-                /* If no argument is specified, inspect the manager
-                 * itself */
-                r = show_machine_properties(bus, "/org/freedesktop/machine1", &new_line);
-                if (r < 0)
-                        return r;
-        }
-
-        for (i = 1; i < argc; i++) {
-                const char *path = NULL;
-
-                r = sd_bus_call_method(bus,
-                                       "org.freedesktop.machine1",
-                                       "/org/freedesktop/machine1",
-                                       "org.freedesktop.machine1.Manager",
-                                       "GetMachine",
-                                       &error,
-                                       &reply,
-                                       "s", argv[i]);
-                if (r < 0) {
-                        log_error("Could not get path to machine: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-
-                r = sd_bus_message_read(reply, "o", &path);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (properties)
-                        r = show_machine_properties(bus, path, &new_line);
-                else
-                        r = show_machine_info(argv[0], bus, path, &new_line);
-        }
-
-        return r;
-}
-
-typedef struct ImageStatusInfo {
-        char *name;
-        char *path;
-        char *type;
-        int read_only;
-        usec_t crtime;
-        usec_t mtime;
-        uint64_t usage;
-        uint64_t limit;
-        uint64_t usage_exclusive;
-        uint64_t limit_exclusive;
-} ImageStatusInfo;
-
-static void image_status_info_clear(ImageStatusInfo *info) {
-        if (info) {
-                free(info->name);
-                free(info->path);
-                free(info->type);
-                zero(*info);
-        }
-}
-
-static void print_image_status_info(sd_bus *bus, ImageStatusInfo *i) {
-        char ts_relative[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
-        char ts_absolute[FORMAT_TIMESTAMP_MAX], *s2;
-        char bs[FORMAT_BYTES_MAX], *s3;
-        char bs_exclusive[FORMAT_BYTES_MAX], *s4;
-
-        assert(bus);
-        assert(i);
-
-        if (i->name) {
-                fputs(i->name, stdout);
-                putchar('\n');
-        }
-
-        if (i->type)
-                printf("\t    Type: %s\n", i->type);
-
-        if (i->path)
-                printf("\t    Path: %s\n", i->path);
-
-        printf("\t      RO: %s%s%s\n",
-               i->read_only ? ansi_highlight_red() : "",
-               i->read_only ? "read-only" : "writable",
-               i->read_only ? ansi_normal() : "");
-
-        s1 = format_timestamp_relative(ts_relative, sizeof(ts_relative), i->crtime);
-        s2 = format_timestamp(ts_absolute, sizeof(ts_absolute), i->crtime);
-        if (s1 && s2)
-                printf("\t Created: %s; %s\n", s2, s1);
-        else if (s2)
-                printf("\t Created: %s\n", s2);
-
-        s1 = format_timestamp_relative(ts_relative, sizeof(ts_relative), i->mtime);
-        s2 = format_timestamp(ts_absolute, sizeof(ts_absolute), i->mtime);
-        if (s1 && s2)
-                printf("\tModified: %s; %s\n", s2, s1);
-        else if (s2)
-                printf("\tModified: %s\n", s2);
-
-        s3 = format_bytes(bs, sizeof(bs), i->usage);
-        s4 = i->usage_exclusive != i->usage ? format_bytes(bs_exclusive, sizeof(bs_exclusive), i->usage_exclusive) : NULL;
-        if (s3 && s4)
-                printf("\t   Usage: %s (exclusive: %s)\n", s3, s4);
-        else if (s3)
-                printf("\t   Usage: %s\n", s3);
-
-        s3 = format_bytes(bs, sizeof(bs), i->limit);
-        s4 = i->limit_exclusive != i->limit ? format_bytes(bs_exclusive, sizeof(bs_exclusive), i->limit_exclusive) : NULL;
-        if (s3 && s4)
-                printf("\t   Limit: %s (exclusive: %s)\n", s3, s4);
-        else if (s3)
-                printf("\t   Limit: %s\n", s3);
-}
-
-static int show_image_info(sd_bus *bus, const char *path, bool *new_line) {
-
-        static const struct bus_properties_map map[]  = {
-                { "Name",                  "s",  NULL, offsetof(ImageStatusInfo, name)            },
-                { "Path",                  "s",  NULL, offsetof(ImageStatusInfo, path)            },
-                { "Type",                  "s",  NULL, offsetof(ImageStatusInfo, type)            },
-                { "ReadOnly",              "b",  NULL, offsetof(ImageStatusInfo, read_only)       },
-                { "CreationTimestamp",     "t",  NULL, offsetof(ImageStatusInfo, crtime)          },
-                { "ModificationTimestamp", "t",  NULL, offsetof(ImageStatusInfo, mtime)           },
-                { "Usage",                 "t",  NULL, offsetof(ImageStatusInfo, usage)           },
-                { "Limit",                 "t",  NULL, offsetof(ImageStatusInfo, limit)           },
-                { "UsageExclusive",        "t",  NULL, offsetof(ImageStatusInfo, usage_exclusive) },
-                { "LimitExclusive",        "t",  NULL, offsetof(ImageStatusInfo, limit_exclusive) },
-                {}
-        };
-
-        _cleanup_(image_status_info_clear) ImageStatusInfo info = {};
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(new_line);
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.machine1",
-                                   path,
-                                   map,
-                                   &info);
-        if (r < 0)
-                return log_error_errno(r, "Could not get properties: %m");
-
-        if (*new_line)
-                printf("\n");
-        *new_line = true;
-
-        print_image_status_info(bus, &info);
-
-        return r;
-}
-
-typedef struct PoolStatusInfo {
-        char *path;
-        uint64_t usage;
-        uint64_t limit;
-} PoolStatusInfo;
-
-static void pool_status_info_clear(PoolStatusInfo *info) {
-        if (info) {
-                free(info->path);
-                zero(*info);
-                info->usage = -1;
-                info->limit = -1;
-        }
-}
-
-static void print_pool_status_info(sd_bus *bus, PoolStatusInfo *i) {
-        char bs[FORMAT_BYTES_MAX], *s;
-
-        if (i->path)
-                printf("\t    Path: %s\n", i->path);
-
-        s = format_bytes(bs, sizeof(bs), i->usage);
-        if (s)
-                printf("\t   Usage: %s\n", s);
-
-        s = format_bytes(bs, sizeof(bs), i->limit);
-        if (s)
-                printf("\t   Limit: %s\n", s);
-}
-
-static int show_pool_info(sd_bus *bus) {
-
-        static const struct bus_properties_map map[]  = {
-                { "PoolPath",  "s",  NULL, offsetof(PoolStatusInfo, path)  },
-                { "PoolUsage", "t",  NULL, offsetof(PoolStatusInfo, usage) },
-                { "PoolLimit", "t",  NULL, offsetof(PoolStatusInfo, limit) },
-                {}
-        };
-
-        _cleanup_(pool_status_info_clear) PoolStatusInfo info = {
-                .usage = (uint64_t) -1,
-                .limit = (uint64_t) -1,
-        };
-        int r;
-
-        assert(bus);
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.machine1",
-                                   "/org/freedesktop/machine1",
-                                   map,
-                                   &info);
-        if (r < 0)
-                return log_error_errno(r, "Could not get properties: %m");
-
-        print_pool_status_info(bus, &info);
-
-        return 0;
-}
-
-
-static int show_image_properties(sd_bus *bus, const char *path, bool *new_line) {
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(new_line);
-
-        if (*new_line)
-                printf("\n");
-
-        *new_line = true;
-
-        r = bus_print_all_properties(bus, "org.freedesktop.machine1", path, arg_property, arg_value, arg_all);
-        if (r < 0)
-                log_error_errno(r, "Could not get properties: %m");
-
-        return r;
-}
-
-static int show_image(int argc, char *argv[], void *userdata) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        bool properties, new_line = false;
-        sd_bus *bus = userdata;
-        int r = 0, i;
-
-        assert(bus);
-
-        properties = !strstr(argv[0], "status");
-
-        pager_open(arg_no_pager, false);
-
-        if (argc <= 1) {
-
-                /* If no argument is specified, inspect the manager
-                 * itself */
-
-                if (properties)
-                        r = show_image_properties(bus, "/org/freedesktop/machine1", &new_line);
-                else
-                        r = show_pool_info(bus);
-                if (r < 0)
-                        return r;
-        }
-
-        for (i = 1; i < argc; i++) {
-                const char *path = NULL;
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "GetImage",
-                                &error,
-                                &reply,
-                                "s", argv[i]);
-                if (r < 0) {
-                        log_error("Could not get path to image: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-
-                r = sd_bus_message_read(reply, "o", &path);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (properties)
-                        r = show_image_properties(bus, path, &new_line);
-                else
-                        r = show_image_info(bus, path, &new_line);
-        }
-
-        return r;
-}
-
-static int kill_machine(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        if (!arg_kill_who)
-                arg_kill_who = "all";
-
-        for (i = 1; i < argc; i++) {
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "KillMachine",
-                                &error,
-                                NULL,
-                                "ssi", argv[i], arg_kill_who, arg_signal);
-                if (r < 0) {
-                        log_error("Could not kill machine: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int reboot_machine(int argc, char *argv[], void *userdata) {
-        arg_kill_who = "leader";
-        arg_signal = SIGINT; /* sysvinit + systemd */
-
-        return kill_machine(argc, argv, userdata);
-}
-
-static int poweroff_machine(int argc, char *argv[], void *userdata) {
-        arg_kill_who = "leader";
-        arg_signal = SIGRTMIN+4; /* only systemd */
-
-        return kill_machine(argc, argv, userdata);
-}
-
-static int terminate_machine(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        for (i = 1; i < argc; i++) {
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "TerminateMachine",
-                                &error,
-                                NULL,
-                                "s", argv[i]);
-                if (r < 0) {
-                        log_error("Could not terminate machine: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int copy_files(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *abs_host_path = NULL;
-        char *dest, *host_path, *container_path;
-        sd_bus *bus = userdata;
-        bool copy_from;
-        int r;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        copy_from = streq(argv[0], "copy-from");
-        dest = argv[3] ?: argv[2];
-        host_path = copy_from ? dest : argv[2];
-        container_path = copy_from ? argv[2] : dest;
-
-        if (!path_is_absolute(host_path)) {
-                r = path_make_absolute_cwd(host_path, &abs_host_path);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to make path absolute: %m");
-
-                host_path = abs_host_path;
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        copy_from ? "CopyFromMachine" : "CopyToMachine");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(
-                        m,
-                        "sss",
-                        argv[1],
-                        copy_from ? container_path : host_path,
-                        copy_from ? host_path : container_path);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* This is a slow operation, hence turn off any method call timeouts */
-        r = sd_bus_call(bus, m, USEC_INFINITY, &error, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to copy: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int bind_mount(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "BindMountMachine",
-                        &error,
-                        NULL,
-                        "sssbb",
-                        argv[1],
-                        argv[2],
-                        argv[3],
-                        arg_read_only,
-                        arg_mkdir);
-        if (r < 0) {
-                log_error("Failed to bind mount: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int on_machine_removed(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
-        PTYForward ** forward = (PTYForward**) userdata;
-        int r;
-
-        assert(m);
-        assert(forward);
-
-        if (*forward) {
-                /* If the forwarder is already initialized, tell it to
-                 * exit on the next vhangup(), so that we still flush
-                 * out what might be queued and exit then. */
-
-                r = pty_forward_set_ignore_vhangup(*forward, false);
-                if (r >= 0)
-                        return 0;
-
-                log_error_errno(r, "Failed to set ignore_vhangup flag: %m");
-        }
-
-        /* On error, or when the forwarder is not initialized yet, quit immediately */
-        sd_event_exit(sd_bus_get_event(sd_bus_message_get_bus(m)), EXIT_FAILURE);
-        return 0;
-}
-
-static int process_forward(sd_event *event, PTYForward **forward, int master, PTYForwardFlags flags, const char *name) {
-        char last_char = 0;
-        bool machine_died;
-        int ret = 0, r;
-
-        assert(event);
-        assert(master >= 0);
-        assert(name);
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGWINCH, SIGTERM, SIGINT, -1) >= 0);
-
-        if (streq(name, ".host"))
-                log_info("Connected to the local host. Press ^] three times within 1s to exit session.");
-        else
-                log_info("Connected to machine %s. Press ^] three times within 1s to exit session.", name);
-
-        sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
-        sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
-
-        r = pty_forward_new(event, master, flags, forward);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create PTY forwarder: %m");
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        pty_forward_get_last_char(*forward, &last_char);
-
-        machine_died =
-                (flags & PTY_FORWARD_IGNORE_VHANGUP) &&
-                pty_forward_get_ignore_vhangup(*forward) == 0;
-
-        *forward = pty_forward_free(*forward);
-
-        if (last_char != '\n')
-                fputc('\n', stdout);
-
-        if (machine_died)
-                log_info("Machine %s terminated.", name);
-        else if (streq(name, ".host"))
-                log_info("Connection to the local host terminated.");
-        else
-                log_info("Connection to machine %s terminated.", name);
-
-        sd_event_get_exit_code(event, &ret);
-        return ret;
-}
-
-static int login_machine(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
-        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        int master = -1, r;
-        sd_bus *bus = userdata;
-        const char *pty, *match, *machine;
-
-        assert(bus);
-
-        if (!strv_isempty(arg_setenv) || arg_uid) {
-                log_error("--setenv= and --uid= are not supported for 'login'. Use 'shell' instead.");
-                return -EINVAL;
-        }
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL &&
-            arg_transport != BUS_TRANSPORT_MACHINE) {
-                log_error("Login only supported on local machines.");
-                return -EOPNOTSUPP;
-        }
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get event loop: %m");
-
-        r = sd_bus_attach_event(bus, event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        machine = argc < 2 || isempty(argv[1]) ? ".host" : argv[1];
-
-        match = strjoina("type='signal',"
-                         "sender='org.freedesktop.machine1',"
-                         "path='/org/freedesktop/machine1',",
-                         "interface='org.freedesktop.machine1.Manager',"
-                         "member='MachineRemoved',"
-                         "arg0='", machine, "'");
-
-        r = sd_bus_add_match(bus, &slot, match, on_machine_removed, &forward);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add machine removal match: %m");
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "OpenMachineLogin",
-                        &error,
-                        &reply,
-                        "s", machine);
-        if (r < 0) {
-                log_error("Failed to get login PTY: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "hs", &master, &pty);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return process_forward(event, &forward, master, PTY_FORWARD_IGNORE_VHANGUP, machine);
-}
-
-static int shell_machine(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
-        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot = NULL;
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        int master = -1, r;
-        sd_bus *bus = userdata;
-        const char *pty, *match, *machine, *path, *uid = NULL;
-
-        assert(bus);
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL &&
-            arg_transport != BUS_TRANSPORT_MACHINE) {
-                log_error("Shell only supported on local machines.");
-                return -EOPNOTSUPP;
-        }
-
-        /* Pass $TERM to shell session, if not explicitly specified. */
-        if (!strv_find_prefix(arg_setenv, "TERM=")) {
-                const char *t;
-
-                t = strv_find_prefix(environ, "TERM=");
-                if (t) {
-                        if (strv_extend(&arg_setenv, t) < 0)
-                                return log_oom();
-                }
-        }
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get event loop: %m");
-
-        r = sd_bus_attach_event(bus, event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        machine = argc < 2 || isempty(argv[1]) ? NULL : argv[1];
-
-        if (arg_uid)
-                uid = arg_uid;
-        else if (machine) {
-                const char *at;
-
-                at = strchr(machine, '@');
-                if (at) {
-                        uid = strndupa(machine, at - machine);
-                        machine = at + 1;
-                }
-        }
-
-        if (isempty(machine))
-                machine = ".host";
-
-        match = strjoina("type='signal',"
-                         "sender='org.freedesktop.machine1',"
-                         "path='/org/freedesktop/machine1',",
-                         "interface='org.freedesktop.machine1.Manager',"
-                         "member='MachineRemoved',"
-                         "arg0='", machine, "'");
-
-        r = sd_bus_add_match(bus, &slot, match, on_machine_removed, &forward);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add machine removal match: %m");
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "OpenMachineShell");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        path = argc < 3 || isempty(argv[2]) ? NULL : argv[2];
-
-        r = sd_bus_message_append(m, "sss", machine, uid, path);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_strv(m, strv_length(argv) <= 3 ? NULL : argv + 2);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_strv(m, arg_setenv);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0) {
-                log_error("Failed to get shell PTY: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "hs", &master, &pty);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return process_forward(event, &forward, master, 0, machine);
-}
-
-static int remove_image(int argc, char *argv[], void *userdata) {
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        for (i = 1; i < argc; i++) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &m,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "RemoveImage");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append(m, "s", argv[i]);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                /* This is a slow operation, hence turn off any method call timeouts */
-                r = sd_bus_call(bus, m, USEC_INFINITY, &error, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Could not remove image: %s", bus_error_message(&error, r));
-        }
-
-        return 0;
-}
-
-static int rename_image(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "RenameImage",
-                        &error,
-                        NULL,
-                        "ss", argv[1], argv[2]);
-        if (r < 0) {
-                log_error("Could not rename image: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int clone_image(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "CloneImage");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(m, "ssb", argv[1], argv[2], arg_read_only);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* This is a slow operation, hence turn off any method call timeouts */
-        r = sd_bus_call(bus, m, USEC_INFINITY, &error, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Could not clone image: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int read_only_image(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int b = true, r;
-
-        if (argc > 2) {
-                b = parse_boolean(argv[2]);
-                if (b < 0) {
-                        log_error("Failed to parse boolean argument: %s", argv[2]);
-                        return -EINVAL;
-                }
-        }
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "MarkImageReadOnly",
-                        &error,
-                        NULL,
-                        "sb", argv[1], b);
-        if (r < 0) {
-                log_error("Could not mark image read-only: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int make_service_name(const char *name, char **ret) {
-        _cleanup_free_ char *e = NULL;
-        int r;
-
-        assert(name);
-        assert(ret);
-
-        if (!machine_name_is_valid(name)) {
-                log_error("Invalid machine name %s.", name);
-                return -EINVAL;
-        }
-
-        e = unit_name_escape(name);
-        if (!e)
-                return log_oom();
-
-        r = unit_name_build("systemd-nspawn", e, ".service", ret);
-        if (r < 0)
-                return log_error_errno(r, "Failed to build unit name: %m");
-
-        return 0;
-}
-
-static int start_machine(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        r = bus_wait_for_jobs_new(bus, &w);
-        if (r < 0)
-                return log_oom();
-
-        for (i = 1; i < argc; i++) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                _cleanup_free_ char *unit = NULL;
-                const char *object;
-
-                r = make_service_name(argv[i], &unit);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "StartUnit",
-                                &error,
-                                &reply,
-                                "ss", unit, "fail");
-                if (r < 0) {
-                        log_error("Failed to start unit: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-
-                r = sd_bus_message_read(reply, "o", &object);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = bus_wait_for_jobs_add(w, object);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        r = bus_wait_for_jobs(w, arg_quiet, NULL);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int enable_machine(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        UnitFileChange *changes = NULL;
-        unsigned n_changes = 0;
-        int carries_install_info = 0;
-        const char *method = NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        method = streq(argv[0], "enable") ? "EnableUnitFiles" : "DisableUnitFiles";
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        method);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_open_container(m, 'a', "s");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        for (i = 1; i < argc; i++) {
-                _cleanup_free_ char *unit = NULL;
-
-                r = make_service_name(argv[i], &unit);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(m, "s", unit);
-                if (r < 0)
-                        return bus_log_create_error(r);
-        }
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        if (streq(argv[0], "enable"))
-                r = sd_bus_message_append(m, "bb", false, false);
-        else
-                r = sd_bus_message_append(m, "b", false);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0) {
-                log_error("Failed to enable or disable unit: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        if (streq(argv[0], "enable")) {
-                r = sd_bus_message_read(reply, "b", carries_install_info);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-        }
-
-        r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
-        if (r < 0)
-                goto finish;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "Reload",
-                        &error,
-                        NULL,
-                        NULL);
-        if (r < 0) {
-                log_error("Failed to reload daemon: %s", bus_error_message(&error, -r));
-                goto finish;
-        }
-
-        r = 0;
-
-finish:
-        unit_file_changes_free(changes, n_changes);
-
-        return r;
-}
-
-static int match_log_message(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        const char **our_path = userdata, *line;
-        unsigned priority;
-        int r;
-
-        assert(m);
-        assert(our_path);
-
-        r = sd_bus_message_read(m, "us", &priority, &line);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        if (!streq_ptr(*our_path, sd_bus_message_get_path(m)))
-                return 0;
-
-        if (arg_quiet && LOG_PRI(priority) >= LOG_INFO)
-                return 0;
-
-        log_full(priority, "%s", line);
-        return 0;
-}
-
-static int match_transfer_removed(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        const char **our_path = userdata, *path, *result;
-        uint32_t id;
-        int r;
-
-        assert(m);
-        assert(our_path);
-
-        r = sd_bus_message_read(m, "uos", &id, &path, &result);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        if (!streq_ptr(*our_path, path))
-                return 0;
-
-        sd_event_exit(sd_bus_get_event(sd_bus_message_get_bus(m)), !streq_ptr(result, "done"));
-        return 0;
-}
-
-static int transfer_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        assert(s);
-        assert(si);
-
-        if (!arg_quiet)
-                log_info("Continuing download in the background. Use \"machinectl cancel-transfer %" PRIu32 "\" to abort transfer.", PTR_TO_UINT32(userdata));
-
-        sd_event_exit(sd_event_source_get_event(s), EINTR);
-        return 0;
-}
-
-static int transfer_image_common(sd_bus *bus, sd_bus_message *m) {
-        _cleanup_(sd_bus_slot_unrefp) sd_bus_slot *slot_job_removed = NULL, *slot_log_message = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_event_unrefp) sd_event* event = NULL;
-        const char *path = NULL;
-        uint32_t id;
-        int r;
-
-        assert(bus);
-        assert(m);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_event_default(&event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get event loop: %m");
-
-        r = sd_bus_attach_event(bus, event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        r = sd_bus_add_match(
-                        bus,
-                        &slot_job_removed,
-                        "type='signal',"
-                        "sender='org.freedesktop.import1',"
-                        "interface='org.freedesktop.import1.Manager',"
-                        "member='TransferRemoved',"
-                        "path='/org/freedesktop/import1'",
-                        match_transfer_removed, &path);
-        if (r < 0)
-                return log_error_errno(r, "Failed to install match: %m");
-
-        r = sd_bus_add_match(
-                        bus,
-                        &slot_log_message,
-                        "type='signal',"
-                        "sender='org.freedesktop.import1',"
-                        "interface='org.freedesktop.import1.Transfer',"
-                        "member='LogMessage'",
-                        match_log_message, &path);
-        if (r < 0)
-                return log_error_errno(r, "Failed to install match: %m");
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0) {
-                log_error("Failed to transfer image: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "uo", &id, &path);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-
-        if (!arg_quiet)
-                log_info("Enqueued transfer job %u. Press C-c to continue download in background.", id);
-
-        sd_event_add_signal(event, NULL, SIGINT, transfer_signal_handler, UINT32_TO_PTR(id));
-        sd_event_add_signal(event, NULL, SIGTERM, transfer_signal_handler, UINT32_TO_PTR(id));
-
-        r = sd_event_loop(event);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run event loop: %m");
-
-        return -r;
-}
-
-static int import_tar(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *ll = NULL;
-        _cleanup_close_ int fd = -1;
-        const char *local = NULL, *path = NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        if (argc >= 2)
-                path = argv[1];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        if (argc >= 3)
-                local = argv[2];
-        else if (path)
-                local = basename(path);
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (!local) {
-                log_error("Need either path or local name.");
-                return -EINVAL;
-        }
-
-        r = tar_strip_suffixes(local, &ll);
-        if (r < 0)
-                return log_oom();
-
-        local = ll;
-
-        if (!machine_name_is_valid(local)) {
-                log_error("Local name %s is not a suitable machine name.", local);
-                return -EINVAL;
-        }
-
-        if (path) {
-                fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                if (fd < 0)
-                        return log_error_errno(errno, "Failed to open %s: %m", path);
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.import1",
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "ImportTar");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(
-                        m,
-                        "hsbb",
-                        fd >= 0 ? fd : STDIN_FILENO,
-                        local,
-                        arg_force,
-                        arg_read_only);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        return transfer_image_common(bus, m);
-}
-
-static int import_raw(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *ll = NULL;
-        _cleanup_close_ int fd = -1;
-        const char *local = NULL, *path = NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        if (argc >= 2)
-                path = argv[1];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        if (argc >= 3)
-                local = argv[2];
-        else if (path)
-                local = basename(path);
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (!local) {
-                log_error("Need either path or local name.");
-                return -EINVAL;
-        }
-
-        r = raw_strip_suffixes(local, &ll);
-        if (r < 0)
-                return log_oom();
-
-        local = ll;
-
-        if (!machine_name_is_valid(local)) {
-                log_error("Local name %s is not a suitable machine name.", local);
-                return -EINVAL;
-        }
-
-        if (path) {
-                fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                if (fd < 0)
-                        return log_error_errno(errno, "Failed to open %s: %m", path);
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.import1",
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "ImportRaw");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(
-                        m,
-                        "hsbb",
-                        fd >= 0 ? fd : STDIN_FILENO,
-                        local,
-                        arg_force,
-                        arg_read_only);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        return transfer_image_common(bus, m);
-}
-
-static void determine_compression_from_filename(const char *p) {
-        if (arg_format)
-                return;
-
-        if (!p)
-                return;
-
-        if (endswith(p, ".xz"))
-                arg_format = "xz";
-        else if (endswith(p, ".gz"))
-                arg_format = "gzip";
-        else if (endswith(p, ".bz2"))
-                arg_format = "bzip2";
-}
-
-static int export_tar(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_close_ int fd = -1;
-        const char *local = NULL, *path = NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        local = argv[1];
-        if (!machine_name_is_valid(local)) {
-                log_error("Machine name %s is not valid.", local);
-                return -EINVAL;
-        }
-
-        if (argc >= 3)
-                path = argv[2];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        if (path) {
-                determine_compression_from_filename(path);
-
-                fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
-                if (fd < 0)
-                        return log_error_errno(errno, "Failed to open %s: %m", path);
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.import1",
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "ExportTar");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(
-                        m,
-                        "shs",
-                        local,
-                        fd >= 0 ? fd : STDOUT_FILENO,
-                        arg_format);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        return transfer_image_common(bus, m);
-}
-
-static int export_raw(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_close_ int fd = -1;
-        const char *local = NULL, *path = NULL;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        local = argv[1];
-        if (!machine_name_is_valid(local)) {
-                log_error("Machine name %s is not valid.", local);
-                return -EINVAL;
-        }
-
-        if (argc >= 3)
-                path = argv[2];
-        if (isempty(path) || streq(path, "-"))
-                path = NULL;
-
-        if (path) {
-                determine_compression_from_filename(path);
-
-                fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC|O_NOCTTY, 0666);
-                if (fd < 0)
-                        return log_error_errno(errno, "Failed to open %s: %m", path);
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.import1",
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "ExportRaw");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(
-                        m,
-                        "shs",
-                        local,
-                        fd >= 0 ? fd : STDOUT_FILENO,
-                        arg_format);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        return transfer_image_common(bus, m);
-}
-
-static int pull_tar(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *l = NULL, *ll = NULL;
-        const char *local, *remote;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        remote = argv[1];
-        if (!http_url_is_valid(remote)) {
-                log_error("URL '%s' is not valid.", remote);
-                return -EINVAL;
-        }
-
-        if (argc >= 3)
-                local = argv[2];
-        else {
-                r = import_url_last_component(remote, &l);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get final component of URL: %m");
-
-                local = l;
-        }
-
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (local) {
-                r = tar_strip_suffixes(local, &ll);
-                if (r < 0)
-                        return log_oom();
-
-                local = ll;
-
-                if (!machine_name_is_valid(local)) {
-                        log_error("Local name %s is not a suitable machine name.", local);
-                        return -EINVAL;
-                }
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.import1",
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "PullTar");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(
-                        m,
-                        "sssb",
-                        remote,
-                        local,
-                        import_verify_to_string(arg_verify),
-                        arg_force);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        return transfer_image_common(bus, m);
-}
-
-static int pull_raw(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_free_ char *l = NULL, *ll = NULL;
-        const char *local, *remote;
-        sd_bus *bus = userdata;
-        int r;
-
-        assert(bus);
-
-        remote = argv[1];
-        if (!http_url_is_valid(remote)) {
-                log_error("URL '%s' is not valid.", remote);
-                return -EINVAL;
-        }
-
-        if (argc >= 3)
-                local = argv[2];
-        else {
-                r = import_url_last_component(remote, &l);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get final component of URL: %m");
-
-                local = l;
-        }
-
-        if (isempty(local) || streq(local, "-"))
-                local = NULL;
-
-        if (local) {
-                r = raw_strip_suffixes(local, &ll);
-                if (r < 0)
-                        return log_oom();
-
-                local = ll;
-
-                if (!machine_name_is_valid(local)) {
-                        log_error("Local name %s is not a suitable machine name.", local);
-                        return -EINVAL;
-                }
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.import1",
-                        "/org/freedesktop/import1",
-                        "org.freedesktop.import1.Manager",
-                        "PullRaw");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(
-                        m,
-                        "sssb",
-                        remote,
-                        local,
-                        import_verify_to_string(arg_verify),
-                        arg_force);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        return transfer_image_common(bus, m);
-}
-
-typedef struct TransferInfo {
-        uint32_t id;
-        const char *type;
-        const char *remote;
-        const char *local;
-        double progress;
-} TransferInfo;
-
-static int compare_transfer_info(const void *a, const void *b) {
-        const TransferInfo *x = a, *y = b;
-
-        return strcmp(x->local, y->local);
-}
-
-static int list_transfers(int argc, char *argv[], void *userdata) {
-        size_t max_type = strlen("TYPE"), max_local = strlen("LOCAL"), max_remote = strlen("REMOTE");
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_free_ TransferInfo *transfers = NULL;
-        size_t n_transfers = 0, n_allocated = 0, j;
-        const char *type, *remote, *local, *object;
-        sd_bus *bus = userdata;
-        uint32_t id, max_id = 0;
-        double progress;
-        int r;
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.import1",
-                               "/org/freedesktop/import1",
-                               "org.freedesktop.import1.Manager",
-                               "ListTransfers",
-                               &error,
-                               &reply,
-                               NULL);
-        if (r < 0) {
-                log_error("Could not get transfers: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_enter_container(reply, 'a', "(usssdo)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(usssdo)", &id, &type, &remote, &local, &progress, &object)) > 0) {
-                size_t l;
-
-                if (!GREEDY_REALLOC(transfers, n_allocated, n_transfers + 1))
-                        return log_oom();
-
-                transfers[n_transfers].id = id;
-                transfers[n_transfers].type = type;
-                transfers[n_transfers].remote = remote;
-                transfers[n_transfers].local = local;
-                transfers[n_transfers].progress = progress;
-
-                l = strlen(type);
-                if (l > max_type)
-                        max_type = l;
-
-                l = strlen(remote);
-                if (l > max_remote)
-                        max_remote = l;
-
-                l = strlen(local);
-                if (l > max_local)
-                        max_local = l;
-
-                if (id > max_id)
-                        max_id = id;
-
-                n_transfers++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        qsort_safe(transfers, n_transfers, sizeof(TransferInfo), compare_transfer_info);
-
-        if (arg_legend)
-                printf("%-*s %-*s %-*s %-*s %-*s\n",
-                       (int) MAX(2U, DECIMAL_STR_WIDTH(max_id)), "ID",
-                       (int) 7, "PERCENT",
-                       (int) max_type, "TYPE",
-                       (int) max_local, "LOCAL",
-                       (int) max_remote, "REMOTE");
-
-        for (j = 0; j < n_transfers; j++)
-                printf("%*" PRIu32 " %*u%% %-*s %-*s %-*s\n",
-                       (int) MAX(2U, DECIMAL_STR_WIDTH(max_id)), transfers[j].id,
-                       (int) 6, (unsigned) (transfers[j].progress * 100),
-                       (int) max_type, transfers[j].type,
-                       (int) max_local, transfers[j].local,
-                       (int) max_remote, transfers[j].remote);
-
-        if (arg_legend)
-                printf("\n%zu transfers listed.\n", n_transfers);
-
-        return 0;
-}
-
-static int cancel_transfer(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        int r, i;
-
-        assert(bus);
-
-        polkit_agent_open_if_enabled();
-
-        for (i = 1; i < argc; i++) {
-                uint32_t id;
-
-                r = safe_atou32(argv[i], &id);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse transfer id: %s", argv[i]);
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.import1",
-                                "/org/freedesktop/import1",
-                                "org.freedesktop.import1.Manager",
-                                "CancelTransfer",
-                                &error,
-                                NULL,
-                                "u", id);
-                if (r < 0) {
-                        log_error("Could not cancel transfer: %s", bus_error_message(&error, -r));
-                        return r;
-                }
-        }
-
-        return 0;
-}
-
-static int set_limit(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus = userdata;
-        uint64_t limit;
-        int r;
-
-        if (STR_IN_SET(argv[argc-1], "-", "none", "infinity"))
-                limit = (uint64_t) -1;
-        else {
-                r = parse_size(argv[argc-1], 1024, &limit);
-                if (r < 0)
-                        return log_error("Failed to parse size: %s", argv[argc-1]);
-        }
-
-        if (argc > 2)
-                /* With two arguments changes the quota limit of the
-                 * specified image */
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "SetImageLimit",
-                                &error,
-                                NULL,
-                                "st", argv[1], limit);
-        else
-                /* With one argument changes the pool quota limit */
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "SetPoolLimit",
-                                &error,
-                                NULL,
-                                "t", limit);
-
-        if (r < 0) {
-                log_error("Could not set limit: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        return 0;
-}
-
-static int clean_images(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        uint64_t usage, total = 0;
-        char fb[FORMAT_BYTES_MAX];
-        sd_bus *bus = userdata;
-        const char *name;
-        unsigned c = 0;
-        int r;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "CleanPool",
-                        &error,
-                        &reply,
-                        "s", arg_all ? "all" : "hidden");
-        if (r < 0)
-                return log_error_errno(r, "Could not clean pool: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, 'a', "(st)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(st)", &name, &usage)) > 0) {
-                log_info("Removed image '%s'. Freed exclusive disk space: %s",
-                         name, format_bytes(fb, sizeof(fb), usage));
-
-                total += usage;
-                c++;
-        }
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        log_info("Removed %u images in total. Total freed exclusive disk space %s.",
-                 c, format_bytes(fb, sizeof(fb), total));
-
-        return 0;
-}
-
-static int help(int argc, char *argv[], void *userdata) {
-
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Send control commands to or query the virtual machine and container\n"
-               "registration manager.\n\n"
-               "  -h --help                   Show this help\n"
-               "     --version                Show package version\n"
-               "     --no-pager               Do not pipe output into a pager\n"
-               "     --no-legend              Do not show the headers and footers\n"
-               "     --no-ask-password        Do not ask for system passwords\n"
-               "  -H --host=[USER@]HOST       Operate on remote host\n"
-               "  -M --machine=CONTAINER      Operate on local container\n"
-               "  -p --property=NAME          Show only properties by this name\n"
-               "  -q --quiet                  Suppress output\n"
-               "  -a --all                    Show all properties, including empty ones\n"
-               "     --value                  When showing properties, only print the value\n"
-               "  -l --full                   Do not ellipsize output\n"
-               "     --kill-who=WHO           Who to send signal to\n"
-               "  -s --signal=SIGNAL          Which signal to send\n"
-               "     --uid=USER               Specify user ID to invoke shell as\n"
-               "  -E --setenv=VAR=VALUE       Add an environment variable for shell\n"
-               "     --read-only              Create read-only bind mount\n"
-               "     --mkdir                  Create directory before bind mounting, if missing\n"
-               "  -n --lines=INTEGER          Number of journal entries to show\n"
-               "  -o --output=STRING          Change journal output mode (short,\n"
-               "                              short-monotonic, verbose, export, json,\n"
-               "                              json-pretty, json-sse, cat)\n"
-               "      --verify=MODE           Verification mode for downloaded images (no,\n"
-               "                              checksum, signature)\n"
-               "      --force                 Download image even if already exists\n\n"
-               "Machine Commands:\n"
-               "  list                        List running VMs and containers\n"
-               "  status NAME...              Show VM/container details\n"
-               "  show [NAME...]              Show properties of one or more VMs/containers\n"
-               "  start NAME...               Start container as a service\n"
-               "  login [NAME]                Get a login prompt in a container or on the\n"
-               "                              local host\n"
-               "  shell [[USER@]NAME [COMMAND...]]\n"
-               "                              Invoke a shell (or other command) in a container\n"
-               "                              or on the local host\n"
-               "  enable NAME...              Enable automatic container start at boot\n"
-               "  disable NAME...             Disable automatic container start at boot\n"
-               "  poweroff NAME...            Power off one or more containers\n"
-               "  reboot NAME...              Reboot one or more containers\n"
-               "  terminate NAME...           Terminate one or more VMs/containers\n"
-               "  kill NAME...                Send signal to processes of a VM/container\n"
-               "  copy-to NAME PATH [PATH]    Copy files from the host to a container\n"
-               "  copy-from NAME PATH [PATH]  Copy files from a container to the host\n"
-               "  bind NAME PATH [PATH]       Bind mount a path from the host into a container\n\n"
-               "Image Commands:\n"
-               "  list-images                 Show available container and VM images\n"
-               "  image-status [NAME...]      Show image details\n"
-               "  show-image [NAME...]        Show properties of image\n"
-               "  clone NAME NAME             Clone an image\n"
-               "  rename NAME NAME            Rename an image\n"
-               "  read-only NAME [BOOL]       Mark or unmark image read-only\n"
-               "  remove NAME...              Remove an image\n"
-               "  set-limit [NAME] BYTES      Set image or pool size limit (disk quota)\n"
-               "  clean                       Remove hidden (or all) images\n\n"
-               "Image Transfer Commands:\n"
-               "  pull-tar URL [NAME]         Download a TAR container image\n"
-               "  pull-raw URL [NAME]         Download a RAW container or VM image\n"
-               "  import-tar FILE [NAME]      Import a local TAR container image\n"
-               "  import-raw FILE [NAME]      Import a local RAW container or VM image\n"
-               "  export-tar NAME [FILE]      Export a TAR container image locally\n"
-               "  export-raw NAME [FILE]      Export a RAW container or VM image locally\n"
-               "  list-transfers              Show list of downloads in progress\n"
-               "  cancel-transfer             Cancel a download\n"
-               , program_invocation_short_name);
-
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_PAGER,
-                ARG_NO_LEGEND,
-                ARG_VALUE,
-                ARG_KILL_WHO,
-                ARG_READ_ONLY,
-                ARG_MKDIR,
-                ARG_NO_ASK_PASSWORD,
-                ARG_VERIFY,
-                ARG_FORCE,
-                ARG_FORMAT,
-                ARG_UID,
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'                 },
-                { "version",         no_argument,       NULL, ARG_VERSION         },
-                { "property",        required_argument, NULL, 'p'                 },
-                { "all",             no_argument,       NULL, 'a'                 },
-                { "value",           no_argument,       NULL, ARG_VALUE           },
-                { "full",            no_argument,       NULL, 'l'                 },
-                { "no-pager",        no_argument,       NULL, ARG_NO_PAGER        },
-                { "no-legend",       no_argument,       NULL, ARG_NO_LEGEND       },
-                { "kill-who",        required_argument, NULL, ARG_KILL_WHO        },
-                { "signal",          required_argument, NULL, 's'                 },
-                { "host",            required_argument, NULL, 'H'                 },
-                { "machine",         required_argument, NULL, 'M'                 },
-                { "read-only",       no_argument,       NULL, ARG_READ_ONLY       },
-                { "mkdir",           no_argument,       NULL, ARG_MKDIR           },
-                { "quiet",           no_argument,       NULL, 'q'                 },
-                { "lines",           required_argument, NULL, 'n'                 },
-                { "output",          required_argument, NULL, 'o'                 },
-                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
-                { "verify",          required_argument, NULL, ARG_VERIFY          },
-                { "force",           no_argument,       NULL, ARG_FORCE           },
-                { "format",          required_argument, NULL, ARG_FORMAT          },
-                { "uid",             required_argument, NULL, ARG_UID             },
-                { "setenv",          required_argument, NULL, 'E'                 },
-                {}
-        };
-
-        bool reorder = false;
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        for (;;) {
-                const char * const option_string = "+hp:als:H:M:qn:o:";
-
-                c = getopt_long(argc, argv, option_string + reorder, options, NULL);
-                if (c < 0) {
-                        /* We generally are fine with the fact that getopt_long() reorders the command line, and looks
-                         * for switches after the main verb. However, for "shell" we really don't want that, since we
-                         * want that switches passed after that are passed to the program to execute, and not processed
-                         * by us. To make this possible, we'll first invoke getopt_long() with reordering disabled
-                         * (i.e. with the "+" prefix in the option string), and as soon as we hit the end (i.e. the
-                         * verb) we check if that's "shell". If it is, we exit the loop, since we don't want any
-                         * further options processed. However, if it is anything else, we process the same argument
-                         * again, but this time allow reordering. */
-
-                        if (!reorder && optind < argc && !streq(argv[optind], "shell")) {
-                                reorder = true;
-                                optind--;
-                                continue;
-                        }
-
-                        break;
-                }
-
-                switch (c) {
-
-                case 'h':
-                        return help(0, NULL, NULL);
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'p':
-                        r = strv_extend(&arg_property, optarg);
-                        if (r < 0)
-                                return log_oom();
-
-                        /* If the user asked for a particular
-                         * property, show it to him, even if it is
-                         * empty. */
-                        arg_all = true;
-                        break;
-
-                case 'a':
-                        arg_all = true;
-                        break;
-
-                case ARG_VALUE:
-                        arg_value = true;
-                        break;
-
-                case 'l':
-                        arg_full = true;
-                        break;
-
-                case 'n':
-                        if (safe_atou(optarg, &arg_lines) < 0) {
-                                log_error("Failed to parse lines '%s'", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case 'o':
-                        arg_output = output_mode_from_string(optarg);
-                        if (arg_output < 0) {
-                                log_error("Unknown output '%s'.", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_NO_LEGEND:
-                        arg_legend = false;
-                        break;
-
-                case ARG_KILL_WHO:
-                        arg_kill_who = optarg;
-                        break;
-
-                case 's':
-                        arg_signal = signal_from_string_try_harder(optarg);
-                        if (arg_signal < 0) {
-                                log_error("Failed to parse signal string %s.", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_NO_ASK_PASSWORD:
-                        arg_ask_password = false;
-                        break;
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case ARG_READ_ONLY:
-                        arg_read_only = true;
-                        break;
-
-                case ARG_MKDIR:
-                        arg_mkdir = true;
-                        break;
-
-                case 'q':
-                        arg_quiet = true;
-                        break;
-
-                case ARG_VERIFY:
-                        arg_verify = import_verify_from_string(optarg);
-                        if (arg_verify < 0) {
-                                log_error("Failed to parse --verify= setting: %s", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_FORCE:
-                        arg_force = true;
-                        break;
-
-                case ARG_FORMAT:
-                        if (!STR_IN_SET(optarg, "uncompressed", "xz", "gzip", "bzip2")) {
-                                log_error("Unknown format: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        arg_format = optarg;
-                        break;
-
-                case ARG_UID:
-                        arg_uid = optarg;
-                        break;
-
-                case 'E':
-                        if (!env_assignment_is_valid(optarg)) {
-                                log_error("Environment assignment invalid: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        r = strv_extend(&arg_setenv, optarg);
-                        if (r < 0)
-                                return log_oom();
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-        }
-
-        return 1;
-}
-
-static int machinectl_main(int argc, char *argv[], sd_bus *bus) {
-
-        static const Verb verbs[] = {
-                { "help",            VERB_ANY, VERB_ANY, 0,            help              },
-                { "list",            VERB_ANY, 1,        VERB_DEFAULT, list_machines     },
-                { "list-images",     VERB_ANY, 1,        0,            list_images       },
-                { "status",          2,        VERB_ANY, 0,            show_machine      },
-                { "image-status",    VERB_ANY, VERB_ANY, 0,            show_image        },
-                { "show",            VERB_ANY, VERB_ANY, 0,            show_machine      },
-                { "show-image",      VERB_ANY, VERB_ANY, 0,            show_image        },
-                { "terminate",       2,        VERB_ANY, 0,            terminate_machine },
-                { "reboot",          2,        VERB_ANY, 0,            reboot_machine    },
-                { "poweroff",        2,        VERB_ANY, 0,            poweroff_machine  },
-                { "kill",            2,        VERB_ANY, 0,            kill_machine      },
-                { "login",           VERB_ANY, 2,        0,            login_machine     },
-                { "shell",           VERB_ANY, VERB_ANY, 0,            shell_machine     },
-                { "bind",            3,        4,        0,            bind_mount        },
-                { "copy-to",         3,        4,        0,            copy_files        },
-                { "copy-from",       3,        4,        0,            copy_files        },
-                { "remove",          2,        VERB_ANY, 0,            remove_image      },
-                { "rename",          3,        3,        0,            rename_image      },
-                { "clone",           3,        3,        0,            clone_image       },
-                { "read-only",       2,        3,        0,            read_only_image   },
-                { "start",           2,        VERB_ANY, 0,            start_machine     },
-                { "enable",          2,        VERB_ANY, 0,            enable_machine    },
-                { "disable",         2,        VERB_ANY, 0,            enable_machine    },
-                { "import-tar",      2,        3,        0,            import_tar        },
-                { "import-raw",      2,        3,        0,            import_raw        },
-                { "export-tar",      2,        3,        0,            export_tar        },
-                { "export-raw",      2,        3,        0,            export_raw        },
-                { "pull-tar",        2,        3,        0,            pull_tar          },
-                { "pull-raw",        2,        3,        0,            pull_raw          },
-                { "list-transfers",  VERB_ANY, 1,        0,            list_transfers    },
-                { "cancel-transfer", 2,        VERB_ANY, 0,            cancel_transfer   },
-                { "set-limit",       2,        3,        0,            set_limit         },
-                { "clean",           VERB_ANY, 1,        0,            clean_images      },
-                {}
-        };
-
-        return dispatch_verb(argc, argv, verbs, bus);
-}
-
-int main(int argc, char*argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create bus connection: %m");
-                goto finish;
-        }
-
-        sd_bus_set_allow_interactive_authorization(bus, arg_ask_password);
-
-        r = machinectl_main(argc, argv, bus);
-
-finish:
-        pager_close();
-        polkit_agent_close();
-
-        strv_free(arg_property);
-        strv_free(arg_setenv);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
deleted file mode 100644
index 31efa3695b..0000000000
--- a/src/machine/machined-dbus.c
+++ /dev/null
@@ -1,1660 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "bus-common-errors.h"
-#include "bus-util.h"
-#include "cgroup-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "hostname-util.h"
-#include "image-dbus.h"
-#include "io-util.h"
-#include "machine-dbus.h"
-#include "machine-image.h"
-#include "machine-pool.h"
-#include "machined.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "stdio-util.h"
-#include "strv.h"
-#include "unit-name.h"
-#include "user-util.h"
-
-static int property_get_pool_path(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        assert(bus);
-        assert(reply);
-
-        return sd_bus_message_append(reply, "s", "/var/lib/machines");
-}
-
-static int property_get_pool_usage(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        _cleanup_close_ int fd = -1;
-        uint64_t usage = (uint64_t) -1;
-        struct stat st;
-
-        assert(bus);
-        assert(reply);
-
-        /* We try to read the quota info from /var/lib/machines, as
-         * well as the usage of the loopback file
-         * /var/lib/machines.raw, and pick the larger value. */
-
-        fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY);
-        if (fd >= 0) {
-                BtrfsQuotaInfo q;
-
-                if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0)
-                        usage = q.referenced;
-        }
-
-        if (stat("/var/lib/machines.raw", &st) >= 0) {
-                if (usage == (uint64_t) -1 || st.st_blocks * 512ULL > usage)
-                        usage = st.st_blocks * 512ULL;
-        }
-
-        return sd_bus_message_append(reply, "t", usage);
-}
-
-static int property_get_pool_limit(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        _cleanup_close_ int fd = -1;
-        uint64_t size = (uint64_t) -1;
-        struct stat st;
-
-        assert(bus);
-        assert(reply);
-
-        /* We try to read the quota limit from /var/lib/machines, as
-         * well as the size of the loopback file
-         * /var/lib/machines.raw, and pick the smaller value. */
-
-        fd = open("/var/lib/machines", O_RDONLY|O_CLOEXEC|O_DIRECTORY);
-        if (fd >= 0) {
-                BtrfsQuotaInfo q;
-
-                if (btrfs_subvol_get_subtree_quota_fd(fd, 0, &q) >= 0)
-                        size = q.referenced_max;
-        }
-
-        if (stat("/var/lib/machines.raw", &st) >= 0) {
-                if (size == (uint64_t) -1 || (uint64_t) st.st_size < size)
-                        size = st.st_size;
-        }
-
-        return sd_bus_message_append(reply, "t", size);
-}
-
-static int method_get_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        p = machine_bus_path(machine);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_get_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Manager *m = userdata;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        r = image_find(name, NULL);
-        if (r == 0)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
-        if (r < 0)
-                return r;
-
-        p = image_bus_path(name);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_get_machine_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *p = NULL;
-        Manager *m = userdata;
-        Machine *machine = NULL;
-        pid_t pid;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        assert_cc(sizeof(pid_t) == sizeof(uint32_t));
-
-        r = sd_bus_message_read(message, "u", &pid);
-        if (r < 0)
-                return r;
-
-        if (pid < 0)
-                return -EINVAL;
-
-        if (pid == 0) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_creds_get_pid(creds, &pid);
-                if (r < 0)
-                        return r;
-        }
-
-        r = manager_get_machine_by_pid(m, pid, &machine);
-        if (r < 0)
-                return r;
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_MACHINE_FOR_PID, "PID "PID_FMT" does not belong to any known machine", pid);
-
-        p = machine_bus_path(machine);
-        if (!p)
-                return -ENOMEM;
-
-        return sd_bus_reply_method_return(message, "o", p);
-}
-
-static int method_list_machines(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        Manager *m = userdata;
-        Machine *machine;
-        Iterator i;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        r = sd_bus_message_open_container(reply, 'a', "(ssso)");
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        HASHMAP_FOREACH(machine, m->machines, i) {
-                _cleanup_free_ char *p = NULL;
-
-                p = machine_bus_path(machine);
-                if (!p)
-                        return -ENOMEM;
-
-                r = sd_bus_message_append(reply, "(ssso)",
-                                          machine->name,
-                                          strempty(machine_class_to_string(machine->class)),
-                                          machine->service,
-                                          p);
-                if (r < 0)
-                        return sd_bus_error_set_errno(error, r);
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_create_or_register_machine(Manager *manager, sd_bus_message *message, bool read_network, Machine **_m, sd_bus_error *error) {
-        const char *name, *service, *class, *root_directory;
-        const int32_t *netif = NULL;
-        MachineClass c;
-        uint32_t leader;
-        sd_id128_t id;
-        const void *v;
-        Machine *m;
-        size_t n, n_netif = 0;
-        int r;
-
-        assert(manager);
-        assert(message);
-        assert(_m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-        if (!machine_name_is_valid(name))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name");
-
-        r = sd_bus_message_read_array(message, 'y', &v, &n);
-        if (r < 0)
-                return r;
-        if (n == 0)
-                id = SD_ID128_NULL;
-        else if (n == 16)
-                memcpy(&id, v, n);
-        else
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter");
-
-        r = sd_bus_message_read(message, "ssus", &service, &class, &leader, &root_directory);
-        if (r < 0)
-                return r;
-
-        if (read_network) {
-                size_t i;
-
-                r = sd_bus_message_read_array(message, 'i', (const void**) &netif, &n_netif);
-                if (r < 0)
-                        return r;
-
-                n_netif /= sizeof(int32_t);
-
-                for (i = 0; i < n_netif; i++) {
-                        if (netif[i] <= 0)
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid network interface index %i", netif[i]);
-                }
-        }
-
-        if (isempty(class))
-                c = _MACHINE_CLASS_INVALID;
-        else {
-                c = machine_class_from_string(class);
-                if (c < 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter");
-        }
-
-        if (leader == 1)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
-
-        if (!isempty(root_directory) && !path_is_absolute(root_directory))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path");
-
-        if (leader == 0) {
-                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-
-                r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
-                if (r < 0)
-                        return r;
-
-                assert_cc(sizeof(uint32_t) == sizeof(pid_t));
-
-                r = sd_bus_creds_get_pid(creds, (pid_t*) &leader);
-                if (r < 0)
-                        return r;
-        }
-
-        if (hashmap_get(manager->machines, name))
-                return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name);
-
-        r = manager_add_machine(manager, name, &m);
-        if (r < 0)
-                return r;
-
-        m->leader = leader;
-        m->class = c;
-        m->id = id;
-
-        if (!isempty(service)) {
-                m->service = strdup(service);
-                if (!m->service) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (!isempty(root_directory)) {
-                m->root_directory = strdup(root_directory);
-                if (!m->root_directory) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-        }
-
-        if (n_netif > 0) {
-                assert_cc(sizeof(int32_t) == sizeof(int));
-                m->netif = memdup(netif, sizeof(int32_t) * n_netif);
-                if (!m->netif) {
-                        r = -ENOMEM;
-                        goto fail;
-                }
-
-                m->n_netif = n_netif;
-        }
-
-        *_m = m;
-
-        return 1;
-
-fail:
-        machine_add_to_gc_queue(m);
-        return r;
-}
-
-static int method_create_machine_internal(sd_bus_message *message, bool read_network, void *userdata, sd_bus_error *error) {
-        Manager *manager = userdata;
-        Machine *m = NULL;
-        int r;
-
-        assert(message);
-        assert(manager);
-
-        r = method_create_or_register_machine(manager, message, read_network, &m, error);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_enter_container(message, 'a', "(sv)");
-        if (r < 0)
-                goto fail;
-
-        r = machine_start(m, message, error);
-        if (r < 0)
-                goto fail;
-
-        m->create_message = sd_bus_message_ref(message);
-        return 1;
-
-fail:
-        machine_add_to_gc_queue(m);
-        return r;
-}
-
-static int method_create_machine_with_network(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return method_create_machine_internal(message, true, userdata, error);
-}
-
-static int method_create_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return method_create_machine_internal(message, false, userdata, error);
-}
-
-static int method_register_machine_internal(sd_bus_message *message, bool read_network, void *userdata, sd_bus_error *error) {
-        Manager *manager = userdata;
-        _cleanup_free_ char *p = NULL;
-        Machine *m = NULL;
-        int r;
-
-        assert(message);
-        assert(manager);
-
-        r = method_create_or_register_machine(manager, message, read_network, &m, error);
-        if (r < 0)
-                return r;
-
-        r = cg_pid_get_unit(m->leader, &m->unit);
-        if (r < 0) {
-                r = sd_bus_error_set_errnof(error, r, "Failed to determine unit of process "PID_FMT" : %s", m->leader, strerror(-r));
-                goto fail;
-        }
-
-        r = machine_start(m, NULL, error);
-        if (r < 0)
-                goto fail;
-
-        p = machine_bus_path(m);
-        if (!p) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        return sd_bus_reply_method_return(message, "o", p);
-
-fail:
-        machine_add_to_gc_queue(m);
-        return r;
-}
-
-static int method_register_machine_with_network(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return method_register_machine_internal(message, true, userdata, error);
-}
-
-static int method_register_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        return method_register_machine_internal(message, false, userdata, error);
-}
-
-static int method_terminate_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_terminate(message, machine, error);
-}
-
-static int method_kill_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_kill(message, machine, error);
-}
-
-static int method_get_machine_addresses(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_get_addresses(message, machine, error);
-}
-
-static int method_get_machine_os_release(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_get_os_release(message, machine, error);
-}
-
-static int method_list_images(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(image_hashmap_freep) Hashmap *images = NULL;
-        Manager *m = userdata;
-        Image *image;
-        Iterator i;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        images = hashmap_new(&string_hash_ops);
-        if (!images)
-                return -ENOMEM;
-
-        r = image_discover(images);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(ssbttto)");
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH(image, images, i) {
-                _cleanup_free_ char *p = NULL;
-
-                p = image_bus_path(image->name);
-                if (!p)
-                        return -ENOMEM;
-
-                r = sd_bus_message_append(reply, "(ssbttto)",
-                                          image->name,
-                                          image_type_to_string(image->type),
-                                          image->read_only,
-                                          image->crtime,
-                                          image->mtime,
-                                          image->usage,
-                                          p);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_open_machine_pty(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_open_pty(message, machine, error);
-}
-
-static int method_open_machine_login(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_open_login(message, machine, error);
-}
-
-static int method_open_machine_shell(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_open_shell(message, machine, error);
-}
-
-static int method_bind_mount_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_bind_mount(message, machine, error);
-}
-
-static int method_copy_machine(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_copy(message, machine, error);
-}
-
-static int method_open_machine_root_directory(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        const char *name;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        return bus_machine_method_open_root_directory(message, machine, error);
-}
-
-static int method_remove_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(image_unrefp) Image* i = NULL;
-        const char *name;
-        int r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        if (!image_name_is_valid(name))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name);
-
-        r = image_find(name, &i);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
-
-        i->userdata = userdata;
-        return bus_image_method_remove(message, i, error);
-}
-
-static int method_rename_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(image_unrefp) Image* i = NULL;
-        const char *old_name;
-        int r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "s", &old_name);
-        if (r < 0)
-                return r;
-
-        if (!image_name_is_valid(old_name))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", old_name);
-
-        r = image_find(old_name, &i);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", old_name);
-
-        i->userdata = userdata;
-        return bus_image_method_rename(message, i, error);
-}
-
-static int method_clone_image(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(image_unrefp) Image *i = NULL;
-        const char *old_name;
-        int r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "s", &old_name);
-        if (r < 0)
-                return r;
-
-        if (!image_name_is_valid(old_name))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", old_name);
-
-        r = image_find(old_name, &i);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", old_name);
-
-        i->userdata = userdata;
-        return bus_image_method_clone(message, i, error);
-}
-
-static int method_mark_image_read_only(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(image_unrefp) Image *i = NULL;
-        const char *name;
-        int r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        if (!image_name_is_valid(name))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name);
-
-        r = image_find(name, &i);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
-
-        i->userdata = userdata;
-        return bus_image_method_mark_read_only(message, i, error);
-}
-
-static int method_clean_pool(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        enum {
-                REMOVE_ALL,
-                REMOVE_HIDDEN,
-        } mode;
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(image_hashmap_freep) Hashmap *images = NULL;
-        Manager *m = userdata;
-        Image *image;
-        const char *mm;
-        Iterator i;
-        int r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "s", &mm);
-        if (r < 0)
-                return r;
-
-        if (streq(mm, "all"))
-                mode = REMOVE_ALL;
-        else if (streq(mm, "hidden"))
-                mode = REMOVE_HIDDEN;
-        else
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown mode '%s'.", mm);
-
-        r = bus_verify_polkit_async(
-                        message,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.machine1.manage-machines",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        images = hashmap_new(&string_hash_ops);
-        if (!images)
-                return -ENOMEM;
-
-        r = image_discover(images);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_new_method_return(message, &reply);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(reply, 'a', "(st)");
-        if (r < 0)
-                return r;
-
-        HASHMAP_FOREACH(image, images, i) {
-
-                /* We can't remove vendor images (i.e. those in /usr) */
-                if (IMAGE_IS_VENDOR(image))
-                        continue;
-
-                if (IMAGE_IS_HOST(image))
-                        continue;
-
-                if (mode == REMOVE_HIDDEN && !IMAGE_IS_HIDDEN(image))
-                        continue;
-
-                r = image_remove(image);
-                if (r == -EBUSY) /* keep images that are currently being used. */
-                        continue;
-                if (r < 0)
-                        return sd_bus_error_set_errnof(error, r, "Failed to remove image %s: %m", image->name);
-
-                r = sd_bus_message_append(reply, "(st)", image->name, image->usage_exclusive);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(reply);
-        if (r < 0)
-                return r;
-
-        return sd_bus_send(NULL, reply, NULL);
-}
-
-static int method_set_pool_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        uint64_t limit;
-        int r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "t", &limit);
-        if (r < 0)
-                return r;
-        if (!FILE_SIZE_VALID_OR_INFINITY(limit))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
-
-        r = bus_verify_polkit_async(
-                        message,
-                        CAP_SYS_ADMIN,
-                        "org.freedesktop.machine1.manage-machines",
-                        NULL,
-                        false,
-                        UID_INVALID,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
-        /* Set up the machine directory if necessary */
-        r = setup_machine_directory(limit, error);
-        if (r < 0)
-                return r;
-
-        /* Resize the backing loopback device, if there is one, except if we asked to drop any limit */
-        if (limit != (uint64_t) -1) {
-                r = btrfs_resize_loopback("/var/lib/machines", limit, false);
-                if (r == -ENOTTY)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs.");
-                if (r < 0 && r != -ENODEV) /* ignore ENODEV, as that's what is returned if the file system is not on loopback */
-                        return sd_bus_error_set_errnof(error, r, "Failed to adjust loopback limit: %m");
-        }
-
-        (void) btrfs_qgroup_set_limit("/var/lib/machines", 0, limit);
-
-        r = btrfs_subvol_set_subtree_quota_limit("/var/lib/machines", 0, limit);
-        if (r == -ENOTTY)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs.");
-        if (r < 0)
-                return sd_bus_error_set_errnof(error, r, "Failed to adjust quota limit: %m");
-
-        return sd_bus_reply_method_return(message, NULL);
-}
-
-static int method_set_image_limit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_(image_unrefp) Image *i = NULL;
-        const char *name;
-        int r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "s", &name);
-        if (r < 0)
-                return r;
-
-        if (!image_name_is_valid(name))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", name);
-
-        r = image_find(name, &i);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_IMAGE, "No image '%s' known", name);
-
-        i->userdata = userdata;
-        return bus_image_method_set_limit(message, i, error);
-}
-
-static int method_map_from_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_fclose_ FILE *f = NULL;
-        Manager *m = userdata;
-        const char *name, *p;
-        Machine *machine;
-        uint32_t uid;
-        int r;
-
-        r = sd_bus_message_read(message, "su", &name, &uid);
-        if (r < 0)
-                return r;
-
-        if (!uid_is_valid(uid))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        if (machine->class != MACHINE_CONTAINER)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
-
-        p = procfs_file_alloca(machine->leader, "uid_map");
-        f = fopen(p, "re");
-        if (!f)
-                return -errno;
-
-        for (;;) {
-                uid_t uid_base, uid_shift, uid_range, converted;
-                int k;
-
-                errno = 0;
-                k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT, &uid_base, &uid_shift, &uid_range);
-                if (k < 0 && feof(f))
-                        break;
-                if (k != 3) {
-                        if (ferror(f) && errno > 0)
-                                return -errno;
-
-                        return -EIO;
-                }
-
-                if (uid < uid_base || uid >= uid_base + uid_range)
-                        continue;
-
-                converted = uid - uid_base + uid_shift;
-                if (!uid_is_valid(converted))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
-
-                return sd_bus_reply_method_return(message, "u", (uint32_t) converted);
-        }
-
-        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "Machine '%s' has no matching user mappings.", name);
-}
-
-static int method_map_to_machine_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        uid_t uid;
-        Iterator i;
-        int r;
-
-        r = sd_bus_message_read(message, "u", &uid);
-        if (r < 0)
-                return r;
-        if (!uid_is_valid(uid))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
-        if (uid < 0x10000)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "User " UID_FMT " belongs to host UID range", uid);
-
-        HASHMAP_FOREACH(machine, m->machines, i) {
-                _cleanup_fclose_ FILE *f = NULL;
-                char p[strlen("/proc//uid_map") + DECIMAL_STR_MAX(pid_t) + 1];
-
-                if (machine->class != MACHINE_CONTAINER)
-                        continue;
-
-                xsprintf(p, "/proc/" UID_FMT "/uid_map", machine->leader);
-                f = fopen(p, "re");
-                if (!f) {
-                        log_warning_errno(errno, "Failed top open %s, ignoring,", p);
-                        continue;
-                }
-
-                for (;;) {
-                        _cleanup_free_ char *o = NULL;
-                        uid_t uid_base, uid_shift, uid_range, converted;
-                        int k;
-
-                        errno = 0;
-                        k = fscanf(f, UID_FMT " " UID_FMT " " UID_FMT, &uid_base, &uid_shift, &uid_range);
-                        if (k < 0 && feof(f))
-                                break;
-                        if (k != 3) {
-                                if (ferror(f) && errno > 0)
-                                        return -errno;
-
-                                return -EIO;
-                        }
-
-                        if (uid < uid_shift || uid >= uid_shift + uid_range)
-                                continue;
-
-                        converted = (uid - uid_shift + uid_base);
-                        if (!uid_is_valid(converted))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid user ID " UID_FMT, uid);
-
-                        o = machine_bus_path(machine);
-                        if (!o)
-                                return -ENOMEM;
-
-                        return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted);
-                }
-        }
-
-        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER_MAPPING, "No matching user mapping for " UID_FMT ".", uid);
-}
-
-static int method_map_from_machine_group(sd_bus_message *message, void *groupdata, sd_bus_error *error) {
-        _cleanup_fclose_ FILE *f = NULL;
-        Manager *m = groupdata;
-        const char *name, *p;
-        Machine *machine;
-        uint32_t gid;
-        int r;
-
-        r = sd_bus_message_read(message, "su", &name, &gid);
-        if (r < 0)
-                return r;
-
-        if (!gid_is_valid(gid))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
-
-        if (machine->class != MACHINE_CONTAINER)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
-
-        p = procfs_file_alloca(machine->leader, "gid_map");
-        f = fopen(p, "re");
-        if (!f)
-                return -errno;
-
-        for (;;) {
-                gid_t gid_base, gid_shift, gid_range, converted;
-                int k;
-
-                errno = 0;
-                k = fscanf(f, GID_FMT " " GID_FMT " " GID_FMT, &gid_base, &gid_shift, &gid_range);
-                if (k < 0 && feof(f))
-                        break;
-                if (k != 3) {
-                        if (ferror(f) && errno > 0)
-                                return -errno;
-
-                        return -EIO;
-                }
-
-                if (gid < gid_base || gid >= gid_base + gid_range)
-                        continue;
-
-                converted = gid - gid_base + gid_shift;
-                if (!gid_is_valid(converted))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
-
-                return sd_bus_reply_method_return(message, "u", (uint32_t) converted);
-        }
-
-        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "Machine '%s' has no matching group mappings.", name);
-}
-
-static int method_map_to_machine_group(sd_bus_message *message, void *groupdata, sd_bus_error *error) {
-        Manager *m = groupdata;
-        Machine *machine;
-        gid_t gid;
-        Iterator i;
-        int r;
-
-        r = sd_bus_message_read(message, "u", &gid);
-        if (r < 0)
-                return r;
-        if (!gid_is_valid(gid))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
-        if (gid < 0x10000)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "Group " GID_FMT " belongs to host GID range", gid);
-
-        HASHMAP_FOREACH(machine, m->machines, i) {
-                _cleanup_fclose_ FILE *f = NULL;
-                char p[strlen("/proc//gid_map") + DECIMAL_STR_MAX(pid_t) + 1];
-
-                if (machine->class != MACHINE_CONTAINER)
-                        continue;
-
-                xsprintf(p, "/proc/" GID_FMT "/gid_map", machine->leader);
-                f = fopen(p, "re");
-                if (!f) {
-                        log_warning_errno(errno, "Failed top open %s, ignoring,", p);
-                        continue;
-                }
-
-                for (;;) {
-                        _cleanup_free_ char *o = NULL;
-                        gid_t gid_base, gid_shift, gid_range, converted;
-                        int k;
-
-                        errno = 0;
-                        k = fscanf(f, GID_FMT " " GID_FMT " " GID_FMT, &gid_base, &gid_shift, &gid_range);
-                        if (k < 0 && feof(f))
-                                break;
-                        if (k != 3) {
-                                if (ferror(f) && errno > 0)
-                                        return -errno;
-
-                                return -EIO;
-                        }
-
-                        if (gid < gid_shift || gid >= gid_shift + gid_range)
-                                continue;
-
-                        converted = (gid - gid_shift + gid_base);
-                        if (!gid_is_valid(converted))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid group ID " GID_FMT, gid);
-
-                        o = machine_bus_path(machine);
-                        if (!o)
-                                return -ENOMEM;
-
-                        return sd_bus_reply_method_return(message, "sou", machine->name, o, (uint32_t) converted);
-                }
-        }
-
-        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_GROUP_MAPPING, "No matching group mapping for " GID_FMT ".", gid);
-}
-
-const sd_bus_vtable manager_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_PROPERTY("PoolPath", "s", property_get_pool_path, 0, 0),
-        SD_BUS_PROPERTY("PoolUsage", "t", property_get_pool_usage, 0, 0),
-        SD_BUS_PROPERTY("PoolLimit", "t", property_get_pool_limit, 0, 0),
-        SD_BUS_METHOD("GetMachine", "s", "o", method_get_machine, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetImage", "s", "o", method_get_image, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetMachineByPID", "u", "o", method_get_machine_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ListMachines", NULL, "a(ssso)", method_list_machines, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("ListImages", NULL, "a(ssbttto)", method_list_images, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CreateMachine", "sayssusa(sv)", "o", method_create_machine, 0),
-        SD_BUS_METHOD("CreateMachineWithNetwork", "sayssusaia(sv)", "o", method_create_machine_with_network, 0),
-        SD_BUS_METHOD("RegisterMachine", "sayssus", "o", method_register_machine, 0),
-        SD_BUS_METHOD("RegisterMachineWithNetwork", "sayssusai", "o", method_register_machine_with_network, 0),
-        SD_BUS_METHOD("TerminateMachine", "s", NULL, method_terminate_machine, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("KillMachine", "ssi", NULL, method_kill_machine, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetMachineAddresses", "s", "a(iay)", method_get_machine_addresses, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("GetMachineOSRelease", "s", "a{ss}", method_get_machine_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("OpenMachinePTY", "s", "hs", method_open_machine_pty, 0),
-        SD_BUS_METHOD("OpenMachineLogin", "s", "hs", method_open_machine_login, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("OpenMachineShell", "sssasas", "hs", method_open_machine_shell, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("BindMountMachine", "sssbb", NULL, method_bind_mount_machine, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CopyFromMachine", "sss", NULL, method_copy_machine, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CopyToMachine", "sss", NULL, method_copy_machine, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("OpenMachineRootDirectory", "s", "h", method_open_machine_root_directory, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("RemoveImage", "s", NULL, method_remove_image, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("RenameImage", "ss", NULL, method_rename_image, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CloneImage", "ssb", NULL, method_clone_image, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("MarkImageReadOnly", "sb", NULL, method_mark_image_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetPoolLimit", "t", NULL, method_set_pool_limit, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetImageLimit", "st", NULL, method_set_image_limit, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("CleanPool", "s", "a(st)", method_clean_pool, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("MapFromMachineUser", "su", "u", method_map_from_machine_user, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("MapToMachineUser", "u", "sou", method_map_to_machine_user, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("MapFromMachineGroup", "su", "u", method_map_from_machine_group, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("MapToMachineGroup", "u", "sou", method_map_to_machine_group, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_SIGNAL("MachineNew", "so", 0),
-        SD_BUS_SIGNAL("MachineRemoved", "so", 0),
-        SD_BUS_VTABLE_END
-};
-
-int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *path, *result, *unit;
-        Manager *m = userdata;
-        Machine *machine;
-        uint32_t id;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "uoss", &id, &path, &unit, &result);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        machine = hashmap_get(m->machine_units, unit);
-        if (!machine)
-                return 0;
-
-        if (streq_ptr(path, machine->scope_job)) {
-                machine->scope_job = mfree(machine->scope_job);
-
-                if (machine->started) {
-                        if (streq(result, "done"))
-                                machine_send_create_reply(machine, NULL);
-                        else {
-                                _cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
-
-                                sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED, "Start job for unit %s failed with '%s'", unit, result);
-
-                                machine_send_create_reply(machine, &e);
-                        }
-                }
-
-                machine_save(machine);
-        }
-
-        machine_add_to_gc_queue(machine);
-        return 0;
-}
-
-int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_free_ char *unit = NULL;
-        const char *path;
-        Manager *m = userdata;
-        Machine *machine;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        path = sd_bus_message_get_path(message);
-        if (!path)
-                return 0;
-
-        r = unit_name_from_dbus_path(path, &unit);
-        if (r == -EINVAL) /* not for a unit */
-                return 0;
-        if (r < 0) {
-                log_oom();
-                return 0;
-        }
-
-        machine = hashmap_get(m->machine_units, unit);
-        if (!machine)
-                return 0;
-
-        machine_add_to_gc_queue(machine);
-        return 0;
-}
-
-int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        const char *path, *unit;
-        Manager *m = userdata;
-        Machine *machine;
-        int r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "so", &unit, &path);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-
-        machine = hashmap_get(m->machine_units, unit);
-        if (!machine)
-                return 0;
-
-        machine_add_to_gc_queue(machine);
-        return 0;
-}
-
-int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        Manager *m = userdata;
-        Machine *machine;
-        Iterator i;
-        int b, r;
-
-        assert(message);
-        assert(m);
-
-        r = sd_bus_message_read(message, "b", &b);
-        if (r < 0) {
-                bus_log_parse_error(r);
-                return 0;
-        }
-        if (b)
-                return 0;
-
-        /* systemd finished reloading, let's recheck all our machines */
-        log_debug("System manager has been reloaded, rechecking machines...");
-
-        HASHMAP_FOREACH(machine, m->machines, i)
-                machine_add_to_gc_queue(machine);
-
-        return 0;
-}
-
-int manager_start_scope(
-                Manager *manager,
-                const char *scope,
-                pid_t pid,
-                const char *slice,
-                const char *description,
-                sd_bus_message *more_properties,
-                sd_bus_error *error,
-                char **job) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(scope);
-        assert(pid > 1);
-
-        r = sd_bus_message_new_method_call(
-                        manager->bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartTransientUnit");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "ss", strempty(scope), "fail");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(m, 'a', "(sv)");
-        if (r < 0)
-                return r;
-
-        if (!isempty(slice)) {
-                r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!isempty(description)) {
-                r = sd_bus_message_append(m, "(sv)", "Description", "s", description);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_append(m, "(sv)", "PIDs", "au", 1, pid);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "(sv)", "Delegate", "b", 1);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", UINT64_C(16384));
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        if (more_properties) {
-                r = sd_bus_message_copy(m, more_properties, true);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "a(sa(sv))", 0);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call(manager->bus, m, 0, error, &reply);
-        if (r < 0)
-                return r;
-
-        if (job) {
-                const char *j;
-                char *copy;
-
-                r = sd_bus_message_read(reply, "o", &j);
-                if (r < 0)
-                        return r;
-
-                copy = strdup(j);
-                if (!copy)
-                        return -ENOMEM;
-
-                *job = copy;
-        }
-
-        return 1;
-}
-
-int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(unit);
-
-        r = sd_bus_call_method(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StopUnit",
-                        error,
-                        &reply,
-                        "ss", unit, "fail");
-        if (r < 0) {
-                if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
-                    sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED)) {
-
-                        if (job)
-                                *job = NULL;
-
-                        sd_bus_error_free(error);
-                        return 0;
-                }
-
-                return r;
-        }
-
-        if (job) {
-                const char *j;
-                char *copy;
-
-                r = sd_bus_message_read(reply, "o", &j);
-                if (r < 0)
-                        return r;
-
-                copy = strdup(j);
-                if (!copy)
-                        return -ENOMEM;
-
-                *job = copy;
-        }
-
-        return 1;
-}
-
-int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_error *error) {
-        assert(manager);
-        assert(unit);
-
-        return sd_bus_call_method(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "KillUnit",
-                        error,
-                        NULL,
-                        "ssi", unit, "all", signo);
-}
-
-int manager_unit_is_active(Manager *manager, const char *unit) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ char *path = NULL;
-        const char *state;
-        int r;
-
-        assert(manager);
-        assert(unit);
-
-        path = unit_dbus_path_from_name(unit);
-        if (!path)
-                return -ENOMEM;
-
-        r = sd_bus_get_property(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        "ActiveState",
-                        &error,
-                        &reply,
-                        "s");
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
-                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
-                        return true;
-
-                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
-                    sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED))
-                        return false;
-
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "s", &state);
-        if (r < 0)
-                return -EINVAL;
-
-        return !STR_IN_SET(state, "inactive", "failed");
-}
-
-int manager_job_is_active(Manager *manager, const char *path) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        int r;
-
-        assert(manager);
-        assert(path);
-
-        r = sd_bus_get_property(
-                        manager->bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Job",
-                        "State",
-                        &error,
-                        &reply,
-                        "s");
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
-                    sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
-                        return true;
-
-                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT))
-                        return false;
-
-                return r;
-        }
-
-        /* We don't actually care about the state really. The fact
-         * that we could read the job state is enough for us */
-
-        return true;
-}
-
-int manager_get_machine_by_pid(Manager *m, pid_t pid, Machine **machine) {
-        Machine *mm;
-        int r;
-
-        assert(m);
-        assert(pid >= 1);
-        assert(machine);
-
-        mm = hashmap_get(m->machine_leaders, PID_TO_PTR(pid));
-        if (!mm) {
-                _cleanup_free_ char *unit = NULL;
-
-                r = cg_pid_get_unit(pid, &unit);
-                if (r >= 0)
-                        mm = hashmap_get(m->machine_units, unit);
-        }
-        if (!mm)
-                return 0;
-
-        *machine = mm;
-        return 1;
-}
-
-int manager_add_machine(Manager *m, const char *name, Machine **_machine) {
-        Machine *machine;
-
-        assert(m);
-        assert(name);
-
-        machine = hashmap_get(m->machines, name);
-        if (!machine) {
-                machine = machine_new(m, _MACHINE_CLASS_INVALID, name);
-                if (!machine)
-                        return -ENOMEM;
-        }
-
-        if (_machine)
-                *_machine = machine;
-
-        return 0;
-}
diff --git a/src/machine/machined.c b/src/machine/machined.c
deleted file mode 100644
index f7ceb5e603..0000000000
--- a/src/machine/machined.c
+++ /dev/null
@@ -1,415 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "cgroup-util.h"
-#include "dirent-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "hostname-util.h"
-#include "label.h"
-#include "machine-image.h"
-#include "machined.h"
-#include "signal-util.h"
-
-Manager *manager_new(void) {
-        Manager *m;
-        int r;
-
-        m = new0(Manager, 1);
-        if (!m)
-                return NULL;
-
-        m->machines = hashmap_new(&string_hash_ops);
-        m->machine_units = hashmap_new(&string_hash_ops);
-        m->machine_leaders = hashmap_new(NULL);
-
-        if (!m->machines || !m->machine_units || !m->machine_leaders) {
-                manager_free(m);
-                return NULL;
-        }
-
-        r = sd_event_default(&m->event);
-        if (r < 0) {
-                manager_free(m);
-                return NULL;
-        }
-
-        sd_event_set_watchdog(m->event, true);
-
-        return m;
-}
-
-void manager_free(Manager *m) {
-        Machine *machine;
-        Image *i;
-
-        assert(m);
-
-        while (m->operations)
-                operation_free(m->operations);
-
-        assert(m->n_operations == 0);
-
-        while ((machine = hashmap_first(m->machines)))
-                machine_free(machine);
-
-        hashmap_free(m->machines);
-        hashmap_free(m->machine_units);
-        hashmap_free(m->machine_leaders);
-
-        while ((i = hashmap_steal_first(m->image_cache)))
-                image_unref(i);
-
-        hashmap_free(m->image_cache);
-
-        sd_event_source_unref(m->image_cache_defer_event);
-
-        bus_verify_polkit_async_registry_free(m->polkit_registry);
-
-        sd_bus_unref(m->bus);
-        sd_event_unref(m->event);
-
-        free(m);
-}
-
-static int manager_add_host_machine(Manager *m) {
-        _cleanup_free_ char *rd = NULL, *unit = NULL;
-        sd_id128_t mid;
-        Machine *t;
-        int r;
-
-        if (m->host_machine)
-                return 0;
-
-        r = sd_id128_get_machine(&mid);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get machine ID: %m");
-
-        rd = strdup("/");
-        if (!rd)
-                return log_oom();
-
-        unit = strdup("-.slice");
-        if (!unit)
-                return log_oom();
-
-        t = machine_new(m, MACHINE_HOST, ".host");
-        if (!t)
-                return log_oom();
-
-        t->leader = 1;
-        t->id = mid;
-
-        t->root_directory = rd;
-        t->unit = unit;
-        rd = unit = NULL;
-
-        dual_timestamp_from_boottime_or_monotonic(&t->timestamp, 0);
-
-        m->host_machine = t;
-
-        return 0;
-}
-
-int manager_enumerate_machines(Manager *m) {
-        _cleanup_closedir_ DIR *d = NULL;
-        struct dirent *de;
-        int r = 0;
-
-        assert(m);
-
-        r = manager_add_host_machine(m);
-        if (r < 0)
-                return r;
-
-        /* Read in machine data stored on disk */
-        d = opendir("/run/systemd/machines");
-        if (!d) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open /run/systemd/machines: %m");
-        }
-
-        FOREACH_DIRENT(de, d, return -errno) {
-                struct Machine *machine;
-                int k;
-
-                if (!dirent_is_file(de))
-                        continue;
-
-                /* Ignore symlinks that map the unit name to the machine */
-                if (startswith(de->d_name, "unit:"))
-                        continue;
-
-                if (!machine_name_is_valid(de->d_name))
-                        continue;
-
-                k = manager_add_machine(m, de->d_name, &machine);
-                if (k < 0) {
-                        r = log_error_errno(k, "Failed to add machine by file name %s: %m", de->d_name);
-                        continue;
-                }
-
-                machine_add_to_gc_queue(machine);
-
-                k = machine_load(machine);
-                if (k < 0)
-                        r = k;
-        }
-
-        return r;
-}
-
-static int manager_connect_bus(Manager *m) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(m);
-        assert(!m->bus);
-
-        r = sd_bus_default_system(&m->bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to system bus: %m");
-
-        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/machine1", "org.freedesktop.machine1.Manager", manager_vtable, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add manager object vtable: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/machine1/machine", "org.freedesktop.machine1.Machine", machine_vtable, machine_object_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add machine object vtable: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/machine1/machine", machine_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add machine enumerator: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/machine1/image", "org.freedesktop.machine1.Image", image_vtable, image_object_find, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add image object vtable: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/machine1/image", image_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add image enumerator: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.systemd1.Manager',"
-                             "member='JobRemoved',"
-                             "path='/org/freedesktop/systemd1'",
-                             match_job_removed,
-                             m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for JobRemoved: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.systemd1.Manager',"
-                             "member='UnitRemoved',"
-                             "path='/org/freedesktop/systemd1'",
-                             match_unit_removed,
-                             m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for UnitRemoved: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.DBus.Properties',"
-                             "member='PropertiesChanged',"
-                             "arg0='org.freedesktop.systemd1.Unit'",
-                             match_properties_changed,
-                             m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for PropertiesChanged: %m");
-
-        r = sd_bus_add_match(m->bus,
-                             NULL,
-                             "type='signal',"
-                             "sender='org.freedesktop.systemd1',"
-                             "interface='org.freedesktop.systemd1.Manager',"
-                             "member='Reloading',"
-                             "path='/org/freedesktop/systemd1'",
-                             match_reloading,
-                             m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for Reloading: %m");
-
-        r = sd_bus_call_method(
-                        m->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "Subscribe",
-                        &error,
-                        NULL, NULL);
-        if (r < 0) {
-                log_error("Failed to enable subscription: %s", bus_error_message(&error, r));
-                return r;
-        }
-
-        r = sd_bus_request_name(m->bus, "org.freedesktop.machine1", 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register name: %m");
-
-        r = sd_bus_attach_event(m->bus, m->event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        return 0;
-}
-
-void manager_gc(Manager *m, bool drop_not_started) {
-        Machine *machine;
-
-        assert(m);
-
-        while ((machine = m->machine_gc_queue)) {
-                LIST_REMOVE(gc_queue, m->machine_gc_queue, machine);
-                machine->in_gc_queue = false;
-
-                /* First, if we are not closing yet, initiate stopping */
-                if (!machine_check_gc(machine, drop_not_started) &&
-                    machine_get_state(machine) != MACHINE_CLOSING)
-                        machine_stop(machine);
-
-                /* Now, the stop stop probably made this referenced
-                 * again, but if it didn't, then it's time to let it
-                 * go entirely. */
-                if (!machine_check_gc(machine, drop_not_started)) {
-                        machine_finalize(machine);
-                        machine_free(machine);
-                }
-        }
-}
-
-int manager_startup(Manager *m) {
-        Machine *machine;
-        Iterator i;
-        int r;
-
-        assert(m);
-
-        /* Connect to the bus */
-        r = manager_connect_bus(m);
-        if (r < 0)
-                return r;
-
-        /* Deserialize state */
-        manager_enumerate_machines(m);
-
-        /* Remove stale objects before we start them */
-        manager_gc(m, false);
-
-        /* And start everything */
-        HASHMAP_FOREACH(machine, m->machines, i)
-                machine_start(machine, NULL, NULL);
-
-        return 0;
-}
-
-static bool check_idle(void *userdata) {
-        Manager *m = userdata;
-
-        if (m->operations)
-                return false;
-
-        manager_gc(m, true);
-
-        return hashmap_isempty(m->machines);
-}
-
-int manager_run(Manager *m) {
-        assert(m);
-
-        return bus_event_loop_with_idle(
-                        m->event,
-                        m->bus,
-                        "org.freedesktop.machine1",
-                        DEFAULT_EXIT_USEC,
-                        check_idle, m);
-}
-
-int main(int argc, char *argv[]) {
-        Manager *m = NULL;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_set_facility(LOG_AUTH);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (argc != 1) {
-                log_error("This program takes no arguments.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        /* Always create the directories people can create inotify
-         * watches in. Note that some applications might check for the
-         * existence of /run/systemd/machines/ to determine whether
-         * machined is available, so please always make sure this
-         * check stays in. */
-        mkdir_label("/run/systemd/machines", 0755);
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, -1) >= 0);
-
-        m = manager_new();
-        if (!m) {
-                r = log_oom();
-                goto finish;
-        }
-
-        r = manager_startup(m);
-        if (r < 0) {
-                log_error_errno(r, "Failed to fully start up daemon: %m");
-                goto finish;
-        }
-
-        log_debug("systemd-machined running as pid "PID_FMT, getpid());
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing requests...");
-
-        r = manager_run(m);
-
-        log_debug("systemd-machined stopped as pid "PID_FMT, getpid());
-
-finish:
-        manager_free(m);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/machine/machined.h b/src/machine/machined.h
deleted file mode 100644
index 7b9b148044..0000000000
--- a/src/machine/machined.h
+++ /dev/null
@@ -1,82 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-bus.h"
-#include "sd-event.h"
-
-#include "hashmap.h"
-#include "list.h"
-
-typedef struct Manager Manager;
-
-#include "image-dbus.h"
-#include "machine-dbus.h"
-#include "machine.h"
-#include "operation.h"
-
-struct Manager {
-        sd_event *event;
-        sd_bus *bus;
-
-        Hashmap *machines;
-        Hashmap *machine_units;
-        Hashmap *machine_leaders;
-
-        Hashmap *polkit_registry;
-
-        Hashmap *image_cache;
-        sd_event_source *image_cache_defer_event;
-
-        LIST_HEAD(Machine, machine_gc_queue);
-
-        Machine *host_machine;
-
-        LIST_HEAD(Operation, operations);
-        unsigned n_operations;
-};
-
-Manager *manager_new(void);
-void manager_free(Manager *m);
-
-int manager_add_machine(Manager *m, const char *name, Machine **_machine);
-int manager_enumerate_machines(Manager *m);
-
-int manager_startup(Manager *m);
-int manager_run(Manager *m);
-
-void manager_gc(Manager *m, bool drop_not_started);
-
-int manager_get_machine_by_pid(Manager *m, pid_t pid, Machine **machine);
-
-extern const sd_bus_vtable manager_vtable[];
-
-int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);
-
-int manager_start_scope(Manager *manager, const char *scope, pid_t pid, const char *slice, const char *description, sd_bus_message *more_properties, sd_bus_error *error, char **job);
-int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job);
-int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_error *error);
-int manager_unit_is_active(Manager *manager, const char *unit);
-int manager_job_is_active(Manager *manager, const char *path);
diff --git a/src/machine/operation.h b/src/machine/operation.h
deleted file mode 100644
index 7ca47bc3af..0000000000
--- a/src/machine/operation.h
+++ /dev/null
@@ -1,47 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2016 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sys/types.h>
-
-#include "sd-bus.h"
-#include "sd-event.h"
-
-#include "list.h"
-
-typedef struct Operation Operation;
-
-#include "machined.h"
-
-#define OPERATIONS_MAX 64
-
-struct Operation {
-        Manager *manager;
-        Machine *machine;
-        pid_t pid;
-        sd_bus_message *message;
-        int errno_fd;
-        sd_event_source *event_source;
-        LIST_FIELDS(Operation, operations);
-        LIST_FIELDS(Operation, operations_by_machine);
-};
-
-int operation_new(Manager *manager, Machine *machine, pid_t child, sd_bus_message *message, int errno_fd);
-Operation *operation_free(Operation *o);
diff --git a/src/modules-load/Makefile b/src/modules-load/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/modules-load/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/network/Makefile b/src/network/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/network/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/network/networkctl.c b/src/network/networkctl.c
deleted file mode 100644
index d2df9b7560..0000000000
--- a/src/network/networkctl.c
+++ /dev/null
@@ -1,1142 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-#include <net/if.h>
-#include <stdbool.h>
-
-#include "sd-device.h"
-#include "sd-hwdb.h"
-#include "sd-lldp.h"
-#include "sd-netlink.h"
-#include "sd-network.h"
-
-#include "alloc-util.h"
-#include "arphrd-list.h"
-#include "device-util.h"
-#include "ether-addr-util.h"
-#include "fd-util.h"
-#include "hwdb-util.h"
-#include "local-addresses.h"
-#include "locale-util.h"
-#include "netlink-util.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "socket-util.h"
-#include "sparse-endian.h"
-#include "stdio-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "strxcpyx.h"
-#include "terminal-util.h"
-#include "util.h"
-#include "verbs.h"
-
-static bool arg_no_pager = false;
-static bool arg_legend = true;
-static bool arg_all = false;
-
-static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
-        const char *t;
-        char *p;
-
-        assert(ret);
-
-        if (iftype == ARPHRD_ETHER && d) {
-                const char *devtype = NULL, *id = NULL;
-                /* WLANs have iftype ARPHRD_ETHER, but we want
-                 * to show a more useful type string for
-                 * them */
-
-                (void) sd_device_get_devtype(d, &devtype);
-
-                if (streq_ptr(devtype, "wlan"))
-                        id = "wlan";
-                else if (streq_ptr(devtype, "wwan"))
-                        id = "wwan";
-
-                if (id) {
-                        p = strdup(id);
-                        if (!p)
-                                return -ENOMEM;
-
-                        *ret = p;
-                        return 1;
-                }
-        }
-
-        t = arphrd_to_name(iftype);
-        if (!t) {
-                *ret = NULL;
-                return 0;
-        }
-
-        p = strdup(t);
-        if (!p)
-                return -ENOMEM;
-
-        ascii_strlower(p);
-        *ret = p;
-
-        return 0;
-}
-
-static void operational_state_to_color(const char *state, const char **on, const char **off) {
-        assert(on);
-        assert(off);
-
-        if (streq_ptr(state, "routable")) {
-                *on = ansi_highlight_green();
-                *off = ansi_normal();
-        } else if (streq_ptr(state, "degraded")) {
-                *on = ansi_highlight_yellow();
-                *off = ansi_normal();
-        } else
-                *on = *off = "";
-}
-
-static void setup_state_to_color(const char *state, const char **on, const char **off) {
-        assert(on);
-        assert(off);
-
-        if (streq_ptr(state, "configured")) {
-                *on = ansi_highlight_green();
-                *off = ansi_normal();
-        } else if (streq_ptr(state, "configuring")) {
-                *on = ansi_highlight_yellow();
-                *off = ansi_normal();
-        } else if (streq_ptr(state, "failed") || streq_ptr(state, "linger")) {
-                *on = ansi_highlight_red();
-                *off = ansi_normal();
-        } else
-                *on = *off = "";
-}
-
-typedef struct LinkInfo {
-        char name[IFNAMSIZ+1];
-        int ifindex;
-        unsigned short iftype;
-        struct ether_addr mac_address;
-        uint32_t mtu;
-
-        bool has_mac_address:1;
-        bool has_mtu:1;
-} LinkInfo;
-
-static int link_info_compare(const void *a, const void *b) {
-        const LinkInfo *x = a, *y = b;
-
-        return x->ifindex - y->ifindex;
-}
-
-static int decode_link(sd_netlink_message *m, LinkInfo *info) {
-        const char *name;
-        uint16_t type;
-        int r;
-
-        assert(m);
-        assert(info);
-
-        r = sd_netlink_message_get_type(m, &type);
-        if (r < 0)
-                return r;
-
-        if (type != RTM_NEWLINK)
-                return 0;
-
-        r = sd_rtnl_message_link_get_ifindex(m, &info->ifindex);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_read_string(m, IFLA_IFNAME, &name);
-        if (r < 0)
-                return r;
-
-        r = sd_rtnl_message_link_get_type(m, &info->iftype);
-        if (r < 0)
-                return r;
-
-        strscpy(info->name, sizeof info->name, name);
-
-        info->has_mac_address =
-                sd_netlink_message_read_ether_addr(m, IFLA_ADDRESS, &info->mac_address) >= 0 &&
-                memcmp(&info->mac_address, &ETHER_ADDR_NULL, sizeof(struct ether_addr)) != 0;
-
-        info->has_mtu =
-                sd_netlink_message_read_u32(m, IFLA_MTU, &info->mtu) &&
-                info->mtu > 0;
-
-        return 1;
-}
-
-static int acquire_link_info_strv(sd_netlink *rtnl, char **l, LinkInfo **ret) {
-        _cleanup_free_ LinkInfo *links = NULL;
-        char **i;
-        size_t c = 0;
-        int r;
-
-        assert(rtnl);
-        assert(ret);
-
-        links = new(LinkInfo, strv_length(l));
-        if (!links)
-                return log_oom();
-
-        STRV_FOREACH(i, l) {
-                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-                int ifindex;
-
-                if (parse_ifindex(*i, &ifindex) >= 0)
-                        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, ifindex);
-                else {
-                        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, 0);
-                        if (r < 0)
-                                return rtnl_log_create_error(r);
-
-                        r = sd_netlink_message_append_string(req, IFLA_IFNAME, *i);
-                }
-                if (r < 0)
-                        return rtnl_log_create_error(r);
-
-                r = sd_netlink_call(rtnl, req, 0, &reply);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to request link: %m");
-
-                r = decode_link(reply, links + c);
-                if (r < 0)
-                        return r;
-                if (r > 0)
-                        c++;
-        }
-
-        qsort_safe(links, c, sizeof(LinkInfo), link_info_compare);
-
-        *ret = links;
-        links = NULL;
-
-        return (int) c;
-}
-
-static int acquire_link_info_all(sd_netlink *rtnl, LinkInfo **ret) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        _cleanup_free_ LinkInfo *links = NULL;
-        size_t allocated = 0, c = 0;
-        sd_netlink_message *i;
-        int r;
-
-        assert(rtnl);
-        assert(ret);
-
-        r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, 0);
-        if (r < 0)
-                return rtnl_log_create_error(r);
-
-        r = sd_netlink_message_request_dump(req, true);
-        if (r < 0)
-                return rtnl_log_create_error(r);
-
-        r = sd_netlink_call(rtnl, req, 0, &reply);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enumerate links: %m");
-
-        for (i = reply; i; i = sd_netlink_message_next(i)) {
-                if (!GREEDY_REALLOC(links, allocated, c+1))
-                        return -ENOMEM;
-
-                r = decode_link(i, links + c);
-                if (r < 0)
-                        return r;
-                if (r > 0)
-                        c++;
-        }
-
-        qsort_safe(links, c, sizeof(LinkInfo), link_info_compare);
-
-        *ret = links;
-        links = NULL;
-
-        return (int) c;
-}
-
-static int list_links(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_free_ LinkInfo *links = NULL;
-        int c, i, r;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        if (argc > 1)
-                c = acquire_link_info_strv(rtnl, argv + 1, &links);
-        else
-                c = acquire_link_info_all(rtnl, &links);
-        if (c < 0)
-                return c;
-
-        pager_open(arg_no_pager, false);
-
-        if (arg_legend)
-                printf("%3s %-16s %-18s %-11s %-10s\n",
-                       "IDX",
-                       "LINK",
-                       "TYPE",
-                       "OPERATIONAL",
-                       "SETUP");
-
-        for (i = 0; i < c; i++) {
-                _cleanup_free_ char *setup_state = NULL, *operational_state = NULL;
-                _cleanup_(sd_device_unrefp) sd_device *d = NULL;
-                const char *on_color_operational, *off_color_operational,
-                           *on_color_setup, *off_color_setup;
-                char devid[2 + DECIMAL_STR_MAX(int)];
-                _cleanup_free_ char *t = NULL;
-
-                (void) sd_network_link_get_operational_state(links[i].ifindex, &operational_state);
-                operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
-
-                r = sd_network_link_get_setup_state(links[i].ifindex, &setup_state);
-                if (r == -ENODATA) /* If there's no info available about this iface, it's unmanaged by networkd */
-                        setup_state = strdup("unmanaged");
-                setup_state_to_color(setup_state, &on_color_setup, &off_color_setup);
-
-                xsprintf(devid, "n%i", links[i].ifindex);
-                (void) sd_device_new_from_device_id(&d, devid);
-
-                (void) link_get_type_string(links[i].iftype, d, &t);
-
-                printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
-                       links[i].ifindex, links[i].name, strna(t),
-                       on_color_operational, strna(operational_state), off_color_operational,
-                       on_color_setup, strna(setup_state), off_color_setup);
-        }
-
-        if (arg_legend)
-                printf("\n%i links listed.\n", c);
-
-        return 0;
-}
-
-/* IEEE Organizationally Unique Identifier vendor string */
-static int ieee_oui(sd_hwdb *hwdb, const struct ether_addr *mac, char **ret) {
-        const char *description;
-        char modalias[strlen("OUI:XXYYXXYYXXYY") + 1], *desc;
-        int r;
-
-        assert(ret);
-
-        if (!hwdb)
-                return -EINVAL;
-
-        if (!mac)
-                return -EINVAL;
-
-        /* skip commonly misused 00:00:00 (Xerox) prefix */
-        if (memcmp(mac, "\0\0\0", 3) == 0)
-                return -EINVAL;
-
-        xsprintf(modalias, "OUI:" ETHER_ADDR_FORMAT_STR,
-                 ETHER_ADDR_FORMAT_VAL(*mac));
-
-        r = sd_hwdb_get(hwdb, modalias, "ID_OUI_FROM_DATABASE", &description);
-        if (r < 0)
-                return r;
-
-        desc = strdup(description);
-        if (!desc)
-                return -ENOMEM;
-
-        *ret = desc;
-
-        return 0;
-}
-
-static int get_gateway_description(
-                sd_netlink *rtnl,
-                sd_hwdb *hwdb,
-                int ifindex,
-                int family,
-                union in_addr_union *gateway,
-                char **gateway_description) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        sd_netlink_message *m;
-        int r;
-
-        assert(rtnl);
-        assert(ifindex >= 0);
-        assert(family == AF_INET || family == AF_INET6);
-        assert(gateway);
-        assert(gateway_description);
-
-        r = sd_rtnl_message_new_neigh(rtnl, &req, RTM_GETNEIGH, ifindex, family);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_request_dump(req, true);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(rtnl, req, 0, &reply);
-        if (r < 0)
-                return r;
-
-        for (m = reply; m; m = sd_netlink_message_next(m)) {
-                union in_addr_union gw = {};
-                struct ether_addr mac = {};
-                uint16_t type;
-                int ifi, fam;
-
-                r = sd_netlink_message_get_errno(m);
-                if (r < 0) {
-                        log_error_errno(r, "got error: %m");
-                        continue;
-                }
-
-                r = sd_netlink_message_get_type(m, &type);
-                if (r < 0) {
-                        log_error_errno(r, "could not get type: %m");
-                        continue;
-                }
-
-                if (type != RTM_NEWNEIGH) {
-                        log_error("type is not RTM_NEWNEIGH");
-                        continue;
-                }
-
-                r = sd_rtnl_message_neigh_get_family(m, &fam);
-                if (r < 0) {
-                        log_error_errno(r, "could not get family: %m");
-                        continue;
-                }
-
-                if (fam != family) {
-                        log_error("family is not correct");
-                        continue;
-                }
-
-                r = sd_rtnl_message_neigh_get_ifindex(m, &ifi);
-                if (r < 0) {
-                        log_error_errno(r, "could not get ifindex: %m");
-                        continue;
-                }
-
-                if (ifindex > 0 && ifi != ifindex)
-                        continue;
-
-                switch (fam) {
-                case AF_INET:
-                        r = sd_netlink_message_read_in_addr(m, NDA_DST, &gw.in);
-                        if (r < 0)
-                                continue;
-
-                        break;
-                case AF_INET6:
-                        r = sd_netlink_message_read_in6_addr(m, NDA_DST, &gw.in6);
-                        if (r < 0)
-                                continue;
-
-                        break;
-                default:
-                        continue;
-                }
-
-                if (!in_addr_equal(fam, &gw, gateway))
-                        continue;
-
-                r = sd_netlink_message_read_ether_addr(m, NDA_LLADDR, &mac);
-                if (r < 0)
-                        continue;
-
-                r = ieee_oui(hwdb, &mac, gateway_description);
-                if (r < 0)
-                        continue;
-
-                return 0;
-        }
-
-        return -ENODATA;
-}
-
-static int dump_gateways(
-                sd_netlink *rtnl,
-                sd_hwdb *hwdb,
-                const char *prefix,
-                int ifindex) {
-        _cleanup_free_ struct local_address *local = NULL;
-        int r, n, i;
-
-        assert(rtnl);
-        assert(prefix);
-
-        n = local_gateways(rtnl, ifindex, AF_UNSPEC, &local);
-        if (n < 0)
-                return n;
-
-        for (i = 0; i < n; i++) {
-                _cleanup_free_ char *gateway = NULL, *description = NULL;
-
-                r = in_addr_to_string(local[i].family, &local[i].address, &gateway);
-                if (r < 0)
-                        return r;
-
-                r = get_gateway_description(rtnl, hwdb, local[i].ifindex, local[i].family, &local[i].address, &description);
-                if (r < 0)
-                        log_debug_errno(r, "Could not get description of gateway: %m");
-
-                printf("%*s%s",
-                       (int) strlen(prefix),
-                       i == 0 ? prefix : "",
-                       gateway);
-
-                if (description)
-                        printf(" (%s)", description);
-
-                /* Show interface name for the entry if we show
-                 * entries for all interfaces */
-                if (ifindex <= 0) {
-                        char name[IF_NAMESIZE+1];
-
-                        if (if_indextoname(local[i].ifindex, name)) {
-                                fputs(" on ", stdout);
-                                fputs(name, stdout);
-                        } else
-                                printf(" on %%%i", local[i].ifindex);
-                }
-
-                fputc('\n', stdout);
-        }
-
-        return 0;
-}
-
-static int dump_addresses(
-                sd_netlink *rtnl,
-                const char *prefix,
-                int ifindex) {
-
-        _cleanup_free_ struct local_address *local = NULL;
-        int r, n, i;
-
-        assert(rtnl);
-        assert(prefix);
-
-        n = local_addresses(rtnl, ifindex, AF_UNSPEC, &local);
-        if (n < 0)
-                return n;
-
-        for (i = 0; i < n; i++) {
-                _cleanup_free_ char *pretty = NULL;
-
-                r = in_addr_to_string(local[i].family, &local[i].address, &pretty);
-                if (r < 0)
-                        return r;
-
-                printf("%*s%s",
-                       (int) strlen(prefix),
-                       i == 0 ? prefix : "",
-                       pretty);
-
-                if (ifindex <= 0) {
-                        char name[IF_NAMESIZE+1];
-
-                        if (if_indextoname(local[i].ifindex, name)) {
-                                fputs(" on ", stdout);
-                                fputs(name, stdout);
-                        } else
-                                printf(" on %%%i", local[i].ifindex);
-                }
-
-                fputc('\n', stdout);
-        }
-
-        return 0;
-}
-
-static int open_lldp_neighbors(int ifindex, FILE **ret) {
-        _cleanup_free_ char *p = NULL;
-        FILE *f;
-
-        if (asprintf(&p, "/run/systemd/netif/lldp/%i", ifindex) < 0)
-                return -ENOMEM;
-
-        f = fopen(p, "re");
-        if (!f)
-                return -errno;
-
-        *ret = f;
-        return 0;
-}
-
-static int next_lldp_neighbor(FILE *f, sd_lldp_neighbor **ret) {
-        _cleanup_free_ void *raw = NULL;
-        size_t l;
-        le64_t u;
-        int r;
-
-        assert(f);
-        assert(ret);
-
-        l = fread(&u, 1, sizeof(u), f);
-        if (l == 0 && feof(f))
-                return 0;
-        if (l != sizeof(u))
-                return -EBADMSG;
-
-        raw = new(uint8_t, le64toh(u));
-        if (!raw)
-                return -ENOMEM;
-
-        if (fread(raw, 1, le64toh(u), f) != le64toh(u))
-                return -EBADMSG;
-
-        r = sd_lldp_neighbor_from_raw(ret, raw, le64toh(u));
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-static int dump_lldp_neighbors(const char *prefix, int ifindex) {
-        _cleanup_fclose_ FILE *f = NULL;
-        int r, c = 0;
-
-        assert(prefix);
-        assert(ifindex > 0);
-
-        r = open_lldp_neighbors(ifindex, &f);
-        if (r < 0)
-                return r;
-
-        for (;;) {
-                const char *system_name = NULL, *port_id = NULL, *port_description = NULL;
-                _cleanup_(sd_lldp_neighbor_unrefp) sd_lldp_neighbor *n = NULL;
-
-                r = next_lldp_neighbor(f, &n);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                printf("%*s",
-                       (int) strlen(prefix),
-                       c == 0 ? prefix : "");
-
-                (void) sd_lldp_neighbor_get_system_name(n, &system_name);
-                (void) sd_lldp_neighbor_get_port_id_as_string(n, &port_id);
-                (void) sd_lldp_neighbor_get_port_description(n, &port_description);
-
-                printf("%s on port %s", strna(system_name), strna(port_id));
-
-                if (!isempty(port_description))
-                        printf(" (%s)", port_description);
-
-                putchar('\n');
-
-                c++;
-        }
-
-        return c;
-}
-
-static void dump_ifindexes(const char *prefix, const int *ifindexes) {
-        unsigned c;
-
-        assert(prefix);
-
-        if (!ifindexes || ifindexes[0] <= 0)
-                return;
-
-        for (c = 0; ifindexes[c] > 0; c++) {
-                char name[IF_NAMESIZE+1];
-
-                printf("%*s",
-                       (int) strlen(prefix),
-                       c == 0 ? prefix : "");
-
-                if (if_indextoname(ifindexes[c], name))
-                        fputs(name, stdout);
-                else
-                        printf("%i", ifindexes[c]);
-
-                fputc('\n', stdout);
-        }
-}
-
-static void dump_list(const char *prefix, char **l) {
-        char **i;
-
-        if (strv_isempty(l))
-                return;
-
-        STRV_FOREACH(i, l) {
-                printf("%*s%s\n",
-                       (int) strlen(prefix),
-                       i == l ? prefix : "",
-                       *i);
-        }
-}
-
-static int link_status_one(
-                sd_netlink *rtnl,
-                sd_hwdb *hwdb,
-                const LinkInfo *info) {
-
-        _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
-        _cleanup_free_ char *setup_state = NULL, *operational_state = NULL, *tz = NULL;
-        _cleanup_(sd_device_unrefp) sd_device *d = NULL;
-        char devid[2 + DECIMAL_STR_MAX(int)];
-        _cleanup_free_ char *t = NULL, *network = NULL;
-        const char *driver = NULL, *path = NULL, *vendor = NULL, *model = NULL, *link = NULL;
-        const char *on_color_operational, *off_color_operational,
-                   *on_color_setup, *off_color_setup;
-        _cleanup_free_ int *carrier_bound_to = NULL, *carrier_bound_by = NULL;
-        int r;
-
-        assert(rtnl);
-        assert(info);
-
-        (void) sd_network_link_get_operational_state(info->ifindex, &operational_state);
-        operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
-
-        r = sd_network_link_get_setup_state(info->ifindex, &setup_state);
-        if (r == -ENODATA) /* If there's no info available about this iface, it's unmanaged by networkd */
-                setup_state = strdup("unmanaged");
-        setup_state_to_color(setup_state, &on_color_setup, &off_color_setup);
-
-        (void) sd_network_link_get_dns(info->ifindex, &dns);
-        (void) sd_network_link_get_search_domains(info->ifindex, &search_domains);
-        (void) sd_network_link_get_route_domains(info->ifindex, &route_domains);
-        (void) sd_network_link_get_ntp(info->ifindex, &ntp);
-
-        xsprintf(devid, "n%i", info->ifindex);
-
-        (void) sd_device_new_from_device_id(&d, devid);
-
-        if (d) {
-                (void) sd_device_get_property_value(d, "ID_NET_LINK_FILE", &link);
-                (void) sd_device_get_property_value(d, "ID_NET_DRIVER", &driver);
-                (void) sd_device_get_property_value(d, "ID_PATH", &path);
-
-                r = sd_device_get_property_value(d, "ID_VENDOR_FROM_DATABASE", &vendor);
-                if (r < 0)
-                        (void) sd_device_get_property_value(d, "ID_VENDOR", &vendor);
-
-                r = sd_device_get_property_value(d, "ID_MODEL_FROM_DATABASE", &model);
-                if (r < 0)
-                        (void) sd_device_get_property_value(d, "ID_MODEL", &model);
-        }
-
-        (void) link_get_type_string(info->iftype, d, &t);
-
-        (void) sd_network_link_get_network_file(info->ifindex, &network);
-
-        (void) sd_network_link_get_carrier_bound_to(info->ifindex, &carrier_bound_to);
-        (void) sd_network_link_get_carrier_bound_by(info->ifindex, &carrier_bound_by);
-
-        printf("%s%s%s %i: %s\n", on_color_operational, special_glyph(BLACK_CIRCLE), off_color_operational, info->ifindex, info->name);
-
-        printf("       Link File: %s\n"
-               "    Network File: %s\n"
-               "            Type: %s\n"
-               "           State: %s%s%s (%s%s%s)\n",
-               strna(link),
-               strna(network),
-               strna(t),
-               on_color_operational, strna(operational_state), off_color_operational,
-               on_color_setup, strna(setup_state), off_color_setup);
-
-        if (path)
-                printf("            Path: %s\n", path);
-        if (driver)
-                printf("          Driver: %s\n", driver);
-        if (vendor)
-                printf("          Vendor: %s\n", vendor);
-        if (model)
-                printf("           Model: %s\n", model);
-
-        if (info->has_mac_address) {
-                _cleanup_free_ char *description = NULL;
-                char ea[ETHER_ADDR_TO_STRING_MAX];
-
-                (void) ieee_oui(hwdb, &info->mac_address, &description);
-
-                if (description)
-                        printf("      HW Address: %s (%s)\n", ether_addr_to_string(&info->mac_address, ea), description);
-                else
-                        printf("      HW Address: %s\n", ether_addr_to_string(&info->mac_address, ea));
-        }
-
-        if (info->has_mtu)
-                printf("             MTU: %u\n", info->mtu);
-
-        (void) dump_addresses(rtnl, "         Address: ", info->ifindex);
-        (void) dump_gateways(rtnl, hwdb, "         Gateway: ", info->ifindex);
-
-        dump_list("             DNS: ", dns);
-        dump_list("  Search Domains: ", search_domains);
-        dump_list("   Route Domains: ", route_domains);
-
-        dump_list("             NTP: ", ntp);
-
-        dump_ifindexes("Carrier Bound To: ", carrier_bound_to);
-        dump_ifindexes("Carrier Bound By: ", carrier_bound_by);
-
-        (void) sd_network_link_get_timezone(info->ifindex, &tz);
-        if (tz)
-                printf("       Time Zone: %s\n", tz);
-
-        (void) dump_lldp_neighbors("    Connected To: ", info->ifindex);
-
-        return 0;
-}
-
-static int system_status(sd_netlink *rtnl, sd_hwdb *hwdb) {
-        _cleanup_free_ char *operational_state = NULL;
-        _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
-        const char *on_color_operational, *off_color_operational;
-
-        assert(rtnl);
-
-        (void) sd_network_get_operational_state(&operational_state);
-        operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
-
-        printf("%s%s%s        State: %s%s%s\n",
-               on_color_operational, special_glyph(BLACK_CIRCLE), off_color_operational,
-               on_color_operational, strna(operational_state), off_color_operational);
-
-        (void) dump_addresses(rtnl, "       Address: ", 0);
-        (void) dump_gateways(rtnl, hwdb, "       Gateway: ", 0);
-
-        (void) sd_network_get_dns(&dns);
-        dump_list("           DNS: ", dns);
-
-        (void) sd_network_get_search_domains(&search_domains);
-        dump_list("Search Domains: ", search_domains);
-
-        (void) sd_network_get_route_domains(&route_domains);
-        dump_list(" Route Domains: ", route_domains);
-
-        (void) sd_network_get_ntp(&ntp);
-        dump_list("           NTP: ", ntp);
-
-        return 0;
-}
-
-static int link_status(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
-        _cleanup_free_ LinkInfo *links = NULL;
-        int r, c, i;
-
-        pager_open(arg_no_pager, false);
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        r = sd_hwdb_new(&hwdb);
-        if (r < 0)
-                log_debug_errno(r, "Failed to open hardware database: %m");
-
-        if (arg_all)
-                c = acquire_link_info_all(rtnl, &links);
-        else if (argc <= 1)
-                return system_status(rtnl, hwdb);
-        else
-                c = acquire_link_info_strv(rtnl, argv + 1, &links);
-        if (c < 0)
-                return c;
-
-        for (i = 0; i < c; i++) {
-                if (i > 0)
-                        fputc('\n', stdout);
-
-                link_status_one(rtnl, hwdb, links + i);
-        }
-
-        return 0;
-}
-
-static char *lldp_capabilities_to_string(uint16_t x) {
-        static const char characters[] = {
-                'o', 'p', 'b', 'w', 'r', 't', 'd', 'a', 'c', 's', 'm',
-        };
-        char *ret;
-        unsigned i;
-
-        ret = new(char, ELEMENTSOF(characters) + 1);
-        if (!ret)
-                return NULL;
-
-        for (i = 0; i < ELEMENTSOF(characters); i++)
-                ret[i] = (x & (1U << i)) ? characters[i] : '.';
-
-        ret[i] = 0;
-        return ret;
-}
-
-static void lldp_capabilities_legend(uint16_t x) {
-        unsigned w, i, cols = columns();
-        static const char* const table[] = {
-                "o - Other",
-                "p - Repeater",
-                "b - Bridge",
-                "w - WLAN Access Point",
-                "r - Router",
-                "t - Telephone",
-                "d - DOCSIS cable device",
-                "a - Station",
-                "c - Customer VLAN",
-                "s - Service VLAN",
-                "m - Two-port MAC Relay (TPMR)",
-        };
-
-        if (x == 0)
-                return;
-
-        printf("\nCapability Flags:\n");
-        for (w = 0, i = 0; i < ELEMENTSOF(table); i++)
-                if (x & (1U << i) || arg_all) {
-                        bool newline;
-
-                        newline = w + strlen(table[i]) + (w == 0 ? 0 : 2) > cols;
-                        if (newline)
-                                w = 0;
-                        w += printf("%s%s%s", newline ? "\n" : "", w == 0 ? "" : "; ", table[i]);
-                }
-        puts("");
-}
-
-static int link_lldp_status(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        _cleanup_free_ LinkInfo *links = NULL;
-        int i, r, c, m = 0;
-        uint16_t all = 0;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        if (argc > 1)
-                c = acquire_link_info_strv(rtnl, argv + 1, &links);
-        else
-                c = acquire_link_info_all(rtnl, &links);
-        if (c < 0)
-                return c;
-
-        pager_open(arg_no_pager, false);
-
-        if (arg_legend)
-                printf("%-16s %-17s %-16s %-11s %-17s %-16s\n",
-                       "LINK",
-                       "CHASSIS ID",
-                       "SYSTEM NAME",
-                       "CAPS",
-                       "PORT ID",
-                       "PORT DESCRIPTION");
-
-        for (i = 0; i < c; i++) {
-                _cleanup_fclose_ FILE *f = NULL;
-
-                r = open_lldp_neighbors(links[i].ifindex, &f);
-                if (r == -ENOENT)
-                        continue;
-                if (r < 0) {
-                        log_warning_errno(r, "Failed to open LLDP data for %i, ignoring: %m", links[i].ifindex);
-                        continue;
-                }
-
-                for (;;) {
-                        _cleanup_free_ char *cid = NULL, *pid = NULL, *sname = NULL, *pdesc = NULL;
-                        const char *chassis_id = NULL, *port_id = NULL, *system_name = NULL, *port_description = NULL, *capabilities = NULL;
-                        _cleanup_(sd_lldp_neighbor_unrefp) sd_lldp_neighbor *n = NULL;
-                        uint16_t cc;
-
-                        r = next_lldp_neighbor(f, &n);
-                        if (r < 0) {
-                                log_warning_errno(r, "Failed to read neighbor data: %m");
-                                break;
-                        }
-                        if (r == 0)
-                                break;
-
-                        (void) sd_lldp_neighbor_get_chassis_id_as_string(n, &chassis_id);
-                        (void) sd_lldp_neighbor_get_port_id_as_string(n, &port_id);
-                        (void) sd_lldp_neighbor_get_system_name(n, &system_name);
-                        (void) sd_lldp_neighbor_get_port_description(n, &port_description);
-
-                        if (chassis_id) {
-                                cid = ellipsize(chassis_id, 17, 100);
-                                if (cid)
-                                        chassis_id = cid;
-                        }
-
-                        if (port_id) {
-                                pid = ellipsize(port_id, 17, 100);
-                                if (pid)
-                                        port_id = pid;
-                        }
-
-                        if (system_name) {
-                                sname = ellipsize(system_name, 16, 100);
-                                if (sname)
-                                        system_name = sname;
-                        }
-
-                        if (port_description) {
-                                pdesc = ellipsize(port_description, 16, 100);
-                                if (pdesc)
-                                        port_description = pdesc;
-                        }
-
-                        if (sd_lldp_neighbor_get_enabled_capabilities(n, &cc) >= 0) {
-                                capabilities = lldp_capabilities_to_string(cc);
-                                all |= cc;
-                        }
-
-                        printf("%-16s %-17s %-16s %-11s %-17s %-16s\n",
-                               links[i].name,
-                               strna(chassis_id),
-                               strna(system_name),
-                               strna(capabilities),
-                               strna(port_id),
-                               strna(port_description));
-
-                        m++;
-                }
-        }
-
-        if (arg_legend) {
-                lldp_capabilities_legend(all);
-                printf("\n%i neighbors listed.\n", m);
-        }
-
-        return 0;
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...]\n\n"
-               "Query and control the networking subsystem.\n\n"
-               "  -h --help             Show this help\n"
-               "     --version          Show package version\n"
-               "     --no-pager         Do not pipe output into a pager\n"
-               "     --no-legend        Do not show the headers and footers\n"
-               "  -a --all              Show status for all links\n\n"
-               "Commands:\n"
-               "  list [LINK...]        List links\n"
-               "  status [LINK...]      Show link status\n"
-               "  lldp [LINK...]        Show LLDP neighbors\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_PAGER,
-                ARG_NO_LEGEND,
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, 'h'           },
-                { "version",   no_argument,       NULL, ARG_VERSION   },
-                { "no-pager",  no_argument,       NULL, ARG_NO_PAGER  },
-                { "no-legend", no_argument,       NULL, ARG_NO_LEGEND },
-                { "all",       no_argument,       NULL, 'a'           },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "ha", options, NULL)) >= 0) {
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_NO_LEGEND:
-                        arg_legend = false;
-                        break;
-
-                case 'a':
-                        arg_all = true;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-        }
-
-        return 1;
-}
-
-static int networkctl_main(int argc, char *argv[]) {
-        const Verb verbs[] = {
-                { "list",   VERB_ANY, VERB_ANY, VERB_DEFAULT, list_links       },
-                { "status", VERB_ANY, VERB_ANY, 0,            link_status      },
-                { "lldp",   VERB_ANY, VERB_ANY, 0,            link_lldp_status },
-                {}
-        };
-
-        return dispatch_verb(argc, argv, verbs, NULL);
-}
-
-static void warn_networkd_missing(void) {
-
-        if (access("/run/systemd/netif/state", F_OK) >= 0)
-                return;
-
-        fprintf(stderr, "WARNING: systemd-networkd is not running, output will be incomplete.\n\n");
-}
-
-int main(int argc, char* argv[]) {
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        warn_networkd_missing();
-
-        r = networkctl_main(argc, argv);
-
-finish:
-        pager_close();
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/network/networkd-dhcp6.c b/src/network/networkd-dhcp6.c
deleted file mode 100644
index 37e13e639e..0000000000
--- a/src/network/networkd-dhcp6.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2014 Intel Corporation. All rights reserved.
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/ether.h>
-#include <linux/if.h>
-
-#include "sd-dhcp6-client.h"
-
-#include "network-internal.h"
-#include "networkd.h"
-
-static int dhcp6_lease_address_acquired(sd_dhcp6_client *client, Link *link);
-
-static int dhcp6_lease_information_acquired(sd_dhcp6_client *client,
-                                        Link *link) {
-        return 0;
-}
-
-static int dhcp6_address_handler(sd_netlink *rtnl, sd_netlink_message *m,
-                                 void *userdata) {
-        _cleanup_link_unref_ Link *link = userdata;
-        int r;
-
-        assert(link);
-
-        r = sd_netlink_message_get_errno(m);
-        if (r < 0 && r != -EEXIST) {
-                if (link->rtnl_extended_attrs) {
-                        log_link_warning(link, "Could not set extended netlink attributes, reverting to fallback mechanism");
-
-                        link->rtnl_extended_attrs = false;
-                        dhcp6_lease_address_acquired(link->dhcp6_client, link);
-
-                        return 1;
-                }
-
-                log_link_error_errno(link, r, "Could not set DHCPv6 address: %m");
-
-                link_enter_failed(link);
-
-        } else if (r >= 0)
-                manager_rtnl_process_address(rtnl, m, link->manager);
-
-        return 1;
-}
-
-static int dhcp6_address_change(Link *link, struct in6_addr *ip6_addr,
-                                uint32_t lifetime_preferred, uint32_t lifetime_valid) {
-        int r;
-        _cleanup_address_free_ Address *addr = NULL;
-
-        r = address_new(&addr);
-        if (r < 0)
-                return r;
-
-        addr->family = AF_INET6;
-        memcpy(&addr->in_addr.in6, ip6_addr, sizeof(*ip6_addr));
-
-        addr->flags = IFA_F_NOPREFIXROUTE;
-        addr->prefixlen = 128;
-
-        addr->cinfo.ifa_prefered = lifetime_preferred;
-        addr->cinfo.ifa_valid = lifetime_valid;
-
-        log_link_info(link,
-                      "DHCPv6 address "SD_NDISC_ADDRESS_FORMAT_STR"/%d timeout preferred %d valid %d",
-                      SD_NDISC_ADDRESS_FORMAT_VAL(addr->in_addr.in6),
-                      addr->prefixlen, lifetime_preferred, lifetime_valid);
-
-        r = address_configure(addr, link, dhcp6_address_handler, true);
-        if (r < 0)
-                log_link_warning_errno(link, r, "Could not assign DHCPv6 address: %m");
-
-        return r;
-}
-
-static int dhcp6_lease_address_acquired(sd_dhcp6_client *client, Link *link) {
-        int r;
-        sd_dhcp6_lease *lease;
-        struct in6_addr ip6_addr;
-        uint32_t lifetime_preferred, lifetime_valid;
-
-        r = sd_dhcp6_client_get_lease(client, &lease);
-        if (r < 0)
-                return r;
-
-        sd_dhcp6_lease_reset_address_iter(lease);
-
-        while (sd_dhcp6_lease_get_address(lease, &ip6_addr,
-                                                 &lifetime_preferred,
-                                                 &lifetime_valid) >= 0) {
-
-                r = dhcp6_address_change(link, &ip6_addr, lifetime_preferred, lifetime_valid);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static void dhcp6_handler(sd_dhcp6_client *client, int event, void *userdata) {
-        int r;
-        Link *link = userdata;
-
-        assert(link);
-        assert(link->network);
-        assert(link->manager);
-
-        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
-                return;
-
-        switch(event) {
-        case SD_DHCP6_CLIENT_EVENT_STOP:
-        case SD_DHCP6_CLIENT_EVENT_RESEND_EXPIRE:
-        case SD_DHCP6_CLIENT_EVENT_RETRANS_MAX:
-                if (sd_dhcp6_client_get_lease(client, NULL) >= 0)
-                        log_link_warning(link, "DHCPv6 lease lost");
-
-                link->dhcp6_configured = false;
-                break;
-
-        case SD_DHCP6_CLIENT_EVENT_IP_ACQUIRE:
-                r = dhcp6_lease_address_acquired(client, link);
-                if (r < 0) {
-                        link_enter_failed(link);
-                        return;
-                }
-
-                /* fall through */
-        case SD_DHCP6_CLIENT_EVENT_INFORMATION_REQUEST:
-                r = dhcp6_lease_information_acquired(client, link);
-                if (r < 0) {
-                        link_enter_failed(link);
-                        return;
-                }
-
-                link->dhcp6_configured = true;
-                break;
-
-        default:
-                if (event < 0)
-                        log_link_warning_errno(link, event, "DHCPv6 error: %m");
-                else
-                        log_link_warning(link, "DHCPv6 unknown event: %d", event);
-                return;
-        }
-
-        link_check_ready(link);
-}
-
-int dhcp6_request_address(Link *link) {
-        int r, inf_req;
-        bool running;
-
-        assert(link);
-        assert(link->dhcp6_client);
-
-        r = sd_dhcp6_client_get_information_request(link->dhcp6_client, &inf_req);
-        if (r < 0)
-                return r;
-
-        if (!inf_req)
-                return 0;
-
-        r = sd_dhcp6_client_is_running(link->dhcp6_client);
-        if (r < 0)
-                return r;
-        else
-                running = !!r;
-
-        if (running) {
-                r = sd_dhcp6_client_stop(link->dhcp6_client);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_dhcp6_client_set_information_request(link->dhcp6_client, false);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int dhcp6_configure(Link *link) {
-        sd_dhcp6_client *client = NULL;
-        int r;
-        const DUID *duid;
-
-        assert(link);
-
-        if (link->dhcp6_client)
-                return 0;
-
-        r = sd_dhcp6_client_new(&client);
-        if (r < 0)
-                return r;
-
-        r = sd_dhcp6_client_attach_event(client, NULL, 0);
-        if (r < 0)
-                goto error;
-
-        r = sd_dhcp6_client_set_information_request(client, true);
-        if (r < 0)
-                goto error;
-
-        r = sd_dhcp6_client_set_mac(client,
-                                    (const uint8_t *) &link->mac,
-                                    sizeof (link->mac), ARPHRD_ETHER);
-        if (r < 0)
-                goto error;
-
-        r = sd_dhcp6_client_set_iaid(client, link->network->iaid);
-        if (r < 0)
-                goto error;
-
-        duid = link_duid(link);
-        r = sd_dhcp6_client_set_duid(client,
-                                     duid->type,
-                                     duid->raw_data_len > 0 ? duid->raw_data : NULL,
-                                     duid->raw_data_len);
-        if (r < 0)
-                goto error;
-
-        r = sd_dhcp6_client_set_index(client, link->ifindex);
-        if (r < 0)
-                goto error;
-
-        r = sd_dhcp6_client_set_callback(client, dhcp6_handler, link);
-        if (r < 0)
-                goto error;
-
-        link->dhcp6_client = client;
-
-        return 0;
-
-error:
-        sd_dhcp6_client_unref(client);
-        return r;
-}
diff --git a/src/network/networkd-link.h b/src/network/networkd-link.h
deleted file mode 100644
index 14c4a02c7e..0000000000
--- a/src/network/networkd-link.h
+++ /dev/null
@@ -1,209 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <endian.h>
-
-#include "sd-bus.h"
-#include "sd-dhcp-client.h"
-#include "sd-dhcp-server.h"
-#include "sd-dhcp6-client.h"
-#include "sd-ipv4ll.h"
-#include "sd-lldp.h"
-#include "sd-ndisc.h"
-#include "sd-netlink.h"
-
-#include "list.h"
-#include "set.h"
-
-typedef enum LinkState {
-        LINK_STATE_PENDING,
-        LINK_STATE_ENSLAVING,
-        LINK_STATE_SETTING_ADDRESSES,
-        LINK_STATE_SETTING_ROUTES,
-        LINK_STATE_CONFIGURED,
-        LINK_STATE_UNMANAGED,
-        LINK_STATE_FAILED,
-        LINK_STATE_LINGER,
-        _LINK_STATE_MAX,
-        _LINK_STATE_INVALID = -1
-} LinkState;
-
-typedef enum LinkOperationalState {
-        LINK_OPERSTATE_OFF,
-        LINK_OPERSTATE_NO_CARRIER,
-        LINK_OPERSTATE_DORMANT,
-        LINK_OPERSTATE_CARRIER,
-        LINK_OPERSTATE_DEGRADED,
-        LINK_OPERSTATE_ROUTABLE,
-        _LINK_OPERSTATE_MAX,
-        _LINK_OPERSTATE_INVALID = -1
-} LinkOperationalState;
-
-typedef struct Manager Manager;
-typedef struct Network Network;
-typedef struct Address Address;
-
-typedef struct Link {
-        Manager *manager;
-
-        int n_ref;
-
-        int ifindex;
-        char *ifname;
-        unsigned short iftype;
-        char *state_file;
-        struct ether_addr mac;
-        struct in6_addr ipv6ll_address;
-        uint32_t mtu;
-        struct udev_device *udev_device;
-
-        unsigned flags;
-        uint8_t kernel_operstate;
-
-        Network *network;
-
-        LinkState state;
-        LinkOperationalState operstate;
-
-        unsigned link_messages;
-        unsigned enslaving;
-
-        Set *addresses;
-        Set *addresses_foreign;
-        Set *routes;
-        Set *routes_foreign;
-
-        sd_dhcp_client *dhcp_client;
-        sd_dhcp_lease *dhcp_lease;
-        char *lease_file;
-        uint16_t original_mtu;
-        unsigned dhcp4_messages;
-        bool dhcp4_configured;
-        bool dhcp6_configured;
-        unsigned ndisc_messages;
-        bool ndisc_configured;
-
-        sd_ipv4ll *ipv4ll;
-        bool ipv4ll_address:1;
-        bool ipv4ll_route:1;
-
-        bool static_configured;
-
-        LIST_HEAD(Address, pool_addresses);
-
-        sd_dhcp_server *dhcp_server;
-
-        sd_ndisc *ndisc_router_discovery;
-        sd_dhcp6_client *dhcp6_client;
-        bool rtnl_extended_attrs;
-
-        /* This is about LLDP reception */
-        sd_lldp *lldp;
-        char *lldp_file;
-
-        /* This is about LLDP transmission */
-        unsigned lldp_tx_fast; /* The LLDP txFast counter (See 802.1ab-2009, section 9.2.5.18) */
-        sd_event_source *lldp_emit_event_source;
-
-        Hashmap *bound_by_links;
-        Hashmap *bound_to_links;
-} Link;
-
-Link *link_unref(Link *link);
-Link *link_ref(Link *link);
-int link_get(Manager *m, int ifindex, Link **ret);
-int link_add(Manager *manager, sd_netlink_message *message, Link **ret);
-void link_drop(Link *link);
-
-int link_address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata);
-int link_route_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata);
-
-void link_enter_failed(Link *link);
-int link_initialized(Link *link, struct udev_device *device);
-
-void link_check_ready(Link *link);
-
-void link_update_operstate(Link *link);
-int link_update(Link *link, sd_netlink_message *message);
-
-void link_dirty(Link *link);
-void link_clean(Link *link);
-int link_save(Link *link);
-
-int link_carrier_reset(Link *link);
-bool link_has_carrier(Link *link);
-
-int link_ipv6ll_gained(Link *link, const struct in6_addr *address);
-
-int link_set_mtu(Link *link, uint32_t mtu);
-int link_set_hostname(Link *link, const char *hostname);
-int link_set_timezone(Link *link, const char *timezone);
-
-int ipv4ll_configure(Link *link);
-int dhcp4_configure(Link *link);
-int dhcp6_configure(Link *link);
-int dhcp6_request_address(Link *link);
-int ndisc_configure(Link *link);
-
-const char* link_state_to_string(LinkState s) _const_;
-LinkState link_state_from_string(const char *s) _pure_;
-
-const char* link_operstate_to_string(LinkOperationalState s) _const_;
-LinkOperationalState link_operstate_from_string(const char *s) _pure_;
-
-extern const sd_bus_vtable link_vtable[];
-
-int link_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
-int link_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
-int link_send_changed(Link *link, const char *property, ...) _sentinel_;
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_unref);
-#define _cleanup_link_unref_ _cleanup_(link_unrefp)
-
-/* Macros which append INTERFACE= to the message */
-
-#define log_link_full(link, level, error, ...)                          \
-        ({                                                              \
-                Link *_l = (link);                                      \
-                _l ? log_object_internal(level, error, __FILE__, __LINE__, __func__, "INTERFACE=", _l->ifname, ##__VA_ARGS__) : \
-                        log_internal(level, error, __FILE__, __LINE__, __func__, ##__VA_ARGS__); \
-        })                                                              \
-
-#define log_link_debug(link, ...)   log_link_full(link, LOG_DEBUG, 0, ##__VA_ARGS__)
-#define log_link_info(link, ...)    log_link_full(link, LOG_INFO, 0, ##__VA_ARGS__)
-#define log_link_notice(link, ...)  log_link_full(link, LOG_NOTICE, 0, ##__VA_ARGS__)
-#define log_link_warning(link, ...) log_link_full(link, LOG_WARNING, 0, ##__VA_ARGS__)
-#define log_link_error(link, ...)   log_link_full(link, LOG_ERR, 0, ##__VA_ARGS__)
-
-#define log_link_debug_errno(link, error, ...)   log_link_full(link, LOG_DEBUG, error, ##__VA_ARGS__)
-#define log_link_info_errno(link, error, ...)    log_link_full(link, LOG_INFO, error, ##__VA_ARGS__)
-#define log_link_notice_errno(link, error, ...)  log_link_full(link, LOG_NOTICE, error, ##__VA_ARGS__)
-#define log_link_warning_errno(link, error, ...) log_link_full(link, LOG_WARNING, error, ##__VA_ARGS__)
-#define log_link_error_errno(link, error, ...)   log_link_full(link, LOG_ERR, error, ##__VA_ARGS__)
-
-#define LOG_LINK_MESSAGE(link, fmt, ...) "MESSAGE=%s: " fmt, (link)->ifname, ##__VA_ARGS__
-#define LOG_LINK_INTERFACE(link) "INTERFACE=%s", (link)->ifname
-
-#define ADDRESS_FMT_VAL(address)                   \
-        be32toh((address).s_addr) >> 24,           \
-        (be32toh((address).s_addr) >> 16) & 0xFFu, \
-        (be32toh((address).s_addr) >> 8) & 0xFFu,  \
-        be32toh((address).s_addr) & 0xFFu
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
deleted file mode 100644
index 9174dcc7f4..0000000000
--- a/src/network/networkd-manager.c
+++ /dev/null
@@ -1,1329 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
-
-#include <sys/socket.h>
-#include <linux/if.h>
-
-#include "sd-daemon.h"
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "bus-util.h"
-#include "conf-parser.h"
-#include "def.h"
-#include "dns-domain.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "libudev-private.h"
-#include "local-addresses.h"
-#include "netlink-util.h"
-#include "networkd.h"
-#include "ordered-set.h"
-#include "path-util.h"
-#include "set.h"
-#include "udev-util.h"
-#include "virt.h"
-
-/* use 8 MB for receive socket kernel queue. */
-#define RCVBUF_SIZE    (8*1024*1024)
-
-const char* const network_dirs[] = {
-        "/etc/systemd/network",
-        "/run/systemd/network",
-        "/usr/lib/systemd/network",
-#ifdef HAVE_SPLIT_USR
-        "/lib/systemd/network",
-#endif
-        NULL};
-
-static int setup_default_address_pool(Manager *m) {
-        AddressPool *p;
-        int r;
-
-        assert(m);
-
-        /* Add in the well-known private address ranges. */
-
-        r = address_pool_new_from_string(m, &p, AF_INET6, "fc00::", 7);
-        if (r < 0)
-                return r;
-
-        r = address_pool_new_from_string(m, &p, AF_INET, "192.168.0.0", 16);
-        if (r < 0)
-                return r;
-
-        r = address_pool_new_from_string(m, &p, AF_INET, "172.16.0.0", 12);
-        if (r < 0)
-                return r;
-
-        r = address_pool_new_from_string(m, &p, AF_INET, "10.0.0.0", 8);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int on_bus_retry(sd_event_source *s, usec_t usec, void *userdata) {
-        Manager *m = userdata;
-
-        assert(s);
-        assert(m);
-
-        m->bus_retry_event_source = sd_event_source_unref(m->bus_retry_event_source);
-
-        manager_connect_bus(m);
-
-        return 0;
-}
-
-static int manager_reset_all(Manager *m) {
-        Link *link;
-        Iterator i;
-        int r;
-
-        assert(m);
-
-        HASHMAP_FOREACH(link, m->links, i) {
-                r = link_carrier_reset(link);
-                if (r < 0)
-                        log_link_warning_errno(link, r, "Could not reset carrier: %m");
-        }
-
-        return 0;
-}
-
-static int match_prepare_for_sleep(sd_bus_message *message, void *userdata, sd_bus_error *ret_error) {
-        Manager *m = userdata;
-        int b, r;
-
-        assert(message);
-
-        r = sd_bus_message_read(message, "b", &b);
-        if (r < 0) {
-                log_debug_errno(r, "Failed to parse PrepareForSleep signal: %m");
-                return 0;
-        }
-
-        if (b)
-                return 0;
-
-        log_debug("Coming back from suspend, resetting all connections...");
-
-        manager_reset_all(m);
-
-        return 0;
-}
-
-int manager_connect_bus(Manager *m) {
-        int r;
-
-        assert(m);
-
-        r = sd_bus_default_system(&m->bus);
-        if (r == -ENOENT) {
-                /* We failed to connect? Yuck, we must be in early
-                 * boot. Let's try in 5s again. As soon as we have
-                 * kdbus we can stop doing this... */
-
-                log_debug_errno(r, "Failed to connect to bus, trying again in 5s: %m");
-
-                r = sd_event_add_time(m->event, &m->bus_retry_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + 5*USEC_PER_SEC, 0, on_bus_retry, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to install bus reconnect time event: %m");
-
-                return 0;
-        }
-
-        if (r < 0)
-                return r;
-
-        r = sd_bus_add_match(m->bus, &m->prepare_for_sleep_slot,
-                             "type='signal',"
-                             "sender='org.freedesktop.login1',"
-                             "interface='org.freedesktop.login1.Manager',"
-                             "member='PrepareForSleep',"
-                             "path='/org/freedesktop/login1'",
-                             match_prepare_for_sleep,
-                             m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match for PrepareForSleep: %m");
-
-        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/network1", "org.freedesktop.network1.Manager", manager_vtable, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add manager object vtable: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/network1/link", "org.freedesktop.network1.Link", link_vtable, link_object_find, m);
-        if (r < 0)
-               return log_error_errno(r, "Failed to add link object vtable: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/network1/link", link_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add link enumerator: %m");
-
-        r = sd_bus_add_fallback_vtable(m->bus, NULL, "/org/freedesktop/network1/network", "org.freedesktop.network1.Network", network_vtable, network_object_find, m);
-        if (r < 0)
-               return log_error_errno(r, "Failed to add network object vtable: %m");
-
-        r = sd_bus_add_node_enumerator(m->bus, NULL, "/org/freedesktop/network1/network", network_node_enumerator, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add network enumerator: %m");
-
-        r = sd_bus_request_name(m->bus, "org.freedesktop.network1", 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register name: %m");
-
-        r = sd_bus_attach_event(m->bus, m->event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        return 0;
-}
-
-static int manager_udev_process_link(Manager *m, struct udev_device *device) {
-        Link *link = NULL;
-        int r, ifindex;
-
-        assert(m);
-        assert(device);
-
-        if (!streq_ptr(udev_device_get_action(device), "add"))
-                return 0;
-
-        ifindex = udev_device_get_ifindex(device);
-        if (ifindex <= 0) {
-                log_debug("Ignoring udev ADD event for device with invalid ifindex");
-                return 0;
-        }
-
-        r = link_get(m, ifindex, &link);
-        if (r == -ENODEV)
-                return 0;
-        else if (r < 0)
-                return r;
-
-        r = link_initialized(link, device);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int manager_dispatch_link_udev(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-        struct udev_monitor *monitor = m->udev_monitor;
-        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
-
-        device = udev_monitor_receive_device(monitor);
-        if (!device)
-                return -ENOMEM;
-
-        manager_udev_process_link(m, device);
-        return 0;
-}
-
-static int manager_connect_udev(Manager *m) {
-        int r;
-
-        /* udev does not initialize devices inside containers,
-         * so we rely on them being already initialized before
-         * entering the container */
-        if (detect_container() > 0)
-                return 0;
-
-        m->udev = udev_new();
-        if (!m->udev)
-                return -ENOMEM;
-
-        m->udev_monitor = udev_monitor_new_from_netlink(m->udev, "udev");
-        if (!m->udev_monitor)
-                return -ENOMEM;
-
-        r = udev_monitor_filter_add_match_subsystem_devtype(m->udev_monitor, "net", NULL);
-        if (r < 0)
-                return log_error_errno(r, "Could not add udev monitor filter: %m");
-
-        r = udev_monitor_enable_receiving(m->udev_monitor);
-        if (r < 0) {
-                log_error("Could not enable udev monitor");
-                return r;
-        }
-
-        r = sd_event_add_io(m->event,
-                        &m->udev_event_source,
-                        udev_monitor_get_fd(m->udev_monitor),
-                        EPOLLIN, manager_dispatch_link_udev,
-                        m);
-        if (r < 0)
-                return r;
-
-        r = sd_event_source_set_description(m->udev_event_source, "networkd-udev");
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int manager_rtnl_process_route(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
-        Manager *m = userdata;
-        Link *link = NULL;
-        uint16_t type;
-        uint32_t ifindex, priority = 0;
-        unsigned char protocol, scope, tos, table;
-        int family;
-        unsigned char dst_prefixlen, src_prefixlen;
-        union in_addr_union dst = {}, gw = {}, src = {}, prefsrc = {};
-        Route *route = NULL;
-        int r;
-
-        assert(rtnl);
-        assert(message);
-        assert(m);
-
-        if (sd_netlink_message_is_error(message)) {
-                r = sd_netlink_message_get_errno(message);
-                if (r < 0)
-                        log_warning_errno(r, "rtnl: failed to receive route: %m");
-
-                return 0;
-        }
-
-        r = sd_netlink_message_get_type(message, &type);
-        if (r < 0) {
-                log_warning_errno(r, "rtnl: could not get message type: %m");
-                return 0;
-        } else if (type != RTM_NEWROUTE && type != RTM_DELROUTE) {
-                log_warning("rtnl: received unexpected message type when processing route");
-                return 0;
-        }
-
-        r = sd_netlink_message_read_u32(message, RTA_OIF, &ifindex);
-        if (r == -ENODATA) {
-                log_debug("rtnl: received route without ifindex, ignoring");
-                return 0;
-        } else if (r < 0) {
-                log_warning_errno(r, "rtnl: could not get ifindex from route, ignoring: %m");
-                return 0;
-        } else if (ifindex <= 0) {
-                log_warning("rtnl: received route message with invalid ifindex, ignoring: %d", ifindex);
-                return 0;
-        } else {
-                r = link_get(m, ifindex, &link);
-                if (r < 0 || !link) {
-                        /* when enumerating we might be out of sync, but we will
-                         * get the route again, so just ignore it */
-                        if (!m->enumerating)
-                                log_warning("rtnl: received route for nonexistent link (%d), ignoring", ifindex);
-                        return 0;
-                }
-        }
-
-        r = sd_rtnl_message_route_get_family(message, &family);
-        if (r < 0 || !IN_SET(family, AF_INET, AF_INET6)) {
-                log_link_warning(link, "rtnl: received address with invalid family, ignoring.");
-                return 0;
-        }
-
-        r = sd_rtnl_message_route_get_protocol(message, &protocol);
-        if (r < 0) {
-                log_warning_errno(r, "rtnl: could not get route protocol: %m");
-                return 0;
-        }
-
-        switch (family) {
-        case AF_INET:
-                r = sd_netlink_message_read_in_addr(message, RTA_DST, &dst.in);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route without valid destination, ignoring: %m");
-                        return 0;
-                }
-
-                r = sd_netlink_message_read_in_addr(message, RTA_GATEWAY, &gw.in);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route with invalid gateway, ignoring: %m");
-                        return 0;
-                }
-
-                r = sd_netlink_message_read_in_addr(message, RTA_SRC, &src.in);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route with invalid source, ignoring: %m");
-                        return 0;
-                }
-
-                r = sd_netlink_message_read_in_addr(message, RTA_PREFSRC, &prefsrc.in);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route with invalid preferred source, ignoring: %m");
-                        return 0;
-                }
-
-                break;
-
-        case AF_INET6:
-                r = sd_netlink_message_read_in6_addr(message, RTA_DST, &dst.in6);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route without valid destination, ignoring: %m");
-                        return 0;
-                }
-
-                r = sd_netlink_message_read_in6_addr(message, RTA_GATEWAY, &gw.in6);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route with invalid gateway, ignoring: %m");
-                        return 0;
-                }
-
-                r = sd_netlink_message_read_in6_addr(message, RTA_SRC, &src.in6);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route with invalid source, ignoring: %m");
-                        return 0;
-                }
-
-                r = sd_netlink_message_read_in6_addr(message, RTA_PREFSRC, &prefsrc.in6);
-                if (r < 0 && r != -ENODATA) {
-                        log_link_warning_errno(link, r, "rtnl: received route with invalid preferred source, ignoring: %m");
-                        return 0;
-                }
-
-                break;
-
-        default:
-                log_link_debug(link, "rtnl: ignoring unsupported address family: %d", family);
-                return 0;
-        }
-
-        r = sd_rtnl_message_route_get_dst_prefixlen(message, &dst_prefixlen);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received route with invalid destination prefixlen, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_rtnl_message_route_get_src_prefixlen(message, &src_prefixlen);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received route with invalid source prefixlen, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_rtnl_message_route_get_scope(message, &scope);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received route with invalid scope, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_rtnl_message_route_get_tos(message, &tos);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received route with invalid tos, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_rtnl_message_route_get_table(message, &table);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received route with invalid table, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_netlink_message_read_u32(message, RTA_PRIORITY, &priority);
-        if (r < 0 && r != -ENODATA) {
-                log_link_warning_errno(link, r, "rtnl: received route with invalid priority, ignoring: %m");
-                return 0;
-        }
-
-        route_get(link, family, &dst, dst_prefixlen, tos, priority, table, &route);
-
-        switch (type) {
-        case RTM_NEWROUTE:
-                if (!route) {
-                        /* A route appeared that we did not request */
-                        r = route_add_foreign(link, family, &dst, dst_prefixlen, tos, priority, table, &route);
-                        if (r < 0)
-                                return 0;
-                }
-
-                route_update(route, &src, src_prefixlen, &gw, &prefsrc, scope, protocol);
-
-                break;
-
-        case RTM_DELROUTE:
-                route_free(route);
-                break;
-
-        default:
-                assert_not_reached("Received invalid RTNL message type");
-        }
-
-        return 1;
-}
-
-int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
-        Manager *m = userdata;
-        Link *link = NULL;
-        uint16_t type;
-        unsigned char flags;
-        int family;
-        unsigned char prefixlen;
-        unsigned char scope;
-        union in_addr_union in_addr;
-        struct ifa_cacheinfo cinfo;
-        Address *address = NULL;
-        char buf[INET6_ADDRSTRLEN], valid_buf[FORMAT_TIMESPAN_MAX];
-        const char *valid_str = NULL;
-        int r, ifindex;
-
-        assert(rtnl);
-        assert(message);
-        assert(m);
-
-        if (sd_netlink_message_is_error(message)) {
-                r = sd_netlink_message_get_errno(message);
-                if (r < 0)
-                        log_warning_errno(r, "rtnl: failed to receive address: %m");
-
-                return 0;
-        }
-
-        r = sd_netlink_message_get_type(message, &type);
-        if (r < 0) {
-                log_warning_errno(r, "rtnl: could not get message type: %m");
-                return 0;
-        } else if (type != RTM_NEWADDR && type != RTM_DELADDR) {
-                log_warning("rtnl: received unexpected message type when processing address");
-                return 0;
-        }
-
-        r = sd_rtnl_message_addr_get_ifindex(message, &ifindex);
-        if (r < 0) {
-                log_warning_errno(r, "rtnl: could not get ifindex from address: %m");
-                return 0;
-        } else if (ifindex <= 0) {
-                log_warning("rtnl: received address message with invalid ifindex: %d", ifindex);
-                return 0;
-        } else {
-                r = link_get(m, ifindex, &link);
-                if (r < 0 || !link) {
-                        /* when enumerating we might be out of sync, but we will
-                         * get the address again, so just ignore it */
-                        if (!m->enumerating)
-                                log_warning("rtnl: received address for nonexistent link (%d), ignoring", ifindex);
-                        return 0;
-                }
-        }
-
-        r = sd_rtnl_message_addr_get_family(message, &family);
-        if (r < 0 || !IN_SET(family, AF_INET, AF_INET6)) {
-                log_link_warning(link, "rtnl: received address with invalid family, ignoring.");
-                return 0;
-        }
-
-        r = sd_rtnl_message_addr_get_prefixlen(message, &prefixlen);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received address with invalid prefixlen, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_rtnl_message_addr_get_scope(message, &scope);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received address with invalid scope, ignoring: %m");
-                return 0;
-        }
-
-        r = sd_rtnl_message_addr_get_flags(message, &flags);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "rtnl: received address with invalid flags, ignoring: %m");
-                return 0;
-        }
-
-        switch (family) {
-        case AF_INET:
-                r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &in_addr.in);
-                if (r < 0) {
-                        log_link_warning_errno(link, r, "rtnl: received address without valid address, ignoring: %m");
-                        return 0;
-                }
-
-                break;
-
-        case AF_INET6:
-                r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &in_addr.in6);
-                if (r < 0) {
-                        log_link_warning_errno(link, r, "rtnl: received address without valid address, ignoring: %m");
-                        return 0;
-                }
-
-                break;
-
-        default:
-                log_link_debug(link, "rtnl: ignoring unsupported address family: %d", family);
-        }
-
-        if (!inet_ntop(family, &in_addr, buf, INET6_ADDRSTRLEN)) {
-                log_link_warning(link, "Could not print address");
-                return 0;
-        }
-
-        r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo);
-        if (r >= 0) {
-                if (cinfo.ifa_valid != CACHE_INFO_INFINITY_LIFE_TIME)
-                        valid_str = format_timespan(valid_buf, FORMAT_TIMESPAN_MAX,
-                                                    cinfo.ifa_valid * USEC_PER_SEC,
-                                                    USEC_PER_SEC);
-        }
-
-        address_get(link, family, &in_addr, prefixlen, &address);
-
-        switch (type) {
-        case RTM_NEWADDR:
-                if (address)
-                        log_link_debug(link, "Updating address: %s/%u (valid %s%s)", buf, prefixlen,
-                                       valid_str ? "for " : "forever", valid_str ?: "");
-                else {
-                        /* An address appeared that we did not request */
-                        r = address_add_foreign(link, family, &in_addr, prefixlen, &address);
-                        if (r < 0) {
-                                log_link_warning_errno(link, r, "Failed to add address %s/%u: %m", buf, prefixlen);
-                                return 0;
-                        } else
-                                log_link_debug(link, "Adding address: %s/%u (valid %s%s)", buf, prefixlen,
-                                               valid_str ? "for " : "forever", valid_str ?: "");
-                }
-
-                address_update(address, flags, scope, &cinfo);
-
-                break;
-
-        case RTM_DELADDR:
-
-                if (address) {
-                        log_link_debug(link, "Removing address: %s/%u (valid %s%s)", buf, prefixlen,
-                                       valid_str ? "for " : "forever", valid_str ?: "");
-                        address_drop(address);
-                } else
-                        log_link_warning(link, "Removing non-existent address: %s/%u (valid %s%s)", buf, prefixlen,
-                                         valid_str ? "for " : "forever", valid_str ?: "");
-
-                break;
-        default:
-                assert_not_reached("Received invalid RTNL message type");
-        }
-
-        return 1;
-}
-
-static int manager_rtnl_process_link(sd_netlink *rtnl, sd_netlink_message *message, void *userdata) {
-        Manager *m = userdata;
-        Link *link = NULL;
-        NetDev *netdev = NULL;
-        uint16_t type;
-        const char *name;
-        int r, ifindex;
-
-        assert(rtnl);
-        assert(message);
-        assert(m);
-
-        if (sd_netlink_message_is_error(message)) {
-                r = sd_netlink_message_get_errno(message);
-                if (r < 0)
-                        log_warning_errno(r, "rtnl: Could not receive link: %m");
-
-                return 0;
-        }
-
-        r = sd_netlink_message_get_type(message, &type);
-        if (r < 0) {
-                log_warning_errno(r, "rtnl: Could not get message type: %m");
-                return 0;
-        } else if (type != RTM_NEWLINK && type != RTM_DELLINK) {
-                log_warning("rtnl: Received unexpected message type when processing link");
-                return 0;
-        }
-
-        r = sd_rtnl_message_link_get_ifindex(message, &ifindex);
-        if (r < 0) {
-                log_warning_errno(r, "rtnl: Could not get ifindex from link: %m");
-                return 0;
-        } else if (ifindex <= 0) {
-                log_warning("rtnl: received link message with invalid ifindex: %d", ifindex);
-                return 0;
-        }
-
-        r = sd_netlink_message_read_string(message, IFLA_IFNAME, &name);
-        if (r < 0) {
-                log_warning_errno(r, "rtnl: Received link message without ifname: %m");
-                return 0;
-        }
-
-        (void) link_get(m, ifindex, &link);
-        (void) netdev_get(m, name, &netdev);
-
-        switch (type) {
-        case RTM_NEWLINK:
-                if (!link) {
-                        /* link is new, so add it */
-                        r = link_add(m, message, &link);
-                        if (r < 0) {
-                                log_warning_errno(r, "Could not add new link: %m");
-                                return 0;
-                        }
-                }
-
-                if (netdev) {
-                        /* netdev exists, so make sure the ifindex matches */
-                        r = netdev_set_ifindex(netdev, message);
-                        if (r < 0) {
-                                log_warning_errno(r, "Could not set ifindex on netdev: %m");
-                                return 0;
-                        }
-                }
-
-                r = link_update(link, message);
-                if (r < 0)
-                        return 0;
-
-                break;
-
-        case RTM_DELLINK:
-                link_drop(link);
-                netdev_drop(netdev);
-
-                break;
-
-        default:
-                assert_not_reached("Received invalid RTNL message type.");
-        }
-
-        return 1;
-}
-
-static int systemd_netlink_fd(void) {
-        int n, fd, rtnl_fd = -EINVAL;
-
-        n = sd_listen_fds(true);
-        if (n <= 0)
-                return -EINVAL;
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
-                if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
-                        if (rtnl_fd >= 0)
-                                return -EINVAL;
-
-                        rtnl_fd = fd;
-                }
-        }
-
-        return rtnl_fd;
-}
-
-static int manager_connect_rtnl(Manager *m) {
-        int fd, r;
-
-        assert(m);
-
-        fd = systemd_netlink_fd();
-        if (fd < 0)
-                r = sd_netlink_open(&m->rtnl);
-        else
-                r = sd_netlink_open_fd(&m->rtnl, fd);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_inc_rcvbuf(m->rtnl, RCVBUF_SIZE);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_attach_event(m->rtnl, m->event, 0);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_add_match(m->rtnl, RTM_NEWLINK, &manager_rtnl_process_link, m);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_add_match(m->rtnl, RTM_DELLINK, &manager_rtnl_process_link, m);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_add_match(m->rtnl, RTM_NEWADDR, &manager_rtnl_process_address, m);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_add_match(m->rtnl, RTM_DELADDR, &manager_rtnl_process_address, m);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_add_match(m->rtnl, RTM_NEWROUTE, &manager_rtnl_process_route, m);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_add_match(m->rtnl, RTM_DELROUTE, &manager_rtnl_process_route, m);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int ordered_set_put_in_addr(OrderedSet *s, const struct in_addr *address) {
-        char *p;
-        int r;
-
-        assert(s);
-
-        r = in_addr_to_string(AF_INET, (const union in_addr_union*) address, &p);
-        if (r < 0)
-                return r;
-
-        r = ordered_set_consume(s, p);
-        if (r == -EEXIST)
-                return 0;
-
-        return r;
-}
-
-static int ordered_set_put_in_addrv(OrderedSet *s, const struct in_addr *addresses, int n) {
-        int r, i, c = 0;
-
-        assert(s);
-        assert(n <= 0 || addresses);
-
-        for (i = 0; i < n; i++) {
-                r = ordered_set_put_in_addr(s, addresses+i);
-                if (r < 0)
-                        return r;
-
-                c += r;
-        }
-
-        return c;
-}
-
-static void print_string_set(FILE *f, const char *field, OrderedSet *s) {
-        bool space = false;
-        Iterator i;
-        char *p;
-
-        if (ordered_set_isempty(s))
-                return;
-
-        fputs(field, f);
-
-        ORDERED_SET_FOREACH(p, s, i)
-                fputs_with_space(f, p, NULL, &space);
-
-        fputc('\n', f);
-}
-
-static int manager_save(Manager *m) {
-        _cleanup_ordered_set_free_free_ OrderedSet *dns = NULL, *ntp = NULL, *search_domains = NULL, *route_domains = NULL;
-        Link *link;
-        Iterator i;
-        _cleanup_free_ char *temp_path = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        LinkOperationalState operstate = LINK_OPERSTATE_OFF;
-        const char *operstate_str;
-        int r;
-
-        assert(m);
-        assert(m->state_file);
-
-        /* We add all NTP and DNS server to a set, to filter out duplicates */
-        dns = ordered_set_new(&string_hash_ops);
-        if (!dns)
-                return -ENOMEM;
-
-        ntp = ordered_set_new(&string_hash_ops);
-        if (!ntp)
-                return -ENOMEM;
-
-        search_domains = ordered_set_new(&dns_name_hash_ops);
-        if (!search_domains)
-                return -ENOMEM;
-
-        route_domains = ordered_set_new(&dns_name_hash_ops);
-        if (!route_domains)
-                return -ENOMEM;
-
-        HASHMAP_FOREACH(link, m->links, i) {
-                if (link->flags & IFF_LOOPBACK)
-                        continue;
-
-                if (link->operstate > operstate)
-                        operstate = link->operstate;
-
-                if (!link->network)
-                        continue;
-
-                /* First add the static configured entries */
-                r = ordered_set_put_strdupv(dns, link->network->dns);
-                if (r < 0)
-                        return r;
-
-                r = ordered_set_put_strdupv(ntp, link->network->ntp);
-                if (r < 0)
-                        return r;
-
-                r = ordered_set_put_strdupv(search_domains, link->network->search_domains);
-                if (r < 0)
-                        return r;
-
-                r = ordered_set_put_strdupv(route_domains, link->network->route_domains);
-                if (r < 0)
-                        return r;
-
-                if (!link->dhcp_lease)
-                        continue;
-
-                /* Secondly, add the entries acquired via DHCP */
-                if (link->network->dhcp_use_dns) {
-                        const struct in_addr *addresses;
-
-                        r = sd_dhcp_lease_get_dns(link->dhcp_lease, &addresses);
-                        if (r > 0) {
-                                r = ordered_set_put_in_addrv(dns, addresses, r);
-                                if (r < 0)
-                                        return r;
-                        } else if (r < 0 && r != -ENODATA)
-                                return r;
-                }
-
-                if (link->network->dhcp_use_ntp) {
-                        const struct in_addr *addresses;
-
-                        r = sd_dhcp_lease_get_ntp(link->dhcp_lease, &addresses);
-                        if (r > 0) {
-                                r = ordered_set_put_in_addrv(ntp, addresses, r);
-                                if (r < 0)
-                                        return r;
-                        } else if (r < 0 && r != -ENODATA)
-                                return r;
-                }
-
-                if (link->network->dhcp_use_domains != DHCP_USE_DOMAINS_NO) {
-                        const char *domainname;
-
-                        r = sd_dhcp_lease_get_domainname(link->dhcp_lease, &domainname);
-                        if (r >= 0) {
-
-                                if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_YES)
-                                        r = ordered_set_put_strdup(search_domains, domainname);
-                                else
-                                        r = ordered_set_put_strdup(route_domains, domainname);
-
-                                if (r < 0)
-                                        return r;
-                        } else if (r != -ENODATA)
-                                return r;
-                }
-        }
-
-        operstate_str = link_operstate_to_string(operstate);
-        assert(operstate_str);
-
-        r = fopen_temporary(m->state_file, &f, &temp_path);
-        if (r < 0)
-                return r;
-
-        fchmod(fileno(f), 0644);
-
-        fprintf(f,
-                "# This is private data. Do not parse.\n"
-                "OPER_STATE=%s\n", operstate_str);
-
-        print_string_set(f, "DNS=", dns);
-        print_string_set(f, "NTP=", ntp);
-        print_string_set(f, "DOMAINS=", search_domains);
-        print_string_set(f, "ROUTE_DOMAINS=", route_domains);
-
-        r = fflush_and_check(f);
-        if (r < 0)
-                goto fail;
-
-        if (rename(temp_path, m->state_file) < 0) {
-                r = -errno;
-                goto fail;
-        }
-
-        if (m->operational_state != operstate) {
-                m->operational_state = operstate;
-                r = manager_send_changed(m, "OperationalState", NULL);
-                if (r < 0)
-                        log_error_errno(r, "Could not emit changed OperationalState: %m");
-        }
-
-        m->dirty = false;
-
-        return 0;
-
-fail:
-        (void) unlink(m->state_file);
-        (void) unlink(temp_path);
-
-        return log_error_errno(r, "Failed to save network state to %s: %m", m->state_file);
-}
-
-static int manager_dirty_handler(sd_event_source *s, void *userdata) {
-        Manager *m = userdata;
-        Link *link;
-        Iterator i;
-        int r;
-
-        assert(m);
-
-        if (m->dirty)
-                manager_save(m);
-
-        SET_FOREACH(link, m->dirty_links, i) {
-                r = link_save(link);
-                if (r >= 0)
-                        link_clean(link);
-        }
-
-        return 1;
-}
-
-int manager_new(Manager **ret) {
-        _cleanup_manager_free_ Manager *m = NULL;
-        int r;
-
-        m = new0(Manager, 1);
-        if (!m)
-                return -ENOMEM;
-
-        m->state_file = strdup("/run/systemd/netif/state");
-        if (!m->state_file)
-                return -ENOMEM;
-
-        r = sd_event_default(&m->event);
-        if (r < 0)
-                return r;
-
-        sd_event_set_watchdog(m->event, true);
-
-        sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
-        sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
-
-        r = sd_event_add_post(m->event, NULL, manager_dirty_handler, m);
-        if (r < 0)
-                return r;
-
-        r = manager_connect_rtnl(m);
-        if (r < 0)
-                return r;
-
-        r = manager_connect_udev(m);
-        if (r < 0)
-                return r;
-
-        m->netdevs = hashmap_new(&string_hash_ops);
-        if (!m->netdevs)
-                return -ENOMEM;
-
-        LIST_HEAD_INIT(m->networks);
-
-        r = setup_default_address_pool(m);
-        if (r < 0)
-                return r;
-
-        m->duid.type = DUID_TYPE_EN;
-
-        *ret = m;
-        m = NULL;
-
-        return 0;
-}
-
-void manager_free(Manager *m) {
-        Network *network;
-        NetDev *netdev;
-        Link *link;
-        AddressPool *pool;
-
-        if (!m)
-                return;
-
-        free(m->state_file);
-
-        while ((link = hashmap_first(m->links)))
-                link_unref(link);
-        hashmap_free(m->links);
-
-        while ((network = m->networks))
-                network_free(network);
-
-        hashmap_free(m->networks_by_name);
-
-        while ((netdev = hashmap_first(m->netdevs)))
-                netdev_unref(netdev);
-        hashmap_free(m->netdevs);
-
-        while ((pool = m->address_pools))
-                address_pool_free(pool);
-
-        sd_netlink_unref(m->rtnl);
-        sd_event_unref(m->event);
-
-        sd_event_source_unref(m->udev_event_source);
-        udev_monitor_unref(m->udev_monitor);
-        udev_unref(m->udev);
-
-        sd_bus_unref(m->bus);
-        sd_bus_slot_unref(m->prepare_for_sleep_slot);
-        sd_event_source_unref(m->bus_retry_event_source);
-
-        free(m);
-}
-
-static bool manager_check_idle(void *userdata) {
-        Manager *m = userdata;
-        Link *link;
-        Iterator i;
-
-        assert(m);
-
-        /* Check whether we are idle now. The only case when we decide to be idle is when there's only a loopback
-         * device around, for which we have no configuration, and which already left the PENDING state. In all other
-         * cases we are not idle. */
-
-        HASHMAP_FOREACH(link, m->links, i) {
-                /* We are not woken on udev activity, so let's just wait for the pending udev event */
-                if (link->state == LINK_STATE_PENDING)
-                        return false;
-
-                if ((link->flags & IFF_LOOPBACK) == 0)
-                        return false;
-
-                if (link->network)
-                        return false;
-        }
-
-        return true;
-}
-
-int manager_run(Manager *m) {
-        Link *link;
-        Iterator i;
-
-        assert(m);
-
-        /* The dirty handler will deal with future serialization, but the first one
-           must be done explicitly. */
-
-        manager_save(m);
-
-        HASHMAP_FOREACH(link, m->links, i)
-                link_save(link);
-
-        if (m->bus)
-                return bus_event_loop_with_idle(
-                                m->event,
-                                m->bus,
-                                "org.freedesktop.network1",
-                                DEFAULT_EXIT_USEC,
-                                manager_check_idle,
-                                m);
-        else
-                /* failed to connect to the bus, so we lose exit-on-idle logic,
-                   this should not happen except if dbus is not around at all */
-                return sd_event_loop(m->event);
-}
-
-int manager_load_config(Manager *m) {
-        int r;
-
-        /* update timestamp */
-        paths_check_timestamp(network_dirs, &m->network_dirs_ts_usec, true);
-
-        r = netdev_load(m);
-        if (r < 0)
-                return r;
-
-        r = network_load(m);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-bool manager_should_reload(Manager *m) {
-        return paths_check_timestamp(network_dirs, &m->network_dirs_ts_usec, false);
-}
-
-int manager_rtnl_enumerate_links(Manager *m) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        sd_netlink_message *link;
-        int r;
-
-        assert(m);
-        assert(m->rtnl);
-
-        r = sd_rtnl_message_new_link(m->rtnl, &req, RTM_GETLINK, 0);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_request_dump(req, true);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(m->rtnl, req, 0, &reply);
-        if (r < 0)
-                return r;
-
-        for (link = reply; link; link = sd_netlink_message_next(link)) {
-                int k;
-
-                m->enumerating = true;
-
-                k = manager_rtnl_process_link(m->rtnl, link, m);
-                if (k < 0)
-                        r = k;
-
-                m->enumerating = false;
-        }
-
-        return r;
-}
-
-int manager_rtnl_enumerate_addresses(Manager *m) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        sd_netlink_message *addr;
-        int r;
-
-        assert(m);
-        assert(m->rtnl);
-
-        r = sd_rtnl_message_new_addr(m->rtnl, &req, RTM_GETADDR, 0, 0);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_request_dump(req, true);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(m->rtnl, req, 0, &reply);
-        if (r < 0)
-                return r;
-
-        for (addr = reply; addr; addr = sd_netlink_message_next(addr)) {
-                int k;
-
-                m->enumerating = true;
-
-                k = manager_rtnl_process_address(m->rtnl, addr, m);
-                if (k < 0)
-                        r = k;
-
-                m->enumerating = false;
-        }
-
-        return r;
-}
-
-int manager_rtnl_enumerate_routes(Manager *m) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
-        sd_netlink_message *route;
-        int r;
-
-        assert(m);
-        assert(m->rtnl);
-
-        r = sd_rtnl_message_new_route(m->rtnl, &req, RTM_GETROUTE, 0, 0);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_request_dump(req, true);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(m->rtnl, req, 0, &reply);
-        if (r < 0)
-                return r;
-
-        for (route = reply; route; route = sd_netlink_message_next(route)) {
-                int k;
-
-                m->enumerating = true;
-
-                k = manager_rtnl_process_route(m->rtnl, route, m);
-                if (k < 0)
-                        r = k;
-
-                m->enumerating = false;
-        }
-
-        return r;
-}
-
-int manager_address_pool_acquire(Manager *m, int family, unsigned prefixlen, union in_addr_union *found) {
-        AddressPool *p;
-        int r;
-
-        assert(m);
-        assert(prefixlen > 0);
-        assert(found);
-
-        LIST_FOREACH(address_pools, p, m->address_pools) {
-                if (p->family != family)
-                        continue;
-
-                r = address_pool_acquire(p, prefixlen, found);
-                if (r != 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-Link* manager_find_uplink(Manager *m, Link *exclude) {
-        _cleanup_free_ struct local_address *gateways = NULL;
-        int n, i;
-
-        assert(m);
-
-        /* Looks for a suitable "uplink", via black magic: an
-         * interface that is up and where the default route with the
-         * highest priority points to. */
-
-        n = local_gateways(m->rtnl, 0, AF_UNSPEC, &gateways);
-        if (n < 0) {
-                log_warning_errno(n, "Failed to determine list of default gateways: %m");
-                return NULL;
-        }
-
-        for (i = 0; i < n; i++) {
-                Link *link;
-
-                link = hashmap_get(m->links, INT_TO_PTR(gateways[i].ifindex));
-                if (!link) {
-                        log_debug("Weird, found a gateway for a link we don't know. Ignoring.");
-                        continue;
-                }
-
-                if (link == exclude)
-                        continue;
-
-                if (link->operstate < LINK_OPERSTATE_ROUTABLE)
-                        continue;
-
-                return link;
-        }
-
-        return NULL;
-}
-
-void manager_dirty(Manager *manager) {
-        assert(manager);
-
-        /* the serialized state in /run is no longer up-to-date */
-        manager->dirty = true;
-}
diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
deleted file mode 100644
index 1a380bd214..0000000000
--- a/src/network/networkd-ndisc.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2014 Intel Corporation. All rights reserved.
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/ether.h>
-#include <netinet/icmp6.h>
-#include <netinet/in.h>
-#include <linux/if.h>
-
-#include "sd-ndisc.h"
-
-#include "networkd.h"
-
-static int ndisc_netlink_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
-        _cleanup_link_unref_ Link *link = userdata;
-        int r;
-
-        assert(link);
-        assert(link->ndisc_messages > 0);
-
-        link->ndisc_messages--;
-
-        r = sd_netlink_message_get_errno(m);
-        if (r < 0 && r != -EEXIST) {
-                log_link_error_errno(link, r, "Could not set NDisc route or address: %m");
-                link_enter_failed(link);
-        }
-
-        if (link->ndisc_messages == 0) {
-                link->ndisc_configured = true;
-                link_check_ready(link);
-        }
-
-        return 1;
-}
-
-static void ndisc_prefix_autonomous_handler(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen,
-                                            unsigned lifetime_preferred, unsigned lifetime_valid, void *userdata) {
-        _cleanup_address_free_ Address *address = NULL;
-        Link *link = userdata;
-        usec_t time_now;
-        int r;
-
-        assert(nd);
-        assert(link);
-        assert(link->network);
-
-        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
-                return;
-
-        r = address_new(&address);
-        if (r < 0) {
-                log_link_error_errno(link, r, "Could not allocate address: %m");
-                return;
-        }
-
-        assert_se(sd_event_now(link->manager->event, clock_boottime_or_monotonic(), &time_now) >= 0);
-
-        address->family = AF_INET6;
-        address->in_addr.in6 = *prefix;
-        if (in_addr_is_null(AF_INET6, (const union in_addr_union *) &link->network->ipv6_token) == 0)
-                memcpy(((char *)&address->in_addr.in6) + 8, ((char *)&link->network->ipv6_token) + 8, 8);
-        else {
-                /* see RFC4291 section 2.5.1 */
-                address->in_addr.in6.s6_addr[8]  = link->mac.ether_addr_octet[0];
-                address->in_addr.in6.s6_addr[8] ^= 1 << 1;
-                address->in_addr.in6.s6_addr[9]  = link->mac.ether_addr_octet[1];
-                address->in_addr.in6.s6_addr[10] = link->mac.ether_addr_octet[2];
-                address->in_addr.in6.s6_addr[11] = 0xff;
-                address->in_addr.in6.s6_addr[12] = 0xfe;
-                address->in_addr.in6.s6_addr[13] = link->mac.ether_addr_octet[3];
-                address->in_addr.in6.s6_addr[14] = link->mac.ether_addr_octet[4];
-                address->in_addr.in6.s6_addr[15] = link->mac.ether_addr_octet[5];
-        }
-        address->prefixlen = prefixlen;
-        address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
-        address->cinfo.ifa_prefered = lifetime_preferred;
-        address->cinfo.ifa_valid = lifetime_valid;
-
-        r = address_configure(address, link, ndisc_netlink_handler, true);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "Could not set SLAAC address: %m");
-                link_enter_failed(link);
-                return;
-        }
-
-        link->ndisc_messages++;
-}
-
-static void ndisc_prefix_onlink_handler(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen, unsigned lifetime, void *userdata) {
-        _cleanup_route_free_ Route *route = NULL;
-        Link *link = userdata;
-        usec_t time_now;
-        int r;
-
-        assert(nd);
-        assert(link);
-
-        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
-                return;
-
-        r = route_new(&route);
-        if (r < 0) {
-                log_link_error_errno(link, r, "Could not allocate route: %m");
-                return;
-        }
-
-        assert_se(sd_event_now(link->manager->event, clock_boottime_or_monotonic(), &time_now) >= 0);
-
-        route->family = AF_INET6;
-        route->table = RT_TABLE_MAIN;
-        route->protocol = RTPROT_RA;
-        route->flags = RTM_F_PREFIX;
-        route->dst.in6 = *prefix;
-        route->dst_prefixlen = prefixlen;
-        route->lifetime = time_now + lifetime * USEC_PER_SEC;
-
-        r = route_configure(route, link, ndisc_netlink_handler);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "Could not set prefix route: %m");
-                link_enter_failed(link);
-                return;
-        }
-
-        link->ndisc_messages++;
-}
-
-static void ndisc_router_handler(sd_ndisc *nd, uint8_t flags, const struct in6_addr *gateway, unsigned lifetime, int pref, void *userdata) {
-        _cleanup_route_free_ Route *route = NULL;
-        Link *link = userdata;
-        usec_t time_now;
-        int r;
-
-        assert(link);
-        assert(link->network);
-        assert(link->manager);
-
-        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
-                return;
-
-        if (flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)) {
-                if (flags & ND_RA_FLAG_MANAGED)
-                        dhcp6_request_address(link);
-
-                r = sd_dhcp6_client_set_local_address(link->dhcp6_client, &link->ipv6ll_address);
-                if (r < 0 && r != -EBUSY)
-                        log_link_warning_errno(link, r, "Could not set IPv6LL address in DHCP client: %m");
-
-                r = sd_dhcp6_client_start(link->dhcp6_client);
-                if (r < 0 && r != -EBUSY)
-                        log_link_warning_errno(link, r, "Starting DHCPv6 client on NDisc request failed: %m");
-        }
-
-        if (!gateway)
-                return;
-
-        r = route_new(&route);
-        if (r < 0) {
-                log_link_error_errno(link, r, "Could not allocate route: %m");
-                return;
-        }
-
-        assert_se(sd_event_now(link->manager->event, clock_boottime_or_monotonic(), &time_now) >= 0);
-
-        route->family = AF_INET6;
-        route->table = RT_TABLE_MAIN;
-        route->protocol = RTPROT_RA;
-        route->pref = pref;
-        route->gw.in6 = *gateway;
-        route->lifetime = time_now + lifetime * USEC_PER_SEC;
-
-        r = route_configure(route, link, ndisc_netlink_handler);
-        if (r < 0) {
-                log_link_warning_errno(link, r, "Could not set default route: %m");
-                link_enter_failed(link);
-                return;
-        }
-
-        link->ndisc_messages++;
-}
-
-static void ndisc_handler(sd_ndisc *nd, int event, void *userdata) {
-        Link *link = userdata;
-        int r;
-
-        assert(link);
-
-        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
-                return;
-
-        switch (event) {
-        case SD_NDISC_EVENT_TIMEOUT:
-                dhcp6_request_address(link);
-
-                r = sd_dhcp6_client_set_local_address(link->dhcp6_client, &link->ipv6ll_address);
-                if (r < 0 && r != -EBUSY)
-                        log_link_warning_errno(link, r, "Could not set IPv6LL address in DHCP client: %m");
-
-                r = sd_dhcp6_client_start(link->dhcp6_client);
-                if (r < 0 && r != -EBUSY)
-                        log_link_warning_errno(link, r, "Starting DHCPv6 client after NDisc timeout failed: %m");
-
-                link->ndisc_configured = true;
-                link_check_ready(link);
-
-                break;
-        case SD_NDISC_EVENT_STOP:
-                break;
-        default:
-                log_link_warning(link, "IPv6 Neighbor Discovery unknown event: %d", event);
-        }
-}
-
-int ndisc_configure(Link *link) {
-        int r;
-
-        assert_return(link, -EINVAL);
-
-        r = sd_ndisc_new(&link->ndisc_router_discovery);
-        if (r < 0)
-                return r;
-
-        r = sd_ndisc_attach_event(link->ndisc_router_discovery, NULL, 0);
-        if (r < 0)
-                return r;
-
-        r = sd_ndisc_set_mac(link->ndisc_router_discovery, &link->mac);
-        if (r < 0)
-                return r;
-
-        r = sd_ndisc_set_index(link->ndisc_router_discovery, link->ifindex);
-        if (r < 0)
-                return r;
-
-        r = sd_ndisc_set_callback(link->ndisc_router_discovery,
-                                  ndisc_router_handler,
-                                  ndisc_prefix_onlink_handler,
-                                  ndisc_prefix_autonomous_handler,
-                                  ndisc_handler,
-                                  link);
-
-        return r;
-}
diff --git a/src/network/networkd-netdev-bond.c b/src/network/networkd-netdev-bond.c
deleted file mode 100644
index 7913b0088e..0000000000
--- a/src/network/networkd-netdev-bond.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/***
-    This file is part of systemd.
-
-    Copyright 2014  Tom Gundersen <teg@jklm.no>
-    Copyright 2014  Susant Sahani
-
-    systemd is free software; you can redistribute it and/or modify it
-    under the terms of the GNU Lesser General Public License as published by
-    the Free Software Foundation; either version 2.1 of the License, or
-    (at your option) any later version.
-
-    systemd is distributed in the hope that it will be useful, but
-    WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public License
-    along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/ether.h>
-#include <linux/if_bonding.h>
-
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "conf-parser.h"
-#include "extract-word.h"
-#include "missing.h"
-#include "networkd-netdev-bond.h"
-#include "string-table.h"
-#include "string-util.h"
-
-/*
- * Number of seconds between instances where the bonding
- * driver sends learning packets to each slaves peer switch
- */
-#define LEARNING_PACKETS_INTERVAL_MIN_SEC       (1 * USEC_PER_SEC)
-#define LEARNING_PACKETS_INTERVAL_MAX_SEC       (0x7fffffff * USEC_PER_SEC)
-
-/* Number of IGMP membership reports to be issued after
- * a failover event.
- */
-#define RESEND_IGMP_MIN           0
-#define RESEND_IGMP_MAX           255
-#define RESEND_IGMP_DEFAULT       1
-
-/*
- * Number of packets to transmit through a slave before
- * moving to the next one.
- */
-#define PACKETS_PER_SLAVE_MIN     0
-#define PACKETS_PER_SLAVE_MAX     65535
-#define PACKETS_PER_SLAVE_DEFAULT 1
-
-/*
- * Number of peer notifications (gratuitous ARPs and
- * unsolicited IPv6 Neighbor Advertisements) to be issued after a
- * failover event.
- */
-#define GRATUITOUS_ARP_MIN        0
-#define GRATUITOUS_ARP_MAX        255
-#define GRATUITOUS_ARP_DEFAULT    1
-
-static const char* const bond_mode_table[_NETDEV_BOND_MODE_MAX] = {
-        [NETDEV_BOND_MODE_BALANCE_RR] = "balance-rr",
-        [NETDEV_BOND_MODE_ACTIVE_BACKUP] = "active-backup",
-        [NETDEV_BOND_MODE_BALANCE_XOR] = "balance-xor",
-        [NETDEV_BOND_MODE_BROADCAST] = "broadcast",
-        [NETDEV_BOND_MODE_802_3AD] = "802.3ad",
-        [NETDEV_BOND_MODE_BALANCE_TLB] = "balance-tlb",
-        [NETDEV_BOND_MODE_BALANCE_ALB] = "balance-alb",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_mode, BondMode);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_mode, bond_mode, BondMode, "Failed to parse bond mode");
-
-static const char* const bond_xmit_hash_policy_table[_NETDEV_BOND_XMIT_HASH_POLICY_MAX] = {
-        [NETDEV_BOND_XMIT_HASH_POLICY_LAYER2] = "layer2",
-        [NETDEV_BOND_XMIT_HASH_POLICY_LAYER34] = "layer3+4",
-        [NETDEV_BOND_XMIT_HASH_POLICY_LAYER23] = "layer2+3",
-        [NETDEV_BOND_XMIT_HASH_POLICY_ENCAP23] = "encap2+3",
-        [NETDEV_BOND_XMIT_HASH_POLICY_ENCAP34] = "encap3+4",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_xmit_hash_policy, BondXmitHashPolicy);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_xmit_hash_policy,
-                         bond_xmit_hash_policy,
-                         BondXmitHashPolicy,
-                         "Failed to parse bond transmit hash policy")
-
-static const char* const bond_lacp_rate_table[_NETDEV_BOND_LACP_RATE_MAX] = {
-        [NETDEV_BOND_LACP_RATE_SLOW] = "slow",
-        [NETDEV_BOND_LACP_RATE_FAST] = "fast",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_lacp_rate, BondLacpRate);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_lacp_rate, bond_lacp_rate, BondLacpRate, "Failed to parse bond lacp rate")
-
-static const char* const bond_ad_select_table[_NETDEV_BOND_AD_SELECT_MAX] = {
-        [NETDEV_BOND_AD_SELECT_STABLE] = "stable",
-        [NETDEV_BOND_AD_SELECT_BANDWIDTH] = "bandwidth",
-        [NETDEV_BOND_AD_SELECT_COUNT] = "count",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_ad_select, BondAdSelect);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_ad_select, bond_ad_select, BondAdSelect, "Failed to parse bond AD select");
-
-static const char* const bond_fail_over_mac_table[_NETDEV_BOND_FAIL_OVER_MAC_MAX] = {
-        [NETDEV_BOND_FAIL_OVER_MAC_NONE] = "none",
-        [NETDEV_BOND_FAIL_OVER_MAC_ACTIVE] = "active",
-        [NETDEV_BOND_FAIL_OVER_MAC_FOLLOW] = "follow",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_fail_over_mac, BondFailOverMac);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_fail_over_mac, bond_fail_over_mac, BondFailOverMac, "Failed to parse bond fail over MAC");
-
-static const char *const bond_arp_validate_table[_NETDEV_BOND_ARP_VALIDATE_MAX] = {
-        [NETDEV_BOND_ARP_VALIDATE_NONE] = "none",
-        [NETDEV_BOND_ARP_VALIDATE_ACTIVE]= "active",
-        [NETDEV_BOND_ARP_VALIDATE_BACKUP]= "backup",
-        [NETDEV_BOND_ARP_VALIDATE_ALL]= "all",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_arp_validate, BondArpValidate);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_arp_validate, bond_arp_validate, BondArpValidate, "Failed to parse bond arp validate");
-
-static const char *const bond_arp_all_targets_table[_NETDEV_BOND_ARP_ALL_TARGETS_MAX] = {
-        [NETDEV_BOND_ARP_ALL_TARGETS_ANY] = "any",
-        [NETDEV_BOND_ARP_ALL_TARGETS_ALL] = "all",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_arp_all_targets, BondArpAllTargets);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_arp_all_targets, bond_arp_all_targets, BondArpAllTargets, "Failed to parse bond Arp all targets");
-
-static const char *bond_primary_reselect_table[_NETDEV_BOND_PRIMARY_RESELECT_MAX] = {
-        [NETDEV_BOND_PRIMARY_RESELECT_ALWAYS] = "always",
-        [NETDEV_BOND_PRIMARY_RESELECT_BETTER]= "better",
-        [NETDEV_BOND_PRIMARY_RESELECT_FAILURE]= "failure",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bond_primary_reselect, BondPrimaryReselect);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_primary_reselect, bond_primary_reselect, BondPrimaryReselect, "Failed to parse bond primary reselect");
-
-static uint8_t bond_mode_to_kernel(BondMode mode) {
-        switch (mode) {
-        case NETDEV_BOND_MODE_BALANCE_RR:
-                return BOND_MODE_ROUNDROBIN;
-        case NETDEV_BOND_MODE_ACTIVE_BACKUP:
-                return BOND_MODE_ACTIVEBACKUP;
-        case NETDEV_BOND_MODE_BALANCE_XOR:
-                return BOND_MODE_XOR;
-        case NETDEV_BOND_MODE_BROADCAST:
-                return BOND_MODE_BROADCAST;
-        case NETDEV_BOND_MODE_802_3AD:
-                return BOND_MODE_8023AD;
-        case NETDEV_BOND_MODE_BALANCE_TLB:
-                return BOND_MODE_TLB;
-        case NETDEV_BOND_MODE_BALANCE_ALB:
-                return BOND_MODE_ALB;
-        default:
-                return (uint8_t) -1;
-        }
-}
-
-static uint8_t bond_xmit_hash_policy_to_kernel(BondXmitHashPolicy policy) {
-        switch (policy) {
-        case NETDEV_BOND_XMIT_HASH_POLICY_LAYER2:
-                return BOND_XMIT_POLICY_LAYER2;
-        case NETDEV_BOND_XMIT_HASH_POLICY_LAYER34:
-                return BOND_XMIT_POLICY_LAYER34;
-        case NETDEV_BOND_XMIT_HASH_POLICY_LAYER23:
-                return BOND_XMIT_POLICY_LAYER23;
-        case NETDEV_BOND_XMIT_HASH_POLICY_ENCAP23:
-                return BOND_XMIT_POLICY_ENCAP23;
-        case NETDEV_BOND_XMIT_HASH_POLICY_ENCAP34:
-                return BOND_XMIT_POLICY_ENCAP34;
-        default:
-                return (uint8_t) -1;
-        }
-}
-
-static int netdev_bond_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Bond *b;
-        ArpIpTarget *target = NULL;
-        int r, i = 0;
-
-        assert(netdev);
-        assert(!link);
-        assert(m);
-
-        b = BOND(netdev);
-
-        assert(b);
-
-        if (b->mode != _NETDEV_BOND_MODE_INVALID) {
-                r = sd_netlink_message_append_u8(m, IFLA_BOND_MODE,
-                                              bond_mode_to_kernel(b->mode));
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_MODE attribute: %m");
-        }
-
-        if (b->xmit_hash_policy != _NETDEV_BOND_XMIT_HASH_POLICY_INVALID) {
-                r = sd_netlink_message_append_u8(m, IFLA_BOND_XMIT_HASH_POLICY,
-                                              bond_xmit_hash_policy_to_kernel(b->xmit_hash_policy));
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_XMIT_HASH_POLICY attribute: %m");
-        }
-
-        if (b->lacp_rate != _NETDEV_BOND_LACP_RATE_INVALID &&
-            b->mode == NETDEV_BOND_MODE_802_3AD) {
-                r = sd_netlink_message_append_u8(m, IFLA_BOND_AD_LACP_RATE, b->lacp_rate );
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_AD_LACP_RATE attribute: %m");
-        }
-
-        if (b->miimon != 0) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_MIIMON, b->miimon / USEC_PER_MSEC);
-                if (r < 0)
-                        log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_BOND_MIIMON attribute: %m");
-        }
-
-        if (b->downdelay != 0) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_DOWNDELAY, b->downdelay / USEC_PER_MSEC);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_DOWNDELAY attribute: %m");
-        }
-
-        if (b->updelay != 0) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_UPDELAY, b->updelay / USEC_PER_MSEC);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_UPDELAY attribute: %m");
-        }
-
-        if (b->arp_interval != 0) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_INTERVAL, b->arp_interval / USEC_PER_MSEC);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_INTERVAL attribute: %m");
-
-                if ((b->lp_interval >= LEARNING_PACKETS_INTERVAL_MIN_SEC) &&
-                    (b->lp_interval <= LEARNING_PACKETS_INTERVAL_MAX_SEC)) {
-                        r = sd_netlink_message_append_u32(m, IFLA_BOND_LP_INTERVAL, b->lp_interval / USEC_PER_SEC);
-                        if (r < 0)
-                                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_LP_INTERVAL attribute: %m");
-                }
-        }
-
-        if (b->ad_select != _NETDEV_BOND_AD_SELECT_INVALID &&
-            b->mode == NETDEV_BOND_MODE_802_3AD) {
-                r = sd_netlink_message_append_u8(m, IFLA_BOND_AD_SELECT, b->ad_select);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_AD_SELECT attribute: %m");
-        }
-
-        if (b->fail_over_mac != _NETDEV_BOND_FAIL_OVER_MAC_INVALID &&
-            b->mode == NETDEV_BOND_MODE_ACTIVE_BACKUP) {
-                r = sd_netlink_message_append_u8(m, IFLA_BOND_FAIL_OVER_MAC, b->fail_over_mac);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_FAIL_OVER_MAC attribute: %m");
-        }
-
-        if (b->arp_validate != _NETDEV_BOND_ARP_VALIDATE_INVALID) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_VALIDATE, b->arp_validate);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_VALIDATE attribute: %m");
-        }
-
-        if (b->arp_all_targets != _NETDEV_BOND_ARP_ALL_TARGETS_INVALID) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_ALL_TARGETS, b->arp_all_targets);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_VALIDATE attribute: %m");
-        }
-
-        if (b->primary_reselect != _NETDEV_BOND_PRIMARY_RESELECT_INVALID) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_ARP_ALL_TARGETS, b->primary_reselect);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_ALL_TARGETS attribute: %m");
-        }
-
-        if (b->resend_igmp <= RESEND_IGMP_MAX) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_RESEND_IGMP, b->resend_igmp);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_RESEND_IGMP attribute: %m");
-        }
-
-        if (b->packets_per_slave <= PACKETS_PER_SLAVE_MAX &&
-            b->mode == NETDEV_BOND_MODE_BALANCE_RR) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_PACKETS_PER_SLAVE, b->packets_per_slave);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_PACKETS_PER_SLAVE attribute: %m");
-        }
-
-        if (b->num_grat_arp <= GRATUITOUS_ARP_MAX) {
-                r = sd_netlink_message_append_u8(m, IFLA_BOND_NUM_PEER_NOTIF, b->num_grat_arp);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_NUM_PEER_NOTIF attribute: %m");
-        }
-
-        if (b->min_links != 0) {
-                r = sd_netlink_message_append_u32(m, IFLA_BOND_MIN_LINKS, b->min_links);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_MIN_LINKS attribute: %m");
-        }
-
-        r = sd_netlink_message_append_u8(m, IFLA_BOND_ALL_SLAVES_ACTIVE, b->all_slaves_active);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ALL_SLAVES_ACTIVE attribute: %m");
-
-        if (b->arp_interval > 0)  {
-                if (b->n_arp_ip_targets > 0) {
-
-                        r = sd_netlink_message_open_container(m, IFLA_BOND_ARP_IP_TARGET);
-                        if (r < 0)
-                                return log_netdev_error_errno(netdev, r, "Could not open contaniner IFLA_BOND_ARP_IP_TARGET : %m");
-
-                        LIST_FOREACH(arp_ip_target, target, b->arp_ip_targets) {
-                                r = sd_netlink_message_append_u32(m, i++, target->ip.in.s_addr);
-                                if (r < 0)
-                                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_BOND_ARP_ALL_TARGETS attribute: %m");
-                        }
-
-                        r = sd_netlink_message_close_container(m);
-                        if (r < 0)
-                                return log_netdev_error_errno(netdev, r, "Could not close contaniner IFLA_BOND_ARP_IP_TARGET : %m");
-                }
-        }
-
-        return 0;
-}
-
-int config_parse_arp_ip_target_address(const char *unit,
-                                       const char *filename,
-                                       unsigned line,
-                                       const char *section,
-                                       unsigned section_line,
-                                       const char *lvalue,
-                                       int ltype,
-                                       const char *rvalue,
-                                       void *data,
-                                       void *userdata) {
-        Bond *b = userdata;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-        assert(data);
-
-        for (;;) {
-                _cleanup_free_ ArpIpTarget *buffer = NULL;
-                _cleanup_free_ char *n = NULL;
-                int f;
-
-                r = extract_first_word(&rvalue, &n, NULL, 0);
-                if (r < 0) {
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse Bond ARP ip target address, ignoring assignment: %s", rvalue);
-                        return 0;
-                }
-
-                if (r == 0)
-                        break;
-
-                buffer = new0(ArpIpTarget, 1);
-                if (!buffer)
-                        return -ENOMEM;
-
-                r = in_addr_from_string_auto(n, &f, &buffer->ip);
-                if (r < 0) {
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Bond ARP ip target address is invalid, ignoring assignment: %s", n);
-                        return 0;
-                }
-
-                if (f != AF_INET) {
-                        log_syntax(unit, LOG_ERR, filename, line, 0, "Bond ARP ip target address is invalid, ignoring assignment: %s", n);
-                        return 0;
-                }
-
-                LIST_PREPEND(arp_ip_target, b->arp_ip_targets, buffer);
-                b->n_arp_ip_targets++;
-
-                buffer = NULL;
-        }
-
-        if (b->n_arp_ip_targets > NETDEV_BOND_ARP_TARGETS_MAX)
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "More than the maximum number of kernel-supported ARP ip targets specified: %d > %d",
-                           b->n_arp_ip_targets, NETDEV_BOND_ARP_TARGETS_MAX);
-
-        return 0;
-}
-
-static void bond_done(NetDev *netdev) {
-        ArpIpTarget *t = NULL, *n = NULL;
-        Bond *b;
-
-        assert(netdev);
-
-        b = BOND(netdev);
-
-        assert(b);
-
-        LIST_FOREACH_SAFE(arp_ip_target, t, n, b->arp_ip_targets)
-                free(t);
-
-        b->arp_ip_targets = NULL;
-}
-
-static void bond_init(NetDev *netdev) {
-        Bond *b;
-
-        assert(netdev);
-
-        b = BOND(netdev);
-
-        assert(b);
-
-        b->mode = _NETDEV_BOND_MODE_INVALID;
-        b->xmit_hash_policy = _NETDEV_BOND_XMIT_HASH_POLICY_INVALID;
-        b->lacp_rate = _NETDEV_BOND_LACP_RATE_INVALID;
-        b->ad_select = _NETDEV_BOND_AD_SELECT_INVALID;
-        b->fail_over_mac = _NETDEV_BOND_FAIL_OVER_MAC_INVALID;
-        b->arp_validate = _NETDEV_BOND_ARP_VALIDATE_INVALID;
-        b->arp_all_targets = _NETDEV_BOND_ARP_ALL_TARGETS_INVALID;
-        b->primary_reselect = _NETDEV_BOND_PRIMARY_RESELECT_INVALID;
-
-        b->all_slaves_active = false;
-
-        b->resend_igmp = RESEND_IGMP_DEFAULT;
-        b->packets_per_slave = PACKETS_PER_SLAVE_DEFAULT;
-        b->num_grat_arp = GRATUITOUS_ARP_DEFAULT;
-        b->lp_interval = LEARNING_PACKETS_INTERVAL_MIN_SEC;
-
-        LIST_HEAD_INIT(b->arp_ip_targets);
-        b->n_arp_ip_targets = 0;
-}
-
-const NetDevVTable bond_vtable = {
-        .object_size = sizeof(Bond),
-        .init = bond_init,
-        .done = bond_done,
-        .sections = "Match\0NetDev\0Bond\0",
-        .fill_message_create = netdev_bond_fill_message_create,
-        .create_type = NETDEV_CREATE_MASTER,
-};
diff --git a/src/network/networkd-netdev-tunnel.c b/src/network/networkd-netdev-tunnel.c
deleted file mode 100644
index 7aaa041ba3..0000000000
--- a/src/network/networkd-netdev-tunnel.c
+++ /dev/null
@@ -1,650 +0,0 @@
-/***
-    This file is part of systemd.
-
-    Copyright 2014 Susant Sahani
-
-    systemd is free software; you can redistribute it and/or modify it
-    under the terms of the GNU Lesser General Public License as published by
-    the Free Software Foundation; either version 2.1 of the License, or
-    (at your option) any later version.
-
-    systemd is distributed in the hope that it will be useful, but
-    WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public License
-    along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <arpa/inet.h>
-#include <net/if.h>
-#include <linux/ip.h>
-#include <linux/if_tunnel.h>
-#include <linux/ip6_tunnel.h>
-
-#include "sd-netlink.h"
-
-#include "conf-parser.h"
-#include "missing.h"
-#include "networkd-link.h"
-#include "networkd-netdev-tunnel.h"
-#include "parse-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "util.h"
-
-#define DEFAULT_TNL_HOP_LIMIT   64
-#define IP6_FLOWINFO_FLOWLABEL  htonl(0x000FFFFF)
-
-static const char* const ip6tnl_mode_table[_NETDEV_IP6_TNL_MODE_MAX] = {
-        [NETDEV_IP6_TNL_MODE_IP6IP6] = "ip6ip6",
-        [NETDEV_IP6_TNL_MODE_IPIP6] = "ipip6",
-        [NETDEV_IP6_TNL_MODE_ANYIP6] = "any",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(ip6tnl_mode, Ip6TnlMode);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_ip6tnl_mode, ip6tnl_mode, Ip6TnlMode, "Failed to parse ip6 tunnel Mode");
-
-static int netdev_ipip_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Tunnel *t = IPIP(netdev);
-        int r;
-
-        assert(netdev);
-        assert(link);
-        assert(m);
-        assert(t);
-        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
-
-        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_LOCAL, &t->local.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL  attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PMTUDISC, t->pmtudisc);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m");
-
-        return r;
-}
-
-static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Tunnel *t = SIT(netdev);
-        int r;
-
-        assert(netdev);
-        assert(link);
-        assert(m);
-        assert(t);
-        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
-
-        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_LOCAL, &t->local.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PMTUDISC, t->pmtudisc);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m");
-
-        return r;
-}
-
-static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Tunnel *t;
-        int r;
-
-        assert(netdev);
-
-        if (netdev->kind == NETDEV_KIND_GRE)
-                t = GRE(netdev);
-        else
-                t = GRETAP(netdev);
-
-        assert(t);
-        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
-        assert(link);
-        assert(m);
-
-        r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_GRE_LOCAL, &t->local.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_GRE_REMOTE, &t->remote.in);
-        if (r < 0)
-                log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_GRE_TOS, t->tos);
-        if (r < 0)
-                log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TOS attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_GRE_PMTUDISC, t->pmtudisc);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_PMTUDISC attribute: %m");
-
-        return r;
-}
-
-static int netdev_ip6gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Tunnel *t;
-        int r;
-
-        assert(netdev);
-
-        if (netdev->kind == NETDEV_KIND_IP6GRE)
-                t = IP6GRE(netdev);
-        else
-                t = IP6GRETAP(netdev);
-
-        assert(t);
-        assert(t->family == AF_INET6);
-        assert(link);
-        assert(m);
-
-        r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m");
-
-        r = sd_netlink_message_append_in6_addr(m, IFLA_GRE_LOCAL, &t->local.in6);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m");
-
-        r = sd_netlink_message_append_in6_addr(m, IFLA_GRE_REMOTE, &t->remote.in6);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m");
-
-        if (t->ipv6_flowlabel != _NETDEV_IPV6_FLOWLABEL_INVALID) {
-                r = sd_netlink_message_append_u32(m, IFLA_GRE_FLOWINFO, t->ipv6_flowlabel);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_FLOWINFO attribute: %m");
-        }
-
-        r = sd_netlink_message_append_u32(m, IFLA_GRE_FLAGS, t->flags);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_FLAGS attribute: %m");
-
-        return r;
-}
-
-static int netdev_vti_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Tunnel *t = VTI(netdev);
-        int r;
-
-        assert(netdev);
-        assert(link);
-        assert(m);
-        assert(t);
-        assert(t->family == AF_INET);
-
-        r = sd_netlink_message_append_u32(m, IFLA_VTI_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_VTI_LOCAL, &t->local.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_VTI_REMOTE, &t->remote.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
-
-        return r;
-}
-
-static int netdev_vti6_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Tunnel *t = VTI6(netdev);
-        int r;
-
-        assert(netdev);
-        assert(link);
-        assert(m);
-        assert(t);
-        assert(t->family == AF_INET6);
-
-        r = sd_netlink_message_append_u32(m, IFLA_VTI_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
-
-        r = sd_netlink_message_append_in6_addr(m, IFLA_VTI_LOCAL, &t->local.in6);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
-
-        r = sd_netlink_message_append_in6_addr(m, IFLA_VTI_REMOTE, &t->remote.in6);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
-
-        return r;
-}
-
-static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Tunnel *t = IP6TNL(netdev);
-        uint8_t proto;
-        int r;
-
-        assert(netdev);
-        assert(link);
-        assert(m);
-        assert(t);
-        assert(t->family == AF_INET6);
-
-        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
-
-        r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_LOCAL, &t->local.in6);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
-
-        r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in6);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m");
-
-        if (t->ipv6_flowlabel != _NETDEV_IPV6_FLOWLABEL_INVALID) {
-                r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLOWINFO, t->ipv6_flowlabel);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLOWINFO attribute: %m");
-        }
-
-        if (t->copy_dscp)
-                t->flags |= IP6_TNL_F_RCV_DSCP_COPY;
-
-        if (t->encap_limit != IPV6_DEFAULT_TNL_ENCAP_LIMIT) {
-                r = sd_netlink_message_append_u8(m, IFLA_IPTUN_ENCAP_LIMIT, t->encap_limit);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_ENCAP_LIMIT attribute: %m");
-        }
-
-        r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLAGS, t->flags);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLAGS attribute: %m");
-
-        switch (t->ip6tnl_mode) {
-        case NETDEV_IP6_TNL_MODE_IP6IP6:
-                proto = IPPROTO_IPV6;
-                break;
-        case NETDEV_IP6_TNL_MODE_IPIP6:
-                proto = IPPROTO_IPIP;
-                break;
-        case NETDEV_IP6_TNL_MODE_ANYIP6:
-        default:
-                proto = 0;
-                break;
-        }
-
-        r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PROTO, proto);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_MODE attribute: %m");
-
-        return r;
-}
-
-static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
-        Tunnel *t = NULL;
-
-        assert(netdev);
-        assert(filename);
-
-        switch (netdev->kind) {
-        case NETDEV_KIND_IPIP:
-                t = IPIP(netdev);
-                break;
-        case NETDEV_KIND_SIT:
-                t = SIT(netdev);
-                break;
-        case NETDEV_KIND_GRE:
-                t = GRE(netdev);
-                break;
-        case NETDEV_KIND_GRETAP:
-                t = GRETAP(netdev);
-                break;
-        case NETDEV_KIND_IP6GRE:
-                t = IP6GRE(netdev);
-                break;
-        case NETDEV_KIND_IP6GRETAP:
-                t = IP6GRETAP(netdev);
-                break;
-        case NETDEV_KIND_VTI:
-                t = VTI(netdev);
-                break;
-        case NETDEV_KIND_VTI6:
-                t = VTI6(netdev);
-                break;
-        case NETDEV_KIND_IP6TNL:
-                t = IP6TNL(netdev);
-                break;
-        default:
-                assert_not_reached("Invalid tunnel kind");
-        }
-
-        assert(t);
-
-        if (t->family != AF_INET && t->family != AF_INET6 && t->family != 0) {
-                log_warning("Tunnel with invalid address family configured in %s. Ignoring", filename);
-                return -EINVAL;
-        }
-
-        if (netdev->kind == NETDEV_KIND_IP6TNL) {
-                if (t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) {
-                        log_warning("IP6 Tunnel without mode configured in %s. Ignoring", filename);
-                        return -EINVAL;
-                }
-        }
-
-        return 0;
-}
-
-int config_parse_tunnel_address(const char *unit,
-                                const char *filename,
-                                unsigned line,
-                                const char *section,
-                                unsigned section_line,
-                                const char *lvalue,
-                                int ltype,
-                                const char *rvalue,
-                                void *data,
-                                void *userdata) {
-        Tunnel *t = userdata;
-        union in_addr_union *addr = data, buffer;
-        int r, f;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-        assert(data);
-
-        if (streq(rvalue, "any")) {
-                t->family = 0;
-                return 0;
-        } else {
-
-                r = in_addr_from_string_auto(rvalue, &f, &buffer);
-                if (r < 0) {
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Tunnel address is invalid, ignoring assignment: %s", rvalue);
-                        return 0;
-                }
-
-                if (t->family != AF_UNSPEC && t->family != f) {
-                        log_syntax(unit, LOG_ERR, filename, line, 0, "Tunnel addresses incompatible, ignoring assignment: %s", rvalue);
-                        return 0;
-                }
-        }
-
-        t->family = f;
-        *addr = buffer;
-
-        return 0;
-}
-
-int config_parse_ipv6_flowlabel(const char* unit,
-                                const char *filename,
-                                unsigned line,
-                                const char *section,
-                                unsigned section_line,
-                                const char *lvalue,
-                                int ltype,
-                                const char *rvalue,
-                                void *data,
-                                void *userdata) {
-        IPv6FlowLabel *ipv6_flowlabel = data;
-        Tunnel *t = userdata;
-        int k = 0;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-        assert(ipv6_flowlabel);
-
-        if (streq(rvalue, "inherit")) {
-                *ipv6_flowlabel = IP6_FLOWINFO_FLOWLABEL;
-                t->flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL;
-        } else {
-                r = config_parse_int(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &k, userdata);
-                if (r < 0)
-                        return r;
-
-                if (k > 0xFFFFF)
-                        log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IPv6 flowlabel option, ignoring: %s", rvalue);
-                else {
-                        *ipv6_flowlabel = htonl(k) & IP6_FLOWINFO_FLOWLABEL;
-                        t->flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL;
-                }
-        }
-
-        return 0;
-}
-
-int config_parse_encap_limit(const char* unit,
-                             const char *filename,
-                             unsigned line,
-                             const char *section,
-                             unsigned section_line,
-                             const char *lvalue,
-                              int ltype,
-                             const char *rvalue,
-                             void *data,
-                             void *userdata) {
-        Tunnel *t = userdata;
-        int k = 0;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-
-        if (streq(rvalue, "none"))
-                t->flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
-        else {
-                r = safe_atoi(rvalue, &k);
-                if (r < 0) {
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse Tunnel Encapsulation Limit option, ignoring: %s", rvalue);
-                        return 0;
-                }
-
-                if (k > 255 || k < 0)
-                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid Tunnel Encapsulation value, ignoring: %d", k);
-                else {
-                        t->encap_limit = k;
-                        t->flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT;
-                }
-        }
-
-        return 0;
-}
-
-static void ipip_init(NetDev *n) {
-        Tunnel *t = IPIP(n);
-
-        assert(n);
-        assert(t);
-
-        t->pmtudisc = true;
-        t->family = AF_UNSPEC;
-}
-
-static void sit_init(NetDev *n) {
-        Tunnel *t = SIT(n);
-
-        assert(n);
-        assert(t);
-
-        t->pmtudisc = true;
-        t->family = AF_UNSPEC;
-}
-
-static void vti_init(NetDev *n) {
-        Tunnel *t;
-
-        assert(n);
-
-        if (n->kind == NETDEV_KIND_VTI)
-                t = VTI(n);
-        else
-                t = VTI6(n);
-
-        assert(t);
-
-        t->pmtudisc = true;
-}
-
-static void gre_init(NetDev *n) {
-        Tunnel *t;
-
-        assert(n);
-
-        if (n->kind == NETDEV_KIND_GRE)
-                t = GRE(n);
-        else
-                t = GRETAP(n);
-
-        assert(t);
-
-        t->pmtudisc = true;
-        t->family = AF_UNSPEC;
-}
-
-static void ip6gre_init(NetDev *n) {
-        Tunnel *t;
-
-        assert(n);
-
-        if (n->kind == NETDEV_KIND_IP6GRE)
-                t = IP6GRE(n);
-        else
-                t = IP6GRETAP(n);
-
-        assert(t);
-
-        t->ttl = DEFAULT_TNL_HOP_LIMIT;
-}
-
-static void ip6tnl_init(NetDev *n) {
-        Tunnel *t = IP6TNL(n);
-
-        assert(n);
-        assert(t);
-
-        t->ttl = DEFAULT_TNL_HOP_LIMIT;
-        t->encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
-        t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID;
-        t->ipv6_flowlabel = _NETDEV_IPV6_FLOWLABEL_INVALID;
-}
-
-const NetDevVTable ipip_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = ipip_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_ipip_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable sit_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = sit_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_sit_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable vti_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = vti_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_vti_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable vti6_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = vti_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_vti6_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable gre_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = gre_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_gre_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable gretap_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = gre_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_gre_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable ip6gre_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = ip6gre_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_ip6gre_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable ip6gretap_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = ip6gre_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_ip6gre_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
-
-const NetDevVTable ip6tnl_vtable = {
-        .object_size = sizeof(Tunnel),
-        .init = ip6tnl_init,
-        .sections = "Match\0NetDev\0Tunnel\0",
-        .fill_message_create = netdev_ip6tnl_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_tunnel_verify,
-};
diff --git a/src/network/networkd-netdev-veth.c b/src/network/networkd-netdev-veth.c
deleted file mode 100644
index b122a06c25..0000000000
--- a/src/network/networkd-netdev-veth.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/***
-    This file is part of systemd.
-
-    Copyright 2014 Susant Sahani <susant@redhat.com>
-
-    systemd is free software; you can redistribute it and/or modify it
-    under the terms of the GNU Lesser General Public License as published by
-    the Free Software Foundation; either version 2.1 of the License, or
-    (at your option) any later version.
-
-    systemd is distributed in the hope that it will be useful, but
-    WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public License
-    along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/if.h>
-#include <linux/veth.h>
-
-#include "sd-netlink.h"
-
-#include "networkd-netdev-veth.h"
-
-static int netdev_veth_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        Veth *v;
-        int r;
-
-        assert(netdev);
-        assert(!link);
-        assert(m);
-
-        v = VETH(netdev);
-
-        assert(v);
-
-        r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append VETH_INFO_PEER attribute: %m");
-
-        if (v->ifname_peer) {
-                r = sd_netlink_message_append_string(m, IFLA_IFNAME, v->ifname_peer);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink interface name: %m");
-        }
-
-        if (v->mac_peer) {
-                r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, v->mac_peer);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_ADDRESS attribute: %m");
-        }
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
-
-        return r;
-}
-
-static int netdev_veth_verify(NetDev *netdev, const char *filename) {
-        Veth *v;
-        int r;
-
-        assert(netdev);
-        assert(filename);
-
-        v = VETH(netdev);
-
-        assert(v);
-
-        if (!v->ifname_peer) {
-                log_warning("Veth NetDev without peer name configured in %s. Ignoring",
-                            filename);
-                return -EINVAL;
-        }
-
-        if (!v->mac_peer) {
-                r = netdev_get_mac(v->ifname_peer, &v->mac_peer);
-                if (r < 0) {
-                        log_warning("Failed to generate predictable MAC address for %s. Ignoring",
-                                  v->ifname_peer);
-                        return -EINVAL;
-                }
-        }
-
-        return 0;
-}
-
-static void veth_done(NetDev *n) {
-        Veth *v;
-
-        assert(n);
-
-        v = VETH(n);
-
-        assert(v);
-
-        free(v->ifname_peer);
-        free(v->mac_peer);
-}
-
-const NetDevVTable veth_vtable = {
-        .object_size = sizeof(Veth),
-        .sections = "Match\0NetDev\0Peer\0",
-        .done = veth_done,
-        .fill_message_create = netdev_veth_fill_message_create,
-        .create_type = NETDEV_CREATE_INDEPENDENT,
-        .config_verify = netdev_veth_verify,
-};
diff --git a/src/network/networkd-netdev-vxlan.c b/src/network/networkd-netdev-vxlan.c
deleted file mode 100644
index 724f9861be..0000000000
--- a/src/network/networkd-netdev-vxlan.c
+++ /dev/null
@@ -1,296 +0,0 @@
-/***
-    This file is part of systemd.
-
-    Copyright 2014 Susant Sahani
-
-    systemd is free software; you can redistribute it and/or modify it
-    under the terms of the GNU Lesser General Public License as published by
-    the Free Software Foundation; either version 2.1 of the License, or
-    (at your option) any later version.
-
-    systemd is distributed in the hope that it will be useful, but
-    WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public License
-    along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/if.h>
-
-#include "sd-netlink.h"
-
-#include "conf-parser.h"
-#include "alloc-util.h"
-#include "extract-word.h"
-#include "parse-util.h"
-#include "missing.h"
-
-#include "networkd-link.h"
-#include "networkd-netdev-vxlan.h"
-
-static int netdev_vxlan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
-        VxLan *v;
-        int r;
-
-        assert(netdev);
-        assert(link);
-        assert(m);
-
-        v = VXLAN(netdev);
-
-        assert(v);
-
-        if (v->id <= VXLAN_VID_MAX) {
-                r = sd_netlink_message_append_u32(m, IFLA_VXLAN_ID, v->id);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_ID attribute: %m");
-        }
-
-        r = sd_netlink_message_append_in_addr(m, IFLA_VXLAN_GROUP, &v->group.in);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_GROUP attribute: %m");
-
-        r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LINK, link->ifindex);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LINK attribute: %m");
-
-        if (v->ttl) {
-                r = sd_netlink_message_append_u8(m, IFLA_VXLAN_TTL, v->ttl);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_TTL attribute: %m");
-        }
-
-        if (v->tos) {
-                r = sd_netlink_message_append_u8(m, IFLA_VXLAN_TOS, v->tos);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_TOS attribute: %m");
-        }
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_LEARNING, v->learning);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LEARNING attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_RSC, v->route_short_circuit);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_RSC attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_PROXY, v->arp_proxy);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_PROXY attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_L2MISS, v->l2miss);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_L2MISS attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_L3MISS, v->l3miss);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_L3MISS attribute: %m");
-
-        if (v->fdb_ageing) {
-                r = sd_netlink_message_append_u32(m, IFLA_VXLAN_AGEING, v->fdb_ageing / USEC_PER_SEC);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_AGEING attribute: %m");
-        }
-
-        if (v->max_fdb) {
-                r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LIMIT, v->max_fdb);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LIMIT attribute: %m");
-        }
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_UDP_CSUM, v->udpcsum);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_UDP_CSUM attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, v->udp6zerocsumtx);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_UDP_ZERO_CSUM6_TX attribute: %m");
-
-        r = sd_netlink_message_append_u8(m, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, v->udp6zerocsumrx);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_UDP_ZERO_CSUM6_RX attribute: %m");
-
-        r = sd_netlink_message_append_u16(m, IFLA_VXLAN_PORT, htobe16(v->dest_port));
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_PORT attribute: %m");
-
-        if (v->port_range.low || v->port_range.high) {
-                struct ifla_vxlan_port_range port_range;
-
-                port_range.low = htobe16(v->port_range.low);
-                port_range.high = htobe16(v->port_range.high);
-
-                r = sd_netlink_message_append_data(m, IFLA_VXLAN_PORT_RANGE, &port_range, sizeof(port_range));
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_PORT_RANGE attribute: %m");
-        }
-
-        if (v->group_policy) {
-                r = sd_netlink_message_append_flag(m, IFLA_VXLAN_GBP);
-                if (r < 0)
-                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_GBP attribute: %m");
-        }
-
-        return r;
-}
-
-int config_parse_vxlan_group_address(const char *unit,
-                                     const char *filename,
-                                     unsigned line,
-                                     const char *section,
-                                     unsigned section_line,
-                                     const char *lvalue,
-                                     int ltype,
-                                     const char *rvalue,
-                                     void *data,
-                                     void *userdata) {
-        VxLan *v = userdata;
-        union in_addr_union *addr = data, buffer;
-        int r, f;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-        assert(data);
-
-        r = in_addr_from_string_auto(rvalue, &f, &buffer);
-        if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r, "vxlan multicast group address is invalid, ignoring assignment: %s", rvalue);
-                return 0;
-        }
-
-        if (v->family != AF_UNSPEC && v->family != f) {
-                log_syntax(unit, LOG_ERR, filename, line, 0, "vxlan multicast group incompatible, ignoring assignment: %s", rvalue);
-                return 0;
-        }
-
-        v->family = f;
-        *addr = buffer;
-
-        return 0;
-}
-
-int config_parse_port_range(const char *unit,
-                            const char *filename,
-                            unsigned line,
-                            const char *section,
-                            unsigned section_line,
-                            const char *lvalue,
-                            int ltype,
-                            const char *rvalue,
-                            void *data,
-                            void *userdata) {
-        _cleanup_free_ char *word = NULL;
-        VxLan *v = userdata;
-        unsigned low, high;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-        assert(data);
-
-        r = extract_first_word(&rvalue, &word, NULL, 0);
-        if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract VXLAN port range, ignoring: %s", rvalue);
-                return 0;
-        }
-
-        if (r == 0)
-                return 0;
-
-        r = parse_range(word, &low, &high);
-        if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse VXLAN port range '%s'", word);
-                return 0;
-        }
-
-        if (low <= 0 || low > 65535 || high <= 0 || high > 65535) {
-                log_syntax(unit, LOG_ERR, filename, line, r,
-                           "Failed to parse VXLAN port range '%s'. Port should be greater than 0 and less than 65535.", word);
-                return 0;
-        }
-
-        if (high < low) {
-                log_syntax(unit, LOG_ERR, filename, line, r,
-                           "Failed to parse VXLAN port range '%s'. Port range %u .. %u not valid", word, low, high);
-                return 0;
-        }
-
-        v->port_range.low = low;
-        v->port_range.high = high;
-
-        return 0;
-}
-
-int config_parse_destination_port(const char *unit,
-                                  const char *filename,
-                                  unsigned line,
-                                  const char *section,
-                                  unsigned section_line,
-                                  const char *lvalue,
-                                  int ltype,
-                                  const char *rvalue,
-                                  void *data,
-                                  void *userdata) {
-        VxLan *v = userdata;
-        uint16_t port;
-        int r;
-
-        assert(filename);
-        assert(lvalue);
-        assert(rvalue);
-        assert(data);
-
-        r = safe_atou16(rvalue, &port);
-        if (r < 0 || port <= 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse VXLAN destination port '%s'.", rvalue);
-                return 0;
-        }
-
-        v->dest_port = port;
-
-        return 0;
-}
-
-static int netdev_vxlan_verify(NetDev *netdev, const char *filename) {
-        VxLan *v = VXLAN(netdev);
-
-        assert(netdev);
-        assert(v);
-        assert(filename);
-
-        if (v->id > VXLAN_VID_MAX) {
-                log_warning("VXLAN without valid Id configured in %s. Ignoring", filename);
-                return -EINVAL;
-        }
-
-        return 0;
-}
-
-static void vxlan_init(NetDev *netdev) {
-        VxLan *v;
-
-        assert(netdev);
-
-        v = VXLAN(netdev);
-
-        assert(v);
-
-        v->id = VXLAN_VID_MAX + 1;
-        v->learning = true;
-        v->udpcsum = false;
-        v->udp6zerocsumtx = false;
-        v->udp6zerocsumrx = false;
-}
-
-const NetDevVTable vxlan_vtable = {
-        .object_size = sizeof(VxLan),
-        .init = vxlan_init,
-        .sections = "Match\0NetDev\0VXLAN\0",
-        .fill_message_create = netdev_vxlan_fill_message_create,
-        .create_type = NETDEV_CREATE_STACKED,
-        .config_verify = netdev_vxlan_verify,
-};
diff --git a/src/network/networkd-netdev.h b/src/network/networkd-netdev.h
deleted file mode 100644
index 20244c0309..0000000000
--- a/src/network/networkd-netdev.h
+++ /dev/null
@@ -1,200 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-netlink.h"
-
-#include "list.h"
-#include "time-util.h"
-
-typedef struct netdev_join_callback netdev_join_callback;
-typedef struct Link Link;
-
-struct netdev_join_callback {
-        sd_netlink_message_handler_t callback;
-        Link *link;
-
-        LIST_FIELDS(netdev_join_callback, callbacks);
-};
-
-typedef enum NetDevKind {
-        NETDEV_KIND_BRIDGE,
-        NETDEV_KIND_BOND,
-        NETDEV_KIND_VLAN,
-        NETDEV_KIND_MACVLAN,
-        NETDEV_KIND_MACVTAP,
-        NETDEV_KIND_IPVLAN,
-        NETDEV_KIND_VXLAN,
-        NETDEV_KIND_IPIP,
-        NETDEV_KIND_GRE,
-        NETDEV_KIND_GRETAP,
-        NETDEV_KIND_IP6GRE,
-        NETDEV_KIND_IP6GRETAP,
-        NETDEV_KIND_SIT,
-        NETDEV_KIND_VETH,
-        NETDEV_KIND_VTI,
-        NETDEV_KIND_VTI6,
-        NETDEV_KIND_IP6TNL,
-        NETDEV_KIND_DUMMY,
-        NETDEV_KIND_TUN,
-        NETDEV_KIND_TAP,
-        _NETDEV_KIND_MAX,
-        _NETDEV_KIND_INVALID = -1
-} NetDevKind;
-
-typedef enum NetDevState {
-        NETDEV_STATE_FAILED,
-        NETDEV_STATE_CREATING,
-        NETDEV_STATE_READY,
-        NETDEV_STATE_LINGER,
-        _NETDEV_STATE_MAX,
-        _NETDEV_STATE_INVALID = -1,
-} NetDevState;
-
-typedef enum NetDevCreateType {
-        NETDEV_CREATE_INDEPENDENT,
-        NETDEV_CREATE_MASTER,
-        NETDEV_CREATE_STACKED,
-        _NETDEV_CREATE_MAX,
-        _NETDEV_CREATE_INVALID = -1,
-} NetDevCreateType;
-
-typedef struct Manager Manager;
-typedef struct Condition Condition;
-
-typedef struct NetDev {
-        Manager *manager;
-
-        int n_ref;
-
-        char *filename;
-
-        Condition *match_host;
-        Condition *match_virt;
-        Condition *match_kernel;
-        Condition *match_arch;
-
-        NetDevState state;
-        NetDevKind kind;
-        char *description;
-        char *ifname;
-        struct ether_addr *mac;
-        size_t mtu;
-        int ifindex;
-
-        LIST_HEAD(netdev_join_callback, callbacks);
-} NetDev;
-
-typedef struct NetDevVTable {
-        /* How much memory does an object of this unit type need */
-        size_t object_size;
-
-        /* Config file sections this netdev kind understands, separated
-         * by NUL chars */
-        const char *sections;
-
-        /* This should reset all type-specific variables. This should
-         * not allocate memory, and is called with zero-initialized
-         * data. It should hence only initialize variables that need
-         * to be set != 0. */
-        void (*init)(NetDev *n);
-
-        /* This should free all kind-specific variables. It should be
-         * idempotent. */
-        void (*done)(NetDev *n);
-
-        /* fill in message to create netdev */
-        int (*fill_message_create)(NetDev *netdev, Link *link, sd_netlink_message *message);
-
-        /* specifies if netdev is independent, or a master device or a stacked device */
-        NetDevCreateType create_type;
-
-        /* create netdev, if not done via rtnl */
-        int (*create)(NetDev *netdev);
-
-        /* perform additional configuration after netdev has been createad */
-        int (*post_create)(NetDev *netdev, Link *link, sd_netlink_message *message);
-
-        /* verify that compulsory configuration options were specified */
-        int (*config_verify)(NetDev *netdev, const char *filename);
-} NetDevVTable;
-
-extern const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX];
-
-#define NETDEV_VTABLE(n) netdev_vtable[(n)->kind]
-
-/* For casting a netdev into the various netdev kinds */
-#define DEFINE_NETDEV_CAST(UPPERCASE, MixedCase)                            \
-        static inline MixedCase* UPPERCASE(NetDev *n) {                     \
-                if (_unlikely_(!n || n->kind != NETDEV_KIND_##UPPERCASE))   \
-                        return NULL;                                        \
-                                                                            \
-                return (MixedCase*) n;                                      \
-        }
-
-/* For casting the various netdev kinds into a netdev */
-#define NETDEV(n) (&(n)->meta)
-
-int netdev_load(Manager *manager);
-void netdev_drop(NetDev *netdev);
-
-NetDev *netdev_unref(NetDev *netdev);
-NetDev *netdev_ref(NetDev *netdev);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(NetDev*, netdev_unref);
-#define _cleanup_netdev_unref_ _cleanup_(netdev_unrefp)
-
-int netdev_get(Manager *manager, const char *name, NetDev **ret);
-int netdev_set_ifindex(NetDev *netdev, sd_netlink_message *newlink);
-int netdev_enslave(NetDev *netdev, Link *link, sd_netlink_message_handler_t callback);
-int netdev_get_mac(const char *ifname, struct ether_addr **ret);
-int netdev_join(NetDev *netdev, Link *link, sd_netlink_message_handler_t cb);
-
-const char *netdev_kind_to_string(NetDevKind d) _const_;
-NetDevKind netdev_kind_from_string(const char *d) _pure_;
-
-int config_parse_netdev_kind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-
-/* gperf */
-const struct ConfigPerfItem* network_netdev_gperf_lookup(const char *key, unsigned length);
-
-/* Macros which append INTERFACE= to the message */
-
-#define log_netdev_full(netdev, level, error, ...)                      \
-        ({                                                              \
-                NetDev *_n = (netdev);                                  \
-                _n ? log_object_internal(level, error, __FILE__, __LINE__, __func__, "INTERFACE=", _n->ifname, ##__VA_ARGS__) : \
-                        log_internal(level, error, __FILE__, __LINE__, __func__, ##__VA_ARGS__); \
-        })
-
-#define log_netdev_debug(netdev, ...)       log_netdev_full(netdev, LOG_DEBUG, 0, ##__VA_ARGS__)
-#define log_netdev_info(netdev, ...)        log_netdev_full(netdev, LOG_INFO, 0, ##__VA_ARGS__)
-#define log_netdev_notice(netdev, ...)      log_netdev_full(netdev, LOG_NOTICE, 0, ##__VA_ARGS__)
-#define log_netdev_warning(netdev, ...)     log_netdev_full(netdev, LOG_WARNING, 0, ## __VA_ARGS__)
-#define log_netdev_error(netdev, ...)       log_netdev_full(netdev, LOG_ERR, 0, ##__VA_ARGS__)
-
-#define log_netdev_debug_errno(netdev, error, ...)   log_netdev_full(netdev, LOG_DEBUG, error, ##__VA_ARGS__)
-#define log_netdev_info_errno(netdev, error, ...)    log_netdev_full(netdev, LOG_INFO, error, ##__VA_ARGS__)
-#define log_netdev_notice_errno(netdev, error, ...)  log_netdev_full(netdev, LOG_NOTICE, error, ##__VA_ARGS__)
-#define log_netdev_warning_errno(netdev, error, ...) log_netdev_full(netdev, LOG_WARNING, error, ##__VA_ARGS__)
-#define log_netdev_error_errno(netdev, error, ...)   log_netdev_full(netdev, LOG_ERR, error, ##__VA_ARGS__)
-
-#define LOG_NETDEV_MESSAGE(netdev, fmt, ...) "MESSAGE=%s: " fmt, (netdev)->ifname, ##__VA_ARGS__
-#define LOG_NETDEV_INTERFACE(netdev) "INTERFACE=%s", (netdev)->ifname
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
deleted file mode 100644
index 91099161ce..0000000000
--- a/src/network/networkd-network.h
+++ /dev/null
@@ -1,231 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-#include "udev.h"
-
-#include "condition.h"
-#include "dhcp-identifier.h"
-#include "hashmap.h"
-#include "resolve-util.h"
-
-#include "networkd-address.h"
-#include "networkd-fdb.h"
-#include "networkd-lldp-tx.h"
-#include "networkd-netdev.h"
-#include "networkd-route.h"
-#include "networkd-util.h"
-
-#define DHCP_ROUTE_METRIC 1024
-#define IPV4LL_ROUTE_METRIC 2048
-
-typedef enum DCHPClientIdentifier {
-        DHCP_CLIENT_ID_MAC,
-        DHCP_CLIENT_ID_DUID,
-        _DHCP_CLIENT_ID_MAX,
-        _DHCP_CLIENT_ID_INVALID = -1,
-} DCHPClientIdentifier;
-
-typedef enum IPv6PrivacyExtensions {
-        /* The values map to the kernel's /proc/sys/net/ipv6/conf/xxx/use_tempaddr values */
-        IPV6_PRIVACY_EXTENSIONS_NO,
-        IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC,
-        IPV6_PRIVACY_EXTENSIONS_YES, /* aka prefer-temporary */
-        _IPV6_PRIVACY_EXTENSIONS_MAX,
-        _IPV6_PRIVACY_EXTENSIONS_INVALID = -1,
-} IPv6PrivacyExtensions;
-
-typedef enum DHCPUseDomains {
-        DHCP_USE_DOMAINS_NO,
-        DHCP_USE_DOMAINS_YES,
-        DHCP_USE_DOMAINS_ROUTE,
-        _DHCP_USE_DOMAINS_MAX,
-        _DHCP_USE_DOMAINS_INVALID = -1,
-} DHCPUseDomains;
-
-typedef enum LLDPMode {
-        LLDP_MODE_NO = 0,
-        LLDP_MODE_YES = 1,
-        LLDP_MODE_ROUTERS_ONLY = 2,
-        _LLDP_MODE_MAX,
-        _LLDP_MODE_INVALID = -1,
-} LLDPMode;
-
-typedef struct DUID {
-        /* Value of Type in [DHCP] section */
-        DUIDType type;
-
-        uint8_t raw_data_len;
-        uint8_t raw_data[MAX_DUID_LEN];
-} DUID;
-
-typedef struct Manager Manager;
-
-struct Network {
-        Manager *manager;
-
-        char *filename;
-        char *name;
-
-        struct ether_addr *match_mac;
-        char **match_path;
-        char **match_driver;
-        char **match_type;
-        char **match_name;
-
-        Condition *match_host;
-        Condition *match_virt;
-        Condition *match_kernel;
-        Condition *match_arch;
-
-        char *description;
-
-        NetDev *bridge;
-        NetDev *bond;
-        Hashmap *stacked_netdevs;
-
-        /* DHCP Client Support */
-        AddressFamilyBoolean dhcp;
-        DCHPClientIdentifier dhcp_client_identifier;
-        char *dhcp_vendor_class_identifier;
-        char *dhcp_hostname;
-        bool dhcp_use_dns;
-        bool dhcp_use_ntp;
-        bool dhcp_use_mtu;
-        bool dhcp_use_hostname;
-        DHCPUseDomains dhcp_use_domains;
-        bool dhcp_send_hostname;
-        bool dhcp_broadcast;
-        bool dhcp_critical;
-        bool dhcp_use_routes;
-        bool dhcp_use_timezone;
-        unsigned dhcp_route_metric;
-
-        /* DHCP Server Support */
-        bool dhcp_server;
-        bool dhcp_server_emit_dns;
-        struct in_addr *dhcp_server_dns;
-        unsigned n_dhcp_server_dns;
-        bool dhcp_server_emit_ntp;
-        struct in_addr *dhcp_server_ntp;
-        unsigned n_dhcp_server_ntp;
-        bool dhcp_server_emit_router;
-        bool dhcp_server_emit_timezone;
-        char *dhcp_server_timezone;
-        usec_t dhcp_server_default_lease_time_usec, dhcp_server_max_lease_time_usec;
-        uint32_t dhcp_server_pool_offset;
-        uint32_t dhcp_server_pool_size;
-
-        /* IPV4LL Support */
-        AddressFamilyBoolean link_local;
-        bool ipv4ll_route;
-
-        /* Bridge Support */
-        bool use_bpdu;
-        bool hairpin;
-        bool fast_leave;
-        bool allow_port_to_be_root;
-        bool unicast_flood;
-        unsigned cost;
-
-        AddressFamilyBoolean ip_forward;
-        bool ip_masquerade;
-
-        int ipv6_accept_ra;
-        int ipv6_dad_transmits;
-        int ipv6_hop_limit;
-        int proxy_arp;
-
-        union in_addr_union ipv6_token;
-        IPv6PrivacyExtensions ipv6_privacy_extensions;
-
-        struct ether_addr *mac;
-        unsigned mtu;
-        uint32_t iaid;
-        DUID duid;
-
-        LLDPMode lldp_mode; /* LLDP reception */
-        LLDPEmit lldp_emit; /* LLDP transmission */
-
-        LIST_HEAD(Address, static_addresses);
-        LIST_HEAD(Route, static_routes);
-        LIST_HEAD(FdbEntry, static_fdb_entries);
-
-        Hashmap *addresses_by_section;
-        Hashmap *routes_by_section;
-        Hashmap *fdb_entries_by_section;
-
-        char **search_domains, **route_domains, **dns, **ntp, **bind_carrier;
-
-        ResolveSupport llmnr;
-        ResolveSupport mdns;
-        DnssecMode dnssec_mode;
-        Set *dnssec_negative_trust_anchors;
-
-        LIST_FIELDS(Network, networks);
-};
-
-void network_free(Network *network);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Network*, network_free);
-#define _cleanup_network_free_ _cleanup_(network_freep)
-
-int network_load(Manager *manager);
-
-int network_get_by_name(Manager *manager, const char *name, Network **ret);
-int network_get(Manager *manager, struct udev_device *device, const char *ifname, const struct ether_addr *mac, Network **ret);
-int network_apply(Manager *manager, Network *network, Link *link);
-
-bool network_has_static_ipv6_addresses(Network *network);
-
-int config_parse_netdev(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_tunnel(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_dhcp(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_dhcp_client_identifier(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_ipv6token(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_ipv6_privacy_extensions(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_hostname(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_timezone(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_dhcp_server_dns(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_dhcp_server_ntp(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_dnssec_negative_trust_anchors(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_dhcp_use_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-int config_parse_lldp_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-
-/* Legacy IPv4LL support */
-int config_parse_ipv4ll(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
-
-const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, unsigned length);
-
-extern const sd_bus_vtable network_vtable[];
-
-int network_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
-int network_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
-
-const char* ipv6_privacy_extensions_to_string(IPv6PrivacyExtensions i) _const_;
-IPv6PrivacyExtensions ipv6_privacy_extensions_from_string(const char *s) _pure_;
-
-const char* dhcp_use_domains_to_string(DHCPUseDomains p) _const_;
-DHCPUseDomains dhcp_use_domains_from_string(const char *s) _pure_;
-
-const char* lldp_mode_to_string(LLDPMode m) _const_;
-LLDPMode lldp_mode_from_string(const char *s) _pure_;
diff --git a/src/network/networkd-wait-online-link.c b/src/network/networkd-wait-online-link.c
deleted file mode 100644
index 5727422e3d..0000000000
--- a/src/network/networkd-wait-online-link.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-  Copyright 2014 Tom Gundersen
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-network.h"
-
-#include "alloc-util.h"
-#include "networkd-wait-online-link.h"
-#include "string-util.h"
-
-int link_new(Manager *m, Link **ret, int ifindex, const char *ifname) {
-        _cleanup_(link_freep) Link *l = NULL;
-        int r;
-
-        assert(m);
-        assert(ifindex > 0);
-
-        r = hashmap_ensure_allocated(&m->links, NULL);
-        if (r < 0)
-                return r;
-
-        r = hashmap_ensure_allocated(&m->links_by_name, &string_hash_ops);
-        if (r < 0)
-                return r;
-
-        l = new0(Link, 1);
-        if (!l)
-                return -ENOMEM;
-
-        l->manager = m;
-
-        l->ifname = strdup(ifname);
-        if (!l->ifname)
-                return -ENOMEM;
-
-        r = hashmap_put(m->links_by_name, l->ifname, l);
-        if (r < 0)
-                return r;
-
-        l->ifindex = ifindex;
-
-        r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
-        if (r < 0)
-                return r;
-
-        if (ret)
-                *ret = l;
-        l = NULL;
-
-        return 0;
-}
-
-Link *link_free(Link *l) {
-
-        if (!l)
-                return NULL;
-
-        if (l->manager) {
-                hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
-                hashmap_remove(l->manager->links_by_name, l->ifname);
-        }
-
-        free(l->ifname);
-        free(l);
-        return NULL;
- }
-
-int link_update_rtnl(Link *l, sd_netlink_message *m) {
-        const char *ifname;
-        int r;
-
-        assert(l);
-        assert(l->manager);
-        assert(m);
-
-        r = sd_rtnl_message_link_get_flags(m, &l->flags);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_read_string(m, IFLA_IFNAME, &ifname);
-        if (r < 0)
-                return r;
-
-        if (!streq(l->ifname, ifname)) {
-                char *new_ifname;
-
-                new_ifname = strdup(ifname);
-                if (!new_ifname)
-                        return -ENOMEM;
-
-                hashmap_remove(l->manager->links_by_name, l->ifname);
-                free(l->ifname);
-                l->ifname = new_ifname;
-
-                r = hashmap_put(l->manager->links_by_name, l->ifname, l);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-int link_update_monitor(Link *l) {
-        assert(l);
-
-        l->operational_state = mfree(l->operational_state);
-
-        sd_network_link_get_operational_state(l->ifindex, &l->operational_state);
-
-        l->state = mfree(l->state);
-
-        sd_network_link_get_setup_state(l->ifindex, &l->state);
-
-        return 0;
-}
diff --git a/src/network/networkd-wait-online.c b/src/network/networkd-wait-online.c
deleted file mode 100644
index 3220c4b7ef..0000000000
--- a/src/network/networkd-wait-online.c
+++ /dev/null
@@ -1,166 +0,0 @@
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-
-#include "sd-daemon.h"
-
-#include "networkd-wait-online.h"
-#include "signal-util.h"
-#include "strv.h"
-
-static bool arg_quiet = false;
-static usec_t arg_timeout = 120 * USEC_PER_SEC;
-static char **arg_interfaces = NULL;
-static char **arg_ignore = NULL;
-
-static void help(void) {
-        printf("%s [OPTIONS...]\n\n"
-               "Block until network is configured.\n\n"
-               "  -h --help                 Show this help\n"
-               "     --version              Print version string\n"
-               "  -q --quiet                Do not show status information\n"
-               "  -i --interface=INTERFACE  Block until at least these interfaces have appeared\n"
-               "     --ignore=INTERFACE     Don't take these interfaces into account\n"
-               "     --timeout=SECS         Maximum time to wait for network connectivity\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_IGNORE,
-                ARG_TIMEOUT,
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'         },
-                { "version",         no_argument,       NULL, ARG_VERSION },
-                { "quiet",           no_argument,       NULL, 'q'         },
-                { "interface",       required_argument, NULL, 'i'         },
-                { "ignore",          required_argument, NULL, ARG_IGNORE  },
-                { "timeout",         required_argument, NULL, ARG_TIMEOUT  },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "+hi:q", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case 'q':
-                        arg_quiet = true;
-                        break;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'i':
-                        if (strv_extend(&arg_interfaces, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case ARG_IGNORE:
-                        if (strv_extend(&arg_ignore, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case ARG_TIMEOUT:
-                        r = parse_sec(optarg, &arg_timeout);
-                        if (r < 0)
-                                return r;
-
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(manager_freep) Manager *m = NULL;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                return r;
-
-        if (arg_quiet)
-                log_set_max_level(LOG_WARNING);
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-
-        r = manager_new(&m, arg_interfaces, arg_ignore, arg_timeout);
-        if (r < 0) {
-                log_error_errno(r, "Could not create manager: %m");
-                goto finish;
-        }
-
-        if (manager_all_configured(m)) {
-                r = 0;
-                goto finish;
-        }
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Waiting for network connections...");
-
-        r = sd_event_loop(m->event);
-        if (r < 0) {
-                log_error_errno(r, "Event loop failed: %m");
-                goto finish;
-        }
-
-finish:
-        strv_free(arg_interfaces);
-        strv_free(arg_ignore);
-
-        if (r >= 0) {
-                sd_notify(false, "STATUS=All interfaces configured...");
-
-                return EXIT_SUCCESS;
-        } else {
-                sd_notify(false, "STATUS=Failed waiting for network connectivity...");
-
-                return EXIT_FAILURE;
-        }
-}
diff --git a/src/network/networkd-wait-online.h b/src/network/networkd-wait-online.h
deleted file mode 100644
index f91995c306..0000000000
--- a/src/network/networkd-wait-online.h
+++ /dev/null
@@ -1,54 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-#include "sd-netlink.h"
-#include "sd-network.h"
-
-#include "hashmap.h"
-
-typedef struct Manager Manager;
-
-#include "networkd-wait-online-link.h"
-
-struct Manager {
-        Hashmap *links;
-        Hashmap *links_by_name;
-
-        char **interfaces;
-        char **ignore;
-
-        sd_netlink *rtnl;
-        sd_event_source *rtnl_event_source;
-
-        sd_network_monitor *network_monitor;
-        sd_event_source *network_monitor_event_source;
-
-        sd_event *event;
-};
-
-void manager_free(Manager *m);
-int manager_new(Manager **ret, char **interfaces, char **ignore, usec_t timeout);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
-
-bool manager_all_configured(Manager *m);
-bool manager_ignore_link(Manager *m, Link *link);
diff --git a/src/network/networkd.c b/src/network/networkd.c
deleted file mode 100644
index c8f81a2ca6..0000000000
--- a/src/network/networkd.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-daemon.h"
-
-#include "capability-util.h"
-#include "networkd.h"
-#include "networkd-conf.h"
-#include "signal-util.h"
-#include "user-util.h"
-
-int main(int argc, char *argv[]) {
-        _cleanup_manager_free_ Manager *m = NULL;
-        const char *user = "systemd-network";
-        uid_t uid;
-        gid_t gid;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (argc != 1) {
-                log_error("This program takes no arguments.");
-                r = -EINVAL;
-                goto out;
-        }
-
-        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Cannot resolve user name %s: %m", user);
-                goto out;
-        }
-
-        /* Always create the directories people can create inotify
-         * watches in. */
-        r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid);
-        if (r < 0)
-                log_warning_errno(r, "Could not create runtime directory: %m");
-
-        r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid);
-        if (r < 0)
-                log_warning_errno(r, "Could not create runtime directory 'links': %m");
-
-        r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid);
-        if (r < 0)
-                log_warning_errno(r, "Could not create runtime directory 'leases': %m");
-
-        r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid);
-        if (r < 0)
-                log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
-
-        r = drop_privileges(uid, gid,
-                            (1ULL << CAP_NET_ADMIN) |
-                            (1ULL << CAP_NET_BIND_SERVICE) |
-                            (1ULL << CAP_NET_BROADCAST) |
-                            (1ULL << CAP_NET_RAW));
-        if (r < 0)
-                goto out;
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-
-        r = manager_new(&m);
-        if (r < 0) {
-                log_error_errno(r, "Could not create manager: %m");
-                goto out;
-        }
-
-        r = manager_connect_bus(m);
-        if (r < 0) {
-                log_error_errno(r, "Could not connect to bus: %m");
-                goto out;
-        }
-
-        r = manager_parse_config_file(m);
-        if (r < 0)
-                log_warning_errno(r, "Failed to parse configuration file: %m");
-
-        r = manager_load_config(m);
-        if (r < 0) {
-                log_error_errno(r, "Could not load configuration files: %m");
-                goto out;
-        }
-
-        r = manager_rtnl_enumerate_links(m);
-        if (r < 0) {
-                log_error_errno(r, "Could not enumerate links: %m");
-                goto out;
-        }
-
-        r = manager_rtnl_enumerate_addresses(m);
-        if (r < 0) {
-                log_error_errno(r, "Could not enumerate addresses: %m");
-                goto out;
-        }
-
-        r = manager_rtnl_enumerate_routes(m);
-        if (r < 0) {
-                log_error_errno(r, "Could not enumerate routes: %m");
-                goto out;
-        }
-
-        log_info("Enumeration completed");
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing requests...");
-
-        r = manager_run(m);
-        if (r < 0) {
-                log_error_errno(r, "Event loop failed: %m");
-                goto out;
-        }
-
-out:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Shutting down...");
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/network/networkd.h b/src/network/networkd.h
deleted file mode 100644
index ab512f0d08..0000000000
--- a/src/network/networkd.h
+++ /dev/null
@@ -1,112 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <arpa/inet.h>
-
-#include "sd-bus.h"
-#include "sd-event.h"
-#include "sd-netlink.h"
-#include "udev.h"
-
-#include "dhcp-identifier.h"
-#include "hashmap.h"
-#include "list.h"
-
-#include "networkd-address-pool.h"
-#include "networkd-link.h"
-#include "networkd-netdev-bond.h"
-#include "networkd-netdev-bridge.h"
-#include "networkd-netdev-dummy.h"
-#include "networkd-netdev-ipvlan.h"
-#include "networkd-netdev-macvlan.h"
-#include "networkd-netdev-tunnel.h"
-#include "networkd-netdev-tuntap.h"
-#include "networkd-netdev-veth.h"
-#include "networkd-netdev-vlan.h"
-#include "networkd-netdev-vxlan.h"
-#include "networkd-network.h"
-#include "networkd-util.h"
-
-extern const char* const network_dirs[];
-
-struct Manager {
-        sd_netlink *rtnl;
-        sd_event *event;
-        sd_event_source *bus_retry_event_source;
-        sd_bus *bus;
-        sd_bus_slot *prepare_for_sleep_slot;
-        struct udev *udev;
-        struct udev_monitor *udev_monitor;
-        sd_event_source *udev_event_source;
-
-        bool enumerating:1;
-        bool dirty:1;
-
-        Set *dirty_links;
-
-        char *state_file;
-        LinkOperationalState operational_state;
-
-        Hashmap *links;
-        Hashmap *netdevs;
-        Hashmap *networks_by_name;
-        LIST_HEAD(Network, networks);
-        LIST_HEAD(AddressPool, address_pools);
-
-        usec_t network_dirs_ts_usec;
-
-        DUID duid;
-};
-
-static inline const DUID* link_duid(const Link *link) {
-        if (link->network->duid.type != _DUID_TYPE_INVALID)
-                return &link->network->duid;
-        else
-                return &link->manager->duid;
-}
-
-extern const sd_bus_vtable manager_vtable[];
-
-int manager_new(Manager **ret);
-void manager_free(Manager *m);
-
-int manager_connect_bus(Manager *m);
-int manager_run(Manager *m);
-
-int manager_load_config(Manager *m);
-bool manager_should_reload(Manager *m);
-
-int manager_rtnl_enumerate_links(Manager *m);
-int manager_rtnl_enumerate_addresses(Manager *m);
-int manager_rtnl_enumerate_routes(Manager *m);
-
-int manager_rtnl_process_address(sd_netlink *nl, sd_netlink_message *message, void *userdata);
-int manager_rtnl_process_route(sd_netlink *nl, sd_netlink_message *message, void *userdata);
-
-int manager_send_changed(Manager *m, const char *property, ...) _sentinel_;
-void manager_dirty(Manager *m);
-
-int manager_address_pool_acquire(Manager *m, int family, unsigned prefixlen, union in_addr_union *found);
-
-Link* manager_find_uplink(Manager *m, Link *exclude);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
-#define _cleanup_manager_free_ _cleanup_(manager_freep)
diff --git a/src/notify/Makefile b/src/notify/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/notify/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/notify/notify.c b/src/notify/notify.c
deleted file mode 100644
index 49f97c61d9..0000000000
--- a/src/notify/notify.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "env-util.h"
-#include "formats-util.h"
-#include "log.h"
-#include "parse-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-static bool arg_ready = false;
-static pid_t arg_pid = 0;
-static const char *arg_status = NULL;
-static bool arg_booted = false;
-
-static void help(void) {
-        printf("%s [OPTIONS...] [VARIABLE=VALUE...]\n\n"
-               "Notify the init system about service status updates.\n\n"
-               "  -h --help            Show this help\n"
-               "     --version         Show package version\n"
-               "     --ready           Inform the init system about service start-up completion\n"
-               "     --pid[=PID]       Set main pid of daemon\n"
-               "     --status=TEXT     Set status text\n"
-               "     --booted          Check if the system was booted up with systemd\n",
-               program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_READY = 0x100,
-                ARG_VERSION,
-                ARG_PID,
-                ARG_STATUS,
-                ARG_BOOTED,
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, 'h'           },
-                { "version",   no_argument,       NULL, ARG_VERSION   },
-                { "ready",     no_argument,       NULL, ARG_READY     },
-                { "pid",       optional_argument, NULL, ARG_PID       },
-                { "status",    required_argument, NULL, ARG_STATUS    },
-                { "booted",    no_argument,       NULL, ARG_BOOTED    },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_READY:
-                        arg_ready = true;
-                        break;
-
-                case ARG_PID:
-
-                        if (optarg) {
-                                if (parse_pid(optarg, &arg_pid) < 0) {
-                                        log_error("Failed to parse PID %s.", optarg);
-                                        return -EINVAL;
-                                }
-                        } else
-                                arg_pid = getppid();
-
-                        break;
-
-                case ARG_STATUS:
-                        arg_status = optarg;
-                        break;
-
-                case ARG_BOOTED:
-                        arg_booted = true;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-        }
-
-        if (optind >= argc &&
-            !arg_ready &&
-            !arg_status &&
-            !arg_pid &&
-            !arg_booted) {
-                help();
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-int main(int argc, char* argv[]) {
-        _cleanup_free_ char *status = NULL, *cpid = NULL, *n = NULL;
-        _cleanup_strv_free_ char **final_env = NULL;
-        char* our_env[4];
-        unsigned i = 0;
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        if (arg_booted)
-                return sd_booted() <= 0;
-
-        if (arg_ready)
-                our_env[i++] = (char*) "READY=1";
-
-        if (arg_status) {
-                status = strappend("STATUS=", arg_status);
-                if (!status) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                our_env[i++] = status;
-        }
-
-        if (arg_pid > 0) {
-                if (asprintf(&cpid, "MAINPID="PID_FMT, arg_pid) < 0) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                our_env[i++] = cpid;
-        }
-
-        our_env[i++] = NULL;
-
-        final_env = strv_env_merge(2, our_env, argv + optind);
-        if (!final_env) {
-                r = log_oom();
-                goto finish;
-        }
-
-        if (strv_length(final_env) <= 0) {
-                r = 0;
-                goto finish;
-        }
-
-        n = strv_join(final_env, "\n");
-        if (!n) {
-                r = log_oom();
-                goto finish;
-        }
-
-        r = sd_pid_notify(arg_pid ? arg_pid : getppid(), false, n);
-        if (r < 0) {
-                log_error_errno(r, "Failed to notify init system: %m");
-                goto finish;
-        } else if (r == 0) {
-                log_error("No status data could be sent: $NOTIFY_SOCKET was not set");
-                r = -EOPNOTSUPP;
-        }
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/nspawn/Makefile b/src/nspawn/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/nspawn/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/nspawn/nspawn-expose-ports.c b/src/nspawn/nspawn-expose-ports.c
deleted file mode 100644
index 86124b8779..0000000000
--- a/src/nspawn/nspawn-expose-ports.c
+++ /dev/null
@@ -1,245 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "firewall-util.h"
-#include "in-addr-util.h"
-#include "local-addresses.h"
-#include "netlink-util.h"
-#include "nspawn-expose-ports.h"
-#include "parse-util.h"
-#include "socket-util.h"
-#include "string-util.h"
-#include "util.h"
-
-int expose_port_parse(ExposePort **l, const char *s) {
-
-        const char *split, *e;
-        uint16_t container_port, host_port;
-        int protocol;
-        ExposePort *p;
-        int r;
-
-        assert(l);
-        assert(s);
-
-        if ((e = startswith(s, "tcp:")))
-                protocol = IPPROTO_TCP;
-        else if ((e = startswith(s, "udp:")))
-                protocol = IPPROTO_UDP;
-        else {
-                e = s;
-                protocol = IPPROTO_TCP;
-        }
-
-        split = strchr(e, ':');
-        if (split) {
-                char v[split - e + 1];
-
-                memcpy(v, e, split - e);
-                v[split - e] = 0;
-
-                r = safe_atou16(v, &host_port);
-                if (r < 0 || host_port <= 0)
-                        return -EINVAL;
-
-                r = safe_atou16(split + 1, &container_port);
-        } else {
-                r = safe_atou16(e, &container_port);
-                host_port = container_port;
-        }
-
-        if (r < 0 || container_port <= 0)
-                return -EINVAL;
-
-        LIST_FOREACH(ports, p, *l)
-                if (p->protocol == protocol && p->host_port == host_port)
-                        return -EEXIST;
-
-        p = new(ExposePort, 1);
-        if (!p)
-                return -ENOMEM;
-
-        p->protocol = protocol;
-        p->host_port = host_port;
-        p->container_port = container_port;
-
-        LIST_PREPEND(ports, *l, p);
-
-        return 0;
-}
-
-void expose_port_free_all(ExposePort *p) {
-
-        while (p) {
-                ExposePort *q = p;
-                LIST_REMOVE(ports, p, q);
-                free(q);
-        }
-}
-
-int expose_port_flush(ExposePort* l, union in_addr_union *exposed) {
-        ExposePort *p;
-        int r, af = AF_INET;
-
-        assert(exposed);
-
-        if (!l)
-                return 0;
-
-        if (in_addr_is_null(af, exposed))
-                return 0;
-
-        log_debug("Lost IP address.");
-
-        LIST_FOREACH(ports, p, l) {
-                r = fw_add_local_dnat(false,
-                                      af,
-                                      p->protocol,
-                                      NULL,
-                                      NULL, 0,
-                                      NULL, 0,
-                                      p->host_port,
-                                      exposed,
-                                      p->container_port,
-                                      NULL);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to modify firewall: %m");
-        }
-
-        *exposed = IN_ADDR_NULL;
-        return 0;
-}
-
-int expose_port_execute(sd_netlink *rtnl, ExposePort *l, union in_addr_union *exposed) {
-        _cleanup_free_ struct local_address *addresses = NULL;
-        _cleanup_free_ char *pretty = NULL;
-        union in_addr_union new_exposed;
-        ExposePort *p;
-        bool add;
-        int af = AF_INET, r;
-
-        assert(exposed);
-
-        /* Invoked each time an address is added or removed inside the
-         * container */
-
-        if (!l)
-                return 0;
-
-        r = local_addresses(rtnl, 0, af, &addresses);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enumerate local addresses: %m");
-
-        add = r > 0 &&
-                addresses[0].family == af &&
-                addresses[0].scope < RT_SCOPE_LINK;
-
-        if (!add)
-                return expose_port_flush(l, exposed);
-
-        new_exposed = addresses[0].address;
-        if (in_addr_equal(af, exposed, &new_exposed))
-                return 0;
-
-        in_addr_to_string(af, &new_exposed, &pretty);
-        log_debug("New container IP is %s.", strna(pretty));
-
-        LIST_FOREACH(ports, p, l) {
-
-                r = fw_add_local_dnat(true,
-                                      af,
-                                      p->protocol,
-                                      NULL,
-                                      NULL, 0,
-                                      NULL, 0,
-                                      p->host_port,
-                                      &new_exposed,
-                                      p->container_port,
-                                      in_addr_is_null(af, exposed) ? NULL : exposed);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to modify firewall: %m");
-        }
-
-        *exposed = new_exposed;
-        return 0;
-}
-
-int expose_port_send_rtnl(int send_fd) {
-        _cleanup_close_ int fd = -1;
-        int r;
-
-        assert(send_fd >= 0);
-
-        fd = socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_ROUTE);
-        if (fd < 0)
-                return log_error_errno(errno, "Failed to allocate container netlink: %m");
-
-        /* Store away the fd in the socket, so that it stays open as
-         * long as we run the child */
-        r = send_one_fd(send_fd, fd, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to send netlink fd: %m");
-
-        return 0;
-}
-
-int expose_port_watch_rtnl(
-                sd_event *event,
-                int recv_fd,
-                sd_netlink_message_handler_t handler,
-                union in_addr_union *exposed,
-                sd_netlink **ret) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        int fd, r;
-
-        assert(event);
-        assert(recv_fd >= 0);
-        assert(ret);
-
-        fd = receive_one_fd(recv_fd, 0);
-        if (fd < 0)
-                return log_error_errno(fd, "Failed to recv netlink fd: %m");
-
-        r = sd_netlink_open_fd(&rtnl, fd);
-        if (r < 0) {
-                safe_close(fd);
-                return log_error_errno(r, "Failed to create rtnl object: %m");
-        }
-
-        r = sd_netlink_add_match(rtnl, RTM_NEWADDR, handler, exposed);
-        if (r < 0)
-                return log_error_errno(r, "Failed to subscribe to RTM_NEWADDR messages: %m");
-
-        r = sd_netlink_add_match(rtnl, RTM_DELADDR, handler, exposed);
-        if (r < 0)
-                return log_error_errno(r, "Failed to subscribe to RTM_DELADDR messages: %m");
-
-        r = sd_netlink_attach_event(rtnl, event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add to even loop: %m");
-
-        *ret = rtnl;
-        rtnl = NULL;
-
-        return 0;
-}
diff --git a/src/nspawn/nspawn-expose-ports.h b/src/nspawn/nspawn-expose-ports.h
deleted file mode 100644
index 741ad9765c..0000000000
--- a/src/nspawn/nspawn-expose-ports.h
+++ /dev/null
@@ -1,44 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-
-#include "sd-event.h"
-#include "sd-netlink.h"
-
-#include "in-addr-util.h"
-#include "list.h"
-
-typedef struct ExposePort {
-        int protocol;
-        uint16_t host_port;
-        uint16_t container_port;
-        LIST_FIELDS(struct ExposePort, ports);
-} ExposePort;
-
-void expose_port_free_all(ExposePort *p);
-int expose_port_parse(ExposePort **l, const char *s);
-
-int expose_port_watch_rtnl(sd_event *event, int recv_fd, sd_netlink_message_handler_t handler, union in_addr_union *exposed, sd_netlink **ret);
-int expose_port_send_rtnl(int send_fd);
-
-int expose_port_execute(sd_netlink *rtnl, ExposePort *l, union in_addr_union *exposed);
-int expose_port_flush(ExposePort* l, union in_addr_union *exposed);
diff --git a/src/nspawn/nspawn-network.c b/src/nspawn/nspawn-network.c
deleted file mode 100644
index 8da47a2ca6..0000000000
--- a/src/nspawn/nspawn-network.c
+++ /dev/null
@@ -1,694 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <linux/veth.h>
-#include <net/if.h>
-
-#include "libudev.h"
-#include "sd-id128.h"
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "ether-addr-util.h"
-#include "lockfile-util.h"
-#include "netlink-util.h"
-#include "nspawn-network.h"
-#include "siphash24.h"
-#include "socket-util.h"
-#include "stat-util.h"
-#include "string-util.h"
-#include "udev-util.h"
-#include "util.h"
-
-#define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
-#define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
-#define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
-#define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
-#define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
-
-static int remove_one_link(sd_netlink *rtnl, const char *name) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        int r;
-
-        if (isempty(name))
-                return 0;
-
-        r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate netlink message: %m");
-
-        r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add netlink interface name: %m");
-
-        r = sd_netlink_call(rtnl, m, 0, NULL);
-        if (r == -ENODEV) /* Already gone */
-                return 0;
-        if (r < 0)
-                return log_error_errno(r, "Failed to remove interface %s: %m", name);
-
-        return 1;
-}
-
-static int generate_mac(
-                const char *machine_name,
-                struct ether_addr *mac,
-                sd_id128_t hash_key,
-                uint64_t idx) {
-
-        uint64_t result;
-        size_t l, sz;
-        uint8_t *v, *i;
-        int r;
-
-        l = strlen(machine_name);
-        sz = sizeof(sd_id128_t) + l;
-        if (idx > 0)
-                sz += sizeof(idx);
-
-        v = alloca(sz);
-
-        /* fetch some persistent data unique to the host */
-        r = sd_id128_get_machine((sd_id128_t*) v);
-        if (r < 0)
-                return r;
-
-        /* combine with some data unique (on this host) to this
-         * container instance */
-        i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
-        if (idx > 0) {
-                idx = htole64(idx);
-                memcpy(i, &idx, sizeof(idx));
-        }
-
-        /* Let's hash the host machine ID plus the container name. We
-         * use a fixed, but originally randomly created hash key here. */
-        result = htole64(siphash24(v, sz, hash_key.bytes));
-
-        assert_cc(ETH_ALEN <= sizeof(result));
-        memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
-
-        /* see eth_random_addr in the kernel */
-        mac->ether_addr_octet[0] &= 0xfe;        /* clear multicast bit */
-        mac->ether_addr_octet[0] |= 0x02;        /* set local assignment bit (IEEE802) */
-
-        return 0;
-}
-
-static int add_veth(
-                sd_netlink *rtnl,
-                pid_t pid,
-                const char *ifname_host,
-                const struct ether_addr *mac_host,
-                const char *ifname_container,
-                const struct ether_addr *mac_container) {
-
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        int r;
-
-        assert(rtnl);
-        assert(ifname_host);
-        assert(mac_host);
-        assert(ifname_container);
-        assert(mac_container);
-
-        r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate netlink message: %m");
-
-        r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add netlink interface name: %m");
-
-        r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add netlink MAC address: %m");
-
-        r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
-        if (r < 0)
-                return log_error_errno(r, "Failed to open netlink container: %m");
-
-        r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
-        if (r < 0)
-                return log_error_errno(r, "Failed to open netlink container: %m");
-
-        r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
-        if (r < 0)
-                return log_error_errno(r, "Failed to open netlink container: %m");
-
-        r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add netlink interface name: %m");
-
-        r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add netlink MAC address: %m");
-
-        r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add netlink namespace field: %m");
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to close netlink container: %m");
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to close netlink container: %m");
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to close netlink container: %m");
-
-        r = sd_netlink_call(rtnl, m, 0, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
-
-        return 0;
-}
-
-int setup_veth(const char *machine_name,
-               pid_t pid,
-               char iface_name[IFNAMSIZ],
-               bool bridge) {
-
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        struct ether_addr mac_host, mac_container;
-        int r, i;
-
-        assert(machine_name);
-        assert(pid > 0);
-        assert(iface_name);
-
-        /* Use two different interface name prefixes depending whether
-         * we are in bridge mode or not. */
-        snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
-                 bridge ? "vb" : "ve", machine_name);
-
-        r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
-
-        r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
-        if (r < 0)
-                return r;
-
-        i = (int) if_nametoindex(iface_name);
-        if (i <= 0)
-                return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name);
-
-        return i;
-}
-
-int setup_veth_extra(
-                const char *machine_name,
-                pid_t pid,
-                char **pairs) {
-
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        uint64_t idx = 0;
-        char **a, **b;
-        int r;
-
-        assert(machine_name);
-        assert(pid > 0);
-
-        if (strv_isempty(pairs))
-                return 0;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        STRV_FOREACH_PAIR(a, b, pairs) {
-                struct ether_addr mac_host, mac_container;
-
-                r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
-
-                r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
-
-                r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
-                if (r < 0)
-                        return r;
-
-                idx++;
-        }
-
-        return 0;
-}
-
-static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        int r, bridge_ifi;
-
-        assert(rtnl);
-        assert(veth_name);
-        assert(bridge_name);
-
-        bridge_ifi = (int) if_nametoindex(bridge_name);
-        if (bridge_ifi <= 0)
-                return -errno;
-
-        r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
-        if (r < 0)
-                return r;
-
-        r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(rtnl, m, 0, NULL);
-        if (r < 0)
-                return r;
-
-        return bridge_ifi;
-}
-
-static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        int r;
-
-        r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return r;
-
-        r = sd_netlink_call(rtnl, m, 0, NULL);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
-        _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        int r, bridge_ifi;
-        unsigned n = 0;
-
-        assert(veth_name);
-        assert(bridge_name);
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        if (create) {
-                /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
-                 * bridge before removing it, without risking interferance from other nspawn instances. */
-
-                r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to take network zone lock: %m");
-        }
-
-        for (;;) {
-                bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
-                if (bridge_ifi >= 0)
-                        return bridge_ifi;
-                if (bridge_ifi != -ENODEV || !create || n > 10)
-                        return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
-
-                /* Count attempts, so that we don't enter an endless loop here. */
-                n++;
-
-                /* The bridge doesn't exist yet. Let's create it */
-                r = create_bridge(rtnl, bridge_name);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
-
-                /* Try again, now that the bridge exists */
-        }
-}
-
-int remove_bridge(const char *bridge_name) {
-        _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        const char *path;
-        int r;
-
-        /* Removes the specified bridge, but only if it is currently empty */
-
-        if (isempty(bridge_name))
-                return 0;
-
-        r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
-        if (r < 0)
-                return log_error_errno(r, "Failed to take network zone lock: %m");
-
-        path = strjoina("/sys/class/net/", bridge_name, "/brif");
-
-        r = dir_is_empty(path);
-        if (r == -ENOENT) /* Already gone? */
-                return 0;
-        if (r < 0)
-                return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
-        if (r == 0) /* Still populated, leave it around */
-                return 0;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        return remove_one_link(rtnl, bridge_name);
-}
-
-static int parse_interface(struct udev *udev, const char *name) {
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        char ifi_str[2 + DECIMAL_STR_MAX(int)];
-        int ifi;
-
-        ifi = (int) if_nametoindex(name);
-        if (ifi <= 0)
-                return log_error_errno(errno, "Failed to resolve interface %s: %m", name);
-
-        sprintf(ifi_str, "n%i", ifi);
-        d = udev_device_new_from_device_id(udev, ifi_str);
-        if (!d)
-                return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name);
-
-        if (udev_device_get_is_initialized(d) <= 0) {
-                log_error("Network interface %s is not initialized yet.", name);
-                return -EBUSY;
-        }
-
-        return ifi;
-}
-
-int move_network_interfaces(pid_t pid, char **ifaces) {
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        char **i;
-        int r;
-
-        if (strv_isempty(ifaces))
-                return 0;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        udev = udev_new();
-        if (!udev) {
-                log_error("Failed to connect to udev.");
-                return -ENOMEM;
-        }
-
-        STRV_FOREACH(i, ifaces) {
-                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-                int ifi;
-
-                ifi = parse_interface(udev, *i);
-                if (ifi < 0)
-                        return ifi;
-
-                r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to allocate netlink message: %m");
-
-                r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
-
-                r = sd_netlink_call(rtnl, m, 0, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
-        }
-
-        return 0;
-}
-
-int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        unsigned idx = 0;
-        char **i;
-        int r;
-
-        if (strv_isempty(ifaces))
-                return 0;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        udev = udev_new();
-        if (!udev) {
-                log_error("Failed to connect to udev.");
-                return -ENOMEM;
-        }
-
-        STRV_FOREACH(i, ifaces) {
-                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-                _cleanup_free_ char *n = NULL;
-                struct ether_addr mac;
-                int ifi;
-
-                ifi = parse_interface(udev, *i);
-                if (ifi < 0)
-                        return ifi;
-
-                r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
-
-                r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to allocate netlink message: %m");
-
-                r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink interface index: %m");
-
-                n = strappend("mv-", *i);
-                if (!n)
-                        return log_oom();
-
-                strshorten(n, IFNAMSIZ-1);
-
-                r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink interface name: %m");
-
-                r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink MAC address: %m");
-
-                r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink namespace field: %m");
-
-                r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to open netlink container: %m");
-
-                r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
-                if (r < 0)
-                        return log_error_errno(r, "Failed to open netlink container: %m");
-
-                r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to append macvlan mode: %m");
-
-                r = sd_netlink_message_close_container(m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to close netlink container: %m");
-
-                r = sd_netlink_message_close_container(m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to close netlink container: %m");
-
-                r = sd_netlink_call(rtnl, m, 0, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
-        }
-
-        return 0;
-}
-
-int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        char **i;
-        int r;
-
-        if (strv_isempty(ifaces))
-                return 0;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        udev = udev_new();
-        if (!udev) {
-                log_error("Failed to connect to udev.");
-                return -ENOMEM;
-        }
-
-        STRV_FOREACH(i, ifaces) {
-                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-                _cleanup_free_ char *n = NULL;
-                int ifi;
-
-                ifi = parse_interface(udev, *i);
-                if (ifi < 0)
-                        return ifi;
-
-                r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to allocate netlink message: %m");
-
-                r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink interface index: %m");
-
-                n = strappend("iv-", *i);
-                if (!n)
-                        return log_oom();
-
-                strshorten(n, IFNAMSIZ-1);
-
-                r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink interface name: %m");
-
-                r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add netlink namespace field: %m");
-
-                r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to open netlink container: %m");
-
-                r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
-                if (r < 0)
-                        return log_error_errno(r, "Failed to open netlink container: %m");
-
-                r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add ipvlan mode: %m");
-
-                r = sd_netlink_message_close_container(m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to close netlink container: %m");
-
-                r = sd_netlink_message_close_container(m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to close netlink container: %m");
-
-                r = sd_netlink_call(rtnl, m, 0, NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
-        }
-
-        return 0;
-}
-
-int veth_extra_parse(char ***l, const char *p) {
-        _cleanup_free_ char *a = NULL, *b = NULL;
-        int r;
-
-        r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
-        if (r < 0)
-                return r;
-        if (r == 0 || !ifname_valid(a))
-                return -EINVAL;
-
-        r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
-        if (r < 0)
-                return r;
-        if (r == 0 || !ifname_valid(b)) {
-                free(b);
-                b = strdup(a);
-                if (!b)
-                        return -ENOMEM;
-        }
-
-        if (p)
-                return -EINVAL;
-
-        r = strv_push_pair(l, a, b);
-        if (r < 0)
-                return -ENOMEM;
-
-        a = b = NULL;
-        return 0;
-}
-
-int remove_veth_links(const char *primary, char **pairs) {
-        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-        char **a, **b;
-        int r;
-
-        /* In some cases the kernel might pin the veth links between host and container even after the namespace
-         * died. Hence, let's better remove them explicitly too. */
-
-        if (isempty(primary) && strv_isempty(pairs))
-                return 0;
-
-        r = sd_netlink_open(&rtnl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to connect to netlink: %m");
-
-        remove_one_link(rtnl, primary);
-
-        STRV_FOREACH_PAIR(a, b, pairs)
-                remove_one_link(rtnl, *a);
-
-        return 0;
-}
diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c
deleted file mode 100644
index 20103c5e88..0000000000
--- a/src/nspawn/nspawn-register.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "bus-error.h"
-#include "bus-unit-util.h"
-#include "bus-util.h"
-#include "nspawn-register.h"
-#include "stat-util.h"
-#include "strv.h"
-#include "util.h"
-
-int register_machine(
-                const char *machine_name,
-                pid_t pid,
-                const char *directory,
-                sd_id128_t uuid,
-                int local_ifindex,
-                const char *slice,
-                CustomMount *mounts,
-                unsigned n_mounts,
-                int kill_signal,
-                char **properties,
-                bool keep_unit,
-                const char *service) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        r = sd_bus_default_system(&bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to open system bus: %m");
-
-        if (keep_unit) {
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "RegisterMachineWithNetwork",
-                                &error,
-                                NULL,
-                                "sayssusai",
-                                machine_name,
-                                SD_BUS_MESSAGE_APPEND_ID128(uuid),
-                                service,
-                                "container",
-                                (uint32_t) pid,
-                                strempty(directory),
-                                local_ifindex > 0 ? 1 : 0, local_ifindex);
-        } else {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-                char **i;
-                unsigned j;
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &m,
-                                "org.freedesktop.machine1",
-                                "/org/freedesktop/machine1",
-                                "org.freedesktop.machine1.Manager",
-                                "CreateMachineWithNetwork");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append(
-                                m,
-                                "sayssusai",
-                                machine_name,
-                                SD_BUS_MESSAGE_APPEND_ID128(uuid),
-                                service,
-                                "container",
-                                (uint32_t) pid,
-                                strempty(directory),
-                                local_ifindex > 0 ? 1 : 0, local_ifindex);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_open_container(m, 'a', "(sv)");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                if (!isempty(slice)) {
-                        r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
-                        if (r < 0)
-                                return bus_log_create_error(r);
-                }
-
-                r = sd_bus_message_append(m, "(sv)", "DevicePolicy", "s", "strict");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                /* If you make changes here, also make sure to update
-                 * systemd-nspawn@.service, to keep the device
-                 * policies in sync regardless if we are run with or
-                 * without the --keep-unit switch. */
-                r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9,
-                                          /* Allow the container to
-                                           * access and create the API
-                                           * device nodes, so that
-                                           * PrivateDevices= in the
-                                           * container can work
-                                           * fine */
-                                          "/dev/null", "rwm",
-                                          "/dev/zero", "rwm",
-                                          "/dev/full", "rwm",
-                                          "/dev/random", "rwm",
-                                          "/dev/urandom", "rwm",
-                                          "/dev/tty", "rwm",
-                                          "/dev/net/tun", "rwm",
-                                          /* Allow the container
-                                           * access to ptys. However,
-                                           * do not permit the
-                                           * container to ever create
-                                           * these device nodes. */
-                                          "/dev/pts/ptmx", "rw",
-                                          "char-pts", "rw");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                for (j = 0; j < n_mounts; j++) {
-                        CustomMount *cm = mounts + j;
-
-                        if (cm->type != CUSTOM_MOUNT_BIND)
-                                continue;
-
-                        r = is_device_node(cm->source);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to stat %s: %m", cm->source);
-
-                        if (r) {
-                                r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1,
-                                        cm->source, cm->read_only ? "r" : "rw");
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to append message arguments: %m");
-                        }
-                }
-
-                if (kill_signal != 0) {
-                        r = sd_bus_message_append(m, "(sv)", "KillSignal", "i", kill_signal);
-                        if (r < 0)
-                                return bus_log_create_error(r);
-
-                        r = sd_bus_message_append(m, "(sv)", "KillMode", "s", "mixed");
-                        if (r < 0)
-                                return bus_log_create_error(r);
-                }
-
-                STRV_FOREACH(i, properties) {
-                        r = bus_append_unit_property_assignment(m, *i);
-                        if (r < 0)
-                                return r;
-                }
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_call(bus, m, 0, &error, NULL);
-        }
-
-        if (r < 0) {
-                log_error("Failed to register machine: %s", bus_error_message(&error, r));
-                return r;
-        }
-
-        return 0;
-}
-
-int terminate_machine(pid_t pid) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        const char *path;
-        int r;
-
-        r = sd_bus_default_system(&bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to open system bus: %m");
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.machine1",
-                        "/org/freedesktop/machine1",
-                        "org.freedesktop.machine1.Manager",
-                        "GetMachineByPID",
-                        &error,
-                        &reply,
-                        "u",
-                        (uint32_t) pid);
-        if (r < 0) {
-                /* Note that the machine might already have been
-                 * cleaned up automatically, hence don't consider it a
-                 * failure if we cannot get the machine object. */
-                log_debug("Failed to get machine: %s", bus_error_message(&error, r));
-                return 0;
-        }
-
-        r = sd_bus_message_read(reply, "o", &path);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.machine1",
-                        path,
-                        "org.freedesktop.machine1.Machine",
-                        "Terminate",
-                        &error,
-                        NULL,
-                        NULL);
-        if (r < 0) {
-                log_debug("Failed to terminate machine: %s", bus_error_message(&error, r));
-                return 0;
-        }
-
-        return 0;
-}
diff --git a/src/nspawn/nspawn-register.h b/src/nspawn/nspawn-register.h
deleted file mode 100644
index 304c5a485b..0000000000
--- a/src/nspawn/nspawn-register.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sys/types.h>
-
-#include "sd-id128.h"
-
-#include "nspawn-mount.h"
-
-int register_machine(const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, bool keep_unit, const char *service);
-int terminate_machine(pid_t pid);
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
deleted file mode 100644
index 8ec058431b..0000000000
--- a/src/nspawn/nspawn.c
+++ /dev/null
@@ -1,4116 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#ifdef HAVE_BLKID
-#include <blkid/blkid.h>
-#endif
-#include <errno.h>
-#include <getopt.h>
-#include <grp.h>
-#include <linux/loop.h>
-#include <pwd.h>
-#include <sched.h>
-#ifdef HAVE_SECCOMP
-#include <seccomp.h>
-#endif
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/file.h>
-#include <sys/mount.h>
-#include <sys/personality.h>
-#include <sys/prctl.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include "sd-daemon.h"
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "barrier.h"
-#include "base-filesystem.h"
-#include "blkid-util.h"
-#include "btrfs-util.h"
-#include "cap-list.h"
-#include "capability-util.h"
-#include "cgroup-util.h"
-#include "copy.h"
-#include "dev-setup.h"
-#include "env-util.h"
-#include "fd-util.h"
-#include "fdset.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "gpt.h"
-#include "hostname-util.h"
-#include "log.h"
-#include "loopback-setup.h"
-#include "machine-id-setup.h"
-#include "machine-image.h"
-#include "macro.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "mount-util.h"
-#include "netlink-util.h"
-#include "nspawn-cgroup.h"
-#include "nspawn-expose-ports.h"
-#include "nspawn-mount.h"
-#include "nspawn-network.h"
-#include "nspawn-patch-uid.h"
-#include "nspawn-register.h"
-#include "nspawn-settings.h"
-#include "nspawn-setuid.h"
-#include "nspawn-stub-pid1.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "ptyfwd.h"
-#include "random-util.h"
-#include "rm-rf.h"
-#ifdef HAVE_SECCOMP
-#include "seccomp-util.h"
-#endif
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "stat-util.h"
-#include "stdio-util.h"
-#include "string-util.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "udev-util.h"
-#include "umask-util.h"
-#include "user-util.h"
-#include "util.h"
-
-/* Note that devpts's gid= parameter parses GIDs as signed values, hence we stay away from the upper half of the 32bit
- * UID range here */
-#define UID_SHIFT_PICK_MIN ((uid_t) UINT32_C(0x00080000))
-#define UID_SHIFT_PICK_MAX ((uid_t) UINT32_C(0x6FFF0000))
-
-typedef enum ContainerStatus {
-        CONTAINER_TERMINATED,
-        CONTAINER_REBOOTED
-} ContainerStatus;
-
-typedef enum LinkJournal {
-        LINK_NO,
-        LINK_AUTO,
-        LINK_HOST,
-        LINK_GUEST
-} LinkJournal;
-
-static char *arg_directory = NULL;
-static char *arg_template = NULL;
-static char *arg_chdir = NULL;
-static char *arg_user = NULL;
-static sd_id128_t arg_uuid = {};
-static char *arg_machine = NULL;
-static const char *arg_selinux_context = NULL;
-static const char *arg_selinux_apifs_context = NULL;
-static const char *arg_slice = NULL;
-static bool arg_private_network = false;
-static bool arg_read_only = false;
-static StartMode arg_start_mode = START_PID1;
-static bool arg_ephemeral = false;
-static LinkJournal arg_link_journal = LINK_AUTO;
-static bool arg_link_journal_try = false;
-static uint64_t arg_retain =
-        (1ULL << CAP_CHOWN) |
-        (1ULL << CAP_DAC_OVERRIDE) |
-        (1ULL << CAP_DAC_READ_SEARCH) |
-        (1ULL << CAP_FOWNER) |
-        (1ULL << CAP_FSETID) |
-        (1ULL << CAP_IPC_OWNER) |
-        (1ULL << CAP_KILL) |
-        (1ULL << CAP_LEASE) |
-        (1ULL << CAP_LINUX_IMMUTABLE) |
-        (1ULL << CAP_NET_BIND_SERVICE) |
-        (1ULL << CAP_NET_BROADCAST) |
-        (1ULL << CAP_NET_RAW) |
-        (1ULL << CAP_SETGID) |
-        (1ULL << CAP_SETFCAP) |
-        (1ULL << CAP_SETPCAP) |
-        (1ULL << CAP_SETUID) |
-        (1ULL << CAP_SYS_ADMIN) |
-        (1ULL << CAP_SYS_CHROOT) |
-        (1ULL << CAP_SYS_NICE) |
-        (1ULL << CAP_SYS_PTRACE) |
-        (1ULL << CAP_SYS_TTY_CONFIG) |
-        (1ULL << CAP_SYS_RESOURCE) |
-        (1ULL << CAP_SYS_BOOT) |
-        (1ULL << CAP_AUDIT_WRITE) |
-        (1ULL << CAP_AUDIT_CONTROL) |
-        (1ULL << CAP_MKNOD);
-static CustomMount *arg_custom_mounts = NULL;
-static unsigned arg_n_custom_mounts = 0;
-static char **arg_setenv = NULL;
-static bool arg_quiet = false;
-static bool arg_share_system = false;
-static bool arg_register = true;
-static bool arg_keep_unit = false;
-static char **arg_network_interfaces = NULL;
-static char **arg_network_macvlan = NULL;
-static char **arg_network_ipvlan = NULL;
-static bool arg_network_veth = false;
-static char **arg_network_veth_extra = NULL;
-static char *arg_network_bridge = NULL;
-static char *arg_network_zone = NULL;
-static unsigned long arg_personality = PERSONALITY_INVALID;
-static char *arg_image = NULL;
-static VolatileMode arg_volatile_mode = VOLATILE_NO;
-static ExposePort *arg_expose_ports = NULL;
-static char **arg_property = NULL;
-static UserNamespaceMode arg_userns_mode = USER_NAMESPACE_NO;
-static uid_t arg_uid_shift = UID_INVALID, arg_uid_range = 0x10000U;
-static bool arg_userns_chown = false;
-static int arg_kill_signal = 0;
-static bool arg_unified_cgroup_hierarchy = false;
-static SettingsMask arg_settings_mask = 0;
-static int arg_settings_trusted = -1;
-static char **arg_parameters = NULL;
-static const char *arg_container_service_name = "systemd-nspawn";
-
-static void help(void) {
-        printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
-               "Spawn a minimal namespace container for debugging, testing and building.\n\n"
-               "  -h --help                 Show this help\n"
-               "     --version              Print version string\n"
-               "  -q --quiet                Do not show status information\n"
-               "  -D --directory=PATH       Root directory for the container\n"
-               "     --template=PATH        Initialize root directory from template directory,\n"
-               "                            if missing\n"
-               "  -x --ephemeral            Run container with snapshot of root directory, and\n"
-               "                            remove it after exit\n"
-               "  -i --image=PATH           File system device or disk image for the container\n"
-               "  -a --as-pid2              Maintain a stub init as PID1, invoke binary as PID2\n"
-               "  -b --boot                 Boot up full system (i.e. invoke init)\n"
-               "     --chdir=PATH           Set working directory in the container\n"
-               "  -u --user=USER            Run the command under specified user or uid\n"
-               "  -M --machine=NAME         Set the machine name for the container\n"
-               "     --uuid=UUID            Set a specific machine UUID for the container\n"
-               "  -S --slice=SLICE          Place the container in the specified slice\n"
-               "     --property=NAME=VALUE  Set scope unit property\n"
-               "  -U --private-users=pick   Run within user namespace, pick UID/GID range automatically\n"
-               "     --private-users[=UIDBASE[:NUIDS]]\n"
-               "                            Run within user namespace, user configured UID/GID range\n"
-               "     --private-user-chown   Adjust OS tree file ownership for private UID/GID range\n"
-               "     --private-network      Disable network in container\n"
-               "     --network-interface=INTERFACE\n"
-               "                            Assign an existing network interface to the\n"
-               "                            container\n"
-               "     --network-macvlan=INTERFACE\n"
-               "                            Create a macvlan network interface based on an\n"
-               "                            existing network interface to the container\n"
-               "     --network-ipvlan=INTERFACE\n"
-               "                            Create a ipvlan network interface based on an\n"
-               "                            existing network interface to the container\n"
-               "  -n --network-veth         Add a virtual Ethernet connection between host\n"
-               "                            and container\n"
-               "     --network-veth-extra=HOSTIF[:CONTAINERIF]\n"
-               "                            Add an additional virtual Ethernet link between\n"
-               "                            host and container\n"
-               "     --network-bridge=INTERFACE\n"
-               "                            Add a virtual Ethernet connection between host\n"
-               "                            and container and add it to an existing bridge on\n"
-               "                            the host\n"
-               "     --network-zone=NAME    Add a virtual Ethernet connection to the container,\n"
-               "                            and add it to an automatically managed bridge interface\n"
-               "  -p --port=[PROTOCOL:]HOSTPORT[:CONTAINERPORT]\n"
-               "                            Expose a container IP port on the host\n"
-               "  -Z --selinux-context=SECLABEL\n"
-               "                            Set the SELinux security context to be used by\n"
-               "                            processes in the container\n"
-               "  -L --selinux-apifs-context=SECLABEL\n"
-               "                            Set the SELinux security context to be used by\n"
-               "                            API/tmpfs file systems in the container\n"
-               "     --capability=CAP       In addition to the default, retain specified\n"
-               "                            capability\n"
-               "     --drop-capability=CAP  Drop the specified capability from the default set\n"
-               "     --kill-signal=SIGNAL   Select signal to use for shutting down PID 1\n"
-               "     --link-journal=MODE    Link up guest journal, one of no, auto, guest, \n"
-               "                            host, try-guest, try-host\n"
-               "  -j                        Equivalent to --link-journal=try-guest\n"
-               "     --read-only            Mount the root directory read-only\n"
-               "     --bind=PATH[:PATH[:OPTIONS]]\n"
-               "                            Bind mount a file or directory from the host into\n"
-               "                            the container\n"
-               "     --bind-ro=PATH[:PATH[:OPTIONS]\n"
-               "                            Similar, but creates a read-only bind mount\n"
-               "     --tmpfs=PATH:[OPTIONS] Mount an empty tmpfs to the specified directory\n"
-               "     --overlay=PATH[:PATH...]:PATH\n"
-               "                            Create an overlay mount from the host to \n"
-               "                            the container\n"
-               "     --overlay-ro=PATH[:PATH...]:PATH\n"
-               "                            Similar, but creates a read-only overlay mount\n"
-               "  -E --setenv=NAME=VALUE    Pass an environment variable to PID 1\n"
-               "     --share-system         Share system namespaces with host\n"
-               "     --register=BOOLEAN     Register container as machine\n"
-               "     --keep-unit            Do not register a scope for the machine, reuse\n"
-               "                            the service unit nspawn is running in\n"
-               "     --volatile[=MODE]      Run the system in volatile mode\n"
-               "     --settings=BOOLEAN     Load additional settings from .nspawn file\n"
-               , program_invocation_short_name);
-}
-
-
-static int custom_mounts_prepare(void) {
-        unsigned i;
-        int r;
-
-        /* Ensure the mounts are applied prefix first. */
-        qsort_safe(arg_custom_mounts, arg_n_custom_mounts, sizeof(CustomMount), custom_mount_compare);
-
-        /* Allocate working directories for the overlay file systems that need it */
-        for (i = 0; i < arg_n_custom_mounts; i++) {
-                CustomMount *m = &arg_custom_mounts[i];
-
-                if (path_equal(m->destination, "/") && arg_userns_mode != USER_NAMESPACE_NO) {
-
-                        if (arg_userns_chown) {
-                                log_error("--private-users-chown may not be combined with custom root mounts.");
-                                return -EINVAL;
-                        } else if (arg_uid_shift == UID_INVALID) {
-                                log_error("--private-users with automatic UID shift may not be combined with custom root mounts.");
-                                return -EINVAL;
-                        }
-                }
-
-                if (m->type != CUSTOM_MOUNT_OVERLAY)
-                        continue;
-
-                if (m->work_dir)
-                        continue;
-
-                if (m->read_only)
-                        continue;
-
-                r = tempfn_random(m->source, NULL, &m->work_dir);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to generate work directory from %s: %m", m->source);
-        }
-
-        return 0;
-}
-
-static int detect_unified_cgroup_hierarchy(void) {
-        const char *e;
-        int r;
-
-        /* Allow the user to control whether the unified hierarchy is used */
-        e = getenv("UNIFIED_CGROUP_HIERARCHY");
-        if (e) {
-                r = parse_boolean(e);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse $UNIFIED_CGROUP_HIERARCHY.");
-
-                arg_unified_cgroup_hierarchy = r;
-                return 0;
-        }
-
-        /* Otherwise inherit the default from the host system */
-        r = cg_unified();
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine whether the unified cgroups hierarchy is used: %m");
-
-        arg_unified_cgroup_hierarchy = r;
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_PRIVATE_NETWORK,
-                ARG_UUID,
-                ARG_READ_ONLY,
-                ARG_CAPABILITY,
-                ARG_DROP_CAPABILITY,
-                ARG_LINK_JOURNAL,
-                ARG_BIND,
-                ARG_BIND_RO,
-                ARG_TMPFS,
-                ARG_OVERLAY,
-                ARG_OVERLAY_RO,
-                ARG_SHARE_SYSTEM,
-                ARG_REGISTER,
-                ARG_KEEP_UNIT,
-                ARG_NETWORK_INTERFACE,
-                ARG_NETWORK_MACVLAN,
-                ARG_NETWORK_IPVLAN,
-                ARG_NETWORK_BRIDGE,
-                ARG_NETWORK_ZONE,
-                ARG_NETWORK_VETH_EXTRA,
-                ARG_PERSONALITY,
-                ARG_VOLATILE,
-                ARG_TEMPLATE,
-                ARG_PROPERTY,
-                ARG_PRIVATE_USERS,
-                ARG_KILL_SIGNAL,
-                ARG_SETTINGS,
-                ARG_CHDIR,
-                ARG_PRIVATE_USERS_CHOWN,
-        };
-
-        static const struct option options[] = {
-                { "help",                  no_argument,       NULL, 'h'                   },
-                { "version",               no_argument,       NULL, ARG_VERSION           },
-                { "directory",             required_argument, NULL, 'D'                   },
-                { "template",              required_argument, NULL, ARG_TEMPLATE          },
-                { "ephemeral",             no_argument,       NULL, 'x'                   },
-                { "user",                  required_argument, NULL, 'u'                   },
-                { "private-network",       no_argument,       NULL, ARG_PRIVATE_NETWORK   },
-                { "as-pid2",               no_argument,       NULL, 'a'                   },
-                { "boot",                  no_argument,       NULL, 'b'                   },
-                { "uuid",                  required_argument, NULL, ARG_UUID              },
-                { "read-only",             no_argument,       NULL, ARG_READ_ONLY         },
-                { "capability",            required_argument, NULL, ARG_CAPABILITY        },
-                { "drop-capability",       required_argument, NULL, ARG_DROP_CAPABILITY   },
-                { "link-journal",          required_argument, NULL, ARG_LINK_JOURNAL      },
-                { "bind",                  required_argument, NULL, ARG_BIND              },
-                { "bind-ro",               required_argument, NULL, ARG_BIND_RO           },
-                { "tmpfs",                 required_argument, NULL, ARG_TMPFS             },
-                { "overlay",               required_argument, NULL, ARG_OVERLAY           },
-                { "overlay-ro",            required_argument, NULL, ARG_OVERLAY_RO        },
-                { "machine",               required_argument, NULL, 'M'                   },
-                { "slice",                 required_argument, NULL, 'S'                   },
-                { "setenv",                required_argument, NULL, 'E'                   },
-                { "selinux-context",       required_argument, NULL, 'Z'                   },
-                { "selinux-apifs-context", required_argument, NULL, 'L'                   },
-                { "quiet",                 no_argument,       NULL, 'q'                   },
-                { "share-system",          no_argument,       NULL, ARG_SHARE_SYSTEM      },
-                { "register",              required_argument, NULL, ARG_REGISTER          },
-                { "keep-unit",             no_argument,       NULL, ARG_KEEP_UNIT         },
-                { "network-interface",     required_argument, NULL, ARG_NETWORK_INTERFACE },
-                { "network-macvlan",       required_argument, NULL, ARG_NETWORK_MACVLAN   },
-                { "network-ipvlan",        required_argument, NULL, ARG_NETWORK_IPVLAN    },
-                { "network-veth",          no_argument,       NULL, 'n'                   },
-                { "network-veth-extra",    required_argument, NULL, ARG_NETWORK_VETH_EXTRA},
-                { "network-bridge",        required_argument, NULL, ARG_NETWORK_BRIDGE    },
-                { "network-zone",          required_argument, NULL, ARG_NETWORK_ZONE      },
-                { "personality",           required_argument, NULL, ARG_PERSONALITY       },
-                { "image",                 required_argument, NULL, 'i'                   },
-                { "volatile",              optional_argument, NULL, ARG_VOLATILE          },
-                { "port",                  required_argument, NULL, 'p'                   },
-                { "property",              required_argument, NULL, ARG_PROPERTY          },
-                { "private-users",         optional_argument, NULL, ARG_PRIVATE_USERS     },
-                { "private-users-chown",   optional_argument, NULL, ARG_PRIVATE_USERS_CHOWN},
-                { "kill-signal",           required_argument, NULL, ARG_KILL_SIGNAL       },
-                { "settings",              required_argument, NULL, ARG_SETTINGS          },
-                { "chdir",                 required_argument, NULL, ARG_CHDIR             },
-                {}
-        };
-
-        int c, r;
-        const char *p, *e;
-        uint64_t plus = 0, minus = 0;
-        bool mask_all_settings = false, mask_no_settings = false;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "+hD:u:abL:M:jS:Z:qi:xp:nU", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'D':
-                        r = parse_path_argument_and_warn(optarg, false, &arg_directory);
-                        if (r < 0)
-                                return r;
-                        break;
-
-                case ARG_TEMPLATE:
-                        r = parse_path_argument_and_warn(optarg, false, &arg_template);
-                        if (r < 0)
-                                return r;
-                        break;
-
-                case 'i':
-                        r = parse_path_argument_and_warn(optarg, false, &arg_image);
-                        if (r < 0)
-                                return r;
-                        break;
-
-                case 'x':
-                        arg_ephemeral = true;
-                        break;
-
-                case 'u':
-                        r = free_and_strdup(&arg_user, optarg);
-                        if (r < 0)
-                                return log_oom();
-
-                        arg_settings_mask |= SETTING_USER;
-                        break;
-
-                case ARG_NETWORK_ZONE: {
-                        char *j;
-
-                        j = strappend("vz-", optarg);
-                        if (!j)
-                                return log_oom();
-
-                        if (!ifname_valid(j)) {
-                                log_error("Network zone name not valid: %s", j);
-                                free(j);
-                                return -EINVAL;
-                        }
-
-                        free(arg_network_zone);
-                        arg_network_zone = j;
-
-                        arg_network_veth = true;
-                        arg_private_network = true;
-                        arg_settings_mask |= SETTING_NETWORK;
-                        break;
-                }
-
-                case ARG_NETWORK_BRIDGE:
-
-                        if (!ifname_valid(optarg)) {
-                                log_error("Bridge interface name not valid: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        r = free_and_strdup(&arg_network_bridge, optarg);
-                        if (r < 0)
-                                return log_oom();
-
-                        /* fall through */
-
-                case 'n':
-                        arg_network_veth = true;
-                        arg_private_network = true;
-                        arg_settings_mask |= SETTING_NETWORK;
-                        break;
-
-                case ARG_NETWORK_VETH_EXTRA:
-                        r = veth_extra_parse(&arg_network_veth_extra, optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --network-veth-extra= parameter: %s", optarg);
-
-                        arg_private_network = true;
-                        arg_settings_mask |= SETTING_NETWORK;
-                        break;
-
-                case ARG_NETWORK_INTERFACE:
-
-                        if (!ifname_valid(optarg)) {
-                                log_error("Network interface name not valid: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        if (strv_extend(&arg_network_interfaces, optarg) < 0)
-                                return log_oom();
-
-                        arg_private_network = true;
-                        arg_settings_mask |= SETTING_NETWORK;
-                        break;
-
-                case ARG_NETWORK_MACVLAN:
-
-                        if (!ifname_valid(optarg)) {
-                                log_error("MACVLAN network interface name not valid: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        if (strv_extend(&arg_network_macvlan, optarg) < 0)
-                                return log_oom();
-
-                        arg_private_network = true;
-                        arg_settings_mask |= SETTING_NETWORK;
-                        break;
-
-                case ARG_NETWORK_IPVLAN:
-
-                        if (!ifname_valid(optarg)) {
-                                log_error("IPVLAN network interface name not valid: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        if (strv_extend(&arg_network_ipvlan, optarg) < 0)
-                                return log_oom();
-
-                        /* fall through */
-
-                case ARG_PRIVATE_NETWORK:
-                        arg_private_network = true;
-                        arg_settings_mask |= SETTING_NETWORK;
-                        break;
-
-                case 'b':
-                        if (arg_start_mode == START_PID2) {
-                                log_error("--boot and --as-pid2 may not be combined.");
-                                return -EINVAL;
-                        }
-
-                        arg_start_mode = START_BOOT;
-                        arg_settings_mask |= SETTING_START_MODE;
-                        break;
-
-                case 'a':
-                        if (arg_start_mode == START_BOOT) {
-                                log_error("--boot and --as-pid2 may not be combined.");
-                                return -EINVAL;
-                        }
-
-                        arg_start_mode = START_PID2;
-                        arg_settings_mask |= SETTING_START_MODE;
-                        break;
-
-                case ARG_UUID:
-                        r = sd_id128_from_string(optarg, &arg_uuid);
-                        if (r < 0) {
-                                log_error("Invalid UUID: %s", optarg);
-                                return r;
-                        }
-
-                        arg_settings_mask |= SETTING_MACHINE_ID;
-                        break;
-
-                case 'S':
-                        arg_slice = optarg;
-                        break;
-
-                case 'M':
-                        if (isempty(optarg))
-                                arg_machine = mfree(arg_machine);
-                        else {
-                                if (!machine_name_is_valid(optarg)) {
-                                        log_error("Invalid machine name: %s", optarg);
-                                        return -EINVAL;
-                                }
-
-                                r = free_and_strdup(&arg_machine, optarg);
-                                if (r < 0)
-                                        return log_oom();
-
-                                break;
-                        }
-
-                case 'Z':
-                        arg_selinux_context = optarg;
-                        break;
-
-                case 'L':
-                        arg_selinux_apifs_context = optarg;
-                        break;
-
-                case ARG_READ_ONLY:
-                        arg_read_only = true;
-                        arg_settings_mask |= SETTING_READ_ONLY;
-                        break;
-
-                case ARG_CAPABILITY:
-                case ARG_DROP_CAPABILITY: {
-                        p = optarg;
-                        for (;;) {
-                                _cleanup_free_ char *t = NULL;
-
-                                r = extract_first_word(&p, &t, ",", 0);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse capability %s.", t);
-
-                                if (r == 0)
-                                        break;
-
-                                if (streq(t, "all")) {
-                                        if (c == ARG_CAPABILITY)
-                                                plus = (uint64_t) -1;
-                                        else
-                                                minus = (uint64_t) -1;
-                                } else {
-                                        int cap;
-
-                                        cap = capability_from_name(t);
-                                        if (cap < 0) {
-                                                log_error("Failed to parse capability %s.", t);
-                                                return -EINVAL;
-                                        }
-
-                                        if (c == ARG_CAPABILITY)
-                                                plus |= 1ULL << (uint64_t) cap;
-                                        else
-                                                minus |= 1ULL << (uint64_t) cap;
-                                }
-                        }
-
-                        arg_settings_mask |= SETTING_CAPABILITY;
-                        break;
-                }
-
-                case 'j':
-                        arg_link_journal = LINK_GUEST;
-                        arg_link_journal_try = true;
-                        break;
-
-                case ARG_LINK_JOURNAL:
-                        if (streq(optarg, "auto")) {
-                                arg_link_journal = LINK_AUTO;
-                                arg_link_journal_try = false;
-                        } else if (streq(optarg, "no")) {
-                                arg_link_journal = LINK_NO;
-                                arg_link_journal_try = false;
-                        } else if (streq(optarg, "guest")) {
-                                arg_link_journal = LINK_GUEST;
-                                arg_link_journal_try = false;
-                        } else if (streq(optarg, "host")) {
-                                arg_link_journal = LINK_HOST;
-                                arg_link_journal_try = false;
-                        } else if (streq(optarg, "try-guest")) {
-                                arg_link_journal = LINK_GUEST;
-                                arg_link_journal_try = true;
-                        } else if (streq(optarg, "try-host")) {
-                                arg_link_journal = LINK_HOST;
-                                arg_link_journal_try = true;
-                        } else {
-                                log_error("Failed to parse link journal mode %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case ARG_BIND:
-                case ARG_BIND_RO:
-                        r = bind_mount_parse(&arg_custom_mounts, &arg_n_custom_mounts, optarg, c == ARG_BIND_RO);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --bind(-ro)= argument %s: %m", optarg);
-
-                        arg_settings_mask |= SETTING_CUSTOM_MOUNTS;
-                        break;
-
-                case ARG_TMPFS:
-                        r = tmpfs_mount_parse(&arg_custom_mounts, &arg_n_custom_mounts, optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --tmpfs= argument %s: %m", optarg);
-
-                        arg_settings_mask |= SETTING_CUSTOM_MOUNTS;
-                        break;
-
-                case ARG_OVERLAY:
-                case ARG_OVERLAY_RO: {
-                        _cleanup_free_ char *upper = NULL, *destination = NULL;
-                        _cleanup_strv_free_ char **lower = NULL;
-                        CustomMount *m;
-                        unsigned n = 0;
-                        char **i;
-
-                        r = strv_split_extract(&lower, optarg, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
-                        if (r == -ENOMEM)
-                                return log_oom();
-                        else if (r < 0) {
-                                log_error("Invalid overlay specification: %s", optarg);
-                                return r;
-                        }
-
-                        STRV_FOREACH(i, lower) {
-                                if (!path_is_absolute(*i)) {
-                                        log_error("Overlay path %s is not absolute.", *i);
-                                        return -EINVAL;
-                                }
-
-                                n++;
-                        }
-
-                        if (n < 2) {
-                                log_error("--overlay= needs at least two colon-separated directories specified.");
-                                return -EINVAL;
-                        }
-
-                        if (n == 2) {
-                                /* If two parameters are specified,
-                                 * the first one is the lower, the
-                                 * second one the upper directory. And
-                                 * we'll also define the destination
-                                 * mount point the same as the upper. */
-                                upper = lower[1];
-                                lower[1] = NULL;
-
-                                destination = strdup(upper);
-                                if (!destination)
-                                        return log_oom();
-
-                        } else {
-                                upper = lower[n - 2];
-                                destination = lower[n - 1];
-                                lower[n - 2] = NULL;
-                        }
-
-                        m = custom_mount_add(&arg_custom_mounts, &arg_n_custom_mounts, CUSTOM_MOUNT_OVERLAY);
-                        if (!m)
-                                return log_oom();
-
-                        m->destination = destination;
-                        m->source = upper;
-                        m->lower = lower;
-                        m->read_only = c == ARG_OVERLAY_RO;
-
-                        upper = destination = NULL;
-                        lower = NULL;
-
-                        arg_settings_mask |= SETTING_CUSTOM_MOUNTS;
-                        break;
-                }
-
-                case 'E': {
-                        char **n;
-
-                        if (!env_assignment_is_valid(optarg)) {
-                                log_error("Environment variable assignment '%s' is not valid.", optarg);
-                                return -EINVAL;
-                        }
-
-                        n = strv_env_set(arg_setenv, optarg);
-                        if (!n)
-                                return log_oom();
-
-                        strv_free(arg_setenv);
-                        arg_setenv = n;
-
-                        arg_settings_mask |= SETTING_ENVIRONMENT;
-                        break;
-                }
-
-                case 'q':
-                        arg_quiet = true;
-                        break;
-
-                case ARG_SHARE_SYSTEM:
-                        arg_share_system = true;
-                        break;
-
-                case ARG_REGISTER:
-                        r = parse_boolean(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse --register= argument: %s", optarg);
-                                return r;
-                        }
-
-                        arg_register = r;
-                        break;
-
-                case ARG_KEEP_UNIT:
-                        arg_keep_unit = true;
-                        break;
-
-                case ARG_PERSONALITY:
-
-                        arg_personality = personality_from_string(optarg);
-                        if (arg_personality == PERSONALITY_INVALID) {
-                                log_error("Unknown or unsupported personality '%s'.", optarg);
-                                return -EINVAL;
-                        }
-
-                        arg_settings_mask |= SETTING_PERSONALITY;
-                        break;
-
-                case ARG_VOLATILE:
-
-                        if (!optarg)
-                                arg_volatile_mode = VOLATILE_YES;
-                        else {
-                                VolatileMode m;
-
-                                m = volatile_mode_from_string(optarg);
-                                if (m < 0) {
-                                        log_error("Failed to parse --volatile= argument: %s", optarg);
-                                        return -EINVAL;
-                                } else
-                                        arg_volatile_mode = m;
-                        }
-
-                        arg_settings_mask |= SETTING_VOLATILE_MODE;
-                        break;
-
-                case 'p':
-                        r = expose_port_parse(&arg_expose_ports, optarg);
-                        if (r == -EEXIST)
-                                return log_error_errno(r, "Duplicate port specification: %s", optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse host port %s: %m", optarg);
-
-                        arg_settings_mask |= SETTING_EXPOSE_PORTS;
-                        break;
-
-                case ARG_PROPERTY:
-                        if (strv_extend(&arg_property, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case ARG_PRIVATE_USERS:
-
-                        r = optarg ? parse_boolean(optarg) : 1;
-                        if (r == 0) {
-                                /* no: User namespacing off */
-                                arg_userns_mode = USER_NAMESPACE_NO;
-                                arg_uid_shift = UID_INVALID;
-                                arg_uid_range = UINT32_C(0x10000);
-                        } else if (r > 0) {
-                                /* yes: User namespacing on, UID range is read from root dir */
-                                arg_userns_mode = USER_NAMESPACE_FIXED;
-                                arg_uid_shift = UID_INVALID;
-                                arg_uid_range = UINT32_C(0x10000);
-                        } else if (streq(optarg, "pick")) {
-                                /* pick: User namespacing on, UID range is picked randomly */
-                                arg_userns_mode = USER_NAMESPACE_PICK;
-                                arg_uid_shift = UID_INVALID;
-                                arg_uid_range = UINT32_C(0x10000);
-                        } else {
-                                _cleanup_free_ char *buffer = NULL;
-                                const char *range, *shift;
-
-                                /* anything else: User namespacing on, UID range is explicitly configured */
-
-                                range = strchr(optarg, ':');
-                                if (range) {
-                                        buffer = strndup(optarg, range - optarg);
-                                        if (!buffer)
-                                                return log_oom();
-                                        shift = buffer;
-
-                                        range++;
-                                        if (safe_atou32(range, &arg_uid_range) < 0 || arg_uid_range <= 0) {
-                                                log_error("Failed to parse UID range: %s", range);
-                                                return -EINVAL;
-                                        }
-                                } else
-                                        shift = optarg;
-
-                                if (parse_uid(shift, &arg_uid_shift) < 0) {
-                                        log_error("Failed to parse UID: %s", optarg);
-                                        return -EINVAL;
-                                }
-
-                                arg_userns_mode = USER_NAMESPACE_FIXED;
-                        }
-
-                        arg_settings_mask |= SETTING_USERNS;
-                        break;
-
-                case 'U':
-                        if (userns_supported()) {
-                                arg_userns_mode = USER_NAMESPACE_PICK;
-                                arg_uid_shift = UID_INVALID;
-                                arg_uid_range = UINT32_C(0x10000);
-
-                                arg_settings_mask |= SETTING_USERNS;
-                        }
-
-                        break;
-
-                case ARG_PRIVATE_USERS_CHOWN:
-                        arg_userns_chown = true;
-
-                        arg_settings_mask |= SETTING_USERNS;
-                        break;
-
-                case ARG_KILL_SIGNAL:
-                        arg_kill_signal = signal_from_string_try_harder(optarg);
-                        if (arg_kill_signal < 0) {
-                                log_error("Cannot parse signal: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        arg_settings_mask |= SETTING_KILL_SIGNAL;
-                        break;
-
-                case ARG_SETTINGS:
-
-                        /* no               → do not read files
-                         * yes              → read files, do not override cmdline, trust only subset
-                         * override         → read files, override cmdline, trust only subset
-                         * trusted          → read files, do not override cmdline, trust all
-                         */
-
-                        r = parse_boolean(optarg);
-                        if (r < 0) {
-                                if (streq(optarg, "trusted")) {
-                                        mask_all_settings = false;
-                                        mask_no_settings = false;
-                                        arg_settings_trusted = true;
-
-                                } else if (streq(optarg, "override")) {
-                                        mask_all_settings = false;
-                                        mask_no_settings = true;
-                                        arg_settings_trusted = -1;
-                                } else
-                                        return log_error_errno(r, "Failed to parse --settings= argument: %s", optarg);
-                        } else if (r > 0) {
-                                /* yes */
-                                mask_all_settings = false;
-                                mask_no_settings = false;
-                                arg_settings_trusted = -1;
-                        } else {
-                                /* no */
-                                mask_all_settings = true;
-                                mask_no_settings = false;
-                                arg_settings_trusted = false;
-                        }
-
-                        break;
-
-                case ARG_CHDIR:
-                        if (!path_is_absolute(optarg)) {
-                                log_error("Working directory %s is not an absolute path.", optarg);
-                                return -EINVAL;
-                        }
-
-                        r = free_and_strdup(&arg_chdir, optarg);
-                        if (r < 0)
-                                return log_oom();
-
-                        arg_settings_mask |= SETTING_WORKING_DIRECTORY;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (arg_share_system)
-                arg_register = false;
-
-        if (arg_userns_mode == USER_NAMESPACE_PICK)
-                arg_userns_chown = true;
-
-        if (arg_start_mode != START_PID1 && arg_share_system) {
-                log_error("--boot and --share-system may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_keep_unit && cg_pid_get_owner_uid(0, NULL) >= 0) {
-                log_error("--keep-unit may not be used when invoked from a user session.");
-                return -EINVAL;
-        }
-
-        if (arg_directory && arg_image) {
-                log_error("--directory= and --image= may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_template && arg_image) {
-                log_error("--template= and --image= may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_template && !(arg_directory || arg_machine)) {
-                log_error("--template= needs --directory= or --machine=.");
-                return -EINVAL;
-        }
-
-        if (arg_ephemeral && arg_template) {
-                log_error("--ephemeral and --template= may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_ephemeral && arg_image) {
-                log_error("--ephemeral and --image= may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_ephemeral && !IN_SET(arg_link_journal, LINK_NO, LINK_AUTO)) {
-                log_error("--ephemeral and --link-journal= may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_userns_mode != USER_NAMESPACE_NO && !userns_supported()) {
-                log_error("--private-users= is not supported, kernel compiled without user namespace support.");
-                return -EOPNOTSUPP;
-        }
-
-        if (arg_userns_chown && arg_read_only) {
-                log_error("--read-only and --private-users-chown may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_network_bridge && arg_network_zone) {
-                log_error("--network-bridge= and --network-zone= may not be combined.");
-                return -EINVAL;
-        }
-
-        if (argc > optind) {
-                arg_parameters = strv_copy(argv + optind);
-                if (!arg_parameters)
-                        return log_oom();
-
-                arg_settings_mask |= SETTING_START_MODE;
-        }
-
-        /* Load all settings from .nspawn files */
-        if (mask_no_settings)
-                arg_settings_mask = 0;
-
-        /* Don't load any settings from .nspawn files */
-        if (mask_all_settings)
-                arg_settings_mask = _SETTINGS_MASK_ALL;
-
-        arg_retain = (arg_retain | plus | (arg_private_network ? 1ULL << CAP_NET_ADMIN : 0)) & ~minus;
-
-        r = detect_unified_cgroup_hierarchy();
-        if (r < 0)
-                return r;
-
-        e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
-        if (e)
-                arg_container_service_name = e;
-
-        return 1;
-}
-
-static int verify_arguments(void) {
-
-        if (arg_volatile_mode != VOLATILE_NO && arg_read_only) {
-                log_error("Cannot combine --read-only with --volatile. Note that --volatile already implies a read-only base hierarchy.");
-                return -EINVAL;
-        }
-
-        if (arg_expose_ports && !arg_private_network) {
-                log_error("Cannot use --port= without private networking.");
-                return -EINVAL;
-        }
-
-#ifndef HAVE_LIBIPTC
-        if (arg_expose_ports) {
-                log_error("--port= is not supported, compiled without libiptc support.");
-                return -EOPNOTSUPP;
-        }
-#endif
-
-        if (arg_start_mode == START_BOOT && arg_kill_signal <= 0)
-                arg_kill_signal = SIGRTMIN+3;
-
-        return 0;
-}
-
-static int userns_lchown(const char *p, uid_t uid, gid_t gid) {
-        assert(p);
-
-        if (arg_userns_mode == USER_NAMESPACE_NO)
-                return 0;
-
-        if (uid == UID_INVALID && gid == GID_INVALID)
-                return 0;
-
-        if (uid != UID_INVALID) {
-                uid += arg_uid_shift;
-
-                if (uid < arg_uid_shift || uid >= arg_uid_shift + arg_uid_range)
-                        return -EOVERFLOW;
-        }
-
-        if (gid != GID_INVALID) {
-                gid += (gid_t) arg_uid_shift;
-
-                if (gid < (gid_t) arg_uid_shift || gid >= (gid_t) (arg_uid_shift + arg_uid_range))
-                        return -EOVERFLOW;
-        }
-
-        if (lchown(p, uid, gid) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid_t gid) {
-        const char *q;
-
-        q = prefix_roota(root, path);
-        if (mkdir(q, mode) < 0) {
-                if (errno == EEXIST)
-                        return 0;
-                return -errno;
-        }
-
-        return userns_lchown(q, uid, gid);
-}
-
-static int setup_timezone(const char *dest) {
-        _cleanup_free_ char *p = NULL, *q = NULL;
-        const char *where, *check, *what;
-        char *z, *y;
-        int r;
-
-        assert(dest);
-
-        /* Fix the timezone, if possible */
-        r = readlink_malloc("/etc/localtime", &p);
-        if (r < 0) {
-                log_warning("/etc/localtime is not a symlink, not updating container timezone.");
-                return 0;
-        }
-
-        z = path_startswith(p, "../usr/share/zoneinfo/");
-        if (!z)
-                z = path_startswith(p, "/usr/share/zoneinfo/");
-        if (!z) {
-                log_warning("/etc/localtime does not point into /usr/share/zoneinfo/, not updating container timezone.");
-                return 0;
-        }
-
-        where = prefix_roota(dest, "/etc/localtime");
-        r = readlink_malloc(where, &q);
-        if (r >= 0) {
-                y = path_startswith(q, "../usr/share/zoneinfo/");
-                if (!y)
-                        y = path_startswith(q, "/usr/share/zoneinfo/");
-
-                /* Already pointing to the right place? Then do nothing .. */
-                if (y && streq(y, z))
-                        return 0;
-        }
-
-        check = strjoina("/usr/share/zoneinfo/", z);
-        check = prefix_roota(dest, check);
-        if (laccess(check, F_OK) < 0) {
-                log_warning("Timezone %s does not exist in container, not updating container timezone.", z);
-                return 0;
-        }
-
-        r = unlink(where);
-        if (r < 0 && errno != ENOENT) {
-                log_error_errno(errno, "Failed to remove existing timezone info %s in container: %m", where);
-                return 0;
-        }
-
-        what = strjoina("../usr/share/zoneinfo/", z);
-        if (symlink(what, where) < 0) {
-                log_error_errno(errno, "Failed to correct timezone of container: %m");
-                return 0;
-        }
-
-        r = userns_lchown(where, 0, 0);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to chown /etc/localtime: %m");
-
-        return 0;
-}
-
-static int setup_resolv_conf(const char *dest) {
-        const char *where = NULL;
-        int r;
-
-        assert(dest);
-
-        if (arg_private_network)
-                return 0;
-
-        /* Fix resolv.conf, if possible */
-        where = prefix_roota(dest, "/etc/resolv.conf");
-
-        r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
-        if (r < 0) {
-                /* If the file already exists as symlink, let's
-                 * suppress the warning, under the assumption that
-                 * resolved or something similar runs inside and the
-                 * symlink points there.
-                 *
-                 * If the disk image is read-only, there's also no
-                 * point in complaining.
-                 */
-                log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
-                               "Failed to copy /etc/resolv.conf to %s: %m", where);
-                return 0;
-        }
-
-        r = userns_lchown(where, 0, 0);
-        if (r < 0)
-                log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
-
-        return 0;
-}
-
-static char* id128_format_as_uuid(sd_id128_t id, char s[37]) {
-        assert(s);
-
-        snprintf(s, 37,
-                 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                 SD_ID128_FORMAT_VAL(id));
-
-        return s;
-}
-
-static int setup_boot_id(const char *dest) {
-        const char *from, *to;
-        sd_id128_t rnd = {};
-        char as_uuid[37];
-        int r;
-
-        if (arg_share_system)
-                return 0;
-
-        /* Generate a new randomized boot ID, so that each boot-up of
-         * the container gets a new one */
-
-        from = prefix_roota(dest, "/run/proc-sys-kernel-random-boot-id");
-        to = prefix_roota(dest, "/proc/sys/kernel/random/boot_id");
-
-        r = sd_id128_randomize(&rnd);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate random boot id: %m");
-
-        id128_format_as_uuid(rnd, as_uuid);
-
-        r = write_string_file(from, as_uuid, WRITE_STRING_FILE_CREATE);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write boot id: %m");
-
-        if (mount(from, to, NULL, MS_BIND, NULL) < 0)
-                r = log_error_errno(errno, "Failed to bind mount boot id: %m");
-        else if (mount(NULL, to, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL) < 0)
-                log_warning_errno(errno, "Failed to make boot id read-only: %m");
-
-        unlink(from);
-        return r;
-}
-
-static int copy_devnodes(const char *dest) {
-
-        static const char devnodes[] =
-                "null\0"
-                "zero\0"
-                "full\0"
-                "random\0"
-                "urandom\0"
-                "tty\0"
-                "net/tun\0";
-
-        const char *d;
-        int r = 0;
-        _cleanup_umask_ mode_t u;
-
-        assert(dest);
-
-        u = umask(0000);
-
-        /* Create /dev/net, so that we can create /dev/net/tun in it */
-        if (userns_mkdir(dest, "/dev/net", 0755, 0, 0) < 0)
-                return log_error_errno(r, "Failed to create /dev/net directory: %m");
-
-        NULSTR_FOREACH(d, devnodes) {
-                _cleanup_free_ char *from = NULL, *to = NULL;
-                struct stat st;
-
-                from = strappend("/dev/", d);
-                to = prefix_root(dest, from);
-
-                if (stat(from, &st) < 0) {
-
-                        if (errno != ENOENT)
-                                return log_error_errno(errno, "Failed to stat %s: %m", from);
-
-                } else if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) {
-
-                        log_error("%s is not a char or block device, cannot copy.", from);
-                        return -EIO;
-
-                } else {
-                        if (mknod(to, st.st_mode, st.st_rdev) < 0) {
-                                if (errno != EPERM)
-                                        return log_error_errno(errno, "mknod(%s) failed: %m", to);
-
-                                /* Some systems abusively restrict mknod but
-                                 * allow bind mounts. */
-                                r = touch(to);
-                                if (r < 0)
-                                        return log_error_errno(r, "touch (%s) failed: %m", to);
-                                if (mount(from, to, NULL, MS_BIND, NULL) < 0)
-                                        return log_error_errno(errno, "Both mknod and bind mount (%s) failed: %m", to);
-                        }
-
-                        r = userns_lchown(to, 0, 0);
-                        if (r < 0)
-                                return log_error_errno(r, "chown() of device node %s failed: %m", to);
-                }
-        }
-
-        return r;
-}
-
-static int setup_pts(const char *dest) {
-        _cleanup_free_ char *options = NULL;
-        const char *p;
-        int r;
-
-#ifdef HAVE_SELINUX
-        if (arg_selinux_apifs_context)
-                (void) asprintf(&options,
-                                "newinstance,ptmxmode=0666,mode=620,gid=" GID_FMT ",context=\"%s\"",
-                                arg_uid_shift + TTY_GID,
-                                arg_selinux_apifs_context);
-        else
-#endif
-                (void) asprintf(&options,
-                                "newinstance,ptmxmode=0666,mode=620,gid=" GID_FMT,
-                                arg_uid_shift + TTY_GID);
-
-        if (!options)
-                return log_oom();
-
-        /* Mount /dev/pts itself */
-        p = prefix_roota(dest, "/dev/pts");
-        if (mkdir(p, 0755) < 0)
-                return log_error_errno(errno, "Failed to create /dev/pts: %m");
-        if (mount("devpts", p, "devpts", MS_NOSUID|MS_NOEXEC, options) < 0)
-                return log_error_errno(errno, "Failed to mount /dev/pts: %m");
-        r = userns_lchown(p, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to chown /dev/pts: %m");
-
-        /* Create /dev/ptmx symlink */
-        p = prefix_roota(dest, "/dev/ptmx");
-        if (symlink("pts/ptmx", p) < 0)
-                return log_error_errno(errno, "Failed to create /dev/ptmx symlink: %m");
-        r = userns_lchown(p, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to chown /dev/ptmx: %m");
-
-        /* And fix /dev/pts/ptmx ownership */
-        p = prefix_roota(dest, "/dev/pts/ptmx");
-        r = userns_lchown(p, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to chown /dev/pts/ptmx: %m");
-
-        return 0;
-}
-
-static int setup_dev_console(const char *dest, const char *console) {
-        _cleanup_umask_ mode_t u;
-        const char *to;
-        int r;
-
-        assert(dest);
-        assert(console);
-
-        u = umask(0000);
-
-        r = chmod_and_chown(console, 0600, arg_uid_shift, arg_uid_shift);
-        if (r < 0)
-                return log_error_errno(r, "Failed to correct access mode for TTY: %m");
-
-        /* We need to bind mount the right tty to /dev/console since
-         * ptys can only exist on pts file systems. To have something
-         * to bind mount things on we create a empty regular file. */
-
-        to = prefix_roota(dest, "/dev/console");
-        r = touch(to);
-        if (r < 0)
-                return log_error_errno(r, "touch() for /dev/console failed: %m");
-
-        if (mount(console, to, NULL, MS_BIND, NULL) < 0)
-                return log_error_errno(errno, "Bind mount for /dev/console failed: %m");
-
-        return 0;
-}
-
-static int setup_kmsg(const char *dest, int kmsg_socket) {
-        const char *from, *to;
-        _cleanup_umask_ mode_t u;
-        int fd, r;
-
-        assert(kmsg_socket >= 0);
-
-        u = umask(0000);
-
-        /* We create the kmsg FIFO as /run/kmsg, but immediately
-         * delete it after bind mounting it to /proc/kmsg. While FIFOs
-         * on the reading side behave very similar to /proc/kmsg,
-         * their writing side behaves differently from /dev/kmsg in
-         * that writing blocks when nothing is reading. In order to
-         * avoid any problems with containers deadlocking due to this
-         * we simply make /dev/kmsg unavailable to the container. */
-        from = prefix_roota(dest, "/run/kmsg");
-        to = prefix_roota(dest, "/proc/kmsg");
-
-        if (mkfifo(from, 0600) < 0)
-                return log_error_errno(errno, "mkfifo() for /run/kmsg failed: %m");
-        if (mount(from, to, NULL, MS_BIND, NULL) < 0)
-                return log_error_errno(errno, "Bind mount for /proc/kmsg failed: %m");
-
-        fd = open(from, O_RDWR|O_NDELAY|O_CLOEXEC);
-        if (fd < 0)
-                return log_error_errno(errno, "Failed to open fifo: %m");
-
-        /* Store away the fd in the socket, so that it stays open as
-         * long as we run the child */
-        r = send_one_fd(kmsg_socket, fd, 0);
-        safe_close(fd);
-
-        if (r < 0)
-                return log_error_errno(r, "Failed to send FIFO fd: %m");
-
-        /* And now make the FIFO unavailable as /run/kmsg... */
-        (void) unlink(from);
-
-        return 0;
-}
-
-static int on_address_change(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
-        union in_addr_union *exposed = userdata;
-
-        assert(rtnl);
-        assert(m);
-        assert(exposed);
-
-        expose_port_execute(rtnl, arg_expose_ports, exposed);
-        return 0;
-}
-
-static int setup_hostname(void) {
-
-        if (arg_share_system)
-                return 0;
-
-        if (sethostname_idempotent(arg_machine) < 0)
-                return -errno;
-
-        return 0;
-}
-
-static int setup_journal(const char *directory) {
-        sd_id128_t this_id;
-        _cleanup_free_ char *d = NULL;
-        const char *p, *q;
-        bool try;
-        char id[33];
-        int r;
-
-        /* Don't link journals in ephemeral mode */
-        if (arg_ephemeral)
-                return 0;
-
-        if (arg_link_journal == LINK_NO)
-                return 0;
-
-        try = arg_link_journal_try || arg_link_journal == LINK_AUTO;
-
-        r = sd_id128_get_machine(&this_id);
-        if (r < 0)
-                return log_error_errno(r, "Failed to retrieve machine ID: %m");
-
-        if (sd_id128_equal(arg_uuid, this_id)) {
-                log_full(try ? LOG_WARNING : LOG_ERR,
-                         "Host and machine ids are equal (%s): refusing to link journals", sd_id128_to_string(arg_uuid, id));
-                if (try)
-                        return 0;
-                return -EEXIST;
-        }
-
-        r = userns_mkdir(directory, "/var", 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create /var: %m");
-
-        r = userns_mkdir(directory, "/var/log", 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create /var/log: %m");
-
-        r = userns_mkdir(directory, "/var/log/journal", 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create /var/log/journal: %m");
-
-        (void) sd_id128_to_string(arg_uuid, id);
-
-        p = strjoina("/var/log/journal/", id);
-        q = prefix_roota(directory, p);
-
-        if (path_is_mount_point(p, 0) > 0) {
-                if (try)
-                        return 0;
-
-                log_error("%s: already a mount point, refusing to use for journal", p);
-                return -EEXIST;
-        }
-
-        if (path_is_mount_point(q, 0) > 0) {
-                if (try)
-                        return 0;
-
-                log_error("%s: already a mount point, refusing to use for journal", q);
-                return -EEXIST;
-        }
-
-        r = readlink_and_make_absolute(p, &d);
-        if (r >= 0) {
-                if ((arg_link_journal == LINK_GUEST ||
-                     arg_link_journal == LINK_AUTO) &&
-                    path_equal(d, q)) {
-
-                        r = userns_mkdir(directory, p, 0755, 0, 0);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to create directory %s: %m", q);
-                        return 0;
-                }
-
-                if (unlink(p) < 0)
-                        return log_error_errno(errno, "Failed to remove symlink %s: %m", p);
-        } else if (r == -EINVAL) {
-
-                if (arg_link_journal == LINK_GUEST &&
-                    rmdir(p) < 0) {
-
-                        if (errno == ENOTDIR) {
-                                log_error("%s already exists and is neither a symlink nor a directory", p);
-                                return r;
-                        } else
-                                return log_error_errno(errno, "Failed to remove %s: %m", p);
-                }
-        } else if (r != -ENOENT)
-                return log_error_errno(r, "readlink(%s) failed: %m", p);
-
-        if (arg_link_journal == LINK_GUEST) {
-
-                if (symlink(q, p) < 0) {
-                        if (try) {
-                                log_debug_errno(errno, "Failed to symlink %s to %s, skipping journal setup: %m", q, p);
-                                return 0;
-                        } else
-                                return log_error_errno(errno, "Failed to symlink %s to %s: %m", q, p);
-                }
-
-                r = userns_mkdir(directory, p, 0755, 0, 0);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to create directory %s: %m", q);
-                return 0;
-        }
-
-        if (arg_link_journal == LINK_HOST) {
-                /* don't create parents here — if the host doesn't have
-                 * permanent journal set up, don't force it here */
-
-                if (mkdir(p, 0755) < 0 && errno != EEXIST) {
-                        if (try) {
-                                log_debug_errno(errno, "Failed to create %s, skipping journal setup: %m", p);
-                                return 0;
-                        } else
-                                return log_error_errno(errno, "Failed to create %s: %m", p);
-                }
-
-        } else if (access(p, F_OK) < 0)
-                return 0;
-
-        if (dir_is_empty(q) == 0)
-                log_warning("%s is not empty, proceeding anyway.", q);
-
-        r = userns_mkdir(directory, p, 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create %s: %m", q);
-
-        if (mount(p, q, NULL, MS_BIND, NULL) < 0)
-                return log_error_errno(errno, "Failed to bind mount journal from host into guest: %m");
-
-        return 0;
-}
-
-static int drop_capabilities(void) {
-        return capability_bounding_set_drop(arg_retain, false);
-}
-
-static int reset_audit_loginuid(void) {
-        _cleanup_free_ char *p = NULL;
-        int r;
-
-        if (arg_share_system)
-                return 0;
-
-        r = read_one_line_file("/proc/self/loginuid", &p);
-        if (r == -ENOENT)
-                return 0;
-        if (r < 0)
-                return log_error_errno(r, "Failed to read /proc/self/loginuid: %m");
-
-        /* Already reset? */
-        if (streq(p, "4294967295"))
-                return 0;
-
-        r = write_string_file("/proc/self/loginuid", "4294967295", 0);
-        if (r < 0) {
-                log_error_errno(r,
-                                "Failed to reset audit login UID. This probably means that your kernel is too\n"
-                                "old and you have audit enabled. Note that the auditing subsystem is known to\n"
-                                "be incompatible with containers on old kernels. Please make sure to upgrade\n"
-                                "your kernel or to off auditing with 'audit=0' on the kernel command line before\n"
-                                "using systemd-nspawn. Sleeping for 5s... (%m)");
-
-                sleep(5);
-        }
-
-        return 0;
-}
-
-static int setup_seccomp(void) {
-
-#ifdef HAVE_SECCOMP
-        static const struct {
-                uint64_t capability;
-                int syscall_num;
-        } blacklist[] = {
-                { CAP_SYS_RAWIO,  SCMP_SYS(iopl)              },
-                { CAP_SYS_RAWIO,  SCMP_SYS(ioperm)            },
-                { CAP_SYS_BOOT,   SCMP_SYS(kexec_load)        },
-                { CAP_SYS_ADMIN,  SCMP_SYS(swapon)            },
-                { CAP_SYS_ADMIN,  SCMP_SYS(swapoff)           },
-                { CAP_SYS_ADMIN,  SCMP_SYS(open_by_handle_at) },
-                { CAP_SYS_MODULE, SCMP_SYS(init_module)       },
-                { CAP_SYS_MODULE, SCMP_SYS(finit_module)      },
-                { CAP_SYS_MODULE, SCMP_SYS(delete_module)     },
-                { CAP_SYSLOG,     SCMP_SYS(syslog)            },
-        };
-
-        scmp_filter_ctx seccomp;
-        unsigned i;
-        int r;
-
-        seccomp = seccomp_init(SCMP_ACT_ALLOW);
-        if (!seccomp)
-                return log_oom();
-
-        r = seccomp_add_secondary_archs(seccomp);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add secondary archs to seccomp filter: %m");
-                goto finish;
-        }
-
-        for (i = 0; i < ELEMENTSOF(blacklist); i++) {
-                if (arg_retain & (1ULL << blacklist[i].capability))
-                        continue;
-
-                r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i].syscall_num, 0);
-                if (r == -EFAULT)
-                        continue; /* unknown syscall */
-                if (r < 0) {
-                        log_error_errno(r, "Failed to block syscall: %m");
-                        goto finish;
-                }
-        }
-
-        /*
-           Audit is broken in containers, much of the userspace audit
-           hookup will fail if running inside a container. We don't
-           care and just turn off creation of audit sockets.
-
-           This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail
-           with EAFNOSUPPORT which audit userspace uses as indication
-           that audit is disabled in the kernel.
-         */
-
-        r = seccomp_rule_add(
-                        seccomp,
-                        SCMP_ACT_ERRNO(EAFNOSUPPORT),
-                        SCMP_SYS(socket),
-                        2,
-                        SCMP_A0(SCMP_CMP_EQ, AF_NETLINK),
-                        SCMP_A2(SCMP_CMP_EQ, NETLINK_AUDIT));
-        if (r < 0) {
-                log_error_errno(r, "Failed to add audit seccomp rule: %m");
-                goto finish;
-        }
-
-        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
-        if (r < 0) {
-                log_error_errno(r, "Failed to unset NO_NEW_PRIVS: %m");
-                goto finish;
-        }
-
-        r = seccomp_load(seccomp);
-        if (r == -EINVAL) {
-                log_debug_errno(r, "Kernel is probably not configured with CONFIG_SECCOMP. Disabling seccomp audit filter: %m");
-                r = 0;
-                goto finish;
-        }
-        if (r < 0) {
-                log_error_errno(r, "Failed to install seccomp audit filter: %m");
-                goto finish;
-        }
-
-finish:
-        seccomp_release(seccomp);
-        return r;
-#else
-        return 0;
-#endif
-
-}
-
-static int setup_propagate(const char *root) {
-        const char *p, *q;
-        int r;
-
-        (void) mkdir_p("/run/systemd/nspawn/", 0755);
-        (void) mkdir_p("/run/systemd/nspawn/propagate", 0600);
-        p = strjoina("/run/systemd/nspawn/propagate/", arg_machine);
-        (void) mkdir_p(p, 0600);
-
-        r = userns_mkdir(root, "/run/systemd", 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create /run/systemd: %m");
-
-        r = userns_mkdir(root, "/run/systemd/nspawn", 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create /run/systemd/nspawn: %m");
-
-        r = userns_mkdir(root, "/run/systemd/nspawn/incoming", 0600, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create /run/systemd/nspawn/incoming: %m");
-
-        q = prefix_roota(root, "/run/systemd/nspawn/incoming");
-        if (mount(p, q, NULL, MS_BIND, NULL) < 0)
-                return log_error_errno(errno, "Failed to install propagation bind mount.");
-
-        if (mount(NULL, q, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0)
-                return log_error_errno(errno, "Failed to make propagation mount read-only");
-
-        return 0;
-}
-
-static int setup_image(char **device_path, int *loop_nr) {
-        struct loop_info64 info = {
-                .lo_flags = LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN
-        };
-        _cleanup_close_ int fd = -1, control = -1, loop = -1;
-        _cleanup_free_ char* loopdev = NULL;
-        struct stat st;
-        int r, nr;
-
-        assert(device_path);
-        assert(loop_nr);
-        assert(arg_image);
-
-        fd = open(arg_image, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY);
-        if (fd < 0)
-                return log_error_errno(errno, "Failed to open %s: %m", arg_image);
-
-        if (fstat(fd, &st) < 0)
-                return log_error_errno(errno, "Failed to stat %s: %m", arg_image);
-
-        if (S_ISBLK(st.st_mode)) {
-                char *p;
-
-                p = strdup(arg_image);
-                if (!p)
-                        return log_oom();
-
-                *device_path = p;
-
-                *loop_nr = -1;
-
-                r = fd;
-                fd = -1;
-
-                return r;
-        }
-
-        if (!S_ISREG(st.st_mode)) {
-                log_error("%s is not a regular file or block device.", arg_image);
-                return -EINVAL;
-        }
-
-        control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
-        if (control < 0)
-                return log_error_errno(errno, "Failed to open /dev/loop-control: %m");
-
-        nr = ioctl(control, LOOP_CTL_GET_FREE);
-        if (nr < 0)
-                return log_error_errno(errno, "Failed to allocate loop device: %m");
-
-        if (asprintf(&loopdev, "/dev/loop%i", nr) < 0)
-                return log_oom();
-
-        loop = open(loopdev, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY);
-        if (loop < 0)
-                return log_error_errno(errno, "Failed to open loop device %s: %m", loopdev);
-
-        if (ioctl(loop, LOOP_SET_FD, fd) < 0)
-                return log_error_errno(errno, "Failed to set loopback file descriptor on %s: %m", loopdev);
-
-        if (arg_read_only)
-                info.lo_flags |= LO_FLAGS_READ_ONLY;
-
-        if (ioctl(loop, LOOP_SET_STATUS64, &info) < 0)
-                return log_error_errno(errno, "Failed to set loopback settings on %s: %m", loopdev);
-
-        *device_path = loopdev;
-        loopdev = NULL;
-
-        *loop_nr = nr;
-
-        r = loop;
-        loop = -1;
-
-        return r;
-}
-
-#define PARTITION_TABLE_BLURB \
-        "Note that the disk image needs to either contain only a single MBR partition of\n" \
-        "type 0x83 that is marked bootable, or a single GPT partition of type " \
-        "0FC63DAF-8483-4772-8E79-3D69D8477DE4 or follow\n" \
-        "    http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/\n" \
-        "to be bootable with systemd-nspawn."
-
-static int dissect_image(
-                int fd,
-                char **root_device, bool *root_device_rw,
-                char **home_device, bool *home_device_rw,
-                char **srv_device, bool *srv_device_rw,
-                bool *secondary) {
-
-#ifdef HAVE_BLKID
-        int home_nr = -1, srv_nr = -1;
-#ifdef GPT_ROOT_NATIVE
-        int root_nr = -1;
-#endif
-#ifdef GPT_ROOT_SECONDARY
-        int secondary_root_nr = -1;
-#endif
-        _cleanup_free_ char *home = NULL, *root = NULL, *secondary_root = NULL, *srv = NULL, *generic = NULL;
-        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
-        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        struct udev_list_entry *first, *item;
-        bool home_rw = true, root_rw = true, secondary_root_rw = true, srv_rw = true, generic_rw = true;
-        bool is_gpt, is_mbr, multiple_generic = false;
-        const char *pttype = NULL;
-        blkid_partlist pl;
-        struct stat st;
-        unsigned i;
-        int r;
-
-        assert(fd >= 0);
-        assert(root_device);
-        assert(home_device);
-        assert(srv_device);
-        assert(secondary);
-        assert(arg_image);
-
-        b = blkid_new_probe();
-        if (!b)
-                return log_oom();
-
-        errno = 0;
-        r = blkid_probe_set_device(b, fd, 0, 0);
-        if (r != 0) {
-                if (errno == 0)
-                        return log_oom();
-
-                return log_error_errno(errno, "Failed to set device on blkid probe: %m");
-        }
-
-        blkid_probe_enable_partitions(b, 1);
-        blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
-
-        errno = 0;
-        r = blkid_do_safeprobe(b);
-        if (r == -2 || r == 1) {
-                log_error("Failed to identify any partition table on\n"
-                          "    %s\n"
-                          PARTITION_TABLE_BLURB, arg_image);
-                return -EINVAL;
-        } else if (r != 0) {
-                if (errno == 0)
-                        errno = EIO;
-                return log_error_errno(errno, "Failed to probe: %m");
-        }
-
-        (void) blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
-
-        is_gpt = streq_ptr(pttype, "gpt");
-        is_mbr = streq_ptr(pttype, "dos");
-
-        if (!is_gpt && !is_mbr) {
-                log_error("No GPT or MBR partition table discovered on\n"
-                          "    %s\n"
-                          PARTITION_TABLE_BLURB, arg_image);
-                return -EINVAL;
-        }
-
-        errno = 0;
-        pl = blkid_probe_get_partitions(b);
-        if (!pl) {
-                if (errno == 0)
-                        return log_oom();
-
-                log_error("Failed to list partitions of %s", arg_image);
-                return -errno;
-        }
-
-        udev = udev_new();
-        if (!udev)
-                return log_oom();
-
-        if (fstat(fd, &st) < 0)
-                return log_error_errno(errno, "Failed to stat block device: %m");
-
-        d = udev_device_new_from_devnum(udev, 'b', st.st_rdev);
-        if (!d)
-                return log_oom();
-
-        for (i = 0;; i++) {
-                int n, m;
-
-                if (i >= 10) {
-                        log_error("Kernel partitions never appeared.");
-                        return -ENXIO;
-                }
-
-                e = udev_enumerate_new(udev);
-                if (!e)
-                        return log_oom();
-
-                r = udev_enumerate_add_match_parent(e, d);
-                if (r < 0)
-                        return log_oom();
-
-                r = udev_enumerate_scan_devices(e);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to scan for partition devices of %s: %m", arg_image);
-
-                /* Count the partitions enumerated by the kernel */
-                n = 0;
-                first = udev_enumerate_get_list_entry(e);
-                udev_list_entry_foreach(item, first)
-                        n++;
-
-                /* Count the partitions enumerated by blkid */
-                m = blkid_partlist_numof_partitions(pl);
-                if (n == m + 1)
-                        break;
-                if (n > m + 1) {
-                        log_error("blkid and kernel partition list do not match.");
-                        return -EIO;
-                }
-                if (n < m + 1) {
-                        unsigned j;
-
-                        /* The kernel has probed fewer partitions than
-                         * blkid? Maybe the kernel prober is still
-                         * running or it got EBUSY because udev
-                         * already opened the device. Let's reprobe
-                         * the device, which is a synchronous call
-                         * that waits until probing is complete. */
-
-                        for (j = 0; j < 20; j++) {
-
-                                r = ioctl(fd, BLKRRPART, 0);
-                                if (r < 0)
-                                        r = -errno;
-                                if (r >= 0 || r != -EBUSY)
-                                        break;
-
-                                /* If something else has the device
-                                 * open, such as an udev rule, the
-                                 * ioctl will return EBUSY. Since
-                                 * there's no way to wait until it
-                                 * isn't busy anymore, let's just wait
-                                 * a bit, and try again.
-                                 *
-                                 * This is really something they
-                                 * should fix in the kernel! */
-
-                                usleep(50 * USEC_PER_MSEC);
-                        }
-
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to reread partition table: %m");
-                }
-
-                e = udev_enumerate_unref(e);
-        }
-
-        first = udev_enumerate_get_list_entry(e);
-        udev_list_entry_foreach(item, first) {
-                _cleanup_udev_device_unref_ struct udev_device *q;
-                const char *node;
-                unsigned long long flags;
-                blkid_partition pp;
-                dev_t qn;
-                int nr;
-
-                errno = 0;
-                q = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
-                if (!q) {
-                        if (!errno)
-                                errno = ENOMEM;
-
-                        return log_error_errno(errno, "Failed to get partition device of %s: %m", arg_image);
-                }
-
-                qn = udev_device_get_devnum(q);
-                if (major(qn) == 0)
-                        continue;
-
-                if (st.st_rdev == qn)
-                        continue;
-
-                node = udev_device_get_devnode(q);
-                if (!node)
-                        continue;
-
-                pp = blkid_partlist_devno_to_partition(pl, qn);
-                if (!pp)
-                        continue;
-
-                flags = blkid_partition_get_flags(pp);
-
-                nr = blkid_partition_get_partno(pp);
-                if (nr < 0)
-                        continue;
-
-                if (is_gpt) {
-                        sd_id128_t type_id;
-                        const char *stype;
-
-                        if (flags & GPT_FLAG_NO_AUTO)
-                                continue;
-
-                        stype = blkid_partition_get_type_string(pp);
-                        if (!stype)
-                                continue;
-
-                        if (sd_id128_from_string(stype, &type_id) < 0)
-                                continue;
-
-                        if (sd_id128_equal(type_id, GPT_HOME)) {
-
-                                if (home && nr >= home_nr)
-                                        continue;
-
-                                home_nr = nr;
-                                home_rw = !(flags & GPT_FLAG_READ_ONLY);
-
-                                r = free_and_strdup(&home, node);
-                                if (r < 0)
-                                        return log_oom();
-
-                        } else if (sd_id128_equal(type_id, GPT_SRV)) {
-
-                                if (srv && nr >= srv_nr)
-                                        continue;
-
-                                srv_nr = nr;
-                                srv_rw = !(flags & GPT_FLAG_READ_ONLY);
-
-                                r = free_and_strdup(&srv, node);
-                                if (r < 0)
-                                        return log_oom();
-                        }
-#ifdef GPT_ROOT_NATIVE
-                        else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE)) {
-
-                                if (root && nr >= root_nr)
-                                        continue;
-
-                                root_nr = nr;
-                                root_rw = !(flags & GPT_FLAG_READ_ONLY);
-
-                                r = free_and_strdup(&root, node);
-                                if (r < 0)
-                                        return log_oom();
-                        }
-#endif
-#ifdef GPT_ROOT_SECONDARY
-                        else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY)) {
-
-                                if (secondary_root && nr >= secondary_root_nr)
-                                        continue;
-
-                                secondary_root_nr = nr;
-                                secondary_root_rw = !(flags & GPT_FLAG_READ_ONLY);
-
-                                r = free_and_strdup(&secondary_root, node);
-                                if (r < 0)
-                                        return log_oom();
-                        }
-#endif
-                        else if (sd_id128_equal(type_id, GPT_LINUX_GENERIC)) {
-
-                                if (generic)
-                                        multiple_generic = true;
-                                else {
-                                        generic_rw = !(flags & GPT_FLAG_READ_ONLY);
-
-                                        r = free_and_strdup(&generic, node);
-                                        if (r < 0)
-                                                return log_oom();
-                                }
-                        }
-
-                } else if (is_mbr) {
-                        int type;
-
-                        if (flags != 0x80) /* Bootable flag */
-                                continue;
-
-                        type = blkid_partition_get_type(pp);
-                        if (type != 0x83) /* Linux partition */
-                                continue;
-
-                        if (generic)
-                                multiple_generic = true;
-                        else {
-                                generic_rw = true;
-
-                                r = free_and_strdup(&root, node);
-                                if (r < 0)
-                                        return log_oom();
-                        }
-                }
-        }
-
-        if (root) {
-                *root_device = root;
-                root = NULL;
-
-                *root_device_rw = root_rw;
-                *secondary = false;
-        } else if (secondary_root) {
-                *root_device = secondary_root;
-                secondary_root = NULL;
-
-                *root_device_rw = secondary_root_rw;
-                *secondary = true;
-        } else if (generic) {
-
-                /* There were no partitions with precise meanings
-                 * around, but we found generic partitions. In this
-                 * case, if there's only one, we can go ahead and boot
-                 * it, otherwise we bail out, because we really cannot
-                 * make any sense of it. */
-
-                if (multiple_generic) {
-                        log_error("Identified multiple bootable Linux partitions on\n"
-                                  "    %s\n"
-                                  PARTITION_TABLE_BLURB, arg_image);
-                        return -EINVAL;
-                }
-
-                *root_device = generic;
-                generic = NULL;
-
-                *root_device_rw = generic_rw;
-                *secondary = false;
-        } else {
-                log_error("Failed to identify root partition in disk image\n"
-                          "    %s\n"
-                          PARTITION_TABLE_BLURB, arg_image);
-                return -EINVAL;
-        }
-
-        if (home) {
-                *home_device = home;
-                home = NULL;
-
-                *home_device_rw = home_rw;
-        }
-
-        if (srv) {
-                *srv_device = srv;
-                srv = NULL;
-
-                *srv_device_rw = srv_rw;
-        }
-
-        return 0;
-#else
-        log_error("--image= is not supported, compiled without blkid support.");
-        return -EOPNOTSUPP;
-#endif
-}
-
-static int mount_device(const char *what, const char *where, const char *directory, bool rw) {
-#ifdef HAVE_BLKID
-        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
-        const char *fstype, *p;
-        int r;
-
-        assert(what);
-        assert(where);
-
-        if (arg_read_only)
-                rw = false;
-
-        if (directory)
-                p = strjoina(where, directory);
-        else
-                p = where;
-
-        errno = 0;
-        b = blkid_new_probe_from_filename(what);
-        if (!b) {
-                if (errno == 0)
-                        return log_oom();
-                return log_error_errno(errno, "Failed to allocate prober for %s: %m", what);
-        }
-
-        blkid_probe_enable_superblocks(b, 1);
-        blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
-
-        errno = 0;
-        r = blkid_do_safeprobe(b);
-        if (r == -1 || r == 1) {
-                log_error("Cannot determine file system type of %s", what);
-                return -EINVAL;
-        } else if (r != 0) {
-                if (errno == 0)
-                        errno = EIO;
-                return log_error_errno(errno, "Failed to probe %s: %m", what);
-        }
-
-        errno = 0;
-        if (blkid_probe_lookup_value(b, "TYPE", &fstype, NULL) < 0) {
-                if (errno == 0)
-                        errno = EINVAL;
-                log_error("Failed to determine file system type of %s", what);
-                return -errno;
-        }
-
-        if (streq(fstype, "crypto_LUKS")) {
-                log_error("nspawn currently does not support LUKS disk images.");
-                return -EOPNOTSUPP;
-        }
-
-        if (mount(what, p, fstype, MS_NODEV|(rw ? 0 : MS_RDONLY), NULL) < 0)
-                return log_error_errno(errno, "Failed to mount %s: %m", what);
-
-        return 0;
-#else
-        log_error("--image= is not supported, compiled without blkid support.");
-        return -EOPNOTSUPP;
-#endif
-}
-
-static int setup_machine_id(const char *directory) {
-        int r;
-        const char *etc_machine_id, *t;
-        _cleanup_free_ char *s = NULL;
-
-        etc_machine_id = prefix_roota(directory, "/etc/machine-id");
-
-        r = read_one_line_file(etc_machine_id, &s);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read machine ID from %s: %m", etc_machine_id);
-
-        t = strstrip(s);
-
-        if (!isempty(t)) {
-                r = sd_id128_from_string(t, &arg_uuid);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse machine ID from %s: %m", etc_machine_id);
-        } else {
-                if (sd_id128_is_null(arg_uuid)) {
-                        r = sd_id128_randomize(&arg_uuid);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to generate random machine ID: %m");
-                }
-        }
-
-        r = machine_id_setup(directory, arg_uuid);
-        if (r < 0)
-                return log_error_errno(r, "Failed to setup machine ID: %m");
-
-        return 0;
-}
-
-static int recursive_chown(const char *directory, uid_t shift, uid_t range) {
-        int r;
-
-        assert(directory);
-
-        if (arg_userns_mode == USER_NAMESPACE_NO || !arg_userns_chown)
-                return 0;
-
-        r = path_patch_uid(directory, arg_uid_shift, arg_uid_range);
-        if (r == -EOPNOTSUPP)
-                return log_error_errno(r, "Automatic UID/GID adjusting is only supported for UID/GID ranges starting at multiples of 2^16 with a range of 2^16.");
-        if (r == -EBADE)
-                return log_error_errno(r, "Upper 16 bits of root directory UID and GID do not match.");
-        if (r < 0)
-                return log_error_errno(r, "Failed to adjust UID/GID shift of OS tree: %m");
-        if (r == 0)
-                log_debug("Root directory of image is already owned by the right UID/GID range, skipping recursive chown operation.");
-        else
-                log_debug("Patched directory tree to match UID/GID range.");
-
-        return r;
-}
-
-static int mount_devices(
-                const char *where,
-                const char *root_device, bool root_device_rw,
-                const char *home_device, bool home_device_rw,
-                const char *srv_device, bool srv_device_rw) {
-        int r;
-
-        assert(where);
-
-        if (root_device) {
-                r = mount_device(root_device, arg_directory, NULL, root_device_rw);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to mount root directory: %m");
-        }
-
-        if (home_device) {
-                r = mount_device(home_device, arg_directory, "/home", home_device_rw);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to mount home directory: %m");
-        }
-
-        if (srv_device) {
-                r = mount_device(srv_device, arg_directory, "/srv", srv_device_rw);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to mount server data directory: %m");
-        }
-
-        return 0;
-}
-
-static void loop_remove(int nr, int *image_fd) {
-        _cleanup_close_ int control = -1;
-        int r;
-
-        if (nr < 0)
-                return;
-
-        if (image_fd && *image_fd >= 0) {
-                r = ioctl(*image_fd, LOOP_CLR_FD);
-                if (r < 0)
-                        log_debug_errno(errno, "Failed to close loop image: %m");
-                *image_fd = safe_close(*image_fd);
-        }
-
-        control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
-        if (control < 0) {
-                log_warning_errno(errno, "Failed to open /dev/loop-control: %m");
-                return;
-        }
-
-        r = ioctl(control, LOOP_CTL_REMOVE, nr);
-        if (r < 0)
-                log_debug_errno(errno, "Failed to remove loop %d: %m", nr);
-}
-
-/*
- * Return values:
- * < 0 : wait_for_terminate() failed to get the state of the
- *       container, the container was terminated by a signal, or
- *       failed for an unknown reason.  No change is made to the
- *       container argument.
- * > 0 : The program executed in the container terminated with an
- *       error.  The exit code of the program executed in the
- *       container is returned.  The container argument has been set
- *       to CONTAINER_TERMINATED.
- *   0 : The container is being rebooted, has been shut down or exited
- *       successfully.  The container argument has been set to either
- *       CONTAINER_TERMINATED or CONTAINER_REBOOTED.
- *
- * That is, success is indicated by a return value of zero, and an
- * error is indicated by a non-zero value.
- */
-static int wait_for_container(pid_t pid, ContainerStatus *container) {
-        siginfo_t status;
-        int r;
-
-        r = wait_for_terminate(pid, &status);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to wait for container: %m");
-
-        switch (status.si_code) {
-
-        case CLD_EXITED:
-                if (status.si_status == 0) {
-                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s exited successfully.", arg_machine);
-
-                } else
-                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s failed with error code %i.", arg_machine, status.si_status);
-
-                *container = CONTAINER_TERMINATED;
-                return status.si_status;
-
-        case CLD_KILLED:
-                if (status.si_status == SIGINT) {
-
-                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s has been shut down.", arg_machine);
-                        *container = CONTAINER_TERMINATED;
-                        return 0;
-
-                } else if (status.si_status == SIGHUP) {
-
-                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s is being rebooted.", arg_machine);
-                        *container = CONTAINER_REBOOTED;
-                        return 0;
-                }
-
-                /* CLD_KILLED fallthrough */
-
-        case CLD_DUMPED:
-                log_error("Container %s terminated by signal %s.", arg_machine, signal_to_string(status.si_status));
-                return -EIO;
-
-        default:
-                log_error("Container %s failed due to unknown reason.", arg_machine);
-                return -EIO;
-        }
-
-        return r;
-}
-
-static int on_orderly_shutdown(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        pid_t pid;
-
-        pid = PTR_TO_PID(userdata);
-        if (pid > 0) {
-                if (kill(pid, arg_kill_signal) >= 0) {
-                        log_info("Trying to halt container. Send SIGTERM again to trigger immediate termination.");
-                        sd_event_source_set_userdata(s, NULL);
-                        return 0;
-                }
-        }
-
-        sd_event_exit(sd_event_source_get_event(s), 0);
-        return 0;
-}
-
-static int determine_names(void) {
-        int r;
-
-        if (arg_template && !arg_directory && arg_machine) {
-
-                /* If --template= was specified then we should not
-                 * search for a machine, but instead create a new one
-                 * in /var/lib/machine. */
-
-                arg_directory = strjoin("/var/lib/machines/", arg_machine, NULL);
-                if (!arg_directory)
-                        return log_oom();
-        }
-
-        if (!arg_image && !arg_directory) {
-                if (arg_machine) {
-                        _cleanup_(image_unrefp) Image *i = NULL;
-
-                        r = image_find(arg_machine, &i);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to find image for machine '%s': %m", arg_machine);
-                        else if (r == 0) {
-                                log_error("No image for machine '%s': %m", arg_machine);
-                                return -ENOENT;
-                        }
-
-                        if (i->type == IMAGE_RAW)
-                                r = free_and_strdup(&arg_image, i->path);
-                        else
-                                r = free_and_strdup(&arg_directory, i->path);
-                        if (r < 0)
-                                return log_error_errno(r, "Invalid image directory: %m");
-
-                        if (!arg_ephemeral)
-                                arg_read_only = arg_read_only || i->read_only;
-                } else
-                        arg_directory = get_current_dir_name();
-
-                if (!arg_directory && !arg_machine) {
-                        log_error("Failed to determine path, please use -D or -i.");
-                        return -EINVAL;
-                }
-        }
-
-        if (!arg_machine) {
-                if (arg_directory && path_equal(arg_directory, "/"))
-                        arg_machine = gethostname_malloc();
-                else
-                        arg_machine = strdup(basename(arg_image ?: arg_directory));
-
-                if (!arg_machine)
-                        return log_oom();
-
-                hostname_cleanup(arg_machine);
-                if (!machine_name_is_valid(arg_machine)) {
-                        log_error("Failed to determine machine name automatically, please use -M.");
-                        return -EINVAL;
-                }
-
-                if (arg_ephemeral) {
-                        char *b;
-
-                        /* Add a random suffix when this is an
-                         * ephemeral machine, so that we can run many
-                         * instances at once without manually having
-                         * to specify -M each time. */
-
-                        if (asprintf(&b, "%s-%016" PRIx64, arg_machine, random_u64()) < 0)
-                                return log_oom();
-
-                        free(arg_machine);
-                        arg_machine = b;
-                }
-        }
-
-        return 0;
-}
-
-static int determine_uid_shift(const char *directory) {
-        int r;
-
-        if (arg_userns_mode == USER_NAMESPACE_NO) {
-                arg_uid_shift = 0;
-                return 0;
-        }
-
-        if (arg_uid_shift == UID_INVALID) {
-                struct stat st;
-
-                r = stat(directory, &st);
-                if (r < 0)
-                        return log_error_errno(errno, "Failed to determine UID base of %s: %m", directory);
-
-                arg_uid_shift = st.st_uid & UINT32_C(0xffff0000);
-
-                if (arg_uid_shift != (st.st_gid & UINT32_C(0xffff0000))) {
-                        log_error("UID and GID base of %s don't match.", directory);
-                        return -EINVAL;
-                }
-
-                arg_uid_range = UINT32_C(0x10000);
-        }
-
-        if (arg_uid_shift > (uid_t) -1 - arg_uid_range) {
-                log_error("UID base too high for UID range.");
-                return -EINVAL;
-        }
-
-        return 0;
-}
-
-static int inner_child(
-                Barrier *barrier,
-                const char *directory,
-                bool secondary,
-                int kmsg_socket,
-                int rtnl_socket,
-                FDSet *fds) {
-
-        _cleanup_free_ char *home = NULL;
-        char as_uuid[37];
-        unsigned n_env = 1;
-        const char *envp[] = {
-                "PATH=" DEFAULT_PATH_SPLIT_USR,
-                NULL, /* container */
-                NULL, /* TERM */
-                NULL, /* HOME */
-                NULL, /* USER */
-                NULL, /* LOGNAME */
-                NULL, /* container_uuid */
-                NULL, /* LISTEN_FDS */
-                NULL, /* LISTEN_PID */
-                NULL
-        };
-
-        _cleanup_strv_free_ char **env_use = NULL;
-        int r;
-
-        assert(barrier);
-        assert(directory);
-        assert(kmsg_socket >= 0);
-
-        cg_unified_flush();
-
-        if (arg_userns_mode != USER_NAMESPACE_NO) {
-                /* Tell the parent, that it now can write the UID map. */
-                (void) barrier_place(barrier); /* #1 */
-
-                /* Wait until the parent wrote the UID map */
-                if (!barrier_place_and_sync(barrier)) { /* #2 */
-                        log_error("Parent died too early");
-                        return -ESRCH;
-                }
-        }
-
-        r = mount_all(NULL,
-                      arg_userns_mode != USER_NAMESPACE_NO,
-                      true,
-                      arg_private_network,
-                      arg_uid_shift,
-                      arg_uid_range,
-                      arg_selinux_apifs_context);
-
-        if (r < 0)
-                return r;
-
-        r = mount_sysfs(NULL);
-        if (r < 0)
-                return r;
-
-        /* Wait until we are cgroup-ified, so that we
-         * can mount the right cgroup path writable */
-        if (!barrier_place_and_sync(barrier)) { /* #3 */
-                log_error("Parent died too early");
-                return -ESRCH;
-        }
-
-        r = mount_systemd_cgroup_writable("", arg_unified_cgroup_hierarchy);
-        if (r < 0)
-                return r;
-
-        r = reset_uid_gid();
-        if (r < 0)
-                return log_error_errno(r, "Couldn't become new root: %m");
-
-        r = setup_boot_id(NULL);
-        if (r < 0)
-                return r;
-
-        r = setup_kmsg(NULL, kmsg_socket);
-        if (r < 0)
-                return r;
-        kmsg_socket = safe_close(kmsg_socket);
-
-        umask(0022);
-
-        if (setsid() < 0)
-                return log_error_errno(errno, "setsid() failed: %m");
-
-        if (arg_private_network)
-                loopback_setup();
-
-        if (arg_expose_ports) {
-                r = expose_port_send_rtnl(rtnl_socket);
-                if (r < 0)
-                        return r;
-                rtnl_socket = safe_close(rtnl_socket);
-        }
-
-        r = drop_capabilities();
-        if (r < 0)
-                return log_error_errno(r, "drop_capabilities() failed: %m");
-
-        setup_hostname();
-
-        if (arg_personality != PERSONALITY_INVALID) {
-                if (personality(arg_personality) < 0)
-                        return log_error_errno(errno, "personality() failed: %m");
-        } else if (secondary) {
-                if (personality(PER_LINUX32) < 0)
-                        return log_error_errno(errno, "personality() failed: %m");
-        }
-
-#ifdef HAVE_SELINUX
-        if (arg_selinux_context)
-                if (setexeccon((security_context_t) arg_selinux_context) < 0)
-                        return log_error_errno(errno, "setexeccon(\"%s\") failed: %m", arg_selinux_context);
-#endif
-
-        r = change_uid_gid(arg_user, &home);
-        if (r < 0)
-                return r;
-
-        /* LXC sets container=lxc, so follow the scheme here */
-        envp[n_env++] = strjoina("container=", arg_container_service_name);
-
-        envp[n_env] = strv_find_prefix(environ, "TERM=");
-        if (envp[n_env])
-                n_env++;
-
-        if ((asprintf((char**)(envp + n_env++), "HOME=%s", home ? home: "/root") < 0) ||
-            (asprintf((char**)(envp + n_env++), "USER=%s", arg_user ? arg_user : "root") < 0) ||
-            (asprintf((char**)(envp + n_env++), "LOGNAME=%s", arg_user ? arg_user : "root") < 0))
-                return log_oom();
-
-        assert(!sd_id128_equal(arg_uuid, SD_ID128_NULL));
-
-        if (asprintf((char**)(envp + n_env++), "container_uuid=%s", id128_format_as_uuid(arg_uuid, as_uuid)) < 0)
-                return log_oom();
-
-        if (fdset_size(fds) > 0) {
-                r = fdset_cloexec(fds, false);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to unset O_CLOEXEC for file descriptors.");
-
-                if ((asprintf((char **)(envp + n_env++), "LISTEN_FDS=%u", fdset_size(fds)) < 0) ||
-                    (asprintf((char **)(envp + n_env++), "LISTEN_PID=1") < 0))
-                        return log_oom();
-        }
-
-        env_use = strv_env_merge(2, envp, arg_setenv);
-        if (!env_use)
-                return log_oom();
-
-        /* Let the parent know that we are ready and
-         * wait until the parent is ready with the
-         * setup, too... */
-        if (!barrier_place_and_sync(barrier)) { /* #4 */
-                log_error("Parent died too early");
-                return -ESRCH;
-        }
-
-        if (arg_chdir)
-                if (chdir(arg_chdir) < 0)
-                        return log_error_errno(errno, "Failed to change to specified working directory %s: %m", arg_chdir);
-
-        if (arg_start_mode == START_PID2) {
-                r = stub_pid1();
-                if (r < 0)
-                        return r;
-        }
-
-        /* Now, explicitly close the log, so that we
-         * then can close all remaining fds. Closing
-         * the log explicitly first has the benefit
-         * that the logging subsystem knows about it,
-         * and is thus ready to be reopened should we
-         * need it again. Note that the other fds
-         * closed here are at least the locking and
-         * barrier fds. */
-        log_close();
-        (void) fdset_close_others(fds);
-
-        if (arg_start_mode == START_BOOT) {
-                char **a;
-                size_t m;
-
-                /* Automatically search for the init system */
-
-                m = strv_length(arg_parameters);
-                a = newa(char*, m + 2);
-                memcpy_safe(a + 1, arg_parameters, m * sizeof(char*));
-                a[1 + m] = NULL;
-
-                a[0] = (char*) "/usr/lib/systemd/systemd";
-                execve(a[0], a, env_use);
-
-                a[0] = (char*) "/lib/systemd/systemd";
-                execve(a[0], a, env_use);
-
-                a[0] = (char*) "/sbin/init";
-                execve(a[0], a, env_use);
-        } else if (!strv_isempty(arg_parameters))
-                execvpe(arg_parameters[0], arg_parameters, env_use);
-        else {
-                if (!arg_chdir)
-                        /* If we cannot change the directory, we'll end up in /, that is expected. */
-                        (void) chdir(home ?: "/root");
-
-                execle("/bin/bash", "-bash", NULL, env_use);
-                execle("/bin/sh", "-sh", NULL, env_use);
-        }
-
-        r = -errno;
-        (void) log_open();
-        return log_error_errno(r, "execv() failed: %m");
-}
-
-static int outer_child(
-                Barrier *barrier,
-                const char *directory,
-                const char *console,
-                const char *root_device, bool root_device_rw,
-                const char *home_device, bool home_device_rw,
-                const char *srv_device, bool srv_device_rw,
-                bool interactive,
-                bool secondary,
-                int pid_socket,
-                int uuid_socket,
-                int kmsg_socket,
-                int rtnl_socket,
-                int uid_shift_socket,
-                FDSet *fds) {
-
-        pid_t pid;
-        ssize_t l;
-        int r;
-
-        assert(barrier);
-        assert(directory);
-        assert(console);
-        assert(pid_socket >= 0);
-        assert(uuid_socket >= 0);
-        assert(kmsg_socket >= 0);
-
-        cg_unified_flush();
-
-        if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0)
-                return log_error_errno(errno, "PR_SET_PDEATHSIG failed: %m");
-
-        if (interactive) {
-                close_nointr(STDIN_FILENO);
-                close_nointr(STDOUT_FILENO);
-                close_nointr(STDERR_FILENO);
-
-                r = open_terminal(console, O_RDWR);
-                if (r != STDIN_FILENO) {
-                        if (r >= 0) {
-                                safe_close(r);
-                                r = -EINVAL;
-                        }
-
-                        return log_error_errno(r, "Failed to open console: %m");
-                }
-
-                if (dup2(STDIN_FILENO, STDOUT_FILENO) != STDOUT_FILENO ||
-                    dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO)
-                        return log_error_errno(errno, "Failed to duplicate console: %m");
-        }
-
-        r = reset_audit_loginuid();
-        if (r < 0)
-                return r;
-
-        /* Mark everything as slave, so that we still
-         * receive mounts from the real root, but don't
-         * propagate mounts to the real root. */
-        if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
-                return log_error_errno(errno, "MS_SLAVE|MS_REC failed: %m");
-
-        r = mount_devices(directory,
-                          root_device, root_device_rw,
-                          home_device, home_device_rw,
-                          srv_device, srv_device_rw);
-        if (r < 0)
-                return r;
-
-        r = determine_uid_shift(directory);
-        if (r < 0)
-                return r;
-
-        if (arg_userns_mode != USER_NAMESPACE_NO) {
-                /* Let the parent know which UID shift we read from the image */
-                l = send(uid_shift_socket, &arg_uid_shift, sizeof(arg_uid_shift), MSG_NOSIGNAL);
-                if (l < 0)
-                        return log_error_errno(errno, "Failed to send UID shift: %m");
-                if (l != sizeof(arg_uid_shift)) {
-                        log_error("Short write while sending UID shift.");
-                        return -EIO;
-                }
-
-                if (arg_userns_mode == USER_NAMESPACE_PICK) {
-                        /* When we are supposed to pick the UID shift, the parent will check now whether the UID shift
-                         * we just read from the image is available. If yes, it will send the UID shift back to us, if
-                         * not it will pick a different one, and send it back to us. */
-
-                        l = recv(uid_shift_socket, &arg_uid_shift, sizeof(arg_uid_shift), 0);
-                        if (l < 0)
-                                return log_error_errno(errno, "Failed to recv UID shift: %m");
-                        if (l != sizeof(arg_uid_shift)) {
-                                log_error("Short read while recieving UID shift.");
-                                return -EIO;
-                        }
-                }
-
-                log_info("Selected user namespace base " UID_FMT " and range " UID_FMT ".", arg_uid_shift, arg_uid_range);
-        }
-
-        /* Turn directory into bind mount */
-        if (mount(directory, directory, NULL, MS_BIND|MS_REC, NULL) < 0)
-                return log_error_errno(errno, "Failed to make bind mount: %m");
-
-        r = recursive_chown(directory, arg_uid_shift, arg_uid_range);
-        if (r < 0)
-                return r;
-
-        r = setup_volatile(
-                        directory,
-                        arg_volatile_mode,
-                        arg_userns_mode != USER_NAMESPACE_NO,
-                        arg_uid_shift,
-                        arg_uid_range,
-                        arg_selinux_context);
-        if (r < 0)
-                return r;
-
-        r = setup_volatile_state(
-                        directory,
-                        arg_volatile_mode,
-                        arg_userns_mode != USER_NAMESPACE_NO,
-                        arg_uid_shift,
-                        arg_uid_range,
-                        arg_selinux_context);
-        if (r < 0)
-                return r;
-
-        r = base_filesystem_create(directory, arg_uid_shift, (gid_t) arg_uid_shift);
-        if (r < 0)
-                return r;
-
-        if (arg_read_only) {
-                r = bind_remount_recursive(directory, true);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to make tree read-only: %m");
-        }
-
-        r = mount_all(directory,
-                      arg_userns_mode != USER_NAMESPACE_NO,
-                      false,
-                      arg_private_network,
-                      arg_uid_shift,
-                      arg_uid_range,
-                      arg_selinux_apifs_context);
-        if (r < 0)
-                return r;
-
-        r = copy_devnodes(directory);
-        if (r < 0)
-                return r;
-
-        dev_setup(directory, arg_uid_shift, arg_uid_shift);
-
-        r = setup_pts(directory);
-        if (r < 0)
-                return r;
-
-        r = setup_propagate(directory);
-        if (r < 0)
-                return r;
-
-        r = setup_dev_console(directory, console);
-        if (r < 0)
-                return r;
-
-        r = setup_seccomp();
-        if (r < 0)
-                return r;
-
-        r = setup_timezone(directory);
-        if (r < 0)
-                return r;
-
-        r = setup_resolv_conf(directory);
-        if (r < 0)
-                return r;
-
-        r = setup_machine_id(directory);
-        if (r < 0)
-                return r;
-
-        r = setup_journal(directory);
-        if (r < 0)
-                return r;
-
-        r = mount_custom(
-                        directory,
-                        arg_custom_mounts,
-                        arg_n_custom_mounts,
-                        arg_userns_mode != USER_NAMESPACE_NO,
-                        arg_uid_shift,
-                        arg_uid_range,
-                        arg_selinux_apifs_context);
-        if (r < 0)
-                return r;
-
-        r = mount_cgroups(
-                        directory,
-                        arg_unified_cgroup_hierarchy,
-                        arg_userns_mode != USER_NAMESPACE_NO,
-                        arg_uid_shift,
-                        arg_uid_range,
-                        arg_selinux_apifs_context);
-        if (r < 0)
-                return r;
-
-        r = mount_move_root(directory);
-        if (r < 0)
-                return log_error_errno(r, "Failed to move root directory: %m");
-
-        pid = raw_clone(SIGCHLD|CLONE_NEWNS|
-                        (arg_share_system ? 0 : CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS) |
-                        (arg_private_network ? CLONE_NEWNET : 0) |
-                        (arg_userns_mode != USER_NAMESPACE_NO ? CLONE_NEWUSER : 0),
-                        NULL);
-        if (pid < 0)
-                return log_error_errno(errno, "Failed to fork inner child: %m");
-        if (pid == 0) {
-                pid_socket = safe_close(pid_socket);
-                uuid_socket = safe_close(uuid_socket);
-                uid_shift_socket = safe_close(uid_shift_socket);
-
-                /* The inner child has all namespaces that are
-                 * requested, so that we all are owned by the user if
-                 * user namespaces are turned on. */
-
-                r = inner_child(barrier, directory, secondary, kmsg_socket, rtnl_socket, fds);
-                if (r < 0)
-                        _exit(EXIT_FAILURE);
-
-                _exit(EXIT_SUCCESS);
-        }
-
-        l = send(pid_socket, &pid, sizeof(pid), MSG_NOSIGNAL);
-        if (l < 0)
-                return log_error_errno(errno, "Failed to send PID: %m");
-        if (l != sizeof(pid)) {
-                log_error("Short write while sending PID.");
-                return -EIO;
-        }
-
-        l = send(uuid_socket, &arg_uuid, sizeof(arg_uuid), MSG_NOSIGNAL);
-        if (l < 0)
-                return log_error_errno(errno, "Failed to send machine ID: %m");
-        if (l != sizeof(arg_uuid)) {
-                log_error("Short write while sending machine ID.");
-                return -EIO;
-        }
-
-        pid_socket = safe_close(pid_socket);
-        uuid_socket = safe_close(uuid_socket);
-        kmsg_socket = safe_close(kmsg_socket);
-        rtnl_socket = safe_close(rtnl_socket);
-
-        return 0;
-}
-
-static int uid_shift_pick(uid_t *shift, LockFile *ret_lock_file) {
-        unsigned n_tries = 100;
-        uid_t candidate;
-        int r;
-
-        assert(shift);
-        assert(ret_lock_file);
-        assert(arg_userns_mode == USER_NAMESPACE_PICK);
-        assert(arg_uid_range == 0x10000U);
-
-        candidate = *shift;
-
-        (void) mkdir("/run/systemd/nspawn-uid", 0755);
-
-        for (;;) {
-                char lock_path[strlen("/run/systemd/nspawn-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
-                _cleanup_release_lock_file_ LockFile lf = LOCK_FILE_INIT;
-
-                if (--n_tries <= 0)
-                        return -EBUSY;
-
-                if (candidate < UID_SHIFT_PICK_MIN || candidate > UID_SHIFT_PICK_MAX)
-                        goto next;
-                if ((candidate & UINT32_C(0xFFFF)) != 0)
-                        goto next;
-
-                xsprintf(lock_path, "/run/systemd/nspawn-uid/" UID_FMT, candidate);
-                r = make_lock_file(lock_path, LOCK_EX|LOCK_NB, &lf);
-                if (r == -EBUSY) /* Range already taken by another nspawn instance */
-                        goto next;
-                if (r < 0)
-                        return r;
-
-                /* Make some superficial checks whether the range is currently known in the user database */
-                if (getpwuid(candidate))
-                        goto next;
-                if (getpwuid(candidate + UINT32_C(0xFFFE)))
-                        goto next;
-                if (getgrgid(candidate))
-                        goto next;
-                if (getgrgid(candidate + UINT32_C(0xFFFE)))
-                        goto next;
-
-                *ret_lock_file = lf;
-                lf = (struct LockFile) LOCK_FILE_INIT;
-                *shift = candidate;
-                return 0;
-
-        next:
-                random_bytes(&candidate, sizeof(candidate));
-                candidate = (candidate % (UID_SHIFT_PICK_MAX - UID_SHIFT_PICK_MIN)) + UID_SHIFT_PICK_MIN;
-                candidate &= (uid_t) UINT32_C(0xFFFF0000);
-        }
-}
-
-static int setup_uid_map(pid_t pid) {
-        char uid_map[strlen("/proc//uid_map") + DECIMAL_STR_MAX(uid_t) + 1], line[DECIMAL_STR_MAX(uid_t)*3+3+1];
-        int r;
-
-        assert(pid > 1);
-
-        xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
-        xsprintf(line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0, arg_uid_shift, arg_uid_range);
-        r = write_string_file(uid_map, line, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write UID map: %m");
-
-        /* We always assign the same UID and GID ranges */
-        xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid);
-        r = write_string_file(uid_map, line, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write GID map: %m");
-
-        return 0;
-}
-
-static int load_settings(void) {
-        _cleanup_(settings_freep) Settings *settings = NULL;
-        _cleanup_fclose_ FILE *f = NULL;
-        _cleanup_free_ char *p = NULL;
-        const char *fn, *i;
-        int r;
-
-        /* If all settings are masked, there's no point in looking for
-         * the settings file */
-        if ((arg_settings_mask & _SETTINGS_MASK_ALL) == _SETTINGS_MASK_ALL)
-                return 0;
-
-        fn = strjoina(arg_machine, ".nspawn");
-
-        /* We first look in the admin's directories in /etc and /run */
-        FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
-                _cleanup_free_ char *j = NULL;
-
-                j = strjoin(i, "/", fn, NULL);
-                if (!j)
-                        return log_oom();
-
-                f = fopen(j, "re");
-                if (f) {
-                        p = j;
-                        j = NULL;
-
-                        /* By default, we trust configuration from /etc and /run */
-                        if (arg_settings_trusted < 0)
-                                arg_settings_trusted = true;
-
-                        break;
-                }
-
-                if (errno != ENOENT)
-                        return log_error_errno(errno, "Failed to open %s: %m", j);
-        }
-
-        if (!f) {
-                /* After that, let's look for a file next to the
-                 * actual image we shall boot. */
-
-                if (arg_image) {
-                        p = file_in_same_dir(arg_image, fn);
-                        if (!p)
-                                return log_oom();
-                } else if (arg_directory) {
-                        p = file_in_same_dir(arg_directory, fn);
-                        if (!p)
-                                return log_oom();
-                }
-
-                if (p) {
-                        f = fopen(p, "re");
-                        if (!f && errno != ENOENT)
-                                return log_error_errno(errno, "Failed to open %s: %m", p);
-
-                        /* By default, we do not trust configuration from /var/lib/machines */
-                        if (arg_settings_trusted < 0)
-                                arg_settings_trusted = false;
-                }
-        }
-
-        if (!f)
-                return 0;
-
-        log_debug("Settings are trusted: %s", yes_no(arg_settings_trusted));
-
-        r = settings_load(f, p, &settings);
-        if (r < 0)
-                return r;
-
-        /* Copy over bits from the settings, unless they have been
-         * explicitly masked by command line switches. */
-
-        if ((arg_settings_mask & SETTING_START_MODE) == 0 &&
-            settings->start_mode >= 0) {
-                arg_start_mode = settings->start_mode;
-
-                strv_free(arg_parameters);
-                arg_parameters = settings->parameters;
-                settings->parameters = NULL;
-        }
-
-        if ((arg_settings_mask & SETTING_WORKING_DIRECTORY) == 0 &&
-            settings->working_directory) {
-                free(arg_chdir);
-                arg_chdir = settings->working_directory;
-                settings->working_directory = NULL;
-        }
-
-        if ((arg_settings_mask & SETTING_ENVIRONMENT) == 0 &&
-            settings->environment) {
-                strv_free(arg_setenv);
-                arg_setenv = settings->environment;
-                settings->environment = NULL;
-        }
-
-        if ((arg_settings_mask & SETTING_USER) == 0 &&
-            settings->user) {
-                free(arg_user);
-                arg_user = settings->user;
-                settings->user = NULL;
-        }
-
-        if ((arg_settings_mask & SETTING_CAPABILITY) == 0) {
-                uint64_t plus;
-
-                plus = settings->capability;
-                if (settings_private_network(settings))
-                        plus |= (1ULL << CAP_NET_ADMIN);
-
-                if (!arg_settings_trusted && plus != 0) {
-                        if (settings->capability != 0)
-                                log_warning("Ignoring Capability= setting, file %s is not trusted.", p);
-                } else
-                        arg_retain |= plus;
-
-                arg_retain &= ~settings->drop_capability;
-        }
-
-        if ((arg_settings_mask & SETTING_KILL_SIGNAL) == 0 &&
-            settings->kill_signal > 0)
-                arg_kill_signal = settings->kill_signal;
-
-        if ((arg_settings_mask & SETTING_PERSONALITY) == 0 &&
-            settings->personality != PERSONALITY_INVALID)
-                arg_personality = settings->personality;
-
-        if ((arg_settings_mask & SETTING_MACHINE_ID) == 0 &&
-            !sd_id128_is_null(settings->machine_id)) {
-
-                if (!arg_settings_trusted)
-                        log_warning("Ignoring MachineID= setting, file %s is not trusted.", p);
-                else
-                        arg_uuid = settings->machine_id;
-        }
-
-        if ((arg_settings_mask & SETTING_READ_ONLY) == 0 &&
-            settings->read_only >= 0)
-                arg_read_only = settings->read_only;
-
-        if ((arg_settings_mask & SETTING_VOLATILE_MODE) == 0 &&
-            settings->volatile_mode != _VOLATILE_MODE_INVALID)
-                arg_volatile_mode = settings->volatile_mode;
-
-        if ((arg_settings_mask & SETTING_CUSTOM_MOUNTS) == 0 &&
-            settings->n_custom_mounts > 0) {
-
-                if (!arg_settings_trusted)
-                        log_warning("Ignoring TemporaryFileSystem=, Bind= and BindReadOnly= settings, file %s is not trusted.", p);
-                else {
-                        custom_mount_free_all(arg_custom_mounts, arg_n_custom_mounts);
-                        arg_custom_mounts = settings->custom_mounts;
-                        arg_n_custom_mounts = settings->n_custom_mounts;
-
-                        settings->custom_mounts = NULL;
-                        settings->n_custom_mounts = 0;
-                }
-        }
-
-        if ((arg_settings_mask & SETTING_NETWORK) == 0 &&
-            (settings->private_network >= 0 ||
-             settings->network_veth >= 0 ||
-             settings->network_bridge ||
-             settings->network_zone ||
-             settings->network_interfaces ||
-             settings->network_macvlan ||
-             settings->network_ipvlan ||
-             settings->network_veth_extra)) {
-
-                if (!arg_settings_trusted)
-                        log_warning("Ignoring network settings, file %s is not trusted.", p);
-                else {
-                        arg_network_veth = settings_network_veth(settings);
-                        arg_private_network = settings_private_network(settings);
-
-                        strv_free(arg_network_interfaces);
-                        arg_network_interfaces = settings->network_interfaces;
-                        settings->network_interfaces = NULL;
-
-                        strv_free(arg_network_macvlan);
-                        arg_network_macvlan = settings->network_macvlan;
-                        settings->network_macvlan = NULL;
-
-                        strv_free(arg_network_ipvlan);
-                        arg_network_ipvlan = settings->network_ipvlan;
-                        settings->network_ipvlan = NULL;
-
-                        strv_free(arg_network_veth_extra);
-                        arg_network_veth_extra = settings->network_veth_extra;
-                        settings->network_veth_extra = NULL;
-
-                        free(arg_network_bridge);
-                        arg_network_bridge = settings->network_bridge;
-                        settings->network_bridge = NULL;
-
-                        free(arg_network_zone);
-                        arg_network_zone = settings->network_zone;
-                        settings->network_zone = NULL;
-                }
-        }
-
-        if ((arg_settings_mask & SETTING_EXPOSE_PORTS) == 0 &&
-            settings->expose_ports) {
-
-                if (!arg_settings_trusted)
-                        log_warning("Ignoring Port= setting, file %s is not trusted.", p);
-                else {
-                        expose_port_free_all(arg_expose_ports);
-                        arg_expose_ports = settings->expose_ports;
-                        settings->expose_ports = NULL;
-                }
-        }
-
-        if ((arg_settings_mask & SETTING_USERNS) == 0 &&
-            settings->userns_mode != _USER_NAMESPACE_MODE_INVALID) {
-
-                if (!arg_settings_trusted)
-                        log_warning("Ignoring PrivateUsers= and PrivateUsersChown= settings, file %s is not trusted.", p);
-                else {
-                        arg_userns_mode = settings->userns_mode;
-                        arg_uid_shift = settings->uid_shift;
-                        arg_uid_range = settings->uid_range;
-                        arg_userns_chown = settings->userns_chown;
-                }
-        }
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-
-        _cleanup_free_ char *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL, *console = NULL;
-        bool root_device_rw = true, home_device_rw = true, srv_device_rw = true;
-        _cleanup_close_ int master = -1, image_fd = -1;
-        _cleanup_fdset_free_ FDSet *fds = NULL;
-        int r, n_fd_passed, loop_nr = -1;
-        char veth_name[IFNAMSIZ] = "";
-        bool secondary = false, remove_subvol = false;
-        sigset_t mask_chld;
-        pid_t pid = 0;
-        int ret = EXIT_SUCCESS;
-        union in_addr_union exposed = {};
-        _cleanup_release_lock_file_ LockFile tree_global_lock = LOCK_FILE_INIT, tree_local_lock = LOCK_FILE_INIT;
-        bool interactive, veth_created = false;
-
-        log_parse_environment();
-        log_open();
-
-        /* Make sure rename_process() in the stub init process can work */
-        saved_argv = argv;
-        saved_argc = argc;
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        if (geteuid() != 0) {
-                log_error("Need to be root.");
-                r = -EPERM;
-                goto finish;
-        }
-        r = determine_names();
-        if (r < 0)
-                goto finish;
-
-        r = load_settings();
-        if (r < 0)
-                goto finish;
-
-        r = verify_arguments();
-        if (r < 0)
-                goto finish;
-
-        n_fd_passed = sd_listen_fds(false);
-        if (n_fd_passed > 0) {
-                r = fdset_new_listen_fds(&fds, false);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to collect file descriptors: %m");
-                        goto finish;
-                }
-        }
-
-        if (arg_directory) {
-                assert(!arg_image);
-
-                if (path_equal(arg_directory, "/") && !arg_ephemeral) {
-                        log_error("Spawning container on root directory is not supported. Consider using --ephemeral.");
-                        r = -EINVAL;
-                        goto finish;
-                }
-
-                if (arg_ephemeral) {
-                        _cleanup_free_ char *np = NULL;
-
-                        /* If the specified path is a mount point we
-                         * generate the new snapshot immediately
-                         * inside it under a random name. However if
-                         * the specified is not a mount point we
-                         * create the new snapshot in the parent
-                         * directory, just next to it. */
-                        r = path_is_mount_point(arg_directory, 0);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to determine whether directory %s is mount point: %m", arg_directory);
-                                goto finish;
-                        }
-                        if (r > 0)
-                                r = tempfn_random_child(arg_directory, "machine.", &np);
-                        else
-                                r = tempfn_random(arg_directory, "machine.", &np);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to generate name for snapshot: %m");
-                                goto finish;
-                        }
-
-                        r = image_path_lock(np, (arg_read_only ? LOCK_SH : LOCK_EX) | LOCK_NB, &tree_global_lock, &tree_local_lock);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to lock %s: %m", np);
-                                goto finish;
-                        }
-
-                        r = btrfs_subvol_snapshot(arg_directory, np, (arg_read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) | BTRFS_SNAPSHOT_FALLBACK_COPY | BTRFS_SNAPSHOT_RECURSIVE | BTRFS_SNAPSHOT_QUOTA);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to create snapshot %s from %s: %m", np, arg_directory);
-                                goto finish;
-                        }
-
-                        free(arg_directory);
-                        arg_directory = np;
-                        np = NULL;
-
-                        remove_subvol = true;
-
-                } else {
-                        r = image_path_lock(arg_directory, (arg_read_only ? LOCK_SH : LOCK_EX) | LOCK_NB, &tree_global_lock, &tree_local_lock);
-                        if (r == -EBUSY) {
-                                log_error_errno(r, "Directory tree %s is currently busy.", arg_directory);
-                                goto finish;
-                        }
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to lock %s: %m", arg_directory);
-                                return r;
-                        }
-
-                        if (arg_template) {
-                                r = btrfs_subvol_snapshot(arg_template, arg_directory, (arg_read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) | BTRFS_SNAPSHOT_FALLBACK_COPY | BTRFS_SNAPSHOT_RECURSIVE | BTRFS_SNAPSHOT_QUOTA);
-                                if (r == -EEXIST) {
-                                        if (!arg_quiet)
-                                                log_info("Directory %s already exists, not populating from template %s.", arg_directory, arg_template);
-                                } else if (r < 0) {
-                                        log_error_errno(r, "Couldn't create snapshot %s from %s: %m", arg_directory, arg_template);
-                                        goto finish;
-                                } else {
-                                        if (!arg_quiet)
-                                                log_info("Populated %s from template %s.", arg_directory, arg_template);
-                                }
-                        }
-                }
-
-                if (arg_start_mode == START_BOOT) {
-                        if (path_is_os_tree(arg_directory) <= 0) {
-                                log_error("Directory %s doesn't look like an OS root directory (os-release file is missing). Refusing.", arg_directory);
-                                r = -EINVAL;
-                                goto finish;
-                        }
-                } else {
-                        const char *p;
-
-                        p = strjoina(arg_directory, "/usr/");
-                        if (laccess(p, F_OK) < 0) {
-                                log_error("Directory %s doesn't look like it has an OS tree. Refusing.", arg_directory);
-                                r = -EINVAL;
-                                goto finish;
-                        }
-                }
-
-        } else {
-                char template[] = "/tmp/nspawn-root-XXXXXX";
-
-                assert(arg_image);
-                assert(!arg_template);
-
-                r = image_path_lock(arg_image, (arg_read_only ? LOCK_SH : LOCK_EX) | LOCK_NB, &tree_global_lock, &tree_local_lock);
-                if (r == -EBUSY) {
-                        r = log_error_errno(r, "Disk image %s is currently busy.", arg_image);
-                        goto finish;
-                }
-                if (r < 0) {
-                        r = log_error_errno(r, "Failed to create image lock: %m");
-                        goto finish;
-                }
-
-                if (!mkdtemp(template)) {
-                        log_error_errno(errno, "Failed to create temporary directory: %m");
-                        r = -errno;
-                        goto finish;
-                }
-
-                arg_directory = strdup(template);
-                if (!arg_directory) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                image_fd = setup_image(&device_path, &loop_nr);
-                if (image_fd < 0) {
-                        r = image_fd;
-                        goto finish;
-                }
-
-                r = dissect_image(image_fd,
-                                  &root_device, &root_device_rw,
-                                  &home_device, &home_device_rw,
-                                  &srv_device, &srv_device_rw,
-                                  &secondary);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = custom_mounts_prepare();
-        if (r < 0)
-                goto finish;
-
-        interactive =
-                isatty(STDIN_FILENO) > 0 &&
-                isatty(STDOUT_FILENO) > 0;
-
-        master = posix_openpt(O_RDWR|O_NOCTTY|O_CLOEXEC|O_NDELAY);
-        if (master < 0) {
-                r = log_error_errno(errno, "Failed to acquire pseudo tty: %m");
-                goto finish;
-        }
-
-        r = ptsname_malloc(master, &console);
-        if (r < 0) {
-                r = log_error_errno(r, "Failed to determine tty name: %m");
-                goto finish;
-        }
-
-        if (arg_selinux_apifs_context) {
-                r = mac_selinux_apply(console, arg_selinux_apifs_context);
-                if (r < 0)
-                        goto finish;
-        }
-
-        if (unlockpt(master) < 0) {
-                r = log_error_errno(errno, "Failed to unlock tty: %m");
-                goto finish;
-        }
-
-        if (!arg_quiet)
-                log_info("Spawning container %s on %s.\nPress ^] three times within 1s to kill container.",
-                         arg_machine, arg_image ?: arg_directory);
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1) >= 0);
-
-        assert_se(sigemptyset(&mask_chld) == 0);
-        assert_se(sigaddset(&mask_chld, SIGCHLD) == 0);
-
-        if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) {
-                r = log_error_errno(errno, "Failed to become subreaper: %m");
-                goto finish;
-        }
-
-        for (;;) {
-                static const struct sigaction sa = {
-                        .sa_handler = nop_signal_handler,
-                        .sa_flags = SA_NOCLDSTOP,
-                };
-
-                _cleanup_release_lock_file_ LockFile uid_shift_lock = LOCK_FILE_INIT;
-                _cleanup_close_ int etc_passwd_lock = -1;
-                _cleanup_close_pair_ int
-                        kmsg_socket_pair[2] = { -1, -1 },
-                        rtnl_socket_pair[2] = { -1, -1 },
-                        pid_socket_pair[2] = { -1, -1 },
-                        uuid_socket_pair[2] = { -1, -1 },
-                        uid_shift_socket_pair[2] = { -1, -1 };
-                _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
-                _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-                _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
-                _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-                ContainerStatus container_status;
-                char last_char = 0;
-                int ifi = 0;
-                ssize_t l;
-
-                if (arg_userns_mode == USER_NAMESPACE_PICK) {
-                        /* When we shall pick the UID/GID range, let's first lock /etc/passwd, so that we can safely
-                         * check with getpwuid() if the specific user already exists. Note that /etc might be
-                         * read-only, in which case this will fail with EROFS. But that's really OK, as in that case we
-                         * can be reasonably sure that no users are going to be added. Note that getpwuid() checks are
-                         * really just an extra safety net. We kinda assume that the UID range we allocate from is
-                         * really ours. */
-
-                        etc_passwd_lock = take_etc_passwd_lock(NULL);
-                        if (etc_passwd_lock < 0 && etc_passwd_lock != -EROFS) {
-                                log_error_errno(r, "Failed to take /etc/passwd lock: %m");
-                                goto finish;
-                        }
-                }
-
-                r = barrier_create(&barrier);
-                if (r < 0) {
-                        log_error_errno(r, "Cannot initialize IPC barrier: %m");
-                        goto finish;
-                }
-
-                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
-                        r = log_error_errno(errno, "Failed to create kmsg socket pair: %m");
-                        goto finish;
-                }
-
-                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, rtnl_socket_pair) < 0) {
-                        r = log_error_errno(errno, "Failed to create rtnl socket pair: %m");
-                        goto finish;
-                }
-
-                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pid_socket_pair) < 0) {
-                        r = log_error_errno(errno, "Failed to create pid socket pair: %m");
-                        goto finish;
-                }
-
-                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, uuid_socket_pair) < 0) {
-                        r = log_error_errno(errno, "Failed to create id socket pair: %m");
-                        goto finish;
-                }
-
-                if (arg_userns_mode != USER_NAMESPACE_NO)
-                        if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, uid_shift_socket_pair) < 0) {
-                                r = log_error_errno(errno, "Failed to create uid shift socket pair: %m");
-                                goto finish;
-                        }
-
-                /* Child can be killed before execv(), so handle SIGCHLD
-                 * in order to interrupt parent's blocking calls and
-                 * give it a chance to call wait() and terminate. */
-                r = sigprocmask(SIG_UNBLOCK, &mask_chld, NULL);
-                if (r < 0) {
-                        r = log_error_errno(errno, "Failed to change the signal mask: %m");
-                        goto finish;
-                }
-
-                r = sigaction(SIGCHLD, &sa, NULL);
-                if (r < 0) {
-                        r = log_error_errno(errno, "Failed to install SIGCHLD handler: %m");
-                        goto finish;
-                }
-
-                pid = raw_clone(SIGCHLD|CLONE_NEWNS, NULL);
-                if (pid < 0) {
-                        if (errno == EINVAL)
-                                r = log_error_errno(errno, "clone() failed, do you have namespace support enabled in your kernel? (You need UTS, IPC, PID and NET namespacing built in): %m");
-                        else
-                                r = log_error_errno(errno, "clone() failed: %m");
-
-                        goto finish;
-                }
-
-                if (pid == 0) {
-                        /* The outer child only has a file system namespace. */
-                        barrier_set_role(&barrier, BARRIER_CHILD);
-
-                        master = safe_close(master);
-
-                        kmsg_socket_pair[0] = safe_close(kmsg_socket_pair[0]);
-                        rtnl_socket_pair[0] = safe_close(rtnl_socket_pair[0]);
-                        pid_socket_pair[0] = safe_close(pid_socket_pair[0]);
-                        uuid_socket_pair[0] = safe_close(uuid_socket_pair[0]);
-                        uid_shift_socket_pair[0] = safe_close(uid_shift_socket_pair[0]);
-
-                        (void) reset_all_signal_handlers();
-                        (void) reset_signal_mask();
-
-                        r = outer_child(&barrier,
-                                        arg_directory,
-                                        console,
-                                        root_device, root_device_rw,
-                                        home_device, home_device_rw,
-                                        srv_device, srv_device_rw,
-                                        interactive,
-                                        secondary,
-                                        pid_socket_pair[1],
-                                        uuid_socket_pair[1],
-                                        kmsg_socket_pair[1],
-                                        rtnl_socket_pair[1],
-                                        uid_shift_socket_pair[1],
-                                        fds);
-                        if (r < 0)
-                                _exit(EXIT_FAILURE);
-
-                        _exit(EXIT_SUCCESS);
-                }
-
-                barrier_set_role(&barrier, BARRIER_PARENT);
-
-                fds = fdset_free(fds);
-
-                kmsg_socket_pair[1] = safe_close(kmsg_socket_pair[1]);
-                rtnl_socket_pair[1] = safe_close(rtnl_socket_pair[1]);
-                pid_socket_pair[1] = safe_close(pid_socket_pair[1]);
-                uuid_socket_pair[1] = safe_close(uuid_socket_pair[1]);
-                uid_shift_socket_pair[1] = safe_close(uid_shift_socket_pair[1]);
-
-                if (arg_userns_mode != USER_NAMESPACE_NO) {
-                        /* The child just let us know the UID shift it might have read from the image. */
-                        l = recv(uid_shift_socket_pair[0], &arg_uid_shift, sizeof(arg_uid_shift), 0);
-                        if (l < 0) {
-                                r = log_error_errno(errno, "Failed to read UID shift: %m");
-                                goto finish;
-                        }
-                        if (l != sizeof(arg_uid_shift)) {
-                                log_error("Short read while reading UID shift.");
-                                r = EIO;
-                                goto finish;
-                        }
-
-                        if (arg_userns_mode == USER_NAMESPACE_PICK) {
-                                /* If we are supposed to pick the UID shift, let's try to use the shift read from the
-                                 * image, but if that's already in use, pick a new one, and report back to the child,
-                                 * which one we now picked. */
-
-                                r = uid_shift_pick(&arg_uid_shift, &uid_shift_lock);
-                                if (r < 0) {
-                                        log_error_errno(r, "Failed to pick suitable UID/GID range: %m");
-                                        goto finish;
-                                }
-
-                                l = send(uid_shift_socket_pair[0], &arg_uid_shift, sizeof(arg_uid_shift), MSG_NOSIGNAL);
-                                if (l < 0) {
-                                        r = log_error_errno(errno, "Failed to send UID shift: %m");
-                                        goto finish;
-                                }
-                                if (l != sizeof(arg_uid_shift)) {
-                                        log_error("Short write while writing UID shift.");
-                                        r = -EIO;
-                                        goto finish;
-                                }
-                        }
-                }
-
-                /* Wait for the outer child. */
-                r = wait_for_terminate_and_warn("namespace helper", pid, NULL);
-                if (r < 0)
-                        goto finish;
-                if (r != 0) {
-                        r = -EIO;
-                        goto finish;
-                }
-                pid = 0;
-
-                /* And now retrieve the PID of the inner child. */
-                l = recv(pid_socket_pair[0], &pid, sizeof(pid), 0);
-                if (l < 0) {
-                        r = log_error_errno(errno, "Failed to read inner child PID: %m");
-                        goto finish;
-                }
-                if (l != sizeof(pid)) {
-                        log_error("Short read while reading inner child PID.");
-                        r = EIO;
-                        goto finish;
-                }
-
-                /* We also retrieve container UUID in case it was generated by outer child */
-                l = recv(uuid_socket_pair[0], &arg_uuid, sizeof(arg_uuid), 0);
-                if (l < 0) {
-                        r = log_error_errno(errno, "Failed to read container machine ID: %m");
-                        goto finish;
-                }
-                if (l != sizeof(arg_uuid)) {
-                        log_error("Short read while reading container machined ID.");
-                        r = EIO;
-                        goto finish;
-                }
-
-                log_debug("Init process invoked as PID " PID_FMT, pid);
-
-                if (arg_userns_mode != USER_NAMESPACE_NO) {
-                        if (!barrier_place_and_sync(&barrier)) { /* #1 */
-                                log_error("Child died too early.");
-                                r = -ESRCH;
-                                goto finish;
-                        }
-
-                        r = setup_uid_map(pid);
-                        if (r < 0)
-                                goto finish;
-
-                        (void) barrier_place(&barrier); /* #2 */
-                }
-
-                if (arg_private_network) {
-
-                        r = move_network_interfaces(pid, arg_network_interfaces);
-                        if (r < 0)
-                                goto finish;
-
-                        if (arg_network_veth) {
-                                r = setup_veth(arg_machine, pid, veth_name,
-                                               arg_network_bridge || arg_network_zone);
-                                if (r < 0)
-                                        goto finish;
-                                else if (r > 0)
-                                        ifi = r;
-
-                                if (arg_network_bridge) {
-                                        /* Add the interface to a bridge */
-                                        r = setup_bridge(veth_name, arg_network_bridge, false);
-                                        if (r < 0)
-                                                goto finish;
-                                        if (r > 0)
-                                                ifi = r;
-                                } else if (arg_network_zone) {
-                                        /* Add the interface to a bridge, possibly creating it */
-                                        r = setup_bridge(veth_name, arg_network_zone, true);
-                                        if (r < 0)
-                                                goto finish;
-                                        if (r > 0)
-                                                ifi = r;
-                                }
-                        }
-
-                        r = setup_veth_extra(arg_machine, pid, arg_network_veth_extra);
-                        if (r < 0)
-                                goto finish;
-
-                        /* We created the primary and extra veth links now; let's remember this, so that we know to
-                           remove them later on. Note that we don't bother with removing veth links that were created
-                           here when their setup failed half-way, because in that case the kernel should be able to
-                           remove them on its own, since they cannot be referenced by anything yet. */
-                        veth_created = true;
-
-                        r = setup_macvlan(arg_machine, pid, arg_network_macvlan);
-                        if (r < 0)
-                                goto finish;
-
-                        r = setup_ipvlan(arg_machine, pid, arg_network_ipvlan);
-                        if (r < 0)
-                                goto finish;
-                }
-
-                if (arg_register) {
-                        r = register_machine(
-                                        arg_machine,
-                                        pid,
-                                        arg_directory,
-                                        arg_uuid,
-                                        ifi,
-                                        arg_slice,
-                                        arg_custom_mounts, arg_n_custom_mounts,
-                                        arg_kill_signal,
-                                        arg_property,
-                                        arg_keep_unit,
-                                        arg_container_service_name);
-                        if (r < 0)
-                                goto finish;
-                }
-
-                r = sync_cgroup(pid, arg_unified_cgroup_hierarchy);
-                if (r < 0)
-                        goto finish;
-
-                if (arg_keep_unit) {
-                        r = create_subcgroup(pid, arg_unified_cgroup_hierarchy);
-                        if (r < 0)
-                                goto finish;
-                }
-
-                r = chown_cgroup(pid, arg_uid_shift);
-                if (r < 0)
-                        goto finish;
-
-                /* Notify the child that the parent is ready with all
-                 * its setup (including cgroup-ification), and that
-                 * the child can now hand over control to the code to
-                 * run inside the container. */
-                (void) barrier_place(&barrier); /* #3 */
-
-                /* Block SIGCHLD here, before notifying child.
-                 * process_pty() will handle it with the other signals. */
-                assert_se(sigprocmask(SIG_BLOCK, &mask_chld, NULL) >= 0);
-
-                /* Reset signal to default */
-                r = default_signals(SIGCHLD, -1);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to reset SIGCHLD: %m");
-                        goto finish;
-                }
-
-                /* Let the child know that we are ready and wait that the child is completely ready now. */
-                if (!barrier_place_and_sync(&barrier)) { /* #4 */
-                        log_error("Child died too early.");
-                        r = -ESRCH;
-                        goto finish;
-                }
-
-                /* At this point we have made use of the UID we picked, and thus nss-mymachines will make them appear
-                 * in getpwuid(), thus we can release the /etc/passwd lock. */
-                etc_passwd_lock = safe_close(etc_passwd_lock);
-
-                sd_notifyf(false,
-                           "READY=1\n"
-                           "STATUS=Container running.\n"
-                           "X_NSPAWN_LEADER_PID=" PID_FMT, pid);
-
-                r = sd_event_new(&event);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to get default event source: %m");
-                        goto finish;
-                }
-
-                if (arg_kill_signal > 0) {
-                        /* Try to kill the init system on SIGINT or SIGTERM */
-                        sd_event_add_signal(event, NULL, SIGINT, on_orderly_shutdown, PID_TO_PTR(pid));
-                        sd_event_add_signal(event, NULL, SIGTERM, on_orderly_shutdown, PID_TO_PTR(pid));
-                } else {
-                        /* Immediately exit */
-                        sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
-                        sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
-                }
-
-                /* simply exit on sigchld */
-                sd_event_add_signal(event, NULL, SIGCHLD, NULL, NULL);
-
-                if (arg_expose_ports) {
-                        r = expose_port_watch_rtnl(event, rtnl_socket_pair[0], on_address_change, &exposed, &rtnl);
-                        if (r < 0)
-                                goto finish;
-
-                        (void) expose_port_execute(rtnl, arg_expose_ports, &exposed);
-                }
-
-                rtnl_socket_pair[0] = safe_close(rtnl_socket_pair[0]);
-
-                r = pty_forward_new(event, master, PTY_FORWARD_IGNORE_VHANGUP | (interactive ? 0 : PTY_FORWARD_READ_ONLY), &forward);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to create PTY forwarder: %m");
-                        goto finish;
-                }
-
-                r = sd_event_loop(event);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to run event loop: %m");
-                        goto finish;
-                }
-
-                pty_forward_get_last_char(forward, &last_char);
-
-                forward = pty_forward_free(forward);
-
-                if (!arg_quiet && last_char != '\n')
-                        putc('\n', stdout);
-
-                /* Kill if it is not dead yet anyway */
-                if (arg_register && !arg_keep_unit)
-                        terminate_machine(pid);
-
-                /* Normally redundant, but better safe than sorry */
-                kill(pid, SIGKILL);
-
-                r = wait_for_container(pid, &container_status);
-                pid = 0;
-
-                if (r < 0)
-                        /* We failed to wait for the container, or the
-                         * container exited abnormally */
-                        goto finish;
-                else if (r > 0 || container_status == CONTAINER_TERMINATED) {
-                        /* The container exited with a non-zero
-                         * status, or with zero status and no reboot
-                         * was requested. */
-                        ret = r;
-                        break;
-                }
-
-                /* CONTAINER_REBOOTED, loop again */
-
-                if (arg_keep_unit) {
-                        /* Special handling if we are running as a
-                         * service: instead of simply restarting the
-                         * machine we want to restart the entire
-                         * service, so let's inform systemd about this
-                         * with the special exit code 133. The service
-                         * file uses RestartForceExitStatus=133 so
-                         * that this results in a full nspawn
-                         * restart. This is necessary since we might
-                         * have cgroup parameters set we want to have
-                         * flushed out. */
-                        ret = 133;
-                        r = 0;
-                        break;
-                }
-
-                expose_port_flush(arg_expose_ports, &exposed);
-
-                (void) remove_veth_links(veth_name, arg_network_veth_extra);
-                veth_created = false;
-        }
-
-finish:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Terminating...");
-
-        if (pid > 0)
-                kill(pid, SIGKILL);
-
-        /* Try to flush whatever is still queued in the pty */
-        if (master >= 0)
-                (void) copy_bytes(master, STDOUT_FILENO, (uint64_t) -1, false);
-
-        loop_remove(loop_nr, &image_fd);
-
-        if (remove_subvol && arg_directory) {
-                int k;
-
-                k = btrfs_subvol_remove(arg_directory, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
-                if (k < 0)
-                        log_warning_errno(k, "Cannot remove subvolume '%s', ignoring: %m", arg_directory);
-        }
-
-        if (arg_machine) {
-                const char *p;
-
-                p = strjoina("/run/systemd/nspawn/propagate/", arg_machine);
-                (void) rm_rf(p, REMOVE_ROOT);
-        }
-
-        expose_port_flush(arg_expose_ports, &exposed);
-
-        if (veth_created)
-                (void) remove_veth_links(veth_name, arg_network_veth_extra);
-        (void) remove_bridge(arg_network_zone);
-
-        free(arg_directory);
-        free(arg_template);
-        free(arg_image);
-        free(arg_machine);
-        free(arg_user);
-        free(arg_chdir);
-        strv_free(arg_setenv);
-        free(arg_network_bridge);
-        strv_free(arg_network_interfaces);
-        strv_free(arg_network_macvlan);
-        strv_free(arg_network_ipvlan);
-        strv_free(arg_network_veth_extra);
-        strv_free(arg_parameters);
-        custom_mount_free_all(arg_custom_mounts, arg_n_custom_mounts);
-        expose_port_free_all(arg_expose_ports);
-
-        return r < 0 ? EXIT_FAILURE : ret;
-}
diff --git a/src/nss-myhostname/Makefile b/src/nss-myhostname/Makefile
index d0b0e8e008..b5f6ff62aa 120000..100644
--- a/src/nss-myhostname/Makefile
+++ b/src/nss-myhostname/Makefile
@@ -1 +1,47 @@
-../Makefile
-\ No newline at end of file
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_MYHOSTNAME),)
+libnss_myhostname_la_SOURCES = \
+	src/nss-myhostname/nss-myhostname.sym \
+	src/nss-myhostname/nss-myhostname.c
+
+libnss_myhostname_la_LDFLAGS = \
+	$(AM_LDFLAGS) \
+	-module \
+	-export-dynamic \
+	-avoid-version \
+	-shared \
+	-shrext .so.2 \
+	-Wl,--version-script=$(srcdir)/nss-myhostname.sym
+
+libnss_myhostname_la_LIBADD = \
+	libsystemd-internal.la
+
+lib_LTLIBRARIES += \
+	libnss_myhostname.la
+endif # HAVE_MYHOSTNAME
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/nss-mymachines/Makefile b/src/nss-mymachines/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/nss-mymachines/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c
deleted file mode 100644
index 8d57b26cbc..0000000000
--- a/src/nss-mymachines/nss-mymachines.c
+++ /dev/null
@@ -1,738 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netdb.h>
-#include <nss.h>
-
-#include "sd-bus.h"
-#include "sd-login.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "hostname-util.h"
-#include "in-addr-util.h"
-#include "macro.h"
-#include "nss-util.h"
-#include "signal-util.h"
-#include "string-util.h"
-#include "user-util.h"
-#include "util.h"
-
-NSS_GETHOSTBYNAME_PROTOTYPES(mymachines);
-NSS_GETPW_PROTOTYPES(mymachines);
-NSS_GETGR_PROTOTYPES(mymachines);
-
-#define HOST_UID_LIMIT ((uid_t) UINT32_C(0x10000))
-#define HOST_GID_LIMIT ((gid_t) UINT32_C(0x10000))
-
-static int count_addresses(sd_bus_message *m, int af, unsigned *ret) {
-        unsigned c = 0;
-        int r;
-
-        assert(m);
-        assert(ret);
-
-        while ((r = sd_bus_message_enter_container(m, 'r', "iay")) > 0) {
-                int family;
-
-                r = sd_bus_message_read(m, "i", &family);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_skip(m, "ay");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(m);
-                if (r < 0)
-                        return r;
-
-                if (af != AF_UNSPEC && family != af)
-                        continue;
-
-                c++;
-        }
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_rewind(m, false);
-        if (r < 0)
-                return r;
-
-        *ret = c;
-        return 0;
-}
-
-enum nss_status _nss_mymachines_gethostbyname4_r(
-                const char *name,
-                struct gaih_addrtuple **pat,
-                char *buffer, size_t buflen,
-                int *errnop, int *h_errnop,
-                int32_t *ttlp) {
-
-        struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_free_ int *ifindices = NULL;
-        _cleanup_free_ char *class = NULL;
-        size_t l, ms, idx;
-        unsigned i = 0, c = 0;
-        char *r_name;
-        int n_ifindices, r;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        assert(name);
-        assert(pat);
-        assert(buffer);
-        assert(errnop);
-        assert(h_errnop);
-
-        r = sd_machine_get_class(name, &class);
-        if (r < 0)
-                goto fail;
-        if (!streq(class, "container")) {
-                r = -ENOTTY;
-                goto fail;
-        }
-
-        n_ifindices = sd_machine_get_ifindices(name, &ifindices);
-        if (n_ifindices < 0) {
-                r = n_ifindices;
-                goto fail;
-        }
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "GetMachineAddresses",
-                               NULL,
-                               &reply,
-                               "s", name);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(iay)");
-        if (r < 0)
-                goto fail;
-
-        r = count_addresses(reply, AF_UNSPEC, &c);
-        if (r < 0)
-                goto fail;
-
-        if (c <= 0) {
-                *errnop = ESRCH;
-                *h_errnop = HOST_NOT_FOUND;
-                return NSS_STATUS_NOTFOUND;
-        }
-
-        l = strlen(name);
-        ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c;
-        if (buflen < ms) {
-                *errnop = ENOMEM;
-                *h_errnop = TRY_AGAIN;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        /* First, append name */
-        r_name = buffer;
-        memcpy(r_name, name, l+1);
-        idx = ALIGN(l+1);
-
-        /* Second, append addresses */
-        r_tuple_first = (struct gaih_addrtuple*) (buffer + idx);
-        while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
-                int family;
-                const void *a;
-                size_t sz;
-
-                r = sd_bus_message_read(reply, "i", &family);
-                if (r < 0)
-                        goto fail;
-
-                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
-                if (r < 0)
-                        goto fail;
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        goto fail;
-
-                if (!IN_SET(family, AF_INET, AF_INET6)) {
-                        r = -EAFNOSUPPORT;
-                        goto fail;
-                }
-
-                if (sz != FAMILY_ADDRESS_SIZE(family)) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                r_tuple = (struct gaih_addrtuple*) (buffer + idx);
-                r_tuple->next = i == c-1 ? NULL : (struct gaih_addrtuple*) ((char*) r_tuple + ALIGN(sizeof(struct gaih_addrtuple)));
-                r_tuple->name = r_name;
-                r_tuple->family = family;
-                r_tuple->scopeid = n_ifindices == 1 ? ifindices[0] : 0;
-                memcpy(r_tuple->addr, a, sz);
-
-                idx += ALIGN(sizeof(struct gaih_addrtuple));
-                i++;
-        }
-
-        assert(i == c);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                goto fail;
-
-        assert(idx == ms);
-
-        if (*pat)
-                **pat = *r_tuple_first;
-        else
-                *pat = r_tuple_first;
-
-        if (ttlp)
-                *ttlp = 0;
-
-        /* Explicitly reset all error variables */
-        *errnop = 0;
-        *h_errnop = NETDB_SUCCESS;
-        h_errno = 0;
-
-        return NSS_STATUS_SUCCESS;
-
-fail:
-        *errnop = -r;
-        *h_errnop = NO_DATA;
-        return NSS_STATUS_UNAVAIL;
-}
-
-enum nss_status _nss_mymachines_gethostbyname3_r(
-                const char *name,
-                int af,
-                struct hostent *result,
-                char *buffer, size_t buflen,
-                int *errnop, int *h_errnop,
-                int32_t *ttlp,
-                char **canonp) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_free_ char *class = NULL;
-        unsigned c = 0, i = 0;
-        char *r_name, *r_aliases, *r_addr, *r_addr_list;
-        size_t l, idx, ms, alen;
-        int r;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        assert(name);
-        assert(result);
-        assert(buffer);
-        assert(errnop);
-        assert(h_errnop);
-
-        if (af == AF_UNSPEC)
-                af = AF_INET;
-
-        if (af != AF_INET && af != AF_INET6) {
-                r = -EAFNOSUPPORT;
-                goto fail;
-        }
-
-        r = sd_machine_get_class(name, &class);
-        if (r < 0)
-                goto fail;
-        if (!streq(class, "container")) {
-                r = -ENOTTY;
-                goto fail;
-        }
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "GetMachineAddresses",
-                               NULL,
-                               &reply,
-                               "s", name);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(iay)");
-        if (r < 0)
-                goto fail;
-
-        r = count_addresses(reply, af, &c);
-        if (r < 0)
-                goto fail;
-
-        if (c <= 0) {
-                *errnop = ENOENT;
-                *h_errnop = HOST_NOT_FOUND;
-                return NSS_STATUS_NOTFOUND;
-        }
-
-        alen = FAMILY_ADDRESS_SIZE(af);
-        l = strlen(name);
-
-        ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
-
-        if (buflen < ms) {
-                *errnop = ENOMEM;
-                *h_errnop = NO_RECOVERY;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        /* First, append name */
-        r_name = buffer;
-        memcpy(r_name, name, l+1);
-        idx = ALIGN(l+1);
-
-        /* Second, create aliases array */
-        r_aliases = buffer + idx;
-        ((char**) r_aliases)[0] = NULL;
-        idx += sizeof(char*);
-
-        /* Third, append addresses */
-        r_addr = buffer + idx;
-        while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
-                int family;
-                const void *a;
-                size_t sz;
-
-                r = sd_bus_message_read(reply, "i", &family);
-                if (r < 0)
-                        goto fail;
-
-                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
-                if (r < 0)
-                        goto fail;
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        goto fail;
-
-                if (family != af)
-                        continue;
-
-                if (sz != alen) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                memcpy(r_addr + i*ALIGN(alen), a, alen);
-                i++;
-        }
-
-        assert(i == c);
-        idx += c * ALIGN(alen);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                goto fail;
-
-        /* Third, append address pointer array */
-        r_addr_list = buffer + idx;
-        for (i = 0; i < c; i++)
-                ((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen);
-
-        ((char**) r_addr_list)[i] = NULL;
-        idx += (c+1) * sizeof(char*);
-
-        assert(idx == ms);
-
-        result->h_name = r_name;
-        result->h_aliases = (char**) r_aliases;
-        result->h_addrtype = af;
-        result->h_length = alen;
-        result->h_addr_list = (char**) r_addr_list;
-
-        if (ttlp)
-                *ttlp = 0;
-
-        if (canonp)
-                *canonp = r_name;
-
-        /* Explicitly reset all error variables */
-        *errnop = 0;
-        *h_errnop = NETDB_SUCCESS;
-        h_errno = 0;
-
-        return NSS_STATUS_SUCCESS;
-
-fail:
-        *errnop = -r;
-        *h_errnop = NO_DATA;
-        return NSS_STATUS_UNAVAIL;
-}
-
-NSS_GETHOSTBYNAME_FALLBACKS(mymachines);
-
-enum nss_status _nss_mymachines_getpwnam_r(
-                const char *name,
-                struct passwd *pwd,
-                char *buffer, size_t buflen,
-                int *errnop) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        const char *p, *e, *machine;
-        uint32_t mapped;
-        uid_t uid;
-        size_t l;
-        int r;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        assert(name);
-        assert(pwd);
-
-        p = startswith(name, "vu-");
-        if (!p)
-                goto not_found;
-
-        e = strrchr(p, '-');
-        if (!e || e == p)
-                goto not_found;
-
-        if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */
-                goto not_found;
-
-        r = parse_uid(e + 1, &uid);
-        if (r < 0)
-                goto not_found;
-
-        machine = strndupa(p, e - p);
-        if (!machine_name_is_valid(machine))
-                goto not_found;
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "MapFromMachineUser",
-                               &error,
-                               &reply,
-                               "su",
-                               machine, (uint32_t) uid);
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING))
-                        goto not_found;
-
-                goto fail;
-        }
-
-        r = sd_bus_message_read(reply, "u", &mapped);
-        if (r < 0)
-                goto fail;
-
-        /* Refuse to work if the mapped address is in the host UID range, or if there was no mapping at all. */
-        if (mapped < HOST_UID_LIMIT || mapped == uid)
-                goto not_found;
-
-        l = strlen(name);
-        if (buflen < l+1) {
-                *errnop = ENOMEM;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        memcpy(buffer, name, l+1);
-
-        pwd->pw_name = buffer;
-        pwd->pw_uid = mapped;
-        pwd->pw_gid = 65534; /* nobody */
-        pwd->pw_gecos = buffer;
-        pwd->pw_passwd = (char*) "*"; /* locked */
-        pwd->pw_dir = (char*) "/";
-        pwd->pw_shell = (char*) "/sbin/nologin";
-
-        *errnop = 0;
-        return NSS_STATUS_SUCCESS;
-
-not_found:
-        *errnop = 0;
-        return NSS_STATUS_NOTFOUND;
-
-fail:
-        *errnop = -r;
-        return NSS_STATUS_UNAVAIL;
-}
-
-enum nss_status _nss_mymachines_getpwuid_r(
-                uid_t uid,
-                struct passwd *pwd,
-                char *buffer, size_t buflen,
-                int *errnop) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        const char *machine, *object;
-        uint32_t mapped;
-        int r;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        if (!uid_is_valid(uid)) {
-                r = -EINVAL;
-                goto fail;
-        }
-
-        /* We consider all uids < 65536 host uids */
-        if (uid < HOST_UID_LIMIT)
-                goto not_found;
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "MapToMachineUser",
-                               &error,
-                               &reply,
-                               "u",
-                               (uint32_t) uid);
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING))
-                        goto not_found;
-
-                goto fail;
-        }
-
-        r = sd_bus_message_read(reply, "sou", &machine, &object, &mapped);
-        if (r < 0)
-                goto fail;
-
-        if (mapped == uid)
-                goto not_found;
-
-        if (snprintf(buffer, buflen, "vu-%s-" UID_FMT, machine, (uid_t) mapped) >= (int) buflen) {
-                *errnop = ENOMEM;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        pwd->pw_name = buffer;
-        pwd->pw_uid = uid;
-        pwd->pw_gid = 65534; /* nobody */
-        pwd->pw_gecos = buffer;
-        pwd->pw_passwd = (char*) "*"; /* locked */
-        pwd->pw_dir = (char*) "/";
-        pwd->pw_shell = (char*) "/sbin/nologin";
-
-        *errnop = 0;
-        return NSS_STATUS_SUCCESS;
-
-not_found:
-        *errnop = 0;
-        return NSS_STATUS_NOTFOUND;
-
-fail:
-        *errnop = -r;
-        return NSS_STATUS_UNAVAIL;
-}
-
-enum nss_status _nss_mymachines_getgrnam_r(
-                const char *name,
-                struct group *gr,
-                char *buffer, size_t buflen,
-                int *errnop) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        const char *p, *e, *machine;
-        uint32_t mapped;
-        uid_t gid;
-        size_t l;
-        int r;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        assert(name);
-        assert(gr);
-
-        p = startswith(name, "vg-");
-        if (!p)
-                goto not_found;
-
-        e = strrchr(p, '-');
-        if (!e || e == p)
-                goto not_found;
-
-        if (e - p > HOST_NAME_MAX - 1)  /* -1 for the last dash */
-                goto not_found;
-
-        r = parse_gid(e + 1, &gid);
-        if (r < 0)
-                goto not_found;
-
-        machine = strndupa(p, e - p);
-        if (!machine_name_is_valid(machine))
-                goto not_found;
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "MapFromMachineGroup",
-                               &error,
-                               &reply,
-                               "su",
-                               machine, (uint32_t) gid);
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING))
-                        goto not_found;
-
-                goto fail;
-        }
-
-        r = sd_bus_message_read(reply, "u", &mapped);
-        if (r < 0)
-                goto fail;
-
-        if (mapped < HOST_GID_LIMIT || mapped == gid)
-                goto not_found;
-
-        l = sizeof(char*) + strlen(name) + 1;
-        if (buflen < l) {
-                *errnop = ENOMEM;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        memzero(buffer, sizeof(char*));
-        strcpy(buffer + sizeof(char*), name);
-
-        gr->gr_name = buffer + sizeof(char*);
-        gr->gr_gid = gid;
-        gr->gr_passwd = (char*) "*"; /* locked */
-        gr->gr_mem = (char**) buffer;
-
-        *errnop = 0;
-        return NSS_STATUS_SUCCESS;
-
-not_found:
-        *errnop = 0;
-        return NSS_STATUS_NOTFOUND;
-
-fail:
-        *errnop = -r;
-        return NSS_STATUS_UNAVAIL;
-}
-
-enum nss_status _nss_mymachines_getgrgid_r(
-                gid_t gid,
-                struct group *gr,
-                char *buffer, size_t buflen,
-                int *errnop) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        const char *machine, *object;
-        uint32_t mapped;
-        int r;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        if (!gid_is_valid(gid)) {
-                r = -EINVAL;
-                goto fail;
-        }
-
-        /* We consider all gids < 65536 host gids */
-        if (gid < HOST_GID_LIMIT)
-                goto not_found;
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.machine1",
-                               "/org/freedesktop/machine1",
-                               "org.freedesktop.machine1.Manager",
-                               "MapToMachineGroup",
-                               &error,
-                               &reply,
-                               "u",
-                               (uint32_t) gid);
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING))
-                        goto not_found;
-
-                goto fail;
-        }
-
-        r = sd_bus_message_read(reply, "sou", &machine, &object, &mapped);
-        if (r < 0)
-                goto fail;
-
-        if (mapped == gid)
-                goto not_found;
-
-        if (buflen < sizeof(char*) + 1) {
-                *errnop = ENOMEM;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        memzero(buffer, sizeof(char*));
-        if (snprintf(buffer + sizeof(char*), buflen - sizeof(char*), "vg-%s-" GID_FMT, machine, (gid_t) mapped) >= (int) buflen) {
-                *errnop = ENOMEM;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        gr->gr_name = buffer + sizeof(char*);
-        gr->gr_gid = gid;
-        gr->gr_passwd = (char*) "*"; /* locked */
-        gr->gr_mem = (char**) buffer;
-
-        *errnop = 0;
-        return NSS_STATUS_SUCCESS;
-
-not_found:
-        *errnop = 0;
-        return NSS_STATUS_NOTFOUND;
-
-fail:
-        *errnop = -r;
-        return NSS_STATUS_UNAVAIL;
-}
diff --git a/src/nss-resolve/Makefile b/src/nss-resolve/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/nss-resolve/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c
deleted file mode 100644
index 5ce10f1cbd..0000000000
--- a/src/nss-resolve/nss-resolve.c
+++ /dev/null
@@ -1,675 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <dlfcn.h>
-#include <errno.h>
-#include <netdb.h>
-#include <nss.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "sd-bus.h"
-
-#include "bus-common-errors.h"
-#include "in-addr-util.h"
-#include "macro.h"
-#include "nss-util.h"
-#include "string-util.h"
-#include "util.h"
-#include "signal-util.h"
-
-NSS_GETHOSTBYNAME_PROTOTYPES(resolve);
-NSS_GETHOSTBYADDR_PROTOTYPES(resolve);
-
-#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
-
-typedef void (*voidfunc_t)(void);
-
-static voidfunc_t find_fallback(const char *module, const char *symbol) {
-        void *dl;
-
-        /* Try to find a fallback NSS module symbol */
-
-        dl = dlopen(module, RTLD_LAZY|RTLD_NODELETE);
-        if (!dl)
-                return NULL;
-
-        return dlsym(dl, symbol);
-}
-
-static bool bus_error_shall_fallback(sd_bus_error *e) {
-        return sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN) ||
-               sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER) ||
-               sd_bus_error_has_name(e, SD_BUS_ERROR_NO_REPLY) ||
-               sd_bus_error_has_name(e, SD_BUS_ERROR_ACCESS_DENIED);
-}
-
-static int count_addresses(sd_bus_message *m, int af, const char **canonical) {
-        int c = 0, r;
-
-        assert(m);
-        assert(canonical);
-
-        r = sd_bus_message_enter_container(m, 'a', "(iiay)");
-        if (r < 0)
-                return r;
-
-        while ((r = sd_bus_message_enter_container(m, 'r', "iiay")) > 0) {
-                int family, ifindex;
-
-                assert_cc(sizeof(int32_t) == sizeof(int));
-
-                r = sd_bus_message_read(m, "ii", &ifindex, &family);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_skip(m, "ay");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(m);
-                if (r < 0)
-                        return r;
-
-                if (af != AF_UNSPEC && family != af)
-                        continue;
-
-                c++;
-        }
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_exit_container(m);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(m, "s", canonical);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_rewind(m, true);
-        if (r < 0)
-                return r;
-
-        return c;
-}
-
-enum nss_status _nss_resolve_gethostbyname4_r(
-                const char *name,
-                struct gaih_addrtuple **pat,
-                char *buffer, size_t buflen,
-                int *errnop, int *h_errnop,
-                int32_t *ttlp) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        const char *canonical = NULL;
-        size_t l, ms, idx;
-        char *r_name;
-        int c, r, i = 0;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        assert(name);
-        assert(pat);
-        assert(buffer);
-        assert(errnop);
-        assert(h_errnop);
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fallback;
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &req,
-                        "org.freedesktop.resolve1",
-                        "/org/freedesktop/resolve1",
-                        "org.freedesktop.resolve1.Manager",
-                        "ResolveHostname");
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_set_auto_start(req, false);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_append(req, "isit", 0, name, AF_UNSPEC, (uint64_t) 0);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
-                        *errnop = ESRCH;
-                        *h_errnop = HOST_NOT_FOUND;
-                        return NSS_STATUS_NOTFOUND;
-                }
-
-                if (bus_error_shall_fallback(&error))
-                        goto fallback;
-
-                goto fail;
-        }
-
-        c = count_addresses(reply, AF_UNSPEC, &canonical);
-        if (c < 0) {
-                r = c;
-                goto fail;
-        }
-        if (c == 0) {
-                *errnop = ESRCH;
-                *h_errnop = HOST_NOT_FOUND;
-                return NSS_STATUS_NOTFOUND;
-        }
-
-        if (isempty(canonical))
-                canonical = name;
-
-        l = strlen(canonical);
-        ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c;
-        if (buflen < ms) {
-                *errnop = ENOMEM;
-                *h_errnop = TRY_AGAIN;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        /* First, append name */
-        r_name = buffer;
-        memcpy(r_name, canonical, l+1);
-        idx = ALIGN(l+1);
-
-        /* Second, append addresses */
-        r_tuple_first = (struct gaih_addrtuple*) (buffer + idx);
-
-        r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
-        if (r < 0)
-                goto fail;
-
-        while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
-                int family, ifindex;
-                const void *a;
-                size_t sz;
-
-                assert_cc(sizeof(int32_t) == sizeof(int));
-
-                r = sd_bus_message_read(reply, "ii", &ifindex, &family);
-                if (r < 0)
-                        goto fail;
-
-                if (ifindex < 0) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
-                if (r < 0)
-                        goto fail;
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        goto fail;
-
-                if (!IN_SET(family, AF_INET, AF_INET6))
-                        continue;
-
-                if (sz != FAMILY_ADDRESS_SIZE(family)) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                r_tuple = (struct gaih_addrtuple*) (buffer + idx);
-                r_tuple->next = i == c-1 ? NULL : (struct gaih_addrtuple*) ((char*) r_tuple + ALIGN(sizeof(struct gaih_addrtuple)));
-                r_tuple->name = r_name;
-                r_tuple->family = family;
-                r_tuple->scopeid = ifindex;
-                memcpy(r_tuple->addr, a, sz);
-
-                idx += ALIGN(sizeof(struct gaih_addrtuple));
-                i++;
-        }
-        if (r < 0)
-                goto fail;
-
-        assert(i == c);
-        assert(idx == ms);
-
-        if (*pat)
-                **pat = *r_tuple_first;
-        else
-                *pat = r_tuple_first;
-
-        if (ttlp)
-                *ttlp = 0;
-
-        /* Explicitly reset all error variables */
-        *errnop = 0;
-        *h_errnop = NETDB_SUCCESS;
-        h_errno = 0;
-
-        return NSS_STATUS_SUCCESS;
-
-fallback:
-        {
-                _nss_gethostbyname4_r_t fallback;
-
-                fallback = (_nss_gethostbyname4_r_t)
-                        find_fallback("libnss_dns.so.2", "_nss_dns_gethostbyname4_r");
-
-                if (fallback)
-                        return fallback(name, pat, buffer, buflen, errnop, h_errnop, ttlp);
-        }
-
-fail:
-        *errnop = -r;
-        *h_errnop = NO_RECOVERY;
-        return NSS_STATUS_UNAVAIL;
-}
-
-enum nss_status _nss_resolve_gethostbyname3_r(
-                const char *name,
-                int af,
-                struct hostent *result,
-                char *buffer, size_t buflen,
-                int *errnop, int *h_errnop,
-                int32_t *ttlp,
-                char **canonp) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char *r_name, *r_aliases, *r_addr, *r_addr_list;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        size_t l, idx, ms, alen;
-        const char *canonical;
-        int c, r, i = 0;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        assert(name);
-        assert(result);
-        assert(buffer);
-        assert(errnop);
-        assert(h_errnop);
-
-        if (af == AF_UNSPEC)
-                af = AF_INET;
-
-        if (af != AF_INET && af != AF_INET6) {
-                r = -EAFNOSUPPORT;
-                goto fail;
-        }
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fallback;
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &req,
-                        "org.freedesktop.resolve1",
-                        "/org/freedesktop/resolve1",
-                        "org.freedesktop.resolve1.Manager",
-                        "ResolveHostname");
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_set_auto_start(req, false);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_append(req, "isit", 0, name, af, (uint64_t) 0);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
-                        *errnop = ESRCH;
-                        *h_errnop = HOST_NOT_FOUND;
-                        return NSS_STATUS_NOTFOUND;
-                }
-
-                if (bus_error_shall_fallback(&error))
-                        goto fallback;
-
-                goto fail;
-        }
-
-        c = count_addresses(reply, af, &canonical);
-        if (c < 0) {
-                r = c;
-                goto fail;
-        }
-        if (c == 0) {
-                *errnop = ESRCH;
-                *h_errnop = HOST_NOT_FOUND;
-                return NSS_STATUS_NOTFOUND;
-        }
-
-        if (isempty(canonical))
-                canonical = name;
-
-        alen = FAMILY_ADDRESS_SIZE(af);
-        l = strlen(canonical);
-
-        ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
-
-        if (buflen < ms) {
-                *errnop = ENOMEM;
-                *h_errnop = TRY_AGAIN;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        /* First, append name */
-        r_name = buffer;
-        memcpy(r_name, canonical, l+1);
-        idx = ALIGN(l+1);
-
-        /* Second, create empty aliases array */
-        r_aliases = buffer + idx;
-        ((char**) r_aliases)[0] = NULL;
-        idx += sizeof(char*);
-
-        /* Third, append addresses */
-        r_addr = buffer + idx;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
-        if (r < 0)
-                goto fail;
-
-        while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
-                int ifindex, family;
-                const void *a;
-                size_t sz;
-
-                r = sd_bus_message_read(reply, "ii", &ifindex, &family);
-                if (r < 0)
-                        goto fail;
-
-                if (ifindex < 0) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
-                if (r < 0)
-                        goto fail;
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        goto fail;
-
-                if (family != af)
-                        continue;
-
-                if (sz != alen) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                memcpy(r_addr + i*ALIGN(alen), a, alen);
-                i++;
-        }
-        if (r < 0)
-                goto fail;
-
-        assert(i == c);
-        idx += c * ALIGN(alen);
-
-        /* Fourth, append address pointer array */
-        r_addr_list = buffer + idx;
-        for (i = 0; i < c; i++)
-                ((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen);
-
-        ((char**) r_addr_list)[i] = NULL;
-        idx += (c+1) * sizeof(char*);
-
-        assert(idx == ms);
-
-        result->h_name = r_name;
-        result->h_aliases = (char**) r_aliases;
-        result->h_addrtype = af;
-        result->h_length = alen;
-        result->h_addr_list = (char**) r_addr_list;
-
-        /* Explicitly reset all error variables */
-        *errnop = 0;
-        *h_errnop = NETDB_SUCCESS;
-        h_errno = 0;
-
-        if (ttlp)
-                *ttlp = 0;
-
-        if (canonp)
-                *canonp = r_name;
-
-        return NSS_STATUS_SUCCESS;
-
-fallback:
-        {
-                _nss_gethostbyname3_r_t fallback;
-
-                fallback = (_nss_gethostbyname3_r_t)
-                        find_fallback("libnss_dns.so.2", "_nss_dns_gethostbyname3_r");
-                if (fallback)
-                        return fallback(name, af, result, buffer, buflen, errnop, h_errnop, ttlp, canonp);
-        }
-
-fail:
-        *errnop = -r;
-        *h_errnop = NO_RECOVERY;
-        return NSS_STATUS_UNAVAIL;
-}
-
-enum nss_status _nss_resolve_gethostbyaddr2_r(
-                const void* addr, socklen_t len,
-                int af,
-                struct hostent *result,
-                char *buffer, size_t buflen,
-                int *errnop, int *h_errnop,
-                int32_t *ttlp) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char *r_name, *r_aliases, *r_addr, *r_addr_list;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        unsigned c = 0, i = 0;
-        size_t ms = 0, idx;
-        const char *n;
-        int r, ifindex;
-
-        BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
-
-        assert(addr);
-        assert(result);
-        assert(buffer);
-        assert(errnop);
-        assert(h_errnop);
-
-        if (!IN_SET(af, AF_INET, AF_INET6)) {
-                *errnop = EAFNOSUPPORT;
-                *h_errnop = NO_DATA;
-                return NSS_STATUS_UNAVAIL;
-        }
-
-        if (len != FAMILY_ADDRESS_SIZE(af)) {
-                *errnop = EINVAL;
-                *h_errnop = NO_RECOVERY;
-                return NSS_STATUS_UNAVAIL;
-        }
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0)
-                goto fallback;
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &req,
-                        "org.freedesktop.resolve1",
-                        "/org/freedesktop/resolve1",
-                        "org.freedesktop.resolve1.Manager",
-                        "ResolveAddress");
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_set_auto_start(req, false);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_append(req, "ii", 0, af);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_append_array(req, 'y', addr, len);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_append(req, "t", (uint64_t) 0);
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
-                        *errnop = ESRCH;
-                        *h_errnop = HOST_NOT_FOUND;
-                        return NSS_STATUS_NOTFOUND;
-                }
-
-                if (bus_error_shall_fallback(&error))
-                        goto fallback;
-
-
-                *errnop = -r;
-                *h_errnop = NO_RECOVERY;
-                return NSS_STATUS_UNAVAIL;
-        }
-
-        r = sd_bus_message_enter_container(reply, 'a', "(is)");
-        if (r < 0)
-                goto fail;
-
-        while ((r = sd_bus_message_read(reply, "(is)", &ifindex, &n)) > 0) {
-
-                if (ifindex < 0) {
-                        r = -EINVAL;
-                        goto fail;
-                }
-
-                c++;
-                ms += ALIGN(strlen(n) + 1);
-        }
-        if (r < 0)
-                goto fail;
-
-        r = sd_bus_message_rewind(reply, false);
-        if (r < 0)
-                return r;
-
-        if (c <= 0) {
-                *errnop = ESRCH;
-                *h_errnop = HOST_NOT_FOUND;
-                return NSS_STATUS_NOTFOUND;
-        }
-
-        ms += ALIGN(len) +              /* the address */
-              2 * sizeof(char*) +       /* pointers to the address, plus trailing NULL */
-              c * sizeof(char*);        /* pointers to aliases, plus trailing NULL */
-
-        if (buflen < ms) {
-                *errnop = ENOMEM;
-                *h_errnop = TRY_AGAIN;
-                return NSS_STATUS_TRYAGAIN;
-        }
-
-        /* First, place address */
-        r_addr = buffer;
-        memcpy(r_addr, addr, len);
-        idx = ALIGN(len);
-
-        /* Second, place address list */
-        r_addr_list = buffer + idx;
-        ((char**) r_addr_list)[0] = r_addr;
-        ((char**) r_addr_list)[1] = NULL;
-        idx += sizeof(char*) * 2;
-
-        /* Third, reserve space for the aliases array */
-        r_aliases = buffer + idx;
-        idx += sizeof(char*) * c;
-
-        /* Fourth, place aliases */
-        i = 0;
-        r_name = buffer + idx;
-        while ((r = sd_bus_message_read(reply, "(is)", &ifindex, &n)) > 0) {
-                char *p;
-                size_t l;
-
-                l = strlen(n);
-                p = buffer + idx;
-                memcpy(p, n, l+1);
-
-                if (i > 0)
-                        ((char**) r_aliases)[i-1] = p;
-                i++;
-
-                idx += ALIGN(l+1);
-        }
-        if (r < 0)
-                goto fail;
-
-        ((char**) r_aliases)[c-1] = NULL;
-        assert(idx == ms);
-
-        result->h_name = r_name;
-        result->h_aliases = (char**) r_aliases;
-        result->h_addrtype = af;
-        result->h_length = len;
-        result->h_addr_list = (char**) r_addr_list;
-
-        if (ttlp)
-                *ttlp = 0;
-
-        /* Explicitly reset all error variables */
-        *errnop = 0;
-        *h_errnop = NETDB_SUCCESS;
-        h_errno = 0;
-
-        return NSS_STATUS_SUCCESS;
-
-fallback:
-        {
-                _nss_gethostbyaddr2_r_t fallback;
-
-                fallback = (_nss_gethostbyaddr2_r_t)
-                        find_fallback("libnss_dns.so.2", "_nss_dns_gethostbyaddr2_r");
-
-                if (fallback)
-                        return fallback(addr, len, af, result, buffer, buflen, errnop, h_errnop, ttlp);
-        }
-
-fail:
-        *errnop = -r;
-        *h_errnop = NO_RECOVERY;
-        return NSS_STATUS_UNAVAIL;
-}
-
-NSS_GETHOSTBYNAME_FALLBACKS(resolve);
-NSS_GETHOSTBYADDR_FALLBACKS(resolve);
diff --git a/src/path/Makefile b/src/path/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/path/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/path/path.c b/src/path/path.c
deleted file mode 100644
index 61d877fcf8..0000000000
--- a/src/path/path.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "sd-path.h"
-
-#include "alloc-util.h"
-#include "log.h"
-#include "macro.h"
-#include "string-util.h"
-#include "util.h"
-
-static const char *arg_suffix = NULL;
-
-static const char* const path_table[_SD_PATH_MAX] = {
-        [SD_PATH_TEMPORARY] = "temporary",
-        [SD_PATH_TEMPORARY_LARGE] = "temporary-large",
-        [SD_PATH_SYSTEM_BINARIES] = "system-binaries",
-        [SD_PATH_SYSTEM_INCLUDE] = "system-include",
-        [SD_PATH_SYSTEM_LIBRARY_PRIVATE] = "system-library-private",
-        [SD_PATH_SYSTEM_LIBRARY_ARCH] = "system-library-arch",
-        [SD_PATH_SYSTEM_SHARED] = "system-shared",
-        [SD_PATH_SYSTEM_CONFIGURATION_FACTORY] = "system-configuration-factory",
-        [SD_PATH_SYSTEM_STATE_FACTORY] = "system-state-factory",
-        [SD_PATH_SYSTEM_CONFIGURATION] = "system-configuration",
-        [SD_PATH_SYSTEM_RUNTIME] = "system-runtime",
-        [SD_PATH_SYSTEM_RUNTIME_LOGS] = "system-runtime-logs",
-        [SD_PATH_SYSTEM_STATE_PRIVATE] = "system-state-private",
-        [SD_PATH_SYSTEM_STATE_LOGS] = "system-state-logs",
-        [SD_PATH_SYSTEM_STATE_CACHE] = "system-state-cache",
-        [SD_PATH_SYSTEM_STATE_SPOOL] = "system-state-spool",
-        [SD_PATH_USER_BINARIES] = "user-binaries",
-        [SD_PATH_USER_LIBRARY_PRIVATE] = "user-library-private",
-        [SD_PATH_USER_LIBRARY_ARCH] = "user-library-arch",
-        [SD_PATH_USER_SHARED] = "user-shared",
-        [SD_PATH_USER_CONFIGURATION] = "user-configuration",
-        [SD_PATH_USER_RUNTIME] = "user-runtime",
-        [SD_PATH_USER_STATE_CACHE] = "user-state-cache",
-        [SD_PATH_USER] = "user",
-        [SD_PATH_USER_DOCUMENTS] = "user-documents",
-        [SD_PATH_USER_MUSIC] = "user-music",
-        [SD_PATH_USER_PICTURES] = "user-pictures",
-        [SD_PATH_USER_VIDEOS] = "user-videos",
-        [SD_PATH_USER_DOWNLOAD] = "user-download",
-        [SD_PATH_USER_PUBLIC] = "user-public",
-        [SD_PATH_USER_TEMPLATES] = "user-templates",
-        [SD_PATH_USER_DESKTOP] = "user-desktop",
-        [SD_PATH_SEARCH_BINARIES] = "search-binaries",
-        [SD_PATH_SEARCH_LIBRARY_PRIVATE] = "search-library-private",
-        [SD_PATH_SEARCH_LIBRARY_ARCH] = "search-library-arch",
-        [SD_PATH_SEARCH_SHARED] = "search-shared",
-        [SD_PATH_SEARCH_CONFIGURATION_FACTORY] = "search-configuration-factory",
-        [SD_PATH_SEARCH_STATE_FACTORY] = "search-state-factory",
-        [SD_PATH_SEARCH_CONFIGURATION] = "search-configuration",
-};
-
-static int list_homes(void) {
-        uint64_t i = 0;
-        int r = 0;
-
-        for (i = 0; i < ELEMENTSOF(path_table); i++) {
-                _cleanup_free_ char *p = NULL;
-                int q;
-
-                q = sd_path_home(i, arg_suffix, &p);
-                if (q == -ENXIO)
-                        continue;
-                if (q < 0) {
-                        log_error_errno(r, "Failed to query %s: %m", path_table[i]);
-                        r = q;
-                        continue;
-                }
-
-                printf("%s: %s\n", path_table[i], p);
-        }
-
-        return r;
-}
-
-static int print_home(const char *n) {
-        uint64_t i = 0;
-        int r;
-
-        for (i = 0; i < ELEMENTSOF(path_table); i++) {
-                if (streq(path_table[i], n)) {
-                        _cleanup_free_ char *p = NULL;
-
-                        r = sd_path_home(i, arg_suffix, &p);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to query %s: %m", n);
-
-                        printf("%s\n", p);
-                        return 0;
-                }
-        }
-
-        log_error("Path %s not known.", n);
-        return -EOPNOTSUPP;
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] [NAME...]\n\n"
-               "Show system and user paths.\n\n"
-               "  -h --help             Show this help\n"
-               "     --version          Show package version\n"
-               "     --suffix=SUFFIX    Suffix to append to paths\n",
-               program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_SUFFIX,
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, 'h'           },
-                { "version",   no_argument,       NULL, ARG_VERSION   },
-                { "suffix",    required_argument, NULL, ARG_SUFFIX    },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_SUFFIX:
-                        arg_suffix = optarg;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-int main(int argc, char* argv[]) {
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        if (argc > optind) {
-                int i, q;
-
-                for (i = optind; i < argc; i++) {
-                        q = print_home(argv[i]);
-                        if (q < 0)
-                                r = q;
-                }
-        } else
-                r = list_homes();
-
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/quotacheck/Makefile b/src/quotacheck/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/quotacheck/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/random-seed/Makefile b/src/random-seed/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/random-seed/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/rc-local-generator/Makefile b/src/rc-local-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/rc-local-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/remount-fs/Makefile b/src/remount-fs/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/remount-fs/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/reply-password/Makefile b/src/reply-password/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/reply-password/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/resolve/Makefile b/src/resolve/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/resolve/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/resolve/resolve-tool.c b/src/resolve/resolve-tool.c
deleted file mode 100644
index 14ee01c49d..0000000000
--- a/src/resolve/resolve-tool.c
+++ /dev/null
@@ -1,1484 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-#include <net/if.h>
-
-#include "sd-bus.h"
-
-#include "af-list.h"
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "escape.h"
-#include "in-addr-util.h"
-#include "gcrypt-util.h"
-#include "parse-util.h"
-#include "resolved-def.h"
-#include "resolved-dns-packet.h"
-#include "terminal-util.h"
-
-#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
-
-static int arg_family = AF_UNSPEC;
-static int arg_ifindex = 0;
-static uint16_t arg_type = 0;
-static uint16_t arg_class = 0;
-static bool arg_legend = true;
-static uint64_t arg_flags = 0;
-
-typedef enum ServiceFamily {
-        SERVICE_FAMILY_TCP,
-        SERVICE_FAMILY_UDP,
-        SERVICE_FAMILY_SCTP,
-        _SERVICE_FAMILY_INVALID = -1,
-} ServiceFamily;
-static ServiceFamily arg_service_family = SERVICE_FAMILY_TCP;
-
-typedef enum RawType {
-        RAW_NONE,
-        RAW_PAYLOAD,
-        RAW_PACKET,
-} RawType;
-static RawType arg_raw = RAW_NONE;
-
-static enum {
-        MODE_RESOLVE_HOST,
-        MODE_RESOLVE_RECORD,
-        MODE_RESOLVE_SERVICE,
-        MODE_RESOLVE_OPENPGP,
-        MODE_RESOLVE_TLSA,
-        MODE_STATISTICS,
-        MODE_RESET_STATISTICS,
-} arg_mode = MODE_RESOLVE_HOST;
-
-static ServiceFamily service_family_from_string(const char *s) {
-        if (s == NULL || streq(s, "tcp"))
-                return SERVICE_FAMILY_TCP;
-        if (streq(s, "udp"))
-                return SERVICE_FAMILY_UDP;
-        if (streq(s, "sctp"))
-                return SERVICE_FAMILY_SCTP;
-        return _SERVICE_FAMILY_INVALID;
-}
-
-static const char* service_family_to_string(ServiceFamily service) {
-        switch(service) {
-        case SERVICE_FAMILY_TCP:
-                return "_tcp";
-        case SERVICE_FAMILY_UDP:
-                return "_udp";
-        case SERVICE_FAMILY_SCTP:
-                return "_sctp";
-        default:
-                assert_not_reached("invalid service");
-        }
-}
-
-static void print_source(uint64_t flags, usec_t rtt) {
-        char rtt_str[FORMAT_TIMESTAMP_MAX];
-
-        if (!arg_legend)
-                return;
-
-        if (flags == 0)
-                return;
-
-        fputs("\n-- Information acquired via", stdout);
-
-        if (flags != 0)
-                printf(" protocol%s%s%s%s%s",
-                       flags & SD_RESOLVED_DNS ? " DNS" :"",
-                       flags & SD_RESOLVED_LLMNR_IPV4 ? " LLMNR/IPv4" : "",
-                       flags & SD_RESOLVED_LLMNR_IPV6 ? " LLMNR/IPv6" : "",
-                       flags & SD_RESOLVED_MDNS_IPV4 ? "mDNS/IPv4" : "",
-                       flags & SD_RESOLVED_MDNS_IPV6 ? "mDNS/IPv6" : "");
-
-        assert_se(format_timespan(rtt_str, sizeof(rtt_str), rtt, 100));
-
-        printf(" in %s", rtt_str);
-
-        fputc('.', stdout);
-        fputc('\n', stdout);
-
-        printf("-- Data is authenticated: %s\n", yes_no(flags & SD_RESOLVED_AUTHENTICATED));
-}
-
-static int resolve_host(sd_bus *bus, const char *name) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *canonical = NULL;
-        char ifname[IF_NAMESIZE] = "";
-        unsigned c = 0;
-        int r;
-        uint64_t flags;
-        usec_t ts;
-
-        assert(name);
-
-        if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
-                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
-
-        log_debug("Resolving %s (family %s, interface %s).", name, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &req,
-                        "org.freedesktop.resolve1",
-                        "/org/freedesktop/resolve1",
-                        "org.freedesktop.resolve1.Manager",
-                        "ResolveHostname");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(req, "isit", arg_ifindex, name, arg_family, arg_flags);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        ts = now(CLOCK_MONOTONIC);
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-        if (r < 0)
-                return log_error_errno(r, "%s: resolve call failed: %s", name, bus_error_message(&error, r));
-
-        ts = now(CLOCK_MONOTONIC) - ts;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
-                _cleanup_free_ char *pretty = NULL;
-                int ifindex, family;
-                const void *a;
-                size_t sz;
-
-                assert_cc(sizeof(int) == sizeof(int32_t));
-
-                r = sd_bus_message_read(reply, "ii", &ifindex, &family);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_read_array(reply, 'y', &a, &sz);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (!IN_SET(family, AF_INET, AF_INET6)) {
-                        log_debug("%s: skipping entry with family %d (%s)", name, family, af_to_name(family) ?: "unknown");
-                        continue;
-                }
-
-                if (sz != FAMILY_ADDRESS_SIZE(family)) {
-                        log_error("%s: systemd-resolved returned address of invalid size %zu for family %s", name, sz, af_to_name(family) ?: "unknown");
-                        return -EINVAL;
-                }
-
-                ifname[0] = 0;
-                if (ifindex > 0 && !if_indextoname(ifindex, ifname))
-                        log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
-                r = in_addr_to_string(family, a, &pretty);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to print address for %s: %m", name);
-
-                printf("%*s%s %s%s%s\n",
-                       (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
-                       pretty,
-                       isempty(ifname) ? "" : "%", ifname);
-
-                c++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_read(reply, "st", &canonical, &flags);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (!streq(name, canonical))
-                printf("%*s%s (%s)\n",
-                       (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
-                       canonical);
-
-        if (c == 0) {
-                log_error("%s: no addresses found", name);
-                return -ESRCH;
-        }
-
-        print_source(flags, ts);
-
-        return 0;
-}
-
-static int resolve_address(sd_bus *bus, int family, const union in_addr_union *address, int ifindex) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_free_ char *pretty = NULL;
-        char ifname[IF_NAMESIZE] = "";
-        uint64_t flags;
-        unsigned c = 0;
-        usec_t ts;
-        int r;
-
-        assert(bus);
-        assert(IN_SET(family, AF_INET, AF_INET6));
-        assert(address);
-
-        if (ifindex <= 0)
-                ifindex = arg_ifindex;
-
-        r = in_addr_to_string(family, address, &pretty);
-        if (r < 0)
-                return log_oom();
-
-        if (ifindex > 0 && !if_indextoname(ifindex, ifname))
-                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
-        log_debug("Resolving %s%s%s.", pretty, isempty(ifname) ? "" : "%", ifname);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &req,
-                        "org.freedesktop.resolve1",
-                        "/org/freedesktop/resolve1",
-                        "org.freedesktop.resolve1.Manager",
-                        "ResolveAddress");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(req, "ii", ifindex, family);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_array(req, 'y', address, FAMILY_ADDRESS_SIZE(family));
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(req, "t", arg_flags);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        ts = now(CLOCK_MONOTONIC);
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-        if (r < 0) {
-                log_error("%s: resolve call failed: %s", pretty, bus_error_message(&error, r));
-                return r;
-        }
-
-        ts = now(CLOCK_MONOTONIC) - ts;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(is)");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        while ((r = sd_bus_message_enter_container(reply, 'r', "is")) > 0) {
-                const char *n;
-
-                assert_cc(sizeof(int) == sizeof(int32_t));
-
-                r = sd_bus_message_read(reply, "is", &ifindex, &n);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return r;
-
-                ifname[0] = 0;
-                if (ifindex > 0 && !if_indextoname(ifindex, ifname))
-                        log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
-                printf("%*s%*s%*s%s %s\n",
-                       (int) strlen(pretty), c == 0 ? pretty : "",
-                       isempty(ifname) ? 0 : 1, c > 0 || isempty(ifname) ? "" : "%",
-                       (int) strlen(ifname), c == 0 ? ifname : "",
-                       c == 0 ? ":" : " ",
-                       n);
-
-                c++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_read(reply, "t", &flags);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (c == 0) {
-                log_error("%s: no names found", pretty);
-                return -ESRCH;
-        }
-
-        print_source(flags, ts);
-
-        return 0;
-}
-
-static int parse_address(const char *s, int *family, union in_addr_union *address, int *ifindex) {
-        const char *percent, *a;
-        int ifi = 0;
-        int r;
-
-        percent = strchr(s, '%');
-        if (percent) {
-                if (parse_ifindex(percent+1, &ifi) < 0) {
-                        ifi = if_nametoindex(percent+1);
-                        if (ifi <= 0)
-                                return -EINVAL;
-                }
-
-                a = strndupa(s, percent - s);
-        } else
-                a = s;
-
-        r = in_addr_from_string_auto(a, family, address);
-        if (r < 0)
-                return r;
-
-        *ifindex = ifi;
-        return 0;
-}
-
-static int output_rr_packet(const void *d, size_t l, int ifindex) {
-        _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
-        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
-        int r;
-        char ifname[IF_NAMESIZE] = "";
-
-        r = dns_packet_new(&p, DNS_PROTOCOL_DNS, 0);
-        if (r < 0)
-                return log_oom();
-
-        p->refuse_compression = true;
-
-        r = dns_packet_append_blob(p, d, l, NULL);
-        if (r < 0)
-                return log_oom();
-
-        r = dns_packet_read_rr(p, &rr, NULL, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to parse RR: %m");
-
-        if (arg_raw == RAW_PAYLOAD) {
-                void *data;
-                ssize_t k;
-
-                k = dns_resource_record_payload(rr, &data);
-                if (k < 0)
-                        return log_error_errno(k, "Cannot dump RR: %m");
-                fwrite(data, 1, k, stdout);
-        } else {
-                const char *s;
-
-                s = dns_resource_record_to_string(rr);
-                if (!s)
-                        return log_oom();
-
-                if (ifindex > 0 && !if_indextoname(ifindex, ifname))
-                        log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
-                printf("%s%s%s\n", s, isempty(ifname) ? "" : " # interface ", ifname);
-        }
-
-        return 0;
-}
-
-static int resolve_record(sd_bus *bus, const char *name, uint16_t class, uint16_t type) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char ifname[IF_NAMESIZE] = "";
-        unsigned n = 0;
-        uint64_t flags;
-        int r;
-        usec_t ts;
-        bool needs_authentication = false;
-
-        assert(name);
-
-        if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
-                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
-
-        log_debug("Resolving %s %s %s (interface %s).", name, dns_class_to_string(class), dns_type_to_string(type), isempty(ifname) ? "*" : ifname);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &req,
-                        "org.freedesktop.resolve1",
-                        "/org/freedesktop/resolve1",
-                        "org.freedesktop.resolve1.Manager",
-                        "ResolveRecord");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(req, "isqqt", arg_ifindex, name, class, type, arg_flags);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        ts = now(CLOCK_MONOTONIC);
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-        if (r < 0) {
-                log_error("%s: resolve call failed: %s", name, bus_error_message(&error, r));
-                return r;
-        }
-
-        ts = now(CLOCK_MONOTONIC) - ts;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(iqqay)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_enter_container(reply, 'r', "iqqay")) > 0) {
-                uint16_t c, t;
-                int ifindex;
-                const void *d;
-                size_t l;
-
-                assert_cc(sizeof(int) == sizeof(int32_t));
-
-                r = sd_bus_message_read(reply, "iqq", &ifindex, &c, &t);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_read_array(reply, 'y', &d, &l);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (arg_raw == RAW_PACKET) {
-                        uint64_t u64 = htole64(l);
-
-                        fwrite(&u64, sizeof(u64), 1, stdout);
-                        fwrite(d, 1, l, stdout);
-                } else {
-                        r = output_rr_packet(d, l, ifindex);
-                        if (r < 0)
-                                return r;
-                }
-
-                if (dns_type_needs_authentication(t))
-                        needs_authentication = true;
-
-                n++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_read(reply, "t", &flags);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (n == 0) {
-                log_error("%s: no records found", name);
-                return -ESRCH;
-        }
-
-        print_source(flags, ts);
-
-        if ((flags & SD_RESOLVED_AUTHENTICATED) == 0 && needs_authentication) {
-                fflush(stdout);
-
-                fprintf(stderr, "\n%s"
-                       "WARNING: The resources shown contain cryptographic key data which could not be\n"
-                       "         authenticated. It is not suitable to authenticate any communication.\n"
-                       "         This is usually indication that DNSSEC authentication was not enabled\n"
-                       "         or is not available for the selected protocol or DNS servers.%s\n",
-                       ansi_highlight_red(),
-                       ansi_normal());
-        }
-
-        return 0;
-}
-
-static int resolve_rfc4501(sd_bus *bus, const char *name) {
-        uint16_t type = 0, class = 0;
-        const char *p, *q, *n;
-        int r;
-
-        assert(bus);
-        assert(name);
-        assert(startswith(name, "dns:"));
-
-        /* Parse RFC 4501 dns: URIs */
-
-        p = name + 4;
-
-        if (p[0] == '/') {
-                const char *e;
-
-                if (p[1] != '/')
-                        goto invalid;
-
-                e = strchr(p + 2, '/');
-                if (!e)
-                        goto invalid;
-
-                if (e != p + 2)
-                        log_warning("DNS authority specification not supported; ignoring specified authority.");
-
-                p = e + 1;
-        }
-
-        q = strchr(p, '?');
-        if (q) {
-                n = strndupa(p, q - p);
-                q++;
-
-                for (;;) {
-                        const char *f;
-
-                        f = startswith_no_case(q, "class=");
-                        if (f) {
-                                _cleanup_free_ char *t = NULL;
-                                const char *e;
-
-                                if (class != 0) {
-                                        log_error("DNS class specified twice.");
-                                        return -EINVAL;
-                                }
-
-                                e = strchrnul(f, ';');
-                                t = strndup(f, e - f);
-                                if (!t)
-                                        return log_oom();
-
-                                r = dns_class_from_string(t);
-                                if (r < 0) {
-                                        log_error("Unknown DNS class %s.", t);
-                                        return -EINVAL;
-                                }
-
-                                class = r;
-
-                                if (*e == ';') {
-                                        q = e + 1;
-                                        continue;
-                                }
-
-                                break;
-                        }
-
-                        f = startswith_no_case(q, "type=");
-                        if (f) {
-                                _cleanup_free_ char *t = NULL;
-                                const char *e;
-
-                                if (type != 0) {
-                                        log_error("DNS type specified twice.");
-                                        return -EINVAL;
-                                }
-
-                                e = strchrnul(f, ';');
-                                t = strndup(f, e - f);
-                                if (!t)
-                                        return log_oom();
-
-                                r = dns_type_from_string(t);
-                                if (r < 0) {
-                                        log_error("Unknown DNS type %s.", t);
-                                        return -EINVAL;
-                                }
-
-                                type = r;
-
-                                if (*e == ';') {
-                                        q = e + 1;
-                                        continue;
-                                }
-
-                                break;
-                        }
-
-                        goto invalid;
-                }
-        } else
-                n = p;
-
-        if (class == 0)
-                class = arg_class ?: DNS_CLASS_IN;
-        if (type == 0)
-                type = arg_type ?: DNS_TYPE_A;
-
-        return resolve_record(bus, n, class, type);
-
-invalid:
-        log_error("Invalid DNS URI: %s", name);
-        return -EINVAL;
-}
-
-static int resolve_service(sd_bus *bus, const char *name, const char *type, const char *domain) {
-        const char *canonical_name, *canonical_type, *canonical_domain;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char ifname[IF_NAMESIZE] = "";
-        size_t indent, sz;
-        uint64_t flags;
-        const char *p;
-        unsigned c;
-        usec_t ts;
-        int r;
-
-        assert(bus);
-        assert(domain);
-
-        if (isempty(name))
-                name = NULL;
-        if (isempty(type))
-                type = NULL;
-
-        if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
-                return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
-
-        if (name)
-                log_debug("Resolving service \"%s\" of type %s in %s (family %s, interface %s).", name, type, domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
-        else if (type)
-                log_debug("Resolving service type %s of %s (family %s, interface %s).", type, domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
-        else
-                log_debug("Resolving service type %s (family %s, interface %s).", domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &req,
-                        "org.freedesktop.resolve1",
-                        "/org/freedesktop/resolve1",
-                        "org.freedesktop.resolve1.Manager",
-                        "ResolveService");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append(req, "isssit", arg_ifindex, name, type, domain, arg_family, arg_flags);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        ts = now(CLOCK_MONOTONIC);
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-        if (r < 0)
-                return log_error_errno(r, "Resolve call failed: %s", bus_error_message(&error, r));
-
-        ts = now(CLOCK_MONOTONIC) - ts;
-
-        r = sd_bus_message_enter_container(reply, 'a', "(qqqsa(iiay)s)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        indent =
-                (name ? strlen(name) + 1 : 0) +
-                (type ? strlen(type) + 1 : 0) +
-                strlen(domain) + 2;
-
-        c = 0;
-        while ((r = sd_bus_message_enter_container(reply, 'r', "qqqsa(iiay)s")) > 0) {
-                uint16_t priority, weight, port;
-                const char *hostname, *canonical;
-
-                r = sd_bus_message_read(reply, "qqqs", &priority, &weight, &port, &hostname);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (name)
-                        printf("%*s%s", (int) strlen(name), c == 0 ? name : "", c == 0 ? "/" : " ");
-                if (type)
-                        printf("%*s%s", (int) strlen(type), c == 0 ? type : "", c == 0 ? "/" : " ");
-
-                printf("%*s%s %s:%u [priority=%u, weight=%u]\n",
-                       (int) strlen(domain), c == 0 ? domain : "",
-                       c == 0 ? ":" : " ",
-                       hostname, port,
-                       priority, weight);
-
-                r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
-                        _cleanup_free_ char *pretty = NULL;
-                        int ifindex, family;
-                        const void *a;
-
-                        assert_cc(sizeof(int) == sizeof(int32_t));
-
-                        r = sd_bus_message_read(reply, "ii", &ifindex, &family);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_read_array(reply, 'y', &a, &sz);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(reply);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (!IN_SET(family, AF_INET, AF_INET6)) {
-                                log_debug("%s: skipping entry with family %d (%s)", name, family, af_to_name(family) ?: "unknown");
-                                continue;
-                        }
-
-                        if (sz != FAMILY_ADDRESS_SIZE(family)) {
-                                log_error("%s: systemd-resolved returned address of invalid size %zu for family %s", name, sz, af_to_name(family) ?: "unknown");
-                                return -EINVAL;
-                        }
-
-                        ifname[0] = 0;
-                        if (ifindex > 0 && !if_indextoname(ifindex, ifname))
-                                log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
-
-                        r = in_addr_to_string(family, a, &pretty);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to print address for %s: %m", name);
-
-                        printf("%*s%s%s%s\n", (int) indent, "", pretty, isempty(ifname) ? "" : "%s", ifname);
-                }
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_read(reply, "s", &canonical);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (!streq(hostname, canonical))
-                        printf("%*s(%s)\n", (int) indent, "", canonical);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                c++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_enter_container(reply, 'a', "ay");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        c = 0;
-        while ((r = sd_bus_message_read_array(reply, 'y', (const void**) &p, &sz)) > 0) {
-                _cleanup_free_ char *escaped = NULL;
-
-                escaped = cescape_length(p, sz);
-                if (!escaped)
-                        return log_oom();
-
-                printf("%*s%s\n", (int) indent, "", escaped);
-                c++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_read(reply, "ssst", &canonical_name, &canonical_type, &canonical_domain, &flags);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (isempty(canonical_name))
-                canonical_name = NULL;
-        if (isempty(canonical_type))
-                canonical_type = NULL;
-
-        if (!streq_ptr(name, canonical_name) ||
-            !streq_ptr(type, canonical_type) ||
-            !streq_ptr(domain, canonical_domain)) {
-
-                printf("%*s(", (int) indent, "");
-
-                if (canonical_name)
-                        printf("%s/", canonical_name);
-                if (canonical_type)
-                        printf("%s/", canonical_type);
-
-                printf("%s)\n", canonical_domain);
-        }
-
-        print_source(flags, ts);
-
-        return 0;
-}
-
-static int resolve_openpgp(sd_bus *bus, const char *address) {
-        const char *domain, *full;
-        int r;
-        _cleanup_free_ char *hashed = NULL;
-
-        assert(bus);
-        assert(address);
-
-        domain = strrchr(address, '@');
-        if (!domain) {
-                log_error("Address does not contain '@': \"%s\"", address);
-                return -EINVAL;
-        } else if (domain == address || domain[1] == '\0') {
-                log_error("Address starts or ends with '@': \"%s\"", address);
-                return -EINVAL;
-        }
-        domain++;
-
-        r = string_hashsum_sha224(address, domain - 1 - address, &hashed);
-        if (r < 0)
-                return log_error_errno(r, "Hashing failed: %m");
-
-        full = strjoina(hashed, "._openpgpkey.", domain);
-        log_debug("Looking up \"%s\".", full);
-
-        return resolve_record(bus, full,
-                              arg_class ?: DNS_CLASS_IN,
-                              arg_type ?: DNS_TYPE_OPENPGPKEY);
-}
-
-static int resolve_tlsa(sd_bus *bus, const char *address) {
-        const char *port;
-        uint16_t port_num = 443;
-        _cleanup_free_ char *full = NULL;
-        int r;
-
-        assert(bus);
-        assert(address);
-
-        port = strrchr(address, ':');
-        if (port) {
-                r = safe_atou16(port + 1, &port_num);
-                if (r < 0 || port_num == 0)
-                        return log_error_errno(r, "Invalid port \"%s\".", port + 1);
-
-                address = strndupa(address, port - address);
-        }
-
-        r = asprintf(&full, "_%u.%s.%s",
-                     port_num,
-                     service_family_to_string(arg_service_family),
-                     address);
-        if (r < 0)
-                return log_oom();
-
-        log_debug("Looking up \"%s\".", full);
-
-        return resolve_record(bus, full,
-                              arg_class ?: DNS_CLASS_IN,
-                              arg_type ?: DNS_TYPE_TLSA);
-}
-
-static int show_statistics(sd_bus *bus) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        uint64_t n_current_transactions, n_total_transactions,
-                cache_size, n_cache_hit, n_cache_miss,
-                n_dnssec_secure, n_dnssec_insecure, n_dnssec_bogus, n_dnssec_indeterminate;
-        int r, dnssec_supported;
-
-        assert(bus);
-
-        r = sd_bus_get_property_trivial(bus,
-                                        "org.freedesktop.resolve1",
-                                        "/org/freedesktop/resolve1",
-                                        "org.freedesktop.resolve1.Manager",
-                                        "DNSSECSupported",
-                                        &error,
-                                        'b',
-                                        &dnssec_supported);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get DNSSEC supported state: %s", bus_error_message(&error, r));
-
-        printf("DNSSEC supported by current servers: %s%s%s\n\n",
-               ansi_highlight(),
-               yes_no(dnssec_supported),
-               ansi_normal());
-
-        r = sd_bus_get_property(bus,
-                                "org.freedesktop.resolve1",
-                                "/org/freedesktop/resolve1",
-                                "org.freedesktop.resolve1.Manager",
-                                "TransactionStatistics",
-                                &error,
-                                &reply,
-                                "(tt)");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get transaction statistics: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_read(reply, "(tt)",
-                                &n_current_transactions,
-                                &n_total_transactions);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        printf("%sTransactions%s\n"
-               "Current Transactions: %" PRIu64 "\n"
-               "  Total Transactions: %" PRIu64 "\n",
-               ansi_highlight(),
-               ansi_normal(),
-               n_current_transactions,
-               n_total_transactions);
-
-        reply = sd_bus_message_unref(reply);
-
-        r = sd_bus_get_property(bus,
-                                "org.freedesktop.resolve1",
-                                "/org/freedesktop/resolve1",
-                                "org.freedesktop.resolve1.Manager",
-                                "CacheStatistics",
-                                &error,
-                                &reply,
-                                "(ttt)");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get cache statistics: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_read(reply, "(ttt)",
-                                &cache_size,
-                                &n_cache_hit,
-                                &n_cache_miss);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        printf("\n%sCache%s\n"
-               "  Current Cache Size: %" PRIu64 "\n"
-               "          Cache Hits: %" PRIu64 "\n"
-               "        Cache Misses: %" PRIu64 "\n",
-               ansi_highlight(),
-               ansi_normal(),
-               cache_size,
-               n_cache_hit,
-               n_cache_miss);
-
-        reply = sd_bus_message_unref(reply);
-
-        r = sd_bus_get_property(bus,
-                                "org.freedesktop.resolve1",
-                                "/org/freedesktop/resolve1",
-                                "org.freedesktop.resolve1.Manager",
-                                "DNSSECStatistics",
-                                &error,
-                                &reply,
-                                "(tttt)");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get DNSSEC statistics: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_read(reply, "(tttt)",
-                                &n_dnssec_secure,
-                                &n_dnssec_insecure,
-                                &n_dnssec_bogus,
-                                &n_dnssec_indeterminate);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        printf("\n%sDNSSEC Verdicts%s\n"
-               "              Secure: %" PRIu64 "\n"
-               "            Insecure: %" PRIu64 "\n"
-               "               Bogus: %" PRIu64 "\n"
-               "       Indeterminate: %" PRIu64 "\n",
-               ansi_highlight(),
-               ansi_normal(),
-               n_dnssec_secure,
-               n_dnssec_insecure,
-               n_dnssec_bogus,
-               n_dnssec_indeterminate);
-
-        return 0;
-}
-
-static int reset_statistics(sd_bus *bus) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.resolve1",
-                               "/org/freedesktop/resolve1",
-                               "org.freedesktop.resolve1.Manager",
-                               "ResetStatistics",
-                               &error,
-                               NULL,
-                               NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to reset statistics: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static void help_protocol_types(void) {
-        if (arg_legend)
-                puts("Known protocol types:");
-        puts("dns\nllmnr\nllmnr-ipv4\nllmnr-ipv6");
-}
-
-static void help_dns_types(void) {
-        int i;
-        const char *t;
-
-        if (arg_legend)
-                puts("Known DNS RR types:");
-        for (i = 0; i < _DNS_TYPE_MAX; i++) {
-                t = dns_type_to_string(i);
-                if (t)
-                        puts(t);
-        }
-}
-
-static void help_dns_classes(void) {
-        int i;
-        const char *t;
-
-        if (arg_legend)
-                puts("Known DNS RR classes:");
-        for (i = 0; i < _DNS_CLASS_MAX; i++) {
-                t = dns_class_to_string(i);
-                if (t)
-                        puts(t);
-        }
-}
-
-static void help(void) {
-        printf("%1$s [OPTIONS...] HOSTNAME|ADDRESS...\n"
-               "%1$s [OPTIONS...] --service [[NAME] TYPE] DOMAIN\n"
-               "%1$s [OPTIONS...] --openpgp EMAIL@DOMAIN...\n"
-               "%1$s [OPTIONS...] --statistics\n"
-               "%1$s [OPTIONS...] --reset-statistics\n"
-               "\n"
-               "Resolve domain names, IPv4 and IPv6 addresses, DNS resource records, and services.\n\n"
-               "  -h --help                 Show this help\n"
-               "     --version              Show package version\n"
-               "  -4                        Resolve IPv4 addresses\n"
-               "  -6                        Resolve IPv6 addresses\n"
-               "  -i --interface=INTERFACE  Look on interface\n"
-               "  -p --protocol=PROTO|help  Look via protocol\n"
-               "  -t --type=TYPE|help       Query RR with DNS type\n"
-               "  -c --class=CLASS|help     Query RR with DNS class\n"
-               "     --service              Resolve service (SRV)\n"
-               "     --service-address=BOOL Resolve address for services (default: yes)\n"
-               "     --service-txt=BOOL     Resolve TXT records for services (default: yes)\n"
-               "     --openpgp              Query OpenPGP public key\n"
-               "     --tlsa                 Query TLS public key\n"
-               "     --cname=BOOL           Follow CNAME redirects (default: yes)\n"
-               "     --search=BOOL          Use search domains for single-label names\n"
-               "                                                              (default: yes)\n"
-               "     --raw[=payload|packet] Dump the answer as binary data\n"
-               "     --legend=BOOL          Print headers and additional info (default: yes)\n"
-               "     --statistics           Show resolver statistics\n"
-               "     --reset-statistics     Reset resolver statistics\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_LEGEND,
-                ARG_SERVICE,
-                ARG_CNAME,
-                ARG_SERVICE_ADDRESS,
-                ARG_SERVICE_TXT,
-                ARG_OPENPGP,
-                ARG_TLSA,
-                ARG_RAW,
-                ARG_SEARCH,
-                ARG_STATISTICS,
-                ARG_RESET_STATISTICS,
-        };
-
-        static const struct option options[] = {
-                { "help",             no_argument,       NULL, 'h'                  },
-                { "version",          no_argument,       NULL, ARG_VERSION          },
-                { "type",             required_argument, NULL, 't'                  },
-                { "class",            required_argument, NULL, 'c'                  },
-                { "legend",           required_argument, NULL, ARG_LEGEND           },
-                { "interface",        required_argument, NULL, 'i'                  },
-                { "protocol",         required_argument, NULL, 'p'                  },
-                { "cname",            required_argument, NULL, ARG_CNAME            },
-                { "service",          no_argument,       NULL, ARG_SERVICE          },
-                { "service-address",  required_argument, NULL, ARG_SERVICE_ADDRESS  },
-                { "service-txt",      required_argument, NULL, ARG_SERVICE_TXT      },
-                { "openpgp",          no_argument,       NULL, ARG_OPENPGP          },
-                { "tlsa",             optional_argument, NULL, ARG_TLSA             },
-                { "raw",              optional_argument, NULL, ARG_RAW              },
-                { "search",           required_argument, NULL, ARG_SEARCH           },
-                { "statistics",       no_argument,       NULL, ARG_STATISTICS,      },
-                { "reset-statistics", no_argument,       NULL, ARG_RESET_STATISTICS },
-                {}
-        };
-
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h46i:t:c:p:", options, NULL)) >= 0)
-                switch(c) {
-
-                case 'h':
-                        help();
-                        return 0; /* done */;
-
-                case ARG_VERSION:
-                        return version();
-
-                case '4':
-                        arg_family = AF_INET;
-                        break;
-
-                case '6':
-                        arg_family = AF_INET6;
-                        break;
-
-                case 'i': {
-                        int ifi;
-
-                        if (parse_ifindex(optarg, &ifi) >= 0)
-                                arg_ifindex = ifi;
-                        else {
-                                ifi = if_nametoindex(optarg);
-                                if (ifi <= 0)
-                                        return log_error_errno(errno, "Unknown interface %s: %m", optarg);
-
-                                arg_ifindex = ifi;
-                        }
-
-                        break;
-                }
-
-                case 't':
-                        if (streq(optarg, "help")) {
-                                help_dns_types();
-                                return 0;
-                        }
-
-                        r = dns_type_from_string(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse RR record type %s", optarg);
-                                return r;
-                        }
-                        arg_type = (uint16_t) r;
-                        assert((int) arg_type == r);
-
-                        arg_mode = MODE_RESOLVE_RECORD;
-                        break;
-
-                case 'c':
-                        if (streq(optarg, "help")) {
-                                help_dns_classes();
-                                return 0;
-                        }
-
-                        r = dns_class_from_string(optarg);
-                        if (r < 0) {
-                                log_error("Failed to parse RR record class %s", optarg);
-                                return r;
-                        }
-                        arg_class = (uint16_t) r;
-                        assert((int) arg_class == r);
-
-                        break;
-
-                case ARG_LEGEND:
-                        r = parse_boolean(optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --legend= argument");
-
-                        arg_legend = r;
-                        break;
-
-                case 'p':
-                        if (streq(optarg, "help")) {
-                                help_protocol_types();
-                                return 0;
-                        } else if (streq(optarg, "dns"))
-                                arg_flags |= SD_RESOLVED_DNS;
-                        else if (streq(optarg, "llmnr"))
-                                arg_flags |= SD_RESOLVED_LLMNR;
-                        else if (streq(optarg, "llmnr-ipv4"))
-                                arg_flags |= SD_RESOLVED_LLMNR_IPV4;
-                        else if (streq(optarg, "llmnr-ipv6"))
-                                arg_flags |= SD_RESOLVED_LLMNR_IPV6;
-                        else {
-                                log_error("Unknown protocol specifier: %s", optarg);
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case ARG_SERVICE:
-                        arg_mode = MODE_RESOLVE_SERVICE;
-                        break;
-
-                case ARG_OPENPGP:
-                        arg_mode = MODE_RESOLVE_OPENPGP;
-                        break;
-
-                case ARG_TLSA:
-                        arg_mode = MODE_RESOLVE_TLSA;
-                        arg_service_family = service_family_from_string(optarg);
-                        if (arg_service_family < 0) {
-                                log_error("Unknown service family \"%s\".", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_RAW:
-                        if (on_tty()) {
-                                log_error("Refusing to write binary data to tty.");
-                                return -ENOTTY;
-                        }
-
-                        if (optarg == NULL || streq(optarg, "payload"))
-                                arg_raw = RAW_PAYLOAD;
-                        else if (streq(optarg, "packet"))
-                                arg_raw = RAW_PACKET;
-                        else {
-                                log_error("Unknown --raw specifier \"%s\".", optarg);
-                                return -EINVAL;
-                        }
-
-                        arg_legend = false;
-                        break;
-
-                case ARG_CNAME:
-                        r = parse_boolean(optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --cname= argument.");
-                        SET_FLAG(arg_flags, SD_RESOLVED_NO_CNAME, r == 0);
-                        break;
-
-                case ARG_SERVICE_ADDRESS:
-                        r = parse_boolean(optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --service-address= argument.");
-                        SET_FLAG(arg_flags, SD_RESOLVED_NO_ADDRESS, r == 0);
-                        break;
-
-                case ARG_SERVICE_TXT:
-                        r = parse_boolean(optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --service-txt= argument.");
-                        SET_FLAG(arg_flags, SD_RESOLVED_NO_TXT, r == 0);
-                        break;
-
-                case ARG_SEARCH:
-                        r = parse_boolean(optarg);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to parse --search argument.");
-                        SET_FLAG(arg_flags, SD_RESOLVED_NO_SEARCH, r == 0);
-                        break;
-
-                case ARG_STATISTICS:
-                        arg_mode = MODE_STATISTICS;
-                        break;
-
-                case ARG_RESET_STATISTICS:
-                        arg_mode = MODE_RESET_STATISTICS;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (arg_type == 0 && arg_class != 0) {
-                log_error("--class= may only be used in conjunction with --type=.");
-                return -EINVAL;
-        }
-
-        if (arg_type != 0 && arg_mode == MODE_RESOLVE_SERVICE) {
-                log_error("--service and --type= may not be combined.");
-                return -EINVAL;
-        }
-
-        if (arg_type != 0 && arg_class == 0)
-                arg_class = DNS_CLASS_IN;
-
-        if (arg_class != 0 && arg_type == 0)
-                arg_type = DNS_TYPE_A;
-
-        return 1 /* work to do */;
-}
-
-int main(int argc, char **argv) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = sd_bus_open_system(&bus);
-        if (r < 0) {
-                log_error_errno(r, "sd_bus_open_system: %m");
-                goto finish;
-        }
-
-        switch (arg_mode) {
-
-        case MODE_RESOLVE_HOST:
-                if (optind >= argc) {
-                        log_error("No arguments passed.");
-                        r = -EINVAL;
-                        goto finish;
-                }
-
-                while (argv[optind]) {
-                        int family, ifindex, k;
-                        union in_addr_union a;
-
-                        if (startswith(argv[optind], "dns:"))
-                                k = resolve_rfc4501(bus, argv[optind]);
-                        else {
-                                k = parse_address(argv[optind], &family, &a, &ifindex);
-                                if (k >= 0)
-                                        k = resolve_address(bus, family, &a, ifindex);
-                                else
-                                        k = resolve_host(bus, argv[optind]);
-                        }
-
-                        if (r == 0)
-                                r = k;
-
-                        optind++;
-                }
-                break;
-
-        case MODE_RESOLVE_RECORD:
-                if (optind >= argc) {
-                        log_error("No arguments passed.");
-                        r = -EINVAL;
-                        goto finish;
-                }
-
-                while (argv[optind]) {
-                        int k;
-
-                        k = resolve_record(bus, argv[optind], arg_class, arg_type);
-                        if (r == 0)
-                                r = k;
-
-                        optind++;
-                }
-                break;
-
-        case MODE_RESOLVE_SERVICE:
-                if (argc < optind + 1) {
-                        log_error("Domain specification required.");
-                        r = -EINVAL;
-                        goto finish;
-
-                } else if (argc == optind + 1)
-                        r = resolve_service(bus, NULL, NULL, argv[optind]);
-                else if (argc == optind + 2)
-                        r = resolve_service(bus, NULL, argv[optind], argv[optind+1]);
-                else if (argc == optind + 3)
-                        r = resolve_service(bus, argv[optind], argv[optind+1], argv[optind+2]);
-                else {
-                        log_error("Too many arguments.");
-                        r = -EINVAL;
-                        goto finish;
-                }
-
-                break;
-
-        case MODE_RESOLVE_OPENPGP:
-                if (argc < optind + 1) {
-                        log_error("E-mail address required.");
-                        r = -EINVAL;
-                        goto finish;
-
-                }
-
-                r = 0;
-                while (optind < argc) {
-                        int k;
-
-                        k = resolve_openpgp(bus, argv[optind++]);
-                        if (k < 0)
-                                r = k;
-                }
-                break;
-
-        case MODE_RESOLVE_TLSA:
-                if (argc < optind + 1) {
-                        log_error("Domain name required.");
-                        r = -EINVAL;
-                        goto finish;
-
-                }
-
-                r = 0;
-                while (optind < argc) {
-                        int k;
-
-                        k = resolve_tlsa(bus, argv[optind++]);
-                        if (k < 0)
-                                r = k;
-                }
-                break;
-
-        case MODE_STATISTICS:
-                if (argc > optind) {
-                        log_error("Too many arguments.");
-                        r = -EINVAL;
-                        goto finish;
-                }
-
-                r = show_statistics(bus);
-                break;
-
-        case MODE_RESET_STATISTICS:
-                if (argc > optind) {
-                        log_error("Too many arguments.");
-                        r = -EINVAL;
-                        goto finish;
-                }
-
-                r = reset_statistics(bus);
-                break;
-        }
-
-finish:
-        return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
-}
diff --git a/src/resolve/resolved-dns-query.h b/src/resolve/resolved-dns-query.h
deleted file mode 100644
index c2ac02f68b..0000000000
--- a/src/resolve/resolved-dns-query.h
+++ /dev/null
@@ -1,133 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-
-#include "sd-bus.h"
-
-#include "set.h"
-
-typedef struct DnsQueryCandidate DnsQueryCandidate;
-typedef struct DnsQuery DnsQuery;
-
-#include "resolved-dns-answer.h"
-#include "resolved-dns-question.h"
-#include "resolved-dns-stream.h"
-#include "resolved-dns-search-domain.h"
-
-struct DnsQueryCandidate {
-        DnsQuery *query;
-        DnsScope *scope;
-
-        DnsSearchDomain *search_domain;
-
-        int error_code;
-        Set *transactions;
-
-        LIST_FIELDS(DnsQueryCandidate, candidates_by_query);
-        LIST_FIELDS(DnsQueryCandidate, candidates_by_scope);
-};
-
-struct DnsQuery {
-        Manager *manager;
-
-        /* When resolving a service, we first create a TXT+SRV query,
-         * and then for the hostnames we discover auxiliary A+AAAA
-         * queries. This pointer always points from the auxiliary
-         * queries back to the TXT+SRV query. */
-        DnsQuery *auxiliary_for;
-        LIST_HEAD(DnsQuery, auxiliary_queries);
-        unsigned n_auxiliary_queries;
-        int auxiliary_result;
-
-        /* The question, formatted in IDNA for use on classic DNS, and as UTF8 for use in LLMNR or mDNS. Note that even
-         * on classic DNS some labels might use UTF8 encoding. Specifically, DNS-SD service names (in contrast to their
-         * domain suffixes) use UTF-8 encoding even on DNS. Thus, the difference between these two fields is mostly
-         * relevant only for explicit *hostname* lookups as well as the domain suffixes of service lookups. */
-        DnsQuestion *question_idna;
-        DnsQuestion *question_utf8;
-
-        uint64_t flags;
-        int ifindex;
-
-        /* If true, A or AAAA RR lookups will be suppressed on links with no routable address of the matching address
-         * family */
-        bool suppress_unroutable_family;
-
-        DnsTransactionState state;
-        unsigned n_cname_redirects;
-
-        LIST_HEAD(DnsQueryCandidate, candidates);
-        sd_event_source *timeout_event_source;
-
-        /* Discovered data */
-        DnsAnswer *answer;
-        int answer_rcode;
-        DnssecResult answer_dnssec_result;
-        bool answer_authenticated;
-        DnsProtocol answer_protocol;
-        int answer_family;
-        DnsSearchDomain *answer_search_domain;
-        int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
-
-        /* Bus client information */
-        sd_bus_message *request;
-        int request_family;
-        bool request_address_valid;
-        union in_addr_union request_address;
-        unsigned block_all_complete;
-        char *request_address_string;
-
-        /* Completion callback */
-        void (*complete)(DnsQuery* q);
-        unsigned block_ready;
-
-        sd_bus_track *bus_track;
-
-        LIST_FIELDS(DnsQuery, queries);
-        LIST_FIELDS(DnsQuery, auxiliary_queries);
-};
-
-enum {
-        DNS_QUERY_MATCH,
-        DNS_QUERY_NOMATCH,
-        DNS_QUERY_RESTARTED,
-};
-
-DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c);
-void dns_query_candidate_notify(DnsQueryCandidate *c);
-
-int dns_query_new(Manager *m, DnsQuery **q, DnsQuestion *question_utf8, DnsQuestion *question_idna, int family, uint64_t flags);
-DnsQuery *dns_query_free(DnsQuery *q);
-
-int dns_query_make_auxiliary(DnsQuery *q, DnsQuery *auxiliary_for);
-
-int dns_query_go(DnsQuery *q);
-void dns_query_ready(DnsQuery *q);
-
-int dns_query_process_cname(DnsQuery *q);
-
-int dns_query_bus_track(DnsQuery *q, sd_bus_message *m);
-
-DnsQuestion* dns_query_question_for_protocol(DnsQuery *q, DnsProtocol protocol);
-
-const char *dns_query_string(DnsQuery *q);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQuery*, dns_query_free);
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
deleted file mode 100644
index 3095c042db..0000000000
--- a/src/resolve/resolved-dns-server.c
+++ /dev/null
@@ -1,741 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sd-messages.h>
-
-#include "alloc-util.h"
-#include "resolved-dns-server.h"
-#include "resolved-resolv-conf.h"
-#include "siphash24.h"
-#include "string-table.h"
-#include "string-util.h"
-
-/* After how much time to repeat classic DNS requests */
-#define DNS_TIMEOUT_MIN_USEC (500 * USEC_PER_MSEC)
-#define DNS_TIMEOUT_MAX_USEC (5 * USEC_PER_SEC)
-
-/* The amount of time to wait before retrying with a full feature set */
-#define DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC (6 * USEC_PER_HOUR)
-#define DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC (5 * USEC_PER_MINUTE)
-
-/* The number of times we will attempt a certain feature set before degrading */
-#define DNS_SERVER_FEATURE_RETRY_ATTEMPTS 3
-
-int dns_server_new(
-                Manager *m,
-                DnsServer **ret,
-                DnsServerType type,
-                Link *l,
-                int family,
-                const union in_addr_union *in_addr) {
-
-        DnsServer *s;
-
-        assert(m);
-        assert((type == DNS_SERVER_LINK) == !!l);
-        assert(in_addr);
-
-        if (!IN_SET(family, AF_INET, AF_INET6))
-                return -EAFNOSUPPORT;
-
-        if (l) {
-                if (l->n_dns_servers >= LINK_DNS_SERVERS_MAX)
-                        return -E2BIG;
-        } else {
-                if (m->n_dns_servers >= MANAGER_DNS_SERVERS_MAX)
-                        return -E2BIG;
-        }
-
-        s = new0(DnsServer, 1);
-        if (!s)
-                return -ENOMEM;
-
-        s->n_ref = 1;
-        s->manager = m;
-        s->verified_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
-        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;
-        s->features_grace_period_usec = DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC;
-        s->received_udp_packet_max = DNS_PACKET_UNICAST_SIZE_MAX;
-        s->type = type;
-        s->family = family;
-        s->address = *in_addr;
-        s->resend_timeout = DNS_TIMEOUT_MIN_USEC;
-
-        switch (type) {
-
-        case DNS_SERVER_LINK:
-                s->link = l;
-                LIST_APPEND(servers, l->dns_servers, s);
-                l->n_dns_servers++;
-                break;
-
-        case DNS_SERVER_SYSTEM:
-                LIST_APPEND(servers, m->dns_servers, s);
-                m->n_dns_servers++;
-                break;
-
-        case DNS_SERVER_FALLBACK:
-                LIST_APPEND(servers, m->fallback_dns_servers, s);
-                m->n_dns_servers++;
-                break;
-
-        default:
-                assert_not_reached("Unknown server type");
-        }
-
-        s->linked = true;
-
-        /* A new DNS server that isn't fallback is added and the one
-         * we used so far was a fallback one? Then let's try to pick
-         * the new one */
-        if (type != DNS_SERVER_FALLBACK &&
-            m->current_dns_server &&
-            m->current_dns_server->type == DNS_SERVER_FALLBACK)
-                manager_set_dns_server(m, NULL);
-
-        if (ret)
-                *ret = s;
-
-        return 0;
-}
-
-DnsServer* dns_server_ref(DnsServer *s)  {
-        if (!s)
-                return NULL;
-
-        assert(s->n_ref > 0);
-        s->n_ref++;
-
-        return s;
-}
-
-DnsServer* dns_server_unref(DnsServer *s)  {
-        if (!s)
-                return NULL;
-
-        assert(s->n_ref > 0);
-        s->n_ref--;
-
-        if (s->n_ref > 0)
-                return NULL;
-
-        free(s->server_string);
-        free(s);
-        return NULL;
-}
-
-void dns_server_unlink(DnsServer *s) {
-        assert(s);
-        assert(s->manager);
-
-        /* This removes the specified server from the linked list of
-         * servers, but any server might still stay around if it has
-         * refs, for example from an ongoing transaction. */
-
-        if (!s->linked)
-                return;
-
-        switch (s->type) {
-
-        case DNS_SERVER_LINK:
-                assert(s->link);
-                assert(s->link->n_dns_servers > 0);
-                LIST_REMOVE(servers, s->link->dns_servers, s);
-                s->link->n_dns_servers--;
-                break;
-
-        case DNS_SERVER_SYSTEM:
-                assert(s->manager->n_dns_servers > 0);
-                LIST_REMOVE(servers, s->manager->dns_servers, s);
-                s->manager->n_dns_servers--;
-                break;
-
-        case DNS_SERVER_FALLBACK:
-                assert(s->manager->n_dns_servers > 0);
-                LIST_REMOVE(servers, s->manager->fallback_dns_servers, s);
-                s->manager->n_dns_servers--;
-                break;
-        }
-
-        s->linked = false;
-
-        if (s->link && s->link->current_dns_server == s)
-                link_set_dns_server(s->link, NULL);
-
-        if (s->manager->current_dns_server == s)
-                manager_set_dns_server(s->manager, NULL);
-
-        dns_server_unref(s);
-}
-
-void dns_server_move_back_and_unmark(DnsServer *s) {
-        DnsServer *tail;
-
-        assert(s);
-
-        if (!s->marked)
-                return;
-
-        s->marked = false;
-
-        if (!s->linked || !s->servers_next)
-                return;
-
-        /* Move us to the end of the list, so that the order is
-         * strictly kept, if we are not at the end anyway. */
-
-        switch (s->type) {
-
-        case DNS_SERVER_LINK:
-                assert(s->link);
-                LIST_FIND_TAIL(servers, s, tail);
-                LIST_REMOVE(servers, s->link->dns_servers, s);
-                LIST_INSERT_AFTER(servers, s->link->dns_servers, tail, s);
-                break;
-
-        case DNS_SERVER_SYSTEM:
-                LIST_FIND_TAIL(servers, s, tail);
-                LIST_REMOVE(servers, s->manager->dns_servers, s);
-                LIST_INSERT_AFTER(servers, s->manager->dns_servers, tail, s);
-                break;
-
-        case DNS_SERVER_FALLBACK:
-                LIST_FIND_TAIL(servers, s, tail);
-                LIST_REMOVE(servers, s->manager->fallback_dns_servers, s);
-                LIST_INSERT_AFTER(servers, s->manager->fallback_dns_servers, tail, s);
-                break;
-
-        default:
-                assert_not_reached("Unknown server type");
-        }
-}
-
-static void dns_server_verified(DnsServer *s, DnsServerFeatureLevel level) {
-        assert(s);
-
-        if (s->verified_feature_level > level)
-                return;
-
-        if (s->verified_feature_level != level) {
-                log_debug("Verified we get a response at feature level %s from DNS server %s.",
-                          dns_server_feature_level_to_string(level),
-                          dns_server_string(s));
-                s->verified_feature_level = level;
-        }
-
-        assert_se(sd_event_now(s->manager->event, clock_boottime_or_monotonic(), &s->verified_usec) >= 0);
-}
-
-void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t rtt, size_t size) {
-        assert(s);
-
-        if (protocol == IPPROTO_UDP) {
-                if (s->possible_feature_level == level)
-                        s->n_failed_udp = 0;
-
-                /* If the RRSIG data is missing, then we can only validate EDNS0 at max */
-                if (s->packet_rrsig_missing && level >= DNS_SERVER_FEATURE_LEVEL_DO)
-                        level = DNS_SERVER_FEATURE_LEVEL_DO - 1;
-
-                /* If the OPT RR got lost, then we can only validate UDP at max */
-                if (s->packet_bad_opt && level >= DNS_SERVER_FEATURE_LEVEL_EDNS0)
-                        level = DNS_SERVER_FEATURE_LEVEL_EDNS0 - 1;
-
-                /* Even if we successfully receive a reply to a request announcing support for large packets,
-                   that does not mean we can necessarily receive large packets. */
-                if (level == DNS_SERVER_FEATURE_LEVEL_LARGE)
-                        level = DNS_SERVER_FEATURE_LEVEL_LARGE - 1;
-
-        } else if (protocol == IPPROTO_TCP) {
-
-                if (s->possible_feature_level == level)
-                        s->n_failed_tcp = 0;
-
-                /* Successful TCP connections are only useful to verify the TCP feature level. */
-                level = DNS_SERVER_FEATURE_LEVEL_TCP;
-        }
-
-        dns_server_verified(s, level);
-
-        /* Remember the size of the largest UDP packet we received from a server,
-           we know that we can always announce support for packets with at least
-           this size. */
-        if (protocol == IPPROTO_UDP && s->received_udp_packet_max < size)
-                s->received_udp_packet_max = size;
-
-        if (s->max_rtt < rtt) {
-                s->max_rtt = rtt;
-                s->resend_timeout = CLAMP(s->max_rtt * 2, DNS_TIMEOUT_MIN_USEC, DNS_TIMEOUT_MAX_USEC);
-        }
-}
-
-void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t usec) {
-        assert(s);
-        assert(s->manager);
-
-        if (s->possible_feature_level == level) {
-                if (protocol == IPPROTO_UDP)
-                        s->n_failed_udp++;
-                else if (protocol == IPPROTO_TCP)
-                        s->n_failed_tcp++;
-        }
-
-        if (s->resend_timeout > usec)
-                return;
-
-        s->resend_timeout = MIN(s->resend_timeout * 2, DNS_TIMEOUT_MAX_USEC);
-}
-
-void dns_server_packet_failed(DnsServer *s, DnsServerFeatureLevel level) {
-        assert(s);
-
-        /* Invoked whenever we get a FORMERR, SERVFAIL or NOTIMP rcode from a server. */
-
-        if (s->possible_feature_level != level)
-                return;
-
-        s->packet_failed = true;
-}
-
-void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level) {
-        assert(s);
-
-        /* Invoked whenever we get a packet with TC bit set. */
-
-        if (s->possible_feature_level != level)
-                return;
-
-        s->packet_truncated = true;
-}
-
-void dns_server_packet_rrsig_missing(DnsServer *s, DnsServerFeatureLevel level) {
-        assert(s);
-
-        if (level < DNS_SERVER_FEATURE_LEVEL_DO)
-                return;
-
-        /* If the RRSIG RRs are missing, we have to downgrade what we previously verified */
-        if (s->verified_feature_level >= DNS_SERVER_FEATURE_LEVEL_DO)
-                s->verified_feature_level = DNS_SERVER_FEATURE_LEVEL_DO-1;
-
-        s->packet_rrsig_missing = true;
-}
-
-void dns_server_packet_bad_opt(DnsServer *s, DnsServerFeatureLevel level) {
-        assert(s);
-
-        if (level < DNS_SERVER_FEATURE_LEVEL_EDNS0)
-                return;
-
-        /* If the OPT RR got lost, we have to downgrade what we previously verified */
-        if (s->verified_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0)
-                s->verified_feature_level = DNS_SERVER_FEATURE_LEVEL_EDNS0-1;
-
-        s->packet_bad_opt = true;
-}
-
-static bool dns_server_grace_period_expired(DnsServer *s) {
-        usec_t ts;
-
-        assert(s);
-        assert(s->manager);
-
-        if (s->verified_usec == 0)
-                return false;
-
-        assert_se(sd_event_now(s->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
-
-        if (s->verified_usec + s->features_grace_period_usec > ts)
-                return false;
-
-        s->features_grace_period_usec = MIN(s->features_grace_period_usec * 2, DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC);
-
-        return true;
-}
-
-static void dns_server_reset_counters(DnsServer *s) {
-        assert(s);
-
-        s->n_failed_udp = 0;
-        s->n_failed_tcp = 0;
-        s->packet_failed = false;
-        s->packet_truncated = false;
-        s->verified_usec = 0;
-
-        /* Note that we do not reset s->packet_bad_opt and s->packet_rrsig_missing here. We reset them only when the
-         * grace period ends, but not when lowering the possible feature level, as a lower level feature level should
-         * not make RRSIGs appear or OPT appear, but rather make them disappear. If the reappear anyway, then that's
-         * indication for a differently broken OPT/RRSIG implementation, and we really don't want to support that
-         * either.
-         *
-         * This is particularly important to deal with certain Belkin routers which break OPT for certain lookups (A),
-         * but pass traffic through for others (AAAA). If we detect the broken behaviour on one lookup we should not
-         * reenable it for another, because we cannot validate things anyway, given that the RRSIG/OPT data will be
-         * incomplete. */
-}
-
-DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
-        assert(s);
-
-        if (s->possible_feature_level != DNS_SERVER_FEATURE_LEVEL_BEST &&
-            dns_server_grace_period_expired(s)) {
-
-                s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;
-
-                dns_server_reset_counters(s);
-
-                s->packet_bad_opt = false;
-                s->packet_rrsig_missing = false;
-
-                log_info("Grace period over, resuming full feature set (%s) for DNS server %s.",
-                         dns_server_feature_level_to_string(s->possible_feature_level),
-                         dns_server_string(s));
-
-        } else if (s->possible_feature_level <= s->verified_feature_level)
-                s->possible_feature_level = s->verified_feature_level;
-        else {
-                DnsServerFeatureLevel p = s->possible_feature_level;
-
-                if (s->n_failed_tcp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS &&
-                    s->possible_feature_level == DNS_SERVER_FEATURE_LEVEL_TCP) {
-
-                        /* We are at the TCP (lowest) level, and we tried a couple of TCP connections, and it didn't
-                         * work. Upgrade back to UDP again. */
-                        log_debug("Reached maximum number of failed TCP connection attempts, trying UDP again...");
-                        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_UDP;
-
-                } else if (s->packet_bad_opt &&
-                           s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) {
-
-                        /* A reply to one of our EDNS0 queries didn't carry a valid OPT RR, then downgrade to below
-                         * EDNS0 levels. After all, some records generate different responses with and without OPT RR
-                         * in the request. Example:
-                         * https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html */
-
-                        log_debug("Server doesn't support EDNS(0) properly, downgrading feature level...");
-                        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_UDP;
-
-                } else if (s->packet_rrsig_missing &&
-                           s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_DO) {
-
-                        /* RRSIG data was missing on a EDNS0 packet with DO bit set. This means the server doesn't
-                         * augment responses with DNSSEC RRs. If so, let's better not ask the server for it anymore,
-                         * after all some servers generate different replies depending if an OPT RR is in the query or
-                         * not. */
-
-                        log_debug("Detected server responses lack RRSIG records, downgrading feature level...");
-                        s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_EDNS0;
-
-                } else if (s->n_failed_udp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS &&
-                            s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_UDP) {
-
-                        /* We lost too many UDP packets in a row, and are on a feature level of UDP or higher. If the
-                         * packets are lost, maybe the server cannot parse them, hence downgrading sounds like a good
-                         * idea. We might downgrade all the way down to TCP this way. */
-
-                        log_debug("Lost too many UDP packets, downgrading feature level...");
-                        s->possible_feature_level--;
-
-                } else if (s->packet_failed &&
-                           s->possible_feature_level > DNS_SERVER_FEATURE_LEVEL_UDP) {
-
-                        /* We got a failure packet, and are at a feature level above UDP. Note that in this case we
-                         * downgrade no further than UDP, under the assumption that a failure packet indicates an
-                         * incompatible packet contents, but not a problem with the transport. */
-
-                        log_debug("Got server failure, downgrading feature level...");
-                        s->possible_feature_level--;
-
-                } else if (s->n_failed_tcp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS &&
-                           s->packet_truncated &&
-                           s->possible_feature_level > DNS_SERVER_FEATURE_LEVEL_UDP) {
-
-                         /* We got too many TCP connection failures in a row, we had at least one truncated packet, and
-                          * are on a feature level above UDP. By downgrading things and getting rid of DNSSEC or EDNS0
-                          * data we hope to make the packet smaller, so that it still works via UDP given that TCP
-                          * appears not to be a fallback. Note that if we are already at the lowest UDP level, we don't
-                          * go further down, since that's TCP, and TCP failed too often after all. */
-
-                        log_debug("Got too many failed TCP connection failures and truncated UDP packets, downgrading feature level...");
-                        s->possible_feature_level--;
-                }
-
-                if (p != s->possible_feature_level) {
-
-                        /* We changed the feature level, reset the counting */
-                        dns_server_reset_counters(s);
-
-                        log_warning("Using degraded feature set (%s) for DNS server %s.",
-                                    dns_server_feature_level_to_string(s->possible_feature_level),
-                                    dns_server_string(s));
-                }
-        }
-
-        return s->possible_feature_level;
-}
-
-int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeatureLevel level) {
-        size_t packet_size;
-        bool edns_do;
-        int r;
-
-        assert(server);
-        assert(packet);
-        assert(packet->protocol == DNS_PROTOCOL_DNS);
-
-        /* Fix the OPT field in the packet to match our current feature level. */
-
-        r = dns_packet_truncate_opt(packet);
-        if (r < 0)
-                return r;
-
-        if (level < DNS_SERVER_FEATURE_LEVEL_EDNS0)
-                return 0;
-
-        edns_do = level >= DNS_SERVER_FEATURE_LEVEL_DO;
-
-        if (level >= DNS_SERVER_FEATURE_LEVEL_LARGE)
-                packet_size = DNS_PACKET_UNICAST_SIZE_LARGE_MAX;
-        else
-                packet_size = server->received_udp_packet_max;
-
-        return dns_packet_append_opt(packet, packet_size, edns_do, NULL);
-}
-
-const char *dns_server_string(DnsServer *server) {
-        assert(server);
-
-        if (!server->server_string)
-                (void) in_addr_to_string(server->family, &server->address, &server->server_string);
-
-        return strna(server->server_string);
-}
-
-bool dns_server_dnssec_supported(DnsServer *server) {
-        assert(server);
-
-        /* Returns whether the server supports DNSSEC according to what we know about it */
-
-        if (server->possible_feature_level < DNS_SERVER_FEATURE_LEVEL_DO)
-                return false;
-
-        if (server->packet_bad_opt)
-                return false;
-
-        if (server->packet_rrsig_missing)
-                return false;
-
-        /* DNSSEC servers need to support TCP properly (see RFC5966), if they don't, we assume DNSSEC is borked too */
-        if (server->n_failed_tcp >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS)
-                return false;
-
-        return true;
-}
-
-void dns_server_warn_downgrade(DnsServer *server) {
-        assert(server);
-
-        if (server->warned_downgrade)
-                return;
-
-        log_struct(LOG_NOTICE,
-                   LOG_MESSAGE_ID(SD_MESSAGE_DNSSEC_DOWNGRADE),
-                   LOG_MESSAGE("Server %s does not support DNSSEC, downgrading to non-DNSSEC mode.", dns_server_string(server)),
-                   "DNS_SERVER=%s", dns_server_string(server),
-                   "DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(server->possible_feature_level),
-                   NULL);
-
-        server->warned_downgrade = true;
-}
-
-static void dns_server_hash_func(const void *p, struct siphash *state) {
-        const DnsServer *s = p;
-
-        assert(s);
-
-        siphash24_compress(&s->family, sizeof(s->family), state);
-        siphash24_compress(&s->address, FAMILY_ADDRESS_SIZE(s->family), state);
-}
-
-static int dns_server_compare_func(const void *a, const void *b) {
-        const DnsServer *x = a, *y = b;
-
-        if (x->family < y->family)
-                return -1;
-        if (x->family > y->family)
-                return 1;
-
-        return memcmp(&x->address, &y->address, FAMILY_ADDRESS_SIZE(x->family));
-}
-
-const struct hash_ops dns_server_hash_ops = {
-        .hash = dns_server_hash_func,
-        .compare = dns_server_compare_func
-};
-
-void dns_server_unlink_all(DnsServer *first) {
-        DnsServer *next;
-
-        if (!first)
-                return;
-
-        next = first->servers_next;
-        dns_server_unlink(first);
-
-        dns_server_unlink_all(next);
-}
-
-void dns_server_unlink_marked(DnsServer *first) {
-        DnsServer *next;
-
-        if (!first)
-                return;
-
-        next = first->servers_next;
-
-        if (first->marked)
-                dns_server_unlink(first);
-
-        dns_server_unlink_marked(next);
-}
-
-void dns_server_mark_all(DnsServer *first) {
-        if (!first)
-                return;
-
-        first->marked = true;
-        dns_server_mark_all(first->servers_next);
-}
-
-DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr) {
-        DnsServer *s;
-
-        LIST_FOREACH(servers, s, first)
-                if (s->family == family && in_addr_equal(family, &s->address, in_addr) > 0)
-                        return s;
-
-        return NULL;
-}
-
-DnsServer *manager_get_first_dns_server(Manager *m, DnsServerType t) {
-        assert(m);
-
-        switch (t) {
-
-        case DNS_SERVER_SYSTEM:
-                return m->dns_servers;
-
-        case DNS_SERVER_FALLBACK:
-                return m->fallback_dns_servers;
-
-        default:
-                return NULL;
-        }
-}
-
-DnsServer *manager_set_dns_server(Manager *m, DnsServer *s) {
-        assert(m);
-
-        if (m->current_dns_server == s)
-                return s;
-
-        if (s)
-                log_info("Switching to %s DNS server %s.",
-                         dns_server_type_to_string(s->type),
-                         dns_server_string(s));
-
-        dns_server_unref(m->current_dns_server);
-        m->current_dns_server = dns_server_ref(s);
-
-        if (m->unicast_scope)
-                dns_cache_flush(&m->unicast_scope->cache);
-
-        return s;
-}
-
-DnsServer *manager_get_dns_server(Manager *m) {
-        Link *l;
-        assert(m);
-
-        /* Try to read updates resolv.conf */
-        manager_read_resolv_conf(m);
-
-        /* If no DNS server was chosen so far, pick the first one */
-        if (!m->current_dns_server)
-                manager_set_dns_server(m, m->dns_servers);
-
-        if (!m->current_dns_server) {
-                bool found = false;
-                Iterator i;
-
-                /* No DNS servers configured, let's see if there are
-                 * any on any links. If not, we use the fallback
-                 * servers */
-
-                HASHMAP_FOREACH(l, m->links, i)
-                        if (l->dns_servers) {
-                                found = true;
-                                break;
-                        }
-
-                if (!found)
-                        manager_set_dns_server(m, m->fallback_dns_servers);
-        }
-
-        return m->current_dns_server;
-}
-
-void manager_next_dns_server(Manager *m) {
-        assert(m);
-
-        /* If there's currently no DNS server set, then the next
-         * manager_get_dns_server() will find one */
-        if (!m->current_dns_server)
-                return;
-
-        /* Change to the next one, but make sure to follow the linked
-         * list only if the server is still linked. */
-        if (m->current_dns_server->linked && m->current_dns_server->servers_next) {
-                manager_set_dns_server(m, m->current_dns_server->servers_next);
-                return;
-        }
-
-        /* If there was no next one, then start from the beginning of
-         * the list */
-        if (m->current_dns_server->type == DNS_SERVER_FALLBACK)
-                manager_set_dns_server(m, m->fallback_dns_servers);
-        else
-                manager_set_dns_server(m, m->dns_servers);
-}
-
-static const char* const dns_server_type_table[_DNS_SERVER_TYPE_MAX] = {
-        [DNS_SERVER_SYSTEM] = "system",
-        [DNS_SERVER_FALLBACK] = "fallback",
-        [DNS_SERVER_LINK] = "link",
-};
-DEFINE_STRING_TABLE_LOOKUP(dns_server_type, DnsServerType);
-
-static const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVEL_MAX] = {
-        [DNS_SERVER_FEATURE_LEVEL_TCP] = "TCP",
-        [DNS_SERVER_FEATURE_LEVEL_UDP] = "UDP",
-        [DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0",
-        [DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO",
-        [DNS_SERVER_FEATURE_LEVEL_LARGE] = "UDP+EDNS0+DO+LARGE",
-};
-DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel);
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
deleted file mode 100644
index a4a67623e7..0000000000
--- a/src/resolve/resolved-dns-transaction.c
+++ /dev/null
@@ -1,3048 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sd-messages.h>
-
-#include "af-list.h"
-#include "alloc-util.h"
-#include "dns-domain.h"
-#include "errno-list.h"
-#include "fd-util.h"
-#include "random-util.h"
-#include "resolved-dns-cache.h"
-#include "resolved-dns-transaction.h"
-#include "resolved-llmnr.h"
-#include "string-table.h"
-
-#define TRANSACTIONS_MAX 4096
-
-static void dns_transaction_reset_answer(DnsTransaction *t) {
-        assert(t);
-
-        t->received = dns_packet_unref(t->received);
-        t->answer = dns_answer_unref(t->answer);
-        t->answer_rcode = 0;
-        t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
-        t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
-        t->answer_authenticated = false;
-        t->answer_nsec_ttl = (uint32_t) -1;
-        t->answer_errno = 0;
-}
-
-static void dns_transaction_flush_dnssec_transactions(DnsTransaction *t) {
-        DnsTransaction *z;
-
-        assert(t);
-
-        while ((z = set_steal_first(t->dnssec_transactions))) {
-                set_remove(z->notify_transactions, t);
-                set_remove(z->notify_transactions_done, t);
-                dns_transaction_gc(z);
-        }
-}
-
-static void dns_transaction_close_connection(DnsTransaction *t) {
-        assert(t);
-
-        t->stream = dns_stream_free(t->stream);
-        t->dns_udp_event_source = sd_event_source_unref(t->dns_udp_event_source);
-        t->dns_udp_fd = safe_close(t->dns_udp_fd);
-}
-
-static void dns_transaction_stop_timeout(DnsTransaction *t) {
-        assert(t);
-
-        t->timeout_event_source = sd_event_source_unref(t->timeout_event_source);
-}
-
-DnsTransaction* dns_transaction_free(DnsTransaction *t) {
-        DnsQueryCandidate *c;
-        DnsZoneItem *i;
-        DnsTransaction *z;
-
-        if (!t)
-                return NULL;
-
-        log_debug("Freeing transaction %" PRIu16 ".", t->id);
-
-        dns_transaction_close_connection(t);
-        dns_transaction_stop_timeout(t);
-
-        dns_packet_unref(t->sent);
-        dns_transaction_reset_answer(t);
-
-        dns_server_unref(t->server);
-
-        if (t->scope) {
-                hashmap_remove_value(t->scope->transactions_by_key, t->key, t);
-                LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
-
-                if (t->id != 0)
-                        hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
-        }
-
-        while ((c = set_steal_first(t->notify_query_candidates)))
-                set_remove(c->transactions, t);
-        set_free(t->notify_query_candidates);
-
-        while ((c = set_steal_first(t->notify_query_candidates_done)))
-                set_remove(c->transactions, t);
-        set_free(t->notify_query_candidates_done);
-
-        while ((i = set_steal_first(t->notify_zone_items)))
-                i->probe_transaction = NULL;
-        set_free(t->notify_zone_items);
-
-        while ((i = set_steal_first(t->notify_zone_items_done)))
-                i->probe_transaction = NULL;
-        set_free(t->notify_zone_items_done);
-
-        while ((z = set_steal_first(t->notify_transactions)))
-                set_remove(z->dnssec_transactions, t);
-        set_free(t->notify_transactions);
-
-        while ((z = set_steal_first(t->notify_transactions_done)))
-                set_remove(z->dnssec_transactions, t);
-        set_free(t->notify_transactions_done);
-
-        dns_transaction_flush_dnssec_transactions(t);
-        set_free(t->dnssec_transactions);
-
-        dns_answer_unref(t->validated_keys);
-        dns_resource_key_unref(t->key);
-
-        free(t);
-        return NULL;
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(DnsTransaction*, dns_transaction_free);
-
-bool dns_transaction_gc(DnsTransaction *t) {
-        assert(t);
-
-        if (t->block_gc > 0)
-                return true;
-
-        if (set_isempty(t->notify_query_candidates) &&
-            set_isempty(t->notify_query_candidates_done) &&
-            set_isempty(t->notify_zone_items) &&
-            set_isempty(t->notify_zone_items_done) &&
-            set_isempty(t->notify_transactions) &&
-            set_isempty(t->notify_transactions_done)) {
-                dns_transaction_free(t);
-                return false;
-        }
-
-        return true;
-}
-
-static uint16_t pick_new_id(Manager *m) {
-        uint16_t new_id;
-
-        /* Find a fresh, unused transaction id. Note that this loop is bounded because there's a limit on the number of
-         * transactions, and it's much lower than the space of IDs. */
-
-        assert_cc(TRANSACTIONS_MAX < 0xFFFF);
-
-        do
-                random_bytes(&new_id, sizeof(new_id));
-        while (new_id == 0 ||
-               hashmap_get(m->dns_transactions, UINT_TO_PTR(new_id)));
-
-        return new_id;
-}
-
-int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key) {
-        _cleanup_(dns_transaction_freep) DnsTransaction *t = NULL;
-        int r;
-
-        assert(ret);
-        assert(s);
-        assert(key);
-
-        /* Don't allow looking up invalid or pseudo RRs */
-        if (!dns_type_is_valid_query(key->type))
-                return -EINVAL;
-        if (dns_type_is_obsolete(key->type))
-                return -EOPNOTSUPP;
-
-        /* We only support the IN class */
-        if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY)
-                return -EOPNOTSUPP;
-
-        if (hashmap_size(s->manager->dns_transactions) >= TRANSACTIONS_MAX)
-                return -EBUSY;
-
-        r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
-        if (r < 0)
-                return r;
-
-        r = hashmap_ensure_allocated(&s->transactions_by_key, &dns_resource_key_hash_ops);
-        if (r < 0)
-                return r;
-
-        t = new0(DnsTransaction, 1);
-        if (!t)
-                return -ENOMEM;
-
-        t->dns_udp_fd = -1;
-        t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
-        t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
-        t->answer_nsec_ttl = (uint32_t) -1;
-        t->key = dns_resource_key_ref(key);
-        t->current_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
-
-        t->id = pick_new_id(s->manager);
-
-        r = hashmap_put(s->manager->dns_transactions, UINT_TO_PTR(t->id), t);
-        if (r < 0) {
-                t->id = 0;
-                return r;
-        }
-
-        r = hashmap_replace(s->transactions_by_key, t->key, t);
-        if (r < 0) {
-                hashmap_remove(s->manager->dns_transactions, UINT_TO_PTR(t->id));
-                return r;
-        }
-
-        LIST_PREPEND(transactions_by_scope, s->transactions, t);
-        t->scope = s;
-
-        s->manager->n_transactions_total++;
-
-        if (ret)
-                *ret = t;
-
-        t = NULL;
-
-        return 0;
-}
-
-static void dns_transaction_shuffle_id(DnsTransaction *t) {
-        uint16_t new_id;
-        assert(t);
-
-        /* Pick a new ID for this transaction. */
-
-        new_id = pick_new_id(t->scope->manager);
-        assert_se(hashmap_remove_and_put(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id), UINT_TO_PTR(new_id), t) >= 0);
-
-        log_debug("Transaction %" PRIu16 " is now %" PRIu16 ".", t->id, new_id);
-        t->id = new_id;
-
-        /* Make sure we generate a new packet with the new ID */
-        t->sent = dns_packet_unref(t->sent);
-}
-
-static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
-        _cleanup_free_ char *pretty = NULL;
-        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
-        DnsZoneItem *z;
-
-        assert(t);
-        assert(p);
-
-        if (manager_our_packet(t->scope->manager, p) != 0)
-                return;
-
-        (void) in_addr_to_string(p->family, &p->sender, &pretty);
-
-        log_debug("Transaction %" PRIu16 " for <%s> on scope %s on %s/%s got tentative packet from %s.",
-                  t->id,
-                  dns_resource_key_to_string(t->key, key_str, sizeof key_str),
-                  dns_protocol_to_string(t->scope->protocol),
-                  t->scope->link ? t->scope->link->name : "*",
-                  af_to_name_short(t->scope->family),
-                  strnull(pretty));
-
-        /* RFC 4795, Section 4.1 says that the peer with the
-         * lexicographically smaller IP address loses */
-        if (memcmp(&p->sender, &p->destination, FAMILY_ADDRESS_SIZE(p->family)) >= 0) {
-                log_debug("Peer has lexicographically larger IP address and thus lost in the conflict.");
-                return;
-        }
-
-        log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
-
-        t->block_gc++;
-
-        while ((z = set_first(t->notify_zone_items))) {
-                /* First, make sure the zone item drops the reference
-                 * to us */
-                dns_zone_item_probe_stop(z);
-
-                /* Secondly, report this as conflict, so that we might
-                 * look for a different hostname */
-                dns_zone_item_conflict(z);
-        }
-        t->block_gc--;
-
-        dns_transaction_gc(t);
-}
-
-void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
-        DnsQueryCandidate *c;
-        DnsZoneItem *z;
-        DnsTransaction *d;
-        const char *st;
-        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
-
-        assert(t);
-        assert(!DNS_TRANSACTION_IS_LIVE(state));
-
-        if (state == DNS_TRANSACTION_DNSSEC_FAILED) {
-                dns_resource_key_to_string(t->key, key_str, sizeof key_str);
-
-                log_struct(LOG_NOTICE,
-                           LOG_MESSAGE_ID(SD_MESSAGE_DNSSEC_FAILURE),
-                           LOG_MESSAGE("DNSSEC validation failed for question %s: %s", key_str, dnssec_result_to_string(t->answer_dnssec_result)),
-                           "DNS_TRANSACTION=%" PRIu16, t->id,
-                           "DNS_QUESTION=%s", key_str,
-                           "DNSSEC_RESULT=%s", dnssec_result_to_string(t->answer_dnssec_result),
-                           "DNS_SERVER=%s", dns_server_string(t->server),
-                           "DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(t->server->possible_feature_level),
-                           NULL);
-        }
-
-        /* Note that this call might invalidate the query. Callers
-         * should hence not attempt to access the query or transaction
-         * after calling this function. */
-
-        if (state == DNS_TRANSACTION_ERRNO)
-                st = errno_to_name(t->answer_errno);
-        else
-                st = dns_transaction_state_to_string(state);
-
-        log_debug("Transaction %" PRIu16 " for <%s> on scope %s on %s/%s now complete with <%s> from %s (%s).",
-                  t->id,
-                  dns_resource_key_to_string(t->key, key_str, sizeof key_str),
-                  dns_protocol_to_string(t->scope->protocol),
-                  t->scope->link ? t->scope->link->name : "*",
-                  af_to_name_short(t->scope->family),
-                  st,
-                  t->answer_source < 0 ? "none" : dns_transaction_source_to_string(t->answer_source),
-                  t->answer_authenticated ? "authenticated" : "unsigned");
-
-        t->state = state;
-
-        dns_transaction_close_connection(t);
-        dns_transaction_stop_timeout(t);
-
-        /* Notify all queries that are interested, but make sure the
-         * transaction isn't freed while we are still looking at it */
-        t->block_gc++;
-
-        SET_FOREACH_MOVE(c, t->notify_query_candidates_done, t->notify_query_candidates)
-                dns_query_candidate_notify(c);
-        SWAP_TWO(t->notify_query_candidates, t->notify_query_candidates_done);
-
-        SET_FOREACH_MOVE(z, t->notify_zone_items_done, t->notify_zone_items)
-                dns_zone_item_notify(z);
-        SWAP_TWO(t->notify_zone_items, t->notify_zone_items_done);
-
-        SET_FOREACH_MOVE(d, t->notify_transactions_done, t->notify_transactions)
-                dns_transaction_notify(d, t);
-        SWAP_TWO(t->notify_transactions, t->notify_transactions_done);
-
-        t->block_gc--;
-        dns_transaction_gc(t);
-}
-
-static int dns_transaction_pick_server(DnsTransaction *t) {
-        DnsServer *server;
-
-        assert(t);
-        assert(t->scope->protocol == DNS_PROTOCOL_DNS);
-
-        server = dns_scope_get_dns_server(t->scope);
-        if (!server)
-                return -ESRCH;
-
-        t->current_feature_level = dns_server_possible_feature_level(server);
-
-        if (server == t->server)
-                return 0;
-
-        dns_server_unref(t->server);
-        t->server = dns_server_ref(server);
-
-        return 1;
-}
-
-static void dns_transaction_retry(DnsTransaction *t) {
-        int r;
-
-        assert(t);
-
-        log_debug("Retrying transaction %" PRIu16 ".", t->id);
-
-        /* Before we try again, switch to a new server. */
-        dns_scope_next_dns_server(t->scope);
-
-        r = dns_transaction_go(t);
-        if (r < 0) {
-                t->answer_errno = -r;
-                dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
-        }
-}
-
-static int dns_transaction_maybe_restart(DnsTransaction *t) {
-        assert(t);
-
-        if (!t->server)
-                return 0;
-
-        if (t->current_feature_level <= dns_server_possible_feature_level(t->server))
-                return 0;
-
-        /* The server's current feature level is lower than when we sent the original query. We learnt something from
-           the response or possibly an auxiliary DNSSEC response that we didn't know before.  We take that as reason to
-           restart the whole transaction. This is a good idea to deal with servers that respond rubbish if we include
-           OPT RR or DO bit. One of these cases is documented here, for example:
-           https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html */
-
-        log_debug("Server feature level is now lower than when we began our transaction. Restarting with new ID.");
-        dns_transaction_shuffle_id(t);
-        return dns_transaction_go(t);
-}
-
-static int on_stream_complete(DnsStream *s, int error) {
-        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
-        DnsTransaction *t;
-
-        assert(s);
-        assert(s->transaction);
-
-        /* Copy the data we care about out of the stream before we
-         * destroy it. */
-        t = s->transaction;
-        p = dns_packet_ref(s->read_packet);
-
-        t->stream = dns_stream_free(t->stream);
-
-        if (ERRNO_IS_DISCONNECT(error)) {
-                usec_t usec;
-
-                if (t->scope->protocol == DNS_PROTOCOL_LLMNR) {
-                        /* If the LLMNR/TCP connection failed, the host doesn't support LLMNR, and we cannot answer the
-                         * question on this scope. */
-                        dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND);
-                        return 0;
-                }
-
-                log_debug_errno(error, "Connection failure for DNS TCP stream: %m");
-                assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
-                dns_server_packet_lost(t->server, IPPROTO_TCP, t->current_feature_level, usec - t->start_usec);
-
-                dns_transaction_retry(t);
-                return 0;
-        }
-        if (error != 0) {
-                t->answer_errno = error;
-                dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
-                return 0;
-        }
-
-        if (dns_packet_validate_reply(p) <= 0) {
-                log_debug("Invalid TCP reply packet.");
-                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-                return 0;
-        }
-
-        dns_scope_check_conflicts(t->scope, p);
-
-        t->block_gc++;
-        dns_transaction_process_reply(t, p);
-        t->block_gc--;
-
-        /* If the response wasn't useful, then complete the transition
-         * now. After all, we are the worst feature set now with TCP
-         * sockets, and there's really no point in retrying. */
-        if (t->state == DNS_TRANSACTION_PENDING)
-                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-        else
-                dns_transaction_gc(t);
-
-        return 0;
-}
-
-static int dns_transaction_open_tcp(DnsTransaction *t) {
-        _cleanup_close_ int fd = -1;
-        int r;
-
-        assert(t);
-
-        dns_transaction_close_connection(t);
-
-        switch (t->scope->protocol) {
-
-        case DNS_PROTOCOL_DNS:
-                r = dns_transaction_pick_server(t);
-                if (r < 0)
-                        return r;
-
-                if (!dns_server_dnssec_supported(t->server) && dns_type_is_dnssec(t->key->type))
-                        return -EOPNOTSUPP;
-
-                r = dns_server_adjust_opt(t->server, t->sent, t->current_feature_level);
-                if (r < 0)
-                        return r;
-
-                fd = dns_scope_socket_tcp(t->scope, AF_UNSPEC, NULL, t->server, 53);
-                break;
-
-        case DNS_PROTOCOL_LLMNR:
-                /* When we already received a reply to this (but it was truncated), send to its sender address */
-                if (t->received)
-                        fd = dns_scope_socket_tcp(t->scope, t->received->family, &t->received->sender, NULL, t->received->sender_port);
-                else {
-                        union in_addr_union address;
-                        int family = AF_UNSPEC;
-
-                        /* Otherwise, try to talk to the owner of a
-                         * the IP address, in case this is a reverse
-                         * PTR lookup */
-
-                        r = dns_name_address(dns_resource_key_name(t->key), &family, &address);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                return -EINVAL;
-                        if (family != t->scope->family)
-                                return -ESRCH;
-
-                        fd = dns_scope_socket_tcp(t->scope, family, &address, NULL, LLMNR_PORT);
-                }
-
-                break;
-
-        default:
-                return -EAFNOSUPPORT;
-        }
-
-        if (fd < 0)
-                return fd;
-
-        r = dns_stream_new(t->scope->manager, &t->stream, t->scope->protocol, fd);
-        if (r < 0)
-                return r;
-        fd = -1;
-
-        r = dns_stream_write_packet(t->stream, t->sent);
-        if (r < 0) {
-                t->stream = dns_stream_free(t->stream);
-                return r;
-        }
-
-        t->stream->complete = on_stream_complete;
-        t->stream->transaction = t;
-
-        /* The interface index is difficult to determine if we are
-         * connecting to the local host, hence fill this in right away
-         * instead of determining it from the socket */
-        if (t->scope->link)
-                t->stream->ifindex = t->scope->link->ifindex;
-
-        dns_transaction_reset_answer(t);
-
-        t->tried_stream = true;
-
-        return 0;
-}
-
-static void dns_transaction_cache_answer(DnsTransaction *t) {
-        assert(t);
-
-        /* For mDNS we cache whenever we get the packet, rather than
-         * in each transaction. */
-        if (!IN_SET(t->scope->protocol, DNS_PROTOCOL_DNS, DNS_PROTOCOL_LLMNR))
-                return;
-
-        /* We never cache if this packet is from the local host, under
-         * the assumption that a locally running DNS server would
-         * cache this anyway, and probably knows better when to flush
-         * the cache then we could. */
-        if (!DNS_PACKET_SHALL_CACHE(t->received))
-                return;
-
-        dns_cache_put(&t->scope->cache,
-                      t->key,
-                      t->answer_rcode,
-                      t->answer,
-                      t->answer_authenticated,
-                      t->answer_nsec_ttl,
-                      0,
-                      t->received->family,
-                      &t->received->sender);
-}
-
-static bool dns_transaction_dnssec_is_live(DnsTransaction *t) {
-        DnsTransaction *dt;
-        Iterator i;
-
-        assert(t);
-
-        SET_FOREACH(dt, t->dnssec_transactions, i)
-                if (DNS_TRANSACTION_IS_LIVE(dt->state))
-                        return true;
-
-        return false;
-}
-
-static int dns_transaction_dnssec_ready(DnsTransaction *t) {
-        DnsTransaction *dt;
-        Iterator i;
-
-        assert(t);
-
-        /* Checks whether the auxiliary DNSSEC transactions of our transaction have completed, or are still
-         * ongoing. Returns 0, if we aren't ready for the DNSSEC validation, positive if we are. */
-
-        SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                switch (dt->state) {
-
-                case DNS_TRANSACTION_NULL:
-                case DNS_TRANSACTION_PENDING:
-                case DNS_TRANSACTION_VALIDATING:
-                        /* Still ongoing */
-                        return 0;
-
-                case DNS_TRANSACTION_RCODE_FAILURE:
-                        if (dt->answer_rcode != DNS_RCODE_NXDOMAIN) {
-                                log_debug("Auxiliary DNSSEC RR query failed with rcode=%s.", dns_rcode_to_string(dt->answer_rcode));
-                                goto fail;
-                        }
-
-                        /* Fall-through: NXDOMAIN is good enough for us. This is because some DNS servers erronously
-                         * return NXDOMAIN for empty non-terminals (Akamai...), and we need to handle that nicely, when
-                         * asking for parent SOA or similar RRs to make unsigned proofs. */
-
-                case DNS_TRANSACTION_SUCCESS:
-                        /* All good. */
-                        break;
-
-                case DNS_TRANSACTION_DNSSEC_FAILED:
-                        /* We handle DNSSEC failures different from other errors, as we care about the DNSSEC
-                         * validationr result */
-
-                        log_debug("Auxiliary DNSSEC RR query failed validation: %s", dnssec_result_to_string(dt->answer_dnssec_result));
-                        t->answer_dnssec_result = dt->answer_dnssec_result; /* Copy error code over */
-                        dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
-                        return 0;
-
-
-                default:
-                        log_debug("Auxiliary DNSSEC RR query failed with %s", dns_transaction_state_to_string(dt->state));
-                        goto fail;
-                }
-        }
-
-        /* All is ready, we can go and validate */
-        return 1;
-
-fail:
-        t->answer_dnssec_result = DNSSEC_FAILED_AUXILIARY;
-        dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
-        return 0;
-}
-
-static void dns_transaction_process_dnssec(DnsTransaction *t) {
-        int r;
-
-        assert(t);
-
-        /* Are there ongoing DNSSEC transactions? If so, let's wait for them. */
-        r = dns_transaction_dnssec_ready(t);
-        if (r < 0)
-                goto fail;
-        if (r == 0) /* We aren't ready yet (or one of our auxiliary transactions failed, and we shouldn't validate now */
-                return;
-
-        /* See if we learnt things from the additional DNSSEC transactions, that we didn't know before, and better
-         * restart the lookup immediately. */
-        r = dns_transaction_maybe_restart(t);
-        if (r < 0)
-                goto fail;
-        if (r > 0) /* Transaction got restarted... */
-                return;
-
-        /* All our auxiliary DNSSEC transactions are complete now. Try
-         * to validate our RRset now. */
-        r = dns_transaction_validate_dnssec(t);
-        if (r == -EBADMSG) {
-                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-                return;
-        }
-        if (r < 0)
-                goto fail;
-
-        if (t->answer_dnssec_result == DNSSEC_INCOMPATIBLE_SERVER &&
-            t->scope->dnssec_mode == DNSSEC_YES) {
-                /*  We are not in automatic downgrade mode, and the
-                 *  server is bad, refuse operation. */
-                dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
-                return;
-        }
-
-        if (!IN_SET(t->answer_dnssec_result,
-                    _DNSSEC_RESULT_INVALID,        /* No DNSSEC validation enabled */
-                    DNSSEC_VALIDATED,              /* Answer is signed and validated successfully */
-                    DNSSEC_UNSIGNED,               /* Answer is right-fully unsigned */
-                    DNSSEC_INCOMPATIBLE_SERVER)) { /* Server does not do DNSSEC (Yay, we are downgrade attack vulnerable!) */
-                dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
-                return;
-        }
-
-        if (t->answer_dnssec_result == DNSSEC_INCOMPATIBLE_SERVER)
-                dns_server_warn_downgrade(t->server);
-
-        dns_transaction_cache_answer(t);
-
-        if (t->answer_rcode == DNS_RCODE_SUCCESS)
-                dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
-        else
-                dns_transaction_complete(t, DNS_TRANSACTION_RCODE_FAILURE);
-
-        return;
-
-fail:
-        t->answer_errno = -r;
-        dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
-}
-
-static int dns_transaction_has_positive_answer(DnsTransaction *t, DnsAnswerFlags *flags) {
-        int r;
-
-        assert(t);
-
-        /* Checks whether the answer is positive, i.e. either a direct
-         * answer to the question, or a CNAME/DNAME for it */
-
-        r = dns_answer_match_key(t->answer, t->key, flags);
-        if (r != 0)
-                return r;
-
-        r = dns_answer_find_cname_or_dname(t->answer, t->key, NULL, flags);
-        if (r != 0)
-                return r;
-
-        return false;
-}
-
-static int dns_transaction_fix_rcode(DnsTransaction *t) {
-        int r;
-
-        assert(t);
-
-        /* Fix up the RCODE to SUCCESS if we get at least one matching RR in a response. Note that this contradicts the
-         * DNS RFCs a bit. Specifically, RFC 6604 Section 3 clarifies that the RCODE shall say something about a
-         * CNAME/DNAME chain element coming after the last chain element contained in the message, and not the first
-         * one included. However, it also indicates that not all DNS servers implement this correctly. Moreover, when
-         * using DNSSEC we usually only can prove the first element of a CNAME/DNAME chain anyway, hence let's settle
-         * on always processing the RCODE as referring to the immediate look-up we do, i.e. the first element of a
-         * CNAME/DNAME chain. This way, we uniformly handle CNAME/DNAME chains, regardless if the DNS server
-         * incorrectly implements RCODE, whether DNSSEC is in use, or whether the DNS server only supplied us with an
-         * incomplete CNAME/DNAME chain.
-         *
-         * Or in other words: if we get at least one positive reply in a message we patch NXDOMAIN to become SUCCESS,
-         * and then rely on the CNAME chasing logic to figure out that there's actually a CNAME error with a new
-         * lookup. */
-
-        if (t->answer_rcode != DNS_RCODE_NXDOMAIN)
-                return 0;
-
-        r = dns_transaction_has_positive_answer(t, NULL);
-        if (r <= 0)
-                return r;
-
-        t->answer_rcode = DNS_RCODE_SUCCESS;
-        return 0;
-}
-
-void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
-        usec_t ts;
-        int r;
-
-        assert(t);
-        assert(p);
-        assert(t->scope);
-        assert(t->scope->manager);
-
-        if (t->state != DNS_TRANSACTION_PENDING)
-                return;
-
-        /* Note that this call might invalidate the query. Callers
-         * should hence not attempt to access the query or transaction
-         * after calling this function. */
-
-        log_debug("Processing incoming packet on transaction %" PRIu16".", t->id);
-
-        switch (t->scope->protocol) {
-
-        case DNS_PROTOCOL_LLMNR:
-                assert(t->scope->link);
-
-                /* For LLMNR we will not accept any packets from other
-                 * interfaces */
-
-                if (p->ifindex != t->scope->link->ifindex)
-                        return;
-
-                if (p->family != t->scope->family)
-                        return;
-
-                /* Tentative packets are not full responses but still
-                 * useful for identifying uniqueness conflicts during
-                 * probing. */
-                if (DNS_PACKET_LLMNR_T(p)) {
-                        dns_transaction_tentative(t, p);
-                        return;
-                }
-
-                break;
-
-        case DNS_PROTOCOL_MDNS:
-                assert(t->scope->link);
-
-                /* For mDNS we will not accept any packets from other interfaces */
-                if (p->ifindex != t->scope->link->ifindex)
-                        return;
-
-                if (p->family != t->scope->family)
-                        return;
-
-                break;
-
-        case DNS_PROTOCOL_DNS:
-                /* Note that we do not need to verify the
-                 * addresses/port numbers of incoming traffic, as we
-                 * invoked connect() on our UDP socket in which case
-                 * the kernel already does the needed verification for
-                 * us. */
-                break;
-
-        default:
-                assert_not_reached("Invalid DNS protocol.");
-        }
-
-        if (t->received != p) {
-                dns_packet_unref(t->received);
-                t->received = dns_packet_ref(p);
-        }
-
-        t->answer_source = DNS_TRANSACTION_NETWORK;
-
-        if (p->ipproto == IPPROTO_TCP) {
-                if (DNS_PACKET_TC(p)) {
-                        /* Truncated via TCP? Somebody must be fucking with us */
-                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-                        return;
-                }
-
-                if (DNS_PACKET_ID(p) != t->id) {
-                        /* Not the reply to our query? Somebody must be fucking with us */
-                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-                        return;
-                }
-        }
-
-        assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
-
-        switch (t->scope->protocol) {
-
-        case DNS_PROTOCOL_DNS:
-                assert(t->server);
-
-                if (IN_SET(DNS_PACKET_RCODE(p), DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NOTIMP)) {
-
-                        /* Request failed, immediately try again with reduced features */
-                        log_debug("Server returned error: %s", dns_rcode_to_string(DNS_PACKET_RCODE(p)));
-
-                        dns_server_packet_failed(t->server, t->current_feature_level);
-                        dns_transaction_retry(t);
-                        return;
-                } else if (DNS_PACKET_TC(p))
-                        dns_server_packet_truncated(t->server, t->current_feature_level);
-
-                break;
-
-        case DNS_PROTOCOL_LLMNR:
-        case DNS_PROTOCOL_MDNS:
-                dns_scope_packet_received(t->scope, ts - t->start_usec);
-                break;
-
-        default:
-                assert_not_reached("Invalid DNS protocol.");
-        }
-
-        if (DNS_PACKET_TC(p)) {
-
-                /* Truncated packets for mDNS are not allowed. Give up immediately. */
-                if (t->scope->protocol == DNS_PROTOCOL_MDNS) {
-                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-                        return;
-                }
-
-                log_debug("Reply truncated, retrying via TCP.");
-
-                /* Response was truncated, let's try again with good old TCP */
-                r = dns_transaction_open_tcp(t);
-                if (r == -ESRCH) {
-                        /* No servers found? Damn! */
-                        dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
-                        return;
-                }
-                if (r == -EOPNOTSUPP) {
-                        /* Tried to ask for DNSSEC RRs, on a server that doesn't do DNSSEC  */
-                        dns_transaction_complete(t, DNS_TRANSACTION_RR_TYPE_UNSUPPORTED);
-                        return;
-                }
-                if (r < 0) {
-                        /* On LLMNR, if we cannot connect to the host,
-                         * we immediately give up */
-                        if (t->scope->protocol != DNS_PROTOCOL_DNS)
-                                goto fail;
-
-                        /* On DNS, couldn't send? Try immediately again, with a new server */
-                        dns_transaction_retry(t);
-                }
-
-                return;
-        }
-
-        /* After the superficial checks, actually parse the message. */
-        r = dns_packet_extract(p);
-        if (r < 0) {
-                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-                return;
-        }
-
-        /* Report that the OPT RR was missing */
-        if (t->server) {
-                if (!p->opt)
-                        dns_server_packet_bad_opt(t->server, t->current_feature_level);
-
-                dns_server_packet_received(t->server, p->ipproto, t->current_feature_level, ts - t->start_usec, p->size);
-        }
-
-        /* See if we know things we didn't know before that indicate we better restart the lookup immediately. */
-        r = dns_transaction_maybe_restart(t);
-        if (r < 0)
-                goto fail;
-        if (r > 0) /* Transaction got restarted... */
-                return;
-
-        if (IN_SET(t->scope->protocol, DNS_PROTOCOL_DNS, DNS_PROTOCOL_LLMNR)) {
-
-                /* Only consider responses with equivalent query section to the request */
-                r = dns_packet_is_reply_for(p, t->key);
-                if (r < 0)
-                        goto fail;
-                if (r == 0) {
-                        dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
-                        return;
-                }
-
-                /* Install the answer as answer to the transaction */
-                dns_answer_unref(t->answer);
-                t->answer = dns_answer_ref(p->answer);
-                t->answer_rcode = DNS_PACKET_RCODE(p);
-                t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
-                t->answer_authenticated = false;
-
-                r = dns_transaction_fix_rcode(t);
-                if (r < 0)
-                        goto fail;
-
-                /* Block GC while starting requests for additional DNSSEC RRs */
-                t->block_gc++;
-                r = dns_transaction_request_dnssec_keys(t);
-                t->block_gc--;
-
-                /* Maybe the transaction is ready for GC'ing now? If so, free it and return. */
-                if (!dns_transaction_gc(t))
-                        return;
-
-                /* Requesting additional keys might have resulted in
-                 * this transaction to fail, since the auxiliary
-                 * request failed for some reason. If so, we are not
-                 * in pending state anymore, and we should exit
-                 * quickly. */
-                if (t->state != DNS_TRANSACTION_PENDING)
-                        return;
-                if (r < 0)
-                        goto fail;
-                if (r > 0) {
-                        /* There are DNSSEC transactions pending now. Update the state accordingly. */
-                        t->state = DNS_TRANSACTION_VALIDATING;
-                        dns_transaction_close_connection(t);
-                        dns_transaction_stop_timeout(t);
-                        return;
-                }
-        }
-
-        dns_transaction_process_dnssec(t);
-        return;
-
-fail:
-        t->answer_errno = -r;
-        dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
-}
-
-static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
-        DnsTransaction *t = userdata;
-        int r;
-
-        assert(t);
-        assert(t->scope);
-
-        r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p);
-        if (ERRNO_IS_DISCONNECT(-r)) {
-                usec_t usec;
-
-                /* UDP connection failure get reported via ICMP and then are possible delivered to us on the next
-                 * recvmsg(). Treat this like a lost packet. */
-
-                log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
-                assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
-                dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level, usec - t->start_usec);
-
-                dns_transaction_retry(t);
-                return 0;
-        }
-        if (r < 0) {
-                dns_transaction_complete(t, DNS_TRANSACTION_ERRNO);
-                t->answer_errno = -r;
-                return 0;
-        }
-
-        r = dns_packet_validate_reply(p);
-        if (r < 0) {
-                log_debug_errno(r, "Received invalid DNS packet as response, ignoring: %m");
-                return 0;
-        }
-        if (r == 0) {
-                log_debug("Received inappropriate DNS packet as response, ignoring.");
-                return 0;
-        }
-
-        if (DNS_PACKET_ID(p) != t->id) {
-                log_debug("Received packet with incorrect transaction ID, ignoring.");
-                return 0;
-        }
-
-        dns_transaction_process_reply(t, p);
-        return 0;
-}
-
-static int dns_transaction_emit_udp(DnsTransaction *t) {
-        int r;
-
-        assert(t);
-
-        if (t->scope->protocol == DNS_PROTOCOL_DNS) {
-
-                r = dns_transaction_pick_server(t);
-                if (r < 0)
-                        return r;
-
-                if (t->current_feature_level < DNS_SERVER_FEATURE_LEVEL_UDP)
-                        return -EAGAIN;
-
-                if (!dns_server_dnssec_supported(t->server) && dns_type_is_dnssec(t->key->type))
-                        return -EOPNOTSUPP;
-
-                if (r > 0 || t->dns_udp_fd < 0) { /* Server changed, or no connection yet. */
-                        int fd;
-
-                        dns_transaction_close_connection(t);
-
-                        fd = dns_scope_socket_udp(t->scope, t->server, 53);
-                        if (fd < 0)
-                                return fd;
-
-                        r = sd_event_add_io(t->scope->manager->event, &t->dns_udp_event_source, fd, EPOLLIN, on_dns_packet, t);
-                        if (r < 0) {
-                                safe_close(fd);
-                                return r;
-                        }
-
-                        (void) sd_event_source_set_description(t->dns_udp_event_source, "dns-transaction-udp");
-                        t->dns_udp_fd = fd;
-                }
-
-                r = dns_server_adjust_opt(t->server, t->sent, t->current_feature_level);
-                if (r < 0)
-                        return r;
-        } else
-                dns_transaction_close_connection(t);
-
-        r = dns_scope_emit_udp(t->scope, t->dns_udp_fd, t->sent);
-        if (r < 0)
-                return r;
-
-        dns_transaction_reset_answer(t);
-
-        return 0;
-}
-
-static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdata) {
-        DnsTransaction *t = userdata;
-
-        assert(s);
-        assert(t);
-
-        if (!t->initial_jitter_scheduled || t->initial_jitter_elapsed) {
-                /* Timeout reached? Increase the timeout for the server used */
-                switch (t->scope->protocol) {
-
-                case DNS_PROTOCOL_DNS:
-                        assert(t->server);
-                        dns_server_packet_lost(t->server, t->stream ? IPPROTO_TCP : IPPROTO_UDP, t->current_feature_level, usec - t->start_usec);
-                        break;
-
-                case DNS_PROTOCOL_LLMNR:
-                case DNS_PROTOCOL_MDNS:
-                        dns_scope_packet_lost(t->scope, usec - t->start_usec);
-                        break;
-
-                default:
-                        assert_not_reached("Invalid DNS protocol.");
-                }
-
-                if (t->initial_jitter_scheduled)
-                        t->initial_jitter_elapsed = true;
-        }
-
-        log_debug("Timeout reached on transaction %" PRIu16 ".", t->id);
-
-        dns_transaction_retry(t);
-        return 0;
-}
-
-static usec_t transaction_get_resend_timeout(DnsTransaction *t) {
-        assert(t);
-        assert(t->scope);
-
-        switch (t->scope->protocol) {
-
-        case DNS_PROTOCOL_DNS:
-                assert(t->server);
-                return t->server->resend_timeout;
-
-        case DNS_PROTOCOL_MDNS:
-                assert(t->n_attempts > 0);
-                return (1 << (t->n_attempts - 1)) * USEC_PER_SEC;
-
-        case DNS_PROTOCOL_LLMNR:
-                return t->scope->resend_timeout;
-
-        default:
-                assert_not_reached("Invalid DNS protocol.");
-        }
-}
-
-static int dns_transaction_prepare(DnsTransaction *t, usec_t ts) {
-        int r;
-
-        assert(t);
-
-        dns_transaction_stop_timeout(t);
-
-        r = dns_scope_network_good(t->scope);
-        if (r < 0)
-                return r;
-        if (r == 0) {
-                dns_transaction_complete(t, DNS_TRANSACTION_NETWORK_DOWN);
-                return 0;
-        }
-
-        if (t->n_attempts >= TRANSACTION_ATTEMPTS_MAX(t->scope->protocol)) {
-                dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
-                return 0;
-        }
-
-        if (t->scope->protocol == DNS_PROTOCOL_LLMNR && t->tried_stream) {
-                /* If we already tried via a stream, then we don't
-                 * retry on LLMNR. See RFC 4795, Section 2.7. */
-                dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
-                return 0;
-        }
-
-        t->n_attempts++;
-        t->start_usec = ts;
-
-        dns_transaction_reset_answer(t);
-        dns_transaction_flush_dnssec_transactions(t);
-
-        /* Check the trust anchor. Do so only on classic DNS, since DNSSEC does not apply otherwise. */
-        if (t->scope->protocol == DNS_PROTOCOL_DNS) {
-                r = dns_trust_anchor_lookup_positive(&t->scope->manager->trust_anchor, t->key, &t->answer);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        t->answer_rcode = DNS_RCODE_SUCCESS;
-                        t->answer_source = DNS_TRANSACTION_TRUST_ANCHOR;
-                        t->answer_authenticated = true;
-                        dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
-                        return 0;
-                }
-
-                if (dns_name_is_root(dns_resource_key_name(t->key)) &&
-                    t->key->type == DNS_TYPE_DS) {
-
-                        /* Hmm, this is a request for the root DS? A
-                         * DS RR doesn't exist in the root zone, and
-                         * if our trust anchor didn't know it either,
-                         * this means we cannot do any DNSSEC logic
-                         * anymore. */
-
-                        if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE) {
-                                /* We are in downgrade mode. In this
-                                 * case, synthesize an unsigned empty
-                                 * response, so that the any lookup
-                                 * depending on this one can continue
-                                 * assuming there was no DS, and hence
-                                 * the root zone was unsigned. */
-
-                                t->answer_rcode = DNS_RCODE_SUCCESS;
-                                t->answer_source = DNS_TRANSACTION_TRUST_ANCHOR;
-                                t->answer_authenticated = false;
-                                dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
-                        } else
-                                /* If we are not in downgrade mode,
-                                 * then fail the lookup, because we
-                                 * cannot reasonably answer it. There
-                                 * might be DS RRs, but we don't know
-                                 * them, and the DNS server won't tell
-                                 * them to us (and even if it would,
-                                 * we couldn't validate and trust them. */
-                                dns_transaction_complete(t, DNS_TRANSACTION_NO_TRUST_ANCHOR);
-
-                        return 0;
-                }
-        }
-
-        /* Check the zone, but only if this transaction is not used
-         * for probing or verifying a zone item. */
-        if (set_isempty(t->notify_zone_items)) {
-
-                r = dns_zone_lookup(&t->scope->zone, t->key, &t->answer, NULL, NULL);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        t->answer_rcode = DNS_RCODE_SUCCESS;
-                        t->answer_source = DNS_TRANSACTION_ZONE;
-                        t->answer_authenticated = true;
-                        dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
-                        return 0;
-                }
-        }
-
-        /* Check the cache, but only if this transaction is not used
-         * for probing or verifying a zone item. */
-        if (set_isempty(t->notify_zone_items)) {
-
-                /* Before trying the cache, let's make sure we figured out a
-                 * server to use. Should this cause a change of server this
-                 * might flush the cache. */
-                dns_scope_get_dns_server(t->scope);
-
-                /* Let's then prune all outdated entries */
-                dns_cache_prune(&t->scope->cache);
-
-                r = dns_cache_lookup(&t->scope->cache, t->key, &t->answer_rcode, &t->answer, &t->answer_authenticated);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        t->answer_source = DNS_TRANSACTION_CACHE;
-                        if (t->answer_rcode == DNS_RCODE_SUCCESS)
-                                dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
-                        else
-                                dns_transaction_complete(t, DNS_TRANSACTION_RCODE_FAILURE);
-                        return 0;
-                }
-        }
-
-        return 1;
-}
-
-static int dns_transaction_make_packet_mdns(DnsTransaction *t) {
-
-        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
-        bool add_known_answers = false;
-        DnsTransaction *other;
-        unsigned qdcount;
-        usec_t ts;
-        int r;
-
-        assert(t);
-        assert(t->scope->protocol == DNS_PROTOCOL_MDNS);
-
-        /* Discard any previously prepared packet, so we can start over and coalesce again */
-        t->sent = dns_packet_unref(t->sent);
-
-        r = dns_packet_new_query(&p, t->scope->protocol, 0, false);
-        if (r < 0)
-                return r;
-
-        r = dns_packet_append_key(p, t->key, NULL);
-        if (r < 0)
-                return r;
-
-        qdcount = 1;
-
-        if (dns_key_is_shared(t->key))
-                add_known_answers = true;
-
-        /*
-         * For mDNS, we want to coalesce as many open queries in pending transactions into one single
-         * query packet on the wire as possible. To achieve that, we iterate through all pending transactions
-         * in our current scope, and see whether their timing contraints allow them to be sent.
-         */
-
-        assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
-
-        LIST_FOREACH(transactions_by_scope, other, t->scope->transactions) {
-
-                /* Skip ourselves */
-                if (other == t)
-                        continue;
-
-                if (other->state != DNS_TRANSACTION_PENDING)
-                        continue;
-
-                if (other->next_attempt_after > ts)
-                        continue;
-
-                if (qdcount >= UINT16_MAX)
-                        break;
-
-                r = dns_packet_append_key(p, other->key, NULL);
-
-                /*
-                 * If we can't stuff more questions into the packet, just give up.
-                 * One of the 'other' transactions will fire later and take care of the rest.
-                 */
-                if (r == -EMSGSIZE)
-                        break;
-
-                if (r < 0)
-                        return r;
-
-                r = dns_transaction_prepare(other, ts);
-                if (r <= 0)
-                        continue;
-
-                ts += transaction_get_resend_timeout(other);
-
-                r = sd_event_add_time(
-                                other->scope->manager->event,
-                                &other->timeout_event_source,
-                                clock_boottime_or_monotonic(),
-                                ts, 0,
-                                on_transaction_timeout, other);
-                if (r < 0)
-                        return r;
-
-                (void) sd_event_source_set_description(t->timeout_event_source, "dns-transaction-timeout");
-
-                other->state = DNS_TRANSACTION_PENDING;
-                other->next_attempt_after = ts;
-
-                qdcount++;
-
-                if (dns_key_is_shared(other->key))
-                        add_known_answers = true;
-        }
-
-        DNS_PACKET_HEADER(p)->qdcount = htobe16(qdcount);
-
-        /* Append known answer section if we're asking for any shared record */
-        if (add_known_answers) {
-                r = dns_cache_export_shared_to_packet(&t->scope->cache, p);
-                if (r < 0)
-                        return r;
-        }
-
-        t->sent = p;
-        p = NULL;
-
-        return 0;
-}
-
-static int dns_transaction_make_packet(DnsTransaction *t) {
-        _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
-        int r;
-
-        assert(t);
-
-        if (t->scope->protocol == DNS_PROTOCOL_MDNS)
-                return dns_transaction_make_packet_mdns(t);
-
-        if (t->sent)
-                return 0;
-
-        r = dns_packet_new_query(&p, t->scope->protocol, 0, t->scope->dnssec_mode != DNSSEC_NO);
-        if (r < 0)
-                return r;
-
-        r = dns_packet_append_key(p, t->key, NULL);
-        if (r < 0)
-                return r;
-
-        DNS_PACKET_HEADER(p)->qdcount = htobe16(1);
-        DNS_PACKET_HEADER(p)->id = t->id;
-
-        t->sent = p;
-        p = NULL;
-
-        return 0;
-}
-
-int dns_transaction_go(DnsTransaction *t) {
-        usec_t ts;
-        int r;
-        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
-
-        assert(t);
-
-        assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
-
-        r = dns_transaction_prepare(t, ts);
-        if (r <= 0)
-                return r;
-
-        log_debug("Transaction %" PRIu16 " for <%s> scope %s on %s/%s.",
-                  t->id,
-                  dns_resource_key_to_string(t->key, key_str, sizeof key_str),
-                  dns_protocol_to_string(t->scope->protocol),
-                  t->scope->link ? t->scope->link->name : "*",
-                  af_to_name_short(t->scope->family));
-
-        if (!t->initial_jitter_scheduled &&
-            (t->scope->protocol == DNS_PROTOCOL_LLMNR ||
-             t->scope->protocol == DNS_PROTOCOL_MDNS)) {
-                usec_t jitter, accuracy;
-
-                /* RFC 4795 Section 2.7 suggests all queries should be
-                 * delayed by a random time from 0 to JITTER_INTERVAL. */
-
-                t->initial_jitter_scheduled = true;
-
-                random_bytes(&jitter, sizeof(jitter));
-
-                switch (t->scope->protocol) {
-
-                case DNS_PROTOCOL_LLMNR:
-                        jitter %= LLMNR_JITTER_INTERVAL_USEC;
-                        accuracy = LLMNR_JITTER_INTERVAL_USEC;
-                        break;
-
-                case DNS_PROTOCOL_MDNS:
-                        jitter %= MDNS_JITTER_RANGE_USEC;
-                        jitter += MDNS_JITTER_MIN_USEC;
-                        accuracy = MDNS_JITTER_RANGE_USEC;
-                        break;
-                default:
-                        assert_not_reached("bad protocol");
-                }
-
-                r = sd_event_add_time(
-                                t->scope->manager->event,
-                                &t->timeout_event_source,
-                                clock_boottime_or_monotonic(),
-                                ts + jitter, accuracy,
-                                on_transaction_timeout, t);
-                if (r < 0)
-                        return r;
-
-                (void) sd_event_source_set_description(t->timeout_event_source, "dns-transaction-timeout");
-
-                t->n_attempts = 0;
-                t->next_attempt_after = ts;
-                t->state = DNS_TRANSACTION_PENDING;
-
-                log_debug("Delaying %s transaction for " USEC_FMT "us.", dns_protocol_to_string(t->scope->protocol), jitter);
-                return 0;
-        }
-
-        /* Otherwise, we need to ask the network */
-        r = dns_transaction_make_packet(t);
-        if (r < 0)
-                return r;
-
-        if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
-            (dns_name_endswith(dns_resource_key_name(t->key), "in-addr.arpa") > 0 ||
-             dns_name_endswith(dns_resource_key_name(t->key), "ip6.arpa") > 0)) {
-
-                /* RFC 4795, Section 2.4. says reverse lookups shall
-                 * always be made via TCP on LLMNR */
-                r = dns_transaction_open_tcp(t);
-        } else {
-                /* Try via UDP, and if that fails due to large size or lack of
-                 * support try via TCP */
-                r = dns_transaction_emit_udp(t);
-                if (r == -EMSGSIZE)
-                        log_debug("Sending query via TCP since it is too large.");
-                if (r == -EAGAIN)
-                        log_debug("Sending query via TCP since server doesn't support UDP.");
-                if (r == -EMSGSIZE || r == -EAGAIN)
-                        r = dns_transaction_open_tcp(t);
-        }
-
-        if (r == -ESRCH) {
-                /* No servers to send this to? */
-                dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
-                return 0;
-        }
-        if (r == -EOPNOTSUPP) {
-                /* Tried to ask for DNSSEC RRs, on a server that doesn't do DNSSEC  */
-                dns_transaction_complete(t, DNS_TRANSACTION_RR_TYPE_UNSUPPORTED);
-                return 0;
-        }
-        if (t->scope->protocol == DNS_PROTOCOL_LLMNR && ERRNO_IS_DISCONNECT(-r)) {
-                /* On LLMNR, if we cannot connect to a host via TCP when doing reverse lookups. This means we cannot
-                 * answer this request with this protocol. */
-                dns_transaction_complete(t, DNS_TRANSACTION_NOT_FOUND);
-                return 0;
-        }
-        if (r < 0) {
-                if (t->scope->protocol != DNS_PROTOCOL_DNS)
-                        return r;
-
-                /* Couldn't send? Try immediately again, with a new server */
-                dns_scope_next_dns_server(t->scope);
-
-                return dns_transaction_go(t);
-        }
-
-        ts += transaction_get_resend_timeout(t);
-
-        r = sd_event_add_time(
-                        t->scope->manager->event,
-                        &t->timeout_event_source,
-                        clock_boottime_or_monotonic(),
-                        ts, 0,
-                        on_transaction_timeout, t);
-        if (r < 0)
-                return r;
-
-        (void) sd_event_source_set_description(t->timeout_event_source, "dns-transaction-timeout");
-
-        t->state = DNS_TRANSACTION_PENDING;
-        t->next_attempt_after = ts;
-
-        return 1;
-}
-
-static int dns_transaction_find_cyclic(DnsTransaction *t, DnsTransaction *aux) {
-        DnsTransaction *n;
-        Iterator i;
-        int r;
-
-        assert(t);
-        assert(aux);
-
-        /* Try to find cyclic dependencies between transaction objects */
-
-        if (t == aux)
-                return 1;
-
-        SET_FOREACH(n, aux->dnssec_transactions, i) {
-                r = dns_transaction_find_cyclic(t, n);
-                if (r != 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int dns_transaction_add_dnssec_transaction(DnsTransaction *t, DnsResourceKey *key, DnsTransaction **ret) {
-        DnsTransaction *aux;
-        int r;
-
-        assert(t);
-        assert(ret);
-        assert(key);
-
-        aux = dns_scope_find_transaction(t->scope, key, true);
-        if (!aux) {
-                r = dns_transaction_new(&aux, t->scope, key);
-                if (r < 0)
-                        return r;
-        } else {
-                if (set_contains(t->dnssec_transactions, aux)) {
-                        *ret = aux;
-                        return 0;
-                }
-
-                r = dns_transaction_find_cyclic(t, aux);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        char s[DNS_RESOURCE_KEY_STRING_MAX], saux[DNS_RESOURCE_KEY_STRING_MAX];
-
-                        log_debug("Potential cyclic dependency, refusing to add transaction %" PRIu16 " (%s) as dependency for %" PRIu16 " (%s).",
-                                  aux->id,
-                                  dns_resource_key_to_string(t->key, s, sizeof s),
-                                  t->id,
-                                  dns_resource_key_to_string(aux->key, saux, sizeof saux));
-
-                        return -ELOOP;
-                }
-        }
-
-        r = set_ensure_allocated(&t->dnssec_transactions, NULL);
-        if (r < 0)
-                goto gc;
-
-        r = set_ensure_allocated(&aux->notify_transactions, NULL);
-        if (r < 0)
-                goto gc;
-
-        r = set_ensure_allocated(&aux->notify_transactions_done, NULL);
-        if (r < 0)
-                goto gc;
-
-        r = set_put(t->dnssec_transactions, aux);
-        if (r < 0)
-                goto gc;
-
-        r = set_put(aux->notify_transactions, t);
-        if (r < 0) {
-                (void) set_remove(t->dnssec_transactions, aux);
-                goto gc;
-        }
-
-        *ret = aux;
-        return 1;
-
-gc:
-        dns_transaction_gc(aux);
-        return r;
-}
-
-static int dns_transaction_request_dnssec_rr(DnsTransaction *t, DnsResourceKey *key) {
-        _cleanup_(dns_answer_unrefp) DnsAnswer *a = NULL;
-        DnsTransaction *aux;
-        int r;
-
-        assert(t);
-        assert(key);
-
-        /* Try to get the data from the trust anchor */
-        r = dns_trust_anchor_lookup_positive(&t->scope->manager->trust_anchor, key, &a);
-        if (r < 0)
-                return r;
-        if (r > 0) {
-                r = dns_answer_extend(&t->validated_keys, a);
-                if (r < 0)
-                        return r;
-
-                return 0;
-        }
-
-        /* This didn't work, ask for it via the network/cache then. */
-        r = dns_transaction_add_dnssec_transaction(t, key, &aux);
-        if (r == -ELOOP) /* This would result in a cyclic dependency */
-                return 0;
-        if (r < 0)
-                return r;
-
-        if (aux->state == DNS_TRANSACTION_NULL) {
-                r = dns_transaction_go(aux);
-                if (r < 0)
-                        return r;
-        }
-
-        return 1;
-}
-
-static int dns_transaction_negative_trust_anchor_lookup(DnsTransaction *t, const char *name) {
-        int r;
-
-        assert(t);
-
-        /* Check whether the specified name is in the NTA
-         * database, either in the global one, or the link-local
-         * one. */
-
-        r = dns_trust_anchor_lookup_negative(&t->scope->manager->trust_anchor, name);
-        if (r != 0)
-                return r;
-
-        if (!t->scope->link)
-                return 0;
-
-        return set_contains(t->scope->link->dnssec_negative_trust_anchors, name);
-}
-
-static int dns_transaction_has_unsigned_negative_answer(DnsTransaction *t) {
-        int r;
-
-        assert(t);
-
-        /* Checks whether the answer is negative, and lacks NSEC/NSEC3
-         * RRs to prove it */
-
-        r = dns_transaction_has_positive_answer(t, NULL);
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return false;
-
-        /* Is this key explicitly listed as a negative trust anchor?
-         * If so, it's nothing we need to care about */
-        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(t->key));
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return false;
-
-        /* The answer does not contain any RRs that match to the
-         * question. If so, let's see if there are any NSEC/NSEC3 RRs
-         * included. If not, the answer is unsigned. */
-
-        r = dns_answer_contains_nsec_or_nsec3(t->answer);
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return false;
-
-        return true;
-}
-
-static int dns_transaction_is_primary_response(DnsTransaction *t, DnsResourceRecord *rr) {
-        int r;
-
-        assert(t);
-        assert(rr);
-
-        /* Check if the specified RR is the "primary" response,
-         * i.e. either matches the question precisely or is a
-         * CNAME/DNAME for it. */
-
-        r = dns_resource_key_match_rr(t->key, rr, NULL);
-        if (r != 0)
-                return r;
-
-        return dns_resource_key_match_cname_or_dname(t->key, rr->key, NULL);
-}
-
-static bool dns_transaction_dnssec_supported(DnsTransaction *t) {
-        assert(t);
-
-        /* Checks whether our transaction's DNS server is assumed to be compatible with DNSSEC. Returns false as soon
-         * as we changed our mind about a server, and now believe it is incompatible with DNSSEC. */
-
-        if (t->scope->protocol != DNS_PROTOCOL_DNS)
-                return false;
-
-        /* If we have picked no server, then we are working from the cache or some other source, and DNSSEC might well
-         * be supported, hence return true. */
-        if (!t->server)
-                return true;
-
-        if (t->current_feature_level < DNS_SERVER_FEATURE_LEVEL_DO)
-                return false;
-
-        return dns_server_dnssec_supported(t->server);
-}
-
-static bool dns_transaction_dnssec_supported_full(DnsTransaction *t) {
-        DnsTransaction *dt;
-        Iterator i;
-
-        assert(t);
-
-        /* Checks whether our transaction our any of the auxiliary transactions couldn't do DNSSEC. */
-
-        if (!dns_transaction_dnssec_supported(t))
-                return false;
-
-        SET_FOREACH(dt, t->dnssec_transactions, i)
-                if (!dns_transaction_dnssec_supported(dt))
-                        return false;
-
-        return true;
-}
-
-int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
-        DnsResourceRecord *rr;
-
-        int r;
-
-        assert(t);
-
-        /*
-         * Retrieve all auxiliary RRs for the answer we got, so that
-         * we can verify signatures or prove that RRs are rightfully
-         * unsigned. Specifically:
-         *
-         * - For RRSIG we get the matching DNSKEY
-         * - For DNSKEY we get the matching DS
-         * - For unsigned SOA/NS we get the matching DS
-         * - For unsigned CNAME/DNAME/DS we get the parent SOA RR
-         * - For other unsigned RRs we get the matching SOA RR
-         * - For SOA/NS queries with no matching response RR, and no NSEC/NSEC3, the DS RR
-         * - For DS queries with no matching response RRs, and no NSEC/NSEC3, the parent's SOA RR
-         * - For other queries with no matching response RRs, and no NSEC/NSEC3, the SOA RR
-         */
-
-        if (t->scope->dnssec_mode == DNSSEC_NO)
-                return 0;
-        if (t->answer_source != DNS_TRANSACTION_NETWORK)
-                return 0; /* We only need to validate stuff from the network */
-        if (!dns_transaction_dnssec_supported(t))
-                return 0; /* If we can't do DNSSEC anyway there's no point in geting the auxiliary RRs */
-
-        DNS_ANSWER_FOREACH(rr, t->answer) {
-
-                if (dns_type_is_pseudo(rr->key->type))
-                        continue;
-
-                /* If this RR is in the negative trust anchor, we don't need to validate it. */
-                r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
-                if (r < 0)
-                        return r;
-                if (r > 0)
-                        continue;
-
-                switch (rr->key->type) {
-
-                case DNS_TYPE_RRSIG: {
-                        /* For each RRSIG we request the matching DNSKEY */
-                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *dnskey = NULL;
-
-                        /* If this RRSIG is about a DNSKEY RR and the
-                         * signer is the same as the owner, then we
-                         * already have the DNSKEY, and we don't have
-                         * to look for more. */
-                        if (rr->rrsig.type_covered == DNS_TYPE_DNSKEY) {
-                                r = dns_name_equal(rr->rrsig.signer, dns_resource_key_name(rr->key));
-                                if (r < 0)
-                                        return r;
-                                if (r > 0)
-                                        continue;
-                        }
-
-                        /* If the signer is not a parent of our
-                         * original query, then this is about an
-                         * auxiliary RRset, but not anything we asked
-                         * for. In this case we aren't interested,
-                         * because we don't want to request additional
-                         * RRs for stuff we didn't really ask for, and
-                         * also to avoid request loops, where
-                         * additional RRs from one transaction result
-                         * in another transaction whose additonal RRs
-                         * point back to the original transaction, and
-                         * we deadlock. */
-                        r = dns_name_endswith(dns_resource_key_name(t->key), rr->rrsig.signer);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        dnskey = dns_resource_key_new(rr->key->class, DNS_TYPE_DNSKEY, rr->rrsig.signer);
-                        if (!dnskey)
-                                return -ENOMEM;
-
-                        log_debug("Requesting DNSKEY to validate transaction %" PRIu16" (%s, RRSIG with key tag: %" PRIu16 ").",
-                                  t->id, dns_resource_key_name(rr->key), rr->rrsig.key_tag);
-                        r = dns_transaction_request_dnssec_rr(t, dnskey);
-                        if (r < 0)
-                                return r;
-                        break;
-                }
-
-                case DNS_TYPE_DNSKEY: {
-                        /* For each DNSKEY we request the matching DS */
-                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *ds = NULL;
-
-                        /* If the DNSKEY we are looking at is not for
-                         * zone we are interested in, nor any of its
-                         * parents, we aren't interested, and don't
-                         * request it. After all, we don't want to end
-                         * up in request loops, and want to keep
-                         * additional traffic down. */
-
-                        r = dns_name_endswith(dns_resource_key_name(t->key), dns_resource_key_name(rr->key));
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, dns_resource_key_name(rr->key));
-                        if (!ds)
-                                return -ENOMEM;
-
-                        log_debug("Requesting DS to validate transaction %" PRIu16" (%s, DNSKEY with key tag: %" PRIu16 ").",
-                                  t->id, dns_resource_key_name(rr->key), dnssec_keytag(rr, false));
-                        r = dns_transaction_request_dnssec_rr(t, ds);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                }
-
-                case DNS_TYPE_SOA:
-                case DNS_TYPE_NS: {
-                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *ds = NULL;
-
-                        /* For an unsigned SOA or NS, try to acquire
-                         * the matching DS RR, as we are at a zone cut
-                         * then, and whether a DS exists tells us
-                         * whether the zone is signed. Do so only if
-                         * this RR matches our original question,
-                         * however. */
-
-                        r = dns_resource_key_match_rr(t->key, rr, NULL);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        r = dnssec_has_rrsig(t->answer, rr->key);
-                        if (r < 0)
-                                return r;
-                        if (r > 0)
-                                continue;
-
-                        ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, dns_resource_key_name(rr->key));
-                        if (!ds)
-                                return -ENOMEM;
-
-                        log_debug("Requesting DS to validate transaction %" PRIu16 " (%s, unsigned SOA/NS RRset).",
-                                  t->id, dns_resource_key_name(rr->key));
-                        r = dns_transaction_request_dnssec_rr(t, ds);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                }
-
-                case DNS_TYPE_DS:
-                case DNS_TYPE_CNAME:
-                case DNS_TYPE_DNAME: {
-                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
-                        const char *name;
-
-                        /* CNAMEs and DNAMEs cannot be located at a
-                         * zone apex, hence ask for the parent SOA for
-                         * unsigned CNAME/DNAME RRs, maybe that's the
-                         * apex. But do all that only if this is
-                         * actually a response to our original
-                         * question.
-                         *
-                         * Similar for DS RRs, which are signed when
-                         * the parent SOA is signed. */
-
-                        r = dns_transaction_is_primary_response(t, rr);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        r = dnssec_has_rrsig(t->answer, rr->key);
-                        if (r < 0)
-                                return r;
-                        if (r > 0)
-                                continue;
-
-                        r = dns_answer_has_dname_for_cname(t->answer, rr);
-                        if (r < 0)
-                                return r;
-                        if (r > 0)
-                                continue;
-
-                        name = dns_resource_key_name(rr->key);
-                        r = dns_name_parent(&name);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name);
-                        if (!soa)
-                                return -ENOMEM;
-
-                        log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned CNAME/DNAME/DS RRset).",
-                                  t->id, dns_resource_key_name(rr->key));
-                        r = dns_transaction_request_dnssec_rr(t, soa);
-                        if (r < 0)
-                                return r;
-
-                        break;
-                }
-
-                default: {
-                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
-
-                        /* For other unsigned RRsets (including
-                         * NSEC/NSEC3!), look for proof the zone is
-                         * unsigned, by requesting the SOA RR of the
-                         * zone. However, do so only if they are
-                         * directly relevant to our original
-                         * question. */
-
-                        r = dns_transaction_is_primary_response(t, rr);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        r = dnssec_has_rrsig(t->answer, rr->key);
-                        if (r < 0)
-                                return r;
-                        if (r > 0)
-                                continue;
-
-                        soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, dns_resource_key_name(rr->key));
-                        if (!soa)
-                                return -ENOMEM;
-
-                        log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned non-SOA/NS RRset <%s>).",
-                                  t->id, dns_resource_key_name(rr->key), dns_resource_record_to_string(rr));
-                        r = dns_transaction_request_dnssec_rr(t, soa);
-                        if (r < 0)
-                                return r;
-                        break;
-                }}
-        }
-
-        /* Above, we requested everything necessary to validate what
-         * we got. Now, let's request what we need to validate what we
-         * didn't get... */
-
-        r = dns_transaction_has_unsigned_negative_answer(t);
-        if (r < 0)
-                return r;
-        if (r > 0) {
-                const char *name;
-                uint16_t type = 0;
-
-                name = dns_resource_key_name(t->key);
-
-                /* If this was a SOA or NS request, then check if there's a DS RR for the same domain. Note that this
-                 * could also be used as indication that we are not at a zone apex, but in real world setups there are
-                 * too many broken DNS servers (Hello, incapdns.net!) where non-terminal zones return NXDOMAIN even
-                 * though they have further children. If this was a DS request, then it's signed when the parent zone
-                 * is signed, hence ask the parent SOA in that case. If this was any other RR then ask for the SOA RR,
-                 * to see if that is signed. */
-
-                if (t->key->type == DNS_TYPE_DS) {
-                        r = dns_name_parent(&name);
-                        if (r > 0) {
-                                type = DNS_TYPE_SOA;
-                                log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned empty DS response).",
-                                          t->id, dns_resource_key_name(t->key));
-                        } else
-                                name = NULL;
-
-                } else if (IN_SET(t->key->type, DNS_TYPE_SOA, DNS_TYPE_NS)) {
-
-                        type = DNS_TYPE_DS;
-                        log_debug("Requesting DS to validate transaction %" PRIu16 " (%s, unsigned empty SOA/NS response).",
-                                  t->id, dns_resource_key_name(t->key));
-
-                } else {
-                        type = DNS_TYPE_SOA;
-                        log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned empty non-SOA/NS/DS response).",
-                                  t->id, dns_resource_key_name(t->key));
-                }
-
-                if (name) {
-                        _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
-
-                        soa = dns_resource_key_new(t->key->class, type, name);
-                        if (!soa)
-                                return -ENOMEM;
-
-                        r = dns_transaction_request_dnssec_rr(t, soa);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        return dns_transaction_dnssec_is_live(t);
-}
-
-void dns_transaction_notify(DnsTransaction *t, DnsTransaction *source) {
-        assert(t);
-        assert(source);
-
-        /* Invoked whenever any of our auxiliary DNSSEC transactions completed its work. If the state is still PENDING,
-           we are still in the loop that adds further DNSSEC transactions, hence don't check if we are ready yet. If
-           the state is VALIDATING however, we should check if we are complete now. */
-
-        if (t->state == DNS_TRANSACTION_VALIDATING)
-                dns_transaction_process_dnssec(t);
-}
-
-static int dns_transaction_validate_dnskey_by_ds(DnsTransaction *t) {
-        DnsResourceRecord *rr;
-        int ifindex, r;
-
-        assert(t);
-
-        /* Add all DNSKEY RRs from the answer that are validated by DS
-         * RRs from the list of validated keys to the list of
-         * validated keys. */
-
-        DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, t->answer) {
-
-                r = dnssec_verify_dnskey_by_ds_search(rr, t->validated_keys);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        continue;
-
-                /* If so, the DNSKEY is validated too. */
-                r = dns_answer_add_extend(&t->validated_keys, rr, ifindex, DNS_ANSWER_AUTHENTICATED);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *rr) {
-        int r;
-
-        assert(t);
-        assert(rr);
-
-        /* Checks if the RR we are looking for must be signed with an
-         * RRSIG. This is used for positive responses. */
-
-        if (t->scope->dnssec_mode == DNSSEC_NO)
-                return false;
-
-        if (dns_type_is_pseudo(rr->key->type))
-                return -EINVAL;
-
-        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return false;
-
-        switch (rr->key->type) {
-
-        case DNS_TYPE_RRSIG:
-                /* RRSIGs are the signatures themselves, they need no signing. */
-                return false;
-
-        case DNS_TYPE_SOA:
-        case DNS_TYPE_NS: {
-                DnsTransaction *dt;
-                Iterator i;
-
-                /* For SOA or NS RRs we look for a matching DS transaction */
-
-                SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                        if (dt->key->class != rr->key->class)
-                                continue;
-                        if (dt->key->type != DNS_TYPE_DS)
-                                continue;
-
-                        r = dns_name_equal(dns_resource_key_name(dt->key), dns_resource_key_name(rr->key));
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        /* We found a DS transactions for the SOA/NS
-                         * RRs we are looking at. If it discovered signed DS
-                         * RRs, then we need to be signed, too. */
-
-                        if (!dt->answer_authenticated)
-                                return false;
-
-                        return dns_answer_match_key(dt->answer, dt->key, NULL);
-                }
-
-                /* We found nothing that proves this is safe to leave
-                 * this unauthenticated, hence ask inist on
-                 * authentication. */
-                return true;
-        }
-
-        case DNS_TYPE_DS:
-        case DNS_TYPE_CNAME:
-        case DNS_TYPE_DNAME: {
-                const char *parent = NULL;
-                DnsTransaction *dt;
-                Iterator i;
-
-                /*
-                 * CNAME/DNAME RRs cannot be located at a zone apex, hence look directly for the parent SOA.
-                 *
-                 * DS RRs are signed if the parent is signed, hence also look at the parent SOA
-                 */
-
-                SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                        if (dt->key->class != rr->key->class)
-                                continue;
-                        if (dt->key->type != DNS_TYPE_SOA)
-                                continue;
-
-                        if (!parent) {
-                                parent = dns_resource_key_name(rr->key);
-                                r = dns_name_parent(&parent);
-                                if (r < 0)
-                                        return r;
-                                if (r == 0) {
-                                        if (rr->key->type == DNS_TYPE_DS)
-                                                return true;
-
-                                        /* A CNAME/DNAME without a parent? That's sooo weird. */
-                                        log_debug("Transaction %" PRIu16 " claims CNAME/DNAME at root. Refusing.", t->id);
-                                        return -EBADMSG;
-                                }
-                        }
-
-                        r = dns_name_equal(dns_resource_key_name(dt->key), parent);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        return t->answer_authenticated;
-                }
-
-                return true;
-        }
-
-        default: {
-                DnsTransaction *dt;
-                Iterator i;
-
-                /* Any other kind of RR (including DNSKEY/NSEC/NSEC3). Let's see if our SOA lookup was authenticated */
-
-                SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                        if (dt->key->class != rr->key->class)
-                                continue;
-                        if (dt->key->type != DNS_TYPE_SOA)
-                                continue;
-
-                        r = dns_name_equal(dns_resource_key_name(dt->key), dns_resource_key_name(rr->key));
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        /* We found the transaction that was supposed to find
-                         * the SOA RR for us. It was successful, but found no
-                         * RR for us. This means we are not at a zone cut. In
-                         * this case, we require authentication if the SOA
-                         * lookup was authenticated too. */
-                        return t->answer_authenticated;
-                }
-
-                return true;
-        }}
-}
-
-static int dns_transaction_in_private_tld(DnsTransaction *t, const DnsResourceKey *key) {
-        DnsTransaction *dt;
-        const char *tld;
-        Iterator i;
-        int r;
-
-        /* If DNSSEC downgrade mode is on, checks whether the
-         * specified RR is one level below a TLD we have proven not to
-         * exist. In such a case we assume that this is a private
-         * domain, and permit it.
-         *
-         * This detects cases like the Fritz!Box router networks. Each
-         * Fritz!Box router serves a private "fritz.box" zone, in the
-         * non-existing TLD "box". Requests for the "fritz.box" domain
-         * are served by the router itself, while requests for the
-         * "box" domain will result in NXDOMAIN.
-         *
-         * Note that this logic is unable to detect cases where a
-         * router serves a private DNS zone directly under
-         * non-existing TLD. In such a case we cannot detect whether
-         * the TLD is supposed to exist or not, as all requests we
-         * make for it will be answered by the router's zone, and not
-         * by the root zone. */
-
-        assert(t);
-
-        if (t->scope->dnssec_mode != DNSSEC_ALLOW_DOWNGRADE)
-                return false; /* In strict DNSSEC mode what doesn't exist, doesn't exist */
-
-        tld = dns_resource_key_name(key);
-        r = dns_name_parent(&tld);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return false; /* Already the root domain */
-
-        if (!dns_name_is_single_label(tld))
-                return false;
-
-        SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                if (dt->key->class != key->class)
-                        continue;
-
-                r = dns_name_equal(dns_resource_key_name(dt->key), tld);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        continue;
-
-                /* We found an auxiliary lookup we did for the TLD. If
-                 * that returned with NXDOMAIN, we know the TLD didn't
-                 * exist, and hence this might be a private zone. */
-
-                return dt->answer_rcode == DNS_RCODE_NXDOMAIN;
-        }
-
-        return false;
-}
-
-static int dns_transaction_requires_nsec(DnsTransaction *t) {
-        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
-        DnsTransaction *dt;
-        const char *name;
-        uint16_t type = 0;
-        Iterator i;
-        int r;
-
-        assert(t);
-
-        /* Checks if we need to insist on NSEC/NSEC3 RRs for proving
-         * this negative reply */
-
-        if (t->scope->dnssec_mode == DNSSEC_NO)
-                return false;
-
-        if (dns_type_is_pseudo(t->key->type))
-                return -EINVAL;
-
-        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(t->key));
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return false;
-
-        r = dns_transaction_in_private_tld(t, t->key);
-        if (r < 0)
-                return r;
-        if (r > 0) {
-                /* The lookup is from a TLD that is proven not to
-                 * exist, and we are in downgrade mode, hence ignore
-                 * that fact that we didn't get any NSEC RRs.*/
-
-                log_info("Detected a negative query %s in a private DNS zone, permitting unsigned response.",
-                         dns_resource_key_to_string(t->key, key_str, sizeof key_str));
-                return false;
-        }
-
-        name = dns_resource_key_name(t->key);
-
-        if (t->key->type == DNS_TYPE_DS) {
-
-                /* We got a negative reply for this DS lookup? DS RRs are signed when their parent zone is signed,
-                 * hence check the parent SOA in this case. */
-
-                r = dns_name_parent(&name);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return true;
-
-                type = DNS_TYPE_SOA;
-
-        } else if (IN_SET(t->key->type, DNS_TYPE_SOA, DNS_TYPE_NS))
-                /* We got a negative reply for this SOA/NS lookup? If so, check if there's a DS RR for this */
-                type = DNS_TYPE_DS;
-        else
-                /* For all other negative replies, check for the SOA lookup */
-                type = DNS_TYPE_SOA;
-
-        /* For all other RRs we check the SOA on the same level to see
-         * if it's signed. */
-
-        SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                if (dt->key->class != t->key->class)
-                        continue;
-                if (dt->key->type != type)
-                        continue;
-
-                r = dns_name_equal(dns_resource_key_name(dt->key), name);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        continue;
-
-                return dt->answer_authenticated;
-        }
-
-        /* If in doubt, require NSEC/NSEC3 */
-        return true;
-}
-
-static int dns_transaction_dnskey_authenticated(DnsTransaction *t, DnsResourceRecord *rr) {
-        DnsResourceRecord *rrsig;
-        bool found = false;
-        int r;
-
-        /* Checks whether any of the DNSKEYs used for the RRSIGs for
-         * the specified RRset is authenticated (i.e. has a matching
-         * DS RR). */
-
-        r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return false;
-
-        DNS_ANSWER_FOREACH(rrsig, t->answer) {
-                DnsTransaction *dt;
-                Iterator i;
-
-                r = dnssec_key_match_rrsig(rr->key, rrsig);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        continue;
-
-                SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                        if (dt->key->class != rr->key->class)
-                                continue;
-
-                        if (dt->key->type == DNS_TYPE_DNSKEY) {
-
-                                r = dns_name_equal(dns_resource_key_name(dt->key), rrsig->rrsig.signer);
-                                if (r < 0)
-                                        return r;
-                                if (r == 0)
-                                        continue;
-
-                                /* OK, we found an auxiliary DNSKEY
-                                 * lookup. If that lookup is
-                                 * authenticated, report this. */
-
-                                if (dt->answer_authenticated)
-                                        return true;
-
-                                found = true;
-
-                        } else if (dt->key->type == DNS_TYPE_DS) {
-
-                                r = dns_name_equal(dns_resource_key_name(dt->key), rrsig->rrsig.signer);
-                                if (r < 0)
-                                        return r;
-                                if (r == 0)
-                                        continue;
-
-                                /* OK, we found an auxiliary DS
-                                 * lookup. If that lookup is
-                                 * authenticated and non-zero, we
-                                 * won! */
-
-                                if (!dt->answer_authenticated)
-                                        return false;
-
-                                return dns_answer_match_key(dt->answer, dt->key, NULL);
-                        }
-                }
-        }
-
-        return found ? false : -ENXIO;
-}
-
-static int dns_transaction_known_signed(DnsTransaction *t, DnsResourceRecord *rr) {
-        assert(t);
-        assert(rr);
-
-        /* We know that the root domain is signed, hence if it appears
-         * not to be signed, there's a problem with the DNS server */
-
-        return rr->key->class == DNS_CLASS_IN &&
-                dns_name_is_root(dns_resource_key_name(rr->key));
-}
-
-static int dns_transaction_check_revoked_trust_anchors(DnsTransaction *t) {
-        DnsResourceRecord *rr;
-        int r;
-
-        assert(t);
-
-        /* Maybe warn the user that we encountered a revoked DNSKEY
-         * for a key from our trust anchor. Note that we don't care
-         * whether the DNSKEY can be authenticated or not. It's
-         * sufficient if it is self-signed. */
-
-        DNS_ANSWER_FOREACH(rr, t->answer) {
-                r = dns_trust_anchor_check_revoked(&t->scope->manager->trust_anchor, rr, t->answer);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int dns_transaction_invalidate_revoked_keys(DnsTransaction *t) {
-        bool changed;
-        int r;
-
-        assert(t);
-
-        /* Removes all DNSKEY/DS objects from t->validated_keys that
-         * our trust anchors database considers revoked. */
-
-        do {
-                DnsResourceRecord *rr;
-
-                changed = false;
-
-                DNS_ANSWER_FOREACH(rr, t->validated_keys) {
-                        r = dns_trust_anchor_is_revoked(&t->scope->manager->trust_anchor, rr);
-                        if (r < 0)
-                                return r;
-                        if (r > 0) {
-                                r = dns_answer_remove_by_rr(&t->validated_keys, rr);
-                                if (r < 0)
-                                        return r;
-
-                                assert(r > 0);
-                                changed = true;
-                                break;
-                        }
-                }
-        } while (changed);
-
-        return 0;
-}
-
-static int dns_transaction_copy_validated(DnsTransaction *t) {
-        DnsTransaction *dt;
-        Iterator i;
-        int r;
-
-        assert(t);
-
-        /* Copy all validated RRs from the auxiliary DNSSEC transactions into our set of validated RRs */
-
-        SET_FOREACH(dt, t->dnssec_transactions, i) {
-
-                if (DNS_TRANSACTION_IS_LIVE(dt->state))
-                        continue;
-
-                if (!dt->answer_authenticated)
-                        continue;
-
-                r = dns_answer_extend(&t->validated_keys, dt->answer);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-typedef enum {
-        DNSSEC_PHASE_DNSKEY,   /* Phase #1, only validate DNSKEYs */
-        DNSSEC_PHASE_NSEC,     /* Phase #2, only validate NSEC+NSEC3 */
-        DNSSEC_PHASE_ALL,      /* Phase #3, validate everything else */
-} Phase;
-
-static int dnssec_validate_records(
-                DnsTransaction *t,
-                Phase phase,
-                bool *have_nsec,
-                DnsAnswer **validated) {
-
-        DnsResourceRecord *rr;
-        int r;
-
-        /* Returns negative on error, 0 if validation failed, 1 to restart validation, 2 when finished. */
-
-        DNS_ANSWER_FOREACH(rr, t->answer) {
-                DnsResourceRecord *rrsig = NULL;
-                DnssecResult result;
-
-                switch (rr->key->type) {
-                case DNS_TYPE_RRSIG:
-                        continue;
-
-                case DNS_TYPE_DNSKEY:
-                        /* We validate DNSKEYs only in the DNSKEY and ALL phases */
-                        if (phase == DNSSEC_PHASE_NSEC)
-                                continue;
-                        break;
-
-                case DNS_TYPE_NSEC:
-                case DNS_TYPE_NSEC3:
-                        *have_nsec = true;
-
-                        /* We validate NSEC/NSEC3 only in the NSEC and ALL phases */
-                        if (phase == DNSSEC_PHASE_DNSKEY)
-                                continue;
-                        break;
-
-                default:
-                        /* We validate all other RRs only in the ALL phases */
-                        if (phase != DNSSEC_PHASE_ALL)
-                                continue;
-                }
-
-                r = dnssec_verify_rrset_search(t->answer, rr->key, t->validated_keys, USEC_INFINITY, &result, &rrsig);
-                if (r < 0)
-                        return r;
-
-                log_debug("Looking at %s: %s", strna(dns_resource_record_to_string(rr)), dnssec_result_to_string(result));
-
-                if (result == DNSSEC_VALIDATED) {
-
-                        if (rr->key->type == DNS_TYPE_DNSKEY) {
-                                /* If we just validated a DNSKEY RRset, then let's add these keys to
-                                 * the set of validated keys for this transaction. */
-
-                                r = dns_answer_copy_by_key(&t->validated_keys, t->answer, rr->key, DNS_ANSWER_AUTHENTICATED);
-                                if (r < 0)
-                                        return r;
-
-                                /* Some of the DNSKEYs we just added might already have been revoked,
-                                 * remove them again in that case. */
-                                r = dns_transaction_invalidate_revoked_keys(t);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        /* Add the validated RRset to the new list of validated
-                         * RRsets, and remove it from the unvalidated RRsets.
-                         * We mark the RRset as authenticated and cacheable. */
-                        r = dns_answer_move_by_key(validated, &t->answer, rr->key, DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE);
-                        if (r < 0)
-                                return r;
-
-                        manager_dnssec_verdict(t->scope->manager, DNSSEC_SECURE, rr->key);
-
-                        /* Exit the loop, we dropped something from the answer, start from the beginning */
-                        return 1;
-                }
-
-                /* If we haven't read all DNSKEYs yet a negative result of the validation is irrelevant, as
-                 * there might be more DNSKEYs coming. Similar, if we haven't read all NSEC/NSEC3 RRs yet,
-                 * we cannot do positive wildcard proofs yet, as those require the NSEC/NSEC3 RRs. */
-                if (phase != DNSSEC_PHASE_ALL)
-                        continue;
-
-                if (result == DNSSEC_VALIDATED_WILDCARD) {
-                        bool authenticated = false;
-                        const char *source;
-
-                        /* This RRset validated, but as a wildcard. This means we need
-                         * to prove via NSEC/NSEC3 that no matching non-wildcard RR exists.*/
-
-                        /* First step, determine the source of synthesis */
-                        r = dns_resource_record_source(rrsig, &source);
-                        if (r < 0)
-                                return r;
-
-                        r = dnssec_test_positive_wildcard(*validated,
-                                                          dns_resource_key_name(rr->key),
-                                                          source,
-                                                          rrsig->rrsig.signer,
-                                                          &authenticated);
-
-                        /* Unless the NSEC proof showed that the key really doesn't exist something is off. */
-                        if (r == 0)
-                                result = DNSSEC_INVALID;
-                        else {
-                                r = dns_answer_move_by_key(validated, &t->answer, rr->key,
-                                                           authenticated ? (DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE) : 0);
-                                if (r < 0)
-                                        return r;
-
-                                manager_dnssec_verdict(t->scope->manager, authenticated ? DNSSEC_SECURE : DNSSEC_INSECURE, rr->key);
-
-                                /* Exit the loop, we dropped something from the answer, start from the beginning */
-                                return 1;
-                        }
-                }
-
-                if (result == DNSSEC_NO_SIGNATURE) {
-                        r = dns_transaction_requires_rrsig(t, rr);
-                        if (r < 0)
-                                return r;
-                        if (r == 0) {
-                                /* Data does not require signing. In that case, just copy it over,
-                                 * but remember that this is by no means authenticated.*/
-                                r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
-                                if (r < 0)
-                                        return r;
-
-                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
-                                return 1;
-                        }
-
-                        r = dns_transaction_known_signed(t, rr);
-                        if (r < 0)
-                                return r;
-                        if (r > 0) {
-                                /* This is an RR we know has to be signed. If it isn't this means
-                                 * the server is not attaching RRSIGs, hence complain. */
-
-                                dns_server_packet_rrsig_missing(t->server, t->current_feature_level);
-
-                                if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE) {
-
-                                        /* Downgrading is OK? If so, just consider the information unsigned */
-
-                                        r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
-                                        if (r < 0)
-                                                return r;
-
-                                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
-                                        return 1;
-                                }
-
-                                /* Otherwise, fail */
-                                t->answer_dnssec_result = DNSSEC_INCOMPATIBLE_SERVER;
-                                return 0;
-                        }
-
-                        r = dns_transaction_in_private_tld(t, rr->key);
-                        if (r < 0)
-                                return r;
-                        if (r > 0) {
-                                char s[DNS_RESOURCE_KEY_STRING_MAX];
-
-                                /* The data is from a TLD that is proven not to exist, and we are in downgrade
-                                 * mode, hence ignore the fact that this was not signed. */
-
-                                log_info("Detected RRset %s is in a private DNS zone, permitting unsigned RRs.",
-                                         dns_resource_key_to_string(rr->key, s, sizeof s));
-
-                                r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
-                                if (r < 0)
-                                        return r;
-
-                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
-                                return 1;
-                        }
-                }
-
-                if (IN_SET(result,
-                           DNSSEC_MISSING_KEY,
-                           DNSSEC_SIGNATURE_EXPIRED,
-                           DNSSEC_UNSUPPORTED_ALGORITHM)) {
-
-                        r = dns_transaction_dnskey_authenticated(t, rr);
-                        if (r < 0 && r != -ENXIO)
-                                return r;
-                        if (r == 0) {
-                                /* The DNSKEY transaction was not authenticated, this means there's
-                                 * no DS for this, which means it's OK if no keys are found for this signature. */
-
-                                r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0);
-                                if (r < 0)
-                                        return r;
-
-                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
-                                return 1;
-                        }
-                }
-
-                r = dns_transaction_is_primary_response(t, rr);
-                if (r < 0)
-                        return r;
-                if (r > 0) {
-                        /* Look for a matching DNAME for this CNAME */
-                        r = dns_answer_has_dname_for_cname(t->answer, rr);
-                        if (r < 0)
-                                return r;
-                        if (r == 0) {
-                                /* Also look among the stuff we already validated */
-                                r = dns_answer_has_dname_for_cname(*validated, rr);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        if (r == 0) {
-                                if (IN_SET(result,
-                                           DNSSEC_INVALID,
-                                           DNSSEC_SIGNATURE_EXPIRED,
-                                           DNSSEC_NO_SIGNATURE))
-                                        manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, rr->key);
-                                else /* DNSSEC_MISSING_KEY or DNSSEC_UNSUPPORTED_ALGORITHM */
-                                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, rr->key);
-
-                                /* This is a primary response to our question, and it failed validation.
-                                 * That's fatal. */
-                                t->answer_dnssec_result = result;
-                                return 0;
-                        }
-
-                        /* This is a primary response, but we do have a DNAME RR
-                         * in the RR that can replay this CNAME, hence rely on
-                         * that, and we can remove the CNAME in favour of it. */
-                }
-
-                /* This is just some auxiliary data. Just remove the RRset and continue. */
-                r = dns_answer_remove_by_key(&t->answer, rr->key);
-                if (r < 0)
-                        return r;
-
-                /* We dropped something from the answer, start from the beginning. */
-                return 1;
-        }
-
-        return 2; /* Finito. */
-}
-
-int dns_transaction_validate_dnssec(DnsTransaction *t) {
-        _cleanup_(dns_answer_unrefp) DnsAnswer *validated = NULL;
-        Phase phase;
-        DnsAnswerFlags flags;
-        int r;
-        char key_str[DNS_RESOURCE_KEY_STRING_MAX];
-
-        assert(t);
-
-        /* We have now collected all DS and DNSKEY RRs in
-         * t->validated_keys, let's see which RRs we can now
-         * authenticate with that. */
-
-        if (t->scope->dnssec_mode == DNSSEC_NO)
-                return 0;
-
-        /* Already validated */
-        if (t->answer_dnssec_result != _DNSSEC_RESULT_INVALID)
-                return 0;
-
-        /* Our own stuff needs no validation */
-        if (IN_SET(t->answer_source, DNS_TRANSACTION_ZONE, DNS_TRANSACTION_TRUST_ANCHOR)) {
-                t->answer_dnssec_result = DNSSEC_VALIDATED;
-                t->answer_authenticated = true;
-                return 0;
-        }
-
-        /* Cached stuff is not affected by validation. */
-        if (t->answer_source != DNS_TRANSACTION_NETWORK)
-                return 0;
-
-        if (!dns_transaction_dnssec_supported_full(t)) {
-                /* The server does not support DNSSEC, or doesn't augment responses with RRSIGs. */
-                t->answer_dnssec_result = DNSSEC_INCOMPATIBLE_SERVER;
-                log_debug("Not validating response for %" PRIu16 ", server lacks DNSSEC support.", t->id);
-                return 0;
-        }
-
-        log_debug("Validating response from transaction %" PRIu16 " (%s).",
-                  t->id,
-                  dns_resource_key_to_string(t->key, key_str, sizeof key_str));
-
-        /* First, see if this response contains any revoked trust
-         * anchors we care about */
-        r = dns_transaction_check_revoked_trust_anchors(t);
-        if (r < 0)
-                return r;
-
-        /* Third, copy all RRs we acquired successfully from auxiliary RRs over. */
-        r = dns_transaction_copy_validated(t);
-        if (r < 0)
-                return r;
-
-        /* Second, see if there are DNSKEYs we already know a
-         * validated DS for. */
-        r = dns_transaction_validate_dnskey_by_ds(t);
-        if (r < 0)
-                return r;
-
-        /* Fourth, remove all DNSKEY and DS RRs again that our trust
-         * anchor says are revoked. After all we might have marked
-         * some keys revoked above, but they might still be lingering
-         * in our validated_keys list. */
-        r = dns_transaction_invalidate_revoked_keys(t);
-        if (r < 0)
-                return r;
-
-        phase = DNSSEC_PHASE_DNSKEY;
-        for (;;) {
-                bool have_nsec = false;
-
-                r = dnssec_validate_records(t, phase, &have_nsec, &validated);
-                if (r <= 0)
-                        return r;
-
-                /* Try again as long as we managed to achieve something */
-                if (r == 1)
-                        continue;
-
-                if (phase == DNSSEC_PHASE_DNSKEY && have_nsec) {
-                        /* OK, we processed all DNSKEYs, and there are NSEC/NSEC3 RRs, look at those now. */
-                        phase = DNSSEC_PHASE_NSEC;
-                        continue;
-                }
-
-                if (phase != DNSSEC_PHASE_ALL) {
-                        /* OK, we processed all DNSKEYs and NSEC/NSEC3 RRs, look at all the rest now.
-                         * Note that in this third phase we start to remove RRs we couldn't validate. */
-                        phase = DNSSEC_PHASE_ALL;
-                        continue;
-                }
-
-                /* We're done */
-                break;
-        }
-
-        dns_answer_unref(t->answer);
-        t->answer = validated;
-        validated = NULL;
-
-        /* At this point the answer only contains validated
-         * RRsets. Now, let's see if it actually answers the question
-         * we asked. If so, great! If it doesn't, then see if
-         * NSEC/NSEC3 can prove this. */
-        r = dns_transaction_has_positive_answer(t, &flags);
-        if (r > 0) {
-                /* Yes, it answers the question! */
-
-                if (flags & DNS_ANSWER_AUTHENTICATED) {
-                        /* The answer is fully authenticated, yay. */
-                        t->answer_dnssec_result = DNSSEC_VALIDATED;
-                        t->answer_rcode = DNS_RCODE_SUCCESS;
-                        t->answer_authenticated = true;
-                } else {
-                        /* The answer is not fully authenticated. */
-                        t->answer_dnssec_result = DNSSEC_UNSIGNED;
-                        t->answer_authenticated = false;
-                }
-
-        } else if (r == 0) {
-                DnssecNsecResult nr;
-                bool authenticated = false;
-
-                /* Bummer! Let's check NSEC/NSEC3 */
-                r = dnssec_nsec_test(t->answer, t->key, &nr, &authenticated, &t->answer_nsec_ttl);
-                if (r < 0)
-                        return r;
-
-                switch (nr) {
-
-                case DNSSEC_NSEC_NXDOMAIN:
-                        /* NSEC proves the domain doesn't exist. Very good. */
-                        log_debug("Proved NXDOMAIN via NSEC/NSEC3 for transaction %u (%s)", t->id, key_str);
-                        t->answer_dnssec_result = DNSSEC_VALIDATED;
-                        t->answer_rcode = DNS_RCODE_NXDOMAIN;
-                        t->answer_authenticated = authenticated;
-
-                        manager_dnssec_verdict(t->scope->manager, authenticated ? DNSSEC_SECURE : DNSSEC_INSECURE, t->key);
-                        break;
-
-                case DNSSEC_NSEC_NODATA:
-                        /* NSEC proves that there's no data here, very good. */
-                        log_debug("Proved NODATA via NSEC/NSEC3 for transaction %u (%s)", t->id, key_str);
-                        t->answer_dnssec_result = DNSSEC_VALIDATED;
-                        t->answer_rcode = DNS_RCODE_SUCCESS;
-                        t->answer_authenticated = authenticated;
-
-                        manager_dnssec_verdict(t->scope->manager, authenticated ? DNSSEC_SECURE : DNSSEC_INSECURE, t->key);
-                        break;
-
-                case DNSSEC_NSEC_OPTOUT:
-                        /* NSEC3 says the data might not be signed */
-                        log_debug("Data is NSEC3 opt-out via NSEC/NSEC3 for transaction %u (%s)", t->id, key_str);
-                        t->answer_dnssec_result = DNSSEC_UNSIGNED;
-                        t->answer_authenticated = false;
-
-                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, t->key);
-                        break;
-
-                case DNSSEC_NSEC_NO_RR:
-                        /* No NSEC data? Bummer! */
-
-                        r = dns_transaction_requires_nsec(t);
-                        if (r < 0)
-                                return r;
-                        if (r > 0) {
-                                t->answer_dnssec_result = DNSSEC_NO_SIGNATURE;
-                                manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, t->key);
-                        } else {
-                                t->answer_dnssec_result = DNSSEC_UNSIGNED;
-                                t->answer_authenticated = false;
-                                manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, t->key);
-                        }
-
-                        break;
-
-                case DNSSEC_NSEC_UNSUPPORTED_ALGORITHM:
-                        /* We don't know the NSEC3 algorithm used? */
-                        t->answer_dnssec_result = DNSSEC_UNSUPPORTED_ALGORITHM;
-                        manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, t->key);
-                        break;
-
-                case DNSSEC_NSEC_FOUND:
-                case DNSSEC_NSEC_CNAME:
-                        /* NSEC says it needs to be there, but we couldn't find it? Bummer! */
-                        t->answer_dnssec_result = DNSSEC_NSEC_MISMATCH;
-                        manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, t->key);
-                        break;
-
-                default:
-                        assert_not_reached("Unexpected NSEC result.");
-                }
-        }
-
-        return 1;
-}
-
-static const char* const dns_transaction_state_table[_DNS_TRANSACTION_STATE_MAX] = {
-        [DNS_TRANSACTION_NULL] = "null",
-        [DNS_TRANSACTION_PENDING] = "pending",
-        [DNS_TRANSACTION_VALIDATING] = "validating",
-        [DNS_TRANSACTION_RCODE_FAILURE] = "rcode-failure",
-        [DNS_TRANSACTION_SUCCESS] = "success",
-        [DNS_TRANSACTION_NO_SERVERS] = "no-servers",
-        [DNS_TRANSACTION_TIMEOUT] = "timeout",
-        [DNS_TRANSACTION_ATTEMPTS_MAX_REACHED] = "attempts-max-reached",
-        [DNS_TRANSACTION_INVALID_REPLY] = "invalid-reply",
-        [DNS_TRANSACTION_ERRNO] = "errno",
-        [DNS_TRANSACTION_ABORTED] = "aborted",
-        [DNS_TRANSACTION_DNSSEC_FAILED] = "dnssec-failed",
-        [DNS_TRANSACTION_NO_TRUST_ANCHOR] = "no-trust-anchor",
-        [DNS_TRANSACTION_RR_TYPE_UNSUPPORTED] = "rr-type-unsupported",
-        [DNS_TRANSACTION_NETWORK_DOWN] = "network-down",
-        [DNS_TRANSACTION_NOT_FOUND] = "not-found",
-};
-DEFINE_STRING_TABLE_LOOKUP(dns_transaction_state, DnsTransactionState);
-
-static const char* const dns_transaction_source_table[_DNS_TRANSACTION_SOURCE_MAX] = {
-        [DNS_TRANSACTION_NETWORK] = "network",
-        [DNS_TRANSACTION_CACHE] = "cache",
-        [DNS_TRANSACTION_ZONE] = "zone",
-        [DNS_TRANSACTION_TRUST_ANCHOR] = "trust-anchor",
-};
-DEFINE_STRING_TABLE_LOOKUP(dns_transaction_source, DnsTransactionSource);
diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c
deleted file mode 100644
index 77370e7dd5..0000000000
--- a/src/resolve/resolved-dns-trust-anchor.c
+++ /dev/null
@@ -1,743 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <sd-messages.h>
-
-#include "alloc-util.h"
-#include "conf-files.h"
-#include "def.h"
-#include "dns-domain.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "hexdecoct.h"
-#include "parse-util.h"
-#include "resolved-dns-trust-anchor.h"
-#include "resolved-dns-dnssec.h"
-#include "set.h"
-#include "string-util.h"
-#include "strv.h"
-
-static const char trust_anchor_dirs[] = CONF_PATHS_NULSTR("dnssec-trust-anchors.d");
-
-/* The DS RR from https://data.iana.org/root-anchors/root-anchors.xml, retrieved December 2015 */
-static const uint8_t root_digest[] =
-        { 0x49, 0xAA, 0xC1, 0x1D, 0x7B, 0x6F, 0x64, 0x46, 0x70, 0x2E, 0x54, 0xA1, 0x60, 0x73, 0x71, 0x60,
-          0x7A, 0x1A, 0x41, 0x85, 0x52, 0x00, 0xFD, 0x2C, 0xE1, 0xCD, 0xDE, 0x32, 0xF2, 0x4E, 0x8F, 0xB5 };
-
-static bool dns_trust_anchor_knows_domain_positive(DnsTrustAnchor *d, const char *name) {
-        assert(d);
-
-        /* Returns true if there's an entry for the specified domain
-         * name in our trust anchor */
-
-        return
-                hashmap_contains(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DNSKEY, name)) ||
-                hashmap_contains(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, name));
-}
-
-static int dns_trust_anchor_add_builtin_positive(DnsTrustAnchor *d) {
-        _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
-        _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
-        int r;
-
-        assert(d);
-
-        r = hashmap_ensure_allocated(&d->positive_by_key, &dns_resource_key_hash_ops);
-        if (r < 0)
-                return r;
-
-        /* Only add the built-in trust anchor if there's neither a DS
-         * nor a DNSKEY defined for the root domain. That way users
-         * have an easy way to override the root domain DS/DNSKEY
-         * data. */
-        if (dns_trust_anchor_knows_domain_positive(d, "."))
-                return 0;
-
-        /* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */
-        rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, "");
-        if (!rr)
-                return -ENOMEM;
-
-        rr->ds.key_tag = 19036;
-        rr->ds.algorithm = DNSSEC_ALGORITHM_RSASHA256;
-        rr->ds.digest_type = DNSSEC_DIGEST_SHA256;
-        rr->ds.digest_size = sizeof(root_digest);
-        rr->ds.digest = memdup(root_digest, rr->ds.digest_size);
-        if (!rr->ds.digest)
-                return  -ENOMEM;
-
-        answer = dns_answer_new(1);
-        if (!answer)
-                return -ENOMEM;
-
-        r = dns_answer_add(answer, rr, 0, DNS_ANSWER_AUTHENTICATED);
-        if (r < 0)
-                return r;
-
-        r = hashmap_put(d->positive_by_key, rr->key, answer);
-        if (r < 0)
-                return r;
-
-        answer = NULL;
-        return 0;
-}
-
-static int dns_trust_anchor_add_builtin_negative(DnsTrustAnchor *d) {
-
-        static const char private_domains[] =
-                /* RFC 6761 says that .test is a special domain for
-                 * testing and not to be installed in the root zone */
-                "test\0"
-
-                /* RFC 6761 says that these reverse IP lookup ranges
-                 * are for private addresses, and hence should not
-                 * show up in the root zone */
-                "10.in-addr.arpa\0"
-                "16.172.in-addr.arpa\0"
-                "17.172.in-addr.arpa\0"
-                "18.172.in-addr.arpa\0"
-                "19.172.in-addr.arpa\0"
-                "20.172.in-addr.arpa\0"
-                "21.172.in-addr.arpa\0"
-                "22.172.in-addr.arpa\0"
-                "23.172.in-addr.arpa\0"
-                "24.172.in-addr.arpa\0"
-                "25.172.in-addr.arpa\0"
-                "26.172.in-addr.arpa\0"
-                "27.172.in-addr.arpa\0"
-                "28.172.in-addr.arpa\0"
-                "29.172.in-addr.arpa\0"
-                "30.172.in-addr.arpa\0"
-                "31.172.in-addr.arpa\0"
-                "168.192.in-addr.arpa\0"
-
-                /* RFC 6762 reserves the .local domain for Multicast
-                 * DNS, it hence cannot appear in the root zone. (Note
-                 * that we by default do not route .local traffic to
-                 * DNS anyway, except when a configured search domain
-                 * suggests so.) */
-                "local\0"
-
-                /* These two are well known, popular private zone
-                 * TLDs, that are blocked from delegation, according
-                 * to:
-                 * http://icannwiki.com/Name_Collision#NGPC_Resolution
-                 *
-                 * There's also ongoing work on making this official
-                 * in an RRC:
-                 * https://www.ietf.org/archive/id/draft-chapin-additional-reserved-tlds-02.txt */
-                "home\0"
-                "corp\0"
-
-                /* The following four TLDs are suggested for private
-                 * zones in RFC 6762, Appendix G, and are hence very
-                 * unlikely to be made official TLDs any day soon */
-                "lan\0"
-                "intranet\0"
-                "internal\0"
-                "private\0";
-
-        const char *name;
-        int r;
-
-        assert(d);
-
-        /* Only add the built-in trust anchor if there's no negative
-         * trust anchor defined at all. This enables easy overriding
-         * of negative trust anchors. */
-
-        if (set_size(d->negative_by_name) > 0)
-                return 0;
-
-        r = set_ensure_allocated(&d->negative_by_name, &dns_name_hash_ops);
-        if (r < 0)
-                return r;
-
-        /* We add a couple of domains as default negative trust
-         * anchors, where it's very unlikely they will be installed in
-         * the root zone. If they exist they must be private, and thus
-         * unsigned. */
-
-        NULSTR_FOREACH(name, private_domains) {
-
-                if (dns_trust_anchor_knows_domain_positive(d, name))
-                        continue;
-
-                r = set_put_strdup(d->negative_by_name, name);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, unsigned line, const char *s) {
-        _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
-        _cleanup_free_ char *domain = NULL, *class = NULL, *type = NULL;
-        _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
-        DnsAnswer *old_answer = NULL;
-        const char *p = s;
-        int r;
-
-        assert(d);
-        assert(line);
-
-        r = extract_first_word(&p, &domain, NULL, EXTRACT_QUOTES);
-        if (r < 0)
-                return log_warning_errno(r, "Unable to parse domain in line %s:%u: %m", path, line);
-
-        if (!dns_name_is_valid(domain)) {
-                log_warning("Domain name %s is invalid, at line %s:%u, ignoring line.", domain, path, line);
-                return -EINVAL;
-        }
-
-        r = extract_many_words(&p, NULL, 0, &class, &type, NULL);
-        if (r < 0)
-                return log_warning_errno(r, "Unable to parse class and type in line %s:%u: %m", path, line);
-        if (r != 2) {
-                log_warning("Missing class or type in line %s:%u", path, line);
-                return -EINVAL;
-        }
-
-        if (!strcaseeq(class, "IN")) {
-                log_warning("RR class %s is not supported, ignoring line %s:%u.", class, path, line);
-                return -EINVAL;
-        }
-
-        if (strcaseeq(type, "DS")) {
-                _cleanup_free_ char *key_tag = NULL, *algorithm = NULL, *digest_type = NULL, *digest = NULL;
-                _cleanup_free_ void *dd = NULL;
-                uint16_t kt;
-                int a, dt;
-                size_t l;
-
-                r = extract_many_words(&p, NULL, 0, &key_tag, &algorithm, &digest_type, &digest, NULL);
-                if (r < 0) {
-                        log_warning_errno(r, "Failed to parse DS parameters on line %s:%u: %m", path, line);
-                        return -EINVAL;
-                }
-                if (r != 4) {
-                        log_warning("Missing DS parameters on line %s:%u", path, line);
-                        return -EINVAL;
-                }
-
-                r = safe_atou16(key_tag, &kt);
-                if (r < 0)
-                        return log_warning_errno(r, "Failed to parse DS key tag %s on line %s:%u: %m", key_tag, path, line);
-
-                a = dnssec_algorithm_from_string(algorithm);
-                if (a < 0) {
-                        log_warning("Failed to parse DS algorithm %s on line %s:%u", algorithm, path, line);
-                        return -EINVAL;
-                }
-
-                dt = dnssec_digest_from_string(digest_type);
-                if (dt < 0) {
-                        log_warning("Failed to parse DS digest type %s on line %s:%u", digest_type, path, line);
-                        return -EINVAL;
-                }
-
-                r = unhexmem(digest, strlen(digest), &dd, &l);
-                if (r < 0) {
-                        log_warning("Failed to parse DS digest %s on line %s:%u", digest, path, line);
-                        return -EINVAL;
-                }
-
-                rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, domain);
-                if (!rr)
-                        return log_oom();
-
-                rr->ds.key_tag = kt;
-                rr->ds.algorithm = a;
-                rr->ds.digest_type = dt;
-                rr->ds.digest_size = l;
-                rr->ds.digest = dd;
-                dd = NULL;
-
-        } else if (strcaseeq(type, "DNSKEY")) {
-                _cleanup_free_ char *flags = NULL, *protocol = NULL, *algorithm = NULL, *key = NULL;
-                _cleanup_free_ void *k = NULL;
-                uint16_t f;
-                size_t l;
-                int a;
-
-                r = extract_many_words(&p, NULL, 0, &flags, &protocol, &algorithm, &key, NULL);
-                if (r < 0)
-                        return log_warning_errno(r, "Failed to parse DNSKEY parameters on line %s:%u: %m", path, line);
-                if (r != 4) {
-                        log_warning("Missing DNSKEY parameters on line %s:%u", path, line);
-                        return -EINVAL;
-                }
-
-                if (!streq(protocol, "3")) {
-                        log_warning("DNSKEY Protocol is not 3 on line %s:%u", path, line);
-                        return -EINVAL;
-                }
-
-                r = safe_atou16(flags, &f);
-                if (r < 0)
-                        return log_warning_errno(r, "Failed to parse DNSKEY flags field %s on line %s:%u", flags, path, line);
-                if ((f & DNSKEY_FLAG_ZONE_KEY) == 0) {
-                        log_warning("DNSKEY lacks zone key bit set on line %s:%u", path, line);
-                        return -EINVAL;
-                }
-                if ((f & DNSKEY_FLAG_REVOKE)) {
-                        log_warning("DNSKEY is already revoked on line %s:%u", path, line);
-                        return -EINVAL;
-                }
-
-                a = dnssec_algorithm_from_string(algorithm);
-                if (a < 0) {
-                        log_warning("Failed to parse DNSKEY algorithm %s on line %s:%u", algorithm, path, line);
-                        return -EINVAL;
-                }
-
-                r = unbase64mem(key, strlen(key), &k, &l);
-                if (r < 0)
-                        return log_warning_errno(r, "Failed to parse DNSKEY key data %s on line %s:%u", key, path, line);
-
-                rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DNSKEY, domain);
-                if (!rr)
-                        return log_oom();
-
-                rr->dnskey.flags = f;
-                rr->dnskey.protocol = 3;
-                rr->dnskey.algorithm = a;
-                rr->dnskey.key_size = l;
-                rr->dnskey.key = k;
-                k = NULL;
-
-        } else {
-                log_warning("RR type %s is not supported, ignoring line %s:%u.", type, path, line);
-                return -EINVAL;
-        }
-
-        if (!isempty(p)) {
-                log_warning("Trailing garbage on line %s:%u, ignoring line.", path, line);
-                return -EINVAL;
-        }
-
-        r = hashmap_ensure_allocated(&d->positive_by_key, &dns_resource_key_hash_ops);
-        if (r < 0)
-                return log_oom();
-
-        old_answer = hashmap_get(d->positive_by_key, rr->key);
-        answer = dns_answer_ref(old_answer);
-
-        r = dns_answer_add_extend(&answer, rr, 0, DNS_ANSWER_AUTHENTICATED);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add trust anchor RR: %m");
-
-        r = hashmap_replace(d->positive_by_key, rr->key, answer);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add answer to trust anchor: %m");
-
-        old_answer = dns_answer_unref(old_answer);
-        answer = NULL;
-
-        return 0;
-}
-
-static int dns_trust_anchor_load_negative(DnsTrustAnchor *d, const char *path, unsigned line, const char *s) {
-        _cleanup_free_ char *domain = NULL;
-        const char *p = s;
-        int r;
-
-        assert(d);
-        assert(line);
-
-        r = extract_first_word(&p, &domain, NULL, EXTRACT_QUOTES);
-        if (r < 0)
-                return log_warning_errno(r, "Unable to parse line %s:%u: %m", path, line);
-
-        if (!dns_name_is_valid(domain)) {
-                log_warning("Domain name %s is invalid, at line %s:%u, ignoring line.", domain, path, line);
-                return -EINVAL;
-        }
-
-        if (!isempty(p)) {
-                log_warning("Trailing garbage at line %s:%u, ignoring line.", path, line);
-                return -EINVAL;
-        }
-
-        r = set_ensure_allocated(&d->negative_by_name, &dns_name_hash_ops);
-        if (r < 0)
-                return log_oom();
-
-        r = set_put(d->negative_by_name, domain);
-        if (r < 0)
-                return log_oom();
-        if (r > 0)
-                domain = NULL;
-
-        return 0;
-}
-
-static int dns_trust_anchor_load_files(
-                DnsTrustAnchor *d,
-                const char *suffix,
-                int (*loader)(DnsTrustAnchor *d, const char *path, unsigned n, const char *line)) {
-
-        _cleanup_strv_free_ char **files = NULL;
-        char **f;
-        int r;
-
-        assert(d);
-        assert(suffix);
-        assert(loader);
-
-        r = conf_files_list_nulstr(&files, suffix, NULL, trust_anchor_dirs);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enumerate %s trust anchor files: %m", suffix);
-
-        STRV_FOREACH(f, files) {
-                _cleanup_fclose_ FILE *g = NULL;
-                char line[LINE_MAX];
-                unsigned n = 0;
-
-                g = fopen(*f, "r");
-                if (!g) {
-                        if (errno == ENOENT)
-                                continue;
-
-                        log_warning_errno(errno, "Failed to open %s: %m", *f);
-                        continue;
-                }
-
-                FOREACH_LINE(line, g, log_warning_errno(errno, "Failed to read %s, ignoring: %m", *f)) {
-                        char *l;
-
-                        n++;
-
-                        l = strstrip(line);
-                        if (isempty(l))
-                                continue;
-
-                        if (*l == ';')
-                                continue;
-
-                        (void) loader(d, *f, n, l);
-                }
-        }
-
-        return 0;
-}
-
-static int domain_name_cmp(const void *a, const void *b) {
-        char **x = (char**) a, **y = (char**) b;
-
-        return dns_name_compare_func(*x, *y);
-}
-
-static int dns_trust_anchor_dump(DnsTrustAnchor *d) {
-        DnsAnswer *a;
-        Iterator i;
-
-        assert(d);
-
-        if (hashmap_isempty(d->positive_by_key))
-                log_info("No positive trust anchors defined.");
-        else {
-                log_info("Positive Trust Anchors:");
-                HASHMAP_FOREACH(a, d->positive_by_key, i) {
-                        DnsResourceRecord *rr;
-
-                        DNS_ANSWER_FOREACH(rr, a)
-                                log_info("%s", dns_resource_record_to_string(rr));
-                }
-        }
-
-        if (set_isempty(d->negative_by_name))
-                log_info("No negative trust anchors defined.");
-        else {
-                _cleanup_free_ char **l = NULL, *j = NULL;
-
-                l = set_get_strv(d->negative_by_name);
-                if (!l)
-                        return log_oom();
-
-                qsort_safe(l, set_size(d->negative_by_name), sizeof(char*), domain_name_cmp);
-
-                j = strv_join(l, " ");
-                if (!j)
-                        return log_oom();
-
-                log_info("Negative trust anchors: %s", j);
-        }
-
-        return 0;
-}
-
-int dns_trust_anchor_load(DnsTrustAnchor *d) {
-        int r;
-
-        assert(d);
-
-        /* If loading things from disk fails, we don't consider this fatal */
-        (void) dns_trust_anchor_load_files(d, ".positive", dns_trust_anchor_load_positive);
-        (void) dns_trust_anchor_load_files(d, ".negative", dns_trust_anchor_load_negative);
-
-        /* However, if the built-in DS fails, then we have a problem. */
-        r = dns_trust_anchor_add_builtin_positive(d);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add built-in positive trust anchor: %m");
-
-        r = dns_trust_anchor_add_builtin_negative(d);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add built-in negative trust anchor: %m");
-
-        dns_trust_anchor_dump(d);
-
-        return 0;
-}
-
-void dns_trust_anchor_flush(DnsTrustAnchor *d) {
-        DnsAnswer *a;
-        DnsResourceRecord *rr;
-
-        assert(d);
-
-        while ((a = hashmap_steal_first(d->positive_by_key)))
-                dns_answer_unref(a);
-        d->positive_by_key = hashmap_free(d->positive_by_key);
-
-        while ((rr = set_steal_first(d->revoked_by_rr)))
-                dns_resource_record_unref(rr);
-        d->revoked_by_rr = set_free(d->revoked_by_rr);
-
-        d->negative_by_name = set_free_free(d->negative_by_name);
-}
-
-int dns_trust_anchor_lookup_positive(DnsTrustAnchor *d, const DnsResourceKey *key, DnsAnswer **ret) {
-        DnsAnswer *a;
-
-        assert(d);
-        assert(key);
-        assert(ret);
-
-        /* We only serve DS and DNSKEY RRs. */
-        if (!IN_SET(key->type, DNS_TYPE_DS, DNS_TYPE_DNSKEY))
-                return 0;
-
-        a = hashmap_get(d->positive_by_key, key);
-        if (!a)
-                return 0;
-
-        *ret = dns_answer_ref(a);
-        return 1;
-}
-
-int dns_trust_anchor_lookup_negative(DnsTrustAnchor *d, const char *name) {
-        assert(d);
-        assert(name);
-
-        return set_contains(d->negative_by_name, name);
-}
-
-static int dns_trust_anchor_revoked_put(DnsTrustAnchor *d, DnsResourceRecord *rr) {
-        int r;
-
-        assert(d);
-
-        r = set_ensure_allocated(&d->revoked_by_rr, &dns_resource_record_hash_ops);
-        if (r < 0)
-                return r;
-
-        r = set_put(d->revoked_by_rr, rr);
-        if (r < 0)
-                return r;
-        if (r > 0)
-                dns_resource_record_ref(rr);
-
-        return r;
-}
-
-static int dns_trust_anchor_remove_revoked(DnsTrustAnchor *d, DnsResourceRecord *rr) {
-        _cleanup_(dns_answer_unrefp) DnsAnswer *new_answer = NULL;
-        DnsAnswer *old_answer;
-        int r;
-
-        /* Remember that this is a revoked trust anchor RR */
-        r = dns_trust_anchor_revoked_put(d, rr);
-        if (r < 0)
-                return r;
-
-        /* Remove this from the positive trust anchor */
-        old_answer = hashmap_get(d->positive_by_key, rr->key);
-        if (!old_answer)
-                return 0;
-
-        new_answer = dns_answer_ref(old_answer);
-
-        r = dns_answer_remove_by_rr(&new_answer, rr);
-        if (r <= 0)
-                return r;
-
-        /* We found the key! Warn the user */
-        log_struct(LOG_WARNING,
-                   LOG_MESSAGE_ID(SD_MESSAGE_DNSSEC_TRUST_ANCHOR_REVOKED),
-                   LOG_MESSAGE("DNSSEC Trust anchor %s has been revoked. Please update the trust anchor, or upgrade your operating system."), strna(dns_resource_record_to_string(rr)),
-                   "TRUST_ANCHOR=%s", dns_resource_record_to_string(rr),
-                   NULL);
-
-        if (dns_answer_size(new_answer) <= 0) {
-                assert_se(hashmap_remove(d->positive_by_key, rr->key) == old_answer);
-                dns_answer_unref(old_answer);
-                return 1;
-        }
-
-        r = hashmap_replace(d->positive_by_key, new_answer->items[0].rr->key, new_answer);
-        if (r < 0)
-                return r;
-
-        new_answer = NULL;
-        dns_answer_unref(old_answer);
-        return 1;
-}
-
-static int dns_trust_anchor_check_revoked_one(DnsTrustAnchor *d, DnsResourceRecord *revoked_dnskey) {
-        DnsAnswer *a;
-        int r;
-
-        assert(d);
-        assert(revoked_dnskey);
-        assert(revoked_dnskey->key->type == DNS_TYPE_DNSKEY);
-        assert(revoked_dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE);
-
-        a = hashmap_get(d->positive_by_key, revoked_dnskey->key);
-        if (a) {
-                DnsResourceRecord *anchor;
-
-                /* First, look for the precise DNSKEY in our trust anchor database */
-
-                DNS_ANSWER_FOREACH(anchor, a) {
-
-                        if (anchor->dnskey.protocol != revoked_dnskey->dnskey.protocol)
-                                continue;
-
-                        if (anchor->dnskey.algorithm != revoked_dnskey->dnskey.algorithm)
-                                continue;
-
-                        if (anchor->dnskey.key_size != revoked_dnskey->dnskey.key_size)
-                                continue;
-
-                        /* Note that we allow the REVOKE bit to be
-                         * different! It will be set in the revoked
-                         * key, but unset in our version of it */
-                        if (((anchor->dnskey.flags ^ revoked_dnskey->dnskey.flags) | DNSKEY_FLAG_REVOKE) != DNSKEY_FLAG_REVOKE)
-                                continue;
-
-                        if (memcmp(anchor->dnskey.key, revoked_dnskey->dnskey.key, anchor->dnskey.key_size) != 0)
-                                continue;
-
-                        dns_trust_anchor_remove_revoked(d, anchor);
-                        break;
-                }
-        }
-
-        a = hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(revoked_dnskey->key->class, DNS_TYPE_DS, dns_resource_key_name(revoked_dnskey->key)));
-        if (a) {
-                DnsResourceRecord *anchor;
-
-                /* Second, look for DS RRs matching this DNSKEY in our trust anchor database */
-
-                DNS_ANSWER_FOREACH(anchor, a) {
-
-                        /* We set mask_revoke to true here, since our
-                         * DS fingerprint will be the one of the
-                         * unrevoked DNSKEY, but the one we got passed
-                         * here has the bit set. */
-                        r = dnssec_verify_dnskey_by_ds(revoked_dnskey, anchor, true);
-                        if (r < 0)
-                                return r;
-                        if (r == 0)
-                                continue;
-
-                        dns_trust_anchor_remove_revoked(d, anchor);
-                        break;
-                }
-        }
-
-        return 0;
-}
-
-int dns_trust_anchor_check_revoked(DnsTrustAnchor *d, DnsResourceRecord *dnskey, DnsAnswer *rrs) {
-        DnsResourceRecord *rrsig;
-        int r;
-
-        assert(d);
-        assert(dnskey);
-
-        /* Looks if "dnskey" is a self-signed RR that has been revoked
-         * and matches one of our trust anchor entries. If so, removes
-         * it from the trust anchor and returns > 0. */
-
-        if (dnskey->key->type != DNS_TYPE_DNSKEY)
-                return 0;
-
-        /* Is this DNSKEY revoked? */
-        if ((dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE) == 0)
-                return 0;
-
-        /* Could this be interesting to us at all? If not,
-         * there's no point in looking for and verifying a
-         * self-signed RRSIG. */
-        if (!dns_trust_anchor_knows_domain_positive(d, dns_resource_key_name(dnskey->key)))
-                return 0;
-
-        /* Look for a self-signed RRSIG in the other rrs belonging to this DNSKEY */
-        DNS_ANSWER_FOREACH(rrsig, rrs) {
-                DnssecResult result;
-
-                if (rrsig->key->type != DNS_TYPE_RRSIG)
-                        continue;
-
-                r = dnssec_rrsig_match_dnskey(rrsig, dnskey, true);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        continue;
-
-                r = dnssec_verify_rrset(rrs, dnskey->key, rrsig, dnskey, USEC_INFINITY, &result);
-                if (r < 0)
-                        return r;
-                if (result != DNSSEC_VALIDATED)
-                        continue;
-
-                /* Bingo! This is a revoked self-signed DNSKEY. Let's
-                 * see if this precise one exists in our trust anchor
-                 * database, too. */
-                r = dns_trust_anchor_check_revoked_one(d, dnskey);
-                if (r < 0)
-                        return r;
-
-                return 1;
-        }
-
-        return 0;
-}
-
-int dns_trust_anchor_is_revoked(DnsTrustAnchor *d, DnsResourceRecord *rr) {
-        assert(d);
-
-        if (!IN_SET(rr->key->type, DNS_TYPE_DS, DNS_TYPE_DNSKEY))
-                return 0;
-
-        return set_contains(d->revoked_by_rr, rr);
-}
diff --git a/src/resolve/resolved-link-bus.h b/src/resolve/resolved-link-bus.h
deleted file mode 100644
index 646031b631..0000000000
--- a/src/resolve/resolved-link-bus.h
+++ /dev/null
@@ -1,38 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2016 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "resolved-link.h"
-
-extern const sd_bus_vtable link_vtable[];
-
-int link_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error);
-char *link_bus_path(Link *link);
-int link_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error);
-
-int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error *error);
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
deleted file mode 100644
index b0dc65036d..0000000000
--- a/src/resolve/resolved-link.c
+++ /dev/null
@@ -1,840 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/if.h>
-
-#include "sd-network.h"
-
-#include "alloc-util.h"
-#include "missing.h"
-#include "parse-util.h"
-#include "resolved-link.h"
-#include "string-util.h"
-#include "strv.h"
-
-int link_new(Manager *m, Link **ret, int ifindex) {
-        _cleanup_(link_freep) Link *l = NULL;
-        int r;
-
-        assert(m);
-        assert(ifindex > 0);
-
-        r = hashmap_ensure_allocated(&m->links, NULL);
-        if (r < 0)
-                return r;
-
-        l = new0(Link, 1);
-        if (!l)
-                return -ENOMEM;
-
-        l->ifindex = ifindex;
-        l->llmnr_support = RESOLVE_SUPPORT_YES;
-        l->mdns_support = RESOLVE_SUPPORT_NO;
-        l->dnssec_mode = _DNSSEC_MODE_INVALID;
-        l->operstate = IF_OPER_UNKNOWN;
-
-        r = hashmap_put(m->links, INT_TO_PTR(ifindex), l);
-        if (r < 0)
-                return r;
-
-        l->manager = m;
-
-        if (ret)
-                *ret = l;
-        l = NULL;
-
-        return 0;
-}
-
-void link_flush_settings(Link *l) {
-        assert(l);
-
-        l->llmnr_support = RESOLVE_SUPPORT_YES;
-        l->mdns_support = RESOLVE_SUPPORT_NO;
-        l->dnssec_mode = _DNSSEC_MODE_INVALID;
-
-        dns_server_unlink_all(l->dns_servers);
-        dns_search_domain_unlink_all(l->search_domains);
-
-        l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
-}
-
-Link *link_free(Link *l) {
-        if (!l)
-                return NULL;
-
-        link_flush_settings(l);
-
-        while (l->addresses)
-                (void) link_address_free(l->addresses);
-
-        if (l->manager)
-                hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex));
-
-        dns_scope_free(l->unicast_scope);
-        dns_scope_free(l->llmnr_ipv4_scope);
-        dns_scope_free(l->llmnr_ipv6_scope);
-        dns_scope_free(l->mdns_ipv4_scope);
-        dns_scope_free(l->mdns_ipv6_scope);
-
-        free(l);
-        return NULL;
-}
-
-void link_allocate_scopes(Link *l) {
-        int r;
-
-        assert(l);
-
-        if (link_relevant(l, AF_UNSPEC, false) &&
-            l->dns_servers) {
-                if (!l->unicast_scope) {
-                        r = dns_scope_new(l->manager, &l->unicast_scope, l, DNS_PROTOCOL_DNS, AF_UNSPEC);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to allocate DNS scope: %m");
-                }
-        } else
-                l->unicast_scope = dns_scope_free(l->unicast_scope);
-
-        if (link_relevant(l, AF_INET, true) &&
-            l->llmnr_support != RESOLVE_SUPPORT_NO &&
-            l->manager->llmnr_support != RESOLVE_SUPPORT_NO) {
-                if (!l->llmnr_ipv4_scope) {
-                        r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to allocate LLMNR IPv4 scope: %m");
-                }
-        } else
-                l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope);
-
-        if (link_relevant(l, AF_INET6, true) &&
-            l->llmnr_support != RESOLVE_SUPPORT_NO &&
-            l->manager->llmnr_support != RESOLVE_SUPPORT_NO &&
-            socket_ipv6_is_supported()) {
-                if (!l->llmnr_ipv6_scope) {
-                        r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to allocate LLMNR IPv6 scope: %m");
-                }
-        } else
-                l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope);
-
-        if (link_relevant(l, AF_INET, true) &&
-            l->mdns_support != RESOLVE_SUPPORT_NO &&
-            l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
-                if (!l->mdns_ipv4_scope) {
-                        r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to allocate mDNS IPv4 scope: %m");
-                }
-        } else
-                l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope);
-
-        if (link_relevant(l, AF_INET6, true) &&
-            l->mdns_support != RESOLVE_SUPPORT_NO &&
-            l->manager->mdns_support != RESOLVE_SUPPORT_NO) {
-                if (!l->mdns_ipv6_scope) {
-                        r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to allocate mDNS IPv6 scope: %m");
-                }
-        } else
-                l->mdns_ipv6_scope = dns_scope_free(l->mdns_ipv6_scope);
-}
-
-void link_add_rrs(Link *l, bool force_remove) {
-        LinkAddress *a;
-
-        LIST_FOREACH(addresses, a, l->addresses)
-                link_address_add_rrs(a, force_remove);
-}
-
-int link_update_rtnl(Link *l, sd_netlink_message *m) {
-        const char *n = NULL;
-        int r;
-
-        assert(l);
-        assert(m);
-
-        r = sd_rtnl_message_link_get_flags(m, &l->flags);
-        if (r < 0)
-                return r;
-
-        (void) sd_netlink_message_read_u32(m, IFLA_MTU, &l->mtu);
-        (void) sd_netlink_message_read_u8(m, IFLA_OPERSTATE, &l->operstate);
-
-        if (sd_netlink_message_read_string(m, IFLA_IFNAME, &n) >= 0) {
-                strncpy(l->name, n, sizeof(l->name)-1);
-                char_array_0(l->name);
-        }
-
-        link_allocate_scopes(l);
-        link_add_rrs(l, false);
-
-        return 0;
-}
-
-static int link_update_dns_servers(Link *l) {
-        _cleanup_strv_free_ char **nameservers = NULL;
-        char **nameserver;
-        int r;
-
-        assert(l);
-
-        r = sd_network_link_get_dns(l->ifindex, &nameservers);
-        if (r == -ENODATA) {
-                r = 0;
-                goto clear;
-        }
-        if (r < 0)
-                goto clear;
-
-        dns_server_mark_all(l->dns_servers);
-
-        STRV_FOREACH(nameserver, nameservers) {
-                union in_addr_union a;
-                DnsServer *s;
-                int family;
-
-                r = in_addr_from_string_auto(*nameserver, &family, &a);
-                if (r < 0)
-                        goto clear;
-
-                s = dns_server_find(l->dns_servers, family, &a);
-                if (s)
-                        dns_server_move_back_and_unmark(s);
-                else {
-                        r = dns_server_new(l->manager, NULL, DNS_SERVER_LINK, l, family, &a);
-                        if (r < 0)
-                                goto clear;
-                }
-        }
-
-        dns_server_unlink_marked(l->dns_servers);
-        return 0;
-
-clear:
-        dns_server_unlink_all(l->dns_servers);
-        return r;
-}
-
-static int link_update_llmnr_support(Link *l) {
-        _cleanup_free_ char *b = NULL;
-        int r;
-
-        assert(l);
-
-        r = sd_network_link_get_llmnr(l->ifindex, &b);
-        if (r == -ENODATA) {
-                r = 0;
-                goto clear;
-        }
-        if (r < 0)
-                goto clear;
-
-        l->llmnr_support = resolve_support_from_string(b);
-        if (l->llmnr_support < 0) {
-                r = -EINVAL;
-                goto clear;
-        }
-
-        return 0;
-
-clear:
-        l->llmnr_support = RESOLVE_SUPPORT_YES;
-        return r;
-}
-
-static int link_update_mdns_support(Link *l) {
-        _cleanup_free_ char *b = NULL;
-        int r;
-
-        assert(l);
-
-        r = sd_network_link_get_mdns(l->ifindex, &b);
-        if (r == -ENODATA) {
-                r = 0;
-                goto clear;
-        }
-        if (r < 0)
-                goto clear;
-
-        l->mdns_support = resolve_support_from_string(b);
-        if (l->mdns_support < 0) {
-                r = -EINVAL;
-                goto clear;
-        }
-
-        return 0;
-
-clear:
-        l->mdns_support = RESOLVE_SUPPORT_NO;
-        return r;
-}
-
-void link_set_dnssec_mode(Link *l, DnssecMode mode) {
-
-        assert(l);
-
-        if (l->dnssec_mode == mode)
-                return;
-
-        if ((l->dnssec_mode == _DNSSEC_MODE_INVALID) ||
-            (l->dnssec_mode == DNSSEC_NO && mode != DNSSEC_NO) ||
-            (l->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && mode == DNSSEC_YES)) {
-
-                /* When switching from non-DNSSEC mode to DNSSEC mode, flush the cache. Also when switching from the
-                 * allow-downgrade mode to full DNSSEC mode, flush it too. */
-                if (l->unicast_scope)
-                        dns_cache_flush(&l->unicast_scope->cache);
-        }
-
-        l->dnssec_mode = mode;
-}
-
-static int link_update_dnssec_mode(Link *l) {
-        _cleanup_free_ char *m = NULL;
-        DnssecMode mode;
-        int r;
-
-        assert(l);
-
-        r = sd_network_link_get_dnssec(l->ifindex, &m);
-        if (r == -ENODATA) {
-                r = 0;
-                goto clear;
-        }
-        if (r < 0)
-                goto clear;
-
-        mode = dnssec_mode_from_string(m);
-        if (mode < 0) {
-                r = -EINVAL;
-                goto clear;
-        }
-
-        link_set_dnssec_mode(l, mode);
-
-        return 0;
-
-clear:
-        l->dnssec_mode = _DNSSEC_MODE_INVALID;
-        return r;
-}
-
-static int link_update_dnssec_negative_trust_anchors(Link *l) {
-        _cleanup_strv_free_ char **ntas = NULL;
-        _cleanup_set_free_free_ Set *ns = NULL;
-        char **i;
-        int r;
-
-        assert(l);
-
-        r = sd_network_link_get_dnssec_negative_trust_anchors(l->ifindex, &ntas);
-        if (r == -ENODATA) {
-                r = 0;
-                goto clear;
-        }
-        if (r < 0)
-                goto clear;
-
-        ns = set_new(&dns_name_hash_ops);
-        if (!ns)
-                return -ENOMEM;
-
-        STRV_FOREACH(i, ntas) {
-                r = set_put_strdup(ns, *i);
-                if (r < 0)
-                        return r;
-        }
-
-        set_free_free(l->dnssec_negative_trust_anchors);
-        l->dnssec_negative_trust_anchors = ns;
-        ns = NULL;
-
-        return 0;
-
-clear:
-        l->dnssec_negative_trust_anchors = set_free_free(l->dnssec_negative_trust_anchors);
-        return r;
-}
-
-static int link_update_search_domain_one(Link *l, const char *name, bool route_only) {
-        DnsSearchDomain *d;
-        int r;
-
-        r = dns_search_domain_find(l->search_domains, name, &d);
-        if (r < 0)
-                return r;
-        if (r > 0)
-                dns_search_domain_move_back_and_unmark(d);
-        else {
-                r = dns_search_domain_new(l->manager, &d, DNS_SEARCH_DOMAIN_LINK, l, name);
-                if (r < 0)
-                        return r;
-        }
-
-        d->route_only = route_only;
-        return 0;
-}
-
-static int link_update_search_domains(Link *l) {
-        _cleanup_strv_free_ char **sdomains = NULL, **rdomains = NULL;
-        char **i;
-        int r, q;
-
-        assert(l);
-
-        r = sd_network_link_get_search_domains(l->ifindex, &sdomains);
-        if (r < 0 && r != -ENODATA)
-                goto clear;
-
-        q = sd_network_link_get_route_domains(l->ifindex, &rdomains);
-        if (q < 0 && q != -ENODATA) {
-                r = q;
-                goto clear;
-        }
-
-        if (r == -ENODATA && q == -ENODATA) {
-                /* networkd knows nothing about this interface, and that's fine. */
-                r = 0;
-                goto clear;
-        }
-
-        dns_search_domain_mark_all(l->search_domains);
-
-        STRV_FOREACH(i, sdomains) {
-                r = link_update_search_domain_one(l, *i, false);
-                if (r < 0)
-                        goto clear;
-        }
-
-        STRV_FOREACH(i, rdomains) {
-                r = link_update_search_domain_one(l, *i, true);
-                if (r < 0)
-                        goto clear;
-        }
-
-        dns_search_domain_unlink_marked(l->search_domains);
-        return 0;
-
-clear:
-        dns_search_domain_unlink_all(l->search_domains);
-        return r;
-}
-
-static int link_is_unmanaged(Link *l) {
-        _cleanup_free_ char *state = NULL;
-        int r;
-
-        assert(l);
-
-        r = sd_network_link_get_setup_state(l->ifindex, &state);
-        if (r == -ENODATA)
-                return 1;
-        if (r < 0)
-                return r;
-
-        return STR_IN_SET(state, "pending", "unmanaged");
-}
-
-static void link_read_settings(Link *l) {
-        int r;
-
-        assert(l);
-
-        /* Read settings from networkd, except when networkd is not managing this interface. */
-
-        r = link_is_unmanaged(l);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to determine whether interface %s is managed: %m", l->name);
-                return;
-        }
-        if (r > 0) {
-
-                /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */
-                if (l->is_managed)
-                        link_flush_settings(l);
-
-                l->is_managed = false;
-                return;
-        }
-
-        l->is_managed = true;
-
-        r = link_update_dns_servers(l);
-        if (r < 0)
-                log_warning_errno(r, "Failed to read DNS servers for interface %s, ignoring: %m", l->name);
-
-        r = link_update_llmnr_support(l);
-        if (r < 0)
-                log_warning_errno(r, "Failed to read LLMNR support for interface %s, ignoring: %m", l->name);
-
-        r = link_update_mdns_support(l);
-        if (r < 0)
-                log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
-
-        r = link_update_dnssec_mode(l);
-        if (r < 0)
-                log_warning_errno(r, "Failed to read DNSSEC mode for interface %s, ignoring: %m", l->name);
-
-        r = link_update_dnssec_negative_trust_anchors(l);
-        if (r < 0)
-                log_warning_errno(r, "Failed to read DNSSEC negative trust anchors for interface %s, ignoring: %m", l->name);
-
-        r = link_update_search_domains(l);
-        if (r < 0)
-                log_warning_errno(r, "Failed to read search domains for interface %s, ignoring: %m", l->name);
-}
-
-int link_update_monitor(Link *l) {
-        assert(l);
-
-        link_read_settings(l);
-        link_allocate_scopes(l);
-        link_add_rrs(l, false);
-
-        return 0;
-}
-
-bool link_relevant(Link *l, int family, bool local_multicast) {
-        _cleanup_free_ char *state = NULL;
-        LinkAddress *a;
-
-        assert(l);
-
-        /* A link is relevant for local multicast traffic if it isn't a loopback or pointopoint device, has a link
-         * beat, can do multicast and has at least one link-local (or better) IP address.
-         *
-         * A link is relevant for non-multicast traffic if it isn't a loopback device, has a link beat, and has at
-         * least one routable address.*/
-
-        if (l->flags & (IFF_LOOPBACK|IFF_DORMANT))
-                return false;
-
-        if ((l->flags & (IFF_UP|IFF_LOWER_UP)) != (IFF_UP|IFF_LOWER_UP))
-                return false;
-
-        if (local_multicast) {
-                if (l->flags & IFF_POINTOPOINT)
-                        return false;
-
-                if ((l->flags & IFF_MULTICAST) != IFF_MULTICAST)
-                        return false;
-        }
-
-        /* Check kernel operstate
-         * https://www.kernel.org/doc/Documentation/networking/operstates.txt */
-        if (!IN_SET(l->operstate, IF_OPER_UNKNOWN, IF_OPER_UP))
-                return false;
-
-        (void) sd_network_link_get_operational_state(l->ifindex, &state);
-        if (state && !STR_IN_SET(state, "unknown", "degraded", "routable"))
-                return false;
-
-        LIST_FOREACH(addresses, a, l->addresses)
-                if ((family == AF_UNSPEC || a->family == family) && link_address_relevant(a, local_multicast))
-                        return true;
-
-        return false;
-}
-
-LinkAddress *link_find_address(Link *l, int family, const union in_addr_union *in_addr) {
-        LinkAddress *a;
-
-        assert(l);
-
-        LIST_FOREACH(addresses, a, l->addresses)
-                if (a->family == family && in_addr_equal(family, &a->in_addr, in_addr))
-                        return a;
-
-        return NULL;
-}
-
-DnsServer* link_set_dns_server(Link *l, DnsServer *s) {
-        assert(l);
-
-        if (l->current_dns_server == s)
-                return s;
-
-        if (s)
-                log_info("Switching to DNS server %s for interface %s.", dns_server_string(s), l->name);
-
-        dns_server_unref(l->current_dns_server);
-        l->current_dns_server = dns_server_ref(s);
-
-        if (l->unicast_scope)
-                dns_cache_flush(&l->unicast_scope->cache);
-
-        return s;
-}
-
-DnsServer *link_get_dns_server(Link *l) {
-        assert(l);
-
-        if (!l->current_dns_server)
-                link_set_dns_server(l, l->dns_servers);
-
-        return l->current_dns_server;
-}
-
-void link_next_dns_server(Link *l) {
-        assert(l);
-
-        if (!l->current_dns_server)
-                return;
-
-        /* Change to the next one, but make sure to follow the linked
-         * list only if this server is actually still linked. */
-        if (l->current_dns_server->linked && l->current_dns_server->servers_next) {
-                link_set_dns_server(l, l->current_dns_server->servers_next);
-                return;
-        }
-
-        link_set_dns_server(l, l->dns_servers);
-}
-
-DnssecMode link_get_dnssec_mode(Link *l) {
-        assert(l);
-
-        if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
-                return l->dnssec_mode;
-
-        return manager_get_dnssec_mode(l->manager);
-}
-
-bool link_dnssec_supported(Link *l) {
-        DnsServer *server;
-
-        assert(l);
-
-        if (link_get_dnssec_mode(l) == DNSSEC_NO)
-                return false;
-
-        server = link_get_dns_server(l);
-        if (server)
-                return dns_server_dnssec_supported(server);
-
-        return true;
-}
-
-int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
-        LinkAddress *a;
-
-        assert(l);
-        assert(in_addr);
-
-        a = new0(LinkAddress, 1);
-        if (!a)
-                return -ENOMEM;
-
-        a->family = family;
-        a->in_addr = *in_addr;
-
-        a->link = l;
-        LIST_PREPEND(addresses, l->addresses, a);
-
-        if (ret)
-                *ret = a;
-
-        return 0;
-}
-
-LinkAddress *link_address_free(LinkAddress *a) {
-        if (!a)
-                return NULL;
-
-        if (a->link) {
-                LIST_REMOVE(addresses, a->link->addresses, a);
-
-                if (a->llmnr_address_rr) {
-                        if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
-                                dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
-                        else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
-                                dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
-                }
-
-                if (a->llmnr_ptr_rr) {
-                        if (a->family == AF_INET && a->link->llmnr_ipv4_scope)
-                                dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
-                        else if (a->family == AF_INET6 && a->link->llmnr_ipv6_scope)
-                                dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
-                }
-        }
-
-        dns_resource_record_unref(a->llmnr_address_rr);
-        dns_resource_record_unref(a->llmnr_ptr_rr);
-
-        free(a);
-        return NULL;
-}
-
-void link_address_add_rrs(LinkAddress *a, bool force_remove) {
-        int r;
-
-        assert(a);
-
-        if (a->family == AF_INET) {
-
-                if (!force_remove &&
-                    link_address_relevant(a, true) &&
-                    a->link->llmnr_ipv4_scope &&
-                    a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
-                    a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
-
-                        if (!a->link->manager->llmnr_host_ipv4_key) {
-                                a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname);
-                                if (!a->link->manager->llmnr_host_ipv4_key) {
-                                        r = -ENOMEM;
-                                        goto fail;
-                                }
-                        }
-
-                        if (!a->llmnr_address_rr) {
-                                a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv4_key);
-                                if (!a->llmnr_address_rr) {
-                                        r = -ENOMEM;
-                                        goto fail;
-                                }
-
-                                a->llmnr_address_rr->a.in_addr = a->in_addr.in;
-                                a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
-                        }
-
-                        if (!a->llmnr_ptr_rr) {
-                                r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
-                                if (r < 0)
-                                        goto fail;
-
-                                a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
-                        }
-
-                        r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_address_rr, true);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to add A record to LLMNR zone: %m");
-
-                        r = dns_zone_put(&a->link->llmnr_ipv4_scope->zone, a->link->llmnr_ipv4_scope, a->llmnr_ptr_rr, false);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
-                } else {
-                        if (a->llmnr_address_rr) {
-                                if (a->link->llmnr_ipv4_scope)
-                                        dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_address_rr);
-                                a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
-                        }
-
-                        if (a->llmnr_ptr_rr) {
-                                if (a->link->llmnr_ipv4_scope)
-                                        dns_zone_remove_rr(&a->link->llmnr_ipv4_scope->zone, a->llmnr_ptr_rr);
-                                a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
-                        }
-                }
-        }
-
-        if (a->family == AF_INET6) {
-
-                if (!force_remove &&
-                    link_address_relevant(a, true) &&
-                    a->link->llmnr_ipv6_scope &&
-                    a->link->llmnr_support == RESOLVE_SUPPORT_YES &&
-                    a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) {
-
-                        if (!a->link->manager->llmnr_host_ipv6_key) {
-                                a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname);
-                                if (!a->link->manager->llmnr_host_ipv6_key) {
-                                        r = -ENOMEM;
-                                        goto fail;
-                                }
-                        }
-
-                        if (!a->llmnr_address_rr) {
-                                a->llmnr_address_rr = dns_resource_record_new(a->link->manager->llmnr_host_ipv6_key);
-                                if (!a->llmnr_address_rr) {
-                                        r = -ENOMEM;
-                                        goto fail;
-                                }
-
-                                a->llmnr_address_rr->aaaa.in6_addr = a->in_addr.in6;
-                                a->llmnr_address_rr->ttl = LLMNR_DEFAULT_TTL;
-                        }
-
-                        if (!a->llmnr_ptr_rr) {
-                                r = dns_resource_record_new_reverse(&a->llmnr_ptr_rr, a->family, &a->in_addr, a->link->manager->llmnr_hostname);
-                                if (r < 0)
-                                        goto fail;
-
-                                a->llmnr_ptr_rr->ttl = LLMNR_DEFAULT_TTL;
-                        }
-
-                        r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_address_rr, true);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to add AAAA record to LLMNR zone: %m");
-
-                        r = dns_zone_put(&a->link->llmnr_ipv6_scope->zone, a->link->llmnr_ipv6_scope, a->llmnr_ptr_rr, false);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to add IPv6 PTR record to LLMNR zone: %m");
-                } else {
-                        if (a->llmnr_address_rr) {
-                                if (a->link->llmnr_ipv6_scope)
-                                        dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_address_rr);
-                                a->llmnr_address_rr = dns_resource_record_unref(a->llmnr_address_rr);
-                        }
-
-                        if (a->llmnr_ptr_rr) {
-                                if (a->link->llmnr_ipv6_scope)
-                                        dns_zone_remove_rr(&a->link->llmnr_ipv6_scope->zone, a->llmnr_ptr_rr);
-                                a->llmnr_ptr_rr = dns_resource_record_unref(a->llmnr_ptr_rr);
-                        }
-                }
-        }
-
-        return;
-
-fail:
-        log_debug_errno(r, "Failed to update address RRs: %m");
-}
-
-int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
-        int r;
-        assert(a);
-        assert(m);
-
-        r = sd_rtnl_message_addr_get_flags(m, &a->flags);
-        if (r < 0)
-                return r;
-
-        sd_rtnl_message_addr_get_scope(m, &a->scope);
-
-        link_allocate_scopes(a->link);
-        link_add_rrs(a->link, false);
-
-        return 0;
-}
-
-bool link_address_relevant(LinkAddress *a, bool local_multicast) {
-        assert(a);
-
-        if (a->flags & (IFA_F_DEPRECATED|IFA_F_TENTATIVE))
-                return false;
-
-        if (a->scope >= (local_multicast ? RT_SCOPE_HOST : RT_SCOPE_LINK))
-                return false;
-
-        return true;
-}
diff --git a/src/resolve/resolved-manager.h b/src/resolve/resolved-manager.h
deleted file mode 100644
index e82a824f29..0000000000
--- a/src/resolve/resolved-manager.h
+++ /dev/null
@@ -1,171 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-#include "sd-netlink.h"
-#include "sd-network.h"
-
-#include "hashmap.h"
-#include "list.h"
-#include "ordered-set.h"
-#include "resolve-util.h"
-
-typedef struct Manager Manager;
-
-#include "resolved-dns-query.h"
-#include "resolved-dns-search-domain.h"
-#include "resolved-dns-server.h"
-#include "resolved-dns-stream.h"
-#include "resolved-dns-trust-anchor.h"
-#include "resolved-link.h"
-
-#define MANAGER_SEARCH_DOMAINS_MAX 32
-#define MANAGER_DNS_SERVERS_MAX 32
-
-struct Manager {
-        sd_event *event;
-
-        ResolveSupport llmnr_support;
-        ResolveSupport mdns_support;
-        DnssecMode dnssec_mode;
-
-        /* Network */
-        Hashmap *links;
-
-        sd_netlink *rtnl;
-        sd_event_source *rtnl_event_source;
-
-        sd_network_monitor *network_monitor;
-        sd_event_source *network_event_source;
-
-        /* DNS query management */
-        Hashmap *dns_transactions;
-        LIST_HEAD(DnsQuery, dns_queries);
-        unsigned n_dns_queries;
-
-        LIST_HEAD(DnsStream, dns_streams);
-        unsigned n_dns_streams;
-
-        /* Unicast dns */
-        LIST_HEAD(DnsServer, dns_servers);
-        LIST_HEAD(DnsServer, fallback_dns_servers);
-        unsigned n_dns_servers; /* counts both main and fallback */
-        DnsServer *current_dns_server;
-
-        LIST_HEAD(DnsSearchDomain, search_domains);
-        unsigned n_search_domains;
-        bool permit_domain_search;
-
-        bool need_builtin_fallbacks:1;
-
-        bool read_resolv_conf:1;
-        usec_t resolv_conf_mtime;
-
-        DnsTrustAnchor trust_anchor;
-
-        LIST_HEAD(DnsScope, dns_scopes);
-        DnsScope *unicast_scope;
-
-        /* LLMNR */
-        int llmnr_ipv4_udp_fd;
-        int llmnr_ipv6_udp_fd;
-        int llmnr_ipv4_tcp_fd;
-        int llmnr_ipv6_tcp_fd;
-
-        sd_event_source *llmnr_ipv4_udp_event_source;
-        sd_event_source *llmnr_ipv6_udp_event_source;
-        sd_event_source *llmnr_ipv4_tcp_event_source;
-        sd_event_source *llmnr_ipv6_tcp_event_source;
-
-        /* mDNS */
-        int mdns_ipv4_fd;
-        int mdns_ipv6_fd;
-
-        sd_event_source *mdns_ipv4_event_source;
-        sd_event_source *mdns_ipv6_event_source;
-
-        /* dbus */
-        sd_bus *bus;
-        sd_event_source *bus_retry_event_source;
-
-        /* The hostname we publish on LLMNR and mDNS */
-        char *llmnr_hostname;
-        char *mdns_hostname;
-        DnsResourceKey *llmnr_host_ipv4_key;
-        DnsResourceKey *llmnr_host_ipv6_key;
-
-        /* Watch the system hostname */
-        int hostname_fd;
-        sd_event_source *hostname_event_source;
-
-        /* Watch for system suspends */
-        sd_bus_slot *prepare_for_sleep_slot;
-
-        sd_event_source *sigusr1_event_source;
-
-        unsigned n_transactions_total;
-        unsigned n_dnssec_verdict[_DNSSEC_VERDICT_MAX];
-
-        /* Data from /etc/hosts */
-        Set* etc_hosts_by_address;
-        Hashmap* etc_hosts_by_name;
-        usec_t etc_hosts_last, etc_hosts_mtime;
-};
-
-/* Manager */
-
-int manager_new(Manager **ret);
-Manager* manager_free(Manager *m);
-
-int manager_start(Manager *m);
-
-uint32_t manager_find_mtu(Manager *m);
-
-int manager_write(Manager *m, int fd, DnsPacket *p);
-int manager_send(Manager *m, int fd, int ifindex, int family, const union in_addr_union *addr, uint16_t port, DnsPacket *p);
-int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret);
-
-int manager_find_ifindex(Manager *m, int family, const union in_addr_union *in_addr);
-LinkAddress* manager_find_link_address(Manager *m, int family, const union in_addr_union *in_addr);
-
-void manager_refresh_rrs(Manager *m);
-int manager_next_hostname(Manager *m);
-
-bool manager_our_packet(Manager *m, DnsPacket *p);
-DnsScope* manager_find_scope(Manager *m, DnsPacket *p);
-
-void manager_verify_all(Manager *m);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
-
-#define EXTRA_CMSG_SPACE 1024
-
-int manager_is_own_hostname(Manager *m, const char *name);
-
-int manager_compile_dns_servers(Manager *m, OrderedSet **servers);
-int manager_compile_search_domains(Manager *m, OrderedSet **domains);
-
-DnssecMode manager_get_dnssec_mode(Manager *m);
-bool manager_dnssec_supported(Manager *m);
-
-void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key);
-
-bool manager_routable(Manager *m, int family);
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
deleted file mode 100644
index 161ea03412..0000000000
--- a/src/resolve/resolved.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-
-#include "capability-util.h"
-#include "mkdir.h"
-#include "resolved-conf.h"
-#include "resolved-manager.h"
-#include "resolved-resolv-conf.h"
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "user-util.h"
-
-int main(int argc, char *argv[]) {
-        _cleanup_(manager_freep) Manager *m = NULL;
-        const char *user = "systemd-resolve";
-        uid_t uid;
-        gid_t gid;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        if (argc != 1) {
-                log_error("This program takes no arguments.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        umask(0022);
-
-        r = mac_selinux_init();
-        if (r < 0) {
-                log_error_errno(r, "SELinux setup failed: %m");
-                goto finish;
-        }
-
-        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Cannot resolve user name %s: %m", user);
-                goto finish;
-        }
-
-        /* Always create the directory where resolv.conf will live */
-        r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid);
-        if (r < 0) {
-                log_error_errno(r, "Could not create runtime directory: %m");
-                goto finish;
-        }
-
-        r = drop_privileges(uid, gid, 0);
-        if (r < 0)
-                goto finish;
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, SIGUSR1, -1) >= 0);
-
-        r = manager_new(&m);
-        if (r < 0) {
-                log_error_errno(r, "Could not create manager: %m");
-                goto finish;
-        }
-
-        r = manager_start(m);
-        if (r < 0) {
-                log_error_errno(r, "Failed to start manager: %m");
-                goto finish;
-        }
-
-        /* Write finish default resolv.conf to avoid a dangling
-         * symlink */
-        r = manager_write_resolv_conf(m);
-        if (r < 0)
-                log_warning_errno(r, "Could not create "PRIVATE_RESOLV_CONF": %m");
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing requests...");
-
-        r = sd_event_loop(m->event);
-        if (r < 0) {
-                log_error_errno(r, "Event loop failed: %m");
-                goto finish;
-        }
-
-        sd_event_get_exit_code(m->event, &r);
-
-finish:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Shutting down...");
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/resolve/test-dnssec-complex.c b/src/resolve/test-dnssec-complex.c
deleted file mode 100644
index 58c089eb40..0000000000
--- a/src/resolve/test-dnssec-complex.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2016 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/ip.h>
-
-#include "sd-bus.h"
-
-#include "af-list.h"
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "dns-type.h"
-#include "random-util.h"
-#include "string-util.h"
-#include "time-util.h"
-
-#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
-
-static void prefix_random(const char *name, char **ret) {
-        uint64_t i, u;
-        char *m = NULL;
-
-        u = 1 + (random_u64() & 3);
-
-        for (i = 0; i < u; i++) {
-                _cleanup_free_ char *b = NULL;
-                char *x;
-
-                assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
-                x = strjoin(b, ".", name, NULL);
-                assert_se(x);
-
-                free(m);
-                m = x;
-        }
-
-        *ret = m;
- }
-
-static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_free_ char *m = NULL;
-        int r;
-
-        /* If the name starts with a dot, we prefix one to three random labels */
-        if (startswith(name, ".")) {
-                prefix_random(name + 1, &m);
-                name = m;
-        }
-
-        assert_se(sd_bus_message_new_method_call(
-                                  bus,
-                                  &req,
-                                  "org.freedesktop.resolve1",
-                                  "/org/freedesktop/resolve1",
-                                  "org.freedesktop.resolve1.Manager",
-                                  "ResolveRecord") >= 0);
-
-        assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0);
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-
-        if (r < 0) {
-                assert_se(result);
-                assert_se(sd_bus_error_has_name(&error, result));
-                log_info("[OK] %s/%s resulted in <%s>.", name, dns_type_to_string(type), error.name);
-        } else {
-                assert_se(!result);
-                log_info("[OK] %s/%s succeeded.", name, dns_type_to_string(type));
-        }
-}
-
-static void test_hostname_lookup(sd_bus *bus, const char *name, int family, const char *result) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_free_ char *m = NULL;
-        const char *af;
-        int r;
-
-        af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family);
-
-        /* If the name starts with a dot, we prefix one to three random labels */
-        if (startswith(name, ".")) {
-                prefix_random(name + 1, &m);
-                name = m;
-        }
-
-        assert_se(sd_bus_message_new_method_call(
-                                  bus,
-                                  &req,
-                                  "org.freedesktop.resolve1",
-                                  "/org/freedesktop/resolve1",
-                                  "org.freedesktop.resolve1.Manager",
-                                  "ResolveHostname") >= 0);
-
-        assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);
-
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
-
-        if (r < 0) {
-                assert_se(result);
-                assert_se(sd_bus_error_has_name(&error, result));
-                log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name);
-        } else {
-                assert_se(!result);
-                log_info("[OK] %s/%s succeeded.", name, af);
-        }
-
-}
-
-int main(int argc, char* argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-
-        /* Note that this is a manual test as it requires:
-         *
-         *    Full network access
-         *    A DNSSEC capable DNS server
-         *    That zones contacted are still set up as they were when I wrote this.
-         */
-
-        assert_se(sd_bus_open_system(&bus) >= 0);
-
-        /* Normally signed */
-        test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
-        test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL);
-
-        test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
-        test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL);
-
-        /* Normally signed, NODATA */
-        test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
-        test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
-
-        /* Invalid signature */
-        test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
-        test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED);
-
-        /* Invalid signature, RSA, wildcard */
-        test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
-        test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
-
-        /* Invalid signature, ECDSA, wildcard */
-        test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
-        test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
-
-        /* NXDOMAIN in NSEC domain */
-        test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
-
-        /* wildcard, NSEC zone */
-        test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
-        test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL);
-
-        /* wildcard, NSEC zone, NODATA */
-        test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
-
-        /* wildcard, NSEC3 zone */
-        test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
-        test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL);
-
-        /* wildcard, NSEC3 zone, NODATA */
-        test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
-
-        /* wildcard, NSEC zone, CNAME */
-        test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
-        test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL);
-        test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL);
-
-        /* wildcard, NSEC zone, NODATA, CNAME */
-        test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
-
-        /* wildcard, NSEC3 zone, CNAME */
-        test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
-        test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL);
-        test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL);
-
-        /* wildcard, NSEC3 zone, NODATA, CNAME */
-        test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
-
-        /* NODATA due to empty non-terminal in NSEC domain */
-        test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
-        test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR);
-        test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR);
-        test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR);
-
-        /* NXDOMAIN in NSEC root zone: */
-        test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
-
-        /* NXDOMAIN in NSEC3 .com zone: */
-        test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
-
-        /* Unsigned A */
-        test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL);
-        test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL);
-        test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL);
-        test_hostname_lookup(bus, "poettering.de", AF_INET, NULL);
-        test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL);
-
-#ifdef HAVE_LIBIDN
-        /* Unsigned A with IDNA conversion necessary */
-        test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL);
-        test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL);
-        test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL);
-#endif
-
-        /* DNAME, pointing to NXDOMAIN */
-        test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
-        test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
-        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
-
-        return 0;
-}
diff --git a/src/rfkill/Makefile b/src/rfkill/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/rfkill/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
deleted file mode 100644
index 0acdf229ed..0000000000
--- a/src/rfkill/rfkill.c
+++ /dev/null
@@ -1,426 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <linux/rfkill.h>
-#include <poll.h>
-
-#include "libudev.h"
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "io-util.h"
-#include "mkdir.h"
-#include "parse-util.h"
-#include "proc-cmdline.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "udev-util.h"
-#include "util.h"
-
-#define EXIT_USEC (5 * USEC_PER_SEC)
-
-static const char* const rfkill_type_table[NUM_RFKILL_TYPES] = {
-        [RFKILL_TYPE_ALL] = "all",
-        [RFKILL_TYPE_WLAN] = "wlan",
-        [RFKILL_TYPE_BLUETOOTH] = "bluetooth",
-        [RFKILL_TYPE_UWB] = "uwb",
-        [RFKILL_TYPE_WIMAX] = "wimax",
-        [RFKILL_TYPE_WWAN] = "wwan",
-        [RFKILL_TYPE_GPS] = "gps",
-        [RFKILL_TYPE_FM] = "fm",
-        [RFKILL_TYPE_NFC] = "nfc",
-};
-
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(rfkill_type, int);
-
-static int find_device(
-                struct udev *udev,
-                const struct rfkill_event *event,
-                struct udev_device **ret) {
-
-        _cleanup_free_ char *sysname = NULL;
-        struct udev_device *device;
-        const char *name;
-
-        assert(udev);
-        assert(event);
-        assert(ret);
-
-        if (asprintf(&sysname, "rfkill%i", event->idx) < 0)
-                return log_oom();
-
-        device = udev_device_new_from_subsystem_sysname(udev, "rfkill", sysname);
-        if (!device)
-                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open device: %m");
-
-        name = udev_device_get_sysattr_value(device, "name");
-        if (!name) {
-                log_debug("Device has no name, ignoring.");
-                udev_device_unref(device);
-                return -ENOENT;
-        }
-
-        log_debug("Operating on rfkill device '%s'.", name);
-
-        *ret = device;
-        return 0;
-}
-
-static int wait_for_initialized(
-                struct udev *udev,
-                struct udev_device *device,
-                struct udev_device **ret) {
-
-        _cleanup_udev_monitor_unref_ struct udev_monitor *monitor = NULL;
-        struct udev_device *d;
-        const char *sysname;
-        int watch_fd, r;
-
-        assert(udev);
-        assert(device);
-        assert(ret);
-
-        if (udev_device_get_is_initialized(device) != 0) {
-                *ret = udev_device_ref(device);
-                return 0;
-        }
-
-        assert_se(sysname = udev_device_get_sysname(device));
-
-        /* Wait until the device is initialized, so that we can get
-         * access to the ID_PATH property */
-
-        monitor = udev_monitor_new_from_netlink(udev, "udev");
-        if (!monitor)
-                return log_error_errno(errno, "Failed to acquire monitor: %m");
-
-        r = udev_monitor_filter_add_match_subsystem_devtype(monitor, "rfkill", NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add rfkill udev match to monitor: %m");
-
-        r = udev_monitor_enable_receiving(monitor);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enable udev receiving: %m");
-
-        watch_fd = udev_monitor_get_fd(monitor);
-        if (watch_fd < 0)
-                return log_error_errno(watch_fd, "Failed to get watch fd: %m");
-
-        /* Check again, maybe things changed */
-        d = udev_device_new_from_subsystem_sysname(udev, "rfkill", sysname);
-        if (!d)
-                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open device: %m");
-
-        if (udev_device_get_is_initialized(d) != 0) {
-                *ret = d;
-                return 0;
-        }
-
-        for (;;) {
-                _cleanup_udev_device_unref_ struct udev_device *t = NULL;
-
-                r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
-                if (r == -EINTR)
-                        continue;
-                if (r < 0)
-                        return log_error_errno(r, "Failed to watch udev monitor: %m");
-
-                t = udev_monitor_receive_device(monitor);
-                if (!t)
-                        continue;
-
-                if (streq_ptr(udev_device_get_sysname(device), sysname)) {
-                        *ret = udev_device_ref(t);
-                        return 0;
-                }
-        }
-}
-
-static int determine_state_file(
-                struct udev *udev,
-                const struct rfkill_event *event,
-                struct udev_device *d,
-                char **ret) {
-
-        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
-        const char *path_id, *type;
-        char *state_file;
-        int r;
-
-        assert(event);
-        assert(d);
-        assert(ret);
-
-        r = wait_for_initialized(udev, d, &device);
-        if (r < 0)
-                return r;
-
-        assert_se(type = rfkill_type_to_string(event->type));
-
-        path_id = udev_device_get_property_value(device, "ID_PATH");
-        if (path_id) {
-                _cleanup_free_ char *escaped_path_id = NULL;
-
-                escaped_path_id = cescape(path_id);
-                if (!escaped_path_id)
-                        return log_oom();
-
-                state_file = strjoin("/var/lib/systemd/rfkill/", escaped_path_id, ":", type, NULL);
-        } else
-                state_file = strjoin("/var/lib/systemd/rfkill/", type, NULL);
-
-        if (!state_file)
-                return log_oom();
-
-        *ret = state_file;
-        return 0;
-}
-
-static int load_state(
-                int rfkill_fd,
-                struct udev *udev,
-                const struct rfkill_event *event) {
-
-        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
-        _cleanup_free_ char *state_file = NULL, *value = NULL;
-        struct rfkill_event we;
-        ssize_t l;
-        int b, r;
-
-        assert(rfkill_fd >= 0);
-        assert(udev);
-        assert(event);
-
-        if (shall_restore_state() == 0)
-                return 0;
-
-        r = find_device(udev, event, &device);
-        if (r < 0)
-                return r;
-
-        r = determine_state_file(udev, event, device, &state_file);
-        if (r < 0)
-                return r;
-
-        r = read_one_line_file(state_file, &value);
-        if (r == -ENOENT) {
-                /* No state file? Then save the current state */
-
-                r = write_string_file(state_file, one_zero(event->soft), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to write state file %s: %m", state_file);
-
-                log_debug("Saved state '%s' to %s.", one_zero(event->soft), state_file);
-                return 0;
-        }
-        if (r < 0)
-                return log_error_errno(r, "Failed to read state file %s: %m", state_file);
-
-        b = parse_boolean(value);
-        if (b < 0)
-                return log_error_errno(b, "Failed to parse state file %s: %m", state_file);
-
-        we = (struct rfkill_event) {
-                .op = RFKILL_OP_CHANGE,
-                .idx = event->idx,
-                .soft = b,
-        };
-
-        l = write(rfkill_fd, &we, sizeof(we));
-        if (l < 0)
-                return log_error_errno(errno, "Failed to restore rfkill state for %i: %m", event->idx);
-        if (l != sizeof(we)) {
-                log_error("Couldn't write rfkill event structure, too short.");
-                return -EIO;
-        }
-
-        log_debug("Loaded state '%s' from %s.", one_zero(b), state_file);
-        return 0;
-}
-
-static int save_state(
-                int rfkill_fd,
-                struct udev *udev,
-                const struct rfkill_event *event) {
-
-        _cleanup_udev_device_unref_ struct udev_device *device = NULL;
-        _cleanup_free_ char *state_file = NULL;
-        int r;
-
-        assert(rfkill_fd >= 0);
-        assert(udev);
-        assert(event);
-
-        r = find_device(udev, event, &device);
-        if (r < 0)
-                return r;
-
-        r = determine_state_file(udev, event, device, &state_file);
-        if (r < 0)
-                return r;
-
-        r = write_string_file(state_file, one_zero(event->soft), WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write state file %s: %m", state_file);
-
-        log_debug("Saved state '%s' to %s.", one_zero(event->soft), state_file);
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        _cleanup_close_ int rfkill_fd = -1;
-        bool ready = false;
-        int r, n;
-
-        if (argc > 1) {
-                log_error("This program requires no arguments.");
-                return EXIT_FAILURE;
-        }
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        udev = udev_new();
-        if (!udev) {
-                r = log_oom();
-                goto finish;
-        }
-
-        r = mkdir_p("/var/lib/systemd/rfkill", 0755);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create rfkill directory: %m");
-                goto finish;
-        }
-
-        n = sd_listen_fds(false);
-        if (n < 0) {
-                r = log_error_errno(n, "Failed to determine whether we got any file descriptors passed: %m");
-                goto finish;
-        }
-        if (n > 1) {
-                log_error("Got too many file descriptors.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        if (n == 0) {
-                rfkill_fd = open("/dev/rfkill", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
-                if (rfkill_fd < 0) {
-                        if (errno == ENOENT) {
-                                log_debug_errno(errno, "Missing rfkill subsystem, or no device present, exiting.");
-                                r = 0;
-                                goto finish;
-                        }
-
-                        r = log_error_errno(errno, "Failed to open /dev/rfkill: %m");
-                        goto finish;
-                }
-        } else {
-                rfkill_fd = SD_LISTEN_FDS_START;
-
-                r = fd_nonblock(rfkill_fd, 1);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to make /dev/rfkill socket non-blocking: %m");
-                        goto finish;
-                }
-        }
-
-        for (;;) {
-                struct rfkill_event event;
-                const char *type;
-                ssize_t l;
-
-                l = read(rfkill_fd, &event, sizeof(event));
-                if (l < 0) {
-                        if (errno == EAGAIN) {
-
-                                if (!ready) {
-                                        /* Notify manager that we are
-                                         * now finished with
-                                         * processing whatever was
-                                         * queued */
-                                        (void) sd_notify(false, "READY=1");
-                                        ready = true;
-                                }
-
-                                /* Hang around for a bit, maybe there's more coming */
-
-                                r = fd_wait_for_event(rfkill_fd, POLLIN, EXIT_USEC);
-                                if (r == -EINTR)
-                                        continue;
-                                if (r < 0) {
-                                        log_error_errno(r, "Failed to poll() on device: %m");
-                                        goto finish;
-                                }
-                                if (r > 0)
-                                        continue;
-
-                                log_debug("All events read and idle, exiting.");
-                                break;
-                        }
-
-                        log_error_errno(errno, "Failed to read from /dev/rfkill: %m");
-                }
-
-                if (l != RFKILL_EVENT_SIZE_V1) {
-                        log_error("Read event structure of invalid size.");
-                        r = -EIO;
-                        goto finish;
-                }
-
-                type = rfkill_type_to_string(event.type);
-                if (!type) {
-                        log_debug("An rfkill device of unknown type %i discovered, ignoring.", event.type);
-                        continue;
-                }
-
-                switch (event.op) {
-
-                case RFKILL_OP_ADD:
-                        log_debug("A new rfkill device has been added with index %i and type %s.", event.idx, type);
-                        (void) load_state(rfkill_fd, udev, &event);
-                        break;
-
-                case RFKILL_OP_DEL:
-                        log_debug("An rfkill device has been removed with index %i and type %s", event.idx, type);
-                        break;
-
-                case RFKILL_OP_CHANGE:
-                        log_debug("An rfkill device has changed state with index %i and type %s", event.idx, type);
-                        (void) save_state(rfkill_fd, udev, &event);
-                        break;
-
-                default:
-                        log_debug("Unknown event %i from /dev/rfkill for index %i and type %s, ignoring.", event.op, event.idx, type);
-                        break;
-                }
-        }
-
-        r = 0;
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/run/Makefile b/src/run/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/run/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/run/run.c b/src/run/run.c
deleted file mode 100644
index d6c9b6d37a..0000000000
--- a/src/run/run.c
+++ /dev/null
@@ -1,1261 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-#include <stdio.h>
-
-#include "sd-bus.h"
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-unit-util.h"
-#include "bus-util.h"
-#include "calendarspec.h"
-#include "env-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "ptyfwd.h"
-#include "signal-util.h"
-#include "spawn-polkit-agent.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "unit-name.h"
-#include "user-util.h"
-
-static bool arg_ask_password = true;
-static bool arg_scope = false;
-static bool arg_remain_after_exit = false;
-static bool arg_no_block = false;
-static const char *arg_unit = NULL;
-static const char *arg_description = NULL;
-static const char *arg_slice = NULL;
-static bool arg_send_sighup = false;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static const char *arg_host = NULL;
-static bool arg_user = false;
-static const char *arg_service_type = NULL;
-static const char *arg_exec_user = NULL;
-static const char *arg_exec_group = NULL;
-static int arg_nice = 0;
-static bool arg_nice_set = false;
-static char **arg_environment = NULL;
-static char **arg_property = NULL;
-static bool arg_pty = false;
-static usec_t arg_on_active = 0;
-static usec_t arg_on_boot = 0;
-static usec_t arg_on_startup = 0;
-static usec_t arg_on_unit_active = 0;
-static usec_t arg_on_unit_inactive = 0;
-static const char *arg_on_calendar = NULL;
-static char **arg_timer_property = NULL;
-static bool arg_quiet = false;
-
-static void polkit_agent_open_if_enabled(void) {
-
-        /* Open the polkit agent as a child process if necessary */
-        if (!arg_ask_password)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        polkit_agent_open();
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] {COMMAND} [ARGS...]\n\n"
-               "Run the specified command in a transient scope or service or timer\n"
-               "unit. If a timer option is specified and the unit specified with\n"
-               "the --unit option exists, the command can be omitted.\n\n"
-               "  -h --help                       Show this help\n"
-               "     --version                    Show package version\n"
-               "     --no-ask-password            Do not prompt for password\n"
-               "     --user                       Run as user unit\n"
-               "  -H --host=[USER@]HOST           Operate on remote host\n"
-               "  -M --machine=CONTAINER          Operate on local container\n"
-               "     --scope                      Run this as scope rather than service\n"
-               "     --unit=UNIT                  Run under the specified unit name\n"
-               "  -p --property=NAME=VALUE        Set unit property\n"
-               "     --description=TEXT           Description for unit\n"
-               "     --slice=SLICE                Run in the specified slice\n"
-               "     --no-block                   Do not wait until operation finished\n"
-               "  -r --remain-after-exit          Leave service around until explicitly stopped\n"
-               "     --send-sighup                Send SIGHUP when terminating\n"
-               "     --service-type=TYPE          Service type\n"
-               "     --uid=USER                   Run as system user\n"
-               "     --gid=GROUP                  Run as system group\n"
-               "     --nice=NICE                  Nice level\n"
-               "  -E --setenv=NAME=VALUE          Set environment\n"
-               "  -t --pty                        Run service on pseudo tty\n"
-               "  -q --quiet                      Suppress information messages during runtime\n\n"
-               "Timer options:\n\n"
-               "     --on-active=SECONDS          Run after SECONDS delay\n"
-               "     --on-boot=SECONDS            Run SECONDS after machine was booted up\n"
-               "     --on-startup=SECONDS         Run SECONDS after systemd activation\n"
-               "     --on-unit-active=SECONDS     Run SECONDS after the last activation\n"
-               "     --on-unit-inactive=SECONDS   Run SECONDS after the last deactivation\n"
-               "     --on-calendar=SPEC           Realtime timer\n"
-               "     --timer-property=NAME=VALUE  Set timer unit property\n",
-               program_invocation_short_name);
-}
-
-static bool with_timer(void) {
-        return arg_on_active || arg_on_boot || arg_on_startup || arg_on_unit_active || arg_on_unit_inactive || arg_on_calendar;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_USER,
-                ARG_SYSTEM,
-                ARG_SCOPE,
-                ARG_UNIT,
-                ARG_DESCRIPTION,
-                ARG_SLICE,
-                ARG_SEND_SIGHUP,
-                ARG_SERVICE_TYPE,
-                ARG_EXEC_USER,
-                ARG_EXEC_GROUP,
-                ARG_NICE,
-                ARG_ON_ACTIVE,
-                ARG_ON_BOOT,
-                ARG_ON_STARTUP,
-                ARG_ON_UNIT_ACTIVE,
-                ARG_ON_UNIT_INACTIVE,
-                ARG_ON_CALENDAR,
-                ARG_TIMER_PROPERTY,
-                ARG_NO_BLOCK,
-                ARG_NO_ASK_PASSWORD,
-        };
-
-        static const struct option options[] = {
-                { "help",              no_argument,       NULL, 'h'                  },
-                { "version",           no_argument,       NULL, ARG_VERSION          },
-                { "user",              no_argument,       NULL, ARG_USER             },
-                { "system",            no_argument,       NULL, ARG_SYSTEM           },
-                { "scope",             no_argument,       NULL, ARG_SCOPE            },
-                { "unit",              required_argument, NULL, ARG_UNIT             },
-                { "description",       required_argument, NULL, ARG_DESCRIPTION      },
-                { "slice",             required_argument, NULL, ARG_SLICE            },
-                { "remain-after-exit", no_argument,       NULL, 'r'                  },
-                { "send-sighup",       no_argument,       NULL, ARG_SEND_SIGHUP      },
-                { "host",              required_argument, NULL, 'H'                  },
-                { "machine",           required_argument, NULL, 'M'                  },
-                { "service-type",      required_argument, NULL, ARG_SERVICE_TYPE     },
-                { "uid",               required_argument, NULL, ARG_EXEC_USER        },
-                { "gid",               required_argument, NULL, ARG_EXEC_GROUP       },
-                { "nice",              required_argument, NULL, ARG_NICE             },
-                { "setenv",            required_argument, NULL, 'E'                  },
-                { "property",          required_argument, NULL, 'p'                  },
-                { "tty",               no_argument,       NULL, 't'                  }, /* deprecated */
-                { "pty",               no_argument,       NULL, 't'                  },
-                { "quiet",             no_argument,       NULL, 'q'                  },
-                { "on-active",         required_argument, NULL, ARG_ON_ACTIVE        },
-                { "on-boot",           required_argument, NULL, ARG_ON_BOOT          },
-                { "on-startup",        required_argument, NULL, ARG_ON_STARTUP       },
-                { "on-unit-active",    required_argument, NULL, ARG_ON_UNIT_ACTIVE   },
-                { "on-unit-inactive",  required_argument, NULL, ARG_ON_UNIT_INACTIVE },
-                { "on-calendar",       required_argument, NULL, ARG_ON_CALENDAR      },
-                { "timer-property",    required_argument, NULL, ARG_TIMER_PROPERTY   },
-                { "no-block",          no_argument,       NULL, ARG_NO_BLOCK         },
-                { "no-ask-password",   no_argument,       NULL, ARG_NO_ASK_PASSWORD },
-                {},
-        };
-
-        int r, c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "+hrH:M:p:tq", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_NO_ASK_PASSWORD:
-                        arg_ask_password = false;
-                        break;
-
-                case ARG_VERSION:
-                        return version();
-
-                case ARG_USER:
-                        arg_user = true;
-                        break;
-
-                case ARG_SYSTEM:
-                        arg_user = false;
-                        break;
-
-                case ARG_SCOPE:
-                        arg_scope = true;
-                        break;
-
-                case ARG_UNIT:
-                        arg_unit = optarg;
-                        break;
-
-                case ARG_DESCRIPTION:
-                        arg_description = optarg;
-                        break;
-
-                case ARG_SLICE:
-                        arg_slice = optarg;
-                        break;
-
-                case ARG_SEND_SIGHUP:
-                        arg_send_sighup = true;
-                        break;
-
-                case 'r':
-                        arg_remain_after_exit = true;
-                        break;
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case ARG_SERVICE_TYPE:
-                        arg_service_type = optarg;
-                        break;
-
-                case ARG_EXEC_USER:
-                        arg_exec_user = optarg;
-                        break;
-
-                case ARG_EXEC_GROUP:
-                        arg_exec_group = optarg;
-                        break;
-
-                case ARG_NICE:
-                        r = safe_atoi(optarg, &arg_nice);
-                        if (r < 0 || arg_nice < PRIO_MIN || arg_nice >= PRIO_MAX) {
-                                log_error("Failed to parse nice value");
-                                return -EINVAL;
-                        }
-
-                        arg_nice_set = true;
-                        break;
-
-                case 'E':
-                        if (strv_extend(&arg_environment, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case 'p':
-                        if (strv_extend(&arg_property, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case 't':
-                        arg_pty = true;
-                        break;
-
-                case 'q':
-                        arg_quiet = true;
-                        break;
-
-                case ARG_ON_ACTIVE:
-
-                        r = parse_sec(optarg, &arg_on_active);
-                        if (r < 0) {
-                                log_error("Failed to parse timer value: %s", optarg);
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_ON_BOOT:
-
-                        r = parse_sec(optarg, &arg_on_boot);
-                        if (r < 0) {
-                                log_error("Failed to parse timer value: %s", optarg);
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_ON_STARTUP:
-
-                        r = parse_sec(optarg, &arg_on_startup);
-                        if (r < 0) {
-                                log_error("Failed to parse timer value: %s", optarg);
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_ON_UNIT_ACTIVE:
-
-                        r = parse_sec(optarg, &arg_on_unit_active);
-                        if (r < 0) {
-                                log_error("Failed to parse timer value: %s", optarg);
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_ON_UNIT_INACTIVE:
-
-                        r = parse_sec(optarg, &arg_on_unit_inactive);
-                        if (r < 0) {
-                                log_error("Failed to parse timer value: %s", optarg);
-                                return r;
-                        }
-
-                        break;
-
-                case ARG_ON_CALENDAR: {
-                        CalendarSpec *spec = NULL;
-
-                        r = calendar_spec_from_string(optarg, &spec);
-                        if (r < 0) {
-                                log_error("Invalid calendar spec: %s", optarg);
-                                return r;
-                        }
-
-                        calendar_spec_free(spec);
-                        arg_on_calendar = optarg;
-                        break;
-                }
-
-                case ARG_TIMER_PROPERTY:
-
-                        if (strv_extend(&arg_timer_property, optarg) < 0)
-                                return log_oom();
-
-                        break;
-
-                case ARG_NO_BLOCK:
-                        arg_no_block = true;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if ((optind >= argc) && (!arg_unit || !with_timer())) {
-                log_error("Command line to execute required.");
-                return -EINVAL;
-        }
-
-        if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL) {
-                log_error("Execution in user context is not supported on non-local systems.");
-                return -EINVAL;
-        }
-
-        if (arg_scope && arg_transport != BUS_TRANSPORT_LOCAL) {
-                log_error("Scope execution is not supported on non-local systems.");
-                return -EINVAL;
-        }
-
-        if (arg_scope && (arg_remain_after_exit || arg_service_type)) {
-                log_error("--remain-after-exit and --service-type= are not supported in --scope mode.");
-                return -EINVAL;
-        }
-
-        if (arg_pty && (with_timer() || arg_scope)) {
-                log_error("--pty is not compatible in timer or --scope mode.");
-                return -EINVAL;
-        }
-
-        if (arg_pty && arg_transport == BUS_TRANSPORT_REMOTE) {
-                log_error("--pty is only supported when connecting to the local system or containers.");
-                return -EINVAL;
-        }
-
-        if (arg_scope && with_timer()) {
-                log_error("Timer options are not supported in --scope mode.");
-                return -EINVAL;
-        }
-
-        if (arg_timer_property && !with_timer()) {
-                log_error("--timer-property= has no effect without any other timer options.");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-static int transient_unit_set_properties(sd_bus_message *m, char **properties) {
-        char **i;
-        int r;
-
-        r = sd_bus_message_append(m, "(sv)", "Description", "s", arg_description);
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH(i, properties) {
-                r = bus_append_unit_property_assignment(m, *i);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int transient_cgroup_set_properties(sd_bus_message *m) {
-        int r;
-        assert(m);
-
-        if (!isempty(arg_slice)) {
-                _cleanup_free_ char *slice;
-
-                r = unit_name_mangle_with_suffix(arg_slice, UNIT_NAME_NOGLOB, ".slice", &slice);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int transient_kill_set_properties(sd_bus_message *m) {
-        assert(m);
-
-        if (arg_send_sighup)
-                return sd_bus_message_append(m, "(sv)", "SendSIGHUP", "b", arg_send_sighup);
-        else
-                return 0;
-}
-
-static int transient_service_set_properties(sd_bus_message *m, char **argv, const char *pty_path) {
-        int r;
-
-        assert(m);
-
-        r = transient_unit_set_properties(m, arg_property);
-        if (r < 0)
-                return r;
-
-        r = transient_kill_set_properties(m);
-        if (r < 0)
-                return r;
-
-        r = transient_cgroup_set_properties(m);
-        if (r < 0)
-                return r;
-
-        if (arg_remain_after_exit) {
-                r = sd_bus_message_append(m, "(sv)", "RemainAfterExit", "b", arg_remain_after_exit);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_service_type) {
-                r = sd_bus_message_append(m, "(sv)", "Type", "s", arg_service_type);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_exec_user) {
-                r = sd_bus_message_append(m, "(sv)", "User", "s", arg_exec_user);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_exec_group) {
-                r = sd_bus_message_append(m, "(sv)", "Group", "s", arg_exec_group);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_nice_set) {
-                r = sd_bus_message_append(m, "(sv)", "Nice", "i", arg_nice);
-                if (r < 0)
-                        return r;
-        }
-
-        if (pty_path) {
-                const char *e;
-
-                r = sd_bus_message_append(m,
-                                          "(sv)(sv)(sv)(sv)",
-                                          "StandardInput", "s", "tty",
-                                          "StandardOutput", "s", "tty",
-                                          "StandardError", "s", "tty",
-                                          "TTYPath", "s", pty_path);
-                if (r < 0)
-                        return r;
-
-                e = getenv("TERM");
-                if (e) {
-                        char *n;
-
-                        n = strjoina("TERM=", e);
-                        r = sd_bus_message_append(m,
-                                                  "(sv)",
-                                                  "Environment", "as", 1, n);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        if (!strv_isempty(arg_environment)) {
-                r = sd_bus_message_open_container(m, 'r', "sv");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(m, "s", "Environment");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_open_container(m, 'v', "as");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append_strv(m, arg_environment);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return r;
-        }
-
-        /* Exec container */
-        {
-                r = sd_bus_message_open_container(m, 'r', "sv");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(m, "s", "ExecStart");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_open_container(m, 'v', "a(sasb)");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_open_container(m, 'a', "(sasb)");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_open_container(m, 'r', "sasb");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(m, "s", argv[0]);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append_strv(m, argv);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(m, "b", false);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int transient_scope_set_properties(sd_bus_message *m) {
-        int r;
-
-        assert(m);
-
-        r = transient_unit_set_properties(m, arg_property);
-        if (r < 0)
-                return r;
-
-        r = transient_kill_set_properties(m);
-        if (r < 0)
-                return r;
-
-        r = transient_cgroup_set_properties(m);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(m, "(sv)", "PIDs", "au", 1, (uint32_t) getpid());
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int transient_timer_set_properties(sd_bus_message *m) {
-        int r;
-
-        assert(m);
-
-        r = transient_unit_set_properties(m, arg_timer_property);
-        if (r < 0)
-                return r;
-
-        /* Automatically clean up our transient timers */
-        r = sd_bus_message_append(m, "(sv)", "RemainAfterElapse", "b", false);
-        if (r < 0)
-                return r;
-
-        if (arg_on_active) {
-                r = sd_bus_message_append(m, "(sv)", "OnActiveSec", "t", arg_on_active);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_on_boot) {
-                r = sd_bus_message_append(m, "(sv)", "OnBootSec", "t", arg_on_boot);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_on_startup) {
-                r = sd_bus_message_append(m, "(sv)", "OnStartupSec", "t", arg_on_startup);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_on_unit_active) {
-                r = sd_bus_message_append(m, "(sv)", "OnUnitActiveSec", "t", arg_on_unit_active);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_on_unit_inactive) {
-                r = sd_bus_message_append(m, "(sv)", "OnUnitInactiveSec", "t", arg_on_unit_inactive);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_on_calendar) {
-                r = sd_bus_message_append(m, "(sv)", "OnCalendar", "s", arg_on_calendar);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int make_unit_name(sd_bus *bus, UnitType t, char **ret) {
-        const char *unique, *id;
-        char *p;
-        int r;
-
-        assert(bus);
-        assert(t >= 0);
-        assert(t < _UNIT_TYPE_MAX);
-
-        r = sd_bus_get_unique_name(bus, &unique);
-        if (r < 0) {
-                sd_id128_t rnd;
-
-                /* We couldn't get the unique name, which is a pretty
-                 * common case if we are connected to systemd
-                 * directly. In that case, just pick a random uuid as
-                 * name */
-
-                r = sd_id128_randomize(&rnd);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to generate random run unit name: %m");
-
-                if (asprintf(ret, "run-r" SD_ID128_FORMAT_STR ".%s", SD_ID128_FORMAT_VAL(rnd), unit_type_to_string(t)) < 0)
-                        return log_oom();
-
-                return 0;
-        }
-
-        /* We managed to get the unique name, then let's use that to
-         * name our transient units. */
-
-        id = startswith(unique, ":1.");
-        if (!id) {
-                log_error("Unique name %s has unexpected format.", unique);
-                return -EINVAL;
-        }
-
-        p = strjoin("run-u", id, ".", unit_type_to_string(t), NULL);
-        if (!p)
-                return log_oom();
-
-        *ret = p;
-        return 0;
-}
-
-static int start_transient_service(
-                sd_bus *bus,
-                char **argv) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
-        _cleanup_free_ char *service = NULL, *pty_path = NULL;
-        _cleanup_close_ int master = -1;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        if (arg_pty) {
-
-                if (arg_transport == BUS_TRANSPORT_LOCAL) {
-                        master = posix_openpt(O_RDWR|O_NOCTTY|O_CLOEXEC|O_NDELAY);
-                        if (master < 0)
-                                return log_error_errno(errno, "Failed to acquire pseudo tty: %m");
-
-                        r = ptsname_malloc(master, &pty_path);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to determine tty name: %m");
-
-                        if (unlockpt(master) < 0)
-                                return log_error_errno(errno, "Failed to unlock tty: %m");
-
-                } else if (arg_transport == BUS_TRANSPORT_MACHINE) {
-                        _cleanup_(sd_bus_unrefp) sd_bus *system_bus = NULL;
-                        _cleanup_(sd_bus_message_unrefp) sd_bus_message *pty_reply = NULL;
-                        const char *s;
-
-                        r = sd_bus_default_system(&system_bus);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to connect to system bus: %m");
-
-                        r = sd_bus_call_method(system_bus,
-                                               "org.freedesktop.machine1",
-                                               "/org/freedesktop/machine1",
-                                               "org.freedesktop.machine1.Manager",
-                                               "OpenMachinePTY",
-                                               &error,
-                                               &pty_reply,
-                                               "s", arg_host);
-                        if (r < 0) {
-                                log_error("Failed to get machine PTY: %s", bus_error_message(&error, -r));
-                                return r;
-                        }
-
-                        r = sd_bus_message_read(pty_reply, "hs", &master, &s);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        master = fcntl(master, F_DUPFD_CLOEXEC, 3);
-                        if (master < 0)
-                                return log_error_errno(errno, "Failed to duplicate master fd: %m");
-
-                        pty_path = strdup(s);
-                        if (!pty_path)
-                                return log_oom();
-                } else
-                        assert_not_reached("Can't allocate tty via ssh");
-        }
-
-        if (!arg_no_block) {
-                r = bus_wait_for_jobs_new(bus, &w);
-                if (r < 0)
-                        return log_error_errno(r, "Could not watch jobs: %m");
-        }
-
-        if (arg_unit) {
-                r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".service", &service);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to mangle unit name: %m");
-        } else {
-                r = make_unit_name(bus, UNIT_SERVICE, &service);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartTransientUnit");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Name and mode */
-        r = sd_bus_message_append(m, "ss", service, "fail");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Properties */
-        r = sd_bus_message_open_container(m, 'a', "(sv)");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = transient_service_set_properties(m, argv, pty_path);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Auxiliary units */
-        r = sd_bus_message_append(m, "a(sa(sv))", 0);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0)
-                return log_error_errno(r, "Failed to start transient service unit: %s", bus_error_message(&error, r));
-
-        if (w) {
-                const char *object;
-
-                r = sd_bus_message_read(reply, "o", &object);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = bus_wait_for_jobs_one(w, object, arg_quiet);
-                if (r < 0)
-                        return r;
-        }
-
-        if (master >= 0) {
-                _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
-                _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-                char last_char = 0;
-
-                r = sd_event_default(&event);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get event loop: %m");
-
-                assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGWINCH, SIGTERM, SIGINT, -1) >= 0);
-
-                (void) sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
-                (void) sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
-
-                if (!arg_quiet)
-                        log_info("Running as unit: %s\nPress ^] three times within 1s to disconnect TTY.", service);
-
-                r = pty_forward_new(event, master, PTY_FORWARD_IGNORE_INITIAL_VHANGUP, &forward);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to create PTY forwarder: %m");
-
-                r = sd_event_loop(event);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to run event loop: %m");
-
-                pty_forward_get_last_char(forward, &last_char);
-
-                forward = pty_forward_free(forward);
-
-                if (!arg_quiet && last_char != '\n')
-                        fputc('\n', stdout);
-
-        } else if (!arg_quiet)
-                log_info("Running as unit: %s", service);
-
-        return 0;
-}
-
-static int start_transient_scope(
-                sd_bus *bus,
-                char **argv) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
-        _cleanup_strv_free_ char **env = NULL, **user_env = NULL;
-        _cleanup_free_ char *scope = NULL;
-        const char *object = NULL;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        r = bus_wait_for_jobs_new(bus, &w);
-        if (r < 0)
-                return log_oom();
-
-        if (arg_unit) {
-                r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".scope", &scope);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to mangle scope name: %m");
-        } else {
-                r = make_unit_name(bus, UNIT_SCOPE, &scope);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartTransientUnit");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Name and Mode */
-        r = sd_bus_message_append(m, "ss", scope, "fail");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Properties */
-        r = sd_bus_message_open_container(m, 'a', "(sv)");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = transient_scope_set_properties(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Auxiliary units */
-        r = sd_bus_message_append(m, "a(sa(sv))", 0);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0) {
-                log_error("Failed to start transient scope unit: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        if (arg_nice_set) {
-                if (setpriority(PRIO_PROCESS, 0, arg_nice) < 0)
-                        return log_error_errno(errno, "Failed to set nice level: %m");
-        }
-
-        if (arg_exec_group) {
-                gid_t gid;
-
-                r = get_group_creds(&arg_exec_group, &gid);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to resolve group %s: %m", arg_exec_group);
-
-                if (setresgid(gid, gid, gid) < 0)
-                        return log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
-        }
-
-        if (arg_exec_user) {
-                const char *home, *shell;
-                uid_t uid;
-                gid_t gid;
-
-                r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
-
-                r = strv_extendf(&user_env, "HOME=%s", home);
-                if (r < 0)
-                        return log_oom();
-
-                r = strv_extendf(&user_env, "SHELL=%s", shell);
-                if (r < 0)
-                        return log_oom();
-
-                r = strv_extendf(&user_env, "USER=%s", arg_exec_user);
-                if (r < 0)
-                        return log_oom();
-
-                r = strv_extendf(&user_env, "LOGNAME=%s", arg_exec_user);
-                if (r < 0)
-                        return log_oom();
-
-                if (!arg_exec_group) {
-                        if (setresgid(gid, gid, gid) < 0)
-                                return log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
-                }
-
-                if (setresuid(uid, uid, uid) < 0)
-                        return log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", uid);
-        }
-
-        env = strv_env_merge(3, environ, user_env, arg_environment);
-        if (!env)
-                return log_oom();
-
-        r = sd_bus_message_read(reply, "o", &object);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = bus_wait_for_jobs_one(w, object, arg_quiet);
-        if (r < 0)
-                return r;
-
-        if (!arg_quiet)
-                log_info("Running scope as unit: %s", scope);
-
-        execvpe(argv[0], argv, env);
-
-        return log_error_errno(errno, "Failed to execute: %m");
-}
-
-static int start_transient_timer(
-                sd_bus *bus,
-                char **argv) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
-        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
-        _cleanup_free_ char *timer = NULL, *service = NULL;
-        const char *object = NULL;
-        int r;
-
-        assert(bus);
-        assert(argv);
-
-        r = bus_wait_for_jobs_new(bus, &w);
-        if (r < 0)
-                return log_oom();
-
-        if (arg_unit) {
-                switch (unit_name_to_type(arg_unit)) {
-
-                case UNIT_SERVICE:
-                        service = strdup(arg_unit);
-                        if (!service)
-                                return log_oom();
-
-                        r = unit_name_change_suffix(service, ".timer", &timer);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to change unit suffix: %m");
-                        break;
-
-                case UNIT_TIMER:
-                        timer = strdup(arg_unit);
-                        if (!timer)
-                                return log_oom();
-
-                        r = unit_name_change_suffix(timer, ".service", &service);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to change unit suffix: %m");
-                        break;
-
-                default:
-                        r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".service", &service);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to mangle unit name: %m");
-
-                        r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".timer", &timer);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to mangle unit name: %m");
-
-                        break;
-                }
-        } else {
-                r = make_unit_name(bus, UNIT_SERVICE, &service);
-                if (r < 0)
-                        return r;
-
-                r = unit_name_change_suffix(service, ".timer", &timer);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to change unit suffix: %m");
-        }
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "StartTransientUnit");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Name and Mode */
-        r = sd_bus_message_append(m, "ss", timer, "fail");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        /* Properties */
-        r = sd_bus_message_open_container(m, 'a', "(sv)");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = transient_timer_set_properties(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_open_container(m, 'a', "(sa(sv))");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        if (argv[0]) {
-                r = sd_bus_message_open_container(m, 'r', "sa(sv)");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append(m, "s", service);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_open_container(m, 'a', "(sv)");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = transient_service_set_properties(m, argv, NULL);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_close_container(m);
-                if (r < 0)
-                        return bus_log_create_error(r);
-        }
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0) {
-                log_error("Failed to start transient timer unit: %s", bus_error_message(&error, -r));
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "o", &object);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = bus_wait_for_jobs_one(w, object, arg_quiet);
-        if (r < 0)
-                return r;
-
-        log_info("Running timer as unit: %s", timer);
-        if (argv[0])
-                log_info("Will run service as unit: %s", service);
-
-        return 0;
-}
-
-int main(int argc, char* argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_free_ char *description = NULL, *command = NULL;
-        int r;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        if (argc > optind && arg_transport == BUS_TRANSPORT_LOCAL) {
-                /* Patch in an absolute path */
-
-                r = find_binary(argv[optind], &command);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to find executable %s: %m", argv[optind]);
-                        goto finish;
-                }
-
-                argv[optind] = command;
-        }
-
-        if (!arg_description) {
-                description = strv_join(argv + optind, " ");
-                if (!description) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                if (arg_unit && isempty(description)) {
-                        r = free_and_strdup(&description, arg_unit);
-                        if (r < 0)
-                                goto finish;
-                }
-
-                arg_description = description;
-        }
-
-        r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create bus connection: %m");
-                goto finish;
-        }
-
-        if (arg_scope)
-                r = start_transient_scope(bus, argv + optind);
-        else if (with_timer())
-                r = start_transient_timer(bus, argv + optind);
-        else
-                r = start_transient_service(bus, argv + optind);
-
-finish:
-        strv_free(arg_environment);
-        strv_free(arg_property);
-        strv_free(arg_timer_property);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/shared/Makefile b/src/shared/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/shared/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/shared/bus-unit-util.h b/src/shared/bus-unit-util.h
deleted file mode 100644
index c0c172f336..0000000000
--- a/src/shared/bus-unit-util.h
+++ /dev/null
@@ -1,57 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2016 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-bus.h"
-
-#include "output-mode.h"
-#include "install.h"
-
-typedef struct UnitInfo {
-        const char *machine;
-        const char *id;
-        const char *description;
-        const char *load_state;
-        const char *active_state;
-        const char *sub_state;
-        const char *following;
-        const char *unit_path;
-        uint32_t job_id;
-        const char *job_type;
-        const char *job_path;
-} UnitInfo;
-
-int bus_parse_unit_info(sd_bus_message *message, UnitInfo *u);
-
-int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignment);
-
-typedef struct BusWaitForJobs BusWaitForJobs;
-
-int bus_wait_for_jobs_new(sd_bus *bus, BusWaitForJobs **ret);
-void bus_wait_for_jobs_free(BusWaitForJobs *d);
-int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path);
-int bus_wait_for_jobs(BusWaitForJobs *d, bool quiet, const char* const* extra_args);
-int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(BusWaitForJobs*, bus_wait_for_jobs_free);
-
-int bus_deserialize_and_dump_unit_file_changes(sd_bus_message *m, bool quiet, UnitFileChange **changes, unsigned *n_changes);
-
-int unit_show_processes(sd_bus *bus, const char *unit, const char *cgroup_path, const char *prefix, unsigned n_columns, OutputFlags flags, sd_bus_error *error);
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
deleted file mode 100644
index 4efbf3710f..0000000000
--- a/src/shared/bus-util.c
+++ /dev/null
@@ -1,1571 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <inttypes.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include "sd-bus-protocol.h"
-#include "sd-bus.h"
-#include "sd-daemon.h"
-#include "sd-event.h"
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "bus-internal.h"
-#include "bus-label.h"
-#include "bus-message.h"
-#include "bus-util.h"
-#include "def.h"
-#include "escape.h"
-#include "fd-util.h"
-#include "missing.h"
-#include "parse-util.h"
-#include "proc-cmdline.h"
-#include "rlimit-util.h"
-#include "stdio-util.h"
-#include "strv.h"
-#include "user-util.h"
-
-static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
-        sd_event *e = userdata;
-
-        assert(m);
-        assert(e);
-
-        sd_bus_close(sd_bus_message_get_bus(m));
-        sd_event_exit(e, 0);
-
-        return 1;
-}
-
-int bus_async_unregister_and_exit(sd_event *e, sd_bus *bus, const char *name) {
-        _cleanup_free_ char *match = NULL;
-        const char *unique;
-        int r;
-
-        assert(e);
-        assert(bus);
-        assert(name);
-
-        /* We unregister the name here and then wait for the
-         * NameOwnerChanged signal for this event to arrive before we
-         * quit. We do this in order to make sure that any queued
-         * requests are still processed before we really exit. */
-
-        r = sd_bus_get_unique_name(bus, &unique);
-        if (r < 0)
-                return r;
-
-        r = asprintf(&match,
-                     "sender='org.freedesktop.DBus',"
-                     "type='signal',"
-                     "interface='org.freedesktop.DBus',"
-                     "member='NameOwnerChanged',"
-                     "path='/org/freedesktop/DBus',"
-                     "arg0='%s',"
-                     "arg1='%s',"
-                     "arg2=''", name, unique);
-        if (r < 0)
-                return -ENOMEM;
-
-        r = sd_bus_add_match(bus, NULL, match, name_owner_change_callback, e);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_release_name(bus, name);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int bus_event_loop_with_idle(
-                sd_event *e,
-                sd_bus *bus,
-                const char *name,
-                usec_t timeout,
-                check_idle_t check_idle,
-                void *userdata) {
-        bool exiting = false;
-        int r, code;
-
-        assert(e);
-        assert(bus);
-        assert(name);
-
-        for (;;) {
-                bool idle;
-
-                r = sd_event_get_state(e);
-                if (r < 0)
-                        return r;
-                if (r == SD_EVENT_FINISHED)
-                        break;
-
-                if (check_idle)
-                        idle = check_idle(userdata);
-                else
-                        idle = true;
-
-                r = sd_event_run(e, exiting || !idle ? (uint64_t) -1 : timeout);
-                if (r < 0)
-                        return r;
-
-                if (r == 0 && !exiting && idle) {
-
-                        r = sd_bus_try_close(bus);
-                        if (r == -EBUSY)
-                                continue;
-
-                        /* Fallback for dbus1 connections: we
-                         * unregister the name and wait for the
-                         * response to come through for it */
-                        if (r == -EOPNOTSUPP) {
-
-                                /* Inform the service manager that we
-                                 * are going down, so that it will
-                                 * queue all further start requests,
-                                 * instead of assuming we are already
-                                 * running. */
-                                sd_notify(false, "STOPPING=1");
-
-                                r = bus_async_unregister_and_exit(e, bus, name);
-                                if (r < 0)
-                                        return r;
-
-                                exiting = true;
-                                continue;
-                        }
-
-                        if (r < 0)
-                                return r;
-
-                        sd_event_exit(e, 0);
-                        break;
-                }
-        }
-
-        r = sd_event_get_exit_code(e, &code);
-        if (r < 0)
-                return r;
-
-        return code;
-}
-
-int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *rep = NULL;
-        int r, has_owner = 0;
-
-        assert(c);
-        assert(name);
-
-        r = sd_bus_call_method(c,
-                               "org.freedesktop.DBus",
-                               "/org/freedesktop/dbus",
-                               "org.freedesktop.DBus",
-                               "NameHasOwner",
-                               error,
-                               &rep,
-                               "s",
-                               name);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read_basic(rep, 'b', &has_owner);
-        if (r < 0)
-                return sd_bus_error_set_errno(error, r);
-
-        return has_owner;
-}
-
-static int check_good_user(sd_bus_message *m, uid_t good_user) {
-        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
-        uid_t sender_uid;
-        int r;
-
-        assert(m);
-
-        if (good_user == UID_INVALID)
-                return 0;
-
-        r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_EUID, &creds);
-        if (r < 0)
-                return r;
-
-        /* Don't trust augmented credentials for authorization */
-        assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM);
-
-        r = sd_bus_creds_get_euid(creds, &sender_uid);
-        if (r < 0)
-                return r;
-
-        return sender_uid == good_user;
-}
-
-int bus_test_polkit(
-                sd_bus_message *call,
-                int capability,
-                const char *action,
-                const char **details,
-                uid_t good_user,
-                bool *_challenge,
-                sd_bus_error *e) {
-
-        int r;
-
-        assert(call);
-        assert(action);
-
-        /* Tests non-interactively! */
-
-        r = check_good_user(call, good_user);
-        if (r != 0)
-                return r;
-
-        r = sd_bus_query_sender_privilege(call, capability);
-        if (r < 0)
-                return r;
-        else if (r > 0)
-                return 1;
-#ifdef ENABLE_POLKIT
-        else {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                int authorized = false, challenge = false;
-                const char *sender, **k, **v;
-
-                sender = sd_bus_message_get_sender(call);
-                if (!sender)
-                        return -EBADMSG;
-
-                r = sd_bus_message_new_method_call(
-                                call->bus,
-                                &request,
-                                "org.freedesktop.PolicyKit1",
-                                "/org/freedesktop/PolicyKit1/Authority",
-                                "org.freedesktop.PolicyKit1.Authority",
-                                "CheckAuthorization");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(
-                                request,
-                                "(sa{sv})s",
-                                "system-bus-name", 1, "name", "s", sender,
-                                action);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_open_container(request, 'a', "{ss}");
-                if (r < 0)
-                        return r;
-
-                STRV_FOREACH_PAIR(k, v, details) {
-                        r = sd_bus_message_append(request, "{ss}", *k, *v);
-                        if (r < 0)
-                                return r;
-                }
-
-                r = sd_bus_message_close_container(request);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_append(request, "us", 0, NULL);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_call(call->bus, request, 0, e, &reply);
-                if (r < 0) {
-                        /* Treat no PK available as access denied */
-                        if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
-                                sd_bus_error_free(e);
-                                return -EACCES;
-                        }
-
-                        return r;
-                }
-
-                r = sd_bus_message_enter_container(reply, 'r', "bba{ss}");
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_read(reply, "bb", &authorized, &challenge);
-                if (r < 0)
-                        return r;
-
-                if (authorized)
-                        return 1;
-
-                if (_challenge) {
-                        *_challenge = challenge;
-                        return 0;
-                }
-        }
-#endif
-
-        return -EACCES;
-}
-
-#ifdef ENABLE_POLKIT
-
-typedef struct AsyncPolkitQuery {
-        sd_bus_message *request, *reply;
-        sd_bus_message_handler_t callback;
-        void *userdata;
-        sd_bus_slot *slot;
-        Hashmap *registry;
-} AsyncPolkitQuery;
-
-static void async_polkit_query_free(AsyncPolkitQuery *q) {
-
-        if (!q)
-                return;
-
-        sd_bus_slot_unref(q->slot);
-
-        if (q->registry && q->request)
-                hashmap_remove(q->registry, q->request);
-
-        sd_bus_message_unref(q->request);
-        sd_bus_message_unref(q->reply);
-
-        free(q);
-}
-
-static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
-        AsyncPolkitQuery *q = userdata;
-        int r;
-
-        assert(reply);
-        assert(q);
-
-        q->slot = sd_bus_slot_unref(q->slot);
-        q->reply = sd_bus_message_ref(reply);
-
-        r = sd_bus_message_rewind(q->request, true);
-        if (r < 0) {
-                r = sd_bus_reply_method_errno(q->request, r, NULL);
-                goto finish;
-        }
-
-        r = q->callback(q->request, q->userdata, &error_buffer);
-        r = bus_maybe_reply_error(q->request, r, &error_buffer);
-
-finish:
-        async_polkit_query_free(q);
-
-        return r;
-}
-
-#endif
-
-int bus_verify_polkit_async(
-                sd_bus_message *call,
-                int capability,
-                const char *action,
-                const char **details,
-                bool interactive,
-                uid_t good_user,
-                Hashmap **registry,
-                sd_bus_error *error) {
-
-#ifdef ENABLE_POLKIT
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
-        AsyncPolkitQuery *q;
-        const char *sender, **k, **v;
-        sd_bus_message_handler_t callback;
-        void *userdata;
-        int c;
-#endif
-        int r;
-
-        assert(call);
-        assert(action);
-        assert(registry);
-
-        r = check_good_user(call, good_user);
-        if (r != 0)
-                return r;
-
-#ifdef ENABLE_POLKIT
-        q = hashmap_get(*registry, call);
-        if (q) {
-                int authorized, challenge;
-
-                /* This is the second invocation of this function, and
-                 * there's already a response from polkit, let's
-                 * process it */
-                assert(q->reply);
-
-                if (sd_bus_message_is_method_error(q->reply, NULL)) {
-                        const sd_bus_error *e;
-
-                        /* Copy error from polkit reply */
-                        e = sd_bus_message_get_error(q->reply);
-                        sd_bus_error_copy(error, e);
-
-                        /* Treat no PK available as access denied */
-                        if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN))
-                                return -EACCES;
-
-                        return -sd_bus_error_get_errno(e);
-                }
-
-                r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}");
-                if (r >= 0)
-                        r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge);
-
-                if (r < 0)
-                        return r;
-
-                if (authorized)
-                        return 1;
-
-                if (challenge)
-                        return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
-
-                return -EACCES;
-        }
-#endif
-
-        r = sd_bus_query_sender_privilege(call, capability);
-        if (r < 0)
-                return r;
-        else if (r > 0)
-                return 1;
-
-#ifdef ENABLE_POLKIT
-        if (sd_bus_get_current_message(call->bus) != call)
-                return -EINVAL;
-
-        callback = sd_bus_get_current_handler(call->bus);
-        if (!callback)
-                return -EINVAL;
-
-        userdata = sd_bus_get_current_userdata(call->bus);
-
-        sender = sd_bus_message_get_sender(call);
-        if (!sender)
-                return -EBADMSG;
-
-        c = sd_bus_message_get_allow_interactive_authorization(call);
-        if (c < 0)
-                return c;
-        if (c > 0)
-                interactive = true;
-
-        r = hashmap_ensure_allocated(registry, NULL);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_new_method_call(
-                        call->bus,
-                        &pk,
-                        "org.freedesktop.PolicyKit1",
-                        "/org/freedesktop/PolicyKit1/Authority",
-                        "org.freedesktop.PolicyKit1.Authority",
-                        "CheckAuthorization");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(
-                        pk,
-                        "(sa{sv})s",
-                        "system-bus-name", 1, "name", "s", sender,
-                        action);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_open_container(pk, 'a', "{ss}");
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH_PAIR(k, v, details) {
-                r = sd_bus_message_append(pk, "{ss}", *k, *v);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(pk);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_append(pk, "us", !!interactive, NULL);
-        if (r < 0)
-                return r;
-
-        q = new0(AsyncPolkitQuery, 1);
-        if (!q)
-                return -ENOMEM;
-
-        q->request = sd_bus_message_ref(call);
-        q->callback = callback;
-        q->userdata = userdata;
-
-        r = hashmap_put(*registry, call, q);
-        if (r < 0) {
-                async_polkit_query_free(q);
-                return r;
-        }
-
-        q->registry = *registry;
-
-        r = sd_bus_call_async(call->bus, &q->slot, pk, async_polkit_callback, q, 0);
-        if (r < 0) {
-                async_polkit_query_free(q);
-                return r;
-        }
-
-        return 0;
-#endif
-
-        return -EACCES;
-}
-
-void bus_verify_polkit_async_registry_free(Hashmap *registry) {
-#ifdef ENABLE_POLKIT
-        AsyncPolkitQuery *q;
-
-        while ((q = hashmap_steal_first(registry)))
-                async_polkit_query_free(q);
-
-        hashmap_free(registry);
-#endif
-}
-
-int bus_check_peercred(sd_bus *c) {
-        struct ucred ucred;
-        socklen_t l;
-        int fd;
-
-        assert(c);
-
-        fd = sd_bus_get_fd(c);
-        if (fd < 0)
-                return fd;
-
-        l = sizeof(struct ucred);
-        if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0)
-                return -errno;
-
-        if (l != sizeof(struct ucred))
-                return -E2BIG;
-
-        if (ucred.uid != 0 && ucred.uid != geteuid())
-                return -EPERM;
-
-        return 1;
-}
-
-int bus_connect_system_systemd(sd_bus **_bus) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        assert(_bus);
-
-        if (geteuid() != 0)
-                return sd_bus_default_system(_bus);
-
-        /* If we are root and kdbus is not available, then let's talk
-         * directly to the system instance, instead of going via the
-         * bus */
-
-        r = sd_bus_new(&bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_set_address(bus, KERNEL_SYSTEM_BUS_ADDRESS);
-        if (r < 0)
-                return r;
-
-        bus->bus_client = true;
-
-        r = sd_bus_start(bus);
-        if (r >= 0) {
-                *_bus = bus;
-                bus = NULL;
-                return 0;
-        }
-
-        bus = sd_bus_unref(bus);
-
-        r = sd_bus_new(&bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_set_address(bus, "unix:path=/run/systemd/private");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_start(bus);
-        if (r < 0)
-                return sd_bus_default_system(_bus);
-
-        r = bus_check_peercred(bus);
-        if (r < 0)
-                return r;
-
-        *_bus = bus;
-        bus = NULL;
-
-        return 0;
-}
-
-int bus_connect_user_systemd(sd_bus **_bus) {
-        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-        _cleanup_free_ char *ee = NULL;
-        const char *e;
-        int r;
-
-        /* Try via kdbus first, and then directly */
-
-        assert(_bus);
-
-        r = sd_bus_new(&bus);
-        if (r < 0)
-                return r;
-
-        if (asprintf(&bus->address, KERNEL_USER_BUS_ADDRESS_FMT, getuid()) < 0)
-                return -ENOMEM;
-
-        bus->bus_client = true;
-
-        r = sd_bus_start(bus);
-        if (r >= 0) {
-                *_bus = bus;
-                bus = NULL;
-                return 0;
-        }
-
-        bus = sd_bus_unref(bus);
-
-        e = secure_getenv("XDG_RUNTIME_DIR");
-        if (!e)
-                return sd_bus_default_user(_bus);
-
-        ee = bus_address_escape(e);
-        if (!ee)
-                return -ENOMEM;
-
-        r = sd_bus_new(&bus);
-        if (r < 0)
-                return r;
-
-        bus->address = strjoin("unix:path=", ee, "/systemd/private", NULL);
-        if (!bus->address)
-                return -ENOMEM;
-
-        r = sd_bus_start(bus);
-        if (r < 0)
-                return sd_bus_default_user(_bus);
-
-        r = bus_check_peercred(bus);
-        if (r < 0)
-                return r;
-
-        *_bus = bus;
-        bus = NULL;
-
-        return 0;
-}
-
-#define print_property(name, fmt, ...)                                  \
-        do {                                                            \
-                if (value)                                              \
-                        printf(fmt "\n", __VA_ARGS__);                  \
-                else                                                    \
-                        printf("%s=" fmt "\n", name, __VA_ARGS__);      \
-        } while(0)
-
-int bus_print_property(const char *name, sd_bus_message *property, bool value, bool all) {
-        char type;
-        const char *contents;
-        int r;
-
-        assert(name);
-        assert(property);
-
-        r = sd_bus_message_peek_type(property, &type, &contents);
-        if (r < 0)
-                return r;
-
-        switch (type) {
-
-        case SD_BUS_TYPE_STRING: {
-                const char *s;
-
-                r = sd_bus_message_read_basic(property, type, &s);
-                if (r < 0)
-                        return r;
-
-                if (all || !isempty(s)) {
-                        _cleanup_free_ char *escaped = NULL;
-
-                        escaped = xescape(s, "\n");
-                        if (!escaped)
-                                return -ENOMEM;
-
-                        print_property(name, "%s", escaped);
-                }
-
-                return 1;
-        }
-
-        case SD_BUS_TYPE_BOOLEAN: {
-                int b;
-
-                r = sd_bus_message_read_basic(property, type, &b);
-                if (r < 0)
-                        return r;
-
-                print_property(name, "%s", yes_no(b));
-
-                return 1;
-        }
-
-        case SD_BUS_TYPE_UINT64: {
-                uint64_t u;
-
-                r = sd_bus_message_read_basic(property, type, &u);
-                if (r < 0)
-                        return r;
-
-                /* Yes, heuristics! But we can change this check
-                 * should it turn out to not be sufficient */
-
-                if (endswith(name, "Timestamp")) {
-                        char timestamp[FORMAT_TIMESTAMP_MAX], *t;
-
-                        t = format_timestamp(timestamp, sizeof(timestamp), u);
-                        if (t || all)
-                                print_property(name, "%s", strempty(t));
-
-                } else if (strstr(name, "USec")) {
-                        char timespan[FORMAT_TIMESPAN_MAX];
-
-                        print_property(name, "%s", format_timespan(timespan, sizeof(timespan), u, 0));
-                } else
-                        print_property(name, "%"PRIu64, u);
-
-                return 1;
-        }
-
-        case SD_BUS_TYPE_INT64: {
-                int64_t i;
-
-                r = sd_bus_message_read_basic(property, type, &i);
-                if (r < 0)
-                        return r;
-
-                print_property(name, "%"PRIi64, i);
-
-                return 1;
-        }
-
-        case SD_BUS_TYPE_UINT32: {
-                uint32_t u;
-
-                r = sd_bus_message_read_basic(property, type, &u);
-                if (r < 0)
-                        return r;
-
-                if (strstr(name, "UMask") || strstr(name, "Mode"))
-                        print_property(name, "%04o", u);
-                else
-                        print_property(name, "%"PRIu32, u);
-
-                return 1;
-        }
-
-        case SD_BUS_TYPE_INT32: {
-                int32_t i;
-
-                r = sd_bus_message_read_basic(property, type, &i);
-                if (r < 0)
-                        return r;
-
-                print_property(name, "%"PRIi32, i);
-                return 1;
-        }
-
-        case SD_BUS_TYPE_DOUBLE: {
-                double d;
-
-                r = sd_bus_message_read_basic(property, type, &d);
-                if (r < 0)
-                        return r;
-
-                print_property(name, "%g", d);
-                return 1;
-        }
-
-        case SD_BUS_TYPE_ARRAY:
-                if (streq(contents, "s")) {
-                        bool first = true;
-                        const char *str;
-
-                        r = sd_bus_message_enter_container(property, SD_BUS_TYPE_ARRAY, contents);
-                        if (r < 0)
-                                return r;
-
-                        while ((r = sd_bus_message_read_basic(property, SD_BUS_TYPE_STRING, &str)) > 0) {
-                                _cleanup_free_ char *escaped = NULL;
-
-                                if (first && !value)
-                                        printf("%s=", name);
-
-                                escaped = xescape(str, "\n ");
-                                if (!escaped)
-                                        return -ENOMEM;
-
-                                printf("%s%s", first ? "" : " ", escaped);
-
-                                first = false;
-                        }
-                        if (r < 0)
-                                return r;
-
-                        if (first && all && !value)
-                                printf("%s=", name);
-                        if (!first || all)
-                                puts("");
-
-                        r = sd_bus_message_exit_container(property);
-                        if (r < 0)
-                                return r;
-
-                        return 1;
-
-                } else if (streq(contents, "y")) {
-                        const uint8_t *u;
-                        size_t n;
-
-                        r = sd_bus_message_read_array(property, SD_BUS_TYPE_BYTE, (const void**) &u, &n);
-                        if (r < 0)
-                                return r;
-
-                        if (all || n > 0) {
-                                unsigned int i;
-
-                                if (!value)
-                                        printf("%s=", name);
-
-                                for (i = 0; i < n; i++)
-                                        printf("%02x", u[i]);
-
-                                puts("");
-                        }
-
-                        return 1;
-
-                } else if (streq(contents, "u")) {
-                        uint32_t *u;
-                        size_t n;
-
-                        r = sd_bus_message_read_array(property, SD_BUS_TYPE_UINT32, (const void**) &u, &n);
-                        if (r < 0)
-                                return r;
-
-                        if (all || n > 0) {
-                                unsigned int i;
-
-                                if (!value)
-                                        printf("%s=", name);
-
-                                for (i = 0; i < n; i++)
-                                        printf("%08x", u[i]);
-
-                                puts("");
-                        }
-
-                        return 1;
-                }
-
-                break;
-        }
-
-        return 0;
-}
-
-int bus_print_all_properties(sd_bus *bus, const char *dest, const char *path, char **filter, bool value, bool all) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(path);
-
-        r = sd_bus_call_method(bus,
-                        dest,
-                        path,
-                        "org.freedesktop.DBus.Properties",
-                        "GetAll",
-                        &error,
-                        &reply,
-                        "s", "");
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
-        if (r < 0)
-                return r;
-
-        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
-                const char *name;
-                const char *contents;
-
-                r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_STRING, &name);
-                if (r < 0)
-                        return r;
-
-                if (!filter || strv_find(filter, name)) {
-                        r = sd_bus_message_peek_type(reply, NULL, &contents);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, contents);
-                        if (r < 0)
-                                return r;
-
-                        r = bus_print_property(name, reply, value, all);
-                        if (r < 0)
-                                return r;
-                        if (r == 0) {
-                                if (all)
-                                        printf("%s=[unprintable]\n", name);
-                                /* skip what we didn't read */
-                                r = sd_bus_message_skip(reply, contents);
-                                if (r < 0)
-                                        return r;
-                        }
-
-                        r = sd_bus_message_exit_container(reply);
-                        if (r < 0)
-                                return r;
-                } else {
-                        r = sd_bus_message_skip(reply, "v");
-                        if (r < 0)
-                                return r;
-                }
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return r;
-        }
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int bus_map_id128(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
-        sd_id128_t *p = userdata;
-        const void *v;
-        size_t n;
-        int r;
-
-        r = sd_bus_message_read_array(m, SD_BUS_TYPE_BYTE, &v, &n);
-        if (r < 0)
-                return r;
-
-        if (n == 0)
-                *p = SD_ID128_NULL;
-        else if (n == 16)
-                memcpy((*p).bytes, v, n);
-        else
-                return -EINVAL;
-
-        return 0;
-}
-
-static int map_basic(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) {
-        char type;
-        int r;
-
-        r = sd_bus_message_peek_type(m, &type, NULL);
-        if (r < 0)
-                return r;
-
-        switch (type) {
-        case SD_BUS_TYPE_STRING: {
-                const char *s;
-                char **p = userdata;
-
-                r = sd_bus_message_read_basic(m, type, &s);
-                if (r < 0)
-                        break;
-
-                if (isempty(s))
-                        break;
-
-                r = free_and_strdup(p, s);
-                break;
-        }
-
-        case SD_BUS_TYPE_ARRAY: {
-                _cleanup_strv_free_ char **l = NULL;
-                char ***p = userdata;
-
-                r = bus_message_read_strv_extend(m, &l);
-                if (r < 0)
-                        break;
-
-                strv_free(*p);
-                *p = l;
-                l = NULL;
-
-                break;
-        }
-
-        case SD_BUS_TYPE_BOOLEAN: {
-                unsigned b;
-                bool *p = userdata;
-
-                r = sd_bus_message_read_basic(m, type, &b);
-                if (r < 0)
-                        break;
-
-                *p = b;
-
-                break;
-        }
-
-        case SD_BUS_TYPE_UINT32: {
-                uint32_t u;
-                uint32_t *p = userdata;
-
-                r = sd_bus_message_read_basic(m, type, &u);
-                if (r < 0)
-                        break;
-
-                *p = u;
-
-                break;
-        }
-
-        case SD_BUS_TYPE_UINT64: {
-                uint64_t t;
-                uint64_t *p = userdata;
-
-                r = sd_bus_message_read_basic(m, type, &t);
-                if (r < 0)
-                        break;
-
-                *p = t;
-
-                break;
-        }
-
-        default:
-                break;
-        }
-
-        return r;
-}
-
-int bus_message_map_all_properties(
-                sd_bus_message *m,
-                const struct bus_properties_map *map,
-                void *userdata) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(m);
-        assert(map);
-
-        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "{sv}");
-        if (r < 0)
-                return r;
-
-        while ((r = sd_bus_message_enter_container(m, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
-                const struct bus_properties_map *prop;
-                const char *member;
-                const char *contents;
-                void *v;
-                unsigned i;
-
-                r = sd_bus_message_read_basic(m, SD_BUS_TYPE_STRING, &member);
-                if (r < 0)
-                        return r;
-
-                for (i = 0, prop = NULL; map[i].member; i++)
-                        if (streq(map[i].member, member)) {
-                                prop = &map[i];
-                                break;
-                        }
-
-                if (prop) {
-                        r = sd_bus_message_peek_type(m, NULL, &contents);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, contents);
-                        if (r < 0)
-                                return r;
-
-                        v = (uint8_t *)userdata + prop->offset;
-                        if (map[i].set)
-                                r = prop->set(sd_bus_message_get_bus(m), member, m, &error, v);
-                        else
-                                r = map_basic(sd_bus_message_get_bus(m), member, m, &error, v);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return r;
-                } else {
-                        r = sd_bus_message_skip(m, "v");
-                        if (r < 0)
-                                return r;
-                }
-
-                r = sd_bus_message_exit_container(m);
-                if (r < 0)
-                        return r;
-        }
-        if (r < 0)
-                return r;
-
-        return sd_bus_message_exit_container(m);
-}
-
-int bus_message_map_properties_changed(
-                sd_bus_message *m,
-                const struct bus_properties_map *map,
-                void *userdata) {
-
-        const char *member;
-        int r, invalidated, i;
-
-        assert(m);
-        assert(map);
-
-        r = bus_message_map_all_properties(m, map, userdata);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "s");
-        if (r < 0)
-                return r;
-
-        invalidated = 0;
-        while ((r = sd_bus_message_read_basic(m, SD_BUS_TYPE_STRING, &member)) > 0)
-                for (i = 0; map[i].member; i++)
-                        if (streq(map[i].member, member)) {
-                                ++invalidated;
-                                break;
-                        }
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_exit_container(m);
-        if (r < 0)
-                return r;
-
-        return invalidated;
-}
-
-int bus_map_all_properties(
-                sd_bus *bus,
-                const char *destination,
-                const char *path,
-                const struct bus_properties_map *map,
-                void *userdata) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(destination);
-        assert(path);
-        assert(map);
-
-        r = sd_bus_call_method(
-                        bus,
-                        destination,
-                        path,
-                        "org.freedesktop.DBus.Properties",
-                        "GetAll",
-                        &error,
-                        &m,
-                        "s", "");
-        if (r < 0)
-                return r;
-
-        return bus_message_map_all_properties(m, map, userdata);
-}
-
-int bus_connect_transport(BusTransport transport, const char *host, bool user, sd_bus **bus) {
-        int r;
-
-        assert(transport >= 0);
-        assert(transport < _BUS_TRANSPORT_MAX);
-        assert(bus);
-
-        assert_return((transport == BUS_TRANSPORT_LOCAL) == !host, -EINVAL);
-        assert_return(transport == BUS_TRANSPORT_LOCAL || !user, -EOPNOTSUPP);
-
-        switch (transport) {
-
-        case BUS_TRANSPORT_LOCAL:
-                if (user)
-                        r = sd_bus_default_user(bus);
-                else
-                        r = sd_bus_default_system(bus);
-
-                break;
-
-        case BUS_TRANSPORT_REMOTE:
-                r = sd_bus_open_system_remote(bus, host);
-                break;
-
-        case BUS_TRANSPORT_MACHINE:
-                r = sd_bus_open_system_machine(bus, host);
-                break;
-
-        default:
-                assert_not_reached("Hmm, unknown transport type.");
-        }
-
-        return r;
-}
-
-int bus_connect_transport_systemd(BusTransport transport, const char *host, bool user, sd_bus **bus) {
-        int r;
-
-        assert(transport >= 0);
-        assert(transport < _BUS_TRANSPORT_MAX);
-        assert(bus);
-
-        assert_return((transport == BUS_TRANSPORT_LOCAL) == !host, -EINVAL);
-        assert_return(transport == BUS_TRANSPORT_LOCAL || !user, -EOPNOTSUPP);
-
-        switch (transport) {
-
-        case BUS_TRANSPORT_LOCAL:
-                if (user)
-                        r = bus_connect_user_systemd(bus);
-                else
-                        r = bus_connect_system_systemd(bus);
-
-                break;
-
-        case BUS_TRANSPORT_REMOTE:
-                r = sd_bus_open_system_remote(bus, host);
-                break;
-
-        case BUS_TRANSPORT_MACHINE:
-                r = sd_bus_open_system_machine(bus, host);
-                break;
-
-        default:
-                assert_not_reached("Hmm, unknown transport type.");
-        }
-
-        return r;
-}
-
-int bus_property_get_bool(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        int b = *(bool*) userdata;
-
-        return sd_bus_message_append_basic(reply, 'b', &b);
-}
-
-#if __SIZEOF_SIZE_T__ != 8
-int bus_property_get_size(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        uint64_t sz = *(size_t*) userdata;
-
-        return sd_bus_message_append_basic(reply, 't', &sz);
-}
-#endif
-
-#if __SIZEOF_LONG__ != 8
-int bus_property_get_long(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        int64_t l = *(long*) userdata;
-
-        return sd_bus_message_append_basic(reply, 'x', &l);
-}
-
-int bus_property_get_ulong(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        uint64_t ul = *(unsigned long*) userdata;
-
-        return sd_bus_message_append_basic(reply, 't', &ul);
-}
-#endif
-
-int bus_log_parse_error(int r) {
-        return log_error_errno(r, "Failed to parse bus message: %m");
-}
-
-int bus_log_create_error(int r) {
-        return log_error_errno(r, "Failed to create bus message: %m");
-}
-
-/**
- * bus_path_encode_unique() - encode unique object path
- * @b: bus connection or NULL
- * @prefix: object path prefix
- * @sender_id: unique-name of client, or NULL
- * @external_id: external ID to be chosen by client, or NULL
- * @ret_path: storage for encoded object path pointer
- *
- * Whenever we provide a bus API that allows clients to create and manage
- * server-side objects, we need to provide a unique name for these objects. If
- * we let the server choose the name, we suffer from a race condition: If a
- * client creates an object asynchronously, it cannot destroy that object until
- * it received the method reply. It cannot know the name of the new object,
- * thus, it cannot destroy it. Furthermore, it enforces a round-trip.
- *
- * Therefore, many APIs allow the client to choose the unique name for newly
- * created objects. There're two problems to solve, though:
- *    1) Object names are usually defined via dbus object paths, which are
- *       usually globally namespaced. Therefore, multiple clients must be able
- *       to choose unique object names without interference.
- *    2) If multiple libraries share the same bus connection, they must be
- *       able to choose unique object names without interference.
- * The first problem is solved easily by prefixing a name with the
- * unique-bus-name of a connection. The server side must enforce this and
- * reject any other name. The second problem is solved by providing unique
- * suffixes from within sd-bus.
- *
- * This helper allows clients to create unique object-paths. It uses the
- * template '/prefix/sender_id/external_id' and returns the new path in
- * @ret_path (must be freed by the caller).
- * If @sender_id is NULL, the unique-name of @b is used. If @external_id is
- * NULL, this function allocates a unique suffix via @b (by requesting a new
- * cookie). If both @sender_id and @external_id are given, @b can be passed as
- * NULL.
- *
- * Returns: 0 on success, negative error code on failure.
- */
-int bus_path_encode_unique(sd_bus *b, const char *prefix, const char *sender_id, const char *external_id, char **ret_path) {
-        _cleanup_free_ char *sender_label = NULL, *external_label = NULL;
-        char external_buf[DECIMAL_STR_MAX(uint64_t)], *p;
-        int r;
-
-        assert_return(b || (sender_id && external_id), -EINVAL);
-        assert_return(object_path_is_valid(prefix), -EINVAL);
-        assert_return(ret_path, -EINVAL);
-
-        if (!sender_id) {
-                r = sd_bus_get_unique_name(b, &sender_id);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!external_id) {
-                xsprintf(external_buf, "%"PRIu64, ++b->cookie);
-                external_id = external_buf;
-        }
-
-        sender_label = bus_label_escape(sender_id);
-        if (!sender_label)
-                return -ENOMEM;
-
-        external_label = bus_label_escape(external_id);
-        if (!external_label)
-                return -ENOMEM;
-
-        p = strjoin(prefix, "/", sender_label, "/", external_label, NULL);
-        if (!p)
-                return -ENOMEM;
-
-        *ret_path = p;
-        return 0;
-}
-
-/**
- * bus_path_decode_unique() - decode unique object path
- * @path: object path to decode
- * @prefix: object path prefix
- * @ret_sender: output parameter for sender-id label
- * @ret_external: output parameter for external-id label
- *
- * This does the reverse of bus_path_encode_unique() (see its description for
- * details). Both trailing labels, sender-id and external-id, are unescaped and
- * returned in the given output parameters (the caller must free them).
- *
- * Note that this function returns 0 if the path does not match the template
- * (see bus_path_encode_unique()), 1 if it matched.
- *
- * Returns: Negative error code on failure, 0 if the given object path does not
- *          match the template (return parameters are set to NULL), 1 if it was
- *          parsed successfully (return parameters contain allocated labels).
- */
-int bus_path_decode_unique(const char *path, const char *prefix, char **ret_sender, char **ret_external) {
-        const char *p, *q;
-        char *sender, *external;
-
-        assert(object_path_is_valid(path));
-        assert(object_path_is_valid(prefix));
-        assert(ret_sender);
-        assert(ret_external);
-
-        p = object_path_startswith(path, prefix);
-        if (!p) {
-                *ret_sender = NULL;
-                *ret_external = NULL;
-                return 0;
-        }
-
-        q = strchr(p, '/');
-        if (!q) {
-                *ret_sender = NULL;
-                *ret_external = NULL;
-                return 0;
-        }
-
-        sender = bus_label_unescape_n(p, q - p);
-        external = bus_label_unescape(q + 1);
-        if (!sender || !external) {
-                free(sender);
-                free(external);
-                return -ENOMEM;
-        }
-
-        *ret_sender = sender;
-        *ret_external = external;
-        return 1;
-}
-
-bool is_kdbus_wanted(void) {
-        _cleanup_free_ char *value = NULL;
-#ifdef ENABLE_KDBUS
-        const bool configured = true;
-#else
-        const bool configured = false;
-#endif
-
-        int r;
-
-        if (get_proc_cmdline_key("kdbus", NULL) > 0)
-                return true;
-
-        r = get_proc_cmdline_key("kdbus=", &value);
-        if (r <= 0)
-                return configured;
-
-        return parse_boolean(value) == 1;
-}
-
-bool is_kdbus_available(void) {
-        _cleanup_close_ int fd = -1;
-        struct kdbus_cmd cmd = { .size = sizeof(cmd), .flags = KDBUS_FLAG_NEGOTIATE };
-
-        if (!is_kdbus_wanted())
-                return false;
-
-        fd = open("/sys/fs/kdbus/control", O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY);
-        if (fd < 0)
-                return false;
-
-        return ioctl(fd, KDBUS_CMD_BUS_MAKE, &cmd) >= 0;
-}
-
-int bus_property_get_rlimit(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        struct rlimit *rl;
-        uint64_t u;
-        rlim_t x;
-        const char *is_soft;
-
-        assert(bus);
-        assert(reply);
-        assert(userdata);
-
-        is_soft = endswith(property, "Soft");
-        rl = *(struct rlimit**) userdata;
-        if (rl)
-                x = is_soft ? rl->rlim_cur : rl->rlim_max;
-        else {
-                struct rlimit buf = {};
-                int z;
-                const char *s;
-
-                s = is_soft ? strndupa(property, is_soft - property) : property;
-
-                z = rlimit_from_string(strstr(s, "Limit"));
-                assert(z >= 0);
-
-                getrlimit(z, &buf);
-                x = is_soft ? buf.rlim_cur : buf.rlim_max;
-        }
-
-        /* rlim_t might have different sizes, let's map
-         * RLIMIT_INFINITY to (uint64_t) -1, so that it is the same on
-         * all archs */
-        u = x == RLIM_INFINITY ? (uint64_t) -1 : (uint64_t) x;
-
-        return sd_bus_message_append(reply, "t", u);
-}
diff --git a/src/shared/bus-util.h b/src/shared/bus-util.h
deleted file mode 100644
index d792258ecd..0000000000
--- a/src/shared/bus-util.h
+++ /dev/null
@@ -1,163 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <sys/types.h>
-
-#include "sd-bus.h"
-#include "sd-event.h"
-
-#include "hashmap.h"
-#include "macro.h"
-#include "string-util.h"
-
-typedef enum BusTransport {
-        BUS_TRANSPORT_LOCAL,
-        BUS_TRANSPORT_REMOTE,
-        BUS_TRANSPORT_MACHINE,
-        _BUS_TRANSPORT_MAX,
-        _BUS_TRANSPORT_INVALID = -1
-} BusTransport;
-
-typedef int (*bus_property_set_t) (sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata);
-
-struct bus_properties_map {
-        const char *member;
-        const char *signature;
-        bus_property_set_t set;
-        size_t offset;
-};
-
-int bus_map_id128(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata);
-
-int bus_message_map_all_properties(sd_bus_message *m, const struct bus_properties_map *map,  void *userdata);
-int bus_message_map_properties_changed(sd_bus_message *m, const struct bus_properties_map *map, void *userdata);
-int bus_map_all_properties(sd_bus *bus, const char *destination, const char *path, const struct bus_properties_map *map, void *userdata);
-
-int bus_async_unregister_and_exit(sd_event *e, sd_bus *bus, const char *name);
-
-typedef bool (*check_idle_t)(void *userdata);
-
-int bus_event_loop_with_idle(sd_event *e, sd_bus *bus, const char *name, usec_t timeout, check_idle_t check_idle, void *userdata);
-
-int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error);
-
-int bus_check_peercred(sd_bus *c);
-
-int bus_test_polkit(sd_bus_message *call, int capability, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);
-
-int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, const char **details, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error);
-void bus_verify_polkit_async_registry_free(Hashmap *registry);
-
-int bus_connect_system_systemd(sd_bus **_bus);
-int bus_connect_user_systemd(sd_bus **_bus);
-
-int bus_connect_transport(BusTransport transport, const char *host, bool user, sd_bus **bus);
-int bus_connect_transport_systemd(BusTransport transport, const char *host, bool user, sd_bus **bus);
-
-int bus_print_property(const char *name, sd_bus_message *property, bool value, bool all);
-int bus_print_all_properties(sd_bus *bus, const char *dest, const char *path, char **filter, bool value, bool all);
-
-int bus_property_get_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
-
-#define bus_property_get_usec ((sd_bus_property_get_t) NULL)
-#define bus_property_set_usec ((sd_bus_property_set_t) NULL)
-
-assert_cc(sizeof(int) == sizeof(int32_t));
-#define bus_property_get_int ((sd_bus_property_get_t) NULL)
-
-assert_cc(sizeof(unsigned) == sizeof(unsigned));
-#define bus_property_get_unsigned ((sd_bus_property_get_t) NULL)
-
-/* On 64bit machines we can use the default serializer for size_t and
- * friends, otherwise we need to cast this manually */
-#if __SIZEOF_SIZE_T__ == 8
-#define bus_property_get_size ((sd_bus_property_get_t) NULL)
-#else
-int bus_property_get_size(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
-#endif
-
-#if __SIZEOF_LONG__ == 8
-#define bus_property_get_long ((sd_bus_property_get_t) NULL)
-#define bus_property_get_ulong ((sd_bus_property_get_t) NULL)
-#else
-int bus_property_get_long(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
-int bus_property_get_ulong(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
-#endif
-
-/* uid_t and friends on Linux 32 bit. This means we can just use the
- * default serializer for 32bit unsigned, for serializing it, and map
- * it to NULL here */
-assert_cc(sizeof(uid_t) == sizeof(uint32_t));
-#define bus_property_get_uid ((sd_bus_property_get_t) NULL)
-
-assert_cc(sizeof(gid_t) == sizeof(uint32_t));
-#define bus_property_get_gid ((sd_bus_property_get_t) NULL)
-
-assert_cc(sizeof(pid_t) == sizeof(uint32_t));
-#define bus_property_get_pid ((sd_bus_property_get_t) NULL)
-
-assert_cc(sizeof(mode_t) == sizeof(uint32_t));
-#define bus_property_get_mode ((sd_bus_property_get_t) NULL)
-
-int bus_log_parse_error(int r);
-int bus_log_create_error(int r);
-
-#define BUS_DEFINE_PROPERTY_GET_ENUM(function, name, type)              \
-        int function(sd_bus *bus,                                       \
-                     const char *path,                                  \
-                     const char *interface,                             \
-                     const char *property,                              \
-                     sd_bus_message *reply,                             \
-                     void *userdata,                                    \
-                     sd_bus_error *error) {                             \
-                                                                        \
-                const char *value;                                      \
-                type *field = userdata;                                 \
-                int r;                                                  \
-                                                                        \
-                assert(bus);                                            \
-                assert(reply);                                          \
-                assert(field);                                          \
-                                                                        \
-                value = strempty(name##_to_string(*field));             \
-                                                                        \
-                r = sd_bus_message_append_basic(reply, 's', value);     \
-                if (r < 0)                                              \
-                        return r;                                       \
-                                                                        \
-                return 1;                                               \
-        }                                                               \
-        struct __useless_struct_to_allow_trailing_semicolon__
-
-#define BUS_PROPERTY_DUAL_TIMESTAMP(name, offset, flags) \
-        SD_BUS_PROPERTY(name, "t", bus_property_get_usec, (offset) + offsetof(struct dual_timestamp, realtime), (flags)), \
-        SD_BUS_PROPERTY(name "Monotonic", "t", bus_property_get_usec, (offset) + offsetof(struct dual_timestamp, monotonic), (flags))
-
-int bus_path_encode_unique(sd_bus *b, const char *prefix, const char *sender_id, const char *external_id, char **ret_path);
-int bus_path_decode_unique(const char *path, const char *prefix, char **ret_sender, char **ret_external);
-
-bool is_kdbus_wanted(void);
-bool is_kdbus_available(void);
-
-int bus_property_get_rlimit(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
diff --git a/src/shared/condition.c b/src/shared/condition.c
deleted file mode 100644
index 3a45ed265c..0000000000
--- a/src/shared/condition.c
+++ /dev/null
@@ -1,541 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <fnmatch.h>
-#include <limits.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "apparmor-util.h"
-#include "architecture.h"
-#include "audit-util.h"
-#include "cap-list.h"
-#include "condition.h"
-#include "extract-word.h"
-#include "fd-util.h"
-#include "glob-util.h"
-#include "hostname-util.h"
-#include "ima-util.h"
-#include "list.h"
-#include "macro.h"
-#include "mount-util.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "proc-cmdline.h"
-#include "selinux-util.h"
-#include "smack-util.h"
-#include "stat-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "util.h"
-#include "virt.h"
-
-Condition* condition_new(ConditionType type, const char *parameter, bool trigger, bool negate) {
-        Condition *c;
-        int r;
-
-        assert(type >= 0);
-        assert(type < _CONDITION_TYPE_MAX);
-        assert((!parameter) == (type == CONDITION_NULL));
-
-        c = new0(Condition, 1);
-        if (!c)
-                return NULL;
-
-        c->type = type;
-        c->trigger = trigger;
-        c->negate = negate;
-
-        r = free_and_strdup(&c->parameter, parameter);
-        if (r < 0) {
-                free(c);
-                return NULL;
-        }
-
-        return c;
-}
-
-void condition_free(Condition *c) {
-        assert(c);
-
-        free(c->parameter);
-        free(c);
-}
-
-Condition* condition_free_list(Condition *first) {
-        Condition *c, *n;
-
-        LIST_FOREACH_SAFE(conditions, c, n, first)
-                condition_free(c);
-
-        return NULL;
-}
-
-static int condition_test_kernel_command_line(Condition *c) {
-        _cleanup_free_ char *line = NULL;
-        const char *p;
-        bool equal;
-        int r;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_KERNEL_COMMAND_LINE);
-
-        r = proc_cmdline(&line);
-        if (r < 0)
-                return r;
-
-        equal = !!strchr(c->parameter, '=');
-        p = line;
-
-        for (;;) {
-                _cleanup_free_ char *word = NULL;
-                bool found;
-
-                r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES|EXTRACT_RELAX);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        break;
-
-                if (equal)
-                        found = streq(word, c->parameter);
-                else {
-                        const char *f;
-
-                        f = startswith(word, c->parameter);
-                        found = f && (*f == '=' || *f == 0);
-                }
-
-                if (found)
-                        return true;
-        }
-
-        return false;
-}
-
-static int condition_test_virtualization(Condition *c) {
-        int b, v;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_VIRTUALIZATION);
-
-        v = detect_virtualization();
-        if (v < 0)
-                return v;
-
-        /* First, compare with yes/no */
-        b = parse_boolean(c->parameter);
-
-        if (v > 0 && b > 0)
-                return true;
-
-        if (v == 0 && b == 0)
-                return true;
-
-        /* Then, compare categorization */
-        if (VIRTUALIZATION_IS_VM(v) && streq(c->parameter, "vm"))
-                return true;
-
-        if (VIRTUALIZATION_IS_CONTAINER(v) && streq(c->parameter, "container"))
-                return true;
-
-        /* Finally compare id */
-        return v != VIRTUALIZATION_NONE && streq(c->parameter, virtualization_to_string(v));
-}
-
-static int condition_test_architecture(Condition *c) {
-        int a, b;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_ARCHITECTURE);
-
-        a = uname_architecture();
-        if (a < 0)
-                return a;
-
-        if (streq(c->parameter, "native"))
-                b = native_architecture();
-        else
-                b = architecture_from_string(c->parameter);
-        if (b < 0)
-                return b;
-
-        return a == b;
-}
-
-static int condition_test_host(Condition *c) {
-        _cleanup_free_ char *h = NULL;
-        sd_id128_t x, y;
-        int r;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_HOST);
-
-        if (sd_id128_from_string(c->parameter, &x) >= 0) {
-
-                r = sd_id128_get_machine(&y);
-                if (r < 0)
-                        return r;
-
-                return sd_id128_equal(x, y);
-        }
-
-        h = gethostname_malloc();
-        if (!h)
-                return -ENOMEM;
-
-        return fnmatch(c->parameter, h, FNM_CASEFOLD) == 0;
-}
-
-static int condition_test_ac_power(Condition *c) {
-        int r;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_AC_POWER);
-
-        r = parse_boolean(c->parameter);
-        if (r < 0)
-                return r;
-
-        return (on_ac_power() != 0) == !!r;
-}
-
-static int condition_test_security(Condition *c) {
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_SECURITY);
-
-        if (streq(c->parameter, "selinux"))
-                return mac_selinux_have();
-        if (streq(c->parameter, "smack"))
-                return mac_smack_use();
-        if (streq(c->parameter, "apparmor"))
-                return mac_apparmor_use();
-        if (streq(c->parameter, "audit"))
-                return use_audit();
-        if (streq(c->parameter, "ima"))
-                return use_ima();
-
-        return false;
-}
-
-static int condition_test_capability(Condition *c) {
-        _cleanup_fclose_ FILE *f = NULL;
-        int value;
-        char line[LINE_MAX];
-        unsigned long long capabilities = -1;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_CAPABILITY);
-
-        /* If it's an invalid capability, we don't have it */
-        value = capability_from_name(c->parameter);
-        if (value < 0)
-                return -EINVAL;
-
-        /* If it's a valid capability we default to assume
-         * that we have it */
-
-        f = fopen("/proc/self/status", "re");
-        if (!f)
-                return -errno;
-
-        while (fgets(line, sizeof(line), f)) {
-                truncate_nl(line);
-
-                if (startswith(line, "CapBnd:")) {
-                        (void) sscanf(line+7, "%llx", &capabilities);
-                        break;
-                }
-        }
-
-        return !!(capabilities & (1ULL << value));
-}
-
-static int condition_test_needs_update(Condition *c) {
-        const char *p;
-        struct stat usr, other;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_NEEDS_UPDATE);
-
-        /* If the file system is read-only we shouldn't suggest an update */
-        if (path_is_read_only_fs(c->parameter) > 0)
-                return false;
-
-        /* Any other failure means we should allow the condition to be true,
-         * so that we rather invoke too many update tools than too
-         * few. */
-
-        if (!path_is_absolute(c->parameter))
-                return true;
-
-        p = strjoina(c->parameter, "/.updated");
-        if (lstat(p, &other) < 0)
-                return true;
-
-        if (lstat("/usr/", &usr) < 0)
-                return true;
-
-        return usr.st_mtim.tv_sec > other.st_mtim.tv_sec ||
-                (usr.st_mtim.tv_sec == other.st_mtim.tv_sec && usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec);
-}
-
-static int condition_test_first_boot(Condition *c) {
-        int r;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_FIRST_BOOT);
-
-        r = parse_boolean(c->parameter);
-        if (r < 0)
-                return r;
-
-        return (access("/run/systemd/first-boot", F_OK) >= 0) == !!r;
-}
-
-static int condition_test_path_exists(Condition *c) {
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_PATH_EXISTS);
-
-        return access(c->parameter, F_OK) >= 0;
-}
-
-static int condition_test_path_exists_glob(Condition *c) {
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_PATH_EXISTS_GLOB);
-
-        return glob_exists(c->parameter) > 0;
-}
-
-static int condition_test_path_is_directory(Condition *c) {
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_PATH_IS_DIRECTORY);
-
-        return is_dir(c->parameter, true) > 0;
-}
-
-static int condition_test_path_is_symbolic_link(Condition *c) {
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_PATH_IS_SYMBOLIC_LINK);
-
-        return is_symlink(c->parameter) > 0;
-}
-
-static int condition_test_path_is_mount_point(Condition *c) {
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_PATH_IS_MOUNT_POINT);
-
-        return path_is_mount_point(c->parameter, AT_SYMLINK_FOLLOW) > 0;
-}
-
-static int condition_test_path_is_read_write(Condition *c) {
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_PATH_IS_READ_WRITE);
-
-        return path_is_read_only_fs(c->parameter) <= 0;
-}
-
-static int condition_test_directory_not_empty(Condition *c) {
-        int r;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_DIRECTORY_NOT_EMPTY);
-
-        r = dir_is_empty(c->parameter);
-        return r <= 0 && r != -ENOENT;
-}
-
-static int condition_test_file_not_empty(Condition *c) {
-        struct stat st;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_FILE_NOT_EMPTY);
-
-        return (stat(c->parameter, &st) >= 0 &&
-                S_ISREG(st.st_mode) &&
-                st.st_size > 0);
-}
-
-static int condition_test_file_is_executable(Condition *c) {
-        struct stat st;
-
-        assert(c);
-        assert(c->parameter);
-        assert(c->type == CONDITION_FILE_IS_EXECUTABLE);
-
-        return (stat(c->parameter, &st) >= 0 &&
-                S_ISREG(st.st_mode) &&
-                (st.st_mode & 0111));
-}
-
-static int condition_test_null(Condition *c) {
-        assert(c);
-        assert(c->type == CONDITION_NULL);
-
-        /* Note that during parsing we already evaluate the string and
-         * store it in c->negate */
-        return true;
-}
-
-int condition_test(Condition *c) {
-
-        static int (*const condition_tests[_CONDITION_TYPE_MAX])(Condition *c) = {
-                [CONDITION_PATH_EXISTS] = condition_test_path_exists,
-                [CONDITION_PATH_EXISTS_GLOB] = condition_test_path_exists_glob,
-                [CONDITION_PATH_IS_DIRECTORY] = condition_test_path_is_directory,
-                [CONDITION_PATH_IS_SYMBOLIC_LINK] = condition_test_path_is_symbolic_link,
-                [CONDITION_PATH_IS_MOUNT_POINT] = condition_test_path_is_mount_point,
-                [CONDITION_PATH_IS_READ_WRITE] = condition_test_path_is_read_write,
-                [CONDITION_DIRECTORY_NOT_EMPTY] = condition_test_directory_not_empty,
-                [CONDITION_FILE_NOT_EMPTY] = condition_test_file_not_empty,
-                [CONDITION_FILE_IS_EXECUTABLE] = condition_test_file_is_executable,
-                [CONDITION_KERNEL_COMMAND_LINE] = condition_test_kernel_command_line,
-                [CONDITION_VIRTUALIZATION] = condition_test_virtualization,
-                [CONDITION_SECURITY] = condition_test_security,
-                [CONDITION_CAPABILITY] = condition_test_capability,
-                [CONDITION_HOST] = condition_test_host,
-                [CONDITION_AC_POWER] = condition_test_ac_power,
-                [CONDITION_ARCHITECTURE] = condition_test_architecture,
-                [CONDITION_NEEDS_UPDATE] = condition_test_needs_update,
-                [CONDITION_FIRST_BOOT] = condition_test_first_boot,
-                [CONDITION_NULL] = condition_test_null,
-        };
-
-        int r, b;
-
-        assert(c);
-        assert(c->type >= 0);
-        assert(c->type < _CONDITION_TYPE_MAX);
-
-        r = condition_tests[c->type](c);
-        if (r < 0) {
-                c->result = CONDITION_ERROR;
-                return r;
-        }
-
-        b = (r > 0) == !c->negate;
-        c->result = b ? CONDITION_SUCCEEDED : CONDITION_FAILED;
-        return b;
-}
-
-void condition_dump(Condition *c, FILE *f, const char *prefix, const char *(*to_string)(ConditionType t)) {
-        assert(c);
-        assert(f);
-
-        if (!prefix)
-                prefix = "";
-
-        fprintf(f,
-                "%s\t%s: %s%s%s %s\n",
-                prefix,
-                to_string(c->type),
-                c->trigger ? "|" : "",
-                c->negate ? "!" : "",
-                c->parameter,
-                condition_result_to_string(c->result));
-}
-
-void condition_dump_list(Condition *first, FILE *f, const char *prefix, const char *(*to_string)(ConditionType t)) {
-        Condition *c;
-
-        LIST_FOREACH(conditions, c, first)
-                condition_dump(c, f, prefix, to_string);
-}
-
-static const char* const condition_type_table[_CONDITION_TYPE_MAX] = {
-        [CONDITION_ARCHITECTURE] = "ConditionArchitecture",
-        [CONDITION_VIRTUALIZATION] = "ConditionVirtualization",
-        [CONDITION_HOST] = "ConditionHost",
-        [CONDITION_KERNEL_COMMAND_LINE] = "ConditionKernelCommandLine",
-        [CONDITION_SECURITY] = "ConditionSecurity",
-        [CONDITION_CAPABILITY] = "ConditionCapability",
-        [CONDITION_AC_POWER] = "ConditionACPower",
-        [CONDITION_NEEDS_UPDATE] = "ConditionNeedsUpdate",
-        [CONDITION_FIRST_BOOT] = "ConditionFirstBoot",
-        [CONDITION_PATH_EXISTS] = "ConditionPathExists",
-        [CONDITION_PATH_EXISTS_GLOB] = "ConditionPathExistsGlob",
-        [CONDITION_PATH_IS_DIRECTORY] = "ConditionPathIsDirectory",
-        [CONDITION_PATH_IS_SYMBOLIC_LINK] = "ConditionPathIsSymbolicLink",
-        [CONDITION_PATH_IS_MOUNT_POINT] = "ConditionPathIsMountPoint",
-        [CONDITION_PATH_IS_READ_WRITE] = "ConditionPathIsReadWrite",
-        [CONDITION_DIRECTORY_NOT_EMPTY] = "ConditionDirectoryNotEmpty",
-        [CONDITION_FILE_NOT_EMPTY] = "ConditionFileNotEmpty",
-        [CONDITION_FILE_IS_EXECUTABLE] = "ConditionFileIsExecutable",
-        [CONDITION_NULL] = "ConditionNull"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(condition_type, ConditionType);
-
-static const char* const assert_type_table[_CONDITION_TYPE_MAX] = {
-        [CONDITION_ARCHITECTURE] = "AssertArchitecture",
-        [CONDITION_VIRTUALIZATION] = "AssertVirtualization",
-        [CONDITION_HOST] = "AssertHost",
-        [CONDITION_KERNEL_COMMAND_LINE] = "AssertKernelCommandLine",
-        [CONDITION_SECURITY] = "AssertSecurity",
-        [CONDITION_CAPABILITY] = "AssertCapability",
-        [CONDITION_AC_POWER] = "AssertACPower",
-        [CONDITION_NEEDS_UPDATE] = "AssertNeedsUpdate",
-        [CONDITION_FIRST_BOOT] = "AssertFirstBoot",
-        [CONDITION_PATH_EXISTS] = "AssertPathExists",
-        [CONDITION_PATH_EXISTS_GLOB] = "AssertPathExistsGlob",
-        [CONDITION_PATH_IS_DIRECTORY] = "AssertPathIsDirectory",
-        [CONDITION_PATH_IS_SYMBOLIC_LINK] = "AssertPathIsSymbolicLink",
-        [CONDITION_PATH_IS_MOUNT_POINT] = "AssertPathIsMountPoint",
-        [CONDITION_PATH_IS_READ_WRITE] = "AssertPathIsReadWrite",
-        [CONDITION_DIRECTORY_NOT_EMPTY] = "AssertDirectoryNotEmpty",
-        [CONDITION_FILE_NOT_EMPTY] = "AssertFileNotEmpty",
-        [CONDITION_FILE_IS_EXECUTABLE] = "AssertFileIsExecutable",
-        [CONDITION_NULL] = "AssertNull"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(assert_type, ConditionType);
-
-static const char* const condition_result_table[_CONDITION_RESULT_MAX] = {
-        [CONDITION_UNTESTED] = "untested",
-        [CONDITION_SUCCEEDED] = "succeeded",
-        [CONDITION_FAILED] = "failed",
-        [CONDITION_ERROR] = "error",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(condition_result, ConditionResult);
diff --git a/src/shared/efivars.c b/src/shared/efivars.c
deleted file mode 100644
index 8631a5a5d9..0000000000
--- a/src/shared/efivars.c
+++ /dev/null
@@ -1,715 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "dirent-util.h"
-#include "efivars.h"
-#include "fd-util.h"
-#include "io-util.h"
-#include "macro.h"
-#include "parse-util.h"
-#include "stdio-util.h"
-#include "time-util.h"
-#include "utf8.h"
-#include "util.h"
-#include "virt.h"
-
-#ifdef ENABLE_EFI
-
-#define LOAD_OPTION_ACTIVE            0x00000001
-#define MEDIA_DEVICE_PATH                   0x04
-#define MEDIA_HARDDRIVE_DP                  0x01
-#define MEDIA_FILEPATH_DP                   0x04
-#define SIGNATURE_TYPE_GUID                 0x02
-#define MBR_TYPE_EFI_PARTITION_TABLE_HEADER 0x02
-#define END_DEVICE_PATH_TYPE                0x7f
-#define END_ENTIRE_DEVICE_PATH_SUBTYPE      0xff
-#define EFI_OS_INDICATIONS_BOOT_TO_FW_UI    0x0000000000000001
-
-struct boot_option {
-        uint32_t attr;
-        uint16_t path_len;
-        uint16_t title[];
-} _packed_;
-
-struct drive_path {
-        uint32_t part_nr;
-        uint64_t part_start;
-        uint64_t part_size;
-        char signature[16];
-        uint8_t mbr_type;
-        uint8_t signature_type;
-} _packed_;
-
-struct device_path {
-        uint8_t type;
-        uint8_t sub_type;
-        uint16_t length;
-        union {
-                uint16_t path[0];
-                struct drive_path drive;
-        };
-} _packed_;
-
-bool is_efi_boot(void) {
-        return access("/sys/firmware/efi", F_OK) >= 0;
-}
-
-static int read_flag(const char *varname) {
-        int r;
-        _cleanup_free_ void *v = NULL;
-        size_t s;
-        uint8_t b;
-
-        r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, NULL, &v, &s);
-        if (r < 0)
-                return r;
-
-        if (s != 1)
-                return -EINVAL;
-
-        b = *(uint8_t *)v;
-        r = b > 0;
-        return r;
-}
-
-bool is_efi_secure_boot(void) {
-        return read_flag("SecureBoot") > 0;
-}
-
-bool is_efi_secure_boot_setup_mode(void) {
-        return read_flag("SetupMode") > 0;
-}
-
-int efi_reboot_to_firmware_supported(void) {
-        int r;
-        size_t s;
-        uint64_t b;
-        _cleanup_free_ void *v = NULL;
-
-        if (!is_efi_boot() || detect_container() > 0)
-                return -EOPNOTSUPP;
-
-        r = efi_get_variable(EFI_VENDOR_GLOBAL, "OsIndicationsSupported", NULL, &v, &s);
-        if (r < 0)
-                return r;
-        else if (s != sizeof(uint64_t))
-                return -EINVAL;
-
-        b = *(uint64_t *)v;
-        b &= EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
-        return b > 0 ? 0 : -EOPNOTSUPP;
-}
-
-static int get_os_indications(uint64_t *os_indication) {
-        int r;
-        size_t s;
-        _cleanup_free_ void *v = NULL;
-
-        r = efi_reboot_to_firmware_supported();
-        if (r < 0)
-                return r;
-
-        r = efi_get_variable(EFI_VENDOR_GLOBAL, "OsIndications", NULL, &v, &s);
-        if (r == -ENOENT) {
-                /* Some firmware implementations that do support
-                 * OsIndications and report that with
-                 * OsIndicationsSupported will remove the
-                 * OsIndications variable when it is unset. Let's
-                 * pretend it's 0 then, to hide this implementation
-                 * detail. Note that this call will return -ENOENT
-                 * then only if the support for OsIndications is
-                 * missing entirely, as determined by
-                 * efi_reboot_to_firmware_supported() above. */
-                *os_indication = 0;
-                return 0;
-        } else if (r < 0)
-                return r;
-        else if (s != sizeof(uint64_t))
-                return -EINVAL;
-
-        *os_indication = *(uint64_t *)v;
-        return 0;
-}
-
-int efi_get_reboot_to_firmware(void) {
-        int r;
-        uint64_t b;
-
-        r = get_os_indications(&b);
-        if (r < 0)
-                return r;
-
-        return !!(b & EFI_OS_INDICATIONS_BOOT_TO_FW_UI);
-}
-
-int efi_set_reboot_to_firmware(bool value) {
-        int r;
-        uint64_t b, b_new;
-
-        r = get_os_indications(&b);
-        if (r < 0)
-                return r;
-
-        if (value)
-                b_new = b | EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
-        else
-                b_new = b & ~EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
-
-        /* Avoid writing to efi vars store if we can due to firmware bugs. */
-        if (b != b_new)
-                return efi_set_variable(EFI_VENDOR_GLOBAL, "OsIndications", &b_new, sizeof(uint64_t));
-
-        return 0;
-}
-
-int efi_get_variable(
-                sd_id128_t vendor,
-                const char *name,
-                uint32_t *attribute,
-                void **value,
-                size_t *size) {
-
-        _cleanup_close_ int fd = -1;
-        _cleanup_free_ char *p = NULL;
-        uint32_t a;
-        ssize_t n;
-        struct stat st;
-        _cleanup_free_ void *buf = NULL;
-
-        assert(name);
-        assert(value);
-        assert(size);
-
-        if (asprintf(&p,
-                     "/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                     name, SD_ID128_FORMAT_VAL(vendor)) < 0)
-                return -ENOMEM;
-
-        fd = open(p, O_RDONLY|O_NOCTTY|O_CLOEXEC);
-        if (fd < 0)
-                return -errno;
-
-        if (fstat(fd, &st) < 0)
-                return -errno;
-        if (st.st_size < 4)
-                return -EIO;
-        if (st.st_size > 4*1024*1024 + 4)
-                return -E2BIG;
-
-        n = read(fd, &a, sizeof(a));
-        if (n < 0)
-                return -errno;
-        if (n != sizeof(a))
-                return -EIO;
-
-        buf = malloc(st.st_size - 4 + 2);
-        if (!buf)
-                return -ENOMEM;
-
-        n = read(fd, buf, (size_t) st.st_size - 4);
-        if (n < 0)
-                return -errno;
-        if (n != (ssize_t) st.st_size - 4)
-                return -EIO;
-
-        /* Always NUL terminate (2 bytes, to protect UTF-16) */
-        ((char*) buf)[st.st_size - 4] = 0;
-        ((char*) buf)[st.st_size - 4 + 1] = 0;
-
-        *value = buf;
-        buf = NULL;
-        *size = (size_t) st.st_size - 4;
-
-        if (attribute)
-                *attribute = a;
-
-        return 0;
-}
-
-int efi_set_variable(
-                sd_id128_t vendor,
-                const char *name,
-                const void *value,
-                size_t size) {
-
-        struct var {
-                uint32_t attr;
-                char buf[];
-        } _packed_ * _cleanup_free_ buf = NULL;
-        _cleanup_free_ char *p = NULL;
-        _cleanup_close_ int fd = -1;
-
-        assert(name);
-
-        if (asprintf(&p,
-                     "/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                     name, SD_ID128_FORMAT_VAL(vendor)) < 0)
-                return -ENOMEM;
-
-        if (size == 0) {
-                if (unlink(p) < 0)
-                        return -errno;
-                return 0;
-        }
-
-        fd = open(p, O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0644);
-        if (fd < 0)
-                return -errno;
-
-        buf = malloc(sizeof(uint32_t) + size);
-        if (!buf)
-                return -ENOMEM;
-
-        buf->attr = EFI_VARIABLE_NON_VOLATILE|EFI_VARIABLE_BOOTSERVICE_ACCESS|EFI_VARIABLE_RUNTIME_ACCESS;
-        memcpy(buf->buf, value, size);
-
-        return loop_write(fd, buf, sizeof(uint32_t) + size, false);
-}
-
-int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p) {
-        _cleanup_free_ void *s = NULL;
-        size_t ss = 0;
-        int r;
-        char *x;
-
-        r = efi_get_variable(vendor, name, NULL, &s, &ss);
-        if (r < 0)
-                return r;
-
-        x = utf16_to_utf8(s, ss);
-        if (!x)
-                return -ENOMEM;
-
-        *p = x;
-        return 0;
-}
-
-static size_t utf16_size(const uint16_t *s) {
-        size_t l = 0;
-
-        while (s[l] > 0)
-                l++;
-
-        return (l+1) * sizeof(uint16_t);
-}
-
-static void efi_guid_to_id128(const void *guid, sd_id128_t *id128) {
-        struct uuid {
-                uint32_t u1;
-                uint16_t u2;
-                uint16_t u3;
-                uint8_t u4[8];
-        } _packed_;
-        const struct uuid *uuid = guid;
-
-        id128->bytes[0] = (uuid->u1 >> 24) & 0xff;
-        id128->bytes[1] = (uuid->u1 >> 16) & 0xff;
-        id128->bytes[2] = (uuid->u1 >> 8) & 0xff;
-        id128->bytes[3] = (uuid->u1) & 0xff;
-        id128->bytes[4] = (uuid->u2 >> 8) & 0xff;
-        id128->bytes[5] = (uuid->u2) & 0xff;
-        id128->bytes[6] = (uuid->u3 >> 8) & 0xff;
-        id128->bytes[7] = (uuid->u3) & 0xff;
-        memcpy(&id128->bytes[8], uuid->u4, sizeof(uuid->u4));
-}
-
-int efi_get_boot_option(
-                uint16_t id,
-                char **title,
-                sd_id128_t *part_uuid,
-                char **path,
-                bool *active) {
-
-        char boot_id[9];
-        _cleanup_free_ uint8_t *buf = NULL;
-        size_t l;
-        struct boot_option *header;
-        size_t title_size;
-        _cleanup_free_ char *s = NULL, *p = NULL;
-        sd_id128_t p_uuid = SD_ID128_NULL;
-        int r;
-
-        xsprintf(boot_id, "Boot%04X", id);
-        r = efi_get_variable(EFI_VENDOR_GLOBAL, boot_id, NULL, (void **)&buf, &l);
-        if (r < 0)
-                return r;
-        if (l < sizeof(struct boot_option))
-                return -ENOENT;
-
-        header = (struct boot_option *)buf;
-        title_size = utf16_size(header->title);
-        if (title_size > l - offsetof(struct boot_option, title))
-                return -EINVAL;
-
-        if (title) {
-                s = utf16_to_utf8(header->title, title_size);
-                if (!s)
-                        return -ENOMEM;
-        }
-
-        if (header->path_len > 0) {
-                uint8_t *dbuf;
-                size_t dnext;
-
-                dbuf = buf + offsetof(struct boot_option, title) + title_size;
-                dnext = 0;
-                while (dnext < header->path_len) {
-                        struct device_path *dpath;
-
-                        dpath = (struct device_path *)(dbuf + dnext);
-                        if (dpath->length < 4)
-                                break;
-
-                        /* Type 0x7F – End of Hardware Device Path, Sub-Type 0xFF – End Entire Device Path */
-                        if (dpath->type == END_DEVICE_PATH_TYPE && dpath->sub_type == END_ENTIRE_DEVICE_PATH_SUBTYPE)
-                                break;
-
-                        dnext += dpath->length;
-
-                        /* Type 0x04 – Media Device Path */
-                        if (dpath->type != MEDIA_DEVICE_PATH)
-                                continue;
-
-                        /* Sub-Type 1 – Hard Drive */
-                        if (dpath->sub_type == MEDIA_HARDDRIVE_DP) {
-                                /* 0x02 – GUID Partition Table */
-                                if (dpath->drive.mbr_type != MBR_TYPE_EFI_PARTITION_TABLE_HEADER)
-                                        continue;
-
-                                /* 0x02 – GUID signature */
-                                if (dpath->drive.signature_type != SIGNATURE_TYPE_GUID)
-                                        continue;
-
-                                if (part_uuid)
-                                        efi_guid_to_id128(dpath->drive.signature, &p_uuid);
-                                continue;
-                        }
-
-                        /* Sub-Type 4 – File Path */
-                        if (dpath->sub_type == MEDIA_FILEPATH_DP && !p && path) {
-                                p = utf16_to_utf8(dpath->path, dpath->length-4);
-                                efi_tilt_backslashes(p);
-                                continue;
-                        }
-                }
-        }
-
-        if (title) {
-                *title = s;
-                s = NULL;
-        }
-        if (part_uuid)
-                *part_uuid = p_uuid;
-        if (path) {
-                *path = p;
-                p = NULL;
-        }
-        if (active)
-                *active = !!(header->attr & LOAD_OPTION_ACTIVE);
-
-        return 0;
-}
-
-static void to_utf16(uint16_t *dest, const char *src) {
-        int i;
-
-        for (i = 0; src[i] != '\0'; i++)
-                dest[i] = src[i];
-        dest[i] = '\0';
-}
-
-struct guid {
-        uint32_t u1;
-        uint16_t u2;
-        uint16_t u3;
-        uint8_t u4[8];
-} _packed_;
-
-static void id128_to_efi_guid(sd_id128_t id, void *guid) {
-        struct guid *uuid = guid;
-
-        uuid->u1 = id.bytes[0] << 24 | id.bytes[1] << 16 | id.bytes[2] << 8 | id.bytes[3];
-        uuid->u2 = id.bytes[4] << 8 | id.bytes[5];
-        uuid->u3 = id.bytes[6] << 8 | id.bytes[7];
-        memcpy(uuid->u4, id.bytes+8, sizeof(uuid->u4));
-}
-
-static uint16_t *tilt_slashes(uint16_t *s) {
-        uint16_t *p;
-
-        for (p = s; *p; p++)
-                if (*p == '/')
-                        *p = '\\';
-
-        return s;
-}
-
-int efi_add_boot_option(uint16_t id, const char *title,
-                        uint32_t part, uint64_t pstart, uint64_t psize,
-                        sd_id128_t part_uuid, const char *path) {
-        char boot_id[9];
-        size_t size;
-        size_t title_len;
-        size_t path_len;
-        struct boot_option *option;
-        struct device_path *devicep;
-        _cleanup_free_ char *buf = NULL;
-
-        title_len = (strlen(title)+1) * 2;
-        path_len = (strlen(path)+1) * 2;
-
-        buf = calloc(sizeof(struct boot_option) + title_len +
-                     sizeof(struct drive_path) +
-                     sizeof(struct device_path) + path_len, 1);
-        if (!buf)
-                return -ENOMEM;
-
-        /* header */
-        option = (struct boot_option *)buf;
-        option->attr = LOAD_OPTION_ACTIVE;
-        option->path_len = offsetof(struct device_path, drive) + sizeof(struct drive_path) +
-                           offsetof(struct device_path, path) + path_len +
-                           offsetof(struct device_path, path);
-        to_utf16(option->title, title);
-        size = offsetof(struct boot_option, title) + title_len;
-
-        /* partition info */
-        devicep = (struct device_path *)(buf + size);
-        devicep->type = MEDIA_DEVICE_PATH;
-        devicep->sub_type = MEDIA_HARDDRIVE_DP;
-        devicep->length = offsetof(struct device_path, drive) + sizeof(struct drive_path);
-        devicep->drive.part_nr = part;
-        devicep->drive.part_start = pstart;
-        devicep->drive.part_size = psize;
-        devicep->drive.signature_type = SIGNATURE_TYPE_GUID;
-        devicep->drive.mbr_type = MBR_TYPE_EFI_PARTITION_TABLE_HEADER;
-        id128_to_efi_guid(part_uuid, devicep->drive.signature);
-        size += devicep->length;
-
-        /* path to loader */
-        devicep = (struct device_path *)(buf + size);
-        devicep->type = MEDIA_DEVICE_PATH;
-        devicep->sub_type = MEDIA_FILEPATH_DP;
-        devicep->length = offsetof(struct device_path, path) + path_len;
-        to_utf16(devicep->path, path);
-        tilt_slashes(devicep->path);
-        size += devicep->length;
-
-        /* end of path */
-        devicep = (struct device_path *)(buf + size);
-        devicep->type = END_DEVICE_PATH_TYPE;
-        devicep->sub_type = END_ENTIRE_DEVICE_PATH_SUBTYPE;
-        devicep->length = offsetof(struct device_path, path);
-        size += devicep->length;
-
-        xsprintf(boot_id, "Boot%04X", id);
-        return efi_set_variable(EFI_VENDOR_GLOBAL, boot_id, buf, size);
-}
-
-int efi_remove_boot_option(uint16_t id) {
-        char boot_id[9];
-
-        xsprintf(boot_id, "Boot%04X", id);
-        return efi_set_variable(EFI_VENDOR_GLOBAL, boot_id, NULL, 0);
-}
-
-int efi_get_boot_order(uint16_t **order) {
-        _cleanup_free_ void *buf = NULL;
-        size_t l;
-        int r;
-
-        r = efi_get_variable(EFI_VENDOR_GLOBAL, "BootOrder", NULL, &buf, &l);
-        if (r < 0)
-                return r;
-
-        if (l <= 0)
-                return -ENOENT;
-
-        if (l % sizeof(uint16_t) > 0 ||
-            l / sizeof(uint16_t) > INT_MAX)
-                return -EINVAL;
-
-        *order = buf;
-        buf = NULL;
-        return (int) (l / sizeof(uint16_t));
-}
-
-int efi_set_boot_order(uint16_t *order, size_t n) {
-        return efi_set_variable(EFI_VENDOR_GLOBAL, "BootOrder", order, n * sizeof(uint16_t));
-}
-
-static int boot_id_hex(const char s[4]) {
-        int i;
-        int id = 0;
-
-        for (i = 0; i < 4; i++)
-                if (s[i] >= '0' && s[i] <= '9')
-                        id |= (s[i] - '0') << (3 - i) * 4;
-                else if (s[i] >= 'A' && s[i] <= 'F')
-                        id |= (s[i] - 'A' + 10) << (3 - i) * 4;
-                else
-                        return -EINVAL;
-
-        return id;
-}
-
-static int cmp_uint16(const void *_a, const void *_b) {
-        const uint16_t *a = _a, *b = _b;
-
-        return (int)*a - (int)*b;
-}
-
-int efi_get_boot_options(uint16_t **options) {
-        _cleanup_closedir_ DIR *dir = NULL;
-        struct dirent *de;
-        _cleanup_free_ uint16_t *list = NULL;
-        size_t alloc = 0;
-        int count = 0;
-
-        assert(options);
-
-        dir = opendir("/sys/firmware/efi/efivars/");
-        if (!dir)
-                return -errno;
-
-        FOREACH_DIRENT(de, dir, return -errno) {
-                int id;
-
-                if (strncmp(de->d_name, "Boot", 4) != 0)
-                        continue;
-
-                if (strlen(de->d_name) != 45)
-                        continue;
-
-                if (strcmp(de->d_name + 8, "-8be4df61-93ca-11d2-aa0d-00e098032b8c") != 0)
-                        continue;
-
-                id = boot_id_hex(de->d_name + 4);
-                if (id < 0)
-                        continue;
-
-                if (!GREEDY_REALLOC(list, alloc, count + 1))
-                        return -ENOMEM;
-
-                list[count++] = id;
-        }
-
-        qsort_safe(list, count, sizeof(uint16_t), cmp_uint16);
-
-        *options = list;
-        list = NULL;
-        return count;
-}
-
-static int read_usec(sd_id128_t vendor, const char *name, usec_t *u) {
-        _cleanup_free_ char *j = NULL;
-        int r;
-        uint64_t x = 0;
-
-        assert(name);
-        assert(u);
-
-        r = efi_get_variable_string(EFI_VENDOR_LOADER, name, &j);
-        if (r < 0)
-                return r;
-
-        r = safe_atou64(j, &x);
-        if (r < 0)
-                return r;
-
-        *u = x;
-        return 0;
-}
-
-int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader) {
-        uint64_t x, y;
-        int r;
-
-        assert(firmware);
-        assert(loader);
-
-        r = read_usec(EFI_VENDOR_LOADER, "LoaderTimeInitUSec", &x);
-        if (r < 0)
-                return r;
-
-        r = read_usec(EFI_VENDOR_LOADER, "LoaderTimeExecUSec", &y);
-        if (r < 0)
-                return r;
-
-        if (y == 0 || y < x)
-                return -EIO;
-
-        if (y > USEC_PER_HOUR)
-                return -EIO;
-
-        *firmware = x;
-        *loader = y;
-
-        return 0;
-}
-
-int efi_loader_get_device_part_uuid(sd_id128_t *u) {
-        _cleanup_free_ char *p = NULL;
-        int r, parsed[16];
-
-        r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderDevicePartUUID", &p);
-        if (r < 0)
-                return r;
-
-        if (sscanf(p, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                   &parsed[0], &parsed[1], &parsed[2], &parsed[3],
-                   &parsed[4], &parsed[5], &parsed[6], &parsed[7],
-                   &parsed[8], &parsed[9], &parsed[10], &parsed[11],
-                   &parsed[12], &parsed[13], &parsed[14], &parsed[15]) != 16)
-                return -EIO;
-
-        if (u) {
-                unsigned i;
-
-                for (i = 0; i < ELEMENTSOF(parsed); i++)
-                        u->bytes[i] = parsed[i];
-        }
-
-        return 0;
-}
-
-#endif
-
-char *efi_tilt_backslashes(char *s) {
-        char *p;
-
-        for (p = s; *p; p++)
-                if (*p == '\\')
-                        *p = '/';
-
-        return s;
-}
diff --git a/src/shared/efivars.h b/src/shared/efivars.h
deleted file mode 100644
index b61d14c4ec..0000000000
--- a/src/shared/efivars.h
+++ /dev/null
@@ -1,131 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdint.h>
-
-#include "sd-id128.h"
-
-#include "time-util.h"
-
-#define EFI_VENDOR_LOADER SD_ID128_MAKE(4a,67,b0,82,0a,4c,41,cf,b6,c7,44,0b,29,bb,8c,4f)
-#define EFI_VENDOR_GLOBAL SD_ID128_MAKE(8b,e4,df,61,93,ca,11,d2,aa,0d,00,e0,98,03,2b,8c)
-#define EFI_VARIABLE_NON_VOLATILE       0x0000000000000001
-#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x0000000000000002
-#define EFI_VARIABLE_RUNTIME_ACCESS     0x0000000000000004
-
-#ifdef ENABLE_EFI
-
-bool is_efi_boot(void);
-bool is_efi_secure_boot(void);
-bool is_efi_secure_boot_setup_mode(void);
-int efi_reboot_to_firmware_supported(void);
-int efi_get_reboot_to_firmware(void);
-int efi_set_reboot_to_firmware(bool value);
-
-int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size);
-int efi_set_variable(sd_id128_t vendor, const char *name, const void *value, size_t size);
-int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p);
-
-int efi_get_boot_option(uint16_t nr, char **title, sd_id128_t *part_uuid, char **path, bool *active);
-int efi_add_boot_option(uint16_t id, const char *title, uint32_t part, uint64_t pstart, uint64_t psize, sd_id128_t part_uuid, const char *path);
-int efi_remove_boot_option(uint16_t id);
-int efi_get_boot_order(uint16_t **order);
-int efi_set_boot_order(uint16_t *order, size_t n);
-int efi_get_boot_options(uint16_t **options);
-
-int efi_loader_get_device_part_uuid(sd_id128_t *u);
-int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader);
-
-#else
-
-static inline bool is_efi_boot(void) {
-        return false;
-}
-
-static inline bool is_efi_secure_boot(void) {
-        return false;
-}
-
-static inline bool is_efi_secure_boot_setup_mode(void) {
-        return false;
-}
-
-static inline int efi_reboot_to_firmware_supported(void) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_get_reboot_to_firmware(void) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_set_reboot_to_firmware(bool value) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_set_variable(sd_id128_t vendor, const char *name, const void *value, size_t size) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_get_boot_option(uint16_t nr, char **title, sd_id128_t *part_uuid, char **path, bool *active) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_add_boot_option(uint16_t id, const char *title, uint32_t part, uint64_t pstart, uint64_t psize, sd_id128_t part_uuid, const char *path) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_remove_boot_option(uint16_t id) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_get_boot_order(uint16_t **order) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_set_boot_order(uint16_t *order, size_t n) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_get_boot_options(uint16_t **options) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_loader_get_device_part_uuid(sd_id128_t *u) {
-        return -EOPNOTSUPP;
-}
-
-static inline int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader) {
-        return -EOPNOTSUPP;
-}
-
-#endif
-
-char *efi_tilt_backslashes(char *s);
diff --git a/src/shared/gpt.h b/src/shared/gpt.h
deleted file mode 100644
index 55b41bbcd8..0000000000
--- a/src/shared/gpt.h
+++ /dev/null
@@ -1,66 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <endian.h>
-
-#include "sd-id128.h"
-
-/* We only support root disk discovery for x86, x86-64, Itanium and ARM for
- * now, since EFI for anything else doesn't really exist, and we only
- * care for root partitions on the same disk as the EFI ESP. */
-
-#define GPT_ROOT_X86    SD_ID128_MAKE(44,47,95,40,f2,97,41,b2,9a,f7,d1,31,d5,f0,45,8a)
-#define GPT_ROOT_X86_64 SD_ID128_MAKE(4f,68,bc,e3,e8,cd,4d,b1,96,e7,fb,ca,f9,84,b7,09)
-#define GPT_ROOT_ARM    SD_ID128_MAKE(69,da,d7,10,2c,e4,4e,3c,b1,6c,21,a1,d4,9a,be,d3)
-#define GPT_ROOT_ARM_64 SD_ID128_MAKE(b9,21,b0,45,1d,f0,41,c3,af,44,4c,6f,28,0d,3f,ae)
-#define GPT_ROOT_IA64   SD_ID128_MAKE(99,3d,8d,3d,f8,0e,42,25,85,5a,9d,af,8e,d7,ea,97)
-
-#define GPT_ESP         SD_ID128_MAKE(c1,2a,73,28,f8,1f,11,d2,ba,4b,00,a0,c9,3e,c9,3b)
-#define GPT_SWAP        SD_ID128_MAKE(06,57,fd,6d,a4,ab,43,c4,84,e5,09,33,c8,4b,4f,4f)
-#define GPT_HOME        SD_ID128_MAKE(93,3a,c7,e1,2e,b4,4f,13,b8,44,0e,14,e2,ae,f9,15)
-#define GPT_SRV         SD_ID128_MAKE(3b,8f,84,25,20,e0,4f,3b,90,7f,1a,25,a7,6f,98,e8)
-
-#if defined(__x86_64__)
-#  define GPT_ROOT_NATIVE GPT_ROOT_X86_64
-#  define GPT_ROOT_SECONDARY GPT_ROOT_X86
-#elif defined(__i386__)
-#  define GPT_ROOT_NATIVE GPT_ROOT_X86
-#endif
-
-#if defined(__ia64__)
-#  define GPT_ROOT_NATIVE GPT_ROOT_IA64
-#endif
-
-#if defined(__aarch64__) && (__BYTE_ORDER != __BIG_ENDIAN)
-#  define GPT_ROOT_NATIVE GPT_ROOT_ARM_64
-#  define GPT_ROOT_SECONDARY GPT_ROOT_ARM
-#elif defined(__arm__) && (__BYTE_ORDER != __BIG_ENDIAN)
-#  define GPT_ROOT_NATIVE GPT_ROOT_ARM
-#endif
-
-/* Flags we recognize on the root, swap, home and srv partitions when
- * doing auto-discovery. These happen to be identical to what
- * Microsoft defines for its own Basic Data Partitions, but that's
- * just because we saw no point in defining any other values here. */
-#define GPT_FLAG_READ_ONLY (1ULL << 60)
-#define GPT_FLAG_NO_AUTO (1ULL << 63)
-
-#define GPT_LINUX_GENERIC SD_ID128_MAKE(0f,c6,3d,af,84,83,47,72,8e,79,3d,69,d8,47,7d,e4)
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
deleted file mode 100644
index 9351b85eed..0000000000
--- a/src/shared/logs-show.c
+++ /dev/null
@@ -1,1310 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <syslog.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "sd-id128.h"
-#include "sd-journal.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "formats-util.h"
-#include "hashmap.h"
-#include "hostname-util.h"
-#include "io-util.h"
-#include "journal-internal.h"
-#include "log.h"
-#include "logs-show.h"
-#include "macro.h"
-#include "output-mode.h"
-#include "parse-util.h"
-#include "process-util.h"
-#include "sparse-endian.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "terminal-util.h"
-#include "time-util.h"
-#include "utf8.h"
-#include "util.h"
-
-/* up to three lines (each up to 100 characters) or 300 characters, whichever is less */
-#define PRINT_LINE_THRESHOLD 3
-#define PRINT_CHAR_THRESHOLD 300
-
-#define JSON_THRESHOLD 4096
-
-static int print_catalog(FILE *f, sd_journal *j) {
-        int r;
-        _cleanup_free_ char *t = NULL, *z = NULL;
-
-
-        r = sd_journal_get_catalog(j, &t);
-        if (r < 0)
-                return r;
-
-        z = strreplace(strstrip(t), "\n", "\n-- ");
-        if (!z)
-                return log_oom();
-
-        fputs("-- ", f);
-        fputs(z, f);
-        fputc('\n', f);
-
-        return 0;
-}
-
-static int parse_field(const void *data, size_t length, const char *field, char **target, size_t *target_size) {
-        size_t fl, nl;
-        char *buf;
-
-        assert(data);
-        assert(field);
-        assert(target);
-
-        fl = strlen(field);
-        if (length < fl)
-                return 0;
-
-        if (memcmp(data, field, fl))
-                return 0;
-
-        nl = length - fl;
-        buf = new(char, nl+1);
-        if (!buf)
-                return log_oom();
-
-        memcpy(buf, (const char*) data + fl, nl);
-        buf[nl] = 0;
-
-        free(*target);
-        *target = buf;
-
-        if (target_size)
-                *target_size = nl;
-
-        return 1;
-}
-
-static bool shall_print(const char *p, size_t l, OutputFlags flags) {
-        assert(p);
-
-        if (flags & OUTPUT_SHOW_ALL)
-                return true;
-
-        if (l >= PRINT_CHAR_THRESHOLD)
-                return false;
-
-        if (!utf8_is_printable(p, l))
-                return false;
-
-        return true;
-}
-
-static bool print_multiline(FILE *f, unsigned prefix, unsigned n_columns, OutputFlags flags, int priority, const char* message, size_t message_len) {
-        const char *color_on = "", *color_off = "";
-        const char *pos, *end;
-        bool ellipsized = false;
-        int line = 0;
-
-        if (flags & OUTPUT_COLOR) {
-                if (priority <= LOG_ERR) {
-                        color_on = ANSI_HIGHLIGHT_RED;
-                        color_off = ANSI_NORMAL;
-                } else if (priority <= LOG_NOTICE) {
-                        color_on = ANSI_HIGHLIGHT;
-                        color_off = ANSI_NORMAL;
-                }
-        }
-
-        /* A special case: make sure that we print a newline when
-           the message is empty. */
-        if (message_len == 0)
-                fputs("\n", f);
-
-        for (pos = message;
-             pos < message + message_len;
-             pos = end + 1, line++) {
-                bool continuation = line > 0;
-                bool tail_line;
-                int len;
-                for (end = pos; end < message + message_len && *end != '\n'; end++)
-                        ;
-                len = end - pos;
-                assert(len >= 0);
-
-                /* We need to figure out when we are showing not-last line, *and*
-                 * will skip subsequent lines. In that case, we will put the dots
-                 * at the end of the line, instead of putting dots in the middle
-                 * or not at all.
-                 */
-                tail_line =
-                        line + 1 == PRINT_LINE_THRESHOLD ||
-                        end + 1 >= message + PRINT_CHAR_THRESHOLD;
-
-                if (flags & (OUTPUT_FULL_WIDTH | OUTPUT_SHOW_ALL) ||
-                    (prefix + len + 1 < n_columns && !tail_line)) {
-                        fprintf(f, "%*s%s%.*s%s\n",
-                                continuation * prefix, "",
-                                color_on, len, pos, color_off);
-                        continue;
-                }
-
-                /* Beyond this point, ellipsization will happen. */
-                ellipsized = true;
-
-                if (prefix < n_columns && n_columns - prefix >= 3) {
-                        if (n_columns - prefix > (unsigned) len + 3)
-                                fprintf(f, "%*s%s%.*s...%s\n",
-                                        continuation * prefix, "",
-                                        color_on, len, pos, color_off);
-                        else {
-                                _cleanup_free_ char *e;
-
-                                e = ellipsize_mem(pos, len, n_columns - prefix,
-                                                  tail_line ? 100 : 90);
-                                if (!e)
-                                        fprintf(f, "%*s%s%.*s%s\n",
-                                                continuation * prefix, "",
-                                                color_on, len, pos, color_off);
-                                else
-                                        fprintf(f, "%*s%s%s%s\n",
-                                                continuation * prefix, "",
-                                                color_on, e, color_off);
-                        }
-                } else
-                        fputs("...\n", f);
-
-                if (tail_line)
-                        break;
-        }
-
-        return ellipsized;
-}
-
-static int output_short(
-                FILE *f,
-                sd_journal *j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags) {
-
-        int r;
-        const void *data;
-        size_t length;
-        size_t n = 0;
-        _cleanup_free_ char *hostname = NULL, *identifier = NULL, *comm = NULL, *pid = NULL, *fake_pid = NULL, *message = NULL, *realtime = NULL, *monotonic = NULL, *priority = NULL;
-        size_t hostname_len = 0, identifier_len = 0, comm_len = 0, pid_len = 0, fake_pid_len = 0, message_len = 0, realtime_len = 0, monotonic_len = 0, priority_len = 0;
-        int p = LOG_INFO;
-        bool ellipsized = false;
-
-        assert(f);
-        assert(j);
-
-        /* Set the threshold to one bigger than the actual print
-         * threshold, so that if the line is actually longer than what
-         * we're willing to print, ellipsization will occur. This way
-         * we won't output a misleading line without any indication of
-         * truncation.
-         */
-        sd_journal_set_data_threshold(j, flags & (OUTPUT_SHOW_ALL|OUTPUT_FULL_WIDTH) ? 0 : PRINT_CHAR_THRESHOLD + 1);
-
-        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
-
-                r = parse_field(data, length, "PRIORITY=", &priority, &priority_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "_HOSTNAME=", &hostname, &hostname_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "SYSLOG_IDENTIFIER=", &identifier, &identifier_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "_COMM=", &comm, &comm_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "_PID=", &pid, &pid_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "SYSLOG_PID=", &fake_pid, &fake_pid_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "_SOURCE_REALTIME_TIMESTAMP=", &realtime, &realtime_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "_SOURCE_MONOTONIC_TIMESTAMP=", &monotonic, &monotonic_len);
-                if (r < 0)
-                        return r;
-                else if (r > 0)
-                        continue;
-
-                r = parse_field(data, length, "MESSAGE=", &message, &message_len);
-                if (r < 0)
-                        return r;
-        }
-        if (r == -EBADMSG) {
-                log_debug_errno(r, "Skipping message we can't read: %m");
-                return 0;
-        }
-        if (r < 0)
-                return log_error_errno(r, "Failed to get journal fields: %m");
-
-        if (!message) {
-                log_debug("Skipping message without MESSAGE= field.");
-                return 0;
-        }
-
-        if (!(flags & OUTPUT_SHOW_ALL))
-                strip_tab_ansi(&message, &message_len);
-
-        if (priority_len == 1 && *priority >= '0' && *priority <= '7')
-                p = *priority - '0';
-
-        if (mode == OUTPUT_SHORT_MONOTONIC) {
-                uint64_t t;
-                sd_id128_t boot_id;
-
-                r = -ENOENT;
-
-                if (monotonic)
-                        r = safe_atou64(monotonic, &t);
-
-                if (r < 0)
-                        r = sd_journal_get_monotonic_usec(j, &t, &boot_id);
-
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get monotonic timestamp: %m");
-
-                fprintf(f, "[%5llu.%06llu]",
-                        (unsigned long long) (t / USEC_PER_SEC),
-                        (unsigned long long) (t % USEC_PER_SEC));
-
-                n += 1 + 5 + 1 + 6 + 1;
-
-        } else {
-                char buf[64];
-                uint64_t x;
-                time_t t;
-                struct tm tm;
-                struct tm *(*gettime_r)(const time_t *, struct tm *);
-
-                r = -ENOENT;
-                gettime_r = (flags & OUTPUT_UTC) ? gmtime_r : localtime_r;
-
-                if (realtime)
-                        r = safe_atou64(realtime, &x);
-
-                if (r < 0)
-                        r = sd_journal_get_realtime_usec(j, &x);
-
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get realtime timestamp: %m");
-
-                t = (time_t) (x / USEC_PER_SEC);
-
-                switch (mode) {
-
-                case OUTPUT_SHORT_UNIX:
-                        r = snprintf(buf, sizeof(buf), "%10llu.%06llu", (unsigned long long) t, (unsigned long long) (x % USEC_PER_SEC));
-                        break;
-
-                case OUTPUT_SHORT_ISO:
-                        r = strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S%z", gettime_r(&t, &tm));
-                        break;
-
-                case OUTPUT_SHORT_PRECISE:
-                        r = strftime(buf, sizeof(buf), "%b %d %H:%M:%S", gettime_r(&t, &tm));
-                        if (r > 0)
-                                snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ".%06llu", (unsigned long long) (x % USEC_PER_SEC));
-                        break;
-
-                default:
-                        r = strftime(buf, sizeof(buf), "%b %d %H:%M:%S", gettime_r(&t, &tm));
-                }
-
-                if (r <= 0) {
-                        log_error("Failed to format time.");
-                        return -EINVAL;
-                }
-
-                fputs(buf, f);
-                n += strlen(buf);
-        }
-
-        if (hostname && (flags & OUTPUT_NO_HOSTNAME)) {
-                /* Suppress display of the hostname if this is requested. */
-                hostname = NULL;
-                hostname_len = 0;
-        }
-
-        if (hostname && shall_print(hostname, hostname_len, flags)) {
-                fprintf(f, " %.*s", (int) hostname_len, hostname);
-                n += hostname_len + 1;
-        }
-
-        if (identifier && shall_print(identifier, identifier_len, flags)) {
-                fprintf(f, " %.*s", (int) identifier_len, identifier);
-                n += identifier_len + 1;
-        } else if (comm && shall_print(comm, comm_len, flags)) {
-                fprintf(f, " %.*s", (int) comm_len, comm);
-                n += comm_len + 1;
-        } else
-                fputs(" unknown", f);
-
-        if (pid && shall_print(pid, pid_len, flags)) {
-                fprintf(f, "[%.*s]", (int) pid_len, pid);
-                n += pid_len + 2;
-        } else if (fake_pid && shall_print(fake_pid, fake_pid_len, flags)) {
-                fprintf(f, "[%.*s]", (int) fake_pid_len, fake_pid);
-                n += fake_pid_len + 2;
-        }
-
-        if (!(flags & OUTPUT_SHOW_ALL) && !utf8_is_printable(message, message_len)) {
-                char bytes[FORMAT_BYTES_MAX];
-                fprintf(f, ": [%s blob data]\n", format_bytes(bytes, sizeof(bytes), message_len));
-        } else {
-                fputs(": ", f);
-                ellipsized |=
-                        print_multiline(f, n + 2, n_columns, flags, p, message, message_len);
-        }
-
-        if (flags & OUTPUT_CATALOG)
-                print_catalog(f, j);
-
-        return ellipsized;
-}
-
-static int output_verbose(
-                FILE *f,
-                sd_journal *j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags) {
-
-        const void *data;
-        size_t length;
-        _cleanup_free_ char *cursor = NULL;
-        uint64_t realtime = 0;
-        char ts[FORMAT_TIMESTAMP_MAX + 7];
-        int r;
-
-        assert(f);
-        assert(j);
-
-        sd_journal_set_data_threshold(j, 0);
-
-        r = sd_journal_get_data(j, "_SOURCE_REALTIME_TIMESTAMP", &data, &length);
-        if (r == -ENOENT)
-                log_debug("Source realtime timestamp not found");
-        else if (r < 0)
-                return log_full_errno(r == -EADDRNOTAVAIL ? LOG_DEBUG : LOG_ERR, r, "Failed to get source realtime timestamp: %m");
-        else {
-                _cleanup_free_ char *value = NULL;
-
-                r = parse_field(data, length, "_SOURCE_REALTIME_TIMESTAMP=", &value, NULL);
-                if (r < 0)
-                        return r;
-                assert(r > 0);
-
-                r = safe_atou64(value, &realtime);
-                if (r < 0)
-                        log_debug_errno(r, "Failed to parse realtime timestamp: %m");
-        }
-
-        if (r < 0) {
-                r = sd_journal_get_realtime_usec(j, &realtime);
-                if (r < 0)
-                        return log_full_errno(r == -EADDRNOTAVAIL ? LOG_DEBUG : LOG_ERR, r, "Failed to get realtime timestamp: %m");
-        }
-
-        r = sd_journal_get_cursor(j, &cursor);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get cursor: %m");
-
-        fprintf(f, "%s [%s]\n",
-                flags & OUTPUT_UTC ?
-                format_timestamp_us_utc(ts, sizeof(ts), realtime) :
-                format_timestamp_us(ts, sizeof(ts), realtime),
-                cursor);
-
-        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
-                const char *c;
-                int fieldlen;
-                const char *on = "", *off = "";
-
-                c = memchr(data, '=', length);
-                if (!c) {
-                        log_error("Invalid field.");
-                        return -EINVAL;
-                }
-                fieldlen = c - (const char*) data;
-
-                if (flags & OUTPUT_COLOR && startswith(data, "MESSAGE=")) {
-                        on = ANSI_HIGHLIGHT;
-                        off = ANSI_NORMAL;
-                }
-
-                if (flags & OUTPUT_SHOW_ALL ||
-                    (((length < PRINT_CHAR_THRESHOLD) || flags & OUTPUT_FULL_WIDTH)
-                     && utf8_is_printable(data, length))) {
-                        fprintf(f, "    %s%.*s=", on, fieldlen, (const char*)data);
-                        print_multiline(f, 4 + fieldlen + 1, 0, OUTPUT_FULL_WIDTH, 0, c + 1, length - fieldlen - 1);
-                        fputs(off, f);
-                } else {
-                        char bytes[FORMAT_BYTES_MAX];
-
-                        fprintf(f, "    %s%.*s=[%s blob data]%s\n",
-                                on,
-                                (int) (c - (const char*) data),
-                                (const char*) data,
-                                format_bytes(bytes, sizeof(bytes), length - (c - (const char *) data) - 1),
-                                off);
-                }
-        }
-
-        if (r < 0)
-                return r;
-
-        if (flags & OUTPUT_CATALOG)
-                print_catalog(f, j);
-
-        return 0;
-}
-
-static int output_export(
-                FILE *f,
-                sd_journal *j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags) {
-
-        sd_id128_t boot_id;
-        char sid[33];
-        int r;
-        usec_t realtime, monotonic;
-        _cleanup_free_ char *cursor = NULL;
-        const void *data;
-        size_t length;
-
-        assert(j);
-
-        sd_journal_set_data_threshold(j, 0);
-
-        r = sd_journal_get_realtime_usec(j, &realtime);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get realtime timestamp: %m");
-
-        r = sd_journal_get_monotonic_usec(j, &monotonic, &boot_id);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
-
-        r = sd_journal_get_cursor(j, &cursor);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get cursor: %m");
-
-        fprintf(f,
-                "__CURSOR=%s\n"
-                "__REALTIME_TIMESTAMP="USEC_FMT"\n"
-                "__MONOTONIC_TIMESTAMP="USEC_FMT"\n"
-                "_BOOT_ID=%s\n",
-                cursor,
-                realtime,
-                monotonic,
-                sd_id128_to_string(boot_id, sid));
-
-        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
-
-                /* We already printed the boot id, from the data in
-                 * the header, hence let's suppress it here */
-                if (length >= 9 &&
-                    startswith(data, "_BOOT_ID="))
-                        continue;
-
-                if (utf8_is_printable_newline(data, length, false))
-                        fwrite(data, length, 1, f);
-                else {
-                        const char *c;
-                        uint64_t le64;
-
-                        c = memchr(data, '=', length);
-                        if (!c) {
-                                log_error("Invalid field.");
-                                return -EINVAL;
-                        }
-
-                        fwrite(data, c - (const char*) data, 1, f);
-                        fputc('\n', f);
-                        le64 = htole64(length - (c - (const char*) data) - 1);
-                        fwrite(&le64, sizeof(le64), 1, f);
-                        fwrite(c + 1, length - (c - (const char*) data) - 1, 1, f);
-                }
-
-                fputc('\n', f);
-        }
-
-        if (r < 0)
-                return r;
-
-        fputc('\n', f);
-
-        return 0;
-}
-
-void json_escape(
-                FILE *f,
-                const char* p,
-                size_t l,
-                OutputFlags flags) {
-
-        assert(f);
-        assert(p);
-
-        if (!(flags & OUTPUT_SHOW_ALL) && l >= JSON_THRESHOLD)
-                fputs("null", f);
-
-        else if (!utf8_is_printable(p, l)) {
-                bool not_first = false;
-
-                fputs("[ ", f);
-
-                while (l > 0) {
-                        if (not_first)
-                                fprintf(f, ", %u", (uint8_t) *p);
-                        else {
-                                not_first = true;
-                                fprintf(f, "%u", (uint8_t) *p);
-                        }
-
-                        p++;
-                        l--;
-                }
-
-                fputs(" ]", f);
-        } else {
-                fputc('\"', f);
-
-                while (l > 0) {
-                        if (*p == '"' || *p == '\\') {
-                                fputc('\\', f);
-                                fputc(*p, f);
-                        } else if (*p == '\n')
-                                fputs("\\n", f);
-                        else if ((uint8_t) *p < ' ')
-                                fprintf(f, "\\u%04x", (uint8_t) *p);
-                        else
-                                fputc(*p, f);
-
-                        p++;
-                        l--;
-                }
-
-                fputc('\"', f);
-        }
-}
-
-static int output_json(
-                FILE *f,
-                sd_journal *j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags) {
-
-        uint64_t realtime, monotonic;
-        _cleanup_free_ char *cursor = NULL;
-        const void *data;
-        size_t length;
-        sd_id128_t boot_id;
-        char sid[33], *k;
-        int r;
-        Hashmap *h = NULL;
-        bool done, separator;
-
-        assert(j);
-
-        sd_journal_set_data_threshold(j, flags & OUTPUT_SHOW_ALL ? 0 : JSON_THRESHOLD);
-
-        r = sd_journal_get_realtime_usec(j, &realtime);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get realtime timestamp: %m");
-
-        r = sd_journal_get_monotonic_usec(j, &monotonic, &boot_id);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get monotonic timestamp: %m");
-
-        r = sd_journal_get_cursor(j, &cursor);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get cursor: %m");
-
-        if (mode == OUTPUT_JSON_PRETTY)
-                fprintf(f,
-                        "{\n"
-                        "\t\"__CURSOR\" : \"%s\",\n"
-                        "\t\"__REALTIME_TIMESTAMP\" : \""USEC_FMT"\",\n"
-                        "\t\"__MONOTONIC_TIMESTAMP\" : \""USEC_FMT"\",\n"
-                        "\t\"_BOOT_ID\" : \"%s\"",
-                        cursor,
-                        realtime,
-                        monotonic,
-                        sd_id128_to_string(boot_id, sid));
-        else {
-                if (mode == OUTPUT_JSON_SSE)
-                        fputs("data: ", f);
-
-                fprintf(f,
-                        "{ \"__CURSOR\" : \"%s\", "
-                        "\"__REALTIME_TIMESTAMP\" : \""USEC_FMT"\", "
-                        "\"__MONOTONIC_TIMESTAMP\" : \""USEC_FMT"\", "
-                        "\"_BOOT_ID\" : \"%s\"",
-                        cursor,
-                        realtime,
-                        monotonic,
-                        sd_id128_to_string(boot_id, sid));
-        }
-
-        h = hashmap_new(&string_hash_ops);
-        if (!h)
-                return log_oom();
-
-        /* First round, iterate through the entry and count how often each field appears */
-        JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
-                const char *eq;
-                char *n;
-                unsigned u;
-
-                if (length >= 9 &&
-                    memcmp(data, "_BOOT_ID=", 9) == 0)
-                        continue;
-
-                eq = memchr(data, '=', length);
-                if (!eq)
-                        continue;
-
-                n = strndup(data, eq - (const char*) data);
-                if (!n) {
-                        r = log_oom();
-                        goto finish;
-                }
-
-                u = PTR_TO_UINT(hashmap_get(h, n));
-                if (u == 0) {
-                        r = hashmap_put(h, n, UINT_TO_PTR(1));
-                        if (r < 0) {
-                                free(n);
-                                log_oom();
-                                goto finish;
-                        }
-                } else {
-                        r = hashmap_update(h, n, UINT_TO_PTR(u + 1));
-                        free(n);
-                        if (r < 0) {
-                                log_oom();
-                                goto finish;
-                        }
-                }
-        }
-
-        if (r < 0)
-                return r;
-
-        separator = true;
-        do {
-                done = true;
-
-                SD_JOURNAL_FOREACH_DATA(j, data, length) {
-                        const char *eq;
-                        char *kk, *n;
-                        size_t m;
-                        unsigned u;
-
-                        /* We already printed the boot id, from the data in
-                         * the header, hence let's suppress it here */
-                        if (length >= 9 &&
-                            memcmp(data, "_BOOT_ID=", 9) == 0)
-                                continue;
-
-                        eq = memchr(data, '=', length);
-                        if (!eq)
-                                continue;
-
-                        if (separator) {
-                                if (mode == OUTPUT_JSON_PRETTY)
-                                        fputs(",\n\t", f);
-                                else
-                                        fputs(", ", f);
-                        }
-
-                        m = eq - (const char*) data;
-
-                        n = strndup(data, m);
-                        if (!n) {
-                                r = log_oom();
-                                goto finish;
-                        }
-
-                        u = PTR_TO_UINT(hashmap_get2(h, n, (void**) &kk));
-                        if (u == 0) {
-                                /* We already printed this, let's jump to the next */
-                                free(n);
-                                separator = false;
-
-                                continue;
-                        } else if (u == 1) {
-                                /* Field only appears once, output it directly */
-
-                                json_escape(f, data, m, flags);
-                                fputs(" : ", f);
-
-                                json_escape(f, eq + 1, length - m - 1, flags);
-
-                                hashmap_remove(h, n);
-                                free(kk);
-                                free(n);
-
-                                separator = true;
-
-                                continue;
-
-                        } else {
-                                /* Field appears multiple times, output it as array */
-                                json_escape(f, data, m, flags);
-                                fputs(" : [ ", f);
-                                json_escape(f, eq + 1, length - m - 1, flags);
-
-                                /* Iterate through the end of the list */
-
-                                while (sd_journal_enumerate_data(j, &data, &length) > 0) {
-                                        if (length < m + 1)
-                                                continue;
-
-                                        if (memcmp(data, n, m) != 0)
-                                                continue;
-
-                                        if (((const char*) data)[m] != '=')
-                                                continue;
-
-                                        fputs(", ", f);
-                                        json_escape(f, (const char*) data + m + 1, length - m - 1, flags);
-                                }
-
-                                fputs(" ]", f);
-
-                                hashmap_remove(h, n);
-                                free(kk);
-                                free(n);
-
-                                /* Iterate data fields form the beginning */
-                                done = false;
-                                separator = true;
-
-                                break;
-                        }
-                }
-
-        } while (!done);
-
-        if (mode == OUTPUT_JSON_PRETTY)
-                fputs("\n}\n", f);
-        else if (mode == OUTPUT_JSON_SSE)
-                fputs("}\n\n", f);
-        else
-                fputs(" }\n", f);
-
-        r = 0;
-
-finish:
-        while ((k = hashmap_steal_first_key(h)))
-                free(k);
-
-        hashmap_free(h);
-
-        return r;
-}
-
-static int output_cat(
-                FILE *f,
-                sd_journal *j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags) {
-
-        const void *data;
-        size_t l;
-        int r;
-
-        assert(j);
-        assert(f);
-
-        sd_journal_set_data_threshold(j, 0);
-
-        r = sd_journal_get_data(j, "MESSAGE", &data, &l);
-        if (r < 0) {
-                /* An entry without MESSAGE=? */
-                if (r == -ENOENT)
-                        return 0;
-
-                return log_error_errno(r, "Failed to get data: %m");
-        }
-
-        assert(l >= 8);
-
-        fwrite((const char*) data + 8, 1, l - 8, f);
-        fputc('\n', f);
-
-        return 0;
-}
-
-static int (*output_funcs[_OUTPUT_MODE_MAX])(
-                FILE *f,
-                sd_journal*j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags) = {
-
-        [OUTPUT_SHORT] = output_short,
-        [OUTPUT_SHORT_ISO] = output_short,
-        [OUTPUT_SHORT_PRECISE] = output_short,
-        [OUTPUT_SHORT_MONOTONIC] = output_short,
-        [OUTPUT_SHORT_UNIX] = output_short,
-        [OUTPUT_VERBOSE] = output_verbose,
-        [OUTPUT_EXPORT] = output_export,
-        [OUTPUT_JSON] = output_json,
-        [OUTPUT_JSON_PRETTY] = output_json,
-        [OUTPUT_JSON_SSE] = output_json,
-        [OUTPUT_CAT] = output_cat
-};
-
-int output_journal(
-                FILE *f,
-                sd_journal *j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags,
-                bool *ellipsized) {
-
-        int ret;
-        assert(mode >= 0);
-        assert(mode < _OUTPUT_MODE_MAX);
-
-        if (n_columns <= 0)
-                n_columns = columns();
-
-        ret = output_funcs[mode](f, j, mode, n_columns, flags);
-        fflush(stdout);
-
-        if (ellipsized && ret > 0)
-                *ellipsized = true;
-
-        return ret;
-}
-
-static int maybe_print_begin_newline(FILE *f, OutputFlags *flags) {
-        assert(f);
-        assert(flags);
-
-        if (!(*flags & OUTPUT_BEGIN_NEWLINE))
-                return 0;
-
-        /* Print a beginning new line if that's request, but only once
-         * on the first line we print. */
-
-        fputc('\n', f);
-        *flags &= ~OUTPUT_BEGIN_NEWLINE;
-        return 0;
-}
-
-static int show_journal(FILE *f,
-                        sd_journal *j,
-                        OutputMode mode,
-                        unsigned n_columns,
-                        usec_t not_before,
-                        unsigned how_many,
-                        OutputFlags flags,
-                        bool *ellipsized) {
-
-        int r;
-        unsigned line = 0;
-        bool need_seek = false;
-        int warn_cutoff = flags & OUTPUT_WARN_CUTOFF;
-
-        assert(j);
-        assert(mode >= 0);
-        assert(mode < _OUTPUT_MODE_MAX);
-
-        /* Seek to end */
-        r = sd_journal_seek_tail(j);
-        if (r < 0)
-                return log_error_errno(r, "Failed to seek to tail: %m");
-
-        r = sd_journal_previous_skip(j, how_many);
-        if (r < 0)
-                return log_error_errno(r, "Failed to skip previous: %m");
-
-        for (;;) {
-                for (;;) {
-                        usec_t usec;
-
-                        if (need_seek) {
-                                r = sd_journal_next(j);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to iterate through journal: %m");
-                        }
-
-                        if (r == 0)
-                                break;
-
-                        need_seek = true;
-
-                        if (not_before > 0) {
-                                r = sd_journal_get_monotonic_usec(j, &usec, NULL);
-
-                                /* -ESTALE is returned if the
-                                   timestamp is not from this boot */
-                                if (r == -ESTALE)
-                                        continue;
-                                else if (r < 0)
-                                        return log_error_errno(r, "Failed to get journal time: %m");
-
-                                if (usec < not_before)
-                                        continue;
-                        }
-
-                        line++;
-                        maybe_print_begin_newline(f, &flags);
-
-                        r = output_journal(f, j, mode, n_columns, flags, ellipsized);
-                        if (r < 0)
-                                return r;
-                }
-
-                if (warn_cutoff && line < how_many && not_before > 0) {
-                        sd_id128_t boot_id;
-                        usec_t cutoff = 0;
-
-                        /* Check whether the cutoff line is too early */
-
-                        r = sd_id128_get_boot(&boot_id);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get boot id: %m");
-
-                        r = sd_journal_get_cutoff_monotonic_usec(j, boot_id, &cutoff, NULL);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get journal cutoff time: %m");
-
-                        if (r > 0 && not_before < cutoff) {
-                                maybe_print_begin_newline(f, &flags);
-                                fprintf(f, "Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.\n");
-                        }
-
-                        warn_cutoff = false;
-                }
-
-                if (!(flags & OUTPUT_FOLLOW))
-                        break;
-
-                r = sd_journal_wait(j, USEC_INFINITY);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to wait for journal: %m");
-
-        }
-
-        return 0;
-}
-
-int add_matches_for_unit(sd_journal *j, const char *unit) {
-        const char *m1, *m2, *m3, *m4;
-        int r;
-
-        assert(j);
-        assert(unit);
-
-        m1 = strjoina("_SYSTEMD_UNIT=", unit);
-        m2 = strjoina("COREDUMP_UNIT=", unit);
-        m3 = strjoina("UNIT=", unit);
-        m4 = strjoina("OBJECT_SYSTEMD_UNIT=", unit);
-
-        (void)(
-            /* Look for messages from the service itself */
-            (r = sd_journal_add_match(j, m1, 0)) ||
-
-            /* Look for coredumps of the service */
-            (r = sd_journal_add_disjunction(j)) ||
-            (r = sd_journal_add_match(j, "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1", 0)) ||
-            (r = sd_journal_add_match(j, "_UID=0", 0)) ||
-            (r = sd_journal_add_match(j, m2, 0)) ||
-
-             /* Look for messages from PID 1 about this service */
-            (r = sd_journal_add_disjunction(j)) ||
-            (r = sd_journal_add_match(j, "_PID=1", 0)) ||
-            (r = sd_journal_add_match(j, m3, 0)) ||
-
-            /* Look for messages from authorized daemons about this service */
-            (r = sd_journal_add_disjunction(j)) ||
-            (r = sd_journal_add_match(j, "_UID=0", 0)) ||
-            (r = sd_journal_add_match(j, m4, 0))
-        );
-
-        if (r == 0 && endswith(unit, ".slice")) {
-                const char *m5;
-
-                m5 = strjoina("_SYSTEMD_SLICE=", unit);
-
-                /* Show all messages belonging to a slice */
-                (void)(
-                        (r = sd_journal_add_disjunction(j)) ||
-                        (r = sd_journal_add_match(j, m5, 0))
-                        );
-        }
-
-        return r;
-}
-
-int add_matches_for_user_unit(sd_journal *j, const char *unit, uid_t uid) {
-        int r;
-        char *m1, *m2, *m3, *m4;
-        char muid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)];
-
-        assert(j);
-        assert(unit);
-
-        m1 = strjoina("_SYSTEMD_USER_UNIT=", unit);
-        m2 = strjoina("USER_UNIT=", unit);
-        m3 = strjoina("COREDUMP_USER_UNIT=", unit);
-        m4 = strjoina("OBJECT_SYSTEMD_USER_UNIT=", unit);
-        sprintf(muid, "_UID="UID_FMT, uid);
-
-        (void) (
-                /* Look for messages from the user service itself */
-                (r = sd_journal_add_match(j, m1, 0)) ||
-                (r = sd_journal_add_match(j, muid, 0)) ||
-
-                /* Look for messages from systemd about this service */
-                (r = sd_journal_add_disjunction(j)) ||
-                (r = sd_journal_add_match(j, m2, 0)) ||
-                (r = sd_journal_add_match(j, muid, 0)) ||
-
-                /* Look for coredumps of the service */
-                (r = sd_journal_add_disjunction(j)) ||
-                (r = sd_journal_add_match(j, m3, 0)) ||
-                (r = sd_journal_add_match(j, muid, 0)) ||
-                (r = sd_journal_add_match(j, "_UID=0", 0)) ||
-
-                /* Look for messages from authorized daemons about this service */
-                (r = sd_journal_add_disjunction(j)) ||
-                (r = sd_journal_add_match(j, m4, 0)) ||
-                (r = sd_journal_add_match(j, muid, 0)) ||
-                (r = sd_journal_add_match(j, "_UID=0", 0))
-        );
-
-        if (r == 0 && endswith(unit, ".slice")) {
-                const char *m5;
-
-                m5 = strjoina("_SYSTEMD_SLICE=", unit);
-
-                /* Show all messages belonging to a slice */
-                (void)(
-                        (r = sd_journal_add_disjunction(j)) ||
-                        (r = sd_journal_add_match(j, m5, 0)) ||
-                        (r = sd_journal_add_match(j, muid, 0))
-                        );
-        }
-
-        return r;
-}
-
-static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) {
-        _cleanup_close_pair_ int pair[2] = { -1, -1 };
-        _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, rootfd = -1;
-        pid_t pid, child;
-        siginfo_t si;
-        char buf[37];
-        ssize_t k;
-        int r;
-
-        assert(machine);
-        assert(boot_id);
-
-        if (!machine_name_is_valid(machine))
-                return -EINVAL;
-
-        r = container_get_leader(machine, &pid);
-        if (r < 0)
-                return r;
-
-        r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, NULL, &rootfd);
-        if (r < 0)
-                return r;
-
-        if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
-                return -errno;
-
-        child = fork();
-        if (child < 0)
-                return -errno;
-
-        if (child == 0) {
-                int fd;
-
-                pair[0] = safe_close(pair[0]);
-
-                r = namespace_enter(pidnsfd, mntnsfd, -1, -1, rootfd);
-                if (r < 0)
-                        _exit(EXIT_FAILURE);
-
-                fd = open("/proc/sys/kernel/random/boot_id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                if (fd < 0)
-                        _exit(EXIT_FAILURE);
-
-                r = loop_read_exact(fd, buf, 36, false);
-                safe_close(fd);
-                if (r < 0)
-                        _exit(EXIT_FAILURE);
-
-                k = send(pair[1], buf, 36, MSG_NOSIGNAL);
-                if (k != 36)
-                        _exit(EXIT_FAILURE);
-
-                _exit(EXIT_SUCCESS);
-        }
-
-        pair[1] = safe_close(pair[1]);
-
-        r = wait_for_terminate(child, &si);
-        if (r < 0 || si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS)
-                return r < 0 ? r : -EIO;
-
-        k = recv(pair[0], buf, 36, 0);
-        if (k != 36)
-                return -EIO;
-
-        buf[36] = 0;
-        r = sd_id128_from_string(buf, boot_id);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int add_match_this_boot(sd_journal *j, const char *machine) {
-        char match[9+32+1] = "_BOOT_ID=";
-        sd_id128_t boot_id;
-        int r;
-
-        assert(j);
-
-        if (machine) {
-                r = get_boot_id_for_machine(machine, &boot_id);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get boot id of container %s: %m", machine);
-        } else {
-                r = sd_id128_get_boot(&boot_id);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get boot id: %m");
-        }
-
-        sd_id128_to_string(boot_id, match + 9);
-        r = sd_journal_add_match(j, match, strlen(match));
-        if (r < 0)
-                return log_error_errno(r, "Failed to add match: %m");
-
-        r = sd_journal_add_conjunction(j);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add conjunction: %m");
-
-        return 0;
-}
-
-int show_journal_by_unit(
-                FILE *f,
-                const char *unit,
-                OutputMode mode,
-                unsigned n_columns,
-                usec_t not_before,
-                unsigned how_many,
-                uid_t uid,
-                OutputFlags flags,
-                int journal_open_flags,
-                bool system_unit,
-                bool *ellipsized) {
-
-        _cleanup_(sd_journal_closep) sd_journal *j = NULL;
-        int r;
-
-        assert(mode >= 0);
-        assert(mode < _OUTPUT_MODE_MAX);
-        assert(unit);
-
-        if (how_many <= 0)
-                return 0;
-
-        r = sd_journal_open(&j, journal_open_flags);
-        if (r < 0)
-                return log_error_errno(r, "Failed to open journal: %m");
-
-        r = add_match_this_boot(j, NULL);
-        if (r < 0)
-                return r;
-
-        if (system_unit)
-                r = add_matches_for_unit(j, unit);
-        else
-                r = add_matches_for_user_unit(j, unit, uid);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add unit matches: %m");
-
-        if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
-                _cleanup_free_ char *filter;
-
-                filter = journal_make_match_string(j);
-                if (!filter)
-                        return log_oom();
-
-                log_debug("Journal filter: %s", filter);
-        }
-
-        return show_journal(f, j, mode, n_columns, not_before, how_many, flags, ellipsized);
-}
diff --git a/src/shared/logs-show.h b/src/shared/logs-show.h
deleted file mode 100644
index 6643440881..0000000000
--- a/src/shared/logs-show.h
+++ /dev/null
@@ -1,70 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <sys/types.h>
-
-#include "sd-journal.h"
-
-#include "macro.h"
-#include "output-mode.h"
-#include "time-util.h"
-#include "util.h"
-
-int output_journal(
-                FILE *f,
-                sd_journal *j,
-                OutputMode mode,
-                unsigned n_columns,
-                OutputFlags flags,
-                bool *ellipsized);
-
-int add_match_this_boot(sd_journal *j, const char *machine);
-
-int add_matches_for_unit(
-                sd_journal *j,
-                const char *unit);
-
-int add_matches_for_user_unit(
-                sd_journal *j,
-                const char *unit,
-                uid_t uid);
-
-int show_journal_by_unit(
-                FILE *f,
-                const char *unit,
-                OutputMode mode,
-                unsigned n_columns,
-                usec_t not_before,
-                unsigned how_many,
-                uid_t uid,
-                OutputFlags flags,
-                int journal_open_flags,
-                bool system_unit,
-                bool *ellipsized);
-
-void json_escape(
-                FILE *f,
-                const char* p,
-                size_t l,
-                OutputFlags flags);
diff --git a/src/shared/machine-pool.c b/src/shared/machine-pool.c
deleted file mode 100644
index 23890c63a0..0000000000
--- a/src/shared/machine-pool.c
+++ /dev/null
@@ -1,426 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/loop.h>
-#include <signal.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/file.h>
-#include <sys/ioctl.h>
-#include <sys/mount.h>
-#include <sys/prctl.h>
-#include <sys/stat.h>
-#include <sys/statfs.h>
-#include <sys/statvfs.h>
-#include <unistd.h>
-
-#include "sd-bus-protocol.h"
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "btrfs-util.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "fs-util.h"
-#include "lockfile-util.h"
-#include "log.h"
-#include "machine-pool.h"
-#include "macro.h"
-#include "missing.h"
-#include "mkdir.h"
-#include "mount-util.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "signal-util.h"
-#include "stat-util.h"
-#include "string-util.h"
-
-#define VAR_LIB_MACHINES_SIZE_START (1024UL*1024UL*500UL)
-#define VAR_LIB_MACHINES_FREE_MIN (1024UL*1024UL*750UL)
-
-static int check_btrfs(void) {
-        struct statfs sfs;
-
-        if (statfs("/var/lib/machines", &sfs) < 0) {
-                if (errno != ENOENT)
-                        return -errno;
-
-                if (statfs("/var/lib", &sfs) < 0)
-                        return -errno;
-        }
-
-        return F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC);
-}
-
-static int setup_machine_raw(uint64_t size, sd_bus_error *error) {
-        _cleanup_free_ char *tmp = NULL;
-        _cleanup_close_ int fd = -1;
-        struct statvfs ss;
-        pid_t pid = 0;
-        siginfo_t si;
-        int r;
-
-        /* We want to be able to make use of btrfs-specific file
-         * system features, in particular subvolumes, reflinks and
-         * quota. Hence, if we detect that /var/lib/machines.raw is
-         * not located on btrfs, let's create a loopback file, place a
-         * btrfs file system into it, and mount it to
-         * /var/lib/machines. */
-
-        fd = open("/var/lib/machines.raw", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
-        if (fd >= 0) {
-                r = fd;
-                fd = -1;
-                return r;
-        }
-
-        if (errno != ENOENT)
-                return sd_bus_error_set_errnof(error, errno, "Failed to open /var/lib/machines.raw: %m");
-
-        r = tempfn_xxxxxx("/var/lib/machines.raw", NULL, &tmp);
-        if (r < 0)
-                return r;
-
-        (void) mkdir_p_label("/var/lib", 0755);
-        fd = open(tmp, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0600);
-        if (fd < 0)
-                return sd_bus_error_set_errnof(error, errno, "Failed to create /var/lib/machines.raw: %m");
-
-        if (fstatvfs(fd, &ss) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to determine free space on /var/lib/machines.raw: %m");
-                goto fail;
-        }
-
-        if (ss.f_bsize * ss.f_bavail < VAR_LIB_MACHINES_FREE_MIN) {
-                r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Not enough free disk space to set up /var/lib/machines.");
-                goto fail;
-        }
-
-        if (ftruncate(fd, size) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to enlarge /var/lib/machines.raw: %m");
-                goto fail;
-        }
-
-        pid = fork();
-        if (pid < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to fork mkfs.btrfs: %m");
-                goto fail;
-        }
-
-        if (pid == 0) {
-
-                /* Child */
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
-
-                fd = safe_close(fd);
-
-                execlp("mkfs.btrfs", "-Lvar-lib-machines", tmp, NULL);
-                if (errno == ENOENT)
-                        _exit(99);
-
-                _exit(EXIT_FAILURE);
-        }
-
-        r = wait_for_terminate(pid, &si);
-        if (r < 0) {
-                sd_bus_error_set_errnof(error, r, "Failed to wait for mkfs.btrfs: %m");
-                goto fail;
-        }
-
-        pid = 0;
-
-        if (si.si_code != CLD_EXITED) {
-                r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "mkfs.btrfs died abnormally.");
-                goto fail;
-        }
-        if (si.si_status == 99) {
-                r = sd_bus_error_set_errnof(error, ENOENT, "Cannot set up /var/lib/machines, mkfs.btrfs is missing");
-                goto fail;
-        }
-        if (si.si_status != 0) {
-                r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "mkfs.btrfs failed with error code %i", si.si_status);
-                goto fail;
-        }
-
-        r = rename_noreplace(AT_FDCWD, tmp, AT_FDCWD, "/var/lib/machines.raw");
-        if (r < 0) {
-                sd_bus_error_set_errnof(error, r, "Failed to move /var/lib/machines.raw into place: %m");
-                goto fail;
-        }
-
-        r = fd;
-        fd = -1;
-
-        return r;
-
-fail:
-        unlink_noerrno(tmp);
-
-        if (pid > 1)
-                kill_and_sigcont(pid, SIGKILL);
-
-        return r;
-}
-
-int setup_machine_directory(uint64_t size, sd_bus_error *error) {
-        _cleanup_release_lock_file_ LockFile lock_file = LOCK_FILE_INIT;
-        struct loop_info64 info = {
-                .lo_flags = LO_FLAGS_AUTOCLEAR,
-        };
-        _cleanup_close_ int fd = -1, control = -1, loop = -1;
-        _cleanup_free_ char* loopdev = NULL;
-        char tmpdir[] = "/tmp/machine-pool.XXXXXX", *mntdir = NULL;
-        bool tmpdir_made = false, mntdir_made = false, mntdir_mounted = false;
-        char buf[FORMAT_BYTES_MAX];
-        int r, nr = -1;
-
-        /* btrfs cannot handle file systems < 16M, hence use this as minimum */
-        if (size == (uint64_t) -1)
-                size = VAR_LIB_MACHINES_SIZE_START;
-        else if (size < 16*1024*1024)
-                size = 16*1024*1024;
-
-        /* Make sure we only set the directory up once at a time */
-        r = make_lock_file("/run/systemd/machines.lock", LOCK_EX, &lock_file);
-        if (r < 0)
-                return r;
-
-        r = check_btrfs();
-        if (r < 0)
-                return sd_bus_error_set_errnof(error, r, "Failed to determine whether /var/lib/machines is located on btrfs: %m");
-        if (r > 0) {
-                (void) btrfs_subvol_make_label("/var/lib/machines");
-
-                r = btrfs_quota_enable("/var/lib/machines", true);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to enable quota for /var/lib/machines, ignoring: %m");
-
-                r = btrfs_subvol_auto_qgroup("/var/lib/machines", 0, true);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to set up default quota hierarchy for /var/lib/machines, ignoring: %m");
-
-                return 1;
-        }
-
-        if (path_is_mount_point("/var/lib/machines", AT_SYMLINK_FOLLOW) > 0) {
-                log_debug("/var/lib/machines is already a mount point, not creating loopback file for it.");
-                return 0;
-        }
-
-        r = dir_is_populated("/var/lib/machines");
-        if (r < 0 && r != -ENOENT)
-                return r;
-        if (r > 0) {
-                log_debug("/var/log/machines is already populated, not creating loopback file for it.");
-                return 0;
-        }
-
-        r = mkfs_exists("btrfs");
-        if (r == 0)
-                return sd_bus_error_set_errnof(error, ENOENT, "Cannot set up /var/lib/machines, mkfs.btrfs is missing");
-        if (r < 0)
-                return r;
-
-        fd = setup_machine_raw(size, error);
-        if (fd < 0)
-                return fd;
-
-        control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
-        if (control < 0)
-                return sd_bus_error_set_errnof(error, errno, "Failed to open /dev/loop-control: %m");
-
-        nr = ioctl(control, LOOP_CTL_GET_FREE);
-        if (nr < 0)
-                return sd_bus_error_set_errnof(error, errno, "Failed to allocate loop device: %m");
-
-        if (asprintf(&loopdev, "/dev/loop%i", nr) < 0) {
-                r = -ENOMEM;
-                goto fail;
-        }
-
-        loop = open(loopdev, O_CLOEXEC|O_RDWR|O_NOCTTY|O_NONBLOCK);
-        if (loop < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to open loopback device: %m");
-                goto fail;
-        }
-
-        if (ioctl(loop, LOOP_SET_FD, fd) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to bind loopback device: %m");
-                goto fail;
-        }
-
-        if (ioctl(loop, LOOP_SET_STATUS64, &info) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to enable auto-clear for loopback device: %m");
-                goto fail;
-        }
-
-        /* We need to make sure the new /var/lib/machines directory
-         * has an access mode of 0700 at the time it is first made
-         * available. mkfs will create it with 0755 however. Hence,
-         * let's mount the directory into an inaccessible directory
-         * below /tmp first, fix the access mode, and move it to the
-         * public place then. */
-
-        if (!mkdtemp(tmpdir)) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to create temporary mount parent directory: %m");
-                goto fail;
-        }
-        tmpdir_made = true;
-
-        mntdir = strjoina(tmpdir, "/mnt");
-        if (mkdir(mntdir, 0700) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to create temporary mount directory: %m");
-                goto fail;
-        }
-        mntdir_made = true;
-
-        if (mount(loopdev, mntdir, "btrfs", 0, NULL) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to mount loopback device: %m");
-                goto fail;
-        }
-        mntdir_mounted = true;
-
-        r = btrfs_quota_enable(mntdir, true);
-        if (r < 0)
-                log_warning_errno(r, "Failed to enable quota, ignoring: %m");
-
-        r = btrfs_subvol_auto_qgroup(mntdir, 0, true);
-        if (r < 0)
-                log_warning_errno(r, "Failed to set up default quota hierarchy, ignoring: %m");
-
-        if (chmod(mntdir, 0700) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to fix owner: %m");
-                goto fail;
-        }
-
-        (void) mkdir_p_label("/var/lib/machines", 0700);
-
-        if (mount(mntdir, "/var/lib/machines", NULL, MS_BIND, NULL) < 0) {
-                r = sd_bus_error_set_errnof(error, errno, "Failed to mount directory into right place: %m");
-                goto fail;
-        }
-
-        (void) syncfs(fd);
-
-        log_info("Set up /var/lib/machines as btrfs loopback file system of size %s mounted on /var/lib/machines.raw.", format_bytes(buf, sizeof(buf), size));
-
-        (void) umount2(mntdir, MNT_DETACH);
-        (void) rmdir(mntdir);
-        (void) rmdir(tmpdir);
-
-        return 1;
-
-fail:
-        if (mntdir_mounted)
-                (void) umount2(mntdir, MNT_DETACH);
-
-        if (mntdir_made)
-                (void) rmdir(mntdir);
-        if (tmpdir_made)
-                (void) rmdir(tmpdir);
-
-        if (loop >= 0) {
-                (void) ioctl(loop, LOOP_CLR_FD);
-                loop = safe_close(loop);
-        }
-
-        if (control >= 0 && nr >= 0)
-                (void) ioctl(control, LOOP_CTL_REMOVE, nr);
-
-        return r;
-}
-
-static int sync_path(const char *p) {
-        _cleanup_close_ int fd = -1;
-
-        fd = open(p, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-        if (fd < 0)
-                return -errno;
-
-        if (syncfs(fd) < 0)
-                return -errno;
-
-        return 0;
-}
-
-int grow_machine_directory(void) {
-        char buf[FORMAT_BYTES_MAX];
-        struct statvfs a, b;
-        uint64_t old_size, new_size, max_add;
-        int r;
-
-        /* Ensure the disk space data is accurate */
-        sync_path("/var/lib/machines");
-        sync_path("/var/lib/machines.raw");
-
-        if (statvfs("/var/lib/machines.raw", &a) < 0)
-                return -errno;
-
-        if (statvfs("/var/lib/machines", &b) < 0)
-                return -errno;
-
-        /* Don't grow if not enough disk space is available on the host */
-        if (((uint64_t) a.f_bavail * (uint64_t) a.f_bsize) <= VAR_LIB_MACHINES_FREE_MIN)
-                return 0;
-
-        /* Don't grow if at least 1/3th of the fs is still free */
-        if (b.f_bavail > b.f_blocks / 3)
-                return 0;
-
-        /* Calculate how much we are willing to add at most */
-        max_add = ((uint64_t) a.f_bavail * (uint64_t) a.f_bsize) - VAR_LIB_MACHINES_FREE_MIN;
-
-        /* Calculate the old size */
-        old_size = (uint64_t) b.f_blocks * (uint64_t) b.f_bsize;
-
-        /* Calculate the new size as three times the size of what is used right now */
-        new_size = ((uint64_t) b.f_blocks - (uint64_t) b.f_bavail) * (uint64_t) b.f_bsize * 3;
-
-        /* Always, grow at least to the start size */
-        if (new_size < VAR_LIB_MACHINES_SIZE_START)
-                new_size = VAR_LIB_MACHINES_SIZE_START;
-
-        /* If the new size is smaller than the old size, don't grow */
-        if (new_size < old_size)
-                return 0;
-
-        /* Ensure we never add more than the maximum */
-        if (new_size > old_size + max_add)
-                new_size = old_size + max_add;
-
-        r = btrfs_resize_loopback("/var/lib/machines", new_size, true);
-        if (r <= 0)
-                return r;
-
-        /* Also bump the quota, of both the subvolume leaf qgroup, as
-         * well as of any subtree quota group by the same id but a
-         * higher level, if it exists. */
-        (void) btrfs_qgroup_set_limit("/var/lib/machines", 0, new_size);
-        (void) btrfs_subvol_set_subtree_quota_limit("/var/lib/machines", 0, new_size);
-
-        log_info("Grew /var/lib/machines btrfs loopback file system to %s.", format_bytes(buf, sizeof(buf), new_size));
-        return 1;
-}
diff --git a/src/shared/machine-pool.h b/src/shared/machine-pool.h
deleted file mode 100644
index 40fe5ecb3a..0000000000
--- a/src/shared/machine-pool.h
+++ /dev/null
@@ -1,30 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdint.h>
-
-#include "sd-bus.h"
-
-/* Grow the /var/lib/machines directory after each 10MiB written */
-#define GROW_INTERVAL_BYTES (UINT64_C(10) * UINT64_C(1024) * UINT64_C(1024))
-
-int setup_machine_directory(uint64_t size, sd_bus_error *error);
-int grow_machine_directory(void);
diff --git a/src/shared/ptyfwd.c b/src/shared/ptyfwd.c
deleted file mode 100644
index 02c03b98d8..0000000000
--- a/src/shared/ptyfwd.c
+++ /dev/null
@@ -1,484 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010-2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <limits.h>
-#include <signal.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/epoll.h>
-#include <sys/ioctl.h>
-#include <sys/time.h>
-#include <termios.h>
-#include <unistd.h>
-
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "log.h"
-#include "macro.h"
-#include "ptyfwd.h"
-#include "time-util.h"
-
-struct PTYForward {
-        sd_event *event;
-
-        int master;
-
-        PTYForwardFlags flags;
-
-        sd_event_source *stdin_event_source;
-        sd_event_source *stdout_event_source;
-        sd_event_source *master_event_source;
-
-        sd_event_source *sigwinch_event_source;
-
-        struct termios saved_stdin_attr;
-        struct termios saved_stdout_attr;
-
-        bool saved_stdin:1;
-        bool saved_stdout:1;
-
-        bool stdin_readable:1;
-        bool stdin_hangup:1;
-        bool stdout_writable:1;
-        bool stdout_hangup:1;
-        bool master_readable:1;
-        bool master_writable:1;
-        bool master_hangup:1;
-
-        bool read_from_master:1;
-
-        bool last_char_set:1;
-        char last_char;
-
-        char in_buffer[LINE_MAX], out_buffer[LINE_MAX];
-        size_t in_buffer_full, out_buffer_full;
-
-        usec_t escape_timestamp;
-        unsigned escape_counter;
-};
-
-#define ESCAPE_USEC (1*USEC_PER_SEC)
-
-static bool look_for_escape(PTYForward *f, const char *buffer, size_t n) {
-        const char *p;
-
-        assert(f);
-        assert(buffer);
-        assert(n > 0);
-
-        for (p = buffer; p < buffer + n; p++) {
-
-                /* Check for ^] */
-                if (*p == 0x1D) {
-                        usec_t nw = now(CLOCK_MONOTONIC);
-
-                        if (f->escape_counter == 0 || nw > f->escape_timestamp + ESCAPE_USEC)  {
-                                f->escape_timestamp = nw;
-                                f->escape_counter = 1;
-                        } else {
-                                (f->escape_counter)++;
-
-                                if (f->escape_counter >= 3)
-                                        return true;
-                        }
-                } else {
-                        f->escape_timestamp = 0;
-                        f->escape_counter = 0;
-                }
-        }
-
-        return false;
-}
-
-static bool ignore_vhangup(PTYForward *f) {
-        assert(f);
-
-        if (f->flags & PTY_FORWARD_IGNORE_VHANGUP)
-                return true;
-
-        if ((f->flags & PTY_FORWARD_IGNORE_INITIAL_VHANGUP) && !f->read_from_master)
-                return true;
-
-        return false;
-}
-
-static int shovel(PTYForward *f) {
-        ssize_t k;
-
-        assert(f);
-
-        while ((f->stdin_readable && f->in_buffer_full <= 0) ||
-               (f->master_writable && f->in_buffer_full > 0) ||
-               (f->master_readable && f->out_buffer_full <= 0) ||
-               (f->stdout_writable && f->out_buffer_full > 0)) {
-
-                if (f->stdin_readable && f->in_buffer_full < LINE_MAX) {
-
-                        k = read(STDIN_FILENO, f->in_buffer + f->in_buffer_full, LINE_MAX - f->in_buffer_full);
-                        if (k < 0) {
-
-                                if (errno == EAGAIN)
-                                        f->stdin_readable = false;
-                                else if (errno == EIO || errno == EPIPE || errno == ECONNRESET) {
-                                        f->stdin_readable = false;
-                                        f->stdin_hangup = true;
-
-                                        f->stdin_event_source = sd_event_source_unref(f->stdin_event_source);
-                                } else {
-                                        log_error_errno(errno, "read(): %m");
-                                        return sd_event_exit(f->event, EXIT_FAILURE);
-                                }
-                        } else if (k == 0) {
-                                /* EOF on stdin */
-                                f->stdin_readable = false;
-                                f->stdin_hangup = true;
-
-                                f->stdin_event_source = sd_event_source_unref(f->stdin_event_source);
-                        } else  {
-                                /* Check if ^] has been
-                                 * pressed three times within
-                                 * one second. If we get this
-                                 * we quite immediately. */
-                                if (look_for_escape(f, f->in_buffer + f->in_buffer_full, k))
-                                        return sd_event_exit(f->event, EXIT_FAILURE);
-
-                                f->in_buffer_full += (size_t) k;
-                        }
-                }
-
-                if (f->master_writable && f->in_buffer_full > 0) {
-
-                        k = write(f->master, f->in_buffer, f->in_buffer_full);
-                        if (k < 0) {
-
-                                if (errno == EAGAIN || errno == EIO)
-                                        f->master_writable = false;
-                                else if (errno == EPIPE || errno == ECONNRESET) {
-                                        f->master_writable = f->master_readable = false;
-                                        f->master_hangup = true;
-
-                                        f->master_event_source = sd_event_source_unref(f->master_event_source);
-                                } else {
-                                        log_error_errno(errno, "write(): %m");
-                                        return sd_event_exit(f->event, EXIT_FAILURE);
-                                }
-                        } else {
-                                assert(f->in_buffer_full >= (size_t) k);
-                                memmove(f->in_buffer, f->in_buffer + k, f->in_buffer_full - k);
-                                f->in_buffer_full -= k;
-                        }
-                }
-
-                if (f->master_readable && f->out_buffer_full < LINE_MAX) {
-
-                        k = read(f->master, f->out_buffer + f->out_buffer_full, LINE_MAX - f->out_buffer_full);
-                        if (k < 0) {
-
-                                /* Note that EIO on the master device
-                                 * might be caused by vhangup() or
-                                 * temporary closing of everything on
-                                 * the other side, we treat it like
-                                 * EAGAIN here and try again, unless
-                                 * ignore_vhangup is off. */
-
-                                if (errno == EAGAIN || (errno == EIO && ignore_vhangup(f)))
-                                        f->master_readable = false;
-                                else if (errno == EPIPE || errno == ECONNRESET || errno == EIO) {
-                                        f->master_readable = f->master_writable = false;
-                                        f->master_hangup = true;
-
-                                        f->master_event_source = sd_event_source_unref(f->master_event_source);
-                                } else {
-                                        log_error_errno(errno, "read(): %m");
-                                        return sd_event_exit(f->event, EXIT_FAILURE);
-                                }
-                        }  else {
-                                f->read_from_master = true;
-                                f->out_buffer_full += (size_t) k;
-                        }
-                }
-
-                if (f->stdout_writable && f->out_buffer_full > 0) {
-
-                        k = write(STDOUT_FILENO, f->out_buffer, f->out_buffer_full);
-                        if (k < 0) {
-
-                                if (errno == EAGAIN)
-                                        f->stdout_writable = false;
-                                else if (errno == EIO || errno == EPIPE || errno == ECONNRESET) {
-                                        f->stdout_writable = false;
-                                        f->stdout_hangup = true;
-                                        f->stdout_event_source = sd_event_source_unref(f->stdout_event_source);
-                                } else {
-                                        log_error_errno(errno, "write(): %m");
-                                        return sd_event_exit(f->event, EXIT_FAILURE);
-                                }
-
-                        } else {
-
-                                if (k > 0) {
-                                        f->last_char = f->out_buffer[k-1];
-                                        f->last_char_set = true;
-                                }
-
-                                assert(f->out_buffer_full >= (size_t) k);
-                                memmove(f->out_buffer, f->out_buffer + k, f->out_buffer_full - k);
-                                f->out_buffer_full -= k;
-                        }
-                }
-        }
-
-        if (f->stdin_hangup || f->stdout_hangup || f->master_hangup) {
-                /* Exit the loop if any side hung up and if there's
-                 * nothing more to write or nothing we could write. */
-
-                if ((f->out_buffer_full <= 0 || f->stdout_hangup) &&
-                    (f->in_buffer_full <= 0 || f->master_hangup))
-                        return sd_event_exit(f->event, EXIT_SUCCESS);
-        }
-
-        return 0;
-}
-
-static int on_master_event(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
-        PTYForward *f = userdata;
-
-        assert(f);
-        assert(e);
-        assert(e == f->master_event_source);
-        assert(fd >= 0);
-        assert(fd == f->master);
-
-        if (revents & (EPOLLIN|EPOLLHUP))
-                f->master_readable = true;
-
-        if (revents & (EPOLLOUT|EPOLLHUP))
-                f->master_writable = true;
-
-        return shovel(f);
-}
-
-static int on_stdin_event(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
-        PTYForward *f = userdata;
-
-        assert(f);
-        assert(e);
-        assert(e == f->stdin_event_source);
-        assert(fd >= 0);
-        assert(fd == STDIN_FILENO);
-
-        if (revents & (EPOLLIN|EPOLLHUP))
-                f->stdin_readable = true;
-
-        return shovel(f);
-}
-
-static int on_stdout_event(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
-        PTYForward *f = userdata;
-
-        assert(f);
-        assert(e);
-        assert(e == f->stdout_event_source);
-        assert(fd >= 0);
-        assert(fd == STDOUT_FILENO);
-
-        if (revents & (EPOLLOUT|EPOLLHUP))
-                f->stdout_writable = true;
-
-        return shovel(f);
-}
-
-static int on_sigwinch_event(sd_event_source *e, const struct signalfd_siginfo *si, void *userdata) {
-        PTYForward *f = userdata;
-        struct winsize ws;
-
-        assert(f);
-        assert(e);
-        assert(e == f->sigwinch_event_source);
-
-        /* The window size changed, let's forward that. */
-        if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &ws) >= 0)
-                (void) ioctl(f->master, TIOCSWINSZ, &ws);
-
-        return 0;
-}
-
-int pty_forward_new(
-                sd_event *event,
-                int master,
-                PTYForwardFlags flags,
-                PTYForward **ret) {
-
-        _cleanup_(pty_forward_freep) PTYForward *f = NULL;
-        struct winsize ws;
-        int r;
-
-        f = new0(PTYForward, 1);
-        if (!f)
-                return -ENOMEM;
-
-        f->flags = flags;
-
-        if (event)
-                f->event = sd_event_ref(event);
-        else {
-                r = sd_event_default(&f->event);
-                if (r < 0)
-                        return r;
-        }
-
-        if (!(flags & PTY_FORWARD_READ_ONLY)) {
-                r = fd_nonblock(STDIN_FILENO, true);
-                if (r < 0)
-                        return r;
-
-                r = fd_nonblock(STDOUT_FILENO, true);
-                if (r < 0)
-                        return r;
-        }
-
-        r = fd_nonblock(master, true);
-        if (r < 0)
-                return r;
-
-        f->master = master;
-
-        if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &ws) >= 0)
-                (void) ioctl(master, TIOCSWINSZ, &ws);
-
-        if (!(flags & PTY_FORWARD_READ_ONLY)) {
-                if (tcgetattr(STDIN_FILENO, &f->saved_stdin_attr) >= 0) {
-                        struct termios raw_stdin_attr;
-
-                        f->saved_stdin = true;
-
-                        raw_stdin_attr = f->saved_stdin_attr;
-                        cfmakeraw(&raw_stdin_attr);
-                        raw_stdin_attr.c_oflag = f->saved_stdin_attr.c_oflag;
-                        tcsetattr(STDIN_FILENO, TCSANOW, &raw_stdin_attr);
-                }
-
-                if (tcgetattr(STDOUT_FILENO, &f->saved_stdout_attr) >= 0) {
-                        struct termios raw_stdout_attr;
-
-                        f->saved_stdout = true;
-
-                        raw_stdout_attr = f->saved_stdout_attr;
-                        cfmakeraw(&raw_stdout_attr);
-                        raw_stdout_attr.c_iflag = f->saved_stdout_attr.c_iflag;
-                        raw_stdout_attr.c_lflag = f->saved_stdout_attr.c_lflag;
-                        tcsetattr(STDOUT_FILENO, TCSANOW, &raw_stdout_attr);
-                }
-
-                r = sd_event_add_io(f->event, &f->stdin_event_source, STDIN_FILENO, EPOLLIN|EPOLLET, on_stdin_event, f);
-                if (r < 0 && r != -EPERM)
-                        return r;
-        }
-
-        r = sd_event_add_io(f->event, &f->stdout_event_source, STDOUT_FILENO, EPOLLOUT|EPOLLET, on_stdout_event, f);
-        if (r == -EPERM)
-                /* stdout without epoll support. Likely redirected to regular file. */
-                f->stdout_writable = true;
-        else if (r < 0)
-                return r;
-
-        r = sd_event_add_io(f->event, &f->master_event_source, master, EPOLLIN|EPOLLOUT|EPOLLET, on_master_event, f);
-        if (r < 0)
-                return r;
-
-        r = sd_event_add_signal(f->event, &f->sigwinch_event_source, SIGWINCH, on_sigwinch_event, f);
-        if (r < 0)
-                return r;
-
-        *ret = f;
-        f = NULL;
-
-        return 0;
-}
-
-PTYForward *pty_forward_free(PTYForward *f) {
-
-        if (f) {
-                sd_event_source_unref(f->stdin_event_source);
-                sd_event_source_unref(f->stdout_event_source);
-                sd_event_source_unref(f->master_event_source);
-                sd_event_source_unref(f->sigwinch_event_source);
-                sd_event_unref(f->event);
-
-                if (f->saved_stdout)
-                        tcsetattr(STDOUT_FILENO, TCSANOW, &f->saved_stdout_attr);
-                if (f->saved_stdin)
-                        tcsetattr(STDIN_FILENO, TCSANOW, &f->saved_stdin_attr);
-
-                free(f);
-        }
-
-        /* STDIN/STDOUT should not be nonblocking normally, so let's
-         * unconditionally reset it */
-        fd_nonblock(STDIN_FILENO, false);
-        fd_nonblock(STDOUT_FILENO, false);
-
-        return NULL;
-}
-
-int pty_forward_get_last_char(PTYForward *f, char *ch) {
-        assert(f);
-        assert(ch);
-
-        if (!f->last_char_set)
-                return -ENXIO;
-
-        *ch = f->last_char;
-        return 0;
-}
-
-int pty_forward_set_ignore_vhangup(PTYForward *f, bool b) {
-        int r;
-
-        assert(f);
-
-        if (!!(f->flags & PTY_FORWARD_IGNORE_VHANGUP) == b)
-                return 0;
-
-        SET_FLAG(f->flags, PTY_FORWARD_IGNORE_VHANGUP, b);
-
-        if (!ignore_vhangup(f)) {
-
-                /* We shall now react to vhangup()s? Let's check
-                 * immediately if we might be in one */
-
-                f->master_readable = true;
-                r = shovel(f);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-int pty_forward_get_ignore_vhangup(PTYForward *f) {
-        assert(f);
-
-        return !!(f->flags & PTY_FORWARD_IGNORE_VHANGUP);
-}
diff --git a/src/shared/ptyfwd.h b/src/shared/ptyfwd.h
deleted file mode 100644
index a046eb4e5e..0000000000
--- a/src/shared/ptyfwd.h
+++ /dev/null
@@ -1,48 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2010-2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <stdbool.h>
-
-#include "sd-event.h"
-
-#include "macro.h"
-
-typedef struct PTYForward PTYForward;
-
-typedef enum PTYForwardFlags {
-        PTY_FORWARD_READ_ONLY = 1,
-
-        /* Continue reading after hangup? */
-        PTY_FORWARD_IGNORE_VHANGUP = 2,
-
-        /* Continue reading after hangup but only if we never read anything else? */
-        PTY_FORWARD_IGNORE_INITIAL_VHANGUP = 4,
-} PTYForwardFlags;
-
-int pty_forward_new(sd_event *event, int master, PTYForwardFlags flags, PTYForward **f);
-PTYForward *pty_forward_free(PTYForward *f);
-
-int pty_forward_get_last_char(PTYForward *f, char *ch);
-
-int pty_forward_set_ignore_vhangup(PTYForward *f, bool ignore_vhangup);
-int pty_forward_get_ignore_vhangup(PTYForward *f);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(PTYForward*, pty_forward_free);
diff --git a/src/shared/specifier.c b/src/shared/specifier.c
deleted file mode 100644
index 1c17eb5251..0000000000
--- a/src/shared/specifier.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/utsname.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "hostname-util.h"
-#include "macro.h"
-#include "specifier.h"
-#include "string-util.h"
-
-/*
- * Generic infrastructure for replacing %x style specifiers in
- * strings. Will call a callback for each replacement.
- *
- */
-
-int specifier_printf(const char *text, const Specifier table[], void *userdata, char **_ret) {
-        char *ret, *t;
-        const char *f;
-        bool percent = false;
-        size_t l;
-        int r;
-
-        assert(text);
-        assert(table);
-
-        l = strlen(text);
-        ret = new(char, l+1);
-        if (!ret)
-                return -ENOMEM;
-
-        t = ret;
-
-        for (f = text; *f; f++, l--) {
-
-                if (percent) {
-                        if (*f == '%')
-                                *(t++) = '%';
-                        else {
-                                const Specifier *i;
-
-                                for (i = table; i->specifier; i++)
-                                        if (i->specifier == *f)
-                                                break;
-
-                                if (i->lookup) {
-                                        _cleanup_free_ char *w = NULL;
-                                        char *n;
-                                        size_t k, j;
-
-                                        r = i->lookup(i->specifier, i->data, userdata, &w);
-                                        if (r < 0) {
-                                                free(ret);
-                                                return r;
-                                        }
-
-                                        j = t - ret;
-                                        k = strlen(w);
-
-                                        n = new(char, j + k + l + 1);
-                                        if (!n) {
-                                                free(ret);
-                                                return -ENOMEM;
-                                        }
-
-                                        memcpy(n, ret, j);
-                                        memcpy(n + j, w, k);
-
-                                        free(ret);
-
-                                        ret = n;
-                                        t = n + j + k;
-                                } else {
-                                        *(t++) = '%';
-                                        *(t++) = *f;
-                                }
-                        }
-
-                        percent = false;
-                } else if (*f == '%')
-                        percent = true;
-                else
-                        *(t++) = *f;
-        }
-
-        *t = 0;
-        *_ret = ret;
-        return 0;
-}
-
-/* Generic handler for simple string replacements */
-
-int specifier_string(char specifier, void *data, void *userdata, char **ret) {
-        char *n;
-
-        n = strdup(strempty(data));
-        if (!n)
-                return -ENOMEM;
-
-        *ret = n;
-        return 0;
-}
-
-int specifier_machine_id(char specifier, void *data, void *userdata, char **ret) {
-        sd_id128_t id;
-        char *n;
-        int r;
-
-        r = sd_id128_get_machine(&id);
-        if (r < 0)
-                return r;
-
-        n = new(char, 33);
-        if (!n)
-                return -ENOMEM;
-
-        *ret = sd_id128_to_string(id, n);
-        return 0;
-}
-
-int specifier_boot_id(char specifier, void *data, void *userdata, char **ret) {
-        sd_id128_t id;
-        char *n;
-        int r;
-
-        r = sd_id128_get_boot(&id);
-        if (r < 0)
-                return r;
-
-        n = new(char, 33);
-        if (!n)
-                return -ENOMEM;
-
-        *ret = sd_id128_to_string(id, n);
-        return 0;
-}
-
-int specifier_host_name(char specifier, void *data, void *userdata, char **ret) {
-        char *n;
-
-        n = gethostname_malloc();
-        if (!n)
-                return -ENOMEM;
-
-        *ret = n;
-        return 0;
-}
-
-int specifier_kernel_release(char specifier, void *data, void *userdata, char **ret) {
-        struct utsname uts;
-        char *n;
-        int r;
-
-        r = uname(&uts);
-        if (r < 0)
-                return -errno;
-
-        n = strdup(uts.release);
-        if (!n)
-                return -ENOMEM;
-
-        *ret = n;
-        return 0;
-}
diff --git a/src/sleep/Makefile b/src/sleep/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/sleep/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
deleted file mode 100644
index c8f0742183..0000000000
--- a/src/sleep/sleep.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-  Copyright 2013 Zbigniew Jędrzejewski-Szmek
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <getopt.h>
-#include <stdio.h>
-
-#include "sd-messages.h"
-
-#include "def.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "log.h"
-#include "sleep-config.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-static char* arg_verb = NULL;
-
-static int write_mode(char **modes) {
-        int r = 0;
-        char **mode;
-
-        STRV_FOREACH(mode, modes) {
-                int k;
-
-                k = write_string_file("/sys/power/disk", *mode, 0);
-                if (k == 0)
-                        return 0;
-
-                log_debug_errno(k, "Failed to write '%s' to /sys/power/disk: %m",
-                                *mode);
-                if (r == 0)
-                        r = k;
-        }
-
-        if (r < 0)
-                log_error_errno(r, "Failed to write mode to /sys/power/disk: %m");
-
-        return r;
-}
-
-static int write_state(FILE **f, char **states) {
-        char **state;
-        int r = 0;
-
-        STRV_FOREACH(state, states) {
-                int k;
-
-                k = write_string_stream(*f, *state, true);
-                if (k == 0)
-                        return 0;
-                log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m",
-                                *state);
-                if (r == 0)
-                        r = k;
-
-                fclose(*f);
-                *f = fopen("/sys/power/state", "we");
-                if (!*f)
-                        return log_error_errno(errno, "Failed to open /sys/power/state: %m");
-        }
-
-        return r;
-}
-
-static int execute(char **modes, char **states) {
-
-        char *arguments[] = {
-                NULL,
-                (char*) "pre",
-                arg_verb,
-                NULL
-        };
-        static const char* const dirs[] = {SYSTEM_SLEEP_PATH, NULL};
-
-        int r;
-        _cleanup_fclose_ FILE *f = NULL;
-
-        /* This file is opened first, so that if we hit an error,
-         * we can abort before modifying any state. */
-        f = fopen("/sys/power/state", "we");
-        if (!f)
-                return log_error_errno(errno, "Failed to open /sys/power/state: %m");
-
-        /* Configure the hibernation mode */
-        r = write_mode(modes);
-        if (r < 0)
-                return r;
-
-        execute_directories(dirs, DEFAULT_TIMEOUT_USEC, arguments);
-
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_SLEEP_START),
-                   LOG_MESSAGE("Suspending system..."),
-                   "SLEEP=%s", arg_verb,
-                   NULL);
-
-        r = write_state(&f, states);
-        if (r < 0)
-                return r;
-
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_SLEEP_STOP),
-                   LOG_MESSAGE("System resumed."),
-                   "SLEEP=%s", arg_verb,
-                   NULL);
-
-        arguments[1] = (char*) "post";
-        execute_directories(dirs, DEFAULT_TIMEOUT_USEC, arguments);
-
-        return r;
-}
-
-static void help(void) {
-        printf("%s COMMAND\n\n"
-               "Suspend the system, hibernate the system, or both.\n\n"
-               "Commands:\n"
-               "  -h --help            Show this help and exit\n"
-               "  --version            Print version string and exit\n"
-               "  suspend              Suspend the system\n"
-               "  hibernate            Hibernate the system\n"
-               "  hybrid-sleep         Both hibernate and suspend the system\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        enum {
-                ARG_VERSION = 0x100,
-        };
-
-        static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'           },
-                { "version",      no_argument,       NULL, ARG_VERSION   },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
-                switch(c) {
-                case 'h':
-                        help();
-                        return 0; /* done */
-
-                case ARG_VERSION:
-                        return version();
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (argc - optind != 1) {
-                log_error("Usage: %s COMMAND",
-                          program_invocation_short_name);
-                return -EINVAL;
-        }
-
-        arg_verb = argv[optind];
-
-        if (!streq(arg_verb, "suspend") &&
-            !streq(arg_verb, "hibernate") &&
-            !streq(arg_verb, "hybrid-sleep")) {
-                log_error("Unknown command '%s'.", arg_verb);
-                return -EINVAL;
-        }
-
-        return 1 /* work to do */;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_strv_free_ char **modes = NULL, **states = NULL;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = parse_sleep_config(arg_verb, &modes, &states);
-        if (r < 0)
-                goto finish;
-
-        r = execute(modes, states);
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/socket-proxy/Makefile b/src/socket-proxy/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/socket-proxy/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c
deleted file mode 100644
index 52b4db8875..0000000000
--- a/src/socket-proxy/socket-proxyd.c
+++ /dev/null
@@ -1,679 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2013 David Strauss
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <unistd.h>
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-#include "sd-resolve.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "log.h"
-#include "path-util.h"
-#include "set.h"
-#include "socket-util.h"
-#include "string-util.h"
-#include "util.h"
-
-#define BUFFER_SIZE (256 * 1024)
-#define CONNECTIONS_MAX 256
-
-static const char *arg_remote_host = NULL;
-
-typedef struct Context {
-        sd_event *event;
-        sd_resolve *resolve;
-
-        Set *listen;
-        Set *connections;
-} Context;
-
-typedef struct Connection {
-        Context *context;
-
-        int server_fd, client_fd;
-        int server_to_client_buffer[2]; /* a pipe */
-        int client_to_server_buffer[2]; /* a pipe */
-
-        size_t server_to_client_buffer_full, client_to_server_buffer_full;
-        size_t server_to_client_buffer_size, client_to_server_buffer_size;
-
-        sd_event_source *server_event_source, *client_event_source;
-
-        sd_resolve_query *resolve_query;
-} Connection;
-
-static void connection_free(Connection *c) {
-        assert(c);
-
-        if (c->context)
-                set_remove(c->context->connections, c);
-
-        sd_event_source_unref(c->server_event_source);
-        sd_event_source_unref(c->client_event_source);
-
-        safe_close(c->server_fd);
-        safe_close(c->client_fd);
-
-        safe_close_pair(c->server_to_client_buffer);
-        safe_close_pair(c->client_to_server_buffer);
-
-        sd_resolve_query_unref(c->resolve_query);
-
-        free(c);
-}
-
-static void context_free(Context *context) {
-        sd_event_source *es;
-        Connection *c;
-
-        assert(context);
-
-        while ((es = set_steal_first(context->listen)))
-                sd_event_source_unref(es);
-
-        while ((c = set_first(context->connections)))
-                connection_free(c);
-
-        set_free(context->listen);
-        set_free(context->connections);
-
-        sd_event_unref(context->event);
-        sd_resolve_unref(context->resolve);
-}
-
-static int connection_create_pipes(Connection *c, int buffer[2], size_t *sz) {
-        int r;
-
-        assert(c);
-        assert(buffer);
-        assert(sz);
-
-        if (buffer[0] >= 0)
-                return 0;
-
-        r = pipe2(buffer, O_CLOEXEC|O_NONBLOCK);
-        if (r < 0)
-                return log_error_errno(errno, "Failed to allocate pipe buffer: %m");
-
-        (void) fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE);
-
-        r = fcntl(buffer[0], F_GETPIPE_SZ);
-        if (r < 0)
-                return log_error_errno(errno, "Failed to get pipe buffer size: %m");
-
-        assert(r > 0);
-        *sz = r;
-
-        return 0;
-}
-
-static int connection_shovel(
-                Connection *c,
-                int *from, int buffer[2], int *to,
-                size_t *full, size_t *sz,
-                sd_event_source **from_source, sd_event_source **to_source) {
-
-        bool shoveled;
-
-        assert(c);
-        assert(from);
-        assert(buffer);
-        assert(buffer[0] >= 0);
-        assert(buffer[1] >= 0);
-        assert(to);
-        assert(full);
-        assert(sz);
-        assert(from_source);
-        assert(to_source);
-
-        do {
-                ssize_t z;
-
-                shoveled = false;
-
-                if (*full < *sz && *from >= 0 && *to >= 0) {
-                        z = splice(*from, NULL, buffer[1], NULL, *sz - *full, SPLICE_F_MOVE|SPLICE_F_NONBLOCK);
-                        if (z > 0) {
-                                *full += z;
-                                shoveled = true;
-                        } else if (z == 0 || errno == EPIPE || errno == ECONNRESET) {
-                                *from_source = sd_event_source_unref(*from_source);
-                                *from = safe_close(*from);
-                        } else if (errno != EAGAIN && errno != EINTR)
-                                return log_error_errno(errno, "Failed to splice: %m");
-                }
-
-                if (*full > 0 && *to >= 0) {
-                        z = splice(buffer[0], NULL, *to, NULL, *full, SPLICE_F_MOVE|SPLICE_F_NONBLOCK);
-                        if (z > 0) {
-                                *full -= z;
-                                shoveled = true;
-                        } else if (z == 0 || errno == EPIPE || errno == ECONNRESET) {
-                                *to_source = sd_event_source_unref(*to_source);
-                                *to = safe_close(*to);
-                        } else if (errno != EAGAIN && errno != EINTR)
-                                return log_error_errno(errno, "Failed to splice: %m");
-                }
-        } while (shoveled);
-
-        return 0;
-}
-
-static int connection_enable_event_sources(Connection *c);
-
-static int traffic_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Connection *c = userdata;
-        int r;
-
-        assert(s);
-        assert(fd >= 0);
-        assert(c);
-
-        r = connection_shovel(c,
-                              &c->server_fd, c->server_to_client_buffer, &c->client_fd,
-                              &c->server_to_client_buffer_full, &c->server_to_client_buffer_size,
-                              &c->server_event_source, &c->client_event_source);
-        if (r < 0)
-                goto quit;
-
-        r = connection_shovel(c,
-                              &c->client_fd, c->client_to_server_buffer, &c->server_fd,
-                              &c->client_to_server_buffer_full, &c->client_to_server_buffer_size,
-                              &c->client_event_source, &c->server_event_source);
-        if (r < 0)
-                goto quit;
-
-        /* EOF on both sides? */
-        if (c->server_fd == -1 && c->client_fd == -1)
-                goto quit;
-
-        /* Server closed, and all data written to client? */
-        if (c->server_fd == -1 && c->server_to_client_buffer_full <= 0)
-                goto quit;
-
-        /* Client closed, and all data written to server? */
-        if (c->client_fd == -1 && c->client_to_server_buffer_full <= 0)
-                goto quit;
-
-        r = connection_enable_event_sources(c);
-        if (r < 0)
-                goto quit;
-
-        return 1;
-
-quit:
-        connection_free(c);
-        return 0; /* ignore errors, continue serving */
-}
-
-static int connection_enable_event_sources(Connection *c) {
-        uint32_t a = 0, b = 0;
-        int r;
-
-        assert(c);
-
-        if (c->server_to_client_buffer_full > 0)
-                b |= EPOLLOUT;
-        if (c->server_to_client_buffer_full < c->server_to_client_buffer_size)
-                a |= EPOLLIN;
-
-        if (c->client_to_server_buffer_full > 0)
-                a |= EPOLLOUT;
-        if (c->client_to_server_buffer_full < c->client_to_server_buffer_size)
-                b |= EPOLLIN;
-
-        if (c->server_event_source)
-                r = sd_event_source_set_io_events(c->server_event_source, a);
-        else if (c->server_fd >= 0)
-                r = sd_event_add_io(c->context->event, &c->server_event_source, c->server_fd, a, traffic_cb, c);
-        else
-                r = 0;
-
-        if (r < 0)
-                return log_error_errno(r, "Failed to set up server event source: %m");
-
-        if (c->client_event_source)
-                r = sd_event_source_set_io_events(c->client_event_source, b);
-        else if (c->client_fd >= 0)
-                r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, b, traffic_cb, c);
-        else
-                r = 0;
-
-        if (r < 0)
-                return log_error_errno(r, "Failed to set up client event source: %m");
-
-        return 0;
-}
-
-static int connection_complete(Connection *c) {
-        int r;
-
-        assert(c);
-
-        r = connection_create_pipes(c, c->server_to_client_buffer, &c->server_to_client_buffer_size);
-        if (r < 0)
-                goto fail;
-
-        r = connection_create_pipes(c, c->client_to_server_buffer, &c->client_to_server_buffer_size);
-        if (r < 0)
-                goto fail;
-
-        r = connection_enable_event_sources(c);
-        if (r < 0)
-                goto fail;
-
-        return 0;
-
-fail:
-        connection_free(c);
-        return 0; /* ignore errors, continue serving */
-}
-
-static int connect_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Connection *c = userdata;
-        socklen_t solen;
-        int error, r;
-
-        assert(s);
-        assert(fd >= 0);
-        assert(c);
-
-        solen = sizeof(error);
-        r = getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &solen);
-        if (r < 0) {
-                log_error_errno(errno, "Failed to issue SO_ERROR: %m");
-                goto fail;
-        }
-
-        if (error != 0) {
-                log_error_errno(error, "Failed to connect to remote host: %m");
-                goto fail;
-        }
-
-        c->client_event_source = sd_event_source_unref(c->client_event_source);
-
-        return connection_complete(c);
-
-fail:
-        connection_free(c);
-        return 0; /* ignore errors, continue serving */
-}
-
-static int connection_start(Connection *c, struct sockaddr *sa, socklen_t salen) {
-        int r;
-
-        assert(c);
-        assert(sa);
-        assert(salen);
-
-        c->client_fd = socket(sa->sa_family, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0);
-        if (c->client_fd < 0) {
-                log_error_errno(errno, "Failed to get remote socket: %m");
-                goto fail;
-        }
-
-        r = connect(c->client_fd, sa, salen);
-        if (r < 0) {
-                if (errno == EINPROGRESS) {
-                        r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, EPOLLOUT, connect_cb, c);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to add connection socket: %m");
-                                goto fail;
-                        }
-
-                        r = sd_event_source_set_enabled(c->client_event_source, SD_EVENT_ONESHOT);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to enable oneshot event source: %m");
-                                goto fail;
-                        }
-                } else {
-                        log_error_errno(errno, "Failed to connect to remote host: %m");
-                        goto fail;
-                }
-        } else {
-                r = connection_complete(c);
-                if (r < 0)
-                        goto fail;
-        }
-
-        return 0;
-
-fail:
-        connection_free(c);
-        return 0; /* ignore errors, continue serving */
-}
-
-static int resolve_cb(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
-        Connection *c = userdata;
-
-        assert(q);
-        assert(c);
-
-        if (ret != 0) {
-                log_error("Failed to resolve host: %s", gai_strerror(ret));
-                goto fail;
-        }
-
-        c->resolve_query = sd_resolve_query_unref(c->resolve_query);
-
-        return connection_start(c, ai->ai_addr, ai->ai_addrlen);
-
-fail:
-        connection_free(c);
-        return 0; /* ignore errors, continue serving */
-}
-
-static int resolve_remote(Connection *c) {
-
-        static const struct addrinfo hints = {
-                .ai_family = AF_UNSPEC,
-                .ai_socktype = SOCK_STREAM,
-                .ai_flags = AI_ADDRCONFIG
-        };
-
-        union sockaddr_union sa = {};
-        const char *node, *service;
-        int r;
-
-        if (path_is_absolute(arg_remote_host)) {
-                sa.un.sun_family = AF_UNIX;
-                strncpy(sa.un.sun_path, arg_remote_host, sizeof(sa.un.sun_path));
-                return connection_start(c, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-        }
-
-        if (arg_remote_host[0] == '@') {
-                sa.un.sun_family = AF_UNIX;
-                sa.un.sun_path[0] = 0;
-                strncpy(sa.un.sun_path+1, arg_remote_host+1, sizeof(sa.un.sun_path)-1);
-                return connection_start(c, &sa.sa, SOCKADDR_UN_LEN(sa.un));
-        }
-
-        service = strrchr(arg_remote_host, ':');
-        if (service) {
-                node = strndupa(arg_remote_host, service - arg_remote_host);
-                service++;
-        } else {
-                node = arg_remote_host;
-                service = "80";
-        }
-
-        log_debug("Looking up address info for %s:%s", node, service);
-        r = sd_resolve_getaddrinfo(c->context->resolve, &c->resolve_query, node, service, &hints, resolve_cb, c);
-        if (r < 0) {
-                log_error_errno(r, "Failed to resolve remote host: %m");
-                goto fail;
-        }
-
-        return 0;
-
-fail:
-        connection_free(c);
-        return 0; /* ignore errors, continue serving */
-}
-
-static int add_connection_socket(Context *context, int fd) {
-        Connection *c;
-        int r;
-
-        assert(context);
-        assert(fd >= 0);
-
-        if (set_size(context->connections) > CONNECTIONS_MAX) {
-                log_warning("Hit connection limit, refusing connection.");
-                safe_close(fd);
-                return 0;
-        }
-
-        r = set_ensure_allocated(&context->connections, NULL);
-        if (r < 0) {
-                log_oom();
-                return 0;
-        }
-
-        c = new0(Connection, 1);
-        if (!c) {
-                log_oom();
-                return 0;
-        }
-
-        c->context = context;
-        c->server_fd = fd;
-        c->client_fd = -1;
-        c->server_to_client_buffer[0] = c->server_to_client_buffer[1] = -1;
-        c->client_to_server_buffer[0] = c->client_to_server_buffer[1] = -1;
-
-        r = set_put(context->connections, c);
-        if (r < 0) {
-                free(c);
-                log_oom();
-                return 0;
-        }
-
-        return resolve_remote(c);
-}
-
-static int accept_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        _cleanup_free_ char *peer = NULL;
-        Context *context = userdata;
-        int nfd = -1, r;
-
-        assert(s);
-        assert(fd >= 0);
-        assert(revents & EPOLLIN);
-        assert(context);
-
-        nfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
-        if (nfd < 0) {
-                if (errno != -EAGAIN)
-                        log_warning_errno(errno, "Failed to accept() socket: %m");
-        } else {
-                getpeername_pretty(nfd, true, &peer);
-                log_debug("New connection from %s", strna(peer));
-
-                r = add_connection_socket(context, nfd);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to accept connection, ignoring: %m");
-                        safe_close(fd);
-                }
-        }
-
-        r = sd_event_source_set_enabled(s, SD_EVENT_ONESHOT);
-        if (r < 0) {
-                log_error_errno(r, "Error while re-enabling listener with ONESHOT: %m");
-                sd_event_exit(context->event, r);
-                return r;
-        }
-
-        return 1;
-}
-
-static int add_listen_socket(Context *context, int fd) {
-        sd_event_source *source;
-        int r;
-
-        assert(context);
-        assert(fd >= 0);
-
-        r = set_ensure_allocated(&context->listen, NULL);
-        if (r < 0) {
-                log_oom();
-                return r;
-        }
-
-        r = sd_is_socket(fd, 0, SOCK_STREAM, 1);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine socket type: %m");
-        if (r == 0) {
-                log_error("Passed in socket is not a stream socket.");
-                return -EINVAL;
-        }
-
-        r = fd_nonblock(fd, true);
-        if (r < 0)
-                return log_error_errno(r, "Failed to mark file descriptor non-blocking: %m");
-
-        r = sd_event_add_io(context->event, &source, fd, EPOLLIN, accept_cb, context);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add event source: %m");
-
-        r = set_put(context->listen, source);
-        if (r < 0) {
-                log_error_errno(r, "Failed to add source to set: %m");
-                sd_event_source_unref(source);
-                return r;
-        }
-
-        /* Set the watcher to oneshot in case other processes are also
-         * watching to accept(). */
-        r = sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enable oneshot mode: %m");
-
-        return 0;
-}
-
-static void help(void) {
-        printf("%1$s [HOST:PORT]\n"
-               "%1$s [SOCKET]\n\n"
-               "Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
-               "  -h --help              Show this help\n"
-               "     --version           Show package version\n",
-               program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_IGNORE_ENV
-        };
-
-        static const struct option options[] = {
-                { "help",       no_argument, NULL, 'h'           },
-                { "version",    no_argument, NULL, ARG_VERSION   },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (optind >= argc) {
-                log_error("Not enough parameters.");
-                return -EINVAL;
-        }
-
-        if (argc != optind+1) {
-                log_error("Too many parameters.");
-                return -EINVAL;
-        }
-
-        arg_remote_host = argv[optind];
-        return 1;
-}
-
-int main(int argc, char *argv[]) {
-        Context context = {};
-        int r, n, fd;
-
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = sd_event_default(&context.event);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate event loop: %m");
-                goto finish;
-        }
-
-        r = sd_resolve_default(&context.resolve);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate resolver: %m");
-                goto finish;
-        }
-
-        r = sd_resolve_attach_event(context.resolve, context.event, 0);
-        if (r < 0) {
-                log_error_errno(r, "Failed to attach resolver: %m");
-                goto finish;
-        }
-
-        sd_event_set_watchdog(context.event, true);
-
-        n = sd_listen_fds(1);
-        if (n < 0) {
-                log_error("Failed to receive sockets from parent.");
-                r = n;
-                goto finish;
-        } else if (n == 0) {
-                log_error("Didn't get any sockets passed in.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
-                r = add_listen_socket(&context, fd);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = sd_event_loop(context.event);
-        if (r < 0) {
-                log_error_errno(r, "Failed to run event loop: %m");
-                goto finish;
-        }
-
-finish:
-        context_free(&context);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c
deleted file mode 100644
index ce8efce3d5..0000000000
--- a/src/stdio-bridge/stdio-bridge.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <getopt.h>
-#include <poll.h>
-#include <stddef.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-daemon.h"
-
-#include "bus-internal.h"
-#include "bus-util.h"
-#include "build.h"
-#include "log.h"
-#include "util.h"
-
-#define DEFAULT_BUS_PATH "unix:path=/run/dbus/system_bus_socket"
-
-const char *arg_bus_path = DEFAULT_BUS_PATH;
-
-static int help(void) {
-
-        printf("%s [OPTIONS...]\n\n"
-               "STDIO or socket-activatable proxy to a given DBus endpoint.\n\n"
-               "  -h --help              Show this help\n"
-               "     --version           Show package version\n"
-               "     --bus-path=PATH     Path to the kernel bus (default: %s)\n",
-               program_invocation_short_name, DEFAULT_BUS_PATH);
-
-        return 0;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-        };
-
-        static const struct option options[] = {
-                { "help",            no_argument,       NULL, 'h'     },
-                { "bus-path",        required_argument, NULL, 'p'     },
-                { NULL,              0,                 NULL, 0       }
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hsup:", options, NULL)) >= 0) {
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case '?':
-                        return -EINVAL;
-
-                case 'p':
-                        arg_bus_path = optarg;
-                        break;
-
-                default:
-                        log_error("Unknown option code %c", c);
-                        return -EINVAL;
-                }
-        }
-
-        return 1;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_unrefp) sd_bus *a = NULL, *b = NULL;
-        sd_id128_t server_id;
-        bool is_unix;
-        int r, in_fd, out_fd;
-
-        log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = sd_listen_fds(0);
-        if (r == 0) {
-                in_fd = STDIN_FILENO;
-                out_fd = STDOUT_FILENO;
-        } else if (r == 1) {
-                in_fd = SD_LISTEN_FDS_START;
-                out_fd = SD_LISTEN_FDS_START;
-        } else {
-                log_error("Illegal number of file descriptors passed\n");
-                goto finish;
-        }
-
-        is_unix =
-                sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
-                sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
-
-        r = sd_bus_new(&a);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate bus: %m");
-                goto finish;
-        }
-
-        r = sd_bus_set_address(a, arg_bus_path);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set address to connect to: %m");
-                goto finish;
-        }
-
-        r = sd_bus_negotiate_fds(a, is_unix);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set FD negotiation: %m");
-                goto finish;
-        }
-
-        r = sd_bus_start(a);
-        if (r < 0) {
-                log_error_errno(r, "Failed to start bus client: %m");
-                goto finish;
-        }
-
-        r = sd_bus_get_bus_id(a, &server_id);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get server ID: %m");
-                goto finish;
-        }
-
-        r = sd_bus_new(&b);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate bus: %m");
-                goto finish;
-        }
-
-        r = sd_bus_set_fd(b, in_fd, out_fd);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set fds: %m");
-                goto finish;
-        }
-
-        r = sd_bus_set_server(b, 1, server_id);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set server mode: %m");
-                goto finish;
-        }
-
-        r = sd_bus_negotiate_fds(b, is_unix);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set FD negotiation: %m");
-                goto finish;
-        }
-
-        r = sd_bus_set_anonymous(b, true);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set anonymous authentication: %m");
-                goto finish;
-        }
-
-        r = sd_bus_start(b);
-        if (r < 0) {
-                log_error_errno(r, "Failed to start bus client: %m");
-                goto finish;
-        }
-
-        for (;;) {
-                _cleanup_(sd_bus_message_unrefp)sd_bus_message *m = NULL;
-                int events_a, events_b, fd;
-                uint64_t timeout_a, timeout_b, t;
-                struct timespec _ts, *ts;
-
-                r = sd_bus_process(a, &m);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to process bus a: %m");
-                        goto finish;
-                }
-
-                if (m) {
-                        r = sd_bus_send(b, m, NULL);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send message: %m");
-                                goto finish;
-                        }
-                }
-
-                if (r > 0)
-                        continue;
-
-                r = sd_bus_process(b, &m);
-                if (r < 0) {
-                        /* treat 'connection reset by peer' as clean exit condition */
-                        if (r == -ECONNRESET)
-                                r = 0;
-
-                        goto finish;
-                }
-
-                if (m) {
-                        r = sd_bus_send(a, m, NULL);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to send message: %m");
-                                goto finish;
-                        }
-                }
-
-                if (r > 0)
-                        continue;
-
-                fd = sd_bus_get_fd(a);
-                if (fd < 0) {
-                        r = fd;
-                        log_error_errno(r, "Failed to get fd: %m");
-                        goto finish;
-                }
-
-                events_a = sd_bus_get_events(a);
-                if (events_a < 0) {
-                        r = events_a;
-                        log_error_errno(r, "Failed to get events mask: %m");
-                        goto finish;
-                }
-
-                r = sd_bus_get_timeout(a, &timeout_a);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to get timeout: %m");
-                        goto finish;
-                }
-
-                events_b = sd_bus_get_events(b);
-                if (events_b < 0) {
-                        r = events_b;
-                        log_error_errno(r, "Failed to get events mask: %m");
-                        goto finish;
-                }
-
-                r = sd_bus_get_timeout(b, &timeout_b);
-                if (r < 0) {
-                        log_error_errno(r, "Failed to get timeout: %m");
-                        goto finish;
-                }
-
-                t = timeout_a;
-                if (t == (uint64_t) -1 || (timeout_b != (uint64_t) -1 && timeout_b < timeout_a))
-                        t = timeout_b;
-
-                if (t == (uint64_t) -1)
-                        ts = NULL;
-                else {
-                        usec_t nw;
-
-                        nw = now(CLOCK_MONOTONIC);
-                        if (t > nw)
-                                t -= nw;
-                        else
-                                t = 0;
-
-                        ts = timespec_store(&_ts, t);
-                }
-
-                {
-                        struct pollfd p[3] = {
-                                {.fd = fd,            .events = events_a, },
-                                {.fd = STDIN_FILENO,  .events = events_b & POLLIN, },
-                                {.fd = STDOUT_FILENO, .events = events_b & POLLOUT, }};
-
-                        r = ppoll(p, ELEMENTSOF(p), ts, NULL);
-                }
-                if (r < 0) {
-                        log_error("ppoll() failed: %m");
-                        goto finish;
-                }
-        }
-
-finish:
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/sysctl/Makefile b/src/sysctl/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/sysctl/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/system-update-generator/Makefile b/src/system-update-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/system-update-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/systemctl/Makefile b/src/systemctl/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/systemctl/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
deleted file mode 100644
index 2480f69a75..0000000000
--- a/src/systemctl/systemctl.c
+++ /dev/null
@@ -1,7815 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-  Copyright 2013 Marc-Antoine Perennou
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <linux/reboot.h>
-#include <locale.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/reboot.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-daemon.h"
-#include "sd-login.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-message.h"
-#include "bus-unit-util.h"
-#include "bus-util.h"
-#include "cgroup-show.h"
-#include "cgroup-util.h"
-#include "copy.h"
-#include "dropin.h"
-#include "efivars.h"
-#include "env-util.h"
-#include "exit-status.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "glob-util.h"
-#include "hostname-util.h"
-#include "initreq.h"
-#include "install.h"
-#include "io-util.h"
-#include "list.h"
-#include "locale-util.h"
-#include "log.h"
-#include "logs-show.h"
-#include "macro.h"
-#include "mkdir.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "path-lookup.h"
-#include "path-util.h"
-#include "process-util.h"
-#include "rlimit-util.h"
-#include "set.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "spawn-ask-password-agent.h"
-#include "spawn-polkit-agent.h"
-#include "special.h"
-#include "stat-util.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "unit-name.h"
-#include "user-util.h"
-#include "util.h"
-#include "utmp-wtmp.h"
-#include "verbs.h"
-#include "virt.h"
-
-static char **arg_types = NULL;
-static char **arg_states = NULL;
-static char **arg_properties = NULL;
-static bool arg_all = false;
-static enum dependency {
-        DEPENDENCY_FORWARD,
-        DEPENDENCY_REVERSE,
-        DEPENDENCY_AFTER,
-        DEPENDENCY_BEFORE,
-        _DEPENDENCY_MAX
-} arg_dependency = DEPENDENCY_FORWARD;
-static const char *arg_job_mode = "replace";
-static UnitFileScope arg_scope = UNIT_FILE_SYSTEM;
-static bool arg_no_block = false;
-static bool arg_no_legend = false;
-static bool arg_no_pager = false;
-static bool arg_no_wtmp = false;
-static bool arg_no_sync = false;
-static bool arg_no_wall = false;
-static bool arg_no_reload = false;
-static bool arg_value = false;
-static bool arg_show_types = false;
-static bool arg_ignore_inhibitors = false;
-static bool arg_dry = false;
-static bool arg_quiet = false;
-static bool arg_full = false;
-static bool arg_recursive = false;
-static int arg_force = 0;
-static bool arg_ask_password = false;
-static bool arg_runtime = false;
-static UnitFilePresetMode arg_preset_mode = UNIT_FILE_PRESET_FULL;
-static char **arg_wall = NULL;
-static const char *arg_kill_who = NULL;
-static int arg_signal = SIGTERM;
-static char *arg_root = NULL;
-static usec_t arg_when = 0;
-static enum action {
-        _ACTION_INVALID,
-        ACTION_SYSTEMCTL,
-        ACTION_HALT,
-        ACTION_POWEROFF,
-        ACTION_REBOOT,
-        ACTION_KEXEC,
-        ACTION_EXIT,
-        ACTION_SUSPEND,
-        ACTION_HIBERNATE,
-        ACTION_HYBRID_SLEEP,
-        ACTION_RUNLEVEL2,
-        ACTION_RUNLEVEL3,
-        ACTION_RUNLEVEL4,
-        ACTION_RUNLEVEL5,
-        ACTION_RESCUE,
-        ACTION_EMERGENCY,
-        ACTION_DEFAULT,
-        ACTION_RELOAD,
-        ACTION_REEXEC,
-        ACTION_RUNLEVEL,
-        ACTION_CANCEL_SHUTDOWN,
-        _ACTION_MAX
-} arg_action = ACTION_SYSTEMCTL;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static const char *arg_host = NULL;
-static unsigned arg_lines = 10;
-static OutputMode arg_output = OUTPUT_SHORT;
-static bool arg_plain = false;
-static bool arg_firmware_setup = false;
-static bool arg_now = false;
-
-static int daemon_reload(int argc, char *argv[], void* userdata);
-static int halt_now(enum action a);
-static int get_state_one_unit(sd_bus *bus, const char *name, UnitActiveState *active_state);
-
-static bool original_stdout_is_tty;
-
-typedef enum BusFocus {
-        BUS_FULL,      /* The full bus indicated via --system or --user */
-        BUS_MANAGER,   /* The manager itself, possibly directly, possibly via the bus */
-        _BUS_FOCUS_MAX
-} BusFocus;
-
-static sd_bus *busses[_BUS_FOCUS_MAX] = {};
-
-static int acquire_bus(BusFocus focus, sd_bus **ret) {
-        int r;
-
-        assert(focus < _BUS_FOCUS_MAX);
-        assert(ret);
-
-        /* We only go directly to the manager, if we are using a local transport */
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                focus = BUS_FULL;
-
-        if (!busses[focus]) {
-                bool user;
-
-                user = arg_scope != UNIT_FILE_SYSTEM;
-
-                if (focus == BUS_MANAGER)
-                        r = bus_connect_transport_systemd(arg_transport, arg_host, user, &busses[focus]);
-                else
-                        r = bus_connect_transport(arg_transport, arg_host, user, &busses[focus]);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to connect to bus: %m");
-
-                (void) sd_bus_set_allow_interactive_authorization(busses[focus], arg_ask_password);
-        }
-
-        *ret = busses[focus];
-        return 0;
-}
-
-static void release_busses(void) {
-        BusFocus w;
-
-        for (w = 0; w < _BUS_FOCUS_MAX; w++)
-                busses[w] = sd_bus_flush_close_unref(busses[w]);
-}
-
-static void ask_password_agent_open_if_enabled(void) {
-
-        /* Open the password agent as a child process if necessary */
-
-        if (!arg_ask_password)
-                return;
-
-        if (arg_scope != UNIT_FILE_SYSTEM)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        ask_password_agent_open();
-}
-
-static void polkit_agent_open_if_enabled(void) {
-
-        /* Open the polkit agent as a child process if necessary */
-
-        if (!arg_ask_password)
-                return;
-
-        if (arg_scope != UNIT_FILE_SYSTEM)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        polkit_agent_open();
-}
-
-static OutputFlags get_output_flags(void) {
-        return
-                arg_all * OUTPUT_SHOW_ALL |
-                arg_full * OUTPUT_FULL_WIDTH |
-                (!on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
-                colors_enabled() * OUTPUT_COLOR |
-                !arg_quiet * OUTPUT_WARN_CUTOFF;
-}
-
-static int translate_bus_error_to_exit_status(int r, const sd_bus_error *error) {
-        assert(error);
-
-        if (!sd_bus_error_is_set(error))
-                return r;
-
-        if (sd_bus_error_has_name(error, SD_BUS_ERROR_ACCESS_DENIED) ||
-            sd_bus_error_has_name(error, BUS_ERROR_ONLY_BY_DEPENDENCY) ||
-            sd_bus_error_has_name(error, BUS_ERROR_NO_ISOLATION) ||
-            sd_bus_error_has_name(error, BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE))
-                return EXIT_NOPERMISSION;
-
-        if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT))
-                return EXIT_NOTINSTALLED;
-
-        if (sd_bus_error_has_name(error, BUS_ERROR_JOB_TYPE_NOT_APPLICABLE) ||
-            sd_bus_error_has_name(error, SD_BUS_ERROR_NOT_SUPPORTED))
-                return EXIT_NOTIMPLEMENTED;
-
-        if (sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED))
-                return EXIT_NOTCONFIGURED;
-
-        if (r != 0)
-                return r;
-
-        return EXIT_FAILURE;
-}
-
-static bool install_client_side(void) {
-
-        /* Decides when to execute enable/disable/... operations
-         * client-side rather than server-side. */
-
-        if (running_in_chroot() > 0)
-                return true;
-
-        if (sd_booted() <= 0)
-                return true;
-
-        if (!isempty(arg_root))
-                return true;
-
-        if (arg_scope == UNIT_FILE_GLOBAL)
-                return true;
-
-        /* Unsupported environment variable, mostly for debugging purposes */
-        if (getenv_bool("SYSTEMCTL_INSTALL_CLIENT_SIDE") > 0)
-                return true;
-
-        return false;
-}
-
-static int compare_unit_info(const void *a, const void *b) {
-        const UnitInfo *u = a, *v = b;
-        const char *d1, *d2;
-        int r;
-
-        /* First, order by machine */
-        if (!u->machine && v->machine)
-                return -1;
-        if (u->machine && !v->machine)
-                return 1;
-        if (u->machine && v->machine) {
-                r = strcasecmp(u->machine, v->machine);
-                if (r != 0)
-                        return r;
-        }
-
-        /* Second, order by unit type */
-        d1 = strrchr(u->id, '.');
-        d2 = strrchr(v->id, '.');
-        if (d1 && d2) {
-                r = strcasecmp(d1, d2);
-                if (r != 0)
-                        return r;
-        }
-
-        /* Third, order by name */
-        return strcasecmp(u->id, v->id);
-}
-
-static bool output_show_unit(const UnitInfo *u, char **patterns) {
-        assert(u);
-
-        if (!strv_fnmatch_or_empty(patterns, u->id, FNM_NOESCAPE))
-                return false;
-
-        if (arg_types) {
-                const char *dot;
-
-                dot = strrchr(u->id, '.');
-                if (!dot)
-                        return false;
-
-                if (!strv_find(arg_types, dot+1))
-                        return false;
-        }
-
-        if (arg_all)
-                return true;
-
-        /* Note that '--all' is not purely a state filter, but also a
-         * filter that hides units that "follow" other units (which is
-         * used for device units that appear under different names). */
-        if (!isempty(u->following))
-                return false;
-
-        if (!strv_isempty(arg_states))
-                return true;
-
-        /* By default show all units except the ones in inactive
-         * state and with no pending job */
-        if (u->job_id > 0)
-                return true;
-
-        if (streq(u->active_state, "inactive"))
-                return false;
-
-        return true;
-}
-
-static int output_units_list(const UnitInfo *unit_infos, unsigned c) {
-        unsigned circle_len = 0, id_len, max_id_len, load_len, active_len, sub_len, job_len, desc_len;
-        const UnitInfo *u;
-        unsigned n_shown = 0;
-        int job_count = 0;
-
-        max_id_len = strlen("UNIT");
-        load_len = strlen("LOAD");
-        active_len = strlen("ACTIVE");
-        sub_len = strlen("SUB");
-        job_len = strlen("JOB");
-        desc_len = 0;
-
-        for (u = unit_infos; u < unit_infos + c; u++) {
-                max_id_len = MAX(max_id_len, strlen(u->id) + (u->machine ? strlen(u->machine)+1 : 0));
-                load_len = MAX(load_len, strlen(u->load_state));
-                active_len = MAX(active_len, strlen(u->active_state));
-                sub_len = MAX(sub_len, strlen(u->sub_state));
-
-                if (u->job_id != 0) {
-                        job_len = MAX(job_len, strlen(u->job_type));
-                        job_count++;
-                }
-
-                if (!arg_no_legend &&
-                    (streq(u->active_state, "failed") ||
-                     STR_IN_SET(u->load_state, "error", "not-found", "masked")))
-                        circle_len = 2;
-        }
-
-        if (!arg_full && original_stdout_is_tty) {
-                unsigned basic_len;
-
-                id_len = MIN(max_id_len, 25u);
-                basic_len = circle_len + 5 + id_len + 5 + active_len + sub_len;
-
-                if (job_count)
-                        basic_len += job_len + 1;
-
-                if (basic_len < (unsigned) columns()) {
-                        unsigned extra_len, incr;
-                        extra_len = columns() - basic_len;
-
-                        /* Either UNIT already got 25, or is fully satisfied.
-                         * Grant up to 25 to DESC now. */
-                        incr = MIN(extra_len, 25u);
-                        desc_len += incr;
-                        extra_len -= incr;
-
-                        /* split the remaining space between UNIT and DESC,
-                         * but do not give UNIT more than it needs. */
-                        if (extra_len > 0) {
-                                incr = MIN(extra_len / 2, max_id_len - id_len);
-                                id_len += incr;
-                                desc_len += extra_len - incr;
-                        }
-                }
-        } else
-                id_len = max_id_len;
-
-        for (u = unit_infos; u < unit_infos + c; u++) {
-                _cleanup_free_ char *e = NULL, *j = NULL;
-                const char *on_loaded = "", *off_loaded = "";
-                const char *on_active = "", *off_active = "";
-                const char *on_circle = "", *off_circle = "";
-                const char *id;
-                bool circle = false;
-
-                if (!n_shown && !arg_no_legend) {
-
-                        if (circle_len > 0)
-                                fputs("  ", stdout);
-
-                        printf("%-*s %-*s %-*s %-*s ",
-                               id_len, "UNIT",
-                               load_len, "LOAD",
-                               active_len, "ACTIVE",
-                               sub_len, "SUB");
-
-                        if (job_count)
-                                printf("%-*s ", job_len, "JOB");
-
-                        if (!arg_full && arg_no_pager)
-                                printf("%.*s\n", desc_len, "DESCRIPTION");
-                        else
-                                printf("%s\n", "DESCRIPTION");
-                }
-
-                n_shown++;
-
-                if (STR_IN_SET(u->load_state, "error", "not-found", "masked") && !arg_plain) {
-                        on_loaded = ansi_highlight_red();
-                        on_circle = ansi_highlight_yellow();
-                        off_loaded = off_circle = ansi_normal();
-                        circle = true;
-                } else if (streq(u->active_state, "failed") && !arg_plain) {
-                        on_circle = on_active = ansi_highlight_red();
-                        off_circle = off_active = ansi_normal();
-                        circle = true;
-                }
-
-                if (u->machine) {
-                        j = strjoin(u->machine, ":", u->id, NULL);
-                        if (!j)
-                                return log_oom();
-
-                        id = j;
-                } else
-                        id = u->id;
-
-                if (arg_full) {
-                        e = ellipsize(id, id_len, 33);
-                        if (!e)
-                                return log_oom();
-
-                        id = e;
-                }
-
-                if (circle_len > 0)
-                        printf("%s%s%s ", on_circle, circle ? special_glyph(BLACK_CIRCLE) : " ", off_circle);
-
-                printf("%s%-*s%s %s%-*s%s %s%-*s %-*s%s %-*s",
-                       on_active, id_len, id, off_active,
-                       on_loaded, load_len, u->load_state, off_loaded,
-                       on_active, active_len, u->active_state,
-                       sub_len, u->sub_state, off_active,
-                       job_count ? job_len + 1 : 0, u->job_id ? u->job_type : "");
-
-                if (desc_len > 0)
-                        printf("%.*s\n", desc_len, u->description);
-                else
-                        printf("%s\n", u->description);
-        }
-
-        if (!arg_no_legend) {
-                const char *on, *off;
-
-                if (n_shown) {
-                        puts("\n"
-                             "LOAD   = Reflects whether the unit definition was properly loaded.\n"
-                             "ACTIVE = The high-level unit activation state, i.e. generalization of SUB.\n"
-                             "SUB    = The low-level unit activation state, values depend on unit type.");
-                        puts(job_count ? "JOB    = Pending job for the unit.\n" : "");
-                        on = ansi_highlight();
-                        off = ansi_normal();
-                } else {
-                        on = ansi_highlight_red();
-                        off = ansi_normal();
-                }
-
-                if (arg_all)
-                        printf("%s%u loaded units listed.%s\n"
-                               "To show all installed unit files use 'systemctl list-unit-files'.\n",
-                               on, n_shown, off);
-                else
-                        printf("%s%u loaded units listed.%s Pass --all to see loaded but inactive units, too.\n"
-                               "To show all installed unit files use 'systemctl list-unit-files'.\n",
-                               on, n_shown, off);
-        }
-
-        return 0;
-}
-
-static int get_unit_list(
-                sd_bus *bus,
-                const char *machine,
-                char **patterns,
-                UnitInfo **unit_infos,
-                int c,
-                sd_bus_message **_reply) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        size_t size = c;
-        int r;
-        UnitInfo u;
-        bool fallback = false;
-
-        assert(bus);
-        assert(unit_infos);
-        assert(_reply);
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "ListUnitsByPatterns");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_strv(m, arg_states);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_strv(m, patterns);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, m, 0, &error, &reply);
-        if (r < 0 && sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD)) {
-                /* Fallback to legacy ListUnitsFiltered method */
-                fallback = true;
-                log_debug_errno(r, "Failed to list units: %s Falling back to ListUnitsFiltered method.", bus_error_message(&error, r));
-                m = sd_bus_message_unref(m);
-                sd_bus_error_free(&error);
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &m,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "ListUnitsFiltered");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append_strv(m, arg_states);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_call(bus, m, 0, &error, &reply);
-        }
-        if (r < 0)
-                return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = bus_parse_unit_info(reply, &u)) > 0) {
-                u.machine = machine;
-
-                if (!output_show_unit(&u, fallback ? patterns : NULL))
-                        continue;
-
-                if (!GREEDY_REALLOC(*unit_infos, size, c+1))
-                        return log_oom();
-
-                (*unit_infos)[c++] = u;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        *_reply = reply;
-        reply = NULL;
-
-        return c;
-}
-
-static void message_set_freep(Set **set) {
-        sd_bus_message *m;
-
-        while ((m = set_steal_first(*set)))
-                sd_bus_message_unref(m);
-
-        set_free(*set);
-}
-
-static int get_unit_list_recursive(
-                sd_bus *bus,
-                char **patterns,
-                UnitInfo **_unit_infos,
-                Set **_replies,
-                char ***_machines) {
-
-        _cleanup_free_ UnitInfo *unit_infos = NULL;
-        _cleanup_(message_set_freep) Set *replies;
-        sd_bus_message *reply;
-        int c, r;
-
-        assert(bus);
-        assert(_replies);
-        assert(_unit_infos);
-        assert(_machines);
-
-        replies = set_new(NULL);
-        if (!replies)
-                return log_oom();
-
-        c = get_unit_list(bus, NULL, patterns, &unit_infos, 0, &reply);
-        if (c < 0)
-                return c;
-
-        r = set_put(replies, reply);
-        if (r < 0) {
-                sd_bus_message_unref(reply);
-                return log_oom();
-        }
-
-        if (arg_recursive) {
-                _cleanup_strv_free_ char **machines = NULL;
-                char **i;
-
-                r = sd_get_machine_names(&machines);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get machine names: %m");
-
-                STRV_FOREACH(i, machines) {
-                        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *container = NULL;
-                        int k;
-
-                        r = sd_bus_open_system_machine(&container, *i);
-                        if (r < 0) {
-                                log_warning_errno(r, "Failed to connect to container %s, ignoring: %m", *i);
-                                continue;
-                        }
-
-                        k = get_unit_list(container, *i, patterns, &unit_infos, c, &reply);
-                        if (k < 0)
-                                return k;
-
-                        c = k;
-
-                        r = set_put(replies, reply);
-                        if (r < 0) {
-                                sd_bus_message_unref(reply);
-                                return log_oom();
-                        }
-                }
-
-                *_machines = machines;
-                machines = NULL;
-        } else
-                *_machines = NULL;
-
-        *_unit_infos = unit_infos;
-        unit_infos = NULL;
-
-        *_replies = replies;
-        replies = NULL;
-
-        return c;
-}
-
-static int list_units(int argc, char *argv[], void *userdata) {
-        _cleanup_free_ UnitInfo *unit_infos = NULL;
-        _cleanup_(message_set_freep) Set *replies = NULL;
-        _cleanup_strv_free_ char **machines = NULL;
-        sd_bus *bus;
-        int r;
-
-        pager_open(arg_no_pager, false);
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = get_unit_list_recursive(bus, strv_skip(argv, 1), &unit_infos, &replies, &machines);
-        if (r < 0)
-                return r;
-
-        qsort_safe(unit_infos, r, sizeof(UnitInfo), compare_unit_info);
-        return output_units_list(unit_infos, r);
-}
-
-static int get_triggered_units(
-                sd_bus *bus,
-                const char* path,
-                char*** ret) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(ret);
-
-        r = sd_bus_get_property_strv(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        "Triggers",
-                        &error,
-                        ret);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine triggers: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int get_listening(
-                sd_bus *bus,
-                const char* unit_path,
-                char*** listening) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *type, *path;
-        int r, n = 0;
-
-        r = sd_bus_get_property(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        unit_path,
-                        "org.freedesktop.systemd1.Socket",
-                        "Listen",
-                        &error,
-                        &reply,
-                        "a(ss)");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get list of listening sockets: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ss)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(ss)", &type, &path)) > 0) {
-
-                r = strv_extend(listening, type);
-                if (r < 0)
-                        return log_oom();
-
-                r = strv_extend(listening, path);
-                if (r < 0)
-                        return log_oom();
-
-                n++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return n;
-}
-
-struct socket_info {
-        const char *machine;
-        const char* id;
-
-        char* type;
-        char* path;
-
-        /* Note: triggered is a list here, although it almost certainly
-         * will always be one unit. Nevertheless, dbus API allows for multiple
-         * values, so let's follow that. */
-        char** triggered;
-
-        /* The strv above is shared. free is set only in the first one. */
-        bool own_triggered;
-};
-
-static int socket_info_compare(const struct socket_info *a, const struct socket_info *b) {
-        int o;
-
-        assert(a);
-        assert(b);
-
-        if (!a->machine && b->machine)
-                return -1;
-        if (a->machine && !b->machine)
-                return 1;
-        if (a->machine && b->machine) {
-                o = strcasecmp(a->machine, b->machine);
-                if (o != 0)
-                        return o;
-        }
-
-        o = strcmp(a->path, b->path);
-        if (o == 0)
-                o = strcmp(a->type, b->type);
-
-        return o;
-}
-
-static int output_sockets_list(struct socket_info *socket_infos, unsigned cs) {
-        struct socket_info *s;
-        unsigned pathlen = strlen("LISTEN"),
-                typelen = strlen("TYPE") * arg_show_types,
-                socklen = strlen("UNIT"),
-                servlen = strlen("ACTIVATES");
-        const char *on, *off;
-
-        for (s = socket_infos; s < socket_infos + cs; s++) {
-                unsigned tmp = 0;
-                char **a;
-
-                socklen = MAX(socklen, strlen(s->id));
-                if (arg_show_types)
-                        typelen = MAX(typelen, strlen(s->type));
-                pathlen = MAX(pathlen, strlen(s->path) + (s->machine ? strlen(s->machine)+1 : 0));
-
-                STRV_FOREACH(a, s->triggered)
-                        tmp += strlen(*a) + 2*(a != s->triggered);
-                servlen = MAX(servlen, tmp);
-        }
-
-        if (cs) {
-                if (!arg_no_legend)
-                        printf("%-*s %-*.*s%-*s %s\n",
-                               pathlen, "LISTEN",
-                               typelen + arg_show_types, typelen + arg_show_types, "TYPE ",
-                               socklen, "UNIT",
-                               "ACTIVATES");
-
-                for (s = socket_infos; s < socket_infos + cs; s++) {
-                        _cleanup_free_ char *j = NULL;
-                        const char *path;
-                        char **a;
-
-                        if (s->machine) {
-                                j = strjoin(s->machine, ":", s->path, NULL);
-                                if (!j)
-                                        return log_oom();
-                                path = j;
-                        } else
-                                path = s->path;
-
-                        if (arg_show_types)
-                                printf("%-*s %-*s %-*s",
-                                       pathlen, path, typelen, s->type, socklen, s->id);
-                        else
-                                printf("%-*s %-*s",
-                                       pathlen, path, socklen, s->id);
-                        STRV_FOREACH(a, s->triggered)
-                                printf("%s %s",
-                                       a == s->triggered ? "" : ",", *a);
-                        printf("\n");
-                }
-
-                on = ansi_highlight();
-                off = ansi_normal();
-                if (!arg_no_legend)
-                        printf("\n");
-        } else {
-                on = ansi_highlight_red();
-                off = ansi_normal();
-        }
-
-        if (!arg_no_legend) {
-                printf("%s%u sockets listed.%s\n", on, cs, off);
-                if (!arg_all)
-                        printf("Pass --all to see loaded but inactive sockets, too.\n");
-        }
-
-        return 0;
-}
-
-static int list_sockets(int argc, char *argv[], void *userdata) {
-        _cleanup_(message_set_freep) Set *replies = NULL;
-        _cleanup_strv_free_ char **machines = NULL;
-        _cleanup_free_ UnitInfo *unit_infos = NULL;
-        _cleanup_free_ struct socket_info *socket_infos = NULL;
-        const UnitInfo *u;
-        struct socket_info *s;
-        unsigned cs = 0;
-        size_t size = 0;
-        int r = 0, n;
-        sd_bus *bus;
-
-        pager_open(arg_no_pager, false);
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        n = get_unit_list_recursive(bus, strv_skip(argv, 1), &unit_infos, &replies, &machines);
-        if (n < 0)
-                return n;
-
-        for (u = unit_infos; u < unit_infos + n; u++) {
-                _cleanup_strv_free_ char **listening = NULL, **triggered = NULL;
-                int i, c;
-
-                if (!endswith(u->id, ".socket"))
-                        continue;
-
-                r = get_triggered_units(bus, u->unit_path, &triggered);
-                if (r < 0)
-                        goto cleanup;
-
-                c = get_listening(bus, u->unit_path, &listening);
-                if (c < 0) {
-                        r = c;
-                        goto cleanup;
-                }
-
-                if (!GREEDY_REALLOC(socket_infos, size, cs + c)) {
-                        r = log_oom();
-                        goto cleanup;
-                }
-
-                for (i = 0; i < c; i++)
-                        socket_infos[cs + i] = (struct socket_info) {
-                                .machine = u->machine,
-                                .id = u->id,
-                                .type = listening[i*2],
-                                .path = listening[i*2 + 1],
-                                .triggered = triggered,
-                                .own_triggered = i==0,
-                        };
-
-                /* from this point on we will cleanup those socket_infos */
-                cs += c;
-                free(listening);
-                listening = triggered = NULL; /* avoid cleanup */
-        }
-
-        qsort_safe(socket_infos, cs, sizeof(struct socket_info),
-                   (__compar_fn_t) socket_info_compare);
-
-        output_sockets_list(socket_infos, cs);
-
- cleanup:
-        assert(cs == 0 || socket_infos);
-        for (s = socket_infos; s < socket_infos + cs; s++) {
-                free(s->type);
-                free(s->path);
-                if (s->own_triggered)
-                        strv_free(s->triggered);
-        }
-
-        return r;
-}
-
-static int get_next_elapse(
-                sd_bus *bus,
-                const char *path,
-                dual_timestamp *next) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        dual_timestamp t;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(next);
-
-        r = sd_bus_get_property_trivial(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Timer",
-                        "NextElapseUSecMonotonic",
-                        &error,
-                        't',
-                        &t.monotonic);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get next elapsation time: %s", bus_error_message(&error, r));
-
-        r = sd_bus_get_property_trivial(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Timer",
-                        "NextElapseUSecRealtime",
-                        &error,
-                        't',
-                        &t.realtime);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get next elapsation time: %s", bus_error_message(&error, r));
-
-        *next = t;
-        return 0;
-}
-
-static int get_last_trigger(
-                sd_bus *bus,
-                const char *path,
-                usec_t *last) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(bus);
-        assert(path);
-        assert(last);
-
-        r = sd_bus_get_property_trivial(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Timer",
-                        "LastTriggerUSec",
-                        &error,
-                        't',
-                        last);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get last trigger time: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-struct timer_info {
-        const char* machine;
-        const char* id;
-        usec_t next_elapse;
-        usec_t last_trigger;
-        char** triggered;
-};
-
-static int timer_info_compare(const struct timer_info *a, const struct timer_info *b) {
-        int o;
-
-        assert(a);
-        assert(b);
-
-        if (!a->machine && b->machine)
-                return -1;
-        if (a->machine && !b->machine)
-                return 1;
-        if (a->machine && b->machine) {
-                o = strcasecmp(a->machine, b->machine);
-                if (o != 0)
-                        return o;
-        }
-
-        if (a->next_elapse < b->next_elapse)
-                return -1;
-        if (a->next_elapse > b->next_elapse)
-                return 1;
-
-        return strcmp(a->id, b->id);
-}
-
-static int output_timers_list(struct timer_info *timer_infos, unsigned n) {
-        struct timer_info *t;
-        unsigned
-                nextlen = strlen("NEXT"),
-                leftlen = strlen("LEFT"),
-                lastlen = strlen("LAST"),
-                passedlen = strlen("PASSED"),
-                unitlen = strlen("UNIT"),
-                activatelen = strlen("ACTIVATES");
-
-        const char *on, *off;
-
-        assert(timer_infos || n == 0);
-
-        for (t = timer_infos; t < timer_infos + n; t++) {
-                unsigned ul = 0;
-                char **a;
-
-                if (t->next_elapse > 0) {
-                        char tstamp[FORMAT_TIMESTAMP_MAX] = "", trel[FORMAT_TIMESTAMP_RELATIVE_MAX] = "";
-
-                        format_timestamp(tstamp, sizeof(tstamp), t->next_elapse);
-                        nextlen = MAX(nextlen, strlen(tstamp) + 1);
-
-                        format_timestamp_relative(trel, sizeof(trel), t->next_elapse);
-                        leftlen = MAX(leftlen, strlen(trel));
-                }
-
-                if (t->last_trigger > 0) {
-                        char tstamp[FORMAT_TIMESTAMP_MAX] = "", trel[FORMAT_TIMESTAMP_RELATIVE_MAX] = "";
-
-                        format_timestamp(tstamp, sizeof(tstamp), t->last_trigger);
-                        lastlen = MAX(lastlen, strlen(tstamp) + 1);
-
-                        format_timestamp_relative(trel, sizeof(trel), t->last_trigger);
-                        passedlen = MAX(passedlen, strlen(trel));
-                }
-
-                unitlen = MAX(unitlen, strlen(t->id) + (t->machine ? strlen(t->machine)+1 : 0));
-
-                STRV_FOREACH(a, t->triggered)
-                        ul += strlen(*a) + 2*(a != t->triggered);
-
-                activatelen = MAX(activatelen, ul);
-        }
-
-        if (n > 0) {
-                if (!arg_no_legend)
-                        printf("%-*s %-*s %-*s %-*s %-*s %s\n",
-                               nextlen,   "NEXT",
-                               leftlen,   "LEFT",
-                               lastlen,   "LAST",
-                               passedlen, "PASSED",
-                               unitlen,   "UNIT",
-                                          "ACTIVATES");
-
-                for (t = timer_infos; t < timer_infos + n; t++) {
-                        _cleanup_free_ char *j = NULL;
-                        const char *unit;
-                        char tstamp1[FORMAT_TIMESTAMP_MAX] = "n/a", trel1[FORMAT_TIMESTAMP_RELATIVE_MAX] = "n/a";
-                        char tstamp2[FORMAT_TIMESTAMP_MAX] = "n/a", trel2[FORMAT_TIMESTAMP_RELATIVE_MAX] = "n/a";
-                        char **a;
-
-                        format_timestamp(tstamp1, sizeof(tstamp1), t->next_elapse);
-                        format_timestamp_relative(trel1, sizeof(trel1), t->next_elapse);
-
-                        format_timestamp(tstamp2, sizeof(tstamp2), t->last_trigger);
-                        format_timestamp_relative(trel2, sizeof(trel2), t->last_trigger);
-
-                        if (t->machine) {
-                                j = strjoin(t->machine, ":", t->id, NULL);
-                                if (!j)
-                                        return log_oom();
-                                unit = j;
-                        } else
-                                unit = t->id;
-
-                        printf("%-*s %-*s %-*s %-*s %-*s",
-                               nextlen, tstamp1, leftlen, trel1, lastlen, tstamp2, passedlen, trel2, unitlen, unit);
-
-                        STRV_FOREACH(a, t->triggered)
-                                printf("%s %s",
-                                       a == t->triggered ? "" : ",", *a);
-                        printf("\n");
-                }
-
-                on = ansi_highlight();
-                off = ansi_normal();
-                if (!arg_no_legend)
-                        printf("\n");
-        } else {
-                on = ansi_highlight_red();
-                off = ansi_normal();
-        }
-
-        if (!arg_no_legend) {
-                printf("%s%u timers listed.%s\n", on, n, off);
-                if (!arg_all)
-                        printf("Pass --all to see loaded but inactive timers, too.\n");
-        }
-
-        return 0;
-}
-
-static usec_t calc_next_elapse(dual_timestamp *nw, dual_timestamp *next) {
-        usec_t next_elapse;
-
-        assert(nw);
-        assert(next);
-
-        if (next->monotonic != USEC_INFINITY && next->monotonic > 0) {
-                usec_t converted;
-
-                if (next->monotonic > nw->monotonic)
-                        converted = nw->realtime + (next->monotonic - nw->monotonic);
-                else
-                        converted = nw->realtime - (nw->monotonic - next->monotonic);
-
-                if (next->realtime != USEC_INFINITY && next->realtime > 0)
-                        next_elapse = MIN(converted, next->realtime);
-                else
-                        next_elapse = converted;
-
-        } else
-                next_elapse = next->realtime;
-
-        return next_elapse;
-}
-
-static int list_timers(int argc, char *argv[], void *userdata) {
-        _cleanup_(message_set_freep) Set *replies = NULL;
-        _cleanup_strv_free_ char **machines = NULL;
-        _cleanup_free_ struct timer_info *timer_infos = NULL;
-        _cleanup_free_ UnitInfo *unit_infos = NULL;
-        struct timer_info *t;
-        const UnitInfo *u;
-        size_t size = 0;
-        int n, c = 0;
-        dual_timestamp nw;
-        sd_bus *bus;
-        int r = 0;
-
-        pager_open(arg_no_pager, false);
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        n = get_unit_list_recursive(bus, strv_skip(argv, 1), &unit_infos, &replies, &machines);
-        if (n < 0)
-                return n;
-
-        dual_timestamp_get(&nw);
-
-        for (u = unit_infos; u < unit_infos + n; u++) {
-                _cleanup_strv_free_ char **triggered = NULL;
-                dual_timestamp next = DUAL_TIMESTAMP_NULL;
-                usec_t m, last = 0;
-
-                if (!endswith(u->id, ".timer"))
-                        continue;
-
-                r = get_triggered_units(bus, u->unit_path, &triggered);
-                if (r < 0)
-                        goto cleanup;
-
-                r = get_next_elapse(bus, u->unit_path, &next);
-                if (r < 0)
-                        goto cleanup;
-
-                get_last_trigger(bus, u->unit_path, &last);
-
-                if (!GREEDY_REALLOC(timer_infos, size, c+1)) {
-                        r = log_oom();
-                        goto cleanup;
-                }
-
-                m = calc_next_elapse(&nw, &next);
-
-                timer_infos[c++] = (struct timer_info) {
-                        .machine = u->machine,
-                        .id = u->id,
-                        .next_elapse = m,
-                        .last_trigger = last,
-                        .triggered = triggered,
-                };
-
-                triggered = NULL; /* avoid cleanup */
-        }
-
-        qsort_safe(timer_infos, c, sizeof(struct timer_info),
-                   (__compar_fn_t) timer_info_compare);
-
-        output_timers_list(timer_infos, c);
-
- cleanup:
-        for (t = timer_infos; t < timer_infos + c; t++)
-                strv_free(t->triggered);
-
-        return r;
-}
-
-static int compare_unit_file_list(const void *a, const void *b) {
-        const char *d1, *d2;
-        const UnitFileList *u = a, *v = b;
-
-        d1 = strrchr(u->path, '.');
-        d2 = strrchr(v->path, '.');
-
-        if (d1 && d2) {
-                int r;
-
-                r = strcasecmp(d1, d2);
-                if (r != 0)
-                        return r;
-        }
-
-        return strcasecmp(basename(u->path), basename(v->path));
-}
-
-static bool output_show_unit_file(const UnitFileList *u, char **states, char **patterns) {
-        assert(u);
-
-        if (!strv_fnmatch_or_empty(patterns, basename(u->path), FNM_NOESCAPE))
-                return false;
-
-        if (!strv_isempty(arg_types)) {
-                const char *dot;
-
-                dot = strrchr(u->path, '.');
-                if (!dot)
-                        return false;
-
-                if (!strv_find(arg_types, dot+1))
-                        return false;
-        }
-
-        if (!strv_isempty(states) &&
-            !strv_find(states, unit_file_state_to_string(u->state)))
-                return false;
-
-        return true;
-}
-
-static void output_unit_file_list(const UnitFileList *units, unsigned c) {
-        unsigned max_id_len, id_cols, state_cols;
-        const UnitFileList *u;
-
-        max_id_len = strlen("UNIT FILE");
-        state_cols = strlen("STATE");
-
-        for (u = units; u < units + c; u++) {
-                max_id_len = MAX(max_id_len, strlen(basename(u->path)));
-                state_cols = MAX(state_cols, strlen(unit_file_state_to_string(u->state)));
-        }
-
-        if (!arg_full) {
-                unsigned basic_cols;
-
-                id_cols = MIN(max_id_len, 25u);
-                basic_cols = 1 + id_cols + state_cols;
-                if (basic_cols < (unsigned) columns())
-                        id_cols += MIN(columns() - basic_cols, max_id_len - id_cols);
-        } else
-                id_cols = max_id_len;
-
-        if (!arg_no_legend && c > 0)
-                printf("%-*s %-*s\n",
-                       id_cols, "UNIT FILE",
-                       state_cols, "STATE");
-
-        for (u = units; u < units + c; u++) {
-                _cleanup_free_ char *e = NULL;
-                const char *on, *off;
-                const char *id;
-
-                if (IN_SET(u->state,
-                           UNIT_FILE_MASKED,
-                           UNIT_FILE_MASKED_RUNTIME,
-                           UNIT_FILE_DISABLED,
-                           UNIT_FILE_BAD)) {
-                        on  = ansi_highlight_red();
-                        off = ansi_normal();
-                } else if (u->state == UNIT_FILE_ENABLED) {
-                        on  = ansi_highlight_green();
-                        off = ansi_normal();
-                } else
-                        on = off = "";
-
-                id = basename(u->path);
-
-                e = arg_full ? NULL : ellipsize(id, id_cols, 33);
-
-                printf("%-*s %s%-*s%s\n",
-                       id_cols, e ? e : id,
-                       on, state_cols, unit_file_state_to_string(u->state), off);
-        }
-
-        if (!arg_no_legend)
-                printf("\n%u unit files listed.\n", c);
-}
-
-static int list_unit_files(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ UnitFileList *units = NULL;
-        UnitFileList *unit;
-        size_t size = 0;
-        unsigned c = 0;
-        const char *state;
-        char *path;
-        int r;
-        bool fallback = false;
-
-        pager_open(arg_no_pager, false);
-
-        if (install_client_side()) {
-                Hashmap *h;
-                UnitFileList *u;
-                Iterator i;
-                unsigned n_units;
-
-                h = hashmap_new(&string_hash_ops);
-                if (!h)
-                        return log_oom();
-
-                r = unit_file_get_list(arg_scope, arg_root, h, arg_states, strv_skip(argv, 1));
-                if (r < 0) {
-                        unit_file_list_free(h);
-                        return log_error_errno(r, "Failed to get unit file list: %m");
-                }
-
-                n_units = hashmap_size(h);
-
-                units = new(UnitFileList, n_units ?: 1); /* avoid malloc(0) */
-                if (!units) {
-                        unit_file_list_free(h);
-                        return log_oom();
-                }
-
-                HASHMAP_FOREACH(u, h, i) {
-                        if (!output_show_unit_file(u, NULL, NULL))
-                                continue;
-
-                        units[c++] = *u;
-                        free(u);
-                }
-
-                assert(c <= n_units);
-                hashmap_free(h);
-
-                r = 0;
-        } else {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                sd_bus *bus;
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &m,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "ListUnitFilesByPatterns");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append_strv(m, arg_states);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append_strv(m, strv_skip(argv, 1));
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_call(bus, m, 0, &error, &reply);
-                if (r < 0 && sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD)) {
-                        /* Fallback to legacy ListUnitFiles method */
-                        fallback = true;
-                        log_debug_errno(r, "Failed to list unit files: %s Falling back to ListUnitsFiles method.", bus_error_message(&error, r));
-                        m = sd_bus_message_unref(m);
-                        sd_bus_error_free(&error);
-
-                        r = sd_bus_message_new_method_call(
-                                        bus,
-                                        &m,
-                                        "org.freedesktop.systemd1",
-                                        "/org/freedesktop/systemd1",
-                                        "org.freedesktop.systemd1.Manager",
-                                        "ListUnitFiles");
-                        if (r < 0)
-                                return bus_log_create_error(r);
-
-                        r = sd_bus_call(bus, m, 0, &error, &reply);
-                }
-                if (r < 0)
-                        return log_error_errno(r, "Failed to list unit files: %s", bus_error_message(&error, r));
-
-                r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ss)");
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                while ((r = sd_bus_message_read(reply, "(ss)", &path, &state)) > 0) {
-
-                        if (!GREEDY_REALLOC(units, size, c + 1))
-                                return log_oom();
-
-                        units[c] = (struct UnitFileList) {
-                                path,
-                                unit_file_state_from_string(state)
-                        };
-
-                        if (output_show_unit_file(&units[c],
-                            fallback ? arg_states : NULL,
-                            fallback ? strv_skip(argv, 1) : NULL))
-                                c++;
-
-                }
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-        }
-
-        qsort_safe(units, c, sizeof(UnitFileList), compare_unit_file_list);
-        output_unit_file_list(units, c);
-
-        if (install_client_side())
-                for (unit = units; unit < units + c; unit++)
-                        free(unit->path);
-
-        return 0;
-}
-
-static int list_dependencies_print(const char *name, int level, unsigned int branches, bool last) {
-        _cleanup_free_ char *n = NULL;
-        size_t max_len = MAX(columns(),20u);
-        size_t len = 0;
-        int i;
-
-        if (!arg_plain) {
-
-                for (i = level - 1; i >= 0; i--) {
-                        len += 2;
-                        if (len > max_len - 3 && !arg_full) {
-                                printf("%s...\n",max_len % 2 ? "" : " ");
-                                return 0;
-                        }
-                        printf("%s", special_glyph(branches & (1 << i) ? TREE_VERTICAL : TREE_SPACE));
-                }
-                len += 2;
-
-                if (len > max_len - 3 && !arg_full) {
-                        printf("%s...\n",max_len % 2 ? "" : " ");
-                        return 0;
-                }
-
-                printf("%s", special_glyph(last ? TREE_RIGHT : TREE_BRANCH));
-        }
-
-        if (arg_full) {
-                printf("%s\n", name);
-                return 0;
-        }
-
-        n = ellipsize(name, max_len-len, 100);
-        if (!n)
-                return log_oom();
-
-        printf("%s\n", n);
-        return 0;
-}
-
-static int list_dependencies_get_dependencies(sd_bus *bus, const char *name, char ***deps) {
-
-        static const char *dependencies[_DEPENDENCY_MAX] = {
-                [DEPENDENCY_FORWARD] = "Requires\0"
-                                       "Requisite\0"
-                                       "Wants\0"
-                                       "ConsistsOf\0"
-                                       "BindsTo\0",
-                [DEPENDENCY_REVERSE] = "RequiredBy\0"
-                                       "RequisiteOf\0"
-                                       "WantedBy\0"
-                                       "PartOf\0"
-                                       "BoundBy\0",
-                [DEPENDENCY_AFTER]   = "After\0",
-                [DEPENDENCY_BEFORE]  = "Before\0",
-        };
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_strv_free_ char **ret = NULL;
-        _cleanup_free_ char *path = NULL;
-        int r;
-
-        assert(bus);
-        assert(name);
-        assert(deps);
-        assert_cc(ELEMENTSOF(dependencies) == _DEPENDENCY_MAX);
-
-        path = unit_dbus_path_from_name(name);
-        if (!path)
-                return log_oom();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.DBus.Properties",
-                        "GetAll",
-                        &error,
-                        &reply,
-                        "s", "org.freedesktop.systemd1.Unit");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get properties of %s: %s", name, bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
-                const char *prop;
-
-                r = sd_bus_message_read(reply, "s", &prop);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (!nulstr_contains(dependencies[arg_dependency], prop)) {
-                        r = sd_bus_message_skip(reply, "v");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-                } else {
-
-                        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, "as");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = bus_message_read_strv_extend(reply, &ret);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(reply);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-                }
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        *deps = ret;
-        ret = NULL;
-
-        return 0;
-}
-
-static int list_dependencies_compare(const void *_a, const void *_b) {
-        const char **a = (const char**) _a, **b = (const char**) _b;
-
-        if (unit_name_to_type(*a) == UNIT_TARGET && unit_name_to_type(*b) != UNIT_TARGET)
-                return 1;
-        if (unit_name_to_type(*a) != UNIT_TARGET && unit_name_to_type(*b) == UNIT_TARGET)
-                return -1;
-
-        return strcasecmp(*a, *b);
-}
-
-static int list_dependencies_one(
-                sd_bus *bus,
-                const char *name,
-                int level,
-                char ***units,
-                unsigned int branches) {
-
-        _cleanup_strv_free_ char **deps = NULL;
-        char **c;
-        int r = 0;
-
-        assert(bus);
-        assert(name);
-        assert(units);
-
-        r = strv_extend(units, name);
-        if (r < 0)
-                return log_oom();
-
-        r = list_dependencies_get_dependencies(bus, name, &deps);
-        if (r < 0)
-                return r;
-
-        qsort_safe(deps, strv_length(deps), sizeof (char*), list_dependencies_compare);
-
-        STRV_FOREACH(c, deps) {
-                if (strv_contains(*units, *c)) {
-                        if (!arg_plain) {
-                                r = list_dependencies_print("...", level + 1, (branches << 1) | (c[1] == NULL ? 0 : 1), 1);
-                                if (r < 0)
-                                        return r;
-                        }
-                        continue;
-                }
-
-                if (arg_plain)
-                        printf("  ");
-                else {
-                        UnitActiveState active_state = _UNIT_ACTIVE_STATE_INVALID;
-                        const char *on;
-
-                        (void) get_state_one_unit(bus, *c, &active_state);
-
-                        switch (active_state) {
-                        case UNIT_ACTIVE:
-                        case UNIT_RELOADING:
-                        case UNIT_ACTIVATING:
-                                on = ansi_highlight_green();
-                                break;
-
-                        case UNIT_INACTIVE:
-                        case UNIT_DEACTIVATING:
-                                on = ansi_normal();
-                                break;
-
-                        default:
-                                on = ansi_highlight_red();
-                                break;
-                        }
-
-                        printf("%s%s%s ", on, special_glyph(BLACK_CIRCLE), ansi_normal());
-                }
-
-                r = list_dependencies_print(*c, level, branches, c[1] == NULL);
-                if (r < 0)
-                        return r;
-
-                if (arg_all || unit_name_to_type(*c) == UNIT_TARGET) {
-                       r = list_dependencies_one(bus, *c, level + 1, units, (branches << 1) | (c[1] == NULL ? 0 : 1));
-                       if (r < 0)
-                               return r;
-                }
-        }
-
-        if (!arg_plain)
-                strv_remove(*units, name);
-
-        return 0;
-}
-
-static int list_dependencies(int argc, char *argv[], void *userdata) {
-        _cleanup_strv_free_ char **units = NULL;
-        _cleanup_free_ char *unit = NULL;
-        const char *u;
-        sd_bus *bus;
-        int r;
-
-        if (argv[1]) {
-                r = unit_name_mangle(argv[1], UNIT_NAME_NOGLOB, &unit);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to mangle unit name: %m");
-
-                u = unit;
-        } else
-                u = SPECIAL_DEFAULT_TARGET;
-
-        pager_open(arg_no_pager, false);
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        puts(u);
-
-        return list_dependencies_one(bus, u, 0, &units, 0);
-}
-
-struct machine_info {
-        bool is_host;
-        char *name;
-        char *state;
-        char *control_group;
-        uint32_t n_failed_units;
-        uint32_t n_jobs;
-        usec_t timestamp;
-};
-
-static const struct bus_properties_map machine_info_property_map[] = {
-        { "SystemState",        "s", NULL, offsetof(struct machine_info, state)          },
-        { "NJobs",              "u", NULL, offsetof(struct machine_info, n_jobs)         },
-        { "NFailedUnits",       "u", NULL, offsetof(struct machine_info, n_failed_units) },
-        { "ControlGroup",       "s", NULL, offsetof(struct machine_info, control_group)  },
-        { "UserspaceTimestamp", "t", NULL, offsetof(struct machine_info, timestamp)      },
-        {}
-};
-
-static void machine_info_clear(struct machine_info *info) {
-        if (info) {
-                free(info->name);
-                free(info->state);
-                free(info->control_group);
-                zero(*info);
-        }
-}
-
-static void free_machines_list(struct machine_info *machine_infos, int n) {
-        int i;
-
-        if (!machine_infos)
-                return;
-
-        for (i = 0; i < n; i++)
-                machine_info_clear(&machine_infos[i]);
-
-        free(machine_infos);
-}
-
-static int compare_machine_info(const void *a, const void *b) {
-        const struct machine_info *u = a, *v = b;
-
-        if (u->is_host != v->is_host)
-                return u->is_host > v->is_host ? -1 : 1;
-
-        return strcasecmp(u->name, v->name);
-}
-
-static int get_machine_properties(sd_bus *bus, struct machine_info *mi) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *container = NULL;
-        int r;
-
-        assert(mi);
-
-        if (!bus) {
-                r = sd_bus_open_system_machine(&container, mi->name);
-                if (r < 0)
-                        return r;
-
-                bus = container;
-        }
-
-        r = bus_map_all_properties(bus, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", machine_info_property_map, mi);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static bool output_show_machine(const char *name, char **patterns) {
-        return strv_fnmatch_or_empty(patterns, name, FNM_NOESCAPE);
-}
-
-static int get_machine_list(
-                sd_bus *bus,
-                struct machine_info **_machine_infos,
-                char **patterns) {
-
-        struct machine_info *machine_infos = NULL;
-        _cleanup_strv_free_ char **m = NULL;
-        _cleanup_free_ char *hn = NULL;
-        size_t sz = 0;
-        char **i;
-        int c = 0, r;
-
-        hn = gethostname_malloc();
-        if (!hn)
-                return log_oom();
-
-        if (output_show_machine(hn, patterns)) {
-                if (!GREEDY_REALLOC0(machine_infos, sz, c+1))
-                        return log_oom();
-
-                machine_infos[c].is_host = true;
-                machine_infos[c].name = hn;
-                hn = NULL;
-
-                get_machine_properties(bus, &machine_infos[c]);
-                c++;
-        }
-
-        r = sd_get_machine_names(&m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get machine list: %m");
-
-        STRV_FOREACH(i, m) {
-                _cleanup_free_ char *class = NULL;
-
-                if (!output_show_machine(*i, patterns))
-                        continue;
-
-                sd_machine_get_class(*i, &class);
-                if (!streq_ptr(class, "container"))
-                        continue;
-
-                if (!GREEDY_REALLOC0(machine_infos, sz, c+1)) {
-                        free_machines_list(machine_infos, c);
-                        return log_oom();
-                }
-
-                machine_infos[c].is_host = false;
-                machine_infos[c].name = strdup(*i);
-                if (!machine_infos[c].name) {
-                        free_machines_list(machine_infos, c);
-                        return log_oom();
-                }
-
-                get_machine_properties(NULL, &machine_infos[c]);
-                c++;
-        }
-
-        *_machine_infos = machine_infos;
-        return c;
-}
-
-static void output_machines_list(struct machine_info *machine_infos, unsigned n) {
-        struct machine_info *m;
-        unsigned
-                circle_len = 0,
-                namelen = sizeof("NAME") - 1,
-                statelen = sizeof("STATE") - 1,
-                failedlen = sizeof("FAILED") - 1,
-                jobslen = sizeof("JOBS") - 1;
-
-        assert(machine_infos || n == 0);
-
-        for (m = machine_infos; m < machine_infos + n; m++) {
-                namelen = MAX(namelen, strlen(m->name) + (m->is_host ? sizeof(" (host)") - 1 : 0));
-                statelen = MAX(statelen, m->state ? strlen(m->state) : 0);
-                failedlen = MAX(failedlen, DECIMAL_STR_WIDTH(m->n_failed_units));
-                jobslen = MAX(jobslen, DECIMAL_STR_WIDTH(m->n_jobs));
-
-                if (!arg_plain && !streq_ptr(m->state, "running"))
-                        circle_len = 2;
-        }
-
-        if (!arg_no_legend) {
-                if (circle_len > 0)
-                        fputs("  ", stdout);
-
-                printf("%-*s %-*s %-*s %-*s\n",
-                         namelen, "NAME",
-                        statelen, "STATE",
-                       failedlen, "FAILED",
-                         jobslen, "JOBS");
-        }
-
-        for (m = machine_infos; m < machine_infos + n; m++) {
-                const char *on_state = "", *off_state = "";
-                const char *on_failed = "", *off_failed = "";
-                bool circle = false;
-
-                if (streq_ptr(m->state, "degraded")) {
-                        on_state = ansi_highlight_red();
-                        off_state = ansi_normal();
-                        circle = true;
-                } else if (!streq_ptr(m->state, "running")) {
-                        on_state = ansi_highlight_yellow();
-                        off_state = ansi_normal();
-                        circle = true;
-                }
-
-                if (m->n_failed_units > 0) {
-                        on_failed = ansi_highlight_red();
-                        off_failed = ansi_normal();
-                } else
-                        on_failed = off_failed = "";
-
-                if (circle_len > 0)
-                        printf("%s%s%s ", on_state, circle ? special_glyph(BLACK_CIRCLE) : " ", off_state);
-
-                if (m->is_host)
-                        printf("%-*s (host) %s%-*s%s %s%*" PRIu32 "%s %*" PRIu32 "\n",
-                               (int) (namelen - (sizeof(" (host)")-1)), strna(m->name),
-                               on_state, statelen, strna(m->state), off_state,
-                               on_failed, failedlen, m->n_failed_units, off_failed,
-                               jobslen, m->n_jobs);
-                else
-                        printf("%-*s %s%-*s%s %s%*" PRIu32 "%s %*" PRIu32 "\n",
-                               namelen, strna(m->name),
-                               on_state, statelen, strna(m->state), off_state,
-                               on_failed, failedlen, m->n_failed_units, off_failed,
-                               jobslen, m->n_jobs);
-        }
-
-        if (!arg_no_legend)
-                printf("\n%u machines listed.\n", n);
-}
-
-static int list_machines(int argc, char *argv[], void *userdata) {
-        struct machine_info *machine_infos = NULL;
-        sd_bus *bus;
-        int r;
-
-        if (geteuid() != 0) {
-                log_error("Must be root.");
-                return -EPERM;
-        }
-
-        pager_open(arg_no_pager, false);
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = get_machine_list(bus, &machine_infos, strv_skip(argv, 1));
-        if (r < 0)
-                return r;
-
-        qsort_safe(machine_infos, r, sizeof(struct machine_info), compare_machine_info);
-        output_machines_list(machine_infos, r);
-        free_machines_list(machine_infos, r);
-
-        return 0;
-}
-
-static int get_default(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ char *_path = NULL;
-        const char *path;
-        int r;
-
-        if (install_client_side()) {
-                r = unit_file_get_default(arg_scope, arg_root, &_path);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get default target: %m");
-                path = _path;
-
-                r = 0;
-        } else {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                sd_bus *bus;
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "GetDefaultTarget",
-                                &error,
-                                &reply,
-                                NULL);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get default target: %s", bus_error_message(&error, r));
-
-                r = sd_bus_message_read(reply, "s", &path);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-        }
-
-        if (path)
-                printf("%s\n", path);
-
-        return 0;
-}
-
-static int set_default(int argc, char *argv[], void *userdata) {
-        _cleanup_free_ char *unit = NULL;
-        UnitFileChange *changes = NULL;
-        unsigned n_changes = 0;
-        int r;
-
-        assert(argc >= 2);
-        assert(argv);
-
-        r = unit_name_mangle_with_suffix(argv[1], UNIT_NAME_NOGLOB, ".target", &unit);
-        if (r < 0)
-                return log_error_errno(r, "Failed to mangle unit name: %m");
-
-        if (install_client_side()) {
-                r = unit_file_set_default(arg_scope, arg_root, unit, true, &changes, &n_changes);
-                unit_file_dump_changes(r, "set default", changes, n_changes, arg_quiet);
-
-                if (r > 0)
-                        r = 0;
-        } else {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                sd_bus *bus;
-
-                polkit_agent_open_if_enabled();
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "SetDefaultTarget",
-                                &error,
-                                &reply,
-                                "sb", unit, 1);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to set default target: %s", bus_error_message(&error, r));
-
-                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
-                if (r < 0)
-                        goto finish;
-
-                /* Try to reload if enabled */
-                if (!arg_no_reload)
-                        r = daemon_reload(argc, argv, userdata);
-                else
-                        r = 0;
-        }
-
-finish:
-        unit_file_changes_free(changes, n_changes);
-
-        return r;
-}
-
-struct job_info {
-        uint32_t id;
-        const char *name, *type, *state;
-};
-
-static void output_jobs_list(const struct job_info* jobs, unsigned n, bool skipped) {
-        unsigned id_len, unit_len, type_len, state_len;
-        const struct job_info *j;
-        const char *on, *off;
-        bool shorten = false;
-
-        assert(n == 0 || jobs);
-
-        if (n == 0) {
-                if (!arg_no_legend) {
-                        on = ansi_highlight_green();
-                        off = ansi_normal();
-
-                        printf("%sNo jobs %s.%s\n", on, skipped ? "listed" : "running", off);
-                }
-                return;
-        }
-
-        pager_open(arg_no_pager, false);
-
-        id_len = strlen("JOB");
-        unit_len = strlen("UNIT");
-        type_len = strlen("TYPE");
-        state_len = strlen("STATE");
-
-        for (j = jobs; j < jobs + n; j++) {
-                uint32_t id = j->id;
-                assert(j->name && j->type && j->state);
-
-                id_len = MAX(id_len, DECIMAL_STR_WIDTH(id));
-                unit_len = MAX(unit_len, strlen(j->name));
-                type_len = MAX(type_len, strlen(j->type));
-                state_len = MAX(state_len, strlen(j->state));
-        }
-
-        if (!arg_full && id_len + 1 + unit_len + type_len + 1 + state_len > columns()) {
-                unit_len = MAX(33u, columns() - id_len - type_len - state_len - 3);
-                shorten = true;
-        }
-
-        if (!arg_no_legend)
-                printf("%*s %-*s %-*s %-*s\n",
-                       id_len, "JOB",
-                       unit_len, "UNIT",
-                       type_len, "TYPE",
-                       state_len, "STATE");
-
-        for (j = jobs; j < jobs + n; j++) {
-                _cleanup_free_ char *e = NULL;
-
-                if (streq(j->state, "running")) {
-                        on = ansi_highlight();
-                        off = ansi_normal();
-                } else
-                        on = off = "";
-
-                e = shorten ? ellipsize(j->name, unit_len, 33) : NULL;
-                printf("%*u %s%-*s%s %-*s %s%-*s%s\n",
-                       id_len, j->id,
-                       on, unit_len, e ? e : j->name, off,
-                       type_len, j->type,
-                       on, state_len, j->state, off);
-        }
-
-        if (!arg_no_legend) {
-                on = ansi_highlight();
-                off = ansi_normal();
-
-                printf("\n%s%u jobs listed%s.\n", on, n, off);
-        }
-}
-
-static bool output_show_job(struct job_info *job, char **patterns) {
-        return strv_fnmatch_or_empty(patterns, job->name, FNM_NOESCAPE);
-}
-
-static int list_jobs(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *name, *type, *state, *job_path, *unit_path;
-        _cleanup_free_ struct job_info *jobs = NULL;
-        size_t size = 0;
-        unsigned c = 0;
-        sd_bus *bus;
-        uint32_t id;
-        int r;
-        bool skipped = false;
-
-        pager_open(arg_no_pager, false);
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "ListJobs",
-                        &error,
-                        &reply,
-                        NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to list jobs: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, 'a', "(usssoo)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(usssoo)", &id, &name, &type, &state, &job_path, &unit_path)) > 0) {
-                struct job_info job = { id, name, type, state };
-
-                if (!output_show_job(&job, strv_skip(argv, 1))) {
-                        skipped = true;
-                        continue;
-                }
-
-                if (!GREEDY_REALLOC(jobs, size, c + 1))
-                        return log_oom();
-
-                jobs[c++] = job;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        output_jobs_list(jobs, c, skipped);
-        return 0;
-}
-
-static int cancel_job(int argc, char *argv[], void *userdata) {
-        sd_bus *bus;
-        char **name;
-        int r = 0;
-
-        if (argc <= 1)
-                return daemon_reload(argc, argv, userdata);
-
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH(name, strv_skip(argv, 1)) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                uint32_t id;
-                int q;
-
-                q = safe_atou32(*name, &id);
-                if (q < 0)
-                        return log_error_errno(q, "Failed to parse job id \"%s\": %m", *name);
-
-                q = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "CancelJob",
-                                &error,
-                                NULL,
-                                "u", id);
-                if (q < 0) {
-                        log_error_errno(q, "Failed to cancel job %"PRIu32": %s", id, bus_error_message(&error, q));
-                        if (r == 0)
-                                r = q;
-                }
-        }
-
-        return r;
-}
-
-static int need_daemon_reload(sd_bus *bus, const char *unit) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *path;
-        int b, r;
-
-        /* We ignore all errors here, since this is used to show a
-         * warning only */
-
-        /* We don't use unit_dbus_path_from_name() directly since we
-         * don't want to load the unit if it isn't loaded. */
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "GetUnit",
-                        NULL,
-                        &reply,
-                        "s", unit);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read(reply, "o", &path);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_get_property_trivial(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        "NeedDaemonReload",
-                        NULL,
-                        'b', &b);
-        if (r < 0)
-                return r;
-
-        return b;
-}
-
-static void warn_unit_file_changed(const char *name) {
-        assert(name);
-
-        log_warning("%sWarning:%s %s changed on disk. Run 'systemctl%s daemon-reload' to reload units.",
-                    ansi_highlight_red(),
-                    ansi_normal(),
-                    name,
-                    arg_scope == UNIT_FILE_SYSTEM ? "" : " --user");
-}
-
-static int unit_file_find_path(LookupPaths *lp, const char *unit_name, char **unit_path) {
-        char **p;
-
-        assert(lp);
-        assert(unit_name);
-        assert(unit_path);
-
-        STRV_FOREACH(p, lp->search_path) {
-                _cleanup_free_ char *path;
-
-                path = path_join(arg_root, *p, unit_name);
-                if (!path)
-                        return log_oom();
-
-                if (access(path, F_OK) == 0) {
-                        *unit_path = path;
-                        path = NULL;
-                        return 1;
-                }
-        }
-
-        return 0;
-}
-
-static int unit_find_paths(
-                sd_bus *bus,
-                const char *unit_name,
-                LookupPaths *lp,
-                char **fragment_path,
-                char ***dropin_paths) {
-
-        _cleanup_free_ char *path = NULL;
-        _cleanup_strv_free_ char **dropins = NULL;
-        int r;
-
-        /**
-         * Finds where the unit is defined on disk. Returns 0 if the unit
-         * is not found. Returns 1 if it is found, and sets
-         * - the path to the unit in *path, if it exists on disk,
-         * - and a strv of existing drop-ins in *dropins,
-         *   if the arg is not NULL and any dropins were found.
-         */
-
-        assert(unit_name);
-        assert(fragment_path);
-        assert(lp);
-
-        if (!install_client_side() && !unit_name_is_valid(unit_name, UNIT_NAME_TEMPLATE)) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_free_ char *unit = NULL;
-
-                unit = unit_dbus_path_from_name(unit_name);
-                if (!unit)
-                        return log_oom();
-
-                r = sd_bus_get_property_string(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                unit,
-                                "org.freedesktop.systemd1.Unit",
-                                "FragmentPath",
-                                &error,
-                                &path);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to get FragmentPath: %s", bus_error_message(&error, r));
-
-                if (dropin_paths) {
-                        r = sd_bus_get_property_strv(
-                                        bus,
-                                        "org.freedesktop.systemd1",
-                                        unit,
-                                        "org.freedesktop.systemd1.Unit",
-                                        "DropInPaths",
-                                        &error,
-                                        &dropins);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get DropInPaths: %s", bus_error_message(&error, r));
-                }
-        } else {
-                _cleanup_set_free_ Set *names;
-
-                names = set_new(NULL);
-                if (!names)
-                        return log_oom();
-
-                r = set_put(names, unit_name);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add unit name: %m");
-
-                r = unit_file_find_path(lp, unit_name, &path);
-                if (r < 0)
-                        return r;
-
-                if (r == 0) {
-                        _cleanup_free_ char *template = NULL;
-
-                        r = unit_name_template(unit_name, &template);
-                        if (r < 0 && r != -EINVAL)
-                                return log_error_errno(r, "Failed to determine template name: %m");
-                        if (r >= 0) {
-                                r = unit_file_find_path(lp, template, &path);
-                                if (r < 0)
-                                        return r;
-                        }
-                }
-
-                if (dropin_paths) {
-                        r = unit_file_find_dropin_paths(lp->search_path, NULL, names, &dropins);
-                        if (r < 0)
-                                return r;
-                }
-        }
-
-        r = 0;
-
-        if (!isempty(path)) {
-                *fragment_path = path;
-                path = NULL;
-                r = 1;
-        }
-
-        if (dropin_paths && !strv_isempty(dropins)) {
-                *dropin_paths = dropins;
-                dropins = NULL;
-                r = 1;
-        }
-
-        if (r == 0)
-                log_error("No files found for %s.", unit_name);
-
-        return r;
-}
-
-static int get_state_one_unit(sd_bus *bus, const char *name, UnitActiveState *active_state) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ char *buf = NULL;
-        UnitActiveState state;
-        const char *path;
-        int r;
-
-        assert(name);
-        assert(active_state);
-
-        /* We don't use unit_dbus_path_from_name() directly since we don't want to load the unit unnecessarily, if it
-         * isn't loaded. */
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "GetUnit",
-                        &error,
-                        &reply,
-                        "s", name);
-        if (r < 0) {
-                if (!sd_bus_error_has_name(&error,  BUS_ERROR_NO_SUCH_UNIT))
-                        return log_error_errno(r, "Failed to retrieve unit: %s", bus_error_message(&error, r));
-
-                /* The unit is currently not loaded, hence say it's "inactive", since all units that aren't loaded are
-                 * considered inactive. */
-                state = UNIT_INACTIVE;
-
-        } else {
-                r = sd_bus_message_read(reply, "o", &path);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_get_property_string(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                path,
-                                "org.freedesktop.systemd1.Unit",
-                                "ActiveState",
-                                &error,
-                                &buf);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to retrieve unit state: %s", bus_error_message(&error, r));
-
-                state = unit_active_state_from_string(buf);
-                if (state == _UNIT_ACTIVE_STATE_INVALID) {
-                        log_error("Invalid unit state '%s' for: %s", buf, name);
-                        return -EINVAL;
-                }
-        }
-
-        *active_state = state;
-        return 0;
-}
-
-static int check_triggering_units(
-                sd_bus *bus,
-                const char *name) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_free_ char *path = NULL, *n = NULL, *load_state = NULL;
-        _cleanup_strv_free_ char **triggered_by = NULL;
-        bool print_warning_label = true;
-        UnitActiveState active_state;
-        char **i;
-        int r;
-
-        r = unit_name_mangle(name, UNIT_NAME_NOGLOB, &n);
-        if (r < 0)
-                return log_error_errno(r, "Failed to mangle unit name: %m");
-
-        path = unit_dbus_path_from_name(n);
-        if (!path)
-                return log_oom();
-
-        r = sd_bus_get_property_string(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        "LoadState",
-                        &error,
-                        &load_state);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get load state of %s: %s", n, bus_error_message(&error, r));
-
-        if (streq(load_state, "masked"))
-                return 0;
-
-        r = sd_bus_get_property_strv(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.systemd1.Unit",
-                        "TriggeredBy",
-                        &error,
-                        &triggered_by);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get triggered by array of %s: %s", n, bus_error_message(&error, r));
-
-        STRV_FOREACH(i, triggered_by) {
-                r = get_state_one_unit(bus, *i, &active_state);
-                if (r < 0)
-                        return r;
-
-                if (!IN_SET(active_state, UNIT_ACTIVE, UNIT_RELOADING))
-                        continue;
-
-                if (print_warning_label) {
-                        log_warning("Warning: Stopping %s, but it can still be activated by:", n);
-                        print_warning_label = false;
-                }
-
-                log_warning("  %s", *i);
-        }
-
-        return 0;
-}
-
-static const struct {
-        const char *verb;
-        const char *method;
-} unit_actions[] = {
-        { "start",                 "StartUnit" },
-        { "stop",                  "StopUnit" },
-        { "condstop",              "StopUnit" },
-        { "reload",                "ReloadUnit" },
-        { "restart",               "RestartUnit" },
-        { "try-restart",           "TryRestartUnit" },
-        { "condrestart",           "TryRestartUnit" },
-        { "reload-or-restart",     "ReloadOrRestartUnit" },
-        { "try-reload-or-restart", "ReloadOrTryRestartUnit" },
-        { "reload-or-try-restart", "ReloadOrTryRestartUnit" },
-        { "condreload",            "ReloadOrTryRestartUnit" },
-        { "force-reload",          "ReloadOrTryRestartUnit" }
-};
-
-static const char *verb_to_method(const char *verb) {
-       uint i;
-
-       for (i = 0; i < ELEMENTSOF(unit_actions); i++)
-                if (streq_ptr(unit_actions[i].verb, verb))
-                        return unit_actions[i].method;
-
-       return "StartUnit";
-}
-
-static const char *method_to_verb(const char *method) {
-       uint i;
-
-       for (i = 0; i < ELEMENTSOF(unit_actions); i++)
-                if (streq_ptr(unit_actions[i].method, method))
-                        return unit_actions[i].verb;
-
-       return "n/a";
-}
-
-static int start_unit_one(
-                sd_bus *bus,
-                const char *method,
-                const char *name,
-                const char *mode,
-                sd_bus_error *error,
-                BusWaitForJobs *w) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *path;
-        int r;
-
-        assert(method);
-        assert(name);
-        assert(mode);
-        assert(error);
-
-        log_debug("Calling manager for %s on %s, %s", method, name, mode);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        method,
-                        error,
-                        &reply,
-                        "ss", name, mode);
-        if (r < 0) {
-                const char *verb;
-
-                if (r == -ENOENT && arg_action != ACTION_SYSTEMCTL)
-                        /* There's always a fallback possible for
-                         * legacy actions. */
-                        return -EADDRNOTAVAIL;
-
-                verb = method_to_verb(method);
-
-                log_error("Failed to %s %s: %s", verb, name, bus_error_message(error, r));
-
-                if (!sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) &&
-                    !sd_bus_error_has_name(error, BUS_ERROR_UNIT_MASKED))
-                        log_error("See %s logs and 'systemctl%s status %s' for details.",
-                                   arg_scope == UNIT_FILE_SYSTEM ? "system" : "user",
-                                   arg_scope == UNIT_FILE_SYSTEM ? "" : " --user",
-                                   name);
-
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "o", &path);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (need_daemon_reload(bus, name) > 0)
-                warn_unit_file_changed(name);
-
-        if (w) {
-                log_debug("Adding %s to the set", path);
-                r = bus_wait_for_jobs_add(w, path);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        return 0;
-}
-
-static int expand_names(sd_bus *bus, char **names, const char* suffix, char ***ret) {
-        _cleanup_strv_free_ char **mangled = NULL, **globs = NULL;
-        char **name;
-        int r, i;
-
-        assert(bus);
-        assert(ret);
-
-        STRV_FOREACH(name, names) {
-                char *t;
-
-                if (suffix)
-                        r = unit_name_mangle_with_suffix(*name, UNIT_NAME_GLOB, suffix, &t);
-                else
-                        r = unit_name_mangle(*name, UNIT_NAME_GLOB, &t);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to mangle name: %m");
-
-                if (string_is_glob(t))
-                        r = strv_consume(&globs, t);
-                else
-                        r = strv_consume(&mangled, t);
-                if (r < 0)
-                        return log_oom();
-        }
-
-        /* Query the manager only if any of the names are a glob, since
-         * this is fairly expensive */
-        if (!strv_isempty(globs)) {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                _cleanup_free_ UnitInfo *unit_infos = NULL;
-                size_t allocated, n;
-
-                r = get_unit_list(bus, NULL, globs, &unit_infos, 0, &reply);
-                if (r < 0)
-                        return r;
-
-                n = strv_length(mangled);
-                allocated = n + 1;
-
-                for (i = 0; i < r; i++) {
-                        if (!GREEDY_REALLOC(mangled, allocated, n+2))
-                                return log_oom();
-
-                        mangled[n] = strdup(unit_infos[i].id);
-                        if (!mangled[n])
-                                return log_oom();
-
-                        mangled[++n] = NULL;
-                }
-        }
-
-        *ret = mangled;
-        mangled = NULL; /* do not free */
-
-        return 0;
-}
-
-static const struct {
-        const char *target;
-        const char *verb;
-        const char *mode;
-} action_table[_ACTION_MAX] = {
-        [ACTION_HALT]         = { SPECIAL_HALT_TARGET,         "halt",         "replace-irreversibly" },
-        [ACTION_POWEROFF]     = { SPECIAL_POWEROFF_TARGET,     "poweroff",     "replace-irreversibly" },
-        [ACTION_REBOOT]       = { SPECIAL_REBOOT_TARGET,       "reboot",       "replace-irreversibly" },
-        [ACTION_KEXEC]        = { SPECIAL_KEXEC_TARGET,        "kexec",        "replace-irreversibly" },
-        [ACTION_RUNLEVEL2]    = { SPECIAL_MULTI_USER_TARGET,   NULL,           "isolate" },
-        [ACTION_RUNLEVEL3]    = { SPECIAL_MULTI_USER_TARGET,   NULL,           "isolate" },
-        [ACTION_RUNLEVEL4]    = { SPECIAL_MULTI_USER_TARGET,   NULL,           "isolate" },
-        [ACTION_RUNLEVEL5]    = { SPECIAL_GRAPHICAL_TARGET,    NULL,           "isolate" },
-        [ACTION_RESCUE]       = { SPECIAL_RESCUE_TARGET,       "rescue",       "isolate" },
-        [ACTION_EMERGENCY]    = { SPECIAL_EMERGENCY_TARGET,    "emergency",    "isolate" },
-        [ACTION_DEFAULT]      = { SPECIAL_DEFAULT_TARGET,      "default",      "isolate" },
-        [ACTION_EXIT]         = { SPECIAL_EXIT_TARGET,         "exit",         "replace-irreversibly" },
-        [ACTION_SUSPEND]      = { SPECIAL_SUSPEND_TARGET,      "suspend",      "replace-irreversibly" },
-        [ACTION_HIBERNATE]    = { SPECIAL_HIBERNATE_TARGET,    "hibernate",    "replace-irreversibly" },
-        [ACTION_HYBRID_SLEEP] = { SPECIAL_HYBRID_SLEEP_TARGET, "hybrid-sleep", "replace-irreversibly" },
-};
-
-static enum action verb_to_action(const char *verb) {
-        enum action i;
-
-        for (i = _ACTION_INVALID; i < _ACTION_MAX; i++)
-                if (streq_ptr(action_table[i].verb, verb))
-                        return i;
-
-        return _ACTION_INVALID;
-}
-
-static int start_unit(int argc, char *argv[], void *userdata) {
-        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
-        const char *method, *mode, *one_name, *suffix = NULL;
-        _cleanup_strv_free_ char **names = NULL;
-        sd_bus *bus;
-        char **name;
-        int r = 0;
-
-        ask_password_agent_open_if_enabled();
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        if (arg_action == ACTION_SYSTEMCTL) {
-                enum action action;
-
-                method = verb_to_method(argv[0]);
-                action = verb_to_action(argv[0]);
-
-                if (streq(argv[0], "isolate")) {
-                        mode = "isolate";
-                        suffix = ".target";
-                } else
-                        mode = action_table[action].mode ?: arg_job_mode;
-
-                one_name = action_table[action].target;
-        } else {
-                assert(arg_action < ELEMENTSOF(action_table));
-                assert(action_table[arg_action].target);
-
-                method = "StartUnit";
-
-                mode = action_table[arg_action].mode;
-                one_name = action_table[arg_action].target;
-        }
-
-        if (one_name)
-                names = strv_new(one_name, NULL);
-        else {
-                r = expand_names(bus, strv_skip(argv, 1), suffix, &names);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to expand names: %m");
-        }
-
-        if (!arg_no_block) {
-                r = bus_wait_for_jobs_new(bus, &w);
-                if (r < 0)
-                        return log_error_errno(r, "Could not watch jobs: %m");
-        }
-
-        STRV_FOREACH(name, names) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                int q;
-
-                q = start_unit_one(bus, method, *name, mode, &error, w);
-                if (r >= 0 && q < 0)
-                        r = translate_bus_error_to_exit_status(q, &error);
-        }
-
-        if (!arg_no_block) {
-                int q, arg_count = 0;
-                const char* extra_args[4] = {};
-
-                if (arg_scope != UNIT_FILE_SYSTEM)
-                        extra_args[arg_count++] = "--user";
-
-                assert(IN_SET(arg_transport, BUS_TRANSPORT_LOCAL, BUS_TRANSPORT_REMOTE, BUS_TRANSPORT_MACHINE));
-                if (arg_transport == BUS_TRANSPORT_REMOTE) {
-                        extra_args[arg_count++] = "-H";
-                        extra_args[arg_count++] = arg_host;
-                } else if (arg_transport == BUS_TRANSPORT_MACHINE) {
-                        extra_args[arg_count++] = "-M";
-                        extra_args[arg_count++] = arg_host;
-                }
-
-                q = bus_wait_for_jobs(w, arg_quiet, extra_args);
-                if (q < 0)
-                        return q;
-
-                /* When stopping units, warn if they can still be triggered by
-                 * another active unit (socket, path, timer) */
-                if (!arg_quiet && streq(method, "StopUnit"))
-                        STRV_FOREACH(name, names)
-                                check_triggering_units(bus, *name);
-        }
-
-        return r;
-}
-
-static int logind_set_wall_message(void) {
-#ifdef HAVE_LOGIND
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus;
-        _cleanup_free_ char *m = NULL;
-        int r;
-
-        r = acquire_bus(BUS_FULL, &bus);
-        if (r < 0)
-                return r;
-
-        m = strv_join(arg_wall, " ");
-        if (!m)
-                return log_oom();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "SetWallMessage",
-                        &error,
-                        NULL,
-                        "sb",
-                        m,
-                        !arg_no_wall);
-
-        if (r < 0)
-                return log_warning_errno(r, "Failed to set wall message, ignoring: %s", bus_error_message(&error, r));
-
-#endif
-        return 0;
-}
-
-/* Ask systemd-logind, which might grant access to unprivileged users
- * through PolicyKit */
-static int logind_reboot(enum action a) {
-#ifdef HAVE_LOGIND
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *method, *description;
-        sd_bus *bus;
-        int r;
-
-        polkit_agent_open_if_enabled();
-        (void) logind_set_wall_message();
-
-        r = acquire_bus(BUS_FULL, &bus);
-        if (r < 0)
-                return r;
-
-        switch (a) {
-
-        case ACTION_REBOOT:
-                method = "Reboot";
-                description = "reboot system";
-                break;
-
-        case ACTION_POWEROFF:
-                method = "PowerOff";
-                description = "power off system";
-                break;
-
-        case ACTION_SUSPEND:
-                method = "Suspend";
-                description = "suspend system";
-                break;
-
-        case ACTION_HIBERNATE:
-                method = "Hibernate";
-                description = "hibernate system";
-                break;
-
-        case ACTION_HYBRID_SLEEP:
-                method = "HybridSleep";
-                description = "put system into hybrid sleep";
-                break;
-
-        default:
-                return -EINVAL;
-        }
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        method,
-                        &error,
-                        NULL,
-                        "b", arg_ask_password);
-        if (r < 0)
-                return log_error_errno(r, "Failed to %s via logind: %s", description, bus_error_message(&error, r));
-
-        return 0;
-#else
-        return -ENOSYS;
-#endif
-}
-
-static int logind_check_inhibitors(enum action a) {
-#ifdef HAVE_LOGIND
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_strv_free_ char **sessions = NULL;
-        const char *what, *who, *why, *mode;
-        uint32_t uid, pid;
-        sd_bus *bus;
-        unsigned c = 0;
-        char **s;
-        int r;
-
-        if (arg_ignore_inhibitors || arg_force > 0)
-                return 0;
-
-        if (arg_when > 0)
-                return 0;
-
-        if (geteuid() == 0)
-                return 0;
-
-        if (!on_tty())
-                return 0;
-
-        r = acquire_bus(BUS_FULL, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "ListInhibitors",
-                        NULL,
-                        &reply,
-                        NULL);
-        if (r < 0)
-                /* If logind is not around, then there are no inhibitors... */
-                return 0;
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssuu)");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read(reply, "(ssssuu)", &what, &who, &why, &mode, &uid, &pid)) > 0) {
-                _cleanup_free_ char *comm = NULL, *user = NULL;
-                _cleanup_strv_free_ char **sv = NULL;
-
-                if (!streq(mode, "block"))
-                        continue;
-
-                sv = strv_split(what, ":");
-                if (!sv)
-                        return log_oom();
-
-                if ((pid_t) pid < 0)
-                        return log_error_errno(ERANGE, "Bad PID %"PRIu32": %m", pid);
-
-                if (!strv_contains(sv,
-                                   IN_SET(a,
-                                          ACTION_HALT,
-                                          ACTION_POWEROFF,
-                                          ACTION_REBOOT,
-                                          ACTION_KEXEC) ? "shutdown" : "sleep"))
-                        continue;
-
-                get_process_comm(pid, &comm);
-                user = uid_to_name(uid);
-
-                log_warning("Operation inhibited by \"%s\" (PID "PID_FMT" \"%s\", user %s), reason is \"%s\".",
-                            who, (pid_t) pid, strna(comm), strna(user), why);
-
-                c++;
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        /* Check for current sessions */
-        sd_get_sessions(&sessions);
-        STRV_FOREACH(s, sessions) {
-                _cleanup_free_ char *type = NULL, *tty = NULL, *seat = NULL, *user = NULL, *service = NULL, *class = NULL;
-
-                if (sd_session_get_uid(*s, &uid) < 0 || uid == getuid())
-                        continue;
-
-                if (sd_session_get_class(*s, &class) < 0 || !streq(class, "user"))
-                        continue;
-
-                if (sd_session_get_type(*s, &type) < 0 || (!streq(type, "x11") && !streq(type, "tty")))
-                        continue;
-
-                sd_session_get_tty(*s, &tty);
-                sd_session_get_seat(*s, &seat);
-                sd_session_get_service(*s, &service);
-                user = uid_to_name(uid);
-
-                log_warning("User %s is logged in on %s.", strna(user), isempty(tty) ? (isempty(seat) ? strna(service) : seat) : tty);
-                c++;
-        }
-
-        if (c <= 0)
-                return 0;
-
-        log_error("Please retry operation after closing inhibitors and logging out other users.\nAlternatively, ignore inhibitors and users with 'systemctl %s -i'.",
-                  action_table[a].verb);
-
-        return -EPERM;
-#else
-        return 0;
-#endif
-}
-
-static int logind_prepare_firmware_setup(void) {
-#ifdef HAVE_LOGIND
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus;
-        int r;
-
-        r = acquire_bus(BUS_FULL, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "SetRebootToFirmwareSetup",
-                        &error,
-                        NULL,
-                        "b", true);
-        if (r < 0)
-                return log_error_errno(r, "Cannot indicate to EFI to boot into setup mode: %s", bus_error_message(&error, r));
-
-        return 0;
-#else
-        log_error("Cannot remotely indicate to EFI to boot into setup mode.");
-        return -ENOSYS;
-#endif
-}
-
-static int prepare_firmware_setup(void) {
-        int r;
-
-        if (!arg_firmware_setup)
-                return 0;
-
-        if (arg_transport == BUS_TRANSPORT_LOCAL) {
-
-                r = efi_set_reboot_to_firmware(true);
-                if (r < 0)
-                        log_debug_errno(r, "Cannot indicate to EFI to boot into setup mode, will retry via logind: %m");
-                else
-                        return r;
-        }
-
-        return logind_prepare_firmware_setup();
-}
-
-static int set_exit_code(uint8_t code) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus;
-        int r;
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "SetExitCode",
-                        &error,
-                        NULL,
-                        "y", code);
-        if (r < 0)
-                return log_error_errno(r, "Failed to set exit code: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int start_special(int argc, char *argv[], void *userdata) {
-        enum action a;
-        int r;
-
-        assert(argv);
-
-        a = verb_to_action(argv[0]);
-
-        r = logind_check_inhibitors(a);
-        if (r < 0)
-                return r;
-
-        if (arg_force >= 2 && geteuid() != 0) {
-                log_error("Must be root.");
-                return -EPERM;
-        }
-
-        r = prepare_firmware_setup();
-        if (r < 0)
-                return r;
-
-        if (a == ACTION_REBOOT && argc > 1) {
-                r = update_reboot_parameter_and_warn(argv[1]);
-                if (r < 0)
-                        return r;
-
-        } else if (a == ACTION_EXIT && argc > 1) {
-                uint8_t code;
-
-                /* If the exit code is not given on the command line,
-                 * don't reset it to zero: just keep it as it might
-                 * have been set previously. */
-
-                r = safe_atou8(argv[1], &code);
-                if (r < 0)
-                        return log_error_errno(r, "Invalid exit code.");
-
-                r = set_exit_code(code);
-                if (r < 0)
-                        return r;
-        }
-
-        if (arg_force >= 2 &&
-            IN_SET(a,
-                   ACTION_HALT,
-                   ACTION_POWEROFF,
-                   ACTION_REBOOT))
-                return halt_now(a);
-
-        if (arg_force >= 1 &&
-            IN_SET(a,
-                   ACTION_HALT,
-                   ACTION_POWEROFF,
-                   ACTION_REBOOT,
-                   ACTION_KEXEC,
-                   ACTION_EXIT))
-                return daemon_reload(argc, argv, userdata);
-
-        /* First try logind, to allow authentication with polkit */
-        if (IN_SET(a,
-                   ACTION_POWEROFF,
-                   ACTION_REBOOT,
-                   ACTION_SUSPEND,
-                   ACTION_HIBERNATE,
-                   ACTION_HYBRID_SLEEP)) {
-                r = logind_reboot(a);
-                if (r >= 0)
-                        return r;
-                if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
-                        /* requested operation is not supported or already in progress */
-                        return r;
-
-                /* On all other errors, try low-level operation */
-        }
-
-        return start_unit(argc, argv, userdata);
-}
-
-static int check_unit_generic(int code, const UnitActiveState good_states[], int nb_states, char **args) {
-        _cleanup_strv_free_ char **names = NULL;
-        UnitActiveState active_state;
-        sd_bus *bus;
-        char **name;
-        int r, i;
-        bool found = false;
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = expand_names(bus, args, NULL, &names);
-        if (r < 0)
-                return log_error_errno(r, "Failed to expand names: %m");
-
-        STRV_FOREACH(name, names) {
-                r = get_state_one_unit(bus, *name, &active_state);
-                if (r < 0)
-                        return r;
-
-                if (!arg_quiet)
-                        puts(unit_active_state_to_string(active_state));
-
-                for (i = 0; i < nb_states; ++i)
-                        if (good_states[i] == active_state)
-                                found = true;
-        }
-
-        /* use the given return code for the case that we won't find
-         * any unit which matches the list */
-        return found ? 0 : code;
-}
-
-static int check_unit_active(int argc, char *argv[], void *userdata) {
-        const UnitActiveState states[] = { UNIT_ACTIVE, UNIT_RELOADING };
-        /* According to LSB: 3, "program is not running" */
-        return check_unit_generic(3, states, ELEMENTSOF(states), strv_skip(argv, 1));
-}
-
-static int check_unit_failed(int argc, char *argv[], void *userdata) {
-        const UnitActiveState states[] = { UNIT_FAILED };
-        return check_unit_generic(1, states, ELEMENTSOF(states), strv_skip(argv, 1));
-}
-
-static int kill_unit(int argc, char *argv[], void *userdata) {
-        _cleanup_strv_free_ char **names = NULL;
-        char *kill_who = NULL, **name;
-        sd_bus *bus;
-        int r, q;
-
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        if (!arg_kill_who)
-                arg_kill_who = "all";
-
-        /* --fail was specified */
-        if (streq(arg_job_mode, "fail"))
-                kill_who = strjoina(arg_kill_who, "-fail");
-
-        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
-        if (r < 0)
-                return log_error_errno(r, "Failed to expand names: %m");
-
-        STRV_FOREACH(name, names) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-
-                q = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "KillUnit",
-                                &error,
-                                NULL,
-                                "ssi", *names, kill_who ? kill_who : arg_kill_who, arg_signal);
-                if (q < 0) {
-                        log_error_errno(q, "Failed to kill unit %s: %s", *names, bus_error_message(&error, q));
-                        if (r == 0)
-                                r = q;
-                }
-        }
-
-        return r;
-}
-
-typedef struct ExecStatusInfo {
-        char *name;
-
-        char *path;
-        char **argv;
-
-        bool ignore;
-
-        usec_t start_timestamp;
-        usec_t exit_timestamp;
-        pid_t pid;
-        int code;
-        int status;
-
-        LIST_FIELDS(struct ExecStatusInfo, exec);
-} ExecStatusInfo;
-
-static void exec_status_info_free(ExecStatusInfo *i) {
-        assert(i);
-
-        free(i->name);
-        free(i->path);
-        strv_free(i->argv);
-        free(i);
-}
-
-static int exec_status_info_deserialize(sd_bus_message *m, ExecStatusInfo *i) {
-        uint64_t start_timestamp, exit_timestamp, start_timestamp_monotonic, exit_timestamp_monotonic;
-        const char *path;
-        uint32_t pid;
-        int32_t code, status;
-        int ignore, r;
-
-        assert(m);
-        assert(i);
-
-        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_STRUCT, "sasbttttuii");
-        if (r < 0)
-                return bus_log_parse_error(r);
-        else if (r == 0)
-                return 0;
-
-        r = sd_bus_message_read(m, "s", &path);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        i->path = strdup(path);
-        if (!i->path)
-                return log_oom();
-
-        r = sd_bus_message_read_strv(m, &i->argv);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_read(m,
-                                "bttttuii",
-                                &ignore,
-                                &start_timestamp, &start_timestamp_monotonic,
-                                &exit_timestamp, &exit_timestamp_monotonic,
-                                &pid,
-                                &code, &status);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        i->ignore = ignore;
-        i->start_timestamp = (usec_t) start_timestamp;
-        i->exit_timestamp = (usec_t) exit_timestamp;
-        i->pid = (pid_t) pid;
-        i->code = code;
-        i->status = status;
-
-        r = sd_bus_message_exit_container(m);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return 1;
-}
-
-typedef struct UnitStatusInfo {
-        const char *id;
-        const char *load_state;
-        const char *active_state;
-        const char *sub_state;
-        const char *unit_file_state;
-        const char *unit_file_preset;
-
-        const char *description;
-        const char *following;
-
-        char **documentation;
-
-        const char *fragment_path;
-        const char *source_path;
-        const char *control_group;
-
-        char **dropin_paths;
-
-        const char *load_error;
-        const char *result;
-
-        usec_t inactive_exit_timestamp;
-        usec_t inactive_exit_timestamp_monotonic;
-        usec_t active_enter_timestamp;
-        usec_t active_exit_timestamp;
-        usec_t inactive_enter_timestamp;
-
-        bool need_daemon_reload;
-        bool transient;
-
-        /* Service */
-        pid_t main_pid;
-        pid_t control_pid;
-        const char *status_text;
-        const char *pid_file;
-        bool running:1;
-        int status_errno;
-
-        usec_t start_timestamp;
-        usec_t exit_timestamp;
-
-        int exit_code, exit_status;
-
-        usec_t condition_timestamp;
-        bool condition_result;
-        bool failed_condition_trigger;
-        bool failed_condition_negate;
-        const char *failed_condition;
-        const char *failed_condition_parameter;
-
-        usec_t assert_timestamp;
-        bool assert_result;
-        bool failed_assert_trigger;
-        bool failed_assert_negate;
-        const char *failed_assert;
-        const char *failed_assert_parameter;
-
-        /* Socket */
-        unsigned n_accepted;
-        unsigned n_connections;
-        bool accept;
-
-        /* Pairs of type, path */
-        char **listen;
-
-        /* Device */
-        const char *sysfs_path;
-
-        /* Mount, Automount */
-        const char *where;
-
-        /* Swap */
-        const char *what;
-
-        /* CGroup */
-        uint64_t memory_current;
-        uint64_t memory_limit;
-        uint64_t cpu_usage_nsec;
-        uint64_t tasks_current;
-        uint64_t tasks_max;
-
-        LIST_HEAD(ExecStatusInfo, exec);
-} UnitStatusInfo;
-
-static void print_status_info(
-                sd_bus *bus,
-                UnitStatusInfo *i,
-                bool *ellipsized) {
-
-        ExecStatusInfo *p;
-        const char *active_on, *active_off, *on, *off, *ss;
-        usec_t timestamp;
-        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], *s1;
-        char since2[FORMAT_TIMESTAMP_MAX], *s2;
-        const char *path;
-        char **t, **t2;
-        int r;
-
-        assert(i);
-
-        /* This shows pretty information about a unit. See
-         * print_property() for a low-level property printer */
-
-        if (streq_ptr(i->active_state, "failed")) {
-                active_on = ansi_highlight_red();
-                active_off = ansi_normal();
-        } else if (streq_ptr(i->active_state, "active") || streq_ptr(i->active_state, "reloading")) {
-                active_on = ansi_highlight_green();
-                active_off = ansi_normal();
-        } else
-                active_on = active_off = "";
-
-        printf("%s%s%s %s", active_on, special_glyph(BLACK_CIRCLE), active_off, strna(i->id));
-
-        if (i->description && !streq_ptr(i->id, i->description))
-                printf(" - %s", i->description);
-
-        printf("\n");
-
-        if (i->following)
-                printf("   Follow: unit currently follows state of %s\n", i->following);
-
-        if (streq_ptr(i->load_state, "error")) {
-                on = ansi_highlight_red();
-                off = ansi_normal();
-        } else
-                on = off = "";
-
-        path = i->source_path ? i->source_path : i->fragment_path;
-
-        if (i->load_error != 0)
-                printf("   Loaded: %s%s%s (Reason: %s)\n",
-                       on, strna(i->load_state), off, i->load_error);
-        else if (path && !isempty(i->unit_file_state) && !isempty(i->unit_file_preset))
-                printf("   Loaded: %s%s%s (%s; %s; vendor preset: %s)\n",
-                       on, strna(i->load_state), off, path, i->unit_file_state, i->unit_file_preset);
-        else if (path && !isempty(i->unit_file_state))
-                printf("   Loaded: %s%s%s (%s; %s)\n",
-                       on, strna(i->load_state), off, path, i->unit_file_state);
-        else if (path)
-                printf("   Loaded: %s%s%s (%s)\n",
-                       on, strna(i->load_state), off, path);
-        else
-                printf("   Loaded: %s%s%s\n",
-                       on, strna(i->load_state), off);
-
-        if (i->transient)
-                printf("Transient: yes\n");
-
-        if (!strv_isempty(i->dropin_paths)) {
-                _cleanup_free_ char *dir = NULL;
-                bool last = false;
-                char ** dropin;
-
-                STRV_FOREACH(dropin, i->dropin_paths) {
-                        if (! dir || last) {
-                                printf(dir ? "        " : "  Drop-In: ");
-
-                                dir = mfree(dir);
-
-                                dir = dirname_malloc(*dropin);
-                                if (!dir) {
-                                        log_oom();
-                                        return;
-                                }
-
-                                printf("%s\n           %s", dir,
-                                       special_glyph(TREE_RIGHT));
-                        }
-
-                        last = ! (*(dropin + 1) && startswith(*(dropin + 1), dir));
-
-                        printf("%s%s", basename(*dropin), last ? "\n" : ", ");
-                }
-        }
-
-        ss = streq_ptr(i->active_state, i->sub_state) ? NULL : i->sub_state;
-        if (ss)
-                printf("   Active: %s%s (%s)%s",
-                       active_on, strna(i->active_state), ss, active_off);
-        else
-                printf("   Active: %s%s%s",
-                       active_on, strna(i->active_state), active_off);
-
-        if (!isempty(i->result) && !streq(i->result, "success"))
-                printf(" (Result: %s)", i->result);
-
-        timestamp = (streq_ptr(i->active_state, "active")      ||
-                     streq_ptr(i->active_state, "reloading"))   ? i->active_enter_timestamp :
-                    (streq_ptr(i->active_state, "inactive")    ||
-                     streq_ptr(i->active_state, "failed"))      ? i->inactive_enter_timestamp :
-                    streq_ptr(i->active_state, "activating")    ? i->inactive_exit_timestamp :
-                                                                  i->active_exit_timestamp;
-
-        s1 = format_timestamp_relative(since1, sizeof(since1), timestamp);
-        s2 = format_timestamp(since2, sizeof(since2), timestamp);
-
-        if (s1)
-                printf(" since %s; %s\n", s2, s1);
-        else if (s2)
-                printf(" since %s\n", s2);
-        else
-                printf("\n");
-
-        if (!i->condition_result && i->condition_timestamp > 0) {
-                s1 = format_timestamp_relative(since1, sizeof(since1), i->condition_timestamp);
-                s2 = format_timestamp(since2, sizeof(since2), i->condition_timestamp);
-
-                printf("Condition: start %scondition failed%s at %s%s%s\n",
-                       ansi_highlight_yellow(), ansi_normal(),
-                       s2, s1 ? "; " : "", strempty(s1));
-                if (i->failed_condition_trigger)
-                        printf("           none of the trigger conditions were met\n");
-                else if (i->failed_condition)
-                        printf("           %s=%s%s was not met\n",
-                               i->failed_condition,
-                               i->failed_condition_negate ? "!" : "",
-                               i->failed_condition_parameter);
-        }
-
-        if (!i->assert_result && i->assert_timestamp > 0) {
-                s1 = format_timestamp_relative(since1, sizeof(since1), i->assert_timestamp);
-                s2 = format_timestamp(since2, sizeof(since2), i->assert_timestamp);
-
-                printf("   Assert: start %sassertion failed%s at %s%s%s\n",
-                       ansi_highlight_red(), ansi_normal(),
-                       s2, s1 ? "; " : "", strempty(s1));
-                if (i->failed_assert_trigger)
-                        printf("           none of the trigger assertions were met\n");
-                else if (i->failed_assert)
-                        printf("           %s=%s%s was not met\n",
-                               i->failed_assert,
-                               i->failed_assert_negate ? "!" : "",
-                               i->failed_assert_parameter);
-        }
-
-        if (i->sysfs_path)
-                printf("   Device: %s\n", i->sysfs_path);
-        if (i->where)
-                printf("    Where: %s\n", i->where);
-        if (i->what)
-                printf("     What: %s\n", i->what);
-
-        STRV_FOREACH(t, i->documentation)
-                printf(" %*s %s\n", 9, t == i->documentation ? "Docs:" : "", *t);
-
-        STRV_FOREACH_PAIR(t, t2, i->listen)
-                printf(" %*s %s (%s)\n", 9, t == i->listen ? "Listen:" : "", *t2, *t);
-
-        if (i->accept)
-                printf(" Accepted: %u; Connected: %u\n", i->n_accepted, i->n_connections);
-
-        LIST_FOREACH(exec, p, i->exec) {
-                _cleanup_free_ char *argv = NULL;
-                bool good;
-
-                /* Only show exited processes here */
-                if (p->code == 0)
-                        continue;
-
-                argv = strv_join(p->argv, " ");
-                printf("  Process: "PID_FMT" %s=%s ", p->pid, p->name, strna(argv));
-
-                good = is_clean_exit_lsb(p->code, p->status, NULL);
-                if (!good) {
-                        on = ansi_highlight_red();
-                        off = ansi_normal();
-                } else
-                        on = off = "";
-
-                printf("%s(code=%s, ", on, sigchld_code_to_string(p->code));
-
-                if (p->code == CLD_EXITED) {
-                        const char *c;
-
-                        printf("status=%i", p->status);
-
-                        c = exit_status_to_string(p->status, EXIT_STATUS_SYSTEMD);
-                        if (c)
-                                printf("/%s", c);
-
-                } else
-                        printf("signal=%s", signal_to_string(p->status));
-
-                printf(")%s\n", off);
-
-                if (i->main_pid == p->pid &&
-                    i->start_timestamp == p->start_timestamp &&
-                    i->exit_timestamp == p->start_timestamp)
-                        /* Let's not show this twice */
-                        i->main_pid = 0;
-
-                if (p->pid == i->control_pid)
-                        i->control_pid = 0;
-        }
-
-        if (i->main_pid > 0 || i->control_pid > 0) {
-                if (i->main_pid > 0) {
-                        printf(" Main PID: "PID_FMT, i->main_pid);
-
-                        if (i->running) {
-                                _cleanup_free_ char *comm = NULL;
-                                get_process_comm(i->main_pid, &comm);
-                                if (comm)
-                                        printf(" (%s)", comm);
-                        } else if (i->exit_code > 0) {
-                                printf(" (code=%s, ", sigchld_code_to_string(i->exit_code));
-
-                                if (i->exit_code == CLD_EXITED) {
-                                        const char *c;
-
-                                        printf("status=%i", i->exit_status);
-
-                                        c = exit_status_to_string(i->exit_status, EXIT_STATUS_SYSTEMD);
-                                        if (c)
-                                                printf("/%s", c);
-
-                                } else
-                                        printf("signal=%s", signal_to_string(i->exit_status));
-                                printf(")");
-                        }
-
-                        if (i->control_pid > 0)
-                                printf(";");
-                }
-
-                if (i->control_pid > 0) {
-                        _cleanup_free_ char *c = NULL;
-
-                        printf(" %8s: "PID_FMT, i->main_pid ? "" : " Control", i->control_pid);
-
-                        get_process_comm(i->control_pid, &c);
-                        if (c)
-                                printf(" (%s)", c);
-                }
-
-                printf("\n");
-        }
-
-        if (i->status_text)
-                printf("   Status: \"%s\"\n", i->status_text);
-        if (i->status_errno > 0)
-                printf("    Error: %i (%s)\n", i->status_errno, strerror(i->status_errno));
-
-        if (i->tasks_current != (uint64_t) -1) {
-                printf("    Tasks: %" PRIu64, i->tasks_current);
-
-                if (i->tasks_max != (uint64_t) -1)
-                        printf(" (limit: %" PRIi64 ")\n", i->tasks_max);
-                else
-                        printf("\n");
-        }
-
-        if (i->memory_current != (uint64_t) -1) {
-                char buf[FORMAT_BYTES_MAX];
-
-                printf("   Memory: %s", format_bytes(buf, sizeof(buf), i->memory_current));
-
-                if (i->memory_limit != (uint64_t) -1)
-                        printf(" (limit: %s)\n", format_bytes(buf, sizeof(buf), i->memory_limit));
-                else
-                        printf("\n");
-        }
-
-        if (i->cpu_usage_nsec != (uint64_t) -1) {
-                char buf[FORMAT_TIMESPAN_MAX];
-                printf("      CPU: %s\n", format_timespan(buf, sizeof(buf), i->cpu_usage_nsec / NSEC_PER_USEC, USEC_PER_MSEC));
-        }
-
-        if (i->control_group)
-                printf("   CGroup: %s\n", i->control_group);
-
-        {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                static const char prefix[] = "           ";
-                unsigned c;
-
-                c = columns();
-                if (c > sizeof(prefix) - 1)
-                        c -= sizeof(prefix) - 1;
-                else
-                        c = 0;
-
-                r = unit_show_processes(bus, i->id, i->control_group, prefix, c, get_output_flags(), &error);
-                if (r == -EBADR) {
-                        unsigned k = 0;
-                        pid_t extra[2];
-
-                        /* Fallback for older systemd versions where the GetUnitProcesses() call is not yet available */
-
-                        if (i->main_pid > 0)
-                                extra[k++] = i->main_pid;
-
-                        if (i->control_pid > 0)
-                                extra[k++] = i->control_pid;
-
-                        show_cgroup_and_extra(SYSTEMD_CGROUP_CONTROLLER, i->control_group, prefix, c, extra, k, get_output_flags());
-                } else if (r < 0)
-                        log_warning_errno(r, "Failed to dump process list, ignoring: %s", bus_error_message(&error, r));
-        }
-
-        if (i->id && arg_transport == BUS_TRANSPORT_LOCAL)
-                show_journal_by_unit(
-                                stdout,
-                                i->id,
-                                arg_output,
-                                0,
-                                i->inactive_exit_timestamp_monotonic,
-                                arg_lines,
-                                getuid(),
-                                get_output_flags() | OUTPUT_BEGIN_NEWLINE,
-                                SD_JOURNAL_LOCAL_ONLY,
-                                arg_scope == UNIT_FILE_SYSTEM,
-                                ellipsized);
-
-        if (i->need_daemon_reload)
-                warn_unit_file_changed(i->id);
-}
-
-static void show_unit_help(UnitStatusInfo *i) {
-        char **p;
-
-        assert(i);
-
-        if (!i->documentation) {
-                log_info("Documentation for %s not known.", i->id);
-                return;
-        }
-
-        STRV_FOREACH(p, i->documentation)
-                if (startswith(*p, "man:"))
-                        show_man_page(*p + 4, false);
-                else
-                        log_info("Can't show: %s", *p);
-}
-
-static int status_property(const char *name, sd_bus_message *m, UnitStatusInfo *i, const char *contents) {
-        int r;
-
-        assert(name);
-        assert(m);
-        assert(i);
-
-        switch (contents[0]) {
-
-        case SD_BUS_TYPE_STRING: {
-                const char *s;
-
-                r = sd_bus_message_read(m, "s", &s);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (!isempty(s)) {
-                        if (streq(name, "Id"))
-                                i->id = s;
-                        else if (streq(name, "LoadState"))
-                                i->load_state = s;
-                        else if (streq(name, "ActiveState"))
-                                i->active_state = s;
-                        else if (streq(name, "SubState"))
-                                i->sub_state = s;
-                        else if (streq(name, "Description"))
-                                i->description = s;
-                        else if (streq(name, "FragmentPath"))
-                                i->fragment_path = s;
-                        else if (streq(name, "SourcePath"))
-                                i->source_path = s;
-#ifndef NOLEGACY
-                        else if (streq(name, "DefaultControlGroup")) {
-                                const char *e;
-                                e = startswith(s, SYSTEMD_CGROUP_CONTROLLER ":");
-                                if (e)
-                                        i->control_group = e;
-                        }
-#endif
-                        else if (streq(name, "ControlGroup"))
-                                i->control_group = s;
-                        else if (streq(name, "StatusText"))
-                                i->status_text = s;
-                        else if (streq(name, "PIDFile"))
-                                i->pid_file = s;
-                        else if (streq(name, "SysFSPath"))
-                                i->sysfs_path = s;
-                        else if (streq(name, "Where"))
-                                i->where = s;
-                        else if (streq(name, "What"))
-                                i->what = s;
-                        else if (streq(name, "Following"))
-                                i->following = s;
-                        else if (streq(name, "UnitFileState"))
-                                i->unit_file_state = s;
-                        else if (streq(name, "UnitFilePreset"))
-                                i->unit_file_preset = s;
-                        else if (streq(name, "Result"))
-                                i->result = s;
-                }
-
-                break;
-        }
-
-        case SD_BUS_TYPE_BOOLEAN: {
-                int b;
-
-                r = sd_bus_message_read(m, "b", &b);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (streq(name, "Accept"))
-                        i->accept = b;
-                else if (streq(name, "NeedDaemonReload"))
-                        i->need_daemon_reload = b;
-                else if (streq(name, "ConditionResult"))
-                        i->condition_result = b;
-                else if (streq(name, "AssertResult"))
-                        i->assert_result = b;
-                else if (streq(name, "Transient"))
-                        i->transient = b;
-
-                break;
-        }
-
-        case SD_BUS_TYPE_UINT32: {
-                uint32_t u;
-
-                r = sd_bus_message_read(m, "u", &u);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (streq(name, "MainPID")) {
-                        if (u > 0) {
-                                i->main_pid = (pid_t) u;
-                                i->running = true;
-                        }
-                } else if (streq(name, "ControlPID"))
-                        i->control_pid = (pid_t) u;
-                else if (streq(name, "ExecMainPID")) {
-                        if (u > 0)
-                                i->main_pid = (pid_t) u;
-                } else if (streq(name, "NAccepted"))
-                        i->n_accepted = u;
-                else if (streq(name, "NConnections"))
-                        i->n_connections = u;
-
-                break;
-        }
-
-        case SD_BUS_TYPE_INT32: {
-                int32_t j;
-
-                r = sd_bus_message_read(m, "i", &j);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (streq(name, "ExecMainCode"))
-                        i->exit_code = (int) j;
-                else if (streq(name, "ExecMainStatus"))
-                        i->exit_status = (int) j;
-                else if (streq(name, "StatusErrno"))
-                        i->status_errno = (int) j;
-
-                break;
-        }
-
-        case SD_BUS_TYPE_UINT64: {
-                uint64_t u;
-
-                r = sd_bus_message_read(m, "t", &u);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (streq(name, "ExecMainStartTimestamp"))
-                        i->start_timestamp = (usec_t) u;
-                else if (streq(name, "ExecMainExitTimestamp"))
-                        i->exit_timestamp = (usec_t) u;
-                else if (streq(name, "ActiveEnterTimestamp"))
-                        i->active_enter_timestamp = (usec_t) u;
-                else if (streq(name, "InactiveEnterTimestamp"))
-                        i->inactive_enter_timestamp = (usec_t) u;
-                else if (streq(name, "InactiveExitTimestamp"))
-                        i->inactive_exit_timestamp = (usec_t) u;
-                else if (streq(name, "InactiveExitTimestampMonotonic"))
-                        i->inactive_exit_timestamp_monotonic = (usec_t) u;
-                else if (streq(name, "ActiveExitTimestamp"))
-                        i->active_exit_timestamp = (usec_t) u;
-                else if (streq(name, "ConditionTimestamp"))
-                        i->condition_timestamp = (usec_t) u;
-                else if (streq(name, "AssertTimestamp"))
-                        i->assert_timestamp = (usec_t) u;
-                else if (streq(name, "MemoryCurrent"))
-                        i->memory_current = u;
-                else if (streq(name, "MemoryLimit"))
-                        i->memory_limit = u;
-                else if (streq(name, "TasksCurrent"))
-                        i->tasks_current = u;
-                else if (streq(name, "TasksMax"))
-                        i->tasks_max = u;
-                else if (streq(name, "CPUUsageNSec"))
-                        i->cpu_usage_nsec = u;
-
-                break;
-        }
-
-        case SD_BUS_TYPE_ARRAY:
-
-                if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && startswith(name, "Exec")) {
-                        _cleanup_free_ ExecStatusInfo *info = NULL;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sasbttttuii)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        info = new0(ExecStatusInfo, 1);
-                        if (!info)
-                                return log_oom();
-
-                        while ((r = exec_status_info_deserialize(m, info)) > 0) {
-
-                                info->name = strdup(name);
-                                if (!info->name)
-                                        return log_oom();
-
-                                LIST_PREPEND(exec, i->exec, info);
-
-                                info = new0(ExecStatusInfo, 1);
-                                if (!info)
-                                        return log_oom();
-                        }
-
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Listen")) {
-                        const char *type, *path;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(ss)", &type, &path)) > 0) {
-
-                                r = strv_extend(&i->listen, type);
-                                if (r < 0)
-                                        return r;
-
-                                r = strv_extend(&i->listen, path);
-                                if (r < 0)
-                                        return r;
-                        }
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "DropInPaths")) {
-
-                        r = sd_bus_message_read_strv(m, &i->dropin_paths);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "Documentation")) {
-
-                        r = sd_bus_message_read_strv(m, &i->documentation);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Conditions")) {
-                        const char *cond, *param;
-                        int trigger, negate;
-                        int32_t state;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sbbsi)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(sbbsi)", &cond, &trigger, &negate, &param, &state)) > 0) {
-                                log_debug("%s %d %d %s %d", cond, trigger, negate, param, state);
-                                if (state < 0 && (!trigger || !i->failed_condition)) {
-                                        i->failed_condition = cond;
-                                        i->failed_condition_trigger = trigger;
-                                        i->failed_condition_negate = negate;
-                                        i->failed_condition_parameter = param;
-                                }
-                        }
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Asserts")) {
-                        const char *cond, *param;
-                        int trigger, negate;
-                        int32_t state;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sbbsi)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(sbbsi)", &cond, &trigger, &negate, &param, &state)) > 0) {
-                                log_debug("%s %d %d %s %d", cond, trigger, negate, param, state);
-                                if (state < 0 && (!trigger || !i->failed_assert)) {
-                                        i->failed_assert = cond;
-                                        i->failed_assert_trigger = trigger;
-                                        i->failed_assert_negate = negate;
-                                        i->failed_assert_parameter = param;
-                                }
-                        }
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                } else
-                        goto skip;
-
-                break;
-
-        case SD_BUS_TYPE_STRUCT_BEGIN:
-
-                if (streq(name, "LoadError")) {
-                        const char *n, *message;
-
-                        r = sd_bus_message_read(m, "(ss)", &n, &message);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (!isempty(message))
-                                i->load_error = message;
-                } else
-                        goto skip;
-
-                break;
-
-        default:
-                goto skip;
-        }
-
-        return 0;
-
-skip:
-        r = sd_bus_message_skip(m, contents);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return 0;
-}
-
-#define print_prop(name, fmt, ...)                                      \
-        do {                                                            \
-                if (arg_value)                                          \
-                        printf(fmt "\n", __VA_ARGS__);                  \
-                else                                                    \
-                        printf("%s=" fmt "\n", name, __VA_ARGS__);      \
-        } while(0)
-
-static int print_property(const char *name, sd_bus_message *m, const char *contents) {
-        int r;
-
-        assert(name);
-        assert(m);
-
-        /* This is a low-level property printer, see
-         * print_status_info() for the nicer output */
-
-        if (arg_properties && !strv_find(arg_properties, name)) {
-                /* skip what we didn't read */
-                r = sd_bus_message_skip(m, contents);
-                return r;
-        }
-
-        switch (contents[0]) {
-
-        case SD_BUS_TYPE_STRUCT_BEGIN:
-
-                if (contents[1] == SD_BUS_TYPE_UINT32 && streq(name, "Job")) {
-                        uint32_t u;
-
-                        r = sd_bus_message_read(m, "(uo)", &u, NULL);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (u > 0)
-                                print_prop(name, "%"PRIu32, u);
-                        else if (arg_all)
-                                print_prop(name, "%s", "");
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "Unit")) {
-                        const char *s;
-
-                        r = sd_bus_message_read(m, "(so)", &s, NULL);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (arg_all || !isempty(s))
-                                print_prop(name, "%s", s);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRING && streq(name, "LoadError")) {
-                        const char *a = NULL, *b = NULL;
-
-                        r = sd_bus_message_read(m, "(ss)", &a, &b);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (arg_all || !isempty(a) || !isempty(b))
-                                print_prop(name, "%s \"%s\"", strempty(a), strempty(b));
-
-                        return 0;
-                } else if (streq_ptr(name, "SystemCallFilter")) {
-                        _cleanup_strv_free_ char **l = NULL;
-                        int whitelist;
-
-                        r = sd_bus_message_enter_container(m, 'r', "bas");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_read(m, "b", &whitelist);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_read_strv(m, &l);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (arg_all || whitelist || !strv_isempty(l)) {
-                                bool first = true;
-                                char **i;
-
-                                if (!arg_value) {
-                                        fputs(name, stdout);
-                                        fputc('=', stdout);
-                                }
-
-                                if (!whitelist)
-                                        fputc('~', stdout);
-
-                                STRV_FOREACH(i, l) {
-                                        if (first)
-                                                first = false;
-                                        else
-                                                fputc(' ', stdout);
-
-                                        fputs(*i, stdout);
-                                }
-                                fputc('\n', stdout);
-                        }
-
-                        return 0;
-                }
-
-                break;
-
-        case SD_BUS_TYPE_ARRAY:
-
-                if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "EnvironmentFiles")) {
-                        const char *path;
-                        int ignore;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sb)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(sb)", &path, &ignore)) > 0)
-                                print_prop("EnvironmentFile", "%s (ignore_errors=%s)\n", path, yes_no(ignore));
-
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Paths")) {
-                        const char *type, *path;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(ss)", &type, &path)) > 0)
-                                print_prop(type, "%s", path);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Listen")) {
-                        const char *type, *path;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(ss)", &type, &path)) > 0)
-                                if (arg_value)
-                                        puts(path);
-                                else
-                                        printf("Listen%s=%s\n", type, path);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "Timers")) {
-                        const char *base;
-                        uint64_t value, next_elapse;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(stt)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(stt)", &base, &value, &next_elapse)) > 0) {
-                                char timespan1[FORMAT_TIMESPAN_MAX], timespan2[FORMAT_TIMESPAN_MAX];
-
-                                print_prop(base, "{ value=%s ; next_elapse=%s }",
-                                           format_timespan(timespan1, sizeof(timespan1), value, 0),
-                                           format_timespan(timespan2, sizeof(timespan2), next_elapse, 0));
-                        }
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && startswith(name, "Exec")) {
-                        ExecStatusInfo info = {};
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sasbttttuii)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = exec_status_info_deserialize(m, &info)) > 0) {
-                                char timestamp1[FORMAT_TIMESTAMP_MAX], timestamp2[FORMAT_TIMESTAMP_MAX];
-                                _cleanup_free_ char *tt;
-
-                                tt = strv_join(info.argv, " ");
-
-                                print_prop(name,
-                                           "{ path=%s ; argv[]=%s ; ignore_errors=%s ; start_time=[%s] ; stop_time=[%s] ; pid="PID_FMT" ; code=%s ; status=%i%s%s }",
-                                           strna(info.path),
-                                           strna(tt),
-                                           yes_no(info.ignore),
-                                           strna(format_timestamp(timestamp1, sizeof(timestamp1), info.start_timestamp)),
-                                           strna(format_timestamp(timestamp2, sizeof(timestamp2), info.exit_timestamp)),
-                                           info.pid,
-                                           sigchld_code_to_string(info.code),
-                                           info.status,
-                                           info.code == CLD_EXITED ? "" : "/",
-                                           strempty(info.code == CLD_EXITED ? NULL : signal_to_string(info.status)));
-
-                                free(info.path);
-                                strv_free(info.argv);
-                                zero(info);
-                        }
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && streq(name, "DeviceAllow")) {
-                        const char *path, *rwm;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(ss)", &path, &rwm)) > 0)
-                                print_prop(name, "%s %s", strna(path), strna(rwm));
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && (streq(name, "IODeviceWeight") || streq(name, "BlockIODeviceWeight"))) {
-                        const char *path;
-                        uint64_t weight;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(st)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(st)", &path, &weight)) > 0)
-                                print_prop(name, "%s %"PRIu64, strna(path), weight);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-
-                } else if (contents[1] == SD_BUS_TYPE_STRUCT_BEGIN && (cgroup_io_limit_type_from_string(name) >= 0 ||
-                                                                       streq(name, "BlockIOReadBandwidth") || streq(name, "BlockIOWriteBandwidth"))) {
-                        const char *path;
-                        uint64_t bandwidth;
-
-                        r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(st)");
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        while ((r = sd_bus_message_read(m, "(st)", &path, &bandwidth)) > 0)
-                                print_prop(name, "%s %"PRIu64, strna(path), bandwidth);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        r = sd_bus_message_exit_container(m);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        return 0;
-                }
-
-                break;
-        }
-
-        r = bus_print_property(name, m, arg_value, arg_all);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (r == 0) {
-                r = sd_bus_message_skip(m, contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (arg_all)
-                        printf("%s=[unprintable]\n", name);
-        }
-
-        return 0;
-}
-
-static int show_one(
-                const char *verb,
-                sd_bus *bus,
-                const char *path,
-                bool show_properties,
-                bool *new_line,
-                bool *ellipsized) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        UnitStatusInfo info = {
-                .memory_current = (uint64_t) -1,
-                .memory_limit = (uint64_t) -1,
-                .cpu_usage_nsec = (uint64_t) -1,
-                .tasks_current = (uint64_t) -1,
-                .tasks_max = (uint64_t) -1,
-        };
-        ExecStatusInfo *p;
-        int r;
-
-        assert(path);
-        assert(new_line);
-
-        log_debug("Showing one %s", path);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        path,
-                        "org.freedesktop.DBus.Properties",
-                        "GetAll",
-                        &error,
-                        &reply,
-                        "s", "");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get properties: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "{sv}");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        if (*new_line)
-                printf("\n");
-
-        *new_line = true;
-
-        while ((r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_DICT_ENTRY, "sv")) > 0) {
-                const char *name, *contents;
-
-                r = sd_bus_message_read(reply, "s", &name);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_peek_type(reply, NULL, &contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_VARIANT, contents);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                if (show_properties)
-                        r = print_property(name, reply, contents);
-                else
-                        r = status_property(name, reply, &info, contents);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-
-                r = sd_bus_message_exit_container(reply);
-                if (r < 0)
-                        return bus_log_parse_error(r);
-        }
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = 0;
-
-        if (!show_properties) {
-                if (streq(verb, "help"))
-                        show_unit_help(&info);
-                else
-                        print_status_info(bus, &info, ellipsized);
-        }
-
-        strv_free(info.documentation);
-        strv_free(info.dropin_paths);
-        strv_free(info.listen);
-
-        if (!streq_ptr(info.active_state, "active") &&
-            !streq_ptr(info.active_state, "reloading") &&
-            streq(verb, "status")) {
-                /* According to LSB: "program not running" */
-                /* 0: program is running or service is OK
-                 * 1: program is dead and /run PID file exists
-                 * 2: program is dead and /run/lock lock file exists
-                 * 3: program is not running
-                 * 4: program or service status is unknown
-                 */
-                if (info.pid_file && access(info.pid_file, F_OK) == 0)
-                        r = 1;
-                else
-                        r = 3;
-        }
-
-        while ((p = info.exec)) {
-                LIST_REMOVE(exec, info.exec, p);
-                exec_status_info_free(p);
-        }
-
-        return r;
-}
-
-static int get_unit_dbus_path_by_pid(
-                sd_bus *bus,
-                uint32_t pid,
-                char **unit) {
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        char *u;
-        int r;
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "GetUnitByPID",
-                        &error,
-                        &reply,
-                        "u", pid);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get unit for PID %"PRIu32": %s", pid, bus_error_message(&error, r));
-
-        r = sd_bus_message_read(reply, "o", &u);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        u = strdup(u);
-        if (!u)
-                return log_oom();
-
-        *unit = u;
-        return 0;
-}
-
-static int show_all(
-                const char* verb,
-                sd_bus *bus,
-                bool show_properties,
-                bool *new_line,
-                bool *ellipsized) {
-
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        _cleanup_free_ UnitInfo *unit_infos = NULL;
-        const UnitInfo *u;
-        unsigned c;
-        int r, ret = 0;
-
-        r = get_unit_list(bus, NULL, NULL, &unit_infos, 0, &reply);
-        if (r < 0)
-                return r;
-
-        pager_open(arg_no_pager, false);
-
-        c = (unsigned) r;
-
-        qsort_safe(unit_infos, c, sizeof(UnitInfo), compare_unit_info);
-
-        for (u = unit_infos; u < unit_infos + c; u++) {
-                _cleanup_free_ char *p = NULL;
-
-                p = unit_dbus_path_from_name(u->id);
-                if (!p)
-                        return log_oom();
-
-                r = show_one(verb, bus, p, show_properties, new_line, ellipsized);
-                if (r < 0)
-                        return r;
-                else if (r > 0 && ret == 0)
-                        ret = r;
-        }
-
-        return ret;
-}
-
-static int show_system_status(sd_bus *bus) {
-        char since1[FORMAT_TIMESTAMP_RELATIVE_MAX], since2[FORMAT_TIMESTAMP_MAX];
-        _cleanup_free_ char *hn = NULL;
-        _cleanup_(machine_info_clear) struct machine_info mi = {};
-        const char *on, *off;
-        int r;
-
-        hn = gethostname_malloc();
-        if (!hn)
-                return log_oom();
-
-        r = bus_map_all_properties(bus, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", machine_info_property_map, &mi);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read server status: %m");
-
-        if (streq_ptr(mi.state, "degraded")) {
-                on = ansi_highlight_red();
-                off = ansi_normal();
-        } else if (!streq_ptr(mi.state, "running")) {
-                on = ansi_highlight_yellow();
-                off = ansi_normal();
-        } else
-                on = off = "";
-
-        printf("%s%s%s %s\n", on, special_glyph(BLACK_CIRCLE), off, arg_host ? arg_host : hn);
-
-        printf("    State: %s%s%s\n",
-               on, strna(mi.state), off);
-
-        printf("     Jobs: %" PRIu32 " queued\n", mi.n_jobs);
-        printf("   Failed: %" PRIu32 " units\n", mi.n_failed_units);
-
-        printf("    Since: %s; %s\n",
-               format_timestamp(since2, sizeof(since2), mi.timestamp),
-               format_timestamp_relative(since1, sizeof(since1), mi.timestamp));
-
-        printf("   CGroup: %s\n", mi.control_group ?: "/");
-        if (IN_SET(arg_transport,
-                   BUS_TRANSPORT_LOCAL,
-                   BUS_TRANSPORT_MACHINE)) {
-                static const char prefix[] = "           ";
-                unsigned c;
-
-                c = columns();
-                if (c > sizeof(prefix) - 1)
-                        c -= sizeof(prefix) - 1;
-                else
-                        c = 0;
-
-                show_cgroup(SYSTEMD_CGROUP_CONTROLLER, strempty(mi.control_group), prefix, c, get_output_flags());
-        }
-
-        return 0;
-}
-
-static int show(int argc, char *argv[], void *userdata) {
-        bool show_properties, show_status, show_help, new_line = false;
-        bool ellipsized = false;
-        int r, ret = 0;
-        sd_bus *bus;
-
-        assert(argv);
-
-        show_properties = streq(argv[0], "show");
-        show_status = streq(argv[0], "status");
-        show_help = streq(argv[0], "help");
-
-        if (show_help && argc <= 1) {
-                log_error("This command expects one or more unit names. Did you mean --help?");
-                return -EINVAL;
-        }
-
-        pager_open(arg_no_pager, false);
-
-        if (show_status)
-                /* Increase max number of open files to 16K if we can, we
-                 * might needs this when browsing journal files, which might
-                 * be split up into many files. */
-                setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        /* If no argument is specified inspect the manager itself */
-        if (show_properties && argc <= 1)
-                return show_one(argv[0], bus, "/org/freedesktop/systemd1", show_properties, &new_line, &ellipsized);
-
-        if (show_status && argc <= 1) {
-
-                pager_open(arg_no_pager, false);
-                show_system_status(bus);
-                new_line = true;
-
-                if (arg_all)
-                        ret = show_all(argv[0], bus, false, &new_line, &ellipsized);
-        } else {
-                _cleanup_free_ char **patterns = NULL;
-                char **name;
-
-                STRV_FOREACH(name, strv_skip(argv, 1)) {
-                        _cleanup_free_ char *unit = NULL;
-                        uint32_t id;
-
-                        if (safe_atou32(*name, &id) < 0) {
-                                if (strv_push(&patterns, *name) < 0)
-                                        return log_oom();
-
-                                continue;
-                        } else if (show_properties) {
-                                /* Interpret as job id */
-                                if (asprintf(&unit, "/org/freedesktop/systemd1/job/%u", id) < 0)
-                                        return log_oom();
-
-                        } else {
-                                /* Interpret as PID */
-                                r = get_unit_dbus_path_by_pid(bus, id, &unit);
-                                if (r < 0) {
-                                        ret = r;
-                                        continue;
-                                }
-                        }
-
-                        r = show_one(argv[0], bus, unit, show_properties, &new_line, &ellipsized);
-                        if (r < 0)
-                                return r;
-                        else if (r > 0 && ret == 0)
-                                ret = r;
-                }
-
-                if (!strv_isempty(patterns)) {
-                        _cleanup_strv_free_ char **names = NULL;
-
-                        r = expand_names(bus, patterns, NULL, &names);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to expand names: %m");
-
-                        STRV_FOREACH(name, names) {
-                                _cleanup_free_ char *unit;
-
-                                unit = unit_dbus_path_from_name(*name);
-                                if (!unit)
-                                        return log_oom();
-
-                                r = show_one(argv[0], bus, unit, show_properties, &new_line, &ellipsized);
-                                if (r < 0)
-                                        return r;
-                                else if (r > 0 && ret == 0)
-                                        ret = r;
-                        }
-                }
-        }
-
-        if (ellipsized && !arg_quiet)
-                printf("Hint: Some lines were ellipsized, use -l to show in full.\n");
-
-        return ret;
-}
-
-static int cat_file(const char *filename, bool newline) {
-        _cleanup_close_ int fd;
-
-        fd = open(filename, O_RDONLY|O_CLOEXEC|O_NOCTTY);
-        if (fd < 0)
-                return -errno;
-
-        printf("%s%s# %s%s\n",
-               newline ? "\n" : "",
-               ansi_highlight_blue(),
-               filename,
-               ansi_normal());
-        fflush(stdout);
-
-        return copy_bytes(fd, STDOUT_FILENO, (uint64_t) -1, false);
-}
-
-static int cat(int argc, char *argv[], void *userdata) {
-        _cleanup_lookup_paths_free_ LookupPaths lp = {};
-        _cleanup_strv_free_ char **names = NULL;
-        char **name;
-        sd_bus *bus;
-        bool first = true;
-        int r;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL) {
-                log_error("Cannot remotely cat units.");
-                return -EINVAL;
-        }
-
-        r = lookup_paths_init(&lp, arg_scope, 0, arg_root);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine unit paths: %m");
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
-        if (r < 0)
-                return log_error_errno(r, "Failed to expand names: %m");
-
-        pager_open(arg_no_pager, false);
-
-        STRV_FOREACH(name, names) {
-                _cleanup_free_ char *fragment_path = NULL;
-                _cleanup_strv_free_ char **dropin_paths = NULL;
-                char **path;
-
-                r = unit_find_paths(bus, *name, &lp, &fragment_path, &dropin_paths);
-                if (r < 0)
-                        return r;
-                else if (r == 0)
-                        return -ENOENT;
-
-                if (first)
-                        first = false;
-                else
-                        puts("");
-
-                if (fragment_path) {
-                        r = cat_file(fragment_path, false);
-                        if (r < 0)
-                                return log_warning_errno(r, "Failed to cat %s: %m", fragment_path);
-                }
-
-                STRV_FOREACH(path, dropin_paths) {
-                        r = cat_file(*path, path == dropin_paths);
-                        if (r < 0)
-                                return log_warning_errno(r, "Failed to cat %s: %m", *path);
-                }
-        }
-
-        return 0;
-}
-
-static int set_property(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_free_ char *n = NULL;
-        sd_bus *bus;
-        char **i;
-        int r;
-
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "SetUnitProperties");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = unit_name_mangle(argv[1], UNIT_NAME_NOGLOB, &n);
-        if (r < 0)
-                return log_error_errno(r, "Failed to mangle unit name: %m");
-
-        r = sd_bus_message_append(m, "sb", n, arg_runtime);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, "(sv)");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        STRV_FOREACH(i, strv_skip(argv, 2)) {
-                r = bus_append_unit_property_assignment(m, *i);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sd_bus_message_close_container(m);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, m, 0, &error, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to set unit properties on %s: %s", n, bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int daemon_reload(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        const char *method;
-        sd_bus *bus;
-        int r;
-
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        if (arg_action == ACTION_RELOAD)
-                method = "Reload";
-        else if (arg_action == ACTION_REEXEC)
-                method = "Reexecute";
-        else {
-                assert(arg_action == ACTION_SYSTEMCTL);
-
-                method =
-                        streq(argv[0], "clear-jobs")    ||
-                        streq(argv[0], "cancel")        ? "ClearJobs" :
-                        streq(argv[0], "daemon-reexec") ? "Reexecute" :
-                        streq(argv[0], "reset-failed")  ? "ResetFailed" :
-                        streq(argv[0], "halt")          ? "Halt" :
-                        streq(argv[0], "poweroff")      ? "PowerOff" :
-                        streq(argv[0], "reboot")        ? "Reboot" :
-                        streq(argv[0], "kexec")         ? "KExec" :
-                        streq(argv[0], "exit")          ? "Exit" :
-                                    /* "daemon-reload" */ "Reload";
-        }
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        method,
-                        &error,
-                        NULL,
-                        NULL);
-        if (r == -ENOENT && arg_action != ACTION_SYSTEMCTL)
-                /* There's always a fallback possible for
-                 * legacy actions. */
-                r = -EADDRNOTAVAIL;
-        else if ((r == -ETIMEDOUT || r == -ECONNRESET) && streq(method, "Reexecute"))
-                /* On reexecution, we expect a disconnect, not a
-                 * reply */
-                r = 0;
-        else if (r < 0)
-                return log_error_errno(r, "Failed to reload daemon: %s", bus_error_message(&error, r));
-
-        return r < 0 ? r : 0;
-}
-
-static int reset_failed(int argc, char *argv[], void *userdata) {
-        _cleanup_strv_free_ char **names = NULL;
-        sd_bus *bus;
-        char **name;
-        int r, q;
-
-        if (argc <= 1)
-                return daemon_reload(argc, argv, userdata);
-
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
-        if (r < 0)
-                return log_error_errno(r, "Failed to expand names: %m");
-
-        STRV_FOREACH(name, names) {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-
-                q = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "ResetFailedUnit",
-                                &error,
-                                NULL,
-                                "s", *name);
-                if (q < 0) {
-                        log_error_errno(q, "Failed to reset failed state of unit %s: %s", *name, bus_error_message(&error, q));
-                        if (r == 0)
-                                r = q;
-                }
-        }
-
-        return r;
-}
-
-static int show_environment(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *text;
-        sd_bus *bus;
-        int r;
-
-        pager_open(arg_no_pager, false);
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_get_property(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "Environment",
-                        &error,
-                        &reply,
-                        "as");
-        if (r < 0)
-                return log_error_errno(r, "Failed to get environment: %s", bus_error_message(&error, r));
-
-        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "s");
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        while ((r = sd_bus_message_read_basic(reply, SD_BUS_TYPE_STRING, &text)) > 0)
-                puts(text);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        r = sd_bus_message_exit_container(reply);
-        if (r < 0)
-                return bus_log_parse_error(r);
-
-        return 0;
-}
-
-static int switch_root(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_free_ char *cmdline_init = NULL;
-        const char *root, *init;
-        sd_bus *bus;
-        int r;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL) {
-                log_error("Cannot switch root remotely.");
-                return -EINVAL;
-        }
-
-        if (argc < 2 || argc > 3) {
-                log_error("Wrong number of arguments.");
-                return -EINVAL;
-        }
-
-        root = argv[1];
-
-        if (argc >= 3)
-                init = argv[2];
-        else {
-                r = parse_env_file("/proc/cmdline", WHITESPACE,
-                                   "init", &cmdline_init,
-                                   NULL);
-                if (r < 0)
-                        log_debug_errno(r, "Failed to parse /proc/cmdline: %m");
-
-                init = cmdline_init;
-        }
-
-        if (isempty(init))
-                init = NULL;
-
-        if (init) {
-                const char *root_systemd_path = NULL, *root_init_path = NULL;
-
-                root_systemd_path = strjoina(root, "/" SYSTEMD_BINARY_PATH);
-                root_init_path = strjoina(root, "/", init);
-
-                /* If the passed init is actually the same as the
-                 * systemd binary, then let's suppress it. */
-                if (files_same(root_init_path, root_systemd_path) > 0)
-                        init = NULL;
-        }
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        log_debug("Switching root - root: %s; init: %s", root, strna(init));
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "SwitchRoot",
-                        &error,
-                        NULL,
-                        "ss", root, init);
-        if (r < 0)
-                return log_error_errno(r, "Failed to switch root: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int set_environment(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        const char *method;
-        sd_bus *bus;
-        int r;
-
-        assert(argc > 1);
-        assert(argv);
-
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        method = streq(argv[0], "set-environment")
-                ? "SetEnvironment"
-                : "UnsetEnvironment";
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        method);
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_message_append_strv(m, strv_skip(argv, 1));
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, m, 0, &error, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to set environment: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int import_environment(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
-        sd_bus *bus;
-        int r;
-
-        polkit_agent_open_if_enabled();
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_new_method_call(
-                        bus,
-                        &m,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "SetEnvironment");
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        if (argc < 2)
-                r = sd_bus_message_append_strv(m, environ);
-        else {
-                char **a, **b;
-
-                r = sd_bus_message_open_container(m, 'a', "s");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                STRV_FOREACH(a, strv_skip(argv, 1)) {
-
-                        if (!env_name_is_valid(*a)) {
-                                log_error("Not a valid environment variable name: %s", *a);
-                                return -EINVAL;
-                        }
-
-                        STRV_FOREACH(b, environ) {
-                                const char *eq;
-
-                                eq = startswith(*b, *a);
-                                if (eq && *eq == '=') {
-
-                                        r = sd_bus_message_append(m, "s", *b);
-                                        if (r < 0)
-                                                return bus_log_create_error(r);
-
-                                        break;
-                                }
-                        }
-                }
-
-                r = sd_bus_message_close_container(m);
-        }
-        if (r < 0)
-                return bus_log_create_error(r);
-
-        r = sd_bus_call(bus, m, 0, &error, NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to import environment: %s", bus_error_message(&error, r));
-
-        return 0;
-}
-
-static int enable_sysv_units(const char *verb, char **args) {
-        int r = 0;
-
-#if defined(HAVE_SYSV_COMPAT)
-        _cleanup_lookup_paths_free_ LookupPaths paths = {};
-        unsigned f = 0;
-
-        /* Processes all SysV units, and reshuffles the array so that afterwards only the native units remain */
-
-        if (arg_scope != UNIT_FILE_SYSTEM)
-                return 0;
-
-        if (getenv_bool("SYSTEMCTL_SKIP_SYSV") > 0)
-                return 0;
-
-        if (!STR_IN_SET(verb,
-                        "enable",
-                        "disable",
-                        "is-enabled"))
-                return 0;
-
-        r = lookup_paths_init(&paths, arg_scope, LOOKUP_PATHS_EXCLUDE_GENERATED, arg_root);
-        if (r < 0)
-                return r;
-
-        r = 0;
-        while (args[f]) {
-
-                const char *argv[] = {
-                        ROOTLIBEXECDIR "/systemd-sysv-install",
-                        NULL,
-                        NULL,
-                        NULL,
-                        NULL,
-                };
-
-                _cleanup_free_ char *p = NULL, *q = NULL, *l = NULL;
-                bool found_native = false, found_sysv;
-                siginfo_t status;
-                const char *name;
-                unsigned c = 1;
-                pid_t pid;
-                int j;
-
-                name = args[f++];
-
-                if (!endswith(name, ".service"))
-                        continue;
-
-                if (path_is_absolute(name))
-                        continue;
-
-                j = unit_file_exists(arg_scope, &paths, name);
-                if (j < 0 && !IN_SET(j, -ELOOP, -ERFKILL, -EADDRNOTAVAIL))
-                        return log_error_errno(j, "Failed to lookup unit file state: %m");
-                found_native = j != 0;
-
-                /* If we have both a native unit and a SysV script, enable/disable them both (below); for is-enabled,
-                 * prefer the native unit */
-                if (found_native && streq(verb, "is-enabled"))
-                        continue;
-
-                p = path_join(arg_root, SYSTEM_SYSVINIT_PATH, name);
-                if (!p)
-                        return log_oom();
-
-                p[strlen(p) - strlen(".service")] = 0;
-                found_sysv = access(p, F_OK) >= 0;
-                if (!found_sysv)
-                        continue;
-
-                if (found_native)
-                        log_info("Synchronizing state of %s with SysV service script with %s.", name, argv[0]);
-                else
-                        log_info("%s is not a native service, redirecting to systemd-sysv-install.", name);
-
-                if (!isempty(arg_root))
-                        argv[c++] = q = strappend("--root=", arg_root);
-
-                argv[c++] = verb;
-                argv[c++] = basename(p);
-                argv[c] = NULL;
-
-                l = strv_join((char**)argv, " ");
-                if (!l)
-                        return log_oom();
-
-                log_info("Executing: %s", l);
-
-                pid = fork();
-                if (pid < 0)
-                        return log_error_errno(errno, "Failed to fork: %m");
-                else if (pid == 0) {
-                        /* Child */
-
-                        (void) reset_all_signal_handlers();
-                        (void) reset_signal_mask();
-
-                        execv(argv[0], (char**) argv);
-                        log_error_errno(errno, "Failed to execute %s: %m", argv[0]);
-                        _exit(EXIT_FAILURE);
-                }
-
-                j = wait_for_terminate(pid, &status);
-                if (j < 0) {
-                        log_error_errno(j, "Failed to wait for child: %m");
-                        return j;
-                }
-
-                if (status.si_code == CLD_EXITED) {
-                        if (streq(verb, "is-enabled")) {
-                                if (status.si_status == 0) {
-                                        if (!arg_quiet)
-                                                puts("enabled");
-                                        r = 1;
-                                } else {
-                                        if (!arg_quiet)
-                                                puts("disabled");
-                                }
-
-                        } else if (status.si_status != 0)
-                                return -EBADE; /* We don't warn here, under the assumption the script already showed an explanation */
-                } else {
-                        log_error("Unexpected waitid() result.");
-                        return -EPROTO;
-                }
-
-                if (found_native)
-                        continue;
-
-                /* Remove this entry, so that we don't try enabling it as native unit */
-                assert(f > 0);
-                f--;
-                assert(args[f] == name);
-                strv_remove(args, name);
-        }
-
-#endif
-        return r;
-}
-
-static int mangle_names(char **original_names, char ***mangled_names) {
-        char **i, **l, **name;
-        int r;
-
-        l = i = new(char*, strv_length(original_names) + 1);
-        if (!l)
-                return log_oom();
-
-        STRV_FOREACH(name, original_names) {
-
-                /* When enabling units qualified path names are OK,
-                 * too, hence allow them explicitly. */
-
-                if (is_path(*name)) {
-                        *i = strdup(*name);
-                        if (!*i) {
-                                strv_free(l);
-                                return log_oom();
-                        }
-                } else {
-                        r = unit_name_mangle(*name, UNIT_NAME_NOGLOB, i);
-                        if (r < 0) {
-                                strv_free(l);
-                                return log_error_errno(r, "Failed to mangle unit name: %m");
-                        }
-                }
-
-                i++;
-        }
-
-        *i = NULL;
-        *mangled_names = l;
-
-        return 0;
-}
-
-static int enable_unit(int argc, char *argv[], void *userdata) {
-        _cleanup_strv_free_ char **names = NULL;
-        const char *verb = argv[0];
-        UnitFileChange *changes = NULL;
-        unsigned n_changes = 0;
-        int carries_install_info = -1;
-        bool ignore_carries_install_info = arg_quiet;
-        int r;
-
-        if (!argv[1])
-                return 0;
-
-        r = mangle_names(strv_skip(argv, 1), &names);
-        if (r < 0)
-                return r;
-
-        r = enable_sysv_units(verb, names);
-        if (r < 0)
-                return r;
-
-        /* If the operation was fully executed by the SysV compat, let's finish early */
-        if (strv_isempty(names)) {
-                if (arg_no_reload || install_client_side())
-                        return 0;
-                return daemon_reload(argc, argv, userdata);
-        }
-
-        if (install_client_side()) {
-                if (streq(verb, "enable")) {
-                        r = unit_file_enable(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
-                        carries_install_info = r;
-                } else if (streq(verb, "disable"))
-                        r = unit_file_disable(arg_scope, arg_runtime, arg_root, names, &changes, &n_changes);
-                else if (streq(verb, "reenable")) {
-                        r = unit_file_reenable(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
-                        carries_install_info = r;
-                } else if (streq(verb, "link"))
-                        r = unit_file_link(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
-                else if (streq(verb, "preset")) {
-                        r = unit_file_preset(arg_scope, arg_runtime, arg_root, names, arg_preset_mode, arg_force, &changes, &n_changes);
-                } else if (streq(verb, "mask"))
-                        r = unit_file_mask(arg_scope, arg_runtime, arg_root, names, arg_force, &changes, &n_changes);
-                else if (streq(verb, "unmask"))
-                        r = unit_file_unmask(arg_scope, arg_runtime, arg_root, names, &changes, &n_changes);
-                else if (streq(verb, "revert"))
-                        r = unit_file_revert(arg_scope, arg_root, names, &changes, &n_changes);
-                else
-                        assert_not_reached("Unknown verb");
-
-                unit_file_dump_changes(r, verb, changes, n_changes, arg_quiet);
-                if (r < 0)
-                        return r;
-                r = 0;
-        } else {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                bool expect_carries_install_info = false;
-                bool send_runtime = true, send_force = true, send_preset_mode = false;
-                const char *method;
-                sd_bus *bus;
-
-                polkit_agent_open_if_enabled();
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        return r;
-
-                if (streq(verb, "enable")) {
-                        method = "EnableUnitFiles";
-                        expect_carries_install_info = true;
-                } else if (streq(verb, "disable")) {
-                        method = "DisableUnitFiles";
-                        send_force = false;
-                } else if (streq(verb, "reenable")) {
-                        method = "ReenableUnitFiles";
-                        expect_carries_install_info = true;
-                } else if (streq(verb, "link"))
-                        method = "LinkUnitFiles";
-                else if (streq(verb, "preset")) {
-
-                        if (arg_preset_mode != UNIT_FILE_PRESET_FULL) {
-                                method = "PresetUnitFilesWithMode";
-                                send_preset_mode = true;
-                        } else
-                                method = "PresetUnitFiles";
-
-                        expect_carries_install_info = true;
-                        ignore_carries_install_info = true;
-                } else if (streq(verb, "mask"))
-                        method = "MaskUnitFiles";
-                else if (streq(verb, "unmask")) {
-                        method = "UnmaskUnitFiles";
-                        send_force = false;
-                } else if (streq(verb, "revert")) {
-                        method = "RevertUnitFiles";
-                        send_runtime = send_force = false;
-                } else
-                        assert_not_reached("Unknown verb");
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &m,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                method);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append_strv(m, names);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                if (send_preset_mode) {
-                        r = sd_bus_message_append(m, "s", unit_file_preset_mode_to_string(arg_preset_mode));
-                        if (r < 0)
-                                return bus_log_create_error(r);
-                }
-
-                if (send_runtime) {
-                        r = sd_bus_message_append(m, "b", arg_runtime);
-                        if (r < 0)
-                                return bus_log_create_error(r);
-                }
-
-                if (send_force) {
-                        r = sd_bus_message_append(m, "b", arg_force);
-                        if (r < 0)
-                                return bus_log_create_error(r);
-                }
-
-                r = sd_bus_call(bus, m, 0, &error, &reply);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to %s unit: %s", verb, bus_error_message(&error, r));
-
-                if (expect_carries_install_info) {
-                        r = sd_bus_message_read(reply, "b", &carries_install_info);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-                }
-
-                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
-                if (r < 0)
-                        return r;
-
-                /* Try to reload if enabled */
-                if (!arg_no_reload)
-                        r = daemon_reload(argc, argv, userdata);
-                else
-                        r = 0;
-        }
-
-        if (carries_install_info == 0 && !ignore_carries_install_info)
-                log_warning("The unit files have no installation config (WantedBy, RequiredBy, Also, Alias\n"
-                            "settings in the [Install] section, and DefaultInstance for template units).\n"
-                            "This means they are not meant to be enabled using systemctl.\n"
-                            "Possible reasons for having this kind of units are:\n"
-                            "1) A unit may be statically enabled by being symlinked from another unit's\n"
-                            "   .wants/ or .requires/ directory.\n"
-                            "2) A unit's purpose may be to act as a helper for some other unit which has\n"
-                            "   a requirement dependency on it.\n"
-                            "3) A unit may be started when needed via activation (socket, path, timer,\n"
-                            "   D-Bus, udev, scripted systemctl call, ...).\n"
-                            "4) In case of template units, the unit is meant to be enabled with some\n"
-                            "   instance name specified.");
-
-        if (arg_now && n_changes > 0 && STR_IN_SET(argv[0], "enable", "disable", "mask")) {
-                char *new_args[n_changes + 2];
-                sd_bus *bus;
-                unsigned i;
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        goto finish;
-
-                new_args[0] = (char*) (streq(argv[0], "enable") ? "start" : "stop");
-                for (i = 0; i < n_changes; i++)
-                        new_args[i + 1] = basename(changes[i].path);
-                new_args[i + 1] = NULL;
-
-                r = start_unit(strv_length(new_args), new_args, userdata);
-        }
-
-finish:
-        unit_file_changes_free(changes, n_changes);
-
-        return r;
-}
-
-static int add_dependency(int argc, char *argv[], void *userdata) {
-        _cleanup_strv_free_ char **names = NULL;
-        _cleanup_free_ char *target = NULL;
-        const char *verb = argv[0];
-        UnitFileChange *changes = NULL;
-        unsigned n_changes = 0;
-        UnitDependency dep;
-        int r = 0;
-
-        if (!argv[1])
-                return 0;
-
-        r = unit_name_mangle_with_suffix(argv[1], UNIT_NAME_NOGLOB, ".target", &target);
-        if (r < 0)
-                return log_error_errno(r, "Failed to mangle unit name: %m");
-
-        r = mangle_names(strv_skip(argv, 2), &names);
-        if (r < 0)
-                return r;
-
-        if (streq(verb, "add-wants"))
-                dep = UNIT_WANTS;
-        else if (streq(verb, "add-requires"))
-                dep = UNIT_REQUIRES;
-        else
-                assert_not_reached("Unknown verb");
-
-        if (install_client_side()) {
-                r = unit_file_add_dependency(arg_scope, arg_runtime, arg_root, names, target, dep, arg_force, &changes, &n_changes);
-                unit_file_dump_changes(r, "add dependency on", changes, n_changes, arg_quiet);
-
-                if (r > 0)
-                        r = 0;
-        } else {
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL, *m = NULL;
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                sd_bus *bus;
-
-                polkit_agent_open_if_enabled();
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_message_new_method_call(
-                                bus,
-                                &m,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "AddDependencyUnitFiles");
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append_strv(m, names);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_message_append(m, "ssbb", target, unit_dependency_to_string(dep), arg_runtime, arg_force);
-                if (r < 0)
-                        return bus_log_create_error(r);
-
-                r = sd_bus_call(bus, m, 0, &error, &reply);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add dependency: %s", bus_error_message(&error, r));
-
-                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
-                if (r < 0)
-                        goto finish;
-
-                if (arg_no_reload) {
-                        r = 0;
-                        goto finish;
-                }
-
-                r = daemon_reload(argc, argv, userdata);
-        }
-
-finish:
-        unit_file_changes_free(changes, n_changes);
-
-        return r;
-}
-
-static int preset_all(int argc, char *argv[], void *userdata) {
-        UnitFileChange *changes = NULL;
-        unsigned n_changes = 0;
-        int r;
-
-        if (install_client_side()) {
-                r = unit_file_preset_all(arg_scope, arg_runtime, arg_root, arg_preset_mode, arg_force, &changes, &n_changes);
-                unit_file_dump_changes(r, "preset", changes, n_changes, arg_quiet);
-
-                if (r > 0)
-                        r = 0;
-        } else {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                sd_bus *bus;
-
-                polkit_agent_open_if_enabled();
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        return r;
-
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "PresetAllUnitFiles",
-                                &error,
-                                &reply,
-                                "sbb",
-                                unit_file_preset_mode_to_string(arg_preset_mode),
-                                arg_runtime,
-                                arg_force);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to preset all units: %s", bus_error_message(&error, r));
-
-                r = bus_deserialize_and_dump_unit_file_changes(reply, arg_quiet, &changes, &n_changes);
-                if (r < 0)
-                        goto finish;
-
-                if (arg_no_reload) {
-                        r = 0;
-                        goto finish;
-                }
-
-                r = daemon_reload(argc, argv, userdata);
-        }
-
-finish:
-        unit_file_changes_free(changes, n_changes);
-
-        return r;
-}
-
-static int unit_is_enabled(int argc, char *argv[], void *userdata) {
-
-        _cleanup_strv_free_ char **names = NULL;
-        bool enabled;
-        char **name;
-        int r;
-
-        r = mangle_names(strv_skip(argv, 1), &names);
-        if (r < 0)
-                return r;
-
-        r = enable_sysv_units(argv[0], names);
-        if (r < 0)
-                return r;
-
-        enabled = r > 0;
-
-        if (install_client_side()) {
-
-                STRV_FOREACH(name, names) {
-                        UnitFileState state;
-
-                        r = unit_file_get_state(arg_scope, arg_root, *name, &state);
-                        if (r < 0)
-                                return log_error_errno(state, "Failed to get unit file state for %s: %m", *name);
-
-                        if (IN_SET(state,
-                                   UNIT_FILE_ENABLED,
-                                   UNIT_FILE_ENABLED_RUNTIME,
-                                   UNIT_FILE_STATIC,
-                                   UNIT_FILE_INDIRECT,
-                                   UNIT_FILE_GENERATED))
-                                enabled = true;
-
-                        if (!arg_quiet)
-                                puts(unit_file_state_to_string(state));
-                }
-
-                r = 0;
-        } else {
-                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-                sd_bus *bus;
-
-                r = acquire_bus(BUS_MANAGER, &bus);
-                if (r < 0)
-                        return r;
-
-                STRV_FOREACH(name, names) {
-                        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-                        const char *s;
-
-                        r = sd_bus_call_method(
-                                        bus,
-                                        "org.freedesktop.systemd1",
-                                        "/org/freedesktop/systemd1",
-                                        "org.freedesktop.systemd1.Manager",
-                                        "GetUnitFileState",
-                                        &error,
-                                        &reply,
-                                        "s", *name);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to get unit file state for %s: %s", *name, bus_error_message(&error, r));
-
-                        r = sd_bus_message_read(reply, "s", &s);
-                        if (r < 0)
-                                return bus_log_parse_error(r);
-
-                        if (STR_IN_SET(s, "enabled", "enabled-runtime", "static", "indirect", "generated"))
-                                enabled = true;
-
-                        if (!arg_quiet)
-                                puts(s);
-                }
-        }
-
-        return enabled ? EXIT_SUCCESS : EXIT_FAILURE;
-}
-
-static int is_system_running(int argc, char *argv[], void *userdata) {
-        _cleanup_free_ char *state = NULL;
-        sd_bus *bus;
-        int r;
-
-        if (running_in_chroot() > 0 || (arg_transport == BUS_TRANSPORT_LOCAL && !sd_booted())) {
-                if (!arg_quiet)
-                        puts("offline");
-                return EXIT_FAILURE;
-        }
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_get_property_string(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "SystemState",
-                        NULL,
-                        &state);
-        if (r < 0) {
-                if (!arg_quiet)
-                        puts("unknown");
-                return 0;
-        }
-
-        if (!arg_quiet)
-                puts(state);
-
-        return streq(state, "running") ? EXIT_SUCCESS : EXIT_FAILURE;
-}
-
-static int create_edit_temp_file(const char *new_path, const char *original_path, char **ret_tmp_fn) {
-        _cleanup_free_ char *t = NULL;
-        int r;
-
-        assert(new_path);
-        assert(original_path);
-        assert(ret_tmp_fn);
-
-        r = tempfn_random(new_path, NULL, &t);
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine temporary filename for \"%s\": %m", new_path);
-
-        r = mkdir_parents(new_path, 0755);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create directories for \"%s\": %m", new_path);
-
-        r = copy_file(original_path, t, 0, 0644, 0);
-        if (r == -ENOENT) {
-
-                r = touch(t);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to create temporary file \"%s\": %m", t);
-
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to copy \"%s\" to \"%s\": %m", original_path, t);
-
-        *ret_tmp_fn = t;
-        t = NULL;
-
-        return 0;
-}
-
-static int get_file_to_edit(
-                const LookupPaths *paths,
-                const char *name,
-                char **ret_path) {
-
-        _cleanup_free_ char *path = NULL, *run = NULL;
-
-        assert(name);
-        assert(ret_path);
-
-        path = strjoin(paths->persistent_config, "/", name, NULL);
-        if (!path)
-                return log_oom();
-
-        if (arg_runtime) {
-                run = strjoin(paths->runtime_config, name, NULL);
-                if (!run)
-                        return log_oom();
-        }
-
-        if (arg_runtime) {
-                if (access(path, F_OK) >= 0) {
-                        log_error("Refusing to create \"%s\" because it would be overridden by \"%s\" anyway.", run, path);
-                        return -EEXIST;
-                }
-
-                *ret_path = run;
-                run = NULL;
-        } else {
-                *ret_path = path;
-                path = NULL;
-        }
-
-        return 0;
-}
-
-static int unit_file_create_dropin(
-                const LookupPaths *paths,
-                const char *unit_name,
-                char **ret_new_path,
-                char **ret_tmp_path) {
-
-        char *tmp_new_path, *tmp_tmp_path, *ending;
-        int r;
-
-        assert(unit_name);
-        assert(ret_new_path);
-        assert(ret_tmp_path);
-
-        ending = strjoina(unit_name, ".d/override.conf");
-        r = get_file_to_edit(paths, ending, &tmp_new_path);
-        if (r < 0)
-                return r;
-
-        r = create_edit_temp_file(tmp_new_path, tmp_new_path, &tmp_tmp_path);
-        if (r < 0) {
-                free(tmp_new_path);
-                return r;
-        }
-
-        *ret_new_path = tmp_new_path;
-        *ret_tmp_path = tmp_tmp_path;
-
-        return 0;
-}
-
-static int unit_file_create_copy(
-                const LookupPaths *paths,
-                const char *unit_name,
-                const char *fragment_path,
-                char **ret_new_path,
-                char **ret_tmp_path) {
-
-        char *tmp_new_path, *tmp_tmp_path;
-        int r;
-
-        assert(fragment_path);
-        assert(unit_name);
-        assert(ret_new_path);
-        assert(ret_tmp_path);
-
-        r = get_file_to_edit(paths, unit_name, &tmp_new_path);
-        if (r < 0)
-                return r;
-
-        if (!path_equal(fragment_path, tmp_new_path) && access(tmp_new_path, F_OK) == 0) {
-                char response;
-
-                r = ask_char(&response, "yn", "\"%s\" already exists. Overwrite with \"%s\"? [(y)es, (n)o] ", tmp_new_path, fragment_path);
-                if (r < 0) {
-                        free(tmp_new_path);
-                        return r;
-                }
-                if (response != 'y') {
-                        log_warning("%s ignored", unit_name);
-                        free(tmp_new_path);
-                        return -1;
-                }
-        }
-
-        r = create_edit_temp_file(tmp_new_path, fragment_path, &tmp_tmp_path);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create temporary file for \"%s\": %m", tmp_new_path);
-                free(tmp_new_path);
-                return r;
-        }
-
-        *ret_new_path = tmp_new_path;
-        *ret_tmp_path = tmp_tmp_path;
-
-        return 0;
-}
-
-static int run_editor(char **paths) {
-        pid_t pid;
-        int r;
-
-        assert(paths);
-
-        pid = fork();
-        if (pid < 0)
-                return log_error_errno(errno, "Failed to fork: %m");
-
-        if (pid == 0) {
-                const char **args;
-                char *editor, **editor_args = NULL;
-                char **tmp_path, **original_path, *p;
-                unsigned n_editor_args = 0, i = 1;
-                size_t argc;
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-
-                argc = strv_length(paths)/2 + 1;
-
-                /* SYSTEMD_EDITOR takes precedence over EDITOR which takes precedence over VISUAL
-                 * If neither SYSTEMD_EDITOR nor EDITOR nor VISUAL are present,
-                 * we try to execute well known editors
-                 */
-                editor = getenv("SYSTEMD_EDITOR");
-                if (!editor)
-                        editor = getenv("EDITOR");
-                if (!editor)
-                        editor = getenv("VISUAL");
-
-                if (!isempty(editor)) {
-                        editor_args = strv_split(editor, WHITESPACE);
-                        if (!editor_args) {
-                                (void) log_oom();
-                                _exit(EXIT_FAILURE);
-                        }
-                        n_editor_args = strv_length(editor_args);
-                        argc += n_editor_args - 1;
-                }
-                args = newa(const char*, argc + 1);
-
-                if (n_editor_args > 0) {
-                        args[0] = editor_args[0];
-                        for (; i < n_editor_args; i++)
-                                args[i] = editor_args[i];
-                }
-
-                STRV_FOREACH_PAIR(original_path, tmp_path, paths) {
-                        args[i] = *tmp_path;
-                        i++;
-                }
-                args[i] = NULL;
-
-                if (n_editor_args > 0)
-                        execvp(args[0], (char* const*) args);
-
-                FOREACH_STRING(p, "editor", "nano", "vim", "vi") {
-                        args[0] = p;
-                        execvp(p, (char* const*) args);
-                        /* We do not fail if the editor doesn't exist
-                         * because we want to try each one of them before
-                         * failing.
-                         */
-                        if (errno != ENOENT) {
-                                log_error_errno(errno, "Failed to execute %s: %m", editor);
-                                _exit(EXIT_FAILURE);
-                        }
-                }
-
-                log_error("Cannot edit unit(s), no editor available. Please set either $SYSTEMD_EDITOR, $EDITOR or $VISUAL.");
-                _exit(EXIT_FAILURE);
-        }
-
-        r = wait_for_terminate_and_warn("editor", pid, true);
-        if (r < 0)
-                return log_error_errno(r, "Failed to wait for child: %m");
-
-        return 0;
-}
-
-static int find_paths_to_edit(sd_bus *bus, char **names, char ***paths) {
-        _cleanup_lookup_paths_free_ LookupPaths lp = {};
-        char **name;
-        int r;
-
-        assert(names);
-        assert(paths);
-
-        r = lookup_paths_init(&lp, arg_scope, 0, arg_root);
-        if (r < 0)
-                return r;
-
-        STRV_FOREACH(name, names) {
-                _cleanup_free_ char *path = NULL, *new_path = NULL, *tmp_path = NULL;
-
-                r = unit_find_paths(bus, *name, &lp, &path, NULL);
-                if (r < 0)
-                        return r;
-                else if (r == 0)
-                        return -ENOENT;
-                else if (!path) {
-                        // FIXME: support units with path==NULL (no FragmentPath)
-                        log_error("No fragment exists for %s.", *name);
-                        return -ENOENT;
-                }
-
-                if (arg_full)
-                        r = unit_file_create_copy(&lp, *name, path, &new_path, &tmp_path);
-                else
-                        r = unit_file_create_dropin(&lp, *name, &new_path, &tmp_path);
-                if (r < 0)
-                        return r;
-
-                r = strv_push_pair(paths, new_path, tmp_path);
-                if (r < 0)
-                        return log_oom();
-                new_path = tmp_path = NULL;
-        }
-
-        return 0;
-}
-
-static int edit(int argc, char *argv[], void *userdata) {
-        _cleanup_strv_free_ char **names = NULL;
-        _cleanup_strv_free_ char **paths = NULL;
-        char **original, **tmp;
-        sd_bus *bus;
-        int r;
-
-        if (!on_tty()) {
-                log_error("Cannot edit units if not on a tty.");
-                return -EINVAL;
-        }
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL) {
-                log_error("Cannot edit units remotely.");
-                return -EINVAL;
-        }
-
-        r = acquire_bus(BUS_MANAGER, &bus);
-        if (r < 0)
-                return r;
-
-        r = expand_names(bus, strv_skip(argv, 1), NULL, &names);
-        if (r < 0)
-                return log_error_errno(r, "Failed to expand names: %m");
-
-        r = find_paths_to_edit(bus, names, &paths);
-        if (r < 0)
-                return r;
-
-        if (strv_isempty(paths))
-                return -ENOENT;
-
-        r = run_editor(paths);
-        if (r < 0)
-                goto end;
-
-        STRV_FOREACH_PAIR(original, tmp, paths) {
-                /* If the temporary file is empty we ignore it.  It's
-                 * useful if the user wants to cancel its modification
-                 */
-                if (null_or_empty_path(*tmp)) {
-                        log_warning("Editing \"%s\" canceled: temporary file is empty.", *original);
-                        continue;
-                }
-
-                r = rename(*tmp, *original);
-                if (r < 0) {
-                        r = log_error_errno(errno, "Failed to rename \"%s\" to \"%s\": %m", *tmp, *original);
-                        goto end;
-                }
-        }
-
-        r = 0;
-
-        if (!arg_no_reload && !install_client_side())
-                r = daemon_reload(argc, argv, userdata);
-
-end:
-        STRV_FOREACH_PAIR(original, tmp, paths) {
-                (void) unlink(*tmp);
-
-                /* Removing empty dropin dirs */
-                if (!arg_full) {
-                        _cleanup_free_ char *dir;
-
-                        dir = dirname_malloc(*original);
-                        if (!dir)
-                                return log_oom();
-
-                        /* no need to check if the dir is empty, rmdir
-                         * does nothing if it is not the case.
-                         */
-                        (void) rmdir(dir);
-                }
-        }
-
-        return r;
-}
-
-static void systemctl_help(void) {
-
-        pager_open(arg_no_pager, false);
-
-        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
-               "Query or send control commands to the systemd manager.\n\n"
-               "  -h --help           Show this help\n"
-               "     --version        Show package version\n"
-               "     --system         Connect to system manager\n"
-               "     --user           Connect to user service manager\n"
-               "  -H --host=[USER@]HOST\n"
-               "                      Operate on remote host\n"
-               "  -M --machine=CONTAINER\n"
-               "                      Operate on local container\n"
-               "  -t --type=TYPE      List units of a particular type\n"
-               "     --state=STATE    List units with particular LOAD or SUB or ACTIVE state\n"
-               "  -p --property=NAME  Show only properties by this name\n"
-               "  -a --all            Show all loaded units/properties, including dead/empty\n"
-               "                      ones. To list all units installed on the system, use\n"
-               "                      the 'list-unit-files' command instead.\n"
-               "  -l --full           Don't ellipsize unit names on output\n"
-               "  -r --recursive      Show unit list of host and local containers\n"
-               "     --reverse        Show reverse dependencies with 'list-dependencies'\n"
-               "     --job-mode=MODE  Specify how to deal with already queued jobs, when\n"
-               "                      queueing a new job\n"
-               "     --show-types     When showing sockets, explicitly show their type\n"
-               "     --value          When showing properties, only print the value\n"
-               "  -i --ignore-inhibitors\n"
-               "                      When shutting down or sleeping, ignore inhibitors\n"
-               "     --kill-who=WHO   Who to send signal to\n"
-               "  -s --signal=SIGNAL  Which signal to send\n"
-               "     --now            Start or stop unit in addition to enabling or disabling it\n"
-               "  -q --quiet          Suppress output\n"
-               "     --no-block       Do not wait until operation finished\n"
-               "     --no-wall        Don't send wall message before halt/power-off/reboot\n"
-               "     --no-reload      Don't reload daemon after en-/dis-abling unit files\n"
-               "     --no-legend      Do not print a legend (column headers and hints)\n"
-               "     --no-pager       Do not pipe output into a pager\n"
-               "     --no-ask-password\n"
-               "                      Do not ask for system passwords\n"
-               "     --global         Enable/disable unit files globally\n"
-               "     --runtime        Enable unit files only temporarily until next reboot\n"
-               "  -f --force          When enabling unit files, override existing symlinks\n"
-               "                      When shutting down, execute action immediately\n"
-               "     --preset-mode=   Apply only enable, only disable, or all presets\n"
-               "     --root=PATH      Enable unit files in the specified root directory\n"
-               "  -n --lines=INTEGER  Number of journal entries to show\n"
-               "  -o --output=STRING  Change journal output mode (short, short-iso,\n"
-               "                              short-precise, short-monotonic, verbose,\n"
-               "                              export, json, json-pretty, json-sse, cat)\n"
-               "     --firmware-setup Tell the firmware to show the setup menu on next boot\n"
-               "     --plain          Print unit dependencies as a list instead of a tree\n\n"
-               "Unit Commands:\n"
-               "  list-units [PATTERN...]         List loaded units\n"
-               "  list-sockets [PATTERN...]       List loaded sockets ordered by address\n"
-               "  list-timers [PATTERN...]        List loaded timers ordered by next elapse\n"
-               "  start NAME...                   Start (activate) one or more units\n"
-               "  stop NAME...                    Stop (deactivate) one or more units\n"
-               "  reload NAME...                  Reload one or more units\n"
-               "  restart NAME...                 Start or restart one or more units\n"
-               "  try-restart NAME...             Restart one or more units if active\n"
-               "  reload-or-restart NAME...       Reload one or more units if possible,\n"
-               "                                  otherwise start or restart\n"
-               "  try-reload-or-restart NAME...   If active, reload one or more units,\n"
-               "                                  if supported, otherwise restart\n"
-               "  isolate NAME                    Start one unit and stop all others\n"
-               "  kill NAME...                    Send signal to processes of a unit\n"
-               "  is-active PATTERN...            Check whether units are active\n"
-               "  is-failed PATTERN...            Check whether units are failed\n"
-               "  status [PATTERN...|PID...]      Show runtime status of one or more units\n"
-               "  show [PATTERN...|JOB...]        Show properties of one or more\n"
-               "                                  units/jobs or the manager\n"
-               "  cat PATTERN...                  Show files and drop-ins of one or more units\n"
-               "  set-property NAME ASSIGNMENT... Sets one or more properties of a unit\n"
-               "  help PATTERN...|PID...          Show manual for one or more units\n"
-               "  reset-failed [PATTERN...]       Reset failed state for all, one, or more\n"
-               "                                  units\n"
-               "  list-dependencies [NAME]        Recursively show units which are required\n"
-               "                                  or wanted by this unit or by which this\n"
-               "                                  unit is required or wanted\n\n"
-               "Unit File Commands:\n"
-               "  list-unit-files [PATTERN...]    List installed unit files\n"
-               "  enable NAME...                  Enable one or more unit files\n"
-               "  disable NAME...                 Disable one or more unit files\n"
-               "  reenable NAME...                Reenable one or more unit files\n"
-               "  preset NAME...                  Enable/disable one or more unit files\n"
-               "                                  based on preset configuration\n"
-               "  preset-all                      Enable/disable all unit files based on\n"
-               "                                  preset configuration\n"
-               "  is-enabled NAME...              Check whether unit files are enabled\n"
-               "  mask NAME...                    Mask one or more units\n"
-               "  unmask NAME...                  Unmask one or more units\n"
-               "  link PATH...                    Link one or more units files into\n"
-               "                                  the search path\n"
-               "  revert NAME...                  Revert one or more unit files to vendor\n"
-               "                                  version\n"
-               "  add-wants TARGET NAME...        Add 'Wants' dependency for the target\n"
-               "                                  on specified one or more units\n"
-               "  add-requires TARGET NAME...     Add 'Requires' dependency for the target\n"
-               "                                  on specified one or more units\n"
-               "  edit NAME...                    Edit one or more unit files\n"
-               "  get-default                     Get the name of the default target\n"
-               "  set-default NAME                Set the default target\n\n"
-               "Machine Commands:\n"
-               "  list-machines [PATTERN...]      List local containers and host\n\n"
-               "Job Commands:\n"
-               "  list-jobs [PATTERN...]          List jobs\n"
-               "  cancel [JOB...]                 Cancel all, one, or more jobs\n\n"
-               "Environment Commands:\n"
-               "  show-environment                Dump environment\n"
-               "  set-environment NAME=VALUE...   Set one or more environment variables\n"
-               "  unset-environment NAME...       Unset one or more environment variables\n"
-               "  import-environment [NAME...]    Import all or some environment variables\n\n"
-               "Manager Lifecycle Commands:\n"
-               "  daemon-reload                   Reload systemd manager configuration\n"
-               "  daemon-reexec                   Reexecute systemd manager\n\n"
-               "System Commands:\n"
-               "  is-system-running               Check whether system is fully running\n"
-               "  default                         Enter system default mode\n"
-               "  rescue                          Enter system rescue mode\n"
-               "  emergency                       Enter system emergency mode\n"
-               "  halt                            Shut down and halt the system\n"
-               "  poweroff                        Shut down and power-off the system\n"
-               "  reboot [ARG]                    Shut down and reboot the system\n"
-               "  kexec                           Shut down and reboot the system with kexec\n"
-               "  exit [EXIT_CODE]                Request user instance or container exit\n"
-               "  switch-root ROOT [INIT]         Change to a different root file system\n"
-               "  suspend                         Suspend the system\n"
-               "  hibernate                       Hibernate the system\n"
-               "  hybrid-sleep                    Hibernate and suspend the system\n",
-               program_invocation_short_name);
-}
-
-static void halt_help(void) {
-        printf("%s [OPTIONS...]%s\n\n"
-               "%s the system.\n\n"
-               "     --help      Show this help\n"
-               "     --halt      Halt the machine\n"
-               "  -p --poweroff  Switch off the machine\n"
-               "     --reboot    Reboot the machine\n"
-               "  -f --force     Force immediate halt/power-off/reboot\n"
-               "  -w --wtmp-only Don't halt/power-off/reboot, just write wtmp record\n"
-               "  -d --no-wtmp   Don't write wtmp record\n"
-               "     --no-wall   Don't send wall message before halt/power-off/reboot\n",
-               program_invocation_short_name,
-               arg_action == ACTION_REBOOT   ? " [ARG]" : "",
-               arg_action == ACTION_REBOOT   ? "Reboot" :
-               arg_action == ACTION_POWEROFF ? "Power off" :
-                                               "Halt");
-}
-
-static void shutdown_help(void) {
-        printf("%s [OPTIONS...] [TIME] [WALL...]\n\n"
-               "Shut down the system.\n\n"
-               "     --help      Show this help\n"
-               "  -H --halt      Halt the machine\n"
-               "  -P --poweroff  Power-off the machine\n"
-               "  -r --reboot    Reboot the machine\n"
-               "  -h             Equivalent to --poweroff, overridden by --halt\n"
-               "  -k             Don't halt/power-off/reboot, just send warnings\n"
-               "     --no-wall   Don't send wall message before halt/power-off/reboot\n"
-               "  -c             Cancel a pending shutdown\n",
-               program_invocation_short_name);
-}
-
-static void telinit_help(void) {
-        printf("%s [OPTIONS...] {COMMAND}\n\n"
-               "Send control commands to the init daemon.\n\n"
-               "     --help      Show this help\n"
-               "     --no-wall   Don't send wall message before halt/power-off/reboot\n\n"
-               "Commands:\n"
-               "  0              Power-off the machine\n"
-               "  6              Reboot the machine\n"
-               "  2, 3, 4, 5     Start runlevelX.target unit\n"
-               "  1, s, S        Enter rescue mode\n"
-               "  q, Q           Reload init daemon configuration\n"
-               "  u, U           Reexecute init daemon\n",
-               program_invocation_short_name);
-}
-
-static void runlevel_help(void) {
-        printf("%s [OPTIONS...]\n\n"
-               "Prints the previous and current runlevel of the init system.\n\n"
-               "     --help      Show this help\n",
-               program_invocation_short_name);
-}
-
-static void help_types(void) {
-        int i;
-
-        if (!arg_no_legend)
-                puts("Available unit types:");
-        for (i = 0; i < _UNIT_TYPE_MAX; i++)
-                puts(unit_type_to_string(i));
-}
-
-static void help_states(void) {
-        int i;
-
-        if (!arg_no_legend)
-                puts("Available unit load states:");
-        for (i = 0; i < _UNIT_LOAD_STATE_MAX; i++)
-                puts(unit_load_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable unit active states:");
-        for (i = 0; i < _UNIT_ACTIVE_STATE_MAX; i++)
-                puts(unit_active_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable automount unit substates:");
-        for (i = 0; i < _AUTOMOUNT_STATE_MAX; i++)
-                puts(automount_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable busname unit substates:");
-        for (i = 0; i < _BUSNAME_STATE_MAX; i++)
-                puts(busname_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable device unit substates:");
-        for (i = 0; i < _DEVICE_STATE_MAX; i++)
-                puts(device_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable mount unit substates:");
-        for (i = 0; i < _MOUNT_STATE_MAX; i++)
-                puts(mount_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable path unit substates:");
-        for (i = 0; i < _PATH_STATE_MAX; i++)
-                puts(path_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable scope unit substates:");
-        for (i = 0; i < _SCOPE_STATE_MAX; i++)
-                puts(scope_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable service unit substates:");
-        for (i = 0; i < _SERVICE_STATE_MAX; i++)
-                puts(service_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable slice unit substates:");
-        for (i = 0; i < _SLICE_STATE_MAX; i++)
-                puts(slice_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable socket unit substates:");
-        for (i = 0; i < _SOCKET_STATE_MAX; i++)
-                puts(socket_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable swap unit substates:");
-        for (i = 0; i < _SWAP_STATE_MAX; i++)
-                puts(swap_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable target unit substates:");
-        for (i = 0; i < _TARGET_STATE_MAX; i++)
-                puts(target_state_to_string(i));
-
-        if (!arg_no_legend)
-                puts("\nAvailable timer unit substates:");
-        for (i = 0; i < _TIMER_STATE_MAX; i++)
-                puts(timer_state_to_string(i));
-}
-
-static int systemctl_parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_FAIL = 0x100,
-                ARG_REVERSE,
-                ARG_AFTER,
-                ARG_BEFORE,
-                ARG_SHOW_TYPES,
-                ARG_IRREVERSIBLE,
-                ARG_IGNORE_DEPENDENCIES,
-                ARG_VALUE,
-                ARG_VERSION,
-                ARG_USER,
-                ARG_SYSTEM,
-                ARG_GLOBAL,
-                ARG_NO_BLOCK,
-                ARG_NO_LEGEND,
-                ARG_NO_PAGER,
-                ARG_NO_WALL,
-                ARG_ROOT,
-                ARG_NO_RELOAD,
-                ARG_KILL_WHO,
-                ARG_NO_ASK_PASSWORD,
-                ARG_FAILED,
-                ARG_RUNTIME,
-                ARG_FORCE,
-                ARG_PLAIN,
-                ARG_STATE,
-                ARG_JOB_MODE,
-                ARG_PRESET_MODE,
-                ARG_FIRMWARE_SETUP,
-                ARG_NOW,
-                ARG_MESSAGE,
-        };
-
-        static const struct option options[] = {
-                { "help",                no_argument,       NULL, 'h'                     },
-                { "version",             no_argument,       NULL, ARG_VERSION             },
-                { "type",                required_argument, NULL, 't'                     },
-                { "property",            required_argument, NULL, 'p'                     },
-                { "all",                 no_argument,       NULL, 'a'                     },
-                { "reverse",             no_argument,       NULL, ARG_REVERSE             },
-                { "after",               no_argument,       NULL, ARG_AFTER               },
-                { "before",              no_argument,       NULL, ARG_BEFORE              },
-                { "show-types",          no_argument,       NULL, ARG_SHOW_TYPES          },
-                { "failed",              no_argument,       NULL, ARG_FAILED              }, /* compatibility only */
-                { "full",                no_argument,       NULL, 'l'                     },
-                { "job-mode",            required_argument, NULL, ARG_JOB_MODE            },
-                { "fail",                no_argument,       NULL, ARG_FAIL                }, /* compatibility only */
-                { "irreversible",        no_argument,       NULL, ARG_IRREVERSIBLE        }, /* compatibility only */
-                { "ignore-dependencies", no_argument,       NULL, ARG_IGNORE_DEPENDENCIES }, /* compatibility only */
-                { "ignore-inhibitors",   no_argument,       NULL, 'i'                     },
-                { "value",               no_argument,       NULL, ARG_VALUE               },
-                { "user",                no_argument,       NULL, ARG_USER                },
-                { "system",              no_argument,       NULL, ARG_SYSTEM              },
-                { "global",              no_argument,       NULL, ARG_GLOBAL              },
-                { "no-block",            no_argument,       NULL, ARG_NO_BLOCK            },
-                { "no-legend",           no_argument,       NULL, ARG_NO_LEGEND           },
-                { "no-pager",            no_argument,       NULL, ARG_NO_PAGER            },
-                { "no-wall",             no_argument,       NULL, ARG_NO_WALL             },
-                { "quiet",               no_argument,       NULL, 'q'                     },
-                { "root",                required_argument, NULL, ARG_ROOT                },
-                { "force",               no_argument,       NULL, ARG_FORCE               },
-                { "no-reload",           no_argument,       NULL, ARG_NO_RELOAD           },
-                { "kill-who",            required_argument, NULL, ARG_KILL_WHO            },
-                { "signal",              required_argument, NULL, 's'                     },
-                { "no-ask-password",     no_argument,       NULL, ARG_NO_ASK_PASSWORD     },
-                { "host",                required_argument, NULL, 'H'                     },
-                { "machine",             required_argument, NULL, 'M'                     },
-                { "runtime",             no_argument,       NULL, ARG_RUNTIME             },
-                { "lines",               required_argument, NULL, 'n'                     },
-                { "output",              required_argument, NULL, 'o'                     },
-                { "plain",               no_argument,       NULL, ARG_PLAIN               },
-                { "state",               required_argument, NULL, ARG_STATE               },
-                { "recursive",           no_argument,       NULL, 'r'                     },
-                { "preset-mode",         required_argument, NULL, ARG_PRESET_MODE         },
-                { "firmware-setup",      no_argument,       NULL, ARG_FIRMWARE_SETUP      },
-                { "now",                 no_argument,       NULL, ARG_NOW                 },
-                { "message",             required_argument, NULL, ARG_MESSAGE             },
-                {}
-        };
-
-        const char *p;
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        /* we default to allowing interactive authorization only in systemctl (not in the legacy commands) */
-        arg_ask_password = true;
-
-        while ((c = getopt_long(argc, argv, "ht:p:alqfs:H:M:n:o:ir", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        systemctl_help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 't': {
-                        if (isempty(optarg)) {
-                                log_error("--type requires arguments.");
-                                return -EINVAL;
-                        }
-
-                        p = optarg;
-                        for (;;) {
-                                _cleanup_free_ char *type = NULL;
-
-                                r = extract_first_word(&p, &type, ",", 0);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse type: %s", optarg);
-
-                                if (r == 0)
-                                        break;
-
-                                if (streq(type, "help")) {
-                                        help_types();
-                                        return 0;
-                                }
-
-                                if (unit_type_from_string(type) >= 0) {
-                                        if (strv_push(&arg_types, type) < 0)
-                                                return log_oom();
-                                        type = NULL;
-                                        continue;
-                                }
-
-                                /* It's much nicer to use --state= for
-                                 * load states, but let's support this
-                                 * in --types= too for compatibility
-                                 * with old versions */
-                                if (unit_load_state_from_string(type) >= 0) {
-                                        if (strv_push(&arg_states, type) < 0)
-                                                return log_oom();
-                                        type = NULL;
-                                        continue;
-                                }
-
-                                log_error("Unknown unit type or load state '%s'.", type);
-                                log_info("Use -t help to see a list of allowed values.");
-                                return -EINVAL;
-                        }
-
-                        break;
-                }
-
-                case 'p': {
-                        /* Make sure that if the empty property list
-                           was specified, we won't show any properties. */
-                        if (isempty(optarg) && !arg_properties) {
-                                arg_properties = new0(char*, 1);
-                                if (!arg_properties)
-                                        return log_oom();
-                        } else {
-                                p = optarg;
-                                for (;;) {
-                                        _cleanup_free_ char *prop = NULL;
-
-                                        r = extract_first_word(&p, &prop, ",", 0);
-                                        if (r < 0)
-                                                return log_error_errno(r, "Failed to parse property: %s", optarg);
-
-                                        if (r == 0)
-                                                break;
-
-                                        if (strv_push(&arg_properties, prop) < 0)
-                                                return log_oom();
-
-                                        prop = NULL;
-                                }
-                        }
-
-                        /* If the user asked for a particular
-                         * property, show it to him, even if it is
-                         * empty. */
-                        arg_all = true;
-
-                        break;
-                }
-
-                case 'a':
-                        arg_all = true;
-                        break;
-
-                case ARG_REVERSE:
-                        arg_dependency = DEPENDENCY_REVERSE;
-                        break;
-
-                case ARG_AFTER:
-                        arg_dependency = DEPENDENCY_AFTER;
-                        break;
-
-                case ARG_BEFORE:
-                        arg_dependency = DEPENDENCY_BEFORE;
-                        break;
-
-                case ARG_SHOW_TYPES:
-                        arg_show_types = true;
-                        break;
-
-                case ARG_VALUE:
-                        arg_value = true;
-                        break;
-
-                case ARG_JOB_MODE:
-                        arg_job_mode = optarg;
-                        break;
-
-                case ARG_FAIL:
-                        arg_job_mode = "fail";
-                        break;
-
-                case ARG_IRREVERSIBLE:
-                        arg_job_mode = "replace-irreversibly";
-                        break;
-
-                case ARG_IGNORE_DEPENDENCIES:
-                        arg_job_mode = "ignore-dependencies";
-                        break;
-
-                case ARG_USER:
-                        arg_scope = UNIT_FILE_USER;
-                        break;
-
-                case ARG_SYSTEM:
-                        arg_scope = UNIT_FILE_SYSTEM;
-                        break;
-
-                case ARG_GLOBAL:
-                        arg_scope = UNIT_FILE_GLOBAL;
-                        break;
-
-                case ARG_NO_BLOCK:
-                        arg_no_block = true;
-                        break;
-
-                case ARG_NO_LEGEND:
-                        arg_no_legend = true;
-                        break;
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case ARG_NO_WALL:
-                        arg_no_wall = true;
-                        break;
-
-                case ARG_ROOT:
-                        r = parse_path_argument_and_warn(optarg, false, &arg_root);
-                        if (r < 0)
-                                return r;
-                        break;
-
-                case 'l':
-                        arg_full = true;
-                        break;
-
-                case ARG_FAILED:
-                        if (strv_extend(&arg_states, "failed") < 0)
-                                return log_oom();
-
-                        break;
-
-                case 'q':
-                        arg_quiet = true;
-                        break;
-
-                case ARG_FORCE:
-                        arg_force++;
-                        break;
-
-                case 'f':
-                        arg_force++;
-                        break;
-
-                case ARG_NO_RELOAD:
-                        arg_no_reload = true;
-                        break;
-
-                case ARG_KILL_WHO:
-                        arg_kill_who = optarg;
-                        break;
-
-                case 's':
-                        arg_signal = signal_from_string_try_harder(optarg);
-                        if (arg_signal < 0) {
-                                log_error("Failed to parse signal string %s.", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case ARG_NO_ASK_PASSWORD:
-                        arg_ask_password = false;
-                        break;
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case ARG_RUNTIME:
-                        arg_runtime = true;
-                        break;
-
-                case 'n':
-                        if (safe_atou(optarg, &arg_lines) < 0) {
-                                log_error("Failed to parse lines '%s'", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case 'o':
-                        arg_output = output_mode_from_string(optarg);
-                        if (arg_output < 0) {
-                                log_error("Unknown output '%s'.", optarg);
-                                return -EINVAL;
-                        }
-                        break;
-
-                case 'i':
-                        arg_ignore_inhibitors = true;
-                        break;
-
-                case ARG_PLAIN:
-                        arg_plain = true;
-                        break;
-
-                case ARG_FIRMWARE_SETUP:
-                        arg_firmware_setup = true;
-                        break;
-
-                case ARG_STATE: {
-                        if (isempty(optarg)) {
-                                log_error("--signal requires arguments.");
-                                return -EINVAL;
-                        }
-
-                        p = optarg;
-                        for (;;) {
-                                _cleanup_free_ char *s = NULL;
-
-                                r = extract_first_word(&p, &s, ",", 0);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse signal: %s", optarg);
-
-                                if (r == 0)
-                                        break;
-
-                                if (streq(s, "help")) {
-                                        help_states();
-                                        return 0;
-                                }
-
-                                if (strv_push(&arg_states, s) < 0)
-                                        return log_oom();
-
-                                s = NULL;
-                        }
-                        break;
-                }
-
-                case 'r':
-                        if (geteuid() != 0) {
-                                log_error("--recursive requires root privileges.");
-                                return -EPERM;
-                        }
-
-                        arg_recursive = true;
-                        break;
-
-                case ARG_PRESET_MODE:
-
-                        arg_preset_mode = unit_file_preset_mode_from_string(optarg);
-                        if (arg_preset_mode < 0) {
-                                log_error("Failed to parse preset mode: %s.", optarg);
-                                return -EINVAL;
-                        }
-
-                        break;
-
-                case ARG_NOW:
-                        arg_now = true;
-                        break;
-
-                case ARG_MESSAGE:
-                        if (strv_extend(&arg_wall, optarg) < 0)
-                                return log_oom();
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL && arg_scope != UNIT_FILE_SYSTEM) {
-                log_error("Cannot access user instance remotely.");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-static int halt_parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_HELP = 0x100,
-                ARG_HALT,
-                ARG_REBOOT,
-                ARG_NO_WALL
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, ARG_HELP    },
-                { "halt",      no_argument,       NULL, ARG_HALT    },
-                { "poweroff",  no_argument,       NULL, 'p'         },
-                { "reboot",    no_argument,       NULL, ARG_REBOOT  },
-                { "force",     no_argument,       NULL, 'f'         },
-                { "wtmp-only", no_argument,       NULL, 'w'         },
-                { "no-wtmp",   no_argument,       NULL, 'd'         },
-                { "no-sync",   no_argument,       NULL, 'n'         },
-                { "no-wall",   no_argument,       NULL, ARG_NO_WALL },
-                {}
-        };
-
-        int c, r, runlevel;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        if (utmp_get_runlevel(&runlevel, NULL) >= 0)
-                if (runlevel == '0' || runlevel == '6')
-                        arg_force = 2;
-
-        while ((c = getopt_long(argc, argv, "pfwdnih", options, NULL)) >= 0)
-                switch (c) {
-
-                case ARG_HELP:
-                        halt_help();
-                        return 0;
-
-                case ARG_HALT:
-                        arg_action = ACTION_HALT;
-                        break;
-
-                case 'p':
-                        if (arg_action != ACTION_REBOOT)
-                                arg_action = ACTION_POWEROFF;
-                        break;
-
-                case ARG_REBOOT:
-                        arg_action = ACTION_REBOOT;
-                        break;
-
-                case 'f':
-                        arg_force = 2;
-                        break;
-
-                case 'w':
-                        arg_dry = true;
-                        break;
-
-                case 'd':
-                        arg_no_wtmp = true;
-                        break;
-
-                case 'n':
-                        arg_no_sync = true;
-                        break;
-
-                case ARG_NO_WALL:
-                        arg_no_wall = true;
-                        break;
-
-                case 'i':
-                case 'h':
-                        /* Compatibility nops */
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) {
-                r = update_reboot_parameter_and_warn(argc == optind + 1 ? argv[optind] : NULL);
-                if (r < 0)
-                        return r;
-        } else if (optind < argc) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-static int parse_shutdown_time_spec(const char *t, usec_t *_u) {
-        assert(t);
-        assert(_u);
-
-        if (streq(t, "now"))
-                *_u = 0;
-        else if (!strchr(t, ':')) {
-                uint64_t u;
-
-                if (safe_atou64(t, &u) < 0)
-                        return -EINVAL;
-
-                *_u = now(CLOCK_REALTIME) + USEC_PER_MINUTE * u;
-        } else {
-                char *e = NULL;
-                long hour, minute;
-                struct tm tm = {};
-                time_t s;
-                usec_t n;
-
-                errno = 0;
-                hour = strtol(t, &e, 10);
-                if (errno > 0 || *e != ':' || hour < 0 || hour > 23)
-                        return -EINVAL;
-
-                minute = strtol(e+1, &e, 10);
-                if (errno > 0 || *e != 0 || minute < 0 || minute > 59)
-                        return -EINVAL;
-
-                n = now(CLOCK_REALTIME);
-                s = (time_t) (n / USEC_PER_SEC);
-
-                assert_se(localtime_r(&s, &tm));
-
-                tm.tm_hour = (int) hour;
-                tm.tm_min = (int) minute;
-                tm.tm_sec = 0;
-
-                assert_se(s = mktime(&tm));
-
-                *_u = (usec_t) s * USEC_PER_SEC;
-
-                while (*_u <= n)
-                        *_u += USEC_PER_DAY;
-        }
-
-        return 0;
-}
-
-static int shutdown_parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_HELP = 0x100,
-                ARG_NO_WALL
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, ARG_HELP    },
-                { "halt",      no_argument,       NULL, 'H'         },
-                { "poweroff",  no_argument,       NULL, 'P'         },
-                { "reboot",    no_argument,       NULL, 'r'         },
-                { "kexec",     no_argument,       NULL, 'K'         }, /* not documented extension */
-                { "no-wall",   no_argument,       NULL, ARG_NO_WALL },
-                {}
-        };
-
-        char **wall = NULL;
-        int c, r;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "HPrhkKtafFc", options, NULL)) >= 0)
-                switch (c) {
-
-                case ARG_HELP:
-                        shutdown_help();
-                        return 0;
-
-                case 'H':
-                        arg_action = ACTION_HALT;
-                        break;
-
-                case 'P':
-                        arg_action = ACTION_POWEROFF;
-                        break;
-
-                case 'r':
-                        if (kexec_loaded())
-                                arg_action = ACTION_KEXEC;
-                        else
-                                arg_action = ACTION_REBOOT;
-                        break;
-
-                case 'K':
-                        arg_action = ACTION_KEXEC;
-                        break;
-
-                case 'h':
-                        if (arg_action != ACTION_HALT)
-                                arg_action = ACTION_POWEROFF;
-                        break;
-
-                case 'k':
-                        arg_dry = true;
-                        break;
-
-                case ARG_NO_WALL:
-                        arg_no_wall = true;
-                        break;
-
-                case 't':
-                case 'a':
-                case 'f':
-                case 'F':
-                        /* Compatibility nops */
-                        break;
-
-                case 'c':
-                        arg_action = ACTION_CANCEL_SHUTDOWN;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (argc > optind && arg_action != ACTION_CANCEL_SHUTDOWN) {
-                r = parse_shutdown_time_spec(argv[optind], &arg_when);
-                if (r < 0) {
-                        log_error("Failed to parse time specification: %s", argv[optind]);
-                        return r;
-                }
-        } else
-                arg_when = now(CLOCK_REALTIME) + USEC_PER_MINUTE;
-
-        if (argc > optind && arg_action == ACTION_CANCEL_SHUTDOWN)
-                /* No time argument for shutdown cancel */
-                wall = argv + optind;
-        else if (argc > optind + 1)
-                /* We skip the time argument */
-                wall = argv + optind + 1;
-
-        if (wall) {
-                arg_wall = strv_copy(wall);
-                if (!arg_wall)
-                        return log_oom();
-        }
-
-        optind = argc;
-
-        return 1;
-}
-
-static int telinit_parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_HELP = 0x100,
-                ARG_NO_WALL
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, ARG_HELP    },
-                { "no-wall",   no_argument,       NULL, ARG_NO_WALL },
-                {}
-        };
-
-        static const struct {
-                char from;
-                enum action to;
-        } table[] = {
-                { '0', ACTION_POWEROFF },
-                { '6', ACTION_REBOOT },
-                { '1', ACTION_RESCUE },
-                { '2', ACTION_RUNLEVEL2 },
-                { '3', ACTION_RUNLEVEL3 },
-                { '4', ACTION_RUNLEVEL4 },
-                { '5', ACTION_RUNLEVEL5 },
-                { 's', ACTION_RESCUE },
-                { 'S', ACTION_RESCUE },
-                { 'q', ACTION_RELOAD },
-                { 'Q', ACTION_RELOAD },
-                { 'u', ACTION_REEXEC },
-                { 'U', ACTION_REEXEC }
-        };
-
-        unsigned i;
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0)
-                switch (c) {
-
-                case ARG_HELP:
-                        telinit_help();
-                        return 0;
-
-                case ARG_NO_WALL:
-                        arg_no_wall = true;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (optind >= argc) {
-                log_error("%s: required argument missing.", program_invocation_short_name);
-                return -EINVAL;
-        }
-
-        if (optind + 1 < argc) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        if (strlen(argv[optind]) != 1) {
-                log_error("Expected single character argument.");
-                return -EINVAL;
-        }
-
-        for (i = 0; i < ELEMENTSOF(table); i++)
-                if (table[i].from == argv[optind][0])
-                        break;
-
-        if (i >= ELEMENTSOF(table)) {
-                log_error("Unknown command '%s'.", argv[optind]);
-                return -EINVAL;
-        }
-
-        arg_action = table[i].to;
-
-        optind++;
-
-        return 1;
-}
-
-static int runlevel_parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_HELP = 0x100,
-        };
-
-        static const struct option options[] = {
-                { "help",      no_argument,       NULL, ARG_HELP    },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0)
-                switch (c) {
-
-                case ARG_HELP:
-                        runlevel_help();
-                        return 0;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        if (optind < argc) {
-                log_error("Too many arguments.");
-                return -EINVAL;
-        }
-
-        return 1;
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        assert(argc >= 0);
-        assert(argv);
-
-        if (program_invocation_short_name) {
-
-                if (strstr(program_invocation_short_name, "halt")) {
-                        arg_action = ACTION_HALT;
-                        return halt_parse_argv(argc, argv);
-                } else if (strstr(program_invocation_short_name, "poweroff")) {
-                        arg_action = ACTION_POWEROFF;
-                        return halt_parse_argv(argc, argv);
-                } else if (strstr(program_invocation_short_name, "reboot")) {
-                        if (kexec_loaded())
-                                arg_action = ACTION_KEXEC;
-                        else
-                                arg_action = ACTION_REBOOT;
-                        return halt_parse_argv(argc, argv);
-                } else if (strstr(program_invocation_short_name, "shutdown")) {
-                        arg_action = ACTION_POWEROFF;
-                        return shutdown_parse_argv(argc, argv);
-                } else if (strstr(program_invocation_short_name, "init")) {
-
-                        if (sd_booted() > 0) {
-                                arg_action = _ACTION_INVALID;
-                                return telinit_parse_argv(argc, argv);
-                        } else {
-                                /* Hmm, so some other init system is
-                                 * running, we need to forward this
-                                 * request to it. For now we simply
-                                 * guess that it is Upstart. */
-
-                                execv(TELINIT, argv);
-
-                                log_error("Couldn't find an alternative telinit implementation to spawn.");
-                                return -EIO;
-                        }
-
-                } else if (strstr(program_invocation_short_name, "runlevel")) {
-                        arg_action = ACTION_RUNLEVEL;
-                        return runlevel_parse_argv(argc, argv);
-                }
-        }
-
-        arg_action = ACTION_SYSTEMCTL;
-        return systemctl_parse_argv(argc, argv);
-}
-
-#ifdef HAVE_SYSV_COMPAT
-_pure_ static int action_to_runlevel(void) {
-
-        static const char table[_ACTION_MAX] = {
-                [ACTION_HALT] =      '0',
-                [ACTION_POWEROFF] =  '0',
-                [ACTION_REBOOT] =    '6',
-                [ACTION_RUNLEVEL2] = '2',
-                [ACTION_RUNLEVEL3] = '3',
-                [ACTION_RUNLEVEL4] = '4',
-                [ACTION_RUNLEVEL5] = '5',
-                [ACTION_RESCUE] =    '1'
-        };
-
-        assert(arg_action < _ACTION_MAX);
-
-        return table[arg_action];
-}
-#endif
-
-static int talk_initctl(void) {
-#ifdef HAVE_SYSV_COMPAT
-        struct init_request request = {
-                .magic = INIT_MAGIC,
-                .sleeptime  = 0,
-                .cmd = INIT_CMD_RUNLVL
-        };
-
-        _cleanup_close_ int fd = -1;
-        char rl;
-        int r;
-
-        rl = action_to_runlevel();
-        if (!rl)
-                return 0;
-
-        request.runlevel = rl;
-
-        fd = open(INIT_FIFO, O_WRONLY|O_NDELAY|O_CLOEXEC|O_NOCTTY);
-        if (fd < 0) {
-                if (errno == ENOENT)
-                        return 0;
-
-                return log_error_errno(errno, "Failed to open "INIT_FIFO": %m");
-        }
-
-        r = loop_write(fd, &request, sizeof(request), false);
-        if (r < 0)
-                return log_error_errno(r, "Failed to write to "INIT_FIFO": %m");
-
-        return 1;
-#else
-        return 0;
-#endif
-}
-
-static int systemctl_main(int argc, char *argv[]) {
-
-        static const Verb verbs[] = {
-                { "list-units",            VERB_ANY, VERB_ANY, VERB_DEFAULT|VERB_NOCHROOT, list_units },
-                { "list-unit-files",       VERB_ANY, VERB_ANY, 0,             list_unit_files   },
-                { "list-sockets",          VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_sockets      },
-                { "list-timers",           VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_timers       },
-                { "list-jobs",             VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_jobs         },
-                { "list-machines",         VERB_ANY, VERB_ANY, VERB_NOCHROOT, list_machines     },
-                { "clear-jobs",            VERB_ANY, 1,        VERB_NOCHROOT, daemon_reload     },
-                { "cancel",                VERB_ANY, VERB_ANY, VERB_NOCHROOT, cancel_job        },
-                { "start",                 2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
-                { "stop",                  2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
-                { "condstop",              2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with ALTLinux */
-                { "reload",                2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
-                { "restart",               2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
-                { "try-restart",           2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
-                { "reload-or-restart",     2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
-                { "reload-or-try-restart", 2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatbility with old systemctl <= 228 */
-                { "try-reload-or-restart", 2,        VERB_ANY, VERB_NOCHROOT, start_unit        },
-                { "force-reload",          2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with SysV */
-                { "condreload",            2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with ALTLinux */
-                { "condrestart",           2,        VERB_ANY, VERB_NOCHROOT, start_unit        }, /* For compatibility with RH */
-                { "isolate",               2,        2,        VERB_NOCHROOT, start_unit        },
-                { "kill",                  2,        VERB_ANY, VERB_NOCHROOT, kill_unit         },
-                { "is-active",             2,        VERB_ANY, VERB_NOCHROOT, check_unit_active },
-                { "check",                 2,        VERB_ANY, VERB_NOCHROOT, check_unit_active },
-                { "is-failed",             2,        VERB_ANY, VERB_NOCHROOT, check_unit_failed },
-                { "show",                  VERB_ANY, VERB_ANY, VERB_NOCHROOT, show              },
-                { "cat",                   2,        VERB_ANY, VERB_NOCHROOT, cat               },
-                { "status",                VERB_ANY, VERB_ANY, VERB_NOCHROOT, show              },
-                { "help",                  VERB_ANY, VERB_ANY, VERB_NOCHROOT, show              },
-                { "daemon-reload",         VERB_ANY, 1,        VERB_NOCHROOT, daemon_reload     },
-                { "daemon-reexec",         VERB_ANY, 1,        VERB_NOCHROOT, daemon_reload     },
-                { "show-environment",      VERB_ANY, 1,        VERB_NOCHROOT, show_environment  },
-                { "set-environment",       2,        VERB_ANY, VERB_NOCHROOT, set_environment   },
-                { "unset-environment",     2,        VERB_ANY, VERB_NOCHROOT, set_environment   },
-                { "import-environment",    VERB_ANY, VERB_ANY, VERB_NOCHROOT, import_environment},
-                { "halt",                  VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "poweroff",              VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "reboot",                VERB_ANY, 2,        VERB_NOCHROOT, start_special     },
-                { "kexec",                 VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "suspend",               VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "hibernate",             VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "hybrid-sleep",          VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "default",               VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "rescue",                VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "emergency",             VERB_ANY, 1,        VERB_NOCHROOT, start_special     },
-                { "exit",                  VERB_ANY, 2,        VERB_NOCHROOT, start_special     },
-                { "reset-failed",          VERB_ANY, VERB_ANY, VERB_NOCHROOT, reset_failed      },
-                { "enable",                2,        VERB_ANY, 0,             enable_unit       },
-                { "disable",               2,        VERB_ANY, 0,             enable_unit       },
-                { "is-enabled",            2,        VERB_ANY, 0,             unit_is_enabled   },
-                { "reenable",              2,        VERB_ANY, 0,             enable_unit       },
-                { "preset",                2,        VERB_ANY, 0,             enable_unit       },
-                { "preset-all",            VERB_ANY, 1,        0,             preset_all        },
-                { "mask",                  2,        VERB_ANY, 0,             enable_unit       },
-                { "unmask",                2,        VERB_ANY, 0,             enable_unit       },
-                { "link",                  2,        VERB_ANY, 0,             enable_unit       },
-                { "revert",                2,        VERB_ANY, 0,             enable_unit       },
-                { "switch-root",           2,        VERB_ANY, VERB_NOCHROOT, switch_root       },
-                { "list-dependencies",     VERB_ANY, 2,        VERB_NOCHROOT, list_dependencies },
-                { "set-default",           2,        2,        0,             set_default       },
-                { "get-default",           VERB_ANY, 1,        0,             get_default,      },
-                { "set-property",          3,        VERB_ANY, VERB_NOCHROOT, set_property      },
-                { "is-system-running",     VERB_ANY, 1,        0,             is_system_running },
-                { "add-wants",             3,        VERB_ANY, 0,             add_dependency    },
-                { "add-requires",          3,        VERB_ANY, 0,             add_dependency    },
-                { "edit",                  2,        VERB_ANY, VERB_NOCHROOT, edit              },
-                {}
-        };
-
-        return dispatch_verb(argc, argv, verbs, NULL);
-}
-
-static int reload_with_fallback(void) {
-
-        /* First, try systemd via D-Bus. */
-        if (daemon_reload(0, NULL, NULL) >= 0)
-                return 0;
-
-        /* Nothing else worked, so let's try signals */
-        assert(arg_action == ACTION_RELOAD || arg_action == ACTION_REEXEC);
-
-        if (kill(1, arg_action == ACTION_RELOAD ? SIGHUP : SIGTERM) < 0)
-                return log_error_errno(errno, "kill() failed: %m");
-
-        return 0;
-}
-
-static int start_with_fallback(void) {
-
-        /* First, try systemd via D-Bus. */
-        if (start_unit(0, NULL, NULL) >= 0)
-                return 0;
-
-        /* Nothing else worked, so let's try
-         * /dev/initctl */
-        if (talk_initctl() > 0)
-                return 0;
-
-        log_error("Failed to talk to init daemon.");
-        return -EIO;
-}
-
-static int halt_now(enum action a) {
-        int r;
-
-        /* The kernel will automaticall flush ATA disks and suchlike
-         * on reboot(), but the file systems need to be synce'd
-         * explicitly in advance. */
-        if (!arg_no_sync)
-                (void) sync();
-
-        /* Make sure C-A-D is handled by the kernel from this point
-         * on... */
-        (void) reboot(RB_ENABLE_CAD);
-
-        switch (a) {
-
-        case ACTION_HALT:
-                log_info("Halting.");
-                (void) reboot(RB_HALT_SYSTEM);
-                return -errno;
-
-        case ACTION_POWEROFF:
-                log_info("Powering off.");
-                (void) reboot(RB_POWER_OFF);
-                return -errno;
-
-        case ACTION_KEXEC:
-        case ACTION_REBOOT: {
-                _cleanup_free_ char *param = NULL;
-
-                r = read_one_line_file("/run/systemd/reboot-param", &param);
-                if (r < 0)
-                        log_warning_errno(r, "Failed to read reboot parameter file: %m");
-
-                if (!isempty(param)) {
-                        log_info("Rebooting with argument '%s'.", param);
-                        (void) syscall(SYS_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_RESTART2, param);
-                        log_warning_errno(errno, "Failed to reboot with parameter, retrying without: %m");
-                }
-
-                log_info("Rebooting.");
-                (void) reboot(RB_AUTOBOOT);
-                return -errno;
-        }
-
-        default:
-                assert_not_reached("Unknown action.");
-        }
-}
-
-static int logind_schedule_shutdown(void) {
-
-#ifdef HAVE_LOGIND
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char date[FORMAT_TIMESTAMP_MAX];
-        const char *action;
-        sd_bus *bus;
-        int r;
-
-        (void) logind_set_wall_message();
-
-        r = acquire_bus(BUS_FULL, &bus);
-        if (r < 0)
-                return r;
-
-        switch (arg_action) {
-        case ACTION_HALT:
-                action = "halt";
-                break;
-        case ACTION_POWEROFF:
-                action = "poweroff";
-                break;
-        case ACTION_KEXEC:
-                action = "kexec";
-                break;
-        case ACTION_EXIT:
-                action = "exit";
-                break;
-        case ACTION_REBOOT:
-        default:
-                action = "reboot";
-                break;
-        }
-
-        if (arg_dry)
-                action = strjoina("dry-", action);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "ScheduleShutdown",
-                        &error,
-                        NULL,
-                        "st",
-                        action,
-                        arg_when);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r));
-
-        log_info("Shutdown scheduled for %s, use 'shutdown -c' to cancel.", format_timestamp(date, sizeof(date), arg_when));
-        return 0;
-#else
-        log_error("Cannot schedule shutdown without logind support, proceeding with immediate shutdown.");
-        return -ENOSYS;
-#endif
-}
-
-static int halt_main(void) {
-        int r;
-
-        r = logind_check_inhibitors(arg_action);
-        if (r < 0)
-                return r;
-
-        if (arg_when > 0)
-                return logind_schedule_shutdown();
-
-        if (geteuid() != 0) {
-                if (arg_dry || arg_force > 0) {
-                        log_error("Must be root.");
-                        return -EPERM;
-                }
-
-                /* Try logind if we are a normal user and no special
-                 * mode applies. Maybe PolicyKit allows us to shutdown
-                 * the machine. */
-                if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT)) {
-                        r = logind_reboot(arg_action);
-                        if (r >= 0)
-                                return r;
-                        if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
-                                /* requested operation is not
-                                 * supported on the local system or
-                                 * already in progress */
-                                return r;
-                        /* on all other errors, try low-level operation */
-                }
-        }
-
-        if (!arg_dry && !arg_force)
-                return start_with_fallback();
-
-        assert(geteuid() == 0);
-
-        if (!arg_no_wtmp) {
-                if (sd_booted() > 0)
-                        log_debug("Not writing utmp record, assuming that systemd-update-utmp is used.");
-                else {
-                        r = utmp_put_shutdown();
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to write utmp record: %m");
-                }
-        }
-
-        if (arg_dry)
-                return 0;
-
-        r = halt_now(arg_action);
-        return log_error_errno(r, "Failed to reboot: %m");
-}
-
-static int runlevel_main(void) {
-        int r, runlevel, previous;
-
-        r = utmp_get_runlevel(&runlevel, &previous);
-        if (r < 0) {
-                puts("unknown");
-                return r;
-        }
-
-        printf("%c %c\n",
-               previous <= 0 ? 'N' : previous,
-               runlevel <= 0 ? 'N' : runlevel);
-
-        return 0;
-}
-
-static int logind_cancel_shutdown(void) {
-#ifdef HAVE_LOGIND
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        sd_bus *bus;
-        int r;
-
-        r = acquire_bus(BUS_FULL, &bus);
-        if (r < 0)
-                return r;
-
-        (void) logind_set_wall_message();
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.login1",
-                        "/org/freedesktop/login1",
-                        "org.freedesktop.login1.Manager",
-                        "CancelScheduledShutdown",
-                        &error,
-                        NULL, NULL);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to talk to logind, shutdown hasn't been cancelled: %s", bus_error_message(&error, r));
-
-        return 0;
-#else
-        log_error("Not compiled with logind support, cannot cancel scheduled shutdowns.");
-        return -ENOSYS;
-#endif
-}
-
-int main(int argc, char*argv[]) {
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        /* Explicitly not on_tty() to avoid setting cached value.
-         * This becomes relevant for piping output which might be
-         * ellipsized. */
-        original_stdout_is_tty = isatty(STDOUT_FILENO);
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        if (arg_action != ACTION_SYSTEMCTL && running_in_chroot() > 0) {
-                log_info("Running in chroot, ignoring request.");
-                r = 0;
-                goto finish;
-        }
-
-        /* systemctl_main() will print an error message for the bus
-         * connection, but only if it needs to */
-
-        switch (arg_action) {
-
-        case ACTION_SYSTEMCTL:
-                r = systemctl_main(argc, argv);
-                break;
-
-        case ACTION_HALT:
-        case ACTION_POWEROFF:
-        case ACTION_REBOOT:
-        case ACTION_KEXEC:
-                r = halt_main();
-                break;
-
-        case ACTION_RUNLEVEL2:
-        case ACTION_RUNLEVEL3:
-        case ACTION_RUNLEVEL4:
-        case ACTION_RUNLEVEL5:
-        case ACTION_RESCUE:
-        case ACTION_EMERGENCY:
-        case ACTION_DEFAULT:
-                r = start_with_fallback();
-                break;
-
-        case ACTION_RELOAD:
-        case ACTION_REEXEC:
-                r = reload_with_fallback();
-                break;
-
-        case ACTION_CANCEL_SHUTDOWN:
-                r = logind_cancel_shutdown();
-                break;
-
-        case ACTION_RUNLEVEL:
-                r = runlevel_main();
-                break;
-
-        case _ACTION_INVALID:
-        default:
-                assert_not_reached("Unknown action");
-        }
-
-finish:
-        pager_close();
-        ask_password_agent_close();
-        polkit_agent_close();
-
-        strv_free(arg_types);
-        strv_free(arg_states);
-        strv_free(arg_properties);
-
-        strv_free(arg_wall);
-        free(arg_root);
-
-        release_busses();
-
-        /* Note that we return r here, not EXIT_SUCCESS, so that we can implement the LSB-like return codes */
-
-        return r < 0 ? EXIT_FAILURE : r;
-}
diff --git a/src/systemd-ac-power/Makefile b/src/systemd-ac-power/Makefile
new file mode 100644
index 0000000000..aa8912d711
--- /dev/null
+++ b/src/systemd-ac-power/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-ac-power
+systemd_ac_power_SOURCES = \
+	src/ac-power/ac-power.c
+
+systemd_ac_power_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/ac-power/ac-power.c b/src/systemd-ac-power/ac-power.c
index c5277884a8..c5277884a8 100644
--- a/src/ac-power/ac-power.c
+++ b/src/systemd-ac-power/ac-power.c
diff --git a/src/systemd-activate/Makefile b/src/systemd-activate/Makefile
new file mode 100644
index 0000000000..5e2299f00e
--- /dev/null
+++ b/src/systemd-activate/Makefile
@@ -0,0 +1,36 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+
+bin_PROGRAMS += \
+	systemd-socket-activate
+
+systemd_socket_activate_SOURCES = \
+	src/activate/activate.c
+
+systemd_socket_activate_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-activate/activate.c b/src/systemd-activate/activate.c
new file mode 100644
index 0000000000..89cc1ee813
--- /dev/null
+++ b/src/systemd-activate/activate.c
@@ -0,0 +1,545 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+#include <sys/epoll.h>
+#include <sys/prctl.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "escape.h"
+#include "fd-util.h"
+#include "log.h"
+#include "macro.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "string-util.h"
+#include "strv.h"
+
+static char** arg_listen = NULL;
+static bool arg_accept = false;
+static int arg_socket_type = SOCK_STREAM;
+static char** arg_args = NULL;
+static char** arg_setenv = NULL;
+static char **arg_fdnames = NULL;
+static bool arg_inetd = false;
+
+static int add_epoll(int epoll_fd, int fd) {
+        struct epoll_event ev = {
+                .events = EPOLLIN
+        };
+        int r;
+
+        assert(epoll_fd >= 0);
+        assert(fd >= 0);
+
+        ev.data.fd = fd;
+        r = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &ev);
+        if (r < 0)
+                return log_error_errno(errno, "Failed to add event on epoll fd:%d for fd:%d: %m", epoll_fd, fd);
+
+        return 0;
+}
+
+static int open_sockets(int *epoll_fd, bool accept) {
+        char **address;
+        int n, fd, r;
+        int count = 0;
+
+        n = sd_listen_fds(true);
+        if (n < 0)
+                return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
+        if (n > 0) {
+                log_info("Received %i descriptors via the environment.", n);
+
+                for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
+                        r = fd_cloexec(fd, arg_accept);
+                        if (r < 0)
+                                return r;
+
+                        count++;
+                }
+        }
+
+        /* Close logging and all other descriptors */
+        if (arg_listen) {
+                int except[3 + n];
+
+                for (fd = 0; fd < SD_LISTEN_FDS_START + n; fd++)
+                        except[fd] = fd;
+
+                log_close();
+                close_all_fds(except, 3 + n);
+        }
+
+        /** Note: we leak some fd's on error here. I doesn't matter
+         *  much, since the program will exit immediately anyway, but
+         *  would be a pain to fix.
+         */
+
+        STRV_FOREACH(address, arg_listen) {
+                fd = make_socket_fd(LOG_DEBUG, *address, arg_socket_type, (arg_accept*SOCK_CLOEXEC));
+                if (fd < 0) {
+                        log_open();
+                        return log_error_errno(fd, "Failed to open '%s': %m", *address);
+                }
+
+                assert(fd == SD_LISTEN_FDS_START + count);
+                count++;
+        }
+
+        if (arg_listen)
+                log_open();
+
+        *epoll_fd = epoll_create1(EPOLL_CLOEXEC);
+        if (*epoll_fd < 0)
+                return log_error_errno(errno, "Failed to create epoll object: %m");
+
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + count; fd++) {
+                _cleanup_free_ char *name = NULL;
+
+                getsockname_pretty(fd, &name);
+                log_info("Listening on %s as %i.", strna(name), fd);
+
+                r = add_epoll(*epoll_fd, fd);
+                if (r < 0)
+                        return r;
+        }
+
+        return count;
+}
+
+static int exec_process(const char* name, char **argv, char **env, int start_fd, int n_fds) {
+
+        _cleanup_strv_free_ char **envp = NULL;
+        _cleanup_free_ char *joined = NULL;
+        unsigned n_env = 0, length;
+        const char *tocopy;
+        char **s;
+        int r;
+
+        if (arg_inetd && n_fds != 1) {
+                log_error("--inetd only supported for single file descriptors.");
+                return -EINVAL;
+        }
+
+        length = strv_length(arg_setenv);
+
+        /* PATH, TERM, HOME, USER, LISTEN_FDS, LISTEN_PID, LISTEN_FDNAMES, NULL */
+        envp = new0(char *, length + 8);
+        if (!envp)
+                return log_oom();
+
+        STRV_FOREACH(s, arg_setenv) {
+
+                if (strchr(*s, '=')) {
+                        char *k;
+
+                        k = strdup(*s);
+                        if (!k)
+                                return log_oom();
+
+                        envp[n_env++] = k;
+                } else {
+                        _cleanup_free_ char *p;
+                        const char *n;
+
+                        p = strappend(*s, "=");
+                        if (!p)
+                                return log_oom();
+
+                        n = strv_find_prefix(env, p);
+                        if (!n)
+                                continue;
+
+                        envp[n_env] = strdup(n);
+                        if (!envp[n_env])
+                                return log_oom();
+
+                        n_env++;
+                }
+        }
+
+        FOREACH_STRING(tocopy, "TERM=", "PATH=", "USER=", "HOME=") {
+                const char *n;
+
+                n = strv_find_prefix(env, tocopy);
+                if (!n)
+                        continue;
+
+                envp[n_env] = strdup(n);
+                if (!envp[n_env])
+                        return log_oom();
+
+                n_env++;
+        }
+
+        if (arg_inetd) {
+                assert(n_fds == 1);
+
+                r = dup2(start_fd, STDIN_FILENO);
+                if (r < 0)
+                        return log_error_errno(errno, "Failed to dup connection to stdin: %m");
+
+                r = dup2(start_fd, STDOUT_FILENO);
+                if (r < 0)
+                        return log_error_errno(errno, "Failed to dup connection to stdout: %m");
+
+                start_fd = safe_close(start_fd);
+        } else {
+                if (start_fd != SD_LISTEN_FDS_START) {
+                        assert(n_fds == 1);
+
+                        r = dup2(start_fd, SD_LISTEN_FDS_START);
+                        if (r < 0)
+                                return log_error_errno(errno, "Failed to dup connection: %m");
+
+                        safe_close(start_fd);
+                        start_fd = SD_LISTEN_FDS_START;
+                }
+
+                if (asprintf((char**)(envp + n_env++), "LISTEN_FDS=%i", n_fds) < 0)
+                        return log_oom();
+
+                if (asprintf((char**)(envp + n_env++), "LISTEN_PID=" PID_FMT, getpid()) < 0)
+                        return log_oom();
+
+                if (arg_fdnames) {
+                        _cleanup_free_ char *names = NULL;
+                        size_t len;
+                        char *e;
+                        int i;
+
+                        len = strv_length(arg_fdnames);
+                        if (len == 1)
+                                for (i = 1; i < n_fds; i++) {
+                                        r = strv_extend(&arg_fdnames, arg_fdnames[0]);
+                                        if (r < 0)
+                                                return log_error_errno(r, "Failed to extend strv: %m");
+                                }
+                        else if (len != (unsigned) n_fds)
+                                log_warning("The number of fd names is different than number of fds: %zu vs %d",
+                                            len, n_fds);
+
+                        names = strv_join(arg_fdnames, ":");
+                        if (!names)
+                                return log_oom();
+
+                        e = strappend("LISTEN_FDNAMES=", names);
+                        if (!e)
+                                return log_oom();
+
+                        envp[n_env++] = e;
+                }
+        }
+
+        joined = strv_join(argv, " ");
+        if (!joined)
+                return log_oom();
+
+        log_info("Execing %s (%s)", name, joined);
+        execvpe(name, argv, envp);
+
+        return log_error_errno(errno, "Failed to execp %s (%s): %m", name, joined);
+}
+
+static int fork_and_exec_process(const char* child, char** argv, char **env, int fd) {
+        _cleanup_free_ char *joined = NULL;
+        pid_t parent_pid, child_pid;
+
+        joined = strv_join(argv, " ");
+        if (!joined)
+                return log_oom();
+
+        parent_pid = getpid();
+
+        child_pid = fork();
+        if (child_pid < 0)
+                return log_error_errno(errno, "Failed to fork: %m");
+
+        /* In the child */
+        if (child_pid == 0) {
+
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+
+                /* Make sure the child goes away when the parent dies */
+                if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
+                        _exit(EXIT_FAILURE);
+
+                /* Check whether our parent died before we were able
+                 * to set the death signal */
+                if (getppid() != parent_pid)
+                        _exit(EXIT_SUCCESS);
+
+                exec_process(child, argv, env, fd, 1);
+                _exit(EXIT_FAILURE);
+        }
+
+        log_info("Spawned %s (%s) as PID %d", child, joined, child_pid);
+        return 0;
+}
+
+static int do_accept(const char* name, char **argv, char **envp, int fd) {
+        _cleanup_free_ char *local = NULL, *peer = NULL;
+        _cleanup_close_ int fd_accepted = -1;
+
+        fd_accepted = accept4(fd, NULL, NULL, 0);
+        if (fd_accepted < 0)
+                return log_error_errno(errno, "Failed to accept connection on fd:%d: %m", fd);
+
+        getsockname_pretty(fd_accepted, &local);
+        getpeername_pretty(fd_accepted, true, &peer);
+        log_info("Connection from %s to %s", strna(peer), strna(local));
+
+        return fork_and_exec_process(name, argv, envp, fd_accepted);
+}
+
+/* SIGCHLD handler. */
+static void sigchld_hdl(int sig) {
+        PROTECT_ERRNO;
+
+        for (;;) {
+                siginfo_t si;
+                int r;
+
+                si.si_pid = 0;
+                r = waitid(P_ALL, 0, &si, WEXITED|WNOHANG);
+                if (r < 0) {
+                        if (errno != ECHILD)
+                                log_error_errno(errno, "Failed to reap children: %m");
+                        return;
+                }
+                if (si.si_pid == 0)
+                        return;
+
+                log_info("Child %d died with code %d", si.si_pid, si.si_status);
+        }
+}
+
+static int install_chld_handler(void) {
+        static const struct sigaction act = {
+                .sa_flags = SA_NOCLDSTOP,
+                .sa_handler = sigchld_hdl,
+        };
+
+        int r;
+
+        r = sigaction(SIGCHLD, &act, 0);
+        if (r < 0)
+                return log_error_errno(errno, "Failed to install SIGCHLD handler: %m");
+
+        return 0;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...]\n\n"
+               "Listen on sockets and launch child on connection.\n\n"
+               "Options:\n"
+               "  -h --help                  Show this help and exit\n"
+               "     --version               Print version string and exit\n"
+               "  -l --listen=ADDR           Listen for raw connections at ADDR\n"
+               "  -d --datagram              Listen on datagram instead of stream socket\n"
+               "     --seqpacket             Listen on SOCK_SEQPACKET instead of stream socket\n"
+               "  -a --accept                Spawn separate child for each connection\n"
+               "  -E --setenv=NAME[=VALUE]   Pass an environment variable to children\n"
+               "     --fdname=NAME[:NAME...] Specify names for file descriptors\n"
+               "     --inetd                 Enable inetd file descriptor passing protocol\n"
+               "\n"
+               "Note: file descriptors from sd_listen_fds() will be passed through.\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_FDNAME,
+                ARG_SEQPACKET,
+                ARG_INETD,
+        };
+
+        static const struct option options[] = {
+                { "help",        no_argument,       NULL, 'h'           },
+                { "version",     no_argument,       NULL, ARG_VERSION   },
+                { "datagram",    no_argument,       NULL, 'd'           },
+                { "seqpacket",   no_argument,       NULL, ARG_SEQPACKET },
+                { "listen",      required_argument, NULL, 'l'           },
+                { "accept",      no_argument,       NULL, 'a'           },
+                { "setenv",      required_argument, NULL, 'E'           },
+                { "environment", required_argument, NULL, 'E'           }, /* legacy alias */
+                { "fdname",      required_argument, NULL, ARG_FDNAME    },
+                { "inetd",       no_argument,       NULL, ARG_INETD     },
+                {}
+        };
+
+        int c, r;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "+hl:aE:d", options, NULL)) >= 0)
+                switch(c) {
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'l':
+                        r = strv_extend(&arg_listen, optarg);
+                        if (r < 0)
+                                return log_oom();
+
+                        break;
+
+                case 'd':
+                        if (arg_socket_type == SOCK_SEQPACKET) {
+                                log_error("--datagram may not be combined with --seqpacket.");
+                                return -EINVAL;
+                        }
+
+                        arg_socket_type = SOCK_DGRAM;
+                        break;
+
+                case ARG_SEQPACKET:
+                        if (arg_socket_type == SOCK_DGRAM) {
+                                log_error("--seqpacket may not be combined with --datagram.");
+                                return -EINVAL;
+                        }
+
+                        arg_socket_type = SOCK_SEQPACKET;
+                        break;
+
+                case 'a':
+                        arg_accept = true;
+                        break;
+
+                case 'E':
+                        r = strv_extend(&arg_setenv, optarg);
+                        if (r < 0)
+                                return log_oom();
+
+                        break;
+
+                case ARG_FDNAME: {
+                        _cleanup_strv_free_ char **names;
+                        char **s;
+
+                        names = strv_split(optarg, ":");
+                        if (!names)
+                                return log_oom();
+
+                        STRV_FOREACH(s, names)
+                                if (!fdname_is_valid(*s)) {
+                                        _cleanup_free_ char *esc;
+
+                                        esc = cescape(*s);
+                                        log_warning("File descriptor name \"%s\" is not valid.", esc);
+                                }
+
+                        /* Empty optargs means one empty name */
+                        r = strv_extend_strv(&arg_fdnames,
+                                             strv_isempty(names) ? STRV_MAKE("") : names,
+                                             false);
+                        if (r < 0)
+                                return log_error_errno(r, "strv_extend_strv: %m");
+                        break;
+                }
+
+                case ARG_INETD:
+                        arg_inetd = true;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (optind == argc) {
+                log_error("%s: command to execute is missing.",
+                          program_invocation_short_name);
+                return -EINVAL;
+        }
+
+        if (arg_socket_type == SOCK_DGRAM && arg_accept) {
+                log_error("Datagram sockets do not accept connections. "
+                          "The --datagram and --accept options may not be combined.");
+                return -EINVAL;
+        }
+
+        arg_args = argv + optind;
+
+        return 1 /* work to do */;
+}
+
+int main(int argc, char **argv, char **envp) {
+        int r, n;
+        int epoll_fd = -1;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+
+        r = install_chld_handler();
+        if (r < 0)
+                return EXIT_FAILURE;
+
+        n = open_sockets(&epoll_fd, arg_accept);
+        if (n < 0)
+                return EXIT_FAILURE;
+        if (n == 0) {
+                log_error("No sockets to listen on specified or passed in.");
+                return EXIT_FAILURE;
+        }
+
+        for (;;) {
+                struct epoll_event event;
+
+                r = epoll_wait(epoll_fd, &event, 1, -1);
+                if (r < 0) {
+                        if (errno == EINTR)
+                                continue;
+
+                        log_error_errno(errno, "epoll_wait() failed: %m");
+                        return EXIT_FAILURE;
+                }
+
+                log_info("Communication attempt on fd %i.", event.data.fd);
+                if (arg_accept) {
+                        r = do_accept(argv[optind], argv + optind, envp, event.data.fd);
+                        if (r < 0)
+                                return EXIT_FAILURE;
+                } else
+                        break;
+        }
+
+        exec_process(argv[optind], argv + optind, envp, SD_LISTEN_FDS_START, n);
+
+        return EXIT_SUCCESS;
+}
diff --git a/src/analyze/.gitignore b/src/systemd-analyze/.gitignore
index 752ea236c8..752ea236c8 100644
--- a/src/analyze/.gitignore
+++ b/src/systemd-analyze/.gitignore
diff --git a/src/systemd-analyze/Makefile b/src/systemd-analyze/Makefile
new file mode 100644
index 0000000000..2e4e7c0bb1
--- /dev/null
+++ b/src/systemd-analyze/Makefile
@@ -0,0 +1,40 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-analyze
+systemd_analyze_SOURCES = \
+	src/analyze/analyze.c \
+	src/analyze/analyze-verify.c \
+	src/analyze/analyze-verify.h
+
+systemd_analyze_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(SECCOMP_CFLAGS) \
+	$(MOUNT_CFLAGS)
+
+systemd_analyze_LDADD = \
+	libcore.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/analyze/analyze-verify.c b/src/systemd-analyze/analyze-verify.c
index 5fd3ee49eb..5fd3ee49eb 100644
--- a/src/analyze/analyze-verify.c
+++ b/src/systemd-analyze/analyze-verify.c
diff --git a/src/analyze/analyze-verify.h b/src/systemd-analyze/analyze-verify.h
index d8204dc69c..d8204dc69c 100644
--- a/src/analyze/analyze-verify.h
+++ b/src/systemd-analyze/analyze-verify.h
diff --git a/src/systemd-analyze/analyze.c b/src/systemd-analyze/analyze.c
new file mode 100644
index 0000000000..0e1eee16ec
--- /dev/null
+++ b/src/systemd-analyze/analyze.c
@@ -0,0 +1,1485 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010-2013 Lennart Poettering
+  Copyright 2013 Simon Peeters
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+#include <locale.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "analyze-verify.h"
+#include "bus-error.h"
+#include "bus-unit-util.h"
+#include "bus-util.h"
+#include "glob-util.h"
+#include "hashmap.h"
+#include "locale-util.h"
+#include "log.h"
+#include "pager.h"
+#include "parse-util.h"
+#include "special.h"
+#include "strv.h"
+#include "strxcpyx.h"
+#include "terminal-util.h"
+#include "unit-name.h"
+#include "util.h"
+
+#define SCALE_X (0.1 / 1000.0)   /* pixels per us */
+#define SCALE_Y (20.0)
+
+#define compare(a, b) (((a) > (b))? 1 : (((b) > (a))? -1 : 0))
+
+#define svg(...) printf(__VA_ARGS__)
+
+#define svg_bar(class, x1, x2, y)                                       \
+        svg("  <rect class=\"%s\" x=\"%.03f\" y=\"%.03f\" width=\"%.03f\" height=\"%.03f\" />\n", \
+            (class),                                                    \
+            SCALE_X * (x1), SCALE_Y * (y),                              \
+            SCALE_X * ((x2) - (x1)), SCALE_Y - 1.0)
+
+#define svg_text(b, x, y, format, ...)                                  \
+        do {                                                            \
+                svg("  <text class=\"%s\" x=\"%.03f\" y=\"%.03f\">", (b) ? "left" : "right", SCALE_X * (x) + (b ? 5.0 : -5.0), SCALE_Y * (y) + 14.0); \
+                svg(format, ## __VA_ARGS__);                            \
+                svg("</text>\n");                                       \
+        } while (false)
+
+static enum dot {
+        DEP_ALL,
+        DEP_ORDER,
+        DEP_REQUIRE
+} arg_dot = DEP_ALL;
+static char** arg_dot_from_patterns = NULL;
+static char** arg_dot_to_patterns = NULL;
+static usec_t arg_fuzz = 0;
+static bool arg_no_pager = false;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static char *arg_host = NULL;
+static bool arg_user = false;
+static bool arg_man = true;
+
+struct boot_times {
+        usec_t firmware_time;
+        usec_t loader_time;
+        usec_t kernel_time;
+        usec_t kernel_done_time;
+        usec_t initrd_time;
+        usec_t userspace_time;
+        usec_t finish_time;
+        usec_t security_start_time;
+        usec_t security_finish_time;
+        usec_t generators_start_time;
+        usec_t generators_finish_time;
+        usec_t unitsload_start_time;
+        usec_t unitsload_finish_time;
+
+        /*
+         * If we're analyzing the user instance, all timestamps will be offset
+         * by its own start-up timestamp, which may be arbitrarily big.
+         * With "plot", this causes arbitrarily wide output SVG files which almost
+         * completely consist of empty space. Thus we cancel out this offset.
+         *
+         * This offset is subtracted from times above by acquire_boot_times(),
+         * but it still needs to be subtracted from unit-specific timestamps
+         * (so it is stored here for reference).
+         */
+        usec_t reverse_offset;
+};
+
+struct unit_times {
+        char *name;
+        usec_t activating;
+        usec_t activated;
+        usec_t deactivated;
+        usec_t deactivating;
+        usec_t time;
+};
+
+struct host_info {
+        char *hostname;
+        char *kernel_name;
+        char *kernel_release;
+        char *kernel_version;
+        char *os_pretty_name;
+        char *virtualization;
+        char *architecture;
+};
+
+static int bus_get_uint64_property(sd_bus *bus, const char *path, const char *interface, const char *property, uint64_t *val) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(interface);
+        assert(property);
+        assert(val);
+
+        r = sd_bus_get_property_trivial(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        interface,
+                        property,
+                        &error,
+                        't', val);
+
+        if (r < 0) {
+                log_error("Failed to parse reply: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int bus_get_unit_property_strv(sd_bus *bus, const char *path, const char *property, char ***strv) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(path);
+        assert(property);
+        assert(strv);
+
+        r = sd_bus_get_property_strv(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        property,
+                        &error,
+                        strv);
+        if (r < 0) {
+                log_error("Failed to get unit property %s: %s", property, bus_error_message(&error, -r));
+                return r;
+        }
+
+        return 0;
+}
+
+static int compare_unit_time(const void *a, const void *b) {
+        return compare(((struct unit_times *)b)->time,
+                       ((struct unit_times *)a)->time);
+}
+
+static int compare_unit_start(const void *a, const void *b) {
+        return compare(((struct unit_times *)a)->activating,
+                       ((struct unit_times *)b)->activating);
+}
+
+static void free_unit_times(struct unit_times *t, unsigned n) {
+        struct unit_times *p;
+
+        for (p = t; p < t + n; p++)
+                free(p->name);
+
+        free(t);
+}
+
+static void subtract_timestamp(usec_t *a, usec_t b) {
+        assert(a);
+
+        if (*a > 0) {
+                assert(*a >= b);
+                *a -= b;
+        }
+}
+
+static int acquire_boot_times(sd_bus *bus, struct boot_times **bt) {
+        static struct boot_times times;
+        static bool cached = false;
+
+        if (cached)
+                goto finish;
+
+        assert_cc(sizeof(usec_t) == sizeof(uint64_t));
+
+        if (bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "FirmwareTimestampMonotonic",
+                                    &times.firmware_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "LoaderTimestampMonotonic",
+                                    &times.loader_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "KernelTimestamp",
+                                    &times.kernel_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "InitRDTimestampMonotonic",
+                                    &times.initrd_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "UserspaceTimestampMonotonic",
+                                    &times.userspace_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "FinishTimestampMonotonic",
+                                    &times.finish_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "SecurityStartTimestampMonotonic",
+                                    &times.security_start_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "SecurityFinishTimestampMonotonic",
+                                    &times.security_finish_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "GeneratorsStartTimestampMonotonic",
+                                    &times.generators_start_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "GeneratorsFinishTimestampMonotonic",
+                                    &times.generators_finish_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "UnitsLoadStartTimestampMonotonic",
+                                    &times.unitsload_start_time) < 0 ||
+            bus_get_uint64_property(bus,
+                                    "/org/freedesktop/systemd1",
+                                    "org.freedesktop.systemd1.Manager",
+                                    "UnitsLoadFinishTimestampMonotonic",
+                                    &times.unitsload_finish_time) < 0)
+                return -EIO;
+
+        if (times.finish_time <= 0) {
+                log_error("Bootup is not yet finished. Please try again later.");
+                return -EINPROGRESS;
+        }
+
+        if (arg_user) {
+                /*
+                 * User-instance-specific timestamps processing
+                 * (see comment to reverse_offset in struct boot_times).
+                 */
+                times.reverse_offset = times.userspace_time;
+
+                times.firmware_time = times.loader_time = times.kernel_time = times.initrd_time = times.userspace_time = 0;
+                subtract_timestamp(&times.finish_time, times.reverse_offset);
+
+                subtract_timestamp(&times.security_start_time, times.reverse_offset);
+                subtract_timestamp(&times.security_finish_time, times.reverse_offset);
+
+                subtract_timestamp(&times.generators_start_time, times.reverse_offset);
+                subtract_timestamp(&times.generators_finish_time, times.reverse_offset);
+
+                subtract_timestamp(&times.unitsload_start_time, times.reverse_offset);
+                subtract_timestamp(&times.unitsload_finish_time, times.reverse_offset);
+        } else {
+                if (times.initrd_time)
+                        times.kernel_done_time = times.initrd_time;
+                else
+                        times.kernel_done_time = times.userspace_time;
+        }
+
+        cached = true;
+
+finish:
+        *bt = &times;
+        return 0;
+}
+
+static void free_host_info(struct host_info *hi) {
+
+        if (!hi)
+                return;
+
+        free(hi->hostname);
+        free(hi->kernel_name);
+        free(hi->kernel_release);
+        free(hi->kernel_version);
+        free(hi->os_pretty_name);
+        free(hi->virtualization);
+        free(hi->architecture);
+        free(hi);
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct host_info*, free_host_info);
+
+static int acquire_time_data(sd_bus *bus, struct unit_times **out) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r, c = 0;
+        struct boot_times *boot_times = NULL;
+        struct unit_times *unit_times = NULL;
+        size_t size = 0;
+        UnitInfo u;
+
+        r = acquire_boot_times(bus, &boot_times);
+        if (r < 0)
+                goto fail;
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "ListUnits",
+                        &error, &reply,
+                        NULL);
+        if (r < 0) {
+                log_error("Failed to list units: %s", bus_error_message(&error, -r));
+                goto fail;
+        }
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
+        if (r < 0) {
+                bus_log_parse_error(r);
+                goto fail;
+        }
+
+        while ((r = bus_parse_unit_info(reply, &u)) > 0) {
+                struct unit_times *t;
+
+                if (!GREEDY_REALLOC(unit_times, size, c+1)) {
+                        r = log_oom();
+                        goto fail;
+                }
+
+                t = unit_times+c;
+                t->name = NULL;
+
+                assert_cc(sizeof(usec_t) == sizeof(uint64_t));
+
+                if (bus_get_uint64_property(bus, u.unit_path,
+                                            "org.freedesktop.systemd1.Unit",
+                                            "InactiveExitTimestampMonotonic",
+                                            &t->activating) < 0 ||
+                    bus_get_uint64_property(bus, u.unit_path,
+                                            "org.freedesktop.systemd1.Unit",
+                                            "ActiveEnterTimestampMonotonic",
+                                            &t->activated) < 0 ||
+                    bus_get_uint64_property(bus, u.unit_path,
+                                            "org.freedesktop.systemd1.Unit",
+                                            "ActiveExitTimestampMonotonic",
+                                            &t->deactivating) < 0 ||
+                    bus_get_uint64_property(bus, u.unit_path,
+                                            "org.freedesktop.systemd1.Unit",
+                                            "InactiveEnterTimestampMonotonic",
+                                            &t->deactivated) < 0) {
+                        r = -EIO;
+                        goto fail;
+                }
+
+                subtract_timestamp(&t->activating, boot_times->reverse_offset);
+                subtract_timestamp(&t->activated, boot_times->reverse_offset);
+                subtract_timestamp(&t->deactivating, boot_times->reverse_offset);
+                subtract_timestamp(&t->deactivated, boot_times->reverse_offset);
+
+                if (t->activated >= t->activating)
+                        t->time = t->activated - t->activating;
+                else if (t->deactivated >= t->activating)
+                        t->time = t->deactivated - t->activating;
+                else
+                        t->time = 0;
+
+                if (t->activating == 0)
+                        continue;
+
+                t->name = strdup(u.id);
+                if (t->name == NULL) {
+                        r = log_oom();
+                        goto fail;
+                }
+                c++;
+        }
+        if (r < 0) {
+                bus_log_parse_error(r);
+                goto fail;
+        }
+
+        *out = unit_times;
+        return c;
+
+fail:
+        if (unit_times)
+                free_unit_times(unit_times, (unsigned) c);
+        return r;
+}
+
+static int acquire_host_info(sd_bus *bus, struct host_info **hi) {
+        static const struct bus_properties_map hostname_map[] = {
+                { "Hostname",                  "s", NULL, offsetof(struct host_info, hostname)       },
+                { "KernelName",                "s", NULL, offsetof(struct host_info, kernel_name)    },
+                { "KernelRelease",             "s", NULL, offsetof(struct host_info, kernel_release) },
+                { "KernelVersion",             "s", NULL, offsetof(struct host_info, kernel_version) },
+                { "OperatingSystemPrettyName", "s", NULL, offsetof(struct host_info, os_pretty_name) },
+                {}
+        };
+
+        static const struct bus_properties_map manager_map[] = {
+                { "Virtualization",            "s", NULL, offsetof(struct host_info, virtualization) },
+                { "Architecture",              "s", NULL, offsetof(struct host_info, architecture)   },
+                {}
+        };
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(free_host_infop) struct host_info *host;
+        int r;
+
+        host = new0(struct host_info, 1);
+        if (!host)
+                return log_oom();
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.hostname1",
+                                   "/org/freedesktop/hostname1",
+                                   hostname_map,
+                                   host);
+        if (r < 0)
+                log_debug_errno(r, "Failed to get host information from systemd-hostnamed: %s", bus_error_message(&error, r));
+
+        r = bus_map_all_properties(bus,
+                                   "org.freedesktop.systemd1",
+                                   "/org/freedesktop/systemd1",
+                                   manager_map,
+                                   host);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get host information from systemd: %s", bus_error_message(&error, r));
+
+        *hi = host;
+        host = NULL;
+
+        return 0;
+}
+
+static int pretty_boot_time(sd_bus *bus, char **_buf) {
+        char ts[FORMAT_TIMESPAN_MAX];
+        struct boot_times *t;
+        static char buf[4096];
+        size_t size;
+        char *ptr;
+        int r;
+
+        r = acquire_boot_times(bus, &t);
+        if (r < 0)
+                return r;
+
+        ptr = buf;
+        size = sizeof(buf);
+
+        size = strpcpyf(&ptr, size, "Startup finished in ");
+        if (t->firmware_time)
+                size = strpcpyf(&ptr, size, "%s (firmware) + ", format_timespan(ts, sizeof(ts), t->firmware_time - t->loader_time, USEC_PER_MSEC));
+        if (t->loader_time)
+                size = strpcpyf(&ptr, size, "%s (loader) + ", format_timespan(ts, sizeof(ts), t->loader_time, USEC_PER_MSEC));
+        if (t->kernel_time)
+                size = strpcpyf(&ptr, size, "%s (kernel) + ", format_timespan(ts, sizeof(ts), t->kernel_done_time, USEC_PER_MSEC));
+        if (t->initrd_time > 0)
+                size = strpcpyf(&ptr, size, "%s (initrd) + ", format_timespan(ts, sizeof(ts), t->userspace_time - t->initrd_time, USEC_PER_MSEC));
+
+        size = strpcpyf(&ptr, size, "%s (userspace) ", format_timespan(ts, sizeof(ts), t->finish_time - t->userspace_time, USEC_PER_MSEC));
+        strpcpyf(&ptr, size, "= %s", format_timespan(ts, sizeof(ts), t->firmware_time + t->finish_time, USEC_PER_MSEC));
+
+        ptr = strdup(buf);
+        if (!ptr)
+                return log_oom();
+
+        *_buf = ptr;
+        return 0;
+}
+
+static void svg_graph_box(double height, double begin, double end) {
+        long long i;
+
+        /* outside box, fill */
+        svg("<rect class=\"box\" x=\"0\" y=\"0\" width=\"%.03f\" height=\"%.03f\" />\n",
+            SCALE_X * (end - begin), SCALE_Y * height);
+
+        for (i = ((long long) (begin / 100000)) * 100000; i <= end; i+=100000) {
+                /* lines for each second */
+                if (i % 5000000 == 0)
+                        svg("  <line class=\"sec5\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n"
+                            "  <text class=\"sec\" x=\"%.03f\" y=\"%.03f\" >%.01fs</text>\n",
+                            SCALE_X * i, SCALE_X * i, SCALE_Y * height, SCALE_X * i, -5.0, 0.000001 * i);
+                else if (i % 1000000 == 0)
+                        svg("  <line class=\"sec1\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n"
+                            "  <text class=\"sec\" x=\"%.03f\" y=\"%.03f\" >%.01fs</text>\n",
+                            SCALE_X * i, SCALE_X * i, SCALE_Y * height, SCALE_X * i, -5.0, 0.000001 * i);
+                else
+                        svg("  <line class=\"sec01\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n",
+                            SCALE_X * i, SCALE_X * i, SCALE_Y * height);
+        }
+}
+
+static int analyze_plot(sd_bus *bus) {
+        _cleanup_(free_host_infop) struct host_info *host = NULL;
+        struct unit_times *times;
+        struct boot_times *boot;
+        int n, m = 1, y=0;
+        double width;
+        _cleanup_free_ char *pretty_times = NULL;
+        struct unit_times *u;
+
+        n = acquire_boot_times(bus, &boot);
+        if (n < 0)
+                return n;
+
+        n = pretty_boot_time(bus, &pretty_times);
+        if (n < 0)
+                return n;
+
+        n = acquire_host_info(bus, &host);
+        if (n < 0)
+                return n;
+
+        n = acquire_time_data(bus, &times);
+        if (n <= 0)
+                return n;
+
+        qsort(times, n, sizeof(struct unit_times), compare_unit_start);
+
+        width = SCALE_X * (boot->firmware_time + boot->finish_time);
+        if (width < 800.0)
+                width = 800.0;
+
+        if (boot->firmware_time > boot->loader_time)
+                m++;
+        if (boot->loader_time) {
+                m++;
+                if (width < 1000.0)
+                        width = 1000.0;
+        }
+        if (boot->initrd_time)
+                m++;
+        if (boot->kernel_time)
+                m++;
+
+        for (u = times; u < times + n; u++) {
+                double text_start, text_width;
+
+                if (u->activating < boot->userspace_time ||
+                    u->activating > boot->finish_time) {
+                        u->name = mfree(u->name);
+                        continue;
+                }
+
+                /* If the text cannot fit on the left side then
+                 * increase the svg width so it fits on the right.
+                 * TODO: calculate the text width more accurately */
+                text_width = 8.0 * strlen(u->name);
+                text_start = (boot->firmware_time + u->activating) * SCALE_X;
+                if (text_width > text_start && text_width + text_start > width)
+                        width = text_width + text_start;
+
+                if (u->deactivated > u->activating && u->deactivated <= boot->finish_time
+                                && u->activated == 0 && u->deactivating == 0)
+                        u->activated = u->deactivating = u->deactivated;
+                if (u->activated < u->activating || u->activated > boot->finish_time)
+                        u->activated = boot->finish_time;
+                if (u->deactivating < u->activated || u->activated > boot->finish_time)
+                        u->deactivating = boot->finish_time;
+                if (u->deactivated < u->deactivating || u->deactivated > boot->finish_time)
+                        u->deactivated = boot->finish_time;
+                m++;
+        }
+
+        svg("<?xml version=\"1.0\" standalone=\"no\"?>\n"
+            "<!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" "
+            "\"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n");
+
+        svg("<svg width=\"%.0fpx\" height=\"%.0fpx\" version=\"1.1\" "
+            "xmlns=\"http://www.w3.org/2000/svg\">\n\n",
+                        80.0 + width, 150.0 + (m * SCALE_Y) +
+                        5 * SCALE_Y /* legend */);
+
+        /* write some basic info as a comment, including some help */
+        svg("<!-- This file is a systemd-analyze SVG file. It is best rendered in a   -->\n"
+            "<!-- browser such as Chrome, Chromium or Firefox. Other applications     -->\n"
+            "<!-- that render these files properly but much slower are ImageMagick,   -->\n"
+            "<!-- gimp, inkscape, etc. To display the files on your system, just      -->\n"
+            "<!-- point your browser to this file.                                    -->\n\n"
+            "<!-- This plot was generated by systemd-analyze version %-16.16s -->\n\n", VERSION);
+
+        /* style sheet */
+        svg("<defs>\n  <style type=\"text/css\">\n    <![CDATA[\n"
+            "      rect       { stroke-width: 1; stroke-opacity: 0; }\n"
+            "      rect.background   { fill: rgb(255,255,255); }\n"
+            "      rect.activating   { fill: rgb(255,0,0); fill-opacity: 0.7; }\n"
+            "      rect.active       { fill: rgb(200,150,150); fill-opacity: 0.7; }\n"
+            "      rect.deactivating { fill: rgb(150,100,100); fill-opacity: 0.7; }\n"
+            "      rect.kernel       { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
+            "      rect.initrd       { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
+            "      rect.firmware     { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
+            "      rect.loader       { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
+            "      rect.userspace    { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
+            "      rect.security     { fill: rgb(144,238,144); fill-opacity: 0.7; }\n"
+            "      rect.generators   { fill: rgb(102,204,255); fill-opacity: 0.7; }\n"
+            "      rect.unitsload    { fill: rgb( 82,184,255); fill-opacity: 0.7; }\n"
+            "      rect.box   { fill: rgb(240,240,240); stroke: rgb(192,192,192); }\n"
+            "      line       { stroke: rgb(64,64,64); stroke-width: 1; }\n"
+            "//    line.sec1  { }\n"
+            "      line.sec5  { stroke-width: 2; }\n"
+            "      line.sec01 { stroke: rgb(224,224,224); stroke-width: 1; }\n"
+            "      text       { font-family: Verdana, Helvetica; font-size: 14px; }\n"
+            "      text.left  { font-family: Verdana, Helvetica; font-size: 14px; text-anchor: start; }\n"
+            "      text.right { font-family: Verdana, Helvetica; font-size: 14px; text-anchor: end; }\n"
+            "      text.sec   { font-size: 10px; }\n"
+            "    ]]>\n   </style>\n</defs>\n\n");
+
+        svg("<rect class=\"background\" width=\"100%%\" height=\"100%%\" />\n");
+        svg("<text x=\"20\" y=\"50\">%s</text>", pretty_times);
+        svg("<text x=\"20\" y=\"30\">%s %s (%s %s %s) %s %s</text>",
+            isempty(host->os_pretty_name) ? "GNU/Linux" : host->os_pretty_name,
+            strempty(host->hostname),
+            strempty(host->kernel_name),
+            strempty(host->kernel_release),
+            strempty(host->kernel_version),
+            strempty(host->architecture),
+            strempty(host->virtualization));
+
+        svg("<g transform=\"translate(%.3f,100)\">\n", 20.0 + (SCALE_X * boot->firmware_time));
+        svg_graph_box(m, -(double) boot->firmware_time, boot->finish_time);
+
+        if (boot->firmware_time) {
+                svg_bar("firmware", -(double) boot->firmware_time, -(double) boot->loader_time, y);
+                svg_text(true, -(double) boot->firmware_time, y, "firmware");
+                y++;
+        }
+        if (boot->loader_time) {
+                svg_bar("loader", -(double) boot->loader_time, 0, y);
+                svg_text(true, -(double) boot->loader_time, y, "loader");
+                y++;
+        }
+        if (boot->kernel_time) {
+                svg_bar("kernel", 0, boot->kernel_done_time, y);
+                svg_text(true, 0, y, "kernel");
+                y++;
+        }
+        if (boot->initrd_time) {
+                svg_bar("initrd", boot->initrd_time, boot->userspace_time, y);
+                svg_text(true, boot->initrd_time, y, "initrd");
+                y++;
+        }
+        svg_bar("active", boot->userspace_time, boot->finish_time, y);
+        svg_bar("security", boot->security_start_time, boot->security_finish_time, y);
+        svg_bar("generators", boot->generators_start_time, boot->generators_finish_time, y);
+        svg_bar("unitsload", boot->unitsload_start_time, boot->unitsload_finish_time, y);
+        svg_text(true, boot->userspace_time, y, "systemd");
+        y++;
+
+        for (u = times; u < times + n; u++) {
+                char ts[FORMAT_TIMESPAN_MAX];
+                bool b;
+
+                if (!u->name)
+                        continue;
+
+                svg_bar("activating",   u->activating, u->activated, y);
+                svg_bar("active",       u->activated, u->deactivating, y);
+                svg_bar("deactivating", u->deactivating, u->deactivated, y);
+
+                /* place the text on the left if we have passed the half of the svg width */
+                b = u->activating * SCALE_X < width / 2;
+                if (u->time)
+                        svg_text(b, u->activating, y, "%s (%s)",
+                                 u->name, format_timespan(ts, sizeof(ts), u->time, USEC_PER_MSEC));
+                else
+                        svg_text(b, u->activating, y, "%s", u->name);
+                y++;
+        }
+
+        svg("</g>\n");
+
+        /* Legend */
+        svg("<g transform=\"translate(20,100)\">\n");
+        y++;
+        svg_bar("activating", 0, 300000, y);
+        svg_text(true, 400000, y, "Activating");
+        y++;
+        svg_bar("active", 0, 300000, y);
+        svg_text(true, 400000, y, "Active");
+        y++;
+        svg_bar("deactivating", 0, 300000, y);
+        svg_text(true, 400000, y, "Deactivating");
+        y++;
+        svg_bar("security", 0, 300000, y);
+        svg_text(true, 400000, y, "Setting up security module");
+        y++;
+        svg_bar("generators", 0, 300000, y);
+        svg_text(true, 400000, y, "Generators");
+        y++;
+        svg_bar("unitsload", 0, 300000, y);
+        svg_text(true, 400000, y, "Loading unit files");
+        y++;
+
+        svg("</g>\n\n");
+
+        svg("</svg>\n");
+
+        free_unit_times(times, (unsigned) n);
+
+        n = 0;
+        return n;
+}
+
+static int list_dependencies_print(const char *name, unsigned int level, unsigned int branches,
+                                   bool last, struct unit_times *times, struct boot_times *boot) {
+        unsigned int i;
+        char ts[FORMAT_TIMESPAN_MAX], ts2[FORMAT_TIMESPAN_MAX];
+
+        for (i = level; i != 0; i--)
+                printf("%s", special_glyph(branches & (1 << (i-1)) ? TREE_VERTICAL : TREE_SPACE));
+
+        printf("%s", special_glyph(last ? TREE_RIGHT : TREE_BRANCH));
+
+        if (times) {
+                if (times->time)
+                        printf("%s%s @%s +%s%s", ANSI_HIGHLIGHT_RED, name,
+                               format_timespan(ts, sizeof(ts), times->activating - boot->userspace_time, USEC_PER_MSEC),
+                               format_timespan(ts2, sizeof(ts2), times->time, USEC_PER_MSEC), ANSI_NORMAL);
+                else if (times->activated > boot->userspace_time)
+                        printf("%s @%s", name, format_timespan(ts, sizeof(ts), times->activated - boot->userspace_time, USEC_PER_MSEC));
+                else
+                        printf("%s", name);
+        } else
+                printf("%s", name);
+        printf("\n");
+
+        return 0;
+}
+
+static int list_dependencies_get_dependencies(sd_bus *bus, const char *name, char ***deps) {
+        _cleanup_free_ char *path = NULL;
+
+        assert(bus);
+        assert(name);
+        assert(deps);
+
+        path = unit_dbus_path_from_name(name);
+        if (path == NULL)
+                return -ENOMEM;
+
+        return bus_get_unit_property_strv(bus, path, "After", deps);
+}
+
+static Hashmap *unit_times_hashmap;
+
+static int list_dependencies_compare(const void *_a, const void *_b) {
+        const char **a = (const char**) _a, **b = (const char**) _b;
+        usec_t usa = 0, usb = 0;
+        struct unit_times *times;
+
+        times = hashmap_get(unit_times_hashmap, *a);
+        if (times)
+                usa = times->activated;
+        times = hashmap_get(unit_times_hashmap, *b);
+        if (times)
+                usb = times->activated;
+
+        return usb - usa;
+}
+
+static int list_dependencies_one(sd_bus *bus, const char *name, unsigned int level, char ***units,
+                                 unsigned int branches) {
+        _cleanup_strv_free_ char **deps = NULL;
+        char **c;
+        int r = 0;
+        usec_t service_longest = 0;
+        int to_print = 0;
+        struct unit_times *times;
+        struct boot_times *boot;
+
+        if (strv_extend(units, name))
+                return log_oom();
+
+        r = list_dependencies_get_dependencies(bus, name, &deps);
+        if (r < 0)
+                return r;
+
+        qsort_safe(deps, strv_length(deps), sizeof (char*), list_dependencies_compare);
+
+        r = acquire_boot_times(bus, &boot);
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH(c, deps) {
+                times = hashmap_get(unit_times_hashmap, *c);
+                if (times
+                    && times->activated
+                    && times->activated <= boot->finish_time
+                    && (times->activated >= service_longest
+                        || service_longest == 0)) {
+                        service_longest = times->activated;
+                        break;
+                }
+        }
+
+        if (service_longest == 0 )
+                return r;
+
+        STRV_FOREACH(c, deps) {
+                times = hashmap_get(unit_times_hashmap, *c);
+                if (times && times->activated && times->activated <= boot->finish_time && (service_longest - times->activated) <= arg_fuzz)
+                        to_print++;
+        }
+
+        if (!to_print)
+                return r;
+
+        STRV_FOREACH(c, deps) {
+                times = hashmap_get(unit_times_hashmap, *c);
+                if (!times
+                    || !times->activated
+                    || times->activated > boot->finish_time
+                    || service_longest - times->activated > arg_fuzz)
+                        continue;
+
+                to_print--;
+
+                r = list_dependencies_print(*c, level, branches, to_print == 0, times, boot);
+                if (r < 0)
+                        return r;
+
+                if (strv_contains(*units, *c)) {
+                        r = list_dependencies_print("...", level + 1, (branches << 1) | (to_print ? 1 : 0),
+                                                    true, NULL, boot);
+                        if (r < 0)
+                                return r;
+                        continue;
+                }
+
+                r = list_dependencies_one(bus, *c, level + 1, units,
+                                          (branches << 1) | (to_print ? 1 : 0));
+                if (r < 0)
+                        return r;
+
+                if (!to_print)
+                        break;
+        }
+        return 0;
+}
+
+static int list_dependencies(sd_bus *bus, const char *name) {
+        _cleanup_strv_free_ char **units = NULL;
+        char ts[FORMAT_TIMESPAN_MAX];
+        struct unit_times *times;
+        int r;
+        const char *id;
+        _cleanup_free_ char *path = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        struct boot_times *boot;
+
+        assert(bus);
+
+        path = unit_dbus_path_from_name(name);
+        if (path == NULL)
+                return -ENOMEM;
+
+        r = sd_bus_get_property(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        "org.freedesktop.systemd1.Unit",
+                        "Id",
+                        &error,
+                        &reply,
+                        "s");
+        if (r < 0) {
+                log_error("Failed to get ID: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "s", &id);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        times = hashmap_get(unit_times_hashmap, id);
+
+        r = acquire_boot_times(bus, &boot);
+        if (r < 0)
+                return r;
+
+        if (times) {
+                if (times->time)
+                        printf("%s%s +%s%s\n", ANSI_HIGHLIGHT_RED, id,
+                               format_timespan(ts, sizeof(ts), times->time, USEC_PER_MSEC), ANSI_NORMAL);
+                else if (times->activated > boot->userspace_time)
+                        printf("%s @%s\n", id, format_timespan(ts, sizeof(ts), times->activated - boot->userspace_time, USEC_PER_MSEC));
+                else
+                        printf("%s\n", id);
+        }
+
+        return list_dependencies_one(bus, name, 0, &units, 0);
+}
+
+static int analyze_critical_chain(sd_bus *bus, char *names[]) {
+        struct unit_times *times;
+        unsigned int i;
+        Hashmap *h;
+        int n, r;
+
+        n = acquire_time_data(bus, &times);
+        if (n <= 0)
+                return n;
+
+        h = hashmap_new(&string_hash_ops);
+        if (!h)
+                return -ENOMEM;
+
+        for (i = 0; i < (unsigned)n; i++) {
+                r = hashmap_put(h, times[i].name, &times[i]);
+                if (r < 0)
+                        return r;
+        }
+        unit_times_hashmap = h;
+
+        pager_open(arg_no_pager, false);
+
+        puts("The time after the unit is active or started is printed after the \"@\" character.\n"
+             "The time the unit takes to start is printed after the \"+\" character.\n");
+
+        if (!strv_isempty(names)) {
+                char **name;
+                STRV_FOREACH(name, names)
+                        list_dependencies(bus, *name);
+        } else
+                list_dependencies(bus, SPECIAL_DEFAULT_TARGET);
+
+        hashmap_free(h);
+        free_unit_times(times, (unsigned) n);
+        return 0;
+}
+
+static int analyze_blame(sd_bus *bus) {
+        struct unit_times *times;
+        unsigned i;
+        int n;
+
+        n = acquire_time_data(bus, &times);
+        if (n <= 0)
+                return n;
+
+        qsort(times, n, sizeof(struct unit_times), compare_unit_time);
+
+        pager_open(arg_no_pager, false);
+
+        for (i = 0; i < (unsigned) n; i++) {
+                char ts[FORMAT_TIMESPAN_MAX];
+
+                if (times[i].time > 0)
+                        printf("%16s %s\n", format_timespan(ts, sizeof(ts), times[i].time, USEC_PER_MSEC), times[i].name);
+        }
+
+        free_unit_times(times, (unsigned) n);
+        return 0;
+}
+
+static int analyze_time(sd_bus *bus) {
+        _cleanup_free_ char *buf = NULL;
+        int r;
+
+        r = pretty_boot_time(bus, &buf);
+        if (r < 0)
+                return r;
+
+        puts(buf);
+        return 0;
+}
+
+static int graph_one_property(sd_bus *bus, const UnitInfo *u, const char* prop, const char *color, char* patterns[], char* from_patterns[], char* to_patterns[]) {
+        _cleanup_strv_free_ char **units = NULL;
+        char **unit;
+        int r;
+        bool match_patterns;
+
+        assert(u);
+        assert(prop);
+        assert(color);
+
+        match_patterns = strv_fnmatch(patterns, u->id, 0);
+
+        if (!strv_isempty(from_patterns) &&
+            !match_patterns &&
+            !strv_fnmatch(from_patterns, u->id, 0))
+                        return 0;
+
+        r = bus_get_unit_property_strv(bus, u->unit_path, prop, &units);
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH(unit, units) {
+                bool match_patterns2;
+
+                match_patterns2 = strv_fnmatch(patterns, *unit, 0);
+
+                if (!strv_isempty(to_patterns) &&
+                    !match_patterns2 &&
+                    !strv_fnmatch(to_patterns, *unit, 0))
+                        continue;
+
+                if (!strv_isempty(patterns) && !match_patterns && !match_patterns2)
+                        continue;
+
+                printf("\t\"%s\"->\"%s\" [color=\"%s\"];\n", u->id, *unit, color);
+        }
+
+        return 0;
+}
+
+static int graph_one(sd_bus *bus, const UnitInfo *u, char *patterns[], char *from_patterns[], char *to_patterns[]) {
+        int r;
+
+        assert(bus);
+        assert(u);
+
+        if (IN_SET(arg_dot, DEP_ORDER, DEP_ALL)) {
+                r = graph_one_property(bus, u, "After", "green", patterns, from_patterns, to_patterns);
+                if (r < 0)
+                        return r;
+        }
+
+        if (IN_SET(arg_dot, DEP_REQUIRE, DEP_ALL)) {
+                r = graph_one_property(bus, u, "Requires", "black", patterns, from_patterns, to_patterns);
+                if (r < 0)
+                        return r;
+                r = graph_one_property(bus, u, "Requisite", "darkblue", patterns, from_patterns, to_patterns);
+                if (r < 0)
+                        return r;
+                r = graph_one_property(bus, u, "Wants", "grey66", patterns, from_patterns, to_patterns);
+                if (r < 0)
+                        return r;
+                r = graph_one_property(bus, u, "Conflicts", "red", patterns, from_patterns, to_patterns);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int expand_patterns(sd_bus *bus, char **patterns, char ***ret) {
+        _cleanup_strv_free_ char **expanded_patterns = NULL;
+        char **pattern;
+        int r;
+
+        STRV_FOREACH(pattern, patterns) {
+                _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+                _cleanup_free_ char *unit = NULL, *unit_id = NULL;
+
+                if (strv_extend(&expanded_patterns, *pattern) < 0)
+                        return log_oom();
+
+                if (string_is_glob(*pattern))
+                        continue;
+
+                unit = unit_dbus_path_from_name(*pattern);
+                if (!unit)
+                        return log_oom();
+
+                r = sd_bus_get_property_string(
+                                bus,
+                                "org.freedesktop.systemd1",
+                                unit,
+                                "org.freedesktop.systemd1.Unit",
+                                "Id",
+                                &error,
+                                &unit_id);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get ID: %s", bus_error_message(&error, r));
+
+                if (!streq(*pattern, unit_id)) {
+                        if (strv_extend(&expanded_patterns, unit_id) < 0)
+                                return log_oom();
+                }
+        }
+
+        *ret = expanded_patterns;
+        expanded_patterns = NULL; /* do not free */
+
+        return 0;
+}
+
+static int dot(sd_bus *bus, char* patterns[]) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_strv_free_ char **expanded_patterns = NULL;
+        _cleanup_strv_free_ char **expanded_from_patterns = NULL;
+        _cleanup_strv_free_ char **expanded_to_patterns = NULL;
+        int r;
+        UnitInfo u;
+
+        r = expand_patterns(bus, patterns, &expanded_patterns);
+        if (r < 0)
+                return r;
+
+        r = expand_patterns(bus, arg_dot_from_patterns, &expanded_from_patterns);
+        if (r < 0)
+                return r;
+
+        r = expand_patterns(bus, arg_dot_to_patterns, &expanded_to_patterns);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_call_method(
+                        bus,
+                       "org.freedesktop.systemd1",
+                       "/org/freedesktop/systemd1",
+                       "org.freedesktop.systemd1.Manager",
+                       "ListUnits",
+                       &error,
+                       &reply,
+                       "");
+        if (r < 0) {
+                log_error("Failed to list units: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        printf("digraph systemd {\n");
+
+        while ((r = bus_parse_unit_info(reply, &u)) > 0) {
+
+                r = graph_one(bus, &u, expanded_patterns, expanded_from_patterns, expanded_to_patterns);
+                if (r < 0)
+                        return r;
+        }
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        printf("}\n");
+
+        log_info("   Color legend: black     = Requires\n"
+                 "                 dark blue = Requisite\n"
+                 "                 dark grey = Wants\n"
+                 "                 red       = Conflicts\n"
+                 "                 green     = After\n");
+
+        if (on_tty())
+                log_notice("-- You probably want to process this output with graphviz' dot tool.\n"
+                           "-- Try a shell pipeline like 'systemd-analyze dot | dot -Tsvg > systemd.svg'!\n");
+
+        return 0;
+}
+
+static int dump(sd_bus *bus, char **args) {
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *text = NULL;
+        int r;
+
+        if (!strv_isempty(args)) {
+                log_error("Too many arguments.");
+                return -E2BIG;
+        }
+
+        pager_open(arg_no_pager, false);
+
+        r = sd_bus_call_method(
+                        bus,
+                       "org.freedesktop.systemd1",
+                       "/org/freedesktop/systemd1",
+                       "org.freedesktop.systemd1.Manager",
+                       "Dump",
+                       &error,
+                       &reply,
+                       "");
+        if (r < 0)
+                return log_error_errno(r, "Failed issue method call: %s", bus_error_message(&error, r));
+
+        r = sd_bus_message_read(reply, "s", &text);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        fputs(text, stdout);
+        return 0;
+}
+
+static int set_log_level(sd_bus *bus, char **args) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(args);
+
+        if (strv_length(args) != 1) {
+                log_error("This command expects one argument only.");
+                return -E2BIG;
+        }
+
+        r = sd_bus_set_property(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "LogLevel",
+                        &error,
+                        "s",
+                        args[0]);
+        if (r < 0)
+                return log_error_errno(r, "Failed to issue method call: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static int set_log_target(sd_bus *bus, char **args) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+
+        assert(bus);
+        assert(args);
+
+        if (strv_length(args) != 1) {
+                log_error("This command expects one argument only.");
+                return -E2BIG;
+        }
+
+        r = sd_bus_set_property(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "LogTarget",
+                        &error,
+                        "s",
+                        args[0]);
+        if (r < 0)
+                return log_error_errno(r, "Failed to issue method call: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static void help(void) {
+
+        pager_open(arg_no_pager, false);
+
+        printf("%s [OPTIONS...] {COMMAND} ...\n\n"
+               "Profile systemd, show unit dependencies, check unit files.\n\n"
+               "  -h --help               Show this help\n"
+               "     --version            Show package version\n"
+               "     --no-pager           Do not pipe output into a pager\n"
+               "     --system             Operate on system systemd instance\n"
+               "     --user               Operate on user systemd instance\n"
+               "  -H --host=[USER@]HOST   Operate on remote host\n"
+               "  -M --machine=CONTAINER  Operate on local container\n"
+               "     --order              Show only order in the graph\n"
+               "     --require            Show only requirement in the graph\n"
+               "     --from-pattern=GLOB  Show only origins in the graph\n"
+               "     --to-pattern=GLOB    Show only destinations in the graph\n"
+               "     --fuzz=SECONDS       Also print also services which finished SECONDS\n"
+               "                          earlier than the latest in the branch\n"
+               "     --man[=BOOL]         Do [not] check for existence of man pages\n\n"
+               "Commands:\n"
+               "  time                    Print time spent in the kernel\n"
+               "  blame                   Print list of running units ordered by time to init\n"
+               "  critical-chain          Print a tree of the time critical chain of units\n"
+               "  plot                    Output SVG graphic showing service initialization\n"
+               "  dot                     Output dependency graph in dot(1) format\n"
+               "  set-log-level LEVEL     Set logging threshold for manager\n"
+               "  set-log-target TARGET   Set logging target for manager\n"
+               "  dump                    Output state serialization of service manager\n"
+               "  verify FILE...          Check unit files for correctness\n"
+               , program_invocation_short_name);
+
+        /* When updating this list, including descriptions, apply
+         * changes to shell-completion/bash/systemd-analyze and
+         * shell-completion/zsh/_systemd-analyze too. */
+}
+
+static int parse_argv(int argc, char *argv[]) {
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_ORDER,
+                ARG_REQUIRE,
+                ARG_USER,
+                ARG_SYSTEM,
+                ARG_DOT_FROM_PATTERN,
+                ARG_DOT_TO_PATTERN,
+                ARG_FUZZ,
+                ARG_NO_PAGER,
+                ARG_MAN,
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'                  },
+                { "version",      no_argument,       NULL, ARG_VERSION          },
+                { "order",        no_argument,       NULL, ARG_ORDER            },
+                { "require",      no_argument,       NULL, ARG_REQUIRE          },
+                { "user",         no_argument,       NULL, ARG_USER             },
+                { "system",       no_argument,       NULL, ARG_SYSTEM           },
+                { "from-pattern", required_argument, NULL, ARG_DOT_FROM_PATTERN },
+                { "to-pattern",   required_argument, NULL, ARG_DOT_TO_PATTERN   },
+                { "fuzz",         required_argument, NULL, ARG_FUZZ             },
+                { "no-pager",     no_argument,       NULL, ARG_NO_PAGER         },
+                { "man",          optional_argument, NULL, ARG_MAN              },
+                { "host",         required_argument, NULL, 'H'                  },
+                { "machine",      required_argument, NULL, 'M'                  },
+                {}
+        };
+
+        int r, c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_USER:
+                        arg_user = true;
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_user = false;
+                        break;
+
+                case ARG_ORDER:
+                        arg_dot = DEP_ORDER;
+                        break;
+
+                case ARG_REQUIRE:
+                        arg_dot = DEP_REQUIRE;
+                        break;
+
+                case ARG_DOT_FROM_PATTERN:
+                        if (strv_extend(&arg_dot_from_patterns, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case ARG_DOT_TO_PATTERN:
+                        if (strv_extend(&arg_dot_to_patterns, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case ARG_FUZZ:
+                        r = parse_sec(optarg, &arg_fuzz);
+                        if (r < 0)
+                                return r;
+                        break;
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case ARG_MAN:
+                        if (optarg) {
+                                r = parse_boolean(optarg);
+                                if (r < 0) {
+                                        log_error("Failed to parse --man= argument.");
+                                        return -EINVAL;
+                                }
+
+                                arg_man = !!r;
+                        } else
+                                arg_man = true;
+
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option code.");
+                }
+
+        return 1; /* work to do */
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+
+        setlocale(LC_ALL, "");
+        setlocale(LC_NUMERIC, "C"); /* we want to format/parse floats in C style */
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        if (streq_ptr(argv[optind], "verify"))
+                r = verify_units(argv+optind+1,
+                                 arg_user ? UNIT_FILE_USER : UNIT_FILE_SYSTEM,
+                                 arg_man);
+        else {
+                _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+
+                r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to create bus connection: %m");
+                        goto finish;
+                }
+
+                if (!argv[optind] || streq(argv[optind], "time"))
+                        r = analyze_time(bus);
+                else if (streq(argv[optind], "blame"))
+                        r = analyze_blame(bus);
+                else if (streq(argv[optind], "critical-chain"))
+                        r = analyze_critical_chain(bus, argv+optind+1);
+                else if (streq(argv[optind], "plot"))
+                        r = analyze_plot(bus);
+                else if (streq(argv[optind], "dot"))
+                        r = dot(bus, argv+optind+1);
+                else if (streq(argv[optind], "dump"))
+                        r = dump(bus, argv+optind+1);
+                else if (streq(argv[optind], "set-log-level"))
+                        r = set_log_level(bus, argv+optind+1);
+                else if (streq(argv[optind], "set-log-target"))
+                        r = set_log_target(bus, argv+optind+1);
+                else
+                        log_error("Unknown operation '%s'.", argv[optind]);
+        }
+
+finish:
+        pager_close();
+
+        strv_free(arg_dot_from_patterns);
+        strv_free(arg_dot_to_patterns);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-ask-password/Makefile b/src/systemd-ask-password/Makefile
new file mode 100644
index 0000000000..4a79cd838a
--- /dev/null
+++ b/src/systemd-ask-password/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += systemd-ask-password
+systemd_ask_password_SOURCES = \
+	src/ask-password/ask-password.c
+
+systemd_ask_password_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/ask-password/ask-password.c b/src/systemd-ask-password/ask-password.c
index 6d53dd982c..6d53dd982c 100644
--- a/src/ask-password/ask-password.c
+++ b/src/systemd-ask-password/ask-password.c
diff --git a/src/systemd-cgls/Makefile b/src/systemd-cgls/Makefile
new file mode 100644
index 0000000000..40a7811632
--- /dev/null
+++ b/src/systemd-cgls/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-cgls
+systemd_cgls_SOURCES = \
+	src/cgls/cgls.c
+
+systemd_cgls_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-cgls/cgls.c b/src/systemd-cgls/cgls.c
new file mode 100644
index 0000000000..ed2846ee57
--- /dev/null
+++ b/src/systemd-cgls/cgls.c
@@ -0,0 +1,288 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "cgroup-show.h"
+#include "cgroup-util.h"
+#include "fileio.h"
+#include "log.h"
+#include "output-mode.h"
+#include "pager.h"
+#include "path-util.h"
+#include "unit-name.h"
+#include "util.h"
+
+static bool arg_no_pager = false;
+static bool arg_kernel_threads = false;
+static bool arg_all = false;
+static int arg_full = -1;
+static char* arg_machine = NULL;
+
+static void help(void) {
+        printf("%s [OPTIONS...] [CGROUP...]\n\n"
+               "Recursively show control group contents.\n\n"
+               "  -h --help           Show this help\n"
+               "     --version        Show package version\n"
+               "     --no-pager       Do not pipe output into a pager\n"
+               "  -a --all            Show all groups, including empty\n"
+               "  -l --full           Do not ellipsize output\n"
+               "  -k                  Include kernel threads in output\n"
+               "  -M --machine=       Show container\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_NO_PAGER = 0x100,
+                ARG_VERSION,
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, 'h'          },
+                { "version",   no_argument,       NULL, ARG_VERSION  },
+                { "no-pager",  no_argument,       NULL, ARG_NO_PAGER },
+                { "all",       no_argument,       NULL, 'a'          },
+                { "full",      no_argument,       NULL, 'l'          },
+                { "machine",   required_argument, NULL, 'M'          },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 1);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hkalM:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_NO_PAGER:
+                        arg_no_pager = true;
+                        break;
+
+                case 'a':
+                        arg_all = true;
+                        break;
+
+                case 'l':
+                        arg_full = true;
+                        break;
+
+                case 'k':
+                        arg_kernel_threads = true;
+                        break;
+
+                case 'M':
+                        arg_machine = optarg;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+static int get_cgroup_root(char **ret) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ char *unit = NULL, *path = NULL;
+        const char *m;
+        int r;
+
+        if (!arg_machine) {
+                r = cg_get_root_path(ret);
+                if (r == -ENOMEDIUM)
+                        return log_error_errno(r, "Failed to get root control group path: No cgroup filesystem mounted on /sys/fs/cgroup");
+                else if (r < 0)
+                        return log_error_errno(r, "Failed to get root control group path: %m");
+
+                return 0;
+        }
+
+        m = strjoina("/run/systemd/machines/", arg_machine);
+        r = parse_env_file(m, NEWLINE, "SCOPE", &unit, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to load machine data: %m");
+
+        path = unit_dbus_path_from_name(unit);
+        if (!path)
+                return log_oom();
+
+        r = bus_connect_transport_systemd(BUS_TRANSPORT_LOCAL, NULL, false, &bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create bus connection: %m");
+
+        r = sd_bus_get_property_string(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        unit_dbus_interface_from_name(unit),
+                        "ControlGroup",
+                        &error,
+                        ret);
+        if (r < 0)
+                return log_error_errno(r, "Failed to query unit control group path: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+static void show_cg_info(const char *controller, const char *path) {
+
+        if (cg_unified() <= 0 && controller && !streq(controller, SYSTEMD_CGROUP_CONTROLLER))
+                printf("Controller %s; ", controller);
+
+        printf("Control group %s:\n", isempty(path) ? "/" : path);
+        fflush(stdout);
+}
+
+int main(int argc, char *argv[]) {
+        int r, output_flags;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        if (!arg_no_pager) {
+                r = pager_open(arg_no_pager, false);
+                if (r > 0 && arg_full < 0)
+                        arg_full = true;
+        }
+
+        output_flags =
+                arg_all * OUTPUT_SHOW_ALL |
+                (arg_full > 0) * OUTPUT_FULL_WIDTH |
+                arg_kernel_threads * OUTPUT_KERNEL_THREADS;
+
+        if (optind < argc) {
+                _cleanup_free_ char *root = NULL;
+                int i;
+
+                r = get_cgroup_root(&root);
+                if (r < 0)
+                        goto finish;
+
+                for (i = optind; i < argc; i++) {
+                        int q;
+
+                        if (path_startswith(argv[i], "/sys/fs/cgroup")) {
+
+                                printf("Directory %s:\n", argv[i]);
+                                fflush(stdout);
+
+                                q = show_cgroup_by_path(argv[i], NULL, 0, output_flags);
+                        } else {
+                                _cleanup_free_ char *c = NULL, *p = NULL, *j = NULL;
+                                const char *controller, *path;
+
+                                r = cg_split_spec(argv[i], &c, &p);
+                                if (r < 0) {
+                                        log_error_errno(r, "Failed to split argument %s: %m", argv[i]);
+                                        goto finish;
+                                }
+
+                                controller = c ?: SYSTEMD_CGROUP_CONTROLLER;
+                                if (p) {
+                                        j = strjoin(root, "/", p, NULL);
+                                        if (!j) {
+                                                r = log_oom();
+                                                goto finish;
+                                        }
+
+                                        path_kill_slashes(j);
+                                        path = j;
+                                } else
+                                        path = root;
+
+                                show_cg_info(controller, path);
+
+                                q = show_cgroup(controller, path, NULL, 0, output_flags);
+                        }
+
+                        if (q < 0)
+                                r = q;
+                }
+
+        } else {
+                bool done = false;
+
+                if (!arg_machine)  {
+                        _cleanup_free_ char *cwd = NULL;
+
+                        cwd = get_current_dir_name();
+                        if (!cwd) {
+                                r = log_error_errno(errno, "Cannot determine current working directory: %m");
+                                goto finish;
+                        }
+
+                        if (path_startswith(cwd, "/sys/fs/cgroup")) {
+                                printf("Working directory %s:\n", cwd);
+                                fflush(stdout);
+
+                                r = show_cgroup_by_path(cwd, NULL, 0, output_flags);
+                                done = true;
+                        }
+                }
+
+                if (!done) {
+                        _cleanup_free_ char *root = NULL;
+
+                        r = get_cgroup_root(&root);
+                        if (r < 0)
+                                goto finish;
+
+                        show_cg_info(SYSTEMD_CGROUP_CONTROLLER, root);
+
+                        printf("-.slice\n");
+                        r = show_cgroup(SYSTEMD_CGROUP_CONTROLLER, root, NULL, 0, output_flags);
+                }
+        }
+
+        if (r < 0)
+                log_error_errno(r, "Failed to list cgroup tree: %m");
+
+finish:
+        pager_close();
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-cgroups-agent/Makefile b/src/systemd-cgroups-agent/Makefile
new file mode 100644
index 0000000000..05ff1f6b49
--- /dev/null
+++ b/src/systemd-cgroups-agent/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-cgroups-agent
+systemd_cgroups_agent_SOURCES = \
+	src/cgroups-agent/cgroups-agent.c
+
+systemd_cgroups_agent_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/cgroups-agent/cgroups-agent.c b/src/systemd-cgroups-agent/cgroups-agent.c
index d7c722ac3d..d7c722ac3d 100644
--- a/src/cgroups-agent/cgroups-agent.c
+++ b/src/systemd-cgroups-agent/cgroups-agent.c
diff --git a/src/systemd-cgtop/Makefile b/src/systemd-cgtop/Makefile
new file mode 100644
index 0000000000..4980eed15b
--- /dev/null
+++ b/src/systemd-cgtop/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-cgtop
+systemd_cgtop_SOURCES = \
+	src/cgtop/cgtop.c
+
+systemd_cgtop_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-cgtop/cgtop.c b/src/systemd-cgtop/cgtop.c
new file mode 100644
index 0000000000..6cbea86070
--- /dev/null
+++ b/src/systemd-cgtop/cgtop.c
@@ -0,0 +1,1115 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <alloca.h>
+#include <errno.h>
+#include <getopt.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "cgroup-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "hashmap.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "stdio-util.h"
+#include "terminal-util.h"
+#include "unit-name.h"
+#include "util.h"
+
+typedef struct Group {
+        char *path;
+
+        bool n_tasks_valid:1;
+        bool cpu_valid:1;
+        bool memory_valid:1;
+        bool io_valid:1;
+
+        uint64_t n_tasks;
+
+        unsigned cpu_iteration;
+        nsec_t cpu_usage;
+        nsec_t cpu_timestamp;
+        double cpu_fraction;
+
+        uint64_t memory;
+
+        unsigned io_iteration;
+        uint64_t io_input, io_output;
+        nsec_t io_timestamp;
+        uint64_t io_input_bps, io_output_bps;
+} Group;
+
+static unsigned arg_depth = 3;
+static unsigned arg_iterations = (unsigned) -1;
+static bool arg_batch = false;
+static bool arg_raw = false;
+static usec_t arg_delay = 1*USEC_PER_SEC;
+static char* arg_machine = NULL;
+static bool arg_recursive = true;
+
+static enum {
+        COUNT_PIDS,
+        COUNT_USERSPACE_PROCESSES,
+        COUNT_ALL_PROCESSES,
+} arg_count = COUNT_PIDS;
+
+static enum {
+        ORDER_PATH,
+        ORDER_TASKS,
+        ORDER_CPU,
+        ORDER_MEMORY,
+        ORDER_IO,
+} arg_order = ORDER_CPU;
+
+static enum {
+        CPU_PERCENT,
+        CPU_TIME,
+} arg_cpu_type = CPU_PERCENT;
+
+static void group_free(Group *g) {
+        assert(g);
+
+        free(g->path);
+        free(g);
+}
+
+static void group_hashmap_clear(Hashmap *h) {
+        Group *g;
+
+        while ((g = hashmap_steal_first(h)))
+                group_free(g);
+}
+
+static void group_hashmap_free(Hashmap *h) {
+        group_hashmap_clear(h);
+        hashmap_free(h);
+}
+
+static const char *maybe_format_bytes(char *buf, size_t l, bool is_valid, uint64_t t) {
+        if (!is_valid)
+                return "-";
+        if (arg_raw) {
+                snprintf(buf, l, "%jd", t);
+                return buf;
+        }
+        return format_bytes(buf, l, t);
+}
+
+static int process(
+                const char *controller,
+                const char *path,
+                Hashmap *a,
+                Hashmap *b,
+                unsigned iteration,
+                Group **ret) {
+
+        Group *g;
+        int r;
+
+        assert(controller);
+        assert(path);
+        assert(a);
+
+        g = hashmap_get(a, path);
+        if (!g) {
+                g = hashmap_get(b, path);
+                if (!g) {
+                        g = new0(Group, 1);
+                        if (!g)
+                                return -ENOMEM;
+
+                        g->path = strdup(path);
+                        if (!g->path) {
+                                group_free(g);
+                                return -ENOMEM;
+                        }
+
+                        r = hashmap_put(a, g->path, g);
+                        if (r < 0) {
+                                group_free(g);
+                                return r;
+                        }
+                } else {
+                        r = hashmap_move_one(a, b, path);
+                        if (r < 0)
+                                return r;
+
+                        g->cpu_valid = g->memory_valid = g->io_valid = g->n_tasks_valid = false;
+                }
+        }
+
+        if (streq(controller, SYSTEMD_CGROUP_CONTROLLER) && IN_SET(arg_count, COUNT_ALL_PROCESSES, COUNT_USERSPACE_PROCESSES)) {
+                _cleanup_fclose_ FILE *f = NULL;
+                pid_t pid;
+
+                r = cg_enumerate_processes(controller, path, &f);
+                if (r == -ENOENT)
+                        return 0;
+                if (r < 0)
+                        return r;
+
+                g->n_tasks = 0;
+                while (cg_read_pid(f, &pid) > 0) {
+
+                        if (arg_count == COUNT_USERSPACE_PROCESSES && is_kernel_thread(pid) > 0)
+                                continue;
+
+                        g->n_tasks++;
+                }
+
+                if (g->n_tasks > 0)
+                        g->n_tasks_valid = true;
+
+        } else if (streq(controller, "pids") && arg_count == COUNT_PIDS) {
+                _cleanup_free_ char *p = NULL, *v = NULL;
+
+                r = cg_get_path(controller, path, "pids.current", &p);
+                if (r < 0)
+                        return r;
+
+                r = read_one_line_file(p, &v);
+                if (r == -ENOENT)
+                        return 0;
+                if (r < 0)
+                        return r;
+
+                r = safe_atou64(v, &g->n_tasks);
+                if (r < 0)
+                        return r;
+
+                if (g->n_tasks > 0)
+                        g->n_tasks_valid = true;
+
+        } else if (streq(controller, "cpuacct") && cg_unified() <= 0) {
+                _cleanup_free_ char *p = NULL, *v = NULL;
+                uint64_t new_usage;
+                nsec_t timestamp;
+
+                r = cg_get_path(controller, path, "cpuacct.usage", &p);
+                if (r < 0)
+                        return r;
+
+                r = read_one_line_file(p, &v);
+                if (r == -ENOENT)
+                        return 0;
+                if (r < 0)
+                        return r;
+
+                r = safe_atou64(v, &new_usage);
+                if (r < 0)
+                        return r;
+
+                timestamp = now_nsec(CLOCK_MONOTONIC);
+
+                if (g->cpu_iteration == iteration - 1 &&
+                    (nsec_t) new_usage > g->cpu_usage) {
+
+                        nsec_t x, y;
+
+                        x = timestamp - g->cpu_timestamp;
+                        if (x < 1)
+                                x = 1;
+
+                        y = (nsec_t) new_usage - g->cpu_usage;
+                        g->cpu_fraction = (double) y / (double) x;
+                        g->cpu_valid = true;
+                }
+
+                g->cpu_usage = (nsec_t) new_usage;
+                g->cpu_timestamp = timestamp;
+                g->cpu_iteration = iteration;
+
+        } else if (streq(controller, "memory")) {
+                _cleanup_free_ char *p = NULL, *v = NULL;
+
+                if (cg_unified() <= 0)
+                        r = cg_get_path(controller, path, "memory.usage_in_bytes", &p);
+                else
+                        r = cg_get_path(controller, path, "memory.current", &p);
+                if (r < 0)
+                        return r;
+
+                r = read_one_line_file(p, &v);
+                if (r == -ENOENT)
+                        return 0;
+                if (r < 0)
+                        return r;
+
+                r = safe_atou64(v, &g->memory);
+                if (r < 0)
+                        return r;
+
+                if (g->memory > 0)
+                        g->memory_valid = true;
+
+        } else if ((streq(controller, "io") && cg_unified() > 0) ||
+                   (streq(controller, "blkio") && cg_unified() <= 0)) {
+                _cleanup_fclose_ FILE *f = NULL;
+                _cleanup_free_ char *p = NULL;
+                bool unified = cg_unified() > 0;
+                uint64_t wr = 0, rd = 0;
+                nsec_t timestamp;
+
+                r = cg_get_path(controller, path, unified ? "io.stat" : "blkio.io_service_bytes", &p);
+                if (r < 0)
+                        return r;
+
+                f = fopen(p, "re");
+                if (!f) {
+                        if (errno == ENOENT)
+                                return 0;
+                        return -errno;
+                }
+
+                for (;;) {
+                        char line[LINE_MAX], *l;
+                        uint64_t k, *q;
+
+                        if (!fgets(line, sizeof(line), f))
+                                break;
+
+                        /* Trim and skip the device */
+                        l = strstrip(line);
+                        l += strcspn(l, WHITESPACE);
+                        l += strspn(l, WHITESPACE);
+
+                        if (unified) {
+                                while (!isempty(l)) {
+                                        if (sscanf(l, "rbytes=%" SCNu64, &k))
+                                                rd += k;
+                                        else if (sscanf(l, "wbytes=%" SCNu64, &k))
+                                                wr += k;
+
+                                        l += strcspn(l, WHITESPACE);
+                                        l += strspn(l, WHITESPACE);
+                                }
+                        } else {
+                                if (first_word(l, "Read")) {
+                                        l += 4;
+                                        q = &rd;
+                                } else if (first_word(l, "Write")) {
+                                        l += 5;
+                                        q = &wr;
+                                } else
+                                        continue;
+
+                                l += strspn(l, WHITESPACE);
+                                r = safe_atou64(l, &k);
+                                if (r < 0)
+                                        continue;
+
+                                *q += k;
+                        }
+                }
+
+                timestamp = now_nsec(CLOCK_MONOTONIC);
+
+                if (g->io_iteration == iteration - 1) {
+                        uint64_t x, yr, yw;
+
+                        x = (uint64_t) (timestamp - g->io_timestamp);
+                        if (x < 1)
+                                x = 1;
+
+                        if (rd > g->io_input)
+                                yr = rd - g->io_input;
+                        else
+                                yr = 0;
+
+                        if (wr > g->io_output)
+                                yw = wr - g->io_output;
+                        else
+                                yw = 0;
+
+                        if (yr > 0 || yw > 0) {
+                                g->io_input_bps = (yr * 1000000000ULL) / x;
+                                g->io_output_bps = (yw * 1000000000ULL) / x;
+                                g->io_valid = true;
+                        }
+                }
+
+                g->io_input = rd;
+                g->io_output = wr;
+                g->io_timestamp = timestamp;
+                g->io_iteration = iteration;
+        }
+
+        if (ret)
+                *ret = g;
+
+        return 0;
+}
+
+static int refresh_one(
+                const char *controller,
+                const char *path,
+                Hashmap *a,
+                Hashmap *b,
+                unsigned iteration,
+                unsigned depth,
+                Group **ret) {
+
+        _cleanup_closedir_ DIR *d = NULL;
+        Group *ours = NULL;
+        int r;
+
+        assert(controller);
+        assert(path);
+        assert(a);
+
+        if (depth > arg_depth)
+                return 0;
+
+        r = process(controller, path, a, b, iteration, &ours);
+        if (r < 0)
+                return r;
+
+        r = cg_enumerate_subgroups(controller, path, &d);
+        if (r == -ENOENT)
+                return 0;
+        if (r < 0)
+                return r;
+
+        for (;;) {
+                _cleanup_free_ char *fn = NULL, *p = NULL;
+                Group *child = NULL;
+
+                r = cg_read_subgroup(d, &fn);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        break;
+
+                p = strjoin(path, "/", fn, NULL);
+                if (!p)
+                        return -ENOMEM;
+
+                path_kill_slashes(p);
+
+                r = refresh_one(controller, p, a, b, iteration, depth + 1, &child);
+                if (r < 0)
+                        return r;
+
+                if (arg_recursive &&
+                    IN_SET(arg_count, COUNT_ALL_PROCESSES, COUNT_USERSPACE_PROCESSES) &&
+                    child &&
+                    child->n_tasks_valid &&
+                    streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
+
+                        /* Recursively sum up processes */
+
+                        if (ours->n_tasks_valid)
+                                ours->n_tasks += child->n_tasks;
+                        else {
+                                ours->n_tasks = child->n_tasks;
+                                ours->n_tasks_valid = true;
+                        }
+                }
+        }
+
+        if (ret)
+                *ret = ours;
+
+        return 1;
+}
+
+static int refresh(const char *root, Hashmap *a, Hashmap *b, unsigned iteration) {
+        int r;
+
+        assert(a);
+
+        r = refresh_one(SYSTEMD_CGROUP_CONTROLLER, root, a, b, iteration, 0, NULL);
+        if (r < 0)
+                return r;
+        r = refresh_one("cpuacct", root, a, b, iteration, 0, NULL);
+        if (r < 0)
+                return r;
+        r = refresh_one("memory", root, a, b, iteration, 0, NULL);
+        if (r < 0)
+                return r;
+        r = refresh_one("io", root, a, b, iteration, 0, NULL);
+        if (r < 0)
+                return r;
+        r = refresh_one("blkio", root, a, b, iteration, 0, NULL);
+        if (r < 0)
+                return r;
+        r = refresh_one("pids", root, a, b, iteration, 0, NULL);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int group_compare(const void*a, const void *b) {
+        const Group *x = *(Group**)a, *y = *(Group**)b;
+
+        if (arg_order != ORDER_TASKS || arg_recursive) {
+                /* Let's make sure that the parent is always before
+                 * the child. Except when ordering by tasks and
+                 * recursive summing is off, since that is actually
+                 * not accumulative for all children. */
+
+                if (path_startswith(y->path, x->path))
+                        return -1;
+                if (path_startswith(x->path, y->path))
+                        return 1;
+        }
+
+        switch (arg_order) {
+
+        case ORDER_PATH:
+                break;
+
+        case ORDER_CPU:
+                if (arg_cpu_type == CPU_PERCENT) {
+                        if (x->cpu_valid && y->cpu_valid) {
+                                if (x->cpu_fraction > y->cpu_fraction)
+                                        return -1;
+                                else if (x->cpu_fraction < y->cpu_fraction)
+                                        return 1;
+                        } else if (x->cpu_valid)
+                                return -1;
+                        else if (y->cpu_valid)
+                                return 1;
+                } else {
+                        if (x->cpu_usage > y->cpu_usage)
+                                return -1;
+                        else if (x->cpu_usage < y->cpu_usage)
+                                return 1;
+                }
+
+                break;
+
+        case ORDER_TASKS:
+                if (x->n_tasks_valid && y->n_tasks_valid) {
+                        if (x->n_tasks > y->n_tasks)
+                                return -1;
+                        else if (x->n_tasks < y->n_tasks)
+                                return 1;
+                } else if (x->n_tasks_valid)
+                        return -1;
+                else if (y->n_tasks_valid)
+                        return 1;
+
+                break;
+
+        case ORDER_MEMORY:
+                if (x->memory_valid && y->memory_valid) {
+                        if (x->memory > y->memory)
+                                return -1;
+                        else if (x->memory < y->memory)
+                                return 1;
+                } else if (x->memory_valid)
+                        return -1;
+                else if (y->memory_valid)
+                        return 1;
+
+                break;
+
+        case ORDER_IO:
+                if (x->io_valid && y->io_valid) {
+                        if (x->io_input_bps + x->io_output_bps > y->io_input_bps + y->io_output_bps)
+                                return -1;
+                        else if (x->io_input_bps + x->io_output_bps < y->io_input_bps + y->io_output_bps)
+                                return 1;
+                } else if (x->io_valid)
+                        return -1;
+                else if (y->io_valid)
+                        return 1;
+        }
+
+        return path_compare(x->path, y->path);
+}
+
+static void display(Hashmap *a) {
+        Iterator i;
+        Group *g;
+        Group **array;
+        signed path_columns;
+        unsigned rows, n = 0, j, maxtcpu = 0, maxtpath = 3; /* 3 for ellipsize() to work properly */
+        char buffer[MAX3(21, FORMAT_BYTES_MAX, FORMAT_TIMESPAN_MAX)];
+
+        assert(a);
+
+        if (on_tty())
+                fputs(ANSI_HOME_CLEAR, stdout);
+
+        array = alloca(sizeof(Group*) * hashmap_size(a));
+
+        HASHMAP_FOREACH(g, a, i)
+                if (g->n_tasks_valid || g->cpu_valid || g->memory_valid || g->io_valid)
+                        array[n++] = g;
+
+        qsort_safe(array, n, sizeof(Group*), group_compare);
+
+        /* Find the longest names in one run */
+        for (j = 0; j < n; j++) {
+                unsigned cputlen, pathtlen;
+
+                format_timespan(buffer, sizeof(buffer), (usec_t) (array[j]->cpu_usage / NSEC_PER_USEC), 0);
+                cputlen = strlen(buffer);
+                maxtcpu = MAX(maxtcpu, cputlen);
+
+                pathtlen = strlen(array[j]->path);
+                maxtpath = MAX(maxtpath, pathtlen);
+        }
+
+        if (arg_cpu_type == CPU_PERCENT)
+                xsprintf(buffer, "%6s", "%CPU");
+        else
+                xsprintf(buffer, "%*s", maxtcpu, "CPU Time");
+
+        rows = lines();
+        if (rows <= 10)
+                rows = 10;
+
+        if (on_tty()) {
+                const char *on, *off;
+
+                path_columns = columns() - 36 - strlen(buffer);
+                if (path_columns < 10)
+                        path_columns = 10;
+
+                on = ansi_highlight_underline();
+                off = ansi_underline();
+
+                printf("%s%s%-*s%s %s%7s%s %s%s%s %s%8s%s %s%8s%s %s%8s%s%s\n",
+                       ansi_underline(),
+                       arg_order == ORDER_PATH ? on : "", path_columns, "Control Group",
+                       arg_order == ORDER_PATH ? off : "",
+                       arg_order == ORDER_TASKS ? on : "", arg_count == COUNT_PIDS ? "Tasks" : arg_count == COUNT_USERSPACE_PROCESSES ? "Procs" : "Proc+",
+                       arg_order == ORDER_TASKS ? off : "",
+                       arg_order == ORDER_CPU ? on : "", buffer,
+                       arg_order == ORDER_CPU ? off : "",
+                       arg_order == ORDER_MEMORY ? on : "", "Memory",
+                       arg_order == ORDER_MEMORY ? off : "",
+                       arg_order == ORDER_IO ? on : "", "Input/s",
+                       arg_order == ORDER_IO ? off : "",
+                       arg_order == ORDER_IO ? on : "", "Output/s",
+                       arg_order == ORDER_IO ? off : "",
+                       ansi_normal());
+        } else
+                path_columns = maxtpath;
+
+        for (j = 0; j < n; j++) {
+                _cleanup_free_ char *ellipsized = NULL;
+                const char *path;
+
+                if (on_tty() && j + 6 > rows)
+                        break;
+
+                g = array[j];
+
+                path = isempty(g->path) ? "/" : g->path;
+                ellipsized = ellipsize(path, path_columns, 33);
+                printf("%-*s", path_columns, ellipsized ?: path);
+
+                if (g->n_tasks_valid)
+                        printf(" %7" PRIu64, g->n_tasks);
+                else
+                        fputs("       -", stdout);
+
+                if (arg_cpu_type == CPU_PERCENT) {
+                        if (g->cpu_valid)
+                                printf(" %6.1f", g->cpu_fraction*100);
+                        else
+                                fputs("      -", stdout);
+                } else
+                        printf(" %*s", maxtcpu, format_timespan(buffer, sizeof(buffer), (usec_t) (g->cpu_usage / NSEC_PER_USEC), 0));
+
+                printf(" %8s", maybe_format_bytes(buffer, sizeof(buffer), g->memory_valid, g->memory));
+                printf(" %8s", maybe_format_bytes(buffer, sizeof(buffer), g->io_valid, g->io_input_bps));
+                printf(" %8s", maybe_format_bytes(buffer, sizeof(buffer), g->io_valid, g->io_output_bps));
+
+                putchar('\n');
+        }
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...]\n\n"
+               "Show top control groups by their resource usage.\n\n"
+               "  -h --help           Show this help\n"
+               "     --version        Show package version\n"
+               "  -p --order=path     Order by path\n"
+               "  -t --order=tasks    Order by number of tasks/processes\n"
+               "  -c --order=cpu      Order by CPU load (default)\n"
+               "  -m --order=memory   Order by memory load\n"
+               "  -i --order=io       Order by IO load\n"
+               "  -r --raw            Provide raw (not human-readable) numbers\n"
+               "     --cpu=percentage Show CPU usage as percentage (default)\n"
+               "     --cpu=time       Show CPU usage as time\n"
+               "  -P                  Count userspace processes instead of tasks (excl. kernel)\n"
+               "  -k                  Count all processes instead of tasks (incl. kernel)\n"
+               "     --recursive=BOOL Sum up process count recursively\n"
+               "  -d --delay=DELAY    Delay between updates\n"
+               "  -n --iterations=N   Run for N iterations before exiting\n"
+               "  -b --batch          Run in batch mode, accepting no input\n"
+               "     --depth=DEPTH    Maximum traversal depth (default: %u)\n"
+               "  -M --machine=       Show container\n"
+               , program_invocation_short_name, arg_depth);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_DEPTH,
+                ARG_CPU_TYPE,
+                ARG_ORDER,
+                ARG_RECURSIVE,
+        };
+
+        static const struct option options[] = {
+                { "help",         no_argument,       NULL, 'h'           },
+                { "version",      no_argument,       NULL, ARG_VERSION   },
+                { "delay",        required_argument, NULL, 'd'           },
+                { "iterations",   required_argument, NULL, 'n'           },
+                { "batch",        no_argument,       NULL, 'b'           },
+                { "raw",          no_argument,       NULL, 'r'           },
+                { "depth",        required_argument, NULL, ARG_DEPTH     },
+                { "cpu",          optional_argument, NULL, ARG_CPU_TYPE  },
+                { "order",        required_argument, NULL, ARG_ORDER     },
+                { "recursive",    required_argument, NULL, ARG_RECURSIVE },
+                { "machine",      required_argument, NULL, 'M'           },
+                {}
+        };
+
+        bool recursive_unset = false;
+        int c, r;
+
+        assert(argc >= 1);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hptcmin:brd:kPM:", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_CPU_TYPE:
+                        if (optarg) {
+                                if (streq(optarg, "time"))
+                                        arg_cpu_type = CPU_TIME;
+                                else if (streq(optarg, "percentage"))
+                                        arg_cpu_type = CPU_PERCENT;
+                                else {
+                                        log_error("Unknown argument to --cpu=: %s", optarg);
+                                        return -EINVAL;
+                                }
+                        } else
+                                arg_cpu_type = CPU_TIME;
+
+                        break;
+
+                case ARG_DEPTH:
+                        r = safe_atou(optarg, &arg_depth);
+                        if (r < 0) {
+                                log_error("Failed to parse depth parameter.");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case 'd':
+                        r = parse_sec(optarg, &arg_delay);
+                        if (r < 0 || arg_delay <= 0) {
+                                log_error("Failed to parse delay parameter.");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case 'n':
+                        r = safe_atou(optarg, &arg_iterations);
+                        if (r < 0) {
+                                log_error("Failed to parse iterations parameter.");
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case 'b':
+                        arg_batch = true;
+                        break;
+
+                case 'r':
+                        arg_raw = true;
+                        break;
+
+                case 'p':
+                        arg_order = ORDER_PATH;
+                        break;
+
+                case 't':
+                        arg_order = ORDER_TASKS;
+                        break;
+
+                case 'c':
+                        arg_order = ORDER_CPU;
+                        break;
+
+                case 'm':
+                        arg_order = ORDER_MEMORY;
+                        break;
+
+                case 'i':
+                        arg_order = ORDER_IO;
+                        break;
+
+                case ARG_ORDER:
+                        if (streq(optarg, "path"))
+                                arg_order = ORDER_PATH;
+                        else if (streq(optarg, "tasks"))
+                                arg_order = ORDER_TASKS;
+                        else if (streq(optarg, "cpu"))
+                                arg_order = ORDER_CPU;
+                        else if (streq(optarg, "memory"))
+                                arg_order = ORDER_MEMORY;
+                        else if (streq(optarg, "io"))
+                                arg_order = ORDER_IO;
+                        else {
+                                log_error("Invalid argument to --order=: %s", optarg);
+                                return -EINVAL;
+                        }
+                        break;
+
+                case 'k':
+                        arg_count = COUNT_ALL_PROCESSES;
+                        break;
+
+                case 'P':
+                        arg_count = COUNT_USERSPACE_PROCESSES;
+                        break;
+
+                case ARG_RECURSIVE:
+                        r = parse_boolean(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse --recursive= argument: %s", optarg);
+                                return r;
+                        }
+
+                        arg_recursive = r;
+                        recursive_unset = r == 0;
+                        break;
+
+                case 'M':
+                        arg_machine = optarg;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (optind < argc) {
+                log_error("Too many arguments.");
+                return -EINVAL;
+        }
+
+        if (recursive_unset && arg_count == COUNT_PIDS) {
+                log_error("Non-recursive counting is only supported when counting processes, not tasks. Use -P or -k.");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+static const char* counting_what(void) {
+        if (arg_count == COUNT_PIDS)
+                return "tasks";
+        else if (arg_count == COUNT_ALL_PROCESSES)
+                return "all processes (incl. kernel)";
+        else
+                return "userspace processes (excl. kernel)";
+}
+
+static int get_cgroup_root(char **ret) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ char *unit = NULL, *path = NULL;
+        const char *m;
+        int r;
+
+        if (!arg_machine) {
+                r = cg_get_root_path(ret);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get root control group path: %m");
+
+                return 0;
+        }
+
+        m = strjoina("/run/systemd/machines/", arg_machine);
+        r = parse_env_file(m, NEWLINE, "SCOPE", &unit, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to load machine data: %m");
+
+        path = unit_dbus_path_from_name(unit);
+        if (!path)
+                return log_oom();
+
+        r = bus_connect_transport_systemd(BUS_TRANSPORT_LOCAL, NULL, false, &bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create bus connection: %m");
+
+        r = sd_bus_get_property_string(
+                        bus,
+                        "org.freedesktop.systemd1",
+                        path,
+                        unit_dbus_interface_from_name(unit),
+                        "ControlGroup",
+                        &error,
+                        ret);
+        if (r < 0)
+                return log_error_errno(r, "Failed to query unit control group path: %s", bus_error_message(&error, r));
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        int r;
+        Hashmap *a = NULL, *b = NULL;
+        unsigned iteration = 0;
+        usec_t last_refresh = 0;
+        bool quit = false, immediate_refresh = false;
+        _cleanup_free_ char *root = NULL;
+        CGroupMask mask;
+
+        log_parse_environment();
+        log_open();
+
+        r = cg_mask_supported(&mask);
+        if (r < 0) {
+                log_error_errno(r, "Failed to determine supported controllers: %m");
+                goto finish;
+        }
+
+        arg_count = (mask & CGROUP_MASK_PIDS) ? COUNT_PIDS : COUNT_USERSPACE_PROCESSES;
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = get_cgroup_root(&root);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get root control group path: %m");
+                goto finish;
+        }
+
+        a = hashmap_new(&string_hash_ops);
+        b = hashmap_new(&string_hash_ops);
+        if (!a || !b) {
+                r = log_oom();
+                goto finish;
+        }
+
+        signal(SIGWINCH, columns_lines_cache_reset);
+
+        if (arg_iterations == (unsigned) -1)
+                arg_iterations = on_tty() ? 0 : 1;
+
+        while (!quit) {
+                Hashmap *c;
+                usec_t t;
+                char key;
+                char h[FORMAT_TIMESPAN_MAX];
+
+                t = now(CLOCK_MONOTONIC);
+
+                if (t >= last_refresh + arg_delay || immediate_refresh) {
+
+                        r = refresh(root, a, b, iteration++);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to refresh: %m");
+                                goto finish;
+                        }
+
+                        group_hashmap_clear(b);
+
+                        c = a;
+                        a = b;
+                        b = c;
+
+                        last_refresh = t;
+                        immediate_refresh = false;
+                }
+
+                display(b);
+
+                if (arg_iterations && iteration >= arg_iterations)
+                        break;
+
+                if (!on_tty()) /* non-TTY: Empty newline as delimiter between polls */
+                        fputs("\n", stdout);
+                fflush(stdout);
+
+                if (arg_batch)
+                        (void) usleep(last_refresh + arg_delay - t);
+                else {
+                        r = read_one_char(stdin, &key, last_refresh + arg_delay - t, NULL);
+                        if (r == -ETIMEDOUT)
+                                continue;
+                        if (r < 0) {
+                                log_error_errno(r, "Couldn't read key: %m");
+                                goto finish;
+                        }
+                }
+
+                if (on_tty()) { /* TTY: Clear any user keystroke */
+                        fputs("\r \r", stdout);
+                        fflush(stdout);
+                }
+
+                if (arg_batch)
+                        continue;
+
+                switch (key) {
+
+                case ' ':
+                        immediate_refresh = true;
+                        break;
+
+                case 'q':
+                        quit = true;
+                        break;
+
+                case 'p':
+                        arg_order = ORDER_PATH;
+                        break;
+
+                case 't':
+                        arg_order = ORDER_TASKS;
+                        break;
+
+                case 'c':
+                        arg_order = ORDER_CPU;
+                        break;
+
+                case 'm':
+                        arg_order = ORDER_MEMORY;
+                        break;
+
+                case 'i':
+                        arg_order = ORDER_IO;
+                        break;
+
+                case '%':
+                        arg_cpu_type = arg_cpu_type == CPU_TIME ? CPU_PERCENT : CPU_TIME;
+                        break;
+
+                case 'k':
+                        arg_count = arg_count != COUNT_ALL_PROCESSES ? COUNT_ALL_PROCESSES : COUNT_PIDS;
+                        fprintf(stdout, "\nCounting: %s.", counting_what());
+                        fflush(stdout);
+                        sleep(1);
+                        break;
+
+                case 'P':
+                        arg_count = arg_count != COUNT_USERSPACE_PROCESSES ? COUNT_USERSPACE_PROCESSES : COUNT_PIDS;
+                        fprintf(stdout, "\nCounting: %s.", counting_what());
+                        fflush(stdout);
+                        sleep(1);
+                        break;
+
+                case 'r':
+                        if (arg_count == COUNT_PIDS)
+                                fprintf(stdout, "\n\aCannot toggle recursive counting, not available in task counting mode.");
+                        else {
+                                arg_recursive = !arg_recursive;
+                                fprintf(stdout, "\nRecursive process counting: %s", yes_no(arg_recursive));
+                        }
+                        fflush(stdout);
+                        sleep(1);
+                        break;
+
+                case '+':
+                        if (arg_delay < USEC_PER_SEC)
+                                arg_delay += USEC_PER_MSEC*250;
+                        else
+                                arg_delay += USEC_PER_SEC;
+
+                        fprintf(stdout, "\nIncreased delay to %s.", format_timespan(h, sizeof(h), arg_delay, 0));
+                        fflush(stdout);
+                        sleep(1);
+                        break;
+
+                case '-':
+                        if (arg_delay <= USEC_PER_MSEC*500)
+                                arg_delay = USEC_PER_MSEC*250;
+                        else if (arg_delay < USEC_PER_MSEC*1250)
+                                arg_delay -= USEC_PER_MSEC*250;
+                        else
+                                arg_delay -= USEC_PER_SEC;
+
+                        fprintf(stdout, "\nDecreased delay to %s.", format_timespan(h, sizeof(h), arg_delay, 0));
+                        fflush(stdout);
+                        sleep(1);
+                        break;
+
+                case '?':
+                case 'h':
+
+#define ON ANSI_HIGHLIGHT
+#define OFF ANSI_NORMAL
+
+                        fprintf(stdout,
+                                "\t<" ON "p" OFF "> By path; <" ON "t" OFF "> By tasks/procs; <" ON "c" OFF "> By CPU; <" ON "m" OFF "> By memory; <" ON "i" OFF "> By I/O\n"
+                                "\t<" ON "+" OFF "> Inc. delay; <" ON "-" OFF "> Dec. delay; <" ON "%%" OFF "> Toggle time; <" ON "SPACE" OFF "> Refresh\n"
+                                "\t<" ON "P" OFF "> Toggle count userspace processes; <" ON "k" OFF "> Toggle count all processes\n"
+                                "\t<" ON "r" OFF "> Count processes recursively; <" ON "q" OFF "> Quit");
+                        fflush(stdout);
+                        sleep(3);
+                        break;
+
+                default:
+                        if (key < ' ')
+                                fprintf(stdout, "\nUnknown key '\\x%x'. Ignoring.", key);
+                        else
+                                fprintf(stdout, "\nUnknown key '%c'. Ignoring.", key);
+                        fflush(stdout);
+                        sleep(1);
+                        break;
+                }
+        }
+
+        r = 0;
+
+finish:
+        group_hashmap_free(a);
+        group_hashmap_free(b);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-cryptsetup/Makefile b/src/systemd-cryptsetup/Makefile
new file mode 100644
index 0000000000..73a46bf6da
--- /dev/null
+++ b/src/systemd-cryptsetup/Makefile
@@ -0,0 +1,59 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_LIBCRYPTSETUP),)
+rootlibexec_PROGRAMS += \
+	systemd-cryptsetup
+
+systemgenerator_PROGRAMS += \
+	systemd-cryptsetup-generator
+
+dist_systemunit_DATA += \
+	units/cryptsetup.target \
+	units/cryptsetup-pre.target
+
+systemd_cryptsetup_SOURCES = \
+	src/cryptsetup/cryptsetup.c
+
+systemd_cryptsetup_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(LIBCRYPTSETUP_CFLAGS)
+
+systemd_cryptsetup_LDADD = \
+	libshared.la \
+	$(LIBCRYPTSETUP_LIBS)
+
+systemd_cryptsetup_generator_SOURCES = \
+	src/cryptsetup/cryptsetup-generator.c
+
+systemd_cryptsetup_generator_LDADD = \
+	libshared.la
+
+SYSINIT_TARGET_WANTS += \
+	cryptsetup.target
+
+endif # HAVE_LIBCRYPTSETUP
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/systemd-cryptsetup/cryptsetup-generator.c
index 8ac5ab730a..8ac5ab730a 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/systemd-cryptsetup/cryptsetup-generator.c
diff --git a/src/systemd-cryptsetup/cryptsetup.c b/src/systemd-cryptsetup/cryptsetup.c
new file mode 100644
index 0000000000..8024f80e36
--- /dev/null
+++ b/src/systemd-cryptsetup/cryptsetup.c
@@ -0,0 +1,757 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <libcryptsetup.h>
+#include <mntent.h>
+#include <string.h>
+#include <sys/mman.h>
+
+#include <systemd/sd-device.h>
+
+#include "alloc-util.h"
+#include "ask-password-api.h"
+#include "device-util.h"
+#include "escape.h"
+#include "fileio.h"
+#include "log.h"
+#include "mount-util.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
+static char *arg_cipher = NULL;
+static unsigned arg_key_size = 0;
+static int arg_key_slot = CRYPT_ANY_SLOT;
+static unsigned arg_keyfile_size = 0;
+static unsigned arg_keyfile_offset = 0;
+static char *arg_hash = NULL;
+static char *arg_header = NULL;
+static unsigned arg_tries = 3;
+static bool arg_readonly = false;
+static bool arg_verify = false;
+static bool arg_discards = false;
+static bool arg_tcrypt_hidden = false;
+static bool arg_tcrypt_system = false;
+static char **arg_tcrypt_keyfiles = NULL;
+static uint64_t arg_offset = 0;
+static uint64_t arg_skip = 0;
+static usec_t arg_timeout = 0;
+
+/* Options Debian's crypttab knows we don't:
+
+    precheck=
+    check=
+    checkargs=
+    noearly=
+    loud=
+    keyscript=
+*/
+
+static int parse_one_option(const char *option) {
+        assert(option);
+
+        /* Handled outside of this tool */
+        if (STR_IN_SET(option, "noauto", "auto", "nofail", "fail"))
+                return 0;
+
+        if (startswith(option, "cipher=")) {
+                char *t;
+
+                t = strdup(option+7);
+                if (!t)
+                        return log_oom();
+
+                free(arg_cipher);
+                arg_cipher = t;
+
+        } else if (startswith(option, "size=")) {
+
+                if (safe_atou(option+5, &arg_key_size) < 0) {
+                        log_error("size= parse failure, ignoring.");
+                        return 0;
+                }
+
+                if (arg_key_size % 8) {
+                        log_error("size= not a multiple of 8, ignoring.");
+                        return 0;
+                }
+
+                arg_key_size /= 8;
+
+        } else if (startswith(option, "key-slot=")) {
+
+                arg_type = CRYPT_LUKS1;
+                if (safe_atoi(option+9, &arg_key_slot) < 0) {
+                        log_error("key-slot= parse failure, ignoring.");
+                        return 0;
+                }
+
+        } else if (startswith(option, "tcrypt-keyfile=")) {
+
+                arg_type = CRYPT_TCRYPT;
+                if (path_is_absolute(option+15)) {
+                        if (strv_extend(&arg_tcrypt_keyfiles, option + 15) < 0)
+                                return log_oom();
+                } else
+                        log_error("Key file path '%s' is not absolute. Ignoring.", option+15);
+
+        } else if (startswith(option, "keyfile-size=")) {
+
+                if (safe_atou(option+13, &arg_keyfile_size) < 0) {
+                        log_error("keyfile-size= parse failure, ignoring.");
+                        return 0;
+                }
+
+        } else if (startswith(option, "keyfile-offset=")) {
+
+                if (safe_atou(option+15, &arg_keyfile_offset) < 0) {
+                        log_error("keyfile-offset= parse failure, ignoring.");
+                        return 0;
+                }
+
+        } else if (startswith(option, "hash=")) {
+                char *t;
+
+                t = strdup(option+5);
+                if (!t)
+                        return log_oom();
+
+                free(arg_hash);
+                arg_hash = t;
+
+        } else if (startswith(option, "header=")) {
+                arg_type = CRYPT_LUKS1;
+
+                if (!path_is_absolute(option+7)) {
+                        log_error("Header path '%s' is not absolute, refusing.", option+7);
+                        return -EINVAL;
+                }
+
+                if (arg_header) {
+                        log_error("Duplicate header= options, refusing.");
+                        return -EINVAL;
+                }
+
+                arg_header = strdup(option+7);
+                if (!arg_header)
+                        return log_oom();
+
+        } else if (startswith(option, "tries=")) {
+
+                if (safe_atou(option+6, &arg_tries) < 0) {
+                        log_error("tries= parse failure, ignoring.");
+                        return 0;
+                }
+
+        } else if (STR_IN_SET(option, "readonly", "read-only"))
+                arg_readonly = true;
+        else if (streq(option, "verify"))
+                arg_verify = true;
+        else if (STR_IN_SET(option, "allow-discards", "discard"))
+                arg_discards = true;
+        else if (streq(option, "luks"))
+                arg_type = CRYPT_LUKS1;
+        else if (streq(option, "tcrypt"))
+                arg_type = CRYPT_TCRYPT;
+        else if (streq(option, "tcrypt-hidden")) {
+                arg_type = CRYPT_TCRYPT;
+                arg_tcrypt_hidden = true;
+        } else if (streq(option, "tcrypt-system")) {
+                arg_type = CRYPT_TCRYPT;
+                arg_tcrypt_system = true;
+        } else if (STR_IN_SET(option, "plain", "swap", "tmp"))
+                arg_type = CRYPT_PLAIN;
+        else if (startswith(option, "timeout=")) {
+
+                if (parse_sec(option+8, &arg_timeout) < 0) {
+                        log_error("timeout= parse failure, ignoring.");
+                        return 0;
+                }
+
+        } else if (startswith(option, "offset=")) {
+
+                if (safe_atou64(option+7, &arg_offset) < 0) {
+                        log_error("offset= parse failure, refusing.");
+                        return -EINVAL;
+                }
+
+        } else if (startswith(option, "skip=")) {
+
+                if (safe_atou64(option+5, &arg_skip) < 0) {
+                        log_error("skip= parse failure, refusing.");
+                        return -EINVAL;
+                }
+
+        } else if (!streq(option, "none"))
+                log_error("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
+
+        return 0;
+}
+
+static int parse_options(const char *options) {
+        const char *word, *state;
+        size_t l;
+        int r;
+
+        assert(options);
+
+        FOREACH_WORD_SEPARATOR(word, l, options, ",", state) {
+                _cleanup_free_ char *o;
+
+                o = strndup(word, l);
+                if (!o)
+                        return -ENOMEM;
+                r = parse_one_option(o);
+                if (r < 0)
+                        return r;
+        }
+
+        /* sanity-check options */
+        if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
+                if (arg_offset)
+                      log_warning("offset= ignored with type %s", arg_type);
+                if (arg_skip)
+                      log_warning("skip= ignored with type %s", arg_type);
+        }
+
+        return 0;
+}
+
+static void log_glue(int level, const char *msg, void *usrptr) {
+        log_debug("%s", msg);
+}
+
+static int disk_major_minor(const char *path, char **ret) {
+        struct stat st;
+
+        assert(path);
+
+        if (stat(path, &st) < 0)
+                return -errno;
+
+        if (!S_ISBLK(st.st_mode))
+                return -EINVAL;
+
+        if (asprintf(ret, "/dev/block/%d:%d", major(st.st_rdev), minor(st.st_rdev)) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static char* disk_description(const char *path) {
+
+        static const char name_fields[] =
+                "ID_PART_ENTRY_NAME\0"
+                "DM_NAME\0"
+                "ID_MODEL_FROM_DATABASE\0"
+                "ID_MODEL\0";
+
+        _cleanup_(sd_device_unrefp) sd_device *device = NULL;
+        struct stat st;
+        const char *i;
+        int r;
+
+        assert(path);
+
+        if (stat(path, &st) < 0)
+                return NULL;
+
+        if (!S_ISBLK(st.st_mode))
+                return NULL;
+
+        r = sd_device_new_from_devnum(&device, 'b', st.st_rdev);
+        if (r < 0)
+                return NULL;
+
+        NULSTR_FOREACH(i, name_fields) {
+                const char *name;
+
+                r = sd_device_get_property_value(device, i, &name);
+                if (r >= 0 && !isempty(name))
+                        return strdup(name);
+        }
+
+        return NULL;
+}
+
+static char *disk_mount_point(const char *label) {
+        _cleanup_free_ char *device = NULL;
+        _cleanup_endmntent_ FILE *f = NULL;
+        struct mntent *m;
+
+        /* Yeah, we don't support native systemd unit files here for now */
+
+        if (asprintf(&device, "/dev/mapper/%s", label) < 0)
+                return NULL;
+
+        f = setmntent("/etc/fstab", "r");
+        if (!f)
+                return NULL;
+
+        while ((m = getmntent(f)))
+                if (path_equal(m->mnt_fsname, device))
+                        return strdup(m->mnt_dir);
+
+        return NULL;
+}
+
+static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***ret) {
+        _cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL, *maj_min = NULL, *text = NULL, *escaped_name = NULL;
+        _cleanup_strv_free_erase_ char **passwords = NULL;
+        const char *name = NULL;
+        char **p, *id;
+        int r = 0;
+
+        assert(vol);
+        assert(src);
+        assert(ret);
+
+        description = disk_description(src);
+        mount_point = disk_mount_point(vol);
+
+        if (description && streq(vol, description))
+                /* If the description string is simply the
+                 * volume name, then let's not show this
+                 * twice */
+                description = mfree(description);
+
+        if (mount_point && description)
+                r = asprintf(&name_buffer, "%s (%s) on %s", description, vol, mount_point);
+        else if (mount_point)
+                r = asprintf(&name_buffer, "%s on %s", vol, mount_point);
+        else if (description)
+                r = asprintf(&name_buffer, "%s (%s)", description, vol);
+
+        if (r < 0)
+                return log_oom();
+
+        name = name_buffer ? name_buffer : vol;
+
+        if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
+                return log_oom();
+
+        if (src)
+                (void) disk_major_minor(src, &maj_min);
+
+        if (maj_min) {
+                escaped_name = maj_min;
+                maj_min = NULL;
+        } else
+                escaped_name = cescape(name);
+
+        if (!escaped_name)
+                return log_oom();
+
+        id = strjoina("cryptsetup:", escaped_name);
+
+        r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until,
+                              ASK_PASSWORD_PUSH_CACHE | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
+                              &passwords);
+        if (r < 0)
+                return log_error_errno(r, "Failed to query password: %m");
+
+        if (arg_verify) {
+                _cleanup_strv_free_erase_ char **passwords2 = NULL;
+
+                assert(strv_length(passwords) == 1);
+
+                if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
+                        return log_oom();
+
+                id = strjoina("cryptsetup-verification:", escaped_name);
+
+                r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE, &passwords2);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to query verification password: %m");
+
+                assert(strv_length(passwords2) == 1);
+
+                if (!streq(passwords[0], passwords2[0])) {
+                        log_warning("Passwords did not match, retrying.");
+                        return -EAGAIN;
+                }
+        }
+
+        strv_uniq(passwords);
+
+        STRV_FOREACH(p, passwords) {
+                char *c;
+
+                if (strlen(*p)+1 >= arg_key_size)
+                        continue;
+
+                /* Pad password if necessary */
+                c = new(char, arg_key_size);
+                if (!c)
+                        return log_oom();
+
+                strncpy(c, *p, arg_key_size);
+                free(*p);
+                *p = c;
+        }
+
+        *ret = passwords;
+        passwords = NULL;
+
+        return 0;
+}
+
+static int attach_tcrypt(
+                struct crypt_device *cd,
+                const char *name,
+                const char *key_file,
+                char **passwords,
+                uint32_t flags) {
+
+        int r = 0;
+        _cleanup_free_ char *passphrase = NULL;
+        struct crypt_params_tcrypt params = {
+                .flags = CRYPT_TCRYPT_LEGACY_MODES,
+                .keyfiles = (const char **)arg_tcrypt_keyfiles,
+                .keyfiles_count = strv_length(arg_tcrypt_keyfiles)
+        };
+
+        assert(cd);
+        assert(name);
+        assert(key_file || (passwords && passwords[0]));
+
+        if (arg_tcrypt_hidden)
+                params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
+
+        if (arg_tcrypt_system)
+                params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
+
+        if (key_file) {
+                r = read_one_line_file(key_file, &passphrase);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to read password file '%s': %m", key_file);
+                        return -EAGAIN;
+                }
+
+                params.passphrase = passphrase;
+        } else
+                params.passphrase = passwords[0];
+        params.passphrase_size = strlen(params.passphrase);
+
+        r = crypt_load(cd, CRYPT_TCRYPT, &params);
+        if (r < 0) {
+                if (key_file && r == -EPERM) {
+                        log_error("Failed to activate using password file '%s'.", key_file);
+                        return -EAGAIN;
+                }
+                return r;
+        }
+
+        return crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
+}
+
+static int attach_luks_or_plain(struct crypt_device *cd,
+                                const char *name,
+                                const char *key_file,
+                                const char *data_device,
+                                char **passwords,
+                                uint32_t flags) {
+        int r = 0;
+        bool pass_volume_key = false;
+
+        assert(cd);
+        assert(name);
+        assert(key_file || passwords);
+
+        if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
+                r = crypt_load(cd, CRYPT_LUKS1, NULL);
+                if (r < 0) {
+                        log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
+                        return r;
+                }
+
+                if (data_device)
+                        r = crypt_set_data_device(cd, data_device);
+        }
+
+        if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
+                struct crypt_params_plain params = {
+                        .offset = arg_offset,
+                        .skip = arg_skip,
+                };
+                const char *cipher, *cipher_mode;
+                _cleanup_free_ char *truncated_cipher = NULL;
+
+                if (arg_hash) {
+                        /* plain isn't a real hash type. it just means "use no hash" */
+                        if (!streq(arg_hash, "plain"))
+                                params.hash = arg_hash;
+                } else if (!key_file)
+                        /* for CRYPT_PLAIN, the behaviour of cryptsetup
+                         * package is to not hash when a key file is provided */
+                        params.hash = "ripemd160";
+
+                if (arg_cipher) {
+                        size_t l;
+
+                        l = strcspn(arg_cipher, "-");
+                        truncated_cipher = strndup(arg_cipher, l);
+                        if (!truncated_cipher)
+                                return log_oom();
+
+                        cipher = truncated_cipher;
+                        cipher_mode = arg_cipher[l] ? arg_cipher+l+1 : "plain";
+                } else {
+                        cipher = "aes";
+                        cipher_mode = "cbc-essiv:sha256";
+                }
+
+                /* for CRYPT_PLAIN limit reads
+                 * from keyfile to key length, and
+                 * ignore keyfile-size */
+                arg_keyfile_size = arg_key_size;
+
+                /* In contrast to what the name
+                 * crypt_setup() might suggest this
+                 * doesn't actually format anything,
+                 * it just configures encryption
+                 * parameters when used for plain
+                 * mode. */
+                r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
+
+                /* hash == NULL implies the user passed "plain" */
+                pass_volume_key = (params.hash == NULL);
+        }
+
+        if (r < 0)
+                return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
+
+        log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
+                 crypt_get_cipher(cd),
+                 crypt_get_cipher_mode(cd),
+                 crypt_get_volume_key_size(cd)*8,
+                 crypt_get_device_name(cd));
+
+        if (key_file) {
+                r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
+                        return -EAGAIN;
+                }
+        } else {
+                char **p;
+
+                STRV_FOREACH(p, passwords) {
+                        if (pass_volume_key)
+                                r = crypt_activate_by_volume_key(cd, name, *p, arg_key_size, flags);
+                        else
+                                r = crypt_activate_by_passphrase(cd, name, arg_key_slot, *p, strlen(*p), flags);
+
+                        if (r >= 0)
+                                break;
+                }
+        }
+
+        return r;
+}
+
+static int help(void) {
+
+        printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n"
+               "%s detach VOLUME\n\n"
+               "Attaches or detaches an encrypted block device.\n",
+               program_invocation_short_name,
+               program_invocation_short_name);
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        int r = EXIT_FAILURE;
+        struct crypt_device *cd = NULL;
+
+        if (argc <= 1) {
+                help();
+                return EXIT_SUCCESS;
+        }
+
+        if (argc < 3) {
+                log_error("This program requires at least two arguments.");
+                return EXIT_FAILURE;
+        }
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (streq(argv[1], "attach")) {
+                uint32_t flags = 0;
+                int k;
+                unsigned tries;
+                usec_t until;
+                crypt_status_info status;
+                const char *key_file = NULL;
+
+                /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
+
+                if (argc < 4) {
+                        log_error("attach requires at least two arguments.");
+                        goto finish;
+                }
+
+                if (argc >= 5 &&
+                    argv[4][0] &&
+                    !streq(argv[4], "-") &&
+                    !streq(argv[4], "none")) {
+
+                        if (!path_is_absolute(argv[4]))
+                                log_error("Password file path '%s' is not absolute. Ignoring.", argv[4]);
+                        else
+                                key_file = argv[4];
+                }
+
+                if (argc >= 6 && argv[5][0] && !streq(argv[5], "-")) {
+                        if (parse_options(argv[5]) < 0)
+                                goto finish;
+                }
+
+                /* A delicious drop of snake oil */
+                mlockall(MCL_FUTURE);
+
+                if (arg_header) {
+                        log_debug("LUKS header: %s", arg_header);
+                        k = crypt_init(&cd, arg_header);
+                } else
+                        k = crypt_init(&cd, argv[3]);
+                if (k) {
+                        log_error_errno(k, "crypt_init() failed: %m");
+                        goto finish;
+                }
+
+                crypt_set_log_callback(cd, log_glue, NULL);
+
+                status = crypt_status(cd, argv[2]);
+                if (status == CRYPT_ACTIVE || status == CRYPT_BUSY) {
+                        log_info("Volume %s already active.", argv[2]);
+                        r = EXIT_SUCCESS;
+                        goto finish;
+                }
+
+                if (arg_readonly)
+                        flags |= CRYPT_ACTIVATE_READONLY;
+
+                if (arg_discards)
+                        flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+
+                if (arg_timeout > 0)
+                        until = now(CLOCK_MONOTONIC) + arg_timeout;
+                else
+                        until = 0;
+
+                arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
+
+                if (key_file) {
+                        struct stat st;
+
+                        /* Ideally we'd do this on the open fd, but since this is just a
+                         * warning it's OK to do this in two steps. */
+                        if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005))
+                                log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
+                }
+
+                for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
+                        _cleanup_strv_free_erase_ char **passwords = NULL;
+
+                        if (!key_file) {
+                                k = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
+                                if (k == -EAGAIN)
+                                        continue;
+                                else if (k < 0)
+                                        goto finish;
+                        }
+
+                        if (streq_ptr(arg_type, CRYPT_TCRYPT))
+                                k = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
+                        else
+                                k = attach_luks_or_plain(cd,
+                                                         argv[2],
+                                                         key_file,
+                                                         arg_header ? argv[3] : NULL,
+                                                         passwords,
+                                                         flags);
+                        if (k >= 0)
+                                break;
+                        else if (k == -EAGAIN) {
+                                key_file = NULL;
+                                continue;
+                        } else if (k != -EPERM) {
+                                log_error_errno(k, "Failed to activate: %m");
+                                goto finish;
+                        }
+
+                        log_warning("Invalid passphrase.");
+                }
+
+                if (arg_tries != 0 && tries >= arg_tries) {
+                        log_error("Too many attempts; giving up.");
+                        r = EXIT_FAILURE;
+                        goto finish;
+                }
+
+        } else if (streq(argv[1], "detach")) {
+                int k;
+
+                k = crypt_init_by_name(&cd, argv[2]);
+                if (k == -ENODEV) {
+                        log_info("Volume %s already inactive.", argv[2]);
+                        r = EXIT_SUCCESS;
+                        goto finish;
+                } else if (k) {
+                        log_error_errno(k, "crypt_init_by_name() failed: %m");
+                        goto finish;
+                }
+
+                crypt_set_log_callback(cd, log_glue, NULL);
+
+                k = crypt_deactivate(cd, argv[2]);
+                if (k < 0) {
+                        log_error_errno(k, "Failed to deactivate: %m");
+                        goto finish;
+                }
+
+        } else {
+                log_error("Unknown verb %s.", argv[1]);
+                goto finish;
+        }
+
+        r = EXIT_SUCCESS;
+
+finish:
+
+        if (cd)
+                crypt_free(cd);
+
+        free(arg_cipher);
+        free(arg_hash);
+        free(arg_header);
+        strv_free(arg_tcrypt_keyfiles);
+
+        return r;
+}
diff --git a/src/systemd-dbus1-generator/Makefile b/src/systemd-dbus1-generator/Makefile
new file mode 100644
index 0000000000..1d7f0d1a81
--- /dev/null
+++ b/src/systemd-dbus1-generator/Makefile
@@ -0,0 +1,49 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemgenerator_PROGRAMS +=  \
+	systemd-dbus1-generator
+
+systemd_dbus1_generator_SOURCES = \
+	src/dbus1-generator/dbus1-generator.c
+
+systemd_dbus1_generator_LDADD = \
+	libshared.la
+
+dbus1-generator-install-hook:
+	$(AM_V_at)$(MKDIR_P) $(DESTDIR)$(usergeneratordir)
+	$(AM_V_RM)rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+	$(AM_V_LN)$(LN_S) --relative -f $(DESTDIR)$(systemgeneratordir)/systemd-dbus1-generator $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+
+dbus1-generator-uninstall-hook:
+	rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator
+
+dist_xinitrc_SCRIPTS = \
+	xorg/50-systemd-user.sh
+
+INSTALL_EXEC_HOOKS += dbus1-generator-install-hook
+UNINSTALL_EXEC_HOOKS += dbus1-generator-uninstall-hook
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/dbus1-generator/dbus1-generator.c b/src/systemd-dbus1-generator/dbus1-generator.c
index 717cb9558e..717cb9558e 100644
--- a/src/dbus1-generator/dbus1-generator.c
+++ b/src/systemd-dbus1-generator/dbus1-generator.c
diff --git a/src/systemd-debug-generator/Makefile b/src/systemd-debug-generator/Makefile
new file mode 100644
index 0000000000..bba46c2905
--- /dev/null
+++ b/src/systemd-debug-generator/Makefile
@@ -0,0 +1,34 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemgenerator_PROGRAMS += systemd-debug-generator
+
+systemd_debug_generator_SOURCES = \
+	src/debug-generator/debug-generator.c
+
+systemd_debug_generator_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/debug-generator/debug-generator.c b/src/systemd-debug-generator/debug-generator.c
index 7e80af78e7..7e80af78e7 100644
--- a/src/debug-generator/debug-generator.c
+++ b/src/systemd-debug-generator/debug-generator.c
diff --git a/src/systemd-delta/Makefile b/src/systemd-delta/Makefile
new file mode 100644
index 0000000000..62c18cd8d4
--- /dev/null
+++ b/src/systemd-delta/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-delta
+systemd_delta_SOURCES = \
+	src/delta/delta.c
+
+systemd_delta_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/delta/delta.c b/src/systemd-delta/delta.c
index f32744def2..f32744def2 100644
--- a/src/delta/delta.c
+++ b/src/systemd-delta/delta.c
diff --git a/src/systemd-escape/Makefile b/src/systemd-escape/Makefile
new file mode 100644
index 0000000000..f094a7e2a0
--- /dev/null
+++ b/src/systemd-escape/Makefile
@@ -0,0 +1,34 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += systemd-escape
+
+systemd_escape_SOURCES = \
+	src/escape/escape.c
+
+systemd_escape_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/escape/escape.c b/src/systemd-escape/escape.c
index 9f39049577..9f39049577 100644
--- a/src/escape/escape.c
+++ b/src/systemd-escape/escape.c
diff --git a/src/systemd-firstboot/Makefile b/src/systemd-firstboot/Makefile
new file mode 100644
index 0000000000..09d9ebb1d7
--- /dev/null
+++ b/src/systemd-firstboot/Makefile
@@ -0,0 +1,47 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_FIRSTBOOT),)
+systemd_firstboot_SOURCES = \
+	src/firstboot/firstboot.c
+
+systemd_firstboot_LDADD = \
+	libshared.la \
+	-lcrypt
+
+rootbin_PROGRAMS += \
+	systemd-firstboot
+
+nodist_systemunit_DATA += \
+	units/systemd-firstboot.service
+
+SYSINIT_TARGET_WANTS += \
+	systemd-firstboot.service
+endif # ENABLE_FIRSTBOOT
+
+EXTRA_DIST += \
+	units/systemd-firstboot.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/firstboot/firstboot.c b/src/systemd-firstboot/firstboot.c
index 1e1a592b7c..1e1a592b7c 100644
--- a/src/firstboot/firstboot.c
+++ b/src/systemd-firstboot/firstboot.c
diff --git a/src/systemd-fsck/Makefile b/src/systemd-fsck/Makefile
new file mode 100644
index 0000000000..cc4e21055c
--- /dev/null
+++ b/src/systemd-fsck/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-fsck
+systemd_fsck_SOURCES = \
+	src/fsck/fsck.c
+
+systemd_fsck_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-fsck/fsck.c b/src/systemd-fsck/fsck.c
new file mode 100644
index 0000000000..d7f0829ffc
--- /dev/null
+++ b/src/systemd-fsck/fsck.c
@@ -0,0 +1,487 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+  Copyright 2014 Holger Hans Peter Freyther
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <sys/file.h>
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-device.h>
+
+#include "alloc-util.h"
+#include "bus-common-errors.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "device-util.h"
+#include "fd-util.h"
+#include "fs-util.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "proc-cmdline.h"
+#include "process-util.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "special.h"
+#include "stdio-util.h"
+#include "util.h"
+
+/* exit codes as defined in fsck(8) */
+enum {
+        FSCK_SUCCESS = 0,
+        FSCK_ERROR_CORRECTED = 1,
+        FSCK_SYSTEM_SHOULD_REBOOT = 2,
+        FSCK_ERRORS_LEFT_UNCORRECTED = 4,
+        FSCK_OPERATIONAL_ERROR = 8,
+        FSCK_USAGE_OR_SYNTAX_ERROR = 16,
+        FSCK_USER_CANCELLED = 32,
+        FSCK_SHARED_LIB_ERROR = 128,
+};
+
+static bool arg_skip = false;
+static bool arg_force = false;
+static bool arg_show_progress = false;
+static const char *arg_repair = "-a";
+
+static void start_target(const char *target, const char *mode) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        assert(target);
+
+        r = bus_connect_system_systemd(&bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get D-Bus connection: %m");
+                return;
+        }
+
+        log_info("Running request %s/start/replace", target);
+
+        /* Start these units only if we can replace base.target with it */
+        r = sd_bus_call_method(bus,
+                               "org.freedesktop.systemd1",
+                               "/org/freedesktop/systemd1",
+                               "org.freedesktop.systemd1.Manager",
+                               "StartUnitReplace",
+                               &error,
+                               NULL,
+                               "sss", "basic.target", target, mode);
+
+        /* Don't print a warning if we aren't called during startup */
+        if (r < 0 && !sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_JOB))
+                log_error("Failed to start unit: %s", bus_error_message(&error, r));
+}
+
+static int parse_proc_cmdline_item(const char *key, const char *value) {
+        int r;
+
+        assert(key);
+
+        if (streq(key, "fsck.mode") && value) {
+
+                if (streq(value, "auto"))
+                        arg_force = arg_skip = false;
+                else if (streq(value, "force"))
+                        arg_force = true;
+                else if (streq(value, "skip"))
+                        arg_skip = true;
+                else
+                        log_warning("Invalid fsck.mode= parameter '%s'. Ignoring.", value);
+
+        } else if (streq(key, "fsck.repair") && value) {
+
+                if (streq(value, "preen"))
+                        arg_repair = "-a";
+                else {
+                        r = parse_boolean(value);
+                        if (r > 0)
+                                arg_repair = "-y";
+                        else if (r == 0)
+                                arg_repair = "-n";
+                        else
+                                log_warning("Invalid fsck.repair= parameter '%s'. Ignoring.", value);
+                }
+        }
+
+#ifdef HAVE_SYSV_COMPAT
+        else if (streq(key, "fastboot") && !value) {
+                log_warning("Please pass 'fsck.mode=skip' rather than 'fastboot' on the kernel command line.");
+                arg_skip = true;
+
+        } else if (streq(key, "forcefsck") && !value) {
+                log_warning("Please pass 'fsck.mode=force' rather than 'forcefsck' on the kernel command line.");
+                arg_force = true;
+        }
+#endif
+
+        return 0;
+}
+
+static void test_files(void) {
+
+#ifdef HAVE_SYSV_COMPAT
+        if (access("/fastboot", F_OK) >= 0) {
+                log_error("Please pass 'fsck.mode=skip' on the kernel command line rather than creating /fastboot on the root file system.");
+                arg_skip = true;
+        }
+
+        if (access("/forcefsck", F_OK) >= 0) {
+                log_error("Please pass 'fsck.mode=force' on the kernel command line rather than creating /forcefsck on the root file system.");
+                arg_force = true;
+        }
+#endif
+
+        arg_show_progress = access("/run/systemd/show-status", F_OK) >= 0;
+}
+
+static double percent(int pass, unsigned long cur, unsigned long max) {
+        /* Values stolen from e2fsck */
+
+        static const int pass_table[] = {
+                0, 70, 90, 92, 95, 100
+        };
+
+        if (pass <= 0)
+                return 0.0;
+
+        if ((unsigned) pass >= ELEMENTSOF(pass_table) || max == 0)
+                return 100.0;
+
+        return (double) pass_table[pass-1] +
+                ((double) pass_table[pass] - (double) pass_table[pass-1]) *
+                (double) cur / (double) max;
+}
+
+static int process_progress(int fd) {
+        _cleanup_fclose_ FILE *console = NULL, *f = NULL;
+        usec_t last = 0;
+        bool locked = false;
+        int clear = 0, r;
+
+        /* No progress pipe to process? Then we are a NOP. */
+        if (fd < 0)
+                return 0;
+
+        f = fdopen(fd, "re");
+        if (!f) {
+                safe_close(fd);
+                return -errno;
+        }
+
+        console = fopen("/dev/console", "we");
+        if (!console)
+                return -ENOMEM;
+
+        for (;;) {
+                int pass, m;
+                unsigned long cur, max;
+                _cleanup_free_ char *device = NULL;
+                double p;
+                usec_t t;
+
+                if (fscanf(f, "%i %lu %lu %ms", &pass, &cur, &max, &device) != 4) {
+
+                        if (ferror(f))
+                                r = log_warning_errno(errno, "Failed to read from progress pipe: %m");
+                        else if (feof(f))
+                                r = 0;
+                        else {
+                                log_warning("Failed to parse progress pipe data");
+                                r = -EBADMSG;
+                        }
+                        break;
+                }
+
+                /* Only show one progress counter at max */
+                if (!locked) {
+                        if (flock(fileno(console), LOCK_EX|LOCK_NB) < 0)
+                                continue;
+
+                        locked = true;
+                }
+
+                /* Only update once every 50ms */
+                t = now(CLOCK_MONOTONIC);
+                if (last + 50 * USEC_PER_MSEC > t)
+                        continue;
+
+                last = t;
+
+                p = percent(pass, cur, max);
+                fprintf(console, "\r%s: fsck %3.1f%% complete...\r%n", device, p, &m);
+                fflush(console);
+
+                if (m > clear)
+                        clear = m;
+        }
+
+        if (clear > 0) {
+                unsigned j;
+
+                fputc('\r', console);
+                for (j = 0; j < (unsigned) clear; j++)
+                        fputc(' ', console);
+                fputc('\r', console);
+                fflush(console);
+        }
+
+        return r;
+}
+
+static int fsck_progress_socket(void) {
+        static const union sockaddr_union sa = {
+                .un.sun_family = AF_UNIX,
+                .un.sun_path = "/run/systemd/fsck.progress",
+        };
+
+        int fd, r;
+
+        fd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (fd < 0)
+                return log_warning_errno(errno, "socket(): %m");
+
+        if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
+                r = log_full_errno(errno == ECONNREFUSED || errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
+                                   errno, "Failed to connect to progress socket %s, ignoring: %m", sa.un.sun_path);
+                safe_close(fd);
+                return r;
+        }
+
+        return fd;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_close_pair_ int progress_pipe[2] = { -1, -1 };
+        _cleanup_(sd_device_unrefp) sd_device *dev = NULL;
+        const char *device, *type;
+        bool root_directory;
+        siginfo_t status;
+        struct stat st;
+        int r;
+        pid_t pid;
+
+        if (argc > 2) {
+                log_error("This program expects one or no arguments.");
+                return EXIT_FAILURE;
+        }
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        r = parse_proc_cmdline(parse_proc_cmdline_item);
+        if (r < 0)
+                log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
+
+        test_files();
+
+        if (!arg_force && arg_skip) {
+                r = 0;
+                goto finish;
+        }
+
+        if (argc > 1) {
+                device = argv[1];
+
+                if (stat(device, &st) < 0) {
+                        r = log_error_errno(errno, "Failed to stat %s: %m", device);
+                        goto finish;
+                }
+
+                if (!S_ISBLK(st.st_mode)) {
+                        log_error("%s is not a block device.", device);
+                        r = -EINVAL;
+                        goto finish;
+                }
+
+                r = sd_device_new_from_devnum(&dev, 'b', st.st_rdev);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to detect device %s: %m", device);
+                        goto finish;
+                }
+
+                root_directory = false;
+        } else {
+                struct timespec times[2];
+
+                /* Find root device */
+
+                if (stat("/", &st) < 0) {
+                        r = log_error_errno(errno, "Failed to stat() the root directory: %m");
+                        goto finish;
+                }
+
+                /* Virtual root devices don't need an fsck */
+                if (major(st.st_dev) == 0) {
+                        log_debug("Root directory is virtual or btrfs, skipping check.");
+                        r = 0;
+                        goto finish;
+                }
+
+                /* check if we are already writable */
+                times[0] = st.st_atim;
+                times[1] = st.st_mtim;
+
+                if (utimensat(AT_FDCWD, "/", times, 0) == 0) {
+                        log_info("Root directory is writable, skipping check.");
+                        r = 0;
+                        goto finish;
+                }
+
+                r = sd_device_new_from_devnum(&dev, 'b', st.st_dev);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to detect root device: %m");
+                        goto finish;
+                }
+
+                r = sd_device_get_devname(dev, &device);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to detect device node of root directory: %m");
+                        goto finish;
+                }
+
+                root_directory = true;
+        }
+
+        r = sd_device_get_property_value(dev, "ID_FS_TYPE", &type);
+        if (r >= 0) {
+                r = fsck_exists(type);
+                if (r < 0)
+                        log_warning_errno(r, "Couldn't detect if fsck.%s may be used for %s, proceeding: %m", type, device);
+                else if (r == 0) {
+                        log_info("fsck.%s doesn't exist, not checking file system on %s.", type, device);
+                        goto finish;
+                }
+        }
+
+        if (arg_show_progress) {
+                if (pipe(progress_pipe) < 0) {
+                        r = log_error_errno(errno, "pipe(): %m");
+                        goto finish;
+                }
+        }
+
+        pid = fork();
+        if (pid < 0) {
+                r = log_error_errno(errno, "fork(): %m");
+                goto finish;
+        }
+        if (pid == 0) {
+                char dash_c[sizeof("-C")-1 + DECIMAL_STR_MAX(int) + 1];
+                int progress_socket = -1;
+                const char *cmdline[9];
+                int i = 0;
+
+                /* Child */
+
+                (void) reset_all_signal_handlers();
+                (void) reset_signal_mask();
+                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
+
+                /* Close the reading side of the progress pipe */
+                progress_pipe[0] = safe_close(progress_pipe[0]);
+
+                /* Try to connect to a progress management daemon, if there is one */
+                progress_socket = fsck_progress_socket();
+                if (progress_socket >= 0) {
+                        /* If this worked we close the progress pipe early, and just use the socket */
+                        progress_pipe[1] = safe_close(progress_pipe[1]);
+                        xsprintf(dash_c, "-C%i", progress_socket);
+                } else if (progress_pipe[1] >= 0) {
+                        /* Otherwise if we have the progress pipe to our own local handle, we use it */
+                        xsprintf(dash_c, "-C%i", progress_pipe[1]);
+                } else
+                        dash_c[0] = 0;
+
+                cmdline[i++] = "/sbin/fsck";
+                cmdline[i++] =  arg_repair;
+                cmdline[i++] = "-T";
+
+                /*
+                 * Since util-linux v2.25 fsck uses /run/fsck/<diskname>.lock files.
+                 * The previous versions use flock for the device and conflict with
+                 * udevd, see https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
+                 */
+                cmdline[i++] = "-l";
+
+                if (!root_directory)
+                        cmdline[i++] = "-M";
+
+                if (arg_force)
+                        cmdline[i++] = "-f";
+
+                if (!isempty(dash_c))
+                        cmdline[i++] = dash_c;
+
+                cmdline[i++] = device;
+                cmdline[i++] = NULL;
+
+                execv(cmdline[0], (char**) cmdline);
+                _exit(FSCK_OPERATIONAL_ERROR);
+        }
+
+        progress_pipe[1] = safe_close(progress_pipe[1]);
+        (void) process_progress(progress_pipe[0]);
+        progress_pipe[0] = -1;
+
+        r = wait_for_terminate(pid, &status);
+        if (r < 0) {
+                log_error_errno(r, "waitid(): %m");
+                goto finish;
+        }
+
+        if (status.si_code != CLD_EXITED || (status.si_status & ~1)) {
+
+                if (status.si_code == CLD_KILLED || status.si_code == CLD_DUMPED)
+                        log_error("fsck terminated by signal %s.", signal_to_string(status.si_status));
+                else if (status.si_code == CLD_EXITED)
+                        log_error("fsck failed with error code %i.", status.si_status);
+                else
+                        log_error("fsck failed due to unknown reason.");
+
+                r = -EINVAL;
+
+                if (status.si_code == CLD_EXITED && (status.si_status & FSCK_SYSTEM_SHOULD_REBOOT) && root_directory)
+                        /* System should be rebooted. */
+                        start_target(SPECIAL_REBOOT_TARGET, "replace-irreversibly");
+                else if (status.si_code == CLD_EXITED && (status.si_status & (FSCK_SYSTEM_SHOULD_REBOOT | FSCK_ERRORS_LEFT_UNCORRECTED)))
+                        /* Some other problem */
+                        start_target(SPECIAL_EMERGENCY_TARGET, "replace");
+                else {
+                        log_warning("Ignoring error.");
+                        r = 0;
+                }
+
+        } else
+                r = 0;
+
+        if (status.si_code == CLD_EXITED && (status.si_status & FSCK_ERROR_CORRECTED))
+                (void) touch("/run/systemd/quotacheck");
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-fstab-generator/Makefile b/src/systemd-fstab-generator/Makefile
new file mode 100644
index 0000000000..0bfc70e464
--- /dev/null
+++ b/src/systemd-fstab-generator/Makefile
@@ -0,0 +1,34 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemgenerator_PROGRAMS += systemd-fstab-generator
+systemd_fstab_generator_SOURCES = \
+	src/fstab-generator/fstab-generator.c \
+	src/core/mount-setup.c
+
+systemd_fstab_generator_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/fstab-generator/fstab-generator.c b/src/systemd-fstab-generator/fstab-generator.c
index 108522873e..108522873e 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/systemd-fstab-generator/fstab-generator.c
diff --git a/src/systemd-getty-generator/Makefile b/src/systemd-getty-generator/Makefile
new file mode 100644
index 0000000000..14f7d02a86
--- /dev/null
+++ b/src/systemd-getty-generator/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemgenerator_PROGRAMS += systemd-getty-generator
+systemd_getty_generator_SOURCES = \
+	src/getty-generator/getty-generator.c
+
+systemd_getty_generator_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/getty-generator/getty-generator.c b/src/systemd-getty-generator/getty-generator.c
index b15c76b5b8..b15c76b5b8 100644
--- a/src/getty-generator/getty-generator.c
+++ b/src/systemd-getty-generator/getty-generator.c
diff --git a/src/systemd-gpt-auto-generator/Makefile b/src/systemd-gpt-auto-generator/Makefile
new file mode 100644
index 0000000000..177db8da7c
--- /dev/null
+++ b/src/systemd-gpt-auto-generator/Makefile
@@ -0,0 +1,43 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_BLKID),)
+systemgenerator_PROGRAMS +=  \
+	systemd-gpt-auto-generator
+
+systemd_gpt_auto_generator_SOURCES = \
+	src/gpt-auto-generator/gpt-auto-generator.c \
+	src/basic/blkid-util.h
+
+systemd_gpt_auto_generator_LDADD = \
+	libshared.la \
+	$(BLKID_LIBS)
+
+systemd_gpt_auto_generator_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(BLKID_CFLAGS)
+endif # HAVE_BLKID
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-gpt-auto-generator/gpt-auto-generator.c b/src/systemd-gpt-auto-generator/gpt-auto-generator.c
new file mode 100644
index 0000000000..73e32da751
--- /dev/null
+++ b/src/systemd-gpt-auto-generator/gpt-auto-generator.c
@@ -0,0 +1,1042 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <blkid/blkid.h>
+#include <stdlib.h>
+#include <sys/statfs.h>
+#include <unistd.h>
+
+#include "libudev.h"
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "blkid-util.h"
+#include "btrfs-util.h"
+#include "dirent-util.h"
+#include "efivars.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fstab-util.h"
+#include "generator.h"
+#include "gpt.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "mount-util.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "proc-cmdline.h"
+#include "special.h"
+#include "stat-util.h"
+#include "string-util.h"
+#include "udev-util.h"
+#include "unit-name.h"
+#include "util.h"
+#include "virt.h"
+
+static const char *arg_dest = "/tmp";
+static bool arg_enabled = true;
+static bool arg_root_enabled = true;
+static bool arg_root_rw = false;
+
+static int add_cryptsetup(const char *id, const char *what, bool rw, char **device) {
+        _cleanup_free_ char *e = NULL, *n = NULL, *p = NULL, *d = NULL, *to = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        char *from, *ret;
+        int r;
+
+        assert(id);
+        assert(what);
+        assert(device);
+
+        r = unit_name_from_path(what, ".device", &d);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate unit name: %m");
+
+        e = unit_name_escape(id);
+        if (!e)
+                return log_oom();
+
+        r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate unit name: %m");
+
+        p = strjoin(arg_dest, "/", n, NULL);
+        if (!p)
+                return log_oom();
+
+        f = fopen(p, "wxe");
+        if (!f)
+                return log_error_errno(errno, "Failed to create unit file %s: %m", p);
+
+        fprintf(f,
+                "# Automatically generated by systemd-gpt-auto-generator\n\n"
+                "[Unit]\n"
+                "Description=Cryptography Setup for %%I\n"
+                "Documentation=man:systemd-gpt-auto-generator(8) man:systemd-cryptsetup@.service(8)\n"
+                "DefaultDependencies=no\n"
+                "Conflicts=umount.target\n"
+                "BindsTo=dev-mapper-%%i.device %s\n"
+                "Before=umount.target cryptsetup.target\n"
+                "After=%s\n"
+                "IgnoreOnIsolate=true\n"
+                "[Service]\n"
+                "Type=oneshot\n"
+                "RemainAfterExit=yes\n"
+                "TimeoutSec=0\n" /* the binary handles timeouts anyway */
+                "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '' '%s'\n"
+                "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
+                d, d,
+                id, what, rw ? "" : "read-only",
+                id);
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write file %s: %m", p);
+
+        from = strjoina("../", n);
+
+        to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
+        if (!to)
+                return log_oom();
+
+        mkdir_parents_label(to, 0755);
+        if (symlink(from, to) < 0)
+                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+
+        free(to);
+        to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
+        if (!to)
+                return log_oom();
+
+        mkdir_parents_label(to, 0755);
+        if (symlink(from, to) < 0)
+                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+
+        free(to);
+        to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
+        if (!to)
+                return log_oom();
+
+        mkdir_parents_label(to, 0755);
+        if (symlink(from, to) < 0)
+                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+
+        free(p);
+        p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
+        if (!p)
+                return log_oom();
+
+        mkdir_parents_label(p, 0755);
+        r = write_string_file(p,
+                        "# Automatically generated by systemd-gpt-auto-generator\n\n"
+                        "[Unit]\n"
+                        "JobTimeoutSec=0\n",
+                        WRITE_STRING_FILE_CREATE); /* the binary handles timeouts anyway */
+        if (r < 0)
+                return log_error_errno(r, "Failed to write device drop-in: %m");
+
+        ret = strappend("/dev/mapper/", id);
+        if (!ret)
+                return log_oom();
+
+        *device = ret;
+        return 0;
+}
+
+static int add_mount(
+                const char *id,
+                const char *what,
+                const char *where,
+                const char *fstype,
+                bool rw,
+                const char *options,
+                const char *description,
+                const char *post) {
+
+        _cleanup_free_ char *unit = NULL, *lnk = NULL, *crypto_what = NULL, *p = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(id);
+        assert(what);
+        assert(where);
+        assert(description);
+
+        log_debug("Adding %s: %s %s", where, what, strna(fstype));
+
+        if (streq_ptr(fstype, "crypto_LUKS")) {
+
+                r = add_cryptsetup(id, what, rw, &crypto_what);
+                if (r < 0)
+                        return r;
+
+                what = crypto_what;
+                fstype = NULL;
+        }
+
+        r = unit_name_from_path(where, ".mount", &unit);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate unit name: %m");
+
+        p = strjoin(arg_dest, "/", unit, NULL);
+        if (!p)
+                return log_oom();
+
+        f = fopen(p, "wxe");
+        if (!f)
+                return log_error_errno(errno, "Failed to create unit file %s: %m", unit);
+
+        fprintf(f,
+                "# Automatically generated by systemd-gpt-auto-generator\n\n"
+                "[Unit]\n"
+                "Description=%s\n"
+                "Documentation=man:systemd-gpt-auto-generator(8)\n",
+                description);
+
+        if (post)
+                fprintf(f, "Before=%s\n", post);
+
+        r = generator_write_fsck_deps(f, arg_dest, what, where, fstype);
+        if (r < 0)
+                return r;
+
+        fprintf(f,
+                "\n"
+                "[Mount]\n"
+                "What=%s\n"
+                "Where=%s\n",
+                what, where);
+
+        if (fstype)
+                fprintf(f, "Type=%s\n", fstype);
+
+        if (options)
+                fprintf(f, "Options=%s,%s\n", options, rw ? "rw" : "ro");
+        else
+                fprintf(f, "Options=%s\n", rw ? "rw" : "ro");
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write unit file %s: %m", p);
+
+        if (post) {
+                lnk = strjoin(arg_dest, "/", post, ".requires/", unit, NULL);
+                if (!lnk)
+                        return log_oom();
+
+                mkdir_parents_label(lnk, 0755);
+                if (symlink(p, lnk) < 0)
+                        return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
+        }
+
+        return 0;
+}
+
+static bool path_is_busy(const char *where) {
+        int r;
+
+        /* already a mountpoint; generators run during reload */
+        r = path_is_mount_point(where, AT_SYMLINK_FOLLOW);
+        if (r > 0)
+                return false;
+
+        /* the directory might not exist on a stateless system */
+        if (r == -ENOENT)
+                return false;
+
+        if (r < 0)
+                return true;
+
+        /* not a mountpoint but it contains files */
+        if (dir_is_empty(where) <= 0)
+                return true;
+
+        return false;
+}
+
+static int probe_and_add_mount(
+                const char *id,
+                const char *what,
+                const char *where,
+                bool rw,
+                const char *description,
+                const char *post) {
+
+        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
+        const char *fstype = NULL;
+        int r;
+
+        assert(id);
+        assert(what);
+        assert(where);
+        assert(description);
+
+        if (path_is_busy(where)) {
+                log_debug("%s already populated, ignoring.", where);
+                return 0;
+        }
+
+        /* Let's check the partition type here, so that we know
+         * whether to do LUKS magic. */
+
+        errno = 0;
+        b = blkid_new_probe_from_filename(what);
+        if (!b) {
+                if (errno == 0)
+                        return log_oom();
+                return log_error_errno(errno, "Failed to allocate prober: %m");
+        }
+
+        blkid_probe_enable_superblocks(b, 1);
+        blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
+
+        errno = 0;
+        r = blkid_do_safeprobe(b);
+        if (r == -2 || r == 1) /* no result or uncertain */
+                return 0;
+        else if (r != 0)
+                return log_error_errno(errno ?: EIO, "Failed to probe %s: %m", what);
+
+        /* add_mount is OK with fstype being NULL. */
+        (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
+
+        return add_mount(
+                        id,
+                        what,
+                        where,
+                        fstype,
+                        rw,
+                        NULL,
+                        description,
+                        post);
+}
+
+static int add_swap(const char *path) {
+        _cleanup_free_ char *name = NULL, *unit = NULL, *lnk = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(path);
+
+        log_debug("Adding swap: %s", path);
+
+        r = unit_name_from_path(path, ".swap", &name);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate unit name: %m");
+
+        unit = strjoin(arg_dest, "/", name, NULL);
+        if (!unit)
+                return log_oom();
+
+        f = fopen(unit, "wxe");
+        if (!f)
+                return log_error_errno(errno, "Failed to create unit file %s: %m", unit);
+
+        fprintf(f,
+                "# Automatically generated by systemd-gpt-auto-generator\n\n"
+                "[Unit]\n"
+                "Description=Swap Partition\n"
+                "Documentation=man:systemd-gpt-auto-generator(8)\n\n"
+                "[Swap]\n"
+                "What=%s\n",
+                path);
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write unit file %s: %m", unit);
+
+        lnk = strjoin(arg_dest, "/" SPECIAL_SWAP_TARGET ".wants/", name, NULL);
+        if (!lnk)
+                return log_oom();
+
+        mkdir_parents_label(lnk, 0755);
+        if (symlink(unit, lnk) < 0)
+                return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
+
+        return 0;
+}
+
+#ifdef ENABLE_EFI
+static int add_automount(
+                const char *id,
+                const char *what,
+                const char *where,
+                const char *fstype,
+                bool rw,
+                const char *options,
+                const char *description,
+                usec_t timeout) {
+
+        _cleanup_free_ char *unit = NULL, *lnk = NULL;
+        _cleanup_free_ char *opt, *p = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(id);
+        assert(where);
+        assert(description);
+
+        if (options)
+                opt = strjoin(options, ",noauto", NULL);
+        else
+                opt = strdup("noauto");
+        if (!opt)
+                return log_oom();
+
+        r = add_mount(id,
+                      what,
+                      where,
+                      fstype,
+                      rw,
+                      opt,
+                      description,
+                      NULL);
+        if (r < 0)
+                return r;
+
+        r = unit_name_from_path(where, ".automount", &unit);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate unit name: %m");
+
+        p = strjoin(arg_dest, "/", unit, NULL);
+        if (!p)
+                return log_oom();
+
+        f = fopen(p, "wxe");
+        if (!f)
+                return log_error_errno(errno, "Failed to create unit file %s: %m", unit);
+
+        fprintf(f,
+                "# Automatically generated by systemd-gpt-auto-generator\n\n"
+                "[Unit]\n"
+                "Description=%s\n"
+                "Documentation=man:systemd-gpt-auto-generator(8)\n"
+                "[Automount]\n"
+                "Where=%s\n"
+                "TimeoutIdleSec=%lld\n",
+                description,
+                where,
+                (unsigned long long)timeout / USEC_PER_SEC);
+
+        r = fflush_and_check(f);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write unit file %s: %m", p);
+
+        lnk = strjoin(arg_dest, "/" SPECIAL_LOCAL_FS_TARGET ".wants/", unit, NULL);
+        if (!lnk)
+                return log_oom();
+        mkdir_parents_label(lnk, 0755);
+
+        if (symlink(p, lnk) < 0)
+                return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
+
+        return 0;
+}
+
+static int add_boot(const char *what) {
+        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
+        const char *fstype = NULL, *uuid = NULL;
+        sd_id128_t id, type_id;
+        int r;
+
+        assert(what);
+
+        if (!is_efi_boot()) {
+                log_debug("Not an EFI boot, ignoring /boot.");
+                return 0;
+        }
+
+        if (in_initrd()) {
+                log_debug("In initrd, ignoring /boot.");
+                return 0;
+        }
+
+        if (detect_container() > 0) {
+                log_debug("In a container, ignoring /boot.");
+                return 0;
+        }
+
+        /* We create an .automount which is not overridden by the .mount from the fstab generator. */
+        if (fstab_is_mount_point("/boot")) {
+                log_debug("/boot specified in fstab, ignoring.");
+                return 0;
+        }
+
+        if (path_is_busy("/boot")) {
+                log_debug("/boot already populated, ignoring.");
+                return 0;
+        }
+
+        r = efi_loader_get_device_part_uuid(&id);
+        if (r == -ENOENT) {
+                log_debug("EFI loader partition unknown.");
+                return 0;
+        }
+
+        if (r < 0) {
+                log_error_errno(r, "Failed to read ESP partition UUID: %m");
+                return r;
+        }
+
+        errno = 0;
+        b = blkid_new_probe_from_filename(what);
+        if (!b) {
+                if (errno == 0)
+                        return log_oom();
+                return log_error_errno(errno, "Failed to allocate prober: %m");
+        }
+
+        blkid_probe_enable_partitions(b, 1);
+        blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
+
+        errno = 0;
+        r = blkid_do_safeprobe(b);
+        if (r == -2 || r == 1) /* no result or uncertain */
+                return 0;
+        else if (r != 0)
+                return log_error_errno(errno ?: EIO, "Failed to probe %s: %m", what);
+
+        (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
+        if (!streq_ptr(fstype, "vfat")) {
+                log_debug("Partition for /boot is not a FAT filesystem, ignoring.");
+                return 0;
+        }
+
+        errno = 0;
+        r = blkid_probe_lookup_value(b, "PART_ENTRY_UUID", &uuid, NULL);
+        if (r != 0) {
+                log_debug_errno(errno, "Partition for /boot does not have a UUID, ignoring.");
+                return 0;
+        }
+
+        if (sd_id128_from_string(uuid, &type_id) < 0) {
+                log_debug("Partition for /boot does not have a valid UUID, ignoring.");
+                return 0;
+        }
+
+        if (!sd_id128_equal(type_id, id)) {
+                log_debug("Partition for /boot does not appear to be the partition we are booted from.");
+                return 0;
+        }
+
+        r = add_automount("boot",
+                       what,
+                       "/boot",
+                       "vfat",
+                       true,
+                       "umask=0077",
+                       "EFI System Partition Automount",
+                       120 * USEC_PER_SEC);
+
+        return r;
+}
+#else
+static int add_boot(const char *what) {
+        return 0;
+}
+#endif
+
+static int enumerate_partitions(dev_t devnum) {
+
+        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        _cleanup_free_ char *boot = NULL, *home = NULL, *srv = NULL;
+        struct udev_list_entry *first, *item;
+        struct udev_device *parent = NULL;
+        const char *name, *node, *pttype, *devtype;
+        int boot_nr = -1, home_nr = -1, srv_nr = -1;
+        bool home_rw = true, srv_rw = true;
+        blkid_partlist pl;
+        int r, k;
+        dev_t pn;
+
+        udev = udev_new();
+        if (!udev)
+                return log_oom();
+
+        d = udev_device_new_from_devnum(udev, 'b', devnum);
+        if (!d)
+                return log_oom();
+
+        name = udev_device_get_devnode(d);
+        if (!name)
+                name = udev_device_get_syspath(d);
+        if (!name) {
+                log_debug("Device %u:%u does not have a name, ignoring.",
+                          major(devnum), minor(devnum));
+                return 0;
+        }
+
+        parent = udev_device_get_parent(d);
+        if (!parent) {
+                log_debug("%s: not a partitioned device, ignoring.", name);
+                return 0;
+        }
+
+        /* Does it have a devtype? */
+        devtype = udev_device_get_devtype(parent);
+        if (!devtype) {
+                log_debug("%s: parent doesn't have a device type, ignoring.", name);
+                return 0;
+        }
+
+        /* Is this a disk or a partition? We only care for disks... */
+        if (!streq(devtype, "disk")) {
+                log_debug("%s: parent isn't a raw disk, ignoring.", name);
+                return 0;
+        }
+
+        /* Does it have a device node? */
+        node = udev_device_get_devnode(parent);
+        if (!node) {
+                log_debug("%s: parent device does not have device node, ignoring.", name);
+                return 0;
+        }
+
+        log_debug("%s: root device %s.", name, node);
+
+        pn = udev_device_get_devnum(parent);
+        if (major(pn) == 0)
+                return 0;
+
+        errno = 0;
+        b = blkid_new_probe_from_filename(node);
+        if (!b) {
+                if (errno == 0)
+                        return log_oom();
+
+                return log_error_errno(errno, "%s: failed to allocate prober: %m", node);
+        }
+
+        blkid_probe_enable_partitions(b, 1);
+        blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
+
+        errno = 0;
+        r = blkid_do_safeprobe(b);
+        if (r == 1)
+                return 0; /* no results */
+        else if (r == -2) {
+                log_warning("%s: probe gave ambiguous results, ignoring.", node);
+                return 0;
+        } else if (r != 0)
+                return log_error_errno(errno ?: EIO, "%s: failed to probe: %m", node);
+
+        errno = 0;
+        r = blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
+        if (r != 0) {
+                if (errno == 0)
+                        return 0; /* No partition table found. */
+
+                return log_error_errno(errno, "%s: failed to determine partition table type: %m", node);
+        }
+
+        /* We only do this all for GPT... */
+        if (!streq_ptr(pttype, "gpt")) {
+                log_debug("%s: not a GPT partition table, ignoring.", node);
+                return 0;
+        }
+
+        errno = 0;
+        pl = blkid_probe_get_partitions(b);
+        if (!pl) {
+                if (errno == 0)
+                        return log_oom();
+
+                return log_error_errno(errno, "%s: failed to list partitions: %m", node);
+        }
+
+        e = udev_enumerate_new(udev);
+        if (!e)
+                return log_oom();
+
+        r = udev_enumerate_add_match_parent(e, parent);
+        if (r < 0)
+                return log_oom();
+
+        r = udev_enumerate_add_match_subsystem(e, "block");
+        if (r < 0)
+                return log_oom();
+
+        r = udev_enumerate_scan_devices(e);
+        if (r < 0)
+                return log_error_errno(r, "%s: failed to enumerate partitions: %m", node);
+
+        first = udev_enumerate_get_list_entry(e);
+        udev_list_entry_foreach(item, first) {
+                _cleanup_udev_device_unref_ struct udev_device *q;
+                unsigned long long flags;
+                const char *stype, *subnode;
+                sd_id128_t type_id;
+                blkid_partition pp;
+                dev_t qn;
+                int nr;
+
+                q = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
+                if (!q)
+                        continue;
+
+                qn = udev_device_get_devnum(q);
+                if (major(qn) == 0)
+                        continue;
+
+                if (qn == devnum)
+                        continue;
+
+                if (qn == pn)
+                        continue;
+
+                subnode = udev_device_get_devnode(q);
+                if (!subnode)
+                        continue;
+
+                pp = blkid_partlist_devno_to_partition(pl, qn);
+                if (!pp)
+                        continue;
+
+                nr = blkid_partition_get_partno(pp);
+                if (nr < 0)
+                        continue;
+
+                stype = blkid_partition_get_type_string(pp);
+                if (!stype)
+                        continue;
+
+                if (sd_id128_from_string(stype, &type_id) < 0)
+                        continue;
+
+                flags = blkid_partition_get_flags(pp);
+
+                if (sd_id128_equal(type_id, GPT_SWAP)) {
+
+                        if (flags & GPT_FLAG_NO_AUTO)
+                                continue;
+
+                        if (flags & GPT_FLAG_READ_ONLY) {
+                                log_debug("%s marked as read-only swap partition, which is bogus. Ignoring.", subnode);
+                                continue;
+                        }
+
+                        k = add_swap(subnode);
+                        if (k < 0)
+                                r = k;
+
+                } else if (sd_id128_equal(type_id, GPT_ESP)) {
+
+                        /* We only care for the first /boot partition */
+                        if (boot && nr >= boot_nr)
+                                continue;
+
+                        /* Note that we do not honour the "no-auto"
+                         * flag for the ESP, as it is often unset, to
+                         * hide it from Windows. */
+
+                        boot_nr = nr;
+
+                        r = free_and_strdup(&boot, subnode);
+                        if (r < 0)
+                                return log_oom();
+
+                } else if (sd_id128_equal(type_id, GPT_HOME)) {
+
+                        if (flags & GPT_FLAG_NO_AUTO)
+                                continue;
+
+                        /* We only care for the first /home partition */
+                        if (home && nr >= home_nr)
+                                continue;
+
+                        home_nr = nr;
+                        home_rw = !(flags & GPT_FLAG_READ_ONLY),
+
+                        r = free_and_strdup(&home, subnode);
+                        if (r < 0)
+                                return log_oom();
+
+                } else if (sd_id128_equal(type_id, GPT_SRV)) {
+
+                        if (flags & GPT_FLAG_NO_AUTO)
+                                continue;
+
+                        /* We only care for the first /srv partition */
+                        if (srv && nr >= srv_nr)
+                                continue;
+
+                        srv_nr = nr;
+                        srv_rw = !(flags & GPT_FLAG_READ_ONLY),
+
+                        r = free_and_strdup(&srv, subnode);
+                        if (r < 0)
+                                return log_oom();
+                }
+        }
+
+        if (boot) {
+                k = add_boot(boot);
+                if (k < 0)
+                        r = k;
+        }
+
+        if (home) {
+                k = probe_and_add_mount("home", home, "/home", home_rw, "Home Partition", SPECIAL_LOCAL_FS_TARGET);
+                if (k < 0)
+                        r = k;
+        }
+
+        if (srv) {
+                k = probe_and_add_mount("srv", srv, "/srv", srv_rw, "Server Data Partition", SPECIAL_LOCAL_FS_TARGET);
+                if (k < 0)
+                        r = k;
+        }
+
+        return r;
+}
+
+static int get_block_device(const char *path, dev_t *dev) {
+        struct stat st;
+        struct statfs sfs;
+
+        assert(path);
+        assert(dev);
+
+        /* Get's the block device directly backing a file system. If
+         * the block device is encrypted, returns the device mapper
+         * block device. */
+
+        if (lstat(path, &st))
+                return -errno;
+
+        if (major(st.st_dev) != 0) {
+                *dev = st.st_dev;
+                return 1;
+        }
+
+        if (statfs(path, &sfs) < 0)
+                return -errno;
+
+        if (F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC))
+                return btrfs_get_block_device(path, dev);
+
+        return 0;
+}
+
+static int get_block_device_harder(const char *path, dev_t *dev) {
+        _cleanup_closedir_ DIR *d = NULL;
+        _cleanup_free_ char *p = NULL, *t = NULL;
+        struct dirent *de, *found = NULL;
+        const char *q;
+        unsigned maj, min;
+        dev_t dt;
+        int r;
+
+        assert(path);
+        assert(dev);
+
+        /* Gets the backing block device for a file system, and
+         * handles LUKS encrypted file systems, looking for its
+         * immediate parent, if there is one. */
+
+        r = get_block_device(path, &dt);
+        if (r <= 0)
+                return r;
+
+        if (asprintf(&p, "/sys/dev/block/%u:%u/slaves", major(dt), minor(dt)) < 0)
+                return -ENOMEM;
+
+        d = opendir(p);
+        if (!d) {
+                if (errno == ENOENT)
+                        goto fallback;
+
+                return -errno;
+        }
+
+        FOREACH_DIRENT_ALL(de, d, return -errno) {
+
+                if (STR_IN_SET(de->d_name, ".", ".."))
+                        continue;
+
+                if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
+                        continue;
+
+                if (found) /* Don't try to support multiple backing block devices */
+                        goto fallback;
+
+                found = de;
+        }
+
+        if (!found)
+                goto fallback;
+
+        q = strjoina(p, "/", found->d_name, "/dev");
+
+        r = read_one_line_file(q, &t);
+        if (r == -ENOENT)
+                goto fallback;
+        if (r < 0)
+                return r;
+
+        if (sscanf(t, "%u:%u", &maj, &min) != 2)
+                return -EINVAL;
+
+        if (maj == 0)
+                goto fallback;
+
+        *dev = makedev(maj, min);
+        return 1;
+
+fallback:
+        *dev = dt;
+        return 1;
+}
+
+static int parse_proc_cmdline_item(const char *key, const char *value) {
+        int r;
+
+        assert(key);
+
+        if (STR_IN_SET(key, "systemd.gpt_auto", "rd.systemd.gpt_auto") && value) {
+
+                r = parse_boolean(value);
+                if (r < 0)
+                        log_warning("Failed to parse gpt-auto switch \"%s\". Ignoring.", value);
+                else
+                        arg_enabled = r;
+
+        } else if (streq(key, "root") && value) {
+
+                /* Disable root disk logic if there's a root= value
+                 * specified (unless it happens to be "gpt-auto") */
+
+                arg_root_enabled = streq(value, "gpt-auto");
+
+        } else if (streq(key, "rw") && !value)
+                arg_root_rw = true;
+        else if (streq(key, "ro") && !value)
+                arg_root_rw = false;
+
+        return 0;
+}
+
+static int add_root_mount(void) {
+
+#ifdef ENABLE_EFI
+        int r;
+
+        if (!is_efi_boot()) {
+                log_debug("Not a EFI boot, not creating root mount.");
+                return 0;
+        }
+
+        r = efi_loader_get_device_part_uuid(NULL);
+        if (r == -ENOENT) {
+                log_debug("EFI loader partition unknown, exiting.");
+                return 0;
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to read ESP partition UUID: %m");
+
+        /* OK, we have an ESP partition, this is fantastic, so let's
+         * wait for a root device to show up. A udev rule will create
+         * the link for us under the right name. */
+
+        if (in_initrd()) {
+                r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root");
+                if (r < 0)
+                        return 0;
+        }
+
+        return add_mount(
+                        "root",
+                        "/dev/gpt-auto-root",
+                        in_initrd() ? "/sysroot" : "/",
+                        NULL,
+                        arg_root_rw,
+                        NULL,
+                        "Root Partition",
+                        in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
+#else
+        return 0;
+#endif
+}
+
+static int add_mounts(void) {
+        dev_t devno;
+        int r;
+
+        r = get_block_device_harder("/", &devno);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine block device of root file system: %m");
+        else if (r == 0) {
+                r = get_block_device_harder("/usr", &devno);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to determine block device of /usr file system: %m");
+                else if (r == 0) {
+                        log_debug("Neither root nor /usr file system are on a (single) block device.");
+                        return 0;
+                }
+        }
+
+        return enumerate_partitions(devno);
+}
+
+int main(int argc, char *argv[]) {
+        int r = 0;
+
+        if (argc > 1 && argc != 4) {
+                log_error("This program takes three or no arguments.");
+                return EXIT_FAILURE;
+        }
+
+        if (argc > 1)
+                arg_dest = argv[3];
+
+        log_set_target(LOG_TARGET_SAFE);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (detect_container() > 0) {
+                log_debug("In a container, exiting.");
+                return EXIT_SUCCESS;
+        }
+
+        r = parse_proc_cmdline(parse_proc_cmdline_item);
+        if (r < 0)
+                log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
+
+        if (!arg_enabled) {
+                log_debug("Disabled, exiting.");
+                return EXIT_SUCCESS;
+        }
+
+        if (arg_root_enabled)
+                r = add_root_mount();
+
+        if (!in_initrd()) {
+                int k;
+
+                k = add_mounts();
+                if (k < 0)
+                        r = k;
+        }
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-hibernate-resume/Makefile b/src/systemd-hibernate-resume/Makefile
new file mode 100644
index 0000000000..386f372f78
--- /dev/null
+++ b/src/systemd-hibernate-resume/Makefile
@@ -0,0 +1,60 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_HIBERNATE),)
+systemgenerator_PROGRAMS += \
+	systemd-hibernate-resume-generator
+
+rootlibexec_PROGRAMS += \
+	systemd-hibernate-resume
+
+systemd_hibernate_resume_SOURCES = \
+	src/hibernate-resume/hibernate-resume.c
+
+systemd_hibernate_resume_LDADD = \
+	libshared.la
+
+systemd_hibernate_resume_generator_SOURCES = \
+	src/hibernate-resume/hibernate-resume-generator.c
+
+systemd_hibernate_resume_generator_LDADD = \
+	libshared.la
+
+dist_systemunit_DATA += \
+	units/hibernate.target \
+	units/hybrid-sleep.target
+
+nodist_systemunit_DATA += \
+	units/systemd-hibernate.service \
+	units/systemd-hibernate-resume@.service \
+	units/systemd-hybrid-sleep.service
+endif # ENABLE_HIBERNATE
+
+EXTRA_DIST += \
+	units/systemd-hibernate.service.in \
+	units/systemd-hibernate-resume@.service.in \
+	units/systemd-hybrid-sleep.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/hibernate-resume/hibernate-resume-generator.c b/src/systemd-hibernate-resume/hibernate-resume-generator.c
index d7ee80d58f..d7ee80d58f 100644
--- a/src/hibernate-resume/hibernate-resume-generator.c
+++ b/src/systemd-hibernate-resume/hibernate-resume-generator.c
diff --git a/src/hibernate-resume/hibernate-resume.c b/src/systemd-hibernate-resume/hibernate-resume.c
index 21df3c4461..21df3c4461 100644
--- a/src/hibernate-resume/hibernate-resume.c
+++ b/src/systemd-hibernate-resume/hibernate-resume.c
diff --git a/src/systemd-hwdb/Makefile b/src/systemd-hwdb/Makefile
new file mode 100644
index 0000000000..ce10c46e99
--- /dev/null
+++ b/src/systemd-hwdb/Makefile
@@ -0,0 +1,76 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_HWDB),)
+INSTALL_DIRS += \
+	$(sysconfdir)/udev/hwdb.d
+
+systemd_hwdb_SOURCES = \
+	src/libsystemd/sd-hwdb/hwdb-internal.h \
+	src/hwdb/hwdb.c
+
+systemd_hwdb_LDADD = \
+	libshared.la
+
+rootbin_PROGRAMS += \
+	systemd-hwdb
+
+dist_udevhwdb_DATA = \
+	hwdb/20-pci-vendor-model.hwdb \
+	hwdb/20-pci-classes.hwdb \
+	hwdb/20-usb-vendor-model.hwdb \
+	hwdb/20-usb-classes.hwdb \
+	hwdb/20-sdio-vendor-model.hwdb \
+	hwdb/20-sdio-classes.hwdb \
+	hwdb/20-bluetooth-vendor-product.hwdb \
+	hwdb/20-acpi-vendor.hwdb \
+	hwdb/20-OUI.hwdb \
+	hwdb/20-net-ifname.hwdb \
+	hwdb/60-evdev.hwdb \
+	hwdb/60-keyboard.hwdb \
+	hwdb/70-mouse.hwdb \
+	hwdb/70-pointingstick.hwdb
+
+SYSINIT_TARGET_WANTS += \
+	systemd-hwdb-update.service
+
+# Update hwdb on installation. Do not bother if installing
+# in DESTDIR, since this is likely for packaging purposes.
+hwdb-update-hook:
+	-test -n "$(DESTDIR)" || $(rootbindir)/systemd-hwdb update
+
+INSTALL_DATA_HOOKS += \
+	hwdb-update-hook
+
+hwdb-remove-hook:
+	-test -n "$(DESTDIR)" || rm -f /etc/udev/hwdb.bin
+endif # ENABLE_HWDB
+
+EXTRA_DIST += \
+	units/systemd-hwdb-update.service.in \
+	hwdb/ids-update.pl \
+	hwdb/sdio.ids
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/hwdb/hwdb.c b/src/systemd-hwdb/hwdb.c
index 1160dacdf1..1160dacdf1 100644
--- a/src/hwdb/hwdb.c
+++ b/src/systemd-hwdb/hwdb.c
diff --git a/src/systemd-initctl/Makefile b/src/systemd-initctl/Makefile
new file mode 100644
index 0000000000..bd19b4a090
--- /dev/null
+++ b/src/systemd-initctl/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-initctl
+systemd_initctl_SOURCES = \
+	src/initctl/initctl.c
+
+systemd_initctl_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-initctl/initctl.c b/src/systemd-initctl/initctl.c
new file mode 100644
index 0000000000..05285e3846
--- /dev/null
+++ b/src/systemd-initctl/initctl.c
@@ -0,0 +1,428 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdio.h>
+#include <sys/epoll.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "def.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "initreq.h"
+#include "list.h"
+#include "log.h"
+#include "special.h"
+#include "util.h"
+
+#define SERVER_FD_MAX 16
+#define TIMEOUT_MSEC ((int) (DEFAULT_EXIT_USEC/USEC_PER_MSEC))
+
+typedef struct Fifo Fifo;
+
+typedef struct Server {
+        int epoll_fd;
+
+        LIST_HEAD(Fifo, fifos);
+        unsigned n_fifos;
+
+        sd_bus *bus;
+
+        bool quit;
+} Server;
+
+struct Fifo {
+        Server *server;
+
+        int fd;
+
+        struct init_request buffer;
+        size_t bytes_read;
+
+        LIST_FIELDS(Fifo, fifo);
+};
+
+static const char *translate_runlevel(int runlevel, bool *isolate) {
+        static const struct {
+                const int runlevel;
+                const char *special;
+                bool isolate;
+        } table[] = {
+                { '0', SPECIAL_POWEROFF_TARGET,   false },
+                { '1', SPECIAL_RESCUE_TARGET,     true  },
+                { 's', SPECIAL_RESCUE_TARGET,     true  },
+                { 'S', SPECIAL_RESCUE_TARGET,     true  },
+                { '2', SPECIAL_MULTI_USER_TARGET, true  },
+                { '3', SPECIAL_MULTI_USER_TARGET, true  },
+                { '4', SPECIAL_MULTI_USER_TARGET, true  },
+                { '5', SPECIAL_GRAPHICAL_TARGET,  true  },
+                { '6', SPECIAL_REBOOT_TARGET,     false },
+        };
+
+        unsigned i;
+
+        assert(isolate);
+
+        for (i = 0; i < ELEMENTSOF(table); i++)
+                if (table[i].runlevel == runlevel) {
+                        *isolate = table[i].isolate;
+                        if (runlevel == '6' && kexec_loaded())
+                                return SPECIAL_KEXEC_TARGET;
+                        return table[i].special;
+                }
+
+        return NULL;
+}
+
+static void change_runlevel(Server *s, int runlevel) {
+        const char *target;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        const char *mode;
+        bool isolate = false;
+        int r;
+
+        assert(s);
+
+        target = translate_runlevel(runlevel, &isolate);
+        if (!target) {
+                log_warning("Got request for unknown runlevel %c, ignoring.", runlevel);
+                return;
+        }
+
+        if (isolate)
+                mode = "isolate";
+        else
+                mode = "replace-irreversibly";
+
+        log_debug("Running request %s/start/%s", target, mode);
+
+        r = sd_bus_call_method(
+                        s->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartUnit",
+                        &error,
+                        NULL,
+                        "ss", target, mode);
+        if (r < 0) {
+                log_error("Failed to change runlevel: %s", bus_error_message(&error, -r));
+                return;
+        }
+}
+
+static void request_process(Server *s, const struct init_request *req) {
+        assert(s);
+        assert(req);
+
+        if (req->magic != INIT_MAGIC) {
+                log_error("Got initctl request with invalid magic. Ignoring.");
+                return;
+        }
+
+        switch (req->cmd) {
+
+        case INIT_CMD_RUNLVL:
+                if (!isprint(req->runlevel))
+                        log_error("Got invalid runlevel. Ignoring.");
+                else
+                        switch (req->runlevel) {
+
+                        /* we are async anyway, so just use kill for reexec/reload */
+                        case 'u':
+                        case 'U':
+                                if (kill(1, SIGTERM) < 0)
+                                        log_error_errno(errno, "kill() failed: %m");
+
+                                /* The bus connection will be
+                                 * terminated if PID 1 is reexecuted,
+                                 * hence let's just exit here, and
+                                 * rely on that we'll be restarted on
+                                 * the next request */
+                                s->quit = true;
+                                break;
+
+                        case 'q':
+                        case 'Q':
+                                if (kill(1, SIGHUP) < 0)
+                                        log_error_errno(errno, "kill() failed: %m");
+                                break;
+
+                        default:
+                                change_runlevel(s, req->runlevel);
+                        }
+                return;
+
+        case INIT_CMD_POWERFAIL:
+        case INIT_CMD_POWERFAILNOW:
+        case INIT_CMD_POWEROK:
+                log_warning("Received UPS/power initctl request. This is not implemented in systemd. Upgrade your UPS daemon!");
+                return;
+
+        case INIT_CMD_CHANGECONS:
+                log_warning("Received console change initctl request. This is not implemented in systemd.");
+                return;
+
+        case INIT_CMD_SETENV:
+        case INIT_CMD_UNSETENV:
+                log_warning("Received environment initctl request. This is not implemented in systemd.");
+                return;
+
+        default:
+                log_warning("Received unknown initctl request. Ignoring.");
+                return;
+        }
+}
+
+static int fifo_process(Fifo *f) {
+        ssize_t l;
+
+        assert(f);
+
+        errno = EIO;
+        l = read(f->fd,
+                 ((uint8_t*) &f->buffer) + f->bytes_read,
+                 sizeof(f->buffer) - f->bytes_read);
+        if (l <= 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                return log_warning_errno(errno, "Failed to read from fifo: %m");
+        }
+
+        f->bytes_read += l;
+        assert(f->bytes_read <= sizeof(f->buffer));
+
+        if (f->bytes_read == sizeof(f->buffer)) {
+                request_process(f->server, &f->buffer);
+                f->bytes_read = 0;
+        }
+
+        return 0;
+}
+
+static void fifo_free(Fifo *f) {
+        assert(f);
+
+        if (f->server) {
+                assert(f->server->n_fifos > 0);
+                f->server->n_fifos--;
+                LIST_REMOVE(fifo, f->server->fifos, f);
+        }
+
+        if (f->fd >= 0) {
+                if (f->server)
+                        epoll_ctl(f->server->epoll_fd, EPOLL_CTL_DEL, f->fd, NULL);
+
+                safe_close(f->fd);
+        }
+
+        free(f);
+}
+
+static void server_done(Server *s) {
+        assert(s);
+
+        while (s->fifos)
+                fifo_free(s->fifos);
+
+        safe_close(s->epoll_fd);
+
+        if (s->bus) {
+                sd_bus_flush(s->bus);
+                sd_bus_unref(s->bus);
+        }
+}
+
+static int server_init(Server *s, unsigned n_sockets) {
+        int r;
+        unsigned i;
+
+        assert(s);
+        assert(n_sockets > 0);
+
+        zero(*s);
+
+        s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
+        if (s->epoll_fd < 0) {
+                r = log_error_errno(errno,
+                                    "Failed to create epoll object: %m");
+                goto fail;
+        }
+
+        for (i = 0; i < n_sockets; i++) {
+                struct epoll_event ev;
+                Fifo *f;
+                int fd;
+
+                fd = SD_LISTEN_FDS_START+i;
+
+                r = sd_is_fifo(fd, NULL);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to determine file descriptor type: %m");
+                        goto fail;
+                }
+
+                if (!r) {
+                        log_error("Wrong file descriptor type.");
+                        r = -EINVAL;
+                        goto fail;
+                }
+
+                f = new0(Fifo, 1);
+                if (!f) {
+                        r = -ENOMEM;
+                        log_error_errno(errno, "Failed to create fifo object: %m");
+                        goto fail;
+                }
+
+                f->fd = -1;
+
+                zero(ev);
+                ev.events = EPOLLIN;
+                ev.data.ptr = f;
+                if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) {
+                        r = -errno;
+                        fifo_free(f);
+                        log_error_errno(errno, "Failed to add fifo fd to epoll object: %m");
+                        goto fail;
+                }
+
+                f->fd = fd;
+                LIST_PREPEND(fifo, s->fifos, f);
+                f->server = s;
+                s->n_fifos++;
+        }
+
+        r = bus_connect_system_systemd(&s->bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get D-Bus connection: %m");
+                r = -EIO;
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        server_done(s);
+
+        return r;
+}
+
+static int process_event(Server *s, struct epoll_event *ev) {
+        int r;
+        Fifo *f;
+
+        assert(s);
+
+        if (!(ev->events & EPOLLIN)) {
+                log_info("Got invalid event from epoll. (3)");
+                return -EIO;
+        }
+
+        f = (Fifo*) ev->data.ptr;
+        r = fifo_process(f);
+        if (r < 0) {
+                log_info_errno(r, "Got error on fifo: %m");
+                fifo_free(f);
+                return r;
+        }
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        Server server;
+        int r = EXIT_FAILURE, n;
+
+        if (getppid() != 1) {
+                log_error("This program should be invoked by init only.");
+                return EXIT_FAILURE;
+        }
+
+        if (argc > 1) {
+                log_error("This program does not take arguments.");
+                return EXIT_FAILURE;
+        }
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        n = sd_listen_fds(true);
+        if (n < 0) {
+                log_error_errno(r, "Failed to read listening file descriptors from environment: %m");
+                return EXIT_FAILURE;
+        }
+
+        if (n <= 0 || n > SERVER_FD_MAX) {
+                log_error("No or too many file descriptors passed.");
+                return EXIT_FAILURE;
+        }
+
+        if (server_init(&server, (unsigned) n) < 0)
+                return EXIT_FAILURE;
+
+        log_debug("systemd-initctl running as pid "PID_FMT, getpid());
+
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Processing requests...");
+
+        while (!server.quit) {
+                struct epoll_event event;
+                int k;
+
+                k = epoll_wait(server.epoll_fd, &event, 1, TIMEOUT_MSEC);
+                if (k < 0) {
+                        if (errno == EINTR)
+                                continue;
+                        log_error_errno(errno, "epoll_wait() failed: %m");
+                        goto fail;
+                }
+
+                if (k <= 0)
+                        break;
+
+                if (process_event(&server, &event) < 0)
+                        goto fail;
+        }
+
+        r = EXIT_SUCCESS;
+
+        log_debug("systemd-initctl stopped as pid "PID_FMT, getpid());
+
+fail:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Shutting down...");
+
+        server_done(&server);
+
+        return r;
+}
diff --git a/src/systemd-machine-id-setup/Makefile b/src/systemd-machine-id-setup/Makefile
new file mode 100644
index 0000000000..8f210b3cdf
--- /dev/null
+++ b/src/systemd-machine-id-setup/Makefile
@@ -0,0 +1,38 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += systemd-machine-id-setup
+systemd_machine_id_setup_SOURCES = \
+	src/machine-id-setup/machine-id-setup-main.c \
+	src/core/machine-id-setup.c \
+	src/core/machine-id-setup.h
+
+systemd_machine_id_setup_LDADD = \
+	libshared.la
+
+SYSINIT_TARGET_WANTS += \
+	systemd-machine-id-commit.service
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/machine-id-setup/machine-id-setup-main.c b/src/systemd-machine-id-setup/machine-id-setup-main.c
index 1d55fa04af..1d55fa04af 100644
--- a/src/machine-id-setup/machine-id-setup-main.c
+++ b/src/systemd-machine-id-setup/machine-id-setup-main.c
diff --git a/src/systemd-modules-load/Makefile b/src/systemd-modules-load/Makefile
new file mode 100644
index 0000000000..1c51b134ad
--- /dev/null
+++ b/src/systemd-modules-load/Makefile
@@ -0,0 +1,60 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_KMOD),)
+systemd_modules_load_SOURCES = \
+	src/modules-load/modules-load.c
+
+systemd_modules_load_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(KMOD_CFLAGS)
+
+systemd_modules_load_LDADD = \
+	libshared.la \
+	$(KMOD_LIBS)
+
+rootlibexec_PROGRAMS += \
+	systemd-modules-load
+
+nodist_systemunit_DATA += \
+	units/systemd-modules-load.service
+
+SYSINIT_TARGET_WANTS += \
+	systemd-modules-load.service
+
+ifneq ($(ENABLE_TMPFILES),)
+nodist_systemunit_DATA += \
+	units/kmod-static-nodes.service
+
+SYSINIT_TARGET_WANTS += \
+	kmod-static-nodes.service
+endif # ENABLE_TMPFILES
+endif # HAVE_KMOD
+
+EXTRA_DIST += \
+	units/systemd-modules-load.service.in \
+	units/kmod-static-nodes.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/modules-load/modules-load.c b/src/systemd-modules-load/modules-load.c
index f75015d8c3..f75015d8c3 100644
--- a/src/modules-load/modules-load.c
+++ b/src/systemd-modules-load/modules-load.c
diff --git a/src/systemd-notify/Makefile b/src/systemd-notify/Makefile
new file mode 100644
index 0000000000..06a6604e5b
--- /dev/null
+++ b/src/systemd-notify/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += systemd-notify
+systemd_notify_SOURCES = \
+	src/notify/notify.c
+
+systemd_notify_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-notify/notify.c b/src/systemd-notify/notify.c
new file mode 100644
index 0000000000..b18fb5938f
--- /dev/null
+++ b/src/systemd-notify/notify.c
@@ -0,0 +1,203 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "env-util.h"
+#include "formats-util.h"
+#include "log.h"
+#include "parse-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "util.h"
+
+static bool arg_ready = false;
+static pid_t arg_pid = 0;
+static const char *arg_status = NULL;
+static bool arg_booted = false;
+
+static void help(void) {
+        printf("%s [OPTIONS...] [VARIABLE=VALUE...]\n\n"
+               "Notify the init system about service status updates.\n\n"
+               "  -h --help            Show this help\n"
+               "     --version         Show package version\n"
+               "     --ready           Inform the init system about service start-up completion\n"
+               "     --pid[=PID]       Set main pid of daemon\n"
+               "     --status=TEXT     Set status text\n"
+               "     --booted          Check if the system was booted up with systemd\n",
+               program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_READY = 0x100,
+                ARG_VERSION,
+                ARG_PID,
+                ARG_STATUS,
+                ARG_BOOTED,
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, 'h'           },
+                { "version",   no_argument,       NULL, ARG_VERSION   },
+                { "ready",     no_argument,       NULL, ARG_READY     },
+                { "pid",       optional_argument, NULL, ARG_PID       },
+                { "status",    required_argument, NULL, ARG_STATUS    },
+                { "booted",    no_argument,       NULL, ARG_BOOTED    },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_READY:
+                        arg_ready = true;
+                        break;
+
+                case ARG_PID:
+
+                        if (optarg) {
+                                if (parse_pid(optarg, &arg_pid) < 0) {
+                                        log_error("Failed to parse PID %s.", optarg);
+                                        return -EINVAL;
+                                }
+                        } else
+                                arg_pid = getppid();
+
+                        break;
+
+                case ARG_STATUS:
+                        arg_status = optarg;
+                        break;
+
+                case ARG_BOOTED:
+                        arg_booted = true;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+        }
+
+        if (optind >= argc &&
+            !arg_ready &&
+            !arg_status &&
+            !arg_pid &&
+            !arg_booted) {
+                help();
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+int main(int argc, char* argv[]) {
+        _cleanup_free_ char *status = NULL, *cpid = NULL, *n = NULL;
+        _cleanup_strv_free_ char **final_env = NULL;
+        char* our_env[4];
+        unsigned i = 0;
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        if (arg_booted)
+                return sd_booted() <= 0;
+
+        if (arg_ready)
+                our_env[i++] = (char*) "READY=1";
+
+        if (arg_status) {
+                status = strappend("STATUS=", arg_status);
+                if (!status) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                our_env[i++] = status;
+        }
+
+        if (arg_pid > 0) {
+                if (asprintf(&cpid, "MAINPID="PID_FMT, arg_pid) < 0) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                our_env[i++] = cpid;
+        }
+
+        our_env[i++] = NULL;
+
+        final_env = strv_env_merge(2, our_env, argv + optind);
+        if (!final_env) {
+                r = log_oom();
+                goto finish;
+        }
+
+        if (strv_length(final_env) <= 0) {
+                r = 0;
+                goto finish;
+        }
+
+        n = strv_join(final_env, "\n");
+        if (!n) {
+                r = log_oom();
+                goto finish;
+        }
+
+        r = sd_pid_notify(arg_pid ? arg_pid : getppid(), false, n);
+        if (r < 0) {
+                log_error_errno(r, "Failed to notify init system: %m");
+                goto finish;
+        } else if (r == 0) {
+                log_error("No status data could be sent: $NOTIFY_SOCKET was not set");
+                r = -EOPNOTSUPP;
+        }
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/nspawn/.gitignore b/src/systemd-nspawn/.gitignore
index 85c81fff24..85c81fff24 100644
--- a/src/nspawn/.gitignore
+++ b/src/systemd-nspawn/.gitignore
diff --git a/src/systemd-nspawn/Makefile b/src/systemd-nspawn/Makefile
new file mode 100644
index 0000000000..d6f928ebd6
--- /dev/null
+++ b/src/systemd-nspawn/Makefile
@@ -0,0 +1,85 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-nspawn
+systemd_nspawn_SOURCES = \
+	src/nspawn/nspawn.c \
+	src/nspawn/nspawn-settings.c \
+	src/nspawn/nspawn-settings.h \
+	src/nspawn/nspawn-mount.c \
+	src/nspawn/nspawn-mount.h \
+	src/nspawn/nspawn-network.c \
+	src/nspawn/nspawn-network.h \
+	src/nspawn/nspawn-expose-ports.c \
+	src/nspawn/nspawn-expose-ports.h \
+	src/nspawn/nspawn-cgroup.c \
+	src/nspawn/nspawn-cgroup.h \
+	src/nspawn/nspawn-register.c \
+	src/nspawn/nspawn-register.h \
+	src/nspawn/nspawn-setuid.c \
+	src/nspawn/nspawn-setuid.h \
+	src/nspawn/nspawn-stub-pid1.c \
+	src/nspawn/nspawn-stub-pid1.h \
+	src/nspawn/nspawn-patch-uid.c \
+	src/nspawn/nspawn-patch-uid.h \
+	src/core/mount-setup.c \
+	src/core/mount-setup.h \
+	src/core/loopback-setup.c \
+	src/core/loopback-setup.h \
+	src/core/machine-id-setup.c \
+	src/core/machine-id-setup.h
+
+nodist_systemd_nspawn_SOURCES = \
+	src/nspawn/nspawn-gperf.c
+
+gperf_gperf_sources += \
+	src/nspawn/nspawn-gperf.gperf
+
+systemd_nspawn_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(BLKID_CFLAGS) \
+	$(SECCOMP_CFLAGS)
+
+systemd_nspawn_LDADD = \
+	libshared.la \
+	$(BLKID_LIBS)
+
+ifneq ($(HAVE_LIBIPTC),)
+systemd_nspawn_LDADD += \
+	libfirewall.la
+endif # HAVE_LIBIPTC
+
+test_patch_uid_SOURCES = \
+	src/nspawn/nspawn-patch-uid.c \
+	src/nspawn/nspawn-patch-uid.h \
+	src/nspawn/test-patch-uid.c
+
+test_patch_uid_LDADD = \
+	libshared.la
+
+manual_tests += \
+	test-patch-uid
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/nspawn/nspawn-cgroup.c b/src/systemd-nspawn/nspawn-cgroup.c
index f50f1ad6c2..f50f1ad6c2 100644
--- a/src/nspawn/nspawn-cgroup.c
+++ b/src/systemd-nspawn/nspawn-cgroup.c
diff --git a/src/nspawn/nspawn-cgroup.h b/src/systemd-nspawn/nspawn-cgroup.h
index 1ff35a299a..1ff35a299a 100644
--- a/src/nspawn/nspawn-cgroup.h
+++ b/src/systemd-nspawn/nspawn-cgroup.h
diff --git a/src/systemd-nspawn/nspawn-expose-ports.c b/src/systemd-nspawn/nspawn-expose-ports.c
new file mode 100644
index 0000000000..8122a14f7b
--- /dev/null
+++ b/src/systemd-nspawn/nspawn-expose-ports.c
@@ -0,0 +1,245 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "firewall-util.h"
+#include "in-addr-util.h"
+#include "local-addresses.h"
+#include "netlink-util.h"
+#include "nspawn-expose-ports.h"
+#include "parse-util.h"
+#include "socket-util.h"
+#include "string-util.h"
+#include "util.h"
+
+int expose_port_parse(ExposePort **l, const char *s) {
+
+        const char *split, *e;
+        uint16_t container_port, host_port;
+        int protocol;
+        ExposePort *p;
+        int r;
+
+        assert(l);
+        assert(s);
+
+        if ((e = startswith(s, "tcp:")))
+                protocol = IPPROTO_TCP;
+        else if ((e = startswith(s, "udp:")))
+                protocol = IPPROTO_UDP;
+        else {
+                e = s;
+                protocol = IPPROTO_TCP;
+        }
+
+        split = strchr(e, ':');
+        if (split) {
+                char v[split - e + 1];
+
+                memcpy(v, e, split - e);
+                v[split - e] = 0;
+
+                r = safe_atou16(v, &host_port);
+                if (r < 0 || host_port <= 0)
+                        return -EINVAL;
+
+                r = safe_atou16(split + 1, &container_port);
+        } else {
+                r = safe_atou16(e, &container_port);
+                host_port = container_port;
+        }
+
+        if (r < 0 || container_port <= 0)
+                return -EINVAL;
+
+        LIST_FOREACH(ports, p, *l)
+                if (p->protocol == protocol && p->host_port == host_port)
+                        return -EEXIST;
+
+        p = new(ExposePort, 1);
+        if (!p)
+                return -ENOMEM;
+
+        p->protocol = protocol;
+        p->host_port = host_port;
+        p->container_port = container_port;
+
+        LIST_PREPEND(ports, *l, p);
+
+        return 0;
+}
+
+void expose_port_free_all(ExposePort *p) {
+
+        while (p) {
+                ExposePort *q = p;
+                LIST_REMOVE(ports, p, q);
+                free(q);
+        }
+}
+
+int expose_port_flush(ExposePort* l, union in_addr_union *exposed) {
+        ExposePort *p;
+        int r, af = AF_INET;
+
+        assert(exposed);
+
+        if (!l)
+                return 0;
+
+        if (in_addr_is_null(af, exposed))
+                return 0;
+
+        log_debug("Lost IP address.");
+
+        LIST_FOREACH(ports, p, l) {
+                r = fw_add_local_dnat(false,
+                                      af,
+                                      p->protocol,
+                                      NULL,
+                                      NULL, 0,
+                                      NULL, 0,
+                                      p->host_port,
+                                      exposed,
+                                      p->container_port,
+                                      NULL);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to modify firewall: %m");
+        }
+
+        *exposed = IN_ADDR_NULL;
+        return 0;
+}
+
+int expose_port_execute(sd_netlink *rtnl, ExposePort *l, union in_addr_union *exposed) {
+        _cleanup_free_ struct local_address *addresses = NULL;
+        _cleanup_free_ char *pretty = NULL;
+        union in_addr_union new_exposed;
+        ExposePort *p;
+        bool add;
+        int af = AF_INET, r;
+
+        assert(exposed);
+
+        /* Invoked each time an address is added or removed inside the
+         * container */
+
+        if (!l)
+                return 0;
+
+        r = local_addresses(rtnl, 0, af, &addresses);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enumerate local addresses: %m");
+
+        add = r > 0 &&
+                addresses[0].family == af &&
+                addresses[0].scope < RT_SCOPE_LINK;
+
+        if (!add)
+                return expose_port_flush(l, exposed);
+
+        new_exposed = addresses[0].address;
+        if (in_addr_equal(af, exposed, &new_exposed))
+                return 0;
+
+        in_addr_to_string(af, &new_exposed, &pretty);
+        log_debug("New container IP is %s.", strna(pretty));
+
+        LIST_FOREACH(ports, p, l) {
+
+                r = fw_add_local_dnat(true,
+                                      af,
+                                      p->protocol,
+                                      NULL,
+                                      NULL, 0,
+                                      NULL, 0,
+                                      p->host_port,
+                                      &new_exposed,
+                                      p->container_port,
+                                      in_addr_is_null(af, exposed) ? NULL : exposed);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to modify firewall: %m");
+        }
+
+        *exposed = new_exposed;
+        return 0;
+}
+
+int expose_port_send_rtnl(int send_fd) {
+        _cleanup_close_ int fd = -1;
+        int r;
+
+        assert(send_fd >= 0);
+
+        fd = socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_ROUTE);
+        if (fd < 0)
+                return log_error_errno(errno, "Failed to allocate container netlink: %m");
+
+        /* Store away the fd in the socket, so that it stays open as
+         * long as we run the child */
+        r = send_one_fd(send_fd, fd, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to send netlink fd: %m");
+
+        return 0;
+}
+
+int expose_port_watch_rtnl(
+                sd_event *event,
+                int recv_fd,
+                sd_netlink_message_handler_t handler,
+                union in_addr_union *exposed,
+                sd_netlink **ret) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        int fd, r;
+
+        assert(event);
+        assert(recv_fd >= 0);
+        assert(ret);
+
+        fd = receive_one_fd(recv_fd, 0);
+        if (fd < 0)
+                return log_error_errno(fd, "Failed to recv netlink fd: %m");
+
+        r = sd_netlink_open_fd(&rtnl, fd);
+        if (r < 0) {
+                safe_close(fd);
+                return log_error_errno(r, "Failed to create rtnl object: %m");
+        }
+
+        r = sd_netlink_add_match(rtnl, RTM_NEWADDR, handler, exposed);
+        if (r < 0)
+                return log_error_errno(r, "Failed to subscribe to RTM_NEWADDR messages: %m");
+
+        r = sd_netlink_add_match(rtnl, RTM_DELADDR, handler, exposed);
+        if (r < 0)
+                return log_error_errno(r, "Failed to subscribe to RTM_DELADDR messages: %m");
+
+        r = sd_netlink_attach_event(rtnl, event, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add to even loop: %m");
+
+        *ret = rtnl;
+        rtnl = NULL;
+
+        return 0;
+}
diff --git a/src/systemd-nspawn/nspawn-expose-ports.h b/src/systemd-nspawn/nspawn-expose-ports.h
new file mode 100644
index 0000000000..0e9f8f7e88
--- /dev/null
+++ b/src/systemd-nspawn/nspawn-expose-ports.h
@@ -0,0 +1,44 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <inttypes.h>
+
+#include <systemd/sd-event.h>
+#include <systemd/sd-netlink.h>
+
+#include "in-addr-util.h"
+#include "list.h"
+
+typedef struct ExposePort {
+        int protocol;
+        uint16_t host_port;
+        uint16_t container_port;
+        LIST_FIELDS(struct ExposePort, ports);
+} ExposePort;
+
+void expose_port_free_all(ExposePort *p);
+int expose_port_parse(ExposePort **l, const char *s);
+
+int expose_port_watch_rtnl(sd_event *event, int recv_fd, sd_netlink_message_handler_t handler, union in_addr_union *exposed, sd_netlink **ret);
+int expose_port_send_rtnl(int send_fd);
+
+int expose_port_execute(sd_netlink *rtnl, ExposePort *l, union in_addr_union *exposed);
+int expose_port_flush(ExposePort* l, union in_addr_union *exposed);
diff --git a/src/nspawn/nspawn-gperf.gperf b/src/systemd-nspawn/nspawn-gperf.gperf
index 2b5d452662..2b5d452662 100644
--- a/src/nspawn/nspawn-gperf.gperf
+++ b/src/systemd-nspawn/nspawn-gperf.gperf
diff --git a/src/nspawn/nspawn-mount.c b/src/systemd-nspawn/nspawn-mount.c
index 8e2d2d543c..8e2d2d543c 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/systemd-nspawn/nspawn-mount.c
diff --git a/src/nspawn/nspawn-mount.h b/src/systemd-nspawn/nspawn-mount.h
index 0daf145412..0daf145412 100644
--- a/src/nspawn/nspawn-mount.h
+++ b/src/systemd-nspawn/nspawn-mount.h
diff --git a/src/systemd-nspawn/nspawn-network.c b/src/systemd-nspawn/nspawn-network.c
new file mode 100644
index 0000000000..7052fb5804
--- /dev/null
+++ b/src/systemd-nspawn/nspawn-network.c
@@ -0,0 +1,694 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <linux/veth.h>
+#include <net/if.h>
+
+#include "libudev.h"
+#include <systemd/sd-id128.h>
+#include <systemd/sd-netlink.h>
+
+#include "alloc-util.h"
+#include "ether-addr-util.h"
+#include "lockfile-util.h"
+#include "netlink-util.h"
+#include "nspawn-network.h"
+#include "siphash24.h"
+#include "socket-util.h"
+#include "stat-util.h"
+#include "string-util.h"
+#include "udev-util.h"
+#include "util.h"
+
+#define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
+#define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
+#define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
+#define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
+#define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
+
+static int remove_one_link(sd_netlink *rtnl, const char *name) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        int r;
+
+        if (isempty(name))
+                return 0;
+
+        r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate netlink message: %m");
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add netlink interface name: %m");
+
+        r = sd_netlink_call(rtnl, m, 0, NULL);
+        if (r == -ENODEV) /* Already gone */
+                return 0;
+        if (r < 0)
+                return log_error_errno(r, "Failed to remove interface %s: %m", name);
+
+        return 1;
+}
+
+static int generate_mac(
+                const char *machine_name,
+                struct ether_addr *mac,
+                sd_id128_t hash_key,
+                uint64_t idx) {
+
+        uint64_t result;
+        size_t l, sz;
+        uint8_t *v, *i;
+        int r;
+
+        l = strlen(machine_name);
+        sz = sizeof(sd_id128_t) + l;
+        if (idx > 0)
+                sz += sizeof(idx);
+
+        v = alloca(sz);
+
+        /* fetch some persistent data unique to the host */
+        r = sd_id128_get_machine((sd_id128_t*) v);
+        if (r < 0)
+                return r;
+
+        /* combine with some data unique (on this host) to this
+         * container instance */
+        i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
+        if (idx > 0) {
+                idx = htole64(idx);
+                memcpy(i, &idx, sizeof(idx));
+        }
+
+        /* Let's hash the host machine ID plus the container name. We
+         * use a fixed, but originally randomly created hash key here. */
+        result = htole64(siphash24(v, sz, hash_key.bytes));
+
+        assert_cc(ETH_ALEN <= sizeof(result));
+        memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
+
+        /* see eth_random_addr in the kernel */
+        mac->ether_addr_octet[0] &= 0xfe;        /* clear multicast bit */
+        mac->ether_addr_octet[0] |= 0x02;        /* set local assignment bit (IEEE802) */
+
+        return 0;
+}
+
+static int add_veth(
+                sd_netlink *rtnl,
+                pid_t pid,
+                const char *ifname_host,
+                const struct ether_addr *mac_host,
+                const char *ifname_container,
+                const struct ether_addr *mac_container) {
+
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        int r;
+
+        assert(rtnl);
+        assert(ifname_host);
+        assert(mac_host);
+        assert(ifname_container);
+        assert(mac_container);
+
+        r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate netlink message: %m");
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add netlink interface name: %m");
+
+        r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add netlink MAC address: %m");
+
+        r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
+        if (r < 0)
+                return log_error_errno(r, "Failed to open netlink container: %m");
+
+        r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
+        if (r < 0)
+                return log_error_errno(r, "Failed to open netlink container: %m");
+
+        r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
+        if (r < 0)
+                return log_error_errno(r, "Failed to open netlink container: %m");
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add netlink interface name: %m");
+
+        r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add netlink MAC address: %m");
+
+        r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add netlink namespace field: %m");
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to close netlink container: %m");
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to close netlink container: %m");
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to close netlink container: %m");
+
+        r = sd_netlink_call(rtnl, m, 0, NULL);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
+
+        return 0;
+}
+
+int setup_veth(const char *machine_name,
+               pid_t pid,
+               char iface_name[IFNAMSIZ],
+               bool bridge) {
+
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        struct ether_addr mac_host, mac_container;
+        int r, i;
+
+        assert(machine_name);
+        assert(pid > 0);
+        assert(iface_name);
+
+        /* Use two different interface name prefixes depending whether
+         * we are in bridge mode or not. */
+        snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
+                 bridge ? "vb" : "ve", machine_name);
+
+        r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
+
+        r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
+        if (r < 0)
+                return r;
+
+        i = (int) if_nametoindex(iface_name);
+        if (i <= 0)
+                return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name);
+
+        return i;
+}
+
+int setup_veth_extra(
+                const char *machine_name,
+                pid_t pid,
+                char **pairs) {
+
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        uint64_t idx = 0;
+        char **a, **b;
+        int r;
+
+        assert(machine_name);
+        assert(pid > 0);
+
+        if (strv_isempty(pairs))
+                return 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        STRV_FOREACH_PAIR(a, b, pairs) {
+                struct ether_addr mac_host, mac_container;
+
+                r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
+
+                r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
+
+                r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
+                if (r < 0)
+                        return r;
+
+                idx++;
+        }
+
+        return 0;
+}
+
+static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        int r, bridge_ifi;
+
+        assert(rtnl);
+        assert(veth_name);
+        assert(bridge_name);
+
+        bridge_ifi = (int) if_nametoindex(bridge_name);
+        if (bridge_ifi <= 0)
+                return -errno;
+
+        r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(rtnl, m, 0, NULL);
+        if (r < 0)
+                return r;
+
+        return bridge_ifi;
+}
+
+static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        int r;
+
+        r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(rtnl, m, 0, NULL);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
+        _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        int r, bridge_ifi;
+        unsigned n = 0;
+
+        assert(veth_name);
+        assert(bridge_name);
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        if (create) {
+                /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
+                 * bridge before removing it, without risking interferance from other nspawn instances. */
+
+                r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to take network zone lock: %m");
+        }
+
+        for (;;) {
+                bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
+                if (bridge_ifi >= 0)
+                        return bridge_ifi;
+                if (bridge_ifi != -ENODEV || !create || n > 10)
+                        return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
+
+                /* Count attempts, so that we don't enter an endless loop here. */
+                n++;
+
+                /* The bridge doesn't exist yet. Let's create it */
+                r = create_bridge(rtnl, bridge_name);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
+
+                /* Try again, now that the bridge exists */
+        }
+}
+
+int remove_bridge(const char *bridge_name) {
+        _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        const char *path;
+        int r;
+
+        /* Removes the specified bridge, but only if it is currently empty */
+
+        if (isempty(bridge_name))
+                return 0;
+
+        r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
+        if (r < 0)
+                return log_error_errno(r, "Failed to take network zone lock: %m");
+
+        path = strjoina("/sys/class/net/", bridge_name, "/brif");
+
+        r = dir_is_empty(path);
+        if (r == -ENOENT) /* Already gone? */
+                return 0;
+        if (r < 0)
+                return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
+        if (r == 0) /* Still populated, leave it around */
+                return 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        return remove_one_link(rtnl, bridge_name);
+}
+
+static int parse_interface(struct udev *udev, const char *name) {
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        char ifi_str[2 + DECIMAL_STR_MAX(int)];
+        int ifi;
+
+        ifi = (int) if_nametoindex(name);
+        if (ifi <= 0)
+                return log_error_errno(errno, "Failed to resolve interface %s: %m", name);
+
+        sprintf(ifi_str, "n%i", ifi);
+        d = udev_device_new_from_device_id(udev, ifi_str);
+        if (!d)
+                return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name);
+
+        if (udev_device_get_is_initialized(d) <= 0) {
+                log_error("Network interface %s is not initialized yet.", name);
+                return -EBUSY;
+        }
+
+        return ifi;
+}
+
+int move_network_interfaces(pid_t pid, char **ifaces) {
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        char **i;
+        int r;
+
+        if (strv_isempty(ifaces))
+                return 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        udev = udev_new();
+        if (!udev) {
+                log_error("Failed to connect to udev.");
+                return -ENOMEM;
+        }
+
+        STRV_FOREACH(i, ifaces) {
+                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+                int ifi;
+
+                ifi = parse_interface(udev, *i);
+                if (ifi < 0)
+                        return ifi;
+
+                r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to allocate netlink message: %m");
+
+                r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
+
+                r = sd_netlink_call(rtnl, m, 0, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
+        }
+
+        return 0;
+}
+
+int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        unsigned idx = 0;
+        char **i;
+        int r;
+
+        if (strv_isempty(ifaces))
+                return 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        udev = udev_new();
+        if (!udev) {
+                log_error("Failed to connect to udev.");
+                return -ENOMEM;
+        }
+
+        STRV_FOREACH(i, ifaces) {
+                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+                _cleanup_free_ char *n = NULL;
+                struct ether_addr mac;
+                int ifi;
+
+                ifi = parse_interface(udev, *i);
+                if (ifi < 0)
+                        return ifi;
+
+                r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
+
+                r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to allocate netlink message: %m");
+
+                r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink interface index: %m");
+
+                n = strappend("mv-", *i);
+                if (!n)
+                        return log_oom();
+
+                strshorten(n, IFNAMSIZ-1);
+
+                r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink interface name: %m");
+
+                r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink MAC address: %m");
+
+                r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink namespace field: %m");
+
+                r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to open netlink container: %m");
+
+                r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
+                if (r < 0)
+                        return log_error_errno(r, "Failed to open netlink container: %m");
+
+                r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to append macvlan mode: %m");
+
+                r = sd_netlink_message_close_container(m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to close netlink container: %m");
+
+                r = sd_netlink_message_close_container(m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to close netlink container: %m");
+
+                r = sd_netlink_call(rtnl, m, 0, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
+        }
+
+        return 0;
+}
+
+int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        char **i;
+        int r;
+
+        if (strv_isempty(ifaces))
+                return 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        udev = udev_new();
+        if (!udev) {
+                log_error("Failed to connect to udev.");
+                return -ENOMEM;
+        }
+
+        STRV_FOREACH(i, ifaces) {
+                _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+                _cleanup_free_ char *n = NULL;
+                int ifi;
+
+                ifi = parse_interface(udev, *i);
+                if (ifi < 0)
+                        return ifi;
+
+                r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to allocate netlink message: %m");
+
+                r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink interface index: %m");
+
+                n = strappend("iv-", *i);
+                if (!n)
+                        return log_oom();
+
+                strshorten(n, IFNAMSIZ-1);
+
+                r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink interface name: %m");
+
+                r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add netlink namespace field: %m");
+
+                r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to open netlink container: %m");
+
+                r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
+                if (r < 0)
+                        return log_error_errno(r, "Failed to open netlink container: %m");
+
+                r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add ipvlan mode: %m");
+
+                r = sd_netlink_message_close_container(m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to close netlink container: %m");
+
+                r = sd_netlink_message_close_container(m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to close netlink container: %m");
+
+                r = sd_netlink_call(rtnl, m, 0, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
+        }
+
+        return 0;
+}
+
+int veth_extra_parse(char ***l, const char *p) {
+        _cleanup_free_ char *a = NULL, *b = NULL;
+        int r;
+
+        r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+        if (r < 0)
+                return r;
+        if (r == 0 || !ifname_valid(a))
+                return -EINVAL;
+
+        r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+        if (r < 0)
+                return r;
+        if (r == 0 || !ifname_valid(b)) {
+                free(b);
+                b = strdup(a);
+                if (!b)
+                        return -ENOMEM;
+        }
+
+        if (p)
+                return -EINVAL;
+
+        r = strv_push_pair(l, a, b);
+        if (r < 0)
+                return -ENOMEM;
+
+        a = b = NULL;
+        return 0;
+}
+
+int remove_veth_links(const char *primary, char **pairs) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        char **a, **b;
+        int r;
+
+        /* In some cases the kernel might pin the veth links between host and container even after the namespace
+         * died. Hence, let's better remove them explicitly too. */
+
+        if (isempty(primary) && strv_isempty(pairs))
+                return 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        remove_one_link(rtnl, primary);
+
+        STRV_FOREACH_PAIR(a, b, pairs)
+                remove_one_link(rtnl, *a);
+
+        return 0;
+}
diff --git a/src/nspawn/nspawn-network.h b/src/systemd-nspawn/nspawn-network.h
index 3d8861e1e5..3d8861e1e5 100644
--- a/src/nspawn/nspawn-network.h
+++ b/src/systemd-nspawn/nspawn-network.h
diff --git a/src/nspawn/nspawn-patch-uid.c b/src/systemd-nspawn/nspawn-patch-uid.c
index c7382d412d..c7382d412d 100644
--- a/src/nspawn/nspawn-patch-uid.c
+++ b/src/systemd-nspawn/nspawn-patch-uid.c
diff --git a/src/nspawn/nspawn-patch-uid.h b/src/systemd-nspawn/nspawn-patch-uid.h
index 55d0990016..55d0990016 100644
--- a/src/nspawn/nspawn-patch-uid.h
+++ b/src/systemd-nspawn/nspawn-patch-uid.h
diff --git a/src/systemd-nspawn/nspawn-register.c b/src/systemd-nspawn/nspawn-register.c
new file mode 100644
index 0000000000..adef200cb5
--- /dev/null
+++ b/src/systemd-nspawn/nspawn-register.c
@@ -0,0 +1,236 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-bus.h>
+
+#include "bus-error.h"
+#include "bus-unit-util.h"
+#include "bus-util.h"
+#include "nspawn-register.h"
+#include "stat-util.h"
+#include "strv.h"
+#include "util.h"
+
+int register_machine(
+                const char *machine_name,
+                pid_t pid,
+                const char *directory,
+                sd_id128_t uuid,
+                int local_ifindex,
+                const char *slice,
+                CustomMount *mounts,
+                unsigned n_mounts,
+                int kill_signal,
+                char **properties,
+                bool keep_unit,
+                const char *service) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        int r;
+
+        r = sd_bus_default_system(&bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to open system bus: %m");
+
+        if (keep_unit) {
+                r = sd_bus_call_method(
+                                bus,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "RegisterMachineWithNetwork",
+                                &error,
+                                NULL,
+                                "sayssusai",
+                                machine_name,
+                                SD_BUS_MESSAGE_APPEND_ID128(uuid),
+                                service,
+                                "container",
+                                (uint32_t) pid,
+                                strempty(directory),
+                                local_ifindex > 0 ? 1 : 0, local_ifindex);
+        } else {
+                _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+                char **i;
+                unsigned j;
+
+                r = sd_bus_message_new_method_call(
+                                bus,
+                                &m,
+                                "org.freedesktop.machine1",
+                                "/org/freedesktop/machine1",
+                                "org.freedesktop.machine1.Manager",
+                                "CreateMachineWithNetwork");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append(
+                                m,
+                                "sayssusai",
+                                machine_name,
+                                SD_BUS_MESSAGE_APPEND_ID128(uuid),
+                                service,
+                                "container",
+                                (uint32_t) pid,
+                                strempty(directory),
+                                local_ifindex > 0 ? 1 : 0, local_ifindex);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_open_container(m, 'a', "(sv)");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                if (!isempty(slice)) {
+                        r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
+                        if (r < 0)
+                                return bus_log_create_error(r);
+                }
+
+                r = sd_bus_message_append(m, "(sv)", "DevicePolicy", "s", "strict");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                /* If you make changes here, also make sure to update
+                 * systemd-nspawn@.service, to keep the device
+                 * policies in sync regardless if we are run with or
+                 * without the --keep-unit switch. */
+                r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9,
+                                          /* Allow the container to
+                                           * access and create the API
+                                           * device nodes, so that
+                                           * PrivateDevices= in the
+                                           * container can work
+                                           * fine */
+                                          "/dev/null", "rwm",
+                                          "/dev/zero", "rwm",
+                                          "/dev/full", "rwm",
+                                          "/dev/random", "rwm",
+                                          "/dev/urandom", "rwm",
+                                          "/dev/tty", "rwm",
+                                          "/dev/net/tun", "rwm",
+                                          /* Allow the container
+                                           * access to ptys. However,
+                                           * do not permit the
+                                           * container to ever create
+                                           * these device nodes. */
+                                          "/dev/pts/ptmx", "rw",
+                                          "char-pts", "rw");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                for (j = 0; j < n_mounts; j++) {
+                        CustomMount *cm = mounts + j;
+
+                        if (cm->type != CUSTOM_MOUNT_BIND)
+                                continue;
+
+                        r = is_device_node(cm->source);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to stat %s: %m", cm->source);
+
+                        if (r) {
+                                r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1,
+                                        cm->source, cm->read_only ? "r" : "rw");
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to append message arguments: %m");
+                        }
+                }
+
+                if (kill_signal != 0) {
+                        r = sd_bus_message_append(m, "(sv)", "KillSignal", "i", kill_signal);
+                        if (r < 0)
+                                return bus_log_create_error(r);
+
+                        r = sd_bus_message_append(m, "(sv)", "KillMode", "s", "mixed");
+                        if (r < 0)
+                                return bus_log_create_error(r);
+                }
+
+                STRV_FOREACH(i, properties) {
+                        r = bus_append_unit_property_assignment(m, *i);
+                        if (r < 0)
+                                return r;
+                }
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_call(bus, m, 0, &error, NULL);
+        }
+
+        if (r < 0) {
+                log_error("Failed to register machine: %s", bus_error_message(&error, r));
+                return r;
+        }
+
+        return 0;
+}
+
+int terminate_machine(pid_t pid) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        const char *path;
+        int r;
+
+        r = sd_bus_default_system(&bus);
+        if (r < 0)
+                return log_error_errno(r, "Failed to open system bus: %m");
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.machine1",
+                        "/org/freedesktop/machine1",
+                        "org.freedesktop.machine1.Manager",
+                        "GetMachineByPID",
+                        &error,
+                        &reply,
+                        "u",
+                        (uint32_t) pid);
+        if (r < 0) {
+                /* Note that the machine might already have been
+                 * cleaned up automatically, hence don't consider it a
+                 * failure if we cannot get the machine object. */
+                log_debug("Failed to get machine: %s", bus_error_message(&error, r));
+                return 0;
+        }
+
+        r = sd_bus_message_read(reply, "o", &path);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = sd_bus_call_method(
+                        bus,
+                        "org.freedesktop.machine1",
+                        path,
+                        "org.freedesktop.machine1.Machine",
+                        "Terminate",
+                        &error,
+                        NULL,
+                        NULL);
+        if (r < 0) {
+                log_debug("Failed to terminate machine: %s", bus_error_message(&error, r));
+                return 0;
+        }
+
+        return 0;
+}
diff --git a/src/systemd-nspawn/nspawn-register.h b/src/systemd-nspawn/nspawn-register.h
new file mode 100644
index 0000000000..c7a50f7477
--- /dev/null
+++ b/src/systemd-nspawn/nspawn-register.h
@@ -0,0 +1,29 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2015 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/types.h>
+
+#include <systemd/sd-id128.h>
+
+#include "nspawn-mount.h"
+
+int register_machine(const char *machine_name, pid_t pid, const char *directory, sd_id128_t uuid, int local_ifindex, const char *slice, CustomMount *mounts, unsigned n_mounts, int kill_signal, char **properties, bool keep_unit, const char *service);
+int terminate_machine(pid_t pid);
diff --git a/src/nspawn/nspawn-settings.c b/src/systemd-nspawn/nspawn-settings.c
index 5f1522cfb6..5f1522cfb6 100644
--- a/src/nspawn/nspawn-settings.c
+++ b/src/systemd-nspawn/nspawn-settings.c
diff --git a/src/nspawn/nspawn-settings.h b/src/systemd-nspawn/nspawn-settings.h
index 1c47e37912..1c47e37912 100644
--- a/src/nspawn/nspawn-settings.h
+++ b/src/systemd-nspawn/nspawn-settings.h
diff --git a/src/nspawn/nspawn-setuid.c b/src/systemd-nspawn/nspawn-setuid.c
index ee15a47e93..ee15a47e93 100644
--- a/src/nspawn/nspawn-setuid.c
+++ b/src/systemd-nspawn/nspawn-setuid.c
diff --git a/src/nspawn/nspawn-setuid.h b/src/systemd-nspawn/nspawn-setuid.h
index b4968ba1fc..b4968ba1fc 100644
--- a/src/nspawn/nspawn-setuid.h
+++ b/src/systemd-nspawn/nspawn-setuid.h
diff --git a/src/nspawn/nspawn-stub-pid1.c b/src/systemd-nspawn/nspawn-stub-pid1.c
index 2de87e3c63..2de87e3c63 100644
--- a/src/nspawn/nspawn-stub-pid1.c
+++ b/src/systemd-nspawn/nspawn-stub-pid1.c
diff --git a/src/nspawn/nspawn-stub-pid1.h b/src/systemd-nspawn/nspawn-stub-pid1.h
index 36c1aaf5dd..36c1aaf5dd 100644
--- a/src/nspawn/nspawn-stub-pid1.h
+++ b/src/systemd-nspawn/nspawn-stub-pid1.h
diff --git a/src/systemd-nspawn/nspawn.c b/src/systemd-nspawn/nspawn.c
new file mode 100644
index 0000000000..bdf054e5c6
--- /dev/null
+++ b/src/systemd-nspawn/nspawn.c
@@ -0,0 +1,4116 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#ifdef HAVE_BLKID
+#include <blkid/blkid.h>
+#endif
+#include <errno.h>
+#include <getopt.h>
+#include <grp.h>
+#include <linux/loop.h>
+#include <pwd.h>
+#include <sched.h>
+#ifdef HAVE_SECCOMP
+#include <seccomp.h>
+#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/file.h>
+#include <sys/mount.h>
+#include <sys/personality.h>
+#include <sys/prctl.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-id128.h>
+
+#include "alloc-util.h"
+#include "barrier.h"
+#include "base-filesystem.h"
+#include "blkid-util.h"
+#include "btrfs-util.h"
+#include "cap-list.h"
+#include "capability-util.h"
+#include "cgroup-util.h"
+#include "copy.h"
+#include "dev-setup.h"
+#include "env-util.h"
+#include "fd-util.h"
+#include "fdset.h"
+#include "fileio.h"
+#include "formats-util.h"
+#include "fs-util.h"
+#include "gpt.h"
+#include "hostname-util.h"
+#include "log.h"
+#include "loopback-setup.h"
+#include "machine-id-setup.h"
+#include "machine-image.h"
+#include "macro.h"
+#include "missing.h"
+#include "mkdir.h"
+#include "mount-util.h"
+#include "netlink-util.h"
+#include "nspawn-cgroup.h"
+#include "nspawn-expose-ports.h"
+#include "nspawn-mount.h"
+#include "nspawn-network.h"
+#include "nspawn-patch-uid.h"
+#include "nspawn-register.h"
+#include "nspawn-settings.h"
+#include "nspawn-setuid.h"
+#include "nspawn-stub-pid1.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "process-util.h"
+#include "ptyfwd.h"
+#include "random-util.h"
+#include "rm-rf.h"
+#ifdef HAVE_SECCOMP
+#include "seccomp-util.h"
+#endif
+#include "selinux-util.h"
+#include "signal-util.h"
+#include "socket-util.h"
+#include "stat-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "udev-util.h"
+#include "umask-util.h"
+#include "user-util.h"
+#include "util.h"
+
+/* Note that devpts's gid= parameter parses GIDs as signed values, hence we stay away from the upper half of the 32bit
+ * UID range here */
+#define UID_SHIFT_PICK_MIN ((uid_t) UINT32_C(0x00080000))
+#define UID_SHIFT_PICK_MAX ((uid_t) UINT32_C(0x6FFF0000))
+
+typedef enum ContainerStatus {
+        CONTAINER_TERMINATED,
+        CONTAINER_REBOOTED
+} ContainerStatus;
+
+typedef enum LinkJournal {
+        LINK_NO,
+        LINK_AUTO,
+        LINK_HOST,
+        LINK_GUEST
+} LinkJournal;
+
+static char *arg_directory = NULL;
+static char *arg_template = NULL;
+static char *arg_chdir = NULL;
+static char *arg_user = NULL;
+static sd_id128_t arg_uuid = {};
+static char *arg_machine = NULL;
+static const char *arg_selinux_context = NULL;
+static const char *arg_selinux_apifs_context = NULL;
+static const char *arg_slice = NULL;
+static bool arg_private_network = false;
+static bool arg_read_only = false;
+static StartMode arg_start_mode = START_PID1;
+static bool arg_ephemeral = false;
+static LinkJournal arg_link_journal = LINK_AUTO;
+static bool arg_link_journal_try = false;
+static uint64_t arg_retain =
+        (1ULL << CAP_CHOWN) |
+        (1ULL << CAP_DAC_OVERRIDE) |
+        (1ULL << CAP_DAC_READ_SEARCH) |
+        (1ULL << CAP_FOWNER) |
+        (1ULL << CAP_FSETID) |
+        (1ULL << CAP_IPC_OWNER) |
+        (1ULL << CAP_KILL) |
+        (1ULL << CAP_LEASE) |
+        (1ULL << CAP_LINUX_IMMUTABLE) |
+        (1ULL << CAP_NET_BIND_SERVICE) |
+        (1ULL << CAP_NET_BROADCAST) |
+        (1ULL << CAP_NET_RAW) |
+        (1ULL << CAP_SETGID) |
+        (1ULL << CAP_SETFCAP) |
+        (1ULL << CAP_SETPCAP) |
+        (1ULL << CAP_SETUID) |
+        (1ULL << CAP_SYS_ADMIN) |
+        (1ULL << CAP_SYS_CHROOT) |
+        (1ULL << CAP_SYS_NICE) |
+        (1ULL << CAP_SYS_PTRACE) |
+        (1ULL << CAP_SYS_TTY_CONFIG) |
+        (1ULL << CAP_SYS_RESOURCE) |
+        (1ULL << CAP_SYS_BOOT) |
+        (1ULL << CAP_AUDIT_WRITE) |
+        (1ULL << CAP_AUDIT_CONTROL) |
+        (1ULL << CAP_MKNOD);
+static CustomMount *arg_custom_mounts = NULL;
+static unsigned arg_n_custom_mounts = 0;
+static char **arg_setenv = NULL;
+static bool arg_quiet = false;
+static bool arg_share_system = false;
+static bool arg_register = true;
+static bool arg_keep_unit = false;
+static char **arg_network_interfaces = NULL;
+static char **arg_network_macvlan = NULL;
+static char **arg_network_ipvlan = NULL;
+static bool arg_network_veth = false;
+static char **arg_network_veth_extra = NULL;
+static char *arg_network_bridge = NULL;
+static char *arg_network_zone = NULL;
+static unsigned long arg_personality = PERSONALITY_INVALID;
+static char *arg_image = NULL;
+static VolatileMode arg_volatile_mode = VOLATILE_NO;
+static ExposePort *arg_expose_ports = NULL;
+static char **arg_property = NULL;
+static UserNamespaceMode arg_userns_mode = USER_NAMESPACE_NO;
+static uid_t arg_uid_shift = UID_INVALID, arg_uid_range = 0x10000U;
+static bool arg_userns_chown = false;
+static int arg_kill_signal = 0;
+static bool arg_unified_cgroup_hierarchy = false;
+static SettingsMask arg_settings_mask = 0;
+static int arg_settings_trusted = -1;
+static char **arg_parameters = NULL;
+static const char *arg_container_service_name = "systemd-nspawn";
+
+static void help(void) {
+        printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
+               "Spawn a minimal namespace container for debugging, testing and building.\n\n"
+               "  -h --help                 Show this help\n"
+               "     --version              Print version string\n"
+               "  -q --quiet                Do not show status information\n"
+               "  -D --directory=PATH       Root directory for the container\n"
+               "     --template=PATH        Initialize root directory from template directory,\n"
+               "                            if missing\n"
+               "  -x --ephemeral            Run container with snapshot of root directory, and\n"
+               "                            remove it after exit\n"
+               "  -i --image=PATH           File system device or disk image for the container\n"
+               "  -a --as-pid2              Maintain a stub init as PID1, invoke binary as PID2\n"
+               "  -b --boot                 Boot up full system (i.e. invoke init)\n"
+               "     --chdir=PATH           Set working directory in the container\n"
+               "  -u --user=USER            Run the command under specified user or uid\n"
+               "  -M --machine=NAME         Set the machine name for the container\n"
+               "     --uuid=UUID            Set a specific machine UUID for the container\n"
+               "  -S --slice=SLICE          Place the container in the specified slice\n"
+               "     --property=NAME=VALUE  Set scope unit property\n"
+               "  -U --private-users=pick   Run within user namespace, pick UID/GID range automatically\n"
+               "     --private-users[=UIDBASE[:NUIDS]]\n"
+               "                            Run within user namespace, user configured UID/GID range\n"
+               "     --private-user-chown   Adjust OS tree file ownership for private UID/GID range\n"
+               "     --private-network      Disable network in container\n"
+               "     --network-interface=INTERFACE\n"
+               "                            Assign an existing network interface to the\n"
+               "                            container\n"
+               "     --network-macvlan=INTERFACE\n"
+               "                            Create a macvlan network interface based on an\n"
+               "                            existing network interface to the container\n"
+               "     --network-ipvlan=INTERFACE\n"
+               "                            Create a ipvlan network interface based on an\n"
+               "                            existing network interface to the container\n"
+               "  -n --network-veth         Add a virtual Ethernet connection between host\n"
+               "                            and container\n"
+               "     --network-veth-extra=HOSTIF[:CONTAINERIF]\n"
+               "                            Add an additional virtual Ethernet link between\n"
+               "                            host and container\n"
+               "     --network-bridge=INTERFACE\n"
+               "                            Add a virtual Ethernet connection between host\n"
+               "                            and container and add it to an existing bridge on\n"
+               "                            the host\n"
+               "     --network-zone=NAME    Add a virtual Ethernet connection to the container,\n"
+               "                            and add it to an automatically managed bridge interface\n"
+               "  -p --port=[PROTOCOL:]HOSTPORT[:CONTAINERPORT]\n"
+               "                            Expose a container IP port on the host\n"
+               "  -Z --selinux-context=SECLABEL\n"
+               "                            Set the SELinux security context to be used by\n"
+               "                            processes in the container\n"
+               "  -L --selinux-apifs-context=SECLABEL\n"
+               "                            Set the SELinux security context to be used by\n"
+               "                            API/tmpfs file systems in the container\n"
+               "     --capability=CAP       In addition to the default, retain specified\n"
+               "                            capability\n"
+               "     --drop-capability=CAP  Drop the specified capability from the default set\n"
+               "     --kill-signal=SIGNAL   Select signal to use for shutting down PID 1\n"
+               "     --link-journal=MODE    Link up guest journal, one of no, auto, guest, \n"
+               "                            host, try-guest, try-host\n"
+               "  -j                        Equivalent to --link-journal=try-guest\n"
+               "     --read-only            Mount the root directory read-only\n"
+               "     --bind=PATH[:PATH[:OPTIONS]]\n"
+               "                            Bind mount a file or directory from the host into\n"
+               "                            the container\n"
+               "     --bind-ro=PATH[:PATH[:OPTIONS]\n"
+               "                            Similar, but creates a read-only bind mount\n"
+               "     --tmpfs=PATH:[OPTIONS] Mount an empty tmpfs to the specified directory\n"
+               "     --overlay=PATH[:PATH...]:PATH\n"
+               "                            Create an overlay mount from the host to \n"
+               "                            the container\n"
+               "     --overlay-ro=PATH[:PATH...]:PATH\n"
+               "                            Similar, but creates a read-only overlay mount\n"
+               "  -E --setenv=NAME=VALUE    Pass an environment variable to PID 1\n"
+               "     --share-system         Share system namespaces with host\n"
+               "     --register=BOOLEAN     Register container as machine\n"
+               "     --keep-unit            Do not register a scope for the machine, reuse\n"
+               "                            the service unit nspawn is running in\n"
+               "     --volatile[=MODE]      Run the system in volatile mode\n"
+               "     --settings=BOOLEAN     Load additional settings from .nspawn file\n"
+               , program_invocation_short_name);
+}
+
+
+static int custom_mounts_prepare(void) {
+        unsigned i;
+        int r;
+
+        /* Ensure the mounts are applied prefix first. */
+        qsort_safe(arg_custom_mounts, arg_n_custom_mounts, sizeof(CustomMount), custom_mount_compare);
+
+        /* Allocate working directories for the overlay file systems that need it */
+        for (i = 0; i < arg_n_custom_mounts; i++) {
+                CustomMount *m = &arg_custom_mounts[i];
+
+                if (path_equal(m->destination, "/") && arg_userns_mode != USER_NAMESPACE_NO) {
+
+                        if (arg_userns_chown) {
+                                log_error("--private-users-chown may not be combined with custom root mounts.");
+                                return -EINVAL;
+                        } else if (arg_uid_shift == UID_INVALID) {
+                                log_error("--private-users with automatic UID shift may not be combined with custom root mounts.");
+                                return -EINVAL;
+                        }
+                }
+
+                if (m->type != CUSTOM_MOUNT_OVERLAY)
+                        continue;
+
+                if (m->work_dir)
+                        continue;
+
+                if (m->read_only)
+                        continue;
+
+                r = tempfn_random(m->source, NULL, &m->work_dir);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to generate work directory from %s: %m", m->source);
+        }
+
+        return 0;
+}
+
+static int detect_unified_cgroup_hierarchy(void) {
+        const char *e;
+        int r;
+
+        /* Allow the user to control whether the unified hierarchy is used */
+        e = getenv("UNIFIED_CGROUP_HIERARCHY");
+        if (e) {
+                r = parse_boolean(e);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to parse $UNIFIED_CGROUP_HIERARCHY.");
+
+                arg_unified_cgroup_hierarchy = r;
+                return 0;
+        }
+
+        /* Otherwise inherit the default from the host system */
+        r = cg_unified();
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine whether the unified cgroups hierarchy is used: %m");
+
+        arg_unified_cgroup_hierarchy = r;
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_PRIVATE_NETWORK,
+                ARG_UUID,
+                ARG_READ_ONLY,
+                ARG_CAPABILITY,
+                ARG_DROP_CAPABILITY,
+                ARG_LINK_JOURNAL,
+                ARG_BIND,
+                ARG_BIND_RO,
+                ARG_TMPFS,
+                ARG_OVERLAY,
+                ARG_OVERLAY_RO,
+                ARG_SHARE_SYSTEM,
+                ARG_REGISTER,
+                ARG_KEEP_UNIT,
+                ARG_NETWORK_INTERFACE,
+                ARG_NETWORK_MACVLAN,
+                ARG_NETWORK_IPVLAN,
+                ARG_NETWORK_BRIDGE,
+                ARG_NETWORK_ZONE,
+                ARG_NETWORK_VETH_EXTRA,
+                ARG_PERSONALITY,
+                ARG_VOLATILE,
+                ARG_TEMPLATE,
+                ARG_PROPERTY,
+                ARG_PRIVATE_USERS,
+                ARG_KILL_SIGNAL,
+                ARG_SETTINGS,
+                ARG_CHDIR,
+                ARG_PRIVATE_USERS_CHOWN,
+        };
+
+        static const struct option options[] = {
+                { "help",                  no_argument,       NULL, 'h'                   },
+                { "version",               no_argument,       NULL, ARG_VERSION           },
+                { "directory",             required_argument, NULL, 'D'                   },
+                { "template",              required_argument, NULL, ARG_TEMPLATE          },
+                { "ephemeral",             no_argument,       NULL, 'x'                   },
+                { "user",                  required_argument, NULL, 'u'                   },
+                { "private-network",       no_argument,       NULL, ARG_PRIVATE_NETWORK   },
+                { "as-pid2",               no_argument,       NULL, 'a'                   },
+                { "boot",                  no_argument,       NULL, 'b'                   },
+                { "uuid",                  required_argument, NULL, ARG_UUID              },
+                { "read-only",             no_argument,       NULL, ARG_READ_ONLY         },
+                { "capability",            required_argument, NULL, ARG_CAPABILITY        },
+                { "drop-capability",       required_argument, NULL, ARG_DROP_CAPABILITY   },
+                { "link-journal",          required_argument, NULL, ARG_LINK_JOURNAL      },
+                { "bind",                  required_argument, NULL, ARG_BIND              },
+                { "bind-ro",               required_argument, NULL, ARG_BIND_RO           },
+                { "tmpfs",                 required_argument, NULL, ARG_TMPFS             },
+                { "overlay",               required_argument, NULL, ARG_OVERLAY           },
+                { "overlay-ro",            required_argument, NULL, ARG_OVERLAY_RO        },
+                { "machine",               required_argument, NULL, 'M'                   },
+                { "slice",                 required_argument, NULL, 'S'                   },
+                { "setenv",                required_argument, NULL, 'E'                   },
+                { "selinux-context",       required_argument, NULL, 'Z'                   },
+                { "selinux-apifs-context", required_argument, NULL, 'L'                   },
+                { "quiet",                 no_argument,       NULL, 'q'                   },
+                { "share-system",          no_argument,       NULL, ARG_SHARE_SYSTEM      },
+                { "register",              required_argument, NULL, ARG_REGISTER          },
+                { "keep-unit",             no_argument,       NULL, ARG_KEEP_UNIT         },
+                { "network-interface",     required_argument, NULL, ARG_NETWORK_INTERFACE },
+                { "network-macvlan",       required_argument, NULL, ARG_NETWORK_MACVLAN   },
+                { "network-ipvlan",        required_argument, NULL, ARG_NETWORK_IPVLAN    },
+                { "network-veth",          no_argument,       NULL, 'n'                   },
+                { "network-veth-extra",    required_argument, NULL, ARG_NETWORK_VETH_EXTRA},
+                { "network-bridge",        required_argument, NULL, ARG_NETWORK_BRIDGE    },
+                { "network-zone",          required_argument, NULL, ARG_NETWORK_ZONE      },
+                { "personality",           required_argument, NULL, ARG_PERSONALITY       },
+                { "image",                 required_argument, NULL, 'i'                   },
+                { "volatile",              optional_argument, NULL, ARG_VOLATILE          },
+                { "port",                  required_argument, NULL, 'p'                   },
+                { "property",              required_argument, NULL, ARG_PROPERTY          },
+                { "private-users",         optional_argument, NULL, ARG_PRIVATE_USERS     },
+                { "private-users-chown",   optional_argument, NULL, ARG_PRIVATE_USERS_CHOWN},
+                { "kill-signal",           required_argument, NULL, ARG_KILL_SIGNAL       },
+                { "settings",              required_argument, NULL, ARG_SETTINGS          },
+                { "chdir",                 required_argument, NULL, ARG_CHDIR             },
+                {}
+        };
+
+        int c, r;
+        const char *p, *e;
+        uint64_t plus = 0, minus = 0;
+        bool mask_all_settings = false, mask_no_settings = false;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "+hD:u:abL:M:jS:Z:qi:xp:nU", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case 'D':
+                        r = parse_path_argument_and_warn(optarg, false, &arg_directory);
+                        if (r < 0)
+                                return r;
+                        break;
+
+                case ARG_TEMPLATE:
+                        r = parse_path_argument_and_warn(optarg, false, &arg_template);
+                        if (r < 0)
+                                return r;
+                        break;
+
+                case 'i':
+                        r = parse_path_argument_and_warn(optarg, false, &arg_image);
+                        if (r < 0)
+                                return r;
+                        break;
+
+                case 'x':
+                        arg_ephemeral = true;
+                        break;
+
+                case 'u':
+                        r = free_and_strdup(&arg_user, optarg);
+                        if (r < 0)
+                                return log_oom();
+
+                        arg_settings_mask |= SETTING_USER;
+                        break;
+
+                case ARG_NETWORK_ZONE: {
+                        char *j;
+
+                        j = strappend("vz-", optarg);
+                        if (!j)
+                                return log_oom();
+
+                        if (!ifname_valid(j)) {
+                                log_error("Network zone name not valid: %s", j);
+                                free(j);
+                                return -EINVAL;
+                        }
+
+                        free(arg_network_zone);
+                        arg_network_zone = j;
+
+                        arg_network_veth = true;
+                        arg_private_network = true;
+                        arg_settings_mask |= SETTING_NETWORK;
+                        break;
+                }
+
+                case ARG_NETWORK_BRIDGE:
+
+                        if (!ifname_valid(optarg)) {
+                                log_error("Bridge interface name not valid: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        r = free_and_strdup(&arg_network_bridge, optarg);
+                        if (r < 0)
+                                return log_oom();
+
+                        /* fall through */
+
+                case 'n':
+                        arg_network_veth = true;
+                        arg_private_network = true;
+                        arg_settings_mask |= SETTING_NETWORK;
+                        break;
+
+                case ARG_NETWORK_VETH_EXTRA:
+                        r = veth_extra_parse(&arg_network_veth_extra, optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --network-veth-extra= parameter: %s", optarg);
+
+                        arg_private_network = true;
+                        arg_settings_mask |= SETTING_NETWORK;
+                        break;
+
+                case ARG_NETWORK_INTERFACE:
+
+                        if (!ifname_valid(optarg)) {
+                                log_error("Network interface name not valid: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        if (strv_extend(&arg_network_interfaces, optarg) < 0)
+                                return log_oom();
+
+                        arg_private_network = true;
+                        arg_settings_mask |= SETTING_NETWORK;
+                        break;
+
+                case ARG_NETWORK_MACVLAN:
+
+                        if (!ifname_valid(optarg)) {
+                                log_error("MACVLAN network interface name not valid: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        if (strv_extend(&arg_network_macvlan, optarg) < 0)
+                                return log_oom();
+
+                        arg_private_network = true;
+                        arg_settings_mask |= SETTING_NETWORK;
+                        break;
+
+                case ARG_NETWORK_IPVLAN:
+
+                        if (!ifname_valid(optarg)) {
+                                log_error("IPVLAN network interface name not valid: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        if (strv_extend(&arg_network_ipvlan, optarg) < 0)
+                                return log_oom();
+
+                        /* fall through */
+
+                case ARG_PRIVATE_NETWORK:
+                        arg_private_network = true;
+                        arg_settings_mask |= SETTING_NETWORK;
+                        break;
+
+                case 'b':
+                        if (arg_start_mode == START_PID2) {
+                                log_error("--boot and --as-pid2 may not be combined.");
+                                return -EINVAL;
+                        }
+
+                        arg_start_mode = START_BOOT;
+                        arg_settings_mask |= SETTING_START_MODE;
+                        break;
+
+                case 'a':
+                        if (arg_start_mode == START_BOOT) {
+                                log_error("--boot and --as-pid2 may not be combined.");
+                                return -EINVAL;
+                        }
+
+                        arg_start_mode = START_PID2;
+                        arg_settings_mask |= SETTING_START_MODE;
+                        break;
+
+                case ARG_UUID:
+                        r = sd_id128_from_string(optarg, &arg_uuid);
+                        if (r < 0) {
+                                log_error("Invalid UUID: %s", optarg);
+                                return r;
+                        }
+
+                        arg_settings_mask |= SETTING_MACHINE_ID;
+                        break;
+
+                case 'S':
+                        arg_slice = optarg;
+                        break;
+
+                case 'M':
+                        if (isempty(optarg))
+                                arg_machine = mfree(arg_machine);
+                        else {
+                                if (!machine_name_is_valid(optarg)) {
+                                        log_error("Invalid machine name: %s", optarg);
+                                        return -EINVAL;
+                                }
+
+                                r = free_and_strdup(&arg_machine, optarg);
+                                if (r < 0)
+                                        return log_oom();
+
+                                break;
+                        }
+
+                case 'Z':
+                        arg_selinux_context = optarg;
+                        break;
+
+                case 'L':
+                        arg_selinux_apifs_context = optarg;
+                        break;
+
+                case ARG_READ_ONLY:
+                        arg_read_only = true;
+                        arg_settings_mask |= SETTING_READ_ONLY;
+                        break;
+
+                case ARG_CAPABILITY:
+                case ARG_DROP_CAPABILITY: {
+                        p = optarg;
+                        for (;;) {
+                                _cleanup_free_ char *t = NULL;
+
+                                r = extract_first_word(&p, &t, ",", 0);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse capability %s.", t);
+
+                                if (r == 0)
+                                        break;
+
+                                if (streq(t, "all")) {
+                                        if (c == ARG_CAPABILITY)
+                                                plus = (uint64_t) -1;
+                                        else
+                                                minus = (uint64_t) -1;
+                                } else {
+                                        int cap;
+
+                                        cap = capability_from_name(t);
+                                        if (cap < 0) {
+                                                log_error("Failed to parse capability %s.", t);
+                                                return -EINVAL;
+                                        }
+
+                                        if (c == ARG_CAPABILITY)
+                                                plus |= 1ULL << (uint64_t) cap;
+                                        else
+                                                minus |= 1ULL << (uint64_t) cap;
+                                }
+                        }
+
+                        arg_settings_mask |= SETTING_CAPABILITY;
+                        break;
+                }
+
+                case 'j':
+                        arg_link_journal = LINK_GUEST;
+                        arg_link_journal_try = true;
+                        break;
+
+                case ARG_LINK_JOURNAL:
+                        if (streq(optarg, "auto")) {
+                                arg_link_journal = LINK_AUTO;
+                                arg_link_journal_try = false;
+                        } else if (streq(optarg, "no")) {
+                                arg_link_journal = LINK_NO;
+                                arg_link_journal_try = false;
+                        } else if (streq(optarg, "guest")) {
+                                arg_link_journal = LINK_GUEST;
+                                arg_link_journal_try = false;
+                        } else if (streq(optarg, "host")) {
+                                arg_link_journal = LINK_HOST;
+                                arg_link_journal_try = false;
+                        } else if (streq(optarg, "try-guest")) {
+                                arg_link_journal = LINK_GUEST;
+                                arg_link_journal_try = true;
+                        } else if (streq(optarg, "try-host")) {
+                                arg_link_journal = LINK_HOST;
+                                arg_link_journal_try = true;
+                        } else {
+                                log_error("Failed to parse link journal mode %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        break;
+
+                case ARG_BIND:
+                case ARG_BIND_RO:
+                        r = bind_mount_parse(&arg_custom_mounts, &arg_n_custom_mounts, optarg, c == ARG_BIND_RO);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --bind(-ro)= argument %s: %m", optarg);
+
+                        arg_settings_mask |= SETTING_CUSTOM_MOUNTS;
+                        break;
+
+                case ARG_TMPFS:
+                        r = tmpfs_mount_parse(&arg_custom_mounts, &arg_n_custom_mounts, optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse --tmpfs= argument %s: %m", optarg);
+
+                        arg_settings_mask |= SETTING_CUSTOM_MOUNTS;
+                        break;
+
+                case ARG_OVERLAY:
+                case ARG_OVERLAY_RO: {
+                        _cleanup_free_ char *upper = NULL, *destination = NULL;
+                        _cleanup_strv_free_ char **lower = NULL;
+                        CustomMount *m;
+                        unsigned n = 0;
+                        char **i;
+
+                        r = strv_split_extract(&lower, optarg, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+                        if (r == -ENOMEM)
+                                return log_oom();
+                        else if (r < 0) {
+                                log_error("Invalid overlay specification: %s", optarg);
+                                return r;
+                        }
+
+                        STRV_FOREACH(i, lower) {
+                                if (!path_is_absolute(*i)) {
+                                        log_error("Overlay path %s is not absolute.", *i);
+                                        return -EINVAL;
+                                }
+
+                                n++;
+                        }
+
+                        if (n < 2) {
+                                log_error("--overlay= needs at least two colon-separated directories specified.");
+                                return -EINVAL;
+                        }
+
+                        if (n == 2) {
+                                /* If two parameters are specified,
+                                 * the first one is the lower, the
+                                 * second one the upper directory. And
+                                 * we'll also define the destination
+                                 * mount point the same as the upper. */
+                                upper = lower[1];
+                                lower[1] = NULL;
+
+                                destination = strdup(upper);
+                                if (!destination)
+                                        return log_oom();
+
+                        } else {
+                                upper = lower[n - 2];
+                                destination = lower[n - 1];
+                                lower[n - 2] = NULL;
+                        }
+
+                        m = custom_mount_add(&arg_custom_mounts, &arg_n_custom_mounts, CUSTOM_MOUNT_OVERLAY);
+                        if (!m)
+                                return log_oom();
+
+                        m->destination = destination;
+                        m->source = upper;
+                        m->lower = lower;
+                        m->read_only = c == ARG_OVERLAY_RO;
+
+                        upper = destination = NULL;
+                        lower = NULL;
+
+                        arg_settings_mask |= SETTING_CUSTOM_MOUNTS;
+                        break;
+                }
+
+                case 'E': {
+                        char **n;
+
+                        if (!env_assignment_is_valid(optarg)) {
+                                log_error("Environment variable assignment '%s' is not valid.", optarg);
+                                return -EINVAL;
+                        }
+
+                        n = strv_env_set(arg_setenv, optarg);
+                        if (!n)
+                                return log_oom();
+
+                        strv_free(arg_setenv);
+                        arg_setenv = n;
+
+                        arg_settings_mask |= SETTING_ENVIRONMENT;
+                        break;
+                }
+
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
+                case ARG_SHARE_SYSTEM:
+                        arg_share_system = true;
+                        break;
+
+                case ARG_REGISTER:
+                        r = parse_boolean(optarg);
+                        if (r < 0) {
+                                log_error("Failed to parse --register= argument: %s", optarg);
+                                return r;
+                        }
+
+                        arg_register = r;
+                        break;
+
+                case ARG_KEEP_UNIT:
+                        arg_keep_unit = true;
+                        break;
+
+                case ARG_PERSONALITY:
+
+                        arg_personality = personality_from_string(optarg);
+                        if (arg_personality == PERSONALITY_INVALID) {
+                                log_error("Unknown or unsupported personality '%s'.", optarg);
+                                return -EINVAL;
+                        }
+
+                        arg_settings_mask |= SETTING_PERSONALITY;
+                        break;
+
+                case ARG_VOLATILE:
+
+                        if (!optarg)
+                                arg_volatile_mode = VOLATILE_YES;
+                        else {
+                                VolatileMode m;
+
+                                m = volatile_mode_from_string(optarg);
+                                if (m < 0) {
+                                        log_error("Failed to parse --volatile= argument: %s", optarg);
+                                        return -EINVAL;
+                                } else
+                                        arg_volatile_mode = m;
+                        }
+
+                        arg_settings_mask |= SETTING_VOLATILE_MODE;
+                        break;
+
+                case 'p':
+                        r = expose_port_parse(&arg_expose_ports, optarg);
+                        if (r == -EEXIST)
+                                return log_error_errno(r, "Duplicate port specification: %s", optarg);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse host port %s: %m", optarg);
+
+                        arg_settings_mask |= SETTING_EXPOSE_PORTS;
+                        break;
+
+                case ARG_PROPERTY:
+                        if (strv_extend(&arg_property, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case ARG_PRIVATE_USERS:
+
+                        r = optarg ? parse_boolean(optarg) : 1;
+                        if (r == 0) {
+                                /* no: User namespacing off */
+                                arg_userns_mode = USER_NAMESPACE_NO;
+                                arg_uid_shift = UID_INVALID;
+                                arg_uid_range = UINT32_C(0x10000);
+                        } else if (r > 0) {
+                                /* yes: User namespacing on, UID range is read from root dir */
+                                arg_userns_mode = USER_NAMESPACE_FIXED;
+                                arg_uid_shift = UID_INVALID;
+                                arg_uid_range = UINT32_C(0x10000);
+                        } else if (streq(optarg, "pick")) {
+                                /* pick: User namespacing on, UID range is picked randomly */
+                                arg_userns_mode = USER_NAMESPACE_PICK;
+                                arg_uid_shift = UID_INVALID;
+                                arg_uid_range = UINT32_C(0x10000);
+                        } else {
+                                _cleanup_free_ char *buffer = NULL;
+                                const char *range, *shift;
+
+                                /* anything else: User namespacing on, UID range is explicitly configured */
+
+                                range = strchr(optarg, ':');
+                                if (range) {
+                                        buffer = strndup(optarg, range - optarg);
+                                        if (!buffer)
+                                                return log_oom();
+                                        shift = buffer;
+
+                                        range++;
+                                        if (safe_atou32(range, &arg_uid_range) < 0 || arg_uid_range <= 0) {
+                                                log_error("Failed to parse UID range: %s", range);
+                                                return -EINVAL;
+                                        }
+                                } else
+                                        shift = optarg;
+
+                                if (parse_uid(shift, &arg_uid_shift) < 0) {
+                                        log_error("Failed to parse UID: %s", optarg);
+                                        return -EINVAL;
+                                }
+
+                                arg_userns_mode = USER_NAMESPACE_FIXED;
+                        }
+
+                        arg_settings_mask |= SETTING_USERNS;
+                        break;
+
+                case 'U':
+                        if (userns_supported()) {
+                                arg_userns_mode = USER_NAMESPACE_PICK;
+                                arg_uid_shift = UID_INVALID;
+                                arg_uid_range = UINT32_C(0x10000);
+
+                                arg_settings_mask |= SETTING_USERNS;
+                        }
+
+                        break;
+
+                case ARG_PRIVATE_USERS_CHOWN:
+                        arg_userns_chown = true;
+
+                        arg_settings_mask |= SETTING_USERNS;
+                        break;
+
+                case ARG_KILL_SIGNAL:
+                        arg_kill_signal = signal_from_string_try_harder(optarg);
+                        if (arg_kill_signal < 0) {
+                                log_error("Cannot parse signal: %s", optarg);
+                                return -EINVAL;
+                        }
+
+                        arg_settings_mask |= SETTING_KILL_SIGNAL;
+                        break;
+
+                case ARG_SETTINGS:
+
+                        /* no               → do not read files
+                         * yes              → read files, do not override cmdline, trust only subset
+                         * override         → read files, override cmdline, trust only subset
+                         * trusted          → read files, do not override cmdline, trust all
+                         */
+
+                        r = parse_boolean(optarg);
+                        if (r < 0) {
+                                if (streq(optarg, "trusted")) {
+                                        mask_all_settings = false;
+                                        mask_no_settings = false;
+                                        arg_settings_trusted = true;
+
+                                } else if (streq(optarg, "override")) {
+                                        mask_all_settings = false;
+                                        mask_no_settings = true;
+                                        arg_settings_trusted = -1;
+                                } else
+                                        return log_error_errno(r, "Failed to parse --settings= argument: %s", optarg);
+                        } else if (r > 0) {
+                                /* yes */
+                                mask_all_settings = false;
+                                mask_no_settings = false;
+                                arg_settings_trusted = -1;
+                        } else {
+                                /* no */
+                                mask_all_settings = true;
+                                mask_no_settings = false;
+                                arg_settings_trusted = false;
+                        }
+
+                        break;
+
+                case ARG_CHDIR:
+                        if (!path_is_absolute(optarg)) {
+                                log_error("Working directory %s is not an absolute path.", optarg);
+                                return -EINVAL;
+                        }
+
+                        r = free_and_strdup(&arg_chdir, optarg);
+                        if (r < 0)
+                                return log_oom();
+
+                        arg_settings_mask |= SETTING_WORKING_DIRECTORY;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (arg_share_system)
+                arg_register = false;
+
+        if (arg_userns_mode == USER_NAMESPACE_PICK)
+                arg_userns_chown = true;
+
+        if (arg_start_mode != START_PID1 && arg_share_system) {
+                log_error("--boot and --share-system may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_keep_unit && cg_pid_get_owner_uid(0, NULL) >= 0) {
+                log_error("--keep-unit may not be used when invoked from a user session.");
+                return -EINVAL;
+        }
+
+        if (arg_directory && arg_image) {
+                log_error("--directory= and --image= may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_template && arg_image) {
+                log_error("--template= and --image= may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_template && !(arg_directory || arg_machine)) {
+                log_error("--template= needs --directory= or --machine=.");
+                return -EINVAL;
+        }
+
+        if (arg_ephemeral && arg_template) {
+                log_error("--ephemeral and --template= may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_ephemeral && arg_image) {
+                log_error("--ephemeral and --image= may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_ephemeral && !IN_SET(arg_link_journal, LINK_NO, LINK_AUTO)) {
+                log_error("--ephemeral and --link-journal= may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_userns_mode != USER_NAMESPACE_NO && !userns_supported()) {
+                log_error("--private-users= is not supported, kernel compiled without user namespace support.");
+                return -EOPNOTSUPP;
+        }
+
+        if (arg_userns_chown && arg_read_only) {
+                log_error("--read-only and --private-users-chown may not be combined.");
+                return -EINVAL;
+        }
+
+        if (arg_network_bridge && arg_network_zone) {
+                log_error("--network-bridge= and --network-zone= may not be combined.");
+                return -EINVAL;
+        }
+
+        if (argc > optind) {
+                arg_parameters = strv_copy(argv + optind);
+                if (!arg_parameters)
+                        return log_oom();
+
+                arg_settings_mask |= SETTING_START_MODE;
+        }
+
+        /* Load all settings from .nspawn files */
+        if (mask_no_settings)
+                arg_settings_mask = 0;
+
+        /* Don't load any settings from .nspawn files */
+        if (mask_all_settings)
+                arg_settings_mask = _SETTINGS_MASK_ALL;
+
+        arg_retain = (arg_retain | plus | (arg_private_network ? 1ULL << CAP_NET_ADMIN : 0)) & ~minus;
+
+        r = detect_unified_cgroup_hierarchy();
+        if (r < 0)
+                return r;
+
+        e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
+        if (e)
+                arg_container_service_name = e;
+
+        return 1;
+}
+
+static int verify_arguments(void) {
+
+        if (arg_volatile_mode != VOLATILE_NO && arg_read_only) {
+                log_error("Cannot combine --read-only with --volatile. Note that --volatile already implies a read-only base hierarchy.");
+                return -EINVAL;
+        }
+
+        if (arg_expose_ports && !arg_private_network) {
+                log_error("Cannot use --port= without private networking.");
+                return -EINVAL;
+        }
+
+#ifndef HAVE_LIBIPTC
+        if (arg_expose_ports) {
+                log_error("--port= is not supported, compiled without libiptc support.");
+                return -EOPNOTSUPP;
+        }
+#endif
+
+        if (arg_start_mode == START_BOOT && arg_kill_signal <= 0)
+                arg_kill_signal = SIGRTMIN+3;
+
+        return 0;
+}
+
+static int userns_lchown(const char *p, uid_t uid, gid_t gid) {
+        assert(p);
+
+        if (arg_userns_mode == USER_NAMESPACE_NO)
+                return 0;
+
+        if (uid == UID_INVALID && gid == GID_INVALID)
+                return 0;
+
+        if (uid != UID_INVALID) {
+                uid += arg_uid_shift;
+
+                if (uid < arg_uid_shift || uid >= arg_uid_shift + arg_uid_range)
+                        return -EOVERFLOW;
+        }
+
+        if (gid != GID_INVALID) {
+                gid += (gid_t) arg_uid_shift;
+
+                if (gid < (gid_t) arg_uid_shift || gid >= (gid_t) (arg_uid_shift + arg_uid_range))
+                        return -EOVERFLOW;
+        }
+
+        if (lchown(p, uid, gid) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid_t gid) {
+        const char *q;
+
+        q = prefix_roota(root, path);
+        if (mkdir(q, mode) < 0) {
+                if (errno == EEXIST)
+                        return 0;
+                return -errno;
+        }
+
+        return userns_lchown(q, uid, gid);
+}
+
+static int setup_timezone(const char *dest) {
+        _cleanup_free_ char *p = NULL, *q = NULL;
+        const char *where, *check, *what;
+        char *z, *y;
+        int r;
+
+        assert(dest);
+
+        /* Fix the timezone, if possible */
+        r = readlink_malloc("/etc/localtime", &p);
+        if (r < 0) {
+                log_warning("/etc/localtime is not a symlink, not updating container timezone.");
+                return 0;
+        }
+
+        z = path_startswith(p, "../usr/share/zoneinfo/");
+        if (!z)
+                z = path_startswith(p, "/usr/share/zoneinfo/");
+        if (!z) {
+                log_warning("/etc/localtime does not point into /usr/share/zoneinfo/, not updating container timezone.");
+                return 0;
+        }
+
+        where = prefix_roota(dest, "/etc/localtime");
+        r = readlink_malloc(where, &q);
+        if (r >= 0) {
+                y = path_startswith(q, "../usr/share/zoneinfo/");
+                if (!y)
+                        y = path_startswith(q, "/usr/share/zoneinfo/");
+
+                /* Already pointing to the right place? Then do nothing .. */
+                if (y && streq(y, z))
+                        return 0;
+        }
+
+        check = strjoina("/usr/share/zoneinfo/", z);
+        check = prefix_roota(dest, check);
+        if (laccess(check, F_OK) < 0) {
+                log_warning("Timezone %s does not exist in container, not updating container timezone.", z);
+                return 0;
+        }
+
+        r = unlink(where);
+        if (r < 0 && errno != ENOENT) {
+                log_error_errno(errno, "Failed to remove existing timezone info %s in container: %m", where);
+                return 0;
+        }
+
+        what = strjoina("../usr/share/zoneinfo/", z);
+        if (symlink(what, where) < 0) {
+                log_error_errno(errno, "Failed to correct timezone of container: %m");
+                return 0;
+        }
+
+        r = userns_lchown(where, 0, 0);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to chown /etc/localtime: %m");
+
+        return 0;
+}
+
+static int setup_resolv_conf(const char *dest) {
+        const char *where = NULL;
+        int r;
+
+        assert(dest);
+
+        if (arg_private_network)
+                return 0;
+
+        /* Fix resolv.conf, if possible */
+        where = prefix_roota(dest, "/etc/resolv.conf");
+
+        r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
+        if (r < 0) {
+                /* If the file already exists as symlink, let's
+                 * suppress the warning, under the assumption that
+                 * resolved or something similar runs inside and the
+                 * symlink points there.
+                 *
+                 * If the disk image is read-only, there's also no
+                 * point in complaining.
+                 */
+                log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
+                               "Failed to copy /etc/resolv.conf to %s: %m", where);
+                return 0;
+        }
+
+        r = userns_lchown(where, 0, 0);
+        if (r < 0)
+                log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
+
+        return 0;
+}
+
+static char* id128_format_as_uuid(sd_id128_t id, char s[37]) {
+        assert(s);
+
+        snprintf(s, 37,
+                 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                 SD_ID128_FORMAT_VAL(id));
+
+        return s;
+}
+
+static int setup_boot_id(const char *dest) {
+        const char *from, *to;
+        sd_id128_t rnd = {};
+        char as_uuid[37];
+        int r;
+
+        if (arg_share_system)
+                return 0;
+
+        /* Generate a new randomized boot ID, so that each boot-up of
+         * the container gets a new one */
+
+        from = prefix_roota(dest, "/run/proc-sys-kernel-random-boot-id");
+        to = prefix_roota(dest, "/proc/sys/kernel/random/boot_id");
+
+        r = sd_id128_randomize(&rnd);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate random boot id: %m");
+
+        id128_format_as_uuid(rnd, as_uuid);
+
+        r = write_string_file(from, as_uuid, WRITE_STRING_FILE_CREATE);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write boot id: %m");
+
+        if (mount(from, to, NULL, MS_BIND, NULL) < 0)
+                r = log_error_errno(errno, "Failed to bind mount boot id: %m");
+        else if (mount(NULL, to, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL) < 0)
+                log_warning_errno(errno, "Failed to make boot id read-only: %m");
+
+        unlink(from);
+        return r;
+}
+
+static int copy_devnodes(const char *dest) {
+
+        static const char devnodes[] =
+                "null\0"
+                "zero\0"
+                "full\0"
+                "random\0"
+                "urandom\0"
+                "tty\0"
+                "net/tun\0";
+
+        const char *d;
+        int r = 0;
+        _cleanup_umask_ mode_t u;
+
+        assert(dest);
+
+        u = umask(0000);
+
+        /* Create /dev/net, so that we can create /dev/net/tun in it */
+        if (userns_mkdir(dest, "/dev/net", 0755, 0, 0) < 0)
+                return log_error_errno(r, "Failed to create /dev/net directory: %m");
+
+        NULSTR_FOREACH(d, devnodes) {
+                _cleanup_free_ char *from = NULL, *to = NULL;
+                struct stat st;
+
+                from = strappend("/dev/", d);
+                to = prefix_root(dest, from);
+
+                if (stat(from, &st) < 0) {
+
+                        if (errno != ENOENT)
+                                return log_error_errno(errno, "Failed to stat %s: %m", from);
+
+                } else if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) {
+
+                        log_error("%s is not a char or block device, cannot copy.", from);
+                        return -EIO;
+
+                } else {
+                        if (mknod(to, st.st_mode, st.st_rdev) < 0) {
+                                if (errno != EPERM)
+                                        return log_error_errno(errno, "mknod(%s) failed: %m", to);
+
+                                /* Some systems abusively restrict mknod but
+                                 * allow bind mounts. */
+                                r = touch(to);
+                                if (r < 0)
+                                        return log_error_errno(r, "touch (%s) failed: %m", to);
+                                if (mount(from, to, NULL, MS_BIND, NULL) < 0)
+                                        return log_error_errno(errno, "Both mknod and bind mount (%s) failed: %m", to);
+                        }
+
+                        r = userns_lchown(to, 0, 0);
+                        if (r < 0)
+                                return log_error_errno(r, "chown() of device node %s failed: %m", to);
+                }
+        }
+
+        return r;
+}
+
+static int setup_pts(const char *dest) {
+        _cleanup_free_ char *options = NULL;
+        const char *p;
+        int r;
+
+#ifdef HAVE_SELINUX
+        if (arg_selinux_apifs_context)
+                (void) asprintf(&options,
+                                "newinstance,ptmxmode=0666,mode=620,gid=" GID_FMT ",context=\"%s\"",
+                                arg_uid_shift + TTY_GID,
+                                arg_selinux_apifs_context);
+        else
+#endif
+                (void) asprintf(&options,
+                                "newinstance,ptmxmode=0666,mode=620,gid=" GID_FMT,
+                                arg_uid_shift + TTY_GID);
+
+        if (!options)
+                return log_oom();
+
+        /* Mount /dev/pts itself */
+        p = prefix_roota(dest, "/dev/pts");
+        if (mkdir(p, 0755) < 0)
+                return log_error_errno(errno, "Failed to create /dev/pts: %m");
+        if (mount("devpts", p, "devpts", MS_NOSUID|MS_NOEXEC, options) < 0)
+                return log_error_errno(errno, "Failed to mount /dev/pts: %m");
+        r = userns_lchown(p, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to chown /dev/pts: %m");
+
+        /* Create /dev/ptmx symlink */
+        p = prefix_roota(dest, "/dev/ptmx");
+        if (symlink("pts/ptmx", p) < 0)
+                return log_error_errno(errno, "Failed to create /dev/ptmx symlink: %m");
+        r = userns_lchown(p, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to chown /dev/ptmx: %m");
+
+        /* And fix /dev/pts/ptmx ownership */
+        p = prefix_roota(dest, "/dev/pts/ptmx");
+        r = userns_lchown(p, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to chown /dev/pts/ptmx: %m");
+
+        return 0;
+}
+
+static int setup_dev_console(const char *dest, const char *console) {
+        _cleanup_umask_ mode_t u;
+        const char *to;
+        int r;
+
+        assert(dest);
+        assert(console);
+
+        u = umask(0000);
+
+        r = chmod_and_chown(console, 0600, arg_uid_shift, arg_uid_shift);
+        if (r < 0)
+                return log_error_errno(r, "Failed to correct access mode for TTY: %m");
+
+        /* We need to bind mount the right tty to /dev/console since
+         * ptys can only exist on pts file systems. To have something
+         * to bind mount things on we create a empty regular file. */
+
+        to = prefix_roota(dest, "/dev/console");
+        r = touch(to);
+        if (r < 0)
+                return log_error_errno(r, "touch() for /dev/console failed: %m");
+
+        if (mount(console, to, NULL, MS_BIND, NULL) < 0)
+                return log_error_errno(errno, "Bind mount for /dev/console failed: %m");
+
+        return 0;
+}
+
+static int setup_kmsg(const char *dest, int kmsg_socket) {
+        const char *from, *to;
+        _cleanup_umask_ mode_t u;
+        int fd, r;
+
+        assert(kmsg_socket >= 0);
+
+        u = umask(0000);
+
+        /* We create the kmsg FIFO as /run/kmsg, but immediately
+         * delete it after bind mounting it to /proc/kmsg. While FIFOs
+         * on the reading side behave very similar to /proc/kmsg,
+         * their writing side behaves differently from /dev/kmsg in
+         * that writing blocks when nothing is reading. In order to
+         * avoid any problems with containers deadlocking due to this
+         * we simply make /dev/kmsg unavailable to the container. */
+        from = prefix_roota(dest, "/run/kmsg");
+        to = prefix_roota(dest, "/proc/kmsg");
+
+        if (mkfifo(from, 0600) < 0)
+                return log_error_errno(errno, "mkfifo() for /run/kmsg failed: %m");
+        if (mount(from, to, NULL, MS_BIND, NULL) < 0)
+                return log_error_errno(errno, "Bind mount for /proc/kmsg failed: %m");
+
+        fd = open(from, O_RDWR|O_NDELAY|O_CLOEXEC);
+        if (fd < 0)
+                return log_error_errno(errno, "Failed to open fifo: %m");
+
+        /* Store away the fd in the socket, so that it stays open as
+         * long as we run the child */
+        r = send_one_fd(kmsg_socket, fd, 0);
+        safe_close(fd);
+
+        if (r < 0)
+                return log_error_errno(r, "Failed to send FIFO fd: %m");
+
+        /* And now make the FIFO unavailable as /run/kmsg... */
+        (void) unlink(from);
+
+        return 0;
+}
+
+static int on_address_change(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
+        union in_addr_union *exposed = userdata;
+
+        assert(rtnl);
+        assert(m);
+        assert(exposed);
+
+        expose_port_execute(rtnl, arg_expose_ports, exposed);
+        return 0;
+}
+
+static int setup_hostname(void) {
+
+        if (arg_share_system)
+                return 0;
+
+        if (sethostname_idempotent(arg_machine) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int setup_journal(const char *directory) {
+        sd_id128_t this_id;
+        _cleanup_free_ char *d = NULL;
+        const char *p, *q;
+        bool try;
+        char id[33];
+        int r;
+
+        /* Don't link journals in ephemeral mode */
+        if (arg_ephemeral)
+                return 0;
+
+        if (arg_link_journal == LINK_NO)
+                return 0;
+
+        try = arg_link_journal_try || arg_link_journal == LINK_AUTO;
+
+        r = sd_id128_get_machine(&this_id);
+        if (r < 0)
+                return log_error_errno(r, "Failed to retrieve machine ID: %m");
+
+        if (sd_id128_equal(arg_uuid, this_id)) {
+                log_full(try ? LOG_WARNING : LOG_ERR,
+                         "Host and machine ids are equal (%s): refusing to link journals", sd_id128_to_string(arg_uuid, id));
+                if (try)
+                        return 0;
+                return -EEXIST;
+        }
+
+        r = userns_mkdir(directory, "/var", 0755, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create /var: %m");
+
+        r = userns_mkdir(directory, "/var/log", 0755, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create /var/log: %m");
+
+        r = userns_mkdir(directory, "/var/log/journal", 0755, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create /var/log/journal: %m");
+
+        (void) sd_id128_to_string(arg_uuid, id);
+
+        p = strjoina("/var/log/journal/", id);
+        q = prefix_roota(directory, p);
+
+        if (path_is_mount_point(p, 0) > 0) {
+                if (try)
+                        return 0;
+
+                log_error("%s: already a mount point, refusing to use for journal", p);
+                return -EEXIST;
+        }
+
+        if (path_is_mount_point(q, 0) > 0) {
+                if (try)
+                        return 0;
+
+                log_error("%s: already a mount point, refusing to use for journal", q);
+                return -EEXIST;
+        }
+
+        r = readlink_and_make_absolute(p, &d);
+        if (r >= 0) {
+                if ((arg_link_journal == LINK_GUEST ||
+                     arg_link_journal == LINK_AUTO) &&
+                    path_equal(d, q)) {
+
+                        r = userns_mkdir(directory, p, 0755, 0, 0);
+                        if (r < 0)
+                                log_warning_errno(r, "Failed to create directory %s: %m", q);
+                        return 0;
+                }
+
+                if (unlink(p) < 0)
+                        return log_error_errno(errno, "Failed to remove symlink %s: %m", p);
+        } else if (r == -EINVAL) {
+
+                if (arg_link_journal == LINK_GUEST &&
+                    rmdir(p) < 0) {
+
+                        if (errno == ENOTDIR) {
+                                log_error("%s already exists and is neither a symlink nor a directory", p);
+                                return r;
+                        } else
+                                return log_error_errno(errno, "Failed to remove %s: %m", p);
+                }
+        } else if (r != -ENOENT)
+                return log_error_errno(r, "readlink(%s) failed: %m", p);
+
+        if (arg_link_journal == LINK_GUEST) {
+
+                if (symlink(q, p) < 0) {
+                        if (try) {
+                                log_debug_errno(errno, "Failed to symlink %s to %s, skipping journal setup: %m", q, p);
+                                return 0;
+                        } else
+                                return log_error_errno(errno, "Failed to symlink %s to %s: %m", q, p);
+                }
+
+                r = userns_mkdir(directory, p, 0755, 0, 0);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to create directory %s: %m", q);
+                return 0;
+        }
+
+        if (arg_link_journal == LINK_HOST) {
+                /* don't create parents here — if the host doesn't have
+                 * permanent journal set up, don't force it here */
+
+                if (mkdir(p, 0755) < 0 && errno != EEXIST) {
+                        if (try) {
+                                log_debug_errno(errno, "Failed to create %s, skipping journal setup: %m", p);
+                                return 0;
+                        } else
+                                return log_error_errno(errno, "Failed to create %s: %m", p);
+                }
+
+        } else if (access(p, F_OK) < 0)
+                return 0;
+
+        if (dir_is_empty(q) == 0)
+                log_warning("%s is not empty, proceeding anyway.", q);
+
+        r = userns_mkdir(directory, p, 0755, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create %s: %m", q);
+
+        if (mount(p, q, NULL, MS_BIND, NULL) < 0)
+                return log_error_errno(errno, "Failed to bind mount journal from host into guest: %m");
+
+        return 0;
+}
+
+static int drop_capabilities(void) {
+        return capability_bounding_set_drop(arg_retain, false);
+}
+
+static int reset_audit_loginuid(void) {
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        if (arg_share_system)
+                return 0;
+
+        r = read_one_line_file("/proc/self/loginuid", &p);
+        if (r == -ENOENT)
+                return 0;
+        if (r < 0)
+                return log_error_errno(r, "Failed to read /proc/self/loginuid: %m");
+
+        /* Already reset? */
+        if (streq(p, "4294967295"))
+                return 0;
+
+        r = write_string_file("/proc/self/loginuid", "4294967295", 0);
+        if (r < 0) {
+                log_error_errno(r,
+                                "Failed to reset audit login UID. This probably means that your kernel is too\n"
+                                "old and you have audit enabled. Note that the auditing subsystem is known to\n"
+                                "be incompatible with containers on old kernels. Please make sure to upgrade\n"
+                                "your kernel or to off auditing with 'audit=0' on the kernel command line before\n"
+                                "using systemd-nspawn. Sleeping for 5s... (%m)");
+
+                sleep(5);
+        }
+
+        return 0;
+}
+
+static int setup_seccomp(void) {
+
+#ifdef HAVE_SECCOMP
+        static const struct {
+                uint64_t capability;
+                int syscall_num;
+        } blacklist[] = {
+                { CAP_SYS_RAWIO,  SCMP_SYS(iopl)              },
+                { CAP_SYS_RAWIO,  SCMP_SYS(ioperm)            },
+                { CAP_SYS_BOOT,   SCMP_SYS(kexec_load)        },
+                { CAP_SYS_ADMIN,  SCMP_SYS(swapon)            },
+                { CAP_SYS_ADMIN,  SCMP_SYS(swapoff)           },
+                { CAP_SYS_ADMIN,  SCMP_SYS(open_by_handle_at) },
+                { CAP_SYS_MODULE, SCMP_SYS(init_module)       },
+                { CAP_SYS_MODULE, SCMP_SYS(finit_module)      },
+                { CAP_SYS_MODULE, SCMP_SYS(delete_module)     },
+                { CAP_SYSLOG,     SCMP_SYS(syslog)            },
+        };
+
+        scmp_filter_ctx seccomp;
+        unsigned i;
+        int r;
+
+        seccomp = seccomp_init(SCMP_ACT_ALLOW);
+        if (!seccomp)
+                return log_oom();
+
+        r = seccomp_add_secondary_archs(seccomp);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add secondary archs to seccomp filter: %m");
+                goto finish;
+        }
+
+        for (i = 0; i < ELEMENTSOF(blacklist); i++) {
+                if (arg_retain & (1ULL << blacklist[i].capability))
+                        continue;
+
+                r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i].syscall_num, 0);
+                if (r == -EFAULT)
+                        continue; /* unknown syscall */
+                if (r < 0) {
+                        log_error_errno(r, "Failed to block syscall: %m");
+                        goto finish;
+                }
+        }
+
+        /*
+           Audit is broken in containers, much of the userspace audit
+           hookup will fail if running inside a container. We don't
+           care and just turn off creation of audit sockets.
+
+           This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail
+           with EAFNOSUPPORT which audit userspace uses as indication
+           that audit is disabled in the kernel.
+         */
+
+        r = seccomp_rule_add(
+                        seccomp,
+                        SCMP_ACT_ERRNO(EAFNOSUPPORT),
+                        SCMP_SYS(socket),
+                        2,
+                        SCMP_A0(SCMP_CMP_EQ, AF_NETLINK),
+                        SCMP_A2(SCMP_CMP_EQ, NETLINK_AUDIT));
+        if (r < 0) {
+                log_error_errno(r, "Failed to add audit seccomp rule: %m");
+                goto finish;
+        }
+
+        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+        if (r < 0) {
+                log_error_errno(r, "Failed to unset NO_NEW_PRIVS: %m");
+                goto finish;
+        }
+
+        r = seccomp_load(seccomp);
+        if (r == -EINVAL) {
+                log_debug_errno(r, "Kernel is probably not configured with CONFIG_SECCOMP. Disabling seccomp audit filter: %m");
+                r = 0;
+                goto finish;
+        }
+        if (r < 0) {
+                log_error_errno(r, "Failed to install seccomp audit filter: %m");
+                goto finish;
+        }
+
+finish:
+        seccomp_release(seccomp);
+        return r;
+#else
+        return 0;
+#endif
+
+}
+
+static int setup_propagate(const char *root) {
+        const char *p, *q;
+        int r;
+
+        (void) mkdir_p("/run/systemd/nspawn/", 0755);
+        (void) mkdir_p("/run/systemd/nspawn/propagate", 0600);
+        p = strjoina("/run/systemd/nspawn/propagate/", arg_machine);
+        (void) mkdir_p(p, 0600);
+
+        r = userns_mkdir(root, "/run/systemd", 0755, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create /run/systemd: %m");
+
+        r = userns_mkdir(root, "/run/systemd/nspawn", 0755, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create /run/systemd/nspawn: %m");
+
+        r = userns_mkdir(root, "/run/systemd/nspawn/incoming", 0600, 0, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create /run/systemd/nspawn/incoming: %m");
+
+        q = prefix_roota(root, "/run/systemd/nspawn/incoming");
+        if (mount(p, q, NULL, MS_BIND, NULL) < 0)
+                return log_error_errno(errno, "Failed to install propagation bind mount.");
+
+        if (mount(NULL, q, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0)
+                return log_error_errno(errno, "Failed to make propagation mount read-only");
+
+        return 0;
+}
+
+static int setup_image(char **device_path, int *loop_nr) {
+        struct loop_info64 info = {
+                .lo_flags = LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN
+        };
+        _cleanup_close_ int fd = -1, control = -1, loop = -1;
+        _cleanup_free_ char* loopdev = NULL;
+        struct stat st;
+        int r, nr;
+
+        assert(device_path);
+        assert(loop_nr);
+        assert(arg_image);
+
+        fd = open(arg_image, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY);
+        if (fd < 0)
+                return log_error_errno(errno, "Failed to open %s: %m", arg_image);
+
+        if (fstat(fd, &st) < 0)
+                return log_error_errno(errno, "Failed to stat %s: %m", arg_image);
+
+        if (S_ISBLK(st.st_mode)) {
+                char *p;
+
+                p = strdup(arg_image);
+                if (!p)
+                        return log_oom();
+
+                *device_path = p;
+
+                *loop_nr = -1;
+
+                r = fd;
+                fd = -1;
+
+                return r;
+        }
+
+        if (!S_ISREG(st.st_mode)) {
+                log_error("%s is not a regular file or block device.", arg_image);
+                return -EINVAL;
+        }
+
+        control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
+        if (control < 0)
+                return log_error_errno(errno, "Failed to open /dev/loop-control: %m");
+
+        nr = ioctl(control, LOOP_CTL_GET_FREE);
+        if (nr < 0)
+                return log_error_errno(errno, "Failed to allocate loop device: %m");
+
+        if (asprintf(&loopdev, "/dev/loop%i", nr) < 0)
+                return log_oom();
+
+        loop = open(loopdev, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY);
+        if (loop < 0)
+                return log_error_errno(errno, "Failed to open loop device %s: %m", loopdev);
+
+        if (ioctl(loop, LOOP_SET_FD, fd) < 0)
+                return log_error_errno(errno, "Failed to set loopback file descriptor on %s: %m", loopdev);
+
+        if (arg_read_only)
+                info.lo_flags |= LO_FLAGS_READ_ONLY;
+
+        if (ioctl(loop, LOOP_SET_STATUS64, &info) < 0)
+                return log_error_errno(errno, "Failed to set loopback settings on %s: %m", loopdev);
+
+        *device_path = loopdev;
+        loopdev = NULL;
+
+        *loop_nr = nr;
+
+        r = loop;
+        loop = -1;
+
+        return r;
+}
+
+#define PARTITION_TABLE_BLURB \
+        "Note that the disk image needs to either contain only a single MBR partition of\n" \
+        "type 0x83 that is marked bootable, or a single GPT partition of type " \
+        "0FC63DAF-8483-4772-8E79-3D69D8477DE4 or follow\n" \
+        "    http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/\n" \
+        "to be bootable with systemd-nspawn."
+
+static int dissect_image(
+                int fd,
+                char **root_device, bool *root_device_rw,
+                char **home_device, bool *home_device_rw,
+                char **srv_device, bool *srv_device_rw,
+                bool *secondary) {
+
+#ifdef HAVE_BLKID
+        int home_nr = -1, srv_nr = -1;
+#ifdef GPT_ROOT_NATIVE
+        int root_nr = -1;
+#endif
+#ifdef GPT_ROOT_SECONDARY
+        int secondary_root_nr = -1;
+#endif
+        _cleanup_free_ char *home = NULL, *root = NULL, *secondary_root = NULL, *srv = NULL, *generic = NULL;
+        _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
+        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
+        _cleanup_udev_unref_ struct udev *udev = NULL;
+        struct udev_list_entry *first, *item;
+        bool home_rw = true, root_rw = true, secondary_root_rw = true, srv_rw = true, generic_rw = true;
+        bool is_gpt, is_mbr, multiple_generic = false;
+        const char *pttype = NULL;
+        blkid_partlist pl;
+        struct stat st;
+        unsigned i;
+        int r;
+
+        assert(fd >= 0);
+        assert(root_device);
+        assert(home_device);
+        assert(srv_device);
+        assert(secondary);
+        assert(arg_image);
+
+        b = blkid_new_probe();
+        if (!b)
+                return log_oom();
+
+        errno = 0;
+        r = blkid_probe_set_device(b, fd, 0, 0);
+        if (r != 0) {
+                if (errno == 0)
+                        return log_oom();
+
+                return log_error_errno(errno, "Failed to set device on blkid probe: %m");
+        }
+
+        blkid_probe_enable_partitions(b, 1);
+        blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
+
+        errno = 0;
+        r = blkid_do_safeprobe(b);
+        if (r == -2 || r == 1) {
+                log_error("Failed to identify any partition table on\n"
+                          "    %s\n"
+                          PARTITION_TABLE_BLURB, arg_image);
+                return -EINVAL;
+        } else if (r != 0) {
+                if (errno == 0)
+                        errno = EIO;
+                return log_error_errno(errno, "Failed to probe: %m");
+        }
+
+        (void) blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
+
+        is_gpt = streq_ptr(pttype, "gpt");
+        is_mbr = streq_ptr(pttype, "dos");
+
+        if (!is_gpt && !is_mbr) {
+                log_error("No GPT or MBR partition table discovered on\n"
+                          "    %s\n"
+                          PARTITION_TABLE_BLURB, arg_image);
+                return -EINVAL;
+        }
+
+        errno = 0;
+        pl = blkid_probe_get_partitions(b);
+        if (!pl) {
+                if (errno == 0)
+                        return log_oom();
+
+                log_error("Failed to list partitions of %s", arg_image);
+                return -errno;
+        }
+
+        udev = udev_new();
+        if (!udev)
+                return log_oom();
+
+        if (fstat(fd, &st) < 0)
+                return log_error_errno(errno, "Failed to stat block device: %m");
+
+        d = udev_device_new_from_devnum(udev, 'b', st.st_rdev);
+        if (!d)
+                return log_oom();
+
+        for (i = 0;; i++) {
+                int n, m;
+
+                if (i >= 10) {
+                        log_error("Kernel partitions never appeared.");
+                        return -ENXIO;
+                }
+
+                e = udev_enumerate_new(udev);
+                if (!e)
+                        return log_oom();
+
+                r = udev_enumerate_add_match_parent(e, d);
+                if (r < 0)
+                        return log_oom();
+
+                r = udev_enumerate_scan_devices(e);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to scan for partition devices of %s: %m", arg_image);
+
+                /* Count the partitions enumerated by the kernel */
+                n = 0;
+                first = udev_enumerate_get_list_entry(e);
+                udev_list_entry_foreach(item, first)
+                        n++;
+
+                /* Count the partitions enumerated by blkid */
+                m = blkid_partlist_numof_partitions(pl);
+                if (n == m + 1)
+                        break;
+                if (n > m + 1) {
+                        log_error("blkid and kernel partition list do not match.");
+                        return -EIO;
+                }
+                if (n < m + 1) {
+                        unsigned j;
+
+                        /* The kernel has probed fewer partitions than
+                         * blkid? Maybe the kernel prober is still
+                         * running or it got EBUSY because udev
+                         * already opened the device. Let's reprobe
+                         * the device, which is a synchronous call
+                         * that waits until probing is complete. */
+
+                        for (j = 0; j < 20; j++) {
+
+                                r = ioctl(fd, BLKRRPART, 0);
+                                if (r < 0)
+                                        r = -errno;
+                                if (r >= 0 || r != -EBUSY)
+                                        break;
+
+                                /* If something else has the device
+                                 * open, such as an udev rule, the
+                                 * ioctl will return EBUSY. Since
+                                 * there's no way to wait until it
+                                 * isn't busy anymore, let's just wait
+                                 * a bit, and try again.
+                                 *
+                                 * This is really something they
+                                 * should fix in the kernel! */
+
+                                usleep(50 * USEC_PER_MSEC);
+                        }
+
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to reread partition table: %m");
+                }
+
+                e = udev_enumerate_unref(e);
+        }
+
+        first = udev_enumerate_get_list_entry(e);
+        udev_list_entry_foreach(item, first) {
+                _cleanup_udev_device_unref_ struct udev_device *q;
+                const char *node;
+                unsigned long long flags;
+                blkid_partition pp;
+                dev_t qn;
+                int nr;
+
+                errno = 0;
+                q = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
+                if (!q) {
+                        if (!errno)
+                                errno = ENOMEM;
+
+                        return log_error_errno(errno, "Failed to get partition device of %s: %m", arg_image);
+                }
+
+                qn = udev_device_get_devnum(q);
+                if (major(qn) == 0)
+                        continue;
+
+                if (st.st_rdev == qn)
+                        continue;
+
+                node = udev_device_get_devnode(q);
+                if (!node)
+                        continue;
+
+                pp = blkid_partlist_devno_to_partition(pl, qn);
+                if (!pp)
+                        continue;
+
+                flags = blkid_partition_get_flags(pp);
+
+                nr = blkid_partition_get_partno(pp);
+                if (nr < 0)
+                        continue;
+
+                if (is_gpt) {
+                        sd_id128_t type_id;
+                        const char *stype;
+
+                        if (flags & GPT_FLAG_NO_AUTO)
+                                continue;
+
+                        stype = blkid_partition_get_type_string(pp);
+                        if (!stype)
+                                continue;
+
+                        if (sd_id128_from_string(stype, &type_id) < 0)
+                                continue;
+
+                        if (sd_id128_equal(type_id, GPT_HOME)) {
+
+                                if (home && nr >= home_nr)
+                                        continue;
+
+                                home_nr = nr;
+                                home_rw = !(flags & GPT_FLAG_READ_ONLY);
+
+                                r = free_and_strdup(&home, node);
+                                if (r < 0)
+                                        return log_oom();
+
+                        } else if (sd_id128_equal(type_id, GPT_SRV)) {
+
+                                if (srv && nr >= srv_nr)
+                                        continue;
+
+                                srv_nr = nr;
+                                srv_rw = !(flags & GPT_FLAG_READ_ONLY);
+
+                                r = free_and_strdup(&srv, node);
+                                if (r < 0)
+                                        return log_oom();
+                        }
+#ifdef GPT_ROOT_NATIVE
+                        else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE)) {
+
+                                if (root && nr >= root_nr)
+                                        continue;
+
+                                root_nr = nr;
+                                root_rw = !(flags & GPT_FLAG_READ_ONLY);
+
+                                r = free_and_strdup(&root, node);
+                                if (r < 0)
+                                        return log_oom();
+                        }
+#endif
+#ifdef GPT_ROOT_SECONDARY
+                        else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY)) {
+
+                                if (secondary_root && nr >= secondary_root_nr)
+                                        continue;
+
+                                secondary_root_nr = nr;
+                                secondary_root_rw = !(flags & GPT_FLAG_READ_ONLY);
+
+                                r = free_and_strdup(&secondary_root, node);
+                                if (r < 0)
+                                        return log_oom();
+                        }
+#endif
+                        else if (sd_id128_equal(type_id, GPT_LINUX_GENERIC)) {
+
+                                if (generic)
+                                        multiple_generic = true;
+                                else {
+                                        generic_rw = !(flags & GPT_FLAG_READ_ONLY);
+
+                                        r = free_and_strdup(&generic, node);
+                                        if (r < 0)
+                                                return log_oom();
+                                }
+                        }
+
+                } else if (is_mbr) {
+                        int type;
+
+                        if (flags != 0x80) /* Bootable flag */
+                                continue;
+
+                        type = blkid_partition_get_type(pp);
+                        if (type != 0x83) /* Linux partition */
+                                continue;
+
+                        if (generic)
+                                multiple_generic = true;
+                        else {
+                                generic_rw = true;
+
+                                r = free_and_strdup(&root, node);
+                                if (r < 0)
+                                        return log_oom();
+                        }
+                }
+        }
+
+        if (root) {
+                *root_device = root;
+                root = NULL;
+
+                *root_device_rw = root_rw;
+                *secondary = false;
+        } else if (secondary_root) {
+                *root_device = secondary_root;
+                secondary_root = NULL;
+
+                *root_device_rw = secondary_root_rw;
+                *secondary = true;
+        } else if (generic) {
+
+                /* There were no partitions with precise meanings
+                 * around, but we found generic partitions. In this
+                 * case, if there's only one, we can go ahead and boot
+                 * it, otherwise we bail out, because we really cannot
+                 * make any sense of it. */
+
+                if (multiple_generic) {
+                        log_error("Identified multiple bootable Linux partitions on\n"
+                                  "    %s\n"
+                                  PARTITION_TABLE_BLURB, arg_image);
+                        return -EINVAL;
+                }
+
+                *root_device = generic;
+                generic = NULL;
+
+                *root_device_rw = generic_rw;
+                *secondary = false;
+        } else {
+                log_error("Failed to identify root partition in disk image\n"
+                          "    %s\n"
+                          PARTITION_TABLE_BLURB, arg_image);
+                return -EINVAL;
+        }
+
+        if (home) {
+                *home_device = home;
+                home = NULL;
+
+                *home_device_rw = home_rw;
+        }
+
+        if (srv) {
+                *srv_device = srv;
+                srv = NULL;
+
+                *srv_device_rw = srv_rw;
+        }
+
+        return 0;
+#else
+        log_error("--image= is not supported, compiled without blkid support.");
+        return -EOPNOTSUPP;
+#endif
+}
+
+static int mount_device(const char *what, const char *where, const char *directory, bool rw) {
+#ifdef HAVE_BLKID
+        _cleanup_blkid_free_probe_ blkid_probe b = NULL;
+        const char *fstype, *p;
+        int r;
+
+        assert(what);
+        assert(where);
+
+        if (arg_read_only)
+                rw = false;
+
+        if (directory)
+                p = strjoina(where, directory);
+        else
+                p = where;
+
+        errno = 0;
+        b = blkid_new_probe_from_filename(what);
+        if (!b) {
+                if (errno == 0)
+                        return log_oom();
+                return log_error_errno(errno, "Failed to allocate prober for %s: %m", what);
+        }
+
+        blkid_probe_enable_superblocks(b, 1);
+        blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
+
+        errno = 0;
+        r = blkid_do_safeprobe(b);
+        if (r == -1 || r == 1) {
+                log_error("Cannot determine file system type of %s", what);
+                return -EINVAL;
+        } else if (r != 0) {
+                if (errno == 0)
+                        errno = EIO;
+                return log_error_errno(errno, "Failed to probe %s: %m", what);
+        }
+
+        errno = 0;
+        if (blkid_probe_lookup_value(b, "TYPE", &fstype, NULL) < 0) {
+                if (errno == 0)
+                        errno = EINVAL;
+                log_error("Failed to determine file system type of %s", what);
+                return -errno;
+        }
+
+        if (streq(fstype, "crypto_LUKS")) {
+                log_error("nspawn currently does not support LUKS disk images.");
+                return -EOPNOTSUPP;
+        }
+
+        if (mount(what, p, fstype, MS_NODEV|(rw ? 0 : MS_RDONLY), NULL) < 0)
+                return log_error_errno(errno, "Failed to mount %s: %m", what);
+
+        return 0;
+#else
+        log_error("--image= is not supported, compiled without blkid support.");
+        return -EOPNOTSUPP;
+#endif
+}
+
+static int setup_machine_id(const char *directory) {
+        int r;
+        const char *etc_machine_id, *t;
+        _cleanup_free_ char *s = NULL;
+
+        etc_machine_id = prefix_roota(directory, "/etc/machine-id");
+
+        r = read_one_line_file(etc_machine_id, &s);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read machine ID from %s: %m", etc_machine_id);
+
+        t = strstrip(s);
+
+        if (!isempty(t)) {
+                r = sd_id128_from_string(t, &arg_uuid);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to parse machine ID from %s: %m", etc_machine_id);
+        } else {
+                if (sd_id128_is_null(arg_uuid)) {
+                        r = sd_id128_randomize(&arg_uuid);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to generate random machine ID: %m");
+                }
+        }
+
+        r = machine_id_setup(directory, arg_uuid);
+        if (r < 0)
+                return log_error_errno(r, "Failed to setup machine ID: %m");
+
+        return 0;
+}
+
+static int recursive_chown(const char *directory, uid_t shift, uid_t range) {
+        int r;
+
+        assert(directory);
+
+        if (arg_userns_mode == USER_NAMESPACE_NO || !arg_userns_chown)
+                return 0;
+
+        r = path_patch_uid(directory, arg_uid_shift, arg_uid_range);
+        if (r == -EOPNOTSUPP)
+                return log_error_errno(r, "Automatic UID/GID adjusting is only supported for UID/GID ranges starting at multiples of 2^16 with a range of 2^16.");
+        if (r == -EBADE)
+                return log_error_errno(r, "Upper 16 bits of root directory UID and GID do not match.");
+        if (r < 0)
+                return log_error_errno(r, "Failed to adjust UID/GID shift of OS tree: %m");
+        if (r == 0)
+                log_debug("Root directory of image is already owned by the right UID/GID range, skipping recursive chown operation.");
+        else
+                log_debug("Patched directory tree to match UID/GID range.");
+
+        return r;
+}
+
+static int mount_devices(
+                const char *where,
+                const char *root_device, bool root_device_rw,
+                const char *home_device, bool home_device_rw,
+                const char *srv_device, bool srv_device_rw) {
+        int r;
+
+        assert(where);
+
+        if (root_device) {
+                r = mount_device(root_device, arg_directory, NULL, root_device_rw);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to mount root directory: %m");
+        }
+
+        if (home_device) {
+                r = mount_device(home_device, arg_directory, "/home", home_device_rw);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to mount home directory: %m");
+        }
+
+        if (srv_device) {
+                r = mount_device(srv_device, arg_directory, "/srv", srv_device_rw);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to mount server data directory: %m");
+        }
+
+        return 0;
+}
+
+static void loop_remove(int nr, int *image_fd) {
+        _cleanup_close_ int control = -1;
+        int r;
+
+        if (nr < 0)
+                return;
+
+        if (image_fd && *image_fd >= 0) {
+                r = ioctl(*image_fd, LOOP_CLR_FD);
+                if (r < 0)
+                        log_debug_errno(errno, "Failed to close loop image: %m");
+                *image_fd = safe_close(*image_fd);
+        }
+
+        control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
+        if (control < 0) {
+                log_warning_errno(errno, "Failed to open /dev/loop-control: %m");
+                return;
+        }
+
+        r = ioctl(control, LOOP_CTL_REMOVE, nr);
+        if (r < 0)
+                log_debug_errno(errno, "Failed to remove loop %d: %m", nr);
+}
+
+/*
+ * Return values:
+ * < 0 : wait_for_terminate() failed to get the state of the
+ *       container, the container was terminated by a signal, or
+ *       failed for an unknown reason.  No change is made to the
+ *       container argument.
+ * > 0 : The program executed in the container terminated with an
+ *       error.  The exit code of the program executed in the
+ *       container is returned.  The container argument has been set
+ *       to CONTAINER_TERMINATED.
+ *   0 : The container is being rebooted, has been shut down or exited
+ *       successfully.  The container argument has been set to either
+ *       CONTAINER_TERMINATED or CONTAINER_REBOOTED.
+ *
+ * That is, success is indicated by a return value of zero, and an
+ * error is indicated by a non-zero value.
+ */
+static int wait_for_container(pid_t pid, ContainerStatus *container) {
+        siginfo_t status;
+        int r;
+
+        r = wait_for_terminate(pid, &status);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to wait for container: %m");
+
+        switch (status.si_code) {
+
+        case CLD_EXITED:
+                if (status.si_status == 0) {
+                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s exited successfully.", arg_machine);
+
+                } else
+                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s failed with error code %i.", arg_machine, status.si_status);
+
+                *container = CONTAINER_TERMINATED;
+                return status.si_status;
+
+        case CLD_KILLED:
+                if (status.si_status == SIGINT) {
+
+                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s has been shut down.", arg_machine);
+                        *container = CONTAINER_TERMINATED;
+                        return 0;
+
+                } else if (status.si_status == SIGHUP) {
+
+                        log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Container %s is being rebooted.", arg_machine);
+                        *container = CONTAINER_REBOOTED;
+                        return 0;
+                }
+
+                /* CLD_KILLED fallthrough */
+
+        case CLD_DUMPED:
+                log_error("Container %s terminated by signal %s.", arg_machine, signal_to_string(status.si_status));
+                return -EIO;
+
+        default:
+                log_error("Container %s failed due to unknown reason.", arg_machine);
+                return -EIO;
+        }
+
+        return r;
+}
+
+static int on_orderly_shutdown(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
+        pid_t pid;
+
+        pid = PTR_TO_PID(userdata);
+        if (pid > 0) {
+                if (kill(pid, arg_kill_signal) >= 0) {
+                        log_info("Trying to halt container. Send SIGTERM again to trigger immediate termination.");
+                        sd_event_source_set_userdata(s, NULL);
+                        return 0;
+                }
+        }
+
+        sd_event_exit(sd_event_source_get_event(s), 0);
+        return 0;
+}
+
+static int determine_names(void) {
+        int r;
+
+        if (arg_template && !arg_directory && arg_machine) {
+
+                /* If --template= was specified then we should not
+                 * search for a machine, but instead create a new one
+                 * in /var/lib/machine. */
+
+                arg_directory = strjoin("/var/lib/machines/", arg_machine, NULL);
+                if (!arg_directory)
+                        return log_oom();
+        }
+
+        if (!arg_image && !arg_directory) {
+                if (arg_machine) {
+                        _cleanup_(image_unrefp) Image *i = NULL;
+
+                        r = image_find(arg_machine, &i);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to find image for machine '%s': %m", arg_machine);
+                        else if (r == 0) {
+                                log_error("No image for machine '%s': %m", arg_machine);
+                                return -ENOENT;
+                        }
+
+                        if (i->type == IMAGE_RAW)
+                                r = free_and_strdup(&arg_image, i->path);
+                        else
+                                r = free_and_strdup(&arg_directory, i->path);
+                        if (r < 0)
+                                return log_error_errno(r, "Invalid image directory: %m");
+
+                        if (!arg_ephemeral)
+                                arg_read_only = arg_read_only || i->read_only;
+                } else
+                        arg_directory = get_current_dir_name();
+
+                if (!arg_directory && !arg_machine) {
+                        log_error("Failed to determine path, please use -D or -i.");
+                        return -EINVAL;
+                }
+        }
+
+        if (!arg_machine) {
+                if (arg_directory && path_equal(arg_directory, "/"))
+                        arg_machine = gethostname_malloc();
+                else
+                        arg_machine = strdup(basename(arg_image ?: arg_directory));
+
+                if (!arg_machine)
+                        return log_oom();
+
+                hostname_cleanup(arg_machine);
+                if (!machine_name_is_valid(arg_machine)) {
+                        log_error("Failed to determine machine name automatically, please use -M.");
+                        return -EINVAL;
+                }
+
+                if (arg_ephemeral) {
+                        char *b;
+
+                        /* Add a random suffix when this is an
+                         * ephemeral machine, so that we can run many
+                         * instances at once without manually having
+                         * to specify -M each time. */
+
+                        if (asprintf(&b, "%s-%016" PRIx64, arg_machine, random_u64()) < 0)
+                                return log_oom();
+
+                        free(arg_machine);
+                        arg_machine = b;
+                }
+        }
+
+        return 0;
+}
+
+static int determine_uid_shift(const char *directory) {
+        int r;
+
+        if (arg_userns_mode == USER_NAMESPACE_NO) {
+                arg_uid_shift = 0;
+                return 0;
+        }
+
+        if (arg_uid_shift == UID_INVALID) {
+                struct stat st;
+
+                r = stat(directory, &st);
+                if (r < 0)
+                        return log_error_errno(errno, "Failed to determine UID base of %s: %m", directory);
+
+                arg_uid_shift = st.st_uid & UINT32_C(0xffff0000);
+
+                if (arg_uid_shift != (st.st_gid & UINT32_C(0xffff0000))) {
+                        log_error("UID and GID base of %s don't match.", directory);
+                        return -EINVAL;
+                }
+
+                arg_uid_range = UINT32_C(0x10000);
+        }
+
+        if (arg_uid_shift > (uid_t) -1 - arg_uid_range) {
+                log_error("UID base too high for UID range.");
+                return -EINVAL;
+        }
+
+        return 0;
+}
+
+static int inner_child(
+                Barrier *barrier,
+                const char *directory,
+                bool secondary,
+                int kmsg_socket,
+                int rtnl_socket,
+                FDSet *fds) {
+
+        _cleanup_free_ char *home = NULL;
+        char as_uuid[37];
+        unsigned n_env = 1;
+        const char *envp[] = {
+                "PATH=" DEFAULT_PATH_SPLIT_USR,
+                NULL, /* container */
+                NULL, /* TERM */
+                NULL, /* HOME */
+                NULL, /* USER */
+                NULL, /* LOGNAME */
+                NULL, /* container_uuid */
+                NULL, /* LISTEN_FDS */
+                NULL, /* LISTEN_PID */
+                NULL
+        };
+
+        _cleanup_strv_free_ char **env_use = NULL;
+        int r;
+
+        assert(barrier);
+        assert(directory);
+        assert(kmsg_socket >= 0);
+
+        cg_unified_flush();
+
+        if (arg_userns_mode != USER_NAMESPACE_NO) {
+                /* Tell the parent, that it now can write the UID map. */
+                (void) barrier_place(barrier); /* #1 */
+
+                /* Wait until the parent wrote the UID map */
+                if (!barrier_place_and_sync(barrier)) { /* #2 */
+                        log_error("Parent died too early");
+                        return -ESRCH;
+                }
+        }
+
+        r = mount_all(NULL,
+                      arg_userns_mode != USER_NAMESPACE_NO,
+                      true,
+                      arg_private_network,
+                      arg_uid_shift,
+                      arg_uid_range,
+                      arg_selinux_apifs_context);
+
+        if (r < 0)
+                return r;
+
+        r = mount_sysfs(NULL);
+        if (r < 0)
+                return r;
+
+        /* Wait until we are cgroup-ified, so that we
+         * can mount the right cgroup path writable */
+        if (!barrier_place_and_sync(barrier)) { /* #3 */
+                log_error("Parent died too early");
+                return -ESRCH;
+        }
+
+        r = mount_systemd_cgroup_writable("", arg_unified_cgroup_hierarchy);
+        if (r < 0)
+                return r;
+
+        r = reset_uid_gid();
+        if (r < 0)
+                return log_error_errno(r, "Couldn't become new root: %m");
+
+        r = setup_boot_id(NULL);
+        if (r < 0)
+                return r;
+
+        r = setup_kmsg(NULL, kmsg_socket);
+        if (r < 0)
+                return r;
+        kmsg_socket = safe_close(kmsg_socket);
+
+        umask(0022);
+
+        if (setsid() < 0)
+                return log_error_errno(errno, "setsid() failed: %m");
+
+        if (arg_private_network)
+                loopback_setup();
+
+        if (arg_expose_ports) {
+                r = expose_port_send_rtnl(rtnl_socket);
+                if (r < 0)
+                        return r;
+                rtnl_socket = safe_close(rtnl_socket);
+        }
+
+        r = drop_capabilities();
+        if (r < 0)
+                return log_error_errno(r, "drop_capabilities() failed: %m");
+
+        setup_hostname();
+
+        if (arg_personality != PERSONALITY_INVALID) {
+                if (personality(arg_personality) < 0)
+                        return log_error_errno(errno, "personality() failed: %m");
+        } else if (secondary) {
+                if (personality(PER_LINUX32) < 0)
+                        return log_error_errno(errno, "personality() failed: %m");
+        }
+
+#ifdef HAVE_SELINUX
+        if (arg_selinux_context)
+                if (setexeccon((security_context_t) arg_selinux_context) < 0)
+                        return log_error_errno(errno, "setexeccon(\"%s\") failed: %m", arg_selinux_context);
+#endif
+
+        r = change_uid_gid(arg_user, &home);
+        if (r < 0)
+                return r;
+
+        /* LXC sets container=lxc, so follow the scheme here */
+        envp[n_env++] = strjoina("container=", arg_container_service_name);
+
+        envp[n_env] = strv_find_prefix(environ, "TERM=");
+        if (envp[n_env])
+                n_env++;
+
+        if ((asprintf((char**)(envp + n_env++), "HOME=%s", home ? home: "/root") < 0) ||
+            (asprintf((char**)(envp + n_env++), "USER=%s", arg_user ? arg_user : "root") < 0) ||
+            (asprintf((char**)(envp + n_env++), "LOGNAME=%s", arg_user ? arg_user : "root") < 0))
+                return log_oom();
+
+        assert(!sd_id128_equal(arg_uuid, SD_ID128_NULL));
+
+        if (asprintf((char**)(envp + n_env++), "container_uuid=%s", id128_format_as_uuid(arg_uuid, as_uuid)) < 0)
+                return log_oom();
+
+        if (fdset_size(fds) > 0) {
+                r = fdset_cloexec(fds, false);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to unset O_CLOEXEC for file descriptors.");
+
+                if ((asprintf((char **)(envp + n_env++), "LISTEN_FDS=%u", fdset_size(fds)) < 0) ||
+                    (asprintf((char **)(envp + n_env++), "LISTEN_PID=1") < 0))
+                        return log_oom();
+        }
+
+        env_use = strv_env_merge(2, envp, arg_setenv);
+        if (!env_use)
+                return log_oom();
+
+        /* Let the parent know that we are ready and
+         * wait until the parent is ready with the
+         * setup, too... */
+        if (!barrier_place_and_sync(barrier)) { /* #4 */
+                log_error("Parent died too early");
+                return -ESRCH;
+        }
+
+        if (arg_chdir)
+                if (chdir(arg_chdir) < 0)
+                        return log_error_errno(errno, "Failed to change to specified working directory %s: %m", arg_chdir);
+
+        if (arg_start_mode == START_PID2) {
+                r = stub_pid1();
+                if (r < 0)
+                        return r;
+        }
+
+        /* Now, explicitly close the log, so that we
+         * then can close all remaining fds. Closing
+         * the log explicitly first has the benefit
+         * that the logging subsystem knows about it,
+         * and is thus ready to be reopened should we
+         * need it again. Note that the other fds
+         * closed here are at least the locking and
+         * barrier fds. */
+        log_close();
+        (void) fdset_close_others(fds);
+
+        if (arg_start_mode == START_BOOT) {
+                char **a;
+                size_t m;
+
+                /* Automatically search for the init system */
+
+                m = strv_length(arg_parameters);
+                a = newa(char*, m + 2);
+                memcpy_safe(a + 1, arg_parameters, m * sizeof(char*));
+                a[1 + m] = NULL;
+
+                a[0] = (char*) "/usr/lib/systemd/systemd";
+                execve(a[0], a, env_use);
+
+                a[0] = (char*) "/lib/systemd/systemd";
+                execve(a[0], a, env_use);
+
+                a[0] = (char*) "/sbin/init";
+                execve(a[0], a, env_use);
+        } else if (!strv_isempty(arg_parameters))
+                execvpe(arg_parameters[0], arg_parameters, env_use);
+        else {
+                if (!arg_chdir)
+                        /* If we cannot change the directory, we'll end up in /, that is expected. */
+                        (void) chdir(home ?: "/root");
+
+                execle("/bin/bash", "-bash", NULL, env_use);
+                execle("/bin/sh", "-sh", NULL, env_use);
+        }
+
+        r = -errno;
+        (void) log_open();
+        return log_error_errno(r, "execv() failed: %m");
+}
+
+static int outer_child(
+                Barrier *barrier,
+                const char *directory,
+                const char *console,
+                const char *root_device, bool root_device_rw,
+                const char *home_device, bool home_device_rw,
+                const char *srv_device, bool srv_device_rw,
+                bool interactive,
+                bool secondary,
+                int pid_socket,
+                int uuid_socket,
+                int kmsg_socket,
+                int rtnl_socket,
+                int uid_shift_socket,
+                FDSet *fds) {
+
+        pid_t pid;
+        ssize_t l;
+        int r;
+
+        assert(barrier);
+        assert(directory);
+        assert(console);
+        assert(pid_socket >= 0);
+        assert(uuid_socket >= 0);
+        assert(kmsg_socket >= 0);
+
+        cg_unified_flush();
+
+        if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0)
+                return log_error_errno(errno, "PR_SET_PDEATHSIG failed: %m");
+
+        if (interactive) {
+                close_nointr(STDIN_FILENO);
+                close_nointr(STDOUT_FILENO);
+                close_nointr(STDERR_FILENO);
+
+                r = open_terminal(console, O_RDWR);
+                if (r != STDIN_FILENO) {
+                        if (r >= 0) {
+                                safe_close(r);
+                                r = -EINVAL;
+                        }
+
+                        return log_error_errno(r, "Failed to open console: %m");
+                }
+
+                if (dup2(STDIN_FILENO, STDOUT_FILENO) != STDOUT_FILENO ||
+                    dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO)
+                        return log_error_errno(errno, "Failed to duplicate console: %m");
+        }
+
+        r = reset_audit_loginuid();
+        if (r < 0)
+                return r;
+
+        /* Mark everything as slave, so that we still
+         * receive mounts from the real root, but don't
+         * propagate mounts to the real root. */
+        if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
+                return log_error_errno(errno, "MS_SLAVE|MS_REC failed: %m");
+
+        r = mount_devices(directory,
+                          root_device, root_device_rw,
+                          home_device, home_device_rw,
+                          srv_device, srv_device_rw);
+        if (r < 0)
+                return r;
+
+        r = determine_uid_shift(directory);
+        if (r < 0)
+                return r;
+
+        if (arg_userns_mode != USER_NAMESPACE_NO) {
+                /* Let the parent know which UID shift we read from the image */
+                l = send(uid_shift_socket, &arg_uid_shift, sizeof(arg_uid_shift), MSG_NOSIGNAL);
+                if (l < 0)
+                        return log_error_errno(errno, "Failed to send UID shift: %m");
+                if (l != sizeof(arg_uid_shift)) {
+                        log_error("Short write while sending UID shift.");
+                        return -EIO;
+                }
+
+                if (arg_userns_mode == USER_NAMESPACE_PICK) {
+                        /* When we are supposed to pick the UID shift, the parent will check now whether the UID shift
+                         * we just read from the image is available. If yes, it will send the UID shift back to us, if
+                         * not it will pick a different one, and send it back to us. */
+
+                        l = recv(uid_shift_socket, &arg_uid_shift, sizeof(arg_uid_shift), 0);
+                        if (l < 0)
+                                return log_error_errno(errno, "Failed to recv UID shift: %m");
+                        if (l != sizeof(arg_uid_shift)) {
+                                log_error("Short read while recieving UID shift.");
+                                return -EIO;
+                        }
+                }
+
+                log_info("Selected user namespace base " UID_FMT " and range " UID_FMT ".", arg_uid_shift, arg_uid_range);
+        }
+
+        /* Turn directory into bind mount */
+        if (mount(directory, directory, NULL, MS_BIND|MS_REC, NULL) < 0)
+                return log_error_errno(errno, "Failed to make bind mount: %m");
+
+        r = recursive_chown(directory, arg_uid_shift, arg_uid_range);
+        if (r < 0)
+                return r;
+
+        r = setup_volatile(
+                        directory,
+                        arg_volatile_mode,
+                        arg_userns_mode != USER_NAMESPACE_NO,
+                        arg_uid_shift,
+                        arg_uid_range,
+                        arg_selinux_context);
+        if (r < 0)
+                return r;
+
+        r = setup_volatile_state(
+                        directory,
+                        arg_volatile_mode,
+                        arg_userns_mode != USER_NAMESPACE_NO,
+                        arg_uid_shift,
+                        arg_uid_range,
+                        arg_selinux_context);
+        if (r < 0)
+                return r;
+
+        r = base_filesystem_create(directory, arg_uid_shift, (gid_t) arg_uid_shift);
+        if (r < 0)
+                return r;
+
+        if (arg_read_only) {
+                r = bind_remount_recursive(directory, true);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to make tree read-only: %m");
+        }
+
+        r = mount_all(directory,
+                      arg_userns_mode != USER_NAMESPACE_NO,
+                      false,
+                      arg_private_network,
+                      arg_uid_shift,
+                      arg_uid_range,
+                      arg_selinux_apifs_context);
+        if (r < 0)
+                return r;
+
+        r = copy_devnodes(directory);
+        if (r < 0)
+                return r;
+
+        dev_setup(directory, arg_uid_shift, arg_uid_shift);
+
+        r = setup_pts(directory);
+        if (r < 0)
+                return r;
+
+        r = setup_propagate(directory);
+        if (r < 0)
+                return r;
+
+        r = setup_dev_console(directory, console);
+        if (r < 0)
+                return r;
+
+        r = setup_seccomp();
+        if (r < 0)
+                return r;
+
+        r = setup_timezone(directory);
+        if (r < 0)
+                return r;
+
+        r = setup_resolv_conf(directory);
+        if (r < 0)
+                return r;
+
+        r = setup_machine_id(directory);
+        if (r < 0)
+                return r;
+
+        r = setup_journal(directory);
+        if (r < 0)
+                return r;
+
+        r = mount_custom(
+                        directory,
+                        arg_custom_mounts,
+                        arg_n_custom_mounts,
+                        arg_userns_mode != USER_NAMESPACE_NO,
+                        arg_uid_shift,
+                        arg_uid_range,
+                        arg_selinux_apifs_context);
+        if (r < 0)
+                return r;
+
+        r = mount_cgroups(
+                        directory,
+                        arg_unified_cgroup_hierarchy,
+                        arg_userns_mode != USER_NAMESPACE_NO,
+                        arg_uid_shift,
+                        arg_uid_range,
+                        arg_selinux_apifs_context);
+        if (r < 0)
+                return r;
+
+        r = mount_move_root(directory);
+        if (r < 0)
+                return log_error_errno(r, "Failed to move root directory: %m");
+
+        pid = raw_clone(SIGCHLD|CLONE_NEWNS|
+                        (arg_share_system ? 0 : CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS) |
+                        (arg_private_network ? CLONE_NEWNET : 0) |
+                        (arg_userns_mode != USER_NAMESPACE_NO ? CLONE_NEWUSER : 0),
+                        NULL);
+        if (pid < 0)
+                return log_error_errno(errno, "Failed to fork inner child: %m");
+        if (pid == 0) {
+                pid_socket = safe_close(pid_socket);
+                uuid_socket = safe_close(uuid_socket);
+                uid_shift_socket = safe_close(uid_shift_socket);
+
+                /* The inner child has all namespaces that are
+                 * requested, so that we all are owned by the user if
+                 * user namespaces are turned on. */
+
+                r = inner_child(barrier, directory, secondary, kmsg_socket, rtnl_socket, fds);
+                if (r < 0)
+                        _exit(EXIT_FAILURE);
+
+                _exit(EXIT_SUCCESS);
+        }
+
+        l = send(pid_socket, &pid, sizeof(pid), MSG_NOSIGNAL);
+        if (l < 0)
+                return log_error_errno(errno, "Failed to send PID: %m");
+        if (l != sizeof(pid)) {
+                log_error("Short write while sending PID.");
+                return -EIO;
+        }
+
+        l = send(uuid_socket, &arg_uuid, sizeof(arg_uuid), MSG_NOSIGNAL);
+        if (l < 0)
+                return log_error_errno(errno, "Failed to send machine ID: %m");
+        if (l != sizeof(arg_uuid)) {
+                log_error("Short write while sending machine ID.");
+                return -EIO;
+        }
+
+        pid_socket = safe_close(pid_socket);
+        uuid_socket = safe_close(uuid_socket);
+        kmsg_socket = safe_close(kmsg_socket);
+        rtnl_socket = safe_close(rtnl_socket);
+
+        return 0;
+}
+
+static int uid_shift_pick(uid_t *shift, LockFile *ret_lock_file) {
+        unsigned n_tries = 100;
+        uid_t candidate;
+        int r;
+
+        assert(shift);
+        assert(ret_lock_file);
+        assert(arg_userns_mode == USER_NAMESPACE_PICK);
+        assert(arg_uid_range == 0x10000U);
+
+        candidate = *shift;
+
+        (void) mkdir("/run/systemd/nspawn-uid", 0755);
+
+        for (;;) {
+                char lock_path[strlen("/run/systemd/nspawn-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
+                _cleanup_release_lock_file_ LockFile lf = LOCK_FILE_INIT;
+
+                if (--n_tries <= 0)
+                        return -EBUSY;
+
+                if (candidate < UID_SHIFT_PICK_MIN || candidate > UID_SHIFT_PICK_MAX)
+                        goto next;
+                if ((candidate & UINT32_C(0xFFFF)) != 0)
+                        goto next;
+
+                xsprintf(lock_path, "/run/systemd/nspawn-uid/" UID_FMT, candidate);
+                r = make_lock_file(lock_path, LOCK_EX|LOCK_NB, &lf);
+                if (r == -EBUSY) /* Range already taken by another nspawn instance */
+                        goto next;
+                if (r < 0)
+                        return r;
+
+                /* Make some superficial checks whether the range is currently known in the user database */
+                if (getpwuid(candidate))
+                        goto next;
+                if (getpwuid(candidate + UINT32_C(0xFFFE)))
+                        goto next;
+                if (getgrgid(candidate))
+                        goto next;
+                if (getgrgid(candidate + UINT32_C(0xFFFE)))
+                        goto next;
+
+                *ret_lock_file = lf;
+                lf = (struct LockFile) LOCK_FILE_INIT;
+                *shift = candidate;
+                return 0;
+
+        next:
+                random_bytes(&candidate, sizeof(candidate));
+                candidate = (candidate % (UID_SHIFT_PICK_MAX - UID_SHIFT_PICK_MIN)) + UID_SHIFT_PICK_MIN;
+                candidate &= (uid_t) UINT32_C(0xFFFF0000);
+        }
+}
+
+static int setup_uid_map(pid_t pid) {
+        char uid_map[strlen("/proc//uid_map") + DECIMAL_STR_MAX(uid_t) + 1], line[DECIMAL_STR_MAX(uid_t)*3+3+1];
+        int r;
+
+        assert(pid > 1);
+
+        xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
+        xsprintf(line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0, arg_uid_shift, arg_uid_range);
+        r = write_string_file(uid_map, line, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write UID map: %m");
+
+        /* We always assign the same UID and GID ranges */
+        xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid);
+        r = write_string_file(uid_map, line, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write GID map: %m");
+
+        return 0;
+}
+
+static int load_settings(void) {
+        _cleanup_(settings_freep) Settings *settings = NULL;
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_free_ char *p = NULL;
+        const char *fn, *i;
+        int r;
+
+        /* If all settings are masked, there's no point in looking for
+         * the settings file */
+        if ((arg_settings_mask & _SETTINGS_MASK_ALL) == _SETTINGS_MASK_ALL)
+                return 0;
+
+        fn = strjoina(arg_machine, ".nspawn");
+
+        /* We first look in the admin's directories in /etc and /run */
+        FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
+                _cleanup_free_ char *j = NULL;
+
+                j = strjoin(i, "/", fn, NULL);
+                if (!j)
+                        return log_oom();
+
+                f = fopen(j, "re");
+                if (f) {
+                        p = j;
+                        j = NULL;
+
+                        /* By default, we trust configuration from /etc and /run */
+                        if (arg_settings_trusted < 0)
+                                arg_settings_trusted = true;
+
+                        break;
+                }
+
+                if (errno != ENOENT)
+                        return log_error_errno(errno, "Failed to open %s: %m", j);
+        }
+
+        if (!f) {
+                /* After that, let's look for a file next to the
+                 * actual image we shall boot. */
+
+                if (arg_image) {
+                        p = file_in_same_dir(arg_image, fn);
+                        if (!p)
+                                return log_oom();
+                } else if (arg_directory) {
+                        p = file_in_same_dir(arg_directory, fn);
+                        if (!p)
+                                return log_oom();
+                }
+
+                if (p) {
+                        f = fopen(p, "re");
+                        if (!f && errno != ENOENT)
+                                return log_error_errno(errno, "Failed to open %s: %m", p);
+
+                        /* By default, we do not trust configuration from /var/lib/machines */
+                        if (arg_settings_trusted < 0)
+                                arg_settings_trusted = false;
+                }
+        }
+
+        if (!f)
+                return 0;
+
+        log_debug("Settings are trusted: %s", yes_no(arg_settings_trusted));
+
+        r = settings_load(f, p, &settings);
+        if (r < 0)
+                return r;
+
+        /* Copy over bits from the settings, unless they have been
+         * explicitly masked by command line switches. */
+
+        if ((arg_settings_mask & SETTING_START_MODE) == 0 &&
+            settings->start_mode >= 0) {
+                arg_start_mode = settings->start_mode;
+
+                strv_free(arg_parameters);
+                arg_parameters = settings->parameters;
+                settings->parameters = NULL;
+        }
+
+        if ((arg_settings_mask & SETTING_WORKING_DIRECTORY) == 0 &&
+            settings->working_directory) {
+                free(arg_chdir);
+                arg_chdir = settings->working_directory;
+                settings->working_directory = NULL;
+        }
+
+        if ((arg_settings_mask & SETTING_ENVIRONMENT) == 0 &&
+            settings->environment) {
+                strv_free(arg_setenv);
+                arg_setenv = settings->environment;
+                settings->environment = NULL;
+        }
+
+        if ((arg_settings_mask & SETTING_USER) == 0 &&
+            settings->user) {
+                free(arg_user);
+                arg_user = settings->user;
+                settings->user = NULL;
+        }
+
+        if ((arg_settings_mask & SETTING_CAPABILITY) == 0) {
+                uint64_t plus;
+
+                plus = settings->capability;
+                if (settings_private_network(settings))
+                        plus |= (1ULL << CAP_NET_ADMIN);
+
+                if (!arg_settings_trusted && plus != 0) {
+                        if (settings->capability != 0)
+                                log_warning("Ignoring Capability= setting, file %s is not trusted.", p);
+                } else
+                        arg_retain |= plus;
+
+                arg_retain &= ~settings->drop_capability;
+        }
+
+        if ((arg_settings_mask & SETTING_KILL_SIGNAL) == 0 &&
+            settings->kill_signal > 0)
+                arg_kill_signal = settings->kill_signal;
+
+        if ((arg_settings_mask & SETTING_PERSONALITY) == 0 &&
+            settings->personality != PERSONALITY_INVALID)
+                arg_personality = settings->personality;
+
+        if ((arg_settings_mask & SETTING_MACHINE_ID) == 0 &&
+            !sd_id128_is_null(settings->machine_id)) {
+
+                if (!arg_settings_trusted)
+                        log_warning("Ignoring MachineID= setting, file %s is not trusted.", p);
+                else
+                        arg_uuid = settings->machine_id;
+        }
+
+        if ((arg_settings_mask & SETTING_READ_ONLY) == 0 &&
+            settings->read_only >= 0)
+                arg_read_only = settings->read_only;
+
+        if ((arg_settings_mask & SETTING_VOLATILE_MODE) == 0 &&
+            settings->volatile_mode != _VOLATILE_MODE_INVALID)
+                arg_volatile_mode = settings->volatile_mode;
+
+        if ((arg_settings_mask & SETTING_CUSTOM_MOUNTS) == 0 &&
+            settings->n_custom_mounts > 0) {
+
+                if (!arg_settings_trusted)
+                        log_warning("Ignoring TemporaryFileSystem=, Bind= and BindReadOnly= settings, file %s is not trusted.", p);
+                else {
+                        custom_mount_free_all(arg_custom_mounts, arg_n_custom_mounts);
+                        arg_custom_mounts = settings->custom_mounts;
+                        arg_n_custom_mounts = settings->n_custom_mounts;
+
+                        settings->custom_mounts = NULL;
+                        settings->n_custom_mounts = 0;
+                }
+        }
+
+        if ((arg_settings_mask & SETTING_NETWORK) == 0 &&
+            (settings->private_network >= 0 ||
+             settings->network_veth >= 0 ||
+             settings->network_bridge ||
+             settings->network_zone ||
+             settings->network_interfaces ||
+             settings->network_macvlan ||
+             settings->network_ipvlan ||
+             settings->network_veth_extra)) {
+
+                if (!arg_settings_trusted)
+                        log_warning("Ignoring network settings, file %s is not trusted.", p);
+                else {
+                        arg_network_veth = settings_network_veth(settings);
+                        arg_private_network = settings_private_network(settings);
+
+                        strv_free(arg_network_interfaces);
+                        arg_network_interfaces = settings->network_interfaces;
+                        settings->network_interfaces = NULL;
+
+                        strv_free(arg_network_macvlan);
+                        arg_network_macvlan = settings->network_macvlan;
+                        settings->network_macvlan = NULL;
+
+                        strv_free(arg_network_ipvlan);
+                        arg_network_ipvlan = settings->network_ipvlan;
+                        settings->network_ipvlan = NULL;
+
+                        strv_free(arg_network_veth_extra);
+                        arg_network_veth_extra = settings->network_veth_extra;
+                        settings->network_veth_extra = NULL;
+
+                        free(arg_network_bridge);
+                        arg_network_bridge = settings->network_bridge;
+                        settings->network_bridge = NULL;
+
+                        free(arg_network_zone);
+                        arg_network_zone = settings->network_zone;
+                        settings->network_zone = NULL;
+                }
+        }
+
+        if ((arg_settings_mask & SETTING_EXPOSE_PORTS) == 0 &&
+            settings->expose_ports) {
+
+                if (!arg_settings_trusted)
+                        log_warning("Ignoring Port= setting, file %s is not trusted.", p);
+                else {
+                        expose_port_free_all(arg_expose_ports);
+                        arg_expose_ports = settings->expose_ports;
+                        settings->expose_ports = NULL;
+                }
+        }
+
+        if ((arg_settings_mask & SETTING_USERNS) == 0 &&
+            settings->userns_mode != _USER_NAMESPACE_MODE_INVALID) {
+
+                if (!arg_settings_trusted)
+                        log_warning("Ignoring PrivateUsers= and PrivateUsersChown= settings, file %s is not trusted.", p);
+                else {
+                        arg_userns_mode = settings->userns_mode;
+                        arg_uid_shift = settings->uid_shift;
+                        arg_uid_range = settings->uid_range;
+                        arg_userns_chown = settings->userns_chown;
+                }
+        }
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+
+        _cleanup_free_ char *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL, *console = NULL;
+        bool root_device_rw = true, home_device_rw = true, srv_device_rw = true;
+        _cleanup_close_ int master = -1, image_fd = -1;
+        _cleanup_fdset_free_ FDSet *fds = NULL;
+        int r, n_fd_passed, loop_nr = -1;
+        char veth_name[IFNAMSIZ] = "";
+        bool secondary = false, remove_subvol = false;
+        sigset_t mask_chld;
+        pid_t pid = 0;
+        int ret = EXIT_SUCCESS;
+        union in_addr_union exposed = {};
+        _cleanup_release_lock_file_ LockFile tree_global_lock = LOCK_FILE_INIT, tree_local_lock = LOCK_FILE_INIT;
+        bool interactive, veth_created = false;
+
+        log_parse_environment();
+        log_open();
+
+        /* Make sure rename_process() in the stub init process can work */
+        saved_argv = argv;
+        saved_argc = argc;
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        if (geteuid() != 0) {
+                log_error("Need to be root.");
+                r = -EPERM;
+                goto finish;
+        }
+        r = determine_names();
+        if (r < 0)
+                goto finish;
+
+        r = load_settings();
+        if (r < 0)
+                goto finish;
+
+        r = verify_arguments();
+        if (r < 0)
+                goto finish;
+
+        n_fd_passed = sd_listen_fds(false);
+        if (n_fd_passed > 0) {
+                r = fdset_new_listen_fds(&fds, false);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to collect file descriptors: %m");
+                        goto finish;
+                }
+        }
+
+        if (arg_directory) {
+                assert(!arg_image);
+
+                if (path_equal(arg_directory, "/") && !arg_ephemeral) {
+                        log_error("Spawning container on root directory is not supported. Consider using --ephemeral.");
+                        r = -EINVAL;
+                        goto finish;
+                }
+
+                if (arg_ephemeral) {
+                        _cleanup_free_ char *np = NULL;
+
+                        /* If the specified path is a mount point we
+                         * generate the new snapshot immediately
+                         * inside it under a random name. However if
+                         * the specified is not a mount point we
+                         * create the new snapshot in the parent
+                         * directory, just next to it. */
+                        r = path_is_mount_point(arg_directory, 0);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to determine whether directory %s is mount point: %m", arg_directory);
+                                goto finish;
+                        }
+                        if (r > 0)
+                                r = tempfn_random_child(arg_directory, "machine.", &np);
+                        else
+                                r = tempfn_random(arg_directory, "machine.", &np);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to generate name for snapshot: %m");
+                                goto finish;
+                        }
+
+                        r = image_path_lock(np, (arg_read_only ? LOCK_SH : LOCK_EX) | LOCK_NB, &tree_global_lock, &tree_local_lock);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to lock %s: %m", np);
+                                goto finish;
+                        }
+
+                        r = btrfs_subvol_snapshot(arg_directory, np, (arg_read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) | BTRFS_SNAPSHOT_FALLBACK_COPY | BTRFS_SNAPSHOT_RECURSIVE | BTRFS_SNAPSHOT_QUOTA);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to create snapshot %s from %s: %m", np, arg_directory);
+                                goto finish;
+                        }
+
+                        free(arg_directory);
+                        arg_directory = np;
+                        np = NULL;
+
+                        remove_subvol = true;
+
+                } else {
+                        r = image_path_lock(arg_directory, (arg_read_only ? LOCK_SH : LOCK_EX) | LOCK_NB, &tree_global_lock, &tree_local_lock);
+                        if (r == -EBUSY) {
+                                log_error_errno(r, "Directory tree %s is currently busy.", arg_directory);
+                                goto finish;
+                        }
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to lock %s: %m", arg_directory);
+                                return r;
+                        }
+
+                        if (arg_template) {
+                                r = btrfs_subvol_snapshot(arg_template, arg_directory, (arg_read_only ? BTRFS_SNAPSHOT_READ_ONLY : 0) | BTRFS_SNAPSHOT_FALLBACK_COPY | BTRFS_SNAPSHOT_RECURSIVE | BTRFS_SNAPSHOT_QUOTA);
+                                if (r == -EEXIST) {
+                                        if (!arg_quiet)
+                                                log_info("Directory %s already exists, not populating from template %s.", arg_directory, arg_template);
+                                } else if (r < 0) {
+                                        log_error_errno(r, "Couldn't create snapshot %s from %s: %m", arg_directory, arg_template);
+                                        goto finish;
+                                } else {
+                                        if (!arg_quiet)
+                                                log_info("Populated %s from template %s.", arg_directory, arg_template);
+                                }
+                        }
+                }
+
+                if (arg_start_mode == START_BOOT) {
+                        if (path_is_os_tree(arg_directory) <= 0) {
+                                log_error("Directory %s doesn't look like an OS root directory (os-release file is missing). Refusing.", arg_directory);
+                                r = -EINVAL;
+                                goto finish;
+                        }
+                } else {
+                        const char *p;
+
+                        p = strjoina(arg_directory, "/usr/");
+                        if (laccess(p, F_OK) < 0) {
+                                log_error("Directory %s doesn't look like it has an OS tree. Refusing.", arg_directory);
+                                r = -EINVAL;
+                                goto finish;
+                        }
+                }
+
+        } else {
+                char template[] = "/tmp/nspawn-root-XXXXXX";
+
+                assert(arg_image);
+                assert(!arg_template);
+
+                r = image_path_lock(arg_image, (arg_read_only ? LOCK_SH : LOCK_EX) | LOCK_NB, &tree_global_lock, &tree_local_lock);
+                if (r == -EBUSY) {
+                        r = log_error_errno(r, "Disk image %s is currently busy.", arg_image);
+                        goto finish;
+                }
+                if (r < 0) {
+                        r = log_error_errno(r, "Failed to create image lock: %m");
+                        goto finish;
+                }
+
+                if (!mkdtemp(template)) {
+                        log_error_errno(errno, "Failed to create temporary directory: %m");
+                        r = -errno;
+                        goto finish;
+                }
+
+                arg_directory = strdup(template);
+                if (!arg_directory) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                image_fd = setup_image(&device_path, &loop_nr);
+                if (image_fd < 0) {
+                        r = image_fd;
+                        goto finish;
+                }
+
+                r = dissect_image(image_fd,
+                                  &root_device, &root_device_rw,
+                                  &home_device, &home_device_rw,
+                                  &srv_device, &srv_device_rw,
+                                  &secondary);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = custom_mounts_prepare();
+        if (r < 0)
+                goto finish;
+
+        interactive =
+                isatty(STDIN_FILENO) > 0 &&
+                isatty(STDOUT_FILENO) > 0;
+
+        master = posix_openpt(O_RDWR|O_NOCTTY|O_CLOEXEC|O_NDELAY);
+        if (master < 0) {
+                r = log_error_errno(errno, "Failed to acquire pseudo tty: %m");
+                goto finish;
+        }
+
+        r = ptsname_malloc(master, &console);
+        if (r < 0) {
+                r = log_error_errno(r, "Failed to determine tty name: %m");
+                goto finish;
+        }
+
+        if (arg_selinux_apifs_context) {
+                r = mac_selinux_apply(console, arg_selinux_apifs_context);
+                if (r < 0)
+                        goto finish;
+        }
+
+        if (unlockpt(master) < 0) {
+                r = log_error_errno(errno, "Failed to unlock tty: %m");
+                goto finish;
+        }
+
+        if (!arg_quiet)
+                log_info("Spawning container %s on %s.\nPress ^] three times within 1s to kill container.",
+                         arg_machine, arg_image ?: arg_directory);
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1) >= 0);
+
+        assert_se(sigemptyset(&mask_chld) == 0);
+        assert_se(sigaddset(&mask_chld, SIGCHLD) == 0);
+
+        if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) {
+                r = log_error_errno(errno, "Failed to become subreaper: %m");
+                goto finish;
+        }
+
+        for (;;) {
+                static const struct sigaction sa = {
+                        .sa_handler = nop_signal_handler,
+                        .sa_flags = SA_NOCLDSTOP,
+                };
+
+                _cleanup_release_lock_file_ LockFile uid_shift_lock = LOCK_FILE_INIT;
+                _cleanup_close_ int etc_passwd_lock = -1;
+                _cleanup_close_pair_ int
+                        kmsg_socket_pair[2] = { -1, -1 },
+                        rtnl_socket_pair[2] = { -1, -1 },
+                        pid_socket_pair[2] = { -1, -1 },
+                        uuid_socket_pair[2] = { -1, -1 },
+                        uid_shift_socket_pair[2] = { -1, -1 };
+                _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
+                _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+                _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
+                _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+                ContainerStatus container_status;
+                char last_char = 0;
+                int ifi = 0;
+                ssize_t l;
+
+                if (arg_userns_mode == USER_NAMESPACE_PICK) {
+                        /* When we shall pick the UID/GID range, let's first lock /etc/passwd, so that we can safely
+                         * check with getpwuid() if the specific user already exists. Note that /etc might be
+                         * read-only, in which case this will fail with EROFS. But that's really OK, as in that case we
+                         * can be reasonably sure that no users are going to be added. Note that getpwuid() checks are
+                         * really just an extra safety net. We kinda assume that the UID range we allocate from is
+                         * really ours. */
+
+                        etc_passwd_lock = take_etc_passwd_lock(NULL);
+                        if (etc_passwd_lock < 0 && etc_passwd_lock != -EROFS) {
+                                log_error_errno(r, "Failed to take /etc/passwd lock: %m");
+                                goto finish;
+                        }
+                }
+
+                r = barrier_create(&barrier);
+                if (r < 0) {
+                        log_error_errno(r, "Cannot initialize IPC barrier: %m");
+                        goto finish;
+                }
+
+                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
+                        r = log_error_errno(errno, "Failed to create kmsg socket pair: %m");
+                        goto finish;
+                }
+
+                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, rtnl_socket_pair) < 0) {
+                        r = log_error_errno(errno, "Failed to create rtnl socket pair: %m");
+                        goto finish;
+                }
+
+                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pid_socket_pair) < 0) {
+                        r = log_error_errno(errno, "Failed to create pid socket pair: %m");
+                        goto finish;
+                }
+
+                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, uuid_socket_pair) < 0) {
+                        r = log_error_errno(errno, "Failed to create id socket pair: %m");
+                        goto finish;
+                }
+
+                if (arg_userns_mode != USER_NAMESPACE_NO)
+                        if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, uid_shift_socket_pair) < 0) {
+                                r = log_error_errno(errno, "Failed to create uid shift socket pair: %m");
+                                goto finish;
+                        }
+
+                /* Child can be killed before execv(), so handle SIGCHLD
+                 * in order to interrupt parent's blocking calls and
+                 * give it a chance to call wait() and terminate. */
+                r = sigprocmask(SIG_UNBLOCK, &mask_chld, NULL);
+                if (r < 0) {
+                        r = log_error_errno(errno, "Failed to change the signal mask: %m");
+                        goto finish;
+                }
+
+                r = sigaction(SIGCHLD, &sa, NULL);
+                if (r < 0) {
+                        r = log_error_errno(errno, "Failed to install SIGCHLD handler: %m");
+                        goto finish;
+                }
+
+                pid = raw_clone(SIGCHLD|CLONE_NEWNS, NULL);
+                if (pid < 0) {
+                        if (errno == EINVAL)
+                                r = log_error_errno(errno, "clone() failed, do you have namespace support enabled in your kernel? (You need UTS, IPC, PID and NET namespacing built in): %m");
+                        else
+                                r = log_error_errno(errno, "clone() failed: %m");
+
+                        goto finish;
+                }
+
+                if (pid == 0) {
+                        /* The outer child only has a file system namespace. */
+                        barrier_set_role(&barrier, BARRIER_CHILD);
+
+                        master = safe_close(master);
+
+                        kmsg_socket_pair[0] = safe_close(kmsg_socket_pair[0]);
+                        rtnl_socket_pair[0] = safe_close(rtnl_socket_pair[0]);
+                        pid_socket_pair[0] = safe_close(pid_socket_pair[0]);
+                        uuid_socket_pair[0] = safe_close(uuid_socket_pair[0]);
+                        uid_shift_socket_pair[0] = safe_close(uid_shift_socket_pair[0]);
+
+                        (void) reset_all_signal_handlers();
+                        (void) reset_signal_mask();
+
+                        r = outer_child(&barrier,
+                                        arg_directory,
+                                        console,
+                                        root_device, root_device_rw,
+                                        home_device, home_device_rw,
+                                        srv_device, srv_device_rw,
+                                        interactive,
+                                        secondary,
+                                        pid_socket_pair[1],
+                                        uuid_socket_pair[1],
+                                        kmsg_socket_pair[1],
+                                        rtnl_socket_pair[1],
+                                        uid_shift_socket_pair[1],
+                                        fds);
+                        if (r < 0)
+                                _exit(EXIT_FAILURE);
+
+                        _exit(EXIT_SUCCESS);
+                }
+
+                barrier_set_role(&barrier, BARRIER_PARENT);
+
+                fds = fdset_free(fds);
+
+                kmsg_socket_pair[1] = safe_close(kmsg_socket_pair[1]);
+                rtnl_socket_pair[1] = safe_close(rtnl_socket_pair[1]);
+                pid_socket_pair[1] = safe_close(pid_socket_pair[1]);
+                uuid_socket_pair[1] = safe_close(uuid_socket_pair[1]);
+                uid_shift_socket_pair[1] = safe_close(uid_shift_socket_pair[1]);
+
+                if (arg_userns_mode != USER_NAMESPACE_NO) {
+                        /* The child just let us know the UID shift it might have read from the image. */
+                        l = recv(uid_shift_socket_pair[0], &arg_uid_shift, sizeof(arg_uid_shift), 0);
+                        if (l < 0) {
+                                r = log_error_errno(errno, "Failed to read UID shift: %m");
+                                goto finish;
+                        }
+                        if (l != sizeof(arg_uid_shift)) {
+                                log_error("Short read while reading UID shift.");
+                                r = EIO;
+                                goto finish;
+                        }
+
+                        if (arg_userns_mode == USER_NAMESPACE_PICK) {
+                                /* If we are supposed to pick the UID shift, let's try to use the shift read from the
+                                 * image, but if that's already in use, pick a new one, and report back to the child,
+                                 * which one we now picked. */
+
+                                r = uid_shift_pick(&arg_uid_shift, &uid_shift_lock);
+                                if (r < 0) {
+                                        log_error_errno(r, "Failed to pick suitable UID/GID range: %m");
+                                        goto finish;
+                                }
+
+                                l = send(uid_shift_socket_pair[0], &arg_uid_shift, sizeof(arg_uid_shift), MSG_NOSIGNAL);
+                                if (l < 0) {
+                                        r = log_error_errno(errno, "Failed to send UID shift: %m");
+                                        goto finish;
+                                }
+                                if (l != sizeof(arg_uid_shift)) {
+                                        log_error("Short write while writing UID shift.");
+                                        r = -EIO;
+                                        goto finish;
+                                }
+                        }
+                }
+
+                /* Wait for the outer child. */
+                r = wait_for_terminate_and_warn("namespace helper", pid, NULL);
+                if (r < 0)
+                        goto finish;
+                if (r != 0) {
+                        r = -EIO;
+                        goto finish;
+                }
+                pid = 0;
+
+                /* And now retrieve the PID of the inner child. */
+                l = recv(pid_socket_pair[0], &pid, sizeof(pid), 0);
+                if (l < 0) {
+                        r = log_error_errno(errno, "Failed to read inner child PID: %m");
+                        goto finish;
+                }
+                if (l != sizeof(pid)) {
+                        log_error("Short read while reading inner child PID.");
+                        r = EIO;
+                        goto finish;
+                }
+
+                /* We also retrieve container UUID in case it was generated by outer child */
+                l = recv(uuid_socket_pair[0], &arg_uuid, sizeof(arg_uuid), 0);
+                if (l < 0) {
+                        r = log_error_errno(errno, "Failed to read container machine ID: %m");
+                        goto finish;
+                }
+                if (l != sizeof(arg_uuid)) {
+                        log_error("Short read while reading container machined ID.");
+                        r = EIO;
+                        goto finish;
+                }
+
+                log_debug("Init process invoked as PID " PID_FMT, pid);
+
+                if (arg_userns_mode != USER_NAMESPACE_NO) {
+                        if (!barrier_place_and_sync(&barrier)) { /* #1 */
+                                log_error("Child died too early.");
+                                r = -ESRCH;
+                                goto finish;
+                        }
+
+                        r = setup_uid_map(pid);
+                        if (r < 0)
+                                goto finish;
+
+                        (void) barrier_place(&barrier); /* #2 */
+                }
+
+                if (arg_private_network) {
+
+                        r = move_network_interfaces(pid, arg_network_interfaces);
+                        if (r < 0)
+                                goto finish;
+
+                        if (arg_network_veth) {
+                                r = setup_veth(arg_machine, pid, veth_name,
+                                               arg_network_bridge || arg_network_zone);
+                                if (r < 0)
+                                        goto finish;
+                                else if (r > 0)
+                                        ifi = r;
+
+                                if (arg_network_bridge) {
+                                        /* Add the interface to a bridge */
+                                        r = setup_bridge(veth_name, arg_network_bridge, false);
+                                        if (r < 0)
+                                                goto finish;
+                                        if (r > 0)
+                                                ifi = r;
+                                } else if (arg_network_zone) {
+                                        /* Add the interface to a bridge, possibly creating it */
+                                        r = setup_bridge(veth_name, arg_network_zone, true);
+                                        if (r < 0)
+                                                goto finish;
+                                        if (r > 0)
+                                                ifi = r;
+                                }
+                        }
+
+                        r = setup_veth_extra(arg_machine, pid, arg_network_veth_extra);
+                        if (r < 0)
+                                goto finish;
+
+                        /* We created the primary and extra veth links now; let's remember this, so that we know to
+                           remove them later on. Note that we don't bother with removing veth links that were created
+                           here when their setup failed half-way, because in that case the kernel should be able to
+                           remove them on its own, since they cannot be referenced by anything yet. */
+                        veth_created = true;
+
+                        r = setup_macvlan(arg_machine, pid, arg_network_macvlan);
+                        if (r < 0)
+                                goto finish;
+
+                        r = setup_ipvlan(arg_machine, pid, arg_network_ipvlan);
+                        if (r < 0)
+                                goto finish;
+                }
+
+                if (arg_register) {
+                        r = register_machine(
+                                        arg_machine,
+                                        pid,
+                                        arg_directory,
+                                        arg_uuid,
+                                        ifi,
+                                        arg_slice,
+                                        arg_custom_mounts, arg_n_custom_mounts,
+                                        arg_kill_signal,
+                                        arg_property,
+                                        arg_keep_unit,
+                                        arg_container_service_name);
+                        if (r < 0)
+                                goto finish;
+                }
+
+                r = sync_cgroup(pid, arg_unified_cgroup_hierarchy);
+                if (r < 0)
+                        goto finish;
+
+                if (arg_keep_unit) {
+                        r = create_subcgroup(pid, arg_unified_cgroup_hierarchy);
+                        if (r < 0)
+                                goto finish;
+                }
+
+                r = chown_cgroup(pid, arg_uid_shift);
+                if (r < 0)
+                        goto finish;
+
+                /* Notify the child that the parent is ready with all
+                 * its setup (including cgroup-ification), and that
+                 * the child can now hand over control to the code to
+                 * run inside the container. */
+                (void) barrier_place(&barrier); /* #3 */
+
+                /* Block SIGCHLD here, before notifying child.
+                 * process_pty() will handle it with the other signals. */
+                assert_se(sigprocmask(SIG_BLOCK, &mask_chld, NULL) >= 0);
+
+                /* Reset signal to default */
+                r = default_signals(SIGCHLD, -1);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to reset SIGCHLD: %m");
+                        goto finish;
+                }
+
+                /* Let the child know that we are ready and wait that the child is completely ready now. */
+                if (!barrier_place_and_sync(&barrier)) { /* #4 */
+                        log_error("Child died too early.");
+                        r = -ESRCH;
+                        goto finish;
+                }
+
+                /* At this point we have made use of the UID we picked, and thus nss-mymachines will make them appear
+                 * in getpwuid(), thus we can release the /etc/passwd lock. */
+                etc_passwd_lock = safe_close(etc_passwd_lock);
+
+                sd_notifyf(false,
+                           "READY=1\n"
+                           "STATUS=Container running.\n"
+                           "X_NSPAWN_LEADER_PID=" PID_FMT, pid);
+
+                r = sd_event_new(&event);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to get default event source: %m");
+                        goto finish;
+                }
+
+                if (arg_kill_signal > 0) {
+                        /* Try to kill the init system on SIGINT or SIGTERM */
+                        sd_event_add_signal(event, NULL, SIGINT, on_orderly_shutdown, PID_TO_PTR(pid));
+                        sd_event_add_signal(event, NULL, SIGTERM, on_orderly_shutdown, PID_TO_PTR(pid));
+                } else {
+                        /* Immediately exit */
+                        sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
+                        sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
+                }
+
+                /* simply exit on sigchld */
+                sd_event_add_signal(event, NULL, SIGCHLD, NULL, NULL);
+
+                if (arg_expose_ports) {
+                        r = expose_port_watch_rtnl(event, rtnl_socket_pair[0], on_address_change, &exposed, &rtnl);
+                        if (r < 0)
+                                goto finish;
+
+                        (void) expose_port_execute(rtnl, arg_expose_ports, &exposed);
+                }
+
+                rtnl_socket_pair[0] = safe_close(rtnl_socket_pair[0]);
+
+                r = pty_forward_new(event, master, PTY_FORWARD_IGNORE_VHANGUP | (interactive ? 0 : PTY_FORWARD_READ_ONLY), &forward);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to create PTY forwarder: %m");
+                        goto finish;
+                }
+
+                r = sd_event_loop(event);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to run event loop: %m");
+                        goto finish;
+                }
+
+                pty_forward_get_last_char(forward, &last_char);
+
+                forward = pty_forward_free(forward);
+
+                if (!arg_quiet && last_char != '\n')
+                        putc('\n', stdout);
+
+                /* Kill if it is not dead yet anyway */
+                if (arg_register && !arg_keep_unit)
+                        terminate_machine(pid);
+
+                /* Normally redundant, but better safe than sorry */
+                kill(pid, SIGKILL);
+
+                r = wait_for_container(pid, &container_status);
+                pid = 0;
+
+                if (r < 0)
+                        /* We failed to wait for the container, or the
+                         * container exited abnormally */
+                        goto finish;
+                else if (r > 0 || container_status == CONTAINER_TERMINATED) {
+                        /* The container exited with a non-zero
+                         * status, or with zero status and no reboot
+                         * was requested. */
+                        ret = r;
+                        break;
+                }
+
+                /* CONTAINER_REBOOTED, loop again */
+
+                if (arg_keep_unit) {
+                        /* Special handling if we are running as a
+                         * service: instead of simply restarting the
+                         * machine we want to restart the entire
+                         * service, so let's inform systemd about this
+                         * with the special exit code 133. The service
+                         * file uses RestartForceExitStatus=133 so
+                         * that this results in a full nspawn
+                         * restart. This is necessary since we might
+                         * have cgroup parameters set we want to have
+                         * flushed out. */
+                        ret = 133;
+                        r = 0;
+                        break;
+                }
+
+                expose_port_flush(arg_expose_ports, &exposed);
+
+                (void) remove_veth_links(veth_name, arg_network_veth_extra);
+                veth_created = false;
+        }
+
+finish:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Terminating...");
+
+        if (pid > 0)
+                kill(pid, SIGKILL);
+
+        /* Try to flush whatever is still queued in the pty */
+        if (master >= 0)
+                (void) copy_bytes(master, STDOUT_FILENO, (uint64_t) -1, false);
+
+        loop_remove(loop_nr, &image_fd);
+
+        if (remove_subvol && arg_directory) {
+                int k;
+
+                k = btrfs_subvol_remove(arg_directory, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
+                if (k < 0)
+                        log_warning_errno(k, "Cannot remove subvolume '%s', ignoring: %m", arg_directory);
+        }
+
+        if (arg_machine) {
+                const char *p;
+
+                p = strjoina("/run/systemd/nspawn/propagate/", arg_machine);
+                (void) rm_rf(p, REMOVE_ROOT);
+        }
+
+        expose_port_flush(arg_expose_ports, &exposed);
+
+        if (veth_created)
+                (void) remove_veth_links(veth_name, arg_network_veth_extra);
+        (void) remove_bridge(arg_network_zone);
+
+        free(arg_directory);
+        free(arg_template);
+        free(arg_image);
+        free(arg_machine);
+        free(arg_user);
+        free(arg_chdir);
+        strv_free(arg_setenv);
+        free(arg_network_bridge);
+        strv_free(arg_network_interfaces);
+        strv_free(arg_network_macvlan);
+        strv_free(arg_network_ipvlan);
+        strv_free(arg_network_veth_extra);
+        strv_free(arg_parameters);
+        custom_mount_free_all(arg_custom_mounts, arg_n_custom_mounts);
+        expose_port_free_all(arg_expose_ports);
+
+        return r < 0 ? EXIT_FAILURE : ret;
+}
diff --git a/src/nspawn/test-patch-uid.c b/src/systemd-nspawn/test-patch-uid.c
index 11c5321788..11c5321788 100644
--- a/src/nspawn/test-patch-uid.c
+++ b/src/systemd-nspawn/test-patch-uid.c
diff --git a/src/systemd-path/Makefile b/src/systemd-path/Makefile
new file mode 100644
index 0000000000..eb609cb1b9
--- /dev/null
+++ b/src/systemd-path/Makefile
@@ -0,0 +1,34 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-path
+
+systemd_path_SOURCES = \
+	src/path/path.c
+
+systemd_path_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-path/path.c b/src/systemd-path/path.c
new file mode 100644
index 0000000000..80268ed874
--- /dev/null
+++ b/src/systemd-path/path.c
@@ -0,0 +1,198 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <systemd/sd-path.h>
+
+#include "alloc-util.h"
+#include "log.h"
+#include "macro.h"
+#include "string-util.h"
+#include "util.h"
+
+static const char *arg_suffix = NULL;
+
+static const char* const path_table[_SD_PATH_MAX] = {
+        [SD_PATH_TEMPORARY] = "temporary",
+        [SD_PATH_TEMPORARY_LARGE] = "temporary-large",
+        [SD_PATH_SYSTEM_BINARIES] = "system-binaries",
+        [SD_PATH_SYSTEM_INCLUDE] = "system-include",
+        [SD_PATH_SYSTEM_LIBRARY_PRIVATE] = "system-library-private",
+        [SD_PATH_SYSTEM_LIBRARY_ARCH] = "system-library-arch",
+        [SD_PATH_SYSTEM_SHARED] = "system-shared",
+        [SD_PATH_SYSTEM_CONFIGURATION_FACTORY] = "system-configuration-factory",
+        [SD_PATH_SYSTEM_STATE_FACTORY] = "system-state-factory",
+        [SD_PATH_SYSTEM_CONFIGURATION] = "system-configuration",
+        [SD_PATH_SYSTEM_RUNTIME] = "system-runtime",
+        [SD_PATH_SYSTEM_RUNTIME_LOGS] = "system-runtime-logs",
+        [SD_PATH_SYSTEM_STATE_PRIVATE] = "system-state-private",
+        [SD_PATH_SYSTEM_STATE_LOGS] = "system-state-logs",
+        [SD_PATH_SYSTEM_STATE_CACHE] = "system-state-cache",
+        [SD_PATH_SYSTEM_STATE_SPOOL] = "system-state-spool",
+        [SD_PATH_USER_BINARIES] = "user-binaries",
+        [SD_PATH_USER_LIBRARY_PRIVATE] = "user-library-private",
+        [SD_PATH_USER_LIBRARY_ARCH] = "user-library-arch",
+        [SD_PATH_USER_SHARED] = "user-shared",
+        [SD_PATH_USER_CONFIGURATION] = "user-configuration",
+        [SD_PATH_USER_RUNTIME] = "user-runtime",
+        [SD_PATH_USER_STATE_CACHE] = "user-state-cache",
+        [SD_PATH_USER] = "user",
+        [SD_PATH_USER_DOCUMENTS] = "user-documents",
+        [SD_PATH_USER_MUSIC] = "user-music",
+        [SD_PATH_USER_PICTURES] = "user-pictures",
+        [SD_PATH_USER_VIDEOS] = "user-videos",
+        [SD_PATH_USER_DOWNLOAD] = "user-download",
+        [SD_PATH_USER_PUBLIC] = "user-public",
+        [SD_PATH_USER_TEMPLATES] = "user-templates",
+        [SD_PATH_USER_DESKTOP] = "user-desktop",
+        [SD_PATH_SEARCH_BINARIES] = "search-binaries",
+        [SD_PATH_SEARCH_LIBRARY_PRIVATE] = "search-library-private",
+        [SD_PATH_SEARCH_LIBRARY_ARCH] = "search-library-arch",
+        [SD_PATH_SEARCH_SHARED] = "search-shared",
+        [SD_PATH_SEARCH_CONFIGURATION_FACTORY] = "search-configuration-factory",
+        [SD_PATH_SEARCH_STATE_FACTORY] = "search-state-factory",
+        [SD_PATH_SEARCH_CONFIGURATION] = "search-configuration",
+};
+
+static int list_homes(void) {
+        uint64_t i = 0;
+        int r = 0;
+
+        for (i = 0; i < ELEMENTSOF(path_table); i++) {
+                _cleanup_free_ char *p = NULL;
+                int q;
+
+                q = sd_path_home(i, arg_suffix, &p);
+                if (q == -ENXIO)
+                        continue;
+                if (q < 0) {
+                        log_error_errno(r, "Failed to query %s: %m", path_table[i]);
+                        r = q;
+                        continue;
+                }
+
+                printf("%s: %s\n", path_table[i], p);
+        }
+
+        return r;
+}
+
+static int print_home(const char *n) {
+        uint64_t i = 0;
+        int r;
+
+        for (i = 0; i < ELEMENTSOF(path_table); i++) {
+                if (streq(path_table[i], n)) {
+                        _cleanup_free_ char *p = NULL;
+
+                        r = sd_path_home(i, arg_suffix, &p);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to query %s: %m", n);
+
+                        printf("%s\n", p);
+                        return 0;
+                }
+        }
+
+        log_error("Path %s not known.", n);
+        return -EOPNOTSUPP;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] [NAME...]\n\n"
+               "Show system and user paths.\n\n"
+               "  -h --help             Show this help\n"
+               "     --version          Show package version\n"
+               "     --suffix=SUFFIX    Suffix to append to paths\n",
+               program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_SUFFIX,
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, 'h'           },
+                { "version",   no_argument,       NULL, ARG_VERSION   },
+                { "suffix",    required_argument, NULL, ARG_SUFFIX    },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_SUFFIX:
+                        arg_suffix = optarg;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+int main(int argc, char* argv[]) {
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        if (argc > optind) {
+                int i, q;
+
+                for (i = optind; i < argc; i++) {
+                        q = print_home(argv[i]);
+                        if (q < 0)
+                                r = q;
+                }
+        } else
+                r = list_homes();
+
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-rc-local-generator/Makefile b/src/systemd-rc-local-generator/Makefile
new file mode 100644
index 0000000000..2e9b3e7a64
--- /dev/null
+++ b/src/systemd-rc-local-generator/Makefile
@@ -0,0 +1,32 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemd_rc_local_generator_SOURCES = \
+	src/rc-local-generator/rc-local-generator.c
+
+systemd_rc_local_generator_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/rc-local-generator/rc-local-generator.c b/src/systemd-rc-local-generator/rc-local-generator.c
index 618bbe428d..618bbe428d 100644
--- a/src/rc-local-generator/rc-local-generator.c
+++ b/src/systemd-rc-local-generator/rc-local-generator.c
diff --git a/src/systemd-remount-fs/Makefile b/src/systemd-remount-fs/Makefile
new file mode 100644
index 0000000000..49b10a879a
--- /dev/null
+++ b/src/systemd-remount-fs/Makefile
@@ -0,0 +1,35 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-remount-fs
+systemd_remount_fs_SOURCES = \
+	src/remount-fs/remount-fs.c \
+	src/core/mount-setup.c \
+	src/core/mount-setup.h
+
+systemd_remount_fs_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/remount-fs/remount-fs.c b/src/systemd-remount-fs/remount-fs.c
index 6468d1eecd..6468d1eecd 100644
--- a/src/remount-fs/remount-fs.c
+++ b/src/systemd-remount-fs/remount-fs.c
diff --git a/src/systemd-reply-password/Makefile b/src/systemd-reply-password/Makefile
new file mode 100644
index 0000000000..b5c4698fd8
--- /dev/null
+++ b/src/systemd-reply-password/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-reply-password
+systemd_reply_password_SOURCES = \
+	src/reply-password/reply-password.c
+
+systemd_reply_password_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/reply-password/reply-password.c b/src/systemd-reply-password/reply-password.c
index 17eab9772e..17eab9772e 100644
--- a/src/reply-password/reply-password.c
+++ b/src/systemd-reply-password/reply-password.c
diff --git a/src/systemd-run/Makefile b/src/systemd-run/Makefile
new file mode 100644
index 0000000000..a8edcf66c1
--- /dev/null
+++ b/src/systemd-run/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-run
+systemd_run_SOURCES = \
+	src/run/run.c
+
+systemd_run_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-run/run.c b/src/systemd-run/run.c
new file mode 100644
index 0000000000..29b5131f70
--- /dev/null
+++ b/src/systemd-run/run.c
@@ -0,0 +1,1261 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <getopt.h>
+#include <stdio.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-event.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-unit-util.h"
+#include "bus-util.h"
+#include "calendarspec.h"
+#include "env-util.h"
+#include "fd-util.h"
+#include "formats-util.h"
+#include "parse-util.h"
+#include "path-util.h"
+#include "ptyfwd.h"
+#include "signal-util.h"
+#include "spawn-polkit-agent.h"
+#include "strv.h"
+#include "terminal-util.h"
+#include "unit-name.h"
+#include "user-util.h"
+
+static bool arg_ask_password = true;
+static bool arg_scope = false;
+static bool arg_remain_after_exit = false;
+static bool arg_no_block = false;
+static const char *arg_unit = NULL;
+static const char *arg_description = NULL;
+static const char *arg_slice = NULL;
+static bool arg_send_sighup = false;
+static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+static const char *arg_host = NULL;
+static bool arg_user = false;
+static const char *arg_service_type = NULL;
+static const char *arg_exec_user = NULL;
+static const char *arg_exec_group = NULL;
+static int arg_nice = 0;
+static bool arg_nice_set = false;
+static char **arg_environment = NULL;
+static char **arg_property = NULL;
+static bool arg_pty = false;
+static usec_t arg_on_active = 0;
+static usec_t arg_on_boot = 0;
+static usec_t arg_on_startup = 0;
+static usec_t arg_on_unit_active = 0;
+static usec_t arg_on_unit_inactive = 0;
+static const char *arg_on_calendar = NULL;
+static char **arg_timer_property = NULL;
+static bool arg_quiet = false;
+
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+        if (!arg_ask_password)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] {COMMAND} [ARGS...]\n\n"
+               "Run the specified command in a transient scope or service or timer\n"
+               "unit. If a timer option is specified and the unit specified with\n"
+               "the --unit option exists, the command can be omitted.\n\n"
+               "  -h --help                       Show this help\n"
+               "     --version                    Show package version\n"
+               "     --no-ask-password            Do not prompt for password\n"
+               "     --user                       Run as user unit\n"
+               "  -H --host=[USER@]HOST           Operate on remote host\n"
+               "  -M --machine=CONTAINER          Operate on local container\n"
+               "     --scope                      Run this as scope rather than service\n"
+               "     --unit=UNIT                  Run under the specified unit name\n"
+               "  -p --property=NAME=VALUE        Set unit property\n"
+               "     --description=TEXT           Description for unit\n"
+               "     --slice=SLICE                Run in the specified slice\n"
+               "     --no-block                   Do not wait until operation finished\n"
+               "  -r --remain-after-exit          Leave service around until explicitly stopped\n"
+               "     --send-sighup                Send SIGHUP when terminating\n"
+               "     --service-type=TYPE          Service type\n"
+               "     --uid=USER                   Run as system user\n"
+               "     --gid=GROUP                  Run as system group\n"
+               "     --nice=NICE                  Nice level\n"
+               "  -E --setenv=NAME=VALUE          Set environment\n"
+               "  -t --pty                        Run service on pseudo tty\n"
+               "  -q --quiet                      Suppress information messages during runtime\n\n"
+               "Timer options:\n\n"
+               "     --on-active=SECONDS          Run after SECONDS delay\n"
+               "     --on-boot=SECONDS            Run SECONDS after machine was booted up\n"
+               "     --on-startup=SECONDS         Run SECONDS after systemd activation\n"
+               "     --on-unit-active=SECONDS     Run SECONDS after the last activation\n"
+               "     --on-unit-inactive=SECONDS   Run SECONDS after the last deactivation\n"
+               "     --on-calendar=SPEC           Realtime timer\n"
+               "     --timer-property=NAME=VALUE  Set timer unit property\n",
+               program_invocation_short_name);
+}
+
+static bool with_timer(void) {
+        return arg_on_active || arg_on_boot || arg_on_startup || arg_on_unit_active || arg_on_unit_inactive || arg_on_calendar;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_USER,
+                ARG_SYSTEM,
+                ARG_SCOPE,
+                ARG_UNIT,
+                ARG_DESCRIPTION,
+                ARG_SLICE,
+                ARG_SEND_SIGHUP,
+                ARG_SERVICE_TYPE,
+                ARG_EXEC_USER,
+                ARG_EXEC_GROUP,
+                ARG_NICE,
+                ARG_ON_ACTIVE,
+                ARG_ON_BOOT,
+                ARG_ON_STARTUP,
+                ARG_ON_UNIT_ACTIVE,
+                ARG_ON_UNIT_INACTIVE,
+                ARG_ON_CALENDAR,
+                ARG_TIMER_PROPERTY,
+                ARG_NO_BLOCK,
+                ARG_NO_ASK_PASSWORD,
+        };
+
+        static const struct option options[] = {
+                { "help",              no_argument,       NULL, 'h'                  },
+                { "version",           no_argument,       NULL, ARG_VERSION          },
+                { "user",              no_argument,       NULL, ARG_USER             },
+                { "system",            no_argument,       NULL, ARG_SYSTEM           },
+                { "scope",             no_argument,       NULL, ARG_SCOPE            },
+                { "unit",              required_argument, NULL, ARG_UNIT             },
+                { "description",       required_argument, NULL, ARG_DESCRIPTION      },
+                { "slice",             required_argument, NULL, ARG_SLICE            },
+                { "remain-after-exit", no_argument,       NULL, 'r'                  },
+                { "send-sighup",       no_argument,       NULL, ARG_SEND_SIGHUP      },
+                { "host",              required_argument, NULL, 'H'                  },
+                { "machine",           required_argument, NULL, 'M'                  },
+                { "service-type",      required_argument, NULL, ARG_SERVICE_TYPE     },
+                { "uid",               required_argument, NULL, ARG_EXEC_USER        },
+                { "gid",               required_argument, NULL, ARG_EXEC_GROUP       },
+                { "nice",              required_argument, NULL, ARG_NICE             },
+                { "setenv",            required_argument, NULL, 'E'                  },
+                { "property",          required_argument, NULL, 'p'                  },
+                { "tty",               no_argument,       NULL, 't'                  }, /* deprecated */
+                { "pty",               no_argument,       NULL, 't'                  },
+                { "quiet",             no_argument,       NULL, 'q'                  },
+                { "on-active",         required_argument, NULL, ARG_ON_ACTIVE        },
+                { "on-boot",           required_argument, NULL, ARG_ON_BOOT          },
+                { "on-startup",        required_argument, NULL, ARG_ON_STARTUP       },
+                { "on-unit-active",    required_argument, NULL, ARG_ON_UNIT_ACTIVE   },
+                { "on-unit-inactive",  required_argument, NULL, ARG_ON_UNIT_INACTIVE },
+                { "on-calendar",       required_argument, NULL, ARG_ON_CALENDAR      },
+                { "timer-property",    required_argument, NULL, ARG_TIMER_PROPERTY   },
+                { "no-block",          no_argument,       NULL, ARG_NO_BLOCK         },
+                { "no-ask-password",   no_argument,       NULL, ARG_NO_ASK_PASSWORD },
+                {},
+        };
+
+        int r, c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "+hrH:M:p:tq", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_USER:
+                        arg_user = true;
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_user = false;
+                        break;
+
+                case ARG_SCOPE:
+                        arg_scope = true;
+                        break;
+
+                case ARG_UNIT:
+                        arg_unit = optarg;
+                        break;
+
+                case ARG_DESCRIPTION:
+                        arg_description = optarg;
+                        break;
+
+                case ARG_SLICE:
+                        arg_slice = optarg;
+                        break;
+
+                case ARG_SEND_SIGHUP:
+                        arg_send_sighup = true;
+                        break;
+
+                case 'r':
+                        arg_remain_after_exit = true;
+                        break;
+
+                case 'H':
+                        arg_transport = BUS_TRANSPORT_REMOTE;
+                        arg_host = optarg;
+                        break;
+
+                case 'M':
+                        arg_transport = BUS_TRANSPORT_MACHINE;
+                        arg_host = optarg;
+                        break;
+
+                case ARG_SERVICE_TYPE:
+                        arg_service_type = optarg;
+                        break;
+
+                case ARG_EXEC_USER:
+                        arg_exec_user = optarg;
+                        break;
+
+                case ARG_EXEC_GROUP:
+                        arg_exec_group = optarg;
+                        break;
+
+                case ARG_NICE:
+                        r = safe_atoi(optarg, &arg_nice);
+                        if (r < 0 || arg_nice < PRIO_MIN || arg_nice >= PRIO_MAX) {
+                                log_error("Failed to parse nice value");
+                                return -EINVAL;
+                        }
+
+                        arg_nice_set = true;
+                        break;
+
+                case 'E':
+                        if (strv_extend(&arg_environment, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case 'p':
+                        if (strv_extend(&arg_property, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case 't':
+                        arg_pty = true;
+                        break;
+
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
+                case ARG_ON_ACTIVE:
+
+                        r = parse_sec(optarg, &arg_on_active);
+                        if (r < 0) {
+                                log_error("Failed to parse timer value: %s", optarg);
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_ON_BOOT:
+
+                        r = parse_sec(optarg, &arg_on_boot);
+                        if (r < 0) {
+                                log_error("Failed to parse timer value: %s", optarg);
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_ON_STARTUP:
+
+                        r = parse_sec(optarg, &arg_on_startup);
+                        if (r < 0) {
+                                log_error("Failed to parse timer value: %s", optarg);
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_ON_UNIT_ACTIVE:
+
+                        r = parse_sec(optarg, &arg_on_unit_active);
+                        if (r < 0) {
+                                log_error("Failed to parse timer value: %s", optarg);
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_ON_UNIT_INACTIVE:
+
+                        r = parse_sec(optarg, &arg_on_unit_inactive);
+                        if (r < 0) {
+                                log_error("Failed to parse timer value: %s", optarg);
+                                return r;
+                        }
+
+                        break;
+
+                case ARG_ON_CALENDAR: {
+                        CalendarSpec *spec = NULL;
+
+                        r = calendar_spec_from_string(optarg, &spec);
+                        if (r < 0) {
+                                log_error("Invalid calendar spec: %s", optarg);
+                                return r;
+                        }
+
+                        calendar_spec_free(spec);
+                        arg_on_calendar = optarg;
+                        break;
+                }
+
+                case ARG_TIMER_PROPERTY:
+
+                        if (strv_extend(&arg_timer_property, optarg) < 0)
+                                return log_oom();
+
+                        break;
+
+                case ARG_NO_BLOCK:
+                        arg_no_block = true;
+                        break;
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if ((optind >= argc) && (!arg_unit || !with_timer())) {
+                log_error("Command line to execute required.");
+                return -EINVAL;
+        }
+
+        if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL) {
+                log_error("Execution in user context is not supported on non-local systems.");
+                return -EINVAL;
+        }
+
+        if (arg_scope && arg_transport != BUS_TRANSPORT_LOCAL) {
+                log_error("Scope execution is not supported on non-local systems.");
+                return -EINVAL;
+        }
+
+        if (arg_scope && (arg_remain_after_exit || arg_service_type)) {
+                log_error("--remain-after-exit and --service-type= are not supported in --scope mode.");
+                return -EINVAL;
+        }
+
+        if (arg_pty && (with_timer() || arg_scope)) {
+                log_error("--pty is not compatible in timer or --scope mode.");
+                return -EINVAL;
+        }
+
+        if (arg_pty && arg_transport == BUS_TRANSPORT_REMOTE) {
+                log_error("--pty is only supported when connecting to the local system or containers.");
+                return -EINVAL;
+        }
+
+        if (arg_scope && with_timer()) {
+                log_error("Timer options are not supported in --scope mode.");
+                return -EINVAL;
+        }
+
+        if (arg_timer_property && !with_timer()) {
+                log_error("--timer-property= has no effect without any other timer options.");
+                return -EINVAL;
+        }
+
+        return 1;
+}
+
+static int transient_unit_set_properties(sd_bus_message *m, char **properties) {
+        char **i;
+        int r;
+
+        r = sd_bus_message_append(m, "(sv)", "Description", "s", arg_description);
+        if (r < 0)
+                return r;
+
+        STRV_FOREACH(i, properties) {
+                r = bus_append_unit_property_assignment(m, *i);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int transient_cgroup_set_properties(sd_bus_message *m) {
+        int r;
+        assert(m);
+
+        if (!isempty(arg_slice)) {
+                _cleanup_free_ char *slice;
+
+                r = unit_name_mangle_with_suffix(arg_slice, UNIT_NAME_NOGLOB, ".slice", &slice);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int transient_kill_set_properties(sd_bus_message *m) {
+        assert(m);
+
+        if (arg_send_sighup)
+                return sd_bus_message_append(m, "(sv)", "SendSIGHUP", "b", arg_send_sighup);
+        else
+                return 0;
+}
+
+static int transient_service_set_properties(sd_bus_message *m, char **argv, const char *pty_path) {
+        int r;
+
+        assert(m);
+
+        r = transient_unit_set_properties(m, arg_property);
+        if (r < 0)
+                return r;
+
+        r = transient_kill_set_properties(m);
+        if (r < 0)
+                return r;
+
+        r = transient_cgroup_set_properties(m);
+        if (r < 0)
+                return r;
+
+        if (arg_remain_after_exit) {
+                r = sd_bus_message_append(m, "(sv)", "RemainAfterExit", "b", arg_remain_after_exit);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_service_type) {
+                r = sd_bus_message_append(m, "(sv)", "Type", "s", arg_service_type);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_exec_user) {
+                r = sd_bus_message_append(m, "(sv)", "User", "s", arg_exec_user);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_exec_group) {
+                r = sd_bus_message_append(m, "(sv)", "Group", "s", arg_exec_group);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_nice_set) {
+                r = sd_bus_message_append(m, "(sv)", "Nice", "i", arg_nice);
+                if (r < 0)
+                        return r;
+        }
+
+        if (pty_path) {
+                const char *e;
+
+                r = sd_bus_message_append(m,
+                                          "(sv)(sv)(sv)(sv)",
+                                          "StandardInput", "s", "tty",
+                                          "StandardOutput", "s", "tty",
+                                          "StandardError", "s", "tty",
+                                          "TTYPath", "s", pty_path);
+                if (r < 0)
+                        return r;
+
+                e = getenv("TERM");
+                if (e) {
+                        char *n;
+
+                        n = strjoina("TERM=", e);
+                        r = sd_bus_message_append(m,
+                                                  "(sv)",
+                                                  "Environment", "as", 1, n);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
+        if (!strv_isempty(arg_environment)) {
+                r = sd_bus_message_open_container(m, 'r', "sv");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(m, "s", "Environment");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_open_container(m, 'v', "as");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append_strv(m, arg_environment);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return r;
+        }
+
+        /* Exec container */
+        {
+                r = sd_bus_message_open_container(m, 'r', "sv");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(m, "s", "ExecStart");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_open_container(m, 'v', "a(sasb)");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_open_container(m, 'a', "(sasb)");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_open_container(m, 'r', "sasb");
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(m, "s", argv[0]);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append_strv(m, argv);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_append(m, "b", false);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return r;
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int transient_scope_set_properties(sd_bus_message *m) {
+        int r;
+
+        assert(m);
+
+        r = transient_unit_set_properties(m, arg_property);
+        if (r < 0)
+                return r;
+
+        r = transient_kill_set_properties(m);
+        if (r < 0)
+                return r;
+
+        r = transient_cgroup_set_properties(m);
+        if (r < 0)
+                return r;
+
+        r = sd_bus_message_append(m, "(sv)", "PIDs", "au", 1, (uint32_t) getpid());
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+static int transient_timer_set_properties(sd_bus_message *m) {
+        int r;
+
+        assert(m);
+
+        r = transient_unit_set_properties(m, arg_timer_property);
+        if (r < 0)
+                return r;
+
+        /* Automatically clean up our transient timers */
+        r = sd_bus_message_append(m, "(sv)", "RemainAfterElapse", "b", false);
+        if (r < 0)
+                return r;
+
+        if (arg_on_active) {
+                r = sd_bus_message_append(m, "(sv)", "OnActiveSec", "t", arg_on_active);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_on_boot) {
+                r = sd_bus_message_append(m, "(sv)", "OnBootSec", "t", arg_on_boot);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_on_startup) {
+                r = sd_bus_message_append(m, "(sv)", "OnStartupSec", "t", arg_on_startup);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_on_unit_active) {
+                r = sd_bus_message_append(m, "(sv)", "OnUnitActiveSec", "t", arg_on_unit_active);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_on_unit_inactive) {
+                r = sd_bus_message_append(m, "(sv)", "OnUnitInactiveSec", "t", arg_on_unit_inactive);
+                if (r < 0)
+                        return r;
+        }
+
+        if (arg_on_calendar) {
+                r = sd_bus_message_append(m, "(sv)", "OnCalendar", "s", arg_on_calendar);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int make_unit_name(sd_bus *bus, UnitType t, char **ret) {
+        const char *unique, *id;
+        char *p;
+        int r;
+
+        assert(bus);
+        assert(t >= 0);
+        assert(t < _UNIT_TYPE_MAX);
+
+        r = sd_bus_get_unique_name(bus, &unique);
+        if (r < 0) {
+                sd_id128_t rnd;
+
+                /* We couldn't get the unique name, which is a pretty
+                 * common case if we are connected to systemd
+                 * directly. In that case, just pick a random uuid as
+                 * name */
+
+                r = sd_id128_randomize(&rnd);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to generate random run unit name: %m");
+
+                if (asprintf(ret, "run-r" SD_ID128_FORMAT_STR ".%s", SD_ID128_FORMAT_VAL(rnd), unit_type_to_string(t)) < 0)
+                        return log_oom();
+
+                return 0;
+        }
+
+        /* We managed to get the unique name, then let's use that to
+         * name our transient units. */
+
+        id = startswith(unique, ":1.");
+        if (!id) {
+                log_error("Unique name %s has unexpected format.", unique);
+                return -EINVAL;
+        }
+
+        p = strjoin("run-u", id, ".", unit_type_to_string(t), NULL);
+        if (!p)
+                return log_oom();
+
+        *ret = p;
+        return 0;
+}
+
+static int start_transient_service(
+                sd_bus *bus,
+                char **argv) {
+
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
+        _cleanup_free_ char *service = NULL, *pty_path = NULL;
+        _cleanup_close_ int master = -1;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        if (arg_pty) {
+
+                if (arg_transport == BUS_TRANSPORT_LOCAL) {
+                        master = posix_openpt(O_RDWR|O_NOCTTY|O_CLOEXEC|O_NDELAY);
+                        if (master < 0)
+                                return log_error_errno(errno, "Failed to acquire pseudo tty: %m");
+
+                        r = ptsname_malloc(master, &pty_path);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to determine tty name: %m");
+
+                        if (unlockpt(master) < 0)
+                                return log_error_errno(errno, "Failed to unlock tty: %m");
+
+                } else if (arg_transport == BUS_TRANSPORT_MACHINE) {
+                        _cleanup_(sd_bus_unrefp) sd_bus *system_bus = NULL;
+                        _cleanup_(sd_bus_message_unrefp) sd_bus_message *pty_reply = NULL;
+                        const char *s;
+
+                        r = sd_bus_default_system(&system_bus);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to connect to system bus: %m");
+
+                        r = sd_bus_call_method(system_bus,
+                                               "org.freedesktop.machine1",
+                                               "/org/freedesktop/machine1",
+                                               "org.freedesktop.machine1.Manager",
+                                               "OpenMachinePTY",
+                                               &error,
+                                               &pty_reply,
+                                               "s", arg_host);
+                        if (r < 0) {
+                                log_error("Failed to get machine PTY: %s", bus_error_message(&error, -r));
+                                return r;
+                        }
+
+                        r = sd_bus_message_read(pty_reply, "hs", &master, &s);
+                        if (r < 0)
+                                return bus_log_parse_error(r);
+
+                        master = fcntl(master, F_DUPFD_CLOEXEC, 3);
+                        if (master < 0)
+                                return log_error_errno(errno, "Failed to duplicate master fd: %m");
+
+                        pty_path = strdup(s);
+                        if (!pty_path)
+                                return log_oom();
+                } else
+                        assert_not_reached("Can't allocate tty via ssh");
+        }
+
+        if (!arg_no_block) {
+                r = bus_wait_for_jobs_new(bus, &w);
+                if (r < 0)
+                        return log_error_errno(r, "Could not watch jobs: %m");
+        }
+
+        if (arg_unit) {
+                r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".service", &service);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to mangle unit name: %m");
+        } else {
+                r = make_unit_name(bus, UNIT_SERVICE, &service);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartTransientUnit");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Name and mode */
+        r = sd_bus_message_append(m, "ss", service, "fail");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Properties */
+        r = sd_bus_message_open_container(m, 'a', "(sv)");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = transient_service_set_properties(m, argv, pty_path);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Auxiliary units */
+        r = sd_bus_message_append(m, "a(sa(sv))", 0);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0)
+                return log_error_errno(r, "Failed to start transient service unit: %s", bus_error_message(&error, r));
+
+        if (w) {
+                const char *object;
+
+                r = sd_bus_message_read(reply, "o", &object);
+                if (r < 0)
+                        return bus_log_parse_error(r);
+
+                r = bus_wait_for_jobs_one(w, object, arg_quiet);
+                if (r < 0)
+                        return r;
+        }
+
+        if (master >= 0) {
+                _cleanup_(pty_forward_freep) PTYForward *forward = NULL;
+                _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+                char last_char = 0;
+
+                r = sd_event_default(&event);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to get event loop: %m");
+
+                assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGWINCH, SIGTERM, SIGINT, -1) >= 0);
+
+                (void) sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
+                (void) sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
+
+                if (!arg_quiet)
+                        log_info("Running as unit: %s\nPress ^] three times within 1s to disconnect TTY.", service);
+
+                r = pty_forward_new(event, master, PTY_FORWARD_IGNORE_INITIAL_VHANGUP, &forward);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to create PTY forwarder: %m");
+
+                r = sd_event_loop(event);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to run event loop: %m");
+
+                pty_forward_get_last_char(forward, &last_char);
+
+                forward = pty_forward_free(forward);
+
+                if (!arg_quiet && last_char != '\n')
+                        fputc('\n', stdout);
+
+        } else if (!arg_quiet)
+                log_info("Running as unit: %s", service);
+
+        return 0;
+}
+
+static int start_transient_scope(
+                sd_bus *bus,
+                char **argv) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
+        _cleanup_strv_free_ char **env = NULL, **user_env = NULL;
+        _cleanup_free_ char *scope = NULL;
+        const char *object = NULL;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        r = bus_wait_for_jobs_new(bus, &w);
+        if (r < 0)
+                return log_oom();
+
+        if (arg_unit) {
+                r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".scope", &scope);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to mangle scope name: %m");
+        } else {
+                r = make_unit_name(bus, UNIT_SCOPE, &scope);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartTransientUnit");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Name and Mode */
+        r = sd_bus_message_append(m, "ss", scope, "fail");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Properties */
+        r = sd_bus_message_open_container(m, 'a', "(sv)");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = transient_scope_set_properties(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Auxiliary units */
+        r = sd_bus_message_append(m, "a(sa(sv))", 0);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0) {
+                log_error("Failed to start transient scope unit: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        if (arg_nice_set) {
+                if (setpriority(PRIO_PROCESS, 0, arg_nice) < 0)
+                        return log_error_errno(errno, "Failed to set nice level: %m");
+        }
+
+        if (arg_exec_group) {
+                gid_t gid;
+
+                r = get_group_creds(&arg_exec_group, &gid);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to resolve group %s: %m", arg_exec_group);
+
+                if (setresgid(gid, gid, gid) < 0)
+                        return log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
+        }
+
+        if (arg_exec_user) {
+                const char *home, *shell;
+                uid_t uid;
+                gid_t gid;
+
+                r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
+
+                r = strv_extendf(&user_env, "HOME=%s", home);
+                if (r < 0)
+                        return log_oom();
+
+                r = strv_extendf(&user_env, "SHELL=%s", shell);
+                if (r < 0)
+                        return log_oom();
+
+                r = strv_extendf(&user_env, "USER=%s", arg_exec_user);
+                if (r < 0)
+                        return log_oom();
+
+                r = strv_extendf(&user_env, "LOGNAME=%s", arg_exec_user);
+                if (r < 0)
+                        return log_oom();
+
+                if (!arg_exec_group) {
+                        if (setresgid(gid, gid, gid) < 0)
+                                return log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
+                }
+
+                if (setresuid(uid, uid, uid) < 0)
+                        return log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", uid);
+        }
+
+        env = strv_env_merge(3, environ, user_env, arg_environment);
+        if (!env)
+                return log_oom();
+
+        r = sd_bus_message_read(reply, "o", &object);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = bus_wait_for_jobs_one(w, object, arg_quiet);
+        if (r < 0)
+                return r;
+
+        if (!arg_quiet)
+                log_info("Running scope as unit: %s", scope);
+
+        execvpe(argv[0], argv, env);
+
+        return log_error_errno(errno, "Failed to execute: %m");
+}
+
+static int start_transient_timer(
+                sd_bus *bus,
+                char **argv) {
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
+        _cleanup_free_ char *timer = NULL, *service = NULL;
+        const char *object = NULL;
+        int r;
+
+        assert(bus);
+        assert(argv);
+
+        r = bus_wait_for_jobs_new(bus, &w);
+        if (r < 0)
+                return log_oom();
+
+        if (arg_unit) {
+                switch (unit_name_to_type(arg_unit)) {
+
+                case UNIT_SERVICE:
+                        service = strdup(arg_unit);
+                        if (!service)
+                                return log_oom();
+
+                        r = unit_name_change_suffix(service, ".timer", &timer);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to change unit suffix: %m");
+                        break;
+
+                case UNIT_TIMER:
+                        timer = strdup(arg_unit);
+                        if (!timer)
+                                return log_oom();
+
+                        r = unit_name_change_suffix(timer, ".service", &service);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to change unit suffix: %m");
+                        break;
+
+                default:
+                        r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".service", &service);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to mangle unit name: %m");
+
+                        r = unit_name_mangle_with_suffix(arg_unit, UNIT_NAME_NOGLOB, ".timer", &timer);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to mangle unit name: %m");
+
+                        break;
+                }
+        } else {
+                r = make_unit_name(bus, UNIT_SERVICE, &service);
+                if (r < 0)
+                        return r;
+
+                r = unit_name_change_suffix(service, ".timer", &timer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to change unit suffix: %m");
+        }
+
+        r = sd_bus_message_new_method_call(
+                        bus,
+                        &m,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "StartTransientUnit");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Name and Mode */
+        r = sd_bus_message_append(m, "ss", timer, "fail");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        /* Properties */
+        r = sd_bus_message_open_container(m, 'a', "(sv)");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = transient_timer_set_properties(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        r = sd_bus_message_open_container(m, 'a', "(sa(sv))");
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        if (argv[0]) {
+                r = sd_bus_message_open_container(m, 'r', "sa(sv)");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_append(m, "s", service);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_open_container(m, 'a', "(sv)");
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = transient_service_set_properties(m, argv, NULL);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return bus_log_create_error(r);
+
+                r = sd_bus_message_close_container(m);
+                if (r < 0)
+                        return bus_log_create_error(r);
+        }
+
+        r = sd_bus_message_close_container(m);
+        if (r < 0)
+                return bus_log_create_error(r);
+
+        polkit_agent_open_if_enabled();
+
+        r = sd_bus_call(bus, m, 0, &error, &reply);
+        if (r < 0) {
+                log_error("Failed to start transient timer unit: %s", bus_error_message(&error, -r));
+                return r;
+        }
+
+        r = sd_bus_message_read(reply, "o", &object);
+        if (r < 0)
+                return bus_log_parse_error(r);
+
+        r = bus_wait_for_jobs_one(w, object, arg_quiet);
+        if (r < 0)
+                return r;
+
+        log_info("Running timer as unit: %s", timer);
+        if (argv[0])
+                log_info("Will run service as unit: %s", service);
+
+        return 0;
+}
+
+int main(int argc, char* argv[]) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ char *description = NULL, *command = NULL;
+        int r;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        if (argc > optind && arg_transport == BUS_TRANSPORT_LOCAL) {
+                /* Patch in an absolute path */
+
+                r = find_binary(argv[optind], &command);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to find executable %s: %m", argv[optind]);
+                        goto finish;
+                }
+
+                argv[optind] = command;
+        }
+
+        if (!arg_description) {
+                description = strv_join(argv + optind, " ");
+                if (!description) {
+                        r = log_oom();
+                        goto finish;
+                }
+
+                if (arg_unit && isempty(description)) {
+                        r = free_and_strdup(&description, arg_unit);
+                        if (r < 0)
+                                goto finish;
+                }
+
+                arg_description = description;
+        }
+
+        r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to create bus connection: %m");
+                goto finish;
+        }
+
+        if (arg_scope)
+                r = start_transient_scope(bus, argv + optind);
+        else if (with_timer())
+                r = start_transient_timer(bus, argv + optind);
+        else
+                r = start_transient_service(bus, argv + optind);
+
+finish:
+        strv_free(arg_environment);
+        strv_free(arg_property);
+        strv_free(arg_timer_property);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-shutdown/Makefile b/src/systemd-shutdown/Makefile
new file mode 100644
index 0000000000..72047133ce
--- /dev/null
+++ b/src/systemd-shutdown/Makefile
@@ -0,0 +1,39 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-shutdown
+systemd_shutdown_SOURCES = \
+	src/core/umount.c \
+	src/core/umount.h \
+	src/core/shutdown.c \
+	src/core/mount-setup.c \
+	src/core/mount-setup.h \
+	src/core/killall.h \
+	src/core/killall.c
+
+systemd_shutdown_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/core/shutdown.c b/src/systemd-shutdown/shutdown.c
index e14755d84e..e14755d84e 100644
--- a/src/core/shutdown.c
+++ b/src/systemd-shutdown/shutdown.c
diff --git a/src/core/umount.c b/src/systemd-shutdown/umount.c
index c21a2be54e..c21a2be54e 100644
--- a/src/core/umount.c
+++ b/src/systemd-shutdown/umount.c
diff --git a/src/core/umount.h b/src/systemd-shutdown/umount.h
index 4e2215a47d..4e2215a47d 100644
--- a/src/core/umount.h
+++ b/src/systemd-shutdown/umount.h
diff --git a/src/systemd-socket-proxyd/Makefile b/src/systemd-socket-proxyd/Makefile
new file mode 100644
index 0000000000..e3d354bd30
--- /dev/null
+++ b/src/systemd-socket-proxyd/Makefile
@@ -0,0 +1,34 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-socket-proxyd
+
+systemd_socket_proxyd_SOURCES = \
+	src/socket-proxy/socket-proxyd.c
+
+systemd_socket_proxyd_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-socket-proxyd/socket-proxyd.c b/src/systemd-socket-proxyd/socket-proxyd.c
new file mode 100644
index 0000000000..ce226c4d66
--- /dev/null
+++ b/src/systemd-socket-proxyd/socket-proxyd.c
@@ -0,0 +1,679 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2013 David Strauss
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+#include <systemd/sd-resolve.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "log.h"
+#include "path-util.h"
+#include "set.h"
+#include "socket-util.h"
+#include "string-util.h"
+#include "util.h"
+
+#define BUFFER_SIZE (256 * 1024)
+#define CONNECTIONS_MAX 256
+
+static const char *arg_remote_host = NULL;
+
+typedef struct Context {
+        sd_event *event;
+        sd_resolve *resolve;
+
+        Set *listen;
+        Set *connections;
+} Context;
+
+typedef struct Connection {
+        Context *context;
+
+        int server_fd, client_fd;
+        int server_to_client_buffer[2]; /* a pipe */
+        int client_to_server_buffer[2]; /* a pipe */
+
+        size_t server_to_client_buffer_full, client_to_server_buffer_full;
+        size_t server_to_client_buffer_size, client_to_server_buffer_size;
+
+        sd_event_source *server_event_source, *client_event_source;
+
+        sd_resolve_query *resolve_query;
+} Connection;
+
+static void connection_free(Connection *c) {
+        assert(c);
+
+        if (c->context)
+                set_remove(c->context->connections, c);
+
+        sd_event_source_unref(c->server_event_source);
+        sd_event_source_unref(c->client_event_source);
+
+        safe_close(c->server_fd);
+        safe_close(c->client_fd);
+
+        safe_close_pair(c->server_to_client_buffer);
+        safe_close_pair(c->client_to_server_buffer);
+
+        sd_resolve_query_unref(c->resolve_query);
+
+        free(c);
+}
+
+static void context_free(Context *context) {
+        sd_event_source *es;
+        Connection *c;
+
+        assert(context);
+
+        while ((es = set_steal_first(context->listen)))
+                sd_event_source_unref(es);
+
+        while ((c = set_first(context->connections)))
+                connection_free(c);
+
+        set_free(context->listen);
+        set_free(context->connections);
+
+        sd_event_unref(context->event);
+        sd_resolve_unref(context->resolve);
+}
+
+static int connection_create_pipes(Connection *c, int buffer[2], size_t *sz) {
+        int r;
+
+        assert(c);
+        assert(buffer);
+        assert(sz);
+
+        if (buffer[0] >= 0)
+                return 0;
+
+        r = pipe2(buffer, O_CLOEXEC|O_NONBLOCK);
+        if (r < 0)
+                return log_error_errno(errno, "Failed to allocate pipe buffer: %m");
+
+        (void) fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE);
+
+        r = fcntl(buffer[0], F_GETPIPE_SZ);
+        if (r < 0)
+                return log_error_errno(errno, "Failed to get pipe buffer size: %m");
+
+        assert(r > 0);
+        *sz = r;
+
+        return 0;
+}
+
+static int connection_shovel(
+                Connection *c,
+                int *from, int buffer[2], int *to,
+                size_t *full, size_t *sz,
+                sd_event_source **from_source, sd_event_source **to_source) {
+
+        bool shoveled;
+
+        assert(c);
+        assert(from);
+        assert(buffer);
+        assert(buffer[0] >= 0);
+        assert(buffer[1] >= 0);
+        assert(to);
+        assert(full);
+        assert(sz);
+        assert(from_source);
+        assert(to_source);
+
+        do {
+                ssize_t z;
+
+                shoveled = false;
+
+                if (*full < *sz && *from >= 0 && *to >= 0) {
+                        z = splice(*from, NULL, buffer[1], NULL, *sz - *full, SPLICE_F_MOVE|SPLICE_F_NONBLOCK);
+                        if (z > 0) {
+                                *full += z;
+                                shoveled = true;
+                        } else if (z == 0 || errno == EPIPE || errno == ECONNRESET) {
+                                *from_source = sd_event_source_unref(*from_source);
+                                *from = safe_close(*from);
+                        } else if (errno != EAGAIN && errno != EINTR)
+                                return log_error_errno(errno, "Failed to splice: %m");
+                }
+
+                if (*full > 0 && *to >= 0) {
+                        z = splice(buffer[0], NULL, *to, NULL, *full, SPLICE_F_MOVE|SPLICE_F_NONBLOCK);
+                        if (z > 0) {
+                                *full -= z;
+                                shoveled = true;
+                        } else if (z == 0 || errno == EPIPE || errno == ECONNRESET) {
+                                *to_source = sd_event_source_unref(*to_source);
+                                *to = safe_close(*to);
+                        } else if (errno != EAGAIN && errno != EINTR)
+                                return log_error_errno(errno, "Failed to splice: %m");
+                }
+        } while (shoveled);
+
+        return 0;
+}
+
+static int connection_enable_event_sources(Connection *c);
+
+static int traffic_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Connection *c = userdata;
+        int r;
+
+        assert(s);
+        assert(fd >= 0);
+        assert(c);
+
+        r = connection_shovel(c,
+                              &c->server_fd, c->server_to_client_buffer, &c->client_fd,
+                              &c->server_to_client_buffer_full, &c->server_to_client_buffer_size,
+                              &c->server_event_source, &c->client_event_source);
+        if (r < 0)
+                goto quit;
+
+        r = connection_shovel(c,
+                              &c->client_fd, c->client_to_server_buffer, &c->server_fd,
+                              &c->client_to_server_buffer_full, &c->client_to_server_buffer_size,
+                              &c->client_event_source, &c->server_event_source);
+        if (r < 0)
+                goto quit;
+
+        /* EOF on both sides? */
+        if (c->server_fd == -1 && c->client_fd == -1)
+                goto quit;
+
+        /* Server closed, and all data written to client? */
+        if (c->server_fd == -1 && c->server_to_client_buffer_full <= 0)
+                goto quit;
+
+        /* Client closed, and all data written to server? */
+        if (c->client_fd == -1 && c->client_to_server_buffer_full <= 0)
+                goto quit;
+
+        r = connection_enable_event_sources(c);
+        if (r < 0)
+                goto quit;
+
+        return 1;
+
+quit:
+        connection_free(c);
+        return 0; /* ignore errors, continue serving */
+}
+
+static int connection_enable_event_sources(Connection *c) {
+        uint32_t a = 0, b = 0;
+        int r;
+
+        assert(c);
+
+        if (c->server_to_client_buffer_full > 0)
+                b |= EPOLLOUT;
+        if (c->server_to_client_buffer_full < c->server_to_client_buffer_size)
+                a |= EPOLLIN;
+
+        if (c->client_to_server_buffer_full > 0)
+                a |= EPOLLOUT;
+        if (c->client_to_server_buffer_full < c->client_to_server_buffer_size)
+                b |= EPOLLIN;
+
+        if (c->server_event_source)
+                r = sd_event_source_set_io_events(c->server_event_source, a);
+        else if (c->server_fd >= 0)
+                r = sd_event_add_io(c->context->event, &c->server_event_source, c->server_fd, a, traffic_cb, c);
+        else
+                r = 0;
+
+        if (r < 0)
+                return log_error_errno(r, "Failed to set up server event source: %m");
+
+        if (c->client_event_source)
+                r = sd_event_source_set_io_events(c->client_event_source, b);
+        else if (c->client_fd >= 0)
+                r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, b, traffic_cb, c);
+        else
+                r = 0;
+
+        if (r < 0)
+                return log_error_errno(r, "Failed to set up client event source: %m");
+
+        return 0;
+}
+
+static int connection_complete(Connection *c) {
+        int r;
+
+        assert(c);
+
+        r = connection_create_pipes(c, c->server_to_client_buffer, &c->server_to_client_buffer_size);
+        if (r < 0)
+                goto fail;
+
+        r = connection_create_pipes(c, c->client_to_server_buffer, &c->client_to_server_buffer_size);
+        if (r < 0)
+                goto fail;
+
+        r = connection_enable_event_sources(c);
+        if (r < 0)
+                goto fail;
+
+        return 0;
+
+fail:
+        connection_free(c);
+        return 0; /* ignore errors, continue serving */
+}
+
+static int connect_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Connection *c = userdata;
+        socklen_t solen;
+        int error, r;
+
+        assert(s);
+        assert(fd >= 0);
+        assert(c);
+
+        solen = sizeof(error);
+        r = getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &solen);
+        if (r < 0) {
+                log_error_errno(errno, "Failed to issue SO_ERROR: %m");
+                goto fail;
+        }
+
+        if (error != 0) {
+                log_error_errno(error, "Failed to connect to remote host: %m");
+                goto fail;
+        }
+
+        c->client_event_source = sd_event_source_unref(c->client_event_source);
+
+        return connection_complete(c);
+
+fail:
+        connection_free(c);
+        return 0; /* ignore errors, continue serving */
+}
+
+static int connection_start(Connection *c, struct sockaddr *sa, socklen_t salen) {
+        int r;
+
+        assert(c);
+        assert(sa);
+        assert(salen);
+
+        c->client_fd = socket(sa->sa_family, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0);
+        if (c->client_fd < 0) {
+                log_error_errno(errno, "Failed to get remote socket: %m");
+                goto fail;
+        }
+
+        r = connect(c->client_fd, sa, salen);
+        if (r < 0) {
+                if (errno == EINPROGRESS) {
+                        r = sd_event_add_io(c->context->event, &c->client_event_source, c->client_fd, EPOLLOUT, connect_cb, c);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to add connection socket: %m");
+                                goto fail;
+                        }
+
+                        r = sd_event_source_set_enabled(c->client_event_source, SD_EVENT_ONESHOT);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to enable oneshot event source: %m");
+                                goto fail;
+                        }
+                } else {
+                        log_error_errno(errno, "Failed to connect to remote host: %m");
+                        goto fail;
+                }
+        } else {
+                r = connection_complete(c);
+                if (r < 0)
+                        goto fail;
+        }
+
+        return 0;
+
+fail:
+        connection_free(c);
+        return 0; /* ignore errors, continue serving */
+}
+
+static int resolve_cb(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
+        Connection *c = userdata;
+
+        assert(q);
+        assert(c);
+
+        if (ret != 0) {
+                log_error("Failed to resolve host: %s", gai_strerror(ret));
+                goto fail;
+        }
+
+        c->resolve_query = sd_resolve_query_unref(c->resolve_query);
+
+        return connection_start(c, ai->ai_addr, ai->ai_addrlen);
+
+fail:
+        connection_free(c);
+        return 0; /* ignore errors, continue serving */
+}
+
+static int resolve_remote(Connection *c) {
+
+        static const struct addrinfo hints = {
+                .ai_family = AF_UNSPEC,
+                .ai_socktype = SOCK_STREAM,
+                .ai_flags = AI_ADDRCONFIG
+        };
+
+        union sockaddr_union sa = {};
+        const char *node, *service;
+        int r;
+
+        if (path_is_absolute(arg_remote_host)) {
+                sa.un.sun_family = AF_UNIX;
+                strncpy(sa.un.sun_path, arg_remote_host, sizeof(sa.un.sun_path));
+                return connection_start(c, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+        }
+
+        if (arg_remote_host[0] == '@') {
+                sa.un.sun_family = AF_UNIX;
+                sa.un.sun_path[0] = 0;
+                strncpy(sa.un.sun_path+1, arg_remote_host+1, sizeof(sa.un.sun_path)-1);
+                return connection_start(c, &sa.sa, SOCKADDR_UN_LEN(sa.un));
+        }
+
+        service = strrchr(arg_remote_host, ':');
+        if (service) {
+                node = strndupa(arg_remote_host, service - arg_remote_host);
+                service++;
+        } else {
+                node = arg_remote_host;
+                service = "80";
+        }
+
+        log_debug("Looking up address info for %s:%s", node, service);
+        r = sd_resolve_getaddrinfo(c->context->resolve, &c->resolve_query, node, service, &hints, resolve_cb, c);
+        if (r < 0) {
+                log_error_errno(r, "Failed to resolve remote host: %m");
+                goto fail;
+        }
+
+        return 0;
+
+fail:
+        connection_free(c);
+        return 0; /* ignore errors, continue serving */
+}
+
+static int add_connection_socket(Context *context, int fd) {
+        Connection *c;
+        int r;
+
+        assert(context);
+        assert(fd >= 0);
+
+        if (set_size(context->connections) > CONNECTIONS_MAX) {
+                log_warning("Hit connection limit, refusing connection.");
+                safe_close(fd);
+                return 0;
+        }
+
+        r = set_ensure_allocated(&context->connections, NULL);
+        if (r < 0) {
+                log_oom();
+                return 0;
+        }
+
+        c = new0(Connection, 1);
+        if (!c) {
+                log_oom();
+                return 0;
+        }
+
+        c->context = context;
+        c->server_fd = fd;
+        c->client_fd = -1;
+        c->server_to_client_buffer[0] = c->server_to_client_buffer[1] = -1;
+        c->client_to_server_buffer[0] = c->client_to_server_buffer[1] = -1;
+
+        r = set_put(context->connections, c);
+        if (r < 0) {
+                free(c);
+                log_oom();
+                return 0;
+        }
+
+        return resolve_remote(c);
+}
+
+static int accept_cb(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        _cleanup_free_ char *peer = NULL;
+        Context *context = userdata;
+        int nfd = -1, r;
+
+        assert(s);
+        assert(fd >= 0);
+        assert(revents & EPOLLIN);
+        assert(context);
+
+        nfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+        if (nfd < 0) {
+                if (errno != -EAGAIN)
+                        log_warning_errno(errno, "Failed to accept() socket: %m");
+        } else {
+                getpeername_pretty(nfd, true, &peer);
+                log_debug("New connection from %s", strna(peer));
+
+                r = add_connection_socket(context, nfd);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to accept connection, ignoring: %m");
+                        safe_close(fd);
+                }
+        }
+
+        r = sd_event_source_set_enabled(s, SD_EVENT_ONESHOT);
+        if (r < 0) {
+                log_error_errno(r, "Error while re-enabling listener with ONESHOT: %m");
+                sd_event_exit(context->event, r);
+                return r;
+        }
+
+        return 1;
+}
+
+static int add_listen_socket(Context *context, int fd) {
+        sd_event_source *source;
+        int r;
+
+        assert(context);
+        assert(fd >= 0);
+
+        r = set_ensure_allocated(&context->listen, NULL);
+        if (r < 0) {
+                log_oom();
+                return r;
+        }
+
+        r = sd_is_socket(fd, 0, SOCK_STREAM, 1);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine socket type: %m");
+        if (r == 0) {
+                log_error("Passed in socket is not a stream socket.");
+                return -EINVAL;
+        }
+
+        r = fd_nonblock(fd, true);
+        if (r < 0)
+                return log_error_errno(r, "Failed to mark file descriptor non-blocking: %m");
+
+        r = sd_event_add_io(context->event, &source, fd, EPOLLIN, accept_cb, context);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add event source: %m");
+
+        r = set_put(context->listen, source);
+        if (r < 0) {
+                log_error_errno(r, "Failed to add source to set: %m");
+                sd_event_source_unref(source);
+                return r;
+        }
+
+        /* Set the watcher to oneshot in case other processes are also
+         * watching to accept(). */
+        r = sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enable oneshot mode: %m");
+
+        return 0;
+}
+
+static void help(void) {
+        printf("%1$s [HOST:PORT]\n"
+               "%1$s [SOCKET]\n\n"
+               "Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
+               "  -h --help              Show this help\n"
+               "     --version           Show package version\n",
+               program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_IGNORE_ENV
+        };
+
+        static const struct option options[] = {
+                { "help",       no_argument, NULL, 'h'           },
+                { "version",    no_argument, NULL, ARG_VERSION   },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        if (optind >= argc) {
+                log_error("Not enough parameters.");
+                return -EINVAL;
+        }
+
+        if (argc != optind+1) {
+                log_error("Too many parameters.");
+                return -EINVAL;
+        }
+
+        arg_remote_host = argv[optind];
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        Context context = {};
+        int r, n, fd;
+
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = sd_event_default(&context.event);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate event loop: %m");
+                goto finish;
+        }
+
+        r = sd_resolve_default(&context.resolve);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate resolver: %m");
+                goto finish;
+        }
+
+        r = sd_resolve_attach_event(context.resolve, context.event, 0);
+        if (r < 0) {
+                log_error_errno(r, "Failed to attach resolver: %m");
+                goto finish;
+        }
+
+        sd_event_set_watchdog(context.event, true);
+
+        n = sd_listen_fds(1);
+        if (n < 0) {
+                log_error("Failed to receive sockets from parent.");
+                r = n;
+                goto finish;
+        } else if (n == 0) {
+                log_error("Didn't get any sockets passed in.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
+                r = add_listen_socket(&context, fd);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = sd_event_loop(context.event);
+        if (r < 0) {
+                log_error_errno(r, "Failed to run event loop: %m");
+                goto finish;
+        }
+
+finish:
+        context_free(&context);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-stdio-bridge/Makefile b/src/systemd-stdio-bridge/Makefile
new file mode 100644
index 0000000000..8aeb20b41a
--- /dev/null
+++ b/src/systemd-stdio-bridge/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+bin_PROGRAMS += systemd-stdio-bridge
+systemd_stdio_bridge_SOURCES = \
+	src/stdio-bridge/stdio-bridge.c
+
+systemd_stdio_bridge_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-stdio-bridge/stdio-bridge.c b/src/systemd-stdio-bridge/stdio-bridge.c
new file mode 100644
index 0000000000..dce959cae3
--- /dev/null
+++ b/src/systemd-stdio-bridge/stdio-bridge.c
@@ -0,0 +1,302 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <poll.h>
+#include <stddef.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <systemd/sd-bus.h>
+#include <systemd/sd-daemon.h>
+
+#include "bus-internal.h"
+#include "bus-util.h"
+#include "build.h"
+#include "log.h"
+#include "util.h"
+
+#define DEFAULT_BUS_PATH "unix:path=/run/dbus/system_bus_socket"
+
+const char *arg_bus_path = DEFAULT_BUS_PATH;
+
+static int help(void) {
+
+        printf("%s [OPTIONS...]\n\n"
+               "STDIO or socket-activatable proxy to a given DBus endpoint.\n\n"
+               "  -h --help              Show this help\n"
+               "     --version           Show package version\n"
+               "     --bus-path=PATH     Path to the kernel bus (default: %s)\n",
+               program_invocation_short_name, DEFAULT_BUS_PATH);
+
+        return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+        };
+
+        static const struct option options[] = {
+                { "help",            no_argument,       NULL, 'h'     },
+                { "bus-path",        required_argument, NULL, 'p'     },
+                { NULL,              0,                 NULL, 0       }
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "hsup:", options, NULL)) >= 0) {
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case '?':
+                        return -EINVAL;
+
+                case 'p':
+                        arg_bus_path = optarg;
+                        break;
+
+                default:
+                        log_error("Unknown option code %c", c);
+                        return -EINVAL;
+                }
+        }
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(sd_bus_unrefp) sd_bus *a = NULL, *b = NULL;
+        sd_id128_t server_id;
+        bool is_unix;
+        int r, in_fd, out_fd;
+
+        log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
+        log_parse_environment();
+        log_open();
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                goto finish;
+
+        r = sd_listen_fds(0);
+        if (r == 0) {
+                in_fd = STDIN_FILENO;
+                out_fd = STDOUT_FILENO;
+        } else if (r == 1) {
+                in_fd = SD_LISTEN_FDS_START;
+                out_fd = SD_LISTEN_FDS_START;
+        } else {
+                log_error("Illegal number of file descriptors passed\n");
+                goto finish;
+        }
+
+        is_unix =
+                sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
+                sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
+
+        r = sd_bus_new(&a);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate bus: %m");
+                goto finish;
+        }
+
+        r = sd_bus_set_address(a, arg_bus_path);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set address to connect to: %m");
+                goto finish;
+        }
+
+        r = sd_bus_negotiate_fds(a, is_unix);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set FD negotiation: %m");
+                goto finish;
+        }
+
+        r = sd_bus_start(a);
+        if (r < 0) {
+                log_error_errno(r, "Failed to start bus client: %m");
+                goto finish;
+        }
+
+        r = sd_bus_get_bus_id(a, &server_id);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get server ID: %m");
+                goto finish;
+        }
+
+        r = sd_bus_new(&b);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate bus: %m");
+                goto finish;
+        }
+
+        r = sd_bus_set_fd(b, in_fd, out_fd);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set fds: %m");
+                goto finish;
+        }
+
+        r = sd_bus_set_server(b, 1, server_id);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set server mode: %m");
+                goto finish;
+        }
+
+        r = sd_bus_negotiate_fds(b, is_unix);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set FD negotiation: %m");
+                goto finish;
+        }
+
+        r = sd_bus_set_anonymous(b, true);
+        if (r < 0) {
+                log_error_errno(r, "Failed to set anonymous authentication: %m");
+                goto finish;
+        }
+
+        r = sd_bus_start(b);
+        if (r < 0) {
+                log_error_errno(r, "Failed to start bus client: %m");
+                goto finish;
+        }
+
+        for (;;) {
+                _cleanup_(sd_bus_message_unrefp)sd_bus_message *m = NULL;
+                int events_a, events_b, fd;
+                uint64_t timeout_a, timeout_b, t;
+                struct timespec _ts, *ts;
+
+                r = sd_bus_process(a, &m);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to process bus a: %m");
+                        goto finish;
+                }
+
+                if (m) {
+                        r = sd_bus_send(b, m, NULL);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send message: %m");
+                                goto finish;
+                        }
+                }
+
+                if (r > 0)
+                        continue;
+
+                r = sd_bus_process(b, &m);
+                if (r < 0) {
+                        /* treat 'connection reset by peer' as clean exit condition */
+                        if (r == -ECONNRESET)
+                                r = 0;
+
+                        goto finish;
+                }
+
+                if (m) {
+                        r = sd_bus_send(a, m, NULL);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to send message: %m");
+                                goto finish;
+                        }
+                }
+
+                if (r > 0)
+                        continue;
+
+                fd = sd_bus_get_fd(a);
+                if (fd < 0) {
+                        r = fd;
+                        log_error_errno(r, "Failed to get fd: %m");
+                        goto finish;
+                }
+
+                events_a = sd_bus_get_events(a);
+                if (events_a < 0) {
+                        r = events_a;
+                        log_error_errno(r, "Failed to get events mask: %m");
+                        goto finish;
+                }
+
+                r = sd_bus_get_timeout(a, &timeout_a);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to get timeout: %m");
+                        goto finish;
+                }
+
+                events_b = sd_bus_get_events(b);
+                if (events_b < 0) {
+                        r = events_b;
+                        log_error_errno(r, "Failed to get events mask: %m");
+                        goto finish;
+                }
+
+                r = sd_bus_get_timeout(b, &timeout_b);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to get timeout: %m");
+                        goto finish;
+                }
+
+                t = timeout_a;
+                if (t == (uint64_t) -1 || (timeout_b != (uint64_t) -1 && timeout_b < timeout_a))
+                        t = timeout_b;
+
+                if (t == (uint64_t) -1)
+                        ts = NULL;
+                else {
+                        usec_t nw;
+
+                        nw = now(CLOCK_MONOTONIC);
+                        if (t > nw)
+                                t -= nw;
+                        else
+                                t = 0;
+
+                        ts = timespec_store(&_ts, t);
+                }
+
+                {
+                        struct pollfd p[3] = {
+                                {.fd = fd,            .events = events_a, },
+                                {.fd = STDIN_FILENO,  .events = events_b & POLLIN, },
+                                {.fd = STDOUT_FILENO, .events = events_b & POLLOUT, }};
+
+                        r = ppoll(p, ELEMENTSOF(p), ts, NULL);
+                }
+                if (r < 0) {
+                        log_error("ppoll() failed: %m");
+                        goto finish;
+                }
+        }
+
+finish:
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd-sysctl/Makefile b/src/systemd-sysctl/Makefile
new file mode 100644
index 0000000000..39ce08d5e3
--- /dev/null
+++ b/src/systemd-sysctl/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-sysctl
+systemd_sysctl_SOURCES = \
+	src/sysctl/sysctl.c
+
+systemd_sysctl_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/sysctl/sysctl.c b/src/systemd-sysctl/sysctl.c
index ce7c26e7d3..ce7c26e7d3 100644
--- a/src/sysctl/sysctl.c
+++ b/src/systemd-sysctl/sysctl.c
diff --git a/src/systemd-system-update-generator/Makefile b/src/systemd-system-update-generator/Makefile
new file mode 100644
index 0000000000..fd44aef359
--- /dev/null
+++ b/src/systemd-system-update-generator/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemgenerator_PROGRAMS += systemd-system-update-generator
+systemd_system_update_generator_SOURCES = \
+	src/system-update-generator/system-update-generator.c
+
+systemd_system_update_generator_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/system-update-generator/system-update-generator.c b/src/systemd-system-update-generator/system-update-generator.c
index a3d677f068..a3d677f068 100644
--- a/src/system-update-generator/system-update-generator.c
+++ b/src/systemd-system-update-generator/system-update-generator.c
diff --git a/src/systemd-sysusers/Makefile b/src/systemd-sysusers/Makefile
new file mode 100644
index 0000000000..d18e41b1d5
--- /dev/null
+++ b/src/systemd-sysusers/Makefile
@@ -0,0 +1,61 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_SYSUSERS),)
+systemd_sysusers_SOURCES = \
+	src/sysusers/sysusers.c
+
+systemd_sysusers_LDADD = \
+	libshared.la
+
+rootbin_PROGRAMS += \
+	systemd-sysusers
+
+nodist_systemunit_DATA += \
+	units/systemd-sysusers.service
+
+SYSINIT_TARGET_WANTS += \
+	systemd-sysusers.service
+
+nodist_sysusers_DATA = \
+	sysusers.d/systemd.conf \
+	sysusers.d/basic.conf
+
+ifneq ($(HAVE_REMOTE),)
+nodist_sysusers_DATA += \
+	sysusers.d/systemd-remote.conf
+endif # HAVE_REMOTE
+
+INSTALL_DIRS += \
+	$(sysusersdir)
+endif # ENABLE_SYSUSERS
+
+EXTRA_DIST += \
+	units/systemd-sysusers.service.in \
+	sysusers.d/systemd.conf.m4 \
+	sysusers.d/systemd-remote.conf.m4 \
+	sysusers.d/basic.conf.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/sysusers/sysusers.c b/src/systemd-sysusers/sysusers.c
index 4377f1b910..4377f1b910 100644
--- a/src/sysusers/sysusers.c
+++ b/src/systemd-sysusers/sysusers.c
diff --git a/src/systemd-sysv-generator/Makefile b/src/systemd-sysv-generator/Makefile
new file mode 100644
index 0000000000..f6de146408
--- /dev/null
+++ b/src/systemd-sysv-generator/Makefile
@@ -0,0 +1,32 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+systemd_sysv_generator_SOURCES = \
+	src/sysv-generator/sysv-generator.c
+
+systemd_sysv_generator_LDADD = \
+	libcore.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/sysv-generator/sysv-generator.c b/src/systemd-sysv-generator/sysv-generator.c
index fe4bbeeb75..fe4bbeeb75 100644
--- a/src/sysv-generator/sysv-generator.c
+++ b/src/systemd-sysv-generator/sysv-generator.c
diff --git a/src/timesync/.gitignore b/src/systemd-timesyncd/.gitignore
index 35f4d76f79..35f4d76f79 100644
--- a/src/timesync/.gitignore
+++ b/src/systemd-timesyncd/.gitignore
diff --git a/src/systemd-timesyncd/Makefile b/src/systemd-timesyncd/Makefile
new file mode 100644
index 0000000000..c9289846c4
--- /dev/null
+++ b/src/systemd-timesyncd/Makefile
@@ -0,0 +1,64 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_TIMESYNCD),)
+systemd_timesyncd_SOURCES = \
+	src/timesync/timesyncd.c \
+	src/timesync/timesyncd-manager.c \
+	src/timesync/timesyncd-manager.h \
+	src/timesync/timesyncd-conf.c \
+	src/timesync/timesyncd-conf.h \
+	src/timesync/timesyncd-server.c \
+	src/timesync/timesyncd-server.h
+
+nodist_systemd_timesyncd_SOURCES = \
+	src/timesync/timesyncd-gperf.c
+
+systemd_timesyncd_LDADD = \
+	libsystemd-network.la \
+	libshared.la
+
+rootlibexec_PROGRAMS += \
+	systemd-timesyncd
+
+nodist_systemunit_DATA += \
+	units/systemd-timesyncd.service
+
+GENERAL_ALIASES += \
+	$(systemunitdir)/systemd-timesyncd.service $(pkgsysconfdir)/system/sysinit.target.wants/systemd-timesyncd.service
+
+nodist_pkgsysconf_DATA += \
+	src/timesync/timesyncd.conf
+
+endif # ENABLE_TIMESYNCD
+
+gperf_gperf_sources += \
+	src/timesync/timesyncd-gperf.gperf
+
+EXTRA_DIST += \
+	units/systemd-timesyncd.service.in \
+	src/timesync/timesyncd.conf.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/timesync/timesyncd-conf.c b/src/systemd-timesyncd/timesyncd-conf.c
index 20c64a3354..20c64a3354 100644
--- a/src/timesync/timesyncd-conf.c
+++ b/src/systemd-timesyncd/timesyncd-conf.c
diff --git a/src/timesync/timesyncd-conf.h b/src/systemd-timesyncd/timesyncd-conf.h
index cba0724b1b..cba0724b1b 100644
--- a/src/timesync/timesyncd-conf.h
+++ b/src/systemd-timesyncd/timesyncd-conf.h
diff --git a/src/timesync/timesyncd-gperf.gperf b/src/systemd-timesyncd/timesyncd-gperf.gperf
index 29a2cfeef6..29a2cfeef6 100644
--- a/src/timesync/timesyncd-gperf.gperf
+++ b/src/systemd-timesyncd/timesyncd-gperf.gperf
diff --git a/src/systemd-timesyncd/timesyncd-manager.c b/src/systemd-timesyncd/timesyncd-manager.c
new file mode 100644
index 0000000000..6a4b52af69
--- /dev/null
+++ b/src/systemd-timesyncd/timesyncd-manager.c
@@ -0,0 +1,1156 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Kay Sievers, Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <math.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <resolv.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <sys/timerfd.h>
+#include <sys/timex.h>
+#include <sys/types.h>
+#include <time.h>
+
+#include <systemd/sd-daemon.h>
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fs-util.h"
+#include "list.h"
+#include "log.h"
+#include "missing.h"
+#include "network-util.h"
+#include "ratelimit.h"
+#include "socket-util.h"
+#include "sparse-endian.h"
+#include "string-util.h"
+#include "strv.h"
+#include "time-util.h"
+#include "timesyncd-conf.h"
+#include "timesyncd-manager.h"
+#include "util.h"
+
+#ifndef ADJ_SETOFFSET
+#define ADJ_SETOFFSET                   0x0100  /* add 'time' to current time */
+#endif
+
+/* expected accuracy of time synchronization; used to adjust the poll interval */
+#define NTP_ACCURACY_SEC                0.2
+
+/*
+ * "A client MUST NOT under any conditions use a poll interval less
+ * than 15 seconds."
+ */
+#define NTP_POLL_INTERVAL_MIN_SEC       32
+#define NTP_POLL_INTERVAL_MAX_SEC       2048
+
+/*
+ * Maximum delta in seconds which the system clock is gradually adjusted
+ * (slew) to approach the network time. Deltas larger that this are set by
+ * letting the system time jump. The kernel's limit for adjtime is 0.5s.
+ */
+#define NTP_MAX_ADJUST                  0.4
+
+/* NTP protocol, packet header */
+#define NTP_LEAP_PLUSSEC                1
+#define NTP_LEAP_MINUSSEC               2
+#define NTP_LEAP_NOTINSYNC              3
+#define NTP_MODE_CLIENT                 3
+#define NTP_MODE_SERVER                 4
+#define NTP_FIELD_LEAP(f)               (((f) >> 6) & 3)
+#define NTP_FIELD_VERSION(f)            (((f) >> 3) & 7)
+#define NTP_FIELD_MODE(f)               ((f) & 7)
+#define NTP_FIELD(l, v, m)              (((l) << 6) | ((v) << 3) | (m))
+
+/* Maximum acceptable root distance in seconds. */
+#define NTP_MAX_ROOT_DISTANCE           5.0
+
+/* Maximum number of missed replies before selecting another source. */
+#define NTP_MAX_MISSED_REPLIES          2
+
+/*
+ * "NTP timestamps are represented as a 64-bit unsigned fixed-point number,
+ * in seconds relative to 0h on 1 January 1900."
+ */
+#define OFFSET_1900_1970        UINT64_C(2208988800)
+
+#define RETRY_USEC (30*USEC_PER_SEC)
+#define RATELIMIT_INTERVAL_USEC (10*USEC_PER_SEC)
+#define RATELIMIT_BURST 10
+
+#define TIMEOUT_USEC (10*USEC_PER_SEC)
+
+struct ntp_ts {
+        be32_t sec;
+        be32_t frac;
+} _packed_;
+
+struct ntp_ts_short {
+        be16_t sec;
+        be16_t frac;
+} _packed_;
+
+struct ntp_msg {
+        uint8_t field;
+        uint8_t stratum;
+        int8_t poll;
+        int8_t precision;
+        struct ntp_ts_short root_delay;
+        struct ntp_ts_short root_dispersion;
+        char refid[4];
+        struct ntp_ts reference_time;
+        struct ntp_ts origin_time;
+        struct ntp_ts recv_time;
+        struct ntp_ts trans_time;
+} _packed_;
+
+static int manager_arm_timer(Manager *m, usec_t next);
+static int manager_clock_watch_setup(Manager *m);
+static int manager_listen_setup(Manager *m);
+static void manager_listen_stop(Manager *m);
+
+static double ntp_ts_short_to_d(const struct ntp_ts_short *ts) {
+        return be16toh(ts->sec) + (be16toh(ts->frac) / 65536.0);
+}
+
+static double ntp_ts_to_d(const struct ntp_ts *ts) {
+        return be32toh(ts->sec) + ((double)be32toh(ts->frac) / UINT_MAX);
+}
+
+static double ts_to_d(const struct timespec *ts) {
+        return ts->tv_sec + (1.0e-9 * ts->tv_nsec);
+}
+
+static int manager_timeout(sd_event_source *source, usec_t usec, void *userdata) {
+        _cleanup_free_ char *pretty = NULL;
+        Manager *m = userdata;
+
+        assert(m);
+        assert(m->current_server_name);
+        assert(m->current_server_address);
+
+        server_address_pretty(m->current_server_address, &pretty);
+        log_info("Timed out waiting for reply from %s (%s).", strna(pretty), m->current_server_name->string);
+
+        return manager_connect(m);
+}
+
+static int manager_send_request(Manager *m) {
+        _cleanup_free_ char *pretty = NULL;
+        struct ntp_msg ntpmsg = {
+                /*
+                 * "The client initializes the NTP message header, sends the request
+                 * to the server, and strips the time of day from the Transmit
+                 * Timestamp field of the reply.  For this purpose, all the NTP
+                 * header fields are set to 0, except the Mode, VN, and optional
+                 * Transmit Timestamp fields."
+                 */
+                .field = NTP_FIELD(0, 4, NTP_MODE_CLIENT),
+        };
+        ssize_t len;
+        int r;
+
+        assert(m);
+        assert(m->current_server_name);
+        assert(m->current_server_address);
+
+        m->event_timeout = sd_event_source_unref(m->event_timeout);
+
+        r = manager_listen_setup(m);
+        if (r < 0)
+                return log_warning_errno(r, "Failed to setup connection socket: %m");
+
+        /*
+         * Set transmit timestamp, remember it; the server will send that back
+         * as the origin timestamp and we have an indication that this is the
+         * matching answer to our request.
+         *
+         * The actual value does not matter, We do not care about the correct
+         * NTP UINT_MAX fraction; we just pass the plain nanosecond value.
+         */
+        assert_se(clock_gettime(clock_boottime_or_monotonic(), &m->trans_time_mon) >= 0);
+        assert_se(clock_gettime(CLOCK_REALTIME, &m->trans_time) >= 0);
+        ntpmsg.trans_time.sec = htobe32(m->trans_time.tv_sec + OFFSET_1900_1970);
+        ntpmsg.trans_time.frac = htobe32(m->trans_time.tv_nsec);
+
+        server_address_pretty(m->current_server_address, &pretty);
+
+        len = sendto(m->server_socket, &ntpmsg, sizeof(ntpmsg), MSG_DONTWAIT, &m->current_server_address->sockaddr.sa, m->current_server_address->socklen);
+        if (len == sizeof(ntpmsg)) {
+                m->pending = true;
+                log_debug("Sent NTP request to %s (%s).", strna(pretty), m->current_server_name->string);
+        } else {
+                log_debug_errno(errno, "Sending NTP request to %s (%s) failed: %m", strna(pretty), m->current_server_name->string);
+                return manager_connect(m);
+        }
+
+        /* re-arm timer with increasing timeout, in case the packets never arrive back */
+        if (m->retry_interval > 0) {
+                if (m->retry_interval < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
+                        m->retry_interval *= 2;
+        } else
+                m->retry_interval = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
+
+        r = manager_arm_timer(m, m->retry_interval);
+        if (r < 0)
+                return log_error_errno(r, "Failed to rearm timer: %m");
+
+        m->missed_replies++;
+        if (m->missed_replies > NTP_MAX_MISSED_REPLIES) {
+                r = sd_event_add_time(
+                                m->event,
+                                &m->event_timeout,
+                                clock_boottime_or_monotonic(),
+                                now(clock_boottime_or_monotonic()) + TIMEOUT_USEC, 0,
+                                manager_timeout, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to arm timeout timer: %m");
+        }
+
+        return 0;
+}
+
+static int manager_timer(sd_event_source *source, usec_t usec, void *userdata) {
+        Manager *m = userdata;
+
+        assert(m);
+
+        return manager_send_request(m);
+}
+
+static int manager_arm_timer(Manager *m, usec_t next) {
+        int r;
+
+        assert(m);
+
+        if (next == 0) {
+                m->event_timer = sd_event_source_unref(m->event_timer);
+                return 0;
+        }
+
+        if (m->event_timer) {
+                r = sd_event_source_set_time(m->event_timer, now(clock_boottime_or_monotonic()) + next);
+                if (r < 0)
+                        return r;
+
+                return sd_event_source_set_enabled(m->event_timer, SD_EVENT_ONESHOT);
+        }
+
+        return sd_event_add_time(
+                        m->event,
+                        &m->event_timer,
+                        clock_boottime_or_monotonic(),
+                        now(clock_boottime_or_monotonic()) + next, 0,
+                        manager_timer, m);
+}
+
+static int manager_clock_watch(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+
+        assert(m);
+
+        /* rearm timer */
+        manager_clock_watch_setup(m);
+
+        /* skip our own jumps */
+        if (m->jumped) {
+                m->jumped = false;
+                return 0;
+        }
+
+        /* resync */
+        log_debug("System time changed. Resyncing.");
+        m->poll_resync = true;
+
+        return manager_send_request(m);
+}
+
+/* wake up when the system time changes underneath us */
+static int manager_clock_watch_setup(Manager *m) {
+
+        struct itimerspec its = {
+                .it_value.tv_sec = TIME_T_MAX
+        };
+
+        int r;
+
+        assert(m);
+
+        m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
+        safe_close(m->clock_watch_fd);
+
+        m->clock_watch_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
+        if (m->clock_watch_fd < 0)
+                return log_error_errno(errno, "Failed to create timerfd: %m");
+
+        if (timerfd_settime(m->clock_watch_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0)
+                return log_error_errno(errno, "Failed to set up timerfd: %m");
+
+        r = sd_event_add_io(m->event, &m->event_clock_watch, m->clock_watch_fd, EPOLLIN, manager_clock_watch, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to create clock watch event source: %m");
+
+        return 0;
+}
+
+static int manager_adjust_clock(Manager *m, double offset, int leap_sec) {
+        struct timex tmx = {};
+        int r;
+
+        assert(m);
+
+        /*
+         * For small deltas, tell the kernel to gradually adjust the system
+         * clock to the NTP time, larger deltas are just directly set.
+         */
+        if (fabs(offset) < NTP_MAX_ADJUST) {
+                tmx.modes = ADJ_STATUS | ADJ_NANO | ADJ_OFFSET | ADJ_TIMECONST | ADJ_MAXERROR | ADJ_ESTERROR;
+                tmx.status = STA_PLL;
+                tmx.offset = offset * NSEC_PER_SEC;
+                tmx.constant = log2i(m->poll_interval_usec / USEC_PER_SEC) - 4;
+                tmx.maxerror = 0;
+                tmx.esterror = 0;
+                log_debug("  adjust (slew): %+.3f sec", offset);
+        } else {
+                tmx.modes = ADJ_STATUS | ADJ_NANO | ADJ_SETOFFSET;
+
+                /* ADJ_NANO uses nanoseconds in the microseconds field */
+                tmx.time.tv_sec = (long)offset;
+                tmx.time.tv_usec = (offset - tmx.time.tv_sec) * NSEC_PER_SEC;
+
+                /* the kernel expects -0.3s as {-1, 7000.000.000} */
+                if (tmx.time.tv_usec < 0) {
+                        tmx.time.tv_sec  -= 1;
+                        tmx.time.tv_usec += NSEC_PER_SEC;
+                }
+
+                m->jumped = true;
+                log_debug("  adjust (jump): %+.3f sec", offset);
+        }
+
+        /*
+         * An unset STA_UNSYNC will enable the kernel's 11-minute mode,
+         * which syncs the system time periodically to the RTC.
+         *
+         * In case the RTC runs in local time, never touch the RTC,
+         * we have no way to properly handle daylight saving changes and
+         * mobile devices moving between time zones.
+         */
+        if (m->rtc_local_time)
+                tmx.status |= STA_UNSYNC;
+
+        switch (leap_sec) {
+        case 1:
+                tmx.status |= STA_INS;
+                break;
+        case -1:
+                tmx.status |= STA_DEL;
+                break;
+        }
+
+        r = clock_adjtime(CLOCK_REALTIME, &tmx);
+        if (r < 0)
+                return -errno;
+
+        /* If touch fails, there isn't much we can do. Maybe it'll work next time. */
+        (void) touch("/var/lib/systemd/clock");
+
+        m->drift_ppm = tmx.freq / 65536;
+
+        log_debug("  status       : %04i %s\n"
+                  "  time now     : %li.%03llu\n"
+                  "  constant     : %li\n"
+                  "  offset       : %+.3f sec\n"
+                  "  freq offset  : %+li (%i ppm)\n",
+                  tmx.status, tmx.status & STA_UNSYNC ? "unsync" : "sync",
+                  tmx.time.tv_sec, (unsigned long long) (tmx.time.tv_usec / NSEC_PER_MSEC),
+                  tmx.constant,
+                  (double)tmx.offset / NSEC_PER_SEC,
+                  tmx.freq, m->drift_ppm);
+
+        return 0;
+}
+
+static bool manager_sample_spike_detection(Manager *m, double offset, double delay) {
+        unsigned int i, idx_cur, idx_new, idx_min;
+        double jitter;
+        double j;
+
+        assert(m);
+
+        m->packet_count++;
+
+        /* ignore initial sample */
+        if (m->packet_count == 1)
+                return false;
+
+        /* store the current data in our samples array */
+        idx_cur = m->samples_idx;
+        idx_new = (idx_cur + 1) % ELEMENTSOF(m->samples);
+        m->samples_idx = idx_new;
+        m->samples[idx_new].offset = offset;
+        m->samples[idx_new].delay = delay;
+
+        /* calculate new jitter value from the RMS differences relative to the lowest delay sample */
+        jitter = m->samples_jitter;
+        for (idx_min = idx_cur, i = 0; i < ELEMENTSOF(m->samples); i++)
+                if (m->samples[i].delay > 0 && m->samples[i].delay < m->samples[idx_min].delay)
+                        idx_min = i;
+
+        j = 0;
+        for (i = 0; i < ELEMENTSOF(m->samples); i++)
+                j += pow(m->samples[i].offset - m->samples[idx_min].offset, 2);
+        m->samples_jitter = sqrt(j / (ELEMENTSOF(m->samples) - 1));
+
+        /* ignore samples when resyncing */
+        if (m->poll_resync)
+                return false;
+
+        /* always accept offset if we are farther off than the round-trip delay */
+        if (fabs(offset) > delay)
+                return false;
+
+        /* we need a few samples before looking at them */
+        if (m->packet_count < 4)
+                return false;
+
+        /* do not accept anything worse than the maximum possible error of the best sample */
+        if (fabs(offset) > m->samples[idx_min].delay)
+                return true;
+
+        /* compare the difference between the current offset to the previous offset and jitter */
+        return fabs(offset - m->samples[idx_cur].offset) > 3 * jitter;
+}
+
+static void manager_adjust_poll(Manager *m, double offset, bool spike) {
+        assert(m);
+
+        if (m->poll_resync) {
+                m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
+                m->poll_resync = false;
+                return;
+        }
+
+        /* set to minimal poll interval */
+        if (!spike && fabs(offset) > NTP_ACCURACY_SEC) {
+                m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
+                return;
+        }
+
+        /* increase polling interval */
+        if (fabs(offset) < NTP_ACCURACY_SEC * 0.25) {
+                if (m->poll_interval_usec < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
+                        m->poll_interval_usec *= 2;
+                return;
+        }
+
+        /* decrease polling interval */
+        if (spike || fabs(offset) > NTP_ACCURACY_SEC * 0.75) {
+                if (m->poll_interval_usec > NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC)
+                        m->poll_interval_usec /= 2;
+                return;
+        }
+}
+
+static int manager_receive_response(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+        struct ntp_msg ntpmsg;
+
+        struct iovec iov = {
+                .iov_base = &ntpmsg,
+                .iov_len = sizeof(ntpmsg),
+        };
+        union {
+                struct cmsghdr cmsghdr;
+                uint8_t buf[CMSG_SPACE(sizeof(struct timeval))];
+        } control;
+        union sockaddr_union server_addr;
+        struct msghdr msghdr = {
+                .msg_iov = &iov,
+                .msg_iovlen = 1,
+                .msg_control = &control,
+                .msg_controllen = sizeof(control),
+                .msg_name = &server_addr,
+                .msg_namelen = sizeof(server_addr),
+        };
+        struct cmsghdr *cmsg;
+        struct timespec *recv_time;
+        ssize_t len;
+        double origin, receive, trans, dest;
+        double delay, offset;
+        double root_distance;
+        bool spike;
+        int leap_sec;
+        int r;
+
+        assert(source);
+        assert(m);
+
+        if (revents & (EPOLLHUP|EPOLLERR)) {
+                log_warning("Server connection returned error.");
+                return manager_connect(m);
+        }
+
+        len = recvmsg(fd, &msghdr, MSG_DONTWAIT);
+        if (len < 0) {
+                if (errno == EAGAIN)
+                        return 0;
+
+                log_warning("Error receiving message. Disconnecting.");
+                return manager_connect(m);
+        }
+
+        /* Too short or too long packet? */
+        if (iov.iov_len < sizeof(struct ntp_msg) || (msghdr.msg_flags & MSG_TRUNC)) {
+                log_warning("Invalid response from server. Disconnecting.");
+                return manager_connect(m);
+        }
+
+        if (!m->current_server_name ||
+            !m->current_server_address ||
+            !sockaddr_equal(&server_addr, &m->current_server_address->sockaddr)) {
+                log_debug("Response from unknown server.");
+                return 0;
+        }
+
+        recv_time = NULL;
+        CMSG_FOREACH(cmsg, &msghdr) {
+                if (cmsg->cmsg_level != SOL_SOCKET)
+                        continue;
+
+                switch (cmsg->cmsg_type) {
+                case SCM_TIMESTAMPNS:
+                        recv_time = (struct timespec *) CMSG_DATA(cmsg);
+                        break;
+                }
+        }
+        if (!recv_time) {
+                log_error("Invalid packet timestamp.");
+                return -EINVAL;
+        }
+
+        if (!m->pending) {
+                log_debug("Unexpected reply. Ignoring.");
+                return 0;
+        }
+
+        m->missed_replies = 0;
+
+        /* check our "time cookie" (we just stored nanoseconds in the fraction field) */
+        if (be32toh(ntpmsg.origin_time.sec) != m->trans_time.tv_sec + OFFSET_1900_1970 ||
+            be32toh(ntpmsg.origin_time.frac) != m->trans_time.tv_nsec) {
+                log_debug("Invalid reply; not our transmit time. Ignoring.");
+                return 0;
+        }
+
+        m->event_timeout = sd_event_source_unref(m->event_timeout);
+
+        if (be32toh(ntpmsg.recv_time.sec) < TIME_EPOCH + OFFSET_1900_1970 ||
+            be32toh(ntpmsg.trans_time.sec) < TIME_EPOCH + OFFSET_1900_1970) {
+                log_debug("Invalid reply, returned times before epoch. Ignoring.");
+                return manager_connect(m);
+        }
+
+        if (NTP_FIELD_LEAP(ntpmsg.field) == NTP_LEAP_NOTINSYNC ||
+            ntpmsg.stratum == 0 || ntpmsg.stratum >= 16) {
+                log_debug("Server is not synchronized. Disconnecting.");
+                return manager_connect(m);
+        }
+
+        if (!IN_SET(NTP_FIELD_VERSION(ntpmsg.field), 3, 4)) {
+                log_debug("Response NTPv%d. Disconnecting.", NTP_FIELD_VERSION(ntpmsg.field));
+                return manager_connect(m);
+        }
+
+        if (NTP_FIELD_MODE(ntpmsg.field) != NTP_MODE_SERVER) {
+                log_debug("Unsupported mode %d. Disconnecting.", NTP_FIELD_MODE(ntpmsg.field));
+                return manager_connect(m);
+        }
+
+        root_distance = ntp_ts_short_to_d(&ntpmsg.root_delay) / 2 + ntp_ts_short_to_d(&ntpmsg.root_dispersion);
+        if (root_distance > NTP_MAX_ROOT_DISTANCE) {
+                log_debug("Server has too large root distance. Disconnecting.");
+                return manager_connect(m);
+        }
+
+        /* valid packet */
+        m->pending = false;
+        m->retry_interval = 0;
+
+        /* Stop listening */
+        manager_listen_stop(m);
+
+        /* announce leap seconds */
+        if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_PLUSSEC)
+                leap_sec = 1;
+        else if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_MINUSSEC)
+                leap_sec = -1;
+        else
+                leap_sec = 0;
+
+        /*
+         * "Timestamp Name          ID   When Generated
+         *  ------------------------------------------------------------
+         *  Originate Timestamp     T1   time request sent by client
+         *  Receive Timestamp       T2   time request received by server
+         *  Transmit Timestamp      T3   time reply sent by server
+         *  Destination Timestamp   T4   time reply received by client
+         *
+         *  The round-trip delay, d, and system clock offset, t, are defined as:
+         *  d = (T4 - T1) - (T3 - T2)     t = ((T2 - T1) + (T3 - T4)) / 2"
+         */
+        origin = ts_to_d(&m->trans_time) + OFFSET_1900_1970;
+        receive = ntp_ts_to_d(&ntpmsg.recv_time);
+        trans = ntp_ts_to_d(&ntpmsg.trans_time);
+        dest = ts_to_d(recv_time) + OFFSET_1900_1970;
+
+        offset = ((receive - origin) + (trans - dest)) / 2;
+        delay = (dest - origin) - (trans - receive);
+
+        spike = manager_sample_spike_detection(m, offset, delay);
+
+        manager_adjust_poll(m, offset, spike);
+
+        log_debug("NTP response:\n"
+                  "  leap         : %u\n"
+                  "  version      : %u\n"
+                  "  mode         : %u\n"
+                  "  stratum      : %u\n"
+                  "  precision    : %.6f sec (%d)\n"
+                  "  root distance: %.6f sec\n"
+                  "  reference    : %.4s\n"
+                  "  origin       : %.3f\n"
+                  "  receive      : %.3f\n"
+                  "  transmit     : %.3f\n"
+                  "  dest         : %.3f\n"
+                  "  offset       : %+.3f sec\n"
+                  "  delay        : %+.3f sec\n"
+                  "  packet count : %"PRIu64"\n"
+                  "  jitter       : %.3f%s\n"
+                  "  poll interval: " USEC_FMT "\n",
+                  NTP_FIELD_LEAP(ntpmsg.field),
+                  NTP_FIELD_VERSION(ntpmsg.field),
+                  NTP_FIELD_MODE(ntpmsg.field),
+                  ntpmsg.stratum,
+                  exp2(ntpmsg.precision), ntpmsg.precision,
+                  root_distance,
+                  ntpmsg.stratum == 1 ? ntpmsg.refid : "n/a",
+                  origin - OFFSET_1900_1970,
+                  receive - OFFSET_1900_1970,
+                  trans - OFFSET_1900_1970,
+                  dest - OFFSET_1900_1970,
+                  offset, delay,
+                  m->packet_count,
+                  m->samples_jitter, spike ? " spike" : "",
+                  m->poll_interval_usec / USEC_PER_SEC);
+
+        if (!spike) {
+                m->sync = true;
+                r = manager_adjust_clock(m, offset, leap_sec);
+                if (r < 0)
+                        log_error_errno(r, "Failed to call clock_adjtime(): %m");
+        }
+
+        log_debug("interval/delta/delay/jitter/drift " USEC_FMT "s/%+.3fs/%.3fs/%.3fs/%+ippm%s",
+                  m->poll_interval_usec / USEC_PER_SEC, offset, delay, m->samples_jitter, m->drift_ppm,
+                  spike ? " (ignored)" : "");
+
+        if (!m->good) {
+                _cleanup_free_ char *pretty = NULL;
+
+                m->good = true;
+
+                server_address_pretty(m->current_server_address, &pretty);
+                log_info("Synchronized to time server %s (%s).", strna(pretty), m->current_server_name->string);
+                sd_notifyf(false, "STATUS=Synchronized to time server %s (%s).", strna(pretty), m->current_server_name->string);
+        }
+
+        r = manager_arm_timer(m, m->poll_interval_usec);
+        if (r < 0)
+                return log_error_errno(r, "Failed to rearm timer: %m");
+
+        return 0;
+}
+
+static int manager_listen_setup(Manager *m) {
+        union sockaddr_union addr = {};
+        static const int tos = IPTOS_LOWDELAY;
+        static const int on = 1;
+        int r;
+
+        assert(m);
+
+        if (m->server_socket >= 0)
+                return 0;
+
+        assert(!m->event_receive);
+        assert(m->current_server_address);
+
+        addr.sa.sa_family = m->current_server_address->sockaddr.sa.sa_family;
+
+        m->server_socket = socket(addr.sa.sa_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+        if (m->server_socket < 0)
+                return -errno;
+
+        r = bind(m->server_socket, &addr.sa, m->current_server_address->socklen);
+        if (r < 0)
+                return -errno;
+
+        r = setsockopt(m->server_socket, SOL_SOCKET, SO_TIMESTAMPNS, &on, sizeof(on));
+        if (r < 0)
+                return -errno;
+
+        (void) setsockopt(m->server_socket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+
+        return sd_event_add_io(m->event, &m->event_receive, m->server_socket, EPOLLIN, manager_receive_response, m);
+}
+
+static void manager_listen_stop(Manager *m) {
+        assert(m);
+
+        m->event_receive = sd_event_source_unref(m->event_receive);
+        m->server_socket = safe_close(m->server_socket);
+}
+
+static int manager_begin(Manager *m) {
+        _cleanup_free_ char *pretty = NULL;
+        int r;
+
+        assert(m);
+        assert_return(m->current_server_name, -EHOSTUNREACH);
+        assert_return(m->current_server_address, -EHOSTUNREACH);
+
+        m->good = false;
+        m->missed_replies = NTP_MAX_MISSED_REPLIES;
+        if (m->poll_interval_usec == 0)
+                m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
+
+        server_address_pretty(m->current_server_address, &pretty);
+        log_debug("Connecting to time server %s (%s).", strna(pretty), m->current_server_name->string);
+        sd_notifyf(false, "STATUS=Connecting to time server %s (%s).", strna(pretty), m->current_server_name->string);
+
+        r = manager_clock_watch_setup(m);
+        if (r < 0)
+                return r;
+
+        return manager_send_request(m);
+}
+
+void manager_set_server_name(Manager *m, ServerName *n) {
+        assert(m);
+
+        if (m->current_server_name == n)
+                return;
+
+        m->current_server_name = n;
+        m->current_server_address = NULL;
+
+        manager_disconnect(m);
+
+        if (n)
+                log_debug("Selected server %s.", n->string);
+}
+
+void manager_set_server_address(Manager *m, ServerAddress *a) {
+        assert(m);
+
+        if (m->current_server_address == a)
+                return;
+
+        m->current_server_address = a;
+        /* If a is NULL, we are just clearing the address, without
+         * changing the name. Keep the existing name in that case. */
+        if (a)
+                m->current_server_name = a->name;
+
+        manager_disconnect(m);
+
+        if (a) {
+                _cleanup_free_ char *pretty = NULL;
+                server_address_pretty(a, &pretty);
+                log_debug("Selected address %s of server %s.", strna(pretty), a->name->string);
+        }
+}
+
+static int manager_resolve_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
+        Manager *m = userdata;
+        int r;
+
+        assert(q);
+        assert(m);
+        assert(m->current_server_name);
+
+        m->resolve_query = sd_resolve_query_unref(m->resolve_query);
+
+        if (ret != 0) {
+                log_debug("Failed to resolve %s: %s", m->current_server_name->string, gai_strerror(ret));
+
+                /* Try next host */
+                return manager_connect(m);
+        }
+
+        for (; ai; ai = ai->ai_next) {
+                _cleanup_free_ char *pretty = NULL;
+                ServerAddress *a;
+
+                assert(ai->ai_addr);
+                assert(ai->ai_addrlen >= offsetof(struct sockaddr, sa_data));
+
+                if (!IN_SET(ai->ai_addr->sa_family, AF_INET, AF_INET6)) {
+                        log_warning("Unsuitable address protocol for %s", m->current_server_name->string);
+                        continue;
+                }
+
+                r = server_address_new(m->current_server_name, &a, (const union sockaddr_union*) ai->ai_addr, ai->ai_addrlen);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add server address: %m");
+
+                server_address_pretty(a, &pretty);
+                log_debug("Resolved address %s for %s.", pretty, m->current_server_name->string);
+        }
+
+        if (!m->current_server_name->addresses) {
+                log_error("Failed to find suitable address for host %s.", m->current_server_name->string);
+
+                /* Try next host */
+                return manager_connect(m);
+        }
+
+        manager_set_server_address(m, m->current_server_name->addresses);
+
+        return manager_begin(m);
+}
+
+static int manager_retry_connect(sd_event_source *source, usec_t usec, void *userdata) {
+        Manager *m = userdata;
+
+        assert(m);
+
+        return manager_connect(m);
+}
+
+int manager_connect(Manager *m) {
+        int r;
+
+        assert(m);
+
+        manager_disconnect(m);
+
+        m->event_retry = sd_event_source_unref(m->event_retry);
+        if (!ratelimit_test(&m->ratelimit)) {
+                log_debug("Slowing down attempts to contact servers.");
+
+                r = sd_event_add_time(m->event, &m->event_retry, clock_boottime_or_monotonic(), now(clock_boottime_or_monotonic()) + RETRY_USEC, 0, manager_retry_connect, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to create retry timer: %m");
+
+                return 0;
+        }
+
+        /* If we already are operating on some address, switch to the
+         * next one. */
+        if (m->current_server_address && m->current_server_address->addresses_next)
+                manager_set_server_address(m, m->current_server_address->addresses_next);
+        else {
+                struct addrinfo hints = {
+                        .ai_flags = AI_NUMERICSERV|AI_ADDRCONFIG,
+                        .ai_socktype = SOCK_DGRAM,
+                };
+
+                /* Hmm, we are through all addresses, let's look for the next host instead */
+                if (m->current_server_name && m->current_server_name->names_next)
+                        manager_set_server_name(m, m->current_server_name->names_next);
+                else {
+                        ServerName *f;
+                        bool restart = true;
+
+                        /* Our current server name list is exhausted,
+                         * let's find the next one to iterate. First
+                         * we try the system list, then the link list.
+                         * After having processed the link list we
+                         * jump back to the system list. However, if
+                         * both lists are empty, we change to the
+                         * fallback list. */
+                        if (!m->current_server_name || m->current_server_name->type == SERVER_LINK) {
+                                f = m->system_servers;
+                                if (!f)
+                                        f = m->link_servers;
+                        } else {
+                                f = m->link_servers;
+                                if (!f)
+                                        f = m->system_servers;
+                                else
+                                        restart = false;
+                        }
+
+                        if (!f)
+                                f = m->fallback_servers;
+
+                        if (!f) {
+                                manager_set_server_name(m, NULL);
+                                log_debug("No server found.");
+                                return 0;
+                        }
+
+                        if (restart && !m->exhausted_servers && m->poll_interval_usec) {
+                                log_debug("Waiting after exhausting servers.");
+                                r = sd_event_add_time(m->event, &m->event_retry, clock_boottime_or_monotonic(), now(clock_boottime_or_monotonic()) + m->poll_interval_usec, 0, manager_retry_connect, m);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to create retry timer: %m");
+
+                                m->exhausted_servers = true;
+
+                                /* Increase the polling interval */
+                                if (m->poll_interval_usec < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
+                                        m->poll_interval_usec *= 2;
+
+                                return 0;
+                        }
+
+                        m->exhausted_servers = false;
+
+                        manager_set_server_name(m, f);
+                }
+
+                /* Tell the resolver to reread /etc/resolv.conf, in
+                 * case it changed. */
+                res_init();
+
+                /* Flush out any previously resolved addresses */
+                server_name_flush_addresses(m->current_server_name);
+
+                log_debug("Resolving %s...", m->current_server_name->string);
+
+                r = sd_resolve_getaddrinfo(m->resolve, &m->resolve_query, m->current_server_name->string, "123", &hints, manager_resolve_handler, m);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to create resolver: %m");
+
+                return 1;
+        }
+
+        r = manager_begin(m);
+        if (r < 0)
+                return r;
+
+        return 1;
+}
+
+void manager_disconnect(Manager *m) {
+        assert(m);
+
+        m->resolve_query = sd_resolve_query_unref(m->resolve_query);
+
+        m->event_timer = sd_event_source_unref(m->event_timer);
+
+        manager_listen_stop(m);
+
+        m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
+        m->clock_watch_fd = safe_close(m->clock_watch_fd);
+
+        m->event_timeout = sd_event_source_unref(m->event_timeout);
+
+        sd_notifyf(false, "STATUS=Idle.");
+}
+
+void manager_flush_server_names(Manager  *m, ServerType t) {
+        assert(m);
+
+        if (t == SERVER_SYSTEM)
+                while (m->system_servers)
+                        server_name_free(m->system_servers);
+
+        if (t == SERVER_LINK)
+                while (m->link_servers)
+                        server_name_free(m->link_servers);
+
+        if (t == SERVER_FALLBACK)
+                while (m->fallback_servers)
+                        server_name_free(m->fallback_servers);
+}
+
+void manager_free(Manager *m) {
+        if (!m)
+                return;
+
+        manager_disconnect(m);
+        manager_flush_server_names(m, SERVER_SYSTEM);
+        manager_flush_server_names(m, SERVER_LINK);
+        manager_flush_server_names(m, SERVER_FALLBACK);
+
+        sd_event_source_unref(m->event_retry);
+
+        sd_event_source_unref(m->network_event_source);
+        sd_network_monitor_unref(m->network_monitor);
+
+        sd_resolve_unref(m->resolve);
+        sd_event_unref(m->event);
+
+        free(m);
+}
+
+static int manager_network_read_link_servers(Manager *m) {
+        _cleanup_strv_free_ char **ntp = NULL;
+        ServerName *n, *nx;
+        char **i;
+        int r;
+
+        assert(m);
+
+        r = sd_network_get_ntp(&ntp);
+        if (r < 0)
+                goto clear;
+
+        LIST_FOREACH(names, n, m->link_servers)
+                n->marked = true;
+
+        STRV_FOREACH(i, ntp) {
+                bool found = false;
+
+                LIST_FOREACH(names, n, m->link_servers)
+                        if (streq(n->string, *i)) {
+                                n->marked = false;
+                                found = true;
+                                break;
+                        }
+
+                if (!found) {
+                        r = server_name_new(m, NULL, SERVER_LINK, *i);
+                        if (r < 0)
+                                goto clear;
+                }
+        }
+
+        LIST_FOREACH_SAFE(names, n, nx, m->link_servers)
+                if (n->marked)
+                        server_name_free(n);
+
+        return 0;
+
+clear:
+        manager_flush_server_names(m, SERVER_LINK);
+        return r;
+}
+
+static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+        Manager *m = userdata;
+        bool connected, online;
+        int r;
+
+        assert(m);
+
+        sd_network_monitor_flush(m->network_monitor);
+
+        manager_network_read_link_servers(m);
+
+        /* check if the machine is online */
+        online = network_is_online();
+
+        /* check if the client is currently connected */
+        connected = m->server_socket >= 0 || m->resolve_query || m->exhausted_servers;
+
+        if (connected && !online) {
+                log_info("No network connectivity, watching for changes.");
+                manager_disconnect(m);
+
+        } else if (!connected && online) {
+                log_info("Network configuration changed, trying to establish connection.");
+
+                if (m->current_server_address)
+                        r = manager_begin(m);
+                else
+                        r = manager_connect(m);
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static int manager_network_monitor_listen(Manager *m) {
+        int r, fd, events;
+
+        assert(m);
+
+        r = sd_network_monitor_new(&m->network_monitor, NULL);
+        if (r < 0)
+                return r;
+
+        fd = sd_network_monitor_get_fd(m->network_monitor);
+        if (fd < 0)
+                return fd;
+
+        events = sd_network_monitor_get_events(m->network_monitor);
+        if (events < 0)
+                return events;
+
+        r = sd_event_add_io(m->event, &m->network_event_source, fd, events, manager_network_event_handler, m);
+        if (r < 0)
+                return r;
+
+        return 0;
+}
+
+int manager_new(Manager **ret) {
+        _cleanup_(manager_freep) Manager *m = NULL;
+        int r;
+
+        assert(ret);
+
+        m = new0(Manager, 1);
+        if (!m)
+                return -ENOMEM;
+
+        m->server_socket = m->clock_watch_fd = -1;
+
+        RATELIMIT_INIT(m->ratelimit, RATELIMIT_INTERVAL_USEC, RATELIMIT_BURST);
+
+        r = manager_parse_server_string(m, SERVER_FALLBACK, NTP_SERVERS);
+        if (r < 0)
+                return r;
+
+        r = sd_event_default(&m->event);
+        if (r < 0)
+                return r;
+
+        sd_event_add_signal(m->event, NULL, SIGTERM, NULL,  NULL);
+        sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
+
+        sd_event_set_watchdog(m->event, true);
+
+        r = sd_resolve_default(&m->resolve);
+        if (r < 0)
+                return r;
+
+        r = sd_resolve_attach_event(m->resolve, m->event, 0);
+        if (r < 0)
+                return r;
+
+        r = manager_network_monitor_listen(m);
+        if (r < 0)
+                return r;
+
+        manager_network_read_link_servers(m);
+
+        *ret = m;
+        m = NULL;
+
+        return 0;
+}
diff --git a/src/systemd-timesyncd/timesyncd-manager.h b/src/systemd-timesyncd/timesyncd-manager.h
new file mode 100644
index 0000000000..fd25647725
--- /dev/null
+++ b/src/systemd-timesyncd/timesyncd-manager.h
@@ -0,0 +1,104 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Kay Sievers, Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-event.h>
+#include <systemd/sd-network.h>
+#include <systemd/sd-resolve.h>
+
+#include "list.h"
+#include "ratelimit.h"
+
+typedef struct Manager Manager;
+
+#include "timesyncd-server.h"
+
+struct Manager {
+        sd_event *event;
+        sd_resolve *resolve;
+
+        LIST_HEAD(ServerName, system_servers);
+        LIST_HEAD(ServerName, link_servers);
+        LIST_HEAD(ServerName, fallback_servers);
+
+        RateLimit ratelimit;
+        bool exhausted_servers;
+
+        /* network */
+        sd_event_source *network_event_source;
+        sd_network_monitor *network_monitor;
+
+        /* peer */
+        sd_resolve_query *resolve_query;
+        sd_event_source *event_receive;
+        ServerName *current_server_name;
+        ServerAddress *current_server_address;
+        int server_socket;
+        int missed_replies;
+        uint64_t packet_count;
+        sd_event_source *event_timeout;
+        bool good;
+
+        /* last sent packet */
+        struct timespec trans_time_mon;
+        struct timespec trans_time;
+        usec_t retry_interval;
+        bool pending;
+
+        /* poll timer */
+        sd_event_source *event_timer;
+        usec_t poll_interval_usec;
+        bool poll_resync;
+
+        /* history data */
+        struct {
+                double offset;
+                double delay;
+        } samples[8];
+        unsigned int samples_idx;
+        double samples_jitter;
+
+        /* last change */
+        bool jumped;
+        bool sync;
+        int drift_ppm;
+
+        /* watch for time changes */
+        sd_event_source *event_clock_watch;
+        int clock_watch_fd;
+
+        /* Retry connections */
+        sd_event_source *event_retry;
+
+        /* RTC runs in local time, leave it alone */
+        bool rtc_local_time;
+};
+
+int manager_new(Manager **ret);
+void manager_free(Manager *m);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
+
+void manager_set_server_name(Manager *m, ServerName *n);
+void manager_set_server_address(Manager *m, ServerAddress *a);
+void manager_flush_server_names(Manager *m, ServerType t);
+
+int manager_connect(Manager *m);
+void manager_disconnect(Manager *m);
diff --git a/src/timesync/timesyncd-server.c b/src/systemd-timesyncd/timesyncd-server.c
index 6bda86fe6e..6bda86fe6e 100644
--- a/src/timesync/timesyncd-server.c
+++ b/src/systemd-timesyncd/timesyncd-server.c
diff --git a/src/timesync/timesyncd-server.h b/src/systemd-timesyncd/timesyncd-server.h
index 8a19e41d67..8a19e41d67 100644
--- a/src/timesync/timesyncd-server.h
+++ b/src/systemd-timesyncd/timesyncd-server.h
diff --git a/src/systemd-timesyncd/timesyncd.c b/src/systemd-timesyncd/timesyncd.c
new file mode 100644
index 0000000000..9e538a82f2
--- /dev/null
+++ b/src/systemd-timesyncd/timesyncd.c
@@ -0,0 +1,164 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Kay Sievers, Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-event.h>
+
+#include "capability-util.h"
+#include "clock-util.h"
+#include "fd-util.h"
+#include "fs-util.h"
+#include "network-util.h"
+#include "signal-util.h"
+#include "timesyncd-conf.h"
+#include "timesyncd-manager.h"
+#include "user-util.h"
+
+static int load_clock_timestamp(uid_t uid, gid_t gid) {
+        _cleanup_close_ int fd = -1;
+        usec_t min = TIME_EPOCH * USEC_PER_SEC;
+        usec_t ct;
+        int r;
+
+        /* Let's try to make sure that the clock is always
+         * monotonically increasing, by saving the clock whenever we
+         * have a new NTP time, or when we shut down, and restoring it
+         * when we start again. This is particularly helpful on
+         * systems lacking a battery backed RTC. We also will adjust
+         * the time to at least the build time of systemd. */
+
+        fd = open("/var/lib/systemd/clock", O_RDWR|O_CLOEXEC, 0644);
+        if (fd >= 0) {
+                struct stat st;
+                usec_t stamp;
+
+                /* check if the recorded time is later than the compiled-in one */
+                r = fstat(fd, &st);
+                if (r >= 0) {
+                        stamp = timespec_load(&st.st_mtim);
+                        if (stamp > min)
+                                min = stamp;
+                }
+
+                /* Try to fix the access mode, so that we can still
+                   touch the file after dropping priviliges */
+                (void) fchmod(fd, 0644);
+                (void) fchown(fd, uid, gid);
+
+        } else
+                /* create stamp file with the compiled-in date */
+                (void) touch_file("/var/lib/systemd/clock", true, min, uid, gid, 0644);
+
+        ct = now(CLOCK_REALTIME);
+        if (ct < min) {
+                struct timespec ts;
+                char date[FORMAT_TIMESTAMP_MAX];
+
+                log_info("System clock time unset or jumped backwards, restoring from recorded timestamp: %s",
+                         format_timestamp(date, sizeof(date), min));
+
+                if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, min)) < 0)
+                        log_error_errno(errno, "Failed to restore system clock: %m");
+        }
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        _cleanup_(manager_freep) Manager *m = NULL;
+        const char *user = "systemd-timesync";
+        uid_t uid;
+        gid_t gid;
+        int r;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_set_facility(LOG_CRON);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        if (argc != 1) {
+                log_error("This program does not take arguments.");
+                r = -EINVAL;
+                goto finish;
+        }
+
+        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+        if (r < 0) {
+                log_error_errno(r, "Cannot resolve user name %s: %m", user);
+                goto finish;
+        }
+
+        r = load_clock_timestamp(uid, gid);
+        if (r < 0)
+                goto finish;
+
+        r = drop_privileges(uid, gid, (1ULL << CAP_SYS_TIME));
+        if (r < 0)
+                goto finish;
+
+        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
+
+        r = manager_new(&m);
+        if (r < 0) {
+                log_error_errno(r, "Failed to allocate manager: %m");
+                goto finish;
+        }
+
+        if (clock_is_localtime(NULL) > 0) {
+                log_info("The system is configured to read the RTC time in the local time zone. "
+                         "This mode can not be fully supported. All system time to RTC updates are disabled.");
+                m->rtc_local_time = true;
+        }
+
+        r = manager_parse_config_file(m);
+        if (r < 0)
+                log_warning_errno(r, "Failed to parse configuration file: %m");
+
+        log_debug("systemd-timesyncd running as pid " PID_FMT, getpid());
+        sd_notify(false,
+                  "READY=1\n"
+                  "STATUS=Daemon is running");
+
+        if (network_is_online()) {
+                r = manager_connect(m);
+                if (r < 0)
+                        goto finish;
+        }
+
+        r = sd_event_loop(m->event);
+        if (r < 0) {
+                log_error_errno(r, "Failed to run event loop: %m");
+                goto finish;
+        }
+
+        /* if we got an authoritative time, store it in the file system */
+        if (m->sync)
+                (void) touch("/var/lib/systemd/clock");
+
+        sd_event_get_exit_code(m->event, &r);
+
+finish:
+        sd_notify(false,
+                  "STOPPING=1\n"
+                  "STATUS=Shutting down...");
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/timesync/timesyncd.conf.in b/src/systemd-timesyncd/timesyncd.conf.in
index b6a2ada273..b6a2ada273 100644
--- a/src/timesync/timesyncd.conf.in
+++ b/src/systemd-timesyncd/timesyncd.conf.in
diff --git a/src/systemd-tmpfiles/Makefile b/src/systemd-tmpfiles/Makefile
new file mode 100644
index 0000000000..1e72e31215
--- /dev/null
+++ b/src/systemd-tmpfiles/Makefile
@@ -0,0 +1,84 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(ENABLE_TMPFILES),)
+systemd_tmpfiles_SOURCES = \
+	src/tmpfiles/tmpfiles.c
+
+systemd_tmpfiles_LDADD = \
+	libshared.la
+
+rootbin_PROGRAMS += \
+	systemd-tmpfiles
+
+dist_systemunit_DATA += \
+	units/systemd-tmpfiles-clean.timer
+
+nodist_systemunit_DATA += \
+	units/systemd-tmpfiles-setup-dev.service \
+	units/systemd-tmpfiles-setup.service \
+	units/systemd-tmpfiles-clean.service
+
+nodist_tmpfiles_DATA = \
+	tmpfiles.d/systemd.conf \
+	tmpfiles.d/etc.conf
+
+dist_tmpfiles_DATA = \
+	tmpfiles.d/systemd-nologin.conf \
+	tmpfiles.d/tmp.conf \
+	tmpfiles.d/x11.conf \
+	tmpfiles.d/var.conf \
+	tmpfiles.d/home.conf \
+	tmpfiles.d/systemd-nspawn.conf \
+	tmpfiles.d/journal-nocow.conf
+
+ifneq ($(HAVE_SYSV_COMPAT),)
+dist_tmpfiles_DATA += \
+	tmpfiles.d/legacy.conf
+endif # HAVE_SYSV_COMPAT
+
+SYSINIT_TARGET_WANTS += \
+	systemd-tmpfiles-setup-dev.service \
+	systemd-tmpfiles-setup.service
+
+dist_zshcompletion_data += \
+	shell-completion/zsh/_systemd-tmpfiles
+
+TIMERS_TARGET_WANTS += \
+	systemd-tmpfiles-clean.timer
+
+INSTALL_DIRS += \
+	$(tmpfilesdir) \
+	$(sysconfdir)/tmpfiles.d
+endif # ENABLE_TMPFILES
+
+EXTRA_DIST += \
+	tmpfiles.d/systemd.conf.m4 \
+	tmpfiles.d/etc.conf.m4 \
+	units/systemd-tmpfiles-setup-dev.service.in \
+	units/systemd-tmpfiles-setup.service.in \
+	units/systemd-tmpfiles-clean.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/tmpfiles/tmpfiles.c b/src/systemd-tmpfiles/tmpfiles.c
index 2053d35a67..2053d35a67 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/systemd-tmpfiles/tmpfiles.c
diff --git a/src/systemd-tty-ask-password-agent/Makefile b/src/systemd-tty-ask-password-agent/Makefile
new file mode 100644
index 0000000000..b5119b5066
--- /dev/null
+++ b/src/systemd-tty-ask-password-agent/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootbin_PROGRAMS += systemd-tty-ask-password-agent
+systemd_tty_ask_password_agent_SOURCES = \
+	src/tty-ask-password-agent/tty-ask-password-agent.c
+
+systemd_tty_ask_password_agent_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/systemd-tty-ask-password-agent/tty-ask-password-agent.c
index ee879c7b89..ee879c7b89 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/systemd-tty-ask-password-agent/tty-ask-password-agent.c
diff --git a/src/systemd-update-done/Makefile b/src/systemd-update-done/Makefile
new file mode 100644
index 0000000000..5045982316
--- /dev/null
+++ b/src/systemd-update-done/Makefile
@@ -0,0 +1,34 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-update-done
+
+systemd_update_done_SOURCES = \
+	src/update-done/update-done.c
+
+systemd_update_done_LDADD = \
+	libshared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/update-done/update-done.c b/src/systemd-update-done/update-done.c
index da306a4444..da306a4444 100644
--- a/src/update-done/update-done.c
+++ b/src/systemd-update-done/update-done.c
diff --git a/src/systemd-update-utmp/Makefile b/src/systemd-update-utmp/Makefile
new file mode 100644
index 0000000000..56f8d1f4b5
--- /dev/null
+++ b/src/systemd-update-utmp/Makefile
@@ -0,0 +1,42 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_UTMP),)
+rootlibexec_PROGRAMS += \
+	systemd-update-utmp
+endif # HAVE_UTMP
+
+systemd_update_utmp_SOURCES = \
+	src/update-utmp/update-utmp.c
+
+systemd_update_utmp_CFLAGS = \
+	$(AM_CFLAGS) \
+	$(AUDIT_CFLAGS)
+
+systemd_update_utmp_LDADD = \
+	libshared.la \
+	$(AUDIT_LIBS)
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/systemd-update-utmp/update-utmp.c b/src/systemd-update-utmp/update-utmp.c
new file mode 100644
index 0000000000..fedcaef91c
--- /dev/null
+++ b/src/systemd-update-utmp/update-utmp.c
@@ -0,0 +1,283 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifdef HAVE_AUDIT
+#include <libaudit.h>
+#endif
+
+#include <systemd/sd-bus.h>
+
+#include "alloc-util.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "formats-util.h"
+#include "log.h"
+#include "macro.h"
+#include "special.h"
+#include "unit-name.h"
+#include "util.h"
+#include "utmp-wtmp.h"
+
+typedef struct Context {
+        sd_bus *bus;
+#ifdef HAVE_AUDIT
+        int audit_fd;
+#endif
+} Context;
+
+static usec_t get_startup_time(Context *c) {
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        usec_t t = 0;
+        int r;
+
+        assert(c);
+
+        r = sd_bus_get_property_trivial(
+                        c->bus,
+                        "org.freedesktop.systemd1",
+                        "/org/freedesktop/systemd1",
+                        "org.freedesktop.systemd1.Manager",
+                        "UserspaceTimestamp",
+                        &error,
+                        't', &t);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get timestamp: %s", bus_error_message(&error, r));
+                return 0;
+        }
+
+        return t;
+}
+
+static int get_current_runlevel(Context *c) {
+        static const struct {
+                const int runlevel;
+                const char *special;
+        } table[] = {
+                /* The first target of this list that is active or has
+                 * a job scheduled wins. We prefer runlevels 5 and 3
+                 * here over the others, since these are the main
+                 * runlevels used on Fedora. It might make sense to
+                 * change the order on some distributions. */
+                { '5', SPECIAL_GRAPHICAL_TARGET  },
+                { '3', SPECIAL_MULTI_USER_TARGET },
+                { '1', SPECIAL_RESCUE_TARGET     },
+        };
+
+        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+        int r;
+        unsigned i;
+
+        assert(c);
+
+        for (i = 0; i < ELEMENTSOF(table); i++) {
+                _cleanup_free_ char *state = NULL, *path = NULL;
+
+                path = unit_dbus_path_from_name(table[i].special);
+                if (!path)
+                        return log_oom();
+
+                r = sd_bus_get_property_string(
+                                c->bus,
+                                "org.freedesktop.systemd1",
+                                path,
+                                "org.freedesktop.systemd1.Unit",
+                                "ActiveState",
+                                &error,
+                                &state);
+                if (r < 0)
+                        return log_warning_errno(r, "Failed to get state: %s", bus_error_message(&error, r));
+
+                if (streq(state, "active") || streq(state, "reloading"))
+                        return table[i].runlevel;
+        }
+
+        return 0;
+}
+
+static int on_reboot(Context *c) {
+        int r = 0, q;
+        usec_t t;
+
+        assert(c);
+
+        /* We finished start-up, so let's write the utmp
+         * record and send the audit msg */
+
+#ifdef HAVE_AUDIT
+        if (c->audit_fd >= 0)
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
+                    errno != EPERM) {
+                        r = log_error_errno(errno, "Failed to send audit message: %m");
+                }
+#endif
+
+        /* If this call fails it will return 0, which
+         * utmp_put_reboot() will then fix to the current time */
+        t = get_startup_time(c);
+
+        q = utmp_put_reboot(t);
+        if (q < 0) {
+                log_error_errno(q, "Failed to write utmp record: %m");
+                r = q;
+        }
+
+        return r;
+}
+
+static int on_shutdown(Context *c) {
+        int r = 0, q;
+
+        assert(c);
+
+        /* We started shut-down, so let's write the utmp
+         * record and send the audit msg */
+
+#ifdef HAVE_AUDIT
+        if (c->audit_fd >= 0)
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
+                    errno != EPERM) {
+                        r = log_error_errno(errno, "Failed to send audit message: %m");
+                }
+#endif
+
+        q = utmp_put_shutdown();
+        if (q < 0) {
+                log_error_errno(q, "Failed to write utmp record: %m");
+                r = q;
+        }
+
+        return r;
+}
+
+static int on_runlevel(Context *c) {
+        int r = 0, q, previous, runlevel;
+
+        assert(c);
+
+        /* We finished changing runlevel, so let's write the
+         * utmp record and send the audit msg */
+
+        /* First, get last runlevel */
+        q = utmp_get_runlevel(&previous, NULL);
+
+        if (q < 0) {
+                if (q != -ESRCH && q != -ENOENT)
+                        return log_error_errno(q, "Failed to get current runlevel: %m");
+
+                previous = 0;
+        }
+
+        /* Secondly, get new runlevel */
+        runlevel = get_current_runlevel(c);
+
+        if (runlevel < 0)
+                return runlevel;
+
+        if (previous == runlevel)
+                return 0;
+
+#ifdef HAVE_AUDIT
+        if (c->audit_fd >= 0) {
+                _cleanup_free_ char *s = NULL;
+
+                if (asprintf(&s, "old-level=%c new-level=%c",
+                             previous > 0 ? previous : 'N',
+                             runlevel > 0 ? runlevel : 'N') < 0)
+                        return log_oom();
+
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 && errno != EPERM)
+                        r = log_error_errno(errno, "Failed to send audit message: %m");
+        }
+#endif
+
+        q = utmp_put_runlevel(runlevel, previous);
+        if (q < 0 && q != -ESRCH && q != -ENOENT) {
+                log_error_errno(q, "Failed to write utmp record: %m");
+                r = q;
+        }
+
+        return r;
+}
+
+int main(int argc, char *argv[]) {
+        Context c = {
+#ifdef HAVE_AUDIT
+                .audit_fd = -1
+#endif
+        };
+        int r;
+
+        if (getppid() != 1) {
+                log_error("This program should be invoked by init only.");
+                return EXIT_FAILURE;
+        }
+
+        if (argc != 2) {
+                log_error("This program requires one argument.");
+                return EXIT_FAILURE;
+        }
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+#ifdef HAVE_AUDIT
+        /* If the kernel lacks netlink or audit support,
+         * don't worry about it. */
+        c.audit_fd = audit_open();
+        if (c.audit_fd < 0 && errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT)
+                log_error_errno(errno, "Failed to connect to audit log: %m");
+#endif
+        r = bus_connect_system_systemd(&c.bus);
+        if (r < 0) {
+                log_error_errno(r, "Failed to get D-Bus connection: %m");
+                r = -EIO;
+                goto finish;
+        }
+
+        log_debug("systemd-update-utmp running as pid "PID_FMT, getpid());
+
+        if (streq(argv[1], "reboot"))
+                r = on_reboot(&c);
+        else if (streq(argv[1], "shutdown"))
+                r = on_shutdown(&c);
+        else if (streq(argv[1], "runlevel"))
+                r = on_runlevel(&c);
+        else {
+                log_error("Unknown command %s", argv[1]);
+                r = -EINVAL;
+        }
+
+        log_debug("systemd-update-utmp stopped as pid "PID_FMT, getpid());
+
+finish:
+#ifdef HAVE_AUDIT
+        if (c.audit_fd >= 0)
+                audit_close(c.audit_fd);
+#endif
+
+        sd_bus_flush_close_unref(c.bus);
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/systemd/Makefile b/src/systemd/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/systemd/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/systemd/sd-bus-vtable.h b/src/systemd/sd-bus-vtable.h
deleted file mode 100644
index e8f84eb545..0000000000
--- a/src/systemd/sd-bus-vtable.h
+++ /dev/null
@@ -1,141 +0,0 @@
-#ifndef foosdbusvtablehfoo
-#define foosdbusvtablehfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-typedef struct sd_bus_vtable sd_bus_vtable;
-
-#include "sd-bus.h"
-
-enum {
-        _SD_BUS_VTABLE_START             = '<',
-        _SD_BUS_VTABLE_END               = '>',
-        _SD_BUS_VTABLE_METHOD            = 'M',
-        _SD_BUS_VTABLE_SIGNAL            = 'S',
-        _SD_BUS_VTABLE_PROPERTY          = 'P',
-        _SD_BUS_VTABLE_WRITABLE_PROPERTY = 'W'
-};
-
-enum {
-        SD_BUS_VTABLE_DEPRECATED                   = 1ULL << 0,
-        SD_BUS_VTABLE_HIDDEN                       = 1ULL << 1,
-        SD_BUS_VTABLE_UNPRIVILEGED                 = 1ULL << 2,
-        SD_BUS_VTABLE_METHOD_NO_REPLY              = 1ULL << 3,
-        SD_BUS_VTABLE_PROPERTY_CONST               = 1ULL << 4,
-        SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE        = 1ULL << 5,
-        SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION  = 1ULL << 6,
-        SD_BUS_VTABLE_PROPERTY_EXPLICIT            = 1ULL << 7,
-        _SD_BUS_VTABLE_CAPABILITY_MASK             = 0xFFFFULL << 40
-};
-
-#define SD_BUS_VTABLE_CAPABILITY(x) ((uint64_t) (((x)+1) & 0xFFFF) << 40)
-
-struct sd_bus_vtable {
-        /* Please do not initialize this structure directly, use the
-         * macros below instead */
-
-        uint8_t type:8;
-        uint64_t flags:56;
-        union {
-                struct {
-                        size_t element_size;
-                } start;
-                struct {
-                        const char *member;
-                        const char *signature;
-                        const char *result;
-                        sd_bus_message_handler_t handler;
-                        size_t offset;
-                } method;
-                struct {
-                        const char *member;
-                        const char *signature;
-                } signal;
-                struct {
-                        const char *member;
-                        const char *signature;
-                        sd_bus_property_get_t get;
-                        sd_bus_property_set_t set;
-                        size_t offset;
-                } property;
-        } x;
-};
-
-#define SD_BUS_VTABLE_START(_flags)                                     \
-        {                                                               \
-                .type = _SD_BUS_VTABLE_START,                           \
-                .flags = _flags,                                        \
-                .x.start.element_size = sizeof(sd_bus_vtable),          \
-        }
-
-#define SD_BUS_METHOD_WITH_OFFSET(_member, _signature, _result, _handler, _offset, _flags)   \
-        {                                                               \
-                .type = _SD_BUS_VTABLE_METHOD,                          \
-                .flags = _flags,                                        \
-                .x.method.member = _member,                             \
-                .x.method.signature = _signature,                       \
-                .x.method.result = _result,                             \
-                .x.method.handler = _handler,                           \
-                .x.method.offset = _offset,                             \
-        }
-#define SD_BUS_METHOD(_member, _signature, _result, _handler, _flags)   \
-        SD_BUS_METHOD_WITH_OFFSET(_member, _signature, _result, _handler, 0, _flags)
-
-#define SD_BUS_SIGNAL(_member, _signature, _flags)                      \
-        {                                                               \
-                .type = _SD_BUS_VTABLE_SIGNAL,                          \
-                .flags = _flags,                                        \
-                .x.signal.member = _member,                             \
-                .x.signal.signature = _signature,                       \
-        }
-
-#define SD_BUS_PROPERTY(_member, _signature, _get, _offset, _flags)     \
-        {                                                               \
-                .type = _SD_BUS_VTABLE_PROPERTY,                        \
-                .flags = _flags,                                        \
-                .x.property.member = _member,                           \
-                .x.property.signature = _signature,                     \
-                .x.property.get = _get,                                 \
-                .x.property.offset = _offset,                           \
-        }
-
-#define SD_BUS_WRITABLE_PROPERTY(_member, _signature, _get, _set, _offset, _flags) \
-        {                                                               \
-                .type = _SD_BUS_VTABLE_WRITABLE_PROPERTY,               \
-                .flags = _flags,                                        \
-                .x.property.member = _member,                           \
-                .x.property.signature = _signature,                     \
-                .x.property.get = _get,                                 \
-                .x.property.set = _set,                                 \
-                .x.property.offset = _offset,                           \
-        }
-
-#define SD_BUS_VTABLE_END                                               \
-        {                                                               \
-                .type = _SD_BUS_VTABLE_END,                             \
-        }
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h
deleted file mode 100644
index 295989cd69..0000000000
--- a/src/systemd/sd-bus.h
+++ /dev/null
@@ -1,456 +0,0 @@
-#ifndef foosdbushfoo
-#define foosdbushfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <stdarg.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-
-#include "sd-event.h"
-#include "sd-id128.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-/* Types */
-
-typedef struct sd_bus sd_bus;
-typedef struct sd_bus_message sd_bus_message;
-typedef struct sd_bus_slot sd_bus_slot;
-typedef struct sd_bus_creds sd_bus_creds;
-typedef struct sd_bus_track sd_bus_track;
-
-typedef struct {
-        const char *name;
-        const char *message;
-        int _need_free;
-} sd_bus_error;
-
-typedef struct {
-        const char* name;
-        int code;
-} sd_bus_error_map;
-
-/* Flags */
-
-enum {
-        SD_BUS_CREDS_PID                = 1ULL << 0,
-        SD_BUS_CREDS_TID                = 1ULL << 1,
-        SD_BUS_CREDS_PPID               = 1ULL << 2,
-        SD_BUS_CREDS_UID                = 1ULL << 3,
-        SD_BUS_CREDS_EUID               = 1ULL << 4,
-        SD_BUS_CREDS_SUID               = 1ULL << 5,
-        SD_BUS_CREDS_FSUID              = 1ULL << 6,
-        SD_BUS_CREDS_GID                = 1ULL << 7,
-        SD_BUS_CREDS_EGID               = 1ULL << 8,
-        SD_BUS_CREDS_SGID               = 1ULL << 9,
-        SD_BUS_CREDS_FSGID              = 1ULL << 10,
-        SD_BUS_CREDS_SUPPLEMENTARY_GIDS = 1ULL << 11,
-        SD_BUS_CREDS_COMM               = 1ULL << 12,
-        SD_BUS_CREDS_TID_COMM           = 1ULL << 13,
-        SD_BUS_CREDS_EXE                = 1ULL << 14,
-        SD_BUS_CREDS_CMDLINE            = 1ULL << 15,
-        SD_BUS_CREDS_CGROUP             = 1ULL << 16,
-        SD_BUS_CREDS_UNIT               = 1ULL << 17,
-        SD_BUS_CREDS_SLICE              = 1ULL << 18,
-        SD_BUS_CREDS_USER_UNIT          = 1ULL << 19,
-        SD_BUS_CREDS_USER_SLICE         = 1ULL << 20,
-        SD_BUS_CREDS_SESSION            = 1ULL << 21,
-        SD_BUS_CREDS_OWNER_UID          = 1ULL << 22,
-        SD_BUS_CREDS_EFFECTIVE_CAPS     = 1ULL << 23,
-        SD_BUS_CREDS_PERMITTED_CAPS     = 1ULL << 24,
-        SD_BUS_CREDS_INHERITABLE_CAPS   = 1ULL << 25,
-        SD_BUS_CREDS_BOUNDING_CAPS      = 1ULL << 26,
-        SD_BUS_CREDS_SELINUX_CONTEXT    = 1ULL << 27,
-        SD_BUS_CREDS_AUDIT_SESSION_ID   = 1ULL << 28,
-        SD_BUS_CREDS_AUDIT_LOGIN_UID    = 1ULL << 29,
-        SD_BUS_CREDS_TTY                = 1ULL << 30,
-        SD_BUS_CREDS_UNIQUE_NAME        = 1ULL << 31,
-        SD_BUS_CREDS_WELL_KNOWN_NAMES   = 1ULL << 32,
-        SD_BUS_CREDS_DESCRIPTION        = 1ULL << 33,
-        SD_BUS_CREDS_AUGMENT            = 1ULL << 63, /* special flag, if on sd-bus will augment creds struct, in a potentially race-full way. */
-        _SD_BUS_CREDS_ALL               = (1ULL << 34) -1
-};
-
-enum {
-        SD_BUS_NAME_REPLACE_EXISTING  = 1ULL << 0,
-        SD_BUS_NAME_ALLOW_REPLACEMENT = 1ULL << 1,
-        SD_BUS_NAME_QUEUE             = 1ULL << 2
-};
-
-/* Callbacks */
-
-typedef int (*sd_bus_message_handler_t)(sd_bus_message *m, void *userdata, sd_bus_error *ret_error);
-typedef int (*sd_bus_property_get_t) (sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *ret_error);
-typedef int (*sd_bus_property_set_t) (sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *value, void *userdata, sd_bus_error *ret_error);
-typedef int (*sd_bus_object_find_t) (sd_bus *bus, const char *path, const char *interface, void *userdata, void **ret_found, sd_bus_error *ret_error);
-typedef int (*sd_bus_node_enumerator_t) (sd_bus *bus, const char *prefix, void *userdata, char ***ret_nodes, sd_bus_error *ret_error);
-typedef int (*sd_bus_track_handler_t) (sd_bus_track *track, void *userdata);
-
-#include "sd-bus-protocol.h"
-#include "sd-bus-vtable.h"
-
-/* Connections */
-
-int sd_bus_default(sd_bus **ret);
-int sd_bus_default_user(sd_bus **ret);
-int sd_bus_default_system(sd_bus **ret);
-
-int sd_bus_open(sd_bus **ret);
-int sd_bus_open_user(sd_bus **ret);
-int sd_bus_open_system(sd_bus **ret);
-int sd_bus_open_system_remote(sd_bus **ret, const char *host);
-int sd_bus_open_system_machine(sd_bus **ret, const char *machine);
-
-int sd_bus_new(sd_bus **ret);
-
-int sd_bus_set_address(sd_bus *bus, const char *address);
-int sd_bus_set_fd(sd_bus *bus, int input_fd, int output_fd);
-int sd_bus_set_exec(sd_bus *bus, const char *path, char *const argv[]);
-int sd_bus_get_address(sd_bus *bus, const char **address);
-int sd_bus_set_bus_client(sd_bus *bus, int b);
-int sd_bus_is_bus_client(sd_bus *bus);
-int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t bus_id);
-int sd_bus_is_server(sd_bus *bus);
-int sd_bus_set_anonymous(sd_bus *bus, int b);
-int sd_bus_is_anonymous(sd_bus *bus);
-int sd_bus_set_trusted(sd_bus *bus, int b);
-int sd_bus_is_trusted(sd_bus *bus);
-int sd_bus_set_monitor(sd_bus *bus, int b);
-int sd_bus_is_monitor(sd_bus *bus);
-int sd_bus_set_description(sd_bus *bus, const char *description);
-int sd_bus_get_description(sd_bus *bus, const char **description);
-int sd_bus_negotiate_creds(sd_bus *bus, int b, uint64_t creds_mask);
-int sd_bus_negotiate_timestamp(sd_bus *bus, int b);
-int sd_bus_negotiate_fds(sd_bus *bus, int b);
-int sd_bus_can_send(sd_bus *bus, char type);
-int sd_bus_get_creds_mask(sd_bus *bus, uint64_t *creds_mask);
-int sd_bus_set_allow_interactive_authorization(sd_bus *bus, int b);
-int sd_bus_get_allow_interactive_authorization(sd_bus *bus);
-
-int sd_bus_start(sd_bus *ret);
-
-int sd_bus_try_close(sd_bus *bus);
-void sd_bus_close(sd_bus *bus);
-
-sd_bus *sd_bus_ref(sd_bus *bus);
-sd_bus *sd_bus_unref(sd_bus *bus);
-sd_bus *sd_bus_flush_close_unref(sd_bus *bus);
-
-void sd_bus_default_flush_close(void);
-
-int sd_bus_is_open(sd_bus *bus);
-
-int sd_bus_get_bus_id(sd_bus *bus, sd_id128_t *id);
-int sd_bus_get_scope(sd_bus *bus, const char **scope);
-int sd_bus_get_tid(sd_bus *bus, pid_t *tid);
-int sd_bus_get_owner_creds(sd_bus *bus, uint64_t creds_mask, sd_bus_creds **ret);
-
-int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *cookie);
-int sd_bus_send_to(sd_bus *bus, sd_bus_message *m, const char *destination, uint64_t *cookie);
-int sd_bus_call(sd_bus *bus, sd_bus_message *m, uint64_t usec, sd_bus_error *ret_error, sd_bus_message **reply);
-int sd_bus_call_async(sd_bus *bus, sd_bus_slot **slot, sd_bus_message *m, sd_bus_message_handler_t callback, void *userdata, uint64_t usec);
-
-int sd_bus_get_fd(sd_bus *bus);
-int sd_bus_get_events(sd_bus *bus);
-int sd_bus_get_timeout(sd_bus *bus, uint64_t *timeout_usec);
-int sd_bus_process(sd_bus *bus, sd_bus_message **r);
-int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r);
-int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec);
-int sd_bus_flush(sd_bus *bus);
-
-sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus);
-sd_bus_message* sd_bus_get_current_message(sd_bus *bus);
-sd_bus_message_handler_t sd_bus_get_current_handler(sd_bus *bus);
-void* sd_bus_get_current_userdata(sd_bus *bus);
-
-int sd_bus_attach_event(sd_bus *bus, sd_event *e, int priority);
-int sd_bus_detach_event(sd_bus *bus);
-sd_event *sd_bus_get_event(sd_bus *bus);
-
-int sd_bus_add_filter(sd_bus *bus, sd_bus_slot **slot, sd_bus_message_handler_t callback, void *userdata);
-int sd_bus_add_match(sd_bus *bus, sd_bus_slot **slot, const char *match, sd_bus_message_handler_t callback, void *userdata);
-int sd_bus_add_object(sd_bus *bus, sd_bus_slot **slot, const char *path, sd_bus_message_handler_t callback, void *userdata);
-int sd_bus_add_fallback(sd_bus *bus, sd_bus_slot **slot, const char *prefix, sd_bus_message_handler_t callback, void *userdata);
-int sd_bus_add_object_vtable(sd_bus *bus, sd_bus_slot **slot, const char *path, const char *interface, const sd_bus_vtable *vtable, void *userdata);
-int sd_bus_add_fallback_vtable(sd_bus *bus, sd_bus_slot **slot, const char *prefix, const char *interface, const sd_bus_vtable *vtable, sd_bus_object_find_t find, void *userdata);
-int sd_bus_add_node_enumerator(sd_bus *bus, sd_bus_slot **slot, const char *path, sd_bus_node_enumerator_t callback, void *userdata);
-int sd_bus_add_object_manager(sd_bus *bus, sd_bus_slot **slot, const char *path);
-
-/* Slot object */
-
-sd_bus_slot* sd_bus_slot_ref(sd_bus_slot *slot);
-sd_bus_slot* sd_bus_slot_unref(sd_bus_slot *slot);
-
-sd_bus* sd_bus_slot_get_bus(sd_bus_slot *slot);
-void *sd_bus_slot_get_userdata(sd_bus_slot *slot);
-void *sd_bus_slot_set_userdata(sd_bus_slot *slot, void *userdata);
-int sd_bus_slot_set_description(sd_bus_slot *slot, const char *description);
-int sd_bus_slot_get_description(sd_bus_slot *slot, const char **description);
-
-sd_bus_message* sd_bus_slot_get_current_message(sd_bus_slot *slot);
-sd_bus_message_handler_t sd_bus_slot_get_current_handler(sd_bus_slot *bus);
-void *sd_bus_slot_get_current_userdata(sd_bus_slot *slot);
-
-/* Message object */
-
-int sd_bus_message_new_signal(sd_bus *bus, sd_bus_message **m, const char *path, const char *interface, const char *member);
-int sd_bus_message_new_method_call(sd_bus *bus, sd_bus_message **m, const char *destination, const char *path, const char *interface, const char *member);
-int sd_bus_message_new_method_return(sd_bus_message *call, sd_bus_message **m);
-int sd_bus_message_new_method_error(sd_bus_message *call, sd_bus_message **m, const sd_bus_error *e);
-int sd_bus_message_new_method_errorf(sd_bus_message *call, sd_bus_message **m, const char *name, const char *format, ...) _sd_printf_(4, 5);
-int sd_bus_message_new_method_errno(sd_bus_message *call, sd_bus_message **m, int error, const sd_bus_error *e);
-int sd_bus_message_new_method_errnof(sd_bus_message *call, sd_bus_message **m, int error, const char *format, ...) _sd_printf_(4, 5);
-
-sd_bus_message* sd_bus_message_ref(sd_bus_message *m);
-sd_bus_message* sd_bus_message_unref(sd_bus_message *m);
-
-int sd_bus_message_get_type(sd_bus_message *m, uint8_t *type);
-int sd_bus_message_get_cookie(sd_bus_message *m, uint64_t *cookie);
-int sd_bus_message_get_reply_cookie(sd_bus_message *m, uint64_t *cookie);
-int sd_bus_message_get_priority(sd_bus_message *m, int64_t *priority);
-
-int sd_bus_message_get_expect_reply(sd_bus_message *m);
-int sd_bus_message_get_auto_start(sd_bus_message *m);
-int sd_bus_message_get_allow_interactive_authorization(sd_bus_message *m);
-
-const char *sd_bus_message_get_signature(sd_bus_message *m, int complete);
-const char *sd_bus_message_get_path(sd_bus_message *m);
-const char *sd_bus_message_get_interface(sd_bus_message *m);
-const char *sd_bus_message_get_member(sd_bus_message *m);
-const char *sd_bus_message_get_destination(sd_bus_message *m);
-const char *sd_bus_message_get_sender(sd_bus_message *m);
-const sd_bus_error *sd_bus_message_get_error(sd_bus_message *m);
-int sd_bus_message_get_errno(sd_bus_message *m);
-
-int sd_bus_message_get_monotonic_usec(sd_bus_message *m, uint64_t *usec);
-int sd_bus_message_get_realtime_usec(sd_bus_message *m, uint64_t *usec);
-int sd_bus_message_get_seqnum(sd_bus_message *m, uint64_t* seqnum);
-
-sd_bus* sd_bus_message_get_bus(sd_bus_message *m);
-sd_bus_creds *sd_bus_message_get_creds(sd_bus_message *m); /* do not unref the result */
-
-int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member);
-int sd_bus_message_is_method_call(sd_bus_message *m, const char *interface, const char *member);
-int sd_bus_message_is_method_error(sd_bus_message *m, const char *name);
-int sd_bus_message_is_empty(sd_bus_message *m);
-int sd_bus_message_has_signature(sd_bus_message *m, const char *signature);
-
-int sd_bus_message_set_expect_reply(sd_bus_message *m, int b);
-int sd_bus_message_set_auto_start(sd_bus_message *m, int b);
-int sd_bus_message_set_allow_interactive_authorization(sd_bus_message *m, int b);
-
-int sd_bus_message_set_destination(sd_bus_message *m, const char *destination);
-int sd_bus_message_set_priority(sd_bus_message *m, int64_t priority);
-
-int sd_bus_message_append(sd_bus_message *m, const char *types, ...);
-int sd_bus_message_append_basic(sd_bus_message *m, char type, const void *p);
-int sd_bus_message_append_array(sd_bus_message *m, char type, const void *ptr, size_t size);
-int sd_bus_message_append_array_space(sd_bus_message *m, char type, size_t size, void **ptr);
-int sd_bus_message_append_array_iovec(sd_bus_message *m, char type, const struct iovec *iov, unsigned n);
-int sd_bus_message_append_array_memfd(sd_bus_message *m, char type, int memfd, uint64_t offset, uint64_t size);
-int sd_bus_message_append_string_space(sd_bus_message *m, size_t size, char **s);
-int sd_bus_message_append_string_iovec(sd_bus_message *m, const struct iovec *iov, unsigned n);
-int sd_bus_message_append_string_memfd(sd_bus_message *m, int memfd, uint64_t offset, uint64_t size);
-int sd_bus_message_append_strv(sd_bus_message *m, char **l);
-int sd_bus_message_open_container(sd_bus_message *m, char type, const char *contents);
-int sd_bus_message_close_container(sd_bus_message *m);
-int sd_bus_message_copy(sd_bus_message *m, sd_bus_message *source, int all);
-
-int sd_bus_message_read(sd_bus_message *m, const char *types, ...);
-int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p);
-int sd_bus_message_read_array(sd_bus_message *m, char type, const void **ptr, size_t *size);
-int sd_bus_message_read_strv(sd_bus_message *m, char ***l); /* free the result! */
-int sd_bus_message_skip(sd_bus_message *m, const char *types);
-int sd_bus_message_enter_container(sd_bus_message *m, char type, const char *contents);
-int sd_bus_message_exit_container(sd_bus_message *m);
-int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char **contents);
-int sd_bus_message_verify_type(sd_bus_message *m, char type, const char *contents);
-int sd_bus_message_at_end(sd_bus_message *m, int complete);
-int sd_bus_message_rewind(sd_bus_message *m, int complete);
-
-/* Bus management */
-
-int sd_bus_get_unique_name(sd_bus *bus, const char **unique);
-int sd_bus_request_name(sd_bus *bus, const char *name, uint64_t flags);
-int sd_bus_release_name(sd_bus *bus, const char *name);
-int sd_bus_list_names(sd_bus *bus, char ***acquired, char ***activatable); /* free the results */
-int sd_bus_get_name_creds(sd_bus *bus, const char *name, uint64_t mask, sd_bus_creds **creds); /* unref the result! */
-int sd_bus_get_name_machine_id(sd_bus *bus, const char *name, sd_id128_t *machine);
-
-/* Convenience calls */
-
-int sd_bus_call_method(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, sd_bus_message **reply, const char *types, ...);
-int sd_bus_call_method_async(sd_bus *bus, sd_bus_slot **slot, const char *destination, const char *path, const char *interface, const char *member, sd_bus_message_handler_t callback, void *userdata, const char *types, ...);
-int sd_bus_get_property(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, sd_bus_message **reply, const char *type);
-int sd_bus_get_property_trivial(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, char type, void *ret_ptr);
-int sd_bus_get_property_string(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, char **ret); /* free the result! */
-int sd_bus_get_property_strv(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, char ***ret); /* free the result! */
-int sd_bus_set_property(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, const char *type, ...);
-
-int sd_bus_reply_method_return(sd_bus_message *call, const char *types, ...);
-int sd_bus_reply_method_error(sd_bus_message *call, const sd_bus_error *e);
-int sd_bus_reply_method_errorf(sd_bus_message *call, const char *name, const char *format, ...) _sd_printf_(3, 4);
-int sd_bus_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *e);
-int sd_bus_reply_method_errnof(sd_bus_message *call, int error, const char *format, ...) _sd_printf_(3, 4);
-
-int sd_bus_emit_signal(sd_bus *bus, const char *path, const char *interface, const char *member, const char *types, ...);
-
-int sd_bus_emit_properties_changed_strv(sd_bus *bus, const char *path, const char *interface, char **names);
-int sd_bus_emit_properties_changed(sd_bus *bus, const char *path, const char *interface, const char *name, ...) _sd_sentinel_;
-
-int sd_bus_emit_object_added(sd_bus *bus, const char *path);
-int sd_bus_emit_object_removed(sd_bus *bus, const char *path);
-int sd_bus_emit_interfaces_added_strv(sd_bus *bus, const char *path, char **interfaces);
-int sd_bus_emit_interfaces_added(sd_bus *bus, const char *path, const char *interface, ...) _sd_sentinel_;
-int sd_bus_emit_interfaces_removed_strv(sd_bus *bus, const char *path, char **interfaces);
-int sd_bus_emit_interfaces_removed(sd_bus *bus, const char *path, const char *interface, ...) _sd_sentinel_;
-
-int sd_bus_query_sender_creds(sd_bus_message *call, uint64_t mask, sd_bus_creds **creds);
-int sd_bus_query_sender_privilege(sd_bus_message *call, int capability);
-
-/* Credential handling */
-
-int sd_bus_creds_new_from_pid(sd_bus_creds **ret, pid_t pid, uint64_t creds_mask);
-sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c);
-sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c);
-uint64_t sd_bus_creds_get_mask(const sd_bus_creds *c);
-uint64_t sd_bus_creds_get_augmented_mask(const sd_bus_creds *c);
-
-int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid);
-int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid);
-int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid);
-int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid);
-int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *euid);
-int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *suid);
-int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *fsuid);
-int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid);
-int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *egid);
-int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *sgid);
-int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *fsgid);
-int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c, const gid_t **gids);
-int sd_bus_creds_get_comm(sd_bus_creds *c, const char **comm);
-int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **comm);
-int sd_bus_creds_get_exe(sd_bus_creds *c, const char **exe);
-int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline);
-int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **cgroup);
-int sd_bus_creds_get_unit(sd_bus_creds *c, const char **unit);
-int sd_bus_creds_get_slice(sd_bus_creds *c, const char **slice);
-int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **unit);
-int sd_bus_creds_get_user_slice(sd_bus_creds *c, const char **slice);
-int sd_bus_creds_get_session(sd_bus_creds *c, const char **session);
-int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid);
-int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability);
-int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability);
-int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability);
-int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability);
-int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **context);
-int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid);
-int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *loginuid);
-int sd_bus_creds_get_tty(sd_bus_creds *c, const char **tty);
-int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **name);
-int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***names);
-int sd_bus_creds_get_description(sd_bus_creds *c, const char **name);
-
-/* Error structures */
-
-#define SD_BUS_ERROR_MAKE_CONST(name, message) ((const sd_bus_error) {(name), (message), 0})
-#define SD_BUS_ERROR_NULL SD_BUS_ERROR_MAKE_CONST(NULL, NULL)
-
-void sd_bus_error_free(sd_bus_error *e);
-int sd_bus_error_set(sd_bus_error *e, const char *name, const char *message);
-int sd_bus_error_setf(sd_bus_error *e, const char *name, const char *format, ...)  _sd_printf_(3, 4);
-int sd_bus_error_set_const(sd_bus_error *e, const char *name, const char *message);
-int sd_bus_error_set_errno(sd_bus_error *e, int error);
-int sd_bus_error_set_errnof(sd_bus_error *e, int error, const char *format, ...) _sd_printf_(3, 4);
-int sd_bus_error_set_errnofv(sd_bus_error *e, int error, const char *format, va_list ap) _sd_printf_(3,0);
-int sd_bus_error_get_errno(const sd_bus_error *e);
-int sd_bus_error_copy(sd_bus_error *dest, const sd_bus_error *e);
-int sd_bus_error_is_set(const sd_bus_error *e);
-int sd_bus_error_has_name(const sd_bus_error *e, const char *name);
-
-#define SD_BUS_ERROR_MAP(_name, _code)          \
-        {                                       \
-                .name = _name,                  \
-                .code = _code,                  \
-        }
-#define SD_BUS_ERROR_MAP_END                    \
-        {                                       \
-                .name = NULL,                   \
-                .code = - 'x',                  \
-        }
-
-int sd_bus_error_add_map(const sd_bus_error_map *map);
-
-/* Auxiliary macros */
-
-#define SD_BUS_MESSAGE_APPEND_ID128(x) 16,                              \
-                (x).bytes[0],  (x).bytes[1],  (x).bytes[2],  (x).bytes[3], \
-                (x).bytes[4],  (x).bytes[5],  (x).bytes[6],  (x).bytes[7], \
-                (x).bytes[8],  (x).bytes[9],  (x).bytes[10], (x).bytes[11], \
-                (x).bytes[12], (x).bytes[13], (x).bytes[14], (x).bytes[15]
-
-#define SD_BUS_MESSAGE_READ_ID128(x) 16,                                \
-                &(x).bytes[0],  &(x).bytes[1],  &(x).bytes[2],  &(x).bytes[3], \
-                &(x).bytes[4],  &(x).bytes[5],  &(x).bytes[6],  &(x).bytes[7], \
-                &(x).bytes[8],  &(x).bytes[9],  &(x).bytes[10], &(x).bytes[11], \
-                &(x).bytes[12], &(x).bytes[13], &(x).bytes[14], &(x).bytes[15]
-
-/* Label escaping */
-
-int sd_bus_path_encode(const char *prefix, const char *external_id, char **ret_path);
-int sd_bus_path_encode_many(char **out, const char *path_template, ...);
-int sd_bus_path_decode(const char *path, const char *prefix, char **ret_external_id);
-int sd_bus_path_decode_many(const char *path, const char *path_template, ...);
-
-/* Tracking peers */
-
-int sd_bus_track_new(sd_bus *bus, sd_bus_track **track, sd_bus_track_handler_t handler, void *userdata);
-sd_bus_track* sd_bus_track_ref(sd_bus_track *track);
-sd_bus_track* sd_bus_track_unref(sd_bus_track *track);
-
-sd_bus* sd_bus_track_get_bus(sd_bus_track *track);
-void *sd_bus_track_get_userdata(sd_bus_track *track);
-void *sd_bus_track_set_userdata(sd_bus_track *track, void *userdata);
-
-int sd_bus_track_add_sender(sd_bus_track *track, sd_bus_message *m);
-int sd_bus_track_remove_sender(sd_bus_track *track, sd_bus_message *m);
-int sd_bus_track_add_name(sd_bus_track *track, const char *name);
-int sd_bus_track_remove_name(sd_bus_track *track, const char *name);
-
-unsigned sd_bus_track_count(sd_bus_track *track);
-const char* sd_bus_track_contains(sd_bus_track *track, const char *names);
-const char* sd_bus_track_first(sd_bus_track *track);
-const char* sd_bus_track_next(sd_bus_track *track);
-
-/* Define helpers so that __attribute__((cleanup(sd_bus_unrefp))) and similar may be used. */
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus, sd_bus_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus, sd_bus_flush_close_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_slot, sd_bus_slot_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_message, sd_bus_message_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_creds, sd_bus_creds_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_bus_track, sd_bus_track_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-dhcp-client.h b/src/systemd/sd-dhcp-client.h
deleted file mode 100644
index 20b8c2873f..0000000000
--- a/src/systemd/sd-dhcp-client.h
+++ /dev/null
@@ -1,158 +0,0 @@
-#ifndef foosddhcpclienthfoo
-#define foosddhcpclienthfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2013 Intel Corporation. All rights reserved.
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <net/ethernet.h>
-#include <netinet/in.h>
-#include <sys/types.h>
-
-#include "sd-dhcp-lease.h"
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-enum {
-        SD_DHCP_CLIENT_EVENT_STOP               = 0,
-        SD_DHCP_CLIENT_EVENT_IP_ACQUIRE         = 1,
-        SD_DHCP_CLIENT_EVENT_IP_CHANGE          = 2,
-        SD_DHCP_CLIENT_EVENT_EXPIRED            = 3,
-        SD_DHCP_CLIENT_EVENT_RENEW              = 4,
-};
-
-enum {
-        SD_DHCP_OPTION_PAD                         = 0,
-        SD_DHCP_OPTION_SUBNET_MASK                 = 1,
-        SD_DHCP_OPTION_TIME_OFFSET                 = 2,
-        SD_DHCP_OPTION_ROUTER                      = 3,
-        SD_DHCP_OPTION_DOMAIN_NAME_SERVER          = 6,
-        SD_DHCP_OPTION_HOST_NAME                   = 12,
-        SD_DHCP_OPTION_BOOT_FILE_SIZE              = 13,
-        SD_DHCP_OPTION_DOMAIN_NAME                 = 15,
-        SD_DHCP_OPTION_ROOT_PATH                   = 17,
-        SD_DHCP_OPTION_ENABLE_IP_FORWARDING        = 19,
-        SD_DHCP_OPTION_ENABLE_IP_FORWARDING_NL     = 20,
-        SD_DHCP_OPTION_POLICY_FILTER               = 21,
-        SD_DHCP_OPTION_INTERFACE_MDR               = 22,
-        SD_DHCP_OPTION_INTERFACE_TTL               = 23,
-        SD_DHCP_OPTION_INTERFACE_MTU_AGING_TIMEOUT = 24,
-        SD_DHCP_OPTION_INTERFACE_MTU               = 26,
-        SD_DHCP_OPTION_BROADCAST                   = 28,
-        SD_DHCP_OPTION_STATIC_ROUTE                = 33,
-        SD_DHCP_OPTION_NTP_SERVER                  = 42,
-        SD_DHCP_OPTION_VENDOR_SPECIFIC             = 43,
-        SD_DHCP_OPTION_REQUESTED_IP_ADDRESS        = 50,
-        SD_DHCP_OPTION_IP_ADDRESS_LEASE_TIME       = 51,
-        SD_DHCP_OPTION_OVERLOAD                    = 52,
-        SD_DHCP_OPTION_MESSAGE_TYPE                = 53,
-        SD_DHCP_OPTION_SERVER_IDENTIFIER           = 54,
-        SD_DHCP_OPTION_PARAMETER_REQUEST_LIST      = 55,
-        SD_DHCP_OPTION_ERROR_MESSAGE               = 56,
-        SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE        = 57,
-        SD_DHCP_OPTION_RENEWAL_T1_TIME             = 58,
-        SD_DHCP_OPTION_REBINDING_T2_TIME           = 59,
-        SD_DHCP_OPTION_VENDOR_CLASS_IDENTIFIER     = 60,
-        SD_DHCP_OPTION_CLIENT_IDENTIFIER           = 61,
-        SD_DHCP_OPTION_FQDN                        = 81,
-        SD_DHCP_OPTION_NEW_POSIX_TIMEZONE          = 100,
-        SD_DHCP_OPTION_NEW_TZDB_TIMEZONE           = 101,
-        SD_DHCP_OPTION_CLASSLESS_STATIC_ROUTE      = 121,
-        SD_DHCP_OPTION_PRIVATE_BASE                = 224,
-        SD_DHCP_OPTION_PRIVATE_LAST                = 254,
-        SD_DHCP_OPTION_END                         = 255,
-};
-
-typedef struct sd_dhcp_client sd_dhcp_client;
-
-typedef void (*sd_dhcp_client_callback_t)(sd_dhcp_client *client, int event, void *userdata);
-int sd_dhcp_client_set_callback(
-                sd_dhcp_client *client,
-                sd_dhcp_client_callback_t cb,
-                void *userdata);
-
-int sd_dhcp_client_set_request_option(
-                sd_dhcp_client *client,
-                uint8_t option);
-int sd_dhcp_client_set_request_address(
-                sd_dhcp_client *client,
-                const struct in_addr *last_address);
-int sd_dhcp_client_set_request_broadcast(
-                sd_dhcp_client *client,
-                int broadcast);
-int sd_dhcp_client_set_index(
-                sd_dhcp_client *client,
-                int interface_index);
-int sd_dhcp_client_set_mac(
-                sd_dhcp_client *client,
-                const uint8_t *addr,
-                size_t addr_len,
-                uint16_t arp_type);
-int sd_dhcp_client_set_client_id(
-                sd_dhcp_client *client,
-                uint8_t type,
-                const uint8_t *data,
-                size_t data_len);
-int sd_dhcp_client_set_iaid_duid(
-                sd_dhcp_client *client,
-                uint32_t iaid,
-                uint16_t duid_type,
-                const void *duid,
-                size_t duid_len);
-int sd_dhcp_client_get_client_id(
-                sd_dhcp_client *client,
-                uint8_t *type,
-                const uint8_t **data,
-                size_t *data_len);
-int sd_dhcp_client_set_mtu(
-                sd_dhcp_client *client,
-                uint32_t mtu);
-int sd_dhcp_client_set_hostname(
-                sd_dhcp_client *client,
-                const char *hostname);
-int sd_dhcp_client_set_vendor_class_identifier(
-                sd_dhcp_client *client,
-                const char *vci);
-int sd_dhcp_client_get_lease(
-                sd_dhcp_client *client,
-                sd_dhcp_lease **ret);
-
-int sd_dhcp_client_stop(sd_dhcp_client *client);
-int sd_dhcp_client_start(sd_dhcp_client *client);
-
-sd_dhcp_client *sd_dhcp_client_ref(sd_dhcp_client *client);
-sd_dhcp_client *sd_dhcp_client_unref(sd_dhcp_client *client);
-
-int sd_dhcp_client_new(sd_dhcp_client **ret);
-
-int sd_dhcp_client_attach_event(
-                sd_dhcp_client *client,
-                sd_event *event,
-                int64_t priority);
-int sd_dhcp_client_detach_event(sd_dhcp_client *client);
-sd_event *sd_dhcp_client_get_event(sd_dhcp_client *client);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_dhcp_client, sd_dhcp_client_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-dhcp-server.h b/src/systemd/sd-dhcp-server.h
deleted file mode 100644
index d4517a26d6..0000000000
--- a/src/systemd/sd-dhcp-server.h
+++ /dev/null
@@ -1,65 +0,0 @@
-#ifndef foosddhcpserverhfoo
-#define foosddhcpserverhfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2013 Intel Corporation. All rights reserved.
-  Copyright (C) 2014 Tom Gundersen
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <netinet/in.h>
-
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-typedef struct sd_dhcp_server sd_dhcp_server;
-
-int sd_dhcp_server_new(sd_dhcp_server **ret, int ifindex);
-
-sd_dhcp_server *sd_dhcp_server_ref(sd_dhcp_server *server);
-sd_dhcp_server *sd_dhcp_server_unref(sd_dhcp_server *server);
-
-int sd_dhcp_server_attach_event(sd_dhcp_server *client, sd_event *event, int64_t priority);
-int sd_dhcp_server_detach_event(sd_dhcp_server *client);
-sd_event *sd_dhcp_server_get_event(sd_dhcp_server *client);
-
-int sd_dhcp_server_is_running(sd_dhcp_server *server);
-
-int sd_dhcp_server_start(sd_dhcp_server *server);
-int sd_dhcp_server_stop(sd_dhcp_server *server);
-
-int sd_dhcp_server_configure_pool(sd_dhcp_server *server, struct in_addr *address, unsigned char prefixlen, uint32_t offset, uint32_t size);
-
-int sd_dhcp_server_set_timezone(sd_dhcp_server *server, const char *timezone);
-int sd_dhcp_server_set_dns(sd_dhcp_server *server, const struct in_addr ntp[], unsigned n);
-int sd_dhcp_server_set_ntp(sd_dhcp_server *server, const struct in_addr dns[], unsigned n);
-int sd_dhcp_server_set_emit_router(sd_dhcp_server *server, int enabled);
-
-int sd_dhcp_server_set_max_lease_time(sd_dhcp_server *server, uint32_t t);
-int sd_dhcp_server_set_default_lease_time(sd_dhcp_server *server, uint32_t t);
-
-int sd_dhcp_server_forcerenew(sd_dhcp_server *server);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_dhcp_server, sd_dhcp_server_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-dhcp6-client.h b/src/systemd/sd-dhcp6-client.h
deleted file mode 100644
index 90f62eaca4..0000000000
--- a/src/systemd/sd-dhcp6-client.h
+++ /dev/null
@@ -1,135 +0,0 @@
-#ifndef foosddhcp6clienthfoo
-#define foosddhcp6clienthfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2014 Intel Corporation. All rights reserved.
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <net/ethernet.h>
-#include <sys/types.h>
-
-#include "sd-dhcp6-lease.h"
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-enum {
-        SD_DHCP6_CLIENT_EVENT_STOP                      = 0,
-        SD_DHCP6_CLIENT_EVENT_RESEND_EXPIRE             = 10,
-        SD_DHCP6_CLIENT_EVENT_RETRANS_MAX               = 11,
-        SD_DHCP6_CLIENT_EVENT_IP_ACQUIRE                = 12,
-        SD_DHCP6_CLIENT_EVENT_INFORMATION_REQUEST       = 13,
-};
-
-enum {
-        SD_DHCP6_OPTION_CLIENTID                   = 1,
-        SD_DHCP6_OPTION_SERVERID                   = 2,
-        SD_DHCP6_OPTION_IA_NA                      = 3,
-        SD_DHCP6_OPTION_IA_TA                      = 4,
-        SD_DHCP6_OPTION_IAADDR                     = 5,
-        SD_DHCP6_OPTION_ORO                        = 6,
-        SD_DHCP6_OPTION_PREFERENCE                 = 7,
-        SD_DHCP6_OPTION_ELAPSED_TIME               = 8,
-        SD_DHCP6_OPTION_RELAY_MSG                  = 9,
-        /* option code 10 is unassigned */
-        SD_DHCP6_OPTION_AUTH                       = 11,
-        SD_DHCP6_OPTION_UNICAST                    = 12,
-        SD_DHCP6_OPTION_STATUS_CODE                = 13,
-        SD_DHCP6_OPTION_RAPID_COMMIT               = 14,
-        SD_DHCP6_OPTION_USER_CLASS                 = 15,
-        SD_DHCP6_OPTION_VENDOR_CLASS               = 16,
-        SD_DHCP6_OPTION_VENDOR_OPTS                = 17,
-        SD_DHCP6_OPTION_INTERFACE_ID               = 18,
-        SD_DHCP6_OPTION_RECONF_MSG                 = 19,
-        SD_DHCP6_OPTION_RECONF_ACCEPT              = 20,
-
-        SD_DHCP6_OPTION_DNS_SERVERS                = 23,  /* RFC 3646 */
-        SD_DHCP6_OPTION_DOMAIN_LIST                = 24,  /* RFC 3646 */
-
-        SD_DHCP6_OPTION_SNTP_SERVERS               = 31,  /* RFC 4075, deprecated */
-
-        /* option code 35 is unassigned */
-
-        SD_DHCP6_OPTION_NTP_SERVER                 = 56,  /* RFC 5908 */
-
-        /* option codes 89-142 are unassigned */
-        /* option codes 144-65535 are unassigned */
-};
-
-typedef struct sd_dhcp6_client sd_dhcp6_client;
-
-typedef void (*sd_dhcp6_client_callback_t)(sd_dhcp6_client *client, int event, void *userdata);
-int sd_dhcp6_client_set_callback(
-                sd_dhcp6_client *client,
-                sd_dhcp6_client_callback_t cb,
-                void *userdata);
-
-int sd_dhcp6_client_set_index(
-                sd_dhcp6_client *client,
-                int interface_index);
-int sd_dhcp6_client_set_local_address(
-                sd_dhcp6_client *client,
-                const struct in6_addr *local_address);
-int sd_dhcp6_client_set_mac(
-                sd_dhcp6_client *client,
-                const uint8_t *addr,
-                size_t addr_len,
-                uint16_t arp_type);
-int sd_dhcp6_client_set_duid(
-                sd_dhcp6_client *client,
-                uint16_t duid_type,
-                const void *duid,
-                size_t duid_len);
-int sd_dhcp6_client_set_iaid(
-                sd_dhcp6_client *client,
-                uint32_t iaid);
-int sd_dhcp6_client_set_information_request(
-                sd_dhcp6_client *client,
-                int enabled);
-int sd_dhcp6_client_get_information_request(
-                sd_dhcp6_client *client,
-                int *enabled);
-int sd_dhcp6_client_set_request_option(
-                sd_dhcp6_client *client,
-                uint16_t option);
-
-int sd_dhcp6_client_get_lease(
-                sd_dhcp6_client *client,
-                sd_dhcp6_lease **ret);
-
-int sd_dhcp6_client_stop(sd_dhcp6_client *client);
-int sd_dhcp6_client_start(sd_dhcp6_client *client);
-int sd_dhcp6_client_is_running(sd_dhcp6_client *client);
-int sd_dhcp6_client_attach_event(
-                sd_dhcp6_client *client,
-                sd_event *event,
-                int64_t priority);
-int sd_dhcp6_client_detach_event(sd_dhcp6_client *client);
-sd_event *sd_dhcp6_client_get_event(sd_dhcp6_client *client);
-sd_dhcp6_client *sd_dhcp6_client_ref(sd_dhcp6_client *client);
-sd_dhcp6_client *sd_dhcp6_client_unref(sd_dhcp6_client *client);
-int sd_dhcp6_client_new(sd_dhcp6_client **ret);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_dhcp6_client, sd_dhcp6_client_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-ipv4acd.h b/src/systemd/sd-ipv4acd.h
deleted file mode 100644
index 9e3e14a30c..0000000000
--- a/src/systemd/sd-ipv4acd.h
+++ /dev/null
@@ -1,60 +0,0 @@
-#ifndef foosdipv4acdfoo
-#define foosdipv4acdfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2014 Axis Communications AB. All rights reserved.
-  Copyright (C) 2015 Tom Gundersen
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/ethernet.h>
-#include <netinet/in.h>
-
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-enum {
-        SD_IPV4ACD_EVENT_STOP           = 0,
-        SD_IPV4ACD_EVENT_BIND           = 1,
-        SD_IPV4ACD_EVENT_CONFLICT       = 2,
-};
-
-typedef struct sd_ipv4acd sd_ipv4acd;
-typedef void (*sd_ipv4acd_callback_t)(sd_ipv4acd *ll, int event, void *userdata);
-
-int sd_ipv4acd_detach_event(sd_ipv4acd *ll);
-int sd_ipv4acd_attach_event(sd_ipv4acd *ll, sd_event *event, int64_t priority);
-int sd_ipv4acd_get_address(sd_ipv4acd *ll, struct in_addr *address);
-int sd_ipv4acd_set_callback(sd_ipv4acd *ll, sd_ipv4acd_callback_t cb, void *userdata);
-int sd_ipv4acd_set_mac(sd_ipv4acd *ll, const struct ether_addr *addr);
-int sd_ipv4acd_set_index(sd_ipv4acd *ll, int interface_index);
-int sd_ipv4acd_set_address(sd_ipv4acd *ll, const struct in_addr *address);
-int sd_ipv4acd_is_running(sd_ipv4acd *ll);
-int sd_ipv4acd_start(sd_ipv4acd *ll);
-int sd_ipv4acd_stop(sd_ipv4acd *ll);
-sd_ipv4acd *sd_ipv4acd_ref(sd_ipv4acd *ll);
-sd_ipv4acd *sd_ipv4acd_unref(sd_ipv4acd *ll);
-int sd_ipv4acd_new(sd_ipv4acd **ret);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_ipv4acd, sd_ipv4acd_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-ipv4ll.h b/src/systemd/sd-ipv4ll.h
deleted file mode 100644
index 6fa38a2243..0000000000
--- a/src/systemd/sd-ipv4ll.h
+++ /dev/null
@@ -1,60 +0,0 @@
-#ifndef foosdipv4llfoo
-#define foosdipv4llfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2014 Axis Communications AB. All rights reserved.
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <net/ethernet.h>
-#include <netinet/in.h>
-
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-enum {
-        SD_IPV4LL_EVENT_STOP            = 0,
-        SD_IPV4LL_EVENT_BIND            = 1,
-        SD_IPV4LL_EVENT_CONFLICT        = 2,
-};
-
-typedef struct sd_ipv4ll sd_ipv4ll;
-typedef void (*sd_ipv4ll_callback_t)(sd_ipv4ll *ll, int event, void *userdata);
-
-int sd_ipv4ll_detach_event(sd_ipv4ll *ll);
-int sd_ipv4ll_attach_event(sd_ipv4ll *ll, sd_event *event, int64_t priority);
-int sd_ipv4ll_get_address(sd_ipv4ll *ll, struct in_addr *address);
-int sd_ipv4ll_set_callback(sd_ipv4ll *ll, sd_ipv4ll_callback_t cb, void *userdata);
-int sd_ipv4ll_set_mac(sd_ipv4ll *ll, const struct ether_addr *addr);
-int sd_ipv4ll_set_index(sd_ipv4ll *ll, int interface_index);
-int sd_ipv4ll_set_address(sd_ipv4ll *ll, const struct in_addr *address);
-int sd_ipv4ll_set_address_seed(sd_ipv4ll *ll, unsigned seed);
-int sd_ipv4ll_is_running(sd_ipv4ll *ll);
-int sd_ipv4ll_start(sd_ipv4ll *ll);
-int sd_ipv4ll_stop(sd_ipv4ll *ll);
-sd_ipv4ll *sd_ipv4ll_ref(sd_ipv4ll *ll);
-sd_ipv4ll *sd_ipv4ll_unref(sd_ipv4ll *ll);
-int sd_ipv4ll_new (sd_ipv4ll **ret);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_ipv4ll, sd_ipv4ll_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-journal.h b/src/systemd/sd-journal.h
deleted file mode 100644
index 9c36b27157..0000000000
--- a/src/systemd/sd-journal.h
+++ /dev/null
@@ -1,175 +0,0 @@
-#ifndef foosdjournalhfoo
-#define foosdjournalhfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <stdarg.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <syslog.h>
-
-#include "sd-id128.h"
-
-#include "_sd-common.h"
-
-/* Journal APIs. See sd-journal(3) for more information. */
-
-_SD_BEGIN_DECLARATIONS;
-
-/* Write to daemon */
-int sd_journal_print(int priority, const char *format, ...) _sd_printf_(2, 3);
-int sd_journal_printv(int priority, const char *format, va_list ap) _sd_printf_(2, 0);
-int sd_journal_send(const char *format, ...) _sd_printf_(1, 0) _sd_sentinel_;
-int sd_journal_sendv(const struct iovec *iov, int n);
-int sd_journal_perror(const char *message);
-
-/* Used by the macros below. You probably don't want to call this directly. */
-int sd_journal_print_with_location(int priority, const char *file, const char *line, const char *func, const char *format, ...) _sd_printf_(5, 6);
-int sd_journal_printv_with_location(int priority, const char *file, const char *line, const char *func, const char *format, va_list ap) _sd_printf_(5, 0);
-int sd_journal_send_with_location(const char *file, const char *line, const char *func, const char *format, ...) _sd_printf_(4, 0) _sd_sentinel_;
-int sd_journal_sendv_with_location(const char *file, const char *line, const char *func, const struct iovec *iov, int n);
-int sd_journal_perror_with_location(const char *file, const char *line, const char *func, const char *message);
-
-/* implicitly add code location to messages sent, if this is enabled */
-#ifndef SD_JOURNAL_SUPPRESS_LOCATION
-
-#define sd_journal_print(priority, ...) sd_journal_print_with_location(priority, "CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, __VA_ARGS__)
-#define sd_journal_printv(priority, format, ap) sd_journal_printv_with_location(priority, "CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, format, ap)
-#define sd_journal_send(...) sd_journal_send_with_location("CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, __VA_ARGS__)
-#define sd_journal_sendv(iovec, n) sd_journal_sendv_with_location("CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, iovec, n)
-#define sd_journal_perror(message) sd_journal_perror_with_location("CODE_FILE=" __FILE__, "CODE_LINE=" _SD_STRINGIFY(__LINE__), __func__, message)
-
-#endif
-
-int sd_journal_stream_fd(const char *identifier, int priority, int level_prefix);
-
-/* Browse journal stream */
-
-typedef struct sd_journal sd_journal;
-
-/* Open flags */
-enum {
-        SD_JOURNAL_LOCAL_ONLY   = 1 << 0,
-        SD_JOURNAL_RUNTIME_ONLY = 1 << 1,
-        SD_JOURNAL_SYSTEM       = 1 << 2,
-        SD_JOURNAL_CURRENT_USER = 1 << 3,
-        SD_JOURNAL_OS_ROOT      = 1 << 4,
-
-        SD_JOURNAL_SYSTEM_ONLY = SD_JOURNAL_SYSTEM /* deprecated name */
-};
-
-/* Wakeup event types */
-enum {
-        SD_JOURNAL_NOP,
-        SD_JOURNAL_APPEND,
-        SD_JOURNAL_INVALIDATE
-};
-
-int sd_journal_open(sd_journal **ret, int flags);
-int sd_journal_open_directory(sd_journal **ret, const char *path, int flags);
-int sd_journal_open_directory_fd(sd_journal **ret, int fd, int flags);
-int sd_journal_open_files(sd_journal **ret, const char **paths, int flags);
-int sd_journal_open_files_fd(sd_journal **ret, int fds[], unsigned n_fds, int flags);
-int sd_journal_open_container(sd_journal **ret, const char *machine, int flags); /* deprecated */
-void sd_journal_close(sd_journal *j);
-
-int sd_journal_previous(sd_journal *j);
-int sd_journal_next(sd_journal *j);
-
-int sd_journal_previous_skip(sd_journal *j, uint64_t skip);
-int sd_journal_next_skip(sd_journal *j, uint64_t skip);
-
-int sd_journal_get_realtime_usec(sd_journal *j, uint64_t *ret);
-int sd_journal_get_monotonic_usec(sd_journal *j, uint64_t *ret, sd_id128_t *ret_boot_id);
-
-int sd_journal_set_data_threshold(sd_journal *j, size_t sz);
-int sd_journal_get_data_threshold(sd_journal *j, size_t *sz);
-
-int sd_journal_get_data(sd_journal *j, const char *field, const void **data, size_t *l);
-int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *l);
-void sd_journal_restart_data(sd_journal *j);
-
-int sd_journal_add_match(sd_journal *j, const void *data, size_t size);
-int sd_journal_add_disjunction(sd_journal *j);
-int sd_journal_add_conjunction(sd_journal *j);
-void sd_journal_flush_matches(sd_journal *j);
-
-int sd_journal_seek_head(sd_journal *j);
-int sd_journal_seek_tail(sd_journal *j);
-int sd_journal_seek_monotonic_usec(sd_journal *j, sd_id128_t boot_id, uint64_t usec);
-int sd_journal_seek_realtime_usec(sd_journal *j, uint64_t usec);
-int sd_journal_seek_cursor(sd_journal *j, const char *cursor);
-
-int sd_journal_get_cursor(sd_journal *j, char **cursor);
-int sd_journal_test_cursor(sd_journal *j, const char *cursor);
-
-int sd_journal_get_cutoff_realtime_usec(sd_journal *j, uint64_t *from, uint64_t *to);
-int sd_journal_get_cutoff_monotonic_usec(sd_journal *j, const sd_id128_t boot_id, uint64_t *from, uint64_t *to);
-
-int sd_journal_get_usage(sd_journal *j, uint64_t *bytes);
-
-int sd_journal_query_unique(sd_journal *j, const char *field);
-int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_t *l);
-void sd_journal_restart_unique(sd_journal *j);
-
-int sd_journal_enumerate_fields(sd_journal *j, const char **field);
-void sd_journal_restart_fields(sd_journal *j);
-
-int sd_journal_get_fd(sd_journal *j);
-int sd_journal_get_events(sd_journal *j);
-int sd_journal_get_timeout(sd_journal *j, uint64_t *timeout_usec);
-int sd_journal_process(sd_journal *j);
-int sd_journal_wait(sd_journal *j, uint64_t timeout_usec);
-int sd_journal_reliable_fd(sd_journal *j);
-
-int sd_journal_get_catalog(sd_journal *j, char **text);
-int sd_journal_get_catalog_for_message_id(sd_id128_t id, char **text);
-
-int sd_journal_has_runtime_files(sd_journal *j);
-int sd_journal_has_persistent_files(sd_journal *j);
-
-/* The inverse condition avoids ambiguity of dangling 'else' after the macro */
-#define SD_JOURNAL_FOREACH(j)                                           \
-        if (sd_journal_seek_head(j) < 0) { }                            \
-        else while (sd_journal_next(j) > 0)
-
-/* The inverse condition avoids ambiguity of dangling 'else' after the macro */
-#define SD_JOURNAL_FOREACH_BACKWARDS(j)                                 \
-        if (sd_journal_seek_tail(j) < 0) { }                            \
-        else while (sd_journal_previous(j) > 0)
-
-/* Iterate through the data fields of the current journal entry */
-#define SD_JOURNAL_FOREACH_DATA(j, data, l)                             \
-        for (sd_journal_restart_data(j); sd_journal_enumerate_data((j), &(data), &(l)) > 0; )
-
-/* Iterate through the all known values of a specific field */
-#define SD_JOURNAL_FOREACH_UNIQUE(j, data, l)                           \
-        for (sd_journal_restart_unique(j); sd_journal_enumerate_unique((j), &(data), &(l)) > 0; )
-
-/* Iterate through all known field names */
-#define SD_JOURNAL_FOREACH_FIELD(j, field) \
-        for (sd_journal_restart_fields(j); sd_journal_enumerate_fields((j), &(field)) > 0; )
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_journal, sd_journal_close);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-lldp.h b/src/systemd/sd-lldp.h
deleted file mode 100644
index 5772d5794a..0000000000
--- a/src/systemd/sd-lldp.h
+++ /dev/null
@@ -1,177 +0,0 @@
-#ifndef foosdlldphfoo
-#define foosdlldphfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2014 Tom Gundersen
-  Copyright (C) 2014 Susant Sahani
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <net/ethernet.h>
-
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-typedef struct sd_lldp sd_lldp;
-typedef struct sd_lldp_neighbor sd_lldp_neighbor;
-
-/* IEEE 802.3AB Clause 9: TLV Types */
-enum {
-        SD_LLDP_TYPE_END                 = 0,
-        SD_LLDP_TYPE_CHASSIS_ID          = 1,
-        SD_LLDP_TYPE_PORT_ID             = 2,
-        SD_LLDP_TYPE_TTL                 = 3,
-        SD_LLDP_TYPE_PORT_DESCRIPTION    = 4,
-        SD_LLDP_TYPE_SYSTEM_NAME         = 5,
-        SD_LLDP_TYPE_SYSTEM_DESCRIPTION  = 6,
-        SD_LLDP_TYPE_SYSTEM_CAPABILITIES = 7,
-        SD_LLDP_TYPE_MGMT_ADDRESS        = 8,
-        SD_LLDP_TYPE_PRIVATE             = 127,
-};
-
-/* IEEE 802.3AB Clause 9.5.2: Chassis subtypes */
-enum {
-        SD_LLDP_CHASSIS_SUBTYPE_RESERVED            = 0,
-        SD_LLDP_CHASSIS_SUBTYPE_CHASSIS_COMPONENT   = 1,
-        SD_LLDP_CHASSIS_SUBTYPE_INTERFACE_ALIAS     = 2,
-        SD_LLDP_CHASSIS_SUBTYPE_PORT_COMPONENT      = 3,
-        SD_LLDP_CHASSIS_SUBTYPE_MAC_ADDRESS         = 4,
-        SD_LLDP_CHASSIS_SUBTYPE_NETWORK_ADDRESS     = 5,
-        SD_LLDP_CHASSIS_SUBTYPE_INTERFACE_NAME      = 6,
-        SD_LLDP_CHASSIS_SUBTYPE_LOCALLY_ASSIGNED    = 7,
-};
-
-/* IEEE 802.3AB Clause 9.5.3: Port subtype */
-enum {
-        SD_LLDP_PORT_SUBTYPE_RESERVED         = 0,
-        SD_LLDP_PORT_SUBTYPE_INTERFACE_ALIAS  = 1,
-        SD_LLDP_PORT_SUBTYPE_PORT_COMPONENT   = 2,
-        SD_LLDP_PORT_SUBTYPE_MAC_ADDRESS      = 3,
-        SD_LLDP_PORT_SUBTYPE_NETWORK_ADDRESS  = 4,
-        SD_LLDP_PORT_SUBTYPE_INTERFACE_NAME   = 5,
-        SD_LLDP_PORT_SUBTYPE_AGENT_CIRCUIT_ID = 6,
-        SD_LLDP_PORT_SUBTYPE_LOCALLY_ASSIGNED = 7,
-};
-
-enum {
-        SD_LLDP_SYSTEM_CAPABILITIES_OTHER    = 1 << 0,
-        SD_LLDP_SYSTEM_CAPABILITIES_REPEATER = 1 << 1,
-        SD_LLDP_SYSTEM_CAPABILITIES_BRIDGE   = 1 << 2,
-        SD_LLDP_SYSTEM_CAPABILITIES_WLAN_AP  = 1 << 3,
-        SD_LLDP_SYSTEM_CAPABILITIES_ROUTER   = 1 << 4,
-        SD_LLDP_SYSTEM_CAPABILITIES_PHONE    = 1 << 5,
-        SD_LLDP_SYSTEM_CAPABILITIES_DOCSIS   = 1 << 6,
-        SD_LLDP_SYSTEM_CAPABILITIES_STATION  = 1 << 7,
-        SD_LLDP_SYSTEM_CAPABILITIES_CVLAN    = 1 << 8,
-        SD_LLDP_SYSTEM_CAPABILITIES_SVLAN    = 1 << 9,
-        SD_LLDP_SYSTEM_CAPABILITIES_TPMR     = 1 << 10,
-};
-
-#define SD_LLDP_SYSTEM_CAPABILITIES_ALL ((uint16_t) -1)
-
-#define SD_LLDP_SYSTEM_CAPABILITIES_ALL_ROUTERS                         \
-        ((uint16_t)                                                     \
-         (SD_LLDP_SYSTEM_CAPABILITIES_REPEATER|                         \
-          SD_LLDP_SYSTEM_CAPABILITIES_BRIDGE|                           \
-          SD_LLDP_SYSTEM_CAPABILITIES_WLAN_AP|                          \
-          SD_LLDP_SYSTEM_CAPABILITIES_ROUTER|                           \
-          SD_LLDP_SYSTEM_CAPABILITIES_DOCSIS|                           \
-          SD_LLDP_SYSTEM_CAPABILITIES_CVLAN|                            \
-          SD_LLDP_SYSTEM_CAPABILITIES_SVLAN|                            \
-          SD_LLDP_SYSTEM_CAPABILITIES_TPMR))
-
-#define SD_LLDP_OUI_802_1 (uint8_t[]) { 0x00, 0x80, 0xc2 }
-#define SD_LLDP_OUI_802_3 (uint8_t[]) { 0x00, 0x12, 0x0f }
-
-enum {
-        SD_LLDP_OUI_802_1_SUBTYPE_PORT_VLAN_ID          = 1,
-        SD_LLDP_OUI_802_1_SUBTYPE_PORT_PROTOCOL_VLAN_ID = 2,
-        SD_LLDP_OUI_802_1_SUBTYPE_VLAN_NAME             = 3,
-        SD_LLDP_OUI_802_1_SUBTYPE_PROTOCOL_IDENTITY     = 4,
-        SD_LLDP_OUI_802_1_SUBTYPE_VID_USAGE_DIGEST      = 5,
-        SD_LLDP_OUI_802_1_SUBTYPE_MANAGEMENT_VID        = 6,
-        SD_LLDP_OUI_802_1_SUBTYPE_LINK_AGGREGATION      = 7,
-};
-
-typedef enum sd_lldp_event {
-        SD_LLDP_EVENT_ADDED     = 'a',
-        SD_LLDP_EVENT_REMOVED   = 'r',
-        SD_LLDP_EVENT_UPDATED   = 'u',
-        SD_LLDP_EVENT_REFRESHED = 'f',
-} sd_lldp_event;
-
-typedef void (*sd_lldp_callback_t)(sd_lldp *lldp, sd_lldp_event event, sd_lldp_neighbor *n, void *userdata);
-
-int sd_lldp_new(sd_lldp **ret, int ifindex);
-sd_lldp* sd_lldp_unref(sd_lldp *lldp);
-
-int sd_lldp_start(sd_lldp *lldp);
-int sd_lldp_stop(sd_lldp *lldp);
-
-int sd_lldp_attach_event(sd_lldp *lldp, sd_event *event, int64_t priority);
-int sd_lldp_detach_event(sd_lldp *lldp);
-
-int sd_lldp_set_callback(sd_lldp *lldp, sd_lldp_callback_t cb, void *userdata);
-
-/* Controls how much and what to store in the neighbors database */
-int sd_lldp_set_neighbors_max(sd_lldp *lldp, uint64_t n);
-int sd_lldp_match_capabilities(sd_lldp *lldp, uint16_t mask);
-int sd_lldp_set_filter_address(sd_lldp *lldp, const struct ether_addr *address);
-
-int sd_lldp_get_neighbors(sd_lldp *lldp, sd_lldp_neighbor ***neighbors);
-
-int sd_lldp_neighbor_from_raw(sd_lldp_neighbor **ret, const void *raw, size_t raw_size);
-sd_lldp_neighbor *sd_lldp_neighbor_ref(sd_lldp_neighbor *n);
-sd_lldp_neighbor *sd_lldp_neighbor_unref(sd_lldp_neighbor *n);
-
-/* Access to LLDP frame metadata */
-int sd_lldp_neighbor_get_source_address(sd_lldp_neighbor *n, struct ether_addr* address);
-int sd_lldp_neighbor_get_destination_address(sd_lldp_neighbor *n, struct ether_addr* address);
-int sd_lldp_neighbor_get_raw(sd_lldp_neighbor *n, const void **ret, size_t *size);
-
-/* High-level, direct, parsed out field access. These fields exist at most once, hence may be queried directly. */
-int sd_lldp_neighbor_get_chassis_id(sd_lldp_neighbor *n, uint8_t *type, const void **ret, size_t *size);
-int sd_lldp_neighbor_get_chassis_id_as_string(sd_lldp_neighbor *n, const char **ret);
-int sd_lldp_neighbor_get_port_id(sd_lldp_neighbor *n, uint8_t *type, const void **ret, size_t *size);
-int sd_lldp_neighbor_get_port_id_as_string(sd_lldp_neighbor *n, const char **ret);
-int sd_lldp_neighbor_get_ttl(sd_lldp_neighbor *n, uint16_t *ret);
-int sd_lldp_neighbor_get_system_name(sd_lldp_neighbor *n, const char **ret);
-int sd_lldp_neighbor_get_system_description(sd_lldp_neighbor *n, const char **ret);
-int sd_lldp_neighbor_get_port_description(sd_lldp_neighbor *n, const char **ret);
-int sd_lldp_neighbor_get_system_capabilities(sd_lldp_neighbor *n, uint16_t *ret);
-int sd_lldp_neighbor_get_enabled_capabilities(sd_lldp_neighbor *n, uint16_t *ret);
-
-/* Low-level, iterative TLV access. This is for evertyhing else, it iteratively goes through all available TLVs
- * (including the ones covered with the calls above), and allows multiple TLVs for the same fields. */
-int sd_lldp_neighbor_tlv_rewind(sd_lldp_neighbor *n);
-int sd_lldp_neighbor_tlv_next(sd_lldp_neighbor *n);
-int sd_lldp_neighbor_tlv_get_type(sd_lldp_neighbor *n, uint8_t *type);
-int sd_lldp_neighbor_tlv_is_type(sd_lldp_neighbor *n, uint8_t type);
-int sd_lldp_neighbor_tlv_get_oui(sd_lldp_neighbor *n, uint8_t oui[3], uint8_t *subtype);
-int sd_lldp_neighbor_tlv_is_oui(sd_lldp_neighbor *n, const uint8_t oui[3], uint8_t subtype);
-int sd_lldp_neighbor_tlv_get_raw(sd_lldp_neighbor *n, const void **ret, size_t *size);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_lldp, sd_lldp_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_lldp_neighbor, sd_lldp_neighbor_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h
deleted file mode 100644
index 3c44d63021..0000000000
--- a/src/systemd/sd-messages.h
+++ /dev/null
@@ -1,91 +0,0 @@
-#ifndef foosdmessageshfoo
-#define foosdmessageshfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-id128.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-/* Hey! If you add a new message here, you *must* also update the
- * message catalog with an appropriate explanation */
-
-/* And if you add a new ID here, make sure to generate a random one
- * with journalctl --new-id128. Do not use any other IDs, and do not
- * count them up manually. */
-
-#define SD_MESSAGE_JOURNAL_START    SD_ID128_MAKE(f7,73,79,a8,49,0b,40,8b,be,5f,69,40,50,5a,77,7b)
-#define SD_MESSAGE_JOURNAL_STOP     SD_ID128_MAKE(d9,3f,b3,c9,c2,4d,45,1a,97,ce,a6,15,ce,59,c0,0b)
-#define SD_MESSAGE_JOURNAL_DROPPED  SD_ID128_MAKE(a5,96,d6,fe,7b,fa,49,94,82,8e,72,30,9e,95,d6,1e)
-#define SD_MESSAGE_JOURNAL_MISSED   SD_ID128_MAKE(e9,bf,28,e6,e8,34,48,1b,b6,f4,8f,54,8a,d1,36,06)
-#define SD_MESSAGE_JOURNAL_USAGE    SD_ID128_MAKE(ec,38,7f,57,7b,84,4b,8f,a9,48,f3,3c,ad,9a,75,e6)
-
-#define SD_MESSAGE_COREDUMP         SD_ID128_MAKE(fc,2e,22,bc,6e,e6,47,b6,b9,07,29,ab,34,a2,50,b1)
-
-#define SD_MESSAGE_SESSION_START    SD_ID128_MAKE(8d,45,62,0c,1a,43,48,db,b1,74,10,da,57,c6,0c,66)
-#define SD_MESSAGE_SESSION_STOP     SD_ID128_MAKE(33,54,93,94,24,b4,45,6d,98,02,ca,83,33,ed,42,4a)
-#define SD_MESSAGE_SEAT_START       SD_ID128_MAKE(fc,be,fc,5d,a2,3d,42,80,93,f9,7c,82,a9,29,0f,7b)
-#define SD_MESSAGE_SEAT_STOP        SD_ID128_MAKE(e7,85,2b,fe,46,78,4e,d0,ac,cd,e0,4b,c8,64,c2,d5)
-#define SD_MESSAGE_MACHINE_START    SD_ID128_MAKE(24,d8,d4,45,25,73,40,24,96,06,83,81,a6,31,2d,f2)
-#define SD_MESSAGE_MACHINE_STOP     SD_ID128_MAKE(58,43,2b,d3,ba,ce,47,7c,b5,14,b5,63,81,b8,a7,58)
-
-#define SD_MESSAGE_TIME_CHANGE      SD_ID128_MAKE(c7,a7,87,07,9b,35,4e,aa,a9,e7,7b,37,18,93,cd,27)
-#define SD_MESSAGE_TIMEZONE_CHANGE  SD_ID128_MAKE(45,f8,2f,4a,ef,7a,4b,bf,94,2c,e8,61,d1,f2,09,90)
-
-#define SD_MESSAGE_STARTUP_FINISHED SD_ID128_MAKE(b0,7a,24,9c,d0,24,41,4a,82,dd,00,cd,18,13,78,ff)
-
-#define SD_MESSAGE_SLEEP_START      SD_ID128_MAKE(6b,bd,95,ee,97,79,41,e4,97,c4,8b,e2,7c,25,41,28)
-#define SD_MESSAGE_SLEEP_STOP       SD_ID128_MAKE(88,11,e6,df,2a,8e,40,f5,8a,94,ce,a2,6f,8e,bf,14)
-
-#define SD_MESSAGE_SHUTDOWN         SD_ID128_MAKE(98,26,88,66,d1,d5,4a,49,9c,4e,98,92,1d,93,bc,40)
-
-#define SD_MESSAGE_UNIT_STARTING    SD_ID128_MAKE(7d,49,58,e8,42,da,4a,75,8f,6c,1c,dc,7b,36,dc,c5)
-#define SD_MESSAGE_UNIT_STARTED     SD_ID128_MAKE(39,f5,34,79,d3,a0,45,ac,8e,11,78,62,48,23,1f,bf)
-#define SD_MESSAGE_UNIT_STOPPING    SD_ID128_MAKE(de,5b,42,6a,63,be,47,a7,b6,ac,3e,aa,c8,2e,2f,6f)
-#define SD_MESSAGE_UNIT_STOPPED     SD_ID128_MAKE(9d,1a,aa,27,d6,01,40,bd,96,36,54,38,aa,d2,02,86)
-#define SD_MESSAGE_UNIT_FAILED      SD_ID128_MAKE(be,02,cf,68,55,d2,42,8b,a4,0d,f7,e9,d0,22,f0,3d)
-#define SD_MESSAGE_UNIT_RELOADING   SD_ID128_MAKE(d3,4d,03,7f,ff,18,47,e6,ae,66,9a,37,0e,69,47,25)
-#define SD_MESSAGE_UNIT_RELOADED    SD_ID128_MAKE(7b,05,eb,c6,68,38,42,22,ba,a8,88,11,79,cf,da,54)
-
-#define SD_MESSAGE_SPAWN_FAILED     SD_ID128_MAKE(64,12,57,65,1c,1b,4e,c9,a8,62,4d,7a,40,a9,e1,e7)
-
-#define SD_MESSAGE_FORWARD_SYSLOG_MISSED SD_ID128_MAKE(00,27,22,9c,a0,64,41,81,a7,6c,4e,92,45,8a,fa,2e)
-
-#define SD_MESSAGE_OVERMOUNTING     SD_ID128_MAKE(1d,ee,03,69,c7,fc,47,36,b7,09,9b,38,ec,b4,6e,e7)
-
-#define SD_MESSAGE_LID_OPENED       SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,6f)
-#define SD_MESSAGE_LID_CLOSED       SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,70)
-#define SD_MESSAGE_SYSTEM_DOCKED    SD_ID128_MAKE(f5,f4,16,b8,62,07,4b,28,92,7a,48,c3,ba,7d,51,ff)
-#define SD_MESSAGE_SYSTEM_UNDOCKED  SD_ID128_MAKE(51,e1,71,bd,58,52,48,56,81,10,14,4c,51,7c,ca,53)
-#define SD_MESSAGE_POWER_KEY        SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,71)
-#define SD_MESSAGE_SUSPEND_KEY      SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,72)
-#define SD_MESSAGE_HIBERNATE_KEY    SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,73)
-
-#define SD_MESSAGE_INVALID_CONFIGURATION SD_ID128_MAKE(c7,72,d2,4e,9a,88,4c,be,b9,ea,12,62,5c,30,6c,01)
-
-#define SD_MESSAGE_DNSSEC_FAILURE   SD_ID128_MAKE(16,75,d7,f1,72,17,40,98,b1,10,8b,f8,c7,dc,8f,5d)
-#define SD_MESSAGE_DNSSEC_TRUST_ANCHOR_REVOKED SD_ID128_MAKE(4d,44,08,cf,d0,d1,44,85,91,84,d1,e6,5d,7c,8a,65)
-#define SD_MESSAGE_DNSSEC_DOWNGRADE SD_ID128_MAKE(36,db,2d,fa,5a,90,45,e1,bd,4a,f5,f9,3e,1c,f0,57)
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-ndisc.h b/src/systemd/sd-ndisc.h
deleted file mode 100644
index 29bcbe8e3e..0000000000
--- a/src/systemd/sd-ndisc.h
+++ /dev/null
@@ -1,84 +0,0 @@
-#ifndef foosdndiscfoo
-#define foosdndiscfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright (C) 2014 Intel Corporation. All rights reserved.
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <net/ethernet.h>
-
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-enum {
-        SD_NDISC_EVENT_STOP     = 0,
-        SD_NDISC_EVENT_TIMEOUT  = 1,
-};
-
-typedef struct sd_ndisc sd_ndisc;
-
-typedef void(*sd_ndisc_router_callback_t)(sd_ndisc *nd, uint8_t flags, const struct in6_addr *gateway, unsigned lifetime, int pref, void *userdata);
-typedef void(*sd_ndisc_prefix_onlink_callback_t)(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen,
-                                                 unsigned lifetime, void *userdata);
-typedef void(*sd_ndisc_prefix_autonomous_callback_t)(sd_ndisc *nd, const struct in6_addr *prefix, unsigned prefixlen,
-                                                     unsigned lifetime_prefered, unsigned lifetime_valid, void *userdata);
-typedef void(*sd_ndisc_callback_t)(sd_ndisc *nd, int event, void *userdata);
-
-int sd_ndisc_set_callback(sd_ndisc *nd,
-                          sd_ndisc_router_callback_t rcb,
-                          sd_ndisc_prefix_onlink_callback_t plcb,
-                          sd_ndisc_prefix_autonomous_callback_t pacb,
-                          sd_ndisc_callback_t cb,
-                          void *userdata);
-int sd_ndisc_set_index(sd_ndisc *nd, int interface_index);
-int sd_ndisc_set_mac(sd_ndisc *nd, const struct ether_addr *mac_addr);
-
-int sd_ndisc_attach_event(sd_ndisc *nd, sd_event *event, int64_t priority);
-int sd_ndisc_detach_event(sd_ndisc *nd);
-sd_event *sd_ndisc_get_event(sd_ndisc *nd);
-
-sd_ndisc *sd_ndisc_ref(sd_ndisc *nd);
-sd_ndisc *sd_ndisc_unref(sd_ndisc *nd);
-int sd_ndisc_new(sd_ndisc **ret);
-
-int sd_ndisc_get_mtu(sd_ndisc *nd, uint32_t *mtu);
-
-int sd_ndisc_stop(sd_ndisc *nd);
-int sd_ndisc_router_discovery_start(sd_ndisc *nd);
-
-#define SD_NDISC_ADDRESS_FORMAT_STR "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x"
-
-#define SD_NDISC_ADDRESS_FORMAT_VAL(address) \
-        be16toh((address).s6_addr16[0]),        \
-        be16toh((address).s6_addr16[1]),        \
-        be16toh((address).s6_addr16[2]),        \
-        be16toh((address).s6_addr16[3]),        \
-        be16toh((address).s6_addr16[4]),        \
-        be16toh((address).s6_addr16[5]),        \
-        be16toh((address).s6_addr16[6]),        \
-        be16toh((address).s6_addr16[7])
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_ndisc, sd_ndisc_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h
deleted file mode 100644
index 3ae110c080..0000000000
--- a/src/systemd/sd-netlink.h
+++ /dev/null
@@ -1,163 +0,0 @@
-#ifndef foosdnetlinkhfoo
-#define foosdnetlinkhfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <netinet/ether.h>
-#include <netinet/in.h>
-#include <linux/rtnetlink.h>
-#include <linux/neighbour.h>
-
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-typedef struct sd_netlink sd_netlink;
-typedef struct sd_netlink_message sd_netlink_message;
-
-/* callback */
-
-typedef int (*sd_netlink_message_handler_t)(sd_netlink *nl, sd_netlink_message *m, void *userdata);
-
-/* bus */
-int sd_netlink_new_from_netlink(sd_netlink **nl, int fd);
-int sd_netlink_open(sd_netlink **nl);
-int sd_netlink_open_fd(sd_netlink **nl, int fd);
-int sd_netlink_inc_rcvbuf(const sd_netlink *const rtnl, const int size);
-
-sd_netlink *sd_netlink_ref(sd_netlink *nl);
-sd_netlink *sd_netlink_unref(sd_netlink *nl);
-
-int sd_netlink_send(sd_netlink *nl, sd_netlink_message *message, uint32_t *serial);
-int sd_netlink_call_async(sd_netlink *nl, sd_netlink_message *message,
-                       sd_netlink_message_handler_t callback,
-                       void *userdata, uint64_t usec, uint32_t *serial);
-int sd_netlink_call_async_cancel(sd_netlink *nl, uint32_t serial);
-int sd_netlink_call(sd_netlink *nl, sd_netlink_message *message, uint64_t timeout,
-                 sd_netlink_message **reply);
-
-int sd_netlink_get_events(sd_netlink *nl);
-int sd_netlink_get_timeout(sd_netlink *nl, uint64_t *timeout);
-int sd_netlink_process(sd_netlink *nl, sd_netlink_message **ret);
-int sd_netlink_wait(sd_netlink *nl, uint64_t timeout);
-
-int sd_netlink_add_match(sd_netlink *nl, uint16_t match, sd_netlink_message_handler_t c, void *userdata);
-int sd_netlink_remove_match(sd_netlink *nl, uint16_t match, sd_netlink_message_handler_t c, void *userdata);
-
-int sd_netlink_attach_event(sd_netlink *nl, sd_event *e, int64_t priority);
-int sd_netlink_detach_event(sd_netlink *nl);
-
-int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, const char *data);
-int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type);
-int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data);
-int sd_netlink_message_append_u16(sd_netlink_message *m, unsigned short type, uint16_t data);
-int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, uint32_t data);
-int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len);
-int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data);
-int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data);
-int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data);
-int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info);
-
-int sd_netlink_message_open_container(sd_netlink_message *m, unsigned short type);
-int sd_netlink_message_open_container_union(sd_netlink_message *m, unsigned short type, const char *key);
-int sd_netlink_message_close_container(sd_netlink_message *m);
-
-int sd_netlink_message_read_string(sd_netlink_message *m, unsigned short type, const char **data);
-int sd_netlink_message_read_u8(sd_netlink_message *m, unsigned short type, uint8_t *data);
-int sd_netlink_message_read_u16(sd_netlink_message *m, unsigned short type, uint16_t *data);
-int sd_netlink_message_read_u32(sd_netlink_message *m, unsigned short type, uint32_t *data);
-int sd_netlink_message_read_ether_addr(sd_netlink_message *m, unsigned short type, struct ether_addr *data);
-int sd_netlink_message_read_cache_info(sd_netlink_message *m, unsigned short type, struct ifa_cacheinfo *info);
-int sd_netlink_message_read_in_addr(sd_netlink_message *m, unsigned short type, struct in_addr *data);
-int sd_netlink_message_read_in6_addr(sd_netlink_message *m, unsigned short type, struct in6_addr *data);
-int sd_netlink_message_enter_container(sd_netlink_message *m, unsigned short type);
-int sd_netlink_message_exit_container(sd_netlink_message *m);
-
-int sd_netlink_message_rewind(sd_netlink_message *m);
-
-sd_netlink_message *sd_netlink_message_next(sd_netlink_message *m);
-
-sd_netlink_message *sd_netlink_message_ref(sd_netlink_message *m);
-sd_netlink_message *sd_netlink_message_unref(sd_netlink_message *m);
-
-int sd_netlink_message_request_dump(sd_netlink_message *m, int dump);
-int sd_netlink_message_is_error(sd_netlink_message *m);
-int sd_netlink_message_get_errno(sd_netlink_message *m);
-int sd_netlink_message_get_type(sd_netlink_message *m, uint16_t *type);
-int sd_netlink_message_set_flags(sd_netlink_message *m, uint16_t flags);
-int sd_netlink_message_is_broadcast(sd_netlink_message *m);
-
-/* rtnl */
-
-int sd_rtnl_message_new_link(sd_netlink *nl, sd_netlink_message **ret, uint16_t msg_type, int index);
-int sd_rtnl_message_new_addr_update(sd_netlink *nl, sd_netlink_message **ret, int index, int family);
-int sd_rtnl_message_new_addr(sd_netlink *nl, sd_netlink_message **ret, uint16_t msg_type, int index, int family);
-int sd_rtnl_message_new_route(sd_netlink *nl, sd_netlink_message **ret, uint16_t nlmsg_type, int rtm_family, unsigned char rtm_protocol);
-int sd_rtnl_message_new_neigh(sd_netlink *nl, sd_netlink_message **ret, uint16_t msg_type, int index, int nda_family);
-
-int sd_rtnl_message_get_family(sd_netlink_message *m, int *family);
-
-int sd_rtnl_message_addr_set_prefixlen(sd_netlink_message *m, unsigned char prefixlen);
-int sd_rtnl_message_addr_set_scope(sd_netlink_message *m, unsigned char scope);
-int sd_rtnl_message_addr_set_flags(sd_netlink_message *m, unsigned char flags);
-int sd_rtnl_message_addr_get_family(sd_netlink_message *m, int *family);
-int sd_rtnl_message_addr_get_prefixlen(sd_netlink_message *m, unsigned char *prefixlen);
-int sd_rtnl_message_addr_get_scope(sd_netlink_message *m, unsigned char *scope);
-int sd_rtnl_message_addr_get_flags(sd_netlink_message *m, unsigned char *flags);
-int sd_rtnl_message_addr_get_ifindex(sd_netlink_message *m, int *ifindex);
-
-int sd_rtnl_message_link_set_flags(sd_netlink_message *m, unsigned flags, unsigned change);
-int sd_rtnl_message_link_set_type(sd_netlink_message *m, unsigned type);
-int sd_rtnl_message_link_set_family(sd_netlink_message *m, unsigned family);
-int sd_rtnl_message_link_get_ifindex(sd_netlink_message *m, int *ifindex);
-int sd_rtnl_message_link_get_flags(sd_netlink_message *m, unsigned *flags);
-int sd_rtnl_message_link_get_type(sd_netlink_message *m, unsigned short *type);
-
-int sd_rtnl_message_route_set_dst_prefixlen(sd_netlink_message *m, unsigned char prefixlen);
-int sd_rtnl_message_route_set_src_prefixlen(sd_netlink_message *m, unsigned char prefixlen);
-int sd_rtnl_message_route_set_scope(sd_netlink_message *m, unsigned char scope);
-int sd_rtnl_message_route_set_flags(sd_netlink_message *m, unsigned flags);
-int sd_rtnl_message_route_set_table(sd_netlink_message *m, unsigned char table);
-int sd_rtnl_message_route_get_flags(sd_netlink_message *m, unsigned *flags);
-int sd_rtnl_message_route_get_family(sd_netlink_message *m, int *family);
-int sd_rtnl_message_route_set_family(sd_netlink_message *m, int family);
-int sd_rtnl_message_route_get_protocol(sd_netlink_message *m, unsigned char *protocol);
-int sd_rtnl_message_route_get_scope(sd_netlink_message *m, unsigned char *scope);
-int sd_rtnl_message_route_get_tos(sd_netlink_message *m, unsigned char *tos);
-int sd_rtnl_message_route_get_table(sd_netlink_message *m, unsigned char *table);
-int sd_rtnl_message_route_get_dst_prefixlen(sd_netlink_message *m, unsigned char *dst_len);
-int sd_rtnl_message_route_get_src_prefixlen(sd_netlink_message *m, unsigned char *src_len);
-
-int sd_rtnl_message_neigh_set_flags(sd_netlink_message *m, uint8_t flags);
-int sd_rtnl_message_neigh_set_state(sd_netlink_message *m, uint16_t state);
-int sd_rtnl_message_neigh_get_family(sd_netlink_message *m, int *family);
-int sd_rtnl_message_neigh_get_ifindex(sd_netlink_message *m, int *family);
-int sd_rtnl_message_neigh_get_state(sd_netlink_message *m, uint16_t *state);
-int sd_rtnl_message_neigh_get_flags(sd_netlink_message *m, uint8_t *flags);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_netlink, sd_netlink_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_netlink_message, sd_netlink_message_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/systemd/sd-resolve.h b/src/systemd/sd-resolve.h
deleted file mode 100644
index 1c792dab39..0000000000
--- a/src/systemd/sd-resolve.h
+++ /dev/null
@@ -1,117 +0,0 @@
-#ifndef foosdresolvehfoo
-#define foosdresolvehfoo
-
-/***
-  This file is part of systemd.
-
-  Copyright 2005-2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <inttypes.h>
-#include <netdb.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-
-#include "sd-event.h"
-
-#include "_sd-common.h"
-
-_SD_BEGIN_DECLARATIONS;
-
-/* An opaque sd-resolve session structure */
-typedef struct sd_resolve sd_resolve;
-
-/* An opaque sd-resolve query structure */
-typedef struct sd_resolve_query sd_resolve_query;
-
-/* A callback on completion */
-typedef int (*sd_resolve_getaddrinfo_handler_t)(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata);
-typedef int (*sd_resolve_getnameinfo_handler_t)(sd_resolve_query *q, int ret, const char *host, const char *serv, void *userdata);
-
-enum {
-        SD_RESOLVE_GET_HOST = UINT64_C(1),
-        SD_RESOLVE_GET_SERVICE = UINT64_C(2),
-        SD_RESOLVE_GET_BOTH = UINT64_C(3),
-};
-
-int sd_resolve_default(sd_resolve **ret);
-
-/* Allocate a new sd-resolve session. */
-int sd_resolve_new(sd_resolve **ret);
-
-/* Free a sd-resolve session. This destroys all attached
- * sd_resolve_query objects automatically. */
-sd_resolve* sd_resolve_unref(sd_resolve *resolve);
-sd_resolve* sd_resolve_ref(sd_resolve *resolve);
-
-/* Return the UNIX file descriptor to poll() for events on. Use this
- * function to integrate sd-resolve with your custom main loop. */
-int sd_resolve_get_fd(sd_resolve *resolve);
-
-/* Return the poll() events (a combination of flags like POLLIN,
- * POLLOUT, ...) to check for. */
-int sd_resolve_get_events(sd_resolve *resolve);
-
-/* Return the poll() timeout to pass. Returns (uint64_t) -1 as
- * timeout if no timeout is needed. */
-int sd_resolve_get_timeout(sd_resolve *resolve, uint64_t *timeout_usec);
-
-/* Process pending responses. After this function is called, you can
- * get the next completed query object(s) using
- * sd_resolve_get_next(). */
-int sd_resolve_process(sd_resolve *resolve);
-
-/* Wait for a resolve event to complete. */
-int sd_resolve_wait(sd_resolve *resolve, uint64_t timeout_usec);
-
-int sd_resolve_get_tid(sd_resolve *resolve, pid_t *tid);
-
-int sd_resolve_attach_event(sd_resolve *resolve, sd_event *e, int64_t priority);
-int sd_resolve_detach_event(sd_resolve *resolve);
-sd_event *sd_resolve_get_event(sd_resolve *resolve);
-
-/* Issue a name-to-address query on the specified session. The
- * arguments are compatible with those of libc's
- * getaddrinfo(3). The function returns a new query object. When the
- * query is completed, you may retrieve the results using
- * sd_resolve_getaddrinfo_done(). */
-int sd_resolve_getaddrinfo(sd_resolve *resolve, sd_resolve_query **q, const char *node, const char *service, const struct addrinfo *hints, sd_resolve_getaddrinfo_handler_t callback, void *userdata);
-
-/* Issue an address-to-name query on the specified session. The
- * arguments are compatible with those of libc's
- * getnameinfo(3). The function returns a new query object. When the
- * query is completed, you may retrieve the results using
- * sd_resolve_getnameinfo_done(). Set gethost (resp. getserv) to non-zero
- * if you want to query the hostname (resp. the service name). */
-int sd_resolve_getnameinfo(sd_resolve *resolve, sd_resolve_query **q, const struct sockaddr *sa, socklen_t salen, int flags, uint64_t get, sd_resolve_getnameinfo_handler_t callback, void *userdata);
-
-sd_resolve_query *sd_resolve_query_ref(sd_resolve_query* q);
-sd_resolve_query *sd_resolve_query_unref(sd_resolve_query* q);
-
-/* Returns non-zero when the query operation specified by q has been completed. */
-int sd_resolve_query_is_done(sd_resolve_query*q);
-
-void *sd_resolve_query_get_userdata(sd_resolve_query *q);
-void *sd_resolve_query_set_userdata(sd_resolve_query *q, void *userdata);
-
-sd_resolve *sd_resolve_query_get_resolve(sd_resolve_query *q);
-
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_resolve, sd_resolve_unref);
-_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_resolve_query, sd_resolve_query_unref);
-
-_SD_END_DECLARATIONS;
-
-#endif
diff --git a/src/sysusers/Makefile b/src/sysusers/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/sysusers/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/sysv-generator/Makefile b/src/sysv-generator/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/sysv-generator/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/test/Makefile b/src/test/Makefile
index d0b0e8e008..f416b4aadf 120000..100644
--- a/src/test/Makefile
+++ b/src/test/Makefile
@@ -1 +1,35 @@
-../Makefile
-\ No newline at end of file
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+test_id128_SOURCES = \
+	src/test/test-id128.c
+
+test_id128_LDADD = \
+	libshared.la
+
+tests += \
+	test-id128
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index 8903d10db7..c4ff41dd0e 100644
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -17,7 +17,7 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "sd-id128.h"
+#include <systemd/sd-id128.h>
 
 #include "alloc-util.h"
 #include "apparmor-util.h"
diff --git a/src/test/test-daemon.c b/src/test/test-daemon.c
index a7cb426282..b2cd3c7663 100644
--- a/src/test/test-daemon.c
+++ b/src/test/test-daemon.c
@@ -19,7 +19,7 @@
 
 #include <unistd.h>
 
-#include "sd-daemon.h"
+#include <systemd/sd-daemon.h>
 
 #include "strv.h"
 
diff --git a/src/test/test-helper.h b/src/test/test-helper.h
index ddb10f88fd..01068da347 100644
--- a/src/test/test-helper.h
+++ b/src/test/test-helper.h
@@ -19,7 +19,7 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "sd-daemon.h"
+#include <systemd/sd-daemon.h>
 
 #include "macro.h"
 
diff --git a/src/test/test-id128.c b/src/test/test-id128.c
index 96aa008c06..90c4860e2a 100644
--- a/src/test/test-id128.c
+++ b/src/test/test-id128.c
@@ -19,8 +19,8 @@
 
 #include <string.h>
 
-#include "sd-daemon.h"
-#include "sd-id128.h"
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-id128.h>
 
 #include "alloc-util.h"
 #include "macro.h"
diff --git a/src/test/test-netlink-manual.c b/src/test/test-netlink-manual.c
index bc6dd0926c..57e244eb79 100644
--- a/src/test/test-netlink-manual.c
+++ b/src/test/test-netlink-manual.c
@@ -23,7 +23,7 @@
 #include <net/if.h>
 #include <linux/if_tunnel.h>
 
-#include "sd-netlink.h"
+#include <systemd/sd-netlink.h>
 
 #include "macro.h"
 #include "util.h"
diff --git a/src/timedate/Makefile b/src/timedate/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/timedate/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c
deleted file mode 100644
index a2270aff46..0000000000
--- a/src/timedate/timedatectl.c
+++ /dev/null
@@ -1,506 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Lennart Poettering
-  Copyright 2013 Kay Sievers
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <getopt.h>
-#include <locale.h>
-#include <stdbool.h>
-#include <stdlib.h>
-
-#include "sd-bus.h"
-
-#include "bus-error.h"
-#include "bus-util.h"
-#include "pager.h"
-#include "parse-util.h"
-#include "spawn-polkit-agent.h"
-#include "strv.h"
-#include "terminal-util.h"
-#include "util.h"
-
-static bool arg_no_pager = false;
-static bool arg_ask_password = true;
-static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
-static char *arg_host = NULL;
-static bool arg_adjust_system_clock = false;
-
-static void polkit_agent_open_if_enabled(void) {
-
-        /* Open the polkit agent as a child process if necessary */
-        if (!arg_ask_password)
-                return;
-
-        if (arg_transport != BUS_TRANSPORT_LOCAL)
-                return;
-
-        polkit_agent_open();
-}
-
-typedef struct StatusInfo {
-        usec_t time;
-        char *timezone;
-
-        usec_t rtc_time;
-        bool rtc_local;
-
-        bool ntp_enabled;
-        bool ntp_capable;
-        bool ntp_synced;
-} StatusInfo;
-
-static void status_info_clear(StatusInfo *info) {
-        if (info) {
-                free(info->timezone);
-                zero(*info);
-        }
-}
-
-static void print_status_info(const StatusInfo *i) {
-        char a[FORMAT_TIMESTAMP_MAX];
-        struct tm tm;
-        time_t sec;
-        bool have_time = false;
-        const char *old_tz = NULL, *tz;
-        int r;
-
-        assert(i);
-
-        /* Save the old $TZ */
-        tz = getenv("TZ");
-        if (tz)
-                old_tz = strdupa(tz);
-
-        /* Set the new $TZ */
-        if (setenv("TZ", isempty(i->timezone) ? "UTC" : i->timezone, true) < 0)
-                log_warning_errno(errno, "Failed to set TZ environment variable, ignoring: %m");
-        else
-                tzset();
-
-        if (i->time != 0) {
-                sec = (time_t) (i->time / USEC_PER_SEC);
-                have_time = true;
-        } else if (IN_SET(arg_transport, BUS_TRANSPORT_LOCAL, BUS_TRANSPORT_MACHINE)) {
-                sec = time(NULL);
-                have_time = true;
-        } else
-                log_warning("Could not get time from timedated and not operating locally, ignoring.");
-
-        if (have_time) {
-                xstrftime(a, "%a %Y-%m-%d %H:%M:%S %Z", localtime_r(&sec, &tm));
-                printf("      Local time: %.*s\n", (int) sizeof(a), a);
-
-                xstrftime(a, "%a %Y-%m-%d %H:%M:%S UTC", gmtime_r(&sec, &tm));
-                printf("  Universal time: %.*s\n", (int) sizeof(a), a);
-        } else {
-                printf("      Local time: %s\n", "n/a");
-                printf("  Universal time: %s\n", "n/a");
-        }
-
-        if (i->rtc_time > 0) {
-                time_t rtc_sec;
-
-                rtc_sec = (time_t) (i->rtc_time / USEC_PER_SEC);
-                xstrftime(a, "%a %Y-%m-%d %H:%M:%S", gmtime_r(&rtc_sec, &tm));
-                printf("        RTC time: %.*s\n", (int) sizeof(a), a);
-        } else
-                printf("        RTC time: %s\n", "n/a");
-
-        if (have_time)
-                xstrftime(a, "%Z, %z", localtime_r(&sec, &tm));
-
-        /* Restore the $TZ */
-        if (old_tz)
-                r = setenv("TZ", old_tz, true);
-        else
-                r = unsetenv("TZ");
-        if (r < 0)
-                log_warning_errno(errno, "Failed to set TZ environment variable, ignoring: %m");
-        else
-                tzset();
-
-        printf("       Time zone: %s (%.*s)\n"
-               " Network time on: %s\n"
-               "NTP synchronized: %s\n"
-               " RTC in local TZ: %s\n",
-               strna(i->timezone), (int) sizeof(a), have_time ? a : "n/a",
-               i->ntp_capable ? yes_no(i->ntp_enabled) : "n/a",
-               yes_no(i->ntp_synced),
-               yes_no(i->rtc_local));
-
-        if (i->rtc_local)
-                fputs("\n" ANSI_HIGHLIGHT
-                      "Warning: The system is configured to read the RTC time in the local time zone.\n"
-                      "         This mode can not be fully supported. It will create various problems\n"
-                      "         with time zone changes and daylight saving time adjustments. The RTC\n"
-                      "         time is never updated, it relies on external facilities to maintain it.\n"
-                      "         If at all possible, use RTC in UTC by calling\n"
-                      "         'timedatectl set-local-rtc 0'." ANSI_NORMAL "\n", stdout);
-}
-
-static int show_status(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(status_info_clear) StatusInfo info = {};
-        static const struct bus_properties_map map[]  = {
-                { "Timezone",        "s", NULL, offsetof(StatusInfo, timezone) },
-                { "LocalRTC",        "b", NULL, offsetof(StatusInfo, rtc_local) },
-                { "NTP",             "b", NULL, offsetof(StatusInfo, ntp_enabled) },
-                { "CanNTP",          "b", NULL, offsetof(StatusInfo, ntp_capable) },
-                { "NTPSynchronized", "b", NULL, offsetof(StatusInfo, ntp_synced) },
-                { "TimeUSec",        "t", NULL, offsetof(StatusInfo, time) },
-                { "RTCTimeUSec",     "t", NULL, offsetof(StatusInfo, rtc_time) },
-                {}
-        };
-        int r;
-
-        assert(bus);
-
-        r = bus_map_all_properties(bus,
-                                   "org.freedesktop.timedate1",
-                                   "/org/freedesktop/timedate1",
-                                   map,
-                                   &info);
-        if (r < 0)
-                return log_error_errno(r, "Failed to query server: %m");
-
-        print_status_info(&info);
-
-        return r;
-}
-
-static int set_time(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        bool relative = false, interactive = arg_ask_password;
-        usec_t t;
-        int r;
-
-        assert(args);
-        assert(n == 2);
-
-        polkit_agent_open_if_enabled();
-
-        r = parse_timestamp(args[1], &t);
-        if (r < 0) {
-                log_error("Failed to parse time specification: %s", args[1]);
-                return r;
-        }
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.timedate1",
-                               "/org/freedesktop/timedate1",
-                               "org.freedesktop.timedate1",
-                               "SetTime",
-                               &error,
-                               NULL,
-                               "xbb", (int64_t)t, relative, interactive);
-        if (r < 0)
-                log_error("Failed to set time: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static int set_timezone(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-
-        assert(args);
-        assert(n == 2);
-
-        polkit_agent_open_if_enabled();
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.timedate1",
-                               "/org/freedesktop/timedate1",
-                               "org.freedesktop.timedate1",
-                               "SetTimezone",
-                               &error,
-                               NULL,
-                               "sb", args[1], arg_ask_password);
-        if (r < 0)
-                log_error("Failed to set time zone: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static int set_local_rtc(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r, b;
-
-        assert(args);
-        assert(n == 2);
-
-        polkit_agent_open_if_enabled();
-
-        b = parse_boolean(args[1]);
-        if (b < 0) {
-                log_error("Failed to parse local RTC setting: %s", args[1]);
-                return b;
-        }
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.timedate1",
-                               "/org/freedesktop/timedate1",
-                               "org.freedesktop.timedate1",
-                               "SetLocalRTC",
-                               &error,
-                               NULL,
-                               "bbb", b, arg_adjust_system_clock, arg_ask_password);
-        if (r < 0)
-                log_error("Failed to set local RTC: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static int set_ntp(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int b, r;
-
-        assert(args);
-        assert(n == 2);
-
-        polkit_agent_open_if_enabled();
-
-        b = parse_boolean(args[1]);
-        if (b < 0) {
-                log_error("Failed to parse NTP setting: %s", args[1]);
-                return b;
-        }
-
-        r = sd_bus_call_method(bus,
-                               "org.freedesktop.timedate1",
-                               "/org/freedesktop/timedate1",
-                               "org.freedesktop.timedate1",
-                               "SetNTP",
-                               &error,
-                               NULL,
-                               "bb", b, arg_ask_password);
-        if (r < 0)
-                log_error("Failed to set ntp: %s", bus_error_message(&error, -r));
-
-        return r;
-}
-
-static int list_timezones(sd_bus *bus, char **args, unsigned n) {
-        _cleanup_strv_free_ char **zones = NULL;
-        int r;
-
-        assert(args);
-        assert(n == 1);
-
-        r = get_timezones(&zones);
-        if (r < 0)
-                return log_error_errno(r, "Failed to read list of time zones: %m");
-
-        pager_open(arg_no_pager, false);
-        strv_print(zones);
-
-        return 0;
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...] COMMAND ...\n\n"
-               "Query or change system time and date settings.\n\n"
-               "  -h --help                Show this help message\n"
-               "     --version             Show package version\n"
-               "     --no-pager            Do not pipe output into a pager\n"
-               "     --no-ask-password     Do not prompt for password\n"
-               "  -H --host=[USER@]HOST    Operate on remote host\n"
-               "  -M --machine=CONTAINER   Operate on local container\n"
-               "     --adjust-system-clock Adjust system clock when changing local RTC mode\n\n"
-               "Commands:\n"
-               "  status                   Show current time settings\n"
-               "  set-time TIME            Set system time\n"
-               "  set-timezone ZONE        Set system time zone\n"
-               "  list-timezones           Show known time zones\n"
-               "  set-local-rtc BOOL       Control whether RTC is in local time\n"
-               "  set-ntp BOOL             Enable or disable network time synchronization\n",
-               program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-
-        enum {
-                ARG_VERSION = 0x100,
-                ARG_NO_PAGER,
-                ARG_ADJUST_SYSTEM_CLOCK,
-                ARG_NO_ASK_PASSWORD
-        };
-
-        static const struct option options[] = {
-                { "help",                no_argument,       NULL, 'h'                     },
-                { "version",             no_argument,       NULL, ARG_VERSION             },
-                { "no-pager",            no_argument,       NULL, ARG_NO_PAGER            },
-                { "host",                required_argument, NULL, 'H'                     },
-                { "machine",             required_argument, NULL, 'M'                     },
-                { "no-ask-password",     no_argument,       NULL, ARG_NO_ASK_PASSWORD     },
-                { "adjust-system-clock", no_argument,       NULL, ARG_ADJUST_SYSTEM_CLOCK },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "hH:M:", options, NULL)) >= 0)
-
-                switch (c) {
-
-                case 'h':
-                        help();
-                        return 0;
-
-                case ARG_VERSION:
-                        return version();
-
-                case 'H':
-                        arg_transport = BUS_TRANSPORT_REMOTE;
-                        arg_host = optarg;
-                        break;
-
-                case 'M':
-                        arg_transport = BUS_TRANSPORT_MACHINE;
-                        arg_host = optarg;
-                        break;
-
-                case ARG_NO_ASK_PASSWORD:
-                        arg_ask_password = false;
-                        break;
-
-                case ARG_ADJUST_SYSTEM_CLOCK:
-                        arg_adjust_system_clock = true;
-                        break;
-
-                case ARG_NO_PAGER:
-                        arg_no_pager = true;
-                        break;
-
-                case '?':
-                        return -EINVAL;
-
-                default:
-                        assert_not_reached("Unhandled option");
-                }
-
-        return 1;
-}
-
-static int timedatectl_main(sd_bus *bus, int argc, char *argv[]) {
-
-        static const struct {
-                const char* verb;
-                const enum {
-                        MORE,
-                        LESS,
-                        EQUAL
-                } argc_cmp;
-                const int argc;
-                int (* const dispatch)(sd_bus *bus, char **args, unsigned n);
-        } verbs[] = {
-                { "status",                LESS,   1, show_status      },
-                { "set-time",              EQUAL,  2, set_time         },
-                { "set-timezone",          EQUAL,  2, set_timezone     },
-                { "list-timezones",        EQUAL,  1, list_timezones   },
-                { "set-local-rtc",         EQUAL,  2, set_local_rtc    },
-                { "set-ntp",               EQUAL,  2, set_ntp,         },
-        };
-
-        int left;
-        unsigned i;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        left = argc - optind;
-
-        if (left <= 0)
-                /* Special rule: no arguments means "status" */
-                i = 0;
-        else {
-                if (streq(argv[optind], "help")) {
-                        help();
-                        return 0;
-                }
-
-                for (i = 0; i < ELEMENTSOF(verbs); i++)
-                        if (streq(argv[optind], verbs[i].verb))
-                                break;
-
-                if (i >= ELEMENTSOF(verbs)) {
-                        log_error("Unknown operation %s", argv[optind]);
-                        return -EINVAL;
-                }
-        }
-
-        switch (verbs[i].argc_cmp) {
-
-        case EQUAL:
-                if (left != verbs[i].argc) {
-                        log_error("Invalid number of arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        case MORE:
-                if (left < verbs[i].argc) {
-                        log_error("Too few arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        case LESS:
-                if (left > verbs[i].argc) {
-                        log_error("Too many arguments.");
-                        return -EINVAL;
-                }
-
-                break;
-
-        default:
-                assert_not_reached("Unknown comparison operator.");
-        }
-
-        return verbs[i].dispatch(bus, argv + optind, left);
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        setlocale(LC_ALL, "");
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto finish;
-
-        r = bus_connect_transport(arg_transport, arg_host, false, &bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to create bus connection: %m");
-                goto finish;
-        }
-
-        r = timedatectl_main(bus, argc, argv);
-
-finish:
-        pager_close();
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
deleted file mode 100644
index ffec609c69..0000000000
--- a/src/timedate/timedated.c
+++ /dev/null
@@ -1,747 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2011 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "sd-bus.h"
-#include "sd-event.h"
-#include "sd-messages.h"
-
-#include "alloc-util.h"
-#include "bus-common-errors.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "clock-util.h"
-#include "def.h"
-#include "fileio-label.h"
-#include "fs-util.h"
-#include "path-util.h"
-#include "selinux-util.h"
-#include "strv.h"
-#include "user-util.h"
-#include "util.h"
-
-#define NULL_ADJTIME_UTC "0.0 0 0\n0\nUTC\n"
-#define NULL_ADJTIME_LOCAL "0.0 0 0\n0\nLOCAL\n"
-
-static BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map timedated_errors[] = {
-        SD_BUS_ERROR_MAP("org.freedesktop.timedate1.NoNTPSupport", EOPNOTSUPP),
-        SD_BUS_ERROR_MAP_END
-};
-
-typedef struct Context {
-        char *zone;
-        bool local_rtc;
-        bool can_ntp;
-        bool use_ntp;
-        Hashmap *polkit_registry;
-} Context;
-
-static void context_free(Context *c) {
-        assert(c);
-
-        free(c->zone);
-        bus_verify_polkit_async_registry_free(c->polkit_registry);
-}
-
-static int context_read_data(Context *c) {
-        _cleanup_free_ char *t = NULL;
-        int r;
-
-        assert(c);
-
-        r = get_timezone(&t);
-        if (r == -EINVAL)
-                log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /usr/share/zoneinfo/.");
-        else if (r < 0)
-                log_warning_errno(r, "Failed to get target of /etc/localtime: %m");
-
-        free(c->zone);
-        c->zone = t;
-        t = NULL;
-
-        c->local_rtc = clock_is_localtime(NULL) > 0;
-
-        return 0;
-}
-
-static int context_write_data_timezone(Context *c) {
-        _cleanup_free_ char *p = NULL;
-        int r = 0;
-
-        assert(c);
-
-        if (isempty(c->zone)) {
-                if (unlink("/etc/localtime") < 0 && errno != ENOENT)
-                        r = -errno;
-
-                return r;
-        }
-
-        p = strappend("../usr/share/zoneinfo/", c->zone);
-        if (!p)
-                return log_oom();
-
-        r = symlink_atomic(p, "/etc/localtime");
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int context_write_data_local_rtc(Context *c) {
-        int r;
-        _cleanup_free_ char *s = NULL, *w = NULL;
-
-        assert(c);
-
-        r = read_full_file("/etc/adjtime", &s, NULL);
-        if (r < 0) {
-                if (r != -ENOENT)
-                        return r;
-
-                if (!c->local_rtc)
-                        return 0;
-
-                w = strdup(NULL_ADJTIME_LOCAL);
-                if (!w)
-                        return -ENOMEM;
-        } else {
-                char *p;
-                const char *e = "\n"; /* default if there is less than 3 lines */
-                const char *prepend = "";
-                size_t a, b;
-
-                p = strchrnul(s, '\n');
-                if (*p == '\0')
-                        /* only one line, no \n terminator */
-                        prepend = "\n0\n";
-                else if (p[1] == '\0') {
-                        /* only one line, with \n terminator */
-                        ++p;
-                        prepend = "0\n";
-                } else {
-                        p = strchr(p+1, '\n');
-                        if (!p) {
-                                /* only two lines, no \n terminator */
-                                prepend = "\n";
-                                p = s + strlen(s);
-                        } else {
-                                char *end;
-                                /* third line might have a \n terminator or not */
-                                p++;
-                                end = strchr(p, '\n');
-                                /* if we actually have a fourth line, use that as suffix "e", otherwise the default \n */
-                                if (end)
-                                        e = end;
-                        }
-                }
-
-                a = p - s;
-                b = strlen(e);
-
-                w = new(char, a + (c->local_rtc ? 5 : 3) + strlen(prepend) + b + 1);
-                if (!w)
-                        return -ENOMEM;
-
-                *(char*) mempcpy(stpcpy(stpcpy(mempcpy(w, s, a), prepend), c->local_rtc ? "LOCAL" : "UTC"), e, b) = 0;
-
-                if (streq(w, NULL_ADJTIME_UTC)) {
-                        if (unlink("/etc/adjtime") < 0)
-                                if (errno != ENOENT)
-                                        return -errno;
-
-                        return 0;
-                }
-        }
-
-        mac_selinux_init();
-        return write_string_file_atomic_label("/etc/adjtime", w);
-}
-
-static int context_read_ntp(Context *c, sd_bus *bus) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
-        const char *s;
-        int r;
-
-        assert(c);
-        assert(bus);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "GetUnitFileState",
-                        &error,
-                        &reply,
-                        "s",
-                        "systemd-timesyncd.service");
-
-        if (r < 0) {
-                if (sd_bus_error_has_name(&error, SD_BUS_ERROR_FILE_NOT_FOUND) ||
-                    sd_bus_error_has_name(&error, "org.freedesktop.systemd1.LoadFailed") ||
-                    sd_bus_error_has_name(&error, "org.freedesktop.systemd1.NoSuchUnit"))
-                        return 0;
-
-                return r;
-        }
-
-        r = sd_bus_message_read(reply, "s", &s);
-        if (r < 0)
-                return r;
-
-        c->can_ntp = true;
-        c->use_ntp = STR_IN_SET(s, "enabled", "enabled-runtime");
-
-        return 0;
-}
-
-static int context_start_ntp(sd_bus *bus, sd_bus_error *error, bool enabled) {
-        int r;
-
-        assert(bus);
-        assert(error);
-
-        r = sd_bus_call_method(
-                bus,
-                "org.freedesktop.systemd1",
-                "/org/freedesktop/systemd1",
-                "org.freedesktop.systemd1.Manager",
-                enabled ? "StartUnit" : "StopUnit",
-                error,
-                NULL,
-                "ss",
-                "systemd-timesyncd.service",
-                "replace");
-        if (r < 0) {
-                if (sd_bus_error_has_name(error, SD_BUS_ERROR_FILE_NOT_FOUND) ||
-                    sd_bus_error_has_name(error, "org.freedesktop.systemd1.LoadFailed") ||
-                    sd_bus_error_has_name(error, "org.freedesktop.systemd1.NoSuchUnit"))
-                        return sd_bus_error_set_const(error, "org.freedesktop.timedate1.NoNTPSupport", "NTP not supported.");
-
-                return r;
-        }
-
-        return 0;
-}
-
-static int context_enable_ntp(sd_bus *bus, sd_bus_error *error, bool enabled) {
-        int r;
-
-        assert(bus);
-        assert(error);
-
-        if (enabled)
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "EnableUnitFiles",
-                                error,
-                                NULL,
-                                "asbb", 1,
-                                "systemd-timesyncd.service",
-                                false, true);
-        else
-                r = sd_bus_call_method(
-                                bus,
-                                "org.freedesktop.systemd1",
-                                "/org/freedesktop/systemd1",
-                                "org.freedesktop.systemd1.Manager",
-                                "DisableUnitFiles",
-                                error,
-                                NULL,
-                                "asb", 1,
-                                "systemd-timesyncd.service",
-                                false);
-
-        if (r < 0) {
-                if (sd_bus_error_has_name(error, SD_BUS_ERROR_FILE_NOT_FOUND))
-                        return sd_bus_error_set_const(error, "org.freedesktop.timedate1.NoNTPSupport", "NTP not supported.");
-
-                return r;
-        }
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "Reload",
-                        error,
-                        NULL,
-                        NULL);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-static int property_get_rtc_time(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        struct tm tm;
-        usec_t t;
-        int r;
-
-        zero(tm);
-        r = clock_get_hwclock(&tm);
-        if (r == -EBUSY) {
-                log_warning("/dev/rtc is busy. Is somebody keeping it open continuously? That's not a good idea... Returning a bogus RTC timestamp.");
-                t = 0;
-        } else if (r == -ENOENT) {
-                log_debug("/dev/rtc not found.");
-                t = 0; /* no RTC found */
-        } else if (r < 0)
-                return sd_bus_error_set_errnof(error, r, "Failed to read RTC: %m");
-        else
-                t = (usec_t) timegm(&tm) * USEC_PER_SEC;
-
-        return sd_bus_message_append(reply, "t", t);
-}
-
-static int property_get_time(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        return sd_bus_message_append(reply, "t", now(CLOCK_REALTIME));
-}
-
-static int property_get_ntp_sync(
-                sd_bus *bus,
-                const char *path,
-                const char *interface,
-                const char *property,
-                sd_bus_message *reply,
-                void *userdata,
-                sd_bus_error *error) {
-
-        return sd_bus_message_append(reply, "b", ntp_synced());
-}
-
-static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        Context *c = userdata;
-        const char *z;
-        int interactive;
-        char *t;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        r = sd_bus_message_read(m, "sb", &z, &interactive);
-        if (r < 0)
-                return r;
-
-        if (!timezone_is_valid(z))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid time zone '%s'", z);
-
-        if (streq_ptr(z, c->zone))
-                return sd_bus_reply_method_return(m, NULL);
-
-        r = bus_verify_polkit_async(
-                        m,
-                        CAP_SYS_TIME,
-                        "org.freedesktop.timedate1.set-timezone",
-                        NULL,
-                        interactive,
-                        UID_INVALID,
-                        &c->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
-
-        t = strdup(z);
-        if (!t)
-                return -ENOMEM;
-
-        free(c->zone);
-        c->zone = t;
-
-        /* 1. Write new configuration file */
-        r = context_write_data_timezone(c);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set time zone: %m");
-                return sd_bus_error_set_errnof(error, r, "Failed to set time zone: %m");
-        }
-
-        /* 2. Tell the kernel our timezone */
-        clock_set_timezone(NULL);
-
-        if (c->local_rtc) {
-                struct timespec ts;
-                struct tm *tm;
-
-                /* 3. Sync RTC from system clock, with the new delta */
-                assert_se(clock_gettime(CLOCK_REALTIME, &ts) == 0);
-                assert_se(tm = localtime(&ts.tv_sec));
-                clock_set_hwclock(tm);
-        }
-
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_TIMEZONE_CHANGE),
-                   "TIMEZONE=%s", c->zone,
-                   LOG_MESSAGE("Changed time zone to '%s'.", c->zone),
-                   NULL);
-
-        (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "Timezone", NULL);
-
-        return sd_bus_reply_method_return(m, NULL);
-}
-
-static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int lrtc, fix_system, interactive;
-        Context *c = userdata;
-        struct timespec ts;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        r = sd_bus_message_read(m, "bbb", &lrtc, &fix_system, &interactive);
-        if (r < 0)
-                return r;
-
-        if (lrtc == c->local_rtc)
-                return sd_bus_reply_method_return(m, NULL);
-
-        r = bus_verify_polkit_async(
-                        m,
-                        CAP_SYS_TIME,
-                        "org.freedesktop.timedate1.set-local-rtc",
-                        NULL,
-                        interactive,
-                        UID_INVALID,
-                        &c->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1;
-
-        c->local_rtc = lrtc;
-
-        /* 1. Write new configuration file */
-        r = context_write_data_local_rtc(c);
-        if (r < 0) {
-                log_error_errno(r, "Failed to set RTC to local/UTC: %m");
-                return sd_bus_error_set_errnof(error, r, "Failed to set RTC to local/UTC: %m");
-        }
-
-        /* 2. Tell the kernel our timezone */
-        clock_set_timezone(NULL);
-
-        /* 3. Synchronize clocks */
-        assert_se(clock_gettime(CLOCK_REALTIME, &ts) == 0);
-
-        if (fix_system) {
-                struct tm tm;
-
-                /* Sync system clock from RTC; first,
-                 * initialize the timezone fields of
-                 * struct tm. */
-                if (c->local_rtc)
-                        tm = *localtime(&ts.tv_sec);
-                else
-                        tm = *gmtime(&ts.tv_sec);
-
-                /* Override the main fields of
-                 * struct tm, but not the timezone
-                 * fields */
-                if (clock_get_hwclock(&tm) >= 0) {
-
-                        /* And set the system clock
-                         * with this */
-                        if (c->local_rtc)
-                                ts.tv_sec = mktime(&tm);
-                        else
-                                ts.tv_sec = timegm(&tm);
-
-                        clock_settime(CLOCK_REALTIME, &ts);
-                }
-
-        } else {
-                struct tm *tm;
-
-                /* Sync RTC from system clock */
-                if (c->local_rtc)
-                        tm = localtime(&ts.tv_sec);
-                else
-                        tm = gmtime(&ts.tv_sec);
-
-                clock_set_hwclock(tm);
-        }
-
-        log_info("RTC configured to %s time.", c->local_rtc ? "local" : "UTC");
-
-        (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "LocalRTC", NULL);
-
-        return sd_bus_reply_method_return(m, NULL);
-}
-
-static int method_set_time(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int relative, interactive;
-        Context *c = userdata;
-        int64_t utc;
-        struct timespec ts;
-        usec_t start;
-        struct tm* tm;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        if (c->use_ntp)
-                return sd_bus_error_setf(error, BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED, "Automatic time synchronization is enabled");
-
-        /* this only gets used if dbus does not provide a timestamp */
-        start = now(CLOCK_MONOTONIC);
-
-        r = sd_bus_message_read(m, "xbb", &utc, &relative, &interactive);
-        if (r < 0)
-                return r;
-
-        if (!relative && utc <= 0)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid absolute time");
-
-        if (relative && utc == 0)
-                return sd_bus_reply_method_return(m, NULL);
-
-        if (relative) {
-                usec_t n, x;
-
-                n = now(CLOCK_REALTIME);
-                x = n + utc;
-
-                if ((utc > 0 && x < n) ||
-                    (utc < 0 && x > n))
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Time value overflow");
-
-                timespec_store(&ts, x);
-        } else
-                timespec_store(&ts, (usec_t) utc);
-
-        r = bus_verify_polkit_async(
-                        m,
-                        CAP_SYS_TIME,
-                        "org.freedesktop.timedate1.set-time",
-                        NULL,
-                        interactive,
-                        UID_INVALID,
-                        &c->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1;
-
-        /* adjust ts for time spent in program */
-        r = sd_bus_message_get_monotonic_usec(m, &start);
-        /* when sd_bus_message_get_monotonic_usec() returns -ENODATA it does not modify &start */
-        if (r < 0 && r != -ENODATA)
-                return r;
-
-        timespec_store(&ts, timespec_load(&ts) + (now(CLOCK_MONOTONIC) - start));
-
-        /* Set system clock */
-        if (clock_settime(CLOCK_REALTIME, &ts) < 0) {
-                log_error_errno(errno, "Failed to set local time: %m");
-                return sd_bus_error_set_errnof(error, errno, "Failed to set local time: %m");
-        }
-
-        /* Sync down to RTC */
-        if (c->local_rtc)
-                tm = localtime(&ts.tv_sec);
-        else
-                tm = gmtime(&ts.tv_sec);
-        clock_set_hwclock(tm);
-
-        log_struct(LOG_INFO,
-                   LOG_MESSAGE_ID(SD_MESSAGE_TIME_CHANGE),
-                   "REALTIME="USEC_FMT, timespec_load(&ts),
-                   LOG_MESSAGE("Changed local time to %s", ctime(&ts.tv_sec)),
-                   NULL);
-
-        return sd_bus_reply_method_return(m, NULL);
-}
-
-static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error) {
-        int enabled, interactive;
-        Context *c = userdata;
-        int r;
-
-        assert(m);
-        assert(c);
-
-        r = sd_bus_message_read(m, "bb", &enabled, &interactive);
-        if (r < 0)
-                return r;
-
-        if ((bool)enabled == c->use_ntp)
-                return sd_bus_reply_method_return(m, NULL);
-
-        r = bus_verify_polkit_async(
-                        m,
-                        CAP_SYS_TIME,
-                        "org.freedesktop.timedate1.set-ntp",
-                        NULL,
-                        interactive,
-                        UID_INVALID,
-                        &c->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1;
-
-        r = context_enable_ntp(sd_bus_message_get_bus(m), error, enabled);
-        if (r < 0)
-                return r;
-
-        r = context_start_ntp(sd_bus_message_get_bus(m), error, enabled);
-        if (r < 0)
-                return r;
-
-        c->use_ntp = enabled;
-        log_info("Set NTP to %s", enabled ? "enabled" : "disabled");
-
-        (void) sd_bus_emit_properties_changed(sd_bus_message_get_bus(m), "/org/freedesktop/timedate1", "org.freedesktop.timedate1", "NTP", NULL);
-
-        return sd_bus_reply_method_return(m, NULL);
-}
-
-static const sd_bus_vtable timedate_vtable[] = {
-        SD_BUS_VTABLE_START(0),
-        SD_BUS_PROPERTY("Timezone", "s", NULL, offsetof(Context, zone), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("LocalRTC", "b", bus_property_get_bool, offsetof(Context, local_rtc), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("CanNTP", "b", bus_property_get_bool, offsetof(Context, can_ntp), 0),
-        SD_BUS_PROPERTY("NTP", "b", bus_property_get_bool, offsetof(Context, use_ntp), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
-        SD_BUS_PROPERTY("NTPSynchronized", "b", property_get_ntp_sync, 0, 0),
-        SD_BUS_PROPERTY("TimeUSec", "t", property_get_time, 0, 0),
-        SD_BUS_PROPERTY("RTCTimeUSec", "t", property_get_rtc_time, 0, 0),
-        SD_BUS_METHOD("SetTime", "xbb", NULL, method_set_time, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetTimezone", "sb", NULL, method_set_timezone, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetLocalRTC", "bbb", NULL, method_set_local_rtc, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("SetNTP", "bb", NULL, method_set_ntp, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_VTABLE_END,
-};
-
-static int connect_bus(Context *c, sd_event *event, sd_bus **_bus) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        assert(c);
-        assert(event);
-        assert(_bus);
-
-        r = sd_bus_default_system(&bus);
-        if (r < 0)
-                return log_error_errno(r, "Failed to get system bus connection: %m");
-
-        r = sd_bus_add_object_vtable(bus, NULL, "/org/freedesktop/timedate1", "org.freedesktop.timedate1", timedate_vtable, c);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register object: %m");
-
-        r = sd_bus_request_name(bus, "org.freedesktop.timedate1", 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to register name: %m");
-
-        r = sd_bus_attach_event(bus, event, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to attach bus to event loop: %m");
-
-        *_bus = bus;
-        bus = NULL;
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        Context context = {};
-        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (argc != 1) {
-                log_error("This program takes no arguments.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        r = sd_event_default(&event);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate event loop: %m");
-                goto finish;
-        }
-
-        sd_event_set_watchdog(event, true);
-
-        r = connect_bus(&context, event, &bus);
-        if (r < 0)
-                goto finish;
-
-        (void) sd_bus_negotiate_timestamp(bus, true);
-
-        r = context_read_data(&context);
-        if (r < 0) {
-                log_error_errno(r, "Failed to read time zone data: %m");
-                goto finish;
-        }
-
-        r = context_read_ntp(&context, bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to determine whether NTP is enabled: %m");
-                goto finish;
-        }
-
-        r = bus_event_loop_with_idle(event, bus, "org.freedesktop.timedate1", DEFAULT_EXIT_USEC, NULL, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Failed to run event loop: %m");
-                goto finish;
-        }
-
-finish:
-        context_free(&context);
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/timesync/Makefile b/src/timesync/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/timesync/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c
deleted file mode 100644
index d5e16db3a0..0000000000
--- a/src/timesync/timesyncd-manager.c
+++ /dev/null
@@ -1,1156 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Kay Sievers, Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <math.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <resolv.h>
-#include <stdlib.h>
-#include <sys/socket.h>
-#include <sys/timerfd.h>
-#include <sys/timex.h>
-#include <sys/types.h>
-#include <time.h>
-
-#include "sd-daemon.h"
-
-#include "alloc-util.h"
-#include "fd-util.h"
-#include "fs-util.h"
-#include "list.h"
-#include "log.h"
-#include "missing.h"
-#include "network-util.h"
-#include "ratelimit.h"
-#include "socket-util.h"
-#include "sparse-endian.h"
-#include "string-util.h"
-#include "strv.h"
-#include "time-util.h"
-#include "timesyncd-conf.h"
-#include "timesyncd-manager.h"
-#include "util.h"
-
-#ifndef ADJ_SETOFFSET
-#define ADJ_SETOFFSET                   0x0100  /* add 'time' to current time */
-#endif
-
-/* expected accuracy of time synchronization; used to adjust the poll interval */
-#define NTP_ACCURACY_SEC                0.2
-
-/*
- * "A client MUST NOT under any conditions use a poll interval less
- * than 15 seconds."
- */
-#define NTP_POLL_INTERVAL_MIN_SEC       32
-#define NTP_POLL_INTERVAL_MAX_SEC       2048
-
-/*
- * Maximum delta in seconds which the system clock is gradually adjusted
- * (slew) to approach the network time. Deltas larger that this are set by
- * letting the system time jump. The kernel's limit for adjtime is 0.5s.
- */
-#define NTP_MAX_ADJUST                  0.4
-
-/* NTP protocol, packet header */
-#define NTP_LEAP_PLUSSEC                1
-#define NTP_LEAP_MINUSSEC               2
-#define NTP_LEAP_NOTINSYNC              3
-#define NTP_MODE_CLIENT                 3
-#define NTP_MODE_SERVER                 4
-#define NTP_FIELD_LEAP(f)               (((f) >> 6) & 3)
-#define NTP_FIELD_VERSION(f)            (((f) >> 3) & 7)
-#define NTP_FIELD_MODE(f)               ((f) & 7)
-#define NTP_FIELD(l, v, m)              (((l) << 6) | ((v) << 3) | (m))
-
-/* Maximum acceptable root distance in seconds. */
-#define NTP_MAX_ROOT_DISTANCE           5.0
-
-/* Maximum number of missed replies before selecting another source. */
-#define NTP_MAX_MISSED_REPLIES          2
-
-/*
- * "NTP timestamps are represented as a 64-bit unsigned fixed-point number,
- * in seconds relative to 0h on 1 January 1900."
- */
-#define OFFSET_1900_1970        UINT64_C(2208988800)
-
-#define RETRY_USEC (30*USEC_PER_SEC)
-#define RATELIMIT_INTERVAL_USEC (10*USEC_PER_SEC)
-#define RATELIMIT_BURST 10
-
-#define TIMEOUT_USEC (10*USEC_PER_SEC)
-
-struct ntp_ts {
-        be32_t sec;
-        be32_t frac;
-} _packed_;
-
-struct ntp_ts_short {
-        be16_t sec;
-        be16_t frac;
-} _packed_;
-
-struct ntp_msg {
-        uint8_t field;
-        uint8_t stratum;
-        int8_t poll;
-        int8_t precision;
-        struct ntp_ts_short root_delay;
-        struct ntp_ts_short root_dispersion;
-        char refid[4];
-        struct ntp_ts reference_time;
-        struct ntp_ts origin_time;
-        struct ntp_ts recv_time;
-        struct ntp_ts trans_time;
-} _packed_;
-
-static int manager_arm_timer(Manager *m, usec_t next);
-static int manager_clock_watch_setup(Manager *m);
-static int manager_listen_setup(Manager *m);
-static void manager_listen_stop(Manager *m);
-
-static double ntp_ts_short_to_d(const struct ntp_ts_short *ts) {
-        return be16toh(ts->sec) + (be16toh(ts->frac) / 65536.0);
-}
-
-static double ntp_ts_to_d(const struct ntp_ts *ts) {
-        return be32toh(ts->sec) + ((double)be32toh(ts->frac) / UINT_MAX);
-}
-
-static double ts_to_d(const struct timespec *ts) {
-        return ts->tv_sec + (1.0e-9 * ts->tv_nsec);
-}
-
-static int manager_timeout(sd_event_source *source, usec_t usec, void *userdata) {
-        _cleanup_free_ char *pretty = NULL;
-        Manager *m = userdata;
-
-        assert(m);
-        assert(m->current_server_name);
-        assert(m->current_server_address);
-
-        server_address_pretty(m->current_server_address, &pretty);
-        log_info("Timed out waiting for reply from %s (%s).", strna(pretty), m->current_server_name->string);
-
-        return manager_connect(m);
-}
-
-static int manager_send_request(Manager *m) {
-        _cleanup_free_ char *pretty = NULL;
-        struct ntp_msg ntpmsg = {
-                /*
-                 * "The client initializes the NTP message header, sends the request
-                 * to the server, and strips the time of day from the Transmit
-                 * Timestamp field of the reply.  For this purpose, all the NTP
-                 * header fields are set to 0, except the Mode, VN, and optional
-                 * Transmit Timestamp fields."
-                 */
-                .field = NTP_FIELD(0, 4, NTP_MODE_CLIENT),
-        };
-        ssize_t len;
-        int r;
-
-        assert(m);
-        assert(m->current_server_name);
-        assert(m->current_server_address);
-
-        m->event_timeout = sd_event_source_unref(m->event_timeout);
-
-        r = manager_listen_setup(m);
-        if (r < 0)
-                return log_warning_errno(r, "Failed to setup connection socket: %m");
-
-        /*
-         * Set transmit timestamp, remember it; the server will send that back
-         * as the origin timestamp and we have an indication that this is the
-         * matching answer to our request.
-         *
-         * The actual value does not matter, We do not care about the correct
-         * NTP UINT_MAX fraction; we just pass the plain nanosecond value.
-         */
-        assert_se(clock_gettime(clock_boottime_or_monotonic(), &m->trans_time_mon) >= 0);
-        assert_se(clock_gettime(CLOCK_REALTIME, &m->trans_time) >= 0);
-        ntpmsg.trans_time.sec = htobe32(m->trans_time.tv_sec + OFFSET_1900_1970);
-        ntpmsg.trans_time.frac = htobe32(m->trans_time.tv_nsec);
-
-        server_address_pretty(m->current_server_address, &pretty);
-
-        len = sendto(m->server_socket, &ntpmsg, sizeof(ntpmsg), MSG_DONTWAIT, &m->current_server_address->sockaddr.sa, m->current_server_address->socklen);
-        if (len == sizeof(ntpmsg)) {
-                m->pending = true;
-                log_debug("Sent NTP request to %s (%s).", strna(pretty), m->current_server_name->string);
-        } else {
-                log_debug_errno(errno, "Sending NTP request to %s (%s) failed: %m", strna(pretty), m->current_server_name->string);
-                return manager_connect(m);
-        }
-
-        /* re-arm timer with increasing timeout, in case the packets never arrive back */
-        if (m->retry_interval > 0) {
-                if (m->retry_interval < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
-                        m->retry_interval *= 2;
-        } else
-                m->retry_interval = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
-
-        r = manager_arm_timer(m, m->retry_interval);
-        if (r < 0)
-                return log_error_errno(r, "Failed to rearm timer: %m");
-
-        m->missed_replies++;
-        if (m->missed_replies > NTP_MAX_MISSED_REPLIES) {
-                r = sd_event_add_time(
-                                m->event,
-                                &m->event_timeout,
-                                clock_boottime_or_monotonic(),
-                                now(clock_boottime_or_monotonic()) + TIMEOUT_USEC, 0,
-                                manager_timeout, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to arm timeout timer: %m");
-        }
-
-        return 0;
-}
-
-static int manager_timer(sd_event_source *source, usec_t usec, void *userdata) {
-        Manager *m = userdata;
-
-        assert(m);
-
-        return manager_send_request(m);
-}
-
-static int manager_arm_timer(Manager *m, usec_t next) {
-        int r;
-
-        assert(m);
-
-        if (next == 0) {
-                m->event_timer = sd_event_source_unref(m->event_timer);
-                return 0;
-        }
-
-        if (m->event_timer) {
-                r = sd_event_source_set_time(m->event_timer, now(clock_boottime_or_monotonic()) + next);
-                if (r < 0)
-                        return r;
-
-                return sd_event_source_set_enabled(m->event_timer, SD_EVENT_ONESHOT);
-        }
-
-        return sd_event_add_time(
-                        m->event,
-                        &m->event_timer,
-                        clock_boottime_or_monotonic(),
-                        now(clock_boottime_or_monotonic()) + next, 0,
-                        manager_timer, m);
-}
-
-static int manager_clock_watch(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-
-        assert(m);
-
-        /* rearm timer */
-        manager_clock_watch_setup(m);
-
-        /* skip our own jumps */
-        if (m->jumped) {
-                m->jumped = false;
-                return 0;
-        }
-
-        /* resync */
-        log_debug("System time changed. Resyncing.");
-        m->poll_resync = true;
-
-        return manager_send_request(m);
-}
-
-/* wake up when the system time changes underneath us */
-static int manager_clock_watch_setup(Manager *m) {
-
-        struct itimerspec its = {
-                .it_value.tv_sec = TIME_T_MAX
-        };
-
-        int r;
-
-        assert(m);
-
-        m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
-        safe_close(m->clock_watch_fd);
-
-        m->clock_watch_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
-        if (m->clock_watch_fd < 0)
-                return log_error_errno(errno, "Failed to create timerfd: %m");
-
-        if (timerfd_settime(m->clock_watch_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0)
-                return log_error_errno(errno, "Failed to set up timerfd: %m");
-
-        r = sd_event_add_io(m->event, &m->event_clock_watch, m->clock_watch_fd, EPOLLIN, manager_clock_watch, m);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create clock watch event source: %m");
-
-        return 0;
-}
-
-static int manager_adjust_clock(Manager *m, double offset, int leap_sec) {
-        struct timex tmx = {};
-        int r;
-
-        assert(m);
-
-        /*
-         * For small deltas, tell the kernel to gradually adjust the system
-         * clock to the NTP time, larger deltas are just directly set.
-         */
-        if (fabs(offset) < NTP_MAX_ADJUST) {
-                tmx.modes = ADJ_STATUS | ADJ_NANO | ADJ_OFFSET | ADJ_TIMECONST | ADJ_MAXERROR | ADJ_ESTERROR;
-                tmx.status = STA_PLL;
-                tmx.offset = offset * NSEC_PER_SEC;
-                tmx.constant = log2i(m->poll_interval_usec / USEC_PER_SEC) - 4;
-                tmx.maxerror = 0;
-                tmx.esterror = 0;
-                log_debug("  adjust (slew): %+.3f sec", offset);
-        } else {
-                tmx.modes = ADJ_STATUS | ADJ_NANO | ADJ_SETOFFSET;
-
-                /* ADJ_NANO uses nanoseconds in the microseconds field */
-                tmx.time.tv_sec = (long)offset;
-                tmx.time.tv_usec = (offset - tmx.time.tv_sec) * NSEC_PER_SEC;
-
-                /* the kernel expects -0.3s as {-1, 7000.000.000} */
-                if (tmx.time.tv_usec < 0) {
-                        tmx.time.tv_sec  -= 1;
-                        tmx.time.tv_usec += NSEC_PER_SEC;
-                }
-
-                m->jumped = true;
-                log_debug("  adjust (jump): %+.3f sec", offset);
-        }
-
-        /*
-         * An unset STA_UNSYNC will enable the kernel's 11-minute mode,
-         * which syncs the system time periodically to the RTC.
-         *
-         * In case the RTC runs in local time, never touch the RTC,
-         * we have no way to properly handle daylight saving changes and
-         * mobile devices moving between time zones.
-         */
-        if (m->rtc_local_time)
-                tmx.status |= STA_UNSYNC;
-
-        switch (leap_sec) {
-        case 1:
-                tmx.status |= STA_INS;
-                break;
-        case -1:
-                tmx.status |= STA_DEL;
-                break;
-        }
-
-        r = clock_adjtime(CLOCK_REALTIME, &tmx);
-        if (r < 0)
-                return -errno;
-
-        /* If touch fails, there isn't much we can do. Maybe it'll work next time. */
-        (void) touch("/var/lib/systemd/clock");
-
-        m->drift_ppm = tmx.freq / 65536;
-
-        log_debug("  status       : %04i %s\n"
-                  "  time now     : %li.%03llu\n"
-                  "  constant     : %li\n"
-                  "  offset       : %+.3f sec\n"
-                  "  freq offset  : %+li (%i ppm)\n",
-                  tmx.status, tmx.status & STA_UNSYNC ? "unsync" : "sync",
-                  tmx.time.tv_sec, (unsigned long long) (tmx.time.tv_usec / NSEC_PER_MSEC),
-                  tmx.constant,
-                  (double)tmx.offset / NSEC_PER_SEC,
-                  tmx.freq, m->drift_ppm);
-
-        return 0;
-}
-
-static bool manager_sample_spike_detection(Manager *m, double offset, double delay) {
-        unsigned int i, idx_cur, idx_new, idx_min;
-        double jitter;
-        double j;
-
-        assert(m);
-
-        m->packet_count++;
-
-        /* ignore initial sample */
-        if (m->packet_count == 1)
-                return false;
-
-        /* store the current data in our samples array */
-        idx_cur = m->samples_idx;
-        idx_new = (idx_cur + 1) % ELEMENTSOF(m->samples);
-        m->samples_idx = idx_new;
-        m->samples[idx_new].offset = offset;
-        m->samples[idx_new].delay = delay;
-
-        /* calculate new jitter value from the RMS differences relative to the lowest delay sample */
-        jitter = m->samples_jitter;
-        for (idx_min = idx_cur, i = 0; i < ELEMENTSOF(m->samples); i++)
-                if (m->samples[i].delay > 0 && m->samples[i].delay < m->samples[idx_min].delay)
-                        idx_min = i;
-
-        j = 0;
-        for (i = 0; i < ELEMENTSOF(m->samples); i++)
-                j += pow(m->samples[i].offset - m->samples[idx_min].offset, 2);
-        m->samples_jitter = sqrt(j / (ELEMENTSOF(m->samples) - 1));
-
-        /* ignore samples when resyncing */
-        if (m->poll_resync)
-                return false;
-
-        /* always accept offset if we are farther off than the round-trip delay */
-        if (fabs(offset) > delay)
-                return false;
-
-        /* we need a few samples before looking at them */
-        if (m->packet_count < 4)
-                return false;
-
-        /* do not accept anything worse than the maximum possible error of the best sample */
-        if (fabs(offset) > m->samples[idx_min].delay)
-                return true;
-
-        /* compare the difference between the current offset to the previous offset and jitter */
-        return fabs(offset - m->samples[idx_cur].offset) > 3 * jitter;
-}
-
-static void manager_adjust_poll(Manager *m, double offset, bool spike) {
-        assert(m);
-
-        if (m->poll_resync) {
-                m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
-                m->poll_resync = false;
-                return;
-        }
-
-        /* set to minimal poll interval */
-        if (!spike && fabs(offset) > NTP_ACCURACY_SEC) {
-                m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
-                return;
-        }
-
-        /* increase polling interval */
-        if (fabs(offset) < NTP_ACCURACY_SEC * 0.25) {
-                if (m->poll_interval_usec < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
-                        m->poll_interval_usec *= 2;
-                return;
-        }
-
-        /* decrease polling interval */
-        if (spike || fabs(offset) > NTP_ACCURACY_SEC * 0.75) {
-                if (m->poll_interval_usec > NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC)
-                        m->poll_interval_usec /= 2;
-                return;
-        }
-}
-
-static int manager_receive_response(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-        struct ntp_msg ntpmsg;
-
-        struct iovec iov = {
-                .iov_base = &ntpmsg,
-                .iov_len = sizeof(ntpmsg),
-        };
-        union {
-                struct cmsghdr cmsghdr;
-                uint8_t buf[CMSG_SPACE(sizeof(struct timeval))];
-        } control;
-        union sockaddr_union server_addr;
-        struct msghdr msghdr = {
-                .msg_iov = &iov,
-                .msg_iovlen = 1,
-                .msg_control = &control,
-                .msg_controllen = sizeof(control),
-                .msg_name = &server_addr,
-                .msg_namelen = sizeof(server_addr),
-        };
-        struct cmsghdr *cmsg;
-        struct timespec *recv_time;
-        ssize_t len;
-        double origin, receive, trans, dest;
-        double delay, offset;
-        double root_distance;
-        bool spike;
-        int leap_sec;
-        int r;
-
-        assert(source);
-        assert(m);
-
-        if (revents & (EPOLLHUP|EPOLLERR)) {
-                log_warning("Server connection returned error.");
-                return manager_connect(m);
-        }
-
-        len = recvmsg(fd, &msghdr, MSG_DONTWAIT);
-        if (len < 0) {
-                if (errno == EAGAIN)
-                        return 0;
-
-                log_warning("Error receiving message. Disconnecting.");
-                return manager_connect(m);
-        }
-
-        /* Too short or too long packet? */
-        if (iov.iov_len < sizeof(struct ntp_msg) || (msghdr.msg_flags & MSG_TRUNC)) {
-                log_warning("Invalid response from server. Disconnecting.");
-                return manager_connect(m);
-        }
-
-        if (!m->current_server_name ||
-            !m->current_server_address ||
-            !sockaddr_equal(&server_addr, &m->current_server_address->sockaddr)) {
-                log_debug("Response from unknown server.");
-                return 0;
-        }
-
-        recv_time = NULL;
-        CMSG_FOREACH(cmsg, &msghdr) {
-                if (cmsg->cmsg_level != SOL_SOCKET)
-                        continue;
-
-                switch (cmsg->cmsg_type) {
-                case SCM_TIMESTAMPNS:
-                        recv_time = (struct timespec *) CMSG_DATA(cmsg);
-                        break;
-                }
-        }
-        if (!recv_time) {
-                log_error("Invalid packet timestamp.");
-                return -EINVAL;
-        }
-
-        if (!m->pending) {
-                log_debug("Unexpected reply. Ignoring.");
-                return 0;
-        }
-
-        m->missed_replies = 0;
-
-        /* check our "time cookie" (we just stored nanoseconds in the fraction field) */
-        if (be32toh(ntpmsg.origin_time.sec) != m->trans_time.tv_sec + OFFSET_1900_1970 ||
-            be32toh(ntpmsg.origin_time.frac) != m->trans_time.tv_nsec) {
-                log_debug("Invalid reply; not our transmit time. Ignoring.");
-                return 0;
-        }
-
-        m->event_timeout = sd_event_source_unref(m->event_timeout);
-
-        if (be32toh(ntpmsg.recv_time.sec) < TIME_EPOCH + OFFSET_1900_1970 ||
-            be32toh(ntpmsg.trans_time.sec) < TIME_EPOCH + OFFSET_1900_1970) {
-                log_debug("Invalid reply, returned times before epoch. Ignoring.");
-                return manager_connect(m);
-        }
-
-        if (NTP_FIELD_LEAP(ntpmsg.field) == NTP_LEAP_NOTINSYNC ||
-            ntpmsg.stratum == 0 || ntpmsg.stratum >= 16) {
-                log_debug("Server is not synchronized. Disconnecting.");
-                return manager_connect(m);
-        }
-
-        if (!IN_SET(NTP_FIELD_VERSION(ntpmsg.field), 3, 4)) {
-                log_debug("Response NTPv%d. Disconnecting.", NTP_FIELD_VERSION(ntpmsg.field));
-                return manager_connect(m);
-        }
-
-        if (NTP_FIELD_MODE(ntpmsg.field) != NTP_MODE_SERVER) {
-                log_debug("Unsupported mode %d. Disconnecting.", NTP_FIELD_MODE(ntpmsg.field));
-                return manager_connect(m);
-        }
-
-        root_distance = ntp_ts_short_to_d(&ntpmsg.root_delay) / 2 + ntp_ts_short_to_d(&ntpmsg.root_dispersion);
-        if (root_distance > NTP_MAX_ROOT_DISTANCE) {
-                log_debug("Server has too large root distance. Disconnecting.");
-                return manager_connect(m);
-        }
-
-        /* valid packet */
-        m->pending = false;
-        m->retry_interval = 0;
-
-        /* Stop listening */
-        manager_listen_stop(m);
-
-        /* announce leap seconds */
-        if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_PLUSSEC)
-                leap_sec = 1;
-        else if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_MINUSSEC)
-                leap_sec = -1;
-        else
-                leap_sec = 0;
-
-        /*
-         * "Timestamp Name          ID   When Generated
-         *  ------------------------------------------------------------
-         *  Originate Timestamp     T1   time request sent by client
-         *  Receive Timestamp       T2   time request received by server
-         *  Transmit Timestamp      T3   time reply sent by server
-         *  Destination Timestamp   T4   time reply received by client
-         *
-         *  The round-trip delay, d, and system clock offset, t, are defined as:
-         *  d = (T4 - T1) - (T3 - T2)     t = ((T2 - T1) + (T3 - T4)) / 2"
-         */
-        origin = ts_to_d(&m->trans_time) + OFFSET_1900_1970;
-        receive = ntp_ts_to_d(&ntpmsg.recv_time);
-        trans = ntp_ts_to_d(&ntpmsg.trans_time);
-        dest = ts_to_d(recv_time) + OFFSET_1900_1970;
-
-        offset = ((receive - origin) + (trans - dest)) / 2;
-        delay = (dest - origin) - (trans - receive);
-
-        spike = manager_sample_spike_detection(m, offset, delay);
-
-        manager_adjust_poll(m, offset, spike);
-
-        log_debug("NTP response:\n"
-                  "  leap         : %u\n"
-                  "  version      : %u\n"
-                  "  mode         : %u\n"
-                  "  stratum      : %u\n"
-                  "  precision    : %.6f sec (%d)\n"
-                  "  root distance: %.6f sec\n"
-                  "  reference    : %.4s\n"
-                  "  origin       : %.3f\n"
-                  "  receive      : %.3f\n"
-                  "  transmit     : %.3f\n"
-                  "  dest         : %.3f\n"
-                  "  offset       : %+.3f sec\n"
-                  "  delay        : %+.3f sec\n"
-                  "  packet count : %"PRIu64"\n"
-                  "  jitter       : %.3f%s\n"
-                  "  poll interval: " USEC_FMT "\n",
-                  NTP_FIELD_LEAP(ntpmsg.field),
-                  NTP_FIELD_VERSION(ntpmsg.field),
-                  NTP_FIELD_MODE(ntpmsg.field),
-                  ntpmsg.stratum,
-                  exp2(ntpmsg.precision), ntpmsg.precision,
-                  root_distance,
-                  ntpmsg.stratum == 1 ? ntpmsg.refid : "n/a",
-                  origin - OFFSET_1900_1970,
-                  receive - OFFSET_1900_1970,
-                  trans - OFFSET_1900_1970,
-                  dest - OFFSET_1900_1970,
-                  offset, delay,
-                  m->packet_count,
-                  m->samples_jitter, spike ? " spike" : "",
-                  m->poll_interval_usec / USEC_PER_SEC);
-
-        if (!spike) {
-                m->sync = true;
-                r = manager_adjust_clock(m, offset, leap_sec);
-                if (r < 0)
-                        log_error_errno(r, "Failed to call clock_adjtime(): %m");
-        }
-
-        log_debug("interval/delta/delay/jitter/drift " USEC_FMT "s/%+.3fs/%.3fs/%.3fs/%+ippm%s",
-                  m->poll_interval_usec / USEC_PER_SEC, offset, delay, m->samples_jitter, m->drift_ppm,
-                  spike ? " (ignored)" : "");
-
-        if (!m->good) {
-                _cleanup_free_ char *pretty = NULL;
-
-                m->good = true;
-
-                server_address_pretty(m->current_server_address, &pretty);
-                log_info("Synchronized to time server %s (%s).", strna(pretty), m->current_server_name->string);
-                sd_notifyf(false, "STATUS=Synchronized to time server %s (%s).", strna(pretty), m->current_server_name->string);
-        }
-
-        r = manager_arm_timer(m, m->poll_interval_usec);
-        if (r < 0)
-                return log_error_errno(r, "Failed to rearm timer: %m");
-
-        return 0;
-}
-
-static int manager_listen_setup(Manager *m) {
-        union sockaddr_union addr = {};
-        static const int tos = IPTOS_LOWDELAY;
-        static const int on = 1;
-        int r;
-
-        assert(m);
-
-        if (m->server_socket >= 0)
-                return 0;
-
-        assert(!m->event_receive);
-        assert(m->current_server_address);
-
-        addr.sa.sa_family = m->current_server_address->sockaddr.sa.sa_family;
-
-        m->server_socket = socket(addr.sa.sa_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
-        if (m->server_socket < 0)
-                return -errno;
-
-        r = bind(m->server_socket, &addr.sa, m->current_server_address->socklen);
-        if (r < 0)
-                return -errno;
-
-        r = setsockopt(m->server_socket, SOL_SOCKET, SO_TIMESTAMPNS, &on, sizeof(on));
-        if (r < 0)
-                return -errno;
-
-        (void) setsockopt(m->server_socket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
-
-        return sd_event_add_io(m->event, &m->event_receive, m->server_socket, EPOLLIN, manager_receive_response, m);
-}
-
-static void manager_listen_stop(Manager *m) {
-        assert(m);
-
-        m->event_receive = sd_event_source_unref(m->event_receive);
-        m->server_socket = safe_close(m->server_socket);
-}
-
-static int manager_begin(Manager *m) {
-        _cleanup_free_ char *pretty = NULL;
-        int r;
-
-        assert(m);
-        assert_return(m->current_server_name, -EHOSTUNREACH);
-        assert_return(m->current_server_address, -EHOSTUNREACH);
-
-        m->good = false;
-        m->missed_replies = NTP_MAX_MISSED_REPLIES;
-        if (m->poll_interval_usec == 0)
-                m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
-
-        server_address_pretty(m->current_server_address, &pretty);
-        log_debug("Connecting to time server %s (%s).", strna(pretty), m->current_server_name->string);
-        sd_notifyf(false, "STATUS=Connecting to time server %s (%s).", strna(pretty), m->current_server_name->string);
-
-        r = manager_clock_watch_setup(m);
-        if (r < 0)
-                return r;
-
-        return manager_send_request(m);
-}
-
-void manager_set_server_name(Manager *m, ServerName *n) {
-        assert(m);
-
-        if (m->current_server_name == n)
-                return;
-
-        m->current_server_name = n;
-        m->current_server_address = NULL;
-
-        manager_disconnect(m);
-
-        if (n)
-                log_debug("Selected server %s.", n->string);
-}
-
-void manager_set_server_address(Manager *m, ServerAddress *a) {
-        assert(m);
-
-        if (m->current_server_address == a)
-                return;
-
-        m->current_server_address = a;
-        /* If a is NULL, we are just clearing the address, without
-         * changing the name. Keep the existing name in that case. */
-        if (a)
-                m->current_server_name = a->name;
-
-        manager_disconnect(m);
-
-        if (a) {
-                _cleanup_free_ char *pretty = NULL;
-                server_address_pretty(a, &pretty);
-                log_debug("Selected address %s of server %s.", strna(pretty), a->name->string);
-        }
-}
-
-static int manager_resolve_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
-        Manager *m = userdata;
-        int r;
-
-        assert(q);
-        assert(m);
-        assert(m->current_server_name);
-
-        m->resolve_query = sd_resolve_query_unref(m->resolve_query);
-
-        if (ret != 0) {
-                log_debug("Failed to resolve %s: %s", m->current_server_name->string, gai_strerror(ret));
-
-                /* Try next host */
-                return manager_connect(m);
-        }
-
-        for (; ai; ai = ai->ai_next) {
-                _cleanup_free_ char *pretty = NULL;
-                ServerAddress *a;
-
-                assert(ai->ai_addr);
-                assert(ai->ai_addrlen >= offsetof(struct sockaddr, sa_data));
-
-                if (!IN_SET(ai->ai_addr->sa_family, AF_INET, AF_INET6)) {
-                        log_warning("Unsuitable address protocol for %s", m->current_server_name->string);
-                        continue;
-                }
-
-                r = server_address_new(m->current_server_name, &a, (const union sockaddr_union*) ai->ai_addr, ai->ai_addrlen);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to add server address: %m");
-
-                server_address_pretty(a, &pretty);
-                log_debug("Resolved address %s for %s.", pretty, m->current_server_name->string);
-        }
-
-        if (!m->current_server_name->addresses) {
-                log_error("Failed to find suitable address for host %s.", m->current_server_name->string);
-
-                /* Try next host */
-                return manager_connect(m);
-        }
-
-        manager_set_server_address(m, m->current_server_name->addresses);
-
-        return manager_begin(m);
-}
-
-static int manager_retry_connect(sd_event_source *source, usec_t usec, void *userdata) {
-        Manager *m = userdata;
-
-        assert(m);
-
-        return manager_connect(m);
-}
-
-int manager_connect(Manager *m) {
-        int r;
-
-        assert(m);
-
-        manager_disconnect(m);
-
-        m->event_retry = sd_event_source_unref(m->event_retry);
-        if (!ratelimit_test(&m->ratelimit)) {
-                log_debug("Slowing down attempts to contact servers.");
-
-                r = sd_event_add_time(m->event, &m->event_retry, clock_boottime_or_monotonic(), now(clock_boottime_or_monotonic()) + RETRY_USEC, 0, manager_retry_connect, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to create retry timer: %m");
-
-                return 0;
-        }
-
-        /* If we already are operating on some address, switch to the
-         * next one. */
-        if (m->current_server_address && m->current_server_address->addresses_next)
-                manager_set_server_address(m, m->current_server_address->addresses_next);
-        else {
-                struct addrinfo hints = {
-                        .ai_flags = AI_NUMERICSERV|AI_ADDRCONFIG,
-                        .ai_socktype = SOCK_DGRAM,
-                };
-
-                /* Hmm, we are through all addresses, let's look for the next host instead */
-                if (m->current_server_name && m->current_server_name->names_next)
-                        manager_set_server_name(m, m->current_server_name->names_next);
-                else {
-                        ServerName *f;
-                        bool restart = true;
-
-                        /* Our current server name list is exhausted,
-                         * let's find the next one to iterate. First
-                         * we try the system list, then the link list.
-                         * After having processed the link list we
-                         * jump back to the system list. However, if
-                         * both lists are empty, we change to the
-                         * fallback list. */
-                        if (!m->current_server_name || m->current_server_name->type == SERVER_LINK) {
-                                f = m->system_servers;
-                                if (!f)
-                                        f = m->link_servers;
-                        } else {
-                                f = m->link_servers;
-                                if (!f)
-                                        f = m->system_servers;
-                                else
-                                        restart = false;
-                        }
-
-                        if (!f)
-                                f = m->fallback_servers;
-
-                        if (!f) {
-                                manager_set_server_name(m, NULL);
-                                log_debug("No server found.");
-                                return 0;
-                        }
-
-                        if (restart && !m->exhausted_servers && m->poll_interval_usec) {
-                                log_debug("Waiting after exhausting servers.");
-                                r = sd_event_add_time(m->event, &m->event_retry, clock_boottime_or_monotonic(), now(clock_boottime_or_monotonic()) + m->poll_interval_usec, 0, manager_retry_connect, m);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to create retry timer: %m");
-
-                                m->exhausted_servers = true;
-
-                                /* Increase the polling interval */
-                                if (m->poll_interval_usec < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
-                                        m->poll_interval_usec *= 2;
-
-                                return 0;
-                        }
-
-                        m->exhausted_servers = false;
-
-                        manager_set_server_name(m, f);
-                }
-
-                /* Tell the resolver to reread /etc/resolv.conf, in
-                 * case it changed. */
-                res_init();
-
-                /* Flush out any previously resolved addresses */
-                server_name_flush_addresses(m->current_server_name);
-
-                log_debug("Resolving %s...", m->current_server_name->string);
-
-                r = sd_resolve_getaddrinfo(m->resolve, &m->resolve_query, m->current_server_name->string, "123", &hints, manager_resolve_handler, m);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to create resolver: %m");
-
-                return 1;
-        }
-
-        r = manager_begin(m);
-        if (r < 0)
-                return r;
-
-        return 1;
-}
-
-void manager_disconnect(Manager *m) {
-        assert(m);
-
-        m->resolve_query = sd_resolve_query_unref(m->resolve_query);
-
-        m->event_timer = sd_event_source_unref(m->event_timer);
-
-        manager_listen_stop(m);
-
-        m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
-        m->clock_watch_fd = safe_close(m->clock_watch_fd);
-
-        m->event_timeout = sd_event_source_unref(m->event_timeout);
-
-        sd_notifyf(false, "STATUS=Idle.");
-}
-
-void manager_flush_server_names(Manager  *m, ServerType t) {
-        assert(m);
-
-        if (t == SERVER_SYSTEM)
-                while (m->system_servers)
-                        server_name_free(m->system_servers);
-
-        if (t == SERVER_LINK)
-                while (m->link_servers)
-                        server_name_free(m->link_servers);
-
-        if (t == SERVER_FALLBACK)
-                while (m->fallback_servers)
-                        server_name_free(m->fallback_servers);
-}
-
-void manager_free(Manager *m) {
-        if (!m)
-                return;
-
-        manager_disconnect(m);
-        manager_flush_server_names(m, SERVER_SYSTEM);
-        manager_flush_server_names(m, SERVER_LINK);
-        manager_flush_server_names(m, SERVER_FALLBACK);
-
-        sd_event_source_unref(m->event_retry);
-
-        sd_event_source_unref(m->network_event_source);
-        sd_network_monitor_unref(m->network_monitor);
-
-        sd_resolve_unref(m->resolve);
-        sd_event_unref(m->event);
-
-        free(m);
-}
-
-static int manager_network_read_link_servers(Manager *m) {
-        _cleanup_strv_free_ char **ntp = NULL;
-        ServerName *n, *nx;
-        char **i;
-        int r;
-
-        assert(m);
-
-        r = sd_network_get_ntp(&ntp);
-        if (r < 0)
-                goto clear;
-
-        LIST_FOREACH(names, n, m->link_servers)
-                n->marked = true;
-
-        STRV_FOREACH(i, ntp) {
-                bool found = false;
-
-                LIST_FOREACH(names, n, m->link_servers)
-                        if (streq(n->string, *i)) {
-                                n->marked = false;
-                                found = true;
-                                break;
-                        }
-
-                if (!found) {
-                        r = server_name_new(m, NULL, SERVER_LINK, *i);
-                        if (r < 0)
-                                goto clear;
-                }
-        }
-
-        LIST_FOREACH_SAFE(names, n, nx, m->link_servers)
-                if (n->marked)
-                        server_name_free(n);
-
-        return 0;
-
-clear:
-        manager_flush_server_names(m, SERVER_LINK);
-        return r;
-}
-
-static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Manager *m = userdata;
-        bool connected, online;
-        int r;
-
-        assert(m);
-
-        sd_network_monitor_flush(m->network_monitor);
-
-        manager_network_read_link_servers(m);
-
-        /* check if the machine is online */
-        online = network_is_online();
-
-        /* check if the client is currently connected */
-        connected = m->server_socket >= 0 || m->resolve_query || m->exhausted_servers;
-
-        if (connected && !online) {
-                log_info("No network connectivity, watching for changes.");
-                manager_disconnect(m);
-
-        } else if (!connected && online) {
-                log_info("Network configuration changed, trying to establish connection.");
-
-                if (m->current_server_address)
-                        r = manager_begin(m);
-                else
-                        r = manager_connect(m);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-static int manager_network_monitor_listen(Manager *m) {
-        int r, fd, events;
-
-        assert(m);
-
-        r = sd_network_monitor_new(&m->network_monitor, NULL);
-        if (r < 0)
-                return r;
-
-        fd = sd_network_monitor_get_fd(m->network_monitor);
-        if (fd < 0)
-                return fd;
-
-        events = sd_network_monitor_get_events(m->network_monitor);
-        if (events < 0)
-                return events;
-
-        r = sd_event_add_io(m->event, &m->network_event_source, fd, events, manager_network_event_handler, m);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-int manager_new(Manager **ret) {
-        _cleanup_(manager_freep) Manager *m = NULL;
-        int r;
-
-        assert(ret);
-
-        m = new0(Manager, 1);
-        if (!m)
-                return -ENOMEM;
-
-        m->server_socket = m->clock_watch_fd = -1;
-
-        RATELIMIT_INIT(m->ratelimit, RATELIMIT_INTERVAL_USEC, RATELIMIT_BURST);
-
-        r = manager_parse_server_string(m, SERVER_FALLBACK, NTP_SERVERS);
-        if (r < 0)
-                return r;
-
-        r = sd_event_default(&m->event);
-        if (r < 0)
-                return r;
-
-        sd_event_add_signal(m->event, NULL, SIGTERM, NULL,  NULL);
-        sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
-
-        sd_event_set_watchdog(m->event, true);
-
-        r = sd_resolve_default(&m->resolve);
-        if (r < 0)
-                return r;
-
-        r = sd_resolve_attach_event(m->resolve, m->event, 0);
-        if (r < 0)
-                return r;
-
-        r = manager_network_monitor_listen(m);
-        if (r < 0)
-                return r;
-
-        manager_network_read_link_servers(m);
-
-        *ret = m;
-        m = NULL;
-
-        return 0;
-}
diff --git a/src/timesync/timesyncd-manager.h b/src/timesync/timesyncd-manager.h
deleted file mode 100644
index efe3e60d3e..0000000000
--- a/src/timesync/timesyncd-manager.h
+++ /dev/null
@@ -1,104 +0,0 @@
-#pragma once
-
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Kay Sievers, Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-event.h"
-#include "sd-network.h"
-#include "sd-resolve.h"
-
-#include "list.h"
-#include "ratelimit.h"
-
-typedef struct Manager Manager;
-
-#include "timesyncd-server.h"
-
-struct Manager {
-        sd_event *event;
-        sd_resolve *resolve;
-
-        LIST_HEAD(ServerName, system_servers);
-        LIST_HEAD(ServerName, link_servers);
-        LIST_HEAD(ServerName, fallback_servers);
-
-        RateLimit ratelimit;
-        bool exhausted_servers;
-
-        /* network */
-        sd_event_source *network_event_source;
-        sd_network_monitor *network_monitor;
-
-        /* peer */
-        sd_resolve_query *resolve_query;
-        sd_event_source *event_receive;
-        ServerName *current_server_name;
-        ServerAddress *current_server_address;
-        int server_socket;
-        int missed_replies;
-        uint64_t packet_count;
-        sd_event_source *event_timeout;
-        bool good;
-
-        /* last sent packet */
-        struct timespec trans_time_mon;
-        struct timespec trans_time;
-        usec_t retry_interval;
-        bool pending;
-
-        /* poll timer */
-        sd_event_source *event_timer;
-        usec_t poll_interval_usec;
-        bool poll_resync;
-
-        /* history data */
-        struct {
-                double offset;
-                double delay;
-        } samples[8];
-        unsigned int samples_idx;
-        double samples_jitter;
-
-        /* last change */
-        bool jumped;
-        bool sync;
-        int drift_ppm;
-
-        /* watch for time changes */
-        sd_event_source *event_clock_watch;
-        int clock_watch_fd;
-
-        /* Retry connections */
-        sd_event_source *event_retry;
-
-        /* RTC runs in local time, leave it alone */
-        bool rtc_local_time;
-};
-
-int manager_new(Manager **ret);
-void manager_free(Manager *m);
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
-
-void manager_set_server_name(Manager *m, ServerName *n);
-void manager_set_server_address(Manager *m, ServerAddress *a);
-void manager_flush_server_names(Manager *m, ServerType t);
-
-int manager_connect(Manager *m);
-void manager_disconnect(Manager *m);
diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
deleted file mode 100644
index b67d672a6a..0000000000
--- a/src/timesync/timesyncd.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Kay Sievers, Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-
-#include "capability-util.h"
-#include "clock-util.h"
-#include "fd-util.h"
-#include "fs-util.h"
-#include "network-util.h"
-#include "signal-util.h"
-#include "timesyncd-conf.h"
-#include "timesyncd-manager.h"
-#include "user-util.h"
-
-static int load_clock_timestamp(uid_t uid, gid_t gid) {
-        _cleanup_close_ int fd = -1;
-        usec_t min = TIME_EPOCH * USEC_PER_SEC;
-        usec_t ct;
-        int r;
-
-        /* Let's try to make sure that the clock is always
-         * monotonically increasing, by saving the clock whenever we
-         * have a new NTP time, or when we shut down, and restoring it
-         * when we start again. This is particularly helpful on
-         * systems lacking a battery backed RTC. We also will adjust
-         * the time to at least the build time of systemd. */
-
-        fd = open("/var/lib/systemd/clock", O_RDWR|O_CLOEXEC, 0644);
-        if (fd >= 0) {
-                struct stat st;
-                usec_t stamp;
-
-                /* check if the recorded time is later than the compiled-in one */
-                r = fstat(fd, &st);
-                if (r >= 0) {
-                        stamp = timespec_load(&st.st_mtim);
-                        if (stamp > min)
-                                min = stamp;
-                }
-
-                /* Try to fix the access mode, so that we can still
-                   touch the file after dropping priviliges */
-                (void) fchmod(fd, 0644);
-                (void) fchown(fd, uid, gid);
-
-        } else
-                /* create stamp file with the compiled-in date */
-                (void) touch_file("/var/lib/systemd/clock", true, min, uid, gid, 0644);
-
-        ct = now(CLOCK_REALTIME);
-        if (ct < min) {
-                struct timespec ts;
-                char date[FORMAT_TIMESTAMP_MAX];
-
-                log_info("System clock time unset or jumped backwards, restoring from recorded timestamp: %s",
-                         format_timestamp(date, sizeof(date), min));
-
-                if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, min)) < 0)
-                        log_error_errno(errno, "Failed to restore system clock: %m");
-        }
-
-        return 0;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_(manager_freep) Manager *m = NULL;
-        const char *user = "systemd-timesync";
-        uid_t uid;
-        gid_t gid;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_set_facility(LOG_CRON);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-        if (argc != 1) {
-                log_error("This program does not take arguments.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
-        if (r < 0) {
-                log_error_errno(r, "Cannot resolve user name %s: %m", user);
-                goto finish;
-        }
-
-        r = load_clock_timestamp(uid, gid);
-        if (r < 0)
-                goto finish;
-
-        r = drop_privileges(uid, gid, (1ULL << CAP_SYS_TIME));
-        if (r < 0)
-                goto finish;
-
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
-
-        r = manager_new(&m);
-        if (r < 0) {
-                log_error_errno(r, "Failed to allocate manager: %m");
-                goto finish;
-        }
-
-        if (clock_is_localtime(NULL) > 0) {
-                log_info("The system is configured to read the RTC time in the local time zone. "
-                         "This mode can not be fully supported. All system time to RTC updates are disabled.");
-                m->rtc_local_time = true;
-        }
-
-        r = manager_parse_config_file(m);
-        if (r < 0)
-                log_warning_errno(r, "Failed to parse configuration file: %m");
-
-        log_debug("systemd-timesyncd running as pid " PID_FMT, getpid());
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Daemon is running");
-
-        if (network_is_online()) {
-                r = manager_connect(m);
-                if (r < 0)
-                        goto finish;
-        }
-
-        r = sd_event_loop(m->event);
-        if (r < 0) {
-                log_error_errno(r, "Failed to run event loop: %m");
-                goto finish;
-        }
-
-        /* if we got an authoritative time, store it in the file system */
-        if (m->sync)
-                (void) touch("/var/lib/systemd/clock");
-
-        sd_event_get_exit_code(m->event, &r);
-
-finish:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Shutting down...");
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/tmpfiles/Makefile b/src/tmpfiles/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/tmpfiles/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/tty-ask-password-agent/Makefile b/src/tty-ask-password-agent/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/tty-ask-password-agent/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/udev/Makefile b/src/udev/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/udev/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/udev/ata_id/Makefile b/src/udev/ata_id/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/udev/ata_id/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/udev/cdrom_id/Makefile b/src/udev/cdrom_id/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/udev/cdrom_id/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/udev/collect/Makefile b/src/udev/collect/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/udev/collect/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/udev/mtd_probe/Makefile b/src/udev/mtd_probe/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/udev/mtd_probe/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/udev/net/Makefile b/src/udev/net/Makefile
deleted file mode 120000
index 94aaae2c4d..0000000000
--- a/src/udev/net/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../Makefile
-\ No newline at end of file
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
deleted file mode 100644
index c66504102f..0000000000
--- a/src/udev/net/link-config.c
+++ /dev/null
@@ -1,519 +0,0 @@
-/***
- This file is part of systemd.
-
- Copyright (C) 2013 Tom Gundersen <teg@jklm.no>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <netinet/ether.h>
-
-#include "sd-netlink.h"
-
-#include "alloc-util.h"
-#include "conf-files.h"
-#include "conf-parser.h"
-#include "ethtool-util.h"
-#include "fd-util.h"
-#include "libudev-private.h"
-#include "link-config.h"
-#include "log.h"
-#include "missing.h"
-#include "netlink-util.h"
-#include "network-internal.h"
-#include "parse-util.h"
-#include "path-util.h"
-#include "proc-cmdline.h"
-#include "random-util.h"
-#include "stat-util.h"
-#include "string-table.h"
-#include "string-util.h"
-#include "strv.h"
-#include "util.h"
-
-struct link_config_ctx {
-        LIST_HEAD(link_config, links);
-
-        int ethtool_fd;
-
-        bool enable_name_policy;
-
-        sd_netlink *rtnl;
-
-        usec_t link_dirs_ts_usec;
-};
-
-static const char* const link_dirs[] = {
-        "/etc/systemd/network",
-        "/run/systemd/network",
-        "/usr/lib/systemd/network",
-#ifdef HAVE_SPLIT_USR
-        "/lib/systemd/network",
-#endif
-        NULL};
-
-static void link_config_free(link_config *link) {
-        if (!link)
-                return;
-
-        free(link->filename);
-
-        free(link->match_mac);
-        strv_free(link->match_path);
-        strv_free(link->match_driver);
-        strv_free(link->match_type);
-        free(link->match_name);
-        free(link->match_host);
-        free(link->match_virt);
-        free(link->match_kernel);
-        free(link->match_arch);
-
-        free(link->description);
-        free(link->mac);
-        free(link->name_policy);
-        free(link->name);
-        free(link->alias);
-
-        free(link);
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(link_config*, link_config_free);
-
-static void link_configs_free(link_config_ctx *ctx) {
-        link_config *link, *link_next;
-
-        if (!ctx)
-                return;
-
-        LIST_FOREACH_SAFE(links, link, link_next, ctx->links)
-                link_config_free(link);
-}
-
-void link_config_ctx_free(link_config_ctx *ctx) {
-        if (!ctx)
-                return;
-
-        safe_close(ctx->ethtool_fd);
-
-        sd_netlink_unref(ctx->rtnl);
-
-        link_configs_free(ctx);
-
-        free(ctx);
-
-        return;
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(link_config_ctx*, link_config_ctx_free);
-
-int link_config_ctx_new(link_config_ctx **ret) {
-        _cleanup_(link_config_ctx_freep) link_config_ctx *ctx = NULL;
-
-        if (!ret)
-                return -EINVAL;
-
-        ctx = new0(link_config_ctx, 1);
-        if (!ctx)
-                return -ENOMEM;
-
-        LIST_HEAD_INIT(ctx->links);
-
-        ctx->ethtool_fd = -1;
-
-        ctx->enable_name_policy = true;
-
-        *ret = ctx;
-        ctx = NULL;
-
-        return 0;
-}
-
-static int load_link(link_config_ctx *ctx, const char *filename) {
-        _cleanup_(link_config_freep) link_config *link = NULL;
-        _cleanup_fclose_ FILE *file = NULL;
-        int r;
-
-        assert(ctx);
-        assert(filename);
-
-        file = fopen(filename, "re");
-        if (!file) {
-                if (errno == ENOENT)
-                        return 0;
-                else
-                        return -errno;
-        }
-
-        if (null_or_empty_fd(fileno(file))) {
-                log_debug("Skipping empty file: %s", filename);
-                return 0;
-        }
-
-        link = new0(link_config, 1);
-        if (!link)
-                return log_oom();
-
-        link->mac_policy = _MACPOLICY_INVALID;
-        link->wol = _WOL_INVALID;
-        link->duplex = _DUP_INVALID;
-
-        r = config_parse(NULL, filename, file,
-                         "Match\0Link\0Ethernet\0",
-                         config_item_perf_lookup, link_config_gperf_lookup,
-                         false, false, true, link);
-        if (r < 0)
-                return r;
-        else
-                log_debug("Parsed configuration file %s", filename);
-
-        if (link->mtu > UINT_MAX || link->speed > UINT_MAX)
-                return -ERANGE;
-
-        link->filename = strdup(filename);
-
-        LIST_PREPEND(links, ctx->links, link);
-        link = NULL;
-
-        return 0;
-}
-
-static bool enable_name_policy(void) {
-        _cleanup_free_ char *line = NULL;
-        const char *word, *state;
-        int r;
-        size_t l;
-
-        r = proc_cmdline(&line);
-        if (r < 0) {
-                log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
-                return true;
-        }
-
-        FOREACH_WORD_QUOTED(word, l, line, state)
-                if (strneq(word, "net.ifnames=0", l))
-                        return false;
-
-        return true;
-}
-
-int link_config_load(link_config_ctx *ctx) {
-        int r;
-        _cleanup_strv_free_ char **files;
-        char **f;
-
-        link_configs_free(ctx);
-
-        if (!enable_name_policy()) {
-                ctx->enable_name_policy = false;
-                log_info("Network interface NamePolicy= disabled on kernel command line, ignoring.");
-        }
-
-        /* update timestamp */
-        paths_check_timestamp(link_dirs, &ctx->link_dirs_ts_usec, true);
-
-        r = conf_files_list_strv(&files, ".link", NULL, link_dirs);
-        if (r < 0)
-                return log_error_errno(r, "failed to enumerate link files: %m");
-
-        STRV_FOREACH_BACKWARDS(f, files) {
-                r = load_link(ctx, *f);
-                if (r < 0)
-                        return r;
-        }
-
-        return 0;
-}
-
-bool link_config_should_reload(link_config_ctx *ctx) {
-        return paths_check_timestamp(link_dirs, &ctx->link_dirs_ts_usec, false);
-}
-
-int link_config_get(link_config_ctx *ctx, struct udev_device *device,
-                    link_config **ret) {
-        link_config *link;
-
-        assert(ctx);
-        assert(device);
-        assert(ret);
-
-        LIST_FOREACH(links, link, ctx->links) {
-                const char* attr_value;
-
-                attr_value = udev_device_get_sysattr_value(device, "address");
-
-                if (net_match_config(link->match_mac, link->match_path, link->match_driver,
-                                     link->match_type, link->match_name, link->match_host,
-                                     link->match_virt, link->match_kernel, link->match_arch,
-                                     attr_value ? ether_aton(attr_value) : NULL,
-                                     udev_device_get_property_value(device, "ID_PATH"),
-                                     udev_device_get_driver(udev_device_get_parent(device)),
-                                     udev_device_get_property_value(device, "ID_NET_DRIVER"),
-                                     udev_device_get_devtype(device),
-                                     udev_device_get_sysname(device))) {
-                        if (link->match_name) {
-                                unsigned char name_assign_type = NET_NAME_UNKNOWN;
-
-                                attr_value = udev_device_get_sysattr_value(device, "name_assign_type");
-                                if (attr_value)
-                                        (void) safe_atou8(attr_value, &name_assign_type);
-
-                                if (name_assign_type == NET_NAME_ENUM) {
-                                        log_warning("Config file %s applies to device based on potentially unpredictable interface name '%s'",
-                                                  link->filename, udev_device_get_sysname(device));
-                                        *ret = link;
-
-                                        return 0;
-                                } else if (name_assign_type == NET_NAME_RENAMED) {
-                                        log_warning("Config file %s matches device based on renamed interface name '%s', ignoring",
-                                                  link->filename, udev_device_get_sysname(device));
-
-                                        continue;
-                                }
-                        }
-
-                        log_debug("Config file %s applies to device %s",
-                                  link->filename,  udev_device_get_sysname(device));
-
-                        *ret = link;
-
-                        return 0;
-                }
-        }
-
-        *ret = NULL;
-
-        return -ENOENT;
-}
-
-static bool mac_is_random(struct udev_device *device) {
-        const char *s;
-        unsigned type;
-        int r;
-
-        /* if we can't get the assign type, assume it is not random */
-        s = udev_device_get_sysattr_value(device, "addr_assign_type");
-        if (!s)
-                return false;
-
-        r = safe_atou(s, &type);
-        if (r < 0)
-                return false;
-
-        return type == NET_ADDR_RANDOM;
-}
-
-static bool should_rename(struct udev_device *device, bool respect_predictable) {
-        const char *s;
-        unsigned type;
-        int r;
-
-        /* if we can't get the assgin type, assume we should rename */
-        s = udev_device_get_sysattr_value(device, "name_assign_type");
-        if (!s)
-                return true;
-
-        r = safe_atou(s, &type);
-        if (r < 0)
-                return true;
-
-        switch (type) {
-        case NET_NAME_USER:
-        case NET_NAME_RENAMED:
-                /* these were already named by userspace, do not touch again */
-                return false;
-        case NET_NAME_PREDICTABLE:
-                /* the kernel claims to have given a predictable name */
-                if (respect_predictable)
-                        return false;
-                /* fall through */
-        case NET_NAME_ENUM:
-        default:
-                /* the name is known to be bad, or of an unknown type */
-                return true;
-        }
-}
-
-static int get_mac(struct udev_device *device, bool want_random,
-                   struct ether_addr *mac) {
-        int r;
-
-        if (want_random)
-                random_bytes(mac->ether_addr_octet, ETH_ALEN);
-        else {
-                uint64_t result;
-
-                r = net_get_unique_predictable_data(device, &result);
-                if (r < 0)
-                        return r;
-
-                assert_cc(ETH_ALEN <= sizeof(result));
-                memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
-        }
-
-        /* see eth_random_addr in the kernel */
-        mac->ether_addr_octet[0] &= 0xfe;  /* clear multicast bit */
-        mac->ether_addr_octet[0] |= 0x02;  /* set local assignment bit (IEEE802) */
-
-        return 0;
-}
-
-int link_config_apply(link_config_ctx *ctx, link_config *config,
-                      struct udev_device *device, const char **name) {
-        const char *old_name;
-        const char *new_name = NULL;
-        struct ether_addr generated_mac;
-        struct ether_addr *mac = NULL;
-        bool respect_predictable = false;
-        int r, ifindex;
-
-        assert(ctx);
-        assert(config);
-        assert(device);
-        assert(name);
-
-        old_name = udev_device_get_sysname(device);
-        if (!old_name)
-                return -EINVAL;
-
-        r = ethtool_set_speed(&ctx->ethtool_fd, old_name, config->speed / 1024, config->duplex);
-        if (r < 0)
-                log_warning_errno(r, "Could not set speed or duplex of %s to %zu Mbps (%s): %m",
-                                  old_name, config->speed / 1024,
-                                  duplex_to_string(config->duplex));
-
-        r = ethtool_set_wol(&ctx->ethtool_fd, old_name, config->wol);
-        if (r < 0)
-                log_warning_errno(r, "Could not set WakeOnLan of %s to %s: %m",
-                                  old_name, wol_to_string(config->wol));
-
-        ifindex = udev_device_get_ifindex(device);
-        if (ifindex <= 0) {
-                log_warning("Could not find ifindex");
-                return -ENODEV;
-        }
-
-        if (ctx->enable_name_policy && config->name_policy) {
-                NamePolicy *policy;
-
-                for (policy = config->name_policy;
-                     !new_name && *policy != _NAMEPOLICY_INVALID; policy++) {
-                        switch (*policy) {
-                                case NAMEPOLICY_KERNEL:
-                                        respect_predictable = true;
-                                        break;
-                                case NAMEPOLICY_DATABASE:
-                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_FROM_DATABASE");
-                                        break;
-                                case NAMEPOLICY_ONBOARD:
-                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_ONBOARD");
-                                        break;
-                                case NAMEPOLICY_SLOT:
-                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_SLOT");
-                                        break;
-                                case NAMEPOLICY_PATH:
-                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_PATH");
-                                        break;
-                                case NAMEPOLICY_MAC:
-                                        new_name = udev_device_get_property_value(device, "ID_NET_NAME_MAC");
-                                        break;
-                                default:
-                                        break;
-                        }
-                }
-        }
-
-        if (should_rename(device, respect_predictable)) {
-                /* if not set by policy, fall back manually set name */
-                if (!new_name)
-                        new_name = config->name;
-        } else
-                new_name = NULL;
-
-        switch (config->mac_policy) {
-                case MACPOLICY_PERSISTENT:
-                        if (mac_is_random(device)) {
-                                r = get_mac(device, false, &generated_mac);
-                                if (r == -ENOENT) {
-                                        log_warning_errno(r, "Could not generate persistent MAC address for %s: %m", old_name);
-                                        break;
-                                } else if (r < 0)
-                                        return r;
-                                mac = &generated_mac;
-                        }
-                        break;
-                case MACPOLICY_RANDOM:
-                        if (!mac_is_random(device)) {
-                                r = get_mac(device, true, &generated_mac);
-                                if (r == -ENOENT) {
-                                        log_warning_errno(r, "Could not generate random MAC address for %s: %m", old_name);
-                                        break;
-                                } else if (r < 0)
-                                        return r;
-                                mac = &generated_mac;
-                        }
-                        break;
-                case MACPOLICY_NONE:
-                default:
-                        mac = config->mac;
-        }
-
-        r = rtnl_set_link_properties(&ctx->rtnl, ifindex, config->alias, mac, config->mtu);
-        if (r < 0)
-                return log_warning_errno(r, "Could not set Alias, MACAddress or MTU on %s: %m", old_name);
-
-        *name = new_name;
-
-        return 0;
-}
-
-int link_get_driver(link_config_ctx *ctx, struct udev_device *device, char **ret) {
-        const char *name;
-        char *driver = NULL;
-        int r;
-
-        name = udev_device_get_sysname(device);
-        if (!name)
-                return -EINVAL;
-
-        r = ethtool_get_driver(&ctx->ethtool_fd, name, &driver);
-        if (r < 0)
-                return r;
-
-        *ret = driver;
-        return 0;
-}
-
-static const char* const mac_policy_table[_MACPOLICY_MAX] = {
-        [MACPOLICY_PERSISTENT] = "persistent",
-        [MACPOLICY_RANDOM] = "random",
-        [MACPOLICY_NONE] = "none"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(mac_policy, MACPolicy);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_mac_policy, mac_policy, MACPolicy,
-                         "Failed to parse MAC address policy");
-
-static const char* const name_policy_table[_NAMEPOLICY_MAX] = {
-        [NAMEPOLICY_KERNEL] = "kernel",
-        [NAMEPOLICY_DATABASE] = "database",
-        [NAMEPOLICY_ONBOARD] = "onboard",
-        [NAMEPOLICY_SLOT] = "slot",
-        [NAMEPOLICY_PATH] = "path",
-        [NAMEPOLICY_MAC] = "mac"
-};
-
-DEFINE_STRING_TABLE_LOOKUP(name_policy, NamePolicy);
-DEFINE_CONFIG_PARSE_ENUMV(config_parse_name_policy, name_policy, NamePolicy,
-                          _NAMEPOLICY_INVALID,
-                          "Failed to parse interface name policy");
diff --git a/src/udev/scsi_id/Makefile b/src/udev/scsi_id/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/udev/scsi_id/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/udev/udev-builtin-blkid.c b/src/udev/udev-builtin-blkid.c
deleted file mode 100644
index ed0ea5ce5f..0000000000
--- a/src/udev/udev-builtin-blkid.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
- * probe disks for filesystems and partitions
- *
- * Copyright (C) 2011 Kay Sievers <kay@vrfy.org>
- * Copyright (C) 2011 Karel Zak <kzak@redhat.com>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <blkid/blkid.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-
-#include "sd-id128.h"
-
-#include "alloc-util.h"
-#include "efivars.h"
-#include "fd-util.h"
-#include "gpt.h"
-#include "string-util.h"
-#include "udev.h"
-
-static void print_property(struct udev_device *dev, bool test, const char *name, const char *value) {
-        char s[256];
-
-        s[0] = '\0';
-
-        if (streq(name, "TYPE")) {
-                udev_builtin_add_property(dev, test, "ID_FS_TYPE", value);
-
-        } else if (streq(name, "USAGE")) {
-                udev_builtin_add_property(dev, test, "ID_FS_USAGE", value);
-
-        } else if (streq(name, "VERSION")) {
-                udev_builtin_add_property(dev, test, "ID_FS_VERSION", value);
-
-        } else if (streq(name, "UUID")) {
-                blkid_safe_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_UUID", s);
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_UUID_ENC", s);
-
-        } else if (streq(name, "UUID_SUB")) {
-                blkid_safe_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_UUID_SUB", s);
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_UUID_SUB_ENC", s);
-
-        } else if (streq(name, "LABEL")) {
-                blkid_safe_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_LABEL", s);
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_LABEL_ENC", s);
-
-        } else if (streq(name, "PTTYPE")) {
-                udev_builtin_add_property(dev, test, "ID_PART_TABLE_TYPE", value);
-
-        } else if (streq(name, "PTUUID")) {
-                udev_builtin_add_property(dev, test, "ID_PART_TABLE_UUID", value);
-
-        } else if (streq(name, "PART_ENTRY_NAME")) {
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_PART_ENTRY_NAME", s);
-
-        } else if (streq(name, "PART_ENTRY_TYPE")) {
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_PART_ENTRY_TYPE", s);
-
-        } else if (startswith(name, "PART_ENTRY_")) {
-                strscpyl(s, sizeof(s), "ID_", name, NULL);
-                udev_builtin_add_property(dev, test, s, value);
-
-        } else if (streq(name, "SYSTEM_ID")) {
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_SYSTEM_ID", s);
-
-        } else if (streq(name, "PUBLISHER_ID")) {
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_PUBLISHER_ID", s);
-
-        } else if (streq(name, "APPLICATION_ID")) {
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_APPLICATION_ID", s);
-
-        } else if (streq(name, "BOOT_SYSTEM_ID")) {
-                blkid_encode_string(value, s, sizeof(s));
-                udev_builtin_add_property(dev, test, "ID_FS_BOOT_SYSTEM_ID", s);
-        }
-}
-
-static int find_gpt_root(struct udev_device *dev, blkid_probe pr, bool test) {
-
-#if defined(GPT_ROOT_NATIVE) && defined(ENABLE_EFI)
-
-        _cleanup_free_ char *root_id = NULL;
-        bool found_esp = false;
-        blkid_partlist pl;
-        int i, nvals, r;
-
-        assert(pr);
-
-        /* Iterate through the partitions on this disk, and see if the
-         * EFI ESP we booted from is on it. If so, find the first root
-         * disk, and add a property indicating its partition UUID. */
-
-        errno = 0;
-        pl = blkid_probe_get_partitions(pr);
-        if (!pl)
-                return errno > 0 ? -errno : -ENOMEM;
-
-        nvals = blkid_partlist_numof_partitions(pl);
-        for (i = 0; i < nvals; i++) {
-                blkid_partition pp;
-                const char *stype, *sid;
-                sd_id128_t type;
-
-                pp = blkid_partlist_get_partition(pl, i);
-                if (!pp)
-                        continue;
-
-                sid = blkid_partition_get_uuid(pp);
-                if (!sid)
-                        continue;
-
-                stype = blkid_partition_get_type_string(pp);
-                if (!stype)
-                        continue;
-
-                if (sd_id128_from_string(stype, &type) < 0)
-                        continue;
-
-                if (sd_id128_equal(type, GPT_ESP)) {
-                        sd_id128_t id, esp;
-                        unsigned long long flags;
-
-                        flags = blkid_partition_get_flags(pp);
-                        if (flags & GPT_FLAG_NO_AUTO)
-                                continue;
-
-                        /* We found an ESP, let's see if it matches
-                         * the ESP we booted from. */
-
-                        if (sd_id128_from_string(sid, &id) < 0)
-                                continue;
-
-                        r = efi_loader_get_device_part_uuid(&esp);
-                        if (r < 0)
-                                return r;
-
-                        if (sd_id128_equal(id, esp))
-                                found_esp = true;
-
-                } else if (sd_id128_equal(type, GPT_ROOT_NATIVE)) {
-
-                        /* We found a suitable root partition, let's
-                         * remember the first one. */
-
-                        if (!root_id) {
-                                root_id = strdup(sid);
-                                if (!root_id)
-                                        return -ENOMEM;
-                        }
-                }
-        }
-
-        /* We found the ESP on this disk, and also found a root
-         * partition, nice! Let's export its UUID */
-        if (found_esp && root_id)
-                udev_builtin_add_property(dev, test, "ID_PART_GPT_AUTO_ROOT_UUID", root_id);
-#endif
-
-        return 0;
-}
-
-static int probe_superblocks(blkid_probe pr) {
-        struct stat st;
-        int rc;
-
-        if (fstat(blkid_probe_get_fd(pr), &st))
-                return -1;
-
-        blkid_probe_enable_partitions(pr, 1);
-
-        if (!S_ISCHR(st.st_mode) &&
-            blkid_probe_get_size(pr) <= 1024 * 1440 &&
-            blkid_probe_is_wholedisk(pr)) {
-                /*
-                 * check if the small disk is partitioned, if yes then
-                 * don't probe for filesystems.
-                 */
-                blkid_probe_enable_superblocks(pr, 0);
-
-                rc = blkid_do_fullprobe(pr);
-                if (rc < 0)
-                        return rc;        /* -1 = error, 1 = nothing, 0 = success */
-
-                if (blkid_probe_lookup_value(pr, "PTTYPE", NULL, NULL) == 0)
-                        return 0;        /* partition table detected */
-        }
-
-        blkid_probe_set_partitions_flags(pr, BLKID_PARTS_ENTRY_DETAILS);
-        blkid_probe_enable_superblocks(pr, 1);
-
-        return blkid_do_safeprobe(pr);
-}
-
-static int builtin_blkid(struct udev_device *dev, int argc, char *argv[], bool test) {
-        const char *root_partition;
-        int64_t offset = 0;
-        bool noraid = false;
-        _cleanup_close_ int fd = -1;
-        blkid_probe pr;
-        const char *data;
-        const char *name;
-        const char *prtype = NULL;
-        int nvals;
-        int i;
-        int err = 0;
-        bool is_gpt = false;
-
-        static const struct option options[] = {
-                { "offset", optional_argument, NULL, 'o' },
-                { "noraid", no_argument, NULL, 'R' },
-                {}
-        };
-
-        for (;;) {
-                int option;
-
-                option = getopt_long(argc, argv, "oR", options, NULL);
-                if (option == -1)
-                        break;
-
-                switch (option) {
-                case 'o':
-                        offset = strtoull(optarg, NULL, 0);
-                        break;
-                case 'R':
-                        noraid = true;
-                        break;
-                }
-        }
-
-        pr = blkid_new_probe();
-        if (!pr)
-                return EXIT_FAILURE;
-
-        blkid_probe_set_superblocks_flags(pr,
-                BLKID_SUBLKS_LABEL | BLKID_SUBLKS_UUID |
-                BLKID_SUBLKS_TYPE | BLKID_SUBLKS_SECTYPE |
-                BLKID_SUBLKS_USAGE | BLKID_SUBLKS_VERSION |
-                BLKID_SUBLKS_BADCSUM);
-
-        if (noraid)
-                blkid_probe_filter_superblocks_usage(pr, BLKID_FLTR_NOTIN, BLKID_USAGE_RAID);
-
-        fd = open(udev_device_get_devnode(dev), O_RDONLY|O_CLOEXEC);
-        if (fd < 0) {
-                err = log_debug_errno(errno, "Failure opening block device %s: %m", udev_device_get_devnode(dev));
-                goto out;
-        }
-
-        err = blkid_probe_set_device(pr, fd, offset, 0);
-        if (err < 0)
-                goto out;
-
-        log_debug("probe %s %sraid offset=%"PRIi64,
-                  udev_device_get_devnode(dev),
-                  noraid ? "no" : "", offset);
-
-        err = probe_superblocks(pr);
-        if (err < 0)
-                goto out;
-        if (blkid_probe_has_value(pr, "SBBADCSUM")) {
-                if (!blkid_probe_lookup_value(pr, "TYPE", &prtype, NULL))
-                        log_warning("incorrect %s checksum on %s",
-                                    prtype, udev_device_get_devnode(dev));
-                else
-                        log_warning("incorrect checksum on %s",
-                                    udev_device_get_devnode(dev));
-                goto out;
-        }
-
-        /* If we are a partition then our parent passed on the root
-         * partition UUID to us */
-        root_partition = udev_device_get_property_value(dev, "ID_PART_GPT_AUTO_ROOT_UUID");
-
-        nvals = blkid_probe_numof_values(pr);
-        for (i = 0; i < nvals; i++) {
-                if (blkid_probe_get_value(pr, i, &name, &data, NULL))
-                        continue;
-
-                print_property(dev, test, name, data);
-
-                /* Is this a disk with GPT partition table? */
-                if (streq(name, "PTTYPE") && streq(data, "gpt"))
-                        is_gpt = true;
-
-                /* Is this a partition that matches the root partition
-                 * property we inherited from our parent? */
-                if (root_partition && streq(name, "PART_ENTRY_UUID") && streq(data, root_partition))
-                        udev_builtin_add_property(dev, test, "ID_PART_GPT_AUTO_ROOT", "1");
-        }
-
-        if (is_gpt)
-                find_gpt_root(dev, pr, test);
-
-        blkid_free_probe(pr);
-out:
-        if (err < 0)
-                return EXIT_FAILURE;
-
-        return EXIT_SUCCESS;
-}
-
-const struct udev_builtin udev_builtin_blkid = {
-        .name = "blkid",
-        .cmd = builtin_blkid,
-        .help = "Filesystem and partition probing",
-        .run_once = true,
-};
diff --git a/src/udev/udev-builtin-hwdb.c b/src/udev/udev-builtin-hwdb.c
deleted file mode 100644
index f4a065a97d..0000000000
--- a/src/udev/udev-builtin-hwdb.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2012 Kay Sievers <kay@vrfy.org>
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <fnmatch.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "sd-hwdb.h"
-
-#include "alloc-util.h"
-#include "hwdb-util.h"
-#include "string-util.h"
-#include "udev-util.h"
-#include "udev.h"
-
-static sd_hwdb *hwdb;
-
-int udev_builtin_hwdb_lookup(struct udev_device *dev,
-                             const char *prefix, const char *modalias,
-                             const char *filter, bool test) {
-        _cleanup_free_ char *lookup = NULL;
-        const char *key, *value;
-        int n = 0;
-
-        if (!hwdb)
-                return -ENOENT;
-
-        if (prefix) {
-                lookup = strjoin(prefix, modalias, NULL);
-                if (!lookup)
-                        return -ENOMEM;
-                modalias = lookup;
-        }
-
-        SD_HWDB_FOREACH_PROPERTY(hwdb, modalias, key, value) {
-                if (filter && fnmatch(filter, key, FNM_NOESCAPE) != 0)
-                        continue;
-
-                if (udev_builtin_add_property(dev, test, key, value) < 0)
-                        return -ENOMEM;
-                n++;
-        }
-        return n;
-}
-
-static const char *modalias_usb(struct udev_device *dev, char *s, size_t size) {
-        const char *v, *p;
-        int vn, pn;
-
-        v = udev_device_get_sysattr_value(dev, "idVendor");
-        if (!v)
-                return NULL;
-        p = udev_device_get_sysattr_value(dev, "idProduct");
-        if (!p)
-                return NULL;
-        vn = strtol(v, NULL, 16);
-        if (vn <= 0)
-                return NULL;
-        pn = strtol(p, NULL, 16);
-        if (pn <= 0)
-                return NULL;
-        snprintf(s, size, "usb:v%04Xp%04X*", vn, pn);
-        return s;
-}
-
-static int udev_builtin_hwdb_search(struct udev_device *dev, struct udev_device *srcdev,
-                                    const char *subsystem, const char *prefix,
-                                    const char *filter, bool test) {
-        struct udev_device *d;
-        char s[16];
-        bool last = false;
-        int r = 0;
-
-        assert(dev);
-
-        if (!srcdev)
-                srcdev = dev;
-
-        for (d = srcdev; d && !last; d = udev_device_get_parent(d)) {
-                const char *dsubsys;
-                const char *modalias = NULL;
-
-                dsubsys = udev_device_get_subsystem(d);
-                if (!dsubsys)
-                        continue;
-
-                /* look only at devices of a specific subsystem */
-                if (subsystem && !streq(dsubsys, subsystem))
-                        continue;
-
-                modalias = udev_device_get_property_value(d, "MODALIAS");
-
-                if (streq(dsubsys, "usb") && streq_ptr(udev_device_get_devtype(d), "usb_device")) {
-                        /* if the usb_device does not have a modalias, compose one */
-                        if (!modalias)
-                                modalias = modalias_usb(d, s, sizeof(s));
-
-                        /* avoid looking at any parent device, they are usually just a USB hub */
-                        last = true;
-                }
-
-                if (!modalias)
-                        continue;
-
-                r = udev_builtin_hwdb_lookup(dev, prefix, modalias, filter, test);
-                if (r > 0)
-                        break;
-        }
-
-        return r;
-}
-
-static int builtin_hwdb(struct udev_device *dev, int argc, char *argv[], bool test) {
-        static const struct option options[] = {
-                { "filter", required_argument, NULL, 'f' },
-                { "device", required_argument, NULL, 'd' },
-                { "subsystem", required_argument, NULL, 's' },
-                { "lookup-prefix", required_argument, NULL, 'p' },
-                {}
-        };
-        const char *filter = NULL;
-        const char *device = NULL;
-        const char *subsystem = NULL;
-        const char *prefix = NULL;
-        _cleanup_udev_device_unref_ struct udev_device *srcdev = NULL;
-
-        if (!hwdb)
-                return EXIT_FAILURE;
-
-        for (;;) {
-                int option;
-
-                option = getopt_long(argc, argv, "f:d:s:p:", options, NULL);
-                if (option == -1)
-                        break;
-
-                switch (option) {
-                case 'f':
-                        filter = optarg;
-                        break;
-
-                case 'd':
-                        device = optarg;
-                        break;
-
-                case 's':
-                        subsystem = optarg;
-                        break;
-
-                case 'p':
-                        prefix = optarg;
-                        break;
-                }
-        }
-
-        /* query a specific key given as argument */
-        if (argv[optind]) {
-                if (udev_builtin_hwdb_lookup(dev, prefix, argv[optind], filter, test) > 0)
-                        return EXIT_SUCCESS;
-                return EXIT_FAILURE;
-        }
-
-        /* read data from another device than the device we will store the data */
-        if (device) {
-                srcdev = udev_device_new_from_device_id(udev_device_get_udev(dev), device);
-                if (!srcdev)
-                        return EXIT_FAILURE;
-        }
-
-        if (udev_builtin_hwdb_search(dev, srcdev, subsystem, prefix, filter, test) > 0)
-                return EXIT_SUCCESS;
-        return EXIT_FAILURE;
-}
-
-/* called at udev startup and reload */
-static int builtin_hwdb_init(struct udev *udev) {
-        int r;
-
-        if (hwdb)
-                return 0;
-
-        r = sd_hwdb_new(&hwdb);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-/* called on udev shutdown and reload request */
-static void builtin_hwdb_exit(struct udev *udev) {
-        hwdb = sd_hwdb_unref(hwdb);
-}
-
-/* called every couple of seconds during event activity; 'true' if config has changed */
-static bool builtin_hwdb_validate(struct udev *udev) {
-        return hwdb_validate(hwdb);
-}
-
-const struct udev_builtin udev_builtin_hwdb = {
-        .name = "hwdb",
-        .cmd = builtin_hwdb,
-        .init = builtin_hwdb_init,
-        .exit = builtin_hwdb_exit,
-        .validate = builtin_hwdb_validate,
-        .help = "Hardware database",
-};
diff --git a/src/udev/udev-builtin-uaccess.c b/src/udev/udev-builtin-uaccess.c
deleted file mode 100644
index 3ebe36f043..0000000000
--- a/src/udev/udev-builtin-uaccess.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * manage device node user ACL
- *
- * Copyright 2010-2012 Kay Sievers <kay@vrfy.org>
- * Copyright 2010 Lennart Poettering
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "sd-login.h"
-
-#include "login-util.h"
-#include "logind-acl.h"
-#include "udev.h"
-#include "util.h"
-
-static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
-        int r;
-        const char *path = NULL, *seat;
-        bool changed_acl = false;
-        uid_t uid;
-
-        umask(0022);
-
-        /* don't muck around with ACLs when the system is not running systemd */
-        if (!logind_running())
-                return 0;
-
-        path = udev_device_get_devnode(dev);
-        seat = udev_device_get_property_value(dev, "ID_SEAT");
-        if (!seat)
-                seat = "seat0";
-
-        r = sd_seat_get_active(seat, NULL, &uid);
-        if (r == -ENXIO || r == -ENODATA) {
-                /* No active session on this seat */
-                r = 0;
-                goto finish;
-        } else if (r < 0) {
-                log_error("Failed to determine active user on seat %s.", seat);
-                goto finish;
-        }
-
-        r = devnode_acl(path, true, false, 0, true, uid);
-        if (r < 0) {
-                log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
-                goto finish;
-        }
-
-        changed_acl = true;
-        r = 0;
-
-finish:
-        if (path && !changed_acl) {
-                int k;
-
-                /* Better be safe than sorry and reset ACL */
-                k = devnode_acl(path, true, false, 0, false, 0);
-                if (k < 0) {
-                        log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
-                        if (r >= 0)
-                                r = k;
-                }
-        }
-
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
-
-const struct udev_builtin udev_builtin_uaccess = {
-        .name = "uaccess",
-        .cmd = builtin_uaccess,
-        .help = "Manage device node user ACL",
-};
diff --git a/src/udev/udev.h b/src/udev/udev.h
deleted file mode 100644
index 8433e8d9f2..0000000000
--- a/src/udev/udev.h
+++ /dev/null
@@ -1,216 +0,0 @@
-#pragma once
-
-/*
- * Copyright (C) 2003 Greg Kroah-Hartman <greg@kroah.com>
- * Copyright (C) 2003-2010 Kay Sievers <kay@vrfy.org>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <sys/param.h>
-#include <sys/sysmacros.h>
-#include <sys/types.h>
-
-#include "libudev.h"
-#include "sd-netlink.h"
-
-#include "label.h"
-#include "libudev-private.h"
-#include "macro.h"
-#include "strv.h"
-#include "util.h"
-
-struct udev_event {
-        struct udev *udev;
-        struct udev_device *dev;
-        struct udev_device *dev_parent;
-        struct udev_device *dev_db;
-        char *name;
-        char *program_result;
-        mode_t mode;
-        uid_t uid;
-        gid_t gid;
-        struct udev_list seclabel_list;
-        struct udev_list run_list;
-        int exec_delay;
-        usec_t birth_usec;
-        sd_netlink *rtnl;
-        unsigned int builtin_run;
-        unsigned int builtin_ret;
-        bool inotify_watch;
-        bool inotify_watch_final;
-        bool group_set;
-        bool group_final;
-        bool owner_set;
-        bool owner_final;
-        bool mode_set;
-        bool mode_final;
-        bool name_final;
-        bool devlink_final;
-        bool run_final;
-};
-
-struct udev_watch {
-        struct udev_list_node node;
-        int handle;
-        char *name;
-};
-
-/* udev-rules.c */
-struct udev_rules;
-struct udev_rules *udev_rules_new(struct udev *udev, int resolve_names);
-struct udev_rules *udev_rules_unref(struct udev_rules *rules);
-bool udev_rules_check_timestamp(struct udev_rules *rules);
-void udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event,
-                               usec_t timeout_usec, usec_t timeout_warn_usec,
-                               struct udev_list *properties_list);
-int udev_rules_apply_static_dev_perms(struct udev_rules *rules);
-
-/* udev-event.c */
-struct udev_event *udev_event_new(struct udev_device *dev);
-void udev_event_unref(struct udev_event *event);
-size_t udev_event_apply_format(struct udev_event *event, const char *src, char *dest, size_t size);
-int udev_event_apply_subsys_kernel(struct udev_event *event, const char *string,
-                                   char *result, size_t maxsize, int read_value);
-int udev_event_spawn(struct udev_event *event,
-                     usec_t timeout_usec,
-                     usec_t timeout_warn_usec,
-                     bool accept_failure,
-                     const char *cmd, char *result, size_t ressize);
-void udev_event_execute_rules(struct udev_event *event,
-                              usec_t timeout_usec, usec_t timeout_warn_usec,
-                              struct udev_list *properties_list,
-                              struct udev_rules *rules);
-void udev_event_execute_run(struct udev_event *event, usec_t timeout_usec, usec_t timeout_warn_usec);
-int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]);
-
-/* udev-watch.c */
-int udev_watch_init(struct udev *udev);
-void udev_watch_restore(struct udev *udev);
-void udev_watch_begin(struct udev *udev, struct udev_device *dev);
-void udev_watch_end(struct udev *udev, struct udev_device *dev);
-struct udev_device *udev_watch_lookup(struct udev *udev, int wd);
-
-/* udev-node.c */
-void udev_node_add(struct udev_device *dev, bool apply,
-                   mode_t mode, uid_t uid, gid_t gid,
-                   struct udev_list *seclabel_list);
-void udev_node_remove(struct udev_device *dev);
-void udev_node_update_old_links(struct udev_device *dev, struct udev_device *dev_old);
-
-/* udev-ctrl.c */
-struct udev_ctrl;
-struct udev_ctrl *udev_ctrl_new(struct udev *udev);
-struct udev_ctrl *udev_ctrl_new_from_fd(struct udev *udev, int fd);
-int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl);
-struct udev_ctrl *udev_ctrl_unref(struct udev_ctrl *uctrl);
-int udev_ctrl_cleanup(struct udev_ctrl *uctrl);
-struct udev *udev_ctrl_get_udev(struct udev_ctrl *uctrl);
-int udev_ctrl_get_fd(struct udev_ctrl *uctrl);
-int udev_ctrl_send_set_log_level(struct udev_ctrl *uctrl, int priority, int timeout);
-int udev_ctrl_send_stop_exec_queue(struct udev_ctrl *uctrl, int timeout);
-int udev_ctrl_send_start_exec_queue(struct udev_ctrl *uctrl, int timeout);
-int udev_ctrl_send_reload(struct udev_ctrl *uctrl, int timeout);
-int udev_ctrl_send_ping(struct udev_ctrl *uctrl, int timeout);
-int udev_ctrl_send_exit(struct udev_ctrl *uctrl, int timeout);
-int udev_ctrl_send_set_env(struct udev_ctrl *uctrl, const char *key, int timeout);
-int udev_ctrl_send_set_children_max(struct udev_ctrl *uctrl, int count, int timeout);
-struct udev_ctrl_connection;
-struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl);
-struct udev_ctrl_connection *udev_ctrl_connection_ref(struct udev_ctrl_connection *conn);
-struct udev_ctrl_connection *udev_ctrl_connection_unref(struct udev_ctrl_connection *conn);
-struct udev_ctrl_msg;
-struct udev_ctrl_msg *udev_ctrl_receive_msg(struct udev_ctrl_connection *conn);
-struct udev_ctrl_msg *udev_ctrl_msg_unref(struct udev_ctrl_msg *ctrl_msg);
-int udev_ctrl_get_set_log_level(struct udev_ctrl_msg *ctrl_msg);
-int udev_ctrl_get_stop_exec_queue(struct udev_ctrl_msg *ctrl_msg);
-int udev_ctrl_get_start_exec_queue(struct udev_ctrl_msg *ctrl_msg);
-int udev_ctrl_get_reload(struct udev_ctrl_msg *ctrl_msg);
-int udev_ctrl_get_ping(struct udev_ctrl_msg *ctrl_msg);
-int udev_ctrl_get_exit(struct udev_ctrl_msg *ctrl_msg);
-const char *udev_ctrl_get_set_env(struct udev_ctrl_msg *ctrl_msg);
-int udev_ctrl_get_set_children_max(struct udev_ctrl_msg *ctrl_msg);
-
-/* built-in commands */
-enum udev_builtin_cmd {
-#ifdef HAVE_BLKID
-        UDEV_BUILTIN_BLKID,
-#endif
-        UDEV_BUILTIN_BTRFS,
-        UDEV_BUILTIN_HWDB,
-        UDEV_BUILTIN_INPUT_ID,
-        UDEV_BUILTIN_KEYBOARD,
-#ifdef HAVE_KMOD
-        UDEV_BUILTIN_KMOD,
-#endif
-        UDEV_BUILTIN_NET_ID,
-        UDEV_BUILTIN_NET_LINK,
-        UDEV_BUILTIN_PATH_ID,
-        UDEV_BUILTIN_USB_ID,
-#ifdef HAVE_ACL
-        UDEV_BUILTIN_UACCESS,
-#endif
-        UDEV_BUILTIN_MAX
-};
-struct udev_builtin {
-        const char *name;
-        int (*cmd)(struct udev_device *dev, int argc, char *argv[], bool test);
-        const char *help;
-        int (*init)(struct udev *udev);
-        void (*exit)(struct udev *udev);
-        bool (*validate)(struct udev *udev);
-        bool run_once;
-};
-#ifdef HAVE_BLKID
-extern const struct udev_builtin udev_builtin_blkid;
-#endif
-extern const struct udev_builtin udev_builtin_btrfs;
-extern const struct udev_builtin udev_builtin_hwdb;
-extern const struct udev_builtin udev_builtin_input_id;
-extern const struct udev_builtin udev_builtin_keyboard;
-#ifdef HAVE_KMOD
-extern const struct udev_builtin udev_builtin_kmod;
-#endif
-extern const struct udev_builtin udev_builtin_net_id;
-extern const struct udev_builtin udev_builtin_net_setup_link;
-extern const struct udev_builtin udev_builtin_path_id;
-extern const struct udev_builtin udev_builtin_usb_id;
-extern const struct udev_builtin udev_builtin_uaccess;
-void udev_builtin_init(struct udev *udev);
-void udev_builtin_exit(struct udev *udev);
-enum udev_builtin_cmd udev_builtin_lookup(const char *command);
-const char *udev_builtin_name(enum udev_builtin_cmd cmd);
-bool udev_builtin_run_once(enum udev_builtin_cmd cmd);
-int udev_builtin_run(struct udev_device *dev, enum udev_builtin_cmd cmd, const char *command, bool test);
-void udev_builtin_list(struct udev *udev);
-bool udev_builtin_validate(struct udev *udev);
-int udev_builtin_add_property(struct udev_device *dev, bool test, const char *key, const char *val);
-int udev_builtin_hwdb_lookup(struct udev_device *dev, const char *prefix, const char *modalias,
-                             const char *filter, bool test);
-
-/* udevadm commands */
-struct udevadm_cmd {
-        const char *name;
-        int (*cmd)(struct udev *udev, int argc, char *argv[]);
-        const char *help;
-        int debug;
-};
-extern const struct udevadm_cmd udevadm_info;
-extern const struct udevadm_cmd udevadm_trigger;
-extern const struct udevadm_cmd udevadm_settle;
-extern const struct udevadm_cmd udevadm_control;
-extern const struct udevadm_cmd udevadm_monitor;
-extern const struct udevadm_cmd udevadm_hwdb;
-extern const struct udevadm_cmd udevadm_test;
-extern const struct udevadm_cmd udevadm_test_builtin;
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
deleted file mode 100644
index e9dd2f47c7..0000000000
--- a/src/udev/udevd.c
+++ /dev/null
@@ -1,1765 +0,0 @@
-/*
- * Copyright (C) 2004-2012 Kay Sievers <kay@vrfy.org>
- * Copyright (C) 2004 Chris Friesen <chris_friesen@sympatico.ca>
- * Copyright (C) 2009 Canonical Ltd.
- * Copyright (C) 2009 Scott James Remnant <scott@netsplit.com>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <signal.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/epoll.h>
-#include <sys/file.h>
-#include <sys/inotify.h>
-#include <sys/ioctl.h>
-#include <sys/mount.h>
-#include <sys/prctl.h>
-#include <sys/signalfd.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-#include "sd-daemon.h"
-#include "sd-event.h"
-
-#include "alloc-util.h"
-#include "cgroup-util.h"
-#include "cpu-set-util.h"
-#include "dev-setup.h"
-#include "fd-util.h"
-#include "fileio.h"
-#include "formats-util.h"
-#include "fs-util.h"
-#include "hashmap.h"
-#include "io-util.h"
-#include "netlink-util.h"
-#include "parse-util.h"
-#include "proc-cmdline.h"
-#include "process-util.h"
-#include "selinux-util.h"
-#include "signal-util.h"
-#include "socket-util.h"
-#include "string-util.h"
-#include "terminal-util.h"
-#include "udev-util.h"
-#include "udev.h"
-#include "user-util.h"
-
-static bool arg_debug = false;
-static int arg_daemonize = false;
-static int arg_resolve_names = 1;
-static unsigned arg_children_max;
-static int arg_exec_delay;
-static usec_t arg_event_timeout_usec = 180 * USEC_PER_SEC;
-static usec_t arg_event_timeout_warn_usec = 180 * USEC_PER_SEC / 3;
-
-typedef struct Manager {
-        struct udev *udev;
-        sd_event *event;
-        Hashmap *workers;
-        struct udev_list_node events;
-        const char *cgroup;
-        pid_t pid; /* the process that originally allocated the manager object */
-
-        struct udev_rules *rules;
-        struct udev_list properties;
-
-        struct udev_monitor *monitor;
-        struct udev_ctrl *ctrl;
-        struct udev_ctrl_connection *ctrl_conn_blocking;
-        int fd_inotify;
-        int worker_watch[2];
-
-        sd_event_source *ctrl_event;
-        sd_event_source *uevent_event;
-        sd_event_source *inotify_event;
-
-        usec_t last_usec;
-
-        bool stop_exec_queue:1;
-        bool exit:1;
-} Manager;
-
-enum event_state {
-        EVENT_UNDEF,
-        EVENT_QUEUED,
-        EVENT_RUNNING,
-};
-
-struct event {
-        struct udev_list_node node;
-        Manager *manager;
-        struct udev *udev;
-        struct udev_device *dev;
-        struct udev_device *dev_kernel;
-        struct worker *worker;
-        enum event_state state;
-        unsigned long long int delaying_seqnum;
-        unsigned long long int seqnum;
-        const char *devpath;
-        size_t devpath_len;
-        const char *devpath_old;
-        dev_t devnum;
-        int ifindex;
-        bool is_block;
-        sd_event_source *timeout_warning;
-        sd_event_source *timeout;
-};
-
-static inline struct event *node_to_event(struct udev_list_node *node) {
-        return container_of(node, struct event, node);
-}
-
-static void event_queue_cleanup(Manager *manager, enum event_state type);
-
-enum worker_state {
-        WORKER_UNDEF,
-        WORKER_RUNNING,
-        WORKER_IDLE,
-        WORKER_KILLED,
-};
-
-struct worker {
-        Manager *manager;
-        struct udev_list_node node;
-        int refcount;
-        pid_t pid;
-        struct udev_monitor *monitor;
-        enum worker_state state;
-        struct event *event;
-};
-
-/* passed from worker to main process */
-struct worker_message {
-};
-
-static void event_free(struct event *event) {
-        int r;
-
-        if (!event)
-                return;
-
-        udev_list_node_remove(&event->node);
-        udev_device_unref(event->dev);
-        udev_device_unref(event->dev_kernel);
-
-        sd_event_source_unref(event->timeout_warning);
-        sd_event_source_unref(event->timeout);
-
-        if (event->worker)
-                event->worker->event = NULL;
-
-        assert(event->manager);
-
-        if (udev_list_node_is_empty(&event->manager->events)) {
-                /* only clean up the queue from the process that created it */
-                if (event->manager->pid == getpid()) {
-                        r = unlink("/run/udev/queue");
-                        if (r < 0)
-                                log_warning_errno(errno, "could not unlink /run/udev/queue: %m");
-                }
-        }
-
-        free(event);
-}
-
-static void worker_free(struct worker *worker) {
-        if (!worker)
-                return;
-
-        assert(worker->manager);
-
-        hashmap_remove(worker->manager->workers, PID_TO_PTR(worker->pid));
-        udev_monitor_unref(worker->monitor);
-        event_free(worker->event);
-
-        free(worker);
-}
-
-static void manager_workers_free(Manager *manager) {
-        struct worker *worker;
-        Iterator i;
-
-        assert(manager);
-
-        HASHMAP_FOREACH(worker, manager->workers, i)
-                worker_free(worker);
-
-        manager->workers = hashmap_free(manager->workers);
-}
-
-static int worker_new(struct worker **ret, Manager *manager, struct udev_monitor *worker_monitor, pid_t pid) {
-        _cleanup_free_ struct worker *worker = NULL;
-        int r;
-
-        assert(ret);
-        assert(manager);
-        assert(worker_monitor);
-        assert(pid > 1);
-
-        worker = new0(struct worker, 1);
-        if (!worker)
-                return -ENOMEM;
-
-        worker->refcount = 1;
-        worker->manager = manager;
-        /* close monitor, but keep address around */
-        udev_monitor_disconnect(worker_monitor);
-        worker->monitor = udev_monitor_ref(worker_monitor);
-        worker->pid = pid;
-
-        r = hashmap_ensure_allocated(&manager->workers, NULL);
-        if (r < 0)
-                return r;
-
-        r = hashmap_put(manager->workers, PID_TO_PTR(pid), worker);
-        if (r < 0)
-                return r;
-
-        *ret = worker;
-        worker = NULL;
-
-        return 0;
-}
-
-static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
-        struct event *event = userdata;
-
-        assert(event);
-        assert(event->worker);
-
-        kill_and_sigcont(event->worker->pid, SIGKILL);
-        event->worker->state = WORKER_KILLED;
-
-        log_error("seq %llu '%s' killed", udev_device_get_seqnum(event->dev), event->devpath);
-
-        return 1;
-}
-
-static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) {
-        struct event *event = userdata;
-
-        assert(event);
-
-        log_warning("seq %llu '%s' is taking a long time", udev_device_get_seqnum(event->dev), event->devpath);
-
-        return 1;
-}
-
-static void worker_attach_event(struct worker *worker, struct event *event) {
-        sd_event *e;
-        uint64_t usec;
-
-        assert(worker);
-        assert(worker->manager);
-        assert(event);
-        assert(!event->worker);
-        assert(!worker->event);
-
-        worker->state = WORKER_RUNNING;
-        worker->event = event;
-        event->state = EVENT_RUNNING;
-        event->worker = worker;
-
-        e = worker->manager->event;
-
-        assert_se(sd_event_now(e, clock_boottime_or_monotonic(), &usec) >= 0);
-
-        (void) sd_event_add_time(e, &event->timeout_warning, clock_boottime_or_monotonic(),
-                                 usec + arg_event_timeout_warn_usec, USEC_PER_SEC, on_event_timeout_warning, event);
-
-        (void) sd_event_add_time(e, &event->timeout, clock_boottime_or_monotonic(),
-                                 usec + arg_event_timeout_usec, USEC_PER_SEC, on_event_timeout, event);
-}
-
-static void manager_free(Manager *manager) {
-        if (!manager)
-                return;
-
-        udev_builtin_exit(manager->udev);
-
-        sd_event_source_unref(manager->ctrl_event);
-        sd_event_source_unref(manager->uevent_event);
-        sd_event_source_unref(manager->inotify_event);
-
-        udev_unref(manager->udev);
-        sd_event_unref(manager->event);
-        manager_workers_free(manager);
-        event_queue_cleanup(manager, EVENT_UNDEF);
-
-        udev_monitor_unref(manager->monitor);
-        udev_ctrl_unref(manager->ctrl);
-        udev_ctrl_connection_unref(manager->ctrl_conn_blocking);
-
-        udev_list_cleanup(&manager->properties);
-        udev_rules_unref(manager->rules);
-
-        safe_close(manager->fd_inotify);
-        safe_close_pair(manager->worker_watch);
-
-        free(manager);
-}
-
-DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
-
-static int worker_send_message(int fd) {
-        struct worker_message message = {};
-
-        return loop_write(fd, &message, sizeof(message), false);
-}
-
-static void worker_spawn(Manager *manager, struct event *event) {
-        struct udev *udev = event->udev;
-        _cleanup_udev_monitor_unref_ struct udev_monitor *worker_monitor = NULL;
-        pid_t pid;
-        int r = 0;
-
-        /* listen for new events */
-        worker_monitor = udev_monitor_new_from_netlink(udev, NULL);
-        if (worker_monitor == NULL)
-                return;
-        /* allow the main daemon netlink address to send devices to the worker */
-        udev_monitor_allow_unicast_sender(worker_monitor, manager->monitor);
-        r = udev_monitor_enable_receiving(worker_monitor);
-        if (r < 0)
-                log_error_errno(r, "worker: could not enable receiving of device: %m");
-
-        pid = fork();
-        switch (pid) {
-        case 0: {
-                struct udev_device *dev = NULL;
-                _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
-                int fd_monitor;
-                _cleanup_close_ int fd_signal = -1, fd_ep = -1;
-                struct epoll_event ep_signal = { .events = EPOLLIN };
-                struct epoll_event ep_monitor = { .events = EPOLLIN };
-                sigset_t mask;
-
-                /* take initial device from queue */
-                dev = event->dev;
-                event->dev = NULL;
-
-                unsetenv("NOTIFY_SOCKET");
-
-                manager_workers_free(manager);
-                event_queue_cleanup(manager, EVENT_UNDEF);
-
-                manager->monitor = udev_monitor_unref(manager->monitor);
-                manager->ctrl_conn_blocking = udev_ctrl_connection_unref(manager->ctrl_conn_blocking);
-                manager->ctrl = udev_ctrl_unref(manager->ctrl);
-                manager->ctrl_conn_blocking = udev_ctrl_connection_unref(manager->ctrl_conn_blocking);
-                manager->worker_watch[READ_END] = safe_close(manager->worker_watch[READ_END]);
-
-                manager->ctrl_event = sd_event_source_unref(manager->ctrl_event);
-                manager->uevent_event = sd_event_source_unref(manager->uevent_event);
-                manager->inotify_event = sd_event_source_unref(manager->inotify_event);
-
-                manager->event = sd_event_unref(manager->event);
-
-                sigfillset(&mask);
-                fd_signal = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
-                if (fd_signal < 0) {
-                        r = log_error_errno(errno, "error creating signalfd %m");
-                        goto out;
-                }
-                ep_signal.data.fd = fd_signal;
-
-                fd_monitor = udev_monitor_get_fd(worker_monitor);
-                ep_monitor.data.fd = fd_monitor;
-
-                fd_ep = epoll_create1(EPOLL_CLOEXEC);
-                if (fd_ep < 0) {
-                        r = log_error_errno(errno, "error creating epoll fd: %m");
-                        goto out;
-                }
-
-                if (epoll_ctl(fd_ep, EPOLL_CTL_ADD, fd_signal, &ep_signal) < 0 ||
-                    epoll_ctl(fd_ep, EPOLL_CTL_ADD, fd_monitor, &ep_monitor) < 0) {
-                        r = log_error_errno(errno, "fail to add fds to epoll: %m");
-                        goto out;
-                }
-
-                /* Request TERM signal if parent exits.
-                   Ignore error, not much we can do in that case. */
-                (void) prctl(PR_SET_PDEATHSIG, SIGTERM);
-
-                /* Reset OOM score, we only protect the main daemon. */
-                write_string_file("/proc/self/oom_score_adj", "0", 0);
-
-                for (;;) {
-                        struct udev_event *udev_event;
-                        int fd_lock = -1;
-
-                        assert(dev);
-
-                        log_debug("seq %llu running", udev_device_get_seqnum(dev));
-                        udev_event = udev_event_new(dev);
-                        if (udev_event == NULL) {
-                                r = -ENOMEM;
-                                goto out;
-                        }
-
-                        if (arg_exec_delay > 0)
-                                udev_event->exec_delay = arg_exec_delay;
-
-                        /*
-                         * Take a shared lock on the device node; this establishes
-                         * a concept of device "ownership" to serialize device
-                         * access. External processes holding an exclusive lock will
-                         * cause udev to skip the event handling; in the case udev
-                         * acquired the lock, the external process can block until
-                         * udev has finished its event handling.
-                         */
-                        if (!streq_ptr(udev_device_get_action(dev), "remove") &&
-                            streq_ptr("block", udev_device_get_subsystem(dev)) &&
-                            !startswith(udev_device_get_sysname(dev), "dm-") &&
-                            !startswith(udev_device_get_sysname(dev), "md")) {
-                                struct udev_device *d = dev;
-
-                                if (streq_ptr("partition", udev_device_get_devtype(d)))
-                                        d = udev_device_get_parent(d);
-
-                                if (d) {
-                                        fd_lock = open(udev_device_get_devnode(d), O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK);
-                                        if (fd_lock >= 0 && flock(fd_lock, LOCK_SH|LOCK_NB) < 0) {
-                                                log_debug_errno(errno, "Unable to flock(%s), skipping event handling: %m", udev_device_get_devnode(d));
-                                                fd_lock = safe_close(fd_lock);
-                                                goto skip;
-                                        }
-                                }
-                        }
-
-                        /* needed for renaming netifs */
-                        udev_event->rtnl = rtnl;
-
-                        /* apply rules, create node, symlinks */
-                        udev_event_execute_rules(udev_event,
-                                                 arg_event_timeout_usec, arg_event_timeout_warn_usec,
-                                                 &manager->properties,
-                                                 manager->rules);
-
-                        udev_event_execute_run(udev_event,
-                                               arg_event_timeout_usec, arg_event_timeout_warn_usec);
-
-                        if (udev_event->rtnl)
-                                /* in case rtnl was initialized */
-                                rtnl = sd_netlink_ref(udev_event->rtnl);
-
-                        /* apply/restore inotify watch */
-                        if (udev_event->inotify_watch) {
-                                udev_watch_begin(udev, dev);
-                                udev_device_update_db(dev);
-                        }
-
-                        safe_close(fd_lock);
-
-                        /* send processed event back to libudev listeners */
-                        udev_monitor_send_device(worker_monitor, NULL, dev);
-
-skip:
-                        log_debug("seq %llu processed", udev_device_get_seqnum(dev));
-
-                        /* send udevd the result of the event execution */
-                        r = worker_send_message(manager->worker_watch[WRITE_END]);
-                        if (r < 0)
-                                log_error_errno(r, "failed to send result of seq %llu to main daemon: %m",
-                                                udev_device_get_seqnum(dev));
-
-                        udev_device_unref(dev);
-                        dev = NULL;
-
-                        udev_event_unref(udev_event);
-
-                        /* wait for more device messages from main udevd, or term signal */
-                        while (dev == NULL) {
-                                struct epoll_event ev[4];
-                                int fdcount;
-                                int i;
-
-                                fdcount = epoll_wait(fd_ep, ev, ELEMENTSOF(ev), -1);
-                                if (fdcount < 0) {
-                                        if (errno == EINTR)
-                                                continue;
-                                        r = log_error_errno(errno, "failed to poll: %m");
-                                        goto out;
-                                }
-
-                                for (i = 0; i < fdcount; i++) {
-                                        if (ev[i].data.fd == fd_monitor && ev[i].events & EPOLLIN) {
-                                                dev = udev_monitor_receive_device(worker_monitor);
-                                                break;
-                                        } else if (ev[i].data.fd == fd_signal && ev[i].events & EPOLLIN) {
-                                                struct signalfd_siginfo fdsi;
-                                                ssize_t size;
-
-                                                size = read(fd_signal, &fdsi, sizeof(struct signalfd_siginfo));
-                                                if (size != sizeof(struct signalfd_siginfo))
-                                                        continue;
-                                                switch (fdsi.ssi_signo) {
-                                                case SIGTERM:
-                                                        goto out;
-                                                }
-                                        }
-                                }
-                        }
-                }
-out:
-                udev_device_unref(dev);
-                manager_free(manager);
-                log_close();
-                _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
-        }
-        case -1:
-                event->state = EVENT_QUEUED;
-                log_error_errno(errno, "fork of child failed: %m");
-                break;
-        default:
-        {
-                struct worker *worker;
-
-                r = worker_new(&worker, manager, worker_monitor, pid);
-                if (r < 0)
-                        return;
-
-                worker_attach_event(worker, event);
-
-                log_debug("seq %llu forked new worker ["PID_FMT"]", udev_device_get_seqnum(event->dev), pid);
-                break;
-        }
-        }
-}
-
-static void event_run(Manager *manager, struct event *event) {
-        struct worker *worker;
-        Iterator i;
-
-        assert(manager);
-        assert(event);
-
-        HASHMAP_FOREACH(worker, manager->workers, i) {
-                ssize_t count;
-
-                if (worker->state != WORKER_IDLE)
-                        continue;
-
-                count = udev_monitor_send_device(manager->monitor, worker->monitor, event->dev);
-                if (count < 0) {
-                        log_error_errno(errno, "worker ["PID_FMT"] did not accept message %zi (%m), kill it",
-                                        worker->pid, count);
-                        kill(worker->pid, SIGKILL);
-                        worker->state = WORKER_KILLED;
-                        continue;
-                }
-                worker_attach_event(worker, event);
-                return;
-        }
-
-        if (hashmap_size(manager->workers) >= arg_children_max) {
-                if (arg_children_max > 1)
-                        log_debug("maximum number (%i) of children reached", hashmap_size(manager->workers));
-                return;
-        }
-
-        /* start new worker and pass initial device */
-        worker_spawn(manager, event);
-}
-
-static int event_queue_insert(Manager *manager, struct udev_device *dev) {
-        struct event *event;
-        int r;
-
-        assert(manager);
-        assert(dev);
-
-        /* only one process can add events to the queue */
-        if (manager->pid == 0)
-                manager->pid = getpid();
-
-        assert(manager->pid == getpid());
-
-        event = new0(struct event, 1);
-        if (!event)
-                return -ENOMEM;
-
-        event->udev = udev_device_get_udev(dev);
-        event->manager = manager;
-        event->dev = dev;
-        event->dev_kernel = udev_device_shallow_clone(dev);
-        udev_device_copy_properties(event->dev_kernel, dev);
-        event->seqnum = udev_device_get_seqnum(dev);
-        event->devpath = udev_device_get_devpath(dev);
-        event->devpath_len = strlen(event->devpath);
-        event->devpath_old = udev_device_get_devpath_old(dev);
-        event->devnum = udev_device_get_devnum(dev);
-        event->is_block = streq("block", udev_device_get_subsystem(dev));
-        event->ifindex = udev_device_get_ifindex(dev);
-
-        log_debug("seq %llu queued, '%s' '%s'", udev_device_get_seqnum(dev),
-             udev_device_get_action(dev), udev_device_get_subsystem(dev));
-
-        event->state = EVENT_QUEUED;
-
-        if (udev_list_node_is_empty(&manager->events)) {
-                r = touch("/run/udev/queue");
-                if (r < 0)
-                        log_warning_errno(r, "could not touch /run/udev/queue: %m");
-        }
-
-        udev_list_node_append(&event->node, &manager->events);
-
-        return 0;
-}
-
-static void manager_kill_workers(Manager *manager) {
-        struct worker *worker;
-        Iterator i;
-
-        assert(manager);
-
-        HASHMAP_FOREACH(worker, manager->workers, i) {
-                if (worker->state == WORKER_KILLED)
-                        continue;
-
-                worker->state = WORKER_KILLED;
-                kill(worker->pid, SIGTERM);
-        }
-}
-
-/* lookup event for identical, parent, child device */
-static bool is_devpath_busy(Manager *manager, struct event *event) {
-        struct udev_list_node *loop;
-        size_t common;
-
-        /* check if queue contains events we depend on */
-        udev_list_node_foreach(loop, &manager->events) {
-                struct event *loop_event = node_to_event(loop);
-
-                /* we already found a later event, earlier can not block us, no need to check again */
-                if (loop_event->seqnum < event->delaying_seqnum)
-                        continue;
-
-                /* event we checked earlier still exists, no need to check again */
-                if (loop_event->seqnum == event->delaying_seqnum)
-                        return true;
-
-                /* found ourself, no later event can block us */
-                if (loop_event->seqnum >= event->seqnum)
-                        break;
-
-                /* check major/minor */
-                if (major(event->devnum) != 0 && event->devnum == loop_event->devnum && event->is_block == loop_event->is_block)
-                        return true;
-
-                /* check network device ifindex */
-                if (event->ifindex != 0 && event->ifindex == loop_event->ifindex)
-                        return true;
-
-                /* check our old name */
-                if (event->devpath_old != NULL && streq(loop_event->devpath, event->devpath_old)) {
-                        event->delaying_seqnum = loop_event->seqnum;
-                        return true;
-                }
-
-                /* compare devpath */
-                common = MIN(loop_event->devpath_len, event->devpath_len);
-
-                /* one devpath is contained in the other? */
-                if (memcmp(loop_event->devpath, event->devpath, common) != 0)
-                        continue;
-
-                /* identical device event found */
-                if (loop_event->devpath_len == event->devpath_len) {
-                        /* devices names might have changed/swapped in the meantime */
-                        if (major(event->devnum) != 0 && (event->devnum != loop_event->devnum || event->is_block != loop_event->is_block))
-                                continue;
-                        if (event->ifindex != 0 && event->ifindex != loop_event->ifindex)
-                                continue;
-                        event->delaying_seqnum = loop_event->seqnum;
-                        return true;
-                }
-
-                /* parent device event found */
-                if (event->devpath[common] == '/') {
-                        event->delaying_seqnum = loop_event->seqnum;
-                        return true;
-                }
-
-                /* child device event found */
-                if (loop_event->devpath[common] == '/') {
-                        event->delaying_seqnum = loop_event->seqnum;
-                        return true;
-                }
-
-                /* no matching device */
-                continue;
-        }
-
-        return false;
-}
-
-static int on_exit_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
-        Manager *manager = userdata;
-
-        assert(manager);
-
-        log_error_errno(ETIMEDOUT, "giving up waiting for workers to finish");
-
-        sd_event_exit(manager->event, -ETIMEDOUT);
-
-        return 1;
-}
-
-static void manager_exit(Manager *manager) {
-        uint64_t usec;
-        int r;
-
-        assert(manager);
-
-        manager->exit = true;
-
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Starting shutdown...");
-
-        /* close sources of new events and discard buffered events */
-        manager->ctrl_event = sd_event_source_unref(manager->ctrl_event);
-        manager->ctrl = udev_ctrl_unref(manager->ctrl);
-
-        manager->inotify_event = sd_event_source_unref(manager->inotify_event);
-        manager->fd_inotify = safe_close(manager->fd_inotify);
-
-        manager->uevent_event = sd_event_source_unref(manager->uevent_event);
-        manager->monitor = udev_monitor_unref(manager->monitor);
-
-        /* discard queued events and kill workers */
-        event_queue_cleanup(manager, EVENT_QUEUED);
-        manager_kill_workers(manager);
-
-        assert_se(sd_event_now(manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
-
-        r = sd_event_add_time(manager->event, NULL, clock_boottime_or_monotonic(),
-                              usec + 30 * USEC_PER_SEC, USEC_PER_SEC, on_exit_timeout, manager);
-        if (r < 0)
-                return;
-}
-
-/* reload requested, HUP signal received, rules changed, builtin changed */
-static void manager_reload(Manager *manager) {
-
-        assert(manager);
-
-        sd_notify(false,
-                  "RELOADING=1\n"
-                  "STATUS=Flushing configuration...");
-
-        manager_kill_workers(manager);
-        manager->rules = udev_rules_unref(manager->rules);
-        udev_builtin_exit(manager->udev);
-
-        sd_notify(false,
-                  "READY=1\n"
-                  "STATUS=Processing...");
-}
-
-static void event_queue_start(Manager *manager) {
-        struct udev_list_node *loop;
-        usec_t usec;
-
-        assert(manager);
-
-        if (udev_list_node_is_empty(&manager->events) ||
-            manager->exit || manager->stop_exec_queue)
-                return;
-
-        assert_se(sd_event_now(manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
-        /* check for changed config, every 3 seconds at most */
-        if (manager->last_usec == 0 ||
-            (usec - manager->last_usec) > 3 * USEC_PER_SEC) {
-                if (udev_rules_check_timestamp(manager->rules) ||
-                    udev_builtin_validate(manager->udev))
-                        manager_reload(manager);
-
-                manager->last_usec = usec;
-        }
-
-        udev_builtin_init(manager->udev);
-
-        if (!manager->rules) {
-                manager->rules = udev_rules_new(manager->udev, arg_resolve_names);
-                if (!manager->rules)
-                        return;
-        }
-
-        udev_list_node_foreach(loop, &manager->events) {
-                struct event *event = node_to_event(loop);
-
-                if (event->state != EVENT_QUEUED)
-                        continue;
-
-                /* do not start event if parent or child event is still running */
-                if (is_devpath_busy(manager, event))
-                        continue;
-
-                event_run(manager, event);
-        }
-}
-
-static void event_queue_cleanup(Manager *manager, enum event_state match_type) {
-        struct udev_list_node *loop, *tmp;
-
-        udev_list_node_foreach_safe(loop, tmp, &manager->events) {
-                struct event *event = node_to_event(loop);
-
-                if (match_type != EVENT_UNDEF && match_type != event->state)
-                        continue;
-
-                event_free(event);
-        }
-}
-
-static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Manager *manager = userdata;
-
-        assert(manager);
-
-        for (;;) {
-                struct worker_message msg;
-                struct iovec iovec = {
-                        .iov_base = &msg,
-                        .iov_len = sizeof(msg),
-                };
-                union {
-                        struct cmsghdr cmsghdr;
-                        uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
-                } control = {};
-                struct msghdr msghdr = {
-                        .msg_iov = &iovec,
-                        .msg_iovlen = 1,
-                        .msg_control = &control,
-                        .msg_controllen = sizeof(control),
-                };
-                struct cmsghdr *cmsg;
-                ssize_t size;
-                struct ucred *ucred = NULL;
-                struct worker *worker;
-
-                size = recvmsg(fd, &msghdr, MSG_DONTWAIT);
-                if (size < 0) {
-                        if (errno == EINTR)
-                                continue;
-                        else if (errno == EAGAIN)
-                                /* nothing more to read */
-                                break;
-
-                        return log_error_errno(errno, "failed to receive message: %m");
-                } else if (size != sizeof(struct worker_message)) {
-                        log_warning_errno(EIO, "ignoring worker message with invalid size %zi bytes", size);
-                        continue;
-                }
-
-                CMSG_FOREACH(cmsg, &msghdr) {
-                        if (cmsg->cmsg_level == SOL_SOCKET &&
-                            cmsg->cmsg_type == SCM_CREDENTIALS &&
-                            cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
-                                ucred = (struct ucred*) CMSG_DATA(cmsg);
-                }
-
-                if (!ucred || ucred->pid <= 0) {
-                        log_warning_errno(EIO, "ignoring worker message without valid PID");
-                        continue;
-                }
-
-                /* lookup worker who sent the signal */
-                worker = hashmap_get(manager->workers, PID_TO_PTR(ucred->pid));
-                if (!worker) {
-                        log_debug("worker ["PID_FMT"] returned, but is no longer tracked", ucred->pid);
-                        continue;
-                }
-
-                if (worker->state != WORKER_KILLED)
-                        worker->state = WORKER_IDLE;
-
-                /* worker returned */
-                event_free(worker->event);
-        }
-
-        /* we have free workers, try to schedule events */
-        event_queue_start(manager);
-
-        return 1;
-}
-
-static int on_uevent(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Manager *manager = userdata;
-        struct udev_device *dev;
-        int r;
-
-        assert(manager);
-
-        dev = udev_monitor_receive_device(manager->monitor);
-        if (dev) {
-                udev_device_ensure_usec_initialized(dev, NULL);
-                r = event_queue_insert(manager, dev);
-                if (r < 0)
-                        udev_device_unref(dev);
-                else
-                        /* we have fresh events, try to schedule them */
-                        event_queue_start(manager);
-        }
-
-        return 1;
-}
-
-/* receive the udevd message from userspace */
-static int on_ctrl_msg(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Manager *manager = userdata;
-        _cleanup_udev_ctrl_connection_unref_ struct udev_ctrl_connection *ctrl_conn = NULL;
-        _cleanup_udev_ctrl_msg_unref_ struct udev_ctrl_msg *ctrl_msg = NULL;
-        const char *str;
-        int i;
-
-        assert(manager);
-
-        ctrl_conn = udev_ctrl_get_connection(manager->ctrl);
-        if (!ctrl_conn)
-                return 1;
-
-        ctrl_msg = udev_ctrl_receive_msg(ctrl_conn);
-        if (!ctrl_msg)
-                return 1;
-
-        i = udev_ctrl_get_set_log_level(ctrl_msg);
-        if (i >= 0) {
-                log_debug("udevd message (SET_LOG_LEVEL) received, log_priority=%i", i);
-                log_set_max_level(i);
-                manager_kill_workers(manager);
-        }
-
-        if (udev_ctrl_get_stop_exec_queue(ctrl_msg) > 0) {
-                log_debug("udevd message (STOP_EXEC_QUEUE) received");
-                manager->stop_exec_queue = true;
-        }
-
-        if (udev_ctrl_get_start_exec_queue(ctrl_msg) > 0) {
-                log_debug("udevd message (START_EXEC_QUEUE) received");
-                manager->stop_exec_queue = false;
-                event_queue_start(manager);
-        }
-
-        if (udev_ctrl_get_reload(ctrl_msg) > 0) {
-                log_debug("udevd message (RELOAD) received");
-                manager_reload(manager);
-        }
-
-        str = udev_ctrl_get_set_env(ctrl_msg);
-        if (str != NULL) {
-                _cleanup_free_ char *key = NULL;
-
-                key = strdup(str);
-                if (key) {
-                        char *val;
-
-                        val = strchr(key, '=');
-                        if (val != NULL) {
-                                val[0] = '\0';
-                                val = &val[1];
-                                if (val[0] == '\0') {
-                                        log_debug("udevd message (ENV) received, unset '%s'", key);
-                                        udev_list_entry_add(&manager->properties, key, NULL);
-                                } else {
-                                        log_debug("udevd message (ENV) received, set '%s=%s'", key, val);
-                                        udev_list_entry_add(&manager->properties, key, val);
-                                }
-                        } else
-                                log_error("wrong key format '%s'", key);
-                }
-                manager_kill_workers(manager);
-        }
-
-        i = udev_ctrl_get_set_children_max(ctrl_msg);
-        if (i >= 0) {
-                log_debug("udevd message (SET_MAX_CHILDREN) received, children_max=%i", i);
-                arg_children_max = i;
-        }
-
-        if (udev_ctrl_get_ping(ctrl_msg) > 0)
-                log_debug("udevd message (SYNC) received");
-
-        if (udev_ctrl_get_exit(ctrl_msg) > 0) {
-                log_debug("udevd message (EXIT) received");
-                manager_exit(manager);
-                /* keep reference to block the client until we exit
-                   TODO: deal with several blocking exit requests */
-                manager->ctrl_conn_blocking = udev_ctrl_connection_ref(ctrl_conn);
-        }
-
-        return 1;
-}
-
-static int synthesize_change(struct udev_device *dev) {
-        char filename[UTIL_PATH_SIZE];
-        int r;
-
-        if (streq_ptr("block", udev_device_get_subsystem(dev)) &&
-            streq_ptr("disk", udev_device_get_devtype(dev)) &&
-            !startswith(udev_device_get_sysname(dev), "dm-")) {
-                bool part_table_read = false;
-                bool has_partitions = false;
-                int fd;
-                struct udev *udev = udev_device_get_udev(dev);
-                _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
-                struct udev_list_entry *item;
-
-                /*
-                 * Try to re-read the partition table. This only succeeds if
-                 * none of the devices is busy. The kernel returns 0 if no
-                 * partition table is found, and we will not get an event for
-                 * the disk.
-                 */
-                fd = open(udev_device_get_devnode(dev), O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK);
-                if (fd >= 0) {
-                        r = flock(fd, LOCK_EX|LOCK_NB);
-                        if (r >= 0)
-                                r = ioctl(fd, BLKRRPART, 0);
-
-                        close(fd);
-                        if (r >= 0)
-                                part_table_read = true;
-                }
-
-                /* search for partitions */
-                e = udev_enumerate_new(udev);
-                if (!e)
-                        return -ENOMEM;
-
-                r = udev_enumerate_add_match_parent(e, dev);
-                if (r < 0)
-                        return r;
-
-                r = udev_enumerate_add_match_subsystem(e, "block");
-                if (r < 0)
-                        return r;
-
-                r = udev_enumerate_scan_devices(e);
-                if (r < 0)
-                        return r;
-
-                udev_list_entry_foreach(item, udev_enumerate_get_list_entry(e)) {
-                        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-
-                        d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
-                        if (!d)
-                                continue;
-
-                        if (!streq_ptr("partition", udev_device_get_devtype(d)))
-                                continue;
-
-                        has_partitions = true;
-                        break;
-                }
-
-                /*
-                 * We have partitions and re-read the table, the kernel already sent
-                 * out a "change" event for the disk, and "remove/add" for all
-                 * partitions.
-                 */
-                if (part_table_read && has_partitions)
-                        return 0;
-
-                /*
-                 * We have partitions but re-reading the partition table did not
-                 * work, synthesize "change" for the disk and all partitions.
-                 */
-                log_debug("device %s closed, synthesising 'change'", udev_device_get_devnode(dev));
-                strscpyl(filename, sizeof(filename), udev_device_get_syspath(dev), "/uevent", NULL);
-                write_string_file(filename, "change", WRITE_STRING_FILE_CREATE);
-
-                udev_list_entry_foreach(item, udev_enumerate_get_list_entry(e)) {
-                        _cleanup_udev_device_unref_ struct udev_device *d = NULL;
-
-                        d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
-                        if (!d)
-                                continue;
-
-                        if (!streq_ptr("partition", udev_device_get_devtype(d)))
-                                continue;
-
-                        log_debug("device %s closed, synthesising partition '%s' 'change'",
-                                  udev_device_get_devnode(dev), udev_device_get_devnode(d));
-                        strscpyl(filename, sizeof(filename), udev_device_get_syspath(d), "/uevent", NULL);
-                        write_string_file(filename, "change", WRITE_STRING_FILE_CREATE);
-                }
-
-                return 0;
-        }
-
-        log_debug("device %s closed, synthesising 'change'", udev_device_get_devnode(dev));
-        strscpyl(filename, sizeof(filename), udev_device_get_syspath(dev), "/uevent", NULL);
-        write_string_file(filename, "change", WRITE_STRING_FILE_CREATE);
-
-        return 0;
-}
-
-static int on_inotify(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
-        Manager *manager = userdata;
-        union inotify_event_buffer buffer;
-        struct inotify_event *e;
-        ssize_t l;
-
-        assert(manager);
-
-        l = read(fd, &buffer, sizeof(buffer));
-        if (l < 0) {
-                if (errno == EAGAIN || errno == EINTR)
-                        return 1;
-
-                return log_error_errno(errno, "Failed to read inotify fd: %m");
-        }
-
-        FOREACH_INOTIFY_EVENT(e, buffer, l) {
-                _cleanup_udev_device_unref_ struct udev_device *dev = NULL;
-
-                dev = udev_watch_lookup(manager->udev, e->wd);
-                if (!dev)
-                        continue;
-
-                log_debug("inotify event: %x for %s", e->mask, udev_device_get_devnode(dev));
-                if (e->mask & IN_CLOSE_WRITE) {
-                        synthesize_change(dev);
-
-                        /* settle might be waiting on us to determine the queue
-                         * state. If we just handled an inotify event, we might have
-                         * generated a "change" event, but we won't have queued up
-                         * the resultant uevent yet. Do that.
-                         */
-                        on_uevent(NULL, -1, 0, manager);
-                } else if (e->mask & IN_IGNORED)
-                        udev_watch_end(manager->udev, dev);
-        }
-
-        return 1;
-}
-
-static int on_sigterm(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        Manager *manager = userdata;
-
-        assert(manager);
-
-        manager_exit(manager);
-
-        return 1;
-}
-
-static int on_sighup(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        Manager *manager = userdata;
-
-        assert(manager);
-
-        manager_reload(manager);
-
-        return 1;
-}
-
-static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
-        Manager *manager = userdata;
-
-        assert(manager);
-
-        for (;;) {
-                pid_t pid;
-                int status;
-                struct worker *worker;
-
-                pid = waitpid(-1, &status, WNOHANG);
-                if (pid <= 0)
-                        break;
-
-                worker = hashmap_get(manager->workers, PID_TO_PTR(pid));
-                if (!worker) {
-                        log_warning("worker ["PID_FMT"] is unknown, ignoring", pid);
-                        continue;
-                }
-
-                if (WIFEXITED(status)) {
-                        if (WEXITSTATUS(status) == 0)
-                                log_debug("worker ["PID_FMT"] exited", pid);
-                        else
-                                log_warning("worker ["PID_FMT"] exited with return code %i", pid, WEXITSTATUS(status));
-                } else if (WIFSIGNALED(status)) {
-                        log_warning("worker ["PID_FMT"] terminated by signal %i (%s)", pid, WTERMSIG(status), strsignal(WTERMSIG(status)));
-                } else if (WIFSTOPPED(status)) {
-                        log_info("worker ["PID_FMT"] stopped", pid);
-                        continue;
-                } else if (WIFCONTINUED(status)) {
-                        log_info("worker ["PID_FMT"] continued", pid);
-                        continue;
-                } else
-                        log_warning("worker ["PID_FMT"] exit with status 0x%04x", pid, status);
-
-                if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
-                        if (worker->event) {
-                                log_error("worker ["PID_FMT"] failed while handling '%s'", pid, worker->event->devpath);
-                                /* delete state from disk */
-                                udev_device_delete_db(worker->event->dev);
-                                udev_device_tag_index(worker->event->dev, NULL, false);
-                                /* forward kernel event without amending it */
-                                udev_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel);
-                        }
-                }
-
-                worker_free(worker);
-        }
-
-        /* we can start new workers, try to schedule events */
-        event_queue_start(manager);
-
-        return 1;
-}
-
-static int on_post(sd_event_source *s, void *userdata) {
-        Manager *manager = userdata;
-        int r;
-
-        assert(manager);
-
-        if (udev_list_node_is_empty(&manager->events)) {
-                /* no pending events */
-                if (!hashmap_isempty(manager->workers)) {
-                        /* there are idle workers */
-                        log_debug("cleanup idle workers");
-                        manager_kill_workers(manager);
-                } else {
-                        /* we are idle */
-                        if (manager->exit) {
-                                r = sd_event_exit(manager->event, 0);
-                                if (r < 0)
-                                        return r;
-                        } else if (manager->cgroup)
-                                /* cleanup possible left-over processes in our cgroup */
-                                cg_kill(SYSTEMD_CGROUP_CONTROLLER, manager->cgroup, SIGKILL, false, true, NULL);
-                }
-        }
-
-        return 1;
-}
-
-static int listen_fds(int *rctrl, int *rnetlink) {
-        _cleanup_udev_unref_ struct udev *udev = NULL;
-        int ctrl_fd = -1, netlink_fd = -1;
-        int fd, n, r;
-
-        assert(rctrl);
-        assert(rnetlink);
-
-        n = sd_listen_fds(true);
-        if (n < 0)
-                return n;
-
-        for (fd = SD_LISTEN_FDS_START; fd < n + SD_LISTEN_FDS_START; fd++) {
-                if (sd_is_socket(fd, AF_LOCAL, SOCK_SEQPACKET, -1)) {
-                        if (ctrl_fd >= 0)
-                                return -EINVAL;
-                        ctrl_fd = fd;
-                        continue;
-                }
-
-                if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1)) {
-                        if (netlink_fd >= 0)
-                                return -EINVAL;
-                        netlink_fd = fd;
-                        continue;
-                }
-
-                return -EINVAL;
-        }
-
-        if (ctrl_fd < 0) {
-                _cleanup_udev_ctrl_unref_ struct udev_ctrl *ctrl = NULL;
-
-                udev = udev_new();
-                if (!udev)
-                        return -ENOMEM;
-
-                ctrl = udev_ctrl_new(udev);
-                if (!ctrl)
-                        return log_error_errno(EINVAL, "error initializing udev control socket");
-
-                r = udev_ctrl_enable_receiving(ctrl);
-                if (r < 0)
-                        return log_error_errno(EINVAL, "error binding udev control socket");
-
-                fd = udev_ctrl_get_fd(ctrl);
-                if (fd < 0)
-                        return log_error_errno(EIO, "could not get ctrl fd");
-
-                ctrl_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-                if (ctrl_fd < 0)
-                        return log_error_errno(errno, "could not dup ctrl fd: %m");
-        }
-
-        if (netlink_fd < 0) {
-                _cleanup_udev_monitor_unref_ struct udev_monitor *monitor = NULL;
-
-                if (!udev) {
-                        udev = udev_new();
-                        if (!udev)
-                                return -ENOMEM;
-                }
-
-                monitor = udev_monitor_new_from_netlink(udev, "kernel");
-                if (!monitor)
-                        return log_error_errno(EINVAL, "error initializing netlink socket");
-
-                (void) udev_monitor_set_receive_buffer_size(monitor, 128 * 1024 * 1024);
-
-                r = udev_monitor_enable_receiving(monitor);
-                if (r < 0)
-                        return log_error_errno(EINVAL, "error binding netlink socket");
-
-                fd = udev_monitor_get_fd(monitor);
-                if (fd < 0)
-                        return log_error_errno(netlink_fd, "could not get uevent fd: %m");
-
-                netlink_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
-                if (ctrl_fd < 0)
-                        return log_error_errno(errno, "could not dup netlink fd: %m");
-        }
-
-        *rctrl = ctrl_fd;
-        *rnetlink = netlink_fd;
-
-        return 0;
-}
-
-/*
- * read the kernel command line, in case we need to get into debug mode
- *   udev.log-priority=<level>                 syslog priority
- *   udev.children-max=<number of workers>     events are fully serialized if set to 1
- *   udev.exec-delay=<number of seconds>       delay execution of every executed program
- *   udev.event-timeout=<number of seconds>    seconds to wait before terminating an event
- */
-static int parse_proc_cmdline_item(const char *key, const char *value) {
-        const char *full_key = key;
-        int r;
-
-        assert(key);
-
-        if (!value)
-                return 0;
-
-        if (startswith(key, "rd."))
-                key += strlen("rd.");
-
-        if (startswith(key, "udev."))
-                key += strlen("udev.");
-        else
-                return 0;
-
-        if (streq(key, "log-priority")) {
-                int prio;
-
-                prio = util_log_priority(value);
-                if (prio < 0)
-                        goto invalid;
-                log_set_max_level(prio);
-        } else if (streq(key, "children-max")) {
-                r = safe_atou(value, &arg_children_max);
-                if (r < 0)
-                        goto invalid;
-        } else if (streq(key, "exec-delay")) {
-                r = safe_atoi(value, &arg_exec_delay);
-                if (r < 0)
-                        goto invalid;
-        } else if (streq(key, "event-timeout")) {
-                r = safe_atou64(value, &arg_event_timeout_usec);
-                if (r < 0)
-                        goto invalid;
-                arg_event_timeout_usec *= USEC_PER_SEC;
-                arg_event_timeout_warn_usec = (arg_event_timeout_usec / 3) ? : 1;
-        }
-
-        return 0;
-invalid:
-        log_warning("invalid %s ignored: %s", full_key, value);
-        return 0;
-}
-
-static void help(void) {
-        printf("%s [OPTIONS...]\n\n"
-               "Manages devices.\n\n"
-               "  -h --help                   Print this message\n"
-               "     --version                Print version of the program\n"
-               "     --daemon                 Detach and run in the background\n"
-               "     --debug                  Enable debug output\n"
-               "     --children-max=INT       Set maximum number of workers\n"
-               "     --exec-delay=SECONDS     Seconds to wait before executing RUN=\n"
-               "     --event-timeout=SECONDS  Seconds to wait before terminating an event\n"
-               "     --resolve-names=early|late|never\n"
-               "                              When to resolve users and groups\n"
-               , program_invocation_short_name);
-}
-
-static int parse_argv(int argc, char *argv[]) {
-        static const struct option options[] = {
-                { "daemon",             no_argument,            NULL, 'd' },
-                { "debug",              no_argument,            NULL, 'D' },
-                { "children-max",       required_argument,      NULL, 'c' },
-                { "exec-delay",         required_argument,      NULL, 'e' },
-                { "event-timeout",      required_argument,      NULL, 't' },
-                { "resolve-names",      required_argument,      NULL, 'N' },
-                { "help",               no_argument,            NULL, 'h' },
-                { "version",            no_argument,            NULL, 'V' },
-                {}
-        };
-
-        int c;
-
-        assert(argc >= 0);
-        assert(argv);
-
-        while ((c = getopt_long(argc, argv, "c:de:Dt:N:hV", options, NULL)) >= 0) {
-                int r;
-
-                switch (c) {
-
-                case 'd':
-                        arg_daemonize = true;
-                        break;
-                case 'c':
-                        r = safe_atou(optarg, &arg_children_max);
-                        if (r < 0)
-                                log_warning("Invalid --children-max ignored: %s", optarg);
-                        break;
-                case 'e':
-                        r = safe_atoi(optarg, &arg_exec_delay);
-                        if (r < 0)
-                                log_warning("Invalid --exec-delay ignored: %s", optarg);
-                        break;
-                case 't':
-                        r = safe_atou64(optarg, &arg_event_timeout_usec);
-                        if (r < 0)
-                                log_warning("Invalid --event-timeout ignored: %s", optarg);
-                        else {
-                                arg_event_timeout_usec *= USEC_PER_SEC;
-                                arg_event_timeout_warn_usec = (arg_event_timeout_usec / 3) ? : 1;
-                        }
-                        break;
-                case 'D':
-                        arg_debug = true;
-                        break;
-                case 'N':
-                        if (streq(optarg, "early")) {
-                                arg_resolve_names = 1;
-                        } else if (streq(optarg, "late")) {
-                                arg_resolve_names = 0;
-                        } else if (streq(optarg, "never")) {
-                                arg_resolve_names = -1;
-                        } else {
-                                log_error("resolve-names must be early, late or never");
-                                return 0;
-                        }
-                        break;
-                case 'h':
-                        help();
-                        return 0;
-                case 'V':
-                        printf("%s\n", VERSION);
-                        return 0;
-                case '?':
-                        return -EINVAL;
-                default:
-                        assert_not_reached("Unhandled option");
-
-                }
-        }
-
-        return 1;
-}
-
-static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cgroup) {
-        _cleanup_(manager_freep) Manager *manager = NULL;
-        int r, fd_worker, one = 1;
-
-        assert(ret);
-        assert(fd_ctrl >= 0);
-        assert(fd_uevent >= 0);
-
-        manager = new0(Manager, 1);
-        if (!manager)
-                return log_oom();
-
-        manager->fd_inotify = -1;
-        manager->worker_watch[WRITE_END] = -1;
-        manager->worker_watch[READ_END] = -1;
-
-        manager->udev = udev_new();
-        if (!manager->udev)
-                return log_error_errno(errno, "could not allocate udev context: %m");
-
-        udev_builtin_init(manager->udev);
-
-        manager->rules = udev_rules_new(manager->udev, arg_resolve_names);
-        if (!manager->rules)
-                return log_error_errno(ENOMEM, "error reading rules");
-
-        udev_list_node_init(&manager->events);
-        udev_list_init(manager->udev, &manager->properties, true);
-
-        manager->cgroup = cgroup;
-
-        manager->ctrl = udev_ctrl_new_from_fd(manager->udev, fd_ctrl);
-        if (!manager->ctrl)
-                return log_error_errno(EINVAL, "error taking over udev control socket");
-
-        manager->monitor = udev_monitor_new_from_netlink_fd(manager->udev, "kernel", fd_uevent);
-        if (!manager->monitor)
-                return log_error_errno(EINVAL, "error taking over netlink socket");
-
-        /* unnamed socket from workers to the main daemon */
-        r = socketpair(AF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0, manager->worker_watch);
-        if (r < 0)
-                return log_error_errno(errno, "error creating socketpair: %m");
-
-        fd_worker = manager->worker_watch[READ_END];
-
-        r = setsockopt(fd_worker, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
-        if (r < 0)
-                return log_error_errno(errno, "could not enable SO_PASSCRED: %m");
-
-        manager->fd_inotify = udev_watch_init(manager->udev);
-        if (manager->fd_inotify < 0)
-                return log_error_errno(ENOMEM, "error initializing inotify");
-
-        udev_watch_restore(manager->udev);
-
-        /* block and listen to all signals on signalfd */
-        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, SIGHUP, SIGCHLD, -1) >= 0);
-
-        r = sd_event_default(&manager->event);
-        if (r < 0)
-                return log_error_errno(r, "could not allocate event loop: %m");
-
-        r = sd_event_add_signal(manager->event, NULL, SIGINT, on_sigterm, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating sigint event source: %m");
-
-        r = sd_event_add_signal(manager->event, NULL, SIGTERM, on_sigterm, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating sigterm event source: %m");
-
-        r = sd_event_add_signal(manager->event, NULL, SIGHUP, on_sighup, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating sighup event source: %m");
-
-        r = sd_event_add_signal(manager->event, NULL, SIGCHLD, on_sigchld, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating sigchld event source: %m");
-
-        r = sd_event_set_watchdog(manager->event, true);
-        if (r < 0)
-                return log_error_errno(r, "error creating watchdog event source: %m");
-
-        r = sd_event_add_io(manager->event, &manager->ctrl_event, fd_ctrl, EPOLLIN, on_ctrl_msg, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating ctrl event source: %m");
-
-        /* This needs to be after the inotify and uevent handling, to make sure
-         * that the ping is send back after fully processing the pending uevents
-         * (including the synthetic ones we may create due to inotify events).
-         */
-        r = sd_event_source_set_priority(manager->ctrl_event, SD_EVENT_PRIORITY_IDLE);
-        if (r < 0)
-                return log_error_errno(r, "cold not set IDLE event priority for ctrl event source: %m");
-
-        r = sd_event_add_io(manager->event, &manager->inotify_event, manager->fd_inotify, EPOLLIN, on_inotify, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating inotify event source: %m");
-
-        r = sd_event_add_io(manager->event, &manager->uevent_event, fd_uevent, EPOLLIN, on_uevent, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating uevent event source: %m");
-
-        r = sd_event_add_io(manager->event, NULL, fd_worker, EPOLLIN, on_worker, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating worker event source: %m");
-
-        r = sd_event_add_post(manager->event, NULL, on_post, manager);
-        if (r < 0)
-                return log_error_errno(r, "error creating post event source: %m");
-
-        *ret = manager;
-        manager = NULL;
-
-        return 0;
-}
-
-static int run(int fd_ctrl, int fd_uevent, const char *cgroup) {
-        _cleanup_(manager_freep) Manager *manager = NULL;
-        int r;
-
-        r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup);
-        if (r < 0) {
-                r = log_error_errno(r, "failed to allocate manager object: %m");
-                goto exit;
-        }
-
-        r = udev_rules_apply_static_dev_perms(manager->rules);
-        if (r < 0)
-                log_error_errno(r, "failed to apply permissions on static device nodes: %m");
-
-        (void) sd_notify(false,
-                         "READY=1\n"
-                         "STATUS=Processing...");
-
-        r = sd_event_loop(manager->event);
-        if (r < 0) {
-                log_error_errno(r, "event loop failed: %m");
-                goto exit;
-        }
-
-        sd_event_get_exit_code(manager->event, &r);
-
-exit:
-        sd_notify(false,
-                  "STOPPING=1\n"
-                  "STATUS=Shutting down...");
-        if (manager)
-                udev_ctrl_cleanup(manager->ctrl);
-        return r;
-}
-
-int main(int argc, char *argv[]) {
-        _cleanup_free_ char *cgroup = NULL;
-        int fd_ctrl = -1, fd_uevent = -1;
-        int r;
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        r = parse_argv(argc, argv);
-        if (r <= 0)
-                goto exit;
-
-        r = parse_proc_cmdline(parse_proc_cmdline_item);
-        if (r < 0)
-                log_warning_errno(r, "failed to parse kernel command line, ignoring: %m");
-
-        if (arg_debug) {
-                log_set_target(LOG_TARGET_CONSOLE);
-                log_set_max_level(LOG_DEBUG);
-        }
-
-        if (getuid() != 0) {
-                r = log_error_errno(EPERM, "root privileges required");
-                goto exit;
-        }
-
-        if (arg_children_max == 0) {
-                cpu_set_t cpu_set;
-
-                arg_children_max = 8;
-
-                if (sched_getaffinity(0, sizeof(cpu_set), &cpu_set) == 0)
-                        arg_children_max += CPU_COUNT(&cpu_set) * 2;
-
-                log_debug("set children_max to %u", arg_children_max);
-        }
-
-        /* set umask before creating any file/directory */
-        r = chdir("/");
-        if (r < 0) {
-                r = log_error_errno(errno, "could not change dir to /: %m");
-                goto exit;
-        }
-
-        umask(022);
-
-        r = mac_selinux_init();
-        if (r < 0) {
-                log_error_errno(r, "could not initialize labelling: %m");
-                goto exit;
-        }
-
-        r = mkdir("/run/udev", 0755);
-        if (r < 0 && errno != EEXIST) {
-                r = log_error_errno(errno, "could not create /run/udev: %m");
-                goto exit;
-        }
-
-        dev_setup(NULL, UID_INVALID, GID_INVALID);
-
-        if (getppid() == 1) {
-                /* get our own cgroup, we regularly kill everything udev has left behind
-                   we only do this on systemd systems, and only if we are directly spawned
-                   by PID1. otherwise we are not guaranteed to have a dedicated cgroup */
-                r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup);
-                if (r < 0) {
-                        if (r == -ENOENT || r == -ENOMEDIUM)
-                                log_debug_errno(r, "did not find dedicated cgroup: %m");
-                        else
-                                log_warning_errno(r, "failed to get cgroup: %m");
-                }
-        }
-
-        r = listen_fds(&fd_ctrl, &fd_uevent);
-        if (r < 0) {
-                r = log_error_errno(r, "could not listen on fds: %m");
-                goto exit;
-        }
-
-        if (arg_daemonize) {
-                pid_t pid;
-
-                log_info("starting version " VERSION);
-
-                /* connect /dev/null to stdin, stdout, stderr */
-                if (log_get_max_level() < LOG_DEBUG)
-                        (void) make_null_stdio();
-
-                pid = fork();
-                switch (pid) {
-                case 0:
-                        break;
-                case -1:
-                        r = log_error_errno(errno, "fork of daemon failed: %m");
-                        goto exit;
-                default:
-                        mac_selinux_finish();
-                        log_close();
-                        _exit(EXIT_SUCCESS);
-                }
-
-                setsid();
-
-                write_string_file("/proc/self/oom_score_adj", "-1000", 0);
-        }
-
-        r = run(fd_ctrl, fd_uevent, cgroup);
-
-exit:
-        mac_selinux_finish();
-        log_close();
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/udev/v4l_id/Makefile b/src/udev/v4l_id/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/udev/v4l_id/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/update-done/Makefile b/src/update-done/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/update-done/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/update-utmp/Makefile b/src/update-utmp/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/update-utmp/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c
deleted file mode 100644
index 8ae4a8a833..0000000000
--- a/src/update-utmp/update-utmp.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/***
-  This file is part of systemd.
-
-  Copyright 2010 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#ifdef HAVE_AUDIT
-#include <libaudit.h>
-#endif
-
-#include "sd-bus.h"
-
-#include "alloc-util.h"
-#include "bus-error.h"
-#include "bus-util.h"
-#include "formats-util.h"
-#include "log.h"
-#include "macro.h"
-#include "special.h"
-#include "unit-name.h"
-#include "util.h"
-#include "utmp-wtmp.h"
-
-typedef struct Context {
-        sd_bus *bus;
-#ifdef HAVE_AUDIT
-        int audit_fd;
-#endif
-} Context;
-
-static usec_t get_startup_time(Context *c) {
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        usec_t t = 0;
-        int r;
-
-        assert(c);
-
-        r = sd_bus_get_property_trivial(
-                        c->bus,
-                        "org.freedesktop.systemd1",
-                        "/org/freedesktop/systemd1",
-                        "org.freedesktop.systemd1.Manager",
-                        "UserspaceTimestamp",
-                        &error,
-                        't', &t);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get timestamp: %s", bus_error_message(&error, r));
-                return 0;
-        }
-
-        return t;
-}
-
-static int get_current_runlevel(Context *c) {
-        static const struct {
-                const int runlevel;
-                const char *special;
-        } table[] = {
-                /* The first target of this list that is active or has
-                 * a job scheduled wins. We prefer runlevels 5 and 3
-                 * here over the others, since these are the main
-                 * runlevels used on Fedora. It might make sense to
-                 * change the order on some distributions. */
-                { '5', SPECIAL_GRAPHICAL_TARGET  },
-                { '3', SPECIAL_MULTI_USER_TARGET },
-                { '1', SPECIAL_RESCUE_TARGET     },
-        };
-
-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        int r;
-        unsigned i;
-
-        assert(c);
-
-        for (i = 0; i < ELEMENTSOF(table); i++) {
-                _cleanup_free_ char *state = NULL, *path = NULL;
-
-                path = unit_dbus_path_from_name(table[i].special);
-                if (!path)
-                        return log_oom();
-
-                r = sd_bus_get_property_string(
-                                c->bus,
-                                "org.freedesktop.systemd1",
-                                path,
-                                "org.freedesktop.systemd1.Unit",
-                                "ActiveState",
-                                &error,
-                                &state);
-                if (r < 0)
-                        return log_warning_errno(r, "Failed to get state: %s", bus_error_message(&error, r));
-
-                if (streq(state, "active") || streq(state, "reloading"))
-                        return table[i].runlevel;
-        }
-
-        return 0;
-}
-
-static int on_reboot(Context *c) {
-        int r = 0, q;
-        usec_t t;
-
-        assert(c);
-
-        /* We finished start-up, so let's write the utmp
-         * record and send the audit msg */
-
-#ifdef HAVE_AUDIT
-        if (c->audit_fd >= 0)
-                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
-                    errno != EPERM) {
-                        r = log_error_errno(errno, "Failed to send audit message: %m");
-                }
-#endif
-
-        /* If this call fails it will return 0, which
-         * utmp_put_reboot() will then fix to the current time */
-        t = get_startup_time(c);
-
-        q = utmp_put_reboot(t);
-        if (q < 0) {
-                log_error_errno(q, "Failed to write utmp record: %m");
-                r = q;
-        }
-
-        return r;
-}
-
-static int on_shutdown(Context *c) {
-        int r = 0, q;
-
-        assert(c);
-
-        /* We started shut-down, so let's write the utmp
-         * record and send the audit msg */
-
-#ifdef HAVE_AUDIT
-        if (c->audit_fd >= 0)
-                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
-                    errno != EPERM) {
-                        r = log_error_errno(errno, "Failed to send audit message: %m");
-                }
-#endif
-
-        q = utmp_put_shutdown();
-        if (q < 0) {
-                log_error_errno(q, "Failed to write utmp record: %m");
-                r = q;
-        }
-
-        return r;
-}
-
-static int on_runlevel(Context *c) {
-        int r = 0, q, previous, runlevel;
-
-        assert(c);
-
-        /* We finished changing runlevel, so let's write the
-         * utmp record and send the audit msg */
-
-        /* First, get last runlevel */
-        q = utmp_get_runlevel(&previous, NULL);
-
-        if (q < 0) {
-                if (q != -ESRCH && q != -ENOENT)
-                        return log_error_errno(q, "Failed to get current runlevel: %m");
-
-                previous = 0;
-        }
-
-        /* Secondly, get new runlevel */
-        runlevel = get_current_runlevel(c);
-
-        if (runlevel < 0)
-                return runlevel;
-
-        if (previous == runlevel)
-                return 0;
-
-#ifdef HAVE_AUDIT
-        if (c->audit_fd >= 0) {
-                _cleanup_free_ char *s = NULL;
-
-                if (asprintf(&s, "old-level=%c new-level=%c",
-                             previous > 0 ? previous : 'N',
-                             runlevel > 0 ? runlevel : 'N') < 0)
-                        return log_oom();
-
-                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 && errno != EPERM)
-                        r = log_error_errno(errno, "Failed to send audit message: %m");
-        }
-#endif
-
-        q = utmp_put_runlevel(runlevel, previous);
-        if (q < 0 && q != -ESRCH && q != -ENOENT) {
-                log_error_errno(q, "Failed to write utmp record: %m");
-                r = q;
-        }
-
-        return r;
-}
-
-int main(int argc, char *argv[]) {
-        Context c = {
-#ifdef HAVE_AUDIT
-                .audit_fd = -1
-#endif
-        };
-        int r;
-
-        if (getppid() != 1) {
-                log_error("This program should be invoked by init only.");
-                return EXIT_FAILURE;
-        }
-
-        if (argc != 2) {
-                log_error("This program requires one argument.");
-                return EXIT_FAILURE;
-        }
-
-        log_set_target(LOG_TARGET_AUTO);
-        log_parse_environment();
-        log_open();
-
-        umask(0022);
-
-#ifdef HAVE_AUDIT
-        /* If the kernel lacks netlink or audit support,
-         * don't worry about it. */
-        c.audit_fd = audit_open();
-        if (c.audit_fd < 0 && errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT)
-                log_error_errno(errno, "Failed to connect to audit log: %m");
-#endif
-        r = bus_connect_system_systemd(&c.bus);
-        if (r < 0) {
-                log_error_errno(r, "Failed to get D-Bus connection: %m");
-                r = -EIO;
-                goto finish;
-        }
-
-        log_debug("systemd-update-utmp running as pid "PID_FMT, getpid());
-
-        if (streq(argv[1], "reboot"))
-                r = on_reboot(&c);
-        else if (streq(argv[1], "shutdown"))
-                r = on_shutdown(&c);
-        else if (streq(argv[1], "runlevel"))
-                r = on_runlevel(&c);
-        else {
-                log_error("Unknown command %s", argv[1]);
-                r = -EINVAL;
-        }
-
-        log_debug("systemd-update-utmp stopped as pid "PID_FMT, getpid());
-
-finish:
-#ifdef HAVE_AUDIT
-        if (c.audit_fd >= 0)
-                audit_close(c.audit_fd);
-#endif
-
-        sd_bus_flush_close_unref(c.bus);
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
diff --git a/src/user-sessions/Makefile b/src/user-sessions/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/user-sessions/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
diff --git a/src/vconsole/Makefile b/src/vconsole/Makefile
deleted file mode 120000
index d0b0e8e008..0000000000
--- a/src/vconsole/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../Makefile
-\ No newline at end of file
author	Luke Shumaker <lukeshu@sbcglobal.net>	2016-07-23 21:55:51 -0400
committer	Luke Shumaker <lukeshu@sbcglobal.net>	2016-07-23 21:55:51 -0400
commit	481edcbe2f0b4706ae46d3f17596d81827390b72 (patch)
tree	bae4bde0de67fc9091d9ca3cc937a748829dbac6 /src
parent	0d1eb3d488d3df70d192a2cf595967e54138d0dc (diff)